No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a DCI Scenario with a VLAN Base Accessing an MPLS EVPN IRB

Example for Configuring a DCI Scenario with a VLAN Base Accessing an MPLS EVPN IRB

This section provides an example for configuring a DCI scenario with a VLAN base accessing an MPLS EVPN IRB. In this example, a data center gateway is connected to the DCI backbone network through an Ethernet sub-interface associated with a VLAN, and BGP EVPN is deployed on the DCI backbone network to implement data center interconnection.

Networking Requirements

The underlay VLAN access mode applies to traditional DCs that interconnect through the DCI network.

DC-GWs and DCI-PEs are separately deployed. The DCI-PEs consider the connected DC-GWs as CEs, receive VM IP routes from the DCs through a routing protocol, and save and maintain the received routes.

On the network shown in Figure 11-35, a VXLAN tunnel is established in each DC to implement intra-DC VM communication. An L3VPN instance is configured on each of the DCI-PEs, an Ethernet sub-interface is associated with a VLAN and bound to the L3VPN instance, and a BGP EVPN peer relationship is established between the DCI-PEs to implement VM communication between different DCs.

Figure 11-35 Configuring a DCI scenario with a VLAN Base accessing an MPLS EVPN IRB
NOTE:

In this example, Interface 1, Interface 2, and sub-interface1.1 refer to GE 0/1/0, GE 0/2/0, and GE 0/1/0.1, respectively.



Table 11-7 Interface IP addresses

Device Name

Interface Name

IP Address and Mask

DCI-PE1

GE 0/1/0.1

192.168.20.1/24

GE 0/2/0

192.168.1.1/24

Loopback 1

1.1.1.1/32

P

GE 0/1/0

192.168.1.2/24

GE 0/2/0

192.168.10.1/24

Loopback 1

2.2.2.2/32

DCI-PE2

GE 0/1/0.1

192.168.30.1/24

GE 0/2/0

192.168.10.2/24

Loopback 1

3.3.3.3/32

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure OSPF on the DCI backbone network to implement communication between DCI-PEs.

  2. Configure an MPLS TE tunnel on the DCI backbone network.

  3. Configure a VPN instance on each DCI-PE, bind the VPN instance to the DCI-PE interface that connects to a DC-GW, and apply a tunnel policy to the VPN instance.

  4. Configure DCI-PEs to establish EBGP peer relationships with DC-GWs and advertise IP prefix routes.

  5. Configure EVPN instances on the DCI-PEs and establish a BGP EVPN peer relationship between the DCI-PEs.

  6. Configure a source address on each DCI-PE.

Data Preparation

To complete the configuration, you need the following data:

  • MPLS LSR IDs of the DCI-PEs and P

  • RD of a VPN instance

  • Import and export VPN targets of the VPN instance

Procedure

  1. Assign an IP address to each node interface, including the loopback interfaces.

    For configuration details, see Configuration Files in this section.

  2. Configure an IGP on the DCI backbone network. OSPF is used in this example.

    For configuration details, see Configuration Files in this section.

  3. Configure an MPLS TE tunnel on the DCI backbone network.

    For configuration details, see Configuration Files in this section.

  4. Configure a VPN instance on each DCI-PE, bind the VPN instance to the DCI-PE interface that connects to a DC-GW, and apply a tunnel policy to the VPN instance.

    # Configure DCI-PE1.

    [~DCI-PE1] tunnel-policy te-lsp1
    [*DCI-PE1-tunnel-policy-te-lsp1] tunnel select-seq cr-lsp load-balance-number 1
    [*DCI-PE1-tunnel-policy-te-lsp1] quit
    [*DCI-PE1] ip vpn-instance vpn1
    [*DCI-PE1-vpn-instance-vpn1] ipv4-family
    [*DCI-PE1-vpn-instance-vpn1-af-ipv4] route-distinguisher 11:11
    [*DCI-PE1-vpn-instance-vpn1-af-ipv4] tnl-policy te-lsp1 evpn
    [*DCI-PE1-vpn-instance-vpn1-af-ipv4] vpn-target 11:1 both evpn
    [*DCI-PE1-vpn-instance-vpn1-af-ipv4] evpn mpls routing-enable
    [*DCI-PE1-vpn-instance-vpn1-af-ipv4] quit
    [*DCI-PE1-vpn-instance-vpn1] quit
    [*DCI-PE1] interface gigabitethernet 0/1/0.1
    [*DCI-PE1-GigabitEthernet0/1/0.1] vlan-type dot1q 10
    [*DCI-PE1-GigabitEthernet0/1/0.1] ip binding vpn-instance vpn1
    [*DCI-PE1-GigabitEthernet0/1/0.1] ip address 192.168.20.1 24
    [*DCI-PE1-GigabitEthernet0/1/0.1] quit
    [*DCI-PE1] commit

    # Configure DCI-PE2.

    [~DCI-PE2] tunnel-policy te-lsp1
    [*DCI-PE2-tunnel-policy-te-lsp1] tunnel select-seq cr-lsp load-balance-number 1
    [*DCI-PE2-tunnel-policy-te-lsp1] quit
    [*DCI-PE2] ip vpn-instance vpn1
    [*DCI-PE2-vpn-instance-vpn1] ipv4-family
    [*DCI-PE2-vpn-instance-vpn1-af-ipv4] route-distinguisher 11:11
    [*DCI-PE2-vpn-instance-vpn1-af-ipv4] tnl-policy te-lsp1 evpn
    [*DCI-PE2-vpn-instance-vpn1-af-ipv4] vpn-target 11:1 both evpn
    [*DCI-PE2-vpn-instance-vpn1-af-ipv4] evpn mpls routing-enable
    [*DCI-PE2-vpn-instance-vpn1-af-ipv4] quit
    [*DCI-PE2-vpn-instance-vpn1] quit
    [*DCI-PE2] interface gigabitethernet 0/1/0.1
    [*DCI-PE2-GigabitEthernet0/1/0.1] vlan-type dot1q 10
    [*DCI-PE2-GigabitEthernet0/1/0.1] ip binding vpn-instance vpn1
    [*DCI-PE2-GigabitEthernet0/1/0.1] ip address 192.168.30.1 24
    [*DCI-PE2-GigabitEthernet0/1/0.1] quit
    [*DCI-PE2] commit

  5. Configure DCI-PEs to establish EBGP peer relationships with DC-GWs and advertise IP prefix routes.

    # Configure DCI-PE1.

    [~DCI-PE1] bgp 100
    [*DCI-PE1-bgp] ipv4-family vpn-instance vpn1
    [*DCI-PE1-bgp-vpn1] peer 192.168.20.2 as-number 65410
    [*DCI-PE1-bgp-vpn1] advertise l2vpn evpn
    [*DCI-PE1-bgp-vpn1] import-route direct
    [*DCI-PE1-bgp-vpn1] quit
    [*DCI-PE1] commit

    # Configure DCI-PE2.

    [~DCI-PE2] bgp 100
    [*DCI-PE2-bgp] ipv4-family vpn-instance vpn1
    [*DCI-PE2-bgp-vpn1] peer 192.168.30.2 as-number 65420
    [*DCI-PE2-bgp-vpn1] advertise l2vpn evpn
    [*DCI-PE2-bgp-vpn1] import-route direct
    [*DCI-PE2-bgp-vpn1] quit
    [*DCI-PE2] commit

  6. Configure EVPN instances on the DCI-PEs and establish a BGP EVPN peer relationship between the DCI-PEs.

    # Configure DCI-PE1.

    [~DCI-PE1] evpn vpn-instance evrf1 bd-mode
    [*DCI-PE1-evpn-instance-evrf1] route-distinguisher 10:1
    [*DCI-PE1-evpn-instance-evrf1] vpn-target 11:1
    [*DCI-PE1-evpn-instance-evrf1] quit
    [*DCI-PE1] bridge-domain 10
    [*DCI-PE1-bd10] vxlan vni 200 split-horizon-mode
    [*DCI-PE1-bd10] evpn binding vpn-instance evrf1
    [*DCI-PE1-bd10] esi 0000.1111.1111.4444.5555
    [*DCI-PE1-bd10] quit
    [*DCI-PE1] bgp 100
    [*DCI-PE1-bgp] peer 3.3.3.3 as-number 100
    [*DCI-PE1-bgp] peer 3.3.3.3 connect-interface loopback 1
    [*DCI-PE1-bgp] l2vpn-family evpn
    [*DCI-PE1-bgp-af-evpn] peer 3.3.3.3 enable
    [*DCI-PE1-bgp-af-evpn] peer 3.3.3.3 advertise irb
    [*DCI-PE1-bgp-af-evpn] quit
    [*DCI-PE1-bgp] quit
    [*DCI-PE1] commit

    # Configure DCI-PE2.

    [~DCI-PE2] evpn vpn-instance evrf1 bd-mode
    [*DCI-PE2-evpn-instance-evrf1] route-distinguisher 10:1
    [*DCI-PE2-evpn-instance-evrf1] vpn-target 11:1
    [*DCI-PE2-evpn-instance-evrf1] quit
    [*DCI-PE2] bridge-domain 10
    [*DCI-PE2-bd10] vxlan vni 200 split-horizon-mode
    [*DCI-PE2-bd10] evpn binding vpn-instance evrf1
    [*DCI-PE2-bd10] esi 0000.1111.3333.4444.5555
    [*DCI-PE2-bd10] quit
    [*DCI-PE2] bgp 100
    [*DCI-PE2-bgp] peer 1.1.1.1 as-number 100
    [*DCI-PE2-bgp] peer 1.1.1.1 connect-interface loopback 1
    [*DCI-PE2-bgp] l2vpn-family evpn
    [*DCI-PE2-bgp-af-evpn] peer 1.1.1.1 enable
    [*DCI-PE2-bgp-af-evpn] peer 1.1.1.1 advertise irb
    [*DCI-PE2-bgp-af-evpn] quit
    [*DCI-PE2-bgp] quit
    [*DCI-PE2] commit

  7. Configure a source address on each DCI-PE.

    # Configure DCI-PE1.

    [~DCI-PE1] evpn source-address 1.1.1.1
    [*DCI-PE1] commit

    # Configure DCI-PE2.

    [~DCI-PE2] evpn source-address 3.3.3.3
    [*DCI-PE2] commit

  8. Verify the configuration.

    Run the display ip routing-table vpn-instance command on a DCI-PE. The command output shows the route destined for the loopback interface on the connected DC-GW. The following uses the command output on DCI-PE1 as an example.

    [~DCI-PE1] display ip routing-table vpn-instance vpn1
    Route Flags: R - relay, D - download
    to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Table : vpn1
             Destinations : 6        Routes : 6         
    
    Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface
    
            4.4.4.4/32  EBGP    255  0             RD  192.168.20.2    GigabitEthernet0/1/0.1
            5.5.5.5/32 IBGP    255  0            RD  3.3.3.3         Tunnel1/0/0
       192.168.20.0/24  Direct  0    0             D   192.168.20.1    GigabitEthernet0/1/0.1
       192.168.20.1/32  Direct  0    0             D   127.0.0.1       GigabitEthernet0/1/0.1
     192.168.20.255/32  Direct  0    0             D   127.0.0.1       GigabitEthernet0/1/0.1
    255.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0

Configuration Files

  • DCI-PE1 configuration file

    #
    sysname DCI-PE1
    #
    evpn vpn-instance evrf1 bd-mode
     route-distinguisher 10:1
     vpn-target 11:1 export-extcommunity
     vpn-target 11:1 import-extcommunity
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 11:11
      vpn-target 11:1 export-extcommunity evpn
      vpn-target 11:1 import-extcommunity evpn
      tnl-policy te-lsp1 evpn
      evpn mpls routing-enable
    #
    mpls lsr-id 1.1.1.1
    #
    mpls
     mpls te
     mpls rsvp-te
     mpls te cspf
    #
    bridge-domain 10
     vxlan vni 200 split-horizon-mode
     evpn binding vpn-instance evrf1
     esi 0000.1111.1111.4444.5555
    #
    interface GigabitEthernet0/1/0
     undo shutdown
    #
    interface GigabitEthernet0/1/0.1
     vlan-type dot1q 10
     ip binding vpn-instance vpn1
     ip address 192.168.20.1 255.255.255.0
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 192.168.1.1 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface LoopBack1
     ip address 1.1.1.1 255.255.255.255
    #
    interface Tunnel1/0/0
     ip address unnumbered interface LoopBack1
     tunnel-protocol mpls te
     destination 3.3.3.3
     mpls te tunnel-id 100
    #
    bgp 100
     peer 3.3.3.3 as-number 100
     peer 3.3.3.3 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 3.3.3.3 enable
     #
     ipv4-family vpn-instance vpn1
      peer 192.168.20.2 as-number 65410
      advertise l2vpn evpn
     #
     l2vpn-family evpn
      undo policy vpn-target
      peer 3.3.3.3 enable
      peer 3.3.3.3 advertise irb
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      network 1.1.1.1 0.0.0.0
      network 192.168.1.0 0.0.0.255
      mpls-te enable
    #
    tunnel-policy te-lsp1
     tunnel select-seq cr-lsp load-balance-number 1
    #
    evpn source-address 1.1.1.1
    #
    return
  • P configuration file

    #
    sysname P
    #
    mpls lsr-id 2.2.2.2
    #
    mpls
     mpls te
     mpls rsvp-te
     mpls te cspf
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 192.168.1.2 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 192.168.10.1 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface LoopBack1
     ip address 2.2.2.2 255.255.255.255
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      network 2.2.2.2 0.0.0.0
      network 192.168.1.0 0.0.0.255
      network 192.168.10.0 0.0.0.255
      mpls-te enable
    #
    return
  • DCI-PE2 configuration file

    #
    sysname DCI-PE2
    #
    evpn vpn-instance evrf1 bd-mode
     route-distinguisher 10:1
     vpn-target 11:1 export-extcommunity
     vpn-target 11:1 import-extcommunity
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 11:11
      vpn-target 11:1 export-extcommunity evpn
      vpn-target 11:1 import-extcommunity evpn
      tnl-policy te-lsp1 evpn
      evpn mpls routing-enable
    #
    mpls lsr-id 3.3.3.3
    #
    mpls
     mpls te
     mpls rsvp-te
     mpls te cspf
    #
    bridge-domain 10
     vxlan vni 200 split-horizon-mode
     evpn binding vpn-instance evrf1
     esi 0000.1111.3333.4444.5555
    #
    interface GigabitEthernet0/1/0
     undo shutdown
    #
    interface GigabitEthernet0/1/0.1
     vlan-type dot1q 10
     ip binding vpn-instance vpn1
     ip address 192.168.30.1 255.255.255.0
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 192.168.10.2 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface LoopBack1
     ip address 3.3.3.3 255.255.255.255
    #
    interface Tunnel1/0/0
     ip address unnumbered interface LoopBack1
     tunnel-protocol mpls te
     destination 1.1.1.1
     mpls te tunnel-id 100
    #
    bgp 100
     peer 1.1.1.1 as-number 100
     peer 1.1.1.1 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 1.1.1.1 enable
     #
     ipv4-family vpn-instance vpn1
      peer 192.168.30.2 as-number 65420
      advertise l2vpn evpn
     #
     l2vpn-family evpn
      undo policy vpn-target
      peer 1.1.1.1 enable
      peer 1.1.1.1 advertise irb
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      network 3.3.3.3 0.0.0.0
      network 192.168.10.0 0.0.0.255
      mpls-te enable
    #
    tunnel-policy te-lsp1
     tunnel select-seq cr-lsp load-balance-number 1
    #
    evpn source-address 3.3.3.3
    #
    return
  • GW1 configuration file

    See the configuration file of a DC device.

  • Device 1 configuration file

    See the configuration file of a DC device.

  • Device 2 configuration file

    See the configuration file of a DC device.

  • GW2 configuration file

    See the configuration file of a DC device.

  • Device 3 configuration file

    See the configuration file of a DC device.

  • Device 4 configuration file

    See the configuration file of a DC device.

Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 33569

Downloads: 59

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next