No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring the Access of LDP VPWS to the Public Network

Example for Configuring the Access of LDP VPWS to the Public Network

This part describes how to configure an LDP VPWS to access the public network.

Networking Requirements

As shown in Figure 10-12, the Martini VPWS (access network) consists of the UPE, the P, and the NPE. The CE accesses the public network through the VPWS.

  • VE 0/2/0 and VE 0/3/0 are created on the NPE, with VE 0/2/0 serving as the L2VE to terminate the VPWS and VE 0/3/0 serving as the L3VE to access the public network.

  • OSPF is used to advertise the public network routes, with the OSPF process ID being 2.

Figure 10-12 Networking diagram of configuring the Martini VPWS to public network
NOTE:
  • In this example, interface 1, interface 2, interface 3, interface 4, and sub-interface 1.1 are 0/1/0, GE0/1/0.1, GE0/2/0, VE0/2/0, and VE0/3/0, respectively.



Configuration Roadmap

The configuration roadmap is as follows:

  1. Create L2VE and L3VE interfaces on the NPE. Bind them to the same VE-Group.

  2. Configure a Martini VPWS, which involves:

    • Configure routing protocols for the devices (UPE, P, and NPE) on the access network to make the devices communicate, and enable MPLS.

    • Use the default tunnel policy and create LSPs to transmit service data.

    • Enable MPLS L2VPN and VCs on PEs and establish VCs.

  3. Configure the access of the CE to the public network.

Data Preparation

To complete the configuration, you need the following data:

  • VE-Group number

  • IP address for VE 0/3/0

Procedure

  1. Create two VE interfaces on the NPE, and bind them to the same VE-Group.

    # Create VE 0/2/0 to terminate the MPLS L2VPN.

    <HUAWEI> system-view
    [~HUAWEI] sysname NPE
    [*HUAWEI] commit
    [~NPE] interface virtual-ethernet0/2/0
    [*NPE-Virtual-Ethernet0/2/0] ve-group 1 l2-terminate
    [*NPE-Virtual-Ethernet0/2/0] quit
    [*NPE] commit

    # Create VE 0/3/0 to access the MPLS L3VPN.

    [*NPE] interface virtual-ethernet0/3/0
    [*NPE-Virtual-Ethernet0/3/0] ve-group 1 l3-access
    [*NPE-Virtual-Ethernet0/3/0] quit
    [*NPE] commit

    After the configuration is complete, run the display virtual-ethernet ve-group command. You can view the binding relationship between VE interfaces and a VE-Group.

    [NPE] display virtual-ethernet ve-group
     Ve-groupID    TerminateVE                   AccessVE  
     1               Virtual-Ethernet0/2/0   Virtual-Ethernet0/3/0
    Total 1, 1 printed

  2. Run an IGP on the VPWS access network. OSPF is used in the example. The configuration details are not mentioned here.

    Configure the addresses for the interfaces of the UPE, the P, and the NPE according to Figure 10-12. When configuring OSPF, advertise the 32-bit loopback interface addresses of the UPE, the P, and the NPE.

    For more configurations, see "Configuration Files."

  3. Configure basic MPLS functions and LDP on the access network.

    # Configure the UPE.

    <HUAWEI> system-view
    [~HUAWEI] sysname UPE
    [*HUAWEI] commit
    [~UPE] mpls lsr-id 1.1.1.9
    [*UPE] mpls
    [*UPE-mpls] quit
    [*UPE] mpls ldp
    [*UPE-mpls-ldp] quit
    [*UPE] interface gigabitethernet 0/2/0
    [*UPE-GigabitEthernet0/2/0] mpls
    [*UPE-GigabitEthernet0/2/0] mpls ldp
    [*UPE-GigabitEthernet0/2/0] quit
    [*UPE] commit

    # Configure the P.

    <HUAWEI> system-view
    [~HUAWEI] sysname P
    [*HUAWEI] commit
    [~P] mpls lsr-id 2.2.2.9
    [*P] mpls
    [*P-mpls] quit
    [*P] mpls ldp
    [*P-mpls-ldp] quit
    [*P] interface gigabitethernet 1/0/0
    [*P-GigabitEthernet1/0/0] mpls
    [*P-GigabitEthernet1/0/0] mpls ldp
    [*P-GigabitEthernet1/0/0] quit
    [*P] interface gigabitethernet 2/0/0
    [*P-GigabitEthernet2/0/0] mpls
    [*P-GigabitEthernet2/0/0] mpls ldp
    [*P-GigabitEthernet2/0/0] quit
    [*P] commit

    # Configure the NPE.

    [~NPE] mpls lsr-id 3.3.3.9
    [*NPE] mpls
    [*NPE-mpls] quit
    [*NPE] mpls ldp
    [*NPE-mpls-ldp] quit
    [*NPE] interface gigabitethernet 0/2/0
    [*NPE-GigabitEthernet0/2/0] mpls
    [*NPE-GigabitEthernet0/2/0] mpls ldp
    [*NPE-GigabitEthernet0/2/0] quit
    [*NPE] commit

  4. Establish a remote LDP session between the UPE and the NPE.

    # Configure the UPE.

    [~UPE] mpls ldp remote-peer 1
    [*UPE-mpls-ldp-remote-1] remote-ip 3.3.3.9
    [*UPE-mpls-ldp-remote-1] quit
    [*UPE] commit

    # Configure the NPE.

    [~NPE] mpls ldp remote-peer 1
    [*NPE-mpls-ldp-remote-1] remote-ip 1.1.1.9
    [*NPE-mpls-ldp-remote-1] quit
    [*NPE] commit

  5. Enable MPLS L2VPN on the UPE and NPE, and establish VCs.

    # Configure the UPE.

    [~UPE] mpls l2vpn
    [*UPE-l2vpn] quit
    [*UPE] interface gigabitethernet 0/1/0.1
    [*UPE-GigabitEthernet0/1/0.1] shutdown
    [*UPE-GigabitEthernet0/1/0.1] vlan-type dot1q 10
    [*UPE-GigabitEthernet0/1/0.1] mpls l2vc 3.3.3.9 101
    [*UPE-GigabitEthernet0/1/0.1] undo shutdown
    [*UPE-GigabitEthernet0/1/0.1] quit
    [*UPE] commit

    # Configure the NPE.

    [~NPE] mpls l2vpn
    [*NPE-l2vpn] quit
    [*NPE] interface virtual-ethernet0/2/0.1
    [*NPE-Virtual-Ethernet0/2/0.1] vlan-type dot1q 1
    [*NPE-Virtual-Ethernet0/2/0.1] mpls l2vc 1.1.1.9 101
    [*NPE-Virtual-Ethernet0/2/0.1] quit
    [*NPE] commit

  6. Verify the configuration.

    Check the L2VPN connection on the PE. You can view that an L2VC in the Up state is set up.

    Take the display on the NPE as an example.

    [~NPE] display mpls l2vc
    Total ldp vc : 1     1 up       0 down
     *Client Interface          : Virtual-Ethernet0/2/0.1 is up
      Administrator PW          : no
      Session State             : up
      AC Status                 : up
      Ignore AC state           : disable
      VC State                  : up
      Label state               : 0
      Token state               : 0
      VC ID                     : 101
      VC Type                  : vlan
      Destination               : 1.1.1.9
      local VC label            : 140288       remote VC label      : 140292
      control word              : disable
      remote control word       : disable
      forwarding entry          : exist
      local group ID            : 0
      remote group ID           : 0
      local AC OAM State        : up
      local PSN OAM State       : up
      local forwarding state    : forwarding
      local status code         : 0x0
      remote AC OAM state       : up
      remote PSN OAM state      : up
      remote forwarding state   : forwarding
      remote status code        : 0x0
      ignore standby state      : no
      BFD for PW                : unavailable
      VCCV State                : up
      manual fault              : not set
      active state              : active
      OAM Protocol              : --
      OAM Status                : --
      OAM Fault Type            : --
      PW APS ID                 : --
      PW APS Status             : --
      TTL Value                 : 1
      link state                : up
      local VC MTU              : 1500         remote VC MTU        : 1500
      local VCCV                : alert ttl lsp-ping bfd
      remote VCCV               : alert ttl lsp-ping bfd
      tunnel policy name        : --
      PW template name          : --
      primary or secondary      : primary
      load balance type         : flow
      Access-port               : false
      Switchover Flag           : false
      VC tunnel info            : 1 tunnels
        NO.0  TNL type          : ldp   , TNL ID : 0x0000000001004c4e42
      create time               : 0 days, 0 hours, 30 minutes, 18 seconds
      up time                   : 0 days, 0 hours, 0 minutes, 0 seconds
      last change time          : 0 days, 0 hours, 30 minutes, 18 seconds
      VC last up time           : 2013/07/24 12:31:31
      VC total up time          : 0 days, 2 hours, 12 minutes, 51 seconds
      CKey                      : 11                                                   
      NKey                      : 10     
      PW redundancy mode        : frr
      AdminPw interface         : --
      AdminPw link state        : --
      Forward state             : send inactive, receive inactive 
      Diffserv Mode             : uniform
      Service Class             : --
      Color                     : --
      DomainId                  : --
      Domain Name               : --

  7. Configure the access of the CE to the public network.

    # Configure the NPE.

    [~NPE] interface virtual-ethernet0/3/0.1
    [*NPE-Virtual-Ethernet0/3/0.1] vlan-type dot1q 1
    [*NPE-Virtual-Ethernet0/3/0.1] ip address 10.10.1.2 24
    [*NPE-Virtual-Ethernet0/3/0.1] quit
    [*NPE] ospf 2
    [*NPE-ospf-2] area 0
    [*NPE-ospf-2-area-0.0.0.0] network 10.10.1.0 0.0.0.255
    [*NPE-ospf-2-area-0.0.0.0] quit
    [*NPE-ospf-2] quit
    [*NPE] commit

    Configure the CE.

    <HUAWEI> system-view
    [~HUAWEI] sysname CE
    [*HUAWEI] commit
    [~CE] interface gigabitethernet0/1/0.1
    [*CE-GigabitEthernet0/1/0.1] vlan-type dot1q 10
    [*CE-GigabitEthernet0/1/0.1] ip address 10.10.1.1 24
    [*CE-GigabitEthernet0/1/0.1] quit
    [*CE] ospf 2
    [*CE-ospf-2] area 0
    [*CE-ospf-2-area-0.0.0.0] network 10.10.1.0 0.0.0.255
    [*CE-ospf-2-area-0.0.0.0] quit
    [*CE-ospf-2] quit
    [*CE] commit

  8. Verify the configuration.

    # The CE and NPE can ping each other successfully through VE 0/3/0.

    Take the CE as example:

    [~CE] ping 10.10.1.2
      PING 10.10.1.2: 56  data bytes, press CTRL_C to break
        Reply from 10.10.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms
        Reply from 10.10.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms
        Reply from 10.10.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms
        Reply from 10.10.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms
        Reply from 10.10.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms
      --- 10.10.1.2 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
    round-trip min/avg/max = 2/15/31 ms

Configuration Files

  • Configuration file of the UPE

    #
     sysname UPE
    #
     mpls lsr-id 1.1.1.9
     mpls
    #
     mpls l2vpn
    #
    mpls ldp
    #
     mpls ldp remote-peer 1
     remote-ip 3.3.3.9
    #
    interface GigabitEthernet0/1/0
     undo shutdown
    #
    interface GigabitEthernet0/1/0.1
     vlan-type dot1q 10
     mpls l2vc 3.3.3.9 101
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 10.2.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 10.2.1.0 0.0.0.255
    #
    return
  • Configuration file of the P

    #
     sysname P
    #
     mpls lsr-id 2.2.2.9
     mpls
    #
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     undo shutdown
     ip address 10.2.2.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     undo shutdown
     ip address 10.2.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 10.2.1.0 0.0.0.255
      network 10.2.2.0 0.0.0.255
    #
    return
  • Configuration file of the NPE

    #
     sysname NPE
    #
     mpls lsr-id 3.3.3.9
     mpls
    #
     mpls l2vpn
    #
    mpls ldp
    #
     mpls ldp remote-peer 1
     remote-ip 1.1.1.9
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 10.2.2.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Virtual-Ethernet0/2/0
     ve-group 1 l2-terminate
    #
    #
    interface Virtual-Ethernet0/2/0.1
     vlan-type dot1q 1
     mpls l2vc 1.1.1.9 101
    #
    interface Virtual-Ethernet0/3/0
     ve-group 1 l3-access
    #
    interface Virtual-Ethernet0/3/0.1
      vlan-type dot1q 1
      ip address 10.10.1.2 255.255.255.0
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 10.2.2.0 0.0.0.255
    #
    ospf 2
    area 0.0.0.0
    network 10.10.1.0 0.0.0.255
    #
    return
  • Configuration file of the CE

    #
     sysname CE
    #
    interface GigabitEthernet0/1/0
     undo shutdown
    #
    interface GigabitEthernet0/1/0.1
     vlan-type dot1q 10
     ip address 10.10.1.1 255.255.255.0
    #
    ospf 2
     area 0.0.0.0
       network 10.10.1.0 0.0.0.255
    #
    return
Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 32492

Downloads: 59

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next