No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Inter-AS IPv6 VPN-Option C (Solution 1)

Configuring Inter-AS IPv6 VPN-Option C (Solution 1)

EBGP connections in multi-hop mode are established between PEs of different ASs to exchange VPNv6 routes.

Applicable Environment

If the MPLS backbone network carrying VPN-IPv6 routes crosses multiple ASs, the inter-AS VPN is needed.

If each AS has a large amount of VPN-IPv6 routes to be exchanged, the VPN-Option C can be adopted to prevent the ASBR becoming a bottleneck of the network. Two solutions can be adopted to realize inter-AS VPN-Option C:

  • Solution 1: After learning the labeled BGP routes of the public network in the remote AS from the remote ASBR, the local ASBR allocates labels for these routes and advertises these routes to the IBGP peer that supports the label switching capability. A complete LSP is set up as a result.
  • Solution 2: The IBGP peer relationship between the PE and ASBR is not needed. In this solution, an ASBR learns the labeled public BGP routes of the remote AS from the peer ASBR. Then these labeled public BGP routes are imported to IGP to trigger the establishment of an LDP LSP. This process can establish a complete LDP LSP between the two PEs.
NOTE:

In inter-AS IPv6 VPN-Option C, do not enable LDP between ASBRs.If LDP is enabled on the interfaces between ASBRs, LDP sessions are then established between the ASBRs. In this case, the ASBRs establish an egress LSP and send Mapping messages to the upstream ASBR. After receiving Mapping messages, the upstream ASBR establishes a transit LSP. When there are high-volume BGP routes, enabling LDP on the interfaces between ASBRs leads to the occupation of a large number of LDP labels.

Pre-configuration Tasks

Before configuring inter-AS IPv6 VPN-Option C, complete the following tasks:

  • Configuring IGP for MPLS backbone networks in each AS to realize IP connectivity of the backbones in one AS

  • Configuring basic MPLS capability for the MPLS backbone network

  • Configuring MPLS LDP and establishing LSP between a PE and an ASBR in the same AS

  • Configuring the IBGP peer relationship between the PE and the ASBR of the same AS

  • Configuring a VPN Instance on the PE devices connected to the CE devices and Binding Interfaces to a VPN Instance

  • Configuring the IPv6 addresses of the CE interfaces through which the CE accesses the PE

Configuration Procedures

You can choose to perform the following configuration tasks (except "Checking the Configuration") according to the applicable environment.

Enabling Exchange of the IPv4 Routes with Labels

In inter-AS IPv6 VPN Option C, an inter-AS BGP LSP needs to be established on the backbone network, and BGP peers on the backbone network can exchange labeled IPv4 routes with each other.

Procedure

  • Configuring the PE
    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run peer ipv4-address label-route-capability

      The exchange of the labeled IPv4 routes with the ASBR in the same AS is enabled.

    4. Run commit

      The configuration is committed.

  • Configuring the ASBR
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The view of the interface connected to the peer ASBR is displayed.

    3. Run ip address ip-address { mask | mask-length }

      The IPv4 address of the interface is configured.

    4. Run mpls

      The MPLS capability is enabled.

    5. Run commit

      The configuration is committed.

    6. Run quit

      Return to the system view.

    7. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    8. Run peer ipv4-address label-route-capability

      The Capability of exchanging the labeled IPv4 routes with the PE of the same AS is enabled.

      In the Option C solution, you must establish an inter-AS VPN LSP. The related PEs and the ASBRs exchange public network routes with the MPLS labels.

      The ASBR establishes an EBGP peer relationship with the remote ASBR to switch labeled IPv4 routes.

      The public network routes with the MPLS labels are advertised by the MP-BGP. According to relevant standards (Carrying Label Information in BGP-4), the label mapping information of a route is carried by advertising BGP updates. This feature is implemented through BGP extension attributes, which requires BGP peers to process the labeled IPv4 routes.

    9. Run peer ipv4-address as-number { as-number-plain | as-number-dot }

      The peer ASBR is specified as the EBGP peer.

    10. Run peer ipv4-address label-route-capability

      The exchange of the labeled IPv4 routes with the peer ASBR is enabled.

    11. Run commit

      The configuration is committed.

Configuring a Routing Policy to Control Label Distribution

You need to configure a routing policy to control label allocation for the inter-AS BGP LSP. If labeled IPv4 routes are advertised to the PE of the local AS, you need to re-allocate the MPLS label to these routes. If routes sent by the PE of the local AS are advertised to the peer ASBR, you need to allocate the MPLS label to these routes.

Context

The MPLS label distribution for IPv4 routes is controlled by the routing policy. Labels are distributed to the routes that satisfy certain requirements.

Perform the following steps on the ASBR:

Procedure

  • Creating a Routing Policy
    1. Run system-view

      The system view is displayed.

    2. Run route-policy policy-name1 permit node seq-number

      The routing policy applied to the local PE is created.

      For labeled IPv4 routes advertised to PEs in the same AS, the ASBR re-allocates MPLS labels to the routes.

    3. Run if-match mpls-label

      The IPv4 routes with labels are matched.

    4. Run apply mpls-label

      The label is allocated to the IPv4 route.

      mpls-label

    5. Run quit

      Return to the system view.

    6. Run route-policy policy-name2 permit node seq-number

      The routing policy applied to the peer ASBR is created.

      The MPLS labels are allocated to the routes that are received from the PEs in the same AS and are sent to the peer ASBR.

    7. Run apply mpls-label

      The label is allocated to the IPv4 route.

    8. Run commit

      The configuration is committed.

  • Applying Routing Policies
    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run peer ipv4-address route-policy policy-name1 export

      The routing policy adopted when the route is advertised to the local PE is configured.

    4. Run peer ipv4-address route-policy policy-name2 export

      The routing policy adopted when the route is advertised to the peer ASBR is configured.

    5. Run commit

      The configuration is committed.

Establishing the MP-EBGP Peer Between PEs

With extended community attributes added to BGP, MP-IBGP can advertise VPNv4 routes between PEs. PEs of different ASs are indirectly connected in most cases. Therefore, to set up the EBGP connections between them, you need to configure the permitted maximum hops between the PEs and ensure that the PEs are reachable.

Procedure

  • Configure a PE to advertise its loopback interface IP addresses used for peer relationship establishment to the ASBRs of other ASs and peer PEs. You can also configure an ASBR to send the loopback interface IP addresses of a PE used for peer relationship establishment to the ASBRs of other ASs and peer PEs.

    NOTE:

    If you want to use inter-AS TE tunnels to transmit traffic in inter-AS Option C networking, perform the following steps on PEs, so that the loopback interface IP addresses of PEs used for peer relationship establishment can be advertised to peer PEs.

    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run network ip-address [ mask | mask-length ] [ route-policy route-policy-name ]

      The loopback address of the PE in the local AS is advertised to the remote ASBR.

    4. Run commit

      The configuration is committed.

  • Perform the following steps on the PE that is connected to a CE
    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run peer ipv4-address as-number { as-number-plain | as-number-dot }

      The peer PE is specified as the EBGP peer.

    4. Run peer ipv4-address connect-interface loopback interface-number

      The source interface that sends BGP packets is specified.

    5. Run peer ipv4-address ebgp-max-hop [ hop-count ]

      The maximum hop of the EBGP peer is configured.

      PEs of different ASs are generally not directly connected. To set up the EBGP peer between PEs of different ASs, configure the maximum hop between PEs and ensure the PEs are reachable.

    6. Run ipv6-family vpnv6

      The BGP-VPNv6 address family view is displayed.

    7. Run peer ipv4-address enable

      The exchange of VPNv6 routes with the peer PE is enabled.

    8. Run commit

      The configuration is committed.

  • (Optional) Configuring Route Reflector (RR)

    To improve scalability, specify an RR in each AS and establish MP-EBGP peer relationships between the RRs in ASs to save all VPNv6 routes on the RRs. Then configure PEs in each AS as the RR's clients to exchange VPNv6 routing information with the RR. Perform the following steps on a device that needs to be configured as an RR:

    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run peer ipv4-address1 as-number { as-number-plain | as-number-dot }

      The RR in another AS is configured as its EBGP peer.

    4. Run peer ipv4-address1 connect-interface loopback interface-number

      The source interface that sends BGP packets is specified.

    5. Run peer ipv4-address1 ebgp-max-hop [ hop-count ]

      The maximum number of hops between RRs for which an EBGP peer relationship is to be configured is specified.

    6. Run ipv6-family vpnv6

      The BGP-VPNv6 address family view is displayed.

    7. Run peer ipv4-address1 enable

      The exchange of VPNv6 routes with the peer RR is enabled.

    8. Run peer ipv4-address2 reflect-client

      The device is configured as an RR, and PEs are specified as its clients.

    9. Run peer ipv4-address1 next-hop-invariable

      The next hop is not changed when the route is advertised to the EBGP peer.

    10. Run peer ipv4-address2 next-hop-invariable

      The next hop is not changed when the route is advertised to the IBGP peer.

    11. Run commit

      The configuration is committed.

Configuring Route Exchange PE and CE

The routing protocol between a PE and a CE can be BGP4+, static route, RIPng, OSPFv3, or IS-ISv6.

Context

Choose one of the following configurations as required. For detailed configurations, see Configuring Route Exchange Between PEs and CEs.
  • Configuring BGP4+ Between PE and CE

  • Configuring Static Routes Between PE and CE

  • Configuring RIPng Between PE and CE

  • Configuring OSPFv3 Between PE and CE

  • Configuring IS-ISv6 Between PE and CE

Verifying the Configuration of Inter-AS IPv6 VPN-Option C (Solution 1)

After inter-AS IPv6 VPN Option C is configured, you can view information about all BGP peer relationships, VPNv6 routing information and IPv6 VPN routing information on the PE, and information about labeled IPv4 routes on the ASBR.

Prerequisites

The Inter-AS IPv6 VPN-Option C function has been configured.

Procedure

  • Run the display bgp vpnv6 all peer command to check the BGP peers on the PE.
  • Run the display bgp vpnv6 all routing-table command to check the VPNv6 routing table on the PE.
  • Run the display bgp routing-table label command to check information about the labels of the IPv4 routes on the ASBR.
  • Run the display ipv6 routing-table vpn-instance [ vpn-instance-name ] command to check the VPN-IPv6 routing table on the PE.

Example

Run the display bgp vpnv6 all peer command on the PE. If the status of the EBGP peer between PEs is "Established", it means the configuration succeeds.

[~PE] display bgp vpnv6 all peer
 BGP local router ID : 172.1.1.2
 Local AS number : 100
 Total number of peers : 2                 Peers in established state : 2

  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv
  4.4.4.9         4         200       64       90     0 01:12:19 Established        1

  Peer of IPv6-family for vpn instance :

  VPN-Instance vpn1 :
  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv
  2001::1         4       65001       92       95     0 01:17:14 Established        1

Running the display bgp vpnv6 all routing-table command on the PE, you can view that the PE has the VPNv6 routes.

[~PE] display bgp vpnv6 all routing-table
 BGP Local router ID is 172.1.1.2
 Status codes: * - valid, > - best, d - damped, x - best external,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete
 RPKI validation codes: V - valid, I - invalid, N - not-found


 Total number of routes from all PE: 3
 Route Distinguisher: 100:1

 *>    Network  : 2001::                                   PrefixLen : 64
       NextHop  : ::                                       LocPrf    :
       MED      : 0                                        PrefVal   : 0
       Label    : NULL/32829
       Path/Ogn :  ?
 *>    Network  : 2001::2                                  PrefixLen : 128
       NextHop  : ::                                       LocPrf    :
       MED      : 0                                        PrefVal   : 0
       Label    :
       Path/Ogn :  ?
 Route Distinguisher: 200:1

 *>    Network  : 2002::                                   PrefixLen : 64
       NextHop  : ::FFFF:4.4.4.9                           LocPrf    :
       MED      : 0                                        PrefVal   : 0
       Label    : 32829/NULL
       Path/Ogn : 200?

 VPN-Instance vpn1 :

 Total Number of Routes: 4
 *>    Network  : 2001::                                   PrefixLen : 64
       NextHop  : ::                                       LocPrf    :
       MED      : 0                                        PrefVal   : 0
       Label    :
       Path/Ogn :  ?
 *
       NextHop  : 2001::1                                  LocPrf    :
       MED      : 0                                        PrefVal   : 0
       Label    :
       Path/Ogn : 65001?
 *>    Network  : 2001::2                                  PrefixLen : 128
       NextHop  : ::                                       LocPrf    :
       MED      : 0                                        PrefVal   : 0
       Label    :
       Path/Ogn :  ?
 *>    Network  : 2002::                                   PrefixLen : 64
       NextHop  : ::FFFF:4.4.4.9                           LocPrf    :
       MED      : 0                                        PrefVal   : 0
       Label    : 32829/NULL
       Path/Ogn : 200?

Run the display bgp routing-table label command on the ASBR. If information about the label of the IPv4 route is displayed, it means the configuration succeeds.

[~ASBR] display bgp routing-table label
 BGP Local router ID is 172.1.1.1
 Status codes: * - valid, > - best, d - damped, x - best external,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete
 RPKI validation codes: V - valid, I - invalid, N - not-found


 Total Number of Routes: 2
        Network           NextHop           In/Out Label

 *>     1.1.1.9           0.0.0.0           32829/NULL
 *>     4.4.4.9           192.1.1.2         32830/32858

Run the display ipv6 routing-table vpn-instance [ vpn-instance-name ] command on the PE. If the VPN routes to related CEs are displayed, it means the configuration succeeds.

[~PE] display ipv6 routing-table vpn-instance vpn1
Routing Table : vpn1
         Destinations : 4        Routes : 4

Destination  : 2001::                                  PrefixLength : 64
NextHop      : 2001::2                                 Preference   : 0
Cost         : 0                                       Protocol     : Direct
RelayNextHop : ::                                      TunnelID     : 0x0
Interface    : GigabitEthernet0/1/0                    Flags        : D

Destination  : 2001::2                                 PrefixLength : 128
NextHop      : ::1                                     Preference   : 0
Cost         : 0                                       Protocol     : Direct
RelayNextHop : ::                                      TunnelID     : 0x0
Interface    : GigabitEthernet0/2/0                    Flags        : D

Destination  : 2002::                                  PrefixLength : 64
NextHop      : ::FFFF:4.4.4.9                          Preference   : 255
Cost         : 0                                       Protocol     : EBGP
RelayNextHop : --                                      TunnelID     : BGP LSP
Interface    : BGP LSP                                 Flags        : RD

Destination  : FE80::                                  PrefixLength : 10
NextHop      : ::                                      Preference   : 0
Cost         : 0                                       Protocol     : Direct
RelayNextHop : ::                                      TunnelID     : 0x0
Interface    : NULL0                                   Flags        : D
Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 33092

Downloads: 59

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next