No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Splicing a Common L3VPN with an EVPN L3VPN

Example for Splicing a Common L3VPN with an EVPN L3VPN

This section provides an example for splicing a common L3VPN with an EVPN L3VPN to implement communication between the two networks.

Networking Requirements

An L3VPN is deployed over the MAN and is being replaced with an EVPN. If a lot of devices are deployed on the MAN, end-to-end replacement may not be implemented at a time. Therefore, co-existence of the L3VPN and EVPN occurs during the network reconstruction. On the network shown in Figure 11-37, an L3VPN is deployed between the UPE and NPE1, and an EVPN is deployed between NPE1 and NPE2. To allow communication between the L3VPN and EVPN, configure the border device NPE1 between the two networks.

Figure 11-37 Splicing a Common L3VPN with an EVPN L3VPN
NOTE:

In this example, Interface 1 and Interface 2 refer to GE 0/1/0 and GE 0/2/0, respectively.



Table 11-9 Interface IP addresses

Device Name

Interface Name

IP Address and Mask

UPE

GE 0/1/0

10.1.1.1

GE 0/2/0

192.168.20.1/24

Loopback 1

1.1.1.1/32

NPE1

GE 0/1/0

10.1.1.2/24

GE 0/2/0

10.2.1.1/24

Loopback 1

2.2.2.2/32

NPE2

GE 0/1/0

10.2.1.2/24

GE 0/2/0

192.168.30.1/24

Loopback 1

3.3.3.3/32

Configuration Roadmap

The configuration roadmap is as follows:

  1. Deploy IGPs on the UPE, NPE1, and NPE2. In this example, OSPF runs between the UPE and NPE1, and IS-IS runs between NPE1 and NPE2.

  2. Configure MPLS LDP on the UPE, NPE1, and NPE2.

  3. Configure L3VPN instances on the UPE and NPE1, and establish a BGP VPNv4 connection between them.

  4. Establish a BGP EVPN connection between NPE1 and NPE2.

  5. Configure an L3VPN instance and binding it to an interface on NPE2 to access Layer 3 services.

  6. Enable NPE1 to regenerate routes.

Data Preparation

To complete the configuration, you need the following data:

  • MPLS LSR IDs of the UPE and NPEs

  • RDs of the L3VPN instances

  • Import and export VPN targets for the L3VPN instances

Procedure

  1. Assign an IP address to each device interface, including the loopback interfaces.

    For configuration details, see Configuration Files in this section.

  2. Deploy IGPs on the UPE, NPE1, and NPE2. In this example, OSPF runs between the UPE and NPE1, and IS-IS runs between NPE1 and NPE2.

    For configuration details, see Configuration Files in this section.

  3. Configure MPLS LDP on the UPE, NPE1, and NPE2.

    For configuration details, see Configuration Files in this section.

  4. Configure L3VPN instances on the UPE and NPE1, and establish a BGP VPNv4 connection between them.

    # Configure the UPE.

    [~UPE] ip vpn-instance vpn1
    [*UPE-vpn-instance-vpn1] ipv4-family
    [*UPE-vpn-instance-vpn1-af-ipv4] route-distinguisher 10:1
    [*UPE-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 both
    [*UPE-vpn-instance-vpn1-af-ipv4] quit
    [*UPE-vpn-instance-vpn1] quit
    [*UPE] interface GigabitEthernet 0/2/0
    [*UPE-GigabitEthernet0/2/0] ip binding vpn-instance vpn1
    [*UPE-GigabitEthernet0/2/0] ip address 192.168.20.1 255.255.255.0
    [*UPE-GigabitEthernet0/2/0] quit
    [*UPE] bgp 100
    [*UPE-bgp] peer 2.2.2.2 as-number 100
    [*UPE-bgp] peer 2.2.2.2 connect-interface LoopBack1
    [*UPE-bgp] ipv4-family vpnv4
    [*UPE-bgp-af-vpnv4] peer 2.2.2.2 enable
    [*UPE-bgp-af-vpnv4] quit
    [*UPE-bgp] ipv4-family vpn-instance vpn1
    [*UPE-bgp-vpn1] import-route direct
    [*UPE-bgp-vpn1] quit
    [*UPE] commit

    # Configure NPE1.

    [~NPE1] ip vpn-instance vpn1
    [*NPE1-vpn-instance-vpn1] ipv4-family
    [*NPE1-vpn-instance-vpn1-af-ipv4] route-distinguisher 11:11
    [*NPE1-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 both
    [*NPE1-vpn-instance-vpn1-af-ipv4] quit
    [*NPE1-vpn-instance-vpn1] quit
    [*NPE1] bgp 100
    [*NPE1-bgp] peer 1.1.1.1 as-number 100
    [*NPE1-bgp] peer 1.1.1.1 connect-interface LoopBack1
    [*NPE1-bgp] ipv4-family vpnv4
    [*NPE1-bgp-af-vpnv4] peer 1.1.1.1 enable
    [*NPE1-bgp-af-vpnv4] quit
    [*NPE1] commit

  5. Establish a BGP EVPN connection between NPE1 and NPE2.

    # Configure NPE1.

    [~NPE1] bgp 100
    [*NPE1-bgp] peer 3.3.3.3 as-number 100
    [*NPE1-bgp] peer 3.3.3.3 connect-interface LoopBack1
    [*NPE1-bgp] l2vpn-family evpn
    [*NPE1-bgp-af-evpn] peer 3.3.3.3 enable
    [*NPE1-bgp-af-evpn] quit
    [*NPE1-bgp] ipv4-family vpn-instance vpn1
    [*NPE1-bgp-vpn1] advertise l2vpn evpn
    [*NPE1] commit

    # Configure NPE2.

    [~NPE2] bgp 100
    [*NPE2-bgp] peer 2.2.2.2 as-number 100
    [*NPE2-bgp] peer 2.2.2.2 connect-interface LoopBack1
    [*NPE2-bgp] l2vpn-family evpn
    [*NPE2-bgp-af-evpn] peer 2.2.2.2 enable
    [*NPE2-bgp-af-evpn] quit
    [*NPE2] commit

  6. Configure an L3VPN instance and binding it to an interface on NPE2 to access Layer 3 services.

    [~NPE2] ip vpn-instance vpn1
    [*NPE2-vpn-instance-vpn1] ipv4-family
    [*NPE2-vpn-instance-vpn1-af-ipv4] route-distinguisher 20:2
    [*NPE2-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 both
    [*NPE2-vpn-instance-vpn1-af-ipv4] vpn-target 2:2 both evpn
    [*NPE2-vpn-instance-vpn1-af-ipv4] evpn mpls routing-enable
    [*NPE2-vpn-instance-vpn1-af-ipv4] quit
    [*NPE2-vpn-instance-vpn1] quit
    [*NPE2] interface GigabitEthernet 0/2/0
    [*NPE2-GigabitEthernet0/2/0] ip binding vpn-instance vpn1
    [*NPE2-GigabitEthernet0/2/0] ip address 192.168.30.1 24
    [*NPE2-GigabitEthernet0/2/0] quit
    [*NPE2] bgp 100
    [*NPE2-bgp] ipv4-family vpn-instance vpn1
    [*NPE2-bgp-vpn1] advertise l2vpn evpn
    [*NPE2-bgp-vpn1] import-route direct
    [*NPE2-bgp-vpn1] quit
    [*NPE2-bgp] quit
    [*NPE2] commit

  7. Enable NPE1 to regenerate routes.

    [~NPE1] ip vpn-instance vpn1
    [*NPE1-vpn-instance-vpn1] ipv4-family
    [*NPE1-vpn-instance-vpn1-af-ipv4] vpn-target 2:2 both evpn
    [*NPE1-vpn-instance-vpn1-af-ipv4] evpn mpls routing-enable
    [*NPE1-pn-instance-vpn1-af-ipv4] quit
    [*NPE1-vpn-instance-vpn1] quit
    [*NPE1] bgp 100
    [*NPE1-bgp] ipv4-family vpnv4
    [*NPE1-bgp-af-vpnv4] peer 1.1.1.1 reflect-client
    [*NPE1-bgp-af-vpnv4] peer 1.1.1.1 import reoriginate
    [*NPE1-bgp-af-vpnv4] peer 1.1.1.1 advertise route-reoriginated evpn mac-ip
    [*NPE1-bgp-af-vpnv4] peer 1.1.1.1 advertise route-reoriginated evpn ip
    [*NPE1-bgp-af-vpnv4] quit
    [*NPE1-bgp] l2vpn-family evpn
    [*NPE1-bgp-af-evpn] peer 3.3.3.3 advertise irb
    [*NPE1-bgp-af-evpn] peer 3.3.3.3 reflect-client
    [*NPE1-bgp-af-evpn] peer 3.3.3.3 import reoriginate
    [*NPE1-bgp-af-evpn] peer 3.3.3.3 advertise route-reoriginated vpnv4
    [*NPE1-bgp-af-evpn] quit
    [*NPE1-bgp] quit
    [*NPE1] commit

  8. Verify the configuration.

    Run the display bgp evpn all routing-table command on NPE2. The command output shows EVPN routes received from the UPE.

    [~NPE2] display bgp evpn all routing-table
    
     Local AS number : 100
    
     BGP Local router ID is 3.3.3.3
     Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
                   h - history,  i - internal, s - suppressed, S - Stale
                   Origin : i - IGP, e - EGP, ? - incomplete
    
    
     EVPN address family:
     Number of Mac Routes: 5
     Route Distinguisher: 20:2
           Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
     *>    0:48:3892-6c61-0300:0:0.0.0.0                          0.0.0.0
     *                                                            0.0.0.0
     *>    0:48:3892-6c61-0300:32:192.168.30.2                    0.0.0.0
     *>    0:48:38ba-16b3-9b05:0:0.0.0.0                          0.0.0.0
     *>    0:48:38ba-16b3-9b05:32:192.168.30.1                    0.0.0.0
        
    
     EVPN-Instance evrf1:
     Number of Mac Routes: 5
           Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
     *>    0:48:3892-6c61-0300:0:0.0.0.0                          0.0.0.0
     *                                                            0.0.0.0
     *>    0:48:3892-6c61-0300:32:192.168.30.2                    0.0.0.0
     *>    0:48:38ba-16b3-9b05:0:0.0.0.0                          0.0.0.0
     *>    0:48:38ba-16b3-9b05:32:192.168.30.1                    0.0.0.0
    
     EVPN address family:
     Number of Ip Prefix Routes: 4
     Route Distinguisher: 10:1
           Network(EthTagId/IpPrefix/IpPrefixLen)                 NextHop
     *>i   0:192.168.20.0:24                                   2.2.2.2
     Route Distinguisher: 10:2
           Network(EthTagId/IpPrefix/IpPrefixLen)                 NextHop
     *>i   0:192.168.20.0:24                                   2.2.2.2
     *>    0:192.168.30.0:24                                      0.0.0.0
     *>    0:192.168.30.1:32                                      0.0.0.0
        
    
     EVPN-Instance __RD_1_10_2__:
     Number of Ip Prefix Routes: 3
           Network(EthTagId/IpPrefix/IpPrefixLen)                 NextHop
     *>i   0:192.168.20.0:24                                   2.2.2.2
     *>    0:192.168.30.0:24                                      0.0.0.0
     *>    0:192.168.30.1:32                                      0.0.0.0

    Run the display ip routing-table vpn-instance vpn1 command on NPE2. The command output shows the VPN route.

    [~NPE2] display ip routing-table vpn-instance vpn1
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Table : vpn1
             Destinations : 5        Routes : 5         
    
    Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface
    
       192.168.20.0/24 IBGP    255  0             RD  2.2.2.2         GigabitEthernet0/1/0
       192.168.30.0/24  Direct  0    0             D   192.168.30.1    Vbdif10
       192.168.30.1/32  Direct  0    0             D   127.0.0.1       Vbdif10
     192.168.30.255/32  Direct  0    0             D   127.0.0.1       Vbdif10
    255.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0

Configuration Files

  • UPE configuration file

    #
    sysname UPE
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 10:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 1.1.1.1
    #
    mpls
    #               
    mpls ldp
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 10.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip binding vpn-instance vpn1
     ip address 192.168.20.1 255.255.255.0
    #
    interface LoopBack1
     ip address 1.1.1.1 255.255.255.255
    #
    bgp 100
     peer 2.2.2.2 as-number 100
     peer 2.2.2.2 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 2.2.2.2 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 2.2.2.2 enable
     #
     ipv4-family vpn-instance vpn1
      import-route direct
      peer 192.168.20.2 as-number 65410
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.1 0.0.0.0
      network 10.1.1.0 0.0.0.255
    #
    return
  • NPE1 configuration file

    #
    sysname NPE1
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 10:1
      vpn-target 1:1 export-extcommunity
      vpn-target 2:2 export-extcommunity evpn
      vpn-target 1:1 import-extcommunity
      vpn-target 2:2 import-extcommunity evpn
      evpn mpls routing-enable
    #
    mpls lsr-id 2.2.2.2
    #
    mpls
    #
    mpls ldp
    #
    isis 1
     network-entity 10.0000.0000.0002.00
    #               
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 10.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 10.2.1.1 255.255.255.0
     isis enable 1
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 2.2.2.2 255.255.255.255
     isis enable 1
    #
    bgp 100
     peer 1.1.1.1 as-number 100
     peer 1.1.1.1 connect-interface LoopBack1
     peer 3.3.3.3 as-number 100
     peer 3.3.3.3 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 1.1.1.1 enable
      peer 3.3.3.3 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 1.1.1.1 enable
      peer 1.1.1.1 reflect-client
      peer 1.1.1.1 import reoriginate
      peer 1.1.1.1 advertise route-reoriginated evpn mac-ip
      peer 1.1.1.1 advertise route-reoriginated evpn ip
     #
     ipv4-family vpn-instance vpn1
      advertise l2vpn evpn
     #
     l2vpn-family evpn
      undo policy vpn-target
      peer 3.3.3.3 enable
      peer 3.3.3.3 advertise irb
      peer 3.3.3.3 reflect-client
      peer 3.3.3.3 import reoriginate
      peer 3.3.3.3 advertise route-reoriginated vpnv4
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.2 0.0.0.0
      network 10.1.1.0 0.0.0.255
    #
    return
  • NPE2 configuration file

    #
    sysname NPE2
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 10:2
      vpn-target 1:1 export-extcommunity
      vpn-target 2:2 export-extcommunity evpn
      vpn-target 1:1 import-extcommunity
      vpn-target 2:2 import-extcommunity evpn
      evpn mpls routing-enable
    #
    mpls lsr-id 3.3.3.3
    #
    mpls
    #
    mpls ldp
    #
    isis 1
     network-entity 10.0000.0000.0003.00
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 10.2.1.2 255.255.255.0
     isis enable 1
     mpls
     mpls ldp       
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip binding vpn-instance vpn1
     ip address 192.168.30.1 255.255.255.0
    #
    interface LoopBack1
     ip address 3.3.3.3 255.255.255.255
     isis enable 1
    #
    bgp 100
     peer 2.2.2.2 as-number 100
     peer 2.2.2.2 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 2.2.2.2 enable
     #
     ipv4-family vpn-instance vpn1
      import-route direct
      advertise l2vpn evpn
     #
     l2vpn-family evpn
      undo policy vpn-target
      peer 2.2.2.2 enable
      peer 2.2.2.2 advertise irb
      peer 2.2.2.2 import reoriginate
      peer 2.2.2.2 advertise route-reoriginated evpn mac-ip
      peer 2.2.2.2 advertise route-reoriginated evpn ip
    #
    return
Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 33227

Downloads: 59

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next