No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a DCI Scenario with an E2E VXLAN EVPN Deployed on a Gateway

Example for Configuring a DCI Scenario with an E2E VXLAN EVPN Deployed on a Gateway

This section provides an example for configuring a DCI scenario with an E2E VXLAN EVPN deployed on a gateway. In this example, an E2E VXLAN tunnel is established between DC-GWs, and an L3VPN is deployed over the DCI backbone network to transmit VXLAN packets.

Networking Requirements

In Figure 11-27, data center gateway devices GW1 and GW2 are connected to the DCI backbone network. To allow inter-data center VM communication (for example, VMa1 and VMb2 communication), BGP/MPLS IP VPN functions must be deployed on the DCI backbone network, and a VXLAN tunnel must be established between GW1 and GW2.

Figure 11-27 Configuring an e2e VXLAN EVPN deployed on a gateway
NOTE:

In this example, Interface 1 and Interface 2 stand for GE 0/1/0 and GE 0/2/0, respectively.



Table 11-1 Interface IP addresses

Device

Interface Name

IP Address

DCI-PE1

GigabitEthernet 0/1/0

192.168.20.1/24

GigabitEthernet 0/2/0

192.168.1.1/24

LoopBack1

1.1.1.1/32

P

GigabitEthernet 0/1/0

192.168.1.2/24

GigabitEthernet 0/2/0

192.168.10.1/24

LoopBack1

2.2.2.2/32

DCI-PE2

GigabitEthernet 0/1/0

192.168.30.1/24

GigabitEthernet 0/2/0

192.168.10.2/24

LoopBack1

3.3.3.3/32

Configuration Roadmap

The configuration roadmap is as follows:

  1. Enable OSPF on the DCI backbone network for DCI-PEs to communicate with each other.

  2. Configure an MPLS TE tunnel on the DCI backbone network.

  3. Configure a VPN instance on each DCI-PE and bind the interface connected to a GW to the VPN instance.

  4. Establish an MP-IBGP peer relationship between DCI-PEs for them to exchange VPNv4 routes.

  5. Establish an EBGP peer relationship between each DCI-PE and its connected GW for them to exchange VPNv4 routes.

Data Preparation

To complete the configuration, you need the following data:

  • MPLS LSR IDs of the DCI-PEs and P

  • Route distinguisher (RD) of a VPN instance

  • VPN target

Procedure

  1. Assign an IP address to each interface on each node, and configure loopback interface addresses.

    For configuration details, see Configuration Files in this section.

  2. Configure an IGP on the DCI backbone network. OSPF is used as an IGP in this example.

    For configuration details, see Configuration Files in this section.

  3. Configure an MPLS TE tunnel on the DCI backbone network.

    For configuration details, see Configuration Files in this section.

  4. Configure VPN instances on DCI-PEs, connect GWs to the DCI-PEs, and apply a tunnel policy.

    # Configure DCI-PE1.

    [~DCI-PE1] tunnel-policy te-lsp1
    [*DCI-PE1-tunnel-policy-te-lsp1] tunnel select-seq cr-lsp load-balance-number 1
    [*DCI-PE1-tunnel-policy-te-lsp1] quit
    [*DCI-PE1] ip vpn-instance vpn1
    [*DCI-PE1-vpn-instance-vpn1] ipv4-family
    [*DCI-PE1-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1
    [*DCI-PE1-vpn-instance-vpn1-af-ipv4] tnl-policy te-lsp1
    [*DCI-PE1-vpn-instance-vpn1-af-ipv4] vpn-target 111:1 both
    [*DCI-PE1-vpn-instance-vpn1-af-ipv4] quit
    [*DCI-PE1-vpn-instance-vpn1] quit
    [*DCI-PE1] interface gigabitethernet 0/1/0
    [*DCI-PE1-GigabitEthernet0/1/0] ip binding vpn-instance vpn1
    [*DCI-PE1-GigabitEthernet0/1/0] ip address 192.168.20.1 24
    [*DCI-PE1-GigabitEthernet0/1/0] quit
    [*DCI-PE1] commit

    # Configure DCI-PE2.

    [~DCI-PE2] tunnel-policy te-lsp1
    [*DCI-PE2-tunnel-policy-te-lsp1] tunnel select-seq cr-lsp load-balance-number 1
    [*DCI-PE2-tunnel-policy-te-lsp1] quit
    [*DCI-PE2] ip vpn-instance vpn1
    [*DCI-PE2-vpn-instance-vpn1] ipv4-family
    [*DCI-PE2-vpn-instance-vpn1-af-ipv4] route-distinguisher 200:1
    [*DCI-PE2-vpn-instance-vpn1-af-ipv4] tnl-policy te-lsp1
    [*DCI-PE2-vpn-instance-vpn1-af-ipv4] vpn-target 111:1 both
    [*DCI-PE2-vpn-instance-vpn1-af-ipv4] quit
    [*DCI-PE2-vpn-instance-vpn1] quit
    [*DCI-PE2] interface gigabitethernet 0/1/0
    [*DCI-PE2-GigabitEthernet0/1/0] ip binding vpn-instance vpn1
    [*DCI-PE2-GigabitEthernet0/1/0] ip address 192.168.30.1 24
    [*DCI-PE2-GigabitEthernet0/1/0] quit
    [*DCI-PE2] commit

  5. Set up an EBGP peer relationship between each DCI-PE and its connected GW.

    # Configure DCI-PE1.

    [~DCI-PE1] bgp 100
    [*DCI-PE1-bgp] ipv4-family vpn-instance vpn1
    [*DCI-PE1-bgp-vpn1] peer 192.168.20.2 as-number 65410
    [*DCI-PE1-bgp-vpn1] quit
    [*DCI-PE1] commit

    # Configure DCI-PE2.

    [~DCI-PE2] bgp 100
    [*DCI-PE2-bgp] ipv4-family vpn-instance vpn1
    [*DCI-PE2-bgp-vpn1] peer 192.168.30.2 as-number 65420
    [*DCI-PE2-bgp-vpn1] quit
    [*DCI-PE2] commit

  6. Set up an MP-IBGP peer relationship between DCI-PEs.

    # Configure DCI-PE1.

    [~DCI-PE1] bgp 100
    [*DCI-PE1-bgp] peer 3.3.3.3 as-number 100
    [*DCI-PE1-bgp] peer 3.3.3.3 connect-interface loopback 1
    [*DCI-PE1-bgp] ipv4-family vpnv4
    [*DCI-PE1-bgp-af-vpnv4] peer 3.3.3.3 enable
    [*DCI-PE1-bgp-af-vpnv4] quit
    [*DCI-PE1-bgp] quit
    [*DCI-PE1] commit

    # Configure DCI-PE2.

    [~DCI-PE2] bgp 100
    [*DCI-PE2-bgp] peer 1.1.1.1 as-number 100
    [*DCI-PE2-bgp] peer 1.1.1.1 connect-interface loopback 1
    [*DCI-PE2-bgp] ipv4-family vpnv4
    [*DCI-PE2-bgp-af-vpnv4] peer 1.1.1.1 enable
    [*DCI-PE2-bgp-af-vpnv4] quit
    [*DCI-PE2-bgp] quit
    [*DCI-PE2] commit

  7. Verify the configuration.

    Run the display ip routing-table vpn-instance command on DCI-PEs. The following example uses the command output on DCI-PE1. The command output shows that DCI-PE1 has a route to the loopback interface of GW1.

    [~DCI-PE1] display ip routing-table vpn-instance vpn1
    Route Flags: R - relay, D - download
    to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Tables: vpn1
             Destinations : 6        Routes : 6
    Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface
         192.168.20.0/24    Direct 0    0        D     192.168.20.1    GigabitEthernet0/1/0
         192.168.20.1/32    Direct 0    0        D     127.0.0.1       GigabitEthernet0/1/0
       192.168.20.255/32    Direct 0    0        D     127.0.0.1       GigabitEthernet0/1/0
             4.4.4.4/32    EBGP   255  0        RD    10.1.1.1        GigabitEthernet0/1/0
             7.7.7.7/32    IBGP   255  0        RD    3.3.3.3         GigabitEthernet0/1/0
      255.255.255.255/32    Direct 0    0        D     127.0.0.1       InLoopBack0

Configuration Files

  • DCI-PE1 configuration file

    #
    sysname DCI-PE1
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 100:1
      tnl-policy te-lsp1
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
    mpls lsr-id 1.1.1.1
    #
    mpls
     mpls te
     mpls te cspf
     mpls rsvp-te
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip binding vpn-instance vpn1
     ip address 192.168.20.1 255.255.255.0
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 192.168.1.1 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface LoopBack1
     ip address 1.1.1.1 255.255.255.255
    #
    interface Tunnel10 
     ip address unnumbered interface LoopBack1
     tunnel-protocol mpls te
     destination 3.3.3.3
     mpls te tunnel-id 100
    #
    bgp 100
     peer 3.3.3.3 as-number 100
     peer 3.3.3.3 connect-interface LoopBack1
    #
     ipv4-family unicast
      peer 3.3.3.3 enable
    #
     ipv4-family vpnv4
      policy vpn-target
      peer 3.3.3.3 enable
     #
     ipv4-family vpn-instance vpn1
      peer 192.168.20.2 as-number 65410
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      network 1.1.1.1 0.0.0.0
      network 192.168.1.0 0.0.0.255
      mpls-te enable
    #
    tunnel-policy te-lsp1
     tunnel select-seq cr-lsp load-balance-number 1
    #
    return
  • P configuration file

    #
    sysname P
    #
    mpls lsr-id 2.2.2.2
    #
    mpls
     mpls te
     mpls te cspf
     mpls rsvp-te
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 192.168.1.2 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 192.168.10.1 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface LoopBack1
     ip address 2.2.2.2 255.255.255.255
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      network 2.2.2.2 0.0.0.0
      network 192.168.1.0 0.0.0.255
      network 192.168.10.0 0.0.0.255
     mpls-te enable
    #
    return
  • DCI-PE2 configuration file

    #
    sysname DCI-PE2
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 200:1
      tnl-policy te-lsp1
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
    mpls lsr-id 3.3.3.3
    #
    mpls
     mpls te
     mpls te cspf
     mpls rsvp-te
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip binding vpn-instance vpn1
     ip address 192.168.30.1 255.255.255.0
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 192.168.10.2 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface LoopBack1
     ip address 3.3.3.3 255.255.255.255
    #
    interface Tunnel10 
     ip address unnumbered interface LoopBack1
     tunnel-protocol mpls te
     destination 1.1.1.1
     mpls te tunnel-id 100
    #
    bgp 100
     peer 1.1.1.1 as-number 100
     peer 1.1.1.1 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 1.1.1.1 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 1.1.1.1 enable
     #
     ipv4-family vpn-instance vpn1
      peer 192.168.30.2 as-number 65420
     #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      network 3.3.3.3 0.0.0.0
      network 192.168.10.0 0.0.0.255
      mpls-te enable
    #
    tunnel-policy te-lsp1
     tunnel select-seq cr-lsp load-balance-number 1
    #
    return
  • GW1 configuration file

    See the data center device configuration file.

  • Device 1 configuration file

    See the data center device configuration file.

  • Device 2 configuration file

    See the data center device configuration file.

  • GW2 configuration file

    See the data center device configuration file.

  • Device 3 configuration file

    See the data center device configuration file.

  • Device 4 configuration file

    See the data center device configuration file.

Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 30355

Downloads: 55

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next