No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a DCI Scenario with a VXLAN EVPN L3VPN Accessing a Common L3VPN

Example for Configuring a DCI Scenario with a VXLAN EVPN L3VPN Accessing a Common L3VPN

This section provides an example for configuring a DCI scenario with a VXLAN EVPN L3VPN accessing a common L3VPN. In this example, a data center gateway is connected to a PE on the DCI network through a VXLAN tunnel, and a common L3VPN is deployed on the DCI network to implement data center interconnection.

Networking Requirements

In Figure 11-29, data center gateway devices GW1 and GW2 are connected to the DCI backbone network. To allow inter-data center VM communication (for example, VMa1 and VMb2 communication), BGP/MPLS IP VPN functions must be deployed on the DCI backbone network, and EVPN and VXLAN tunnels must be deployed between the GW and DCI-PE to transmit VM host IP route information.

Figure 11-29 Configuring a DCI scenario with a VXLAN EVPN L3VPN accessing a common L3VPN
NOTE:

In this example, Interface 1 and Interface 2 stand for GE 0/1/0 and GE 0/2/0, respectively.



Table 11-3 Interface IP addresses

Device

Interface Name

IP Address

DCI-PE1

GigabitEthernet 0/1/0

192.168.20.1/24

GigabitEthernet 0/2/0

192.168.1.1/24

LoopBack1

1.1.1.1/32

P

GigabitEthernet 0/1/0

192.168.1.2/24

GigabitEthernet 0/2/0

192.168.10.1/24

LoopBack1

2.2.2.2/32

DCI-PE2

GigabitEthernet 0/1/0

192.168.30.1/24

GigabitEthernet 0/2/0

192.168.10.2/24

LoopBack1

3.3.3.3/32

Configuration Roadmap

The configuration roadmap is as follows:

  1. Enable OSPF on the DCI backbone network for DCI-PEs to communicate with each other.

  2. Configure an MPLS TE tunnel on the DCI backbone network.

  3. Configure a VPN instance on each DCI-PE and bind the interface connected to a GW to the VPN instance.

  4. Establish an MP-IBGP peer relationship between DCI-PEs for them to exchange VPNv4 routes.

  5. Configure VXLAN tunnels between DCI-PEs and GWs.

  6. Configure the route regeneration function on each DCI-PE-GW.

Data Preparation

To complete the configuration, you need the following data:

  • MPLS LSR IDs of the DCI-PEs and P

  • RD of a VPN instance

  • VPN targets

Procedure

  1. Assign an IP address to each interface on each node, and configure loopback interface addresses.

    For configuration details, see Configuration Files in this section.

  2. Configure an IGP on the DCI backbone network. OSPF is used as an IGP in this example.

    For configuration details, see Configuration Files in this section.

  3. Configure an MPLS TE tunnel on the DCI backbone network.

    For configuration details, see Configuration Files in this section.

  4. Establish a VXLAN tunnel.
    1. Establish an EBGP EVPN peer relationship between each DCI-PE and its connected GW.

      # Configure DCI-PE1.

      [~DCI-PE1] bgp 100
      [*DCI-PE1-bgp] peer 4.4.4.4 as-number 65410
      [*DCI-PE1-bgp] peer 4.4.4.4 ebgp-max-hop 255
      [*DCI-PE1-bgp] peer 4.4.4.4 connect-interface loopback 1
      [*DCI-PE1-bgp] l2vpn-family evpn
      [*DCI-PE1-bgp-af-evpn] peer 4.4.4.4 enable
      [*DCI-PE1-bgp-af-evpn] peer 4.4.4.4 advertise encap-type vxlan
      [*DCI-PE1-bgp-af-evpn] quit
      [*DCI-PE1-bgp] quit
      [*DCI-PE1] commit

      # Configure DCI-PE2.

      [~DCI-PE2] bgp 100
      [*DCI-PE2-bgp] peer 5.5.5.5 as-number 65420
      [*DCI-PE2-bgp] peer 5.5.5.5 ebgp-max-hop 255
      [*DCI-PE2-bgp] peer 5.5.5.5 connect-interface loopback 1
      [*DCI-PE2-bgp] l2vpn-family evpn
      [*DCI-PE2-bgp-af-evpn] peer 5.5.5.5 enable
      [*DCI-PE2-bgp-af-evpn] peer 5.5.5.5 advertise encap-type vxlan
      [*DCI-PE2-bgp-af-evpn] quit
      [*DCI-PE2-bgp] quit
      [*DCI-PE2] commit

    2. Configure a VPN instance.

      # Configure DCI-PE1.

      [~DCI-PE1] ip vpn-instance vpn1
      [*DCI-PE1-vpn-instance-vpn1] vxlan vni 5010
      [*DCI-PE1-vpn-instance-vpn1] ipv4-family
      [*DCI-PE1-vpn-instance-vpn1-af-ipv4] route-distinguisher 11:11
      [*DCI-PE1-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 both
      [*DCI-PE1-vpn-instance-vpn1-af-ipv4] vpn-target 11:1 both evpn
      [*DCI-PE1-vpn-instance-vpn1-af-ipv4] quit
      [*DCI-PE1-vpn-instance-vpn1] quit
      [*DCI-PE1] commit

      # Configure DCI-PE2.

      [~DCI-PE2] ip vpn-instance vpn1
      [*DCI-PE2-vpn-instance-vpn1] vxlan vni 5020
      [*DCI-PE2-vpn-instance-vpn1] ipv4-family
      [*DCI-PE2-vpn-instance-vpn1-af-ipv4] route-distinguisher 22:22
      [*DCI-PE2-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 both
      [*DCI-PE2-vpn-instance-vpn1-af-ipv4] vpn-target 11:1 both evpn
      [*DCI-PE2-vpn-instance-vpn1-af-ipv4] quit
      [*DCI-PE2-vpn-instance-vpn1] quit
      [*DCI-PE2] commit

    3. Configure an IP address for the source VTEP.

      # Configure DCI-PE1.

      [~DCI-PE1] interface nve 1
      [*DCI-PE1-Nve1] source 1.1.1.1
      [*DCI-PE1-Nve1] quit
      [*DCI-PE1] commit

      # Configure DCI-PE2.

      [~DCI-PE2] interface nve 1
      [*DCI-PE2-Nve1] source 3.3.3.3
      [*DCI-PE2-Nve1] quit
      [*DCI-PE2] commit

  5. Configure a VPN instance on each DCI-PE to apply a tunnel policy.

    # Configure DCI-PE1.

    [~DCI-PE1] tunnel-policy te-lsp1
    [*DCI-PE1-tunnel-policy-te-lsp1] tunnel select-seq cr-lsp load-balance-number 1
    [*DCI-PE1-tunnel-policy-te-lsp1] quit
    [*DCI-PE1] ip vpn-instance vpn1
    [*DCI-PE1-vpn-instance-vpn1] ipv4-family
    [*DCI-PE1-vpn-instance-vpn1-af-ipv4] tnl-policy te-lsp1
    [*DCI-PE1-vpn-instance-vpn1-af-ipv4] quit
    [*DCI-PE1-vpn-instance-vpn1] quit
    [*DCI-PE1] commit

    # Configure DCI-PE2.

    [~DCI-PE2] tunnel-policy te-lsp1
    [*DCI-PE2-tunnel-policy-te-lsp1] tunnel select-seq cr-lsp load-balance-number 1
    [*DCI-PE2-tunnel-policy-te-lsp1] quit
    [*DCI-PE2] ip vpn-instance vpn1
    [*DCI-PE2-vpn-instance-vpn1] ipv4-family
    [*DCI-PE2-vpn-instance-vpn1-af-ipv4] tnl-policy te-lsp1
    [*DCI-PE2-vpn-instance-vpn1-af-ipv4] quit
    [*DCI-PE2-vpn-instance-vpn1] quit
    [*DCI-PE2] commit

  6. Set up an MP-IBGP peer relationship between DCI-PEs.

    # Configure DCI-PE1.

    [~DCI-PE1] bgp 100
    [*DCI-PE1-bgp] peer 3.3.3.3 as-number 100
    [*DCI-PE1-bgp] peer 3.3.3.3 connect-interface loopback 1
    [*DCI-PE1-bgp] ipv4-family vpnv4
    [*DCI-PE1-bgp-af-vpnv4] peer 3.3.3.3 enable
    [*DCI-PE1-bgp-af-vpnv4] quit
    [*DCI-PE1-bgp] quit
    [*DCI-PE1] commit

    # Configure DCI-PE2.

    [~DCI-PE2] bgp 100
    [*DCI-PE2-bgp] peer 1.1.1.1 as-number 100
    [*DCI-PE2-bgp] peer 1.1.1.1 connect-interface loopback 1
    [*DCI-PE2-bgp] ipv4-family vpnv4
    [*DCI-PE2-bgp-af-vpnv4] peer 1.1.1.1 enable
    [*DCI-PE2-bgp-af-vpnv4] quit
    [*DCI-PE2-bgp] quit
    [*DCI-PE2] commit

  7. Configure each DCI-PE to send regenerated EVPN routes to VPNv4 peers and to send regenerated VPNv4 routes to EVPN peers.

    # Configure DCI-PE1.

    [~DCI-PE1] bgp 100
    [*DCI-PE1-bgp] l2vpn-family evpn
    [*DCI-PE1-bgp-af-evpn] peer 4.4.4.4 import reoriginate
    [*DCI-PE1-bgp-af-evpn] peer 4.4.4.4 advertise route-reoriginated vpnv4
    [*DCI-PE1-bgp-af-evpn] quit
    [*DCI-PE2-bgp] ipv4-family vpnv4
    [*DCI-PE1-bgp-af-vpnv4] peer 3.3.3.3 import reoriginate
    [*DCI-PE1-bgp-af-vpnv4] peer 43.3.3.3 advertise route-reoriginated evpn mac-ip
    [*DCI-PE1-bgp-af-vpnv4] peer 3.3.3.3 advertise route-reoriginated evpn ip
    [*DCI-PE1-bgp-af-vpnv4] quit
    [*DCI-PE1-bgp] quit
    [*DCI-PE1] commit

    # Configure DCI-PE2.

    [~DCI-PE1] bgp 100
    [*DCI-PE1-bgp] l2vpn-family evpn
    [*DCI-PE1-bgp-af-evpn] peer 5.5.5.5 import reoriginate
    [*DCI-PE1-bgp-af-evpn] peer 5.5.5.5 advertise route-reoriginated vpnv4
    [*DCI-PE1-bgp-af-evpn] quit
    [*DCI-PE2-bgp] ipv4-family vpnv4
    [*DCI-PE2-bgp-af-vpnv4] peer 1.1.1.1 import reoriginate
    [*DCI-PE2-bgp-af-vpnv4] peer 1.1.1.1 advertise route-reoriginated evpn mac-ip
    [*DCI-PE2-bgp-af-vpnv4] peer 1.1.1.1 advertise route-reoriginated evpn ip
    [*DCI-PE2-bgp-af-vpnv4] quit
    [*DCI-PE2-bgp] quit
    [*DCI-PE2] commit

  8. Verify the configuration.

    Run the display ip routing-table vpn-instance command on DCI-PEs. The following example uses the command output on DCI-PE1. The command output shows that DCI-PE1 has a route to the loopback interface of GW1.

    [~DCI-PE1] display ip routing-table vpn-instance vpna
    Route Flags: R - relay, D - download
    to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Tables: vpn1
             Destinations : 6        Routes : 6
    Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface
         192.168.20.0/24    Direct 0    0        D     192.168.20.1    GigabitEthernet0/1/0
         192.168.20.1/32    Direct 0    0        D     127.0.0.1       GigabitEthernet0/1/0
       192.168.20.255/32    Direct 0    0        D     127.0.0.1       GigabitEthernet0/1/0
             4.4.4.4/32    EBGP   255  0        RD    10.1.1.1        GigabitEthernet0/1/0
             7.7.7.7/32    IBGP   255  0        RD    3.3.3.3         GigabitEthernet0/1/0
      255.255.255.255/32    Direct 0    0        D     127.0.0.1       InLoopBack0

    Run the display vxlan tunnel command on DCI-PEs to check information about the VXLAN tunnel. The following example uses the command output on DCI-PE1.

    [~DCI-PE1] display vxlan tunnel
    Number of vxlan tunnel : 1
    Tunnel ID   Source           Destination      State  Type    Uptime
    -------------------------------------------------------------------
    4026531841  1.1.1.1          4.4.4.4          up     dynamic 0030h26m

Configuration Files

  • DCI-PE1 configuration file

    #
    sysname DCI-PE1
    #
    isis 1
     network-entity 10.0000.0000.0001.00
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 11:11
      tnl-policy te-lsp1
      vpn-target 1:1 export-extcommunity
      vpn-target 11:1 export-extcommunity evpn
      vpn-target 1:1 import-extcommunity
      vpn-target 11:1 import-extcommunity evpn
     vxlan vni 5010
    #
    mpls lsr-id 1.1.1.1
    #
    mpls
     mpls te
     mpls te cspf
     mpls rsvp-te
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 192.168.20.1 255.255.255.0
     isis enable 1
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 192.168.1.1 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface LoopBack1
     ip address 1.1.1.1 255.255.255.255
     isis enable 1
    #
    interface Nve1
     source 1.1.1.1
    #
    interface Tunnel10 
     ip address unnumbered interface LoopBack1
     tunnel-protocol mpls te
     destination 3.3.3.3
     mpls te tunnel-id 100
    #
    bgp 100
     peer 3.3.3.3 as-number 100
     peer 3.3.3.3 connect-interface LoopBack1
     peer 4.4.4.4 as-number 65410
     peer 4.4.4.4 ebgp-max-hop 255
     peer 4.4.4.4 connect-interface LoopBack1
    #
     ipv4-family unicast
      peer 3.3.3.3 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 3.3.3.3 enable
      peer 3.3.3.3 import reoriginate
      peer 3.3.3.3 advertise route-reoriginated evpn ip
      peer 3.3.3.3 advertise route-reoriginated evpn mac-ip
     #
     l2vpn-family evpn
      undo policy vpn-target
      peer 4.4.4.4 enable
      peer 4.4.4.4 advertise encap-type vxlan
      peer 4.4.4.4 import reoriginate
      peer 4.4.4.4 advertise route-reoriginated vpnv4
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      network 1.1.1.1 0.0.0.0
      network 192.168.1.0 0.0.0.255
      mpls-te enable
    #
    tunnel-policy te-lsp1
     tunnel select-seq cr-lsp load-balance-number 1
    #
    return
  • P configuration file

    #
    sysname P
    #
    mpls lsr-id 2.2.2.2
    #
    mpls
     mpls te
     mpls te cspf
     mpls rsvp-te
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 192.168.1.2 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 192.168.10.1 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface LoopBack1
     ip address 2.2.2.2 255.255.255.255
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      network 2.2.2.2 0.0.0.0
      network 192.168.1.0 0.0.0.255
      network 192.168.10.0 0.0.0.255
      mpls-te enable
    #
    return
  • DCI-PE2 configuration file

    #
    sysname DCI-PE2
    #
    isis 1
     network-entity 10.0000.0000.0001.00
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 22:22
      tnl-policy te-lsp1
      vpn-target 1:1 export-extcommunity
      vpn-target 11:1 export-extcommunity evpn
      vpn-target 1:1 import-extcommunity
      vpn-target 11:1 import-extcommunity evpn
     vxlan vni 5020
    #
    mpls lsr-id 3.3.3.3
    #
    mpls
     mpls te
     mpls te cspf
     mpls rsvp-te
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 192.168.30.1 255.255.255.0
     isis enable 1
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 192.168.10.2 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface LoopBack1
     ip address 3.3.3.3 255.255.255.255
     isis enable 1
    #
    interface Nve1
     source 3.3.3.3
    #
    interface Tunnel10 
     ip address unnumbered interface LoopBack1
     tunnel-protocol mpls te
     destination 1.1.1.1
     mpls te tunnel-id 100
    #
    bgp 100
     peer 1.1.1.1 as-number 100
     peer 1.1.1.1 connect-interface LoopBack1
     peer 5.5.5.5 as-number 65420
     peer 5.5.5.5 ebgp-max-hop 255
     peer 5.5.5.5 connect-interface LoopBack1
    #
     ipv4-family unicast
      peer 1.1.1.1 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 1.1.1.1 enable
      peer 1.1.1.1 import reoriginate
      peer 1.1.1.1 advertise route-reoriginated evpn ip
      peer 1.1.1.1 advertise route-reoriginated evpn mac-ip
     #
     l2vpn-family evpn
      undo policy vpn-target
      peer 5.5.5.5 enable
      peer 5.5.5.5 advertise encap-type vxlan
      peer 5.5.5.5 import reoriginate
      peer 5.5.5.5 advertise route-reoriginated vpnv4
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      network 3.3.3.3 0.0.0.0
      network 192.168.10.0 0.0.0.255
      mpls-te enable
    #
    tunnel-policy te-lsp1
     tunnel select-seq cr-lsp load-balance-number 1
    #
    return
  • GW1 configuration file

    See the data center device configuration file.

  • Device 1 configuration file

    See the data center device configuration file.

  • Device 2 configuration file

    See the data center device configuration file.

  • GW2 configuration file

    See the data center device configuration file.

  • Device 3 configuration file

    See the data center device configuration file.

  • Device 4 configuration file

    See the data center device configuration file.

Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 28199

Downloads: 53

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next