No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Two RRs for the Optimization of the VPN Backbone Layer

Example for Configuring Two RRs for the Optimization of the VPN Backbone Layer

If a great number of MP-IBGP connections exist between PEs, you can configure RRs to reduce the number of MP-IBGP connections and the workload of PEs, optimizing the VPN backbone layer.

Networking Requirements

When deploying a VPN, you can configure two RRs on the VPN to improve reliability. To achieve this, you need to configure two Ps in the same AS on the backbone network as RRs and ensure that the two RRs back up each other and reflect VPNv4 and public network routes.

Figure 5-22 Configuring two RRs for the optimization of the VPN backbone layer
NOTE:

Interfaces 1 through 3 in this example are GE 0/1/0, GE 0/2/0, GE0/3/0, respectively.



On the network shown in Figure 5-22, PE1, PE2, RR1, and RR2 are in AS100 of the backbone network. CE1 and CE2 belong to vpna. It is required that RR1 and RR2 be configured as RRs.

Configuration Notes

When configuring two RRs for the optimization of the VPN backbone layer, ensure that:

  • The RRs do not filter the received VPNv4 routes based on VPN targets.

  • The RRs that back up each other are configured with the same cluster ID.

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure an IGP, enable MPLS and MPLS LDP, and set up LDP LSPs on the MPLS backbone network.

  2. Set up MP-IBGP connections between the PEs and RRs. There is no need to set up an MP-IBGP connection between PEs.

  3. Set up an EBGP connection between each PE and CE.

  4. Configure RR1 and RR2 to back up each other and configure them with the same cluster ID.

  5. Configure RR1 and RR2 to receive all VPNv4 routes without filtering them based on VPN targets, because RR1 and RR2 must save all VPNv4 routes and advertise them to PEs.

NOTE:

On a VPN with two RRs, there must be at least two paths not sharing the same network segment or node between each RR and PE. Otherwise, configuring two RRs is unnecessary.

Data Preparation

To complete the configuration, you need the following data:

  • MPLS LSR IDs of the PEs and RRs

  • Names, RDs, and VPN targets of the VPN instances on PE1 and PE2

  • AS numbers of the PEs and CEs

  • BGP peer group name

Procedure

  1. Configure an IGP on the MPLS backbone network to implement interworking of devices along the LSP.

    This example uses OSPF as the IGP. For configuration details, see Configuration Files in this section.

    NOTE:

    The loopback interface IP addresses used as LSR IDs must be advertised.

    After completing the configurations, the devices along the LSP can learn the IP address of each other's loopback interface.

    The following example uses the command output on PE1.

    <PE1> display ip routing-table
    Route Flags: R - relay, D - download
    to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Tables: _public_
             Destinations : 17       Routes : 19
      Destination/Mask  Proto  Pre  Cost         Flags  NextHop         Interface
            1.1.1.9/32  Direct 0    0                D  127.0.0.1       InLoopBack0
            2.2.2.9/32  OSPF   10   2                D  100.1.2.2       GigabitEthernet0/1/0
            3.3.3.9/32  OSPF   10   2                D  100.1.3.2       GigabitEthernet0/3/0
            4.4.4.9/32  OSPF   10   3                D  100.1.3.2       GigabitEthernet0/3/0
                        OSPF   10   3                D  100.1.2.2       GigabitEthernet0/1/0
          100.1.2.0/24  Direct 0    0                D  100.1.2.1       GigabitEthernet0/1/0
          100.1.2.1/32  Direct 0    0                D  127.0.0.1       GigabitEthernet0/1/0
        100.1.2.255/32  Direct 0    0                D  127.0.0.1       GigabitEthernet0/1/0
          100.1.3.0/24  Direct 0    0                D  100.1.3.1       GigabitEthernet0/3/0
          100.1.3.1/32  Direct 0    0                D  127.0.0.1       GigabitEthernet0/3/0
        100.1.3.255/32  Direct 0    0                D  127.0.0.1       GigabitEthernet0/3/0
          100.2.3.0/24  OSPF   10   2                D  100.1.3.2       GigabitEthernet0/3/0
                        OSPF   10   2                D  100.1.2.2       GigabitEthernet0/1/0
          100.2.4.0/24  OSPF   10   2                D  100.1.2.2       GigabitEthernet0/1/0
          100.3.4.0/24  OSPF   10   2                D  100.1.3.2       GigabitEthernet0/3/0
          127.0.0.0/8   Direct 0    0                D  127.0.0.1       InLoopBack0
          127.0.0.1/32  Direct 0    0                D  127.0.0.1       InLoopBack0
    127.255.255.255/32  Direct 0    0                D  127.0.0.1       InLoopBack0
    255.255.255.255/32  Direct 0    0                D  127.0.0.1       InLoopBack0

  2. Set up LSPs on the MPLS backbone network.

    Enable MPLS and MPLS LDP on the devices and interfaces along the LSP. For configuration details, see Configuration Files in this section.

    After completing the configurations, run the display mpls ldp session command on the PEs and RRs. The command output shows that the Status field is Operational.

    The following example uses the command output on PE1.

    <PE1> display mpls ldp session
                   LDP Session(s) in Public Network
     Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDD:HH:MM)
     An asterisk (*) before a session means the session is being deleted.
    ----------------------------------------------------------------------
     Peer-ID            Status      LAM  SsnRole  SsnAge      KA-Sent/Rcv
    ----------------------------------------------------------------------
     2.2.2.9:0          Operational DU   Passive  000:00:01   8/8
     3.3.3.9:0          Operational DU   Passive  000:00:00   4/4
    ----------------------------------------------------------------------
     TOTAL: 2 session(s) Found.
     LAM : Label Advertisement Mode      SsnAge Unit : DDD:HH:MM
    <RR1> display mpls ldp session
                   LDP Session(s) in Public Network
     Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDD:HH:MM)
     An asterisk (*) before a session means the session is being deleted.
    ----------------------------------------------------------------------
     Peer-ID            Status      LAM  SsnRole  SsnAge      KA-Sent/Rcv
    ----------------------------------------------------------------------
     1.1.1.9:0          Operational DU   Active   000:00:02   11/11
     3.3.3.9:0          Operational DU   Passive  000:00:01   8/8
     4.4.4.9:0          Operational DU   Passive  000:00:00   4/4
    ----------------------------------------------------------------------
     TOTAL: 3 session(s) Found.
     LAM : Label Advertisement Mode      SsnAge Unit : DDD:HH:MM
    

  3. Set up an MP-IBGP peer relationship between each PE and RR.

    # Configure PE1.

    <PE1> system-view
    [~PE1] bgp 100
    [*PE1-bgp] peer 2.2.2.9 as-number 100
    [*PE1-bgp] peer 2.2.2.9 connect-interface loopback 1
    [*PE1-bgp] peer 3.3.3.9 as-number 100
    [*PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
    [*PE1-bgp] ipv4-family vpnv4
    [*PE1-bgp-af-vpnv4] peer 2.2.2.9 enable
    [*PE1-bgp-af-vpnv4] peer 3.3.3.9 enable
    [*PE1-bgp-af-vpnv4] commit
    [~PE1-bgp-af-vpnv4] quit

    # Configure RR1.

    <RR1> system-view
    [~RR1] bgp 100
    [*RR1-bgp] peer 1.1.1.9 as-number 100
    [*RR1-bgp] peer 1.1.1.9 connect-interface loopback 1
    [*RR1-bgp] peer 3.3.3.9 as-number 100
    [*RR1-bgp] peer 3.3.3.9 connect-interface loopback 1
    [*RR1-bgp] peer 4.4.4.9 as-number 100
    [*RR1-bgp] peer 4.4.4.9 connect-interface loopback 1
    [*RR1-bgp] ipv4-family vpnv4
    [*RR1-bgp-af-vpnv4] peer 1.1.1.9 enable
    [*RR1-bgp-af-vpnv4] peer 3.3.3.9 enable
    [*RR1-bgp-af-vpnv4] peer 4.4.4.9 enable
    [*RR1-bgp-af-vpnv4] commit
    [~RR1-bgp-af-vpnv4] quit
    [~RR1-bgp] quit

    # Configure RR2.

    <RR2> system-view
    [~RR2] bgp 100
    [*RR2-bgp] peer 1.1.1.9 as-number 100
    [*RR2-bgp] peer 1.1.1.9 connect-interface loopback 1
    [*RR2-bgp] peer 2.2.2.9 as-number 100
    [*RR2-bgp] peer 2.2.2.9 connect-interface loopback 1
    [*RR2-bgp] peer 4.4.4.9 as-number 100
    [*RR2-bgp] peer 4.4.4.9 connect-interface loopback 1
    [*RR2-bgp] ipv4-family vpnv4
    [*RR2-bgp-af-vpnv4] peer 1.1.1.9 enable
    [*RR2-bgp-af-vpnv4] peer 2.2.2.9 enable
    [*RR2-bgp-af-vpnv4] peer 4.4.4.9 enable
    [*RR2-bgp-af-vpnv4] commit
    [~RR2-bgp-af-vpnv4] quit
    [~RR2-bgp] quit

    The configuration of PE2 is similar to the configuration of PE1. For configuration details, see Configuration Files in this section.

    After completing the configurations, run the display bgp vpnv4 all peer command on PEs. The command output shows that the IBGP peer relationship is established between each PE and RR, and the EBGP peer relationship is established between each PE and CE.

    The following example uses the command output on PE1.

    <PE1> display bgp vpnv4 all peer
     BGP local router ID : 1.1.1.9
     Local AS number : 100
     Total number of peers : 3                 Peers in established state : 3
      Peer          V    AS  MsgRcvd  MsgSent  OutQ  Up/Down       State PrefRcv
      2.2.2.9      4    100  2        4         0   00:00:31    Established   0
      3.3.3.9      4    100  3        5         0   00:01:23    Established   0

  4. Set up EBGP peer relationships between PEs and CEs to import VPN routes.

    For details, see Example for Configuring a BGP/MPLS IP VPN.

  5. Configure a VPN instance enabled with the IPv4 address family on each PE.

    For details, see Example for Configuring a BGP/MPLS IP VPN.

  6. Configure route reflection on RR1 and RR2.

    # Configure RR1.

    [~RR1] bgp 100
    [~RR1-bgp] ipv4-family vpnv4
    [*RR1-bgp-af-vpnv4] reflector cluster-id 100
    [*RR1-bgp-af-vpnv4] peer 1.1.1.9 reflect-client
    [*RR1-bgp-af-vpnv4] peer 3.3.3.9 reflect-client
    [*RR1-bgp-af-vpnv4] peer 4.4.4.9 reflect-client
    [*RR1-bgp-af-vpnv4] undo policy vpn-target
    [*RR1-bgp-af-vpnv4] commit
    [~RR1-bgp-af-vpnv4] quit

    # Configure RR2.

    [*RR2] bgp 100
    [*RR2-bgp] ipv4-family vpnv4
    [*RR2-bgp-af-vpnv4] reflector cluster-id 100
    [*RR2-bgp-af-vpnv4] peer 1.1.1.9 reflect-client
    [*RR2-bgp-af-vpnv4] peer 2.2.2.9 reflect-client
    [*RR2-bgp-af-vpnv4] peer 4.4.4.9 reflect-client
    [*RR2-bgp-af-vpnv4] undo policy vpn-target
    [*RR2-bgp-af-vpnv4] commit
    [~RR2-bgp-af-vpnv4] quit

  7. Verify the configuration.

    Check the VPN routing table on the PEs. The command output shows routes to the loopback interfaces of the remote CEs.

    The following example uses the command output on PE1.

    <PE1> display ip routing-table vpn-instance vpna
    Route Flags: R - relay, D - download
    to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Tables: vpna
             Destinations : 3        Routes : 3
      Destination/Mask  Proto  Pre  Cost         Flags  NextHop         Interface
        11.11.11.11/32  EBGP   255  0               RD  10.1.1.1        GigabitEthernet0/2/0
       22.22.22.22/32  IBGP   255  0               RD  4.4.4.9         GigabitEthernet0/3/0
    255.255.255.255/32  Direct 0    0                D  127.0.0.1       InLoopBack0

    CE1 and CE2 can successfully ping each other. This indicates that the configuration succeeds.

    After the shutdown command is run in the view of GE 0/3/0 on PE1 or GE 0/3/0 on PE2, CE1 and CE2 can still successfully ping each other. This indicates that the two RRs are successfully configured.

Configuration Files

  • PE1 configuration file

    #
     sysname PE1
    #
    ip vpn-instance vpna
     ipv4-family
      route-distinguisher 100:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 1.1.1.9
    #
    mpls
    #
    mpls ldp
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 100.1.2.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip binding vpn-instance vpna
     ip address 10.1.1.2 255.255.255.0
    #
    interface GigabitEthernet0/3/0
     undo shutdown
     ip address 100.1.3.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    bgp 100
     peer 2.2.2.9 as-number 100
     peer 2.2.2.9 connect-interface LoopBack1
     peer 3.3.3.9 as-number 100
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family unicast
        undo synchronization
      peer 2.2.2.9 enable
      peer 3.3.3.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 2.2.2.9 enable
      peer 3.3.3.9 enable
     #
     ipv4-family vpn-instance vpna
      peer 10.1.1.1 as-number 65410
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 100.1.2.0 0.0.0.255
      network 100.1.3.0 0.0.0.255
    #
    return 
  • RR1 configuration file

    #
     sysname RR1
    #
    mpls lsr-id 2.2.2.9
    #
    mpls
    #
    mpls ldp
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 100.1.2.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 100.2.3.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/3/0
     undo shutdown
     ip address 100.2.4.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    bgp 100
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface loopback 1
     peer 3.3.3.9 as-number 100
     peer 3.3.3.9 connect-interface loopback 1
     peer 4.4.4.9 as-number 100
     peer 4.4.4.9 connect-interface loopback 1
     #
     ipv4-family unicast
        undo synchronization
      peer 4.4.4.9 enable
      peer 1.1.1.9 enable
      peer 3.3.3.9 enable
     #
     ipv4-family vpnv4
      reflector cluster-id 100
      undo policy vpn-target
      peer 1.1.1.9 enable
      peer 1.1.1.9 reflect-client
      peer 3.3.3.9 enable
      peer 3.3.3.9 reflect-client
      peer 4.4.4.9 enable
      peer 4.4.4.9 reflect-client
    #
    ospf 1
     area 0.0.0.0
      network 100.1.2.0 0.0.0.255
      network 100.2.3.0 0.0.0.255
      network 100.2.4.0 0.0.0.255
      network 2.2.2.9 0.0.0.0
    #
    return
  • RR2 configuration file

    #
     sysname RR2
    #
    mpls lsr-id 3.3.3.9
    #
    mpls
    #
    mpls ldp
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 100.2.3.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 100.3.4.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/3/0
     undo shutdown
     ip address 100.1.3.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    bgp 100
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1
     peer 2.2.2.9 as-number 100
     peer 2.2.2.9 connect-interface LoopBack1
     peer 4.4.4.9 as-number 100
     peer 4.4.4.9 connect-interface LoopBack1
     #
     ipv4-family unicast
        undo synchronization
      peer 1.1.1.9 enable
      peer 2.2.2.9 enable
      peer 4.4.4.9 enable
     #
     ipv4-family vpnv4
      reflector cluster-id 100
      undo policy vpn-target
      peer 1.1.1.9 enable
      peer 1.1.1.9 reflect-client
      peer 2.2.2.9 enable
      peer 2.2.2.9 reflect-client
      peer 4.4.4.9 enable
      peer 4.4.4.9 reflect-client
    #
    ospf 1
     area 0.0.0.0
      network 100.2.3.0 0.0.0.255
      network 100.3.4.0 0.0.0.255
      network 100.1.3.0 0.0.0.255
      network 3.3.3.9 0.0.0.0
    #
    return
  • PE2 configuration file

    #
    sysname PE2
    #
    ip vpn-instance vpna
     ipv4-family
      route-distinguisher 100:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 4.4.4.9
    #
    mpls
    #
    mpls ldp
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 100.3.4.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip binding vpn-instance vpna
     ip address 10.2.1.2 255.255.255.0
    #
    interface GigabitEthernet0/3/0
     undo shutdown
     ip address 100.2.4.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 4.4.4.9 255.255.255.255
    #
    bgp 100
     peer 2.2.2.9 as-number 100
     peer 2.2.2.9 connect-interface LoopBack1
     peer 3.3.3.9 as-number 100
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family unicast
        undo synchronization
      peer 2.2.2.9 enable
      peer 3.3.3.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 3.3.3.9 enable
      peer 2.2.2.9 enable
     #
     ipv4-family vpn-instance vpna
      peer 10.2.1.1 as-number 65420
    #
    ospf 1
     area 0.0.0.0
      network 4.4.4.9 0.0.0.0
      network 100.3.4.0 0.0.0.255
      network 100.2.4.0 0.0.0.255
    #
    return
  • CE1 configuration file

    #
     sysname CE1
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 10.1.1.1 255.255.255.0
    #
    interface Loopback 1
     undo shutdown
     ip address 11.11.11.11 255.255.255.255
    #
    bgp 65410
     peer 10.1.1.2 as-number 100
     network 11.11.11.11 255.255.255.255
     #
     ipv4-family unicast
        undo synchronization
      peer 10.1.1.2 enable
    #
    return
  • CE2 configuration file

    #
     sysname CE2
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 10.2.1.1 255.255.255.0
    #
    interface Loopback 1
     undo shutdown
     ip address 22.22.22.22 255.255.255.255
    #
    bgp 65420
     peer 10.2.1.2 as-number 100
     network 22.22.22.22 255.255.255.255
     #
     ipv4-family unicast
        undo synchronization
      peer 10.2.1.2 enable
    #
    return
Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 36345

Downloads: 61

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next