No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a Routing Protocol on the PE Connected to an MCE

Configuring a Routing Protocol on the PE Connected to an MCE

To enable a PE to communicate with an MCE, configure routing protocol multi-VPN-instance on the MCE.

Context

A PE can communicate with an MCE using any of the following:
  • EBGP
  • IBGP
  • Static route
  • RIP
  • OSPF
  • IS-IS
Perform one or more of the following configurations as required.

Procedure

  • Configure EBGP on the PE.
    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    4. Run peer ipv4-address as-number as-number

      An MCE is configured as a VPN peer for the PE.

    5. (Optional) Run peer { ipv4-address | group-name } ebgp-max-hop [ hop-count ]

      The maximum number of hops between the PE and its EBGP peer (the MCE) is specified.

      This step is mandatory if the PE is not directly connected to the MCE. Generally, EBGP peers are directly connected. If they are not directly connected, run the peer ebgp-max-hop command so that EBGP peers can establish a multi-hop TCP connection.

      The default value of hop-count is 255. If the maximum number of hops is set to 1, the PE cannot establish an EBGP connection with a peer if they are not directly connected.

    6. (Optional) Run either of the following commands:

      • import-route direct [ med med | route-policy route-policy-name ] *

      • network ipv4-address [ mask | mask-length ] [ route-policy route-policy-name ]

      The PE is enabled to import the direct routes destined for the MCE into the VRF table and advertise the routes to the remote PE.

      NOTE:

      The PE automatically learns the direct routes destined for the MCE. The learned routes take precedence over the direct routes advertised from the MCE using EBGP. If this step is not performed, the PE does not use MP-BGP to advertise the direct routes destined for the MCE to the remote PE.

    7. Run commit

      The configuration is committed.

  • Configure IBGP on the PE.
    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    4. Run peer ipv4-address as-number as-number

      An MCE is configured as a VPN peer for the PE.

    5. (Optional) Run either of the following commands:

      • import-route direct [ med med | route-policy route-policy-name ] *

      • network ipv4-address [ mask | mask-length ] [ route-policy route-policy-name ]

      The PE is enabled to import the direct routes destined for the MCE into the VRF table and advertise the routes to the remote PE.

      NOTE:

      The PE automatically learns the direct routes destined for the MCE. The learned routes take precedence over the direct routes advertised from the MCE using IBGP. If this step is not performed, the PE does not use MP-BGP to advertise the direct routes destined for the MCE to the remote PE.

    6. Run commit

      The configuration is committed.

  • Configure a static route on the PE.
    1. Run system-view

      The system view is displayed.

    2. Run ip route-static vpn-instance vpn-source-name destination-address { mask | mask-length } interface-type interface-number [ nexthop-address ] [ preference preference | tag tag ] *

      A static route is configured for a specified VPN instance IPv4 address family.

    3. Run bgp as-number

      The BGP view is displayed.

    4. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    5. Run import-route static [ med med | route-policy route-policy-name ] *

      The configured static route is added to the VRF table of the BGP-VPN instance IPv4 address family.

    6. Run commit

      The configuration is committed.

  • Configure RIP on the PE.
    1. Run system-view

      The system view is displayed.

    2. Run rip process-id vpn-instance vpn-instance-name

      A RIP process is created, and the RIP view is displayed.

      A RIP process can be bound only to one VPN instance.

    3. Run network network-address

      RIP is enabled on the network segment where the interface bound to the VPN instance resides.

    4. Run import-route bgp [ cost { cost | transparent } | route-policy route-policy-name ] *

      BGP routes are imported.

      After the import-route bgp command is run in the RIP view, the PE can import the VPNv4 routes learned from the remote PE into the RIP routing table and advertise them to the MCE.

    5. Run quit

      Return to the system view.

    6. Run bgp as-number

      The BGP view is displayed.

    7. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    8. Run import-route rip process-id [ med med | route-policy route-policy-name ] *

      RIP routes are imported into the VRF table of the BGP-VPN instance IPv4 address family.

      After the import-route rip command is run in the BGP-VPN instance IPv4 address family view, the PE imports the VPN routes learned from the MCE into the BGP routing table and advertises VPNv4 routes to the remote PE.

    9. Run commit

      The configuration is committed.

    NOTE:

    Deleting a VPN instance or disabling a VPN instance IPv4 address family will also delete all the RIP processes bound to this VPN instance or VPN instance IPv4 address family.

  • Configure OSPF on the PE.
    1. Run system-view

      The system view is displayed.

    2. Run ospf process-id [ router-id router-id ] vpn-instance vpn-instance-name

      An OSPF process is created, and the OSPF view is displayed.

      An OSPF process can be bound only to one VPN instance.

      Specify a router ID when creating an OSPF process and binding the OSPF instance to a VPN instance. The OSPF process bound to the VPN instance cannot automatically use the public network router ID configured in the system view. If no router ID is specified, OSPF uses a specified rule to select an IP address from the IP addresses of the interfaces that are bound to the VPN instance as a router ID.

    3. (Optional) Run domain-id domain-id [ secondary ]

      The domain ID is configured.

      The domain ID can be an integer or in dotted decimal notation.

      Two domain IDs can be configured for each OSPF process. Different processes can have the same domain ID. There is no restriction on the domain IDs of the OSPF processes of different VPNs on a PE. The same domain ID must be configured for all OSPF processes of the same VPN to ensure correct route advertisements.

      The domain ID of an OSPF process is contained in the routes generated by this OSPF process. When OSPF routes are imported into BGP, the domain ID is added to the BGP VPN routes and forwarded as the BGP extended community attribute.

      The default domain ID is 0.

    4. (Optional) Run route-tag tag

      The VPN route tag is configured.

      By default, OSPF automatically allocates a VPN route tag.

      • If a BGP process is not started on the local device, the default VPN route tag is 0.

      • If a BGP process is started on the local device, the default VPN route tag is 3489660928 (0xD000 in hexadecimal format) plus the BGP local AS number.

    5. Run area area-id

      The OSPF area view is displayed.

    6. Run network ip-address wildcard-mask

      OSPF is enabled on the network segment where the interface bound to the VPN instance resides.

      A network segment belongs only to one area. The area to which each OSPF interface belongs must be specified.

      OSPF can run properly on an interface only when both of the following conditions are met:

      • The mask length of the IP address of the interface is longer than or equal to that specified in the network command.

      • The primary IP address of the interface is on the network segment specified in the network command.

      By default, OSPF advertises a route destined for the 32-bit address of the loopback interface, irrespective of the mask length configured on the loopback interface.

    7. Run quit

      The OSPF view is displayed.

    8. Run import-route bgp [ cost cost | route-policy route-policy-name | tag tag | type type ] *

      BGP routes are imported.

    9. Run quit

      Return to the system view.

    10. Run bgp as-number

      The BGP view is displayed.

    11. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    12. Run import-route ospf process-id [ med med | route-policy route-policy-name ] *

      OSPF routes are imported into the VRF table of the BGP-VPN instance IPv4 address family.

    13. Run commit

      The configuration is committed.

    NOTE:
    Deleting a VPN instance or disabling a VPN instance IPv4 address family will also delete all the OSPF processes bound to this VPN instance or VPN instance IPv4 address family.

  • Configure IS-IS on the PE.
    1. Run system-view

      The system view is displayed.

    2. Run isis process-id vpn-instance vpn-instance-name

      An IS-IS process is created, and the IS-IS view is displayed.

      An IS-IS process can be bound only to one VPN instance.

    3. Run network-entity net

      The NET is configured.

      A NET specifies the current IS-IS area address and the system ID of the NE.

    4. (Optional) Run is-level { level-1 | level-1-2 | level-2 }

      An IS-IS level is specified for the NE.

      The default IS-IS level of the NE is level-1-2.

    5. Run import-route bgp [ cost-type { external | internal } | cost cost | tag tag | route-policy route-policy-name | [ level-1 | level-2 | level-1-2 ] ] *

      BGP routes are imported.

      If the IS-IS level is not specified in the command, BGP routes will be imported into the Level-2 IS-IS routing table.

    6. Run quit

      Return to the system view.

    7. Run interface interface-type interface-number

      The view of the interface bound to the VPN instance is displayed.

    8. Run isis enable [ process-id ]

      IS-IS is enabled on the interface.

    9. Run quit

      Return to the system view.

    10. Run bgp as-number

      The BGP view is displayed.

    11. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    12. Run import-route isis process-id [ med med | route-policy route-policy-name ] *

      IS-IS routes are imported into the VRF table of the BGP-VPN instance IPv4 address family.

    13. Run commit

      The configuration is committed.

    NOTE:

    Deleting a VPN instance or disabling a VPN instance IPv4 address family will also delete all the IS-IS processes bound to this VPN instance or VPN instance IPv4 address family.

Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 36299

Downloads: 61

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next