No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring an HoVPN

Configuring an HoVPN

On an HoVPN, a UPE only needs to obtain a default route from an SPE. This implementation mechanism reduces the route storage space required on a UPE.

Context

For HoVPN networking, you must perform the following configurations:

  • Configure a VPN instance on each UPE, SPE, and NPE. For configuration details, see Configuring a VPN Instance.
    NOTE:

    According to relevant standards, the VPN instance status obtained from an NMS is Up only if at least one interface bound to the VPN instance is Up. On an HoVPN, VPN instances on SPEs are not bound to interfaces. As a result, the VPN instance status obtained from an NMS is always Down. To solve this problem, run the transit-vpn command in the VPN instance view or VPN instance IPv4 address family view of an SPE. Then, the VPN instance status obtained from an NMS is always Up, no matter whether the VPN instance is bound to interfaces.

  • Configure an MP-BGP peer relationship between each SPE and NPE. This configuration is similar to configuring an MP-IBGP peer relationship between PEs on a BGP/MPLS IP VPN. For more information, see Establishing MP-IBGP Peer Relationships Between PEs.

  • Configure routing protocols for NPEs and UPEs to exchange routes with CEs. This configuration is similar to configuring PEs and CEs to exchange routes on a BGP/MPLS IP VPN. For more information, see Configuring Route Exchange Between PEs and CEs.

  • Configure an MP-BGP peer relationship between each UPE and SPE. An SPE needs to advertise only the default route or summary routes to a UPE.

Procedure

  1. Configure a UPE to establish an MP-BGP peer relationship with an SPE.
    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run peer { ipv4-address | group-name } as-number as-number

      The SPE is specified as a BGP peer of the UPE.

    4. Run ipv4-family vpnv4

      The BGP-VPNv4 address family view is displayed.

    5. Run peer { ipv4-address | group-name } enable

      The function to exchange BGP-VPNv4 routes with the specified BGP peer is enabled.

    6. Run commit

      The configuration is committed.

  2. Configure the SPE to send the default route or summary route to the UPE.

    • Configure the SPE to send the default route to the UPE.
      1. Run system-view

        The system view is displayed.

      2. Run ip route-static 0.0.0.0 { 0.0.0.0 | 0 } { nexthop-address | interface-type interface-number [ nexthop-address ] | vpn-instance vpn-instance-name nexthop-address } [ preference preference ] [ tag tag ] [ description text ]

        A default IPv4 static route is created.

      3. Run bgp as-number

        The BGP view is displayed.

      4. Run peer { ipv4-address | group-name } as-number as-number

        The UPE is specified as a BGP peer of the SPE.

      5. Run ipv4-family vpnv4

        The BGP-VPNv4 address family view is displayed.

      6. Run peer { ipv4-address | group-name } upe

        The UPE is specified as a lower-level PE of the SPE.

        NOTE:

        This step can be performed only if a VPNv4 peer relationship has been established between the SPE and UPE.

      7. Run quit

        Return to the BGP view.

      8. Run ipv4-family vpn-instance vpn-instance-name

        The BGP-VPN instance IPv4 address family view is displayed.

      9. Run network 0.0.0.0 [ 0.0.0.0 | 0 ] [ route-policy route-policy-name ]

        The default route is imported to the IPv4 VPN instance routing table.

      10. Run commit

        The configuration is committed.

    • Configure the SPE to advertise a summary route to the UPE.
      1. Run system-view

        The system view is displayed.

      2. Run bgp as-number

        The BGP view is displayed.

      3. Run ipv4-family vpn-instance vpn-instance-name

        The BGP-VPN instance IPv4 address family view is displayed.

      4. Run aggregate ipv4-address { mask | mask-length } [ as-set | attribute-policy route-policy-name1 | detail-suppressed | origin-policy route-policy-name2 | suppress-policy route-policy-name3 ] *

        A summary route is created.

      5. Run quit

        Return to the BGP view.

      6. Run quit

        Return to the system view.

      7. Run ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } ip-address mask-length [ greater-equal greater-equal-value ] [ less-equal less-equal-value ]

        An IPv4 prefix list is configured.

      8. Run bgp as-number

        The BGP view is displayed.

      9. Run peer { ipv4-address | group-name } as-number as-number

        The UPE is specified as a BGP peer of the SPE.

      10. Run ipv4-family vpnv4

        The BGP-VPNv4 address family view is displayed.

      11. Run peer { ipv4-address | group-name } ip-prefix ip-prefix-name export

        The SPE is configured to advertise filtered routes to the UPE.

      12. Run commit

        The configuration is committed.

  3. (Optional) Configure one-label-per-next-hop label distribution on the SPE.

    In an HoVPN scenario, if an SPE needs to send large numbers of VPNv4 routes but the MPLS labels are inadequate, configure one-label-per-next-hop label distribution on the SPE.

    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run ipv4-family vpnv4

      The BGP-VPNv4 address family view is displayed.

    4. Run apply-label per-nexthop

      One-label-per-next-hop label distribution is enabled on the SPE.

      After one-label-per-next-hop label distribution is enabled or disabled on an SPE, the labels assigned by the SPE to routes change. As a result, temporary packet loss may occur.

    5. Run commit

      The configuration is committed.

Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 31743

Downloads: 57

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next