No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Load Balancing Among Tunnels to Which Remote Cross Routes Are Iterated on an IPv6 VPN

Example for Configuring Load Balancing Among Tunnels to Which Remote Cross Routes Are Iterated on an IPv6 VPN

If there are multiple tunnels between PEs on the backbone network, configuring load balancing among tunnels can fully utilize network resources and enhance the reliability of VPN services on the backbone network.

Networking Requirements

If multiple tunnels, such as LDP LSPs and TE tunnels, exist between PE peers on the MPLS backbone network of a BGP/MPLS IPv6 VPN, load balancing among tunnels can be configured to distribute IPv6 VPN traffic to the tunnels and prevent network congestion.

On the network shown in Figure 6-19, two links exist between PE1 and PE2 in the basic BGP/MPLS IPv6 VPN networking: an LDP LSP (PE1-P1-PE2) and a TE tunnel (PE1-P2-PE2). All IPv6 VPN traffic is forwarded over the LSP according to the default tunnel policy, which may cause the link of PE1 <-> P1 <-> PE2 to be busy and the link of PE1 <-> P2 <-> PE2 to be idle.

To address this issue, configure load balancing among tunnels on the MPLS backbone network to distribute IPv6 VPN traffic evenly to the two tunnels.

Figure 6-19 Configuring load balancing among tunnels to which remote cross routes are iterated on an IPv6 VPN
NOTE:

Interfaces 1 through 3 in this example are GE 0/1/0, GE 0/2/0, GE 0/3/0, respectively.


Configuration Notes

When configuring load balancing among tunnels to which remote cross routes are iterated on an IPv6 VPN, ensure that the tunnels existing in the system can meet the requirements of the configured tunnel policy.

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure OSPF on the MPLS backbone network to ensure IP connectivity on the backbone network.

  2. Configure MPLS, MPLS LDP, and MPLS TE both globally and per interface on required devices of the MPLS backbone network and establish an LDP LSP and an MPLS TE tunnel between PEs.

  3. Configure an IPv6-address-family-supporting VPN instance on each PE and bind the interface that connects a PE to a CE to the VPN instance on that PE.

  4. Create a tunnel policy on PE1 to distribute traffic to the LDP LSP and TE tunnel between PE1 and PE2.

  5. Apply the tunnel policy to the VPN instance IPv6 address family on PE1.

Procedure

  1. Configure a basic BGP/MPLS IPv6 VPN.

    For configuration details, see Example for Configuring Basic BGP/MPLS IPv6 VPN. The main configurations are listed as follows:

    • Configure OSPF on the MPLS backbone network so that the PEs can learn the routes to each other's loopback interface.

    • Configure MPLS and MPLS LDP both globally and per interface on PE1, P1, and PE2 to set up an LDP LSP along the PEs.

    • Configure MPLS TE on PE1, P2, and PE2 to set up an MPLS TE tunnel between PEs.

    • Establish a VPNv6 peer relationship between PEs.

    • Configure a VPN instance that supports the IPv6 address family on each PE and bind the interface that connects a PE to a CE to the VPN instance on that PE.

    • Enable BGP between the PEs and CE and import the routes to the loopback interface into BGP on the CE.

    After completing the configurations, run the display ipv6 routing-table vpn-instance command on PE1. The command output shows that PE1 has learned the route to the loopback interface on the CE.

    <PE1> display ipv6 routing-table vpn-instance vpn1
    Routing Table : vpn1
             Destinations : 4        Routes : 4
    
     Destination  : 2001:db8:0:1:2::1               PrefixLength : 128
     NextHop      : ::FFFF:3.3.3.9                  Preference   : 255
     Cost         : 0                               Protocol     : BGP
     RelayNextHop : ::                              TunnelID     : 0x800011
     Interface    : GigabitEthernet0/1/0               Flags        : RD
    
     Destination  : 2001:db8:9::                    PrefixLength : 28
     NextHop      : 2001:db8:9::1                   Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : LoopBack2                       Flags        : D
    
     Destination  : 2001:db8:9::1                   PrefixLength : 128
     NextHop      : ::1                             Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : LoopBack2                       Flags        : D
    
     Destination  : FE80::                          PrefixLength : 10
     NextHop      : ::                              Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : NULL0                           Flags        : D
    <PE1> display ipv6 routing-table vpn-instance vpn1 2001:db8:0:1:2::1 verbose
    Routing Table : vpn1
    Summary Count : 1
    
     Destination  : 2001:db8:0:1:2::1               PrefixLength : 128
     NextHop      : ::FFFF:3.3.3.9                  Preference   : 255
     Neighbour    : ::3.3.3.9                       ProcessID    : 0
     Label        : 1027                            Protocol     : BGP
     State        : Active Adv Relied               Cost         : 0
     Entry ID     : 21                              EntryFlags   : 0x80024904
     Reference Cnt: 2                               Tag          : 0
     IndirectID   : 0x24                            Age          : 895sec 
     RelayNextHop : ::                               TunnelID     : 0x0000000001004c4ba2
     Interface    : GigabitEthernet0/1/0                 Flags        : RD

    The command output shows that PE1 iterates the route to 2001:db8:0:1:2::1/128 to only the LSP since no tunnel policy is applied to the VPN instance IPv6 address family, and the outbound interface is GE 0/2/0.

  2. Apply a tunnel policy to the VPN instance IPv6 address family on PE1.

    Configure a tunnel policy in select-sequence mode to make tunnels be selected in the order of TE tunnels and LSPs and to set the number of tunnels participating in load balancing to 2.

    # Configure PE1.

    [~PE1] tunnel-policy te-lsp-l2
    [*PE1-tunnel-policy-te-lsp-l2] tunnel select-seq cr-lsp lsp load-balance-number 2
    [*PE1-tunnel-policy-te-lsp-l2] quit

    # Apply the tunnel policy to the VPN instance IPv6 address family.

    [*PE1] ip vpn-instance vpn1
    [*PE1-vpn-instance-vpn1] ipv6-family
    [*PE1-vpn-instance-vpn1-af-ipv6] tnl-policy te-lsp-l2
    [*PE1-vpn-instance-vpn1-af-ipv6] quit
    [*PE1-vpn-instance-vpn1] quit
    [*PE1] commit

  3. Verify the configuration.

    After completing the configurations, run the display ipv6 routing-table vpn-instance verbose command on PE1. The command output shows that the route to the loopback interface on the CE is iterated to two tunnels.

    <PE1> display ipv6 routing-table vpn-instance vpn1 2001:db8:0:1:2::1 verbose
    Routing Table : vpn1
    Summary Count : 1
    
     Destination  : 2001:db8:0:1:2::1               PrefixLength : 128
     NextHop      : ::FFFF:3.3.3.9                  Preference   : 255
     Neighbour    : ::                              ProcessID    : 0
     Label        : 1027                            Protocol     : BGP
     State        : Active Adv Relied               Cost         : 0
     Entry ID     : 21                              EntryFlags   : 0x80024904
     Reference Cnt: 2                               Tag          : 0
     IndirectID   : 0x24                            Age          : 895sec 
     RelayNextHop : ::                              TunnelID     : 0x000000000300000001
     Interface    : Tunnel10                         Flags        : RD
     RelayNextHop : ::                              TunnelID     : 0x0000000001004c4ba2
     Interface    : GigabitEthernet0/1/0         Flags        : RD

    Load balancing between tunnels to which remote cross routes are iterated is successfully deployed on the IPv6 VPN.

Configuration Files

  • PE1 configuration file

    #
     sysname PE1
    #
    ip vpn-instance vpn1
     ipv6-family
     route-distinguisher 100:1
     tnl-policy te-lsp-l2
     vpn-target 1:1 export-extcommunity
     vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 1.1.1.9
    #
    mpls
     mpls te
     mpls te cspf
     mpls rsvp-te
    #
    mpls ldp
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 50.1.1.1 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 20.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    interface LoopBack2
     ip binding vpn-instance vpn1
     ipv6 enable
     ipv6 address 2001:db8:9::1 128
    #
    interface Tunnel10
     ip address unnumbered interface LoopBack1
     tunnel-protocol mpls te
     destination 3.3.3.9
     mpls te tunnel-id 100
    #
    bgp 100
     peer 3.3.3.9 as-number 100
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 3.3.3.9 enable
     #
     ipv6-family vpnv6
      policy vpn-target
      peer 3.3.3.9 enable
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      mpls-te enable 
      network 1.1.1.9 0.0.0.0
      network 20.1.1.0 0.0.0.255
      network 50.1.1.0 0.0.0.255
    #
    tunnel-policy te-lsp-l2
     tunnel select-seq cr-lsp lsp load-balance-number 2
    #
    return
  • Configuration file of P1

    #
     sysname P1
    #
    mpls lsr-id 2.2.2.9
    #
    mpls
    #
    mpls ldp
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 20.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 30.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      mpls-te enable 
      network 2.2.2.9 0.0.0.0
      network 20.1.1.0 0.0.0.255
      network 30.1.1.0 0.0.0.255
    #
    return
  • Configuration file of P2

    #
     sysname P2
    #
    mpls lsr-id 4.4.4.9
    #
    mpls
     mpls te
     mpls te cspf
     mpls rsvp-te
    #
    mpls ldp
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 50.1.1.2 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 40.1.1.1 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface LoopBack1
     ip address 4.4.4.9 255.255.255.255
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      mpls-te enable 
      network 4.4.4.9 0.0.0.0
      network 40.1.1.0 0.0.0.255
      network 50.1.1.0 0.0.0.255
    #
    return
  • PE2 configuration file

    #
     sysname PE2
    #
    ip vpn-instance vpn1
     ipv6-family
     route-distinguisher 100:1
     vpn-target 1:1 export-extcommunity
     vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 3.3.3.9
    #
    mpls
     mpls te
     mpls te cspf
     mpls rsvp-te
    #
    mpls ldp
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 40.1.1.2 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 30.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/3/0
     undo shutdown
     ipv6 enable
     ip binding vpn-instance vpn1
     ipv6 address 2001:db8:2::1 64
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    bgp 100
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 1.1.1.9 enable
     #
     ipv6-family vpnv6
      policy vpn-target
      peer 1.1.1.9 enable
    #
     ipv6-family vpn-instance vpn1
      peer 2001:db8:2::2 as-number 65410
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      mpls-te enable 
      network 3.3.3.9 0.0.0.0
      network 30.1.1.0 0.0.0.255
      network 40.1.1.0 0.0.0.255
    #
    return
  • CE2 configuration file

    #
     sysname CE2
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ipv6 enable
     ipv6 address 2001:db8:2::2 64
    #
    interface LoopBack1
     ipv6 enable
     ipv6 address 2001:db8:0:1:2::1/128
    #
    bgp 65410
     router-id 10.10.10.10
     peer 2001:db8:2::1 as-number 100
     #
     ipv6-family unicast
      undo synchronization
      network 2001:db8:0:1:2::1 128
      peer 2001:db8:2::1 enable
    #
    return
Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 32238

Downloads: 59

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next