No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a Routing Protocol on an MCE

Configuring a Routing Protocol on an MCE

To enable an MCE to communicate with provider edge PEs and VPN devices, configure a routing protocol for each type of service on the MCE.

Context

An MCE can communicate with PEs and VPN devices using any of the following routing protocols:
  • EBGP
  • IBGP
  • Static route
  • RIP
  • OSPF
  • IS-IS
Perform one or more of the following configurations as required.

Procedure

  • Configure EBGP on the MCE.
    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    4. Run peer ipv4-address as-number as-number

      A PE is configured as a VPN BGP peer for the MCE.

    5. (Optional) Run peer { ipv4-address | group-name } ebgp-max-hop [ hop-count ]

      The maximum number of hops between the MCE and its EBGP peer (the PE) is set.

      This step is mandatory if the MCE is not directly connected to the PE. Generally, EBGP peers are directly connected. If they are not directly connected, run the peer ebgp-max-hop command so that EBGP peers can establish a multi-hop TCP connection.

      The default value of hop-count is 255. If the maximum number of hops is set to 1, the MCE cannot establish an EBGP connection with a peer if they are not directly connected.

    6. Run commit

      The configuration is committed.

  • Configure IBGP on the MCE.
    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    4. Run peer ipv4-address as-number as-number

      A PE is configured as a VPN BGP peer for the MCE.

    5. Run commit

      The configuration is committed.

  • Configure a static route on the MCE.
    1. Run system-view

      The system view is displayed.

    2. Run ip route-static vpn-instance vpn-source-name destination-address { mask | mask-length } interface-type interface-number [ nexthop-address ] [ preference preference | tag tag ] *

      A static route is configured for a specified VPN instance IPv4 address family.

    3. Run commit

      The configuration is committed.

  • Configure RIP on the MCE.
    1. Run system-view

      The system view is displayed.

    2. Run rip process-id vpn-instance vpn-instance-name

      A RIP process is created, and the RIP view is displayed.

      A RIP process can be bound only to one VPN instance. If you do not specify a VPN instance when creating a RIP process , this RIP process is a public network process and can no longer be bound to a VPN instance.

    3. Run network network-address

      RIP is enabled on the network segment where the interface bound to the VPN instance resides.

    4. Run commit

      The configuration is committed.

    NOTE:

    Deleting a VPN instance or disabling a VPN instance IPv4 address family will also delete all the RIP processes bound to this VPN instance or VPN instance IPv4 address family.

  • Configure OSPF on the MCE.
    1. Run system-view

      The system view is displayed.

    2. Run ospf process-id [ router-id router-id ] vpn-instance vpn-instance-name

      An OSPF process is created, and the OSPF view is displayed.

      Create the same OSPF process on the MCE and its connected PE. An OSPF process can be bound only to one VPN instance.

      Specify a router ID when creating an OSPF process and binding the OSPF instance to a VPN instance. The OSPF process bound to the VPN instance cannot automatically use the public network router ID configured in the system view. If no router ID is specified, OSPF uses a specified rule to select an IP address from the IP addresses of the interfaces that are bound to the VPN instance as a router ID.

    3. (Optional) Run domain-id domain-id [ secondary ]

      The domain ID is configured.

      The domain ID can be an integer or in dotted decimal notation.

      Two domain IDs can be configured for each OSPF process. Different processes can have the same domain ID. The same domain ID must be configured for all OSPF processes of the same VPN to ensure correct route advertisements.

      The default domain ID is 0.

    4. (Optional) Run route-tag tag

      The VPN route tag is configured.

      By default, OSPF automatically allocates a VPN route tag.

      • If a BGP process is not started on the local device, the default VPN route tag is 0.

      • If a BGP process is started on the local device, the default VPN route tag is 3489660928 (0xD000 in the hexadecimal format) plus the local AS number of BGP.

    5. Run vpn-instance-capability simple

      Routing loop detection is disabled.

      If OSPF VPN multi-VPN-instance has been deployed on the MCE and PE, the PE sends the MCE a link-state advertisement (LSA) with the Down (DN) bit set to 1. Because VPN instances have been configured on the MCE, the MCE has routing loop detection enabled. If the MCE detects that the LSA contains the DN bit with the value 1, this LSA cannot be used to calculate routes. Run the vpn-instance-capability simple command to disable OSPF routing loop detection. When OSPF routing loop detection is disabled, the MCE calculates all OSPF routes without checking the DN bit and route tag.

    6. Run area area-id

      The OSPF area view is displayed.

    7. Run network ip-address wildcard-mask

      The IP address of the interface through which the PE is connected is advertised.

      OSPF can run properly on an interface only when both of the following conditions are met:

      • The mask length of the IP address of the interface is longer than or equal to that specified in the network command.

      • The primary IP address of the interface is on the network segment specified in the network command.

      By default, OSPF advertises a route destined for the 32-bit address of the loopback interface, irrespective of the mask length configured on the loopback interface.

    8. Run commit

      The configuration is committed.

    NOTE:
    Deleting a VPN instance or disabling a VPN instance IPv4 address family will also delete all the OSPF processes bound to this VPN instance or VPN instance IPv4 address family.

  • Configure IS-IS on the MCE.
    1. Run system-view

      The system view is displayed.

    2. Run isis process-id vpn-instance vpn-instance-name

      An IS-IS process is created, and the IS-IS view is displayed.

      An IS-IS process can be bound only to one VPN instance. If you do not specify a VPN instance when creating an IS-IS process, this IS-IS process is a public network process and can no longer be bound to a VPN instance.

    3. Run network-entity net

      The NET is configured.

      A NET specifies the current IS-IS area address and the system ID of the NE.

    4. (Optional) Run is-level { level-1 | level-1-2 | level-2 }

      An IS-IS level is specified for the NE.

      The default IS-IS level of the NE is level-1-2.

    5. Run quit

      Return to the system view.

    6. Run interface interface-type interface-number

      The view of the interface bound to the VPN instance is displayed.

    7. Run isis enable [ process-id ]

      IS-IS is enabled on the interface.

    8. Run quit

      Return to the system view.

    9. Run commit

      The configuration is committed.

    NOTE:

    Deleting a VPN instance or disabling a VPN instance IPv4 address family will also delete all the IS-IS processes bound to this VPN instance or VPN instance IPv4 address family.

Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 31772

Downloads: 57

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next