No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Underlay VLAN Access to DCI(Using EVPN-MPLS as the Bearer and PE as a GW)

Example for Configuring Underlay VLAN Access to DCI(Using EVPN-MPLS as the Bearer and PE as a GW)

The underlay VLAN access to DCI uses different cloud management platforms, and an Ethernet sub-interface is associated with a VLAN to access the DCI backbone network, with integrated deployment of DCI-PEs and DC-GWs (DCI-PE1-GW1 and DCI-PE2-GW2). A BGP EVPN peer relationship is established between the DCI-PE-GWs.

Networking Requirements

A DC-GW and a DCI-PE are the same device, which is directly connected to a DC device. On the network shown in Figure 11-36, a DC-PE-GW functions as both a DC-GW and a DCI-PE. The DC-PE-GW is connected to the P on the DCI backbone network on one side and directly connected to a DC device on the other side. A VXLAN tunnel is established in each DC to implement intra-DC VM communication. To implement inter-DC VM communication, create L3VPN instances on the DCI-PE-GWs and establish a BGP EVPN peer relationship between the DCI-PE-GWs.

Figure 11-36 Configuring underlay VLAN access to DCI(Using EVPN-MPLS as the bearer and PE as a GW)
NOTE:

In this example, Interface 1, Interface 2, and sub-interface1.1 refer to GE 0/1/0, GE 0/2/0, and GE 0/1/0.1, respectively.



Table 11-8 Interface IP addresses

Device Name

Interface Name

IP Address and Mask

DCI-PE1-GW1

GE 0/1/0.1

-

GE 0/2/0

192.168.1.1/24

Loopback 1

1.1.1.1/32

P

GE 0/1/0

192.168.1.2/24

GE 0/2/0

192.168.10.1/24

Loopback1

2.2.2.2/32

DCI-PE2-GW2

GE 0/1/0.1

-

GE 0/2/0

192.168.10.2/24

Loopback1

3.3.3.3/32

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure OSPF on the DCI backbone network to implement communication between DCI-PEs.

  2. Configure an MPLS TE tunnel on the DCI backbone network.

  3. Configure a VPN instance on each DCI-PE-GW and apply a tunnel policy to the VPN instance.

  4. Create a VBDIF interface on each DCI-PE-GW and bind the VPN instance to the VBDIF interface.

  5. Configure each DCI-PE-GW to advertise IP prefix routes.

  6. Configure an EVPN instance on each DCI-PE-GW and establish a BGP EVPN peer relationship between the DCI-PE-GWs, and configure each DCI-PE-GW to advertise IRB routes.

  7. Configure a source address on each DCI-PE.

Data Preparation

To complete the configuration, you need the following data:

  • MPLS LSR IDs of the DCI-PE-GWs and P

  • RD of a VPN instance

  • Import and export VPN targets of the VPN instance

Procedure

  1. Assign an IP address to each node interface, including the loopback interfaces.

    For configuration details, see Configuration Files in this section.

  2. Configure an IGP on the DCI backbone network. OSPF is used in this example.

    For configuration details, see Configuration Files in this section.

  3. Configure an MPLS TE tunnel on the DCI backbone network.

    For configuration details, see Configuration Files in this section.

  4. Configure a VPN instance on each DCI-PE-GW and apply a tunnel policy to the VPN instance.

    # Configure DCI-PE1-GW1.

    [~DCI-PE1-GW1] tunnel-policy te-lsp1
    [*DCI-PE1-GW1-tunnel-policy-te-lsp1] tunnel select-seq cr-lsp load-balance-number 1
    [*DCI-PE1-GW1-tunnel-policy-te-lsp1] quit
    [*DCI-PE1-GW1] ip vpn-instance vpn1
    [*DCI-PE1-GW1-vpn-instance-vpn1] ipv4-family
    [*DCI-PE1-GW1-vpn-instance-vpn1-af-ipv4] route-distinguisher 11:11
    [*DCI-PE1-GW1-vpn-instance-vpn1-af-ipv4] tnl-policy te-lsp1 evpn
    [*DCI-PE1-GW1-vpn-instance-vpn1-af-ipv4] vpn-target 11:1 both evpn
    [*DCI-PE1-GW1-vpn-instance-vpn1-af-ipv4] evpn mpls routing-enable
    [*DCI-PE1-GW1-vpn-instance-vpn1-af-ipv4] quit
    [*DCI-PE1-GW1-vpn-instance-vpn1] quit
    [*DCI-PE1-GW1] commit

    # Configure DCI-PE2-GW2.

    [~DCI-PE2-GW2] tunnel-policy te-lsp1
    [*DCI-PE2-GW2-tunnel-policy-te-lsp1] tunnel select-seq cr-lsp load-balance-number 1
    [*DCI-PE2-GW2-tunnel-policy-te-lsp1] quit
    [*DCI-PE2-GW2] ip vpn-instance vpn1
    [*DCI-PE2-GW2-vpn-instance-vpn1] ipv4-family
    [*DCI-PE2-GW2-vpn-instance-vpn1-af-ipv4] route-distinguisher 11:11
    [*DCI-PE2-GW2-vpn-instance-vpn1-af-ipv4] tnl-policy te-lsp1 evpn
    [*DCI-PE2-GW2-vpn-instance-vpn1-af-ipv4] vpn-target 11:1 both evpn
    [*DCI-PE2-GW2-vpn-instance-vpn1-af-ipv4] evpn mpls routing-enable
    [*DCI-PE2-GW2-vpn-instance-vpn1-af-ipv4] quit
    [*DCI-PE2-GW2-vpn-instance-vpn1] quit
    [*DCI-PE2-GW2] commit

  5. Configure each DCI-PE-GW to advertise IP prefix routes.

    # Configure DCI-PE1-GW1.

    [~DCI-PE1-GW1] bgp 100
    [*DCI-PE1-GW1-bgp] ipv4-family vpn-instance vpn1
    [*DCI-PE1-GW1-bgp-vpn1] import-route direct
    [*DCI-PE1-GW1-bgp-vpn1] advertise l2vpn evpn
    [*DCI-PE1-GW1-bgp-vpn1] quit
    [*DCI-PE1-GW1] commit

    # Configure DCI-PE2-GW2.

    [~DCI-PE2-GW2] bgp 100
    [*DCI-PE2-GW2-bgp] ipv4-family vpn-instance vpn1
    [*DCI-PE2-GW2-bgp-vpn1] import-route direct
    [*DCI-PE2-GW2-bgp-vpn1] advertise l2vpn evpn
    [*DCI-PE2-GW2-bgp-vpn1] quit
    [*DCI-PE2-GW2] commit

  6. Configure an EVPN instance on each DCI-PE-GW and establish a BGP EVPN peer relationship between the DCI-PE-GWs, and configure each DCI-PE-GW to advertise IRB routes.

    # Configure DCI-PE1-GW1.

    [~DCI-PE1-GW1] evpn vpn-instance evrf1 bd-mode
    [*DCI-PE1-GW1-evpn-instance-evrf1] route-distinguisher 10:1
    [*DCI-PE1-GW1-evpn-instance-evrf1] vpn-target 11:1
    [*DCI-PE1-GW1-evpn-instance-evrf1] quit
    [*DCI-PE1-GW1] bridge-domain 10
    [*DCI-PE1-GW1-bd10] vxlan vni 200 split-horizon-mode
    [*DCI-PE1-GW1-bd10] evpn binding vpn-instance evrf1
    [*DCI-PE1-GW1-bd10] esi 0000.1111.1111.4444.5555
    [*DCI-PE1-GW1-bd10] quit
    [*DCI-PE1-GW1] bgp 100
    [*DCI-PE1-GW1-bgp] peer 3.3.3.3 as-number 100
    [*DCI-PE1-GW1-bgp] peer 3.3.3.3 connect-interface loopback 1
    [*DCI-PE1-GW1-bgp] l2vpn-family evpn
    [*DCI-PE1-GW1-bgp-af-evpn] peer 3.3.3.3 enable
    [*DCI-PE1-GW1-bgp-af-evpn] peer 3.3.3.3 advertise irb
    [*DCI-PE1-GW1-bgp-af-evpn] quit
    [*DCI-PE1-GW1-bgp] quit
    [*DCI-PE1-GW1] commit

    # Configure DCI-PE2-GW2.

    [~DCI-PE2-GW2] evpn vpn-instance evrf1 bd-mode
    [*DCI-PE2-GW2-evpn-instance-evrf1] route-distinguisher 10:1
    [*DCI-PE2-GW2-evpn-instance-evrf1] vpn-target 11:1
    [*DCI-PE2-GW2-evpn-instance-evrf1] quit
    [*DCI-PE2-GW2] bridge-domain 10
    [*DCI-PE2-GW2-bd10] vxlan vni 200 split-horizon-mode
    [*DCI-PE2-GW2-bd10] evpn binding vpn-instance evrf1
    [*DCI-PE2-GW2-bd10] esi 0000.1111.3333.4444.5555
    [*DCI-PE2-GW2-bd10] quit
    [*DCI-PE2-GW2] bgp 100
    [*DCI-PE2-GW2-bgp] peer 1.1.1.1 as-number 100
    [*DCI-PE2-GW2-bgp] peer 1.1.1.1 connect-interface loopback 1
    [*DCI-PE2-GW2-bgp] l2vpn-family evpn
    [*DCI-PE2-GW2-bgp-af-evpn] peer 1.1.1.1 enable
    [*DCI-PE2-GW2-bgp-af-evpn] peer 1.1.1.1 advertise irb
    [*DCI-PE2-GW2-bgp-af-evpn] quit
    [*DCI-PE2-GW2-bgp] quit
    [*DCI-PE2-GW2] commit

  7. Create a VBDIF interface on each DCI-PE-GW.

    # Configure DCI-PE1-GW1.

    [~DCI-PE1-GW1] interface gigabitethernet 0/1/0.1 mode l2
    [*DCI-PE1-GW1-GigabitEthernet0/1/0.1] encapsulation dot1q vid 10
    [*DCI-PE1-GW1-GigabitEthernet0/1/0.1] rewrite pop single
    [*DCI-PE1-GW1-GigabitEthernet0/1/0.1] bridge-domain 10
    [*DCI-PE1-GW1-GigabitEthernet0/1/0.1] quit
    [*DCI-PE1-GW1] interface Vbdif10
    [*DCI-PE1-GW1-Vbdif10] ip binding vpn-instance vpn1
    [*DCI-PE1-GW1-Vbdif10] ip address 10.1.1.1 255.255.255.0
    [*DCI-PE1-GW1-Vbdif10] arp collect host enable
    [*DCI-PE1-GW1-Vbdif10] quit
    [*DCI-PE1-GW1] commit

    # Configure DCI-PE2-GW2.

    [~DCI-PE2-GW2] interface gigabitethernet 0/1/0.1 mode l2
    [*DCI-PE2-GW2-GigabitEthernet0/1/0.1] encapsulation dot1q vid 10
    [*DCI-PE2-GW2-GigabitEthernet0/1/0.1] rewrite pop single
    [*DCI-PE2-GW2-GigabitEthernet0/1/0.1] bridge-domain 10
    [*DCI-PE2-GW2-GigabitEthernet0/1/0.1] quit
    [*DCI-PE2-GW2] interface Vbdif10
    [*DCI-PE2-GW2-Vbdif10] ip binding vpn-instance vpn1
    [*DCI-PE2-GW2-Vbdif10] ip address 20.1.1.1 255.255.255.0
    [*DCI-PE2-GW2-Vbdif10] arp collect host enable
    [*DCI-PE2-GW2-Vbdif10] quit
    [*DCI-PE2-GW2] commit

  8. Configure a source address on each DCI-PE.

    # Configure DCI-PE1.

    [~DCI-PE1] evpn source-address 1.1.1.1
    [*DCI-PE1] commit

    # Configure DCI-PE2.

    [~DCI-PE2] evpn source-address 3.3.3.3
    [*DCI-PE2] commit

  9. Verify the configuration.

    Run the display bgp evpn all routing-table command on a DCI-PE-GW. The command output shows EVPN IRB routes received from the connected DCI-PE-GW and the remote DCI-PE-GW. The following uses the command output on DCI-PE1-GW1 as an example.

    [~DCI-PE1-GW1] display bgp evpn all routing-table
    
     Local AS number : 100
    
     BGP Local router ID is 192.168.1.1
     Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
                   h - history,  i - internal, s - suppressed, S - Stale
                   Origin : i - IGP, e - EGP, ? - incomplete
    
    
     EVPN address family:
     Number of A-D Routes: 2
     Route Distinguisher: 1.1.1.1:0
           Network(ESI/EthTagId)                                  NextHop
     *>    0000.1111.1111.4444.5555:4294967295                    127.0.0.1
     Route Distinguisher: 3.3.3.3:0
           Network(ESI/EthTagId)                                  NextHop
     *>i   0000.1111.3333.4444.5555:4294967295                    3.3.3.3
        
    
     EVPN-Instance evrf1:
     Number of A-D Routes: 1
           Network(ESI/EthTagId)                                  NextHop
       i   0000.1111.3333.4444.5555:4294967295                    3.3.3.3
    
     EVPN address family:
     Number of Mac Routes: 4
     Route Distinguisher: 10:1
           Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
     *>i   0:48:38ba-546a-7d05:0:0.0.0.0                          3.3.3.3
     *>i   0:48:38ba-546a-7d05:32:20.1.1.1                        3.3.3.3
     *>    0:48:38ba-ecf0-d401:0:0.0.0.0                          0.0.0.0
     *>    0:48:38ba-ecf0-d401:32:10.1.1.1                        0.0.0.0
        
    
     EVPN-Instance __RD_1_11_11__:
     Number of Mac Routes: 1
           Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
     *>i   0:48:38ba-546a-7d05:32:20.1.1.1                        3.3.3.3
        
    
     EVPN-Instance evrf1:
     Number of Mac Routes: 4
           Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
       i   0:48:38ba-546a-7d05:0:0.0.0.0                          3.3.3.3
       i   0:48:38ba-546a-7d05:32:20.1.1.1                        3.3.3.3
     *>    0:48:38ba-ecf0-d401:0:0.0.0.0                          0.0.0.0
     *>    0:48:38ba-ecf0-d401:32:10.1.1.1                        0.0.0.0
    
     EVPN address family:
     Number of Inclusive Multicast Routes: 2
     Route Distinguisher: 10:1
           Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop
     *>    0:32:1.1.1.1                                           127.0.0.1
     *>i   0:32:3.3.3.3                                           3.3.3.3
        
    
     EVPN-Instance evrf1:
     Number of Inclusive Multicast Routes: 2
           Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop
     *>    0:32:1.1.1.1                                           127.0.0.1
       i   0:32:3.3.3.3                                           3.3.3.3
    
     EVPN address family:
     Number of ES Routes: 2
     Route Distinguisher: 1.1.1.1:0
           Network(ESI)                                           NextHop
     *>    0000.1111.1111.4444.5555                               127.0.0.1
     Route Distinguisher: 3.3.3.3:0
           Network(ESI)                                           NextHop
     *>i   0000.1111.3333.4444.5555                               3.3.3.3
        
    
     EVPN-Instance evrf1:
     Number of ES Routes: 1
           Network(ESI)                                           NextHop
     *>    0000.1111.1111.4444.5555                               127.0.0.1
    
     EVPN address family:
     Number of Ip Prefix Routes: 4
     Route Distinguisher: 11:11
           Network(EthTagId/IpPrefix/IpPrefixLen)                 NextHop
     *>    0:10.1.1.0:24                                          0.0.0.0
     *>i   0:20.1.1.0:24                                          3.3.3.3
     *>    0:10.1.1.1:32                                          0.0.0.0
     *>i   0:20.1.1.1:32                                          3.3.3.3
        
    
     EVPN-Instance __RD_1_11_11__:
     Number of Ip Prefix Routes: 4
           Network(EthTagId/IpPrefix/IpPrefixLen)                 NextHop
     *>    0:10.1.1.0:24                                          0.0.0.0
     *>i   0:20.1.1.0:24                                          3.3.3.3
     *>    0:10.1.1.1:32                                          0.0.0.0
     *>i   0:20.1.1.1:32                                          3.3.3.3

    Run the display ip routing-table vpn-instance command on a DC-PE-GW. The command output shows the VPN routes received from the remote DC-PE-GW. The following uses the command output on DCI-PE1-GW1 as an example.

    [~DCI-PE1-GW1] display ip routing-table vpn-instance vpn1
    Route Flags: R - relay, D - download
    to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Table : vpn1
             Destinations : 6        Routes : 6         
    
    Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface
    
           10.1.1.0/24  Direct  0    0             D   10.1.1.1        Vbdif10
           10.1.1.1/32  Direct  0    0             D   127.0.0.1       Vbdif10
         10.1.1.255/32  Direct  0    0             D   127.0.0.1       Vbdif10
           20.1.1.0/24  IBGP    255  0             RD  3.3.3.3         Tunnel1/0/0
           20.1.1.1/32  IBGP    255  0             RD  3.3.3.3         Tunnel1/0/0
    255.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0

Configuration Files

  • DCI-PE1-GW1 configuration file

    #
    sysname DCI-PE1-GW1
    #
    evpn vpn-instance evrf1 bd-mode
     route-distinguisher 10:1
     vpn-target 11:1 export-extcommunity
     vpn-target 11:1 import-extcommunity
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 11:11
      vpn-target 11:1 export-extcommunity evpn
      vpn-target 11:1 import-extcommunity evpn
      tnl-policy te-lsp1 evpn
      evpn mpls routing-enable
    #
    mpls lsr-id 1.1.1.1
    #
    mpls
     mpls te
     mpls rsvp-te
     mpls te cspf
    #
    bridge-domain 10
     vxlan vni 200 split-horizon-mode
     evpn binding vpn-instance evrf1
     esi 0000.1111.1111.4444.5555
    #
    interface Vbdif10
     ip binding vpn-instance vpn1
     ip address 10.1.1.1 255.255.255.0
     arp collect host enable
    #
    interface GigabitEthernet0/1/0
     undo shutdown
    #
    interface GigabitEthernet0/1/0.1 mode l2
     encapsulation dot1q vid 10
     rewrite pop single
     bridge-domain 10
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 192.168.1.1 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface LoopBack1
     ip address 1.1.1.1 255.255.255.255
    #
    interface Tunnel1/0/0
     ip address unnumbered interface LoopBack1
     tunnel-protocol mpls te
     destination 3.3.3.3
     mpls te tunnel-id 100
    #
    bgp 100
     peer 3.3.3.3 as-number 100
     peer 3.3.3.3 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 3.3.3.3 enable
     #
     ipv4-family vpn-instance vpn1
      import-route direct
      advertise l2vpn evpn
     #
     l2vpn-family evpn
      undo policy vpn-target
      peer 3.3.3.3 enable
      peer 3.3.3.3 advertise irb
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      network 1.1.1.1 0.0.0.0
      network 192.168.1.0 0.0.0.255
      mpls-te enable
    #
    tunnel-policy te-lsp1
     tunnel select-seq cr-lsp load-balance-number 3
    #
    evpn source-address 1.1.1.1
    #
    return
  • P configuration file

    #
    sysname P
    #
    mpls lsr-id 2.2.2.2
    #
    mpls
     mpls te
     mpls rsvp-te
     mpls te cspf
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 192.168.1.2 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 192.168.10.1 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface LoopBack1
     ip address 2.2.2.2 255.255.255.255
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      network 2.2.2.2 0.0.0.0
      network 192.168.1.0 0.0.0.255
      network 192.168.10.0 0.0.0.255
      mpls-te enable
    #
    return
  • DCI-PE2-GW2 configuration file

    #
    sysname DCI-PE2-GW2
    #
    evpn vpn-instance evrf1 bd-mode
     route-distinguisher 10:1
     vpn-target 11:1 export-extcommunity
     vpn-target 11:1 import-extcommunity
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 11:11
      vpn-target 11:1 export-extcommunity evpn
      vpn-target 11:1 import-extcommunity evpn
      tnl-policy te-lsp1 evpn
      evpn mpls routing-enable
    #
    mpls lsr-id 3.3.3.3
    #
    mpls
     mpls te
     mpls rsvp-te
     mpls te cspf
    #
    bridge-domain 10
     vxlan vni 200 split-horizon-mode
     evpn binding vpn-instance evrf1
     esi 0000.1111.3333.4444.5555
    #
    interface Vbdif10
     ip binding vpn-instance vpn1
     ip address 20.1.1.1 255.255.255.0
     arp collect host enable
    #
    interface GigabitEthernet0/1/0
     undo shutdown
    #
    interface GigabitEthernet0/1/0.1 mode l2
     encapsulation dot1q vid 10
     rewrite pop single
     bridge-domain 10
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip address 192.168.10.2 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface LoopBack1
     ip address 3.3.3.3 255.255.255.255
    #
    interface Tunnel1/0/0
     ip address unnumbered interface LoopBack1
     tunnel-protocol mpls te
     destination 1.1.1.1
     mpls te tunnel-id 100
    #
    bgp 100
     peer 1.1.1.1 as-number 100
     peer 1.1.1.1 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 1.1.1.1 enable
     #
     ipv4-family vpn-instance vpn1
      import-route direct
      advertise l2vpn evpn
     #
     l2vpn-family evpn
      undo policy vpn-target
      peer 1.1.1.1 enable
      peer 1.1.1.1 advertise irb
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      network 3.3.3.3 0.0.0.0
      network 192.168.10.0 0.0.0.255
      mpls-te enable
    #
    tunnel-policy te-lsp1
     tunnel select-seq cr-lsp load-balance-number 3
    #
    evpn source-address 3.3.3.3
    #
    return
  • Device 1 configuration file

    See the configuration file of a DC device.

  • Device 2 configuration file

    See the configuration file of a DC device.

Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 27526

Downloads: 53

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next