No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Inter-AS VPN Option A

Example for Configuring Inter-AS VPN Option A

After VPN instances are configured on ASBRs, you can configure inter-AS VPN Option A to manage VPN routes in VRF-to-VRF mode.

Networking Requirements

On the network shown in Figure 5-30, CE1 and CE2 belong to the same VPN. CE1 connects to PE1 in AS100, and CE2 connects to PE2 in AS200.

It is required that inter-AS BGP/MPLS IP VPN be implemented in Option A mode. In other words, VRF-to-VRF is required to manage VPN routes.

Figure 5-30 Inter-AS VPN Option A networking
NOTE:

Interfaces 1 through 2 in this example are GE 0/1/0, GE 0/2/0, respectively.



Configuration Roadmap

The configuration roadmap is as follows:

  1. Set up EBGP peer relationships between PEs and CEs and set up MP-IBGP peer relationships between the PEs and ASBRs.

  2. Configure a VPN instance on each ASBR and bind the VPN instance to the interface that connects one ASBR to the other, and then set up an EBGP peer relationship between the ASBRs.

Data Preparation

To complete the configuration, you need the following data:

  • MPLS LSR IDs of the PEs and the ASBRs

  • Names, RDs, and VPN targets of the VPN instances of the PEs and ASBRs

Procedure

  1. On the MPLS backbone networks in AS100 and AS200, configure an IGP to interconnect the PE and ASBR on each network.

    This example uses OSPF as the IGP. For configuration details, see Configuration Files in this section.

    NOTE:

    The 32-bit IP address of the loopback interface that functions as the LSR ID needs to be advertised by using OSPF.

    After the configurations are complete, the OSPF neighbor relationship can be established between the ASBR and PE in the same AS. Run the display ospf peer command. The command output shows that the neighbor relationship is in the Full state.

    The ASBR and PE in the same AS can learn and successfully ping the IP address of each other's loopback interface.

  2. Configure MPLS and MPLS LDP both globally and per interface on each node of the MPLS backbone networks in AS100 and AS200 and set up LDP LSPs.

    # Configure PE1.

    <PE1> system-view
    [~PE1] mpls lsr-id 1.1.1.9
    [*PE1] mpls
    [*PE1-mpls] quit
    [*PE1] mpls ldp
    [*PE1-mpls-ldp] quit
    [*PE1] interface gigabitethernet0/1/0
    [*PE1-GigabitEthernet0/1/0] mpls
    [*PE1-GigabitEthernet0/1/0] mpls ldp
    [*PE1-GigabitEthernet0/1/0] commit
    [~PE1-GigabitEthernet0/1/0] quit

    # Configure ASBR1.

    <ASBR1> system-view
    [~ASBR1] mpls lsr-id 2.2.2.9
    [*ASBR1] mpls
    [*ASBR1-mpls] quit
    [*ASBR1] mpls ldp
    [*ASBR1-mpls-ldp] quit
    [*ASBR1] interface gigabitethernet0/1/0
    [*ASBR1-GigabitEthernet0/1/0] mpls
    [*ASBR1-GigabitEthernet0/1/0] mpls ldp
    [*ASBR1-GigabitEthernet0/1/0] commit
    [~ASBR1-GigabitEthernet0/1/0] quit

    # Configure ASBR2.

    <ASBR2> system-view
    [~ASBR2] mpls lsr-id 3.3.3.9
    [*ASBR2] mpls
    [*ASBR2-mpls] quit
    [*ASBR2] mpls ldp
    [*ASBR2-mpls-ldp] quit
    [*ASBR2] interface gigabitethernet0/1/0
    [*ASBR2-GigabitEthernet0/1/0] mpls
    [*ASBR2-GigabitEthernet0/1/0] mpls ldp
    [*ASBR2-GigabitEthernet0/1/0] commit
    [~ASBR2-GigabitEthernet0/1/0] quit

    # Configure PE2.

    <PE2> system-view
    [~PE2] mpls lsr-id 4.4.4.9
    [*PE2] mpls
    [*PE2-mpls] quit
    [*PE2] mpls ldp
    [*PE2-mpls-ldp] quit
    [*PE2] interface gigabitethernet0/1/0
    [*PE2-GigabitEthernet0/1/0] mpls
    [*PE2-GigabitEthernet0/1/0] mpls ldp
    [*PE2-GigabitEthernet0/1/0] commit
    [~PE2-GigabitEthernet0/1/0] quit

    After the configurations are complete, an LDP session is established between the PE and ASBR in the same AS. Run the display mpls ldp session command on the PEs and ASBRs. The command output shows that the Status field is Operational.

    The following example uses the command output on PE1.

    <PE1> display mpls ldp session
     LDP Session(s) in Public Network
     Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDD:HH:MM)
     An asterisk (*) before a session means the session is being deleted.
     -------------------------------------------------------------------------
     PeerID             Status      LAM  SsnRole  SsnAge       KASent/Rcv
    --------------------------------------------------------------------------
     2.2.2.9:0          Operational DU   Passive  0000:02:30   604/604
    --------------------------------------------------------------------------
    TOTAL: 1 Session(s) Found.

  3. Configure basic BGP/MPLS IP VPN functions in AS100 and AS200.

    NOTE:

    The VPN targets of the VPN instances of the ASBR and PE in an AS must be the same. The VPN targets of the VPN instances of the ASBR and PE in different ASs can be different.

    # Configure CE1.

    <CE1> system-view
    [~CE1] interface gigabitethernet 0/1/0
    [~CE1-GigabitEthernet0/1/0] ip address 10.1.1.1 24
    [*CE1-GigabitEthernet0/1/0] quit
    [*CE1] interface loopback 1
    [*CE1-Loopback1] ip address 11.11.11.11 32
    [*CE1-Loopback1] quit
    [*CE1] bgp 65001
    [*CE1-bgp] peer 10.1.1.2 as-number 100
    [*CE1-bgp] network 11.11.11.11 32
    [*CE1-bgp] quit
    [*CE1] commit

    # On PE1, set up an EBGP peer relationship between PE1 and CE1.

    [~PE1] ip vpn-instance vpn1
    [*PE1-vpn-instance-vpn1] ipv4-family
    [*PE1-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1
    [*PE1-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 both
    [*PE1-vpn-instance-vpn1-af-ipv4] quit
    [*PE1-vpn-instance-vpn1] quit
    [*PE1] interface gigabitethernet 0/2/0
    [*PE1-GigabitEthernet0/2/0] ip binding vpn-instance vpn1
    [*PE1-GigabitEthernet0/2/0] ip address 10.1.1.2 24
    [*PE1-GigabitEthernet0/2/0] commit
    [*PE1-GigabitEthernet0/2/0] quit
    [*PE1] bgp 100
    [*PE1-bgp] ipv4-family vpn-instance vpn1
    [*PE1-bgp-vpn1] peer 10.1.1.1 as-number 65001
    [*PE1-bgp-vpn1] commit
    [~PE1-bgp-vpn1] quit
    [~PE1-bgp] quit

    # On PE1, set up an MP-IBGP peer relationship between PE1 and ASBR1.

    [~PE1] bgp 100
    [*PE1-bgp] peer 2.2.2.9 as-number 100
    [*PE1-bgp] peer 2.2.2.9 connect-interface loopback 1
    [*PE1-bgp] ipv4-family vpnv4
    [*PE1-bgp-af-vpnv4] peer 2.2.2.9 enable
    [*PE1-bgp-af-vpnv4] commit
    [*PE1-bgp-af-vpnv4] quit

    # On ASBR1, set up an MP-IBGP peer relationship between ASBR1 and PE1.

    [*ASBR1] bgp 100
    [*ASBR1-bgp] peer 1.1.1.9 as-number 100
    [*ASBR1-bgp] peer 1.1.1.9 connect-interface loopback 1
    [*ASBR1-bgp] ipv4-family vpnv4
    [*ASBR1-bgp-af-vpnv4] peer 1.1.1.9 enable
    [*ASBR1-bgp-af-vpnv4] commit
    [~ASBR1-bgp-af-vpnv4] quit
    [~ASBR1-bgp] quit

    The configurations of CE2, PE2, and ASBR2 are similar to the configurations of CE1, PE1, and ASBR1 respectively. For configuration details, see Configuration Files in this section.

    After completing the configurations, run the display bgp vpnv4 vpn-instance vpn-instancename peer command on PEs. The command output shows that BGP peer relationships have been established between PEs and CEs. Run the display bgp vpnv4 all peer command. The command output shows that BGP peer relationships have been established between each PE and CE, and between each PE and ASBR.

    The following example uses the command output on PE1.

    <PE1> display bgp vpnv4 vpn-instance vpn1 peer
     BGP local router ID : 172.1.1.2
     Local AS number : 100
    
     VPN-Instance vpn1, Router ID 172.1.1.2:
     Total number of peers : 1                 Peers in established state : 1
    
      Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv
      10.1.1.1        4       65001       79       80     0 01:05:48 Established        1
    <PE1> display bgp vpnv4 all peer
     BGP local router ID : 172.1.1.2
     Local AS number : 100
     Total number of peers : 2                 Peers in established state : 2
    
      Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv
      2.2.2.9         4         100      180      180     0 02:33:25 Established        1
    
      Peer of IPv4-family for vpn instance :
    
      VPN-Instance vpn1, Router ID 172.1.1.2:
      Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv
      10.1.1.1        4       65001       80       80     0 01:06:34 Established        1

  4. Configure inter-AS VPN in VRF-to-VRF mode.

    # On ASBR1, configure a VPN instance and bind it to the interface that connects ASBR1 to ASBR2 (ASBR1 regards ASBR2 as its CE).

    [~ASBR1] ip vpn-instance vpn1
    [*ASBR1-vpn-instance-vpn1] ipv4-family
    [*ASBR1-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:2
    [*ASBR1-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 both
    [*ASBR1-vpn-instance-vpn1-af-ipv4] quit
    [*ASBR1-vpn-instance-vpn1] quit
    [*ASBR1] interface gigabitethernet 0/2/0
    [*ASBR1-GigabitEthernet0/2/0] ip binding vpn-instance vpn1
    [*ASBR1-GigabitEthernet0/2/0] ip address 192.1.1.1 24
    [*ASBR1-GigabitEthernet0/2/0] quit
    [*ASBR1] commit

    # On ASBR2, configure a VPN instance and bind it to the interface that connects ASBR2 to ASBR1 (ASBR2 regards ASBR1 as its CE).

    [~ASBR2] ip vpn-instance vpn1
    [*ASBR2-vpn-instance-vpn1] ipv4-family
    [*ASBR2-vpn-instance-vpn1-af-ipv4] route-distinguisher 200:2
    [*ASBR2-vpn-instance-vpn1-af-ipv4] vpn-target 2:2 both
    [*ASBR2-vpn-instance-vpn1-af-ipv4] commit
    [*ASBR2-vpn-instance-vpn1-af-ipv4] quit
    [*ASBR2-vpn-instance-vpn1] quit
    [*ASBR2] interface gigabitethernet 0/2/0
    [*ASBR2-GigabitEthernet0/2/0] ip binding vpn-instance vpn1
    [*ASBR2-GigabitEthernet0/2/0] ip address 192.1.1.2 24
    [*ASBR2-GigabitEthernet0/2/0] commit
    [~ASBR2-GigabitEthernet0/2/0] quit

    # On ASBR1, set up an EBGP peer relationship between ASBR1 and ASBR2.

    [~ASBR1] bgp 100
    [*ASBR1-bgp] ipv4-family vpn-instance vpn1
    [*ASBR1-bgp-vpn1] peer 192.1.1.2 as-number 200
    [*ASBR1-bgp-vpn1] commit
    [~ASBR1-bgp-vpn1] quit
    [~ASBR1-bgp] quit

    # On ASBR2, set up an EBGP peer relationship between ASBR2 and ASBR1.

    [~ASBR2] bgp 200 
    [*ASBR2-bgp] ipv4-family vpn-instance vpn1
    [*ASBR2-bgp-vpn1] peer 192.1.1.1 as-number 100
    [*ASBR2-bgp-vpn1] commit
    [~ASBR2-bgp-vpn1] quit
    [~ASBR2-bgp] quit

    After completing the configurations, run the display bgp vpnv4 vpn-instance peer command on an ASBR. The command output shows that BGP peer relationships have been established between ASBRs.

  5. Verify the configuration.

    After the configurations are complete, CEs can learn routes from each other, and CE1 and CE2 can ping each other successfully.

    The following example uses the command output on CE1.

    <CE1> display ip routing-table
    Route Flags: R - relay, D - download
    to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Table : _public_
             Destinations : 9        Routes : 9
    
    Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface
    
           10.1.1.0/24  Direct  0    0             D  10.1.1.1        GigabitEthernet0/1/0
           10.1.1.1/32  Direct  0    0             D  127.0.0.1       GigabitEthernet0/1/0
         10.1.1.255/32  Direct  0    0             D  127.0.0.1       GigabitEthernet0/1/0
        11.11.11.11/32  Direct  0    0             D  127.0.0.1       LoopBack1
       22.22.22.22/32  EBGP   255  0             D  10.1.1.2        GigabitEthernet0/1/0
          127.0.0.0/8   Direct  0    0             D  127.0.0.1       InLoopBack0
          127.0.0.1/32  Direct  0    0             D  127.0.0.1       InLoopBack0
    127.255.255.255/32  Direct  0    0             D  127.0.0.1       InLoopBack0
    255.255.255.255/32  Direct  0    0             D  127.0.0.1       InLoopBack0
    <CE1>  ping -a 11.11.11.11 22.22.22.22
      PING 22.22.22.22: 56  data bytes, press CTRL_C to break
        Reply from 22.22.22.22: bytes=56 Sequence=1 ttl=251 time=46 ms
        Reply from 22.22.22.22: bytes=56 Sequence=2 ttl=251 time=4 ms
        Reply from 22.22.22.22: bytes=56 Sequence=3 ttl=251 time=4 ms
        Reply from 22.22.22.22: bytes=56 Sequence=4 ttl=251 time=4 ms
        Reply from 22.22.22.22: bytes=56 Sequence=5 ttl=251 time=4 ms
    
      --- 22.22.22.22 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 4/12/46 ms

    Run the display ip routing-table vpn-instance command on an ASBR. The command output shows the VPN routing table on the ASBR.

    <ASBR1> display ip routing-table vpn-instance vpn1
    Route Flags: R - relay, D - download
    to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Table : vpn1
             Destinations : 6        Routes : 6
    
    Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface
    
        11.11.11.11/32 IBGP    255  0             RD 1.1.1.9         GigabitEthernet0/1/0
        22.22.22.22/32 EBGP    255  0             RD 192.1.1.2       GigabitEthernet0/2/0
          192.1.1.0/24  Direct  0    0             D  192.1.1.1       GigabitEthernet0/2/0
          192.1.1.1/32  Direct  0    0             D  127.0.0.1       GigabitEthernet0/2/0
        192.1.1.255/32  Direct  0    0             D  127.0.0.1       GigabitEthernet0/2/0
    255.255.255.255/32  Direct  0    0             D  127.0.0.1       InLoopBack0

    Run the display bgp vpnv4 all routing-table command on an ASBR. The command output shows the VPNv4 routes on the ASBR.

    <ASBR1> display bgp vpnv4 all routing-table
     BGP Local router ID is 172.1.1.1
     Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
                   h - history,  i - internal, s - suppressed, S - Stale
                   Origin : i - IGP, e - EGP, ? - incomplete
     RPKI validation codes: V - valid, I - invalid, N - not-found
    
    
     Total number of routes from all PE: 2
     Route Distinguisher: 100:1
    
    
            Network            NextHop        MED        LocPrf    PrefVal Path/Ogn
    
     *>i    11.11.11.11/32     1.1.1.9         0          100        0      65001i
     Route Distinguisher: 100:2
    
    
            Network            NextHop        MED        LocPrf    PrefVal Path/Ogn
    
     *>     22.22.22.22/32     192.1.1.2                             0      200 65002i
    
     VPN-Instance vpn1, Router ID 172.1.1.1:
    
     Total Number of Routes: 2
            Network            NextHop        MED        LocPrf    PrefVal Path/Ogn
    
     *>i    11.11.11.11/32     1.1.1.9         0          100        0      65001i
     *>     22.22.22.22/32     192.1.1.2                             0      200 65002i

Configuration Files

  • CE1 configuration file

    #
     sysname CE1
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 10.1.1.1 255.255.255.0
    #
    interface Loopback 1
     undo shutdown
     ip address 11.11.11.11 255.255.255.255
    #
    bgp 65001
     peer 10.1.1.2 as-number 100
     network 11.11.11.11 255.255.255.255
     #
     ipv4-family unicast
      undo synchronization
      peer 10.1.1.2 enable
    #
    return
  • PE1 configuration file

    #
     sysname PE1
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 100:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 1.1.1.9
    #
    mpls
    #
    mpls ldp
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 172.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip binding vpn-instance vpn1
     ip address 10.1.1.2 255.255.255.0
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    bgp 100
     peer 2.2.2.9 as-number 100
     peer 2.2.2.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 2.2.2.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 2.2.2.9 enable
    #
     ipv4-family vpn-instance vpn1
      peer 10.1.1.1 as-number 65001
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
    #
    return
  • ASBR1 configuration file

    #
     sysname ASBR1
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 100:2
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 2.2.2.9
    #
    mpls
    #
    mpls ldp
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 172.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip binding vpn-instance vpn1
     ip address 192.1.1.1 255.255.255.0
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    bgp 100
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 1.1.1.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 1.1.1.9 enable
    #
     ipv4-family vpn-instance vpn1
      peer 192.1.1.2 as-number 200
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
    #
    return
  • ASBR2 configuration file

    #
     sysname ASBR2
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 200:2
      vpn-target 2:2 export-extcommunity
      vpn-target 2:2 import-extcommunity
    #
    mpls lsr-id 3.3.3.9
    #
    mpls
    #
    mpls ldp
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 162.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip binding vpn-instance vpn1
     ip address 192.1.1.2 255.255.255.0
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    bgp 200
     peer 4.4.4.9 as-number 200
     peer 4.4.4.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 4.4.4.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 4.4.4.9 enable
    #
     ipv4-family vpn-instance vpn1
      peer 192.1.1.1 as-number 100
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 162.1.1.0 0.0.0.255
    #
    return
  • PE2 configuration file

    #
     sysname PE2
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 200:1
      vpn-target 2:2 export-extcommunity
      vpn-target 2:2 import-extcommunity
    #
    mpls lsr-id 4.4.4.9
    #
    mpls
    #
    mpls ldp
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 162.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet0/2/0
     undo shutdown
     ip binding vpn-instance vpn1
     ip address 10.2.1.2 255.255.255.0
    #
    interface LoopBack1
     ip address 4.4.4.9 255.255.255.255
    #
    bgp 200
     peer 3.3.3.9 as-number 200
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 3.3.3.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 3.3.3.9 enable
    #
     ipv4-family vpn-instance vpn1
      peer 10.2.1.1 as-number 65002
    #
    ospf 1
     area 0.0.0.0
      network 4.4.4.9 0.0.0.0
      network 162.1.1.0 0.0.0.255
    #
    return
  • CE2 configuration file

    #
     sysname CE2
    #
    interface GigabitEthernet0/1/0
     undo shutdown
     ip address 10.2.1.1 255.255.255.0
    #
    interface Loopback 1
     undo shutdown
     ip address 22.22.22.22 255.255.255.255
    #
    bgp 65002
     peer 10.2.1.2 as-number 200
     network 22.22.22.22 255.255.255.255
     #
     ipv4-family unicast
      undo synchronization
      peer 10.2.1.2 enable
    #
    return
Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 27730

Downloads: 53

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next