No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring L2VPN Loop Detection In a Scenario Where a CE Accesses a PE over Redundant Links

Example for Configuring L2VPN Loop Detection In a Scenario Where a CE Accesses a PE over Redundant Links

On a VPLS network, a switch accesses a PE through a switch over redundant links. In this situation, you can enable L2VPN loop detection on the AC interfaces of the PE. Then, the AC interfaces send L2VPN loop detection packets over the redundant links between the PE and switch to detect loops. After the PE detects a loop, the PE blocks an AC interface to remove the loop, preventing broadcast storms.

Networking Requirements

On the network shown in Figure 12-9, CE1 connects to PE1 through a switch over redundant links; CE2 directly connects to PE2; an LDP PW needs to be established between PE1 and PE2 for CE1 and CE2 to communicate.

L2VPN loop detection needs to be configured on the AC interfaces of PE1 to detect loops.

Figure 12-9 Configuring L2VPN loop detection on PE on a VPLS network

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure a routing protocol on the backbone network for devices to communicate.

  2. Establish a remote LDP session between the PEs.

  3. Establish an MPLS tunnel between the PEs.

  4. Enable MPLS L2VPN on the PEs.

  5. Create a VSI on each PE, specify LDP as the signaling protocol, and bind the AC interfaces on each PE to the VSI on that PE.

  6. Configure L2VPN loop detection on PE1.

Data Preparation

To complete the configuration, you need the following data:

  • VSI names and IDs

  • Peer IP addresses and the tunnel used for setting up the peer relationship

  • AC interface names

Procedure

  1. Configure an IP address for each interface.
  2. Configure an IGP. In this example, OSPF is used.

    NOTE:

    Ensure that the 32-bit loopback address of each PE is advertised after OSPF is enabled.

    # Configure PE1.

    [~PE1] ospf 1
    [*PE1-ospf-1] area 0
    [*PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [*PE1-ospf-1-area-0.0.0.0] network 10.10.1.0 0.0.0.3
    [*PE1-ospf-1-area-0.0.0.0] quit
    [*PE1-ospf-1] quit
    [*PE1] commit

    # Configure the P.

    [~P] ospf 1
    [*P-ospf-1] area 0
    [*P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
    [*P-ospf-1-area-0.0.0.0] network 10.10.1.0 0.0.0.3
    [*P-ospf-1-area-0.0.0.0] network 10.20.1.0 0.0.0.3
    [*P-ospf-1-area-0.0.0.0] quit
    [*P-ospf-1] quit
    [*P] commit

    # Configure PE2.

    [~PE2] ospf 1
    [*PE2-ospf-1] area 0
    [*PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
    [*PE2-ospf-1-area-0.0.0.0] network 10.20.1.0 0.0.0.3
    [*PE2-ospf-1-area-0.0.0.0] quit
    [*PE2-ospf-1] quit
    [*PE2] commit

    After the configuration is complete, PE1 and PE2 can use OSPF to learn the IP route to each other's Loopback1 interface.

    The following example uses the command output on PE1.

    [~PE1] display ip routing-table
    Route Flags: R - relay, D - download to fib
    ------------------------------------------------------------------------------
    Routing Tables: Public
             Destinations : 9       Routes : 9
    Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface
            1.1.1.9/32  Direct 0    0           D  127.0.0.1       InLoopBack0
            2.2.2.9/32  OSPF   10   2           D  10.10.1.2       Gigabitethernet0/3/2
            3.3.3.9/32  OSPF   10   3           D  10.10.1.2       Gigabitethernet0/3/2
          10.10.1.0/30  Direct 0    0           D  10.10.1.1       Gigabitethernet0/3/2
          10.10.1.1/32  Direct 0    0           D  127.0.0.1       InLoopBack0
          10.10.1.2/32  Direct 0    0           D  10.10.1.2       Gigabitethernet0/3/2
          10.20.1.0/30  OSPF   10   2           D  10.10.1.2       Gigabitethernet0/3/2
          127.0.0.0/8   Direct 0    0           D  127.0.0.1       InLoopBack0
          127.0.0.1/32  Direct 0    0           D  127.0.0.1       InLoopBack0

  3. Configure basic MPLS functions and LDP.

    # Configure PE1.

    [~PE1] mpls lsr-id 1.1.1.9
    [*PE1] mpls
    [*PE1-mpls] quit
    [*PE1] mpls ldp
    [*PE1-mpls-ldp] quit
    [~PE1] interface gigabitethernet0/2/2
    [*PE1-Gigabitethernet0/2/2] mpls
    [*PE1-Gigabitethernet0/2/2] mpls ldp
    [*PE1-Gigabitethernet0/2/2] quit
    [*PE1] commit

    # Configure the P.

    [~P] mpls lsr-id 2.2.2.9
    [*P] mpls
    [*P-mpls] quit
    [*P] mpls ldp
    [*P-mpls-ldp] quit
    [~P] interface gigabitethernet1/0/0
    [*P-Gigabitethernet1/0/0] mpls
    [*P-Gigabitethernet1/0/0] mpls ldp
    [*P-Gigabitethernet1/0/0] quit
    [~P] interface gigabitethernet2/0/0
    [*P-Gigabitethernet2/0/0] mpls
    [*P-Gigabitethernet2/0/0] mpls ldp
    [*P-Gigabitethernet2/0/0] quit
    [*P] commit

    # Configure PE2.

    [~PE2] mpls lsr-id 3.3.3.9
    [*PE2] mpls
    [*PE2-mpls] quit
    [*PE2] mpls ldp
    [*PE2-mpls-ldp] quit
    [~PE2] interface gigabitethernet2/0/0
    [*PE2-Gigabitethernet2/0/0] mpls
    [*PE2-Gigabitethernet2/0/0] mpls ldp
    [*PE2-Gigabitethernet2/0/0] quit
    [*PE2] commit

    After the configuration is complete, an LDP session is established between each PE and the P. The display mpls ldp session command output shows that the Status field is Operational.

    The following example uses the command output on PE1.

    [~PE1] display mpls ldp session
                   LDP Session(s) in Public Network
     ------------------------------------------------------------------------------
     Peer-ID            Status      LAM  SsnRole  SsnAge      KA-Sent/Rcv
     ------------------------------------------------------------------------------
     2.2.2.9:0          Operational DU   Passive  000:00:02   10/10
    ------------------------------------------------------------------------------
     TOTAL: 1 session(s) Found.
     LAM : Label Advertisement Mode      SsnAge Unit : DDD:HH:MM

  4. Establish a remote LDP session between the PEs.

    # Configure PE1.

    [~PE1] mpls ldp remote-peer pe2
    [*PE1-mpls-ldp-remote-pe2] remote-ip 3.3.3.9
    [*PE1-mpls-ldp-remote-pe2] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] mpls ldp remote-peer pe1
    [*PE2-mpls-ldp-remote-pe1] remote-ip 1.1.1.9
    [*PE2-mpls-ldp-remote-pe1] quit
    [*PE2] commit

    After the configuration is complete, run the display mpls ldp session command on PE1 or PE2. The command output shows that Status of the peer relationship between PE1 and PE2 is Operational, which indicates that the peer relationship has been established.

    The following example uses the command output on PE1.

    [~PE1] display mpls ldp session
                   LDP Session(s) in Public Network
     ------------------------------------------------------------------------------
     Peer-ID            Status      LAM  SsnRole  SsnAge      KA-Sent/Rcv
     ------------------------------------------------------------------------------
     2.2.2.9:0          Operational DU   Passive  000:00:02   10/10
     3.3.3.9:0          Operational DU   Passive  000:00:02   9/9
     ------------------------------------------------------------------------------
     TOTAL: 2 session(s) Found.
     LAM : Label Advertisement Mode      SsnAge Unit : DDD:HH:MM

  5. Enable MPLS L2VPN on PEs.

    # Configure PE1.

    [*PE1] mpls l2vpn
    [*PE1-l2vpn] quit
    [*PE1] commit

    # Configure PE2.

    [*PE2] mpls l2vpn
    [*PE2-l2vpn] quit
    [*PE2] commit

  6. Configure a VSI on each PE.

    # Configure PE1.

    [~PE1] vsi a2 static
    [*PE1-vsi-a2] pwsignal ldp
    [*PE1-vsi-a2-ldp] vsi-id 2
    [*PE1-vsi-a2-ldp] peer 3.3.3.9
    [*PE1-vsi-a2-ldp] mac-withdraw enable
    [*PE1-vsi-a2-ldp] interface-status-change mac-withdraw enable
    [*PE1-vsi-a2-ldp] quit
    [*PE1-vsi-a2] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] vsi a2 static
    [*PE2-vsi-a2] pwsignal ldp
    [*PE2-vsi-a2-ldp] vsi-id 2
    [*PE2-vsi-a2-ldp] peer 1.1.1.9
    [*PE2-vsi-a2-ldp] mac-withdraw enable
    [*PE2-vsi-a2-ldp] interface-status-change mac-withdraw enable
    [*PE2-vsi-a2-ldp] quit
    [*PE2-vsi-a2] quit
    [*PE2] commit

  7. Bind the AC interfaces on each PE to the VSI on that PE.

    # Configure PE1.

    [~PE1] interface gigabitethernet0/2/1
    [*PE1-GigabitEthernet0/2/1] undo shutdown
    [*PE1-GigabitEthernet0/2/1] quit
    [~PE1] interface gigabitethernet0/2/1.1
    [*PE1-GigabitEthernet0/2/1.1] vlan-type dot1q 10
    [*PE1-GigabitEthernet0/2/1.1] l2 binding vsi a2
    [*PE1-GigabitEthernet0/2/1.1] quit
    [~PE1] interface gigabitethernet0/2/3
    [*PE1-GigabitEthernet0/2/3] undo shutdown
    [*PE1-GigabitEthernet0/2/3] quit
    [~PE1] interface gigabitethernet0/2/3.1
    [*PE1-GigabitEthernet0/2/3.1] vlan-type dot1q 10
    [*PE1-GigabitEthernet0/2/3.1] l2 binding vsi a2
    [*PE1-GigabitEthernet0/2/3.1] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] interface gigabitethernet2/0/0
    [*PE2-GigabitEthernet2/0/0] undo shutdown
    [*PE2-GigabitEthernet2/0/0] quit
    [~PE2] interface gigabitethernet2/0/0.1
    [*PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10
    [*PE2-GigabitEthernet2/0/0.1] l2 binding vsi a2
    [*PE2-GigabitEthernet2/0/0.1] quit
    [*PE2] commit

  8. Configure CEs to access the VPLS network.

    # Configure the switch.

    <~HUAWEI> system-view
    [*HUAWEI] sysname Switch
    [*Switch] vlan 10
    [*Switch-vlan10] quit
    [~Switch] interface gigabitethernet 0/2/1
    [*Switch-GigabitEthernet0/2/1] port trunk allow-pass vlan 10
    [*Switch-GigabitEthernet0/2/1] quit
    [~Switch] interface gigabitethernet 0/2/3
    [*Switch-GigabitEthernet0/2/3] port trunk allow-pass vlan 10
    [*Switch-GigabitEthernet0/2/3] quit
    [~Switch] interface gigabitethernet 0/2/2
    [*Switch-GigabitEthernet0/2/2] port link-type access
    [*Switch-GigabitEthernet0/2/2] port default vlan 10
    [*Switch-GigabitEthernet0/2/2] quit
    [*Switch] commit

    # Configure CE1.

    <~HUAWEI> system-view
    <*HUAWEI> sysname CE1
    [~CE1] interface gigabitethernet0/2/1
    [*CE1-GigabitEthernet0/2/1] ip address 10.1.1.1 255.255.255.0
    [*CE1-GigabitEthernet0/2/1] undo shutdown
    [*CE1-GigabitEthernet0/2/1] quit
    [*CE1] commit

    # Configure CE2.

    <~HUAWEI> system-view
    <*HUAWEI> sysname CE2
    [~CE2] interface gigabitethernet2/0/0
    [*CE2-GigabitEthernet2/0/0] undo shutdown
    [*CE2-GigabitEthernet2/0/0] quit
    [~CE2] interface gigabitethernet2/0/0.1
    [*CE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10
    [*CE2-GigabitEthernet2/0/0.1] ip address 10.1.1.2 255.255.255.0
    [*CE2-GigabitEthernet2/0/0.1] quit
    [*CE2] commit

  9. Configure L2VPN loop detection on PE1.

    # Configure PE1.

    <~HUAWEI> system-view
    <*HUAWEI> sysname PE1
    [*PE1] loop-detection enable
    [*PE1] interface gigabitethernet0/2/1.1
    [*PE1-GigabitEthernet0/2/1.1] loop-detect enable
    [*PE1-GigabitEthernet0/2/1.1] loop-detect block 16
    [*PE1-GigabitEthernet0/2/1.1] quit
    [*PE1] interface gigabitethernet0/2/3.1
    [*PE1-GigabitEthernet0/2/3.1] loop-detect enable
    [*PE1-GigabitEthernet0/2/3.1] loop-detect block 16
    [*PE1-GigabitEthernet0/2/3.1] quit
    [*PE1] commit
    [*PE1] quit

  10. Verify the configuration.

    After the configuration is complete, run the display loop-detect block all command on PE1. The command output shows the loopback detect information.

    [PE1] display loop-detect block all
    Info: A link has been blocked (PORT:GigabitEthernet0/2/1.1, VLAN ID:10)  

    Run the display vsi name a2 verbose command on PE1. The command output shows that VSI a2 has established a PW to PE2, and the status of the VSI is Up.

    [~PE1] display vsi name a2 verbose
    *** VSI Name               : a2         
        Administrator VSI      : no
        Isolate Spoken         : disable
        VSI Index              : 0         
        PW Signaling           : ldp       
        Member Discovery Style : static    
        PW MAC Learn Style     : unqualify
        Encapulation Type      : vlan
        MTU                    : 1500
        Diffserv Mode          : uniform
        Service Class          : --
        Color                  : --
        DomainId               : 255
        Domain Name            :
        Create Time            : 0 days, 3 hours, 30 minutes, 31 seconds
        VSI State              : up
        VSI ID                 : 2
       *Peer Router ID         : 3.3.3.9
        VC Label               : 17408
        Peer Type              : dynamic  
        Session                : up
        Tunnel ID              : 0x6002001
        Interface Name         : GigabitEthernet0/2/1.1 
        State                  : down 
        Last Up Time           : 2017-02-15 14:41:59
        Total Up Time          : 0 days, 1 hours, 2 minutes, 2 seconds
        Interface Name         : GigabitEthernet0/2/1.1 
        State                  : up
        Last Up Time           : 2017-02-15 15:41:59
        Total Up Time          : 0 days, 0 hours, 1 minutes, 2 seconds
       *Peer Ip Address        : 3.3.3.9
        PW State               : up
        Local VC Label         : 17408
        Remote VC Label        : 17408
        PW Type                : label
        Tunnel ID              : 0x6002001
        FIB Link-ID            : 1
        PW Last Up Time        : 2017-02-15 15:41:59
        PW Total Up Time       : 0 days, 0 hours, 1 minutes, 3 seconds

    Ping CE2 (10.1.1.2) from CE1 (10.1.1.1). The ping operation is successful.

    [*CE1] ping 10.1.1.2
      PING 10.1.1.2: 56  data bytes, press CTRL_C to break
        Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 ms
        Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 ms
        Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 ms
        Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 ms
        Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 ms
      --- 10.1.1.2 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 34/68/94 ms 

Configuration Files


  • CE1 configuration file

    #
     sysname CE1
    #
    interface GigabitEthernet0/2/1
     undo shutdown
     ip address 10.1.1.1 255.255.255.0
    #
    return
  • CE2 configuration file

    #
     sysname CE2
    #
    interface GigabitEthernet0/2/2
     undo shutdown
    #
    interface GigabitEthernet0/2/2.1
     vlan-type dot1q 10
     ip address 10.1.1.2 255.255.255.0
    #
    return
  • Switch configuration file

    #
     sysname Switch
    #
     vlan batch 10
    #
    interface GigabitEthernet0/2/1
     port trunk allow-pass vlan 10
    #
    interface GigabitEthernet0/2/3
     port trunk allow-pass vlan 10
    #
    interface GigabitEthernet0/2/2
     port link-type access
     port default vlan 10
    #
    return
  • PE1 configuration file

    #
     sysname PE1
    #
    loop-detection enable
    #
     mpls lsr-id 1.1.1.9
     mpls
    #
     mpls l2vpn
    #
    vsi a2 static
     pwsignal ldp
      vsi-id 2
      peer 3.3.3.9
      mac-withdraw enable
      interface-status-change mac-withdraw enable
    #
    mpls ldp
    #
     mpls ldp remote-peer pe2
     remote-ip 3.3.3.9
    #
    interface GigabitEthernet0/2/1
     undo shutdown
    #
    interface GigabitEthernet0/2/1.1
     vlan-type dot1q 10
     l2 binding vsi a2
     loop-detect enable
     loop-detect block 16
    #
    interface GigabitEthernet0/2/3
     undo shutdown
    #
    interface GigabitEthernet0/2/3.1
     vlan-type dot1q 10
     l2 binding vsi a2
     loop-detect enable
     loop-detect block 16
    #
    interface GigabitEthernet0/2/2
     undo shutdown
     ip address 10.10.1.1 255.255.255.252
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 10.10.1.0 0.0.0.3
    #
    return
  • P configuration file

    #
     sysname P
    #
     mpls lsr-id 2.2.2.9
     mpls
    #
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     undo shutdown
     ip address 10.10.1.2 255.255.255.252
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     undo shutdown
     ip address 10.20.1.1 255.255.255.252
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 10.10.1.0 0.0.0.3
      network 10.20.1.0 0.0.0.3
      network 2.2.2.9 0.0.0.0
    #
    return
  • PE2 configuration file

    #
     sysname PE2
    #
     mpls lsr-id 3.3.3.9
     mpls
    #
     mpls l2vpn
    #
    vsi a2 static
     pwsignal ldp
      vsi-id 2
      peer 1.1.1.9
      mac-withdraw enable
      interface-status-change mac-withdraw enable
    #
    mpls ldp
    #
     mpls ldp remote-peer pe1
     remote-ip 1.1.1.9
    #
    interface GigabitEthernet1/0/0
     undo shutdown
     ip address 10.20.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     undo shutdown
    #
    interface GigabitEthernet2/0/0.1
     vlan-type dot1q 10
     l2 binding vsi a2
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 10.20.1.0 0.0.0.3
    #
    return
Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 27572

Downloads: 53

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next