No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Connecting QinQ Interfaces to a VPLS Network

Example for Connecting QinQ Interfaces to a VPLS Network

Networking Requirements

As shown in Figure 6-17, an enterprise constructs its own backbone network. The enterprise has a few branch sites (only two in this example). Site1 accesses the backbone network through CE1 and PE1, and Site2 accesses the backbone network through CE2 and PE2. Users in Site1 and Site2 need to communicate with each other at Layer 2, and it is required that user information carried in Layer 2 packets remains unchanged and need to be transparently transmitted over the backbone network.

Figure 6-17 Networking diagram for connecting QinQ interfaces to a VPLS network

Configuration Roadmap

The configuration roadmap is as follows:

  1. Use VPLS to transparently transmit Layer 2 packets on the backbone network to implement Layer 2 communication between Site1 and Site2, and retain user information carried in Layer 2 packets.

  2. Connect QinQ interfaces to a VPLS network to implement Layer 2 communication between the CEs because user information needs to be transparently transmitted over the backbone network.

  3. Configure IGP on the backbone network to transmit data packets between the PEs over the backbone network.

  4. Configure basic MPLS functions and LDP on devices on the backbone network because implementation of VPLS relies on basic MPLS functions.

  5. Establish a tunnel between the PEs to transparently transmit data between them.

  6. Enable MPLS L2VPN on the PEs to implement the VPLS function.

  7. Create VSIs on the PEs, specify LDP as the signaling protocol, and bind the VSIs to related AC interfaces to implement the VPLS function.

Procedure

  1. Add interfaces to VLANs.

    Add each interface on the Switch to a VLAN and assign an IP address to each interface.

    NOTE:

    The AC-side physical interface and PW-side physical interface of a PE cannot be added to the same VLAN; otherwise, a loop occurs.

    # Configure CE1.

    <HUAWEI> system-view
    [~HUAWEI] sysname CE1
    [*HUAWEI] commit
    [~CE1] vlan 10
    [*CE1-vlan10] quit
    [*CE1] interface vlanif 10
    [*CE1-Vlanif10] ip address 192.168.1.5 255.255.255.0
    [*CE1-Vlanif10] quit
    [*CE1] interface 10ge 1/0/1
    [*CE1-10GE1/0/1] port link-type trunk
    [*CE1-10GE1/0/1] port trunk allow-pass vlan 10
    [*CE1-10GE1/0/1] quit
    [*CE1] commit

    Perform similar configurations on the other devices according to Figure 6-17, and the detailed configurations are not mentioned here.

  2. Configure an IGP. In this example, OSPF is used.

    When configuring OSPF, advertise the 32-bit loopback interface addresses (LSR IDs) of PE1, the P, and PE2.

    Configure OSPF on PE1, the P, and PE2.

    # Configure PE1.

    [~PE1] interface loopback 1
    [*PE1-LoopBack1] ip address 1.1.1.9 255.255.255.255
    [*PE1-LoopBack1] quit
    [*PE1] ospf 1
    [*PE1-ospf-1] area 0.0.0.0
    [*PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [*PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
    [*PE1-ospf-1-area-0.0.0.0] quit
    [*PE1-ospf-1] quit
    [*PE1] commit

    The configurations on the P and PE2 are similar to that on PE1 and are not mentioned here.

    After the configuration is complete, run the display ip routing-table command on the PEs and the P. The command output shows the routes that the devices have learned from each other.

  3. Configure basic MPLS functions and LDP on the PEs and the P.

    Configure basic MPLS functions and LDP on PE1, the P, and PE2.

    # Configure PE1.

    [~PE1] mpls lsr-id 1.1.1.9
    [*PE1] mpls
    [*PE1-mpls] quit
    [*PE1] mpls ldp
    [*PE1-mpls-ldp] quit
    [*PE1] interface vlanif 20
    [*PE1-Vlanif20] mpls
    [*PE1-Vlanif20] mpls ldp
    [*PE1-Vlanif20] quit
    [*PE1] commit

    The configurations on the P and PE2 are similar to that on PE1 and are not mentioned here.

    After the configuration is complete, run the display mpls ldp session command on PE1, the P and PE2. The command output shows that the peer relationship is set up between PE1 and the P, and between the P and PE2. The status of the peer relationship is Operational. Run the display mpls lsp command, and you can view the LSP status.

  4. Create a remote LDP session between PE1 and PE2.

    # Configure PE1.

    [~PE1] mpls ldp remote-peer 3.3.3.9
    [*PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
    [*PE1-mpls-ldp-remote-3.3.3.9] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] mpls ldp remote-peer 1.1.1.9
    [*PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
    [*PE2-mpls-ldp-remote-1.1.1.9] quit
    [*PE2] commit

    After the configuration is complete, run the display mpls ldp session command on PE1 or PE2. The command output shows that Status of the peer relationship between PE1 and PE2 is Operational, which indicates that the peer relationship has been established.

  5. Enable MPLS L2VPN on the PEs.

    # Configure PE1.

    [~PE1] mpls l2vpn
    [*PE1-l2vpn] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] mpls l2vpn
    [*PE2-l2vpn] quit
    [*PE2] commit

  6. Configure LDP VPLS on the PEs.

    # Configure PE1.

    [~PE1] vsi a2 static
    [*PE1-vsi-a2] pwsignal ldp
    [*PE1-vsi-a2-ldp] vsi-id 2
    [*PE1-vsi-a2-ldp] peer 3.3.3.9
    [*PE1-vsi-a2-ldp] quit
    [*PE1-vsi-a2] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] vsi a2 static
    [*PE2-vsi-a2] pwsignal ldp
    [*PE2-vsi-a2-ldp] vsi-id 2
    [*PE2-vsi-a2-ldp] peer 1.1.1.9
    [*PE2-vsi-a2-ldp] quit
    [*PE2-vsi-a2] quit
    [*PE2] commit

  7. Bind the VSIs to PE interfaces.

    # Configure PE1.

    [~PE1] interface 10ge 1/0/1
    [~PE1-10GE1/0/1] port link-type dot1q-tunnel
    [*PE1-10GE1/0/1] port default vlan 10
    [*PE1-10GE1/0/1] quit
    [*PE1] interface vlanif 10
    [*PE1-Vlanif10] l2 binding vsi a2
    [*PE1-Vlanif10] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] interface 10ge 2/0/2
    [~PE2-10GE2/0/2] port link-type dot1q-tunnel
    [*PE2-10GE2/0/2] port default vlan 40
    [*PE2-10GE2/0/2] quit
    [*PE2] interface vlanif 40
    [*PE2-Vlanif40] l2 binding vsi a2
    [*PE2-Vlanif40] quit
    [*PE2] commit

  8. Verify the configuration.

    After the configurations are complete, run the display vpls vsi name a2 verbose command on PE1. The command output shows that the VSI a2 establishes a PW to PE2, and the status of the VSI is Up.

    [~PE1] display vpls vsi name a2 verbose
    
     ***VSI Name               : a2
        Administrator VSI      : no
        Isolate Spoken         : disable
        VSI Index              : 5
        PW Signaling           : ldp
        Member Discovery Style : static
        Bridge-domain Mode     : disable
        PW MAC Learn Style     : unqualify
        Encapsulation Type     : vlan
        MTU                    : 1500
        Ignore AcState         : disable
        Create Time            : 0 days, 1 hours, 30 minutes, 47 seconds
        VSI State              : up
    
        VSI ID                 : 2
       *Peer Router ID         : 3.3.3.9
        primary or secondary   : primary
        ignore-standby-state   : no
        VC Label               : 37
        Peer Type              : dynamic
        Session                : up
        Tunnel ID              : 0x0000000001004c4be1 
        Stp Enable             : 0
        PwIndex                : 65
     
        Interface Name         : Vlanif10
        State                  : up
        Access Port            : false
        Last Up Time           : 2014/04/03 03:04:12
        Total Up Time          : 0 days, 0 hours, 9 minutes, 26 seconds
    
      **PW Information:
    
       *Peer Ip Address        : 3.3.3.9
        PW State               : up
        Local VC Label         : 37
        Remote VC Label        : 17
        PW Type                : label
        Tunnel ID              : 0x0000000001004c4be1 
        Tnl Type               : ldp
        Stp Enable             : 0
        PW Last Up Time        : 2014/04/03 03:08:05
        PW Total Up Time       : 0 days, 0 hours, 8 minutes, 35 seconds

    CE1 (192.168.1.5) can ping CE2 (192.168.1.6) successfully.

    [~CE1] ping 192.168.1.6
      PING 192.168.1.6: 56  data bytes, press CTRL_C to break                          
        Reply from 192.168.1.6: bytes=56 Sequence=1 ttl=255 time=1 ms                  
        Reply from 192.168.1.6: bytes=56 Sequence=2 ttl=255 time=1 ms                  
        Reply from 192.168.1.6: bytes=56 Sequence=3 ttl=255 time=1 ms                  
        Reply from 192.168.1.6: bytes=56 Sequence=4 ttl=255 time=1 ms                  
        Reply from 192.168.1.6: bytes=56 Sequence=5 ttl=255 time=1 ms                  
                                                                                    
      --- 192.168.1.6 ping statistics ---                                              
        5 packet(s) transmitted                                                     
        5 packet(s) received                                                        
        0.00% packet loss                                                           
        round-trip min/avg/max = 1/1/1 ms                                           

Configuration Files

  • Configuration file of CE1

    #
    sysname CE1
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 192.168.1.5 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    return
  • Configuration file of CE2

    #
    sysname CE2
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 192.168.1.6 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    return
  • Configuration file of PE1

    #
    sysname PE1
    #
    vlan batch 10 20
    #
    mpls lsr-id 1.1.1.9
    #
    mpls
    #
    mpls l2vpn
    #
    vsi a2 static 
     pwsignal ldp 
      vsi-id 2    
      peer 3.3.3.9
    # 
    mpls ldp
     #  ipv4-family
    #
    mpls ldp remote-peer 3.3.3.9
     remote-ip 3.3.3.9
    #
    interface Vlanif10
     l2 binding vsi a2
    #
    interface Vlanif20
     ip address 172.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type dot1q-tunnel
     port default vlan 10
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
    #
    return
  • Configuration file of the P

    #
    sysname P
    #
    vlan batch 20 30
    #
    mpls lsr-id 2.2.2.9
    #
    mpls
    #
    mpls ldp
     #  ipv4-family
    #
    interface Vlanif20
     ip address 172.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif30
     ip address 172.2.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
      network 172.2.1.0 0.0.0.255
    #
    return
  • Configuration file of PE2

    #
    sysname PE2
    #
    vlan batch 30 40
    #
    mpls lsr-id 3.3.3.9
    #
    mpls
    #
    mpls l2vpn
    #
    vsi a2 static
     pwsignal ldp
      vsi-id 2
      peer 1.1.1.9
    #
    mpls ldp
     #  ipv4-family
    #
    mpls ldp remote-peer 1.1.1.9
     remote-ip 1.1.1.9
    #
    interface Vlanif30
     ip address 172.2.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif40
     l2 binding vsi a2
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface 10GE2/0/2
     port link-type dot1q-tunnel
     port default vlan 40
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 172.2.1.0 0.0.0.255
    #
    return
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 13979

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next