No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring BGP/MPLS IP VPN

Example for Configuring BGP/MPLS IP VPN

Networking Requirements

As shown in Figure 2-41:
  • CE1 connects to the headquarters R&D area of an enterprise, and CE3 connects to the branch R&D area. CE1 and CE3 belong to vpna.
  • CE2 connects to the headquarters non-R&D area, and CE4 connects to the branch non-R&D area. CE2 and CE4 belong to vpnb.

BGP/MPLS IP VPN needs to be deployed for the enterprise to ensure secure communication between the headquarters and branch and isolate data of the R&D area and non-R&D area.

Figure 2-41 BGP/MPLS IP VPN networking

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure OSPF between the P and PE devices to ensure IP connectivity on the backbone network.
  2. Enable basic MPLS capabilities and MPLS LDP on the P and PE devices to set up MPLS LSP tunnels for VPN data transmission over the backbone network.
  3. Configure MP-IBGP on PE1 and PE2 to enable them to exchange VPN routing information.
  4. Configure VPN instances vpna and vpnb on PE1 and PE2. Set the VPN target of vpna to 111:1 and the VPN target of vpnb to 222:2. This configuration allows users in the same VPN to communicate with each other and isolates users in different VPNs. Bind the VPN instances to the PE interfaces connected to CE devices to provide access for VPN users.
  5. Configure EBGP on the CE and PE devices to exchange VPN routing information.

Procedure

  1. Configure OSPF on the MPLS backbone network so that the PE and P devices can communicate with each other.

    # Configure PE1.

    <HUAWEI> system-view
    [~HUAWEI] sysname PE1
    [*HUAWEI] commit
    [~PE1] interface loopback 1
    [*PE1-LoopBack1] ip address 1.1.1.9 32
    [*PE1-LoopBack1] quit
    [*PE1] vlan batch 10 20 30
    [*PE1] interface 10ge 1/0/1
    [*PE1-10GE1/0/1] port link-type trunk
    [*PE1-10GE1/0/1] port trunk allow-pass vlan 10
    [*PE1-10GE1/0/1] quit
    [*PE1] interface 10ge 2/0/2
    [*PE1-10GE2/0/2] port link-type trunk
    [*PE1-10GE2/0/2] port trunk allow-pass vlan 20
    [*PE1-10GE2/0/2] quit
    [*PE1] interface 10ge 3/0/3
    [*PE1-10GE3/0/3] port link-type trunk
    [*PE1-10GE3/0/3] port trunk allow-pass vlan 30 
    [*PE1-10GE3/0/3] quit
    [*PE1] interface vlanif 30
    [*PE1-Vlanif30] ip address 172.1.1.1 24
    [*PE1-Vlanif30] quit
    [*PE1] ospf 1
    [*PE1-ospf-1] area 0
    [*PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
    [*PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [*PE1-ospf-1-area-0.0.0.0] quit
    [*PE1-ospf-1] quit
    [*PE1] commit

    # Configure the P device.

    <HUAWEI> system-view
    [~HUAWEI] sysname P
    [*HUAWEI] commit
    [~P] interface loopback 1
    [*P-LoopBack1] ip address 2.2.2.9 32
    [*P-LoopBack1] quit
    [*P] vlan batch 30 60
    [*P] interface 10ge 1/0/1 
    [*P-10GE1/0/1] port link-type trunk
    [*P-10GE1/0/1] port trunk allow-pass vlan 30
    [*P-10GE1/0/1] quit
    [*P] interface 10ge 2/0/2
    [*P-10GE2/0/2] port link-type trunk
    [*P-10GE2/0/2] port trunk allow-pass vlan 60
    [*P-10GE2/0/2] quit
    [*P] interface vlanif 30
    [*P-Vlanif30] ip address 172.1.1.2 24
    [*P-Vlanif30] quit
    [*P] interface vlanif 60
    [*P-Vlanif60] ip address 172.2.1.1 24
    [*P-Vlanif60] quit
    [*P] ospf 1
    [*P-ospf-1] area 0
    [*P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
    [*P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
    [*P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
    [*P-ospf-1-area-0.0.0.0] quit
    [*P-ospf-1] quit
    [*P] commit

    # Configure PE2.

    <HUAWEI> system-view
    [~HUAWEI] sysname PE2
    [*HUAWEI] commit
    [~PE2] interface loopback 1
    [*PE2-LoopBack1] ip address 3.3.3.9 32
    [*PE2-LoopBack1] quit
    [*PE2] vlan batch 40 50 60
    [*PE2] interface 10ge 1/0/1
    [*PE2-10GE1/0/1] port link-type trunk
    [*PE2-10GE1/0/1] port trunk allow-pass vlan 40
    [*PE2-10GE1/0/1] quit
    [*PE2] interface 10ge 2/0/2 
    [*PE2-10GE2/0/2] port link-type trunk
    [*PE2-10GE2/0/2] port trunk allow-pass vlan 50
    [*PE2-10GE2/0/2] quit
    [*PE2] interface 10ge 3/0/3 
    [*PE2-10GE3/0/3] port link-type trunk
    [*PE2-10GE3/0/3] port trunk allow-pass vlan 60
    [*PE2-10GE3/0/3] quit
    [*PE2] interface vlanif 60
    [*PE2-Vlanif60] ip address 172.2.1.2 24
    [*PE2-Vlanif60] quit
    [*PE2] ospf 1
    [*PE2-ospf-1] area 0
    [*PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
    [*PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
    [*PE2-ospf-1-area-0.0.0.0] quit
    [*PE2-ospf-1] quit
    [*PE2] commit
    

    After the configuration is complete, OSPF neighbor relationships are set up between PE1, the P device, and PE2. Run the display ospf peer command, and you can see that the neighbor status is Full. Run the display ip routing-table command, and you can see that PE devices have learned the routes to Loopback1 of each other.

  2. Enable basic MPLS capabilities and MPLS LDP on the PE and P devices to set up LDP LSPs over the MPLS backbone network.

    # Configure PE1.

    [~PE1] mpls lsr-id 1.1.1.9
    [*PE1] mpls
    [*PE1-mpls] quit
    [*PE1] mpls ldp
    [*PE1-mpls-ldp] quit
    [*PE1] interface vlanif 30
    [*PE1-Vlanif30] mpls
    [*PE1-Vlanif30] mpls ldp
    [*PE1-Vlanif30] quit
    [*PE1] commit

    # Configure the P device.

    [~P] mpls lsr-id 2.2.2.9
    [*P] mpls
    [*P-mpls] quit
    [*P] mpls ldp
    [*P-mpls-ldp] quit
    [*P] interface vlanif 30
    [*P-Vlanif30] mpls
    [*P-Vlanif30] mpls ldp
    [*P-Vlanif30] quit
    [*P] interface vlanif 60
    [*P-Vlanif60] mpls
    [*P-Vlanif60] mpls ldp
    [*P-Vlanif60] quit
    [*P] commit
    

    # Configure PE2.

    [~PE2] mpls lsr-id 3.3.3.9
    [*PE2] mpls
    [*PE2-mpls] quit
    [*PE2] mpls ldp
    [*PE2-mpls-ldp] quit
    [*PE2] interface vlanif 60
    [*PE2-Vlanif60] mpls
    [*PE2-Vlanif60] mpls ldp
    [*PE2-Vlanif60] quit
    [*PE2] commit
    

    After the configuration is complete, LDP sessions are set up between PE1 and the P device and between the P device and PE2. Run the display mpls ldp session command, and you can see that the Status field is Operational. After you run the display mpls ldp lsp command, information about the established LDP LSPs is displayed.

    Take the display on PE1 as an example:

    [~PE1] display mpls ldp session
     LDP Session(s) in Public Network
     LAM: Label Advertisement Mode,  KA: KeepAlive
     SsnAge: Session Age, Unit(DDDD:HH:MM)
     An asterisk (*) before a session means the session is being deleted.
     ------------------------------------------------------------------------------
     PeerID            Status      LAM  SsnRole  SsnAge      KASent/Rcv
     ------------------------------------------------------------------------------
     2.2.2.9:0          Operational DU   Active   0000:00:01  6/6
     ------------------------------------------------------------------------------
     TOTAL: 1 session(s) Found.
    
    
    [~PE1] display mpls ldp lsp
     LDP LSP Information
     An asterisk (*) before an LSP means the LSP is not established
     An asterisk (*) before a Label means the USCB or DSCB is stale
     An asterisk (*) before a UpstreamPeer means the session is in GR state
     An asterisk (*) before a DS means the session is in GR state
     An asterisk (*) before a NextHop means the LSP is FRR LSP
     -------------------------------------------------------------------------------
     DestAddress/Mask   In/OutLabel    UpstreamPeer    NextHop          OutInterface
     -------------------------------------------------------------------------------
            1.1.1.9/32   3/NULL         2.2.2.9         127.0.0.1        Loop1    
            2.2.2.9/32   NULL/3         -               172.1.1.2        Vlanif30       
            3.3.3.9/32   NULL/17        -               172.1.1.2        Vlanif30       
     -------------------------------------------------------------------------------
     TOTAL: 3 Normal LSP(s) Found, 0 Liberal LSP(s) Found
            0 FRR LSP(s) Found.

  3. Configure VPN instances on PE devices and bind the instances to the interfaces connected to CE devices.

    # Configure PE1.

    [~PE1] ip vpn-instance vpna
    [*PE1-vpn-instance-vpna] ipv4-family
    [*PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
    [*PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
    [*PE1-vpn-instance-vpna-af-ipv4] quit
    [*PE1-vpn-instance-vpna] quit
    [*PE1] ip vpn-instance vpnb
    [*PE1-vpn-instance-vpnb] ipv4-family
    [*PE1-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2
    [*PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
    [*PE1-vpn-instance-vpnb-af-ipv4] quit
    [*PE1-vpn-instance-vpnb] quit
    [*PE1] interface vlanif 10
    [*PE1-Vlanif10] ip binding vpn-instance vpna
    [*PE1-Vlanif10] ip address 10.1.1.2 24
    [*PE1-Vlanif10] quit
    [*PE1] interface vlanif 20
    [*PE1-Vlanif20] ip binding vpn-instance vpnb
    [*PE1-Vlanif20] ip address 10.2.1.2 24
    [*PE1-Vlanif20] quit
    [*PE1] commit
    

    # Configure PE2.

    [~PE2] ip vpn-instance vpna
    [*PE2-vpn-instance-vpna] ipv4-family
    [*PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1
    [*PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
    [*PE2-vpn-instance-vpna-af-ipv4] quit
    [*PE2-vpn-instance-vpna] quit
    [*PE2] ip vpn-instance vpnb
    [*PE2-vpn-instance-vpnb] ipv4-family
    [*PE2-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2
    [*PE2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
    [*PE2-vpn-instance-vpnb-af-ipv4] quit
    [*PE2-vpn-instance-vpnb] quit
    [*PE2] interface vlanif 40
    [*PE2-Vlanif40] ip binding vpn-instance vpna
    [*PE2-Vlanif40] ip address 10.3.1.2 24
    [*PE2-Vlanif40] quit
    [*PE2] interface vlanif 50
    [*PE2-Vlanif50] ip binding vpn-instance vpnb
    [*PE2-Vlanif50] ip address 10.4.1.2 24
    [*PE2-Vlanif50] quit
    [*PE2] commit

    # Assign IP addresses to the interfaces on the CE devices according to Figure 2-41. The configuration procedure is not provided here.

    After the configuration is complete, run the display ip vpn-instance verbose command on the PE devices to view the configuration of VPN instances. Each PE device can ping its local CE devices.

    NOTE:

    If a PE device has multiple interfaces bound to the same VPN instance, specify a source IP addresses by setting -a source-ip-address in the ping -vpn-instance vpn-instance-name -a source-ip-address dest-ip-address command to ping a remote CE device. If the source IP address is not specified, the ping operation fails.

    Take the display on PE1 as an example:

    [~PE1] display ip vpn-instance verbose
      Total VPN-Instances configured : 2
      Total IPv4 VPN-Instances configured : 2                                       
      Total IPv6 VPN-Instances configured : 0   
    
    
      VPN-Instance Name and ID : vpna, 1                                             
      Interfaces : Vlanif10                                                         
     Address family IPv4
      Create date : 2012-08-13 18:44:11+08:00                                       
      Up time : 0 days, 03 hours, 46 minutes and 59 seconds                         
      Vrf Status : UP
      Route Distinguisher : 100:1                                                   
      Export VPN Targets : 111:1                                                    
      Import VPN Targets : 111:1                                                    
      Label Policy : label per instance                                                
                                                                                    
     VPN-Instance Name and ID : vpnb, 2                                             
     Address family IPv4
      Create date : 2012-08-13 18:44:11+08:00                                       
      Up time : 0 days, 03 hours, 46 minutes and 59 seconds                         
      Vrf Status : UP
      Route Distinguisher : 100:2                                                   
      Export VPN Targets : 222:2                                                    
      Import VPN Targets : 222:2                                                    
      Label Policy : label per instance                                                
                                                                
    [~PE1] ping -vpn-instance vpna 10.1.1.1
      PING 10.1.1.1: 56  data bytes, press CTRL_C to break
        Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=5 ms
        Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=3 ms
        Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=3 ms
        Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=3 ms
        Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=16 ms
    
      --- 10.1.1.1 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 3/6/16 ms 

  4. Set up an MP-IBGP peer relationship between the PE devices.

    # Configure PE1.

    [~PE1] bgp 100
    [*PE1-bgp] peer 3.3.3.9 as-number 100
    [*PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
    [*PE1-bgp] ipv4-family vpnv4
    [*PE1-bgp-af-vpnv4] peer 3.3.3.9 enable
    [*PE1-bgp-af-vpnv4] commit
    [~PE1-bgp-af-vpnv4] quit
    [~PE1-bgp] quit

    # Configure PE2.

    [~PE2] bgp 100
    [*PE2-bgp] peer 1.1.1.9 as-number 100
    [*PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
    [*PE2-bgp] ipv4-family vpnv4
    [*PE2-bgp-af-vpnv4] peer 1.1.1.9 enable
    [*PE2-bgp-af-vpnv4] commit
    [~PE2-bgp-af-vpnv4] quit
    [~PE2-bgp] quit

    After the configuration is complete, run the display bgp peer or display bgp vpnv4 all peer command on the PE devices. The command output shows that the BGP peer relationships have been established between the PE devices.

    [~PE1] display bgp peer
    
     BGP local router ID : 1.1.1.9
     Local AS number : 100
     Total number of peers : 1                 Peers in established state : 1
    
      Peer            V    AS  MsgRcvd  MsgSent  OutQ  Up/Down       State              PrefRcv
    
      3.3.3.9         4   100       12        6     0 00:02:21        Established       0
    
    [~PE1] display bgp vpnv4 all peer
    
     BGP local router ID : 1.1.1.9
     Local AS number : 100
     Total number of peers : 1                 Peers in established state : 1
    
      Peer            V    AS  MsgRcvd  MsgSent  OutQ  Up/Down       State              PrefRcv
    
      3.3.3.9         4   100       12       18     0 00:09:38        Established       0
      

  5. Set up EBGP peer relationships between the PE and CE devices and import VPN routes into BGP.

    # Configure CE1. The configurations of CE2, CE3 and CE4 are similar to that of CE1.

    [~CE1] bgp 65410
    [*CE1-bgp] peer 10.1.1.2 as-number 100
    [*CE1-bgp] import-route direct
    [*CE1-bgp] commit
    [~CE1-bgp] quit
    

    # Configure PE1. The configuration of PE2 is similar to that of PE1.

    [~PE1] bgp 100
    [~PE1-bgp] ipv4-family vpn-instance vpna
    [*PE1-bgp-vpna] peer 10.1.1.1 as-number 65410
    [*PE1-bgp-vpna] import-route direct
    [*PE1-bgp-vpna] quit
    [*PE1-bgp] ipv4-family vpn-instance vpnb
    [*PE1-bgp-vpnb] peer 10.2.1.1 as-number 65420
    [*PE1-bgp-vpnb] import-route direct
    [*PE1-bgp-vpnb] commit
    [~PE1-bgp-vpnb] quit
    [~PE1-bgp] quit

    After the configuration is complete, run the display bgp vpnv4 vpn-instance peer command on the PE devices. You can see that BGP peer relationships have been established between the PE and CE devices.

    Take the peer relationship between PE1 and CE1 as an example:

    [~PE1] display bgp vpnv4 vpn-instance vpna peer
    
     BGP local router ID : 1.1.1.9
     Local AS number : 100
                                                                                    
     VPN-Instance vpna, router ID 1.1.1.9:  
     Total number of peers : 1                 Peers in established state : 1
    
      Peer            V    AS  MsgRcvd  MsgSent  OutQ  Up/Down       State      PrefRcv
    
      10.1.1.1        4 65410       11        9     0 00:07:25      Established       1
    

  6. Verify the configuration.

    Run the display ip routing-table vpn-instance command on a PE device to view the routes to the remote CE devices.

    Take the display on PE1 as an example:

    [~PE1] display ip routing-table vpn-instance vpna
    Proto: Protocol        Pre: Preference
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Table : vpna
             Destinations : 5        Routes : 5
    
    Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface
         10.1.1.0/24    Direct 0    0        D     10.1.1.2        Vlanif10
         10.1.1.2/32    Direct 0    0        D     127.0.0.1       Vlanif10
       10.1.1.255/32    Direct 0    0        D     127.0.0.1       Vlanif10
        10.3.1.0/24     IBGP   255  0        RD    3.3.3.9         Vlanif30
    255.255.255.255/32  Direct 0    0        D     127.0.0.1       InLoopBack0
    [~PE1] display ip routing-table vpn-instance vpnb
    Proto: Protocol        Pre: Preference
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Table : vpnb
             Destinations : 5        Routes : 5
    
    Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface
         10.2.1.0/24    Direct 0    0        D     10.2.1.2        Vlanif20
         10.2.1.2/32    Direct 0    0        D     127.0.0.1       Vlanif20
       10.2.1.255/32    Direct 0    0        D     127.0.0.1       Vlanif20
        10.4.1.0/24     IBGP   255  0        RD    3.3.3.9         Vlanif30
    255.255.255.255/32  Direct 0    0        D     127.0.0.1       InLoopBack0

    CE devices in the same VPN can ping each other, whereas CE devices in different VPNs cannot.

    For example, CE1 connected to the headquarters R&D area can ping CE3 connected to the branch R&D area (10.3.1.1) but cannot ping CE4 connected to the branch non-R&D area (10.4.1.1).

    [~CE1] ping 10.3.1.1
      PING 10.3.1.1: 56  data bytes, press CTRL_C to break
        Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=253 time=72 ms
        Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=253 time=34 ms
        Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=253 time=50 ms
        Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=253 time=50 ms
        Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=253 time=34 ms
      --- 10.3.1.1 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 34/48/72 ms  
    [~CE1] ping 10.4.1.1
      PING 10.4.1.1: 56  data bytes, press CTRL_C to break
        Request time out
        Request time out
        Request time out
        Request time out
        Request time out
      --- 10.4.1.1 ping statistics ---
        5 packet(s) transmitted
        0 packet(s) received
        100.00% packet loss

Configuration Files

  • PE1 configuration file

    #
    sysname PE1
    #
    vlan batch 10 20 30
    #
    ip vpn-instance vpna
     ipv4-family
      route-distinguisher 100:1
      vpn-target 111:1 import-extcommunity
      vpn-target 111:1 export-extcommunity
    #
    ip vpn-instance vpnb
     ipv4-family
      route-distinguisher 100:2
      vpn-target 222:2 import-extcommunity
      vpn-target 222:2 export-extcommunity
    #
    mpls lsr-id 1.1.1.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif10
     ip binding vpn-instance vpna
     ip address 10.1.1.2 255.255.255.0
    # 
    interface Vlanif20
     ip binding vpn-instance vpnb
     ip address 10.2.1.2 255.255.255.0
    #
    interface Vlanif30
     ip address 172.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    # 
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface 10GE3/0/3
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    # 
    bgp 100
     peer 3.3.3.9 as-number 100
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 3.3.3.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 3.3.3.9 enable
     #
     ipv4-family vpn-instance vpna
      import-route direct
      peer 10.1.1.1 as-number 65410
     #
     ipv4-family vpn-instance vpnb
      import-route direct
      peer 10.2.1.1 as-number 65420
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
    #
    return
  • P configuration file

    #
    sysname P
    #
    vlan batch 30 60
    #
    mpls lsr-id 2.2.2.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    # 
    interface Vlanif30
     ip address 172.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif60
     ip address 172.2.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 30
    # 
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 60
    # 
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
      network 172.2.1.0 0.0.0.255
    #
    return
  • PE2 configuration file

    #
    sysname PE2
    #
    vlan batch 40 50 60
    #
    ip vpn-instance vpna     
     ipv4-family  
      route-distinguisher 200:1
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
    ip vpn-instance vpnb     
     ipv4-family           
      route-distinguisher 200:2
      vpn-target 222:2 export-extcommunity
      vpn-target 222:2 import-extcommunity
    #
    mpls lsr-id 3.3.3.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif40
     ip binding vpn-instance vpna
     ip address 10.3.1.2 255.255.255.0
    #
    interface Vlanif50
     ip binding vpn-instance vpnb
     ip address 10.4.1.2 255.255.255.0
    #
    interface Vlanif60
     ip address 172.2.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 40
    # 
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 50
    # 
    interface 10GE3/0/3
     port link-type trunk
     port trunk allow-pass vlan 60
    # 
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    bgp 100
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 1.1.1.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 1.1.1.9 enable 
     #
     ipv4-family vpn-instance vpna
      import-route direct
      peer 10.3.1.1 as-number 65430
     #
     ipv4-family vpn-instance vpnb
      import-route direct
      peer 10.4.1.1 as-number 65440
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 172.2.1.0 0.0.0.255
    # 
    return
  • CE1 configuration file (connected to the headquarters R&D area)

    #
    sysname CE1
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 10.1.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    bgp 65410
     peer 10.1.1.2 as-number 100
     #
     ipv4-family unicast
      import-route direct
      peer 10.1.1.2 enable
    #
    return
  • CE2 configuration file (connected to the headquarters non-R&D area)

    #
    sysname CE2
    #
    vlan batch 20
    #
    interface Vlanif20
     ip address 10.2.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    bgp 65420
     peer 10.2.1.2 as-number 100
     #
     ipv4-family unicast
      import-route direct
      peer 10.2.1.2 enable
    #
    return
  • CE3 configuration file (connected to the branch R&D area)

    #
    sysname CE3
    #
    vlan batch 40
    #
    interface Vlanif40
     ip address 10.3.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    bgp 65430
     peer 10.3.1.2 as-number 100
     #
     ipv4-family unicast
      import-route direct
      peer 10.3.1.2 enable
    #
    return
  • CE4 configuration file (connected to the branch non-R&D area)

    #
    sysname CE4
    #
    vlan batch 50
    #
    interface Vlanif50
     ip address 10.4.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 50
    #
    bgp 65440
     peer 10.4.1.2 as-number 100
     #
     ipv4-family unicast
      import-route direct
      peer 10.4.1.2 enable
    #
    return
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 16453

Downloads: 26

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next