No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Inter-AS VPN Option C

Example for Configuring Inter-AS VPN Option C

Networking Requirements

An enterprise's headquarters and branches communicate over networks of different ISPs, and the enterprise has many inter-AS VPN services. The ASBR-PE devices do not have high VPN route management capabilities. The enterprise requires an inter-AS VPN solution to provide inter-AS BGP/MPLS IP VPN services.

This example illustrates only the inter-AS VPN solution between the headquarters and one branch. As shown in Figure 2-47, CE1 is located in the headquarters and connects to PE1 in AS 100. CE2 is located in the branch and connects to PE2 in AS 200. Both CE1 and CE2 belong to vpn1.

Figure 2-47 Inter-AS VPN Option C networking

Configuration Roadmap

Inter-AS Option C can be deployed to meet the enterprise's requirements. The configuration roadmap is as follows:

  1. On the MPLS backbone network in each AS, configure an IGP protocol to enable the PE and ASBR-PE devices in the same AS to communicate with each other.
  2. Configure basic MPLS capabilities and MPLS LDP on the MPLS backbone network in each AS to establish LDP LSPs.
  3. Set up an MP-IBGP peer relationship between the PE and ASBR-PE devices in each AS to exchange VPN routing information.
  4. Create a VPN instance on the PE device in each AS and bind the VPN instance to the interface connected to the CE device.
  5. Set up an EBGP peer relationship between the PE and CE devices in each AS to exchange VPN routing information.
  6. Configure inter-AS VPN Option C:
    1. Enable each ASBR to exchange labeled IPv4 routes with the PE in the same AS and with the peer ASBR. Configure routing policies on each ASBR-PE to implement the following: The ASBR-PE allocates MPLS labels to the routes advertised to the peer ASBR-PE and allocates new MPLS labels to labeled IPv4 routes advertised to the PE in the local AS.
    2. Set up an MP-EBGP peer relationship between the PE devices in different ASs and set the maximum hop count allowed between the PE devices.

Procedure

  1. On the MPLS backbone networks in AS 100 and AS 200, configure an IGP protocol to enable the PE devices to communicate with each other.
  2. On the MPLS backbone networks in AS 100 and AS 200, enable basic MPLS capabilities and MPLS LDP to establish LDP LSPs.
  3. Set up an MP-IBGP peer relationship between the PE and ASBR-PE devices in each AS to exchange VPN routing information.
  4. On the PE devices, create a VPN instance, enable the IPv4 address family in the instance, and bind the instance to the interfaces connected to CE devices.
  5. Set up EBGP peer relationships between the PE and CE devices to exchange VPN routing information.

    For detailed configurations, see Example for Configuring Inter-AS VPN Option A.

  6. Enable exchange of labeled IPv4 routes.

    # On PE1, enable the capability to exchange labeled IPv4 routes with ASBR-PE1. The configuration of PE2 is the same as that of PE1.

    [~PE1] bgp 100
    [~PE1-bgp] peer 2.2.2.9 label-route-capability
    [*PE1-bgp] quit
    [*PE1] commit
    

    # On ASBR-PE1, enable MPLS on the interface connected to ASBR-PE2. The configuration of ASBR-PE2 is the same as that of ASBR-PE1.

    [~ASBR-PE1] interface vlanif 12
    [*ASBR-PE1-Vlanif12] ip address 192.1.1.1 24
    [*ASBR-PE1-Vlanif12] mpls
    [*ASBR-PE1-Vlanif12] quit
    

    # On ASBR-PE1, create routing policies. The configuration of ASBR-PE2 is the same as that of ASBR-PE1.

    [*ASBR-PE1] route-policy policy1 permit node 1
    [*ASBR-PE1-route-policy] apply mpls-label
    [*ASBR-PE1-route-policy] quit
    [*ASBR-PE1] route-policy policy2 permit node 1
    [*ASBR-PE1-route-policy] if-match mpls-label
    [*ASBR-PE1-route-policy] apply mpls-label
    [*ASBR-PE1-route-policy] quit
    

    # On ASBR-PE1, apply a routing policy to the routes advertised to PE1 and enable the capability to exchange labeled IPv4 routes with PE1. The configuration of ASBR-PE2 is the same as that of ASBR-PE1.

    [*ASBR-PE1] bgp 100
    [*ASBR-PE1-bgp] peer 1.1.1.9 route-policy policy2 export
    [*ASBR-PE1-bgp] peer 1.1.1.9 label-route-capability
    

    # On ASBR-PE1, apply the other routing policy to the routes advertised to ASBR-PE2 and enable the capability to exchange labeled IPv4 routes with ASBR-PE2. The configuration of ASBR-PE2 is the same as that of ASBR-PE1.

    [*ASBR-PE1-bgp] peer 192.1.1.2 as-number 200
    [*ASBR-PE1-bgp] peer 192.1.1.2 route-policy policy1 export
    [*ASBR-PE1-bgp] peer 192.1.1.2 label-route-capability
    [*ASBR-PE1-bgp] quit
    [*ASBR-PE1] commit
    

  7. Set up an MP-EBGP peer relationship between PE1 and PE2.

    # Configure ASBR-PE1 to advertise the route destined for PE1's loopback interface address to ASBR-PE2, which then advertises the route to PE2. The configuration of ASBR-PE2 is the same as that of ASBR-PE1.

    [~ASBR-PE1] bgp 100
    [~ASBR-PE1-bgp] network 1.1.1.9 32
    [*ASBR-PE1-bgp] quit
    [*ASBR-PE1] commit
    

    # Configure PE1 to set up an MP-EBGP peer relationship with PE2. The configuration of PE2 is the same as that of PE1.

    [~PE1] bgp 100
    [~PE1-bgp] peer 4.4.4.9 as-number 200
    [*PE1-bgp] peer 4.4.4.9 connect-interface LoopBack 1
    [*PE1-bgp] peer 4.4.4.9 ebgp-max-hop 10
    [*PE1-bgp] ipv4-family vpnv4
    [*PE1-bgp-af-vpnv4] peer 4.4.4.9 enable
    [*PE1-bgp-af-vpnv4] quit
    [*PE1-bgp] quit
    [*PE1] commit
    

  8. Verify the configuration.

    After the configuration is complete, CE1 and CE2 can learn routes of each other and can ping each other successfully.

    Take the display on CE1 as an example.

    [~CE1] display ip routing-table
    Proto: Protocol        Pre: Preference
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Table : _public_
             Destinations : 8        Routes : 8
    Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface
           10.1.1.0/24  Direct 0    0             D  10.1.1.1        Vlanif10
           10.1.1.1/32  Direct 0    0             D  127.0.0.1       Vlanif10
         10.1.1.255/32  Direct 0    0             D  127.0.0.1       Vlanif10
           10.2.1.0/24  EBGP   255  0             D  10.1.1.2        Vlanif10
          127.0.0.0/8   Direct 0    0             D  127.0.0.1       InLoopBack0
          127.0.0.1/32  Direct 0    0             D  127.0.0.1       InLoopBack0
    127.255.255.255/32  Direct 0    0             D  127.0.0.1       InLoopBack0
    255.255.255.255/32  Direct 0    0             D  127.0.0.1       InLoopBack0 
    
    
    [~CE1] ping 10.2.1.1
      PING 10.2.1.1: 56  data bytes, press CTRL_C to break
        Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=251 time=119 ms
        Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=251 time=141 ms
        Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=251 time=136 ms
        Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=251 time=113 ms
        Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=251 time=78 ms
      --- 10.2.1.1 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 78/117/141 ms

    The routing table of the ASBR-PE devices does not contain any VPNv4 routes. Run the display bgp routing-table label command on the ASBR-PE devices to check labels of IPv4 routes.

    Take the display on ASBR-PE1 as an example.

    [~ASBR-PE1] display bgp routing-table label
                                                                                    
     BGP Local router ID is 2.2.2.9                                                 
     Status codes: * - valid, > - best, d - damped,                                 
                   h - history,  i - internal, s - suppressed, S - Stale            
                   Origin : i - IGP, e - EGP, ? - incomplete                        
                                                                                    
                                                                                    
     Total Number of Routes: 2                                                      
                                                                                    
                                                                                    
            Network           NextHop           In/Out Label                        
                                                                                    
     *>     1.1.1.9           172.1.1.2         1098/NULL                           
     *>     4.4.4.9           192.1.1.2         1099/1067                           

Configuration Files

  • CE1 configuration file

    #
     sysname CE1
    #
     vlan batch 10
    #
    interface Vlanif10
     ip address 10.1.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    bgp 65001
     peer 10.1.1.2 as-number 100
     #
     ipv4-family unicast
      import-route direct
      peer 10.1.1.2 enable
    #
    return
  • PE1 configuration file

    #
     sysname PE1
    #
    vlan batch 10 11
    #
    ip vpn-instance vpn1
     ipv4-family 
      route-distinguisher 100:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
     mpls lsr-id 1.1.1.9
    #
    mpls
    #
    mpls ldp
    #
    interface Vlanif10
     ip binding vpn-instance vpn1
     ip address 10.1.1.2 255.255.255.0
    #
    interface Vlanif11
     ip address 172.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 11
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    bgp 100
     peer 2.2.2.9 as-number 100
     peer 2.2.2.9 connect-interface LoopBack1
     peer 4.4.4.9 as-number 200
     peer 4.4.4.9 ebgp-max-hop 10
     peer 4.4.4.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 2.2.2.9 enable
      peer 2.2.2.9 label-route-capability
      peer 4.4.4.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 4.4.4.9 enable
     #
     ipv4-family vpn-instance vpn1
      peer 10.1.1.1 as-number 65001
      import-route direct
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
    #
    return
  • ASBR-PE1 configuration file

    #
     sysname ASBR-PE1
    #
    vlan batch 11 12
    #
     mpls lsr-id 2.2.2.9
    #
     mpls
    #
    mpls ldp
    #
    interface Vlanif11
     ip address 172.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif12
     ip address 192.1.1.1 255.255.255.0
     mpls
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 11
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 12
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    bgp 100
     peer 192.1.1.2 as-number 200
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      network 1.1.1.9 255.255.255.255
      peer 192.1.1.2 enable
      peer 192.1.1.2 route-policy policy1 export
      peer 192.1.1.2 label-route-capability
      peer 1.1.1.9 enable
      peer 1.1.1.9 route-policy policy2 export
      peer 1.1.1.9 label-route-capability
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
    #
    route-policy policy1 permit node 1
     apply mpls-label
    route-policy policy2 permit node 1
     if-match mpls-label
     apply mpls-label
    #
    return
  • ASBR-PE2 configuration file

    #
     sysname ASBR-PE2
    #
    vlan batch 12 22
    #
     mpls lsr-id 3.3.3.9
    #
     mpls
    #
    mpls ldp
    #
    interface Vlanif12
     ip address 192.1.1.2 255.255.255.0
     mpls
    #
    interface Vlanif22
     ip address 162.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 22
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 12
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    bgp 200
     peer 192.1.1.1 as-number 100
     peer 4.4.4.9 as-number 200
     peer 4.4.4.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      network 4.4.4.9 255.255.255.255
      peer 192.1.1.1 enable
      peer 192.1.1.1 route-policy policy1 export
      peer 192.1.1.1 label-route-capability
      peer 4.4.4.9 enable
      peer 4.4.4.9 route-policy policy2 export
      peer 4.4.4.9 label-route-capability
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 162.1.1.0 0.0.0.255
    #
    route-policy policy1 permit node 1
     apply mpls-label
    route-policy policy2 permit node 1
     if-match mpls-label
     apply mpls-label
    #
    return
  • PE2 configuration file

    #
     sysname PE2
    #
     vlan batch 10 22
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 200:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
     mpls lsr-id 4.4.4.9
    #
     mpls
    #
    mpls ldp
    #
    interface Vlanif10
     ip binding vpn-instance vpn1
     ip address 10.2.1.2 255.255.255.0
    #
    interface Vlanif22
     ip address 162.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 22
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface LoopBack1
     ip address 4.4.4.9 255.255.255.255
    #
    bgp 200
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 ebgp-max-hop 10
     peer 1.1.1.9 connect-interface LoopBack1
     peer 3.3.3.9 as-number 200
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 1.1.1.9 enable
      peer 3.3.3.9 enable
      peer 3.3.3.9 label-route-capability
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 1.1.1.9 enable
     #
     ipv4-family vpn-instance vpn1
      peer 10.2.1.1 as-number 65002
      import-route direct
    #
    ospf 1
     area 0.0.0.0
      network 4.4.4.9 0.0.0.0
      network 162.1.1.0 0.0.0.255
    #
    return
  • CE2 configuration file

    #
     sysname CE2
    #
     vlan batch 10
    #
    interface Vlanif10
     ip address 10.2.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    bgp 65002
     peer 10.2.1.2 as-number 200
     #
     ipv4-family unicast
      import-route direct
      peer 10.2.1.2 enable
    #
    return
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14234

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next