No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Martini VPLS

Example for Configuring Martini VPLS

Networking Requirements

As shown in Figure 6-16, an enterprise constructs its own backbone network. The enterprise has a few branch sites (only two in this example). Site1 accesses the backbone network through CE1 and PE1, and Site2 accesses the backbone network through CE2 and PE2. Users in Site1 and Site2 need to communicate with each other through Layer 2, and it is required that user information carried in Layer 2 packets remains unchanged when packets are transmitted over the backbone network.

Figure 6-16 Networking for configuring Martini VPLS

Configuration Roadmap

The configuration roadmap is as follows:

  1. Use VPLS to transparently transmit Layer 2 packets on the backbone network to implement Layer 2 communication between Site1 and Site2, and retain user information carried in Layer 2 packets.

  2. Configure Martini VPLS to implement Layer 2 communication between CEs because the enterprise network has a few sites.

  3. Configure IGP on the backbone network to transmit data packets between PEs over the backbone network.

  4. Configure basic MPLS features and LDP on devices on the backbone network because implementation of VPLS relies on basic MPLS features.

  5. Establish tunnels between PEs to transparently transmit data between PEs.

  6. Enable MPLS L2VPN on PEs.

  7. Create VSIs on PEs, configure LDP as the signaling protocol, and bind VSIs to AC interfaces.

Procedure

  1. Add interfaces to VLANs.

    On each Switch, add an interface to a VLAN and assign an IP address to the interface.

    NOTE:

    The AC-side physical interface and PW-side physical interface of a PE cannot be added to the same VLAN; otherwise, a loop occurs.

    # Configure CE1.

    <HUAWEI> system-view
    [~HUAWEI] sysname CE1
    [*HUAWEI] commit
    [~CE1] vlan 10
    [*CE1-vlan10] quit
    [*CE1] interface vlanif 10
    [*CE1-Vlanif10] ip address 192.168.1.5 255.255.255.0
    [*CE1-Vlanif10] quit
    [*CE1] interface 10ge 1/0/1
    [*CE1-10GE1/0/1] port link-type trunk
    [*CE1-10GE1/0/1] port trunk allow-pass vlan 10
    [*CE1-10GE1/0/1] quit
    [*CE1] commit

    Perform similar configurations on the other devices based on Figure 6-16, and the detailed configurations are not mentioned here.

  2. Configure an Interior Gateway Protocol (IGP). In this example, Open Shortest Path First (OSPF) is used.

    When configuring OSPF, advertise the 32-bit loopback interface addresses (LSR IDs) of PE1, P, and PE2.

    Configure OSPF on PE1, P, and PE2.

    # Configure PE1.

    [~PE1] interface loopback 1
    [*PE1-LoopBack1] ip address 1.1.1.9 255.255.255.255
    [*PE1-LoopBack1] quit
    [*PE1] ospf 1
    [*PE1-ospf-1] area 0.0.0.0
    [*PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [*PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
    [*PE1-ospf-1-area-0.0.0.0] quit
    [*PE1-ospf-1] quit
    [*PE1] commit
    

    The configurations on the P and PE2 are similar to that on PE1 and are not mentioned here.

    After the configuration is complete, run the display ip routing-table command on PE1, P, and PE2. The command output shows the routes that the devices have learned from each other.

  3. Configure basic MPLS functions and LDP.

    Configure basic MPLS functions and LDP on PE1, P, and PE2.

    # Configure PE1.

    [~PE1] mpls lsr-id 1.1.1.9
    [*PE1] mpls
    [*PE1-mpls] quit
    [*PE1] mpls ldp
    [*PE1-mpls-ldp] quit
    [*PE1] interface vlanif 20
    [*PE1-Vlanif20] mpls
    [*PE1-Vlanif20] mpls ldp
    [*PE1-Vlanif20] quit
    [*PE1] commit

    The configurations on the P and PE2 are similar to that on PE1 and are not mentioned here.

    After the configuration is complete, run the display mpls ldp session command on PE1, P and PE2. The command output shows that the peer relationship is set up between PE1 and P, and between P and PE2. The status of the peer relationship is Operational, which indicates that the peer relationship has been established.. Run the display mpls lsp command. The command output shows the LSP status.

  4. Set up remote LDP sessions between PEs.

    # Configure PE1.

    [~PE1] mpls ldp remote-peer 3.3.3.9
    [*PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
    [*PE1-mpls-ldp-remote-3.3.3.9] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] mpls ldp remote-peer 1.1.1.9
    [*PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
    [*PE2-mpls-ldp-remote-1.1.1.9] quit
    [*PE2] commit

    After the configuration is complete, run the display mpls ldp session command on PE1 or PE2. The command output shows that Status of the peer relationship between PE1 and PE2 is Operational, which indicates that the remote peer relationship has been established.

  5. Enable MPLS L2VPN on each PE.

    # Configure PE1.

    [~PE1] mpls l2vpn
    [*PE1-l2vpn] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] mpls l2vpn
    [*PE2-l2vpn] quit
    [*PE2] commit

  6. Configure LDP as the PW signaling protocol on each PE.

    # Configure PE1.

    [~PE1] vsi a2 static
    [*PE1-vsi-a2] pwsignal ldp
    [*PE1-vsi-a2-ldp] vsi-id 2
    [*PE1-vsi-a2-ldp] peer 3.3.3.9
    [*PE1-vsi-a2-ldp] quit
    [*PE1-vsi-a2] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] vsi a2 static
    [*PE2-vsi-a2] pwsignal ldp
    [*PE2-vsi-a2-ldp] vsi-id 2
    [*PE2-vsi-a2-ldp] peer 1.1.1.9
    [*PE2-vsi-a2-ldp] quit
    [*PE2-vsi-a2] quit
    [*PE2] commit

  7. Bind the VSI to PE interfaces.

    # Configure PE1.

    [~PE1] interface vlanif 10
    [*PE1-Vlanif10] l2 binding vsi a2
    [*PE1-Vlanif10] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] interface vlanif 40
    [*PE2-Vlanif40] l2 binding vsi a2
    [*PE2-Vlanif40] quit
    [*PE2] commit

  8. Verify the configuration.

    After the configurations are complete, run the display vsi name a2 verbose command on PE1. The command output shows that the VSI named a2 establishes a PW to PE2, and the status of the VSI is Up.

    [~PE1] display vsi name a2 verbose
                                                                                    
     ***VSI Name               : a2                                                 
        Administrator VSI      : no                                                 
        Isolate Spoken         : disable                                            
        VSI Index              : 1                                                  
        PW Signaling           : ldp                                                
        Member Discovery Style : static                                             
        Bridge-domain Mode     : disable
        PW MAC Learn Style     : unqualify                                          
        Encapsulation Type     : vlan                                               
        MTU                    : 1500                                               
        Ignore AcState         : disable                                            
        P2P VSI                : disable                                            
        Create Time            : 0 days, 0 hours, 41 minutes, 45 seconds            
        VSI State              : up                                                 
        Resource Status        : --                                                 
                                                                                    
        VSI ID                 : 2                                                  
       *Peer Router ID         : 3.3.3.9                                            
        primary or secondary   : primary                                            
        ignore-standby-state   : no                                                 
        VC Label               : 16                                                 
        Peer Type              : dynamic                                            
        Session                : up                                                 
        Tunnel ID              : 0x0000000001004c4b61                               
        Broadcast Tunnel ID    : --                                                 
        Broad BackupTunnel ID  : --                                                 
        CKey                   : 1                                                  
        NKey                   : 1811939627                                         
        Stp Enable             : 0                                                  
        PwIndex                : 1                                                  
                                                                                    
        Interface Name         : Vlanif10                                           
        State                  : up                                                 
        Access Port            : false                                              
        Last Up Time           : 2013/09/02 11:12:42                                
        Total Up Time          : 0 days, 0 hours, 41 minutes, 45 seconds            
                                                                                    
      **PW Information:                                                             
                                                                                    
       *Peer Ip Address        : 3.3.3.9                                            
        PW State               : up                                                 
        Local VC Label         : 16                                                 
        Remote VC Label        : 21                                                 
        PW Type                : label                                              
        Tunnel ID              : 0x0000000001004c4b61                               
        Broadcast Tunnel ID    : --                                                 
        Broad BackupTunnel ID  : --                                                 
        Ckey                   : 1                                                  
        Nkey                   : 1811939627                                         
        Main PW Token          : 0x0                                                
        Slave PW Token         : 0x0                                                
        Tnl Type               : ldp                                                
        OutInterface           :                                                    
        Backup OutInterface    : --                                                 
        Stp Enable             : 0                                                  
        Mac Flapping           : 0                                                  
        PW Last Up Time        : 2013/09/02 11:39:32                                
        PW Total Up Time       : 0 days, 0 hours, 14 minutes, 55 seconds      

    CE1 (192.168.1.5) can ping CE2 (192.168.1.6) successfully.

    [~CE1] ping 192.168.1.6
      PING 192.168.1.6: 56  data bytes, press CTRL_C to break                          
        Reply from 192.168.1.6: bytes=56 Sequence=1 ttl=255 time=1 ms                  
        Reply from 192.168.1.6: bytes=56 Sequence=2 ttl=255 time=1 ms                  
        Reply from 192.168.1.6: bytes=56 Sequence=3 ttl=255 time=1 ms                  
        Reply from 192.168.1.6: bytes=56 Sequence=4 ttl=255 time=1 ms                  
        Reply from 192.168.1.6: bytes=56 Sequence=5 ttl=255 time=1 ms                  
                                                                                    
      --- 192.168.1.6 ping statistics ---                                              
        5 packet(s) transmitted                                                     
        5 packet(s) received                                                        
        0.00% packet loss                                                           
        round-trip min/avg/max = 1/1/1 ms                                           

Configuration Files

  • Configuration file of CE1

    #
    sysname CE1
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 192.168.1.5 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    return
  • Configuration file of CE2

    #
    sysname CE2
    #
    vlan batch 40
    #
    interface Vlanif40
     ip address 192.168.1.6 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    return
  • Configuration file of PE1

    #
    sysname PE1
    #
    vlan batch 10 20
    #
    mpls lsr-id 1.1.1.9
    #
    mpls
    #
    mpls l2vpn
    #
    vsi a2 static 
     pwsignal ldp 
      vsi-id 2    
      peer 3.3.3.9
    # 
    mpls ldp
     #
     ipv4-family
    #
    mpls ldp remote-peer 3.3.3.9
     remote-ip 3.3.3.9
    #
    interface Vlanif10
     l2 binding vsi a2
    #
    interface Vlanif20
     ip address 172.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
    #
    return
  • Configuration file of P

    #
    sysname P
    #
    vlan batch 20 30
    #
    mpls lsr-id 2.2.2.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif20
     ip address 172.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif30
     ip address 172.2.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
      network 172.2.1.0 0.0.0.255
    #
    return
  • Configuration file of PE2

    #
    sysname PE2
    #
    vlan batch 30 40
    #
    mpls lsr-id 3.3.3.9
    #
    mpls
    #
    mpls l2vpn
    #
    vsi a2 static
     pwsignal ldp
      vsi-id 2
      peer 1.1.1.9
    #
    mpls ldp
     #
     ipv4-family
    #
    mpls ldp remote-peer 1.1.1.9
     remote-ip 1.1.1.9
    #
    interface Vlanif30
     ip address 172.2.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif40
     l2 binding vsi a2
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 172.2.1.0 0.0.0.255
    #
    return
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14570

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next