No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Creating a GRE Tunnel to Transmit VPLS Services

Example for Creating a GRE Tunnel to Transmit VPLS Services

Networking Requirements

As shown in Figure 6-19, an enterprise establishes its own backbone network. There are a few branch sites (only two sites are mentioned in the example and others are omitted), Site1 uses CE1 to connect PE1 to the backbone network, and Site2 uses CE2 to connect PE2 to the backbone network. The user in Site1 and Site2 requests for Layer 2 service communication and also requires that user information in Layer 2 packets be reserved when the packets pass through the backbone network.

The carrier network provides the L2VPN service for users. Many users connect to the network through PE1 and PE2, and users on the PEs change frequently. A proper VPN solution is required to provide secure VPN services for users and to simplify configuration when new users connect to the network.

A Martini VPLS connection can be set up between CE1 and CE2 to meet these requirements. By default, the tunnel type selected for the Martini VPLS is LSP. When the MPLS function is not supported on P devices, the VPLS function cannot be implemented.

To solve the preceding problems, apply a tunnel policy to the Martini VPLS so that the VPLS service is transmitted over on the GRE tunnel.

Figure 6-19 Networking diagram for creating a GRE tunnel to transmit VPLS services

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure routing protocols on the PE and P devices on the backbone network to implement communication between them.

  2. Enable the MPLS and MPLS LDP functions on PEs. Set up a remote LDP session between the PEs to exchange VC labels between the PEs.

  3. Create GRE tunnel interfaces on the PEs to establish GRE tunnels between the PEs.

  4. Enable MPLS L2VPN on the PEs, which is the prerequisite for configuring VPLS.

  5. Create VSIs on the PEs. The P devices do not support the MPLS function; therefore, the tunnel policy needs to be configured and applied to the VSI so that the VPLS is transmitted over the GRE tunnel.

Procedure

  1. Configure the VLAN that each interface belongs to.

    Configure the VLAN that each interface belongs to and the interface IP addresses on each Switch.

    NOTE:

    The AC-side physical interface and PW-side physical interface of a PE cannot be added to the same VLAN; otherwise, a loop occurs.

    # Configure CE1.

    <HUAWEI> system-view
    [~HUAWEI] sysname CE1
    [*HUAWEI] commit
    [~CE1] vlan 10
    [*CE1-vlan10] quit
    [*CE1] interface vlanif 10
    [*CE1-Vlanif10] ip address 192.168.1.5 255.255.255.0
    [*CE1-Vlanif10] quit
    [*CE1] interface 10ge 1/0/1
    [*CE1-10GE1/0/1] port link-type trunk
    [*CE1-10GE1/0/1] port trunk allow-pass vlan 10
    [*CE1-10GE1/0/1] quit
    [*CE1] commit

    Configure the VLAN that each interface belongs to and the interface IP addresses for other devices according to Figure 6-19. The configuration procedure is similar to that on CE1 and not mentioned here.

  2. Configure an IGP. In this example, OSPF is adopted.

    When configuring OSPF, advertise the 32-bit loopback interface addresses (LSR IDs) of PE1 and PE2.

    Configure OSPF on PE1, the P device, and PE2.

    # Configure PE1.

    [~PE1] interface loopback 1
    [*PE1-LoopBack1] ip address 1.1.1.9 255.255.255.255
    [*PE1-LoopBack1] quit
    [*PE1] ospf 1
    [*PE1-ospf-1] area 0.0.0.0
    [*PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [*PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
    [*PE1-ospf-1-area-0.0.0.0] quit
    [*PE1-ospf-1] quit
    [*PE1] commit
    

    Configure OSPF on the P device and PE2. The configuration procedure is similar to that on PE1 and not mentioned here.

    After the configuration is complete, run the display ip routing-table command on PEs and the P device. You can view the routes that the devices have learned from each other.

  3. Configure basic MPLS functions and LDP on PEs device.

    Configure basic MPLS functions and LDP on PE1 and PE2.

    # Configure PE1.

    [~PE1] mpls lsr-id 1.1.1.9
    [*PE1] mpls
    [*PE1-mpls] quit
    [*PE1] mpls ldp
    [*PE1-mpls-ldp] quit
    [*PE1] commit

    Configure basic MPLS functions and LDP on PE2. The configuration procedure is similar to that on PE1 and not mentioned here.

  4. Set up remote LDP sessions between PEs.

    # Configure PE1.

    [~PE1] mpls ldp remote-peer 3.3.3.9
    [*PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
    [*PE1-mpls-ldp-remote-3.3.3.9] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] mpls ldp remote-peer 1.1.1.9
    [*PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
    [*PE2-mpls-ldp-remote-1.1.1.9] quit
    [*PE2] commit

    After the configuration is complete, run the display mpls ldp session command on PE1 or PE2. The command output shows that Status of the peer relationship between PE1 and PE2 is Operational, which indicates that the peer relationship has been established.

  5. Configure the tunnel mode.

    NOTE:

    This command takes effect only after the configuration is saved and device restarts. You can choose to restart the device immediately or after all configurations are complete.

    # Configure PE1.

    [~PE1] ip tunnel mode gre
    [*PE1] commit

    # Configure PE2.

    [~PE2] ip tunnel mode gre
    [*PE2] commit

  6. Create GRE tunnel interfaces on the PEs to establish GRE tunnels between the PEs.

    # Configure PE1.

    [~PE1] interface tunnel 1
    [*PE1-Tunnel1] ip address 40.1.1.1 255.255.255.0 
    [*PE1-Tunnel1] tunnel-protocol gre
    [*PE1-Tunnel1] source 1.1.1.9
    [*PE1-Tunnel1] destination 3.3.3.9
    [*PE1-Tunnel1] quit

    # Configure PE2.

    [~PE2] interface tunnel 1
    [*PE2-Tunnel1] ip address 40.1.1.2 255.255.255.0 
    [*PE2-Tunnel1] tunnel-protocol gre
    [*PE2-Tunnel1] source 3.3.3.9
    [*PE2-Tunnel1] destination 1.1.1.9
    [*PE2-Tunnel1] quit

    After the configuration is complete, the tunnel interfaces turn Up and can ping each other. This indicates that a direct tunnel has been set up.

  7. Configure a tunnel policy.

    # Configure PE1.

    [*PE1] tunnel-policy gre1
    [*PE1-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1
    [*PE1-tunnel-policy-gre1] quit
    

    # Configure PE2.

    [*PE2] tunnel-policy gre1
    [*PE2-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1
    [*PE2-tunnel-policy-gre1] quit
    

  8. Enable MPLS L2VPN on PEs

    # Configure PE1.

    [*PE1] mpls l2vpn
    [*PE1-l2vpn] quit
    [*PE1] commit

    # Configure PE2.

    [*PE2] mpls l2vpn
    [*PE2-l2vpn] quit
    [*PE2] commit

  9. Configure the Martini VPLS on PEs.

    NOTE:

    When you create a VSI peer using the peer command, the IPv4 address specified for the peer must be the destination address of the GRE tunnel.

    # Configure PE1.

    [~PE1] vsi a2 static
    [*PE1-vsi-a2] tnl-policy gre1 
    [*PE1-vsi-a2] pwsignal ldp
    [*PE1-vsi-a2-ldp] vsi-id 2
    [*PE1-vsi-a2-ldp] peer 3.3.3.9
    [*PE1-vsi-a2-ldp] quit
    [*PE1-vsi-a2] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] vsi a2 static
    [*PE2-vsi-a2] tnl-policy gre1 
    [*PE2-vsi-a2] pwsignal ldp
    [*PE2-vsi-a2-ldp] vsi-id 2
    [*PE2-vsi-a2-ldp] peer 1.1.1.9
    [*PE2-vsi-a2-ldp] quit
    [*PE2-vsi-a2] quit
    [*PE2] commit

  10. Bind the VSI to the interfaces of the PEs.

    # Configure PE1.

    [~PE1] interface vlanif 10
    [*PE1-Vlanif10] l2 binding vsi a2
    [*PE1-Vlanif10] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] interface vlanif 40
    [*PE2-Vlanif40] l2 binding vsi a2
    [*PE2-Vlanif40] quit
    [*PE2] commit

  11. Verify the configuration.

    After the configuration, run the display vpls vsi name a2 verbose command on PE1, and you can find that VSI a2 sets up a PW to PE2, and the status of the VSI is Up.

    [~PE1] display vpls vsi name a2 verbose
    
     ***VSI Name               : a2
        Administrator VSI      : no
        Isolate Spoken         : disable
        VSI Index              : 1
        PW Signaling           : ldp
        Member Discovery Style : static
        Bridge-domain Mode     : disable
        PW MAC Learn Style     : unqualify
        Encapsulation Type     : vlan
        MTU                    : 1500
        Tunnel Policy Name     : gre1
        Ignore AcState         : disable
        P2P VSI                : disable
        Create Time            : 0 days, 4 hours, 42 minutes, 34 seconds
        VSI State              : up
        Resource Status        : --
    
        VSI ID                 : 2
       *Peer Router ID         : 3.3.3.9
        primary or secondary   : primary
        ignore-standby-state   : no
        VC Label               : 16
        Peer Type              : dynamic
        Session                : up
        Tunnel ID              : 0x00000000050000006b
        Broadcast Tunnel ID    : --
        Broad BackupTunnel ID  : --
        Tunnel Policy Name     : gre1
        CKey                   : 2
        NKey                   : 2986344826
        Stp Enable             : 0
        PwIndex                : 1
    
        Interface Name         : Vlanif10
        State                  : up
        Access Port            : false
        Last Up Time           : 2013/09/18 13:54:27
        Total Up Time          : 0 days, 4 hours, 2 minutes, 10 seconds
    
      **PW Information:
    
       *Peer Ip Address        : 3.3.3.9
        PW State               : up
        Local VC Label         : 16
        Remote VC Label        : 16
        PW Type                : label
        Tunnel ID              : 0x00000000050000006b
        Broadcast Tunnel ID    : --
        Broad BackupTunnel ID  : --
        Ckey                   : 2
        Nkey                   : 2986344826
        Main PW Token          : 0x0
        Slave PW Token         : 0x0
        Tnl Type               : gre
        OutInterface           :
        Backup OutInterface    : --
        Stp Enable             : 0
        Mac Flapping           : 0
        PW Last Up Time        : 2013/09/18 15:33:51
        PW Total Up Time       : 0 days, 0 hours, 9 minutes, 46 seconds    

    CE1 (192.168.1.5) can ping CE2 (192.168.1.6) successfully.

    [~CE1] ping 192.168.1.6
      PING 192.168.1.6: 56  data bytes, press CTRL_C to break
        Reply from 192.168.1.6: bytes=56 Sequence=1 ttl=255 time=1 ms
        Reply from 192.168.1.6: bytes=56 Sequence=2 ttl=255 time=1 ms
        Reply from 192.168.1.6: bytes=56 Sequence=3 ttl=255 time=1 ms
        Reply from 192.168.1.6: bytes=56 Sequence=4 ttl=255 time=1 ms
        Reply from 192.168.1.6: bytes=56 Sequence=5 ttl=255 time=1 ms
    
      --- 192.168.1.6 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 1/1/1 ms                                           

Configuration Files

  • Configuration file of CE1

    #
    sysname CE1
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 192.168.1.5 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    return
  • Configuration file of CE2

    #
    sysname CE2
    #
    vlan batch 40
    #
    interface Vlanif40
     ip address 192.168.1.6 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    return
  • Configuration file of PE1

    #
    sysname PE1
    #
    vlan batch 10 100
    #
    ip tunnel mode gre
    #
    mpls lsr-id 1.1.1.9
    #
    mpls
    #
    mpls l2vpn
    #
    vsi a2 static
     pwsignal ldp
      vsi-id 2
      peer 3.3.3.9
     tnl-policy gre1
    #
    mpls ldp
     #
     ipv4-family
    #
    mpls ldp remote-peer 3.3.3.9
     remote-ip 3.3.3.9
    #
    interface Vlanif10
     l2 binding vsi a2
    #
    interface Vlanif100
     ip address 172.1.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 100
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    interface Tunnel1
     ip address 40.1.1.1 255.255.255.0
     tunnel-protocol gre
     source 1.1.1.9
     destination 3.3.3.9
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
    #
    tunnel-policy gre1
     tunnel select-seq gre load-balance-number 1
    #
    return
  • Configuration file of the P device

    #
    sysname P
    #
    vlan batch 100 200
    #
    interface Vlanif100
     ip address 172.1.1.2 255.255.255.0
    #
    interface Vlanif200
     ip address 172.2.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 100
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 200
    #
    ospf 1
     area 0.0.0.0
      network 172.1.1.0 0.0.0.255
      network 172.2.1.0 0.0.0.255
    #
    return
  • Configuration file of PE2

    #
    sysname PE2
    #
    vlan batch 200 40
    #
    ip tunnel mode gre
    #
    mpls lsr-id 3.3.3.9
    #
    mpls
    #
    mpls l2vpn
    #
    vsi a2 static
     pwsignal ldp
      vsi-id 2
      peer 1.1.1.9
     tnl-policy gre1
    #
    mpls ldp
     #
     ipv4-family
    #
    mpls ldp remote-peer 1.1.1.9
     remote-ip 1.1.1.9
    #
    interface Vlanif200
     ip address 172.2.1.2 255.255.255.0
    #
    interface Vlanif40
     l2 binding vsi a2
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 200
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    interface Tunnel1
     ip address 40.1.1.2 255.255.255.0
     tunnel-protocol gre
     source 3.3.3.9
     destination 1.1.1.9
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 172.2.1.0 0.0.0.255
    #
    tunnel-policy gre1
     tunnel select-seq gre load-balance-number 1
    #
    return
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 16381

Downloads: 26

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next