No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring VPN FRR

Example for Configuring VPN FRR

Networking Requirements

As shown in Figure 2-52, CE dual-homing networking is deployed to improve reliability of VPN data transmission. Link_A is the primary link, and Link_B is the secondary link. The customer wants to transmit VPN services through the primary link and requires that VPN traffic can quickly move to the secondary link when the primary link fails.

Figure 2-52 VPN FRR networking

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure OSPF on PE1, PE2, and PE3 to implement interworking on the backbone network.

  2. Enable basic MPLS capabilities and MPLS LDP on the MPLS backbone network to set up LDP LSPs.

  3. Configure a VPN instance on PE1, PE2, and PE3. On PE2 and PE3, bind the VPN instance to the interfaces connected to CE1.

  4. Set up EBGP peer relationships between PE2 and CE1 and between PE3 and CE1. Set up MP-IBGP peer relationships between the PE devices.

  5. On PE1, configure a routing policy for VPN FRR, configure the backup next hop, and enable VPN FRR. When VPN FRR is not required, run the undo vpn frr command to disable this function.

  6. Configure the backup next hop on PE1 to make PE3 a backup of PE2. When a fault occurs on PE2, traffic can be quickly switched to PE3.

Procedure

  1. Configure VLANs on interfaces and assign IP addresses to the VLANIF interfaces and loopback interfaces according to Figure 2-52.

    # Configure PE1.

    <HUAWEI> system-view
    [~HUAWEI] sysname PE1
    [*HUAWEI] commit
    [~PE1] interface loopback 1
    [*PE1-LoopBack1] ip address 1.1.1.1 32
    [*PE1-LoopBack1] quit
    [*PE1] vlan batch 10 30
    [*PE1] interface 10ge 2/0/2
    [*PE1-10GE2/0/2] port link-type trunk
    [*PE1-10GE2/0/2] port trunk allow-pass vlan 10
    [*PE1-10GE2/0/2] quit
    [*PE1] interface 10ge 3/0/3
    [*PE1-10GE3/0/3] port link-type trunk
    [*PE1-10GE3/0/3] port trunk allow-pass vlan 30 
    [*PE1-10GE3/0/3] quit
    [*PE1] interface vlanif 10
    [*PE1-Vlanif10] ip address 100.1.1.1 30
    [*PE1-Vlanif10] quit
    [*PE1] interface vlanif 30
    [*PE1-Vlanif30] ip address 100.2.1.1 30
    [*PE1-Vlanif30] quit
    [*PE1] commit
    

    The configurations of PE2, PE3, and CE1 are the same as that of PE1.

  2. Configure OSPF on the MPLS backbone network for IP connectivity between the PE devices.

    # Configure PE1.

    [~PE1] ospf
    [*PE1-ospf-1] area 0
    [*PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3
    [*PE1-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.3
    [*PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
    [*PE1-ospf-1-area-0.0.0.0] quit
    [*PE1-ospf-1] quit
    [*PE1] commit
    

    The configurations of PE2 and PE3 are the same as that of PE1.

  3. Enable basic MPLS capabilities and MPLS LDP on the PE devices to set LDP LSPs over the MPLS backbone network.

    # Configure PE1.

    [~PE1] mpls lsr-id 1.1.1.1
    [*PE1] mpls
    [*PE1-mpls] quit
    [*PE1] mpls ldp
    [*PE1-mpls-ldp] quit
    [*PE1] interface vlanif 10
    [*PE1-Vlanif10] mpls
    [*PE1-Vlanif10] mpls ldp
    [*PE1-Vlanif10] quit
    [*PE1] interface vlanif 30
    [*PE1-Vlanif30] mpls
    [*PE1-Vlanif30] mpls ldp
    [*PE1-Vlanif30] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] mpls lsr-id 2.2.2.2
    [*PE2] mpls
    [*PE2-mpls] quit
    [*PE2] mpls ldp
    [*PE2-mpls-ldp] quit
    [*PE2] interface vlanif 10
    [*PE2-Vlanif10] mpls
    [*PE2-Vlanif10] mpls ldp
    [*PE2-Vlanif10] quit
    [*PE2] commit

    # Configure PE3.

    [~PE3] mpls lsr-id 3.3.3.3
    [*PE3] mpls
    [*PE3-mpls] quit
    [*PE3] mpls ldp
    [*PE3-mpls-ldp] quit
    [*PE3] interface vlanif 30
    [*PE3-Vlanif30] mpls
    [*PE3-Vlanif30] mpls ldp
    [*PE3-Vlanif30] quit
    [*PE3] commit

    Run the display mpls lsp command on the PE devices, and you can see that LSPs are established between PE1 and PE2 and between PE1 and PE3.

  4. Configure a VPN instance on PE1, PE2, and PE3. On PE2 and PE3, bind the VPN instance to the interfaces connected to CE1.

    # Configure PE1.

    [~PE1] ip vpn-instance vpn1
    [*PE1-vpn-instance-vpn1] ipv4-family
    [*PE1-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1
    [*PE1-vpn-instance-vpn1-af-ipv4] vpn-target 111:1
    [*PE1-vpn-instance-vpn1-af-ipv4] quit
    [*PE1-vpn-instance-vpn1] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] ip vpn-instance vpn1
    [*PE2-vpn-instance-vpn1] ipv4-family
    [*PE2-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:2
    [*PE2-vpn-instance-vpn1-af-ipv4] vpn-target 111:1
    [*PE2-vpn-instance-vpn1-af-ipv4] quit
    [*PE2-vpn-instance-vpn1] quit
    [*PE2] interface vlanif 20
    [*PE2-Vlanif20] ip binding vpn-instance vpn1
    [*PE2-Vlanif20] ip address 10.1.1.2 30
    [*PE2-Vlanif20] quit
    [*PE2] commit

    # Configure PE3.

    [~PE3] ip vpn-instance vpn1
    [*PE3-vpn-instance-vpn1] ipv4-family
    [*PE3-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:3
    [*PE3-vpn-instance-vpn1-af-ipv4] vpn-target 111:1
    [*PE3-vpn-instance-vpn1-af-ipv4] quit
    [*PE3-vpn-instance-vpn1] quit
    [*PE3] interface vlanif 40
    [*PE3-Vlanif40] ip binding vpn-instance vpn1
    [*PE3-Vlanif40] ip address 10.2.1.2 30
    [*PE3-Vlanif40] quit
    [*PE3] commit

  5. Configure PE1 to import direct VPN routes, and set up EBGP peer relationships between PE2 and CE1 and between PE3 and CE1 to import VPN routes.

    # Configure PE1.

    [~PE1] bgp 100
    [*PE1-bgp] ipv4-family vpn-instance vpn1
    [*PE1-bgp-vpn1] import-route direct
    [*PE1-bgp-vpn1] commit
    [~PE1-bgp-vpn1] quit
    [~PE1-bgp] quit

    # Configure PE2.

    [~PE2] bgp 100
    [*PE2-bgp] ipv4-family vpn-instance vpn1
    [*PE2-bgp-vpn1] peer 10.1.1.1 as-number 65410
    [*PE2-bgp-vpn1] import-route direct
    [*PE2-bgp-vpn1] commit
    [~PE2-bgp-vpn1] quit
    [~PE2-bgp] quit

    # Configure PE3.

    [~PE3] bgp 100
    [*PE3-bgp] ipv4-family vpn-instance vpn1
    [*PE3-bgp-vpn1] peer 10.2.1.1 as-number 65410
    [*PE3-bgp-vpn1] import-route direct
    [*PE3-bgp-vpn1] commit
    [~PE3-bgp-vpn1] quit
    [~PE3-bgp] quit

    # Configure CE1.

    [~CE1] bgp 65410
    [*CE1-bgp] peer 10.1.1.2 as-number 100
    [*CE1-bgp] peer 10.2.1.2 as-number 100
    [*CE1-bgp] import-route direct
    [*CE1-bgp] network 10.3.1.0 24
    [*CE1-bgp] commit
    [~CE1-bgp] quit

    After the configuration is complete, run the display bgp vpnv4 all peer command on PE2 and PE3, and you can see that they have set up EBGP peer relationships with CE1. The peer relationships are in Established state.

  6. Set up MP-IBGP peer relationships between the PE devices.

    # Configure PE1.

    [~PE1] bgp 100
    [~PE1-bgp] peer 2.2.2.2 as-number 100
    [*PE1-bgp] peer 2.2.2.2 connect-interface loopback 1
    [*PE1-bgp] peer 3.3.3.3 as-number 100
    [*PE1-bgp] peer 3.3.3.3 connect-interface loopback 1
    [*PE1-bgp] ipv4-family vpnv4
    [*PE1-bgp-af-vpnv4] peer 2.2.2.2 enable
    [*PE1-bgp-af-vpnv4] peer 3.3.3.3 enable
    [*PE1-bgp-af-vpnv4] quit
    [*PE1-bgp] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] bgp 100
    [~PE2-bgp] peer 1.1.1.1 as-number 100
    [*PE2-bgp] peer 1.1.1.1 connect-interface loopback 1
    [*PE2-bgp] ipv4-family vpnv4
    [*PE2-bgp-af-vpnv4] peer 1.1.1.1 enable
    [*PE2-bgp-af-vpnv4] quit
    [*PE2-bgp] quit
    [*PE2] commit

    # Configure PE3.

    [~PE3] bgp 100
    [~PE3-bgp] peer 1.1.1.1 as-number 100
    [*PE3-bgp] peer 1.1.1.1 connect-interface loopback 1
    [*PE3-bgp] ipv4-family vpnv4
    [*PE3-bgp-af-vpnv4] peer 1.1.1.1 enable
    [*PE3-bgp-af-vpnv4] quit
    [*PE3-bgp] quit
    [*PE3] commit

    After the configuration is complete, run the display bgp vpnv4 all peer command on the PE devices. You can see that MP-IBGP peer relationships have been set up between the PE devices and are in Established state.

    Take the display on PE1 as an example:

    [~PE1] display bgp vpnv4 all peer
    
     BGP local router ID : 1.1.1.1
     Local AS number : 100
     Total number of peers : 2                 Peers in established state : 2
    
    Peer            V    AS  MsgRcvd  MsgSent    OutQ  Up/Down       State PrefRcv
    
    2.2.2.2         4   100       20       17       0 00:13:26 Established       5
    3.3.3.3         4   100       24       19       0 00:17:18 Established       5

  7. Enable VPN FRR.

    [~PE1] bgp 100
    [~PE1-bgp] ipv4-family vpn-instance vpn1
    [~PE1-bgp-vpn1] auto-frr
    [*PE1-bgp-vpn1] quit
    [*PE1-bgp] quit
    [*PE1] commit

    # Check the backup next hop, backup label, and backup tunnel ID.

    [~PE1]  display ip routing-table vpn-instance vpn1 10.3.1.0 verbose
    Proto: Protocol        Pre: Preference
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------  
    Routing Table : vpn1                                                            
    Summary Count : 1                                                               
                                                                                    
    Destination: 10.3.1.0/24                                                        
         Protocol: IBGP            Process ID: 0                                    
       Preference: 255                   Cost: 0                                    
          NextHop: 2.2.2.2          Neighbour: 0.0.0.0                              
            State: Active Adv Relied      Age: 00h08m32s                            
              Tag: 0                 Priority: low                                  
            Label: 18                 QoSInfo: 0x0                                  
       IndirectID: 0x78000341                                                       
     RelayNextHop: 0.0.0.0          Interface: LDP LSP                              
         TunnelID: 0x0000000001004c62c2 Flags: RD                                   
        BkNextHop: 0.0.0.0        BkInterface: LDP LSP                              
          BkLabel: 66             SecTunnelID: 0x0                                  
     BkPETunnelID: 0x0000000001004c62c3 BkPESecTunnelID: 0x0                        
     BkIndirectID: 0x7800033F   

Configuration Files

  • PE1 configuration file

    #
    sysname PE1
    #
    vlan batch 10 30
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 100:1
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
    mpls lsr-id 1.1.1.1
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif10
     ip address 100.1.1.1 255.255.255.252
     mpls 
     mpls ldp
    #
    interface Vlanif30
     ip address 100.2.1.1 255.255.255.252
     mpls
     mpls ldp
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE3/0/3
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface LoopBack1
     ip address 1.1.1.1 255.255.255.255
    #
    bgp 100
     peer 2.2.2.2 as-number 100
     peer 2.2.2.2 connect-interface LoopBack1
     peer 3.3.3.3 as-number 100
     peer 3.3.3.3 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 2.2.2.2 enable
      peer 3.3.3.3 enable
    #
     ipv4-family vpnv4
      policy vpn-target
      peer 2.2.2.2 enable
      peer 3.3.3.3 enable
    #
     ipv4-family vpn-instance vpn1
      import-route direct
      auto-frr
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.1 0.0.0.0
      network 100.1.1.0 0.0.0.3
      network 100.2.1.0 0.0.0.3
    #
    return
  • PE2 configuration file

    #
    sysname PE2
    #
    vlan batch 10 20
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 100:2
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
    mpls lsr-id 2.2.2.2
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface vlanif 10
     ip address 100.1.1.2 255.255.255.252
     mpls
     mpls ldp
    #
    interface vlanif 20
     ip binding vpn-instance vpn1
     ip address 10.1.1.2 255.255.255.252
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface LoopBack1
     ip address 2.2.2.2 255.255.255.255
    #
    bgp 100
     peer 1.1.1.1 as-number 100
     peer 1.1.1.1 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 1.1.1.1 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 1.1.1.1 enable
     #
     ipv4-family vpn-instance vpn1
      import-route direct
      peer 10.1.1.1 as-number 65410
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.2 0.0.0.0
      network 100.1.1.0 0.0.0.3
    #
    return
  • PE3 configuration file

    #
    sysname PE3
    #
    vlan batch 30 40
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 100:3
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
    mpls lsr-id 3.3.3.3
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif 30
     ip address 100.2.1.2 255.255.255.252
     mpls
     mpls ldp
    #
    interface Vlanif 40
     ip binding vpn-instance vpn1
     ip address 10.2.1.2 255.255.255.252
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack1
     ip address 3.3.3.3 255.255.255.255
    #
    bgp 100
     peer 1.1.1.1 as-number 100 
     peer 1.1.1.1 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 1.1.1.1 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 1.1.1.1 enable
     #
     ipv4-family vpn-instance vpn1
      import-route direct
      peer 10.2.1.1 as-number 65410
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.3 0.0.0.0
      network 100.2.1.0 0.0.0.3
    #
    Return
  • CE1 configuration file

    #
    sysname CE1
    #
    vlan batch 20 40 50
    #
    interface Vlanif20
     ip address 10.1.1.1 255.255.255.252
    #
    interface Vlanif40
     ip address 10.2.1.1 255.255.255.252
    #
    interface Vlanif50
     ip address 10.3.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface 10GE3/0/3
     port link-type trunk
     port trunk allow-pass vlan 50
    #
    bgp 65410
     peer 10.1.1.2 as-number 100
     peer 10.2.1.2 as-number 100
     #
     ipv4-family unicast
      network 10.3.1.0 255.255.255.0
      import-route direct
      peer 10.1.1.2 enable
      peer 10.2.1.2 enable
    #
    return
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14370

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next