No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Communication Between Local VPNs

Example for Configuring Communication Between Local VPNs

Networking Requirements

As shown in Figure 2-43, enterprise A and enterprise B realize communication between their respective headquarters and branches through BGP/MPLS IP VPN. The network deployment is as follows:
  • CE1 connects to the headquarters of enterprise A, and CE3 connects to the branch of enterprise A. CE1 and CE3 belong to vpna.
  • CE2 connects to the headquarters of enterprise B, and CE4 connects to the branch of enterprise B. CE2 and CE4 belong to vpnb.

Headquarters of enterprise A and headquarters of enterprise B need to communicate with each other due to service needs.

Figure 2-43 Communication between local VPNs

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure VPN instances on PE1 and configure different VPN targets for the instances to isolate VPNs.

  2. On PE1, bind the VPN instances to the interfaces connected to CE devices to provide access for VPN users.

  3. On PE1, enable the BGP-VPNv4 address family and import direct routes toward the local CE devices to the VPN routing table. On the CE devices, configure static routes to each other so that they can communicate.

Procedure

  1. Create VLANs and configure the allowed VLANs on interfaces.

    # Configure PE1.

    <HUAWEI> system-view
    [~HUAWEI] sysname PE1
    [*HUAWEI] commit
    [~PE1] vlan batch 10 20
    [*PE1] interface 10ge 1/0/1
    [*PE1-10GE1/0/1] port link-type trunk
    [*PE1-10GE1/0/1] port trunk allow-pass vlan 10
    [*PE1-10GE1/0/1] quit
    [*PE1] interface 10ge 2/0/2
    [*PE1-10GE2/0/2] port link-type trunk
    [*PE1-10GE2/0/2] port trunk allow-pass vlan 20
    [*PE1-10GE2/0/2] commit
    [~PE1-10GE2/0/2] quit

    # Configure CE1.

    <HUAWEI> system-view
    [~HUAWEI] sysname CE1
    [*HUAWEI] commit
    [~CE1] vlan batch 10
    [*CE1] interface 10ge 1/0/1
    [*CE1-10GE1/0/1] port link-type trunk
    [*CE1-10GE1/0/1] port trunk allow-pass vlan 10
    [*CE1-10GE1/0/1] commit
    [~CE1-10GE1/0/1] quit
    

    # Configure CE2.

    <HUAWEI> system-view
    [~HUAWEI] sysname CE2
    [*HUAWEI] commit
    [~CE2] vlan batch 20
    [*CE2] interface 10ge 1/0/1
    [*CE2-10GE1/0/1] port link-type trunk
    [*CE2-10GE1/0/1] port trunk allow-pass vlan 20
    [*CE2-10GE1/0/1] commit
    [~CE2-10GE1/0/1] quit

  2. Configure VPN instances on PE1 and bind the instances to the interfaces connected to CE devices.

    # Configure PE1.

    [~PE1] ip vpn-instance vpna
    [*PE1-vpn-instance-vpna] ipv4-family
    [*PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
    [*PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 export-extcommunity
    [*PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 222:2 import-extcommunity
    [*PE1-vpn-instance-vpna-af-ipv4] quit
    [*PE1-vpn-instance-vpna] quit
    [*PE1] ip vpn-instance vpnb
    [*PE1-vpn-instance-vpnb] ipv4-family
    [*PE1-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2
    [*PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 export-extcommunity
    [*PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 111:1 import-extcommunity
    [*PE1-vpn-instance-vpnb-af-ipv4] quit
    [*PE1-vpn-instance-vpnb] quit
    [*PE1] interface vlanif 10
    [*PE1-Vlanif10] ip binding vpn-instance vpna
    [*PE1-Vlanif10] ip address 10.1.1.2 24
    [*PE1-Vlanif10] quit
    [*PE1] interface vlanif 20
    [*PE1-Vlanif20] ip binding vpn-instance vpnb
    [*PE1-Vlanif20] ip address 10.2.1.2 24
    [*PE1-Vlanif20] quit
    [*PE1] commit
    # Assign IP addresses to interfaces according to Figure 2-43.
    [~CE1] interface vlanif 10
    [*CE1-Vlanif10] ip address 10.1.1.1 24
    [*CE1-Vlanif10] commit
    [~CE1-Vlanif10] quit
    

    The configuration of CE2 is the same as that of CE1.

    Each PE device can ping its local CE devices. Take the ping test from PE1 to CE1 as an example:

    [~PE1] ping -vpn-instance vpna 10.1.1.1
      PING 10.1.1.1: 56  data bytes, press CTRL_C to break
        Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=5 ms
        Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=3 ms
        Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=3 ms
        Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=3 ms
        Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=16 ms
    
      --- 10.1.1.1 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 3/6/16 ms  

  3. Configure BGP, enable the BGP-VPNv4 address family, and import direct routes toward local CE devices to the VPN routing table.

    # Configure PE1.

    [~PE1] bgp 100
    [*PE1-bgp] ipv4-family vpnv4
    [*PE1-bgp-af-vpnv4] quit
    [*PE1-bgp] ipv4-family vpn-instance vpna
    [*PE1-bgp-vpna] import-route direct
    [*PE1–bgp-vpna] quit
    [*PE1-bgp] ipv4-family vpn-instance vpnb
    [*PE1–bgp-vpnb] import-route direct
    [*PE1–bgp-vpnb] quit
    [*PE1–bgp] quit
    [*PE1] commit

  4. Configure static routes on the CE devices.

    # Configure CE1.

    [~CE1] ip route-static 10.2.1.0 24 10.1.1.2
    [*CE1] commit
    

    # Configure CE2.

    [~CE2] ip route-static 10.1.1.0 24 10.2.1.2
    [*CE2] commit

  5. Verify the configuration.

    After the configuration is complete, run the display ip routing-table vpn-instance command on PE1. You can see that the VPNs have imported routes of each other. Take vpna as an example.

    [~PE1] display ip routing-table vpn-instance vpna
    Proto: Protocol        Pre: Preference
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Table : vpna
             Destinations : 6        Routes : 6
    
    Destination/Mask    Proto  Pre  Cost       Flags NextHop         Interface
    
           10.1.1.0/24  Direct 0    0            D   10.1.1.1        Vlanif10
           10.1.1.2/32  Direct 0    0            D   127.0.0.1       Vlanif10
         10.1.1.255/32  Direct 0    0            D   127.0.0.1       Vlanif10
           10.2.1.0/24  BGP    255  0            D   10.2.1.2        Vlanif20
           10.2.1.2/32  BGP    255  0            D   127.0.0.1       Vlanif20
    255.255.255.255/32  Direct 0    0            D   127.0.0.1       InLoopBack0    

    CE1 and CE2 can ping each other.

    [~CE1] ping 10.2.1.1
      PING 10.2.1.1: 56  data bytes, press CTRL_C to break
        Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=253 time=72 ms
        Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=253 time=34 ms
        Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=253 time=50 ms
        Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=253 time=50 ms
        Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=253 time=34 ms
      --- 10.2.1.1 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 34/48/72 ms  

Configuration Files

  • PE1 configuration file

    #
     sysname PE1
    #
     vlan batch 10 20
    #
    ip vpn-instance vpna
     ipv4-family
     route-distinguisher 100:1
     vpn-target 111:1 export-extcommunity
     vpn-target 111:1 import-extcommunity
     vpn-target 222:2 import-extcommunity
    #
    ip vpn-instance vpnb
     ipv4-family 
     route-distinguisher 100:2
     vpn-target 222:2 export-extcommunity
     vpn-target 222:2 import-extcommunity
     vpn-target 111:1 import-extcommunity
    #
    interface Vlanif10
     ip binding vpn-instance vpna
     ip address 10.1.1.2 255.255.255.0
    # 
    interface Vlanif20
     ip binding vpn-instance vpnb
     ip address 10.2.1.2 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    # 
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    bgp 100
     #
     ipv4-family unicast
     #
     ipv4-family vpnv4
      policy vpn-target
     #
     ipv4-family vpn-instance vpna
      import-route direct
    #
     ipv4-family vpn-instance vpnb
      import-route direct
    #
    return
  • CE1 configuration file

    #
     sysname CE1
    #
     vlan batch 10
    #
    interface Vlanif10
     ip address 10.1.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
     ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
    #
    return
  • CE2 configuration file

    #
     sysname CE2
    #
     vlan batch 20
    #
    interface Vlanif20
     ip address 10.2.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    ip route-static 10.1.1.0 255.255.255.0 10.2.1.2
    #
    return
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 13998

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next