No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Inter-AS VPN Option B

Example for Configuring Inter-AS VPN Option B

Networking Requirements

An enterprise's headquarters and branches communicate over networks of different ISPs, and the enterprise has many inter-AS VPN services. The ASBR-PE devices have VPN route management capabilities, but they do not have enough interfaces to reserve an interface for each inter-AS VPN service. The enterprise requires an inter-AS VPN solution to provide inter-AS BGP/MPLS IP VPN services.

This example illustrates only the inter-AS VPN solution between the headquarters and one branch. As shown in Figure 2-46, CE1 is located in the headquarters and connects to PE1 in AS 100. CE2 is located in the branch and connects to PE2 in AS 200. Both CE1 and CE2 belong to vpn1.

Figure 2-46 Inter-AS VPN Option B networking

Configuration Roadmap

Inter-AS Option B can be deployed to meet the enterprise's requirements. The configuration roadmap is as follows:

  1. On the MPLS backbone network in each AS, configure an IGP protocol to enable the PE and ASBR-PE devices in the same AS to communicate with each other.
  2. Configure basic MPLS capabilities and MPLS LDP on the MPLS backbone network in each AS to establish LDP LSPs.
  3. Set up an MP-IBGP peer relationship between the PE and ASBR-PE devices in each AS to exchange VPN routing information.
  4. Create a VPN instance on the PE device in each AS and bind the VPN instance to the interface connected to the CE device.
  5. Set up an EBGP peer relationship between the PE and CE devices in each AS to exchange VPN routing information.
  6. Configure inter-AS VPN Option B:
    1. Set up an MP-EBGP peer relationship between the ASBR-PE devices so that they can advertise VPNv4 routes in the local ASs to the peer ASBR-PE devices.
    2. Configure the ASBR-PE devices to accept all the VPNv4 routes without filtering the routes based on VPN targets.

Procedure

  1. On the MPLS backbone networks in AS 100 and AS 200, configure an IGP protocol to enable the PE devices to communicate with each other.
  2. On the MPLS backbone networks in AS 100 and AS 200, enable basic MPLS capabilities and MPLS LDP to establish LDP LSPs.
  3. Set up an MP-IBGP peer relationship between the PE and ASBR-PE devices in each AS to exchange VPN routing information.
  4. On the PE devices, create a VPN instance, enable the IPv4 address family in the instance, and bind the instance to the interfaces connected to CE devices.
  5. Set up EBGP peer relationships between the PE and CE devices to exchange VPN routing information.

    For detailed configurations, see Example for Configuring Inter-AS VPN Option A.

  6. Configure inter-AS VPN Option B.

    # On ASBR-PE1, enable MPLS on VLANIF12 connected to ASBR-PE2.

    [~ASBR-PE1] interface vlanif 12
    [*ASBR-PE1-Vlanif12] mpls
    [*ASBR-PE1-Vlanif12] quit
    [*ASBR-PE1] commit

    # Set up an MP-EBGP peer relationship between ASBR-PE1 and ASBR-PE2 and configure them not to filter VPNv4 routes based on VPN targets. Take ASBR-PE1 as an example.

    [~ASBR-PE1] interface vlanif 12
    [*ASBR-PE1-Vlanif12] ip address 192.1.1.1 24
    [*ASBR-PE1-Vlanif12] quit
    [*ASBR-PE1] bgp 100
    [*ASBR-PE1-bgp] peer 192.1.1.2 as-number 200
    [*ASBR-PE1-bgp] ipv4-family vpnv4
    [*ASBR-PE1-bgp-af-vpnv4] peer 192.1.1.2 enable
    [*ASBR-PE1-bgp-af-vpnv4] undo policy vpn-target
    [*ASBR-PE1-bgp-af-vpnv4] quit
    [*ASBR-PE1-bgp] quit
    [*ASBR-PE1] commit
    
    

    The configuration of ASBR-PE2 is the same as that of ASBR-PE1.

  7. Verify the configuration.

    After the configuration is complete, CE1 and CE2 can learn routes of each other and can ping each other successfully.

    Take the display on CE1 as an example.

    [~CE1] display ip routing-table
    Proto: Protocol        Pre: Preference
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Table : _public_
             Destinations : 8        Routes : 8
    Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface
           10.1.1.0/24  Direct 0    0             D  10.1.1.1        Vlanif10
           10.1.1.1/32  Direct 0    0             D  127.0.0.1       Vlanif10
         10.1.1.255/32  Direct 0    0             D  127.0.0.1       Vlanif10
           10.2.1.0/24  EBGP   255  0             D  10.1.1.2        Vlanif10
          127.0.0.0/8   Direct 0    0             D  127.0.0.1       InLoopBack0
          127.0.0.1/32  Direct 0    0             D  127.0.0.1       InLoopBack0
    127.255.255.255/32  Direct 0    0             D  127.0.0.1       InLoopBack0
    255.255.255.255/32  Direct 0    0             D  127.0.0.1       InLoopBack0 
    [~CE1] ping 10.2.1.1
      PING 10.2.1.1: 56  data bytes, press CTRL_C to break
        Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=251 time=119 ms
        Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=251 time=141 ms
        Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=251 time=136 ms
        Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=251 time=113 ms
        Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=251 time=78 ms
      --- 10.2.1.1 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 78/117/141 ms

    Run the display bgp vpnv4 all routing-table command on an ASBR-PE device to check the VPNv4 routes.

    Take the display on ASBR-PE1 as an example.

    [~ASBR-PE1] display bgp vpnv4 all routing-table
    BGP Local router ID is 2.2.2.9
     Status codes: * - valid, > - best, d - damped,
                   h - history,  i - internal, s - suppressed, S - Stale
                   Origin : i - IGP, e - EGP, ? - incomplete
     Total number of routes from all PE: 3
     Route Distinguisher: 100:1
          Network            NextHop        MED        LocPrf    PrefVal Path/Ogn
     *>i  10.1.1.0/24        1.1.1.9         0          100        0      ?
     Route Distinguisher: 200:1
          Network            NextHop        MED        LocPrf    PrefVal Path/Ogn
     *>   10.2.1.0/24        192.1.1.2                             0      200?

Configuration Files

  • CE1 configuration file

    #
    sysname CE1
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 10.1.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    bgp 65001
     peer 10.1.1.2 as-number 100
     #
     ipv4-family unicast
      import-route direct
      peer 10.1.1.2 enable
    return
  • PE1 configuration file

    #
    sysname PE1
    #
    vlan batch 10 11
    #
    ip vpn-instance vpn1
     ipv4-family     
      route-distinguisher 100:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
     mpls lsr-id 1.1.1.9
    #
     mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif10
     ip binding vpn-instance vpn1
     ip address 10.1.1.2 255.255.255.0
    #
    interface Vlanif11
     ip address 172.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 11
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    bgp 100
     peer 2.2.2.9 as-number 100
     peer 2.2.2.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 2.2.2.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 2.2.2.9 enable
     #
     ipv4-family vpn-instance vpn1
      import-route direct
      peer 10.1.1.1 as-number 65001
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
    #
    return
  • ASBR-PE1 configuration file

    #
    sysname ASBR-PE1
    #
    vlan batch 11 12
    #
    mpls lsr-id 2.2.2.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif11
     ip address 172.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif12
     ip address 192.1.1.1 255.255.255.0
     mpls
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 11
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 12
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    bgp 100
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1
     peer 192.1.1.2 as-number 200
     #
     ipv4-family unicast
      peer 1.1.1.9 enable
      peer 192.1.1.2 enable
     #
     ipv4-family vpnv4
      undo policy vpn-target
      peer 1.1.1.9 enable
      peer 192.1.1.2 enable
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
    #
    return
  • ASBR-PE2 configuration file

    #
    sysname ASBR-PE2
    #
    vlan batch 12 22
    #
    mpls lsr-id 3.3.3.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif12
     ip address 192.1.1.2 255.255.255.0
     mpls
    #
    interface Vlanif22
     ip address 162.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 22
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 12
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    bgp 200
     peer 4.4.4.9 as-number 200
     peer 4.4.4.9 connect-interface LoopBack1
     peer 192.1.1.1 as-number 100
     #
     ipv4-family unicast
      peer 4.4.4.9 enable
      peer 192.1.1.1 enable
     #
     ipv4-family vpnv4
      undo policy vpn-target
      peer 4.4.4.9 enable
      peer 192.1.1.1 enable
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 162.1.1.0 0.0.0.255
    #
    return
  • PE2 configuration file

    #
    sysname PE2
    #
    vlan batch 10 22
    #
    ip vpn-instance vpn1
     ipv4-family         
      route-distinguisher 200:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 4.4.4.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif10
     ip binding vpn-instance vpn1
     ip address 10.2.1.2 255.255.255.0
    #
    interface Vlanif22
     ip address 162.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 22
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface LoopBack1
     ip address 4.4.4.9 255.255.255.255
    #
    bgp 200
     peer 3.3.3.9 as-number 200
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 3.3.3.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 3.3.3.9 enable
     #
     ipv4-family vpn-instance vpn1
      import-route direct
      peer 10.2.1.1 as-number 65002
    #
    ospf 1
     area 0.0.0.0
      network 4.4.4.9 0.0.0.0
      network 162.1.1.0 0.0.0.255
    #
    return
  • CE2 configuration file

    #
    sysname CE2
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 10.2.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    bgp 65002
     peer 10.2.1.2 as-number 200
     #
     ipv4-family unicast
      import-route direct
      peer 10.2.1.2 enable
    #
    return
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14289

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next