No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Dynamic Single-hop PW

Example for Configuring a Dynamic Single-hop PW

Networking Requirements

As shown in Figure 5-8, the MPLS network of an ISP provides the L2VPN service for users. Many users connect to the MPLS network through PE1 and PE2, and users on the PEs change frequently. A proper VPN solution is required to provide secure VPN services for users and to simplify configuration when new users connect to the network.

Figure 5-8 Networking diagram for configuring dynamic a single-hop PW-using an LSP tunnel

Configuration Roadmap

Because users on the two PEs often change, there is low efficiency in manually synchronizing user information and error may occur. You can establish a remote LDP connection between the two PEs so that PEs synchronize user information using LDP. That is, a dynamic PW is used. Compared with Martini, PWE3 reduces the signaling cost, and defines the multi-hop negotiation mode. This makes networking flexible. To save network resources as much as possible, PWE3 is recommended.

The configuration roadmap is as follows:

  1. Configure an IGP on the PE and P devices on the backbone network to ensure reachability between them, and enable MPLS.

  2. This example uses the default tunnel policy to set up an LSP tunnel. The LSP tunnel is used as a dedicated tunnel to transmit data of private networks on the public network.

  3. Set up a remote LDP session between the PEs to exchange VC labels between the PEs.

  4. Enable MPLS L2VPN and create VC connections on the PEs.

Procedure

  1. Configure VLANs for interfaces and addresses for VLANIF interfaces on the CE, PE and P devices according to Figure 5-8.

    CE1 is used as an example.

    # Configure CE1.

    <HUAWEI> system-view
    [~HUAWEI] sysname CE1
    [*HUAWEI] commit
    [~CE1] vlan batch 10
    [*CE1] interface vlanif 10
    [*CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0
    [*CE1-Vlanif10] quit
    [*CE1] interface 10ge 1/0/1
    [*CE1-10GE1/0/1] port link-type trunk
    [*CE1-10GE1/0/1] port trunk allow-pass vlan 10
    [*CE1-10GE1/0/1] quit
    [*CE1] commit

    The configuration details of other devices are not mentioned here.

  2. Configure IGP on the MPLS backbone network. In this example, Open Shortest Path First (OSPF) is used.

    When configuring OSPF, advertise the 32-bit addresses of loopback interfaces on PEs and P. The loopback interface addresses are the LSR IDs.

    PE1 is used as an example.

    # Configure PE1.

    [~PE1] ospf 1
    [*PE1-ospf-1] area 0
    [*PE1-ospf-1-area-0.0.0.0] network 8.1.1.0 0.0.0.255
    [*PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [*PE1-ospf-1-area-0.0.0.0] quit
    [*PE1-ospf-1] quit
    [*PE1] commit

    The configuration details of other devices are not mentioned here.

  3. Configure the basic MPLS capabilities and MPLS LDP on the MPLS network.

    # Configure PE1.

    [~PE1] mpls lsr-id 1.1.1.9
    [*PE1] mpls
    [*PE1-mpls] quit
    [*PE1] mpls ldp
    [*PE1-mpls-ldp] quit
    [*PE1] interface vlanif 20
    [*PE1-Vlanif20] mpls
    [*PE1-Vlanif20] mpls ldp
    [*PE1-Vlanif20] quit
    [*PE1] commit

    # Configure the P.

    [~P] mpls lsr-id 2.2.2.9
    [*P] mpls
    [*P-mpls] quit
    [*P] mpls ldp
    [*P-mpls-ldp] quit
    [*P] interface vlanif 20
    [*P-Vlanif20] mpls
    [*P-Vlanif20] mpls ldp
    [*P-Vlanif20] quit
    [*P] interface vlanif 30
    [*P-Vlanif30] mpls
    [*P-Vlanif30] mpls ldp
    [*P-Vlanif30] quit
    [*P] commit

    # Configure PE2.

    [~PE2] mpls lsr-id 3.3.3.9
    [*PE2] mpls
    [*PE2-mpls] quit
    [*PE2] mpls ldp
    [*PE2-mpls-ldp] quit
    [*PE2] interface vlanif 30
    [*PE2-Vlanif30] mpls
    [*PE2-Vlanif30] mpls ldp
    [*PE2-Vlanif30] quit
    [*PE2] commit

  4. Set up a remote LDP session between PEs.

    # Configure PE1.

    [~PE1] mpls ldp remote-peer 3.3.3.9
    [*PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
    [*PE1-mpls-ldp-remote-3.3.3.9] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] mpls ldp remote-peer 1.1.1.9
    [*PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
    [*PE2-mpls-ldp-remote-1.1.1.9] quit
    [*PE2] commit

    After the configuration, run the display mpls ldp session command on PE1 to view the establishment of the LDP session. You can find that an LDP session is set up between PE1 and PE2.

    Take the display on PE1 for example.

    [~PE1] display mpls ldp session
     LDP Session(s) in Public Network
     LAM: Label Advertisement Mode,  KA: KeepAlive
     SsnAge: Session Age, Unit(DDDD:HH:MM)
     An asterisk (*) before a session means the session is being deleted.
    
    --------------------------------------------------------------------------               
     PeerID             Status      LAM  SsnRole  SsnAge       KASent/Rcv                              
    --------------------------------------------------------------------------                       
     2.2.2.9:0          Operational DU   Passive  0000:05:06   1226/1226                
     3.3.3.9:0          Operational DU   Passive  0000:05:06   1226/1226                 
    --------------------------------------------------------------------------              
    TOTAL: 2 Session(s) Found.   

  5. Enable MPLS L2VPN and create VCs on the PEs.

    # Configure PE1: Create a VC on VLANIF 10, which is connected to CE1.

    [~PE1] mpls l2vpn
    [*PE1-l2vpn] quit
    [*PE1] interface vlanif 10
    [*PE1-Vlanif10] mpls l2vc 3.3.3.9 101
    [*PE1-Vlanif10] quit
    [*PE1] commit

    # Configure PE2: Create a VC on VLANIF 40, which is connected to CE2.

    [~PE2] mpls l2vpn
    [*PE2-l2vpn] quit
    [*PE2] interface vlanif 40
    [*PE2-Vlanif40] mpls l2vc 1.1.1.9 101
    [*PE2-vlanif40] quit
    [*PE2] commit

  6. Verify the configuration.

    View the L2VPN connection information on the PEs, and you can see that an L2VC is set up and is in Up state.

    Take the display on PE1 for example.

    [~PE1] display mpls l2vc
    Total LDP VC : 1     1 up       0 down
    
     *client interface       : Vlanif10 is up
      Administrator PW       : no
      session state          : up
      AC status              : up
      VC state               : up
      Label state            : 0
      Token state            : 0
      VC ID                  : 101
      VC type                : VLAN
      destination            : 3.3.3.9
      local VC label         : 20           remote VC label      : 19
      control word           : disable
      remote control word    : disable
      forwarding entry       : exist
      local group ID         : 0
      remote group ID        : 0
      local AC OAM State     : up
      local PSN OAM State    : up
      local forwarding state : forwarding
      local status code      : 0x0
      remote AC OAM state    : up
      remote PSN OAM state   : up
      remote forwarding state: forwarding
      remote status code     : 0x0
      ignore standby state   : no
      BFD for PW             : unavailable
      VCCV State             : up
      manual fault           : not set
      active state           : active
      OAM Protocol           : --
      OAM Status             : --
      OAM Fault Type         : --
      PW APS ID              : --
      PW APS Status          : --
      TTL Value              : --
      link state             : up
      local VC MTU           : 1500         remote VC MTU        : 1500
      local VCCV             : alert ttl lsp-ping bfd
      remote VCCV            : alert ttl lsp-ping bfd
      tunnel policy name     : --
      PW template name       : --
      primary or secondary   : primary
      load balance type      : flow
      Access-port            : false
      Switchover Flag        : false
      VC tunnel info         : 1 tunnels
        NO.0  TNL type       : ldp   , TNL ID : 0x0000000001004c4b43
      create time            : 0 days, 0 hours, 13 minutes, 53 seconds
      up time                : 0 days, 0 hours, 9 minutes, 6 seconds
      last change time       : 0 days, 0 hours, 9 minutes, 6 seconds
      VC last up time        : 2014/03/18 14:19:57
      VC total up time       : 0 days, 0 hours, 9 minutes, 6 seconds
      CKey                   : 1
      NKey                   : 2248147354
      PW redundancy mode     : frr
      AdminPw interface      : --
      AdminPw link state     : --
      Diffserv Mode          : uniform
      Service Class          : --
      Color                  : --
      DomainId               : --
      Domain Name            : --

    CE1 and CE2 can ping each other.

    Take the display on CE1 for example.

    [~CE1] ping 10.1.1.2
      PING 10.1.1.2: 56  data bytes, press CTRL_C to break
        Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms
        Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms
        Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms
        Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms
        Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms
      --- 10.1.1.2 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 2/15/31 ms 

Configuration Files

  • Configuration file of CE1

    #
    sysname CE1
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 10.1.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    return
  • Configuration file of PE1

    #
    sysname PE1
    #
    vlan batch 10 20
    #
    mpls lsr-id 1.1.1.9
    #
    mpls
    #
    mpls l2vpn
    #
    mpls ldp
    #
    mpls ldp remote-peer 3.3.3.9
     remote-ip 3.3.3.9
    #
    interface Vlanif10
     mpls l2vc 3.3.3.9 101
    #
    interface Vlanif20
     ip address 8.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 8.1.1.0 0.0.0.255
    #
    return
  • Configuration file of P

    #
    sysname P
    #
    vlan batch 20 30
    #
    mpls lsr-id 2.2.2.9
    #
    mpls
    #
    mpls ldp
    #
    interface Vlanif20
     ip address 8.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif30
     ip address 8.2.2.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 8.1.1.0 0.0.0.255
      network 8.2.2.0 0.0.0.255
    #
    return
  • Configuration file of PE2

    #
    sysname PE2
    #
    vlan batch 30 40
    #
    mpls lsr-id 3.3.3.9
    #
    mpls
    #
    mpls l2vpn
    #
    mpls ldp
    #
    mpls ldp remote-peer 1.1.1.9
     remote-ip 1.1.1.9
    #
    interface Vlanif30
     ip address 8.2.2.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif40
     mpls l2vc 1.1.1.9 101
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 8.2.2.0 0.0.0.255
    #
    return
  • Configuration file of CE2

    #
    sysname CE2
    #
    vlan batch 40
    #
    interface Vlanif40
     ip address 10.1.1.2 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    return
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14345

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next