No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a VPNv6 RR

Example for Configuring a VPNv6 RR

Networking Requirements

To reduce the number of MP-IBMP connections between the PEs and lower the load on the PEs in IPv6 VPN deployment, you can configure a P or PE device in the same AS as a route reflector (RR) to reflect VPNv6 routes. This facilitates route maintenance and management.

Figure 3-11 VPNv6 RR networking

In Figure 3-11, PE1, PE2, and RR are located in AS 100 on the backbone network. CE1 and CE2 belong to VPNA. You need to configure the RR as the route reflector of the VPN.

Configuration Roadmap

The configuration roadmap is as follows:

  1. Establish MP-IBGP connections between the PEs and RR. No MP-IBGP connection is required between the PEs.

  2. Establish an EBGP connection between the PEs and CEs.

  3. Establish an MPLS LSP on the public network and enable MPLS LDP on the devices and interfaces along the LSP.

  4. Configure the RR to accept all VPNv6 routes without filtering them based on VPN targets, so that the RR can save all VPNv6 routes sent from PE1 and PE2 and advertises them to the PEs.

Procedure

  1. Configure VLANs on interfaces and assign IP addresses to the VLANIF interfaces and loopback interfaces.

    # Configure PE1.

    <HUAWEI> system-view
    [~HUAWEI] sysname PE1
    [*HUAWEI] commit
    [~PE1] interface loopback 1
    [*PE1-LoopBack1] ip address 1.1.1.9 32
    [*PE1-LoopBack1] quit
    [*PE1] vlan batch 10 30
    [*PE1] interface 10ge 1/0/1
    [*PE1-10GE1/0/1] port link-type trunk
    [*PE1-10GE1/0/1] port trunk allow-pass vlan 10
    [*PE1-10GE1/0/1] quit
    [*PE1] interface 10ge 1/0/2
    [*PE1-10GE1/0/2] port link-type trunk
    [*PE1-10GE1/0/2] port trunk allow-pass vlan 30
    [*PE1-10GE1/0/2] quit
    [*PE1] interface vlanif 10
    [*PE1-Vlanif10] ip address 100.1.2.1 24
    [*PE1-Vlanif10] quit
    [*PE1] interface vlanif 30
    [*PE1-Vlanif30] ipv6 enable
    [*PE1-Vlanif30] ipv6 address 2001::2 64
    [*PE1-Vlanif30] quit
    [*PE1] commit
    

    The configurations of PE2, RR, CE1, and CE2 are the same as that of PE1.

  2. Configure an IGP on the MPLS backbone network to implement connectivity between devices along the LSP.

    # Configure PE1.

    [~PE1] ospf
    [*PE1-ospf-1] area 0
    [*PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [*PE1-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.255
    [*PE1-ospf-1-area-0.0.0.0] quit
    [*PE1-ospf-1] quit
    [*PE1] commit
    

    The configurations of PE2 and RR are the same as that of PE1.

    After the configuration is complete, the devices along the LSP can obtain the address of the loopback interface from each other.

    The display on PE1 is used as an example.

    [~PE1] display ip routing-table
    Proto: Protocol        Pre: Preference
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------  
    Routing Table : _public_                                                        
             Destinations : 11       Routes : 11                                    
                                                                                    
    Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface    
                                                                                    
            1.1.1.9/32  Direct  0    0             D  127.0.0.1       LoopBack1     
            2.2.2.9/32  OSPF    10   1             D  100.1.2.2       Vlanif10      
            3.3.3.9/32  OSPF    10   2             D  100.1.2.2       Vlanif10      
          100.1.2.0/24  Direct  0    0             D  100.1.2.1       Vlanif10      
          100.1.2.1/32  Direct  0    0             D  127.0.0.1       Vlanif10      
        100.1.2.255/32  Direct  0    0             D  127.0.0.1       Vlanif10      
          100.2.3.0/24  OSPF    10   2             D  100.1.2.2       Vlanif10      
          127.0.0.0/8   Direct  0    0             D  127.0.0.1       InLoopBack0   
          127.0.0.1/32  Direct  0    0             D  127.0.0.1       InLoopBack0   
    127.255.255.255/32  Direct  0    0             D  127.0.0.1       InLoopBack0   
    255.255.255.255/32  Direct  0    0             D  127.0.0.1       InLoopBack0  
  3. Establish an LSP over the MPLS backbone network.

    Enable MPLS and MPLS LDP on the devices and interfaces along the LSP.

    # Configure PE1.

    [~PE1] mpls lsr-id 1.1.1.9
    [*PE1] mpls
    [*PE1-mpls] quit
    [*PE1] mpls ldp
    [*PE1-mpls-ldp] quit
    [*PE1] interface vlanif 10
    [*PE1-Vlanif10] mpls
    [*PE1-Vlanif10] mpls ldp
    [*PE1-Vlanif10] quit
    [*PE1] commit
    

    The configurations of PE2 and RR are the same as that of PE1.

    After the configuration is complete, run the display mpls ldp session command on the PEs and RR, and you can see that the Status field is Operational.

  4. Configure IPv6 VPN instances on the PEs.

    For the detailed configuration, see Example for Configuring Basic BGP/MPLS IPv6 VPN.

  5. Establish EBGP peer relationships between PEs and CEs and import VPN routes into BGP.

    For the detailed configuration, see Example for Configuring the Hub and Spoke (Using BGP4+ Between the PE and CE).

  6. Establish MP-IBGP peer relationships between the PEs and RR.

    # Configure PE1.

    [~PE1] bgp 100
    [*PE1-bgp] peer 2.2.2.9 as-number 100
    [*PE1-bgp] peer 2.2.2.9 connect-interface loopback 1
    [*PE1-bgp] ipv6-family vpnv6
    [*PE1-bgp-af-vpnv6] peer 2.2.2.9 enable
    [*PE1-bgp-af-vpnv6] quit
    [*PE1-bgp] quit
    [*PE1] commit
    

    # Configure the RR.

    [~RR] bgp 100
    [*RR-bgp] peer 1.1.1.9 as-number 100
    [*RR-bgp] peer 1.1.1.9 connect-interface loopback 1
    [*RR-bgp] peer 3.3.3.9 as-number 100
    [*RR-bgp] peer 3.3.3.9 connect-interface loopback 1
    [*RR-bgp] ipv6-family vpnv6
    [*RR-bgp-af-vpnv6] peer 1.1.1.9 enable
    [*RR-bgp-af-vpnv6] peer 3.3.3.9 enable
    [*RR-bgp-af-vpnv6] quit
    [*RR-bgp] quit
    [*RR] commit
    

    # Configure PE2.

    The configuration on PE2 is the same as that of PE1.

    After the configuration is complete, run the display bgp vpnv6 all peer command on the PEs, and you can see that IBGP peer relationships have been established between the PEs and RR, and EBGP peer relationships have been established between the PEs and CEs.

    The display on PE1 is used as an example.

    [~PE1] display bgp vpnv6 all peer
                                                                                    
     BGP local router ID : 1.1.1.9                                                  
     Local AS number : 100                                                          
     Total number of peers : 2                 Peers in established state : 2       
                                                                                    
      Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv
      2.2.2.9         4         100       13       12     0 00:05:03 Established        1
                                                                                    
      Peer of IPv6-family for vpn instance :                                        
                                                                                    
      VPN-Instance VPNA :                                                           
      Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv
      2001::1         4       65410       13       12     0 00:06:47 Established        1
  7. Enable the route reflection function on the RR.

    # Configure the RR.

    [~RR] bgp 100
    [~RR-bgp] ipv6-family vpnv6
    [*RR-bgp-af-vpnv6] peer 1.1.1.9 reflect-client
    [*RR-bgp-af-vpnv6] peer 3.3.3.9 reflect-client
    [*RR-bgp-af-vpnv6] undo policy vpn-target
    [*RR-bgp-af-vpnv6] quit
    [*RR-bgp] quit
    [*RR] commit
    
  8. Verify the configuration.

    Check the VPN routing table on a PE. The routing table contains a route to the remote CE.

    [~PE1] display ipv6 routing-table vpn-instance VPNA
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route 
    ------------------------------------------------------------------------------
    Routing Table : VPNA                                                            
             Destinations : 4        Routes : 4                                     
                                                                                    
    Destination  : 2001::                                  PrefixLength : 64        
    NextHop      : 2001::2                                 Preference   : 0         
    Cost         : 0                                       Protocol     : Direct    
    RelayNextHop : ::                                      TunnelID     : 0x0       
    Interface    : Vlanif30                                Flags        : D         
                                                                                    
    Destination  : 2001::2                                 PrefixLength : 128       
    NextHop      : ::1                                     Preference   : 0         
    Cost         : 0                                       Protocol     : Direct    
    RelayNextHop : ::                                      TunnelID     : 0x0       
    Interface    : Vlanif30                                Flags        : D         
                                                                                    
    Destination  : 2002::                                  PrefixLength : 64        
    NextHop      : ::FFFF:3.3.3.9                          Preference   : 255       
    Cost         : 0                                       Protocol     : IBGP      
    RelayNextHop : --                                      TunnelID     : LDP LSP   
    Interface    : LDP LSP                                 Flags        : RD        
                                                                                    
    Destination  : FE80::                                  PrefixLength : 10        
    NextHop      : ::                                      Preference   : 0         
    Cost         : 0                                       Protocol     : Direct    
    RelayNextHop : ::                                      TunnelID     : 0x0       
    Interface    : NULL0                                   Flags        : D         

    If CE1 and CE2 can ping each other, the route reflection function has been configured successfully.

Configuration Files

  • PE1 configuration file

    #
    sysname PE1
    #
    vlan batch 10 30
    #
    ip vpn-instance VPNA
     ipv6-family
      route-distinguisher 100:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 1.1.1.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif10
     ip address 100.1.2.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif30
     ipv6 enable
     ip binding vpn-instance VPNA
     ipv6 address 2001::2/64
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE1/0/2
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    bgp 100
     router-id 1.1.1.9
     peer 2.2.2.9 as-number 100
     peer 2.2.2.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 2.2.2.9 enable
     #
     ipv6-family vpnv6
      policy vpn-target
      peer 2.2.2.9 enable
     #
     ipv6-family vpn-instance VPNA
      import-route direct
      peer 2001::1 as-number 65410
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 100.1.2.0 0.0.0.255
    #
    return 
  • RR configuration file

    #
    sysname RR
    #
    vlan batch 10 20
    #
    mpls lsr-id 2.2.2.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif10
     ip address 100.1.2.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif20
     ip address 100.2.3.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE1/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    bgp 100
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1
     peer 3.3.3.9 as-number 100
     peer 3.3.3.9 connect-interface LoopBack1
    #
     ipv4-family unicast
      peer 1.1.1.9 enable
      peer 3.3.3.9 enable
     #
     ipv6-family vpnv6
      undo policy vpn-target
      peer 1.1.1.9 enable
      peer 1.1.1.9 reflect-client
      peer 3.3.3.9 enable
      peer 3.3.3.9 reflect-client
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 100.1.2.0 0.0.0.255
      network 100.2.3.0 0.0.0.255
    #
    return
  • PE2 configuration file

    #
    sysname PE2
    #
    vlan batch 20 40
    #
    ip vpn-instance VPNA
     ipv6-family
      route-distinguisher 100:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 3.3.3.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif20
     ip address 100.2.3.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif40
     ipv6 enable
     ip binding vpn-instance VPNA
     ipv6 address 2002::2/64
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface 10GE1/0/2
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    bgp 100
     router-id 3.3.3.9
     peer 2.2.2.9 as-number 100
     peer 2.2.2.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 2.2.2.9 enable
     #
     ipv6-family vpnv6
      policy vpn-target
      peer 2.2.2.9 enable
     #
     ipv6-family vpn-instance VPNA
      import-route direct
      peer 2002::1 as-number 65420
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 100.2.3.0 0.0.0.255
    #
    return
  • CE1 configuration file

    #
    sysname CE1
    #
    vlan batch 30
    #
    interface Vlanif30
     ipv6 enable
     ipv6 address 2001::1/64
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    bgp 65410
     router-id 10.10.10.10
     peer 2001::2 as-number 100
     #
     ipv6-family unicast
      import-route direct
      peer 2001::2 enable
    #
    return
  • CE2 configuration file

    #
    sysname CE2
    #
    vlan batch 40
    #
    interface Vlanif40
     ipv6 enable
     ipv6 address 2002::1/64
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    bgp 65420
     router-id 20.20.20.20
     peer 2002::2 as-number 100
     #
     ipv6-family unicast
      import-route direct
      peer 2002::2 enable
    #
    return
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14283

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next