No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a VLL Using an MPLS TE Tunnel

Example for Configuring a VLL Using an MPLS TE Tunnel

Networking Requirements

As shown in Figure 4-13, the MPLS network of an ISP provides the L2VPN service for users. Many users connect to the MPLS network through PE1 and PE2, and users connected to the PE devices change frequently. A proper VPN solution is required to provide secure VPN services for users and to simplify configuration when new users connect to the network.

Figure 4-13 Networking for Configuring a VLL Using an MPLS TE Tunnel

Configuration Roadmap

MPLS TE tunnels can provide the FRR and hot standby functions to improve tunnel reliability.

To meet these requirements, a Martini VLL connection can be set up between CE1 and CE2, and a TE tunnel can be set up on the public network.

The configuration roadmap is as follows:

  1. Add interfaces to VLANs, assign IP addresses to VLANIF interfaces, and configure an IGP on the PE and P devices of the backbone network to implement interworking between the devices.

  2. Set up an MPLS TE tunnel and create a tunnel policy.

  3. Set up a remote LDP session between the PE devices to exchange VC labels between them.

  4. Create a VC connection between the PE devices, and apply a tunnel binding policy to the connection.

Procedure

  1. Add interfaces on the CE, PE, and P devices to VLANs, assign IP addresses to VLANIF interfaces, and configure an IGP on the PE and P devices of the backbone network according to Figure 4-13 to implement interworking between the devices.

    # Configure CE1.

    <HUAWEI> system-view
    [~HUAWEI] sysname CE1
    [*HUAWEI] commit
    [~CE1] vlan batch 10
    [*CE1] interface vlanif 10
    [*CE1-Vlanif10] ip address 192.168.1.1 255.255.255.0
    [*CE1-Vlanif10] quit
    [*CE1] interface 10ge 1/0/1
    [*CE1-10GE1/0/1] port link-type trunk
    [*CE1-10GE1/0/1] port trunk allow-pass vlan 10
    [*CE1-10GE1/0/1] quit
    [*CE1] commit

    The configuration of CE2 is similar to the configuration of CE1, and is not mentioned here.

    # Configure PE1.

    <HUAWEI> system-view
    [~HUAWEI] sysname PE1
    [*HUAWEI] commit
    [~PE1] vlan batch 10 100
    [*PE1] interface vlanif 100
    [*PE1-Vlanif100] ip address 172.1.1.1 255.255.255.0
    [*PE1-Vlanif100] quit
    [*PE1] interface loopback 1
    [*PE1-LoopBack1] ip address 1.1.1.9 255.255.255.255
    [*PE1-LoopBack1] quit
    [*PE1] interface 10ge 1/0/1
    [*PE1-10GE1/0/1] port link-type trunk
    [*PE1-10GE1/0/1] port trunk allow-pass vlan 10
    [*PE1-10GE1/0/1] quit
    [*PE1] interface 10ge 2/0/2
    [*PE1-10GE2/0/2] port link-type trunk
    [*PE1-10GE2/0/2] port trunk allow-pass vlan 100
    [*PE1-10GE2/0/2] quit
    [*PE1] ospf 1
    [*PE1-ospf-1] area 0
    [*PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
    [*PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [*PE1-ospf-1-area-0.0.0.0] quit
    [*PE1-ospf-1] quit
    [*PE1] commit

    The configurations of PE2 and the P device are similar to the configuration of PE1, and are not mentioned here.

  2. Set up an MPLS TE tunnel and create a tunnel binding policy.

    • Enable MPLS, MPLS TE, and RSVP-TE globally on PE1, P, and PE2, and on all interfaces along the tunnel. Enable CSPF on the ingress of the tunnel.

      # Configure PE1.

      [~PE1] mpls lsr-id 1.1.1.9
      [*PE1] mpls
      [*PE1-mpls] mpls te
      [*PE1-mpls] mpls rsvp-te
      [*PE1-mpls] mpls te cspf
      [*PE1-mpls] quit
      [*PE1] interface vlanif 100
      [*PE1-Vlanif100] mpls
      [*PE1-Vlanif100] mpls te
      [*PE1-Vlanif100] mpls rsvp-te
      [*PE1-Vlanif100] quit
      [*PE1] commit

      # Configure the P device.

      [~P] mpls lsr-id 2.2.2.9
      [*P] mpls
      [*P-mpls] mpls te
      [*P-mpls] mpls rsvp-te
      [*P-mpls] quit
      [*P] interface vlanif 100
      [*P-Vlanif100] mpls
      [*P-Vlanif100] mpls te
      [*P-Vlanif100] mpls rsvp-te
      [*P-Vlanif100] quit
      [*P] interface vlanif 200
      [*P-Vlanif200] mpls
      [*P-Vlanif200] mpls te
      [*P-Vlanif200] mpls rsvp-te
      [*P-Vlanif200] quit
      [*P] commit

      # Configure PE2.

      [~PE2] mpls lsr-id 3.3.3.9
      [*PE2] mpls
      [*PE2-mpls] mpls te
      [*PE2-mpls] mpls rsvp-te
      [*PE2-mpls] mpls te cspf
      [*PE2-mpls] quit
      [*PE2] interface vlanif 200
      [*PE2-Vlanif200] mpls
      [*PE2-Vlanif200] mpls te
      [*PE2-Vlanif200] mpls rsvp-te
      [*PE2-Vlanif200] quit
      [*PE2] commit
    • Configure OSPF TE on the MPLS backbone network to advertise TE information.

      # Configure PE1.

      [~PE1] ospf 1
      [~PE1-ospf-1] opaque-capability enable
      [*PE1-ospf-1] area 0
      [*PE1-ospf-1-area-0.0.0.0] mpls-te enable
      [*PE1-ospf-1-area-0.0.0.0] quit
      [*PE1-ospf-1] quit
      [*PE1] commit

      The configurations of PE2 and the P device are similar to the configuration of PE1, and are not mentioned here.

    • Configure tunnel interfaces for the MPLS TE tunnel and enable MPLS TE CSPF.

      On the ingress of the tunnel, create a tunnel interface and set the IP address, tunnel protocol, destination IP address, tunnel ID, and dynamic signaling protocol for the tunnel interface.

      # Configure PE1.

      [~PE1] interface tunnel 1
      [*PE1-Tunnel1] ip address unnumbered interface loopback 1
      [*PE1-Tunnel1] tunnel-protocol mpls te
      [*PE1-Tunnel1] destination 3.3.3.9
      [*PE1-Tunnel1] mpls te tunnel-id 100
      [*PE1-Tunnel1] quit
      [*PE1] commit

      # Configure PE2.

      [~PE2] interface tunnel 1
      [*PE2-Tunnel1] ip address unnumbered interface loopback 1
      [*PE2-Tunnel1] tunnel-protocol mpls te
      [*PE2-Tunnel1] destination 1.1.1.9
      [*PE2-Tunnel1] mpls te tunnel-id 100
      [*PE2-Tunnel1] quit
      [*PE2] commit

      After the configuration is complete, run the display mpls te tunnel-interface command on the PE devices at both ends of the tunnel. The command output shows that an MPLS TE tunnel is set up successfully. The command output on PE1 is used as an example.

      [~PE1] display mpls te tunnel-interface 
          Tunnel Name       : Tunnel1
          Signalled Tunnel Name: -
          Tunnel State Desc : CR-LSP is Up
          Tunnel Attributes   :     
          Active LSP          : Primary LSP
          Traffic Switch      : - 
          Session ID          : 100
          Ingress LSR ID      : 1.1.1.9               Egress LSR ID: 3.3.3.9
          Admin State         : UP                    Oper State   : UP
          Signaling Protocol  : RSVP
          FTid                : 97
          Tie-Breaking Policy : None                  Metric Type  : None
          Bfd Cap             : None                  
          Reopt               : Disabled              Reopt Freq   : -              
          Auto BW             : Disabled              Threshold    : - 
          Current Collected BW: -                     Auto BW Freq : -
          Min BW              : -                     Max BW       : -
          Offload             : Disabled              Offload Freq : - 
          Low Value           : -                     High Value   : - 
          Readjust Value      : - 
          Offload Explicit Path Name: -
          Tunnel Group        : -                                              
          Interfaces Protected: -
          Excluded IP Address : -
          Referred LSP Count  : 0  
          Primary Tunnel      : -                     Pri Tunn Sum : -              
          Backup Tunnel       : -                                                    
          Group Status        : -                     Oam Status   : -             
          IPTN InLabel        : -                     Tunnel BFD Status : -
          BackUp LSP Type     : None                  BestEffort   : Disabled
          Secondary HopLimit  : -
          BestEffort HopLimit  : -
          Secondary Explicit Path Name: -
          Secondary Affinity Prop/Mask: 0x0/0x0
          BestEffort Affinity Prop/Mask: 0x0/0x0  
          IsConfigLspConstraint: -
          Hot-Standby Revertive Mode:  Revertive
          Hot-Standby Overlap-path:  Disabled
          Hot-Standby Switch State:  CLEAR
          Bit Error Detection:  Disabled
          Bit Error Detection Switch Threshold:  -
          Bit Error Detection Resume Threshold:  -
          Ip-Prefix Name    : -
          P2p-Template Name : -
          PCE Delegate      : No                     LSP Control Status : Local control
          Auto BW Remain Time   : -                     Reopt Remain Time     : -
      
      
          Primary LSP ID      : 1.1.1.9:18448
          LSP State           : UP                    LSP Type     : Primary
          Setup Priority      : 7                     Hold Priority: 7
          IncludeAll          : 0x0
          IncludeAny          : 0x0
          ExcludeAny          : 0x0
          Affinity Prop/Mask  : 0x0/0x0               Resv Style   :  SE
          Configured Bandwidth Information:
          CT0 Bandwidth(Kbit/sec): 0               CT1 Bandwidth(Kbit/sec): 0
          CT2 Bandwidth(Kbit/sec): 0               CT3 Bandwidth(Kbit/sec): 0
          CT4 Bandwidth(Kbit/sec): 0               CT5 Bandwidth(Kbit/sec): 0
          CT6 Bandwidth(Kbit/sec): 0               CT7 Bandwidth(Kbit/sec): 0
          Actual Bandwidth Information:
          CT0 Bandwidth(Kbit/sec): 0               CT1 Bandwidth(Kbit/sec): 0
          CT2 Bandwidth(Kbit/sec): 0               CT3 Bandwidth(Kbit/sec): 0
          CT4 Bandwidth(Kbit/sec): 0               CT5 Bandwidth(Kbit/sec): 0
          CT6 Bandwidth(Kbit/sec): 0               CT7 Bandwidth(Kbit/sec): 0
          Explicit Path Name  : -                                Hop Limit: -
          Record Route        : Disabled              Record Label : Disabled
          Route Pinning       : Disabled
          FRR Flag            : Disabled
          IdleTime Remain     : -
          BFD Status          : -
          Soft Preemption     : Disabled
          Reroute Flag        : Disabled
          Pce Flag            : Normal
    • Configure a tunnel binding policy.

      # Configure PE1.

      [~PE1] interface tunnel 1
      [~PE1-Tunnel1] mpls te reserved-for-binding
      [*PE1-Tunnel1] quit
      [*PE1] tunnel-policy 1
      [*PE1-tunnel-policy-1] tunnel binding destination 3.3.3.9 te tunnel 1
      [*PE1-tunnel-policy-1] quit
      [*PE1] commit

      # Configure PE2.

      [~PE2] interface tunnel 1
      [~PE2-Tunnel1] mpls te reserved-for-binding
      [*PE2-Tunnel1] quit
      [*PE2] tunnel-policy 1
      [*PE2-tunnel-policy-1] tunnel binding destination 1.1.1.9 te tunnel 1
      [*PE2-tunnel-policy-1] quit
      [*PE2] commit

  3. Create a remote LDP session between PE1 and PE2.

    # Configure PE1.

    [~PE1] mpls ldp
    [*PE1-mpls-ldp] quit
    [*PE1] mpls ldp remote-peer 3.3.3.9
    [*PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
    [*PE1-mpls-ldp-remote-3.3.3.9] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] mpls ldp
    [*PE2-mpls-ldp] quit
    [*PE2] mpls ldp remote-peer 1.1.1.9
    [*PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
    [*PE2-mpls-ldp-remote-1.1.1.9] quit
    [*PE2] commit

    After the configuration is complete, run the display mpls ldp session command on PE1 to view the LDP session status. The command output shows that the LDP session status is Operational, indicating that a remote LDP session is established between PE1 and PE2.

    The command output on PE1 is used as an example.

    [~PE1] display mpls ldp session
     LDP Session(s) in Public Network
     LAM: Label Advertisement Mode,  KA: KeepAlive
     SsnAge: Session Age, Unit(DDDD:HH:MM)
     An asterisk (*) before a session means the session is being deleted.
    --------------------------------------------------------------------------
     PeerID             Status      LAM  SsnRole  SsnAge       KASent/Rcv
    --------------------------------------------------------------------------
     3.3.3.9:0          Operational DU   Passive  0000:00:49   200/200
    --------------------------------------------------------------------------
    TOTAL: 1 Session(s) Found.

  4. Create a VC connection between the PE devices, and apply a tunnel binding policy to the connection.

    # Configure PE1.

    [~PE1] mpls l2vpn
    [*PE1-l2vpn] quit
    [*PE1] interface vlanif 10
    [*PE1-Vlanif10] mpls l2vc 3.3.3.9 101 tunnel-policy 1
    [*PE1-Vlanif10] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] mpls l2vpn
    [*PE2-l2vpn] quit
    [*PE2] interface vlanif 20
    [*PE2-Vlanif20] mpls l2vc 1.1.1.9 101 tunnel-policy 1
    [*PE2-Vlanif20] quit
    [*PE2] commit

  5. Verify the configuration.

    Check the L2VPN connections on the PE devices. You can see that an L2 VC is set up and is in Up state.

    The command output on PE1 is used as an example.

    [~PE1] display mpls l2vc interface vlanif 10
     *client interface       : Vlanif10 is up
      Administrator PW       : no 
      session state          : up
      AC status              : up
      VC state               : up
      Label state            : 0
      Token state            : 0
      VC ID                  : 101
      VC type                : VLAN
      destination            : 3.3.3.9
      local group ID         : 0            remote group ID      : 0
      local VC label         : 26           remote VC label      : 51
      local AC OAM State     : up
      local PSN OAM State    : up
      local forwarding state : forwarding
      local status code      : 0x0 (forwarding)
      remote AC OAM state    : up
      remote PSN OAM state   : up
      remote forwarding state: forwarding
      remote status code     : 0x0 (forwarding)
      ignore standby state   : no
      BFD for PW             : unavailable
      VCCV State             : up
      manual fault           : not set
      active state           : active
      forwarding entry       : exist
      OAM Protocol           : --
      OAM Status             : --
      OAM Fault Type         : --
      PW APS ID              : --
      PW APS Status          : --
      TTL Value              : --
      link state             : up
      local VC MTU           : 1500         remote VC MTU        : 1500
      local VCCV             : alert ttl lsp-ping bfd 
      remote VCCV            : alert ttl lsp-ping bfd 
      local control word     : disable      remote control word  : disable
      tunnel policy name     : 1
      PW template name       : --
      primary or secondary   : primary
      load balance type      : flow
      Access-port            : false
      Switchover Flag        : false
      VC tunnel info         : 1 tunnels
        NO.0  TNL type       : te    , TNL ID : 0x000000000300000001
      create time            : 0 days, 0 hours, 0 minutes, 28 seconds
      up time                : 0 days, 0 hours, 0 minutes, 9 seconds
      last change time       : 0 days, 0 hours, 0 minutes, 9 seconds
      VC last up time        : 2014/04/03 08:16:47
      VC total up time       : 0 days, 0 hours, 0 minutes, 9 seconds
      CKey                   : 97
      NKey                   : 2617246111
      PW redundancy mode     : frr
      AdminPw interface      : --
      AdminPw link state     : --
      Diffserv Mode          : uniform
      Service Class          : --
      Color                  : --
      DomainId               : --
      Domain Name            : --  

    CE1 and CE2 can ping each other.

    The command output on CE1 is used as an example.

    [~CE1] ping 192.168.1.2
      PING 192.168.1.2: 56  data bytes, press CTRL_C to break          
        Reply from 192.168.1.2: bytes=56 Sequence=1 ttl=255 time=10 ms 
        Reply from 192.168.1.2: bytes=56 Sequence=2 ttl=255 time=1 ms  
        Reply from 192.168.1.2: bytes=56 Sequence=3 ttl=255 time=10 ms 
        Reply from 192.168.1.2: bytes=56 Sequence=4 ttl=255 time=1 ms  
        Reply from 192.168.1.2: bytes=56 Sequence=5 ttl=255 time=10 ms 
                                                     
      --- 192.168.1.2 ping statistics ---            
        5 packet(s) transmitted                      
        5 packet(s) received                         
        0.00% packet loss                            
        round-trip min/avg/max = 1/6/10 ms

Configuration Files

  • Configuration file of CE1

    #
    sysname CE1
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 192.168.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    return
  • Configuration file of PE1

    #
    sysname PE1
    #
    vlan batch 10 100
    #
    mpls lsr-id 1.1.1.9
    #
    mpls
     mpls te
     mpls rsvp-te
     mpls te cspf
    #
    mpls l2vpn
    #
    mpls ldp
    #
    mpls ldp remote-peer 3.3.3.9
     remote-ip 3.3.3.9
    #
    interface Vlanif10
     mpls l2vc 3.3.3.9 101 tunnel-policy 1
    #
    interface Vlanif100
     ip address 172.1.1.1 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 100
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    interface Tunnel1
     ip address unnumbered interface LoopBack1
     tunnel-protocol mpls te
     destination 3.3.3.9
     mpls te reserved-for-binding
     mpls te tunnel-id 100
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
      mpls-te enable 
    #
    tunnel-policy 1 
     tunnel binding destination 3.3.3.9 te Tunnel1
    #
    return
  • Configuration file of the P device

    #
    sysname P
    #
    vlan batch 100 200
    #
    mpls lsr-id 2.2.2.9
    #
    mpls
     mpls te
     mpls rsvp-te
    #
    interface Vlanif100
     ip address 172.1.1.2 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface Vlanif200
     ip address 172.1.2.1 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 100
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 200
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
      network 172.1.2.0 0.0.0.255
      mpls-te enable 
    #
    return
  • Configuration file of PE2

    #
    sysname PE2
    #
    vlan batch 20 200
    #
    mpls lsr-id 3.3.3.9
    #
    mpls
     mpls te
     mpls rsvp-te
     mpls te cspf
    #
    mpls l2vpn
    #
    mpls ldp
    #
    mpls ldp remote-peer 1.1.1.9
     remote-ip 1.1.1.9
    #
    interface Vlanif20
     mpls l2vc 1.1.1.9 101 tunnel-policy 1
    #
    interface Vlanif200
     ip address 172.1.2.2 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 200
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    interface Tunnel1
     ip address unnumbered interface LoopBack1
     tunnel-protocol mpls te
     destination 1.1.1.9
     mpls te reserved-for-binding
     mpls te tunnel-id 100
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 172.1.2.0 0.0.0.255
      mpls-te enable 
    #
    tunnel-policy 1 
     tunnel binding destination 3.3.3.9 te Tunnel1
    #
    return
  • Configuration file of CE2

    #
    sysname CE2
    #
    vlan batch 20
    #
    interface Vlanif20
     ip address 192.168.1.2 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    return
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 13973

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next