No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring BGP4+ AS Number Substitution

Example for Configuring BGP4+ AS Number Substitution

Networking Requirements

If different IPv6 VPN sites have the same AS number, and EBGP connections are established between PEs and CEs, you need to enable BGP4+ AS number substitution on the PEs that the VPN sites access.

On the network shown in Figure 3-8, the AS numbers of CE1 and CE2 are both 65410; EBGP is used to exchange routes between PE1 and CE1, and between PE2 and CE2.

The AS number 65410 is contained in the AS_Path attribute of the BGP routes learned by PE1 from CE1. PE2 learns BGP routes from PE1 and checks the AS_Path attribute of the routes before using EBGP to send them to CE2. Finding that the AS number 65410 in the AS_Path attribute of the routes is the same as the AS number of CE2, PE2 does not send the routes to CE2. As a result, CE1 and CE2 cannot communicate with each other.

If BGP4+ AS number substitution is configured, PE2 will replace the AS number 65410 in the AS_Path attribute of VPN routes with its own AS number 100. In this manner, the routes can pass the AS number check by BGP and reach CE2, and the two VPN sites can then access each other.

Figure 3-8 Configuring BGP4+ AS number substitution

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure basic BGP/MPLS IPv6 VPN.

  2. Configure EBGP on CEs and PEs to exchange VPN routing information.

  3. Configure BGP4+ AS number substitution on PEs.

Procedure

  1. Configure basic BGP/MPLS IPv6 VPN.

    For configuration details, see Example for Configuring Basic BGP/MPLS IPv6 VPN. The main configurations are listed as follows:

    • Configure OSPF on the MPLS backbone network so that the PEs can learn the routes to each other's loopback interface.

    • Configure basic MPLS capabilities and MPLS LDP on the MPLS backbone network and set up LDP LSPs between PEs.

    • Establish a VPNv6 peer relationship between the PEs.

    • Configure a VPN instance supporting the IPv6 address family on each PE and bind the VPN instance to the interface connected to each CE.

    • Configure BGP on CEs and PEs to exchange routing information.

    After configurations are complete, run the display ipv6 routing-table command on CE2. You can see that CE2 has learned a route to the network segment 2001::1/64 where the interface that connects CE1 to PE1 resides, but CE2 does not have a route to the VPN site of CE1 (1998::1/64). This symptom also occurs on CE1.

    Run the display ipv6 routing-table vpn-instance command on PE2. You can see that there is a route to the VPN site of the peer CE (1998::1/64) in the routing table of the VPN instance IPv6 address family.

    [~PE2] display ipv6 routing-table vpn-instance vpna
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route 
    ------------------------------------------------------------------------------
    Routing Table : vpna                                                            
             Destinations : 6        Routes : 6                                     
                                                                                    
    Destination  : 1998::                                  PrefixLength : 64        
    NextHop      : ::FFFF:1.1.1.9                          Preference   : 255       
    Cost         : 0                                       Protocol     : IBGP      
    RelayNextHop : --                                      TunnelID     : LDP LSP   
    Interface    : LDP LSP                                 Flags        : RD        
                                                                                    
    Destination  : 1999::                                  PrefixLength : 64        
    NextHop      : 2002::1                                 Preference   : 255       
    Cost         : 0                                       Protocol     : EBGP      
    RelayNextHop : 2002::1                                 TunnelID     : 0x0       
    Interface    : Vlanif40                                Flags        : RD        
                                                                                    
    Destination  : 2001::                                  PrefixLength : 64        
    NextHop      : ::FFFF:1.1.1.9                          Preference   : 255       
    Cost         : 0                                       Protocol     : IBGP      
    RelayNextHop : --                                      TunnelID     : LDP LSP   
    Interface    : LDP LSP                                 Flags        : RD        
                                                                                    
    Destination  : 2002::                                  PrefixLength : 64        
    NextHop      : 2002::2                                 Preference   : 0         
    Cost         : 0                                       Protocol     : Direct    
    RelayNextHop : ::                                      TunnelID     : 0x0       
    Interface    : Vlanif40                                Flags        : D         
                                                                                    
    Destination  : 2002::2                                 PrefixLength : 128       
    NextHop      : ::1                                     Preference   : 0         
    Cost         : 0                                       Protocol     : Direct    
    RelayNextHop : ::                                      TunnelID     : 0x0       
    Interface    : Vlanif40                                Flags        : D         
                                                                                    
    Destination  : FE80::                                  PrefixLength : 10        
    NextHop      : ::                                      Preference   : 0         
    Cost         : 0                                       Protocol     : Direct    
    RelayNextHop : ::                                      TunnelID     : 0x0       
    Interface    : NULL0                                   Flags        : D         

    Run the display bgp ipv6 routing-table peer received-routes command on CE2. You can see that CE2 does not receive any route with the prefix 1998::1/64.

    [~CE2] display bgp ipv6 routing-table peer 2002::2 received-routes
    
     BGP Local router ID is 200.1.1.1                                               
     Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
                   h - history,  i - internal, s - suppressed, S - Stale            
                   Origin : i - IGP, e - EGP, ? - incomplete                        
     RPKI validation codes: V - valid, I - invalid, N - not-found                   
                                                                                    
                                                                                    
     Total Number of Routes: 2    
     *>  Network  : 2001::                                   PrefixLen : 64
         NextHop  : 2002::2                                  LocPrf    :
         MED      :                                          PrefVal   : 0
         Label    :
         Path/Ogn : 100  ?
     *   Network  : 2002::                                   PrefixLen : 64
         NextHop  : 2002::2                                  LocPrf    :
         MED      : 0                                        PrefVal   : 0
         Label    :
         Path/Ogn : 100  ? 

  2. Configure BGP4+ AS number substitution on PEs.

    # Configure PE2.

    [~PE2] bgp 100
    [~PE2-bgp] ipv6-family vpn-instance vpna
    [*PE2-bgp-6-vpna] peer 2002::1 substitute-as
    [*PE2-bgp-6-vpna] quit
    [*PE2-bgp] quit
    [*PE2] commit

    Run the display bgp ipv6 routing-table peer received-routes command on CE2 to check the routing information received from the EBGP peer. You can see that CE2 has received a route to 1998::1/64 from PE2, and the value of the Path/Ogn field is 100 100. It indicates that the AS number has been replaced.

    [~CE2] display bgp ipv6 routing-table peer 2002::2 received-routes
    
     BGP Local router ID is 200.1.1.1                                               
     Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
                   h - history,  i - internal, s - suppressed, S - Stale            
                   Origin : i - IGP, e - EGP, ? - incomplete                        
     RPKI validation codes: V - valid, I - invalid, N - not-found                   
                                                                                    
                                                                                    
     Total Number of Routes: 3                                                      
     *>     Network  : 1998::                                   PrefixLen : 64      
            NextHop  : 2002::2                                  LocPrf    :         
            MED      :                                          PrefVal   : 0       
            Label    :                                                              
            Path/Ogn : 100 100?                                                     
     *>     Network  : 2001::                                   PrefixLen : 64      
            NextHop  : 2002::2                                  LocPrf    :         
            MED      :                                          PrefVal   : 0       
            Label    :                                                              
            Path/Ogn : 100?                                                         
     *      Network  : 2002::                                   PrefixLen : 64      
            NextHop  : 2002::2                                  LocPrf    :         
            MED      : 0                                        PrefVal   : 0       
            Label    :                                                              
            Path/Ogn : 100? 

    After BGP4+ AS number substitution is configured on PE1, the ping (with the source address specified in the ping command) between CE1 and CE2 succeeds.

    [~CE2] ping ipv6 -a 1999::1 1998::1
    
      PING 1998::1 : 56  data bytes, press CTRL_C to break
        Reply from 1998::1
        bytes=56 Sequence=1 hop limit=62  time = 140 ms
        Reply from 1998::1
        bytes=56 Sequence=2 hop limit=62  time = 140 ms
        Reply from 1998::1
        bytes=56 Sequence=3 hop limit=62  time = 150 ms
        Reply from 1998::1
        bytes=56 Sequence=4 hop limit=62  time = 170 ms
        Reply from 1998::1
        bytes=56 Sequence=5 hop limit=62  time = 140 ms
    
      --- 1998::1 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 140/148/170 ms

Configuration Files

  • CE1 configuration file

    #
    sysname CE1
    #
    vlan batch 10
    #
    interface Vlanif10
     ipv6 enable
     ipv6 address 2001::1/64
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface LoopBack1
     ipv6 enable
     ipv6 address 1998::1/64
    #
    bgp 65410
     peer 2001::2 as-number 100
    #
     ipv6-family unicast
      import-route direct
      peer 2001::2 enable
    #
    return
  • PE1 configuration file

    #
    sysname PE1
    #
    vlan batch 10 20
    #
    ip vpn-instance vpna
     ipv6-family
      route-distinguisher 100:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 1.1.1.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif10
     ip binding vpn-instance vpna
     ipv6 enable
     ipv6 address 2001::2 64
    #
    interface Vlanif20
     ip address 20.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE1/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    bgp 100
     peer 3.3.3.9 as-number 100
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 3.3.3.9 enable
     #
     ipv6-family vpnv6
      policy vpn-target
      peer 3.3.3.9 enable
    #
     ipv6-family vpn-instance vpna
      import-route direct
      peer 2001::1 as-number 65410
      peer 2001::1 substitute-as
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 20.1.1.0 0.0.0.255
    #
    return
  • P configuration file

    #
    sysname P
    #
    vlan batch 20 30
    #
    mpls lsr-id 2.2.2.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif20
     ip address 20.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif30
     ip address 30.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface 10GE1/0/2
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 20.1.1.0 0.0.0.255
      network 30.1.1.0 0.0.0.255
    #
    return
  • PE2 configuration file

    #
    sysname PE2
    #
    vlan batch 30 40
    #
    ip vpn-instance vpna
     ipv6-family
      route-distinguisher 100:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 3.3.3.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif30
     ip address 30.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif40
     ip binding vpn-instance vpna
     ipv6 enable
     ipv6 address 2002::2 64
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface 10GE1/0/2
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    bgp 100
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 1.1.1.9 enable
     #
     ipv6-family vpnv6
      policy vpn-target
      peer 1.1.1.9 enable
    #
     ipv6-family vpn-instance vpna
      import-route direct
      peer 2002::1 as-number 65410
      peer 2002::1 substitute-as
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 30.1.1.0 0.0.0.255
    #
    return
  • CE2 configuration file

    #
    sysname CE2
    #
    vlan batch 40
    #
    interface Vlanif40
     ipv6 enable
     ipv6 address 2002::1 64
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack1
     ipv6 enable
     ipv6 address 1999::1/64
    #
    bgp 65410
     peer 2002::2 as-number 100
     #
     ipv6-family unicast
      import-route direct
      peer 2002::2 enable
    #
    return
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 16384

Downloads: 26

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next