No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring VPNv6 FRR

Example for Configuring VPNv6 FRR

Networking Requirements

VPNv6 FRR can be deployed in the CE dual-homing networking. If the primary link between two PEs fails, VPNv6 FRR can quickly switch IPv6 VPN traffic to the secondary link.

On the network shown in Figure 3-9, PE1 learns two routes with the same prefix to the CE from PE2 and PE3. It is required that PE3 be configured as a backup next hop for the IPv6 route on PE1. In this manner, VPN traffic can be quickly switched to PE3 in the event of a failure of PE2.

Figure 3-9 VPNv6 FRR networking

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure OSPF on PE1, PE2, and PE3 on the MPLS backbone network to implement IP connectivity between them.

  2. Configure basic MPLS capabilities and enable MPLS LDP to set up LDP LSPs.

  3. Configure a VPN instance supporting the IPv6 address family for PE1, PE2, and PE3 respectively, and connect the CE to PE2 and PE3.

  4. Establish an EBGP peer relationship between the CE and PE2, and between the CE and PE3, import IPv6 VPN routes, and establish MP-IBGP peer relationships between the PEs.

  5. Configure static BFD for LDP LSP on PE1 and PE2.

  6. Enable VPNv6 auto FRR on PE1.

NOTE:

Ensure that STP is disabled.

Procedure

  1. Configure IPv4 addresses for interfaces on the backbone network and IPv6 addresses for interfaces at the VPN site. The configuration details are not provided here.
  2. Configure OSPF on the MPLS backbone network to ensure IP connectivity over the backbone network. The configuration details are not provided here.
  3. Configure basic MPLS capabilities and enable MPLS LDP to set up LDP LSPs.

    # Configure PE1.

    [~PE1] mpls lsr-id 1.1.1.1
    [*PE1] mpls
    [*PE1-mpls] quit
    [*PE1] mpls ldp
    [*PE1-mpls-ldp] quit
    [*PE1] interface vlanif 10
    [*PE1-Vlanif10] mpls
    [*PE1-Vlanif10] mpls ldp
    [*PE1-Vlanif10] quit
    [*PE1] interface vlanif 20
    [*PE1-Vlanif20] mpls
    [*PE1-Vlanif20] mpls ldp
    [*PE1-Vlanif20] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] mpls lsr-id 2.2.2.2
    [*PE2] mpls
    [*PE2-mpls] quit
    [*PE2] mpls ldp
    [*PE2-mpls-ldp] quit
    [*PE2] interface vlanif 10
    [*PE2-Vlanif10] mpls
    [*PE2-Vlanif10] mpls ldp
    [*PE2-Vlanif10] quit
    [*PE2] commit

    # Configure PE3.

    [~PE3] mpls lsr-id 3.3.3.3
    [*PE3] mpls
    [*PE3-mpls] quit
    [*PE3] mpls ldp
    [*PE3-mpls-ldp] quit
    [*PE3] interface vlanif 20
    [*PE3-Vlanif20] mpls
    [*PE3-Vlanif20] mpls ldp
    [*PE3-Vlanif20] quit
    [*PE3] commit

    Run the display mpls lsp command on the PEs. You can see that LSPs are set up between PE1 and PE2, and between PE1 and PE3.

  4. Configure a VPN instance supporting the IPv6 address family on each PE and connect PE2 and PE3 to the CE.

    # Configure PE1.

    [~PE1] ip vpn-instance vpn1
    [*PE1-vpn-instance-vpn1] ipv6-family
    [*PE1-vpn-instance-vpn1-af-ipv6] route-distinguisher 100:1
    [*PE1-vpn-instance-vpn1-af-ipv6] vpn-target 111:1
    [*PE1-vpn-instance-vpn1-af-ipv6] quit
    [*PE1-vpn-instance-vpn1] quit
    [*PE1] interface loopback2
    [*PE1-Loopback2] ip binding vpn-instance vpn1
    [*PE1-Loopback2] ipv6 enable
    [*PE1-Loopback2] ipv6 address 1999::1 128
    [*PE1-Loobpack2] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] ip vpn-instance vpn1
    [*PE2-vpn-instance-vpn1] ipv6-family
    [*PE2-vpn-instance-vpn1-af-ipv6] route-distinguisher 100:2
    [*PE2-vpn-instance-vpn1-af-ipv6] vpn-target 111:1
    [*PE2-vpn-instance-vpn1-af-ipv6] quit
    [*PE2-vpn-instance-vpn1] quit
    [*PE2] interface vlanif 30
    [*PE2-Vlanif30] ip binding vpn-instance vpn1
    [*PE2-Vlanif30] ipv6 enable
    [*PE2-Vlanif30] ipv6 address 2001::2 64
    [*PE2-Vlanif30] quit
    [*PE2] commit

    # Configure PE3.

    [~PE3] ip vpn-instance vpn1
    [*PE3-vpn-instance-vpn1] ipv6-family
    [*PE3-vpn-instance-vpn1-af-ipv6] route-distinguisher 100:3
    [*PE3-vpn-instance-vpn1-af-ipv6] vpn-target 111:1
    [*PE3-vpn-instance-vpn1-af-ipv6] quit
    [*PE3-vpn-instance-vpn1] quit
    [*PE3] interface vlanif 40
    [*PE3-Vlanif40] ip binding vpn-instance vpn1
    [*PE3-Vlanif40] ipv6 enable
    [*PE3-Vlanif40] ipv6 address 2003::2 64
    [*PE3-Vlanif40] quit
    [*PE3] commit

  5. Establish an EBGP peer relationship between PE2 and the CE, and between PE3 and the CE.

    # Configure PE2.

    [~PE2] bgp 100
    [*PE2-bgp] ipv6-family vpn-instance vpn1
    [*PE2-bgp-6-vpn1] peer 2001::1 as-number 65410
    [*PE2-bgp-6-vpn1] quit
    [*PE2-bgp] quit
    [*PE2] commit

    # Configure PE3.

    [~PE3] bgp 100
    [*PE3-bgp] ipv6-family vpn-instance vpn1
    [*PE3-bgp-6-vpn1] peer 2003::1 as-number 65410
    [*PE3-bgp-6-vpn1] quit
    [*PE3-bgp] quit
    [*PE3] commit

    # Configure the CE.

    [~CE] bgp 65410
    [*CE-bgp] router-id 10.10.10.10
    [*CE-bgp] peer 2001::2 as-number 100
    [*CE-bgp] peer 2003::2 as-number 100
    [*CE-bgp] ipv6-family unicast
    [*CE-bgp-af-ipv6] peer 2001::2 enable
    [*CE-bgp-af-ipv6] peer 2003::2 enable
    [*CE-bgp-af-ipv6] network 200:0:1:2::1 128
    [*CE-bgp-af-ipv6] quit
    [*CE-bgp] quit
    [*CE] commit

    After configuration is complete, run the display bgp vpnv6 vpn-instance vpn1 peer command on PE2 and PE3. You can see that the status of the EBGP peer relationships between the PEs and CE is Established.

    The display on PE2 is used as an example.

    [~PE2] display bgp vpnv6 vpn-instance vpn1 peer
     BGP local router ID : 2.2.2.2
     Local AS number : 100
     Total number of peers : 1                 Peers in established state : 1
      Peer            V    AS  MsgRcvd  MsgSent  OutQ  Up/Down       State PrefRcv
      2001::1         4 65410       46       46     0 00:08:36 Established     5

  6. Establish MP-IBGP peer relationships between the PEs.

    # Configure PE1.

    [~PE1] bgp 100
    [*PE1-bgp] peer 2.2.2.2 as-number 100
    [*PE1-bgp] peer 2.2.2.2 connect-interface loopback 1
    [*PE1-bgp] peer 3.3.3.3 as-number 100
    [*PE1-bgp] peer 3.3.3.3 connect-interface loopback 1
    [*PE1-bgp] ipv6-family vpnv6
    [*PE1-bgp-af-vpnv6] peer 2.2.2.2 enable
    [*PE1-bgp-af-vpnv6] peer 3.3.3.3 enable
    [*PE1-bgp-af-vpnv6] quit
    [*PE1-bgp] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] bgp 100
    [~PE2-bgp] peer 1.1.1.1 as-number 100
    [*PE2-bgp] peer 1.1.1.1 connect-interface loopback 1
    [*PE2-bgp] ipv6-family vpnv6
    [*PE2-bgp-af-vpnv6] peer 1.1.1.1 enable
    [*PE2-bgp-af-vpnv6] quit
    [*PE2-bgp] quit
    [*PE2] commit

    # Configure PE3.

    [~PE3] bgp 100
    [~PE3-bgp] peer 1.1.1.1 as-number 100
    [*PE3-bgp] peer 1.1.1.1 connect-interface loopback 1
    [*PE3-bgp] ipv6-family vpnv6
    [*PE3-bgp-af-vpnv6] peer 1.1.1.1 enable
    [*PE3-bgp-af-vpnv6] quit
    [*PE3-bgp] quit
    [*PE3] commit

    After the configuration is complete, run the display bgp vpnv6 all peer command on the PEs. You can see that the status of the MP-IBGP peer relationships between the PEs is Established.

    The display on PE1 is used as an example.

    [~PE1] display bgp vpnv6 all peer
    
     BGP local router ID : 1.1.1.1
     Local AS number : 100
     Total number of peers : 2                 Peers in established state : 2
    
    Peer            V    AS  MsgRcvd  MsgSent    OutQ  Up/Down       State PrefRcv
    
    2.2.2.2         4   100       20       17       0 00:13:26 Established       5
    3.3.3.3         4   100       24       19       0 00:17:18 Established       5

  7. Configure Static BFD for LDP LSP.

    # Configure Static BFD for LDP LSP on the PE1.

    [~PE1] bfd
    [*PE1-bfd] quit
    [*PE1] bfd for_ldp_lsp bind ldp-lsp peer-ip 2.2.2.2 nexthop 100.1.1.2 interface vlanif 10
    [*PE1-bfd-lsp-session-for_ldp_lsp] discriminator local 10
    [*PE1-bfd-lsp-session-for_ldp_lsp] discriminator remote 20
    [*PE1-bfd-lsp-session-for_ldp_lsp] commit
    [*PE1-bfd-lsp-session-for_ldp_lsp] quit

    # Configure Static BFD for LDP LSP on the PE2.

    [~PE2] bfd
    [*PE2-bfd] quit
    [*PE2] bfd for_ldp_lsp bind ldp-lsp peer-ip 1.1.1.1 nexthop 100.1.1.1 interface vlanif 10
    [*PE2-bfd-lsp-session-for_ldp_lsp] discriminator local 20
    [*PE2-bfd-lsp-session-for_ldp_lsp] discriminator remote 10
    [*PE2-bfd-lsp-session-for_ldp_lsp] commit
    [*PE2-bfd-lsp-session-for_ldp_lsp] quit

    # After completing the configuration, run the display bfd session all verbose command on the PE1 and PE2. Up is displayed in the State field, and LDP_LSP is displayed in the BFD Bind Type field.

  8. Enable VPNv6 auto FRR.

    # Configure PE1.

    [~PE1] bgp 100
    [~PE1-bgp] ipv6-family vpn-instance vpn1
    [*PE1-bgp-6-vpn1] auto-frr
    [*PE1-bgp-6-vpn1] quit
    [*PE1-bgp] quit
    [*PE1] commit
    NOTE:

    The auto-frr command run in the BGP-VPN instance IPv6 address family view is valid only for BGP routes.

  9. Verify the configuration.

    After the configurations are complete, run the display ipv6 routing-table vpn-instance verbose command on PE1. You can see the backup next hop, backup label, and backup tunnel ID in the IPv6 VPN route.

    [~PE1] display ipv6 routing-table vpn-instance vpn1 200:0:1:2::1 128 verbose
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route 
    ------------------------------------------------------------------------------
    Routing Table :vpn1
    Summary Count : 1
    
     Destination  : 200:0:1:2::1                    PrefixLength : 128
     NextHop      : ::FFFF:2.2.2.2                  Preference   : 255
     Neighbour    : ::2.2.2.2                       ProcessID    : 0
     Label        : 1030                            Protocol     : IBGP
     State        : Active Adv Relied               Cost         : 0
     Entry ID     : 12                              EntryFlags   : 0x80024904
     Reference Cnt: 2                               Tag          : 0
     IndirectID   : 0x4                             Age          : 31sec
     RelayNextHop : ::FFFF:100.1.1.2                TunnelID     : 0x0000000001004c4ba2
     Interface    : LDP LSP                         Flags        : RD
     BkNextHop    : ::FFFF:3.3.3.3                  BkInterface  :
     BkLabel      : 1026                            BkTunnelID   : 0x0
     BkPETunnelID : 0x800001                        BkIndirectID : 0x6 

Configuration Files

  • PE1 configuration file

    #
    sysname PE1
    #
    vlan batch 10 20
    #
    ip vpn-instance vpn1
     ipv6-family
      route-distinguisher 100:1
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
    mpls lsr-id 1.1.1.1
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif10
     ip address 100.1.1.1 255.255.255.252
     mpls
     mpls ldp
    #
    interface Vlanif20
     ip address 100.2.1.1 255.255.255.252
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface 10GE1/0/2
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface LoopBack1
     ip address 1.1.1.1 255.255.255.255
    #
    interface LoopBack2
     ip binding vpn-instance vpn1
     ipv6 enable
     ipv6 address 1999::1/128
    #
    bgp 100
     peer 2.2.2.2 as-number 100
     peer 2.2.2.2 connect-interface LoopBack1
     peer 3.3.3.3 as-number 100
     peer 3.3.3.3 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 2.2.2.2 enable
      peer 3.3.3.3 enable
     #
     ipv6-family vpnv6
      policy vpn-target
      peer 2.2.2.2 enable
      peer 3.3.3.3 enable
     #
     ipv6-family vpn-instance vpn1
      auto-frr
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.1 0.0.0.0
      network 100.1.1.0 0.0.0.3
      network 100.2.1.0 0.0.0.3
    #
    bfd for_ldp_lsp bind ldp-lsp peer-ip 2.2.2.2 nexthop 100.1.1.2 interface Vlanif10
     discriminator local 10
     discriminator remote 20
    #
    return
  • PE2 configuration file

    #
    sysname PE2
    #
    vlan batch 10 30
    #
    ip vpn-instance vpn1
     ipv6-family
      route-distinguisher 100:2
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
    mpls lsr-id 2.2.2.2
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif10
     ip address 100.1.1.2 255.255.255.252
     mpls
     mpls ldp
    #
    interface Vlanif30
     ip binding vpn-instance vpn1
     ipv6 enable 
     ipv6 address 2001::2/64
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE1/0/2
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface LoopBack1
     ip address 2.2.2.2 255.255.255.255
    #
    bgp 100
     peer 1.1.1.1 as-number 100
     peer 1.1.1.1 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 1.1.1.1 enable
     #
     ipv6-family vpnv6
      policy vpn-target
      peer 1.1.1.1 enable
     #
     ipv6-family vpn-instance vpn1
      peer 2001::1 as-number 65410
      import-route direct
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.2 0.0.0.0
      network 100.1.1.0 0.0.0.3
    #
    bfd for_ldp_lsp bind ldp-lsp peer-ip 1.1.1.1 nexthop 100.1.1.1 interface Vlanif10
     discriminator local 20
     discriminator remote 10
    #
    return
  • PE3 configuration file

    #
    sysname PE3
    #
    vlan batch 20 40
    #
    ip vpn-instance vpn1
     ipv6-family
      route-distinguisher 100:3
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
    mpls lsr-id 3.3.3.3
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif20
     ip address 100.2.1.2 255.255.255.252
     mpls
     mpls ldp
    #
    interface Vlanif40
     ip binding vpn-instance vpn1
     ipv6 enable 
     ipv6 address 2003::2/64
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface 10GE1/0/2
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack1
     ip address 3.3.3.3 255.255.255.255
    #
    bgp 100
     peer 1.1.1.1 as-number 100 
     peer 1.1.1.1 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 1.1.1.1 enable
     #
     ipv6-family vpnv6
      policy vpn-target
      peer 1.1.1.1 enable
     #
     ipv6-family vpn-instance vpn1
      peer 2003::1 as-number 65410
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.3 0.0.0.0
      network 100.2.1.0 0.0.0.3
    #
    return
  • CE configuration file

    #
    sysname CE
    #
    vlan batch 30 40
    #
    interface Vlanif30
     ipv6 enable
     ipv6 address 2001::1/64
    #
    interface Vlanif40
     ipv6 enable 
     ipv6 address 2003::1/64
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface 10GE1/0/2
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack1
     ipv6 enable
     ipv6 address 200:0:1:2::1/128
    #
    bgp 65410
     router-id 10.10.10.10
     peer 2001::2 as-number 100
     peer 2003::2 as-number 100
     #
     ipv4-family unicast
     #
     ipv6-family unicast
      network 200:0:1:2::1 128
      peer 2001::2 enable
      peer 2003::2 enable
    #
    return
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14369

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next