No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring LDP HVPLS

Example for Configuring LDP HVPLS

Networking Requirements

As shown in Figure 6-20, an enterprise has its own MPLS backbone network. Site1 connects to the UPE on the backbone network through CE1; Site2 connects to the UPE through CE2; and Site3 connects to PE1 through CE3. Users in Site1, Site2, and Site3 need to communicate with each other at Layer 2 and user information in Layer 2 packets needs to be retained when the packets are transmitted over the backbone network. In addition, the backbone network should use a hierarchical structure with UPE and SPE.

Figure 6-20 Networking for configuring LDP HVPLS

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure VPLS to transparently transmit Layer 2 packets on the backbone network, so that users in Site1, Site2, and Site3 can communicate at Layer 2 and user information in Layer 2 packets can be retained when the packets are transmitted over the backbone network.

  2. Configure LDP HVPLS to form a hierarchical network structure and implement communication between all the CEs on the Layer 2 network.

  3. Configure an IGP protocol on the backbone network to ensure that data can be transmitted between the PEs over the public network.

  4. Configure basic MPLS capabilities and LDP on devices on the backbone network.

  5. Create a tunnel between the PEs to transparently transmit data.

  6. Enable MPLS L2VPN on the PEs.

  7. Create a VSI on the PEs, specify LDP as the signaling protocol, and bind the VSI to AC-side interfaces on the UPE and PE1 to implement LDP VPLS.

  8. To implement hierarchical HVPLS, specify the UPE as the underlayer PE and PE1 as the VSI peer for the SPE; specify the SPE as the VSI peer for UPE and PE1.

Procedure

  1. Add interfaces to VLANs.

    Add interfaces on each Switch to a VLAN and specify an IP address for each VLANIF interface.

    NOTE:

    The AC-side physical interface and PW-side physical interface of a PE cannot be added to the same VLAN; otherwise, a loop occurs.

    # Configure CE1.

    <HUAWEI> system-view
    [~HUAWEI] sysname CE1
    [*HUAWEI] commit
    [~CE1] vlan 10
    [*CE1-vlan10] quit
    [*CE1] interface vlanif 10
    [*CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0
    [*CE1-Vlanif10] quit
    [*CE1] interface 10ge 1/0/0
    [*CE1-10GE1/0/0] port link-type trunk
    [*CE1-10GE1/0/0] port trunk allow-pass vlan 10
    [*CE1-10GE1/0/0] quit
    [*CE1] commit

    Configure the other switches according to Figure 6-20. The configurations are similar to the configuration of CE1, and are not mentioned here.

  2. Configure an IGP. In this example, OSPF is used.

    When configuring OSPF, advertise the 32-bit loopback interface addresses (LSR IDs) of the UPE, SPE, and PE1.

    Configure OSPF on the UPE, SPE, and PE1.

    # Configure the UPE.

    [~UPE] interface loopback 1
    [*UPE-LoopBack1] ip address 1.1.1.9 255.255.255.255
    [*UPE-LoopBack1] quit
    [*UPE] ospf 1
    [*UPE-ospf-1] area 0.0.0.0
    [*UPE-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [*UPE-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255
    [*UPE-ospf-1-area-0.0.0.0] quit
    [*UPE-ospf-1] quit
    [*UPE] commit

    Configure OSPF on the SPE and PE1. The configurations are similar to the configuration of the UPE, and are not mentioned here.

    After the configuration is complete, run the display ip routing-table command on the UPE, SPE, and PE1. You can find that the UPE, SPE, and PE1 have learned each other's loopback interface IP address.

  3. Configure basic MPLS capabilities and LDP.

    Configure basic MPLS capabilities and LDP on the UPE, SPE, and PE1.

    # Configure the UPE.

    [~UPE] mpls lsr-id 1.1.1.9
    [*UPE] mpls
    [*UPE-mpls] mpls ldp
    [*UPE-mpls-ldp] quit
    [*UPE] interface vlanif 30
    [*UPE-Vlanif30] mpls
    [*UPE-Vlanif30] mpls ldp
    [*UPE-Vlanif30] quit
    [*UPE] commit

    Configure basic MPLS capabilities and LDP on the SPE and PE1. The configurations are similar to the configuration of the UPE, and are not mentioned here.

    After the configuration is complete, run the display mpls ldp session command on the UPE, SPE, and PE1. You can find that the peer relationship between the UPE and SPE or between the SPE and PE1 is Operational, indicating that the peer relationship has been established. Run the display mpls lsp command to view the LSP status.

  4. Enable MPLS L2VPN and configure a VSI.

    # Configure the UPE.

    [~UPE] mpls l2vpn
    [*UPE-l2vpn] quit
    [*UPE] vsi v123 static
    [*UPE-vsi-v123] pwsignal ldp
    [*UPE-vsi-v123-ldp] vsi-id 123
    [*UPE-vsi-v123-ldp] peer 2.2.2.9
    [*UPE-vsi-v123-ldp] quit
    [*UPE-vsi-v123] quit
    [*UPE] commit

    # Configure the SPE.

    [~SPE] mpls l2vpn
    [*SPE-l2vpn] quit
    [*SPE] vsi v123 static
    [*SPE-vsi-v123] pwsignal ldp
    [*SPE-vsi-v123-ldp] vsi-id 123
    [*SPE-vsi-v123-ldp] peer 3.3.3.9
    [*SPE-vsi-v123-ldp] peer 1.1.1.9 upe
    [*SPE-vsi-v123-ldp] quit
    [*SPE-vsi-v123] quit
    [*SPE] commit

    # Configure PE1.

    [~PE1] mpls l2vpn
    [*PE1-l2vpn] quit
    [*PE1] vsi v123 static
    [*PE1-vsi-v123] pwsignal ldp
    [*PE1-vsi-v123-ldp] vsi-id 123
    [*PE1-vsi-v123-ldp] peer 2.2.2.9
    [*PE1-vsi-v123-ldp] quit
    [*PE1-vsi-v123] quit
    [*PE1] commit

  5. Bind the VSI to interfaces on the UPE and PE1.

    # Configure the UPE.

    [~UPE] interface vlanif 10
    [~UPE-Vlanif10] l2 binding vsi v123
    [*UPE-Vlanif10] quit
    [*UPE] interface vlanif 20
    [*UPE-Vlanif20] l2 binding vsi v123
    [*UPE-Vlanif20] quit
    [*UPE] commit

    # Configure PE1.

    [~PE1] interface vlanif 50
    [~PE1-Vlanif50] l2 binding vsi v123
    [*PE1-Vlanif50] quit
    [*PE1] commit

  6. Verify the configuration.

    After configuration is complete, run the display vpls vsi name v123 verbose command on the SPE. You can find that the status of the VSI named v123 is Up, and the status of the corresponding PW is also Up.

    [~SPE] display vpls vsi name v123 verbose
    
     ***VSI Name               : v123
        Administrator VSI      : no
        Isolate Spoken         : disable
        VSI Index              : 1
        PW Signaling           : ldp
        Member Discovery Style : static
        Bridge-domain Mode     : disable
        PW MAC Learn Style     : unqualify
        Encapsulation Type     : vlan
        MTU                    : 1500
        Ignore AcState         : disable
        P2P VSI                : disable
        Create Time            : 0 days, 0 hours, 20 minutes, 51 seconds
        VSI State              : up
        Resource Status        : --
    
        VSI ID                 : 123
       *Peer Router ID         : 1.1.1.9
        primary or secondary   : primary
        ignore-standby-state   : no
        VC Label               : 16
        Peer Type              : dynamic
        Session                : up
        Tunnel ID              : 0x0000000001004c4b43 
        Broadcast Tunnel ID    : --
        Broad BackupTunnel ID  : -- 
        CKey                   : 2
        NKey                   : 2835349811
        Stp Enable             : 0
        PwIndex                : 2
       *Peer Router ID         : 3.3.3.9
        primary or secondary   : primary
        ignore-standby-state   : no
        VC Label               : 17
        Peer Type              : dynamic
        Session                : up
        Tunnel ID              : 0x0000000001004c4b42 
        Broadcast Tunnel ID    : --
        Broad BackupTunnel ID  : -- 
        CKey                   : 1
        NKey                   : 2835349812
        Stp Enable             : 0
        PwIndex                : 1
    
      **PW Information:
                    
       *Peer Ip Address        : 1.1.1.9
        PW State               : up
        Local VC Label         : 16
        Remote VC Label        : 16
        PW Type                : MEHVPLS
        Tunnel ID              : 0x0000000001004c4b43 
        Broadcast Tunnel ID    : --
        Broad BackupTunnel ID  : --
        Ckey                   : 2
        Nkey                   : 2835349811
        Main PW Token          : 0x0
        Slave PW Token         : 0x0
        Tnl Type               : ldp
        OutInterface           : 
        Backup OutInterface    : --
        Stp Enable             : 0
        Mac Flapping           : 0
        PW Last Up Time        : 2013/12/05 12:49:21
        PW Total Up Time       : 0 days, 0 hours, 1 minutes, 22 seconds
       *Peer Ip Address        : 3.3.3.9
        PW State               : up
        Local VC Label         : 17
        Remote VC Label        : 18
        PW Type                : label
        Tunnel ID              : 0x0000000001004c4b42 
        Broadcast Tunnel ID    : --
        Broad BackupTunnel ID  : --
        Ckey                   : 1
        Nkey                   : 2835349812
        Main PW Token          : 0x0
        Slave PW Token         : 0x0
        Tnl Type               : ldp
        OutInterface           : 
        Backup OutInterface    : --
        Stp Enable             : 0
        Mac Flapping           : 0
        PW Last Up Time        : 2013/12/05 12:49:21
        PW Total Up Time       : 0 days, 0 hours, 1 minutes, 22 seconds

    CE1, CE2, and CE3 can ping each other successfully. After you run the shutdown command on the interface (to which the VSI is bound) of the UPE or PE1, CE2 and CE3 cannot ping each other. This indicates that user data is transmitted through the PW of this VSI.

Configuration Files

  • Configuration file of the UPE

    #
     sysname UPE
    #
     vlan batch 10 20 30
    #
     mpls lsr-id 1.1.1.9
     mpls
    #
     mpls l2vpn
    #
    vsi v123 static
     pwsignal ldp
      vsi-id 123
      peer 2.2.2.9
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif10
     l2 binding vsi v123
    #
    interface Vlanif20
     l2 binding vsi v123
    #
    interface Vlanif30
     ip address 100.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/0
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE2/0/0
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface 10GE3/0/0
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 100.1.1.0 0.0.0.255
    #
    return
  • Configuration file of the SPE

    #
     sysname SPE
    #
     vlan batch 30 40
    #
     mpls lsr-id 2.2.2.9
     mpls
    #
     mpls l2vpn
    #
    vsi v123 static
     pwsignal ldp
      vsi-id 123
      peer 3.3.3.9
      peer 1.1.1.9 upe
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif 30
     ip address 100.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif40
     ip address 100.2.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/0
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface 10GE2/0/0
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 100.2.1.0 0.0.0.255
      network 100.1.1.0 0.0.0.255
    #
    return
  • Configuration file of PE1

    #
     sysname PE1
    #
     vlan batch 40 50
    #
     mpls lsr-id 3.3.3.9
     mpls
    #
     mpls l2vpn
    #
    vsi v123 static
     pwsignal ldp
      vsi-id 123
      peer 2.2.2.9
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif40
     ip address 100.2.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif50
     l2 binding vsi v123
    #
    interface 10GE1/0/0
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface 10GE2/0/0
     port link-type trunk
     port trunk allow-pass vlan 50
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 100.2.1.0 0.0.0.255
      network 3.3.3.9 0.0.0.0
    #
    return
  • Configuration file of CE1 at enterprise Site1 branch egress

    #
     sysname CE1
    #
     vlan batch 10
    #
    interface Vlanif10
     ip address 10.1.1.1 255.255.255.0
    #
    interface 10GE1/0/0
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    return
  • Configuration file of CE2 at enterprise Site2 branch egress

    #
     sysname CE2
    #
     vlan batch 20
    #
    interface Vlanif20
     ip address 10.1.1.2 255.255.255.0
    #
    interface 10GE1/0/0
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    return
    
  • Configuration file of CE3 at enterprise Site3 branch egress

    #
     sysname CE3
    #
     vlan batch 50
    #
    interface Vlanif50
     ip address 10.1.1.3 255.255.255.0
    #
    interface 10GE1/0/0
     port link-type trunk
     port trunk allow-pass vlan 50
    #
    return
    
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14227

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next