No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring FRR for IP VPN Routes

Example for Configuring FRR for IP VPN Routes

Networking Requirements

When multiple CE devices in a site connect to the same PE device, the PE device learns multiple IP VPN routes with the same VPN prefix. To use one of these IP VPN routes as the primary route and the others as backup routes, configure FRR for IP VPN routes. Then the PE device generates primary and backup routes to the VPN prefix. When the link of the primary route fails, IP data of this site is quickly switched to the link of a backup route.

As shown in Figure 2-53, the PE device sets up EBGP peer relationships with CE1 and CE2 and has two BGP routes to Loopback1 of SwitchA. The route on Link_A is the primary route, and the route on Link_B is the backup route. FRR for IP VPN routes needs to be configured on the PE device to enable IP traffic of the private network to be quickly switched to Link_B when Link_A fails.

Figure 2-53 FRR for IP VPN routes

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure an IGP in the VPN site so that the routes to the loopback interface of SwitchA can be advertised to CE1 and CE2.

  2. Configure a VPN instance vpna on the PE device and bind the instance to the interfaces connected to CE1 and CE2.

  3. On the PE device, set up EBGP peer relationships with CE1 and CE2. On CE1 and CE2, import IGP routes into BGP and import BGP routes into IGP.

  4. Enable BGP auto FRR on the PE device.

Procedure

  1. Configure IP addresses for interfaces on the devices in the VPN site.

    # Configure SwitchA.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchA
    [*HUAWEI] commit
    [~SwitchA] interface loopback 1
    [*SwitchA-LoopBack1] ip address 10.10.10.10 32
    [*SwitchA-LoopBack1] quit
    [*SwitchA] vlan batch 30 40
    [*SwitchA] interface 10ge 1/0/1
    [*SwitchA-10GE1/0/1] port link-type trunk
    [*SwitchA-10GE1/0/1] port trunk allow-pass vlan 30
    [*SwitchA-10GE1/0/1] quit
    [*SwitchA] interface 10ge 2/0/2
    [*SwitchA-10GE2/0/2] port link-type trunk
    [*SwitchA-10GE2/0/2] port trunk allow-pass vlan 40
    [*SwitchA-10GE2/0/2] quit
    [*SwitchA] interface vlanif 30
    [*SwitchA1-Vlanif30] ip address 10.3.1.2 24
    [*SwitchA1-Vlanif30] quit
    [*SwitchA] interface vlanif 40
    [*SwitchA-Vlanif40] ip address 10.4.1.2 24
    [*SwitchA-Vlanif40] quit
    [*SwitchA] commit
    

    The configurations of PE, CE1, and CE2 are the same as that of SwitchA.

  2. Configure an IGP in the VPN site so that the routes to the loopback interface of SwitchA can be advertised to CE1 and CE2. OSPF is used in this example.

    # Configure CE1.

    [~CE1] ospf 1
    [*CE1-ospf] area 0
    [*CE1-ospf-1-area-0.0.0.0] network 10.3.1.0 0.0.0.255
    [*CE1-ospf-1-area-0.0.0.0] quit
    [*CE1-ospf] quit
    [*CE1] commit

    The configurations of CE2 and SwitchA are the same as that of CE1.

    After the configuration is complete, run the display ip routing-table command on the CE devices. You can see that CE1 and CE2 have learned the routes to Loopback1 of SwitchA. Take the display on CE1 as an example:

    [~CE1] display ip routing-table
    Proto: Protocol        Pre: Preference
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Table : _public_
             Destinations : 12       Routes : 12        
    
    Destination/Mask    Proto  Pre  Cost        Flags NextHop         Interface
    
           10.1.1.0/24  Direct 0    0             D  10.1.1.2        VLANIF10
           10.1.1.2/32  Direct 0    0             D  127.0.0.1       VLANIF10
         10.1.1.255/32  Direct 0    0             D  127.0.0.1       VLANIF10
           10.3.1.0/24  Direct 0    0             D  10.3.1.1        VLANIF30
           10.3.1.1/32  Direct 0    0             D  127.0.0.1       VLANIF30
         10.3.1.255/32  Direct 0    0             D  127.0.0.1       VLANIF30
           10.4.1.0/24  OSPF   10   2             D  10.3.1.2        VLANIF30
        10.10.10.10/32  OSPF   10   1             D  10.3.1.2        VLANIF30
          127.0.0.0/8   Direct 0    0             D  127.0.0.1       InLoopBack0
          127.0.0.1/32  Direct 0    0             D  127.0.0.1       InLoopBack0
    127.255.255.255/32  Direct 0    0             D  127.0.0.1       InLoopBack0 
    255.255.255.255/32  Direct 0    0             D  127.0.0.1       InLoopBack0   

  3. Configure a VPN instance on the PE device and bind the instance to the interfaces connected to CE devices.

    # Configure VPN instance vpna on the PE device and bind the instance to VLANIF10 and VLANIF20.

    [~PE] ip vpn-instance vpna
    [*PE-vpn-instance-vpna] ipv4-family
    [*PE-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
    [*PE-vpn-instance-vpna-af-ipv4] vpn-target 100:100
    [*PE-vpn-instance-vpna-af-ipv4] quit
    [*PE-vpn-instance-vpna] quit
    [*PE] interface vlanif 10
    [*PE-Vlanif10] ip binding vpn-instance vpna
    [*PE-Vlanif10] ip address 10.1.1.1 24
    [*PE-Vlanif10] quit
    [*PE] interface vlanif 20
    [*PE-Vlanif20] ip binding vpn-instance vpna
    [*PE-Vlanif20] ip address 10.2.1.1 24
    [*PE-Vlanif20] quit
    [*PE] commit
    

  4. Set up EBGP peer relationships between the PE device and CE devices.

    # Configure the PE device.

    [~PE] bgp 100
    [*PE-bgp] ipv4-family vpn-instance vpna
    [*PE-bgp-vpna] peer 10.1.1.2 as-number 65410
    [*PE-bgp-vpna] peer 10.2.1.2 as-number 65410
    [*PE-bgp-vpna] quit
    [*PE-bgp] commit
    [~PE-bgp] quit
    

    # Configure CE1.

    [~CE1] bgp 65410
    [*CE1-bgp] peer 10.1.1.1 as-number 100
    [*CE1-bgp] commit
    [~CE1-bgp] quit
    

    # Configure CE2.

    [~CE2] bgp 65410
    [*CE2-bgp] peer 10.2.1.1 as-number 100
    [*CE2-bgp] commit
    [~CE2-bgp] quit
    

    After the configuration is complete, run the display bgp vpnv4 vpn-instance vpna peer command on the PE device. You can see that the EBGP peer relationships have been established between the PE device and the CE devices.

    [~PE] display bgp vpnv4 vpn-instance vpna peer
     
     BGP local router ID : 1.1.1.9
     Local AS number : 100
    
     VPN-Instance vpna, Router ID 1.1.1.9:    
     Total number of peers : 2         Peers in established state : 2
    
      Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv
      10.1.1.2        4       65410       21       23     0 00:17:47 Established        1
      10.2.1.2        4       65410       51       64     0 00:15:03 Established        1

  5. On CE1 and CE2, import BGP routes into OSPF and import OSPF routes into BGP.

    # Configure CE1.

    [~CE1] bgp 65410
    [~CE1-bgp] network 10.10.10.10 32
    [*CE1-bgp] quit
    [*CE1] ospf 1
    [*CE1-ospf-1] import-route bgp
    [*CE1-ospf-1] quit
    [*CE1] commit
    

    # Configure CE2.

    [~CE2] bgp 65410
    [~CE2-bgp] network 10.10.10.10 32
    [*CE2-bgp] quit
    [*CE2] ospf 1
    [*CE2-ospf-1] import-route bgp
    [*CE2-ospf-1] quit
    [*CE2] commit
    

    After the configuration is complete, run the display ip routing-table vpn-instance command on the PE device. The routing table of the VPN instance contains the route to Loopback1 of SwitchA.

    [~PE] display ip routing-table vpn-instance vpna
    Proto: Protocol        Pre: Preference
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Table : vpna
             Destinations : 8        Routes : 8         
    
    Destination/Mask    Proto  Pre  Cost        Flags NextHop         Interface
    
           10.1.1.0/24  Direct 0    0             D  10.1.1.1        VLANIF10
           10.1.1.1/32  Direct 0    0             D  127.0.0.1       VLANIF10
         10.1.1.255/32  Direct 0    0             D  127.0.0.1       VLANIF10
        10.10.10.10/32  EBGP   255  1             RD 10.1.1.2        VLANIF10
           10.2.1.0/24  Direct 0    0             D  10.2.1.1        VLANIF20
           10.2.1.1/32  Direct 0    0             D  127.0.0.1       VLANIF20
         10.2.1.255/32  Direct 0    0             D  127.0.0.1       VLANIF20
    255.255.255.255/32  Direct 0    0             D  127.0.0.1       InLoopBack0

  6. Enable BGP auto FRR on the PE device.

    NOTE:

    You can enable BGP auto FRR by running the auto-frr command in the BGP-VPN IPv4 address family view only when BGP is running between the PE and CE devices.

    # Configure the PE device.

    [~PE] bgp 100
    [~PE-bgp] ipv4-family vpn-instance vpna
    [~PE-bgp-vpna] auto-frr
    [*PE-bgp-vpna] quit
    [*PE-bgp] quit
    [*PE] commit
    

  7. Verify the configuration.

    Run the display ip routing-table vpn-instance command on the PE device. You can see that the next hop of the route to 10.10.10.10/32 is 10.1.1.2, and the route has a backup next hop and a backup outbound interface.

    [~PE] display ip routing-table vpn-instance vpna 10.10.10.10 verbose
    Proto: Protocol        Pre: Preference
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------  
    Routing Table : vpna                              
    Summary Count : 1                            
                                                     
    Destination: 10.10.10.10/32                         
         Protocol: EBGP            Process ID: 0        
       Preference: 255                   Cost: 1         
          NextHop: 10.1.1.2         Neighbour: 0.0.0.0   
            State: Active Adv Relied      Age: 00h00m07s        
              Tag: 0                 Priority: low             
            Label: NULL               QoSInfo: 0x0           
       IndirectID: 0x26000159                                   
     RelayNextHop: 10.1.1.2         Interface: Vlanif10        
         TunnelID: 0x0                  Flags: RD                
        BkNextHop: 10.2.1.2       BkInterface: Vlanif20        
          BkLabel: NULL           SecTunnelID: 0x0            
     BkPETunnelID: 0x0        BkPESecTunnelID: 0x0      
     BkIndirectID: 0x26000157   

    Run the shutdown command on 10GE2/0/2 of CE1 to simulate a link failure.

    [~CE1] interface 10ge 2/0/2
    [~CE1-10GE2/0/2] shutdown
    [*CE1-10GE2/0/2] commit
    [~CE1-10GE2/0/2] quit

    Run the display ip routing-table vpn-instance command on the PE device. You can see that the next hop of the route to 10.10.10.10/32 is 10.2.1.2, and the route has no backup next hop or backup outbound interface.

    [~PE] display ip routing-table vpn-instance vpna 10.10.10.10 verbose
    Proto: Protocol        Pre: Preference
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Table : vpna                                
    Summary Count : 1                                     
                                                      
    Destination: 10.10.10.10/32                           
         Protocol: EBGP            Process ID: 0         
       Preference: 255                   Cost: 100       
          NextHop: 10.2.1.2         Neighbour: 0.0.0.0      
            State: Active Adv Relied      Age: 00h00m06s   
              Tag: 0                 Priority: low           
            Label: NULL               QoSInfo: 0x0         
       IndirectID: 0x26000157                              
     RelayNextHop: 10.2.1.2         Interface: Vlanif20 
         TunnelID: 0x0                  Flags: RD    

    This indicates that FRR for IP VPN routes has taken effect.

Configuration Files

  • PE configuration file
    #
    sysname PE
    #
    vlan batch 10 20
    #
    ip vpn-instance vpna
     ipv4-family
      route-distinguisher 100:1
      vpn-target 100:100 export-extcommunity
      vpn-target 100:100 import-extcommunity
    #
    interface Vlanif10
     ip binding vpn-instance vpna
     ip address 10.1.1.1 255.255.255.0
    #
    interface Vlanif20
     ip binding vpn-instance vpna
     ip address 10.2.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    # 
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    bgp 100
     #
     ipv4-family unicast
     #
     ipv4-family vpn-instance vpna
      auto-frr
      peer 10.1.1.2 as-number 65410
      peer 10.2.1.2 as-number 65410
    #
    return
    
  • CE1 configuration file
    #
    sysname CE1
    #
    vlan batch 10 30
    #
    interface Vlanif10
     ip address 10.1.1.2 255.255.255.0
    #
    interface Vlanif30
     ip address 10.3.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    # 
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    bgp 65410
     peer 10.1.1.1 as-number 100
     #
     ipv4-family unicast
      network 10.10.10.10 255.255.255.255
      peer 10.1.1.1 enable
    #
    ospf 1 
     import-route bgp
     area 0.0.0.0
      network 10.3.1.0 0.0.0.255
    #
    return
  • CE2 configuration file
    #
    sysname CE2
    #
    vlan batch 20 40
    #
    interface Vlanif20
     ip address 10.2.1.2 255.255.255.0
    #
    interface Vlanif40
     ip address 10.4.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    # 
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    bgp 65410
     peer 10.2.1.1 as-number 100
     #
     ipv4-family unicast
      network 10.10.10.10 255.255.255.255
      peer 10.2.1.1 enable
    #
    ospf 1 
      import-route bgp
      area 0.0.0.0
       network 10.4.1.0 0.0.0.255
    #
    return
  • SwitchA configuration file
    #
    sysname SwitchA
    #
    vlan batch 30 40
    #
    interface Vlanif30
     ip address 10.3.1.2 255.255.255.0
    #
    interface Vlanif40
     ip address 10.4.1.2 255.255.255.0
    # 
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 30
    # 
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack1
     ip address 10.10.10.10 255.255.255.255
    #
    ospf 1 
     area 0.0.0.0
      network 10.10.10.10 0.0.0.0
      network 10.3.1.0 0.0.0.255
      network 10.4.1.0 0.0.0.255
    #
    return
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14385

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next