No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Route Exchange Between an MCE Device and a PE Device

Configuring Route Exchange Between an MCE Device and a PE Device

Context

You can use static routes, RIP, OSPF, IS-IS, or BGP between an MCE device and a PE device. Choose one of the following configurations as needed:

The following configurations are performed on the MCE device. The configurations on the PE device are similar to those on a PE device in the BGP/MPLS IP VPN networking. For detailed configuration, see Configuring Route Exchange Between PE and CE Devices.

Configuring Static Routes Between an MCE Device and a PE Device

Perform the following configurations on the MCE device.

Table 2-21 MCE configuration

Action

Command

Description

Enter the system view.

system-view

-

Configure a static route to the PE device.

ip route-static vpn-instance vpn-source-name destination-address { mask | mask-length } vpn-instance vpn-destination-name nexthop-address [ preference preference | tag tag ] *

You must specify the next hop address on the MCE device.

Commit the configuration.

commit

-

Configuring RIP Between an MCE Device and a PE Device

Perform the following configurations on the MCE device.
Table 2-22 MCE configuration

Action

Command

Description

Enter the system view.

system-view

-

Create a RIP process running between the MCE and PE devices and enter the RIP view.

rip process-id vpn-instance vpn-instance-name

A RIP process can be bound to only one VPN instance. If a RIP process is not bound to any VPN instance before it is started, this process becomes a public network process and can no longer be bound to a VPN instance.

Enable RIP on the network segment of the interface to which the VPN instance is bound.

network network-address

-

(Optional) Import VPN routes of the site into the RIP routing table.

import-route protocol [ process-id ] [ cost { cost | transparent } | [ route-policy route-policy-name ] ] *

Perform this step if another routing protocol is running between the MCE device and VPN sites in the VPN instance.

Commit the configuration.

commit

-

Configuring OSPF Between an MCE Device and a PE Device

Perform the following configurations on the MCE device.

Table 2-23 MCE configuration

Action

Command

Description

Enter the system view.

system-view

-

Create an OSPF process running between the MCE and PE devices and enter the OSPF view.

ospf [ process-id | router-id router-id ] * vpn-instance vpn-instance-name

-

(Optional) Import VPN routes of the site into the OSPF routing table.

import-route { bgp [ permit-ibgp ] | direct | rip [ process-id-rip ] | static | isis [ process-id-isis ] | ospf [ process-id-ospf ] } [ cost cost | route-policy route-policy-name | tag tag | type type ] *

Perform this step if another routing protocol is running between the MCE device and VPN sites in the VPN instance.

Disable routing loop detection in the OSPF process.

vpn-instance-capability simple

By default, routing loop detection is enabled in an OSPF process. You need to disable routing loop detection in the OSPF process on the MCE device. Otherwise, the MCE device rejects OSPF routes sent from the PE device.

Configure an OSPF area and enter the OSPF area view.

area { area-id | area-id-address }

-

Enable OSPF on the network segment of the interface to which the VPN instance is bound.

network ip-address wildcard-mask

-

Commit the configuration.

commit

-

Configuring IS-IS Between an MCE Device and a PE Device

Perform the following configurations on the MCE device.

Table 2-24 MCE configuration

Action

Command

Description

Enter the system view.

system-view

-

Create an IS-IS process running between the MCE and PE devices and enter the IS-IS view.

isis process-id vpn-instance vpn-instance-name

An IS-IS process can be bound to only one VPN instance. If an IS-IS process is not bound to any VPN instance before it is started, this process becomes a public network process and can no longer be bound to a VPN instance.

Set a network entity title (NET) for the IS-IS process.

network-entity net

A NET specifies the current IS-IS area address and the system ID of the switch. A maximum of three NETs can be configured for one process on each switch.

(Optional) Import VPN routes of the site into the IS-IS routing table.

Use either of the following commands:
  • import-route { direct | static | { ospf | rip | isis } [ process-id ] | bgp } [ cost-type { external | internal } | cost cost | tag tag | route-policy route-policy-name | [ level-1 | level-2 | level-1-2 ] ] *

  • import-route { { ospf | rip | isis } [ process-id ] | bgp | direct }inherit-cost [ { level-1 | level-2 | level-1-2 } | tag tag | route-policy route-policy-name ] *

Perform this step if another routing protocol is running between the MCE device and VPN sites in the VPN instance.

Return to the system view.

quit

-

Enter the view of the interface to which the VPN instance is bound.

interface interface-type interface-number

-

(For an Ethernet interface) Switch the interface to Layer 3 mode.

undo portswitch

By default, an Ethernet interface works in Layer 2 mode.

If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.
NOTE:

If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

Enable IS-IS on the interface.

isis enable [ process-id ]

-

Commit the configuration.

commit

-

Configuring BGP Between an MCE Device and a PE Device

Perform the following configurations on the MCE device.
Table 2-25 MCE configuration

Action

Command

Description

Enter the system view.

system-view

-

Enter the BGP view.

bgp { as-number-plain | as-number-dot }

-

Enter the BGP-VPN instance IPv4 address family view.

ipv4-family vpn-instance vpn-instance-name

-

(Optional) Configure an AS number for the VPN instance IPv4 address family.

as-number as-number

A VPN instance uses the AS number of BGP by default.

To re-assign a device to another AS or transmit different services in different instances, run this command to configure a different AS number for each VPN instance IPv4 address family.
NOTE:

The AS number configured in the VPN instance IPv4 address family view must be different from the AS number configured in the BGP view.

Configure the PE device as the VPN peer of the MCE device.

peer ipv4-address as-number as-number

-

(Optional) Import VPN routes of the site into the BGP routing table.

import-route protocol [ process-id ] [ med med | route-policy route-policy-name ] *

Perform this step if another routing protocol is running between the MCE device and VPN sites in the VPN instance.

Commit the configuration.

commit

-

Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14611

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next