No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Double RRs to Optimize the VPN Backbone Layer

Example for Configuring Double RRs to Optimize the VPN Backbone Layer

Networking Requirements

When deploying a VPN, you can configure double route reflectors (RRs) on the VPN. To achieve this, you need to select two RRs from the P devices in the same AS on the backbone network and ensure that the two RRs back up each other and reflect routes of the public network and VPNv4.

As shown in Figure 2-54, PE1, PE2, RR1, and RR2 are located in AS 100 on the backbone network. CE1 and CE2 belong to vpna. Select P1 and P2 as the RRs of the VPN.

Figure 2-54 Double RRs at the backbone layer

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure an IGP protocol on the MPLS backbone network for IP connectivity.
  2. Enable basic MPLS capabilities and MPLS LDP on the PE devices to set up MPLS LSPs over the backbone network.
  3. Configure a VPN instance on PE1 and PE2 and bind the instance to the interfaces connected to the CE devices. Configure the same VPN target for the VPN instance to enable users in the same VPN to communicate with each other.
  4. Set up EBGP peer relationships between the PE and CE devices to import VPN routes.
  5. Set up MP-IBGP peer relationships between the PE devices and RRs. The PE devices do not need to set up an MP-IBGP peer relationship.
  6. Configure the same cluster ID for RR1 and RR2 so that they back up each other.
  7. Configure RR1 and RR2 to accept all VPNv4 routes without filtering the routes based on VPN targets, because RR1 and RR2 must save all VPNv4 routes and advertise them to PE devices.
NOTE:

On a VPN with double RRs, ensure that each RR has at least two paths to a PE device and the paths do not share the same network segment or node. Otherwise, double RRs cannot improve network reliability.

Procedure

  1. Configure VLANs on interfaces and assign IP addresses to the VLANIF interfaces and loopback interfaces according to Figure 2-54.

    # Configure PE1.

    <HUAWEI> system-view
    [~HUAWEI] sysname PE1
    [*HUAWEI] commit
    [~PE1] interface loopback 1
    [*PE1-LoopBack1] ip address 1.1.1.9 32
    [*PE1-LoopBack1] quit
    [*PE1] vlan batch 10 40 60
    [*PE1] interface 10ge 1/0/1
    [*PE1-10GE1/0/1] port link-type trunk
    [*PE1-10GE1/0/1] port trunk allow-pass vlan 10
    [*PE1-10GE1/0/1] quit
    [*PE1] interface 10ge 2/0/2
    [*PE1-10GE2/0/2] port link-type trunk
    [*PE1-10GE2/0/2] port trunk allow-pass vlan 60
    [*PE1-10GE2/0/2] quit
    [*PE1] interface 10ge 3/0/3
    [*PE1-10GE3/0/3] port link-type trunk
    [*PE1-10GE3/0/3] port trunk allow-pass vlan 40
    [*PE1-10GE3/0/3] quit
    [*PE1] interface vlanif 10
    [*PE1-Vlanif10] ip address 100.1.2.1 24
    [*PE1-Vlanif10] quit
    [*PE1] interface vlanif 40
    [*PE1-Vlanif40] ip address 100.1.3.1 24
    [*PE1-Vlanif40] quit
    [*PE1] commit
    

    The configurations of PE2, RRs, CE1, and CE2 are the same as that of PE1.

  2. Configure an IGP protocol on the MPLS backbone network for IP connectivity.

    # Configure PE1.

    [~PE1] ospf
    [*PE1-ospf-1] area 0
    [*PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [*PE1-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.255
    [*PE1-ospf-1-area-0.0.0.0] network 100.1.3.0 0.0.0.255
    [*PE1-ospf-1-area-0.0.0.0] quit
    [*PE1-ospf-1] quit
    [*PE1] commit
    

    The configurations of PE2 and RRs are the same as that of PE1.

    After the configuration is complete, the devices on the backbone network can learn the loopback interface addresses from each other.

  3. Enable basic MPLS capabilities and MPLS LDP on the PE devices and RRs to set LDP LSPs over the MPLS backbone network.

    # Configure PE1.

    [~PE1] mpls lsr-id 1.1.1.9
    [*PE1] mpls
    [*PE1-mpls] quit
    [*PE1] mpls ldp
    [*PE1-mpls-ldp] quit
    [*PE1] interface vlanif 10
    [*PE1-Vlanif10] mpls
    [*PE1-Vlanif10] mpls ldp
    [*PE1-Vlanif10] quit
    [*PE1] interface vlanif 40
    [*PE1-Vlanif40] mpls
    [*PE1-Vlanif40] mpls ldp
    [*PE1-Vlanif40] quit
    [*PE1] commit

    The configurations of PE2 and RRs are the same as that of PE1.

    After the configuration is complete, run the display mpls ldp session command on the PE devices and RRs. The Status field in the command output displays as Operational.

    Take the display on PE1 and RR1 as an example:

    [~PE1] display mpls ldp session
     LDP Session(s) in Public Network
     LAM: Label Advertisement Mode,  KA: KeepAlive
     SsnAge: Session Age, Unit(DDDD:HH:MM)
     An asterisk (*) before a session means the session is being deleted.
    
    ----------------------------------------------------------------------
     PeerID            Status      LAM  SsnRole  SsnAge      KASent/Rcv
    ----------------------------------------------------------------------
     2.2.2.9:0         Operational DU   Passive  0000:00:01  8/8
     3.3.3.9:0         Operational DU   Passive  0000:00:00  4/4
    ----------------------------------------------------------------------
     TOTAL: 2 session(s) Found.
    
    [~RR1] display mpls ldp session
     LDP Session(s) in Public Network
     LAM: Label Advertisement Mode,  KA: KeepAlive
     SsnAge: Session Age, Unit(DDDD:HH:MM)
     An asterisk (*) before a session means the session is being deleted.
     
    ----------------------------------------------------------------------
     PeerID            Status      LAM  SsnRole  SsnAge      KASent/Rcv
    ----------------------------------------------------------------------
     1.1.1.9:0         Operational DU   Active   000:00:02   11/11
     3.3.3.9:0         Operational DU   Passive  000:00:01   8/8
     4.4.4.9:0         Operational DU   Passive  000:00:00   4/4
    ----------------------------------------------------------------------
     TOTAL: 3 session(s) Found.
    
  4. Configure a VPN instance on PE1.

    # Configure PE1.

    [~PE1] ip vpn-instance vpna
    [*PE1-vpn-instance-vpna] ipv4-family
    [*PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
    [*PE1-vpn-instance-vpna-af-ipv4] vpn-target 1:1 both
    [*PE1-vpn-instance-vpna-af-ipv4] quit
    [*PE1-vpn-instance-vpna] quit
    [*PE1] interface vlanif 60
    [*PE1-Vlanif60] ip binding vpn-instance vpna
    [*PE1-Vlanif60] ip address 10.1.1.2 24
    [*PE1-Vlanif60] quit
    [*PE1] commit
    

    The configuration of PE2 is the same as that of PE1.

  5. Set up EBGP peer relationships between the PE and CE devices to import VPN routes.

    # Configure CE1.

    [~CE1] bgp 65410
    [*CE1-bgp] peer 10.1.1.2 as-number 100
    [*CE1-bgp] commit
    

    The configuration of CE2 is the same as that of CE1.

    # Configure PE1.

    [~PE1] bgp 100
    [*PE1-bgp] ipv4-family vpn-instance vpna
    [*PE1-bgp-vpna] peer 10.1.1.1 as-number 65410
    [*PE1-bgp-vpna] import-route direct
    [*PE1-bgp-vpna] commit
    [~PE1-bgp-vpna] quit
    

    The configuration of PE2 is the same as that of PE1.

  6. Set up MP-IBGP peer relationships between PE devices and RRs.

    # Configure PE1.

    [~PE1] bgp 100
    [~PE1-bgp] peer 2.2.2.9 as-number 100
    [*PE1-bgp] peer 2.2.2.9 connect-interface loopback 1
    [*PE1-bgp] peer 3.3.3.9 as-number 100
    [*PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
    [*PE1-bgp] ipv4-family vpnv4
    [*PE1-bgp-af-vpnv4] peer 2.2.2.9 enable
    [*PE1-bgp-af-vpnv4] peer 3.3.3.9 enable
    [*PE1-bgp-af-vpnv4] commit
    [~PE1-bgp-af-vpnv4] quit
    [~PE1-bgp] quit

    # Configure RR1.

    [~RR1] bgp 100
    [*RR1-bgp] group rr1 internal
    [*RR1-bgp] peer rr1 connect-interface loopback 1
    [*RR1-bgp] peer 1.1.1.9 group rr1
    [*RR1-bgp] peer 3.3.3.9 group rr1
    [*RR1-bgp] peer 4.4.4.9 group rr1
    [*RR1-bgp] ipv4-family vpnv4
    [*RR1-bgp-af-vpnv4] peer rr1 enable
    [*RR1-bgp-af-vpnv4] peer 1.1.1.9 group rr1
    [*RR1-bgp-af-vpnv4] peer 3.3.3.9 group rr1
    [*RR1-bgp-af-vpnv4] peer 4.4.4.9 group rr1
    [*RR1-bgp-af-vpnv4] commit
    [~RR1-bgp-af-vpnv4] quit
    [~RR1-bgp] quit

    # Configure RR2.

    [~RR2] bgp 100
    [*RR2-bgp] group rr2 internal
    [*RR2-bgp] peer rr2 connect-interface loopback 1
    [*RR2-bgp] peer 1.1.1.9 group rr2
    [*RR2-bgp] peer 2.2.2.9 group rr2
    [*RR2-bgp] peer 4.4.4.9 group rr2
    [*RR2-bgp] ipv4-family vpnv4
    [*RR2-bgp-af-vpnv4] peer rr2 enable
    [*RR2-bgp-af-vpnv4] peer 1.1.1.9 group rr2
    [*RR2-bgp-af-vpnv4] peer 2.2.2.9 group rr2
    [*RR2-bgp-af-vpnv4] peer 4.4.4.9 group rr2
    [*RR2-bgp-af-vpnv4] commit
    [~RR2-bgp-af-vpnv4] quit
    [~RR2-bgp] quit

    # Configure PE2.

    The configuration of PE2 is the same as that of PE1.

    After the configuration is complete, run the display bgp vpnv4 all peer command on the PE devices. You can see that the PE devices have set up IBGP peer relationships with RRs, and the peer relationships are in Established state. The PE devices also set up EBGP peer relationships with the CE devices.

    Take the display on PE1 as an example:

    [~PE1] display bgp vpnv4 all peer
    
     BGP local router ID : 1.1.1.9
     Local AS number : 100
     Total number of peers : 3                 Peers in established state : 3
      Peer          V    AS   MsgRcvd  MsgSent  OutQ  Up/Down       State PrefRcv
      2.2.2.9       4    100   2        4         0   00:00:31    Established   0
      3.3.3.9       4    100   3        5         0   00:01:23    Established   0
    Peer of IPv4-family for vpn instance : 
    
      VPN-Instance vpna, Router ID 1.1.1.9: 
      Peer          V    AS   MsgRcvd  MsgSent  OutQ  Up/Down       State PrefRcv
      10.1.1.1      4    65410 79       82        0   01:13:29    Established    0
  7. Configure route reflection on RR1 and RR2.

    # Configure RR1.

    [~RR1] bgp 100
    [~RR1-bgp] ipv4-family vpnv4
    [~RR1-bgp-af-vpnv4] reflector cluster-id 100
    [*RR1-bgp-af-vpnv4] peer rr1 reflect-client 
    [*RR1-bgp-af-vpnv4] undo policy vpn-target
    [*RR1-bgp-af-vpnv4] commit
    [~RR1-bgp-af-vpnv4] quit
    [~RR1-bgp] quit

    # Configure RR2.

    [~RR2] bgp 100
    [~RR2-bgp] ipv4-family vpnv4
    [~RR2-bgp-af-vpnv4] reflector cluster-id 100
    [*RR2-bgp-af-vpnv4] peer rr2 reflect-client
    [*RR2-bgp-af-vpnv4] undo policy vpn-target
    [*RR2-bgp-af-vpnv4] commit
    [~RR2-bgp-af-vpnv4] quit
    [~RR2-bgp] quit
  8. Verify the configuration.

    Check the VPN routing table on a PE device. The routing table contains a route to the remote CE device.

    Take the display on PE1 as an example:

    [~PE1] display ip routing-table vpn-instance vpna
    Proto: Protocol        Pre: Preference
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Table : vpna
             Destinations : 5        Routes : 5
    
      Destination/Mask  Proto  Pre  Cost         Flags  NextHop         Interface
    
           10.1.1.0/24  Direct 0    0                D  10.1.1.2        Vlanif60
           10.1.1.2/32  Direct 0    0                D  127.0.0.1       Vlanif60
         10.1.1.255/32  Direct 0    0                D  127.0.0.1       Vlanif60
           10.2.1.0/24  IBGP   255  0               RD  4.4.4.9         Vlanif40
    255.255.255.255/32  Direct 0    0                D  127.0.0.1       InLoopBack0 

    If CE1 and CE2 can ping each other, the route reflection function has been configured successfully.

    Run the shutdown command on VLANIF40 of PE1 and VLANIF50 of PE2 to simulate a link failure. CE1 and CE2 can still ping each other, indicating that the RRs are successfully configured.

Configuration Files

  • PE1 configuration file

    #
    sysname PE1
    #
    vlan batch 10 40 60
    #
    ip vpn-instance vpna
     ipv4-family
      route-distinguisher 100:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 1.1.1.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif10
     ip address 100.1.2.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif40
     ip address 100.1.3.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif60
     ip binding vpn-instance vpna
     ip address 10.1.1.2 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 60
    #
    interface 10GE3/0/3
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    bgp 100
     peer 2.2.2.9 as-number 100
     peer 2.2.2.9 connect-interface LoopBack1
     peer 3.3.3.9 as-number 100
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 2.2.2.9 enable
      peer 3.3.3.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 2.2.2.9 enable
      peer 3.3.3.9 enable
     #
     ipv4-family vpn-instance vpna
      peer 10.1.1.1 as-number 65410
      import-route direct
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 100.1.2.0 0.0.0.255
      network 100.1.3.0 0.0.0.255
    #
    return 
  • RR1 configuration file

    #
    sysname RR1
    #
    vlan batch 10 20 50
    #
    mpls lsr-id 2.2.2.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif10
     ip address 100.1.2.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif20
     ip address 100.2.3.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif50
     ip address 100.2.4.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface 10GE3/0/3
     port link-type trunk
     port trunk allow-pass vlan 50
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    bgp 100
     peer 1.1.1.9 as-number 100
     peer 3.3.3.9 as-number 100
     peer 4.4.4.9 as-number 100
     group rr1 internal
     peer rr1 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer rr1 enable                                                                
      peer 1.1.1.9 enable                                                           
      peer 1.1.1.9 group rr1                                                         
      peer 3.3.3.9 enable                                                           
      peer 3.3.3.9 group rr1 
      peer 4.4.4.9 enable                                                           
      peer 4.4.4.9 group rr1 
     #
     ipv4-family vpnv4
      reflector cluster-id 100
      undo policy vpn-target
      peer rr1 enable
      peer rr1 reflect-client
      peer 1.1.1.9 enable
      peer 1.1.1.9 group rr1
      peer 3.3.3.9 enable
      peer 3.3.3.9 group rr1
      peer 4.4.4.9 enable
      peer 4.4.4.9 group rr1
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 100.1.2.0 0.0.0.255
      network 100.2.3.0 0.0.0.255
      network 100.2.4.0 0.0.0.255
    #
    return
  • RR2 configuration file

    #
    sysname RR2
    #
    vlan batch 20 30 40
    #
    mpls lsr-id 3.3.3.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif20
     ip address 100.2.3.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif30
     ip address 100.3.4.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif40
     ip address 100.1.3.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface 10GE3/0/3
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    bgp 100
     peer 1.1.1.9 as-number 100
     peer 2.2.2.9 as-number 100
     peer 4.4.4.9 as-number 100
     group rr2 internal
     peer rr2 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer rr2 enable                                                                
      peer 1.1.1.9 enable                                                           
      peer 1.1.1.9 group rr2                                                         
      peer 3.3.3.9 enable                                                           
      peer 3.3.3.9 group rr2 
      peer 4.4.4.9 enable                                                           
      peer 4.4.4.9 group rr2 
     #
     ipv4-family vpnv4
      reflector cluster-id 100
      undo policy vpn-target
      peer rr2 enable
      peer rr2 reflect-client
      peer 1.1.1.9 enable
      peer 1.1.1.9 group rr2
      peer 2.2.2.9 enable
      peer 2.2.2.9 group rr2
      peer 4.4.4.9 enable
      peer 4.4.4.9 group rr2
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 100.2.3.0 0.0.0.255
      network 100.3.4.0 0.0.0.255
      network 100.1.3.0 0.0.0.255
    #
    return
  • PE2 configuration file

    #
    sysname PE2
    #
    vlan batch 30 50 70
    #
    ip vpn-instance vpna
     ipv4-family
      route-distinguisher 100:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 4.4.4.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif30
     ip address 100.3.4.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif50
     ip address 100.2.4.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif70
     ip binding vpn-instance vpna
     ip address 10.2.1.2 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 70
    #
    interface 10GE3/0/3
     port link-type trunk
     port trunk allow-pass vlan 50
    #
    interface LoopBack1
     ip address 4.4.4.9 255.255.255.255
    #
    bgp 100
     peer 2.2.2.9 as-number 100
     peer 2.2.2.9 connect-interface LoopBack1
     peer 3.3.3.9 as-number 100
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 2.2.2.9 enable
      peer 3.3.3.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 3.3.3.9 enable
      peer 2.2.2.9 enable
     #
     ipv4-family vpn-instance vpna
      peer 10.2.1.1 as-number 65420
      import-route direct
    #
    ospf 1
     area 0.0.0.0
      network 4.4.4.9 0.0.0.0
      network 100.3.4.0 0.0.0.255
      network 100.2.4.0 0.0.0.255
    #
    return
  • CE1 configuration file

    #
    sysname CE1
    #
    vlan batch 60
    #
    interface Vlanif60
     ip address 10.1.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 60
    #
    bgp 65410
     peer 10.1.1.2 as-number 100
     #
     ipv4-family unicast
      peer 10.1.1.2 enable
    #
    return
  • CE2 configuration file

    #
    sysname CE2
    #
    vlan batch 70
    #
    interface Vlanif70
     ip address 10.2.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 70
    #
    bgp 65420
     peer 10.2.1.2 as-number 100
     #
     ipv4-family unicast
      peer 10.2.1.2 enable
    #
    return
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14361

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next