No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring an MCE Device

Example for Configuring an MCE Device

Networking Requirements

The headquarters and branch of an enterprise need to communicate through MPLS VPN, and two services of the enterprise must be isolated. To reduce hardware costs, the enterprise wants the branch to connect to the PE device through a multi-VPN-instance customer edge (MCE) device.

As shown in Figure 2-48:

  • CE1 and CE2 connect to the headquarters. CE1 belongs to vpna, and CE2 belongs to vpnb.
  • The MCE device connects to vpna and vpnb of the branch through SwitchA and SwitchB.
Figure 2-48 MCE networking

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure OSPF between PE devices to implement interworking between them and configure MP-IBGP to exchange VPN routing information.
  2. Enable basic MPLS capabilities and MPLS LDP on the PE devices to set up LDP LSPs.
  3. Create VPN instances vpna and vpnb on the MCE and PE devices to isolate services.
  4. Set up EBGP peer relationships between PE1 and local CE devices to exchange VPN routing information.
  5. Configure a routing protocol or static routes between the MCE device and VPN sites as well as between the MCE device and PE2 to exchange VPN routing information.

Procedure

  1. Configure OSPF on PE1 and PE2 to implement interworking between them.

    # Configure PE1.

    <HUAWEI> system-view
    [~HUAWEI] sysname PE1
    [*HUAWEI] commit
    [~PE1] interface loopback 1
    [*PE1-LoopBack1] ip address 1.1.1.9 32
    [*PE1-LoopBack1] quit
    [*PE1] vlan batch 30
    [*PE1] interface 10ge 3/0/3
    [*PE1-10GE3/0/3] port link-type trunk
    [*PE1-10GE3/0/3] port trunk allow-pass vlan 30
    [*PE1-10GE3/0/3] quit
    [*PE1] interface vlanif 30
    [*PE1-Vlanif30] ip address 172.1.1.1 24
    [*PE1-Vlanif30] quit
    [*PE1] ospf
    [*PE1-ospf-1] area 0
    [*PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [*PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
    [*PE1-ospf-1-area-0.0.0.0] quit
    [*PE1-ospf-1] quit
    [*PE1] commit
    

    The configuration of PE2 is the same as that of PE1.

    After the configuration is complete, run the display ip routing-table command, and you can see that PE devices have learned the routes to Loopback1 of each other.

  2. Enable basic MPLS capabilities and MPLS LDP on the PE devices to set up LDP LSPs between them.

    # Configure PE1.
    [~PE1] mpls lsr-id 1.1.1.9
    [*PE1] mpls
    [*PE1-mpls] quit
    [*PE1] mpls ldp
    [*PE1-mpls-ldp] quit
    [*PE1] interface vlanif 30
    [*PE1-Vlanif30] mpls
    [*PE1-Vlanif30] mpls ldp
    [*PE1-Vlanif30] quit
    [*PE1] commit

    The configuration of PE2 is the same as that of PE1.

    After the configuration is complete, run the display mpls ldp session command on the PE devices. You can see that the MPLS LDP session between the PE devices is in Operational state.

    Take the display on PE2 as an example:

    [~PE2] display mpls ldp session
     LDP Session(s) in Public Network
     LAM: Label Advertisement Mode,  KA: KeepAlive
     SsnAge: Session Age, Unit(DDDD:HH:MM)
     An asterisk (*) before a session means the session is being deleted.
    
     ------------------------------------------------------------------------------
     PeerID            Status      LAM  SsnRole  SsnAge      KASent/Rcv
     ------------------------------------------------------------------------------ 
     1.1.1.9:0          Operational DU   Active   0000:00:04  17/17
     ------------------------------------------------------------------------------
     TOTAL: 1 session(s) Found.
    

  3. Configure VPN instances on the PE devices. On PE1, bind the VPN instances to the interfaces connected to CE1 and CE2 respectively. On PE2, bind the VPN instances to the interfaces connected to the MCE device.

    # Configure PE1.

    [~PE1] vlan batch 10 20
    [*PE1] interface 10ge 1/0/1
    [*PE1-10GE1/0/1] port link-type trunk
    [*PE1-10GE1/0/1] port trunk allow-pass vlan 10
    [*PE1-10GE1/0/1] quit
    [*PE1] interface 10ge 2/0/2
    [*PE1-10GE2/0/2] port link-type trunk
    [*PE1-10GE2/0/2] port trunk allow-pass vlan 20
    [*PE1-10GE2/0/2] quit
    [*PE1] ip vpn-instance vpna
    [*PE1-vpn-instance-vpna] ipv4-family
    [*PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
    [*PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
    [*PE1-vpn-instance-vpna-af-ipv4] quit
    [*PE1-vpn-instance-vpna] quit
    [*PE1] ip vpn-instance vpnb
    [*PE1-vpn-instance-vpnb] ipv4-family
    [*PE1-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2
    [*PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
    [*PE1-vpn-instance-vpnb-af-ipv4] quit
    [*PE1-vpn-instance-vpnb] quit
    [*PE1] interface vlanif 10
    [*PE1-Vlanif10] ip binding vpn-instance vpna
    [*PE1-Vlanif10] ip address 10.1.1.2 24
    [*PE1-Vlanif10] quit
    [*PE1] interface vlanif 20
    [*PE1-Vlanif20] ip binding vpn-instance vpnb
    [*PE1-Vlanif20] ip address 10.2.1.2 24
    [*PE1-Vlanif20] quit
    [*PE1] commit

    # Configure PE2.

    [~PE2] vlan batch 100 200
    [*PE2] interface 10ge 2/0/2
    [*PE2-10GE2/0/2] port link-type trunk
    [*PE2-10GE2/0/2] port trunk allow-pass vlan 100 200
    [*PE2-10GE2/0/2] quit
    [*PE2] ip vpn-instance vpna
    [*PE2-vpn-instance-vpna] ipv4-family
    [*PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1
    [*PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
    [*PE2-vpn-instance-vpna-af-ipv4] quit
    [*PE2-vpn-instance-vpna] quit
    [*PE2] ip vpn-instance vpnb
    [*PE2-vpn-instance-vpnb] ipv4-family
    [*PE2-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2
    [*PE2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
    [*PE2-vpn-instance-vpnb-af-ipv4] quit
    [*PE2-vpn-instance-vpnb] quit
    [*PE2] interface vlanif 100
    [*PE2-Vlanif100] ip binding vpn-instance vpna
    [*PE2-Vlanif100] ip address 192.1.1.1 24
    [*PE2-Vlanif100] quit
    [*PE2]interface vlanif 200
    [*PE2-Vlanif200] ip binding vpn-instance vpnb
    [*PE2-Vlanif200] ip address 192.2.1.1 24
    [*PE2-Vlanif200] quit
    [*PE2] commit

  4. Configure VPN instances on the MCE device and bind the instances to the interfaces connected to SwitchA and SwitchB respectively.

    <HUAWEI> system-view
    [~HUAWEI] sysname MCE
    [*HUAWEI] commit
    [~MCE] vlan batch 60 70 100 200
    [*MCE] interface 10ge 1/0/1
    [*MCE-10GE1/0/1] port link-type trunk
    [*MCE-10GE1/0/1] port trunk allow-pass vlan 100 200
    [*MCE-10GE1/0/1] quit
    [*MCE] interface 10ge 3/0/3
    [*MCE-10GE3/0/3] port link-type trunk
    [*MCE-10GE3/0/3] port trunk allow-pass vlan 60
    [*MCE-10GE3/0/3] quit
    [*MCE] interface 10ge 4/0/4
    [*MCE-10GE4/0/4] port link-type trunk
    [*MCE-10GE4/0/4] port trunk allow-pass vlan 70
    [*MCE-10GE4/0/4] quit
    [*MCE] ip vpn-instance vpna
    [*MCE-vpn-instance-vpna] ipv4-family
    [*MCE-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
    [*MCE-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
    [*MCE-vpn-instance-vpna-af-ipv4] quit
    [*MCE-vpn-instance-vpna] quit
    [*MCE] ip vpn-instance vpnb
    [*MCE-vpn-instance-vpnb] ipv4-family
    [*MCE-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2
    [*MCE-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
    [*MCE-vpn-instance-vpnb-af-ipv4] quit
    [*MCE-vpn-instance-vpnb] quit
    [*MCE] interface vlanif 60
    [*MCE-Vlanif60] ip binding vpn-instance vpna
    [*MCE-Vlanif60] ip address 10.3.1.2 24
    [*MCE-Vlanif60] quit
    [*MCE] interface vlanif 70
    [*MCE-Vlanif70] ip binding vpn-instance vpnb
    [*MCE-Vlanif70] ip address 10.4.1.2 24
    [*MCE-Vlanif70] quit
    [*MCE] interface vlanif 100
    [*MCE-Vlanif100] ip binding vpn-instance vpna
    [*MCE-Vlanif100] ip address 192.1.1.2 24
    [*MCE-Vlanif100] quit
    [*MCE] interface vlanif 200
    [*MCE-Vlanif200] ip binding vpn-instance vpnb
    [*MCE-Vlanif200] ip address 192.2.1.2 24
    [*MCE-Vlanif200] quit
    [*MCE] commit
    

  5. Set up an MP-IBGP peer relationship between PE1 and PE2. Set up an EBGP peer relationship between PE1 and CE1, and between PE1 and CE2.

    The configuration details are not mentioned here.

    After the configuration is complete, run the display bgp vpnv4 all peer command on PE1. You can see that the PE1 has set up an IBGP peer relationship with PE2 and EBGP peer relationships with CE1 and CE2. All the peer relationships are in Established state.

    [~PE1] display bgp vpnv4 all peer
    
     BGP local router ID : 1.1.1.9
     Local AS number : 100
     Total number of peers : 3                 Peers in established state : 3
    
      Peer            V    AS  MsgRcvd  MsgSent  OutQ  Up/Down       State PrefRcv
    
      2.2.2.9         4   100      288      287     0 01:19:16 Established       6
    
      Peer of IPv4-family for vpn instance :
    
    
      VPN-Instance vpna, Router ID 1.1.1.9:
      Peer            V    AS  MsgRcvd  MsgSent  OutQ  Up/Down       State PrefRcv
      10.1.1.1        4 65410        9       11       0 00:04:14 Established       2
      VPN-Instance vpnb, Router ID 1.1.1.9:
      Peer            V    AS  MsgRcvd  MsgSent  OutQ  Up/Down       State PrefRcv
      10.2.1.1        4 65420        9       12       0 00:04:09 Established       2
    

  6. Configure a routing protocol or static routes between the MCE device and VPN sites.

    The MCE device directly connects to vpna, and no routing protocol is used in vpna. Configure static routes to implement communication between the MCE device and vpna.
    • # Configure SwitchA.

      Assign IP address 192.168.1.1/24 to the interface connected to vpna. The configuration command is not provided here.

      <HUAWEI> system-view
      [~HUAWEI] sysname SwitchA
      [*HUAWEI] commit
      [~SwitchA] vlan batch 60
      [*SwitchA] interface 10ge 1/0/1
      [*SwitchA-10GE1/0/1] port link-type trunk
      [*SwitchA-10GE1/0/1] port trunk allow-pass vlan 60
      [*SwitchA-10GE1/0/1] quit
      [*SwitchA] interface vlanif 60
      [*SwitchA-Vlanif60] ip address 10.3.1.1 24
      [*SwitchA-Vlanif60] quit
      [*SwitchA] ip route-static 0.0.0.0 0.0.0.0 10.3.1.2
      [*SwitchA] commit
      
    • # Configure the MCE device.

      [~MCE] ip route-static vpn-instance vpna 192.168.1.0 24 10.3.1.1 
      [*MCE] commit
      
    • # Check the routes of vpna on the MCE device.
      [~MCE] display ip routing-table vpn-instance vpna
      Proto: Protocol        Pre: Preference
      Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
      ------------------------------------------------------------------------------  
      Routing Table : vpna                                                            
               Destinations : 5        Routes : 5                                     
                                                                                      
      Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface      
                                                                                      
             10.3.1.0/24  Direct  0    0           D   10.3.1.2        Vlanif60       
             10.3.1.2/32  Direct  0    0           D   127.0.0.1       Vlanif60       
           10.3.1.255/32  Direct  0    0           D   127.0.0.1       Vlanif60       
          192.168.1.0/24  Static  60   0          RD   10.3.1.1        Vlanif60       
      255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0    
      The preceding information shows that the MCE device has a static route to vpna.

    The RIP protocol runs in vpnb. Configure RIP process 200 on the MCE device and bind it to vpnb so that routes learned by RIP are added to the routing table of vpnb.

    • # Configure the MCE device.
      [~MCE] rip 200 vpn-instance vpnb
      [*MCE-rip-200] version 2
      [*MCE-rip-200] network 10.0.0.0
      [*MCE-rip-200] import-route ospf 200
      [*MCE-rip-200] quit
      [*MCE] commit
    • # Configure SwitchB.

      Assign IP address 192.168.2.1/24 to the interface connected to vpnb. The configuration command is not provided here.

      <HUAWEI> system-view
      [~HUAWEI] sysname SwitchB
      [*HUAWEI] commit
      [~SwitchB] vlan batch 70
      [*SwitchB] interface 10ge 1/0/1
      [*SwitchB-10GE1/0/1] port link-type trunk
      [*SwitchB-10GE1/0/1] port trunk allow-pass vlan 70
      [*SwitchB-10GE1/0/1] quit
      [*SwitchB]interface vlanif 70
      [*SwitchB-Vlanif70]ip address 10.4.1.1 24
      [*SwitchB-Vlanif70] quit
      [*SwitchB] rip 200
      [*SwitchB-rip-200] version 2
      [*SwitchB-rip-200] network 10.0.0.0
      [*SwitchB-rip-200] network 192.168.2.0
      [*SwitchB-rip-200] quit
      [*SwitchB]commit
    • # Check the routes of vpnb on the MCE device.
      [~MCE] display ip routing-table vpn-instance vpnb                     
      Proto: Protocol        Pre: Preference
      Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
      ------------------------------------------------------------------------------  
      Routing Table : vpnb                                                            
               Destinations : 5        Routes : 5                                     
                                                                                      
      Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface      
                                                                                      
             10.4.1.0/24  Direct  0    0           D   10.4.1.2        Vlanif70       
             10.4.1.2/32  Direct  0    0           D   127.0.0.1       Vlanif70       
           10.4.1.255/32  Direct  0    0           D   127.0.0.1       Vlanif70       
          192.168.2.0/24  RIP     100  1           D   10.4.1.1        Vlanif70       
      255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0    
      The preceding information shows that the MCE device has learned the route to vpnb through RIP. The route to vpnb and the route to vpna (192.168.1.0) are maintained in different VPN routing tables so that users in the two VPNs are isolated from each other.

  7. Configure OSPF multi-instance between the MCE device and PE2.

    # Configure PE2.
    NOTE:
    To configure OSPF multi-instance between the MCE device and PE2, complete the following tasks on PE2:
    • In the OSPF view, import BGP routes and advertise VPN routes of PE1 to the MCE device.
    • In the BGP view, import routes of the OSPF processes and advertise the VPN routes of the MCE device to PE1.
    [~PE2] ospf 100 vpn-instance vpna
    [*PE2-ospf-100] import-route bgp
    [*PE2-ospf-100] area 0
    [*PE2-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255
    [*PE2-ospf-100-area-0.0.0.0] quit
    [*PE2-ospf-100] quit
    [*PE2] ospf 200 vpn-instance vpnb
    [*PE2-ospf-200] import-route bgp
    [*PE2-ospf-200] area 0
    [*PE2-ospf-200-area-0.0.0.0] network 192.2.1.0 0.0.0.255
    [*PE2-ospf-200-area-0.0.0.0] quit
    [*PE2-ospf-200] quit
    [*PE2] bgp 100
    [*PE2-bgp] ipv4-family vpn-instance vpna
    [*PE2-bgp-vpna] import-route ospf 100
    [*PE2-bgp-vpna] quit
    [*PE2-bgp] ipv4-family vpn-instance vpnb
    [*PE2-bgp-vpnb] import-route ospf 200
    [*PE2-bgp-vpnb] quit
    [*PE2] commit
    # Configure the MCE device.
    NOTE:

    VPN routes on the MCE device need to be imported to the OSPF processes.

    [~MCE] ospf 100 vpn-instance vpna
    [*MCE-ospf-100] import-route static
    [*MCE-ospf-100] vpn-instance-capability simple
    [*MCE-ospf-100] area 0
    [*MCE-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255
    [*MCE-ospf-100-area-0.0.0.0] network 10.3.1.0 0.0.0.255
    [*MCE-ospf-100-area-0.0.0.0] quit
    [*MCE-ospf-100] quit
    [*MCE] ospf 200 vpn-instance vpnb
    [*MCE-ospf-200] import-route rip 200
    [*MCE-ospf-200] vpn-instance-capability simple
    [*MCE-ospf-200] area 0
    [*MCE-ospf-200-area-0.0.0.0] network 192.2.1.0 0.0.0.255
    [*MCE-ospf-200-area-0.0.0.0] quit
    [*MCE-ospf-200] quit
    [*MCE] commit

  8. Verify the configuration.

    After the configuration is complete, run the display ip routing-table vpn-instance command on the MCE device to view the routes to the remote CE devices.

    Take the routing table of vpna on the MCE device as an example:

    [~MCE] display ip routing-table vpn-instance vpna
    Proto: Protocol        Pre: Preference
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------  
    Routing Table : vpna                                                            
             Destinations : 9        Routes : 9                                     
                                                                                    
    Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface      
                                                                                    
           10.1.1.0/24  O_ASE   150  1           D   10.3.1.3        Vlanif60       
           10.3.1.0/24  Direct  0    0           D   10.3.1.2        Vlanif60       
           10.3.1.2/32  Direct  0    0           D   127.0.0.1       Vlanif60       
         10.3.1.255/32  Direct  0    0           D   127.0.0.1       Vlanif60       
          192.1.1.0/24  Direct  0    0           D   192.1.1.2       Vlanif100
          192.1.1.2/32  Direct  0    0           D   127.0.0.1       Vlanif100
        192.1.1.255/32  Direct  0    0           D   127.0.0.1       Vlanif100
        192.168.1.0/24  Static  60   0          RD   10.3.1.1        Vlanif60       
    255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0    
    

    Run the display ip routing-table vpn-instance command on the PE devices to view the routes to the remote CE devices.

    Take the routing table of vpna on PE1 as an example:

    [~PE1] display ip routing-table vpn-instance vpna
    Proto: Protocol        Pre: Preference
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------  
    Routing Table : vpna                                                            
             Destinations : 7        Routes : 7                                     
                                                                                    
    Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface      
                                                                                    
           10.1.1.0/24  Direct  0    0           D   10.1.1.2        Vlanif10       
           10.1.1.2/32  Direct  0    0           D   127.0.0.1       Vlanif10       
         10.1.1.255/32  Direct  0    0           D   127.0.0.1       Vlanif10       
           10.3.1.0/24  IBGP    255  0          RD   2.2.2.9         Vlanif30
        192.168.1.0/24  IBGP    255  2          RD   2.2.2.9         Vlanif30
         192.1.1.0/24   IBGP    255  0          RD   2.2.2.9         Vlanif30  
    255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0    

    CE1 and SwitchA can communicate with each other. CE2 and SwitchB can communicate with each other.

    Take the ping from CE1 to SwitchA as an example:

    [~CE1] ping 192.168.1.1
      PING 192.168.1.1: 56  data bytes, press CTRL_C to break                       
        Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=252 time=5 ms               
        Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=252 time=2 ms               
        Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=252 time=2 ms               
        Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=252 time=3 ms               
        Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=252 time=2 ms               
                                                                                    
      --- 192.168.1.1 ping statistics ---                                           
        5 packet(s) transmitted                                                     
        5 packet(s) received                                                        
        0.00% packet loss                                                           
        round-trip min/avg/max = 2/2/5 ms         

    CE1 cannot ping CE2 or SwitchB. SwitchA cannot ping CE2 or SwitchB.

    Take the ping from CE1 to SwitchB as an example:

    [~CE1] ping 192.168.2.1
      PING 192.168.2.1: 56  data bytes, press CTRL_C to break                       
        Request time out                                                            
        Request time out                                                            
        Request time out                                                            
        Request time out                                                            
        Request time out                                                            
                                                                                    
      --- 192.168.2.1 ping statistics ---                                           
        5 packet(s) transmitted                                                     
        0 packet(s) received                                                        
        100.00% packet loss   

Configuration Files

  • CE1 configuration file

    #
    sysname CE1
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 10.1.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    bgp 65410
     peer 10.1.1.2 as-number 100
     #
     ipv4-family unicast
      import-route direct
      peer 10.1.1.2 enable
    #
    return
  • CE2 configuration file

    #
    sysname CE2
    #
    vlan batch 20
    #
    interface Vlanif20
     ip address 10.2.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    bgp 65420
     peer 10.2.1.2 as-number 100
     #
     ipv4-family unicast
      import-route direct
      peer 10.2.1.2 enable
    #
    return
  • PE1 configuration file

    #
    sysname PE1
    #
    vlan batch 10 20 30
    #
    ip vpn-instance vpna
     ipv4-family
      route-distinguisher 100:1
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
    ip vpn-instance vpnb
     ipv4-family
      route-distinguisher 100:2
      vpn-target 222:2 export-extcommunity
      vpn-target 222:2 import-extcommunity
    #
    mpls lsr-id 1.1.1.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif10
     ip binding vpn-instance vpna
     ip address 10.1.1.2 255.255.255.0
    #
    interface Vlanif20
     ip binding vpn-instance vpnb
     ip address 10.2.1.2 255.255.255.0
    #
    interface Vlanif30
     ip address 172.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface 10GE3/0/3
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    bgp 100
     peer 2.2.2.9 as-number 100
     peer 2.2.2.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 2.2.2.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 2.2.2.9 enable
     #
     ipv4-family vpn-instance vpna
      import-route direct
      peer 10.1.1.1 as-number 65410
     #
     ipv4-family vpn-instance vpnb
      import-route direct
      peer 10.2.1.1 as-number 65420
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
    #
    return
  • PE2 configuration file

    #
    sysname PE2
    #
    vlan batch 30 100 200
    #
    ip vpn-instance vpna
     ipv4-family
      route-distinguisher 200:1
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
    ip vpn-instance vpnb
     ipv4-family 
      route-distinguisher 200:2
      vpn-target 222:2 export-extcommunity
      vpn-target 222:2 import-extcommunity
    #
    mpls lsr-id 2.2.2.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif30
     ip address 172.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif100                                                              
     ip binding vpn-instance vpna                                                   
     ip address 192.1.1.1 255.255.255.0                                              
    #                                                                               
    interface Vlanif200                                                              
     ip binding vpn-instance vpnb                                                   
     ip address 192.2.1.1 255.255.255.0                                              
    #                                       
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface 10GE2/0/2
     port link-type trunk                                                           
     port trunk allow-pass vlan 100 200  
    #
    bgp 100
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1
    #
     ipv4-family unicast
      peer 1.1.1.9 enable
    #
     ipv4-family vpnv4
      policy vpn-target
      peer 1.1.1.9 enable
    #
     ipv4-family vpn-instance vpna
      import-route ospf 100
    #
     ipv4-family vpn-instance vpnb
      import-route ospf 200
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
    #
    ospf 100 vpn-instance vpna
     import-route bgp
     area 0.0.0.0
      network 192.1.1.0 0.0.0.255 
    #
    ospf 200 vpn-instance vpnb
     import-route bgp
     area 0.0.0.0
      network 192.2.1.0 0.0.0.255
    #
    return
  • MCE configuration file

    #
    sysname MCE
    #
    vlan batch 60 70 100 200
    #
    ip vpn-instance vpna
     ipv4-family
      route-distinguisher 100:1
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
    ip vpn-instance vpnb
     ipv4-family
      route-distinguisher 100:2
      vpn-target 222:2 export-extcommunity
      vpn-target 222:2 import-extcommunity
    #
    interface Vlanif60
     ip binding vpn-instance vpna
     ip address 10.3.1.2 255.255.255.0
    #
    interface Vlanif70
     ip binding vpn-instance vpnb
     ip address 10.4.1.2 255.255.255.0
    #
    interface Vlanif100
     ip binding vpn-instance vpna
     ip address 192.1.1.2 255.255.255.0
    #
    interface Vlanif200
     ip binding vpn-instance vpnb
     ip address 192.2.1.2 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk                                                           
     port trunk allow-pass vlan 100 200 
    #
    interface 10GE3/0/3
     port link-type trunk                                                           
     port trunk allow-pass vlan 60 
    #
    interface 10GE4/0/4
     port link-type trunk                                                           
     port trunk allow-pass vlan 70 
    #
    ospf 100 vpn-instance vpna
     import-route static
     vpn-instance-capability simple
     area 0.0.0.0
      network 10.3.1.0 0.0.0.255 
      network 192.1.1.0 0.0.0.255 
    #
    ospf 200 vpn-instance vpnb
     import-route rip 200
     vpn-instance-capability simple
     area 0.0.0.0
      network 192.2.1.0 0.0.0.255
    #
    rip 200 vpn-instance vpnb
     version 2
     network 10.0.0.0
     import-route ospf 200
    #
    ip route-static vpn-instance vpna 192.168.1.0 255.255.255.0 10.3.1.1 
    #
    return
  • SwitchA configuration file

    #
    sysname SwitchA
    #
    vlan batch 60
    #
    interface Vlanif60
     ip address 10.3.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk                                                           
     port trunk allow-pass vlan 60 
    #
    ip route-static 0.0.0.0 0.0.0.0 10.3.1.2 
    #
    return
  • SwitchB configuration file

    #
    sysname SwitchB
    #
    vlan batch 70
    #
    interface Vlanif70
     ip address 10.4.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk                                                           
     port trunk allow-pass vlan 70 
    #
    rip 200                                                                         
     version 2                                                                      
     network 10.0.0.0                                                               
     network 192.168.2.0                                                            
    #
    return
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14616

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next