No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring BGP AS Number Substitution

Example for Configuring BGP AS Number Substitution

Networking Requirements

As shown in Figure 2-49, CE1 and CE2 belong to the same VPN. CE1 connects to PE1, and CE2 connects to PE2. Both CE1 and CE2 use AS number 600.

The PE and CE devices need to set up EBGP peer relationships to allow communication between VPN users.

Figure 2-49 Networking of BGP AS number substitution

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure OSPF between the P and PE devices to ensure IP connectivity on the backbone network.

  2. Enable basic MPLS capabilities and MPLS LDP on the P and PE devices to set up MPLS LSPs for VPN data transmission over the backbone network.

  3. Set up MP-IBGP peer relationships between PE devices to advertise VPNv4 routes.

  4. Configure a VPN instance and set the VPN target to 1:1 on PE1 and PE2 so that users in the VPN can communicate with each other. Bind the VPN instance to the PE interfaces connected to CE devices to provide access for VPN users.

  5. Set up EBGP peer relationships between the PE and CE devices and import routes of the CE devices into routing tables of the PE devices.

  6. Configure BGP AS number substitution on the PE devices to enable them to accept routes with the same AS number.

Procedure

  1. Configure basic BGP/MPLS IP VPN functions.

    The configurations include the following:

    • Configure OSPF on the MPLS backbone network so that the PE and P devices can learn the routes to the loopback interface of each other.

    • Enable basic MPLS capabilities and MPLS LDP on the backbone network to set up LDP LSPs over the MPLS backbone network.

    • Set up MP-IBGP peer relationships between PE devices to advertise VPNv4 routes.

    • Configure a VPN instance on PE2 and bind the instance to the interface connected to CE2.

    • Configure a VPN instance on PE1 and bind the instance to the interface connected to CE1.

    • Set up BGP peer relationships between PE1 and CE1 and between PE2 and CE2 to import routes of CE devices to PE devices.

    For detailed configurations, see Example for Configuring BGP/MPLS IP VPN.

    After the configuration is complete, run the display ip routing-table command on CE2 to check the routing table. The routing table of CE2 contains the route to the network segment (10.1.1.0/24) of the interface that connects CE1 to PE1 but contains no route to the VPN (172.16.1.0/24) of CE1. The routing table of CE1 is similar.

    [~CE2] display ip routing-table
    Proto: Protocol        Pre: Preference
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Table : _public_
             Destinations : 11        Routes : 11
      Destination/Mask  Proto  Pre  Cost     Flags  NextHop         Interface
           10.1.1.0/24  EBGP   255  0        D      10.2.1.2        Vlanif40
           10.2.1.0/24  Direct 0    0        D      10.2.1.1        Vlanif40
           10.2.1.1/32  Direct 0    0        D      127.0.0.1       Vlanif40
         10.2.1.255/32  Direct 0    0        D      127.0.0.1       Vlanif40
           127.0.0.0/8  Direct 0    0        D      127.0.0.1       InLoopBack0
          127.0.0.1/32  Direct 0    0        D      127.0.0.1       InLoopBack0
    127.255.255.255/32  Direct 0    0        D      127.0.0.1       InLoopBack0
        192.168.1.0/24  Direct 0    0        D      192.168.1.1       Vlanif60
        192.168.1.1/32  Direct 0    0        D      127.0.0.1       Vlanif60
      192.168.1.255/32  Direct 0    0        D      127.0.0.1       Vlanif60
    255.255.255.255/32  Direct 0    0        D      127.0.0.1       InLoopBack0

    Run the display ip routing-table vpn-instance command on the PE devices to check the routing table of the VPN instance. The VPN routing table has routes to the VPN of the CE devices.

    Take the display on PE2 as an example:

    [~PE2] display ip routing-table vpn-instance vpn1
    Proto: Protocol        Pre: Preference
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Table : vpn1
              Destinations : 7        Routes : 7
      Destination/Mask  Proto  Pre  Cost     Flags  NextHop         Interface
           10.1.1.0/24  IBGP   255  0        RD     1.1.1.9         Vlanif30
           10.2.1.0/24  Direct 0    0        D      10.2.1.2        Vlanif40
           10.2.1.2/32  Direct 0    0        D      127.0.0.1       Vlanif40
         10.2.1.255/32  Direct 0    0        D      127.0.0.1       Vlanif40
         172.16.1.0/24  IBGP   255  0        RD     1.1.1.9         Vlanif30
        192.168.1.0/24  EBGP   255  0        D      10.2.1.1        Vlanif40
    255.255.255.255/32  Direct 0    0        D      127.0.0.1       InLoopBack0

    Run the display bgp routing-table peer received-routes command on CE2, and you can see that CE2 does not receive the route to 172.16.1.0/24.

    [~CE2] display bgp routing-table peer 10.2.1.2 received-routes
    
     BGP Local router ID is 10.2.1.1
     Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
                   h - history,  i - internal, s - suppressed, S - Stale
                   Origin : i - IGP, e - EGP, ? - incomplete
     RPKI validation codes: V - valid, I - invalid, N - not-found
    
                                                                                    
     Total Number of Routes: 2                                                      
            Network            NextHop        MED        LocPrf    PrefVal Path/Ogn 
                                                                                    
     *>     10.1.1.0/24        10.2.1.2                              0      100?    
     *      10.2.1.0/24        10.2.1.2        0                     0      100?    
    

  2. Configure BGP AS number substitution.

    Configure BGP AS number substitution on the PE devices.

    # Configure PE2. (The configuration on PE1 is the same.)

    [~PE2] bgp 100
    [~PE2-bgp] ipv4-family vpn-instance vpn1
    [~PE2-bgp-vpn1] peer 10.2.1.1 substitute-as
    [*PE2-bgp-vpn1] quit
    [*PE2-bgp] quit
    [*PE2] commit

    Check information about routes accepted by CE2 and the routing table of CE2.

    [~CE2] display bgp routing-table peer 10.2.1.2 received-routes
    
     BGP Local router ID is 10.2.1.1
     Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
                   h - history,  i - internal, s - suppressed, S - Stale
                   Origin : i - IGP, e - EGP, ? - incomplete
     RPKI validation codes: V - valid, I - invalid, N - not-found
    
                                                                                    
                                                                                    
     Total Number of Routes: 3                                                      
            Network            NextHop        MED        LocPrf    PrefVal Path/Ogn 
                                                                                    
     *>     10.1.1.0/24        10.2.1.2                              0      100?    
     *      10.2.1.0/24        10.2.1.2        0                     0      100?    
     *>    172.16.1.0/24       10.2.1.2                              0      100 100?
    [~CE2] display ip routing-table
    Proto: Protocol        Pre: Preference
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
    ------------------------------------------------------------------------------
    Routing Table : _public_
             Destinations : 12        Routes : 12
      Destination/Mask  Proto  Pre  Cost       Flags  NextHop         Interface
           10.1.1.0/24  EBGP   255  0          D      10.2.1.2        Vlanif40
           10.2.1.0/24  Direct 0    0          D      10.2.1.1        Vlanif40
           10.2.1.1/32  Direct 0    0          D      127.0.0.1       Vlanif40
         10.2.1.255/32  Direct 0    0          D      127.0.0.1       Vlanif40
         172.16.1.1/24  EBGP   255  0          D      10.2.1.2        Vlanif40
           127.0.0.0/8  Direct 0    0          D      127.0.0.1       InLoopBack0
          127.0.0.1/32  Direct 0    0          D      127.0.0.1       InLoopBack0
    127.255.255.255/32  Direct 0    0          D      127.0.0.1       InLoopBack0  
        192.168.1.0/24  Direct 0    0          D      127.0.0.1       Vlanif60
        192.168.1.1/32  Direct 0    0          D      127.0.0.1       Vlanif60
      192.168.1.255/32  Direct 0    0          D      127.0.0.1       Vlanif60
    255.255.255.255/32  Direct 0    0          D      127.0.0.1       InLoopBack0

    After configuring BGP AS number substitution on PE1, you can see that CE1 and CE2 can successfully ping each other.

    [~CE1] ping –a 172.16.1.1 192.168.1.1
      PING 192.168.1.1: 56  data bytes, press CTRL_C to break
        Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=253 time=109 ms
        Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=253 time=67 ms
        Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=253 time=66 ms
        Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=253 time=85 ms
        Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=253 time=70 ms
      --- 192.168.1.1 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 66/79/109 ms

Configuration Files

  • CE1 configuration file

    #
    sysname CE1
    #
    vlan batch 10 50
    #
    interface Vlanif10
     ip address 10.1.1.1 255.255.255.0
    #
    interface Vlanif50
     ip address 172.16.1.1 255.255.255.0
    #
    
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 50
    #
    bgp 600
     peer 10.1.1.2 as-number 100
     #
     ipv4-family unicast
      import-route direct
      peer 10.1.1.2 enable
    #
    return
  • PE1 configuration file

    #
    sysname PE1
    #
    vlan batch 10 20
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 100:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 1.1.1.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif10
     ip binding vpn-instance vpn1
     ip address 10.1.1.2 255.255.255.0
    # 
    interface Vlanif20
     ip address 20.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #  
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    bgp 100
     peer 3.3.3.9 as-number 100
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 3.3.3.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 3.3.3.9 enable
    #
     ipv4-family vpn-instance vpn1
      import-route direct
      peer 10.1.1.1 as-number 600
      peer 10.1.1.1 substitute-as
    #
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 20.1.1.0 0.0.0.255
    #
    return
  • P configuration file

    #
    sysname P
    #
    vlan batch 20 30
    #
    mpls lsr-id 2.2.2.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif20
     ip address 20.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif30
     ip address 30.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 30
    #  
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 20.1.1.0 0.0.0.255
      network 30.1.1.0 0.0.0.255
    #
    return
  • PE2 configuration file

    #
    sysname PE2
    #
    vlan batch 30 40
    #
    ip vpn-instance vpn1
     ipv4-family
      route-distinguisher 100:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 3.3.3.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif30
     ip address 30.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif40
     ip binding vpn-instance vpn1
     ip address 10.2.1.2 255.255.255.0
    # 
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 30
    #  
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    bgp 100
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 1.1.1.9 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 1.1.1.9 enable
    #
     ipv4-family vpn-instance vpn1
      import-route direct
      peer 10.2.1.1 as-number 600
      peer 10.2.1.1 substitute-as
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 30.1.1.0 0.0.0.255
    #
    return
  • CE2 configuration file

    #
    sysname CE2
    #
    vlan batch 40 60
    #
    interface Vlanif40
     ip address 10.2.1.1 255.255.255.0
    #
    interface Vlanif60
     ip address 192.168.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface 10GE2/0/2
     port link-type trunk
     port trunk allow-pass vlan 60
    #
    bgp 600
     peer 10.2.1.2 as-number 100
     #
     ipv4-family unicast
      import-route direct
      peer 10.2.1.2 enable
    #
    return
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 16371

Downloads: 26

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next