No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Summary of BGP/MPLS IP VPN Configuration Tasks

Summary of BGP/MPLS IP VPN Configuration Tasks

After basic BGP/MPLS IP VPN configurations are complete, a simple VPN network can be established using MPLS technology. To deploy specialized BGP/MPLS IP VPN networking, perform other configuration tasks listed in the following table.

Table 2-2 lists the BGP/MPLS IP VPN configuration tasks.

Table 2-2 BGP/MPLS IP VPN configuration tasks




Configure basic BGP/MPLS IP VPN functions.

This configuration establishes a simple BGP/MPLS IP VPN network with basic functions.

Configuring Basic BGP/MPLS IP VPN Functions

Configure BGP/MPLS IP VPN in various networking modes.

These configurations adjust the basic BGP/MPLS IP VPN functions in different networking mode to implement flexible communication and isolation between VPNs:
  • Intranet VPN and extranet VPN networking: The configurations are same as those in basic BGP/MPLS IP VPN networking except for the VPN target settings.
  • Hub and Spoke networking: Configure the Hub and Spoke.

Configuring Basic BGP/MPLS IP VPN Functions

Configuring the Hub and Spoke

Configure inter-AS VPN.

Configure inter-AS VPN if the backbone network spans multiple ASs. Three inter-AS VPN solutions are available and apply to different scenarios:
  • Inter-AS VPN Option A: Use this solution when only a few VPNs are configured on the PE devices. The ASBRs must support VPN instances.
  • Inter-AS VPN Option B: Use this solution when many VPNs are configured on the PE devices, and the ASBRs do not have enough interfaces to reserve an interface for each inter-AS VPN. The ASBRs must be able to maintain and advertise VPN-IPv4 routes.
  • Inter-AS VPN Option C: Use this solution when a large number of VPN routes need to be exchanged between ASs. This solution mitigates the loads on ASBRs so that they will not become a bottleneck on the network.

Configuring Inter-AS VPN Option A

Configuring Inter-AS VPN Option B

Configuring Inter-AS VPN Option C

Configure an MCE device.

An MCE device can connect to multiple VPNs, reducing the costs associated with using multiple CE devices. The MCE solution isolates services of different VPNs.

Configuring an MCE Device

Configure BGP/MPLS IP VPN reliability.

To improve VPN network reliability, you can use full-mesh connections on the backbone network, nested PE devices on the MPLS network, and CE dual-homing (or multi-homing) at the access layer. In this networking, a BGP route reflector (RR) can be configured to reduce the number of MP-IBGP connections. This configuration mitigates loads on the network devices and facilitates device maintenance and management.

The following technologies can also be used to improve VPN network reliability:

  • IP fast reroute (IP FRR) for VPN routes: enables traffic to be quickly switched to another PE-CE link if the primary route is unreachable. This technology reduces the IP service interruption time.
  • VPN fast reroute (VPN FRR): enables traffic to be quickly switched to another PE-PE link the primary link between them fails. This technology implements end-to-end fast convergence of VPN services.
  • VPN graceful restart (VPN GR): ensures uninterrupted forwarding of VPN traffic during an active/standby switchover on a PE, P, or CE device. This technology minimizes the impact of PE or CE failures on VPN services. Currently the switch can only function as the GR helper.

Configuring Route Reflection to Optimize the VPN Backbone Layer

Configuring IP FRR for VPN Routes

Configuring VPN FRR

Configuring VPN GR Helper

Configure VPN tunnel policies.

If you need to transmit VPN services over a specified traffic engineering (TE) tunnel or need to perform load balancing among multiple tunnels, configure VPN tunnel policies.

Configuring and Applying a Tunnel Policy

Connect VPNs to the Internet.

If users in a VPN need to connect to the Internet, configure interconnection between the VPN and the Internet.

Connecting a VPN to the Internet

Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14073

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next