No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Inter-AS IPv6 VPN Option B

Example for Configuring Inter-AS IPv6 VPN Option B

Networking Requirements

The headquarters and branches of an enterprise connect to networks of different carriers. To enable the headquarters and branches to communicate with each other, inter-AS BGP/MPLS IPv6 VPN needs to be implemented. As shown in Figure 3-6, CE1 is located in the headquarters and connects to PE1 in AS 100. CE2 is located at the branch and connects to PE2 in AS 200. Both CE1 and CE2 belong to VPN1.

Figure 3-6 Inter-AS IPv6 VPN Option B networking

Configuration Roadmap

Inter-AS IPv6 VPN Option B can be deployed to meet the enterprise's requirements. The configuration roadmap is as follows:

  1. On the MPLS backbone networks in AS 100 and AS 200, configure an IGP protocol to enable the PEs and ASBR-PEs to communicate with each other.
  2. Configure the basic MPLS capabilities and MPLS LDP on the MPLS backbone networks to establish LDP LSPs in each AS.
  3. Establish an MP-IBGP peer relationship between the PE and ASBR-PE in each AS to exchange VPN routing information.
  4. Configure a VPN instance on the PE in each AS and bind the VPN instance to the interface connected to the CE.
  5. Establish an EBGP peer relationship between the PE and CE in each AS to exchange VPN routing information.
  6. Configure inter-AS IPv6 VPN Option B:
    1. Set up an MP-EBGP peer relationship between the ASBR-PEs so that they can advertise VPNv6 routes in the local AS to the peer ASBR-PE.
    2. Configure the ASBR-PEs to accept all the VPNv6 routes without filtering the routes based on VPN targets.

Procedure

  1. Create VLANs, configure the allowed VLANs on interfaces, and assign IP addresses to the VLANIF interfaces and loopback interfaces according to Figure 3-6.

    # Configure PE1.

    <HUAWEI> system-view
    [~HUAWEI] sysname PE1
    [*HUAWEI] commit
    [~PE1] interface loopback 1
    [*PE1-LoopBack1] ip address 1.1.1.9 32
    [*PE1-LoopBack1] quit
    [*PE1] vlan batch 10 11
    [*PE1] interface 10ge 1/0/1
    [*PE1-10GE1/0/1] port link-type trunk
    [*PE1-10GE1/0/1] port trunk allow-pass vlan 11
    [*PE1-10GE1/0/1] quit
    [*PE1] interface 10ge 1/0/2
    [*PE1-10GE1/0/2] port link-type trunk
    [*PE1-10GE1/0/2] port trunk allow-pass vlan 10
    [*PE1-10GE1/0/2] quit
    [*PE1] interface vlanif 11
    [*PE1-Vlanif11] ip address 172.1.1.2 24
    [*PE1-Vlanif11] quit
    [*PE1] commit
    

    The configurations of PE2, CE1, CE2, ASBR-PE1, and ASBR-PE2 are the same as that of PE1.

  2. On the MPLS backbone networks in AS 100 and AS 200, configure an IGP protocol to enable the PEs and ASBR-PEs to communicate with each other.

    # Configure PE1.

    [~PE1] ospf
    [*PE1-ospf-1] area 0
    [*PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [*PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
    [*PE1-ospf-1-area-0.0.0.0] quit
    [*PE1-ospf-1] quit
    [*PE1] commit
    

    The configurations of PE2 and ASBR-PEs are the same as that of PE1.

    After the configuration is complete, the ASBR-PE and PE in the same AS can establish an OSPF neighbor relationship. Run the display ospf peer command, and you can see that the status of the neighbor relationship is Full.

    The ASBR-PE and PE in the same AS have obtained the address of Loopback1 interface of each other and can ping Loopback1 interface address of each other.

  3. Configure basic MPLS capabilities and MPLS LDP on the MPLS backbone networks of AS 100 and AS 200 respectively and establish MPLS LDP LSPs.

    # Configure basic MPLS capabilities on PE1 and enable LDP on the interface connected to ASBR-PE1.

    [~PE1] mpls lsr-id 1.1.1.9
    [*PE1] mpls
    [*PE1-mpls] quit
    [*PE1] mpls ldp
    [*PE1-mpls-ldp] quit
    [*PE1] interface vlanif 11
    [*PE1-Vlanif11] mpls
    [*PE1-Vlanif11] mpls ldp
    [*PE1-Vlanif11] quit
    [*PE1] commit

    # Configure basic MPLS capabilities on ASBR-PE1 and enable LDP on the interface connected to PE1.

    [~ASBR-PE1] mpls lsr-id 2.2.2.9
    [*ASBR-PE1] mpls
    [*ASBR-PE1-mpls] quit
    [*ASBR-PE1] mpls ldp
    [*ASBR-PE1-mpls-ldp] quit
    [*ASBR-PE1] interface vlanif 11
    [*ASBR-PE1-Vlanif11] mpls
    [*ASBR-PE1-Vlanif11] mpls ldp
    [*ASBR-PE1-Vlanif11] quit
    [*ASBR-PE1] commit

    # Configure basic MPLS capabilities on ASBR-PE2 and enable LDP on the interface connected to PE2.

    [~ASBR-PE2] mpls lsr-id 3.3.3.9
    [*ASBR-PE2] mpls
    [*ASBR-PE2-mpls] quit
    [*ASBR-PE2] mpls ldp
    [*ASBR-PE2-mpls-ldp] quit
    [*ASBR-PE2] interface vlanif 22
    [*ASBR-PE2-Vlanif22] mpls
    [*ASBR-PE2-Vlanif22] mpls ldp
    [*ASBR-PE2-Vlanif22] quit
    [*ASBR-PE2] commit

    # Configure basic MPLS capabilities on PE2 and enable LDP on the interface connected to ASBR-PE2.

    [~PE2] mpls lsr-id 4.4.4.9
    [*PE2] mpls
    [*PE2-mpls] quit
    [*PE2] mpls ldp
    [*PE2-mpls-ldp] quit
    [*PE2] interface vlanif 22
    [*PE2-Vlanif22] mpls
    [*PE2-Vlanif22] mpls ldp
    [*PE2-Vlanif22] quit
    [*PE2] commit

    After the configuration is complete, the PE and ASBR-PE in the same AS can establish an LDP peer relationship. Run the display mpls ldp session command on the PE and ASBR-PE, and you can see that the status is Operational.

  4. Configure basic BGP/MPLS IPv6 VPN functions in AS 100 and AS 200.

    NOTE:

    The VPN targets of the IPv6 VPN instances on the ASBR-PE and PE in an AS must match. In different ASs, the VPN targets of the PEs do not need to match.

    # Configure CE1. The configuration on CE2 is the same as that of CE1.

    [~CE1] interface vlanif 10
    [*CE1-Vlanif10] ipv6 enable
    [*CE1-Vlanif10] ipv6 address 2001::1 64
    [*CE1-Vlanif10] quit
    [*CE1] bgp 65001
    [*CE1-bgp] router-id 10.10.10.10
    [*CE1-bgp] peer 2001::2 as-number 100
    [*CE1-bgp] ipv6-family unicast
    [*CE1-bgp-af-ipv6] peer 2001::2 enable
    [*CE1-bgp-af-ipv6] import-route direct
    [*CE1-bgp-af-ipv6] quit
    [*CE1-bgp] quit
    [*CE1] commit

    # On PE1, establish an EBGP peer relationship with CE1. The configuration on PE2 is the same as that of PE1.

    [~PE1] ip vpn-instance vpn1
    [*PE1-vpn-instance-vpn1] ipv6-family
    [*PE1-vpn-instance-vpn1-af-ipv6] route-distinguisher 100:1
    [*PE1-vpn-instance-vpn1-af-ipv6] vpn-target 1:1 both
    [*PE1-vpn-instance-vpn1-af-ipv6] quit
    [*PE1-vpn-instance-vpn1] quit
    [*PE1] interface vlanif 10
    [*PE1-Vlanif10] ipv6 enable
    [*PE1-Vlanif10] ip binding vpn-instance vpn1
    [*PE1-Vlanif10] ipv6 address 2001::2 64
    [*PE1-Vlanif10] quit
    [*PE1] bgp 100
    [*PE1-bgp] ipv6-family vpn-instance vpn1
    [*PE1-bgp-6-vpn1] peer 2001::1 as-number 65001
    [*PE1-bgp-6-vpn1] import-route direct
    [*PE1-bgp-6-vpn1] quit
    [*PE1-bgp] quit
    [*PE1] commit

    # On PE1, establish an MP-IBGP peer relationship with ASBR-PE1. The configuration on PE2 is the same as that of PE1.

    [~PE1] bgp 100
    [*PE1-bgp] peer 2.2.2.9 as-number 100
    [*PE1-bgp] peer 2.2.2.9 connect-interface loopback 1
    [*PE1-bgp] ipv6-family vpnv6
    [*PE1-bgp-af-vpnv6] peer 2.2.2.9 enable
    [*PE1-bgp-af-vpnv6] quit
    [*PE1-bgp] quit
    [*PE1] commit

    # On ASBR-PE1, establish an MP-IBGP peer relationship with PE1. The configuration on ASBR-PE2 is the same as that of ASBR-PE1.

    [~ASBR-PE1] bgp 100
    [*ASBR-PE1-bgp] peer 1.1.1.9 as-number 100
    [*ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback 1
    [*ASBR-PE1-bgp] ipv6-family vpnv6
    [*ASBR-PE1-bgp-af-vpnv6] peer 1.1.1.9 enable
    [*ASBR-PE1-bgp-af-vpnv6] quit
    [*ASBR-PE1-bgp] quit
    [*ASBR-PE1] commit

    After the configuration is complete, run the display bgp vpnv6 vpn-instance peer command on the PEs. The command output shows that the BGP peer relationships have been established between the PEs and CEs. Run the display bgp vpnv6 all peer command on the PEs. The command output shows that the BGP peer relationships have been established between the PEs and CEs, and between the PEs and ASBR-PEs.

    The display on PE1 is used as an example.

    [~PE1] display bgp vpnv6 vpn-instance vpn1 peer
     BGP local router ID        : 1.1.1.9                                           
     Local AS number            : 100                                               
     Total number of peers      : 1                                                 
     Peers in established state : 1
    
      VPN-Instance vpn1, Router ID 1.1.1.9:
      Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv
    
      2001::1         4       65001       14       12     0 00:08:36 Established        1
    
    [~PE1] display bgp vpnv6 all peer
     BGP local router ID        : 1.1.1.9                                    
     Local AS number            : 100                                               
     Total number of peers      : 2                                                 
     Peers in established state : 2
    
      Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv
    
      2.2.2.9         4         100       13       12     0 00:09:10 Established        0
    
      Peer of IPv6-family for vpn instance :
    
      VPN-Instance vpn1, Router ID 1.1.1.9:
      Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv
      2001::1         4       65001       17       14     0 00:11:09 Established        1

  5. Configure inter-AS VPN Option B.

    # On ASBR-PE1, enable MPLS on VLANIF12 connected to ASBR-PE2.

    [~ASBR-PE1] interface vlanif 12
    [~ASBR-PE1-Vlanif12] mpls
    [*ASBR-PE1-Vlanif12] quit
    [*ASBR-PE1] commit

    # On ASBR-PE2, enable MPLS on VLANIF12 connected to ASBR-PE1.

    [~ASBR-PE2] interface vlanif 12
    [~ASBR-PE2-Vlanif12] mpls
    [*ASBR-PE2-Vlanif12] quit
    [*ASBR-PE2] commit

    # Set up an MP-EBGP peer relationship between ASBR-PE1 and ASBR-PE2 and configure them not to filter VPNv6 routes based on VPN targets.

    [~ASBR-PE1] bgp 100
    [~ASBR-PE1-bgp] peer 192.1.1.2 as-number 200
    [*ASBR-PE1-bgp] ipv6-family vpnv6
    [*ASBR-PE1-bgp-af-vpnv6] peer 192.1.1.2 enable
    [*ASBR-PE1-bgp-af-vpnv6] undo policy vpn-target
    [*ASBR-PE1-bgp-af-vpnv6] quit
    [*ASBR-PE1-bgp] quit
    [*ASBR-PE1] commit
    [~ASBR-PE2] bgp 200
    [~ASBR-PE2-bgp] peer 192.1.1.1 as-number 100
    [*ASBR-PE2-bgp] ipv6-family vpnv6
    [*ASBR-PE2-bgp-af-vpnv6] peer 192.1.1.1 enable
    [*ASBR-PE2-bgp-af-vpnv6] undo policy vpn-target
    [*ASBR-PE2-bgp-af-vpnv6] quit
    [*ASBR-PE2-bgp] quit
    [*ASBR-PE2] commit

  6. Verify the configuration.

    After the configuration is complete, CE1 and CE2 learn routes to interfaces on each other and can ping each other successfully.

    [~CE1] ping ipv6 2002::1
      PING 2002::1 : 56  data bytes, press CTRL_C to break
        Reply from 2002::1
        bytes=56 Sequence=1 hop limit=60  time = 94 ms
        Reply from 2002::1
        bytes=56 Sequence=2 hop limit=60  time = 109 ms
        Reply from 2002::1
        bytes=56 Sequence=3 hop limit=60  time = 110 ms
        Reply from 2002::1
        bytes=56 Sequence=4 hop limit=60  time = 94 ms
        Reply from 2002::1
        bytes=56 Sequence=5 hop limit=60  time = 110 ms
    
      --- 2002::1 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 94/103/110 ms

    Run the display bgp vpnv6 all routing-table command on an ASBR-PE, and you can see the IPv6 VPN routes on the ASBR-PE.

    [~ASBR-PE1] display bgp vpnv6 all routing-table
     BGP Local router ID is 192.1.1.1
     Status codes: * - valid, > - best, d - damped, h - history,                    
                   i - internal, s - suppressed, S - Stale                          
     Origin      : i - IGP, e - EGP, ? - incomplete 
    
    
     Total number of routes from all PE: 2
     Route Distinguisher: 100:1
    
     *>i Network  : 2001::1                                  PrefixLen : 64  
         NextHop  : ::FFFF:1.1.1.9                           LocPrf    : 100 
         MED      : 0                                        PrefVal   : 0
         Label    : 21/23
         Path/Ogn : 65001?
     Route Distinguisher: 200:2
    
     *>  Network  : 2002::1                                  PrefixLen : 64  
         NextHop  : ::FFFF:192.1.1.2                         LocPrf    :   
         MED      :                                          PrefVal   : 0
         Label    : 25/25
         Path/Ogn : 200 65002?

Configuration Files

  • CE1 configuration file

    #
    sysname CE1
    #
    vlan batch 10
    #
    interface Vlanif10 
     ipv6 enable
     ipv6 address 2001::1/64
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    bgp 65001
     router-id 10.10.10.10
     peer 2001::2 as-number 100
     #
     ipv6-family unicast
      import-route direct
      peer 2001::2 enable
    #
    return
  • PE1 configuration file

    #
    sysname PE1
    #
    vlan batch 10 to 11
    #
    ip vpn-instance vpn1
     ipv6-family
      route-distinguisher 100:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 1.1.1.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif10
     ip binding vpn-instance vpn1
     ipv6 enable
     ipv6 address 2001::2/64
    #
    interface Vlanif11
     ip address 172.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 11
    #
    interface 10GE1/0/2
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #                                                                               
    bgp 100                                                                         
     peer 2.2.2.9 as-number 100                                                     
     peer 2.2.2.9 connect-interface LoopBack1                                       
     #                                                                              
     ipv4-family unicast                                                            
      peer 2.2.2.9 enable                                                           
     #                                                                              
     ipv6-family vpnv6                                                              
      policy vpn-target                                                             
      peer 2.2.2.9 enable                                                           
     #                                                                              
     ipv6-family vpn-instance vpn1                                                  
      import-route direct                                                           
      peer 2001::1 as-number 65001                                                  
    #   
    ospf 1
     area 0.0.0.0
      network 1.1.1.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
    #
    return
  • ASBR-PE1 configuration file

    #
    sysname ASBR-PE1
    #
    vlan batch 11 to 12
    #
    mpls lsr-id 2.2.2.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif11
     ip address 172.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface Vlanif12
     ip address 192.1.1.1 255.255.255.0
     mpls
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 11
    #
    interface 10GE1/0/2
     port link-type trunk
     port trunk allow-pass vlan 12
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    bgp 100
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1
     peer 192.1.1.2 as-number 200
     #
     ipv4-family unicast
      peer 1.1.1.9 enable
      peer 192.1.1.2 enable
     #
     ipv6-family vpnv6
      undo policy vpn-target
      peer 1.1.1.9 enable
      peer 192.1.1.2 enable
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
    #
    return
  • ASBR-PE2 configuration file

    #
    sysname ASBR-PE2
    #
    vlan batch 12 22
    #
    mpls lsr-id 3.3.3.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif12
     ip address 192.1.1.2 255.255.255.0
     mpls
    #
    interface Vlanif22
     ip address 162.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 22
    #
    interface 10GE1/0/2
     port link-type trunk
     port trunk allow-pass vlan 12
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    bgp 200
     peer 4.4.4.9 as-number 200
     peer 4.4.4.9 connect-interface LoopBack1
     peer 192.1.1.1 as-number 200
    #
     ipv4-family unicast
      peer 4.4.4.9 enable
      peer 192.1.1.1 enable
     #
     ipv6-family vpnv6
      undo policy vpn-target
      peer 4.4.4.9 enable
      peer 192.1.1.1 enable
    #
    ospf 1
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0
      network 162.1.1.0 0.0.0.255
    #
    return
  • PE2 configuration file

    #
    sysname PE2
    #
    vlan batch 10 22
    #
    ip vpn-instance vpn1
     ipv6-family
      route-distinguisher 200:1
      vpn-target 1:1 export-extcommunity
      vpn-target 1:1 import-extcommunity
    #
    mpls lsr-id 4.4.4.9
    #
    mpls
    #
    mpls ldp
     #
     ipv4-family
    #
    interface Vlanif10
     ip binding vpn-instance vpn1
     ipv6 enable
     ipv6 address 2002::2/64
    #
    interface Vlanif22
     ip address 162.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 22
    #
    interface 10GE1/0/2
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface LoopBack1
     ip address 4.4.4.9 255.255.255.255
    #
    bgp 200
     peer 3.3.3.9 as-number 200
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      peer 3.3.3.9 enable
     #
     ipv6-family vpnv6
      policy vpn-target
      peer 3.3.3.9 enable
     #
     ipv6-family vpn-instance vpn1
      import-route direct
      peer 2002::1 as-number 65002
    #
    ospf 1
     area 0.0.0.0
      network 4.4.4.9 0.0.0.0
      network 162.1.1.0 0.0.0.255
    #
    return
  • CE2 configuration file

    #
    sysname CE2
    #
    vlan batch 10
    #
    interface Vlanif10
     ipv6 enable
     ipv6 address 2002::1/64
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    bgp 65002
     router-id 20.20.20.20
     peer 2002::2 as-number 200
     #
     ipv6-family unicast
      import-route direct
      peer 2002::2 enable
    #
    return
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14549

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next