No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Licensing Requirements and Limitations for BGP/MPLS IP VPN

Licensing Requirements and Limitations for BGP/MPLS IP VPN

Involved Network Elements

Other network elements are not required.

License Requirements

You can use the BGP/MPLS IP VPN feature only after the MPLS function is enabled. The MPLS function is controlled by a license. By default, MPLS is disabled on a new device. To use the MPLS function, apply for and purchase the license from the equipment supplier. You can use the MCE function independently without the need to enable MPLS, and MCE is not under license control.

Version Requirements

Table 2-3 Products and minimum version supporting BGP/MPLS IP VPN

Product Model

Minimum Version Required

CE12804, CE12808, CE12812

V100R001C00

CE12816

V100R003C00

CE12804S, CE12808S

V100R005C00

Table 2-4 Products and minimum version supporting IPv4 MCE

Product Model

Minimum Version Required

CE12804, CE12808, CE12812

V100R001C00

CE12816

V100R003C00

CE12804S, CE12808S

V100R005C00

CE12800E

V200R002C50

Feature Limitations

Limitations on BGP/MPLS IP VPN

  • CloudEngine series switches cannot function as PEs.
  • RIP-1 cannot run on the BGP/MPLS IP VPN backbone network.
  • If IP FRR is used on a private network to enable routes generated by different routing protocols to back up each other, a routing loop may occur during an active/standby switchover. Therefore, use IP FRR with caution.
  • Inter-AS VPN Option B and inter-AS VPN Option C do not support TE tunnels.
  • In inter-AS VPN Option C networking, do not enable LDP between ASBRs. If LDP is enabled on interfaces connecting the ASBRs, LDP sessions are established between the ASBRs. A large amount of LDP label resources are consumed when there are many BGP routes.
  • When implicit-null label is disabled in an inter-AS VPN Option B or C scenario, hash mis-sequencing may occur when MPLS packets are load balanced using ECMP and Eth-Trunk.

  • The device cannot learn ARP entries because Layer 3 main interfaces of different VPN instances have the same MAC address, As a result, the traffic fails to be forwarded. You need to use VLANIF interfaces. Ensure that the MAC addresses of VLANIF interfaces are different from each other.
  • In a scenario where two inter-AS VPN Option C segments are configured, the device does not allow packets decapsulated using BGP to enter the LDP tunnel; therefore, only unidirectional advertise routes can be configured between peers.

Limitations on BGP/MPLS IP VPN traffic statistics collection

  • Effective from V100R005C00, the switch supports only unicast BGP/MPLS IP VPN traffic statistics collection, and cannot collect statistics on error packets.
  • Enabling BGP/MPLS IP VPN traffic statistics collection may affect the forwarding performance. For example, some interfaces may be unable to forward packets at line speed when all interfaces on the switch are configured to forward data at line speed. Use BGP/MPLS IP VPN traffic statistics collection only when necessary.
  • If a GE interface on a 48-port card is added to VLANs in untagged mode, the switch cannot correctly collect outgoing VPN traffic statistics passing through the interface.
  • Some traffic statistics will be lost after an active/standby switchover or a card restart.
  • In BGP/MPLS IP VPN over MPLS TE scenarios:
    • When a tunnel policy is configured to load balance VPN traffic between multiple TE tunnels, collection of traffic statistics does not take effect on these TE tunnels.
    • If collection of traffic statistics is enabled for both MPLS TE traffic and BGP/MPLS IP VPN traffic, the function takes effect for MPLS TE traffic but not incoming BGP/MPLS IP VPN traffic.
  • When an Eth-Trunk main interface or its layer 3 sub-interface is bound to a VPN instance, and the traffic statistics collection function is enabled for VPNs, traffic statistics generated on an interface cannot be collected if the interface is removed from the Eth-Trunk or joins the Eth-Trunk and is forwarding traffic. In this case, the rate of the interface will be displayed incorrectly within a display interval.
  • When a BDIF interface is attached to a VPN instance, traffic statistics on the BDIF interface cannot be collected.

Limitations on deployment of BGP/MPLS IP VPN and other services

  • Only the Admin-VS in port mode supports BGP/MPLS IP VPN; all VSs in group mode support BGP/MPLS IP VPN.
  • In an MPLS VPN scenario, unicast reverse path forwarding (URPF) cannot be configured on the inbound interface of the MPLS tunnel's egress PE device. Otherwise, URPF may cause VPN traffic forwarding failures.
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14571

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next