No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring FRR for Private Network IPv6 Routes

Example for Configuring FRR for Private Network IPv6 Routes

Networking Requirements

Different CEs at a VPN site use BGP to access the same PE. The PE learns multiple IPv6 VPN routes with the same VPN prefix from the CEs. To enable these routes to back up each other, you can deploy FRR for private network IPv6 routes. After this function is configured, the PE generates a primary route and a backup route to the same destination on the private network. Then, IPv6 traffic can be quickly switched to the link where the backup route resides in case that the link where the primary route resides is faulty.

On the network shown in Figure 3-10, an EBGP peer relationship is set up between the PE and each CE. There are two BGP routes from the PE to the Loopback1 interface on SwitchA. The optimal route resides on Link_A; the sub-optimal route resides on Link_B. It is required that auto FRR for private network IPv6 routes be deployed on the PEs so that if Link_A fails, IPv6 traffic can be quickly switched to Link_B.

Figure 3-10 Configuring FRR for private network IPv6 routes

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure an IGP at the VPN site to advertise the routes to the Loopback1 interface on SwitchA to CE1 and CE2.

  2. Configure a VPN instance named vpna supporting the IPv6 address family on the PE, and bind VLANIF10 and VLANIF20 to vpna.

  3. Establish an EBGP peer relationship between the PE and CE1, and between the PE and CE2. On CE1 and CE2, configure the IGP and BGP to import routes from each other.

  4. Enable auto FRR for private network IPv6 routes on the PE.

NOTE:

Ensure that STP is disabled.

Procedure

  1. Configure IPv6 addresses for the interfaces on the devices at the VPN site.

    For details, see the corresponding configuration file in this section.

  2. Configure an IGP at the VPN site to advertise the routes to the Loopback1 interface on SwitchA to CE1 and CE2. In this example, OSPFv3 is used as the IGP.

    # Configure CE1.

    [~CE1] ospfv3 1
    [*CE1-ospfv3-1] router-id 2.2.2.2
    [*CE1-ospfv3-1] quit
    [*CE1] interface vlanif 30
    [*CE1-Vlanif30] ospfv3 1 area 0.0.0.0
    [*CE1-Vlanif30] quit
    [*CE1] commit

    The configurations of CE2 and SwitchA are the same as that of CE1. For details, see the corresponding configuration file in this section.

    After the configuration is complete, run the display ipv6 routing-table command on the CEs. You can see that CE1 and CE2 have learned the routes to the Loopback1 interface on SwitchA. The display on CE1 is used as an example.

    [~CE1] display ipv6 routing-table
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route 
    ------------------------------------------------------------------------------
    Routing Table : _public_
             Destinations : 10        Routes : 10
    
     Destination  : ::1                             PrefixLength : 128
     NextHop      : ::1                             Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : InLoopBack0                     Flags        : D
    
     Destination  : ::FFFF:127.0.0.0                PrefixLength : 104
     NextHop      : ::FFFF:127.0.0.1                Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : InLoopBack0                     Flags        : D
     
     Destination  : ::FFFF:127.0.0.1                PrefixLength : 128
     NextHop      : ::1                             Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : InLoopBack0                     Flags        : D 
    
     Destination  : 2000::                          PrefixLength : 64
     NextHop      : 2000::2                         Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : VLANIF10                        Flags        : D
    
     Destination  : 2000::2                         PrefixLength : 128
     NextHop      : ::1                             Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : VLANIF10                        Flags        : D
    
     Destination  : FC00:1:                         PrefixLength : 64
     NextHop      : FC00:1::1                       Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : VLANIF20                        Flags        : D
    
     Destination  : FC00:1::1                       PrefixLength : 128
     NextHop      : ::1                             Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : VLANIF20                        Flags        : D
    
     Destination  : FC00:2::                        PrefixLength : 64
     NextHop      : FE80::5451:0:FAC1:1             Preference   : 10
     Cost         : 3124                            Protocol     : OSPFv3
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : VLANIF20                        Flags        : D
    
     Destination  : FC00:3::1                       PrefixLength : 128
     NextHop      : FE80::5451:0:FAC1:1             Preference   : 10
     Cost         : 1562                            Protocol     : OSPFv3
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : VLANIF20                        Flags        : D
    
     Destination  : FE80::                          PrefixLength : 10
     NextHop      : ::                              Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : NULL0                           Flags        : D

  3. Configure a VPN instance supporting the IPv6 address family on each PE and bind the VPN instance to the interface connected to each CE.

    # Configure a VPN instance named vpna on the PE, and bind VLANIF10 and VLANIF20 to the instance.

    [~PE] ip vpn-instance vpna
    [*PE-vpn-instance-vpna] ipv6-family
    [*PE-vpn-instance-vpna-af-ipv6] route-distinguisher 100:1
    [*PE-vpn-instance-vpna-af-ipv6] vpn-target 100:100
    [*PE-vpn-instance-vpna-af-ipv6] quit
    [*PE-vpn-instance-vpna] quit
    [*PE] interface vlanif 10
    [*PE-Vlanif10] ip binding vpn-instance vpna
    [*PE-Vlanif10] ipv6 enable
    [*PE-Vlanif10] ipv6 address 2000::1 64
    [*PE-Vlanif10] quit
    [*PE] interface vlanif 20
    [*PE-Vlanif20] ip binding vpn-instance vpna
    [*PE-Vlanif20] ipv6 enable
    [*PE-Vlanif20] ipv6 address 2001::1 64
    [*PE-Vlanif20] quit
    [*PE] commit

  4. Establish EBGP peer relationships between the PE and CEs.

    # Configure the PE.

    [~PE] bgp 100
    [*PE-bgp] ipv6-family vpn-instancee vpna
    [*PE-bgp-6-vpna] peer 2000::2 as-number 65410
    [*PE-bgp-6-vpna] peer 2001::2 as-number 65410
    [*PE-bgp-6-vpna] quit
    [*PE-bgp] quit
    [*PE] commit

    # Configure CE1.

    [~CE1] bgp 65410
    [*CE1-bgp] peer 2000::1 as-number 100
    [*CE1-bgp] ipv6-family unicast
    [*CE1-bgp-af-ipv6] peer 2000::1 enable
    [*CE1-bgp-af-ipv6] quit
    [*CE1-bgp] quit
    [*CE1] commit

    The configuration of CE2 is the same as that of CE1. For details, see the corresponding configuration file in this section.

    After the configuration is complete, run the display bgp vpnv6 vpn-instance vpna peer command on the PE. You can see that the status of the EBGP peer relationships between the PE and CEs is Established.

    [~PE] display bgp vpnv6 vpn-instance vpna peer
    
     BGP local router ID : 1.1.1.1
     Local AS number : 100
     Total number of peers : 2                 Peers in established state : 2
    
      Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State PrefRcv
    
      2000::2         4       65410       35       37     0 00:24:31 Established   3
      2001::2         4       65410       41       43     0 00:24:03 Established   3

  5. Configure route exchange between OSPFv3 and BGP on the CEs.

    Configure OSPFv3 routes on the CEs to import them into BGP. To make the PE select the route along Link_A as the optimal route, ensure that the MED configured for the OSPFv3 routes imported into BGP on CE1 is smaller than that configured on CE2.

    # Configure CE1.

    [~CE1] bgp 65410
    [~CE1-bgp] ipv6-family unicast
    [~CE1-bgp-af-ipv6] import-route ospfv3 1 med 100
    [*CE1-bgp-af-ipv6] quit
    [*CE1-bgp] quit
    [*CE1] commit

    # Configure CE2.

    [~CE2] bgp 65410
    [~CE2-bgp] ipv6-family unicast
    [~CE2-bgp-af-ipv6] import-route ospfv3 1 med 500
    [*CE2-bgp-af-ipv6] quit
    [*CE2-bgp] quit
    [*CE2] commit

    # Import BGP routes into OSPFv3 on CE1.

    [~CE1] ospfv3 1
    [~CE1-ospfv3-1] import-route bgp
    [*CE1-ospfv3-1] quit
    [*CE1] commit

    # Import BGP routes into OSPFv3 on CE2.

    [~CE2] ospfv3 1
    [~CE2-ospfv3-1] import-route bgp
    [*CE2-ospfv3-1] quit
    [*CE2] commit

    After the configuration is complete, run the display ipv6 routing-table vpn-instance command on the PE. You can see the route to the Loopback1 interface on SwitchA.

    [~PE] display ipv6 routing-table vpn-instance vpna
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route 
    ------------------------------------------------------------------------------
    Routing Table : vpna
             Destinations : 8        Routes : 8
    
     Destination  : 2000::                          PrefixLength : 64
     NextHop      : 2000::1                         Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : VLANIF10                        Flags        : D
    
     Destination  : 2000::1                         PrefixLength : 128
     NextHop      : ::1                             Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : VLANIF20                        Flags        : D
    
     Destination  : 2001::                          PrefixLength : 64
     NextHop      : 2001::1                         Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : VLANIF20                        Flags        : D
    
     Destination  : 2001::1                         PrefixLength : 128
     NextHop      : ::1                             Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : VLANIF10                        Flags        : D
    
     Destination  : FC00:1::                        PrefixLength : 64
     NextHop      : 2000::2                         Preference   : 255
     Cost         : 100                             Protocol     : BGP
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : VLANIF10                        Flags        : D
    
     Destination  : FC00:2::                        PrefixLength : 64
     NextHop      : 2001::2                         Preference   : 255
     Cost         : 0                               Protocol     : BGP
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : VLANIF20                        Flags        : D
    
     Destination  : FC00:3::1                       PrefixLength : 128
     NextHop      : 2000::2                         Preference   : 255
     Cost         : 100                             Protocol     : BGP
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : VLANIF10                        Flags        : D
    
     Destination  : FE80::                          PrefixLength : 10
     NextHop      : ::                              Preference   : 0
     Cost         : 0                               Protocol     : Direct
     RelayNextHop : ::                              TunnelID     : 0x0
     Interface    : NULL0                           Flags        : D

  6. Enable auto FRR for private network IPv6 routes on the PE.

    # Configure the PE.

    [~PE] bgp 100
    [~PE-bgp] ipv6-family vpn-instance vpna
    [*PE-bgp-6-vpna] auto-frr
    [*PE-bgp-6-vpna] quit
    [*PE-bgp] quit
    [*PE] commit
    NOTE:

    The auto-frr command run in the BGP-VPN instance IPv6 address family view is valid only for BGP routes.

  7. Verify the configuration.

    Run the display ipv6 routing-table vpn-instance command on the PE. You can see that the next hop to FC00:3::1/128 is 2000::2, and the PE has a backup next hop and a backup outbound interface.

    [~PE] display ipv6 routing-table vpn-instance vpna FC00:3::1 verbose
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route 
    ------------------------------------------------------------------------------
    Routing Table : vpna                                                            
    Summary Count : 1                                                               
                                                                                    
    Destination  : FC00:3::1                               PrefixLength : 128       
    NextHop      : 2000::2                                 Preference   : 255
    Neighbour    : ::                                      ProcessID    : 0         
    Label        : NULL                                    Protocol     : EBGP      
    State        : Active Adv Relied                       Cost         : 100       
    Entry ID     : 0                                       EntryFlags   : 0x00000000
    Reference Cnt: 0                                       Tag          : 0         
    Priority     : low                                     Age          : 36sec     
    IndirectID   : 0x2600016C                                                       
    RelayNextHop : 2000::2                                 TunnelID     : 0x0       
    Interface    : Vlanif10                                Flags        : RD        
    BkNextHop    : 2001::2                                 BkInterface  : Vlanif20
    BkLabel      : NULL                                    BkTunnelID   : 0x0       
    BkPETunnelID : 0x0                                     BkIndirectID : 0x26000166
                                                                                    

    When 10GE1/0/2 on CE1 becomes Down, Link_A is disconnected.

    [~CE1] interface 10ge 1/0/2
    [~CE1-10GE1/0/2] shutdown
    [*CE1-10GE1/0/2] quit
    [*CE1] commit

    Run the display ipv6 routing-table vpn-instance command again on the PE. You can see that the next hop to FC00:3::1/128 is 2001::2, and the PE does not have a backup next hop or a backup outbound interface.

    [~PE] display ipv6 routing-table vpn-instance vpna FC00:3::1 verbose
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route 
    ------------------------------------------------------------------------------
    Routing Table : vpna                                                            
    Summary Count : 1                                                               
                                                                                    
    Destination  : FC00:3::1                               PrefixLength : 128       
    NextHop      : 2001::2                                 Preference   : 255
    Neighbour    : ::                                      ProcessID    : 0         
    Label        : NULL                                    Protocol     : EBGP      
    State        : Active Adv Relied                       Cost         : 500       
    Entry ID     : 0                                       EntryFlags   : 0x00000000
    Reference Cnt: 0                                       Tag          : 0         
    Priority     : low                                     Age          : 5sec      
    IndirectID   : 0x26000166                                                       
    RelayNextHop : 2001::2                                 TunnelID     : 0x0       
    Interface    : Vlanif20                                Flags        : RD     

    The command output shows that FRR for private network IPv6 routes has taken effect.

Configuration Files

  • PE configuration file
    #
    sysname PE
    #
    vlan batch 10 20
    #
    ip vpn-instance vpna
     ipv6-family
      route-distinguisher 100:1
      vpn-target 100:100 export-extcommunity
      vpn-target 100:100 import-extcommunity
    #
    interface Vlanif10
     ip binding vpn-instance vpna
     ipv6 enable
     ipv6 address 2000::1/64
    #
    interface Vlanif20
     ip binding vpn-instance vpna
     ipv6 enable
     ipv6 address 2001::1/64
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE1/0/2
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    bgp 100
     peer 2000::2 as-number 65410
     peer 2001::2 as-number 65410
     #
     ipv4-family unicast
     #
     ipv6-family vpnv6
      policy vpn-target
     #
     ipv6-family vpn-instancee vpna
      auto-frr
      peer 2000::2 as-number 65410
      peer 2001::2 as-number 65410
    #
    return
    
  • CE1 configuration file
    #
    sysname CE1
    #
    vlan batch 10 30
    #
    ospfv3 1
     router-id 2.2.2.2
     import-route bgp
    #
    interface Vlanif10
     ipv6 enable
     ipv6 address 2000::2/64
    #
    interface Vlanif30
     ipv6 enable
     ipv6 address FC00:1::1/64
     ospfv3 1 area 0.0.0.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    interface 10GE1/0/2
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface LoopBack1
     ip address 2.2.2.2 255.255.255.255
    #
    bgp 65410
     peer 2000::1 as-number 100
     #
     ipv4-family unicast
     #
     ipv6-family unicast
      import-route ospfv3 1 med 100
      peer 2000::1 enable
    #
    return
  • CE2 configuration file
    #
    sysname CE2
    #
    vlan batch 20 40
    #
    ospfv3 1
     router-id 3.3.3.3
     import-route bgp
    #
    interface Vlanif20
     ipv6 enable
     ipv6 address 2001::2/64
    #
    interface Vlanif40
     ipv6 enable
     ipv6 address FC00:2::1/64
     ospfv3 1 area 0.0.0.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    interface 10GE1/0/2
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack1
     ip address 3.3.3.3 255.255.255.255
    #
    bgp 65410
     peer 2001::1 as-number 100
     #
     ipv4-family unicast
     #
     ipv6-family unicast
      import-route ospfv3 1 med 500
      peer 2001::1 enable
    #
    return
  • SwitchA configuration file
    #
    sysname SwitchA
    #
    vlan batch 30 40
    #
    ospfv3 1
     router-id 4.4.4.4
    #
    interface Vlanif30
     ipv6 enable
     ipv6 address FC00:1::2/64
     ospfv3 1 area 0.0.0.0
    #
    interface Vlanif40
     ipv6 enable
     ipv6 address FC00:2::2/64
     ospfv3 1 area 0.0.0.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk allow-pass vlan 30
    #
    interface 10GE1/0/2
     port link-type trunk
     port trunk allow-pass vlan 40
    #
    interface LoopBack1
     ipv6 enable
     ipv6 address FC00:3::1/128
     ospfv3 1 area 0.0.0.0
    #
    return
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14448

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next