Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Device as the DHCP Relay Agent (Connected to the DHCP Server Across a BGP/MPLS IP VPN Tunnel)
Networking Requirements
As shown in Figure 3-16, branch 1 and branch 2 of an enterprise are connected to the headquarters through BGP/MPLS IP VPN tunnels to implement secure interconnection. CE_1 and CE_2 are the egress gateways of branch 1 and branch 2, respectively. For service isolation, branch 1 and branch 2 are deployed in vpna and vpnb, respectively. The enterprise administrator deploys a DHCP server in the headquarters and a multi-VPN-instance customer edge (MCE) as the headquarters egress gateway so that the DHCP server can allocate IP addresses on 10.1.1.0/24 to terminals in branch1 and branch 2.
Configuration Roadmap
Configure OSPF between PE_1 and PE_2 to implement interworking between them and configure MP-IBGP to exchange VPN routing information.
Configure basic MPLS capabilities and MPLS LDP on PE_1 and PE_2 to set up LDP LSPs.
Create VPN instances vpna and vpnb on the MCE, PE_1, and PE_2 to isolate services.
Set up EBGP peer relationships between PE_1 and its connected CEs, and import BGP routes to the VPN routing table of PE1.
Configure the MCE as the DHCP server to allocate IP addresses from the global address pool to terminals in branch 1 and branch 2.
Configure the DHCP relay function on CE_1 and CE_2 to forward DHCP messages between the DHCP server and terminals so that the terminals can apply to the DHCP server for IP addresses.
Configure the terminals to dynamically obtain IP addresses from the DHCP server.
Procedure
- Configure IP addresses for interfaces.
# Configure the egress gateway CE1 of branch 1.
<Huawei> system-view [Huawei] sysname CE_1 [CE_1] interface gigabitEthernet 0/0/1 [CE_1-GigabitEthernet0/0/1] ip address 10.1.1.1 24 [CE_1-GigabitEthernet0/0/1] quit [CE_1] interface gigabitEthernet 0/0/2 [CE_1-GigabitEthernet0/0/2] ip address 10.1.2.1 24 [CE_1-GigabitEthernet0/0/2] quit
# Configure the egress gateway CE2 of branch 2.
<Huawei> system-view [Huawei] sysname CE_2 [CE_2] interface gigabitEthernet 0/0/1 [CE_2-GigabitEthernet0/0/1] ip address 10.1.1.1 24 [CE_2-GigabitEthernet0/0/1] quit [CE_2] interface gigabitEthernet 0/0/2 [CE_2-GigabitEthernet0/0/2] ip address 10.1.2.1 24 [CE_2-GigabitEthernet0/0/2] quit
# Configure PE_1.
<Huawei> system-view [Huawei] sysname PE_1 [PE_1] interface loopback 0 [PE_1-LoopBack0] ip address 10.10.10.9 32 [PE_1-LoopBack0] quit [PE_1] interface gigabitethernet 3/0/0 [PE_1-GigabitEthernet3/0/0] ip address 10.1.3.1 24 [PE_1-GigabitEthernet3/0/0] quit
# Configure PE_2.
<Huawei> system-view [Huawei] sysname PE_2 [PE_2] interface loopback 0 [PE_2-LoopBack0] ip address 10.20.20.9 32 [PE_2-LoopBack0] quit [PE_2] interface gigabitethernet 2/0/0 [PE_2-GigabitEthernet2/0/0] ip address 10.1.3.2 24 [PE_2-GigabitEthernet2/0/0] quit
- Configure OSPF routes between PE_1 and PE_2.
# Configure PE_1.
[PE_1] ospf 1 [PE_1-ospf-1] area 0 [PE_1-ospf-1-area-0.0.0.0] network 10.10.10.9 0.0.0.0 [PE_1-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255 [PE_1-ospf-1-area-0.0.0.0] quit [PE_1-ospf-1] quit
# Configure PE_2.
[PE_2] ospf 1 [PE_2-ospf-1] area 0 [PE_2-ospf-1-area-0.0.0.0] network 10.20.20.9 0.0.0.0 [PE_2-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255 [PE_2-ospf-1-area-0.0.0.0] quit [PE_2-ospf-1] quit
# After the configuration is complete, PE_1 and PE_2 set up the OSPF neighbor relationship. Run the display ip routing-table command on PE_1 and PE_2 to view the routes to each other.
- Configure basic MPLS capabilities and MPLS LDP on PE_1 and PE_2 to set up LDP LSPs.
# Configure PE_1.
[PE_1] mpls lsr-id 10.10.10.9 [PE_1] mpls [PE_1-mpls] quit [PE_1] mpls ldp [PE_1-mpls-ldp] quit [PE_1] interface gigabitethernet 3/0/0 [PE_1-GigabitEthernet3/0/0] mpls [PE_1-GigabitEthernet3/0/0] mpls ldp [PE_1-GigabitEthernet3/0/0] quit
# Configure PE_2.
[PE_2] mpls lsr-id 10.20.20.9 [PE_2] mpls [PE_2-mpls] quit [PE_2] mpls ldp [PE_2-mpls-ldp] quit [PE_2] interface gigabitethernet 2/0/0 [PE_2-GigabitEthernet2/0/0] mpls [PE_2-GigabitEthernet2/0/0] mpls ldp [PE_2-GigabitEthernet2/0/0] quit
# After the configuration is complete, PE_1 and PE_2 set up LDP sessions. Run the display mpls ldp session command on PE_1 and PE_2. The command output shows that the Status field is Operational. Run the display mpls ldp lsp command. Information about the established LDP LSPs is displayed.
- Configure VPN instances on the MCE, PE_1, and PE_2.
# Configure PE_1.
[PE_1] ip vpn-instance vpna [PE_1-vpn-instance-vpna] ipv4-family [PE_1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1 [PE_1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both [PE_1-vpn-instance-vpna-af-ipv4] quit [PE_1-vpn-instance-vpna] quit [PE_1] ip vpn-instance vpnb [PE_1-vpn-instance-vpnb] ipv4-family [PE_1-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2 [PE_1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both [PE_1-vpn-instance-vpnb-af-ipv4] quit [PE_1-vpn-instance-vpnb] quit [PE_1] interface gigabitethernet 2/0/0 [PE_1-GigabitEthernet2/0/0] ip binding vpn-instance vpna [PE_1-GigabitEthernet2/0/0] ip address 10.1.2.2 24 [PE_1-GigabitEthernet2/0/0] quit [PE_1] interface gigabitethernet 1/0/0 [PE_1-GigabitEthernet1/0/0] ip binding vpn-instance vpnb [PE_1-GigabitEthernet1/0/0] ip address 10.1.2.2 24 [PE_1-GigabitEthernet1/0/0] quit
# Configure PE_2.
[PE_2] ip vpn-instance vpna [PE_2-vpn-instance-vpna] ipv4-family [PE_2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1 [PE_2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both [PE_2-vpn-instance-vpna-af-ipv4] quit [PE_2-vpn-instance-vpna] quit [PE_2] ip vpn-instance vpnb [PE_2-vpn-instance-vpnb] ipv4-family [PE_2-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2 [PE_2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both [PE_2-vpn-instance-vpnb-af-ipv4] quit [PE_2-vpn-instance-vpnb] quit [PE_2] interface gigabitethernet 1/0/0.1 [PE_2-GigabitEthernet1/0/0.1] dot1q termination vid 10 [PE_2-GigabitEthernet1/0/0.1] ip binding vpn-instance vpna [PE_2-GigabitEthernet1/0/0.1] ip address 10.1.4.2 24 [PE_2-GigabitEthernet1/0/0.1] arp broadcast enable [PE_2-GigabitEthernet1/0/0.1] quit [PE_2] interface gigabitethernet 1/0/0.2 [PE_2-GigabitEthernet1/0/0.2] dot1q termination vid 20 [PE_2-GigabitEthernet1/0/0.2] ip binding vpn-instance vpnb [PE_2-GigabitEthernet1/0/0.2] ip address 10.1.5.2 24 [PE_2-GigabitEthernet1/0/0.2] arp broadcast enable [PE_2-GigabitEthernet1/0/0.2] quit
# Configure the MCE.
<Huawei> system-view [Huawei] sysname MCE [MCE] ip vpn-instance vpna [MCE-vpn-instance-vpna] ipv4-family [MCE-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1 [MCE-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both [MCE-vpn-instance-vpna-af-ipv4] quit [MCE-vpn-instance-vpna] quit [MCE] ip vpn-instance vpnb [MCE-vpn-instance-vpnb] ipv4-family [MCE-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2 [MCE-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both [MCE-vpn-instance-vpnb-af-ipv4] quit [MCE-vpn-instance-vpnb] quit [MCE] interface gigabitethernet 0/0/1.1 [MCE-GigabitEthernet0/0/1.1] ip binding vpn-instance vpna [MCE-GigabitEthernet0/0/1.1] dot1q termination vid 10 [MCE-GigabitEthernet0/0/1.1] ip address 10.1.4.1 24 [MCE-GigabitEthernet0/0/1.1] arp broadcast enable [MCE-GigabitEthernet0/0/1.1] quit [MCE] interface gigabitethernet 0/0/1.2 [MCE-GigabitEthernet0/0/1.2] ip binding vpn-instance vpnb [MCE-GigabitEthernet0/0/1.2] dot1q termination vid 20 [MCE-GigabitEthernet0/0/1.2] ip address 10.1.5.1 24 [MCE-GigabitEthernet0/0/1.2] arp broadcast enable [MCE-GigabitEthernet0/0/1.2] quit
- Set up the MP-IBGP peer relationship between PE_1 and PE_2.
# Configure PE_1.
[PE_1] bgp 100 [PE_1-bgp] peer 10.20.20.9 as-number 100 [PE_1-bgp] peer 10.20.20.9 connect-interface loopback 0 [PE_1-bgp] ipv4-family vpnv4 [PE_1-bgp-af-vpnv4] peer 10.20.20.9 enable [PE_1-bgp-af-vpnv4] quit [PE_1-bgp] ipv4-family vpn-instance vpna [PE_1-bgp-vpna] import-route direct [PE_1-bgp-vpna] quit [PE_1-bgp] ipv4-family vpn-instance vpnb [PE_1-bgp-vpnb] import-route direct [PE_1-bgp-vpnb] quit [PE_1-bgp] quit
# Configure PE_2.
[PE_2] bgp 100 [PE_2-bgp] peer 10.10.10.9 as-number 100 [PE_2-bgp] peer 10.10.10.9 connect-interface loopback 0 [PE_2-bgp] ipv4-family vpnv4 [PE_2-bgp-af-vpnv4] peer 10.10.10.9 enable [PE_2-bgp-af-vpnv4] quit [PE_2-bgp] ipv4-family vpn-instance vpna [PE_2-bgp-vpna] import-route direct [PE_2-bgp-vpna] quit [PE_2-bgp] ipv4-family vpn-instance vpnb [PE_2-bgp-vpnb] import-route direct [PE_2-bgp-vpnb] quit [PE_2-bgp] quit
# After the configuration is complete, run the display bgp peer command on PE_1 and PE_2. The command output shows that the MP-IBGP peer relationship has been set up between PEs and the relationship is in Established state.
- Configure EBGP peer relationships between CE_1 and PE_1 and between CE_2 and PE_1.
# Configure the egress gateway CE1 of branch 1.
[CE_1] bgp 65410 [CE_1-bgp] peer 10.1.2.2 as-number 100 [CE_1-bgp] ipv4-family unicast [CE_1-bgp-af-ipv4] undo synchronization [CE_1-bgp-af-ipv4] import-route direct [CE_1-bgp-af-ipv4] quit [CE_1-bgp] quit
# Configure the egress gateway CE2 of branch 2.
[CE_2] bgp 65411 [CE_2-bgp] peer 10.1.2.2 as-number 100 [CE_2-bgp] ipv4-family unicast [CE_2-bgp-af-ipv4] undo synchronization [CE_2-bgp-af-ipv4] import-route direct [CE_2-bgp-af-ipv4] quit [CE_2-bgp] quit
# Configure PE_1.
[PE_1] bgp 100 [PE_1-bgp] ipv4-family vpn-instance vpna [PE_1-bgp-vpna] peer 10.1.2.1 as-number 65410 [PE_1-bgp-vpna] import-route direct [PE_1-bgp-vpna] quit [PE_1-bgp] ipv4-family vpn-instance vpnb [PE_1-bgp-vpnb] peer 10.1.2.1 as-number 65411 [PE_1-bgp-vpnb] import-route direct [PE_1-bgp-vpnb] quit [PE_1-bgp] quit
- Configure OSPF multi-instance between the MCE and PE_2.
# Configure PE_2.
To configure OSPF multi-instance between the MCE and PE2, perform the following tasks on PE_2:
- In the OSPF view, import BGP routes and advertise VPN routes of PE_1 to the MCE.
- In the BGP view, import routes of the OSPF processes and advertise the VPN routes of the MCE to PE_1.
[PE_2] ospf 100 vpn-instance vpna [PE_2-ospf-100] import-route bgp [PE_2-ospf-100] area 0 [PE_2-ospf-100-area-0.0.0.0] network 10.1.4.0 0.0.0.255 [PE_2-ospf-100-area-0.0.0.0] quit [PE_2-ospf-100] quit [PE_2] ospf 200 vpn-instance vpnb [PE_2-ospf-200] import-route bgp [PE_2-ospf-200] area 0 [PE_2-ospf-200-area-0.0.0.0] network 10.1.5.0 0.0.0.255 [PE_2-ospf-200-area-0.0.0.0] quit [PE_2-ospf-200] quit [PE_2] bgp 100 [PE_2-bgp] ipv4-family vpn-instance vpna [PE_2-bgp-vpna] import-route ospf 100 [PE_2-bgp-vpna] quit [PE_2-bgp] ipv4-family vpn-instance vpnb [PE_2-bgp-vpnb] import-route ospf 200 [PE_2-bgp-vpnb] quit [PE_2-bgp] quit
# Configure the MCE.
Import VPN routes to the OSPF processes.
[MCE] ospf 100 vpn-instance vpna [MCE-ospf-100] vpn-instance-capability simple [MCE-ospf-100] area 0 [MCE-ospf-100-area-0.0.0.0] network 10.1.4.0 0.0.0.255 [MCE-ospf-100-area-0.0.0.0] quit [MCE-ospf-100] quit [MCE] ospf 200 vpn-instance vpnb [MCE-ospf-200] vpn-instance-capability simple [MCE-ospf-200] area 0 [MCE-ospf-200-area-0.0.0.0] network 10.1.5.0 0.0.0.255 [MCE-ospf-200-area-0.0.0.0] quit [MCE-ospf-200] quit
# After the configuration is complete, run the display ip routing-table vpn-instance command on the MCE to view the routes to the remote CEs.
# Run the display ip routing-table vpn-instance command on PE_1 to view the routes to the remote CEs.
- Configure the MCE as the DHCP server.
# Enable DHCP.
[MCE] dhcp enable
# Create global address pools pool1 and pool2 to allocate IP addresses to terminals in branch 1 and branch 2.
[MCE] ip pool pool1 [MCE-ip-pool-pool1] network 10.1.1.0 mask 255.255.255.0 [MCE-ip-pool-pool1] vpn-instance vpna [MCE-ip-pool-pool1] gateway-list 10.1.1.1 [MCE-ip-pool-pool1] quit [MCE] ip pool pool2 [MCE-ip-pool-pool2] network 10.1.1.0 mask 255.255.255.0 [MCE-ip-pool-pool2] vpn-instance vpnb [MCE-ip-pool-pool2] gateway-list 10.1.1.1 [MCE-ip-pool-pool2] quit
# Configure clients to obtain IP addresses from the global address pools.[MCE] interface gigabitethernet 0/0/1.1 [MCE-GigabitEthernet0/0/1.1] dhcp select global [MCE-GigabitEthernet0/0/1.1] quit [MCE] interface gigabitethernet 0/0/1.2 [MCE-GigabitEthernet0/0/1.2] dhcp select global [MCE-GigabitEthernet0/0/1.2] quit
- Configure CE_1 and CE_2 as the DHCP relay agents.
# Configure the egress gateway CE1 of branch 1.
[CE_1] dhcp enable [CE_1] interface gigabitEthernet 0/0/1 [CE_1-GigabitEthernet0/0/1] dhcp select relay [CE_1-GigabitEthernet0/0/1] dhcp relay server-ip 10.1.4.1 [CE_1-GigabitEthernet0/0/1] quit
# Configure the egress gateway CE2 of branch 2.
[CE_2] dhcp enable [CE_2] interface gigabitEthernet 0/0/1 [CE_2-GigabitEthernet0/0/1] dhcp select relay [CE_2-GigabitEthernet0/0/1] dhcp relay server-ip 10.1.5.1 [CE_2-GigabitEthernet0/0/1] quit
- Verify the configuration.
# Run the display ip pool name command on the MCE to view IP address allocation in the address pools. The command output for pool1 is used as an example. The Used field displays the number of used IP addresses in an address pool.
[MCE] display ip pool name pool1 Pool-name : pool1 Pool-No : 0 Lease : 1 Days 0 Hours 0 Minutes Domain-name : - DNS-server0 : - NBNS-server0 : - Netbios-type : - Position : Local Status : Unlocked Gateway-0 : 10.1.1.1 Network : 10.1.1.0 Mask : 255.255.255.0 VPN instance : vpna Logging : Disable Conflicted address recycle interval: - Address Statistic: Total :253 used :1 Idle :252 Expired :0 Conflict :0 Disable :0 ------------------------------------------------------------------------------- Network section Start End Total Used Idle(Expired) Conflict Disabled ------------------------------------------------------------------------------- 10.1.1.1 10.1.1.254 253 0 252(0) 0 0 -------------------------------------------------------------------------------
Configuration Files
PE_1 configuration file
# sysname PE_1 # ip vpn-instance vpna ipv4-family route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpnb ipv4-family route-distinguisher 100:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # mpls lsr-id 10.10.10.9 mpls # mpls ldp # interface GigabitEthernet3/0/0 ip address 10.1.3.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/0 ip binding vpn-instance vpnb ip address 10.1.2.2 255.255.255.0 # interface GigabitEthernet2/0/0 ip binding vpn-instance vpna ip address 10.1.2.2 255.255.255.0 # interface LoopBack0 ip address 10.10.10.9 255.255.255.255 # bgp 100 peer 10.20.20.9 as-number 100 peer 10.20.20.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 10.20.20.9 enable # ipv4-family vpnv4 policy vpn-target peer 10.20.20.9 enable # ipv4-family vpn-instance vpna import-route direct peer 10.1.2.1 as-number 65410 # ipv4-family vpn-instance vpnb import-route direct peer 10.1.2.1 as-number 65411 # ospf 1 area 0.0.0.0 network 10.1.3.0 0.0.0.255 network 10.10.10.9 0.0.0.0 # return
PE_2 configuration file
# sysname PE_2 # ip vpn-instance vpna ipv4-family route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpnb ipv4-family route-distinguisher 200:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # mpls lsr-id 10.20.20.9 mpls # mpls ldp # interface GigabitEthernet2/0/0 ip address 10.1.3.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/0.1 dot1q termination vid 10 ip binding vpn-instance vpna ip address 10.1.4.2 255.255.255.0 # interface GigabitEthernet1/0/0.2 dot1q termination vid 20 ip binding vpn-instance vpnb ip address 10.1.5.2 255.255.255.0 # interface LoopBack0 ip address 10.20.20.9 255.255.255.255 # bgp 100 peer 10.10.10.9 as-number 100 peer 10.10.10.9 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 10.10.10.9 enable # ipv4-family vpnv4 policy vpn-target peer 10.10.10.9 enable # ipv4-family vpn-instance vpna import-route direct import-route ospf 100 # ipv4-family vpn-instance vpnb import-route direct import-route ospf 200 # ospf 1 area 0.0.0.0 network 10.1.3.0 0.0.0.255 network 10.20.20.9 0.0.0.0 # ospf 100 vpn-instance vpna import-route bgp area 0.0.0.0 network 10.1.4.0 0.0.0.255 # ospf 200 vpn-instance vpnb import-route bgp area 0.0.0.0 network 10.1.5.0 0.0.0.255 # return
CE_1 configuration file
# sysname CE_1 # dhcp enable # interface GigabitEthernet0/0/1 ip address 10.1.1.1 255.255.255.0 dhcp select relay dhcp relay server-ip 10.1.4.1 # interface GigabitEthernet0/0/2 ip address 10.1.2.1 255.255.255.0 # bgp 65410 peer 10.1.2.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.2.2 enable # return
CE_2 configuration file
# sysname CE_2 # dhcp enable # interface GigabitEthernet0/0/1 ip address 10.1.1.1 255.255.255.0 dhcp select relay dhcp relay server-ip 10.1.5.1 # interface GigabitEthernet0/0/2 ip address 10.1.2.1 255.255.255.0 # bgp 65411 peer 10.1.2.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.2.2 enable # return
MCE configuration file
# sysname MCE # dhcp enable # ip vpn-instance vpna ipv4-family route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpnb ipv4-family route-distinguisher 200:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # ip pool pool1 vpn-instance vpna gateway-list 10.1.1.1 network 10.1.1.0 mask 255.255.255.0 # ip pool pool2 vpn-instance vpnb gateway-list 10.1.1.1 network 10.1.1.0 mask 255.255.255.0 # interface GigabitEthernet0/0/1.1 dot1q termination vid 10 ip binding vpn-instance vpna ip address 10.1.4.1 255.255.255.0 dhcp select global # interface GigabitEthernet0/0/1.2 dot1q termination vid 20 ip binding vpn-instance vpnb ip address 10.1.5.1 255.255.255.0 dhcp select global # ospf 100 vpn-instance vpna vpn-instance-capability simple area 0.0.0.0 network 10.1.4.0 0.0.0.255 # ospf 200 vpn-instance vpnb vpn-instance-capability simple area 0.0.0.0 network 10.1.5.0 0.0.0.255 # return