No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
CloudCampus Solution V100R019C10 Typical Configuration Examples for Multi-Campus Network Interconnection
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overlay Network Plan

Overlay Network Plan

VN and Overlay Topology Plan

In many cases, due to increasingly high security requirements, a network must be divided into multiple departments to realize fine-grained service management and enhance security. Services of users in different departments must be completely isolated. The EVPN Interconnection Solution uses multiple VNs to isolate services of multiple departments under a single tenant. Each VN is an independent IP Layer 3 private network and is logically isolated from each other.

A VN is defined for each department to isolate services for multiple departments of an enterprise. Each VN has an independent overlay topology (hub-spoke, full-mesh, partial-mesh, or hierarchical topology). LAN-side settings, traffic policies, and security policies of sites among which services are isolated are configured based on VNs. Different policies can be configured for different VNs.

If services do not need to be isolated for departments of an enterprise, only one VN is required. In this case, add all sites to the VN and construct an overlay topology. This example uses a single VN to describe how to construct an overlay network between sites.

Table 5-13 Basic information about sites on the VN

Parameter

Value

VN name

VN-test

IPSec encryption

Enabled

Site name

Hub_1, Hub_2, Site_1, Site_2, and Site_3

Inter-site VPN

Enabled

Topology

Predefine Topology

Mode

Simple mode

Topology mode

Hub-Spoke

Hub site

Hub_1 (active) and Hub_2 (standby)

Branch site

Site_1, Site_2, and Site_3

LAN-WAN Interconnection Interface Plan

The egress AR router of a branch site functions as the management gateway of LAN-side devices. The management VLANs and IP addresses of LAN-side devices need to be planned on the egress AR router, and the DHCP server and Option 148 need to be configured for LAN-side device deployment.

Table 5-14 Information about the LAN-side interconnection interfaces of AR routers at branch sites (plan for the management network)

Parameter

Value

VN

VN-test

Site

Site_1

Site_2

Site_3

Interconnection mode

Advanced

Advanced

Advanced

Gateway

AR651_1

AR651_2

AR651_3

AR651_4

Gateway interface

L2

L2

L2

L2

VLAN ID

101

102

103

103

Interface

GE0/0/2

GE0/0/2

GE0/0/2

GE0/0/2

Mode

Untag

Untag

Untag

Untag

IP address

192.168.11.1/24

192.168.2.1/24

192.168.3.2/24

192.168.3.3/24

Trust mode

Trust

Trust

Trust

Trust

Advanced Settings

Secondary IP address

-

DHCP

Enabled

DHCP type

Server

Option

[148] cloud platform address

Value

agilemode=agile-cloud;agilemanage-mode=ip;agilemanage-domain=10.1.1.1;agilemanage-port=10020

DNS server

Enabled

VRRP

-

-

Enabled

Enabled

VRRP ID

-

-

1

1

Virtual IP address

-

-

192.168.3.1

192.168.3.1

Default role

-

-

Master

Backup

Preemption delay (s)

-

-

30

0

Track

Disabled

Disabled

Disabled

Disabled

ARP proxy

Disabled

Disabled

Disabled

Disabled

MTU

1500

1500

1500

1500

MSS

1200

1200

1200

1200

The egress AR router of a branch site functions as the user gateway for LAN-side services. You need to plan VLANs and IP addresses on the egress AR router for interconnected services. Table 5-15 shows the data plan for this example.

Table 5-15 Information about the LAN-side interconnection interfaces of AR routers at branch sites (plan for the service network)

Parameter

Value

VN

VN-test

Site

Site_1

Site_2

Site_3

Interconnection mode

Advanced

Advanced

Advanced

Gateway

AR651_1

AR651_2

AR651_3

AR651_4

Gateway interface

L2

L2

L2

L2

VLAN ID

203

204

205

205

Interface

GE0/0/2

GE0/0/2

GE0/0/2

GE0/0/2

Mode

Tag

Tag

Tag

Tag

IP address

192.168.6.1/24

192.168.7.1/24

192.168.8.2/24

192.168.8.3/24

Trust mode

Trust

Trust

Trust

Trust

Advanced Settings

DHCP

Enabled

Enabled

Enabled

Enabled

DHCP type

Server

Server

Server

Server

DNS server

Enabled

Enabled

Enabled

Enabled

VRRP

-

-

Enabled

Enabled

VRRP ID

-

-

1

1

Virtual IP address

-

-

192.168.8.1

192.168.8.1

Default role

-

-

Master

Backup

Preemption delay (s)

-

-

30

0

ARP proxy

Disabled

Disabled

Disabled

Disabled

MTU

1500

1500

1500

1500

MSS

1200

1200

1200

1200

At a headquarters site, the LAN side is a Layer 3 network, and information about LAN-side interconnection interfaces needs to be configured on the egress AR routers. Table 5-16 describes information about the LAN-side interconnection interfaces of AR routers at a headquarters site.

Table 5-16 Information about the LAN-side interconnection interfaces of AR routers at a headquarters site

Parameter

Value

VN

VN-test

Site

Hub_1

Hub_2

Interconnection mode

Advanced

Advanced

Gateway

AR6280_1

AR6280_2

AR6280_3

AR6280_4

Gateway interface

L3

L3

L3

L3

Interface

GE0/0/2

GE0/0/2

GE0/0/2

GE0/0/2

Sub-interface

Enabled

Enabled

Enabled

Enabled

VLAN ID

301

302

303

304

IP address

192.168.4.1/24

192.168.5.1/24

192.168.9.1/24

192.168.10.1/24

Trust mode

Trust

Trust

Trust

Trust

Advanced Settings

Not configured

Not configured

Not configured

Not configured

LAN-WAN Interworking Route Plan

In scenarios where the LAN side of a headquarters site is a Layer 3 network, you need to configure LAN-WAN interworking routes (overlay LAN routes) to enable egress devices at branch sites to communicate with the LAN-side Layer 3 network. This ensures that LAN-side services can run properly.

Table 5-17 LAN-WAN interworking route information

Parameter

Value

VN

VN-test

Site

Hub_1

Hub_2

Route type

BGP

BGP

Device

AR6280_1

AR6280_2

AR6280_3

AR6280_4

Advanced Settings

External preference

30

Default route redistribution

Enabled

Route redistribution

Direct and Static

Summary route

-

Peer IP Address

192.168.4.2

192.168.5.2

192.168.9.2

192.168.10.2

Peer AS

100

100

300

300

Local AS

200

200

400

400

Keepalive time (s)

-

-

-

-

Hold time (s)

-

-

-

-

MD5 encryption

Disabled

Disabled

Disabled

Disabled

Routes between core devices on the LAN side of the headquarters site and AR routers need to be configured on the core devices. The detailed configuration is not described in this example.

Translation
简体中文
Download
Updated: 2021-04-29

Document ID: EDOC1100141253

Views: 5381

Downloads: 55

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :