Page 1 Quidway S9300 Terabit Routing Switch V100R001C03 Configuration Guide - VPN Issue Date 2009-07-28 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 2 Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any assistance, please contact our local office or company headquarters. Huawei Technologies Co., Ltd. Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: http://www.huawei.com...
Page 3: Table Of Contents
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN Contents Contents About This Document........................1 1 VPN Tunnel Management......................1-1 1.1 Introduction to VPN Tunnels..........................1-2 1.2 VPN Tunnel Features Supported by the S9300....................1-3 1.3 Configuring the Tunnel Interface........................1-5 1.3.1 Establishing the Configuration Task......................1-5 1.3.2 Creating a Tunnel Interface........................1-6...
Page 4 Quidway S9300 Terabit Routing Switch Contents Configuration Guide - VPN 1.8.2 Debugging the VPN Tunnel.........................1-25 1.9 Configuration Examples..........................1-25 1.9.1 Example for Configuring Tunnel Policies for the L3VPN..............1-25 1.9.2 Example for Binding a Tunnel to the Martini L2VPN.................1-39 2 GRE Configuration........................2-1 2.1 Introduction to the GRE Protocol........................2-2...
Page 5 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN Contents 3.4.1 Establishing the Configuration Task....................3-10 3.4.2 Configuring a VPN Instance........................3-11 3.4.3 Binding an Interface to the VPN Instance....................3-11 3.4.4 Configuring Routing Exchange Between PEs..................3-12 3.4.5 Configuring Routing Exchange Between PE and CE................3-13 3.4.6 Checking the Configuration.........................3-21...
Page 6 Quidway S9300 Terabit Routing Switch Contents Configuration Guide - VPN 3.11.1 Establishing the Configuration Task....................3-43 3.11.2 Configuring a Routing Policy......................3-44 3.11.3 Enabling VPN FRR..........................3-44 3.11.4 Checking the Configuration.......................3-45 3.12 Configuring Route Reflection to Optimize the VPN Backbone Layer............3-45 3.12.1 Establishing the Configuration Task....................3-46 3.12.2 Configuring the Client PE to Establish MP-IBGP Connection with the RR........3-47...
Page 7 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN Contents 4.4 Configuring an SVC VLL..........................4-10 4.4.1 Establishing the Configuration Task....................4-11 4.4.2 Enabling MPLS L2VPN........................4-11 4.4.3 Creating an SVC VLL Connection......................4-12 4.4.4 Checking the Configuration.........................4-12 4.5 Configuring a Martini VLL...........................4-13 4.5.1 Establishing the Configuration Task....................4-13 4.5.2 Enabling MPLS L2VPN........................4-14...
Page 8 Quidway S9300 Terabit Routing Switch Contents Configuration Guide - VPN 4.11.7 Example for Configuring the Inter-AS Martini VLL Option A............4-68 4.11.8 Example for Configuring the Inter-AS Kompella VLL Option A.............4-76 5 PWE3 Configuration........................5-1 5.1 Introduction to PWE3............................5-3 5.2 PWE3 Features Supported by the S9300......................5-4 5.3 Configuring the Attributes of a PW Template....................5-11...
Page 9 6.3.2 Enabling BGP Peers to Exchange VPLS Information................6-8 6.3.3 Creating a VSI and Configuring the BGP Signaling................6-9 6.3.4 (Optional) Configuring Huawei Devices to Communicate with Non-Huawei Devices......6-11 6.3.5 Binding a VSI to an Interface of a CE....................6-12 6.3.6 (Optional) Configuring the Features of Kompella VPLS..............6-12 6.3.7 Checking the Configuration.........................6-13...
Page 10 Quidway S9300 Terabit Routing Switch Contents Configuration Guide - VPN 6.9.3 Configuring MAC Address Learning....................6-32 6.9.4 Configuring the Delay for Processing VPLS Events................6-33 6.10 Maintaining VPLS............................6-34 6.10.1 Collecting the Statistics of the Traffic on a VPLS PW..............6-34 6.10.2 Checking the Traffic on a VPLS PW....................6-35 6.10.3 Resetting Traffic Statistics.........................6-35...
Page 11 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN Figures Figures Figure 1-1 Networking diagram of the VPN tunnel binding................1-4 Figure 1-2 Networking diagram for configuring the tunnel policy for the L3VPN...........1-26 Figure 1-3 Networking diagram for configuring the L2VPN tunnel binding............1-39 Figure 2-1 Multiprotocol local network communication over single-protocol backbone network......2-2...
Page 12 Quidway S9300 Terabit Routing Switch Figures Configuration Guide - VPN Figure 4-11 Networking diagram for configuring the inter-AS Kompella VLL Option A........4-76 Figure 5-1 PWE3 framework..........................5-3 Figure 5-2 Process of setting up and maintaining single-hop PWE3..............5-5 Figure 5-3 Process of tearing down single-hop PWE3..................5-5 Figure 5-4 Networking of SH-PWE3........................5-6...
Page 13: About This Document
S9300 is controlled by the license. By default, the MPLS function is disabled on the S9300. To use the MPLS function of the S9300,buy the license from the Huawei local office. The G24SA and G24CA boards do not support the MPLS function.
Page 14: Symbol Conventions
Quidway S9300 Terabit Routing Switch About This Document Configuration Guide - VPN Chapter Description 1 VPN Tunnel Describes the configurations of tunnel interfaces and tunnel Management policies. 2 GRE Configuration Describes the principles, applications, and configurations of the GRE protocol.
Page 15: Command Conventions
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN About This Document Convention Description Times New Roman Normal paragraphs are in Times New Roman. Boldface Names of files, directories, folders, and users are in boldface. For example, log in as user root.
Page 16 Quidway S9300 Terabit Routing Switch About This Document Configuration Guide - VPN Keyboard Operations The keyboard operations that may be found in this document are defined as follows. Format Description Press the key. For example, press Enter and press Tab.
Page 17: Vpn Tunnel Management
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 1 VPN Tunnel Management VPN Tunnel Management About This Chapter This chapter describes the configuration procedures of tunnel interfaces and tunnel policies. 1.1 Introduction to VPN Tunnels This section provides an overview of tunnel management, and describes the different types of tunnel policies and their implementation procedure.
Page 18: Introduction To Vpn Tunnels
Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN 1.1 Introduction to VPN Tunnels This section provides an overview of tunnel management, and describes the different types of tunnel policies and their implementation procedure. Dedicated transmission channels, namely, tunnels, can be set up on the backbone networks of virtual private networks (VPNs).
Page 19: Vpn Tunnel Features Supported By The S9300
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 1 VPN Tunnel Management If no tunnel policy is configured, the default tunnel policy is used. By default, an LSP is used and load balancing is not performed among tunnels. That is, only one LSP can be selected.
Page 20: Figure 1-1 Networking Diagram Of The Vpn Tunnel Binding
Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN Tunnel Binding Mode With tunnel binding, a specified TE tunnel can be used for certain VPN services. Tunnel binding can be applied in the following scenarios: VPN primary tunnel binding: The primary tunnel can transmit the service data of only a specified VPN.
Page 21: Configuring The Tunnel Interface
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 1 VPN Tunnel Management 1.3 Configuring the Tunnel Interface This section describes how to configure the tunnel interfaces. These tunnel interfaces are applied to the GRE tunnels and MPLS TE tunnels.
Page 22: Creating A Tunnel Interface
Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN 1.3.2 Creating a Tunnel Interface Context Do as follows on the S9300s at both ends of a tunnel. Procedure Step 1 Run: system-view The system view is displayed.
Page 23: Checking The Configuration
<Quidway> display interface Tunnel 4/0/0 Tunnel4/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel4/0/0 Interface The Maximum Transmit Unit is 1500 bytes Internet Address is 40.1.1.1/24 Encapsulation is TUNNEL, loopback not set Tunnel source 20.1.1.1 (GigabitEthernet4/0/0), destination 30.1.1.2...
Page 24: Configuring The Tunnel Policy Applied To L3Vpn (Select-Sequence)
Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN 300 seconds input rate 31776024 bytes/sec, 31776152 packets/sec 300 seconds output rate 31776024 bytes/sec, 31776152 packets/sec 185 packets input, 19714 bytes 0 input error 184 packets output,...
Page 25: Configuring The Tunnel Policy
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 1 VPN Tunnel Management Pre-configuration Tasks Before configuring a tunnel policy, complete the following tasks: Connecting interfaces and setting the physical parameters of each interface to make the physical layer in Up state Setting the parameters of the link layer protocol and the IP address of the interface to enable the link layer protocol.
Page 26: Applying The Tunnel Policy On L3Vpn
Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN If no tunnel policy is configured for an L3VPN, an LSP is used as the tunnel of the VPN and only one tunnel is used. The number of tunnels carrying out load balancing is subject to licenses.
Page 27: Configuring The Tunnel Policy Applied To L2Vpn (Select-Sequence)
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 1 VPN Tunnel Management --------------------------------------------------------------------- policy1 Run the display ip vpn-instance verbose command, and you can view the tunnel policy applied to VPN instances. For example, in the following information, you can see that VPN instance vpna uses tunnel policy policy1.
Page 28: Establishing The Configuration Task
Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN 1.5.4 Checking the Configuration 1.5.1 Establishing the Configuration Task Applicable Environment By default, the S9300 selects LSPs for a VPN and load balancing is not performed. If load balancing or other types of tunnels are required, you need to configure a tunnel policy and bind the tunnel policy to a tunnel.
Page 29: Applying The Tunnel Policy On Vll
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 1 VPN Tunnel Management The system view is displayed. Step 2 Run: tunnel-policy policy-name A tunnel policy is created and the tunnel policy view is displayed. A tunnel policy corresponds to only one tunnel selection mode. If multiple tunnel selection modes are required, you need to create multiple tunnel policies.
Page 30 Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN Run: mpls static-l2vc destination dest-router-id transmit-vpn-label transmit- label-value receive-vpn-label receive-label-value tunnel-policy policy- name A tunnel policy is applied to an SVC L2VPN VC. VLL in Martini mode Do as follows on the PEs configured with VCs.
Page 31: Checking The Configuration
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 1 VPN Tunnel Management The AC interface view is displayed. Apply the tunnel policy to the PW. To apply the tunnel policy to the dynamic PW, run the mpls l2vc { pw-template –...
Page 32: Binding The Primary Tunnel For L3Vpn
Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN Remote VCCV : Disable Local Frag : Disable Remote Frag : Disable Local Ctrl Word : Disable Remote Ctrl Word : Disable Tunnel Policy : policy1 Traffic Behavior : --...
Page 33: Enabling The Vpn Binding Feature For The Tunnel
Configuring the static routes or an IGP protocol to ensure that the nodes are routable Configuring basic MPLS functions and enabling MPLS TE Configuring the MPLS TE tunnel between PEs (For details, refer to the Quidway S9300 Terabit Routing Switch Configuration Guide - MPLS)
Page 34: Binding The Tunnel Policy To A Vpn
Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN The configuration takes effect. ----End 1.6.3 Binding the Tunnel Policy to a VPN Context Do as follows on the PEs on the two ends of the tunnel.
Page 35: Checking The Configuration
<Quidway> display interface tunnel 1/0/0 Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 2.2.2.9...
Page 36: Binding The Primary Tunnel For L2Vpn
Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN 5 minutes output rate 2952 bits/sec, 2 packets/sec 22894187 packets output, 2958834536 bytes 0 packets output dropped Run the display ip vpn-instance verbose command, and you can view the tunnel policy applied to VPN instances.
Page 37: Enabling The Vpn Binding Feature For The Tunnel
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 1 VPN Tunnel Management Use an MPLS TE tunnel to transmit user data, which optimizes the use of network resources and avoids network congestion caused by unbalanced load. Ensure that L2VPN services are independent of other services and are not affected by other services.
Page 38: Binding The Tunnel Policy To A Vpn
Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN The MPLS TE tunnel interface view is displayed. Step 3 Run: mpls te reserved-for-binding The VPN binding feature is enabled on the tunnel. A tunnel can be used by VPNs only after the VPN binding feature is enabled. The tunnel policy configured with the tunnel select-seq command cannot be applied to the tunnel enabled with the VPN binding.
Page 39: Applying A Tunnel Policy To A Martini Mpls L2Vpn
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 1 VPN Tunnel Management 1.7.4 Applying a Tunnel Policy to a Martini MPLS L2VPN Context When a PE transmits packets to the same destination over different L2VPNs, different tunnel policies are applied and the L2VPNs are bound to different TE tunnels.
Page 40: Maintaining The Vpn Tunnel
<Quidway> display interface Tunnel 1/0/0 Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 2.2.2.9...
Page 41: Debugging The Vpn Tunnel
Information Center Configuration in the Quidway S9300 Terabit Routing Switch Configuration Guide - Device Management. For the description of the debugging commands, refer to the Quidway S9300 Terabit Routing Switch Debugging Reference. Procedure Run the debugging tunnel all [ interface interface-number ] command in the user view to enable the debugging of tunnels.
Page 42: Figure 1-2 Networking Diagram For Configuring The Tunnel Policy For The L3Vpn
Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN and PE2. The bandwidth of one tunnel is 5 Mbit/s and the bandwidth of the other tunnel is 10 Mbit/s. The CEs in VPNA require 10-Mibt/s constant bandwidth for communication; therefore, the tunnel with 10-Mbit/s bandwidth is used by VPNA exclusively to ensure the bandwidth.
Page 43 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 1 VPN Tunnel Management Enable the routing protocol to ensure communication between the PEs. Configure the basic MPLS capability on the S9300s on the backbone network and set up an LSP and two MPLS TE tunnels between the PEs.
Page 44 Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit # By running the display ip routing-table command on the PEs, you can see that the PEs can learn the routes of each other's Loopback1 interface.
Page 45 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 1 VPN Tunnel Management ------------------------------------------------------------------ 1.1.1.1/32 3/NULL 127.0.0.1 Vlanif10/InLoop0 2.2.2.2/32 NULL/3 172.1.1.2 -------/Vlanif10 ------------------------------------------------------------------ TOTAL: 2 Normal LSP(s) Found. TOTAL: 0 Liberal LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale Step 3 Set up an MPLS TE tunnel between the PEs.
Page 46 [PE1] display interface tunnel 1/0/2 Tunnel1/0/2 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/2 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(1.1.1.1/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 2.2.2.2...
Page 47 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 1 VPN Tunnel Management 0x1003c cr lsp 2.2.2.2 0x1003d cr lsp 2.2.2.2 0x1001b 2.2.2.2 0x1001c Step 4 Configure VPN instances on each PE and connect the CEs to the PEs. # Configure PE1.
Page 48 Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN [PE1] ip vpn-instance VPNA [PE1-vpn-instance-VPNA] tnl-policy policy1 [PE1-vpn-instance-VPNA] quit # Configure PE2. [PE2] tunnel-policy policy1 [PE2-tunnel-policy-policy1] tunnel binding destination 1.1.1.1 te tunnel1/0/2 [PE2-tunnel-policy-policy1] quit [PE2] ip vpn-instance VPNA...
Page 49 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 1 VPN Tunnel Management [PE1-bgp-af-VPNB] quit [PE1-bgp] quit Configure CE1 [CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit Configure CE2 [CE2] bgp 65410 [CE2-bgp] peer 10.2.1.2 as-number 100...
Page 50 Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN # Run the display ip routing-table vpn-instance verbose command on the PEs, and you can see the tunnels used by the VPN routes. # Take the display on PE1 as an example: [PE1] display ip routing-table vpn-instance VPNA 10.3.1.0 verbose...
Page 51 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 1 VPN Tunnel Management mpls te mpls te max-link-bandwidth 20000 mpls te max-reservable-bandwidth 15000 mpls rsvp-te mpls ldp interface Vlanif30 ip binding vpn-instance VPNA ip address 10.1.1.2 255.255.255.252 interface Vlanif20 ip binding vpn-instance VPNB ip address 10.2.1.2 255.255.255.252...
Page 52 Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN mpls-te enable tunnel-policy policy1 tunnel binding destination 2.2.2.2 te Tunnel1/0/2 tunnel-policy policy2 tunnel select-seq cr-lsp lsp load-balance-number 1 return Configuration file of PE2 sysname PE2 vlan batch 10 30 50...
Page 53 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 1 VPN Tunnel Management ip address unnumbered interface loopback1 tunnel-protocol mpls te destination 1.1.1.1 mpls te tunnel-id 11 mpls te bandwidth bc0 5000 mpls te commit interface Tunnel1/0/2 ip address unnumbered interface loopback1 tunnel-protocol mpls te destination 1.1.1.1...
Page 54 Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN return Configuration file of CE2 sysname CE2 vlan batch 20 interface vlanif 20 ip address 10.2.1.1 255.255.255.252 interface GigabitEthernet1/0/2 port hybrid pvid vlan 20 port hybrid untagged vlan 20 bgp 65410 peer 10.2.1.2 as-number 100...
Page 55: Example For Binding A Tunnel To The Martini L2Vpn
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 1 VPN Tunnel Management return 1.9.2 Example for Binding a Tunnel to the Martini L2VPN Networking Requirements As shown in Figure 1-3, Site 1, Site 2, and Site 3 belong to VPNA. The networking requirements...
Page 56 Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN GigabitEthernet1/0/1 VLANIF 3 GigabitEthernet1/0/3 VLANIF 6 100.3.1.2/24 Loopback1 3.3.3.9/32 GigabitEthernet1/0/1 VLANIF 7 100.1.1.1/24 GigabitEthernet1/0/2 VLANIF 5 100.2.1.1/24 GigabitEthernet1/0/3 VLANIF 6 100.3.1.1/24 GigabitEthernet1/0/2 VLANIF 1 10.1.1.1/24 GigabitEthernet1/0/3 VLANIF 4 20.1.1.1/24...
Page 57 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 1 VPN Tunnel Management [PE1-GigabitEthernet1/0/1] quit [PE1] interface vlanif 7 [PE1-Vlanif7] ip address 100.1.1.2 24 [PE1-Vlanif7] quit [PE1]isis 1 [PE1-isis-1] network-entity 10.0000.0000.0000.0001.00 [PE1-isis-1] is-level level-2 [PE1-isis-1] quit [PE1] interface vlanif 7...
Page 58 Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 127.0.0.1 InLoopBack0 2.2.2.9/32 ISIS 100.1.1.2 Vlanif7 3.3.3.9/32 ISIS 100.1.1.2...
Page 59 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 1 VPN Tunnel Management [P-Vlanif6] mpls te [P-Vlanif6] mpls rsvp-te [P-Vlanif6] quit # Run the display mpls ldp session command on the PEs, and you can see that LDP peers are set up between PE1 and PE2 and between PE1 and PE3.
Page 60 Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN # You can manually specify a path for MPLS TE, that is, configure an explicit path for MPLS TE. Take the configuration of explicit path on PE1 for example.
Page 61 [PE1-Tunnel1/0/0] display this interface Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 2.2.2.9...
Page 62 Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN [PE2-Vlanif2] mpls l2vc 1.1.1.9 100 tunnel-policy policy1 [PE2-Vlanif2] quit # Configure PE3. [PE3] mpls l2vpn [PE3-l2vpn] mpls l2vpn default martini [PE3-l2vpn] quit [PE3] interface tunnel 1/0/0 [PE3-Tunnel1/0/0] mpls te reserved-for-binding...
Page 63 [PE1] display interface Tunnel 1/0/0 Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 2.2.2.9...
Page 64 Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN Configuration Files Configuration file of PE1 sysname PE1 vlan batch 1 4 7 mpls lsr-id 1.1.1.9 mpls mpls te mpls rsvp-te mpls te cspf mpls l2vpn mpls l2vpn default martini explicit-path pe1tope2 next hop 100.1.1.1...
Page 65 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 1 VPN Tunnel Management ip address 1.1.1.9 255.255.255.255 isis enable 1 interface Tunnel1/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 2.2.2.9 mpls te tunnel-id 100 mpls te bandwidth bc0 10000...
Page 66 Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN mpls te mpls te max-link-bandwidth 100000 mpls te max-reservable-bandwidth 80000 mpls rsvp-te interface GigabitEthernet1/0/1 port hybrid pvid vlan 7 port hybrid tagged vlan 7 interface GigabitEthernet1/0/2 port hybrid pvid vlan 5...
Page 67 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 1 VPN Tunnel Management ip address 2.2.2.9 255.255.255.255 isis enable 1 interface Tunnel1/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 1.1.1.9 mpls te tunnel-id 100 mpls te bandwidth bc0 10000...
Page 68 Quidway S9300 Terabit Routing Switch 1 VPN Tunnel Management Configuration Guide - VPN destination 1.1.1.9 mpls te tunnel-id 100 mpls te bandwidth bc0 20000 mpls te reserved-for-binding mpls te commit tunnel-policy policy1 tunnel binding destination 1.1.1.9 te tunnel1/0/0 return Configuration file of CE1...
Page 69: Gre Configuration
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 2 GRE Configuration GRE Configuration About This Chapter This chapter describes the basic knowledge, configuration procedures, and configuration examples for the Generic Routing Encapsulation (GRE) protocol. 2.1 Introduction to the GRE Protocol This section describes the concept and principle of the GRE protocol.
Page 70: Introduction To The Gre Protocol
Quidway S9300 Terabit Routing Switch 2 GRE Configuration Configuration Guide - VPN 2.1 Introduction to the GRE Protocol This section describes the concept and principle of the GRE protocol. GRE is an encapsulation mode in which packets of some network protocols such as IPX are encapsulated and thus can be transmitted on networks supporting other protocols such as IP.
Page 71: Configuring A Gre Tunnel
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 2 GRE Configuration Operating Range of a Hop-Limited Protocol (IPX) on the Network Figure 2-2 Enlarging the operating range on the network IP network IP network IP network Tunnel Figure 2-2, if the hop count between the two terminals is more than 225, the two terminals cannot communicate with each other.
Page 72: Establishing The Configuration Task
Quidway S9300 Terabit Routing Switch 2 GRE Configuration Configuration Guide - VPN 2.3.4 Checking the Configuration 2.3.1 Establishing the Configuration Task Applicable Environment To configure GRE features, you must create a tunnel interface first. This is because most GRE functions are configured on the tunnel interface. If the tunnel interface is deleted, all configurations on the interface are deleted subsequently.
Page 73: Configuring Routes
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 2 GRE Configuration The tunnel encapsulation type is set to GRE. The encapsulation types at the two ends of the tunnel must be the same. Step 4 Run: source { ip-address | interface-type interface-number } The source address or source interface of the tunnel is configured.
Page 74: Checking The Configuration
GRE, rather than the destination address of the tunnel. The next hop is the address of the local tunnel interface. Step 3 For configuration of dynamic routes, refer to the Quidway S9300 Terabit Routing Switch Configuration Guide - IP Routing.
Page 75: Configuring A Gre Tunnel Between Ce And Pe
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 2 GRE Configuration Run the display ip routing-table command, and you can see that the routing table contains the route passing through the tunnel interface. The following is an example: <Quidway> display ip routing-table...
Page 76: Configuring The Gre Tunnel Interface On Ce
Quidway S9300 Terabit Routing Switch 2 GRE Configuration Configuration Guide - VPN Data Number of the GRE tunnel interface specified on the CE Source address or source interface and destination address of the GRE tunnel interface specified on the CE...
Page 77: Configuring The Gre Tunnel Interface On Pe
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 2 GRE Configuration Run the ip address unnumbered interface interface-type interface-number command to configure IP unnumbered for the tunnel interface. ----End 2.4.3 Configuring the GRE Tunnel Interface on PE Context Do as follows on the S9300:...
Page 78: Binding The Tunnel With Vpn To Which Ce Belongs On Pe
Quidway S9300 Terabit Routing Switch 2 GRE Configuration Configuration Guide - VPN 2.4.4 Binding the Tunnel with VPN to Which CE belongs on PE Context Do as follows on the S9300. Procedure Step 1 Run: system-view The system view is displayed.
Page 79: Configuring The Keepalive Function
<Quidway> display interface Tunnel 1/0/0 Tunnel1/0/0 current state : UP Line protocol current state : UP Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface Route Port,The Maximum Transmit Unit is 1500 Internet Address is 40.1.1.1/24 Encapsulation is TUNNEL, loopback not set Tunnel source 20.1.1.1 (loopback1), destination 30.1.1.2...
Page 80: Enabling The Keep-Alive Function
Quidway S9300 Terabit Routing Switch 2 GRE Configuration Configuration Guide - VPN Data Preparation To configure the Keepalive function, you need the following data. No. Data Interval for sending Keepalive messages Retry times of the unreachable timer 2.5.2 Enabling the Keep-alive Function Context Do as follows on the S9300 that requires the Keepalive function.
Page 81: Checking The Configuration
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 2 GRE Configuration 2.5.3 Checking the Configuration Prerequisite The Keepalive function is enabled on the GRE tunnel. Context CAUTION Debugging affects the performance of the system. Therefore, after the debugging, run the undo debugging all command to disable it immediately.
Page 82: Resetting The Statistics Of A Tunnel Interface
Quidway S9300 Terabit Routing Switch 2 GRE Configuration Configuration Guide - VPN 2.6.1 Resetting the Statistics of a Tunnel Interface Procedure Run the reset counters interface tunnel [ interface-number ] command to reset the statistics of a tunnel interface. Run the reset keepalive packets count command to reset the statistics of Keepalive packets on the tunnel interface.
Page 83: Figure 2-5 Networking Diagram For Configuring Static Routes
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 2 GRE Configuration GRE is used between S9300-A and S9300-C to implement the interworking between PC1 and PC2. PC1 and PC2 use S9300-A and S9300-C as their default gateways. Figure 2-5 Networking diagram for configuring static routes...
Page 84 Quidway S9300 Terabit Routing Switch 2 GRE Configuration Configuration Guide - VPN Data Preparation To complete the configuration, you need the following data: IDs of the VLANs that the interfaces belong to, as shown in Figure 2-5 IP address of VLANIF interfaces, as shown in...
Page 85 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 2 GRE Configuration 20.1.1.0/24 Direct 0 20.1.1.1 Vlanif10 20.1.1.1/32 Direct 0 127.0.0.1 InLoopBack0 20.1.1.2/32 Direct 0 20.1.1.2 Vlanif10 30.1.1.0/24 OSPF 20.1.1.2 Vlanif10 127.0.0.0/8 Direct 0 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 127.0.0.1 InLoopBack0 127.255.255.255/32...
Page 86 Quidway S9300 Terabit Routing Switch 2 GRE Configuration Configuration Guide - VPN 10.1.1.2/32 Direct 0 127.0.0.1 InLoopBack0 10.2.1.0/24 Static 60 40.1.1.1 Tunnel1/0/1 20.1.1.0/24 Direct 0 20.1.1.1 Vlanif10 20.1.1.1/32 Direct 0 127.0.0.1 InLoopBack0 20.1.1.2/32 Direct 0 20.1.1.2 Vlanif10 30.1.1.0/24 OSPF 20.1.1.2 Vlanif10 40.1.1.0/24...
Page 87: Example For Configuring The Dynamic Routing Protocol On The Gre Tunnel
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 2 GRE Configuration interface GigabitEthernet2/0/0 port hybrid pvid vlan 20 port hybrid untagged vlan 20 ospf 1 area 0.0.0.0 network 20.1.1.0 0.0.0.255 network 30.1.1.0 0.0.0.255 return Configuration file of S9300-C sysname S9300-C...
Page 88: Figure 2-6 Networking Diagram For Configuring Dynamic Routing Protocol
Quidway S9300 Terabit Routing Switch 2 GRE Configuration Configuration Guide - VPN Figure 2-6 Networking diagram for configuring dynamic routing protocol S9300-B GE1/0/0 GE2/0/0 OSPF 1 GE1/0/0 GE1/0/0 S9300-A S9300-C Tunnel Tunnel1/0/1 Tunnel2/0/1 GE2/0/0 GE2/0/0 OSPF 2 OSPF 2 S9300...
Page 89 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 2 GRE Configuration Procedure Step 1 Assign the IP address to each interface. <Quidway> system-view [Quidway] sysname S9300-A [S9300-A] vlan batch 10 30 [S9300-A] interface gigabitEthernet 1/0/0 [S9300-A-GigabitEthernet1/0/0] port hybrid pvid vlan 10...
Page 90 Quidway S9300 Terabit Routing Switch 2 GRE Configuration Configuration Guide - VPN Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 10.1.1.2 Vlanif30 10.1.1.2/32 Direct 0 127.0.0.1 InLoopBack0 10.2.1.0/24 OSPF 40.1.1.2 Tunnel1/0/1 20.1.1.0/24...
Page 91: Example For Configuring The Ce To Access A Vpn Through A Gre Tunnel Of The Public Network
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 2 GRE Configuration interface GigabitEthernet1/0/0 port hybrid pvid vlan 10 port hybrid untagged vlan 10 interface GigabitEthernet2/0/0 port hybrid pvid vlan 20 port hybrid untagged vlan 20 ospf 1 area 0.0.0.0 network 20.1.1.0 0.0.0.255...
Page 92 Quidway S9300 Terabit Routing Switch 2 GRE Configuration Configuration Guide - VPN CE1 and CE2 are required to interwork with each other. Figure 2-7 Networking diagram in which CEs access a VPN through the GRE tunnel of the public network...
Page 93 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 2 GRE Configuration vpn1 on PE1 can then be bound to the GRE tunnel, and CE1 can access the VPN through the GRE tunnel. The configuration roadmap is as follows: Configure OSPF 10 on PE1 and PE2 to implement the interworking between the two devices, and then enable MPLS.
Page 94 Quidway S9300 Terabit Routing Switch 2 GRE Configuration Configuration Guide - VPN # After the configuration, a GRE tunnel is established between CE1 and PE1. Step 4 Create a VPN instance named vpn1 on PE1 and bind the VPN instance to the GRE tunnel.
Page 95 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 2 GRE Configuration [PE2-Vlanif50] isis enable 50 [PE2-Vlanif50] quit Step 8 Set up the MP-BGP peer relationship between PE1 and PE2. # On PE1, specify PE2 as an IBGP peer, set up the IBGP connection by using the loopback interface, and enable the capability of exchanging VPN IPv4 routing information between PE1 and PE2.
Page 96 Quidway S9300 Terabit Routing Switch 2 GRE Configuration Configuration Guide - VPN <CE2> ping 21.1.1.2 PING 21.1.1.2: 56 data bytes, press CTRL_C to break Reply from 21.1.1.2: bytes=56 Sequence=1 ttl=253 time=120 ms Reply from 21.1.1.2: bytes=56 Sequence=2 ttl=253 time=110 ms Reply from 21.1.1.2: bytes=56 Sequence=3 ttl=253 time=120 ms...
Page 97 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 2 GRE Configuration interface GigabitEthernet1/0/0 port hybrid pvid vlan 20 port hybrid ubtagged vlan 20 interface GigabitEthernet2/0/0 port hybrid pvid vlan 30 port hybrid ubtagged vlan 30 ospf 20 area 0.0.0.0 network 30.1.1.0 0.0.0.255...
Page 98 Quidway S9300 Terabit Routing Switch 2 GRE Configuration Configuration Guide - VPN peer 3.3.3.9 enable ipv4-family vpnv4 policy vpn-target peer 3.3.3.9 enable ipv4-family vpn-instance vpn1 import-route direct import-route isis 50 ospf 10 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 110.1.1.0 0.0.0.255 ospf 20 area 0.0.0.0...
Page 99: Example For Configuring The Keepalive Function For Gre
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 2 GRE Configuration ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable ipv4-family vpn-instance vpn1 import-route direct import-route isis 50 ospf 10 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 110.1.1.0 0.0.0.255 return Configuration file of CE2...
Page 100 Quidway S9300 Terabit Routing Switch 2 GRE Configuration Configuration Guide - VPN Tunnel1/0/0 40.1.1.1/24 S9300-B GigabitEthernet1/0/0 VLANIF 20 30.1.1.2/30 Tunnel1/0/0 40.1.1.2/24 Configuration Roadmap To enable the Keepalive function on one end of the GRE tunnel, run the keepalive command in the tunnel interface view on the end.
Page 101 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 2 GRE Configuration Reply from 40.1.1.2: bytes=56 Sequence=2 ttl=255 time=7 ms Reply from 40.1.1.2: bytes=56 Sequence=3 ttl=255 time=7 ms Reply from 40.1.1.2: bytes=56 Sequence=4 ttl=255 time=7 ms Reply from 40.1.1.2: bytes=56 Sequence=5 ttl=255 time=7 ms --- 40.1.1.2 ping statistics ---...
Page 102 Quidway S9300 Terabit Routing Switch 2 GRE Configuration Configuration Guide - VPN return 2-34 Huawei Proprietary and Confidential Issue 01 (2009-07-28) Copyright © Huawei Technologies Co., Ltd.
Page 103: Bgp/Mpls Ip Vpn Configuration
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration BGP/MPLS IP VPN Configuration About This Chapter This chapter describes the principle, application, and configuration of the BGP/MPLS IP VPN. 3.1 Introduction to BGP/MPLS IP VPN This section describes the principle and concepts of BGP/MPLS IP VPN.
Page 104 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN 3.12 Configuring Route Reflection to Optimize the VPN Backbone Layer This section describes how to configure BGP route reflection on the VPN backbone layer to reflect VPNv4 routes.
Page 105: Introduction To Bgp/Mpls Ip Vpn
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration 3.1 Introduction to BGP/MPLS IP VPN This section describes the principle and concepts of BGP/MPLS IP VPN. BGP/MPLS IP VPN is a PE-based L3VPN technology which is a solution of the Provider Provisioned VPN (PPVPN).
Page 106: Figure 3-2 Networking Of Sham Link
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN Networking The S9300 supports the VPN route exchange between PEs through MP-BGP. To ensure that a PE and a CE can exchange routes, you can configure the static route, RIP multi-instance, OSPF multi-instance, IS-IS multi-instance, or EBGP.
Page 107: Configuring A Vpn Instance
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration The backbone network is an MPLS network, in which the devices at the backbone layer are fully connected and data is backed up on multiple layers. The devices at the backbone layer are connected through high-speed interfaces.
Page 108: Creating A Vpn Instance
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN Configuring routing policies if import or export routing policies need to be applied to the VPN instance Configuring tunnel policies if load balancing is required, or the selection sequence of...
Page 109: Configuring The Attributes Of A Vpn Instance
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration A VPN instance takes effect only after it is configured with an RD. The RDs of different VPN instances on a PE should be different. Before configuring an RD, you can configure only the description.
Page 110: Optional) Applying A Tunnel Policy To A Vpn Instance
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN The export routing policy of the VPN instance is configured. ----End 3.3.4 (Optional) Applying a Tunnel Policy to a VPN Instance Context By default, a VPN instance uses an MPLS LSP as the tunnel and no load balancing is carried out.
Page 111: Checking The Configuration
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration In general, each route is assigned a label (one label per route). When a large number of routes exist, the Incoming Label Map (ILM) needs to maintain a great deal of in-segment entries. This affects the capacity of the device.
Page 112: Establishing The Configuration Task
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN 3.4.1 Establishing the Configuration Task 3.4.2 Configuring a VPN Instance 3.4.3 Binding an Interface to the VPN Instance 3.4.4 Configuring Routing Exchange Between PEs 3.4.5 Configuring Routing Exchange Between PE and CE 3.4.6 Checking the Configuration...
Page 113: Configuring A Vpn Instance
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration Data VPN instance data: VPN instance name and RD (Optional) Description of the VPN instance VPN target attributes (Optional) Routing policy that controls transmitting and receiving of VPN routing...
Page 114: Configuring Routing Exchange Between Pes
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN Step 3 Run: ip binding vpn-instance vpn-instance-name The interface is bound to the VPN instance. NOTE The ip binding vpn-instance command deletes Layer 3 features such as the IP address and routing protocols configured on the interface.
Page 115: Configuring Routing Exchange Between Pe And Ce
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration The peers are enabled to exchange VPNv4 routing information. ----End 3.4.5 Configuring Routing Exchange Between PE and CE Context Choose one of the following methods to configure a routing policy as required:...
Page 116 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN Run: – network ip-address mask The directly connected routes destined for the local CE are advertised. NOTE A PE automatically learns the directly connected routes destined for the local CE. The routes learned by the PE are prior to the routes advertised by the CE through EBGP.
Page 117 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration (Optional) Run: peer { ipv4-address | group-name } ebgp-max-hop [ number ] The maximum number of hops on an EBGP connection is set. Generally, the EBGP peers must be directly connected through physical links. If there are no physical links, run the peer ebgp-max-hop command, by which the EBGP peers are allowed to set up TCP sessions to each other through multiple hops.
Page 118 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN NOTE Compared with a common BGP view, the BGP VPN instance view does not support the following commands: BGP confederation: confederation BGP Graceful Restart: graceful-restart Router ID of a BGP router: router-id...
Page 119 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration The BGP view is displayed. Run: ipv4-family vpn-instance vpn-instance-name The BGP VPN instance view is displayed. Run: import-route static [ med value ] [ route-policy policy-name ] The static route is imported to the routing table of the BGP VPN instance.
Page 120 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN The RIP routes are imported to the routing table of the BGP VPN instance. After the import-route rip command is run in the BGP VPN instance view, the PE imports the VPN routes learned from the connected CE to BGP, and then advertises the routes, which are the VPN IPv4 routes, to the remote PE.
Page 121 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration If the BGP process is not started on the local S9300, the default tag value is 0. – If the BGP process is started on the local S9300, the first two bytes in the tag are –...
Page 122 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN NOTE If the VPN instance is removed, the related OSPF processes are removed. Configuring IS-IS between PE and CE The configuration is performed on the PE. Configure common IS-IS on the CE. The configuration procedure is not described here.
Page 123: Checking The Configuration
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration IS-IS is run on the interface. Run: quit Return to the system view. 10. Run: bgp as-number The BGP view is displayed. 11. Run: ipv4-family vpn-instance vpn-instance-name The BGP VPN instance view is displayed.
Page 124: Establishing The Configuration Task
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN 3.5.4 Associating an Interface with the VPN Instance 3.5.5 Configuring Routing Exchange Between Hub-PE and Spoke-PE 3.5.6 Configuring Routing Exchange Between CE and PE 3.5.7 Checking the Configuration 3.5.1 Establishing the Configuration Task...
Page 125 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration A Spoke-PE needs to be configured with one VPN instance; a Hub-PE needs to be configured with two VPN instances, namely, VPN-in and VPN-out. VPN-in receives and maintains all the VPNv4 routes advertised by Spoke-PEs.
Page 126: Configuring The Route Attributes Of A Vpn Instance
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN To prevent excessive routes from being imported to the PE, set the maximum number of routes supported by a VPN instance. ----End 3.5.3 Configuring the Route Attributes of a VPN Instance...
Page 127: Associating An Interface With The Vpn Instance
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration The export routing policy of the VPN instance is configured. Configuring Spoke-PE Run: system-view The system view is displayed. Run: ip vpn-instance vpn-instance-name The VPN instance view of the VPN-in is displayed.
Page 128: Configuring Routing Exchange Between Hub-Pe And Spoke-Pe
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN The system view is displayed. Step 2 Run: interface interface-type interface-number The view of the interface to be associated is displayed. Step 3 Run: ip binding vpn-instance vpn-instance-name The interface is associated with the VPN instance.
Page 129: Configuring Routing Exchange Between Ce And Pe
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration The BGP VPNv4 address family view is displayed. Step 6 Run: peer peer-address enable The peers are enabled to exchange VPNv4 routing information. ----End 3.5.6 Configuring Routing Exchange Between CE and PE...
Page 130: Configuring Inter-As Vpn Option A
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN Procedure Run the display ip routing-table vpn-instance vpn-instance-name command on the Hub- PE to view the routing information about VPN-in and VPN-out. Run the display ip routing-table command on the Hub-CE and Spoke-CEs to view the routing information.
Page 131: Configuring Inter-As Vpn Option A
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration Data Preparation To configure inter-AS IP VPN Option A, you need the following data: Data To configure the VPN instance on the PE and the ASBR PE, you need the following...
Page 132: Checking The Configuration
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN 3.6.3 Checking the Configuration Prerequisite The configurations of the Inter-AS VPN Option A function are complete. Procedure Run the display bgp vpnv4 all peer command to check information about the BGP peers on the PE or the ASBR PE.
Page 133: Specifying The U-Pe
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration Data Preparation To configure an HoVPN, you need the following data. Data Relation between the U-PE and the S-PE Name of the VPN instance sending default routes to U-PE 3.7.2 Specifying the U-PE...
Page 134: Advertising Default Routes Of A Vpn Instance
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN 3.7.3 Advertising Default Routes of a VPN Instance Context Do as follows on the S-PE. Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: bgp as-number The BGP view is displayed.
Page 135: Configuring The Ospf Sham Link
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration Example Run the display ip routing-table command on the CE connected with the U-PE. You can find that there is a default route whose next hop is U-PE, but the route to the network segment where the peer CE resides does not exist.
Page 136: Configuring End Addresses Of A Sham Link
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN Data Metric used in the sham link and other link parameters 3.8.2 Configuring End Addresses of a Sham Link Context Do as follows on the two PEs.
Page 137: Creating A Sham Link
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration The system view is displayed. Step 2 Run: bgp as-number The BGP view is displayed. Step 3 Run: ipv4-family vpn-instance vpn-instance-name The BGP VPN instance view is displayed.
Page 138: Checking The Configuration
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN The sham link is configured. By default: The interface cost of the sham link, namely, cost, is 1. dead-interval is 40 seconds. The interval for sending Hello packets, namely, hello-interval, is 10 seconds.
Page 139: Configuring The Multi-Vpn-Instance Ce
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration Run the display ospf routing on the CE, and you can find that the routes from the CE to the peer CE are learned and considered as the intra-area routes.
Page 140: Configuring The Ospf Multi-Instance On The Pe
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN Data OSPF process ID and router ID used by each service Routes advertised by each OSPF process 3.9.2 Configuring the OSPF Multi-Instance on the PE Context Do as follows on the PE connected to the multi-VPN-instance CE.
Page 141: Configuring The Ospf Multi-Instance On The Multi-Vpn-Instance Ce
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration Step 9 Run: ipv4-family vpn-instance vpn-instance-name The BGP VPN instance view is displayed. Step 10 Run: import-route ospf process-id The OSPF multi-instance routes are imported. ----End 3.9.3 Configuring the OSPF Multi-Instance on the Multi-VPN-...
Page 142: Checking The Configuration
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: ospf process-id [ router-id router-id ] vpn-instance vpn-instance-name The OSPF view is displayed.
Page 143: Establishing The Configuration Task
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration 3.10.1 Establishing the Configuration Task Applicable Environment You can enable VPN users to access the Internet by adding certain software configurations in the established VPN. Translating the VPN address to a public network address through Network Address Translation (NAT) if the VPN user uses a VPN address.
Page 144: Configuring Static Route On The Pe And Importing The Static Route To Vpn
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN 3.10.3 Configuring Static Route on the PE and Importing the Static Route to VPN Context Do as follows on the PE. Procedure Step 1 Run: system-view The system view is displayed.
Page 145: Configuring Vpn Frr
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration Procedure Run the display ip routing-table vpn-instancevpn-instance-name command to view information about the VPN routing table on the PE. Run the display ip routing-table command to view the routing tables of the CE and the destination S9300 on the public network.
Page 146: Configuring A Routing Policy
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN Data Name of the routing policy and the name of the IP prefix Next hop of the backup route. 3.11.2 Configuring a Routing Policy Context Do as follows on the PE.
Page 147: Configuring Route Reflection To Optimize The Vpn Backbone Layer
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration VPN FRR is enabled. ----End 3.11.4 Checking the Configuration Prerequisite The configurations of the VPN FRR are complete. Procedure Run the display ip routing-table vpn-instance vpn-instance-name [ filter-option ] verbose command to view the backup next hop (PE address), backup tunnel, and backup label in the routing table.
Page 148: Establishing The Configuration Task
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN 3.12.1 Establishing the Configuration Task 3.12.2 Configuring the Client PE to Establish MP-IBGP Connection with the RR 3.12.3 Configuring the RR to Establish MP-IBGP Connections with All Client PEs 3.12.4 Configuring Route Reflection for BGPVPNv4 Routes...
Page 149: Configuring The Client Pe To Establish Mp-Ibgp Connection With The Rr
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration 3.12.2 Configuring the Client PE to Establish MP-IBGP Connection with the RR Context Do as follows on all client PEs. Procedure Step 1 Run: system-view The system view is displayed.
Page 150 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN Run: system-view The system view is displayed. Run: bgp as-number The BGP view is displayed. Run: group group-name [ internal ] An IBGP peer group is created.
Page 151: Configuring Route Reflection For Bgpvpnv4 Routes
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration The interface for establishing the TCP connection is configured. The IP address of the interface must be the same as the MPLS LSR ID. It is recommended that you specify a loopback interface to establish the TCP connection.
Page 152: Checking The Configuration
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN 3.12.5 Checking the Configuration Prerequisite The configurations of RR are complete. Procedure Run the display bgp vpnv4 all peer [ [ ipv4-address ] verbose ] command to view information about the BGP VPNv4 peer on the RR or the client PEs.
Page 153: Establishing The Configuration Task
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration 3.13.1 Establishing the Configuration Task Applicable Environment If a PE and multiple connected CEs reside in the same AS, to reduce the number of IBGP connections between the CEs, the PE can be configured as an RR to reflect the routes of the VPN instance.
Page 154: Configuring The Rr To Establish Mp-Ibgp Connections With All Client Ces
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN The RR is configured as the BGP peer of the client CE. Step 4 Run: peer peer-ipv4-address connect-interface interface-type interface-number The interface for establishing the TCP connection is configured. A loopback interface is recommended.
Page 155: Configuring Route Reflection For The Routes Of The Bgp Vpn Instance
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration The BGP VPN instance view is displayed. Run: peer group-name as-number as-number The peer group of the BGP IPv4 VPN instance is configured. Run: peer ip-address group group-name The peer is added to the peer group.
Page 156: Checking The Configuration
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN The BGP view is displayed. Step 3 Run: ipv4-family vpn-instance vpn-instance-name The BGP VPN instance view is displayed. Step 4 Enable the route reflection for the routes of the BGP VPN instance on the RR.
Page 157: Maintaining The Bgp/Mpls Ip Vpn
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration Run the display bgp peer peer-ipv4-address { advertised-routes | received-routes } [ statistics ] command to view information about the routes received from the peer or the routes advertised to the peer.
Page 158: Checking The Network Connectivity And Reachability
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN Procedure Run the display ip routing-table vpn-instance vpn-instance-name [ [ filter-option ] [ verbose ] | statistics ] command to view the IP routing table of a VPN instance.
Page 159: Clearing Bgp Statistics Of Vpn Instance
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration If multiple interfaces bound to the same VPN exist on the PE, specify the source IP address, that is, -a source-ip-address, when you run the ping or tracert the remote CE that accesses the peer PE.
Page 160: Debugging The Bgp/Mpls Ip Vpn
When a BGP/MPLS IP VPN fault occurs, run the following debugging commands in the user view to locate the fault. For the description of the debugging commands, refer to the Quidway S9300 Terabit Routing Switch Debugging Reference. Procedure...
Page 161: Configuration Examples
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration Run the debugging bgp update vpnv4 [ peer ip-address ] [ receive | send ] [ verbose ] command in the user view to enable the BGP Update packets debugging of VPNv4 routes.
Page 162: Figure 3-3 Networking Diagram For Configuring Bgp/Mpls Ip Vpn
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN Figure 3-3 Networking diagram for configuring BGP/MPLS IP VPN AS: 65410 AS: 65430 VPN-A VPN-A GE1/0/0 GE1/0/0 Loopback1 2.2.2.9/32 GE1/0/0 GE1/0/0 GE1/0/0 GE2/0/0 Loopback1 Loopback1 1.1.1.9/32 3.3.3.9/32...
Page 163 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration Configure VPN instances on the PEs connected to CEs on the backbone network and bind related VPNs to the interfaces connected to the CEs. Configure OSPF on the PEs to implement interconnection between PEs.
Page 164 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN [P-GigabitEthernet1/0/0] port hybrid pvid vlan 30 [P-GigabitEthernet1/0/0] port hybrid untagged vlan 30 [P-GigabitEthernet1/0/0] quit [P] interface GigabitEthernet 2/0/0 [P-GigabitEthernet2/0/0] port hybrid pvid vlan 60 [P-GigabitEthernet2/0/0] port hybrid untagged vlan 60...
Page 165 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration 172.1.1.1/32 Direct 0 127.0.0.1 InLoopBack0 172.1.1.2/32 Direct 0 172.1.1.2 Vlanif30 172.1.1.255/32 Direct 0 127.0.0.1 InLoopBack0 172.2.1.0/24 OSPF 172.1.1.2 Vlanif30 255.255.255.255/32 Direct 0 127.0.0.1 InLoopBack0 [PE1] display ospf peer OSPF Process 1 with Router ID 1.1.1.9...
Page 166 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN [PE1] display mpls ldp session LDP Session(s) in Public Network ------------------------------------------------------------------------------ Peer-ID Status SsnRole SsnAge KA-Sent/Rcv ------------------------------------------------------------------------------ 2.2.2.9:0 Operational DU Active 000:00:01 ------------------------------------------------------------------------------ TOTAL: 1 session(s) Found.
Page 167 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration # Configure IP addresses of the interfaces on the CEs according to Figure 3-3. The configuration procedure is not given here. After the configuration, run the display ip vpn-instance verbose command on the PEs, and you can see the configuration of the VPN instances.
Page 168 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpna [PE1-bgp-vpna] peer 10.1.1.1 as-number 65410 [PE1-bgp-vpna] import-route direct [PE1-bgp-vpna] quit [PE1-bgp] ipv4-family vpn-instance vpnb [PE1-bgp-vpnb] peer 10.2.1.1 as-number 65420...
Page 169 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 3 Peers in established state : 3 Peer MsgRcvd MsgSent...
Page 170 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN --- 10.4.1.1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss ----End Configuration Files Configuration file of PE1 sysname PE1 vlan batch 10 20 30...
Page 171 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration ipv4-family vpn-instance vpna peer 10.1.1.1 as-number 65410 import-route direct ipv4-family vpn-instance vpnb peer 10.2.1.1 as-number 65420 import-route direct ospf 1 area 0.0.0.0 network 172.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0...
Page 172 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity mpls lsr-id 3.3.3.9 mpls mpls ldp interface Vlanif40 ip binding vpn-instance vpna ip address 10.3.1.2 255.255.255.0 interface Vlanif50 ip binding vpn-instance vpnb ip address 10.4.1.2 255.255.255.0...
Page 173 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration interface Vlanif10 ip address 10.1.1.1 255.255.255.0 interface GigabitEthernet1/0/0 port hybrid pvid vlan 10 port hybrid untagged vlan 10 bgp 65410 peer 10.1.1.2 as-number 100 ipv4-family unicast...
Page 174: Example For Configuring Mutual Access Between Vpns
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN ip address 10.4.1.1 255.255.255.0 interface GigabitEthernet1/0/0 port hybrid pvid vlan 50 port hybrid untagged vlan 50 bgp 65440 peer 10.4.1.2 as-number 100 ipv4-family unicast undo synchronization import-route direct peer 10.4.1.2 enable...
Page 175: Configuration Procedure
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration GE1/0/0 VLANIF 20 10.2.1.1/24 Loopback1 1.1.1.9/32 GE1/0/0 VLANIF 10 10.1.1.2/24 GE2/0/0 VLANIF 20 10.2.1.2/24 GE3/0/0 VLANIF 100 172.1.1.1/24 Loopback1 3.3.3.9/32 GE1/0/0 VLANIF 30 10.3.1.2/24 GE2/0/0 VLANIF 40 10.4.1.2/24...
Page 176 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN Step 2 Configure IGP on the MPLS backbone to implement interworking of the backbone. For details, see the configuration procedure in 3.15.1 Example for Configuring the BGP/ MPLS IP VPN.
Page 177 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration LDP LSP Information ------------------------------------------------------------------------------ DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface ------------------------------------------------------------------------------ 1.1.1.9/32 3/NULL 127.0.0.1 Vlanif100/InLoop0 2.2.2.9/32 NULL/3 172.1.1.2 -------/Vlanif100 3.3.3.9/32 NULL/1025 172.1.1.2 -------/Vlanif100 ------------------------------------------------------------------------------ TOTAL: 3 Normal LSP(s) Found.
Page 178 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN VPN-Instance Name and ID : vpna, 1 Create date : 2009/05/24 16:28:27 Up time : 0 days, 00 hours, 11 minutes and 25 seconds Route Distinguisher : 100:1...
Page 179 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration [PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # Configure PE2.
Page 180 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN 0.00% packet loss round-trip min/avg/max = 34/48/72 ms ----End Configuration Files Configuration file of PE1 sysname PE1 vlan batch 10 20 100 ip vpn-instance vpna route-distinguisher 100:1...
Page 181 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration peer 10.1.1.1 as-number 65410 import-route direct ipv4-family vpn-instance vpnb peer 10.2.1.1 as-number 65420 import-route direct ospf 1 area 0.0.0.0 network 172.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0 return...
Page 182 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN mpls lsr-id 3.3.3.9 mpls mpls ldp interface Vlanif30 ip binding vpn-instance vpna ip address 10.3.1.2 255.255.255.0 interface Vlanif40 ip binding vpn-instance vpnb ip address 10.4.1.2 255.255.255.0 interface Vlanif200 ip address 172.2.1.2 255.255.255.0...
Page 183 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration interface GigabitEthernet1/0/0 port hybrid pvid vlan 10 port hybrid untagged vlan 10 bgp 65410 peer 10.1.1.2 as-number 100 ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable...
Page 184: Example For Configuring Bgp Asn Substitution
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN port hybrid pvid vlan 40 port hybrid untagged vlan 40 bgp 65440 peer 10.4.1.2 as-number 100 ipv4-family unicast undo synchronization import-route direct peer 10.4.1.2 enable return 3.15.3 Example for Configuring BGP ASN Substitution...
Page 185 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration GigabitEthernet1/0/0 VLANIF 10 10.1.1.1/24 GigabitEthernet2/0/0 VLANIF 50 100.1.1.1/24 GigabitEthernet1/0/0 VLANIF 40 10.2.1.1/24 GigabitEthernet2/0/0 VLANIF 60 200.1.1.1/24 Configuration Roadmap The configuration roadmap is as follows: Enable IGP on the backbone network to implement interworking between PEs, and between PE and P so that they can learn loopback address of each other.
Page 186 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Cost Flags NextHop Interface 10.1.1.0/24 10.2.1.2 Vlanif40 10.2.1.0/24 Direct 0 10.2.1.1 Vlanif40 10.2.1.1/32 Direct 0 127.0.0.1...
Page 187 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration In the route advertised to CE2 by PE2, you can see that the AS path information of 100.1.1.0/24 changes from "100 600" to "100 100". *0.13498737 PE2 RM/7/RMDEBUG: BGP.vpn1: Send UPDATE to 10.2.1.1 for following destinations :...
Page 188 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN interface Vlanif50 ip address 100.1.1.1 255.255.255.0 interface GigabitEthernet1/0/0 port hybrid pvid vlan 10 port hybrid untagged vlan 10 interface GigabitEthernet2/0/0 port hybrid pvid vlan 50 port hybrid untagged vlan 50 bgp 600 peer 10.1.1.2 as-number 100...
Page 189 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration peer 3.3.3.9 enable ipv4-family vpn-instance vpn1 peer 10.1.1.1 as-number 600 peer 10.1.1.1 substitute-as import-route direct ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 20.1.1.0 0.0.0.255 return...
Page 190 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN interface Vlanif30 ip address 30.1.1.2 255.255.255.0 mpls mpls ldp interface Vlanif40 ip binding vpn-instance vpn1 ip address 10.2.1.2 255.255.255.0 interface GigabitEthernet1/0/0 port hybrid pvid vlan 40...
Page 191: Example For Configuring Hub&Spoke
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration return 3.15.4 Example for Configuring Hub&Spoke Networking Requirements As shown in Figure 3-6, the communication between Spoke-CEs is controlled by the Hub-CE in the central site. That is, the traffic between Spoke-CEs is forwarded by the Hub-CE, and not only by the Hub-PE.
Page 192 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN Loopback1 1.1.1.9/32 Spoke-PE2 GigabitEthernet1/0/0 VLANIF 60 120.1.1.2/24 GigabitEthernet2/0/0 VLANIF 20 11.1.1.1/24 Loopback1 3.3.3.9/32 Hub-CE GigabitEthernet1/0/0 VLANIF 30 110.1.1.1/24 GigabitEthernet2/0/0 VLANIF 40 110.2.1.1/24 Spoke-CE1 GigabitEthernet1/0/0 VLANIF 50 100.1.1.1/24...
Page 193 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration NOTE The Hub-PE and Spoke-PE devices are directly connected In this example, you need to run label advertise command to enables the egress node to assign labels normally to the penultimate hop.
Page 194 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN [Hub-PE-vpn-instance-vpn_in] quit [Hub-PE] ip vpn-instance vpn_out [Hub-PE-vpn-instance-vpn_out] route-distinguisher 100:22 [Hub-PE-vpn-instance-vpn_out] vpn-target 200:1 export-extcommunity [Hub-PE-vpn-instance-vpn_out] quit [Hub-PE] interface vlanif 30 [Hub-PE-Vlanif30] ip binding vpn-instance vpn_in [Hub-PE-Vlanif30] ip address 110.1.1.2 24...
Page 195 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration [Hub-CE] bgp 65430 [Hub-CE-bgp] peer 110.1.1.2 as-number 100 [Hub-CE-bgp] peer 110.2.1.2 as-number 100 [Hub-CE-bgp] import-route direct [Hub-CE-bgp] quit # Configure the Hub-PE. [Hub-PE] bgp 100 [Hub-PE-bgp] ipv4-family vpn-instance vpn_in [Hub-PE-bgp-vpn_in] peer 110.1.1.1 as-number 65430...
Page 196 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN Take Spoke-CE1 for example. [Spoke-CE1] ping 120.1.1.1 PING 120.1.1.1: 56 data bytes, press CTRL_C to break Reply from 120.1.1.1: bytes=56 Sequence=1 ttl=250 time=80 ms Reply from 120.1.1.1: bytes=56 Sequence=2 ttl=250 time=129 ms Reply from 120.1.1.1: bytes=56 Sequence=3 ttl=250 time=132 ms...
Page 197 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration return Configuration file of Spoke-PE1 sysname Spoke-PE1 vlan batch 10 50 ip vpn-instance vpna route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 200:1 import-extcommunity mpls lsr-id 1.1.1.9 mpls...
Page 198 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN ip vpn-instance vpna route-distinguisher 100:3 vpn-target 100:1 export-extcommunity vpn-target 200:1 import-extcommunity mpls lsr-id 3.3.3.9 mpls label advertise non-null mpls ldp interface Vlanif20 ip address 11.1.1.1 255.255.255.0...
Page 199 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration ipv4-family unicast undo synchronization import-route direct peer 120.1.1.2 enable return Configuration file of Hub-CE sysname Hub-CE vlan batch 30 40 interface Vlanif30 ip address 110.1.1.1 255.255.255.0 interface Vlanif40 ip address 110.2.1.1 255.255.255.0...
Page 200 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN interface Vlanif30 ip binding vpn-instance vpn_in ip address 110.1.1.2 255.255.255.0 interface Vlanif40 ip binding vpn-instance vpn_out ip address 110.2.1.2 255.255.255.0 interface GigabitEthernet1/0/0 port hybrid pvid vlan 10...
Page 201: Example For Configuring The Hovpn
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration 3.15.5 Example for Configuring the HoVPN Networking Requirements As shown in Figure 3-7, CE1 and CE2 belong to the same VPN and have the same VPN target.
Page 202 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN Configure IGP on the backbone network so that PEs can learn the loopback address of each other. Create MPLS LSPs between the PEs. Create a VPN instance on UPE and set up an EBGP adjacency between UPE and CE1.
Page 203 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration [UPE-bgp-vpna] peer 10.1.1.1 as-number 65410 [UPE-bgp-vpna] import-route direct [UPE-bgp-vpna] quit [UPE-bgp] quit # Configure CE1. <Quidway> system-view [Quidway] sysname CE1 [CE1] interface vlanif 30 [CE1-Vlanif30] ip address 10.1.1.1 24...
Page 204 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN [UPE-bgp-af-vpnv4] quit [UPE-bgp] quit # Configure the SPE. <SPE> system-view [SPE] bgp 100 [SPE-bgp] peer 1.1.1.9 as-number 100 [SPE-bgp] peer 1.1.1.9 connect-interface loopback 1 [SPE-bgp] peer 3.3.3.9 as-number 100 [SPE-bgp] peer 3.3.3.9 connect-interface loopback 1...
Page 205 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=253 time=85 ms Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=253 time=70 ms Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=253 time=57 ms Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=253 time=66 ms Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=253 time=55 ms...
Page 206 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable return Configuration file of UPE sysname UPE vlan batch 10 30 ip vpn-instance vpna route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity mpls lsr-id 1.1.1.9...
Page 207 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration sysname SPE vlan batch 10 20 ip vpn-instance vpna route-distinguisher 200:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity mpls lsr-id 2.2.2.9 mpls label advertise non-null mpls ldp interface Vlanif10 ip address 172.1.1.2 255.255.255.0...
Page 208 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN ip vpn-instance vpna route-distinguisher 100:2 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity mpls lsr-id 3.3.3.9 mpls label advertise non-null mpls ldp interface Vlanif20 ip address 172.2.1.2 255.255.255.0...
Page 209: Example For Configuring The Ospf Sham Link
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration ipv4-family unicast undo synchronization import-route direct peer 10.2.1.2 enable return 3.15.6 Example for Configuring the OSPF Sham Link Networking Requirements As shown in Figure 3-8, CE1 and CE2 belong to the same OSPF area of vpn1 and are connected to PE1 and PE2 respectively.
Page 210 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN GigabitEthernet2/0/0 VLANIF 30 30.1.1.1/24 Configuration Roadmap The configuration roadmap is as follows: Set up an MP-IBGP adjacency between the PEs and enable OSPF between the PE and CEs.
Page 211 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration # Configure S9300-A. <Quidway> system-view [Quidway] sysname S9300-A [S9300-A] vlan 20 30 [S9300-A] interface GigabitEthernet 1/0/0 [S9300-A-GigabitEthernet1/0/0] port hybrid pvid vlan 20 [S9300-A-GigabitEthernet1/0/0] port hybrid untagged vlan 20...
Page 212 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface vlanif 10 [PE1-Vlanif10] ip address 10.1.1.1 24 [PE1-Vlanif10] mpls [PE1-Vlanif10] mpls ldp...
Page 213 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration [PE2-GigabitEthernet1/0/0] port hybrid pvid vlan 60 [PE2-GigabitEthernet1/0/0] port hybrid untagged vlan 60 [PE2-GigabitEthernet1/0/0] quit [PE2] interface GigabitEthernet 2/0/0 [PE2-GigabitEthernet2/0/0] port hybrid pvid vlan 40 [PE2-GigabitEthernet2/0/0] port hybrid untagged vlan 40...
Page 214 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN [PE2-vpn-instance-vpn1] quit [PE2] interface vlanif 60 [PE2-Vlanif60] ip binding vpn-instance vpn1 [PE2-Vlanif60] ip address 120.1.1.1 24 [PE2-Vlanif60] quit [PE2] ospf 100 vpn-instance vpn1 [PE2-ospf-100] import-route bgp...
Page 215 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration [PE2] interface loopback 10 [PE2-LoopBack10] ip binding vpn-instance vpn1 [PE2-LoopBack10] ip address 6.6.6.6 32 [PE2-LoopBack10] quit [PE2] ospf 100 [PE2-ospf-100] area 0 [PE2-ospf-100-area-0.0.0.0] sham-link 6.6.6.6 5.5.5.5 cost 1 [PE2-ospf-100-area-0.0.0.0] quit...
Page 216 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN [CE1] tracert 120.1.1.1 traceroute to 120.1.1.1(120.1.1.1) 30 hops max,40 bytes packet 1 100.1.1.2 47 ms 31 ms 31 ms 2 120.1.1.2 94 ms 94 ms 94 ms 3 120.1.1.1 125 ms...
Page 217 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity mpls lsr-id 1.1.1.9 mpls lsp-trigger all mpls ldp interface Vlanif 10 ip address 10.1.1.1 255.255.255.0...
Page 218 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN vlan batch 10 40 mpls lsr-id 2.2.2.9 mpls lsp-trigger all mpls ldp interface Vlanif 10 ip address 10.1.1.2 255.255.255.0 mpls mpls ldp interface Vlanif 40 ip address 40.1.1.1 255.255.255.0...
Page 219 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration port hybrid untagged vlan 40 interface LoopBack1 ip address 3.3.3.9 255.255.255.255 interface LoopBack10 ip binding vpn-instance vpn1 ip address 6.6.6.6 255.255.255.255 bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1...
Page 220: Example For Configuring The Multi-Vpn-Instance Ce
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN vlan batch 30 60 interface vlanif 30 ip address 30.1.1.2 255.255.255.0 ospf cost 10 interface vlanif 60 ip address 120.1.1.1 255.255.255.0 interface GigabitEthernet1/0/0 port hybrid pvid vlan 60...
Page 221: Figure 3-9 Networking Diagram For Configuring Multi-Vpn-Instance Ce
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration vpna and vpnb use different VPN targets. It is required that users on the same VPN can access each other, but users on different VPNs cannot access each other. In this way, services of different VPNs on the LAN are separated from each other.
Page 222 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN Configuration Roadmap The configuration roadmap is as follows: Configure OSPF between PEs to implement interworking between PEs and configure MP- IBGP to exchange VPN routing information.
Page 223 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration 172.1.1.2/32 Direct 0 127.0.0.1 InLoopBack0 255.255.255.255/32 Direct 0 127.0.0.1 InLoopBack0 Step 2 Configure the basic MPLS capability and MPLS LDP on the backbone network and set up an LDP LSP.
Page 224 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN [PE2-GigabitEthernet3/0/0] port hybrid untagged vlan 40 [PE2-GigabitEthernet3/0/0] quit [PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] route-distinguisher 200:1 [PE2-vpn-instance-vpna] vpn-target 111:1 both [PE2-vpn-instance-vpna] quit [PE2] ip vpn-instance vpnb [PE2-vpn-instance-vpnb] route-distinguisher 200:2...
Page 225 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration After the configuration, run the display bgp vpnv4 all peer command on PE1, and you can see that the IBGP adjacency between PE1 and PE2 is in Established state. The EBGP adjacency between PE1 and CE1 and the EBGP adjacency between PE1 and CE2 are in Established state.
Page 226 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN [MCE-rip-200] version 2 [MCE-rip-200] network 10.0.0.0 [MCE-rip-200] import-route ospf 200 # Configure CE3. <Quidway> system-view [Quidway] sysname CE3 [CE3] vlan 60 [CE3] interface gigabitEthernet1/0/0 [CE3-GigabitEthernet1/0/0] port hybrid pvid vlan 60...
Page 227 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration 192.1.1.1/32 Direct 0 192.1.1.1 vlanif50 192.1.1.2/32 Direct 0 127.0.0.1 InLoopBack0 Run the displayiprouting-tablevpn-instance command on the PE, and you can see the route to the peer CE.
Page 228 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN ip address 10.1.1.1 255.255.255.0 interface GigabitEthernet1/0/0 port hybrid pvid vlan 10 port hybrid untagged vlan 10 bgp 65410 peer 10.1.1.2 as-number 100 ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable...
Page 229 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration ip address 172.1.1.1 255.255.255.0 mpls mpls ldp interface GigabitEthernet1/0/0 port hybrid pvid vlan 10 port hybrid untagged vlan 10 interface GigabitEthernet2/0/0 port hybrid pvid vlan 20...
Page 230 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN ip address 172.1.1.2 255.255.255.0 mpls mpls ldp interface vlanif50 ip binding vpn-instance vpna ip address 192.1.1.1 255.255.255.0 interface vlanif40 ip binding vpn-instance vpnb ip address 192.2.1.1 255.255.255.0 interface LoopBack1 ip address 2.2.2.9 255.255.255.255...
Page 231 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity ip vpn-instance vpnb route-distinguisher 200:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity interface vlanif40 ip binding vpn-instance vpnb ip address 192.2.1.2 255.255.255.0...
Page 232: Example For Connecting A Vpn To The Internet
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN interface vlanif60 ip address 10.3.1.1 255.255.255.0 interface GigabitEthernet1/0/0 port hybrid pvid vlan 60 port hybrid untagged vlan 60 rip 100 version 2 network 10.0.0.0 import-route direct...
Page 233: Figure 3-10 Networking Diagram For Connecting A Vpn To The Internet
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration Figure 3-10 Networking diagram for connecting a VPN to the Internet Loopback1 Loopback1 Loopback1 1.1.1.1/32 3.3.3.3/32 2.2.2.2/32 GE1/0/0 GE1/0/0 GE2/0/0 GE2/0/0 GE2/0/0 GE1/0/0 Internet GE1/0/0 AS100...
Page 234 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN MPLS LSR-IDs of PE and P RD of the VPN VPN targets of the received and sent routes Procedure Step 1 Configure VLANs that the interfaces belong to, as shown in Figure 3-10.
Page 235 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration Take PE1 for example. <PE1> display bgp vpnv4 all peer BGP local router ID : 1.1.1.1 Local AS number : 100 Total number of peers : 2...
Page 236 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN [PE1] display ip routing-table Route Flags: R - relied, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 12 Routes : 12 Destination/Mask Proto...
Page 237 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration ip route-static 0.0.0.0 0.0.0.0 10.1.1.2 return Configuration file of PE1 sysname PE1 vlan batch 10 30 ip vpn-instance vpn1 route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity mpls lsr-id 1.1.1.1...
Page 238 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN Configuration file of P sysname P vlan batch 10 20 mpls lsr-id 2.2.2.2 mpls mpls ldp interface Vlanif10 ip address 100.1.1.2 255.255.255.0 mpls mpls ldp interface Vlanif20 ip address 100.2.1.1 255.255.255.0...
Page 239: Example For Configuring Vpn Frr
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration port hybrid untagged vlan 20 interface GigabitEthernet2/0/0 port hybrid pvid vlan 40 port hybrid untagged vlan 40 interface LoopBack1 ip address 3.3.3.3 255.255.255.255 bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack1...
Page 240: Figure 3-11 Networking Diagram For Configuring Vpn Frr
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN Figure 3-11 Networking diagram for configuring VPN FRR Loopback1 2.2.2.2/32 VPN backbone AS100 GE2/0/0 GE1/0/0 vpn1 site GE2/0/0 GE1/0/0 Link_A AS65410 GE3/0/0 Loopback1 Link_B 1.1.1.1/32 GE3/0/0...
Page 241 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration On PE1, configure a routing policy for VPN FRR, configure the backup next hop, and enable VPN FRR. If the VPN FRR is not required, run the undo vpn frr command to disable this function.
Page 242 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN [PE3] mpls [PE3-mpls] label advertise non-null [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] interface vlanif 30 [PE3-Vlanif30] mpls [PE3-Vlanif30] mpls ldp [PE3-Vlanif30] quit Run the display mpls lsp command on the PEs, and you can see that LSPs are established between PE1 and PE2 and between PE1 and PE3.
Page 243 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.1.1.1 as-number 65410 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit # Configure PE3. [PE3] bgp 100 [PE3-bgp] ipv4-family vpn-instance vpn1 [PE3-bgp-vpn1] peer 10.2.1.1 as-number 65410...
Page 244 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN [PE3-bgp-af-vpnv4] peer 1.1.1.1 enable [PE3-bgp-af-vpnv4] quit Run the display bgp vpnv4 all peer command on the PEs, and you can see that MP-IBGP adjacencies are established between PEs.
Page 245 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration <PE1> display ip routing-table vpn-instance vpn1 10.3.1.0 verbose Routing Table : vpn1 Summary Count : 2 Destination: 10.3.1.0/24 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 NextHop: 3.3.3.3...
Page 246 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 ipv4-family unicast undo synchronization peer 2.2.2.2 enable peer 3.3.3.3 enable...
Page 247 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack0 ipv4-family unicast undo synchronization peer 1.1.1.1 enable ipv4-family vpnv4 policy vpn-target peer 1.1.1.1 enable ipv4-family vpn-instance vpn1 peer 10.1.1.1 as-number 65410...
Page 248: Example For Configuring Double Rrs To Optimize Vpn Backbone Layer
Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN peer 1.1.1.1 enable ipv4-family vpn-instance vpn1 peer 10.2.1.1 as-number 65410 import-route direct ospf 1 area 0.0.0.0 network 100.2.1.0 0.0.0.3 network 3.3.3.3 0.0.0.0 Return Configuration file of CE...
Page 249: Figure 3-12 Networking Diagram For Configuring Double Reflectors To Optimize Vpn Backbone Layer
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration Figure 3-12 Networking diagram for configuring double reflectors to optimize VPN backbone layer Loopback1 Loopback1 2.2.2.9/32 3.3.3.9/32 GE2/0/0 GE1/0/0 AS100 GE1/0/0 GE2/0/0 GE3/0/0 GE3/0/0 GE1/0/0 GE1/0/0...
Page 250 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN As shown in Figure 3-12, PE1, PE2, P1, and P2 are on the backbone network AS100. CE1 and CE2 belong to VPNA. Select P1 and P2 as the RRs of the VPN.
Page 251 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration Destination/Mask Proto Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 127.0.0.1 InLoopBack0 2.2.2.9/32 OSPF 100.1.2.2 Vlanif10 3.3.3.9/32 OSPF 100.1.3.2 Vlanif40 4.4.4.9/32 OSPF 100.1.3.2 Vlanif10 OSPF 100.1.2.2 Vlanif40 100.1.2.0/24...
Page 252 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN For the configuration procedure, see Example for Configuring the BGP/MPLS IP VPN. The configuration details are not mentioned here. Set up the MP-IBGP peer relation between PEs and RRs.
Page 253 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration vpn instance vpna : 10.1.1.1 65410 79 01:13:29 Established Configure the reflector function on P1 and P2. # Configure P1. [P1] bgp 100 [P1-bgp] ipv4-family vpnv4...
Page 254 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN mpls ldp interface Vlanif40 ip address 100.1.3.1 255.255.255.0 mpls mpls ldp interface Vlanif 60 ip binding vpn-instance vpna ip address 10.1.1.2 255.255.255.0 interface GigabitEthernet1/0/0 port hybrid pvid vlan 10...
Page 255 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration interface Vlanif 20 ip address 100.2.3.1 255.255.255.0 mpls mpls ldp interface Vlanif 50 ip address 100.2.4.1 255.255.255.0 mpls mpls ldp interface GigabitEthernet1/0/0 port hybrid pvid vlan 10...
Page 256 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN mpls ldp interface Vlanif20 ip address 100.2.3.2 255.255.255.0 mpls mpls ldp interface Vlanif30 ip address 100.3.4.1 255.255.255.0 mpls mpls ldp interface Vlanif40 ip address 100.1.3.2 255.255.255.0...
Page 257 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 3 BGP/MPLS IP VPN Configuration sysname PE2 vlan batch 30 50 70 ip vpn-instance vpna route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity mpls lsr-id 4.4.4.9 mpls lsp-trigger all mpls ldp interface Vlanif30 ip address 100.3.4.2 255.255.255.0...
Page 258 Quidway S9300 Terabit Routing Switch 3 BGP/MPLS IP VPN Configuration Configuration Guide - VPN network 100.2.4.0 0.0.0.255 return Configuration file of CE1 sysname CE1 vlan batch 60 interface Vlanif60 ip address 10.1.1.1 255.255.255.0 interface GigabitEthernet1/0/0 port hybrid pvid vlan 60...
Page 259: Vll Configuration
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration VLL Configuration About This Chapter This chapter describes the principle, configuration procedure, and configuration examples of the VLL. 4.1 Introduction to VLL This section describes the principles of VLL.
Page 260 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN After the VLL FRR is configured, L2VPN traffic is rapidly switched to the backup path when a fault occurs on the master path. After the fault on the master path is rectified, the L2VPN traffic is switched back to the master path according to the revertive switchover policy.
Page 261: Introduction To Vll
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration 4.1 Introduction to VLL This section describes the principles of VLL. Traditional VPNs are based on Asynchronous Transfer Mode (ATM) or Frame Relay (FR) where different VPNs can share the network structure of carriers. The disadvantages of traditional VPNs are as follows: Traditional VPNs are dependent on media such as ATM or FR.
Page 262: Vll Features Supported By The S9300
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN Figure 4-1 VLL model Tunnel MPLS Network AC: refers to the attachment circuit. An AC is an independent link or circuit that connects CE and PE. The AC interface may be a physical interface or a logical interface. The AC attributes include the encapsulation type, MTU and interface parameters of specified link type.
Page 263 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration Unlike common VLL, the CCC adopts one label to transfer user data; therefore, it uses the LSP exclusively. The CCC LSPs can only be used to transfer the data of this CCC link, and cannot be used in other VLL links, BGP/MPLS VPN, or used to transfer common IP packets.
Page 264 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN Kompella VLL Kompella VLL uses BGP as the signaling protocol to transmit Layer 2 information and VC labels. It implements the L2VPN function in point-to-point (CE to CE) mode on an MPLS network.
Page 265: Configuring A Ccc Vll
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration Asymmetrically connected CEs: One CE is connected to a PE through an AC and the other CE is dual-homed to PEs through two ACs, as shown in Figure 4-3.
Page 266: Enabling Mpls L2Vpn
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN Configuring the basic MPLS capability on the MPLS backbone network (PEs and P) Data Preparation To configure the CCC L2VPN, you need the following data. Data Name of a CCC connection...
Page 267: Creating A Remote Ccc Connection
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration The system view of the PE is displayed. Step 2 Run: ccc ccc-connection-name interface interface-type interface-number out-interface interface-type interface-number A local CCC connection is created. ----End Postrequisite The local CCC connection is bidirectional; therefore, only one connection is needed.
Page 268: Checking The Configuration
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN MPLS L2VPN need not be enabled on the Ps. When you configure the Ps, specify the IP address of the next hop if the outgoing interface is not a P2P interface (such as an Ethernet interface).
Page 269: Establishing The Configuration Task
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration 4.4.1 Establishing the Configuration Task 4.4.2 Enabling MPLS L2VPN 4.4.3 Creating an SVC VLL Connection 4.4.4 Checking the Configuration 4.4.1 Establishing the Configuration Task Applicable Environment The procedure for configuring the out-label (public network tunnel) of the SVC VLL is the same as the procedure for configuring the out-label of the Martini VLL.
Page 270: Creating An Svc Vll Connection
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN Procedure Step 1 Run: system-view The system view of the PE is displayed. Step 2 Run: mpls l2vpn The MPLS L2VPN is enabled. ----End 4.4.3 Creating an SVC VLL Connection Context Do as follows on the PEs on the two ends of the VC.
Page 271: Configuring A Martini Vll
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration Run the display l2vpn ccc-interface vc-type static-vc [ down | up ] command to view information about the Up/Down interfaces on the SVC connection. ----End Example Run the display mpls static-l2vc command, and you can see that the VC status is Up. The following is an example: <Quidway>...
Page 272: Enabling Mpls L2Vpn
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN In Martini mode, multiple VC connections can be set up over one LSP between two PEs. Information about the VC labels and LSP is stored on PEs only. The P does not store any L2VPN information;...
Page 273: Creating A Martini Vll Connection
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration 4.5.3 Creating a Martini VLL Connection Context Do as follows on the PEs on the two ends of the VC. Procedure Step 1 Run: system-view The system view is displayed.
Page 274: Checking The Configuration
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN 4.5.4 Checking the Configuration Prerequisite The configurations of the Martini VLL are complete. Procedure Run the display mpls l2vc [ vc-id | interfaceinterface-type interface-number ] command on the PE to view information about the Martini VLL on the local PE.
Page 275: Configuring A Kompella Vll
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration 4.6 Configuring a Kompella VLL This section describes how to configure the Kompella VLL, that is, how to implement VLL on the MPLS network in end-to-end (CE-to-CE) mode. The Kompella VLL uses BGP to transmit L2VPN information and VC labels.
Page 276: Enabling Mpls L2Vpn
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN Data ASNs of the local PE and the peer PE Name, RD, and VPN target of the L2VPN connection CE name, CE ID, and CE range CE offset 4.6.2 Enabling MPLS L2VPN...
Page 277: Configuring A Vpn
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration Step 4 (Optional) Run: peer peer-address connect-interface loopback interface-number An interface is specified to create the TCP connection. This step is required if you use a loopback interface to set up the BGP session. The loopback interface address with a 32-bit mask is recommended to establish the MP-IBGP peer relations between the PEs.
Page 278: Creating A Ce Connection
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN Set the MTU of the L2VPN on the PE to be the same as the MTU on the other equipment. Do not check the MTU. Step 5 (Optional) Run: ignore-mtu-match The MTU value is not checked.
Page 279: Optional) Configuring Bgp L2Vpn Features
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration A CE ID is used to uniquely identify a CE in a VPN. It is recommended that the CE IDs are numbered in series starting from 1. The CE range indicates the maximum number of CEs that a local CE can connect. According to the prediction of the VPN expansion, you can configure a CE range larger than what is required.
Page 280 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN Establishing MP-IBGP connections with the peer group Add all client PEs to a peer group and set up an MP-IBGP connection with the peer group. Run: system-view The system view is displayed.
Page 281: Checking The Configuration
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration peer { group-name | peer-address } reflect-client The RR and its client are configured. Run: undo policy vpn-target The received VPN targets of the L2VPN label blocks are not filtered.
Page 282: Configuring Inter-As Martini Vll
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN primary or not ---------------------------------------------------------------------------- 3.3.3.9 100:1 Vlanif11 primary Run the display mpls l2vpn [ l2vpn-name [ local-ce | remote-ce ] ] command, and you can see that the RD and the VPN target are correct. The following is an example: <Quidway>...
Page 283: Configuring Inter-As Option A
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration Data Preparation To configure the inter-AS Martini L2VPN, you need the following data. Data Mode of the inter-AS VPN ASN of each AS 4.7.2 Configuring Inter-AS Option A...
Page 284: Configuring The Inter-As Kompella Vll
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN VC ID : 100 VC Type : VLAN Destination : 192.3.3.3 Local Group ID Remote Group ID : 0 Local VC Label : 1025 Remote VC Label : 1024...
Page 285: Configuring Inter-As Option A
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration Configuring static routes or IGP on the PE or P on the MPLS backbone network of ASs to implement the IP connectivity of the devices in the same AS...
Page 286: Configuring Vll Frr
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN Example Run the display bgp l2vpn command, and you can see that the next-hop address is the peer address of the VC and the value of RD is correct. The following is an example: <Quidway>...
Page 287: Establishing The Configuration Task
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration 4.9.1 Establishing the Configuration Task Applicable Environment VLL FRR supported by the S9300 is mainly used in the following networking modes: Asymmetrically connected CEs The CE on one end of the VC accesses the PE of higher reliability through a single reliable link.
Page 288: Optional) Configuring The Revertive Switchover Policy
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN Data Preparation To configure VLL FRR, you need the following data. Data Delay for revertively switching traffic when faults are cleared and the delay for advertising fault recovery (by default, the delay for revertively switching traffic is 30 seconds and the delay for advertising fault recovery is 10 seconds.)
Page 289: Checking The Configuration
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration If the Ethernet OAM function is configured on the interface that connects the PE to a CE, and the revertive switchover policy is configured, then the value of resume-time cannot be 0.
Page 290 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN create time : 0 days, 0 hours, 12 minutes, 47 seconds up time : 0 days, 0 hours, 2 minutes, 11 seconds last change time : 0 days, 0 hours, 2 minutes, 11 seconds...
Page 291 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration peer id: 3.3.3.3 route-distinguisher: 100:2 local vc label: 25602 remote vc label: 25601 tunnel policy: primary or secondary: primary forwardEntry exist or not: true forward entry active or not:true...
Page 292: Maintaining The Vll
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN 4.10 Maintaining the VLL This section describes how to clear the operating status of VLL, reset BGP connections of the VLL, and debug the L2VPN. 4.10.1 Resetting BGP Connections of VLL 4.10.2 Clearing the Statistics of VLL...
Page 293: Monitoring The Operating Status Of Vll
For details about enabling debugging, refer to the chapter Information Center Configuration in the Quidway S9300 Terabit Routing Switch Configuration Guide - Device Management. For the description of the debugging commands, refer to the Quidway S9300 Terabit Routing Switch Debugging Reference. Issue 01 (2009-07-28) Huawei Proprietary and Confidential 4-35 Copyright ©...
Page 294: Configuration Examples
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN Procedure Run the debugging mpls l2vpn { all | advertisement | download | error | event | oam- mapping | reroute | timer | connections [ interface interface-type interface-number ] } command in the user view to enable the debugging of the VLL.
Page 295 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration GigabitEthernet1/0/0 VLANIF 10 GigabitEthernet2/0/0 VLANIF 20 Loopback1 1.1.1.9/32 GigabitEthernet1/0/0 VLANIF 10 100.1.1.1/24 GigabitEthernet1/0/0 VLANIF 20 100.1.1.2/24 Configuration Roadmap The configuration roadmap is as follows: Configure the basic MPLS capacity on the PE and enable the MPLS L2VPN.
Page 296 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN <Quidway> system-view [Quidway] sysname PE [PE] interface loopback 1 [PE-LoopBack1] ip address 1.1.1.9 32 [PE-LoopBack1] quit [PE] mpls lsr-id 1.1.1.9 [PE] mpls [PE-mpls] quit [PE] mpls l2vpn [PE-l2vpn] quit...
Page 297 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=180 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=70 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=60 ms...
Page 298: Example For Configuring A Remote Ccc Connection
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 20 return 4.11.2 Example for Configuring a Remote CCC Connection Networking Requirements The CE is connected to the PE through a GE interface.
Page 299 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration GigabitEthernet2/0/0 VLANIF 20 10.1.1.2/24 Loopback1 2.2.2.9/32 GigabitEthernet1/0/0 VLANIF 10 100.1.1.1/24 GigabitEthernet1/0/0 VLANIF 40 100.1.1.2/24 Configuration Roadmap The configuration roadmap is as follows: Configure a bidirectional static LSP for the local CCC connection between PEs. The LSP is exclusively used by the CCC connection.
Page 300 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN [PE1-Vlanif20] ip address 10.1.1.1 24 [PE1-Vlanif20] quit # Configure the P. <Quidway> system-view [Quidway] sysname P [P] interface loopback 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] interface vlanif 30 [P-Vlanif30] ip address 10.2.2.2 24...
Page 301 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration # Configure PE2: Enable VLL globally and create the remote CCC connection from CE2 to CE1. Connect the incoming interface of PE2 to CE2 and the outgoing interface of PE2 to the P.
Page 302 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Cost Flags NextHop Interface 100.1.1.0/24 Direct 0 100.1.1.1 Vlanif10 100.1.1.1/32 Direct 0 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 100.1.1.2...
Page 303 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration ccc CE1-CE2 interface Vlanif 10 in-label 100 out-label 200 nexthop 10.1.1.2 interface LoopBack1 ip address 1.1.1.9 255.255.255.255 return Configuration file of P sysname P vlan batch 20 30 mpls lsr-id 2.2.2.9...
Page 304: Example For Configuring An Svc Vll
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN interface LoopBack1 ip address 3.3.3.9 255.255.255.255 return Configuration file of CE2 sysname CE2 vlan batch 40 interface Vlanif 40 ip address 100.1.1.2 255.255.255.0 interface GigabitEthernet1/0/0 port link-type trunk...
Page 305 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration GigabitEthernet2/0/0 VLANIF 20 10.1.1.2/24 Loopback1 2.2.2.9/32 GigabitEthernet1/0/0 VLANIF 10 100.1.1.1/24 GigabitEthernet1/0/0 VLANIF 20 100.1.1.2/24 Configuration Roadmap The configuration roadmap is as follows: Enable MPLS and MPLS L2VPN. Create a static L2VC connection between PEs and manually configure the VC label.
Page 306 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN [P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface vlanif 20 [P-Vlanif20] mpls [P-Vlanif20] mpls ldp [P-Vlanif20] quit [P] interface vlanif 30...
Page 307 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration [PE1] interface Vlanif 10 [PE1-Vlanif10] mpls static-l2vc destination 3.3.3.9 transmit-vpn-label 100 receive- vpn-label 200 [PE1-Vlanif10] quit # Configure PE2: Create a static VC on GE2/0/0, which is connected to CE2.
Page 308 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN 127.0.0.0/8 Direct 0 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 127.0.0.1 InLoopBack0 CE1 and CE2 can ping each other. <CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=46 ms...
Page 309 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration ip address 1.1.1.9 255.255.255.255 ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.255 return Configuration file of P sysname P vlan batch 20 30 mpls lsr-id 2.2.2.9...
Page 310: Example For Configuring A Martini Vll
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN interface GigabitEthernet1/0/0 port hybrid pvid vlan 30 port hybrid tagged vlan 30 interface GigabitEthernet2/0/0 port hybrid pvid vlan 40 port hybrid tagged vlan 40 interface LoopBack1 ip address 3.3.3.9 255.255.255.255 ospf 1 area 0.0.0.0...
Page 311 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration GigabitEthernet1/0/0 VLANIF 10 GigabitEthernet2/0/0 VLANIF 20 10.1.1.1/24 Loopback1 1.1.1.9/32 GigabitEthernet1/0/0 VLANIF 30 10.2.2.1/24 GigabitEthernet2/0/0 VLANIF 40 Loopback1 3.3.3.9/32 GigabitEthernet1/0/0 VLANIF 30 10.2.2.2/24 GigabitEthernet2/0/0 VLANIF 20 10.1.1.2/24 Loopback1 2.2.2.9/32...
Page 312 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN the display ip routing-table command, and you can see that the PEs can learn the routes of each other's Loopback1 interface. Step 3 Configure the basic MPLS capability and MPLS LDP on the MPLS network.
Page 313 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration ------------------------------------------------------------------------------ Peer-ID Status SsnRole SsnAge KA-Sent/Rcv ------------------------------------------------------------------------------ 2.2.2.9:0 Operational DU Passive 000:15:29 3717/3717 3.3.3.9:0 Operational DU Passive 000:00:00 ------------------------------------------------------------------------------ TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM Step 5 Enable MPLS L2VPN on the PE and establish VCs.
Page 314 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN Take the display on CE1 for example. <CE1> ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms...
Page 315 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration ip address 1.1.1.9 255.255.255.255 ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.255 return Configuration file of P sysname P vlan batch 20 30 mpls lsr-id 2.2.2.9...
Page 316: Example For Configuring A Local Kompella Vll
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN interface Vlanif 40 mpls l2vc 1.1.1.9 101 interface GigabitEthernet1/0/0 port hybrid pvid vlan 30 port hybrid tagged vlan 30 interface GigabitEthernet2/0/0 port hybrid pvid vlan 40 port hybrid tagged vlan 40 interface LoopBack1 ip address 3.3.3.9 255.255.255.255...
Page 317 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration GigabitEthernet1/0/0 VLANIF 10 GigabitEthernet2/0/0 VLANIF 20 Loopback1 1.1.1.9/32 GigabitEthernet1/0/0 VLANIF 10 30.1.1.1/24 GigabitEthernet1/0/0 VLANIF 20 30.1.1.2/24 Configuration Roadmap The configuration roadmap is as follows: Enable MPLS on the PEs.
Page 318 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN [PE-mpls-l2vpn-ce-vpn1-ce2] quit [PE-mpls-l2vpn-vpn1] quit Step 3 Verify the configuration. After the configuration, run the display mpls l2vpn connection command on the PE. You can see that two L2VPN connections are set up and they are in Up state.
Page 319: Example For Configuring A Remote Kompella Connection
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration vlan batch 10 20 mpls lsr-id 1.1.1.9 mpls mpls l2vpn interface Vlanif10 interface Vlanif20 ip address 10.1.1.1 255.255.255.0 mpls interface GigabitEthernet1/0/0 port hybrid pvid vlan 10 port hybrif tagged vlan 10...
Page 320: Figure 4-9 Networking Diagram For Configuring A Remote Kompella Vll
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN Figure 4-9 Networking diagram for configuring a remote Kompella VLL Loopback1 Loopback1 Loopback1 3.3.3.9/32 1.1.1.9/32 2.2.2.9/32 GE 1/0/0 GE 2/0/0 GE 1/0/0 GE 2/0/0 GE 1/0/0 PE 1...
Page 321 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration Names and IDs of the CEs (The CE IDs are globally unique.), and CE range, namely, the label block Procedure Step 1 Configure the IDs of the VLANs to which the interfaces of CE, PE, and P belong according to Figure 4-9.
Page 322 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN After the configuration, run the display mpls ldp session and display mpls ldp peer commands on each LSR. You can see information about the LDP session and peers.
Page 323 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration Take the display on PE1 for example. <PE1> display bgp l2vpn peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1...
Page 324 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN 0.00% packet loss round-trip min/avg/max = 34/68/94 ms ----End Configuration Files Configuration file of CE1 sysname CE1 vlan batch 10 interface Vlanif10 ip address 30.1.1.1 255.255.255.0 interface GigabitEthernet1/0/0...
Page 325 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration l2vpn-family policy vpn-target peer 3.3.3.9 enable ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 168.1.1.0 0.0.0.255 return Configuration file of P sysname P vlan batch 20 30 mpls lsr-id 2.2.2.9...
Page 326: Example For Configuring The Inter-As Martini Vll Option A
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN interface Vlanif 40 interface GigabitEthernet1/0/0 port hybrid pvid vlan 30 port hybrid tagged vlan 30 interface GigabitEthernet2/0/0 port hybrid pvid vlan 40 port hybrid tagged vlan 40 mpls l2vpn vpn1 encapsulation vlan...
Page 327: Figure 4-10 Networking Diagram For Configuring The Inter-As Martini Vll Option A
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration Figure 4-10 Networking diagram for configuring the inter-AS Martini VLL Option A MPLS backbone MPLS backbone AS 100 AS 200 Loopback0 Loopback0 Loopback0 Loopback0 2.2.2.9/32 4.4.4.9/32 1.1.1.9/32 3.3.3.9/32...
Page 328 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN Configure the basic MPLS capability on the backbone network and establish dynamic LSPs between PEs and ASBR-PEs in the same AS. If PEs and ASBR-PEs are not directly connected, establish a remote LDP session.
Page 329 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration Step 3 Enable MPLS and configure dynamic LSPs. Configure the basic MPLS capability on the MPLS backbone network. Establish a dynamic LDP LSP between the PE and ASBR-PE in the same AS.
Page 330 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN [CE2] interface vlanif 50 [CE2-Vlanif50] ip address 100.1.1.2 255.255.255.0 [CE2-Vlanif50] quit Step 5 Verify the configuration. Display information about the L2VPN connection on PE1. You can see that an L2VC is set up and the VC status is Up.
Page 331 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration remote VCCV : Disable local control word : disable remote control word : disable tunnel policy : -- traffic behavior : -- PW template name : -- primary or secondary...
Page 332 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN interface Vlanif20 ip address 10.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 10 interface GigabitEthernet2/0/0 port link-type trunk port trunk allow-pass vlan 20 interface LoopBack0 ip address 1.1.1.9 255.255.255.255...
Page 333 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration mpls l2vpn mpls l2vpn default martini mpls ldp isis 1 network-entity 10.0000.0000.0003.00 interface Vlanif30 mpls l2vc 4.4.4.9 100 interface Vlanif40 ip address 30.1.1.1 255.255.255.0 isis enable 1 mpls...
Page 334: Example For Configuring The Inter-As Kompella Vll Option A
Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN return Configuration file of CE2 sysname CE2 vlan batch 50 interface Vlanif 50 ip address 100.1.1.2 255.255.255.0 interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 50 return 4.11.8 Example for Configuring the Inter-AS Kompella VLL Option...
Page 335 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration Loopback1 4.4.4.9/32 ASBR-PE1 GigabitEthernet1/0/0 VLANIF 20 20.1.1.2/24 GigabitEthernet2/0/0 VLANIF 30 Loopback1 2.2.2.9/32 ASBR-PE2 GigabitEthernet1/0/0 VLANIF 30 GigabitEthernet2/0/0 VLANIF 40 40.1.1.1/24 Loopback1 3.3.3.9/32 GigabitEthernet1/0/0 VLANIF 10 10.1.1.1/24 GigabitEthernet1/0/0 VLANIF 50 10.1.1.2/24...
Page 336 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN After the configuration, the ASBR-PE and the PEs in the same AS can learn the Loopback1 addresses of each other. Run the display ip routing-table command, and you can see that the ASBR and the PEs in the same AS can learn the Loopback1 addresses of each other.
Page 337 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration [PE1] bgp 100 [PE1-bgp] peer 2.2.2.2 as-number 100 [PE1-bgp] peer 2.2.2.2 connect-interface LoopBack 1 [PE1-bgp] quit # Configure ASBR-PE1. [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 1.1.1.1 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.1 connect-interface loopback 1 [ASBR-PE1-bgp] quit # Configure ASBR-PE2.
Page 338 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN Step 6 Set up the Kompella L2VPN connection between PEs. The major steps are as follows: Enable MPLS L2VPN on the PEs and ASBR-PEs. Create VPN instances and CE connections on PE1 and PE2.
Page 339 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration [CE2] interface vlanif 50 [CE2-Vlanif50] ip address 10.1.1.2 255.255.255.0 [CE2-Vlanif50] quit Step 7 Verify the configuration. Display information about the L2VPN connection on PE1. You can see that an L2VC is set up and the VC status is Up.
Page 340 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 10.1.1.1 Vlanif10 10.1.1.1/32 Direct 0 127.0.0.1 InLoopBack0 10.1.1.2/32 Direct 0 10.1.1.2...
Page 341 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration port trunk allow-pass vlan 10 interface GigabitEthernet2/0/0 port link-type trunk port trunk allow-pass vlan 20 mpls l2vpn vpn1 encapsulation vlan route-distinguisher 100:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity...
Page 342 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN interface LoopBack1 ip address 2.2.2.2 255.255.255.255 bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack1 ipv4-family unicast undo synchronization peer 1.1.1.1 enable l2vpn-family policy vpn-target peer 1.1.1.1 enable ospf 1 area 0.0.0.0...
Page 343 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 4 VLL Configuration network 40.1.1.0 0.0.0.3 mpls l2vpn vpn1 encapsulation vlan route-distinguisher 200:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity ce ce3 id 3 range 10 default-offset 0 connection ce-offset 4 interface Vlanif30...
Page 344 Quidway S9300 Terabit Routing Switch 4 VLL Configuration Configuration Guide - VPN sysname CE2 vlan batch 50 interface Vlanif 50 ip address 10.1.1.2 255.255.255.0 interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 50 return 4-86 Huawei Proprietary and Confidential Issue 01 (2009-07-28) Copyright ©...
Page 345: Pwe3 Configuration
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration PWE3 Configuration About This Chapter This chapter describes the principle, configuration procedures, and configuration examples of PWE3. 5.1 Introduction to PWE3 This section describes the principle of PWE3.
Page 346 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN 5.10 Maintaining PWE3 This section describes how to detect the connectivity of a PW, collect path information about a PW, and debug PWE3. 5.11 Configuration Examples This section provides several configuration examples of PWE3.
Page 347: Introduction To Pwe3
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration 5.1 Introduction to PWE3 This section describes the principle of PWE3. Pseudo-Wire Emulation Edge to Edge (PWE3) bears Layer 2 services. It emulates the essential attributes of a service such as Asynchronous Transfer Mode (ATM), Frame Relay (FR), Ethernet, a low speed Time Division Multiplexing (TDM) circuit, or SONET/SDH over a Packet Switched Network (PSN).
Page 348: Pwe3 Features Supported By The S9300
Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN 5.2 PWE3 Features Supported by the S9300 This section describes the PWE3 features supported by the S9300. You need to be familiar with the following terms defined in the RFC before you read this section: Ultimate PE (U-PE): a PE to which an AC is bound.
Page 349: Figure 5-2 Process Of Setting Up And Maintaining Single-Hop Pwe3
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration Figure 5-2 Process of setting up and maintaining single-hop PWE3 Loopback1 Loopback1 1.1.1.1/32 2.2.2.2/32 mpls l2vc 2.2.2.2 101 mpls l2vc 1.1.1.1 101 parameter match,VC up parameter match,VC up...
Page 350: Figure 5-4 Networking Of Sh-Pwe3
Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN When PE1 does not forward packets sent from PE2 for a certain reason, for example, PE2 is no longer specified as the peer, PE1 sends a Withdraw message to PE2. After receiving the Withdraw message, PE2 tears down the PW tunnel and returns a Release message to PE1.
Page 351: Figure 5-6 Asymmetrically Connected Ces
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration Dynamic-and-static switch: One of the PWs is set up with signaling, and the other one – is set up manually. The preceding types of PW switching support the Control Word (CW) and Virtual Circuit Connectivity Verification (VCCV).
Page 352: Figure 5-7 Networking Of Inter-As Pwe3-Option A
Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN In Option A, the ASBRs of the two ASs are directly connected. The ASBRs are the PEs of their respective ASs. The two ASBRs consider the peer ASBRs as their CEs.
Page 353: Figure 5-8 Networking Of Pwe3 Sh Tracert
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration Figure 5-8 Networking of PWE3 SH Tracert VPN2 VPN1 VPN1 VPN2 LSP1 LSP2 On PE1, you can start PWE3 tracert of VPN 1 by running the related command. This...
Page 354: Figure 5-9 Networking Of Pwe3 Mh Tracert
Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN Figure 5-9 Networking of PWE3 MH Tracert UPE2 UPE1 SPE2 SPE1 The PWE3 tracert started on UPE1 can obtain correct response only from P1 and SPE1. SPE2 and UPE2 find that the "Remote PE Address" and "VC ID" are not consistent.
Page 355: Configuring The Attributes Of A Pw Template
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration analyze whether the PW can be used to forward packets. PWE3 ping may fail even though the MPLS ping is successful. PWE3 Tracert The principle of PWE3 tracert is similar to the principles of MPLS tracert and IP tracert.
Page 356: Establishing The Configuration Task
Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN 5.3.1 Establishing the Configuration Task Applicable Environment You can set the attributes for a PW through commands or a PW template. The attributes include the peer, CW, and tunnel policy. Using a PW template can simplify the configurations of PWs with similar attributes.
Page 357: Configuring The Attributes For A Pw Template
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration Step 4 Run: pw-template pw-template-name A PW template is created. ----End 5.3.3 Configuring the Attributes for a PW Template Context Do as follows on the PEs at both ends of a PW.
Page 358: Checking The Configuration
Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN NOTE When modifying the attributes of a PW template, you need to run the reset pw pw-template command to make the configuration effective. This, however, may cause the disconnection and re-connection of PWs.
Page 359: Establishing The Configuration Task
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration 5.4.1 Establishing the Configuration Task Applicable Environment A static PW does not use signaling protocols to transmit L2VPN packets. The packets are transmitted over the tunnel between PEs.
Page 360: Creating A Static Pw
Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN MPLS L2VPN is enabled. ----End 5.4.3 Creating a Static PW Context Do as follows on the PEs. Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: interface interface-type interface-number The AC interface view is displayed.
Page 361: Configuring A Dynamic Pw
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration VC ID : 100 VC Type : VLAN Destination : 3.3.3.9 Transmit VC Label : 100 Receive VC Label : 100 Control Word : Disable VCCV Capabilty : Disable...
Page 362: Enabling Mpls L2Vpn
Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN Data IP address of the destination of L2VC and VC ID Name of the tunnel policy 5.5.2 Enabling MPLS L2VPN Context Before configuring an MPLS L2VC, you must enable MPLS L2VPN.
Page 363: Checking The Configuration
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration NOTE The secondary keyword is required only when a backup PW is configured. The backup PW can be configured only after the master PW is configured. For the detailed configuration, see...
Page 364: Configuring Pw Switching
Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN NO.0 TNL type : lsp , TNL ID : 0x12002 create time : 0 days, 0 hours, 2 minutes, 23 seconds up time : 0 days, 0 hours, 0 minutes, 13 seconds...
Page 365: Configuring Pw Switching
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration Enabling the MPLS L2VPN on the PEs Configuring a Static PW on U-PEs if the PW switching is between two static PWs Configuring a Dynamic PW on U-PEs if the PW switching is between two dynamic PWs Data Preparation To configure PW switching, you need the following data.
Page 366 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN Configuring dynamic PW switching Do as follows on the S-PEs: Run: system-view The system view of the S-PE is displayed. Run: mpls switch-l2vc ip-address vc-id between ip-address vc-id encapsulation { ethernet| vlan } The dynamic PW switching is configured.
Page 367: Checking The Configuration
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration 5.6.3 Checking the Configuration Prerequisite The configurations of the PW switching are complete. Procedure Run the display mpls switch-l2vc [ ip-address vc-id encapsulation encapsulation-type | state { down | up } ] command on the S-PE to view information about PW switching.
Page 368: Establishing The Configuration Task
Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN 5.7.1 Establishing the Configuration Task Applicable Environment In the PW FRR network where CEs are asymmetrically connected, you need to configure backup PWs. Figure 5-10 Asymmetrically connected CEs...
Page 369: Configuring A Backup Pw
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration Data (Optional) tunnel policy used by the backup PW Destination address and VC ID of the backup PW 5.7.2 Configuring a Backup PW Context NOTE The types of the master and backup PWs must be consistent. That is, the encapsulation types of the master and backup PWs must be consistent.
Page 370 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN The master and backup PWs are in Up state. The VC status of the master PW is Active, and the VC status of the backup PW is Inactive.
Page 371: Configuring The Pw Frr
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration primary or secondary : secondary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x10004 create time : 0 days, 0 hours, 56 minutes, 39 seconds...
Page 372: Optional) Configuring The Revertive Switchover Policy
Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN NOTE S9300 does not support the dual-homed CE. Pre-configuration Tasks Before configuring PW FRR, complete the following tasks: Configuring a PW on each of the master path and backup path for the networking where CEs are asymmetrically connected to PEs (The types of PWs on the master path and backup path must be the same.)
Page 373: Checking The Configuration
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration Step 2 Run: interface interface-type interface-number The AC interface view is displayed. Step 3 Run: mpls l2vpn reroute { { delay delay-time | immediately } [ resume resume-time ] | never } The revertive switchover policy is configured.
Page 374 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN Example Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command, and you can see that the status of the master and backup PWs is Up, the VC status of the master PW is Active, and VC status of the backup PW is Inactive.
Page 375: Configuring Inter-As Pwe3
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x10004 create time : 0 days, 0 hours, 12 minutes, 47 seconds up time...
Page 376: Configuring Inter-As Pwe3-Option A
Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN Pre-configuration Tasks Before configuring inter-AS PWE3, complete the following tasks: Configuring an IGP protocol for MPLS backbone networks in each AS to ensure IP connectivity within an AS...
Page 377: Maintaining Pwe3
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration Example Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command, and you can see that the VC status is Up. The following is an example: <Quidway>...
Page 378: Verifying The Connectivity Of A Pw
Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN 5.10.1 Verifying the Connectivity of a PW Context To verify the connectivity of a PW, first configure basic PWE3 functions through the PW template, and then run the following commands on U-PEs.
Page 379: Locating A Fault Of A Pw
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration That is, two VCCV ping operations cannot be performed on the same device simultaneously. The MTU of a VC is not checked. The VCCV ping operation is not supported by the RSVP PW.
Page 380: Debugging Pwe3
Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN connectivity of a PW in MPLS router alert mode, you need to run the vccv cc alert cv lsp- ping command on PW templates on both ends of the PW.
Page 381: Configuration Examples
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration For details about enabling debugging, refer to the chapter Information Center Configuration in the Quidway S9300Terabit Routing Switch Configuration Guide - Device Management. For the description of the debugging commands, refer to the Quidway S9300Terabit Routing Switch Debugging Reference.
Page 382: Figure 5-11 Networking Diagram For Configuring A Dynamic Sh-Pw (Using Lsp)
Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN Figure 5-11 Networking diagram for configuring a dynamic SH-PW (using LSP) MPLS Backbone Loopback0 Loopback0 Loopback0 192.2.2.2/32 192.4.4.4/32 192.3.3.3/32 GE2/0/0 GE2/0/0 GE1/0/0 GE2/0/0 GE1/0/0 GE1/0/0 GE1/0/0 GE1/0/0 S9300...
Page 383 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration Identical L2VC IDs of PEs on the two ends of a PW MPLS LSR ID of each PE and P Peer address of PE Procedure Step 1 Configure the IDs of the VLANs to which the interfaces of CE, PE, and P belong according to Figure 5-11.
Page 384 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN After the configuration, run the related command, and you can see that LDP sessions are set up between PEs, and between each pair of PE and P, and the session status is Operational.
Page 385 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration tunnel policy : -- traffic behavior : -- PW template name : -- primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp...
Page 386 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN mpls ldp interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 10 interface GigabitEthernet2/0/0 port link-type trunk port trunk allow-pass vlan 20 interface LoopBack0 ip address 192.2.2.2 255.255.255.255 ospf 1 area 0.0.0.0...
Page 387: Example For Configuring A Static Mh-Pw
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration mpls ldp mpls ldp remote-peer 192.2.2.2 remote-ip 192.2.2.2 interface Vlanif30 mpls l2vc 192.2.2.2 100 interface Vlanif40 ip address 10.2.2.2 255.255.255.0 mpls mpls ldp interface GigabitEthernet1/0/0 port link-type trunk...
Page 388: Figure 5-12 Networking Diagram For Configuring A Static Mh-Pw
Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN Figure 5-12 Networking diagram for configuring a static MH-PW Loopback0 Loopback0 Loopback0 2.2.2.9/32 3.3.3.9/32 4.4.4.9/32 GE1/0/0 GE1/0/0 GE2/0/0 GE2/0/0 GE2/0/0 GE1/0/0 S-PE Loopback0 Loopback0 1.1.1.9/32 5.5.5.9/32 GE2/0/0 GE1/0/0...
Page 389 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration Configuration Roadmap The configuration roadmap is as follows: Run a routing protocol on the devices of the backbone network to implement connectivity. Configure the basic MPLS functions on the backbone network and set up an LSP.
Page 390 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN [U-PE1-l2vpn] quit [U-PE1] interface vlanif 10 [U-PE1-Vlanif10] mpls static-l2vc pw-template pwt 100 transmit-vpn-label 100 receive-vpn-label 100 [U-PE1-Vlanif10] quit # Configure S-PE. [S-PE] mpls l2vpn [S-PE-l2vpn] quit [S-PE] mpls switch-l2vc 5.5.5.9 100 trans 200 recv 200 between 1.1.1.9 100 trans 100 recv 100 encapsulation vlan # Configure U-PE2.
Page 391 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration Switch-l2vc tunnel info 1 tunnels for peer 5.5.5.9 NO.0 TNL Type : lsp , TNL ID : 0x20026 1 tunnels for peer 1.1.1.9 NO.0 TNL Type : lsp...
Page 392 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN mpls mpls ldp interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 10 interface GigabitEthernet2/0/0 port link-type trunk port trunk allow-pass vlan 20 interface LoopBack0 ip address 1.1.1.9 255.255.255.255 ospf 1 area 0.0.0.0...
Page 393 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration mpls l2vpn mpls switch-l2vc 5.5.5.9 100 trans 200 recv 200 between 1.1.1.9 100 trans 100 recv 100 encapsulation vlan mpls ldp interfave Vlanif30 ip address 20.1.1.2 255.255.255.0 mpls...
Page 394 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN network 4.4.4.9 0.0.0.0 network 30.1.1.0 0.0.0.255 network 40.1.1.0 0.0.0.255 return Configuration file of U-PE2 sysname U-PE2 vlan batvh 50 60 mpls lsr-id 5.5.5.9 mpls mpls l2vpn pw-template pwt peer-address 3.3.3.9...
Page 395: Example For Configuring A Dynamic Mh-Pw
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration 5.11.3 Example for Configuring a Dynamic MH-PW Networking Requirements As shown in Figure 5-13, U-PE1 and U-PE2 are connected through the MPLS backbone network. Use the LSP and set S-PE as the switching node to set up a dynamic MH-PW between U-PE1 and U-PE2.
Page 396 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN GigabitEthernet2/0/0 VLANIF 40 30.1.1.1/24 Loopback0 3.3.3.9/32 GigabitEthernet1/0/0 VLANIF 10 100.1.1.1/24 GigabitEthernet1/0/0 VLANIF 60 100.1.1.2/24 Configuration Roadmap The configuration roadmap is as follows: Run an IGP protocol on the devices of the backbone network to implement connectivity.
Page 397 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration After the configuration, run the display ip routing-table command on U-PE, P, or S-PE, and you can see that the devices can learn each other's routes. Take the display on S-PE for example.
Page 398 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN [P1-mpls-ldp] quit [P1] interface vlanif 20 [P1-Vlanif20] mpls [P1-Vlanif20] mpls ldp [P1-Vlanif20] quit [P1] interface vlanif 30 [P1-Vlanif30] mpls [P1-Vlanif30] mpls ldp [P1-Vlanif30] quit # Configure S-PE. [S-PE] mpls lsr-id 3.3.3.9...
Page 399 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration LDP Session(s) in Public Network ------------------------------------------------------------------------------ Peer-ID Status SsnRole SsnAge KA-Sent/Rcv ------------------------------------------------------------------------------ 1.1.1.9:0 Operational DU Active 000:00:14 57/57 2.2.2.9:0 Operational DU Active 000:00:14 56/56 4.4.4.9:0 Operational DU Passive...
Page 400 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN Configure the dynamic PW on the U-PE. Enable dynamic PW switching on the S-PE. # Configure U-PE1. [U-PE1] mpls l2vpn [U-PE1-l2vpn] quit [U-PE1] interface vlanif 10 [U-PE1-Vlanif10] mpls l2vc pw-template pwt 100 [U-PE1-Vlanif10] quit # Configure S-PE.
Page 401 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration *Switch-l2vc type : LDP<---->LDP Peer IP Address : 5.5.5.9, 1.1.1.9 VC ID : 200, 100 VC Type : vlan VC State : up VC StatusCode |PSN |OAM | FW |...
Page 402 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN Ingress 10.1.1.2/[1025 ] 10.1.1.2 130 ms Transit 20.1.1.2/[3 ] Request time out 30.1.1.2 80 ms Transit 40.1.1.2/[3 ] 40.1.1.2 100 ms Egress <U-PE1> tracert vc vlan 100 control-word remote 200...
Page 403 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration Run the display lspv statistics command on U-PE, and you can view the statistics of PWE3 tracert. Take the display on U-PE2 for example. <U-PE2> display lspv statistics...
Page 404 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN local VCCV : cw lsp-ping remote VCCV : cw lsp-ping local control word : enable remote control word : enable tunnel policy name : -- traffic behavior name...
Page 405 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration 40.1.1.2 150 ms Egress <U-PE1> tracert vc vlan 100 control-word remote 200 Replier Time Type Downstream Ingress 10.1.1.2/[1025 ] 20.1.1.2 60 ms Transit 40.1.1.2 110 ms Egress If the S-PE is disabled from responding to an MPLS Echo Request packet, the configuration on...
Page 406 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN Ingress 40.1.1.1/[1026 ] 40.1.1.1 120 ms Transit 30.1.1.1/[3 ] Request time out 20.1.1.1 60 ms Transit 10.1.1.1/[3 ] 10.1.1.1 160 ms Egress [U-PE2] tracert vc vlan 200 control-word remote 100...
Page 407 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration vlan batch 10 interface Vlanif10 ip address 100.1.1.1 255.255.255.0 interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 10 return Configuration file of U-PE1 sysname U-PE1 vlan batch 10 20 mpls lsr-id 1.1.1.9...
Page 408 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN interface Vlanif20 ip address 10.1.1.2 255.255.255.0 mpls mpls ldp interface Vlanif30 ip address 20.1.1.1 255.255.255.0 mpls mpls ldp interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 20...
Page 409 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 20.1.1.0 0.0.0.255 network 30.1.1.0 0.0.0.255 return Configuration file of P2 sysname P2 vlan batch 40 50 mpls lsr-id 4.4.4.9 mpls...
Page 410: Example For Configuring A Mixed Mh-Pw
Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN interface Vlanif50 ip address 40.1.1.2 255.255.255.0 mpls mpls ldp interface Vlanif60 mpls l2vc pw-template pwt 200 interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 50 interface GigabitEthernet2/0/0...
Page 411: Figure 5-14 Networking Diagram For Configuring A Mixed Mh-Pw
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration Figure 5-14 Networking diagram for configuring a mixed MH-PW Loopback0 Loopback0 Loopback0 2.2.2.9/32 3.3.3.9/32 4.4.4.9/32 S-PE GE1/0/0 GE1/0/0 GE2/0/0 GE2/0/0 GE1/0/0 GE2/0/0 Loopback0 Loopback0 5.5.5.9/32 1.1.1.9/32 GE2/0/0 GE1/0/0...
Page 412 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN Configuration Roadmap The configuration roadmap is as follows: Run an IGP protocol on the devices of the backbone network to implement connectivity. Configure the basic MPLS functions on the backbone network and set up an LSP.
Page 413 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration Enable MPLS L2VPN on U-PE1, U-PE2, and S-PE. Create a dynamic VC connection U-PE1 and a static VC connection on U-PE2. Configure a mixed switching PW on the S-PE.
Page 414 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN tunnel policy : -- traffic behavior : -- PW template name : -- primary or secondary : primary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp...
Page 415 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration Configuration file of U-PE1 sysname U-PE1 vlan batch 10 20 mpls lsr-id 1.1.1.9 mpls mpls l2vpn mpls ldp mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 interface Vlanif10 mpls l2vc 3.3.3.9 100 interface Vlanif20 ip address 10.1.1.1 255.255.255.0...
Page 416 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN port trunk allow-pass vlan 30 interface LoopBack0 ip address 2.2.2.9 255.255.255.255 ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 20.1.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 return Configuration file of S-PE...
Page 417 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration mpls lsr-id 4.4.4.9 mpls mpls ldp interface Vlanif 40 ip address 30.1.1.2 255.255.255.0 mpls mpls ldp interface Vlanif 50 ip address 40.1.1.1 255.255.255.0 mpls mpls ldp interface GigabitEthernet1/0/0...
Page 418: Example For Configuring Inter-As Pwe3-Option A
Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN interface LoopBack0 ip address 5.5.5.9 255.255.255.255 ospf 1 area 0.0.0.0 network 5.5.5.9 0.0.0.0 network 40.1.1.0 0.0.0.255 return Configuration file of CE2 sysname CE2 vlan batch 60 interface Vlanif 60 ip address 100.1.1.2 255.255.255.0...
Page 419 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration GigabitEthernet2/0/0 VLANIF 50 Loopback0 4.4.4.9/32 ASBR-PE1 GigabitEthernet1/0/0 VLANIF 20 10.1.1.2/24 GigabitEthernet2/0/0 VLANIF 30 Loopback0 2.2.2.9/32 ASBR-PE2 GigabitEthernet1/0/0 VLANIF 30 GigabitEthernet2/0/0 VLANIF 40 30.1.1.1/24 Loopback0 3.3.3.9/32 GigabitEthernet1/0/0 VLANIF 10 100.1.1.1/24...
Page 420 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN In this example, IS-IS is used as IGP and the configuration procedure is not mentioned. After the configuration, the IS-IS neighbor relation can be established between the ASBR-PE and the PE in the same AS.
Page 421 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration [PE1] interface vlanif 10 [PE1-Vlanif10] mpls l2vc 2.2.2.9 100 [PE1-Vlanif10] quit # Configure ASBR-PE1. [ASBR-PE1] mpls l2vpn [ASBR-PE1-l2vpn] quit [ASBR-PE1] interface vlanif 30 [ASBR-PE1-Vlanif30] mpls l2vc 1.1.1.9 100 [ASBR-PE1-Vlanif30] quit # Configure ASBR-PE2.
Page 422 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN remote VCCV : Disable local control word : disable remote control word : disable tunnel policy : -- traffic behavior : -- PW template name : -- primary or secondary...
Page 423 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration Configuration Files Configuration file of CE1 sysname CE1 vlan batch 10 interface Vlanif10 ip address 100.1.1.1 255.255.255.0 interface GigabitEthernet1/0/0 port trunk allow-pass vlan 10 return Configuration file of PE1...
Page 424 Quidway S9300 Terabit Routing Switch 5 PWE3 Configuration Configuration Guide - VPN interface Vlanif20 ip address 10.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp interface Vlanif30 mpls l2vc 1.1.1.9 100 interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 20...
Page 425 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 5 PWE3 Configuration mpls mpls l2vpn mpls ldp isis 1 network-entity 10.0000.0000.0004.00 interface Vlanif40 ip address 30.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp interface Vlanif50 mpls l2vc 3.3.3.9 100 interface GigabitEthernet1/0/0...
Page 427: Vpls Configuration
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration VPLS Configuration About This Chapter This chapter describes the basic principle, configuration procedures, and configuration examples for VPLS. 6.1 Introduction to VPLS This section describes the principle of PWE3.
Page 428: Introduction To Vpls
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN 6.1 Introduction to VPLS This section describes the principle of PWE3. With the development of Ethernet technologies, Ethernet has become a leading networking technology for Local Area Networks (LANs). Moreover, Ethernet is increasingly used for Metropolitan Area Networks (MANs) and Wide Area Networks (WANs) as an access technology.
Page 429: Vpls Features Supported By The S9300
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration A Pseudo Wire (PW) is a virtual connection used to transmit frames between two PEs. PEs establish and maintain PWs through signaling. PEs at both ends of a PW maintain the PW status.
Page 430: Mac Address Learning
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN Control Plane and Data Plane The control plane of a VPLS PE provides the following functions: Member discovery: indicates the process of finding all the PEs in the same VPLS. This can be implemented through manual configurations or the automatic discovery function of protocols.
Page 431: Access Mode
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration If a PE receives broadcast traffic from a peer PE, the PE forwards it only to the directly-connected interfaces of the same VPLS rather than other PEs. For a packet with the destination MAC address as a non-broadcast address, if a PE cannot identify this type of the MAC address, the PE broadcasts this packet.
Page 432: Figure 6-3 Hvpls Model
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN Figure 6-3 HVPLS model basic VPLS full mesh In a basic HVPLS model, PEs can be classified into the following types: An Underlayer PE (UPE) refers to a user convergence device that is directly connected to a CE.
Page 433: Configuring Kompella Vpls
6.3.2 Enabling BGP Peers to Exchange VPLS Information 6.3.3 Creating a VSI and Configuring the BGP Signaling 6.3.4 (Optional) Configuring Huawei Devices to Communicate with Non-Huawei Devices 6.3.5 Binding a VSI to an Interface of a CE 6.3.6 (Optional) Configuring the Features of Kompella VPLS 6.3.7 Checking the Configuration...
Page 434: Establishing The Configuration Task
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN 6.3.1 Establishing the Configuration Task Applicable Environment When PEs use BGP as the VPLS signaling, you can configure Kompella VPLS. Automatic discovery of VPLS PEs is implemented by configuring VPN targets.
Page 435: Creating A Vsi And Configuring The Bgp Signaling
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration Step 3 Run: peer peer-address as-number as-number A BGP peer is configured. Step 4 (Optional) Run peer peer-address connect-interface interface-type interface-number An interface is specified for creating a TCP connection.
Page 436 Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN pwsignal bgp BGP is configured as the PW signaling protocol and the VSI BGP view is displayed. Step 4 Run: route-distinguisher route-distinguisher The Router Distinguisher (RD) is configured for the VSI.
Page 437: Optional) Configuring Huawei Devices To Communicate With Non-Huawei Devices
The devices of certain manufacturers do not support the MTU matching check in a VSI. When the S9300 communicates with a non-Huawei device in Kompella mode, you need to run the ignore-mtu-match command on the S9300 to ignore the MTU matching check. This ensures that the VC is Up.
Page 438: Binding A Vsi To An Interface Of A Ce
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN 6.3.5 Binding a VSI to an Interface of a CE Context The S9300 supports binding a VSI to a VLANIF interface. That is, a PE is connected to a CE through a VLANIF interface.
Page 439: Checking The Configuration
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration The BGP-VPLS sub-address family view is displayed. Step 4 Run: peer { group-name | peer-address } reflect-client A Route Reflector (RR) and its client are configured. Step 5 Run: undo policy vpn-target The VPN-target-based filtering is disabled for received VPLS label blocks.
Page 440: Configuring Martini Vpls
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN BGP RD : 168.1.1.1:1 SiteID/Range/Offset : 1/5/0 Import vpn target : 100:1, Export vpn target : 100:1, Remote Label Block : 25600/5/0, Local Label Block : 25600/5/0, Interface Name...
Page 441: Establishing The Configuration Task
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration 6.4.1 Establishing the Configuration Task Applicable Environment If PE devices support the usage of LDP as the VPLS signaling, you can configure the Martini VPLS service. To fully connect the PEs in a VPLS network through PWs, you need to set up LDP sessions among all the PEs.
Page 442: Binding A Vsi To An Interface Of A Ce
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN A vsi which uses the static member discovery mechanism is created. Step 3 Run: pwsignal ldp LDP is configured as the PW signaling protocol and the VSI LDP view is displayed.
Page 443: Checking The Configuration
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration The VLANIF interface view is displayed. Step 3 Run: l2 binding vsi vsi-name A VSI is bound to the interface. ----End 6.4.4 Checking the Configuration Prerequisite The Martini VPLS configurations are completed.
Page 444: Configuring Ldp Hvpls
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN Interface Name : Vlanif10 State : up Run the display vsi remote ldp [ route-id ip-address ] [ pw-id pw-id ] command, and you can view information about remote VSIs using LDP as signaling. For example: <Quidway>...
Page 445: Configuring Spes
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration NOTE Kompella VPLS uses BGP as the signaling. Configuring a route reflector can solve the problem of excessive connections caused by VPLS full connections. Therefore, the S9300 supports only Martini HVPLS.
Page 446: Configuring Upes
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN The VSI peer relationship is configured between a SPE and a UPE. ----End 6.5.3 Configuring UPEs Context The configuration of a UPE is similar to that of a PE on the VPLS fully-connected network. The difference is that a UPE sets up connections only with SPEs to which the UPE is connected.
Page 447: Configuring Static Vlls To Access A Vpls Network
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration Session : up Tunnel ID : 0x2002002, *Peer Router ID : 1.1.1.9 VC Label : 23553 Peer Type : dynamic Session : up Tunnel ID : 0x1002000, Interface Name...
Page 448: Configuring A Static Lsp Between A Upe And An Spe
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN Enabling MPLS L2VPN on the UPEs and SPEs Configuring a tunnel policy Data Preparation To configure static VLLs to access a VPLS network, you need the following data.
Page 449: Configuring A Upe To Access An Spe Through A Static Vll
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration Postrequisite NOTE A static LSP is unidirectional. Thus, two static LSPs in opposite directions must be established between the UPE and the SPE. If a P device resides between the UPE and the SPE, run the static-lsp transit command on the P device to configure a transit node for the static LSP.
Page 450: Checking The Configuration
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN The system view is displayed. Step 2 Run: vsi vsi-name static A vsi which uses the static member discovery mechanism is created. Step 3 Run: pwsignal ldp LDP is configured as the PW signaling protocol and the VSI LDP view is displayed.
Page 451 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration Example Run the display mpls static-l2vc command, and you can find that VC Status is Up. For example: <Quidway> display mpls static-l2vc interface vlanif 20 *Client Interface : Vlanif20 is up...
Page 452: Configuring Inter-As Martini Vpls
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN PW State : up Local VC Label : 100 Remote VC Label : 100 PW Type : MEHVPLS Tunnel ID : 0x2002004, Run the display vsi remote ldp [ route-id ip-address ] [ pw-id pw-id ] command, and you can view information about remote VSIs using LDP as signaling.
Page 453: Configuring Inter-As Martini Vpls Option A
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration Data Mode of the inter-AS VPN Number of each AS 6.7.2 Configuring Inter-AS Martini VPLS Option A Context The configuration of inter-AS Martini VPLS Option A is as follows:...
Page 454: Configuring Inter-As Komeplla Vpls
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN VC Label : 17408 Session : up Tunnel ID : 0x20001, Interface Name : Vlanif10 State : up *Peer Ip Address : 3.3.3.9 PW State : up Local VC Label...
Page 455: Configuring Inter-As Kompella Vpls Option A
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration Configuring an IGP for the MPLS backbone network in each AS to implement IP connectivity within an AS Configuring basic MPLS functions on the MPLS backbone network of each AS...
Page 456: Checking The Configuration
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN 6.8.3 Checking the Configuration Prerequisite The inter-AS Kompella VPLS configurations are complete. Procedure Run the display bgp vpls { group [ group-name ] | peer [ ip-address ] } command to check the BGP VPLS peer (group) relationship on a PE or an ASBR-PE.
Page 457: Setting Related Vpls Parameters
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration VSI Name: v1 Signaling: bgp SiteID PeerAddr InLabel OutLabel VCState 200:1 4.4.4.4 25602 25601 6.9 Setting Related VPLS Parameters This section describes how to set related VPLS parameters.
Page 458: Configuring Mac Address Learning
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: vsi vsi-name [ auto | static ] A VSI is created and the VSI view is displayed.
Page 459: Configuring The Delay For Processing Vpls Events
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration Static MAC address entries are configured. Step 4 Run: mac-address blackhole mac-address vsi vsi-name [ pe-vid pe-vid [ ce-vid ce-vid ] MAC address blackhole entries are configured. Step 5 Run: vsi vsi-name The VSI view is displayed.
Page 460: Maintaining Vpls
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN The MPLS L2VPN view is displayed. Step 3 Run: vpls pw-down-delay pw-down-delay-time The number of times that the system delays processing the VPLS PW Down event is configured.
Page 461: Checking The Traffic On A Vpls Pw
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration mpls l2vpn traffic-statistics capability enable The mpls l2vpn traffic-statistics capability is enabled. Step 3 Run: vsi vsi-name static The VSI view is displayed. Step 4 Collect traffic statistics on a PW.
Page 462: Debugging Vpls
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN Procedure Run the reset traffic-statistics vsi all command to reset all the traffic statistics on a specified VPLS PW. Run the reset traffic-statistics vsi name vsi-name [ peer peer-address [ negotiation-vc- id vc-id ] ] command to reset the statistics of the public network traffic on a specified LDP VPLS PW in a specified VSI.
Page 463: Clearing Mac Address Entries
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration Procedure Run the undo shutdown command to enable a VSI. Run the shutdown command to disable a VSI. ----End Example Regarding the requirements of service management such as service commissioning and service suspension, you can temporarily shut down a VSI, and then add, delete or adjust the VSI function.
Page 464: Example For Configuring Martini Vpls
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN 6.11.1 Example for Configuring Martini VPLS Networking Requirements As shown in Figure 6-5, VPLS needs to be enabled on PE1 and PE2; CE1 is connected to PE1 and CE2 is connected to PE2; CE1 and CE2 belong to the same VPLS network; PWs are established with LDP as the VPLS signaling, and VPLS is configured to implement the interworking between CE1 and CE2.
Page 465 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration Establish tunnels between PEs to transmit user data. Enable MPLS L2VPN on PEs. Create VSIs on PEs, use the signaling protocol as LDP, and bind VSIs to related AC interfaces.
Page 466 Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN After the configuration, run the display mpls ldp session on PE1 or PE2. You can find that the status of the peer relationship between PE1 and PE2 is Operational, which indicates that the peer relationship is established.
Page 467 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration ***VSI Name : a2 Administrator VSI : no Isolate Spoken : disable VSI Index PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify...
Page 468 Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN Configuration file of CE2 sysname CE2 vlan batch 40 interface Vlanif40 ip address 10.1.1.2 255.255.255.0 interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 40 return Configuration file of PE1...
Page 469 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration mpls mpls ldp interface Vlanif20 ip address 168.1.1.2 255.255.255.0 mpls mpls ldp interface Vlanif30 ip address 169.1.1.1 255.255.255.0 mpls mpls ldp interface GigabitEthernet1/0/0 port hybrid pvid vlan 20...
Page 470: Example For Configuring Kompella Vpls
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN interface LoopBack1 ip address 3.3.3.9 255.255.255.255 ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 169.1.1.0 0.0.0.255 return 6.11.2 Example for Configuring Kompella VPLS Networking Requirements As shown in Figure 6-6, PE1 and PE2 are PEs to be enabled with the VPLS function;...
Page 471 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration Configuration Roadmap The configuration roadmap is as follows: Configure a routing protocol on the backbone network to implement the interworking between devices and enable basic MPLS functions. Set up LSP tunnels between PEs.
Page 472 Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN Step 4 Enable BGP peers to exchange VPLS information. # Configure PE1. [PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback1 [PE1-bgp] vpls-family [PE1-bgp-af-vpls] peer 3.3.3.9 enable [PE1-bgp-af-vpls] quit # Configure PE2.
Page 473 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration # Configure CE1. <Quidway> sysname CE1 [CE1] interface vlanif10 [CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0 # Configure CE2. <Quidway> sysname CE2 [CE2] interface vlanif 40 [CE2-Vlanif40] ip address 10.1.1.2 255.255.255.0 Step 9 Verify the configuration.
Page 474 Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN 0.00% packet loss round-trip min/avg/max = 34/68/94 ms ----End Configuration Files Configuration file of CE1 sysname CE1 vlan batch 10 interface Vlanif10 ip address 10.1.1.1 255.255.255.0 interface GigabitEthernet1/0/0...
Page 475 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration interface GigabitEthernet2/0/0 port hybrid pvid vlan 20 port hybrid tagged vlan 20 interface LoopBack1 ip address 1.1.1.9 255.255.255.255 bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1...
Page 476: Example For Configuring Ldp Hvpls
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN mpls mpls l2vpn vsi bgp1 auto pwsignal bgp route-distinguisher 169.1.1.2:1 vpn-target 100:1 import-extcommunity vpn-target 100:1 export-extcommunity site 2 range 5 default-offset 0 mpls ldp interface Vlanif30 ip address 169.1.1.2 255.255.255.0...
Page 477: Figure 6-7 Networking Diagram For Configuring Ldp Hvpls
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration Figure 6-7 Networking diagram for configuring LDP HVPLS Basic VPLS full mesh Loopback1 Loopback1 3.3.3.9/32 2.2.2.9/32 GE1/0/0 GE1/0/0 GE2/0/0 Loopback1 GE2/0/0 1.1.1.9/32 GE3/0/0 GE1/0/0 GE2/0/0 GE1/0/0 GE1/0/0 Site3...
Page 478 Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN Create a VSI on a UPE, and specify the SPE as the peer of the VSI. Configure CE1 and CE2 to access UPEs, and configure CE3 to access PEs.
Page 479 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration <PE> system-view [PE] mpls l2vpn [PE] vsi v123 static [PE-vsi-v123] pwsignal ldp [PE-vsi-v123-ldp] vsi-id 123 [PE-vsi-v123-ldp] peer 2.2.2.9 Step 5 Bind VSIs to interfaces on the SPE and UPE.
Page 480 Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN VC Label : 23552 Peer Type : dynamic Session : up Tunnel ID : 0x20022, *Peer Router ID : 1.1.1.9 VC Label : 23553 Peer Type : dynamic...
Page 481 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration port hybrid tagged vlan 20 interface GigabitEthernet3/0/0 port hybrid pvid vlan 30 port hybrid tagged vlan 30 interface LoopBack1 ip address 1.1.1.9 255.255.255.255 ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 100.1.1.0 0.0.0.255...
Page 482 Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN mpls lsr-id 3.3.3.9 mpls mpls l2vpn vsi v123 static pwsignal ldp vsi-id 123 peer 2.2.2.9 mpls ldp interface Vlanif40 ip address 100.2.1.2 255.255.255.0 mpls mpls ldp interface Vlanif50...
Page 483: Example For Configuring Static Vlls To Access A Vpls Network
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration sysname CE3 vlan batch 50 interface Vlanif50 ip address 10.1.1.3 255.255.255.0 interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 50 return 6.11.4 Example for Configuring Static VLLs to Access a VPLS...
Page 484 Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN Loopback1 1.1.1.9/32 GigabitEthernet 1/0/0 VLANIF 30 100.1.1.2/24 GigabitEthernet 2/0/0 VLANIF 40 100.1.2.1/24 Loopback1 2.2.2.9/32 SPE2 GigabitEthernet 1/0/0 VLANIF 40 100.1.2.2/24 GigabitEthernet 2/0/0 VLANIF 50 100.1.4.1/24 Loopback1 3.3.3.9/32 UPE2...
Page 485 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration # Configure SPE1. <SPE1> system-view [SPE1] ospf [SPE1-ospf-1] area 0 [SPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [SPE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.0] network 100.1.3.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.0] quit [SPE1-ospf-1] quit # Configure P.
Page 486 Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN [P] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface vlanif 30 [P-Vlanif30] mpls [P-Vlanif30] mpls ldp [P-Vlanif30] quit [P] interface vlanif 40 [P-Vlanif40] mpls [P-Vlanif40] mpls ldp [P-Vlanif40] quit # Configure SPE2.
Page 487 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration After the configuration, run the display mpls ldp session command on SPE1 and SPE2. You can find that the status of the peer relationship between SPE1 and SPE2 is Operational.
Page 488 Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN [UPE2-l2vpn] quit [UPE2] interface vlanif 60 [UPE2-Vlanif60] mpls static-l2vc destination 3.3.3.9 transmit-vpn-label 100 receive-vpn-label 100 [UPE2-Vlanif60] quit Enable MPLS L2VPN on SPEs and bind VSIs. # Configure SPE1.
Page 489 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration Service Class : -- Color : -- DomainId Domain Name VSI State : up VSI ID : 100 *Peer Router ID : 3.3.3.9 VC Label : 23552 Peer Type...
Page 490 Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 10 return Configuration file of CE2 sysname CE2 interface Vlanif60 ip address 10.1.1.2 255.255.255.0 interface GigabitEthernet1/0/0 port link-type trunk...
Page 491 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration vsi v100 static pwsignal ldp vsi-id 100 peer 3.3.3.9 peer 4.4.4.9 static-upe tran 100 recv 100 mpls ldp mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9 interface Vlanif20 ip address 100.1.3.1 255.255.255.0...
Page 492 Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN port hybrid pvid vlan 40 port hybrid tagged vlan 40 interface LoopBack1 ip address 2.2.2.9 255.255.255.255 ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 100.1.2.0 0.0.0.255...
Page 493: Example For Configuring Inter-As Martini Vpls Option A
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration sysname UPE2 vlan batch 50 60 mpls lsr-id 5.5.5.9 mpls mpls l2vpn interface Vlanif50 ip address 100.1.4.2 255.255.255.0 mpls interface Vlanif60 mpls static-l2vc destination 3.3.3.9 transmit-vpn-label 100 receive-vpn-label...
Page 494: Figure 6-9 Networking Diagram For Configuring Inter-As Martini Vpls Option A
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN Figure 6-9 Networking diagram for configuring inter-AS Martini VPLS Option A VPLS Backbone VPLS Backbone AS 100 AS 200 Loopback1 Loopback1 Loopback1 Loopback1 4.4.4.4/32 3.3.3.3/32 1.1.1.1/32 2.2.2.2/32 GE2/0/0...
Page 495 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration Configure basic MPLS functions on devices in the backbone network and establish dynamic LSPs between PEs and ASBR-PEs in the same AS. Establish remote LDP sessions if PEs and ASBR-PEs are indirectly connected.
Page 496 Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN 0.00% packet loss round-trip min/avg/max = 60/98/180 ms Step 3 Enable MPLS and configure dynamic LSPs. Configure basic MPLS functions on the MPLS backbone network. Establish dynamic LDP LSPs between PEs and ASBR-PEs in the same AS.
Page 497 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration # Configure ASBR-PE2. [ASBR-PE2] vsi a1 static [ASBR-PE2-vsi-a1] pwsignal ldp [ASBR-PE2-vsi-a1-ldp] vsi-id 3 [ASBR-PE2-vsi-a1-ldp] peer 4.4.4.4 [ASBR-PE2-vsi-a1-ldp] quit [ASBR-PE2-vsi-a1] quit [ASBR-PE2] interface vlanif 30 [ASBR-PE2-Vlanif30] l2 binding vsi a1 [ASBR-PE2-Vlanif30] quit # Configure PE2.
Page 498 Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN Interface Name : Vlanif10 State : up **PW Information: *Peer Ip Address : 2.2.2.2 PW State : up Local VC Label : 23552 Remote VC Label : 23552...
Page 499 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration network-entity 10.0000.0000.0001.00 interface Vlanif10 l2 binding vsi a1 interface Vlanif20 ip address 100.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 10...
Page 500 Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN sysname ASBR-PE2 vlan batch 30 40 mpls lsr-id 3.3.3.3 mpls mpls l2vpn vsi a1 static pwsignal ldp vsi-id 3 peer 4.4.4.4 mpls ldp isis 1 network-entity 10.0000.0000.0003.00 interface Vlanif30...
Page 501: Example For Configuring Inter-As Kompella Vpls Option A
Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration interface Vlanif50 l2 binding vsi a1 interface GigabitEthernet1/0/0 port link-type trunk port default vlan 40 interface GigabitEthernet2/0/0 port link-type trunk port default vlan 50 interface LoopBack1 ip address 4.4.4.4 255.255.255.255...
Page 502: Figure 6-10 Networking Diagram For Configuring Inter-As Kompella Vpls Option A
Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN Figure 6-10 Networking diagram for configuring inter-AS Kompella VPLS Option A VPLS Backbone VPLS Backbone AS 100 AS 200 Loopback1 Loopback1 Loopback1 Loopback1 4.4.4.4/32 3.3.3.3/32 1.1.1.1/32 2.2.2.2/32 GE2/0/0...
Page 503 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration Configure VSIs on PE1, ASBR-PE1, ASBR-PE2, and PE2 and bind the VSIs to related AC interfaces. Data Preparation To complete the configuration, you need the following data: IS-IS data...
Page 504 Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN ASBR-PEs and PEs in the same AS can ping Loopback1 of each other successfully. Take ASBR- PE1 as an example. <ASBR-PE1> ping 1.1.1.1 PING 1.1.1.1: 56 data bytes, press CTRL_C to break Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=255 time=47 ms...
Page 505 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer MsgRcvd MsgSent OutQ Up/Down State PrefRcv 2.2.2.2 0 00:09:04 Established Step 5 Enable MPLS L2VPN on PEs and ASBR-PEs.
Page 506 Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN [PE2] vsi v1 auto [PE2-vsi-v1] pwsignal bgp [PE2-vsi-v1-bgp] route-distinguisher 200:2 [PE2-vsi-v1-bgp] vpn-target 1:1 import-extcommunity [PE2-vsi-v1-bgp] vpn-target 1:1 export-extcommunity [PE2-vsi-v1-bgp] site 2 range 5 default-offset 0 [PE2-vsi-v1-bgp] quit [PE2-vsi-v1] quit...
Page 507 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration <ASBR-PE1> display bgp vpls all BGP Local Router ID : 2.2.2.2, Local AS Number : 100 Status codes : * - active, > - best BGP.VPLS : 2 Label Blocks...
Page 508 Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 10 interface GigabitEthernet2/0/0 port link-type trunk port trunk allow-pass vlan 10 interface LoopBack1 ip address 1.1.1.1 255.255.255.255 isis enable 1 bgp 100 peer 2.2.2.2 as-number 100...
Page 509 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack1 ipv4-family unicast undo synchronization peer 1.1.1.1 enable vpls-family policy vpn-target peer 1.1.1.1 enable return Configuration file of ASBR-PE2...
Page 510 Quidway S9300 Terabit Routing Switch 6 VPLS Configuration Configuration Guide - VPN return Configuration file of PE2 sysname PE2 vlan batch 40 50 mpls lsr-id 4.4.4.4 mpls mpls l2vpn vsi v1 auto pwsignal bgp route-distinguisher 200:2 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity...
Page 511 Quidway S9300 Terabit Routing Switch Configuration Guide - VPN 6 VPLS Configuration interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 50 return Issue 01 (2009-07-28) Huawei Proprietary and Confidential 6-85 Copyright © Huawei Technologies Co., Ltd.

Huawei Quidway S9300 Configuration Manual

About this Document

1 VPN Tunnel Management

Figure 1-1 Networking Diagram of the VPN Tunnel Binding

Figure 1-2 Networking Diagram for Configuring the Tunnel Policy for the L3VPN

Figure 1-3 Networking Diagram for Configuring the L2VPN Tunnel Binding

2 GRE Configuration

Figure 2-1 Multiprotocol Local Network Communication over Single-Protocol Backbone Network

Figure 2-3 Connecting Discontinuous Subnets through a Tunnel

Figure 2-2 Enlarging the Operating Range on the Network

Figure 2-8 Networking Diagram of Configuring the Keepalive Function on Two Ends of a GRE Tunnel

3 BGP/MPLS IP VPN Configuration

Figure 3-1 BGP/MPLS IP VPN Model

Figure 3-2 Networking of Sham Link

Figure 3-12 Networking Diagram for Configuring Double Reflectors to Optimize VPN Backbone Layer

4 VLL Configuration

Figure 4-2 VLL Label Processing

Figure 4-1 VLL Model

Figure 4-11 Networking Diagram for Configuring the Inter-AS Kompella VLL Option a

5 PWE3 Configuration

Figure 5-1 PWE3 Framework

Figure 5-2 Process of Setting up and Maintaining Single-Hop PWE3

Quick Links

Related Manuals for Huawei Quidway S9300

Summary of Contents for Huawei Quidway S9300