< Home

Configuring VPN Instances on PE Devices

Context

Configure VPN instances on each Spoke-PE device and the Hub-PE device. This section provides only the mandatory configuration for a VPN instance. For the optional configuration of a VPN instance, see Configuring a VPN Instance on a PE Device.

Procedure

  • Configure VPN instances on the Hub-PE device.

    Configure the following two VPN instances for the Hub-PE device:

    • VPN-in: accepts and maintains all the VPNv4 routes advertised by all the Spoke-PE devices.

    • VPN-out: maintains the routes of the Hub site and all the Spoke sites and advertises those routes to all the Spoke-PE devices.

    1. Run system-view

      The system view is displayed.

    2. Run ip vpn-instance VPN-in

      The VPN-in instance is created and the VPN-in instance view is displayed.

    3. Run ipv4-family

      The IPv4 address family is enabled for the VPN-in instance, and the VPN-in instance IPv4 address family view is displayed.

    4. Run route-distinguisher route-distinguisher

      The RD of the VPN-in instance IPv4 address family is configured.

    5. Run vpn-target vpn-target1 &<1-8> import-extcommunity

      The VPN target extended community for the VPN-in instance IPv4 address family is created to import the VPNv4 routes advertised by all the Spoke-PE devices.

      vpn-target1 lists the Export VPN targets advertised by all the Spoke-PE devices.

    6. Run quit

      Return to the VPN instance view.

    7. Run quit

      Return to the system view.

    8. Run ip vpn-instance VPN-out

      The VPN-out instance is created and the VPN-out instance view is displayed.

    9. Run ipv4-family

      The IPv4 address family is enabled for the VPN-out instance, and the VPN-out instance IPv4 address family view is displayed.

    10. Run route-distinguisher route-distinguisher

      The RD of the VPN-out instance IPv4 address family is configured.

    11. Run vpn-target vpn-target2 &<1-8> export-extcommunity

      The VPN target extended community for the VPN-out instance IPv4 address family is created to advertise the routes of all the Hubs and Spokes.

      vpn-target2 lists the Import VPN targets advertised by all the Spoke-PE devices.

  • Configure a Spoke-PE device.

    Every Spoke-PE device is configured with a VPN instance.

    1. Run system-view

      The system view is displayed.

    2. Run ip vpn-instance vpn-instance-name

      The VPN instance view of VPN-in is displayed.

    3. Run ipv4-family

      The VPN instance IPv4 address family view is displayed.

    4. Run route-distinguisher route-distinguisher

      The RD of the VPN-in instance is configured.

    5. Run vpn-target vpn-target2 &<1-8> import-extcommunity

      The VPN target extended community is configured for the VPN instance IPv4 address family to receive the VPNv4 routes advertised by the Hub-PE device.

      vpn-target2 must be in the export VPN target list configured on the Hub-PE device.

    6. Run vpn-target vpn-target1 &<1-8> export-extcommunity

      The VPN target extended community is configured for the VPN instance IPv4 address family to advertise the routes of Spoke sites.

      vpn-target1 must be in the import VPN target list configured on the Hub-PE device.

Parent Topic: Configuring Hub and Spoke
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >