< Home

Example for Configuring Communication Between Local VPNs

Networking Requirements

As shown in Figure 1, company A and company B realize communication between their respective headquarters and branches through BGP/MPLS IP VPN. The network deployment is as follows:
  • CE1 connects to the headquarters of company A, and CE3 connects to the branch of company A. CE1 and CE3 belong to vpna.
  • CE2 connects to the headquarters of company B, and CE4 connects to the branch of company B. CE2 and CE4 belong to vpnb.

Headquarters of company A and headquarters of company B need to communicate with each other for business.

Figure 1 Networking diagram for configuring communication between local VPNs

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure VPN instances on PE1 and configure different VPN targets for the instances to isolate VPNs.

  2. On PE1, bind the interfaces connected to CEs to the VPN instances to provide access for VPN users.

  3. Import direct routes to the local CEs into the VPN routing table on PE1. On each CE connected to PE1, configure a static route to the other local CE to enable the CEs to communicate with each other.

Procedure

  1. Create VLANs and configure the allowed VLANs on interfaces.

    # Configure PE1.

    <HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan batch 10 20
[PE1] interface gigabitethernet 0/0/1
[PE1-GigabitEthernet0/0/1] port link-type trunk
[PE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type trunk
[PE1-GigabitEthernet0/0/2] port trunk allow-pass vlan 20
[PE1-GigabitEthernet0/0/2] quit

    # Configure CE1.

    <HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 10
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit

    # Configure CE2.

    <HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 20
[CE2] interface gigabitethernet 0/0/1
[CE2-GigabitEthernet0/0/1] port link-type trunk
[CE2-GigabitEthernet0/0/1] port trunk allow-pass vlan 20
[CE2-GigabitEthernet0/0/1] quit

  2. Configure VPN instances on PEs and bind the interfaces connected to CEs to the VPN instances.

    # Configure PE1.

    [PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] ipv4-family
[PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
[PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 export-extcommunity
[PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 222:2 import-extcommunity
[PE1-vpn-instance-vpna-af-ipv4] quit
[PE1-vpn-instance-vpna] quit
[PE1] ip vpn-instance vpnb
[PE1-vpn-instance-vpnb] ipv4-family
[PE1-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2
[PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 export-extcommunity
[PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 111:1 import-extcommunity
[PE1-vpn-instance-vpnb-af-ipv4] quit
[PE1-vpn-instance-vpnb] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] ip binding vpn-instance vpna
[PE1-Vlanif10] ip address 10.1.1.2 24
[PE1-Vlanif10] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip binding vpn-instance vpnb
[PE1-Vlanif20] ip address 10.2.1.2 24
[PE1-Vlanif20] quit
    # Assign IP addresses to interfaces on CE1 according to Figure 1.
    [CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 24
[CE1-Vlanif10] quit

    # Assign IP addresses to interfaces on CE2 according to Figure 1.

    [CE2] interface vlanif 20
[CE2-Vlanif20] ip address 10.2.1.1 255.255.255.0
[CE2-Vlanif20] quit

    Each PE can ping its connected CE. PE1 and CE1 are used as an example.

    [PE1] ping -vpn-instance vpna 10.1.1.1
  PING 10.1.1.1: 56  data bytes, press CTRL_C to break
    Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=5 ms
    Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=3 ms
    Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=3 ms
    Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=3 ms
    Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=16 ms

  --- 10.1.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 3/6/16 ms

  3. Configure BGP and import the direct routes to local CEs to the VPN routing table.

    # Configure PE1.

    [PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpna
[PE1-bgp-vpna] import-route direct
[PE1-bgp-vpna] quit
[PE1-bgp] ipv4-family vpn-instance vpnb
[PE1-bgp-vpnb] import-route direct
[PE1-bgp-vpnb] quit
[PE1-bgp] quit

  4. Configure static routes on the CEs.

    # Configure CE1.

    [CE1] ip route-static 10.2.1.0 24 10.1.1.2

    # Configure CE2.

    [CE2] ip route-static 10.1.1.0 24 10.2.1.2

  5. Verify the configurations.

    After the configuration is complete, run the display ip routing-table vpn-instance command on PE1. You can see that the VPNs have imported routes of each other. The vpna is used as an example.

    [PE1] display ip routing-table vpn-instance vpna
Route Flags: R - relay, D - download to fib, T - to vpn-instance
------------------------------------------------------------------------------
Routing Tables: vpna
         Destinations : 4        Routes : 4

Destination/Mask    Proto  Pre  Cost       Flags NextHop         Interface

       10.1.1.0/24  Direct 0    0            D   10.1.1.2        Vlanif10
       10.1.1.2/32  Direct 0    0            D   127.0.0.1       Vlanif10
       10.2.1.0/24  BGP    255  0            D   10.2.1.2        Vlanif20
       10.2.1.2/32  BGP    255  0            D   127.0.0.1       InLoopBack0

    CE1 and CE2 can ping each other.

    [CE1] ping 10.2.1.1
  PING 10.2.1.1: 56  data bytes, press CTRL_C to break
    Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=253 time=72 ms
    Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=253 time=34 ms
    Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=253 time=50 ms
    Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=253 time=50 ms
    Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=253 time=34 ms

  --- 10.2.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 34/48/72 ms

Configuration Files

  • PE1 configuration file

    #
sysname PE1
#
vlan batch 10 20
#
ip vpn-instance vpna
 ipv4-family
  route-distinguisher 100:1
  vpn-target 111:1 export-extcommunity
  vpn-target 111:1 222:2 import-extcommunity
#
ip vpn-instance vpnb
 ipv4-family 
  route-distinguisher 100:2
  vpn-target 222:2 export-extcommunity
  vpn-target 222:2 111:1 import-extcommunity
#
interface Vlanif10
 ip binding vpn-instance vpna
 ip address 10.1.1.2 255.255.255.0
# 
interface Vlanif20
 ip binding vpn-instance vpnb
 ip address 10.2.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10
# 
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 20
#
bgp 100
 #
 ipv4-family unicast
  undo synchronization
 #
 ipv4-family vpn-instance vpna
  import-route direct
 #
 ipv4-family vpn-instance vpnb
  import-route direct
#
return

  • CE1 configuration file

    #
sysname CE1
#
vlan batch 10
#
interface Vlanif10
 ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10
#
ip route-static 10.2.1.0 255.255.255.0 10.1.1.2
#
return

  • CE2 configuration file

    #
sysname CE2
#
vlan batch 20
#
interface Vlanif20
 ip address 10.2.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 20
#
ip route-static 10.1.1.0 255.255.255.0 10.2.1.2
#
return
Parent Topic: Configuration Examples for BGP/MPLS IP VPN
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >