Configuring an L3VPN

Procedure

• Configure SPEs.

  The following uses the configuration of Core_SPE1 on the core ring as an example. The configurations of Core_SPE2 and Core_SPE3 are similar to the configuration of Core_SPE1, and are not mentioned here.

  ip vpn-instance vpna    //Create a VPN instance.
   ipv4-family
    route-distinguisher 5:1    //Configure an RD.
    tnl-policy TSel    //Configure a TE tunnel for the VPN instance.
    vpn-target 0:1 export-extcommunity    //Configure the extended community attribute VPN target.
    vpn-target 0:1 import-extcommunity
  #
  bgp 65000
   #
   ipv4-family vpnv4
    nexthop recursive-lookup delay 10    //Set the next-hop iteration delay to 10s.
    route-select delay 120    //Set the route selection delay to 120s, preventing traffic interruption caused by fast route switchback.
   #
    ipv4-family vpn-instance vpna
    default-route imported    //Import the default route to VPN instance vpna.
    nexthop recursive-lookup route-policy delay_policy    //Configure BGP next-hop iteration based on the routing policy delay_policy.
    nexthop recursive-lookup delay 10
    route-select delay 120
  #
  route-policy delay_policy permit node 0    //Permit routes of all sites.
   if-match community-filter all_site
  #

• Configure UPEs.

  The following uses the configuration of Site1_UPE1 as an example. The configurations of Site1_UPE2, Site2_UPE3, Site2_UPE4, Site3_UPE5, and Site3_UPE6 are similar to the configuration of Site1_UPE1, and are not mentioned here.

  arp vlink-direct-route advertise    //Advertise IPv4 ARP Vlink direct routes.
  #
  ip vpn-instance vpna
   ipv4-family
    route-distinguisher 1:1
    tnl-policy TSel
    arp vlink-direct-route advertise
    vpn-target 0:1 export-extcommunity
    vpn-target 0:1 import-extcommunity
  #
  interface XGigabitEthernet1/0/4
   port link-type trunk
   undo port trunk allow-pass vlan 1
  #
  interface XGigabitEthernet1/0/4.200
   dot1q termination vid 200
   ip binding vpn-instance vpna    //Bind the VPN instance to the corresponding service interface.
   arp direct-route enable    //Configure the ARP module to report ARP Vlink direct routes to the RM module.
   ip address 172.18.200.66 255.255.255.192
   arp broadcast enable    //Enable ARP broadcast of a VLAN tag termination sub-interface.
  #
  bgp 65000
   #
   ipv4-family vpnv4
    route-select delay 120
   #
   ipv4-family vpn-instance vpna
    default-route imported
    import-route direct route-policy p_iBGP_RR_ex    //Import direct routes to VPN instance vpna and add the community attribute.
    route-select delay 120
   #
  #
  route-policy p_iBGP_RR_ex permit node 0    //Add the community attribute for the route.
   apply community 100:100 5720:5720 12:12
  #
  arp expire-time 62640    //Set the aging time of dynamic ARP entries.
  arp static 172.18.200.68 0001-0002-0003 vid 200 interface XGigabitEthernet1/0/4.200    //Configure a static ARP entry.
  #

  

  Since V200R010C00, dynamic ARP is supported to meet reliability requirements in this scenario. Perform the following operations to implement dynamic ARP:

  • Run the arp learning passive enable command in the system view to enable passive ARP.
  • Run the arp auto-scan enable command in the sub-interface view to enable ARP automatic scanning on the sub-interface.

  After the preceding configuration is complete, you do not need to configure the aging time of dynamic ARP entries and static ARP entries.