Configuring an HoVPN
On an HoVPN, a UPE only needs to obtain a default route from an SPE. This implementation mechanism reduces the route storage space required on a UPE.
Context
For HoVPN networking, you must perform the following configurations:
- Configure a VPN instance on each UPE, SPE, and NPE. For configuration details, see Configuring a VPN Instance.
According to relevant standards, the VPN instance status obtained from an NMS is Up only if at least one interface bound to the VPN instance is Up. On an HoVPN, VPN instances on SPEs are not bound to interfaces. As a result, the VPN instance status obtained from an NMS is always Down. To solve this problem, run the transit-vpn command in the VPN instance view or VPN instance IPv4 address family view of an SPE. Then, the VPN instance status obtained from an NMS is always Up, no matter whether the VPN instance is bound to interfaces.
Configure an MP-BGP peer relationship between each SPE and NPE. This configuration is similar to configuring an MP-IBGP peer relationship between PEs on a BGP/MPLS IP VPN. For more information, see Establishing MP-IBGP Peer Relationships Between PEs.
Configure routing protocols for NPEs and UPEs to exchange routes with CEs. This configuration is similar to configuring PEs and CEs to exchange routes on a BGP/MPLS IP VPN. For more information, see Configuring Route Exchange Between PEs and CEs.
- Configure an MP-BGP peer relationship between each UPE and SPE. An SPE needs to advertise only the default route or summary routes to a UPE. You can configure the SPE to send the default route to the UPE in either of the following modes:
- Route filtering mode: You can configure the default static route and routing policy to enable the SPE to send the default route to the UPE.
- Command control mode: You can run the peer default-originate vpn-instance command to enable the SPE to automatically generate the default route and send it to the UPE.
The default route generated using the peer default-originate vpn-instance command cannot be associated with an interface. When the primary link connecting the SPE to the UPE fails, the default route may be sent to the UPE over another interface, which affects network reaction sensitivity to faults. Therefore, the route filtering mode is recommended.
Procedure
- Configure a UPE to establish an MP-BGP peer relationship
with an SPE.
- Configure the SPE to send the default route or summary
route to the UPE.
- Configure the SPE to send the default route to the UPE.
Run system-view
The system view is displayed.
Run ip route-static 0.0.0.0 { 0.0.0.0 | 0 } { nexthop-address | interface-type interface-number [ nexthop-address ] | vpn-instance vpn-instance-name nexthop-address } [ preference preference ] [ tag tag ] [ description text ]
A default IPv4 static route is created.
Run bgp as-number
The BGP view is displayed.
Run peer { ipv4-address | group-name } as-number as-number
The UPE is specified as a BGP peer of the SPE.
Run ipv4-family vpnv4
The BGP-VPNv4 address family view is displayed.
Run peer { ipv4-address | group-name } upe
The UPE is specified as a lower-level PE of the SPE.
This step can be performed only if a VPNv4 peer relationship has been established between the SPE and UPE.
Run quit
Return to the BGP view.
Run ipv4-family vpn-instance vpn-instance-name
The BGP-VPN instance IPv4 address family view is displayed.
Run network 0.0.0.0 [ 0.0.0.0 | 0 ] [ route-policy route-policy-name ]
The default route is imported to the IPv4 VPN instance routing table.
Run commit
The configuration is committed.
- Configure the SPE to advertise a summary route to the UPE.
Run system-view
The system view is displayed.
Run bgp as-number
The BGP view is displayed.
Run ipv4-family vpn-instance vpn-instance-name
The BGP-VPN instance IPv4 address family view is displayed.
Run aggregate ipv4-address { mask | mask-length } [ as-set | attribute-policy route-policy-name1 | detail-suppressed | origin-policy route-policy-name2 | suppress-policy route-policy-name3 ] *
A summary route is created.
Run quit
Return to the BGP view.
Run quit
Return to the system view.
Run ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } ip-address mask-length [ greater-equal greater-equal-value ] [ less-equal less-equal-value ]
An IPv4 prefix list is configured.
Run bgp as-number
The BGP view is displayed.
Run peer { ipv4-address | group-name } as-number as-number
The UPE is specified as a BGP peer of the SPE.
Run ipv4-family vpnv4
The BGP-VPNv4 address family view is displayed.
Run peer { ipv4-address | group-name } ip-prefix ip-prefix-name export
The SPE is configured to advertise filtered routes to the UPE.
Run commit
The configuration is committed.
- Configure the SPE to send the default route to the UPE.
- (Optional) Configure one-label-per-next-hop label distribution
on the SPE.
In an HoVPN scenario, if an SPE needs to send large numbers of VPNv4 routes but the MPLS labels are inadequate, configure one-label-per-next-hop label distribution on the SPE.
- Run apply-label per-nexthop
One-label-per-next-hop label distribution is enabled on the SPE.
After one-label-per-next-hop label distribution is enabled or disabled on an SPE, the labels assigned by the SPE to routes change. As a result, temporary packet loss may occur.
- Run apply-label per-nexthop