Configuring Route Exchange Between PEs and CEs

To enable CEs to communicate, the PEs and CEs must be capable of exchanging routes.

Context

In BGP/MPLS IPv6 VPN, a routing protocol or IPv6 static route must be configured between a PE and a CE to allow them to communicate and allow the CE to obtain routes to other CEs. The routing protocol can be BGP4+, IPv6 static route, RIPng, OSPFv3, or IS-ISv6. Choose one of the following configurations as needed:
The routing protocol configurations on the CE and PE are different:
  • The CE is located at the client side and unaware of the VPN. Therefore, you do not need to configure VPN parameters when configuring a routing protocol on the CE.
  • It connects to a CE and exchanges VPN routing information with other PEs. If the CEs that access a PE belong to different VPNs, the PE must maintain different VRF tables. When configuring a routing protocol on the PE, specify the name of the VPN instance to which the routing protocol applies and configure the routing protocol and MP-BGP to import routes from each other. The PE is located at the edge of the carrier's network.

Procedure

  • Configure BGP4+ between a PE and a CE.

    Perform the following steps on the PE:

    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run ipv6-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv6 address family view is displayed.

    4. (Optional) Run as-number { as-number-plain | as-number-dot }

      An AS number is configured for the VPN instance IPv6 address family.

      To smoothly re-assign a device to another AS or transmit different services in different instances, run the as-number command to configure a different AS number for each VPN instance IPv6 address family.

      The AS number configured in the VPN instance IPv6 address family view must be different from the AS number configured in the BGP view.

      After the bgp yang-mode enable command is run, the as-number { as-number-plain | as-number-dot } command cannot be run. To configure a separate AS number for the VPN instance IPv6 address family, run the as-number ipv6 ipv6-as command in the BGP-VPN instance view.

    5. Run peer ipv6-address as-number as-number

      The CE is configured as an IPv6 VPN peer.

    6. (Optional) Run peer { ipv6-address | group-name } ebgp-max-hop [ hop-count ]

      The maximum number of hops between the PE and its EBGP peer is specified. This step is mandatory if the PE and CE are not directly connected.

      If the maximum number of hops is set to 1, the PE cannot establish an EBGP connection to a peer if they are not directly connected.

    7. (Optional) Run peer { group-name | ipv6-address } soo site-of-origin

      The SoO attribute is configured for the specified CE peer.

      Several CEs at a VPN site may establish BGP connections to different PEs. The VPN routes advertised from the CEs to the PEs may be re-advertised to the same VPN site after the routes traverse the backbone network. This may cause route loops at the VPN site.

      If the SoO attribute is configured for a specified CE, the PE adds the attribute to a route sent from the CE and advertises the route to the remote PE. The remote PE checks the SoO attribute of the route before sending it to its attached CE. If the SoO attribute is the same as the local SoO attribute on the remote PE, the remote PE does not send the route to its attached CE.

    8. (Optional) Run peer { group-name | ipv6-address } allow-as-loop [ number ]

      Route loops are allowed.

      This step is used in hub-spoke networking.

      Generally, BGP uses AS numbers to detect route loops. On a hub-spoke network, if EBGP runs between a hub-PE and a hub-CE at a hub site, the route sent from the hub-PE to the hub-CE carries the AS number of the hub-PE. If the hub-CE sends a route update message to the hub-PE, the hub-PE will deny it because the route update message contains the AS number of the hub-PE. To ensure proper route transmission on a hub-spoke network, configure all the BGP peers along the path (along which the hub-CE advertises VPN routes to the spoke-CE) to accept the routes which have the AS number repeated once.

    9. (Optional) Run peer { group-name | ipv6-address } substitute-as

      BGP AS number substitution is enabled.

      Perform this step on the PE in a scenario in which CEs at different sites use the same AS number.

      Enabling BGP AS number substitution may cause routing loops on a CE multi-homing network.

    10. (Optional) To configure the device to advertise specific routes in a BGP VPN routing table to a BGP VPNv6 routing table, run either of the following commands:

      • To configure the device to send only optimal routes in a BGP VPN routing table to a BGP VPNv6 routing table, run the advertise best-route command.

        By default, when a local device receives a route (route A) having the same prefix as that of a route (route B) in the local VPN routing table from the remote end but route A and route B have different RDs, route B is also sent to a BGP VPNv6 routing table even if the route selection priority of route B is lower than that of route A. If route B meets BGP VPNv6 route sending conditions, it is also sent to other BGP VPNv6 peers. In this scenario, if you want only optimal BGP VPN routes to be transmitted between BGP VPNv6 peers on the network, run the advertise best-route command on the local device to send only optimal routes in the BGP VPN routing table to the BGP VPNv6 routing table.

      • To configure the device to send only valid routes in a BGP VPN routing table to a BGP VPNv6 routing table, run the advertise valid-routes command.

        By default, the device advertises all routes in the BGP VPN routing table to the BGP VPNv6 routing table. You can run the advertise valid-routes command to advertise valid routes to the BGP VPNv6 routing table.

    11. Run commit

      The configuration is committed.

    Perform the following steps on the CE:

    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. (Optional) Run router-id ipv4-address

      A router ID is set for the CE. If no interface on the local CE is assigned an IPv4 address, you must set the router ID for the local CE.

    4. Run peer ipv6-address as-number as-number

      The PE is configured as an IPv6 VPN peer.

    5. (Optional) Run peer { ipv6-address | group-name } ebgp-max-hop [ hop-count ]

      The maximum number of hops between the CE and its EBGP peer (the PE) is set. This step is mandatory if the PE and CE are not directly connected.

      If the maximum number of hops is set to 1, the CE cannot establish an EBGP connection to a peer if they are not directly connected.

    6. Run ipv6-family unicast

      The BGP-IPv6 unicast address family view is displayed.

    7. Run peer ipv6-address enable

      The function to exchange BGP route information with the specified BGP IPv6 peer is enabled.

    8. Run import-route { direct | static | ripng process-id | ospfv3 process-id | isis process-id } [ med med | route-policy route-policy-name ]*

      Routes of the local site are imported.

      The CE advertises the routes of its own VPN network segment to the connected PE, which forwards the routes to the remote CE. The type of route imported at this step may vary according to the networking mode.

    9. Run commit

      The configuration is committed.

  • Configure IPv6 static routes between a PE and a CE.

    Perform the following steps on the PE:

    Configuring an IPv6 static route on the CE is not described here. For details about how to configure an IPv6 static route, see "IPv6 Static Route Configuration" in HUAWEI NetEngine 8000 F SeriesRouter Configuration Guide - IP Routing.

    1. Run system-view

      The system view is displayed.

    2. Run ipv6 route-static vpn-instance vpn-instance-name dest-ipv6-address prefix-length { interface-type interface-number [ nexthop-ipv6-address ] | vpn-instance vpn-destination-name nexthop-ipv6-address | nexthop-ipv6-address [ public ] } [ preference preference | tag tag ] * [ description text ]

      A static route is configured for a specified VPN instance IPv6 address family.

    3. Run bgp as-number

      The BGP view is displayed.

    4. Run ipv6-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv6 address family view is displayed.

    5. Run import-route static [ med med | route-policy route-policy-name ] *

      The configured static route is added to the VRF table of the BGP-VPN instance IPv6 address family.

    6. (Optional) To configure the device to advertise specific routes in a BGP VPN routing table to a BGP VPNv6 routing table, run either of the following commands:

      • To configure the device to send only optimal routes in a BGP VPN routing table to a BGP VPNv6 routing table, run the advertise best-route command.

        By default, when a local device receives a route (route A) having the same prefix as that of a route (route B) in the local VPN routing table from the remote end but route A and route B have different RDs, route B is also sent to a BGP VPNv6 routing table even if the route selection priority of route B is lower than that of route A. If route B meets BGP VPNv6 route sending conditions, it is also sent to other BGP VPNv6 peers. In this scenario, if you want only optimal BGP VPN routes to be transmitted between BGP VPNv6 peers on the network, run the advertise best-route command on the local device to send only optimal routes in the BGP VPN routing table to the BGP VPNv6 routing table.

      • To configure the device to send only valid routes in a BGP VPN routing table to a BGP VPNv6 routing table, run the advertise valid-routes command.

        By default, the device advertises all routes in the BGP VPN routing table to the BGP VPNv6 routing table. You can run the advertise valid-routes command to advertise valid routes to the BGP VPNv6 routing table.

    7. Run commit

      The configuration is committed.

    The configuration of the CE is the same as the configuration of common IPv6 static routes, and is not described here.

    A VPN that receives routes outside it from a device other than the PE and advertises the routes to the PE is called a transit VPN. A VPN that receives only routes in it and routes advertised by the PE is called a stub VPN. Generally, a static route is used for route exchange between the CE and PE in a stub VPN only.

  • Configure RIPng between a PE and a CE.

    Configuring RIPng on the CE is not described here. For details about how to configure RIPng, see "RIPng Configuration" in the HUAWEI NetEngine 8000 F SeriesRouter Configuration Guide - IP Routing.

    1. Run system-view

      The system view is displayed.

    2. Run ripng [ process-id ] vpn-instance vpn-instance-name

      A RIPng process used between the PE and CE is created, and the RIPng view is displayed.

      A RIPng multi-instance process can be bound to only one VPN instance. If a RIPng process is not bound to any VPN instance before it is started, this process becomes a public network process.

      If only one RIPng process, either a public network RIPng process or a RIPng multi-instance process, runs on the router, you do not need to specify process-id in the command. The value of process-id is 1 by default.

    3. Run import-route bgp [ permit-ibgp ] [ cost cost | inherit-cost | route-policy route-policy-name ] *

      BGP routes are imported.

      After the import-route bgp command is run in the RIPng view, the PE can import the VPNv6 routes learned from the remote PE into the RIPng routing table and advertise them to the attached CE.

    4. Run quit

      Return to the system view.

    5. Run interface interface-type interface-number

      The view of the interface connected to the CE is displayed.

    6. Run ripng process-id enable

      RIPng is enabled on the interface.

      If IPv6 is not enabled, this command cannot be run in the interface view.

    7. Run quit

      Return to the system view.

    8. Run bgp as-number

      The BGP view is displayed.

    9. Run ipv6-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv6 address family view is displayed.

    10. Run import-route ripng process-id [ med med | route-policy route-policy-name ] *

      RIPng routes are imported into the BGP-VPN instance IPv6 address family routing table.

      The learned RIPng route is added to the VRF table of the BGP-VPN instance IPv6 address family. After the import-route ripng command is run in the BGP-IPv6 VPN instance IPv6 address family view, the PE imports the IPv6 routes learned from the attached CE into the BGP routing table and advertises VPN-IPv6 routes to the remote PE.

      If a RIPng multi-instance process is deleted, RIPng will be disabled on all the interfaces in the process.

      Deleting a VPN instance or disabling a VPN instance IPv6 address family will delete all the RIPng processes bound to the VPN instance or the VPN instance IPv6 address family on the PE.

    11. (Optional) To configure the device to advertise specific routes in a BGP VPN routing table to a BGP VPNv6 routing table, run either of the following commands:

      • To configure the device to send only optimal routes in a BGP VPN routing table to a BGP VPNv6 routing table, run the advertise best-route command.

        By default, when a local device receives a route (route A) having the same prefix as that of a route (route B) in the local VPN routing table from the remote end but route A and route B have different RDs, route B is also sent to a BGP VPNv6 routing table even if the route selection priority of route B is lower than that of route A. If route B meets BGP VPNv6 route sending conditions, it is also sent to other BGP VPNv6 peers. In this scenario, if you want only optimal BGP VPN routes to be transmitted between BGP VPNv6 peers on the network, run the advertise best-route command on the local device to send only optimal routes in the BGP VPN routing table to the BGP VPNv6 routing table.

      • To configure the device to send only valid routes in a BGP VPN routing table to a BGP VPNv6 routing table, run the advertise valid-routes command.

        By default, the device advertises all routes in the BGP VPN routing table to the BGP VPNv6 routing table. You can run the advertise valid-routes command to advertise valid routes to the BGP VPNv6 routing table.

    12. Run commit

      The configuration is committed.

  • Configure OSPFv3 between a PE and a CE.

    Configuring OSPFv3 on the CE is not described here. For details about how to configure OSPFv3, see "OSPFv3 Configuration" in HUAWEI NetEngine 8000 F SeriesRouter Configuration Guide - IP Routing.

    Perform the following steps on the PE:

    1. Run system-view

      The system view is displayed.

    2. Run ospfv3 [ process-id ] [ vpn-instance vpnname]

      An OSPFv3 multi-instance process is started, and its view is displayed.

      An OSPFv3 multi-instance process is started, and its view is displayed. An OSPFv3 process can be bound to only one VPN instance. If an OSPFv3 process is not bound to any VPN instance before it is started, this process becomes a public network process and cannot be bound to a VPN instance later.

      Deleting a VPN instance or disabling a VPN instance IPv6 address family will delete all the OSPFv3 processes bound to the VPN instance or the VPN instance IPv6 address family on the PE.

    3. Run router-id router-id

      A router ID is configured. The router ID of each OSPFv3 process is unique in an AS. If no router ID is set, no OSPFv3 process can be run.

    4. (Optional) Run domain-id { domain-id-int | domain-id-ipaddr }

      The domain ID is configured. The domain ID can be an integer or in dotted decimal notation.

      Generally, the routes that are imported from a PE are advertised as External-LSAs. The routes that belong to different nodes of the same OSPFv3 domain are advertised as Type-3 LSAs (intra-domain routes). This requires that different nodes in the same OSPFv3 domain have the same domain ID.

    5. (Optional) Run route-tag tag-value

      A VPN route tag is set.

    6. Run import-route bgp [ cost cost | route-policy route-policy-name | tag tag | type type ] *

      BGP routes are imported into the OSPFv3 routing table so that the PE can advertise the routes to the CE using OSPFv3.

    7. Run quit

      Return to the system view.

    8. Run interface interface-type interface-number

      The view of the interface bound to the VPN instance is displayed.

    9. Run ospfv3 process-id area area-id [ instance instance-id ]

      OSPFv3 is enabled on the interface.

    10. Run quit

      Return to the system view.

    11. Run bgp as-number

      The BGP view is displayed.

    12. Run ipv6-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv6 address family view is displayed.

    13. Run import-route ospfv3 process-id [ med med | route-policy route-policy-name ]*

      OSPFv3 routes are imported into the VRF table of the BGP-VPN instance IPv6 address family.

    14. (Optional) To configure the device to advertise specific routes in a BGP VPN routing table to a BGP VPNv6 routing table, run either of the following commands:

      • To configure the device to send only optimal routes in a BGP VPN routing table to a BGP VPNv6 routing table, run the advertise best-route command.

        By default, when a local device receives a route (route A) having the same prefix as that of a route (route B) in the local VPN routing table from the remote end but route A and route B have different RDs, route B is also sent to a BGP VPNv6 routing table even if the route selection priority of route B is lower than that of route A. If route B meets BGP VPNv6 route sending conditions, it is also sent to other BGP VPNv6 peers. In this scenario, if you want only optimal BGP VPN routes to be transmitted between BGP VPNv6 peers on the network, run the advertise best-route command on the local device to send only optimal routes in the BGP VPN routing table to the BGP VPNv6 routing table.

      • To configure the device to send only valid routes in a BGP VPN routing table to a BGP VPNv6 routing table, run the advertise valid-routes command.

        By default, the device advertises all routes in the BGP VPN routing table to the BGP VPNv6 routing table. You can run the advertise valid-routes command to advertise valid routes to the BGP VPNv6 routing table.

    15. Run commit

      The configuration is committed.

  • Configure IS-ISv6 between a PE and a CE.

    This configuration is performed on the PE. On the CE, you only need to configure the common IS-ISv6 protocol. For details about how to configure IS-ISv6, see "IS-IS Configuration" in HUAWEI NetEngine 8000 F SeriesRouter Configuration Guide - IP Routing.

    1. Run system-view

      The system view is displayed.

    2. Run isis process-id vpn-instance vpn-instance-name

      An IS-IS process used between the PE and CE is created, and the IS-IS view is displayed.

      An IS-IS process is created on the PE, and the IS-IS view is displayed. An IS-IS multi-instance process can be bound to only one VPN instance. If an IS-IS process is not bound to any VPN instance before it is started, this process becomes a public network process.

      If only one IS-IS process, either a public network IS-IS process or a multi-instance IS-IS instance, runs on the router, you do not need to specify process-id in the command. The value of process-id defaults to 1.

      If an IS-IS multi-instance process is deleted, IS-IS will be disabled on all the interfaces in the process.

      Deleting a VPN instance or disabling a VPN instance IPv6 address family will delete all the IS-IS processes bound to the VPN instance or the VPN instance IPv6 address family on the PE.

    3. Run network-entity net-addr

      A NET value is set. A NET specifies the current IS-IS area address and the system ID of the router.

    4. (Optional) Run is-level { level-1 | level-1-2 | level-2 }

      The IS-IS level of the router is set.

    5. Run ipv6 enable [ topology { compatible [ enable-mt-spf ] | ipv6 | standard } ]

      IPv6 is enabled for the IS-IS process.

      Before enabling IPv6 for the IS-IS process, enable IPv6 in the system view first.

    6. Run ipv6 import-route bgp inherit-cost [ tag tag | route-policy route-policy-name | [ level-1 | level-2 | level-1-2 ] ]*

      BGP routes are imported.

    7. Run quit

      Return to the system view.

    8. Run interface interface-type interface-number

      The interface view is displayed.

    9. Run isis ipv6 enable [ process-id ]

      IS-ISv6 is enabled on the interface.

    10. Run quit

      Return to the system view.

    11. Run bgp as-number

      The BGP view is displayed.

    12. Run ipv6-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv6 address family view is displayed.

    13. Run import-route isis process-id [ med med | route-policy route-policy-name ]*

      IS-IS routes are imported into the VRF table of the BGP-VPN instance IPv6 address family.

    14. (Optional) To configure the device to advertise specific routes in a BGP VPN routing table to a BGP VPNv6 routing table, run either of the following commands:

      • To configure the device to send only optimal routes in a BGP VPN routing table to a BGP VPNv6 routing table, run the advertise best-route command.

        By default, when a local device receives a route (route A) having the same prefix as that of a route (route B) in the local VPN routing table from the remote end but route A and route B have different RDs, route B is also sent to a BGP VPNv6 routing table even if the route selection priority of route B is lower than that of route A. If route B meets BGP VPNv6 route sending conditions, it is also sent to other BGP VPNv6 peers. In this scenario, if you want only optimal BGP VPN routes to be transmitted between BGP VPNv6 peers on the network, run the advertise best-route command on the local device to send only optimal routes in the BGP VPN routing table to the BGP VPNv6 routing table.

      • To configure the device to send only valid routes in a BGP VPN routing table to a BGP VPNv6 routing table, run the advertise valid-routes command.

        By default, the device advertises all routes in the BGP VPN routing table to the BGP VPNv6 routing table. You can run the advertise valid-routes command to advertise valid routes to the BGP VPNv6 routing table.

    15. Run commit

      The configuration is committed.

  • Configure a direct route between a PE and a CE.

    A direct route can be configured between a PE and a CE only if the CE is a host and connected to the PE using a VLANIF interface. Note that the direct route only needs to be configured on the PE.

    Perform the following steps on the PE:

    1. Run system-view

      The system view is displayed.

    2. Run ip vpn-instance vpn-instance-name

      The VPN instance view is displayed.

    3. Run ipv6-family

      The VPN instance IPv6 address family view is displayed.

    4. Run nd vlink-direct-route advertise [ route-policy route-policy-name ]

      NDP Vlink direct routes are advertised.

      After the parameter route-policy route-policy-name is specified in the nd vlink-direct-route advertise command, only NDP Vlink direct routes matching the route-policy are advertised.

    5. Run quit

      Return to the VPN instance view.

    6. Run quit

      Return to the system view.

    7. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    8. Run ipv6-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv6 address family view is displayed.

    9. Run import-route direct [ med med | route-policy route-policy-name ]*

      The direct route to the local CE is imported. After the direct route to the local CE is imported to the VPN routing table, the local PE use MP-BGP to advertise the direct route to the remote PE. This allows the remote CE to access the local CE.

    10. (Optional) To configure the device to advertise specific routes in a BGP VPN routing table to a BGP VPNv6 routing table, run either of the following commands:

      • To configure the device to send only optimal routes in a BGP VPN routing table to a BGP VPNv6 routing table, run the advertise best-route command.

        By default, when a local device receives a route (route A) having the same prefix as that of a route (route B) in the local VPN routing table from the remote end but route A and route B have different RDs, route B is also sent to a BGP VPNv6 routing table even if the route selection priority of route B is lower than that of route A. If route B meets BGP VPNv6 route sending conditions, it is also sent to other BGP VPNv6 peers. In this scenario, if you want only optimal BGP VPN routes to be transmitted between BGP VPNv6 peers on the network, run the advertise best-route command on the local device to send only optimal routes in the BGP VPN routing table to the BGP VPNv6 routing table.

      • To configure the device to send only valid routes in a BGP VPN routing table to a BGP VPNv6 routing table, run the advertise valid-routes command.

        By default, the device advertises all routes in the BGP VPN routing table to the BGP VPNv6 routing table. You can run the advertise valid-routes command to advertise valid routes to the BGP VPNv6 routing table.

    11. Run commit

      The configuration is committed.

Parent Topic: Configuring a Basic BGP/MPLS IPv6 VPN
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >