Configuring L3VPNv4 HoVPN over SRv6 BE

This section describes how to configure L3VPNv4 HoVPN over SRv6 BE.

Usage Scenario

Currently, the typical structure of a MAN consists of three layers: core layer, aggregation layer, and access layer. To implement VPN functions on such a hierarchical network for achieving end-to-end VPN data transmission and improving the performance and scalability of the entire network, you need to deploy hierarchical VPN solutions, among which the hierarchy of VPN (HoVPN) solution is commonly used.

During network evolution, the core and aggregation layers may use different forwarding modes, that is, SRv6 forwarding and MPLS forwarding. When the HoVPN solution is used to implement hierarchical VPN deployment, the methods used to forward L3VPNv4 data over a public network fall into three categories (as shown in Figure 1): L3VPNv4 over MPLS plus SRv6, L3VPNv4 over SRv6 plus MPLS, and L3VPNv4 over SRv6 plus SRv6.

Figure 1 HoVPN solution networking

This section uses L3VPNv4 over SRv6 BE plus SRv6 BE as an example. On the network shown in Figure 2, L3VPNv4 HoVPN over SRv6 BE is deployed. It allows SRv6 BE paths on a public network to carry L3VPNv4 data on condition that hierarchical VPN deployment is implemented through the HoVPN solution.

Figure 2 L3VPNv4 HoVPN over SRv6 BE networking

Pre-configuration Tasks

Before configuring L3VPNv4 HoVPN over SRv6 BE, complete the following tasks:

  • Configure a link layer protocol.
  • Configure IP addresses for interfaces to ensure that neighboring devices are reachable at the network layer.

Procedure

  1. Configure IPv6 IS-IS on the UPE, SPE, and NPE. For configuration details, see Configuring Basic IPv6 IS-IS Functions.
  2. Configure IPv4 route exchange between the UPE and CE1 and between the NPE and CE2. For configuration details, see Configuring Route Exchange Between PEs and CEs.
  3. Enable IS-IS SRv6 on the UPE, SPE, and NPE, and establish an MP-IBGP peer relationship between the UPE and SPE and another one between the NPE and SPE. In addition, configure a VPN instance, enable the IPv4 address family for the VPN instance, and configure SRv6 BE on each of the three devices. For configuration details, see Configuring L3VPNv4 over SRv6 BE.
  4. Specify the UPE as the peer of the SPE and configure the SPE to advertise the default route to the UPE.
    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run ipv4-family vpnv4

      The BGP-VPNv4 address family view is displayed.

    4. Run peer peerIpv6Addr upe

      The peer is specified as a UPE.

    5. Run peer ipv6-address default-originate vpn-instance vpn-instance-name

      The device is configured to automatically generate a default route and advertise it to the UPE.

      If you do not run this command to automatically generate a default route, you can manually configure a static route with the next hop set to the NPE's public or private address. If the next hop is set to the SPE's address and a fault occurs on the link between the SPE and NPE, traffic black holes may occur. Then, run the ip route-static recursive-lookup inherit-label-route segment-routing-ipv6 command to recurse the static route to an SRv6 route.

    6. Run commit

      The configuration is committed.

    7. Run quit

      Exit the BGP-VPNv4 address family view.

  5. Enable route regeneration on the SPE and configure the SPE to advertise regenerated routes to the NPE.
    1. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    2. Run advertise best-route route-reoriginate

      Route regeneration is enabled.

    3. Run quit

      Exit the BGP-VPN instance IPv4 address family view.

    4. Run ipv4-family vpnv4

      The BGP-VPNv4 address family view is displayed.

    5. Run peer ipv6-address advertise route-reoriginated vpnv4

      The SPE is configured to advertise regenerated routes in the BGP-VPNv4 address family to the NPE.

    6. Run commit

      The configuration is committed.

Verifying the Configuration

After configuring L3VPNv4 HoVPN over SRv6 BE, verify the configuration.

  • Run the display bgp vpnv4 all routing-table command to check BGP VPNv4 routing information.
  • Run the display ip routing-table vpn-instance vpn-instance command to check the routing tables of the NPE and UPE.
Parent Topic: Configuring SRv6 BE
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic