H3C S6800 & S6860 & S6861 Switches Configuration Examples-Release 27xx-6W100

HomeSupportConfigure & DeployConfiguration ExamplesH3C S6800 & S6860 & S6861 Switches Configuration Examples-Release 27xx-6W100
Table of Contents
Related Documents
71-GRE with VPN Configuration Examples
Title Size Download
71-GRE with VPN Configuration Examples 183.55 KB

 

H3C S6800 & S6860 & S6861 Switches

GRE with VPN Configuration Examples

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Copyright © 2019 New H3C Technologies Co., Ltd. All rights reserved.

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.

Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.

The information in this document is subject to change without notice.



Introduction

This document provides GRE with VPN configuration examples.

In an MPLS VPN network where a CE and a PE cannot be connected directly, you can deploy a GRE tunnel to provide a logical direct connection between them.

Prerequisites

The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.

This document assumes that you have basic knowledge of GRE and MPLS L3VPN.

Example: Configuring GRE with VPN

Network configuration

As shown in Figure 1:

·          Customer A and Customer B belong to VPN network vpn1.

·          CE 1 and CE 2 are the edge devices of customer network vpn1.

·          PE 1 and PE 2 are the edge devices of the MPLS network.

·          CE 1 and PE 1 are interconnected through a VPN network named vpn2.

Configure the following settings for Customer A and Customer B to communicate with each other through the MPLS and VPN networks:

·          Set up a point-to-point GRE tunnel between CE 1 and PE 1 and configure static routes for them to reach each other.

·          Configure an IGP routing protocol in the MPLS network to ensure IP connectivity among the PE and P devices. In this example, OSPF is used.

·          Configure LDP in the MPLS network to distribute public network labels (outer labels) of packets from VPN network vpn1.

·          Configure MP-BGP and establish peer relationship between the PEs so that the PEs can advertise private network routing information and distribute private network labels (inner labels).

Figure 1 Network diagram

 

Applicable hardware and software versions

The following matrix shows the hardware and software versions to which this configuration example is applicable:

 

Hardware

Software version

S6800 switch series

S6860 switch series

S6861 switch series

Release 2702

 

Restrictions and guidelines

Associating an interface with a VPN instance clears the IP address configuration on the interface. As a best practice, associate the interface with the VPN instance before you configure other settings on the interface.

Procedures

Configuring OSPF in the MPLS network

1.        Configure PE 1:

# Configure IP addresses for Loopback 0 and VLAN-interface 2.

<PE1> system-view

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.9 32

[PE1-LoopBack0] quit

[PE1] vlan 2

[PE1-vlan2] port ten-gigabitethernet 1/0/2

[PE1-vlan2] quit

[PE1] interface vlan-interface 2

[PE1-Vlan-interface2] ip address 10.1.1.1 24

[PE1-Vlan-interface2] quit

# Configure OSPF to advertise routes for the specified networks.

[PE1] ospf

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

2.        Configure P:

# Configure IP addresses for Loopback 0, VLAN-interface 2, and VLAN-interface 5.

<P> system-view

[P] interface loopback 0

[P-LoopBack0] ip address 2.2.2.9 32

[P-LoopBack0] quit

[P] vlan 2

[P-vlan2] port ten-gigabitethernet 1/0/2

[P-vlan2] quit

[P] vlan 5

[P-vlan5] port ten-gigabitethernet 1/0/3

[P-vlan5] quit

[P] interface vlan-interface 2

[P-Vlan-interface2] ip address 10.1.1.2 24

[P-Vlan-interface2] quit

[P] interface vlan-interface 5

[P-Vlan-interface5] ip address 10.1.4.1 24

[P-Vlan-interface5] quit

# Configure OSPF to advertise routes for the specified networks.

[P] ospf

[P-ospf-1] area 0

[P-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 10.1.4.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[P-ospf-1-area-0.0.0.0] quit

[P-ospf-1] quit

3.        Configure PE 2:

# Configure IP addresses for Loopback 0 and VLAN-interface 5.

<PE2> system-view

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 3.3.3.9 32

[PE2-LoopBack0] quit

[PE2] vlan 5

[PE2-vlan5] port ten-gigabitethernet 1/0/1

[PE2-vlan5] quit

[PE2] interface vlan-interface 5

[PE2-Vlan-interface5] ip address 10.1.4.2 24

[PE2-Vlan-interface5] quit

# Configure OSPF to advertise routes for the specified networks.

[PE2] ospf

[PE2-ospf-1] area 0

[PE2-ospf-1-area-0.0.0.0] network 10.1.4.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

4.        Verify that PE 1, P, and PE 2 have established OSPF neighbor relationship. This example uses PE 1 for illustration.

[PE1] display ospf peer verbose

 

          OSPF Process 1 with Router ID 1.1.1.9

                  Neighbors

 

 Area 0.0.0.0 interface 10.1.1.1(Vlan-interface2)'s neighbors

 Router ID: 2.2.2.9          Address: 10.1.1.2        GR State: Normal

   State: Full  Mode: Nbr is Master  Priority: 1

   DR: 10.1.1.2  BDR: 10.1.1.1  MTU: 0

   Options is 0x02 (-|-|-|-|-|-|E|-)

   Dead timer due in 38  sec

   Neighbor is up for 17:30:25

   Authentication Sequence: [ 0 ]

   Neighbor state change count: 6

   BFD status: Disabled

[PE1] display ip routing-table protocol ospf

 

Summary Count : 5

 

OSPF Routing table Status : <Active>

Summary Count : 3

 

Destination/Mask    Proto  Pre  Cost         NextHop         Interface

2.2.2.9/32          OSPF   10   1            10.1.1.2        Vlan2

3.3.3.9/32          OSPF   10   2            10.1.1.2        Vlan2

10.1.4.0/24         OSPF   10   2            10.1.1.2        Vlan2

 

OSPF Routing table Status : <Inactive>

Summary Count : 2

 

Destination/Mask    Proto  Pre  Cost         NextHop         Interface

1.1.1.9/32          OSPF   10   0            1.1.1.9         Loop0

10.1.1.0/24         OSPF   10   1            10.1.1.1        Vlan2

Establishing LDP LSPs in the MPLS network

1.        Configure PE 1:

# Configure the LSR ID as 1.1.1.9 and enable LDP globally.

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls ldp

[PE1-ldp] quit

# Enable MPLS and IPv4 LDP on VLAN-interface 2.

[PE1] interface vlan-interface 2

[PE1-Vlan-interface2] mpls enable

[PE1-Vlan-interface2] mpls ldp enable

[PE1-Vlan-interface2] quit

2.        Configure P:

# Configure the LSR ID as 2.2.2.9 and enable LDP globally.

[P] mpls lsr-id 2.2.2.9

[P] mpls ldp

[P-ldp] quit

# Enable MPLS and IPv4 LDP on VLAN-interface 2.

[P] interface vlan-interface 2

[P-Vlan-interface2] mpls enable

[P-Vlan-interface2] mpls ldp enable

[P-Vlan-interface2] quit

# Enable MPLS and IPv4 LDP on VLAN-interface 5.

[P] interface vlan-interface 5

[P-Vlan-interface5] mpls enable

[P-Vlan-interface5] mpls ldp enable

[P-Vlan-interface5] quit

3.        Configure PE 2:

# Configure the LSR ID as 3.3.3.9 and enable LDP globally.

[PE2] mpls lsr-id 3.3.3.9

[PE2] mpls ldp

[PE2-ldp] quit

# Enable MPLS and IPv4 LDP on VLAN-interface 5.

[PE2] interface vlan-interface 5

[PE2-Vlan-interface5] mpls enable

[PE2-Vlan-interface5] mpls ldp enable

[PE2-Vlan-interface5] quit

4.        Verify that PE 1, P, and PE 2 have established LDP sessions. This example uses PE 1 for illustration.

[PE1] display mpls ldp peer

Total number of peers: 1

Peer LDP ID             State         Role     GR   MD5  KA Sent/Rcvd

2.2.2.9:0               Operational   Passive  Off  Off  5/5

[PE1] display mpls ldp lsp

Status Flags: * - stale, L - liberal, B - backup

FECs: 4            Ingress: 1          Transit: 1      Egress: 3

 

FEC                In/Out Label        Nexthop         OutInterface

1.1.1.9/32         3/-

                   -/1151(L)

2.2.2.9/32         -/3                 10.1.1.2        Vlan2

                   1151/3              10.1.1.2        Vlan2

3.3.3.9/32         -/1150              10.1.1.2        Vlan2

                   1150/1150           10.1.1.2        Vlan2

Configuring GRE and VPN instances

1.        Configure VPN instance vpn1 on PE 1:

# Create VPN instance vpn1.

[PE1] ip vpn-instance vpn1

# Configure an RD for the VPN instance.

[PE1-vpn-instance-vpn1] route-distinguisher 100:1

# Configure route targets for the VPN instance.

[PE1-vpn-instance-vpn1] vpn-target 100:1 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 100:1 export-extcommunity

[PE1-vpn-instance-vpn1] quit

# Associate VLAN-interface 100 with VPN instance vpn1.

[PE1] vlan 100

[PE1-vlan100] port ten-gigabitethernet 1/0/1

[PE1-vlan100] quit

[PE1] interface vlan-interface 100

[PE1-Vlan-interface100] ip binding vpn-instance vpn1

[PE1-Vlan-interface100] ip address 200.1.1.2 24

[PE1-Vlan-interface100] quit

2.        Configure VPN instance vpn1 on CE 1:

# Create VPN instance vpn1.

[CE1] ip vpn-instance vpn1

# Configure an RD for the VPN instance.

[CE1-vpn-instance-vpn1] route-distinguisher 100:1

# Configure route targets for the VPN instance.

[CE1-vpn-instance-vpn1] vpn-target 100:1 import-extcommunity

[CE1-vpn-instance-vpn1] vpn-target 100:1 export-extcommunity

[CE1-vpn-instance-vpn1] quit

# Associate VLAN-interface 101 with VPN instance vpn1.

[CE1] vlan 101

[CE1-vlan101] port ten-gigabitethernet 1/0/1

[CE1-vlan101] quit

[CE1] interface vlan-interface 101

[CE1-Vlan-interface101] ip binding vpn-instance vpn1

[CE1-Vlan-interface101] ip address 100.1.1.1 24

[CE1-Vlan-interface101] quit

3.        Configure GRE on CE 1:

# Create service loopback group 1, and specify its service type as Tunnel.

[CE1] service-loopback group 1 type tunnel

# Add Ten-GigabitEthernet 1/0/3 to service loopback group 1.

[CE1] interface ten-gigabitethernet 1/0/3

[CE1-Ten-GigabitEthernet1/0/3] port service-loopback group 1

[CE1-Ten-GigabitEthernet1/0/3] quit

# Create tunnel interface Tunnel 0, and specify the tunnel mode as GRE/IPv4.

[CE1] interface tunnel 0 mode gre

# Specify the VPN instance to which the tunnel source belongs.

[CE1-Tunnel0] ip binding vpn-instance vpn1

# Configure an IP address for tunnel interface Tunnel 0.

[CE1-Tunnel0] ip address 20.1.1.1 255.255.255.0

# Configure the source address of tunnel interface Tunnel 0 as the IP address of VLAN-interface 101 on CE 1.

[CE1-Tunnel0] source vlan-interface 101

# Configure the destination address of the tunnel interface as the IP address of VLAN-interface 100 on PE 1.

[CE1-Tunnel0] destination 200.1.1.2

# Specify the VPN instance to which the tunnel destination belongs.

[CE1-Tunnel0] tunnel vpn-instance vpn1

[CE1-Tunnel0] quit

# Configure a static route from Customer A through tunnel interface Tunnel 0 to Customer B.

[CE1] ip route-static vpn-instance vpn1 172.2.0.0 24 tunnel 0

4.        Configure GRE on PE 1:

# Create service loopback group 1, and specify its service type as Tunnel.

[PE1] service-loopback group 1 type tunnel

# Add Ten-GigabitEthernet 1/0/3 to service loopback group 1.

[PE1] interface ten-gigabitethernet 1/0/3

[PE1-Ten-GigabitEthernet1/0/3] port service-loopback group 1

[PE1-Ten-GigabitEthernet1/0/3] quit

# Create tunnel interface Tunnel 0, and specify the tunnel mode as GRE/IPv4.

[PE1] interface tunnel 0 mode gre

# Specify the VPN instance to which the tunnel source belongs.

[PE1-Tunnel0] ip binding vpn-instance vpn1

# Configure an IP address for tunnel interface Tunnel 0.

[PE1-Tunnel0] ip address 20.1.1.2 255.255.255.0

# Configure the source address of tunnel interface Tunnel 0 as the IP address of VLAN-interface 100 on PE 1.

[PE1-Tunnel0] source vlan-interface 100

# Configure the destination address of the tunnel interface as the IP address of VLAN-interface 101 on CE 1.

[PE1-Tunnel0] destination 100.1.1.1

# Specify the VPN instance to which the tunnel destination belongs.

[PE1-Tunnel0] tunnel vpn-instance vpn1

[PE1-Tunnel0] quit

# Configure a static route from Customer B through tunnel interface Tunnel 0 to Customer A.

[PE1] ip route-static vpn-instance vpn1 172.1.0.0 24 Tunnel 0

5.        Configure VPN instance vpn1 on PE 2:

# Create VPN instance vpn1.

[PE2] ip vpn-instance vpn1

# Configure an RD for the VPN instance.

[PE2-vpn-instance-vpn1] route-distinguisher 100:1

# Configure route targets for the VPN instance. Make sure the import route target on PE 2 is the same as the export route target on PE 1 and the export route target on PE 2 is the same as the import route target on PE 1.

[PE2-vpn-instance-vpn1] vpn-target 100:1 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 100:1 export-extcommunity

[PE2-vpn-instance-vpn1] quit

# Associate VLAN-interface 101 with VPN instance vpn1.

[PE2] vlan 101

[PE2-vlan101] port ten-gigabitethernet 1/0/2

[PE2-vlan101] quit

[PE2] interface vlan-interface 101

[PE2-Vlan-interface101] ip binding vpn-instance vpn1

[PE2-Vlan-interface101] ip address 101.1.1.1 24

[PE2-Vlan-interface101] quit

6.        Configure IP addresses for interfaces on CE 2, as shown in Figure 1. (Details not shown.)

7.        Verify the configuration. This example uses PE 2 for illustration.

# Display VPN instance information.

[PE2] display ip vpn-instance

  Total VPN-Instances configured : 1

  VPN-Instance Name               RD                     Create time

  vpn1                            100:1                  2016/06/22 13:20:08

# Verify that PE 2 can ping CE 2.

[PE2] ping -vpn-instance vpn1 101.1.1.2

Ping 10.1.4.2 (101.1.1.2): 56 data bytes, press CTRL_C to break

56 bytes from 101.1.1.2: icmp_seq=0 ttl=255 time=1.000 ms

56 bytes from 101.1.1.2: icmp_seq=1 ttl=255 time=2.000 ms

56 bytes from 101.1.1.2: icmp_seq=2 ttl=255 time=0.000 ms

56 bytes from 101.1.1.2: icmp_seq=3 ttl=255 time=1.000 ms

56 bytes from 101.1.1.2: icmp_seq=4 ttl=255 time=0.000 ms

 

--- Ping statistics for 10.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms

Establishing EBGP peer relationship between PEs and CEs and redistributing VPN routes

1.        Configure PE 1:

# Enable BGP instance default, set the local AS number to 100, and enter BGP instance view.

[PE1] bgp 100

# Specify CE 1 as a BGP peer and set its AS number to 65410.

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 20.1.1.1 as-number 65410

# Redistribute the direct routes of PE 1 to BGP-VPN IPv4 unicast address family.

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 20.1.1.1 enable

[PE1-bgp-default-ipv4-vpn1] import-route direct

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

2.        Configure PE 2:

# Enable BGP instance default, set the local AS number to 100, and enter BGP instance view.

[PE2] bgp 100

# Specify CE 2 as a BGP peer and set its AS number to 65410.

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 101.1.1.2 as-number 65410

# Redistribute the direct routes of PE 2 to BGP-VPN IPv4 unicast address family.

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 101.1.1.2 enable

[PE2-bgp-default-ipv4-vpn1] import-route direct

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

3.        Configure CE 1:

# Enable BGP instance default, set the local AS number to 65410, and enter BGP instance view.

<CE1> system-view

[CE1] bgp 65410

# Specify PE 1 as a BGP peer and set its AS number to 100.

[CE1-bgp-default] peer 20.1.1.2 as-number 100

# Enter BGP IPv4 unicast address family view, and enable BGP to exchange IPv4 unicast routing information with peer 20.1.1.2.

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 20.1.1.2 enable

# Redistribute direct routes to BGP IPv4 unicast address family.

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

4.        Configure CE 2:

# Enable BGP instance default, set the local AS number to 65410, and enter BGP instance view.

<CE2> system-view

[CE2] bgp 65410

# Specify PE 2 as a BGP peer and set its AS number to 100.

[CE2-bgp-default] peer 101.1.1.1 as-number 100

# Enter BGP IPv4 unicast address family view, and enable BGP to exchange IPv4 unicast routing information with peer 101.1.1.1.

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 101.1.1.1 enable

# Redistribute direct routes to BGP IPv4 unicast address family.

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

5.        On PE 2, verify that PE 2 and CE 2 have established BGP peer relationship.

[PE2] display bgp peer ipv4 vpn-instance vpn1

 BGP local router ID: 3.3.3.9

 Local AS number: 100

 Total number of peers: 1                  Peers in established state: 1

 

  Peer                  AS          MsgRcvd  MsgSent OutQ PrefRcv Up/Down  State

 

  101.1.1.2             65410        4        4    0       2 13:35:25      Established

Establishing MP-IBGP peer relationship between PEs

1.        Configure PE 1:

# Specify PE 2 as a BGP peer and specify Loopback 0 as the source interface for TCP connections to the peer.

[PE1] bgp 100

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

# Enter BGP VPNv4 address family view and specify PE 2 as a BGP peer.

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 3.3.3.9 enable

[PE1-bgp-default-vpnv4] quit

[PE1-bgp-default] quit

2.        Configure PE 2:

# Specify PE 1 as a BGP peer and specify Loopback 0 as the source interface for TCP connections to the peer.

[PE2] bgp 100

[PE2-bgp-default] peer 1.1.1.9 as-number 100

[PE2-bgp-default] peer 1.1.1.9 connect-interface loopback 0

# Enter BGP VPNv4 address family view and specify PE 1 as a BGP peer.

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 1.1.1.9 enable

[PE2-bgp-default-vpnv4] quit

[PE2-bgp-default] quit

3.        Verify that the PEs have established BGP peer relationship.

[PE1] display bgp peer vpnv4

 

 BGP local router ID: 1.1.1.9

 Local AS number: 100

 Total number of peers: 1                  Peers in established state: 1

 

  Peer                    AS  MsgRcvd  MsgSent OutQ PrefRcv Up/Down  State

 

  3.3.3.9                100        8        8    0       0 00:00:08 Established

Verifying the configuration

# Display routing table information on the PEs. Verify that they have routes to reach the CEs. In this example, the routing table of VPN instance vpn1 on PE 1 is displayed.

[PE1] display ip routing-table vpn-instance vpn1

 

Destinations : 13        Routes : 13

 

Destination/Mask    Proto  Pre  Cost         NextHop         Interface

0.0.0.0/32          Direct 0    0            127.0.0.1       InLoop0

20.1.1.0/24         Direct  0   0            20.1.1.2        Tun0

20.1.1.0/32         Direct  0   0            20.1.1.2        Tun0

20.1.1.2/32         Direct  0   0            127.0.0.1       InLoop0

200.1.1.0/24        Direct 0    0            200.1.1.2       Vlan100

200.1.1.0/32        Direct 0    0            200.1.1.2       Vlan100

200.1.1.2/32        Direct 0    0            127.0.0.1       InLoop0

200.1.1.255/32      Direct 0    0            100.1.1.2       Vlan100

101.1.1.0/24        BGP    255  0            3.3.3.9         Vlan2

127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0

127.0.0.0/32        Direct 0    0            127.0.0.1       InLoop0

127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0

127.255.255.255/32  Direct 0    0            127.0.0.1       InLoop0

224.0.0.0/4         Direct 0    0            0.0.0.0         NULL0

224.0.0.0/24        Direct 0    0            0.0.0.0         NULL0

255.255.255.255/32  Direct 0    0            127.0.0.1       InLoop0

Configuration files

·          PE 1:

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

 service-loopback group 1 type tunnel

#

ospf 1

 area 0.0.0.0

  network 1.1.1.9 0.0.0.0

  network 10.1.1.0 0.0.0.255

#

 mpls lsr-id 1.1.1.9

#

vlan 2

#

vlan 100

#

mpls ldp

#

interface LoopBack0

 ip address 1.1.1.9 255.255.255.255

#

interface Vlan-interface2

 ip address 10.1.1.1 255.255.255.0

 mpls enable

 mpls ldp enable

#

interface Vlan-interface100

 ip binding vpn-instance vpn1

 ip address 200.1.1.2 255.255.255.0

#

interface Ten-GigabitEthernet1/0/1

 port link-mode bridge

 port access vlan 100

#

interface Ten-GigabitEthernet1/0/2

 port link-mode bridge

 port access vlan 2

#

#

interface Ten-GigabitEthernet1/0/3

 port link-mode bridge

 port service-loopback group 1

#

interface Tunnel0 mode gre

 ip binding vpn-instance vpn1

 ip address 20.1.1.2 255.255.255.0

 source Vlan-interface100

 tunnel vpn-instance vpn1

 destination 100.1.1.1

#

bgp 100

 peer 3.3.3.9 as-number 100

 peer 3.3.3.9 connect-interface LoopBack0

 #

 address-family vpnv4

  peer 3.3.3.9 enable

 #

 ip vpn-instance vpn1

  peer 20.1.1.1 as-number 65410

  #

  address-family ipv4 unicast

   import-route direct

   peer 20.1.1.1 enable

#

 ip route-static vpn-instance vpn1 172.1.0.0 24 Tunnel0

·          P:

#

ospf 1

 area 0.0.0.0

  network 2.2.2.9 0.0.0.0

  network 10.1.1.0 0.0.0.255

  network 10.1.4.0 0.0.0.255

#

 mpls lsr-id 2.2.2.9

#

vlan 2

#

vlan 5

#

mpls ldp

#

interface LoopBack0

 ip address 2.2.2.9 255.255.255.255

#

interface Vlan-interface2

 ip address 10.1.1.2 255.255.255.0

 mpls enable

 mpls ldp enable

#

interface Vlan-interface5

 ip address 10.1.4.1 255.255.255.0

 mpls enable

 mpls ldp enable

#

interface Ten-GigabitEthernet1/0/2

 port link-mode bridge

 port access vlan 2

#

interface Ten-GigabitEthernet1/0/3

 port link-mode bridge

 port access vlan 5

#

·          PE 2:

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

ospf 1

 area 0.0.0.0

  network 3.3.3.9 0.0.0.0

  network 10.1.4.0 0.0.0.255

#

 mpls lsr-id 3.3.3.9

#

 lldp global enable

#

vlan 5

#

vlan 101

#

mpls ldp

#

interface LoopBack0

 ip address 3.3.3.9 255.255.255.255

#

interface Vlan-interface5

 ip address 10.1.4.2 255.255.255.0

 mpls enable

 mpls ldp enable

#

interface Vlan-interface101

 ip binding vpn-instance vpn1

 ip address 101.1.1.1 255.255.255.0

#

interface Ten-GigabitEthernet1/0/1

 port link-mode bridge

 port access vlan 5

#

interface Ten-GigabitEthernet1/0/2

 port link-mode bridge

 port access vlan 101

#

bgp 100

 peer 1.1.1.9 as-number 100

 peer 1.1.1.9 connect-interface LoopBack0

 #

 address-family vpnv4

  peer 1.1.1.9 enable

 #

 ip vpn-instance vpn1

  peer 101.1.1.2 as-number 65410

  #

  address-family ipv4 unicast

   import-route direct

   peer 101.1.1.2 enable

#

·          CE 1:

#

ip vpn-instance vpn1

 route-distinguisher 100:1

 vpn-target 100:1 import-extcommunity

 vpn-target 100:1 export-extcommunity

#

 service-loopback group 1 type tunnel

#

vlan 101

#

interface Vlan-interface101

 ip binding vpn-instance vpn1

 ip address 100.1.1.1 255.255.255.0

#

interface Ten-GigabitEthernet1/0/1

 port link-mode bridge

 port access vlan 101

#

interface Ten-GigabitEthernet1/0/3

 port link-mode bridge

 port service-loopback group 1

#

interface Tunnel0 mode gre

 ip binding vpn-instance vpn1

 ip address 20.1.1.1 255.255.255.0

 source Vlan-interface101

 tunnel vpn-instance vpn1

 destination 200.1.1.2

#

bgp 65410

 peer 20.1.1.2 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 20.1.1.2 enable

#

 ip route-static vpn-instance vpn1 172.2.0.0 24 Tunnel0

#

·          CE 2:

#

vlan 101

#

interface Vlan-interface101

 ip address 101.1.1.2 255.255.255.0

#

interface Ten-GigabitEthernet1/0/1

 port link-mode bridge

 port access vlan 101

#

bgp 65410

 peer 101.1.1.1 as-number 100

 #

 address-family ipv4 unicast

  import-route direct

  peer 101.1.1.1 enable

#

Related documentation

·          H3C S6800[S6860][S6861] (R27xx) & S6820 (R630x) Switch Series Layer 3—IP Services Configuration Guide

·          H3C S6800[S6860][S6861] (R27xx) & S6820 (R630x) Switch Series Layer 3—IP Services Command Reference

·          H3C S6800[S6860][S6861] (R27xx) & S6820 (R630x) Switch Series Layer 3—IP Routing Configuration Guide

·          H3C S6800[S6860][S6861] (R27xx) & S6820 (R630x) Switch Series Layer 3—IP Routing Command Reference

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网