Today I will be discussing VPLS configuration (Virtual Private LAN Services) on Huawei switches in a multi-vendor environment. I will test VPLS between Huawei S6700, Extreme X670 and Juniper MX960.
Lab scheme:
We will use Martini VPLS with LDP signaling .
First, we need to configure IGP and LDP between all nodes on the network. Will use OSFP as IGP.
I will not post the PE3 config and redundant links related config, as it will take too long output.
IGP/LDP configuration of PE4 Huawei S6700:
# interface facing PE2
#
interface Vlanif10
description PE4-PE2-igp
ip address 10.10.100.1 255.255.255.252
ospf network-type p2p
ospf ldp-sync
ospf enable 1 area 0.0.0.0
mpls
mpls te
mpls ldp
interface XGigabitEthernet0/0/48
description PE4-PE2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10
#
interface LoopBack0
ip address 10.10.10.33 255.255.255.255
ospf enable 1 area 0.0.0.0
#
#OSPF
#
ospf 1
opaque-capability enable
area 0.0.0.0
network 10.10.100.0 0.0.0.255
mpls-te enable
#
#MPLS
#
mpls lsr-id 10.10.10.33
mpls
mpls te
label advertise non-null
mpls rsvp-te
mpls te cspf
#
mpls l2vpn
#
mpls ldp
IGP/LDP configuration of PE2 Extreme X670:
#create Lo0
create vlan "Loopback0"
enable loopback-mode vlan Loopback0
configure vlan Loopback0 ipaddress 10.10.10.32 255.255.255.255
enable ipforwarding vlan Loopback0
configure ip-mtu 9170 vlan Loopback0
#creating vlan for IGP between PE2 and PE4
create vlan "pe2-pe4-igp"
configure vlan pe2-pe4-igp tag 10
configure vlan pe2-pe4-igp add ports 48 tagged
configure vlan pe2-pe4-igp ipaddress 10.10.100.2 255.255.255.252
enable ipforwarding vlan pe2-pe4-igp
configure ip-mtu 9170 vlan pe2-pe4-igp
#OSFP
configure ospf routerid 10.10.10.32
enable ospf
configure ospf add vlan Loopback0 area 0.0.0.0
configure ospf vlan Loopback0 cost 1
configure ospf add vlan pe2-pe4-igp area 0.0.0.0 link-type point-to-point
#MPLS
configure mpls lsr-id 10.10.10.32
enable mpls
enable mpls protocol ldp
enable mpls protocol rsvp-te
configure mpls add vlan "Loopback0"
enable mpls vlan "Loopback0"
enable mpls ldp vlan "Loopback0"
configure mpls add vlan "pe2-pe4-igp"
enable mpls vlan "pe2-pe4-igp"
enable mpls rsvp-te vlan "pe2-pe4-igp"
enable mpls ldp vlan "pe2-pe4-igp"
IGP/LDP configuration of PE1 Juniper MX960:
#interfaces config
lo0 {
description LOOPBACK;
unit 0 {
family inet {
address 10.10.10.1/32 {
primary;
}
}
}
}
#port facing PE2
xe-0/1/2 {
description "PE1-PE2";
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 12 {
description "PE1-PE2-igp";
vlan-id 12;
family inet {
address 10.10.100.10/30;
}
}
}
#MPLS
mpls {
interface lo0.0;
interface xe-0/1/2.12;
}
#OSPF
ospf {
traffic-engineering;
area 0.0.0.0 {
interface all {
disable;
}
interface lo0.0 {
metric 1;
}
interface xe-0/1/2.12 {
interface-type p2p;
metric 1;
}
}
}
#LDP
ldp {
track-igp-metric;
interface xe-0/1/2.12;
interface lo0.0;
}
Now we need to check IGP and LDP neighborhood is established everywhere.
PE4:
PE4>display ospf peer
OSPF Process 1 with Router ID 10.10.10.33
Neighbors
Area 0.0.0.0 interface 10.10.100.1(Vlanif10)'s neighbors
Router ID: 10.10.10.32 Address: 10.10.100.2
State: Full Mode:Nbr is Slave Priority: 1
DR: None BDR: None MTU: 9170
Dead timer due in 33 sec
Retrans timer interval: 6
Neighbor is up for 00:04:35
Authentication Sequence: [ 0 ]
Neighbors
Area 0.0.0.0 interface 10.10.100.5(Vlanif11)'s neighbors
Router ID: 10.10.10.31 Address: 10.10.100.6
State: Full Mode:Nbr is Slave Priority: 1
DR: None BDR: None MTU: 9170
Dead timer due in 40 sec
Retrans timer interval: 7
Neighbor is up for 00:05:58
Authentication Sequence: [ 0 ]
PE4>dis mpls ldp peer
LDP Peer Information in Public network
A '*' before a peer means the peer is being deleted.
------------------------------------------------------------------------------
PeerID TransportAddress DiscoverySource
------------------------------------------------------------------------------
10.10.10.32:0 10.10.10.32 Vlanif10
10.10.10.31:0 10.10.10.31 Vlanif11
PE2:
PE2 # sh ospf neighbor
Neighbor ID Pri State Up/Dead Time Address Interface
==========================================================================================
10.10.10.33 128 FULL /DROTHER 00:00:07:53/00:00:00:07 10.10.100.1 pe2-pe4-igp
10.10.10.1 128 FULL /DROTHER 00:00:05:31/00:00:00:02 10.10.100.10 pe2-pe1-igp
PE2 # sh mpls ldp peer
IP Address LDP Peer State Uptime Adjacencies
10.10.10.32 10.10.10.33:0 Operational 0d:0h:7m:53s 1
10.10.10.32 10.10.10.1:0 Operational 0d:0h:5m:31s 1
PE1:
PE1> show ospf neighbor
Address Interface State ID Pri Dead
10.10.100.9 xe-0/1/2.12 Full 10.10.10.32 128 35
10.10.100.18 xe-0/1/3.14 Full 10.10.10.31 128 33
rt1.msk> show ldp neighbor
Address Interface Label space ID Hold time
10.10.10.31 xe-0/1/3.14 10.10.10.31:0 37
10.10.10.32 xe-0/1/2.12 10.10.10.32:0 40
So, all OSFP and LDP sessions are established, it’s time to move on to VPLS configuration.
Huawei S6700 only supports Vlan Based VPLS, so the service is bound to the Vlanif interface:
#config of VPLS1-BLUE
#ldp peer config
mpls ldp remote-peer 10.10.10.1
remote-ip 10.10.10.1
#
vsi VPLS1-BLUE
pwsignal ldp
vsi-id 100
peer 10.10.10.1
mtu 9000
encapsulation ethernet
vlan 100
description VPLS1-BLUE
#
interface Vlanif100
l2 binding vsi VPLS1-BLUE
#interface facing CE3
interface XGigabitEthernet0/0/22
description VPLS1-BLUE-CE3
port link-type access
port default vlan 100
stp disable
stp bpdu-filter enable
stp edged-port enable
undo ntdp enable
undo ndp enable
port discard tagged-packet
storm-control broadcast min-rate 200 max-rate 350
storm-control multicast min-rate 2000 max-rate 3500
storm-control interval 2
storm-control action block
storm-control enable log
#config of VPLS2-RED
#ldp peer config
mpls ldp remote-peer 10.10.10.32
remote-ip 10.10.10.32
#
vsi VPLS2-RED
pwsignal ldp
vsi-id 200
peer 10.10.10.32
mtu 9000
encapsulation ethernet
vlan 200
description VPLS2-RED
#
interface Vlanif200
l2 binding vsi VPLS2-RED
#interface facing CE1
interface XGigabitEthernet0/0/21
description VPLS2-RED-CE1
port link-type access
port default vlan 200
stp disable
stp bpdu-filter enable
stp edged-port enable
undo ntdp enable
undo ndp enable
port discard tagged-packet
storm-control broadcast min-rate 200 max-rate 350
storm-control multicast min-rate 2000 max-rate 3500
storm-control interval 2
storm-control action block
storm-control enable log
PE2 config:
create vlan "CE1-CE4"
configure vlan CE1-CE4 tag 200
configure vlan CE1-CE4 add ports 10 untagged
disable igmp snooping vlan "CE1-CE4"
disable igmp vlan "CE1-CE4"
disable igmp proxy-query vlan "CE1-CE4"
create l2vpn vpls vpls-pe2-pe4-CE1-CE4 fec-id-type pseudo-wire 200
configure l2vpn vpls vpls-pe2-pe4-CE1-CE4 add service vlan CE1-CE4
configure l2vpn vpls vpls-pe2-pe4-CE1-CE4 mtu 9170
configure l2vpn vpls vpls-pe2-pe4-CE1-CE4 add peer 10.10.10.33 core full-mesh
PE1 config:
routing-instances {
VPLS1-BLUE {
instance-type vpls;
interface ae13.100;
protocols {
vpls {
no-tunnel-services;
vpls-id 100;
mtu 9000;
neighbor 10.10.10.33 {
encapsulation-type ethernet;
}
}
}
}
}
xe-0/3/3 {
description "CE2";
unit 0 {
description "PE1-PE2-igp";
encapsulation vlan-vpls;
input-vlan-map pop;
output-vlan-map push;
family vpls;
}
}
Finally, the configuration stage is done, we can start testing and verification.
Checking PE4:
PE4>display vpls connection
2 total connections,
connections: 2 up, 0 down, 2 ldp, 0 bgp, 0 bgpad
VSI Name: VPLS1-BLUE Signaling: ldp
VsiID EncapType PeerAddr InLabel OutLabel VCState
100 ethernet 10.10.10.1 1136 1168 up
VSI Name: VPLS2-RED Signaling: ldp
VsiID EncapType PeerAddr InLabel OutLabel VCState
200 ethernet 10.10.10.32 1095 1077 up
PE2:
PE2 # show vpls
L2VPN Name VPN ID Flags Services Name Peer IP State Flags
--------------- ------ ------- --------------- --------------- ----- -------
vpls-pe2-pe4-CE1-CE4 200 EAX--L- CE1-CE4 10.10.10.33 Up C---V-L
PE1:
PE1> show vpls connections
Layer-2 VPN connections:
Legend for interface status
Up -- operational
Dn -- down
Instance: VPLS1-BLUE
VPLS-id: 100
Neighbor Type St Time last up # Up trans
10.10.10.33(vpls-id 100) rmt Up Nov 19 14:45:53 2020 1
Remote PE: 10.10.10.33, Negotiated control-word: No
Incoming label: 262145, Outgoing label: 1089
Negotiated PW status TLV: No
Local interface: lsi.1049510, Status: Up, Encapsulation: ETHERNET
Description: Intf - vpls VPLS1-BLUE neighbor 10.10.10.33 vpls-id 100
Flow Label Transmit: No, Flow Label Receive: No
All instances are up, traffic between CEs is successfully transmitted.
Hi,
Thank you for the great article!
Is it possible to get the full configurations of the Extreme switches?
Hi. This lab was already disassembled. Almost all config is posted in article. If you have any specific questions, you can drop me a mail to info@.