VPLS Configuration on Huawei switches

By | 19.11.2020
0 Comment

Today I will be discussing VPLS configuration (Virtual Private LAN Services) on Huawei switches in a multi-vendor environment. I will test VPLS between Huawei S6700, Extreme X670 and Juniper MX960.

Lab scheme:

We will use Martini VPLS with LDP signaling .
First, we need to configure IGP and LDP between all nodes on the network. Will use OSFP as IGP.

I will not post the PE3 config and redundant links related config, as it will take too long output.

IGP/LDP configuration of PE4 Huawei S6700:

# interface facing PE2
#
interface Vlanif10
 description PE4-PE2-igp
 ip address 10.10.100.1 255.255.255.252
 ospf network-type p2p
 ospf ldp-sync
 ospf enable 1 area 0.0.0.0
 mpls
 mpls te
 mpls ldp

interface XGigabitEthernet0/0/48
 description PE4-PE2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10
#
interface LoopBack0
 ip address 10.10.10.33 255.255.255.255
 ospf enable 1 area 0.0.0.0
#
#OSPF
#
ospf 1
 opaque-capability enable
 area 0.0.0.0
  network 10.10.100.0 0.0.0.255
  mpls-te enable
#
#MPLS
#
mpls lsr-id 10.10.10.33
mpls
 mpls te
 label advertise non-null
 mpls rsvp-te                             
 mpls te cspf
#
mpls l2vpn
#
mpls ldp

IGP/LDP configuration of PE2 Extreme X670:

#create Lo0
create vlan "Loopback0"
enable loopback-mode vlan Loopback0
configure vlan Loopback0 ipaddress 10.10.10.32 255.255.255.255
enable ipforwarding vlan Loopback0
configure ip-mtu 9170 vlan Loopback0

#creating vlan for IGP between PE2 and PE4
create vlan "pe2-pe4-igp"
configure vlan pe2-pe4-igp tag 10
configure vlan pe2-pe4-igp add ports 48 tagged  
configure vlan pe2-pe4-igp ipaddress 10.10.100.2 255.255.255.252
enable ipforwarding vlan pe2-pe4-igp
configure ip-mtu 9170 vlan pe2-pe4-igp

#OSFP
configure ospf routerid 10.10.10.32
enable ospf
configure ospf add vlan Loopback0 area 0.0.0.0 
configure ospf vlan Loopback0 cost 1
configure ospf add vlan pe2-pe4-igp area 0.0.0.0 link-type point-to-point 

#MPLS
configure mpls lsr-id 10.10.10.32
enable mpls
enable mpls protocol ldp
enable mpls protocol rsvp-te
configure mpls add vlan "Loopback0"
enable mpls vlan "Loopback0"
enable mpls ldp vlan "Loopback0"
configure mpls add vlan "pe2-pe4-igp"
enable mpls vlan "pe2-pe4-igp"
enable mpls rsvp-te vlan "pe2-pe4-igp"
enable mpls ldp vlan "pe2-pe4-igp"

IGP/LDP configuration of PE1 Juniper MX960:

#interfaces config
lo0 {
    description LOOPBACK;
    unit 0 {
        family inet {                 
            address 10.10.10.1/32 {
                primary;
            }
        }
}
}

#port facing PE2
xe-0/1/2 {
description "PE1-PE2";
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
unit 12 {
    description "PE1-PE2-igp";
    vlan-id 12;
    family inet {
        address 10.10.100.10/30;
    }
}
}
#MPLS
mpls {
    interface lo0.0;
    interface xe-0/1/2.12;
}

#OSPF 
ospf {
    traffic-engineering;
    area 0.0.0.0 {
        interface all {
            disable;
        }
        interface lo0.0 {             
            metric 1;
        }
        interface xe-0/1/2.12 {
            interface-type p2p;
            metric 1;
        }
    }
}

#LDP 

ldp {
    track-igp-metric;
    interface xe-0/1/2.12;
    interface lo0.0;
}

Now we need to check IGP and LDP neighborhood is established everywhere.
PE4:

PE4>display ospf peer 

         OSPF Process 1 with Router ID 10.10.10.33
                 Neighbors 

 Area 0.0.0.0 interface 10.10.100.1(Vlanif10)'s neighbors
 Router ID: 10.10.10.32       Address: 10.10.100.2    
   State: Full  Mode:Nbr is  Slave  Priority: 1
   DR: None   BDR: None   MTU: 9170 
   Dead timer due in 33  sec 
   Retrans timer interval: 6 
   Neighbor is up for 00:04:35   
   Authentication Sequence: [ 0 ] 

                 Neighbors 

 Area 0.0.0.0 interface 10.10.100.5(Vlanif11)'s neighbors
 Router ID: 10.10.10.31      Address: 10.10.100.6    
   State: Full  Mode:Nbr is  Slave  Priority: 1
   DR: None   BDR: None   MTU: 9170 
   Dead timer due in 40  sec 
   Retrans timer interval: 7 
   Neighbor is up for 00:05:58    
   Authentication Sequence: [ 0 ] 

PE4>dis mpls ldp peer 
 
 LDP Peer Information in Public network
 A '*' before a peer means the peer is being deleted.
 ------------------------------------------------------------------------------
 PeerID                 TransportAddress   DiscoverySource
 ------------------------------------------------------------------------------
 10.10.10.32:0           10.10.10.32         Vlanif10
 10.10.10.31:0          10.10.10.31        Vlanif11

PE2:

PE2 # sh ospf neighbor 
Neighbor ID     Pri State       Up/Dead Time      Address  Interface        

==========================================================================================
10.10.10.33     128 FULL      /DROTHER 00:00:07:53/00:00:00:07  10.10.100.1     pe2-pe4-igp
        

10.10.10.1     128 FULL      /DROTHER 00:00:05:31/00:00:00:02  10.10.100.10    pe2-pe1-igp 

  
PE2 # sh mpls ldp peer 
IP Address      LDP Peer             State        Uptime          Adjacencies
10.10.10.32     10.10.10.33:0       Operational  0d:0h:7m:53s      1
10.10.10.32     10.10.10.1:0        Operational  0d:0h:5m:31s     1

PE1:

PE1> show ospf neighbor 
Address          Interface              State     ID               Pri  Dead
10.10.100.9     xe-0/1/2.12             Full      10.10.10.32    128    35
10.10.100.18    xe-0/1/3.14             Full      10.10.10.31    128    33
rt1.msk> show ldp neighbor        
Address            Interface          Label space ID         Hold time
10.10.10.31        xe-0/1/3.14        10.10.10.31:0            37
10.10.10.32        xe-0/1/2.12        10.10.10.32:0            40

So, all OSFP and LDP sessions are established, it’s time to move on to VPLS configuration.

Huawei S6700 only supports Vlan Based VPLS, so the service is bound to the Vlanif interface:

#config of VPLS1-BLUE
#ldp peer config 
mpls ldp remote-peer 10.10.10.1
 remote-ip 10.10.10.1
#
vsi VPLS1-BLUE
 pwsignal ldp
  vsi-id 100
  peer 10.10.10.1
 mtu 9000
 encapsulation ethernet

vlan 100
 description VPLS1-BLUE           
#
interface Vlanif100
 l2 binding vsi VPLS1-BLUE

#interface facing CE3

interface XGigabitEthernet0/0/22
 description VPLS1-BLUE-CE3
 port link-type access
 port default vlan 100
 stp disable
 stp bpdu-filter enable
 stp edged-port enable
 undo ntdp enable
 undo ndp enable
 port discard tagged-packet
 storm-control broadcast min-rate 200 max-rate 350
 storm-control multicast min-rate 2000 max-rate 3500
 storm-control interval 2                 
 storm-control action block
 storm-control enable log

#config of VPLS2-RED
#ldp peer config 
mpls ldp remote-peer 10.10.10.32
 remote-ip 10.10.10.32
#
vsi VPLS2-RED
 pwsignal ldp
  vsi-id 200
  peer 10.10.10.32
 mtu 9000
 encapsulation ethernet

vlan 200
 description VPLS2-RED          
#
interface Vlanif200
 l2 binding vsi VPLS2-RED

#interface facing CE1

interface XGigabitEthernet0/0/21
 description VPLS2-RED-CE1
 port link-type access
 port default vlan 200
 stp disable
 stp bpdu-filter enable
 stp edged-port enable
 undo ntdp enable
 undo ndp enable
 port discard tagged-packet
 storm-control broadcast min-rate 200 max-rate 350
 storm-control multicast min-rate 2000 max-rate 3500
 storm-control interval 2                 
 storm-control action block
 storm-control enable log

PE2 config:

create vlan "CE1-CE4"
configure vlan CE1-CE4 tag 200
configure vlan CE1-CE4 add ports 10 untagged  

disable igmp snooping vlan "CE1-CE4"
disable igmp vlan "CE1-CE4" 
disable igmp proxy-query vlan "CE1-CE4"

create l2vpn vpls vpls-pe2-pe4-CE1-CE4 fec-id-type pseudo-wire 200
configure l2vpn vpls vpls-pe2-pe4-CE1-CE4 add service vlan CE1-CE4
configure l2vpn vpls vpls-pe2-pe4-CE1-CE4 mtu 9170
configure l2vpn vpls vpls-pe2-pe4-CE1-CE4 add peer 10.10.10.33 core full-mesh

PE1 config:

routing-instances {
VPLS1-BLUE {
    instance-type vpls;
    interface ae13.100;
    protocols {
        vpls {
      
      no-tunnel-services;
            vpls-id 100;
            mtu 9000;
            neighbor 10.10.10.33 {
                encapsulation-type ethernet;
            }
        }
    }
}
}

xe-0/3/3 {
   description "CE2";
   unit 0 {
     description "PE1-PE2-igp";
     encapsulation vlan-vpls;
     input-vlan-map pop;
     output-vlan-map push;
     family vpls;
    }
}

Finally, the configuration stage is done, we can start testing and verification.

Checking PE4:

PE4>display vpls connection 

2 total connections, 
connections: 2 up, 0 down, 2 ldp, 0 bgp, 0 bgpad

VSI Name: VPLS1-BLUE                Signaling: ldp
VsiID                 EncapType      PeerAddr        InLabel   OutLabel  VCState
100                 ethernet       10.10.10.1     1136      1168      up     
VSI Name: VPLS2-RED                  Signaling: ldp
VsiID                 EncapType      PeerAddr        InLabel   OutLabel  VCState
200                  ethernet       10.10.10.32      1095      1077      up

PE2:

PE2 # show vpls 
L2VPN Name      VPN ID Flags   Services Name   Peer IP         State Flags 
--------------- ------ ------- --------------- --------------- ----- -------
vpls-pe2-pe4-CE1-CE4   200  EAX--L- CE1-CE4    10.10.10.33     Up    C---V-L

PE1:

PE1> show vpls connections 
Layer-2 VPN connections:

Legend for interface status 
Up -- operational           
Dn -- down

Instance: VPLS1-BLUE
  VPLS-id: 100
    Neighbor                  Type  St     Time last up          # Up trans
    10.10.10.33(vpls-id 100)  rmt   Up     Nov 19 14:45:53 2020           1
      Remote PE: 10.10.10.33, Negotiated control-word: No
      Incoming label: 262145, Outgoing label: 1089
      Negotiated PW status TLV: No
      Local interface: lsi.1049510, Status: Up, Encapsulation: ETHERNET
        Description: Intf - vpls VPLS1-BLUE neighbor 10.10.10.33 vpls-id 100
      Flow Label Transmit: No, Flow Label Receive: No

All instances are up, traffic between CEs is successfully transmitted.

Leave a Reply

Your email address will not be published.