Professional Documents
Culture Documents
NE40E&80E V600R008C10 Configuration Guide - LAN Access and MAN Access 01 PDF
NE40E&80E V600R008C10 Configuration Guide - LAN Access and MAN Access 01 PDF
NE40E&80E V600R008C10 Configuration Guide - LAN Access and MAN Access 01 PDF
V600R008C10
Issue 02
Date 2014-09-30
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Website: http://www.huawei.com
Email: support@huawei.com
Purpose
This manual describes LAN access and MAN access technologies, including principles,
configuration steps, and configuration examples of MAC address, Ethernet, LACP, VLAN,
QinQ, MSTP, BPDU tunnel, and RRPP.
NOTICE
Note the following precautions:
l The encryption algorithms DES/3DES/SKIPJACK/RC2/RSA (RSA-1024 or lower)/MD2/
MD4/MD5 (in digital signature scenarios and password encryption)/SHA1 (in digital
signature scenarios) have a low security, which may bring security risks. If protocols allowed,
using more secure encryption algorithms, such as AES/RSA (RSA-2048 or higher)/SHA2/
HMAC-SHA2, is recommended.
l If the plain parameter is specified, the password will be saved in plaintext in the configuration
file, which has a high security risk. Therefore, specifying the cipher parameter is
recommended. To further improve device security, periodically change the password.
l Do not set both the start and end characters of a password to "%$%$." This causes the
password to be displayed directly in the configuration file.
Related Versions
The following table lists the product versions related to this document.
Intended Audience
This document is intended for:
l Commissioning engineer
l Data configuration engineer
l Network monitoring engineer
l System maintenance engineer
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention Description
Convention Description
&<1-n> The parameter before the & sign can be repeated 1 to n times.
Change History
Changes between document issues are cumulative. The latest document issue contains all the
changes made in earlier issues.
Contents
2.1.1 Introduction...............................................................................................................................................................54
2.1.2 Features of Ethernet Interfaces Supported by the NE80E/40E.................................................................................54
2.2 Configuring Ethernet Interfaces of the Interface Board...............................................................................................58
2.2.1 Before You Start........................................................................................................................................................58
2.2.2 Configuring the MTU of an Ethernet Interface.........................................................................................................58
2.2.3 Configuring the Working Mode of an Ethernet Interface.........................................................................................60
2.2.4 Configuring the Speed of an Ethernet Electrical Interface........................................................................................60
2.2.5 Configuring the GE/FE Optical/Electrical Interface.................................................................................................61
2.2.6 Configuring the LAN/WAN Transmission Mode for a 10 GE Interface..................................................................62
2.2.7 Configuring Remote-Fault Fast Detection................................................................................................................63
2.2.8 Configuring Overhead Bytes of the 10GE WAN Interface.......................................................................................63
2.2.9 Configuring Flow Control on the GE Interface.........................................................................................................64
2.2.10 Configuring Self-Loop Detection on the GE Interface............................................................................................65
2.2.11 Switching the Working Mode of an Ethernet Interface...........................................................................................66
2.2.12 Configuring Ethernet Interfaces to Reserve the Padding Fields in Upstream Packets............................................66
2.2.13 Checking the Configuration.....................................................................................................................................67
2.3 Configuring Ethernet Interfaces of the SRU................................................................................................................68
2.3.1 Before You Start........................................................................................................................................................68
2.3.2 Assigning an IP Address to an Ethernet Interface.....................................................................................................69
2.3.3 Configuring the Working Mode of an Ethernet Electrical Interface.........................................................................70
2.3.4 Configuring the Speed of an Ethernet Electrical Interface........................................................................................70
2.3.5 Configuring the Promiscuity Mode...........................................................................................................................71
2.4 Configuring Ethernet Interfaces Layer 2 Parameters...................................................................................................72
2.4.1 Before You Start........................................................................................................................................................72
2.4.2 Configuring Link Layer Type of an Ethernet Interface.............................................................................................72
2.5 Configuring SmartLink Flush Function.......................................................................................................................73
2.5.1 Before You Start........................................................................................................................................................74
2.5.2 Enabling a Port to Process SmartLink Flush Packets................................................................................................74
2.6 Configuring the Alarm Function on an Ethernet Interface...........................................................................................75
2.6.1 Before You Start........................................................................................................................................................75
2.6.2 Configuring the Alarm Function of Bandwidth Utilization on an Interface.............................................................76
2.6.3 Configuring the Alarm Function of CRC Errors on an Interface..............................................................................77
2.6.4 Configuring the Alarm Function of SDH errors on an Interface...............................................................................77
2.6.5 Configuring the Alarm Function of Error Packets on an Interface...........................................................................78
2.6.6 Configuring the Loopback Alarm Function on an Interface.....................................................................................79
2.6.7 Configuring the Alarm Function for a LocalFault or a RemoteFault on an Interface...............................................79
2.6.8 Configuring the Alarm Function in Cases of Polarity Errors on Electrical Interfaces..............................................80
2.6.9 Checking the Configurations.....................................................................................................................................80
2.7 Maintaining Ethernet Interfaces...................................................................................................................................81
2.7.1 Testing the Loop of Ethernet Interfaces....................................................................................................................81
2.8 Configuration Examples...............................................................................................................................................81
3.7.2 Configuring a VRRP Backup Group to Track the Status of Member Interfaces of an Eth-Trunk Interface in Static
LACP Mode......................................................................................................................................................................148
3.7.3 Configuring an Eth-Trunk Interface in Static LACP Mode associating with an mVRRP Backup Group..............149
3.7.4 Checking the Configurations...................................................................................................................................149
3.8 Associating an Eth-Trunk Interface in Static LACP Mode with a Unicast VRRP Backup Group............................151
3.9 Configuring an E-Trunk.............................................................................................................................................153
3.9.1 Before You Start......................................................................................................................................................153
3.9.2 Creating an E-Trunk and Binding a BFD Session to the E-Trunk..........................................................................155
3.9.3 Adding an Interface to an E-Trunk..........................................................................................................................157
3.9.4 (Optional) Configuring E-Trunk Parameters...........................................................................................................158
3.9.5 (Optional) Configuring a Working Mode for an E-Trunk Member Interface.........................................................162
3.9.6 Checking the Configurations...................................................................................................................................163
3.10 Maintaining Eth-Trunk Interfaces............................................................................................................................165
3.10.1 Clearing the Statistics on an Eth-Trunk Interface..................................................................................................165
3.11 Configuration Examples...........................................................................................................................................166
3.11.1 Example for Configuring Eth-Trunk Interfaces to Work in Static LACP Mode..................................................166
3.11.2 Example for Configuring Eth-Trunk Interfaces to Work in Manual Load Balancing Mode................................171
3.11.3 Example for Configuring an Eth-Trunk Interface in Manual 1:1 Active/Standby Mode......................................174
3.11.4 Example for Configuring an Eth-Trunk Interface to Work in Inter-Board Interface Standby Mode....................180
3.11.5 Example for Configuring VLANs to Communicate Through Eth-Trunk Sub-interfaces.....................................181
3.11.6 Example for Associating Eth-Trunk Interfaces in Static LACP Mode with an mVRRP Backup Group.............186
3.11.7 Example for Configuring Eth-Trunk Interfaces in Static LACP Mode to Communicate over a VLL Network
..........................................................................................................................................................................................197
3.11.8 Example for Configuring an E-Trunk Associated with VPLS..............................................................................206
3.11.9 Example for Configuring an E-Trunk Associated with PW Redundancy.............................................................219
4 VLAN Configuration................................................................................................................234
4.1 VLAN Introduction....................................................................................................................................................236
4.1.1 Introduction.............................................................................................................................................................236
4.1.2 VLAN Features Supported by the NE80E/40E.......................................................................................................242
4.2 Configuring a VLAN Based on Ports.........................................................................................................................248
4.2.1 Before You Start......................................................................................................................................................248
4.2.2 Creating a VLAN.....................................................................................................................................................249
4.2.3 Configuring the Type of a Layer 2 Ethernet Port....................................................................................................250
4.2.4 Adding a Port to a VLAN........................................................................................................................................252
4.2.5 Checking the Configurations...................................................................................................................................253
4.3 Configuring a VLANIF Interface...............................................................................................................................254
4.3.1 Before You Start......................................................................................................................................................254
4.3.2 Creating a VLANIF Interface..................................................................................................................................255
4.3.3 Assigning an IP Address to a VLANIF Interface....................................................................................................255
4.3.4 (Optional) Setting a Delay After Which a VLANIF Interface Goes Down............................................................256
4.3.5 (Optional) Configuring Bandwidth for a VLANIF Interface..................................................................................257
4.3.6 Checking the Configurations...................................................................................................................................257
5 QinQ Configuration..................................................................................................................389
5.1 QinQ Introduction.......................................................................................................................................................391
5.1.1 QinQ Overview........................................................................................................................................................391
5.1.2 QinQ Feature Supported by the NE80E/40E...........................................................................................................392
5.2 Configuring the QinQ Tunnel Function.....................................................................................................................403
5.2.1 Before You Start......................................................................................................................................................403
5.2.2 Creating the Outer VLAN Tag for a Layer 2 Interface...........................................................................................404
5.2.3 Configuring QinQ for a Layer 2 Interface...............................................................................................................404
5.2.4 (Optional) Configuring the Protocol Type for the Outer Tag..................................................................................405
5.2.5 (Optional) Configuring the EtherType Value for VLAN TPIDs.............................................................................406
5.2.6 (Optional) Changing the Ethernet Encapsulation Type for the Outer Tag..............................................................406
5.2.7 (Optional) Configuring a Subcard to Transparently Transmit QinQ Packets Whose EType Values of the Outer TPIDs
Are Not 0x8100................................................................................................................................................................407
5.2.8 Checking the Configurations...................................................................................................................................408
5.3 Configuring Selective QinQ on a Layer 2 Interface...................................................................................................409
5.3.1 Before You Start......................................................................................................................................................409
5.3.2 Creating the Outer VLAN Tag for a QinQ Interface...............................................................................................410
5.3.3 Configuring Selective QinQ Interface on a Layer 2 Interface.................................................................................410
5.3.4 (Optional) Configuring the Protocol Type for the Outer Tag..................................................................................411
5.3.5 (Optional) Configuring the EtherType Value for VLAN TPIDs.............................................................................411
5.3.6 (Optional) Modifying the Protocol Type for the Outer Tag....................................................................................412
5.3.7 (Optional) Configuring a Subcard to Transparently Transmit QinQ Packets Whose EType Values of the Outer TPIDs
Are Not 0x8100................................................................................................................................................................413
5.15.13 Example for Configuring a Sub-interface for QinQ VLAN Tag Termination to Support the Local Connection
..........................................................................................................................................................................................570
5.15.14 Example for Configuring the Sub-interface for dot1q VLAN Tag Termination to Support the DHCP Relay Function
..........................................................................................................................................................................................576
5.15.15 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support the DHCP Relay Function
..........................................................................................................................................................................................580
5.15.16 Example for Configuring Dynamic QinQ...........................................................................................................586
5.15.17 Example for Configuring the Sub-interface for VLAN Stacking to Access a VLL............................................593
5.15.18 Example for Configuring the Sub-interface for QinQ VLAN Stacking to Access a VPLS Network.................604
5.15.19 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support URPF....................617
5.15.20 Example for Configuring the dot1q Termination Sub-interface in a VSI to Support IGMP Snooping..............620
5.15.21 Example for Configuring the QinQ Termination Sub-interface in a VSI to Support IGMP Snooping..............628
5.15.22 Example for Configuring the dot1q Termination Sub-interface to Support IGMP and Access an L3VPN.......636
5.15.23 Example for Configuring the QinQ Termination Sub-interface to Support IGMP and Access an L3VPN........647
5.15.24 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to Support MPLS TE..............655
5.15.25 Example for Configuring the User-Side QinQ....................................................................................................663
5.15.26 Example for Configuring VLAN+802.1p for L2VPN Access (on a Sub-interface for Dot1q VLAN Tag
Termination).....................................................................................................................................................................664
5.15.27 Example for Configuring VLAN+EthType for L2VPN Access (on a Sub-interface for Dot1q VLAN Tag
Termination).....................................................................................................................................................................672
5.15.28 Example for Configuring VLAN+DSCP for L2VPN Access (on a Sub-interface for Dot1q VLAN Tag
Termination).....................................................................................................................................................................680
5.15.29 Example for Configuring QinQ Stacking Sub-interface+802.1p for L2VPN Access.........................................688
5.15.30 Example for Configuring Stacking Sub-interface+EthType for L2VPN Access................................................694
5.15.31 Example for Configuring Stacking Sub-interface+DSCP for L2VPN Access....................................................701
5.15.32 Example for Configuring VLAN+802.1p for L3VPN Access (on a Sub-interface for Dot1q VLAN Tag
Termination).....................................................................................................................................................................708
5.15.33 Example for Configuring VLAN+DSCP for L3VPN Access (on a Sub-interface for Dot1q VLAN Tag
Termination).....................................................................................................................................................................719
6 STP/RSTP Configuration.........................................................................................................731
6.1 STP/RSTP Overview..................................................................................................................................................733
6.1.1 Introduction.............................................................................................................................................................733
6.1.2 STP/RSTP Features Supported by the NE80E/40E................................................................................................738
6.2 Configuring Basic STP/RSTP Functions...................................................................................................................740
6.2.1 Before You Start......................................................................................................................................................740
6.2.2 Configuring the STP/RSTP Mode...........................................................................................................................742
6.2.3 (Optional) Configuring Switching Device Priorities...............................................................................................742
6.2.4 (Optional) Configuring the Path Cost for a Port......................................................................................................743
6.2.5 (Optional) Configuring Port Priorities.....................................................................................................................745
6.2.6 Enabling STP/RSTP................................................................................................................................................745
6.2.7 Checking the Configurations...................................................................................................................................746
6.3 Configuring STP/RSTP Parameters on an Interface..................................................................................................747
6.3.1 Before You Start......................................................................................................................................................749
7 MSTP Configuration.................................................................................................................780
7.1 MSTP Overview.........................................................................................................................................................782
7.1.1 MSTP Introduction..................................................................................................................................................782
7.1.2 MSTP Features Supported by the NE80E/40E........................................................................................................790
7.2 Configuring Basic MSTP Functions...........................................................................................................................795
7.2.1 Before You Start......................................................................................................................................................795
7.2.2 Configuring the MSTP Mode..................................................................................................................................797
7.2.3 Configuring and Activating an MST Region..........................................................................................................798
7.2.4 (Optional) Configuring a Priority for a Switching Device in an MSTI...................................................................799
7.2.5 (Optional) Configuring a Path Cost of a Port in an MSTI.......................................................................................800
7.2.6 (Optional) Configuring a Port Priority in an MSTI.................................................................................................802
7.2.7 Enabling MSTP.......................................................................................................................................................802
7.2.8 Checking the Configurations...................................................................................................................................803
7.3 Configuring MSTP Multi-process..............................................................................................................................804
7.3.1 Before You Start......................................................................................................................................................804
7.3.2 Creating an MSTP Process......................................................................................................................................805
7.3.3 Adding an Interface to an MSTP Process - Access Links.......................................................................................806
7.3.4 Adding an Interface to an MSTP Process - Share Link...........................................................................................807
7.3.5 Configuring Priorities and Root Protection in MSTP Multi-process......................................................................807
7.3.6 Configuring TC Notification in MSTP Multi-process............................................................................................808
7.3.7 Checking the Configurations...................................................................................................................................808
8.2.5 Configuring PE Interfaces Connecting PSNs to Permit Packets with Specified Tags............................................923
8.2.6 Checking the Configurations...................................................................................................................................923
8.3 Configuring VLAN-based BPDU Tunnels.................................................................................................................924
8.3.1 Before You Start......................................................................................................................................................925
8.3.2 Enabling the STP Function on CEs and PEs...........................................................................................................925
8.3.3 Configuring BPDUs from CEs to PEs to Carry Specified Tags..............................................................................926
8.3.4 Configuring VLAN-based BPDU Tunnel...............................................................................................................927
8.3.5 Configuring PE Interfaces Connecting PSN to Permit Packets with Specified Tags..............................................928
8.3.6 Checking the Configurations...................................................................................................................................929
8.4 Configuring QinQ-based BPDU Tunnels...................................................................................................................931
8.4.1 Before You Start......................................................................................................................................................931
8.4.2 Enabling the STP Function on CEs and PEs...........................................................................................................931
8.4.3 Configuring the BPDUs from CEs to PEs to Carry the Specified Tags..................................................................932
8.4.4 Configuring QinQ-based BPDU Tunnel.................................................................................................................933
8.4.5 Configuring PE Interfaces Connecting PSNs to Permit the Packets with Specified Tags......................................935
8.4.6 Checking the Configurations...................................................................................................................................935
8.5 Configuration Examples.............................................................................................................................................937
8.5.1 Example for Configuring Interface-based BPDU Tunnel (Devices of Different Roles).........................................937
8.5.2 Example for Configuring Interface-based BPDU Tunnel (Devices of the Same Role)..........................................944
8.5.3 Example for Configuring VLAN-based Tunnel of BPDUs....................................................................................951
8.5.4 Example for Configuring Tunnel of BPDUs Based on QinQ.................................................................................959
9 RRPP Configuration.................................................................................................................967
9.1 RRPP Introduction......................................................................................................................................................969
9.1.1 Overview of RRPP..................................................................................................................................................969
9.1.2 RRPP Features Supported by the NE80E/40E........................................................................................................969
9.2 Configuring RRPP Functions.....................................................................................................................................973
9.2.1 Before You Start......................................................................................................................................................973
9.2.2 Creating the RRPP Domain.....................................................................................................................................974
9.2.3 Creating the Control VLAN....................................................................................................................................975
9.2.4 (Optional) Setting the Values of RRPP Domain Timers.........................................................................................976
9.2.5 Configuring the Ports on an RRPP Ring.................................................................................................................976
9.2.6 Creating the RRPP Ring..........................................................................................................................................978
9.2.7 Enabling the RRPP Ring.........................................................................................................................................979
9.2.8 Enabling RRPP........................................................................................................................................................979
9.2.9 Checking the Configurations...................................................................................................................................980
9.3 Configuring the Monitoring Interface........................................................................................................................981
9.3.1 Before You Start......................................................................................................................................................981
9.3.2 Setting the Monitoring Interface..............................................................................................................................982
9.3.3 Checking the Configurations...................................................................................................................................983
9.4 Configuring RRPP Snooping......................................................................................................................................984
9.4.1 Before You Start......................................................................................................................................................984
A Glossary....................................................................................................................................1087
B Acronyms and Abbreviations...............................................................................................1094
Each workstation or server that is connected to the Ethernet interface on a device has a unique
Medium Access Control (MAC) address. The MAC address table on the device contains the
MAC addresses of all the other devices that are connected to this device. The MAC address table
is used for data forwarding.
1.2 Configuring the MAC Address Table Based on the VLAN and Layer 2 Interface
If user networks are connected through Layer 2 devices and do not forward data through Layer
3 routing, you can configure a MAC address table based on Layer 2 interfaces and VLANs for
data forwarding. Therefore, user networks can communicate with each other.
1.3 Configuring the MAC Address Table Based on the VSI and Layer 3 Interface
If user networks are connected through a Virtual Private LAN Service (VPLS) network, you can
configure a MAC address table based on Layer 3 interfaces and Virtual Switch Instances (VSIs).
Therefore, user networks can communicate with each other.
This section lists networking requirements, configuration roadmap, and data preparation to
describe the typical application scenarios of MAC address tables, and provides related
configuration files.
0001-0001-0001 10 GE3/0/1
0011-0022-0034 20 GE2/0/4
1011-0022-0034 30 Eth-Trunk 20
If a destination host is added to multiple VLANs, one MAC address corresponds to multiple
VLAN IDs in the MAC forwarding entries on a switch.
entries. As a result, the packets that should be forwarded to authorized users are forwarded
to hackers. To improve interface security, a network administrator can add specific MAC
address entries to the MAC address table to bind the user device to the interface. In this
way, the device can stop the unauthorized users from intercepting data. The configured
MAC address entries take precedence over the automatically generated entries.
Dynamic entries are learned and stored on interface boards. The dynamic entries expire
and are lost after hot swapping or interface-board resetting, or device rebooting.
l Static entries
Static entries are configured by users. They are automatically delivered to each interface
board. Static entries do not expire and are not lost after device rebooting, hot swapping, or
interface-board resetting.
l Blackhole entries
Blackhole entries, configured by users, are used to discard frames containing specified
source and destination MAC addresses. They are delivered to each interface board. The
blackhole entries do not expire and are not lost after device rebooting, hot swapping or
interface-board resetting.
For the MAC address learning limit, refer to the HUAWEI NetEngine80E/40E Router
Configuration Guide - Security.
Applicable Environment
NOTE
The ATM interface cannot be configured on the X1 and X2 models of the NE80E/40E.
Generally, a device automatically creates MAC address tables by learning source addresses.
To enhance the security of an interface, network administrators can manually bind a MAC
address and an interface in the table. This can prevent malicious users with counterfeit MAC
address from logging in to the local device through other switches.
To discard the frames to the specified destination MAC address, configure blackhole entries.
Pre-configuration Tasks
Before configuring the MAC address table based on the VLAN and Layer 2 interface, complete
the following tasks:
l Create a VLAN.
l Ensure that the Layer 2 ports in the MAC address entries are added to the VLAN.
l Ensure that the mapping between the virtual ethernet (VE) interface and the permanent
virtual channel (PVC) of the asynchronous transfer mode (ATM) interface is established
if the outbound interface is a VE interface.
NOTE
For the configuration of the mapping between the VE interface and the PVC of the ATM interface, refer
to the HUAWEI NetEngine80E/40E Router Configuration Guide - WAN Access.
Data Preparation
To configure the MAC address table based on the VLAN and Layer 2 interface, you need the
following data.
No. Data
Procedure
Step 1 Run:
system-view
----End
Follow-up Procedure
After a board or an interface card is removed, the static MAC address entries configured on its
interfaces are saved as temporary MAC address entries. If the board or interface card is re-
inserted, the static MAC address entries are restored.
However, if the board or interface card do not need to be re-inserted, the temporary MAC address
entries are useless and still occupy the MAC address resources of the system. In this situation,
run the undo mac-address temporary command to delete all temporary MAC address entries
in the system.
Context
NOTE
The ATM interface cannot be configured on the X1 and X2 models of the NE80E/40E.
Perform the following steps on the router where the VLAN is created:
Procedure
Step 1 Run:
system-view
l You can add only unicast MAC addresses rather than multicast MAC addresses or special
MAC addresses to a MAC address table. Special MAC addresses are reserved for special
usage, such as MAC addresses of special packets.
l The VE interface must be a switched interface. In addition, the VE interface must be
associated with the VLAN specified by vlan-id. That is, the VLAN contains this VE interface;
or this VE interface is added to VLAN by default.
l The mapping between the VE interface and the permanent virtual channel (PVC) of the
asynchronous transfer mode (ATM) interface is established, and the VE interface is added
to the specified VLAN.
l A maximum of 1024 non-dynamic entries can be added.
----End
Prerequisites
The MAC address table based on the VLAN and layer 2 interface has been configured.
Procedure
l Run the following commands to check information about all MAC address entries.
– Run the display mac-address mac-address [ vlan vlan-id | vsi vsi-name ] [ verbose ]
command.
– Run the display mac-address [ { vlan vlan-id | vsi vsi-name } | interface-type interface-
number ] * [ verbose ] command.
l Run the display mac-address blackhole [ vlan vlan-id | vsi vsi-name ] to check information
about black-hole MAC address entries.
l Run the display mac-address static [ { vlan vlan-id | vsi vsi-name } | interface-type
interface-number ] * [ verbose ] to check information about static MAC address entries.
l Run the following commands to check information about dynamic MAC address entries.
– Run the display mac-address dynamic [ [ slot ] slot-id | source-slot source-slot-id ]
* [ verbose ] command.
– Run the display mac-address dynamic [ [ slot ] slot-id ] { { vlan vlan-id | vsi vsi-
name } | interface-type interface-number } * [ verbose ] command.
– Run the display mac-address dynamic [ [ slot ] slot-id ] vsi vsi-name [ peer peer-ip
pw-id pw-id ] [ verbose ] command.
l Run the display mac-address summary command to check statistic information about
MAC address entries.
----End
Example
Run the display mac-address command. You can view the information about the MAC address,
the outbound interface corresponding to the MAC address, and the MAC address type. For
example:
<HUAWEI> display mac-address
MAC address table of slot 0:
--------------------------------------------------------------------------------
MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID
VSI/SI MAC-Tunnel
--------------------------------------------------------------------------------
0011-2233-4455 abc 1 - GE1/0/1.10 static 2/-
0002-0002-0002 2 - - GE2/0/1 static -
--------------------------------------------------------------------------------
Total matching items on slot 0 displayed = 2
Run the display mac-address summary command to display all the statistics of the MAC
address entries. Such as:
1 1 0 0 1
2 0 0 0 0
-------------------------------------------------
Applicable Environment
NOTE
The ATM interface cannot be configured on the X1 and X2 models of the NE80E/40E.
In a Virtual Private LAN Service (VPLS) network, provider edges (PEs) learn MAC addresses.
A PE learns the MAC address of the remote PE through the pseudo wire (PW) and learns the
MAC address of the customer edge (CE) that directly accesses the PE through the Attachment
Circuit (AC). In this manner, the PE automatically establishes the MAC address table.
To improve the network security, configure the mapping between the MAC address of the CE
and the PE interface in the MAC address table of the PE, that is, the static MAC address entries
on the AC side. On the PE, binding a MAC address to an interface can prevent illegal users from
accessing the network.
To discard the frames to the specified destination MAC address, configure blackhole entries.
NOTE
For concepts and configurations in VPLS, refer to the "VPLS Configuration" in the NE80E/40E
Configuration Guide - VPN.
Pre-configuration Tasks
Before configuring the MAC address table based on the virtual switching instance (VSI) and
Layer 3 interface, complete the following tasks:
l Configure the VPLS and binding the VSI to the outbound interface.
l Establish the mapping between the VE interface and the PVC of the ATM interface if the
outbound interface is a VE interface.
l Configure the sub-interface with dot1q termination or QinQ termination or qinq stacking
or vlan-type dot1q if the outbound interface is a sub-interface.
NOTE
l For the configuration of the mapping between the VE interface and the PVC of the ATM interface,
refer to the HUAWEI NetEngine80E/40E Router Configuration Guide - WAN Access.
l For the configuration of dot1q termination or QinQ termination or qinq stacking on a sub-interface,
refer to QinQ Configuration.
Data Preparation
To configure the MAC address table based on the VSI and Layer 3 interface, you need the
following data.
No. Data
1 VSI name
2 MAC addresses
4 PE VLAN ID
5 CE VLAN ID
Context
Perform the following steps on the equipment where the VSI is created:
Procedure
Step 1 Run:
system-view
Step 2 Run:
mac-address static mac-address interface-type interface-number vsi vsi-name [ pe-
vid pe-vid [ ce-vid ce-vid ] ]
l You can add only unicast MAC addresses rather than multicast MAC addresses or special
MAC addresses to a MAC address table. Special MAC addresses are reserved for special
usage, such as MAC addresses of special packets.
l The interface type can be Ethernet interface, Ethernet sub-interface, GE interface, GE sub-
interface, Eth-Trunk interface, or Eth-Trunk sub-interface.
l Ensure that the interface in this command is bound to the VSI specified by vsi-name.
l When pe-vid is used, the interface specified by interface-type interface-number must be a
sub-interface. In addition, this sub-interface must be configured with dot1q termination, qinq
stacking or vlan-type dot1q and bound to the VSI.
NOTE
The parameter pe-vid must be configured when configuring static MAC address entries based on the
sub-interface of qinq stacking, or the traffic would be blocked.
l When pe-vid and ce-vid are used, the interface specified by interface-type interface-
number must be a sub-interface. In addition, this sub-interface must be configured with QinQ
termination and bound to the VSI.
l A maximum of 1024 non-dynamic entries can be added.
Step 3 Run:
mac-address blackhole mac-address vsi vsi-name
----End
Follow-up Procedure
After a board or an interface card is removed, the static MAC address entries configured on its
interfaces are saved as temporary MAC address entries. If the board or interface card is re-
inserted, the static MAC address entries are restored.
However, if the board or interface card do not need to be re-inserted, the temporary MAC address
entries are useless and still occupy the MAC address resources of the system. In this situation,
run the undo mac-address temporary command to delete all temporary MAC address entries
in the system.
Context
Perform the following steps on the equipment where the VSI is created:
Procedure
Step 1 Run:
system-view
Step 2 Run:
mac-address static mac-address interface-type interface-number vlanif interface-
number vsi vsi-name
l You can add only unicast MAC addresses rather than multicast MAC addresses or special
MAC addresses to a MAC address table. Special MAC addresses are reserved for special
usage, such as MAC addresses of special packets.
l The interface-type can be Ethernet interface, GE interface, or Eth-Trunk interface.
l The interface specified by interface-type interface-number is added to the VLAN
corresponding to the VLANIF interface, and the VLANIF interface is bound to the specified
VSI.
l A maximum of 1024 non-dynamic entries can be added.
Step 3 Run:
mac-address blackhole mac-address { vlan vlan-id | vsi vsi-name
----End
Prerequisites
The MAC address table based on the VSI and layer 3 interface has been configured.
Procedure
l Run the following commands to check information about all MAC address entries.
– Run the display mac-address mac-address [ vlan vlan-id | vsi vsi-name ] [ verbose ]
command.
– Run the display mac-address [ { vlan vlan-id | vsi vsi-name } | interface-type interface-
number ] * [ verbose ] command.
l Run the display mac-address blackhole [ vlan vlan-id | vsi vsi-name ] to check information
about black-hole MAC address entries.
l Run the display mac-address static [ { vlan vlan-id | vsi vsi-name } | interface-type
interface-number ] * [ verbose ] to check information about static MAC address entries.
l Run the following commands to check information about dynamic MAC address entries.
– Run the display mac-address dynamic [ [ slot ] slot-id | source-slot source-slot-id ]
* [ verbose ] command.
– Run the display mac-address dynamic [ [ slot ] slot-id ] { { vlan vlan-id | vsi vsi-
name } | interface-type interface-number } * [ verbose ] command.
– Run the display mac-address dynamic [ [ slot ] slot-id ] vsi vsi-name [ peer peer-ip
pw-id pw-id ] [ verbose ] command.
l Run the display mac-address summary command to check statistic information about
MAC address entries.
----End
Example
Run the display mac-address command. If information about the MAC address, the outbound
interface corresponding to the MAC address, and the MAC address type is displayed, it means
that the configuration succeeds. For example:
<HUAWEI> display mac-address
MAC address table of slot 0:
--------------------------------------------------------------------------------
MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID
VSI/SI MAC-Tunnel
--------------------------------------------------------------------------------
0011-2233-4455 abc 1 - GE1/0/1.10 static 2/-
0002-0002-0002 2 - - GE2/0/1 static -
--------------------------------------------------------------------------------
Total matching items on slot 0 displayed = 2
Run the display mac-address summary command to display all the statistics of the MAC
address entries. Such as:
<HUAWEI> display mac-address summary
-------------------------------------------------------------
Slot Total Blackhole Static Dynamic
------------------------------------------------
1 1 0 0 1
2 0 0 0 0
------------------------------------------------
Applicable Environment
After the network topology changes, dynamic MAC entries are not automatically updated in
time. In this case, user traffic cannot be normally forwarded because the device cannot learn the
new MAC address.
Therefore, you need to configure the aging time of dynamic MAC addresses. When the set aging
time expires, dynamic MAC address entries are automatically deleted. The device re-learns
MAC addresses to generate a new dynamic MAC address type.
The aging time is valid only on dynamic MAC address entries.
The configurations in this section are optional.
Pre-configuration Tasks
None
Data Preparation
To configure the aging time of a MAC address table, you need the following data.
No. Data
1 Aging time
Context
Perform the following steps on all the devices:
Procedure
Step 1 Run:
system-view
The aging time ranges from 60 to 1000000 seconds. The default is 300 seconds.
----End
Prerequisites
The aging time of a MAC address table has been configured.
Procedure
Step 1 Run the display mac-address aging-time [ vlan [ vlanid ] | vsi [ name name ] ] command to
check the aging time of MAC address entries.
----End
Example
Run the display mac-address aging-time command. If the aging time of MAC address entries
is displayed, it means that the configuration succeeds. For example:
<HUAWEI> display mac-address aging-time
Aging time: 300 seconds
<HUAWEI> display mac-address aging-time vlan 10
Vlan Aging Time(sec)
10 100
Context
Media Access Control (MAC) address synchronization is applicable to the following usage
scenarios:
l When pseudo wires (PWs) carry services, each PW is built over two label switched paths
(LSPs) or traffic engineering (TE) tunnels in opposite directions, because PWs are
bidirectional and LSPs and TE tunnels are unidirectional. If the LSPs or TE tunnels reside
on different boards, MAC address entries must be synchronized on the boards. If MAC
address entries are not synchronized, the board that receives traffic can learn the source
MAC address of the traffic, but the board that replies cannot. As a result, return traffic is
lost.
l When an Eth-Trunk interface whose member interfaces reside on different boards is used
to transmit traffic, MAC address entries must be synchronized on the boards. If MAC
address entries are not synchronized, the board that receives traffic can learn the source
MAC address of the traffic, but the board that replies cannot. As a result, return traffic is
lost.
By default, MAC addresses are synchronized periodically in the system. Specifically, the system
periodically broadcasts and synchronizes the MAC addresses it has learned on all boards.
However, when an inbound interface learns a new MAC address, the system may not be able to
synchronize the MAC address on all boards in time. To address this problem, you can configure
immediate MAC address synchronization on the device so that the system can update MAC
address entries on all boards whenever it learns a new MAC address.
Procedure
Step 1 Run:
system-view
Step 2 Run:
mac-address phy-port synchronize enable
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
mac-address-usage threshold threshold [ slot slot-number ]
----End
Example
Run the display mac-address-usage command in the user view to view the usage of the MAC
address table.
<HUAWEI> display mac-address-usage
MAC address usage information:
Slot # Type Use-Rate Threshold
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
0 MPU 0% 13%
2 LPU 0% 13%
3 LPU 0% 13%
6 LPU 0% 13%
Context
After the network topology changes, the router's failure to learn new MAC addresses interrupts
the forwarding of user traffic if the dynamic MAC entries are not refreshed in time.
Procedure
l To delete the dynamic MAC entries based on a VLAN, run the undo mac-address
dynamic vlan vlan-id command.
l To delete the dynamic MAC entries based on a VSI, run the undo mac-address
dynamic vsi vsi-name command.
l To delete the dynamic MAC entries based on a port, run the undo mac-address
dynamic { ethernet | gigabitethernet | eth-trunk } interface-number command.
l To delete the dynamic MAC entries based on a port in a VLAN, run the undo mac-address
dynamic { ethernet | gigabitethernet | eth-trunk } interface-number vlan vlan-id
command.
l To delete the dynamic MAC entries based on a port and the VSI, run the undo mac-address
dynamic { ethernet | gigabitethernet | eth-trunk } interface-number vsi vsi-name
command.
----End
NOTE
This document takes interface numbers and link types of the NE40E-X8 as an example. In working
situations, the actual interface numbers and link types may be different from those used in this document.
Networking Requirements
A device learns source MAC addresses and then creates a MAC address table. MAC address
learning, however, cannot identify whether the packets are from legal users or hackers, which
brings security risks.
To improve interface security, a network administrator can manually add specific MAC address
entries to the MAC address table. The MAC addresses of user devices and interfaces are then
bound to prevent illegal users from obtaining data.
On the network shown in Figure 1-1, static MAC address entries can be configured to be bound
to interfaces, preventing attacks.
Figure 1-1 Networking diagram of configuring the MAC address table based on the interface
and VLAN
PE
GE1/0/1 GE1/0/2
GE1/0/2 GE1/0/2
CE1 CE2
GE1/0/1 GE1/0/1
Configuration Roadmap
The configuration roadmap is as follows:
1. Create a VLAN on each CE.
2. Configure interface attributes and associate each interface with the VLAN on each CE and
the PE.
3. Configure static MAC address entries on the PE, and bind them to interfaces.
Data Preparation
To complete the configuration, you need the following data:
l User VLAN ID
l MAC address of each CE
In this example, CE1's MAC address is 0011-2233-44aa, and CE2's MAC address is
0011-2233-44bb.
Procedure
Step 1 Create VLANs.
# Configure CE 1.
<HUAWEI> system-view
<HUAWEI> sysname CE1
[CE1] vlan 2
[CE1-vlan2] quit
# Configure CE 2.
<HUAWEI> system-view
<HUAWEI> sysname CE2
[CE2] vlan 2
[CE2-vlan2] quit
# Configure PE.
<HUAWEI> system-view
<HUAWEI> sysname PE
[PE] vlan 2
[PE-vlan2] quit
Step 2 Configure interface attributes and associate the interface to the VLAN.
# Configure CE 1.
[CE1] interface gigabitethernet 1/0/1
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] port link-type access
[CE1-GigabitEthernet1/0/1] port default vlan 2
[CE1-GigabitEthernet1/0/1] quit
[CE1] interface gigabitethernet 1/0/2
[CE1-GigabitEthernet1/0/2] undo shutdown
[CE1-GigabitEthernet1/0/2] portswitch
[CE1-GigabitEthernet1/0/2] port link-type trunk
[CE1-GigabitEthernet1/0/2] port trunk allow-pass vlan 2
[CE1-GigabitEthernet1/0/2] quit
# Configure CE 2.
# Configure PE.
[PE] interface gigabitethernet 1/0/1
[PE-GigabitEthernet1/0/1] undo shutdown
[PE-GigabitEthernet1/0/1] portswitch
[PE-GigabitEthernet1/0/1] port link-type trunk
[PE-GigabitEthernet1/0/1] port trunk allow-pass vlan 2
[PE-GigabitEthernet1/0/1] quit
[PE] interface gigabitethernet 1/0/2
[PE-GigabitEthernet1/0/2] undo shutdown
[PE-GigabitEthernet1/0/2] portswitch
[PE-GigabitEthernet1/0/2] port link-type trunk
[PE-GigabitEthernet1/0/2] port trunk allow-pass vlan 2
[PE-GigabitEthernet1/0/2] quit
# After completing the preceding configurations, run the display mac-address static command
on the PE. The configured static MAC address entries are displayed.
[PE] display mac-address static
MAC address table of slot 1:
-------------------------------------------------------------------------------
MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID
VSI/SI MAC-Tunnel
-------------------------------------------------------------------------------
0011-2233-44aa 2 - - GE1/0/1 static -
0011-2233-44bb 2 - - GE1/0/2 static -
-------------------------------------------------------------------------------
Total matching items on slot 1 displayed = 2
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 2
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type access
port default vlan 2
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 2
#
return
l Configuration file of PE
#
sysname PE
#
vlan batch 2
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 2
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 2
#
mac-address static 0011-2233-44aa GigabitEthernet1/0/1 vlan 2
mac-address static 0011-2233-44bb GigabitEthernet1/0/2 vlan 2
#
return
Networking Requirements
As shown in Figure 1-2, in a VPLS networking, PEs are connected to CEs through dot1q
termination sub-interfaces.
On PE1, set the user who accesses PE1 through CE1 and whose MAC address is 0011-2233-4455
as a static MAC entry. This helps to prevent unauthorized users from accessing the VPLS
network.
Figure 1-2 Networking diagram of configuring the MAC address table based on the dot1q
termination sub-interface and VSI
Loopback1 Loopback1 Loopback1
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
POS2/0/0 POS1/0/0
PE1 192.168.1.1/30 192.168.2.2/30
PE2
POS1/0/0 POS2/0/0
GE1/0/0.1 192.168.1.2/30 P 192.168.2.1/30 GE2/0/0.1
GE1/0/2 GE1/0/2
MAC:0011-2233-4455
PC1 PC2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a VPLS network.
2. Bind the dot1q termination sub-interface to the VSI
3. Configure static MAC address entries.
Data Preparation
To complete the configuration, you need the following data:
l MAC address of the user: 0011-2233-4455
l VSI named ldp1
Procedure
Step 1 Configure IGP on the MPLS backbone network. OSPF is used in this example.
According to Figure 1-2 configure the addresses for the interfaces on PE and P. Configure OSPF
to advertise the addresses of the loopback interfaces on PE1, P, and PE2.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] interface pos 2/0/0
[PE1-Pos2/0/0] ip address 192.168.1.1 30
[PE1-Pos2/0/0] undo shutdown
[PE1-Pos2/0/0] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.3
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.9 32
[P-LoopBack1] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] ip address 192.168.1.2 30
[P-Pos1/0/0] undo shutdown
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] ip address 192.168.2.1 30
[P-Pos2/0/0] undo shutdown
[P-Pos2/0/0] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.3
[P-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.3
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.9 32
[PE2-LoopBack1] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] ip address 192.168.2.2 30
[PE2-Pos1/0/0] undo shutdown
[PE2-Pos1/0/0] quit
[PE21] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.3
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
After this step, PE1 and PE2 learn the route to the loopback interface of the peer through the
OSPF protocol. PE1 and PE2 can ping through each other.
Step 2 Enable the basic MPLS capabilities and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 2/0/0
[PE1-Pos2/0/0] mpls
[PE1-Pos2/0/0] mpls ldp
[PE1-Pos2/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] mpls
[P-Pos1/0/0] mpls ldp
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] mpls
[P-Pos2/0/0] mpls ldp
[P-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] mpls
[PE2-Pos1/0/0] mpls ldp
[PE2-Pos1/0/0] quit
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration, the sessions between PE1 and PE2 are set up. Running the display mpls
ldp session command, you can view that the Status field is "Operational".
# Configure PE1.
[PE1] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn
Step 5 Create VSIs and specify LDP as the signaling protocol on VSIs.
# Configure PE1.
[PE1] vsi ldp1 static
[PE1-vsi-ldp1] pwsignal ldp
[PE1-vsi-ldp1-ldq] vsi-id 1
[PE1-vsi-ldp1-ldq] peer 3.3.3.9
[PE1-vsi-ldp1-ldq] quit
[PE1-vsi-ldp1] quit
# Configure PE2.
[PE2] vsi ldp1 static
[PE2-vsi-ldp1] pwsignal ldp
[PE2-vsi-ldp1-ldq] vsi-id 1
[PE2-vsi-ldp1-ldq] peer 1.1.1.9
[PE2-vsi-ldp1-ldq] quit
[PE2-vsi-ldp1] quit
# Configure PE1.
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] mode user-termination
[PE1-GigabitEthernet1/0/0] undo shutdown
[PE1-GigabitEthernet1/0/0] quit
# Configure PE2.
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] mode user-termination
[PE2-GigabitEthernet2/0/0] undo shutdown
[PE2-GigabitEthernet2/0/0] quit
Step 7 Configure the sub-interface for dot1q VLAN tag termination and bind VSIs and AC interfaces.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/0.1
[PE1-GigabitEthernet1/0/0.1] control-vid 1 dot1q-termination
[PE1-GigabitEthernet1/0/0.1] dot1q termination vid 10
[PE1-GigabitEthernet1/0/0.1] l2 binding vsi ldp1
[PE1-GigabitEthernet1/0/0.1] undo shutdown
[PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2.
[PE2] interface gigabitethernet 2/0/0.1
[PE2-GigabitEthernet2/0/0.1] control-vid 1 dot1q-termination
[PE2-GigabitEthernet2/0/0.1] dot1q termination vid 10
[PE2-GigabitEthernet2/0/0.1] l2 binding vsi ldp1
[PE2-GigabitEthernet2/0/0.1] undo shutdown
[PE2-GigabitEthernet2/0/0.1] quit
NOTE
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1]interface gigabitethernet 1/0/1
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] quit
[CE1] vlan 10
[CE1-vlan10] port gigabitethernet 1/0/1
[CE1-vlan10] quit
[CE1]interface gigabitethernet 1/0/2
[CE1-GigabitEthernet1/0/2] portswitch
[CE1-GigabitEthernet1/0/2] undo shutdown
[CE1-GigabitEthernet1/0/2] port trunk allow-pass vlan 10
[CE1-GigabitEthernet1/0/2] quit
# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2]interface gigabitethernet 1/0/1
[CE2-GigabitEthernet1/0/1] portswitch
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] quit
[CE2] vlan 10
[CE2-vlan10] port gigabitethernet 1/0/1
[CE2-vlan10] quit
[CE2]interface gigabitethernet 1/0/2
[CE2-GigabitEthernet1/0/2] portswitch
[CE2-GigabitEthernet1/0/2] undo shutdown
[CE2-GigabitEthernet1/0/2] port trunk allow-pass vlan 10
[CE2-GigabitEthernet1/0/2] quit
Step 9 Configure the MAC address table based on the dot1q termination sub-interface and VSI.
[PE1] mac-address static 0011-2233-4455 gigabitethernet 1/0/0.1 vsi ldp1 pe-vid 10
# After completing the preceding configurations, run the display mac-address static command
on the PE1. The configured static MAC address entries are displayed.
[PE1] display mac-address static
MAC address table of slot 1:
--------------------------------------------------------------------------------
MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-
ID
VSI/SI MAC-Tunnel
--------------------------------------------------------------------------------
0011-2233-4455 ldp1 10 - GE1/0/0.1 static -
--------------------------------------------------------------------------------
Total matching items on slot 1 displayed = 1
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 3.3.3.9
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/0.1
undo shutdown
control-vid 1 dot1q-termination
dot1q termination vid 10
l2 binding vsi ldp1
#
interface Pos2/0/0
undo shutdown
ip address 192.168.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 192.168.1.0 0.0.0.3
#
mac-address static 0011-2233-4455 gigabitethernet 1/0/0.1 vsi ldp1 pe-vid 10
#
return
l Configuration file of P
#
sysname P
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Pos1/0/0
undo shutdown
ip address 192.168.1.2 255.255.255.252
mpls
mpls ldp
#
interface Pos2/0/0
undo shutdown
ip address 192.1168.2.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 192.168.1.0 0.0.0.3
network 192.168.2.0 0.0.0.3
#
return
undo shutdown
ip address 192.168.2.2 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 192.168.2.0 0.0.0.3
#
return
Networking Requirements
As shown in Figure 1-3, in a VPLS networking, PEs are connected to CEs through QinQ
termination sub-interfaces.
On PE1, set the user who accesses PE1 through CE1 and whose MAC address is 0011-2233-4455
as a static MAC entry.
Figure 1-3 Networking diagram of configuring the MAC address table based on the qinq
termination sub-interface and VSI
Loopback1 Loopback1 Loopback1
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
POS2/0/0 POS1/0/0
192.168.1.1/30 192.168.2.2/30
PE1 PE2
POS1/0/0 POS2/0/0
GE1/0/0.1 192.168.1.2/30 P 192.168.2.1/30 GE2/0/0.1
GE1/0/2 GE1/0/2
PC1 PC2
MAC:0011-2233-4455
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a VPLS network.
2. Bind the QinQ termination sub-interface to the VSI
3. Configure static MAC address entries.
Data Preparation
To complete the configuration, you need the following data:
l MAC address of the user: 0011-2233-4455
l VSI named ldp1
Procedure
Step 1 Configure IGP on the MPLS backbone network. OSPF is used in this example.
According to Figure 1-3 configure the addresses for the interfaces on PE and P. Configure OSPF
to advertise the addresses of the loopback interfaces on PE1, P, and PE2.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] interface pos 2/0/0
[PE1-Pos2/0/0] ip address 192.168.1.1 30
[PE1-Pos2/0/0] undo shutdown
[PE1-Pos2/0/0] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.3
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.9 32
[P-LoopBack1] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] ip address 192.168.1.2 30
[P-Pos1/0/0] undo shutdown
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] ip address 192.168.2.1 30
[P-Pos2/0/0] undo shutdown
[P-Pos2/0/0] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.3
[P-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.3
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.9 32
[PE2-LoopBack1] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] ip address 192.168.2.2 30
[PE2-Pos1/0/0] undo shutdown
[PE2-Pos1/0/0] quit
[PE21] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.3
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
After this step, PE1 and PE2 learn the route to the loopback interface of the peer through the
OSPF protocol. PE1 and PE2 can ping through each other.
Step 2 Enable the basic MPLS capabilities and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 2/0/0
[PE1-Pos2/0/0] mpls
[PE1-Pos2/0/0] mpls ldp
[PE1-Pos2/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] mpls
[P-Pos1/0/0] mpls ldp
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] mpls
[P-Pos2/0/0] mpls ldp
[P-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] mpls
[PE2-Pos1/0/0] mpls ldp
[PE2-Pos1/0/0] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration, the sessions between PE1 and PE2 are set up. Running the display mpls
ldp session command, you can view that the Status field is "Operational".
For example, the following displays the session information on PE1:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
------------------------------------------------------------------------------
Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Passive 000:00:04 18/18
3.3.3.9:0 Operational DU Passive 000:00:00 2/2
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
# Configure PE2.
[PE2] mpls l2vpn
# Configure PE2.
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] mode user-termination
[PE2-GigabitEthernet2/0/0] undo shutdown
[PE2-GigabitEthernet2/0/0] quit
Step 6 Create VSIs and specify LDP as the signaling protocol on VSIs.
# Configure PE1.
[PE1] vsi ldp1 static
[PE1-vsi-ldp1] pwsignal ldp
[PE1-vsi-ldp1-ldq] vsi-id 1
[PE1-vsi-ldp1-ldq] peer 3.3.3.9
[PE1-vsi-ldp1-ldq] quit
[PE1-vsi-ldp1] quit
# Configure PE12.
Step 7 Configure the sub-interface for qinq VLAN tag termination and bind VSIs and AC interfaces.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/0.1
[PE1-GigabitEthernet1/0/0.1] control-vid 1 qinq-termination
[PE1-GigabitEthernet1/0/0.1] qinq termination l2 symmetry
[PE1-GigabitEthernet1/0/0.1] qinq termination pe-vid 10 ce-vid 100 to 200
[PE1-GigabitEthernet1/0/0.1] l2 binding vsi ldp1
[PE1-GigabitEthernet1/0/0.1] undo shutdown
[PE1-GigabitEthernet1/0/0.1] quit
# Configure PE21.
[PE2] interface gigabitethernet 2/0/0.1
[PE1-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination
[PE1-GigabitEthernet2/0/0.1] qinq termination l2 symmetry
[PE1-GigabitEthernet2/0/0.1] qinq termination pe-vid 10 ce-vid 100 to 200
[PE2-GigabitEthernet2/0/0.1] l2 binding vsi ldp1
[PE2-GigabitEthernet2/0/0.1] undo shutdown
[PE2-GigabitEthernet2/0/0.1] quit
NOTE
When the qinq termination command is used, the ranges of ce-vid cannot overlap if pe-vid of two sub-
interfaces is the same.
Step 8 Configure QinQ and set the packets sent from the switch to the PE to carry double tags.
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1]vlan batch 100 to 200
[CE1]interface gigabitethernet 1/0/1.1
[CE1-GigabitEthernet1/0/1.1] undo shutdown
[CE1-GigabitEthernet1/0/1.1] ip address 10.1.1.1 24
[CE1-GigabitEthernet1/0/1.1] vlan-type dot1q 100 200
[CE1-GigabitEthernet1/0/1.1] quit
# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2]vlan batch 100 to 200
[CE2]interface gigabitethernet 1/0/1.1
[CE2-GigabitEthernet1/0/1.1] undo shutdown
[CE2-GigabitEthernet1/0/1.1] ip address 10.1.1.2 24
[CE2-GigabitEthernet1/0/1.1] vlan-type dot1q 100 200
[CE2-GigabitEthernet1/0/1.1] quit
# Configure Switch 1.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1]interface gigabitethernet 1/0/1
[Switch1-GigabitEthernet1/0/1] portswitch
[Switch1-GigabitEthernet1/0/1] undo shutdown
[Switch1-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[Switch1-GigabitEthernet1/0/1] quit
[Switch1]interface gigabitethernet 1/0/2
[Switch1-GigabitEthernet1/0/2] portswitch
[Switch1-GigabitEthernet1/0/2] undo shutdown
[Switch1-GigabitEthernet1/0/2] port vlan-stacking vlan 100 to 200 stack-vlan 10
[Switch1-GigabitEthernet1/0/2] quit
# Configure Switch 2.
<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2]interface gigabitethernet 1/0/1
[Switch2-GigabitEthernet1/0/1] portswitch
[Switch2-GigabitEthernet1/0/1] undo shutdown
[Switch2-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[Switch2-GigabitEthernet1/0/1] quit
[Switch2]interface gigabitethernet 1/0/2
[Switch2-GigabitEthernet1/0/2] portswitch
[Switch2-GigabitEthernet1/0/2] undo shutdown
[Switch2-GigabitEthernet1/0/2] port vlan-stacking outside-vlan 100 to 200 stack-
vlan 10
[Switch2-GigabitEthernet1/0/2] quit
NOTE
If the device does not support the port vlan-stacking command, you can run the commands port link-
type dot1q-tunnel and port default vlan to configure QinQ.
Step 9 Configure the MAC address table based on the qinq termination sub-interface and VSI.
[PE1] mac-address static 0011-2233-4455 gigabitethernet 1/0/0.1 vsi ldp1 pe-vid 10
ce-vid 100
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 3.3.3.9
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/0.1
control-vid 1 qinq-termination
qinq termination l2 symmetry
qinq termination pe-vid 10 ce-vid 100 to 200
l2 binding vsi ldp1
#
interface Pos2/0/0
undo shutdown
ip address 192.168.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 192.168.1.0 0.0.0.3
#
mac-address static 0011-2233-4455 gigabitethernet 1/0/0.1 vsi ldp1 pe-vid 10
ce-vid 100
#
return
l Configuration file of P
#
sysname P
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Pos1/0/0
undo shutdown
ip address 192.168.1.2 255.255.255.252
mpls
mpls ldp
#
interface Pos2/0/0
undo shutdown
ip address 192.1168.2.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 192.168.1.0 0.0.0.3
network 192.168.2.0 0.0.0.3
#
return
undo shutdown
port trunk allow-pass vlan 10
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port vlan-stacking vlan 100 to 200 stack-vlan 10
#
return
Networking Requirements
As shown in Figure 1-4, in a VPLS networking, PEs are connected to CEs through a VLANIF
interface.
On PE1, set the user who accesses PE1 through CE1 and whose MAC address is 0011-2233-4455
as a static MAC entry.
Figure 1-4 Networking diagram of configuring the MAC address table based on the VLANIF
interface and VSI
Loopback1 Loopback1 Loopback1
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
POS2/0/0 POS1/0/0
192.168.1.1/30 192.168.2.2/30
PE1 PE2
POS1/0/0 POS2/0/0
GE1/0/1 192.168.1.2/30 P 192.168.2.1/30 GE2/0/0
VLANIF10 VLANIF10
GE1/0/2 GE1/0/2
MAC:0011-2233-4455
PC1 PC2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a VPLS network.
2. Configure a VLAN and create a VLANIF interface.
3. Bind the VLANIF interface to the VSI.
4. Configure static MAC address entries.
Data Preparation
To complete the configuration, you need the following data:
l MAC address of the user PC1
l GE 1/0/1, an interface in VLAN 10
l VLANIF 10, an interface on PE1
l VSI named abc
Procedure
Step 1 Configure IGP on the MPLS backbone network. OSPF is used in this example.
According to Figure 1-4 configure the addresses for the interfaces on PE and P. Configure OSPF
to advertise the addresses of the loopback interfaces on PE1, P, and PE2.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface loopback 1
# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.9 32
[P-LoopBack1] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] ip address 192.168.1.2 30
[P-Pos1/0/0] undo shutdown
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] ip address 192.168.2.1 30
[P-Pos2/0/0] undo shutdown
[P-Pos2/0/0] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.3
[P-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.3
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.9 32
[PE2-LoopBack1] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] ip address 192.168.2.2 30
[PE2-Pos1/0/0] undo shutdown
[PE2-Pos1/0/0] quit
[PE21] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.3
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
After this step, PE1 and PE2 learn the route to the loopback interface of the peer through the
OSPF protocol. PE1 and PE2 can ping through each other.
Step 2 Enable the basic MPLS capabilities and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 2/0/0
[PE1-Pos2/0/0] mpls
[PE1-Pos2/0/0] mpls ldp
[PE1-Pos2/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] mpls
[P-Pos1/0/0] mpls ldp
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] mpls
[P-Pos2/0/0] mpls ldp
[P-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] mpls
[PE2-Pos1/0/0] mpls ldp
[PE2-Pos1/0/0] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration, the sessions between PE1 and PE2 are set up. Running the display mpls
ldp session command, you can view that the Status field is "Operational".
[PE1] display mpls ldp session
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
Step 5 Create VSIs and specify LDP as the signaling protocol on VSIs.
# Configure PE1.
[PE1] vsi ldp1 static
[PE1-vsi-ldp1] pwsignal ldp
[PE1-vsi-ldp1-ldq] vsi-id 1
[PE1-vsi-ldp1-ldq] peer 3.3.3.9
[PE1-vsi-ldp1-ldq] quit
[PE1-vsi-ldp1] quit
# Configure PE2.
[PE2] vsi ldp1 static
[PE2-vsi-ldp1] pwsignal ldp
[PE2-vsi-ldp1-ldq] vsi-id 1
[PE2-vsi-ldp1-ldq] peer 1.1.1.9
[PE2-vsi-ldp1-ldq] quit
[PE2-vsi-ldp1] quit
# Configure PE1.
[PE1] vlan 10
[PE1-vlan10] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] portswitch
# Configure PE2.
[PE2] vlan 10
[PE2-vlan10] quit
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] undo shutdown
[PE2-GigabitEthernet2/0/0] portswitch
[PE2-GigabitEthernet2/0/0] port default vlan 10
[PE2-GigabitEthernet2/0/0] quit
[PE2] interface vlanif 10
[PE2-Vlanif10] l2 binding vsi ldp1
[PE2-Vlanif10] quit
After the preceding configuration, run the display vsi name ldp1 verbose command on PE1.
you can find that PWs to PE2 and PE3 are set up on the VSI named ldp1. The VSI status is Up.
VSI ID : 1
*Peer Router ID : 3.3.3.9
VC Label : 1026
Peer Type : dynamic
Session : up
Tunnel ID : 0x1000005
Broadcast Tunnel ID : 0x1000005
CKey : 2
NKey : 1
StpEnable : 0
PwIndex : 0
**PW Information:
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1]vlan 10
[CE1-vlan10] quit
[CE1]interface gigabitethernet 1/0/1
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet1/0/1] quit
[CE1]interface gigabitethernet 1/0/2
[CE1-GigabitEthernet1/0/2] undo shutdown
[CE1-GigabitEthernet1/0/2] portswitch
[CE1-GigabitEthernet1/0/2] port trunk allow-pass vlan 10
[CE1-GigabitEthernet1/0/2] quit
# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2]vlan 10
[CE2-vlan10] quit
[CE2]interface gigabitethernet 1/0/1
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] portswitch
[CE2-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[CE2-GigabitEthernet1/0/1] quit
[CE2]interface gigabitethernet 1/0/2
[CE2-GigabitEthernet1/0/2] undo shutdown
[CE2-GigabitEthernet1/0/2] portswitch
[CE2-GigabitEthernet1/0/2] port trunk allow-pass vlan 10
[CE2-GigabitEthernet1/0/2] quit
-------------------------------------------------------------------------------
Total matching items on slot 0 displayed = 1
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
vlan batch 10
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 3.3.3.9
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
undo remote-ip pwe3
#
interface Vlanif10
l2 binding vsi ldp1
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port default vlan 10
#
interface Pos2/0/0
link-protocol ppp
ip address 192.168.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 192.168.1.0 0.0.0.3
#
mac-address static 0011-2233-4455 GigabitEthernet1/0/1 Vlanif10 vsi ldp1
#
return
l Configuration file of P
#
sysname P
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Pos1/0/0
link-protocol ppp
Networking Requirements
NOTE
The ATM interface cannot be configured on the X1 and X2 models of the NE80E/40E.
NOTE
MAC address entries based on the VE interface can be configured only on the ATM interfaces of the ATM
flexible plug-in card.
As shown in Figure 1-5, the hosts in two Ethernet networks are connected to the Digital
Subscriber Line Access Multiplexer (DSLAM) through Router ADSL and access the ATM
network through Router C.
Workstation A accesses Router C in ATM 1483B mode. On Router C, configure the MAC
address entry of workstation A to be the static MAC address entry. In this manner, the MAC
address entry of workstation A cannot be aged.
Figure 1-5 Networking diagram of configuring the MAC address table based on the VLAN and
Layer 2 VE interface
workstation A
MAC:00e0-3344-5566
ADSL router A
workstation B Ethernet
DSLAM
server
router C
workstation C To ADSL router A:0/60
Ethernet
ADSL router B
server
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Create VE 1/0/0 and switch it to a Layer 2 interface.
<HUAWEI> system-view
[HUAWEI] sysname Router C
[Router C] interface virtual-ethernet 1/0/0
[Router C-Virtual-Ethernet1/0/0] undo shutdown
[Router C-Virtual-Ethernet1/0/0] portswitch
[Router C-Virtual-Ethernet1/0/0] quit
Step 3 Create a PVC and associate the VPI/VCI of 0/60 in the ATM network with VE 1/0/0.
[Router C] interface atm 1/0/0
[Router C-Atm1/0/0] undo shutdown
[Router C-Atm1/0/0] pvc to_adsl_a 0/60
[Router C-atm-pvc-Atm1/0/0-0/60-to_adsl_a] map bridge virtual-ethernet 1/0/0
[Router C-atm-pvc-Atm1/0/0-0/60-to_adsl_a] quit
[Router C-Atm1/0/0] quit
----End
Configuration Files
#
sysname Router C
#
vlan batch 100
#
interface Atm1/0/0
undo shutdown
pvc to_adsl_a 0/60
map bridge Virtual-Ethernet1/0/0
#
interface Virtual-Ethernet1/0/0
undo shutdown
portswitch
port default vlan 100
#
Networking Requirements
For an existing user, MAC address is 0011-2233-4455, VSI name is vsi2 and the port is GE
1/0/0.
Set this entry as static to prevent it from aging and set the aging time of other dynamic entries
as 500 seconds.
Configuration Roadmap
The configuration roadmap is as follows:
1. Create a VSI, and then configure port to join the VSI.
2. Configure the static address entry.
3. Configure the aging time.
Data Preparation
To complete the configuration, you need the following data:
l MAC address: 0011-2233-4455
l VSI name and the interface
l Aging time
Procedure
Step 1 Create vsi2 and configure interface GE 1/0/0 to join the vsi.
Step 2 Configure static MAC address entries.
[HUAWEI] mac-address static 0011-2233-4455 gigabitethernet 1/0/0 vsi2
----End
Configuration Files
#
sysname HUAWEI
#
mac-address aging-time 500
#
mac-address static 0011-2233-4455 GigabitEthernet1/0/0 vsi 2
#
return
Being flexible, simple, and easy to implement, the Ethernet becomes the most important LAN
networking technology.
2.1.1 Introduction
There are two types of Ethernet interfaces, namely, Fast Ethernet (FE) interfaces and Gigabit
Ethernet (GE) interfaces. Ethernet interfaces support both the half duplex mode and the full
duplex mode and can work in auto-negotiation mode.
The Ethernet is one of the most important types of Local Area Network (LAN).
The Ethernet is flexible, simple, and easy to be deployed. Therefore, it is the most important
LAN networking technology.
The interface board of the NE80E/40E supports the Ethernet interfaces such as the 10M/100M/
1000M auto-sense Ethernet electrical interface, 100M Ethernet optical interface, GE optical
interface, GE/FE optical/electrical interface, 10GE optical interface (LAN), and 10GE optical
interface (WAN).
MPU/SRU supports the 10M/100M/1000M auto-sense Ethernet electrical interface.
l Traditional Ethernet interface: It complies with 10Base-T specifications, and can work at
the speed of 10 Mbit/s.
l Fast Ethernet (FE) interface: It complies with 100Base-TX specifications and is compatible
with 10Base-T specifications.
l Gigabit Ethernet (GE) interface: It complies with 1000Base-TX specifications, and is
compatible with 10Base-T and 100Base-TX specifications.
The GE/FE optical/electrical interface has the following functions:
l Provides the functions of a GE optical interface by the GE optical module plugged into the
interface.
l Provides the functions of an FE optical interface by the FE optical module plugged into the
interface.
l Provides the functions of a 10M/100M/1000M auto-sensing electrical interface by the
electrical module plugged into the interface.
Ethernet electrical interfaces can work in either the full-duplex mode or the half-duplex mode.
They support auto-negotiation. In the auto-negotiation mode, they negotiate with other network
devices for the most suitable working mode and speed. This simplifies system configuration and
management.
NOTE
This chapter explains the configuration of the FE and GE interfaces. The configuration of traditional
Ethernet interface is simple and similar to that of the fast Ethernet interface.
Ethernet Sub-interface
You can create the sub-interface on an Ethernet main interface. LAN interfaces that can be
configured with sub-interfaces include the following types:
l Ethernet interfaces
l GE interfaces
l Eth-Trunk interfaces
The NE80E/40E supports the configuration of sub-interfaces on both the Layer 3 Ethernet
interface and the Layer 2 Ethernet interface. After Ethernet sub-interfaces are encapsulated with
802.1Q and associated with the VLAN, the VLAN can communicate with devices out of the
VLAN through Ethernet sub-interface. An Ethernet sub-interface can associate with one VLAN.
The Ethernet sub-interface is also applied to dot1q termination and QinQ termination mode. For
details about the principle, see the chapter QinQ Configuration.
Besides the preceding applications, the Layer 2 Ethernet sub-interface can transmit the Layer 2
and Layer 3 services simultaneously on one physical link. As shown in Figure 2-1, the Universal
Media Gateway (UMG) is dual-homed to two PEs. PE1 and PE2 run VRRP. A layer 2 link is
required between PE1 and PE2 to prevent the route change when the UMG active/standby
switchover is performed.
At the same time, the TE tunnel is required between PE1 and remote PE3. The active TE tunnel
is PE1 to P1 to PE3 and the standby TE tunnel is PE1 to PE2 to P2 to PE3. A Layer 3 link is
required between PE1 and PE2 to configure the Layer 3 service and TE tunnel.
When a single physical link exists between PE1 and PE2, The Layer 2 Ethernet sub-interface is
applicable. That is, a Layer 2 Ethernet sub-interface can be set up for the implementation of
MPLS TE functions.
Then, the Layer 2 primary interface can send VRRP packets as usual. Moreover, the route does
not change because of the active/standby switchover.
PE2 P2
el
nn
Tu up)
TE ack
(B
VRRP nnel
TE Tu
(Main) PE3
UMG8900
PE1 P1
The ports of Router A, Router B, and Router C are working on Layer 2 and enable SmartLink
Flush packets to be processed.
Figure 2-2 Schematic diagram of the Smart Link in the normal state
Backbone
network
RouterC
RouterA RouterB
Switch
Link
Data flow
As shown in Figure 2-2, the switch enables the Smart Link function with two uplinks, namely,
an active link and a standby link. The active and standby links constitute the Smart Link Group,
namely, a backup link group. Normally, the Layer 2 traffic flows to backbone network through
active link. The standby link is blocked by Switch and cannot forward the traffic.
If the active link fails, the traffic will quickly switch to the standby link, through which the traffic
flows to backbone network as shown in Figure 2-3.
Figure 2-3 Schematic diagram in which the active Smart link fails
Backbone
network
RouterC
RouterA RouterB
Switch
Link
Data flow
SmartLink flush
When the active link fails, the Switch unblocks the standby link and at the same time, sends
SmartLink Flush packets to notify other devices on the network to delete dynamic MAC and
ARP entries.
The SmartLink Flush packet contains the control VLAN ID and all IDs of the VLANs whose
packets are permitted on the Switch port that connects the active link. Through the control
VLAN, the SmartLink Flush packets are transmitted in the control VLAN only. All VLAN IDs
that are permitted passing the active link port are used to indicate the VLAN whose dynamic
MAC and ARP entries need to be deleted.
1. Compare the control VLAN ID of the port that receives the SmartLink Flush packet with
the VLAN ID contained in the SmartLink Flush packet.
l If they are the same, Router B deletes the dynamic MAC and ARP entries of the VLAN
according to VLAN data contained in the SmartLink Flush packet.
l If they are different, the packet is directly forwarded.
2. Router B broadcasts SmartLink Flush packets within the control VLAN.
After receiving SmartLink Flush packets, Router A and Router C process packets in the
same way as Router B.
By now, Router A, Router B, and Router C have deleted the dynamic MAC and ARP entries
before the active link fails. When the downstream traffic of the backbone network reaches
Router C, Router C forwards the Layer 2 traffic to Router B according to the refreshed
MAC and ARP entries.
On Smart Link networking, after the active link returns to the normal state, to keep the
stable traffic, the traffic does not switch back to the active link voluntarily.
Applicable Environment
When configuring an Ethernet interface, you must assign an IP address to it. For other
parameters, you can use default values. If you have to change them, keep them consistent with
the peer device.
When a router has the function of the Layer 2 switch and the function is in use, you need to
configure the Layer 2 parameters of the Ethernet interface.
NOTE
For the application of the Layer 2 features, refer to "VLAN Configuration" and "MSTP Configuration" in
this manual.
Pre-configuration Tasks
None
Data Preparation
To configure an Ethernet interface, you need the following data.
No. Data
1 Interface number
Context
Perform the following steps on each router:
Procedure
l Configuring the IPv4 MTU
1. Run:
system-view
The MTU is expressed in bytes. The MTU range of Ethernet interfaces depends on
devices. By default, the MTU is 1500 bytes.
NOTICE
If IPv6 is run on an Ethernet interface and the MTU set by using the mtu command
on the interface is smaller than 1280 bytes, IPv6 works abnormally on this interface.
To avoid this situation, when IPv6 is run on an Ethernet interface, set the MTU of the
interface to a value greater than or equal to 1280.
The MTU is measured in bytes. The MTU range of Ethernet interfaces depends on
physical devices.
Context
Perform the following steps on each interface of the router:
Procedure
Step 1 Run:
system-view
----End
Context
The speed of electrical interfaces needs to be set; while that of optical interface need not be set.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface { ethernet | gigabitethernet } interface-number
Step 3 Run:
speed { 10 | 100 | 1000 | auto }
NOTE
By default, GE electrical interfaces work at a rate of 1000 Mbit/s and in auto-negotiation mode. You can
manually change the rate if you can ensure that the rate of the local interface is the same as that of the
remote interface. When a GE electrical interface works at 10 Mbit/s or 100 Mbit/s or 1000 Mbit/s, the auto-
negotiation mode is deleted.
----End
Context
Perform the following steps on each router:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface { ethernet | gigabitethernet } interface-number
Step 3 Run:
port-type { copper | fiber-100 | fiber-1000 }
Once the SFP module is identified, the system can automatically set the interface type according
to the type of the SFP module. No configuration is required.
NOTE
l When an SFP module is being replaced, the configurations such as the loopback test, interface speed,
auto-negotiation mode, and duplex mode on the interface are all restored to default ones. You need to
reconfigure them on the interface.
l After the port-type command is run, the configurations such as the loopback test, interface speed, auto-
negotiation mode, and duplex mode on the interface are all restored to default ones. You need to
reconfigure them on the interface.
l The parameter copper can be configured in the port-type command only when an optical/electrical
SFP module is installed.
l fiber-100 cannot be set for interfaces on the 24-Port 1000Base-X-SFP Flexible Card E(P51-E) subcard.
----End
Context
Perform the following steps on the router:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface gigabitethernet interface-number
Step 3 Run:
shutdown
Step 4 Run:
set transfer-mode { lan | wan | otn }
The transmission mode of the 10GE LAN/WAN/OTN interface on the local end and that on the
remote end must be consistent.
The default interface transmission mode is OTN for an OTN subcard (12-port OTU2-SFP+
flexible card or 6-port OTU2-SFP+ flexible card). This command enables you to switch an OTN
subcard from the OTN mode to the LAN mode.
Step 5 Run:
undo shutdown
NOTE
Before configuring the transmission mode of an interface to WAN or LAN, you need to shut down the
interface and clear all configurations except ip address.
----End
Context
Some 10 GE LAN interfaces do not support the remote-fault interruption function. Therefore,
a mechanism is used to ensure that 10 GE LAN interfaces can rapidly detect the fault on the
remote end.
Procedure
Step 1 Run:
system-view
Step 2 Run:
slot slot-id
Step 3 Run:
interface remote-fault fastfeeling
The remote-fault fast detection function is configured on the 10 GE LAN interfaces in the
specified slot.
----End
Context
The 10GE WAN LPU shall adapt SDH/SONET during the packet processing. Therefore, the
interface need configure the flag parameters.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface gigabitethernet interface-number
Step 3 To configure the overhead bytes of the 10GE WAN interface, choose the following commands
as required:
l Run the flag j0 64byte-or-null-mode [ j0-value ] or the flag j0 { 16byte-mode | 1byte-
mode } j0-value command to configure the overhead byte j0.
l Run the flag j1 64byte-or-null-mode [ j1-value ] or the flag j1 { 16byte-mode | 1byte-
mode } j1-value command to configure the overhead byte j1.
l Run the flag c2 c2-value command to configure the overhead byte c2 of the 10GE WAN
interface.
----End
Context
Perform the following steps on the routers:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface gigabitethernet interface-number
Step 3 Run:
flow control [ receive | send ]
After flow control is enabled on an interface, the interface sends a Pause frame to notify the peer
interface to send traffic at a slower rate, if the received traffic reaches the set threshold (for
example, when the traffic rate on a GE interface exceeds 1 Gbit/s). If the peer interface also
supports flow control, it sends traffic at a slower rate after receiving the Pause frame so that the
local interface can process received frames properly.
----End
Context
Perform the following steps on the routers:
NOTICE
A router enabled with the loopback detect function periodically sends specially constructed
loopback detect packets. If a self-loop exists on an interface, the loopback detect packets will
be looped back to the router, and the router can then determine that a self-loop has occurred. A
malicious attacker can trick a loopback-detect-enabled router into believing that a self-loop has
occurred, by sending loopback detect packet headers obtained using Sniffer back to the router.
It is recommended that you disable the loopback detect function on properly operating routers.
If you need the loopback detect function to detect link connectivity during the site deployment
stage, disable this function after this stage.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface gigabitethernet interface-number
Step 3 Run:
loopback-detect enable
Step 4 Run:
loopback-detect block block-time
Set the delay time of the interface recovery after the self-loop on the interface is eliminated.
By default, the interface recovers 10 seconds after the self-loop on the interface is eliminated.
----End
Context
After a Layer 3 interface switches to the Layer 2 mode, the Layer 3 ID and functions are disabled,
and the MAC address is adopted.
Perform the following steps on each router:
Procedure
l Switching the Working Mode of a Specified Ethernet Interface
1. Run:
system-view
Context
By default, Huawei devices delete the padding fields in upstream packets. If Huawei devices
are connected to non-Huawei devices, non-Huawei devices cannot identify these packets without
the padding fields. To enable non-Huawei devices to identify these packets, configure the frame
padding fixed enable command on Huawei devices to enable the Ethernet interfaces to reserve
the padding fields in upstream packets.
Procedure
Step 1 Run:
system-view
Ethernet interfaces on the board are configured to reserve the padding fields in upstream packets.
----End
Procedure
l Run the display interface { ethernet | gigabitethernet } [ interface-number ] command
to check the status of the specified Ethernet interface.
l Run the display interface ethernet brief command to check the brief information about
the Ethernet interface.
l Run the display transfer-modecommand to check the transfer mode of a 10 GE LAN/
WAN interface.
----End
Example
Run the display interface command. You can view the MTU, IP address and mask, working
speed and mode. For example:
<HUAWEI> display interface gigabitethernet 2/0/0
GigabitEthernet2/0/0 current state : UP
Line protocol current state : UP
Description : GigabitEthernet2/0/0 Interface, Route Port
The Maximum Transmit Unit is 1500 bytes, Hold timer is 10(sec)
Internet Address is 10.1.1.1/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc01-0054
Media type: twisted-pair ,Link type: auto negotiation
Loopback:none, Maximal BW:1G, Current BW:100M, full-duplex mode,
Pause Flowcontrol:Send and Receive Enable
Statistics last cleared:never
Last 30 seconds input rate: 0 bits/sec, 0 packets/sec
Last 30 seconds output rate: 0 bits/sec, 0 packets/sec
Input: 0 Bytes, 0 Packets
Output: 0 Bytes, 0 Packets
Input:
Unicast: 0, Multicast: 0
Broadcast: 0, JumboOctets: 0
CRC: 0, Symbol: 0
Overrun: 0 , InRangeLength: 0
LongPacket: 0 , Jabber: 0, Alignment: 0
Fragment: 0, Undersized Frame: 0
RxPause: 0
Output:
Unicast: 0, Multicast: 0
Broadcast: 0, JumboOctets: 0
Lost: 0, Overflow: 0, Underrun: 0
TxPause: 0
Input bandwidth utilization : 0.01%
Output bandwidth utilization : 0.01%
Running the display interface ethernet brief command, you can view the brief information
about the Ethernet interface. The information includes the physical status, auto-negotiation
mode, full-duplex mode, interface rate, and the average bandwidth utility in the recent period in
the receiving direction and sending direction.
<HUAWEI> display interface ethernet brief
*down: administratively down
^down: standby
(l): loopback
(b): BFD down
InUti/OutUti: input utility/output utility
Interface Physical Auto-Neg Duplex Bandwidth InUti OutUti
Trunk
GigabitEthernet0/0/0 up enable half 100M 0% 0%
--
GigabitEthernet2/0/0 up disable full 1000M 0.01% 0.01%
--
GigabitEthernet2/0/1 up disable full 1000M 0% 0%
--
GigabitEthernet2/0/2 down disable full 1000M 0% 0%
--
GigabitEthernet3/0/0 down enable full 1000M 0% 0%
--
GigabitEthernet3/0/1 down enable full 100M 0% 0%
--
GigabitEthernet3/0/1.1 down enable full 100M 0% 0%
--
GigabitEthernet3/0/2 up enable full 1000M 0.01% 0.01%
--
GigabitEthernet3/0/3 down enable full 1000M 0% 0%
--
Applicable Environment
Ethernet interfaces on main control boards are used to connect to the network management
system (NMS).
NOTICE
A management network interface is also an Ethernet interface. The management network
interfaces on main control boards mainly support the Simple Network Management Protocol
(SNMP) and remote login functions, including Telnet, Secure Shell Telnet (STelnet), File
Transfer Protocol (FTP), and Secure File Transfer Protocol (SFTP). Configuring other functions
are not recommended, because it may affect traffic forwarding and device performance.
The management network interface on a slave main control board is set to Down. To ensure high
network reliability, the management network interfaces on both the master and slave main
control boards are connected to the network. If a master/slave main control board switchover is
performed, the slave main control board takes over services and the management network
interface on it goes Up. Therefore, the device can still communicate with the network.
Data Preparation
To configure an Ethernet interface, you need the following data.
No. Data
Context
For detailed information about IP address configuration, refer to the HUAWEI NetEngine80E/
40E Router Configuration Guide - IP Services.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface gigabitethernet interface-number
Step 3 Run:
ip address { mask |mask-length } [ sub ]
Note that the parameter sub is used to configure the second or more IP addresses for the interface.
----End
Context
Perform the following steps on the routers:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface gigabitethernet interface-number
Step 3 Run
duplex { auto | half | full }
The Ethernet electrical interface can work in both full-duplex and half-duplex mode.
NOTE
l When connected to a Hub, Ethernet electrical interfaces of the router must work in half-duplex mode.
l When connected to a LAN Switch, Ethernet electrical interfaces of the routers can work in either full-
duplex mode or half-duplex mode only if consistent with the configuration on the peer device.
l The operating mode of the Ethernet interface on the local end and that on the remote end must be
consistent.
By default, the auto mode, which is the best half-duplex mode of system auto-negotiation, is
adopted.
----End
Context
Perform the following steps on the routers:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface gigabitethernet interface-number
Step 3 Run:
speed { auto | 10 | 100 | 1000 }
The NE80E/40E Ethernet electrical interface supports three kinds of operating speed: 10Mbit/
s, 100Mbit/s, and 1000Mbit/s.
By default, the auto mode, which is the best half-duplex mode of system auto-negotiation, is
adopted.
You can specify the operating speed of an interface manually. Do keep the rate the same as that
of the peer device.
----End
Context
Perform the following steps on the routers:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface gigabitethernet interface-number
Step 3 Run:
promode { on | off }
----End
Applicable Environment
The Ethernet interfaces provided by the NE80E/40E can work in the following two modes:
routed mode (Layer 3 mode) and switched mode (Layer 2 mode).
l Routed mode: can be configured with the Layer 3 attributes and switched to the Layer 2
mode by commands.
By default, the Ethernet interface is in the Layer 3 mode.
l Switched mode: can be configured with the Layer 2 attributes and switched to the Layer 3
mode by commands.
When the router is used as a Layer 2 switch, Layer 2 parameters are required on Ethernet
interface.
Pre-configured Tasks
None
Data Preparation
To configure the Ethernet interface, you need the following data.
No. Data
Context
The Ethernet interface supports four types of links: Access, dot1q-tunnel, Trunk and Hybrid.
l Access: In this mode, the interface belongs to only one VLAN and is generally used to
connect PCs.
l Hybrid: In this mode, the interface can belong to multiple VLANs to receive and send
packets of these VLANs. It is used to connect switches or PCs.
l Trunk: In this mode, the interface can belong to multiple VLANs to receive and send packets
of these VLANs. It is used to connect switches.
l dot1q-tunnel: In this mode, the interface is enabled Q-in-Q function.
The difference between the Hybrid interface and the trunk interface lies that, the Hybrid interface
allows transmitting untagged or tagged packets of VLANs whereas the trunk interface allows
that of the tagged VLAN only.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface { ethernet | gigabitethernet } interface-number
Step 3 Run:
portswitch
Step 4 Run:
port link-type { access | hybrid | trunk | dot1q-tunnel }
----End
Applicable Environment
Some Layer 2 devices on network support the Smart Link function. By default, Huawei data
communication devices do not process the SmartLink Flush packets sent by these devices.
To ensure the Smart Link function to be enabled on these Layer 2 devices, Huawei data
communication devices are required processing SmartLink Flush packets when working with
non-Huawei switches supporting the Smart Link function on a network.
Pre-configuration Tasks
Before configuring equipment to process SmartLink Flush packets, complete the following
tasks:
l Ensure that the physical interfaces on network devices are correctly connected and in the
state of Up.
l Enable the port that can process SmartLink Flush packets to allow the packet that carries
the control VLAN tag passing.
Data Preparation
Before configuring equipment to process SmartLink Flush packets, you need the following data.
No. Data
2 Control VLAN ID
Context
Perform the following steps on routers that are deployed together with the switch enabled with
the Smart Link function.
Procedure
Step 1 Run:
system-view
----End
Applicable Environment
If a large number of alarms are generated on a link, the system is busy dealing with various
alarms. The system performance is therefore degraded. In this manner, you can set the threshold
that triggers the alarm for interfaces. When the number of errors exceeds the set threshold, an
alarm is generated. You can then take measures for troubleshooting to ensure the normal
transmission of services.
Pre-configuration Tasks
Before configuring the interface description, complete the following task:
l Power on the router and ensuring that the self-test is successful.
l The Ethernet interface can work normally.
Data Preparation
To configure the alarm function for ethernet interfaces, you need the following data.
No. Data
2 Thresholds for alarms of the expiration of the input-rate, and expiration of the
output-rate
Context
If a device is attacked or the network traffic on a device has exceeded the amount that the device
can process, the bandwidth usage of interfaces on the device may become extremely high. If
high bandwidth usage lasts for a long time, device performance and service forwarding are
affected. After you configure the alarm function of bandwidth usage on an Ethernet interface
and the bandwidth usage exceeds a specified threshold, an alarm is generated to inform
administrators for device maintenance.
Perform the following steps on the interface connected to the transmission device:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
l To set the alarm threshold for the bandwidth utilization of the incoming traffic, run:
trap-threshold input-rate bandwidth-in-use [ resume-rate resume-rate-value ]
l To set the alarm threshold for the bandwidth utilization of the outgoing traffic, run:
trap-threshold output-rate bandwidth-in-use [ resume-rate resume-rate-value ]
NOTE
The alarm function can be configured on 10GE LAN/WAN interfaces and GE interfaces.
----End
Context
After you configure the alarm function of CRC error packets on an Ethernet interface and the
number of CRC error packets the interface received exceeds a specified threshold, an alarm is
generated to inform administrators for device maintenance.
Perform the following steps on the interface connected to the transmission device:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
quit
Step 4 Run:
snmp-agent trap enable port crc-error-rising
----End
Context
After you configure the alarm function of SDH error packets on an Ethernet interface and the
number of SDH error packets the interface received exceeds a specified threshold, an alarm is
generated to inform administrators for device maintenance.
Perform the following steps on the interface connected to the transmission device:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
NOTE
Step 3 Run:
quit
Step 4 Run:
snmp-agent trap enable port sdh-error-rising
----End
Context
After you configure the alarm function of error packets on an Ethernet interface and the number
of error packets the interface received exceeds a specified threshold, an alarm is generated to
inform administrators for device maintenance.
Perform the following steps on the interface connected to the transmission device:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
NOTE
Step 3 Run:
quit
----End
Context
If a user configures the loopback function on an interface to test whether the interface or link
works properly, but does not delete the function after the test, the interface will work improperly.
To solve the problem, you can configure the loopback alarm function on the interface. When
the loopback alarm function is configured on the interface and a loop occurs, the system generates
and sends an alarm to the NMS when a loop occurs. When the loopback alarm function is deleted,
the system generates a related alarm to the NMS. Based on the loopback alarm function, users
can monitor whether a loop occurs.
Procedure
Step 1 Run:
system-view
The system is enabled to generate and send an alarm to the NMS when a loop occurs on an
interface.
----End
Context
If a LocalFault or a RemoteFault occurs on an interface, the system generates an alarm. If the
device administrator wants to monitor the alarms in real time, enable the system to generate an
alarm and report the alarm to the NMS when a LocalFault or a RemoteFault occurs on an
interface.
Procedure
Step 1 Run:
system-view
Step 2 Run:
snmp-agent trap enable feature-name port [ trap-name { hwlocalfaultalarm |
hwlocalfaultalarmresume | hwremotefaultalarm | hwremotefaultalarmresume } ]
The system is enabled to generate an alarm and report the alarm to the NMS when a LocalFault
or a RemoteFault occurs on an interface.
----End
Context
In most cases, if a polarity error occurs on an electrical interface, service traffic is interrupted.
To prompt users with polarity errors, configure the system to generate an alarm and report the
alarm to the NMS.
Procedure
Step 1 Run:
system-view
Step 2 Run:
snmp-agent trap enable feature-name port [ trap-name { hwcopperpolarityerror |
hwcopperpolarityerrorresume } ]
The system is configured to generate an alarm and report the alarm to the NMS when a polarity
error occur on an electrical interface.
----End
Prerequisites
Run the following commands to check the previous configuration.
Procedure
Step 1 Run the display current-configuration [ interface-type interface-number ] command to check
the alarm messages on the interface.
----End
Example
# Display the alarm function on GE 1/0/0.
<HUAWEI>display current-configuration interface GigabitEthernet1/0/0
#
interface GigabitEthernet1/0/0
trap-threshold input-rate 80
trap-threshold output-rate 80
Context
The loop of Ethernet interfaces is generally used to test the interfaces. Run the following
command in the Ethernet interface view.
Procedure
Step 1 Run the loopback { local | remote } command in Ethernet interface view or GE interface view
to enable the loop on interfaces.
----End
NOTE
This document takes interface numbers and link types of the NE40E-X8 as an example. In working
situations, the actual interface numbers and link types may be different from those used in this document.
Networking Requirements
As shown in Figure 2-4, Ethernet interfaces of RouterA, RouterB, and RouterC are connected
to the IP network 10.1.1.0/24.
GE1/0/0 GE1/0/0
10.1.1.1/24 10.1.1.2/24
GE1/0/0
10.1.1.3/24
RouterC
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To configure an Ethernet interface, you need the following data:
l Interface number
l IP address of the interface
Procedure
Step 1 Configure RouterA.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] undo shutdown
[RouterA-GigabitEthernet1/0/0] description RouterA
[RouterA-GigabitEthernet1/0/0] ip address 10.1.1.1 255.255.255.0
[RouterA-GigabitEthernet1/0/0] quit
----End
Configuration Files
l Configuration file of RouterA
#
sysname RouterA
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.1.1 255.255.255.0
description RouterA
#
return
sysname RouterB
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.1.2 255.255.255.0
description RouterB
#
return
Context
For details, refer to 4.12.2 Example for Configuring Inter-VLAN Communication by Using
Sub-interfaces in the 4 VLAN Configuration.
Networking Requirements
As shown in Figure 2-5, RouterA, RouterB, and RouterC are Huawei devices and the Switch
supports the Smart Link function. The Smart Link is enabled on the Switch. Two uplinks
constitute a Smart Link Group, namely, a backup link group.
RouterA is the active link for the Switch and RouterB is the standby link. At last, the data reach
the backbone network through RouterC.
It requires the interfaces on RouterA, RouterB, and RouterC to enable processing SmartLink
Flush packet. This can help the Switch to realize the switchover between active and standby
links.
Figure 2-5 Networking diagram of configuring equipment to process Smart Link packets
Backbone
network
RouterC
GE1/0/0 GE2/0/0
GE2/0/0 GE2/0/0
RouterA RouterB
GE1/0/0 GE1/0/0
VLAN 10 VLAN 10
smart-link
Switch
Link
Configuration Roadmap
The configuration roadmap is as follows:
1. Change the interface on the router to Layer 2 mode and configure the port to allow packets
from VLAN 10 to pass.
2. Enable a Layer 2 port to recognize the SmartLink Flush packet.
Data Preparation
To complete the configuration, you need the following data:
l Control VLAN ID
l Number of the interface on the router
Procedure
Step 1 Configure the interface on a router
# Switch the interfaces GE 1/0/0 and GE 2/0/0 on RouterA to Layer 2 mode and configure them
as VLAN trunk ports that allow all VLAN frames to pass.
[RouterA] interface gigabitethernet 1/0/0
# Switch GE 1/0/0 and GE 2/0/0 on RouterB to Layer 2 mode and configure them as VLAN
trunk ports that allow all VLAN frames to pass.
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] undo shutdown
[RouterB-GigabitEthernet1/0/0] portswitch
[RouterB-GigabitEthernet1/0/0] port link-type trunk
[RouterB-GigabitEthernet1/0/0] port trunk allow-pass vlan all
[RouterB-GigabitEthernet1/0/0] quit
[RouterB] interface gigabitethernet 2/0/0
[RouterB-GigabitEthernet2/0/0] undo shutdown
[RouterB-GigabitEthernet2/0/0] portswitch
[RouterB-GigabitEthernet2/0/0] port link-type trunk
[RouterB-GigabitEthernet2/0/0] port trunk allow-pass vlan all
[RouterB-GigabitEthernet2/0/0] quit
# Switch GE 1/0/0 and GE 2/0/0 on RouterC to Layer 2 mode and configure them as VLAN
trunk ports that allow all VLAN frames to pass.
[RouterC] interface gigabitethernet 1/0/0
[RouterC-GigabitEthernet1/0/0] undo shutdown
[RouterC-GigabitEthernet1/0/0] portswitch
[RouterC-GigabitEthernet1/0/0] port link-type trunk
[RouterC-GigabitEthernet1/0/0] port trunk allow-pass vlan all
[RouterC-GigabitEthernet1/0/0] quit
[RouterC] interface gigabitethernet 2/0/0
[RouterC-GigabitEthernet2/0/0] undo shutdown
[RouterC-GigabitEthernet2/0/0] portswitch
[RouterC-GigabitEthernet2/0/0] port link-type trunk
[RouterC-GigabitEthernet2/0/0] port trunk allow-pass vlan all
[RouterC-GigabitEthernet2/0/0] quit
----End
Configuration Files
l Configuration file of RouterA
#
sysname RouterA
#
vlan batch 1 to 4094
#
interface GigabitEthernet1/0/0
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 1 to 4094
smart-link flush enable control-vlan 10
#
interface GigabitEthernet2/0/0
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 1 to 4094
smart-link flush enable control-vlan 10
#
return
Eth-Trunk interfaces have all functions of Ethernet interfaces and are more reliable due to the
use of the link aggregation technique.
configure an Eth-Trunk interface on the device to work in inter-board interface standby mode
and add the interfaces on the two boards to the Eth-Trunk interface.
3.7 Associating an Eth-Trunk Interface in Static LACP Mode with an mVRRP Backup Group
This section describes how to associate an Eth-Trunk interface in static LACP mode with an
manage Virtual Router Redundancy Protocol (mVRRP) backup group. This configuration
allows the Eth-Trunk interface to rapidly detect the status change of the mVRRP backup group.
After detecting the status change of the mVRRP backup group, the Eth-Trunk interface can
rapidly switch traffic to an available link. This ensures reliable service transmission.
3.8 Associating an Eth-Trunk Interface in Static LACP Mode with a Unicast VRRP Backup
Group
When non-Huawei devices are connected to Huawei devices through Eth-Trunk interfaces,
configure a unicast VRRP backup group on the Huawei devices to implement redundancy. To
ensure reliable service transmission, associate the Eth-Trunk interfaces in static LACP mode
with the unicast VRRP backup group. If the unicast VRRP backup group status changes, the
associated Eth-Trunk interfaces can quickly detect the status change and immediately perform
traffic switching.
3.1.1 Introduction
Multiple physical interfaces can be bundled into an Eth-Trunk using the link aggregation
technique. The Eth-Trunk interface is a logical interface, having all functions of an Ethernet
interface and is more reliable.
Brief Introduction
As the volume of services deployed on networks increases, the bandwidth provided by a single
P2P physical link working in full-duplex mode cannot meet the requirements of service traffic.
To increase bandwidth, the existing interface boards can be replaced with interface boards of
higher bandwidth capacity. However, this would waste existing device resources and increase
upgrade expenditure. If more links are used to interconnect devices, each Layer 3 interface must
be configured with an IP address, wasting IP addresses.
To increase bandwidth without replacing the existing interface boards or wasting IP address
resources, bundle physical interfaces into a logical interface using the link aggregation technique
to provide higher bandwidth.
Trunk is a bundling technique. Trunk can be used to bundle physical interfaces into a logical
interface, which is called a trunk interface. An Eth-Trunk interface is formed by bundling
Ethernet interfaces.
Concepts
This part describes the link aggregation mode, load balancing mode, member interface
backup, and maximum/minimum number of Up member links for Eth-Trunk interfaces.
Manual In manual load balancing mode, you can If either of the directly-
load manually add interfaces to an Eth-Trunk connected two ends does
balancin interface. All the member interfaces are in the not support LACP,
g mode forwarding state and carry out load balancing. configure the manual load
balancing mode.
Manual An Eth-Trunk interface working in manual 1:1 If the two ends of an Eth-
1:1 active/standby mode contains only two Trunk are connected over
active/ member interfaces. Of the two member intermediate devices,
standby interfaces, one is active and the other standby. configure the manual 1:1
mode The active member interface forwards traffic active/standby mode.
when it functions properly. If the active NOTE
member interface fails, the standby member The manual 1:1 active/
interface takes over the traffic. standby mode is applicable
only to Layer 2 Eth-Trunk
interfaces.
l Load balancing
There are two load balancing modes: per-destination and per-packet. Eth-Trunk member
links can be configured with different weights to carry out load balancing.
– Per-destination load balancing: Packets with the same source and destination IP
addresses or with the same source and destination MAC addresses are transmitted over
the same member link.
Layer 2 Eth-Trunk interfaces support per-destination load balancing based on the MAC
addresses or the IP addresses of packets.
Layer 3 Eth-Trunk interfaces only support per-destination load balancing based on the
IP addresses of packets.
– Per-destination load balancing: Packets with the same source and destination IP
addresses or with the same source and destination MAC addresses are transmitted over
the same member link.
Layer 2 Eth-Trunk interfaces support per-destination load balancing based on the MAC
addresses or the IP addresses of packets.
Layer 3 Eth-Trunk interfaces only support per-destination load balancing based on the
IP addresses of packets.
– Per-packet load balancing: Packets are transmitted over different member links.
Both Layer 2 and Layer 3 Eth-Trunk interfaces support per-packet load balancing.
l Maximum/Minimum number of Up member links
The number of Up member links determines the status and bandwidth of an Eth-Trunk
interface. To keep stability, set the maximum and minimum numbers of Up member links
to reduce the impact of Eth-Trunk member link status changes.
– Minimum number of Up member links: After the number of Up member links falls
below the set value, the Eth-Trunk interface goes Down.
– Maximum number of Up member links: After the number of Up member links reaches
the set value, the bandwidth of the Eth-Trunk interface does not increase regardless of
whether more member links go Up.
l Member Interface Backup
To improve the reliability of an Eth-Trunk interface, you can configure member interface
backup.
If a member interface goes Down, traffic rapidly switches to another member interface.
The backup interface is an Up member interface of the same Eth-Trunk interface.
NOTE
If member interfaces of a trunk interface reside on different LPUs, a BFD session needs to be
configured to detect the member link status, with the process-pst command being used to associate
the BFD session with member interfaces. Otherwise, traffic will be lost in certain situations (for
example, when the LPU where a member interface resides is restarted).
For the configuration of a BFD session, refer to the HUAWEI NetEngine80E/40E Router
Configuration Guide - Reliability.
Eth-Trunk is a bundling technique. You can use Eth-Trunk to bundle Ethernet interfaces into a
logical interface to increase bandwidth.
An Eth-Trunk interface can be configured with a proper link aggregation mode to increase
bandwidth, implement load balancing, and improve network reliability. Table 3-2 shows the
usage of link aggregation modes.
Static Link If the directly-connected two ends support LACP, as shown in Figure
Aggregation 3-1, configuring the static LACP mode is recommended.
Control Protocol On the network shown in Figure 3-1, PE1 and PE2 are directly connected.
(LACP) mode Both PEs support LACP. Eth-Trunk interfaces working in static LACP
mode can be configured on the two PEs to implement load balancing and
link backup.
CE1 CE2
user user
network 1 network 2
Active links
Backup links
Manual load If either of the directly-connected two ends does not support LACP, as
balancing mode shown in Figure 3-2, configure the manual load balancing mode.
On the network shown in Figure 3-2, PE1 and PE2 are directly connected.
PE1 or PE2 does not support LACP (or neither PE1 nor PE2 supports
LACP). Eth-Trunk interfaces working in manual load balancing mode can
be configured on the two PEs to implement load balancing.
CE1 CE2
user user
network 1 network 2
Manual 1:1 If the two ends of an Eth-Trunk are connected over intermediate devices,
active/standby as shown in Figure 3-3, configure the manual 1:1 active/standby mode.
mode On the network shown in Figure 3-3, PE1 and PE2 are connected over
PE3 and PE4. Eth-Trunk interfaces working in manual 1:1 active/standby
mode can be configured on PE1 and PE2. After the configuration is
complete, data is transmitted over the active link when the link functions
properly. If the active link fails, the standby link takes over the traffic.
PE3
GE2/0/1 GE2/0/2
Act
ink iv
c ti ve l GE2/0/3 e li
nk
A
GE1/0/1 GE1/0/1
GE1/0/2 GE1/0/2
Bac GE2/0/3 nk
kup ku p li
link Bac
GE2/0/1 GE2/0/2
PE4
Inter-Board On a live network, many users lease only one link to carry their services,
interface posing a risk of service interruption. To improve service transmission
standby mode reliability, a device must support board redundancy.
On the network shown in Figure 3-4, a downstream CE is connected to a
passive optical splitter (POS). The POS splits one optical fiber into two
optical fibers, which then connect to two different boards on an upstream
PE. To implement board redundancy for the upstream PE, you can
configure an Eth-Trunk interface on the PE to work in inter-board interface
standby mode and add the interfaces on the two boards to the Eth-Trunk
interface.
Eth-Trunk
port1
Master link
interface, and their forwarding entries remain in the Eth-Trunk interface forwarding
table.
– Eth-Trunk interface working in static LACP mode
A lower threshold of the minimum number of active member interfaces is set on the
Eth-Trunk interface. This Eth-Trunk interface has the minimum number of member
links with proper performance less than the lower threshold. In this situation, forwarding
entries for these member interfaces remain in the Eth-Trunk forwarding table.
On an Eth-Trunk interface, a lower threshold of the minimum number of member links
in the Up state is set. Before the Eth-Trunk working mode is changed to static LACP,
the two ends of the Eth-Trunk interface must have the same lower threshold. A lower
threshold inconsistency causes link flapping after the Eth-Trunk interface is switched
to the static LACP mode.
– Eth-Trunk interface working in static LACP mode
A lower threshold, not upper threshold, for active member interfaces is set on the Eth-
Trunk interface. This Eth-Trunk interface has the minimum number of active member
interfaces with proper performance less than the lower threshold. In this situation,
forwarding entries for these member interfaces remain in the Eth-Trunk forwarding
table.
If the upper and lower thresholds of the minimum number of active member interfaces
are the same, and the active member interface performance deteriorates, forwarding
entries for these member interfaces remain in the Eth-Trunk forwading table, and non-
active member interfaces do not switch to active member interfaces.
– Eth-Trunk interfaces working in manual 1:1 active/standby mode
An Eth-Trunk interface working in manual 1:1 active/standby mode selects an interface
with better link quality as the active link. If both Eth-Trunk member interfaces have the
same link quality, the existing active link remains.
NOTE
Error code detection is not supported when E-Trunk interfaces are used or when VRRP is associated
with Eth-Trunk interfaces working in static LACP.
Applicable Environment
As network services expand, the bandwidth provided by a single P2P physical link working in
full-duplex mode cannot meet the requirement.
As shown in Figure 3-5, the Eth-Trunk interfaces on the two directly-connected devices can be
configured to work in static LACP mode to implement load balancing. The static LACP mode
is also called the M:N mode. M links function as active links and N links function as standby
links to implement link backup.
Figure 3-5 Schematic diagram for Eth-Trunk interfaces in static LACP mode
Eth-Trunk1 Eth-Trunk1
PE1 GE 1/0/1 GE 1/0/1 PE2
GE 1/0/2 Eth-Trunk GE 1/0/2
GE 1/0/3 GE 1/0/3
CE1 CE2
user user
network 1 network 2
Active links
Backup links
NOTE
Interfaces operating at different rates, in different duplex modes, and on different boards can be added to
the same Eth-Trunk interface working in static LACP mode. Member interfaces working at different rate,
however, cannot be in the forwarding state at the same time, and member interfaces working in half-duplex
mode cannot forward traffic. Confirm the boards where member interfaces reside, interface rate, and duplex
mode.
Pre-configuration Tasks
Before configuring an Eth-Trunk interfaces to work in static LACP mode, connect interfaces
and setting their physical parameters to ensure that the physical interface status is Up.
Data Preparation
To configure an Eth-Trunk interface to work in static LACP mode, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
NOTE
Physical interfaces can be added to an Eth-Trunk interface regardless of which mode the Eth-Trunk
interface works in. If the Eth-Trunk interface needs to work in Layer 3 mode, skip this step and go to the
next step.
Step 5 Run:
mode lacp-static
----End
Context
There are two methods for adding physical interfaces to an Eth-Trunk interface:
l Add physical interfaces in the view of the Eth-Trunk interface. Using this method, you can
add a single physical interface or physical interfaces in batches.
l Add a physical interface in the view of the physical interface. When adding physical
interfaces to an Eth-Trunk interface, note the following points:
– Eth-Trunk interfaces cannot be added to Eth-Trunk interfaces.
– Different Ethernet interfaces can be added to the same Eth-Trunk interface.
– Ethernet interfaces on different interface boards can be added to the same Eth-Trunk
interface.
– Eth-Trunk interfaces work in either Layer 2 or Layer 3 mode. Ethernet interfaces can
join an Eth-Trunk interface regardless of which mode the Eth-Trunk interface works
in.
NOTE
Procedure
l Add one or more physical interfaces in the Eth-Trunk interface view.
1. Run:
system-view
l Add a physical interface to an Eth-Trunk interface in the view of the physical interface.
1. Run:
system-view
NOTE
----End
Follow-up Procedure
You can configure Eth-Trunk member interfaces to send trap messages after the status of the
Eth-Trunk member interfaces changes. After receiving a trap message, check whether the device
fails or recovers.
If you need to know the status change of the member interface of a specified Eth-Trunk interface,
run the trunk-member trap in private-mib enable command to enable Eth-Trunk member
interfaces to use the proprietary MIB to send trap messages. The trap messages sent by using
the proprietary MIB carry Eth-Trunk IDs, whereas the trap messages sent by using the public
MIB do not carry Eth-Trunk IDs.
Prerequisites
An Eth-Trunk interface works in Layer 3 mode by default. Before configuring Layer 2
parameters for an Eth-Trunk interface, run the portswitch command to configure the Eth-Trunk
interface to work in Layer 2 mode.
Context
Different types of Eth-Trunk interfaces need to be configured with different parameters, shown
in Table 3-3. Configure the parameters as required.
Timeout period for If a local member interface does not receive any LACP
an Eth-Trunk packets within the configured timeout period, it goes
interface to receive Down immediately and no longer forwards data.
LACP packets
Layer 2 Maximum number This parameter directly affects effective link bandwidth
Eth- of Up member links and indirectly affects interface costs. If the cost of an Eth-
Trunk that determine the Trunk needs to be changed for other configurations, such
interface Eth-Trunk link as STP calculation, this parameter must be configured.
bandwidth NOTE
After the number of Up member links that determine the Eth-
Trunk link bandwidth reaches the upper limit, the STP calculation
is not affected even if more member links go Up.
Layer 3 IP address of the Eth- IP addresses are assigned to Layer 3 Eth-Trunk interfaces
Eth- Trunk interface for data communication between network devices.
Trunk
interface MAC address of the When a Layer 3 router is connected to a Layer 2 switch
Eth-Trunk interface through two Eth-Trunk links to transmit different services,
if both Eth-Trunk interfaces on the router use the default
system MAC address, the switch can learn the system
MAC address from either of the two Eth-Trunk interfaces.
This probably causes a loop between the two devices. To
prevent loops, change the MAC address of an Eth-Trunk
interface as required. Configuring the source and
destination MAC addresses for the two Eth-Trunk links
guarantees transmission of service data flows and
improves network reliability.
If an Eth-Trunk interface is configured with a large
number of sub-interfaces, and the MAC address of the
Eth-Trunk interface is changed, it sends a large number of
ARP updates to its peer. If the peer is configured with the
Central Processing-Committed Access Rate (CP-CAR),
increasing bandwidth for receiving ARP packets is
recommended to prevent loss of ARP updates.
MTU of the Eth- Generally, the IP layer limits the length of a packet to be
Trunk interface sent each time. Any time the IP layer receives an IP packet
to be sent, it checks to which local interface the packet
needs to be sent and obtains the MTU configured on the
interface. Then, the IP layer compares the MTU with the
packet length. If the packet length is longer than the MTU,
the IP layer disassembles the packet to fragments, each no
longer than the MTU.
If forcible unfragmentation is configured, some packets
may be discarded when being transmitted at the IP layer.
To ensure that large packets are not discarded during
transmission, configure forcible fragmentation for large
packets.
Procedure
l Configure parameters for a Layer 2 Eth-Trunk interface.
1. Run:
system-view
Mode in which active Run the lacp selected { priority | speed } command.
member interfaces By default, active member interfaces are selected based on
are selected interface priorities.
NOTE
To ensure that an Eth-Trunk works properly, you are advised to
configure the Eth-Trunk interfaces on both ends to select active
member interfaces in the same mode.
Timeout period for Run the lacp timeout { fast [ user-defined user-defined ]
an Eth-Trunk | slow } command.
interface to receive By default, the lacp timeoutslow command is used to set
LACP packets the timeout period to 90 seconds and the interval at which
the peer sends LACP packets to 30 seconds.
If the lacp timeout fast [ user-defined user-defined ]
command is used, the timeout period is 3 seconds and the
peer sends LACP packets every second.
NOTE
The two ends of an Eth-Trunk link can be configured with different
timeout periods. To facilitate maintenance, you are advised to
configure the same timeout period for both ends.
Mode in which active Run the lacp selected { priority | speed } command.
member interfaces By default, active member interfaces are selected based on
are selected interface priorities.
NOTE
To ensure that an Eth-Trunk works properly, you are advised to
configure the Eth-Trunk interfaces on both ends to select active
member interfaces in the same mode.
Timeout period for Run the lacp timeout { fast [ user-defined user-defined ]
an Eth-Trunk | slow } command.
interface to receive By default, the lacp timeoutslow command is used to set
LACP packets the timeout period to 90 seconds and the interval at which
the peer sends LACP packets to 30 seconds.
If the lacp timeout fast [ user-defined user-defined ]
command is used, the timeout period is 3 seconds and the
peer sends LACP packets every second.
NOTE
The two ends of an Eth-Trunk link can be configured with different
timeout periods. To facilitate maintenance, you are advised to
configure the same timeout period for both ends.
----End
Procedure
Step 1 Run:
system-view
The load balancing weight is configured for the Eth-Trunk member interface.
The default weight of an Eth-Trunk member interface is 1.
The total load balancing weights of all member interfaces of an Eth-Trunk interface cannot be
greater than 16.
The Eth-Trunk interface performs load balancing based on the weights of its member interfaces.
The greater the weight of an Eth-Trunk member interface, the heavier the load carried by the
member interface.
NOTE
Assume that an Eth-Trunk interface transmits multicast traffic. If the distribute-weight command is run
to change the load balancing weight of its member interface, run the shutdown command and the undo
shutdown command to restart this member interface.
Step 4 Run:
lacp priority priority
The LACP interface priority indicates the preference of the interface to become active. The smaller the
value, the higher the priority.
----End
Context
If Layer 2 switching devices belong to different VLANs, and hosts in the VLANs need to
communicate with each other, you need to create sub-interfaces on the Eth-Trunk interface
connecting a Layer 3 device to a Layer 2 switching device, bind a VLAN to each sub-interface,
configure 802.1Q encapsulation on the sub-interfaces, and assign an IP address to each sub-
interface.
After the configuration is complete, hosts in the VLANs can use these sub-interfaces to
communicate with each other. Eth-Trunk sub-interfaces can be configured to terminate dot1q
and QinQ VLAN tags.
After sub-interfaces are configured for Layer 2 Eth-Trunk interfaces, the Eth-Trunk interfaces
provide Layer 2 functions, and their sub-interfaces provide Layer 3 functions.
VPLS/MPLS/IP
PE1 PE2
Eth-Trunk
Sub-interface
Eth-Trunk
CE1 CE2
S1 S2 S3 S4
VLAN VLAN
NOTE
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface eth-trunk trunk-id.subnumber
Step 3 Run:
ip address ip-address { mask | mask-length } [ sub ]
When more than one IP address is configured for an Eth-Trunk interface, the keyword sub must
be used to indicate the second and later IP addresses.
Step 4 Run:
vlan-type dot1q vlan-id
The encapsulation type and associated VLAN ID is configured for the Eth-Trunk sub-interface.
The VLAN IDs associated with the two communicating Eth-Trunk sub-interfaces must be the
same.
The VLAN ID associated with a sub-interface of a Layer 2 Eth-Trunk interface cannot be the
VLAN ID associated with the Eth-Trunk interface.
NOTE
On the router, a sub-interface can be associated with only one VLAN ID.
For configurations of sub-interfaces for dot1q or QinQ VLAN tag termination, see QinQ
Configuration.
Step 5 Run:
mtu mtu
The MTU value of an Eth-Trunk interface ranges from 46 to 9600, in bytes. The default value
is 1500.
NOTE
The Quality of Service (QoS) queue length is limited. If the MTU is too small whereas the packet size is
large, the packet is probably divided into many fragments and discarded by the QoS queue. To avoid this
situation, lengthen the QoS queue accordingly.
Step 6 Run:
arp send-speed-limit limit
The rate at which the Eth-Trunk sub-interface sends gratuitous Address Resolution Protocol
(ARP) packets is configured.
To prevent the peer from discarding gratuitous ARP packets, configure the rate at which the Eth-
Trunk sub-interface on the local end sends gratuitous ARP packets to a proper value so that the
peer can process all the gratuitous packets from the local end.
----End
Prerequisites
An Eth-Trunk interface in static LACP mode has been configured.
Procedure
l Run the display trunkmembership eth-trunk trunk-id command to check information
about member interfaces of the Eth-Trunk interface.
l Run the display eth-trunk [ trunk-id [ interface interface-type interface-number ] ]
command to check information about the Eth-Trunk link aggregation group and active
member interfaces.
l Run the display interface eth-trunk [ trunk-id | main ] command to check the status of
the Eth-Trunk interface.
l Run the display interface brief command to check brief information about the Eth-Trunk
interface, including the physical status, link protocol status, and bandwidth usage.
l Run the display trunkfwdtbl eth-trunk trunk-id [ slot slot-id ] command to check the
forwarding table on the Eth-Trunk interface.
----End
Example
Run the display trunkmembership eth-trunk command to view the configured working mode
and LACP system priority of the Eth-Trunk interface, LACP priority of each member interface,
and active member interfaces.
<HUAWEI> display trunkmembership eth-trunk 1
Trunk ID: 1
used status: VALID
TYPE: ethernet
Working Mode : Static
Number Of Ports in Trunk = 3
Number Of UP Ports in Trunk = 2
operate status: up
Run the display eth-trunk command to view information about the Eth-Trunk link aggregation
group and active member interfaces.
<HUAWEI> display eth-trunk 1
Eth-Trunk1's state information is:
Local:
LAG ID: 1 WorkingMode: STATIC
Preempt Delay: Disabled Hash arithmetic: According to MAC
System Priority: 10 System ID: 00e0-fca8-041a
Least Active-linknumber: 1 Max active-linknumber: 2
Operate status: up Number Of Up Port In Trunk: 2
------------------------------------------------------------------------------
Partner:
------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo PortKey
PortState
GigabitEthernet1/0/1 10 00e0-fca6-7f85 32768 387 561
11111100
GigabitEthernet1/0/2 10 00e0-fca6-7f85 32768 388 561
11111100
GigabitEthernet1/0/3 10 00e0-fca6-7f85 32768 389 577
11111100
Run the display interface eth-trunk command to view the status of the Eth-Trunk interface.
For example:
<HUAWEI> display interface eth-trunk 1
Eth-Trunk1 current state : UP
Line protocol current state : UP
Last line protocol up time: 2008-04-02, 11:00:19
Description : Eth-Trunk1 Interface
Route Port,Hash arithmatic : According to flow,The Maximum Transmit Unit is 1500
Internet protocol processing : disabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc09-9722
Physical is ETH_TRUNK
Current system time: 2010-08-29 20:26:18
Statistics last cleared: 2008-03-02 15:32:27
Last 300 seconds input rate 0 bytes/sec, 0 packets/sec
Last 300 seconds output rate 0 bytes/sec, 0 packets/sec
Realtime 0 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 0 seconds output rate 0 bits/sec, 0 packets/sec
Input: 24 packets,3 bytes,
7 unicast,9 broadcast,8 multicasts
10 errors,5 drops,11 unknowprotocol
Output: 39 packets,4 bytes,
12 unicast,14 broadcast,13 multicasts
15 errors,6 drops
Input bandwidth utilization : 0.00%
Output bandwidth utilization : 0.00%
-----------------------------------------------------
PortName Status Weight
-----------------------------------------------------
GigabitEthernet1/0/1 UP 1
GigabitEthernet1/0/2 UP 1
GigabitEthernet1/0/3 DOWN 1
-----------------------------------------------------
The Number of Ports in Trunk : 3
The Number of UP Ports in Trunk : 2
Run the display interface brief command to view brief information about the Eth-Trunk
interface, including the physical status, link protocol status, bandwidth usage, and statistics about
error packets. For example:
<HUAWEI> display interface brief | begin Eth-Trunk
PHY: Physical
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
(b): BFD down
Run the display trunkfwdtbl eth-trunk command to view the forwarding table on the Eth-
Trunk interface. For example:
<HUAWEI> display trunkfwdtbl eth-trunk 1
Eth-Trunk1's forwarding table is:
MASTER SLAVE
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/2 GigabitEthernet1/0/1
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/2 GigabitEthernet1/0/1
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/2 GigabitEthernet1/0/1
GigabitEthernet1/0/2 GigabitEthernet1/0/1
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/2 GigabitEthernet1/0/1
GigabitEthernet1/0/2 GigabitEthernet1/0/1
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/2 GigabitEthernet1/0/1
GigabitEthernet1/0/2 GigabitEthernet1/0/1
GigabitEthernet1/0/1 GigabitEthernet1/0/2
Applicable Environment
As the volume of services deployed on networks expands, the bandwidth provided by a single
P2P physical link working in full-duplex mode cannot meet the requirement.
On the network shown in Figure 3-7, configure an Eth-Trunk interface working in manual load
balancing mode on each of the two directly-connected devices to implement load balancing.
Figure 3-7 Schematic diagram for Eth-Trunk interfaces in manual load balancing mode
Eth-Trunk1 Eth-Trunk1
PE1 GE 1/0/1 GE 1/0/1 PE2
GE 1/0/2 Eth-Trunk GE 1/0/2
GE 1/0/3 GE 1/0/3
CE1 CE2
user user
network 1 network 2
NOTE
An Eth-Trunk interface working in manual load balancing mode can contain member interfaces at different
rates, in different duplex modes, and on different boards.
Pre-configuration Tasks
Before configuring an Eth-Trunk interface to work in manual load balancing mode, connect
interfaces and configuring physical parameters for the interfaces to make sure that the physical
status of the interfaces is Up.
Data Preparation
To configure an Eth-Trunk interface to work in manual load balancing mode, you need the
following data.
No. Data
No. Data
3 l Public parameters for both Layer 2 and Layer 3 Eth-Trunk interfaces: minimum
number of Up member links and load balancing mode of the Eth-Trunk
interface
l Parameter for a Layer 2 Eth-Trunk interface: maximum number of Up member
links that determine the Eth-Trunk link bandwidth
l Parameters for a Layer 3 Eth-Trunk interface: IP address, MAC address, and
MTU of the Eth-Trunk interface
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface eth-trunk trunk-id
NOTE
Physical interfaces can be added to an Eth-Trunk interface regardless of which mode the Eth-Trunk
interface works in. If the Eth-Trunk interface needs to work in Layer 3 mode, skip this step and go to the
next step.
Step 4 Run:
mode manual load-balance
----End
Context
There are two methods for adding physical interfaces to an Eth-Trunk interface:
l Add physical interfaces in the view of the Eth-Trunk interface. Using this method, you can
add a single physical interface or physical interfaces in batches.
l Add a physical interface in the view of the physical interface. When adding physical
interfaces to an Eth-Trunk interface, note the following points:
– Eth-Trunk interfaces cannot be added to Eth-Trunk interfaces.
– Different Ethernet interfaces can be added to the same Eth-Trunk interface.
– Ethernet interfaces on different interface boards can be added to the same Eth-Trunk
interface.
– Eth-Trunk interfaces work in either Layer 2 or Layer 3 mode. Ethernet interfaces can
join an Eth-Trunk interface regardless of which mode the Eth-Trunk interface works
in.
NOTE
Procedure
l Add one or more physical interfaces in the Eth-Trunk interface view.
1. Run:
system-view
l Add a physical interface to an Eth-Trunk interface in the view of the physical interface.
1. Run:
system-view
NOTE
----End
Follow-up Procedure
You can configure Eth-Trunk member interfaces to send trap messages after the status of the
Eth-Trunk member interfaces changes. After receiving a trap message, check whether the device
fails or recovers.
If you need to know the status change of the member interface of a specified Eth-Trunk interface,
run the trunk-member trap in private-mib enable command to enable Eth-Trunk member
interfaces to use the proprietary MIB to send trap messages. The trap messages sent by using
the proprietary MIB carry Eth-Trunk IDs, whereas the trap messages sent by using the public
MIB do not carry Eth-Trunk IDs.
Prerequisites
An Eth-Trunk interface works in Layer 3 mode by default. Before configuring Layer 2
parameters for an Eth-Trunk interface, run the portswitch command to configure the Eth-Trunk
interface to work in Layer 2 mode.
Context
Different types of Eth-Trunk interfaces need to be configured with different parameters, shown
in Table 3-6. Configure the parameters as required.
Layer 2 Load balancing To ensure the bandwidth usage of each Eth-Trunk member
and mode link, configure per-packet load balancing.
Layer 3 l Using a packet (rather than a data flow) as the
Eth- transmission unit, per-packet load balancing disperses
Trunk and transmits packets among member links.
interface
s l Per-packet load balancing guarantees the bandwidth
usage but not the data sequence. It is applicable to the
scenario where the data sequence is not strictly
required.
To ensure that packets arrive at the destination in order,
configure per-destination load balancing.
l Per-destination load balancing differentiates data
flows based on MAC or IP addresses of packets to
ensure that the packets of the same data flow are
transmitted over the same member link.
l Per-destination load balancing guarantees the data
sequence but not the bandwidth usage.
Layer 2 Maximum number This parameter directly affects effective link bandwidth
Eth- of Up member links and indirectly affects interface costs. If the cost of an Eth-
Trunk that determine the Trunk needs to be changed for other configurations, such
interface Eth-Trunk link as STP calculation, this parameter must be configured.
bandwidth NOTE
After the number of Up member links that determine the Eth-
Trunk link bandwidth reaches the upper limit, the STP calculation
is not affected even if more member links go Up.
Layer 3 IP address of the Eth- IP addresses are assigned to Layer 3 Eth-Trunk interfaces
Eth- Trunk interface for data communication between network devices.
Trunk
interface MAC address of the When a Layer 3 router is connected to a Layer 2 switch
Eth-Trunk interface through two Eth-Trunk links to transmit different services,
if both Eth-Trunk interfaces on the router use the default
system MAC address, the switch can learn the system
MAC address from either of the two Eth-Trunk interfaces.
This probably causes a loop between the two devices. To
prevent loops, change the MAC address of an Eth-Trunk
interface as required. Configuring the source and
destination MAC addresses for the two Eth-Trunk links
guarantees transmission of service data flows and
improves network reliability.
If an Eth-Trunk interface is configured with a large
number of sub-interfaces, and the MAC address of the
Eth-Trunk interface is changed, it sends a large number of
ARP updates to its peer. If the peer is configured with the
Central Processing-Committed Access Rate (CP-CAR),
increasing bandwidth for receiving ARP packets is
recommended to prevent loss of ARP updates.
MTU of the Eth- Generally, the IP layer limits the length of a packet to be
Trunk interface sent each time. Any time the IP layer receives an IP packet
to be sent, it checks to which local interface the packet
needs to be sent and obtains the MTU configured on the
interface. Then, the IP layer compares the MTU with the
packet length. If the packet length is longer than the MTU,
the IP layer disassembles the packet to fragments, each no
longer than the MTU.
If forcible unfragmentation is configured, some packets
may be discarded when being transmitted at the IP layer.
To ensure that large packets are not discarded during
transmission, configure forcible fragmentation for large
packets.
Procedure
l Configure parameters for a Layer 2 Eth-Trunk interface.
1. Run:
system-view
1. Run:
system-view
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
distribute-weight weight-value
The load balancing weight is configured for the Eth-Trunk member interface.
The total load balancing weights of all member interfaces of an Eth-Trunk interface cannot be
greater than 16.
The Eth-Trunk interface performs load balancing based on the weights of its member interfaces.
The greater the weight of an Eth-Trunk member interface, the heavier the load carried by the
member interface.
NOTE
Assume that an Eth-Trunk interface transmits multicast traffic. If the distribute-weight command is run
to change the load balancing weight of its member interface, run the shutdown command and the undo
shutdown command to restart this member interface.
----End
Context
If Layer 2 switching devices belong to different VLANs, and hosts in the VLANs need to
communicate with each other, you need to create sub-interfaces on the Eth-Trunk interface
connecting a Layer 3 device to a Layer 2 switching device, bind a VLAN to each sub-interface,
configure 802.1Q encapsulation on the sub-interfaces, and assign an IP address to each sub-
interface.
After the configuration is complete, hosts in the VLANs can use these sub-interfaces to
communicate with each other. Eth-Trunk sub-interfaces can be configured to terminate dot1q
and QinQ VLAN tags.
After sub-interfaces are configured for Layer 2 Eth-Trunk interfaces, the Eth-Trunk interfaces
provide Layer 2 functions, and their sub-interfaces provide Layer 3 functions.
VPLS/MPLS/IP
PE1 PE2
Eth-Trunk
Sub-interface
Eth-Trunk
CE1 CE2
S1 S2 S3 S4
VLAN VLAN
NOTE
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface eth-trunk trunk-id.subnumber
Step 3 Run:
ip address ip-address { mask | mask-length } [ sub ]
When more than one IP address is configured for an Eth-Trunk interface, the keyword sub must
be used to indicate the second and later IP addresses.
Step 4 Run:
vlan-type dot1q vlan-id
The encapsulation type and associated VLAN ID is configured for the Eth-Trunk sub-interface.
By default, an Eth-Trunk sub-interface is not configured with any encapsulation types or
associated with any VLAN IDs.
The VLAN IDs associated with the two communicating Eth-Trunk sub-interfaces must be the
same.
The VLAN ID associated with a sub-interface of a Layer 2 Eth-Trunk interface cannot be the
VLAN ID associated with the Eth-Trunk interface.
NOTE
On the router, a sub-interface can be associated with only one VLAN ID.
For configurations of sub-interfaces for dot1q or QinQ VLAN tag termination, see QinQ
Configuration.
Step 5 Run:
mtu mtu
NOTE
The Quality of Service (QoS) queue length is limited. If the MTU is too small whereas the packet size is
large, the packet is probably divided into many fragments and discarded by the QoS queue. To avoid this
situation, lengthen the QoS queue accordingly.
Step 6 Run:
arp send-speed-limit limit
The rate at which the Eth-Trunk sub-interface sends gratuitous Address Resolution Protocol
(ARP) packets is configured.
The default rate is 2000 packets per second.
To prevent the peer from discarding gratuitous ARP packets, configure the rate at which the Eth-
Trunk sub-interface on the local end sends gratuitous ARP packets to a proper value so that the
peer can process all the gratuitous packets from the local end.
----End
Prerequisites
An Eth-Trunk interface in manual load balancing mode has been configured.
Procedure
l Run the display trunkmembership eth-trunk trunk-id command to check information
about member interfaces of the Eth-Trunk interface.
l Run the display eth-trunk [ trunk-id [ interface interface-type interface-number ] ]
command to check information about the Eth-Trunk link aggregation group and active
member interfaces.
l Run the display interface eth-trunk [ trunk-id | main ] command to check the status of
the Eth-Trunk interface.
l Run the display interface brief command to check brief information about the Eth-Trunk
interface, including the physical status, link protocol status, and bandwidth usage.
l Run the display trunkfwdtbl eth-trunk trunk-id [ slot slot-id ] command to check the
forwarding table on the Eth-Trunk interface.
----End
Example
Run the display trunkmembership eth-trunk command to view the configured working mode
and LACP system priority of the Eth-Trunk interface, LACP priority of each member interface,
and active member interfaces.
<HUAWEI> display trunkmembership eth-trunk 1
Trunk ID: 1
used status: VALID
TYPE: ethernet
Working Mode : Normal
Number Of Ports in Trunk = 3
Number Of UP Ports in Trunk = 3
operate status: up
Run the display eth-trunk command to check information about the Eth-Trunk link aggregation
group and active member interfaces.
<HUAWEI> display eth-trunk 1
Eth-Trunk1's state information is:
WorkingMode: NORMAL Hash arithmetic: According to flow
Least Active-linknumber: 1 Max Bandwidth-affected-linknumber: 16
Operate status: up Number Of Up Port In Trunk: 3
--------------------------------------------------------------------------------
PortName Status Weight
GigabitEthernet1/0/1 Up 1
GigabitEthernet1/0/2 Up 1
GigabitEthernet1/0/3 Up 1
Run the display interface eth-trunk command to view the status of the Eth-Trunk interface.
For example:
<HUAWEI> display interface eth-trunk 1
Eth-Trunk1 current state : UP
Line protocol current state : UP
Last line protocol up time: 2008-04-02, 11:00:19
Description : Eth-Trunk1 Interface
Route Port,Hash arithmatic : According to flow,The Maximum Transmit Unit is 1500
Internet protocol processing : disabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc09-9722
Physical is ETH_TRUNK
Run the display interface brief command to view brief information about the Eth-Trunk
interface, including the physical status, link protocol status, bandwidth usage, and statistics about
error packets. For example:
<HUAWEI> display interface brief | begin Eth-Trunk
PHY: Physical
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
(b): BFD down
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface PHY Protocol InUti OutUti inErrors outErrors
Eth-Trunk1 up up 0% 0% 0 0
GigabitEthernet1/0/1 up down 0% 0% 0 0
GigabitEthernet1/0/2 up down 0% 0% 0 0
GigabitEthernet1/0/3 up down 0% 0% 0 0
Eth-Trunk1.1 up up 0% 0% 0 0
Run the display trunkfwdtbl eth-trunk command to view the forwarding table on the Eth-
Trunk interface. For example:
<HUAWEI> display trunkfwdtbl eth-trunk 1
Eth-Trunk1's forwarding table is:
MASTER SLAVE
GigabitEthernet1/0/1 GigabitEthernet1/0/3
GigabitEthernet1/0/3 GigabitEthernet1/0/2
GigabitEthernet1/0/2 GigabitEthernet1/0/1
GigabitEthernet1/0/1 GigabitEthernet1/0/3
GigabitEthernet1/0/3 GigabitEthernet1/0/2
GigabitEthernet1/0/2 GigabitEthernet1/0/1
GigabitEthernet1/0/1 GigabitEthernet1/0/3
GigabitEthernet1/0/3 GigabitEthernet1/0/2
GigabitEthernet1/0/2 GigabitEthernet1/0/1
GigabitEthernet1/0/1 GigabitEthernet1/0/3
GigabitEthernet1/0/3 GigabitEthernet1/0/2
GigabitEthernet1/0/2 GigabitEthernet1/0/1
GigabitEthernet1/0/1 GigabitEthernet1/0/3
GigabitEthernet1/0/3 GigabitEthernet1/0/2
GigabitEthernet1/0/2 GigabitEthernet1/0/1
GigabitEthernet1/0/1 GigabitEthernet1/0/3
Applicable Environment
As the volume of services deployed on networks expands, higher network reliability is needed.
On the network shown in Figure 3-9, there are intermediate devices between the two devices
connected through two Eth-Trunk links. In this scenario, you can configure each Eth-Trunk
interface to work in manual 1:1 active/standby mode. The networking provides an active link
as well as a standby link for data transmission.
Figure 3-9 Schematic diagram for Eth-Trunk interfaces in manual 1:1 active/standby mode
PE3
GE2/0/1 GE2/0/2
k Act
e lin iv e li
A ctiv GE2/0/3 nk
GE1/0/1 GE1/0/1
GE1/0/2 GE1/0/2
Bac GE2/0/3 nk
kup ku p li
link Bac
GE2/0/1 GE2/0/2
PE4
NOTE
Ethernet interfaces on different boards, at different rates, or in different duplex modes can be added to the
same Eth-Trunk interface working in manual 1:1 active/standby mode.
Pre-configuration Tasks
Before configuring an Eth-Trunk interface to work in manual 1:1 active/standby mode, connect
interfaces and configuring physical parameters for the interfaces to make sure that the physical
status of the interfaces is Up.
Data Preparation
To configure an Eth-Trunk interface to work in manual 1:1 active/standby mode, you need the
following data.
No. Data
4 Control VLAN ID
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface eth-trunk trunk-id
Step 3 Run:
portswitch
Step 4 Run:
mode manual backup
----End
Context
There are two methods for adding physical interfaces to an Eth-Trunk interface:
l Add physical interfaces in the view of the Eth-Trunk interface. Using this method, you can
add a single physical interface or physical interfaces in batches.
l Add a physical interface in the view of the physical interface. When adding physical
interfaces to an Eth-Trunk interface, note the following points:
– Eth-Trunk interfaces cannot be added to Eth-Trunk interfaces.
– Different Ethernet interfaces can be added to the same Eth-Trunk interface.
– Ethernet interfaces on different interface boards can be added to the same Eth-Trunk
interface.
NOTE
Procedure
l Add one or more physical interfaces in the Eth-Trunk interface view.
1. Run:
system-view
l Add a physical interface to an Eth-Trunk interface in the view of the physical interface.
1. Run:
system-view
NOTE
----End
Follow-up Procedure
You can configure Eth-Trunk member interfaces to send trap messages after the status of the
Eth-Trunk member interfaces changes. After receiving a trap message, check whether the device
fails or recovers.
If you need to know the status change of the member interface of a specified Eth-Trunk interface,
run the trunk-member trap in private-mib enable command to enable Eth-Trunk member
interfaces to use the proprietary MIB to send trap messages. The trap messages sent by using
the proprietary MIB carry Eth-Trunk IDs, whereas the trap messages sent by using the public
MIB do not carry Eth-Trunk IDs.
Procedure
Step 1 Run:
system-view
Step 2 Run:
vlan vlan-id
The control VLAN is used to send SmartLink Flush packets between Eth-Trunk interfaces in
manual 1:1 master/backup mode. The control VLAN ID must be the same as the VLAN ID of
sent SmartLink Flush packets.
Step 3 Run:
quit
Step 4 Run:
interface eth-trunk trunk-id
Step 5 Run:
port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }
The Eth-Trunk interface is enabled to allow packets from the control VLAN to pass through.
The control VLAN ID must be the same as the VLAN ID carried in a Flush packet.
Step 6 Run:
smart-link flush send vlan vlan-id
----End
Context
In normal situations, the master member interface in an Eth-Trunk interface in manual 1:1
master/backup mode is active and can forward data. The backup member interface is inactive
and cannot forward data. To change the backup interface to the master interface, perform either
of the following operations:
l Run the undo port-master command in the master interface view to delete the master
interface configuration, and run the port-master command in the backup interface view to
specify the interface as the master interface. Specifying a new master interface causes a
short data interruption.
l Run the protect-switch command in the view of the Eth-Trunk interface in manual 1:1
master/backup mode to manually switch the active and inactive interfaces. Each time the
protect-switch command is run, the active and inactive interfaces are switched once. This
switching does not cause any data interruption.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Of the two member interfaces, only one can be configured as the active member interface.
----End
Follow-up Procedure
If the master member interface fails, it becomes inactive. If the master member interface
recovers, it needs to become active again. You can run the preempt enable [ delay delay-
time ] command in the view of the Eth-Trunk interface in manual 1:1 master/backup mode to
enable delayed switchback and also specify a switchback delay for the master member interface.
l If you want the master member interface to become active immediately after it recovers,
you do not need to specify a switchback delay.
l If you want the recovered master member interface to become active after a delay, specify
a switchback delay.
Procedure
Step 1 Run:
system-view
Step 2 Run:
vlan vlan-id
The control VLAN is used to send SmartLink Flush packets between Eth-Trunk interfaces in
manual 1:1 master/backup mode. The control VLAN ID must be the same as the VLAN ID of
sent SmartLink Flush packets.
Step 3 Run:
quit
Step 4 Run:
interface interface-type interface-number
The interface view is displayed. The intermediate devices' interfaces that connect to the Eth-
Trunk interfaces at both ends of the Eth-Trunk link as well as the intermediate devices' interfaces
that connect to each other must all be specified.
Step 5 Run:
portswitch
Step 6 Run:
port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] }&<1-10> | all }
The interface is enabled to allow packets from the control VLAN to pass through.
The VLAN ID of received and sent SmartLink Flush packets must be the same.
Step 7 Run:
smart-link flush enable control-vlan vlan-id
----End
Prerequisites
An Eth-Trunk interface in manual 1:1 active/standby mode has been configured.
Procedure
l Run the display trunkmembership eth-trunk trunk-id command to check information
about member interfaces of the Eth-Trunk interface.
l Run the display eth-trunk [ trunk-id [ interface interface-type interface-number ] ]
command to view information about the Eth-Trunk link aggregation group and active
member interfaces.
l Run the display interface eth-trunk [ trunk-id | main ] command to check the status of
the Eth-Trunk interface.
l Run the display interface brief command to check brief information about the Eth-Trunk
interface, including the physical status, link protocol status, and bandwidth usage.
l Run the display trunkfwdtbl eth-trunk trunk-id [ slot slot-id ] command to check the
forwarding table on the Eth-Trunk interface.
----End
Example
Run the display trunkmembership eth-trunk command to view the configured working mode
and LACP system priority of the Eth-Trunk interface, LACP priority of each member interface,
and active member interfaces.
<HUAWEI> display trunkmembership eth-trunk 1
Trunk ID: 1
used status: VALID
TYPE: ethernet
Working Mode : Backup-access
Working State: Master
Number Of Ports in Trunk = 2
Number Of UP Ports in Trunk = 2
operate status: up
Run the display eth-trunk command to view information about the Eth-Trunk link aggregation
group and active member interfaces.
<HUAWEI> display eth-trunk 1
Eth-Trunk1's state information is:
WorkingMode: BACKUP
WorkingState: Master
--------------------------------------------------------------------------------
PortName Slave/Master
GigabitEthernet1/0/1 M
GigabitEthernet1/0/2 S
Run the display interface eth-trunk command to view the status of the Eth-Trunk interface.
For example:
<HUAWEI> display interface eth-trunk 1
Eth-Trunk1 current state : UP
Line protocol current state : UP
Description:HUAWEI, Eth-Trunk1 Interface
Switch Port,Hash arithmetic : According to flow,Maximal BW: 2G, Current BW: 2G,
The Maximum Transmit Unit is 1500
Internet protocol processing : disabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-3063-7200
Physical is ETH_TRUNK
-----------------------------------------------------
PortName Status Weight
-----------------------------------------------------
GigabitEthernet1/0/1 UP 1
GigabitEthernet1/0/2 UP 1
-----------------------------------------------------
The Number of Ports in Trunk : 2
The Number of UP Ports in Trunk : 2
Run the display interface brief command to view brief information about the Eth-Trunk
interface, including the physical status, link protocol status, bandwidth usage, and statistics about
error packets. For example:
<HUAWEI> display interface brief | begin Eth-Trunk
PHY: Physical
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
(b): BFD down
(e): ETHOAM down
(d): Dampening Suppressed
InUti/OutUti: input utility/output utility
Interface PHY Protocol InUti OutUti inErrors outErrors
Eth-Trunk1 up up 0% 0% 0 0
GigabitEthernet1/0/1 up down 0% 0% 0 0
GigabitEthernet1/0/2 up down 0% 0% 0 0
Run the display trunkfwdtbl eth-trunk command to view the forwarding table on the Eth-
Trunk interface. For example:
<HUAWEI> display trunkfwdtbl eth-trunk 1
Eth-Trunk1's forwarding table is:
MASTER SLAVE
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/1 GigabitEthernet1/0/2
GigabitEthernet1/0/1 GigabitEthernet1/0/2
Usage Scenario
On the network shown in Figure 3-10, a non-Huawei device uses master and backup interfaces
(both in the Up state) to directly connect to a Huawei device. However, communication may fail
because Huawei engineers cannot identify the master and backup interfaces on the connected
non-Huawei device during network planning or maintenance and therefore cannot correctly
specify the master and backup interfaces when configuring the Eth-Trunk interface in manual
1:1 master/backup mode.
Figure 3-10 Configuring an Eth-Trunk interface in manual 1:1 master/backup mode to connect
to a non-Huawei device
non-
Huawei Huawei
Master device
device
interface
Slave
interface
To address this problem, run the inactive-port shutdown enable command on the Huawei
device to forcibly set the backup member interface in the Eth-Trunk interface in manual 1:1
master/backup mode to the Down state. This configuration allows the non-Huawei device to
communicate with the Huawei device both through the master interfaces, ensuring
communication.
If the master member interface for forwarding traffic fails, the system automatically disables the
forcible Down state of the backup member interface and restores the backup member interface
to the Up state so that it can communicate with the non-Huawei device.
NOTE
The inactive-port shutdown enable and preempt enable commands are mutually exclusive in this
scenario.
Procedure
Step 1 Run:
system-view
Step 5 Run:
inactive-port shutdown enable
The backup member interface in the Eth-Trunk interface that works in manual 1:1 master/backup
mode is forcibly set to the Down state.
Step 6 Run:
trunkport interface-type { interface-number1 [ to interface-number2 ] } &<1-16>
A maximum of two interfaces can be added to or deleted from an Eth-Trunk interface in a batch.
NOTE
Before adding an interface to an Eth-Trunk interface, ensure that the following condition is met:
l Member interfaces cannot be configured with services or Layer 3 configurations such as IP addresses.
l Member interfaces cannot be manually configured with MAC addresses.
l An Ethernet interface can be added to only one Eth-Trunk interface. The Ethernet interface must be
deleted from the original Eth-Trunk interface before joining another Eth-Trunk interface.
l Before adding a Layer 2 interface on the router to an Eth-Trunk interface, run the undo portswitch
command to configure the Eth-Trunk interface to work in Layer 3 mode.
An interface can be added to an Eth-Trunk interface in the Eth-Trunk interface view or in the interface
view. For details, see 3.4.3 Adding Physical Interfaces to the Eth-Trunk Interface.
Step 7 Run:
quit
Step 8 Run:
interface interface-type interface-number
Step 9 Run:
port-master
Only one master interface can be specified between the two member interfaces in an Eth-Trunk
interface in manual 1:1 master/backup mode.
----End
Run the display interface command. The command output shows that the interface status is
TRUNK BACKUP DOWN.
<HUAWEI> display interface gigabitethernet1/0/1
Usage Scenario
On a live network, many users lease only one link to carry their services, posing a risk of service
interruption. To improve service transmission reliability, a device must support board
redundancy.
On the network shown in Figure 3-11, a downstream CE is connected to a passive optical splitter
(POS). The POS changes one channel of optical signals to two channels, which then connect to
two different boards on an upstream PE. To implement board redundancy for the upstream PE,
you can configure an Eth-Trunk interface on the PE to work in inter-board interface standby
mode and add the interfaces on the two boards to the Eth-Trunk interface.
Eth-Trunk
port1
Master link
Pre-configuration Tasks
Before configuring an Eth-Trunk interface to work in inter-board interface standby mode,
connect interfaces and set their physical parameters to ensure that their physical status is Up.
Data Preparation
To complete the configuration, you need the following data:
No. Data
1 Eth-Trunk interface ID
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface eth-trunk trunk-id
Step 3 Run:
mode manual port-standby
----End
Context
Two methods are available for adding member interfaces to an Eth-Trunk interface:
l In the Eth-Trunk interface view, add member interfaces to an Eth-Trunk interface either in
batches or one by one.
l In the view of an interface, add the interface as a member interface to an Eth-Trunk interface.
When adding member interfaces to an Eth-Trunk interface, note the following:
– An Eth-Trunk interface cannot be added to another Eth-Trunk interface.
– Interfaces to be added to an Eth-Trunk interface must reside on different boards.
NOTE
After interfaces are added to an Eth-Trunk interface, the following situations occur:
l If the Eth-Trunk interface is shut down using the shutdown command, the physical status of both
the Eth-Trunk interface and member interfaces becomes Administratively DOWN, and the
shutdown command configuration is automatically generated for the member interfaces in the
configuration file.
l If the Eth-Trunk interface is enabled using the undo shutdown command, the undo shutdown
command configuration is automatically generated for the member interfaces in the configuration
file.
If only one interface is added to an Eth-Trunk interface in inter-board interface standby mode, disabling
the interface that is not added to the Eth-Trunk interface from sending optical signals is recommended to
prevent optical signal interference and traffic transmission unstability.
Procedure
l Add member interfaces in the view of an Eth-Trunk interface.
1. Run:
system-view
system-view
NOTE
----End
Context
In normal situations, the master member interface in an Eth-Trunk interface in inter-board
interface standby mode is active and used to forward data. The backup member interface is
inactive and does not forward data. To change the backup interface to the master interface,
perform either of the following operations:
l Run the undo port-master command in the master interface view to delete the master
interface configuration, and run the port-master command in the backup interface view
to specify the desired interface as the master member interface.
l Run the protect-switch command in the view of the Eth-Trunk interface in inter-board
interface standby mode to manually switch the active and inactive interfaces. Each time
the protect-switch command is executed, the active and inactive interfaces are switched
once.
NOTE
Performing either of the preceding operations will cause a short data interruption.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
----End
Prerequisites
Configurations of an Eth-Trunk interface in inter-board interface standby mode have been
complete.
Procedure
l Run the display eth-trunk [ trunk-id [ interface interface-type interface-number ] ]
command to check the configurations of an Eth-Trunk interface in inter-board interface
standby mode.
l Run the display trunk membership eth-trunk trunk-id command to check information
about the Eth-Trunk interface and its member interfaces.
l Run the display trunkfwdtbl eth-trunk trunk-id command to check information about the
Eth-Trunk forwarding table.
----End
Example
# Run the display eth-trunk command. The command output shows that the Eth-Trunk interface
works in inter-board interface standby mode and its working status is Slave. The output also
shows member interface information.
<HUAWEI> display eth-trunk 10
Eth-Trunk10's state information is:
WorkingMode: PORT-STANDBY
WorkingState: Slave
--------------------------------------------------------------------------------
PortName Slave/Master
GigabitEthernet1/0/1 M
GigabitEthernet2/0/1 S
# Run the display trunkmembership eth-trunk command. The command output shows
information about the Eth-Trunk interface and its member interfaces.
<HUAWEI> display trunkmembership eth-trunk 10
Trunk ID: 10
Used status: VALID
TYPE: ethernet
Working Mode : Port-standby
Working State: Slave
Number Of Ports in Trunk = 2
Number Of Up Ports in Trunk = 2
Operate status: up
# Run the display trunkfwdtbl eth-trunk command. The command output shows information
about the Eth-Trunk forwarding table.
<HUAWEI> display trunkfwdtbl eth-trunk 10
Eth-Trunk10's forwarding table is:
MASTER SLAVE
GigabitEthernet2/0/1 GigabitEthernet1/0/1
GigabitEthernet2/0/1 GigabitEthernet1/0/1
GigabitEthernet2/0/1 GigabitEthernet1/0/1
GigabitEthernet2/0/1 GigabitEthernet1/0/1
GigabitEthernet2/0/1 GigabitEthernet1/0/1
GigabitEthernet2/0/1 GigabitEthernet1/0/1
GigabitEthernet2/0/1 GigabitEthernet1/0/1
GigabitEthernet2/0/1 GigabitEthernet1/0/1
GigabitEthernet2/0/1 GigabitEthernet1/0/1
GigabitEthernet2/0/1 GigabitEthernet1/0/1
GigabitEthernet2/0/1 GigabitEthernet1/0/1
GigabitEthernet2/0/1 GigabitEthernet1/0/1
GigabitEthernet2/0/1 GigabitEthernet1/0/1
GigabitEthernet2/0/1 GigabitEthernet1/0/1
GigabitEthernet2/0/1 GigabitEthernet1/0/1
GigabitEthernet2/0/1 GigabitEthernet1/0/1
Applicable Environment
Reliable networking usually integrates device-level reliability and link-level reliability. In
certain scenarios where the VRRP technology is used for device-level reliability and the trunk
technology is used for link-level reliability, traffic on the master device and active link cannot
be switched to the slave device and standby link at the same time when a fault occurs on the
master device or the active link. As a result, traffic is interrupted. To solve this problem, you
can associate trunk with VRRP.
IP/MPLS IP/MPLS
Core Core
CE CE
Active link
Standby link
Eth-Trunk interface
VRRP-tracked interface
To implement this networking, ensure that the switchover of the master and slave devices and
the switchover of the active and standby links are performed at the same time. When UPE1
functions as the master device, the link between the CE and UPE1 must be the active link.
Otherwise, traffic is interrupted. If UPE1 becomes slave whereas the link between the CE and
UPE1 still functions as the active link, traffic is still transmitted along this link to UPE1. The
slave device UPE1, however, does not forward packets, which causes traffic interruption.
NOTE
l Though the Eth-Trunk technology is a point-to-point technology, and the networking is a point-to-
multipoint networking, the Eth-Trunk technology still functions well in this networking. VRRP
configured on UPEs groups the UPEs into a virtual router, which makes this networking still a P2P
networking for the Eth-Trunk technology.
l Eth-Trunk interfaces configured on the CE and UPEs must be in static LACP mode. The master/slave
UPEs require the active/standby links, and only Eth-Trunk links in static LACP mode can work in
active/standby mode.
l An mVRRP backup group must be configured on directly-connected UPEs to implement fast
switchover in the VRRP backup group.
An mVRRP backup group ignores the event that an interface goes Down. When the interface where
the mVRRP backup group resides goes Down, the VRRP backup group rapidly changes to Master but
not Initialize.
VRRP can track the status of Eth-Trunk member interfaces on the local device. When the master
device or the active link becomes faulty, the backup device and standby link become master and
active at the same time. In the following situations, however, the switchovers cannot occur at
the same time.
l When the upstream interface on the master UPE becomes faulty, the device switchover
occurs but the link switchover does not occur.
l When the device switchover occurs after the priorities of the master and backup UPEs are
changed, the link switchover does not occur.
To solve the problem of traffic interruption caused by asynchronous switchovers in the integrated
networking, Huawei provides the technology that associates an Eth-Trunk interface in static
LACP mode with an mVRRP backup group.
When the upstream interface on the master device becomes faulty or the network is adjusted,
the master device in the mVRRP backup group becomes backup. This allows the Eth-Trunk
interface associated with the mVRRP backup group to rapidly detect the status change of the
mVRRP backup group and perform the link switchover between the active and standby Eth-
Trunk links. This ensures reliable traffic transmission.
NOTE
On a dual-homing network, besides associating an Eth-Trunk interface in static LACP mode with an
mVRRP backup group, you can use only the Eth-Trunk technology to implement both device-level and
link-level reliability. For configurations about E-Trunk, see 3.9 Configuring an E-Trunk.
Pre-configuration Tasks
Before associating an Eth-Trunk interface in static LACP mode with an mVRRP backup group,
complete the following tasks:
Data Preparation
To associate an Eth-Trunk interface in static LACP mode with an mVRRP backup group, you
need the following data.
No. Data
1 Types and numbers of tracked Eth-Trunk member interfaces in static LACP mode,
VRRP backup group ID, and priorities of devices in the VRRP backup group
2 ID of the Eth-Trunk interface in static LACP mode, number of the mVRRP backup
group that is associated with the Eth-Trunk interface in static LACP mode, and types
and numbers of tracked Eth-Trunk member interfaces
Context
A VRRP backup group can track a maximum of eight interfaces in either Increase or Reduce
mode.
l When the increased mode is used and the tracked interface goes Down, the priority of the
VRRP backup group on the device increases.
increased value-increased specifies the value added to the current priority value each time
the tracked interface goes Down. The value ranges from 1 to 255.
l When the reduced mode is used and the tracked interface goes Down, the priority of the
VRRP backup group on the device where the tracked interface resides reduces.
reduced value-increased specifies the value deducted from the current priority value each
time the tracked interface goes Down. The value ranges from 1 to 255.
l The interface specified by the interface interface-type interface-number parameter must
be a member interface of an Eth-Trunk interface in static LACP mode.
NOTE
You are recommended to configure reduced value-reduced on the interface on which the VRRP backup
group is configured when the device where the interface resides has the active Eth-Trunk link, and configure
increased value-increased on the interface on which the VRRP backup group is configured when the device
where the interface resides has the standby Eth-Trunk link.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
The view of the interface where the VRRP backup group resides is displayed.
Step 3 Run:
vrrp vrid virtual-router-id track interface interface-type interface-number
[ increased value-increased | reduced value-reduced ]
A VRRP backup group is configured to track the status of member interfaces of the Eth-Trunk
interface in static LACP mode.
By default, when the tracked interface goes Down, the priority of the VRRP backup group on
the interface reduces by 10.
NOTE
For details about the interface status tracking by VRRP, see Associating a VRRP IPv4 Backup Group with
a VRRP-Disabled Interface and Associating a VRRP IPv6 Backup Group with a VRRP-Disabled Interface.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface eth-trunk trunk-id
Step 3 Run:
lacp track vrrp vrid vrid interface interface-type interface-number
The Eth-Trunk interface in static LACP mode is associated with an mVRRP backup group.
l The ID specified by vrid vrid must be the ID of the mVRRP backup group.
l The interface specified by interface interface-type interface-number must be the interface
where the mVRRP backup group function is configured.
----End
Prerequisites
Associating an Eth-Trunk interface in static LACP mode with an mVRRP backup group has
been configured.
Procedure
l Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ]
[ brief ] command to check the status and configurations of the current VRRP backup
group.
l Run the display eth-trunk [ trunk-id [ interface interface-type interface-number |
verbose ] ] command to check the configurations of the Eth-Trunk interface in static LACP
mode and information about its member interfaces.
----End
Example
Run the display vrrp command to view the status and type of the VRRP backup group as well
as the types, numbers, and status of the Eth-Trunk member interfaces that are tracked by the
VRRP backup group.
<HUAWEI> display vrrp
GigabitEthernet1/0/3 | Virtual Router 1
State : Master
Virtual IP : 1.1.1.10
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 0
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Config type : admin-vrrp
Track IF : GigabitEthernet1/0/1 priority reduced : 40
IF State : UP
Track IF : GigabitEthernet1/0/2 priority reduced : 40
IF State : UP
Config track link-bfd down-number : 0
Run the display eth-trunk command to view the working mode of the Eth-Trunk interface and
information about its member interfaces.
<HUAWEI> display eth-trunk 20
Eth-Trunk20's state information is:
Local:
LAG ID: 20 WorkingMode: STATIC
Preempt Delay: Disabled Hash arithmetic: According to flow
System Priority: 32768 System ID: 00e0-6923-4900
Least Active-linknumber: 1 Max Active-linknumber: 16
Operate status: up Number Of Up Port In Trunk: 2
--------------------------------------------------------------------------------
ActorPortName Status PortType PortPri PortNo PortKey PortState Weight
GigabitEthernet1/0/1 Selected 1GE 32768 257 5169 10111100 1
GigabitEthernet1/0/2 Selected 1GE 32768 258 5169 10111100 1
Partner:
--------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo PortKey
PortState
Usage Scenario
On the network shown in Figure 3-13, NPE1 and NPE2 are non-Huawei devices, and PE1 and
PE2 are Huawei devices. NPE1 and NPE2 are respectively connected to PE1 and PE2 through
Eth-Trunk links. A unicast VRRP backup group is configured on PE1 and PE2 with PE1
functioning as the master device and PE2 functioning as the backup device.
The unicast VRRP backup group monitors the status of PE1 and PE2 and interfaces on PE1 and
PE2. If the user-side interface on PE1 fails, NPE1 can rapidly perform a master/backup link
switchover on the user side using its own security function. This ensures reliable service
transmission. However, NPE1 is unaware of the status change of the unicast VRRP backup group
in the following conditions and will continue forwarding traffic along the original faulty link,
causing a traffic interruption.
To prevent traffic interruptions, associate the Eth-Trunk interfaces in static LACP with the
unicast VRRP backup group. If the status of the unicast VRRP backup group changes from
master to backup, the associated Eth-Trunk interface on the master device can quickly detect
the status change. In this way, NPE1 connected to the Eth-Trunk interface can detect that a fault
occurs and promptly performs a master/backup link switchover using its own security function,
thereby ensuring proper traffic transmission.
Figure 3-13 Associating an Eth-Trunk interface in static LACP mode with a unicast VRRP
backup group
IP Core
P1 P2
Eth-Trunk
NPE1 NPE2
non-Huawei Metro Network non-Huawei
device device
CE1 CE2
NOTE
A unicast VRRP backup group applies to a Layer 3 network, whereas a common VRRP backup group
applies to a Layer 2 network. This is because a common VRRP backup group is a multicast VRRP backup
group and sends only multicast VRRP Advertisement packets within a broadcast domain, such as a VLAN
or a VSI.
For detailed information about a unicast VRRP backup group, see Unicast VRRP.
Pre-configuration Tasks
Before associating an Eth-Trunk interface in static LACP mode with a unicast VRRP backup
group, complete the following tasks:
l Configure an Eth-Trunk interface to work in static LACP mode.
l Configure a unicast VRRP backup group.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface eth-trunk trunk-id
The Eth-Trunk interface in static LACP mode is associated with a unicast VRRP backup group.
A unicast VRRP backup group can be created only on loopback interfaces.
----End
Follow-up Procedure
Configure a unicast VRRP backup group on PE1 and PE2 to monitor the status of a member
interface of the Eth-Trunk interfaces in static LACP mode. As shown in the preceding figure in
which PE1 functions as the master device and PE2 functions as the backup device, if a member
interface of the Eth-Trunk interface on PE1 fails, the unicast VRRP backup group immediately
performs a master/backup switchover after detecting that the member interface status has
changed. The configurations are as follows:
1. Run the system-view command to enter the system view.
2. Run the interface loopback loopback-number command to enter the view of the loopback
interface on which a unicast VRRP backup group is configured.
3. Run the vrrp vrid virtual-router-id track interface interface-type interface-number
[ increased value-increased | reduced value-reduced ] command to configure the unicast
VRRP backup group to monitor the status of a member interface of the Eth-Trunk interface
in static LACP mode.
The interface specified by interface interface-type interface-number must be a member
interface of the Eth-Trunk interface in static LACP mode.
NOTE
By default, the VRRP priority decreases by 10 if an interface monitored by a unicast VRRP backup
group goes Down. You are advised to specify reduced value-reduced on the monitored interface of
the master device in the unicast VRRP backup group, and specify increased value-increased on the
monitored interface of the backup device in the unicast VRRP backup group.
Applicable Environment
In this example, Eth-Trunk interfaces in static LACP mode are added to an E-Trunk. E-Trunk
is used to perform link or node protection in the networking where a CE is dual-homed to two
PEs on a Virtual Private LAN Service (VPLS), Virtual Leased Line (VLL), or Pseudo-Wire
Emulation Edge to Edge (PWE3) network. As shown in Figure 3-14, E-Trunk is used to perform
link protection in the networking where a CE is dual-homed to two PEs on the L2VPN network.
The CE is dual-homed to PE1 and PE2 through respective Eth-Trunk interfaces in static LACP
mode. The two Eth-Trunk interfaces compose an E-Trunk.
E-Trunk1
MPLS/IP core
CE
NOTE
Currently, only global VE and Eth-Trunk interfaces can be added to an E-Trunk. Global VE interfaces can
be added to an E-Trunk only in scenarios where an L2VPN is used to provide access to an L3VPN.
Pre-configuration Tasks
Before configuring an E-Trunk, complete the following task:
Data Preparation
To configure an E-Trunk, you need the following data.
No. Data
3 E-Trunk priority, IP addresses of the local and peer ends, identifier of the BFD
session bound to the E-Trunk, password for encrypting packets, interval at which
Hello packets are sent, time multiplier for detecting Hello packets, and switchover
delay time
Context
A BFD session can be bound to an E-Trunk in either of the following modes:
l Manually create a BFD session and bind it to an E-Trunk.
1. Manually create a BFD session, which is also called a static BFD session. The type
of the BFD session must be BFD for IP.
2. Manually bind the BFD session to an E-Trunk.
l Enable a device to automatically create a BFD session and bind the session to an E-Trunk.
After a device is enabled to create a dynamic BFD session, the device automatically creates
a BFD session and binds it to an E-Trunk.
Procedure
l Manually create a BFD session and bind it to an E-Trunk.
1. Run:
system-view
The device is enabled to create a dynamic BFD session. The device automatically
creates a BFD session and binds it to an E-Trunk.
By default, a device is disabled from creating a dynamic BFD session.
For example, an E-Trunk is deployed on PE1 and PE2. To enable a dynamic BFD
session to rapidly detect the changes in the user-side interface on a PE, run the e-trunk
bfd enable track interface interface-type interface-number command to associate
the dynamic BFD session with the interface.
5. (Optional) Run:
e-trunk bfd { detect-multiplier multiplier | min-rx-interval interval |
min-tx-interval interval }*
The local detection multiplier, minimum interval between receiving BFD packets, and
minimum interval between sending BFD packets are set for the dynamic BFD session.
The default local detection multiplier, minimum interval between receiving BFD
packets, and minimum interval between sending BFD packets are 3, 10 ms, and 10
ms, respectively.
You can set proper BFD session parameters as required.
If a device does not receive BFD packets from its peer within a specified detection
period, the device considers the link faulty and sets the BFD session to Down. To
reduce system resource consumption, the device automatically changes the local
receive interval to a random value greater than 1000 ms after detecting that the BFD
session goes Down. When the BFD session goes Up again, the device restores the
configured receive interval.
– Interval between sending BFD packets = max (Local minimum interval between
sending BFD packets, Peer minimum interval between receiving BFD packets)
– Interval between receiving BFD packets = max (Peer minimum interval between
sending BFD packets, Local minimum interval between receiving BFD packets)
– Detection period = Peer detection multiplier x max (Peer minimum interval
between sending BFD packets, Local minimum interval between receiving BFD
packets)
----End
Context
The two devices on which an E-Trunk is deployed must have the same E-Trunk ID, whereas the
member interfaces of the E-Trunk can have the same or different IDs. If the member interfaces
have different IDs, you must specify the ID of the remote member interface when adding a local
member interface to the E-Trunk.
Procedure
l Add Eth-Trunk interfaces to an E-Trunk:
1. Run:
system-view
NOTICE
If an Eth-Trunk in static LACP mode is added to an E-Trunk, do not configure the
maximum number of active links for the Eth-Trunk on the user-side device. Otherwise,
active interfaces are incorrectly selected during LACP negotiation, affecting service
forwarding.
3. Run:
e-trunk e-trunk-id [ remote-eth-trunk eth-trunk-id ]
one device must be specified as the remote Eth-Trunk interfaces on the other device
so that the E-Trunk can work properly.
l Add a global VE interface to an E-Trunk:
1. Run:
system-view
----End
Procedure
l Configure E-Trunk parameters in the system view.
After Eth-Trunk interfaces in static LACP mode are added to an E-Trunk, they exchange
LACPDUs carrying the system ID and LACP priority. The two devices in an E-Trunk must
be configured with the same system ID and LACP priority.
E-Trunk is a Huawei proprietary protocol. The default UDP port number 1025 used to send
and receive E-Trunk packets may conflict with the UDP port number used by another
protocol. To ensure forwarding of E-Trunk packets, change the UDP port number used to
send and receive E-Trunk packets.
1. Run:
system-view
Configure lacp e-trunk system-id The master and backup devices of the E-
the LACP mac-address Trunk must be configured with the same
system ID system ID.
of the E- NOTE
Trunk If the Eth-Trunk interfaces in manual load
balancing mode or global VE interface are
added to an E-Trunk, this step can be
skipped.
By default, the MAC address of the
Ethernet interface on the MPU/SRU is
used as the system ID of the E-Trunk.
Configure lacp e-trunk priority The master and backup devices of the E-
the LACP priority Trunk must be configured with the same
priority of LACP priority.
the E-Trunk NOTE
If the Eth-Trunk interfaces in manual load
balancing mode or global VE interface are
added to an E-Trunk, this step can be
skipped.
By default, the LACP priority value of
the E-Trunk is 32768.
UDP port e-trunk port port- The two devices in an E-Trunk must
number number have the same UDP port number. If you
used to send The port-number value is change the UDP port number when E-
and receive in the range of 1025 to Trunk is running, complete the change
E-Trunk 65535. If the UDP port before E-Trunk negotiation times out.
packets number in this range is If you change the UDP port number
used by another protocol, when E-Trunk is running, the two
the port number cannot devices in the E-Trunk may not be able
be used to send or receive to communicate. If E-Trunk negotiation
E-Trunk packets. times out, both devices in the E-Trunk
may become master devices.
By default, the UDP port number 1025
is used to send and receive E-Trunk
packets.
Configure timer hello hello-value If the peer device is the backup and does
the internal not receive Hello packets sent by the
at which local device within the timeout period,
Hello the peer device becomes the master after
packets are timeout. The timeout period referred to
send in this case is contained in the Hello
packet sent by the peer device rather
than the local device.
If the Hello packet from the peer device
does not contain the timeout period, the
timeout period of the local device is
used.
NOTE
Timeout period = Interval at which Hello
packets are sent x Time multiplier for
detecting Hello packets You are
recommended to set the Timeout period to
larger than 5 minutes.
By default, the value is 10, in 100 ms,
meaning Hello packets are sent at 1s.
Configure timer hold-on-failure The peer end checks the timeout period
the time multiplier multiplier contained in received packets to check
multiplier whether the local device times out. If the
for peer device is in the backup state and
detecting does not receive any Hello packets from
Hello the local end within the timeout period,
packets the device enters the master state.
By default, the time multiplier for
detecting Hello packets is 20.
----End
Context
If a member interface in an E-Trunk works in automatic mode or is switched to the automatic
mode from the forcible master or backup mode, the master/backup status of the member interface
is determined by the master/backup status of the local E-Trunk and the peer member interface
status.
l If the local E-Trunk works in master mode, the local member interface also works in master
mode.
l If the local E-Trunk works in backup mode and the peer member interface fails, the local
member interface works in master mode. If the local member interface receives a recovery
message from the peer member interface, the local member interface enters the backup
mode.
By default, an E-Trunk member interface works in automatic mode. After the working mode of
an E-Trunk member interface is changed, the working mode of the member interface
automatically returns to the automatic mode once the member interface is removed from the E-
Trunk.
When E-Trunk member interfaces work in automatic mode, a change in the interval at which
Hello packets are exchanged or the timeout period will result in master/backup status flapping.
Therefore, configure the member interfaces to work in forcible master/backup mode before
changing the interval at which Hello packets are exchanged. After master/backup status
negotiation is complete, restore the member interfaces to the automatic mode.
Procedure
l Configure a working mode for a member Eth-Trunk interface of an E-Trunk.
1. Run:
system-view
NOTICE
If an Eth-Trunk in static LACP mode is added to an E-Trunk, do not configure the
maximum number of active links for the Eth-Trunk on the user-side device. Otherwise,
active interfaces are incorrectly selected during LACP negotiation, affecting service
forwarding.
3. Run:
e-trunk mode { auto | force-master | force-backup }
A working mode is configured for the Eth-Trunk interface that is added to the E-Trunk.
l Configure a working mode for a member global VE interface of an E-Trunk.
1. Run:
system-view
A working mode is configured for the global VE interface that is added to the E-Trunk.
----End
Prerequisites
An E-Trunk has been configured.
Procedure
l Run the display e-trunk etrunk-id command to check information about the E-Trunk.
l Run the display e-trunk bfd session command to check the binding between the dynamic
BFD session and E-Trunk.
----End
Example
l After an Eth-Trunk interface is added to an E-Trunk and a BFD session is manually created
and bound to the E-Trunk, run the display e-trunk command to view the E-Trunk priority,
system ID, source and destination IP addresses, switchback delay, master and backup status,
and E-Trunk description.
<HUAWEI> display e-trunk 1
The E-Trunk information
Run the display e-trunk bfd session all command to view the minimum intervals at which
BFD packets are sent and received, local BFD detection multiplier, and source and
destination IP addresses.
<HUAWEI> display e-trunk bfd session all
BFD session information for E-Trunk, Total BFD session(s): 1
---------------------------------------------------------------------
E-TRUNK-ID : 1
TX(ms) : 40 RX(ms) : 20 Multiplier : 8
LocalIP : 1.1.1.1 PeerIP : 2.2.2.2 BFD State : Up
Local Discriminator : 8195 Remote Discriminator : 8195
l After a global VE interface is added to an E-Trunk, run the display e-trunk command to
view the E-Trunk priority, E-Trunk member interface type, source and destination IP
addresses, timer values, and packet statistics.
<HUAWEI> display e-trunk 1
The E-Trunk information
E-TRUNK-ID : 1 Revert-Delay-Time (s) : 0
Priority : 100 System-ID : e024-7f04-28dd
Peer-IP : 2.2.2.2 Source-IP : 3.3.3.3
State : Master Causation : PRI
Send-Period (100ms) : 5 Fail-Time (100ms) : 15
Receive : 183257 Send : 183295
RecDrop : 0 SndDrop : 0
Peer-Priority : 200 Peer-System-ID : e024-7f04-28c9
Peer-Fail-Time (100ms) : 15 BFD-Session : -
Description : PE1_to_PE2
------------------------------------------------------------------------------
--
The Member information
Type ID LocalPhyState Work-Mode State Causation Remote-
ID
Global-VE 11 Up auto Master ETRUNK_MASTER 1
Context
NOTICE
Statistics cannot be restored after they are cleared. Exercise caution when running reset
commands.
Procedure
l Run the reset counters interface eth-trunk [ trunk-id ] command in the user view to clear
the statistics on an Eth-Trunk interface.
l Run the reset e-trunk packet-statistics [ e-trunk-id e-trunk-id ] command in the user view
to clear the statistics on an E-Trunk.
----End
Networking Requirements
As network services expand, the bandwidth provided by a single P2P physical link working in
full-duplex mode cannot meet the requirement.
The link aggregation technique can be used to configure Eth-Trunk interfaces to increase link
bandwidth and save IP addresses without deploying new hardware. If the two directly-connected
devices support LACP, Eth-Trunk interfaces working in static LACP mode can be configured
on the devices. Eth-Trunk interfaces working in static LACP mode exchange LACP packets to
determine active and inactive member interfaces. Traffic is transmitted over active links in load
balancing mode. If an active link fails, traffic transmitted over the link is automatically switched
to an available link, preventing service interruption. In addition, it is simple to configure Eth-
Trunk interfaces to work in static LACP mode.
As shown in Figure 3-15, the static LACP link aggregation groups are configured on two PEs
to increase bandwidth and reliability between the two devices.
Figure 3-15 Networking diagram for configuring Eth-Trunk interfaces to work in static LACP
mode
Eth-Trunk1 Eth-Trunk1
PE1 GE 1/0/1 GE 1/0/1 PE2
GE 1/0/2 Eth-Trunk GE 1/0/2
GE 1/0/3 GE 1/0/3
CE1 CE2
user user
network 1 network 2
Active links
Backup links
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l Device priorities
l Maximum number of active Eth-Trunk member interfaces
l Delay time for LACP preemption
l LACP priorities of active member interfaces
Procedure
Step 1 Create Eth-Trunk 1 and configure it to work in static LACP mode.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface eth-trunk 1
[PE1-Eth-Trunk1] mode lacp-static
[PE1-Eth-Trunk1] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface eth-trunk 1
[PE2-Eth-Trunk1] mode lacp-static
[PE2-Eth-Trunk1] quit
Step 2 Configure the LACP system priority on PE1 to be 100, allowing PE1 to function as the LACP
active end.
[PE1] lacp priority 100
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1
[PE2-Gigabitethernet1/0/1] undo shutdown
[PE2-Gigabitethernet1/0/1] eth-trunk 1
[PE2-Gigabitethernet1/0/1] quit
[PE2] interface gigabitethernet 1/0/2
[PE2-Gigabitethernet1/0/2] undo shutdown
[PE2-Gigabitethernet1/0/2] eth-trunk 1
[PE2-Gigabitethernet1/0/2] quit
[PE2] interface gigabitethernet 1/0/3
[PE2-Gigabitethernet1/0/3] undo shutdown
[PE2-Gigabitethernet1/0/3] eth-trunk 1
[PE2-Gigabitethernet1/0/3] quit
NOTE
As PA1 is the active end, the maximum number of active member interfaces does not need to be configured
on PE2.
Step 5 Configure LACP preemption and the LACP preemption delay time.
# Configure PE1.
[PE1] interface eth-trunk 1
[PE1-Eth-Trunk1] lacp preempt enable
[PE1-Eth-Trunk1] lacp preempt delay 20
[PE1-Eth-Trunk1] quit
# Configure PE2.
[PE2] interface eth-trunk 1
[PE2-Eth-Trunk1] lacp preempt enable
[PE2-Eth-Trunk1] lacp preempt delay 20
[PE2-Eth-Trunk1] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1
[PE2-Gigabitethernet1/0/1] lacp priority 100
[PE2-Gigabitethernet1/0/1] quit
[PE2] interface gigabitethernet 1/0/2
[PE2-Gigabitethernet1/0/2] lacp priority 100
[PE2-Gigabitethernet1/0/2] quit
[PE2] interface gigabitethernet 1/0/3
[PE2-Gigabitethernet1/0/3] lacp priority 150
[PE2-Gigabitethernet1/0/3] quit
Partner:
-----------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo PortKey PortState
GigabitEthernet1/0/1 32768 00e0-fca6-7f85 32768 6145 2609 11111100
GigabitEthernet1/0/2 32768 00e0-fca6-7f85 32768 6146 2609 11111100
GigabitEthernet1/0/3 32768 00e0-fca6-7f85 32768 6147 2609
11110000
[PE2] display eth-trunk 1
Eth-Trunk1's state information is:
Local:
LAG ID: 1 WorkingMode: STATIC
Preempt Delay: 20 Hash arithmetic: According to MAC
System Priority: 32768 System ID: 00e0-fca6-7f85
Least Active-linknumber: 1 Max active-linknumber: 16
Operate status: up Number Of Up Port In Trunk: 2
---------------------------------------------------------------------------------
ActorPortName Status PortType PortPri PortNo PortKey PortState Weight
GigabitEthernet1/0/1 Selected 1GE 32768 6145 2609 11111100 1
GigabitEthernet1/0/2 Selected 1GE 32768 6146 2609 11111100 1
GigabitEthernet1/0/3 Unselect 1GE 32768 6147 2609 11100000 1
Partner:
------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo PortKey PortState
GigabitEthernet1/0/1 32768 00e0-fca8-0417 100 6145 2865 11111100
GigabitEthernet1/0/2 32768 00e0-fca8-0417 100 6146 2865 11111100
GigabitEthernet1/0/3 32768 00e0-fca8-0417 150 6147 2865 11110000
The preceding information indicates that the system priority of PE1 is 100, which is higher than
the system priority of PE2. GE 1/0/1 and GE 1/0/2 of the Eth-Trunk interface are in the Selected
state, and GE 1/0/3 of the Eth-Trunk interface is in the Unselect state. The links of GE1/0/1 and
GE1/0/2 are the M links that are used for load balancing, and the link of GE 1/0/3 is the N link
that functions as a backup link.
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
lacp priority 100
#
interface Eth-Trunk1
mode lacp-static
max active-linknumber 2
lacp preempt enable
lacp preempt delay 20
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 1
lacp priority 100
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 1
lacp priority 100
#
interface GigabitEthernet1/0/3
undo shutdown
eth-trunk 1
lacp priority 150
#
return
Networking Requirements
As network services expand, the bandwidth provided by a single P2P physical link working in
full-duplex mode cannot meet the requirement.
As shown in Figure 3-16, the links between the two NE80E/40Es (PE1 and PE2) need high
reliability and need to implement traffic load balancing.
Figure 3-16 Networking diagram for configuring Eth-Trunk interfaces to work in manual load
balancing mode
Eth-Trunk1 Eth-Trunk1
PE1 GE 1/0/1 GE 1/0/1 PE2
GE 1/0/2 Eth-Trunk GE 1/0/2
GE 1/0/3 GE 1/0/3
CE1 CE2
user user
network 1 network 2
Configuration Roadmap
The configuration roadmap is as follows:
By default, a created Eth-Trunk interface works in manual load balancing mode. Therefore, this mode does
not need to be configured. If the current work mode is not the manual load balancing mode, run the
mode command to change the working mode.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Create an Eth-Trunk interface on each PE.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface eth-trunk 1
[PE1-Eth-Trunk1] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface eth-trunk 1
[PE2-Eth-Trunk1] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1
[PE2-Gigabitethernet1/0/1] undo shutdown
[PE2-Gigabitethernet1/0/1] eth-trunk 1
[PE2-Gigabitethernet1/0/1] quit
[PE2] interface gigabitethernet 1/0/2
[PE2-Gigabitethernet1/0/2] undo shutdown
[PE2-Gigabitethernet1/0/2] eth-trunk 1
[PE2-Gigabitethernet1/0/2] quit
[PE2] interface gigabitethernet 1/0/3
[PE2-Gigabitethernet1/0/3] undo shutdown
[PE2-Gigabitethernet1/0/3] eth-trunk 1
[PE2-Gigabitethernet1/0/3] quit
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
interface Eth-Trunk1
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 1
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 1
#
interface GigabitEthernet1/0/3
undo shutdown
eth-trunk 1
#
return
Networking Requirements
As network services expand, higher network reliability is needed. An active link and a standby
link can be deployed to ensure non-stop traffic forwarding. The active link forwards traffic when
it functions properly. If the active link fails, the standby link takes over the traffic.
As shown in Figure 3-17, the intermediate device between PE1 and PE2 can receive Flush
packets. Active/standby links need to be deployed between PE1 and PE2 to ensure reliable traffic
transmission between them.
Figure 3-17 Networking diagram for configure an Eth-Trunk interface in manual 1:1 active/
standby mode
PE3
GE2/0/1 GE2/0/2
Act
ink iv
c ti ve l GE2/0/3 e li
nk
A
GE1/0/1 GE1/0/1
GE1/0/2 GE1/0/2
Bac GE2/0/3 nk
kup ku p li
link Bac
GE2/0/1 GE2/0/2
PE4
Configuration Roadmap
The configuration roadmap is as follows:
1. Create an Eth-Trunk interface on each PE and configure the interface to work in manual
1:1 active/standby mode.
2. Add member interfaces to each Eth-Trunk interface and specify the active member
interface.
3. Enable the sending of Flush packets.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Create Eth-Trunk 1 and configure it to work in manual 1:1 active/standby mode.
# Create an Eth-Trunk interface on PE1 and configure it to work in manual 1:1 active/standby
mode.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface eth-trunk 1
[PE1-Eth-Trunk1] portswitch
[PE1-Eth-Trunk1] mode manual backup
[PE1-Eth-Trunk1] quit
# Create an Eth-Trunk interface on PE2 and configure it to work in manual 1:1 active/standby
mode.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface eth-trunk 1
[PE2-Eth-Trunk1] portswitch
[PE2-Eth-Trunk1] mode manual backup
[PE2-Eth-Trunk1] quit
Step 2 Add member interfaces to each Eth-Trunk interface and specify the active member interface.
# Add GE 1/0/1 and GE 1/0/2 on PE1 to Eth-Trunk 1 and specify GE 1/0/1 to be the active
member interface.
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] eth-trunk 1
[PE1-GigabitEthernet1/0/1] port-master
[PE1-GigabitEthernet1/0/1] quit
[PE1] interface gigabitethernet 1/0/2
[PE1-GigabitEthernet1/0/2] undo shutdown
[PE1-GigabitEthernet1/0/2] eth-trunk 1
[PE1-GigabitEthernet1/0/2] quit
# Add GE 1/0/1 and GE 1/0/2 to Eth-Trunk 1 and specify GE 1/0/1 to be the active member
interface on PE2.
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] undo shutdown
[PE2-GigabitEthernet1/0/1] eth-trunk 1
[PE2-GigabitEthernet1/0/1] port-master
[PE2-GigabitEthernet1/0/1] quit
[PE2] interface gigabitethernet 1/0/2
[PE2-GigabitEthernet1/0/2] undo shutdown
[PE2-GigabitEthernet1/0/2] eth-trunk 1
[PE2-GigabitEthernet1/0/2] quit
# Configure PE3.
<HUAWEI> system-view
[HUAWEI] sysname PE3
[PE3] vlan 5
[PE3-vlan5] quit
# Configure PE4.
<HUAWEI> system-view
[HUAWEI] sysname PE4
[PE4] vlan 5
[PE4-vlan5] quit
Step 5 Enable the interfaces on the intermediate devices to receive control VLAN packets.
# Configure PE3.
[PE3] interface gigabitethernet 2/0/1
[PE3-GigabitEthernet2/0/1] undo shutdown
[PE3-GigabitEthernet2/0/1] portswitch
[PE3-GigabitEthernet2/0/1] port trunk allow-pass vlan 5
[PE3-GigabitEthernet2/0/1] quit
[PE3] interface gigabitethernet 2/0/2
[PE3-GigabitEthernet2/0/2] undo shutdown
[PE3-GigabitEthernet2/0/2] portswitch
[PE3-GigabitEthernet2/0/2] port trunk allow-pass vlan 5
[PE3-GigabitEthernet2/0/2] quit
[PE3] interface gigabitethernet 2/0/3
[PE3-GigabitEthernet2/0/3] undo shutdown
[PE3-GigabitEthernet2/0/3] portswitch
[PE3-GigabitEthernet2/0/3] port trunk allow-pass vlan 5
[PE3-GigabitEthernet2/0/3] quit
# Configure PE4.
[PE4] interface gigabitethernet 2/0/1
[PE4-GigabitEthernet2/0/1] undo shutdown
[PE4-GigabitEthernet2/0/1] portswitch
[PE4-GigabitEthernet2/0/1] port trunk allow-pass vlan 5
[PE4-GigabitEthernet2/0/1] quit
[PE4] interface gigabitethernet 2/0/2
[PE4-GigabitEthernet2/0/2] undo shutdown
[PE4-GigabitEthernet2/0/2] portswitch
[PE4-GigabitEthernet2/0/2] port trunk allow-pass vlan 5
[PE4-GigabitEthernet2/0/2] quit
[PE4] interface gigabitethernet 2/0/3
[PE4-GigabitEthernet2/0/3] undo shutdown
[PE4-GigabitEthernet2/0/3] portswitch
[PE4-GigabitEthernet2/0/3] port trunk allow-pass vlan 5
[PE4-GigabitEthernet2/0/3] quit
Step 6 Enable the interfaces on the intermediate devices to receive Flush packets.
# Configure PE3.
[PE3] interface gigabitethernet 2/0/1
[PE3-GigabitEthernet2/0/1] smart-link flush enable control-vlan 5
[PE3-GigabitEthernet2/0/1] quit
[PE3] interface gigabitethernet 2/0/2
[PE3-GigabitEthernet2/0/2] smart-link flush enable control-vlan 5
[PE3-GigabitEthernet2/0/2] quit
[PE3] interface gigabitethernet 2/0/3
[PE3-GigabitEthernet2/0/3] smart-link flush enable control-vlan 5
[PE3-GigabitEthernet2/0/3] quit
# Configure PE4.
# Check the link aggregation group of the PEs configured with the manual 1:1 active/standby
link aggregation In the following example, the display on PE1 is used. If the configuration is
correct, you can view the correct working mode and active and standby interfaces.
[PE1] display eth-trunk 1
Eth-Trunk1's state information is:
WorkingMode: BACKUP
WorkingState: Master
--------------------------------------------------------------------------------
PortName Slave/Master
GigabitEthernet1/0/1 M
GigabitEthernet1/0/2 S
# Check the configuration of the interfaces on the intermediate devices. In the following example,
the display on GE 2/0/1 of PE3 is used.
[PE3-GigabitEthernet2/0/1] display this
port trunk allow-pass vlan 5
smart-link flush enable control-vlan 5
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
vlan batch 5
#
interface Eth-Trunk1
portswitch
port trunk allow-pass vlan 5
mode manual backup
smart-link flush send vlan 5
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 1
port-master
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 1
#
return
interface Eth-Trunk1
portswitch
port trunk allow-pass vlan 5
mode manual backup
smart-link flush send vlan 5
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 1
port-master
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 1
#
return
return
Networking requirements
On a live network, many users lease only one link to carry their services, posing a risk of service
interruption. To improve service transmission reliability, a device must support board
redundancy.
On the network shown in Figure 3-18, a downstream CE is connected to a passive optical splitter
(POS). The POS changes one channel of optical signals to two channels, which then connect to
two different boards on an upstream PE. To implement board redundancy for the upstream PE,
you can configure an Eth-Trunk interface on the PE to work in inter-board interface standby
mode and add the interfaces on the two boards to the Eth-Trunk interface.
Figure 3-18 Configuring an Eth-Trunk interface to work in inter-board interface standby mode
Eth-Trunk
GE1/0/1
Master link
Backup link
CE Optical GE2/0/1 PE
splitter
Precautions
The interfaces to be added to an Eth-Trunk interface in inter-board interface standby mode must
reside on different boards.
Configuration Roadmap
The configuration roadmap is as follows:
1. Create an Eth-Trunk interface on the PE, configure the Eth-Trunk interface to work in inter-
board interface standby mode, and add Ethernet interfaces to the Eth-Trunk interface.
2. Specify the most reliable interface as the master interface of the Eth-Trunk interface on the
PE to improve link reliability.
Data Preparation
To complete the configuration, you need the following data:
l Eth-Trunk interface ID
l Eth-Trunk member interface type and number
Procedure
Step 1 Create an Eth-Trunk interface on the PE, configure the Eth-Trunk interface to work in inter-
board interface standby mode, and add Ethernet interfaces to the Eth-Trunk interface.
<HUAWEI> system-view
[HUAWEI] sysname PE
[PE] interface eth-trunk 10
[PE-Eth-Trunk10] mode manual port-standby
[PE-Eth-Trunk10] trunkport GigabitEthernet 1/0/1 2/0/1
[PE-Eth-Trunk10] quit
Step 2 Specify the master member interface of the Eth-Trunk interface on the PE.
[PE] interface gigabitethernet 1/0/1
[PE-GigabitEthernet1/0/1] undo shutdown
[PE-GigabitEthernet1/0/1] port-master
[PE-GigabitEthernet1/0/1] quit
[PE] interface gigabitethernet 2/0/1
[PE-GigabitEthernet2/0/1] undo shutdown
[PE-GigabitEthernet2/0/1] quit
----End
PE configuration file
#
sysname PE
#
interface Eth-Trunk10
portswitch
mode manual port-standby
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 10
port-master
#
interface GigabitEthernet2/0/1
undo shutdown
eth-trunk 10
#
return
address and 802.1Q encapsulation for every Eth-Trunk sub-interface, and configure associated
VLANs on them. Inter-VLAN communication can be implemented by using Layer 2 switches
and routers.
Networking Requirements
Users in different residential areas on different network segments require various services such
as Internet, IPTV, and VoIP services. The network administrator of each residential area
configures a VLAN for each service to simplify management. Currently, the same type of service
in different residential areas belongs to different VLANs. It is required that users in different
VLANs communicate with each other through load balanced links that provide higher bandwidth
to ensure high-quality communication.
As shown in Figure 3-19, CE1 is connected to the PE by using Eth-Trunk1, and CE2 is connected
to the PE by using Eth-Trunk2. Configure VLAN 10 on CE1 and VLAN 20 on CE2. Create Eth-
Trunk sub-interfaces on the PE to allow VLAN 10 and VLAN 20 to communicate through the
sub-interfaces.
Figure 3-19 Networking diagram for configuring VLANs to communicate through Eth-Trunk
sub-interfaces
Eth-Trunk1.1 Eth-Trunk2.1
CE1 Eth-Trunk1 10.10.1.10/24 10.10.2.10/24 Eth-Trunk2 CE2
GE1/0/1 GE1/0/1 GE2/0/1 GE1/0/1
VLAN10 VLAN20
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l Numbers of Eth-Trunk interfaces on CE1 and CE2, and member interfaces of each Eth-
Trunk interface
l Numbers of Eth-Trunk interfaces on the PE, and member interfaces of each Eth-Trunk
interface
l Numbers of Eth-Trunk sub-interfaces on the PE and associated VLANs
l IP addresses of Eth-Trunk sub-interfaces
Procedure
Step 1 Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
# Create Eth-Trunk 1 and configure the VLANs whose packets can pass through Eth-Trunk 1.
[CE1] interface eth-trunk 1
[CE1-Eth-Trunk1] portswitch
[CE1-Eth-Trunk1] port link-type trunk
[CE1-Eth-Trunk1] port trunk allow-pass vlan 10
[CE1-Eth-Trunk1] quit
# Create Eth-Trunk 2 and configure the VLANs whose packets can pass through Eth-Trunk 2.
[CE2] interface eth-trunk 2
[CE2-Eth-Trunk2] portswitch
[CE2-Eth-Trunk2] port link-type trunk
[CE2-Eth-Trunk2] port trunk allow-pass vlan 20
[CE2-Eth-Trunk2] quit
# Create Eth-Trunk 1.
[PE] interface eth-trunk 1
[PE-Eth-Trunk1] quit
# Configure the 802.1Q encapsulation on Eth-Trunk 1.1 and associate Eth-Trunk 1.1 with VLAN
10.
[PE-Eth-Trunk1.1] vlan-type dot1q 10
[PE-Eth-Trunk1.1] quit
# Create Eth-Trunk 2.
[PE] interface eth-trunk 2
[PE-Eth-Trunk2] quit
# Configure Eth-Trunk 2.1 to be encapsulated with 802.1Q and be associated with VLAN 20.
[PE-Eth-Trunk2.1] vlan-type dot1q 20
[PE-Eth-Trunk2.1] quit
Assign IP addresses on the same network segment with that of Eth-Trunk1.1 to the hosts in
VLAN 10. Specify the IP address 10.110.2.10/24 of Eth-Trunk 1.1 as the default gateway.
Assign IP addresses on the same network segment with that of Eth-Trunk 2.1 to the hosts in
VLAN 20. Specify the IP address 10.110.2.10/24 of Eth-Trunk 2.1 as the default gateway.
After the configurations are complete, PCs in VLAN 10 and VLAN 20 can successfully ping
each other.
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
interface Eth-Trunk1
portswitch
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 1
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 1
#
return
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 2
#
return
Networking Requirements
A CE is dual-homed to two UPEs through Eth-Trunk links in static LACP mode, and an mVRRP
backup group is configured between the UPEs and configured with the function for tracking the
status of physical interfaces.
As shown in Figure 3-20, initially, UPE1 was the master device and UPE2 was the backup
device. When the mVRRP backup group detected that the physical interface GE 1/0/4 on UPE1
went Down, a master/backup switchover occurred on the mVRRP backup group. The traffic,
however, was still interrupted. Analysis shows that traffic cannot be switched from the link
between the CE and UPE1 to the link between the CE to UPE2, causing traffic interruption.
To solve the problem, you can associate the Eth-Trunk interface in static LACP mode with the
mVRRP backup group configured between the UPEs.
Figure 3-20 Typical networking diagram for associating an Eth-Trunk interface in static LACP
mode with an mVRRP backup group
IP/MPLS
Core
Backup group 1
Virtual IP address:10.1.1.10
GE1/0/4 GE1/0/3 GE1/0/3 GE1/0/4
10.1.1.1/24 10.1.1.2/24
UPE1 UPE2
G mVRRP
GE1/0/1 E1 GE1/0/2
1
0/
/ 0/
/
E1
2
Eth-Trunk 20 Eth-Trunk 10 G Eth-Trunk 30
/3
GE
1/0
1/0
/4
GE
GE
1/0
/2
1/0
GE
/1
CE
VRRP-tracked interface
The association enables the status of the UPEs in the mVRRP backup group to determine the
status of the associated Eth-Trunk links.
l When UPE1 is the master device, the Eth-Trunk link between the CE and UPE1 is Up and
the Eth-Trunk link between the CE and UPE2 is Down.
l When UPE1 is the backup device, the Eth-Trunk link between the CE and UPE1 is Down
and the Eth-Trunk link between the CE and UPE2 is Up.
Precautions
l The IDs of Eth-Trunk interfaces to which GE interfaces on the CE, UPE1, and UPE2 are
added can be different.
Eth-Trunk interfaces must work in static LACP mode.
l An mVRRP backup group must be configured on directly-connected UPEs to implement
fast switchover in the VRRP backup group.
An mVRRP backup group ignores the event that an interface goes Down. When the
interface where the mVRRP backup group resides goes Down, the VRRP backup group
rapidly changes to Master but not Initialize.
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l Numbers of the Eth-Trunk interfaces in static LACP mode on the CE, UPE1, and UPE2
l Member interfaces of Eth-Trunk interfaces in static LACP mode
l ID and virtual IP address of the mVRRP backup group, and ID of the VRRP backup group
on the UPEs
l Priority of UPE1 in the VRRP backup group
Procedure
Step 1 Configure Eth-Trunk interfaces in static LACP mode and add GE interfaces to them.
NOTE
Ensure that the GE interfaces to be added to the Eth-Trunk interfaces in static LACP mode are Up. If a GE
interface is Down, run the undo shutdown command in the view of the GE interface.
# Configure UPE1.
<HUAWEI> system-view
[HUAWEI] sysname UPE1
[UPE1] interface Eth-Trunk 20
[UPE1-Eth-Trunk20] mode lacp-static
[UPE1-Eth-Trunk20] trunkport gigabitethernet 1/0/1 to 1/0/2
[UPE1-Eth-Trunk20] quit
# Configure UPE2.
<HUAWEI> system-view
[HUAWEI] sysname UPE2
[UPE2] interface Eth-Trunk 30
[UPE2-Eth-Trunk30] mode lacp-static
[UPE2-Eth-Trunk30] trunkport gigabitethernet 1/0/1 to 1/0/2
[UPE2-Eth-Trunk30] quit
After the preceding configurations are complete, you can run the display eth-trunk command
on the CE or UPEs to check whether the working mode of an Eth-Trunk interface is STATIC
and view the configurations of its member interfaces. Use the display on UPE1 as an example:
[UPE1] display eth-trunk 20
Eth-Trunk20's state information is:
Local:
LAG ID: 20 WorkingMode: STATIC
Preempt Delay: Disabled Hash arithmetic: According to flow
System Priority: 32768 System ID: 00e0-6923-4900
Least Active-linknumber: 1 Max Active-linknumber: 16
Operate status: up Number Of Up Port In Trunk: 2
--------------------------------------------------------------------------------
ActorPortName Status PortType PortPri PortNo PortKey PortState Weight
GigabitEthernet1/0/1 Selected 1GE 32768 257 5169 10111100 1
GigabitEthernet1/0/2 Selected 1GE 32768 258 5169 10111100 1
Partner:
--------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo PortKey PortState
GigabitEthernet1/0/1 32768 00e0-b94e-fb00 32768 257 2609 10111100
GigabitEthernet1/0/2 32768 00e0-b94e-fb00 32768 258 2609 10111100
l In this example, the keyword ignore-if-down must be configured when the mVRRP backup group is
being configured. When the interface where the mVRRP backup group resides goes Down, the status
of the VRRP backup group changes to Master but not Initialize.
If the keyword is not configured, and GE 1/0/3 on UPE1 goes Down, GE 1/0/3 on UPE2 also goes
Down. As a result, the status of VRRP configured on GE 1/0/3 of UPE2 changes from Backup to
Initialize, and therefore a master/slave switchover cannot be implemented in the mVRRP backup group.
l Except for a fault in UPE1, you are recommended not to run the shutdown command on GE 1/0/3 of
UPE1. Otherwise, the status of mVRRP backup group on both UPE1 and UPE2 becomes Master,
causing service interruption.
l In other scenarios, you are recommended not to configure the keyword ignore-if-down unless
otherwise stated. Otherwise, the VRRP state machine is inconsistent with that defined in the RFC file.
# Configure IP addresses for GE interfaces on UPE1 as described in Figure 3-20 and create
mVRRP backup group 1. Set the mVRRP backup group priority on UPE1 to 120, allowing UPE1
to function as the master device.
[UPE1] interface gigabitethernet 1/0/3
[UPE1-GigabitEthernet1/0/3] undo shutdown
[UPE1-GigabitEthernet1/0/3] ip address 10.1.10.1 255.255.255.0
[UPE1-GigabitEthernet1/0/3] vrrp vrid 1 virtual-ip 10.1.10.10
[UPE1-GigabitEthernet1/0/3] vrrp vrid 1 priority 120
[UPE1-GigabitEthernet1/0/3] admin-vrrp vrid 1 ignore-if-down
# Configure IP addresses for GE interfaces on UPE2 as described in Figure 3-20 and create
mVRRP backup group 1. Configure the mVRRP backup group priority on UPE2 to be the default
value, allowing UPE2 to function as the backup device.
[UPE2] interface gigabitethernet 1/0/3
[UPE2-GigabitEthernet1/0/3] undo shutdown
[UPE2-GigabitEthernet1/0/3] ip address 10.1.1.2 255.255.255.0
Step 3 Configure the function of tracking interface status for the mVRRP backup group.
# Configure UPE1.
[UPE1-GigabitEthernet1/0/3] vrrp vrid 1 track interface gigabitethernet1/0/1
reduced 40
[UPE1-GigabitEthernet1/0/3] vrrp vrid 1 track interface gigabitethernet1/0/2
reduced 40
[UPE1-GigabitEthernet1/0/3] vrrp vrid 1 track interface gigabitethernet1/0/4
reduced 40
[UPE1-GigabitEthernet1/0/3] quit
# Configure UPE2.
[UPE2-GigabitEthernet1/0/3] vrrp vrid 1 track interface gigabitethernet1/0/1
reduced 40
[UPE2-GigabitEthernet1/0/3] vrrp vrid 1 track interface gigabitethernet1/0/2
reduced 40
[UPE2-GigabitEthernet1/0/3] vrrp vrid 1 track interface gigabitethernet1/0/4
reduced 40
[UPE2-GigabitEthernet1/0/3] quit
After the preceding configurations are complete, you can run the display vrrp command on
UPE1 to check whether the status of UPE1 is Master or run the display vrrp command on UPE2
to check whether the status of UPE2 is Backup. In addition, you can view the type of the VRRP
backup group and the tracked member interface.
[UPE1] display vrrp
GigabitEthernet1/0/3 | Virtual Router 1
State : Master
Virtual IP : 10.1.10.10
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 0
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Config type : admin-vrrp
Backup-forward : disabled
Track IF : GigabitEthernet1/0/1 priority reduced : 40
IF State : UP
Track IF : GigabitEthernet1/0/2 priority reduced : 40
IF State : UP
Track IF : GigabitEthernet1/0/4 priority reduced : 40
IF State : UP
Config track link-bfd down-number : 0
[UPE2] display vrrp
GigabitEthernet1/0/3 | Virtual Router 1
State : Backup
Virtual IP : 10.1.10.10
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Config type : admin-vrrp
Backup-forward : disabled
Step 4 Associate the Eth-Trunk Interfaces in Static LACP Mode with the mVRRP backup group.
# Configure UPE1.
[UPE1] interface Eth-Trunk 20
[UPE1-Eth-Trunk20] lacp track vrrp vrid 1 interface gigabitethernet1/0/3
[UPE1-Eth-Trunk20] quit
# Configure UPE2.
[UPE2] interface Eth-Trunk 30
[UPE2-Eth-Trunk30] lacp track vrrp vrid 1 interface gigabitethernet1/0/3
[UPE2-Eth-Trunk30] quit
l Run the vrrp vrid 1 priority 140 command in the view of GE 1/0/3 on UPE2 to increase
the mVRRP backup group priority on UPE2. This allows UPE2 to become the master device
and UPE1 to become the backup device. Then, perform the following steps on UPEs:
– Run the display vrrp command on UPE1. The command output shows that UPE1 is the
backup device. Run the display interface eth-trunk command on UPE1. The command
output shows that the status of the Eth-Trunk link between the CE and UPE1 is Down.
[UPE1] display vrrp
GigabitEthernet1/0/3 | Virtual Router 1
State : Backup
Virtual IP : 10.1.10.10
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 140
Preempt : YES Delay Time : 0
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Config type : admin-vrrp
Backup-forward : disabled
Track IF : GigabitEthernet1/0/1 priority reduced : 40
IF State : UP
Track IF : GigabitEthernet1/0/2 priority reduced : 40
IF State : UP
Track IF : GigabitEthernet1/0/4 priority reduced : 40
IF State : UP
Config track link-bfd down-number : 0
[UPE1] display interface Eth-Trunk 20
Eth-Trunk20 current state : DOWN
Line protocol current state : DOWN
Description:HUAWEI, Eth-Trunk20 Interface
Route Port,Hash arithmetic : According to flow,Maximal BW: 2G, Current BW:
0M, T
– Run the display vrrp command on UPE2. The command output shows that UPE2 is the
master device. Run the display interface eth-trunk command on UPE2. The command
output shows that the status of the Eth-Trunk link between the CE and UPE2 is Up.
[UPE2] display vrrp
GigabitEthernet1/0/3 | Virtual Router 1
State : Master
Virtual IP : 10.1.10.10
PriorityRun : 140
PriorityConfig : 140
MasterPriority : 140
Preempt : YES Delay Time : 0
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Config type : admin-vrrp
Backup-forward : disabled
Track IF : GigabitEthernet1/0/1 priority reduced : 40
IF State : UP
Track IF : GigabitEthernet1/0/2 priority reduced : 40
IF State : UP
Track IF : GigabitEthernet1/0/4 priority reduced : 40
IF State : UP
Config track link-bfd down-number : 0
[UPE2] display interface Eth-Trunk 30
Eth-Trunk30 current state : UP
Line protocol current state : DOWN
Description:HUAWEI, Eth-Trunk30 Interface
Route Port,Hash arithmetic : According to flow,Maximal BW: 2G, Current BW:
2G,
The Maximum Transmit Unit is 1500
Internet protocol processing : disabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is
00e0-4c45-3500
Physical is ETH_TRUNK
Current system time: 2010-08-29 20:35:08
QoS max-bandwidth : 0 Kbps
Output queue : (Urgent queue : Size/Length/Discards) 0/50/0
Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0
Output queue : (FIFO queue : Size/Length/Discards) 0/256/0
l Run the shutdown command on the member interface GE 1/0/1 of the Eth-Trunk interface
on UPE2 to simulate the fault that a member interface goes Down. Then, perform the
following steps on the UPEs:
– Run the display vrrp command on UPE2. The command output shows that UPE2 changes
from master to backup and the tracked interface goes Down. Run the display interface
eth-trunk command on UPE2. The command output shows that the Eth-Trunk link
between the CE and UPE2 goes Down.
[UPE2] display vrrp
GigabitEthernet1/0/3 | Virtual Router 1
State : Backup
Virtual IP : 10.1.10.10
PriorityRun : 100
PriorityConfig : 140
MasterPriority : 120
Preempt : YES Delay Time : 0
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Config type : admin-vrrp
Backup-forward : disabled
Track IF : GigabitEthernet1/0/1 priority reduced : 40
IF State : DOWN
Track IF : GigabitEthernet1/0/2 priority reduced : 40
IF State : UP
Track IF : GigabitEthernet1/0/4 priority reduced : 40
IF State : UP
Config track link-bfd down-number : 0
[UPE2] display interface Eth-Trunk 30
Eth-Trunk30 current state : DOWN
Line protocol current state : DOWN
Description:HUAWEI, Eth-Trunk30 Interface
Route Port,Hash arithmetic : According to flow,Maximal BW: 2G, Current BW:
0M,
The Maximum Transmit Unit is 1500
Internet protocol processing : disabled
– Run the display vrrp command on UPE1. The command output shows that UPE1 changes
from backup to master. Run the display interface eth-trunk command on UPE1. The
command output shows that the Eth-Trunk link between the CE and UPE1 goes Up.
[UPE1] display vrrp
GigabitEthernet1/0/3 | Virtual Router 1
State : Master
Virtual IP : 10.1.10.10
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 0
TimerRun : 1
TimerConfig : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Config type : admin-vrrp
Backup-forward : disabled
Track IF : GigabitEthernet1/0/1 priority reduced : 40
IF State : UP
Track IF : GigabitEthernet1/0/2 priority reduced : 40
IF State : UP
Track IF : GigabitEthernet1/0/4 priority reduced : 40
IF State : UP
Config track link-bfd down-number : 0
[UPE1] display interface Eth-Trunk 20
Eth-Trunk20 current state : UP
Line protocol current state : DOWN
Description:HUAWEI, Eth-Trunk20 Interface
Route Port,Hash arithmetic : According to flow,Maximal BW: 2G, Current BW: 2G,
The Maximum Transmit Unit is 1500
Internet protocol processing : disabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-6923-4900
Physical is ETH_TRUNK
Current system time: 2010-08-29 20:37:18
QoS max-bandwidth : 0 Kbps
Output queue : (Urgent queue : Size/Length/Discards) 0/50/0
----End
Configuration Files
l Configuration file of the CE
#
sysname CE
#
interface Eth-Trunk10
mode lacp-static
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 10
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 10
#
interface GigabitEthernet1/0/3
undo shutdown
eth-trunk 10
#
interface GigabitEthernet1/0/4
undo shutdown
eth-trunk 10
#
return
undo shutdown
eth-trunk 20
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.1.10.1 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.10.10
admin-vrrp vrid 1 ignore-if-down
vrrp vrid 1 priority 120
vrrp vrid 1 track interface GigabitEthernet1/0/1 reduced 40
vrrp vrid 1 track interface GigabitEthernet1/0/2 reduced 40
vrrp vrid 1 track interface GigabitEthernet1/0/4 reduced 40
#
return
Networking Requirements
Establishing an Eth-Trunk between a CE and a PE can effective improve the reliability and
bandwidth utilization of the link between the CE and the PE. The Eth-Trunk on the PE, however,
can be bound to only one VLL. Therefore, the VCs between PEs cannot be effectively used, that
is, the utilization of the bandwidths of the network between the CEs cannot be increased.
After a link aggregation group between the CEs is configured, that is, the Eth-Trunk between
the CEs crosses VLLs, the interfaces connecting PEs and CEs do not need to be added to the
Eth-Trunk and can be added to different VLLs. LACP packets can be transparently transmitted
over VLLs, and the transparent transmission paths do not interfere with each other. The Eth-
Trunk status of the CEs is therefore ensured. In this manner, the bandwidth utilization and
reliability of the link between the CEs are improved.
As shown in Figure 3-21, CE1 and CE2 communicate through Eth-Trunk interfaces in static
LACP mode over a VLL network in Martini mode. The Eth-Trunk interface on CE1 has two
member interfaces, which are connected to two interfaces on PE1 at the user side. Another two
interfaces on PE1 at the network side are bound to different VLLs. That is, GE 1/0/0 on PE1 is
bound to VLL1 and GE 1/0/1 is bound to VLL2. Member interfaces of the Eth-Trunk interface
on CE2 are connected to GE 2/0/0s on PE2 and PE3. GE 2/0/0 on PE2 is bound to VLL1 and
GE 2/0/0 on PE3 is bound to VLL2.
It is required that LACP packets be transparently transmitted over the VLL network to maintain
Eth-Trunk interfaces on CE1 and CE2 and untagged Layer 2 packets be transparently transmitted
from CE1 to CE2.
Figure 3-21 Example for configuring Eth-Trunk interfaces in static LACP mode to communicate
over a VLL network
P1 PE2
Loopback4 Loopback2
GE2/0/0 Eth-Trunk1
Eth-Trunk1 Loopback1 GE2/0/0
GE1/0/0
GE1/0/0 GE1/0/0 GE2/0/0 GE1/0/0 GE1/0/0
Loopback5 Loopback3
CE1 GE1/0/1 GE1/0/1 GE2/0/1 GE1/0/0
PE1 CE2
GE1/0/0 GE2/0/0 GE2/0/0 GE1/0/1
P2 PE3
Item Interface IP Address
GE 2/0/1 10.1.3.1/24
Loopback1 1.1.1.9/32
Loopback2 2.2.2.9/32
Loopback3 3.3.3.9/32
P1 GE 1/0/0 10.1.1.2/24
GE 2/0/0 10.1.2.1/24
Loopback4 4.4.4.9/32
P2 GE 1/0/0 10.1.3.2/24
GE 2/0/0 10.1.4.1/24
Loopback5 5.5.5.9/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a routing protocol on the devices (PEs and the Ps) on the backbone network to
make them reachable to each other, and enable MPLS.
2. Use the default tunnel policy and set up LSPs to transmit user traffic.
3. Enable MPLS L2VPN on PEs and establish VCs.
4. Create Eth-Trunk interfaces on CEs and configure the Eth-Trunk interfaces to work in static
LACP mode.
Data Preparation
To complete the configuration, you need the following data:
l VLAN ID tagged with which packets can be transmitted on links between CEs
l Name of the remote peer of each PE
l ID of each VC
Procedure
Step 1 Configure CEs.
NOTE
You can configure either the same interface number or different interface numbers for Eth-Trunk interfaces
on CE1 and CE2.
Step 2 Configure an IGP on the MPLS backbone network (in this example, OSPF is used).
As shown in Figure 3-21, configure an IP address for each interface on PEs and P1. When
configuring OSPF, note that the 32-bit loopback addresses of PE1, PE2, PE3, P1, and P2, which
are used as LSR IDs, must be advertised.
After the configuration, OSPF neighbor relationships can be established between PE1, P1, and
PE2 and between PE1, P2, and PE3. By running the display ospf peer command, you can view
that OSPF neighbor relationships are Full. By running the display ip routing-table command,
you can view that PEs have learned loopback addresses from each other.
Step 3 Configure based MPLS functions and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] mpls
[PE1-GigabitEthernet2/0/0] mpls ldp
[PE1-GigabitEthernet2/0/0] quit
[PE1] interface gigabitethernet 2/0/1
[PE1-GigabitEthernet2/0/1] mpls
[PE1-GigabitEthernet2/0/1] mpls ldp
[PE1-GigabitEthernet2/0/1] quit
# Configure P1.
[P1] mpls lsr-id 4.4.4.9
[P1] mpls
[P1-mpls] quit
[P1] mpls ldp
[P1-mpls-ldp] quit
[P1] interface gigabitethernet 1/0/0
[P1-GigabitEthernet1/0/0] mpls
[P1-GigabitEthernet1/0/0] mpls ldp
[P1-GigabitEthernet1/0/0] quit
[P1] interface gigabitethernet 2/0/0
[P1-GigabitEthernet2/0/0] mpls
[P1-GigabitEthernet2/0/0] mpls ldp
[P1-GigabitEthernet2/0/0] quit
# Configure P2.
[P2] mpls lsr-id 5.5.5.9
[P2] mpls
[P2-mpls] quit
[P2] mpls ldp
[P2-mpls-ldp] quit
[P2] interface gigabitethernet 1/0/0
[P2-GigabitEthernet1/0/0] mpls
[P2-GigabitEthernet1/0/0] mpls ldp
[P2-GigabitEthernet1/0/0] quit
[P2] interface gigabitethernet 2/0/0
[P2-GigabitEthernet2/0/0] mpls
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] mpls
[PE2-GigabitEthernet1/0/0] mpls ldp
[PE2-GigabitEthernet1/0/0] quit
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.9
[PE3] mpls
[PE3-mpls] quit
[PE3] mpls ldp
[PE3-mpls-ldp] quit
[PE3] interface gigabitethernet 1/0/0
[PE3-GigabitEthernet1/0/0] mpls
[PE3-GigabitEthernet1/0/0] mpls ldp
[PE3-GigabitEthernet1/0/0] quit
Step 4 Establish remote LDP sessions between PE1 and PE2 and between PE1 and PE3.
# Configure PE1.
[PE1] mpls ldp remote-peer 2.2.2.9
[PE1-mpls-ldp-remote-2.2.2.9] remote-ip 2.2.2.9
[PE1-mpls-ldp-remote-2.2.2.9] quit
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
# Configure PE3.
[PE3] mpls ldp remote-peer 1.1.1.9
[PE3-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE3-mpls-ldp-remote-1.1.1.9] quit
After the configuration, run the display mpls ldp session command on PE1 to view information
about LDP sessions. You can view that both remote LDP sessions have been established.
On PE1, check information about L2VPN connections. You can view that two L2VCs have been
created and are in the Up state.
In this case, untagged Layer 2 packets can be transparently transmitted from CE1 to CE2.
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
lacp priority 100
#
interface GigabitEthernet1/0/0
undo shutdown
eth-trunk 1
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 1
#
interface Eth-Trunk1
portswitch
port default vlan 10
mode lacp-static
#
return
l Configuration file of P1
#
sysname P1
#
mpls lsr-id 4.4.4.9
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.1.2.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack4
ip address 4.4.4.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
#
return
l Configuration file of P2
#
sysname P2
#
mpls lsr-id 5.5.5.9
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.3.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.1.4.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack5
ip address 5.5.5.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 5.5.5.9 0.0.0.0
network 10.1.3.0 0.0.0.255
network 10.1.4.0 0.0.0.255
#
return
undo shutdown
mpls l2vc 1.1.1.9 101
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.2.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack2
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.2.0 0.0.0.255
#
return
Networking Requirements
A CE is dual-homed to PEs on a Virtual Private LAN Service (VPLS) network through respective
Eth-Trunk interfaces in static LACP mode. The CE initially communicates with remote devices
on the VPLS network through the active PE.
As shown in Figure 3-22, if the Eth-Trunk link between the CE and PE1 or PE1 becomes faulty,
the CE cannot communicate with PE1. To prevent service interruption, you can configure an E-
Trunk on PE1 and PE2. When the Eth-Trunk link between the CE and PE1 or PE1 becomes
faulty, the traffic from the CE to PE1 can be sent to PE2. This allows the CE to communicate
with remote devices on the VPLS network. When the Eth-Trunk link between the CE and PE1
or PE1 is restored, traffic is switched back to PE1. E-Trunk implements backup between PE1
and PE2, which improves network reliability.
Figure 3-22 Networking diagram for configuring an E-Trunk associated with VPLS
Loopback1
1.1.1.9/32
PE1
GE1/0/1
0 172.16.1.1/24
n k1 2
u /
t h-T r 1/0
E E
G
E-Trunk 1
GE1/0/1 VPLS
CE
Eth-Trunk 20
GE1/0/2
GE
Eth 1/0
-Tr /1
un GE1/0/2
k1
0 192.168.1.2/24
PE2
Loopback2
2.2.2.9/32
E-Trunk is an extension to the link aggregation control protocol (LACP), which implements
inter-device link aggregation. Unlike LACP that provides board-level reliability, E-Trunk
provides device-level reliability.
E-Trunk is used to perform link protection in the networking where a CE is dual-homed to two
PEs on a VPLS, Virtual Leased Line (VLL), or Pseudo-Wire Emulation Edge to Edge (PWE3)
network, and protect traffic when a PE becomes faulty.
Configuration Roadmap
The configuration roadmap is as follows:
a. Enable an interior gateway protocol (IGP) on the backbone network to allow devices
on the backbone network to communicate with each other.
b. Enable basic multiprotocol label switching (MPLS) functions, and set up an label
switched path (LSP) between PEs.
c. Enable MPLS L2VPN on each PE.
d. Create virtual switching instances (VSI) and configure them.
2. Configure an E-Trunk:
a. On the CE, create an Eth-Trunk interface between the CE and PE1 and between the
CE and PE2. Configure the Eth-Trunk interfaces to work in static LACP mode. Add
member interfaces to the Eth-Trunk interfaces.
b. Create an E-Trunk between PE1 and PE2, and add the Eth-Trunk interfaces in static
LACP mode to the E-Trunk.
c. Configure the E-Trunk attributes:
l Priorities of the E-Trunk
l System ID and LACP priority of the E-Trunk
l Period for sending Hello packets by the E-Trunk
l Time multiplier for detecting Hello packets by the E-Trunk
l Descriptions of the E-Trunk.
l IP addresses of the local and peer ends of the E-Trunk
3. Verify the configuration.
Data Preparation
To complete the configuration, you need the following data:
l VSI IDs on each PE (VSI IDs on the PEs must be the same.)
l MPLS LSR ID of each PE
l Names of the VSIs on PE1 and PE2
l Interfaces to which VSIs are bound
l Priorities of the E-Trunk
l System ID and LACP priority of the E-Trunk
l Interface numbers and working mode of the Eth-Trunk interfaces
l Local and peer IP addresses
l Period for sending Hello packets and time multiplier for detecting Hello packets
Procedure
Step 1 Configure VPLS.
1. Configure an IGP on the MPLS backbone network. The Open Shortest Path First (OSPF)
protocol is used as the IGP protocol in this example.
Assign an IP address to each member interface on each PE as shown in Figure 3-22. After
OSPF is enabled, the 32-bit loopback address of each PE must be advertised.
# Configure PE1.
<HUAWEI> system-view
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 2.2.2.9 255.255.255.255
[PE2-LoopBack1] quit
[PE2] interface gigabitethernet 1/0/2
[PE2-GigabitEthernet1/0/2] undo shutdown
[PE2-GigabitEthernet1/0/2] ip address 192.168.1.2 255.255.255.0
[PE2-GigabitEthernet1/0/2] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
After the configuration is complete, PE1and PE2 can discover IP routes of the peer
loopback1 by OSPF. The IP addresses in these routes can ping each other.
[PE1] ping 2.2.2.9
PING 2.2.2.9: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.9: bytes=56 Sequence=1 ttl=255 time=260 ms
Reply from 2.2.2.9: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 2.2.2.9: bytes=56 Sequence=3 ttl=255 time=50 ms
Reply from 2.2.2.9: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 2.2.2.9: bytes=56 Sequence=5 ttl=255 time=60 ms
2. Enable basic MPLS functions and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] mpls
[PE1-GigabitEthernet1/0/1] mpls ldp
[PE1-GigabitEthernet1/0/1] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
After the preceding configurations are complete, LDP sessions are set up between the PEs.
Run the display mpls ldp session command and you can see that the Status field displays
Operational.
Use the display on PE1 as an example:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Passive 000:00:00 1/1
------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.
[PE1] display mpls ldp lsp
LDP LSP Information
------------------------------------------------------------------------------
----------------------
DestAddress/Mask In/OutLabel NextHop OutInterface UpstreamPeer
------------------------------------------------------------------------------
----------------------
1.1.1.9/32 3/NULL 127.0.0.1 InLoop0 2.2.2.9
*1.1.1.9/32 Liberal DS/2.2.2.9
2.2.2.9/32 NULL/3 192.168.1.2 GE1/0/1 -
2.2.2.9/32 1024/3 192.168.1.2 GE1/0/1/ 2.2.2.9
------------------------------------------------------------------------------
----------------------
TOTAL: 3 Normal LSP(s) Found.
TOTAL: 1 Liberal LSP(s) Found.
A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale
A '*' before a UpstreamPeer means the session is in GR state
NOTE
If PEs are indirectly connected, run the mpls ldp remote-peer and remote-ip commands to set up
remote LDP sessions between the PEs.
3. Enable MPLS L2VPN on each PE.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
4. Create VSIs and specify LDP as the signaling protocol for the VSIs.
# Configure PE1.
[PE1] vsi ldp1 static
[PE1-vsi-ldp1] pwsignal ldp
[PE1-vsi-ldp1-ldp] vsi-id 2
[PE1-vsi-ldp1-ldp] peer 2.2.2.9
[PE1-vsi-ldp1-ldp] mac-withdraw enable
# Configure PE2.
[PE2] vsi ldp1 static
[PE2-vsi-ldp1] pwsignal ldp
[PE2-vsi-ldp1-ldp] vsi-id 2
[PE2-vsi-ldp1-ldp] peer 1.1.1.9
[PE2-vsi-ldp1-ldp] mac-withdraw enable
[PE2-vsi-ldp1-ldp] interface-status-change mac-withdraw enable
[PE2-vsi-ldp1-ldp] quit
[PE2-vsi-ldp1] ignore-ac-state
[PE2-vsi-ldp1] quit
NOTICE
The ignore-ac-state command is configured to prevent VSI status from being affected by
the Attachment Circuit (AC) status. After the configuration is complete, a VSI is still Up
even though no AC is associated with the VSI. Exercise caution when running this
command.
# Configure PE2.
[PE2] interface Eth-Trunk 10
[PE2-Eth-Trunk10] quit
[PE2] interface Eth-Trunk 10.1
[PE2-Eth-Trunk10.1] vlan-type dot1q 1
[PE2-Eth-Trunk10.1] l2 binding vsi ldp1
[PE2-Eth-Trunk10.1] undo shutdown
[PE2-Eth-Trunk10.1] quit
# Configure PE2.
[PE2] interface eth-trunk 10
[PE2-Eth-Trunk10] mode lacp-static
[PE2-Eth-Trunk10] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] undo shutdown
[PE2-GigabitEthernet1/0/1] eth-trunk 10
[PE2-GigabitEthernet1/0/1] quit
3. Create an E-Trunk between PE1 and PE2, and add Eth-Trunk 10 in static LACP mode to
the E-Trunk.
# Configure PE1.
[PE1] e-trunk 1
[PE1-e-trunk-1] quit
[PE1] interface eth-trunk 10
[PE1-Eth-Trunk10] e-trunk 1
[PE1-Eth-Trunk10] quit
# Configure PE2.
[PE2] e-trunk 1
[PE2-e-trunk-1] quit
[PE2] interface eth-trunk 10
[PE2-Eth-Trunk10] e-trunk 1
[PE2-Eth-Trunk10] quit
# Configure PE2.
[PE2] e-trunk 1
[PE2-e-trunk-1] priority 20
[PE2-e-trunk-1] quit
# Configure PE2.
[PE2] lacp e-trunk priority 1
[PE2] lacp e-trunk system-id 00E0-FC00-0000
The LACP priorities and system IDs on the devices in the same E-Trunk must be the
same.
l Configure the period for sending Hello packets by the E-Trunk.
# Configure PE1.
[PE1-e-trunk-1] timer hello 9
# Configure PE2.
[PE2-e-trunk-1] timer hello 9
l Configure the time multiplier for detecting Hello packets by the E-Trunk.
# Configure PE1.
[PE1] e-trunk 1
[PE1-e-trunk-1] timer hold-on-failure multiplier 30
# Configure PE2.
[PE2] e-trunk 1
[PE2-e-trunk-1] timer hold-on-failure multiplier 30
# Configure PE2.
[PE2-e-trunk-1] description PE2_to_PE1
5. Configure IP addresses for the local and peer ends of the E-Trunk.
# Configure PE1.
[PE1-e-trunk-1] peer-address 192.168.1.2 source-address 172.16.1.1
[PE1-e-trunk-1] quit
# Configure PE2.
[PE2-e-trunk-1] peer-address 172.16.1.1 source-address 192.168.1.2
[PE2-e-trunk-1] quit
The IP addresses of the local and peer ends of a BFD session must be the same as that
of the E-Trunk.
# Configure PE2.
[PE2] bfd
[PE2-bfd] quit
# Configure PE2.
[PE2] e-trunk 1
[PE2-e-trunk-1] e-trunk track bfd-session session-name hello
[PE2-e-trunk-1] quit
After the preceding configurations are complete, run the display bfd session all
verbose command on PE1 and PE2. The command output shows that the BFD session
has been created and is in the Up state.
Use the display on PE1 as an example:
[PE1] display bfd session all verbose
---------------------------------------------------------------------------
-----
Session MIndex : 256 (Multi Hop) State : Up Name : hello
---------------------------------------------------------------------------
-----
Local Discriminator : 1 Remote Discriminator : 2
Session Detect Mode : Asynchronous Mode Without Echo Function
BFD Bind Type : Peer IP Address
Bind Session Type : Static
Bind Peer IP Address : 192.168.1.2
Bind Interface : -
Bind Source IP Address : 172.16.1.1
FSM Board Id : 1 TOS-EXP : 7
Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000
Actual Tx Interval (ms): - Actual Rx Interval (ms): -
Local Detect Multi : 3 Detect Interval (ms) : -
Echo Passive : Disable Acl Number : -
Destination Port : 3784 TTL : 254
Proc Interface Status : Disable Process PST :
Disable
WTR Interval (ms) : - Local Demand Mode :
Disable
Last Local Diagnostic : No Diagnostic
Bind Application : E-TRUNK
Session TX TmrID : - Session Detect TmrID : -
Session Init TmrID : - Session WTR TmrID : -
Session Echo Tx TmrID : -
PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0
Session Description : -
---------------------------------------------------------------------------
-----
Partner:
--------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo PortKey
PortState
GigabitEthernet1/0/1 1 00e0-fc00-0000 32768 129 2593
11111100
GigabitEthernet1/0/2 1 00e0-fc00-0000 32768 32896 2593
11010000
The command output on the CE shows that the member interfaces GE 1/0/1 and GE 1/0/2 are
in the Selected and Unselect state respectively.
# Run the display e-trunk command. You can view information about the E-Trunk.
[PE1] display e-trunk 1
The E-Trunk information
E-TRUNK-ID : 1 Revert-Delay-Time (s) : 120
Priority : 10 System-ID : 00e0-0f74-eb00
Peer-IP : 192.168.1.2 Source-IP : 172.16.1.1
State : Master Causation : PRI
Send-Period (100ms) : 9 Fail-Time (100ms) : 27
Receive : 41 Send : 42
RecDrop : 0 SndDrop : 0
Peer-Priority : 20 Peer-System-ID : 00e0-3b6c-6100
Peer-Fail-Time (100ms) : 27 BFD-Session : 1
Description : PE1_to_PE2
--------------------------------------------------------------------------------
The Member information
Type ID LocalPhyState Work-Mode State Causation
Eth-Trunk 10 Up auto Master PEER_MEMBER_DOWN
[PE2] display e-trunk 1
The E-Trunk information
E-TRUNK-ID : 1 Revert-Delay-Time (s) : 120
Priority : 20 System-ID : 00e0-3b6c-6100
Peer-IP : 172.16.1.1 Source-IP : 192.168.1.2
State : Backup Causation : PRI
Send-Period (100ms) : 9 Fail-Time (100ms) : 27
Receive : 43 Send : 42
RecDrop : 3 SndDrop : 0
Peer-Priority : 10 Peer-System-ID : 00e0-0f74-eb00
Peer-Fail-Time (100ms) : 27 BFD-Session : 2
Description : PE2_to_PE1
--------------------------------------------------------------------------------
The Member information
Type ID LocalPhyState Work-Mode State Causation
Eth-Trunk 10 Down auto Backup PEER_MEMBER_UP
The command output shows that the E-Trunk priority on PE1 is 10 and the status of the E-Trunk
on PE1 is master, and the E-Trunk priority on PE2 is 20, and the status of the E-Trunk on PE2
is backup. This implements link backup between PE1 and PE2.
# Run the display vsi name ldp1 verbose command. You can view information about PWs.
VSI ID : 2
LDP MAC-WITHDRAW : Interface-status-change Enable
*Peer Router ID : 2.2.2.9
VC Label : 19456
Peer Type : dynamic
Session : up
Tunnel ID : 0x801002
Broadcast Tunnel ID : 0x801002
CKey : 2
NKey : 1
StpEnable : 0
PwIndex : 0
**PW Information:
The preceding information indicates that a PW is set up between the PE1 and PE2 in the VSI
named ldp1, the VSI and PW are all Up, and the Eth-Trunk sub-interface to which the VSI is
bound is also Up.
----End
Configuration Files
l Configuration file of the CE
#
sysname CE
#
vlan batch 1
#
interface Eth-Trunk20
portswitch
port default vlan 1
port trunk allow-pass vlan 1
mode lacp-static
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 20
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 20
#
return
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 10
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bfd hello bind peer-ip 192.168.1.2 source-ip 172.16.1.1
discriminator local 1
discriminator remote 2
commit
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 172.16.1.0 0.0.0.255
#
e-trunk 1
priority 10
peer-address 192.168.1.2 source-address 172.16.1.1
timer hello 9
e-trunk track bfd-session session-name hello
#
return
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 192.168.1.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bfd hello bind peer-ip 172.16.1.1 source-ip 192.168.1.2
discriminator local 2
discriminator remote 1
commit
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 192.168.1.0 0.0.0.255
#
e-trunk 1
priority 20
peer-address 172.16.1.1 source-address 192.168.1.2
timer hello 9
e-trunk track bfd-session session-name hello
#
return
Networking Requirements
A CE is dual-homed to PE1 and PE2 on a Pseudo-Wire Emulation Edge to Edge (PWE3) network
through respective Eth-Trunk interfaces in static LACP mode.
As shown in Figure 3-23, CE1 initially communicates with remote devices on the PWE3
network through PE1. If the Eth-Trunk link between CE1 and PE1 or PE1 becomes faulty, CE1
cannot communicate with PE1. To prevent service interruption, E-Trunk can be configured on
PE1 and PE2. When the Eth-Trunk link between CE1 and PE1 or PE1 becomes faulty, this
configuration allows the traffic from CE1 to PE1 to be sent to PE2. This allows CE1 to
communicate with remote devices on the PWE3 network.
When the Eth-Trunk link between CE1 and PE1 or PE1 is restored, traffic is switched back to
PE1. E-Trunk implements backup between PE1 and PE2, which improves network reliability.
GE1/0/3
GE1/0/2 10.1.3.2/24
Loopback0
GE1/0/1 PE1 GE1/0/1 3.3.3.3/32
10.1.4.1/24
GE1/0/1 GE1/0/3
CE1 Eth-Trunk20 10.1.3.1/24 10.1.1.1/24
GE1/0/1 GE1/0/3
GE1/0/2 10.1.4.2/24
PE2 GE1/0/2 PE3 CE2
10.1.2.1/24
GE1/0/3
GE1/0/2
10.1.2.2/24
Loopback0
2.2.2.2/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure PW redundancy:
a. Enable an interior gateway protocol (IGP) on the backbone network to allow devices
on the backbone network to communicate with each other.
b. Run a routing protocol to ensure connectivity of routers on the backbone network,
enable basic basic multiprotocol label switching (MPLS) functions, and set up an label
switched path (LSP) between PE1 and PE3 and between PE2 and PE3.
c. Configure LDP Fast Reroute (FRR) and IGP-LDP synchronization.
d. Enable MPLS L2VPN on PE1, PE2, and PE3.
e. Create an active Pseudo Wire (PW) between PE1 and PE3.
f. Create a standby PW between PE2 and PE3.
2. Configure an E-Trunk:
a. Create an Eth-Trunk between the CE and PE1 and between the CE and PE2
respectively, configure the Eth-Trunk interfaces to work in static LACP mode, and
add member interfaces to the Eth-Trunk interfaces.
b. Create an E-Trunk between PE1 and PE2, and add the Eth-Trunk interfaces in static
LACP mode to the E-Trunk.
c. Configure E-Trunk attributes:
l Priorities of the E-Trunk
l System ID and LACP priority of the E-Trunk
l Period for sending Hello packets by the E-Trunk
Data Preparation
To complete the configuration, you need the following data:
l MPLS LSR ID of each PE
l VC ID and VC type of each PE
l Priorities of the E-Trunk
l System ID and LACP priority of the E-Trunk
l Number and working mode of each Eth-Trunk interface
l Local and peer IP addresses
l Period for sending Hello packets and time multiplier for detecting Hello packets
Procedure
Step 1 Configure the MPLS backbone network.
1. Configure an IGP on the MPLS backbone network. The Open Shortest Path First (OSPF)
protocol is used as the IGP protocol in this example.
Assign an IP address to each member interface on each PE as shown in Figure 3-23. After
OSPF is enabled, the 32-bit loopback address of each PE must be advertised.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.1 255.255.255.255
[PE1-LoopBack0] quit
[PE1] interface gigabitethernet 1/0/3
[PE1-GigabitEthernet1/0/3] undo shutdown
[PE1-GigabitEthernet1/0/3] ip address 10.1.3.2 255.255.255.0
[PE1-GigabitEthernet1/0/3] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] ip address 10.1.4.1 255.255.255.0
[PE1-GigabitEthernet1/0/1] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 10.1.4.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 2.2.2.2 255.255.255.255
[PE2-LoopBack0] quit
[PE2] interface gigabitethernet 1/0/3
[PE2-GigabitEthernet1/0/3] undo shutdown
[PE2-GigabitEthernet1/0/3] ip address 10.1.2.2 255.255.255.0
[PE2-GigabitEthernet1/0/3] quit
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] undo shutdown
[PE2-GigabitEthernet1/0/1] ip address 10.1.4.2 255.255.255.0
[PE2-GigabitEthernet1/0/1] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 10.1.4.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Configure PE3.
<HUAWEI> system-view
[HUAWEI] sysname PE3
[PE3] interface loopback 0
[PE3-LoopBack0] ip address 3.3.3.3 255.255.255.255
[PE3-LoopBack0] quit
[PE3] interface gigabitethernet 1/0/1
[PE3-GigabitEthernet1/0/1] undo shutdown
[PE3-GigabitEthernet1/0/1] ip address 10.1.3.1 255.255.255.0
[PE3-GigabitEthernet1/0/1] quit
[PE3] interface gigabitethernet 1/0/2
[PE3-GigabitEthernet1/0/2] undo shutdown
[PE3-GigabitEthernet1/0/2] ip address 10.1.2.1 255.255.255.0
[PE3-GigabitEthernet1/0/2] quit
[PE3] ospf
[PE3-ospf-1] area 0
[PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE3-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[PE3-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255
[PE3-ospf-1-area-0.0.0.0] quit
[PE3-ospf-1] quit
After the preceding configurations are complete, PE1 and PE3, and PE2 and PE3 can learn
routes to interfaces loopback 0 from each other and can be pinged successfully.
Use the display on PE1 as an example:
[PE1] ping 3.3.3.3
PING 3.3.3.3: 56 data bytes, press CTRL_C to break
Reply from 3.3.3.3: bytes=56 Sequence=1 ttl=255 time=260 ms
Reply from 3.3.3.3: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 3.3.3.3: bytes=56 Sequence=3 ttl=255 time=50 ms
Reply from 3.3.3.3: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 3.3.3.3: bytes=56 Sequence=5 ttl=255 time=60 ms
2. Enable basic MPLS functions and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface gigabitethernet 1/0/3
[PE1-GigabitEthernet1/0/3] mpls
[PE1-GigabitEthernet1/0/3] mpls ldp
[PE1-GigabitEthernet1/0/3] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] mpls
[PE1-GigabitEthernet1/0/1] mpls ldp
[PE1-GigabitEthernet1/0/1] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface gigabitethernet 1/0/3
[PE2-GigabitEthernet1/0/3] mpls
[PE2-GigabitEthernet1/0/3] mpls ldp
[PE2-GigabitEthernet1/0/3] quit
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] mpls
[PE2-GigabitEthernet1/0/1] mpls ldp
[PE2-GigabitEthernet1/0/1] quit
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3
[PE3] mpls
[PE3-mpls] quit
[PE3] mpls ldp
[PE3-mpls-ldp] quit
[PE3] interface gigabitethernet 1/0/1
[PE3-GigabitEthernet1/0/1] mpls
[PE3-GigabitEthernet1/0/1] mpls ldp
[PE3-GigabitEthernet1/0/1] quit
[PE3] interface gigabitethernet 1/0/2
[PE3-GigabitEthernet1/0/2] mpls
[PE3-GigabitEthernet1/0/2] mpls ldp
[PE3-GigabitEthernet1/0/2] quit
After the preceding configurations are complete, LDP sessions are set up between PE1 and
PE3, and between PE2 and PE3. Run the display mpls ldp session command and you can
see that the Status field displays Operational.
Use the display on PE1 as an example:
[PE1] display mpls ldp session
------------------------------------------------------------------------------
Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv
------------------------------------------------------------------------------
3.3.3.3:0 Operational DU Passive 000:00:13 23/21
2.2.2.2:0 Operational DU Passive 000:00:00 1/1
------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.
Configure PE2.
Configure PE3.
[PE3-GigabitEthernet1/0/1] ospf ldp-sync
[PE3-GigabitEthernet1/0/1] quit
[PE3] interface gigabitethernet1/0/2
[PE3-GigabitEthernet1/0/2] ospf ldp-sync
[PE3-GigabitEthernet1/0/2] quit
4. Configure remote MPLS LDP connections between PE1 and PE3, and between PE2 and
PE3.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
[PE1-mpls-ldp-remote-3.3.3.3] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 3.3.3.3
[PE2-mpls-ldp-remote-3.3.3.3] remote-ip 3.3.3.3
[PE2-mpls-ldp-remote-3.3.3.3] quit
# Configure PE3.
[PE3] mpls ldp remote-peer 1.1.1.1
[PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE3-mpls-ldp-remote-1.1.1.1] quit
[PE3] mpls ldp remote-peer 2.2.2.2
[PE3-mpls-ldp-remote-2.2.2.2] remote-ip 2.2.2.2
[PE3-mpls-ldp-remote-2.2.2.2] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
# Configure PE3.
[PE3] mpls l2vpn
[PE3-l2vpn] quit
# Configure PE2.
[PE2] interface Eth-Trunk 20
[PE2-Eth-Trunk20] portswitch
[PE2-Eth-Trunk20] mode user-termination
[PE2-Eth-Trunk20] mode lacp-static
[PE2-Eth-Trunk20] quit
[PE2] interface gigabitethernet 1/0/2
[PE2-GigabitEthernet1/0/2] undo shutdown
[PE2-GigabitEthernet1/0/2] eth-trunk 20
[PE2-GigabitEthernet1/0/2] quit
[PE2] interface Eth-Trunk 20.100
[PE2-Eth-Trunk20.100] control-vid 100 qinq-termination
[PE2-Eth-Trunk20.100] qinq termination pe-vid 100 ce-vid 100
[PE2-Eth-Trunk20.100] undo shutdown
[PE2-Eth-Trunk20.100] quit
3. Configure an E-Trunk between PE1 and PE2, and add the Eth-Trunk interfaces in static
LACP mode to the E-Trunk.
# Configure PE1.
[PE1] e-trunk 1
[PE1-e-trunk-1] quit
[PE1] interface eth-trunk 20
[PE1-Eth-Trunk20] e-trunk 1
# Configure the system ID for the Eth-trunk interface. The system IDs in the same E-Trunk
must be the same.
[PE1-Eth-Trunk20] quit
[PE1] lacp e-trunk system-id 0000-0000-0001
# Configure PE2.
[PE2] e-trunk 1
[PE2-e-trunk-1] quit
[PE2] interface eth-trunk 20
[PE2-Eth-Trunk20] e-trunk 1
[PE2-Eth-Trunk20] quit
[PE2] lacp e-trunk system-id 0000-0000-0001
# Configure PE2.
[PE2] e-trunk 1
[PE2-e-trunk-1] priority 20
[PE2-e-trunk-1] peer-address 1.1.1.1 source-address 2.2.2.2
[PE2-e-trunk-1] quit
# Configure PE2.
[PE2] lacp e-trunk priority 1
l Configure the time multiplier for detecting Hello packets by the E-Trunk.
# Configure PE1.
[PE1] e-trunk 1
[PE1-e-trunk-1] timer hold-on-failure multiplier 30
# Configure PE2.
[PE2] e-trunk 1
[PE2-e-trunk-1] timer hold-on-failure multiplier 30
# Configure PE2.
[PE2-e-trunk-1] timer hello 9
# Configure PE2.
[PE2-e-trunk-1] timer revert delay 0
[PE2-e-trunk-1] quit
# Configure PE2.
[PE2-e-trunk-1] description PE2_to_PE1
The IP addresses of the local and peer ends that are bound to a BFD session must be
the same as that of the E-Trunk.
# Configure PE2.
[PE2] bfd
[PE2-bfd] quit
[PE2] bfd hello bind peer-ip 1.1.1.1 source-ip 2.2.2.2
[PE2-bfd-session-hello] discriminator local 2
[PE2-bfd-session-hello] discriminator remote 1
[PE2-bfd-session-hello] commit
[PE2-bfd-session-hello] quit
# Configure PE2.
[PE2] e-trunk 1
[PE2-e-trunk-1] e-trunk track bfd-session session-name hello
[PE2-e-trunk-1] quit
After the preceding configurations are complete, run the display bfd session all
verbose command on PE1 and PE2. The command output shows that the BFD session
has been created and in the Up state.
Use the display on PE1 as an example:
[PE1] display bfd session all verbose
---------------------------------------------------------------------------
-----
Session MIndex : 256 (Multi Hop) State : Up Name : hello
---------------------------------------------------------------------------
-----
Local Discriminator : 1 Remote Discriminator : 2
Session Detect Mode : Asynchronous Mode Without Echo Function
BFD Bind Type : Peer IP Address
Bind Session Type : Static
Bind Peer IP Address : 2.2.2.2
Bind Interface : -
Bind Source IP Address : 1.1.1.1
FSM Board Id : 1 TOS-EXP : 7
Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000
Actual Tx Interval (ms): - Actual Rx Interval (ms): -
Local Detect Multi : 3 Detect Interval (ms) : -
Echo Passive : Disable Acl Number : -
Destination Port : 3784 TTL : 254
Proc Interface Status : Disable Process PST :
Disable
WTR Interval (ms) : - Local Demand Mode :
Disable
Last Local Diagnostic : No Diagnostic
Bind Application : E-TRUNK
# Configure PE1.
[PE1] interface Eth-Trunk20.100
[PE1-Eth-Trunk20.100] mpls l2vc 3.3.3.3 103
# Configure PE2.
[PE2] interface Eth-Trunk20.100
[PE2-Eth-Trunk20.100] mpls l2vc 3.3.3.3 203
# Configure PE3.
[PE3] interface GigabitEthernet1/0/3.100
[PE3-GigabitEthernet1/0/3.100] control-vid 100 qinq-termination
[PE3-GigabitEthernet1/0/3.100] qinq termination pe-vid 100 ce-vid 100
[PE3-GigabitEthernet1/0/3.100] mpls l2vc 1.1.1.1 103
[PE3-GigabitEthernet1/0/3.100] mpls l2vc 2.2.2.2 203 secondary
[PE3-GigabitEthernet1/0/3.100] mpls l2vpn redundancy independent
# Run the display eth-trunk command on CE1. You can view the configurations of the Eth-
Trunk interfaces.
[CE1] display eth-trunk 20
Eth-Trunk20's state information is:
Local:
LAG ID: 20 WorkingMode: STATIC
Preempt Delay: Disabled Hash arithmetic: According to flow
System Priority: 32768 System ID: 0018-82f7-c74c
Least Active-linknumber: 1 Max Active-linknumber: 16
Operate status: up Number Of Up Port In Trunk: 1
--------------------------------------------------------------------------------
ActorPortName Status PortType PortPri PortNo PortKey PortState
Weight
GigabitEthernet1/0/1 Selected 100M 32768 128 2593 11111100 1
GigabitEthernet1/0/2 Unselect 100M 32768 129 2593 11100010 1
Partner:
--------------------------------------------------------------------------------
ActorPortName SysPri SystemID PortPri PortNo PortKey
PortState
GigabitEthernet1/0/1 1 0000-0000-0001 32768 129 2593
11111100
GigabitEthernet1/0/2 1 0000-0000-0001 32768 32896 2593
11010000
The command output on CE1 shows that the member interfaces GE 1/0/1 and GE 1/0/2 are in
the Selected and Unselect state respectively.
# Run the display e-trunk command. You can view information about the E-Trunk.
[PE1] display e-trunk 1
The E-Trunk information
E-TRUNK-ID : 1 Revert-Delay-Time (s) : 0
The command output shows that the E-Trunk priority on PE1 is 10 and the status of the E-Trunk
on PE1 is master, and the E-Trunk priority on PE2 is 20 and the status of the E-Trunk on PE2
is backup. This implements link backup between PE1 and PE2.
# Run the display mpls l2vc brief command. You can view the status about the PWs.
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 1
#
interface Eth-Trunk20
portswitch
port trunk allow-pass vlan 100
mode lacp-static
#
interface GigabitEthernet1/0/1
undo shutdown
eth-trunk 20
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 20
#
return
interface GigabitEthernet1/0/1
undo shutdown
ip address 10.1.4.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/2
undo shutdown
eth-trunk 20
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
bfd hello bind peer-ip 2.2.2.2 source-ip 1.1.1.1
discriminator local 1
discriminator remote 2
commit
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.3.0 0.0.0.255
network 10.1.4.0 0.0.0.255
#
e-trunk 1
priority 10
peer-address 2.2.2.2 source-address 1.1.1.1
timer hello 9
timer hold-on-failure multiplier 3
timer revert delay 0
e-trunk track bfd-session session-name hello
#
return
ospf ldp-sync
mpls
mpls ldp
mpls ldp frr nexthop 10.1.2.2
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.2.1 255.255.255.0
ospf ldp-sync
mpls
mpls ldp
#
interface GigabitEthernet1/0/3.100
undo shutdown
control-vid 100 qinq-termination
qinq termination pe-vid 100 ce-vid 100
mpls l2vc 1.1.1.1 103
mpls l2vc 2.2.2.2 203 secondary
mpls l2vpn redundancy independent
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.1.2.0 0.0.0.255
network 10.1.3.0 0.0.0.255
#
return
4 VLAN Configuration
Virtual Local Area Networks (VLANs) have advantages of broadcast domain isolation, security
enhancement, flexible networking, and good extensibility.
After interface isolation in a VLAN is configured, interfaces in the VLAN cannot communicate
with each other. To have isolated interfaces communicate with each other, you need to configure
ARP proxy in the VLAN. In this manner, you can monitor traffic in the VLAN at Layer 3.
4.1.1 Introduction
The VLAN technology is important for forwarding on Layer 2 networks. This section describes
the background, functions, and advantages of the VLAN technology.
Overview of VLAN
The Ethernet technology is for sharing communication mediums and data based on the Carrier
Sense Multiple Access/Collision Detect (CSMA/CD). If there are a large number of PCs on an
Ethernet network, collision becomes a serious problem and can lead to broadcast storms. As a
result, network performance deteriorates. This can even cause the Ethernet network to become
unavailable. Switches can be used to interconnect local area networks (LANs). Switches forward
information received by inbound ports to specified outbound ports, thereby preventing access
collision in a shared medium. If no specified outbound port is found for information received
by an inbound port, the switch will forward the information from all ports except the inbound
port. This forms a broadcast domain.
To prevent broadcast domains from being too broad and causing problems, you can divide a
network into segments. In this manner, a large broadcast domain is divided into multiple small
broadcast domains to confine the possible scope of broadcast packets. Routers can be deployed
at the network layer to separate broadcast domains, but this method has disadvantages, which
include: complex network planning, inflexible networking, and high levels of expenditure. The
Virtual Local Area Network (VLAN) technology can divide a large Layer 2 network into
broadcast domains to prevent broadcast storms and protect network security.
Definition of VLAN
The VLAN technology is used to divide a physical LAN into multiple logical broadcast domains,
each of which is called a VLAN. Each VLAN contains a group of PCs that have the same
requirements. A VLAN has the same attributes as a LAN. PCs of a VLAN can be placed on
different LAN segments. If two PCs are located on one LAN segment but belong to different
VLANs, they do not broadcast packets to each other. With VLAN, the broadcast traffic volume
is reduced; fewer devices are required; network management is simplified; and network security
is improved.
Figure 4-1 shows a typical VLAN application. Three switches are placed in different locations,
for example, different stories of an office building. The VLAN technology allows enterprises to
share LAN facilities and ensures information security for each enterprise network.
Router
VLAN-A
VLAN-B
VLAN-C
IEEE 802.1Q is an Ethernet networking standard for a specified Ethernet frame format. It
adds a 32-bit field between the Source address and the Length/Type fields of the original
frame, as shown in Figure 4-3.
– Tag Protocol Identifier (TPID): a 16-bit field set to a value of 0x8100 in order to identify
the frame as an IEEE 802.1Q-tagged frame. If an 802.1Q-incapable device receives an
802.1Q frame, it will discard the frame.
– Priority (PRI): a 3-bit field which indicates the frame priority. The value ranges from 0
to 7. The greater the value, the higher the priority. These values can be used to prioritize
different classes of traffic to ensure that frames with high priorities are transmitted first
when traffic is heavy.
For details, see the NE80E/40E Configuration Guide - QoS.
– Canonical Format Indicator (CFI): a 1-bit field. If the value of this field is 1, the MAC
address is in the non-canonical format. If the value is 0, the MAC address is in the
canonical format. CFI is used to ensure compatibility between Ethernet networks and
Token Ring networks. It is always set to zero for Ethernet switches.
– VLAN Identifier (VID): a 12-bit field specifying the VLAN to which the frame belongs.
On the NE80E/40E, VLAN IDs range from 0 to 4095. The values 0 and 4095 are
reserved, and therefore VLAN IDs range from 1 to 4094.
Each frame sent by an 802.1Q-capable switch carries a VLAN ID. On a VLAN, Ethernet
frames are classified into the following types:
– Tagged frames: frames with 32-bits 802.1Q tags.
– Untagged frames: frames without 32-bits 802.1Q tags.
l Type of VLAN links
VLAN3 VLAN3
PC3 PC4
Access link
3
3 3
Trunk link Trunk link
2 2
CE1 PE CE2
2
Access link
PC1 PC2
VLAN2 VLAN2
As shown in Figure 4-4, there are the following types of VLAN links:
– Access link: connects a PC to a switch. Generally, a PC does not know which VLAN
it belongs to, and PC hardware cannot distinguish frames with VLAN tags. Therefore,
PCs send and receive only untagged frames.
– Trunk link: connects a switch to another switch or to a router. Data of different VLANs
are transmitted along a trunk link. The two ends of a trunk link must be able to distinguish
frames with VLAN tags. Therefore, only tagged frames are transmitted along trunk
links.
l Port types
Table 4-1 lists VLAN port types.
QinQ QinQ ports are enabled with the IEEE 802.1QinQ protocol. A QinQ port adds
port a tag to a single-tagged frame, and therefore supports a maximum of 4094 x
4094 VLAN tags, which meets the requirement of a Metropolitan Area
Network (MAN)for the number of VLANs.
For details about QinQ, see 5 QinQ Configuration.
Each access, hybrid, or QinQ port can be configured with a default VLAN, namely, the
port default VLAN ID (PVID) to specify the VLAN to which the port belongs.
– The PVID of an access port indicates the VLAN to which the port belongs.
– As a hybrid port can be added to multiple VLANs, the port must be configured with
PVIDs.
By default, a port is added to VLAN 0.
l Principle for data switching in a VLAN
Use the network shown in Figure 4-4 as an example. If PC 1 in VLAN 2 intends to send
data to PC 2, the data is forwarded as follows:
2. After the trunk port on PE receives the frame, the port checks whether the VLAN ID
carried in the frame is the same as that configured on the port. If the VLAN ID has
been configured on the port, the port transparently transmits the frame to CE 2. If the
VLAN ID is not configured on the port, the port discards the frame.
3. After a trunk port on CE 2 receives the frame, the system searches the MAC address
table for an outbound port which connects CE 2 to PC 2.
4. After the frame is sent to the access port connecting CE 2 to PC 2, the port checks that
the VLAN ID carried in the frame is the same as that configured on the port. The port
then removes the tag from the frame and sends the untagged frame to PC 2.
l VLANIF interface
A VLANIF interface is a Layer 3 logical interface, which can be configured on either a
Layer 3 switch or a router.
Layer 3 switching combines routing and switching techniques to implement routing on a
switch, therefore improving the overall network performance. After sending the first data
flow, a Layer 3 switch generates mappings between MAC addresses and IP addresses. To
send the same data flow, the switch directly sends the data flow at Layer 2 but not Layer 3
based on this mapping table.
To allow that new data flows are correctly forwarded based on the routing table, be sure
that the routing table's routing entries are correct. Therefore, VLANIF interfaces and
routing protocols must be configured on Layer 3 switches for reachable Layer 3 routes.
NOTE
The VLAN technology partitions a single Layer 2 network into multiple broadcast domains that
are mutually isolated. Each of the broadcast domain can be referred to as a VLAN, and the VLAN
technology implements both intra-VLAN and inter-VLAN communication. The general process
of configuring VLANs is described as follows.
1. After VLANs are configured, users in a VLAN can communicate with each other.
2. Further configurations are needed for users in different VLANs to communicate with each
other.
NOTE
Intra-VLAN communication and inter-VLAN communication are basic VLAN functions.
3. Security configurations are needed to ensure reliable VLAN data transmission.
4. The following VLAN features are also supported to meet the requirements of special
applications and implement extended functions:
l VLAN aggregation: prevents the waste of IP addresses and implements inter-VLAN
communication.
l VLAN policy: allows user traffic of different types in a VPN to be distinguished and
scheduled on the backbone network. This provides better quality of service (QoS) for
users.
l Link-type Negotiation Protocol (LNP): dynamically negotiates the link type of an
Ethernet interface. The negotiated link type can be access or trunk.
l VLAN Central Management Protocol (VCMP): runs on all Layer 2 devices. In a VCMP
domain, a server the creation, deletion, or modification of VLAN information. Each
time VLAN information is changed, the server sends VCMP packets to clients in the
same VCMP domain as the server so that the clients can update their VLAN information.
To classify VLANs based on ports, you need to add ports on Layer 2 switches to VLANs. Port-
based VLAN classification is applicable to large-scale and topology-stable networks.
Inter-VLAN Communication
After VLANs are configured, users in the same VLAN can communicate with each other. Users
in different VLANs cannot directly communicate with each other. Table 4-2 lists the schemes
for inter-VLAN communication.
Disabli l If a device has l MAC address This security scheme This security
ng only one entries are requires that the scheme is
MAC inbound port saved. network has fixed applicable to
address and one l Security is users and forwarding topology-stable
learning outbound port, enhanced paths have been networks or
in a MAC address because new established by using networks on
VLAN learning in a users are not dynamic MAC which MAC
VLAN can be allowed to address learning or addresses are
disabled. access the by manually configured and
l This security network. configuring MAC forwarding
scheme is addresses. paths are
applicable to If a large number of specified.
networks that users are connected
do not provide to a switch, each user
access for new needs to be
users. configured a static
forwarding path.
This imposes a heavy
configuration burden
on network
administrators.
This security scheme
prohibits new users
from accessing the
network.
Enablin If a device has This security Malicious users may This security
g only one inbound scheme saves access the network scheme is
flexible port and one MAC address and the system learns applicable to all
MAC outbound port, entries while the MAC addresses Layer 2
address enabling flexible allowing new of these users, which networks.
learning MAC address users to access the weakens the network
in a learning saves network. security.
VLAN MAC address
entries.
When a new user
connects to the
device, MAC
address learning is
automatically
enabled.
VLAN Description
Policy
VLAN VLAN IDs and 802.1p priority values in frames are used to distinguish users
+802.1p or services.
This policy implements access to L2VPNs or L3VPNs.
VLAN VLAN IDs and DSCP priority values in packets are used to distinguish users
+DSCP or services.
This policy implements access to L2VPNs or L3VPNs.
VLAN VLAN IDs and EthType values in frames are used to distinguish users or
+EthType services.
This policy implements access only to L2VPNs.
loopback detection technology requires that devices at the user side allow special Layer 2
loopback detection packets to pass through. When modifications cannot be made to the user
networks, you can deploy Ethernet loop detection supported by the NE80E/40E over the carrier
network. Ethernet loop detection does not need to be deployed at the user side. This also avoids
the broadcast storm caused by loops formed in a VLAN network.
Applicable Environment
A company has multiple departments located in different buildings. For service security, it is
required that employees in one department be able to communicate with each other, whereas
employees in different departments be prohibited from communicating with each other. Devices
on the network shown in Figure 4-5 are configured as follows:
l Add ports connecting switches to PCs of the financial department to VLAN 5 and ports
connecting switches to PCs of the marketing department to VLAN 9. This configuration
prevents employees in financial and marketing departments from communicating with each
other.
l Configure links between switches and router as trunk links to allow frames from VLAN 5
and VLAN 9 to pass through, allowing employees of the same department but different
buildings to communicate with each other.
network
PE
CE1 CE2
GE1/0/1 GE1/0/1
GE1/0/1 GE1/0/2
Trunk ( VLAN 5 VLAN 9 )
Pre-configuration Tasks
Before configuring a VLAN based on ports, connect ports and configuring physical parameters
of the ports, ensuring that the ports are physically Up.
Data Preparation
To configure a VLAN based on ports, you need the following data.
No. Data
1 ID of a VLAN
Procedure
Step 1 Run:
system-view
Step 2 Run:
vlan vlan-id
A VLAN is created, and the VLAN view is displayed. If the specified VLAN has been created,
the VLAN view is directly displayed.
The VLAN ID ranges from 1 to 4094. If VLANs need to be created in batches, you can run the
vlan batch command to create VLANs in batches, and then run the vlan vlan-id command to
enter the view of a specified VLAN.
NOTE
If a device is configured with multiple VLANs, do as follows to configure a name for each VLAN:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured, you can run
the vlan vlan-name vlan-name command in the system view to enter the corresponding VLAN view.
----End
Context
Table 4-5 lists Layer 2 Ethernet port types.
Trunk Discards the frame. l Accepts a Directly sends a A trunk port can
port tagged frame received frame if be added to
if the port the VLAN ID multiple VLANs
permits the carried in the to send and
VLAN ID frame is receive frames
carried in the permitted by the for these
frame. port. VLANs. A trunk
l Discards a port connects a
tagged frame switch to
if the port another switch
denies the or to a router.
VLAN ID
Hybrid l Adds a tag with the Sends a received A hybrid port
carried in the
port default VLAN ID frame if the port can be added to
frame.
to an untagged permits the multiple VLANs
frame and accepts VLAN ID carried to send and
the frame if the in the frame. receive frames
port permits the for these
default VLAN ID. VLANs. A
l By default, on hybrid port can
VLAN is connect a switch
configured on the to a PC or
interface. The connect a
frames are network device
discarded directly. to another
network device.
QinQ QinQ ports are enabled with the IEEE 802.1QinQ protocol. A QinQ port adds a
port tag to a single-tagged frame, and therefore supports a maximum of 4094 x 4094
VLAN tags, which meets the requirement of a Metropolitan Area Network (MAN)
for the number of VLANs.
For details about QinQ, see 5 QinQ Configuration.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
portswitch
Step 4 Run:
port link-type trunk
----End
Context
l A port connecting a switch to a PC must be configured as an access or a hybrid port.
The port trunk allow-pass vlan command is invalid on access ports.
l A port connecting one switch to another must be configured as a trunk or hybrid port.
The port default vlan command cannot be used on trunk ports.
Procedure
l Add an Ethernet port to a VLAN in the port view.
1. Run:
system-view
NOTE
The input port format must be correct. The port number following to must be greater than the
port number before to. If a group of ports are specified, ensure that these ports are of the same
type and all specified ports exist.
In one port command, a maximum of 10 groups of ports can be specified by using to.
----End
Prerequisites
Port-based VLAN division has been configured.
Procedure
Step 1 Run the display vlan [ vlan-id [ verbose ] ] command to check VLAN information.
----End
Example
Run the display vlan command. The command output shows the number of created VLANs on
the device and information about VLANs such as VLAN types. For example:
<HUAWEI> display vlan
The total number of vlans is : 6
VLAN ID Type Status MAC Learning Broadcast/Multicast/Unicast
Property
---------------------------------------------------------------------------------
1 sub enable enable forward forward forward default
2 super enable enable forward forward forward default
3 sub enable enable forward forward forward default
4 common enable enable forward forward forward default
5 common enable enable forward forward forward default
10 common enable disable discard discard discard
backboneVLAN
Applicable Environment
Layer 3 switching combines routing and switching techniques to implement routing on a switch,
therefore improving the overall network performance. After sending the first data flow, a Layer
3 switch generates mappings between MAC addresses and IP addresses. To send the same data
flow, the switch directly sends the data flow at Layer 2 but not Layer 3 based on this mapping
table.
To allow that new data flows are correctly forwarded based on the routing table, be sure that the
routing table's routing entries are correct. Therefore, VLANIF interfaces and routing protocols
must be configured on Layer 3 switches for reachable Layer 3 routes.
Pre-configuration Tasks
Before creating a VLANIF interface, create a VLAN.
Data Preparation
To create a VLANIF interface, you need to the following data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface vlanif vlan-id
NOTE
A VLANIF interface is Up only when at least one physical port added to the corresponding VLAN is Up.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface vlanif vlan-id
Step 3 Run:
ip address ip-address { mask | mask-length } [ sub ]
An IP address is assigned to the VLANIF interface for communication at the network layer.
NOTE
If IP addresses assigned to VLANIF interfaces on a Layer 3 device belong to different network segments,
a routing protocol must be configured on the Layer 3 switch to provide reachable routes. Otherwise,
VLANIF interfaces cannot communicate with each other at the network layer. For configurations of routing
protocols, see the NE80E/40E Configuration Guide - IP Routing.
----End
Follow-up Procedure
If you do not want users in a VLAN to communicate with users in another VLAN through a
VLANIF interface, run the shutdown command in the VLANIF interface view. In this situation,
the users in the same VLAN can still communicate with each other.
Traffic on a VLANIF interface includes Layer 2 and Layer 3 traffic. If you run the shutdown
command in the VLANIF interface view, only Layer 3 traffic on the VLANIF interface is shut
down. In this case, if you run the display interface vlanif command for several times, the
command outputs show that the traffic on the VLANIF interface increases.
To shut down all traffic on a VLANIF interface, run the shutdown vlan command in the VLAN
view.
Context
If a VLAN goes Down because all ports in the VLAN go Down, the system immediately reports
the VLAN Down event to the corresponding VLANIF interface, instructing the VLANIF
interface to go Down.
To prevent network flapping caused by changes of VLANIF interface status, enable VLAN
damping on the VLANIF interface. After the last Up port in a VLAN goes Down, the system
starts a delay timer and informs the corresponding VLANIF interface of the VLAN Down event
after the timer expires. If a port in the VLAN goes Up during the delay period, the VLANIF
interface remains Up.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface vlanif vlan-id
Step 3 Run:
damping time delay-time
The delay-time value ranges from 0 to 20, in seconds. By default, the value is 0 seconds,
indicating that VLAN damping is disabled.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface vlanif vlan-id
Step 3 Run:
bandwidth bandwidth
----End
Prerequisites
A VLANIF interface has been configured.
Procedure
l Run the display interface vlanif [ vlan-id | main ] command to check the physical status,
link protocol status, description, and IP address of the VLANIF interface.
----End
Example
Run the display interface vlanif command. The command output shows the physical status,
link protocol status, IP address, and mask of a VLANIF interface. For example:
<HUAWEI> display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Vlanif10 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 10.1.1.1/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-d526-ab00
Physical is VLANIF
Current system time: 2010-07-01 14:37:11-08:00
Statistics last cleared: never
Last 300 seconds input rate 941 bits/sec, 2 packets/sec
Last 300 seconds output rate 968 bits/sec, 3 packets/sec
Realtime 29 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 29 seconds output rate 0 bits/sec, 0 packets/sec
Input: 827 packets,0 bytes
410 unicast,417 broadcast,0 multicast
0 errors,0 drops
Output:819 packets,0 bytes
402 unicast,417 broadcast,0 multicast
0 errors,0 drops
Last 300 seconds input utility rate: --
Last 300 seconds output utility rate: --
Applicable Environment
Currently, schemes listed in Table 4-6 are provided for inter-VLAN communication. You can
choose one of them based on the real world situation.
Pre-configuration Tasks
Before configuring inter-VLAN communication, create VLANs.
Data Preparation
To configure inter-VLAN communication, you need the following data.
No. Data
2 VLAN ID, VLANIF interface number, IP address and mask of the VLANIF
interface, and (optional) bandwidth of the VLANIF interface
3 (Optional) Port type, VLAN ID before mapping, and VLAN ID after mapping
Context
During communication at the data link layer on a LAN, source MAC addresses identify where
data comes from, and destination MAC addresses guide data to destinations. If the source and
destination PCs reside on different network segments, a Layer 2 network is unable to send data
from the source to the destination. In this case, data has to be forwarded at the network layer 3.
After the default gateway address of the switch is specified as the IP address of the router, the
switch sends data that needs to be forwarded at the network layer to the router. After receiving
a packet, the router searches its routing table according to the destination address in the packet.
If the router finds a matching route in the routing table, the router directly forwards the packet
to another network segment. If the router does not find any matching route, it discards the packet.
On the network shown in Figure 4-6, VLANs 2 to n belong to different network segments. To
allow users in VLANs 2 to n to communicate with each other, you can create a sub-interface on
the router for each VLAN and assign an IP address to each sub-interface. After VLANs are
configured, the switch is logically divided into n parts. Accordingly, the router must have n
logical interfaces corresponding to n VLANs. The detailed implementation process is as follows:
1. A PC in VLAN 2 checks the destination IP address and finds that the destination PC in
VLAN n is on a different network segment.
2. The PC in VLAN 2 sends an ARP request. After receiving the request, the router considers
itself the destination, translates its MAC address into an IP address, and sends an ARP reply
to the PC in VLAN 2.
3. After receiving data from the PC in VLAN 2, the Layer 2 switch adds a VLAN tag to the
data and searches the MAC address table for an outbound port.
4. The router receives the frame and sends it to sub-interface 2.
5. Sub-interface 2 removes the VLAN tag from the frame, searches for an ARP entry based
on the IP address in the IP header, and forwards the packet at the network layer.
6. Sub-interface n receives the packet, reencapsulates the packet with the VLAN ID of n and
the destination MAC address of the MAC address of the destination PC, and sends the
frame.
7. After receiving the frame, the Layer 2 switch searches the MAC address table for the
destination MAC address based on the VLAN ID carried in the packet to determine the
outbound port.
8. The PC in VLAN n receives the frame from VLAN 2.
If a PC in VLAN n sends a packet to a PC in VLAN 2, the process is similar and not
described in this document.
Figure 4-6 Networking diagram for configuring sub-interfaces for inter-VLAN communication
Router
Subinterface1 Subinterface2
IP Address:x.x.x.x/x IP Address:x.x.x.x/x
Trunk
Switch
Access port
VLAN2 VLANn
On the network shown in Figure 4-6, downstream ports on the switch are separately added to
VLAN 2 to VLAN n. The configuration roadmap for communication between these VLANs is
as follows:
1. Create n-1 sub-interfaces on the Etherent interface connecting the router to the switch.
2. The sub-interface is associated with a VLAN.
3. Assign an IP address to each sub-interface for communication at the network layer.
4. Configure the port connecting the switch to the router as a trunk or hybrid port to allow
frames with VLAN IDs from 2 to n to pass through.
NOTE
The default gateway address of each PC in a VLAN must be the IP address of the corresponding sub-
interface. Otherwise, inter-VLAN communication fails.
Procedure
l Perform the following steps on the router:
1. Run:
system-view
The Ethernet interface in this step is the interface connecting the router to the switch.
3. Run:
vlan-type dot1q vlan-id
NOTE
Sub-interfaces of different interfaces can be associated with the same VLAN; sub-interfaces
of one interface cannot be associated with the same VLAN.
4. Run:
ip address ip-address { mask | mask-length } [ sub ]
Configure VLANs. For details, see 4.2 Configuring a VLAN Based on Ports.
----End
Context
VLAIF interfaces are Layer 3 logical interfaces. After being assigned IP addresses, VLANIF
interfaces are able to communicate at the network layer. Layer 3 switches and routers can be
configured with VLANIF interfaces.
Figure 4-7 Networking diagram for configuring VLANIF interfaces for inter-VLAN
communication
PE
VLANIF2 VLANIFn
CE1 CE2
VLAN2 VLANn
NOTE
The default gateway address of each PC in a VLAN must be the IP address of the corresponding VLANIF
interface. Otherwise, inter-VLAN communication will fail.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface vlanif vlan-id
NOTE
A VLANIF interface is Up only when at least one physical port added to the corresponding VLAN is Up.
Step 3 Run:
ip address ip-address { mask | mask-length } [ sub ]
----End
Context
VLAN mapping is also called VLAN translation. With VLAN mapping, a switch maps the
VLAN tag of a frame to another VLAN tag after receiving the frame and before sending the
frame. On the network shown in Figure 4-8, ports connecting CE 1 to users are added to VLAN
2 and ports connecting CE 2 to users are added to VLAN 3. To allow users in VLAN 2 and
VLAN 3 to communicate with each other, configure VLAN mapping on GE 1/0/1 connecting
CE 1 to CE 2.
l Before sending a frame to VLAN 3, GE 1/0/1 on CE 1 replaces the VLAN ID 2 in the frame
with the VLAN ID 3.
l After receiving a frame from VLAN 3, GE 1/0/1 on CE 1 replaces the VLAN ID 3 in the
frame with the VLAN ID 2.
Figure 4-8 Networking diagram for configuring VLAN mapping for inter-VLAN
communication
VLAN2 VLAN3
2 3
2 3
2 3
172.16.0.1/16 172.16.0.7/16
NOTE
Before configuring VLAN mapping to allow PCs in two VLANs to communicate, IP addresses of the PCs
must belong to the same network segment. Otherwise, devices in different VLANs must communicate with
each other at the network layer. In this case, VLAN mapping does not make sense.
Procedure
Step 1 Run:
system-view
Configure VLANs. For details, see 4.2 Configuring a VLAN Based on Ports.
Step 4 Run:
port vlan-mapping vlan vlan-id1 [ to vlan-id2 ] map-vlan vlan-id3
Step 5 Run the port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all } command to
specify the VLAN IDs. Frames carrying these VLAN IDs can pass through the port configured
with VLAN mapping.
The VLAN ID specified in this command must be private VLAN IDs but not public VLAN IDs.
----End
Prerequisites
Inter-VLAN communication has been configured.
Procedure
l Run the ping [ ip ] [ -a source-ip-address | -c count | -d | -f | -h ttl-value | -i interface-
type interface-number | -m time | -n | -p pattern | -q | -r | -s packetsize | -system-time | -t
timeout | -tos tos-value | -v | -vpn-instance vpn-instance-name ] * host command to check
whether users in different VLANs can communicate with each other.
If the ping fails, you can run the following commands to locate the fault:
– Run the display vlan [ vlan-id [ verbose ] ] command to check information about all
VLANs or a specified VLAN.
– Run the display interface vlanif [ vlan-id | main ] command to check information about
VLANIF interfaces.
Before running this command, ensure that VLANIF interfaces have been configured.
– If VLAN aggregation is configured, run the following commands:
– Run the display super-vlan [ vlan-id ] command to check sub-VLANs contained
in a super-VLAN.
– Run the display sub-vlan [ vlan-id ] command to check mappings between sub-
VLANs and super-VLANs.
----End
Example
Check whether the PC at 10.1.1.2 is reachable.
<HUAWEI> ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=2 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=1 ms
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=1 ms
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=1 ms
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=1 ms
--- 10.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/2 ms
If the ping fails, you can run the following commands to locate the fault:
l Run the display vlan command. The command output shows the VLAN ID, VLAN type,
and VLAN status. For example:
<HUAWEI> display vlan
The total number of vlans is : 3
VLAN ID Type Status MAC Learning Broadcast/Multicast/Unicast
Property
------------------------------------------------------------------------------
--
10 common enable enable forward forward forward default
20 common enable enable forward forward forward default
30 *common enable enable forward forward forward default
l Run the display interface vlanif command. The command output shows the physical
status, link protocol status, IP address, and mask of a VLANIF interface. For example:
<HUAWEI> display interface Vlanif 10
Vlanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Vlanif10 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 10.1.1.1/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-d526-
ab00
Physical is VLANIF
Current system time: 2010-07-01 14:37:11-08:00
Statistics last cleared: never
Last 300 seconds input rate 941 bits/sec, 2 packets/sec
Last 300 seconds output rate 968 bits/sec, 3 packets/sec
Realtime 29 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 29 seconds output rate 0 bits/sec, 0 packets/sec
Input: 827 packets,0 bytes
410 unicast,417 broadcast,0 multicast
0 errors,0 drops
Output:819 packets,0 bytes
402 unicast,417 broadcast,0 multicast
0 errors,0 drops
Last 300 seconds input utility rate: --
Last 300 seconds output utility rate: --
l Run the display sub-vlan command. The command output shows the VLAN ID of each
sub-VLAN and the VLAN ID of each super-VLAN to which a sub-VLAN belongs.
l Run the display super-vlan command. The command output shows the VLAN ID of each
sub-VLAN and the VLAN ID of each super-VLAN to which a sub-VLAN belongs.
<HUAWEI> display super-vlan
VLAN ID Sub-vlan
--------------------------
40 10 20 30
Applicable Environment
Table 4-7 lists VLAN security attribute schemes.
Disabli l If a device has l MAC address This security scheme This security
ng only one entries are requires that the scheme is
MAC inbound port saved. network has fixed applicable to
address and one l Security is users and forwarding topology-stable
learning outbound port, enhanced paths have been networks or
in a MAC address because new established by using networks on
VLAN learning in a users are not dynamic MAC which MAC
VLAN can be allowed to address learning or addresses are
disabled. access the by manually configured and
l This security network. configuring MAC forwarding
scheme is addresses. paths are
applicable to If a large number of specified.
networks that users are connected
do not provide to a switch, each user
access for new needs to be
users. configured a static
forwarding path.
This imposes a heavy
configuration burden
on network
administrators.
This security scheme
prohibits new users
from accessing the
network.
Enablin If a device has This security Malicious users may This security
g only one inbound scheme saves access the network scheme is
flexible port and one MAC address and the system learns applicable to all
MAC outbound port, entries while the MAC addresses Layer 2
address enabling flexible allowing new of these users, which networks.
learning MAC address users to access the weakens the network
in a learning saves network. security.
VLAN MAC address
entries.
When a new user
connects to the
device, MAC
address learning is
automatically
enabled.
Pre-configuration Tasks
Before configuring VLAN security attributes, create VLANs.
Data Preparation
To configure VLAN security attributes, you need the following data.
No. Data
Context
If a port in a VLAN receives broadcast or unknown unicast packets, it will broadcast the packets
to other ports in the VLAN. If the broadcast or unknown unicast packets are attack packets,
system resources are wasted and device performance deteriorates or even the device
malfunctions. Disabling the port from broadcasting packets to other ports in the VLAN prevents
such malicious attacks.
Procedure
Step 1 Run:
system-view
Step 2 Run:
vlan vlan-id
NOTE
If a device is configured with multiple VLANs, do as follows to configure a name for each VLAN:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured, you can run
the vlan vlan-name vlan-name command in the system view to enter the corresponding VLAN view.
Step 3 Run:
broadcast discard
The port is disabled from broadcasting packets to other ports in the same VLAN.
By default, a port can broadcast packets to other ports in the same VLAN.
----End
Context
A company has multiple departments located in different stories of a building. It is required that
PCs of one department be grouped into a VLAN and PCs in different departments be grouped
into different VLANs.
On the network shown in Figure 4-9, department 1 belongs to VLAN 2; department 2 belongs
to VLAN 3; the public sector belongs to VLAN 10. Users in VLANs 2 and 3 can access VLAN
10. Users in VLAN 2 or 3 can communicate with each other. Users in VLAN 2 cannot
communicate with users in VLAN 3. To reduce the number of MAC address entries saved on
the core switching device and prevent visitors from accessing the company's network, you can
disable MAC address learning in a VLAN on CE 1 and CE 5.
Figure 4-9 Networking diagram for disabling MAC address learning in a VLAN
PE
mac-address mac-address
learning disable learning disable
CE1 CE2
S1 S4
S2 S3 S5
Procedure
Step 1 Run:
system-view
Step 2 Run:
vlan vlan-id
NOTE
If a device is configured with multiple VLANs, do as follows to configure a name for each VLAN:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured, you can run
the vlan vlan-name vlan-name command in the system view to enter the corresponding VLAN view.
Step 3 Run:
mac-address learning disable
----End
Follow-up Procedure
After MAC address learning in a VLAN is disabled, to guarantee high forwarding efficiency,
do as follows:
l Limit the number of MAC addresses in the MAC address table.
l Select an action to be taken when the number of MAC addresses exceeds the upper
threshold, such as discard, forward, or alarm.
Context
If the core switching device of a company has only one inbound port and one outbound port,
you can disable MAC address learning in a VLAN to save resources. On the network shown in
Figure 4-10, after MAC address learning in a VLAN is disabled on CE 1, S1 cannot access the
network. This hinders network expansion. To address this problem, you can enable flexible MAC
address learning in a VLAN on CE 1.
NOTE
l Newly-added users must be in the VLAN enabled with MAC address learning.
l Any Layer 2 network can be enabled with flexible MAC address learning in a VLAN.
Figure 4-10 Networking diagram for enabling flexible MAC address learning in a VLAN
PE PE
mac-learning
mac-address smart vlan enable
learning disable
CE1 CE1
S1 S1
S2 S2
Procedure
Step 1 Run:
system-view
Step 2 Run:
mac-learning smart vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> enable
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
vlan vlan-id
Step 3 Run:
unknown-unicast discard [ mac-learning ]
The interfaces in the VLAN are configured to discard unknown unicast packets.
When an interface in a VLAN receives an unknown unicast packet, the interface broadcasts the
packet in the VLAN by default. When the discarding of unknown unicast packets is configured,
you can forbid interfaces in a VLAN to forward unknown unicast packets to restrict broadcast
of malicious packets.
If mac-learning is configured, the interfaces in the VLAN can learn the source MAC addresses
of the received unknown unicast packets when discarding the packets.
----End
Prerequisites
VLAN security attributes have been configured.
Procedure
l Run the display vlan [ vlan-id [ verbose ] ] command to check information about all
VLANs or a specified VLAN.
----End
Example
Run the display vlan command. The command output shows that VLANs have been enabled
with the broadcast function and the MAC address learning function. For example:
<HUAWEI> display vlan
The total number of vlans is : 4
VLAN ID Type Status MAC Learning Broadcast/Multicast/Unicast Property
--------------------------------------------------------------------------------
10 common enable enable forward forward forward default
20 common enable enable forward forward forward default
30 common enable enable forward forward forward default
40 common enable enable forward forward forward default
Applicable Environment
As networks expand, address resources become insufficient. VLAN aggregation is developed
to save IP addresses.
In VLAN aggregation, one super-VLAN is associated with multiple sub-VLANs. Physical ports
cannot join a super-VLAN but a VLANIF interface can be created for the super-VLAN and an
IP address can be assigned to the VLANIF interface. Physical ports can join a sub-VLAN but
no VLANIF interface can be created for the sub-VLAN. All the ports in the sub-VLAN use the
same IP address with the VLANIF interface of the super-VLAN. This saves subnet IDs, default
gateway addresses of the subnets, and directed broadcast addresses of the subnets. In addition,
different broadcast domains can use the addresses in the same subnet segment. As a result, subnet
differences are eliminated, addressing becomes flexible, and the number of idle addresses is
reduced. VLAN aggregation allows each sub-VLAN to function as a broadcast domain and
reduces the waste of IP addresses to be assigned to ordinary VLANs.
Super
VLAN4
CE1 CE2
Sub-VLAN 2 Sub-VLAN 3
Pre-configuration Tasks
Before configuring VLAN aggregation, connect ports and configuring physical parameters of
the ports, ensuring that the ports are physically Up.
Data Preparation
To configure VLAN aggregation, you need the following data.
No. Data
1 ID of each sub-VLAN and number of each port belonging to the sub-VLAN and
(optional) VLAN name of each sub-VLAN
2 ID of a super-VLAN
Procedure
Step 1 Run:
system-view
Step 2 Run:
vlan vlan-id
NOTE
If a device is configured with multiple VLANs, do as follows to configure a name for each VLAN:
Run the name vlan-name command in the VLAN view. After a VLAN name is configured, you can run
the vlan vlan-name vlan-name command in the system view to enter the corresponding VLAN view.
Step 3 Run:
port interface-type { interface-number1 [ to interface-number2 ] } &<1-10>
----End
Context
NOTE
Procedure
Step 1 Run:
system-view
A super-VLAN is created.
Using the undo aggregate-vlan command in the VLAN view changes a super-VLAN to a sub-
VLAN.
Step 4 Run:
access-vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
----End
Procedure
Step 1 Run:
system-view
A VLANIF interface is created for a super-VLAN, and the view of the VLANIF interface is
displayed.
Step 3 Run:
ip address ip-address { mask | mask-length }
----End
Context
After configuring an IP address pool for a sub-VLAN, note the following points:
l The sub-VLAN processes only packets carrying IP addresses in this address pool, such as
ARP Request, ARP Reply, ARP Proxy, and ARP Miss packets.
l If the super VLAN is enabled with proxy ARP, the system directly sends an ARP Request
packet from a user in the sub-VLAN to the sub-VLAN based on the IP address carried in
the packet. This reduces broadcast traffic.
l When sending an ARP Miss packet carrying the IP address in the address pool, the system
directly broadcasts the packet in the sub-VLAN to ensure that traffic is properly forwarded.
Procedure
Step 1 Run:
system-view
Step 2 Run:
vlan vlan-id
Step 3 Run:
ip pool start-address [ to end-address ]
----End
Context
VLAN aggregation allows sub-VLANs to use the same subnet address, but prevents PCs in
different sub-VLANs from communicating with each other at the network layer.
PCs in ordinary VLANs can communicate with each other at the network layer by using different
gateway addresses. In VLAN aggregation, PCs in a super-VLAN use the same subnet address
and gateway address. As PCs in different sub-VLANs belong to one subnet, they communicate
with each other only at Layer 2, not Layer 3. These PCs are isolated from each other at Layer
2. Consequently, PCs in different sub-VLANs cannot communicate with each other.
Proxy ARP is required to enable PCs in a sub-VLAN to communicate with PCs in another sub-
VLAN or PCs on other networks. After a super-VLAN and its VLANIF interface are created,
proxy ARP must be enabled to allow the super-VLAN to forward or process ARP request and
reply packets. Proxy ARP helps PCs in sub-VLANs communicate with each other at the network
layer.
NOTE
An IP address must have been assigned to the VLANIF interface corresponding to the super-VLAN.
Otherwise, proxy ARP cannot take effect.
VLAN aggregation simplifies configurations for the network where many VLANs are
configured and PCs in different VLANs need to communicate with each other.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface vlanif vlan-id
Step 3 Run:
arp-proxy inter-sub-vlan-proxy enable
----End
Prerequisites
The VLAN aggregation has been configured.
Procedure
l Run the display vlan [ vlan-id [ verbose ] ] command to check VLAN information.
l Run the display interface vlanif [ vlan-id | main ] command to check information about
a specific VLANIF interface.
l Run the display sub-vlan command to check mappings between sub-VLANs and super-
VLANs.
l Run the display super-vlan command to check sub-VLANs contained in a super-VLAN.
----End
Example
Run the display vlan verbose command. The command output shows the VLAN type. For
example:
<HUAWEI> display vlan 40 verbose
VLAN ID : 40
VLAN Name :
VLAN Type : Super
Description : VLAN 0040
Status : Enable
Broadcast : Enable
MAC Learning : Enable
Smart MAC Learning : Disable
Current MAC Learning Result : Enable
Statistics : Disable
Property : Default
VLAN State : Down
---------------------
Sub-VLAN list: 2-3
Run the display interface vlanif command. The command output shows the physical status,
link protocol status, IP address, and mask of a VLANIF interface. For example:
<HUAWEI> display interface vlanif 2
Vlanif2 current state : UP
Line protocol current state : UP
Description:HUAWEI, Vlanif2 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 10.1.1.1/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-d526-ab00
Physical is VLANIF
Current system time: 2010-07-01 14:37:11-08:00
Statistics last cleared: never
Last 300 seconds input rate 941 bits/sec, 2 packets/sec
Last 300 seconds output rate 968 bits/sec, 3 packets/sec
Realtime 29 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 29 seconds output rate 0 bits/sec, 0 packets/sec
Input: 827 packets,0 bytes
410 unicast,417 broadcast,0 multicast
0 errors,0 drops
Output:819 packets,0 bytes
402 unicast,417 broadcast,0 multicast
0 errors,0 drops
Last 300 seconds input utility rate: --
Last 300 seconds output utility rate: --
Run the display sub-vlan command. The command output shows mappings between sub-
VLANs and super-VLANs.
<HUAWEI> display sub-vlan
VLAN ID Super-VLAN
-----------------------------
10 40
20 40
30 40
Run the display super-vlan command. The command output shows sub-VLANs contained in
a super-VLAN.
<HUAWEI> display super-vlan
VLAN ID Sub-VLAN
--------------------------
40 10 20 30
Applicable Environment
On a Metro Ethernet (ME) network, VLAN IDs are used to identify various services or user
packets before them access to various VSIs, VLLs, or VPN instances. If multiple types of
services share one VLAN ID, as shown in Figure 4-12, services cannot be differentiated merely
by using VLAN IDs. As a result, part of high-priority traffic over the operator's network cannot
be scheduled in time, which deteriorates users' experience.
Figure 4-12 Networking diagram for multiple types of services sharing one VLAN ID
BTV VOD
Platform
SR Video
PW 1
HSI UPE
VoIP Switch
Internet
PW 2
BRAS
IPTV Data flow1
VLAN 10
Data flow2
It is required that the UPE be able to identify VLAN IDs carried in frames and parse priorities
of the frames. The UPE sends frames to different PWs based on the VLAN IDs and priorities
of the frames. In this manner, frames with high priorities can be scheduled in time.
Pre-configuration Tasks
Before configuring VLAN policy-based VPN access, ensure that the UPE receives only
untagged or single-tagged frames.
Data Preparation
To configure VLAN policy-based VPN access, you need the following data.
No. Data
2 Number of the interface connecting the UPE to users and IP address of this
interface
l Data for configuring an L2VPN, including:
– VSI ID (Two ends of a PW must be configured with the same VSI ID.)
– MPLS LSR ID
– VSI name
– Interface to which the VSI is bound
l Data for configuring an L3VPN, including:
– VPN instance name and RD
– VPN target
– AS number of the UPE
– IP address and interface by which the UPE establishes a BGP peer
relationship
– Mode for the UPE and switch to exchange routing information: static
routes, Routing Information Protocol (RIP), Open Shortest Path First
(OSPF), Intermediate System to Intermediate System (IS-IS), or Border
Gateway Protocol (BGP)
– (Optional) Description of the VPN instance
– (Optional) Routing policy for sending and receiving VPN routing
information
– (Optional) Tunnel policy
– (Optional) Maximum number of routes allowed by the VPN instance
Context
If non-IP services are transmitted between the Base Transceiver Station (BTS) and the CSG,
either of the following policies can be configured:
l VLAN+802.1p
On the network shown in Figure 4-13, Asynchronous Transfer Mode (ATM) or Time
Division Multiplex (TDM) links interconnect the BTS and CSG, and the Mobile
Aggregation Site Gateway (MASG) and Base Station Controller (BSC). To transmit ATM
services from the BTS to the remote BSC, you need to configure PWE3 between the CSG
and the MASG to transparently transmit ATM cells.
Figure 4-13 uses the VLAN+802.1p-based L2VPN access as an example. The process for
VLAN+802.1p-based L3VPN access is similar and not described in this document.
Signal PWE3
Manage
PE1 VSI PE2 BSC
CSG IP DSLAM MASG
Data BTS VSI
VSI
VSI
PE3 PE4
l VLAN+DSCP
On the network shown in Figure 4-14, ATM or TDM links interconnect the BTS and CSG,
and the MASG and BSC. To allow ATM cells to be transmitted over an IPv4 network, you
need to configure Generic Routing Encapsulation (GRE) for ATM cells. To transmit ATM
services from the BTS to the remote BSC, you need to configure PWE3 between the CSG
and the MASG to transparently transmit ATM cells.
Figure 4-14 uses VLAN+DSCP-based L2VPN access as an example. The process for
VLAN+DSCP-based L3VPN access, untagged+DSCP-based L3VPN access, or VLAN
+DSCP-based L2VPN access is similar and not described in this document.
NOTE
l The DSCP value is carried in IP packets. To make the VLAN+DSCP policy take effect, ensure that
only IP services are sent to the CSG.
If non-IP services are sent to the CSG, a GRE tunnel must be configured on the CSG to transparently
transmit the non-IP services over the IPv4 network.
l There is no difference in PE configurations regardless of whether IP or non-IP services are sent to the
BTS.
In this usage scenario, only PE configurations are concerned. For configurations of other devices, see
related configuration manuals.
l 802.1p or DSCP priorities can be changed on the CSG by using commands.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface { ethernet | gigabitethernet } interface-number.subinterface-number
Step 3 Run:
vlan-type dot1q vlanid { 8021p { 8021p-value1 [ to 8021p-value2 ] } &<1-10> | dscp
{ dscp-value1 [ to dscp-value2 ] } &<1-10> | eth-type eth-type-value | default }
A VLAN policy is configured on the sub-interface for dot1q VLAN tag termination.
NOTE
If the sub-interfaces of one interface are configured with the same VLAN ID, only one type of VLAN
policies (VLAN+802.1p, VLAN+DSCP, or VLAN+EthType) can be configured on these sub-interfaces.
A VLAN ID can be assigned to a maximum of eight sub-interfaces.
l The eth-type parameter takes effect only on PPPoE services currently. If the eth-type
parameter is configured, IPoE packets will be processed by the default sub-interface.
l If the default parameter is configured, all the services that do not match any VLAN policy
will be processed by the default sub-interface.
l If the vlan-type dot1q command has been used in the view of an Ethernet sub-interface, the
sub-interface exclusively uses this VLAN, and the VLAN ID can no longer be configured
in any VLAN policy for other sub-interfaces.
l If the undo vlan-type dot1q command is used with a specified VLAN ID and an 802.1p
priority value, a DSCP priority value, or an EtherType value, only the specified VLAN policy
associated with this VLAN ID is deleted from the sub-interface. If the undo vlan-type dot1q
vlanid command is used with a specified VLAN ID but not an 802.1p priority value, a DSCP
priority value, or an EtherType value, all VLAN policies associated with this VLAN ID are
deleted from the sub-interface.
Step 4 Run:
vlan-type dot1q vlanid { 8021p { 8021p-value1 [ to 8021p-value2 ] } &<1-10> |
default }
A VLAN policy is configured on the sub-interface for dot1q VLAN tag termination.
NOTE
If the sub-interfaces of one interface are configured with the same VLAN ID, only one type of VLAN
policies (VLAN+802.1p) can be configured on these sub-interfaces.
A VLAN ID can be assigned to a maximum of eight sub-interfaces.
l If the default parameter is configured, all the services that do not match any VLAN policy
will be processed by the default sub-interface.
l If the vlan-type dot1q command has been used in the view of an Ethernet sub-interface, the
sub-interface exclusively uses this VLAN, and the VLAN ID can no longer be configured
in any VLAN policy for other sub-interfaces.
l If the undo vlan-type dot1q command is used with a specified VLAN ID and an 802.1p
priority value only the specified VLAN policy associated with this VLAN ID is deleted from
the sub-interface. If the undo vlan-type dot1q vlanid command is used with a specified
VLAN ID but not an 802.1p priority value, all VLAN policies associated with this VLAN
ID are deleted from the sub-interface.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface { ethernet | gigabitethernet } interface-number.subinterface-number
l L2VPN
For detailed information, see the chapters "Virtual Leased Line (VLL) Configuration",
"Pseudo-Wire Emulation Edge to Edge (PWE3) Configuration", and "Virtual Private LAN
Service (VPLS) Configuration" in the HUAWEI NetEngine80E/40E Router Configuration
Guide - VPN.
The sub-interface for QinQ VLAN tag termination can be bound to a homogeneous VLL in
the following modes:
– Local Circuit Cross Connect (CCC) connection
– Remote CCC connection
– Remote SVC connection
– Local Kompella connection
– Remote Kompella connection
----End
Prerequisites
VLAN policy-based VPN access has been configured.
Procedure
l Run the display interface interface-type interface-number vlan { vlan-id | untagged }
command to check VLAN policies configured for sub-interfaces with a specified VLAN
ID or without VLAN IDs.
----End
Example
Run the display interface vlan command. The command output shows VLAN policies
configured for sub-interfaces on an interface with a specified VLAN ID. For example:
<HUAWEI> display interface gigabitethernet1/0/1 vlan 1
Sub-Interface VlanPolicy
-----------------------------------------------------------
GE1/0/1.1 8021p 1 3 to 7
GE1/0/1.2 dscp 3 6 to 10
GE1/0/1.3 default
-----------------------------------------------------------
Interface:GE1/0/1 VLAN ID: 1 Sub-Interface num: 3
Applicable Environment
When some interfaces are limited not to connect directly, you can configure the interface
isolation in a VLAN.
When the interfaces isolated in a VLAN need to connect, the connection must be implemented
through the layer 3 route. In this way, the users in a VLAN can be managed and controlled
flexibly.
Pre-configuration Tasks
Before configuring the interface isolation in VLAN, complete the configuration of VLAN based
on the interface.
Data Preparation
To configure the interface isolation in VLAN, you need the following data.
No. Data
1 VLAN number
Context
The device provides the following two methods of isolating the interfaces in a VLAN:
Procedure
l Enabling the Ethernet interface Isolation
1. Run:
system-view
When this command is run, the VLAN should include this interface.
Perform the following steps to configure the device where the 1483B VE interface to be
isolated in a VLAN resides.
1. Run:
system-view
In the VE interface view, you can isolate only one interface from other interfaces in
a VLAN.
l Configuring the Interface Isolation in the VLAN View
1. Run:
system-view
Context
Perform the following steps on the devices:
Procedure
Step 1 Run:
system-view
----End
Applicable Environment
NOTE
The interface group isolation in a VLAN is not supported in X1 and X2 of the NE80E/40E.
When you need to isolate packets between interface groups, you can configure the isolation
based on interface groups in a VLAN.
You can add the interfaces to be isolated to different interface groups and the interfaces in the
interface groups cannot communicate with each other.
Pre-configuration Tasks
Before configuring the isolation based on interface groups in a VLAN, complete the
configuration of the interface-based VLAN.
Data Preparation
To configure the isolation based on interface groups in a VLAN, you need the following data.
No. Data
1 VLAN number
Context
Perform the following steps on the devices:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface { ethernet | gigabitethernet | eth-trunk } interface-number
Step 3 Run:
portswitch
Step 4 Run:
port-isolation group group-id
The interface must be added to the VLAN before you run this command.
----End
Procedure
Step 1 Run the display port-isolation group { group-id | brief } command to view information about
an isolated interface group.
----End
Example
Run the display port-isolation group group-id command. You can view the information about
an isolated interface group. For example:
[HUAWEI] display port-isolation group 4
Port islation group 4
Eth-Trunk3
Eth-Trunk5
port islation group 4 has 2 ports
Run the display port-isolation group brief command. You can view the information about all
isolated interface groups. For example:
[HUAWEI] display port-isolation group brief
Port islation group 4
Eth-Trunk3
Eth-Trunk5
port islation group 4 has 2 ports
Port islation group 5
Eth-Trunk4
Eth-Trunk6
port islation group 5 has 2 ports
Applicable Environment
As shown in Figure 4-15, when CE1, the Customer Edge (CE) device, accesses to the Provider
Edge (PE) devices in the same VLAN through redundant links, you can configure Ethernet loop
detection for the VLAN on PE devices. This avoids the broadcast storm on the network.
NOTE
Figure 4-15 Networking diagram of configuring Ethernet loop detection for a VLAN
PE1 PE2
VLAN 100
AC1 AC2
CE1
Pre-configuration Tasks
Before configuring Ethernet loop detection for a VLAN, complete the following tasks:
l Connect the interfaces and configuring the physical parameters of the interfaces to make
the physical status of the interfaces Up.
l Create a VLAN in the carrier network and connecting a CE device to PE devices.
Data Preparation
To configure Ethernet loop detection for a VLAN, you need the following data.
No. Data
1 Times of loopback, interval of the detection time, cycle of the detection interval, time
for blocking a loop, and retry times for blocking an interface permanently
Context
Perform the following steps on the PE devices:
Procedure
Step 1 Run:
system-view
The conditions for generating loop detection alarms are configured globally.
By default, a loop detection alarm is generated when loops occur three times during a detection
interval of 10s for three consecutive intervals.
Step 3 Run:
vlan vlan-id
Step 4 Run:
loop-detect eth-loop loop-times loop-times detect-cycle detect-cycle-time cycles
cycles { retry-times retry-times block-time block-time | alarm-only }
When block-time and retry-times are selected, the router blocks a certain interface in the VLAN
after a loop is detected in the VLAN. In addition, the router records the event in the log and
sends an alarm message to the NMS.
When alarm-only is selected, the router does not block the interface in the VLAN after detecting
a loop. Instead, the router only records the event in the log and sends an alarm message to the
NMS.
Step 5 Run:
quit
The interface which is blocked by the Ethernet loop detection for a VLAN is restored.
As shown in Figure 4-15, if Ethernet loop detection is configured for both PE1 and PE2 in
VLAN 100, you can set different values for cycles to first block the link on either device first.
For example, if cycles is set to 1 on PE1 and 3 on PE2, PE1 blocks the port the first time a loop
is detected. PE2, however, blocks the port when a loop is detected for three times. Therefore,
PE1 blocks a loop faster than PE2.
----End
Context
A device reports an alarm to the NMS in the following situations:
l Its AC-side or PW-side interfaces switch to the Blocking or Normal state.
l Its Layer 2 interfaces switch to the Blocking or Normal state.
l Its main interfaces enabled with Ethernet loop detection switch to the Blocking or Normal
state.
l A local loop occurs and the related interfaces switch to the Blocking or Normal state. A
loop occurs in its VLAN or VSI.
Procedure
Step 1 Run:
system-view
Step 2 Run:
snmp-agent trap enable feature-name mflp [ trap-name { hwmflpacblock |
hwmflpacresume | hwmflpifblock | hwmflpifresume | hwmflplinkblocked |
hwmflplinkunblocked | hwmflploopbackblock | hwmflploopbackresume | hwmflppwblock |
hwmflppwresume | hwmflpvlanalarm | hwmflpvsialarm } ]
----End
Context
Perform the following steps on the PE devices:
Procedure
Step 1 Run:
system-view
----End
Procedure
Step 1 Run:
system-view
The blocking policy is specified if MAC addresses change, but the local device does not have
trusted interfaces.
By default, interfaces are blocked based on their configured blocking priorities if there is no
trusted interface.
Step 4 Run:
vlan vlan-id
Step 5 Run:
loop-detect eth-loop precise-block enable
Trusted interface generation is enabled. After an interface is specified as a trusted interface, this
interface will not be blocked.
----End
Context
Run the following command to check the previous configuration.
Action Command
Check information about Ethernet loop display loop-detect eth-loop vlan vlan-id
detection in a VLAN.
Run the display loop-detect eth-loop vlan vlan-id command. You can view the information
about Ethernet loop detection in a VLAN. For example:
<HUAWEI> display loop-detect eth-loop vlan 100
VLAN/VSI LTimes D-Cycle Cycles Retry Action BPolicy
------------------------------------------------------------------------
VLAN 100 1 2 3 -- Alarm-only --
Total Items = 1
Blocked Port:
---------------
Context
NOTICE
Statistics about VLAN packets cannot be restored after you clear it. So, confirm the action before
you use the command.
To clear the Statistics of VLAN Packets, run the following reset command in the user view:
Procedure
l Run the reset vlan statistics [ vid ] vlan-id command to clear packets of a specified VLAN
statistics.
l Run the reset vlan statistics interface interface-type interface-number.subinterface-
number command to clear the VLAN packets on a specified sub-interface statistics.
----End
NOTE
This document takes interface numbers and link types of the NE40E-X8 as an example. In working
situations, the actual interface numbers and link types may be different from those used in this document.
Networking Requirements
A company has several departments. Employees of each department reside in different buildings.
On the network shown in Figure 4-16, employees of the financial or marketing department work
in different buildings. It is required that employees of the same department be able to
communicate with each other, whereas employees of different departments not communicate
with each other.
Figure 4-16 Networking diagram for configuring users in a VLAN to communicate by using a
trunk link
network
CE1 PE CE2
GE1/0/5 GE1/0/5
GE1/0/1 GE1/0/2
Trunk ( VLAN 5 VLAN 9 ) GE1/0/4
GE1/0/1
GE1/0/4 GE1/0/1
Configuration Roadmap
The configuration roadmap is as follows:
1. Add ports connecting switches to PCs of the financial department to VLAN 5 and ports
connecting switches to PCs of the marketing department to VLAN 9. This configuration
prevents employees in financial and marketing departments from communicating with each
other.
2. Configure links between switches and PE as trunk links to allow frames from VLAN 5 and
VLAN 9 to pass through, allowing employees of the same department but different
buildings to communicate with each other.
NOTE
Only Layer 2 ports are able to identify frames with tags. All interfaces on PE and CEs 1 and 2 must
function as Layer 2 ports.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Add ports connecting switches to PCs to specified VLANs.
# Configure CE 1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 5 9
[CE1] interface GigabitEthernet 1/0/1
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] port link-type access
[CE1-GigabitEthernet1/0/1] port default vlan 5
[CE1-GigabitEthernet1/0/1] quit
[CE1] interface GigabitEthernet 1/0/2
[CE1-GigabitEthernet1/0/2] portswitch
[CE1-GigabitEthernet1/0/2] undo shutdown
[CE1-GigabitEthernet1/0/2] port link-type access
[CE1-GigabitEthernet1/0/2] port default vlan 5
[CE1-GigabitEthernet1/0/2] quit
[CE1] interface GigabitEthernet 1/0/3
[CE1-GigabitEthernet1/0/3] portswitch
[CE1-GigabitEthernet1/0/3] undo shutdown
[CE1-GigabitEthernet1/0/3] port link-type access
[CE1-GigabitEthernet1/0/3] port default vlan 9
[CE1-GigabitEthernet1/0/3] quit
[CE1] interface GigabitEthernet 1/0/4
[CE1-GigabitEthernet1/0/4] portswitch
[CE1-GigabitEthernet1/0/4] undo shutdown
[CE1-GigabitEthernet1/0/4] port link-type access
[CE1-GigabitEthernet1/0/4] port default vlan 9
[CE1-GigabitEthernet1/0/4] quit
# Configure CE 2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 5 9
[CE2] interface GigabitEthernet 1/0/1
[CE2-GigabitEthernet1/0/1] portswitch
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] port link-type access
[CE2-GigabitEthernet1/0/1] port default vlan 5
[CE2-GigabitEthernet1/0/1] quit
[CE2] interface GigabitEthernet 1/0/2
[CE2-GigabitEthernet1/0/2] portswitch
[CE2-GigabitEthernet1/0/2] undo shutdown
[CE2-GigabitEthernet1/0/2] port link-type access
[CE2-GigabitEthernet1/0/2] port default vlan 5
[CE2-GigabitEthernet1/0/2] quit
[CE2] interface GigabitEthernet 1/0/3
[CE2-GigabitEthernet1/0/3] portswitch
[CE2-GigabitEthernet1/0/3] undo shutdown
Step 2 Configure links between switches and the router as trunk links.
# Configure CE 1.
[CE1] interface GigabitEthernet 1/0/5
[CE1-GigabitEthernet1/0/5] portswitch
[CE1-GigabitEthernet1/0/5] undo shutdown
[CE1-GigabitEthernet1/0/5] port link-type trunk
[CE1-GigabitEthernet1/0/5] port trunk allow-pass vlan 5 9
[CE1-GigabitEthernet1/0/5] quit
# Configure CE 2.
[CE2] interface GigabitEthernet 1/0/5
[CE2-GigabitEthernet1/0/5] portswitch
[CE2-GigabitEthernet1/0/5] undo shutdown
[CE2-GigabitEthernet1/0/5] port link-type trunk
[CE2-GigabitEthernet1/0/5] port trunk allow-pass vlan 5 9
[CE2-GigabitEthernet1/0/5] quit
* : management-vlan
---------------------
VLAN ID Type Status MAC Learning Broadcast/Multicast/Unicast Property
--------------------------------------------------------------------------------
9 common enable enable forward forward forward default
-------------------
Tagged Port: GigabitEthernet1/0/3 GigabitEthernet1/0/4
-------------------
Active tag Port: GigabitEthernet1/0/3 GigabitEthernet1/0/4
-------------------
Interface Physical
GigabitEthernet1/0/3 UP
GigabitEthernet1/0/4 UP
GigabitEthernet1/0/5 UP
Run the display port vlan command to view the list of VLANs configured on port. In the
following example, the display on CE1 is used:
[CE1] display port vlan gigabitethernet1/0/5
Port Link Type PVID Trunk VLAN List
--------------------------------------------------------------
GigabitEthernet1/0/5 trunk 0 5 9
----End
Configuration Files
l Configuration file of CE 1
#
sysname CE1
#
vlan batch 5 9
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type access
port default vlan 5
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type access
port default vlan 5
#
interface GigabitEthernet1/0/3
portswitch
undo shutdown
port link-type access
port default vlan 9
#
interface GigabitEthernet1/0/4
portswitch
undo shutdown
port link-type access
port default vlan 9
#
interface GigabitEthernet1/0/5
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 5 9
#
return
l Configuration file of CE 2
#
sysname CE2
#
vlan batch 5 9
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type access
port default vlan 5
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type access
port default vlan 5
#
interface GigabitEthernet1/0/3
portswitch
undo shutdown
port link-type access
port default vlan 9
#
interface GigabitEthernet1/0/4
portswitch
undo shutdown
port link-type access
port default vlan 9
#
interface GigabitEthernet1/0/5
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 5 9
#
return
l Configuration file of PE
#
sysname PE
#
vlan batch 5 9
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 5 9
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 5 9
#
return
Networking Requirements
Users in different residential compounds in different network segments require various services
such as Internet, IPTV, and VoIP services. The network administrator of each residential
compound configures a VLAN for each service to simplify management. After the configuration,
users in different residential compounds belong to different VLANs, but they need to
communicate with each other for the same type of service.
On the network shown in Figure 4-17, users in residential compounds 1 to 4 belong to different
VLANs in different network segments but all require the Internet service. Therefore,
communication between these users is required.
Figure 4-17 Networking diagram for configuring inter-VLAN communication by using sub-
interfaces
PE
GE2/0/0.1: 10.110.4.3/24 GE1/0/1.1: 10.110.6.3/24
GE2/0/0.2: 10.110.3.3/24 GE1/0/1.2: 10.110.5.3/24
GE1/0/3 GE1/0/3
CE1 CE2
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs on switches and determine mappings between users and VLANs.
2. Configure trunk ports on switches to allow frames with certain VLAN IDs to pass through.
3. Create sub-interfaces on PE and associate the sub-interfaces with VLANs.
4. Assign an IP address to each sub-interface for communication at the network layer.
NOTE
The default gateway address of each PC in a VLAN must be the IP address of the corresponding sub-
interface. Otherwise, inter-VLAN communication fails.
Data Preparation
To complete the configuration, you need the following data:
l User VLAN ID
l User IP address
l Number of each port connecting a switch to a PC
l Number of each port connecting a switch to the router
l Number and IP address of each sub-interface on PE
Procedure
Step 1 Create VLANs on CE 1 and CE 2.
# Configure CE 1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 30 40
[CE1] interface GigabitEthernet 1/0/1
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] port link-type access
[CE1-GigabitEthernet1/0/1] port default vlan 30
[CE1-GigabitEthernet1/0/1] quit
[CE1] interface GigabitEthernet 1/0/2
[CE1-GigabitEthernet1/0/2] portswitch
[CE1-GigabitEthernet1/0/2] undo shutdown
[CE1-GigabitEthernet1/0/2] port link-type access
[CE1-GigabitEthernet1/0/2] port default vlan 40
[CE1-GigabitEthernet1/0/2] quit
# Configure CE 2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 10 20
[CE2] interface GigabitEthernet 1/0/1
[CE2-GigabitEthernet1/0/1] portswitch
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] port link-type access
[CE2-GigabitEthernet1/0/1] port default vlan 10
[CE2-GigabitEthernet1/0/1] quit
[CE2] interface GigabitEthernet 1/0/2
[CE2-GigabitEthernet1/0/2] portswitch
[CE2-GigabitEthernet1/0/2] undo shutdown
[CE2-GigabitEthernet1/0/2] port link-type access
[CE2-GigabitEthernet1/0/2] port default vlan 20
[CE2-GigabitEthernet1/0/2] quit
Step 2 Configure trunk ports on CE 1 and CE 2 to allow frames with certain VLAN IDs to pass through.
# Configure CE 1.
[CE1] interface GigabitEthernet 1/0/3
[CE1-GigabitEthernet1/0/3] portswitch
[CE1-GigabitEthernet1/0/3] undo shutdown
# Configure CE 2.
[CE2] interface GigabitEthernet 1/0/3
[CE2-GigabitEthernet1/0/3] portswitch
[CE2-GigabitEthernet1/0/3] undo shutdown
[CE2-GigabitEthernet1/0/3] port link-type trunk
[CE2-GigabitEthernet1/0/3] port trunk allow-pass vlan 10 20
[CE2-GigabitEthernet1/0/3] quit
On PCs in VLAN 10, configure the IP address 10.110.6.3/24 of GE 1/0/1.1 as the default gateway
address.
On PCs in VLAN 20, configure the IP address 10.110.5.3/24 of GE 1/0/1.2 as the default gateway
address.
On PCs in VLAN 30, configure the IP address 10.110.4.3/24 of GE 2/0/0.1 as the default gateway
address.
On PCs in VLAN 40, configure the IP address 10.110.3.3/24 of GE 2/0/0.2 as the default gateway
address.
After the configurations, PCs in VLANs 10, 20, 30, and 40 can ping each other successfully.
----End
Configuration Files
l Configuration file of CE 1
#
sysname CE1
#
vlan batch 30 40
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type access
port default vlan 30
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type access
port default vlan 40
#
interface GigabitEthernet1/0/3
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 30 40
#
return
l Configuration file of CE 2
#
sysname CE2
#
vlan batch 10 20
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type access
port default vlan 10
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type access
port default vlan 20
#
interface GigabitEthernet1/0/3
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 10 20
#
return
l Configuration file of PE
#
sysname PE
#
interface GigabitEthernet1/0/1
undo shutdown
#
interface GigabitEthernet1/0/1.1
vlan-type dot1q 10
ip address 10.110.6.3 255.255.255.0
#
interface GigabitEthernet1/0/1.2
vlan-type dot1q 20
ip address 10.110.5.3 255.255.255.0
#
interface GigabitEthernet2/0/0
undo shutdown
#
interface GigabitEthernet2/0/0.1
vlan-type dot1q 30
ip address 10.110.4.3 255.255.255.0
#
interface GigabitEthernet2/0/0.2
vlan-type dot1q 40
ip address 10.110.3.3 255.255.255.0
#
return
Networking Requirements
Residents in a residential compound belong to different network segments. To simplify
management, the network administrator of the residential compound adds users to different
VLANs. Residents in another residential compound are not added to any VLAN. VLAN users
must be able to communicate with non-VLAN users.
On the network shown in Figure 4-18, users in residential compound 1 belong to different
VLANs and reside on different network segments; users in residential compound 2 do not belong
to any VLAN. It is required that users in VLAN 10 be able to communicate with users in
residential compound 2.
Figure 4-18 Networking diagram for configuring VLAN and non-VLAN users to communicate
by using sub-interfaces
PE
GE1/0/1.1 GE2/0/0
10.110.2.5/24 10.110.3.5/24
GE1/0/3 GE1/0/2
GE1/0/1 GE1/0/2 CE2
CE1 GE1/0/1
community1
community2
User1 User2
VLAN10 VLAN20
10.110.2.0/24 10.110.4.0/24 10.110.3.0/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs on switches and determine mappings between users and VLANs.
2. Configure the trunk port on CE 1 to allow frames with certain VLAN IDs to pass through.
3. Create a sub-interface on the interface connecting the router to VLAN users and associate
the sub-interface with VLAN 10.
4. Assign IP addresses to interfaces for communication at the network layer.
l Assign an IP address to the sub-interface.
l Assign an IP address to the interface connecting the router to non-VLAN users.
NOTE
l The IP address assigned to the sub-interface connected to VLAN users must be on the same network
segment with IP addresses of VLAN users.
l The IP address assigned to the interface connected to non-VLAN users must be on the same network
segment with IP addresses of non-VLAN users.
l The default gateway addresses of PCs in VLAN 10 must be the IP address of the sub-interface.
Otherwise, VLAN and non-VLAN users cannot communicate with each other.
Data Preparation
To complete the configuration, you need the following data:
l User VLAN ID
l User IP address
l Number of each port connecting a switch to a PC
Procedure
Step 1 Create a VLAN on CE 1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 10
[CE1-vlan10] quit
[CE1] interface GigabitEthernet 1/0/1
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] port link-type access
[CE1-GigabitEthernet1/0/1] port default vlan 10
[CE1-GigabitEthernet1/0/1] quit
Step 2 Configure the trunk port on CE 1 to allow frames with certain VLAN IDs to pass through.
[CE1] interface GigabitEthernet 1/0/3
[CE1-GigabitEthernet1/0/3] portswitch
[CE1-GigabitEthernet1/0/3] undo shutdown
[CE1-GigabitEthernet1/0/3] port link-type trunk
[CE1-GigabitEthernet1/0/3] port trunk allow-pass vlan 10
[CE1-GigabitEthernet1/0/3] quit
Step 3 Create a sub-interface on PE and associate the sub-interface with VLAN 10.
<HUAWEI> system-view
[HUAWEI] sysname PE
[PE] interface gigabitethernet 1/0/1
[PE-GigabitEthernet1/0/1] undo shutdown
[PE-GigabitEthernet1/0/1] quit
[PE] interface gigabitethernet 1/0/1.1
[PE-GigabitEthernet1/0/1.1] vlan-type dot1q 10
On PCs in VLAN 10, configure the IP address 10.110.2.5/24 of GE 1/0/1.1 as the default gateway
address.
After the configurations, users in VLAN 10 and non-VLAN users can ping each other
successfully.
----End
Configuration Files
l Configuration file of CE 1
#
sysname CE1
#
vlan batch 10
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type access
port default vlan 10
#
interface GigabitEthernet1/0/3
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 10
#
return
l Configuration file of PE
#
sysname PE
#
interface GigabitEthernet1/0/1
undo shutdown
#
interface GigabitEthernet1/0/1.1
vlan-type dot1q 10
ip address 10.110.2.5 255.255.255.0
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.110.3.5 255.255.255.0
#
return
Networking Requirements
Users in different residential compounds in different network segments require various services
such as Internet, IPTV, and VoIP services. The network administrator of each residential
compound configures a VLAN for each service to simplify management. After the configuration,
users in different residential compounds belong to different VLANs, but they need to
communicate with each other for the same type of service.
On the network shown in Figure 4-19, users in residential compounds 1 to 4 belong to different
VLANs in different network segments but require the same online service. It is required that
these users communicate with each other at a low operating cost.
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLANs on switches and determine mappings between users and VLANs.
2. Configure trunk ports on switches to allow frames with certain VLAN IDs to pass through.
3. Create VLANIF interfaces on the PE and assign IP addresses to the interfaces to allow
Layer 3 communication.
NOTE
The default gateway address of each PC in a VLAN must be the IP address of the corresponding VLANIF
interface. Otherwise, inter-VLAN communication will fail.
Data Preparation
To complete the configuration, you need the following data:
l User VLAN ID
l User IP address
l Number of each port connecting a switch to a PC
l Number of the ports interconnecting switches
l Number and IP address of each VLANIF interface on the PE
Procedure
Step 1 Create VLANs on CE 1 and CE 2.
# Configure CE 1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 30 40
[CE1] interface GigabitEthernet 1/0/1
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] port link-type access
[CE1-GigabitEthernet1/0/1] port default vlan 30
[CE1-GigabitEthernet1/0/1] quit
[CE1] interface GigabitEthernet 1/0/2
[CE1-GigabitEthernet1/0/2] portswitch
[CE1-GigabitEthernet1/0/2] undo shutdown
[CE1-GigabitEthernet1/0/2] port link-type access
[CE1-GigabitEthernet1/0/2] port default vlan 40
[CE1-GigabitEthernet1/0/2] quit
# Configure CE 2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 10 20
[CE2] interface GigabitEthernet 1/0/1
[CE2-GigabitEthernet1/0/1] portswitch
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] port link-type access
[CE2-GigabitEthernet1/0/1] port default vlan 10
[CE2-GigabitEthernet1/0/1] quit
[CE2] interface GigabitEthernet 1/0/2
[CE2-GigabitEthernet1/0/2] portswitch
[CE2-GigabitEthernet1/0/2] undo shutdown
[CE2-GigabitEthernet1/0/2] port link-type access
[CE2-GigabitEthernet1/0/2] port default vlan 20
[CE2-GigabitEthernet1/0/2] quit
Step 2 Configure trunk ports on CE 1 and CE 2 to allow frames with certain VLAN IDs to pass through.
# Configure CE 1.
[CE1] interface GigabitEthernet 1/0/3
[CE1-GigabitEthernet1/0/3] portswitch
[CE1-GigabitEthernet1/0/3] undo shutdown
[CE1-GigabitEthernet1/0/3] port link-type trunk
[CE1-GigabitEthernet1/0/3] port trunk allow-pass vlan 30 40
[CE1-GigabitEthernet1/0/3] quit
# Configure CE 2.
[CE2] interface GigabitEthernet 1/0/3
[CE2-GigabitEthernet1/0/3] portswitch
[CE2-GigabitEthernet1/0/3] undo shutdown
[CE2-GigabitEthernet1/0/3] port link-type trunk
[CE2-GigabitEthernet1/0/3] port trunk allow-pass vlan 10 20
[CE2-GigabitEthernet1/0/3] quit
Step 3 Create VLANIF interfaces on PE and assign IP addresses to the VLANIF interfaces.
<HUAWEI> system-view
[HUAWEI] sysname PE
[PE] vlan batch 10 to 40
[PE] interface gigabitethernet 1/0/1
[PE-GigabitEthernet1/0/1] portswitch
[PE-GigabitEthernet1/0/1] undo shutdown
[PE-GigabitEthernet1/0/1] port link-type trunk
[PE-GigabitEthernet1/0/1] port trunk allow-pass vlan 30 40
[PE-GigabitEthernet1/0/1] quit
[PE] interface gigabitethernet 1/0/2
[PE-GigabitEthernet1/0/2] portswitch
[PE-GigabitEthernet1/0/2] undo shutdown
On PCs in VLAN 10, configure the IP address 10.110.6.3/24 of VLANIF 10 as the default
gateway address.
On PCs in VLAN 20, configure the IP address 10.110.5.3/24 of VLANIF 20 as the default
gateway address.
On PCs in VLAN 30, configure the IP address 10.110.4.3/24 of VLANIF 30 as the default
gateway address.
On PCs in VLAN 40, configure the IP address 10.110.3.3/24 of VLANIF 40 as the default
gateway address.
After the configurations, PCs in VLANs 10, 20, 30, and 40 can ping each other successfully.
----End
Configuration Files
l Configuration file of CE 1
#
sysname CE1
#
vlan batch 30 40
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type access
port default vlan 30
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type access
port default vlan 40
#
interface GigabitEthernet1/0/3
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 30 40
#
return
l Configuration file of CE 2
#
sysname CE2
#
vlan batch 10 20
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type access
port default vlan 10
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type access
port default vlan 20
#
interface GigabitEthernet1/0/3
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 10 20
#
return
l Configuration file of PE
#
sysname PE
#
vlan batch 10 to 40
#
interface Vlanif10
ip address 10.110.6.3 255.255.255.0
#
interface Vlanif20
ip address 10.110.5.3 255.255.255.0
#
interface Vlanif30
ip address 10.110.4.3 255.255.255.0
#
interface Vlanif40
ip address 10.110.3.3 255.255.255.0
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 30 40
#
interface GigabitEthernet1/0/2
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 10 20
#
return
Networking Requirements
Users in different residential compounds use IPTV, VoIP, and Internet services. To simplify
management, the network administrator of each residential compound configures a separate
VLAN for each type of services. After the configuration, users using the same type of services
in different residential compounds belong to different VLANs, but they need to communicate
with each other.
On the network shown in Figure 4-20, the same type of services in residential compounds 1 and
2 belong to different VLANs. It is required that these users communicate with each other at a
low operating cost.
PE1 PE2
GE1/0/1 ISP GE1/0/1
VLAN10
CE1 GE1/0/3 GE1/0/3 CE2
GE1/0/1 GE1/0/2 GE1/0/1 GE1/0/2
Community1 Community2
VLAN6 VLAN5
172.16.0.2/16 172.16.0.6/16
172.16.0.1/16 172.16.0.3/16 172.16.0.5/16 172.16.0.7/16
Configuration Roadmap
The configuration roadmap is as follows:
1. Add ports connecting switch 1 to residential compound 1 to VLAN 6. Add ports connecting
switch 2 to residential compound 2 to VLAN 5.
2. Configure 1 to 1 VLAN mapping on switches 3 and 4 at the edge of the ISP network to
map user VLAN IDs to the ISP VLAN ID to allow users in different VLANs to
communicate with each other.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Add ports connecting switches to user devices to specified VLANs.
# Configure CE 1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan 6
[CE1-vlan6] quit
[CE1] interface GigabitEthernet 1/0/1
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] port link-type access
[CE1-GigabitEthernet1/0/1] port default vlan 6
[CE1-GigabitEthernet1/0/1] quit
[CE1] interface GigabitEthernet 1/0/2
[CE1-GigabitEthernet1/0/2] undo shutdown
[CE1-GigabitEthernet1/0/2] portswitch
[CE1-GigabitEthernet1/0/2] port link-type access
[CE1-GigabitEthernet1/0/2] port default vlan 6
[CE1-GigabitEthernet1/0/2] quit
[CE1] interface GigabitEthernet 1/0/3
[CE1-GigabitEthernet1/0/3] undo shutdown
[CE1-GigabitEthernet1/0/3] portswitch
[CE1-GigabitEthernet1/0/3] port link-type trunk
[CE1-GigabitEthernet1/0/3] port trunk allow-pass vlan 6
[CE1-GigabitEthernet1/0/3] quit
# Configure CE 2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan 5
[CE2-vlan5] quit
[CE2] interface GigabitEthernet 1/0/1
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] portswitch
[CE2-GigabitEthernet1/0/1] port link-type access
[CE2-GigabitEthernet1/0/1] port default vlan 5
[CE2-GigabitEthernet1/0/1] quit
[CE2] interface GigabitEthernet 1/0/2
[CE2-GigabitEthernet1/0/2] undo shutdown
[CE2-GigabitEthernet1/0/2] portswitch
[CE2-GigabitEthernet1/0/2] port link-type access
[CE2-GigabitEthernet1/0/2] port default vlan 5
[CE2-GigabitEthernet1/0/2] quit
[CE2] interface GigabitEthernet 1/0/3
[CE2-GigabitEthernet1/0/3] undo shutdown
[CE2-GigabitEthernet1/0/3] portswitch
[CE2-GigabitEthernet1/0/3] port link-type trunk
[CE2-GigabitEthernet1/0/3] port trunk allow-pass vlan 5
[CE2-GigabitEthernet1/0/3] quit
# Configure PE 2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan 10
[PE2-vlan10] quit
[PE2] interface GigabitEthernet 1/0/1
[PE2-GigabitEthernet1/0/1] undo shutdown
[PE2-GigabitEthernet1/0/1] portswitch
[PE2-GigabitEthernet1/0/1] port vlan-mapping vlan 5 map-vlan 10
[PE2-GigabitEthernet1/0/1] quit
After completing the configurations, run the display vlan command to check information about
1 to 1 VLAN mapping. Use the display on PE 1 as an example.
[PE1] display vlan 10
* : management-vlan
---------------------
VLAN ID Type Status MAC Learning Broadcast/Multicast/Unicast Property
--------------------------------------------------------------------------------
10 common enable enable forward forward forward default
----------------
QinQ-map Port: GigabitEthernet1/0/1
----------------
Interface Physical
GigabitEthernet1/0/1 UP
----End
Configuration Files
l Configuration file of CE 1
#
sysname CE1
#
vlan batch 6
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port link-type access
port default vlan 6
#
interface GigabitEthernet1/0/2
undo shutdown
portswitch
port link-type access
port default vlan 6
#
interface GigabitEthernet1/0/3
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 6
#
return
l Configuration file of CE 2
#
sysname CE2
#
vlan batch 5
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port link-type access
port default vlan 5
#
interface GigabitEthernet1/0/2
undo shutdown
portswitch
port link-type access
port default vlan 5
#
interface GigabitEthernet1/0/3
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 5
#
return
l Configuration file of PE 1
#
sysname PE1
#
vlan batch 10
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port vlan-mapping vlan 6 map-vlan 10
#
return
l Configuration file of PE 2
#
sysname PE2
#
vlan batch 10
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port vlan-mapping vlan 5 map-vlan 10
#
return
Networking Requirements
Assume that an enterprise has many departments and IP addresses of these departments are on
the same network segment, to improve the service security, IP addresses of PCs used by
employees in the same department are added to the same VLAN and IP addresses of PCs used
by employees in different departments are added to different VLANs. IP addresses of PCs used
by employees in different departments need to communicate with each other.
As shown in Figure 4-21, IP addresses of the R&D department and test department belong to
different VLANs. It is required that IP addresses of PCs used by employees in different VLANs
communicate with each other.
PE
GE1/0/1 GE1/0/2
VLAN4
VLANIF4:
100.1.1.12/24
GE1/0/3 GE1/0/3
GE1/0/1 GE1/0/2 GE1/0/1 GE1/0/2
CE1 CE2
VLAN2 VLAN3
Development Test
Department Department
100.1.1.1/24 100.1.1.2/24
IP addresses of the R&D department and test department are on the same network segment. To
save IP address resources, you can deploy VLAN aggregation on devices of the R&D department
and test department. This ensures that different VLANs can communicate with each other.
Configuration Roadmap
The configuration roadmap is as follows:
1. Create VLAN on CE1 and CE2 to determine mappings between users and VLANs.
2. Configure VLAN aggregation on PE.
a. Configure the Layer 2 forwarding function.
b. Create a super-VLAN, and add sub-VLANs to the super-VLAN for VLAN
aggregation.
c. Create the VLANIF interface of the super-VLAN and assign an IP address to the
VLANIF interface as the network gateway address.
d. Enable ARP proxy on the VLANIF interface of the super-VLAN and between sub-
VLANs so that sub-VLANs can communicate with each other on the Layer 3 network.
Data Preparation
To complete the configuration, you need the following data:
l User VLAN ID
l User IP address
l Number of each port connecting a switch to a PC
l Sub-VLAN ID and super-VLAN ID
l Number and IP address of the VLANIF interface of the super-VLAN
Procedure
Step 1 Create a VLAN on CE and add Layer 2 interfaces to the VLAN.
# Configure CE 1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 2
[CE1] interface gigabitethernet 1/0/1
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] port link-type access
[CE1-GigabitEthernet1/0/1] port default vlan 2
[CE1-GigabitEthernet1/0/1] quit
[CE1] interface gigabitethernet 1/0/2
[CE1-GigabitEthernet1/0/2] portswitch
[CE1-GigabitEthernet1/0/2] undo shutdown
[CE1-GigabitEthernet1/0/2] port link-type access
[CE1-GigabitEthernet1/0/2] port default vlan 2
[CE1-GigabitEthernet1/0/2] quit
[CE1] interface gigabitethernet 1/0/3
[CE1-GigabitEthernet1/0/3] portswitch
[CE1-GigabitEthernet1/0/3] undo shutdown
[CE1-GigabitEthernet1/0/3] port link-type trunk
[CE1-GigabitEthernet1/0/3] port trunk allow-pass vlan 2
[CE1-GigabitEthernet1/0/3] quit
# Configure CE 2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan batch 3
[CE2] interface gigabitethernet 1/0/1
[CE2-GigabitEthernet1/0/1] portswitch
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] port link-type access
[CE2-GigabitEthernet1/0/1] port default vlan 3
[CE2-GigabitEthernet1/0/1] quit
[CE2] interface gigabitethernet 1/0/2
[CE2-GigabitEthernet1/0/2] portswitch
[CE2-GigabitEthernet1/0/2] undo shutdown
[CE2-GigabitEthernet1/0/2] port link-type access
[CE2-GigabitEthernet1/0/2] port default vlan 3
[CE2-GigabitEthernet1/0/2] quit
[CE2] interface gigabitethernet 1/0/3
[CE2-GigabitEthernet1/0/3] portswitch
[CE2-GigabitEthernet1/0/3] undo shutdown
[CE2-GigabitEthernet1/0/3] port link-type trunk
[CE2-GigabitEthernet1/0/3] port trunk allow-pass vlan 3
[CE2-GigabitEthernet1/0/3] quit
3. Create a VLANIF interface for the super-VLAN and assign an IP address to the VLANIF
interface.
[PE] interface vlanif 4
[PE-Vlanif4] ip address 10.1.1.12 24
After the preceding configurations, you can configure IP addresses as shown in Figure
4-21 to PCs. IP address of PCs and the VLANIF interface are on the same network segment.
If the configuration succeeds, IP addresses of PCs used by employees in different VLANs
and the switch can ping each other; IP addresses of PCs used by employees in VLAN2 and
VLAN3 cannot ping each other.
4. Enable ARP proxy on the VLANIF interface of the super-VLAN and between sub-VLANs.
# Enable ARP proxy on the VLANIF interface of the super-VLAN.
[PE-Vlanif4] arp-proxy enable
After the configuration, IP addresses of PCs used by employees in VLAN2 and VLAN3 can
ping each other.
----End
Configuration Files
l Configuration file of the CE1
#
sysname CE1
#
vlan batch 2
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
Networking Requirements
On an ME network, VLAN IDs are used to identify various services or user packets before they
access various VSIs, Virtual Leased Lines (VLL), or Virtual Private Network (VPN) instances.
If multiple user packets or services share one VLAN ID, part of high-priority traffic over the
operators' network cannot be scheduled in time, which deteriorates users' experience.
On the network shown in Figure 4-22, various services are tagged with the same VLAN ID on
a CSG. After receiving these services, PE1 cannot identify them, resulting in a failure in traffic
distribution. To help resolve this problem, a VLAN matching policy needs to be configured on
PE1. PE1 maps a VLAN ID to a packet priority before distributing a packet to a specific pseudo
wire (PW), ensuring correct scheduling of packets.
NOTE
In this example, PE1 parses 802.1p values in the received packets for scheduling.
Loopback1
2.2.2.9/32
PE2
GE1/0/1.1
GE1/0/2
3
Database
p=
10.1.1.1/30
2.1
80
CSG GE1/0/1.2
GE1/0/2
GE1/0/1.1 10.1.1.2/30
GE1/0/3
PE1 10.2.1.2/30
Loopback1
80
1.1.1.9/32 GE1/0/2
2.1
10.2.1.1/30 Internet
p=
VLAN 10
2
GE1/0/1.1
PE3
Loopback1
3.3.3.9/32
VLAN PW VLAN
Configuration Roadmap
NOTE
L2VPN includes VLL, Pseudo-Wire Emulation Edge to Edge (PWE3), and Virtual Private LAN Service
(VPLS). You can configure any one of them as required. The following takes the VPLS application as an
example.
Data Preparation
To complete the configuration, you need the following data:
l IP addresses of interfaces
l MPLS LSR IDs of PEs
l VSI names and VSI IDs on PEs
l Names of the interfaces bound to the VSIs
Procedure
Step 1 Configure basic VPLS functions.
# Set up a VPLS connection between PE1 and PE2, and between PE1 and PE3, with LDP being
the signaling protocol; configure the VSI names to be LDP1 and LDP2. You can refer to the
chapter "VPLS Configuration" in the NE80E/40E Configuration Guide - VPN or the
configuration files in this configuration example.
# Configure PE1.
<PE1> system-view
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] vlan-type dot1q 10 8021p 3
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] vlan-type dot1q 10 8021p 2
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
<PE2> system-view
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] vlan-type dot1q 10
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE31.
<PE3> system-view
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] vlan-type dot1q 10
[PE3-GigabitEthernet1/0/1.1] quit
# Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE1-GigabitEthernet1/0/1.1] undo shutdown
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] l2 binding vsi ldp2
[PE1-GigabitEthernet1/0/1.2] undo shutdown
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE2-GigabitEthernet1/0/1.1] undo shutdown
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] l2 binding vsi ldp2
[PE3-GigabitEthernet1/0/1.1] undo shutdown
[PE3-GigabitEthernet1/0/1.1] quit
NOTE
Packets sent from CSG to PE1 carry VLAN tags with different 802.1p priorities.
VSI ID : 1
*Peer Router ID : 2.2.2.9
VC Label : 30720
Peer Type : dynamic
Session : up
Tunnel ID : 0x81000b
Broadcast Tunnel ID : 0x81000b
CKey : 2
NKey : 1
StpEnable : 0
PwIndex : 0
**PW Information:
Run the display interface vlan command, and you can view the matching policy with the
specified VLAN ID on a main interface.
Take the command output on PE1 as an example.
[PE1] display interface gigabitethernet1/0/1 vlan 10
Interface VlanPolicy
-----------------------------------------------------------
GE1/0/1.1 8021p 3
GE1/0/1.2 8021p 2
-----------------------------------------------------------
Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 2.2.2.9
#
vsi ldp2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
#
interface GigabitEthernet1/0/1.1
undo shutdown
vlan-type dot1q 10 8021p 3
l2 binding vsi ldp1
#
interface GigabitEthernet1/0/1.2
undo shutdown
vlan-type dot1q 10 8021p 2
l2 binding vsi ldp2
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.2.1.2 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.2.1.0 0.0.0.3
#
return
return
Networking Requirements
On an ME network, VLAN IDs are used to identify various services or user packets before they
access various VSIs, Virtual Leased Lines (VLL), or Virtual Private Network (VPN) instances.
If multiple user packets or services share one VLAN ID, part of high-priority traffic over the
operators' network cannot be scheduled in time, which deteriorates users' experience.
As show in Figure 4-23, various services are tagged with the same VLAN ID on a CSG. After
receiving these services, PE1 cannot identify them, resulting in a failure in traffic distribution.
To help resolve this problem, a VLAN matching policy needs to be configured on PE1. PE1
maps a VLAN ID to a packet priority before distributing a packet to a specific pseudo wire (PW),
ensuring correct scheduling of packets.
NOTE
In this example, PE1 parses DSCP values in the received packets for scheduling.
The DSCP is carried in each IP packet. For correct deployment of the VLAN+DSCP policy, you need to
ensure that the CSG accesses only IP services.
If the CSG accesses non-IP services, you have to configure GRE tunnels on the CSG so that encapsulated
packets can be transmitted over an IPv4 network.
PE2
GE1/0/1.1
GE1/0/2
=3
10.1.1.1/30 Database
CP
DS
VLAN 10 10.2.1.1/30
2
GE1/0/1.1
PE3
Loopback1
3.3.3.9/32
VLAN PW VLAN
Configuration Roadmap
NOTE
L2VPN includes VLL, Pseudo-Wire Emulation Edge to Edge (PWE3), and Virtual Private LAN Service
(VPLS). You can configure any one of them as required. The following takes the VPLS application as an
example.
Data Preparation
To complete the configuration, you need the following data:
l IP addresses of interfaces
l MPLS LSR IDs of PEs
l VSI names and VSI IDs on PEs
l Names of the interfaces bound to the VSIs
Procedure
Step 1 Configure basic VPLS functions.
# Set up a VPLS connection between PE1 and PE2, and between PE1 and PE3, with LDP being
the signaling protocol; configure the VSI names to be LDP1 and LDP2. You can refer to the
chapter "VPLS Configuration" in the NE80E/40E Configuration Guide - VPN or the
configuration files in this configuration example.
# Configure PE1.
<PE1> system-view
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] vlan-type dot1q 10 dscp 3
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] vlan-type dot1q 10 dscp 2
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
<PE2> system-view
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] vlan-type dot1q 10 dscp 3
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
<PE3> system-view
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] vlan-type dot1q 10 dscp 2
[PE3-GigabitEthernet1/0/1.1] quit
# Configure PE1.
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE2-GigabitEthernet1/0/1.1] undo shutdown
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] l2 binding vsi ldp2
[PE3-GigabitEthernet1/0/1.1] undo shutdown
[PE3-GigabitEthernet1/0/1.1] quit
NOTE
Packets sent from the CSG to PE1 carry VLAN tags with different DSCP values.
VSI ID : 1
*Peer Router ID : 2.2.2.9
VC Label : 30720
Peer Type : dynamic
Session : up
Tunnel ID : 0x81000b
Broadcast Tunnel ID : 0x81000b
CKey : 2
NKey : 1
StpEnable : 0
PwIndex : 0
**PW Information:
Run the display interface vlan command, and you can view the matching policy with the
specified VLAN ID on a main interface.
Take the command output on PE1 as an example.
[PE1] display interface gigabitethernet1/0/1 vlan 10
Sub-Interface VlanPolicy
-----------------------------------------------------------
GE1/0/1.1 dscp 3
GE1/0/1.2 dscp 2
-----------------------------------------------------------
Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 2.3.4.9
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.3
#
return
Networking Requirements
On an ME network, VLAN IDs are used to identify various services or user packets before they
access various VSIs, Virtual Leased Lines (VLL), or Virtual Private Network (VPN) instances.
If multiple user packets or services share one VLAN ID, part of high-priority traffic over the
operators' network cannot be scheduled in time, which deteriorates users' experience.
On the network shown in Figure 4-24, various services are tagged with the same VLAN ID on
a switch. After receiving these services, PE1 cannot identify them, resulting in a failure in
distributing traffic. To help resolve this problem, a policy for mapping a VLAN ID to a priority
needs to be configured on PE1. PE1 maps a VLAN ID to the packet priority before distributing
the packet to a specific Pseudo Wire (PW), ensuring correct scheduling of packets.
Loopback1
2.2.2.9/32
PE2
GE1/0/1.1
GE1/0/2
Video/BTV
E
10.1.1.1/30
Po
VOD
PP
Platform
Switch GE1/0/1.2 GE1/0/2
GE1/0/1.1 10.1.1.2/30
GE1/0/3
PE1 10.2.1.2/30
Loopback1
1.1.1.9/32 Internet
I Po
GE1/0/2
10.2.1.1/30
E
VLAN 10
GE1/0/1.1
PE3
Loopback1
3.3.3.9/32
VLAN PW VLAN
Configuration Roadmap
NOTE
L2VPN includes VLL, Pseudo-Wire Emulation Edge to Edge (PWE3), and Virtual Private LAN Service
(VPLS). You can configure any one of them as required. The following takes the VPLS application as an
example.
Data Preparation
To complete the configuration, you need the following data:
l IP addresses of interfaces
l MPLS LSR IDs of PEs
l VSI names and VSI IDs on PEs
l Names of the interfaces bound to the VSIs
Procedure
Step 1 Configure basic VPLS functions.
# Set up a VPLS connection between PE1 and PE2, and between PE1 and PE3, with LDP being
the signaling protocol; configure the VSI names to be LDP1 and LDP2. You can refer to the
chapter "VPLS Configuration" in the NE80E/40E Configuration Guide - VPN or the
configuration files in this configuration example.
# Configure PE1.
<PE1> system-view
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] vlan-type dot1q 10 eth-type pppoe
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] vlan-type dot1q 10 default
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
<PE2> system-view
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] vlan-type dot1q 10
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
<PE3> system-view
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] vlan-type dot1q 10
[PE3-GigabitEthernet1/0/1.1] quit
# Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE1-GigabitEthernet1/0/1.1] undo shutdown
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] l2 binding vsi ldp2
[PE1-GigabitEthernet1/0/1.2] undo shutdown
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE2-GigabitEthernet1/0/1.1] undo shutdown
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] l2 binding vsi ldp2
[PE3-GigabitEthernet1/0/1.1] undo shutdown
[PE3-GigabitEthernet1/0/1.1] quit
After the preceding configurations, run the display vsi name ldp1 verbose command on PEs,
and you can view that a PW to PE2 is set up for a VSI named ldp1 and the VSI is in the Up
state.
VSI ID : 1
*Peer Router ID : 2.2.2.9
VC Label : 30720
Peer Type : dynamic
Session : up
Tunnel ID : 0x81000b
Broadcast Tunnel ID : 0x81000b
CKey : 2
NKey : 1
StpEnable : 0
PwIndex : 0
**PW Information:
Run the display interface vlan command, and you can view the matching policy with the
specified VLAN ID on a main interface.
Take the command output on PE1 as an example.
[PE1] display interface gigabitethernet1/0/1 vlan 10
Sub-Interface VlanPolicy
-----------------------------------------------------------
GE1/0/1.1 eth-type pppoe
GE1/0/1.2 default
-----------------------------------------------------------
Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 2.2.2.9
#
vsi ldp2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
#
interface GigabitEthernet1/0/1.1
undo shutdown
vlan-type dot1q 10 eth-type pppoe
l2 binding vsi ldp1
#
interface GigabitEthernet1/0/1.2
undo shutdown
vlan-type dot1q 10 default
l2 binding vsi ldp2
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.2.1.2 255.255.255.252
mpls
mpls ldp
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.2.1.0 0.0.0.3
#
return
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.3
#
return
Networking Requirements
On an ME network, VLAN IDs are used to identify various services or user packets before they
access various VSIs, Virtual Leased Lines (VLL), or Virtual Private Network (VPN) instances.
If multiple user packets or services share one VLAN ID, part of high-priority traffic over the
operators' network cannot be scheduled in time, which deteriorates users' experience.
As shown in Figure 4-25, different service packets are added with the same tag on the CSG.
Therefore, when PE1 receives packets, it cannot identify services based on tags, which affects
the traffic distribution. To address the problem, you can deploy a VLAN policy on PE1. PE1
distributes traffic to different VPN instances based on VLAN IDs and packet priorities. This
ensures that packets can be scheduled in time.
NOTE
In this example, PE1 parses DSCP values in the received packets for scheduling.
The DSCP is carried in each IP packet. For correct deployment of the VLAN+DSCP policy, you need to
ensure that the CSG accesses only IP services.
If the CSG accesses non-IP services, you have to configure GRE tunnels on the CSG so that encapsulated
packets can be transmitted over an IPv4 network.
GE1/0/2 Database
CP
10.1.1.1/30 AS65420
DS
CSG GE1/0/1.2
GE1/0/2
10.21.1.1/24
10.1.1.2/30
GE1/0/1.1 GE1/0/3
10.11.1.1/24 10.2.1.2/30
GE1/0/1.2
PE1
DS
1.1.1.9/32 10.2.1.1/30
P=
CE1 10.22.1.2/24
GE1/0/1.1
PE3 10.22.1.1/24 CE3
Loopback1
3.3.3.9/32
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l IP addresses of interfaces
l Names of the VPN instances on PEs
l RDs and VPN targets of the VPN instances
l Interfaces bound to the VPN instances
Procedure
Step 1 Configure basic L3VPN functions.
1. Configure the IP addresses of interfaces on CEs and PEs as described in Figure 4-26. You
can see the configuration files in this configuration example.
2. Configure an IGP on the MPLS backbone network. In this example, OSPF is adopted as
an IGP.
You can see the configuration files in this configuration example.
After the preceding configurations, PE1 and PE2, and PE1 and PE3 have routes discovered
through OSPF to Loopback 1 of each other. PE1 and PE2, and PE1 and PE3 can ping
through each other.
<PE1> display ip routing-table
Routing Tables: Public
Destinations : 9 Routes : 9
GigabitEthernet1/0/2
10.1.1.2/32 Direct 0 0 D 127.0.0.1
GigabitEthernet1/0/2
10.2.1.0/30 Direct 0 0 D 10.2.1.2
GigabitEthernet1/0/3
10.2.1.2/32 Direct 0 0 D 127.0.0.1
GigabitEthernet1/0/3
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3. Enable basic MPLS functions and LDP on the MPLS backbone network.
You can see the configuration files in this configuration example.
After the preceding configurations, MPLS LSPs are successfully created, and LDP sessions
are set up between PE1 and PE2 and between PE1 and PE3. Run the display mpls ldp
session command, and you can view that the Status field is displayed as Operational.
<PE1> display mpls ldp session
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Passive 0000:00:00 3/3
3.3.3.9:0 Operational DU Passive 0000:00:00 2/2
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
# Configure PE2.
<PE2> system-view
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1-af-ipv4] vpn-target 100:1 both
[PE2-vpn-instance-vpn1-af-ipv4] quit
# Configure PE3.
<PE3> system-view
[PE3] ip vpn-instance vpn2
[PE3-vpn-instance-vpn2] route-distinguisher 100:2
[PE3-vpn-instance-vpn2-af-ipv4] vpn-target 100:2 both
[PE3-vpn-instance-vpn2-af-ipv4] quit
Step 2 Configure VLAN+DSCP, and bind common sub-interfaces to the VPN instances.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] vlan-type dot1q 10 dscp 3
[PE1-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1
[PE1-GigabitEthernet1/0/1.1] ip address 10.11.1.1 24
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] vlan-type dot1q 10 dscp 2
[PE1-GigabitEthernet1/0/1.2] ip binding vpn-instance vpn2
[PE1-GigabitEthernet1/0/1.2] ip address 10.21.1.1 24
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] vlan-type dot1q 10
[PE2-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1
[PE2-GigabitEthernet1/0/1.1] ip address 10.12.1.1 24
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] vlan-type dot1q 10
[PE3-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn2
[PE3-GigabitEthernet1/0/1.1] ip address 10.22.1.1 24
[PE3-GigabitEthernet1/0/1.1] quit
After the preceding configurations, run the display ip vpn-instance verbose command on PEs,
and you can view the configurations of the VPN instances.
NOTE
Packets sent from the CSG to PE1 carry VLAN tags with different DSCP values.
Step 4 Set up EBGP peer relationships between the PEs and the CEs to import VPN routes.
You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the NE80E/40E
Configuration Guide - VPN or the configuration files in this configuration example.
Step 5 Set up MP-IBGP peer relationships between the PEs.
You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the NE80E/40E
Configuration Guide - VPN or the configuration files in this configuration example.
Step 6 Verify the configuration.
After the preceding configurations, run the display bgp peer command on the PEs, and you can
view that BGP peer relationships between PEs have been established and are in the Established
state.
Take the command output on PE1 as an example.
[PE1] display bgp peer
Run the display ip routing-table vpn-instance command on PEs, and you can view the routes
to remote CEs.
Take the command output on PE1 as an example.
[PE1] display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 3 Routes : 3
Run the display interface vlan command, and you can view the matching policy configured on
sub-interfaces in VLAN 10.
Take the command output on PE1 as an example.
[PE1] display interface gigabitethernet1/0/1 vlan 10
Interface VlanPolicy
-----------------------------------------------------------
GE1/0/1.2 dscp 2
GE1/0/1.1 dscp 3
-----------------------------------------------------------
Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
ip vpn-instance vpn2
route-distinguisher 100:2
vpn-target 100:2 export-extcommunity
vpn-target 100:2 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface GigabitEthernet1/0/1.1
vlan-type dot1q 10 dscp 3
ip binding vpn-instance vpn1
ip address 10.11.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1.2
vlan-type dot1q 10 dscp 2
ip binding vpn-instance vpn2
ip address 10.21.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.2.1.2 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 10.11.1.2 as-number 65410
#
ipv4-family vpn-instance vpn2
import-route direct
peer 10.21.1.2 as-number 65410
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.2.1.0 0.0.0.3
#
return
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 10.12.1.2 as-number 65420
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.3
#
return
import-route direct
peer 10.22.1.2 as-number 65421
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.1.0 0.0.0.3
#
return
Networking Requirements
On an ME network, VLAN IDs are used to identify various services or user packets before they
access various VSIs, Virtual Leased Lines (VLL), or Virtual Private Network (VPN) instances.
If multiple user packets or services share one VLAN ID, part of high-priority traffic over the
operators' network cannot be scheduled in time, which deteriorates users' experience.
As shown in Figure 4-26, different service packets are added with the same tag on the CSG.
Therefore, when PE1 receives packets, it cannot identify services based on tags, which affects
the traffic distribution. To address the problem, you can deploy a VLAN policy on PE1. PE1
distributes traffic to different VPN instances based on VLAN IDs and packet priorities. This
ensures that packets can be scheduled in time.
NOTE
In this example, PE1 parses 802.1p values in the received packets for scheduling.
CSG GE1/0/1.2
GE1/0/2
10.21.1.1/24
10.1.1.2/30
GE1/0/1.1 GE1/0/3
10.11.1.1/24 PE1 10.2.1.2/30
80
CE1 10.22.1.2/24
GE1/0/1.1
PE3 10.22.1.1/24 CE3
Loopback1
3.3.3.9/32
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l IP addresses of interfaces
l Names of the VPN instances on PEs
l RDs and VPN targets of the VPN instances
l Interfaces bound to the VPN instances
Procedure
Step 1 Configure basic L3VPN functions.
1. Configure the IP addresses of interfaces on CEs and PEs as described in Figure 4-26. You
can see the configuration files in this configuration example.
2. Configure an IGP on the MPLS backbone network. In this example, OSPF is adopted as
an IGP.
You can see the configuration files in this configuration example.
After the preceding configurations, PE1 and PE2, and PE1 and PE3 have routes discovered
through OSPF to Loopback 1 of each other. PE1 and PE2, and PE1 and PE3 can ping
through each other.
<PE1> display ip routing-table
Routing Tables: Public
Destinations : 9 Routes : 9
3. Enable basic MPLS functions and LDP on the MPLS backbone network.
You can see the configuration files in this configuration example.
After the preceding configurations, MPLS LSPs are successfully created, and LDP sessions
are set up between PE1 and PE2 and between PE1 and PE3. Run the display mpls ldp
session command, and you can view that the Status field is displayed as Operational.
<PE1> display mpls ldp session
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Passive 0000:00:00 3/3
3.3.3.9:0 Operational DU Passive 0000:00:00 2/2
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
# Configure PE2.
<PE2> system-view
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
# Configure PE3.
<PE3> system-view
[PE3] ip vpn-instance vpn2
[PE3-vpn-instance-vpn2] route-distinguisher 100:2
[PE3-vpn-instance-vpn2-af-ipv4] vpn-target 100:2 both
[PE3-vpn-instance-vpn2-af-ipv4] quit
Step 2 Configure VLAN+802.1p, and bind common sub-interfaces to the VPN instances.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] vlan-type dot1q 10 8021p 3
[PE1-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1
[PE1-GigabitEthernet1/0/1.1] ip address 10.11.1.1 24
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] vlan-type dot1q 10 8021p 2
[PE1-GigabitEthernet1/0/1.2] ip binding vpn-instance vpn2
[PE1-GigabitEthernet1/0/1.2] ip address 10.21.1.1 24
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] vlan-type dot1q 10
[PE2-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1
[PE2-GigabitEthernet1/0/1.1] ip address 10.12.1.1 24
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] vlan-type dot1q 10
[PE3-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn2
[PE3-GigabitEthernet1/0/1.1] ip address 10.22.1.1 24
[PE3-GigabitEthernet1/0/1.1] quit
After the preceding configurations, run the display ip vpn-instance verbose command on PEs,
and you can view the configurations of the VPN instances.
NOTE
Packets sent from CSG to PE1 carry VLAN tags with different 802.1p priorities.
Step 4 Set up EBGP peer relationships between the PEs and the CEs to import VPN routes.
You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the NE80E/40E
Configuration Guide - VPN or the configuration files in this configuration example.
Step 5 Set up MP-IBGP peer relationships between the PEs.
You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the NE80E/40E
Configuration Guide - VPN or the configuration files in this configuration example.
Step 6 Verify the configuration.
After the preceding configurations, run the display bgp peer command on the PEs, and you can
view that BGP peer relationships between PEs have been established and are in the Established
state.
Take the command output on PE1 as an example.
[PE1] display bgp peer
Run the display ip routing-table vpn-instance command on PEs, and you can view the routes
to remote CEs.
Take the command output on PE1 as an example.
[PE1] display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 3 Routes : 3
GigabitEthernet1/0/1.1
10.11.1.1/32 Direct 0 0 D 127.0.0.1
GigabitEthernet1/0/1.1
10.12.1.0/24 IBGP 255 0 RD 2.2.2.9 GigabitEthernet1/0/2
[PE1] display ip routing-table vpn-instance vpn2
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 3 Routes : 3
Run the display interface vlan command, and you can view the matching policy configured on
sub-interfaces in VLAN 10.
Take the command output on PE1 as an example.
[PE1] display interface gigabitethernet1/0/1 vlan 10
Interface VlanPolicy
-----------------------------------------------------------
GE1/0/1.2 8021p 2
GE1/0/1.1 8021p 3
-----------------------------------------------------------
Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
ip vpn-instance vpn2
route-distinguisher 100:2
vpn-target 100:2 export-extcommunity
vpn-target 100:2 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface GigabitEthernet1/0/1.1
vlan-type dot1q 10 8021p 3
ip binding vpn-instance vpn1
ip address 10.11.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1.2
vlan-type dot1q 10 8021p 2
ip binding vpn-instance vpn2
ip address 10.21.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
undo shutdown
undo shutdown
ip address 10.1.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 10.12.1.2 as-number 65420
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.3
#
return
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.22.1.1 enable
#
return
Networking Requirements
On an ME network, VLAN IDs are used to identify various services or user packets before them
access to various VSIs, VLLs, or VPN instances. If multiple user packets or services are not
tagged, part of high-priority traffic over the operator's network cannot be scheduled in time,
which deteriorates users' experience.
On the network shown in Figure 4-27, a CSG forwards untagged packets. After receiving these
packets, PE1 cannot identify them, resulting in a failure in distributing packets. To help resolve
this problem, a DSCP-based policy needs to be configured on PE1. PE1 distributes packets to
specific VPN instances based on priorities, ensuring correct scheduling of packets.
NOTE
In this example, PE1 parses DSCP values in the received packets for scheduling.
The DSCP is carried in each IP packet. For correct deployment of the VLAN+DSCP policy, you need to
ensure that the CSG accesses only IP services.
If the CSG accesses non-IP services, you have to configure GRE tunnels on the CSG so that encapsulated
packets can be transmitted over an IPv4 network.
Loopback1
2.2.2.9/32
=3
Database
GE1/0/1.2 10.1.1.1/30
CP
AS65420
10.21.1.1/24
DS
CSG GE1/0/1.1 GE1/0/2
10.11.1.1/24 10.1.1.2/30
GE1/0/3
untagged+ 10.2.1.2/30
DSCP
PE1
DS
Loopback1 GE1/0/2 Internet
1.1.1.9/32 C P= 10.2.1.1/30 GE1/0/1 AS65421
GE1/0/1.1 GE1/0/1.2 2
10.11.1.2/24 10.21.1.2/24 10.22.1.2/24
GE1/0/1.1
CE1 PE3 10.22.1.1/24 CE3
Loopback1
3.3.3.9/32
L3VPN
AS65410
AS100
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l IP addresses of interfaces
l Names of the VPN instances on PEs
l RDs and VPN targets of the VPN instances
l Interfaces bound to the VPN instances
Procedure
Step 1 Configure basic L3VPN functions.
1. Configure the IP addresses of interfaces on CEs and PEs as described in Figure 4-26. You
can see the configuration files in this configuration example.
2. Configure an IGP on the MPLS backbone network. In this example, OSPF is adopted as
an IGP.
You can see the configuration files in this configuration example.
After the preceding configurations, PE1 and PE2, and PE1 and PE3 have routes discovered
through OSPF to Loopback 1 of each other. PE1 and PE2, and PE1 and PE3 can ping
through each other.
<PE1> display ip routing-table
Routing Tables: Public
Destinations : 9 Routes : 9
3. Enable basic MPLS functions and LDP on the MPLS backbone network.
You can see the configuration files in this configuration example.
After the preceding configurations, MPLS LSPs are successfully created, and LDP sessions
are set up between PE1 and PE2 and between PE1 and PE3. Run the display mpls ldp
session command, and you can view that the Status field is displayed as Operational.
<PE1> display mpls ldp session
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Passive 0000:00:00 3/3
3.3.3.9:0 Operational DU Passive 0000:00:00 2/2
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
# Configure PE2.
<PE2> system-view
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1-af-ipv4] vpn-target 100:1 both
[PE2-vpn-instance-vpn1-af-ipv4] quit
# Configure PE3.
<PE3> system-view
[PE3] ip vpn-instance vpn2
[PE3-vpn-instance-vpn2] route-distinguisher 100:2
[PE3-vpn-instance-vpn2-af-ipv4] vpn-target 100:2 both
[PE3-vpn-instance-vpn2-af-ipv4] quit
# Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] untagged dscp 3
[PE1-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1
[PE1-GigabitEthernet1/0/1.1] ip address 10.11.1.1 24
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] untagged dscp 2
[PE1-GigabitEthernet1/0/1.2] ip binding vpn-instance vpn2
[PE1-GigabitEthernet1/0/1.2] ip address 10.21.1.1 24
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1
[PE2-GigabitEthernet1/0/1.1] ip address 10.12.1.1 24
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn2
[PE3-GigabitEthernet1/0/1.1] ip address 10.22.1.1 24
[PE3-GigabitEthernet1/0/1.1] quit
After the preceding configurations, run the display ip vpn-instance verbose command on PEs,
and you can view the configurations of the VPN instances.
For configuration details, see "Configuration Files" in this section. It is required that the CSG
support the following:
l Configures the DSCP values of packets through commands.
l Differentiates service types (voice, data, or signal) based on timeslots in TDM or PVCs in
ATM in the case that the CSG accesses non-IP services.
Step 4 Set up EBGP peer relationships between the PEs and the CEs to import VPN routes.
You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the NE80E/40E
Configuration Guide - VPN or the configuration files in this configuration example.
You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the NE80E/40E
Configuration Guide - VPN or the configuration files in this configuration example.
After the preceding configurations, run the display bgp peer command on the PEs, and you can
view that BGP peer relationships between PEs have been established and are in the Established
state.
Run the display ip routing-table vpn-instance command on PEs, and you can view the routes
to remote CEs.
Run the display interface vlan command, and you can view the matching policy on a main
interface.
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
ip vpn-instance vpn2
route-distinguisher 100:2
vpn-target 100:2 export-extcommunity
vpn-target 100:2 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface GigabitEthernet1/0/1.1
untagged dscp 3
ip binding vpn-instance vpn1
ip address 10.11.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1.2
untagged dscp 2
ip binding vpn-instance vpn2
ip address 10.21.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.2.1.2 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 10.11.1.2 as-number 65410
#
ipv4-family vpn-instance vpn2
import-route direct
peer 10.21.1.2 as-number 65410
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.2.1.0 0.0.0.3
#
return
route-distinguisher 100:2
vpn-target 100:2 export-extcommunity
vpn-target 100:2 import-extcommunity
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface GigabitEthernet1/0/1.1
ip binding vpn-instance vpn2
ip address 10.22.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.2.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 10.22.1.2 as-number 65421
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.1.0 0.0.0.3
#
return
#
return
Networking Requirements
As shown in Figure 4-28, the VLAN10 is configured on the router. GE1/0/0 and Host A are
connected through switch, and GE2/0/0 and Host B are connected through switch.
Requirements: Host A and Host B cannot be connected directly in a VLAN. The traffic from
Host A to Host B must pass through layer 3 route, which is convenient for statistics.
GE1/0/0 GE2/0/0
VLAN10
HostA HostB
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data
Procedure
Step 1 Configuring interface isolation in a VLAN.
# Create VLAN10.
<HUAWEI> system-view
[HUAWEI] vlan 10
[HUAWEI-vlan10] quit
# Add the interface into VLAN10, and configure the interface isolation.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 1/0/0
[HUAWEI-GigabitEthernet1/0/0] portswitch
[HUAWEI-GigabitEthernet1/0/0] port default vlan 10
[HUAWEI-GigabitEthernet1/0/0] port isolate-state enable vlan 10
[HUAWEI-GigabitEthernet1/0/0] quit
After the configuration, Host A and Host B cannot ping through each other.
When the configuration is complete, Host A and Host B can ping through each other.
----End
Configuration Files
Configuration file of router
#
sysname HUAWEI
#
vlan 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
arp-proxy inner-sub-vlan-proxy enable
#
interface GigabitEthernet1/0/0
undo shutdown
portswitch
port default vlan 10
port isolate-state enable vlan 10
#
interface GigabitEthernet2/0/0
undo shutdown
portswitch
port default vlan 10
port isolate-state enable vlan 10
#
return
Networking Requirements
NOTE
The interface group isolation in a VLAN is not supported in NE80E/40E-X1 and NE80E/40E-X2.
As shown in Figure 4-29, VLAN 10 is created on the router. GE 1/0/0 is connected to host A
through switch; GE 2/0/0 is connected to host B through switch; GE 2/0/1 is connected to host
C through switch; GE 1/0/1 is connected to host D through switch; GE 3/0/0 is connected to host
E through switch.
l host A can communicate with host B and host C can communicate with host D.
l host A and host B cannot communicate with host C and host D.
l host E can communicate with the hosts in VLAN 10.
Figure 4-29 Networking diagram of configuring the isolation based on interface groups in a
VLAN
Router
GE1/0/0 GE1/0/1
GE2/0/0 GE2/0/1
GE3/0/0
VLAN10
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Create an interface-based VLAN 10.
After the configuration, you can run the display port-isolation group command to view the
configuration of the isolated group.
[HUAWEI] display port-isolation group brief
Port islation group 1
GigabitEthernet1/0/0
GigabitEthernet2/0/0
port islation group 1 has 2 ports
Port islation group 2
GigabitEthernet2/0/1
GigabitEthernet1/0/1
port islation group 1 has 2 ports
After the configuration, host E can communicate with other hosts. host A cannot communicate
with host C and host D. host B cannot communicate with host C and host D.
----End
Configuration Files
The configuration file of the router is as follows:
#
sysname HUAWEI
#
vlan 10
#
interface GigabitEthernet1/0/0
undo shutdown
portswitch
port default vlan 10
port-isolation group 1
#
interface GigabitEthernet2/0/0
undo shutdown
portswitch
port default vlan 10
port-isolation group 1
#
interface GigabitEthernet2/0/1
undo shutdown
portswitch
port default vlan 10
port-isolation group 2
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port default vlan 10
port-isolation group 2
#
interface GigabitEthernet3/0/0
undo shutdown
portswitch
port default vlan 10
#
return
Networking Requirements
As shown in Figure 4-30, CE1 accesses PE1 and PE2 in the carrier network through redundant
links. Interfaces on PE1 and PE2 belong to the same VLAN. The two interfaces that connect
CE1 to PE1 and PE2 also belong to the same VLAN. It is required that Ethernet loop detection
be configured for the VLAN on the PE devices and interfaces on PE2 be blocked first when a
loop occurs.
Figure 4-30 Networking diagram of configuring Ethernet loop detection for a VLAN
PE1 PE2
GE2/0/0 GE1/0/0
GE1/0/0 GE2/0/0
CE1
GE1/0/0 GE2/0/0
Configuration Roadmap
The configuration roadmap is as follows:
1. Create a VLAN on the PE and CE devices to ensure interworking between them.
2. Configure Ethernet loop detection for the VLAN.
3. Configure the block priority for each interface in the VLAN.
Data Preparation
To complete the configuration, you need the following data:
l ID of the VLAN
l Times of loopback, interval of the detection time, cycle of the detection interval, time for
blocking a loop, and retry times for blocking a port permanently
l Block priority of each interface
Procedure
Step 1 Create a VLAN on the PE and CE devices to ensure Layer 2 interworking.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] portswitch
[PE1-GigabitEthernet1/0/0] port link-type access
[PE1-GigabitEthernet1/0/0] port default vlan 100
[PE1-GigabitEthernet1/0/0] undo shutdown
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] portswitch
[PE1-GigabitEthernet2/0/0] port link-type trunk
[PE1-GigabitEthernet2/0/0] port trunk allow-pass vlan 100
[PE1-GigabitEthernet2/0/0] undo shutdown
[PE1-GigabitEthernet2/0/0] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] vlan 100
[PE2-vlan100] quit
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] portswitch
[PE2-GigabitEthernet1/0/0] port link-type trunk
[PE2-GigabitEthernet1/0/0] port trunk allow-pass vlan 100
[PE2-GigabitEthernet1/0/0] undo shutdown
[PE2-GigabitEthernet1/0/0] quit
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] portswitch
[PE2-GigabitEthernet2/0/0] port link-type access
[PE2-GigabitEthernet2/0/0] port default vlan 100
[PE2-GigabitEthernet2/0/0] undo shutdown
[PE2-GigabitEthernet2/0/0] quit
# Configure CE1.
CE1 is a switch and interfaces on CE1 default to Layer 2 interfaces. In this example, you can
configure GE 1/0/0 and GE 2/0/0 on CE1 as access interfaces and add them to VLAN 100.
Step 2 Configure Ethernet loop detection for the VLAN and set the block priority of each interface.
# Configure PE1.
[PE1] vlan 100
[PE1-vlan100] loop-detect eth-loop loop-times 10 detect-cycle 10 cycles 3 retry-
times 3 block-time 100
[PE1-vlan100] quit
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] loop-detect eth-loop priority 1
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] loop-detect eth-loop priority 2
[PE1-GigabitEthernet2/0/0] quit
# Configure PE2.
[PE2] vlan 100
[PE2-vlan100] loop-detect eth-loop loop-times 10 detect-cycle 10 cycles 1 retry-
times 3 block-time 100
[PE2-vlan100] quit
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] loop-detect eth-loop priority 2
[PE2-GigabitEthernet1/0/0] quit
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] loop-detect eth-loop priority 1
[PE2-GigabitEthernet2/0/0] quit
-----------------------------------------------------------------------
VLAN 100 10 10 3 3 Block 100s
Total Items = 1
Blocked Port:
---------------
VLAN/VSI Block Port Link-Block Port Detect MAC
------------------------------------------------------------------------------
[PE2] display loop-detect eth-loop vlan 100
VLAN/VSI LTimes D-Cycle Cycles Retry Action
-----------------------------------------------------------------------
VLAN 100 10 10 1 3 Block 100s
Total Items = 1
Blocked Port:
---------------
VLAN/VSI Block Port Link-Block Port Detect MAC
------------------------------------------------------------------------------
1 GE2/0/0
At this time, cycles is set to 3 on PE1 and set to 1 on PE2. In this case, when a loop occurs in
VLAN 100, interfaces on PE2 are blocked first. On PE2, the priority of GE 2/0/0 is lower than
that of GE 1/0/0. Therefore, GE 2/0/0 is blocked first.
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
vlan batch 100
loop-detect eth-loop loop-times 10 detect-cycle 10 cycles 3 retry-times 3
block-time 100
#
interface GigabitEthernet1/0/0
undo shutdown
portswitch
port link-type access
port default vlan 100
loop-detect eth-loop priority 1
#
interface GigabitEthernet2/0/0
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 100
loop-detect eth-loop priority 2
#
return
interface GigabitEthernet2/0/0
undo shutdown
portswitch
port link-type access
port default vlan 100
loop-detect eth-loop priority 1
#
return
Networking Requirements
On an ME network, VLAN IDs are used to identify various services or user packets before they
access various VSIs, Virtual Leased Lines (VLL), or Virtual Private Network (VPN) instances.
If multiple user packets or services share one VLAN ID, part of high-priority traffic over the
operators' network cannot be scheduled in time, which deteriorates users' experience.
On the network shown in Figure 4-31, CE1 and CE2 add the same VLAN tag to received packets.
After PE1 receives these packets, it cannot distinguish the packets by the VLAN tag. This process
affects traffic distribution. To resolve this problem, configure VLAN mapping on PE1 to map
the same user VLAN IDs to different operator VLAN IDs, and configure VLANIF interfaces
on PE1 to transmit the user packets carrying the operator VLAN IDs to an L3VPN using different
VPN instances. These configurations ensure that packets are scheduled promptly.
Figure 4-31 Networking for configuring VLAN mapping and VLANIF interfaces for L3VPN
access
Loopback1
2.2.2.9/32
GE1/0/1 GE1/0/1.1 Database
PE2
10.12.1.1/24
CE1 AS65420
GE1/0/1
VLAN 10 GE1/0/2 GE1/0/2 10.12.1.2/24 CE4
Loopback1 10.1.1.1/30
1.1.1.9/32
GE1/0/1
GE1/0/2
VLANIF30:10.11.1.2/24 10.1.1.2/30
VLANIF20:10.21.1.2/24 GE1/0/3
GE1/0/4 PE1 10.2.1.2/30
GE1/0/2
GE1/0/2 10.2.1.1/30 GE1/0/1
Internet
10.22.1.2/24
CE2 AS65421
GE1/0/1.1
VLAN 10 GE1/0/1 PE3 10.22.1.1/24 CE3
Loopback1
3.3.3.9/32
L3VPN
AS100
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l Interface IP addresses
l VPN instance names
l RDs and VPN targets of the VPN instances
l Operator VLAN IDs for the VLAN mapping function
l VLANIF interface names
Procedure
Step 1 Configure basic L3VPN functions.
1. Assign an IP address to each interface of CEs and PEs shown in Figure 4-31. The
configuration details are not provided. For more information, see configuration files in this
example.
2. Configure an IGP on the MPLS backbone network. In this example, Open Shortest Path
First (OSPF) is used as an IGP.
The configuration details are not provided. For more information, see configuration files
in this example.
After OSPF is configured, PEs have IP routes to the peer Loopback 1 and can ping each
other.
<PE1> display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 9 Routes : 9
3. Enable basic MPLS functions and LDP on the MPLS backbone network.
The configuration details are not provided. For more information, see configuration files
in this example.
After an MPLS LSP is created, PE1 can establish LDP sessions with both PE2 and PE3.
The display mpls ldp session command output shows that the Status field is
Operational.
<PE1> display mpls ldp session
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Passive 0001:22:42 11210/11210
3.3.3.9:0 Operational DU Passive 0000:00:42 170/170
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
Step 2 Configure the VLAN mapping function and VLANIF interfaces, and then bind the VPN
instances to the VLANIF interfaces or sub-interfaces.
# Configure PE1.
[PE1] vlan 10
[PE1-vlan10] quit
[PE1] vlan 20
[PE1-vlan20] quit
[PE1] vlan 30
[PE1-vlan30] quit
[PE1] interface gigabitethernet 1/0/4
[PE1-GigabitEthernet1/0/4] portswitch
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1
[PE2-GigabitEthernet1/0/1.1] ip address 100.2.1.1 24
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn2
[PE3-GigabitEthernet1/0/1.1] ip address 200.2.1.1 24
[PE3-GigabitEthernet1/0/1.1] quit
After completing the configurations, run the display ip vpn-instance verbose command on PEs
to view the configurations of VPN instances.
Step 3 Set up EBGP peer relationships between PEs and CEs and import VPN routes.
The configuration details are not provided. For more information, see chapter "BGP/MPLS IP
VPN Configuration" in the NE80E/40E Configuration Guide - VPN or configuration files in this
example.
Step 4 Set up MP-IBGP peer relationships between PEs.
The configuration details are not provided. For more information, see chapter "BGP/MPLS IP
VPN Configuration" in the NE80E/40E Configuration Guide - VPN or configuration files in this
example.
Step 5 Verify the configuration.
After completing the configurations, run the display bgp peer command on PEs. The command
output shows that BGP peer relationships between PEs have been established and are in the
Established state.
In the following example, the display on PE1 is used.
[PE1] display bgp peer
Run the display ip routing-table vpn-instance command on PEs, and you can view the routes
to remote CEs.
In the following example, the display on PE1 is used.
[PE1] display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 3 Routes : 3
Run the display port vlan command to view interface information in VLANs.
In the following example, the display on PE1 is used.
[PE1] display port vlan
Port Link Type PVID Trunk VLAN List
-------------------------------------------------------------------------------
GigabitEthernet1/0/1 trunk 0 30
GigabitEthernet1/0/4 trunk 0 20
Run the display interface vlanif command to view the status of VLANIF interfaces, the protocol
status, interface descriptions, and interface IP addresses.
In the following example, the display of VLANIF 30 on PE1 is used.
[PE1] display interface vlanif 30
lanif10 current state : UP
Line protocol current state : UP
Description:HUAWEI, Vlanif10 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet protocol processing : enabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-f94a-1a00
Physical is VLANIF
Current system time: 2012-08-01 16:32:44-08:00
Last 300 seconds input rate 0 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Realtime 229 seconds input rate 0 bits/sec, 0 packets/sec
Realtime 229 seconds output rate 0 bits/sec, 0 packets/sec
Input: 0 packets,0 bytes
0 unicast,0 broadcast,0 multicast
0 errors,0 unknownprotocol
Output:0 packets,0 bytes
0 unicast,0 broadcast,0 multicast
0 errors
Input bandwidth utilization : --
Output bandwidth utilization : --
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
vlan batch 10 20 30
#
ip vpn-instance vpn1
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
ip vpn-instance vpn2
ipv4-family
route-distinguisher 100:2
vpn-target 100:2 export-extcommunity
vpn-target 100:2 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface Vlanif30
ip binding vpn-instance vpn1
#
interface Vlanif20
ip binding vpn-instance vpn2
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port vlan-mapping vlan 10 map-vlan 30
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 20.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/4
portswitch
undo shutdown
port link-type trunk
port vlan-mapping vlan 10 map-vlan 20
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 100.1.1.2 as-number 65420
#
ipv4-family vpn-instance vpn2
import-route direct
peer 100.1.1.2 as-number 65421
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.3
network 20.1.1.0 0.0.0.3
#
return
mpls l2vpn
#
mpls ldp
#
interface GigabitEthernet1/0/1.1
ip binding vpn-instance vpn1
ip address 100.2.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 100.2.1.2 as-number 65420
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.3
#
return
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn2
import-route direct
peer 200.2.1.2 as-number 65421
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 20.1.1.0 0.0.0.3
#
return
#
return
5 QinQ Configuration
The QinQ technology makes up for the shortage of public VLAN ID resources, and also provides
a simpler Layer 2 VPN solution for LANs or small-scale MANs.
5.5 Configuring the Sub-interface for VLAN Tag Termination to Access the IP Service
IP services include proxy ARP, and DHCP services. You can deploy IP services on sub-
interfaces for VLAN tag termination to enable the interworking between users in different
VLANs, therefore ensuring reliable, stable, and uninterrupted connections between the users
and the network.
5.6 Configuring the Sub-interface for VLAN Tag Termination to Access the Multicast Service
With the wide use of multicast services on the Internet, you need to deploy sub-interfaces for
QinQ/dot1q VLAN tag termination to process the user packets carrying a single tag or double
tags for multicast services. In this manner, the UPE can maintain information about the outbound
interface of multicast packets according to the established multicast forwarding table to ensure
the normal communications between hosts and the multicast source.
5.7 Configuring the Sub-interface for VLAN Tag Termination to Access the VPN Service
VPN services are classified into L2VPN services and L3VPN services. You can configure sub-
interfaces for VLAN tag termination on PEs to access VPNs to enable the interworking between
CEs and users.
5.8 Configuring the Sub-interface for VLAN Tag Termination to Access the MPLS Service
The sub-interface for VLAN tag termination to access the MPLS service is MPLS TE.
5.9 Configuring the Sub-interface for QinQ VLAN Tag Termination to Support 802.1p Mapping
Function
After tags are terminated on PEs, packets are sent to the IP or Multiprotocol Label Switching
(MPLS) network of the Internet Service Provider (ISP). To ensure the completeness of the
Quality of Service (QoS) information in the packets, the 802.1p values in outer and inner tags
need to be mapped to the DiffServ Code Point (DSCP) field or the EXP field.
5.12 Configuring the Sub-interface for QinQ VLAN Tag Termination to Support URPF
Configuring sub-interfaces for QinQ VLAN tag termination to support Unicast Reverse Path
Forwarding (URPF) effectively prevents attacks based on source address spoofing through sub-
interfaces for QinQ VLAN tag termination.
In intercommunication between Layer 2 LANs on the basis of the traditional IEEE 802.1Q
protocol, when two user networks access each other through an Internet Service Provider (ISP),
the ISP must assign VLAN IDs to users of different VLANs, as shown in Figure 5-1. Suppose
User Network1 and User Network2 access the backbone network through PE1 and PE2 of an
ISP.
Figure 5-1 Intercommunication between Layer 2 LANs on the basis of the traditional IEEE
802.1Q protocol
Trunk Trunk
VLAN100~200 VLAN100~200
CE1 PE1
Trunk
VLAN100~200
P
Trunk
User VLAN100~200
Network1 PE2 CE2
ISP
Network
User
Network2
To connect VLAN 100 - VLAN 200 on User Network1 to VLAN 100 - VLAN 200 on User
Network2, you must change the attribute of the interfaces of CE1, PE1, and P that connect PE2
and CE2 to the trunk and allow packets of VLAN 100 - VLAN 200 to pass.
This configuration makes user's VLANs visible on the backbone network. In this case, the VLAN
ID resources (4094 VLAN IDs) of an ISP are wasted. In addition, the ISP has to manage user
VLAN IDs and users have no right to manage their VLANs.
A rush of too many users accessing the network may cause the ISP network to be short of VLAN
IDs because an ISP network has only 4094 VLAN IDs.
In addition, different users cannot use the same VLAN ID and user's VLAN IDs must be planned
by an ISP.
QinQ is a technology used to expand the VLAN space by encapsulating a packet that carries an
802.1Q tag in another 802.1Q tag. The private VLANs therefore can transparently transmit
packets over the public network and the preceding problem is solved.
The QinQ technology expands the VLAN space by encapsulating a packet that carries an 802.1Q
tag in another 802.1Q tag. The private VLANs therefore can transparently transmit packets over
the public network. This function is the same as the Layer 2 VPN. Packets that are forwarded
over the backbone network carry two 802.1Q tags, one for the public network and the other for
the private network. This is called 802.1Q-in-802.1Q, or QinQ for short.
The ISP network only provides one VLAN ID for different VLANs from the same user network.
This saves VLAN IDs of an ISP. Meanwhile, the QinQ provides a simple Layer 2 VPN solution
to a small metropolitan area network (MAN) or a local area network (LAN).
The QinQ technology has been widely used on ISPs' networks because of its easy application.
The QinQ technology can be applied to multiple services in a metropolitan area Ethernet solution.
The emergence of flexible QinQ that is VLAN stacking enables QinQ services to widely spread
among ISPs.
This technology has the following features:
l Private networks are effectively segregated from the public network.
l ISP's VLAN IDs are saved to the maximum.
With the development of the metropolitan area Ethernet, all device vendors have put forward
their solutions to the metropolitan area Ethernet. The QinQ technology plays an important role
in the solutions because of its simplicity and flexibility.
QinQ
Encapsulation
DA SA ETYPE TAG ETYPE TAG LEN/ETYPE DATA FCS
6 Bytes 6 Bytes 2 Bytes 2 Bytes 2 Bytes 2 Bytes 2 Bytes 46 Bytes~1500 Bytes 4 Bytes
The NE80E/40E supports the compatibility of ETypes in different QinQ outer TPIDs. That is,
the NE80E/40E can identify and encapsulate packets with different outer ETypes, therefore
implementing inter-operation among devices from different vendors.
NOTE
IEEE 802.1ad defines the value of the EType field in the outer TPID to 0x88a8.
As shown in Figure 5-3, on Router B, the inbound interface can identify the QinQ packet with
the Etype value in the outer TPID being 0x9100 and the outbound interface can set ETypes in
the outer TPID to different values according to vendors, such as 0x9100, 0x8100, or other values.
Therefore, Router B can inter-operate with the devices of different vendors.
00
0x91
0x9100
Switch A
IP/MPLS
Core 0x81
Router A Router B 00
Router C
As shown in Figure 5-4, Router A and Switch A are non-Huawei devices, and Router B is a
Huawei Datacom device. By default, the inbound interface on Router B can identify the QinQ
packets with ETypes of both inner and outer tags being 0x8100. Then, to implement interworking
between non-Huawei devices and the Huawei device, you should configure the compatibility of
ETypes of the tags carried in the QinQ packets sent by the devices of different vendors.
GE1/0/1
RouterA SwitchA RouterB
In this manner, when the UPE receives packets with double VLAN tags, the inner tag is swapped
with the outer tag. The VLAN tag swapping does not take effect on packets with a single tag.
Figure 5-5 Networking diagram of the VLAN swapping feature based on QinQ
IP C S
DSLAM IP S C
IP S IP S
...
RG1 RG2
As shown in Figure 5-5, HSI, VoIP, and IPTV services access the DSLAM through a residential
gateway (RG). The RG adds inner VLAN tags identifying different services to packets and sends
these packets to the DSLAM. According to service types of the received packets, the DSLAM
adds outer VLAN tags, such as (1 to 1000)/1 to these packets and sends them to the UPE, which
supports VLAN tag swapping based on QinQ. After inner tags and outer tags of the packets are
swapped on the UPE, the outer tags can indicate the service VLAN and the inner tags can indicate
the customer VLAN, such as 1/(1 to 1000).
Termination is usually conducted on route sub-interfaces, that is, sub-interfaces for QinQ/dot1q
VLAN tag termination.
l A route sub-interface that terminates a single tag is called the sub-interface for dot1q VLAN
tag termination.
l A route sub-interface that terminates double tags is called the sub-interface for QinQ VLAN
tag termination.
Table 5-1 shows the differences among the VLANIF interface, dot1q sub-interface, sub-
interface for dot1q VLAN tag termination, and sub-interface for QinQ VLAN tag termination.
VLANI You can run Not Not Suppor Supp l The dot1q sub-interface
F the interface suppo suppor ted orted and sub-interface for
interfac vlanif rted ted dot1q VLAN tag
e command to termination have the
create a same function. Their
VLANIF difference is that packets
interface. sent from the dot1q sub-
A VLANIF interface are
interface is a encapsulated with only
Layer 3 one VLAN tag; packets
logical sent from the sub-
interface, interface for dot1q
which can be VLAN tag termination
configured can be encapsulated with
with an IP multiple VLAN tags.
address to l You can configure both
communicate sub-interfaces for dot1q
with devices VLAN tag termination
at the and sub-interfaces for
network QinQ VLAN tag
layer. termination on the same
main interface. In this
manner, the same main
interface can terminate
both single-tagged
packets and double-
tagged packets. If a main
interface is configured
with QinQ VLAN tag
termination, single-
Dot1q You can run Suppo Suppo Suppor Supp tagged packets can be
sub- the vlan-type rted rted ted orted terminated only on sub-
interfac dot1q interfaces for dot1q
e command to VLAN tag termination
configure an rather than on dot1q sub-
Ethernet sub- interfaces.
interface to
be a dot1q
sub-
interface.
Table 5-2 and Table 5-3 show how interfaces of different types process VLAN tags carried in
packets to be transmitted across a VPLS network.
Sub-interface for QinQ l Outer tags are added in l Outer tags are replaced in
VLAN tag termination symmetric mode. symmetric mode.
l Double tags are added in l One tag is stripped and
asymmetric mode. double tags are added in
asymmetric mode.
Figure 5-6 Networking diagram of service deployment on the sub-interface for QinQ/dot1q
VLAN tag termination
Set the interface mode to the
user-termination mode
Create a sub-interface
The detailed implementation and function of the sub-interface for QinQ VLAN tag termination
are related with the specific scenario. As shown in Figure 5-6, the sut-interface for QinQ/dot1q
VLAN tag termination can be deployed with services listed in Table 5-4.
Table 5-4 Services supported by the sut-interface for QinQ/dot1q VLAN tag termination
NOTE
l Services that can be deployed on sub-interfaces for VLAN tag termination are not limited to those
listed in Table 5-4.
l For details of services that can be deployed on sub-interfaces for VLAN tag termination, see the chapter
"QinQ" in the HUAWEI NetEngine80E/40E Feature Description - LAN Access and MAN Access.
Dynamic QinQ
A common sub-interface for QinQ termination can terminate a maximum of 16,000 double-
tagged user packets. When the number of the user packets exceeds 16,000, you can use the
dynamic QinQ function. After that, the sub-interface for QinQ aggregation can terminate a
maximum of 64,000 double-tagged user packets.
NOTE
After being configured with dynamic QinQ, the sub-interface for VLAN tag termination cannot support
Virtual Leased Line (VLL), Pseudo Wire Emulation Edge-to-Edge (PWE3), Virtual Private LAN Service
(VPLS), static ARP, and DHCP snooping static binding table.
GE1/0/0
100.1.1.2/24
Switch
/ 1 GE
IP 20 E1 /0 1 /0
IP
G /2 30
As shown in Figure 5-7, the DHCP client is connected to the DHCP relay through two-hierarchy
switches and requests a valid IP address from the DHCP server through the DHCP relay.
Dynamic QinQ is configured on the sub-interface for VLAN tag termination on the client side
of the DHCP relay to allocate VLAN tags to the login users. After ARP is associated with the
DHCP binding table, when users log out abnormally after obtaining IP addresses, the system
senses this failure automatically, and then deletes the binding relationship in the DHCP binding
table and informs the DHCP server to release IP addresses and VLAN tags.
In the case of interfaces configured with dynamic QinQ, usually it is users who send the ARP
request actively to the gateway device; if ARP rigid learning is also configured on the device,
all interfaces on the device learn the responses to the ARP requests that are actively sent by
themselves instead of learning the requests sent by other devices. As a result, dynamic QinQ
interfaces on this device cannot learn ARP entries of users and then users fail to log in. To solve
the problem, you can run the arp learning strict force-disable command on the interface
configured with dynamic QinQ so that the interface can learn the ARP requests sent by users.
After being configured with URPF, the sub-interface for QinQ VLAN tag can resist source-
address-spoofing attacks.
l Obtains the source address, the inner and outer VLAN tags, and the inbound interface of
the packet.
l Takes the source address of the packet as the destination address and searches the
forwarding table for the relevant outbound interface and the inner and outer VLAN tags.
l Compares the searching result and the obtained information of the packet. If they are
inconsistent, sub-interface for QinQ VLAN tag termination regards the source address as
spoofing and discards the packet.
In this way, hostile attacks by modifying the source address can be avoided.
l Loose URPF: A packet passes the URPF check if the relevant routing entry exists in the
forwarding table.
l Strict URPF: A packet passes the URPF check only when the relevant routing entry exists
in the forwarding table and the interface information matches.
NOTE
The sub-interface for QinQ VLAN tag termination on the NE80E/40E supports only loose URPF.
Applicable Environment
When multiple VLANs are required, the QinQ tunnel need be configured. You can add the outer
tag to the VLAN so that the range of available number of VLANs is wide; therefore, the number
of VLANs is no longer insufficient.
Pre-configuration Task
Before configuring the QinQ tunnel, complete the following tasks:
Data Preparation
To configure the QinQ tunnel, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
----End
Procedure
Step 1 Run:
system-view
The view of the Ethernet interface that need be configured with the QinQ tunnel is displayed.
Step 4 Run:
port link-type dot1q-tunnel
Step 5 Run:
port default vlan vlan-id
The outer tag is configured; namely, the default VLAN ID of the interface is configured.
NOTE
The outer tag value should be the same as the VLAN ID created in Creating the Outer VLAN Tag for a
Layer 2 Interface.
----End
5.2.4 (Optional) Configuring the Protocol Type for the Outer Tag
To implement interworking between devices of different vendors, in the case that QinQ is
configured, devices of different vendors use 0x8100 as the value of the EType in the inner Tag
Protocol Identifier (TPID) but use different values as the values of EType in the outer TPID. In
addition, the protocol type of the outer tag need be configured.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
The view of the Ethernet interface that need be configured with the QinQ tunnel is displayed.
Step 3 Run:
qinq protocol ethertype-value
l IEEE 802.1ad defines the value of the EType field in the outer TPID to 0x88a8.
l The value of ethertype-value ranges from 0x0600 to 0xFFFF, and the default value is 0x8100.
NOTE
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
slot slot-id
Step 3 Run:
vlan protocol ethertype-value
An EtherType value is specified for the inner and outer tags of double-tagged packets received
by Ethernet interfaces.
l In IEEE 802.1ad, the EtherType value of the TPID in the outer tag is defined as 0x88a8.
l The value of ethertype-value ranges from 0x0600 to 0xFFFF, and the default value is 0x8100.
NOTE
The vlan protocol ethertype-value command takes effect on all Ethernet interfaces on the board in the
specified slot and will override the qinq protocol ethertype-value configurations on the interfaces.
Running the vlan protocol ethertype-value command may interrupt ongoing services.
If the LPUF-41/101 is needed on both the AC side and the network side and different EtherType values
are required on the two sides, deploy configurations of the two sides on different boards.
----End
Perform the following steps on a device on which the Layer 2 QinQ tunnel function is to be
configured:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
The view of the Ethernet interface on which the QinQ tunnel function is to be configured is
displayed.
Step 3 Run:
protocol outer-vlan-only
NOTE
The protocol outer-vlan-only command takes effect on packets with more than one tag, but not on packets
with a single tag.
If the qinq protocol ethertype-value command has been run on the interface, the interface sets the outer
tag in packets to the ethertype-value value. If the qinq protocol ethertype-value command is not run on
the interface, the interface sets the outer tag in packets to the default value of 0x8100.
The protocol outer-vlan-only command is used on a physical interface.
----End
Context
Perform the following steps on a Huawei device on which the QinQ tunnel function is to be
configured:
Procedure
Step 1 Run:
system-view
Step 2 Run:
slot slot-id
Step 3 Run:
qinq protocol transport enable
The subcards are enabled to transparently transmit QinQ packets whose EType values of the
outer TPIDs are not 0x8100.
NOTE
qinq protocol transport enable is applicable only to the packets with double tags.
----End
Prerequisites
The QinQ tunnel function has been configured.
Procedure
l Run the display vlan [ vlan-id [ verbose ] ] command to check VLAN information.
l Run the display bpdu-tunnel interface config command to check the EthType
encapsulation value of the outer tag of the interface.
----End
Example
Running the display vlan command, you can view whether broadcast, VLAN status, and address
learning are enabled and view whether the interface configured with the QinQ tunnel function
is an untagged interface.
For example:
<HUAWEI> display vlan 10 verbose
VLAN ID : 10
VLAN Type : Common
Description : VLAN 0010
Status : Enable
Broadcast : Enable
MAC learning : Enable
Statistics : Disable
----------------
Untagged Port: GigabitEthernet1/0/0
Running the display bpdu-tunnel interface config command, you can view the configuration
of TPID. For example:
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] display bpdu-tunnel interface config
BpduDot1qStatus disable
BpduOneQStatus disable
BpduTwoQStatus disable
EtherType 9100
Dot1qVlan
TwoQList
Applicable Environment
Layer 2 selective QinQ is an extension of the QinQ tunnel. Layer 2 selective QinQ is more
flexible than the QinQ tunnel.
l QinQ tunnel
It attaches the same outer tag to all the frames entering the Layer 2 QinQ interface.
l Selective QinQ on the Layer 2 interface
It can attach different outer tags to the frames entering the Layer 2 QinQ interface according
to different inner tags.
Pre-configuration Task
Before configuring selective QinQ on a Layer 2 interface, complete the following tasks:
Data Preparation
To configure selective QinQ on a Layer 2 interface, you need the following data.
No. Data
2 Interface number of the selective QinQ on the Layer 2 interface, ID of the inner VLAN
tag
Procedure
Step 1 Run:
system-view
Step 2 Run:
vlan vlan-id
The VLAN ID refers to the value of the outer tag specified in the QinQ tunnel function. The
VLAN ID ranges from 1 to 4094.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface { ethernet | gigabitethernet | eth-trunk } interface-number
The view of the Ethernet interface that need be configured with the Layer 2 selective QinQ is
displayed.
Step 4 Run the port vlan-stacking vlan vlan-id1 [ to vlan-id2 ] stack-vlan vlan-id3 command to
configure the interface type as a Layer 2 selective QinQ interface.
In this step, vlan-id1 and vlan-id2 specify the range of the inner tag of the frame received by the
interface; vlan-id3 is the value of the outer tag attached to the frame by the interface.
----End
5.3.4 (Optional) Configuring the Protocol Type for the Outer Tag
To implement interworking between devices of different vendors, in the case that QinQ is
configured, devices of different vendors use 0x8100 as the value of the EType in the inner Tag
Protocol Identifier (TPID) but use different values as the values of EType in the outer TPID. In
addition, the protocol type of the outer tag need be configured.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
The view of the Ethernet interface that need be configured with the QinQ tunnel is displayed.
Step 3 Run:
qinq protocol ethertype-value
l IEEE 802.1ad defines the value of the EType field in the outer TPID to 0x88a8.
l The value of ethertype-value ranges from 0x0600 to 0xFFFF, and the default value is 0x8100.
NOTE
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
slot slot-id
Step 3 Run:
vlan protocol ethertype-value
An EtherType value is specified for the inner and outer tags of double-tagged packets received
by Ethernet interfaces.
l In IEEE 802.1ad, the EtherType value of the TPID in the outer tag is defined as 0x88a8.
l The value of ethertype-value ranges from 0x0600 to 0xFFFF, and the default value is 0x8100.
NOTE
The vlan protocol ethertype-value command takes effect on all Ethernet interfaces on the board in the
specified slot and will override the qinq protocol ethertype-value configurations on the interfaces.
Running the vlan protocol ethertype-value command may interrupt ongoing services.
If the LPUF-41/101 is needed on both the AC side and the network side and different EtherType values
are required on the two sides, deploy configurations of the two sides on different boards.
----End
5.3.6 (Optional) Modifying the Protocol Type for the Outer Tag
When Huawei and non-Huawei devices are connected and QinQ is configured, devices of
various vendors set the inner TPID to 0x8100 and set the outer TPID to different values. To
allow Huawei and non-Huawei devices to communicate, the Ethernet encapsulation type of the
outer tag need be configured.
Perform the following steps on a device on which the Layer 2 QinQ tunnel function is to be
configured:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
The view of the Ethernet interface on which the QinQ tunnel function is to be configured is
displayed.
Step 3 Run:
protocol outer-vlan-only
NOTE
The protocol outer-vlan-only command takes effect on packets with more than one tag, but not on packets
with a single tag.
If the qinq protocol ethertype-value command has been run on the interface, the interface sets the outer
tag in packets to the ethertype-value value. If the qinq protocol ethertype-value command is not run on
the interface, the interface sets the outer tag in packets to the default value of 0x8100.
The protocol outer-vlan-only command is used on a physical interface.
----End
Context
Perform the following steps on a Huawei device on which the QinQ tunnel function is to be
configured:
Procedure
Step 1 Run:
system-view
Step 2 Run:
slot slot-id
Step 3 Run:
qinq protocol transport enable
The subcards are enabled to transparently transmit QinQ packets whose EType values of the
outer TPIDs are not 0x8100.
NOTE
qinq protocol transport enable is applicable only to the packets with double tags.
----End
Prerequisites
Selective QinQ on a layer 2 interface has been configured.
Procedure
l Run the display vlan [ vlan-id [ verbose ] ] command to check VLAN information.
l Run the display bpdu-tunnel interface config command to check the EthType
encapsulation value of the outer tag of the interface.
----End
Example
Run the display vlan command, and you can view whether broadcast, VLAN status, and address
learning are enabled and view whether the interface configured with the QinQ tunnel is a QinQ
stack interface. For example:
<HUAWEI> display vlan 10 verbose
VLAN ID : 10
VLAN Type : Common
Description : VLAN 0010
Status : Enable
Broadcast : Enable
MAC learning : Enable
Statistics : Disable
----------------
QinQ-stack Port: GigabitEthernet1/0/0
Running the display bpdu-tunnel interface config command, you can view the configuration
of TPID. For example:
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] display bpdu-tunnel interface config
BpduDot1qStatus disable
BpduOneQStatus disable
BpduTwoQStatus disable
EtherType 9100
Dot1qVlan
TwoQList
Applicable Environment
As shown in Figure 5-8, multiple DSLAMs access the UPE and send data packets to the UPE.
The packets received by the UPE contain double tags. The outer tag indicates the customer
VLAN and the inner tag indicates the service VLAN. For packets to be forwarded by the UPE,
their outer tag indicates the service VLAN and their inner tag indicates the customer VLAN. To
transmit packets to correct VLANs, the UPE needs to swap the inner VLAN tag with the outer
VLAN tag. In this manner, the outer tag in the packet can indicate the service VLAN and the
inner tag can indicate the customer VLAN.
Figure 5-8 Networking diagram of the VLAN swapping feature based on QinQ
IP C S
DSLAM IP S C
IP S IP S
...
RG1 RG2
NOTE
l If the inner and outer tags of all the packets transmitted over a main interface need be interchanged, you can
run the vlan-swap enable command on the main interface. After the main interface is configured with VLAN
tag swapping, all its sub-interfaces are enabled with VLAN tag swapping automatically.
Pre-configuration Tasks
Before configuring VLAN tag swapping based on QinQ, complete the following task:
l Ensure that devices are connected correctly.
l Configure the correct VLANs of users to enable the packets received by the main interface
for VLAN tag termination to carry double tags.
Data Preparation
To configure VLAN tag swapping based on QinQ, you need the following data.
No. Data
Context
NOTE
l If the inner and outer tags of all the packets transmitted over a main interface need be interchanged, you can
run the vlan-swap enable command on the main interface. After the main interface is configured with VLAN
tag swapping, all its sub-interfaces are enabled with VLAN tag swapping automatically.
Perform the following steps on the device to be configured with VLAN tag swapping based on
QinQ:
Procedure
Step 1 Run:
system-view
The view of the Ethernet interface that needs to be configured with VLAN tag swapping based
on QinQ is displayed.
Step 3 Run:
mode user-termination
----End
Prerequisites
VLAN tag swapping based on QinQ function has been configured.
Procedure
Step 1 Run the display current-configuration command to check information about the interface.
----End
Example
Run the display current-configuration command on the device that is configured with VLAN
swapping based on QinQ, and you can view whether VLAN tag swapping is enabled.
Applicable Environment
IP services are classified into the following types:
l Proxy Address Resolution Protocol (ARP)
The sub-interface for VLAN tag termination can connect different VLANs to the same
network segment. If users on the same network segment belong to different VLANs, they
cannot communicate with each other on the Layer 2 network unless the sub-interface for
VLAN tag termination supports ARP proxy and therefore implements IP forwarding.
l Dynamic Host Configuration Protocol (DHCP)
– The sub-interface for VLAN tag termination can be configured with the Dynamic Host
Configuration Protocol (DHCP) server function to assign IP addresses to users.
– The sub-interface for VLAN tag termination can be configured with the DHCP relay
function to provide reference for the DHCP server to assign IP addresses and parameters
by inserting tag information into Option82.
l Virtual Router Redundancy Protocol (VRRP)
Users usually require communicating with certain networks at any time. In this case, The
Virtual Router Redundancy Protocol (VRRP) running on the sub-interface for VLAN tag
termination ensure a reliable communication and provides an active/standby mechanism
for dot1q or QinQ users.
NOTE
Proxy ARP, DHCP, and VRRP are different types of IP services, you can deploy one of them on the sub-
interface for VLAN tag termination as required.
Pre-configuration Tasks
Before configuring the sub-interface for VLAN tag termination to access the IP service, complete
the following tasks:
Data Preparation
To configure the sub-interface for VLAN tag termination to access the IP service, you need the
following data.
No. Data
5 Preemption mode
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
mode user-termination
When this command is run on the main interface, ensure that no sub-interface is configured
under this main interface.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
Step 3 Run:
control-vid vid dot1q-termination [ rt-protocol ]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with
one tag.
The purpose of configuring the VLAN group for the users is to apply different QoS policies to
different VLAN groups.
Step 5 Run:
dot1q termination vid low-pe-vid [ to high-pe-vid ] [ vlan-group group-id ]
The VLAN tag termination function is configured for the dot1q sub-interface.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
Step 3 Run:
control-vid vid qinq-termination [ local-switch | [ rt-protocol | dynamic ] * ]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with
double tags.
The purpose of configuring the VLAN group for the users is to apply different QoS policies to
different VLAN groups.
Step 5 Run:
qinq termination pe-vid pe-vid [ to high-pe-vid ] ce-vid { low-ce-vid [ to high-ce-
vid ] | any } [ vlan-group group-id ]
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
l Proxy ARP
Configure proxy ARP on the device. For detailed configuration, see the chapter "ARP
Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - IP
Services.
Enabling or disabling the ARP broadcast on the sub-interface makes the route status change
from Down to Up on the sub-interface. This may lead to route flapping on the entire network,
and even affect the running services.
l DHCP
Configure DHCP on the device. For detailed configuration, see the chapter "IPv4 Address
management" in the HUAWEI NetEngine80E/40E Router Configuration Guide - User
Access.
On a rather large network, if the PCs are connected to a router through other devices instead
of being directly connected to the router through Ethernet interfaces, the DHCP server based
on a global address pool needs to be configured so that the PCs can dynamically obtain IP
addresses from the router.
If a local network does not have a DHCP server, the DHCP relay function can be enabled on
the router. In this manner, the DHCP Request packet from the client can be transmitted to
the DHCP server through the DHCP relay.
l VRRP
Configure VRRP on the device. For detailed configuration, see the chapter "VRRP
Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide -
Reliability.
NOTE
When configuring VRRP and static ARP on the dot1q termination sub-interface, QinQ termination sub-
interface, or VLANIF interface at the same time, note the following:
l Do not configure the IP address mapping to the static ARP entry on the interface as the VRRP virtual
address.
l Do not configure the virtual address of the VRRP backup group where the interface resides as the IP
address mapping to the static ARP entry on the interface.
Otherwise, incorrect host routes are generated. This affects packet forwarding between devices.
----End
Prerequisites
The sub-interface for VLAN tag termination to access the IP service has been configured.
Procedure
l Run the display dot1q information termination [ interface interface-type interface-
number [.subinterface-number ] ] command to check information about the sub-interface
for dot1q VLAN tag termination.
l Run the display qinq information { termination | stacking } [ interface interface-type
interface-number [.subinterface-number ] ] command to check information about the sub-
interface for QinQ VLAN tag termination.
----End
Example
Run the display dot1q information termination on the PE, and you can view information about
the sub-interface for dot1q VLAN tag termination. For example:
<HUAWEI> display dot1q information termination interface gigabitethernet 2/0/0
GigabitEthernet2/0/0.1
Total QinQ Num: 1
dot1q termination vid 10 to 20 vlan-group 1
Total vlan-group Num: 1
vlan-group 1
control-vid 1 dot1q-termination
Run the display qinq information termination command on the PE, and you can view
information about the sub-interface for QinQ VLAN tag termination. For example:
<HUAWEI> display qinq information termination interface gigabitethernet 2/0/0
GigabitEthernet2/0/0.1
Total QinQ Num: 1
qinq termination pe-vid 1000 ce-vid 100 to 200 vlan-group 1
Total vlan-group Num: 1
vlan-group 1
control-vid 1 qinq-termination
Applicable Environment
Multicast services are classified into the following types:
l Layer 2 multicast
After being bound to a VSI and enabled with IGMP snooping, the sub-interface for QinQ/
dot1q VLAN tag termination can listen IGMP messages exchanged between the multicast
device and hosts, and therefore can learn which interfaces have multicast receivers. In this
case, multicast packets are transmitted on the Layer 2 network in multicast mode rather
than broadcast mode, and consequently received only by members of the multicast group.
l Layer 3 multicast
Multicast protocol packets with double tags are sent from the UPE to the upper network.
After the sub-interface for QinQ or dot1q VLAN tag termination is configured on the UPE,
the UPE creates the forwarding table and the routing table. When receiving multicast
protocol packets from hosts, the UPE can identify the packets and correctly forward the
packets. Based on the established multicast forwarding table, the UPE can replicate and
deliver multicast packets correctly.
Here, Layer 3 multicast mainly refers to IGMP.
Pre-configuration Tasks
Before configuring the sub-interface for VLAN tag termination to access the multicast service,
complete the following tasks:
l Ensure that devices are correctly connected and that the physical interfaces of each device
are in the Up state.
l Configure the correct VLANs of users to enable the packets received by the sub-interface
for VLAN tag termination to carry one or double tags.
Data Preparation
To configure the sub-interface for VLAN tag termination to access the multicast service, you
need the following data.
No. Data
3 IGMP version
5 (Optional) ACL rules for the filtering based on multicast group addresses
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
mode user-termination
When this command is run on the main interface, ensure that no sub-interface is configured
under this main interface.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
Step 3 Run:
control-vid vid dot1q-termination [ rt-protocol ]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with
one tag.
The purpose of configuring the VLAN group for the users is to apply different QoS policies to
different VLAN groups.
Step 5 Run:
dot1q termination vid low-pe-vid [ to high-pe-vid ] [ vlan-group group-id ]
The VLAN tag termination function is configured for the dot1q sub-interface.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
Step 3 Run:
control-vid vid qinq-termination [ local-switch | [ rt-protocol | dynamic ] * ]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with
double tags.
The purpose of configuring the VLAN group for the users is to apply different QoS policies to
different VLAN groups.
Step 5 Run:
qinq termination pe-vid pe-vid [ to high-pe-vid ] ce-vid { low-ce-vid [ to high-ce-
vid ] | any } [ vlan-group group-id ]
----End
Context
As shown in Figure 5-9, CE1 and CE2 are connected to the L2VPN network through PE sub-
interfaces, PE1 and CE1 are Huawei devices, and PE2 and CE2 are non-Huawei devices.
If a PE1 user-side sub-interface is configured as a sub-interface for QinQ VLAN tag termination
in asymmetric mode, when receiving user packets, the sub-interface removes the outer VLAN
tag and adds another VLAN tag to the packets and then forwards the packets to the L2VPN
network.
Packets sent by the non-Huawei device PE2 to CE2 must carry two VLAN tags, but packets
forwarded by the Huawei device PE1 to PE2 carry only one VLAN tag. As a result, PE1 cannot
communicate with PE2, and users from user networks connected to CE1 and CE2 cannot
communicate with each other.
To address this issue, configure a push action on the PE1 user-side sub-interface. After
performing QinQ VLAN tag termination, the sub-interface then adds an inner VLAN tag to user
packets. As a result, PE1 can communicate with PE2 by sending double-tagged user packets.
Table 5-5 and Table 5-6 describe the packet processing on the inbound and outbound interfaces,
after a user-side sub-interface is configured as a VLAN tag termination sub-interface or QinQ
stacking sub-interface and a push action is configured on the sub-interface.
NOTE
The PW in Tagged mode is used as an example in Table 5-5 and Table 5-6.
Dot1q sub-interface Keeps the original VLAN tag in a packet and then adds another
VLAN tag using the push action.
Sub-interface for dot1q
VLAN tag termination
Sub- In Removes both VLAN tags from a packet, adds another VLAN tag
interface for asymme using the push action, and then adds a VLAN tag.
QinQ tric
VLAN tag mode
termination
In Removes the outer VLAN tag from a packet, adds another VLAN
symmet tag using the push action, and then adds a VLAN tag.
ric mode
QinQ stacking sub- l Adds a VLAN tag using the push action, and then adds another
interface VLAN tag, if the packet carries one VLAN tag specified on the
sub-interface.
l Adds a VLAN tag using the push action, and then adds another
VLAN tag, if the packet carries two VLAN tag specified on the
sub-interface. The original inner VLAN tag is transparently
transmitted as data.
Dot1q sub-interface Removes the outer VLAN tag from a packet and replaces the
remaining VLAN tag.
Sub-interface for dot1q
VLAN tag termination
Sub- In Removes both VLAN tags from a packet and adds two VLAN tags.
interface for asymme
QinQ tric
VLAN tag mode
termination
In Removes the outer VLAN tag from a packet and replaces the outer
symmet VLAN tag of the remaining two VLAN tag.
ric mode
QinQ stacking sub- l Removes the outer VLAN tag from a packet and replaces the
interface outer VLAN tag of the remaining two VLAN tag.
l Removes both VLAN tags from a packet and replaces the outer
VLAN tag of the remaining two VLAN tag.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
Step 3 Run:
push { vlan-id | inner-vlan | outer-vlan } [ 8021p { 8021p-value | inner-vlan |
outer-vlan } ]
A push action is configured so that the sub-interface adds a VLAN tag to received packets.
----End
Context
As shown in Figure 5-10, CE1 and CE2 are connected to the L2VPN network through PE sub-
interfaces, PE1 and CE1 are Huawei devices, and PE2 and CE2 are non-Huawei devices.
When a PE transmits multiple services over one PW, the PE adds different P-Tags to packets of
different services to isolate the packets on the L2VPN network. When the packets reach the sub-
interfaces of another PE on the other end of the PW, each sub-interface accepts only those packets
carrying the same P-Tag as that specified on the sub-interface.
However, because the P-Tags on PE1 and PE2 are different, PE1 cannot communicate with PE2,
and users from user networks connected to CE1 and CE2 cannot communicate with each other.
User
P-Tag' Network
PE1
Tagged mode
L2VPN
Network
Pw-tag PE2 CE2
Pw-tag
Ethernet Tunnel VC Ethernet IP
P-Tag Payload
Header Label Label Header Header
VLAN access
Ethernet IP
P-Tag Payload
Header Header
CE1
User
Network
To address this issue, configure a PW-tag action on the user-side sub-interface of PE1 so that
the sub-interface changes the packets' P-Tags to match PE2's before forwarding the packets to
the PW. This allows PE1 to communicate with PE2.
Table 5-7 provides the default P-Tag values and the P-Tag values after the PW-tag action.
In symmetric
mode
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
Step 3 Run:
pw-tag { vlan-id | inner-vlan | outer-vlan } [ 8021p { 8021p-value | inner-vlan |
outer-vlan } ]
A PW-tag action is configured so that the sub-interface changes the P-Tags of packets before
forwarding the packets to the PW in Tagged mode.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
Before configuring Layer 2 multicast, ensure that a VSI has been successfully set up and the
sub-interface for VLAN tag termination has been bound to the VSI; otherwise, Layer 2
multicast cannot be successfully configured.
l Configure Layer 3 multicast.
For detailed information, see the chapter "IGMP Configuration" in the HUAWEI
NetEngine80E/40E Router Configuration Guide - IP Multicast.
CAUTION
Ensure that all IGMP device interfaces in the same network segment are configured with the
same IGMP version. Otherwise, a fault occurs.
----End
Prerequisites
The sub-interface for VLAN tag termination to access the multicast service has been configured.
Procedure
l Run the display dot1q information termination [ interface interface-type interface-
number [.subinterface-number ] ] command to check information about the sub-interface
for dot1q VLAN tag termination.
l Run the display qinq information { termination | stacking } [ interface interface-type
interface-number [.subinterface-number ] ] command to check information about the sub-
interface for QinQ VLAN tag termination.
l Run the display igmp-snooping querier { vsi vsi-name | vlan vlan-id } command to check
whether the IGMP querier is configured successfully.
l Run the display igmp-snooping router-port { vsi vsi-name | vlan vlan-id } command to
check information about static router ports.
l Run the display igmp-snooping port-info [ { vlan vlan-id | vsi vsi-name | slot slot-id }
[ group-address group-address ] ] [ verbose ] command to check information about Layer
2 multicast ports on the router.
l Run the display igmp [ vpn-instance vpn-instance-name | all-instance ] interface
[ interface-type interface-number ] [ verbose ] command to check the configuration and
running of IGMP on an interface.
l Run the display igmp [ vpn-instance vpn-instance-name | all-instance ] group [ group-
address | interface interface-type interface-number ] [ verbose ]command to check
information about the members of an IGMP multicast group.
----End
Example
Run the display dot1q information termination on the PE, and you can view information about
the sub-interface for dot1q VLAN tag termination. For example:
<HUAWEI> display dot1q information termination interface gigabitethernet 2/0/0
GigabitEthernet2/0/0.1
Total QinQ Num: 1
dot1q termination vid 10 to 20 vlan-group 1
Total vlan-group Num: 1
vlan-group 1
control-vid 1 dot1q-termination
Run the display qinq information termination command on the PE, and you can view
information about the sub-interface for QinQ VLAN tag termination. For example:
<HUAWEI> display qinq information termination interface gigabitethernet 2/0/0
GigabitEthernet2/0/0.1
Total QinQ Num: 1
qinq termination pe-vid 1000 ce-vid 100 to 200 vlan-group 1
Total vlan-group Num: 1
vlan-group 1
control-vid 1 qinq-termination
After the sub-interface for VLAN tag termination is successfully configured to access Layer 2
multicast:
l Run the display igmp-snooping querier vsi command. You can check whether the querier
is configured successfully. If the Enable state is displayed as shown in the following output,
it indicates that the querier is enabled for VSI v123. For example:
<HUAWEI> display igmp-snooping querier vsi v123
VSI Querier-state
-----------------------------------------------
v123 Enable
-----------------------------------------------
l Run the display igmp-snooping router-port vsi on PE1. You can check whether the
configuration of the static router port succeeds. If STATIC is displayed as shown in the
following output, it indicates that GE 1/0/0 is already configured as a static router port in
VSI V123. For example:
<HUAWEI> display igmp-snooping router-port vsi v123
Port Name UpTime Expires Flags
---------------------------------------------------------------------
VSI v123, 1 router-port(s)
GE1/0/1.1 00:01:48 -- STATIC
l Run the display igmp-snooping port-info command, You can check information about
Layer 2 multicast ports on the router, including SSM Mapping ports, static member ports,
and dynamic member ports.
<HUAWEI> display igmp-snooping port-info
-----------------------------------------------------------------------
(Source, Group) Port Flag
-----------------------------------------------------------------------
VSI v123, 1 Entry(s)
(1.1.1.1, 234.1.1.1) GE1/0/0.2(PE:20/CE:100) -D-
1 port(s)
-----------------------------------------------------------------------
<HUAWEI> display igmp-snooping port-info slot 1
-----------------------------------------------------------------------
(Source, Group) Port Flag
-----------------------------------------------------------------------
VSI v123, 1 Entry(s)
(1.1.1.1, 234.1.1.1) P--
GE1/1/0.2(PE:20/CE:100) -D-
1 port(s) include
-----------------------------------------------------------------------
After the sub-interface for VLAN tag termination is successfully configured to access Layer 3
multicast:
l Run the display igmp group command. You can view information about multicast groups.
For example:
<PE1> display igmp group
Interface group report information of VPN-Instance: public net
GigabitGigabitethernet1/0/1.1(1.1.1.9):
Total 1 IGMP Group reported
Group Address Last Reporter Uptime Expires
226.0.0.1 192.168.0.1 00:00:03 00:02:07
Applicable Environment
VPN services are classified into the following types:
When Dot1q termination sub-interfaces, QinQ termination sub-interfaces, or QinQ stacking sub-
interfaces are used for VLL or VPLS access, BPDUs can be transparently transmitted.
l Layer 2 virtual private network (L3VPN)
The access of the sub-interface for QinQ/dot1q VLAN tag termination to L3VPN means
that the sub-interface for QinQ/dot1q VLAN tag termination is configured with L3VPN
functions.
NOTE
When a sub-interface for dot1q VLAN tag termination accesses user services, if it is required to differentiate
the service types, you can deploy VLAN + 8021.p/DiffServ Code Point (DSCP)/EthType on the device
configured with the sub-interface.
l Services can be differentiated according to the 8021.p/DSCP priority or the EthType. Services are
mapped to different Virtual Switching Instances (VSIs) according to their 8021.p/DSCP/EthType
values, and then transmitted to the peer.
l Services can be differentiated according to the 8021.p priority or the DSCP priority. Services are
mapped to different VSIs according to their 8021.p or DSCP priorities, and then transmitted to the peer.
Pre-configuration Tasks
Before configuring the sub-interface for VLAN tag termination to access the VPN service,
complete the following tasks:
l Ensure that devices are correctly connected and that the physical interfaces of each device
are in the Up state.
l Configure the correct VLANs of users to enable the packets received by the sub-interface
for VLAN tag termination to carry one or double tags.
Data Preparation
To configure the sub-interface for VLAN tag termination to access the VPN service, you need
the following data.
No. Data
3 VLAN ID to be encapsulated
4 New P-Tag
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
mode user-termination
When this command is run on the main interface, ensure that no sub-interface is configured
under this main interface.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
Step 3 Run:
control-vid vid dot1q-termination [ rt-protocol ]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with
one tag.
2. (Optional) Run the group mode { single | multiple } ommand to configure the working
mode of the user VLAN group.
The purpose of configuring the VLAN group for the users is to apply different QoS policies to
different VLAN groups.
The ARP broadcast of the sub-interface for VLAN tag termination is enabled.
NOTE
This configuration takes effect only when a sub-interface for QinQ VLAN tag termination accesses an
L3VPN. So, after configuring a sub-interface for QinQ VLAN tag termination to access an L3VPN, you
must enable the ARP broadcast function on the sub-interface.
Enabling or disabling the ARP broadcast on the sub-interface makes the route status change
from Down to Up on the sub-interface. This may lead to route flapping on the entire network,
and even affect the running services.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
Step 3 Run:
control-vid vid qinq-termination [ local-switch | [ rt-protocol | dynamic ] * ]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with
double tags.
The attributes of the sub-interface for QinQ VLAN tag termination are set.
NOTE
This configuration takes effect only when a sub-interface for QinQ VLAN tag termination accesses an
L2VPN. So, after configuring a sub-interface for QinQ VLAN tag termination, you must configure the
attributes of the sub-interface.
Symmetrical Strips the outer tag. Reserves the double tags, and
no action is required.
Asymmetrical Strips the double tags. Strips two tags and then adds
one tag.
Asymmetrical Adds double tags. Strips one tag and then adds
double tags
The purpose of configuring the VLAN group for the users is to apply different QoS policies to
different VLAN groups.
Step 6 Run:
qinq termination pe-vid pe-vid [ to high-pe-vid ] ce-vid { low-ce-vid [ to high-ce-
vid ] | any } [ vlan-group group-id ]
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
l L2VPN
For detailed information, see the chapters "Virtual Leased Line (VLL) Configuration",
"Pseudo-Wire Emulation Edge to Edge (PWE3) Configuration", and "Virtual Private LAN
Service (VPLS) Configuration" in the HUAWEI NetEngine80E/40E Router Configuration
Guide - VPN.
The sub-interface for QinQ VLAN tag termination can be bound to a homogeneous VLL in
the following modes:
– Local Circuit Cross Connect (CCC) connection
– Remote CCC connection
– Remote SVC connection
– Local Kompella connection
– Remote Kompella connection
– Remote Martini connection
The sub-interface for dot1q VLAN tag termination can be bound to a homogeneous VLL or
a heterogeneous VLL in the following modes:
– Local Kompella connection
– Remote Kompella remote connection
– Local Martini connection
– Remote Martini connection
The sub-interface for QinQ/dot1q VLAN tag termination can be bound to VPLS in the
following modes:
– Martini VPLS
– Kompella VPLS
l L3VPN
For detailed information, see the chapter "Border Gateway Protocol (BGP) Multiprotocol
Label Switching (MPLS) IP VPN Configuration" in the HUAWEI NetEngine80E/40E
CConfiguration Guide - VPN.
----End
Prerequisites
The sub-interface for VLAN tag termination to access the VPN service has been configured.
Procedure
l Run the display dot1q information termination [ interface interface-type interface-
number [.subinterface-number ] ] command to check information about the sub-interface
for dot1q VLAN tag termination.
l Run the display qinq information { termination | stacking } [ interface interface-type
interface-number [.subinterface-number ] ] command to check information about the sub-
interface for QinQ VLAN tag termination.
l Run the display mpls l2vpn [ l2vpn-name [ local-ce | remote-ce ] ] command to check
information about the L2VPN on the PE.
l View the configuration of the L2VPN in CCC mode:
– Run the display vll ccc [ ccc-name | type { local | remote } ] command to check
information about the CCC connection.
– Run the display l2vpn ccc-interface vc-type ccc [ up | down ] command to check
information about the SVC interface in the Up or Down state.
l View the configuration of the L2VPN in SVC mode:
– Run the display mpls static-l2vc [ interface interface-type interface-number ]
command to check information about the SVC L2VPN connection.
– Run the display l2vpn ccc-interface vc-type static-vc { up | down } command to check
information about the SVC interface in the Up or Down state.
l View the configuration of the L2VPN in Martini mode:
– Run the display mpls l2vc [ vc-id | interface interface-type interface-number ]
command to check information about the Martini MPLS L2VPN connection on the PE.
– Run the display mpls l2vc remote-info [ vc-id ] command to check information about
the remote Martini MPLS L2VPN connection on the PE.
l View the configuration of the L2VPN in Kompella mode:
– Run the display bgp l2vpn { all | group [ group-name ] | peer [ [ ip-address ]
verbose ] | route-distinguisher route-distinguisher [ ce-id ce-id [ label-offset label-
offset ] ] } command to check BGP information about the Kompella MPLS L2VPN.
– Run the display mpls l2vpn connection [ vpn-name { remote-ce ce-id | down | up |
verbose } | summary | interface interface-type interface-number ] command to check
information about the Kompella MPLS L2VPN.
l Run the display interface interface-type interface-number vlan vlanid command to view
configurations of all sub-interfaces on a main interface.
----End
Example
Run the display dot1q information termination on the PE, and you can view information about
the sub-interface for dot1q VLAN tag termination. For example:
<HUAWEI> display dot1q information termination interface gigabitethernet 2/0/0
GigabitEthernet2/0/0.1
Total QinQ Num: 1
dot1q termination vid 10 to 20 vlan-group 1
Total vlan-group Num: 1
vlan-group 1
control-vid 1 dot1q-termination
Run the display qinq information termination command on the PE, and you can view
information about the sub-interface for QinQ VLAN tag termination. For example:
<HUAWEI> display qinq information termination interface gigabitethernet 2/0/0
GigabitEthernet2/0/0.1
Total QinQ Num: 1
qinq termination pe-vid 1000 ce-vid 100 to 200 vlan-group 1
Total vlan-group Num: 1
vlan-group 1
control-vid 1 qinq-termination
– Run the display l2vpn ccc-interface vc-type ccc command, and you can find that the
VC type is CCC, and the CCC status is Up. For example:
<HUAWEI> display l2vpn ccc-interface vc-type all
Total ccc-interface of CCC VC: 1
up (1), down (0)
Interface Encap Type State VC Type
GigabitEthernet1/0/0 ppp up CCC
– Run the display mpls static-l2vc command, and you can find that the VC status is Up.
For example:
<HUAWEI> display mpls static-l2vc
Total svc connections: 1, 1 up, 0 down
*Client Interface : GigabitEthernet1/0/0 is up
AC Status : up
VC State : up
VC ID : 0
VC Type : ppp
Destination : 3.3.3.9
Transmit VC Label : 100
Receive VC Label : 200
Control Word : Disable
VCCV Capability : Disable
Tunnel Policy Name : --
Traffic Behavior : --
PW Template Name : --
Create time : 0 days, 0 hours, 1 minutes, 38 seconds
UP time : 0 days, 0 hours, 1 minutes, 11 seconds
Last change time : 0 days, 0 hours, 1 minutes, 11 seconds
– Run the display l2vpn ccc-interface vc-type static-l2vc up command, and you can
find that the VC type is SVC, and the SVC status is Up. For example:
<HUAWEI> display l2vpn ccc-interface vc-type all
Total ccc-interface of CCC VC: 1
up (1), down (0)
Interface Encap Type State VC Type
GigabitEthernet1/0/0 ppp up SVC
Run the display mpls l2vc command, and you can find that "Destination" is the peer
address of the specified VC, and "VC State" is "up". For example:
<HUAWEI> display mpls l2vc
total LDP VC : 2 2 up 0 down
*client interface : GigabitEthernet2/0/0.1
session state : up
AC status : up
VC state : up
VC ID : 101
VC type : VLAN
destination : 3.3.3.9
local VC label : 21504 remote VC label : 21504
control word : disable
forwarding entry : existent
local group ID : 0
manual fault : not set
active state : active
link state : up
local VC MTU : 1500 remote VC MTU : 1500
tunnel policy name : --
traffic behavior name: --
PW template name : --
primary or secondary : primary
create time : 0 days, 0 hours, 7 minutes, 53 seconds
up time : 0 days, 0 hours, 2 minutes, 29 seconds
last change time : 0 days, 0 hours, 2 minutes, 29 seconds
*client interface : GigabitEthernet2/0/0.2
session state : up
AC status : up
VC state : up
VC ID : 102
VC type : VLAN
destination : 3.3.3.9
local VC label : 21505 remote VC label : 21505
control word : disable
forwarding entry : existent
local group ID : 0
manual fault : not set
active state : active
link state : up
local VC MTU : 1500 remote VC MTU : 1500
tunnel policy name : --
traffic behavior name: --
PW template name : --
primary or secondary : primary
create time : 0 days, 0 hours, 7 minutes, 50 seconds
up time : 0 days, 0 hours, 2 minutes, 29 seconds
last change time : 0 days, 0 hours, 2 minutes, 29 seconds
– Run the display mpls l2vc remote-info command, and you can find that " Peer Addr"
is the peer address of the specified VC. For example:
<HUAWEI> display mpls l2vc remote-info
Total remote ldp vc : 1
– Run the display bgp l2vpn command, and you can find "Destination" is the peer address
of the VC, "route-distinguisher" of the L2VPN is correctly configured, and the label is
assigned to the peer device. For example:
<HUAWEI> display bgp l2vpn all
BGP Local router ID : 2.2.2.9, local AS number : 100
Origin codes:i - IGP, e - EGP, ? - incomplete
bgp.l2vpn: 1 destination
Route Distinguisher: 100:1
CE ID Label Offset Label Base nexthop pref as-path
4 0 132096 3.3.3.9 100
– Run the display mpls l2vpn connection command, and you can find "VPN name" is
correctly configured, the connection status is Up, and "route-distinguisher" is correctly
configured. For example:
[HUAWEI] display mpls l2vpn connection
1 total connections,
connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown
VPN name: vpn1,
1 total connections,
connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown
CE name: ce1, id: 1,
Rid type status peer-id route-distinguisher intf
2 rmt up 3.3.3.9 100:1 GigabitEthernet1/0/0
– Run the display mpls l2vpn command on the PE, and you can view the detailed
configurations of the L2VPN. For example:
# Check the configurations of all the L2VPNs on the PE.
<HUAWEI> display mpls l2vpn
VPN number: 1
vpn-name encap-type route-distinguisher mtu ce(L) ce(R)
vpn1 ppp 100:1 128 1 1
Run the display interface vlan command, and you can view the configurations of all sub-
interfaces on a main interface. For example:
<HUAWEI> display interface GigabitEthernet1/0/1 vlan 1
Sub-Interface VlanPolicy
-----------------------------------------------------------
GE1/0/1.6 DSCP 10
GE1/0/1.5 default
GE1/0/1.4 8021p 2 to 5 7
-----------------------------------------------------------
Interface:GE1/0/1 VLAN ID: 1 Sub-Interface num: 3
Applicable Environment
MPLS services are classified into the following types:
l MPLS TE service
NOTE
l Only the VLL PW over TE is supported, and the VLL PW over TE FRR is not supported.
l For the VLL PW over TE, only an RSVP-TE tunnel is supported, and only IS-IS TE rather than OSPF
TE can be adopted.
l Only the sub-interfaces for Dot1q termination and QinQ termination, rather than QinQ stacking sub-
interfaces, support the preceding services.
Pre-configuration Tasks
Before configuring the sub-interface for VLAN tag termination to access the MPLS service,
complete the following tasks:
l Ensure that devices are correctly connected and that the physical interfaces of each device
are in the Up state.
l Configure the correct VLANs of users to enable the packets received by the sub-interface
for VLAN tag termination to carry one or double tags.
Data Preparation
To configure the sub-interface for VLAN tag termination to access the MPLS service, you need
the following data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
mode user-termination
When this command is run on the main interface, ensure that no sub-interface is configured
under this main interface.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
Step 3 Run:
control-vid vid dot1q-termination [ rt-protocol ]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with
one tag.
The purpose of configuring the VLAN group for the users is to apply different QoS policies to
different VLAN groups.
Step 5 Run:
dot1q termination vid low-pe-vid [ to high-pe-vid ] [ vlan-group group-id ]
The VLAN tag termination function is configured for the dot1q sub-interface.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
Step 3 Run:
control-vid vid qinq-termination [ local-switch | [ rt-protocol | dynamic ] * ]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with
double tags.
The purpose of configuring the VLAN group for the users is to apply different QoS policies to
different VLAN groups.
Step 5 Run:
qinq termination pe-vid pe-vid [ to high-pe-vid ] ce-vid { low-ce-vid [ to high-ce-
vid ] | any } [ vlan-group group-id ]
----End
Context
Perform the following steps on the device that supports MPLS services:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
l MPLS TE
For detailed information, see the chapter "MPLS TE Configuration" in the HUAWEI
NetEngine80E/40E Router Configuration Guide - MPLS.
----End
Prerequisites
The sub-interface for VLAN tag termination to access the MPLS service has been configured.
Procedure
l Run display mpls interface [ interface-type interface-number ] [ verbose ] command to
check information about an interface enabled with MPLS.
l Run the display mpls rsvp-te [ interface interface-type interface-number ] command to
check information about RSVP.
l Run the display mpls te tunnel [ destination ip-address ] [ lsp-id lsr-id session-id lsp-
id | lsr-role { all | egress | ingress | remote | transit } ] [ name tunnel-name ] [ { incoming-
interface | interface | outgoing-interface } interface-type interface-number ] [ verbose ]
command to check the tunnel information.
----End
Applicable Environment
l QinQ Termination Supports the 802.1p Remark and DSCP Remark
According to RFC 2724, six bits of the Type of Service (ToS) field in an IPv4 packet header
serve as the DiffServ Code Point (DSCP), which provides reference for differentiated
services (DiffServ) and is used to ensure the Quality of Service (QoS) on the IP network.
The operation of the traffic controller on the gateway depends on the DSCP field.
After being terminated on the PE, the packet is sent to the ISP network. To ensure the
completeness of the QoS information in the packet, the mapping relationship between the
802.1p values in outer and inner tags and the DSCP field needs to be configured.
l QinQ Termination Supports the 802.1p Remark and EXP (MPLS) Remark
The EXP field in an MPLS packet is used for Class of Service (CoS). The operation of the
traffic controller on the gateway depends on the field.
After a user packet is terminated, it is sent to the ISP MPLS network. To ensure the
completeness of the QoS information in the packet, the mapping relationship between the
802.1p values in outer and inner tags and the EXP field needs to be configured.
Pre-configuration Tasks
Before configuring the sub-interface for QinQ VLAN tag termination to support 802.1p
mapping, complete the following tasks:
l Ensure that devices are correctly connected and that the physical interfaces of each device
are in the Up state.
l Configure the correct VLANs of users to enable the packets received by the sub-interface
for VLAN tag termination to carry double tags.
Data Preparation
Before configuring the sub-interface for QinQ VLAN tag termination to support 802.1p
mapping, complete the following tasks:
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
mode user-termination
When this command is run on the main interface, ensure that no sub-interface is configured
under this main interface.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
Step 3 Run:
control-vid vid qinq-termination [ local-switch | [ rt-protocol | dynamic ] * ]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the packets with
double tags.
Step 4 Run:
qinq termination pe-vid pe-vid [ to high-pe-vid ] ce-vid { low-ce-vid [ to high-ce-
vid ] | any } [ vlan-group group-id ]
Step 5 Run:
qinq 8021p-mode { trust { ce-vid-8021p | pe-vid-8021p } | precedence-value }
By default, the sub-interface for QinQ VLAN tag termination trusts the 802.1p priority in the
outer tag. That is, before qinq 8021p-mode is configured on the sub-interface, the sub-interface
implements QoS policies according to the 802.1p priority in the outer tag of the received packets.
----End
Prerequisites
Sub-interface for QinQ VLAN tag termination to support 802.1p mapping has been configured.
Procedure
l Run the display qinq information { termination | stacking } [ interface interface-type
interface-number [.subinterface-number ] ] command to check information about the sub-
interface for QinQ VLAN tag termination.
----End
Example
Run the display qinq information termination command on the PE, and you can view
information about the sub-interface for QinQ VLAN tag termination. For example:
<HUAWEI> display qinq information termination interface gigabitethernet 2/0/0
GigabitEthernet 2/0/0.1
qinq 8021p-mode trust ce-vid-8021p
Total QinQ Num: 1
qinq termination pe-vid 1 ce-vid 2
Total vlan-group Num: 0
control-vid 1 qinq-termination
Applicable Environment
The packet of the user that accesses the CE has one tag. The CE accesses the Internet Service
Provider (ISP) network through PEs.
It is required to configure a VLL or PWE3 on the PE for the sub-interface for VLAN stacking.
In this way, the user VLAN tags can be transparently transmitted on the ISP network, and the
user networks connected to the CEs can communicate.
To enable the PE to add an outer VLAN tag to received single-tagged packets, you can configure
QinQ stacking+802.1p/DiffServ Code Point (DSCP)/EthType on the PE. Then, each packet
entering an Ethernet sub-interface is attached with an outer VLAN tag based on the matching
policy.
Pre-configuration Tasks
Before configuring the sub-interface for VLAN stacking to access L2VPN, complete the
following tasks:
Data Preparation
To configure the sub-interface for VLAN stacking to access L2VPN, you need the following
data.
No. Data
1 The VLAN ID of the outer tag, (optional) VLAN group ID, 802.1p priorities,
DSCP values, or EthType values
2 VLAN ID to be encapsulated
3 New P-Tag
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
mode user-termination
When this command is run on the main interface, ensure that no sub-interface is configured
under this main interface.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
The purpose of configuring the VLAN group for the users is to apply different QoS policies to
different VLAN groups.
User packets with VLAN IDs within the specified range are attached with an outer VLAN
tag and QinQ stacking is configured to transparently transmit the user packets.
User packets received on Ethernet sub-interface can carry a single VLAN tag or double
VLAN tags. If an Ethernet sub-interface receives an untagged packet or a packet whose outer
VLAN tag is not the user VLAN tag, the Ethernet sub-interface discards the packet.
When running the qinq stacking vid command on different sub-interfaces of a main
interface, the values of ce-vid cannot overlap.
NOTE
The qinq stacking vid low-ce-vid [ to high-ce-vid ] [ vlan-group group-id ] command cannot configure a
PE VLAN ID. To configure the PE VLAN ID of a QinQ stacking sub-interface accessing a VPLS in VLAN
encapsulation type, run the qinq stacking pe-vid pe-vid command. In this situation, the QinQ stacking sub-
interface encapsulates the PE VLAN ID into the outer VLAN tag of each packet entering the public network.
l Run:
qinq stacking vid low-ce-vid [ to high-ce-vid ] { 8021p { 8021p-value1 [ to 8021p-
value2 ] } &<1-10> | dscp { dscp-value1 [ to dscp-value2 ] } &<1-10> | eth-type
eth-type-value | default }
User packets received on Ethernet sub-interfaces are attached with an outer VLAN tag based
on the matching policy. The matching policy can be VLAN+802.1p, VLAN+DSCP, or
VLAN+EthType.
NOTE
l When you run the qinq stacking vid low-ce-vid [ to high-ce-vid ] [ vlan-group group-id]command
on a sub-interface without configuring default or specifying 8021p-value, dscp-value, or eth-type-
value, it indicates that the VLAN range is exclusively occupied by the sub-interface and therefore any
VLAN within this range cannot be used in VLAN+802.1p/DSCP/EthType on other sub-interfaces.
l eth-type eth-type-value specifies the EthType. Currently, the EthType can be PPPoE or IPoE only.
To configure a sub-interface to process IPoE packets, you need to configure default when running the
qinq stacking vid low-ce-vid [ to high-ce-vid ] default command. When default is configured, it
indicates that all services from the VLAN are processed on the default sub-interface except that the
services configured with the matching policy are processed on the corresponding sub-interface as
specified in the matching policy.
----End
Context
As shown in Figure 5-11, CE1 and CE2 are connected to the L2VPN network through PE sub-
interfaces, PE1 and CE1 are Huawei devices, and PE2 and CE2 are non-Huawei devices.
If a PE1 user-side sub-interface is configured as a sub-interface for QinQ VLAN tag termination
in asymmetric mode, when receiving user packets, the sub-interface removes the outer VLAN
tag and adds another VLAN tag to the packets and then forwards the packets to the L2VPN
network.
Packets sent by the non-Huawei device PE2 to CE2 must carry two VLAN tags, but packets
forwarded by the Huawei device PE1 to PE2 carry only one VLAN tag. As a result, PE1 cannot
communicate with PE2, and users from user networks connected to CE1 and CE2 cannot
communicate with each other.
To address this issue, configure a push action on the PE1 user-side sub-interface. After
performing QinQ VLAN tag termination, the sub-interface then adds an inner VLAN tag to user
packets. As a result, PE1 can communicate with PE2 by sending double-tagged user packets.
Table 5-10 and Table 5-11 describe the packet processing on the inbound and outbound
interfaces, after a user-side sub-interface is configured as a VLAN tag termination sub-interface
or QinQ stacking sub-interface and a push action is configured on the sub-interface.
NOTE
The PW in Tagged mode is used as an example in Table 5-10 and Table 5-11.
Dot1q sub-interface Keeps the original VLAN tag in a packet and then adds another
VLAN tag using the push action.
Sub-interface for dot1q
VLAN tag termination
Sub- In Removes both VLAN tags from a packet, adds another VLAN tag
interface for asymme using the push action, and then adds a VLAN tag.
QinQ tric
VLAN tag mode
termination
In Removes the outer VLAN tag from a packet, adds another VLAN
symmet tag using the push action, and then adds a VLAN tag.
ric mode
QinQ stacking sub- l Adds a VLAN tag using the push action, and then adds another
interface VLAN tag, if the packet carries one VLAN tag specified on the
sub-interface.
l Adds a VLAN tag using the push action, and then adds another
VLAN tag, if the packet carries two VLAN tag specified on the
sub-interface. The original inner VLAN tag is transparently
transmitted as data.
Dot1q sub-interface Removes the outer VLAN tag from a packet and replaces the
remaining VLAN tag.
Sub-interface for dot1q
VLAN tag termination
Sub- In Removes both VLAN tags from a packet and adds two VLAN tags.
interface for asymme
QinQ tric
VLAN tag mode
termination
In Removes the outer VLAN tag from a packet and replaces the outer
symmet VLAN tag of the remaining two VLAN tag.
ric mode
QinQ stacking sub- l Removes the outer VLAN tag from a packet and replaces the
interface outer VLAN tag of the remaining two VLAN tag.
l Removes both VLAN tags from a packet and replaces the outer
VLAN tag of the remaining two VLAN tag.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
Step 3 Run:
A push action is configured so that the sub-interface adds a VLAN tag to received packets.
----End
Context
As shown in Figure 5-12, CE1 and CE2 are connected to the L2VPN network through PE sub-
interfaces, PE1 and CE1 are Huawei devices, and PE2 and CE2 are non-Huawei devices.
When a PE transmits multiple services over one PW, the PE adds different P-Tags to packets of
different services to isolate the packets on the L2VPN network. When the packets reach the sub-
interfaces of another PE on the other end of the PW, each sub-interface accepts only those packets
carrying the same P-Tag as that specified on the sub-interface.
However, because the P-Tags on PE1 and PE2 are different, PE1 cannot communicate with PE2,
and users from user networks connected to CE1 and CE2 cannot communicate with each other.
User
P-Tag' Network
PE1
Tagged mode
L2VPN
Network
Pw-tag PE2 CE2
Pw-tag
Ethernet Tunnel VC Ethernet IP
P-Tag Payload
Header Label Label Header Header
VLAN access
Ethernet IP
P-Tag Payload
Header Header
CE1
User
Network
To address this issue, configure a PW-tag action on the user-side sub-interface of PE1 so that
the sub-interface changes the packets' P-Tags to match PE2's before forwarding the packets to
the PW. This allows PE1 to communicate with PE2.
Table 5-12 provides the default P-Tag values and the P-Tag values after the PW-tag action.
In symmetric
mode
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
Step 3 Run:
pw-tag { vlan-id | inner-vlan | outer-vlan } [ 8021p { 8021p-value | inner-vlan |
outer-vlan } ]
A PW-tag action is configured so that the sub-interface changes the P-Tags of packets before
forwarding the packets to the PW in Tagged mode.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
For detailed information, see the chapters "Virtual Leased Line (VLL) Configuration", "Pseudo-
Wire Emulation Edge to Edge (PWE3) Configuration" in the HUAWEI NetEngine80E/40E
Router Configuration Guide - VPN.
l A sub-interface for QinQ stacking can be configured with various VLL connections,
including:
– Local Circuit Cross Connect (CCC) connection
– Remote CCC connection
– Remote SVC connection
– Local Kompella connection
– Remote Kompella connection
– Remote Martini connection
l A sub-interface for QinQ stacking can be configured with various VPLS connections,
including:
– Martini VPLS
– Kompella VPLS
NOTE
Run the qinq stacking client-mode single command on a sub-interface for QinQ stacking so that when
this sub-interface provides VPLS services, it learns only one MAC address no matter how many VLAN
segments are configured on it.
----End
Prerequisites
The sub-interface for QinQ stacking to access an L2VPN has been configured.
Procedure
l Run the display qinq information stacking [ interface interface-type interface-number
[.subinterface-number ] ] command to check QinQ stacking information.
l Run the display mpls l2vpn [ l2vpn-name [ local-ce | remote-ce ] ] command to check
information about the L2VPN on the PE.
l View the configuration of the L2VPN in CCC mode:
– Run the display vll ccc [ ccc-name | type { local | remote } ] command to check
information about the CCC connection.
– Run the display l2vpn ccc-interface vc-type ccc [ up | down ] command to check
information about the SVC interface in the Up or Down state.
l View the configuration of the L2VPN in SVC mode:
Example
Run the display qinq information stacking command on the PE. The details about the sub-
interface for VLAN stacking are displayed. For example:
<HUAWEI> display qinq information stacking interface gigabitethernet 1/0/1
GigabitEthernet1/0/1.1
VLL/PWE3 bound
Total QinQ Num: 2
qinq stacking vid 100 vlan-group 1
qinq stacking vid 200 vlan-group 1
Total vlan-group Num: 1
vlan-group 1
– Run the display l2vpn ccc-interface vc-type ccc command, and you can find that the
VC type is CCC, and the CCC status is Up. For example:
<HUAWEI> display l2vpn ccc-interface vc-type all
Total ccc-interface of CCC VC: 1
up (1), down (0)
Interface Encap Type State VC Type
GigabitEthernet1/0/0 ppp up CCC
– Run the display mpls static-l2vc command, and you can find that the VC status is Up.
For example:
– Run the display l2vpn ccc-interface vc-type static-l2vc up command, and you can
find that the VC type is SVC, and the SVC status is Up. For example:
<HUAWEI> display l2vpn ccc-interface vc-type all
Total ccc-interface of CCC VC: 1
up (1), down (0)
Interface Encap Type State VC Type
GigabitEthernet1/0/0 ppp up SVC
Run the display mpls l2vc command, and you can find that "Destination" is the peer
address of the specified VC, and "VC State" is "up". For example:
<HUAWEI> display mpls l2vc
total LDP VC : 2 2 up 0 down
*client interface : GigabitEthernet2/0/0.1
session state : up
AC status : up
VC state : up
VC ID : 101
VC type : VLAN
destination : 3.3.3.9
local VC label : 21504 remote VC label : 21504
control word : disable
forwarding entry : existent
local group ID : 0
manual fault : not set
active state : active
link state : up
local VC MTU : 1500 remote VC MTU : 1500
tunnel policy name : --
traffic behavior name: --
PW template name : --
primary or secondary : primary
create time : 0 days, 0 hours, 7 minutes, 53 seconds
up time : 0 days, 0 hours, 2 minutes, 29 seconds
last change time : 0 days, 0 hours, 2 minutes, 29 seconds
*client interface : GigabitEthernet2/0/0.2
session state : up
AC status : up
VC state : up
VC ID : 102
VC type : VLAN
destination : 3.3.3.9
local VC label : 21505 remote VC label : 21505
control word : disable
forwarding entry : existent
local group ID : 0
manual fault : not set
active state : active
link state : up
– Run the display mpls l2vc remote-info command, and you can find that " Peer Addr"
is the peer address of the specified VC. For example:
<HUAWEI> display mpls l2vc remote-info
Total remote ldp vc : 1
Transport Group Peer Remote Remote C MTU/
N S
VC ID ID Addr Encap VC Label Bit CELLS
Bit Bit
100 0 3.3.3.9 vlan 17408 0 1500
1 0
– Run the display bgp l2vpn command, and you can find "Destination" is the peer address
of the VC, "route-distinguisher" of the L2VPN is correctly configured, and the label is
assigned to the peer device. For example:
<HUAWEI> display bgp l2vpn all
BGP Local router ID : 2.2.2.9, local AS number : 100
Origin codes:i - IGP, e - EGP, ? - incomplete
bgp.l2vpn: 1 destination
Route Distinguisher: 100:1
CE ID Label Offset Label Base nexthop pref as-path
4 0 132096 3.3.3.9 100
– Run the display mpls l2vpn connection command, and you can find "VPN name" is
correctly configured, the connection status is Up, and "route-distinguisher" is correctly
configured. For example:
[HUAWEI] display mpls l2vpn connection
1 total connections,
connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown
VPN name: vpn1,
1 total connections,
connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown
CE name: ce1, id: 1,
Rid type status peer-id route-distinguisher intf
2 rmt up 3.3.3.9 100:1 GigabitEthernet1/0/0
– Run the display mpls l2vpn command on the PE, and you can view the detailed
configurations of the L2VPN. For example:
# Check the configurations of all the L2VPNs on the PE.
<HUAWEI> display mpls l2vpn
VPN number: 1
vpn-name encap-type route-distinguisher mtu ce(L) ce(R)
vpn1 ppp 100:1 128 1 1
Run the display interface vlan command, and you can view the configurations of all sub-
interfaces on a main interface. For example:
<HUAWEI> display interface GigabitEthernet1/0/1 vlan 1
Sub-Interface VlanPolicy
-----------------------------------------------------------
GE1/0/1.6 DSCP 10
GE1/0/1.5 default
GE1/0/1.4 8021p 2 to 5 7
-----------------------------------------------------------
Interface:GE1/0/1 VLAN ID: 1 Sub-Interface num: 3
Applicable Environment
A common sub-interface for QinQ termination can terminate a maximum of 16,000 double-
tagged user packets. When the number of the user packets exceeds 16,000, you can use the
dynamic QinQ function. After that, the sub-interface for QinQ aggregation can terminate a
maximum of 64,000 double-tagged user packets.
Dynamic QinQ is configured on the sub-interface for VLAN tag termination on the client side
of the DHCP relay to allocate VLAN tags to the login users. After ARP is associated with the
DHCP binding table, when users log out abnormally after obtaining IP addresses, the system
senses this failure automatically, and then deletes the binding relationship in the DHCP binding
table and informs the DHCP server to release IP addresses and VLAN tags.
Pre-configuration Tasks
Before configuring dynamic QinQ, complete the following tasks:
Data Preparation
To configure dynamic QinQ, you need the following data.
No. Data
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
mode user-termination
When this command is run on the main interface, ensure that no sub-interface is configured
under this main interface.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
Step 3 Run:
control-vid vid qinq-termination dynamic
Step 4 Run:
qinq-dynamic max-access-user access-user-number
Step 5 Run:
qinq-dynamic user-queue queue-number bandwidth bandwidth { inbound | outbound }
NOTE
In the case of interfaces configured with dynamic QinQ, usually it is users who send the ARP request
actively to the gateway device; if ARP rigid learning is also configured on the device, all interfaces on the
device learn the responses to the ARP requests that are actively sent by themselves instead of learning the
requests sent by other devices. As a result, dynamic QinQ interfaces on this device cannot learn ARP entries
of users and then users fail to log in. To solve the problem, you can run the arp learning strict force-
disable command on the interface configured with dynamic QinQ so that the interface can learn the ARP
requests sent by users.
Step 6 Run:
qinq termination pe-vid pe-vid [ to high-pe-vid ] ce-vid { low-ce-vid [ to high-ce-
vid ] | any } [ vlan-group group-id ]
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number.subinterface-number
NOTE
l On the DHCP relay, you need to use the dhcp option82 insert enable command or the dhcp option82
rebuild enable command to enable the sub-interface for QinQ VLAN tag termination to insert the
Option 82 field into the DHCP message.
If the QinQ sub-interface is not configured with Option 82, when accessing the DHCP relay service,
the QinQ sub-interface encapsulates all the DHCP messages received from the DHCP relay with only
the smallest VLAN ID configured on it and sends the messages to the client side. The other VLAN
IDs are not processed.
l The DHCP server must support the Option82 return function. Namely, the Offer or ACK message
returned from the DHCP server must contain the Option82 information.
l Run the arp learning strict force-disable command to unfetter the dynamic QinQ interface from
global ARP rigid learning so that the dynamic QinQ interface can learn the ARP request sent by users.
----End
Prerequisites
Dynamic QinQ has been configured.
Procedure
l Run the display qinq information { termination | stacking } [ interface interface-type
interface-number [.subinterface-number ] ] command to check information about the sub-
interface for QinQ VLAN tag termination.
l Run the display dhcp snooping global command to check information about DHCP
snooping.
----End
Example
Run the display qinq information termination command on the PE, and you can view
information about the sub-interface for QinQ VLAN tag termination. For example:
<HUAWEI> display qinq information termination interface gigabitethernet 2/0/0
GigabitEthernet2/0/0.1
Total QinQ Num: 1
qinq termination pe-vid 1000 ce-vid 100 to 200 vlan-group 1
Total vlan-group Num: 1
vlan-group 1
control-vid 1 qinq-termination
Running the display dhcp snooping global command on the DHCP relay, you can find that
DHCP snooping is enabled in the global view and interface view. In addition, you can view the
statistics of the alarm message sent to the NMS.
<DHCP-Relay> display dhcp snooping global
dhcp snooping enable
dhcp snooping nomatch-packet ip action discard
dhcp snooping nomatch-packet arp action discard
Applicable Environment
On the ISP network, a router may receive the packet with the spoofing source address. In this
case, you need to configure URPF on the relevant interface to avoid the attacks based on the
source address spoofing.
When a router receives a packet with double tags, you need to apply URPF on the sub-interface
for QinQ VLAN tag termination.
Pre-configuration Tasks
Before configuring the sub-interface for QinQ VLAN tag termination to support URPF,
complete the following tasks:
Data Preparation
To configure the sub-interface for QinQ VLAN tag termination to support URPF, you need the
following data.
No. Data
Context
Perform the following steps on the PE.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface { gigabitethernet | eth-trunk } interface-number
Step 3 Run:
mode user-termination
----End
Context
Perform the following steps on the PE.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface { gigabitethernet | eth-trunk } interface-number.subinterface-number
Step 3 Run:
control-vid vid qinq-termination [ local-switch | [ rt-protocol | flexible ] * ]
The VLAN ID of the sub-interface for VLAN tag termination is set to terminate the user packets
with double tags.
Step 4 Run:
qinq termination pe-vid pe-vid ce-vid low-ce-vid [ to high-ce-vid ]
----End
Context
Perform the following steps on the PE.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface { gigabitethernet | eth-trunk } interface-number.subinterface-number
Step 3 Run:
ip urpf loose [ allow-default ]
URPF is enabled. That is, the IP address must be in the FIB but the interface may not be matched.
----End
Procedure
Step 1 Run the display qinq information termination [ interface interface-type interface-number
[.subinterface-number ] ] command to display the information of QinQ termination.
----End
Example
Run the display qinq information termination command on PE. The details about the sub-
interface for QinQ termination are displayed. For example:
Applicable Environment
When the number of VLANs on an interface is more than 4000, you should configure QinQ to
expand the VLAN capacity.
Pre-configuration Task
Before configuring the user-side QinQ, complete the following tasks:
Data Preparation
To configure the user-side QinQ, you need the following data.
No. Data
1 QinQ ID
2 Sub-interface number
Context
Perform the following steps on the NE80E/40E:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface interface-type interface-number.sub-interface-nmuber
----End
Prerequisites
QinQ has been configured at the user side of the BRAS.
Procedure
l Run the display this command in the sub-interface view at the user side to check QinQ
configuration.
l Run the display user-vlan dynamic command in the user view to check VLAN information
of online dynamic users.
----End
Example
Run the display user-vlan dynamic command to check VLAN information of online dynamic
users. For example:
Context
NOTICE
Statistics about QinQ packets cannot be restored after you clear it. So, confirm the action before
you use the command.
To clear the QinQ Statistics, run the following reset command in the user view:
Procedure
Step 1 Run the reset qinq statistic interface interface-type interface-number.subinterface-number
vlan-group group-id command to clear the QinQ statistics.
----End
Procedure
l Run the display dot1q information termination [ interface interface-type interface-
number [.subinterface-number ] ] command in any view to check information about the
sub-interface for dot1q VLAN tag termination.
l Run the display qinq information termination [ interface interface-type interface-
number [.subinterface-number ] ] command in any view to check information about the
sub-interface for QinQ VLAN tag termination.
----End
NOTE
This document takes interface numbers and link types of the NE40E-X8 as an example. In working
situations, the actual interface numbers and link types may be different from those used in this document.
Networking Requirements
In the network as shown in Figure 5-13, enterprise 1 has two offices and enterprise 2 has three
offices; offices of enterprise 1 and enterprise 2 connect to RouterA and RouterB in the operator
network respectively. Enterprise 1 and enterprise 2 can partition their own VLANs as desired.
It is required to configure the QinQ tunnel on RouterA and RouterB. Therefore, office networks
in enterprise 1 or enterprise 2 can interwork but office networks between enterprise 1 and
enterprise 2 cannot interwork.
Company 2 Company 2
RouterB
GE1/0/1 GE2/0/1
GE3/0/1
…… ……
RouterA GE1/0/0
VLAN1000 VLAN4094 GE1/0/1 GE3/0/1 VLAN500 VLAN2500
GE2/0/1
…… ……
……
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Create the default outer VLAN tag for a Layer 2 interface.
# Configure RouterA.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] vlan batch 10 20
# Configure RouterB.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] vlan batch 20
# Configure RouterA.
[RouterA] interface gigabitethernet 1/0/1
[RouterA-GigabitEthernet1/0/1] portswitch
[RouterA-GigabitEthernet1/0/1] port link-type dot1q-tunnel
[RouterA-GigabitEthernet1/0/1] port default vlan 10
[RouterA-GigabitEthernet1/0/1] undo shutdown
[RouterA-GigabitEthernet1/0/1] quit
[RouterA] interface gigabitethernet 2/0/1
[RouterA-GigabitEthernet2/0/1] portswitch
[RouterA-GigabitEthernet2/0/1] port link-type dot1q-tunnel
[RouterA-GigabitEthernet2/0/1] port default vlan 20
[RouterA-GigabitEthernet2/0/1] undo shutdown
[RouterA-GigabitEthernet2/0/1] quit
[RouterA] interface gigabitethernet 3/0/1
[RouterA-GigabitEthernet3/0/1] portswitch
[RouterA-GigabitEthernet3/0/1] port link-type dot1q-tunnel
[RouterA-GigabitEthernet3/0/1] port default vlan 10
[RouterA-GigabitEthernet3/0/1] undo shutdown
[RouterA-GigabitEthernet3/0/1] quit
# Configure RouterB.
[RouterB] interface gigabitethernet 1/0/1
[RouterB-GigabitEthernet1/0/1] portswitch
[RouterB-GigabitEthernet1/0/1] port link-type dot1q-tunnel
[RouterB-GigabitEthernet1/0/1] port default vlan 20
[RouterB-GigabitEthernet1/0/1] undo shutdown
[RouterB-GigabitEthernet1/0/1] quit
[RouterB] interface gigabitethernet 2/0/1
[RouterB-GigabitEthernet2/0/1] portswitch
[RouterB-GigabitEthernet2/0/1] port link-type dot1q-tunnel
[RouterB-GigabitEthernet2/0/1] port default vlan 20
[RouterB-GigabitEthernet2/0/1] undo shutdown
[RouterB-GigabitEthernet2/0/1] quit
# Allow the packets in VLAN 10 and VLAN 20 to pass through GE 1/0/0 on RouterA.
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] portswitch
[RouterA-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 20
[RouterA-GigabitEthernet1/0/0] undo shutdown
[RouterA-GigabitEthernet1/0/0] quit
Hosts in different offices but the same VLAN can ping through each other in enterprise 1.
Hosts in different offices but the same VLAN can ping through each other in enterprise 2.
Any host in enterprise 1 and enterprise 2 cannot ping through each other.
----End
Configuration Files
l Configuration file of RouterA
#
sysname RouterA
#
vlan batch 10 20
#
interface GigabitEthernet1/0/0
undo shutdown
portswitch
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port link-type dot1q-tunnel
port default vlan 10
#
interface GigabitEthernet2/0/1
undo shutdown
portswitch
port link-type dot1q-tunnel
port default vlan 20
#
interface GigabitEthernet3/0/1
undo shutdown
portswitch
port link-type dot1q-tunnel
port default vlan 10
#
return
#
return
Networking Requirements
As shown in Figure 5-14, enterprise 1 and enterprise 2 have many offices.
l VLAN 2 to VLAN 500 are used in the network of enterprise 1.
l VLAN 500 to VLAN 4094 are used in the network of enterprise 2.
l GE 1/0/1 on RouterA receives the packets from different VLANs of enterprise 1 and
enterprise 2 simultaneously.
It is required to configure Layer 2 selective QinQ on GE 1/0/1 of RouterA. Therefore, office
networks in enterprise 1 or enterprise 2 can interwork but office networks between enterprise 1
and enterprise 2 cannot interwork.
…… GE3/0/1 ……
RouterA GE3/0/1
……
……
……
VLAN100 VLAN500
Company 1
VLAN2 VLAN500 VLAN1000 VLAN2000
Company 1 Company 2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the default outer VLAN tag.
2. Configure selective QinQ for a Layer 2 interface.
3. Configure the interfaces disabled with QinQ and allow the packets carrying the specific
outer tags to pass through the interface.
Data Preparation
To complete the configuration, you need the following data:
l Number of the interface connecting to enterprise 1 and enterprise 2
l Outer tags attached to the packets of different enterprises on Layer 2 interfaces of
RouterA and RouterB
Procedure
Step 1 Create the default outer VLAN tag for a Layer 2 interface.
# Configure RouterA.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] vlan batch 10 20
# Configure RouterB.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] vlan batch 20
# Configure RouterB.
[RouterB] interface gigabitethernet 1/0/1
[RouterB-GigabitEthernet1/0/1] portswitch
[RouterB-GigabitEthernet1/0/1] port vlan-stacking vlan 1000 to 4094 stack-vlan 20
[RouterB-GigabitEthernet1/0/1] undo shutdown
[RouterB-GigabitEthernet1/0/1] quit
[RouterB] interface gigabitethernet 2/0/1
[RouterB-GigabitEthernet2/0/1] portswitch
[RouterB-GigabitEthernet2/0/1] port vlan-stacking vlan 500 to 2500 stack-vlan 20
----End
Configuration Files
l Configuration file of RouterA
#
sysname RouterA
#
vlan batch 10 20
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port vlan-stacking vlan 2 to 500 stack-vlan 10
port vlan-stacking vlan 1000 to 2000 stack-vlan 20
#
interface GigabitEthernet2/0/1
undo shutdown
portswitch
port vlan-stacking vlan 100 to 500 stack-vlan 10
#
interface GigabitEthernet3/0/1
undo shutdown
portswitch
port trunk allow-pass vlan 20
#
return
l RouterB
#
sysname RouterB
#
vlan batch 20
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
Networking Requirements
Router B is Huawei data communications equipment. Router A and Router C are the devices of
other vendors. Switch A is the switch of other vendors. Figure 5-15 shows the networking
diagram and the EthType value in the outer tag of QinQ packets. Devices of different vendors
can cooperate by setting the EthType value in the outer tag of the interface on Router B.
Figure 5-15 Networking diagram of configuring the compatibility of the EthType field in the
outer tag of QinQ packets
100
0x9
GE1/0/0
0x9100
IP/MPLS Switch A
Core
0x81
Router A GE2/0/0 00
Router B
Router C
Device Name EthType Value in the Outer Tag Device Name EthType Value in the Outer Tag
Router A 0x9100 Router C 0x8100
Router B 0x8100 Switch A 0x9100
Configuration Roadmap
The configuration roadmap is as follows:
1. Switch Layer 3 interfaces into Layer 2 interfaces.
2. Configure the compatibility of the EthType field in the outer tag of QinQ packets on the
Layer 2 interface of the device in the demand for interworking.
Data Preparation
To complete the configuration, you need the following data:
l EthType encapsulation value in the outer tag of the device of other vendors
l Name of the physical interface through which RouterB connects to the devices of other
vendors
Procedure
Step 1 Switch the interface connecting to the devices of other vendors into a Layer 2 interface.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] portswitch
[RouterB-GigabitEthernet1/0/0] undo shutdown
[RouterB-GigabitEthernet1/0/0] quit
[RouterB] interface gigabitethernet 2/0/0
[RouterB-GigabitEthernet2/0/0] portswitch
[RouterB-GigabitEthernet2/0/0] undo shutdown
[RouterB-GigabitEthernet2/0/0] quit
Step 2 Configure the EthType encapsulation value of the outer tag on the physical interface through
which RouterB connects to the devices of other vendors.
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] qinq protocol 9100
[RouterB-GigabitEthernet1/0/0] undo shutdown
After the previous configurations, running the display this command on GE 1/0/0 of RouterB,
you can view the configuration of this command.
Run the display bpdu-tunnel interface config command, you can view the configuration of
TPID.
[RouterB-GigabitEthernet1/0/0] display bpdu-tunnel interface config
BpduDot1qStatus disable
BpduOneQStatus disable
BpduTwoQStatus disable
EtherType 9100
Dot1qVlan
TwoQList
----End
Configuration Files
Configuration file of Router B
#
sysname RouterB
#
interface GigabitEthernet 1/0/0
undo shutdown
qinq protocol 9100
portswitch
#
interface GigabitEthernet 2/0/0
undo shutdown
portswitch
#
return
Network Requirements
As shown in Figure 5-16, PE and CE are connected through Ethernet sub-interfaces. GE 1/0/0
and GE 1/0/1 on CE belong to different VLANs. CE is connected to PC 1 and PC 2. PC 1 and
PC 2 are in the same network segment. PC 1 and PC 2 are not configured with the default gateway.
Proxy ARP therefore needs to be configured on the sub-interface GE 1/0/0.1 of PE so that PC
1 and PC 2 can communicate with each other.
Figure 5-16 Typical networking diagram of configuring the sub-interface for dot1q VLAN tag
termination to support proxy ARP
Router1
GE1/0/0.1
10.1.1.254/24
GE1/0/2
Router2
GE1/0/0 GE1/0/1
VLAN10 VLAN20
PC1:10.1.1.1/24 PC2:10.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Switch the interface to a Layer 2 interface.
# Configure CE.
<HUAWEI> system-view
[HUAWEI] sysname CE
[CE] interface gigabitethernet 1/0/0
[CE-GigabitEthernet1/0/0] portswitch
[CE-GigabitEthernet1/0/0] undo shutdown
[CE-GigabitEthernet1/0/0] quit
[CE] interface gigabitethernet 1/0/1
[CE-GigabitEthernet1/0/1] portswitch
[CE-GigabitEthernet1/0/1] undo shutdown
[CE-GigabitEthernet1/0/1] quit
[CE] interface gigabitethernet 1/0/2
[CE-GigabitEthernet1/0/2] portswitch
[CE-GigabitEthernet1/0/2] undo shutdown
[CE-GigabitEthernet1/0/2] quit
NOTE
If the interface is already a Layer 2 interface, the preceding operation is not required.
# Configure CE.
[CE] vlan 10
[CE-vlan10] port gigabitethernet 1/0/0
[CE-vlan10] quit
[CE] vlan 20
[CE-vlan20] port gigabitethernet 1/0/1
[CE-vlan20] quit
[CE] interface gigabitethernet 1/0/2
[CE-GigabitEthernet1/0/2] port trunk allow-pass vlan 10 20
[CE-GigabitEthernet1/0/2] quit
Step 3 Configure the sub-interface for dot1q VLAN tag termination and enable proxy ARP on the sub-
interface.
# Configure PE.
<HUAWEI> system-view
[HUAWEI] sysname PE
[PE] interface gigabitethernet 1/0/0
[PE-GigabitEthernet1/0/0] mode user-termination
[PE-GigabitEthernet1/0/0] undo shutdown
[PE-GigabitEthernet1/0/0] quit
[PE] interface gigabitethernet 1/0/0.1
[PE-GigabitEthernet1/0/0.1] control-vid 1 dot1q-termination
[PE-GigabitEthernet1/0/0.1] dot1q termination vid 10
[PE-GigabitEthernet1/0/0.1] dot1q termination vid 20
[PE-GigabitEthernet1/0/0.1] arp-proxy inter-sub-vlan-proxy enable
[PE-GigabitEthernet1/0/0.1] arp broadcast enable
[PE-GigabitEthernet1/0/0.1] undo shutdown
[PE-GigabitEthernet1/0/0.1] quit
Ping PC 2 from PC 1. The ping succeeds. If viewing the ARP table on PC 1, you can find that
the MAC address corresponding to PC 2 is the MAC address of GE 1/0/0 on PE.
----End
Configuration Files
l Configuration file of PE
#
sysname PE
#
interface GigabitEthernet1/0/0
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/0.1
undo shutdown
control-vid 1 dot1q-termination
dot1q termination vid 10
dot1q termination vid 20
arp-proxy inter-sub-vlan-proxy enable
arp broadcast enable
#
return
l Configuration file of CE
#
sysname CE
#
vlan batch 10 20
#
interface GigabitEthernet1/0/0
undo shutdown
portswitch
port default vlan 10
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port default vlan 20
#
interface GigabitEthernet1/0/2
undo shutdown
portswitch
port trunk allow-pass vlan 10 20
#
return
Network Requirements
As shown in Figure 5-17, PE is connected to CE3 through a sub-interface. GE 1/0/0 and GE
1/0/1 on CE3 belong to different VLANs. CE3 is connected to PC 1 and PC 2 through CE1 and
CE2 respectively. PC 1 and PC 2 are in the same network segment but belong to different
VLANs. Configure QinQ on the convergent device CE3, with the outer tag as 100. The packet
sent from CE3 to PE then carries double tags. Default gateways are not configured on PC 1 and
PC 2. In this case, you can configure proxy ARP on the sub-interface GE 1/0/0.1 of PE to
implement inter-communication between PC 1 and PC 2.
Figure 5-17 Typical networking diagram of configuring the sub-interface for QinQ VLAN tag
termination to support proxy ARP
PE
GE1/0/1.1
10.1.1.254/24
GE1/0/2
CE3
GE1/0/0 GE1/0/1
GE1/0/1 GE1/0/1
CE1 CE2
GE1/0/0 GE1/0/0
VLAN10 VLAN20
PC1:10.1.1.1/24 PC2:10.1.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Switch the interface to a Layer 2 interface.
# Configure CE3.
<HUAWEI> system-view
[HUAWEI] sysname CE3
[CE3] interface gigabitethernet 1/0/0
[CE3-GigabitEthernet1/0/0] portswitch
[CE3-GigabitEthernet1/0/0] undo shutdown
[CE3-GigabitEthernet1/0/0] quit
[CE3] interface gigabitethernet 1/0/1
[CE3-GigabitEthernet1/0/1] portswitch
[CE3-GigabitEthernet1/0/1] undo shutdown
[CE3-GigabitEthernet1/0/1] quit
[CE3] interface gigabitethernet 1/0/2
[CE3-GigabitEthernet1/0/2] portswitch
[CE3-GigabitEthernet1/0/2] undo shutdown
[CE3-GigabitEthernet1/0/2] quit
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] portswitch
[CE1-GigabitEthernet1/0/0] undo shutdown
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface gigabitethernet 1/0/1
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] quit
# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] interface gigabitethernet 1/0/0
[CE2-GigabitEthernet1/0/0] portswitch
[CE2-GigabitEthernet1/0/0] undo shutdown
[CE2-GigabitEthernet1/0/0] quit
[CE2] interface gigabitethernet 1/0/1
[CE2-GigabitEthernet1/0/1] portswitch
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] quit
NOTE
If the interface is already a Layer 2 interface, the preceding operation is not required.
# Configure CE1.
[CE1] vlan 10
[CE1-vlan10] port gigabitethernet 1/0/0
[CE1-vlan10] quit
[CE1] interface gigabitethernet 1/0/1
[CE1-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet1/0/1] quit
# Configure CE2.
[CE2] vlan 20
[CE2-vlan20] port gigabitethernet 1/0/0
[CE2-vlan20] quit
[CE2] interface gigabitethernet 1/0/1
[CE2-GigabitEthernet1/0/1] port trunk allow-pass vlan 20
[CE2-GigabitEthernet1/0/1] quit
Step 3 Configure QinQ on CE3 and set the packet sent from CE3 to PE to carry double VLAN tags.
# Configure CE3.
[CE3] vlan 100
[CE3-vlan100] quit
[CE3] interface gigabitethernet 1/0/0
[CE3-GigabitEthernet1/0/0] port vlan-stacking vlan 10 stack-vlan 100
[CE3-GigabitEthernet1/0/0] quit
[CE3] interface gigabitethernet 1/0/1
NOTE
If the device does not support the port vlan-stacking command, you can run the commands port link-
type dot1q-tunnel and port default vlan on the interface to configure QinQ.
Step 4 Configure the sub-interface for QinQ VLAN tag termination and enable proxy ARP on the sub-
interface.
# Configure PE.
<HUAWEI> system-view
[HUAWEI] sysname PE
[PE] interface gigabitethernet 1/0/0
[PE-GigabitEthernet1/0/0] mode user-termination
[PE-GigabitEthernet1/0/0] undo shutdown
[PE-GigabitEthernet1/0/0] quit
[PE] interface gigabitethernet 1/0/0.1
[PE-GigabitEthernet1/0/0.1] control-vid 1 qinq-termination
[PE-GigabitEthernet1/0/0.1] qinq termination pe-vid 100 ce-vid 10
[PE-GigabitEthernet1/0/0.1] qinq termination pe-vid 100 ce-vid 20
[PE-GigabitEthernet1/0/0.1] ip address 10.1.1.254 24
[PE-GigabitEthernet1/0/0.1] arp-proxy inter-sub-vlan-proxy enable
[PE-GigabitEthernet1/0/0.1] arp broadcast enable
[PE-GigabitEthernet1/0/0.1] undo shutdown
[PE-GigabitEthernet1/0/0.1] quit
NOTE
When you run the qinq termination command on the same primary interface, the ce-vid values cannot be
the same if the pe-vid values of the two different sub-interfaces are the same.
----End
Configuration Files
l Configuration file of PE
#
sysname PE
#
interface GigabitEthernet1/0/0
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/0.1
undo shutdown
control-vid 1 qinq-termination
qinq termination pe-vid 100 ce-vid 10
qinq termination pe-vid 100 ce-vid 20
ip address 10.1.1.254 255.255.255.0
arp-proxy inter-sub-vlan-proxy enable
arp broadcast enable
#
return
#
sysname CE3
#
vlan batch 100
#
interface GigabitEthernet1/0/0
undo shutdown
portswitch
port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port vlan-stacking vlan 20 stack-vlan 100
#
interface GigabitEthernet1/0/2
undo shutdown
portswitch
port trunk allow-pass vlan 100
#
return
Network Requirements
As shown in Figure 5-18, a host accesses the ISP network through the default gateway.
l As the default gateway of the host, the VRRP backup group consists of Router A and
Router B.
l In normal case, Router A serves as the gateway. When Router A is faulty, Router B acts
as the gateway.
l When Router A recovers, it can become master within 20 seconds.
l The packets sent by Switch 1 have a single tag.
Figure 5-18 Typical networking diagram of configuring the sub-interface for dot1q VLAN tag
termination to support VRRP
MPLS/IP
backbone
POS1/0/0 POS1/0/1
192.168.2.2/24 192.168.1.2/24
POS1/0/0 POS1/0/0
192.168.2.1/24 Router3 192.168.1.1/24
Router1 Router2
Backup Group1
GE2/0/0.1 GE2/0/0.1
10.11.1/24 virture IP address 10.11.1.2/24
10.11.1.111/24
Switch
GE1/0/1 GE1/0/2
GE1/0/0
VLAN10
Host10.11.1.3/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the interface mode on Router A and Router B to the user termination mode.
2. Run an IGP to ensure the connectivity between routers on the backbone network.
3. Configure the GE 2/0/0.1 interfaces of Router A and Router B as the sub-interface for dot1q
VLAN tag termination.
4. Create the backup group1 on the interface GE 2/0/0.1 of Router A, and configure the high
precedence for Router A in the backup group. Ensure that Router A is master, and Configure
Preemption mode.
5. Create the backup group1 on the interface GE 2/0/0.1 of Router B, and use the default
precedence.
6. Configure the basic Layer 2 forwarding function on Switch.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the interface mode to user termination.
# Configure Router A.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] mode user-termination
[RouterA-GigabitEthernet2/0/0] undo shutdown
[RouterA-GigabitEthernet2/0/0] quit
# Configure Router B.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] interface gigabitethernet 2/0/0
[RouterB-GigabitEthernet2/0/0] mode user-termination
[RouterB-GigabitEthernet2/0/0] undo shutdown
[RouterB-GigabitEthernet2/0/0] quit
Configure IP addresses of interfaces as described in Figure 5-18. Configure IGP that runs
between Router A, Router B, and Router C. In this example, OSPF is configured.
# Configure Router A.
[RouterA] interface pos 1/0/0
[RouterA-Pos1/0/0] ip address 192.168.2.1 24
[RouterA-Pos1/0/0] undo shutdown
[RouterA-Pos1/0/0] quit
[RouterA] interface gigabitethernet 2/0/0.1
[RouterA-GigabitEthernet2/0/0.1] ip address 10.11.1.1 24
[RouterA-GigabitEthernet2/0/0.1] undo shutdown
[RouterA-GigabitEthernet2/0/0.1] quit
[RouterA] ospf
[RouterA-ospf-1] area 0
[RouterA-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[RouterA-ospf-1-area-0.0.0.0] network 10.11.1.0 0.0.0.255
[RouterA-ospf-1-area-0.0.0.0] quit
[RouterA-ospf-1] quit
# Configure Router B.
[RouterB] interface pos 1/0/0
[RouterB-Pos1/0/0] ip address 192.168.1.1 24
[RouterB-Pos1/0/0] undo shutdown
[RouterB-Pos1/0/0] quit
[RouterB] interface gigabitethernet 2/0/0.1
[RouterB-GigabitEthernet2/0/0.1] ip address 10.11.1.2 24
[RouterB-GigabitEthernet2/0/0.1] undo shutdown
[RouterB-GigabitEthernet2/0/0.1] quit
[RouterB] ospf
[RouterB-ospf-1] area 0
[RouterB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.0] network 10.11.1.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.0] quit
[RouterB-ospf-1] quit
# Configure Router C.
<HUAWEI> system-view
[HUAWEI] sysname RouterC
[RouterC] interface pos 1/0/0
[RouterC-Pos1/0/0] ip address 192.168.2.2 24
[RouterC-Pos1/0/0] undo shutdown
[RouterC-Pos1/0/0] quit
[RouterC] interface pos 1/0/1
[RouterC-Pos2/0/0] ip address 192.168.1.2 24
[RouterC-Pos2/0/0] undo shutdown
[RouterC-Pos2/0/0] quit
[RouterC] ospf
[RouterC-ospf-1] area 0
[RouterC-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.0] quit
[RouterC-ospf-1] quit
After the preceding configurations, Router A and Router B both have routes, discovered through
OSPF, to each other. Router A and Router B can ping through each other.
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 60/88/110 ms
Step 3 Configure VRRP on the sub-interface for dot1q VLAN tag termination.
Set the default gateway of the host to 10.11.1.111.
# Configure Router A, create backup group 1, and set the priority of Router A in this backup
group to 120. (Router A serves as the Master.)
[RouterA] interface gigabitethernet 2/0/0.1
[RouterA-GigabitEthernet2/0/0.1] control-vid 1 dot1q-termination
[RouterA-GigabitEthernet2/0/0.1] dot1q termination vid 10
[RouterA-GigabitEthernet2/0/0.1] dot1q vrrp vid 10
[RouterA-GigabitEthernet2/0/0.1] vrrp vrid 1 virtual-ip 10.11.1.111
[RouterA-GigabitEthernet2/0/0.1] vrrp vrid 1 priority 120
[RouterA-GigabitEthernet2/0/0.1] vrrp vrid 1 preempt-mode timer delay 20
[RouterA-GigabitEthernet2/0/0.1] arp broadcast enable
[RouterA-GigabitEthernet2/0/0.1] undo shutdown
[RouterA-GigabitEthernet2/0/0.1] quit
# Configure Router B, create backup group 1, and set the priority of Router B in this backup
group to the default value. (Router B serves as the Backup.)
[RouterB] interface gigabitethernet 2/0/0.1
[RouterB-GigabitEthernet2/0/0.1] control-vid 1 dot1q-termination
[RouterB-GigabitEthernet2/0/0.1] dot1q termination vid 10
[RouterB-GigabitEthernet2/0/0.1] dot1q vrrp vid 10
[RouterB-GigabitEthernet2/0/0.1] vrrp vrid 1 virtual-ip 10.11.1.111
[RouterB-GigabitEthernet2/0/0.1] arp broadcast enable
[RouterB-GigabitEthernet2/0/0.1] undo shutdown
[RouterB-GigabitEthernet2/0/0.1] quit
After the preceding steps, the sub-interfaces for dot1q VLAN tag termination on Router A and
Router B become Up. A route to the network segment 10.11.1.0/24 is generated on Router C.
Take the display on Router C as an example:
[Router3] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.11.1.0/24 OSPF 10 2 D 192.168.2.1 Pos1/0/0
OSPF 10 2 D 192.168.1.1 Pos1/0/1
10.11.1.111/32 OSPF 10 2 D 192.168.2.1 Pos1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/24 Direct 0 0 D 192.168.1.2 Pos1/0/1
192.168.1.1/32 Direct 0 0 D 192.168.1.1 Pos1/0/1
192.168.1.2/32 Direct 0 0 D 127.0.0.1 Pos1/0/1
192.168.2.0/24 OSPF 10 2 D 192.168.2.1 Pos1/0/0
192.168.2.0/30 Direct 0 0 D 192.168.2.2 Pos1/0/0
192.168.2.1/32 Direct 0 0 D 192.168.2.1 Pos1/0/0
192.168.2.2/32 Direct 0 0 D 127.0.0.1 Pos1/0/0
[Switch-vlan10] quit
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[Switch-GigabitEthernet1/0/1] quit
[Switch-GigabitEthernet1/0/1] undo shutdown
[Switch] interface gigabitethernet 1/0/2
[Switch-GigabitEthernet1/0/2] port trunk allow-pass vlan 10
[Switch-GigabitEthernet1/0/2] undo shutdown
[Switch-GigabitEthernet1/0/2] quit
Running the display ip routing-table command, you can view that there is a direct route in
the routing table on Router A. The destination address of the direct route is a virtual IP
address. The route is an OSPF route on Router B.
The command output on Router A and Router B are as follows:
[RouterA] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.11.1.0/24 Direct 0 0 D 10.11.1.1 GigabitEthernet2/0/0.1
10.11.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0.1
10.11.1.2/32 Direct 0 0 D 10.11.1.2 GigabitEthernet2/0/0.1
After 20 seconds, run the display vrrp command on Router A to view VRRP status. You
can find VRRP status restores Master.
[RouterA] display vrrp
GigabitEthernet2/0/0.1 | Virtual Router 1
State : Master
Virtual IP : 10.11.1.111
Master IP : 10.11.1.1
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 100
Preempt : YES Delay time : 20
TimerRun : 1
TimerConfig : 1
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Config track link-bfd down-number : 0
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface GigabitEthernet2/0/0
undo shutdown
mode user-termination
#
interface GigabitEthernet2/0/0.1
undo shutdown
control-vid 1 dot1q-termination
dot1q termination vid 10
dot1q vrrp vid 10
ip address 10.11.1.1 255.255.255.0
vrrp vrid 1 virtual-ip 10.11.1.111
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 20
arp broadcast enable
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.2.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.2.0 0.0.0.255
network 10.11.1.0 0.0.0.255
#
return
vlan batch 10
#
interface GigabitEthernet1/0/0
undo shutdown
port default vlan 10
#
interface GigabitEthernet1/0/1
undo shutdown
port trunk allow-pass vlan 10
#
interface GigabitEthernet1/0/2
undo shutdown
port trunk allow-pass vlan 10
#
return
Network Requirements
As shown in Figure 5-19, a host accesses the ISP network through the default gateway.
l As the default gateway of the host, the VRRP backup group consists of Router A and
Router B.
l In normal case, Router A serves as the gateway. When Router A is faulty, Router B acts
as the gateway.
l When Router A recovers, it can become master within 20 seconds.
l The packets sent by Switch 1 have double tags.
Figure 5-19 Typical networking diagram of configuring the sub-interface for QinQ VLAN tag
termination to support VRRP
MPLS/IP
backbone
POS1/0/0
192.168.2.2/24 POS1/0/1
192.168.1.2/24
POS1/0/0 Router3 POS1/0/0
192.168.2.1/24 192.168.1.1/24
Backup Group1
Router1 virture IP address Router2
10.11.1.111/24
GE2/0/0.1 10.11.1.1/24 GE2/0/0.1 10.11.1.2/24
GE2/0/0.2 10.21.1.1/24 Backup Group2
GE2/0/0.2 10.21.1.2/24
virture IP address
10.21.1.111/24
Switch1
GE1/0/2 GE1/0/3
GE1/0/0 GE1/0/1
GE1/0/1
Switch2 GE1/0/1 Switch3
GE1/0/0 GE1/0/0
VLAN10 VLAN20
Host1:10.11.1.3/24 Host2:10.21.1.3/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the interface mode on Router A and Router B to the user termination mode.
2. Run an Interior Gateway Protocol (IGP) to ensure the connectivity between devices on the
backbone network.
3. Configure the interface GE 2/0/0.1 on Router A and Router B as the sub-interface for QinQ
VLAN tag termination.
4. Create the backup group1 on the interface GE 2/0/0.1 of Router A, and configure the high
precedence for Router A in the backup group. Ensure that Router A is master and Configure
Preemption mode.
5. Create the backup group2 on the interface GE 2/0/0.2 of Router A, and configure the high
precedence for Router A in the backup group. Ensure that Router A is master and Configure
Preemption mode.
6. Create the backup group1 on the interface GE 2/0/0.1 of Router B and use the default
precedence.
7. Create the backup group2 on the interface GE 2/0/0.2 of Router B and use the default
precedence.
8. Configure the QinQ function on Switch 1, two tags of the packet sent from Switch1 to
Router B and Router A
9. Configure the basic forwarding functions on Switch 2 and Switch 3.
Data Preparation
To complete the configuration, you need the following data:
l Number of VRRP backup group, and virtual IP address
l router precedence in the backup group
l Terminating range of the sub-interface for QinQ VLAN tag termination
Procedure
Step 1 Configure the interface mode to user termination.
# Configure Router A.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] mode user-termination
[RouterA-GigabitEthernet2/0/0] undo shutdown
[RouterA-GigabitEthernet2/0/0] quit
# Configure Router B.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] interface gigabitethernet 2/0/0
[RouterB-GigabitEthernet2/0/0] mode user-termination
[RouterB-GigabitEthernet2/0/0] undo shutdown
[RouterB-GigabitEthernet2/0/0] quit
[RouterA-ospf-1] quit
# Configure Router B.
[RouterB] interface pos 1/0/0
[RouterB-Pos1/0/0] ip address 192.168.1.1 24
[RouterB-Pos1/0/0] undo shutdown
[RouterB-Pos1/0/0] quit
[RouterB] interface gigabitethernet 2/0/0.1
[RouterB-GigabitEthernet2/0/0.1] ip address 10.11.1.2 24
[RouterB-GigabitEthernet2/0/0.1] undo shutdown
[RouterB-GigabitEthernet2/0/0.1] quit
[RouterB] interface gigabitethernet 2/0/0.2
[RouterB-GigabitEthernet2/0/0.2] ip address 10.21.1.2 24
[RouterB-GigabitEthernet2/0/0.2] undo shutdown
[RouterB-GigabitEthernet2/0/0.2] quit
[RouterB] ospf
[RouterB-ospf-1] area 0
[RouterB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.0] network 10.11.1.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.0] network 10.21.1.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.0] quit
[RouterB-ospf-1] quit
# Configure Router C.
<HUAWEI> system-view
[HUAWEI] sysname RouterC
[RouterC] interface pos 1/0/0
[RouterC-Pos1/0/0] ip address 192.168.2.2 24
[RouterC-Pos1/0/0] undo shutdown
[RouterC-Pos1/0/0] quit
[RouterC] interface pos 1/0/1
[RouterC-Pos2/0/0] ip address 192.168.1.2 24
[RouterC-Pos2/0/0] undo shutdown
[RouterC-Pos2/0/0] quit
[RouterC] ospf
[RouterC-ospf-1] area 0
[RouterC-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.0] quit
[RouterC-ospf-1] quit
After the preceding configurations, Router A and Router B both have routes, discovered through
OSPF, to each other. Router A and Router B can ping through each other.
Step 3 Configure VRRP on the sub-interface for QinQ VLAN tag termination.
# Configure Router A, create backup group 1 and backup group 2, and set the priority of
Router A in backup group 1 and backup group 2 to 120. (Router A serves as the Master.)
[RouterA] interface gigabitethernet 2/0/0.1
[RouterA-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination
[RouterA-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10
[RouterA-GigabitEthernet2/0/0.1] qinq vrrp pe-vid 100 ce-vid 10
[RouterA-GigabitEthernet2/0/0.1] vrrp vrid 1 virtual-ip 10.11.1.111
[RouterA-GigabitEthernet2/0/0.1] vrrp vrid 1 priority 120
[RouterA-GigabitEthernet2/0/0.1] vrrp vrid 1 preempt-mode timer delay 20
[RouterA-GigabitEthernet2/0/0.1] arp broadcast enable
[RouterA-GigabitEthernet2/0/0.1] undo shutdown
[RouterA-GigabitEthernet2/0/0.1] quit
[RouterA] interface gigabitethernet 2/0/0.2
[RouterA-GigabitEthernet2/0/0.2] control-vid 2 qinq-termination
[RouterA-GigabitEthernet2/0/0.2] qinq termination pe-vid 100 ce-vid 20
[RouterA-GigabitEthernet2/0/0.2] qinq vrrp pe-vid 100 ce-vid 20
[RouterA-GigabitEthernet2/0/0.2] vrrp vrid 2 virtual-ip 10.21.1.111
[RouterA-GigabitEthernet2/0/0.2] vrrp vrid 2 priority 120
[RouterA-GigabitEthernet2/0/0.2] vrrp vrid 2 preempt-mode timer delay 20
[RouterA-GigabitEthernet2/0/0.2] arp broadcast enable
[RouterA-GigabitEthernet2/0/0.2] undo shutdown
[RouterA-GigabitEthernet2/0/0.2] quit
# Configure Router B, create backup group 1 and backup group 2, and set the priority of
Router B in backup group 1 and backup group 2 to the default value. (Router B serves as the
Backup.)
[RouterB] interface gigabitethernet 2/0/0.1
[RouterB-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination
[RouterB-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10
[RouterB-GigabitEthernet2/0/0.1] qinq vrrp pe-vid 100 ce-vid 10
[RouterB-GigabitEthernet2/0/0.1] vrrp vrid 1 virtual-ip 10.11.1.111
[RouterB-GigabitEthernet2/0/0.1] arp broadcast enable
[RouterB-GigabitEthernet2/0/0.1] undo shutdown
[RouterB-GigabitEthernet2/0/0.1] quit
[RouterB] interface gigabitethernet 2/0/0.2
[RouterB-GigabitEthernet2/0/0.2] control-vid 2 qinq-termination
[RouterB-GigabitEthernet2/0/0.2] qinq termination pe-vid 100 ce-vid 20
[RouterB-GigabitEthernet2/0/0.2] qinq vrrp pe-vid 100 ce-vid 20
[RouterB-GigabitEthernet2/0/0.2] vrrp vrid 2 virtual-ip 10.21.1.111
[RouterB-GigabitEthernet2/0/0.2] arp broadcast enable
[RouterB-GigabitEthernet2/0/0.2] undo shutdown
[RouterB-GigabitEthernet2/0/0.2] quit
NOTE
When you run the qinq termination command on the same primary interface, the ce-vid values cannot be
the same if the pe-vid values of the two different sub-interfaces are the same.
After the preceding steps, the sub-interfaces for QinQ VLAN tag termination on Router A and
Router B turn Up. Routes to the network segments 10.11.1.0/24 and 10.21.1.0/24 are generated
on Router C.
# Configure Switch 2.
<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] vlan 10
[Switch2-vlan10] port gigabitethernet 1/0/0
[Switch2-vlan10] quit
[Switch2] interface gigabitethernet 1/0/1
[Switch2-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[Switch2-GigabitEthernet1/0/1] undo shutdown
[Switch2-GigabitEthernet1/0/1] quit
# Configure Switch 3.
<HUAWEI> system-view
[HUAWEI] sysname Switch3
[Switch3] vlan 20
[Switch3-vlan20] port gigabitethernet 1/0/0
[Switch3-vlan20] quit
[Switch3] interface gigabitethernet 1/0/1
[Switch3-GigabitEthernet1/0/1] port trunk allow-pass vlan 20
[Switch3-GigabitEthernet1/0/1] undo shutdown
[Switch3-GigabitEthernet1/0/1] quit
Step 5 Configure QinQ on Switch 1 and set the packets sent from Switch 1 to Router A and Router B
to carry double VLAN tags.
# Configure Switch 1.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan 100
[Switch1-vlan100] quit
[Switch1] interface gigabitethernet 1/0/0
[Switch1-GigabitEthernet1/0/0] port vlan-stacking vlan 10 stack-vlan 100
[Switch1-GigabitEthernet1/0/0] undo shutdown
[Switch1-GigabitEthernet1/0/0] quit
NOTE
If the device does not support the port vlan-stacking command, you can run the commands port link-
type dot1q-tunnel and port default vlan to configure QinQ.
Running the display ip routing-table command on Router A and Router B, you can view
that there is a direct route in the routing table on Router A. The destination address of the
direct route is a virtual IP address, and the route is an OSPF route on Router B.
The command output on Router A and Router B are as follows:
[RouterA] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 14 Routes : 16
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.11.1.0/24 Direct 0 0 D 10.11.1.1 GigabitEthernet2/0/0.1
10.11.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0.1
10.11.1.2/32 Direct 0 0 D 10.11.1.2 GigabitEthernet2/0/0.1
10.11.1.111/32 Direct 0 0 D 127.0.0.1
GigabitEthernet2/0/0.1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/24 OSPF 10 2 D 10.11.1.2 GigabitEthernet2/0/0.1
OSPF 10 2 D 10.21.1.2 GigabitEthernet2/0/0.2
OSPF 10 2 D 192.168.2.2 Pos1/0/0
192.168.2.0/24 Direct 0 0 D 192.168.2.1 Pos1/0/0
192.168.2.1/32 Direct 0 0 D 127.0.0.1 Pos1/0/0
192.168.2.2/32 Direct 0 0 D 192.168.2.2 Pos1/0/0
10.21.1.0/24 Direct 0 0 D 10.21.1.1 GigabitEthernet2/0/0.2
10.21.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0.2
10.21.1.2/32 Direct 0 0 D 10.21.1.2 GigabitEthernet2/0/0.2
10.21.1.111/32 Direct 0 0 D 127.0.0.1
GigabitEthernet2/0/0.2
[RouterB] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 14 Routes : 18
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.11.1.0/24 Direct 0 0 D 10.11.1.2 GigabitEthernet2/0/0.1
10.11.1.1/32 Direct 0 0 D 10.11.1.1 GigabitEthernet2/0/0.1
10.11.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0.1
10.11.1.111/32 OSPF 10 2 D 10.11.1.1 GigabitEthernet2/0/0.1
OSPF 10 2 D 10.21.1.1 GigabitEthernet2/0/0.2
Run the shutdown command on GE2/0/0.2 of Router A. The operation process is as described
previously. It is not mentioned here.
l Verify that after Router A recovers, it can preempt.
Run the undo shutdown command on GE 2/0/0.1 on Router A. After GE 2/0/0.1 turns Up,
run the display vrrp command on Router A to view VRRP status. You can find that VRRP
status on Router A restores Backup.
[RouterA] display vrrp
GigabitEthernet2/0/0.1 | Virtual Router 1
State : Backup
Virtual IP : 10.11.1.111
Master IP : 10.11.1.1
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 100
Preempt : YES Delay time : 20
TimerRun : 1
TimerConfig : 1
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Config track link-bfd down-number : 0
After 20 seconds, run the display vrrp command on Router A to view VRRP status. You
can find VRRP status restores Master.
[RouterA] display vrrp
GigabitEthernet2/0/0.1 | Virtual Router 1
State : Master
Virtual IP : 10.11.1.111
Master IP : 10.11.1.1
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay time : 20
TimerRun : 1
TimerConfig : 1
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Config track link-bfd down-number : 0
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface GigabitEthernet2/0/0
undo shutdown
mode user-termination
#
interface GigabitEthernet2/0/0.1
undo shutdown
control-vid 1 qinq-termination
qinq termination pe-vid 100 ce-vid 10
qinq vrrp pe-vid 100 ce-vid 10
ip address 10.11.1.1 255.255.255.0
vrrp vrid 1 virtual-ip 10.11.1.111
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 20
arp broadcast enable
#
interface GigabitEthernet2/0/0.2
undo shutdown
control-vid 2 qinq-termination
qinq termination pe-vid 100 ce-vid 20
qinq vrrp pe-vid 100 ce-vid 20
interface Pos1/0/1
link-protocol ppp
undo shutdown
ip address 192.168.1.2 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
return
Networking Requirements
As shown in Figure 5-20, both GE 1/0/0.1 of CE1 and that of CE3 are connected to PE1 through
Switch 1. QinQ is configured on Switch 1 so that the outer VLAN tag with the VLAN ID as 100
is added to a user packet from CE1 or CE3. The public VLAN IDs are therefore saved. Then
the user packet sent from Switch 1 to PE1 carries double VLAN tags.
CE2 and CE4 are connected to PE2 through Switch 2 and a user packet sent from Switch 2 to
PE2 carries one VLAN tag.
It is required that the sub-interface for QinQ VLAN tag termination be configured on PE1 to
access the L3VPN; the sub-interface for dot1q VLAN tag termination be configured on PE2 to
access the L3VPN. Then the user networks connected to CE1 and CE2 can communicate with
each other; the user networks connected to CE3 and CE4 can communicate with each other.
NOTE
The types of the AC interfaces at both ends of the L3VPN are not necessarily associated with each other.
The interfaces at both ends can be sub-interfaces for QinQ VLAN tag termination or sub-interfaces for
dot1q VLAN tag termination.
Figure 5-20 Typical networking diagram of configuring the sub-interface for dot1q and QinQ
VLAN tag termination to access an L3VPN
AS100
Loopback1 Loopback1 Loopback1
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
POS1/0/0 POS1/0/0
192.168.1.1/24 193.168.2.2/24
PE1 PE2
POS1/0/0 POS2/0/0 GE2/0/0.1
GE2/0/0.1 192.168.1.2/24 193.168.2.1/24
P 10.2.1.1/24
10.1.1.1/24
GE2/0/0.2 GE2/0/0.2
172.16.1.1/24 172.17.1.1/24
GE1/0/0 GE1/0/0
Switch1 Switch2
GE1/0/1 GE1/0/2 GE1/0/1 GE1/0/2
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the interface mode to user termination.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] mode user-termination
[PE1-GigabitEthernet2/0/0] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] mode user-termination
[PE2-GigabitEthernet2/0/0] quit
Step 2 Configure IGP of the MPLS backbone network. OSPF is used in this example.
According to Figure 5-20, configure the addresses for the interfaces on PE and P. Configure
OSPF to advertise the addresses of the loopback interfaces on PE1, P, and PE2.
# Configure PE1.
<PE1> system-view
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] interface pos 1/0/0
[PE1-Pos1/0/0] ip address 192.168.1.1 24
[PE1-Pos1/0/0] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] interface LoopBack 1
[P-LoopBack1] ip address 2.2.2.9 32
[P-LoopBack1] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] ip address 192.168.1.2 24
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] ip address 192.168.2.1 24
[P-Pos2/0/0] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
<PE2> system-view
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.9 32
[PE2-LoopBack1] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] ip address 192.168.2.2 24
[PE2-Pos1/0/0] undo shutdown
[PE2-Pos1/0/0] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
After the preceding steps, PE1 and PE2 have routes, discovered through OSPF, to loopback1
interface of each other. PE1 and PE2 can ping through each other.
Step 3 Enable the basic MPLS capabilities and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 1/0/0
[PE1-Pos1/0/0] mpls
[PE1-Pos1/0/0] mpls ldp
[PE1-Pos1/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface pos1/0/0
[P-Pos1/0/0] mpls
[P-Pos1/0/0] mpls ldp
[P-Pos1/0/0] quit
[P] interface pos2/0/0
[P-Pos2/0/0] mpls
[P-Pos2/0/0] mpls ldp
[P-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] mpls
[PE2-Pos1/0/0] mpls ldp
[PE2-Pos1/0/0] quit
After the configuration, the sessions between PE1 and the P and between PE2 and the P are set
up. Running the display mpls ldp session command, you can view that the status is
"Operational". Running the display mpls ldp lsp command, you can view the establishing status
of LDP LSP.
For example, the following displays the session information on PE1.
<PE1> display mpls ldp session
LDP Session(s) in Public Network
------------------------------------------------------------------------------
Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Passive 000:00:01 5/5
------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.
LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
<PE1> display mpls ldp lsp
LDP LSP Information
------------------------------------------------------------------------------
SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface
------------------------------------------------------------------------------
1 1.1.1.9/32 3/NULL 127.0.0.1 Pos1/0/0/InLoop0
2 2.2.2.9/32 NULL/3 192.168.1.2 -------/Pos1/0/0
3 3.3.3.9/32 NULL/1024 192.168.1.2 -------/Pos1/0/0
4 192.168.2.0/24 NULL/3 192.168.1.2 -------/Pos1/0/0
------------------------------------------------------------------------------
TOTAL: 4 Normal LSP(s) Found.
TOTAL: 0 Liberal LSP(s) Found.
A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale
Step 4 Configure VPN instances on PEs and bind the VPN instances to the sub-interface for dot1q
VLAN tag termination and QinQ VLAN tag termination.
# Configure PE1.
<PE1> system-view
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1 both
[PE1-vpn-instance-vpn1] quit
[PE1] interface gigabitethernet 2/0/0.1
[PE1-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination
[PE1-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10
[PE1-GigabitEthernet2/0/0.1] ip binding vpn-instance vpn1
[PE1-GigabitEthernet2/0/0.1] ip address 10.1.1.1 24
[PE1-GigabitEthernet2/0/0.1] arp broadcast enable
[PE1-GigabitEthernet2/0/0.1] undo shutdown
[PE1-GigabitEthernet2/0/0.1] quit
[PE1] ip vpn-instance vpn2
[PE1-vpn-instance-vpn2] route-distinguisher 100:2
[PE1-vpn-instance-vpn2] vpn-target 200:2 both
[PE1-vpn-instance-vpn2] quit
[PE1] interface gigabitethernet 2/0/0.2
[PE1-GigabitEthernet2/0/0.2] control-vid 2 qinq-termination
[PE1-GigabitEthernet2/0/0.2] qinq termination pe-vid 100 ce-vid 20
[PE1-GigabitEthernet2/0/0.2] ip binding vpn-instance vpn2
[PE1-GigabitEthernet2/0/0.2] ip address 172.16.1.1 24
[PE1-GigabitEthernet2/0/0.2] arp broadcast enable
[PE1-GigabitEthernet2/0/0.2] undo shutdown
[PE1-GigabitEthernet2/0/0.2] quit
# Configure PE2.
<PE2> system-view
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 200:1
[PE2-vpn-instance-vpn1] vpn-target 100:1 both
[PE2-vpn-instance-vpn1] quit
[PE2] interface gigabitethernet 2/0/0.1
[PE2-GigabitEthernet2/0/0.1] control-vid 10 dot1q-termination
[PE2-GigabitEthernet2/0/0.1] dot1q termination vid 10
[PE2-GigabitEthernet2/0/0.1] ip binding vpn-instance vpn1
[PE2-GigabitEthernet2/0/0.1] ip address 10.2.1.1 24
[PE2-GigabitEthernet2/0/0.1] arp broadcast enable
[PE2-GigabitEthernet2/0/0.1] undo shutdown
[PE2-GigabitEthernet2/0/0.1] quit
[PE2] ip vpn-instance vpn2
[PE2-vpn-instance-vpn2] route-distinguisher 200:2
[PE2-vpn-instance-vpn2] vpn-target 200:2 both
[PE2-vpn-instance-vpn2] quit
[PE2] interface gigabitethernet 2/0/0.2
[PE2-GigabitEthernet2/0/0.2] control-vid 20 dot1q-termination
[PE2-GigabitEthernet2/0/0.2] dot1q termination vid 20
[PE2-GigabitEthernet2/0/0.2] ip binding vpn-instance vpn2
[PE2-GigabitEthernet2/0/0.2] ip address 172.17.1.1 24
[PE2-GigabitEthernet2/0/0.2] arp broadcast enable
[PE2-GigabitEthernet2/0/0.2] undo shutdown
[PE2-GigabitEthernet2/0/0.2] quit
NOTE
After the preceding steps, run the display ip vpn-instance verbose command on PEs to view
configurations of VPN instances.
# Configure Switch 1.
Create VLAN 100 on Switch 1 so that GE 1/0/1 and GE 1/0/2 add an outer VLAN tag with the
VLAN ID as 100 to a packet of VLAN 10 or VLAN 20. Specify GE 1/0/0 as a trunk interface
and configure it to allow the packets of VLAN 100 to pass through.
<HUAWEI> system-view
[HUAWEI] sysname switch1
[switch1] vlan 100
[switch1-vlan10] quit
[switch1] interface gigabitethernet 1/0/1
[switch1-GigabitEthernet1/0/1] port vlan-stacking vlan 10 stack-vlan 100
[switch1-GigabitEthernet1/0/1] quit
[switch1] interface gigabitethernet 1/0/2
[switch1-GigabitEthernet1/0/2] port vlan-stacking vlan 20 stack-vlan 100
[switch1-GigabitEthernet1/0/2] quit
[switch1] interface gigabitethernet 1/0/0
[switch1-GigabitEthernet1/0/0] port trunk allow-pass vlan 100
[switch1-GigabitEthernet1/0/0] quit
# Configure Switch 2.
Create VLAN 10 and 20 on Switch 2. Specify GE 1/0/1 and GE 1/0/2 as access interfaces, and
add GE 1/0/1 to VLAN 10 and GE 1/0/2 to VLAN 20. Specify GE 1/0/0 as a trunk interface and
configure it to allow the packets of VLAN 10 and VLAN 20 to pass through.
<HUAWEI> system-view
[HUAWEI] sysname switch2
[switch2] vlan batch 10 20
[switch2] interface gigabitethernet 1/0/1
[switch2-GigabitEthernet1/0/1] port link-type access
[switch2-GigabitEthernet1/0/1] port default vlan 10
[switch2-GigabitEthernet1/0/1] quit
[switch2] interface gigabitethernet 1/0/2
[switch2-GigabitEthernet1/0/2] port link-type access
[switch2-GigabitEthernet1/0/2] port default vlan 20
[switch2-GigabitEthernet1/0/2] quit
[switch2] interface gigabitethernet 1/0/0
[switch2-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 20
[switch2-GigabitEthernet1/0/0] quit
# Configure IP addresses for interfaces of CEs as shown in Figure 5-20. For configuration
details, see "Configuration Files" in this section.
After the configuration, All PEs can ping through their CEs.
NOTE
When multiple interfaces on the PE are bound with the same VPN, you need to specify the source IP address
that is the -a source-ip-address in the ping -vpn-instance vpn-instance-name -a source-ip-address dest-
ip-address command when you run the ping -vpn-instance command; otherwise, the ping fails.
Step 6 Set up EBGP peer relationships between the PEs and the CEs to import VPN routes.
# Configure CE1.
[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.1 as-number 100
[CE1-bgp] import-route direct
# Configure CE2.
[CE2] bgp 65420
[CE2-bgp] peer 10.2.1.1 as-number 100
[CE2-bgp] import-route direct
# Configure CE3.
[CE3] bgp 65411
[CE3-bgp] peer 172.16.1.1 as-number 100
[CE3-bgp] import-route direct
# Configure CE4.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1] peer 10.1.1.2 as-number 65410
[PE1-bgp-vpn1] import-route direct
[PE1-bgp-vpn1] quit
[PE1-bgp] ipv4-family vpn-instance vpn2
[PE1-bgp-vpn1] peer 172.16.1.2 as-number 65411
[PE1-bgp-vpn1] import-route direct
[PE1-bgp-vpn1] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] ipv4-family vpn-instance vpn1
[PE2-bgp-vpn1] peer 10.2.1.2 as-number 65420
[PE2-bgp-vpn1] import-route direct
[PE2-bgp-vpn1] quit
[PE2-bgp] ipv4-family vpn-instance vpn2
[PE2-bgp-vpn1] peer 172.17.1.2 as-number 65421
[PE2-bgp-vpn1] import-route direct
[PE2-bgp-vpn1] quit
After the configuration, running the display bgp vpnv4 vpn-instance peer command on the
PE, you can view that the BGP peer relationships are set up between the PEs and the CEs and
are in the Established state.
Take the display on PE1 as an example:
[PE1] display bgp vpnv4 vpn-instance vpn1 peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
10.1.1.2 4 65410 6 7 0 00:02:58 Established 1
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.9 enable
[PE2-bgp-af-vpnv4] quit
After the configuration, running the display bgp peer or display bgp vpnv4 all peer command
on the PE, you can view that the BGP peer relationships between the PEs are set up and are in
the Established state.
[PE1] display bgp peer
BGP local router ID : 1.1.1.9
Run the display qinq information command. You can view information about QinQ VLAN
tag termination. In addition, the sub-interface is bound to the L3VPN.
Run the display dot1q information command. You can view information about dot1q VLAN
tag termination. In addition, the sub-interface is bound to the L3VPN.
The hosts connected to CE1 and CE2 can ping through each other; the hosts connected to CE3
and CE4 can ping through each other. As they belong to different VPN instances, neither CE1
nor CE2 can communicate with CE3 or CE4.
You can view relevant ARP entries on PEs. Take the display on PE1 as an example.
[PE1] display arp slot 1
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN
PVC
----------------------------------------------------------------------------------
-
10.1.1.1 00e0-fc00-0001 I - GE1/0/0.1 vpn1
172.16.1.1 00e0-fc00-0001 I - GE1/0/0.2 vpn2
10.1.1.2 00e0-fc00-8fe6 12 DF1 GE1/0/0.1 vpn1 100/10
172.16.1.2 00e0-fc00-8fe6 13 DF1 GE1/0/0.2 vpn2 100/20
----------------------------------------------------------------------------------
-
Total:4 Dynamic:2 Static:0 Interface:2
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
interface GigabitEthernet1/0/0.1
vlan-type dot1q 10
ip address 10.1.1.2 255.255.255.0
#
bgp 65410
peer 10.1.1.1 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.1.1.1 enable
#
return
return
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
ip vpn-instance vpn2
route-distinguisher 100:2
vpn-target 200:2 export-extcommunity
vpn-target 200:2 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
mode user-termination
#
interface GigabitEthernet2/0/0.1
control-vid 1 qinq-termination
qinq termination pe-vid 100 ce-vid 10
ip binding vpn-instance vpn1
ip address 10.1.1.1 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet2/0/0.2
control-vid 2 qinq-termination
qinq termination pe-vid 100 ce-vid 20
ip binding vpn-instance vpn2
ip address 172.16.1.1 255.255.255.0
arp broadcast enable
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpn1
peer 10.1.1.2 as-number 65410
import-route direct
#
ipv4-family vpn-instance vpn2
peer 172.16.1.2 as-number 65411
import-route direct
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
l Configuration file of P
#
sysname P
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.1.2 255.255.255.0
mpls
mpls ldp
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 192.168.2.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
return
control-vid 20 dot1q-termination
dot1q termination vid 20
ip binding vpn-instance vpn2
ip address 172.17.1.1 255.255.255.0
arp broadcast enable
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.2.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 10.2.1.2 as-number 65420
#
ipv4-family vpn-instance vpn2
import-route direct
peer 172.17.1.2 as-number 65421
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 192.168.2.0 0.0.0.255
#
return
Networking Requirements
As shown in Figure 5-21, GE 1/0/0.1 of CE1 is connected to PE1 through Switch. Configure
QinQ on Switch. A packet from CE1 is then added with an outer VLAN tag with the VLAN ID
as 100 to save public VLAN IDs. In this example Martini is adopted. Then the packet sent from
Switch to PE1 carries double VLAN tags. CE2 accesses PE2 through a common sub-interface.
It is required that the sub-interface for QinQ VLAN tag termination on PE1 is configured to
access a VLL; the common sub-interface on PE2 is configured to access the VLL. The user
networks connected CE1 and CE2 can therefore communicate.
NOTE
At both ends of a VLL, an unsymmetric sub-interface for QinQ VLAN tag termination can communicate
with other types of AC interfaces; a symmetric sub-interface for QinQ VLAN tag termination can
communicate with only symmetric sub-interfaces for QinQ VLAN tag termination.
Figure 5-21 Typical networking diagram of configuring the sub-interface for QinQ VLAN tag
termination to access a VLL
Loopback1 Loopback1 Loopback1
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
POS1/0/0 POS1/0/0
192.168.1.1/24 192.168.2.2/24
PE1 PE2
POS1/0/0 POS2/0/0
GE2/0/0.1 192.168.1.2/24 P 192.168.2.1/24 GE2/0/0.1
GE1/0/0.1
GE1/0/0 10.1.1.2/24
Switch
GE1/0/1
CE2
GE1/0/0.1
VPN1
10.1.1.1/24
CE1
VPN1
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the interface mode to user termination.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] mode user-termination
[PE1-GigabitEthernet2/0/0] quit
Step 2 Configure IGP on the MPLS backbone network. OSPF is used in this example.
According to Figure 5-21, configure the addresses for the interfaces on PE and P. Configure
OSPF to advertise the addresses of the loopback interfaces on PE1, P, and PE2.
# Configure PE1.
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] interface pos 1/0/0
[PE1-Pos1/0/0] ip address 192.168.1.1 24
[PE1-Pos1/0/0] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] interface LoopBack 1
[P-LoopBack1] ip address 2.2.2.9 32
[P-LoopBack1] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] ip address 192.168.1.2 24
[P-Pos1/0/0] undo shutdown
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] ip address 192.168.2.1 24
[P-Pos2/0/0] undo shutdown
[P-Pos2/0/0] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface loopback 1
After this step, PE1 and PE2 learn the route to the loopback interface of the peer through the
OSPF protocol. PE1 and PE2 can ping through each other.
Step 3 Enable the basic MPLS capabilities and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 1/0/0
[PE1-Pos1/0/0] mpls
[PE1-Pos1/0/0] mpls ldp
[PE1-Pos1/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface pos1/0/0
[P-Pos1/0/0] mpls
[P-Pos1/0/0] mpls ldp
[P-Pos1/0/0] quit
[P] interface pos2/0/0
[P-Pos2/0/0] mpls
[P-Pos2/0/0] mpls ldp
[P-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] mpls
[PE2-Pos1/0/0] mpls ldp
[PE2-Pos1/0/0] quit
After the preceding configurations, LDP sessions are set up between PE1 and P, and between P
and PE1. Running the display mpls ldp session command, you can see the Status field is
"Operational". Run the display mpls ldp lsp command to view the establishing status of
LDPLSP.
# Configure PE1.
[PE1] mpls ldp remote-peer 1
[PE1-mpls-ldp-remote-1] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-1] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1
[PE2-mpls-ldp-remote-1] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1] quit
After the configuration, the sessions between PE1 and P and between PE2 and P are set up.
Running the display mpls ldp session command, you can view that the Status field is
"Operational". Running the display mpls ldp lsp command, you can view the establishing status
of LDP LSP.
For example, the following displays the session information on PE1:
<PE1> display mpls ldp session
LDP Session(s) in Public Network
------------------------------------------------------------------------------
Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Passive 000:00:04 18/18
3.3.3.9:0 Operational DU Passive 000:00:00 2/2
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
<PE1> display mpls ldp lsp
LDP LSP Information
------------------------------------------------------------------------------
SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface
------------------------------------------------------------------------------
1 1.1.1.9/32 3/NULL 127.0.0.1 P1/0/0/InLoop0
2 1.1.1.9/32 3/NULL 127.0.0.1 -------/InLoop0
*3 1.1.1.9/32 Liberal
4 2.2.2.9/32 NULL/3 192.168.1.2 -------/P1/0/0
5 2.2.2.9/32 1024/3 192.168.1.2 -------/P1/0/0
*6 2.2.2.9/32 Liberal
7 3.3.3.9/32 NULL/1025 192.168.1.2 -------/P1/0/0
8 3.3.3.9/32 1025/1025 192.168.1.2 -------/P1/0/0
*9 3.3.3.9/32 Liberal
------------------------------------------------------------------------------
TOTAL: 6 Normal LSP(s) Found.
TOTAL: 3 Liberal LSP(s) Found.
A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale
Step 5 Enable MPLS L2VPN and create a VC. Configure the sub-interface for QinQ VLAN tag
termination.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] mpls l2vpn default martini
[PE1-l2vpn] quit
[PE1] interface gigabitethernet 2/0/0.1
[PE1-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination
[PE1-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10
[PE1-GigabitEthernet2/0/0.1] mpls l2vc 3.3.3.9 101
[PE1-GigabitEthernet2/0/0.1] arp broadcast enable
[PE1-GigabitEthernet2/0/0.1] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] mpls l2vpn default martini
[PE2-l2vpn] quit
[PE2] interface gigabitethernet 2/0/0.1
[PE2-GigabitEthernet2/0/0.1] vlan-type dot1q 10
[PE2-GigabitEthernet2/0/0.1] mpls l2vc 1.1.1.9 101
[PE2-GigabitEthernet2/0/0.1] quit
Step 6 Configure QinQ so that a packet sent from the switch to the PE1 carries double VLAN tags.
Configure GE 1/0/1 on Switch to add an outer VLAN tag with the VLAN ID as 100 to a packet
of VLAN 10. Specify GE 1/0/0 as a trunk interface and configure it to allow the packets of
VLAN 100 to pass through.
<HUAWEI> system-view
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] interface gigabitethernet 1/0/0.1
[CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24
[CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[CE1-GigabitEthernet1/0/0.1] quit
# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] interface gigabitethernet 1/0/0.1
[CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24
[CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[CE2-GigabitEthernet1/0/0.1] quit
Running the display qinq information command, you can view the QinQ terminating
information.
View the L2VPN information on the PE. You can find that an L2 VA is created and is Up.
On CEs, the attached hosts can ping through each other if they are in the same VLAN.
Take the display on CE1 as an example:
<CE1> ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=80 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=60 ms
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=60 ms
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=60 ms
--- 10.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/58/80 ms
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
interface GigabitEthernet1/0/0.1
vlan-type dot1q 10
ip address 10.1.1.1 255.255.255.0
#
return
interface GigabitEthernet1/0/0
undo shutdown
port trunk allow-pass vlan 100
#
return
l Configuration file of P
#
sysname P
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.1.2 255.255.255.0
mpls
mpls ldp
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
Networking Requirements
As shown in Figure 5-22, GE 1/0/0 on CE1 is connected to PE1 through a switch. The switch
adds a VLAN tag with the VLAN ID being 100 to the packets sent from CE1. CE2 is connected
to PE2 through a sub-interface.
The Dot1q termination sub-interface accesses the VLL on PE1. In this example, the Dot1q
termination sub-interface accesses the VLL in Martini mode. After the preceding configurations,
the user networks connected to CE1 and CE2 can communicate.
NOTE
The Dot1q termination sub-interface can be bound to a VLL. The Martini or Kompella VLL supports both
the homogeneous and heterogeneous transport (transport media of the same type or of different types can
communicate with each other through the VLL). The Circuit Cross Connect (CCC) or SwitchVirtual Circuit
(SVC) VLL supports neither the homogeneous transport nor the heterogeneous transport.
Figure 5-22 Networking diagram of configuring the Dot1q termination sub-interface to access
the VLL
GE1/0/0
GE1/0/0.1
Switch 10.1.1.2/24
GE1/0/1
CE2
GE1/0/0
10.1.1.1/24 VPN1
CE1
VPN1
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l Names of the interfaces connecting PEs to CEs
l IP addresses of interfaces
l L2VC IDs at both ends of the PW (must be the same)
l MPLS LSR IDs for PEs and the P
l IP address of the remote PE peer
l Tag value of the Dot1q termination sub-interface
Procedure
Step 1 Configure the interface mode on PE1 to user termination.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] mode user-termination
[PE1-GigabitEthernet2/0/0] undo shutdown
[PE1-GigabitEthernet2/0/0] quit
Step 2 Configure IGP on the MPLS backbone network. In this example, OSPF is configured.
Assign an IP address to each interface on each PE and the P as shown in Figure 5-22. After
OSPF is enabled, the 32-bit loopback addresses of PE1, P, and PE2 must be advertised.
# Configure PE1.
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] interface pos 1/0/0
[PE1-Pos1/0/0] ip address 10.11.1.1 24
[PE1-Pos1/0/0] undo shutdown
[PE1-Pos1/0/0] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 10.11.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure the P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] interface LoopBack 1
[P-LoopBack1] ip address 2.2.2.9 32
[P-LoopBack1] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] ip address 10.11.1.2 24
[P-Pos1/0/0] undo shutdown
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] ip address 10.11.2.1 24
[P-Pos2/0/0] undo shutdown
[P-Pos2/0/0] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 10.11.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 10.11.2.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.9 32
[PE2-LoopBack1] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] ip address 10.11.2.2 24
[PE2-Pos1/0/0] undo shutdown
[PE2-Pos1/0/0] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 10.11.2.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
After the preceding configuration, PE1 and PE2 have routes discovered through OSPF to
Loopback 1 of each other. This indicates that PE1 and PE2 can ping through each other.
Step 3 Enable basic MPLS capabilities and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
# Configure the P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface pos1/0/0
[P-Pos1/0/0] mpls
[P-Pos1/0/0] mpls ldp
[P-Pos1/0/0] quit
[P] interface pos2/0/0
[P-Pos2/0/0] mpls
[P-Pos2/0/0] mpls ldp
[P-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] mpls
[PE2-Pos1/0/0] mpls ldp
[PE2-Pos1/0/0] quit
After the preceding configurations, LDP sessions can be set up between PE1 and P, and between
PE2 and P. After running the display mpls ldp session command, you can view that the status
of the LDP sessions is Operational. After running the display mpls ldp lsp command, you can
view whether LDP LSPs are set up.
# Configure PE1.
[PE1] mpls ldp remote-peer 1
[PE1-mpls-ldp-remote-1] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-1] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1
[PE2-mpls-ldp-remote-1] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1] quit
After the preceding configurations, LDP sessions can be set up between PE1 and PE2. After
running the display mpls ldp session command, you can view that the status of the LDP sessions
is Operational. After running the display mpls ldp lsp command, you can view whether LDP
LSPs are set up.
Take the display on PE1 as an example.
<PE1> display mpls ldp session
LDP Session(s) in Public Network
------------------------------------------------------------------------------
Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Passive 000:00:15 64/64
3.3.3.9:0 Operational DU Passive 000:00:01 5/5
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
<PE1> display mpls ldp lsp
LDP LSP Information
------------------------------------------------------------------------------
SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface
------------------------------------------------------------------------------
1 1.1.1.9/32 3/NULL 127.0.0.1 Pos1/0/0/InLoop0
2 1.1.1.9/32 3/NULL 127.0.0.1 Pos1/0/0/InLoop0
*3 1.1.1.9/32 Liberal
4 2.2.2.9/32 NULL/3 10.11.1.2 -------/Pos1/0/0
5 2.2.2.9/32 1024/3 10.11.1.2 -------/Pos1/0/0
*6 2.2.2.9/32 Liberal
7 3.3.3.9/32 NULL/1025 10.11.1.2 -------/Pos1/0/0
8 3.3.3.9/32 1025/1025 10.11.1.2 -------/Pos1/0/0
*9 3.3.3.9/32 Liberal
------------------------------------------------------------------------------
TOTAL: 6 Normal LSP(s) Found.
TOTAL: 3 Liberal LSP(s) Found.
A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale
Step 5 Configure a Dot1q termination sub-interface to an L2VPN and configure the L2VPN to provide
heterogeneous transport (transport media of different types across the L2VPN can communicate
with each other).
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1] interface gigabitethernet 2/0/0.1
[PE1-GigabitEthernet2/0/0.1] control-vid 1 dot1q-termination
[PE1-GigabitEthernet2/0/0.1] dot1q termination vid 100
[PE1-GigabitEthernet2/0/0.1] mpls l2vc 3.3.3.9 101
[PE1-GigabitEthernet2/0/0.1] arp broadcast enable
[PE1-GigabitEthernet2/0/0.1] undo shutdown
[PE1-GigabitEthernet2/0/0.1] quit
# Configure PE2.
Step 6 Configure the switch to add a VLAN tag with the VLAN ID being 100 to the packets sent to
PE1.
Configure the switch to add a VLAN tag with the VLAN ID being 100 to the packet received
on GE 1/0/1. Specify GE 1/0/0 as a trunk interface and configure it to allow the packets from
VLAN 100 to pass through.
<HUAWEI> system-view
[HUAWEI] sysname switch
[switch] vlan 100
[switch-vlan10] quit
[switch] interface gigabitethernet 1/0/1
[switch-GigabitEthernet1/0/1] port default vlan 100
[switch-GigabitEthernet1/0/1] quit
[switch] interface gigabitethernet 1/0/0
[switch-GigabitEthernet1/0/0] port trunk allow-pass vlan 100
[switch-GigabitEthernet1/0/0] quit
# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] interface gigabitethernet 1/0/0.1
[CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 200
[CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24
[CE2-GigabitEthernet1/0/0.1] undo shutdown
[CE2-GigabitEthernet1/0/0.1] quit
Check the L2VPN connections on PEs. You can find that an L2VC connection is set up and is
in the Up state.
Take the display on PE1 as an example.
Hosts in the same VLAN of CEs can ping through each other.
----End
Configuration File
l Configuration file of CE1
#
sysname CE1
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
#
return
#
sysname CE2
#
interface GigabitEthernet1/0/0
vlan-type dot1q 200
ip address 10.1.1.2 255.255.255.0
#
return
sysname P
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 10.11.1.2 255.255.255.0
mpls
mpls ldp
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 10.11.2.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.11.1.0 0.0.0.255
network 10.11.2.0 0.0.0.255
#
return
Networking Requirements
As shown in Figure 5-23, CE1 and CE2 are connected to PE1and PE2 through switches. CE3
is connected to PE3 through a sub-interface. A packet sent from CE1 to Switch 1 carries one
VLAN tag; the packet sent from CE2 to Switch 2 carries no VLAN tag. The Switch then labels
the packets from the CE with outer tags based on the inbound interface and then sends the packets
to the PE. It is required to configure the sub-interface for QinQ VLAN tag termination on PE1
and the sub-interface for dot1q VLAN tag termination on PE2 to access VPLS to implement
inter-communication between CEs 1 to 3. The backbone network adopts Martini VPLS and uses
LDP to set up PWs.
Figure 5-23 Typical networking diagram of configuring the sub-interface for dot1q and QinQ
VLAN tag termination to access VPLS
VPN1
CE3
GE1/0/0.1
10.1.1.3/24
GE2/0/0.1
POS1/0/1
POS1/0/0 192.168.2.1/30
192.168.1.2/30
PE3
Loopback1
3.3.3.9/32
POS1/0/1 POS1/0/1
192.168.1.1/30 192.168.2.2/30
POS1/0/0 POS1/0/0
Loopback1 192.168.3.1/30 192.168.3.2/30 Loopback1
1.1.1.9/32 2.2.2.9/32
PE1 GE2/0/0.1 GE2/0/0.1 PE2
GE1/0/0 GE1/0/0
Switch1 Switch2
GE1/0/1 GE1/0/1
GE1/0/0.1 GE1/0/0
10.1.1.1/24 10.1.1.2/24
CE1 CE2
VPN1 VPN1
VLAN10 VLAN10
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the interface mode to user termination.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] mode user-termination
[PE1-GigabitEthernet2/0/0] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] mode user-termination
[PE2-GigabitEthernet2/0/0] quit
Step 2 Configure IGP on the MPLS backbone network. OSPF is used in this example.
According to Figure 5-23, configure the addresses for the interfaces on PE and P. Configure
OSPF to advertise the addresses of the loopback interfaces on PE1, PE2, and PE3.
# Configure PE1.
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] interface pos 1/0/0
[PE1-Pos1/0/0] ip address 192.168.3.1 30
[PE1-Pos1/0/0] quit
[PE1] interface pos 1/0/1
[PE1-Pos1/0/1] ip address 192.168.1.1 30
[PE1-Pos1/0/1] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.3
[PE1-ospf-1-area-0.0.0.0] network 192.168.3.0 0.0.0.3
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure PE2.
[PE2] interface LoopBack 1
[PE2-LoopBack1] ip address 2.2.2.9 32
[PE2-LoopBack1] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] ip address 192.168.3.2 30
[PE2-Pos1/0/0] quit
# Configure PE3.
<HUAWEI> system-view
[HUAWEI] sysname PE3
[PE3] interface loopback 1
[PE3-LoopBack1] ip address 3.3.3.9 32
[PE3-LoopBack1] quit
[PE3] interface pos 1/0/0
[PE3-Pos1/0/0] ip address 192.168.1.2 30
[PE3-Pos1/0/0] quit
[PE3] interface pos 1/0/1
[PE3-Pos1/0/1] ip address 192.168.2.1 30
[PE3-Pos1/0/1] quit
[PE3] ospf
[PE3-ospf-1] area 0
[PE3-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE3-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.3
[PE3-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.3
[PE3-ospf-1-area-0.0.0.0] quit
[PE3-ospf-1] quit
After the preceding step, PE1 and PE2 both have routes, discovered through OSPF, to the
loopback1 interface of each other. PE1 and PE3 also have routes, discovered through OSPF, to
the loopback1 interface of each other.
Step 3 Enable the basic MPLS capabilities and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 1/0/0
[PE1-Pos1/0/0] mpls
[PE1-Pos1/0/0] mpls ldp
[PE1-Pos1/0/0] quit
[PE1] interface pos 1/0/1
[PE1-Pos1/0/1] mpls
[PE1-Pos1/0/1] mpls ldp
[PE1-Pos1/0/1] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos1/0/0
[PE2-Pos1/0/0] mpls
[PE2-Pos1/0/0] mpls ldp
[PE2-Pos1/0/0] quit
[PE2] interface pos1/0/1
[PE2-Pos1/0/1] mpls
[PE2-Pos1/0/1] mpls ldp
[PE2-Pos1/0/1] quit
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.9
[PE3] mpls
[PE3-mpls] quit
[PE3] mpls ldp
[PE3-mpls-ldp] quit
[PE3] interface pos 1/0/0
[PE3-Pos1/0/0] mpls
[PE3-Pos1/0/0] mpls ldp
[PE3-Pos1/0/0] quit
[PE3] interface pos 1/0/1
[PE3-Pos1/0/1] mpls
[PE3-Pos1/0/1] mpls ldp
[PE3-Pos1/0/1] quit
After the preceding configurations, LDP sessions are set up between PEs. Running the display
mpls ldp session command, you can view that the Status field is "Operational". Running the
display mpls ldp lsp command, you can view the establishing status of LSP through LDP.
NOTE
If PEs are not directly connected, run the mpls ldp remote-peer command and the remote-ip command
to set up a remote LDP sessions between PEs.
# Configure PE1.
[PE1] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn
# Configure PE3.
[PE3] mpls l2vpn
Step 5 Create VSIs and specify LDP as the signaling protocol on VSIs.
# Configure PE1
[PE1] vsi ldp1 static
[PE1-vsi-ldp1] pwsignal ldp
[PE1-vsi-ldp1-ldp] vsi-id 2
[PE1-vsi-ldp1-ldp] peer 2.2.2.9
[PE1-vsi-ldp1-ldp] peer 3.3.3.9
# Configure PE2.
[PE2] vsi ldp1 static
[PE2-vsi-ldp1] pwsignal ldp
[PE2-vsi-ldp1-ldp] vsi-id 2
[PE2-vsi-ldp1-ldp] peer 1.1.1.9
[PE2-vsi-ldp1-ldp] peer 3.3.3.9
# Configure PE3.
[PE3] vsi ldp1 static
[PE3-vsi-ldp1] pwsignal ldp
[PE3-vsi-ldp1-ldp] vsi-id 2
[PE3-vsi-ldp1-ldp] peer 1.1.1.9
# Configure PE2.
[PE2] interface gigabitethernet 2/0/0.1
[PE2-GigabitEthernet2/0/0.1] control-vid 1 dot1q-termination
[PE2-GigabitEthernet2/0/0.1] dot1q termination vid 10
[PE2-GigabitEthernet2/0/0.1] l2 binding vsi ldp1
# Configure PE3.
[PE3] interface gigabitethernet 2/0/0.1
[PE3-GigabitEthernet2/0/0.1] vlan-type dot1q 10
[PE3-GigabitEthernet2/0/0.1] l2 binding vsi ldp1
[PE3-GigabitEthernet2/0/0.1] quit
# Configure Switch 2.
Create VLAN 10 on Switch 2. Specify GE 1/0/1 as an access interface and add it to VLAN 10.
Specify GE 1/0/0 as a trunk interface and configure it to allow the packets of VLAN 10 to pass
through.
<HUAWEI> system-view
[HUAWEI] sysname switch2
[switch2] vlan 10
[switch2-vlan10] quit
[switch2] interface gigabitethernet 1/0/1
[switch2-GigabitEthernet1/0/1] port link-type access
[switch2-GigabitEthernet1/0/1] port default vlan 10
[switch2-GigabitEthernet1/0/1] quit
[switch2] interface gigabitethernet 1/0/0
[switch2-GigabitEthernet1/0/0] port trunk allow-pass vlan 10
[switch2-GigabitEthernet1/0/0] quit
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] interface gigabitethernet 1/0/0.1
[CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24
[CE1-GigabitEthernet1/0/0.1] undo shutdown
[CE1-GigabitEthernet1/0/0.1] quit
# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] interface gigabitethernet 1/0/0
[CE2-GigabitEthernet1/0/0] ip address 10.1.1.2 24
[CE2-GigabitEthernet1/0/0] quit
# Configure CE3.
<HUAWEI> system-view
[HUAWEI] sysname CE3
[CE3] interface gigabitethernet 1/0/0.1
[CE3-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[CE3-GigabitEthernet1/0/0.1] ip address 10.1.1.3 24
[CE3-GigabitEthernet1/0/0.1] undo shutdown
[CE3-GigabitEthernet1/0/0.1] quit
Run the display dot1q information termination interface command. You can view dot1q
configuration.
Take the display on PE2 as an example.
[PE2] display dot1q information termination interface gigabitethernet 2/0/0
GigabitEthernet2/0/0.1
VSI binded
Total QinQ Num: 2
dot1q termination vid 10
Total vlan-group Num: 0
control-vid 1 dot1q-termination
After the preceding configuration, run the display vsi name ldp1 verbose command on PE1.
You can view that the VSI named ldp1 sets up PWs to PE2 and PE3 and the VSI status is Up.
[PE1] display vsi name ldp1 verbose
VSI ID : 22
***VSI Name : ldp1
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Service Class : --
Color : --
DomainId : 255
Domain Name :
VSI State : up
VSI ID : 2
*Peer Router ID : 3.3.3.9
VC Label : 23552
Peer Type : dynamic
Session : up
Tunnel ID : 0x6002003,
*Peer Router ID : 2.2.2.9
VC Label : 23553
Peer Type : dynamic
Session : up
Tunnel ID : 0x6002000,
Interface Name : GigabitEthernet6/0/0.1
State : up
**PW Information:
*Peer Ip Address : 2.2.2.9
PW State : up
Local VC Label : 23553
Remote VC Label : 23552
PW Type : label
Tunnel ID : 0x6002000,
*Peer Ip Address : 3.3.3.9
PW State : up
Local VC Label : 23552
Remote VC Label : 23552
PW Type : label
Tunnel ID : 0x6002003,
Hosts attached to CE1, CE2, and CE3 can ping through each other.
<CE1> ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=50 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=1 ms
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=1 ms
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=1 ms
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=1 ms
--- 10.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/10/50 ms
<CE1> ping 10.1.1.3
PING 10.1.1.3: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.3: bytes=56 Sequence=1 ttl=255 time=1 ms
Reply from 10.1.1.3: bytes=56 Sequence=2 ttl=255 time=1 ms
Reply from 10.1.1.3: bytes=56 Sequence=3 ttl=255 time=1 ms
Reply from 10.1.1.3: bytes=56 Sequence=4 ttl=255 time=1 ms
Reply from 10.1.1.3: bytes=56 Sequence=5 ttl=255 time=1 ms
--- 10.1.1.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
peer 2.2.2.9
#
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
mode user-termination
#
interface GigabitEthernet2/0/0.1
control-vid 1 qinq-termination
qinq termination pe-vid 100 ce-vid 10
l2 binding vsi ldp1
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.3.1 255.255.255.252
mpls
mpls ldp
#
interface Pos1/0/1
link-protocol ppp
undo shutdown
ip address 192.168.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 192.168.1.0 0.0.0.3
network 192.168.3.0 0.0.0.3
#
return
undo shutdown
mode user-termination
#
interface GigabitEthernet2/0/0.1
control-vid 1 dot1q-termination
dot1q termination vid 10
l2 binding vsi ldp1
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.3.2 255.255.255.252
mpls
mpls ldp
#
interface Pos1/0/1
link-protocol ppp
undo shutdown
ip address 192.168.2.2 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 192.168.3.0 0.0.0.3
network 192.168.2.0 0.0.0.3
#
return
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 192.168.1.0 0.0.0.3
network 192.168.2.0 0.0.0.3
#
return
#
interface GigabitEthernet1/0/1
undo shutdown
port link-type access
port default vlan 10
#
return
Network Requirements
As shown in Figure 5-24, VLAN 10 and VLAN 20 are connected to PEs through switches. The
packet sent from the switch to the switch carries double VLAN tags. It is required to configure
the sub-interface for QinQ VLAN tag termination to access VPLS to implement interworking
between CE1, CE2, and CE3, and between CE4, CE5, and CE6. The backbone network adopts
Martini VPLS and uses LDP to set up PWs.
Considering that the interworking is not required between CE1 (or CE2 and CE3) and CE4 (or
CE5 and CE6), in this example, the sub-interface for QinQ VLAN tag termination access VPLS
in symmetric mode. The switch uniformly labels the packets from CEs with outer VLAN tags
(tag 100), so a user can communicate with only the user in the same VLAN.
Figure 5-24 Typical networking diagram of configuring the sub-interface for QinQ VLAN tag
termination to access a VPLS Network
VPN1 VPN1
VLAN10 VLAN20
CE3 CE6
GE1/0/0 GE1/0/0
10.1.1.3/24 10.3.1.3/24
GE1/0/1 GE1/0/2
Switch3
GE1/0/0
GE2/0/0.1
POS1/0/0 POS1/0/1
10.11.1.2/30 10.11.2.1/30
PE3
Loopback1
3.3.3.9/32
POS1/0/1 POS1/0/1
10.11.1.1/30 10.11.2.2/30
POS1/0/0 POS1/0/0
Loopback1 10.11.3.1/30 10.11.3.2/30 Loopback1
1.1.1.9/32 2.2.2.9/32
PE1 GE2/0/0.1 GE2/0/0.1 PE2
GE1/0/0 GE1/0/0
Switch1 Switch2
GE1/0/1 GE1/0/2 GE1/0/1 GE1/0/2
GE1/0/0.1 GE1/0/0.1 GE1/0/0.1 GE1/0/0.1
10.1.1.1/24 10.3.1.1/24 10.1.1.2/24 10.3.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Run Interior Gateway Protocol (IGP) on the backbone network and interconnect the devices
on the backbone network.
2. Configure the routing protocol on the backbone network to interconnect the devices and
enable the basic Multiprotocol Label Switching (MPLS) capabilities.
3. Set up the label switched path (LSP) tunnel between PEs.
4. Enable MPLS L2VPN on PE.
5. Create and then configure the Virtual Switching Instance (VSI).
6. Configure the sub-interface for QinQ VLAN tag termination and bind the attachment circuit
(AC) interface to the VSI.
7. Configure the Layer 2 forwarding function and QinQ function on switches.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the interface mode to user termination.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] mode user-termination
[PE1-GigabitEthernet2/0/0] undo shutdown
[PE1-GigabitEthernet2/0/0] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] mode user-termination
[PE2-GigabitEthernet2/0/0] undo shutdown
[PE2-GigabitEthernet2/0/0] quit
# Configure PE3.
<HUAWEI> system-view
[HUAWEI] sysname PE3
[PE3] interface gigabitethernet 2/0/0
[PE3-GigabitEthernet2/0/0] mode user-termination
[PE3-GigabitEthernet2/0/0] undo shutdown
[PE3-GigabitEthernet2/0/0] quit
Step 2 Configure IGP on the MPLS backbone network. OSPF is used in this example.
# Configure PE1.
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] interface pos 1/0/0
[PE1-Pos1/0/0] ip address 10.11.3.1 30
[PE1-Pos1/0/0] undo shutdown
[PE1-Pos1/0/0] quit
[PE1] interface pos 1/0/1
# Configure PE2.
[PE2] interface LoopBack 1
[PE2-LoopBack1] ip address 2.2.2.9 32
[PE2-LoopBack1] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] ip address 10.11.3.2 30
[PE2-Pos1/0/0] undo shutdown
[PE2-Pos1/0/0] quit
[PE2] interface pos 1/0/1
[PE2-Pos1/0/1] ip address 10.11.2.2 30
[PE2-Pos1/0/1] undo shutdown
[PE2-Pos1/0/1] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 10.11.3.0 0.0.0.3
[PE2-ospf-1-area-0.0.0.0] network 10.11.2.0 0.0.0.3
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Configure PE3.
[PE3] interface loopback 1
[PE3-LoopBack1] ip address 3.3.3.9 32
[PE3-LoopBack1] quit
[PE3] interface pos 1/0/0
[PE3-Pos1/0/0] ip address 10.11.1.2 30
[PE3-Pos1/0/0] undo shutdown
[PE3-Pos1/0/0] quit
[PE3] interface pos 1/0/1
[PE3-Pos1/0/1] ip address 10.11.2.1 30
[PE3-Pos1/0/1] undo shutdown
[PE3-Pos1/0/1] quit
[PE3] ospf
[PE3-ospf-1] area 0
[PE3-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE3-ospf-1-area-0.0.0.0] network 10.11.1.0 0.0.0.3
[PE3-ospf-1-area-0.0.0.0] network 10.11.2.0 0.0.0.3
[PE3-ospf-1-area-0.0.0.0] quit
[PE3-ospf-1] quit
After the preceding step, PE1 and PE2 both have routes, discovered through OSPF, to the
loopback1 interface of each other. PE1 and PE3 also have routes, discovered through OSPF, to
the loopback1 interface of each other.
Step 3 Enable the basic MPLS capabilities and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 1/0/0
[PE1-Pos1/0/0] mpls
[PE1-Pos1/0/0] mpls ldp
[PE1-Pos1/0/0] quit
[PE1] interface pos 1/0/1
[PE1-Pos1/0/1] mpls
[PE1-Pos1/0/1] mpls ldp
[PE1-Pos1/0/1] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos1/0/0
[PE2-Pos1/0/0] mpls
[PE2-Pos1/0/0] mpls ldp
[PE2-Pos1/0/0] quit
[PE2] interface pos1/0/1
[PE2-Pos1/0/1] mpls
[PE2-Pos1/0/1] mpls ldp
[PE2-Pos1/0/1] quit
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.9
[PE3] mpls
[PE3-mpls] quit
[PE3] mpls ldp
[PE3-mpls-ldp] quit
[PE3] interface pos 1/0/0
[PE3-Pos1/0/0] mpls
[PE3-Pos1/0/0] mpls ldp
[PE3-Pos1/0/0] quit
[PE3] interface pos 1/0/1
[PE3-Pos1/0/1] mpls
[PE3-Pos1/0/1] mpls ldp
[PE3-Pos1/0/1] quit
After the preceding configuration, LDP sessions are set up between PEs. Running the display
mpls ldp session command, you can view that the status is "Operational".
NOTE
If PEs are not directly connected, run the mpls ldp remote-peer command and the remote-ip command
to set up a remote LDP sessions between PEs.
# Configure PE1.
[PE1] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn
# Configure PE3.
[PE3] mpls l2vpn
Step 5 Create VSIs and specify LDP as the signaling protocol on VSIs.
# Configure PE1.
[PE1] vsi ldp1 static
[PE1-vsi-ldp1] pwsignal ldp
[PE1-vsi-ldp1-ldp] vsi-id 2
[PE1-vsi-ldp1-ldp] peer 2.2.2.9
[PE1-vsi-ldp1-ldp] peer 3.3.3.9
# Configure PE2.
[PE2] vsi ldp1 static
[PE2-vsi-ldp1] pwsignal ldp
[PE2-vsi-ldp1-ldp] vsi-id 2
[PE2-vsi-ldp1-ldp] peer 1.1.1.9
[PE2-vsi-ldp1-ldp] peer 3.3.3.9
# Configure PE3.
[PE3] vsi ldp1 static
[PE3-vsi-ldp1] pwsignal ldp
[PE3-vsi-ldp1-ldp] vsi-id 2
[PE3-vsi-ldp1-ldp] peer 1.1.1.9
[PE3-vsi-ldp1-ldp] peer 2.2.2.9
Step 6 Configure the sub-interface for QinQ VLAN tag termination and bind VSIs and AC interfaces.
# Configure PE1.
[PE1] interface gigabitethernet 2/0/0.1
[PE1-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination
[PE1-GigabitEthernet2/0/0.1] qinq termination l2 symmetry
[PE1-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10
[PE1-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 20
[PE1-GigabitEthernet2/0/0.1] l2 binding vsi ldp1
[PE1-GigabitEthernet2/0/0.1] undo shutdown
[PE1-GigabitEthernet2/0/0.1] quit
# Configure PE2.
[PE2] interface gigabitethernet 2/0/0.1
[PE2-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination
[PE2-GigabitEthernet2/0/0.1] qinq termination l2 symmetry
[PE2-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10
[PE2-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 20
[PE2-GigabitEthernet2/0/0.1] l2 binding vsi ldp1
[PE2-GigabitEthernet2/0/0.1] undo shutdown
[PE2-GigabitEthernet2/0/0.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 2/0/0.1
[PE3-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination
[PE3-GigabitEthernet2/0/0.1] qinq termination l2 symmetry
[PE3-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10
[PE3-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 20
[PE3-GigabitEthernet2/0/0.1] l2 binding vsi ldp1
[PE3-GigabitEthernet2/0/0.1] undo shutdown
[PE3-GigabitEthernet2/0/0.1] quit
NOTE
When you run the qinq termination command on the same primary interface, the ce-vid values cannot be
the same if the pe-vid values of the two different sub-interfaces are the same.
Step 7 Configure QinQ and set the packets sent from the switch to the PE to carry double tags.
# Configure Switch 1.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan 100
[Switch1-vlan100] quit
[Switch1] interface gigabitethernet 1/0/0
[Switch1-GigabitEthernet1/0/0] port trunk allow-pass vlan 100
[Switch1-GigabitEthernet1/0/0] undo shutdown
[Switch1-GigabitEthernet1/0/0] quit
[Switch1] interface gigabitethernet 1/0/1
[Switch1-GigabitEthernet1/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch1-GigabitEthernet1/0/1] undo shutdown
[Switch1-GigabitEthernet1/0/1] quit
[Switch1] interface gigabitethernet 1/0/2
[Switch1-GigabitEthernet1/0/2] port vlan-stacking vlan 20 stack-vlan 100
[Switch1-GigabitEthernet1/0/2] undo shutdown
[Switch1-GigabitEthernet1/0/2] quit
# Configure Switch 2.
<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] vlan 100
[Switch2-vlan100] quit
[Switch2] interface gigabitethernet 1/0/0
# Configure Switch 3.
<HUAWEI> system-view
[HUAWEI] sysname Switch3
[Switch3] vlan 100
[Switch3-vlan100] quit
[Switch3] interface gigabitethernet 1/0/0
[Switch3-GigabitEthernet1/0/0] port trunk allow-pass vlan 100
[Switch3-GigabitEthernet1/0/0] undo shutdown
[Switch3-GigabitEthernet1/0/0] quit
[Switch3] interface gigabitethernet 1/0/1
[Switch3-GigabitEthernet1/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch3-GigabitEthernet1/0/1] undo shutdonw
[Switch3-GigabitEthernet1/0/1] quit
[Switch3] interface gigabitethernet 1/0/2
[Switch3-GigabitEthernet1/0/2] port vlan-stacking vlan 20 stack-vlan 100
[Switch3-GigabitEthernet1/0/2] undo shutdown
[Switch3-GigabitEthernet1/0/2] quit
NOTE
If the device does not support the port vlan-stacking command, you can run the commands port link-
type dot1q-tunnel and port default vlan to configure QinQ.
Configure IP addresses of the interfaces on CEs based on Figure 5-24. Set the packet sent from
the CE to the switch to carry one VLAN tag.
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] interface gigabitethernet 1/0/0.1
[CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24
[CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[CE1-GigabitEthernet1/0/0.1] undo shutdown
[CE1-GigabitEthernet1/0/0.1] quit
# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] interface gigabitethernet 1/0/0.1
[CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24
[CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[CE2-GigabitEthernet1/0/0.1] undo shutdown
[CE2-GigabitEthernet1/0/0.1] quit
# Configure CE3.
<HUAWEI> system-view
[HUAWEI] sysname CE3
[CE3] interface gigabitethernet 1/0/0.1
[CE3-GigabitEthernet1/0/0.1] ip address 10.1.1.3 24
[CE3-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[CE3-GigabitEthernet1/0/0.1] undo shutdown
[CE3-GigabitEthernet1/0/0.1] quit
# Configure CE4.
<HUAWEI> system-view
[HUAWEI] sysname CE4
[CE4] interface gigabitethernet 1/0/0.1
[CE4-GigabitEthernet1/0/0.1] ip address 10.3.1.1 24
[CE4-GigabitEthernet1/0/0.1] vlan-type dot1q 20
[CE4-GigabitEthernet1/0/0.1] undo shutdown
[CE4-GigabitEthernet1/0/0.1] quit
# Configure CE5.
<HUAWEI> system-view
[HUAWEI] sysname CE5
[CE5] interface gigabitethernet 1/0/0.1
[CE5-GigabitEthernet1/0/0.1] ip address 10.3.1.2 24
[CE5-GigabitEthernet1/0/0.1] vlan-type dot1q 20
[CE5-GigabitEthernet1/0/0.1] undo shutdown
[CE5-GigabitEthernet1/0/0.1] quit
# Configure CE6.
<HUAWEI> system-view
[HUAWEI] sysname CE6
[CE6] interface gigabitethernet 1/0/0.1
[CE6-GigabitEthernet1/0/0.1] ip address 10.3.1.3 24
[CE6-GigabitEthernet1/0/0.1] vlan-type dot1q 20
[CE6-GigabitEthernet1/0/0.1] undo shutdown
[CE6-GigabitEthernet1/0/0.1] quit
After the preceding configuration, run the display vsi name ldp1 verbose command on PE1.
you can find that PWs to PE2 and PE3 are set up on the VSI named ldp1. The VSI status is Up.
[PE1] display vsi name ldp1 verbose
***VSI Name : ldp1
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Mode : uniform
Service Class : --
Color : --
DomainId : 0
Domain Name :
VSI State : up
Resource Status : Valid
VSI ID : 2
*Peer Router ID : 3.3.3.9
VC Label : 142336
Peer Type : dynamic
Session : up
Tunnel ID : 0x80800b,
*Peer Router ID : 2.2.2.9
VC Label : 142337
Peer Type : dynamic
Session : up
Tunnel ID : 0x608006,
Interface Name : GigabitEthernet2/0/0.1
State : up
**PW Information:
*Peer Ip Address : 3.3.3.9
PW State : up
Local VC Label : 142336
Remote VC Label : 142336
PW Type : label
Tunnel ID : 0x80800b,
*Peer Ip Address : 2.2.2.9
PW State : up
Local VC Label : 142337
Remote VC Label : 142336
PW Type : label
Tunnel ID : 0x608006,
The hosts attached to CE1, CE2, and CE3 can ping through each other.
[CE1] ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=50 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=1 ms
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=1 ms
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=1 ms
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=1 ms
--- 10.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/10/50 ms
[CE1] ping 10.1.1.3
PING 10.1.1.3: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.3: bytes=56 Sequence=1 ttl=255 time=1 ms
Reply from 10.1.1.3: bytes=56 Sequence=2 ttl=255 time=1 ms
Reply from 10.1.1.3: bytes=56 Sequence=3 ttl=255 time=1 ms
Reply from 10.1.1.3: bytes=56 Sequence=4 ttl=255 time=1 ms
Reply from 10.1.1.3: bytes=56 Sequence=5 ttl=255 time=1 ms
--- 10.1.1.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
peer 2.2.2.9
#
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
mode user-termination
#
interface GigabitEthernet2/0/0.1
undo shutdown
control-vid 1 qinq-termination
qinq termination l2 symmetry
qinq termination pe-vid 100 ce-vid 10
qinq termination pe-vid 100 ce-vid 20
l2 binding vsi ldp1
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 10.11.3.1 255.255.255.252
mpls
mpls ldp
#
interface Pos1/0/1
link-protocol ppp
undo shutdown
ip address 10.11.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.11.1.0 0.0.0.3
network 10.11.3.0 0.0.0.3
#
return
interface GigabitEthernet2/0/0.1
undo shutdown
control-vid 1 qinq-termination
qinq termination l2 symmetry
qinq termination pe-vid 100 ce-vid 10
qinq termination pe-vid 100 ce-vid 20
l2 binding vsi ldp1
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 10.11.3.2 255.255.255.252
mpls
mpls ldp
#
interface Pos1/0/1
link-protocol ppp
undo shutdown
ip address 10.11.2.2 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.11.3.0 0.0.0.3
network 10.11.2.0 0.0.0.3
#
return
mpls ldp
#
interface Pos1/0/1
link-protocol ppp
undo shutdown
ip address 10.11.2.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.11.1.0 0.0.0.3
network 10.11.2.0 0.0.0.3
#
return
undo shutdown
port trunk allow-pass vlan 100
#
interface GigabitEthernet1/0/1
undo shutdown
port vlan-stacking vlan 10 stack-vlan 100
#
interface GigabitEthernet1/0/2
undo shutdown
port vlan-stacking vlan 20 stack-vlan 100
#
return
return
Networking Requirements
As shown in Figure 5-25, PE1 and PE2 are configured with the basic VPLS function. CE1 and
CE2 access the VSI on PE1 through switches. In Figure 5-25:
l The packets sent from CE1 and CE2 to PE1 have double tags.
l Switch2 labels the packets received from CE1 with the inner tag 10. Switch3 labels the
packets received from CE2 with the inner tag 20.
l Switch1 labels the packets received from CE1 and CE2 with the same outer tag 100.
If PE1 is configured with QinQ termination sub-interface accessing the VPLS network, the
packets sent by these CEs cannot be forwarded by GE 1/0/0 because packets from CE1/0/0 to
PE1 have the same outer tag (otherwise, Switch1 learns the same MAC address entry from
different interfaces, which leads to incorrect forwarding). Therefore, CEs in the same VSI on
PE1 cannot communicate. In this case, to ensure that CE1 and CE2 can communicate, you can
configure the QinQ termination sub-interface to support the local switching.
VSI:v1
VSI:v1
MPLS/IP core PE2
PE1
GE1/0/0
VLAN trunk 100 QinQ termination
GE1/0/0
VLAN stacking 100 GE2/0/0 GE3/0/0 VLAN stacking 100
Switch1
VLAN trunk 10
VLAN trunk 20
GE2/0/0 GE2/0/0
Switch2 Switch3
GE1/0/0 GE1/0/0
VLAN10
CE1 CE2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the basic VPLS function on the PEs and ensure that the VSIs on the PEs are Up.
2. On PE1, configure the QinQ termination sub-interface to support the local switching and
configure the QinQ termination sub-interface to access the VPLS network. After the
configuration, CEs in the same VSI can communicate.
3. Configure the Layer 2 forwarding function on the switches. After the configuration, the
packets received on the PEs from the CEs have double tags with the outer tags being the
same.
4. Disable the MAC address learning on the switches connected to the termination sub-
interface on the PEs.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the mode of the interface connected to PE1 as user-termination.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] mode user-termination
[PE1-GigabitEthernet1/0/0] undo shutdown
[PE1-GigabitEthernet1/0/0] quit
Step 2 Configure IGP, MPLS, LDP, and VPLS between the PEs.
For configuration details, see "Configuration Files" in this section. After the configuration, run
the display vsi command on PE1 and PE2, and you can find that the VSI status is Up. Take PE1
as an example.
[PE1] display vsi
Total VSI number is 1, 1 is up, 0 is down, 1 is LDP mode, 0 is BGP mode
Vsi Mem PW Mac Encap Mtu Vsi
Name Disc Type Learn Type Value State
--------------------------------------------------------------------------
v1 static ldp unqualify vlan 1500 up
Step 3 Configure the QinQ termination sub-interface to support the local switching and to access the
VPLS network.
On PE1, configure the QinQ termination sub-interface to support the local switching and to
access the VPLS network. After the configurations, CEs in the same VSI can communicate.
[PE1] interface gigabitethernet 1/0/0.1
[PE1-GigabitEthernet1/0/0.1] control-vid 1 qinq-termination local-switch
[PE1-GigabitEthernet1/0/0.1] qinq termination pe-vid 100 ce-vid 1 to 20
[PE1-GigabitEthernet1/0/0.1] l2 binding vsi v1
[PE1-GigabitEthernet1/0/0.1] undo shutdown
[PE1-GigabitEthernet1/0/0.1] quit
Step 4 Configure the basic Layer 2 forwarding function. After the configuration, the packets received
on PE1 from the CEs have double tags with the outer tags being the same.
# On Switch1, label the VLAN packets from GE 2/0/0 and GE 3/0/0 with the outer tag 100, and
permit GE 1/0/0 to send these packets to PE1.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan 100
[Switch1-vlan100] quit
[Switch1] interface gigabitethernet 1/0/0
[Switch1-GigabitEthernet1/0/0] port trunk allow-pass vlan 100
[Switch1-GigabitEthernet1/0/0] undo shutdown
[Switch1-GigabitEthernet1/0/0] quit
[Switch1] interface gigabitethernet 2/0/0
[Switch1-GigabitEthernet2/0/0] port link-type dot1q-tunnel
[Switch1-GigabitEthernet2/0/0] port default vlan 100
[Switch1-GigabitEthernet2/0/0] undo shutdown
[Switch1-GigabitEthernet2/0/0] quit
[Switch1] interface gigabitethernet 3/0/0
[Switch1-GigabitEthernet3/0/0] port link-type dot1q-tunnel
[Switch1-GigabitEthernet3/0/0] port default vlan 100
# On Switch2, label the VLAN packets from GE 1/0/0 with the tag 10, and permit GE 2/0/0 to
send these packets to Switch1.
<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] vlan 10
[Switch2-vlan10] quit
[Switch2] interface gigabitethernet 1/0/0
[Switch2-GigabitEthernet1/0/0] port default vlan 10
[Switch2-GigabitEthernet1/0/0] undo shutdown
[Switch2-GigabitEthernet1/0/0] quit
[Switch2] interface gigabitethernet 2/0/0
[Switch2-GigabitEthernet2/0/0] port trunk allow-pass vlan 10
[Switch2-GigabitEthernet2/0/0] undo shutdown
[Switch2-GigabitEthernet2/0/0] quit
# On Switch3, label the VLAN packets from GE 1/0/0 with the tag 20, and permit GE 2/0/0 to
send these packets to Switch1.
<HUAWEI> system-view
[HUAWEI] sysname Switch3
[Switch3] vlan 10
[Switch3-vlan10] quit
[Switch3] interface gigabitethernet 1/0/0
[Switch3-GigabitEthernet1/0/0] port default vlan 20
[Switch3-GigabitEthernet1/0/0] undo shutdown
[Switch3-GigabitEthernet1/0/0] quit
[Switch3] interface gigabitethernet 2/0/0
[Switch3-GigabitEthernet2/0/0] port trunk allow-pass vlan 20
[Switch3-GigabitEthernet2/0/0] undo shutdown
[Switch3-GigabitEthernet2/0/0] quit
After the configurations, run the display vlan vlan-id command on the switches, and you can
find the interfaces added to the VLAN are Up. The VLAN trunk interface is displayed as "Tagged
port"; the default VLAN interface is displayed as "Untagged port".
Disable the MAC address learning on Switch1. Otherwise, Switch1 learns the same MAC
address from different interfaces.
[Switch1] interface gigabitethernet 1/0/0
[Switch1-GigabitEthernet1/0/0] mac-address learning disable
[Switch1-GigabitEthernet1/0/0] quit
[Switch1] undo mac-address all
# Check the MAC address entries on PE1. You can find that PE1 has learned the address of GE
1/0/0 and the values of double tags with the outer tag "PEVLAN" being the same from CE1 and
CE2.
[PE1] display mac-address dynamic 1
MAC Address VLAN/VSI PEVLAN CEVLAN Port Type Lsp
--------------------------------------------------------------------------------
00e0-fc22-18e1 v1 100 20 GigabitEthernet1/0/0 dynamic 4/65546
00e0-fc7a-5747 v1 100 10 GigabitEthernet1/0/0 dynamic 4/65556
Total 2 ,2 printed
# Run the display arp interface command on the CEs, and you can find the ARP entries of the
CEs are correct.
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
mpls l2vpn
#
vsi v1 static
pwsignal ldp
vsi-id 100
peer 2.2.2.9
peer 3.3.3.9
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface GigabitEthernet1/0/0
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/0.1
undo shutdown
control-vid 1 qinq-termination local-switch
qinq termination pe-vid 100 ce-vid 1 to 20
l2 binding vsi v1
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 10.11.1.1 255.255.255.0
mpls
mpls ldp
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.11.1.0 0.0.0.255
#
return
vlan batch 20
#
interface GigabitEthernet1/0/0
undo shutdown
port default vlan 20
#
interface GigabitEthernet2/0/0
undo shutdown
port trunk allow-pass vlan 20
#
return
Network Requirements
If a local network does not have a DHCP server, the DHCP relay function can be enabled on the
router. In this manner, the DHCP Request packet from the client can be transmitted to the DHCP
server through the DHCP relay.
To receive the user packet with one tag, the sub-interface for dot1q VLAN tag termination can
be configured with the DHCP relay function.
As shown in Figure 5-26, the network segment to which the DHCP client belongs is
10.11.1.0/24, while the network segment to which the DHCP server belongs is 10.11.3.0/24.
The DHCP packets should be relayed through the router with the DHCP relay function to make
the DHCP client obtain the related configuration information such as the IP address from the
DHCP server.
The DHCP server should be assigned with an IP address pool on the network segment 10.11.1.0,
so that the DHCP server can assign appropriate IP addresses to the DHCP clients on the network
segment. You need to configure the route to the network segment 10.11.1.0 on the DHCP server.
The lease period of the addresses on the segment 10.11.1.0/24 is 10 days and 12 hours, and the
domain name is huawei.com. The DNS address is 10.11.1.2. The NetBIOS address is 10.11.1.3.
The address of the egress device is 10.11.1.1.
The packets received on the DHCP relay carries one VLAN tag.
Figure 5-26 Typical networking diagram of configuring the sub-interface for dot1q VLAN tag
termination to support the DHCP relay function
DHCP Client1
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the DHCP relay interface mode to user termination.
<HUAWEI> system-view
[HUAWEI] sysname DHCP-Relay
[DHCP-Relay] interface gigabitethernet 2/0/0
[DHCP-Relay-GigabitEthernet2/0/0] undo shutdown
# Enter the view of the interface on which DHCP relay is to be enabled and configure its IP
address and mask to keep it and the DHCP client on the same network segment.
[DHCP-Relay] interface gigabitethernet 2/0/0.1
[DHCP-Relay-GigabitEthernet2/0/0.1] undo shutdown
[DHCP-Relay-GigabitEthernet2/0/0.1] ip address 10.11.1.1 24
[DHCP-Relay-GigabitEthernet2/0/0.1] ip relay address 10.11.3.1
[DHCP-Relay-GigabitEthernet2/0/0.1] dhcp select relay
[DHCP-Relay-GigabitEthernet2/0/0.1] quit
# Configure the features of the DHCP address pool 1, including the IP address of the gateway,
range of IP addresses in the address pool, IP addresses forbidden to be automatically assigned,
domain name suffix of the DNS server, IP address of the DNS server, and address lease.
[DHCP-Server] ip pool 1 server
[DHCP-Server-dhcp-1] gateway 10.11.1.1 255.255.255.0
[DHCP-Server-dhcp-1] section 0 10.11.1.5 10.11.1.100
[DHCP-Server-dhcp-1] excluded-ip-address 10.11.1.1 10.11.1.3
[DHCP-Server-dhcp-1] dns-suffix huawei.com
[DHCP-Server-dhcp-1] dns-server 10.11.1.2
[DHCP-Server-dhcp-1] netbios-name-server 10.11.1.3
[DHCP-Server-dhcp-1] lease 10 12
[DHCP-Server-dhcp-1] quit
Step 4 Configure the sub-interface for dot1p VLAN tag termination on the DHCP relay.
[DHCP-Relay] interface gigabitethernet 2/0/0.1
[DHCP-Relay-GigabitEthernet2/0/0.1] undo shutdown
[DHCP-Relay-GigabitEthernet2/0/0.1] control-vid 1 dot1q-termination
[DHCP-Relay-GigabitEthernet2/0/0.1] dot1q termination vid 10
[DHCP-Relay-GigabitEthernet2/0/0.1] arp broadcast enable
[DHCP-Relay-GigabitEthernet2/0/0.1] quit
NOTE
l If the dot1q sub-interface is not configured with Option 82, when accessing the DHCP relay service,
the dot1q sub-interface encapsulates all the DHCP messages received from the DHCP relay with only
the smallest VLAN ID configured on it and sends the messages to the client side. The other VLAN
IDs are not processed.
In this example, if dot1q termination vid 10 and dot1q termination vid 20 are configured on the
dot1q sub-interface, the sub-interface encapsulates the received DHCP messages with only VLAN 10
and sends the messages to the client side. In this case, clients in VLAN 20 cannot obtain IP addresses.
l If the dot1q sub-interface is configured with Option 82, the dot1q sub-interface encapsulates the
received DHCP messages with the corresponding VLAN IDs of the clients.
# Configure Switch.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] interface gigabitethernet 1/0/0
[Switch-GigabitEthernet1/0/0] undo shutdown
[Switch-GigabitEthernet1/0/0] port trunk allow-pass vlan 10
[Switch-GigabitEthernet1/0/0] quit
[Switch] vlan 10
[Switch-vlan10] port gigabitethernet 1/0/1
[Switch-vlan10] quit
Run the display dhcp relay address command on the DHCP relay device to view the address
configuration of the DHCP relay device.
[DHCP-Relay] display dhcp relay address all
** GigabitEthernet2/0/0.1 DHCP Relay Address **
Dhcp Option Relay Agent IP Server IP
* - 10.11.3.1
The DHCP client can obtain an IP address allocated by the DHCP server through the DHCP
relay.
----End
Configuration Files
l Configuration file of a DHCP relay
#
sysname DHCP-Relay
#
interface GigabitEthernet2/0/0
undo shutdown
mode user-termination
#
interface GigabitEthernet2/0/0.1
undo shutdown
control-vid 1 dot1q-termination
dot1q termination vid 10
ip address 10.11.1.1 255.255.255.0
ip relay address 10.11.3.1
dhcp select relay
arp broadcast enable
#
interface Pos 1/0/0
link-protocol ppp
undo shutdown
Network Requirements
If a local network does not have a DHCP server, the DHCP relay function can be enabled on the
router. In this manner, the DHCP Request packet from the client can be transmitted to the DHCP
server through the DHCP relay.
To receive the user packet with double tags, the sub-interface for QinQ VLAN tag termination
can be configured with the DHCP relay function.
As shown in Figure 5-27, the network segment to which the DHCP client belongs is
10.11.1.0/24, while the network segment to which the DHCP server belongs is 10.11.3.0/24.
The DHCP packets should be relayed through the router with the DHCP relay function to make
the DHCP client obtain the related configuration information such as the IP address from the
DHCP server.
The DHCP server should be assigned an IP address pool on the network segment 10.11.1.0, so
that the DHCP server can assign IP addresses to the DHCP clients on the network segment. You
need to configure the route to the network segment 10.11.1.0 on the DHCP server. After the
DHCP server receives a packet containing Option82 information from the DHCP relay, the
DHCP server sends a response also contains Option82 information to the DHCP relay.
The lease period of the addresses on the segment 10.11.1.0/24 is 10 days and 12 hours, and the
domain name is huawei.com. The DNS address is 10.11.1.2. The NetBIOS address is 10.11.1.3.
The address of the egress device is 10.11.1.1.
The packets received on the DHCP relay carries double VLAN tags.
Figure 5-27 Typical networking diagram of configuring the sub-interface for QinQ VLAN tag
termination to support the DHCP relay function
DHCP- Server
POS1/0/0
10.11.3.1/24
Internet
DHCP- Relay
POS1/0/0
10.11.2.1/24
GE2/0/0.1
10.11.1.1/24
GE1/0/0
Switch1
GE1/0/1 GE1/0/2
GE1/0/1 GE1/0/1
Switch2 Switch3
GE1/0/0 GE1/0/0
VLAN10 VLAN20
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the mode of the DHCP relay to user termination.
<HUAWEI> system-view
[HUAWEI] sysname DHCP-Relay
[DHCP-Relay] interface gigabitethernet 2/0/0
[DHCP-Relay-GigabitEthernet2/0/0] undo shutdown
[DHCP-Relay-GigabitEthernet2/0/0] mode user-termination
[DHCP-Relay-GigabitEthernet2/0/0] quit
# Enable DHCP.
[DHCP-Relay] dhcp enable
# Enter the view of the interface on which DHCP relay is to be enabled and configure its IP
address and mask to keep it and the DHCP client on the same network segment.
[DHCP-Relay] interface gigabitethernet 2/0/0.1
[DHCP-Relay-GigabitEthernet2/0/0.1] undo shutdown
[DHCP-Relay-GigabitEthernet2/0/0.1] ip address 10.11.1.1 24
[DHCP-Relay-GigabitEthernet2/0/0.1] ip relay address 10.11.3.1
[DHCP-Relay-GigabitEthernet2/0/0.1] dhcp select relay
[DHCP-Relay-GigabitEthernet2/0/0.1] quit
# Configure the client connected to POS 1/0/0 to obtain the IP address from the global address
pool.
[DHCP-Server] interface pos 1/0/0
[DHCP-Server-Pos1/0/0] undo shutdown
[DHCP-Server-Pos1/0/0] ip address 10.11.3.1 24
[DHCP-Server-Pos1/0/0] quit
# Configure the features of the DHCP address pool 1, including the IP address of the gateway,
range of IP addresses in the address pool, IP addresses forbidden to be automatically assigned,
domain name suffix of the DNS server, IP address of the DNS server, and address lease.
[DHCP-Server] ip pool 1 server
[DHCP-Server-dhcp-1] gateway 10.11.1.1 255.255.255.0
[DHCP-Server-dhcp-1] section 0 10.11.1.5 10.11.1.100
[DHCP-Server-dhcp-1] excluded-ip-address 10.11.1.1 10.11.1.3
[DHCP-Server-dhcp-1] dns-suffix huawei.com
[DHCP-Server-dhcp-1] dns-server 10.11.1.2
[DHCP-Server-dhcp-1] netbios-name-server 10.11.1.3
[DHCP-Server-dhcp-1] lease 10 12
[DHCP-Server-dhcp-1] quit
Step 4 Configure the sub-interface for QinQ VLAN tag termination on the DHCP relay.
[DHCP-Relay] interface gigabitethernet 2/0/0.1
[DHCP-Relay-GigabitEthernet2/0/0.1] undo shutdown
[DHCP-Relay-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination
[DHCP-Relay-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10
[DHCP-Relay-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 20
[DHCP-Relay-GigabitEthernet2/0/0.1] dhcp option82 rebuild enable
[DHCP-Relay-GigabitEthernet2/0/0.1] arp broadcast enable
[DHCP-Relay-GigabitEthernet2/0/0.1] quit
NOTE
l When you run the qinq termination command on the same primary interface, the ce-vid values cannot
be the same if the pe-vid values of the two different sub-interfaces are the same.
l On the DHCP relay, you need to use the dhcp option82 insert enable command or the dhcp option82
rebuild enable command to enable the sub-interface for QinQ VLAN tag termination to insert the
Option 82 field into the DHCP message.
If the QinQ sub-interface is not configured with Option 82, when accessing the DHCP relay service,
the QinQ sub-interface encapsulates all the DHCP messages received from the DHCP relay with only
the smallest VLAN ID configured on it and sends the messages to the client side. The other VLAN
IDs are not processed.
l After the relay sends a packet containing Option 82 information to the DHCP server, the Offer or ACK
message returned from the DHCP server must contain the Option 82 information.
# Configure Switch 2.
<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] vlan 10
[Switch2-vlan10] port gigabitethernet 1/0/0
[Switch2-vlan10] quit
[Switch2] interface gigabitethernet 1/0/1
[Switch2-GigabitEthernet1/0/1] undo shutdown
[Switch2-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[Switch2-GigabitEthernet1/0/1] quit
# Configure Switch 3.
<HUAWEI> system-view
[HUAWEI] sysname Switch3
[Switch3] vlan 20
[Switch3-vlan20] port gigabitethernet 1/0/0
[Switch3-vlan20] quit
[Switch3] interface gigabitethernet 1/0/1
[Switch3-GigabitEthernet1/0/1] undo shutdown
[Switch3-GigabitEthernet1/0/1] port trunk allow-pass vlan 20
[Switch3-GigabitEthernet1/0/1] quit
Step 6 Configure QinQ and set the packets sent from Switch 1 to the DHCP server to carry double tags.
# Configure Switch 1.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan 100
[Switch1-vlan100] quit
[Switch1] interface gigabitethernet 1/0/0
[Switch1-GigabitEthernet1/0/0] undo shutdown
[Switch1-GigabitEthernet1/0/0] port trunk allow-pass vlan 100
[Switch1-GigabitEthernet1/0/0] quit
[Switch1] interface gigabitethernet 1/0/1
[Switch1-GigabitEthernet1/0/1] undo shutdown
[Switch1-GigabitEthernet1/0/1] port vlan-stacking vlan 10 stack-vlan 100
[Switch1-GigabitEthernet1/0/1] quit
[Switch1] interface gigabitethernet 1/0/2
[Switch1-GigabitEthernet1/0/2] undo shutdown
[Switch1-GigabitEthernet1/0/2] port vlan-stacking vlan 20 stack-vlan 100
[Switch1-GigabitEthernet1/0/2] quit
Run the display dhcp relay address command on the DHCP relay device to view the address
configuration of the DHCP relay device.
[DHCP-Relay] display dhcp relay address all
** GigabitEthernet2/0/0.1 DHCP Relay Address **
Dhcp Option Relay Agent IP Server IP
* - 10.11.3.1
The DHCP client can obtain an IP address allocated by the DHCP server through the DHCP
relay.
----End
Configuration Files
l Configuration file of a DHCP relay
#
sysname DHCP-Relay
#
interface GigabitEthernet2/0/0
undo shutdown
mode user-termination
#
interface GigabitEthernet2/0/0.1
undo shutdown
control-vid 1 qinq-termination
qinq termination pe-vid 100 ce-vid 10
qinq termination pe-vid 100 ce-vid 20
dhcp select relay
ip address 10.11.1.1 255.255.255.0
ip relay address 10.11.3.1
dhcp option82 rebuild enable
arp broadcast enable
#
interface Pos 1/0/0
link-protocol ppp
undo shutdown
ip address 10.11.2.1 255.255.255.0
#
return
#
interface GigabitEthernet1/0/1
undo shutdown
port trunk allow-pass vlan 20
#
return
Networking Requirements
As shown in Figure 5-28, the DHCP client connects to the DHCP relay through two-hierarchy
switches and requests valid IP addresses from the DHCP server through the DHCP relay. The
DHCP server supports Option82 return. The lease period of the addresses on the segment
10.1.1.0/24 is 10 days and 12 hours, and the domain name is huawei.com. The DNS address is
10.1.1.2. The NetBIOS address is 10.1.1.3.
Two-hierarchy switches attach double tags to the packets that are sent from the DHCP client to
the DHCP relay. It is required to configure the sub-interface of the DHCP relay on the client
side to terminate double tags in the client packet and support the DHCP relay function.
l Dynamic QinQ
Dynamic QinQ is configured on the termination sub-interface of the DHCP relay on the
client side. When users log in, resources are allocated to users. When users log out arising
from exceptions after requesting IP addresses, the system senses this failure automatically,
then deletes the binding in the DHCP binding table, and notifies the DHCP server to release
IP addresses.
l Security features
The DHCP relay can defend itself against the following types of DHCP attacks:
– Bogus DHCP server attack
– Middleman attack and IP/MAC spoofing attack
– DoS attack by changing CHADDR
– Attack by sending bogus DHCP request messages for extending IP lease
– Attack by sending the DHCP request message
DHCP Server
GE1/0/0
10.11.1.2/24
/1 GE
E 1/0 1/0
G /2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the interface mode on the DHCP relay as the user termination mode.
2. Configure the basic functions of the DHCP relay.
3. Configure the basic functions of the DHCP server.
4. Configure the sub-interface for QinQ termination to support DHCP relay and dynamic
QinQ.
5. Configure the basic functions of DHCP snooping.
6. Associate ARP with DHCP snooping so that the DHCP relay can dynamically sense users'
log in and log out.
7. Configure Layer 2 forwarding and QinQ for Switch.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the user termination mode on the interface of the DHCP relay.
<HUAWEI> system-view
[HUAWEI] sysname DHCP-Relay
[DHCP-Relay] interface gigabitethernet 1/0/0
[DHCP-Relay-GigabitEthernet1/0/0] mode user-termination
[DHCP-Relay-GigabitEthernet1/0/0] undo shutdown
[DHCP-Relay-GigabitEthernet1/0/0] quit
# Configure a sub-interface that is to implement DHCP relay. Assign an IP address and subnet
mask to the sub-interface so that the sub-interface and the DHCP client reside on the same
segment.
[DHCP-Relay] interface gigabitethernet 1/0/0.1
[DHCP-Relay-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24
[DHCP-Relay-GigabitEthernet1/0/0.1] ip relay address 10.11.1.2
[DHCP-Relay-GigabitEthernet1/0/0.1] dhcp select relay
[DHCP-Relay-GigabitEthernet1/0/0.1] undo shutdown
[DHCP-Relay-GigabitEthernet1/0/0.1] quit
# Configure the client on GE 1/0/0 to obtain IP addresses from the global address pool.
[DHCP-Server] interface gigabitethernet 1/0/0
[DHCP-Server-GigabitEthernet1/0/0] undo shutdown
[DHCP-Server-GigabitEthernet1/0/0] ip address 10.11.1.2 24
[DHCP-Server-GigabitEthernet1/0/0] quit
# Configure the attributes for DHCP address pool 1, including the address pool range, the domain
name, the egress gateway, the DNS address, and the address lease period.
[DHCP-Server] ip pool 1 server
[DHCP-Server-dhcp-1] gateway 10.1.1.1 255.255.255.0
[DHCP-Server-dhcp-1] section 0 10.1.1.5 10.1.1.100
[DHCP-Server-dhcp-1] excluded-ip-address 10.1.1.1 10.1.1.3
[DHCP-Server-dhcp-1] dns-suffix huawei.com
[DHCP-Server-dhcp-1] dns-server 10.1.1.2
[DHCP-Server-dhcp-1] netbios-name-server 10.1.1.3
[DHCP-Server-dhcp-1] lease 10 12
[DHCP-Server-dhcp-1] quit
Step 4 Configure the sub-interface for QinQ termination on the DHCP relay and dynamic QinQ.
[DHCP-Relay] interface gigabitethernet 1/0/0.1
[DHCP-Relay-GigabitEthernet1/0/0.1] control-vid 1 qinq-termination dynamic
[DHCP-Relay-GigabitEthernet1/0/0.1] qinq-dynamic max-access-user 3
[DHCP-Relay-GigabitEthernet1/0/0.1] qinq-dynamic user-queue 1024 bandwidth 51200
inbound
[DHCP-Relay-GigabitEthernet1/0/0.1] qinq termination pe-vid 1 ce-vid 1 to 4094
[DHCP-Relay-GigabitEthernet1/0/0.1] qinq termination pe-vid 2 ce-vid 1 to 4094
[DHCP-Relay-GigabitEthernet1/0/0.1] dhcp option82 insert enable
[DHCP-Relay-GigabitEthernet1/0/0.1] arp broadcast enable
[DHCP-Relay-GigabitEthernet1/0/0.1] arp learning strict force-disable
[DHCP-Relay-GigabitEthernet1/0/0.1] undo shutdown
[DHCP-Relay-GigabitEthernet1/0/0.1] quit
NOTE
l On the DHCP relay, you need to use the dhcp option82 insert enable command or the dhcp option82
rebuild enable command to enable the sub-interface for QinQ VLAN tag termination to insert the
Option 82 field into the DHCP message.
If the QinQ sub-interface is not configured with Option 82, when accessing the DHCP relay service,
the QinQ sub-interface encapsulates all the DHCP messages received from the DHCP relay with only
the smallest VLAN ID configured on it and sends the messages to the client side. The other VLAN
IDs are not processed.
l The DHCP server must support the Option82 return function. Namely, the Offer or ACK message
returned from the DHCP server must contain the Option82 information.
l Run the arp learning strict force-disable command to unfetter the dynamic QinQ interface from
global ARP rigid learning so that the dynamic QinQ interface can learn the ARP request sent by users.
# Check the DHCP request message on the interface on the DHCP client side. This prevents
the attacker from sending bogus DHCP request messages for extending IP lease.
# Check CHADDR packets on the interface on the DHCP client side. This prevents the
DoS attack that is launched by changing the CHADDR value.
[DHCP-Relay] interface gigabitethernet 1/0/0.1
[DHCP-Relay-GigabitEthernet1/0/0.1] dhcp snooping check dhcp-chaddr enable
[DHCP-Relay-GigabitEthernet1/0/0.1] quit
4. Configure forwarding behaviors for the packets that do not contain DHCP snooping entries.
# Configure how to process unmatched ARP and IP packets globally.
[DHCP-Relay] dhcp snooping nomatch-packet arp action discard
[DHCP-Relay] dhcp snooping nomatch-packet ip action discard
# The system sends the ARP packet to probe the IP address that expires within the aging time
in the DHCP snooping entry and does not exist in the ARP entry. If no user is detected within
the specified detection times, the system deletes the binding relationship in the DHCP binding
table and notifies the DHCP server to release the IP address.
[DHCP-Relay] arp dhcp-snooping-detect enable
Step 7 Configure QinQ so that the packets sent from Switch to the DHCP relay carry double tags.
# Configure Switch.
<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 1 to 2
[Switch] interface gigabitethernet 2/0/0
[Switch-GigabitEthernet2/0/0] port trunk allow-pass vlan 1 to 2
[Switch-GigabitEthernet2/0/0] undo shutdown
[Switch-GigabitEthernet2/0/0] quit
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port vlan-stacking vlan 1 to 4094 push vlan 1 inbound
The DHCP client can request valid IP addresses. Running the display this command on the
termination sub-interface configured with dynamic QinQ, you can find that the control-vid
dynamic command is configured on the sub-interface.
[DHCP-Relay-GigabitEthernet1/0/0.1] display this
#
interface GigabitEthernet1/0/0.1
control-vid 1 qinq-termination dynamic
qinq termination pe-vid 2 ce-vid 1 to 4094
ip address 10.1.1.1 255.255.255.0
ip relay address 10.11.1.2
dhcp select relay
dhcp snooping enable
dhcp snooping check arp enable
dhcp snooping alarm arp enable
dhcp snooping alarm arp threshold 10
dhcp snooping nomatch-packet arp action discard
dhcp snooping check ip enable
dhcp snooping nomatch-packet ip action discard
dhcp snooping alarm dhcp-reply enable
dhcp snooping alarm dhcp-reply threshold 10
dhcp snooping check dhcp-chaddr enable
dhcp snooping alarm dhcp-chaddr enable
dhcp snooping alarm dhcp-chaddr threshold 10
dhcp snooping check dhcp-request enable
dhcp snooping alarm dhcp-request enable
dhcp snooping alarm dhcp-request threshold 10
dhcp option82 insert enable
#
Running the display dhcp snooping global command on the DHCP relay, you can find that
DHCP snooping is enabled in the global view and interface view. In addition, you can view the
statistics of the alarm message sent to the NMS.
[DHCP-Relay] display dhcp snooping global
dhcp snooping enable
dhcp snooping nomatch-packet ip action discard
dhcp snooping nomatch-packet arp action discard
[DHCP-Relay] display dhcp snooping interface gigabitethernet 1/0/0.1
dhcp snooping enable
dhcp snooping check arp enable
dhcp snooping alarm arp enable
dhcp snooping alarm arp threshold 10
dhcp snooping nomatch-packet arp action discard
dhcp snooping check ip enable
dhcp snooping nomatch-packet ip action discard
dhcp snooping alarm dhcp-reply enable
dhcp snooping alarm dhcp-reply threshold 10
dhcp snooping check dhcp-chaddr enable
dhcp snooping alarm dhcp-chaddr enable
dhcp snooping alarm dhcp-chaddr threshold 10
dhcp snooping check dhcp-request enable
dhcp snooping alarm dhcp-request enable
dhcp snooping alarm dhcp-request threshold 10
arp total 0
ip total 0
dhcp-request total 0
----End
Configuration Files
l Configuration file of a DHCP relay
#
sysname DHCP-Relay
#
dhcp snooping enable
dhcp snooping nomatch-packet ip action discard
dhcp snooping nomatch-packet arp action discard
#
interface GigabitEthernet1/0/0
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/0.1
undo shutdown
control-vid 1 qinq-termination dynamic
qinq-dynamic max-access-user 3
qinq-dynamic user-queue 1024 bandwidth 51200 inbound
qinq termination pe-vid 1 ce-vid 1 to 4094
qinq termination pe-vid 2 ce-vid 1 to 4094
ip address 10.1.1.1 255.255.255.0
ip relay address 10.11.1.2
dhcp select relay
arp learning strict force-disable
dhcp snooping enable
dhcp snooping check arp enable
dhcp snooping alarm arp enable
dhcp snooping alarm arp threshold 10
dhcp snooping nomatch-packet arp action discard
dhcp snooping check ip enable
dhcp snooping nomatch-packet ip action discard
dhcp snooping alarm dhcp-reply enable
dhcp snooping alarm dhcp-reply threshold 10
dhcp snooping check dhcp-chaddr enable
dhcp snooping alarm dhcp-chaddr enable
dhcp snooping alarm dhcp-chaddr threshold 10
dhcp snooping check dhcp-request enable
dhcp snooping alarm dhcp-request enable
dhcp snooping alarm dhcp-request threshold 10
dhcp option82 insert enable
#
interface GigabitEthernet2/0/0
undo shutdown
dhcp snooping enable
dhcp snooping trusted
#
arp dhcp-snooping-detect enable
#
return
Networking Requirements
As shown in Figure 5-29, the sub-interfaces GE1/0/0.1 of CEs are connected to PEs through
switches. The packet sent from the CE to the switch carries no tag. The switch then labels the
packets from the CE with different outer tags according to the inbound interface. The packets
sent from the switch to the PE carry one VLAN tag. It is required to configure the sub-interface
for VLAN stacking on the PE to access an L2VPN to implement inter-communication between
CE1 and CE2, and between CE3 and CE4.
Figure 5-29 Typical networking diagram of configuring the sub-interface for VLAN stacking
to access a VLL
Loopback1 Loopback1 Loopback1
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
POS1/0/0 POS1/0/0
10.11.1.1/24 10.11.2.2/24
POS1/0/0 POS2/0/0
PE1 10.11.1.2/24 P 10.11.2.1/24 PE2
GE2/0/0.1 GE2/0/0.1
GE1/0/0 GE1/0/0
Switch1 Switch2
GE1/0/1 GE1/0/2 GE1/0/1 GE1/0/2
GE1/0/0 GE1/0/0
10.3.1.1/24 10.1.1.2/24 GE1/0/0
GE1/0/0
10.1.1.1/24 10.3.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the interface mode on PE1 and PE2 as the user termination mode.
2. Run Interior Gateway Protocol (IGP) on the backbone network to interconnect the devices.
3. Enable basic Multiprotocol Label Switching (MPLS) capabilities to set up an label switched
path (LSP) in the backbone network.
4. Set up MPLS Label Distribution Protocol (LDP) remote peer relationship between the PEs
at both ends of the PW.
5. Configure the sub-interface for QinQ VLAN stacking on the client side to access an L2VPN
on the PE.
6. Configure Layer 2 forwarding on Switch.
Data Preparation
To complete the configuration, you need the following data:
l Names of the interfaces through which the PEs and the CEs are connected
l L2VC IDs that must be identical at both ends of the PW
l MPLS LSR IDs on the PEs and Ps
Procedure
Step 1 Configure the interface mode to user termination.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] mode user-termination
[PE1-GigabitEthernet2/0/0] undo shutdown
[PE1-GigabitEthernet2/0/0] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] mode user-termination
[PE2-GigabitEthernet2/0/0] undo shutdown
[PE2-GigabitEthernet2/0/0] quit
Step 2 Configure IGP on the MPLS backbone network. OSPF is configured in this example.
Configure the IP addresses of the interfaces on the PEs and Ps, as shown in Figure 5-29. When
you configure OSPF, advertise the IP addresses of the loopback interfaces on PE1, P, and PE2.
# Configure PE1.
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] interface pos 1/0/0
[PE1-Pos1/0/0] ip address 10.11.1.1 24
[PE1-Pos1/0/0] undo shutdown
[PE1-Pos1/0/0] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 10.11.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] interface LoopBack 1
[P-LoopBack1] ip address 2.2.2.9 32
[P-LoopBack1] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] ip address 10.11.1.2 24
[P-Pos1/0/0] undo shutdown
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] ip address 10.11.2.1 24
[P-Pos2/0/0] undo shutdown
[P-Pos2/0/0] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 10.11.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 10.11.2.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.9 32
[PE2-LoopBack1] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] ip address 10.11.2.2 24
[PE2-Pos1/0/0] undo shutdown
[PE2-Pos1/0/0] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 10.11.2.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
After this step, PE1 and PE2 can discover the routes of Loopback1 through OSPF and ping
through each other.
Take the display on PE1 as an example:
[PE1] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.9/32 Direct 0 0 D 127.0.0.1 LoopBack1
2.2.2.9/32 OSPF 10 2 D 10.11.1.2 Pos1/0/0
3.3.3.9/32 OSPF 10 3 D 10.11.1.2 Pos1/0/0
10.11.1.0/24 Direct 0 0 D 10.11.1.1 Pos1/0/0
10.11.1.1/32 Direct 0 0 D 127.0.0.1 Pos1/0/0
10.11.1.2/32 Direct 0 0 D 10.11.1.2 Pos1/0/0
10.11.2.0/24 OSPF 10 2 D 10.11.1.2 Pos1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[PE1] ping 10.11.2.2
PING 10.11.2.2: 56 data bytes, press CTRL_C to break
Reply from 10.11.2.2: bytes=56 Sequence=1 ttl=254 time=200 ms
Reply from 10.11.2.2: bytes=56 Sequence=2 ttl=254 time=60 ms
Reply from 10.11.2.2: bytes=56 Sequence=3 ttl=254 time=90 ms
Reply from 10.11.2.2: bytes=56 Sequence=4 ttl=254 time=90 ms
Reply from 10.11.2.2: bytes=56 Sequence=5 ttl=254 time=90 ms
--- 10.11.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 60/106/200 ms
Step 3 Enable the basic MPLS capabilities and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 1/0/0
[PE1-Pos1/0/0] mpls
[PE1-Pos1/0/0] mpls ldp
[PE1-Pos1/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface pos1/0/0
[P-Pos1/0/0] mpls
[P-Pos1/0/0] mpls ldp
[P-Pos1/0/0] quit
[P] interface pos2/0/0
[P-Pos2/0/0] mpls
[P-Pos2/0/0] mpls ldp
[P-Pos2/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] mpls
[PE2-Pos1/0/0] mpls ldp
[PE2-Pos1/0/0] quit
After the preceding configurations, LDP sessions are set up between PE1 and P, and between
PE1 and PE2. Running the display mpls ldp session command, you can view that the Status
field is "Operational". Running the display mpls ldp lsp command, you can view the
establishment status of the LDP LSP.
# Configure PE1.
# Configure PE2.
[PE2] mpls ldp remote-peer 1
[PE2-mpls-ldp-remote-1] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1] quit
After the configuration, LDP sessions can be set up between PE1 and P and between PE2 and
P.
Running the display mpls ldp session command, you can view that the Status is "Operational".
Running the display mpls ldp lsp command, you can view the setup of the LDP LSP.
Take PE1 as an example.
[PE1] display mpls ldp session
LDP Session(s) in Public Network
------------------------------------------------------------------------------
Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Passive 000:00:15 64/64
3.3.3.9:0 Operational DU Passive 000:00:01 5/5
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
[PE1] display mpls ldp lsp
LDP LSP Information
-------------------------------------------------------------------------------
DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterface
-------------------------------------------------------------------------------
1.1.1.9/32 3/NULL 2.2.2.9 127.0.0.1 InLoop0
1.1.1.9/32 3/NULL 3.3.3.9 127.0.0.1 InLoop0
*1.1.1.9/32 Liberal/4096 DS/2.2.2.9
*1.1.1.9/32 Liberal/4096 DS/3.3.3.9
*2.2.2.2/32 Liberal/3 DS/2.2.2.9
2.2.2.9/32 NULL/3 - 10.11.1.2 GE1/0/6
2.2.2.9/32 4096/3 2.2.2.9 10.11.1.2 GE1/0/6
2.2.2.9/32 4096/3 3.3.3.9 10.11.1.2 GE1/0/6
*2.2.2.9/32 Liberal/4097 DS/3.3.3.9
*3.3.3.3/32 Liberal/3 DS/3.3.3.9
3.3.3.9/32 NULL/4097 - 10.11.1.2 GE1/0/6
3.3.3.9/32 4097/4097 2.2.2.9 10.11.1.2 GE1/0/6
3.3.3.9/32 4097/4097 3.3.3.9 10.11.1.2 GE1/0/6
*3.3.3.9/32 Liberal/3 DS/3.3.3.9
-------------------------------------------------------------------------------
TOTAL: 8 Normal LSP(s) Found.
TOTAL: 6 Liberal LSP(s) Found.
TOTAL: 0 Frr LSP(s) Found.
A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale
A '*' before a UpstreamPeer means the session is stale
A '*' before a DS means the session is stale
A '*' before a NextHop means the LSP is FRR LSP
Step 5 Enable MPLS L2VPN on the PEs and set up VCs, and configure the Sub-interface for VLAN
Stacking.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1] interface gigabitethernet 2/0/0.1
[PE1-GigabitEthernet2/0/0.1] qinq stacking vid 10
[PE1-GigabitEthernet2/0/0.1] qinq stacking vid 20
# Configure PE2.
[PE2] mpls l2vpn
[PE1-l2vpn] quit
[PE2] interface gigabitethernet 2/0/0.1
[PE2-GigabitEthernet2/0/0.1] qinq stacking vid 10
[PE2-GigabitEthernet2/0/0.1] qinq stacking vid 20
[PE2-GigabitEthernet2/0/0.1] mpls l2vc 1.1.1.9 101
[PE2-GigabitEthernet2/0/0.1] undo shutdown
[PE2-GigabitEthernet2/0/0.1] quit
NOTE
Here, when configuring the sub-interface for QinQ VLAN stacking, you need to specify the value of only
the inner VLAN tag. The value of the outer tag is not required. The outer VLA tag is appended automatically
by the system.
Step 6 Configure the basic Layer 2 forwarding function and set the packet sent from the switch to the
PE to carry one VLAN tag.
# Configure Switch 1.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan 10
[Switch1-vlan10] port gigabitethernet 1/0/1
[Switch1-vlan10] quit
[Switch1] vlan 20
[Switch1-vlan20] port gigabitethernet 1/0/2
[Switch1-vlan20] quit
[Switch1] interface gigabitethernet 1/0/0
[Switch1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 20
[Switch1-GigabitEthernet1/0/0] undo shutdown
[Switch1-GigabitEthernet1/0/0] quit
# Configure Switch 2.
<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] vlan 10
[Switch2-vlan10] port gigabitethernet 1/0/1
[Switch2-vlan10] quit
[Switch2] vlan 20
[Switch2-vlan20] port gigabitethernet 1/0/2
[Switch2-vlan20] quit
[Switch2] interface gigabitethernet 1/0/0
[Switch2-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 20
[Switch2-GigabitEthernet1/0/0] undo shutdown
[Switch2-GigabitEthernet1/0/0] quit
Configure IP addresses of the interfaces on CEs based on Figure 5-29. Set the packet sent from
the CE to the switch to carry no VLAN tag.
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 24
[CE1-GigabitEthernet1/0/0] undo shutdown
[CE1-GigabitEthernet1/0/0] quit
# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] interface gigabitethernet 1/0/0
[CE2-GigabitEthernet1/0/0] ip address 10.1.1.2 24
[CE2-GigabitEthernet1/0/0] undo shutdown
[CE2-GigabitEthernet1/0/0] quit
# Configure CE3.
<HUAWEI> system-view
[HUAWEI] sysname CE3
[CE3] interface gigabitethernet 1/0/0
[CE3-GigabitEthernet1/0/0] ip address 10.3.1.1 24
[CE3-GigabitEthernet1/0/0] undo shutdown
[CE3-GigabitEthernet1/0/0] quit
# Configure CE4.
<HUAWEI> system-view
[HUAWEI] sysname CE4
[CE4] interface gigabitethernet 1/0/0
[CE4-GigabitEthernet1/0/0] ip address 10.3.1.2 24
[CE4-GigabitEthernet1/0/0] undo shutdown
[CE4-GigabitEthernet1/0/0] quit
The hosts attached to CEs can ping through each other if they are in the same VLAN.
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
mpls l2vpn
#
mpls l2vpn default martini
#
mpls ldp
#
mpls ldp remote-peer 1
remote-ip 3.3.3.9
#
interface GigabitEthernet2/0/0
undo shutdown
mode user-termination
#
interface GigabitEthernet2/0/0.1
undo shutdown
qinq stacking vid 10
qinq stacking vid 20
mpls l2vc 3.3.3.9 101
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 10.11.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.11.1.0 0.0.0.255
#
return
l Configuration file of P
#
sysname P
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 10.11.1.2 255.255.255.0
mpls
mpls ldp
#
interface Pos2/0/0
link-protocol ppp
undo shutdown
ip address 10.11.2.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.11.1.0 0.0.0.255
network 10.11.2.0 0.0.0.255
#
return
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.11.2.0 0.0.0.255
#
return
Network Requirements
As shown in Figure 5-30, CEs are connected to PEs through switches. The packet sent from the
switch to the switch carries no VLAN tags. The switch then labels the packets from the CE with
different outer tags according to the inbound interface and send the packets to the PE. It is
required to configure the sub-interface for QinQ VLAN stacking to access VPLS to implement
interworking between CE1, CE2, and CE3, and between CE4, CE5, and CE6. The backbone
network adopts Martini VPLS and uses LDP to set up PWs.
Figure 5-30 Typical networking diagram of configuring the sub-interface for VLAN stacking
to access VPLS
VPN1 VPN1
VLAN10 VLAN20
CE3 CE6
GE1/0/0 GE1/0/0
10.1.1.3/24 10.3.1.3/24
GE1/0/1 GE1/0/2
Switch3
GE1/0/0
GE2/0/0.1
POS1/0/0 POS1/0/1
10.11.1.2/30 10.11.2.1/30
PE3
Loopback1
3.3.3.9/32
POS1/0/1 POS1/0/1
10.11.1.1/30 10.11.2.2/30
POS1/0/0 POS1/0/0
Loopback1 10.11.3.1/30 10.11.3.2/30 Loopback1
1.1.1.9/32 2.2.2.9/32
PE1 GE2/0/0.1 GE2/0/0.1 PE2
GE1/0/0 GE1/0/0
Switch1 Switch2
GE1/0/1 GE1/0/2 GE1/0/1 GE1/0/2
GE1/0/0 GE1/0/0 GE1/0/0 GE1/0/0
10.1.1.1/24 10.3.1.1/24 10.1.1.2/24 10.3.1.2/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Run the Interior Gateway Protocol (IGP) protocol to connect the devices on the backbone
network.
2. Configure the basic Multiprotocol Label Switching (MPLS) capabilities on the backbone
network.
3. Set up the label switched path (LSP) tunnel between PEs.
4. Enable MPLS L2VPN on PEs.
5. Create and then configure the VSI.
6. Configure the sub-interface for QinQ VLAN stacking on PEs and bind VSIs and attachment
circuit (AC) interfaces.
7. Configure the Layer 2 forwarding function on switches.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the interface mode to user termination.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] mode user-termination
[PE1-GigabitEthernet2/0/0] undo shutdown
[PE1-GigabitEthernet2/0/0] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] mode user-termination
[PE2-GigabitEthernet2/0/0] undo shutdown
[PE2-GigabitEthernet2/0/0] quit
# Configure PE3.
<HUAWEI> system-view
[HUAWEI] sysname PE3
[PE3] interface gigabitethernet 2/0/0
[PE3-GigabitEthernet2/0/0] mode user-termination
[PE3-GigabitEthernet2/0/0] undo shutdown
[PE3-GigabitEthernet2/0/0] quit
Step 2 Configure IGP on the MPLS backbone network. OSPF is used in this example.
According to Figure 5-30, configure the addresses for the interfaces on PE. Configure OSPF to
advertise the addresses of the loopback interfaces on PE1, PE2, and PE3.
# Configure PE1.
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] interface pos 1/0/0
[PE1-Pos1/0/0] ip address 10.11.3.1 30
[PE1-Pos1/0/0] undo shutdown
[PE1-Pos1/0/0] quit
[PE1] interface pos 1/0/1
# Configure PE2.
[PE2] interface LoopBack 1
[PE2-LoopBack1] ip address 2.2.2.9 32
[PE2-LoopBack1] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] ip address 10.11.3.2 30
[PE2-Pos1/0/0] undo shutdown
[PE2-Pos1/0/0] quit
[PE2] interface pos 1/0/1
[PE2-Pos1/0/1] ip address 10.11.2.2 30
[PE2-Pos1/0/1] undo shutdown
[PE2-Pos1/0/1] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 10.11.3.0 0.0.0.3
[PE2-ospf-1-area-0.0.0.0] network 10.11.2.0 0.0.0.3
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Configure PE3.
[PE3] interface loopback 1
[PE3-LoopBack1] ip address 3.3.3.9 32
[PE3-LoopBack1] quit
[PE3] interface pos 1/0/0
[PE3-Pos1/0/0] ip address 10.11.1.2 30
[PE3-Pos1/0/0] undo shutdown
[PE3-Pos1/0/0] quit
[PE3] interface pos 1/0/1
[PE3-Pos1/0/1] ip address 10.11.2.1 30
[PE3-Pos1/0/1] undo shutdown
[PE3-Pos1/0/1] quit
[PE3] ospf
[PE3-ospf-1] area 0
[PE3-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE3-ospf-1-area-0.0.0.0] network 10.11.1.0 0.0.0.3
[PE3-ospf-1-area-0.0.0.0] network 10.11.2.0 0.0.0.3
[PE3-ospf-1-area-0.0.0.0] quit
[PE3-ospf-1] quit
After the preceding step, PE1 and PE2 both have routes, discovered through OSPF, to the
loopback1 interface of each other. PE1 and PE3 also have routes, discovered through OSPF, to
the loopback1 interface of each other.
Step 3 Enable the basic MPLS capabilities and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 1/0/0
[PE1-Pos1/0/0] mpls
[PE1-Pos1/0/0] mpls ldp
[PE1-Pos1/0/0] quit
[PE1] interface pos 1/0/1
[PE1-Pos1/0/1] mpls
[PE1-Pos1/0/1] mpls ldp
[PE1-Pos1/0/1] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos1/0/0
[PE2-Pos1/0/0] mpls
[PE2-Pos1/0/0] mpls ldp
[PE2] interface pos1/0/1
[PE2-Pos1/0/1] mpls
[PE2-Pos1/0/1] mpls ldp
[PE2-Pos1/0/1] quit
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.9
[PE3] mpls
[PE3-mpls] quit
[PE3] mpls ldp
[PE3-mpls-ldp] quit
[PE3] interface pos 1/0/0
[PE3-Pos1/0/0] mpls
[PE3-Pos1/0/0] mpls ldp
[PE3-Pos1/0/0] quit
After the configuration, the sessions between PE1, PE2 and PE3 are set up. Running the display
mpls ldp session command, you can view that the Status field is "Operational".
NOTE
If PEs are not directly connected, run the mpls ldp remote-peer command and the remote-ip command
to set up a remote LDP sessions between PEs.
# Configure PE1.
[PE1] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn
# Configure PE3.
[PE3] mpls l2vpn
Step 5 Create VSIs and specify LDP as the signaling protocol on VSIs.
# Configure PE1.
[PE1] vsi ldp1 static
[PE1-vsi-ldp1] pwsignal ldp
[PE1-vsi-ldp1-ldp] vsi-id 2
[PE1-vsi-ldp1-ldp] peer 2.2.2.9
[PE1-vsi-ldp1-ldp] peer 3.3.3.9
# Configure PE2.
[PE2] vsi ldp1 static
[PE2-vsi-ldp1] pwsignal ldp
[PE2-vsi-ldp1-ldp] vsi-id 2
[PE2-vsi-ldp1-ldp] peer 1.1.1.9
[PE2-vsi-ldp1-ldp] peer 3.3.3.9
# Configure PE3.
[PE3] vsi ldp1 static
[PE3-vsi-ldp1] pwsignal ldp
[PE3-vsi-ldp1-ldp] vsi-id 2
[PE3-vsi-ldp1-ldp] peer 1.1.1.9
[PE3-vsi-ldp1-ldp] peer 2.2.2.9
Step 6 Configure the sub-interface for QinQ VLAN stacking, and bind VSIs and AC interfaces.
# Configure PE1
[PE1] interface gigabitethernet 2/0/0.1
[PE1-GigabitEthernet2/0/0.1] qinq stacking vid 10
[PE1-GigabitEthernet2/0/0.1] qinq stacking vid 20
[PE1-GigabitEthernet2/0/0.1] l2 binding vsi ldp1
[PE1-GigabitEthernet2/0/0.1] undo shutdown
[PE1-GigabitEthernet2/0/0.1] quit
# Configure PE2.
[PE2] interface gigabitethernet 2/0/0.1
[PE2-GigabitEthernet2/0/0.1] qinq stacking vid 10
[PE2-GigabitEthernet2/0/0.1] qinq stacking vid 20
[PE2-GigabitEthernet2/0/0.1] l2 binding vsi ldp1
[PE2-GigabitEthernet2/0/0.1] undo shutdown
[PE2-GigabitEthernet2/0/0.1] quit
# ConfigurePE3
[PE3] interface gigabitethernet 2/0/0.1
[PE3-GigabitEthernet2/0/0.1] qinq stacking vid 10
[PE3-GigabitEthernet2/0/0.1] qinq stacking vid 20
[PE3-GigabitEthernet2/0/0.1] l2 binding vsi ldp1
[PE3-GigabitEthernet2/0/0.1] undo shutdown
[PE3-GigabitEthernet2/0/0.1] quit
NOTE
Here, when configuring the sub-interface for QinQ VLAN stacking, you need to specify the value of only
the inner VLAN tag. The value of the outer tag is not required. The outer VLA tag is appended automatically
by the system.
Step 7 Configure the Layer 2 forwarding function and set the packet sent from the switch to the PE to
carry one VLAN tag.
# Configure Switch 1.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan 10
[Switch1-vlan10] port gigabitethernet 1/0/1
[Switch1-vlan10] quit
[Switch1] vlan 20
[Switch1-vlan20] port gigabitethernet 1/0/2
[Switch1-vlan20] quit
[Switch1] interface gigabitethernet 1/0/0
[Switch1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 20
[Switch1-GigabitEthernet1/0/0] undo shutdown
[Switch1-GigabitEthernet1/0/0] quit
# Configure Switch 2.
<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] vlan 10
[Switch2-vlan10] port gigabitethernet 1/0/1
[Switch2-vlan10] quit
[Switch2] vlan 20
[Switch2-vlan20] port gigabitethernet 1/0/2
[Switch2-vlan20] quit
[Switch2] interface gigabitethernet 1/0/0
[Switch2-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 20
[Switch2-GigabitEthernet1/0/0] undo shutdown
[Switch2-GigabitEthernet1/0/0] quit
# Configure Switch 3.
<HUAWEI> system-view
[HUAWEI] sysname Switch3
[Switch3] vlan 10
[Switch3-vlan10] port gigabitethernet 1/0/1
[Switch3-vlan10] quit
[Switch3] vlan 20
[Switch3-vlan20] port gigabitethernet 1/0/2
[Switch3-vlan20] quit
[Switch3] interface gigabitethernet 1/0/0
[Switch3-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 20
[Switch3-GigabitEthernet1/0/0] undo shutdown
[Switch3-GigabitEthernet1/0/0] quit
Configure IP addresses of the interfaces on CEs based on Figure 5-30. Set the packet sent from
the CE to the switch to carry no VLAN tag.
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 24
[CE1-GigabitEthernet1/0/0] undo shutdown
[CE1-GigabitEthernet1/0/0] quit
# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] interface gigabitethernet 1/0/0
[CE2-GigabitEthernet1/0/0] ip address 10.1.1.2 24
[CE2-GigabitEthernet1/0/0] undo shutdown
[CE2-GigabitEthernet1/0/0] quit
# Configure CE3.
<HUAWEI> system-view
[HUAWEI] sysname CE3
[CE3] interface gigabitethernet 1/0/0
[CE3-GigabitEthernet1/0/0] ip address 10.1.1.3 24
[CE3-GigabitEthernet1/0/0] undo shutdown
[CE3-GigabitEthernet1/0/0] quit
# Configure CE4.
<HUAWEI> system-view
[HUAWEI] sysname CE4
[CE4] interface gigabitethernet 1/0/0
[CE4-GigabitEthernet1/0/0] ip address 10.3.1.1 24
[CE4-GigabitEthernet1/0/0] undo shutdown
[CE4-GigabitEthernet1/0/0] quit
# Configure CE5.
<HUAWEI> system-view
[HUAWEI] sysname CE5
[CE5] interface gigabitethernet 1/0/0
[CE5-GigabitEthernet1/0/0] ip address 10.3.1.2 24
[CE5-GigabitEthernet1/0/0] undo shutdown
[CE5-GigabitEthernet1/0/0] quit
# Configure CE6.
<HUAWEI> system-view
[HUAWEI] sysname CE6
[CE6] interface gigabitethernet 1/0/0
Running the display qinq information stacking interface command, you can view the stacking
information.
After the preceding configuration, run the display vsi ldp1 verbose command on PE1. You can
find that PWs to PE2 and PE3 are set up on the VSI named ldp1. The VSI status is Up.
[PE1] display vsi bgp1 verbose
***VSI Name : ldp1
VSI Index : 0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
VSI State : up
Resource Status : Valid
VSI ID : 2
*Peer Router ID : 3.3.3.9
VC Label : 23552
Peer Type : dynamic
Session : up
Tunnel ID : 0x6002003,
*Peer Router ID : 2.2.2.9
VC Label : 23553
Peer Type : dynamic
Session : up
Tunnel ID : 0x6002000,
Interface Name : GigabitEthernet2/0/0.1
State : up
**PW Information:
*Peer Ip Address : 2.2.2.9
PW State : up
Local VC Label : 23553
Remote VC Label : 23552
PW Type : label
Tunnel ID : 0x6002000,
*Peer Ip Address : 3.3.3.9
PW State : up
Local VC Label : 23552
Remote VC Label : 23552
PW Type : label
Tunnel ID : 0x6002003,
The hosts attached to CE1, CE2, and CE3 can ping through each other.
[CE1] ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=50 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=1 ms
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=1 ms
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=1 ms
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
peer 2.2.2.9
#
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
mode user-termination
#
interface GigabitEthernet2/0/0.1
undo shutdown
qinq stacking vid 10
qinq stacking vid 20
l2 binding vsi ldp1
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 10.11.3.1 255.255.255.252
mpls
mpls ldp
#
interface Pos1/0/1
link-protocol ppp
undo shutdown
ip address 10.11.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.11.1.0 0.0.0.3
network 10.11.3.0 0.0.0.3
#
return
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 2
peer 1.1.1.9
peer 2.2.2.9
#
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
mode user-termination
#
interface GigabitEthernet2/0/0.1
undo shutdown
qinq stacking vid 10
qinq stacking vid 20
l2 binding vsi ldp1
#
interface Pos1/0/0
link-protocol ppp
undo shutdown
ip address 10.11.1.2 255.255.255.252
mpls
mpls ldp
#
interface Pos1/0/1
link-protocol ppp
undo shutdown
ip address 10.11.2.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.11.1.0 0.0.0.3
network 10.11.2.0 0.0.0.3
#
return
#
sysname Switch2
#
vlan batch 10 20
#
interface GigabitEthernet1/0/0
undo shutdown
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet1/0/1
undo shutdown
port default vlan 10
#
interface GigabitEthernet1/0/2
und shutdown
port default vlan 20
#
return
return
Networking Requirements
As shown in Figure 5-31, Switch A and Switch B access the ISP network through Router A and
Router B. URPF is configured on the sub-interface for QinQ VLAN tag termination GE 2/0/0.1
of Router A and Router B to perform strict URPF for the packets with the outer VLAN tag as
100 and the inner VLAN tag as 10 to 20.
Figure 5-31 Typical networking diagram of configuring the sub-interface for QinQ VLAN tag
termination to support URPF
RouterA RouterB
POS1/0/0 POS1/0/0
192.168.1.1/24 192.168.1.2/24
GE2/0/0.1 GE2/0/0.1
10.1.1.1/24 10.2.1.1/24
GE1/0/0 GE1/0/0
SwitchA SwitchB
VLAN100 VLAN100
VLAN10 VLAN20 VLAN10 VLAN20
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure GE 2/0/0.1 of Router A and Router B as the sub-interface for QinQ VLAN tag
termination.
2. Enable URPF on GE 2/0/0.1.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure IGP. OSPF is used in this example.
# Configure Router A.
<HUAWEI> system-view
[HUAWEI] sysname A
[RouterA] interface pos 1/0/0
[RouterA-Pos1/0/0] ip address 192.168.1.1 24
[RouterA-Pos1/0/0] quit
[RouterA] ospf
[RouterA-ospf-1] area 0
[RouterA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[RouterA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[RouterA-ospf-1-area-0.0.0.0] quit
[RouterA-ospf-1] quit
# Configure Router B.
<HUAWEI> system-view
[HUAWEI] sysname B
[RouterB] interface pos 1/0/0
Step 2 Configure the sub-interface for QinQ VLAN tag termination and enable URPF.
# Configure Router A.
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] mode user-termination
[RouterA-GigabitEthernet2/0/0] quit
[RouterA] interface gigabitethernet 2/0/0.1
[RouterA-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination
[RouterA-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10 to 20
[RouterA-GigabitEthernet2/0/0.1] ip address 10.1.1.1 24
[RouterA-GigabitEthernet2/0/0.1] arp broadcast enable
[RouterA-GigabitEthernet2/0/0.1] ip urpf loose
# Configure Router B.
[RouterB] interface gigabitethernet 2/0/0
[RouterB-GigabitEthernet2/0/0] mode user-termination
[RouterB-GigabitEthernet2/0/0] quit
[RouterB] interface gigabitethernet 2/0/0.1
[RouterB-GigabitEthernet2/0/0.1] control-vid 1 qinq-termination
[RouterB-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10 to 20
[RouterB-GigabitEthernet2/0/0.1] ip address 10.2.1.1 24
[RouterB-GigabitEthernet2/0/0.1] arp broadcast enable
[RouterB-GigabitEthernet2/0/0.1] ip urpf loose
Running the display qinq information termination interface command on Router, you can
view information about QinQ termination. Configuring the URPF check on the interace can
effectively avoid the attack of the packets whith the pseudo IP addresses.
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface GigabitEthernet2/0/0
mode user-termination
#
interface GigabitEthernet2/0/0.1
control-vid 1 qinq-termination
qinq termination pe-vid 100 ce-vid 10 to 20
ip address 10.1.1.1 255.255.255.0
arp broadcast enable
ip urpf loose
#
interface Pos1/0/0
link-protocol ppp
ip address 192.168.1.1 255.255.255.0
#
ospf 1
area 0.0.0.0
Networking Requirements
In the networking shown in Figure 5-32, CE1 labels each multicast protocol packet received
from hosts with one tag, and then sends the packets to PE1. After the sub-interface for dot1q
VLAN tag termination is configured on PE1, PE1 accesses the Virtual Private LAN Service
(VPLS) network . After terminating the Pseudo Wire (PW), PE2 joins the related multicast
VLAN and accesses the multicast source.
PE2 functions as a Superstratum PE (SPE) device, and PE1 functions an Underlayer PE (UPE)
device. When HVPLS is deployed, multicast packets are broadcast in a Virtual Switching
Instance (VSI) if PE1 and PE2 do not support IGMP snooping. This wastes network resources.
After IGMP snooping is configured, multicast packets are sent to only access devices of multicast
receivers.
In a stable network, the PW on PE1 is configured as a static router port in the VSI. In this manner,
receivers can steadily receive the multicast data.
To reduce the number of IGMP Query packets from the upstream router, you should configure
PE2 as a querier. This saves bandwidths.
Figure 5-32 Networking diagram of configuring the sub-interface for dot1q VLAN tag
termination in a VSI to support IGMP snooping
GE1/0/0
PC
PE1 GE1/0/0
GE1/0/1 192.168.12.1/24
Loopback1 1.1.1.1/32
P GE1/0/0 192.168.12.2/24
GE1/0/1 192.168.23.1/24
Loopback2 2.2.2.2/32
GE1/0/1
Loopback3 3.3.3.3/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the termination mode on PE1 to the user termination mode.
2. Configure basic VPLS functions.
3. Enable global IGMP snooping and IGMP snooping for a VSI.
4. Bind a VSI to an AC interface on PE1 and PE2 respectively.
5. Configure a PW on PE1, P, and PE2, and PE1, P, and PE2 accesses the VPLS network in
asymmetrical mode.
6. Configure static router ports and configure PE2 as a querier.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the mode of the QinQ interface on PE1 as user termination.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] mode user-termination
[PE1-GigabitEthernet1/0/0] undo shutdown
[PE1-GigabitEthernet1/0/0] quit
Step 3 Configure IGP on the MPLS backbone network. In this example, OSPF is adopted to advertise
routes. When configuring OSPF, advertise the 32-bit loopback interface addresses of PE1, P,
and PE2.
# Configure PE1.
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] ip address 192.168.12.1 24
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 196.168.12.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] interface loopback 2
[P-LoopBack2] ip address 2.2.2.2 32
[P-LoopBack2] quit
[P] interface gigabitethernet 1/0/0
[P-GigabitEthernet1/0/0] ip address 192.168.12.2 24
[P-GigabitEthernet1/0/0] undo shutdown
[P-GigabitEthernet1/0/0] quit
[P] interface gigabitethernet 1/0/1
[P-GigabitEthernet1/0/1] ip address 192.168.23.1 24
[P-GigabitEthernet1/0/1] undo shutdown
[P-GigabitEthernet1/0/1] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 192.168.12.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 192.168.23.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface loopback 3
[PE2-LoopBack3] ip address 3.3.3.3 32
[PE2-LoopBack3] quit
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] ip address 196.168.23.2 24
[PE2-GigabitEthernet1/0/0] undo shutdown
[PE2-GigabitEthernet1/0/0] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 192.168.23.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] mpls
[PE2-GigabitEthernet1/0/0] mpls ldp
[PE2-GigabitEthernet1/0/0]quit
# Configure P.
[P] mpls lsr-id 2.2.2.2
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface gigabitethernet 1/0/0
[P-GigabitEthernet1/0/0] mpls
[P-GigabitEthernet1/0/0] mpls ldp
[P-GigabitEthernet1/0/0] quit
[P] interface gigabitethernet 1/0/1
[P-GigabitEthernet1/0/1] mpls
[P-GigabitEthernet1/0/1] mpls ldp
[P-GigabitEthernet1/0/1] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2] vsi v123 static
[PE2-vsi-v123] pwsignal ldp
[PE2-vsi-v123-ldp] vsi-id 123
[PE2-vsi-v123-ldp] peer 1.1.1.1 upe
[PE2-vsi-v123-ldp] quit
[PE2-vsi-v123] quit
Step 6 Configure remote MPLS LDP sessions for PE1 and PE2.
# Configure PE1.
[PE1] mpls ldp remote-peer PE2
[PE1-mpls-ldp-remote-PE2] remote-ip 3.3.3.3
[PE1-mpls-ldp-remote-PE2] quit
# Configure PE2.
[PE2] mpls ldp remote-peer PE1
[PE2-mpls-ldp-remote-PE1] remote-ip 1.1.1.1
[PE2-mpls-ldp-remote-PE1] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] vlan-type dot1q 20
[PE1-GigabitEthernet1/0/1.1] l2 binding vsi v123
[PE2-GigabitEthernet1/0/1.1] quit
Step 9 Configure the PW on PE1 as a static router port , and configure the querier on PE2. The default
values are used for the querier.
# Configure PE1.
[PE1] vsi v123
[PE1-vsi-v123] igmp-snooping static-router-port remote-peer 3.3.3.3
# Configure PE2.
[PE2] igmp-snooping send-query enable
Run the display dot1q information termination interface command on PE1, and you can view
information about the configured sub-interface for dot1q VLAN tag termination.
GigabitEthernet1/0/0.1
vsi bound
Total QinQ Num: 1
dot1q termination vid 20
Total vlan-group Num: 0
control-vid 1 dot1q-termination
Run the display mpls ldp session command, and you view that MPLS LDP sessions on PE1,
P, and PE2 are in the Operational state.
Run the display igmp-snooping querier vsi command on PE1, and you can check whether the
configuration of the querier succeeds. If the Enable state is displayed as shown in the following
output, it indicates that the querier is enabled for VSI v123.
<PE1> display igmp-snooping querier vsi v123
VSI Querier-state
-----------------------------------------------
v123 Enable
-----------------------------------------------
Run the display igmp-snooping router-port vsi command on PE1, and you can check whether
the configuration of the static router port succeeds. If STATIC is displayed as shown in the
following output, it indicates that PW (1.1.1.1/123) is configured as a static router port.
<PE1> display igmp-snooping router-port vsi v123
Port Name UpTime Expires Flags
---------------------------------------------------------------------
VSI v123, 1 router-port(s)
PW(1.1.1.1/123) 00:06:59 -- STATIC
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
igmp-snooping send-query
enable
#
vlan
20
igmp-snooping enable
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi v123 static
pwsignal ldp
vsi-id 123
peer 3.3.3.3
igmp-snooping enable
igmp-snooping static-router-port remote-peer 3.3.3.3
#
mpls ldp
#
mpls ldp remote-peer pe2
remote-ip 3.3.3.3
undo remote-ip pwe3
#
interface Gigabitethernet1/0/0
mode user-termination
#
interface
Gigabitethernet1/0/0.1
control-vid 10 dot1q-
termination
dot1q termination vid 20
igmp enable l2 binding vsi v123
#
interface Gigabitethernet1/0/1
ip address 192.168.12.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 192.168.12.0 0.0.0.255
#
return
l Configuration file of P
#
sysname P
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Gigabitethernet1/0/0
ip address 192.168.12.2 255.255.255.0
mpls
mpls ldp
#
interface Gigabitethernet1/0/1
ip address 192.168.23.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack2
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 192.168.12.0 0.0.0.255
network 192.168.23.0 0.0.0.255
#
return
#
interface Gigabitethernet1/0/0
portswitch
port default vlan 20
#
interface Gigabitethernet1/0/1
portswitch
port trunk allow-pass vlan 20
#
return
Networking Requirements
In the network shown in Figure 5-33, Multicast protocol packets are labeled with an outer tag
and an inner tag on CE1 and CE2 respectively, and then sent to PE1. After receiving the packets,
PE1 terminates two tags, and then accesses the Virtual Private LAN Service (VPLS) network
in an asymmetrical manner. PE2 terminates the Pseudo Wire (PW), joins the related multicast
VLAN, and accesses the multicast source.
PE2 functions as a Superstratum PE (SPE) device, and PE1 functions an Underlayer PE (UPE)
device. When the Hierarchical Virtual Private LAN Service (HVPLS) is deployed, multicast
packets are broadcast in a Virtual Switching Instance (VSI) if PE1 and PE2 do not support IGMP
snooping. This wastes network resources.
After IGMP snooping is configured, multicast packets are sent to only access devices of multicast
receivers.
In the network with a stable topology, the PW on PE1 is configured as a static router interface
in the VSI. Therefore, receivers can steadily receive multicast data.
To reduce the number of IGMP Query packets from the upstream router, you should configure
PE2 as a querier. This saves bandwidths.
Figure 5-33 Networking diagram of configuring the sub-interface for QinQ VLAN tag
termination to support IGMP snooping in a VPLS network
GE1/0/0
PC
PE1 GE 1/0/0 -
GE 1/0/1 192.168.12.1/24
Loopback 1 1.1.1.1/32
P GE 1/0/0 192.168.12.2/24
GE 1/0/1 192.168.23.1/24
Loopback 2 2.2.2.2/32
GE 1/0/1 -
Loopback 3 3.3.3.3/32
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l Inner VLAN ID
l Outer VLAN ID
l ID of the VSI
l MPLS LSR IDs of PE1, P, and PE2
Procedure
Step 1 Configure the mode of the QinQ interface on PE1 to the user termination mode.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] mode user-termination
[PE1-GigabitEthernet1/0/0] undo shutdown
[PE1-GigabitEthernet1/0/0] quit
Step 3 Configure IGP on the MPLS backbone network. In this example, OSPF is adopted to advertise
routes. When configuring OSPF, advertise the 32-bit loopback interface addresses of PE1 and
PE2.
# Configure PE1.
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] ip address 192.168.12.1 24
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 196.168.12.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] interface loopback 2
[P-LoopBack2] ip address 2.2.2.2 32
[P-LoopBack2] quit
[P] interface gigabitethernet 1/0/0
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface loopback 3
[PE2-LoopBack3] ip address 3.3.3.3 32
[PE2-LoopBack3]quit
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] ip address 196.168.23.2 24
[PE2-GigabitEthernet1/0/0] undo shutdown
[PE2-GigabitEthernet1/0/0] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 192.168.23.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] mpls
[PE2-GigabitEthernet1/0/0] mpls ldp
[PE2-GigabitEthernet1/0/0]quit
# Configure P.
[P] mpls lsr-id 2.2.2.2
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface gigabitethernet 1/0/0
[P-GigabitEthernet1/0/0] mpls
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2] vsi v123 static
[PE2-vsi-v123] pwsignal ldp
[PE2-vsi-v123-ldp] vsi-id 123
[PE2-vsi-v123-ldp] peer 1.1.1.1 upe
[PE2-vsi-v123-ldp] quit
[PE2-vsi-v123] quit
Step 6 Configure remote MPLS LDP sessions for PE1 and PE2.
# Configure PE1.
[PE1] mpls ldp remote-peer PE2
[PE1-mpls-ldp-remote-PE2] remote-ip 3.3.3.3
[PE1-mpls-ldp-remote-PE2] quit
# Configure PE2.
[PE2] mpls ldp remote-peer PE1
[PE2-mpls-ldp-remote-PE1] remote-ip 1.1.1.1
[PE2-mpls-ldp-remote-PE1] quit
Step 8 Enable global IGMP snooping on the PE1 and PE2 and IGMP snooping in the VSI.
# Configure PE1. The configurations of PE2 are similar to the configuration of PE1 and are not
mentioned here.
[PE1] igmp-snooping enable
[PE1] vsi v123
[PE1-vsi-v123] igmp-snooping enable
Step 9 Configure the PW on PE1 as a static router port, and configure the querier on PE2. The default
values are used for the querier and therefore no special configuration is required.
# Configure PE1.
[PE1] vsi v123
[PE1-vsi-v123] igmp-snooping static-router-port remote-peer 3.3.3.3
# Configure PE2.
[PE2] igmp-snooping send-query enable
[PE2] vsi v123
[PE2-vsi-v123] igmp-snooping querier enable
[PE2-vsi-v123] quit
Run the display mpls ldp session command, and you can view that the MPLS LDP sessions
between PE1, P, and PE2 are in the Operational state.
Take the display on PE1 as an example.
<PE1>display mpls ldp session
LDP Session(s) in Public Network
------------------------------------------------------------------------------
Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 000:00:50 202/202
3.3.3.3:0 Operational DU Passive 000:00:25 102/102
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
Run the display igmp-snooping querier vsi command on PE1, and you can check whether the
configuration of the querier succeeds. If the Enable state is displayed in the following output,
it indicates that the querier is enabled for VSI v123.
<PE1> display igmp-snooping querier vsi v123
VSI Querier-state
-----------------------------------------------
v123 Enable
Run the display igmp-snooping router-port vsi command on PE1, and you can check whether
the configuration of the static router port succeeds. If STATIC is displayed as shown in the
following output, it indicates that PW (1.1.1.1/123) is configured as a static router port.
<PE1> display igmp-snooping router-port vsi v123
Port Name UpTime Expires Flags
---------------------------------------------------------------------
VSI v123, 1 router-port(s)
PW(1.1.1.1/123) 00:06:59 -- STATIC
-----------------------------------------------------------------------
(Source, Group) Port Flag
-----------------------------------------------------------------------
VSI v123, 1 Entry(s)
(1.1.1.1, 234.1.1.1) GE1/0/0.2(PE:20/CE:100) -D-
1 port(s)
-----------------------------------------------------------------------
<UPE> display igmp-snooping port-info slot 1
-----------------------------------------------------------------------
(Source, Group) Port Flag
-----------------------------------------------------------------------
VSI v123, 1 Entry(s)
(1.1.1.1, 234.1.1.1) P--
GE1/1/0.2(PE:20/CE:100) -D-
1 port(s) include
-----------------------------------------------------------------------
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
igmp-snooping enable
#
igmp-snooping send-query
enable
#
vlan
10
igmp-snooping enable
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi v123 static
pwsignal ldp
vsi-id 123
peer 3.3.3.3
igmp-snooping enable
igmp-snooping static-router-port remote-peer 3.3.3.3
#
mpls ldp
#
mpls ldp remote-peer pe2
remote-ip 3.3.3.3
undo remote-ip pwe3
#
interface Gigabitethernet1/0/0
mode user-termination
#
interface Gigabitethernet1/0/0.1
control-vid 10 qinq-termination
qinq termination l2 asymmetry
qinq termination pe-vid 20 ce-vid 100
l2 binding vsi v123
#
interface Gigabitethernet1/0/1
ip address 192.168.12.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 192.168.12.0 0.0.0.255
#
return
l Configuration file of P
#
sysname P
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Gigabitethernet1/0/0
ip address 192.168.12.2 255.255.255.0
mpls
mpls ldp
#
interface Gigabitethernet1/0/1
ip address 192.168.23.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack2
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 192.168.12.0 0.0.0.255
network 192.168.23.0 0.0.0.255
#
return
interface Gigabitethernet1/0/0
ip address 192.168.23.2 255.255.255.0
mpls
mpls ldp
#
interface Gigabitethernet1/0/1
undo shutdown
portswitch
port link-type access
port default vlan 10
igmp-snooping static-router-port vlan 10
#
interface Gigabitethernet1/0/1.1
vlan-type dot1q 10
l2 binding vsi v123
igmp-snooping static-router-port remote-peer 1.1.1.1
#
interface LoopBack3
ip address 3.3.3.3 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 192.168.23.0 0.0.0.255
#
return
versions. This example shows how to configure a sub-interface for Dot1q termination on a PE
to support IGMP and to access a Layer 3 virtual private network (L3VPN). Therefore, the hosts
connected to the PE can join the related multicast groups to receive multicast traffic.
Networking Requirements
As shown in Figure 5-34, multicast protocol packets sent by CE1 to PE1 carry one tag. The sub-
interface for dot1q VLAN tag termination is configured on PE1, and PE1 can access the L3VPN..
Therefore, hosts connected to CE1 can join related multicast groups normally, and then receive
multicast data.
Figure 5-34 Networking diagram of configuring the dot1q termination sub-interface to support
IGMP and access an L3VPN
L3VPN
Loopback1 Loopback1 Loopback1
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE1/0/1 GE1/0/1
Source
PE1 P PE2
192.168.12.1/24 192.168.23.2/24
GE1/0/0 GE1/0/1
192.168.12.2/24 192.168.23.1/24 GE1/0/0.1
GE1/0/0.1
10.2.1.1/24
10.1.1.1/24 Dot1q Termination
GE1/0/0
CE1
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the interface mode on PE1 and PE2 to the user termination mode.
2. Enable global Interior Gateway Protocol (IGP).
3. Run an IGP to ensure the connectivity between devices on the backbone network.
4. Configure basic Multiprotocol Label Switching (MPLS) functions on the backbone
network.
5. Configure a VPN instance and the sub-interface for dot1q VLAN tag termination on PE1
and bind the sub-interface for dot1q VLAN tag termination to the VPN instance.
6. Enable IGMP on the dot1q termination sub-interfaces of PE1.
7. Set up Multiprotocol Extensions for IBGP (MP-IBGP) peer relationships between the PEs.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the interface mode to the user termination mode.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] mode user-termination
[PE1-GigabitEthernet1/0/0] undo shutdown
[PE1-GigabitEthernet1/0/0] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] mode user-termination
[PE2-GigabitEthernet1/0/0] undo shutdown
[PE2-GigabitEthernet1/0/0] quit
Step 2 Configure an IGP over the MPLS backbone network. OSPF is used as the IGP protocol in this
example.
Assign an IP address to each interface on the PEs and P as shown in Figure 5-34. When
configuring OSPF, advertise the 32-bit loopback interface addresses of PE1, P, and PE2.
# Configure PE1.
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] ip address 192.168.12.1 24
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 192.168.12.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure P.
<HUAWEI> system-view
[HUAWEI] sysname P
[P] interface LoopBack 1
[P-LoopBack1] ip address 2.2.2.9 32
[P-LoopBack1] quit
[P] interface gigabitethernet 1/0/0
[P-GigabitEthernet1/0/0] ip address 192.168.12.2 24
[P-GigabitEthernet1/0/0] undo shutdown
[P-GigabitEthernet1/0/0] quit
# Configure PE2.
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.9 32
[PE2-LoopBack1] quit
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] ip address 192.168.23.2 24
[PE2-GigabitEthernet1/0/1] undo shutdown
[PE2-GigabitEthernet1/0/1] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 192.168.23.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
After the preceding configurations, PE1 and PE2 have routes discovered through OSPF to
Loopback 1 of each other. PE1 and PE2 can ping through each other.
Step 3 Enable basic MPLS functions and LDP over the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] mpls
[PE1-GigabitEthernet1/0/1] mpls ldp
[PE1-GigabitEthernet1/0/1] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface gigabitethernet1/0/0
[P-GigabitEthernet1/0/0] mpls
[P-GigabitEthernet1/0/0] mpls ldp
[P-GigabitEthernet1/0/0] quit
[P] interface gigabitethernet1/0/1
[P-GigabitEthernet1/0/1] mpls
[P-GigabitEthernet1/0/1] mpls ldp
[P-GigabitEthernet1/0/1] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] mpls
[PE2-GigabitEthernet1/0/1] mpls ldp
[PE2-GigabitEthernet1/0/1] quit
After the preceding configurations, LDP sessions should be set up between PE1 and P, and
between PE2 and P. Running the display mpls ldp session command, you can view that
Status is Operational. Run the display mpls ldp command, and you can view whether LDP
sessions are set up.
Take the display on PE1 as an example.
<PE1> display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Passive 0000:00:21 87/87
3.3.3.9:0 Operational DU Passive 0000:00:14 58/58
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
<PE1> display mpls ldp
LDP Global Information
------------------------------------------------------------------------------
Protocol Version : V1 Neighbor Liveness : 600 Sec
Graceful Restart : Off FT Reconnect Timer : 300 Sec
MTU Signaling : On Recovery Timer : 300 Sec
Capability-Announcement : Off Longest-match : Off
mLDP P2MP Capability : Off mLDP MBB Capability : Off
mLDP MP2MP Capability : Off
------------------------------------------------------------------------------
Step 4 Configure VPN instances on the PEs. Bind VPN instances and sub-interfaces for dot1q VLAN
tag termination.
# Configure PE1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1-af-ipv4] vpn-target 100:1 both
[PE1-vpn-instance-vpn1-af-ipv4] multicast routing-enable
[PE1-vpn-instance-vpn1-af-ipv4] quit
[PE1-vpn-instance-vpn1] quit
[PE1] interface gigabitethernet 1/0/0.1
[PE1-GigabitEthernet1/0/0.1] control-vid 100 dot1q-termination
[PE1-GigabitEthernet1/0/0.1] dot1q termination vid 100
[PE1-GigabitEthernet1/0/0.1] ip binding vpn-instance vpn1
[PE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24
[PE1-GigabitEthernet1/0/0.1] arp broadcast enable
[PE1-GigabitEthernet1/0/0.1] undo shutdown
[PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2.
[PE2] ip vpn-instance vpn1
NOTE
Values of VLAN IDs for dot1q termination on different sub-interfaces cannot overlap.
After the configuration, run the display ip vpn-instance verbose command on the PEs to view
the configurations of VPN instances.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.9 as-number 100
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 3.3.3.9 enable
[PE1-bgp-af-vpnv4] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.9 enable
[PE2-bgp-af-vpnv4] quit
After the configuration, run the display bgp peer or display bgp vpnv4 all peer command on
a PE, and you can view that the BGP peer relationship between PEs is in the Established state.
[PE1] display bgp peer
GigabitEthernet1/0/0.1
L3VPN bound
Total QinQ Num: 1
dot1q termination vid 100
Total vlan-group Num: 0
control-vid 100 dot1q-termination
----End
Configuration Files
l Configuration file of PE1
#
sysname
PE1
#
multicast routing-
enable
#
ip vpn-instance
vpn1
route-distinguisher
100:1
vpn-target 100:1 export-
extcommunity
vpn-target 100:1 import-
extcommunity
#
mpls lsr-id
1.1.1.9
mpls
#
mpls
ldp
#
interface
Gigabitethernet1/0/0
mode user-
termination
ip address 191.162.1.1
255.255.255.0
pim
sm
igmp
enable
#
interface
Gigabitethernet1/0/0.1
control-vid 100 dot1q-
termination
dot1q termination vid 100
ip binding vpn-instance
vpn1
ip address 10.1.1.1
255.255.255.0
igmp enable
arp broadcast enable
#
interface
Gigabitethernet1/0/1
ip address 192.168.12.1
255.255.255.0
#
interface
LoopBack1
ip address 1.1.1.9
255.255.255.255
#
bgp
100
peer 3.3.3.9 as-number
100
peer 3.3.3.9 connect-interface
LoopBack1
#
ipv4-family
unicast
undo
synchronization
peer 3.3.3.9
enable
#
ipv4-family
vpnv4
policy vpn-
target
peer 3.3.3.9
enable
#
ospf
1
area
0.0.0.0
network 1.1.1.9
0.0.0.0
network 192.168.12.0
0.0.0.255
#
return
l Configuration file of P
#
sysname
P
#
multicast routing-
enable
#
mpls lsr-id
2.2.2.9
mpls
#
mpls
ldp
#
interface
Gigabitethernet1/0/0
ip address 192.168.12.2 255.255.255.0
pim
sm
igmp enable
mpls
mpls
ldp
#
interface
Gigabitethernet1/0/1
ip address 192.168.23.1
255.255.255.0
pim
sm
igmp
enable
mpls
mpls
ldp
#
interface
LoopBack1
ip address 2.2.2.9
255.255.255.255
#
ospf
1
area
0.0.0.0
network 2.2.2.9
0.0.0.0
network 192.168.12.0
0.0.0.255
network 192.168.23.0
0.0.0.255
#
return
mpls
#
mpls
ldp
#
interface
Gigabitethernet1/0/0
mode user-termination
pim sm
igmp enable
#
interface
Gigabitethernet1/0/0.1
control-vid 100 dot1q-
termination
dot1q termination vid 100
ip binding vpn-instance
vpn1
ip address 10.2.1.1 255.255.255.0
igmp enable
arp broadcast enable
#
interface
Gigabitethernet1/0/1
ip address 192.168.23.2
255.255.255.0
pim
sm
igmp
enable
mpls
mpls
ldp
#
interface
LoopBack3
ip address 3.3.3.9
255.255.255.255
#
bgp
100
peer 1.1.1.9 as-number
100
peer 1.1.1.9 connect-interface
LoopBack3
#
ipv4-family
unicast
undo
synchronization
peer 1.1.1.9
enable
#
ipv4-family
vpnv4
policy vpn-
target
peer 1.1.1.9
enable
#
ospf
1
area
0.0.0.0
network 3.3.3.9
0.0.0.0
network 192.168.23.0
0.0.0.255
#
return
Networking Requirements
As shown in Figure 5-35, CE1 sends the data packets of users to PE1 through CE2. CE2 labels
the user packets received from CE1 with tag 100. Therefore, the multicast protocol packets of
users sent by CE2 to PE1 carry two tags. Configure the sub-interface for QinQ VLAN tag
termination to support IGMP on PE1. PE1 can then access the L3VPN. Therefore, the hosts
connected to PE1 can interwork with the upper-layer multicast source.
Figure 5-35 Example for Configuring the Sub-interface for QinQ VLAN Tag Termination to
Support IGMP and Access an L3VPN
L3VPN
Loopback1 Loopback1 Loopback1
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE1/0/1 GE1/0/1 PE2
PE1 P
192.168.12.1/24 192.168.23.2/24
GE1/0/0 GE1/0/1
GE1/0/0.1 192.168.12.2/24 192.168.23.1/24 GE1/0/0.1
10.1.1.1/24 Q-in-Q 10.2.1.1/24
Termination
GE1/0/0 GE1/0/0
CE2 10.2.1.2/24
GE1/0/1
VLAN 100 CE3
GE1/0/0
CE1
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the interface mode on PE1 and PE2 to the user termination mode.
2. Run an Interior Gateway Protocol (IGP) to ensure the connectivity of devices on the
backbone network.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the interface mode to the user termination mode.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] mode user-termination
[PE1-GigabitEthernet1/0/0] undo shutdown
[PE1-GigabitEthernet1/0/0] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] mode user-termination
[PE2-GigabitEthernet1/0/0] undo shutdown
[PE2-GigabitEthernet1/0/0] quit
Step 2 Configure an IGP over the MPLS backbone network, and configure basic MPLS functions and
LDP. For details, see Example for Configuring the dot1q Termination Sub-interface to
Support IGMP and Access an L3VPN.
Step 3 Configure VPN instances on the PEs. Bind the VPN instances and the sub-interfaces for QinQ
VLAN tag termination.
# Configure PE1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1-af-ipv4] vpn-target 100:1 both
[PE1-vpn-instance-vpn1-af-ipv4] multicast routing-enable
[PE1-vpn-instance-vpn1-af-ipv4] quit
[PE1-vpn-instance-vpn1] quit
[PE1] interface gigabitethernet 1/0/0.1
# Configure PE2.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1-af-ipv4] vpn-target 100:1 both
[PE2-vpn-instance-vpn1-af-ipv4] multicast routing-enable
[PE2-vpn-instance-vpn1-af-ipv4] quit
[PE2-vpn-instance-vpn1] quit
[PE2] interface gigabitethernet 1/0/0.1
[PE2-GigabitEthernet1/0/0.1] control-vid 1 qinq-termination
[PE2-GigabitEthernet1/0/0.1] qinq termination pe-vid 10 ce-vid 100
[PE2-GigabitEthernet1/0/0.1] ip binding vpn-instance vpn1
[PE2-GigabitEthernet1/0/0.1] ip address 10.2.1.1 24
[PE2-GigabitEthernet1/0/0.1] arp broadcast enable
[PE2-GigabitEthernet1/0/0.1] undo shutdown
[PE2-GigabitEthernet1/0/0.1] quit
NOTE
When you run the qinq termination command, specify two different values of ce-vid on the two sub-
interfaces if the values of pe-vid on the two sub-interfaces are the same.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.9 as-number 100
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 3.3.3.9 enable
[PE1-bgp-af-vpnv4] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.9 enable
[PE2-bgp-af-vpnv4] quit
Step 5 Set up the EBGP peer relationships between the PEs and the CEs to import VPN routes.
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.1 as-number 100
[CE1-bgp] import-route direct
[CE1-bgp] quit
[CE1] vlan 100
[CE1-vlan100] quit
[CE1] interface vlanif100
[CE1-Vlanif100] ip address 10.1.1.2 24
# Configure CE3.
<HUAWEI> system-view
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1] peer 10.1.1.2 as-number 65410
[PE1-bgp-vpn1] import-route direct
[PE1-bgp-vpn1] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] ipv4-family vpn-instance vpn1
[PE2-bgp-vpn1] peer 10.2.1.2 as-number 65420
[PE2-bgp-vpn1] import-route direct
[PE2-bgp-vpn1] quit
After the configuration, run the display bgp vpnv4 all peer command on a PE, and you can
view that the BGP peer relationship between PEs is in the Established state.
[PE1] display bgp vpnv4 all peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 2 Peers in established state : 1
[PE1-GigabitEthernet1/0/0] pim sm
[PE1-GigabitEthernet1/0/0] igmp enable
[PE1-GigabitEthernet1/0/0] igmp version 2
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface gigabitethernet 1/0/0.1
[PE1-GigabitEthernet1/0/0.1] pim sm
[PE1-GigabitEthernet1/0/0.1] igmp enable
[PE1-GigabitEthernet1/0/0.1] igmp version 2
[PE1-GigabitEthernet1/0/0.1] quit
Step 7 Configure the QinQ function. The packets sent by the CEs to the PEs then carry double tags.
# Configure CE1.
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 100
[CE1-GigabitEthernet1/0/0] undo shutdown
[CE1-GigabitEthernet1/0/0] quit
# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] vlan 10
[CE2-vlan10] quit
[CE2] interface gigabitethernet 1/0/1
[CE2-GigabitEthernet1/0/1] port vlan-stacking vlan 100 stack-vlan 10
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] quit
[CE2] interface gigabitethernet 1/0/0
[CE2-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] quit
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 100
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
undo shutdown
port trunk allow-pass vlan 100
#
bgp 65410
peer 10.1.1.1 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.1.1.1 enable
#
return
#
ip vpn-instance vpn1
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
multicast routing-enable
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 192.168.12.1 255.255.255.0
pim sm
igmp enable
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
mode user-termination
pim sm
igmp enable
#
interface GigabitEthernet1/0/0.1
control-vid 20 qinq-termination
qinq termination pe-vid 10 ce-vid 100
ip binding vpn-instance vpn1
ip address 10.1.1.1 255.255.255.0
pim sm
igmp enable
arp broadcast enable
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
undo peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 10.1.1.2 as-number 65410
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 192.168.12.0 0.0.0.255
#
return
l Configuration file of P
#
sysname P
#
multicast routing-enable
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 192.168.12.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 192.168.23.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 192.168.12.0 0.0.0.255
network 192.168.23.0 0.0.0.255
#
return
igmp enable
arp broadcast enable
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 10.2.1.2 as-number 65420
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 192.168.23.0 0.0.0.255
#
return
Networking Requirements
As shown in Figure 5-36, CE1 is connected to the PEs through Switch 1. QinQ is configured
on Switch 1 so that the outer VLAN tag with the VLAN ID as 100 is added to a user packet from
CE1. The public VLAN IDs are therefore saved. Then, a user packet sent from Switch 1 to PE1
carries double VLAN tags.
CE2 is connected to the PEs through Switch 2. QinQ is configured on Switch 2 so that the outer
VLAN tag with the VLAN ID as 100 is added to a user packet from CE2. Then, a user packet
sent from Switch 2 to PE2 carries double VLAN tags.
It is required that VLAN swap be configured on GE 1/0/0 of PE1 to implement the swap of inner
and outer VLAN tags, and GE 1/0/0.1 for QinQ VLAN tag termination be configured to support
MPLS TE. It is also required that VLAN swap be configured on GE 1/0/0 of PE2 to implement
the swap of inner and outer VLAN tags, and GE 1/0/0.1 for QinQ VLAN tag termination be
configured to support MPLS TE. Then, the user networks connected to CE1 and CE2 can
communicate.
NOTE
In the scenario where sub-interfaces for QinQ VLAN tag termination are configured to support MPLS TE,
IS-IS must be adopted as the routing protocol.
When configuring sub-interfaces for QinQ VLAN tag termination to support MPLS TE, note that the sub-
interfaces transmit packets with a specified inner VLAN tag and a specified outer VLAN tag.
Figure 5-36 Networking for configuring the sub-interface for QinQ VLAN tag termination to
support MPLS TE
Loopback1 Loopback1
1.1.1.9/32 2.2.2.9/32
GE1/0/0.1 GE1/0/0.1
10.1.1.1/24 10 .1.1.2/24
PE1 PE2
GE2/0/0 GE2/0/0
GE1/0/0 GE1/0/0
Switch1 Switch2
GE1/0/1 GE1/0/1
CE1 CE2
VLAN 10 VLAN 10
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the mode of QinQ interfaces on PE1 and PE2 as user termination.
2. Run IS-IS on the backbone network.
3. Configure basic MPLS functions on the backbone network.
4. Configure VLAN swap on PE1 and PE2 to implement the swap of inner and outer VLAN
tags.
5. Configure the basic Layer 2 forwarding function on Switch 1 and Switch 2.
6. Set up an MPLS TE tunnel between PE1 and PE2.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the mode of QinQ interfaces on PE1 and PE2 as user termination.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] mode user-termination
[PE1-GigabitEthernet1/0/0] undo shutdown
[PE1-GigabitEthernet1/0/0] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] mode user-termination
[PE2-GigabitEthernet1/0/0] undo shutdown
[PE2-GigabitEthernet1/0/0] quit
Step 2 Configure VLAN swap on PE1 and PE2, and the VLANs whose frames can pass through PE1
and PE2.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] vlan-swap enable
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] portswitch
[PE1-GigabitEthernet2/0/0] port trunk allow-pass vlan 100
[PE1-GigabitEthernet2/0/0] undo shutdown
[PE1-GigabitEthernet2/0/0] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] vlan-swap enable
[PE2-GigabitEthernet1/0/0] quit
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] portswitch
[PE2-GigabitEthernet2/0/0] port trunk allow-pass vlan 100
[PE2-GigabitEthernet2/0/0] undo shutdown
[PE2-GigabitEthernet2/0/0] quit
Step 3 Configure the sub-interfaces for QinQ VLAN tag termination on PE1 and PE2.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/0.1
[PE1-GigabitEthernet1/0/0.1] control-vid 1 qinq-termination
[PE1-GigabitEthernet1/0/0.1] qinq termination pe-vid 10 ce-vid 100
[PE1-GigabitEthernet1/0/0.1] arp broadcast enable
[PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/0.1
[PE2-GigabitEthernet1/0/0.1] control-vid 1 qinq-termination
[PE2-GigabitEthernet1/0/0.1] qinq termination pe-vid 10 ce-vid 100
[PE2-GigabitEthernet1/0/0.1] arp broadcast enable
[PE2-GigabitEthernet1/0/0.1] quit
Step 4 Configure IGP over the MPLS backbone network. IS-IS is used as the IGP protocol in this
example.
# Configure PE1.
[PE1] isis 100
[PE1-isis-100] network-entity 00.0005.0000.0000.0001.00
[PE1-isis-100] is-level level-2
[PE1-isis-100] quit
[PE1] interface gigabitethernet 1/0/0.1
[PE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24
[PE1-GigabitEthernet1/0/0.1] isis enable 100
[PE1-GigabitEthernet1/0/0.1] quit
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] isis enable 100
[PE1-LoopBack1] quit
# Configure PE2.
[PE2] isis 100
[PE2-isis-100] network-entity 00.0005.0000.0000.0002.00
[PE2-isis-100] is-level level-2
[PE2-isis-100] quit
[PE2] interface gigabitethernet 1/0/0.1
[PE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24
[PE2-GigabitEthernet1/0/0.1] isis enable 100
[PE2-GigabitEthernet1/0/0.1] quit
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 2.2.2.9 32
[PE2-LoopBack1] isis enable 100
[PE2-LoopBack1] quit
Step 5 Enable basic MPLS functions, MPLS TE, and RSVP-TE on PE1 and PE2 on the MPLS backbone
network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] mpls te
[PE1-mpls] mpls rsvp-te
[PE1-mpls] quit
[PE1] interface gigabitethernet 1/0/0.1
[PE1-GigabitEthernet1/0/0.1] mpls
[PE1-GigabitEthernet1/0/0.1] mpls te
[PE1-GigabitEthernet1/0/0.1] mpls rsvp-te
[PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.9
[PE2] mpls
[PE2-mpls] mpls te
[PE2-mpls] mpls rsvp-te
[PE2-mpls] quit
[PE2] interface gigabitethernet 1/0/0.1
[PE2-GigabitEthernet1/0/0.1] mpls
[PE2-GigabitEthernet1/0/0.1] mpls te
[PE2-GigabitEthernet1/0/0.1] mpls rsvp-te
[PE2-GigabitEthernet1/0/0.1] quit
# Configure PE1.
[PE1] isis 100
[PE1-isis-100] cost-style wide
[PE1-isis-100] traffic-eng level-2
[PE1-isis-100] quit
# Configure PE2.
[PE2] isis 100
[PE2-isis-100] cost-style wide
[PE2-isis-100] traffic-eng level-2
[PE2-isis-100] quit
After the configuration, run the display interface tunnel command on PE1. You can view that
the tunnel is Up.
[PE1] display interface tunnel
Tunnel1/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2009-06-04 14:58:51
Description: Tunnel1/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32)
Encapsulation is TUNNEL, loopback not set
Tunnel destination 2.2.2.9
Tunnel up/down statistics 1
Tunnel protocol/transport MPLS/MPLS, ILM is available,
primary tunnel id is 0x1008001, secondary tunnel id is 0x0
300 seconds output rate 0 bits/sec, 0 packets/sec
0 seconds output rate 0 bits/sec, 0 packets/sec
0 packets output, 0 bytes
0 output error
Run the display mpls te tunnel-interface command on PE1. You can view details about the
tunnel.
[PE1-Tunnel1/0/0] display mpls te tunnel-interface
Tunnel Name : Tunnel1/0/0
Tunnel State Desc : CR-LSP is Up
Tunnel Attributes :
Session ID : 10
Ingress LSR ID : 1.1.1.9 Egress LSR ID: 2.2.2.9
Admin State : UP Oper State : UP
Signaling Protocol : RSVP
Tie-Breaking Policy : None Metric Type : None
Car Policy : Disabled Bfd Cap : None
BypassBW Flag : Not Supported
BypassBW Type : - Bypass BW : -
Retry Limit : 5 Retry Int : 2 sec
Reopt : Disabled Reopt Freq : -
Auto BW : Disabled
# Configure Switch 1.
Create VLAN 100 on Switch 1 and configure GE 1/0/1 on Switch 1 to add the outer VLAN tag
with the VLAN ID as 100 to a packet from VLAN 10. Specify GE 1/0/0 as a trunk interface and
configure it to allow the packets from VLAN 100 to pass through.
<HUAWEI> system-view
[HUAWEI] sysname Switch1
[Switch1] vlan 100
[Switch1-vlan100] quit
[Switch1] interface gigabitethernet 1/0/0
[Switch1-GigabitEthernet1/0/0] port trunk allow-pass vlan 100
[Switch1-GigabitEthernet1/0/0] undo shutdown
[Switch1-GigabitEthernet1/0/0] quit
[Switch1] interface gigabitethernet 1/0/1
[Switch1-GigabitEthernet1/0/1] port vlan-stacking outside-vlan 10 stack-vlan 100
[Switch1-GigabitEthernet1/0/1] undo shutdown
[Switch1-GigabitEthernet1/0/1] quit
# Configure Switch 2.
Create VLAN 100 on Switch 2 and configure GE 1/0/1 on Switch 2 to add the outer VLAN tag
with the VLAN ID as 100 to a packet from VLAN 10. Specify GE 1/0/0 as a trunk interface and
configure it to allow the packets from VLAN 100 to pass through.
<HUAWEI> system-view
[HUAWEI] sysname Switch2
[Switch2] vlan 100
[Switch2-vlan100] quit
[Switch2] interface gigabitethernet 1/0/0
[Switch2-GigabitEthernet1/0/0] port trunk allow-pass vlan 100
[Switch2-GigabitEthernet1/0/0] undo shutdown
[Switch2-GigabitEthernet1/0/0] quit
----End
Configuration Files
l Configuration file of Switch 1
#
sysname Switch1
vlan batch 100
#
interface GigabitEthernet1/0/0
port trunk allow-pass vlan 10
#
interface GigabitEthernet1/0/1
port vlan-stacking outside-vlan 10 stack-vlan 100
#
return
portswitch
mode user-termination
vlan-swap enable
#
interface GigabitEthernet2/0/0
undo shutdown
portswitch
port trunk allow-pass vlan 100
#
interface GigabitEthernet1/0/0.1
control-vid 1 qinq-termination
qinq termination pe-vid 10 ce-vid 100
ip address 10.1.1.1 24
isis enable 100
mpls
mpls te
mpls rsvp-te
arp broadcast enable
#
interface loopback 1
ip address 1.1.1.9 255.255.255.255
isis enable 100
#
interface tunnel 1/0/0
ip address unnumbered interface loopback 1
tunnel-protocol mpls te
destination 2.2.2.9
mpls te tunnel-id 10
mpls te singal-protocol rsvp-te
mpls te igp shortcut isis
mpls te igp metric absolute 1
mpls te commit
isis enable 100
#
return
Networking Requirements
NOTE
User1
GE1/0/8.1
VlAN 100 192.168.10.1/24
QinQ 400
VLAN 200
Switch A Switch B Router
User2
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Create a QinQ VLAN on the sub-interface.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 1/0/8.1
[HUAWEI-GigabitEthernet1/0/8.1] user-vlan 100 qinq 400
[HUAWEI-GigabitEthernet1/0/8.1] user-vlan 200 qinq 400
[HUAWEI-GigabitEthernet1/0/8.1] quit
[HUAWEI] interface gigabitethernet 1/0/8
[HUAWEI-GigabitEthernet1/0/8] undo shutdown
# Configure the BAS interface and set the access type on the interface to layer-2 access.
[HUAWEI-GigabitEthernet1/0/8.1] bas
[HUAWEI-GigabitEthernet1/0/8.1] access-type layer2-subscriber
----End
Configuration Files
Configuration file of the router
#
sysname HUAWEI
#
interface GigabitEthernet1/0/8
undo shutdown
#
interface GigabitEthernet1/0/8.1
pppoe-server bind Virtual-Template 1
user-vlan 100 qinq 400
user-vlan 200 qinq 400
bas
access-type layer2-subscriber
authentication-method ppp
#
return
Networking Requirements
As shown in Figure 5-38, CE1 sends untagged packets to the CSG; the CSG sends packets
tagged with different VLAN IDs and different 802.1p priorities to PE1. It is required that the
sub-interfaces for Dot1q VLAN tag termination be configured on PEs to access the VPLS and
differentiated service transmission be implemented. In such a scenario, you can deploy VLAN
+802.1p on the sub-interface at the AC side of PE1 so that PE1 can differentiate services based
on 802.1p priorities and hence different services can be transmitted through different PWs.
Figure 5-38 Networking diagram of VLAN+802.1p for L2VPN access (on a sub-interface for
Dot1q VLAN tag termination)
VLAN 10 Loopback1
2.2.2.9/32
CE1 PE2
GE1/0/1.1
GE1/0/1
192.168.1.1/24 GE1/0/2
3
Database
p=
10.1.1.1/30
2.1
80
GE1/0/1 1.1.1.9/32
GE1/0/2
2.1
192.168.1.4/24 Internet
10.2.1.1/30
p
=2
GE1/0/1.1
CE2
PE3
VLAN 20 Loopback1
3.3.3.9/32
VLAN PW VLAN
Configuration Roadmap
NOTE
L2VPN includes the Virtual Leased Line (VLL), Pseudo-Wire Emulation Edge to Edge (PWE3), and
Virtual Private LAN Service (VPLS). You can configure any one of them as required. The following takes
the VPLS application as an example.
3. Configure basic Multiprotocol Label Switching (MPLS) functions, and set up label
switched paths (LSPs) between PEs.
4. Enable MPLS L2VPN on PEs.
5. Set up VSIs and then configure them.
6. Configure sub-interfaces for Dot1q VLAN tag termination on PEs, and bind the AC
interfaces to VSIs.
7. Configure the Layer 2 forwarding function on the CEs and CSG.
Data Preparation
To complete the configuration, you need the following data:
l IP addresses of interfaces
l VSI IDs on PEs (VSI IDs must be consistent)
l MPLS LSR IDs on PEs
l Names of the VSIs on PEs
l Names of interfaces bound to the VSIs
Procedure
Step 1 Configure basic VPLS functions.
# Set up a VPLS connection between PE1 and PE2, and between PE1 and PE3, with LDP being
the signaling protocol; configure the VSI names to be LDP1 and LDP2. You can refer to the
chapter "VPLS Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide
- VPN or the configuration files in this configuration example.
Step 2 Configure the interface mode on PEs to user termination.
# Configure PE1.
<PE1> system-view
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] mode user-termination
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] quit
# Configure PE2.
<PE2> system-view
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] mode user-termination
[PE2-GigabitEthernet1/0/1] undo shutdown
[PE2-GigabitEthernet1/0/1] quit
# Configure PE3.
<PE3> system-view
[PE3] interface gigabitethernet 1/0/1
[PE3-GigabitEthernet1/0/1] mode user-termination
[PE3-GigabitEthernet1/0/1] undo shutdown
[PE3-GigabitEthernet1/0/1] quit
NOTE
On different sub-interfaces of the same main interface, if 802.1p priorities are different, the VIDs to be
terminated can overlap.
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] control-vid 1 dot1q-termination
[PE2-GigabitEthernet1/0/1.1] dot1q termination vid 10
[PE2-GigabitEthernet1/0/1.1] dot1q termination vid 20
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] control-vid 2 dot1q-termination
[PE3-GigabitEthernet1/0/1.1] dot1q termination vid 10
[PE3-GigabitEthernet1/0/1.1] dot1q termination vid 20
[PE3-GigabitEthernet1/0/1.1] quit
Step 4 Configure the sub-interfaces for Dot1q VLAN tag termination on PEs, and bind AC interfaces
to VSIs.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE1-GigabitEthernet1/0/1.1] undo shutdown
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] l2 binding vsi ldp2
[PE1-GigabitEthernet1/0/1.2] undo shutdown
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE2-GigabitEthernet1/0/1.1] undo shutdown
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/0.1
[PE3-GigabitEthernet1/0/1.1] l2 binding vsi ldp2
[PE3-GigabitEthernet1/0/1.1] undo shutdown
[PE3-GigabitEthernet1/0/1.1] quit
For configuration details, see "Configuration Files" in this section. It is required that the CSG
support the following:
l Differentiates service types (voice, data, or signal) based on timeslots in TDM or PVCs in
ATM in the case that the CSG accesses non-IP services.
Step 6 Configure the Layer 2 forwarding function on CEs.
You can refer to the configuration files in this configuration example.
Step 7 Verify the configuration.
Run the display dot1q information termination interface command, and you can view
information about sub-interfaces for Dot1q VLAN tag termination.
Take the command output on PE1 as an example.
[PE1] display dot1q information termination interface gigabitethernet 1/0/1
GigabitEthernet1/0/1.1
VSI bound
Total QinQ Num: 2
dot1q termination vid 10
dot1q termination vid 20
Total vlan-group Num: 0
control-vid 1 dot1q-termination
GigabitEthernet1/0/1.2
VSI bound
Total QinQ Num: 2
dot1q termination vid 10
dot1q termination vid 20
Total vlan-group Num: 0
control-vid 2 dot1q-termination
After the preceding configurations, run the display vsi name ldp1 verbose command on PE1,
and you can view that a PW to PE2 is set up for a VSI named ldp1 and the VSI is in the Up
state.
[PE1] display vsi name ldp1 verbose
VSI ID : 1
*Peer Router ID : 2.2.2.9
VC Label : 30720
Peer Type : dynamic
Session : up
Tunnel ID : 0x810004
Broadcast Tunnel ID : 0x810004
CKey : 2
NKey : 1
StpEnable : 0
PwIndex : 0
**PW Information:
Run the display interface vlan command, and you can view the matching policy with the
specified VLAN ID on a main interface.
Take the command output on PE1 as an example.
[PE1] display interface gigabitethernet1/0/1 vlan 10
Sub-Interface VlanPolicy
-----------------------------------------------------------
GE1/0/1.1 8021p 3
GE1/0/1.2 8021p 2
-----------------------------------------------------------
Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
[PE1] display interface GigabitEthernet1/0/1 vlan 20
Sub-Interface VlanPolicy
-----------------------------------------------------------
GE1/0/1.1 8021p 3
GE1/0/1.2 8021p 2
-----------------------------------------------------------
Interface:GE1/0/1 VLAN ID: 20 Sub-Interface num: 2
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 2.2.2.9
#
vsi ldp2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/1.1
control-vid 1 dot1q-termination
dot1q termination vid 10 8021p 3
dot1q termination vid 20 8021p 3
l2 binding vsi ldp1
#
interface GigabitEthernet1/0/1.2
control-vid 2 dot1q-termination
dot1q termination vid 10 8021p 2
dot1q termination vid 20 8021p 2
l2 binding vsi ldp2
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.2.1.2 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.2.1.0 0.0.0.3
#
return
Networking Requirements
As shown in Figure 5-39, CEs send untagged packets to Switch 1; Switch 1 sends packets tagged
with different VLAN IDs and different EthTypes to PE1. It is required that the sub-interfaces
for Dot1q VLAN tag termination be configured on PEs to access the VPLS and differentiated
service transmission be implemented. In such a scenario, you can deploy VLAN+EthType on
the sub-interface at the AC side of PE1 so that PE1 can differentiate services based on EthType
fields and hence different services can be transmitted through different PWs.
Figure 5-39 Networking diagram of VLAN+EthType for L2VPN access (on a sub-interface for
Dot1q VLAN tag termination)
Loopback1
2.2.2.9/32
PE2
GE1/0/1.1
CE1
VLAN 10
GE1/0/2 Video/BTV
E
10.1.1.1/30 VOD
Po
GE1/0/1
Platform
PP
192.168.1.1/24
GE1/0/2 GE1/0/1.1 GE1/0/2
GE1/0/1.2 10.1.1.2/30
Switch1 GE1/0/1 GE1/0/3
GE1/0/3 PE1 10.2.1.2/30
Loopback1
1.1.1.9/32
I Po
GE1/0/2
VLAN 20
GE1/0/1 Internet
10.2.1.1/30
E
192.168.1.4/24
GE1/0/1.1
CE2
PE3
Loopback1
3.3.3.9/32
VLAN PW VLAN
Configuration Roadmap
NOTE
L2VPN includes the Virtual Leased Line (VLL), Pseudo-Wire Emulation Edge to Edge (PWE3), and
Virtual Private LAN Service (VPLS). You can configure any one of them as required. The following takes
the VPLS application as an example.
Data Preparation
To complete the configuration, you need the following data:
l IP addresses of interfaces
l VSI IDs on PEs (VSI IDs must be consistent)
l MPLS LSR IDs on PEs
l Names of the VSIs on PEs
l Names of interfaces bound to the VSIs
Procedure
Step 1 Configure basic VPLS functions.
# Set up a VPLS connection between PE1 and PE2, and between PE1 and PE3, with LDP being
the signaling protocol; configure the VSI names to be LDP1 and LDP2. You can refer to the
chapter "VPLS Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide
- VPN or the configuration files in this configuration example.
# Configure PE1.
<PE1> system-view
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] mode user-termination
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] quit
# Configure PE2.
<PE2> system-view
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] mode user-termination
[PE2-GigabitEthernet1/0/1] undo shutdown
[PE2-GigabitEthernet1/0/1] quit
# Configure PE3.
<PE3> system-view
[PE3] interface gigabitethernet 1/0/1
[PE3-GigabitEthernet1/0/1] mode user-termination
[PE3-GigabitEthernet1/0/1] undo shutdown
[PE3-GigabitEthernet1/0/1] quit
# Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] control-vid 1 dot1q-termination
[PE1-GigabitEthernet1/0/1.1] dot1q terminatio vid 10 eth-type pppoe
[PE1-GigabitEthernet1/0/1.1] dot1q terminatio vid 20 eth-type pppoe
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] control-vid 2 dot1q-termination
[PE1-GigabitEthernet1/0/1.2] dot1q terminatio vid 10 default
[PE1-GigabitEthernet1/0/1.2] dot1q terminatio vid 20 default
[PE1-GigabitEthernet1/0/1.2] quit
NOTE
On different sub-interfaces of the same main interface, if the types of encapsulated Ethernet protocols are
different, the VIDs to be terminated can overlap.
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] control-vid 1 dot1q-termination
[PE2-GigabitEthernet1/0/1.1] dot1q terminatio vid 10
[PE2-GigabitEthernet1/0/1.1] dot1q terminatio vid 20
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
<PE3> system-view
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] control-vid 2 dot1q-termination
[PE3-GigabitEthernet1/0/1.1] dot1q terminatio vid 10
[PE3-GigabitEthernet1/0/1.1] dot1q terminatio vid 20
[PE3-GigabitEthernet1/0/1.1] quit
Step 4 Configure the sub-interfaces for Dot1q VLAN tag termination on PEs and bind AC interfaces
to VSIs.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE1-GigabitEthernet1/0/1.1] undo shutdown
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] l2 binding vsi ldp1
[PE1-GigabitEthernet1/0/1.2] undo shutdown
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE2-GigabitEthernet1/0/1.1] undo shutdown
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/0.1
[PE3-GigabitEthernet1/0/1.1] l2 binding vsi ldp2
[PE3-GigabitEthernet1/0/1.1] undo shutdown
[PE3-GigabitEthernet1/0/1.1] quit
# Configure Switch 1.
For detailed configuration of the switch, refer to the related configuration guide.
NOTE
Switch 1 sends packets tagged with different VLAN IDs and EthTypes to PE1.
Run the display dot1q information termination interface command, and you can view
information about sub-interfaces for Dot1q VLAN tag termination.
Take the command output on PE1 as an example.
[PE1] display dot1q information termination interface gigabitethernet 1/0/1
GigabitEthernet1/0/1.1
VSI bound
Total QinQ Num: 2
dot1q termination vid 10
dot1q termination vid 20
Total vlan-group Num: 0
control-vid 1 dot1q-termination
GigabitEthernet1/0/1.2
VSI bound
Total QinQ Num: 2
dot1q termination vid 10
dot1q termination vid 20
Total vlan-group Num: 0
control-vid 2 dot1q-termination
After the preceding configurations, run the display vsi name ldp1 verbose command on PE1,
and you can view that a PW to PE2 is set up for a VSI named ldp1 and the VSI is in the Up
state.
[PE1] display vsi name ldp1 verbose
VSI ID : 1
*Peer Router ID : 2.2.2.9
VC Label : 30720
Peer Type : dynamic
Session : up
Tunnel ID : 0x810004
Broadcast Tunnel ID : 0x810004
CKey : 2
NKey : 1
StpEnable : 0
PwIndex : 0
**PW Information:
Run the display interface vlan command, and you can view the matching policy with the
specified VLAN ID on a main interface.
Take the command output on PE1 as an example.
[PE1] display interface gigabitethernet1/0/1 vlan 10
Sub-Interface VlanPolicy
-----------------------------------------------------------
GE1/0/1.1 eth-type PPPOE
GE1/0/1.2 default
-----------------------------------------------------------
Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
[PE1] display interface GigabitEthernet1/0/1 vlan 20
Sub-Interface VlanPolicy
-----------------------------------------------------------
GE1/0/1.1 default
GE1/0/1.2 eth-type PPPOE
-----------------------------------------------------------
Interface:GE1/0/1 VLAN ID: 20 Sub-Interface num: 2
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 2.2.2.9
#
vsi ldp2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/1.1
control-vid 1 dot1q-termination
dot1q termination vid 10 eth-type pppoe
dot1q termination vid 20 eth-type pppoe
l2 binding vsi ldp1
#
interface GigabitEthernet1/0/1.2
control-vid 2 dot1q-termination
dot1q termination vid 10 default
dot1q termination vid 20 default
l2 binding vsi ldp2
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.2.1.2 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.2.1.0 0.0.0.3
#
return
Networking Requirements
As shown in Figure 5-40, CE1 sends untagged packets to the CSG; the CSG sends packets
tagged with different VLAN IDs and different DSCP values to PE1. It is required that sub-
interfaces for Dot1q VLAN tag termination be configured on PEs to access the L2VPN and
differentiated service transmission be implemented. In such a scenario, you can deploy VLAN
+DSCP on the sub-interfaces at the AC side of PEs so that PEs can differentiate services based
on DSCP values and hence different services can be transmitted through different PWs.
NOTE
In this example, PE1 parses DSCP values in the received packets for scheduling.
The DSCP is carried in each IP packet. For correct deployment of the VLAN+DSCP policy, you need to
ensure that the CSG accesses only IP services.
If the CSG accesses non-IP services, you have to configure GRE tunnels on the CSG so that encapsulated
packets can be transmitted over an IPv4 network.
Figure 5-40 Networking diagram of VLAN+DSCP for L2VPN access (on a sub-interface for
Dot1q VLAN tag termination)
VLAN 10 Loopback1
2.2.2.9/32
CE1 PE2
GE1/0/1.1
GE1/0/1 GE1/0/2
=3
Database
10.1.1.1/30
CP
192.168.1.1/24
DS
GE1/0/2 GE1/0/1.1 GE1/0/2
GE1/0/1.2 10.1.1.2/30
CSG
GE1/0/1 GE1/0/3
GE1/0/3 PE1
10.2.1.2/30
Loopback1
GE1/0/1 1.1.1.9/32
DS
192.168.1.4/24 GE1/0/2 Internet
C
P=
10.2.1.1/30
2 GE1/0/1.1
CE2
PE3
VLAN 20 Loopback1
3.3.3.9/32
VLAN PW VLAN
Configuration Roadmap
NOTE
L2VPN includes the Virtual Leased Line (VLL), Pseudo-Wire Emulation Edge to Edge (PWE3), and
Virtual Private LAN Service (VPLS). You can configure any one of them as required. The following takes
the VPLS application as an example.
Data Preparation
To complete the configuration, you need the following data:
l IP addresses of interfaces
l VSI IDs on PEs (VSI IDs must be consistent)
l MPLS LSR IDs on PEs
l Names of the VSIs on PEs
l Names of interfaces bound to the VSIs
Procedure
Step 1 Configure basic VPLS functions.
# Set up a VPLS connection between PE1 and PE2, and between PE1 and PE3, with LDP being
the signaling protocol; configure the VSI names to be LDP1 and LDP2. You can refer to the
chapter "VPLS Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide
- VPN or the configuration files in this configuration example.
# Configure PE1.
<PE1> system-view
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] mode user-termination
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] quit
# Configure PE2.
<PE2> system-view
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] mode user-termination
[PE2-GigabitEthernet1/0/1] undo shutdown
[PE2-GigabitEthernet1/0/1] quit
# Configure PE3.
<PE3> system-view
[PE3] interface gigabitethernet 1/0/1
[PE3-GigabitEthernet1/0/1] mode user-termination
[PE3-GigabitEthernet1/0/1] undo shutdown
[PE3-GigabitEthernet1/0/1] quit
# Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] control-vid 1 dot1q-termination
[PE1-GigabitEthernet1/0/1.1] dot1q terminatio vid 10 dscp 3
[PE1-GigabitEthernet1/0/1.1] dot1q terminatio vid 20 dscp 3
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] control-vid 2 dot1q-termination
[PE1-GigabitEthernet1/0/1.2] dot1q terminatio vid 10 dscp 2
[PE1-GigabitEthernet1/0/1.2] dot1q terminatio vid 20 dscp 2
[PE1-GigabitEthernet1/0/1.2] quit
NOTE
On different sub-interfaces of the same main interface, if DSCP values are different, the VIDs to be
terminated can overlap.
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] control-vid 1 dot1q-termination
[PE2-GigabitEthernet1/0/1.1] dot1q terminatio vid 10
[PE2-GigabitEthernet1/0/1.1] dot1q terminatio vid 20
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] control-vid 2 dot1q-termination
[PE3-GigabitEthernet1/0/1.1] dot1q terminatio vid 10
[PE3-GigabitEthernet1/0/1.1] dot1q terminatio vid 20
[PE3-GigabitEthernet1/0/1.1] quit
Step 4 Configure the sub-interfaces for Dot1q VLAN tag termination on PEs and bind AC interfaces
to VSIs.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE1-GigabitEthernet1/0/1.1] undo shutdown
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] l2 binding vsi ldp2
[PE1-GigabitEthernet1/0/1.2] undo shutdown
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE2-GigabitEthernet1/0/1.1] undo shutdown
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/0.1
[PE3-GigabitEthernet1/0/1.1] l2 binding vsi ldp2
[PE3-GigabitEthernet1/0/1.1] undo shutdown
[PE3-GigabitEthernet1/0/1.1] quit
After the preceding configurations, run the display vsi name ldp1 verbose command on PE1,
and you can view that a PW to PE2 is set up for a VSI named ldp1, and the VSI is in the Up
state.
[PE1] display vsi name ldp1 verbose
VSI ID : 1
*Peer Router ID : 2.2.2.9
VC Label : 30720
Peer Type : dynamic
Session : up
Tunnel ID : 0x810004
Broadcast Tunnel ID : 0x810004
CKey : 2
NKey : 1
StpEnable : 0
PwIndex : 0
**PW Information:
Tunnel ID : 0x810004
Broadcast Tunnel ID : 0x810004
Ckey : 0x2
Nkey : 0x1
Main PW Token : 0x810004
Slave PW Token : 0x0
Tnl Type : LSP
OutInterface : GigabitEthernet1/0/2
Stp Enable : 0
Mac Flapping : 0
PW Last Up Time : 2009/09/02 08:47:35
PW Total Up Time : 0 days, 0 hours, 2 minutes, 33 seconds
Run the display interface vlan command, and you can view all the sub-interfaces with the
specified VLAN ID on a main interface.
Take the command output on PE1 as an example.
[PE1] display interface gigabitethernet1/0/1 vlan 10
Sub-Interface VlanPolicy
-----------------------------------------------------------
GE1/0/1.1 dscp 3
GE1/0/1.2 dscp 2
-----------------------------------------------------------
Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
[PE1] display interface GigabitEthernet1/0/1 vlan 20
Sub-Interface VlanPolicy
-----------------------------------------------------------
GE1/0/1.1 dscp 3
GE1/0/1.2 dscp 2
-----------------------------------------------------------
Interface:GE1/0/1 VLAN ID: 20 Sub-Interface num: 2
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 2.2.2.9
#
vsi ldp2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/1.1
control-vid 1 dot1q-termination
dot1q termination vid 10 dscp 3
dot1q termination vid 20 dscp 3
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.3
#
return
Networking Requirements
As shown in Figure 5-41, the CSG sends packets tagged with different VLAN IDs and different
802.1p priorities to PE1. It is required that QinQ stacking sub-interfaces be configured on PEs
to access the L2VPN and differentiated service transmission be implemented. In such a scenario,
you can deploy QinQ stacking+802.1p on the sub-interfaces at the AC side of PEs so that PEs
can differentiate services based on the 802.1p priorities and hence different services can be
transmitted through different PWs.
VLAN 10 Loopback1
2.2.2.9/32
CE1 PE2
GE1/0/1.1
GE1/0/1
192.168.1.1/24 GE1/0/2
3
Database
p=
10.1.1.1/30
2.1
80
GE1/0/1
GE1/0/2
2.1
GE1/0/1.1
CE2
PE3
VLAN 20 Loopback1
3.3.3.9/32
VLAN PW VLAN
Configuration Roadmap
NOTE
L2VPN includes the Virtual Leased Line (VLL), Pseudo-Wire Emulation Edge to Edge (PWE3), and
Virtual Private LAN Service (VPLS). You can configure any one of them as required. The following takes
the VPLS application as an example.
Data Preparation
To complete the configuration, you need the following data:
l IP addresses of interfaces
l VSI IDs on PEs (VSI IDs must be consistent)
l MPLS LSR IDs on PEs
l Names of the VSIs on PEs
l Names of interfaces bound to the VSIs
Procedure
Step 1 Configure basic VPLS functions.
# Set up a VPLS connection between PE1 and PE2, and between PE1 and PE3, with LDP being
the signaling protocol; configure the VSI names to be LDP1 and LDP2. You can refer to the
chapter "VPLS Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide
- VPN or the configuration files in this configuration example.
# Configure PE1.
<PE1> system-view
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] mode user-termination
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] quit
# Configure PE2.
<PE2> system-view
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] mode user-termination
[PE2-GigabitEthernet1/0/1] undo shutdown
[PE2-GigabitEthernet1/0/1] quit
# Configure PE3.
<PE3> system-view
[PE3] interface gigabitethernet 1/0/1
[PE3-GigabitEthernet1/0/1] mode user-termination
[PE3-GigabitEthernet1/0/1] undo shutdown
[PE3-GigabitEthernet1/0/1] quit
# Configure PE1.
<PE1> system-view
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] qinq stacking vid 10 8021p 3
[PE1-GigabitEthernet1/0/1.1] qinq stacking vid 20 8021p 3
[PE1-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] qinq stacking vid 10 8021p 2
[PE1-GigabitEthernet1/0/1.2] qinq stacking vid 20 8021p 2
[PE1-GigabitEthernet1/0/1.2] l2 binding vsi ldp2
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
<PE2> system-view
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] qinq stacking vid 10
[PE2-GigabitEthernet1/0/1.1] qinq stacking vid 20
[PE2-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
<PE3> system-view
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] qinq stacking vid 10
[PE3-GigabitEthernet1/0/1.1] qinq stacking vid 20
[PE3-GigabitEthernet1/0/1.1] l2 binding vsi ldp2
[PE3-GigabitEthernet1/0/1.1] quit
For configuration details, see "Configuration Files" in this section. It is required that the CSG
support the following:
Packets sent from the CSG to PE1 carry VLAN tags with different 802.1p priorities.
Run the display qinq information stacking interface command, and you can view
configurations of QinQ stacking sub-interfaces.
After the preceding configurations, run the display vsi name ldp1 verbose command on PE1,
and you can view that a PW to PE2 is set up for a VSI named ldp1, and the VSI is in the Up
state.
<PE1> display vsi name ldp1 verbose
VSI ID : 1
*Peer Router ID : 2.2.2.9
VC Label : 30720
Peer Type : dynamic
Session : up
Tunnel ID : 0x810004
Broadcast Tunnel ID : 0x810004
CKey : 2
NKey : 1
StpEnable : 0
PwIndex : 0
**PW Information:
Run the display interface vlan command, and you can view the matching policy with the
specified VLAN ID on a specified interface.
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 2.2.2.9
#
vsi ldp2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/1.1
qinq stacking vid 10 8021p 3
qinq stacking vid 20 8021p 3
l2 binding vsi ldp1
#
interface GigabitEthernet1/0/1.2
qinq stacking vid 10 8021p 2
qinq stacking vid 20 8021p 2
l2 binding vsi ldp2
#
interface GigabitEthernet1/0/2
undo shutdown
mpls
#
mpls l2vpn
#
vsi ldp2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.9
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/1.1
qinq stacking vid 10
qinq stacking vid 20
l2 binding vsi ldp2
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.2.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.1.0 0.0.0.3
#
return
Networking Requirements
As shown in Figure 5-42, Switch 1 sends packets tagged with different VLAN IDs and different
EthTypes to PE1. It is required that QinQ stacking sub-interfaces be configured on PEs to access
the L2VPN and differentiated service transmission be implemented. In such a scenario, you can
deploy QinQ stacking+EthType on the sub-interfaces at the AC side of PEs so that PEs can
differentiate services based on the EthTypes and hence different services can be transmitted
through different PWs.
VLAN 10 Loopback1
2.2.2.9/32
CE1 PE2
GE1/0/1.1
GE1/0/1 GE1/0/2
Database
E
10.1.1.1/30
Po
192.168.1.1/24
PP
GE1/0/2 GE1/0/1.1 GE1/0/2
GE1/0/1 GE1/0/1.2 10.1.1.2/30
Switch1
QinQ GE1/0/3
GE1/0/3 Stacking PE1 10.2.1.2/30
GE1/0/1 Loopback1
I Po
GE1/0/1.1
CE2
PE3
VLAN 20 Loopback1
3.3.3.9/32
VLAN PW VLAN
Configuration Roadmap
NOTE
L2VPN includes the Virtual Leased Line (VLL), Pseudo-Wire Emulation Edge to Edge (PWE3), and
Virtual Private LAN Service (VPLS). You can configure any one of them as required. The following takes
the VPLS application as an example.
3. Configure basic Multiprotocol Label Switching (MPLS) functions, and set up label
switched paths (LSPs) between PEs.
4. Enable MPLS L2VPN on PEs.
5. Set up VSIs and then configure them.
6. Configure sub-interfaces for Dot1q VLAN tag termination on PEs and bind AC interfaces
to VSIs.
7. Configure the basic Layer 2 forwarding function on Switch 1.
Data Preparation
To complete the configuration, you need the following data:
l IP addresses of interfaces
l VSI IDs on PEs (VSI IDs must be consistent)
l MPLS LSR IDs on PEs
l Names of the VSIs on PEs
l Names of interfaces bound to the VSIs
Procedure
Step 1 Configure basic VPLS functions.
# Set up a VPLS connection between PE1 and PE2, and between PE1 and PE3, with LDP being
the signaling protocol; configure the VSI names to be LDP1 and LDP2. You can refer to the
chapter "VPLS Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide
- VPN or the configuration files in this configuration example.
Step 2 Configure the interface mode on PEs to user termination.
# Configure PE1.
<PE1> system-view
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] mode user-termination
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] quit
# Configure PE2.
<PE2> system-view
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] mode user-termination
[PE2-GigabitEthernet1/0/1] undo shutdown
[PE2-GigabitEthernet1/0/1] quit
# Configure PE3.
<PE3> system-view
[PE3] interface gigabitethernet 1/0/1
[PE3-GigabitEthernet1/0/1] mode user-termination
[PE3-GigabitEthernet1/0/1] undo shutdown
[PE3-GigabitEthernet1/0/1] quit
# Configure PE2.
<PE2> system-view
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] qinq stacking vid 10
[PE2-GigabitEthernet1/0/1.1] qinq stacking vid 20
[PE2-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
<PE3> system-view
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] qinq stacking vid 10
[PE3-GigabitEthernet1/0/1.1] qinq stacking vid 20
[PE3-GigabitEthernet1/0/1.1] l2 binding vsi ldp2
[PE3-GigabitEthernet1/0/1.1] quit
NOTE
Switch 1 sends packets tagged with different VLAN IDs and EthTypes to PE1.
After the preceding configurations, run the display vsi name ldp1 verbose command on PE1,
and you can view that a PW to PE2 is set up for a VSI named ldp1, and the VSI is in the Up
state.
<PE1> display vsi name ldp1 verbose
VSI ID : 1
*Peer Router ID : 2.2.2.9
VC Label : 30720
Peer Type : dynamic
Session : up
Tunnel ID : 0x810004
Broadcast Tunnel ID : 0x810004
CKey : 2
NKey : 1
StpEnable : 0
PwIndex : 0
**PW Information:
Run the display interface vlan command, and you can view all the sub-interfaces with a
specified VLAN ID on the main interface.
-----------------------------------------------------------
Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 2.2.2.9
#
vsi ldp2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/1.1
qinq stacking vid 10 eth-type PPPOE
qinq stacking vid 20 eth-type PPPOE
l2 binding vsi ldp1
#
interface GigabitEthernet1/0/1.2
qinq stacking vid 10 default
qinq stacking vid 20 default
l2 binding vsi ldp2
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.2.1.2 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.2.1.0 0.0.0.3
network 1.1.1.9 0.0.0.3
#
return
undo shutdown
ip address 10.2.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.1.0 0.0.0.3
#
return
Networking Requirements
As shown in Figure 5-43, the CSG sends packets tagged with different VLAN IDs and different
DSCP values to PE1. It is required that QinQ stacking sub-interfaces be configured on PEs to
access the L2VPN and differentiated service transmission be implemented. In such a scenario,
you can deploy QinQ stacking+DSCP on the sub-interfaces at the AC side of PEs so that PEs
can differentiate services based on the DSCP values and hence different services can be
transmitted through different PWs.
NOTE
The DSCP is carried in each IP packet. For correct deployment of the Stacking Sub-interface+DSCP policy,
you need to ensure that the CSG accesses only IP services.
If the CSG accesses non-IP services, you have to configure GRE tunnels on the CSG so that encapsulated
packets can be transmitted over an IPv4 network.
VLAN 10 Loopback1
2.2.2.9/32
CE1 PE2
GE1/0/1.1
GE1/0/1 GE1/0/2
Database
=3
192.168.1.1/24 10.1.1.1/30
cp
ds
GE1/0/2 GE1/0/1.1 GE1/0/2
GE1/0/1 GE1/0/1.2 10.1.1.2/30
CSG
QinQ GE1/0/3
GE1/0/3 Stacking PE1 10.2.1.2/30
GE1/0/1 Loopback1
ds
192.168.1.4/24 1.1.1.9/32 GE1/0/2 Internet
cp
10.2.1.1/30
=2
GE1/0/1.1
CE2
PE3
VLAN 20 Loopback1
3.3.3.9/32
VLAN PW VLAN
Configuration Roadmap
NOTE
L2VPN includes the Virtual Leased Line (VLL), Pseudo-Wire Emulation Edge to Edge (PWE3), and
Virtual Private LAN Service (VPLS). You can configure any one of them as required. The following takes
the VPLS application as an example.
Data Preparation
To complete the configuration, you need the following data:
l IP addresses of interfaces
l VSI IDs on PEs (VSI IDs must be consistent)
l MPLS LSR IDs on PEs
l Names of the VSIs on PEs
l Names of interfaces bound to the VSIs
Procedure
Step 1 Configure basic VPLS functions.
# Set up a VPLS connection between PE1 and PE2, and between PE1 and PE3, with LDP being
the signaling protocol; configure the VSI names to be LDP1 and LDP2. You can refer to the
chapter "VPLS Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide
- VPN or the configuration files in this configuration example.
Step 2 Configure the interface mode on PEs to user termination.
# Configure PE1.
<PE1> system-view
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] mode user-termination
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] quit
# Configure PE2.
<PE2> system-view
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] mode user-termination
[PE2-GigabitEthernet1/0/1] undo shutdown
[PE2-GigabitEthernet1/0/1] quit
# Configure PE3.
<PE3> system-view
[PE3] interface gigabitethernet 1/0/1
[PE3-GigabitEthernet1/0/1] mode user-termination
[PE3-GigabitEthernet1/0/1] undo shutdown
[PE3-GigabitEthernet1/0/1] quit
# Configure PE2.
<PE2> system-view
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] qinq stacking vid 10
[PE2-GigabitEthernet1/0/1.1] qinq stacking vid 20
[PE2-GigabitEthernet1/0/1.1] l2 binding vsi ldp1
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
<PE3> system-view
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] qinq stacking vid 10
[PE3-GigabitEthernet1/0/1.1] qinq stacking vid 20
[PE3-GigabitEthernet1/0/1.1] l2 binding vsi ldp2
[PE3-GigabitEthernet1/0/1.1] quit
After the preceding configurations, run the display vsi name ldp1 verbose command on PE1,
and you can view that a PW to PE2 is set up for a VSI named ldp1, and the VSI is in the Up
state.
<PE1> display vsi name ldp1 verbose
Color : --
DomainId : 255
Domain Name :
Ignore AcState : disable
Create Time : 0 days, 0 hours, 6 minutes, 31 seconds
VSI State : up
Resource Status : Valid
VSI ID : 1
*Peer Router ID : 2.2.2.9
VC Label : 30720
Peer Type : dynamic
Session : up
Tunnel ID : 0x810004
Broadcast Tunnel ID : 0x810004
CKey : 2
NKey : 1
StpEnable : 0
PwIndex : 0
**PW Information:
Run the display interface vlan command, and you can view the matching policy with the
specified VLAN ID on a specified interface.
Take the command output on PE1 as an example.
<PE1> display interface gigabitethernet1/0/1 vlan 10
Interface VlanPolicy
-----------------------------------------------------------
GE1/0/1.1 dscp 3
GE1/0/1.2 dscp 2
-----------------------------------------------------------
Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi ldp1 static
pwsignal ldp
vsi-id 1
peer 2.2.2.9
#
vsi ldp2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/1.1
qinq stacking vid 10 dscp 3
qinq stacking vid 20 dscp 3
l2 binding vsi ldp1
#
interface GigabitEthernet1/0/1.2
qinq stacking vid 10 dscp 2
qinq stacking vid 20 dscp 2
l2 binding vsi ldp2
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.2.1.2 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.2.1.0 0.0.0.3
network 1.1.1.9 0.0.0.3
#
return
peer 1.1.1.9
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/1.1
qinq stacking vid 10
qinq stacking vid 20
l2 binding vsi ldp1
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.3
#
return
#
return
Networking Requirements
As shown in Figure 5-44, CSG sends packets tagged with different VLAN IDs and different
802.1p priorities to PE1. It is required that sub-interfaces for Dot1q VLAN tag termination be
configured on PEs to access the L3VPN and differentiated service transmission be implemented.
In such a scenario, you can deploy VLAN+802.1p on the sub-interfaces at the AC side of PEs
so that PEs can differentiate services based on the 802.1p priorities and hence different services
can be transmitted through different VPN instances.
AS65410
VLAN 10 Loopback1
2.2.2.9/32
GE1/0/1.1 CE3
CE1 PE2
GE1/0/1.2
GE1/0/1
GE1/0/2
=3
GE1/0/1 Database
p
2.1
AS65420
80
GE1/0/2 PE1 GE1/0/2
GE1/0/1 Loopback1
CSG
GE1/0/1.1 1.1.1.9/32
GE1/0/1.2 GE1/0/3
GE1/0/3
80 Internet
GE1/0/1 2.1
p=2 GE1/0/2 AS65421
GE1/0/1
CE2 GE1/0/1.1
PE3 GE1/0/1.2 CE4
VLAN 20 Loopback1
3.3.3.9/32
AS65411 L3VPN
AS100
Configuration Roadmap
The configuration roadmap is as follows:
2. Configure basic Multiprotocol Label Switching (MPLS) functions and MPLS Label
Distribution Protocol (LDP), and set up MPLS label switched paths (LSPs) on the backbone
network.
3. Set up LSPs between PEs.
4. Create VPN instances on PEs and bind AC interfaces to the VPN instances.
5. Configure the basic Layer 2 forwarding function on CSG.
6. Configure External Border Gateway Protocol (EBGP) on CEs and PEs to exchange VPN
routing information.
7. Set up Multiprotocol Extensions for IBGP (MP-IBGP) peer relationships between PEs.
Data Preparation
To complete the configuration, you need the following data:
l IP addresses of interfaces
l Names of the VPN instances on PEs
l RDs and VPN targets of the VPN instances
l Interfaces bound to the VPN instances
Procedure
Step 1 Configure the IP addresses of interfaces on CEs and PEs as described in Figure 5-44. The
detailed configurations are not mentioned here. You can see the configuration files in this
configuration example.
Step 2 Configure an IGP on the MPLS backbone network. In this example, OSPF is adopted as an IGP.
The detailed configurations are not mentioned here. You can see the configuration files in this
configuration example.
After the preceding configurations, PE1 and PE2, and PE1 and PE3 have routes discovered
through OSPF to Loopback 1 of each other. PE1 and PE2, and PE1 and PE3 can ping through
each other.
<PE1> display ip routing-table
Routing Tables: Public
Destinations : 9 Routes : 9
Step 3 Enable basic MPLS functions and LDP on the MPLS backbone network.
After the preceding configurations, MPLS LSPs are successfully created, and LDP sessions are
set up between PE1 and PE2 and between PE1 and PE3. Run the display mpls ldp session
command, and you can view that the Status field is displayed as Operational.
<PE1> display mpls ldp session
# Configure PE1.
<PE1> system-view
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 100:1 both
[PE1-vpn-instance-vpn1] quit
[PE1] ip vpn-instance vpn2
[PE1-vpn-instance-vpn2] route-distinguisher 100:2
[PE1-vpn-instance-vpn2] vpn-target 100:2 both
[PE1-vpn-instance-vpn2] quit
# Configure PE2.
<PE2> system-view
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1] vpn-target 100:1 both
[PE2-vpn-instance-vpn1] quit
# Configure PE3.
<PE3> system-view
[PE3] ip vpn-instance vpn2
[PE3-vpn-instance-vpn2] route-distinguisher 100:2
[PE3-vpn-instance-vpn2] vpn-target 100:2 both
[PE3-vpn-instance-vpn2] quit
# Configure PE1.
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] mode user-termination
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] mode user-termination
[PE2-GigabitEthernet1/0/1] undo shutdown
[PE2-GigabitEthernet1/0/1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1
[PE3-GigabitEthernet1/0/1] mode user-termination
[PE3-GigabitEthernet1/0/1] undo shutdown
[PE3-GigabitEthernet1/0/1] quit
Step 6 Configure VLAN+802.1p, and bind sub-interfaces for Dot1q VLAN tag termination to the VPN
instances.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] control-vid 1 dot1q-termination
[PE1-GigabitEthernet1/0/1.1] dot1q terminatio vid 10 8021p 3
[PE1-GigabitEthernet1/0/1.1] dot1q terminatio vid 20 8021p 3
[PE1-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1
[PE1-GigabitEthernet1/0/1.1] ip address 10.11.1.1 24
[PE1-GigabitEthernet1/0/1.1] arp broadcast enable
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] control-vid 2 dot1q-termination
[PE1-GigabitEthernet1/0/1.2] dot1q terminatio vid 20 8021p 2
[PE1-GigabitEthernet1/0/1.2] dot1q terminatio vid 10 8021p 2
[PE1-GigabitEthernet1/0/1.2] ip binding vpn-instance vpn2
[PE1-GigabitEthernet1/0/1.2] ip address 10.21.1.1 24
[PE1-GigabitEthernet1/0/1.2] arp broadcast enable
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] control-vid 1 dot1q-termination
[PE2-GigabitEthernet1/0/1.1] dot1q terminatio vid 10
[PE2-GigabitEthernet1/0/1.1] dot1q terminatio vid 20
[PE2-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1
[PE2-GigabitEthernet1/0/1.1] ip address 10.12.1.1 24
[PE2-GigabitEthernet1/0/1.1] arp broadcast enable
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] control-vid 2 dot1q-termination
[PE3-GigabitEthernet1/0/1.1] dot1q terminatio vid 10
[PE3-GigabitEthernet1/0/1.1] dot1q terminatio vid 20
[PE3-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn2
[PE3-GigabitEthernet1/0/1.1] ip address 10.22.1.1 24
[PE3-GigabitEthernet1/0/1.1] arp broadcast enable
[PE3-GigabitEthernet1/0/1.1] quit
After the preceding configurations, run the display ip vpn-instance verbose command on PEs,
and you can view the configurations of the VPN instances.
For configuration details, see "Configuration Files" in this section. It is required that the CSG
support the following:
Packets sent from CSG to PE1 carry VLAN tags with different 802.1p priorities.
Step 8 Set up EBGP peer relationships between the PEs and CEs to import VPN routes.
You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the HUAWEI
NetEngine80E/40E Router Configuration Guide - VPN or the configuration files in this
configuration example.
You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the HUAWEI
NetEngine80E/40E Router Configuration Guide - VPN or the configuration files in this
configuration example.
After the preceding configurations, run the display bgp peer command on the PEs, and you can
view that BGP peer relationships between PEs have been established and are in the
Established state.
Run the display ip routing-table vpn-instance command on PEs, and you can view the routes
to remote CEs.
Run the display dot1q information termination command, and you can view information about
the configured sub-interfaces for Dot1q VLAN tag termination. You can also view that the sub-
interfaces are bound to the L3VPN.
Run the display interface vlan command, and you can view the matching policy configured on
sub-interfaces in VLAN 10.
Take the command output on PE1 as an example.
[PE1] display interface gigabitethernet1/0/1 vlan 10
Interface VlanPolicy
-----------------------------------------------------------
GE1/0/1.2 8021p 2
GE1/0/1.1 8021p 3
-----------------------------------------------------------
Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
ip vpn-instance vpn2
route-distinguisher 100:2
vpn-target 100:2 export-extcommunity
vpn-target 100:2 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/1.1
control-vid 1 dot1q-termination
dot1q termination vid 10 8021p 3
dot1q termination vid 20 8021p 3
ip binding vpn-instance vpn1
ip address 10.11.1.1 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet1/0/1.2
control-vid 2 dot1q-termination
dot1q termination vid 10 8021p 2
dot1q termination vid 20 8021p 2
ip binding vpn-instance vpn2
ip address 10.21.1.1 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.3.1.2 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 10.1.1.1 as-number 100
#
ipv4-family vpn-instance vpn2
import-route direct
peer 10.3.1.1 as-number 65421
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.3.1.0 0.0.0.3
#
return
undo shutdown
ip address 10.1.1.1 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 10.1.1.2 as-number 100
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.3
#
return
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn2
import-route direct
peer 10.3.1.2 as-number 100
#
ospf 1
area 0.0.0.0
network 10.3.1.0 0.0.0.3
network 3.3.3.9 0.0.0.0
#
return
import-route direct
peer 10.12.1.1 enable
#
return
Networking Requirements
As shown in Figure 5-45, the CSG sends packets tagged with different VLAN IDs and different
DSCP values to PE1. It is required that sub-interfaces for Dot1q VLAN tag termination be
configured on PEs to access the L3VPN and differentiated service transmission be implemented.
In such a scenario, you can deploy VLAN+DSCP on the sub-interfaces at the AC side of PEs
so that PEs can differentiate services based on the DSCP values and hence different services can
be transmitted through different VPN instances.
NOTE
In this example, PE1 parses DSCP values in the received packets for scheduling.
The DSCP is carried in each IP packet. For correct deployment of the VLAN+DSCP policy, you need to
ensure that the CSG accesses only IP services.
If the CSG accesses non-IP services, you have to configure GRE tunnels on the CSG so that encapsulated
packets can be transmitted over an IPv4 network.
AS65410
VLAN 10 Loopback1
2.2.2.9/32
GE1/0/1.1 CE3
CE1 PE2
GE1/0/1.2
GE1/0/1
GE1/0/2 Database
=3
GE1/0/1
CP
AS65420
DS
GE1/0/2 GE1/0/1.1 PE1 GE1/0/2
GE1/0/1 GE1/0/1.2 Loopback1
CSG
1.1.1.9/32
GE1/0/3 GE1/0/3
DS
GE1/0/1 Internet
CP
GE1/0/2 AS65421
=2 GE1/0/1
CE2 GE1/0/1.1
PE3 GE1/0/1.2 CE4
VLAN 20 Loopback1
3.3.3.9/32
AS65411 L3VPN
AS100
Configuration Roadmap
The configuration roadmap is as follows:
2. Configure basic Multiprotocol Label Switching (MPLS) functions and MPLS Label
Distribution Protocol (LDP), and set up MPLS label switched paths (LSPs) on the backbone
network.
3. Set up LSPs between PEs.
4. Create VPN instances on PEs and bind AC interfaces to the VPN instances.
5. Configure the basic Layer 2 forwarding function on CSG.
6. Configure External Border Gateway Protocol (EBGP) on CEs and PEs to exchange VPN
routing information.
7. Set up Multiprotocol Extensions for IBGP (MP-IBGP) peer relationships between PEs.
Data Preparation
To complete the configuration, you need the following data:
l IP addresses of interfaces
l Names of the VPN instances on PEs
l RDs and VPN targets of the VPN instances
l Interfaces bound to the VPN instances
Procedure
Step 1 Configure the IP addresses of interfaces on CEs and PEs as described in Figure 5-45. You can
see the configuration files in this configuration example.
Step 2 Configure an IGP on the MPLS backbone network. In this example, OSPF is adopted as an IGP.
After the preceding configurations, PE1 and PE2, and PE1 and PE3 have routes discovered
through OSPF to Loopback 1 of each other. PE1 and PE2, and PE1 and PE3 can ping through
each other.
<PE1> display ip routing-table
Routing Tables: Public
Destinations : 9 Routes : 9
Step 3 Enable basic MPLS functions and LDP on the MPLS backbone network.
You can see the configuration files in this configuration example.
After the preceding configurations, MPLS LSPs are successfully created, and LDP sessions are
set up between PE1 and PE2 and between PE1 and PE3. Run the display mpls ldp session
command, and you can view that the Status field is displayed as Operational.
<PE1> display mpls ldp session
# Configure PE2.
<PE2> system-view
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:1
[PE2-vpn-instance-vpn1] vpn-target 100:1 both
[PE2-vpn-instance-vpn1] quit
# Configure PE3.
<PE3> system-view
[PE3] ip vpn-instance vpn2
[PE3-vpn-instance-vpn2] route-distinguisher 100:2
[PE3-vpn-instance-vpn2] vpn-target 100:2 both
[PE3-vpn-instance-vpn2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] mode user-termination
[PE2-GigabitEthernet1/0/1] undo shutdown
[PE2-GigabitEthernet1/0/1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1
[PE3-GigabitEthernet1/0/1] mode user-termination
[PE3-GigabitEthernet1/0/1] undo shutdown
[PE3-GigabitEthernet1/0/1] quit
Step 6 Configure VLAN+DSCP, and bind sub-interfaces for Dot1q VLAN tag termination to the VPN
instances.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/1.1
[PE1-GigabitEthernet1/0/1.1] control-vid 1 dot1q-termination
[PE1-GigabitEthernet1/0/1.1] dot1q terminatio vid 10 dscp 3
[PE1-GigabitEthernet1/0/1.1] dot1q terminatio vid 20 dscp 3
[PE1-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1
[PE1-GigabitEthernet1/0/1.1] ip address 10.11.1.1 24
[PE1-GigabitEthernet1/0/1.1] arp broadcast enable
[PE1-GigabitEthernet1/0/1.1] quit
[PE1] interface gigabitethernet 1/0/1.2
[PE1-GigabitEthernet1/0/1.2] control-vid 2 dot1q-termination
[PE1-GigabitEthernet1/0/1.2] dot1q terminatio vid 20 dscp 2
[PE1-GigabitEthernet1/0/1.2] dot1q terminatio vid 10 dscp 2
[PE1-GigabitEthernet1/0/1.2] ip binding vpn-instance vpn2
[PE1-GigabitEthernet1/0/1.2] ip address 10.21.1.1 24
[PE1-GigabitEthernet1/0/1.2] arp broadcast enable
[PE1-GigabitEthernet1/0/1.2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] control-vid 1 dot1q-termination
[PE2-GigabitEthernet1/0/1.1] dot1q terminatio vid 10
[PE2-GigabitEthernet1/0/1.1] dot1q terminatio vid 20
[PE2-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1
[PE2-GigabitEthernet1/0/1.1] ip address 10.12.1.1 24
[PE2-GigabitEthernet1/0/1.1] arp broadcast enable
[PE2-GigabitEthernet1/0/1.1] arp broadcast enable
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] control-vid 2 dot1q-termination
[PE3-GigabitEthernet1/0/1.1] dot1q terminatio vid 10
[PE3-GigabitEthernet1/0/1.1] dot1q terminatio vid 20
[PE3-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn2
[PE3-GigabitEthernet1/0/1.1] ip address 10.22.1.1 24
[PE3-GigabitEthernet1/0/1.1] arp broadcast enable
[PE3-GigabitEthernet1/0/1.1] quit
After the preceding configurations, run the display ip vpn-instance verbose command on PEs,
and you can view the configurations of the VPN instances.
Take the command output on PE1 as an example.
For configuration details, see "Configuration Files" in this section. It is required that the CSG
support the following:
Step 8 Set up the EBGP peer relationships between the PEs and CEs to import VPN routes.
You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the HUAWEI
NetEngine80E/40E Router Configuration Guide - VPN or the configuration files in this
configuration example.
You can refer to the chapter "BGP/MPLS IP VPN Configuration" in the HUAWEI
NetEngine80E/40E Router Configuration Guide - VPN or the configuration files in this
configuration example.
After the preceding configurations, run the display bgp peer command on the PEs, and you can
view that BGP peer relationships between PEs have been established and are in the Established
state.
Run the display ip routing-table vpn-instance command on PEs, and you can view the routes
to remote CEs.
Take the command output on PE1 as an example.
[PE1] display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 3 Routes : 3
Run the display dot1q information termination command, and you can view information about
the sub-interfaces for Dot1q VLAN tag termination. You can also find that the sub-interfaces
are bound to the L3VPN.
Take the command output on PE1 as an example.
[PE1] display dot1q information termination interface gigabitethernet 1/0/1
GigabitEthernet1/0/1.1
L3VPN bound
Total QinQ Num: 2
dot1q termination vid 10
dot1q termination vid 20
Total vlan-group Num: 0
control-vid 1 dot1q-termination
GigabitEthernet1/0/1.2
L3VPN bound
Total QinQ Num: 2
dot1q termination vid 10
dot1q termination vid 20
Total vlan-group Num: 0
control-vid 2 dot1q-termination
Run the display interface vlan command, and you can view the matching policy configured on
sub-interfaces in VLAN 10.
Take the command output on PE1 as an example.
[PE1] display interface gigabitethernet1/0/1 vlan 10
Interface VlanPolicy
-----------------------------------------------------------
GE1/0/1.2 dscp 2
GE1/0/1.1 dscp 3
-----------------------------------------------------------
Interface:GE1/0/1 VLAN ID: 10 Sub-Interface num: 2
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
ip vpn-instance vpn2
route-distinguisher 100:2
vpn-target 100:2 export-extcommunity
vpn-target 100:2 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface GigabitEthernet1/0/1
undo shutdown
mode user-termination
#
interface GigabitEthernet1/0/1.1
control-vid 1 dot1q-termination
dot1q termination vid 10 dscp 3
dot1q termination vid 20 dscp 3
ip binding vpn-instance vpn1
ip address 10.11.1.1 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet1/0/1.2
control-vid 2 dot1q-termination
dot1q termination vid 10 dscp 2
dot1q termination vid 20 dscp 2
ip binding vpn-instance vpn2
ip address 10.21.1.1 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.2.1.2 255.255.255.252
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
peer 10.1.1.1 as-number 100
#
ipv4-family vpn-instance vpn2
import-route direct
peer 10.2.1.1 as-number 65421
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.2.1.0 0.0.0.3
#
return
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn2
import-route direct
peer 10.2.1.2 as-number 100
#
ospf 1
area 0.0.0.0
network 10.2.1.0 0.0.0.3
network 3.3.3.9 0.0.0.0
#
return
#
return
6 STP/RSTP Configuration
The Spanning Tree Protocol (STP) trims a ring network into a loop-free tree network. It prevents
replication and circular propagation of packets, provides multiple redundant paths for virtual
LAN (VLAN) data traffic, and enables load balancing. The Rapid Spanning Tree Protocol
(RSTP) was developed based on STP to implement faster convergence. RSTP defines edge ports
and provides protection functions.
6.5 Configuring STP/RSTP Interoperability Between Huawei Devices and Non-Huawei Devices
To supports STP/RSTP interoperability between Huawei devices and non-Huawei devices,
proper parameters are required on Huawei devices running STP/RSTP to ensure nonstop
communication.
This section describes the networking requirements, configuration roadmap, data preparation,
and procedures for some typical application scenarios for STP/RSTP. This section also provides
the related configuration files.
6.1.1 Introduction
STP/RSTP is used to block redundant links on Layer 2 networks and trim a network into a loop-
free tree topology.
Background
Network designers tend to deploy multiple physical links between two devices (one link is the
master and the others are backups) to fulfill network redundancy requirements. Loops are bound
to occur on such types of complex networks.
Loops will cause broadcast storms, thereby exhausting network resources and paralyzing the
network. Loops also cause MAC address flapping that damages MAC address entries.
Devices can run STP to discover loops on the network by exchanging information with each
other, and trim the ring topology into a loop-free tree topology by blocking an interface. These
capabilities help prevent replication and circular propagation of packets on the network which
in turn helps avoid degradation of switching device performance.
With all its merits, STP is not able to converge network topologies quickly. In 2001, the IEEE
published document 802.1w, which introduces an evolution in the Spanning Tree Protocol:
Rapid Spanning Tree Protocol (RSTP). Although based on the same principles, RSTP was
developed for rapid convergence and far outperforms STP.
Concepts
l Root bridge
A tree topology must have a root.
There is only one root bridge on the entire STP/RSTP-capable network. The root bridge is
the logical center but is not necessarily the physical center of the entire network. Another
switching device can serve as the root bridge following a change in the network topology.
l ID
– Bridge ID
As defined in IEEE 802.1D, a bridge ID (BID) is composed of a 2-byte bridge priority
and a 6-byte bridge MAC address.
On an STP-capable network, the device with the smallest BID is selected as the root
bridge.
– Port ID
A 16-bit port ID (PID) is composed of a 4-bit port priority and a 12-bit port number.
PIDs are used to select a designated port. When the root path costs and the sender BIDs
of two ports are the same, the port with a smaller PID is selected as the designated port.
As shown in Figure 6-1, the root path costs and sender BIDs of port A and port B on
S2 are the same. Port A has a smaller PID, and is selected as the designated port.
l Path cost
A path cost is port-specific and is used by STP/RSTP to select a link. STP/RSTP calculates
the path cost to select robust links and blocks redundant links to trim the network into a
loop-free tree topology.
On an STP/RSTP-capable network, the accumulative cost of the path from a certain port
to the root bridge is the sum of the costs of the segment paths into which the path is separated
by the ports on the transit bridges.
l STP port roles
– Root port
The root port is the port that is nearest to the root bridge. The root port is determined
based on the path cost. Among all the STP-capable ports on the network bridge, the port
with the lowest root path cost is the root port. There is only one root port on an STP-
capable device, but there is no root port on the root bridge.
– Designated Port
The designated port on a switching device forwards bridge protocol data units (BPDUs)
to the downstream switching device. All ports on the root bridge are designated ports.
A designated port is selected for each network segment. The device on which the
designated port resides is called the designated bridge.
l RSTP port roles
Compared with STP, RSTP has two additional types of ports, the alternate port and backup
port. More port roles are defined to simplify deployment of STP.
S1
Root bridge
B A
S2 S3
A A a
S1
Root bridge
B A
S2 S3
A a
B A
b
Root port
Designated port
Alternate port
Backup port
As shown in Figure 6-1, RSTP defines four port roles: root port, designated port, alternate
port, and backup port.
The functions of the root port and designated port are the same as those defined in STP.
The functions of the alternate port and backup port are as follows:
– From the perspective of configuration BPDU transmission:
– The alternate port is blocked after learning the configuration BPDUs sent by other
bridges.
– The backup port is blocked after learning the configuration BPDUs sent by itself.
– From the perspective of user traffic:
– The alternate port backs up the root port and provides an alternate path from the
designated bridge to the root bridge.
– The backup port backs up the designated port and provides an alternate path from
the root node to the leaf node.
Forwarding A port in the Forwarding state forwards Only the root port and
user traffic and BPDUs. designated port can enter the
Forwarding state.
Blocking A port in the Blocking state receives and This is the final state of a
forwards only BPDUs but does not blocked port.
forward user traffic.
Forwarding A port in the Forwarding state can send and receive BPDUs as
well as forward user traffic.
Learning This is a transition state. A port in the Learning state learns MAC
addresses from user traffic to construct a MAC address table.
In the Learning state, the port can send and receive BPDUs, but
cannot forward user traffic.
NOTICE
MSTP is the default mode for all Huawei datacom devices. After a device experiences the
transition from the MSTP mode to the STP mode, an STP-capable port supports the same
port states as those supported by an MSTP-capable port, including the Forwarding,
Learning, and Discarding states. For details, see Table 6-2.
l Three timers
– Hello Timer
Sets the interval at which BPDUs are sent.
– Forward Delay Timer
Sets the time spent in the Listening and Learning states.
– Max Age
Sets the maximum lifetime of a BPDU on the network. When the Max Age time is
reached, the connection to the root bridge is considered broken.
STP/RSTP is used to block redundant links on Layer 2 networks and trim a network into a loop-
free tree topology.
STP/RSTP also supports the following features to meet the requirements of special applications
and extended functions:
l Provides a feedback mechanism to confirm topology convergence, implementing rapid
convergence.
l RSTP provides the protection functions listed in Table 6-4.
l Supports STP/RSTP interoperability between Huawei devices and non-Huawei devices.
Certain parameters must be set on Huawei devices to ensure uninterrupted communication.
BPDU An edge port changes into After BPDU protection is enabled, the
protection a non-edge port after switching device shuts down the edge port
receiving a BPDU, which if the edge port receives an RST BPDU.
triggers spanning tree Then the device notifies the NMS of the
recalculation. If an attacker shutdown event. The attributes of the edge
keeps sending pseudo port are not changed.
BPDUs to a switching
device, network flapping
occurs.
Context
STP/RSTP is commonly configured on switching devices to trim a ring network into a loop-free
network. Devices start spanning tree calculation after the STP/RSTP working mode is set and
STP/RST is enabled. Use any of the following methods if you need to intervene in the spanning
tree calculation:
l Set a priority for a switching device: The lower the numerical value, the higher the priority
of the switching device and the more likely the switching device becomes a root bridge;
the higher the numerical value, the lower the priority of the switching device and the less
likely that the switching device becomes a root bridge.
l Set a path cost for a port: With the same calculation method, the lower the numerical value,
the smaller the cost of the path from the port to the root bridge and the more likely the port
becomes a root port; the higher the numerical value, the larger the cost of the path from the
port to the root bridge and the less likely that the port becomes a root port.
l Set a priority for a port: The lower the numerical value, the more likely the port becomes
a designated port; the higher the numerical value, the less likely that the port becomes a
designated port.
Applicable Environment
Network designers tend to deploy multiple physical links between two devices (one link is the
master and the others are backups) to fulfill network redundancy requirements. Loops are bound
to occur on such types of complex networks.
Loops will cause broadcast storms, thereby exhausting network resources and paralyzing the
network. Loops also cause MAC address flapping that damages MAC address entries.
As shown in Figure 6-2, RouterA, RouterB, Switch C, and Switch D form a ring network, and
STP/RSTP is enabled on the ring network to eliminate loops, enhancing reliability of the
network.
Network
Root
Bridge
RouterA RouterB
SwitchC SwitchD
PC1 PC2
Blocked port
NOTE
If the current switching device supports STP and RSTP, RSTP is recommended.
Pre-configuration Tasks
Before configuring basic STP/RSTP functions, connect interfaces and setting physical
parameters for the interfaces to ensure that the interfaces are physically Up.
Data Preparation
To configure basic STP/RSTP functions, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp mode { stp | rstp }
By default, the working mode of a switching device is MSTP. MSTP is compatible with STP
and RSTP.
On a ring network running only STP, set the working mode of a switching device to STP; on a
ring network running RSTP, set the working mode of a switching device to RSTP. In other cases,
use the default working mode MSTP.
----End
Context
On an STP/RSTP-capable network, there is only one root bridge, which is the logic center of
the entire spanning tree. During root bridge selection, a high-performance switching device at
a high network layer should be selected as the root bridge; however, the priority of such a device
may not be the highest on the network. It is therefore necessary to set a high priority for the
switching device to ensure that the device functions as a root bridge.
Low-performance devices at lower network layers are not fit to serve as a root bridge. Therefore,
set low priorities for these devices.
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp priority priority
NOTE
l To configure a switching device as the primary root bridge, run the stp root primary command. The
priority value of this switching device is 0.
l To configure a switching device as a secondary root bridge, run the stp root secondary command. The
priority value of this switching device is 4096.
A switching device cannot act as a primary root bridge and as a secondary root bridge at the same time.
l If you want to change the priority of a switching device after you run the stp root primary command
or the stp root secondary command to configure the switching device as the primary root bridge or
secondary root bridge, disable the root bridge function or secondary root bridge function, and then run
the stp priority priority command to set a priority.
----End
Context
A path cost is port-specific and is used by STP/RSTP to select a link.
The path cost value range is determined by the calculation method. After the calculation method
is determined, it is recommended that you set a relatively small path cost value for the ports with
high link rates.
In the Huawei proprietary calculation method for example, the link rate determines the
recommended value for the path cost. Table 6-5 lists the recommended path costs for ports with
different link rates.
Table 6-5 Mappings between link rates and path cost values
10 Gbit/s 2 2 to 20 1 to 200000
If a network has loops, it is recommended that you set a relatively large path cost for ports with
low link rates. STP/RSTP then blocks these ports.
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp pathcost-standard { dot1d-1998 | dot1t | legacy }
By default, the IEEE 802.1t standard (dot1t) is used to calculate the default path cost.
All switching devices on a network must use the same path cost calculation method.
Step 3 Run:
interface interface-type interface-number
NOTE
If the interface itself is a Layer 2 interface, this step can be skipped. Run the display this command in the
interface view. If "portswitch" is displayed in the command output, the interface is a Layer 2 interface.
Step 5 Run:
stp cost cost
l When the Huawei proprietary calculation method is used, cost ranges from 1 to 200000.
l When the IEEE 802.1d standard method is used, cost ranges from 1 to 65535.
l When the IEEE 802.1t standard method is used, cost ranges from 1 to 200000000.
----End
Context
Whether a port will be selected as a designated port is determined by its priority. For details, see
6.1.1 Introduction.
To block a port to eliminate loops, set the port priority value to be larger than the default value
when the devices have the same bridge ID and path cost. This port will be blocked during
designated port selection.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
NOTE
If the interface itself is a Layer 2 interface, this step can be skipped. Run the display this command in the
interface view. If "portswitch" is displayed in the command output, the interface is a Layer 2 interface.
Step 4 Run:
stp port priority priority
----End
Context
After STP/RSTP is enabled on a ring network, STP/RSTP immediately calculates spanning trees
on the network. Configurations on the switching device, such as the switching device priority
and port priority, will affect spanning tree calculation. Any change to the configurations may
cause network flapping. Therefore, to ensure rapid and stable spanning tree calculation, perform
basic configurations on the switching device and its ports, and enable STP/RSTP.
Procedure
Step 1 Run:
system-view
----End
Prerequisites
Basic STP/RSTP functions have been configured.
Procedure
l Run the display stp [ interface interface-typeinterface-number ] [ brief ] command to view
the spanning-tree status and statistics.
----End
Example
Run the display stp command to view the spanning-tree working mode, root bridge, priority of
the root bridge, convergence mode, path cost calculation method, and path cost of the root port.
<HUAWEI> display stp
-------[CIST Global Info][Mode RSTP]-------
CIST Bridge :32768.00e0-4e1f-b200
Context
STP does not implement rapid convergence; however, STP parameters such as the network
diameter, Hello timer, Max Age timer, and Forward Delay timer, may affect network
convergence. RSTP is a refinement of STP and implements rapid convergence. In addition to
the preceding parameters, the link type, rapid transition mechanism, and maximum number of
sent BPDUs also affect STP/RSTP topology convergence.
Table 6-6 shows the STP/RSTP parameters that affect STP/RSTP topology convergence.
Applicable Environment
On some specific networks, proper RSTP parameter settings will help implement rapid network
convergence.
NOTE
The default configurations for the parameters described in this section help implement RSTP rapid
convergence. Therefore, the configuration process and all involved procedures described in this section
are optional.
Pre-configuration Tasks
Before configuring STP/RSTP parameters, configure basic STP/RSTP functions.
Data Preparation
To configure STP/RSTP parameters, you need the following data.
No. Data
1 Network diameter
2 Hello timer, Forward Delay timer, Max Age timer, and timeout period for waiting
for BPDUs from the upstream (3 x Hello timer value x Time factor)
8 Whether auto recovery needs to be configured for an edge port being shut down
Procedure
Step 1 Run:
system-view
l RSTP uses a single spanning tree instance on the entire network. As a result, performance
deterioration cannot be prevented when the network scale grows. Therefore, the network
diameter cannot be larger than 7.
l It is recommended that you run the stp bridge-diameter diameter command to set the
network diameter. Then, the switching device calculates the optimal Forward Delay period,
Hello timer value, and Max Age timer value based on the set network diameter.
Step 3 Run:
stp timer-factor factor
The timeout period for waiting for BPDUs from the upstream device is set.
Step 4 (Optional) If the current device is at the edge of a network, run both or either of the following
commands as needed:
l To configure all ports on the devices as edge ports, run:
stp edged-port default
After the stp bpdu-filter default and stp edged-port default commands are run in the system view, all
ports on the device no longer actively send BPDUs or negotiate with directly-connected ports; instead, all
the ports are in the Forwarding state. This may lead to a loop on the network, causing broadcast storms.
Exercise caution when running these commands.
Step 5 (Optional) To set the Forward Delay period, Hello timer, and Max Age timer, perform the
following operations:
l Run the stp timer forward-delay forward-delay command to set the Forward Delay timer.
The default Forward Delay timer of a switching device is 1500 centiseconds.
l Run the stp timer hello hello-time command to set the Hello timer.
The default Hello timer of a switching device is 200 centiseconds.
l Run the stp timer max-age max-age command to set the Max Age timer.
The default Max Age timer of a switching device is 2000 centiseconds.
NOTE
The values of the Hello timer, Forward Delay timer, and Max Age timer must comply with the following
formulas; otherwise, network flapping occurs.
l 2 x (Forward Delay - 1.0 second) >= Max Age
l Max Age >= 2 x (Hello Time + 1.0 second)
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
NOTE
If the interface itself is a Layer 2 interface, this step can be skipped. Run the display this command in the
interface view. If "portswitch" is displayed in the command output, the interface is a Layer 2 interface.
By default, an interface automatically determines whether to connect to a P2P link. The P2P link
supports rapid network convergence.
l If the Ethernet port works in full-duplex mode, the port is connected to a P2P link. In this
case, force-true can be configured to implement rapid network convergence.
l If the Ethernet port works in half-duplex mode, you can run stp point-to-point force-true
to forcibly set the link type to P2P.
Step 5 Run:
stp mcheck
MCheck is enabled.
On a port of switching device running RSTP is connected to a device running STP, the port
automatically transitions to the STP interoperable mode.
Enabling MCheck on the port is required because the port may fail to automatically transition
to the RSTP mode in the following situations:
If you run the stp mcheck command in the system view, the MCheck operation is performed on all the
interfaces.
Step 6 Run:
stp transmit-limit packet-number
By default, the maximum number of BPDUs that a port sends per second is 147.
NOTE
If the maximum number of BPDUs sent per second needs to be configured for all interfaces of the device,
run the stp transmit-limit (system view) command in the global view.
If a device port is connected to a terminal, you can run this command to configure the port as
an edge port.
If the current port has been configured as an edge port, the port can still send BPDUs. This may
cause BPDUs to be sent to other networks, leading to network flapping. To prevent this problem,
run the stp bpdu-filter enable command to configure the edge port as a BPDU filter port and
disable the port from processing or sending BPDUs.
NOTE
After the stp bpdu-filter enable command is run on a port, the port no longer processes or sends BPDUs.
The port will not negotiate with the directly-connected port to establish an STP connection.
Step 8 Run:
quit
----End
Follow-up Procedure
When the topology of a spanning tree changes, the forwarding paths to associated VLANs are
changed. The ARP entries corresponding to those VLANs on the switching device need to be
updated. STP/RSTP processes ARP entries in either fast or normal mode.
The remaining lifetime of ARP entries to be updated is set to 0. The switching device rapidly
processes these aged entries. If the number of ARP aging probe attempts is not set to 0,
ARP implements aging probe for these ARP entries.
In either fast or normal mode, MAC entries are directly deleted.
You can run the stp converge { fast | normal } command in the system view to configure the
STP/RSTP convergence mode.
NOTE
The normal mode is recommended. If the fast mode is adopted, ARP entries will be frequently deleted,
causing the CPU usage on the MPU or LPU to reach 100%. As a result, network flapping will frequently
occur.
Prerequisites
The parameters that affect topology convergence have been configured.
Procedure
l Run the display stp [ interface interface-type interface-number ] [ brief ] command to
view spanning-tree status and statistics.
----End
Example
Run the display stp command to view the values of the Hello timer, Max Age timer, Forward
Delay timer, maximum number of sent BPDUs within each Hello time interval, and whether a
port is connected to a P2P link.
<HUAWEI> display stp interface gigabitethernet 1/0/1
----[Port1(GigabitEthernet1/0/1)][FORWARDING]----
Port Protocol :enabled
Port Role :Root Port
Port Priority :128
Port Cost(Legacy) :Config=auto / Active=20
Desg. Bridge/Port :0.00e0-e70a-4d00 / 128.5
Port Edged :Config=default / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :6 packets/s
Protection Type :None
Port Stp Mode :RSTP
Port Protocol Type :Config=auto / Active=dot1s
BPDU Encapsulation :Config=stp / Active=stp
PortTimes :Hello 2s MaxAge 14s FwDly 10s RemHop 0
TC or TCN send :1
TC or TCN received :0
BPDU Sent :4
TCN: 0, Config: 0, RST: 4, MST: 0
BPDU Received :22
TCN: 0, Config: 0, RST: 22, MST: 0
Applicable Environment
RSTP provides the protection functions listed in Table 6-7.
BPDU An edge port changes into a After BPDU protection is enabled, the
protection non-edge port after switching device shuts down the edge port if
receiving a BPDU, which the edge port receives an RST BPDU. Then
triggers spanning tree the device notifies the NMS of the shutdown
recalculation. If an attacker event. The attributes of the edge port are not
keeps sending pseudo changed.
BPDUs to a switching
device, network flapping
occurs.
Loop A root port or an alternate After loop protection is configured, if the root
protection port will age if link port or alternate port does not receive RST
congestion or a one-way link BPDUs from the upstream switching device
failure occurs. After the root for a long time, the switching device notifies
port ages, a switching device the NMS that the port enters the Discarding
may re-select a root port state. The blocked port remains in the
incorrectly. After the Blocked state and no longer forwards packets.
alternate port ages, the port This function helps prevent loops on the
enters the Forwarding state. network. The root port transitions to the
Loops may occur in such a Forwarding state after receiving new BPDUs.
situation.
Pre-configuration Tasks
Before configuring basic RSTP functions, complete the following task:
l Configure basic RSTP functions.
NOTE
Configure an edge port on the switching device before configuring BPDU protection.
Data Preparation
To configure basic RSTP functions, you need the following data.
No. Data
Context
Edge ports are directly connected to user terminal and will not receive BPDUs. Attackers may
send pseudo BPDUs to attack the switching device. If the edge ports receive the BPDUs, the
switching device configures the edge ports as non-edge ports and triggers a new spanning tree
calculation. Network flapping then occurs. BPDU protection can be used to protect switching
devices against malicious attacks.
Perform the following steps on a switching device that has an edge port.
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp bpdu-protection
----End
Context
Attackers may send pseudo TC BPDUs to attack switching devices. Switching devices receive
a large number of TC BPDUs in a short time and delete entries frequently, which burdens system
processing and degrades network stability.
TC protection is used to suppress TC BPDUs. You can configure the number of times a switching
device processes TC BPDUs within a given time period. If the number of TC BPDUs that the
switching device receives within a given time exceeds the specified threshold, the switching
device processes only the specified number of TC BPDUs. After the specified time period
expires, the device processes the excess TC BPDUs for once. This function prevents the
switching device from frequently deleting MAC entries and ARP entries, saving CPU resources.
Procedure
Step 1 Run:
system-view
Step 2 Run either or both of the following commands to configure TC protection parameters.
l To set the time for a device to process the maximum number of TC BPDUs, run the stp tc-
protection interval interval-value command.
l To set the maximum number of TC BPDUs that a device processes within a specified period,
run the stp tc-protection threshold threshold command.
NOTE
l There are two TC protection parameters: time needed to process the maximum number of TC BPDUs
and the maximum number of TC BPDUs processed within a specified period. For example, if the time
is set to 10 seconds and the maximum number is set to 5, when a device receives TC BPDUs, the device
processes only the first 5 TC BPDUs within 10 seconds and processes the other TC BPDUs after the
time expires.
l The device processes only the maximum number of TC BPDUs specified in the stp tc-protection
threshold command within the time specified in the stp tc-protection interval command. The
processing of other TC BPDUs is delayed, which may slow down spanning tree convergence.
Step 3 Run:
stp tc-protection
----End
Context
Due to incorrect configurations or malicious attacks on the network, a root bridge may receive
BPDUs with a higher priority. Consequently, the legitimate root bridge is no longer able to serve
as the root bridge and the network topology is changed, triggering spanning tree recalculation.
This also may cause the traffic that should be transmitted over high-speed links to be transmitted
over low-speed links, leading to network congestion. The root protection function on a switching
device is used to protect the root bridge by preserving the role of the designated port.
NOTE
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
NOTE
If the interface itself is a Layer 2 interface, this step can be skipped. Run the display this command in the
interface view. If "portswitch" is displayed in the command output, the interface is a Layer 2 interface.
Step 4 Run:
stp root-protection
----End
Context
On a network running RSTP, a switching device maintains the root port status and status of
blocked ports by receiving BPDUs from an upstream switching device. If the switching device
cannot receive BPDUs from the upstream device because of link congestion or unidirectional-
link failure, the switching device re-selects a root port. The original root port becomes a
designated port and the original blocked ports change to the Forwarding state. This switching
may cause network loops, which can be mitigated by configuring loop protection.
After loop protection is configured, if the root port or alternate port does not receive BPDUs
from the upstream switching device, the root port is blocked and the switching device notifies
the NMS that the port enters the Discarding state. The blocked port remains in the Blocked state
and no longer forwards packets. This function helps prevent loops on the network. The root port
transitions to the Forwarding state after receiving new BPDUs.
NOTE
An alternate port is a backup port for a root port. If a switching device has an alternate port, you need to
configure loop protection on both the root port and the alternate port.
Perform the following steps to configure loop protection on the root port and alternate port of a
switching device.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
NOTE
If the interface itself is a Layer 2 interface, this step can be skipped. Run the display this command in the
interface view. If "portswitch" is displayed in the command output, the interface is a Layer 2 interface.
Step 4 Run:
stp loop-protection
Loop protection for the root port or the alternate port is configured on the switching device.
----End
Prerequisites
RSTP protection functions have been configured.
Procedure
l Run the display stp [ interface interface-type interface-number ] [ brief ] command to
view the status of a spanning tree, including the status of protection functions on a switching
device.
----End
Example
Run the display stp command to view the status of BPDU protection on a switching device, and
the status of root protection on a specified port. For example:
<HUAWEI> display stp
-------[CIST Global Info][Mode RSTP]-------
CIST Bridge :32768.00e0-4e1f-b200
Config Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
Active Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :0 .00e0-e70a-4d00 / 20
CIST RegRoot/IRPC :32768.00e0-4e1f-b200 / 0
CIST RootPortId :128.1
BPDU-Protection :enabled
TC or TCN received :0
TC count per hello :0
STP Converge Mode :Normal
Time since last TC :0 days 0h:26m:16s
Number of TC :2
Last TC occurred :GigabitEthernet1/0/2
----[Port1(GigabitEthernet1/0/1)][FORWARDING]----
Port Protocol :enabled
Port Role :Designated Port
Applicable Environment
On a network running STP/RSTP, inconsistent protocol packet formats and BPDU keys may
lead to a communication failure. Configuring proper STP/RSTP parameters on Huawei devices
ensures interoperability between Huawei devices and non-Huawei devices.
Pre-configuration Tasks
Before configuring STP/RSTP interoperability between Huawei devices and non-Huawei
devices, configure basic STP/RSTP functions.
Data Preparation
To configure STP/RSTP interoperability between Huawei devices and non-Huawei devices, you
need the following data.
No. Data
1 BPDU format
Context
The rapid transition mechanism is also called the Proposal/Agreement mechanism. Switching
devices currently support the following modes:
l Enhanced mode: The current interface counts a root port when it counts the synchronization
flag bit.
– An upstream device sends a Proposal message to a downstream device, requesting rapid
status transition. After receiving the message, the downstream device sets the port
connected to the upstream device to a root port and blocks all non-edge ports.
– The upstream device then sends an Agreement message to the downstream device. After
the downstream device receives the message, the root port transitions to the Forwarding
state.
– The downstream device responds the Proposal message with an Agreement message.
After receiving the message, the upstream device sets the port connected to the
downstream device as a designated port. The designated port then transitions to the
Forwarding state.
l Common mode: The current interface ignores the root port when it counts the
synchronization flag bit.
– An upstream device sends a Proposal message to a downstream device, requesting rapid
status transition. After receiving the message, the downstream device sets the port
connected to the upstream device to a root port and blocks all non-edge ports. The root
port then transitions to the Forwarding state.
– The downstream device responds the Proposal message with an Agreement message.
After receiving the message, the upstream device sets the port connected to the
downstream device as a designated port. The designated port then transitions to the
Forwarding state.
When Huawei datacom devices are interworking with non-Huawei devices, select either mode
depending on the Proposal/Agreement mechanisms on non-Huawei devices.
Procedure
Step 1 Run:
system-view
NOTE
If the interface itself is a Layer 2 interface, this step can be skipped. Run the display this command in the
interface view. If "portswitch" is displayed in the command output, the interface is a Layer 2 interface.
Step 4 Run:
stp no-agreement-check
----End
Step 5 Run:
hvrp-transport
NOTE
The command is supported only in the multi-instance scenario rather than the multi-process scenario.
----End
Prerequisites
Parameters have been configured to ensure MSTP interoperability between Huawei devices and
non-Huawei devices.
Procedure
l Run the display stp [ interface interface-type interface-number ] [ brief ] command to
view spanning-tree status.
----End
Example
Run the display stp command to view the working mode of the spanning tree and the BPDU
format. For example:
<HUAWEI> display stp interface gigabitethernet 1/0/1
----[Port1(GigabitEthernet1/0/1)][FORWARDING]----
Port Protocol :enabled
Port Role :Root Port
Port Priority :128
Port Cost(Legacy) :Config=auto / Active=20
Desg. Bridge/Port :0.00e0-e70a-4d00 / 128.5
Port Edged :Config=default / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :147 packets/s
Protection Type :None
Port Stp Mode :RSTP
Port Protocol Type :Config=auto / Active=dot1s
BPDU Encapsulation:Config=stp / Active=stp
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
TC or TCN send :1
TC or TCN received :0
BPDU Sent :4
TCN: 0, Config: 0, RST: 4, MST: 0
BPDU Received :22
TCN: 0, Config: 0, RST: 22, MST: 0
Last forwarding time: 2012/04/23 20:06:08 UTC+00:00
Context
NOTICE
STP/RSTP statistics cannot be restored after being cleared.
Procedure
Step 1 Run the reset stp [ interface interface-type interface-number ] statistics command to clear
spanning-tree statistics.
----End
Networking Requirements
On a complex network, loops are inevitable. With the requirement for network redundancy
backup, network designers tend to deploy multiple physical links between two devices, one of
which is the master and the others are the backup. Loops are likely or bound to occur in such a
situation.
Loops will cause broadcast storms, thereby exhausting network resources and paralyzing the
network. Loops also cause flapping of MAC address tables and therefore damages MAC address
entries.
STP can be deployed on a network to eliminate loops by blocking some ports. On the network
shown in Figure 6-3, after RouterA, SwitchB, SwitchC, and RouterD running STP discover
loops on the network by exchanging information with each other, they trim the ring topology
into a loop-free tree topology by blocking a certain port. In this manner, replication and circular
propagation of packets are prevented on the network and the switching devices are released from
processing duplicated packets, thereby improving their processing performance.
Network
GE1/0/3 GE1/0/3
Root
RouterD GE1/0/1 GE1/0/1
Bridge
STP
GE1/0/3 GE1/0/3
SwitchC SwitchB
GE1/0/1 GE1/0/1
GE1/0/2 GE1/0/2
PC1 PC2
Blocked port
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic STP functions, including:
a. Configure the STP mode for the ring network.
b. Configure primary and secondary root bridges.
c. Set path costs for ports to block certain ports.
d. Enable STP to eliminate loops, including:
l Enable STP globally.
l Enable STP on all the interfaces except the interfaces connected to terminals.
NOTE
STP is not required on the interfaces connected to terminals because these interfaces do not
need to participate in STP calculation.
By default, STP is enabled on a Layer 2 interface but not enabled on a Layer 3 interface.
Data Preparation
To complete the configuration, you need the following data.
l GE interface number, as shown in Figure 6-3
l Primary root bridge RouterA and secondary root bridge RouterD
l Path cost of a port to be blocked (20000 is used in this example)
Procedure
Step 1 Configure basic STP functions.
1. Configure the STP mode for the devices on the ring network.
# Configure the STP mode on RouterA.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] stp mode stp
3. Set path costs for ports in each spanning tree to block certain ports.
NOTE
l The values of path costs depend on path cost calculation methods. Use the Huawei proprietary
calculation method as an example to set the path costs of the ports to be blocked to 20000.
l All switching devices on a network must use the same path cost calculation method.
# On RouterA, configure the path cost calculation method as the Huawei proprietary
method.
[RouterA] stp pathcost-standard legacy
# On RouterB, configure the path cost calculation method as the Huawei proprietary
method.
[RouterB] stp pathcost-standard legacy
# On SwitchC, configure the path cost calculation method as the Huawei proprietary method
and set the path cost of GE 1/0/1 to 20000.
[SwitchC] stp pathcost-standard legacy
[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] stp cost 20000
[SwitchC-GigabitEthernet1/0/1] quit
# On SwitchD, configure the path cost calculation method as the Huawei proprietary
method.
[SwitchD] stp pathcost-standard legacy
l Enable STP on all the interfaces except the interfaces connected to terminals.
# Enable STP on GE 1/0/1 and GE 1/0/2 on RouterA.
[RouterA] interface gigabitethernet 1/0/1
[RouterA-GigabitEthernet1/0/1] undo shutdown
[RouterA-GigabitEthernet1/0/1] portswitch
[RouterA-GigabitEthernet1/0/1] stp enable
[RouterA-GigabitEthernet1/0/1] quit
[RouterA] interface gigabitethernet 1/0/2
[RouterA-GigabitEthernet1/0/2] undo shutdown
[RouterA-GigabitEthernet1/0/2] portswitch
[RouterA-GigabitEthernet1/0/2] stp enable
[RouterA-GigabitEthernet1/0/2] quit
After RouterA is configured as a root bridge, GE 1/0/2 and GE 1/0/1 connected to SwitchB and
RouterD respectively are elected as designated ports in spanning tree calculation.
# Run the display stp interface gigabitethernet 1/0/1 brief command on SwitchB to view status
of GE 1/0/1. The displayed information is as follows:
[SwitchB] display stp interface gigabitethernet 1/0/1 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/1 DESI FORWARDING NONE
GE 1/0/1 is elected as a designated port in spanning tree calculation and is in the Forwarding
state.
# Run the display stp interface gigabitethernet 1/0/3 brief command on SwitchC to view status
of GE 1/0/3. The displayed information is as follows:
[SwitchC] display stp interface gigabitethernet 1/0/3 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/3 ROOT FORWARDING NONE
GE 1/0/3 is elected as a designated port in spanning tree calculation and is in the Forwarding
state.
# Run the display stp command on RouterD to view the interface status and protection type.
The displayed information is as follows:
[RouterD] display stp
-------[CIST Global Info][Mode STP]-------
CIST Bridge :4096 .00e0-2c09-9200
Config Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
Active Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :0 .00e0-0543-6a00 / 20000
CIST RegRoot/IRPC :4096 .00e0-2c09-9200 / 0
CIST RootPortId :128.1
BPDU-Protection :disabled
----End
Configuration Files
l Configuration file of RouterA
#
sysname
RouterA
#
stp mode
stp
stp instance 0 root
primary
stp pathcost-standard
legacy
stp
enable
#
interface
GigabitEthernet1/0/1
portswitch
undo shutdown
#
interface
GigabitEthernet1/0/2
portswitch
undo shutdown
#
return
Networking Requirements
On a complex network, loops are inevitable. With the requirement for network redundancy
backup, network designers tend to deploy multiple physical links between two devices, one of
which is the master and the others are the backup. Loops are likely or bound to occur in such a
situation.
Loops will cause broadcast storms, thereby exhausting network resources and paralyzing the
network. Loops also cause flapping of MAC address tables and therefore damages MAC address
entries.
RSTP can be deployed on a network to eliminate loops by blocking some ports, and it is
developed to implement the rapid convergence based on STP but outperforms STP. On the
network shown in Figure 6-4, after RouterA, SwitchB, SwitchC, and RouterD running RSTP
discover loops on the network by exchanging information with each other, they trim the ring
topology into a loop-free tree topology by blocking a certain port. In this manner, replication
and circular propagation of packets are prevented on the network and the switching devices are
released from processing duplicated packets, thereby improving their processing performance.
Network
GE1/0/3 GE1/0/3
Root
GE1/0/1 GE1/0/1
Bridge
RSTP
GE1/0/3 GE1/0/3
SwitchC SwitchB
GE1/0/1 GE1/0/1
GE1/0/2 GE1/0/2
PC1 PC2
Blocked port
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic RSTP functions, including:
a. Configure the RSTP mode for the ring network.
b. Configure primary and secondary root bridges.
c. Set path costs for ports in each MSTI to block certain ports.
d. Enable RSTP to eliminate loops, including:
l Enable RSTP globally.
l Enable RSTP on all the interfaces except the interfaces connected to terminals.
NOTE
RSTP is not required on the interfaces connected to terminals because these interfaces do not
need to participate in RSTP calculation.
By default, RSTP is enabled on a Layer 2 interface but not enabled on a Layer 3 interface.
2. Configure RSTP protection functions, for example, root protection on a designated port of
a root bridge in each MSTI.
Data Preparation
To complete the configuration, you need the following data.
l GE interface number, as shown in Figure 6-4
l Primary root bridge RouterA and secondary root bridge RouterD
l Path cost of a port to be blocked (20000 is used in this example)
Procedure
Step 1 Configure basic RSTP functions.
1. Configure the RSTP mode for the devices on the ring network.
# Configure the RSTP mode on RouterA.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] stp mode rstp
3. Set path costs for ports in each spanning tree to block certain ports.
NOTE
l The values of path costs depend on path cost calculation methods. Use the Huawei proprietary
calculation method as an example to set the path costs of the ports to be blocked to 20000.
l All switching devices on a network must use the same path cost calculation method.
# On RouterA, configure the path cost calculation method as the Huawei proprietary
method.
[RouterA] stp pathcost-standard legacy
# On RouterB, configure the path cost calculation method as the Huawei proprietary
method.
[RouterB] stp pathcost-standard legacy
# On SwitchC, configure the path cost calculation method as the Huawei proprietary method
and set the path cost of GE 1/0/1 to 20000.
[SwitchC] stp pathcost-standard legacy
[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] stp cost 20000
[SwitchC-GigabitEthernet1/0/1] quit
# On SwitchD, configure the path cost calculation method as the Huawei proprietary
method.
[SwitchD] stp pathcost-standard legacy
l Enable RSTP on all the interfaces except the interfaces connected to terminals.
# Enable RSTP on GE 1/0/1 and GE 1/0/2 on RouterA.
[RouterA] interface gigabitethernet 1/0/1
[RouterA-GigabitEthernet1/0/1] undo shutdown
[RouterA-GigabitEthernet1/0/1] portswitch
[RouterA-GigabitEthernet1/0/1] stp enable
[RouterA-GigabitEthernet1/0/1] quit
[RouterA] interface gigabitethernet 1/0/2
[RouterA-GigabitEthernet1/0/2] undo shutdown
[RouterA-GigabitEthernet1/0/2] portswitch
[RouterA-GigabitEthernet1/0/2] stp enable
[RouterA-GigabitEthernet1/0/2] quit
Step 2 Configure RSTP protection functions, for example, root protection on a designated port of a root
bridge in each MSTI.
# Enable root protection on GE 1/0/1 on RouterA.
[RouterA] interface gigabitethernet 1/0/1
[RouterA-GigabitEthernet1/0/1] stp root-protection
[RouterA-GigabitEthernet1/0/1] quit
After RouterA is configured as a root bridge, GE 1/0/2 and GE 1/0/1 connected to SwitchB and
RouterD respectively are elected as designated ports in spanning tree calculation. The root
protection function is enabled on the designated ports.
# Run the display stp interface gigabitethernet 1/0/1 brief command on SwitchB to view status
of GE 1/0/1. The displayed information is as follows:
[SwitchB] display stp interface gigabitethernet 1/0/1 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/1 DESI FORWARDING NONE
GE 1/0/1 is elected as a designated port in spanning tree calculation and is in the Forwarding
state.
# Run the display stp interface gigabitethernet 1/0/3 brief command on SwitchC to view status
of GE 1/0/3. The displayed information is as follows:
[SwitchC] display stp interface gigabitethernet 1/0/3 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/3 ROOT FORWARDING NONE
GE 1/0/3 is elected as a designated port in spanning tree calculation and is in the Forwarding
state.
# Run the display stp command on RouterD to view the interface status and protection type.
The displayed information is as follows:
[RouterD] display stp
-------[CIST Global Info][Mode RSTP]-------
CIST Bridge :4096 .00e0-2c09-9200
Config Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
Active Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :0 .00e0-0543-6a00 / 20000
CIST RegRoot/IRPC :4096 .00e0-2c09-9200 / 0
CIST RootPortId :128.1
BPDU-Protection :disabled
CIST Root Type :SECONDARY root
TC or TCN received :4
TC count per hello :0
STP Converge Mode :Normal
Share region-configuration :enabled
Time since last TC :0 days 0h:5m:44s
Number of TC :2
Last TC occurred :GigabitEthernet1/0/2
----[Port1(GigabitEthernet1/0/1)][FORWARDING]----
Port Protocol :enabled
Port Role :Root Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=20000
Desg. Bridge/Port :0.00e0-0543-6a00 / 128.1
Port Edged :Config=default / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :147 packets/s
Protection Type :None
Port Stp Mode :RSTP
Port Protocol Type :Config=auto / Active=dot1s
BPDU Encapsulation :Config=stp / Active=stp
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
TC or TCN send :4
TC or TCN received :2
BPDU Sent :5
TCN: 0, Config: 0, RST: 5, MST: 0
BPDU Received :177
TCN: 0, Config: 0, RST: 177, MST: 0
Last forwarding time: 2012/04/23 20:06:08 UTC+00:00
----[Port2(GigabitEthernet1/0/2)][FORWARDING]----
Port Protocol :enabled
Port Role :Designated Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=20000
Desg. Bridge/Port :4096.00e0-2c09-9200 / 128.2
Port Edged :Config=default / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :147 packets/s
Protection Type :None
Port Stp Mode :RSTP
Port Protocol Type :Config=auto / Active=dot1s
BPDU Encapsulation :Config=stp / Active=stp
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send :2
TC or TCN received :2
BPDU Sent :165
TCN: 0, Config: 0, RST: 165, MST: 0
BPDU Received :2
TCN: 0, Config: 0, RST: 2, MST: 0
Last forwarding time: 2012/04/23 20:06:08 UTC+00:00
----End
Configuration Files
l Configuration file of RouterA
#
sysname
RouterA
#
stp mode
rstp
stp instance 0 root
primary
stp pathcost-standard
legacy
stp
enable
#
interface
GigabitEthernet1/0/1
portswitch
undo shutdown
stp root-
protection
#
interface
GigabitEthernet1/0/2
portswitch
undo shutdown
stp root-
protection
#
return
#
interface
GigabitEthernet1/0/1
stp instance 0 cost
20000
#
interface
GigabitEthernet1/0/2
stp
disable
#
interface
GigabitEthernet1/0/3
#
return
#
7 MSTP Configuration
The Multiple Spanning Tree Protocol (MSTP) trims a ring network into a loop-free tree network.
It prevents replication and circular propagation of packets, provides multiple redundant paths
for Virtual LAN (VLAN) data traffic, and enables load balancing.
This section describes the networking requirements, configuration roadmap, data preparation,
and procedures for some typical application scenarios for MSTP, and also provides the related
configuration files.
Background
STP and RSTP are used in a LAN to prevent loops. Devices can run STP to discover loops on
the network by exchanging information with each other, and trim the ring topology into a loop-
free tree topology by blocking an interface. These capabilities help prevent replication and
circular propagation of packets on the network which in turn helps avoid degradation of
switching device performance.
STP and RSTP share a similar limitation: All VLANs on a LAN use one spanning tree, which
means that inter-VLAN load balancing cannot be performed. A link will no longer transmit
traffic once it is blocked, which wastes bandwidth and causes forwarding failures in some
VLANs.
To address the deficiencies in STP and RSTP, the IEEE released the 802.1s standard in 2002,
which defines MSTP. MSTP is compatible with STP and RSTP. It implements rapid
convergence and provides multiple paths to load balance VLAN traffic.
Table 7-1 compares STP, RSTP, and MSTP in terms of the characteristics of each protocol and
their applicable environments.
Introduction
Network designers tend to deploy multiple physical links between two devices (one link is the
master and the others are backups) to fulfill network redundancy requirements. Loops are bound
to occur on such types of complex networks.
Loops will cause broadcast storms, thereby exhausting network resources and paralyzing the
network. Loops also cause MAC address flapping that damages MAC address entries.
MSTP, compatible with STP and RSTP, uses multiple instances to isolate service traffic and
provides multiple paths to load balance VLAN traffic.
If MSTP is deployed on a LAN, The Multiple Spanning Tree Instances (MSTIs) are generated,
as shown in Figure 7-1.
Host C Host A
(VLAN3) VLAN3 VLAN2 (VLAN2)
SwitchB SwitchE
VLAN2
VLAN2
Host B Host D
VLAN3
(VLAN2) (VLAN3)
VLAN3
VLAN2 VLAN3
SwitchC SwitchF
l MSTI 1 uses SwitchD as the root switching device to forward packets of VLAN 2.
l MSTI 2 uses SwitchF as the root switching device to forward packets of VLAN 3.
Devices within the same VLAN can communicate with each other and packets of different
VLANs are load-balanced along different paths.
AP1
D0
MSTI1
Master Bridge
root switch:S3
S1
MSTI2
root switch:S2
MSTI0 (IST)
S2 S3 root switch:S1
VLAN1 MSTI1
VLAN2,VLAN3 MSTI2
S4 other VLANs MSTI0
MST Region
VLAN VLA
N10
10&20&30 &20
VLAN 20&30
VLAN
20 30
VLAN VLAN VLAN
10&30 10&30
VLAN 10
Root
Root
MSTI links
MSTI links blocked by the protocol
MSTIs are independent of each other. An MSTI can correspond to one or more VLANs,
but a VLAN can be mapped to only one MSTI.
l CIST root
On the network shown in Figure 7-4, the CIST root is the root bridge of a CIST. The CIST
root is a device in A0.
A0
CIST Root
D0 Region Root B0
Region Root
C0
Region Root
IST
CST
l CST
A Common Spanning Tree (CST) connects all the MST regions on a switching network.
Each MST region can be considered a node. A CST is calculated by using STP or RSTP
based on all the nodes.
As shown in Figure 7-4, the MST regions are connected to form a CST.
l IST
An IST resides within an MST region.
An IST is a special MSTI with an MSTI ID of 0, called MSTI 0.
An IST is a segment of the CIST in an MST region.
As shown in Figure 7-4, the switching devices in an MST region are connected to form an
IST.
l CIST
A CIST, calculated by using STP or RSTP, connects all the switching devices on a switching
network.
As shown in Figure 7-4, the ISTs and the CST form a complete spanning tree (CIST).
l SST
A Single Spanning Tree (SST) is formed in either of the following situations:
– A switching device running STP or RSTP belongs to only one spanning tree.
– An MST region has only one switching device.
As shown in Figure 7-4, the switching device in B0 is an SST.
l Port roles
Compared with RSTP which defined root ports, designated ports, alternate ports, backup
ports, and edge ports, MSTP has two additional port types: master ports and regional edge
ports.
Table 7-2 lists all port roles in MSTP.
NOTE
Port Description
Roles
Root port A root port is the non-root bridge port closest to the root bridge. Root bridges
do not have root ports.
Root ports are responsible for sending data to root bridges.
As shown in Figure 7-5, S1 is the root; CP1 is the root port on S3; BP1 is
the root port on S2; DP1 is the root port on S4.
Designat The designated port on a switching device forwards bridge protocol data
ed port units (BPDUs) to the downstream switching device.
As shown in Figure 7-5, AP2 and AP3 are designated ports on S1; BP2 is
a designated port on S2; CP2 is a designated port on S3.
Master A master port is on the shortest path connecting MST regions to the CIST
port root.
BPDUs of an MST region are sent to the CIST root through the master port.
Master ports are special regional edge ports, functioning as root ports on
ISTs or CISTs and master ports in instances.
As shown in Figure 7-5, S1, S2, S3, and S4 form an MST region. AP1 on
S1, being the nearest port in the region to the CIST root, is the master port.
Port Description
Roles
Regional A regional edge port is located at the edge of an MST region and connects
edge port to another MST region or an SST.
During MSTP calculation, the roles of a regional edge port in the MSTI and
the CIST instance are the same. If the regional edge port is the master port
in the CIST instance, it is the master port in all the MSTIs in the region.
As shown in Figure 7-5, AP1, DP2, and DP3 in an MST region are directly
connected to other regions, and therefore they are all regional edge ports of
the MST region.
As shown in Figure 7-5, AP1 is a regional edge port and also a master port
in the CIST. Therefore, AP1 is the master port in every MSTI in the MST
region.
Edge An edge port is located at the edge of an MST region and does not connect
port to any switching device.
Generally, edge ports are directly connected to terminals.
As shown in Figure 7-5, BP3 is an edge port.
AP1 AP4
MST Region
Root port
AP2 AP3
S1 Designated port
Alternate
Root Bridge
port
CP1 BP1 Backup port
S3 S2 Regional edge port
BP2 Master port
CP2 CP3 BP3
Edge port
S4
DP1 DP4 PC
DP2 DP3
l Port status
Table 7-3 lists the MSTP port status, which is the same as the RSTP port status.
Port Description
Status
Forwardi A port in the Forwarding state can send and receive BPDUs as well as
ng forward user traffic.
Learning This is a transition state. A port in the Learning state learns MAC addresses
from user traffic to construct a MAC address table.
In the Learning state, the port can send and receive BPDUs, but cannot
forward user traffic.
The port status is not determined by the port role. Table 7-4 lists the port status supported
by each port role.
MSTP is used to block redundant links on the Layer 2 network and trim a network into a loop-
free tree. In MSTP, multiple MSTIs can be created and VLANs are mapped into different
instances to load-balance VLAN traffic. The basic configuration roadmap for MSTP is as
follows:
1. In a ring network, divide regions and create different instances for regions.
2. Select a switching device to function as the root bridge for each instance.
3. In each instance, calculate the shortest paths from the other switching devices to the root
bridge, and select a root port for each non-root switching device.
4. In each instance, select a designated port for each connection based on port IDs.
Some networks may have master ports and backup ports. For details about master ports and
backup ports, see 7.1.1 MSTP Introduction.
MSTP also supports the following features to meet the requirements of special applications and
extended functions:
l Proposal/Agreement mechanism to implement rapid convergence.
l Protection functions listed in Table 7-5.
l MSTP multi-process in the scenario where MSTP and STP/RSTP are used together. MSTP
multi-process implements independent spanning tree calculation for every access rings.
l MSTP interoperability between Huawei devices and non-Huawei devices. Certain
parameters must be set on Huawei devices to ensure uninterrupted communication.
l Enhanced STP (E-STP). A Pseudo Wire (PW), which is considered as an interface,
participates in MSTP calculation for updating the network topology to eliminate loops. E-
STP prevents loops and duplicate traffic on an inter-AS VPLS network or in the scenario
where a CE is dual-homed to two PEs. With MSTP multi-instance and multi-process
features, load balancing of VLAN traffic can be implemented. For details, see 7.8
Configuration Examples.
BPDU An edge port changes into a After BPDU protection is enabled, the
protection non-edge port after switching device shuts down the edge port if
receiving a BPDU, which the edge port receives an RST BPDU. Then
triggers spanning tree the device notifies the NMS of the shutdown
recalculation. If an attacker event. The attributes of the edge port are not
keeps sending pseudo changed.
BPDUs to a switching
device, network flapping
occurs.
Loop A root port or an alternate The loop protection function can be used to
protection port will age if link prevent such network loops. If the root port
congestion or a one-way link or alternate port cannot receive RST BPDUs
failure occurs. After the root from the upstream switching device, the root
port ages, a switching device port is blocked and the switching device
may re-select a root port notifies the NMS that the port enters the
incorrectly and after the Discarding state. The blocked port remains in
alternate port ages, the port the Blocked state and no longer forwards
enters the Forwarding state. packets. This function helps prevent loops on
Loops may occur in such a the network. The root port transitions to the
situation. Forwarding state after receiving new BPDUs.
MSTP Multi-process
l Background
As shown in Figure 7-6, RouterA, RouterB, and RouterC are connected through Layer 2
links, and are all enabled with MSTP. The CEs on the rings support only STP/RSTP.
Multiple access rings exist and these rings access the MST region by using different
interfaces on RouterA and RouterB.
RouterC
VPLS
PE2
PE1 RouterB
RouterA
CE CE
CE
CE
Instance1:VLAN1~100 Instance3:VLAN1~100
Process 1 Process 3
CE CE
Instance2:VLAN101~200
Process 2
On the network shown in Figure 7-6, multiple Layer 2 rings, Ring 1, Ring 2, and Ring 3
exists. STP must be enabled on these rings to prevent loops. RouterA and RouterB are
connected to multiple access rings and these rings are isolated from each other and do not
need intercommunication. STP then will not calculate out one spanning tree for all these
access rings. Instead, STP on each access ring calculates the trees independently.
MSTP supports multiple spanning tree instances (MSTIs) only when all devices support
MSTP and the devices are configured with the same MST region. In the networking, the
CEs connected to switching devices, however, support only STP/RSTP. According to
MSTP, switching devices consider that they are in different regions with CEs after receiving
STP/RSTP messages sent from the CEs. Therefore, only one spanning tree is calculated
for the ring formed by switching devices and CEs and the access rings are not independent
of each other.
In this case, MSTP multi-process can be used. Multiple MSTP processes can be configured
on RouterA and RouterB. Each MSTP process has the same function and supports MSTIs.
Each MSTP process corresponds to one access ring.
After MSTP multi-process is enabled, each MSTP process can manage some interfaces on
a device. That is, Layer 2 interfaces on the device are divided and managed by multiple
MSTP processes. Each MSTP process runs the standard MSTP.
NOTE
CEs that support MSTP can also be configured with MSTP multi-process.
After a device properly starts, there is a default MSTP process with the ID 0. MSTP configurations
in the system view and interface view both belong to this process.
l Share link
As shown in Figure 7-6, the link between RouterA and RouterB is a Layer 2 link running
MSTP. The share link between RouterA and RouterB is different from the links connecting
switching devices to CEs. The ports on the share link need to participate in the calculation
for multiple access rings and MSTP processes. This allows RouterA and RouterB to identify
from which MST BPDUs are sent.
In addition, a port on the share link participates in the calculation for multiple MSTP
processes, and obtains different status. As a result, the port cannot determine its status.
To prevent this situation, it is defined that a port on a share link always adopts its status in
MSTP process 0 when participating in the calculation for multiple MSTP processes.
E-STP
E-STP abstracts a PW(Pseudo Wire) as an interface, participates in MSTP calculation for
updating the network topology to eliminate loops. E-STP prevents loops and duplicate traffic
on an inter-AS VPLS network or in the scenario where a CE is dual-homed to two PEs. In
addition, MSTP multi-instance and multi-process features are used to implement load balancing.
For detailed description, see the chapter "MSTP" in HUAWEI NetEngine80E/40E Router
Feature Description - LAN Access and MAN Access.
Context
MSTP is commonly configured on switching devices to trim a ring network to a loop-free
network. Devices start spanning tree calculation after the working mode is set and MSTP is
enabled. Use any of the following methods if you need to intervene in the spanning tree
calculation:
l Set a priority for a switching device in an MSTI: The lower the numerical value, the higher
the priority of the switching device and the more likely the switching device becomes a
root bridge; the higher the numerical value, the lower the priority of the switching device
and the less likely that the switching device becomes a root bridge.
l Set a path cost for a port in an MSTI: With the same calculation method, the lower the
numerical value, the smaller the cost of the path from the port to the root bridge and the
more likely the port becomes a root port; the higher the numerical value, the larger the cost
of the path from the port to the root bridge and the less likely that the port becomes a root
port.
l Set a priority for a port in an MSTI: The lower the numerical value, the more likely the port
becomes a designated port; the higher the numerical value, the less likely that the port
becomes a designated port.
Applicable Environment
Network designers tend to deploy multiple physical links between two devices (one link is the
master and the others are backups) to fulfill network redundancy requirements. Loops are bound
to occur on such types of complex networks.
Loops will cause broadcast storms, thereby exhausting network resources and paralyzing the
network. Loops also cause MAC address flapping that damages MAC address entries.
MSTP can be deployed on a network to eliminate loops. If a loop is detected, MSTP blocks one
or more ports to eliminate the loop. In addition, the Multiple Spanning Tree Instances (MSTIs)
can be configured to load balance VLAN traffic.
As shown in Figure 7-7, RouterA, RouterB, Switch C, and Switch D all support MSTP. In this
scenario, you need to create MSTI 1 and MSTI 2, configure a root bridge for each MSTI, and
set the ports to be blocked to load balance traffic of VLANs 1 to 10 and VLANs 11 to 20 among
different paths.
Network
MST Region
RouterA RouterB
SwitchC SwitchD
PC1 PC2
VLAN1~10 MSTI1
VLAN11~20 MSTI2
MSTI1:
Root Bridge:RouterA
Blocked port
MSTI2:
Root Bridge:RouterB
Blocked port
NOTE
Pre-configuration Tasks
Before configuring basic MSTP functions, complete the following task:
l Connect interfaces and setting physical parameters for the interfaces to ensure that the
interfaces are physically Up.
Data Preparation
To configure basic MSTP functions, you need the following data.
No. Data
3 (Optional) ID of an MSTI
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp mode mstp
The working mode of the switching device is set to MSTP. By default, the working mode is
MSTP.
STP and MSTP cannot recognize packets of each other. If an MSTP-enabled local interface is
connected to an STP-enabled interface, the MSTP working mode of the local interface
automatically changes to the STP working mode. This enables devices running STP and MSTP
to communicate with each other.
RSTP and MSTP can recognize packets of each other. If an MSTP-enabled local interface is
connected to an RSTP-enabled interface, the local interface remains to work in MSTP mode.
----End
Context
An MST region contains multiple switching devices and network segments. These switching
devices are directly connected and have the same region name, same VLAN-to-instance
mapping, and the same configuration revision number after MSTP is enabled. One switching
network can have multiple MST regions. You can use MSTP commands to group multiple
switching devices into one MST region.
NOTICE
Two switching devices belong to the same MST region when they have the same:
l Name of the MST region
l Mapping between VLANs and Multiple Spanning Tree Instances (MSTIs)
l Revision level of the MST region
Perform the following steps on a switching device that needs to join an MST region.
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp region-configuration
Step 3 Run:
region-name name
By default, the MST region name is the MAC address of the management network interface on
the MPU of the switching device.
NOTE
l The VLAN-to-instance mappings generated using the vlan-mapping modulo modulo commands
cannot meet network requirements. It is recommended that you run the instance instance-id vlan
{ vlan-id1 [ to vlan-id2 ] }&<1-10> command to configure VLAN-to-instance mappings.
l The vlan-mapping modulo specifies the formula (VLAN ID-1)%modulo+1. In the formula, (VLAN
ID-1)%modulo means the remainder of (VLAN ID-1) divided by the value of modulo. This formula
is used to map a VLAN to the corresponding MSTI. The calculation result of the formula is the ID of
the mapping MSTI.
If the revision number of the MST region is not 0, this step is necessary.
NOTE
Changing MST region configurations (especially change of the VLAN mapping table) triggers spanning
tree recalculation and causes route flapping. Therefore, after configuring an MST region name, VLAN-to-
instance mappings, and an MSTP revision number, run the check region-configuration command in the
MST region view to verify the configuration. After confirming the region configurations, run the active
region-configuration command to activate MST region configurations.
Step 6 Run:
active region-configuration
MST region configurations are activated so that the configured region name, VLAN-to-instance
mappings, and revision number can take effect.
If this step is not done, the preceding configurations cannot take effect.
If you have changed MST region configurations on the switching device after MSTP starts, run
the active region-configuration command to activate the MST region so that the changed
configurations can take effect.
----End
Context
In an MSTI, there is only one root bridge, which is the logic center of the MSTI. During root
bridge selection, a high-performance switching device at a high network layer should be selected
as the root bridge; however, the priority of such a device may not be the highest on the network.
It is therefore necessary to set a high priority for the switching device to ensure that the device
functions as a root bridge.
Low-performance devices at lower network layers are not fit to serve as a root bridge. Therefore,
set low priorities for these devices.
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp [ instance instance-id ] priority priority
If the instance is not designated, a priority is set for the switching device in MSTI0.
NOTE
l To configure a switching device as the primary root bridge, run the stp [ instance instance-id ] root
primary command directly. The priority value of this switching device is 0.
l To configure a switching device as the secondary root bridge, run the stp [ instance instance-id ] root
secondary command. The priority value of this switching device is 4096.
In an MSTI, a switching device cannot act as the primary root bridge and secondary root bridge at the
same time.
l To change the priority of a switching device after you run the stp root primary command or the stp
[ instance instance-id ] root secondary command to configure the switching device as a primary root
bridge or a secondary root bridge, disable the root bridge function or secondary root bridge function
and then run the stp [ instance instance-id ] priority priority command to re-set a priority.
----End
Context
A path cost is port-specific and is used by MSTP to select a link.
Path costs of ports are an important basis for calculating spanning trees. If you set different path
costs for a port in different MSTIs, VLAN traffic can be transmitted along different physical
links for load balancing.
In the Huawei proprietary calculation method for example, the link rate determines the
recommended value for the path cost. The following table lists the recommended path costs for
ports with different link rates.
Table 7-6 Mappings between link rates and path cost values
10 Gbit/s 2 2 to 20 1 to 200000
If a network has loops, it is recommended that you set a relatively large path cost for ports with
low link rates. MSTP then blocks these ports.
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp pathcost-standard { dot1d-1998 | dot1t | legacy }
By default, the IEEE 802.1t standard (dot1t) is used to calculate the default path cost.
All switching devices on a network must use the same path cost calculation method.
Step 3 Run:
interface interface-type interface-number
NOTE
If the interface itself is a Layer 2 interface, this step can be skipped. Run the display this command in the
interface view. If "portswitch" is displayed in the command output, the interface is a Layer 2 interface.
Step 5 Run:
stp instance instance-id cost cost
l When the Huawei proprietary calculation method is used, cost ranges from 1 to 200000.
l When the IEEE 802.1d standard method is used, cost ranges from 1 to 65535.
l When the IEEE 802.1t standard method is used, cost ranges from 1 to 200000000.
----End
Context
During spanning tree calculation, port priorities in Multiple Spanning Tree Instances (MSTIs)
determine which ports are selected as designated ports.
To block a port in an MSTI to eliminate loops, set the port priority value to larger than the default
value. This port will be blocked during designated port selection.
Procedure
Step 1 Run:
system-view
NOTE
If the interface itself is a Layer 2 interface, this step can be skipped. Run the display this command in the
interface view. If "portswitch" is displayed in the command output, the interface is a Layer 2 interface.
Step 4 Run:
stp instance instance-id port priority priority
----End
Context
After MSTP is enabled on a ring network, it immediately calculates spanning trees on the
network. Configurations on the switching device, such as, the switching device priority and port
priority, will affect spanning tree calculation. Any change to the configurations may cause
network flapping. Therefore, to ensure rapid and stable spanning tree calculation, perform basic
configurations on the switching device and its ports and enable MSTP.
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp enable
----End
Prerequisites
Basic MSTP functions have been configured.
Procedure
l Run the display stp [ instance instance-id ][ interface { interface-type interface-
number } ] [ brief ] command to view spanning-tree status and statistics.
l Run the display stp region-configuration command to view configurations of activated
MST regions.
l Run the display stp region-configuration digest command to view the digest
configurations of activated MST regions.
----End
Example
Run the display stp command to view the spanning-tree working mode, priorities of switching
devices, path cost calculation method, and path cost of a root port. For example:
<HUAWEI> display stp instance 0 interface gigabitethernet 1/0/1
-------[CIST Global Info][ Mode MSTP ]-------
CIST Bridge :32768.00e0-fc0e-a421
Config Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
Active Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00e0-fc0e-a421 / 0
CIST RegRoot/IRPC :32768.00e0-fc0e-a421 / 0
CIST RootPortId :0.0
BPDU-Protection :disabled
TC or TCN received :8
STP Converge Mode :Normal
Time since last TC :0 days 23h:9m:30s
Number of TC :2
Last TC occurred :GigabitEthernet1/0/2
----[Port3(GigabitEthernet1/0/1)] [ FORWARDING ]----
Port Protocol :enabled
Port Role :CIST Designated Port
Port Priority :128
Run the display stp region-configuration command to view configurations of an activated MST
region, including the region name, VLAN-to-instance mapping, and revision number. For
example:
<HUAWEI> display stp region-configuration
Oper Configuration:
Format selector :0
Region name :huawei
revision number :0
Instance Vlans Mapped
0 21 to 4094
1 1 to 10
2 11 to 20
Run the display stp region-configuration digest command to view the digest configurations
of an activated MST region, including the region name, revision number and digest. For example:
<HUAWEI> display stp region-configuration digest
Oper Configuration:
Format selector :0
Region name :huawei
Revision level :0
Digest :0x5F762D9A46311EFFB7A488A3267FCA9F
Applicable Environment
On the networking with both Layer 2 single-access rings and multi-access rings deployed,
switching devices bear both Layer 2 and Layer 3 services. To enable different rings to bear
different services, deploy MSTP multi-process. Spanning trees of different processes are
calculated independently and do not affect each other.
As shown in Figure 7-8, Routers A, B, and C are connected through Layer 2 links, and are all
enabled with MSTP. The CEs on the on rings support only STP/RSTP. Multiple access rings
exist and these rings access the MSTP region through different interfaces on Routers A and B.
RouterC
VPLS
PE2
PE1 RouterB
RouterA
CE CE
CE
CE
Instance1:VLAN1~100 Instance3:VLAN1~100
Process 1 Process 3
CE CE
Instance2:VLAN101~200
Process 2
Pre-configuration Tasks
Before configuring MSTP multi-process, configure basic MSTP functions.
Data Preparation
To configure MSTP multi-process, you need the following data.
No. Data
Context
Perform the following steps on the devices connected to access rings:
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp process process-id
Step 3 Run:
stp mode mstp
NOTE
l After a device starts, there is a default MSTP process with the ID 0. MSTP configurations in the system
view and interface view belong to this process. The default working mode of this process is MSTP.
l To add an interface to an MSTP process with the ID of non-zero, run the stp process command and
then the stp binding process command.
----End
Context
Perform the following steps on the devices connected to access rings:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
The interface specified in this command must be a Layer 2 interface that connects a device and
an accessing ring.
Step 3 Run:
stp binding process process-id
NOTE
If the interface added to the MSTP process has sub-interfaces configured with features other than MSTP
such as VPLS, run the stp vpls-subinterface enable command on the main interface. The main interface
can then notify its sub-interfaces to update MAC entries and ARP entries after receiving a TC-BPDU. This
prevents services from being interrupted. In addition, root protection needs to be configured on the main
interface.
----End
Context
Perform the following steps on the devices connected to access rings:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
The interface specified in this command must be an interface on the share link between the
devices configured with MSTP multi-process but not the interfaces that connect an access ring
and a device.
Step 3 Run:
stp binding process process-id1 [ to process-id2 ] link-share
NOTE
For a process with share links, you must run the stp enable command globally. For an interface that is
added to the process in link-share mode, you must run the stp enable command in the interface view.
----End
Context
To prevent loops over the access ring after the share links fails, configure priorities and root
protection in MSTP multi-process.
Root protection is configured on the access interface of a device with second highest priority.
Context
Perform the following steps on the devices connected to access rings:
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp process process-id
Step 3 Run:
stp tc-notify process 0
After the stp tc-notify process 0 command is run, the current MSTP process notifies the MSTIs
in MSTP process 0 to update MAC entries and ARP entries after receiving a TC-BPDU. This
prevents services from being interrupted.
----End
Prerequisites
MSTP multi-process has been configured.
Procedure
Step 1 Run the display stp process process-id [ instance instance-id ] [ interface interface-type
interface-number | vsi vsi-name pw pw-name | slot slot-id ] [ brief ] command to view spanning-
tree status and statistics.
----End
Example
Run the display stp command, and you can view the working mode of the spanning tree and
port priority configured in an MSTP process. For example:
<HUAWEI> display stp process 2 interface gigabitethernet 1/0/2
----[CIST][Port2(GigabitEthernet1/0/2)][FORWARDING]----
Port Protocol :enabled
Port Role :Root Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=1
Desg. Bridge/Port :32768.00e0-0c1f-4100 / 128.1
Port Edged :Config=default / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :147 packets/s
Protection Type :Root
Port Stp Mode :MSTP
Port Protocol Type :Config=auto / Active=dot1s
BPDU Encapsulation :Config=stp / Active=stp
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 20
TC or TCN send :1
TC or TCN received :2
BPDU Sent :2
TCN: 0, Config: 0, RST: 0, MST: 2
BPDU Received :76
TCN: 0, Config: 0, RST: 0, MST: 76
Last forwarding time: 2012/04/23 20:06:08 UTC+00:00
Applicable Environment
On some networks, MSTP parameters will affect the speed of network convergence. Proper
MSTP parameter settings help implement rapid network convergence.
NOTE
The default parameters can also be used to complete MSTP rapid convergence. Therefore, the configuration
procedures and steps in this command task are all optional.
Pre-configuration Tasks
Before configuring MSTP parameters, configuring basic MSTP functions.
Data Preparation
To configure MSTP parameters, you need the following data.
No. Data
1 Network diameter, Hello time, forwarding delay time, maximum aging time, and
timeout period for waiting for BPDUs from the upstream (3 x hello time x time factor),
and Maximum hop count in a Multiple Spanning Tree (MST) region
2 Link type of a port, and Maximum number of sent bridge protocol data units (BPDUs)
Procedure
Step 1 Run:
system-view
NOTE
This step is needed only when you perform configurations in an MSTP process with a non-zero ID. If you
perform configurations in the MSTP process 0, skip this step.
Step 3 Run:
stp bridge-diameter diameter
l RSTP uses a single spanning tree instance on the entire network. As a result, performance
deterioration cannot be prevented when the network scale grows. Therefore, the network
diameter cannot be larger than 7.
l It is recommended that you run the stp bridge-diameter diameter command to set the
network diameter. Then, the switching device calculates the optimal Forward Delay period,
Hello timer value, and Max Age timer value based on the set network diameter.
Step 4 Run:
stp timer-factor factor
The timeout period for waiting for BPDUs from the upstream device is set.
Step 5 (Optional) If the current device is at the edge of a network, run both or either of the following
commands as needed:
l To configure all ports on the devices as edge ports, run:
stp edged-port default
After the stp bpdu-filter default and stp edged-port default commands are run in the system view, all
ports on the device no longer actively send BPDUs or negotiate with directly-connected ports; instead, all
the ports are in the Forwarding state. This may lead to a loop on the network, causing broadcast storms.
Exercise caution when running these commands.
Step 6 (Optional) To set the Forward Delay period, Hello timer, and Max Age timer, perform the
following operations:
l Run the stp timer forward-delay forward-delay command to set the Forward Delay timer.
The default Forward Delay timer of a switching device is 1500 centiseconds.
l Run the stp timer hello hello-time command to set the Hello timer.
The default Hello timer of a switching device is 200 centiseconds.
l Run the stp timer max-age max-age command to set the Max Age timer.
The default Max Age timer of a switching device is 2000 centiseconds.
NOTE
The values of the Hello timer, Forward Delay timer, and Max Age timer must comply with the following
formulas; otherwise, network flapping occurs.
l 2 x (Forward Delay - 1.0 second) >= Max Age
l Max Age >= 2 x (Hello Time + 1.0 second)
Step 7 Run:
stp max-hops hop
The maximum hop count is set for the Multiple Spanning Tree (MST) region.
Step 8 Run:
stp mcheck
MCheck is enabled.
On a switching device running MSTP, if an interface is connected to a device running STP, the
interface automatically transitions to the STP mode.
Enabling MCheck on the interface is required because the interface may fail to automatically
transition to the MSTP mode in the following situations:
If you run the stp mcheck command in the system view, the MCheck operation is performed on all the
interfaces.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
NOTE
If the interface itself is a Layer 2 interface, this step can be skipped. Run the display this command in the
interface view. If "portswitch" is displayed in the command output, the interface is a Layer 2 interface.
By default, an interface automatically determines whether to connect to a P2P link. The P2P link
supports rapid network convergence.
l If the Ethernet port works in full-duplex mode, the port is connected to a P2P link. In this
case, force-true can be configured to implement rapid network convergence.
l If the Ethernet port works in half-duplex mode, you can run stp point-to-point force-true
to forcibly set the link type to P2P.
Step 5 Run:
stp mcheck
MCheck is enabled.
On a switching device running MSTP, if an interface is connected to a device running STP, the
interface automatically transitions to the STP mode.
You must enable MCheck on the interface because the interface may fail to automatically
transition to the MSTP mode in the following situations:
l The switching device running STP is shut down or moved.
l The switching device running STP transitions to the MSTP mode.
Step 6 Run:
stp transmit-limit packet-number
NOTE
If the maximum number of BPDUs sent per second needs to be configured for all interfaces of the device,
run the stp transmit-limit (system view) command in the global view.
NOTE
After the stp bpdu-filter enable command is run on a port, the port no longer processes or sends BPDUs.
The port will not negotiate with the directly-connected port to establish an STP connection.
Step 8 Run:
quit
----End
Follow-up Procedure
When the topology of a spanning tree changes, the forwarding paths to associated VLANs are
changed. The ARP entries corresponding to those VLANs on the switching device need to be
updated. MSTP processes ARP entries in either fast or normal mode.
l In fast mode, ARP entries to be updated are directly deleted.
l In normal mode, ARP entries to be updated are rapidly aged.
The remaining lifetime of ARP entries to be updated is set to 0. The switching device rapidly
processes these aged entries. If the number of ARP aging probe attempts is not set to 0,
ARP implements aging probe for these ARP entries.
You can run the stp converge { fast | normal } command in the system view to configure the
MSTP convergence mode.
NOTE
The normal mode is recommended. If the fast mode is adopted, ARP entries will be frequently deleted,
causing the CPU usage on the MPU or LPU to reach 100%. As a result, network flapping will frequently
occur.
Prerequisites
MSTP parameters have been configured.
Procedure
l Run the display stp [ instance instance-id ] [ interface { interface-type interface-
number } ] [ brief ] command to view spanning-tree status and statistics.
----End
Example
Run the display stp command to view values of MSTP parameters, including the Hello timer,
Forward Delay timer, Max Age timer, maximum hop count, and maximum number of BPDUs
allowed to be sent within each Hello time interval. You can also check whether the link connected
to the port is a P2P link. For example:
<HUAWEI> display stp instance 0 interface gigabitethernet 1/0/1
-------[CIST Global Info][ Mode MSTP ]-------
CIST Bridge :32768.00e0-fc0e-a421
Config Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
Active Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00e0-fc0e-a421 / 0
CIST RegRoot/IRPC :32768.00e0-fc0e-a421 / 0
CIST RootPortId :0.0
BPDU-Protection :disabled
TC or TCN received :8
STP Converge Mode :Normal
Time since last TC :0 days 23h:9m:30s
Number of TC :2
Last TC occurred :GigabitEthernet1/0/2
----[Port3(GigabitEthernet1/0/1)] [ FORWARDING ]----
Port Protocol :enabled
Port Role :CIST Designated Port
Port Priority :128
Port Cost(Dot1T ) :Config=100 / Active=100
Desg. Bridge/Port :32768.00e0-fc0e-a421 / 128.1229
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :3 packets/s
Protection Type :None
Port Stp Mode :MSTP
Port Protocol Type :Config=auto / Active= dot1s
Applicable Environment
MSTP provides the protection functions listed in Table 7-7.
BPDU An edge port changes into a After BPDU protection is enabled, the
protection non-edge port after switching device shuts down the edge port if
receiving a BPDU, which the edge port receives an RST BPDU. Then
triggers spanning tree the device notifies the NMS of the shutdown
recalculation. If an attacker event. The attributes of the edge port are not
keeps sending pseudo changed.
BPDUs to a switching
device, network flapping
occurs.
Loop A root port or an alternate The loop protection function can be used to
protection port will age if link prevent such network loops. If the root port
congestion or a one-way link or alternate port cannot receive RST BPDUs
failure occurs. After the root from the upstream switching device, the root
port ages, a switching device port is blocked and the switching device
may re-select a root port notifies the NMS that the port enters the
incorrectly and after the Discarding state. The blocked port remains in
alternate port ages, the port the Blocked state and no longer forwards
enters the Forwarding state. packets. This function helps prevent loops on
Loops may occur in such a the network. The root port transitions to the
situation. Forwarding state after receiving new BPDUs.
NOTE
l After a device normally starts, there is a default MSTP process with the ID 0. MSTP configurations in
the system view and interface view both belong to this process.
l For more information about MSTP multi-process configuration, see 7.3 Configuring MSTP Multi-
process.
Pre-configuration Tasks
Before configuring MSTP protection functions on a switching device, configure basic MSTP
functions.
l NOTE
Configure an edge port on the switching device before configuring BPDU protection.
Data Preparation
To configure MSTP protection functions on a switching device, you need the following data.
No. Data
Context
Edge ports are directly connected to user terminal and will not receive BPDUs. Attackers may
send pseudo BPDUs to attack the switching device. If the edge ports receive the BPDUs, the
switching device configures the edge ports as non-edge ports and triggers a new spanning tree
calculation. Network flapping then occurs. BPDU protection can be used to protect switching
devices against malicious attacks.
Perform the following steps on a switching device that has an edge port.
Procedure
Step 1 Run:
system-view
NOTE
This step is needed only when you perform configurations in an MSTP process with a non-zero ID. If you
perform configurations in the MSTP process 0, skip this step.
Step 3 Run:
stp bpdu-protection
----End
Context
Attackers may send pseudo TC BPDUs to attack switching devices. Switching devices receive
a large number of TC BPDUs in a short time and delete entries frequently, which burdens system
processing and degrades network stability.
TC protection is used to suppress TC BPDUs. You can configure the number of times a switching
device processes TC BPDUs within a given time period. If the number of TC BPDUs that the
switching device receives within a given time exceeds the specified threshold, the switching
device processes only the specified number of TC BPDUs. After the specified time period
expires, the device processes the excess TC BPDUs for once. This function prevents the
switching device from frequently deleting MAC entries and ARP entries, saving CPU resources.
Procedure
Step 1 Run:
system-view
NOTE
This step is needed only when you perform configurations in an MSTP process with a non-zero ID. If you
perform configurations in the MSTP process 0, skip this step.
Step 3 Run either or both of the following commands to configure TC protection parameters.
l To set the time for a device to process the maximum number of TC BPDUs, run the stp tc-
protection interval interval-value command.
l To set the maximum number of TC BPDUs that a device processes within a specified period,
run the stp tc-protection threshold threshold command.
NOTE
l There are two TC protection parameters: time needed to process the maximum number of TC BPDUs
and the maximum number of TC BPDUs processed within a specified period. For example, if the time
is set to 10 seconds and the maximum number is set to 5, when a device receives TC BPDUs, the device
processes only the first 5 TC BPDUs within 10 seconds and processes the other TC BPDUs after the
time expires.
l The device processes only the maximum number of TC BPDUs specified in the stp tc-protection
threshold command within the time specified in the stp tc-protection interval command. The
processing of other TC BPDUs is delayed, which may slow down spanning tree convergence.
Step 4 Run:
stp tc-protection
----End
Context
Due to incorrect configurations or malicious attacks on the network, a root bridge may receive
BPDUs with a higher priority. Consequently, the legitimate root bridge is no longer able to serve
as the root bridge and the network topology is changed, triggering spanning tree recalculation.
This also may cause the traffic that should be transmitted over high-speed links to be transmitted
over low-speed links, leading to network congestion. The root protection function on a switching
device is used to protect the root bridge by preserving the role of the designated port.
NOTE
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
NOTE
If the interface itself is a Layer 2 interface, this step can be skipped. Run the display this command in the
interface view. If "portswitch" is displayed in the command output, the interface is a Layer 2 interface.
NOTE
This step is performed only when the interface needs to be bound to an MSTP process with a non-zero ID.
If the interface belongs to process 0, skip this step.
Step 5 Run:
stp root-protection
----End
Context
On a network running MSTP, a switching device maintains the root port status and status of
blocked ports by receiving BPDUs from an upstream switching device. If the switching device
cannot receive BPDUs from the upstream device because of link congestion or unidirectional-
link failure, the switching device re-selects a root port. The original root port becomes a
designated port and the original blocked ports change to the Forwarding state. This switching
may cause network loops, which can be mitigated by configuring loop protection.
After loop protection is configured, if the root port or alternate port does not receive BPDUs
from the upstream switching device, the root port is blocked and the switching device notifies
the NMS that the port enters the Discarding state. The blocked port remains in the Blocked state
and no longer forwards packets. This function helps prevent loops on the network. The root port
transitions to the Forwarding state after receiving new BPDUs.
NOTE
An alternate port is a backup port for a root port. If a switching device has an alternate port, you need to
configure loop protection on both the root port and the alternate port.
Perform the following steps on the root port and alternate port on a switching device in an MST
region.
Procedure
Step 1 Run:
system-view
NOTE
If the interface itself is a Layer 2 interface, this step can be skipped. Run the display this command in the
interface view. If "portswitch" is displayed in the command output, the interface is a Layer 2 interface.
NOTE
This step is performed only when the interface needs to be bound to an MSTP process with a non-zero ID.
If the interface belongs to process 0, skip this step.
Step 5 Run:
stp loop-protection
Loop protection for the root port is configured on the switching device.
----End
Context
Share-link protection is used in the scenario where a switching device is dual homed to a network.
When a share link fails, share-link protection forcibly changes the working mode of a local
switching device to RSTP. This function can also be used together with root protection to avoid
network loops.
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp process process-id
Step 3 Run:
stp link-share-protection
----End
Prerequisites
MSTP protection functions have been configured.
Procedure
l Run the display stp [ instance instance-id ] [ interface { interface-type interface-
number } ] [ brief ] command to view spanning-tree status and statistics.
----End
Example
Run the display stp command to view the BPDU protection status and configured protection
type on a switching device. For example:
<HUAWEI> display stp instance 0 interface gigabitethernet 1/0/0
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.00e0-fc0e-a421
Config Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
Active Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00e0-fc0e-a421 / 0
CIST RegRoot/IRPC :32768.00e0-fc0e-a421 / 0
CIST RootPortId :0.0
BPDU-Protection :enabled
TC or TCN received :8
STP Converge Mode :Fast
Time since last TC :0 days 23h:9m:30s
Number of TC :2
Last TC occurred :GigabitEthernet1/0/2
----[Port3(GigabitEthernet1/0/0)][FORWARDING]----
Port Protocol :enabled
Port Role :CIST Designated Port
Port Priority :128
Port Cost(Dot1T ) :Config=100 / Active=100
Desg. Bridge/Port :32768.00e0-fc0e-a421 / 128.1229
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :3 packets/s
Protection Type :Root
Port Stp Mode :MSTP
Port Protocol Type :Config=auto / Active= dot1s
BPDU Encapsulation :Config=stp / Active=stp
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
BPDU Sent :43
TCN: 0, Config: 0, RST: 0, MST: 43
BPDU Received :3
TCN: 0, Config: 0, RST: 0, MST: 3
Last forwarding time: 2012/04/23 20:06:08 UTC+00:00
Applicable Environment
On an MSTP network, inconsistent protocol packet formats and BPDU keys may lead to a
communication failure. Setting MSTP parameters correctly on Huawei devices ensures
interoperability between Huawei devices and non-Huawei devices.
Pre-configuration Tasks
Before configuring MSTP interoperability between Huawei devices and non-Huawei devices,
configure basic MSTP functions.
Data Preparation
To configure MSTP interoperability between Huawei devices and non-Huawei devices, you
need the following data.
No. Data
1 BPDU format
Prerequisites
Basic VPLS functions have been configured before you can configure the BPDU format in the
PW template view.
Procedure
Step 1 Run:
system-view
Step 3 Run:
stp bpdu-encapsulation { vbst | stp }
To make a Huawei device interoperate with a non-Huawei device, the VBST BPDU format
needs to be used.
----End
Context
The rapid transition mechanism is also called the Proposal/Agreement mechanism. All switching
devices support the following modes:
l Enhanced mode: The current interface counts the root port calculation when it computes
the synchronization flag bit.
– An upstream device sends a Proposal message to a downstream device, requesting rapid
status transition. After receiving the message, the downstream device sets the port
connected to the upstream device as a root port and blocks all non-edge ports.
– The upstream device then sends an Agreement message to the downstream device. After
the downstream device receives the message, the root port transitions to the Forwarding
state.
– The downstream device responds to the Proposal message with an Agreement message.
After receiving the message, the upstream device sets the port connected to the
downstream device as a designated port, and the designated port transitions to the
Forwarding state.
l Common mode: The current interface ignores the root port when it computes the
synchronization flag bit.
– An upstream device sends a Proposal message to a downstream device, requesting rapid
status transition. After receiving the message, the downstream device sets the port
connected to the upstream device as a root port and blocks all non-edge ports. The root
port then transitions to the Forwarding state.
– The downstream device responds to the Proposal message with an Agreement message.
After receiving the message, the upstream device sets the port connected to the
downstream device as a designated port. The designated port then transitions to the
Forwarding state.
When Huawei devices are connected to non-Huawei devices, select the same mode as that used
on non-Huawei devices.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
NOTE
This step binds an interface to an MSTP process with a non-zero ID. If the interface belongs to process 0,
skip this step.
Step 4 Run:
stp no-agreement-check
----End
Context
MSTP protocol packets have two formats: dot1s (IEEE 802.1s standard packets) and legacy
(proprietary protocol packets). The auto mode was designed to allow an interface to
automatically use the format of MSTP protocol packets sent from the remote interface. In this
manner, the two interfaces use the same MSTP protocol packet format.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
NOTE
If the interface itself is a Layer 2 interface, this step can be skipped. Run the display this command in the
interface view. If "portswitch" is displayed in the command output, the interface is a Layer 2 interface.
NOTE
This step binds an interface to an MSTP process with a non-zero ID. If the interface belongs to process 0,
skip this step.
Step 5 Run:
stp compliance { auto | dot1s | legacy }
NOTE
The negotiation will fail if the format of MSTP packets is set to dot1s on one end and legacy on the other
end.
----End
Context
Perform the following steps on a switching device in a Multiple Spanning Tree (MST) region
to enable the digest snooping function.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
NOTE
This step binds an interface to an MSTP process with a non-zero ID. If the interface belongs to process 0,
skip this step.
Step 4 Run:
stp config-digest-snoop
----End
NOTE
The command is supported only in the multi-instance scenario rather than the multi-process scenario.
----End
Prerequisites
The interoperability between Huawei devices and non-Huawei devices has been configured.
Procedure
l Run the display stp [ instance instance-id ] [ interface { interface-type interface-
number } ] [ brief ] command to view spanning-tree status and statistics.
----End
Example
Run the display stp command to view the spanning-tree working mode, BPDU format and
MSTP protocol packet format, and configuration for the digest snooping function. For example:
<HUAWEI> display stp instance 0 interface gigabitethernet 1/0/1
-------[CIST Global Info][ Mode MSTP ]-------
CIST Bridge :32768.00e0-fc0e-a421
Config Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
Active Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00e0-fc0e-a421 / 0
CIST RegRoot/IRPC :32768.00e0-fc0e-a421 / 0
CIST RootPortId :0.0
BPDU-Protection :disabled
TC or TCN received :8
STP Converge Mode :Normal
Time since last TC :0 days 23h:9m:30s
Number of TC :2
Last TC occurred :GigabitEthernet1/0/2
----[Port3(GigabitEthernet1/0/1)] [ FORWARDING ]----
Port Protocol :enabled
Port Role :CIST Designated Port
Port Priority :128
Port Cost(Dot1T ) :Config=100 / Active=100
Desg. Bridge/Port :32768.00e0-fc0e-a421 / 128.1229
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :3 packets/s
Protection Type :None
Config-digest-snoop:snooped=false
Port Stp Mode :MSTP
Port Protocol Type :Config=auto / Active= dot1s
BPDU Encapsulation :Config=stp / Active=stp
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
BPDU Sent :0
TCN: 0, Config: 0, RST: 0, MST: 0
BPDU Received :0
TCN: 0, Config: 0, RST: 0, MST: 0
Last forwarding time: 2012/04/23 20:06:08 UTC+00:00
Run the display this command in the view of the interface participating in STP calculation to
view the fast transition mechanism configured on the interface. Use the following command
output as an example:
[HUAWEI-GigabitEthernet1/0/1] display this
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
stp no-agreement-check
return
Context
NOTICE
MSTP statistics cannot be restored after being cleared.
Procedure
Step 1 Run the reset stp [ interface interface-type interface-number ] statistics command to clear
spanning-tree statistics.
----End
Networking Requirements
On a complex network, loops are inevitable. With the requirement for network redundancy
backup, network designers tend to deploy multiple physical links between two devices, one of
which is the master and the others are the backup. Loops are likely or bound to occur in such a
situation.
Loops will cause broadcast storms, thereby exhausting network resources and paralyzing the
network. Loops also cause flapping of MAC address tables and therefore damages MAC address
entries.
MSTP can be deployed to eliminate loops. MSTP blocks redundant links on a Layer 2 network
and trims the network into a loop-free tree.
As shown in Figure 7-9, to load balance traffic of VLANs 1 to 10 and traffic of VLANs 11 to
20, multiple MSTIs are created. MSTP defines a VLAN mapping table in which VLANs are
associated with spanning tree instances. In addition, MSTP divides a switching network into
multiple regions, each of which has multiple independent spanning tree instances.
As shown in Figure 7-9, RouterA, RouterB, SwitchC, and SwitchD all run MSTP.
Network
RG1
RouterA RouterB
GE1/0/2 GE1/0/2
GE1/0/1 GE1/0/1
GE1/0/3 GE1/0/3
SwitchC GE1/0/2 GE1/0/2 SwitchD
GE1/0/1 GE1/0/1
PC1 PC2
VLAN1~10 MSTI1
VLAN11~20 MSTI2
MSTI1:
Root Bridge:RouterA
Blocked port
MSTI2:
Root Bridge:RouterB
Blocked port
Configuration Roadmap
The configuration roadmap is as follows:
a. Configure a Multiple Spanning Tree (MST) region and create multiple MSTIs to
implement load balancing.
b. In the MST region, configure a primary root bridge and secondary root bridge for each
MSTI.
c. Set path costs for ports to be blocked in each MSTI.
d. Enable MSTP to eliminate loops, including:
l Enable MSTP globally.
l Enable MSTP on all the interfaces except the interfaces connected to terminals.
NOTE
MSTP is not required on the interfaces connected to terminals because these interfaces do not
need to participate in MSTP calculation.
By default, MSTP is enabled on a Layer 2 interface but not enabled on a Layer 3 interface.
2. Configure MSTP protection functions, for example, configure root protection on a
designated port of a root bridge in each MSTI.
3. Configure the Layer 2 forwarding function on devices.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure basic MSTP functions.
1. Add RouterA, RouterB, SwitchC, and SwitchD to MST region RG1, and create two MSTIs,
MSTI 1 and MSTI 2.
# Add RouterA to RG1.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] stp region-configuration
[RouterA-mst-region] region-name RG1
[RouterA-mst-region] instance 1 vlan 1 to 10
[RouterA-mst-region] instance 2 vlan 11 to 20
[RouterA-mst-region] active region-configuration
[RouterA-mst-region] quit
2. In RG1, configure primary and secondary root bridges for MSTI 1 and MSTI 2.
l Configure primary and secondary root bridges for MSTI 1.
# Configure RouterA as a primary root bridge of MSTI 1.
[RouterA] stp instance 1 root primary
3. Set the path costs of the ports to be blocked in MSTI 1 and MSTI 2 to be larger than the
default value.
NOTE
l Different calculation methods define different path costs. Use the Huawei proprietary calculation
method as an example to set the path costs of the ports to be blocked in MSTI 1 and MSTI 2 to
20000.
l All switching devices on a network must use the same calculation for path costs.
# On RouterA, configure the path cost calculation method as the Huawei proprietary
method.
[RouterA] stp pathcost-standard legacy
# On RouterB, configure the path cost calculation method as the Huawei proprietary
method.
[RouterB] stp pathcost-standard legacy
# On SwitchC, configure the path cost calculation method as the Huawei proprietary method
and set the path cost of GE 1/0/2 in MSTI 2 to 20000.
[SwitchC] stp pathcost-standard legacy
[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] stp instance 2 cost 20000
[SwitchC-GigabitEthernet1/0/2] quit
# On SwitchD, configure the path cost calculation method as the Huawei proprietary
method and set the path cost of GE 1/0/2 in MSTI 1 to 20000.
[SwitchD] stp pathcost-standard legacy
[SwitchD] interface gigabitethernet 1/0/2
[SwitchD-GigabitEthernet1/0/2] stp instance 1 cost 20000
[SwitchD-GigabitEthernet1/0/2] quit
l Enable MSTP on all the interfaces except the interfaces connected to terminals.
# Enable MSTP on GE 1/0/1 of RouterA.
[RouterA] interface gigabitethernet 1/0/1
[RouterA-GigabitEthernet1/0/1] undo shutdown
[RouterA-GigabitEthernet1/0/1] portswitch
[RouterA-GigabitEthernet1/0/1] stp enable
[RouterA-GigabitEthernet1/0/1] quit
Step 2 Configure MSTP protection functions, for example, configure root protection on a designated
port of a root bridge in each MSTI.
After completing the previous configurations, run the following commands to check the
configurations.
# Run the display stp brief command on RouterA to view the interface status and protection
type. The displayed information is as follows:
[RouterA] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/1 DESI FORWARDING NONE
0 GigabitEthernet1/0/2 DESI FORWARDING NONE
1 GigabitEthernet1/0/1 DESI FORWARDING NONE
1 GigabitEthernet1/0/2 DESI FORWARDING NONE
2 GigabitEthernet1/0/1 DESI FORWARDING NONE
2 GigabitEthernet1/0/2 ROOT FORWARDING NONE
In MSTI 1, RouterA is a root bridge and therefore GE 1/0/2 and GE 1/0/1 on RouterA are
designated ports. In MSTI 2, GE 1/0/1 on Switch A is a designated port and GE 1/0/2 is a root
port.
# Run the display stp brief command on RouterB. The displayed information is as follows:
[RouterB] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/1 DESI FORWARDING NONE
0 GigabitEthernet1/0/2 ROOT FORWARDING NONE
1 GigabitEthernet1/0/1 DESI FORWARDING NONE
1 GigabitEthernet1/0/2 ROOT FORWARDING NONE
2 GigabitEthernet1/0/1 DESI FORWARDING NONE
2 GigabitEthernet1/0/2 DESI FORWARDING NONE
In MSTI 2, RouterB is a root bridge and therefore GE 1/0/1 and GE 1/0/2 on RouterB are
designated ports. In MSTI 1, GE 1/0/1 of RouterB is a designated port and GE 1/0/2 is a root
port.
# Run the display stp interface brief command on SwitchC. The displayed information is as
follows:
# Run the display stp interface brief command on SwitchD. The displayed information is as
follows:
[SwitchD] display stp interface gigabitethernet 1/0/3 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/3 ALTE DISCARDING NONE
1 GigabitEthernet1/0/3 ROOT FORWARDING NONE
2 GigabitEthernet1/0/3 ROOT FORWARDING NONE
[SwitchD] display stp interface gigabitethernet 1/0/2 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/2 ROOT FORWARDING NONE
1 GigabitEthernet1/0/2 ALTE DISCARDING NONE
2 GigabitEthernet1/0/2 DESI FORWARDING NONE
GE 1/0/3 on SwitchD is a root port in both MSTI 1 and MSTI 2. GE 1/0/2 on SwitchD is blocked
in MSTI 1 but is calculated to be a designated port in MSTI 2.
----End
Configuration Files
l Configuration file of RouterA
#
sysname
RouterA
#
vlan batch 1 to
20
#
stp instance 1 root
primary
stp instance 2 root
secondary
stp pathcost-standard
legacy
stp enable
#
stp region-
configuration
region-name
RG1
instance 1 vlan 1 to
10
instance 2 vlan 11 to
20
active region-
configuration
#
interface
GigabitEthernet1/0/1
undo shutdown
portswitch
port trunk allow-pass vlan 1 to
20
stp root-
protection
#
interface
GigabitEthernet1/0/2
undo shutdown
portswitch
port trunk allow-pass vlan 1 to 20
#
return
enable
#
stp region-
configuration
region-name
RG1
instance 1 vlan 1 to
10
instance 2 vlan 11 to
20
active region-
configuration
#
interface
GigabitEthernet1/0/1
stp
disable
#
interface
GigabitEthernet1/0/2
port trunk allow-pass vlan 1 to
20
stp instance 2 cost
20000
#
interface
GigabitEthernet1/0/3
port trunk allow-pass vlan 1 to
20
#
return
interface
GigabitEthernet1/0/3
port trunk allow-pass vlan 1 to
20
#
return
Networking Requirements
UPEs construct a ring at the aggregation layer. These UPEs are enabled with MSTP and belong
to the same MST region. Load balancing between different VLANs is carried out by creating
multiple MSTIs.
UPEs are respectively connected to two DSLAM rings at the access layer. The two rings need
to be independent of each other and use different spanning trees. This ensures that topology
change of one ring does not affect the other.
As shown in Figure 7-10, UPE1, UPE2, UPE3, and UPE4 construct a ring at the aggregation
layer. The UPEs are enabled with MSTP and belong to the same MST region named RG1. In
RG1, UPE4 is a CIST root and also a regional root of MSTI 1. UPE3 is a regional root in MSTI
2. Load balancing between traffic from different VLANs is carried out in the entire MST region.
UPE1 and UPE2 are connected to two DSLAM rings at the access layer. The two rings need to
be independent of each other.
NOTE
In the ring of MSTP multi-process, blocking the interface directly connected to the root protection-enabled
designated port is not recommended.
Core
MPLS/IP Core
Aggregation
GE2/0/1
MSTP
GE2/0/1 GE2/0/1
GE1/0/3 GE1/0/3
UPE1 UPE2
STP/RSTP
DSLAM DSLAM Access
DSLAM DSLAM
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l Name of the MST region (RG1) and names of MSTIs (MSTI 1 and MSTI 2)
l VLAN IDs on UPEs (1 to 20)
l IDs of MSTP processes
Procedure
Step 1 Configure basic MSTP functions.
1. Add UPEs 1 to 4 to MST region RG1.
# Configure UPE1.
<HUAWEI> system-view
[HUAWEI] sysname UPE1
[UPE1] stp region-configuration
[UPE1-mst-region] region-name RG1
[UPE1-mst-region] instance 1 vlan 1 to 10
[UPE1-mst-region] instance 2 vlan 11 to 20
[UPE1-mst-region] active region-configuration
[UPE1-mst-region] quit
# Configure UPE2.
<HUAWEI> system-view
[HUAWEI] sysname UPE2
[UPE2] stp region-configuration
[UPE2-mst-region] region-name RG1
[UPE2-mst-region] instance 1 vlan 1 to 10
[UPE2-mst-region] instance 2 vlan 11 to 20
[UPE2-mst-region] active region-configuration
[UPE2-mst-region] quit
# Configure UPE3.
<HUAWEI> system-view
[HUAWEI] sysname UPE3
[UPE3] stp region-configuration
[UPE3-mst-region] region-name RG1
[UPE3-mst-region] instance 1 vlan 1 to 10
[UPE3-mst-region] instance 2 vlan 11 to 20
[UPE3-mst-region] active region-configuration
[UPE3-mst-region] quit
# Configure UPE4.
<HUAWEI> system-view
[HUAWEI] sysname UPE4
[UPE4] stp region-configuration
[UPE4-mst-region] region-name RG1
[UPE4-mst-region] instance 1 vlan 1 to 10
[UPE4-mst-region] instance 2 vlan 11 to 20
[UPE4-mst-region] active region-configuration
[UPE4-mst-region] quit
# Set the priority of UPE3 to 0 in MSTI 2 to ensure that UPE3 functions as a regional root
of MSTI 2 in RG1.
[UPE3] stp instance 2 priority 0
3. Enable MSTP.
# Configure UPE1.
[UPE1] stp enable
# Configure UPE2.
[UPE2] stp enable
# Configure UPE3.
[UPE3] stp enable
# Configure UPE4.
[UPE4] stp enable
# Configure UPE2.
[UPE2] stp process 1
[UPE2-stp-process-1] stp enable
[UPE2-stp-process-1] quit
[UPE2] stp process 2
[UPE2-stp-process-2] stp enable
[UPE2-stp-process-2] quit
# Configure UPE2.
[UPE2] interface gigabitethernet 1/0/3
[UPE2-GigabitEthernet1/0/1] stp binding process 1 to 2 link-share
[UPE2-GigabitEthernet1/0/1] quit
# Configure UPE2.
[UPE2] stp process 1
[UPE2-stp-process-1] stp instance 0 root secondary
[UPE2-stp-process-1] quit
[UPE2] stp process 2
[UPE2-stp-process-2] stp instance 0 root primary
[UPE2-stp-process-2] quit
[UPE2] interface gigabitethernet 1/0/2
[UPE2-GigabitEthernet1/0/2] stp root-protection
[UPE2-GigabitEthernet1/0/2] quit
NOTE
l Alternatively, you can run the stp [ instance instance-id ] priority priority command to configure
priorities for MSTP processes. Ensure that the MSTP process on UPE1 has the highest priority and
the MSTP process on UPE2 has the second highest priority.
l Root protection must be configured on a designated port of the MSTP process with the second
highest priority.
l Configure TC notification and suppression of TC-BPDUs for MSTP multi-process.
# Configure UPE1.
[UPE1] stp tc-protection
[UPE1] stp process 1
[UPE1-stp-process-1] stp tc-notify process 0
[UPE1-stp-process-1] stp tc-protection
[UPE1-stp-process-1] quit
[UPE1] stp process 2
[UPE1-stp-process-2] stp tc-notify process 0
[UPE1-stp-process-2] stp tc-protection
[UPE1-stp-process-2] quit
# Configure UPE2.
[UPE2] stp tc-protection
[UPE2] stp process 1
[UPE2-stp-process-1] stp tc-notify process 0
[UPE2-stp-process-1] stp tc-protection
[UPE2-stp-process-1] quit
[UPE2] stp process 2
[UPE2-stp-process-2] stp tc-notify process 0
[UPE2-stp-process-2] stp tc-protection
[UPE2-stp-process-2] quit
# Create VLANs 1 to 20 on UPE2 and add GE 2/0/1 and GE 1/0/3 to the VLANs.
[UPE2] vlan batch 1 to 20
[UPE2] interface gigabitethernet 2/0/1
[UPE2-GigabitEthernet2/0/1] undo shutdown
[UPE2-GigabitEthernet2/0/1] portswitch
[UPE2-GigabitEthernet2/0/1] port trunk allow-pass vlan 1 to 20
[UPE2-GigabitEthernet2/0/1] quit
[UPE2] interface gigabitethernet 1/0/3
[UPE2-GigabitEthernet1/0/3] undo shutdown
[UPE2-GigabitEthernet1/0/3] portswitch
[UPE2-GigabitEthernet1/0/3] port trunk allow-pass vlan 1 to 20
[UPE2-GigabitEthernet1/0/3] quit
[UPE2] interface gigabitethernet 1/0/1
[UPE2-GigabitEthernet1/0/1] undo shutdown
[UPE2-GigabitEthernet1/0/1] portswitch
[UPE2-GigabitEthernet1/0/1] port trunk allow-pass vlan 11 to 20
[UPE2-GigabitEthernet1/0/1] quit
[UPE2] interface gigabitethernet 1/0/2
[UPE2-GigabitEthernet1/0/2] undo shutdown
[UPE2-GigabitEthernet1/0/2] portswitch
[UPE2-GigabitEthernet1/0/2] port trunk allow-pass vlan 1 to 10
[UPE2-GigabitEthernet1/0/2] quit
# Create VLANs 1 to 20 on UPE3 and add GE 1/0/1 and GE 2/0/1 to the VLANs.
[UPE3] vlan batch 1 to 20
[UPE3] interface gigabitethernet 1/0/1
[UPE3-GigabitEthernet1/0/1] undo shutdown
[UPE3-GigabitEthernet1/0/1] portswitch
[UPE3-GigabitEthernet1/0/1] port trunk allow-pass vlan 1 to 20
[UPE3-GigabitEthernet1/0/1] quit
[UPE3] interface gigabitethernet 2/0/1
[UPE3-GigabitEthernet2/0/1] undo shutdown
[UPE3-GigabitEthernet2/0/1] portswitch
[UPE3-GigabitEthernet2/0/1] port trunk allow-pass vlan 1 to 20
[UPE3-GigabitEthernet2/0/1] quit
# Create VLANs 1 to 20 on UPE4 and add GE 1/0/1 and GE 2/0/1 to the VLANs.
[UPE4] vlan batch 1 to 20
[UPE4] interface gigabitethernet 1/0/1
# GE 1/0/3 is a designated port in the CIST and MSTI 1 and a root port in MSTI 2.
[UPE1] display stp interface gigabitethernet 1/0/3 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/3 DESI FORWARDING NONE
1 GigabitEthernet1/0/3 DESI FORWARDING NONE
2 GigabitEthernet1/0/3 ROOT FORWARDING NONE
l Run the display stp interface brief command on UPE2, and you can view the following
information:
# GE 2/0/1 is a designated port in the CIST and MSTI 1 and a root port in MSTI 2.
[UPE2] display stp interface gigabitethernet 2/0/1 brief
MSTID Port Role STP State Protection
0 GigabitEthernet2/0/1 DESI FORWARDING NONE
1 GigabitEthernet2/0/1 DESI FORWARDING NONE
2 GigabitEthernet2/0/1 ROOT FORWARDING NONE
# GE 1/0/3 is a root port in the CIST and MSTI 1 and a designated port in MSTI 2.
[UPE2] display stp interface gigabitethernet 1/0/3 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/3 ROOT DISCARDING NONE
1 GigabitEthernet1/0/3 ROOT DISCARDING NONE
2 GigabitEthernet1/0/3 DESI FORWARDING NONE
l Run the display stp interface brief command on UPE3, and you can view the following
information:
# GE 1/0/1 is a designated port in the CIST and both MSTI 1 and MSTI 2.
[UPE3] display stp interface gigabitethernet 1/0/1 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/1 DESI FORWARDING NONE
1 GigabitEthernet1/0/1 DESI FORWARDING NONE
2 GigabitEthernet1/0/1 DESI FORWARDING NONE
# GE 2/0/1 is a root port in the CIST and MSTI 1 and a designated port in MSTI 2.
[UPE3] display stp interface gigabitethernet 2/0/1 brief
MSTID Port Role STP State Protection
0 GigabitEthernet2/0/1 ROOT FORWARDING NONE
1 GigabitEthernet2/0/1 ROOT FORWARDING NONE
2 GigabitEthernet2/0/1 DESI FORWARDING NONE
l Run the display stp interface brief command on UPE4, and you can view the following
information:
# GE 1/0/1 is a designated port in the CIST and both MSTI 1 and MSTI 2.
[UPE4] display stp interface gigabitethernet 1/0/1 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/1 DESI FORWARDING NONE
1 GigabitEthernet1/0/1 DESI FORWARDING NONE
2 GigabitEthernet1/0/1 DESI FORWARDING NONE
# GE 2/0/1 is a designated port in the CIST and MSTI 1 and a root port in MSTI 2.
[UPE4] display stp interface gigabitethernet 2/0/1 brief
MSTID Port Role STP State Protection
0 GigabitEthernet2/0/1 DESI FORWARDING NONE
1 GigabitEthernet2/0/1 DESI FORWARDING NONE
2 GigabitEthernet2/0/1 ROOT FORWARDING NONE
----End
Configuration Files
Only the configuration files of the UPEs are listed.
stp tc-protection
stp enable
stp converge normal
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port trunk allow-pass vlan 1 to 10
stp binding process 1
#
interface GigabiEthernet1/0/2
undo shutdown
portswitch
port trunk allow-pass vlan 11 to 20
stp binding process 2
stp root-protection
#
interface GigabitEthernet1/0/3
undo shutdown
portswitch
port trunk allow-pass vlan 1 to 20
stp binding process 1 to 2 link-share
#
interface GigabitEthernet2/0/1
undo shutdown
portswitch
port trunk allow-pass vlan 1 to 20
#
return
portswitch
port trunk allow-pass vlan 1 to 20
#
return
Networking Requirements
On the networking with both Layer 2 single-access rings and multi-access rings deployed,
switching devices carry both Layer 2 and Layer 3 services. To enable different rings to carry
different services, deploy MSTP multi-process. Spanning trees of different processes are
calculated independently and do not affect each other.
As shown in Figure 7-11, both Layer 2 single-access rings and dual-access rings are deployed,
and routers carry both Layer 2 and Layer 3 services. In this networking, two routers connected
to dual-access rings are also connected to a single-access ring each. Ring 1 uses Router A as an
MSTP root bridge. Ring 2 uses Router B as an MSTP root bridge. Ring 3 uses Router A as an
MSTP root bridge.
Routers A, B, and C construct a VPLS network. Sub-interfaces are configured on the ring access
interfaces on Router A and Router B and are bound to VSIs for access to the rings.
NOTE
In the ring of MSTP multi-process, blocking the interface directly connected to the root protection-enabled
designated port is not recommended.
Figure 7-11 Networking for MSTP multi-process for Layer 2 single-access rings and Layer 2
multi-access rings
RouterC
GE1/1/0
GE1/1/0
PE1 PE2
RouterA RouterB
CE CE
GE1/0/10 GE1/0/0 GE1/0/10
GE1/0/0
GE1/0/11 GE1/0/11
GE1/0/7 GE1/0/7
Ring1 Ring2
CE CE
Ring3
Instance 1:VLAN1~100 Instance 3:VLAN1~100
Process 1 Process 3
CE CE
Instance 2:VLAN101~200
Process 2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic MSTP functions, create multiple MSTP processes, add devices to MST
regions, and create MSTIs.
NOTE
Data Preparation
To complete the configuration, you need the following data:
l Names of MST region (RG1, RG2, and RG3) and names of MSTIs (MSTI 1, MSTI 2, and
MSTI 3)
l VLAN IDs (1 to 200)
l IDs of MSTP processes
Procedure
Step 1 Configure basic MSTP functions, create multiple MSTP processes, add devices to MST regions,
and create MSTIs.
# Configure MSTP processes 1 and 2 on Router A.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] stp process 1
[RouterA-stp-process-1] stp region-configuration
[RouterA-stp-process-1-region] region-name RG1
[RouterA-stp-process-1-region] instance 1 vlan 1 to 100
[RouterA-stp-process-1-region] active region-configuration
[RouterA-stp-process-1-region] quit
[RouterA-stp-process-1] quit
[RouterA] stp process 2
[RouterA-stp-process-2] stp region-configuration
[RouterA-stp-process-2-region] region-name RG2
[RouterA-stp-process-2-region] instance 2 vlan 101 to 200
[RouterA-stp-process-2-region] active region-configuration
[RouterA-stp-process-2-region] quit
# Configure Router B.
[RouterB] interface gigabitethernet 1/0/10
[RouterB-GigabitEthernet1/0/10] undo shutdown
[RouterB-GigabitEthernet1/0/10] portswitch
[RouterB-GigabitEthernet1/0/10] stp binding process 3
[RouterB-GigabitEthernet1/0/10] quit
[RouterB] interface gigabitethernet 1/0/11
[RouterB-GigabitEthernet1/0/11] undo shutdown
[RouterB-GigabitEthernet1/0/11] portswitch
[RouterB-GigabitEthernet1/0/11] stp binding process 3
[RouterB-GigabitEthernet1/0/11] quit
[RouterB] interface gigabitethernet 1/0/7
[RouterB-GigabitEthernet1/0/7] undo shutdown
[RouterB-GigabitEthernet1/0/7] portswitch
[RouterB-GigabitEthernet1/0/7] stp binding process 2
[RouterB-GigabitEthernet1/0/7] quit
NOTE
If the interface added to the MSTP process has sub-interfaces configured with features other than
MSTP such as VPLS, run the stp vpls-subinterface enable command on the interface. The interface
then notifies its sub-interfaces to update MAC entries and ARP entries after receiving a TC-BPDU.
This ensures non-stop service transmission. In addition, root protection needs to be configured on
the interface.
2. Configure a share link.
# Configure Router A.
[RouterA] interface gigabitethernet1/0/0
[RouterA-GigabitEthernet1/0/0] undo shutdown
[RouterA-GigabitEthernet1/0/0] portswitch
[RouterA-GigabitEthernet1/0/0] stp binding process 2 link-share
[RouterA-GigabitEthernet1/0/0] quit
# Configure Router B.
[RouterB] interface gigabitethernet1/0/0
[RouterB-GigabitEthernet1/0/0] undo shutdown
[RouterB-GigabitEthernet1/0/0] portswitch
[RouterB-GigabitEthernet1/0/0] stp binding process 2 link-share
[RouterB-GigabitEthernet1/0/0] quit
# Configure Router B.
[RouterB] stp process 3
[RouterB-stp-process-3] stp enable
[RouterB-stp-process-3] quit
[RouterB] stp process 2
[RouterB-stp-process-2] stp enable
[RouterB-stp-process-2] quit
# Configure Router B.
[RouterB] stp process 3
[RouterB-stp-process-3] stp instance 0 root primary
[RouterB-stp-process-3] stp instance 3 root primary
[RouterB-stp-process-3] quit
[RouterB] stp process 2
[RouterB-stp-process-2] stp instance 0 root secondary
[RouterB-stp-process-2] stp instance 2 root secondary
[RouterB-stp-process-2] quit
[RouterB] interface gigabitethernet 1/0/7
[RouterB-GigabitEthernet1/0/7] stp root-protection
[RouterB-GigabitEthernet1/0/7] quit
NOTE
l In each ring, the priority of the MSTP process on the downstream CE must be lower than the priority
of the MSTP process on the router.
l For Router A and Router B on the dual-access ring, you are recommended to configure them as
the primary root bridges of different MSTIs.
l A Layer 3 VPN can be bound to a primary root bridge but cannot be bound to a secondary root
bridge.
l Configure share-link protection.
# Configure Router A.
[RouterA] stp process 2
[RouterA-stp-process-2] stp link-share-protection
[RouterA-stp-process-2] quit
# Configure Router B.
[RouterB] stp process 2
[RouterB-stp-process-2] stp link-share-protection
[RouterB-stp-process-2] quit
# Create VLANs 1 to 200 on Router B. Add GE 1/0/10 and GE 1/0/11 to VLANs 1 to 100, and
add GE 1/0/0 and GE 1/0/7 to VLANs 101 to 200.
l Run the display stp interface brief command on Router B, and you can view the following
information:
# GE 1/0/10 is a designated port in the CIST of MSTP process 3.
[RouterB] display stp process 3 interface giabitethernet 1/0/10 brief
MSTID Port Role STP State Protection
3 GigabitEthernet1/0/10 DESI FORWARDING NONE
----End
Configuration Files
Only the MSTP-related configuration files are listed.
active region-configuration
stp process 2
stp instance 0 root primary
stp instance 2 root primary
stp link-share-protection
stp enable
stp converge normal
stp region-configuration
region-name RG2
instance 2 vlan 101 to 200
active region-configuration
#
interface GigabitEthernet1/0/10
undo shutdown
portswitch
port trunk allow-pass vlan 1 to 100
stp binding process 1
#
interface GigabiEthernet1/0/11
undo shutdown
portswitch
port trunk allow-pass vlan 1 to 100
stp binding process 1
#
interface GigabitEthernet1/0/7
undo shutdown
portswitch
port trunk allow-pass vlan 101 to 200
stp binding process 2
stp root-protection
#
interface GigabitEthernet1/0/0
undo shutdown
portswitch
port trunk allow-pass vlan 101 to 200
stp binding process 2 link-share
#
return
#
interface GigabitEthernet1/0/10
undo shutdown
portswitch
port trunk allow-pass vlan 1 to 100
stp binding process 3
#
interface GigabiEthernet1/0/11
undo shutdown
portswitch
port trunk allow-pass vlan 1 to 100
stp binding process 3
#
interface GigabitEthernet1/0/7
undo shutdown
portswitch
port trunk allow-pass vlan 101 to 200
stp binding process 2
stp root-protection
#
interface GigabitEthernet1/0/0
undo shutdown
portswitch
port trunk allow-pass vlan 101 to 200
stp binding process 2 link-share
#
return
Networking Requirements
On an ME network, VLAN IDs are used to identify various services or user packets before they
access various VSIs, VLLs, or VPN instances. If multiple user packets or services share one
VLAN ID, part of high-priority traffic over the operators' network cannot be scheduled in time,
which deteriorates user experience.
On the network shown in Figure 7-12, CE1 and CE2 add the same VLAN tag to received packets.
After PE1 receives these packets, it cannot distinguish the packets by the VLAN tag. This process
affects traffic distribution. To resolve this problem, configure VLAN mapping on PE1 to map
the same user VLAN IDs to different operator VLAN IDs, and configure VLANIF interfaces
on PE1 to transmit the user packets carrying the operator VLAN IDs to an L3VPN using different
VPN instances. These configurations ensure that packets are scheduled promptly.
You can deploy MSTP on the ring network formed by CE1, CE2, and PE1 in Figure 7-12. MSTP
blocks a redundant link and performs the spanning tree calculation to prevent loops.
Figure 7-12 Networking for configuring MSTP+VLAN mapping and VLANIF interfaces for
L3VPN access
Loopback1
2.2.2.9/32
VLAN 10
GE1/0/1 GE1/0/1.1
Database
CE1 192.168.2.1/24
PE2 AS65410
GE1/0/1
GE1/0/2 192.168.2.2/24 CE4
GE1/0/3
Loopback1 GE1/0/2
1.1.1.9/32 10.1.1.1/30
GE1/0/2
M 10.1.1.2/30
GE1/0/1
S VLANIF30:192.168.1.2/24
T GE1/0/4 VLANIF20:172.16.1.2/24
P GE1/0/3
PE1
10.2.1.2/30
GE1/0/2
GE1/0/3
10.2.1.1/30
GE1/0/1
GE1/0/2 Internet
172.20.1.2/24
CE2 PE3 AS65420
GE1/0/1.1
GE1/0/1
172.20.1.1/24 CE3
VLAN 10
Loopback1
3.3.3.9/32
L3VPN
AS100
Configuration Roadmap
The configuration roadmap is as follows:
a. Enable an Interior Gateway Protocol (IGP) on the backbone network to allow routers
to communicate with each other.
b. Configure basic Multiprotocol Label Switching (MPLS) functions and MPLS Label
Distribution Protocol (LDP), and then create MPLS label switched paths (LSPs) on
the backbone network to distribute and exchange labels.
c. Create VPN instances on PEs and establish VPN routing and forwarding (VRF) tables.
d. Set up MP-IBGP peer relationships between PEs.
e. Configure External Border Gateway Protocol (EBGP) on CEs and PEs to exchange
VPN routing information.
2. Configure the VLAN mapping function and VLANIF interfaces, and then bind the VPN
instances to the VLANIF interfaces.
3. Configure MSTP on CE1, CE2, and PE1 to prevent loops.
Data Preparation
To complete the configuration, you need the following data:
l Interface IP addresses
l VPN instance names
l RDs and VPN targets of the VPN instances
l MSTP region name and mapping between MSTI and VLANs
l Operator VLAN IDs for the VLAN mapping function
l VLANIF interface names
Procedure
Step 1 Configure basic L3VPN functions.
1. Configure an IGP on the MPLS backbone network. In this example, Open Shortest Path
First (OSPF) is used as an IGP.
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface LoopBack 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] interface gigabitethernet 1/0/2
[PE1-GigabitEthernet1/0/2] ip address 10.1.1.2 30
[PE1-GigabitEthernet1/0/2] undo shutdown
[PE1-GigabitEthernet1/0/2] quit
[PE1] interface gigabitethernet 1/0/3
[PE1-GigabitEthernet1/0/3] ip address 10.2.1.2 30
[PE1-GigabitEthernet1/0/3] undo shutdown
[PE1-GigabitEthernet1/0/3] quit
[PE1] ospf
[PE1-ospf-1] area 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3
[PE1-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.3
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 2.2.2.9 32
[PE2-LoopBack1] quit
[PE2] interface gigabitethernet 1/0/2
[PE2-GigabitEthernet1/0/2] ip address 10.1.1.1 30
[PE2-GigabitEthernet1/0/2] undo shutdown
[PE2-GigabitEthernet1/0/2] quit
[PE2] ospf
[PE2-ospf-1] area 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.3
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Configure PE3.
<HUAWEI> system-view
[HUAWEI] sysname PE3
[PE3] interface loopback 1
After OSPF is configured, PEs have IP routes to the peer Loopback 1 and can ping each
other.
[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 9 Routes : 9
2. Enable basic MPLS functions and LDP on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface gigabitethernet1/0/2
[PE1-GigabitEthernet1/0/2] mpls
[PE1-GigabitEthernet1/0/2] mpls ldp
[PE1-GigabitEthernet1/0/2] quit
[PE1] interface gigabitethernet1/0/3
[PE1-GigabitEthernet1/0/3] mpls
[PE1-GigabitEthernet1/0/3] mpls ldp
[PE1-GigabitEthernet1/0/3] quit
# Configure PE2.
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.9
[PE3] mpls
[PE3-mpls] quit
[PE3] mpls ldp
[PE3-mpls-ldp] quit
[PE3] interface gigabitethernet 1/0/2
[PE3-GigabitEthernet1/0/2] mpls
[PE3-GigabitEthernet1/0/2] mpls ldp
[PE3-GigabitEthernet1/0/2] quit
After an MPLS LSP is created, PE1 can establish LDP sessions with both PE2 and PE3.
The display mpls ldp session command output shows that the Status field is
Operational.
[PE1] display mpls ldp session
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Passive 0000:00:01 5/5
3.3.3.9:0 Operational DU Passive 0000:00:00 2/2
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
# Configure PE2.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 200:1
[PE2-vpn-instance-vpn1-af-ipv4] vpn-target 200:1 both
[PE2-vpn-instance-vpn1-af-ipv4] quit
[PE2-vpn-instance-vpn1] quit
# Configure PE3.
[PE3] ip vpn-instance vpn2
[PE3-vpn-instance-vpn2] route-distinguisher 200:2
[PE3-vpn-instance-vpn2-af-ipv4] vpn-target 200:2 both
[PE3-vpn-instance-vpn2-af-ipv4] quit
[PE3-vpn-instance-vpn2] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.9 enable
[PE2-bgp-af-vpnv4] quit
# Configure PE3.
[PE3] bgp 100
[PE3-bgp] peer 1.1.1.9 as-number 100
[PE3-bgp] peer 1.1.1.9 connect-interface loopback 1
[PE3-bgp] ipv4-family vpnv4
[PE3-bgp-af-vpnv4] peer 1.1.1.9 enable
[PE3-bgp-af-vpnv4] quit
5. Set up EBGP peer relationships between PEs and CEs and import VPN routes.
# Configure CE4.
<HUAWEI> system-view
[HUAWEI] sysname CE4
[CE4] bgp 65410
[CE4-bgp] peer 192.168.2.1 as-number 100
[CE4-bgp] import-route direct
[CE4-bgp] quit
[CE4] interface gigabitethernet 1/0/1
[CE4-GigabitEthernet1/0/1] ip address 192.168.2.2 24
# Configure CE3.
<HUAWEI> system-view
[HUAWEI] sysname CE3
[CE3] bgp 65420
[CE3-bgp] peer 172.20.1.1 as-number 100
[CE3-bgp] import-route direct
[CE3-bgp] quit
[CE3] interface gigabitethernet 1/0/1
[CE3-GigabitEthernet1/0/1] ip address 172.20.1.2 24
[CE3-GigabitEthernet1/0/1] quit
# Configure PE2.
[PE2-bgp] ipv4-family vpn-instance vpn1
[PE2-bgp-vpn1] peer 192.168.2.2 as-number 65410
[PE2-bgp-vpn1] import-route direct
[PE2-bgp-vpn1] quit
# Configure PE3.
[PE3-bgp] ipv4-family vpn-instance vpn2
After the configurations are complete, run the display bgp vpnv4 all peer command on
PE1. The command output shows that BGP peer relationships have been established
between the PEs and are in the Established state.
[PE1] display bgp vpnv4 all peer
Step 2 Configure the VLAN mapping function and VLANIF interfaces, and then bind the VPN
instances to the VLANIF interfaces or sub-interfaces.
# Configure PE1.
[PE1] vlan batch 1 to 30
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] port vlan-mapping vlan 10 map-vlan 30
[PE1-GigabitEthernet1/0/1] quit
[PE1] interface vlanif 30
[PE1-Vlanif30] ip binding vpn-instance vpn1
[PE1-Vlanif30] ip address 192.168.1.2 24
[PE1-Vlanif30] quit
[PE1] interface gigabitethernet 1/0/4
[PE1-GigabitEthernet1/0/4] port vlan-mapping vlan 10 map-vlan 20
[PE1-GigabitEthernet1/0/4] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip binding vpn-instance vpn2
[PE1-Vlanif20] ip address 172.16.1.2 24
[PE1-Vlanif20] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/1.1
[PE2-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn1
[PE2-GigabitEthernet1/0/1.1] ip address 192.168.2.1 24
[PE2-GigabitEthernet1/0/1.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/1.1
[PE3-GigabitEthernet1/0/1.1] ip binding vpn-instance vpn2
[PE3-GigabitEthernet1/0/1.1] ip address 172.20.1.1 24
[PE3-GigabitEthernet1/0/1.1] quit
After completing the configurations, run the display ip vpn-instance verbose command on PEs
to view the configurations of VPN instances.
# Configure CE1.
<CE1> system-view
[CE1] stp region-configuration
[CE1-mst-region] region-name RG1
[CE1-mst-region] instance 1 vlan 1 to 30
[CE1-mst-region] active region-configuration
[CE1-mst-region] quit
# Configure CE2.
<CE2> system-view
[CE2] stp region-configuration
[CE2-mst-region] region-name RG1
[CE2-mst-region] instance 1 vlan 1 to 30
[CE2-mst-region] active region-configuration
[CE2-mst-region] quit
[CE2] stp instance 1 priority 36864
# Configure CE1.
[CE1] interface gigabitethernet 1/0/2
[CE1-GigabitEthernet1/0/2] undo shutdown
[CE1-GigabitEthernet1/0/2] portswitch
[CE1-GigabitEthernet1/0/2] stp enable
[CE1-GigabitEthernet1/0/2] quit
[CE1] interface gigabitethernet 1/0/3
[CE1-GigabitEthernet1/0/3] undo shutdown
[CE1-GigabitEthernet1/0/3] portswitch
[CE1-GigabitEthernet1/0/3] stp enable
[CE1-GigabitEthernet1/0/3] quit
[CE1] stp enable
# Configure CE2.
[CE2] interface gigabitethernet 1/0/2
[CE2-GigabitEthernet1/0/2] undo shutdown
[CE2-GigabitEthernet1/0/2] portswitch
[CE2-GigabitEthernet1/0/2] stp enable
[CE2-GigabitEthernet1/0/2] quit
[CE2] interface gigabitethernet 1/0/3
[CE2-GigabitEthernet1/0/3] undo shutdown
[CE2-GigabitEthernet1/0/3] portswitch
[CE2-GigabitEthernet1/0/3] stp enable
[CE2-GigabitEthernet1/0/3] quit
[CE2] stp enable
# Configure CE1.
[CE1] vlan batch 1 to 30
[CE1] interface gigabitethernet 1/0/2
[CE1-GigabitEthernet1/0/2] port trunk allow-pass vlan 1 to 30
[CE1-GigabitEthernet1/0/2] quit
[CE1] interface gigabitethernet 1/0/3
[CE1-GigabitEthernet1/0/3] port trunk allow-pass vlan 1 to 30
[CE1-GigabitEthernet1/0/3] quit
# Configure CE2.
[CE2] vlan batch 1 to 30
[CE2] interface gigabitethernet 1/0/2
[CE2-GigabitEthernet1/0/2] port trunk allow-pass vlan 1 to 30
[CE2-GigabitEthernet1/0/2] quit
[CE2] interface gigabitethernet 1/0/3
[CE2-GigabitEthernet1/0/3] port trunk allow-pass vlan 1 to 30
[CE2-GigabitEthernet1/0/3] quit
After the configurations are complete, you can run the display stp brief command on PE1 to
view MSTP configurations. The command output is as follows:
[PE1] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/1 ROOT FORWARDING NONE
0 GigabitEthernet1/0/4 DESI FORWARDING NONE
1 GigabitEthernet1/0/1 DESI FORWARDING NONE
1 GigabitEthernet1/0/4 DESI FORWARDING NONE
Run the display ip routing-table vpn-instance command on the PEs to view the routes to peer
CEs.
Run the display port vlan command to view interface information in VLANs.
Run the display interface vlanif command to view the status of VLANIF interfaces, the protocol
status, interface descriptions, and interface IP addresses.
----End
Configuration Files
l PE1 configuration file
#
sysname PE1
#
vlan batch 1 to 30
#
stp instance 1 root primary
stp enable
#
ip vpn-instance vpn1
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
ip vpn-instance vpn2
ipv4-family
route-distinguisher 100:2
vpn-target 100:2 export-extcommunity
vpn-target 100:2 import-extcommunity
#
stp region-configuration
region-name RG1
instance 1 vlan 1 to 30
active region-configuration
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface Vlanif20
ip binding vpn-instance vpn2
ip address 172.16.1.2 255.255.255.0
#
interface Vlanif30
ip binding vpn-instance vpn1
ip address 192.168.1.2 255.255.255.0
#
interface GigabitEthernet1/0/1
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 1 to 9 11 to 30
port vlan-mapping vlan 10 map-vlan 30
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 10.2.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/4
portswitch
undo shutdown
port link-type trunk
port trunk allow-pass vlan 1 to 9 11 to 30
port vlan-mapping vlan 10 map-vlan 20
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
#
ipv4-family vpn-instance vpn2
import-route direct
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.3
network 10.2.1.0 0.0.0.3
#
return
#
return
Networking Requirements
Figure 7-13 shows the networking of inter-AS Option A in Martini mode. This type of
networking has the following features:
You can adopt the following solutions to address the preceding problems:
You can configure a mPW between intra-AS ASBRs and enable Spanning Tree Protocol (STP)
on the mPW and the inter-AS Layer 3 main interfaces. Then, you can set STP priorities and cost
values to configure ASBR3 as the root bridge, ASBR4 as the backup root bridge, and the inter-
AS interface on ASBR2 to be blocked. In addition, the block of the inter-AS interface causes
the block of the VPLS services that are bound to Layer 3 sub-interfaces. In this case, the traffic
from CE1 passes along the path PE1-ASBR1-ASBR3-PE2 to reach CE2. This prevents the traffic
from being doubled or forming a loop.
Figure 7-13 Networking diagram of configuring E-STP - inter-AS Option A (Martini mode)
ASBR1 ASBR3
MPLS Backbone1 2 GE1/0/0
MPLS Backbone 2
GE1/0/0 2 PO
GE1/0/0.1 GE1/0/0.1 S3
/0/
/0 3/0 /0 2
GE2/0/0 GE2/0/0 2 0
/
PE1 S1 OS 0 STP PO
PO P S1 PE2
PW loop PW /0/
0
tunnel tunnel
P 0
PO O S 3/0/ /0
S2
/0/
3/0
/0 2 GE2/0/0 GE2/0/0 2
POS S2/0
0 5 GE1/0/0 GE1/0/0 5 PO
GE3/0/0.1 GE3/0/0.l
GE1/0/0.1 GE1/0/0.1
ASBR2 ASBR4
GE1/0/0 GE1/0/0
Configuration Roadmap
The configuration roadmap is as follows:
1. Run an IGP protocol on the backbone network to realize device connectivity within the
same AS.
2. Configure the basic MPLS capability on the MPLS network, including the following tasks:
l Set up dynamic LSPs between the PE and two ASBRs in the same AS.
l Set up a dynamic LSP between the two ASBRs in the same AS.
Set up the remote LDP session if the indirect connection(s) are established between the PE
and ASBRs or between ASBRs.
3. Establish VPLS connections between the PE and ASBRs in the same AS, including the
following tasks:
l Create service VSIs on the PE and two ASBRs in the same AS. These service VSIs are
used to exchange service packets.
l Create the mVSI on the two ASBRs in the same AS. The mVSI is used to send STP
packets through the mPW.
4. Configure STP, including the following tasks:
l Enable STP on the mPW of the ASBRs.
l Enable STP on the inter-AS physical link.
Configure relevant STP priorities to ensure that ASBR3 functions as the root bridge, and
ASBR4 as the backup root bridge.
Data Preparation
To complete the configuration, you need the following data:
l Data for configuring OSPF
l IP addresses of remote peers
l MPLS LSR IDs of PEs and ASBRs
l VSI IDs
Procedure
Step 1 Assign IP addresses to the interfaces on the backbone network. The configuration details are not
mentioned here.
Step 2 Configure an IGP protocol on the backbone network. In the configuration example, OSPF is
configured. The configuration details are not mentioned here.
Step 3 Enable MPLS and configure LDP LSPs.
Configure the basic MPLS capability on the MPLS backbone network, and establish dynamic
LDP LSPs between the PE and ASBRs in the same AS.
Take ASBR1 as an example:
<ASBR1> display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
1.1.1.1:0 Operational DU Active 000:16:33 3968/3966
3.3.3.3:0 Operational DU Passive 000:16:24 3935/3936
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
# Configure ASBR1.
[ASBR1] mpls l2vpn
# Configure ASBR2.
The configurations of PE2, ASBR3, and ASBR4 are the same and not mentioned here.
# Configure ASBR2.
[ASBR2] vsi m1 static
[ASBR2-vsi-m1] pwsignal ldp
[ASBR2-vsi-m1-ldp] vsi-id 100
[ASBR2-vsi-m1-ldp] peer 2.2.2.2
[ASBR2-vsi-m1-ldp] quit
[ASBR2-vsi-m1] admin-vsi
[ASBR2-vsi-m1] quit
# Configure ASBR3.
[ASBR3] vsi m1 static
[ASBR3-vsi-m1] pwsignal ldp
[ASBR3-vsi-m1-ldp] vsi-id 100
[ASBR3-vsi-m1-ldp] peer 5.5.5.5
[ASBR3-vsi-m1-ldp] quit
[ASBR3-vsi-m1] admin-vsi
[ASBR3-vsi-m1] quit
# Configure ASBR4.
[ASBR4] vsi m1 static
[ASBR4-vsi-m1] pwsignal ldp
[ASBR4-vsi-m1-ldp] vsi-id 100
[ASBR4-vsi-m1-ldp] peer 4.4.4.4
[ASBR4-vsi-m1-ldp] quit
[ASBR4-vsi-m1] admin-vsi
[ASBR1-vsi-m1] quit
2. On PEs and ASBRs, configure service VSIs and bind the service VSIs to relevant interfaces.
# Configure PE1.
[PE1] vsi s1 static
[PE1-vsi-s1] pwsignal ldp
[PE1-vsi-s1-ldp] vsi-id 10
[PE1-vsi-s1-ldp] peer 2.2.2.2
[PE1-vsi-s1-ldp] peer 3.3.3.3
[PE1-vsi-s1-ldp] quit
[PE1-vsi-s1] quit
[PE1] interface gigabitethernet 3/0/0
[PE1-GigabitEthernet3/0/0] undo shutdown
[PE1-GigabitEthernet3/0/0] quit
[PE1] interface gigabitethernet 3/0/0.1
[PE1-GigabitEthernet3/0/0.1] shutdown
[PE1-GigabitEthernet3/0/0.1] vlan-type dot1q 10
[PE1-GigabitEthernet3/0/0.1] l2 binding vsi s1
[PE1-GigabitEthernet3/0/0.1] undo shutdown
[PE1-GigabitEthernet3/0/0.1] quit
# Configure ASBR1.
[ASBR1] vsi s1 static
[ASBR1-vsi-s1] pwsignal ldp
[ASBR1-vsi-s1-ldp] vsi-id 10
[ASBR1-vsi-s1-ldp] peer 1.1.1.1
[ASBR1-vsi-s1-ldp] quit
[ASBR1-vsi-s1] quit
[ASBR1] interface gigabitethernet 1/0/0
[ASBR1-GigabitEthernet1/0/0] undo shutdown
[ASBR1-GigabitEthernet1/0/0] quit
[ASBR1] interface gigabitethernet 1/0/0.1
[ASBR1-GigabitEthernet1/0/0.1] shutdown
[ASBR1-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[ASBR1-GigabitEthernet1/0/0.1] l2 binding vsi s1
[ASBR1-GigabitEthernet1/0/0.1] undo shutdown
[ASBR1-GigabitEthernet1/0/0.1] quit
# Configure ASBR2.
[ASBR2] vsi s1 static
[ASBR2-vsi-s1] pwsignal ldp
[ASBR2-vsi-s1-ldp] vsi-id 10
[ASBR2-vsi-s1-ldp] peer 1.1.1.1
[ASBR2-vsi-s1-ldp] quit
[ASBR2-vsi-s1] quit
[ASBR2] interface gigabitethernet 1/0/0
[ASBR2-GigabitEthernet1/0/0] undo shutdown
[ASBR2-GigabitEthernet1/0/0] quit
[ASBR2] interface gigabitethernet 1/0/0.1
[ASBR2-GigabitEthernet1/0/0.1] shutdown
[ASBR2-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[ASBR2-GigabitEthernet1/0/0.1] l2 binding vsi s1
[ASBR2-GigabitEthernet1/0/0.1] undo shutdown
[ASBR2-GigabitEthernet1/0/0.1] quit
# Configure PE2.
[PE2] vsi s1 static
[PE2-vsi-s1] pwsignal ldp
[PE2-vsi-s1-ldp] vsi-id 10
[PE2-vsi-s1-ldp] peer 4.4.4.4
[PE2-vsi-s1-ldp] peer 5.5.5.5
[PE2-vsi-s1-ldp] quit
[PE2-vsi-s1] quit
[PE2] interface gigabitethernet 3/0/0
[PE2-GigabitEthernet3/0/0] undo shutdown
[PE2-GigabitEthernet3/0/0] quit
[PE2] interface gigabitethernet 3/0/0.1
[PE2-GigabitEthernet3/0/0.1] shutdown
[PE2-GigabitEthernet3/0/0.1] vlan-type dot1q 10
[PE2-GigabitEthernet3/0/0.1] l2 binding vsi s1
[PE2-GigabitEthernet3/0/0.1] undo shutdown
[PE2-GigabitEthernet3/0/0.1] quit
# Configure ASBR3.
[ASBR3] vsi s1 static
[ASBR3-vsi-s1] pwsignal ldp
[ASBR3-vsi-s1-ldp] vsi-id 10
[ASBR3-vsi-s1-ldp] peer 6.6.6.6
[ASBR3-vsi-s1-ldp] quit
[ASBR3-vsi-s1] quit
[ASBR3] interface gigabitethernet 1/0/0
[ASBR3-GigabitEthernet1/0/0] undo shutdown
[ASBR3-GigabitEthernet1/0/0] quit
[ASBR3] interface gigabitethernet 1/0/0.1
[ASBR3-GigabitEthernet1/0/0.1] shutdown
[ASBR3-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[ASBR3-GigabitEthernet1/0/0.1] l2 binding vsi s1
[ASBR3-GigabitEthernet1/0/0.1] undo shutdown
[ASBR3-GigabitEthernet1/0/0.1] quit
# Configure ASBR4.
# Configure the Multiple Spanning Tree (MST) region of ASBR1, and then activate the MST
region configuration. Because the four ASBRs have the same MST region configurations, take
ASBR1 as an example.
[ASBR1] stp enable
[ASBR1] stp region-configuration
[ASBR1-mst-region] region-name RG1
[ASBR1-mst-region] active region-configuration
[ASBR1-mst-region] quit
# Configure the STP priority of ASBR3 as 0 in MSTI0 to ensure that ASBR3 functions as the
root bridge.
[ASBR3] stp instance 0 priority 0
# Configure the STP priority of ASBR4 as 4096 in MSTI0 to ensure that ASBR4 functions as
the backup root bridge.
[ASBR4] stp instance 0 priority 4096
Configure the STP priorities of ASBR1 and ASBR2 as the default STP priority, namely, 32768.
On the ASBRs:
l Create the mPW and enter the mPW view, and then enable STP.
l Enable STP on the inter-AS physical link.
NOTE
When binding the service VSI to the management VSI, configure STP in the management VSI rather than
in the service VSI. In this manner, the status of the service VSI is associated with the status of the
management VSI.
# Configure ASBR1.
[ASBR1] vsi m1 static
[ASBR1-vsi-m1] pwsignal ldp
[ASBR1-vsi-m1-ldp] peer 3.3.3.3 pw pw1
[ASBR1-vsi-m1-ldp-pw-pw1] stp enable
[ASBR1-vsi-m1-ldp-pw-pw1] stp cost 2
[ASBR1-vsi-m1-ldp-pw-pw1] quit
[ASBR1-vsi-m1-ldp] quit
[ASBR1-vsi] quit
# Configure ASBR2.
[ASBR2] vsi m1 static
[ASBR2-vsi-m1] pwsignal ldp
[ASBR2-vsi-m1-ldp] peer 2.2.2.2 pw pw1
[ASBR2-vsi-m1-ldp-pw-pw1] stp enable
[ASBR2-vsi-m1-ldp-pw-pw1] stp cost 2
[ASBR2-vsi-m1-ldp-pw-pw1] quit
[ASBR2-vsi-m1-ldp] quit
[ASBR2-vsi] quit
[ASBR2] interface gigabitethernet 1/0/0
[ASBR2-GigabitEthernet1/0/0] stp enable
[ASBR2-GigabitEthernet1/0/0] stp vpls-subinterface enable
[ASBR2-GigabitEthernet1/0/0] stp instance 0 cost 5
# Configure ASBR3.
[ASBR3] vsi m1 static
[ASBR3-vsi-m1] pwsignal ldp
[ASBR3-vsi-m1-ldp] peer 5.5.5.5 pw pw1
[ASBR3-vsi-m1-ldp-pw-pw1] stp enable
[ASBR3-vsi-m1-ldp-pw-pw1] stp cost 2
[ASBR3-vsi-m1-ldp-pw-pw1] quit
[ASBR3-vsi-m1-ldp] quit
[ASBR3-vsi] quit
[ASBR3] interface gigabitethernet 1/0/0
[ASBR3-GigabitEthernet1/0/0] stp enable
[ASBR3-GigabitEthernet1/0/0] stp vpls-subinterface enable
[ASBR3-GigabitEthernet1/0/0] stp instance 0 cost 2
# Configure ASBR4.
[ASBR4] vsi m1 static
[ASBR4-vsi-m1] pwsignal ldp
[ASBR4-vsi-m1-ldp] peer 4.4.4.4 pw pw1
[ASBR4-vsi-m1-ldp-pw-pw1] stp enable
[ASBR4-vsi-m1-ldp-pw-pw1] stp cost 2
[ASBR4-vsi-m1-ldp-pw-pw1] quit
[ASBR4-vsi-m1-ldp] quit
[ASBR4-vsi] quit
[ASBR4] interface gigabitethernet 1/0/0
[ASBR4-GigabitEthernet1/0/0] stp enable
[ASBR4-GigabitEthernet1/0/0] stp vpls-subinterface enable
[ASBR4-GigabitEthernet1/0/0] stp instance 0 cost 5
# Configure CE2.
[CE2] interface gigabitethernet 1/0/0.1
[CE2-GigabitEthernet1/0/0.1] shutdown
[CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24
[CE2-GigabitEthernet1/0/0.1] undo shutdown
[CE2-GigabitEthernet1/0/0.1] quit
l Run the display vsi name s1 verbose command on ASBR1. You can find that a PW
connecting PE1 is established in the VSI named s1 that is in the Up state.
<ASBR1> display vsi name s1 verbose
***VSI Name : s1
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Service Class : --
Color : --
DomainId : 255
Domain Name :
Ignore AcState : disable
Multicast Fast Swicth : disable
Create Time : 0 days, 0 hours, 26 minutes, 24 seconds
VSI State : up
Resource Status : Valid
VSI ID : 10
*Peer Router ID : 1.1.1.1
VC Label : 19457
Peer Type : dynamic
Session : up
Tunnel ID : 0x2000
Broadcast Tunnel ID : 0x801008
CKey : 6
NKey : 5
StpEnable : 0
PwIndex : 0
**PW Information:
***VSI Name : s1
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Service Class : --
Color : --
DomainId : 255
Domain Name :
Ignore AcState : disable
Multicast Fast Swicth : disable
Create Time : 0 days, 0 hours, 23 minutes, 28 seconds
VSI State : up
Resource Status : Valid
VSI ID : 10
*Peer Router ID : 1.1.1.1
VC Label : 19457
Peer Type : dynamic
Session : up
Tunnel ID : 0x2004
Broadcast Tunnel ID : 0x801008
CKey : 6
NKey : 5
StpEnable : 0
PwIndex : 0
**PW Information:
Nkey : 0x5
Main PW Token : 0x801008
Slave PW Token : 0x0
Tnl Type : LSP
OutInterface : GigabitEthernet1/0/0
Stp Enable : 0
Mac Flapping : 0
PW Last Up Time : 2009/02/25 11:17:20
PW Total Up Time : 0 days, 0 hours, 22 minutes, 50 seconds
l In addition, CE1 and CE2 can ping each other successfully. Take the display on CE1 as an
example.
<CE1> ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=172 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=156 ms
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=156 ms
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=156 ms
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=156 ms
--- 10.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 156/159/172 ms
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi s1 static
pwsignal ldp
vsi-id 10
peer 2.2.2.2
peer 3.3.3.3
#
mpls ldp
#
interface POSl/0/0
undo shutdown
ip address 192.168.1.1 255.255.255.0
mpls
mpls ldp
#
interface POS2/0/0
undo shutdown
ip address 192.168.2.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet3/0/0
undo shutdown
#
interface GigabitEthernet3/0/0.1
vlan-type dot1q 10
undo shutdown
l2 binding vsi s1
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 1.1.1.1 0.0.0.0
#
return
active region-configuration
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
#
vsi s1 static
pwsignal ldp
vsi-id 10
peer 1.1.1.1
#
vsi m1 static
pwsignal ldp
vsi-id 100
peer 3.3.3.3
peer 3.3.3.3 pw pw1
stp enable
stp cost 2
admin-vsi
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
stp enable
stp vpls-subinterface enable
stp instance 0 cost 2
#
interface GigabitEthernet1/0/0.1
vlan-type dot1q 100
undo shutdown
l2 binding vsi s1
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 172.16.1.1 255.255.255.0
mpls
mpls ldp
#
interface POS3/0/0
link-protocol ppp
undo shutdown
ip address 192.168.1.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 172.16.1.0 0.0.0.255
network 2.2.2.2 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi s1 static
pwsignal ldp
vsi-id 10
peer 1.1.1.1
#
vsi m1 static
pwsignal ldp
vsi-id 100
peer 2.2.2.2
peer 2.2.2.2 pw pw1
stp enable
stp cost 2
admin-vsi
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
stp enable
stp vpls-subinterface enable
stp instance 0 cost 5
#
interface GigabitEthernet1/0/0.1
vlan-type dot1q 10
undo shutdown
l2 binding vsi s1
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 172.16.1.2 255.255.255.0
mpls
mpls ldp
#
interface POS3/0/0
link-protocol ppp
undo shutdown
ip address 192.168.2.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.3 255.255.252.0
#
ospf 1
area 0.0.0.0
network 172.16.1.0 0.0.0.255
network 3.3.3.3 0.0.0.0
network 192.168.2.0 0.0.0.255
#
return
#
mpls lsr-id 4.4.4.4
mpls
#
mpls l2vpn
#
vsi s1 static
pwsignal ldp
vsi-id 10
peer 6.6.6.6
#
vsi m1 static
pwsignal ldp
vsi-id 100
peer 5.5.5.5
peer 5.5.5.5 pw pw1
stp enable
stp cost 2
admin-vsi
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
stp enable
stp vpls-subinterface enable
stp instance 0 cost 2
#
interface GigabitEthernet1/0/0.1
vlan-type dot1q 10
undo shutdown
l2 binding vsi s1
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 172.17.1.1 255.255.255.0
mpls
mpls ldp
#
interface POS3/0/0
link-protocol ppp
undo shutdown
ip address 172.18.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
ospf 1
area 0.0.0.0
network 172.17.1.0 0.0.0.255
network 172.18.1.0 0.0.0.255
network 4.4.4.4 0.0.0.0
#
return
#
mpls lsr-id 5.5.5.5
mpls
#
mpls l2vpn
#
vsi s1 static
pwsignal ldp
vsi-id 10
peer 6.6.6.6
#
vsi m1 static
pwsignal ldp
vsi-id 100
peer 4.4.4.4
peer 4.4.4.4 pw pw1
stp enable
stp cost 2
admin-vsi
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
stp enable
stp vpls-subinterface enable
stp instance 0 cost 5
#
interface GigabitEthernet1/0/0.1
vlan-type dot1q 10
undo shutdown
l2 binding vsi s1
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 172.17.1.2 255.255.255.0
mpls
mpls ldp
#
interface POS3/0/0
link-protocol ppp
undo shutdown
ip address 172.18.2.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 5.5.5.5 255.255.255.255
#
ospf 1
area 0.0.0.0
network 172.17.1.0 0.0.0.255
network 172.18.2.0 0.0.0.255
network 5.5.5.5 0.0.0.0
#
return
Networking Requirements
Figure 7-14 shows the networking of inter-AS PW interconnection in Martini mode. This type
of networking has the following features:
l Each UPE is dual-homed to NPEs, and links are backed up between ASs.
l The two ASs are connected through a Hierarchical VPLS (HVPLS) network. UPE1, NPE1,
and NPE3 form a basic H-VPLS network, and UPE1 is an UPE peer of NPE1.
l The service PWs between NPE1 and NPE3 and between NPE2 and NPE4 are Spoke PWs,
which do not comply with the principle of split horizon.
l Each UPE receives two copies of traffic sent by the peer UPE.
You can adopt the following solutions to address the preceding problems:
You can configure a mPW between inter-AS NPEs and intra-AS NPEs, and enable STP on the
mPW. Then, you can set STP priorities and cost values to configure NPE3 as the root bridge,
NPE4 as the backup root bridge, and the inter-AS mPW on NPE2 to be blocked. In addition, the
block of the management VSI causes the block of the service VSIs. In this case, the traffic from
CE1 passes along the path UPE1-NPE1-NPE3-UPE2 to reach CE2. This prevents the traffic
from being doubled or forming a loop.
Service PW
NPE2 GE1/0/0 GE1/0/0 NPE4
GE1/0/0 GE1/0/0
Configuration Roadmap
The configuration roadmap is as follows:
1. Run an IGP protocol on the backbone network to realize device connectivity within the
same AS.
2. Enable the basic MPLS capability on the backbone network, including the following tasks:
l Set up dynamic LSPs between the UPE and two NPEs in the same AS.
l Set up a dynamic LSP between the two NPEs in the same AS.
Establish remote LDP sessions for the indirect connection(s) between the UPE and NPEs
or between NPEs.
3. Establish the VPLS connections between the UPE and NPEs in the same AS, including the
following tasks:
l Create service VSIs on the UPE and two NPEs that are in the same AS. These service
VSIs are used to exchange service packets.
l Create the mVSI on the NPEs that are in the same AS. The mVSI is used to send STP
packets through the mPW.
l Configure the mVSI and service VSIs on the NPEs, with the mPW transmitting STP
packets, and service PWs transparently transmitting service packets. Meanwhile,
associate the status of service VSIs with the status of the mVSI.
4. Configure STP on the intra-AS mPW and inter-AS mPW.
By configuring STP priorities and costs, ensure that NPE3 functions as the root bridge,
NPE4 as the backup root bridge, and the PW between NPE2 and NPE4 as being blocked.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Assign IP addresses to the interfaces on the MPLS backbone network. The configuration details
are not mentioned here.
Configure an IGP protocol on the MPLS backbone network to realize the interconnection
between UPEs and NPEs. In the configuration example, OSPF is configured. The configuration
details are not mentioned here.
Configure the basic MPLS capability on the MPLS network, and establish dynamic LDP LSPs
between the UPE and NPEs in the same AS.
After this step, LSPs are established between the UPE and NPEs in the same AS.
# Configure UPE1.
[UPE1] mpls l2vpn
# Configure NPE1.
[NPE1] mpls l2vpn
# Configure NPE2.
[NPE2] mpls l2vpn
The configurations of UPE2, UPE3, and NPE4 are similar and not mentioned here.
# Configure NPE2.
[NPE2] vsi m1 static
[NPE2-vsi-m1] pwsignal ldp
[NPE2-vsi-m1-ldp] vsi-id 10
[NPE2-vsi-m1-ldp] peer 2.2.2.2
[NPE2-vsi-m1-ldp] peer 5.5.5.5
[NPE2-vsi-m1-ldp] quit
[NPE2-vsi-m1] admin-vsi
[NPE2-vsi-m1] quit
# Configure NPE3.
[NPE3] vsi m1 static
[NPE3-vsi-m1] pwsignal ldp
[NPE3-vsi-m1-ldp] vsi-id 10
[NPE3-vsi-m1-ldp] peer 2.2.2.2
[NPE3-vsi-m1-ldp] peer 5.5.5.5
[NPE3-vsi-m1-ldp] quit
[NPE3-vsi-m1] admin-vsi
[NPE3-vsi-m1] quit
# Configure NPE4.
[NPE4] vsi m1 static
[NPE4-vsi-m1] pwsignal ldp
[NPE4-vsi-m1-ldp] vsi-id 10
[NPE4-vsi-m1-ldp] peer 3.3.3.3
[NPE4-vsi-m1-ldp] peer 4.4.4.4
[NPE4-vsi-m1-ldp] quit
[NPE4-vsi-m1] admin-vsi
[NPE4-vsi-m1] quit
2. On UPEs, configure service VSIs and bind the service VSIs to relevant interfaces. On NPEs,
configure the Hierarchical VPLS (HVPLS) networking with the intra-AS UPEs, establish
ordinary peer relationships with the inter-AS NPEs, and bind service VSIs to the mVSI.
# Configure UPE1.
[UPE1] vsi s1 static
[UPE1-vsi-s1] pwsignal ldp
[UPE1-vsi-s1-ldp] vsi-id 100
[UPE1-vsi-s1-ldp] peer 2.2.2.2
[UPE1-vsi-s1-ldp] peer 3.3.3.3
[UPE1-vsi-s1-ldp] quit
[UPE1-vsi-s1] quit
[UPE1] interface gigabitethernet 3/0/0.1
[UPE1-GigabitEthernet3/0/0.1] shutdown
[UPE1-GigabitEthernet3/0/0.1] vlan-type dot1q 10
[UPE1-GigabitEthernet3/0/0.1] l2 binding vsi s1
[UPE1-GigabitEthernet3/0/0.1] undo shutdown
[UPE1-GigabitEthernet3/0/0.1] quit
# Configure NPE1.
# Configure NPE2.
[NPE2] vsi s1 static
[NPE2-vsi-s1] pwsignal ldp
[NPE2-vsi-s1-ldp] vsi-id 100
[NPE2-vsi-s1-ldp] peer 1.1.1.1 upe
[NPE2-vsi-s1-ldp] peer 5.5.5.5
[NPE2-vsi-s1-ldp] quit
[NPE2-vsi-s1] track admin-vsi m1
[NPE2-vsi-s1] quit
# Configure UPE2.
[UPE2] vsi s1 static
[UPE2-vsi-s1] pwsignal ldp
[UPE2-vsi-s1-ldp] vsi-id 100
[UPE2-vsi-s1-ldp] peer 4.4.4.4
[UPE2-vsi-s1-ldp] peer 5.5.5.5
[UPE2-vsi-s1-ldp] quit
[UPE2-vsi-s1] quit
[UPE2] interface gigabitethernet 3/0/0.1
[UPE2-GigabitEthernet3/0/0.1] shutdown
[UPE2-GigabitEthernet3/0/0.1] vlan-type dot1q 10
[UPE2-GigabitEthernet3/0/0.1] l2 binding vsi s1
[UPE2-GigabitEthernet3/0/0.1] undo shutdown
[UPE2-GigabitEthernet3/0/0.1] quit
# Configure NPE3.
[NPE3] vsi s1 static
[NPE3-vsi-s1] pwsignal ldp
[NPE3-vsi-s1-ldp] vsi-id 10
[NPE3-vsi-s1-ldp] peer 6.6.6.6 upe
[NPE3-vsi-s1-ldp] peer 2.2.2.2
[NPE3-vsi-s1-ldp] quit
[NPE3-vsi-s1] track admin-vsi m1
[NPE3-vsi-s1] quit
# Configure NPE4.
[NPE4] vsi s1 static
[NPE4-vsi-s1] pwsignal ldp
[NPE4-vsi-s1-ldp] vsi-id 10
[NPE4-vsi-s1-ldp] peer 6.6.6.6 upe
[NPE4-vsi-s1-ldp] peer 3.3.3.3
[NPE4-vsi-s1-ldp] quit
[NPE4-vsi-s1] track admin-vsi m1
[NPE4-vsi-s1] quit
# Configure the MST region of NPE1, and then activate the region configurations. Because the
four NPEs have the same region configurations, take NPE1 as an example.
[NPE1] stp enable
[NPE1] stp region-configuration
[NPE1-mst-region] region-name RG1
[NPE1-mst-region] active region-configuration
[NPE1-mst-region] quit
# Configure the priority of NPE3 as 0 in MSTI0 to ensure that NPE3 functions as the root bridge.
[NPE3] stp instance 0 priority 0
# Configure the priority of NPE4 as 4096 in MSTI0 to ensure that NPE4 functions as the backup
root bridge.
[NPE4] stp instance 0 priority 4096
Configure the STP priorities of NPE1 and NPE2 as the default STP priority, namely, 32768.
Step 7 Configure E-STP. Enable STP on the intra-AS mPW and inter-AS mPW, and configure STP
costs.
NOTE
When binding the service VSI to the management VSI, configure STP in the management VSI rather than
in the service VSI. In this manner, the status of the service VSI is associated with the status of the
management VSI.
# Configure NPE1.
[NPE1] vsi m1 static
[NPE1-vsi-m1] pwsignal ldp
[NPE1-vsi-m1-ldp] peer 3.3.3.3 pw pw1
[NPE1-vsi-m1-ldp-pw-pw1] stp enable
[NPE1-vsi-m1-ldp-pw-pw1] stp cost 2
[NPE1-vsi-m1-ldp-pw-pw1] quit
[NPE1-vsi-m1-ldp] peer 4.4.4.4 pw pw2
[NPE1-vsi-m1-ldp-pw-pw2] stp enable
[NPE1-vsi-m1-ldp-pw-pw2] stp cost 2
[NPE1-vsi-m1-ldp-pw-pw2] quit
# Configure NPE2.
[NPE2] vsi m1 static
[NPE2-vsi-m1] pwsignal ldp
[NPE2-vsi-m1-ldp] peer 2.2.2.2 pw pw1
[NPE2-vsi-m1-ldp-pw-pw1] stp enable
[NPE2-vsi-m1-ldp-pw-pw1] stp cost 2
[NPE2-vsi-m1-ldp-pw-pw1] quit
[NPE2-vsi-m1-ldp] peer 5.5.5.5 pw pw2
[NPE2-vsi-m1-ldp-pw-pw2] stp enable
[NPE2-vsi-m1-ldp-pw-pw2] stp cost 5
[NPE2-vsi-m1-ldp] quit
[NPE2-vsi] quit
# Configure NPE3.
[NPE3] vsi m1 static
[NPE3-vsi-m1] pwsignal ldp
[NPE3-vsi-m1-ldp] peer 5.5.5.5 pw pw1
[NPE3-vsi-m1-ldp-pw-pw1] stp enable
[NPE3-vsi-m1-ldp-pw-pw1] stp cost 2
[NPE3-vsi-m1-ldp-pw-pw1] quit
[NPE3-vsi-m1-ldp] peer 2.2.2.2 pw pw2
[NPE3-vsi-m1-ldp-pw-pw2] stp enable
[NPE3-vsi-m1-ldp-pw-pw2] stp cost 2
[NPE3-vsi-m1-ldp-pw-pw2] quit
[NPE3-vsi] quit
# Configure NPE4.
[NPE4] vsi m1 static
[NPE4-vsi-m1] pwsignal ldp
[NPE4-vsi-m1-ldp] peer 4.4.4.4 pw pw1
[NPE4-vsi-m1-ldp-pw-pw1] stp enable
# Configure CE1.
[CE1] interface gigabitethernet 1/0/0.1
[CE1-GigabitEthernet1/0/0.1] shutdown
[CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24
[CE1-GigabitEthernet1/0/0.1] undo shutdown
[CE1-GigabitEthernet1/0/0.1] quit
# Configure CE2.
[CE2] interface gigabitethernet 1/0/0.1
[CE2-GigabitEthernet1/0/0.1] shutdown
[CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24
[CE2-GigabitEthernet1/0/0.1] undo shutdown
[CE2-GigabitEthernet1/0/0.1] quit
As shown in the command output, The PW named pw2 between NPE2 and NPE4 is blocked
and in the discarding state.
l Run the display vsi name s1 verbose command on NPE1 and NPE2. The command output
on NPE1 shows that the service VSI s1 has two PWs respectively connecting UPE1 and
UPE3, and both the service VSI s1 and the PWs are in the Up state. The command output on
NPE2 shows that the service VSI s1 have two PWs respectively connecting UPE1 and UPE4,
and the service VSI s1 and the PW connecting with UPE1 are in the Up state, but the PW
connecting NPE4 is in the backup state. For details, see the following table.
***VSI Name : s1
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Service Class : --
Color : --
DomainId : 255
Domain Name :
Ignore AcState : disable
Multicast Fast Swicth : disable
Create Time : 0 days, 14 hours, 26 minutes, 19 seconds
VSI State : up
Resource Status : Valid
VSI ID : 10
*Peer Router ID : 1.1.1.1
VC Label : 19459
Peer Type : dynamic
Session : up
Tunnel ID : 0x2000
Broadcast Tunnel ID : 0x801008
CKey : 6
NKey : 5
StpEnable : 0
PwIndex : 0
*Peer Router ID : 4.4.4.4
VC Label : 19460
Peer Type : dynamic
Session : up
Tunnel ID : 0x201d
Broadcast Tunnel ID : 0x801008
CKey : 6
NKey : 5
StpEnable : 0
PwIndex : 0
**PW Information:
Nkey : 0x5
Main PW Token : 0x801008
Slave PW Token : 0x0
Tnl Type : LSP
OutInterface : POS3/0/0
Stp Enable : 0
Mac Flapping : 0
PW Last Up Time : 2009/02/25 07:46:06
PW Total Up Time : 0 days, 13 hours, 42 minutes, 56 seconds
*Peer Ip Address : 4.4.4.4
PW State : up
Local VC Label : 19460
Remote VC Label : 19456
PW Type : label
Tunnel ID : 0x201d
Broadcast Tunnel ID : 0x801008
Ckey : 0x6
Nkey : 0x5
Main PW Token : 0x801008
Slave PW Token : 0x0
Tnl Type : LSP
OutInterface : GigabitEthernet1/0/0
Stp Enable : 1
Mac Flapping : 0
PW Last Up Time : 2009/02/25 07:46:06
PW Total Up Time : 0 days, 13 hours, 42 minutes, 56 seconds
<NPE2> display vsi name s1 verbose
***VSI Name : s1
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Service Class : --
Color : --
DomainId : 255
Domain Name :
Ignore AcState : disable
Multicast Fast Swicth : disable
Create Time : 0 days, 14 hours, 29 minutes, 51 seconds
VSI State : up
Resource Status : Valid
VSI ID : 10
*Peer Router ID : 1.1.1.1
VC Label : 19458
Peer Type : dynamic
Session : up
Tunnel ID : 0x2004
Broadcast Tunnel ID : 0x801008
CKey : 6
NKey : 5
StpEnable : 0
PwIndex : 0
*Peer Router ID : 5.5.5.5
VC Label : 19459
Peer Type : dynamic
Session : up
Tunnel ID : 0x2016
Broadcast Tunnel ID : 0x801008
CKey : 6
NKey : 5
StpEnable : 0
PwIndex : 0
**PW Information:
As shown in the command output, the service PW between NPE1 and NPE4 is blocked.
l CE1 and CE2 can ping each other successfully.
Take the display on CE1 as an example.
<CE1> ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=172 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=156 ms
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=156 ms
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=156 ms
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=156 ms
--- 10.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 156/159/172 ms
----End
Configuration Files
l Configuration file of UPE1
#
sysname UPE1
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi s1 static
pwsignal ldp
vsi-id 10
peer 2.2.2.2
peer 3.3.3.3
#
mpls ldp
#
interface POS1/0/0
link-protocol ppp
ip address 192.168.1.1 255.255.255.0
mpls
mpls ldp
#
interface POS2/0/0
link-protocol ppp
ip address 192.168.2.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet3/0/0
undo shutdown
#
interface GigabitEthernet3/0/0.1
vlan-type dot1q 100
undo shutdown
l2 binding vsi s1
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 1.1.1.1 0.0.0.0
#
return
link-protocol ppp
ip address 172.18.2.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet3/0/0
undo shutdown
#
interface GigabitEthernet3/0/0.1
vlan-type dot1q 100
undo shutdown
l2 binding vsi s1
#
interface LoopBack1
ip address 6.6.6.6 255.255.255.255
#
ospf 1
area 0.0.0.0
network 172.18.1.0 0.0.0.255
network 172.18.2.0 0.0.0.255
network 6.6.6.6 0.0.0.0
#
return
interface GigabitEthernet2/0/0
undo shutdown
ip address 100.8.1.1 255.255.255.0
mpls
mpls ldp
#
interface POS3/0/0
link-protocol ppp
ip address 192.168.1.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 100.8.1.0 0.0.0.255
network 2.2.2.2 0.0.0.0
network 192.168.1.0 0.0.0.255
network 100.6.1.0 0.0.0.255
#
return
interface GigabitEthernet2/0/0
undo shutdown
ip address 100.8.1.1 255.255.255.0
mpls
mpls ldp
#
interface POS3/0/0
link-protocol ppp
ip address 192.168.2.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.3 255.255.252.0
#
ospf 1
area 0.0.0.0
network 100.8.1.0 0.0.0.255
network 3.3.3.3 0.0.0.0
network 192.168.2.0 0.0.0.255
network 100.7.1.0 0.0.0.255
#
return
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 100.9.1.1 255.255.255.0
mpls
mpls ldp
#
interface POS3/0/0
link-protocol ppp
ip address 172.18.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
ospf 1
area 0.0.0.0
network 100.9.1.0 0.0.0.255
network 4.4.4.4 0.0.0.0
network 100.6.1.0 0.0.0.255
network 172.18.1.0 0.0.0.255
#
return
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 100.9.1.2 255.255.255.0
mpls
mpls ldp
#
interface POS3/0/0
link-protocol ppp
ip address 172.18.2.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 5.5.5.5 255.255.255.255
#
ospf 1
area 0.0.0.0
network 100.9.1.0 0.0.0.255
network 5.5.5.5 0.0.0.0
network 100.7.1.0 0.0.0.255
network 172.18.2.0 0.0.0.255
#
return
Networking Requirements
Figure 7-15 shows the VPLS networking where a CE is dual-homed to PEs. This type of
networking has the following problem:
You can adopt the following solution to address the preceding problems:
You can configure a mPW between PE1 and PE2, and enable STP on the physical links between
CE1 and PE1, and between CE1 and PE2, and on the mPW between PE1 and PE2. Then, you
can set STP priorities and cost values to configure PE1 as the root bridge, PE2 as the backup
root bridge, and GE 2/0/0 of CE1 to be blocked. In this case, the traffic from the DSLAM passes
along the path CE1-PE1-PE3 to reach CE2. This prevents the traffic from being doubled or
forming a loop.
PE1
MPLS Backbone
GE1/0/0
POS2/0/0
2 2
CE1 POS1/0/0
GE1/0/0 Serv
i cePW
2 STP Management PE3
5 loop
GE3/0/0 PW W
P
ce GE3/0/0
GE2/0/0 2 ervi
5 S
GE1/0/0 POS2/0/0 GE1/0/0
10.1.1.1/24 GE1/0/0 10.1.1.2/24
POS2/0/0
PE2
CE2
DSLAM
2 5 STP cost Blocked point
Configuration Roadmap
The configuration roadmap is as follows:
1. Run an IGP protocol on the backbone network to implement device connectivity within
the VPLS backbone network.
2. Configure the basic MPLS capability and establish LDP LSPs on the VPLS backbone
network.
3. Establish the VPLS connections between PEs, including the following tasks:
l Create service VSIs that are used to exchange service packets.
l Create the mVSI that is used to deliver STP packets through the mPW.
4. Configure STP, including the following tasks:
l Enable STP on the mPW between the PEs.
l Enable STP on the physical links between CEs and between the CE and PE.
Configure relevant STP priorities to ensure that PE1 functions as the root bridge, and PE2
as the backup root bridge.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Assign IP addresses to the interfaces and configure an IGP protocol on the VPLS backbone
network. This implements the interconnection between PEs. In the configuration example, OSPF
is configured, and the configuration details are not mentioned here.
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos 2/0/0
[PE2-Pos2/0/0] mpls
[PE2-Pos2/0/0] mpls ldp
[PE2-Pos2/0/0] quit
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3
[PE3] mpls
[PE3-mpls] quit
[PE3] mpls ldp
[PE3-mpls-ldp] quit
[PE3] interface pos 1/0/0
[PE3-Pos1/0/0] mpls
[PE3-Pos1/0/0] mpls ldp
[PE3-Pos1/0/0] quit
[PE3] interface pos 2/0/0
[PE3-Pos2/0/0] mpls
[PE3-Pos2/0/0] mpls ldp
[PE3-Pos2/0/0] quit
2. # Configure the remote peer relationship between PE1 and PE2 to facilitate the creation of
the mPW.
# Configure PE1.
[PE1] mpls ldp remote-peer 2.2.2.2
[PE1-mpls-ldp-remote-2.2.2.2] remote-ip 2.2.2.2
[PE1-mpls-ldp-remote-2.2.2.2] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] quit
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
1.1.1.1:0 Operational DU Active 000:00:08 34/34
2.2.2.2:0 Operational DU Active 000:00:08 34/34
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
# Configure PE1.
[PE1] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn
# Configure PE3.
[PE3] mpls l2vpn
# Configure PE2.
[PE2] vsi m1 static
[PE2-vsi-m1] pwsignal ldp
[PE2-vsi-m1-ldp] vsi-id 100
[PE2-vsi-m1-ldp] peer 1.1.1.1
[PE2-vsi-m1-ldp] quit
[PE2-vsi-m1] admin-vsi
[PE2-vsi-m1] quit
# Configure PE2.
[PE2] vsi s1 static
[PE2-vsi-s1] pwsignal ldp
[PE2-vsi-s1-ldp] vsi-id 10
[PE2-vsi-s1-ldp] peer 3.3.3.3
[PE2-vsi-s1-ldp] quit
[PE2-vsi-s1] quit
[PE2] interface gigabitethernet 1/0/0.1
[PE2-GigabitEthernet1/0/0.1] shutdown
[PE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[PE2-GigabitEthernet1/0/0.1] l2 binding vsi s1
[PE2-GigabitEthernet1/0/0.1] undo shutdown
[PE2-GigabitEthernet1/0/0.1] quit
# Configure PE3.
[PE3] vsi s1 static
[PE3-vsi-s1] pwsignal ldp
[PE3-vsi-s1-ldp] vsi-id 10
[PE3-vsi-s1-ldp] peer 1.1.1.1
[PE3-vsi-s1-ldp] peer 2.2.2.2
[PE3-vsi-s1-ldp] quit
[PE3-vsi-s1] quit
[PE3] interface gigabitethernet 3/0/0.1
[PE3-GigabitEthernet3/0/0.1] shutdown
[PE3-GigabitEthernet3/0/0.1] vlan-type dot1q 10
[PE3-GigabitEthernet3/0/0.1] l2 binding vsi s1
[PE3-GigabitEthernet3/0/0.1] undo shutdown
[PE3-GigabitEthernet3/0/0.1] quit
# Configure PE2.
[PE2] stp enable
[PE2] stp region-configuration
[PE2-mst-region] region-name RG1
[PE2-mst-region] active region-configuration
[PE2-mst-region] quit
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] stp enable
[CE1] stp region-configuration
[CE1-mst-region] region-name RG1
[CE1-mst-region] active region-configuration
[CE1-mst-region] quit
2. Configure STP priorities of the PEs and CEs, and ensure that PE1 functions as the root
bridge, and PE2 as the backup root bridge.
# Configure the STP priority of PE1 as 0 in MSTI0 to ensure that PE1 functions as the root
bridge.
[PE1] stp instance 0 priority 0
# Configure the STP priority of PE2 as 4096 in MSTI0 to ensure that PE2 functions as the
backup root bridge.
[PE2] stp instance 0 priority 4096
Configure the STP priority of CE1 as the default STP priority, namely, 32768.
Step 6 Configure E-STP.
l Enable STP on the mPW between PE1 and PE2.
l Enable STP on the physical interfaces between PE1 and CE1, and between PE2 and CE1.
NOTE
When binding the service VSI to the management VSI, configure STP in the management VSI rather than
in the service VSI. In this manner, the status of the service VSI is associated with the status of the
management VSI.
# Configure PE1.
[PE1] vsi m1 static
[PE1-vsi-m1] pwsignal ldp
[PE1-vsi-m1-ldp] peer 2.2.2.2 pw pw1
[PE1-vsi-m1-ldp-pw-pw1] stp enable
[PE1-vsi-m1-ldp-pw-pw1] stp cost 2
[PE1-vsi-m1-ldp-pw-pw1] quit
[PE1-vsi-m1-ldp] quit
[PE1-vsi] quit
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] stp enable
[PE1-GigabitEthernet1/0/0] stp vpls-subinterface enable
[PE1-GigabitEthernet1/0/0] stp instance 0 cost 2
# Configure PE2.
[PE2] vsi m1 static
[PE2-vsi-m1] pwsignal ldp
[PE2-vsi-m1-ldp] peer 1.1.1.1 pw pw1
[PE2-vsi-m1-ldp-pw-pw1] stp enable
[PE2-vsi-m1-ldp-pw-pw1] stp cost 2
[PE2-vsi-m1-ldp-pw-pw1] quit
[PE2-vsi-m1-ldp] quit
[PE2-vsi] quit
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] stp enable
[PE2-GigabitEthernet1/0/0] stp vpls-subinterface enable
[PE2-GigabitEthernet1/0/0] stp instance 0 cost 5
# Configure CE1.
[CE1] portswitch batch gigabitethernet 1/0/0 2/0/0 3/0/0
[CE1] vlan 10
[CE1-vlan10] port gigabitethernet 1/0/0 to 2/0/0 to 3/0/0
[CE1-vlan10] quit
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] stp enable
[CE1-GigabitEthernet1/0/0] stp instance 0 cost 2
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface gigabitethernet 2/0/0
[CE1-GigabitEthernet2/0/0] stp enable
[CE1-GigabitEthernet2/0/0] stp instance 0 cost 5
# Configure CE2.
[CE2] interface gigabitethernet 1/0/0.1
[CE2-GigabitEthernet1/0/0.1] shutdown
[CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[CE2-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24
[CE2-GigabitEthernet1/0/0.1] undo shutdown
[CE2-GigabitEthernet1/0/0.1] quit
Run the display vsi name s1 verbose command on PE3. You can find that PE3 establishes PWs
respectively with PE1 (1.1.1.1) and PE2 (2.2.2.2),
<PE3> display vsi name s1 verbose
***VSI Name : s1
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Service Class : --
Color : --
DomainId : 255
Domain Name :
Ignore AcState : disable
Multicast Fast Swicth : disable
Create Time : 0 days, 14 hours, 26 minutes, 19 seconds
VSI State : up
Resource Status : Valid
VSI ID : 10
*Peer Router ID : 1.1.1.1
VC Label : 19459
Peer Type : dynamic
Session : up
Tunnel ID : 0x2000
Broadcast Tunnel ID : 0x801008
CKey : 6
NKey : 5
StpEnable : 0
PwIndex : 0
*Peer Router ID : 2.2.2.2
VC Label : 19460
Peer Type : dynamic
Session : up
Tunnel ID : 0x201d
Broadcast Tunnel ID : 0x801008
CKey : 6
NKey : 5
StpEnable : 0
PwIndex : 0
**PW Information:
the link connecting CE1 to the backup root bridge PE2 is blocked,
<CE1> display stp brief
and the DSLAM device and CE2 can ping each other successfully.
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
stp instance 0 priority 0
stp enable
#
stp region-configuration
region-name RG1
active region-configuration
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi s1 static
pwsignal ldp
vsi-id 10
peer 3.3.3.3
#
vsi m1 static
pwsignal ldp
vsi-id 100
peer 2.2.2.2
peer 2.2.2.2 pw pw1
stp enable
stp cost 2
admin-vsi
#
mpls ldp
#
#
mpls ldp remote-peer 2.2.2.2
remote-ip 2.2.2.2
undo remote-ip pwe3
#
interface GigabitEthernet1/0/0
undo shutdown
stp enable
stp vpls-subinterface enable
vlan-type dot1q 10
undo shutdown
l2 binding vsi s1
#
interface POS2/0/0
link-protocol ppp
undo shutdown
ip address 172.16.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 172.16.1.0 0.0.0.255
network 2.2.2.2 0.0.0.0
#
return
Bridge Protocol Data Units (BPDU) are usually used to transmit Spanning Tree Protocol (STP)
and Multiple Spanning Tree Algorithm and Protocol (MSTP) information. The path along which
BPDUs are transparently transmitted on the ISP network is known as a Layer 2 protocol tunnel
or a BPDU tunnel.
8.1.1 Introduction
The BPDU tunnel is a path along which BPDUs are transparently transmitted on the ISP network.
The Bridge Protocol Data Unit (BPDU) packet is a type of Layer 2 protocol packets. As shown
in Figure 8-1, BPDU packets adopt the encapsulation format defined in IEEE802.3 and are
transmitted in the form of multicast.
BPDU packets are usually used to transmit the Spanning Tree Protocol (STP) and Multiple
Spanning Tree Algorithm and Protocol (MSTP) information. The path of BPDU packets used
for transparent transmission in the operator network is known as a Layer 2 protocol tunnel or a
BPDU tunnel.
Source address
Length
BPDU data
Destination 48 bit Destination MAC address. For general users, all destination
address MAC addresses are 0180-C200-0000.
ISP
network
PE1 PE2
CE1 CE2
User User
network1 network2
To ensure the BPDUs of user network1 can reach user network2, BPDUs must be transmitted
in the ISP network in transparent mode. To realize transparent transmission of BPDUs in the
ISP network, the following conditions must be satisfied:
l A branch network of a user network can receive the BPDUs destined for all branch networks
of the user network.
l The BPDUs of a user network cannot be processed by the CPU of the ISP network.
l BPDUs of different user networks must be isolated, so the BPDUs are freed from
interference.
A BPDU tunnel refers to the path in a Packet Switched Network (PSN) through which BPDUs
are transparently transmitted.
Through configuration of BPDU tunnels in the ISP network, branch networks of different user
networks can transparently transmit BPDUs among them through BPDU tunnels.
The NE80E/40E supports the following BPDU tunnels according to implementation methods:
LAN-B
MSTP
As shown in Figure 8-3, each interface of the PE connects only one user network. The BPDUs
sent from a user network does not carry a tag. The PE must identify which user LAN the BPDUs
are from. Then the PE forwards the packets to the user network that connects the specified
interface. The BPDUs of LAN-A must be forwarded to another user network of LAN-A rather
than user network of LAN-B. In addition, BPDUs should not be processed by the ISP network
device.
To establish an interface-based BPDU tunnel, one way is to configure devices with different
roles as follows:
1. Configure the type of Internet Service Provider (ISP) devices to provider. Therefore, the
destination MAC addresses of the BPDUs sent by the ISP network are changed to 01-80-
C2-00-00-08 instead of the original 01-80-C2-00-00-00.
2. Configure the type of user network devices to customer. Therefore, the destination MAC
addresses of the BPDUs sent by user networks are still 01-80-C2-00-00-00.
3. Add the interfaces that connect the same user network into a VLAN. After receiving the
BPDUs from the user networks, the PEs label the BPDUs with corresponding tags based
on the port default VLAN IDs (PVIDs) of the interfaces.
4. The destination MAC addresses of the BPDUs sent by the user networks are 01-80-
C2-00-00-00 instead of 01-80-C2-00-00-08. Therefore, the PEs (provider) do not consider
the BPDUs sent from user networks as BPDUs. The PEs choose corresponding BPDU
tunnels to forward the BPDUs based on PVIDs instead of delivering the BPDUs to the
CPU.
In this way, the BPDUs can go across ISP's Layer 2 switching network.
As shown in Figure 8-3, the PE is configured with the interface-based BPDU tunnel. PE adds
a tag to the BPDUs from user networks according to the PVID of an interface. In this way, users
can be identified according to different public VLANs and packets are transmitted through
different BPDU tunnels. Traffic of LAN-A users travels through the BPDU tunnel of VLAN
300. Traffic of LAN-B users goes through the BPDU tunnel of VLAN 200.
Another way is to configure devices with the same role, that is, configure all ISP devices and
user devices as customer. In this way, the difference is that the well-known destination MAC
address of the user BPDU is replaced by a dedicated multicast MAC address on the ISP device
and the ISP interface connected to the user device must be enabled with the BPDU tunnel
function.
PE 3
CE-VLAN 100
LAN-A LAN-A
MSTP MSTP
LAN-B
MSTP
For most cases, the PE serves as a convergence node. The convergence interface on PE1 connects
both LAN-A and LAN-B, as shown in Figure 8-4. To identify the two different LANs, the
BPDUs sent by the CE must carry VLAN tags. In Figure 8-4, the VLAN ID of LAN-A is 200
and the VLAN ID of LAN-B is 100.
Currently, the packets sent by RSTP/MSTP are not encapsulated with a tag. When the control
plane receives the BPDUs carrying a tag, these packets are considered as error packets and
discarded. The PE must support BPDUs carrying a tag and is configured with the VLAN-based
BPDU tunnel. In this way, BPDUs can go across Layer 2 networks through different BPDU
tunnels and reach user networks.
To establish a VLAN-based BPDU tunnel, one way is to configure devices with different roles
as follows:
1. Configure the type of ISP devices to provider. Therefore, the destination MAC addresses
of the BPDUs sent by the ISP network are changed to 01-80-C2-00-00-08 instead of the
original 01-80-C2-00-00-00.
2. Configure the type of user network devices to customer. Therefore, the destination MAC
addresses of the BPDUs sent by user networks are still 01-80-C2-00-00-00.
3. Configure the BPDUs from CEs to PEs to carry the specified VLAN IDs.
4. Configure the PE interfaces that connect to CEs to permit BPDUs with specified VLAN
ID. The destination MAC addresses of the BPDUs sent by the user networks are 01-80-
C2-00-00-00 instead of 01-80-C2-00-00-08. Therefore, the PEs (provider) do not consider
the BPDUs sent from user networks as BPDUs. The PEs choose corresponding BPDU
tunnels to forward the BPDUs based on VLAN IDs instead of delivering the BPDUs to the
CPU.
In this way, the BPDUs can go through ISP's Layer 2 switching network.
As shown in Figure 8-4, LAN-A sends BPDUs carrying the VLAN ID of 200. PE1 allows
BPDUs carrying tag 200 to go across the ISP network and through the BPDU tunnel specified
with VLAN ID of 200. Recognizing that the tag is 200, PE2 forwards the BPDUs to LAN-A
that connects PE2, realizing the STP function.
LAN-B sends BPDUs carrying the VLAN ID of 100. PE1 allows BPDUs carrying tag 100 to
go across the ISP network and through the BPDU tunnel specified with VLAN ID of 100.
Recognizing that the tag is 100, PE2 forwards the BPDUs to LAN-B that connects PE2, realizing
the STP function.
Another way is to configure devices with the same role, that is, configure all ISP devices and
user devices as customer. In this way, the difference is that the well-known destination MAC
address of the user BPDU is replaced by a dedicated multicast MAC address on the ISP device
and the ISP interface connected to the user device must be enabled with the BPDU tunnel
function.
As shown in Figure 8-5, following the Source Address (SA), a tag is appended to QinQ
packets; while 802.1Q packets do not contain this tag. This tag is known as the outer tag
or public network tag used for carrying the VLAN ID of the public network. The inner tag
is usually known as the private tag used for carrying the VLAN ID of the private network.
NOTE
QinQ
Encapsulation
DA SA ETYPE TAG ETYPE TAG LEN/ETYPE DATA FCS
6 Bytes 6 Bytes 2 Bytes 2 Bytes 2 Bytes 2 Bytes 2 Bytes 46 Byte~1500 Bytes 4 Bytes
LAN-B LAN-B
MSTP MSTP
PE-VLAN20:CE-VLAN 100~199
PE 2
PE 1 ISP Network
PE-VLAN30:CE-VLAN 200~299
LAN-A LAN-A
MSTP MSTP
In the case of many user networks are available, if BPDUs are still transmitted transparently
in the preceding VLAN-based mode, many ISP VLAN IDs are needed. This may result in
insufficient VLAN ID resources. To solve this problem, BPDUs can be forwarded in QinQ
mode on the ISP network.
As shown in Figure 8-6, configure the VLAN-based BPDU tunnel on the convergent
interface of the PE and assign different outer VLAN tags according to CE-VLAN.
1. Add the CE interface on the PE side to the VLAN and configure that the BPDUs sent
from the interface to the PE carry the tag information about the interface.
2. Enable the BPDU tunnel and QinQ functions at the incoming interface (on PE or UPE)
of the Layer 2 switch network.
3. The convergent incoming interface of the PE assigns outer VLAN tags, that is, the
VLAN IDs for the public network (or public VLAN IDs), according to user's VLAN
IDs.
4. The ISP device chooses a BPDU tunnel according to different outer VLAN tags and
forwards user's BPDUs over the public network.
5. Enable the BPDU tunnel and QinQ functions at the exit of the tunnel.
6. At the convergent outgoing interface, the PE removes the outer VLAN tag and decides
to which user network the packets are forwarded according to the user's inner VLAN
ID.
As shown in Figure 8-6, after receiving the BPDUs with the tags ranging from 100 to 199,
the PEs label the BPDUs with the outer tag 20, and then forward the BPDUs in the ISP
network; after receiving the BPDUs with the tags ranging from 200 to 299, the PEs label
the BPDUs with the outer tag 30, and then forward the BPDUs in the ISP network. In this
way, the BPDUs of different user networks can be transparently transmitted in the ISP
network; moreover, less VLAN IDs are occupied.
Applicable Environment
An interface of the PE connected to the CE can connect only one user network. The BPDUs sent
from the user network have no VLAN tags.
To enable the BPDUs of the user network in different interfaces to transparently transmit the
Internet Service Provider (ISP) network, you can configure interface-based BPDU tunnel. In
this way, the BPDUs pass through the Layer 2 network through different BPDU tunnels, and
therefore the STP function is implemented.
Pre-configuration Tasks
Before configuring interface-based tunnel of BPDUs, complete the following tasks:
l Interfaces that the BPDUs pass through must be correctly connected.
l Interfaces that the BPDUs pass through must be Layer 2 interfaces.
Data Preparation
To configure interface-based transparent transmission of BPDUs in a user network, you need
the following data.
No. Data
1 Interface type and interface number of the PE interfaces that connect the user network
3 VLAN range of the packets that are permitted on the PE interfaces that connect packet
switched network (PSN)
Context
Perform the following steps on the PEs and CEs.
Procedure
Step 1 Run:
system-view
----End
Context
Perform the following steps on the PE.
Procedure
Step 1 Run:
system-view
NOTE
You can also use the port default vlan command to add the PE interfaces connected to the CE to the VLAN
in untagged mode.
----End
Context
According to the roles of the PEs and CEs, choose to configure Devices of Different Roles or
Devices of the Same Role.
Devices of different roles: indicate that CEs are bridges functioning as service customers, and
PEs and Ps are bridges functioning as service providers.
Device of the same role: indicate that CEs and PEs may play the same role as service customers.
Procedure
l Devices of Different Roles
The devices can play different roles; that is, CEs are bridges with the role as customer, and
the PE and P are bridges with the role as provider.
Perform the following steps on the PE and P.
1. Run:
system-view
The PE interface on CE side does not take part in the spanning tree calculation (STP).
The STP function is disabled.
NOTE
After the devices are configured with different roles, PEs can transparently transmit the BPDUs from
CEs without the BPDU tunnel function.
l Devices of the Same Role
1. Run:
system-view
The global well-known MAC address can be replaced only by the multicast MAC
address except the reserved MAC addresses ranging from 0180-C200-0000 to 0180-
C200-002F.
The PE interface on CE side does not take part in the STP. The STP function is
disabled.
NOTE
If the devices play the same role, PEs cannot transparently transmit the BPDUs from CEs without
the BPDU tunnel function.
In this scenario, no special configuration is required for the P.
----End
Context
Perform the following steps on the PEs.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }
The PE interface that connects PSNs is configured to permit the packets with specified tags.
----End
Prerequisites
Interface-based BPDU tunnels function has been configured.
Procedure
Step 1 Run the display stp [ brief ] command to check the information on the spanning tree.
----End
Example
Run the display stp [ brief ] command on the CEs, and you can view that STP is enabled on the
interface and the roles of the CE interfaces are correct: "Designated" or "Root". For example:
<CE1> display stp
-------[CIST Global Info] [Mode MSTP] -------
CIST Bridge :32768.00e0-fc9f-3257
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00e0-fc9a-4315 / 199999
CIST RegRoot/IRPC :32768.00e0-fc9f-3257 / 0
CIST RootPortId :128.82
BPDU-Protection :disabled
TC or TCN received :6
STP Converge Mode :Fast
Time since last TC received :0 days 2h:24m:36s
----[Port1(GigabitEthernet1/0/0)] [FORWARDING] ----
Port Protocol :enabled
Port Role :CIST Root Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=199999
Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :3 packets/s
Protection Type :None
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
BPDU Sent :6
TCN: 0, Config: 0, RST: 0, MST: 6
BPDU Received :4351
TCN: 0, Config: 0, RST: 0, MST: 4351
<CE2> display stp
-------[CIST Global Info] [Mode MSTP] -------
CIST Bridge :32768.00e0-fc9a-4315
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00e0-fc9a-4315 / 0
CIST RegRoot/IRPC :32768.00e0-fc9a-4315 / 0
CIST RootPortId :0.0
BPDU-Protection :disabled
TC or TCN received :3
STP Converge Mode :Fast
Time since last TC received :0 days 2h:26m:42s
----[Port1(GigabitEthernet1/0/0)] [FORWARDING] ----
Port Protocol :enabled
Port Role :CIST Designated Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=199999
Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :3 packets/s
Protection Type :None
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
BPDU Sent :4534
TCN: 0, Config: 0, RST: 0, MST: 4534
BPDU Received :6
TCN: 0, Config: 0, RST: 0, MST: 6
Applicable Environment
When an interface of the PE is connected to multiple user VLANs, the BPDUs sent from the CE
must carry VLAN tags to distinguish different users. To realize the transparent transmission of
user-network BPDUs in an Internet Service Provider (ISP) network, you need to configure
VLAN-based BPDU tunnels. After the configuration, BPDUs of different user networks are
transmitted through different BPDU tunnels in an ISP network and then reach the destination
network. The STP function is realized at the same time.
Pre-configuration Tasks
Before configuring VLAN-based tunnel of BPDUs, complete the following tasks:
Data Preparation
To configure VLAN-based transparent transmission of BPDUs, you need the following data.
No. Data
Context
Perform the following steps on the PEs and CEs.
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp enable
----End
Context
Perform the following steps on the CE.
Procedure
Step 1 Run:
system-view
Step 2 Run:
vlan vlan-id
Step 3 Run:
quit
Step 4 Run:
interface interface-type interface-number
Step 5 Run:
port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }
Step 6 Run:
stp bpdu vlan vlan-id
The VLAN tag value of the BPDUs sent from the CE to the PE is configured.
The VLAN ID specified in the command must exist on the local CE.
NOTE
Ensure that the BPDU packets received by this interface also carry the specified tags.
----End
Context
According to the roles of the PEs and CEs, choose to configure Devices of Different Roles or
Devices of the Same Role.
Devices of different roles: indicate that CEs are bridges functioning as service customers, and
PEs and Ps are bridges functioning as service providers.
Device of the same role: indicate that CEs and PEs may play the same role as service customers.
Procedure
l Devices of Different Roles
1. Run:
system-view
The PE interface on CE side does not take part in the STP. The STP function is
disabled.
NOTE
After the devices are configured with different roles, PEs can transparently transmit the BPDUs from
CEs without the BPDU tunnel function.
1. Run:
system-view
The global well-known MAC address can be replaced only by the multicast MAC
address except the reserved MAC addresses ranging from 0180-C200-0000 to 0180-
C200-002F.
The PE interface on CE side does not take part in the STP. The STP function is
disabled.
NOTE
If the devices play the same role, PEs cannot transparently transmit the BPDUs from CEs without
the BPDU tunnel function.
In this scenario, no special configuration is required for the P.
----End
Context
Perform the following steps on the PE.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }
The PE interface that connects PSNs is configured to permit the packets with specified tags.
----End
Prerequisites
VLAN-based BPDU tunnels function has been configured.
Procedure
l Run the display bpdu-tunnel interface config command to check the BPDU Tunnel
configuration in the interface view.
l Run the display bpdu-tunnel global config command to check the global configuration
of BPDU Tunnel.
l Run the display stp [ brief ] command to check information on the spanning tree.
NOTE
l The display bpdu-tunnel interface config command can be displayed in the system view only.
l The display bpdu-tunnel global config command can be displayed in the interface view only.
----End
Example
Run the display bpdu-tunnel global config command on PE. The role of the device on the
network and the multicast MAC addresses of the BPDUs generated by STP are displayed. For
example:
<HUAWEI> system-view
[HUAWEI] display bpdu-tunnel global config
BridgeRole customer
GroupMac 0100-0ccd-cdd0
Run the display bpdu-tunnel interface config command on the CE. The BPDUs sent out from
the CE are with a specific tag value. The interfaces of the PEs allow the BPDUs with specified
tag values to pass through. For example:
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 1/0/0
[HUAWEI-GigabitEthernet1/0/0] display bpdu-tunnel interface config
BpduDot1qStatus disable
BpduOneQStatus disable
BpduTwoQStatus enable
EtherType 8100
Dot1qVlan
TwoQList 10
Run the display stp command on the CEs, and you can view that STP is enabled on the interface
and the roles of the CE interfaces are correct: "Designated" or "Root". For example:
<CE1> display stp
-------[CIST Global Info] [Mode MSTP] -------
CIST Bridge :32768.00e0-fc9f-3257
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00e0-fc9a-4315 / 199999
CIST RegRoot/IRPC :32768.00e0-fc9f-3257 / 0
CIST RootPortId :128.82
BPDU-Protection :disabled
TC or TCN received :6
STP Converge Mode :Fast
Time since last TC received :0 days 2h:24m:36s
----[Port1(GigabitEthernet1/0/0)] [FORWARDING] ----
Port Protocol :enabled
Port Role :CIST Root Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=199999
Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :3 packets/s
Protection Type :None
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
BPDU Sent :6
TCN: 0, Config: 0, RST: 0, MST: 6
BPDU Received :4351
TCN: 0, Config: 0, RST: 0, MST: 4351
<CE2> display stp
-------[CIST Global Info] [Mode MSTP] -------
CIST Bridge :32768.00e0-fc9a-4315
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00e0-fc9a-4315 / 0
CIST RegRoot/IRPC :32768.00e0-fc9a-4315 / 0
CIST RootPortId :0.0
BPDU-Protection :disabled
TC or TCN received :3
STP Converge Mode :Fast
Time since last TC received :0 days 2h:26m:42s
----[Port1(GigabitEthernet1/0/0)] [FORWARDING] ----
Port Protocol :enabled
Port Role :CIST Designated Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=199999
Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :3 packets/s
Protection Type :None
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
BPDU Sent :4534
TCN: 0, Config: 0, RST: 0, MST: 4534
BPDU Received :6
TCN: 0, Config: 0, RST: 0, MST: 6
Applicable Environment
When an interface of the PE is connected to multiple user VLANs, the BPDUs sent from the CE
must carry VLAN tags to distinguish different users.
At the same time, to save the VLAN ID of the public network, the PE adds another tag to the
BPDUs received from the CE. The Internet Service Provider (ISP) network assigns different
BPDU tunnels for the users according to the outer VLAN tag of the BPDUs. In this way, the
BPDUs from different VLANs traverse the ISP network to the peer VLAN through different
BPDU tunnels.
Pre-configuration Tasks
Before configuring tunnel of BPDUs based on QinQ, complete the following tasks:
l Interfaces that the BPDUs pass through must be correctly connected.
l Interfaces that the BPDUs pass through must be Layer 2 interfaces.
Data Preparation
To configure tunnel of BPDUs based on QinQ, you need the following data.
No. Data
2 The VLAN tag value of the BPDUs sent from the CE to the PEs
4 The outer VLAN tag value that the PE adds to the BPDUs sent from the CE
Procedure
Step 1 Run:
system-view
Step 2 Run:
stp enable
----End
8.4.3 Configuring the BPDUs from CEs to PEs to Carry the Specified
Tags
When multiple user networks are connected to the same interface on a PE, the BPDUs that are
sent from the CEs to the PE need to carry specified VLAN IDs to differentiate the user networks
that the BPDUs come from.
Context
Perform the following steps on the CE.
Procedure
Step 1 Run:
system-view
Step 2 Run:
vlan vlan-id
Step 3 Run:
quit
Step 4 Run:
interface interface-type interface-number
Step 5 Run:
port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }
Step 6 Run:
The VLAN ID specified in the command must exist on the local CE.
NOTE
Ensure that the BPDU packets received by this interface also carry the specified tags.
----End
Context
According to the roles of the PEs and CEs, choose to configure Devices of Different Roles or
Devices of the Same Role.
Devices of different roles: indicate that CEs are bridges functioning as service customers, and
PEs and Ps are bridges functioning as service providers.
Device of the same role: indicate that CEs and PEs may play the same role as service customers.
Procedure
l Devices of Different Roles
1. Run:
system-view
The PE interface on the CE side does not take part in the STP. The STP function is
disabled.
l Devices of the Same Role
1. Run:
system-view
The global well-known MAC address can be replaced only by the multicast MAC
address except the reserved MAC addresses ranging from 0180-C200-0000 to 0180-
C200-002F.
The VLAN tag range must contain the inner tag of the BPDU in Step 4, namely,
vlan.
6. Run:
stp disable
The PE interface on the CE side does not take part in the STP. The STP function is
disabled.
NOTE
----End
Context
Perform the following steps on the PEs:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }
The PE interface that connects PSNs is configured to permit the packets with specified tags.
The configured tag value must be the same as the outer tag of the BPDU labeled by the PE.
----End
Prerequisites
The configurations of QinQ-based BPDU tunnels.
Procedure
l Run the display bpdu-tunnel interface config command to check the BPDU Tunnel
configuration in the interface view.
l Run the display bpdu-tunnel global config command to check the global configuration
of BPDU Tunnel.
l Run the display stp [ brief ] command to check the information on the spanning tree.
l Run the display vlan [ vlan-id [ verbose ] ] command to check the VLAN information.
NOTE
l The display bpdu-tunnel global config command can be displayed in the system view only.
l The display bpdu-tunnel interface config command can be displayed in the interface view only.
----End
Example
Run the display bpdu-tunnel global config command on PE. The role of the device on the
network and the multicast MAC addresses of the BPDUs generated by STP are displayed. For
example:
<HUAWEI> system-view
[HUAWEI] display bpdu-tunnel global config
BridgeRole customer
GroupMac 0100-0ccd-cdd0
Run the display bpdu-tunnel interface config command on the CE. The BPDUs sent out from
the CE are with a specific tag value. The interfaces of the PEs allow the BPDUs with specified
tag values to pass through. For example:
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 1/0/0
[HUAWEI-GigabitEthernet1/0/0] display bpdu-tunnel interface config
BpduDot1qStatus disable
BpduOneQStatus disable
BpduTwoQStatus enable
EtherType 8100
Dot1qVlan
TwoQList 10
Run the display stp [ brief ] command on the CEs, and you can view that STP is enabled on the
interface and the roles of the CE interfaces are correct: "Designated" or "Root". For example:
<CE1> display stp
-------[CIST Global Info] [Mode MSTP] -------
CIST Bridge :32768.00e0-fc9f-3257
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00e0-fc9a-4315 / 199999
CIST RegRoot/IRPC :32768.00e0-fc9f-3257 / 0
CIST RootPortId :128.82
BPDU-Protection :disabled
TC or TCN received :6
STP Converge Mode :Fast
Time since last TC received :0 days 2h:24m:36s
----[Port1(GigabitEthernet1/0/0)] [FORWARDING] ----
Port Protocol :enabled
Port Role :CIST Root Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=199999
Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :3 packets/s
Protection Type :None
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
BPDU Sent :6
TCN: 0, Config: 0, RST: 0, MST: 6
BPDU Received :4351
TCN: 0, Config: 0, RST: 0, MST: 4351
<CE2> display stp
-------[CIST Global Info] [Mode MSTP] -------
CIST Bridge :32768.00e0-fc9a-4315
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
Running the display vlan command, you can find whether VLAN is enabled with broadcast,
and whether VLAN and address learning are enabled.
For example:
<HUAWEI> display vlan 2 verbose
VLAN ID : 2
VLAN Type : Common
Description : VLAN 0002
Status : Enable
Broadcast : Enable
MAC learning : Enable
Statistics : Disable
----------------
Untagged Port: Eth-Trunk1 Eth-Trunk2
NOTE
This document takes interface numbers and link types of the NE40E-X8 as an example. In working
situations, the actual interface numbers and link types may be different from those used in this document.
Networking Requirements
As shown in Figure 8-7, the CEs are connected through the PEs. The BPDUs of the CEs are
required to traverse the Internet Service Provider (ISP) network between the PEs. For each
interface of a PE, only one CE accesses the PE. The BPDUs sent from CEs to PEs, therefore,
do not require tags. In this situation, interface-based BPDU tunnels can be configured to meet
the networking requirements.
In this example, the CEs and the PEs are configured with different roles, and the PEs can
transparently transmit the BPDUs from the CEs.
l The role of CEs is configured as customer. The default MAC address of the BPDUs of the
CEs is 0180-C200-0000.
l The role of PEs is configured as provider. The default MAC address of the BPDUs of the
CEs is 0180-C200-0008.
Figure 8-7 Networking diagram of interface-based BPDU tunnels (devices of different roles)
VLAN100 VLAN100
CE1 CE2
GE 1/0/1 PE1 PE2 GE1/0/1
GE 1/0/3 ISP GE 1/0/3
GE 1/0/1 network GE 1/0/1
GE 1/0/2 GE 1/0/2
GE 1/0/1 GE 1/0/1 CE4
CE3
VLAN200
VLAN200
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l VLAN range of the packets that are permitted on the PE interfaces that connect PSN
Procedure
Step 1 Switch the PE interfaces and CE interfaces to Layer 2 interfaces.
NOTE
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] interface gigabitethernet 1/0/1
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] quit
# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] interface gigabitethernet 1/0/1
[CE2-GigabitEthernet1/0/1] portswitch
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] quit
# Configure CE3.
<HUAWEI> system-view
[HUAWEI] sysname CE3
[CE3] interface gigabitethernet 1/0/1
[CE3-GigabitEthernet1/0/1] portswitch
[CE3-GigabitEthernet1/0/1] undo shutdown
[CE3-GigabitEthernet1/0/1] quit
# Configure CE4.
<HUAWEI> system-view
[HUAWEI] sysname CE4
[CE4] interface gigabitethernet 1/0/1
[CE4-GigabitEthernet1/0/1] portswitch
[CE4-GigabitEthernet1/0/1] undo shutdown
[CE4-GigabitEthernet1/0/1] quit
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface gigabitethernet 1/0/3
[PE1-GigabitEthernet1/0/3] portswitch
[PE1-GigabitEthernet1/0/3] undo shutdown
[PE1-GigabitEthernet1/0/3] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] portswitch
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] quit
[PE1] interface gigabitethernet 1/0/2
[PE1-GigabitEthernet1/0/2] portswitch
[PE1-GigabitEthernet1/0/2] undo shutdown
[PE1-GigabitEthernet1/0/2] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
Step 2 Enable the STP function on the CEs and the PEs.
# Configure CE1.
[CE1] stp enable
# Configure CE2.
[CE2] stp enable
# Configure CE3.
[CE3] stp enable
# Configure CE4.
[CE4] stp enable
# Configure PE1.
[PE1] stp enable
# Configure PE2.
[PE2] stp enable
# Configure PE2.
[PE2] bpdu-tunnel stp bridge role provider
Step 4 Add GE 1/0/3 of PE1 and PE2 into VLAN100. Add GE 1/0/1 of PE1 and PE2 into VLAN200.
Disable the STP function of the PE interfaces that connect CEs.
# Configure PE1.
[PE1] vlan 100
[PE1-vlan100] port gigabitethernet 1/0/3
[PE1-vlan100] quit
[PE1] vlan 200
[PE1-vlan200] port gigabitethernet 1/0/1
[PE1-vlan200] quit
[PE1] interface gigabitethernet 1/0/3
[PE1-GigabitEthernet1/0/3] stp disable
[PE1-GigabitEthernet1/0/3] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] stp disable
[PE1-GigabitEthernet1/0/1] quit
# Configure PE2.
Step 5 Configure the PE interface that connects PSNs, namely, GE 1/0/2 to permit the VLAN100 and
VLAN200 packets.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/2
[PE1-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 200
[PE1-GigabitEthernet1/0/2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/2
[PE2-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 200
[PE2-GigabitEthernet1/0/2] quit
BPDU-Protection :disabled
TC or TCN received :3
STP Converge Mode :Fast
Time since last TC received :0 days 2h:26m:42s
----[Port1(GigabitEthernet1/0/1)] [FORWARDING] ----
Port Protocol :enabled
Port Role :CIST Designated Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=199999
Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :3 packets/s
Protection Type :None
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
BPDU Sent :4534
TCN: 0, Config: 0, RST: 0, MST: 4534
BPDU Received :6
TCN: 0, Config: 0, RST: 0, MST: 6
Running the display stp command on CE3 and CE4, you can check the MSTP root. CE3 and
CE4 calculate the spanning tree. GE 1/0/1 on CE3 is the root port; GE 1/0/1 on CE4 is the
designated port.
[CE3] display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.000b-0967-58a0
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.000b-0952-f13e / 199999
CIST RegRoot/IRPC :32768.000b-0967-58a0 / 0
CIST RootPortId :128.82
BPDU-Protection :disabled
TC or TCN received :0
STP Converge Mode :Fast
Time since last TC received :0 days 10h:54m:37s
----[Port1(GigabitEthernet1/0/1)][FORWARDING]----
Port Protocol :enabled
Port Role :CIST Root Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=199999
Desg. Bridge/Port :32768.000b-0952-f13e / 128.82
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :3 packets/s
Protection Type :None
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
BPDU Sent :114
TCN: 0, Config: 0, RST: 0, MST: 114
BPDU Received :885
TCN: 0, Config: 0, RST: 0, MST: 885
[CE4] display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.000b-0952-f13e
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.000b-0952-f13e / 0
CIST RegRoot/IRPC :32768.000b-0952-f13e / 0
CIST RootPortId :0.0
BPDU-Protection :disabled
TC or TCN received :4
STP Converge Mode :Fast
Time since last TC received :0 days 8h:59m:18s
----[Port1(GigabitEthernet1/0/1)][FORWARDING]----
Port Protocol :enabled
Port Role :CIST Designated Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=199999
Desg. Bridge/Port :32768.000b-0952-f13e / 128.82
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
stp enable
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
#
return
Networking Requirements
As shown in Figure 8-8, the CEs are connected through the PEs. The BPDUs of the CEs are
required to traverse the Internet Service Provider (ISP) network between the PEs. For each
interface of a PE, only one CE accesses the PE. The BPDUs sent from CEs to PEs, therefore,
do not require tags. In this situation, interface-based BPDU tunnels can be configured to meet
the networking requirements.
The roles of the CEs and the PEs are configured as customer. The default MAC address of the
BPDUs is 0180-C200-0000. The PEs cannot transparently transmit the BPDUs received from
the CEs. Therefore, to meet the networking requirements, the PE devices must be enabled with
the BPDU tunnel function.
Figure 8-8 Networking diagram of interface-based BPDU tunnels (device of the same role)
VLAN100 VLAN100
CE1 CE2
GE1/0/1 GE1/0/1
PE1 ISP PE2
GE1/0/3 network GE1/0/3
GE1/0/1 GE1/0/1
GE1/0/2 GE1/0/2
GE1/0/1
GE1/0/1 CE4
CE3
VLAN200
VLAN200
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Switch the PE interfaces and CE interfaces to Layer 2 interfaces.
NOTE
# Configure CE1.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] interface gigabitethernet 1/0/1
[CE1-GigabitEthernet1/0/1] portswitch
[CE1-GigabitEthernet1/0/1] undo shutdown
[CE1-GigabitEthernet1/0/1] quit
# Configure CE2.
<HUAWEI> system-view
[HUAWEI] sysname CE2
[CE2] interface gigabitethernet 1/0/1
[CE2-GigabitEthernet1/0/1] portswitch
[CE2-GigabitEthernet1/0/1] undo shutdown
[CE2-GigabitEthernet1/0/1] quit
# Configure CE3.
<HUAWEI> system-view
[HUAWEI] sysname CE3
[CE3] interface gigabitethernet 1/0/1
[CE3-GigabitEthernet1/0/1] portswitch
[CE3-GigabitEthernet1/0/1] undo shutdown
[CE3-GigabitEthernet1/0/1] quit
# Configure CE4.
<HUAWEI> system-view
[HUAWEI] sysname CE4
[CE4] interface gigabitethernet 1/0/1
[CE4-GigabitEthernet1/0/1] portswitch
[CE4-GigabitEthernet1/0/1] undo shutdown
[CE4-GigabitEthernet1/0/1] quit
# Configure PE1.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface gigabitethernet 1/0/3
[PE1-GigabitEthernet1/0/3] portswitch
[PE1-GigabitEthernet1/0/3] undo shutdown
[PE1-GigabitEthernet1/0/3] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] portswitch
[PE1-GigabitEthernet1/0/1] undo shutdown
[PE1-GigabitEthernet1/0/1] quit
[PE1] interface gigabitethernet 1/0/2
[PE1-GigabitEthernet1/0/2] portswitch
[PE1-GigabitEthernet1/0/2] undo shutdown
[PE1-GigabitEthernet1/0/2] quit
# Configure PE2.
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface gigabitethernet 1/0/3
[PE2-GigabitEthernet1/0/3] portswitch
[PE2-GigabitEthernet1/0/3] undo shutdown
[PE2-GigabitEthernet1/0/3] quit
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] portswitch
[PE2-GigabitEthernet1/0/1] undo shutdown
[PE2-GigabitEthernet1/0/1] quit
[PE2] interface gigabitethernet 1/0/2
[PE2-GigabitEthernet1/0/2] portswitch
[PE2-GigabitEthernet1/0/2] undo shutdown
[PE2-GigabitEthernet1/0/2] quit
Step 2 Enable the STP function on the CEs and the PEs.
# Configure CE1.
[CE1] stp enable
# Configure CE2.
[CE2] stp enable
# Configure CE3.
[CE3] stp enable
# Configure CE4.
[CE4] stp enable
# Configure PE1.
[PE1] stp enable
# Configure PE2.
[PE2] stp enable
Step 3 Configure the PEs to replace the MAC addresses of the BPDUs received from the CEs.
# Configure PE1.
[PE1] bpdu-tunnel stp group-mac 0100-5e00-0011
# Configure PE2.
[PE2] bpdu-tunnel stp group-mac 0100-5e00-0011
Step 4 Add GE 1/0/3 of PE1 and PE2 into VLAN100. Add GE 1/0/1 of PE1 and PE2 into VLAN200.
Disable the STP function of the PE interfaces that connect CEs.
# Configure PE1.
[PE1] vlan 100
[PE1-vlan100] port gigabitethernet 1/0/3
[PE1-vlan100] quit
[PE1] vlan 200
[PE1-vlan200] port gigabitethernet 1/0/1
[PE1-vlan200] quit
[PE1] interface gigabitethernet 1/0/3
[PE1-GigabitEthernet1/0/3] bpdu-tunnel enable
[PE1-GigabitEthernet1/0/3] stp disable
[PE1-GigabitEthernet1/0/3] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] bpdu-tunnel enable
[PE1-GigabitEthernet1/0/1] stp disable
[PE1-GigabitEthernet1/0/1] quit
# Configure PE2.
Step 5 Configure the PE interface that connects PSNs, namely, GE 1/0/2 to permit the VLAN100 and
VLAN200 packets.
# Configure PE1.
[PE1] interface gigabitethernet 1/0/2
[PE1-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 200
[PE1-GigabitEthernet1/0/2] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/2
[PE2-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 200
[PE2-GigabitEthernet1/0/2] quit
Running the display stp command on CE3 and CE4, you can check the MSTP root. CE3 and
CE4 calculate the spanning tree. The GE1/0/1 on CE3 is the root port; the GE1/0/1 on CE4 is
the designated port.
[CE3] display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.000b-0967-58a0
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.000b-0952-f13e / 199999
CIST RegRoot/IRPC :32768.000b-0967-58a0 / 0
CIST RootPortId :128.82
BPDU-Protection :disabled
TC or TCN received :0
STP Converge Mode :Fast
Time since last TC received :0 days 10h:54m:37s
----[Port1(GigabitEthernet1/0/1)][FORWARDING]----
Port Protocol :enabled
Port Role :CIST Root Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=199999
Desg. Bridge/Port :32768.000b-0952-f13e / 128.82
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :3 packets/s
Protection Type :None
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
BPDU Sent :114
TCN: 0, Config: 0, RST: 0, MST: 114
BPDU Received :885
TCN: 0, Config: 0, RST: 0, MST: 885
[CE4] display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.000b-0952-f13e
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.000b-0952-f13e / 0
CIST RegRoot/IRPC :32768.000b-0952-f13e / 0
CIST RootPortId :0.0
BPDU-Protection :disabled
TC or TCN received :4
STP Converge Mode :Fast
Time since last TC received :0 days 8h:59m:18s
----[Port1(GigabitEthernet1/0/1)][FORWARDING]----
Port Protocol :enabled
Port Role :CIST Designated Port
Port Priority :128
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
stp enable
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
#
return
sysname PE1
#
vlan batch 100 200
#
bpdu-tunnel stp group-mac 0100-5e00-0011
#
stp enable
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port default vlan 200
bpdu-tunnel enable
stp disable
#
interface GigabitEthernet1/0/2
undo shutdown
portswitch
port trunk allow-pass vlan 100 200
#
interface GigabitEthernet1/0/3
undo shutdown
portswitch
port default vlan 100
bpdu-tunnel enable
stp disable
#
return
Networking Requirements
As shown in Figure 8-9, the CEs are connected to the PEs. The BPDUs of the CEs are required
to traverse the Internet Service Provider (ISP) network between the PEs. The BPDUs sent from
CEs to PEs must carry tags because the PE interfaces are convergence interfaces. In this
networking mode, configuring VLAN-based BPDU tunnels can achieve the following results:
The roles of the CEs and the PEs are configured as customer. The default MAC address of the
BPDUs is 0180-C200-0000. The PEs cannot transparently transmit the BPDUs received from
the CEs. Therefore, to meet the networking requirements, the PE devices must be enabled with
the BPDU tunnel function.
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l Tag values of the BPDUs sent from the CEs to the PEs
l IDs of the VLANs to which the PE interfaces and the CE interfaces belong
Procedure
Step 1 Switch the PE interfaces and CE interfaces to Layer 2 interfaces.
Using the portswitch command, you can switch all PE interfaces and CE interfaces in Figure
8-9 to Layer 2 interfaces.
NOTE
# Configure CE1
[CE1] stp enable
# Configure CE2
[CE2] stp enable
# Configure CE3
[CE3] stp enable
# Configure CE4
[CE4] stp enable
# Configure PE1
[PE1] stp enable
# Configure PE2
[PE2] stp enable
Step 3 Label the BPDUs sent from CE1 and CE2 to the PEs with tag 100. Label the BPDUs sent from
CE3 and CE4 to the PEs with tag 200.
# Configure CE1.
[CE1] vlan 100
[CE1-vlan100] quit
[CE1] interface gigabitethernet 1/0/1
[CE1-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
[CE1-GigabitEthernet1/0/1] stp bpdu vlan 100
# Configure CE2.
[CE2] vlan 100
[CE2-vlan100] quit
[CE2] interface gigabitethernet 1/0/1
[CE2-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
[CE2-GigabitEthernet1/0/1] stp bpdu vlan 100
# Configure CE3.
[CE3] vlan 200
[CE3-vlan200] quit
[CE3] interface gigabitethernet 1/0/1
[CE3-GigabitEthernet1/0/1] port trunk allow-pass vlan 200
# Configure CE4.
[CE4] vlan 200
[CE4-vlan200] quit
[CE4] interface gigabitethernet 1/0/1
[CE4-GigabitEthernet1/0/1] port trunk allow-pass vlan 200
[CE4-GigabitEthernet1/0/1] stp bpdu vlan 200
Step 4 Configure the PEs to replace the MAC addresses of the BPDUs received from the CEs.
# Configure PE1.
[PE1] bpdu-tunnel stp group-mac 0100-5e00-0011
# Configure PE2.
[PE2] bpdu-tunnel stp group-mac 0100-5e00-0011
Step 5 Configure the PE interfaces to transparently transmit BPDUs received from the CEs to the P.
# Configure PE1.
[PE1] vlan 100
[PE1-vlan100] quit
[PE1] vlan 200
[PE1-vlan200] quit
[PE1] interface gigabitethernet 1/0/3
[PE1-GigabitEthernet1/0/3] port trunk allow-pass vlan 100 200
[PE1-GigabitEthernet1/0/3] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
[PE1-GigabitEthernet1/0/1] bpdu-tunnel stp vlan 100
[PE1-GigabitEthernet1/0/1] stp disable
[PE1-GigabitEthernet1/0/1] quit
[PE1] interface gigabitethernet 1/0/2
[PE1-GigabitEthernet1/0/2] port trunk allow-pass vlan 200
[PE1-GigabitEthernet1/0/2] bpdu-tunnel stp vlan 200
[PE1-GigabitEthernet1/0/2] stp disable
[PE1-GigabitEthernet1/0/2] quit
# Configure PE2.
[PE2] vlan 100
[PE2-vlan100] quit
[PE2] vlan 200
[PE2-vlan200] quit
[PE2] interface gigabitethernet 1/0/3
[PE2-GigabitEthernet1/0/3] port trunk allow-pass vlan 100 200
[PE2-GigabitEthernet1/0/3] quit
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
[PE2-GigabitEthernet1/0/1] bpdu-tunnel stp vlan 100
[PE2-GigabitEthernet1/0/1] stp disable
[PE2-GigabitEthernet1/0/1] quit
[PE2] interface gigabitethernet 1/0/2
[PE2-GigabitEthernet1/0/2] port trunk allow-pass vlan 200
[PE2-GigabitEthernet1/0/2] bpdu-tunnel stp vlan 200
[PE2-GigabitEthernet1/0/2] stp disable
[PE2-GigabitEthernet1/0/2] quit
Step 6 Configure the common Layer 2 forwarding function on the P. Configure the P to permit
VLAN100 packets and VLAN200 packets from the PEs.
[P] vlan 100
[P-vlan100] quit
[P] vlan 200
[P-vlan200] quit
[P] interface gigabitethernet 1/0/2
[P-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 200
[P-GigabitEthernet1/0/2] quit
[P] interface gigabitethernet 1/0/1
[P-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 200
[P-GigabitEthernet1/0/1] quit
After the configuration, running the display stp command on CE1 and CE2, you can check the
MSTP root. CE1 and CE2 calculate the spanning tree. GE 1/0/1 on CE1 is the root port; GE
1/0/1 on CE2 is the designated port.
[CE1] display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.000b-09f0-1b91
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.000b-09d4-b66c / 199999
CIST RegRoot/IRPC :32768.000b-09f0-1b91 / 0
CIST RootPortId :128.82
BPDU-Protection :disabled
TC or TCN received :2
STP Converge Mode :Fast
Time since last TC received :0 days 3h:53m:43s
----[Port17(GigabitEthernt1/0/1)][FORWARDING]----
Port Protocol :enabled
Port Role :CIST Root Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=199999
Desg. Bridge/Port :32768.000b-09d4-b66c / 128.82
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :3 packets/s
Protection Type :None
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
BPDU Sent :237
TCN: 0, Config: 0, RST: 0, MST: 237
BPDU Received :9607
TCN: 0, Config: 0, RST: 0, MST: 9607
[CE2] display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.000b-09d4-b66c
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.000b-09d4-b66c / 0
CIST RegRoot/IRPC :32768.000b-09d4-b66c / 0
CIST RootPortId :0.0
BPDU-Protection :disabled
TC or TCN received :1
STP Converge Mode :Fast
Time since last TC received :0 days 5h:29m:6s
----[Port17(GigabitEthernt1/0/1)][FORWARDING]----
Port Protocol :enabled
Port Role :CIST Designated Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=199999
Desg. Bridge/Port :32768.000b-09d4-b66c / 128.82
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :3 packets/s
Protection Type :None
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
BPDU Sent :7095
TCN: 0, Config: 0, RST: 0, MST: 7095
BPDU Received :2
TCN: 0, Config: 0, RST: 0, MST: 2
Running the display stp command on CE3 and CE4, you can check the MSTP root. CE3 and
CE4 calculate the spanning tree. GE 1/0/1 on CE3 is the root port; GE 1/0/1 on CE4 is the
designated port.
[CE3] display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.00e0-fc9f-3257
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00e0-fc9a-4315 / 199999
CIST RegRoot/IRPC :32768.00e0-fc9f-3257 / 0
CIST RootPortId :128.82
BPDU-Protection :disabled
TC or TCN received :4
STP Converge Mode :Fast
Time since last TC received :0 days 3h:57m:0s
----[Port17(GigabitEthernt1/0/1)][FORWARDING]----
Port Protocol :enabled
Port Role :CIST Root Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=199999
Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :3 packets/s
Protection Type :None
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
BPDU Sent :238
TCN: 0, Config: 0, RST: 0, MST: 238
BPDU Received :9745
TCN: 0, Config: 0, RST: 0, MST: 9745
[CE4] display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.00e0-fc9a-4315
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00e0-fc9a-4315 / 0
CIST RegRoot/IRPC :32768.00e0-fc9a-4315 / 0
CIST RootPortId :0.0
BPDU-Protection :disabled
TC or TCN received :2
STP Converge Mode :Fast
Time since last TC received :0 days 5h:33m:17s
----[Port17(GigabitEthernt1/0/1)][FORWARDING]----
Port Protocol :enabled
Port Role :CIST Designated Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=199999
Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :3 packets/s
Protection Type :None
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
BPDU Sent :7171
TCN: 0, Config: 0, RST: 0, MST: 7171
BPDU Received :2
TCN: 0, Config: 0, RST: 0, MST: 2
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
#
stp enable
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port trunk allow-pass vlan 100
bpdu-tunnel stp vlan 100
stp disable
#
interface GigabitEthernet1/0/2
undo shutdown
portswitch
port trunk allow-pass vlan 200
bpdu-tunnel stp vlan 200
stp disable
#
interface GigabitEthernet1/0/3
undo shutdown
portswitch
port trunk allow-pass vlan 100 200
#
return
undo shutdown
portswitch
port trunk allow-pass vlan 100 200
#
return
Networking Requirements
As shown in Figure 8-10, the CEs are connected through the PEs. The BPDUs sent from CE1
and CE2 to the PEs carry tag 100. The BPDUs sent from CE3 and CE4 to the PEs carry tag 200.
In this networking mode, configuring the BPDU tunnel function on the PEs can achieve the
following results:
In addition, to save public VLAN IDs, VLAN stacking can be configured on the PEs. After the
configuration, the BPDUs with tag 100 and tag 200 sent from the CEs to the PEs are labeled
with outer tag 10 and then transmitted in the ISP network. The BPDUs transmitted in the ISP
network, therefore, carry double tags.
In this example, the CEs and PEs are configured with different roles:
l The role of CEs is configured as customer. The default MAC address of the BPDUs of the
CEs is 0180-C200-0000.
l The role of PEs is configured as provider. The default MAC address of the BPDUs of the
CEs is 0180-C200-0008.
VLAN100
VLAN100
CE1 CE2
VLAN200 VLAN200
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l Inner tag values of the BPDUs sent from the CEs to the PEs
l Outer tag of the BPDUs added by the PEs
l IDs of the VLANs to which the PE interfaces and the CE interfaces belong
Procedure
Step 1 Switch the PE interfaces and CE interfaces to Layer 2 interfaces.
Using the portswitch command, you can switch all PE interfaces and CE interfaces in Figure
8-10 to Layer 2 interfaces.
NOTE
Step 2 Enable the STP function on the CEs and the PEs.
# Configure CE1.
[CE1] stp enable
# Configure CE2.
[CE2] stp enable
# Configure CE3.
[CE3] stp enable
# Configure CE4.
[CE4] stp enable
# Configure PE1.
[PE1] stp enable
# Configure PE2.
[PE2] stp enable
Step 3 Label the BPDUs sent from CE1 and CE2 to the PEs with tag 100. Label the BPDUs sent from
CE3 and CE4 to the PEs with tag 200.
# Configure CE1.
[CE1] vlan 100
[CE1-vlan100] quit
[CE1] interface gigabitethernet 1/0/1
[CE1-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
[CE1-GigabitEthernet1/0/1] stp bpdu vlan 100
[CE1-GigabitEthernet1/0/1] quit
# Configure CE2.
[CE2] vlan 100
[CE2-vlan100] quit
[CE2] interface gigabitethernet 1/0/1
[CE2-GigabitEthernet1/0/1] port trunk allow-pass vlan 100
[CE2-GigabitEthernet1/0/1] stp bpdu vlan 100
[CE2-GigabitEthernet1/0/1] quit
# Configure CE3.
[CE3] vlan 200
[CE3-vlan200] quit
[CE3] interface gigabitethernet 1/0/1
[CE3-GigabitEthernet1/0/1] port trunk allow-pass vlan 200
[CE3-GigabitEthernet1/0/1] stp bpdu vlan 200
[CE3-GigabitEthernet1/0/1] quit
# Configure CE4.
[CE4] vlan 200
[CE4-vlan200] quit
[CE4] interface gigabitethernet 1/0/1
[CE4-GigabitEthernet1/0/1] port trunk allow-pass vlan 200
[CE4-GigabitEthernet1/0/1] stp bpdu vlan 200
[CE4-GigabitEthernet1/0/1] quit
# Configure PE2.
[PE2] bpdu-tunnel stp bridge role provider
Step 5 Configure the QinQ function of the PEs. Label the VLAN100 packets and VLAN200 packets
from the CEs with tag 10 before the packets are transmitted in the PSN network.
# Configure PE1.
[PE1] vlan 10
[PE1-Vlan10] quit
[PE1] interface gigabitethernet 1/0/3
[PE1-GigabitEthernet1/0/3] port trunk allow-pass vlan 10
[PE1-GigabitEthernet1/0/3] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] port vlan-stacking vlan 100 stack-vlan 10
[PE1-GigabitEthernet1/0/1] stp disable
[PE1-GigabitEthernet1/0/1] quit
[PE1] interface gigabitethernet 1/0/2
[PE1-GigabitEthernet1/0/2] port vlan-stacking vlan 200 stack-vlan 10
[PE1-GigabitEthernet1/0/2] stp disable
[PE1-GigabitEthernet1/0/2] quit
# Configure PE2.
[PE2] vlan 10
[PE2-Vlan10] quit
[PE2] interface gigabitethernet 1/0/3
[PE2-GigabitEthernet1/0/3] port trunk allow-pass vlan 10
[PE2-GigabitEthernet1/0/3] quit
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] port vlan-stacking vlan 100 stack-vlan 10
[PE2-GigabitEthernet1/0/1] stp disable
[PE2-GigabitEthernet1/0/1] quit
[PE2] interface gigabitethernet 1/0/2
[PE2-GigabitEthernet1/0/2] port vlan-stacking vlan 200 stack-vlan 10
[PE2-GigabitEthernet1/0/2] stp disable
[PE2-GigabitEthernet1/0/2] quit
Running the display stp command on CE3 and CE4, you can check the MSTP root. CE3 and
CE4 calculate the spanning tree. GE 1/0/1 on CE3 is the root port; GE 1/0/1 on CE4 is the
designated port.
[CE3] display stp
-------[CIST Global Info][Mode MSTP]-------
CIST Bridge :32768.00e0-fc9f-3257
Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC :32768.00e0-fc9a-4315 / 199999
CIST RegRoot/IRPC :32768.00e0-fc9f-3257 / 0
CIST RootPortId :128.82
BPDU-Protection :disabled
TC or TCN received :4
STP Converge Mode :Fast
Time since last TC received :0 days 3h:57m:0s
----[Port17(GigabitEthernet1/0/1)][FORWARDING]----
Port Protocol :enabled
Port Role :CIST Root Port
Port Priority :128
Port Cost(Dot1T ) :Config=auto / Active=199999
Desg. Bridge/Port :32768.00e0-fc9a-4315 / 128.82
Port Edged :Config=disabled / Active=disabled
Point-to-point :Config=auto / Active=true
Transit Limit :3 packets/s
Protection Type :None
PortTimes :Hello 2s MaxAge 20s FwDly 15s RemHop 0
BPDU Sent :238
TCN: 0, Config: 0, RST: 0, MST: 238
Running the display vlan command on the PEs, you can view information about QinQ.
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 100
#
stp enable
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port trunk allow-pass vlan 100
stp bpdu vlan 100
#
return
#
interface GigabitEthernet1/0/3
undo shutdown
portswitch
port trunk allow-pass vlan 10
#
return
9 RRPP Configuration
The Rapid Ring Protection Protocol (RRPP) features fast convergence, because the convergence
time is irrelevant to the number of the nodes on the ring.
This section describes the typical application scenario of RRPP, including networking
requirements, configuration roadmap, and data preparation, and provides related configuration
files.
For most MANs and LANs, the ring network is adopted to provide high reliability. A fault of
any single node on the ring, however, affects the service. In general, the technology of the ring
network is the Ethernet ring.MANs and
The Rapid Spanning Tree Protocol (RSTP) or Multiple Spanning Tree Protocol (MSTP) and
Rapid Ring Protection Protocol (RRPP) are generally adopted to address the Layer 2 network
loop. RSTP/MSTP is highly adaptable; however, the convergence time is measured in seconds.
Compared with other Ethernet ring technologies, RRPP has the following features:
l Fast convergence.
l Convergence time is not related to the number of nodes on a ring network. Therefore, RRPP
can be applied to a large-scale network.
l RRPP can prevent broadcast storm caused by loops when an Ethernet ring network is
complete.
l On an Ethernet ring network, when a link is disconnected, a backup link immediately
resumes the normal communication between nodes.
RRPP Major-Ring
Assistant Master Node
RouterC
Master Node
Node RRPP Sub-Ring 2
Transit Node
SwitchB
l RRPP domain
An RRPP domain is identified uniquely with the domain ID, which is an integer.
The RRPP domain comprises a group of switches that are connected and configured with
the same domain ID and control VLAN. One RRPP domain consists of elements such as
the RRPP major ring and sub-ring, control VLAN, master node, transit node, common port
and edge port, and primary port and secondary port.
l RRPP ring
One RRPP ring corresponds only to one Ethernet ring topology. An RRPP ring is a part of
the RRPP domain. An RRPP domain can consist of one RRPP ring or multiple crossed
RRPP rings.
l RRPP major ring and sub-ring
If an RRPP domain consists of multiple crossed RRPP rings, you can set one ring to be the
major ring and other rings to be sub-rings by specifying their levels.
In one RRPP domain, there is only one RRPP major ring.
The protocol packets of the sub-ring are transmitted as data packets in the major ring. The
packets of the major ring are transmitted only in the major ring.
l Control VLAN of RRPP
The control VLAN is a concept related to the data VLAN. In the RRPP domain, the control
VLAN is only used to transmit RRPP protocol packets. The control VLAN contains only
RRPP interfaces.
One RRPP domain is configured with two control VLANs, that is, the major control VLAN
and sub-control VLAN. During configuration, you must specify only the major control
VLAN, and set the VLAN whose ID is equal to the major control VLAN ID plus 1 to the
sub-control VLAN.
The data VLAN is used to transmit data packets as against the control VLAN. The data
VLAN can contain both the RRPP port and non-RRPP port.
l Master node
On the Ethernet ring, each switch is called a node. On each RRPP ring, there must be only
one master node.
l Transit node
On an RRPP major ring, all nodes are transit nodes except the master node.
The transit node monitors the status of its directly connected RRPP links. When the link
status is changed, the transit node informs the master node. The master node decides how
to process the change.
l Edge node and assistant edge node
A switch is an edge node or an assistant edge node on the sub-ring, and it is a transit node
on the major ring.
On an RRPP sub-ring, either of the two nodes crossing with the major ring can be specified
as the edge node. On one sub-ring, there must be only one edge node.
On an RRPP sub-ring, if one of the two nodes crossed with the major ring is specified as
the edge node, the other node is the assistant edge node.
l Primary port and secondary port
On both the master node and transit node, one of the two ports to the Ethernet ring is the
primary port, and the other is the secondary port. The role of a port is decided by the user
configuration.
l Common port and Edge port
On an edge node or an assistant edge node, the port shared by the sub-ring and major ring
is called the common port. The port only on the sub-ring is called the edge port.
l The value of the Hello timer specifies the period taken by the master node to send the Hello
packet from the primary port.
l The value of the Fail timer specifies the maximum period delayed by the Hello packet to
reach the secondary port from the primary port.
Monitoring Interface
As shown in Figure 9-2, Metro Ethernet RRPP networking solution can realize the switchover
of Network Provider Edge (NPE).
PE-AGG A NPE A
BFD
RRPP ring
VLAN:101-200
UPE Core network
BFD for VRRP
UPE
RRPP ring
VLAN:1-100 BFD
PE-AGG B NPE B
UPE Master: VLAN101-200
Backup: VLAN1-100
LANSwitch DSLAM
Track interface
After monitoring interfaces are configured on PE-AGG nodes, RRPP rings can monitor the status
of the connections between PE-AGG nodes and NPEs. When the status of monitoring interfaces
or the status of bidirectional forwarding detection (BFD) on interfaces changes, each node on
RRPP rings updates its dynamic MAC address table. This ensures the continuity of the traffic
between master/backup NPEs and PE-AGG nodes.
RRPP Snooping
As shown in Figure 9-3, UPE A, UPE B, and NPE D comprise an RRPP ring. UPE A is the
master node, UPE B is the transit node, and VLAN 100 is the control VLAN.
The RRPP ring accesses the Virtual Private LAN Service (VPLS) network through sub-
interfaces GE 1/0/0.100 and GE 2/0/0.100 on NPE D. Sub-interfaces allow only the control
VLAN packets of the RRPP ring to pass through. In this manner, NPE D can transparently
transmit RRPP control packets through the sub-interfaces on both sides to ensure the structure
integrity of the RRPP ring. The RRPP protocol, however, is not run in NPE D.
NPE D transmits data packets of VLANs 10 to 20 on the RRPP ring through sub-interfaces GE
1/0/0.10 to GE 1/0/0.20, sub-interfaces GE 2/0/0.10 to GE 2/0/0.20, or the VLANIF interface.
Data packets in the RRPP ring are transparently transmitted to the upper layer network through
the VPLS network. For the details of access principles and transmission principles, refer to the
HUAWEI NetEngine80E/40E Router Configuration Guide - VPN.
NPE B
GE1/0/0.100 GE2/0/0.100
NPE D
GE RRPP ring
Control VLAN:100
P User VLAN:10~20
UPE A UPE B
S
The VPLS network cannot sense the change of the RRPP ring status because NPE nodes cannot
respond to the RRPP control packets. When the RRPP ring topology changes, each node in the
VPLS network forwards downstream data according to the MAC address table generated before
the RRPP ring topology changes. As a result, the downstream traffic cannot be forwarded.
After the RRPP snooping is enabled on the sub-interfaces GE 1/0/0.100 and GE 2/0/0.100 of
NPE D, NPE D can respond to the RRPP control packets. Then, NPE D can synchronize the
change of the RRPP ring status and refresh the MAC address table of the virtual switching
instance (VSI). This ensures that downstream traffic is normally forwarded.
Applicable Environment
RRPP is used for the networking of the single-ring or multiple crossed rings. When configuring
RRPP, you must configure all nodes on the RRPP ring.
NOTE
Pre-Configuration Tasks
Before configuring RRPP functions, complete the following tasks:
Data Preparation
To configure RRPP functions, you need the following data.
No. Data
4 Values of the Hello timer and Fail timer in the RRPP domain
Context
Perform the following steps on all switches in the RRPP domain:
Procedure
Step 1 Run:
system-view
When creating the RRPP domain, you must specify the domain ID. If the domain exists, the
domain view is directly displayed.
NOTE
The maximum number of RRPP rings that can be configured on a device is determined by the relevant
license. To purchase the License, you can contact the Huawei technical support personnel.
After RRPP is configured on a device, you can run the description command to configure the
description of the RRPP domain, including the RPPP domain ID, to facilitate maintenance.
----End
Context
Perform the following steps on all switches in the RRPP domain:
Procedure
Step 1 Run:
system-view
Step 2 Run:
rrpp domain domain-id
Step 3 Run:
control-vlan vlan-id
The control VLAN specified by vlan-id and the sub-control VLAN specified by vlan-id+1 must
be uncreated and not used in port trunk, mapping, or stacking mode.
After configuring the control VLAN, you cannot directly modify it. Instead, you can delete the
domain and reconfigure the control VLAN. Or you can delete the control VLAN using the undo
control-vlan command, and reconfigure the control VLAN. The sub-control VLAN is also
deleted when you delete the domain.
----End
Context
Perform the following steps on the master node in the RRPP domain:
Procedure
Step 1 Run:
system-view
Step 2 Run:
rrpp domain domain-id
Step 3 Run:
timer hello-timer hello-value fail-timer fail-value
The value of the Fail timer is equal to or more than three times the value of the Hello timer.
The value of the Edge-hello timer defaults to half the value of the Hello timer of the master node
on the major ring.
Set consistent Hello timers and Fail timers on all the nodes in the same RRPP ring domain;
otherwise, the edge ports of the edge nodes might be unstable.
Setting the Fail timer to 30 seconds is recommended. Temporary loop may occur if the default
value is used. For example, when RRPP multi-instance is used and multiple domains are
configured on one ring, a loop may occur if the default Fail timer is used.
----End
Context
NOTICE
If the board where the ports reside is pulled out, all RRPP configurations on the port are lost and
cannot recover automatically. To restore the RRPP configurations on the ports, run all the
commands about RRPP again.
Perform the following steps at the port that needs to be added into RRPP ring.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface { ethernet | gigabitethernet | eth-trunk } interface-number
The Layer 2 ports supported by RRPP are Ethernet, GigabitEthernet, and Eth-Trunk on Layer
2.
Interfaces enabled with MSTP and Eth-Trunk member interfaces cannot be configured as RRPP
ports.
Step 3 Run:
portswitch
The RRPP port should be set to a trunk or hybrid port because it allows packets from both the
control VLAN and the data VLAN to pass through.
Step 5 Run:
port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all }
The RRPP port is configured to allow the data VLAN frames to pass through.
NOTE
l The control VLAN is specified by the control-vlan command in the RRPP domain view and
automatically becomes the VLAN that is allowed on all RRPP interfaces. Therefore, you only need to
specify the data VLAN in this step.
l When RRPP ports are to be added to a VLAN, if VLANIF interfaces in this VLAN are enabled with
RRPP snooping, the RRPP ports cannot be added to the VLAN.
Step 6 Run:
stp disable
By default, STP is enabled on all ports of the device. Before creating an RRPP ring, you need
to disable STP at all ports to be added to the RRPP ring.
----End
Context
NOTE
By default, STP is enabled on all interfaces of the device. Before creating the RRPP ring, therefore, you
need to use the stp disable command to disable the STP function on the interfaces to be added to the RRPP
ring.
Procedure
Step 1 Run:
system-view
Step 2 Run:
rrpp domain domain-id
Step 3 Run:
ring ring-id node-mode { master | transit } primary-port interface-type interface-
number secondary-port interface-type interface-number level level-value
The level 0 refers to the major ring, while level 1 refers to the sub-ring. In one domain, there
must be only one major ring. The sub-ring can be created only after creating the major ring.
NOTE
When a major ring and a sub-ring are intersectant, it is recommended that you configure the major ring
before configuring the sub-ring. If you configure the sub-ring first, the broadcast storm of the protocol
packets may easily occur. The protocol packets of the major ring are then discarded by a transit node. It
causes the secondary port to fail to receive the protocol packets and therefore fail to be blocked. As a result,
the state of the RRPP ring is incorrect.
Step 4 Run:
The edge node and assistant edge node on the RRPP sub-ring are configured.
The common port of the edge node and assistant edge node must be on the major ring.
The system automatically sets the level of the ring where the edge node and assistant edge node
reside to 1.
NOTE
l The maximum number of RRPP rings that can be created on a device or in a domain is determined by
the relevant license. To purchase the license, you can contact the Huawei technical support personnel.
l The assistant edge node and edge node belong to an RRPP domain, and you cannot configure a device
as both the assistant edge node and edge node.
l If two devices are configured as assistant edge nodes incorrectly, broadcast storms may occur in the
sub-ring.
----End
Context
NOTE
l The RRPP ring can be activated only when both the RRPP ring and RRPP protocol are enabled.
l RRPP and RRPP snooping cannot be configured on the same interface.
Procedure
Step 1 Run:
system-view
Step 2 Run:
rrpp domain domain-id
Step 3 Run:
ring ring-id enable
----End
Context
NOTE
The RRPP ring can be activated only when both the RRPP ring and RRPP protocol are enabled.
Procedure
Step 1 Run:
system-view
----End
Prerequisites
RRPP function has been configured.
Procedure
l Run the display rrpp brief command to check the brief information about the RRPP
domain.
l Run the display rrpp verbose domain domain-id [ ring ring-id ] command to check the
detailed information about the RRPP domain.
l Run the display rrpp statistics domain domain-id [ ring ring-id ] command to check the
packet statistics of the RRPP domain.
----End
Example
Run the display rrpp brief command. You can view information such as the node mode, RRPP
status, protected VLAN, control VLAN, Linkup Delay timer and values of Hello timer and Fail
timer. For example:
<HUAWEI> display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
Domain Index : 1
Control VLAN : major 400 sub 401
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec)
Domain Index : 2
Control VLAN : major 200 sub 201
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec)
Ring Ring Node Primary/Common Secondary/Edge Is
ID Level Mode Port Port Enabled
---------------------------------------------------------------------------
1 0 M GigabitEthernet1/0/3 GigabitEthernet1/0/4 No
2 1 E GigabitEthernet1/0/3 GigabitEthernet1/0/5 No
Run the display rrpp verbose command. You can view the detailed information such as the
control VLAN, timers, node mode, and port status. For example:
<HUAWEI> display rrpp verbose domain 2 ring 2
Domain Index : 2
Control VLAN : major 200 sub 201
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec)
RRPP Ring : 2
Ring Level : 1
Node Mode : Edge
Ring State : Unknown
Is Enabled : Disable Is Active : No
Common port : GigabitEthernet1/0/3 Port status: UNKNOWN
Edge port : GigabitEthernet1/0/5 Port status: UNKNOWN
Run the display rrpp statistics command. You can view the sending and receiving statistics of
all types of packets. For example:
<HUAWEI> display rrpp statistics domain 1 ring 1
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Is Active : Yes
Primary port : GigabitEthernet1/0/0
Packet LINK COMMON COMPLETE EDGE MAJOR Packet
Direct HEALTH DOWN FDB FDB HELLO FAULT Total
-------------------------------------------------------------------------------
Send 5386 0 0 0 0 0 0
Rcv 0 0 0 0 0 0 0
Secondary port: GigabitEthernet1/0/1
Packet LINK COMMON COMPLETE EDGE MAJOR Packet
Direct HEALTH DOWN FDB FDB HELLO FAULT Total
-------------------------------------------------------------------------------
Send 0 0 0 0 0 0 0
Rcv 0 0 0 0 0 0 0
is configured as a monitoring interface is pulled out and a different port is inserted, the original
configuration of the monitoring interface is cleared.
Applicable Environment
The monitoring interface is used for the networking of NPEs connecting to RRPP switchover.
UPE
PE-AGG A NPE A
UPE
RRPP ring
UPE
RRPP ring
PE-AGG B NPE B
Pre-configuration Tasks
Before configuring an RRPP monitoring interface, complete RRPP ring configuration with
normal RRPP performance.
Data Preparation
To configure an RRPP monitoring interface, you need the following data.
No. Data
1 RRPP domain ID
2 RRPP ring ID
Context
Perform the following steps on the nodes connecting to NPE on the RRPP ring:
Procedure
Step 1 Run:
system-view
Step 2 Run:
rrpp domain domain-id
Step 3 Run:
ring ring-id track interface interface-type interface-number
The interface types are available as Ethernet interface, GigabitEthernet interface, Eth-Trunk
interface, Ethernet sub-interface, GigabitEthernet sub-interface, Eth-Trunk sub-interface, and
VLANIF interface.
Repeat the process when you need to configure more than one monitoring interfaces. On an
RRPP ring, a maximum of 8 monitoring interfaces can be configured.
NOTE
The maximum number of track interfaces that can be configured on a device is determined by the relevant
license. To purchase the License, you can contact the Huawei technical support personnel.
----End
Prerequisites
The monitoring interface function has been configured.
Procedure
Step 1 Run the display rrpp verbose domain domain-id [ ring ring-id ] command to check information
about the monitoring interface on the RRPP.
----End
Example
Run the display rrpp verbose command. You can view information about the monitoring
interface on the designated RRPP domain. For example:
# View the details of the main node on the RRPP of domain 1 and ring 1.
<HUAWEI> display rrpp verbose domain 1 ring 1
Domain Index : 1
Control VLAN : major 400 sub 401
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active : Yes
Primary port : GigabitEthernet1/0/0 Port status: UP
Secondary port: GigabitEthernet1/0/1 Port status: BLOCKED
Track interface: GigabitEthernet1/0/3
GigabitEthernet1/0/4
Applicable Environment
UPEs constructing an RRPP ring access the virtual private LAN service (VPLS) network where
UPEs reside, you need to configure the RRPP snooping on the NPE at the border of the RRPP
ring and the VPLS network. In this manner, the VPLS network between NPEs can sense the
change of the RRPP ring topology, and NPEs can timely update the MAC address table of the
virtual switch instance (VSI). This ensures the continuity of VPLS.
As shown in Figure 9-3, VPLS is run between NPEs, and RRPP is run among NPE D, UPE A,
and UPE B.
NPE B
GE1/0/0.100 GE2/0/0.100
NPE D
GE RRPP ring
Control VLAN:100
P User VLAN:10~20
UPE A UPE B
S
Pre-configuration Tasks
Before configuring the RRPP snooping, complete the following tasks:
Data Preparation
To configure the RRPP snooping, you need the following data.
No. Data
Context
NOTE
Perform the following steps on the NPEs at the border of the RRPP ring and the VPLS network:
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Choose one of the following commands to enter the view of the interface to be enabled with
RRPP snooping.
l Run the interface { ethernet | gigabitethernet | eth-trunk } interface-number.subinterface-
number command to enter the sub-interface view.
The sub-interface in this step must be configured with the control VLAN of RPPP using the
vlan-type dot1q command.
l Run the interface vlanif vlan-id command to enter the specified VLANIF interface view.
The number of the VLANIF interface must be consistent with to the control VLAN ID of
RRPP. For example, if the control VLAN ID of RRPP is 100, the VLANIF interface here
must be VLANIF 100.
Step 3 Run the rrpp snooping enable command to enable RRPP snooping.
This command can be run only after the sub-interface or VLANIF interface is bound to the VSI.
If the sub-interface or VLANIF interface is removed from the VSI, RRPP snooping is
automatically disabled on the interface.
After being enabled with RRPP snooping, the sub-interface or VLANIF interface is
automatically associated with the bound VSI.
A maximum of 32 interfaces of one device can be configured with RRPP snooping.
NOTE
The maximum number of interfaces that can be enabled with RRPP snooping is determined by the relevant
license. To purchase the License, you can contact the Huawei technical support personnel.
----End
Context
Perform the following steps on the NPE nodes at the border of an RRPP ring and a VPLS
network:
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run either of the following commands to enter the view of the RRPP snooping-enabled interface:
l Run the interface { ethernet | gigabitethernet | eth-trunk } interface-number.subinterface-
number command to enter the sub-interface view.
The sub-interface in this step must be configured with the control VLAN of RRPP by using
the vlan-type dot1q command.
l Run the interface vlanif interface-number command to enter the specified VLANIF interface
view.
The VLANIF interface in this step must correspond to the control VLAN of RRPP.For
example, if the control VLAN ID of RRPP is 100, the VLANIF interface here must be
VLANIF 100.
----End
Prerequisites
RRPP snooping function has been configured.
Procedure
l Run the display rrpp snooping enable { all | interface interface-type interface-number }
command to check the interface enabled with the RRPP snooping.
l Run the display rrpp snooping vsi { all | interface interface-type interface-number }
command to check the VSI associated with the RRPP snooping.
----End
Example
Run the display rrpp snooping enable command. If the interface enabled with the RRPP
snooping is displayed, it means that the configuration succeeds.For example:
<HUAWEI> display rrpp snooping enable all
Port VsiName Vlan
------------------------------------------------------------
GigabitEthernet1/0/1.1 name1 100
GigabitEthernet1/0/1.2 name2 200
Run the display rrpp snooping vsi command. If the name of the VSI associated with the RRPP
snooping is displayed, it means that the configuration succeeds.For example:
Context
NOTICE
RRPP statistics cannot be restored once cleared. Therefore, confirm the action before you use
the command.
To clear the RRPP statistics, run the following reset command in the user view:
Procedure
Step 1 Run the reset rrpp statistics domain domain-id [ ring ring-id ] command in the user view to
clear the statistics of RRPP.
----End
NOTE
This document takes interface numbers and link types of the NE40E-X8 as an example. In working
situations, the actual interface numbers and link types may be different from those used in this document.
Networking Requirements
As shown in Figure 9-6, RouterA, RouterB, and RouterC support the RRPP function. RouterA,
RouterB, and RouterC construct ring 1 in domain 1.
GE2/0/1 GE2/0/1
Ring 1
GE2/0/2
GE2/0/2 RouterC
GE2/0/1
RouterA
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 RouterA, RouterB, and RouterC construct ring 1 in domain 1.
l Create an RRPP domain and its control VLAN.
# Configure the domain of RouterA, the master node of ring 1, to be 1, and the ID of the
major control VLAN to be 20.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] rrpp domain 1
[RouterA-rrpp-domain-region1] control-vlan 20
[RouterA-rrpp-domain-region1] quit
# Configure the domain of RouterB, a transit node of ring 1, to be 1, and the ID of the major
control VLAN to be 20.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] rrpp domain 1
[RouterB-rrpp-domain-region1] control-vlan 20
[RouterB-rrpp-domain-region1] quit
# Configure the domain of RouterC, a transit node of ring 1, to be 1, and the ID of the major
control VLAN to be 20.
<HUAWEI> system-view
[HUAWEI] sysname RouterC
[RouterC] rrpp domain 1
[RouterC-rrpp-domain-region1] control-vlan 20
[RouterC-rrpp-domain-region1] quit
l Disable the STP function on the interfaces to be added to the RRPP ring.
# Disable the STP function on the interfaces to be added to the RRPP ring on RouterA.
[RouterA] interface gigabitethernet 2/0/1
[RouterA-GigabitEthernet2/0/1] undo shutdown
[RouterA-GigabitEthernet2/0/1] portswitch
[RouterA-GigabitEthernet2/0/1] stp disable
[RouterA-GigabitEthernet2/0/1] quit
[RouterA] interface gigabitethernet 2/0/2
[RouterA-GigabitEthernet2/0/2] undo shutdown
[RouterA-GigabitEthernet2/0/2] portswitch
[RouterA-GigabitEthernet2/0/2] stp disable
[RouterA-GigabitEthernet2/0/2] quit
# Disable the STP function on the interfaces to be added to the RRPP ring on RouterB.
[RouterB] interface gigabitethernet 2/0/1
[RouterB-GigabitEthernet2/0/1] undo shutdown
[RouterB-GigabitEthernet2/0/1] portswitch
[RouterB-GigabitEthernet2/0/1] stp disable
[RouterB-GigabitEthernet2/0/1] quit
[RouterB] interface gigabitethernet 2/0/2
[RouterB-GigabitEthernet2/0/2] undo shutdown
[RouterB-GigabitEthernet2/0/2] portswitch
[RouterB-GigabitEthernet2/0/2] stp disable
[RouterB-GigabitEthernet2/0/2] quit
# Disable the STP function on the interfaces to be added to the RRPP ring on RouterC.
[RouterC] interface gigabitethernet 2/0/1
[RouterC-GigabitEthernet2/0/1] undo shutdown
[RouterC-GigabitEthernet2/0/1] portswitch
[RouterC-GigabitEthernet2/0/1] stp disable
[RouterC-GigabitEthernet2/0/1] quit
[RouterC] interface gigabitethernet 2/0/2
[RouterC-GigabitEthernet2/0/2] undo shutdown
[RouterC-GigabitEthernet2/0/2] portswitch
[RouterC-GigabitEthernet2/0/2] stp disable
[RouterC-GigabitEthernet2/0/2] quit
Step 2 Configure RouterA as the master node in ring 1, and RouterB and RouterC as transit nodes in
ring 1.
l Create an RRPP ring.
# Configure RouterA as the master node of RRPP ring 1 and specify primary and secondary
interfaces.
[RouterA] rrpp domain 1
[RouterA-rrpp-domain-region1] ring 1 node-mode master primary-port
gigabitethernet 2/0/1 secondary-port gigabitethernet 2/0/2 level 0
[RouterA-rrpp-domain-region1] ring 1 enable
[RouterA-rrpp-domain-region1] quit
# Configure RouterB as a transit node of RRPP major ring 1 and specify primary and
secondary interfaces.
[RouterB] rrpp domain 1
[RouterB-rrpp-domain-region1] ring 1 node-mode transit primary-port
gigabitethernet 2/0/1 secondary-port gigabitethernet 2/0/2 level 0
# Configure RouterC as a transit node of RRPP ring 1 and specify primary and secondary
interfaces.
[RouterC] rrpp domain 1
[RouterC-rrpp-domain-region1] ring 1 node-mode transit primary-port
gigabitethernet 2/0/1 secondary-port gigabitethernet 2/0/2 level 0
[RouterC-rrpp-domain-region1] ring 1 enable
[RouterC-rrpp-domain-region1] quit
l Enable RRPP.
After configuring an RRPP ring, you need to enable RRPP on each node on the ring. In this
manner, the RRPP ring can be activated. The configuration procedure is as follows:
# Enable RRPP on RouterA.
[RouterA] rrpp enable
After the configuration, perform the following procedures to verify the previous configuration.
Take the display on RouterA as an example:
l On RouterA, run the display rrpp brief command. The following results are displayed.
[RouterA] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
Domain Index : 1
Control VLAN : major 20 sub 21
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec)
Ring Ring Node Primary Secondary/Edge Is
ID Level Mode Port Port Enabled
---------------------------------------------------------------------------
1 0 M GigabitEthernet2/0/1 GigabitEthernet2/0/2 Yes
You can view that RRPP is enabled on RouterA. In domain 1, VLAN 20 is the major control
VLAN, VLAN 21 is the sub-control VLAN, and RouterA is the master node in major ring
1 with the primary interface and secondary interface respectively as GigabitEthernet 2/0/1
and GigabitEthernet 2/0/2.
l On RouterA, run the display rrpp verbose domain command. The following results are
displayed.
# View detailed information about RouterA in domain 1.
[RouterA] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 20 sub 21
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active : Yes
----End
Configuration Files
l Configuration file of RouterA
#
sysname RouterA
#
vlan batch 20 to 21
#
rrpp enable
#
rrpp domain 1
control-vlan 20
ring 1 node-mode master primary-port GigabitEthernet 2/0/1 secondary-port
GigabitEthernet 2/0/2 level 0
ring 1 enable
#
interface GigabitEthernet2/0/1
undo shutdown
portswitch
port trunk allow-pass vlan 20 to 21
stp disable
#
interface GigabitEthernet2/0/2
undo shutdown
portswitch
port trunk allow-pass vlan 20 to 21
stp disable
#
return
#
vlan batch 20 to 21
#
rrpp enable
#
rrpp domain 1
control-vlan 20
ring 1 node-mode transit primary-port GigabitEthernet 2/0/1 secondary-port
GigabitEthernet 2/0/2 level 0
ring 1 enable
#
interface GigabitEthernet2/0/1
undo shutdown
portswitch
port trunk allow-pass vlan 20 to 21
stp disable
#
interface GigabitEthernet2/0/2
undo shutdown
portswitch
port trunk allow-pass vlan 20 to 21
stp disable
#
return
Networking Requirements
As shown in Figure 9-7, RouterA, RouterB, RouterC, and RouterD support the RRPP function.
Configure RouterA, RouterB, and RouterD to be major Ring 1 in Domain 1. RouterA,
RouterC, and RouterD to be Sub-Ring 2 in Domain 1 are configured. Control VLAN ID is
10.This RRPP ring sends user packages of VLAN 1 to VLAN 9.
GE1/0/2 GE1/0/3
RouterC
sub-ring RouterA
GE1/0/1
GE1/0/1 GE1/0/2
GE1/0/2
GE1/0/3 RouterD
major ring GE1/0/1
GE2/0/1
RouterB
GE2/0/2
Configuration Roadmap
1. The configuration roadmap is as follows:Configure RouterA, RouterB, and RouterD as the
major Ring 1 in domain 1.Major control VLAN ID is 10.The VLAN IDs whose service
traffic is allowed to pass through the major ring and sub-ring are VLAN 1 to VLAN 9.
2. Configure RouterA, RouterB, and RouterD as the Sub-ring 2 in domain 1.
3. Configure RouterB as the master node on the major ring and RouterA and RouterD as transit
nodes on the major ring.
4. Configure RouterC as the master node on the sub-ring. Configure RouterA as the edge node
on the sub-ring and RouterD as the assistant edge node on the sub-ring.
Data Preparation
To configure this, you need the following data:
l Number of the interfaces to be added to RRPP rings
l Control VLAN ID and data VLAN ID
Procedure
Step 1 Configure RouterB as the master node of the major ring.
# Create data VLAN 1 to VLAN 9 on RouterB.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] vlan batch 1 to 9
# Configure Domain 1 on RouterB and set VLAN 10 to be the major control VLAN.
[RouterB] rrpp enable
[RouterB] rrpp domain 1
[RouterB-rrpp-domain-region1] control-vlan 10
[RouterB-rrpp-domain-region1] quit
# Disable STP on the interfaces to be added to the RRPP ring, and set the RRPP port as trunk
port.
[RouterB] interface gigabitethernet2/0/1
[RouterB-GigabitEthernet2/0/1] undo shutdown
[RouterB-GigabitEthernet2/0/1] portswitch
[RouterB-GigabitEthernet2/0/1] port link-type trunk
[RouterB-GigabitEthernet2/0/1] port trunk allow-pass vlan 1 to 9
[RouterB-GigabitEthernet2/0/1] stp disable
[RouterB-GigabitEthernet2/0/1] quit
[RouterB] interface gigabitethernet2/0/2
[RouterB-GigabitEthernet2/0/2] undo shutdown
[RouterB-GigabitEthernet2/0/2] portswitch
[RouterB-GigabitEthernet2/0/2] port link-type trunk
[RouterB-GigabitEthernet2/0/2] port trunk allow-pass vlan 1 to 9
[RouterB-GigabitEthernet2/0/2] stp disable
[RouterB-GigabitEthernet2/0/2] quit
# Configure the primary port and secondary port of the master node on the RRPP major ring.
[RouterB] rrpp domain 1
[RouterB-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet
2/0/1 secondary-port gigabitethernet 2/0/2 level 0
# Configure Domain 1 on RouterC and set VLAN 10 to be the major control VLAN.
[RouterC] rrpp enable
[RouterC] rrpp domain 1
[RouterC-rrpp-domain-region1] control-vlan 10
[RouterC-rrpp-domain-region1] quit
# Disable STP on the port to be added to the RRPP ring, and set the RRPP port as a trunk port.
[RouterC] interface gigabitethernet1/0/1
[RouterC-GigabitEthernet1/0/1] undo shutdown
[RouterC-GigabitEthernet1/0/1] portswitch
[RouterC-GigabitEthernet1/0/1] port link-type trunk
[RouterC-GigabitEthernet1/0/1] port trunk allow-pass vlan 1 to 9
[RouterC-GigabitEthernet1/0/1] stp disable
[RouterC-GigabitEthernet1/0/1] quit
[RouterC] interface gigabitethernet1/0/2
[RouterC-GigabitEthernet1/0/2] undo shutdown
[RouterC-GigabitEthernet1/0/2] portswitch
[RouterC-GigabitEthernet1/0/2] port link-type trunk
[RouterC-GigabitEthernet1/0/2] port trunk allow-pass vlan 1 to 9
[RouterC-GigabitEthernet1/0/2] stp disable
[RouterC-GigabitEthernet1/0/2] quit
# Configure the primary port and secondary port of the master node on the RRPP sub-ring.
[RouterC] rrpp domain 1
[RouterC-rrpp-domain-region1] ring 2 node-mode master primary-port gigabitethernet
1/0/1 secondary-port gigabitethernet 1/0/2 level 1
[RouterC-rrpp-domain-region1] ring 2 enable
[RouterC-rrpp-domain-region1] quit
Step 3 Configure RouterA to be the transit node in the major ring and the edge node on the sub-ring
respectively.
# Create data VLAN 1 to VLAN 9 on RouterA.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] vlan batch 1 to 9
# Configure Domain 1 on RouterA and set VLAN 10 to be the major control VLAN.
[RouterA] rrpp enable
[RouterA] rrpp domain 1
[RouterA-rrpp-domain-region1] control-vlan 10
[RouterA-rrpp-domain-region1] quit
# Disable STP on the ports that will be added to RRPP ring, and set RRPP port as a trunk port.
[RouterA] interface gigabitethernet1/0/1
[RouterA-GigabitEthernet1/0/1] undo shutdown
[RouterA-GigabitEthernet1/0/1] portswitch
[RouterA-GigabitEthernet1/0/1] port link-type trunk
[RouterA-GigabitEthernet1/0/1] port trunk allow-pass vlan 1 to 9
[RouterA-GigabitEthernet1/0/1] stp disable
[RouterA-GigabitEthernet1/0/1] quit
# Configure the primary port and secondary port of the transit node on the RRPP major ring.
[RouterA] rrpp domain 1
[RouterA-rrpp-domain-region1] ring 1 node-mode transit primary-port
gigabitethernet 1/0/2 secondary-port gigabitethernet 1/0/1 level 0
[RouterA-rrpp-domain-region1] ring 1 enable
[RouterA-rrpp-domain-region1] quit
# Configure the common port and edge port of the edge node on the RRPP sub-ring.
[RouterA] rrpp domain 1
[RouterA-rrpp-domain-region1] ring 2 node-mode edge common-port gigabitethernet
1/0/2 edge-port gigabitethernet 1/0/3
[RouterA-rrpp-domain-region1] ring 2 enable
[RouterA-rrpp-domain-region1] quit
Step 4 Configure RouterD to be the transit node on the major ring and the assistant edge node on the
sub-ring respectively.
# Create data VLAN 1 to VLAN 9 on RouterD.
<HUAWEI> system-view
[HUAWEI] sysname RouterD
[RouterD] vlan batch 1 to 9
# Configure Domain 1 on RouterD and set VLAN 10 to be the major control VLAN.
[RouterD] rrpp enable
[RouterD] rrpp domain 1
[RouterD-rrpp-domain-region1] control-vlan 10
[RouterD-rrpp-domain-region1] quit
# Disable STP on the port to be added to RRPP ring, and set the RRPP port as trunk port.
[RouterD] interface gigabitethernet1/0/1
[RouterD-GigabitEthernet1/0/1] undo shutdown
[RouterD-GigabitEthernet1/0/1] portswitch
[RouterD-GigabitEthernet1/0/1] port link-type trunk
[RouterD-GigabitEthernet1/0/1] port trunk allow-pass vlan 1 to 9
[RouterD-GigabitEthernet1/0/1] stp disable
[RouterD-GigabitEthernet1/0/1] quit
[RouterD] interface gigabitethernet1/0/2
[RouterD-GigabitEthernet1/0/2] portswitch
[RouterD-GigabitEthernet1/0/2] undo shutdown
[RouterD-GigabitEthernet1/0/2] port link-type trunk
[RouterD-GigabitEthernet1/0/2] port trunk allow-pass vlan 1 to 9
[RouterD-GigabitEthernet1/0/2] stp disable
[RouterD-GigabitEthernet1/0/2] quit
[RouterD] interface gigabitethernet1/0/3
[RouterD-GigabitEthernet1/0/3] undo shutdown
[RouterD-GigabitEthernet1/0/3] portswitch
[RouterD-GigabitEthernet1/0/3] port link-type trunk
[RouterD-GigabitEthernet1/0/3] port trunk allow-pass vlan 1 to 9
# Configure the primary port and secondary port of the transit node on the RRPP major ring.
[RouterD] rrpp domain 1
[RouterD-rrpp-domain-region1] ring 1 node-mode transit primary-port
gigabitethernet 1/0/2 secondary-port gigabitethernet 1/0/1 level 0
[RouterD-rrpp-domain-region1] ring 1 enable
[RouterD-rrpp-domain-region1] quit
# Configure the common port and edge port of the assistant edge node on the RRPP sub-ring.
[RouterD] rrpp domain 1
[RouterD-rrpp-domain-region1] ring 2 node-mode assistant-edge common-port
gigabitethernet 1/0/2 edge-port gigabitethernet 1/0/3
[RouterD-rrpp-domain-region1] ring 2 enable
[RouterD-rrpp-domain-region1] quit
You can view that RRPP on RouterB is enabled. The major control VLAN ID is 10, and the
sub control VLAN ID is 11. RouterB is the master node on the major ring with the primary
port and the secondary port as GE 2/0/1 and GE 2/0/2 respectively.
l On RouterB, run the display rrpp verbose domain command. The configuration is displayed
as follows:
[RouterB] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 10 sub 11
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active : Yes
Primary port : GigabitEthernet2/0/1 Port status: UP
Secondary port: GigabitEthernet2/0/2 Port status: BLOCKED
You can view that the ring is in the Complete state and the secondary port of the master node
is blocked.
l On RouterC, run the display rrpp brief command. The configuration is displayed as follows:
[RouterC] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
RRPP Protocol Status: Enable
Number of RRPP Domains: 1
Domain Index : 1
Control VLAN : major 10 sub 11
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec)
Ring Ring Node Primary Secondary/Edge Is
ID Level Mode Port Port Enabled
-------------------------------------------------------------------------
2 1 M GigabitEthernet1/0/1 GigabitEthernet1/0/2 Yes
Here, RRPP on RouterC is enabled. The major control VLAN ID is 10, and the sub control
VLAN ID is 11. RouterC is the master node on the sub-ring, with the primary port and the
secondary port as GE 1/0/1 and GE 1/0/2 respectively.
l On RouterC, run the display rrpp verbose domain command. The configuration is displayed
as follows:
[RouterC] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 10 sub 11
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec)
RRPP Ring : 2
Ring Level : 1
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active : Yes
Primary port : GigabitEthernet1/0/1 Port status: UP
Secondary port: GigabitEthernet1/0/2 Port status: BLOCKED
You can view that the sub-ring is in the Complete state and the secondary port of the master
node on the sub-ring is blocked.
l On RouterA, run the display rrpp brief command. The configuration is displayed as follows:
[RouterA] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
RRPP Protocol Status: Enable
Number of RRPP Domains: 1
Domain Index : 1
Control VLAN : major 10 sub 11
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec)
Ring Ring Node Primary Secondary/Edge Is
ID Level Mode Port Port Enabled
-------------------------------------------------------------------------
1 0 T GigabitEthernet1/0/2 GigabitEthernet1/0/1 Yes
2 1 E GigabitEthernet1/0/2 GigabitEthernet1/0/3 Yes
RRPP is enabled on RouterA. The major control VLAN ID is 10 and the sub control VLAN
ID is 11. RouterA is the transit node on the major Ring 1, with the primary port and secondary
port as GE 1/0/2 and GE 1/0/1 respectively.At the same time, RouterA is the edge node on
the sub-ring 2, the common port is GE 1/0/2, and the edge port is GE 1/0/3.
l On RouterA, run the display rrpp verbose domain command. The configuration is
displayed as follows:
[RouterA] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 10 sub 11
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : Linkup
Is Enabled : Enable Is Active : Yes
Primary port : GigabitEthernet1/0/2 Port status: UP
Secondary port: GigabitEthernet1/0/1 Port status: UP
RRPP Ring : 2
Ring Level : 1
l On RouterD, run the display rrpp brief command. The configuration is displayed as follows:
[RouterD] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
RRPP Protocol Status: Enable
Number of RRPP Domains: 1
Domain Index : 1
Control VLAN : major 10 sub 11
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec)
Ring Ring Node Primary Secondary/Edge Is
ID Level Mode Port Port Enabled
-------------------------------------------------------------------------
1 0 T GigabitEthernet1/0/2 GigabitEthernet1/0/1 Yes
2 1 A GigabitEthernet1/0/2 GigabitEthernet1/0/3 Yes
RRPP is enabled on RouterD. VLAN 10 is the major control VLAN and VLAN 11 is the
sub control VLAN. RouterD is the transit node on the major ring 1, with the primary interface
and secondary interface as GE 1/0/2 and GE 1/0/1 respectively. RouterD is the assistant edge
node on the sub-ring 2, with the common interface and edge interface as GE 1/0/2 and GE
1/0/3 respectively.
l On RouterD, run the display rrpp verbose domain command. The configuration is
displayed as follows:
[RouterD] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 10 sub 11
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : Linkup
Is Enabled : Enable Is Active : Yes
Primary port : GigabitEthernet1/0/2 Port status: UP
Secondary port: GigabitEthernet1/0/1 Port status: UP
RRPP Ring : 2
Ring Level : 1
Node Mode : Assistant-edge
Ring State : Linkup
Is Enabled : Disable Is Active : No
Common port : GigabitEthernet1/0/2 Port status: UP
Edge port : GigabitEthernet1/0/3 Port status: UP
----End
Configuration Files
l Configuration file of RouterA
#
sysname RouterA
#
vlan batch 1 to 11
#
rrpp enable
#
rrpp domain 1
control-vlan 10
ring 1 node-mode transit primary-port gigabitethernet 1/0/2 secondary-port
gigabitethernet 1/0/1 level 0
ring 1 enable
ring 2 node-mode edge common-port gigabitethernet 1/0/2 edge-port
gigabitethernet 1/0/3
ring 2 enable
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 1 to 11
stp disable
#
interface GigabitEthernet1/0/2
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 1 to 11
stp disable
#
interface GigabitEthernet1/0/3
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 1 to 9 11
stp disable
#
return
control-vlan 10
ring 2 node-mode master primary-port GigabitEthernet1/0/1 secondary-port
GigabitEthernet1/0/2 level 1
ring 2 enable
#
interface GigabitEthernet1/0/1
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 1 to 9 11
stp disable
#
interface GigabitEthernet1/0/2
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 1 to 9 11
stp disable
#
return
Networking Requirements
As shown in Figure 9-8, RouterA, RouterB, RouterC, RouterD, and RouterE support the RRPP
function. RouterA, RouterB, and RouterC construct ring 2 in domain 2. RouterC, RouterE, and
RouterD construct ring 1 in domain 1. RouterC is the tangent point of the two rings.
Domain 2 Domain 1
Configuration Roadmap
The configuration roadmap is as follows:
1. RouterC, RouterE, and RouterD construct ring 1 in domain 1.RouterA, RouterB, and
RouterC construct ring 2 in domain 2.
2. Configure RouterE as the master node in ring 1, and RouterC and RouterD as transit nodes
in ring 1.Configure RouterA as the master node in ring 2, and RouterB and RouterC as
transit nodes in ring 2.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 RouterC, RouterE, and RouterD construct ring 1 in domain 1.RouterA, RouterB, and RouterC
construct ring 2 in domain 2.
l Create an RRPP domain and its control VLAN.
# Configure the domain of RouterE, the master node of ring 1, to be 1, and the ID of the
major control VLAN to be 10.
<HUAWEI> system-view
# Configure the domain of RouterC, a transit node of ring 1, to be 1, and the ID of the major
control VLAN to be 10.
<HUAWEI> system-view
[HUAWEI] sysname RouterC
[RouterC] rrpp domain 1
[RouterC-rrpp-domain-region1] control-vlan 10
[RouterC-rrpp-domain-region1] quit
# Configure the domain of RouterD, a transit node of ring 1, to be 1, and the ID of the major
control VLAN to be 10.
<HUAWEI> system-view
[HUAWEI] sysname RouterD
[RouterD] rrpp domain 1
[RouterD-rrpp-domain-region1] control-vlan 10
[RouterD-rrpp-domain-region1] quit
# Configure the domain of RouterA, the master node of ring 2, to be 2, and the ID of the
major control VLAN to be 20.
<HUAWEI> system-view
[HUAWEI] sysname RouterA
[RouterA] rrpp domain 2
[RouterA-rrpp-domain-region2] control-vlan 20
[RouterA-rrpp-domain-region2] quit
# Configure the domain of RouterB, a transit node of ring 2, to be 2, and the ID of the major
control VLAN to be 20.
<HUAWEI> system-view
[HUAWEI] sysname RouterB
[RouterB] rrpp domain 2
[RouterB-rrpp-domain-region2] control-vlan 20
[RouterB-rrpp-domain-region2] quit
# Configure the domain of RouterC, a transit node of ring 2, to be 2, and the ID of the major
control VLAN to be 20.
<HUAWEI> system-view
[HUAWEI] sysname RouterC
[RouterC] rrpp domain 2
[RouterC-rrpp-domain-region2] control-vlan 20
[RouterC-rrpp-domain-region2] quit
You can configure two timers for tangent points because two tangent rings reside in different domains.
# Configure a timer for the master node RouterE on ring 1.
[RouterE] rrpp domain 1
[RouterE-rrpp-domain-region1] timer hello-timer 2 fail-timer 7
[RouterE-rrpp-domain-region1] quit
l Disable the STP function on the interfaces to be added to the RRPP ring.
# Disable the STP function on the interfaces to be added to the RRPP ring on RouterA.
[RouterA] interface gigabitethernet 2/0/1
[RouterA-GigabitEthernet2/0/1] undo shutdown
[RouterA-GigabitEthernet2/0/1] portswitch
[RouterA-GigabitEthernet2/0/1] stp disable
[RouterA-GigabitEthernet2/0/1] quit
[RouterA] interface gigabitethernet 2/0/2
[RouterA-GigabitEthernet2/0/2] undo shutdown
[RouterA-GigabitEthernet2/0/2] portswitch
[RouterA-GigabitEthernet2/0/2] stp disable
[RouterA-GigabitEthernet2/0/2] quit
# Disable the STP function on the interfaces to be added to the RRPP ring on RouterB.
[RouterB] interface gigabitethernet 2/0/1
[RouterB-GigabitEthernet2/0/1] undo shutdown
[RouterB-GigabitEthernet2/0/1] portswitch
[RouterB-GigabitEthernet2/0/1] stp disable
[RouterB-GigabitEthernet2/0/1] quit
[RouterB] interface gigabitethernet 2/0/2
[RouterB-GigabitEthernet2/0/2] undo shutdown
[RouterB-GigabitEthernet2/0/2] portswitch
[RouterB-GigabitEthernet2/0/2] stp disable
[RouterB-GigabitEthernet2/0/2] quit
# Disable the STP function on the interfaces to be added to the RRPP ring on RouterC.
[RouterC] interface gigabitethernet 2/0/1
[RouterC-GigabitEthernet2/0/1] undo shutdown
[RouterC-GigabitEthernet2/0/1] portswitch
[RouterC-GigabitEthernet2/0/1] stp disable
[RouterC-GigabitEthernet2/0/1] quit
[RouterC] interface gigabitethernet 2/0/2
[RouterC-GigabitEthernet2/0/2] undo shutdown
[RouterC-GigabitEthernet2/0/2] portswitch
[RouterC-GigabitEthernet2/0/2] stp disable
[RouterC-GigabitEthernet2/0/2] quit
[RouterC] interface gigabitethernet 1/0/1
[RouterC-GigabitEthernet1/0/1] undo shutdown
[RouterC-GigabitEthernet1/0/1] portswitch
[RouterC-GigabitEthernet1/0/1] stp disable
[RouterC-GigabitEthernet1/0/1] quit
[RouterC] interface gigabitethernet 1/0/2
[RouterC-GigabitEthernet1/0/2] undo shutdown
[RouterC-GigabitEthernet1/0/2] portswitch
[RouterC-GigabitEthernet1/0/2] stp disable
[RouterC-GigabitEthernet1/0/2] quit
# Disable the STP function on the interfaces to be added to the RRPP ring on RouterE.
[RouterE] interface gigabitethernet 1/0/1
[RouterE-GigabitEthernet1/0/1] undo shutdown
[RouterE-GigabitEthernet1/0/1] portswitch
[RouterE-GigabitEthernet1/0/1] stp disable
[RouterE-GigabitEthernet1/0/1] quit
[RouterE] interface gigabitethernet 1/0/2
[RouterE-GigabitEthernet1/0/2] undo shutdown
[RouterE-GigabitEthernet1/0/2] portswitch
[RouterE-GigabitEthernet1/0/2] stp disable
[RouterE-GigabitEthernet1/0/2] quit
# Disable the STP function on the interfaces to be added to the RRPP ring on RouterD.
[RouterD] interface gigabitethernet 1/0/1
[RouterD-GigabitEthernet1/0/1] undo shutdown
[RouterD-GigabitEthernet1/0/1] portswitch
[RouterD-GigabitEthernet1/0/1] stp disable
[RouterD-GigabitEthernet1/0/1] quit
[RouterD] interface gigabitethernet 1/0/2
[RouterD-GigabitEthernet1/0/2] undo shutdown
[RouterD-GigabitEthernet1/0/2] portswitch
[RouterD-GigabitEthernet1/0/2] stp disable
[RouterD-GigabitEthernet1/0/2] quit
Step 2 Configure RouterE as the master node in ring 1, and RouterC and RouterD as transit nodes in
ring 1.Configure RouterA as the master node in ring 2, and RouterB and RouterC as transit nodes
in ring 2.
l Create an RRPP ring.
– Configure nodes on ring 1. The configuration procedure is as follows:
# Configure RouterE as the master node of RRPP ring 1 and specify primary and
secondary interfaces.
[RouterE] rrpp domain 1
[RouterE-rrpp-domain-region1] ring 1 node-mode master primary-port
gigabitethernet 1/0/1 secondary-port gigabitethernet 1/0/2 level 0
[RouterE-rrpp-domain-region1] ring 1 enable
[RouterE-rrpp-domain-region1] quit
# Configure RouterC as a transit node of RRPP ring 1 and specify primary and secondary
interfaces.
[RouterC] rrpp domain 1
[RouterC-rrpp-domain-region1] ring 1 node-mode transit primary-port
gigabitethernet 1/0/1 secondary-port gigabitethernet 1/0/2 level 0
[RouterC-rrpp-domain-region1] ring 1 enable
[RouterC-rrpp-domain-region1] quit
# Configure RouterD as a transit node of RRPP ring 1 and specify primary and secondary
interfaces.
[RouterD] rrpp domain 1
[RouterD-rrpp-domain-region1] ring 1 node-mode transit primary-port
gigabitethernet 1/0/1 secondary-port gigabitethernet 1/0/2 level 0
[RouterD-rrpp-domain-region1] ring 1 enable
[RouterD-rrpp-domain-region1] quit
# Configure RouterB as a transit node of RRPP ring 2 and specify primary and secondary
interfaces.
[RouterB] rrpp domain 2
[RouterB-rrpp-domain-region2] ring 2 node-mode transit primary-port
gigabitethernet 2/0/1 secondary-port gigabitethernet 2/0/2 level 0
# Configure RouterC as a transit node of RRPP ring 2 and specify primary and secondary
interfaces.
[RouterC] rrpp domain 2
[RouterC-rrpp-domain-region2] ring 2 node-mode transit primary-port
gigabitethernet 2/0/1 secondary-port gigabitethernet 2/0/2 level 0
[RouterC-rrpp-domain-region2] ring 2 enable
[RouterC-rrpp-domain-region2] quit
l Enable RRPP.
After configuring an RRPP ring, you need to enable RRPP on each node on the ring. In this
manner, the RRPP ring can be activated. The configuration procedure is as follows:
# Enable RRPP on RouterA.
[RouterA] rrpp enable
After the configuration, perform the following procedures to verify the previous configuration.
Take the display on RouterC as an example:
l On RouterC, run the display rrpp brief command. The following results are displayed.
[RouterC] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
RRPP Protocol Status: Enable
Number of RRPP Domains: 2
Domain Index : 1
Control VLAN : major 10 sub 11
Hello Timer : 2 sec(default is 1 sec) Fail Timer : 7 sec(default is 3 sec)
Ring Ring Node Primary Secondary/Edge Is
ID Level Mode Port Port Enabled
---------------------------------------------------------------------------
1 0 T GigabitEthernet1/0/1 GigabitEthernet1/0/2 Yes
Domain Index : 2
Control VLAN : major 20 sub 21
Hello Timer : 3 sec(default is 1 sec) Fail Timer : 10 sec(default is 3 sec)
Ring Ring Node Primary Secondary/Edge Is
ID Level Mode Port Port Enabled
---------------------------------------------------------------------------
2 0 T GigabitEthernet2/0/1 GigabitEthernet2/0/2 Yes
You can view that RRPP is enabled on RouterC. In domain 1, VLAN 10 is the major control
VLAN, VLAN 11 is the sub-control VLAN, and RouterC is the transit node in major ring 1
with the primary interface and secondary interface respectively as GigabitEthernet 1/0/1 and
GigabitEthernet 1/0/2.
VLAN 20 is the major control VLAN of RouterC in domain 2, VLAN 21 is the sub-control
VLAN, and RouterC is the transit node in major ring 2 with the primary interface and
secondary interface respectively as GigabitEthernet 2/0/1 and GigabitEthernet 2/0/2.
l On RouterC, run the display rrpp verbose domain command. The following results are
displayed.
# View detailed information about RouterC in domain 1.
[RouterC] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 10 sub 11
Hello Timer : 2 sec(default is 1 sec) Fail Timer : 7 sec(default is 3 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : Linkup
Is Enabled : Enable Is Active : Yes
Primary port : GigabitEthernet1/0/1 Port status: UP
Secondary port: GigabitEthernet1/0/2 Port status: UP
----End
Configuration Files
l Configuration file of RouterA
#
sysname RouterA
#
rrpp enable
#
rrpp domain 2
control-vlan 20
timer hello-timer 3 fail-timer 10
ring 2 node-mode master primary-port GigabitEthernet 2/0/1 secondary-port
GigabitEthernet 2/0/2 level 0
ring 2 enable
#
interface GigabitEthernet2/0/1
undo shutdown
portswitch
port trunk allow-pass vlan 10 to 11
stp disable
#
interface GigabitEthernet2/0/2
undo shutdown
portswitch
port trunk allow-pass vlan 10 to 11
stp disable
#
sysname RouterB
#
rrpp enable
#
rrpp domain 2
control-vlan 20
timer hello-timer 3 fail-timer 10
ring 2 node-mode transit primary-port GigabitEthernet 2/0/1 secondary-port
GigabitEthernet 2/0/2 level 0
ring 2 enable
#
interface GigabitEthernet2/0/1
undo shutdown
portswitch
port trunk allow-pass vlan 20 to 21
stp disable
#
interface GigabitEthernet2/0/2
undo shutdown
portswitch
port trunk allow-pass vlan 20 to 21
stp disable
#
return
#
on RRPP rings updates its dynamic MAC address table. This ensures that the traffic between
master/backup NPEs and PE-AGG nodes is not interrupted.
Networking Requirements
As shown in Figure 9-9:
l NPE A and NPE B balance the load of services of VLAN 1 to VLAN 200 through VRRP
load balancing.
– The NPE A works as the master device to process the services of VLAN 1 to VLAN
100, and the backup device for the traffic on VLAN 101 to VLAN 200.
– The NPE B works as the master device to process the services of VLAN 101 to VLAN
200, and the backup device for the traffic on VLAN 1 to VLAN 100.
l BFD session is created between NPE A and NPE B for VRRP fast switchover.
l BFD session is created between NPE and PE-AGG for detecting the connectivity. The PE-
AGG is associated with (sub-) interface to notify and apply the detection results.
l Configure a monitoring interface on the PE-AGG to support the MAC address table update
on all the nodes of RRPP ring with NPE switchover.
Configuration Roadmap
The configuration roadmap is as follows:
b. Configure the UPE C, UPE D, PE-AGG A, and PE-AGG B as the sub-ring 2 of Domain
1.
c. Configure UPE A as the master node of the major ring. Configure the UPE B, PE-
AGG A, and PE-AGG B as the transit node of the major ring. GE 1/0/0 on nodes of
the major ring is the primary port and GE 2/0/0 is the secondary port.
d. Configure UPE C as the master node of the sub-ring and UPE D as the transit node
of the sub-ring. PE-AGG A is the edge node of the sub-ring and PE-AGG B is the
assistant edge node of the sub-ring. GE 1/0/0 on nodes of the sub-ring is the primary
port and GE 2/0/0 is the secondary port.
2. Configure BFD.
a. Create the one-hop BFD session between NPE A and NPE B. The BFD detects the
interface where the VRRR locates and notifies the result to VRRP, assistant in VRRP
switchover.
b. Create the one-hop BFD session between NPE A and PE-AGG A. Apply default
multicast IP address as the peer IP address. Configure the status of BFD to be
associated with the status of the interface for fast notifying the detection.
c. Create the one-hop BFD session between NPE B and PE-AGG B. Apply default
multicast IP address as the peer IP address. Configure the status of BFD to be
associated with the status of the interface for fast notifying the detection.
3. Establish VRRP backup group 201 between NPE A and NPE B to monitor the status of the
BFD sessions.
4. Configure GE 1/0/1 on PE-AGG A and GE 1/0/1 on PE-AGG B as the monitoring interface.
Data Preparation
Before configuring, you need the following data:
NOTICE
Multiple BFDs provide failure checking for the RRPP ring switching between two NPEs. When
failure occurs, BFDs can detect in a specific order. For example, when failure occurs between
NPE and PE-AGG, the BFDs between the two must detect the failure first and the BFDs between
NPEs must detect the failure later. Otherwise, the NPE may locate the failure at another NPE.
So, the cycle of BFD session between NPEs must be longer than that between NPE and PE-
AGG.
You can adjust the minimal sending interval or detection time coefficient.
Procedure
Step 1 Configure UPE A as the master node on the major ring.
# Configure Domain 1 on UPE A and set VLAN 201 to be the major control VLAN.
[UPE A] rrpp enable
[UPE A] rrpp domain 1
[UPE A-rrpp-domain-region1] control-vlan 201
[UPE A-rrpp-domain-region1] quit
# Disable that STP on the interface of RRPP ring, and configure the VLAN of whose frames
that the RRPP port allows to pass through.
[UPE A] interface gigabitethernet1/0/0
[UPE A-GigabitEthernet1/0/0] undo shutdown
[UPE A-GigabitEthernet1/0/0] port link-type trunk
[UPE A-GigabitEthernet1/0/0] port trunk allow-pass vlan 101 to 200
[UPE A-GigabitEthernet1/0/0] stp disable
[UPE A-GigabitEthernet1/0/0] quit
[UPE A] interface gigabitethernet2/0/0
[UPE A-GigabitEthernet2/0/0] undo shutdown
[UPE A-GigabitEthernet2/0/0] port link-type trunk
[UPE A-GigabitEthernet2/0/0] port trunk allow-pass vlan 101 to 200
[UPE A-GigabitEthernet2/0/0] stp disable
[UPE A-GigabitEthernet2/0/0] quit
# Configure GE 1/0/0 as the primary port, GE 2/0/0 as the secondary port. Level 0 indicates the
major ring.
[UPE A] rrpp domain 1
[UPE A-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet
1/0/0 secondary-port gigabitethernet 2/0/0 level 0
[UPE A-rrpp-domain-region1] ring 1 enable
[UPE A-rrpp-domain-region1] quit
# Configure Domain 1 on UPE B and set VLAN 201 to be the major control VLAN.
[UPE B] rrpp enable
[UPE B] rrpp domain 1
[UPE B-rrpp-domain-region1] control-vlan 201
[UPE B-rrpp-domain-region1] quit
# Disable that STP on the interface of RRPP ring, and configure the VLAN of whose frames
that the RRPP port allows to pass through.
[UPE B] interface gigabitethernet1/0/0
[UPE B-GigabitEthernet1/0/0] undo shutdown
[UPE B-GigabitEthernet1/0/0] port link-type trunk
[UPE B-GigabitEthernet1/0/0] port trunk allow-pass vlan 101 to 200
[UPE B-GigabitEthernet1/0/0] stp disable
[UPE B-GigabitEthernet1/0/0] quit
[UPE B] interface gigabitethernet2/0/0
[UPE B-GigabitEthernet2/0/0] undo shutdown
[UPE B-GigabitEthernet2/0/0] port link-type trunk
[UPE B-GigabitEthernet2/0/0] port trunk allow-pass vlan 101 to 200
[UPE B-GigabitEthernet2/0/0] stp disable
[UPE B-GigabitEthernet2/0/0] quit
# Configure GE 1/0/0 as the primary port, and GE 2/0/0 as the secondary port. Level 0 indicates
the major ring.
[UPE B] rrpp domain 1
[UPE B-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet
1/0/0 secondary-port gigabitethernet 2/0/0 level 0
[UPE B-rrpp-domain-region1] ring 1 enable
[UPE B-rrpp-domain-region1] quit
# Configure Domain 1 on UPE C and set VLAN 201 to be the major control VLAN.
[UPE C] rrpp enable
[UPE C] rrpp domain 1
[UPE C-rrpp-domain-region1] control-vlan 201
[UPE C-rrpp-domain-region1] quit
# Disable that STP on the interface of RRPP ring, and configure the VLAN of whose frames
that the RRPP port allows to pass through.
[UPE C] interface gigabitethernet1/0/0
[UPE C-GigabitEthernet1/0/0] undo shutdown
[UPE C-GigabitEthernet1/0/0] port link-type trunk
[UPE C-GigabitEthernet1/0/0] port trunk allow-pass vlan 1 to 100
[UPE C-GigabitEthernet1/0/0] stp disable
[UPE C-GigabitEthernet1/0/0] quit
[UPE C] interface gigabitethernet2/0/0
[UPE C-GigabitEthernet2/0/0] undo shutdown
[UPE C-GigabitEthernet2/0/0] port link-type trunk
[UPE C-GigabitEthernet2/0/0] port trunk allow-pass vlan 1 to 100
[UPE C-GigabitEthernet2/0/0] stp disable
[UPE C-GigabitEthernet2/0/0] quit
# Configure GE 1/0/0 as the primary port, GE 2/0/0 as the secondary port. Level 1 indicates the
sub-ring.
[UPE C] rrpp domain 1
# Configure Domain 1 on UPE D and set VLAN 201 to be the major control VLAN.
[UPE D] rrpp enable
[UPE D] rrpp domain 1
[UPE D-rrpp-domain-region1] control-vlan 201
[UPE D-rrpp-domain-region1] quit
# Disable that STP on the interface of RRPP ring, and configure the VLAN of whose frames
that the RRPP port allows to pass though.
[UPE D] interface gigabitethernet1/0/0
[UPE D-GigabitEthernet1/0/0] undo shutdown
[UPE D-GigabitEthernet1/0/0] port link-type trunk
[UPE D-GigabitEthernet1/0/0] port trunk allow-pass vlan 1 to 100
[UPE D-GigabitEthernet1/0/0] stp disable
[UPE D-GigabitEthernet1/0/0] quit
[UPE D] interface gigabitethernet2/0/0
[UPE D-GigabitEthernet2/0/0] undo shutdown
[UPE D-GigabitEthernet2/0/0] port link-type trunk
[UPE D-GigabitEthernet2/0/0] port trunk allow-pass vlan 1 to 100
[UPE D-GigabitEthernet2/0/0] stp disable
[UPE D-GigabitEthernet2/0/0] quit
# Configure GE 1/0/0 as the primary port, GE 2/0/0 as the secondary port. Level 1 indicates the
sub-ring.
[UPE D] rrpp domain 1
[UPE D-rrpp-domain-region1] ring 2 node-mode transit primary-port gigabitethernet
1/0/0 secondary-port gigabitethernet 2/0/0 level 1
[UPE D-rrpp-domain-region1] ring 2 enable
[UPE D-rrpp-domain-region1] quit
Step 5 Configure PE-AGG A as the main transit node on the major ring and the edge node on the sub-
ring.
# Create data VLAN 1 to VLAN 200 on PE-AGG A.
<HUAWEI> system-view
[HUAWEI] sysname PE-AGG A
[PE-AGG A] vlan batch 1 to 200
# Configure Domain 1 on PE-AGG A and set VLAN 201 to be the major control VLAN.
[PE-AGG A] rrpp enable
[PE-AGG A] rrpp domain 1
[PE-AGG A-rrpp-domain-region1] control-vlan 201
[PE-AGG A-rrpp-domain-region1] quit
# Disable that STP on the interface of RRPP ring, and configure the VLAN of whose frames
that the RRPP port allows to pass through.
[PE-AGG A] interface gigabitethernet1/0/0
[PE-AGG A-GigabitEthernet1/0/0] undo shutdown
[PE-AGG A-GigabitEthernet1/0/0] portswitch
# Configure GE 1/0/0 as the primary port, GE 2/0/0 as the secondary port on the major ring.
Level 0 indicates the major ring.
[PE-AGG A] rrpp domain 1
[PE-AGG A-rrpp-domain-region1] ring 1 node-mode transit primary-port
gigabitethernet 1/0/0 secondary-port gigabitethernet 2/0/0 level 0
[PE-AGG A-rrpp-domain-region1] ring 1 enable
[PE-AGG A-rrpp-domain-region1] quit
# Configure the edge node GE 1/0/0 on RRPP sub-ring as common port and GE 3/0/0 as edge
port.
[PE-AGG A] rrpp domain 1
[PE-AGG A-rrpp-domain-region1] ring 2 node-mode edge common-port gigabitethernet
1/0/0 edge-port gigabitethernet 3/0/0
[PE-AGG A-rrpp-domain-region1] ring 2 enable
[PE-AGG A-rrpp-domain-region1] quit
Step 6 Configure PE-AGG B as the main transit node on the major ring and the assistant edge node on
the sub-ring.
# Create data VLAN 1 to VLAN 200 on PE-AGG B.
<HUAWEI> system-view
[HUAWEI] sysname PE-AGG B
[PE-AGG B] vlan batch 1 to 200
# Configure Domain 1 on PE-AGG B and set VLAN 201 to be the major control VLAN.
[PE-AGG B] rrpp enable
[PE-AGG B] rrpp domain 1
[PE-AGG B-rrpp-domain-region1] control-vlan 201
[PE-AGG B-rrpp-domain-region1] quit
# Disable that STP on the interface of RRPP ring, and configure the VLAN of whose frames
that the RRPP port allows to pass through.
[PE-AGG B] interface gigabitethernet1/0/0
[PE-AGG B-GigabitEthernet1/0/0] undo shutdown
[PE-AGG B-GigabitEthernet1/0/0] portswitch
[PE-AGG B-GigabitEthernet1/0/0] port link-type trunk
[PE-AGG B-GigabitEthernet1/0/0] port trunk allow-pass vlan 1 to 200
[PE-AGG B-GigabitEthernet1/0/0] stp disable
[PE-AGG B-GigabitEthernet1/0/0] quit
[PE-AGG B] interface gigabitethernet2/0/0
[PE-AGG B-GigabitEthernet2/0/0] undo shutdown
[PE-AGG B-GigabitEthernet2/0/0] portswitch
[PE-AGG B-GigabitEthernet2/0/0] port link-type trunk
# Configure GE 1/0/0 as the primary transit port, GE 2/0/0 as the secondary port on the RRPP
major ring. Level 0 indicates the major ring.
[PE-AGG B] rrpp domain 1
[PE-AGG B-rrpp-domain-region1] ring 1 node-mode transit primary-port
gigabitethernet 1/0/0 secondary-port gigabitethernet 2/0/0 level 0
[PE-AGG B-rrpp-domain-region1] ring 1 enable
[PE-AGG B-rrpp-domain-region1] quit
# Configure the assistant edge node GE 1/0/0 on RRPP sub-ring as common port and GE 3/0/0
as edge port.
[PE-AGG B] rrpp domain 1
[PE-AGG B-rrpp-domain-region1] ring 2 node-mode assistant-edge common-port
gigabitethernet 1/0/0 edge-port gigabitethernet 3/0/0
[PE-AGG B-rrpp-domain-region1] ring 2 enable
[PE-AGG B-rrpp-domain-region1] quit
# Configure the interface bound with VRRP on NPE A, that is, GigabitEthernet1/0/0.
[NPE A] interface gigabitethernet1/0/0.1
[NPE A-GigabitEthernet1/0/0.1] vlan-type dot1q 200
[NPE A-GigabitEthernet1/0/0.1] ip address 10.1.1.1 255.255.255.0
[NPE A-GigabitEthernet1/0/0.1] vrrp vrid 201 virtual-ip 10.1.1.10
[NPE A-GigabitEthernet1/0/0.1] vrrp vrid 201 priority 200
[NPE A-GigabitEthernet1/0/0.1] quit
# Configure the interface bound with VRRP on NPE B, that is, GigabitEthernet1/0/0.
[NPE B] interface gigabitethernet1/0/0.1
[NPE B-GigabitEthernet1/0/0.1] vlan-type dot1q 200
[NPE B-GigabitEthernet1/0/0.1] ip address 10.1.1.2 255.255.255.0
[NPE B-GigabitEthernet1/0/0.1] vrrp vrid 201 virtual-ip 10.1.1.10
[NPE B-GigabitEthernet1/0/0.1] vrrp vrid 201 priority 200
[NPE B-GigabitEthernet1/0/0.1] quit
BFD-Session State : UP
[NPE B] display vrrp
GigabitEthernet1/0/0.1 | Virtual Router 201
state : Backup
Virtual IP : 10.1.1.10
Master IP : 10.1.1.2
PriorityRun : 200
PriorityConfig : 200
MasterPriority : 200
Preempt : YES Delay Time : 0
Timer : 1
Auth Type : NONE
Virtual Mac : 0000-5e00-01c9
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Track BFD : 333 Priority increased : 30
BFD-Session State : UP
# Configure a BFD session bfd1 (device-bfd) between NPE A and NPE B. 10.1.1.1 is the IP
address of NPE A and 10.1.1.2 is the IP address of NPE B. Increase the detection period by
adjusting the detection time multiplier that is set to 5 (by default, it is set to 3).
[NPE A] bfd
[NPE A-bfd] quit
[NPE A] bfd bfd1 bind peer-ip 10.1.1.2
[NPE A-bfd-session-bfd1] discriminator local 888
[NPE A-bfd-session-bfd1] discriminator remote 333
[NPE A-bfd-session-bfd1] detect-multiplier 5
[NPE A-bfd-session-bfd1] commit
[NPE A-bfd-session-bfd1] quit
[NPE B] bfd
[NPE B-bfd] quit
[NPE B] bfd bfd1 bind peer-ip 10.1.1.1
[NPE B-bfd-session-bfd1] discriminator local 333
[NPE B-bfd-session-bfd1] discriminator remote 888
[NPE B-bfd-session-bfd1] detect-multiplier 5
[NPE B-bfd-session-bfd1] commit
[NPE B-bfd-session-bfd1] quit
# Configure a BFD session bfd2 (link-bfd) between NPE A and PE-AGG A. The default
multicast IP address is used as the peer IP address. The detection time multiplier adopts the
default value 3 to ensure that BFD session bfd2 can detect faults faster than BFD session bfd1
between NPE A and NPE B.
[NPE A] interface gigabitethernet1/0/0
[NPE A-GigabitEthernet1/0/0] undo shutdown
[NPE A-GigabitEthernet1/0/0] portswitch
[NPE A-GigabitEthernet1/0/0] quit
[NPE A] bfd
[NPE A-bfd] default-ip-address 224.0.0.108
[NPE A-bfd] quit
[NPE A] bfd bfd2 bind peer-ip default-ip interface gigabitethernet1/0/0
[NPE A-bfd-session-bfd2] discriminator local 111
[NPE A-bfd-session-bfd2] discriminator remote 222
[NPE A-bfd-session-bfd2] commit
[NPE A-bfd-session-bfd2] quit
[PE-AGG A] bfd
[PE-AGG A-bfd] default-ip-address 224.0.0.108
[PE-AGG A-bfd] quit
[PE-AGG A] bfd bfd2 bind peer-ip default-ip interface gigabitethernet1/0/1
[PE-AGG A-bfd-session-bfd2] discriminator local 222
[PE-AGG A-bfd-session-bfd2] discriminator remote 111
[PE-AGG A-bfd-session-bfd2] commit
# After the status of the BFD session becomes Up, associate the status of the BFD session with
the interface status.
[PE-AGG A-bfd-session-bfd2] process-interface-status
[PE-AGG A-bfd-session-bfd2] commit
[PE-AGG A-bfd-session-bfd2] quit
# Configure a BFD session bfd2 (link-bfd) between NPE B and PE-AGG B. The default multicast
IP address is used as the peer IP address. The detection time multiplier adopts the default value
3 to ensure that BFD session bfd2 can detect faults faster than BFD session bfd1 between NPE
A and NPE B.
[NPE B] interface gigabitethernet1/0/0
[NPE B-GigabitEthernet1/0/0] undo shutdown
[NPE B-GigabitEthernet1/0/0] portswitch
[NPE B-GigabitEthernet1/0/0] quit
[NPE B] bfd
[NPE B-bfd] default-ip-address 224.0.0.109
[NPE B-bfd] quit
[NPE B] bfd bfd2 bind peer-ip default-ip interface gigabitethernet1/0/0
[NPE B-bfd-session-bfd2] discriminator local 555
[NPE B-bfd-session-bfd2] discriminator remote 666
[NPE B-bfd-session-bfd2] commit
[NPE B-bfd-session-bfd2] quit
[PE-AGG B] bfd
[PE-AGG B-bfd] default-ip-address 224.0.0.109
[PE-AGG B-bfd] quit
[PE-AGG B] bfd bfd2 bind peer-ip default-ip interface gigabitethernet1/0/1
[PE-AGG B-bfd-session-bfd2] discriminator local 666
[PE-AGG B-bfd-session-bfd2] discriminator remote 555
[PE-AGG B-bfd-session-bfd2] commit
# After the status of the BFD session becomes Up, associate the status of the BFD session with
the interface status.
[PE-AGG B-bfd-session-bfd2] process-interface-status
[PE-AGG B-bfd-session-bfd2] commit
[PE-AGG B-bfd-session-bfd2] quit
--------------------------------------------------------------------------------
Local Discriminator : 222 Remote Discriminator : 111
Session Detect Mode : --
BFD Bind Type : Interface(GigabitEthernet1/0/1)
Bind Session Type : Static
Bind Peer Ip Address : 224.0.0.108
Bind Interface : GigabitEthernet1/0/1
FSM Board Id : 1 TOS-EXP : 6
Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000
Actual Tx Interval (ms): 1000 Actual Rx Interval (ms): 1000
Local Detect Multi : 3 Detect Interval (ms) : 3000
WTR Interval (ms) : -- Process PST : Disable
Proc interface status : Enable
Last Local Diagnostic : No Diagnostic
Bind Application : IFNET
Session TX TmrID : -- Session Detect TmrID : --
Session Init TmrID : -- Session WTR TmrID : --
PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0
Session Description : --
--------------------------------------------------------------------------------
Step 9 Configure GE 1/0/1 on PE-AGG A as the monitoring interface. Ring ID 1 indicates the major
ring and ID 2 is for the sub-ring.
[PE-AGG A] interface gigabitethernet1/0/1
[PE-AGG A-GigabitEthernet1/0/1] undo shutdown
[PE-AGG A-GigabitEthernet1/0/1] portswitch
[PE-AGG A-GigabitEthernet1/0/1] port link-type trunk
[PE-AGG A-GigabitEthernet1/0/1] port trunk allow-pass vlan 1 to 200
[PE-AGG A-GigabitEthernet1/0/1] quit
[PE-AGG A] rrpp domain 1
[PE-AGG A-rrpp-domain-region1] ring 1 track interface gigabitethernet1/0/1
[PE-AGG A-rrpp-domain-region1] ring 2 track interface gigabitethernet1/0/1
[PE-AGG A-rrpp-domain-region1] quit
Step 10 Configure GE 1/0/1 on PE-AGG B as the monitoring interface. Ring ID 1 indicates the major
ring and ID 2 is for the sub-ring.
[PE-AGG B] interface gigabitethernet1/0/1
[PE-AGG B-GigabitEthernet1/0/1] undo shutdown
[PE-AGG B-GigabitEthernet1/0/1] portswitch
[PE-AGG B-GigabitEthernet1/0/1] port link-type trunk
[PE-AGG B-GigabitEthernet1/0/1] port trunk allow-pass vlan 1 to 200
[PE-AGG B-GigabitEthernet1/0/1] quit
[PE-AGG B] rrpp domain 1
[PE-AGG B-rrpp-domain-region1] ring 1 track interface gigabitethernet1/0/1
[PE-AGG B-rrpp-domain-region1] ring 2 track interface gigabitethernet1/0/1
[PE-AGG B-rrpp-domain-region1] quit
You can run the following commands to verify the previous configuration.
l On PE-AGG A, run the display rrpp brief command. The configurations are displayed as
follows:
[PE-AGG A] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
RRPP Protocol Status: Enable
Number of RRPP Domains: 1
Domain Index : 1
Control VLAN : major 201 sub 202
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec)
Ring Ring Node Primary/Common Secondary/Edge
Is
ID Level Mode Port Port
Enabled
-------------------------------------------------------------------------------
--
1 0 T GigabitEthernet1/0/0 GigabitEthernet2/0/0
Yes
2 1 E GigabitEthernet1/0/0 GigabitEthernet3/0/0
Yes
You can view that RRPP is enabled on PE-AGG A. The major control VLAN ID is 201 and
the sub control VLAN ID is 202. PE-AGG A is the transit node on the major ring 1, with the
primary interface and secondary interface respectively as GigabitEthernet 1/0/0 and
GigabitEthernet 2/0/0 respectively.
In addition, PE-AGG A is the edge node on sub-ring 2, the common port is GigabitEthernet
1/0/0, and the edge port is GigabitEthernet3/0/0.
l On PE-AGG A, run the display rrpp verbose domain command. The configurations are
displayed as follows:
[PE-AGG A] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 201 sub 202
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : Linkup
Is Enabled : Enable Is Active : Yes
Primary port : GigabitEthernet1/0/0 Port status: UP
Secondary port: GigabitEthernet2/0/0 Port status: UP
Track interface: GigabitEthernet1/0/1
RRPP Ring : 2
Ring Level : 1
Node Mode : Edge
Ring State : Linkup
Is Enabled : Disable Is Active : No
Common port : GigabitEthernet1/0/0 Port status: UP
Edge port : GigabitEthernet3/0/0 Port status: UP
Track interface: GigabitEthernet1/0/1
You can view that the GE 1/0/1 on PE-AGG A serves as the monitoring interface for the
major ring and the sub-ring at the same time.
l On PE-AGG B, run the display rrpp brief command. The configurations are displayed as
follows:
[PE-AGG B] display rrpp brief
Abbreviations for Switch Node Mode :
M - Master , T - Transit , E - Edge , A - Assistant-Edge
RRPP Protocol Status: Enable
Number of RRPP Domains: 1
Domain Index : 1
Control VLAN : major 201 sub 202
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec)
Ring Ring Node Primary Secondary/Edge
Is
ID Level Mode Port Port
Enabled
-------------------------------------------------------------------------------
--
1 0 T GigabitEthernet1/0/0 GigabitEthernet2/0/0
Yes
2 1 A GigabitEthernet1/0/0 GigabitEthernet3/0/0
Yes
You can view that RRPP is enabled on PE-AGG B. The major control VLAN ID is 201 and
the sub control VLAN ID is 202. PE-AGG B is the transit node on the major ring 1, with the
primary interface and secondary interface respectively as GigabitEthernet 1/0/0 and
GigabitEthernet 2/0/0 respectively.In addition, PE-AGG B is the assistant edge node on sub-
ring 2, the common port is GigabitEthernet 1/0/0, and the edge port is GigabitEthernet 3/0/0.
l On PE-AGG B, run the display rrpp verbose domain command. The configurations are
displayed as follows:
[PE-AGG B] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 201 sub 202
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Transit
Ring State : Linkup
Is Enabled : Enable Is Active : Yes
Primary port : GigabitEthernet1/0/0 Port status: UP
Secondary port: GigabitEthernet2/0/0 Port status: UP
Track interface: GigabitEthernet1/0/1
RRPP Ring : 2
Ring Level : 1
Node Mode : Assistant-edge
Ring State : Linkup
Is Enabled : Enable Is Active : Yes
Common port : GigabitEthernet1/0/0 Port status: UP
Edge port : GigabitEthernet3/0/0 Port status: UP
Track interface: GigabitEthernet1/0/1
You can view that the GE 1/0/1 on PE-AGG B serves as the monitoring interface for the
major ring and the sub-ring at the same time.
----End
Configuration Files
l Configuration file of NPE A
#
sysname NPE A
#
bfd
default-ip-address 224.0.0.108
#
interface GigabitEthernet1/0/0
portswitch
undo shutdown
#
interface GigabitEthernet1/0/0.1
vlan-type dot1q 200
ip address 10.1.1.1 255.255.255.0
vrrp vrid 201 virtual-ip 10.1.1.10
vrrp vrid 201 priority 200
vrrp vrid 201 track bfd-session 888 peer
vrrp vrid 201 track bfd-session 111 link
#
bfd bfd1 bind peer-ip 10.1.1.2
discriminator local 888
discriminator remote 333
detect-multiplier 5
commit
#
bfd bfd2 bind peer-ip default-ip interface GigabitEthernet1/0/0
discriminator local 111
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 1 to 200
#
interface GigabitEthernet2/0/0
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 101 to 202
stp disable
#
interface GigabitEthernet3/0/0
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 1 to 100 202
stp disable
#
bfd bfd2 bind peer-ip default-ip interface GigabitEthernet1/0/1
discriminator local 222
discriminator remote 111
process-interface-status
commit
#
return
#
interface GigabitEthernet3/0/0
undo shutdown
portswitch
port link-type trunk
port trunk allow-pass vlan 1 to 100 202
stp disable
#
bfd bfd2 bind peer-ip default-ip interface GigabitEthernet1/0/1
discriminator local 666
discriminator remote 555
process-interface-status
commit
#
return
in the RRPP ring status, and upgrade the forwarding entries to ensure that traffic is switched to
a congestion-free path.
Networking Requirements
As shown in Figure 9-10, UPE A, UPE B, NPE D, and NPE E comprise an RRPP ring. This
RRPP ring transmits data of VLANs 1 to 10 and the control VLAN is VLAN 20. NPE D and
NPE E transmit data packets of VLANs 1 to 10 through their respective sub-interfaces GE 2/0/0.1
to GE 2/0/0.10. In addition, sub-interfaces GE 2/0/0.1 to GE 2/0/0.10 are bound to virtual switch
instances (VSIs) 1 to 10 respectively.
UPE A is the master node, UPE B is a transit node, the RRPP ring accesses the virtual private
LAN service (VPLS) network through GE 2/0/0.20 of UPE D, and GE 2/0/0.20 of NPE E.
Enable the RRPP snooping on respective sub-interfaces GE 2/0/0.20 of NPE D and NPE E and
associate the sub-interfaces with other VSIs on the local device. In this manner, when a fault
occurs on the RRPP ring, NPEs in the VPLS network can synchronously clear the MAC address
table of the VSIs on the local node.
NPE C
PW PW
VPLS
NPE D
PW NPE E
GE2/0/0.1 binding VSI 1 GE2/0/0.1 binding VSI 1
GE2/0/0.2 binding
.. VSI 2 GE2/0/0.2 binding VSI 2
..
. .
GE2/0/0.10 binding VSI 10 GE2/0/0.10 binding VSI 10
RRPP ring
GE2/0/0.20 binding VSI 20 GE2/0/0.20 binding VSI 20
Control VLAN:20
GE2/0/0 GE2/0/0
UPE A GE1/0/0 GE1/0/0 UPE B
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a VPLS
2. Create an RRPP domain and its control VLAN.
3. Disable the STP function on the interfaces to be added to the RRPP ring.
4. Create an RRPP ring.
5. Enable RRPP.
Data Preparation
To complete the configuration, you need the following data:
l Number of the sub-interfaces to be enabled with the RRPP snooping on NPE D and NPE
E
l Names of the VSIs associated with the sub-interfaces enabled with the RRPP snooping
l Control VLAN ID and data VLAN ID of the RRPP ring
l Names of the VSIs to be associated with the sub-interfaces enabled with the RRPP snooping
on NPE D and NPE E
Procedure
Step 1 Configure a VPLS
NOTE
This example describes only the configuration of the sub-interfaces through which NPE D and NPE E are
connected to the RRPP ring. For the configuration of the sub-interfaces between NPEs in a VPLS network,
refer to the HUAWEI NetEngine80E/40E Router Configuration Guide - VPN.
l Configure NPE D.
# Create VLANs 1 to 10 and VLAN 20 on NPE D.
<HUAWEI> system-view
[HUAWEI] sysname NPE D
[NPE D] vlan batch 1 to 10 20
# Configure GE 2/0/0.1 of NPE D to allow the packets of VLAN 1 to pass through and bind
GE 2/0/0.1 to VSI 1.
[NPE D] interface gigabitethernet2/0/0.1
[NPE D-GigabitEthernet2/0/0.1] vlan-type dot1q 1
[NPE D-GigabitEthernet2/0/0.1] l2 binding vsi VSI1
[NPE D-GigabitEthernet2/0/0.1] undo shutdown
[NPE D-GigabitEthernet2/0/0.1] quit
# Configure GE 2/0/0.2 of NPE D to allow the packets of VLAN 2 to pass through and bind
GE 2/0/0.2 to VSI 2.
[NPE D] interface gigabitethernet2/0/0.2
[NPE D-GigabitEthernet2/0/0.2] vlan-type dot1q 2
[NPE D-GigabitEthernet2/0/0.2] l2 binding vsi VSI2
[NPE D-GigabitEthernet2/0/0.2] undo shutdown
[NPE D-GigabitEthernet2/0/0.2] quit
l Configure NPE E.
# Configure GE 2/0/0.1 of NPE E to allow the packets of VLAN 1 to pass through and bind
GE 2/0/0.1 to VSI 1.
[NPE E] interface gigabitethernet2/0/0.1
[NPE E-GigabitEthernet2/0/0.1] vlan-type dot1q 1
[NPE E-GigabitEthernet2/0/0.1] l2 binding vsi VSI1
[NPE E-GigabitEthernet2/0/0.1] undo shutdown
[NPE E-GigabitEthernet2/0/0.1] quit
# Configure GE 2/0/0.2 of NPE E to allow the packets of VLAN 2 to pass through and bind
GE 2/0/0.2 to VSI 2.
[NPE E] interface gigabitethernet2/0/0.2
[NPE E-GigabitEthernet2/0/0.2] vlan-type dot1q 2
[NPE E-GigabitEthernet2/0/0.2] l2 binding vsi VSI2
[NPE E-GigabitEthernet2/0/0.2] undo shutdown
[NPE E-GigabitEthernet2/0/0.2] quit
The configurations of sub-interfaces GE 2/0/0.3 to GE 2/0/0.10 are the same as those of sub-
interfaces GE 2/0/0.1 to GE 2/0/0.2. For configuration details, see "Configuration Files" in
this section.
# Configure GE 2/0/0.20 of NPE E to allow the packets of VLAN 20 (the control VLAN of
RRPP) to pass through and bind GE 2/0/0.20 to VSI 20.
[NPE E] interface gigabitethernet2/0/0.20
[NPE E-GigabitEthernet2/0/0.20] vlan-type dot1q 20
[NPE E-GigabitEthernet2/0/0.20] l2 binding vsi VSI20
[NPE E-GigabitEthernet2/0/0.20] undo shutdown
[NPE E-GigabitEthernet2/0/0.20] quit
# Configure the domain of UPE A, the master node of ring 1, to be 1, and the ID of the control
VLAN to be 20.
[UPE A] rrpp domain 1
[UPE A-rrpp-domain-region1] control-vlan 20
[UPE A-rrpp-domain-region1] quit
# Configure the domain of UPE B, a transit node of ring 1, to be 1, and the ID of the control
VLAN to be 20.
[UPE B] rrpp domain 1
[UPE B-rrpp-domain-region1] control-vlan 20
[UPE B-rrpp-domain-region1] quit
Step 3 Disable the STP function on the interfaces to be added to the RRPP ring.
# Disable the STP function on the interfaces to be added to the RRPP ring on UPE A.
[UPE A] interface gigabitethernet 1/0/0
[UPE A-GigabitEthernet1/0/0] undo shutdown
# Disable the STP function on the interfaces to be added to the RRPP ring on UPE B.
[UPE B] interface gigabitethernet 1/0/0
[UPE B-GigabitEthernet1/0/0] undo shutdown
[UPE B-GigabitEthernet1/0/0] port link-type trunk
[UPE B-GigabitEthernet1/0/0] port trunk allow-pass vlan 1 to 10
[UPE B-GigabitEthernet1/0/0] stp disable
[UPE B-GigabitEthernet1/0/0] quit
[UPE B] interface gigabitethernet 2/0/0
[UPE B-GigabitEthernet2/0/0] portswitch
[UPE B-GigabitEthernet2/0/0] port link-type trunk
[UPE B-GigabitEthernet2/0/0] port trunk allow-pass vlan 1 to 10
[UPE B-GigabitEthernet2/0/0] stp disable
[UPE B-GigabitEthernet2/0/0] quit
# Configure UPE A as the master node of RRPP ring 1 and specify primary and secondary
interfaces.
[UPE A] rrpp domain 1
[UPE A-rrpp-domain-region1] ring 1 node-mode master primary-port gigabitethernet
1/0/0 secondary-port gigabitethernet 2/0/0 level 0
[UPE A-rrpp-domain-region1] ring 1 enable
[UPE A-rrpp-domain-region1] quit
# Configure UPE B as a transit node of RRPP ring 1 and specify primary and secondary
interfaces.
[UPE B] rrpp domain 1
[UPE B-rrpp-domain-region1] ring 1 node-mode transit primary-port gigabitethernet
1/0/0 secondary-port gigabitethernet 2/0/0 level 0
[UPE B-rrpp-domain-region1] ring 1 enable
[UPE B-rrpp-domain-region1] quit
# Configure VSI 2, VSI 5, and VSI 9, which are associated with GE 2/0/0.20 of NPE E.
[NPE E-GigabitEthernet2/0/0.20] rrpp snooping vsi VSI2
[NPE E-GigabitEthernet2/0/0.20] rrpp snooping vsi VSI5
[NPE E-GigabitEthernet2/0/0.20] rrpp snooping vsi VSI9
[NPE E-GigabitEthernet2/0/0.20] quit
You can view that RRPP is enabled on UPE A. In domain 1, VLAN 20 is the major control
VLAN, VLAN 21 is the sub-control VLAN, and UPE A is the master node in major ring 1
with the primary interface and secondary interface respectively as GE 1/0/0 and GE 2/0/0.
l On UPE A, run the display rrpp verbose domain command. The following results are
displayed.
# View detailed information about UPE A in domain 1.
[UPE A] display rrpp verbose domain 1
Domain Index : 1
Control VLAN : major 20 sub 21
Hello Timer : 1 sec(default is 1 sec) Fail Timer : 3 sec(default is 3 sec)
RRPP Ring : 1
Ring Level : 0
Node Mode : Master
Ring State : Complete
Is Enabled : Enable Is Active : Yes
Primary port : GigabitEthernet1/0/0 Port status: UP
Secondary port: GigabitEthernet2/0/0 Port status: BLOCKED
You can view that VSI 1 is associated with GE 2/0/0.20 and VLAN 20 is associated with GE
2/0/0.20.
# View information about other VSIs associated with GE 2/0/0.20 on NPE D.
[NPE D] display rrpp snooping vsi interface gigabitethernet2/0/0.20
Port VsiName
--------------------------------------------
GigabitEthernet2/0/0.20 VSI2
GigabitEthernet2/0/0.20 VSI5
GigabitEthernet2/0/0.20 VSI9
GigabitEthernet2/0/0.20 VSI20
You can view that GE 2/0/0.20 is associated with four VSIs, namely, VSI 2, VSI 5, VSI 9,
and VSI 20.
----End
Configuration Files
l Configuration file of UPE A
#
sysname UPE A
#
vlan batch 1 to 10 20 21
#
rrpp enable
#
rrpp domain 1
control-vlan 20
ring 1 node-mode master primary-port GigabitEthernet 1/0/0 secondary-port
GigabitEthernet 2/0/0 level 0
ring 1 enable
#
interface Gigabitethernet1/0/0
undo shutdown
port link-type trunk
port trunk allow-pass vlan 1 to 10
stp disable
#
interface Gigabitethernet2/0/0
undo shutdown
port link-type trunk
port trunk allow-pass vlan 1 to 10
stp disable
#
rrpp enable
#
Ethernet Ring Protection Switching (ERPS) is a standard protocol issued by the ITU-T to prevent
loops on ring networks. ERPS provides carrier-class relaibility with a fast convergence speed.
ERPS takes effect on a ring network if all routers on a ring network support it.
10.1 Introduction
ERPS is a protocol used to block specified ports to prevent loops at the link layer of an Ethernet
network.
10.1 Introduction
ERPS is a protocol used to block specified ports to prevent loops at the link layer of an Ethernet
network.
10.1.1 Overview
Ethernet Ring Protection Switching (ERPS), also called International Telecommunication
Union-Telecommunication Standardization Sector (ITU-T) G.8032, is designed to prevent
Layer 2 loops.
Background
Generally, redundant links are used on an Ethernet switching network to provide link backup
and enhance network reliability. The use of redundant links, however, may produce loops,
causing broadcast storms and rendering the MAC address table unstable. As a result, the
communication quality deteriorates, and communication services may even be interrupted. To
resolve these problems, ERPS can be used for loop avoidance purposes.
ERPS blocks the ring protection link (RPL) owner port to remove loops and unblocks it if a link
fault occurs on promptly restore communication.
ERPSv1 and ERPSv2 are currently available. ERPSv2, fully compatible with ERPSv1, provides
enhanced functions. Table 10-1 compares ERPSv1 and ERPSv2.
Ring type Supports single rings only. Supports single rings and multi-
rings. A multi-ring topology
comprises major rings and sub-
rings.
Port role Supports the ring protection link Supports the RPL owner port,
(RPL) owner port and ordinary RPL neighbor port, and ordinary
ports. ports.
Manual port blocking Not supported. Supports forced switch (FS) and
manual switch (MS).
Compared with other ring network protocols, ERPS provides a fast convergence speed and
allows communication between Huawei and non-Huawei devices. Table 10-2 compares various
ring network protocols.
Rapid Ring Protection Boasts fast convergence, l Supports only level-1 sub-
Protocol (RRPP) meeting carrier-class reliability ring in ring networking.
requirements. l Is a proprietary protocol that
cannot be used for
communication between
Huawei and non-Huawei
devices.
Introduction
Loops will cause broadcast storms, exhausting network resources and paralyzing the network.
Loops also cause flapping of the MAC address table and damages MAC address entries.
ERPS is a protocol defined by the ITU-T to block specified ports to prevent Layer 2 loops. ERPS
provides carrier-class reliability with a fast convergence speed.
Network
RouterE RouterF
RouterA RouterD
ERPS
RouterB RPL
RouterC
RPL Owner
User
network
Blocked Port
Basic Concepts
Figure 10-1 shows a typical ERPS single-ring network. The following part describes ERPS
based on this networking. ERPS concepts include the ERPS ring, node, port role, and port status.
l ERPS ring
An ERPS ring consists of interconnected routers that have the same control VLAN. A ring
is the basic ERPS unit.
ERPSv1 supports only major rings (closed). ERPSv2 supports both major rings and sub-
rings (open). By default, all ERPS rings are major rings. Major rings can be reconfigured
as sub-rings.
l Node
A node refers to a Router added to an ERPS ring. A node can have a maximum of two ports
added to the same ERPS ring.
l Port role
ERPS defines three port roles: RPL owner port, RPL neighbor port (only in ERPSv2), and
ordinary port. The link on which the RPL owner port resides is called the ring protection
link (RPL).
– RPL owner port
An RPL owner port is a ring port responsible for blocking traffic over the RPL to prevent
loops. An ERPS ring has only one RPL owner port.
When the node on which the RPL owner port resides receives an R-APS PDU indicating
that a link or node on the ring fails, it unblocks the RPL owner port to allow the port to
send and receive traffic. This mechanism ensures that traffic is not interrupted.
– RPL neighbor port
An RPL neighbor port is a ring port directly connected to an RPL owner port and helps
reduce the number of times filtering database (FDB) entries are refreshed.
RPL owner and neighbor ports are both blocked under normal conditions to prevent
loops.
If an ERPS ring fails, both RPL owner and neighbor ports are unblocked.
– Ordinary port
Ordinary ports are ring ports other than the RPL owner and neighbor ports.
An ordinary port monitors the status of the directly-connected ERPS link and sends R-
APS PDUs to inform the other ports if the link status changes.
l Port status
On an ERPS ring, an ERPS-enabled port can be in either of the following states:
– Forwarding: The port forwards user traffic and sends and receives R-APS PDUs.
– Discarding: The port only sends R-APS PDUs.
l Control VLAN
A control VLAN is configured for an ERPS ring to transmit R-APS PDUs.
Each ERPS ring must be configured with a control VLAN. After a port is added to an ERPS
ring that has a control VLAN configured, the port is added to the control VLAN
automatically.
Different ERPS rings cannot be configured with the same control VLAN ID.
Unlike control VLANs, data VLANs are used to transmit data packets.
l ERP instance
On a Router running ERPS, the VLAN in which R-APS PDUs and data packets are
transmitted must be mapped to an Ethernet Ring Protection (ERP) instance so that ERPS
forwards or blocks the VLAN packets based on blocking rules. Otherwise, VLAN packets
will probably cause broadcast storms on the ring network and render the network
unavailable.
owner port is blocked. After receiving this RAPS packet, the other nodes set their ports
on the ring to the Forwarding state.
– Hold-off timer
Protection switching sequence requirements vary for Layer 2 networks running ERPS.
For example, in a multi-layer service application, if a server fails, a period of time is
needed for the server to recover. No protection switching is performed immediately
after the server fails, and the client does not detect the failure in this period of time. A
hold-off timer can be set to meet this requirement. If a fault occurs, the fault is not
immediately reported to ERPS. Instead, the hold-off timer starts. If the fault persists
after the timer expires, the fault will be reported to ERPS.
– WTB timer
The WTB timer starts after an FS or MS operation is performed. When multiple nodes
on an ERPS ring are in the FS or MS state, the clear operation takes effect only after
the WTB timer expires so that the RPL owner port will not be blocked immediately.
The WTB timer value cannot be configured. Its value is the guard timer value plus 5.
l R-APS PDU transmission mode on sub-rings
ERPSv2 supports single and multi-ring topologies. In multi-ring topologies, sub-rings
either have R-APS virtual channels (VCs) or non-virtual channels (NVCs).
– With VCs: R-APS PDUs on sub-rings are transmitted to the major ring through
interconnection nodes. The RPL owner port of a sub-ring blocks both R-APS PDUs and
data traffic.
– With NVCs: R-APS PDUs on sub-rings are terminated on the interconnection nodes.
The RPL owner port blocks data traffic but not R-APS PDUs on each sub-ring.
On the network shown in Figure 10-2, a major ring is interconnected to two sub-rings. The
sub-ring on the left has a VC, whereas the sub-ring on the right has an NVC.
Major Ring
Sub-Ring Sub-Ring
with virtual without virtual
channel channel
Interconnection Node
By default, sub-rings use NVCs to transmit R-APS PDUs, except for the scenario shown
in Figure 10-3.
NOTE
When sub-ring links are not contiguous, VCs must be used. On the network shown in Figure 10-3,
links b and d belong to major rings 1 and 2, respectively; links a and c belong to the sub-ring. As
links a and c are not contiguous, they cannot detect the status change between each other, so VCs
must be used for R-APS PDU transmission.
Table 10-3 lists the advantages and disadvantages of R-APS PDU transmission modes on
sub-rings with VCs or NVCs.
Table 10-3 Comparison between R-APS PDU transmission modes on sub-rings with VCs
or NVCs
ERPS is a protocol defined by the ITU-T to block specified ports to prevent Layer 2 loops.
ERPSv1 and ERPSv2 are currently available. ERPSv2, compatible with ERPSv1, supports
multi-ring topologies and association with connectivity fault management (CFM), in addition
to ERPSv1 functions, such as single ring topologies and multi-instance.
Network
RouterF RouterG
RouterA RouterE
ERPS
RPL RouterD
RouterB
User
network
Blocked Interface
Data Flow
If a node or link on a sub-ring fails, ERPS triggers protection switching and unblocks the RPL
owner port and RPL neighbor port on the sub-ring. Then ERPS sends topology change
notification messages to the major ring through interconnection nodes so that the nodes on the
major ring perform an FDB flush. This mechanism ensures that traffic is not interrupted.
Network
RouterH RouterI
RouterA RouterE
Major Ring
RouterB
RPL RouterD
Sub-Ring1
RouterC Sub-Ring2
SwitchF SwitchG
PC1 PC2
RPL owner
Data Flow
ERPS Multi-instance
On a common ERPS network, a physical ring can be configured with a single ERPS ring, and a
single blocked port can be specified on the ring. If the ERPS ring is complete, the blocked port
prevents all user packets from passing through. As a result, all user packets travel through a
single path over the ERPS ring, and the other link on the blocked port becomes idle, causing
bandwidth wastes.
The ERPS multi-instance allows two logical ERPS rings on a physical ring. On the ERPS ring
shown in Figure 10-6, all routers, ports, and control VLANs work based on basic ERPS rules.
A physical ring has two blocked ports. Each blocked port verifies the completeness of the
physical ring and blocks or forwards data without affecting others.
One or two ERPS rings can be configured over a physical ring. Each ERPS ring is configured
with an ERP instance. Each ERP instance represents a range of VLANs. The topology calculated
for a specific ERPS ring does not apply to another ERPS ring and does not affect other rings.
With a specific ERP for each ERPS ring, a blocked port takes effect only on VLANs of a specific
ERPS ring. Different VLANs can use separate paths, implementing traffic load balancing and
link backup.
Network
RouterE RouterF
RouterC
RouterD
ERPS
RouterA
RouterB
P2
P1
User User
network1 network2
ERPS ring1
ERPS ring2
Blocked Port1
Blocked Port2
Data Flow1
Data Flow2
When a transmission device is connected to an ERPS ring and fails, ERPS, in absence of an
automatic link detection mechanism, cannot quickly detect the device failure. This issue will
make convergence slow or even cause service interruption in worse cases. To resolve this
problem, ERPS can be associated with Ethernet connectivity fault management (CFM).
After Ethernet CFM is deployed on ERPS nodes connecting to transmission devices and detects
a transmission link failure, CFM informs the ERPS ring of the failure so that ERPS can perform
fast protection switching.
On the network shown in Figure 10-7, Router A, Router B, and Router C form an ERPS ring.
Three relay nodes exist between Router A and Router C. CFM is configured on Router A and
Router C. Interface1 on Router A is associated with Interface1 on Relay1, and Interface1 on
Router C is associated with Interface1 on Relay3.
If a transmission device or link fails, Router A and Router C detect the CFM failure and notify
ERPS. Then ERPS unblocks the RPL owner port and switches traffic.
Interface1
Interface1
Relay1
Relay3
Interface1
Interface1
RouterA
RouterC
RouterB
RPL owner
Data Flow
Applicable Environment
Generally, redundant links are used to access an upper-layer network to provide link backup and
enhance network reliability. The use of redundant links, however, may produce loops. causing
broadcast storms and rendering the MAC address table unstable. As a result, the communication
quality deteriorates, and communication services may even be interrupted. ERPS can be
deployed on the ring network to block redundant links and unblock them if a link fault occurs.
NOTE
Only one protocol, that is, RRPP, STP, SEP, or ERPS, can be configured on one port.
Pre-configuration Tasks
Before configuring ERPSv1 functions, complete the following tasks:
Data Preparation
To configure ERPSv1 functions, you need the following data.
No. Data
1 ERPS ring ID
4 Protected instance ID
5 (Optional) WTR timer, (Optional) guard timer, and (Optional) holdoff timer
Procedure
Step 1 Run:
system-view
An ERPS ring is created and the view of the ERPS ring is displayed.
If an ERPS ring needs to be deleted, ensure that no interfaces are added to the ERPS ring. If any
interface is added to the ERPS ring, a prompt message is displayed when the ERPS ring is being
deleted. In this case, run the undo erps ring command in the interface view or the undo port
command in the ERPS ring view to remove the interface. and run the undo erps ring command
to delete the ERPS ring.
----End
Follow-up Procedure
To facilitate the maintenance of routers on the ERPS ring, run the description command to
configure description information such as ERPS ring ID for these routers.
Context
The same control VLAN must be configured for all routers on an ERPS ring, and different control
VLANs must be configured for different ERPS rings.
Procedure
Step 1 Run:
system-view
The control VLAN is configured for the ERPS ring to forward ERPS protocol packets.
The control VLAN specified by the parameter vlan-id must be newly created. It can neither be
referenced by RRPP or SEP, nor be used in port trunk, default, VLAN mapping, or VLAN
stacking mode.
l If any interface has been added to the ERPS ring, the control VLAN cannot be modified. If
the configured control VLAN needs to be deleted, run the undo erps ring command in the
interface view or the undo port command in the ERPS ring view, and run the undo control-
vlan command to delete the control VLAN.
l If no interface is added to the ERPS ring, you can modify the control VLAN for multiple
times. Only the latest configuration takes effect.
l After the control VLAN is correctly created, the command to create ordinary VLANs vlan
batch vlan-id1 [ to vlan-id2 ] &<1-10> is automatically displayed in the configuration file.
After an interface is added to an ERPS ring configured with a control VLAN, the interface
is added to the control VLAN automatically. Note the following information:
– If the type of the interface added to the ERPS ring is trunk, the vlan-id command is
displayed automatically in the configuration file.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
erps ring ring-id
Step 3 Run:
protected-instance { all | { instance-id1 [ to instance-id2 ] &<1-10>
} }
Running a new protected-instance command does not overide the previously configured
protected instances.
If any interface has been added to the ERPS ring, no protected instance can be modified. If a
configured protected instance needs to be deleted, run the undo erps ring command in the
interface view or the undo port command in the ERPS ring view, and run the undo protected-
instance command to delete the protected instance.
Step 4 Configure the mapping between protected instances and VLANs. Specific procedures are as
follows:
1. Run:
system-view
The mapping relationships between protected instances and VLANs are specified.
The parameter instance-id in this command must the same as the parameter instance-id in
the protected-instance command.
4. Run:
active region-configuration
----End
Prerequisites
Before adding interfaces to an ERPS ring, ensure that:
l STP and RRPP are not enabled on Layer 2 interfaces that are added to the ERPS ring.
– If STP is enabled on these interfaces, run the stp disable command to disable STP.
– If RRPP is enabled on these interfaces, run the undo ring ring-id command in the RRPP
domain view to disable RRPP.
l If interface to be added to the ERPS ring is Layer 3 interface, run the portswitch command
to switch the Layer 3 interfaces to Layer 2 interfaces.
l The control VLAN and protected instance are configured using the control-vlan and
protected-instance commands.
Context
As defined in ERPS, a port can be an RPL owner port or an ordinary port. The link where the
RPL owner port resides is the ring protection link.
l RPL Owner port
An ERPS ring has only one RPL Owner port, which is configured by a user. Blocking the
RPL Owner port prevents loops on the ERPS ring.
When the node where the RPL owner port resides receives an RAPS packet indicating that
a link or a node on the ring fails, it unblocks the RPL owner port to allow the port to send
and receive traffic. This mechanism ensures non-stop traffic forwarding.
l Ordinary port
On an ERPS ring, the ports other than the RPL owner port are ordinary ports.
An ordinary port monitors the status of the directly-connected ERPS link, and sends RAPS
packets to inform the other ports if the link status changes.
NOTE
At present, as MAC address Update packets cannot be independently sent, configuring the direct link
between two upstream nodes as an RPL is not recommended.
Before changing the port role, use the shutdown command to disable the port; after the role changing is
completed, use the undo shutdown command to enable the port. Otherwise, the traffic is interrupted.
Procedure
Step 1 Run:
system-view
The port is added to the ERPS ring and the port role is specified.
l In the interface view, add the port to the ERPS ring and configure the port role.
1. Run:
interface interface-type interface-number
The port is added to the ERPS ring and the port role is specified.
----End
Context
ERPS timers consist of:
l Guard Timer
After a faulty link or a faulty node recovers, the nodes on the two ends of the link or the
faulty node sends Ring Auto Protection Switching (RAPS) packets to inform the other
nodes of the link or node recovers and starts a Guard timer. Before the timer expires, each
involved node does not process any RAPS packet to avoid receiving out-of-date RAPS
packets indicating that the link or node fails. If the involved node receives an RAPS packet
indicating that another port fails , the local port enters the Forwarding state.
l Wait to Restore (WTR) Timer
If the ring protection link (RPL) owner port is unblocked owning to a link or node failure,
the involved port may not go Up immediately after the link or node recovers. To prevent
the RPL owner port alternates between the Up and Down states, the node where the RPL
owner port resides starts a WTR timer after receiving an RAPS packet indicating the link
or node recovery. If the node receives an RAPS packet indicating that another port fails
before the timer expires, it terminates the WTR timer. If the node does not receive any
RAPS packet indicating that another port fails before the timer expires, it unblocks the RPL
owner port when the timer expires and sends an RAPS packet indicating that the RPL owner
port is blocked. After receiving this RAPS packet, the other nodes set their ports on the
ring to the Forwarding state.
l Holdoff Timer
On different Layer 2 networks running EPRS, there may be different requirements on
protective switchover. For example, if multt-layer services are provided, users hope that
the protective switchover is not performed immediately after a server fails, ensuring that
clients do not sense the failure. In this case, you can set a Holdoff timer. If the fault occurs,
the fault is not immediately sent to ERPS until the Holdoff timer times out.
Procedure
Step 1 Run:
system-view
Step 2 Run:
erps ring ring-id
l Run:
holdoff-timer time-value
----End
Context
In addition to determining whether packets can be forwarded, the MEL value of an ERPS ring
can also be used to facilitate the communications with other vendors' routers. The same MEL
value ensures smooth communications between routers.
Procedure
Step 1 Run:
system-view
Step 2 Run:
erps ring ring-id
Step 3 Run:
raps-mel level-id
----End
Prerequisites
The ERPSv1 has been configured.
Procedure
l Run the display erps [ ring ring-id ] [ verbose ] command to check information about the
ERPS ring.
----End
Example
Run the display erps [ ring ring-id ] command to view information about the ERPS ring. For
example:
<HUAWEI> display erps ring 1
D : Discarding
F : Forwarding
R : RPL owner
N : RPL Neighbour
FS : Forced Switch
MS : Manual Switch
Ring Control WTR Timer Guard Timer Port 1 Port 2
ID VLAN (min) (csec)
-----------------------------------------------------------------------
1 10 6 100 (F)GE1/0/1 (D,R)GE1/0/2
-----------------------------------------------------------------------
Run the display erps [ ring ring-id ] [ verbose ] command to view detailed information about
the ERPS ring. For example:
<HUAWEI> display erps ring 1 verbose
Ring ID : 1
Description : Ring 1
Control Vlan : 10
Protected Instance : 1
Service Vlan : 100 to 200
WTR Timer Setting (min) : 6 Running (s) : 0
Guard Timer Setting (csec) : 100 Running (csec) : 0
Holdoff Timer Setting (deciseconds) : 0 Running (deciseconds) : 0
WTB Timer Running (csec) : 0
Ring State : Idle
RAPS_MEL : 7
Revertive Mode : Revertive
R-APS Channel Mode : -
Version : 1
Sub-ring : No
Forced Switch Port : -
Manual Switch Port : -
TC-Notify : -
Time since last topology change : 0 days 0h:33m:4s
-----------------------------------------------------------------------
Port Port Role Port Status Signal Status
-----------------------------------------------------------------------
GE1/0/1 Common Forwarding Non-failed
GE1/0/2 RPL Owner Discarding Non-failed
Usage Scenario
Generally, redundant links are used on an Ethernet switching network to provide link backup
and enhance network reliability. The use of redundant links, however, may produce loops,
causing broadcast storms and rendering the MAC address table unstable. As a result, the
communication quality deteriorates, and communication services may even be interrupted. To
resolve these problems, ERPS can be used for loop avoidance purposes. ERPS blocks redundant
links under normal conditions and unblocks them if a link fault occurs in promptly restore
communication. As ERPSv1 supports only single ring topologies, ERPSv2 that supports multi-
ring topologies can be used on the multi-ring network shown in Figure 10-8.
Network
RouterH RouterI
RouterA RouterE
Major Ring
RouterB
RPL RouterD
Sub-Ring1
RouterC Sub-Ring2
SwitchF SwitchG
PC1 PC2
RPL owner
Data Flow
NOTE
ERPS and other ring network protocols, such as Rapid Ring Protection Protocol (RRPP), Spanning Tree
Protocol (STP), and Smart Ethernet Protection (SEP), cannot run on the same port.
Pre-configuration Tasks
Before configuring ERPSv2, complete the following tasks:
Data Preparation
To configure ERPSv2, you need the following data.
No. Data
ERPS ring ID, control VLAN ID, (optional) ring description, ERP instance ID,
1 ring port numbers, and port roles
(Optional) WTR timer value, (optional) guard timer value, (optional) hold-off
3 timer value, and (optional) MEL value
Context
Perform the following operations to configure an ERPS ring:
1. Create an ERPS ring.
2. (Optional) Configure a description for the ERPS ring. The description can contain the ERPS
ring ID.
3. Configure a control VLAN for the ERPS ring. A control VLAN is different from a data
VLAN that transmits service packets. On ERPS rings, a control VLAN is used to transmit
Ring Auto Protection Switching (R-APS) Protocol Data Units (PDUs), also called the ERPS
protocol packets. A control VLAN does not transmit service packets, enhancing ERPS
security.
All nodes on an ERPS ring must use the same control VLAN. Different ERPS rings cannot
have the same control VLAN.
4. Configure an Ethernet Ring Protection (ERP) instance and map the instance to a VLAN.
Ports can be added to an ERPS ring only after an ERP instance is configured for the ring.
VLANs can be mapped to ERP instances for load balancing.
5. Specify ERPSv2.
ERPSv2 has the following additional functions compared with ERPSv1:
l Supports multi-ring topologies, such as intersecting rings.
l Allows sub-rings to use either virtual channels (VCs) or non-virtual channels (NVCs)
to transmit R-APS PDUs.
l Supports two manual port blocking modes: forced switch (FS) and manual switch (MS).
l Supports both revertive and non-revertive switching.
6. Configure major rings and sub-rings.
By default, an ERPS ring is a major ring. When you deploy ERPS on a multi-ring network,
you must configure some rings as sub-rings and set the R-APS PDU transmission mode
on sub-rings.
7. Add Layer 2 ports to ERPS rings and specify port roles.
Before adding a port to an ERPS ring, ensure that:
l Spanning Tree Protocol (STP), Rapid Ring Protection Protocol (RRPP), or Smart
Ethernet Protection (SEP) is not enabled on the port.
– If the port has STP enabled, run the stp disable command in the interface view to
disable STP.
– If the port has RRPP enabled, run the undo ring ring-id command in the RRPP
domain view to disable RRPP.
l The port is not a Layer 3 port. If the port is a Layer 3 port, run the portswitch command
to switch the port to the Layer 2 mode.
l A control VLAN and an ERP instance have been configured for the ERPS ring to which
the port will be added.
l ERPSv2 has been specified for the ERPS ring if the port will be specified as an RPL
neighbor port.
Procedure
Step 1 Run:
system-view
Step 2 Run:
erps ring ring-id
An ERPS ring can be deleted only if it does not have any port. If you attempt to delete an ERPS
ring that has a port, the system prompts a deletion failure. Before deleting an ERPS ring that has
a port, run the undo erps ring command in the interface view of the port or the undo port
command in the ERPS ring view to remove the port from the ERPS ring. Then run the undo
erps ring command to delete the ERPS ring.
By default, an ERPS ring configured using the erps ring ring-id command is a major ring.
By default, the description for an ERPS ring is the ring name, for example, Ring 1.
Step 4 Run:
control-vlan vlan-id
The control VLAN specified by vlan-id must be the one that has not been created or used in
RRPP, SEP, VLAN mapping, VLAN stacking, port trunk allow-pass, or port default vlan
applications.
l The control VLAN for an ERPS ring cannot be modified after a port is added to the ring.
Before deleting the control VLAN for an ERPS ring that has a port, run the undo erps
ring command in the interface view of the port or the undo port command in the ERPS ring
view to remove the port from the ERPS ring. Then run the undo control-vlan command to
delete the control VLAN.
l If an ERPS ring does not have any port, you can run the control-vlan command more than
once, but only the latest configuration takes effect.
l After a control VLAN is configured, the vlan batch vlan-id1 [ to vlan-id2 ] &<1-10>
command, instead of the control-vlan command, is saved in the configuration file.
After a port is added to an ERPS ring that has a control VLAN configured, the port is
automatically added to the control VLAN.
– If the port is a trunk port, the port trunk allow-pass vlan vlan-id command configuration
is automatically generated in the interface view of this port in the configuration file.
Step 5 Run:
protected-instance { all | { instance-id1 [ to instance-id2 ] &<1-10> } }
If you run the protected-instance command for an ERPS ring several times, all the configured
ERP instances take effect.
ERP instances for an ERPS ring cannot be modified after a port is added to the ring. Before
deleting an ERP instance for an ERPS ring that has a port, run the undo erps ring command in
the interface view of the port or the undo port command in the ERPS ring view to remove the
port from the ERPS ring. Then run the undo protected-instance command to delete the ERP
instance.
Step 6 Perform the following steps to configure the mapping between an ERP instance and the control
VLAN:
1. Run the system-view command to enter the system view.
2. Run the stp region-configuration command to enter the MST region view.
3. Run the instance instance-id vlan { vlan-id [ to vlan-id ] } &<1-10> command to map the
control VLAN to an ERP instance.
instance-id specified in this command must be the same as instance-id specified in the
protected-instance command.
4. Run the active region-configuration command to activate the mapping between the ERP
instance and VLAN.
Step 7 Run:
version v2
ERPSv2 is specified.
Before specifying ERPSv1 for an ERPSv2-running Router, delete all ERPS configurations that
ERPSv1 does not support.
By default, all ERPS rings are major rings. This step is needed only when an existing ERPS ring
must be used as a sub-ring.
An ERPS ring cannot be configured as a sub-ring after a port is added to the ring. Before
configuring an ERPS ring that has a port as a sub-ring, run the undo erps ring command in the
interface view of the port or the undo port command in the ERPS ring view to remove the port
from the ERPS ring. Then run the sub-ring command to configure the ERPS ring as a sub-ring.
NOTE
By default, sub-rings use NVCs to transmit R-APS PDUs. Using the default transmission mode
is recommended. This step is needed only for a sub-ring.
Step 10 Run either of the following commands to add a port to an ERPS ring and specify the port role.
l Run the port interface-type interface-number [ rpl { owner | neighbour } ] command in the
ERPS ring view.
l Run the erps ring ring-id [ rpl { owner | neighbour } ] command in the interface view.
NOTE
As MAC address updates cannot be separately sent currently, configuring the direct link between two
upstream nodes as the RPL is not recommended.
Before changing the port role, run the shutdown command to shut down the port. Then change the port
role and run the undo shutdown command to enable the port.
----End
change. Then all the nodes on the other ERPS rings clear their MAC and ARP entries and relearn
MAC addresses from the ring with a topology change. This function ensures that user traffic is
not interrupted.
Context
If an upper-layer Layer 2 network is not notified of the topology change in an ERPS ring, the
MAC address entries remain unchanged on the upper-layer network and therefore user traffic is
interrupted. To ensure traffic transmission, you can configure the topology change notification
function and specify the ERPS rings that will be notified of the topology change.
In addition, if an ERPS ring frequently receives topology change notification messages, its nodes
will have lower CPU processing capability and repeatedly update Flush-FDB packets,
consuming lots of bandwidth. To resolve this problem, suppress the transmission of topology
change notification messages. You can set the topology change protection interval at which
topology change notification messages are sent to suppress the number of transmissions, and set
the maximum number of topology change notification messages that can be processed during
the topology change protection interval to prevent frequent MAC and ARP updates.
Procedure
Step 1 Run:
system-view
Step 2 Run:
erps ring ring-id
Step 3 Run:
tc-notify erps ring { ring-id1 [ to ring-id2 ] } &<1-10>
The ERPS ring is configured to notify other ERPS rings of its topology change.
ring-id1 [ to ring-id2 ] specifies the start and end ring IDs of the ERPS rings that will be notified
of the topology change. Ensure that the ERPS rings specified by ring-id1 and ring-id2 exist. If
the specified rings do not exist, the topology change notification function does not take effect.
After the ERPS rings receive the topology change notification from an ERPS ring, they send
Flush-FDB messages on their separate rings to instruct their nodes to update MAC addresses so
that user traffic is not interrupted.
The topology change protection interval at which topology change notification messages are
sent is set.
The maximum number of topology change notification messages that can be processed during
the topology change protection interval is set.
The topology change protection interval is the one specified by the tc-protection interval
command.
----End
Context
l Revertive and non-revertive switching
After link faults are rectified, whether to re-block the RPL owner port depends on the
switching mode.
l Port blocking modes
In case the ring protection link (RPL) has high bandwidth, blocking a link with low
bandwidth and unblocking the RPL allow traffic to use the RPL and have more bandwidth.
ERPS supports two manual port blocking modes: forced switch (FS) and manual switch
(MS). FS takes precedence over MS. An existing FS or MS operation can be cleared using
the clear command. The clear command also has the following functions:
– Triggers revertive switching before the wait to restore (WTR) or wait to block (WTB)
timer expires in the case of revertive operations.
– Triggers revertive switching in the case of non-revertive operations.
l Timer
ERPS defines four timers: guard timer, hold-off timer, WTR timer, and WTB timer (only
in ERPSv2). The WTB timer value cannot be configured. Its value is the guard timer value
plus 5. The default WTB timer value is 7s.
Procedure
Step 1 Run:
system-view
Step 2 Run:
erps ring ring-id
Step 3 Run:
revertive { enable | disable }
Step 4 Run:
quit
----End
Prerequisites
Ethernet CFM has been configured on an ERPS ring port. For details, see Configuring Basic
Ethernet CFM.
Procedure
l Perform the following steps to associate ERPS with Ethernet CFM in the interface view.
1. Run:
system-view
Follow-up Procedure
After ERPS is associated with Ethernet CFM, ensure that the maintenance entity group level
(MEL) in Ring Auto Protection Switching (R-APS) Protocol Data Units (PDUs) on ERPS rings
is higher than that in CFM protocol packets. Otherwise, Ethernet CFM cannot allow R-APS
PDUs to pass through. When ERPS is used for communication between Huawei and non-Huawei
devices, the same MEL also allows them to communicate smoothly.
You can run the raps-mel level-id command in the ERPS ring view to set the MEL in R-APS
PDUs .
By default, the MEL in R-APS PDUs is 7.
Prerequisites
Ethernet CFM has been configured on an ERPS ring port. For details, see Configuring Basic
Ethernet CFM.
Procedure
l Perform the following steps to associate ERPS with Ethernet CFM in the interface view.
1. Run:
system-view
Follow-up Procedure
After ERPS is associated with Ethernet CFM, ensure that the maintenance entity group level
(MEL) in Ring Auto Protection Switching (R-APS) Protocol Data Units (PDUs) on ERPS rings
is higher than that in CFM protocol packets. Otherwise, Ethernet CFM cannot allow R-APS
PDUs to pass through. When ERPS is used for communication between Huawei and non-Huawei
devices, the same MEL also allows them to communicate smoothly.
You can run the raps-mel level-id command in the ERPS ring view to set the MEL in R-APS
PDUs .
By default, the MEL in R-APS PDUs is 7.
Prerequisites
ERPSv2 has been configured.
Procedure
l Run the display erps [ ring ring-id ] [ verbose ] command to check the ports added to an
ERPS ring and ring configurations.
l Run the display erps interface interface-type interface-number [ ring ring-id ] command
to check physical configurations of an ERPS ring port.
----End
Example
Run the display erps [ ring ring-id ] command. The command output shows configurations of
the ports added to an ERPS ring and ring configurations.
<HUAWEI> display erps ring 1
D : Discarding
F : Forwarding
R : RPL Owner
N : RPL Neighbour
FS : Forced Switch
MS : Manual Switch
Ring Control WTR Timer Guard Timer Port 1 Port 2
ID VLAN (min) (csec)
--------------------------------------------------------------------------------
1 1 5 200 (D)Eth-Trunk1 -
--------------------------------------------------------------------------------
Run the display erps [ ring ring-id ] [ verbose ] command. The command output shows detailed
configurations of ports added to an ERPS ring and ring configurations.
<HUAWEI> display erps ring 1 verbose
Ring ID : 1
Description : Ring 1
Control Vlan : 1
Protected Instance : 0 to 4094
Service Vlan : 2 to 4094
WTR Timer Setting (min) : 5 Running (s) : 0
Guard Timer Setting (csec) : 200 Running (csec) : 0
Run the display erps interface interface-type interface-number [ ring ring-id ] command. The
command output shows physical configurations of an ERPS ring port.
<HUAWEI> display erps interface Eth-Trunk 1 ring 1
Interface State : Up
--------------------------------------------------------------------------------
Ring ID : 1
Flush Logic
Remote Node ID : 0000-0000-0000
Remote BPR : 0
Track Link Dectect Protocl : 1AG
MD Name : 1
MA Name : 1
MEP ID : 2270
RMEP ID : 2260
CFM State : Failed
Context
NOTICE
ERPS statistics cannot be restored after being reset. Therefore, exercise caution when resetting
ERPS statistics.
Procedure
Step 1 Run:
display erps [ ring ring-id ] statistics
Statistics of the packets sent and received on ERPS interfaces are displayed. Note that the
command is run in the user view.
Step 2 Run:
reset erps [ ring ring-id ] statistics
ERPS statistics are cleared. Note that the command is run in the user view.
----End
Networking Requirements
Generally, redundant links are used on an Ethernet switching network to provide link backup
and enhance network reliability. The use of redundant links, however, may produce loops,
causing broadcast storms and rendering the MAC address table unstable. As a result, the
communication quality deteriorates, and communication services may even be interrupted.
To prevent loops caused by redundant links, enable ERPS on the nodes of the ring network.
Figure 10-9 shows a network on which a multi-instance ERPS ring is used. Router A through
Router D constitute an aggregation ring that provides Layer 2 aggregation services and is
connected to a Layer 3 network for service processing. The aggregation ring runs ERPS,
providing protection switching for Layer 2 redundant links. ERPS ring 1 and ERPS ring 2 are
configured on Router A through Router D. P1 on Router B is a blocked port on ERPS ring 1,
and P2 on Router A is a blocked port on ERPS ring 1, implementing load balancing and link
backup.
Network
NPE1 NPE2
RouterC GE1/0/1
RouterD
GE1/0/2
GE1/0/1
GE1/0/2
ERPS
GE1/0/2
GE1/0/1
RouterA GE1/0/2
GE1/0/1 RouterB
P2
P1
VLAN: VLAN:
100~200 300~400
ERPS ring1
ERPS ring2
Blocked Port1
Blocked Port2
Data Flow1
Data Flow2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the trunk link type for all ports to be added to an ERPS ring.
2. Create an ERPS ring and configure the control VLAN and Ethernet Ring Protection (ERP)
instance for the ring.
3. Add Layer 2 ports to the ERPS ring and specify port roles.
4. Configure the guard timer and wait to restore (WTR) timer for the ERPS ring.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the trunk link type for all ports to be added to an ERPS ring.
# Configure Router A.
<HUAWEI> system-view
[HUAWEI] sysname Router A
[Router A] interface gigabitethernet 1/0/1
[Router A-GigabitEthernet1/0/1] port link-type trunk
[Router A-GigabitEthernet1/0/1] quit
[Router A] interface gigabitethernet 1/0/2
[Router A-GigabitEthernet1/0/2] port link-type trunk
[Router A-GigabitEthernet1/0/2] quit
# Configure Router B.
<HUAWEI> system-view
[HUAWEI] sysname Router B
[Router B] interface gigabitethernet 1/0/1
[Router B-GigabitEthernet1/0/1] port link-type trunk
[Router B-GigabitEthernet1/0/1] quit
[Router B] interface gigabitethernet 1/0/2
[Router B-GigabitEthernet1/0/2] port link-type trunk
[Router B-GigabitEthernet1/0/2] quit
# Configure Router C.
<HUAWEI> system-view
[HUAWEI] sysname Router C
[Router C] interface gigabitethernet 1/0/1
[Router C-GigabitEthernet1/0/1] port link-type trunk
[Router C-GigabitEthernet1/0/1] quit
[Router C] interface gigabitethernet 1/0/2
[Router C-GigabitEthernet1/0/2] port link-type trunk
[Router C-GigabitEthernet1/0/2] quit
# Configure Router D.
<HUAWEI> system-view
[HUAWEI] sysname Router D
[Router D] interface gigabitethernet 1/0/1
[Router D-GigabitEthernet1/0/1] port link-type trunk
[Router D-GigabitEthernet1/0/1] quit
[Router D] interface gigabitethernet 1/0/2
[Router D-GigabitEthernet1/0/2] port link-type trunk
[Router D-GigabitEthernet1/0/2] quit
Step 2 Create ERPS ring 1 and ERPS ring 2 and configure ERP instances for the two rings. Set the
control VLAN ID of ERPS ring 1 to 10 and the control VLAN ID of ERPS ring 2 to 20. Enable
ERPS ring 1 to transmit data packets carrying VLAN IDs from 100 to 200 and enable ERPS
ring 2 to transmit data packets carrying VLAN IDs from 300 to 400.
# Configure Router A.
[Router A] erps ring 1
[Router A-erps-ring1] control-vlan 10
[Router A-erps-ring1] protected-instance 1
[Router A-erps-ring1] quit
[Router A] stp region-configuration
[Router A-mst-region] instance 1 vlan 10 100 to 200
[Router A-mst-region] active region-configuration
[Router A-mst-region] quit
[Router A] erps ring 2
[Router A-erps-ring2] control-vlan 20
[Router A-erps-ring2] protected-instance 2
[Router A-erps-ring2] quit
[Router A] stp region-configuration
[Router A-mst-region] instance 2 vlan 20 300 to 400
[Router A-mst-region] active region-configuration
[Router A-mst-region] quit
# Configure Router B.
[Router B] erps ring 1
[Router B-erps-ring1] control-vlan 10
[Router B-erps-ring1] protected-instance 1
[Router B-erps-ring1] quit
[Router B] stp region-configuration
[Router B-mst-region] instance 1 vlan 10 100 to 200
[Router B-mst-region] active region-configuration
[Router B-mst-region] quit
[Router B] erps ring 2
[Router B-erps-ring2] control-vlan 20
[Router B-erps-ring2] protected-instance 2
[Router B-erps-ring2] quit
[Router B] stp region-configuration
[Router B-mst-region] instance 2 vlan 20 300 to 400
[Router B-mst-region] active region-configuration
[Router B-mst-region] quit
# Configure Router C.
[Router C] erps ring 1
[Router C-erps-ring1] control-vlan 10
[Router C-erps-ring1] protected-instance 1
[Router C-erps-ring1] quit
[Router C] stp region-configuration
[Router C-mst-region] instance 1 vlan 10 100 to 200
[Router C-mst-region] active region-configuration
[Router C-mst-region] quit
[Router C] erps ring 2
[Router C-erps-ring2] control-vlan 20
[Router C-erps-ring2] protected-instance 2
[Router C-erps-ring2] quit
[Router C] stp region-configuration
[Router C-mst-region] instance 2 vlan 20 300 to 400
[Router C-mst-region] active region-configuration
[Router C-mst-region] quit
# Configure Router D.
[Router D] erps ring 1
[Router D-erps-ring1] control-vlan 10
[Router D-erps-ring1] protected-instance 1
[Router D-erps-ring1] quit
[Router D] stp region-configuration
[Router D-mst-region] instance 1 vlan 10 100 to 200
[Router D-mst-region] active region-configuration
[Router D-mst-region] quit
[Router D] erps ring 2
Step 3 Add Layer 2 ports to the ERPS ring and specify port roles. Specifically, configure GE 1/0/1 on
Router A and GE 1/0/2 on Router B as their respective ring protection link (RPL) owner ports.
# Configure Router A.
[Router A] interface gigabitethernet 1/0/1
[Router A-GigabitEthernet1/0/1] stp disable
[Router A-GigabitEthernet1/0/1] erps ring 1
[Router A-GigabitEthernet1/0/1] erps ring 2 rpl owner
[Router A-GigabitEthernet1/0/1] quit
[Router A] interface gigabitethernet 1/0/2
[Router A-GigabitEthernet1/0/2] stp disable
[Router A-GigabitEthernet1/0/2] erps ring 1
[Router A-GigabitEthernet1/0/2] erps ring 2
[Router A-GigabitEthernet1/0/2] quit
# Configure Router B.
[Router B] interface gigabitethernet 1/0/1
[Router B-GigabitEthernet1/0/1] stp disable
[Router B-GigabitEthernet1/0/1] erps ring 1
[Router A-GigabitEthernet1/0/1] erps ring 2
[Router B-GigabitEthernet1/0/1] quit
[Router B] interface gigabitethernet 1/0/2
[Router B-GigabitEthernet1/0/2] stp disable
[Router B-GigabitEthernet1/0/2] erps ring 1 rpl owner
[Router A-GigabitEthernet1/0/2] erps ring 2
[Router B-GigabitEthernet1/0/2] quit
# Configure Router C.
[Router C] interface gigabitethernet 1/0/1
[Router C-GigabitEthernet1/0/1] stp disable
[Router C-GigabitEthernet1/0/1] erps ring 1
[Router C-GigabitEthernet1/0/1] erps ring 2
[Router C-GigabitEthernet1/0/1] quit
[Router C] interface gigabitethernet 1/0/2
[Router C-GigabitEthernet1/0/2] stp disable
[Router C-GigabitEthernet1/0/2] erps ring 1
[Router C-GigabitEthernet1/0/2] erps ring 2
[Router C-GigabitEthernet1/0/2] quit
# Configure Router D.
[Router D] interface gigabitethernet 1/0/1
[Router D-GigabitEthernet1/0/1] stp disable
[Router D-GigabitEthernet1/0/1] erps ring 1
[Router D-GigabitEthernet1/0/1] erps ring 2
[Router D-GigabitEthernet1/0/1] quit
[Router D] interface gigabitethernet 1/0/2
[Router D-GigabitEthernet1/0/2] stp disable
[Router D-GigabitEthernet1/0/2] erps ring 1
[Router D-GigabitEthernet1/0/2] erps ring 2
[Router D-GigabitEthernet1/0/2] quit
Step 4 Configure the guard timer and WTR timer for the ERPS ring.
# Configure Router A.
[Router A] erps ring 1
# Configure Router B.
[Router B] erps ring 1
[Router B-erps-ring1] wtr-timer 6
[Router B-erps-ring1] guard-timer 100
[Router B-mst-region] quit
[Router B] erps ring 2
[Router B-erps-ring2] wtr-timer 6
[Router B-erps-ring2] guard-timer 100
[Router B-mst-region] quit
# Configure Router C.
[Router C] erps ring 1
[Router C-erps-ring1] wtr-timer 6
[Router C-erps-ring1] guard-timer 100
[Router C-mst-region] quit
[Router C] erps ring 2
[Router C-erps-ring2] wtr-timer 6
[Router C-erps-ring2] guard-timer 100
[Router C-mst-region] quit
# Configure Router D.
[Router D] erps ring 1
[Router D-erps-ring1] wtr-timer 6
[Router D-erps-ring1] guard-timer 100
[Router D-mst-region] quit
[Router D] erps ring 2
[Router D-erps-ring2] wtr-timer 6
[Router D-erps-ring2] guard-timer 100
[Router D-mst-region] quit
# Configure Router A.
[Router A] vlan batch 100 to 200 300 to 400
[Router A] interface gigabitethernet 1/0/1
[Router A-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 to 200 300 to 400
[Router A-GigabitEthernet1/0/1] quit
[Router A] interface gigabitethernet 1/0/2
[Router A-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 to 200 300 to 400
[Router A-GigabitEthernet1/0/2] quit
# Configure Router B.
[Router B] vlan batch 100 to 200 300 to 400
[Router B] interface gigabitethernet 1/0/1
[Router B-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 to 200 300 to 400
[Router B-GigabitEthernet1/0/1] quit
[Router B] interface gigabitethernet 1/0/2
[Router B-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 to 200 300 to 400
[Router B-GigabitEthernet1/0/2] quit
# Configure Router C.
[Router C] vlan batch 100 to 200 300 to 400
[Router C] interface gigabitethernet 1/0/1
[Router C-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 to 200 300 to 400
# Configure Router D.
[Router D] vlan batch 100 to 200 300 to 400
[Router D] interface gigabitethernet 1/0/1
[Router D-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 to 200 300 to 400
[Router D-GigabitEthernet1/0/1] quit
[Router D] interface gigabitethernet 1/0/2
[Router D-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 to 200 300 to 400
[Router D-GigabitEthernet1/0/2] quit
l Run the display erps verbose command. The command output shows detailed configurations
of Router B ports added to the ERPS ring and ring configurations.
[Router B] display erps verbose
Ring ID : 1
Description : Ring 1
Control Vlan : 10
Protected Instance : 1
Service Vlan : 100 to 200
WTR Timer Setting (min) : 6 Running (s) : 0
Guard Timer Setting (csec) : 100 Running (csec) : 0
Holdoff Timer Setting (deciseconds) : 0 Running (deciseconds) : 0
WTB Timer Running (csec) : 0
Ring State : Idle
RAPS_MEL : 7
Revertive Mode : Revertive
R-APS Channel Mode : -
Version : 1
Sub-ring : No
Forced Switch Port : -
Manual Switch Port : -
TC-Notify : -
Time since last topology change : 0 days 0h:35m:5s
-------------------------------------------------------------------------------
-
Port Port Role Port Status Signal Status
-------------------------------------------------------------------------------
-
GE1/0/1 Common Forwarding Non-failed
GE1/0/2 RPL Owner Discarding Non-failed
Ring ID : 2
Description : Ring 2
Control Vlan : 20
Protected Instance : 2
Service Vlan : 300 to 400
WTR Timer Setting (min) : 6 Running (s) : 0
Guard Timer Setting (csec) : 100 Running (csec) : 0
Holdoff Timer Setting (deciseconds) : 0 Running (deciseconds) : 0
WTB Timer Running (sec) : 0
Ring State : Idle
RAPS_MEL : 7
Revertive Mode : Revertive
R-APS Channel Mode : -
Version : 1
Sub-ring : No
Forced Switch Port : -
Manual Switch Port : -
TC-Notify : -
Time since last topology change : 0 days 0h:35m:30s
-------------------------------------------------------------------------------
-
Port Port Role Port Status Signal Status
-------------------------------------------------------------------------------
-
GE1/0/1 Common Forwarding Non-failed
GE1/0/2 Common Forwarding Non-failed
----End
Configuration Files
l Router A configuration file
#
sysname Router A
#
vlan batch 10 20 100 to 200 300 to 400
#
stp region-configuration
instance 1 vlan 10 100 to 200
instance 2 vlan 20 300 to 400
active region-configuration
#
erps ring 1
control-vlan 10
protected-instance 1
wtr-timer 6
guard-timer 100
erps ring 2
control-vlan 20
protected-instance 2
wtr-timer 6
guard-timer 100
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
protected-instance 1
wtr-timer 6
guard-timer 100
erps ring 2
control-vlan 20
protected-instance 2
wtr-timer 6
guard-timer 100
#
interface GigabitEthernet1/0/1
erps ring 2
#
return
Networking Requirements
Generally, redundant links are used on an Ethernet switching network to provide link backup
and enhance network reliability. The use of redundant links, however, may produce loops,
causing broadcast storms and rendering the MAC address table unstable. As a result, the
communication quality deteriorates, and communication services may even be interrupted.
To prevent loops caused by redundant links, enable ERPS on the nodes of the ring network.
On the ERPS multi-ring network shown in Figure 10-10, Router A, Router B, and Router D
constitute a major ring, and Router A, Router C, and Router D constitute a sub-ring.
Network
RouterE RouterF
GE1/0/2
RouterA RouterD
GE1/0/3 GE1/0/1
GE1/0/1 GE1/0/3
GE1/0/2
GE2/0/2
GE1/0/1 GE2/0/1
RouterC RouterB
RPL owner
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the trunk link type for all ports to be added to ERPS rings.
2. Create ERPS rings and configure control VLANs and Ethernet Ring Protection (ERP)
instances for them.
3. Specify the ERPS version and configure a sub-ring.
4. Add Layer 2 ports to ERPS rings and specify port roles.
5. Configure the topology change notification function on the interconnection nodes.
6. Configure the guard timer and wait to restore (WTR) timer for the ERPS rings.
7. Configure Layer 2 forwarding for Router A through Router D.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the trunk link type for all ports to be added to ERPS rings.
# Configure Router A.
<HUAWEI> system-view
[HUAWEI] sysname Router A
[Router A] interface gigabitethernet 1/0/1
[Router A-GigabitEthernet1/0/1] port link-type trunk
[Router A-GigabitEthernet1/0/1] quit
[Router A] interface gigabitethernet 1/0/2
[Router A-GigabitEthernet1/0/2] port link-type trunk
[Router A-GigabitEthernet1/0/2] quit
[Router A] interface gigabitethernet 1/0/3
[Router A-GigabitEthernet1/0/3] port link-type trunk
[Router A-GigabitEthernet1/0/3] quit
# Configure Router B.
<HUAWEI> system-view
[HUAWEI] sysname Router B
[Router B] interface gigabitethernet 2/0/1
[Router B-GigabitEthernet2/0/1] port link-type trunk
[Router B-GigabitEthernet2/0/1] quit
[Router B] interface gigabitethernet 2/0/2
[Router B-GigabitEthernet2/0/2] port link-type trunk
[Router B-GigabitEthernet2/0/2] quit
# Configure Router C.
<HUAWEI> system-view
[HUAWEI] sysname Router C
[Router C] interface gigabitethernet 1/0/1
[Router C-GigabitEthernet1/0/1] port link-type trunk
[Router C-GigabitEthernet1/0/1] quit
[Router C] interface gigabitethernet 1/0/2
[Router C-GigabitEthernet1/0/2] port link-type trunk
[Router C-GigabitEthernet1/0/2] quit
# Configure Router D.
<HUAWEI> system-view
[HUAWEI] sysname Router D
[Router D] interface gigabitethernet 1/0/1
[Router D-GigabitEthernet1/0/1] port link-type trunk
[Router D-GigabitEthernet1/0/1] quit
[Router D] interface gigabitethernet 1/0/2
[Router D-GigabitEthernet1/0/2] port link-type trunk
[Router D-GigabitEthernet1/0/2] quit
[Router D] interface gigabitethernet 1/0/3
[Router D-GigabitEthernet1/0/3] port link-type trunk
[Router D-GigabitEthernet1/0/3] quit
Step 2 Create ERPS ring 1 and ERPS ring 2 and configure ERP instances for the two rings. Set the
control VLAN ID of ERPS ring 1 to 10 and the control VLAN ID of ERPS ring 2 to 20. Enable
ERPS ring 1 to transmit data packets carrying VLAN IDs from 100 to 200 and enable ERPS
ring 2 to transmit data packets carrying VLAN IDs from 300 to 400.
# Configure Router A.
[Router A] erps ring 1
[Router A-erps-ring1] control-vlan 10
[Router A-erps-ring1] protected-instance 1
[Router A-erps-ring1] quit
[Router A] stp region-configuration
[Router A-mst-region] instance 1 vlan 10 100 to 200
[Router A-mst-region] active region-configuration
[Router A-mst-region] quit
[Router A] erps ring 2
[Router A-erps-ring2] control-vlan 20
[Router A-erps-ring2] protected-instance 2
[Router A-erps-ring2] quit
[Router A] stp region-configuration
[Router A-mst-region] instance 2 vlan 20 300 to 400
[Router A-mst-region] active region-configuration
[Router A-mst-region] quit
# Configure Router B.
[Router B] erps ring 1
[Router B-erps-ring1] control-vlan 10
[Router B-erps-ring1] protected-instance 1
[Router B-erps-ring1] quit
[Router B] stp region-configuration
[Router B-mst-region] instance 1 vlan 10 100 to 200
[Router B-mst-region] active region-configuration
[Router B-mst-region] quit
# Configure Router C.
[Router C] erps ring 2
[Router C-erps-ring2] control-vlan 20
[Router C-erps-ring2] protected-instance 2
[Router C-erps-ring2] quit
[Router C] stp region-configuration
[Router C-mst-region] instance 2 vlan 20 300 to 400
[Router C-mst-region] active region-configuration
[Router C-mst-region] quit
# Configure Router D.
[Router D] erps ring 1
[Router D-erps-ring1] control-vlan 10
[Router D-erps-ring1] protected-instance 1
[Router D-erps-ring1] quit
[Router D] stp region-configuration
[Router D-mst-region] instance 1 vlan 10 100 to 200
[Router D-mst-region] active region-configuration
# Configure Router A.
[Router A] erps ring 1
[Router A-erps-ring1] version v2
[Router A-erps-ring1] quit
[Router A] erps ring 2
[Router A-erps-ring2] version v2
[Router A-erps-ring2] sub-ring
[Router A-erps-ring2] quit
# Configure Router B.
[Router B] erps ring 1
[Router B-erps-ring1] version v2
[Router B-erps-ring1] quit
# Configure Router C.
[Router C] erps ring 2
[Router C-erps-ring2] version v2
[Router C-erps-ring2] sub-ring
[Router C-erps-ring2] quit
# Configure Router D.
[Router D] erps ring 1
[Router D-erps-ring1] version v2
[Router D-erps-ring1] quit
[Router D] erps ring 2
[Router D-erps-ring2] version v2
[Router D-erps-ring2] sub-ring
[Router D-erps-ring2] quit
Step 4 Add the ports to ERPS rings and specify port roles. Specifically, configure GE 2/0/1 on
Router B and GE 1/0/1 on Router C as their respective RPL owner ports.
# Configure Router A.
[Router A] interface gigabitethernet 1/0/1
[Router A-GigabitEthernet1/0/1] shutdown
[Router A-GigabitEthernet1/0/1] stp disable
[Router A-GigabitEthernet1/0/1] erps ring 1
[Router A-GigabitEthernet1/0/1] undo shutdown
[Router A-GigabitEthernet1/0/1] quit
[Router A] interface gigabitethernet 1/0/2
[Router A-GigabitEthernet1/0/2] shutdown
[Router A-GigabitEthernet1/0/2] stp disable
[Router A-GigabitEthernet1/0/2] erps ring 1
[Router A-GigabitEthernet1/0/2] undo shutdown
[Router A-GigabitEthernet1/0/2] quit
[Router A] interface gigabitethernet 1/0/3
[Router A-GigabitEthernet1/0/3] shutdown
[Router A-GigabitEthernet1/0/3] stp disable
[Router A-GigabitEthernet1/0/3] erps ring 2
[Router A-GigabitEthernet1/0/3] undo shutdown
# Configure Router B.
[Router B] interface gigabitethernet 2/0/1
[Router B-GigabitEthernet2/0/1] shutdown
[Router B-GigabitEthernet2/0/1] stp disable
[Router B-GigabitEthernet2/0/1] erps ring 1 rpl owner
[Router B-GigabitEthernet2/0/1] undo shutdown
[Router B-GigabitEthernet2/0/1] quit
[Router B] interface gigabitethernet 2/0/2
[Router B-GigabitEthernet2/0/2] shutdown
[Router B-GigabitEthernet2/0/2] stp disable
[Router B-GigabitEthernet2/0/2] erps ring 1
[Router B-GigabitEthernet2/0/2] undo shutdown
[Router B-GigabitEthernet2/0/2] quit
# Configure Router C.
[Router C] interface gigabitethernet 1/0/1
[Router C-GigabitEthernet1/0/1] shutdown
[Router C-GigabitEthernet1/0/1] stp disable
[Router C-GigabitEthernet1/0/1] erps ring 2 rpl owner
[Router C-GigabitEthernet1/0/1] undo shutdown
[Router C-GigabitEthernet1/0/1] quit
[Router C] interface gigabitethernet 1/0/2
[Router C-GigabitEthernet1/0/2] shutdown
[Router C-GigabitEthernet1/0/2] stp disable
[Router C-GigabitEthernet1/0/2] erps ring 2
[Router C-GigabitEthernet1/0/2] undo shutdown
[Router C-GigabitEthernet1/0/2] quit
# Configure Router D.
[Router D] interface gigabitethernet 1/0/1
[Router D-GigabitEthernet1/0/1] shutdown
[Router D-GigabitEthernet1/0/1] stp disable
[Router D-GigabitEthernet1/0/1] erps ring 1
[Router D-GigabitEthernet1/0/1] undo shutdown
[Router D-GigabitEthernet1/0/1] quit
[Router D] interface gigabitethernet 1/0/2
[Router D-GigabitEthernet1/0/2] shutdown
[Router D-GigabitEthernet1/0/2] stp disable
[Router D-GigabitEthernet1/0/2] erps ring 1
[Router D-GigabitEthernet1/0/2] undo shutdown
[Router D-GigabitEthernet1/0/2] quit
[Router D] interface gigabitethernet 1/0/3
[Router D-GigabitEthernet1/0/3] shutdown
[Router D-GigabitEthernet1/0/3] stp disable
[Router D-GigabitEthernet1/0/3] erps ring 2
[Router D-GigabitEthernet1/0/3] undo shutdown
[Router D-GigabitEthernet1/0/3] quit
Step 5 Configure the topology change notification function on Router A and Router D, the
interconnection nodes.
# Configure Router A.
[Router A] erps ring 1
[Router A-erps-ring1] tc-notify erps ring 2
[Router A-erps-ring1] tc-protection interval 200
[Router A-erps-ring1] tc-protection threshold 60
[Router A-erps-ring1] quit
[Router A] erps ring 2
[Router A-erps-ring2] tc-notify erps ring 1
[Router A-erps-ring2] tc-protection interval 200
[Router A-erps-ring2] tc-protection threshold 60
# Configure Router D.
[Router D] erps ring 1
[Router D-erps-ring1] tc-notify erps ring 2
[Router D-erps-ring1] tc-protection interval 200
[Router D-erps-ring1] tc-protection threshold 60
[Router D-erps-ring1] quit
[Router D] erps ring 2
[Router D-erps-ring2] tc-notify erps ring 1
[Router D-erps-ring2] tc-protection interval 200
[Router D-erps-ring2] tc-protection threshold 60
[Router D-mst-region] quit
Step 6 Configure the guard timer and WTR timer for the ERPS rings.
# Configure Router A.
[Router A] erps ring 1
[Router A-erps-ring1] wtr-timer 6
[Router A-erps-ring1] guard-timer 100
[Router A-erps-ring1] quit
[Router A] erps ring 2
[Router A-erps-ring2] wtr-timer 6
[Router A-erps-ring2] guard-timer 100
[Router A-erps-ring2] quit
# Configure Router B.
[Router B] erps ring 1
[Router B-erps-ring1] wtr-timer 6
[Router B-erps-ring1] guard-timer 100
[Router B-erps-ring1] quit
# Configure Router C.
[Router C] erps ring 2
[Router C-erps-ring2] wtr-timer 6
[Router C-erps-ring2] guard-timer 100
[Router C-erps-ring2] quit
# Configure Router D.
[Router D] erps ring 1
[Router D-erps-ring1] wtr-timer 6
[Router D-erps-ring1] guard-timer 100
[Router D-erps-ring1] quit
[Router D] erps ring 2
[Router D-erps-ring2] wtr-timer 6
[Router D-erps-ring2] guard-timer 100
[Router D-erps-ring2] quit
# Configure Router A.
[Router A] vlan batch 100 to 200 300 to 400
[Router A] interface gigabitethernet 1/0/1
[Router A-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 to 200
[Router A-GigabitEthernet1/0/1] quit
[Router A] interface gigabitethernet 1/0/2
[Router A-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 to 200 300 to 400
[Router A-GigabitEthernet1/0/2] quit
[Router A] interface gigabitethernet 1/0/3
[Router A-GigabitEthernet1/0/3] port trunk allow-pass vlan 300 to 400
[Router A-GigabitEthernet1/0/3] quit
# Configure Router B.
[Router B] vlan batch 100 to 200
[Router B] interface gigabitethernet 2/0/1
[Router B-GigabitEthernet2/0/1] port trunk allow-pass vlan 100 to 200
[Router B-GigabitEthernet2/0/1] quit
[Router B] interface gigabitethernet 2/0/2
[Router B-GigabitEthernet2/0/2] port trunk allow-pass vlan 100 to 200
[Router B-GigabitEthernet2/0/2] quit
# Configure Router C.
[Router C] vlan batch 300 to 400
[Router C] interface gigabitethernet 1/0/1
[Router C-GigabitEthernet1/0/1] port trunk allow-pass vlan 300 to 400
[Router C-GigabitEthernet1/0/1] quit
[Router C] interface gigabitethernet 1/0/2
[Router C-GigabitEthernet1/0/2] port trunk allow-pass vlan 300 to 400
[Router C-GigabitEthernet1/0/2] quit
# Configure Router D.
[Router D] vlan batch 100 to 200 300 to 400
[Router D] interface gigabitethernet 1/0/1
[Router D-GigabitEthernet1/0/1] port trunk allow-pass vlan 100 to 200
[Router D-GigabitEthernet1/0/1] quit
[Router D] interface gigabitethernet 1/0/2
[Router D-GigabitEthernet1/0/2] port trunk allow-pass vlan 100 to 200 300 to 400
[Router D-GigabitEthernet1/0/2] quit
[Router D] interface gigabitethernet 1/0/3
[Router D-GigabitEthernet1/0/3] port trunk allow-pass vlan 300 to 400
[Router D-GigabitEthernet1/0/3] quit
l Run the display erps verbose command. The command output shows detailed configurations
of Router B ports added to the ERPS ring and ring configurations.
[Router B] display erps verbose
Ring ID : 1
Description : Ring 1
Control Vlan : 10
Protected Instance : 1
Service Vlan : 100 to 200
WTR Timer Setting (min) : 6 Running (s) : 0
Guard Timer Setting (csec) : 100 Running (csec) : 0
----End
Configuration Files
l Router A configuration file
#
sysname RouterA
#
vlan batch 10 20 100 to 200 300 to 400
#
stp region-configuration
instance 1 vlan 10 100 to 200
instance 2 vlan 20 300 to 400
active region-configuration
#
erps ring 1
control-vlan 10
protected-instance 1
wtr-timer 6
guard-timer 100
version v2
tc-notify erps ring 2
tc-protection interval 200
tc-protection threshold 60
#
erps ring 2
control-vlan 20
protected-instance 2
wtr-timer 6
guard-timer 100
version v2
sub-ring
tc-notify erps ring 1
tc-protection interval 200
tc-protection threshold 60
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 10 100 to 200
stp disable
erps ring 1
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 10 20 100 to 200 300 to 400
stp disable
erps ring 1
#
interface GigabitEthernet1/0/3
port link-type trunk
port trunk allow-pass vlan 20 300 to 400
stp disable
erps ring 2
#
return
A Glossary
10 Base-T Twisted cable with the transmission speed as 10 Mbit/s and the
transmission distance as 100 m. It is described in the IEEE 802.3i.
100 Base-T Twisted cable with the transmission speed as 100 Mbit/s and the
transmission distance as 100 m. It is described in the IEEE 802.3u.
1000 BaseT Twisted cable with the transmission speed as 1000 Mbit/s and the
transmission distance as 100 m. It is described in the IEEE 802.3ab.
Active Interface In link aggregation, the interfaces that are responsible for
forwarding data in the active state are called active interfaces.
Active Link In link aggregation group, the links connected to active interfaces
are active links.
Automatic negotiation A function through which the two ends of a physical link choose
an operation mode including duplex mode, operation rate. After
the negotiation, the two ends work in the negotiated mode until the
system reboot.
backbone VLAN The backbone VLAN ID refers to the VLAN ID of the provider's
backbone network.
Glossary Description
Backup links To improve the reliability of the link, link aggregation introduces
the mechanism of backup links. These backup links often act as
inactive links. Only when the current active interface fails, the
backup interface changes from inactive to active.
Common port and edge On an edge node or an assistant edge node, a port shared by the
port sub-ring and major ring is called the common port. A port only on
the sub-ring is called the edge port.
Control VLAN A control VLAN in the RRPP domain is a VLAN only used to
transmit RRPP protocol packets.
Edge node and assistant On an RRPP sub-ring, if one of the two nodes crossed with the
edge node major ring is specified as the edge node, the other node is the
assistant edge node.
Glossary Description
Half-duplex In half-duplex mode, a port can only send or receive data at a time.
Inactive Interface In link aggregation, the interfaces that do to forward data in the
inactive status are called inactive interfaces.
Link Aggregation Group The logical link that is created by bundling several physical links
together is called link aggregation group or trunk.
Glossary Description
LACP Preemption In static LACP mode, when a link of active links fails, the system
chooses the link of the highest priority from slave links to replace
the faulty one. After a period, the replaced faulty link recovers, and
the priority of this link is higher than the link that replaces the faulty
one. In this case, the recovered link switches to the active state,
and the slave link returns to its original state. This is called LACP
Preemption.
LACP Preemption The LACP preemption delay refers to the period for triggering the
Delay preemption. The LACP preemption delay is set to prevent instable
data transmission of the Eth-Trunk due to frequent change of the
status of some links.
LAN Local Area Network. A network that comprises PCs and stations
located within several square kilometers. LAN features the high
speed and low error rate. Ethernet, FDDI, and token ring are three
major implementations.
LAN switch A multi-home switching device that works on the data link layer.
MAC Media Access Control. In the OSI model, the data link layer, which
is divided into the MAC and the Link Access Control (LAC), MAC
is nearer to the physical layer.
Manual Load Balancing The manual load balancing mode is the most basic mode of link
Mode aggregation. In manual load balancing mode, you must manually
create the Eth-Trunk, add member interfaces to the Eth-Trunk, and
specify active interfaces. The Link Aggregation Control Protocol
Data Units (LACPDUs) are not involved. All the member
interfaces forward data and perform load balancing.
Glossary Description
Packet Discarding It refers to the function to discard the packets from unknown
VLAN domain or broadcast packets. Packet Discarding is used to
prevent the situation where unknown packets or broadcast packet
utilize the bandwidth originally belonging to the links, improving
the reliability of service transmission.
PING A diagnostic tool that uses the ICMP Echo message to test whether
a certain device in an IP network is reachable.
port isolation The port isolation isolates the unidirectional or bidirectional Layer
2 communication between interfaces.
Primary port and On both the master node and transit node, one of the two ports that
secondary port access the Ethernet ring is the primary port, and the other is the
secondary port. The role of a port is decided by user configuration.
Glossary Description
RRPP ring An RRPP ring is a ring that physically corresponds to one Ethernet
ring topology.
SPE The SPE devices are core devices that are located within a VPLS
full-meshed network. The UPE devices that are connected to the
SPE devices are similar to the CE devices. The PWs set up between
the UPE devices and the SPE devices serve as the ACs of the SPE
devices. The SPE devices must learn the MAC addresses of all the
sites on UPE side and those of the UPE interfaces that are
connected to the SPE.SPE is sometimes called NPE.
static LACP mode Static LACP mode refers to a link aggregation method of selecting
active and inactive interfaces by negotiating aggregation
parameters through LACPDUs. In static LACP mode, LACP
determines active and inactive links of the link aggregation group.
It is also called M:N mode, that is, M active links and N backup
links. The M:N mode provides higher reliability and load
balancing can be implemented among M links.
Transit Node Transit nodes are all the nodes except the master node on an RRPP
major ring.
Glossary Description
VLAN Stacking The VLAN stacking technology adds a layer of VLAN tag to the
incoming packet. The VLAN stacking technology implements
transparent transmission of C-VLANs in the ISP network to realize
the application of Layer 2 Virtual Private Network (VPN).
VPLS A service that is used to connect more than one Ethernet LAN
segment through the PSN and make them operate in an
environment similar to a LAN.
VSI An instance through which the physical access links of VPLS can
be mapped to the virtual links. Each VSI provides independent
VPLS service. VSI has Ethernet bridge function and can terminate
PW.
WAN Wide Area Network. A network that comprises PCs and stations
in a large area such as a state or a county.
This appendix collates frequently used acronyms and abbreviations in this document.
CE Customer Edge
FE Fast Ethernet
FS Forced Switch
GE Gigabit Ethernet
MP2MP Multipoint-to-Multipoint
MS Manual Switch
P2P Point-to-Point
PE Provider Edge
QinQ 802.1Q-in-802.1Q
TC Topology Checksum
TP Topology Protection