VPN instance configuration on S series switch

28

For the configuration of BGP/MPLS IP VPN:
On the S12700, see Example for Configuring BGP/MPLS IP VPN in the S12700 Typical Configuration Examples.
On the S1720&S2700&S3700&S5700&S6700&S7700&S9700, see Example for Configuring BGP/MPLS IP VPN in the S1720&S2700&S3700&S5700&S6700&S7700&S9700 Typical Configuration Examples.
On the S9300, see Example for Configuring BGP/MPLS IP VPN in the Sx300 Series Switches Typical Configuration Examples.

Other related questions:
RD value of a VPN instance on S series switches
Traditional BGP cannot process the VPN routes that have overlapping address spaces. Assume that both VPN1 and VPN2 use addresses on the network segment 10.110.10.0/24, and each of them advertises a route destined for this network segment. The local PE identifies the two VPN routes based on VPN instances and sends them to the remote PE. Because routes from different VPNs cannot work in load-balancing mode, the remote PE adds only one of the two routes based on BGP route selection rules. As a result, the route to the other VPN is lost. To ensure that VPN routes of VPNs with overlapping address spaces are correctly processed, PE devices use MP-BGP to advertise VPN routes and use the VPN-IPv4 address family to identify the routes. RDs distinguish the IPv4 prefixes with the same address space. IPv4 addresses with RDs are VPN-IPv4 addresses (VPNv4 addresses). After receiving IPv4 routes from a CE, a PE converts the routes to globally unique VPN-IPv4 routes and advertises the routes on the public network. The following is a configuration example: # ip vpn-instance vpna ipv4-family route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity #

On an S series switch, can the interface bound to a VPN instance be connected to a device
Yes. On an S series switch, the interface bound to a VPN instance can be connected to a device

How to bind interfaces to VPN instances on a CE series switch
Configure a VPN instance, configure the route distinguisher (RD) and VPN-target extended community attributes for the IPv4 address family, and bind an interface to the VPN instance in the interface view.
# Configure a VPN instance and enable the IPv4 address family in the VPN instance.
system-view
[~HUAWEI] ip vpn-instance vpna
[*HUAWEI-vpn-instance-vpna] ipv4-family
[*HUAWEI-vpn-instance-vpna-af-ipv4] # Configure an RD for the VPN instance IPv4 address family.
[*HUAWEI-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
# Configure the VPN-target extended community attribute for the VPN instance IPv4 address family.
[*HUAWEI-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*HUAWEI-vpn-instance-vpna-af-ipv4] quit
[*HUAWEI-vpn-instance-vpna] quit
[*HUAWEI] commit
# Bind an interface to the VPN instance.
[~HUAWEI] interface vlanif 100
[*HUAWEI-Vlanif100] ip binding vpn-instance vpna
[*HUAWEI-Vlanif100] ip address 10.1.1.1 24
[*HUAWEI-Vlanif100] quit
[*HUAWEI] commit

How do I configure NQA for a VPN instance
The VPN instancne cannot be configured for the NQA test instance of DNS or NQA. For example, configure the VPN instance vrf1 for the NQA test instance user test. [Huawei] nqa test-instance user test [Huawei-nqa-user-test] test-type icmp [Huawei-nqa-user-test] vpn-instance vrf1

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top