How to ping the IP address of a VPN instance from a CE series switch

13

When performing a ping operation, specify -vpn-instance vpn-instance-name.
# Ping the IPv4 address of a VPN instance.
ping -vpn-instance vpna 10.1.1.2
# Ping the IPv6 address of a VPN instance.
ping ipv6 vpn-instance vpna FC00::1

Other related questions:
How to bind interfaces to VPN instances on a CE series switch
Configure a VPN instance, configure the route distinguisher (RD) and VPN-target extended community attributes for the IPv4 address family, and bind an interface to the VPN instance in the interface view.
# Configure a VPN instance and enable the IPv4 address family in the VPN instance.
system-view
[~HUAWEI] ip vpn-instance vpna
[*HUAWEI-vpn-instance-vpna] ipv4-family
[*HUAWEI-vpn-instance-vpna-af-ipv4] # Configure an RD for the VPN instance IPv4 address family.
[*HUAWEI-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
# Configure the VPN-target extended community attribute for the VPN instance IPv4 address family.
[*HUAWEI-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*HUAWEI-vpn-instance-vpna-af-ipv4] quit
[*HUAWEI-vpn-instance-vpna] quit
[*HUAWEI] commit
# Bind an interface to the VPN instance.
[~HUAWEI] interface vlanif 100
[*HUAWEI-Vlanif100] ip binding vpn-instance vpna
[*HUAWEI-Vlanif100] ip address 10.1.1.1 24
[*HUAWEI-Vlanif100] quit
[*HUAWEI] commit

Do CE series switches support pinging broadcast addresses
RFC 1122 does not specify whether broadcast addresses should be successfully pinged, but it provides two opposing ideas as additional discussions. Some people consider that broadcast addresses should be successfully pinged as it is a good method for locating and diagnosing faults on network nodes. Some people disagree with them because networks may be attacked if broadcast addresses can be successfully pinged. When the ping command is executed on a device, the device sends an ICMP packet to check network connectivity. You can run commands on a Huawei device to configure the device to respond or not to respond to an ICMP packet with a broadcast destination address, depending on your network requirements. - Run the icmp broadcast-address echo disable command to disable a device from responding to an ICMP packet with a broadcast destination address. - Run the undo icmp broadcast-address echo disable command to enable a device to respond to an ICMP packet with a broadcast destination address. By default, a device responds to an ICMP packet with a broadcast destination address.

Possible causes for a failure to ping an IPv6 address
In V100R002 and later versions, the IPv6 address of a device fails to be pinged due to the following possible causes: l. The physical state or protocol state of the interface is Down. You can run the display ipv6 interface interface-type interface-number command in any view to check the physical state and protocol state of an interface. 2. The switch fails to learn ND entries of the peer device. You can run the display ipv6 neighbors command in any view to check information about ND entries. 3. The link transmission delay is too long. The source device does not receive any Response packet from the destination device within the waiting time, and the ping operation fails. You can run the ping ipv6 -t timeout destination-ipv6-address command in any view to set “-t&rdquo to increase the timeout interval for waiting for Response packets.

RD value of a VPN instance on S series switches
Traditional BGP cannot process the VPN routes that have overlapping address spaces. Assume that both VPN1 and VPN2 use addresses on the network segment 10.110.10.0/24, and each of them advertises a route destined for this network segment. The local PE identifies the two VPN routes based on VPN instances and sends them to the remote PE. Because routes from different VPNs cannot work in load-balancing mode, the remote PE adds only one of the two routes based on BGP route selection rules. As a result, the route to the other VPN is lost. To ensure that VPN routes of VPNs with overlapping address spaces are correctly processed, PE devices use MP-BGP to advertise VPN routes and use the VPN-IPv4 address family to identify the routes. RDs distinguish the IPv4 prefixes with the same address space. IPv4 addresses with RDs are VPN-IPv4 addresses (VPNv4 addresses). After receiving IPv4 routes from a CE, a PE converts the routes to globally unique VPN-IPv4 routes and advertises the routes on the public network. The following is a configuration example: # ip vpn-instance vpna ipv4-family route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity #

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top