Implementing HoVPN IPRAN Architecture on Huawei Routers
- March 18, 2024
- Posted by: Lyfey Technologies
- Categories: Huawei, Networking
Intoduction to HoVPN
HoVPN( Hierarchy of VPN) is a multi-layer VPN architecture that deploys PE functions on multiple PE devices. In the HoVPN model, devices at higher layers must have high routing and forwarding capabilities, whereas devices at lower layers can have lower capabilities. HoVPN solution can be implemented on IPRAN to achieve connectivity of base stations and controllers.
HoVPN consists of the following device roles.
- UPE(User-end Provider Edge): Directly connects to the CEs and provides access services for users. In HoVPN, the UPEs only receive a default route from SPEs.
- SPE(Superstratum Provider Edge): Connects UPEs and is located at the core of the network. An SPE manages and advertises VPN routes between access and aggregation.
- NPE(Network Provider Edge): Connects to the SPEs and the controllers at the network side.
Topology Diagram
Configuration Step 1: Configure system name, and interface IP address, and enable IS-IS, MPLS, and LDP on all interfaces in the backbone.
**********************************NPE01
sys
sysname NPE01
#
mpls lsr-id 1.1.1.1
mpls
mpls ldp
#
isis 100
is-level level-2
is-name UPE01
network-entity 49.0100.0010.0100.1001.00
cost-style wide
#
interface Loopback0
ip address 1.1.1.1 32
isis enable 100
#
interface GigabitEthernet0/0/0
ip address 20.20.20.0 255.255.255.254
isis enable 100
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 20.20.20.4 255.255.255.254
isis enable 100
mpls
mpls ldp
#
commit*********************************SPE01
sys
sysname SPE01
mpls lsr-id 1.1.1.2
mpls
mpls ldp
#
isis 10
is-level level-2
cost-style wide
network-entity 49.0010.0010.0100.1002.00
is-name SPE01
import-route isis 100
#
isis 100
is-level level-2
cost-style wide
network-entity 49.0100.0010.0100.1002.00
is-name SPE01
import-route direct
import-route isis 10
#
interface Loopack0
ip address 1.1.1.2 32
isis enable 100
#
interface Gig 0/0/0
ip address 10.10.10.2 31
isis enable 10
mpls
mpls ldp
#
interface Gig0/0/1
ip address 20.20.20.1 31
isis enable 100
mpls
mpls ldp
#
commit**********************************SPE02
sys
sysname SPE02
mpls lsr-id 1.1.1.7
mpls
mpls ldp
#
isis 10
is-level level-2
cost-style wide
network-entity 49.0010.0010.0100.1007.00
is-name SPE02
import-route isis 100
#
isis 100
is-level level-2
cost-style wide
network-entity 49.0100.0010.0100.1007.00
is-name SPE02
import-route direct
import-route isis 10
#
interface Loopback0
ip address 1.1.1.7 32
isis enable 100
#
interface Gig 0/0/0
ip address 10.10.10.12 31
isis enable 10
mpls
mpls ldp
#
interface Gig0/0/1
ip address 20.20.20.7 31
isis enable 100
mpls
mpls ldp
#
interface Gig0/0/2
ip address 20.20.20.5 31
isis enable 100
mpls
mpls ldp
#
commit******************************UPE01
sys
sysname UPE01
mpls lsr-id 1.1.1.3
mpls
mpls ldp
#
isis 10
is-level level-2
cost-style wide
network-entity 49.0010.0010.0100.1003.00
is-name CSG01
#
interface Loopack0
ip address 1.1.1.3 32
isis enable 10
#
interface GigabitEthernet0/0/0
ip address 10.10.10.3 255.255.255.254
isis enable 10
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 10.10.10.4 255.255.255.254
isis enable 10
mpls
mpls ldp
#****************************UPE02
sys
sysname UPE02
mpls lsr-id 1.1.1.4
mpls
#
mpls ldp
#
isis 10
is-level level-2
cost-style wide
network-entity 49.0010.0010.0100.1004.00
is-name CSG02
#
interface LoopBack0
ip address 1.1.1.4 255.255.255.255
isis enable 10
#
interface GigabitEthernet0/0/0
ip address 10.10.10.5 255.255.255.254
isis enable 10
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 10.10.10.6 255.255.255.254
isis enable 10
mpls
mpls ldp
#**********************************UPE03
sys
sysname UPE03
#
mpls lsr-id 1.1.1.5
mpls
mpls ldp
#
isis 10
is-level level-2
cost-style wide
network-entity 49.0010.0010.0100.1005.00
is-name CSG03
#
interface Loopback0
ip address 1.1.1.5 32
isis enable 10
#
interface GigabitEthernet0/0/0
ip address 10.10.10.7 255.255.255.254
isis enable 10
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 10.10.10.8 255.255.255.254
isis enable 10
mpls
mpls ldp
#********************************UPE04
sys
sysname UPE04
mpls lsr-id 1.1.1.6
mpls
mpls ldp
#
isis 10
is-level level-2
cost-style wide
network-entity 49.0010.0010.0100.1006.00
is-name UPE04
#
interface Loopback0
ip address 1.1.1.6 32
isis enable 10
#
interface GigabitEthernet0/0/0
ip address 10.10.10.9 255.255.255.254
isis enable 10
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 10.10.10.10 255.255.255.254
isis enable 10
mpls
mpls ldp
#
commitConfiguration Step 2: Configure a VPN instance on all the routers. Create service simulation interfaces on UPEs and NPEs. Bind the service interfaces to VPN instances.
***************************NPE01
ip vpn-instance 2G_VPN
ipv4-family
route-distinguisher 500:1
vpn-target 500:1 export-extcommunity
vpn-target 500:1 import-extcommunity
#
interface LoopBack10
ip binding vpn-instance 2G_VPN
ip address 10.10.10.10 255.255.255.255
#****************************SPE01 and SPE02
ip vpn-instance 2G_VPN
ipv4-family
route-distinguisher 500:1
vpn-target 500:1 export-extcommunity
vpn-target 500:1 import-extcommunity
#***************************UPE01
ip vpn-instance 2G_VPN
ipv4-family
route-distinguisher 500:1
vpn-target 500:1 export-extcommunity
vpn-target 500:1 import-extcommunity
#
interface Ethernet0/0/0
ip binding vpn-instance 2G_VPN
ip address 172.200.200.1 255.255.255.252
#****************************UPE02
ip vpn-instance 2G_VPN
ipv4-family
route-distinguisher 500:1
vpn-target 500:1 export-extcommunity
vpn-target 500:1 import-extcommunity
#
interface Ethernet0/0/0
ip binding vpn-instance 2G_VPN
ip address 172.200.200.5 255.255.255.252
#**************************UPE03
ip vpn-instance 2G_VPN
ipv4-family
route-distinguisher 500:1
vpn-target 500:1 export-extcommunity
vpn-target 500:1 import-extcommunity
#
interface Ethernet0/0/0
ip binding vpn-instance 2G_VPN
ip address 172.200.200.9 255.255.255.252
#**************************UPE04
ip vpn-instance 2G_VPN
ipv4-family
route-distinguisher 500:1
vpn-target 500:1 export-extcommunity
vpn-target 500:1 import-extcommunity
#
interface Ethernet0/0/0
ip binding vpn-instance 2G_VPN
ip address 172.200.200.13 255.255.255.252
#Configuration Step 3: Configure route policies on SPE and NPEs to control route advertisement.
********************************SPE01 and SPE02
#
ip ip-prefix nodefault index 10 deny 0.0.0.0 0
ip ip-prefix nodefault index 20 permit 0.0.0.0 0 less-equal 32
ip ip-prefix default-route index 10 permit 0.0.0.0 0
#
route-policy ADVERTISE_TO_RSG permit node 10
if-match ip-prefix nodefault
#
route-policy export-pref-tocsg permit node 5
if-match ip-prefix default-route
apply local-preference 70
#
route-policy ADD_PREFERRED_VALUE permit node 10
apply preferred-value 32768
#Configuration Step 4: Configure BGP on UPEs, SPEs and NPEs.
*****************************UPE01
bgp 500
router-id 1.1.1.3
group CSG_ASG_group internal
peer 1.1.1.2 as-number 500
peer 1.1.1.2 group CSG_ASG_group
peer 1.1.1.7 as-number 500
peer 1.1.1.7 group CSG_ASG_group
#
ipv4-family unicast
undo synchronization
undo peer CSG_ASG_group enable
undo peer 1.1.1.2 enable
peer 1.1.1.7 enable
#
ipv4-family vpnv4
policy vpn-target
peer CSG_ASG_group enable
peer 1.1.1.2 enable
peer 1.1.1.2 group CSG_ASG_group
peer 1.1.1.7 enable
peer 1.1.1.7 group CSG_ASG_group
#
ipv4-family vpn-instance 2G_VPN
import-route direct
import-route static
#****************************UPE03
bgp 500
router-id 1.1.1.5
group CSG_ASG_group internal
peer CSG_ASG_group connect-interface LoopBack0
peer 1.1.1.2 as-number 500
peer 1.1.1.2 group CSG_ASG_group
peer 1.1.1.7 as-number 500
peer 1.1.1.7 group CSG_ASG_group
#
ipv4-family unicast
undo synchronization
undo peer CSG_ASG_group enable
undo peer 1.1.1.2 enable
peer 1.1.1.7 enable
#
ipv4-family vpnv4
policy vpn-target
peer CSG_ASG_group enable
peer 1.1.1.2 enable
peer 1.1.1.2 group CSG_ASG_group
peer 1.1.1.7 enable
peer 1.1.1.7 group CSG_ASG_group
#
ipv4-family vpn-instance 2G_VPN
import-route direct
import-route static
#***************************UPE04
bgp 500
router-id 1.1.1.6
group CSG_ASG_group internal
peer CSG_ASG_group connect-interface LoopBack0
peer 1.1.1.2 as-number 500
peer 1.1.1.2 group CSG_ASG_group
peer 1.1.1.7 as-number 500
peer 1.1.1.7 group CSG_ASG_group
#
ipv4-family unicast
undo synchronization
undo peer CSG_ASG_group enable
undo peer 1.1.1.2 enable
peer 1.1.1.7 enable
#
ipv6-family unicast
undo synchronization
#
ipv4-family vpnv4
policy vpn-target
peer CSG_ASG_group enable
peer 1.1.1.2 enable
peer 1.1.1.2 group CSG_ASG_group
peer 1.1.1.7 enable
peer 1.1.1.7 group CSG_ASG_group
#
ipv4-family vpn-instance 2G_VPN
import-route direct
#
commit***************************SPE01
bgp 500
router-id 1.1.1.2
group ASG_CSG_group internal
peer ASG_CSG_group connect-interface LoopBack0
peer 1.1.1.3 as-number 500
peer 1.1.1.3 group ASG_CSG_group
peer 1.1.1.4 as-number 500
peer 1.1.1.4 group ASG_CSG_group
peer 1.1.1.5 as-number 500
peer 1.1.1.5 group ASG_CSG_group
peer 1.1.1.6 as-number 500
peer 1.1.1.6 group ASG_CSG_group
group ASG_RSG_group internal
peer 1.1.1.1 as-number 500
peer 1.1.1.1 group ASG_RSG_group
peer 1.1.1.8 as-number 500
peer 1.1.1.8 group ASG_RSG_group
#
ipv4-family unicast
undo synchronization
network 0.0.0.0
undo peer ASG_CSG_group enable
undo peer ASG_RSG_group enable
undo peer 1.1.1.1 enable
undo peer 1.1.1.3 enable
peer 1.1.1.4 enable
peer 1.1.1.5 enable
peer 1.1.1.6 enable
peer 1.1.1.8 enable
#
ipv4-family vpnv4
policy vpn-target
peer ASG_CSG_group enable
peer ASG_CSG_group route-policy export-pref-tocsg export
peer ASG_CSG_group reflect-client
peer ASG_CSG_group next-hop-local
peer 1.1.1.3 enable
peer 1.1.1.3 group ASG_CSG_group
peer 1.1.1.4 enable
peer 1.1.1.4 group ASG_CSG_group
peer 1.1.1.5 enable
peer 1.1.1.5 group ASG_CSG_group
peer 1.1.1.6 enable
peer 1.1.1.6 group ASG_CSG_group
peer ASG_RSG_group enable
peer ASG_RSG_group route-policy ADVERTISE_TO_RSG export
peer ASG_RSG_group reflect-client
peer ASG_RSG_group next-hop-local
peer 1.1.1.1 enable
peer 1.1.1.1 group ASG_RSG_group
peer 1.1.1.8 enable
peer 1.1.1.8 group ASG_RSG_group
#
ipv4-family vpn-instance 2G_VPN
network 0.0.0.0 route-policy ADD_PREFERRED_VALUE
import-route direct
import-route static
#***************************SPE02
bgp 500
router-id 1.1.1.7
group ASG_CSG_group internal
peer ASG_CSG_group connect-interface LoopBack0
peer 1.1.1.3 as-number 500
peer 1.1.1.3 group ASG_CSG_group
peer 1.1.1.4 as-number 500
peer 1.1.1.4 group ASG_CSG_group
peer 1.1.1.5 as-number 500
peer 1.1.1.5 group ASG_CSG_group
peer 1.1.1.6 as-number 500
peer 1.1.1.6 group ASG_CSG_group
group ASG_RSG_group internal
peer 1.1.1.1 as-number 500
peer 1.1.1.1 group ASG_RSG_group
peer 1.1.1.8 as-number 500
peer 1.1.1.8 group ASG_RSG_group
#
ipv4-family unicast
undo synchronization
undo peer ASG_CSG_group enable
undo peer ASG_RSG_group enable
undo peer 1.1.1.1 enable
undo peer 1.1.1.3 enable
peer 1.1.1.4 enable
peer 1.1.1.5 enable
peer 1.1.1.6 enable
peer 1.1.1.8 enable
#
ipv4-family vpnv4
policy vpn-target
peer ASG_CSG_group enable
peer ASG_CSG_group route-policy export-pref-tocsg export
peer ASG_CSG_group reflect-client
peer ASG_CSG_group next-hop-local
peer 1.1.1.3 enable
peer 1.1.1.3 group ASG_CSG_group
peer 1.1.1.4 enable
peer 1.1.1.4 group ASG_CSG_group
peer 1.1.1.5 enable
peer 1.1.1.5 group ASG_CSG_group
peer 1.1.1.6 enable
peer 1.1.1.6 group ASG_CSG_group
peer ASG_RSG_group enable
peer ASG_RSG_group route-policy ADVERTISE_TO_RSG export
peer ASG_RSG_group reflect-client
peer ASG_RSG_group next-hop-local
peer 1.1.1.1 enable
peer 1.1.1.1 group ASG_RSG_group
peer 1.1.1.8 enable
peer 1.1.1.8 group ASG_RSG_group
#
ipv4-family vpn-instance 2G_VPN
network 0.0.0.0 route-policy ADD_PREFERRED_VALUE
import-route direct
import-route static
#************************************NPE01
bgp 500
router-id 1.1.1.1
group RSG_ASG_group internal
peer RSG_ASG_group connect-interface LoopBack0
peer 1.1.1.2 as-number 500
peer 1.1.1.2 group RSG_ASG_group
peer 1.1.1.7 as-number 500
peer 1.1.1.7 group RSG_ASG_group
#
ipv4-family unicast
undo synchronization
undo peer RSG_ASG_group enable
undo peer 1.1.1.2 enable
peer 1.1.1.7 enable
#
ipv4-family vpnv4
policy vpn-target
peer RSG_ASG_group enable
peer 1.1.1.2 enable
peer 1.1.1.2 group RSG_ASG_group
peer 1.1.1.7 enable
peer 1.1.1.7 group RSG_ASG_group
#
ipv4-family vpn-instance 2G_VPN
import-route direct
import-route static
#*********************************NPE02
bgp 500
router-id 1.1.1.8
group RSG_ASG_group internal
peer RSG_ASG_group connect-interface LoopBack0
peer 1.1.1.2 as-number 500
peer 1.1.1.2 group RSG_ASG_group
peer 1.1.1.7 as-number 500
peer 1.1.1.7 group RSG_ASG_group
#
ipv4-family unicast
undo synchronization
undo peer RSG_ASG_group enable
undo peer 1.1.1.2 enable
undo peer 1.1.1.7 enable
#
ipv4-family vpnv4
policy vpn-target
peer RSG_ASG_group enable
peer 1.1.1.2 enable
peer 1.1.1.2 group RSG_ASG_group
peer 1.1.1.7 enable
peer 1.1.1.7 group RSG_ASG_group
#
ipv4-family vpn-instance 2G_VPN
import-route direct
import-route static
#
commitConfiguration Step 5: Verify route advertisement between UPEs and SPEs, SPEs and NPEs.
We have only learned a default route from SPEs on UPE01. The route from SPE01 is preferred due to lower router ID.
SPE01 and SPE02 have learned detailed routes from both UPEs and NPEs. All the detailed routes learned from UPEs are advertised to NPEs.
NPE01 has learned BTS routes from SPEs.
Test communication from BTS to controllers
Related Posts
- VRRP Implementation on Huawei Routers.
- DHCP server, DHCP relay and DHCP snooping Implementation on Huawei.
- Dual Link HSB (Direct forwarding) Implementation on Huawei WACs.
- VRRP HSB (Direct forwarding) Implementation on Huawei WACs.
- VXLAN (intra-subnet communication) Implementation on Huawei switches.
[…] In our HoVPN solution, we apply route import and export policies on BGP groups which simplifies the configuration. Check it out from this link: IPRAN HoVPN Configuration on Huawei […]
Hi dear I have downloaded the Huawei ensp compiler but does not work for some routers like NE40E. Do you have image for those routers and have the setup wizard that can solve that problem. Thanks
Hi, One interface GE0/0/3 configuration detail is missing please update, also please confirm the IP details for BTS and FE interace on UPE’s I mean IP address and GW in BTS1/2/3/4