HomeNetworkingHuaweiImplementing HoVPN IPRAN Architecture on Huawei Routers

Implementing HoVPN IPRAN Architecture on Huawei Routers

Implementing HoVPN IPRAN Architecture on Huawei Routers

  • March 18, 2024
  • Posted by: Lyfey Technologies
  • Categories: Huawei, Networking
3 Comments

Intoduction to HoVPN

HoVPN( Hierarchy of VPN) is a multi-layer VPN architecture that deploys PE functions on multiple PE devices. In the HoVPN model, devices at higher layers must have high routing and forwarding capabilities, whereas devices at lower layers can have lower capabilities. HoVPN solution can be implemented on IPRAN to achieve connectivity of base stations and controllers.

HoVPN consists of the following device roles.

  1. UPE(User-end Provider Edge): Directly connects to the CEs and provides access services for users. In HoVPN, the UPEs only receive a default route from SPEs.
  2. SPE(Superstratum Provider Edge): Connects UPEs and is located at the core of the network. An SPE manages and advertises VPN routes between access and aggregation.
  3. NPE(Network Provider Edge): Connects to the SPEs and the controllers at the network side.

Topology Diagram

Configuration Step 1: Configure system name, and interface IP address, and enable IS-IS, MPLS, and LDP on all interfaces in the backbone.

**********************************NPE01
sys
sysname NPE01
#
mpls lsr-id 1.1.1.1
mpls
mpls ldp
#
isis 100
is-level level-2
is-name UPE01
network-entity 49.0100.0010.0100.1001.00
cost-style wide
#
interface Loopback0
ip address 1.1.1.1 32
isis enable 100
#
interface GigabitEthernet0/0/0
 ip address 20.20.20.0 255.255.255.254
 isis enable 100
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 ip address 20.20.20.4 255.255.255.254
 isis enable 100
 mpls
 mpls ldp
#
commit
*********************************SPE01
sys
sysname SPE01
mpls lsr-id 1.1.1.2
mpls
mpls ldp
#
isis 10
 is-level level-2
 cost-style wide
 network-entity 49.0010.0010.0100.1002.00
 is-name SPE01
 import-route isis 100
#
isis 100
 is-level level-2
 cost-style wide
 network-entity 49.0100.0010.0100.1002.00
 is-name SPE01
 import-route direct
 import-route isis 10
#
interface Loopack0
ip address 1.1.1.2 32
isis enable 100
#
interface Gig 0/0/0
ip address 10.10.10.2 31
isis enable 10
mpls
mpls ldp
#
interface Gig0/0/1
ip address 20.20.20.1 31
isis enable 100
mpls
mpls ldp
#
commit
**********************************SPE02
sys
sysname SPE02
mpls lsr-id 1.1.1.7
mpls
mpls ldp
#
isis 10
 is-level level-2
 cost-style wide
 network-entity 49.0010.0010.0100.1007.00
 is-name SPE02
 import-route isis 100
#
isis 100
 is-level level-2
 cost-style wide
 network-entity 49.0100.0010.0100.1007.00
 is-name SPE02
 import-route direct
 import-route isis 10
#
interface Loopback0
ip address 1.1.1.7 32
isis enable 100
#
interface Gig 0/0/0
ip address 10.10.10.12 31
isis enable 10
mpls
mpls ldp
#
interface Gig0/0/1
ip address 20.20.20.7 31
isis enable 100
mpls
mpls ldp
#
interface Gig0/0/2
ip address 20.20.20.5 31
isis enable 100
mpls
mpls ldp
#
commit
******************************UPE01
sys
sysname UPE01
mpls lsr-id 1.1.1.3
mpls
mpls ldp
#
isis 10
 is-level level-2
 cost-style wide
 network-entity 49.0010.0010.0100.1003.00
 is-name CSG01
#
interface Loopack0
ip address 1.1.1.3 32
isis enable 10
#
interface GigabitEthernet0/0/0
 ip address 10.10.10.3 255.255.255.254
 isis enable 10
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 ip address 10.10.10.4 255.255.255.254
 isis enable 10
 mpls
 mpls ldp
#
****************************UPE02
sys
sysname UPE02
mpls lsr-id 1.1.1.4
mpls
#
mpls ldp
#
isis 10
 is-level level-2
 cost-style wide
 network-entity 49.0010.0010.0100.1004.00
 is-name CSG02
#
interface LoopBack0
 ip address 1.1.1.4 255.255.255.255
 isis enable 10
#
interface GigabitEthernet0/0/0
 ip address 10.10.10.5 255.255.255.254
 isis enable 10
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 ip address 10.10.10.6 255.255.255.254
 isis enable 10
 mpls
 mpls ldp
#
**********************************UPE03
sys
sysname UPE03

#
mpls lsr-id 1.1.1.5
mpls
mpls ldp
#
isis 10
 is-level level-2
 cost-style wide
 network-entity 49.0010.0010.0100.1005.00
 is-name CSG03
#
interface Loopback0
ip address 1.1.1.5 32
isis enable 10
#
interface GigabitEthernet0/0/0
 ip address 10.10.10.7 255.255.255.254
 isis enable 10
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 ip address 10.10.10.8 255.255.255.254
 isis enable 10
 mpls
 mpls ldp
#
********************************UPE04
sys
sysname UPE04
mpls lsr-id 1.1.1.6
mpls
mpls ldp
#
isis 10
 is-level level-2
 cost-style wide
 network-entity 49.0010.0010.0100.1006.00
 is-name UPE04
#
interface Loopback0
ip address 1.1.1.6 32
isis enable 10
#
interface GigabitEthernet0/0/0
 ip address 10.10.10.9 255.255.255.254
 isis enable 10
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 ip address 10.10.10.10 255.255.255.254
 isis enable 10
 mpls
 mpls ldp
#
commit

Configuration Step 2: Configure a VPN instance on all the routers. Create service simulation interfaces on UPEs and NPEs. Bind the service interfaces to VPN instances.

***************************NPE01
ip vpn-instance 2G_VPN
 ipv4-family
  route-distinguisher 500:1
  vpn-target 500:1 export-extcommunity
  vpn-target 500:1 import-extcommunity
#
interface LoopBack10
 ip binding vpn-instance 2G_VPN
 ip address 10.10.10.10 255.255.255.255
#
****************************SPE01 and SPE02
ip vpn-instance 2G_VPN
 ipv4-family
  route-distinguisher 500:1
  vpn-target 500:1 export-extcommunity
  vpn-target 500:1 import-extcommunity
#
***************************UPE01
ip vpn-instance 2G_VPN
 ipv4-family
  route-distinguisher 500:1
  vpn-target 500:1 export-extcommunity
  vpn-target 500:1 import-extcommunity
#
interface Ethernet0/0/0
 ip binding vpn-instance 2G_VPN
 ip address 172.200.200.1 255.255.255.252
#
****************************UPE02
ip vpn-instance 2G_VPN
 ipv4-family
  route-distinguisher 500:1
  vpn-target 500:1 export-extcommunity
  vpn-target 500:1 import-extcommunity
#
interface Ethernet0/0/0
 ip binding vpn-instance 2G_VPN
 ip address 172.200.200.5 255.255.255.252
#
**************************UPE03
ip vpn-instance 2G_VPN
 ipv4-family
  route-distinguisher 500:1
  vpn-target 500:1 export-extcommunity
  vpn-target 500:1 import-extcommunity
#
interface Ethernet0/0/0
 ip binding vpn-instance 2G_VPN
 ip address 172.200.200.9 255.255.255.252
#
**************************UPE04
ip vpn-instance 2G_VPN
 ipv4-family
  route-distinguisher 500:1
  vpn-target 500:1 export-extcommunity
  vpn-target 500:1 import-extcommunity
#
interface Ethernet0/0/0
 ip binding vpn-instance 2G_VPN
 ip address 172.200.200.13 255.255.255.252
#

Configuration Step 3: Configure route policies on SPE and NPEs to control route advertisement.

********************************SPE01 and SPE02
#
ip ip-prefix nodefault index 10 deny 0.0.0.0 0
ip ip-prefix nodefault index 20 permit 0.0.0.0 0 less-equal 32
ip ip-prefix default-route index 10 permit 0.0.0.0 0
#
route-policy ADVERTISE_TO_RSG permit node 10
 if-match ip-prefix nodefault
#
route-policy export-pref-tocsg permit node 5
 if-match ip-prefix default-route
 apply local-preference 70
#
route-policy ADD_PREFERRED_VALUE permit node 10
 apply preferred-value 32768
#

Configuration Step 4: Configure BGP on UPEs, SPEs and NPEs.

*****************************UPE01
bgp 500
 router-id 1.1.1.3
 group CSG_ASG_group internal
 peer 1.1.1.2 as-number 500
 peer 1.1.1.2 group CSG_ASG_group
 peer 1.1.1.7 as-number 500
 peer 1.1.1.7 group CSG_ASG_group
 #
 ipv4-family unicast
  undo synchronization
  undo peer CSG_ASG_group enable
  undo peer 1.1.1.2 enable
  peer 1.1.1.7 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer CSG_ASG_group enable
  peer 1.1.1.2 enable
  peer 1.1.1.2 group CSG_ASG_group
  peer 1.1.1.7 enable
  peer 1.1.1.7 group CSG_ASG_group
 #
 ipv4-family vpn-instance 2G_VPN
  import-route direct
  import-route static
#
****************************UPE03
bgp 500
 router-id 1.1.1.5
 group CSG_ASG_group internal
 peer CSG_ASG_group connect-interface LoopBack0
 peer 1.1.1.2 as-number 500
 peer 1.1.1.2 group CSG_ASG_group
 peer 1.1.1.7 as-number 500
 peer 1.1.1.7 group CSG_ASG_group
 #
 ipv4-family unicast
  undo synchronization
  undo peer CSG_ASG_group enable
  undo peer 1.1.1.2 enable
  peer 1.1.1.7 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer CSG_ASG_group enable
  peer 1.1.1.2 enable
  peer 1.1.1.2 group CSG_ASG_group
  peer 1.1.1.7 enable
  peer 1.1.1.7 group CSG_ASG_group
 #
 ipv4-family vpn-instance 2G_VPN
  import-route direct
  import-route static
#
***************************UPE04
bgp 500
 router-id 1.1.1.6
 group CSG_ASG_group internal
 peer CSG_ASG_group connect-interface LoopBack0
 peer 1.1.1.2 as-number 500
 peer 1.1.1.2 group CSG_ASG_group
 peer 1.1.1.7 as-number 500
 peer 1.1.1.7 group CSG_ASG_group
 #
 ipv4-family unicast
  undo synchronization
  undo peer CSG_ASG_group enable
  undo peer 1.1.1.2 enable
  peer 1.1.1.7 enable
 #
 ipv6-family unicast
  undo synchronization
 #
 ipv4-family vpnv4
  policy vpn-target
  peer CSG_ASG_group enable
  peer 1.1.1.2 enable
  peer 1.1.1.2 group CSG_ASG_group
  peer 1.1.1.7 enable
  peer 1.1.1.7 group CSG_ASG_group
 #
 ipv4-family vpn-instance 2G_VPN
  import-route direct
#
commit
***************************SPE01
bgp 500
 router-id 1.1.1.2
 group ASG_CSG_group internal
 peer ASG_CSG_group connect-interface LoopBack0
 peer 1.1.1.3 as-number 500
 peer 1.1.1.3 group ASG_CSG_group
 peer 1.1.1.4 as-number 500
 peer 1.1.1.4 group ASG_CSG_group
 peer 1.1.1.5 as-number 500
 peer 1.1.1.5 group ASG_CSG_group
 peer 1.1.1.6 as-number 500
 peer 1.1.1.6 group ASG_CSG_group
 group ASG_RSG_group internal
 peer 1.1.1.1 as-number 500
 peer 1.1.1.1 group ASG_RSG_group
 peer 1.1.1.8 as-number 500
 peer 1.1.1.8 group ASG_RSG_group
 #
 ipv4-family unicast
  undo synchronization
  network 0.0.0.0
  undo peer ASG_CSG_group enable
  undo peer ASG_RSG_group enable
  undo peer 1.1.1.1 enable
  undo peer 1.1.1.3 enable
  peer 1.1.1.4 enable
  peer 1.1.1.5 enable
  peer 1.1.1.6 enable
  peer 1.1.1.8 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer ASG_CSG_group enable
  peer ASG_CSG_group route-policy export-pref-tocsg export
  peer ASG_CSG_group reflect-client
  peer ASG_CSG_group next-hop-local
  peer 1.1.1.3 enable
  peer 1.1.1.3 group ASG_CSG_group
  peer 1.1.1.4 enable
  peer 1.1.1.4 group ASG_CSG_group
  peer 1.1.1.5 enable
  peer 1.1.1.5 group ASG_CSG_group
  peer 1.1.1.6 enable
  peer 1.1.1.6 group ASG_CSG_group
  peer ASG_RSG_group enable
  peer ASG_RSG_group route-policy ADVERTISE_TO_RSG export
  peer ASG_RSG_group reflect-client
  peer ASG_RSG_group next-hop-local
  peer 1.1.1.1 enable
  peer 1.1.1.1 group ASG_RSG_group
  peer 1.1.1.8 enable
  peer 1.1.1.8 group ASG_RSG_group
 #
 ipv4-family vpn-instance 2G_VPN
  network 0.0.0.0 route-policy ADD_PREFERRED_VALUE
  import-route direct
  import-route static
#
***************************SPE02
bgp 500
 router-id 1.1.1.7
 group ASG_CSG_group internal
 peer ASG_CSG_group connect-interface LoopBack0
 peer 1.1.1.3 as-number 500
 peer 1.1.1.3 group ASG_CSG_group
 peer 1.1.1.4 as-number 500
 peer 1.1.1.4 group ASG_CSG_group
 peer 1.1.1.5 as-number 500
 peer 1.1.1.5 group ASG_CSG_group
 peer 1.1.1.6 as-number 500
 peer 1.1.1.6 group ASG_CSG_group
 group ASG_RSG_group internal
 peer 1.1.1.1 as-number 500
 peer 1.1.1.1 group ASG_RSG_group
 peer 1.1.1.8 as-number 500
 peer 1.1.1.8 group ASG_RSG_group
 #
 ipv4-family unicast
  undo synchronization
  undo peer ASG_CSG_group enable
  undo peer ASG_RSG_group enable
  undo peer 1.1.1.1 enable
  undo peer 1.1.1.3 enable
  peer 1.1.1.4 enable
  peer 1.1.1.5 enable
  peer 1.1.1.6 enable
  peer 1.1.1.8 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer ASG_CSG_group enable
  peer ASG_CSG_group route-policy export-pref-tocsg export
  peer ASG_CSG_group reflect-client
  peer ASG_CSG_group next-hop-local
  peer 1.1.1.3 enable
  peer 1.1.1.3 group ASG_CSG_group
  peer 1.1.1.4 enable
  peer 1.1.1.4 group ASG_CSG_group
  peer 1.1.1.5 enable
  peer 1.1.1.5 group ASG_CSG_group
  peer 1.1.1.6 enable
  peer 1.1.1.6 group ASG_CSG_group
  peer ASG_RSG_group enable
  peer ASG_RSG_group route-policy ADVERTISE_TO_RSG export
  peer ASG_RSG_group reflect-client
  peer ASG_RSG_group next-hop-local
  peer 1.1.1.1 enable
  peer 1.1.1.1 group ASG_RSG_group
  peer 1.1.1.8 enable
  peer 1.1.1.8 group ASG_RSG_group
 #
 ipv4-family vpn-instance 2G_VPN
  network 0.0.0.0 route-policy ADD_PREFERRED_VALUE
  import-route direct
  import-route static
#
************************************NPE01
bgp 500
 router-id 1.1.1.1
 group RSG_ASG_group internal
 peer RSG_ASG_group connect-interface LoopBack0
 peer 1.1.1.2 as-number 500
 peer 1.1.1.2 group RSG_ASG_group
 peer 1.1.1.7 as-number 500
 peer 1.1.1.7 group RSG_ASG_group
 #
 ipv4-family unicast
  undo synchronization
  undo peer RSG_ASG_group enable
  undo peer 1.1.1.2 enable
  peer 1.1.1.7 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer RSG_ASG_group enable
  peer 1.1.1.2 enable
  peer 1.1.1.2 group RSG_ASG_group
  peer 1.1.1.7 enable
  peer 1.1.1.7 group RSG_ASG_group
 #
 ipv4-family vpn-instance 2G_VPN
  import-route direct
  import-route static
#
*********************************NPE02
bgp 500
 router-id 1.1.1.8
 group RSG_ASG_group internal
 peer RSG_ASG_group connect-interface LoopBack0
 peer 1.1.1.2 as-number 500
 peer 1.1.1.2 group RSG_ASG_group
 peer 1.1.1.7 as-number 500
 peer 1.1.1.7 group RSG_ASG_group
 #
 ipv4-family unicast
  undo synchronization
  undo peer RSG_ASG_group enable
  undo peer 1.1.1.2 enable
  undo peer 1.1.1.7 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer RSG_ASG_group enable
  peer 1.1.1.2 enable
  peer 1.1.1.2 group RSG_ASG_group
  peer 1.1.1.7 enable
  peer 1.1.1.7 group RSG_ASG_group
 #
 ipv4-family vpn-instance 2G_VPN
  import-route direct
  import-route static
#
commit

Configuration Step 5: Verify route advertisement between UPEs and SPEs, SPEs and NPEs.

We have only learned a default route from SPEs on UPE01. The route from SPE01 is preferred due to lower router ID.

SPE01 and SPE02 have learned detailed routes from both UPEs and NPEs. All the detailed routes learned from UPEs are advertised to NPEs.

NPE01 has learned BTS routes from SPEs.

Test communication from BTS to controllers

Related Posts



3 Comments

Leave a Reply

This website uses cookies and asks your personal data to enhance your browsing experience.
Ok, I agree Privacy Policy

Privacy Policy