BGP/MPLS VPN Technical White Paper

Similar documents
esight V300R001C10 SLA Technical White Paper Issue 01 Date HUAWEI TECHNOLOGIES CO., LTD.

MPLS OAM Technology White Paper

Huawei Enterprise Network esight Channel Sales Guide HUAWEI TECHNOLOGIES CO., LTD. Issue 3.2. Date

S Series Switch. Cisco HSRP Replacement. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

Quidway S5700 Series Ethernet Switches V100R006C01. Configuration Guide - VPN. Issue 01 Date HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI AR Series SEP Technical White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 1.0. Date

esight V300R001C10 WLAN Technical White Paper Issue 01 Date HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI USG6000 Series Next-Generation Firewall Technical White Paper VPN HUAWEI TECHNOLOGIES CO., LTD. Issue 1.1. Date

Cisco. Maintaining Cisco Service Provider VPNs and MPLS Networks (MSPVM)

Huawei MZ110 NIC V100R001. White Paper. Issue 07 Date HUAWEI TECHNOLOGIES CO., LTD.

Huawei esight LogCenter Technical White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 1.0. Date PUBLIC

Operation Guide for Security NEs Management

Huawei SD-WAN Solution

H3C S10500 Switch Series

MPLS over GRE. Finding Feature Information. Prerequisites for MPLS VPN L3VPN over GRE

HP FlexFabric 7900 Switch Series

SUN2000P-375 W Smart PV Optimizer. User Manual. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution

Ethernet OAM Technology White Paper

MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution

MPLS VPN--Inter-AS Option AB

HP FlexFabric 5930 Switch Series

Impact Analysis in MPLS Networks

Performing Diagnostics

Configuring MPLS L3VPN

AD SSO Technical White Paper

MPLS in the DCN. Introduction CHAPTER

HP 5920 & 5900 Switch Series

espace UMS V100R001C01SPC100 Product Description Issue 03 Date HUAWEI TECHNOLOGIES CO., LTD.

MPLS VPN Inter-AS Option AB

H3C S10500 Switch Series

BGP MPLS VPNs. Introduction

IMPLEMENTING CISCO MPLS (MPLS)

Configuring MPLS L3VPN

MPLS VPN Carrier Supporting Carrier Using LDP and an IGP

HP A5820X & A5800 Switch Series MPLS. Configuration Guide. Abstract

MPLS L3VPN. The MPLS L3VPN model consists of three kinds of devices: PE CE Site 2. Figure 1 Network diagram for MPLS L3VPN model

Huawei Sx7 Series Switches. SVF Technology White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

MPLS VPN Carrier Supporting Carrier Using LDP and an IGP

Securizarea Calculatoarelor și a Rețelelor 32. Tehnologia MPLS VPN

Multi-VRF Support. Finding Feature Information. Prerequisites for Multi-VRF Support

Huawei esight IPSec VPN Promotional Theme Slides. Version: V1.0 ( )

Operation Manual MCE H3C S3610&S5510 Series Ethernet Switches. Table of Contents

Cisco Training - HD Telepresence MPLS: Implementing Cisco MPLS V3.0. Upcoming Dates. Course Description. Course Outline

Configuration Guide - MPLS

Implementing MPLS Layer 3 VPNs

Energy Saving Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

Huawei SX700 Switches. SDN Technology White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

This document is not restricted to specific software and hardware versions.

Alcatel-Lucent 4A Alcatel-Lucent Virtual Private Routed Networks. Download Full version :

esight V300R002C00 Product Description Issue 04 Date HUAWEI TECHNOLOGIES CO., LTD.

Huawei OceanStor ReplicationDirector Software Technical White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

Anti-DDoS. User Guide (Paris) Issue 01 Date HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Secospace USG Series User Management and Control White Paper

"Charting the Course...

HP0-Y36: DEPLOYING HP ENTERPRISE NETWORKS

Introduction to Multi-Protocol Label

Cisco Group Encrypted Transport VPN

MPLS design. Massimiliano Sbaraglia

Junos MPLS and VPNs. Day(s): 5. Course Code: Overview

Agile Controller-Campus V100R002C10. Permission Control Technical White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

Technical White Paper for NAT Traversal

UPGRADING INTERNET SERVICE PROVIDER USING MULTI-PROTOCOL LABEL SWITCHING AND VIRTUAL PRIVATE NETWORK

Huawei CloudEngine Series. VXLAN Technology White Paper. Issue 06 Date HUAWEI TECHNOLOGIES CO., LTD.

esdk Storage Plugins 1.0.RC4 Compilation Guide 01(vRO) Issue 01 Date HUAWEI TECHNOLOGIES CO., LTD.

HPE FlexFabric 5940 Switch Series

MPLS VPN over mgre. Finding Feature Information. Last Updated: November 1, 2012

MPLS VPN Multipath Support for Inter-AS VPNs

Elastic Load Balance. User Guide. Issue 01 Date HUAWEI TECHNOLOGIES CO., LTD.

MIT International Journal of Electrical and Instrumentation Engineering Vol. 3, No. 1, Jan. 2013, pp

MPLS Intro. Cosmin Dumitru March 14, University of Amsterdam System and Network Engineering Research Group ...

DRH Hardware Maintenance Guide

NE20E-S Universal Service Router

SEP Technology White Paper

MPLS: Layer 3 VPNs: Inter-AS and CSC Configuration Guide, Cisco IOS Release 15SY

MPLS VPN. 5 ian 2010

Operation Manual MPLS VLL. Table of Contents

HUAWEI OceanStor Enterprise Unified Storage System. HyperReplication Technical White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

L2 MPLS VPN (VPLS) Technology White Paper

Huawei MZ912 NIC V100R001. White Paper. Issue 07 Date HUAWEI TECHNOLOGIES CO., LTD.

Quidway S5700 Series Ethernet Switches V100R006C01. Configuration Guide - Ethernet. Issue 02 Date HUAWEI TECHNOLOGIES CO., LTD.

Table of Contents Chapter 1 MPLS L3VPN Configuration

Lab 1: Static MPLS LSP-RTX4-RTX1 LSP-RTX1-RTX4 LSP-RTX3-RTX2 LSP-RTX2-RTX3

L3VPN Configuration. L3VPN Overview. Introduction to L3VPN

HUAWEI SE2900 Session Border Controller V300R002C10. Technical White Paper for IP. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

Configuring Virtual Private LAN Services

Deploy MPLS L3 VPN. APNIC Technical Workshop October 23 to 25, Selangor, Malaysia Hosted by:

MPLS VPN Half-Duplex VRF

NE20E-S Universal Service Router

GLOSSARY. See ACL. access control list.

Huawei AR1000V Brochure

Huawei FusionCloud Desktop Solution 5.3. Branch Technical White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

BGP Best External. Finding Feature Information

AToM (Any Transport over MPLS)

Advanced Anti-DDoS. User Guide. Issue 17 Date HUAWEI TECHNOLOGIES CO., LTD.

Configuring MPLS and EoMPLS

Live Streaming Accelerator. Quick Start. Issue 03 Date HUAWEI TECHNOLOGIES CO., LTD.

BW Protection. 2002, Cisco Systems, Inc. All rights reserved.

espace SoftConsole V200R001C02 Product Description HUAWEI TECHNOLOGIES CO., LTD. Issue 01 Date

BGP Event-Based VPN Import

Transcription:

V300R001C10 BGP/MPLS VPN Technical White Paper Issue 01 Date 2013-12-10 HUAWEI TECHNOLOGIES CO., LTD.

2013. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied. Huawei Technologies Co., Ltd. Address: Website: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China http://enterprise.huawei.com i

About This Document About This Document Purpose This document describes the esight BGP/MPLS VPN solution to help users learn about its key capabilities, application scenarios, and usage. Intended Audience This document is intended for: Technical support personnel Maintenance personnel Symbol Conventions The symbols that may be found in this document are defined as follows. Symbol Description Indicates an imminently hazardous situation which, if not avoided, will result in death or serious injury. Indicates a potentially hazardous situation which, if not avoided, could result in death or serious injury. Indicates a potentially hazardous situation which, if not avoided, may result in minor or moderate injury. Indicates a potentially hazardous situation which, if not avoided, could result in equipment damage, data loss, performance deterioration, or unanticipated results. NOTICE is used to address practices not related to personal injury. Calls attention to important information, best practices and tips. NOTE is used to address information not related to personal injury, equipment damage, and environment deterioration. ii

About This Document Change History Changes between document issues are cumulative. The latest document issue contains all the changes made in earlier issues. This issue is the first official release. iii

Contents Contents About This Document... ii 1 Executive Summary... 1 2 Introduction... 2... 3 3.1 Overview... 3 3.2 Implementation... 5 3.2.1 Automatic Discovery... 5 3.2.2 Quick Diagnosis... 6 3.2.3 Service Enabling and Disabling... 6 3.2.4 SLA... 7 3.3 Function Constraints... 8 3.3.1 Applicable Device Types... 8 3.4 Typical Applications... 10 3.4.1 Automatic Discovery... 10 3.4.2 Alarm Monitoring and Operating Status Monitoring... 10 3.4.3 Service Enabling and Disabling... 12 3.4.4 Quick Diagnosis... 12 4 Conclusion... 15 5 Acronyms and Abbreviations... 16 iv

1 Executive Summary 1 Executive Summary BGP/MPLS VPN is a Layer 3 virtual private network (L3VPN). It uses Border Gateway Protocol (BGP) to advertise VPN routes and uses Multiprotocol Label Switching (MPLS) to forward VPN packets on backbone networks of service providers (SPs). MPLS seamlessly integrates the flexibility of IP routing and simplicity of Asynchronous Transfer Mode (ATM) label switching. A connection-oriented control plane is added to an MPLS IP network, which enriches the means of managing and operating the network. On IP networks, MPLS traffic engineering (TE) has become an important tool in managing network traffic, reducing network congestion, and ensuring Quality of Service (QoS). Using MPLS-based IP networks as backbone networks becomes an important means for IP network carriers to provide value-added services and is widely used by enterprises. In the enterprise network market, enterprises can lease backbone networks from carriers to bear services or construct VPNs to bear services. Enterprises that lease backbone networks from carriers must ensure that the network quality provided by carriers can meet their service requirements. Enterprises that construct VPNs must perform end-to-end (E2E) monitoring on the entire network to ensure the proper running of services. esight BGP/MPLS VPN monitors VPN services from multiple aspects to help users locate and rectify faults promptly. This ensures proper running of services, improves operation and maintenance efficiency, and reduces operation and maintenance costs. esight BGP/MPLS VPN provides the following functions to monitor services: automatic service discovery, service alarm generating, and monitoring of service performance, service operating status, service enabling status, and service SLA data. 1

2 Introduction 2 Introduction esight BGP/MPLS VPN helps users locate faults promptly on L3VPN networks that have the following features: Complex network structure Devices located in multiple regions Various services running on an L3VPN network Complex configuration of routing protocols Differentiated skills of maintenance personnel 2

3.1 Overview Figure 3-1 shows the VPN service monitoring process. Figure 3-1 VPN service monitoring process The VPN service monitoring process is as follows: 1. A user deploys services on a network using the command-line interface (CLI) or smart configuration tool. 2. esight discovers deployed services from the network. 3

3. esight monitors service alarms, operating status, performance, SLA data, link status, and VPN routing and forwarding (VRF) status. 4. A user uses the quick diagnosis function to locate faults when a service is faulty. Using the Smart Configuration Tool to Deploy Services On an enterprise network, the L3VPN service deployment involves delivery of a large amount of data to provider edges (PEs) and customer edges (CEs), most of which have the same configuration. Therefore, esight provides the smart configuration tool to deploy services in batches. Figure 3-2 shows the process of using the smart configuration tool to deploy services. Figure 3-2 Process of using the smart configuration tool to deploy services 4

The process of using the smart configuration tool to deploy services is as follows: Step 1 Configure network resource information. Set the following service information based on a service plan: device IP addresses, interface IP addresses, VRF resource information (such as services that a VRF bears, VRF name, VRF RD, VRF RT, and VRF routing policy), routing information (public routes and private routes), and MPLS information. Step 2 Create a network plan sheet. Create a network plan sheet based on the supported device types and commands to deploy. Step 3 Set the network device parameters in the plan sheet to planned values specified in Step 1. Step 4 Import the plan sheet to esight. Step 5 (Optional) Send the plan sheet to devices and verify the CLI parameter values. Step 6 Send the plan sheet with configured CLI parameters to devices to complete service deployment. ----End 3.2 Implementation 3.2.1 Automatic Discovery esight provides the following automatic discovery modes: Discover by VRF connectivity esight checks whether the import RT of the VRF on a PE is the same as the export RT of the VRF on another PE. If the import RT and the export RT are the same, esight checks whether the two PEs have the peer relationship. If the two PEs have the peer relationship, esight discovers the service between them. Discover by VRF name esight checks whether the VRF names on two PEs are the same. If the VRF names are the same and the two PEs have the BGP peer relationship, esight discovers the service between the two PEs. If private routes are established between PEs and CEs using Open Shortest Path First (OSPF), Intermediate System-Intermediate System (ISIS), or external BGP (EBGP), esight can automatically discover services between the PEs and CEs, reducing the CE maintenance workload. When devices from mainstream manufacturers such as Cisco and H3C are used as PEs in VPN services, esight can automatically discover services deployed on the PEs based on the VRF information and BGP peer relationship. On the L3VPN service automatic discovery page, users can set the discovery scope and discovery policy to discover services from devices. 5

Figure 3-3 L3VPN service automatic discovery page 3.2.2 Quick Diagnosis The quick diagnosis function allows users to locate faults at different network layers. When a service is faulty, a user can locate faults at the PE-CE access layer, PE-PE L3 link layer, and PE-PE LSP bearing layer in sequence. For details, see Quick Diagnosis. 3.2.3 Service Enabling and Disabling When a service is enabled, it is activated. When a service is disabled, it is deactivated. Service enabling status is indicated by the management status of bound VRF interfaces. If the current bound VRF interface is disabled, the corresponding PE-CE link is disabled. If all the bound VRF interfaces of the current service are disabled, the service is disabled. Users can enable or disable services to control service availability. Users can also enable or disable a service interface to control the CE connection to a VPN service. In the Hub-Spoke network shown in Figure 3-4, users can enable or disable VRF interfaces enclosed in red boxes to control the CE connection to the VPN network. 6

Figure 3-4 Hub-Spoke network 3.2.4 SLA After discovering a VPN service, esight creates an ICMP ping-based SLA task for PE-PE and PE-CE links by default. Users then can monitor the SLA compliance for the PE-PE and PE-CE links. For details, see the esight V200R003C01 SLA Technical White Paper. 7

Figure 3-5 L3VPN SLA 3.3 Function Constraints 3.3.1 Applicable Device Types Device Device Type Device Version Router NE20 V2R5C01, V2R5C02, V2R5C03, and V2R5C05 NE20E series NE40 series NE40E series NE80 series NE80E series V200R003C00, V200R003C01, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R005C05, 600R003C00, V600R001C00, V600R003C05, and V600R005C00 V300R002C00, V300R002C01, V300R003C00, V300R003C01, V300R003C02, V300R005C00, V300R005C01, and V600R001C00 V300R001C00, V300R002C00, V300R003C00, V300R003C01, V300R003C02, V300R006C00, V300R006C01, V600R001C00, V600R001C01, V600R002C00, V600R002C05, V600R003C00, V600R003C01, V600R003C02, V600R003C03, V600R003C05, and V600R005C00 V300R002C00, V300R002C01, V300R003C00, V300R003C01, V300R003C02, V300R005C00, and V300R005C01 V1R2C00, V3R1C00, V3R2C00, V3R3C00, V3R3C01, V3R3C02, V3R6C00, V3R6C01, V6R1C00, V6R1C01, V600R002C00, V600R002C01, V600R002C02, 8

Device Device Type Device Version V600R003C00, and V600R003C01 Switch S33 and S37 series V1R3C00, V1R3C01, V1R5C00, V1R5C01, V1R6C00, and V1R6C01 AR Router(Cisco) S53 and S57 series S63 and S67 series S77 and S93 series AR150, AR200, AR1200, AR2200, and AR3200 series 7600 and 1000 series V1R3C00,V1R3C01, V1R5C00, V1R5C01, V1R6C00, V1R6C01, and V2R1C00 V1R6C00, V1R6C01, V2R1C00, V200R001C01, and V200R002C00 V1R3C00, V1R3C01, V1R6C00, V1R6C01, V2R1C00, and V200R002C00 V2R1C00, V2R1C01, V2R2C00, V2R2C01, V2R2C02, V2R3C00, V2R3C01, and V2R2C01 Router(H3C) SR6600,SR8800,AR28,AR 29-1,AR46,AR49, S7502E,S7503E and S7608-X 9

3.4 Typical Applications 3.4.1 Automatic Discovery esight discovers deployed services from a network in either of the following modes: discovery by VRF connectivity and discovery by VRF name. A user sets the discovery policy and device scope (including PEs and CEs), and clicks. esight then discovers services automatically. The service automatic discovery process is as follows: 1. Synchronize device configuration. esight synchronizes VPN service related information with devices. 2. Discover services. esight discovers services based on the discovery policy and synchronized device configuration. Services are classified into the following categories based on the discovery result: modified service (including PE-CE link change, PE-PE link change, and VRF information change), new service, and deleted service (esight deletes services that no longer exist on devices.) Figure 3-6 Service automatic discovery page 3.4.2 Alarm Monitoring and Operating Status Monitoring Users can view the highest alarm severity of the current service in the service list or service topology, and view devices that generate alarms and PE-CE link status in the service topology. Users can also access the Current Alarms page from the service list and view the alarm details of the current service. In service details, users can view the PE-CE link operating status and enabling status, link faults, and service availability on current links. 10

Figure 3-7 Service list Figure 3-8 Service topology Figure 3-9 Alarm list 11

Figure 3-10 PE-CE link status and VRF status 3.4.3 Service Enabling and Disabling Users can enable or disable services to control service availability. For example, users must disable non-key services on an emergency network when only key services are allowed at emergency moments and enable non-key services at non-emergency moments. Users can also enable or disable a PE-CE link to control the CE connection to a VPN network. Figure 3-11 Service enabling and disabling 3.4.4 Quick Diagnosis Quick diagnosis provides multiple diagnosis tools to help users locate service faults at different network layers. 12

For example, enterprise A has many offices that communicate with each other through L3VPN. In Figure 3-12, a VPN is established between PE1 and PE2. CE1 and CE2 are added to the VPN. CE1 and CE2 cannot communicate with each other. The fault must be located on the VPN. Figure 3-12 Example of an MPLS VPN network Figure 3-13 shows the fault diagnosis process, where Yes indicates that the test result is connected and No indicates that the test result is disconnected. Figure 3-13 Fault diagnosis process 13

Step 2 Locate faults at each network layer of the L3VPN service and determine the network layer where the faults have occurred. 1. At the L3VPN service layer, use ICMP ping or VRF ping to test the access controller (AC) link between PE1 and CE1 and the AC link between PE2 and CE2. If the AC link test fails, view the port configuration at both ends of the AC link and locate faults from port configuration. If the AC link test is successful, use ICMP ping or VRF ping to test the backbone link between PE1 and PE2. If the backbone link test fails, test the LSP tunnel between PE1 and PE2. 2. Use LSP ping to test the LSP tunnel between PE1 and PE2. If the LSP ping test is successful, the LSP tunnel functions properly at the bearer network, and the fault has occurred at the L3VPN service layer. If the LSP ping test fails, test the public routes. Step 3 Use a proper trace tool to locate the faulty device by network segment. Use a trace route tool (ICMP Traceroute, VRF Traceroute, or LSP Traceroute, depending on the service layer) to detect the link path between PE1 and PE2 at the faulty network layer. If the actual link path is detected, compare it with the correct service transmission path to locate the faulty device. Then view the device configuration to locate the fault. If the actual link path cannot be detected due to route convergence, locate the faulty device by link segment. If the fault cannot be located, contact Huawei technical support. 14

4 Conclusion 4 Conclusion esight BGP/MPLS VPN monitors VPN services from the aspects of alarm, performance, and SLA, and provides the quick diagnosis function to help users locate and rectify faults promptly. 15

5 Acronyms and Abbreviations 5 Acronyms and Abbreviations Acronym/Abbreviation BGP CE MP-BGP MPLS P PE SLA VPN VRF Full Name Border Gateway Protocol Customer edge Multiprotocol extensions for BGP-4 Multiprotocol Label Switching Provider Provider edge Service level agreement Virtual private network VPN routing and forwarding 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback