Upload
kochalo
View
253
Download
0
Embed Size (px)
Citation preview
8/10/2019 QinQ Configuration.pdf
1/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 1/76
QinQ Configuration
Contents
1 QinQ Configuration
1.1 Introduction to QinQ1.2 QinQ Principles1.2.1 Basic Principles1.2.2 Basic QinQ1.2.3 Selective QinQ1.2.4 TPID1.3 Application Environment1.4 Configuration Task Summary1.5 Configuration Notes1.6 Configuring QinQ1.6.1 Configuring QinQ Tunneling1.6.1.1 Configuring Basic QinQ1.6.1.2 Configuring Selective QinQ1.6.2 Configuring Termination Sub-interface to Access an L2VPN Network 1.6.2.1 Configuring a Sub-interface for Dot1q VLAN Tag Termination1.6.2.2 Configuring a Sub-interface for QinQ VLAN Tag Termination1.6.2.3 Configuring the L2VPN1.6.2.4 Checking the Configuration1.6.3 Configuring Termination Sub-interface to Access an L3VPN Network 1.6.3.1 Configuring a Sub-interface for Dot1q VLAN Tag Termination1.6.3.2 Configuring a Sub-interface for QinQ VLAN Tag Termination
1.6.3.3 Configuring the L3VPN1.6.3.4 Checking the Configuration1.6.4 Configuring the TPID Value for an Outer VLAN Tag1.7 Configuration Examples1.7.1 Example for Configuring basic QinQ1.7.2 Example for Configuring Selective QinQ1.7.3 Example for Configuring VLL Access Through Dot1q Sub-interfaces1.7.4 Example for Configuring a QinQ Sub-interface to Access a VLL Network 1.7.5 Example for Configuring a Sub-interface for Dot1q VLAN Tag Termination to Accessan L3VPN Network 1.7.6 Example for Configuring a Sub-interface for QinQ VLAN Tag Termination to Access an
L3VPN Network 1.8 References
1 QinQ Configuration
8/10/2019 QinQ Configuration.pdf
2/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 2/76
This chapter describes the concepts and configuration procedure of 802.1Q-in-802.1Q (QinQ),and provides configuration examples.
Context
NOTE:
Only the AR150, AR160, AR200 support QinQ.
Only the AR1200, AR2200, AR3200 support termination sub-interface access to the VPN.
Introduction to QinQThis section describes definition, purpose and benefit of QinQ.
QinQ PrinciplesThis section describes principles of QinQ.
Application EnvironmentThis section describes the applicable environment of QinQ.
Configuration Task Summary
Configuration NotesThis section describes QinQ configuration notes.
Configuring QinQThis section describes the QinQ configuration.
Configuration ExamplesThis section provides several configuration examples of QinQ.
ReferencesThis section describes references of QinQ.
Parent topic: Configuration Guide - Ethernet Switching
1.1 Introduction to QinQ
This section describes definition, purpose and benefit of QinQ.
Definition
802.1Q-in-802.1Q (QinQ) technology improves VLAN utilization by adding another 802.1Qtag to a frame with an 802.1Q tag. In this case, frames from private VLAN tags can betransparently transmitted on the public network. A frame transmitted on the backbone network has double 802.1Q tags (one for the public network and the other for the private network), thatis, 802.1Q-in-802.1Q (QinQ).
Purpose
8/10/2019 QinQ Configuration.pdf
3/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 3/76
As Ethernet is widely used on networks, 802.1Q VLANs are not enough to identify and isolatea large number of users on a network. The 12-bit VLAN tag field defined in IEEE 802.1Qidentifies a maximum of 4096 VLANs, which are insufficient for a large number of users onthe Ethernet network. QinQ technology is used to solve this problem.
QinQ technology encapsulates an 802.1Q tag to an 802.1Q packet. With this extra tag, thenumber of VLANs is increased to 4094 x 4094.
As Ethernet develops and requirements for precise management emerge, QinQ has more
applications. The inner tag indicates the user; the outer tag indicates the service. QinQ packetstraverse the public network with double tags, and the inner tag is transparently transmitted.Therefore, QinQ is also a simple and practical VPN technology, which is an extension toMulti-Protocol Label Switching (MPLS) VPN on the core network. QinQ can be used withMPLS VPN to form an end-to-end VPN solution.
Benefits
QinQ technology improves VLAN utilization by adding another 802.1Q VLAN tag to a framewith an 802.1Q VLAN tag. It brings the following advantages:
QinQ expands the VLAN space so that user isolation and identification are notlimited.
In a QinQ packet, the inner 802.1Q tag identifies a user, and the outer 802.1Q tagidentifies a service. The inner and outer tags facilitate service deployment.
More QinQ encapsulation and termination modes are used for fine-grained servicemanagement.
Parent topic: QinQ Configuration
1.2 QinQ Principles
This section describes principles of QinQ.
Basic Principles
Basic QinQ
Selective QinQ
TPID
Parent topic: QinQ Configuration
1.2.1 Basic Principles
8/10/2019 QinQ Configuration.pdf
4/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 4/76
QinQ technology expands the VLAN space by adding another 802.1Q VLAN tag to a framewith an 802.1Q tag. As the metro Ethernet develops, more QinQ encapsulation andtermination modes are used for fine-grained service management.
Format of a QinQ Frame
A QinQ frame has a fixed format, that is, the 802.1Q tag with another 802.1Q tag. A QinQframe has four more bytes than an 802.1Q frame.
Figure 1 802.1Q encapsulation
QinQ Encapsulation
QinQ encapsulation adds another 802.1Q tag to a frame with an 802.1Q tag.
QinQ is classified into basic QinQ and selective QinQ depending on encapsulation data. BasicQinQ refers to interface-based QinQ, and selective QinQ includes VLAN ID-based QinQ and802.1p priority-based QinQ.
Port-based QinQ encapsulation
In port-based QinQ encapsulation, the device adds the same outer VLAN tag to allthe frames sent to a specified port. Port-based QinQ encapsulation, also called QinQtunneling, is not flexible and cannot distinguish services.
VLAN ID-based QinQ
VLAN ID-based QinQ determines whether to encapsulate the outer VLAN tag andthe type of the outer VLAN tag into different data flows.
Traffic can be classified based on VLAN ID ranges if a user uses different VLANIDs for different services. For example, PC users access the Internet through VLANs101 to 200, IPTV users through VLANs 201 to 300, and VoIPs through VLANs 301to 400. When receiving service data, the UPE adds the outer tag 100 to frames fromPCs, outer tag 300 to frames from IPTV users, and outer tag 500 to frames fromVoIPs.
802.1p priority-based QinQ
802.1p priority-based QinQ determines whether to encapsulate the outer VLAN tagand the type of the outer VLAN tag into data flows with different priorities.
For example, when different services of a user use different priorities, you can set updifferent data transmission channels for these services based on priorities so thatservices can be differentiated.
8/10/2019 QinQ Configuration.pdf
5/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 5/76
QinQ/Dot1q VLAN Tag Termination Sub-interface
In QinQ termination, a sub-interface identifies one tag or double tags of QinQ frames and thenremoves one tag or double tags or sends the frames.
QinQ termination is usually performed on sub-interfaces, called VLAN tag termination sub-interfaces.
Different termination modes are used in different situations when QinQ technology is appliedto the MPLS/IP core network.
A sub-interface that terminates a single tag in a frame is called a dot1q VLAN tagtermination sub-interface.
A sub-interface that terminates double tags in a frame is called a QinQ VLAN tagtermination sub-interface.
QinQ VLAN tag termination sub-interfaces have different functions in different scenariosrelated with the specific scenario. The following explains it in different scenarios.
Parent topic: QinQ Principles
1.2.2 Basic QinQ
Basic QinQ is implemented based on interfaces. Basic QinQ allows the device to add the outer tag to a packet received on an interface. If the received packet carries a VLAN tag, the deviceadds the outer VLAN tag to the packet. If the received packet does not carry any VLAN tag,the device adds the inner VLAN tag and then the outer VLAN tag.
As shown in Figure 1 , enterprise A has two branches that connect to the carrier network through PE1 and PE2 respectively.
Figure 1 Networking diagram of basic QinQ
8/10/2019 QinQ Configuration.pdf
6/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 6/76
Enterprise A has different services, so different VLANs are assigned. Basic QinQ isconfigured on the CE interface connected to the carrier network. The outer VLAN 20 is addedto the packet passing through the CE interface and removed after the packet reaches another
branch. Traffic between two branches is transparently transmitted on the public network sothat users using the same service in different branches of enterprise A can communicate andusers using different services are isolated.
Parent topic: QinQ Principles
1.2.3 Selective QinQ
Selective QinQ, also knonw as VLAN Stacking or QinQ Stacking, is performed based on portsand VLAN IDs. Besides basic QinQ functions, selective QinQ has the following functions:
VLAN ID-based selective QinQ: adds outer VLAN tags based on VLAN IDs.
802.1p priority-based selective QinQ: adds outer VLAN tags based on 802.1p priorities in inner VLAN tags.
Selective QinQ is an extension to basic QinQ and is more flexible. The difference is asfollows:
Basic QinQ: adds the same outer VLAN tag to all the frames entering a Layer 2 port.
Selective QinQ: adds different outer VLAN tags to the frames entering a Layer 2 port based on the inner VLAN tags.
As shown in Figure 1 , enterprise A has two branches that connect to the carrier network through PE1 and PE2 respectively.
8/10/2019 QinQ Configuration.pdf
7/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 7/76
Figure 1 Networking diagram of selective QinQ
Enterprise A has different services, so different VLANs are assigned. Data services aretransmitted in VLAN 10 to VLAN 30, and voice services are transmitted in VLAN 31 toVLAN 50.
Selective QinQ is configured on the user-side interface of the CE to add outer VLAN 20 to packets with VLAN IDs 10 to 30, and outer VLAN 21 to packets with VLAN IDs 31 to 50,and the device is configured to increase the priority of voice packets. Traffic between two
branches can be transparently transmitted through the public network so that users using thesame service in different branches of enterprise A can communicate, users using differentservices are isolated, and voice services are transmitted preferentially.
Parent topic: QinQ Principles
1.2.4 TPIDTag Protocol Identifier (TPID), a field in a VLAN tag, specifies the protocol type of the tag.The TPID value defined in IEEE 802.1Q is 0x8100.
Figure 1 shows the Ethernet frame format defined in IEEE 802.1Q. The 802.1Q Tag fieldlocates between the Source Address (SA) and Length/Type fields. The device checks theTPID value in the received frame to determine whether the VLAN tag is the S-VLAN tag or C-VLAN tag. The device compares the configured TPID value with the TPID value in theframe. For example, a frame carries VLAN tags with TPID values 0x9100 and 0x8100. If theTPID value of the S-VLAN tag is set to 0x9100 and that of the C-VLAN tag is 0x8200, the
8/10/2019 QinQ Configuration.pdf
8/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 8/76
device considers that the frame only carries the S-VLAN tag, but not the C-VLAN tag.
Figure 1 802.1Q encapsulation
Different carriers may use different TPID values in outer VLAN tags. You can set the sameTPID value to ensure compatibility among devices of different vendors. In this case, QinQframe sent to the public network carry the same TPID value with the carrier TPID value,ensuring interoperability between the device and the carrier device. To prevent packetforwarding and processing errors on the network, the TPID value can be none of values in
Table 1 .
Table 1 Description of protocol types and values
Protocol Type Value
ARP 0x0806
RARP 0x8035
IP 0x0800
IPv6 0x86DD
PPPoE 0x8863/0x8864
MPLS 0x8847/0x8848
IPX/SPX 0x8137
LACP 0x8809
802.1x 0x888E
HGMP 0x88A7
Reserved 0xFFFD/0xFFFE/0xFFFF
Parent topic: QinQ Principles
1.3 Application Environment
8/10/2019 QinQ Configuration.pdf
9/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 9/76
This section describes the applicable environment of QinQ.
Basic QinQ
As shown in Figure 1 , enterprise A has two branches that connect to the carrier network through PE1 and PE2 respectively. Enterprise A has different services, so different VLANs areassigned. To save public VLAN IDs, it is required that traffic between two branches of enterprise A be transparently transmitted through the public network, users using the same
service in different branches of enterprise A be allowed to communicate, and users usingdifferent services be isolated. You can configure QinQ on the network-side interface of the CEto meet the preceding requirements.
Figure 1 Typical networking of basic QinQ
Selective QinQ
As shown in Figure 2 , enterprise A has two branches that connect to the carrier network through PE1 and PE2 respectively. Enterprise A has different services, so different VLANs areassigned. Data services are transmitted in VLAN 10 to VLAN 30, and voice services aretransmitted in VLAN 31 to VLAN 50. To save public VLAN IDs, it is required that traffic
between two branches of enterprise A be transparently transmitted through the public network,users using the same service in different branches of enterprise A be allowed to communicate,users using different services be isolated, and voice services be transmitted preferentially. Youcan configure selective QinQ on the user-side interface of the CE to meet the precedingrequirements.
Figure 2 Typical networking of selective QinQ
8/10/2019 QinQ Configuration.pdf
10/76
8/10/2019 QinQ Configuration.pdf
11/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 11/76
L3VPN Network through PEs. User data packetssent by the CE to a PE containone or double tags. You need toconnect the sub-interfaces on thePE to an L3VPN to enable CEsto communicate with each other.
interface to Access an L3VPN Network
Configuring the TPID Value for an Outer VLAN Tag
To ensure that devices fromdifferent vendors cancommunicate with each other,set the TPID value of an outer VLAN tag.
Configuring the TPID Value for an Outer VLAN Tag
Parent topic: QinQ Configuration
1.5 Configuration Notes
This section describes QinQ configuration notes.
When deploying QinQ on the router, pay attention to the following:
Before configuring QinQ on an interface, add the interface to a network bridge. If theinterface is deleted from the network bridge, the QinQ configuration is also deletedfrom the interface.
You can configure only one of QinQ, selective QinQ, and VLAN mapping on a sub-interface.
Parent topic: QinQ Configuration
1.6 Configuring QinQ
This section describes the QinQ configuration.
Configuring QinQ TunnelingThis section describes how to configure QinQ tunneling, including basic QinQ andselective QinQ.
Configuring Termination Sub-interface to Access an L2VPN Network A CE accesses the ISP network through PEs. User data packets sent by the CE to a PEcontain one or double tags. You need to connect the sub-interfaces on the PE to a VPNnetwork to enable CEs to communicate with each other.
Configuring Termination Sub-interface to Access an L3VPN Network A CE accesses the ISP network through PEs. User data packets sent by the CE to a PE
8/10/2019 QinQ Configuration.pdf
12/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 12/76
contain one or double tags. You need to connect the sub-interfaces on the PE to anL3VPN to enable CEs to communicate with each other.
Configuring the TPID Value for an Outer VLAN TagTo ensure that devices from different vendors can communicate with each other, set theTPID value of an outer VLAN tag.
Parent topic: QinQ Configuration
1.6.1 Configuring QinQ Tunneling
This section describes how to configure QinQ tunneling, including basic QinQ and selectiveQinQ.
Configuring Basic QinQ
Configuring Selective QinQ
Parent topic: Configuring QinQ
1.6.1.1 Configuring Basic QinQ
Background InformationDot1q tunnel isolates a carrier network from a user network and is widely used when usersconnect to a carrier network. When private networks connect to a carrier network through CEsand PEs, run the vlan dot1q-tunnel command on CE interfaces connected to PEs so that theCE interfaces add the outer VLAN tag allocated by the carrier to user packets. Thisimplementation saves VLAN IDs and allows user packets to be transparently transmitted onthe carrier network.
Procedure
1. Run:system-view
The system view is displayed.
2. Run:
bridge bridge-id
A bridge group is created and the bridge group view is displayed.
3. Run:
quit
8/10/2019 QinQ Configuration.pdf
13/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 13/76
Exit from the bridge group view.
4. Run:
interface { ethernet | gigabitethernet } interface-number . subinterface-nu mber
The Ethernet sub-interface view is displayed.
NOTE:
Sub-interfaces can only be created on Layer 3 Ethernet interfaces. If an interface works in Layer 2mode and supports switching between Layer 2 and Layer 3 modes, run the undo portswitchcommand to switch the interface in Layer 3 mode before creating a sub-interface on the interface.
5. Run:
bridge bridge-id
The Ethernet sub-interface is added to the bridge group.
6. Run:
bridge vlan-transmit enable
The interface is enabled to transparently transmit VLAN IDs.
7. Run:
vlan allow-pass { vid vlan-id1 [ to vlan-id2 ] | default }
The VLAN allowed by the Ethernet sub-interface is configured.
NOTE:
VLANs allowed by all sub-interfaces of a main interface cannot overlap.
The vlan allow-pass default command can be executed only on a sub-interface among all sub-
interfaces of each main interface. Packets are forwarded through the default sub-interface when the packets do not match other QinQ or VLAN mapping entries on a sub-interface.
8. Run:
vlan dot1q-tunnel tunnel-vlan-id [ native vid native-vlan-id ]
The basic QinQ function is configured on a sub-interface.
The vlan dot1q-tunnel command can be only executed at one time on a sub-interface and the VLAN specified by tunnel-vlan-id must be allowed by the sub-interface.
Parent topic: Configuring QinQ Tunneling
1.6.1.2 Configuring Selective QinQ
Context
You can configure selective QinQ based on the VLAN ID or 802.1p priority.
8/10/2019 QinQ Configuration.pdf
14/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 14/76
VLAN ID-based selective QinQ
When private networks connect to a carrier network through CEs and PEs, run thevlan stacking command on CE interfaces connected to PEs so that the CE interfacesadd the outer VLAN tag allocated by the carrier to user packets. This implementationsaves VLAN IDs and allows user packets to be transparently transmitted on thecarrier network.
802.1p priority-based selective QinQ
An 802.1p priority indicates a packet priority. Generally, different services of a user use different priorities. A carrier can establish different data transmission networksfor different services based on 802.1p priorities so that services on the carrier network can be differentiated.
Procedure
Configuring VLAN ID-based selective QinQ
1. Run:
system-view
The system view is displayed.
2. Run:
bridge bridge-id
A bridge group is created and the bridge group view is displayed.
3. Run:
quit
Exit from the bridge group view.
4. Run:
interface { ethernet | gigabitethernet } interface-number . subinterface-number
The Ethernet sub-interface view is displayed.
NOTE:
Sub-interfaces can only be created on Layer 3 Ethernet interfaces. If an interface works in
Layer 2 mode and supports switching between Layer 2 and Layer 3 modes, run the undoportswitch command to switch the interface in Layer 3 mode before creating a sub-interface on the interface.
5. Run:
bridge bridge-id
The Ethernet sub-interface is added to the bridge group.
6. Run:
bridge vlan-transmit enable
8/10/2019 QinQ Configuration.pdf
15/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 15/76
The interface is enabled to transparently transmit VLAN IDs.
7. Run:
vlan stacking { default | vid low-ce-vid [ to high-ce-vid ] } pe-vid pe-vid [ remark-8021p 8021p-value2 ]
VLAN ID-based selective QinQ is configured.
NOTE:VLANs allowed by all sub-interfaces of a main interface cannot overlap.
The vlan stacking default command can be executed only on a sub-interface among allsub-interfaces of each main interface. Packets are forwarded through the default sub-interface when the packets do not match other QinQ entries on a sub-interface.
Configuring 802.1p priority-based selective QinQ
1. Run:
system-view
The system view is displayed.
2. Run:
bridge bridge-id
A bridge group is created and the bridge group view is displayed.
3. Run:
quit
Exit from the bridge group view.
4. Run:
interface { ethernet | gigabitethernet } interface-number . subinterface-number
The Ethernet sub-interface view is displayed.
NOTE:
Sub-interfaces can only be created on Layer 3 Ethernet interfaces. If an interface works inLayer 2 mode and supports switching between Layer 2 and Layer 3 modes, run the undoportswitch command to switch the interface in Layer 3 mode before creating a sub-
interface on the interface.
5. Run:
bridge bridge-id
The Ethernet sub-interface is added to the bridge group.
6. Run:
bridge vlan-transmit enable
The interface is enabled to transparently transmit VLAN IDs.
8/10/2019 QinQ Configuration.pdf
16/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 16/76
7. Run:
vlan allow-pass { vid vlan-id1 [ to vlan-id2 ] | default }
The VLAN allowed by the Ethernet sub-interface is configured.
NOTE:
VLANs allowed by all sub-interfaces of a main interface cannot overlap.
The vlan allow-pass default command can be executed only on a sub-interface among allsub-interfaces of each main interface. Packets are forwarded through the default sub-interface when the packets do not match other QinQ or VLAN mapping entries on a sub-interface.
8. Run:
vlan stacking 8021p 8021p-value1 pe-vid pe-vid [ remark-8021p 8021p-value2 ]
802.1p priority-based selective QinQ is configured.
Parent topic: Configuring QinQ Tunneling
1.6.2 Configuring Termination Sub-interfaceto Access an L2VPN Network
A CE accesses the ISP network through PEs. User data packets sent by the CE to a PE containone or double tags. You need to connect the sub-interfaces on the PE to a VPN network to
enable CEs to communicate with each other.
Configuring a Sub-interface for Dot1q VLAN Tag Termination
Configuring a Sub-interface for QinQ VLAN Tag Termination
Configuring the L2VPN
Checking the Configuration
Parent topic: Configuring QinQ
1.6.2.1 Configuring a Sub-interface for Dot1qVLAN Tag Termination
Context
8/10/2019 QinQ Configuration.pdf
17/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 17/76
A sub-interface for dot1q VLAN tag termination can terminate single-tagged user packets. Thefollowing operations are performed on a user-side interface of a PE.
Procedure
1. Run:
system-view
The system view is displayed.2. Run:
interface { ethernet | gigabitethernet } interface-number . subinterface-nu mber
The Ethernet sub-interface view is displayed.
3. Run:
dot1q termination vid vid
The sub-interface is configured to terminate single-tagged packets.
NOTE:
After a sub-interface for VLAN tag termination is configured, ensure that ARP broardcast is enabledon the sub-interface. For details, see the arp broadcast enable command.
Parent topic: Configuring Termination Sub-interface to Access an L2VPN Network
1.6.2.2 Configuring a Sub-interface for QinQVLAN Tag Termination
Context
A sub-interface for QinQ VLAN tag termination can terminate double-tagged user packets.
Sub-interfaces for QinQ termination access an L2VPN in symmetrical mode or inasymmetrical mode. User packets access an L2VPN in different modes. PEs process these
packets in the ways described in the following tables.
Table 1 Packet processing on the inbound interface
Type of the Inbound Interface VLL/PWE3
Ethernet Encapsulation VLAN Encapsulation
Symmetrical Strips the outer tag. Reserves the double tags, and noaction is required.
Asymmetrical Strips the double tags. Strips two tags and then addsone tag.
8/10/2019 QinQ Configuration.pdf
18/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 18/76
Table 2 Packet processing on the outbound interface
Type of the Outbound Interface VLL/PWE3
Ethernet Encapsulation VLAN Encapsulation
Symmetrical Adds the outer tag. Replaces the outer tag.
Asymmetrical Adds double tags. Strips one tag and then addsdouble tags
The following operations are performed on a user-side interface of a PE.
Procedure
1. Run:
system-view
The system view is displayed.2. Run:
interface { ethernet | gigabitethernet } interface-number . subinterface-nu mber
The Ethernet sub-interface view is displayed.
3. Run:
qinq termination l2 { symmetry | asymmetry }
The attributes of the QinQ termination sub-interface are configured.
By default, the QinQ termination sub-interface uses the asymmetrical mode.4. Run:
qinq termination pe-vid pe-vid ce-vid ce-vid
The sub-interface is configured to terminate double-tagged packets.
NOTE:
After a sub-interface for VLAN tag termination is configured, ensure that ARP broardcast is enabledon the sub-interface. For details, see the arp broadcast enable command.
Parent topic: Configuring Termination Sub-interface to Access an L2VPN Network
1.6.2.3 Configuring the L2VPN
Termination sub-interfaces support VLL access. You can configure L2VPN on the CE, PE,and P. For details, see "VLL Configuration" in the Huawei
AR150&AR160&AR200&AR1200&AR2200&AR3200 Series Enterprise Routers
8/10/2019 QinQ Configuration.pdf
19/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 19/76
Configuration Guide - VPN .
Parent topic: Configuring Termination Sub-interface to Access an L2VPN Network
1.6.2.4 Checking the Configuration
Procedure
Run the display dot1q information termination [ interface interface-typeinterface-number [. subinterface-number ] ] command to check information about adot1q sub-interface.
Run the display qinq information termination [ interface interface-type interface-number [. subinterface-number ] ] command to check information about a QinQ sub-interface.
Run the display vll ccc [ ccc-name | type local ] command to check informationabout a CCC connection.
Run the display mpls static-l2vc command to check information about an SVCL2VPN VC.
Run the display mpls l2vc command on the PE to check information about theMartini VLL on the local PE.
Run the display mpls l2vc remote-info command on the PE to check informationabout the Martini VLL on the remote PE.
Parent topic: Configuring Termination Sub-interface to Access an L2VPN Network
1.6.3 Configuring Termination Sub-interfaceto Access an L3VPN Network
A CE accesses the ISP network through PEs. User data packets sent by the CE to a PE containone or double tags. You need to connect the sub-interfaces on the PE to an L3VPN to enableCEs to communicate with each other.
Configuring a Sub-interface for Dot1q VLAN Tag Termination
Configuring a Sub-interface for QinQ VLAN Tag Termination
Configuring the L3VPN
Checking the Configuration
8/10/2019 QinQ Configuration.pdf
20/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 20/76
Parent topic: Configuring QinQ
1.6.3.1 Configuring a Sub-interface for Dot1qVLAN Tag Termination
Context
A sub-interface for dot1q VLAN tag termination can terminate single-tagged user packets. Thefollowing operations are performed on a user-side interface of a PE.
Procedure
1. Run:
system-view
The system view is displayed.
2. Run:
interface { ethernet | gigabitethernet } interface-number . subinterface-nu mber
The Ethernet sub-interface view is displayed.
3. Run:
ip binding vpn-instance vpn-instance-name
The sub-interface is bound to the VPN instance.
4. Run:
ip address ip-address { mask | mask-length } [ sub ]
An IP address is configured for the Ethernet sub-interface.
NOTE:
When two or more IP addresses are configured for an Ethernet interface, the keyword sub must beused to indicate the second IP address and subsequent IP addresses.
5. Run:
dot1q termination vid vid
The sub-interface is configured to terminate single-tagged packets.
NOTE:
After a sub-interface for VLAN tag termination is configured, ensure that ARP broardcast is enabledon the sub-interface. For details, see the arp broadcast enable command.
Parent topic: Configuring Termination Sub-interface to Access an L3VPN Network
8/10/2019 QinQ Configuration.pdf
21/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 21/76
1.6.3.2 Configuring a Sub-interface for QinQVLAN Tag Termination
Context
A sub-interface for QinQ VLAN tag termination can terminate double-tagged user packets.The following operations are performed on a user-side interface of a PE.
Procedure
1. Run:
system-view
The system view is displayed.
2. Run:
interface { ethernet | gigabitethernet } interface-number . subinterface-nu mber
The Ethernet sub-interface view is displayed.
3. Run:
ip binding vpn-instance vpn-instance-name
The sub-interface is bound to the VPN instance.
4. Run:
ip address ip-address { mask | mask-length } [ sub ]
An IP address is configured for the Ethernet sub-interface.
NOTE:
When two or more IP addresses are configured for an Ethernet interface, the keyword sub must beused to indicate the second IP address and subsequent IP addresses.
5. Run:
qinq termination pe-vid pe-vid ce-vid ce-vid
The sub-interface is configured to terminate double-tagged packets.
NOTE:
After a sub-interface for VLAN tag termination is configured, ensure that ARP broardcast is enabledon the sub-interface. For details, see the arp broadcast enable command.
Parent topic: Configuring Termination Sub-interface to Access an L3VPN Network
1.6.3.3 Configuring the L3VPN
8/10/2019 QinQ Configuration.pdf
22/76
8/10/2019 QinQ Configuration.pdf
23/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 23/76
The qinq protocol command identifies incoming packets, and adds or changes the TPID value of outgoing packets.The protocol IDs set by the qinq protocol command cannot be the same as well-known protocol IDs.Otherwise, the interface cannot distinguish packets of these protocols. For example, protocol-id cannot
be set to 0x0806, which is the ARP protocol ID.
Procedure
1. Run:system-view
The system view is displayed.
2. Run:
interface interface-type interface-number
The interface view is displayed.
3. Run:
qinq protocol protocol-id
The protocol type in the outer VLAN tag is set.
By default, the TPID value in the outer VLAN tag is 0x8100.
Parent topic: Configuring QinQ
1.7 Configuration Examples
This section provides several configuration examples of QinQ.
Example for Configuring basic QinQ
Example for Configuring Selective QinQ
Example for Configuring VLL Access Through Dot1q Sub-interfaces
Example for Configuring a QinQ Sub-interface to Access a VLL Network
Example for Configuring a Sub-interface for Dot1q VLAN Tag Termination toAccess an L3VPN Network
Example for Configuring a Sub-interface for QinQ VLAN Tag Termination toAccess an L3VPN Network
Parent topic: QinQ Configuration
8/10/2019 QinQ Configuration.pdf
24/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 24/76
1.7.1 Example for Configuring basic QinQ
Networking Requirements
As shown in Figure 1 , enterprise A has two branches that connect to the carrier network through PE1 and PE2 respectively. Enterprise A has different services, so different VLANs areassigned.
The requirements are as follows:
VLANs are assigned independently in enterprise A, and are independent of carrier VLANs or VLANs of other enterprises.
Traffic between two branches of enterprise A is transparently transmitted through the public network, users using the same service in different branches of enterprise A areallowed to communicate, and users using different services must be isolated.
Figure 1 Networking diagram for configuring basic QinQ
Configuration Roadmap
The configuration roadmap is as follows:
You can configure the basic QinQ function on the CE connected to the PE and implementcommunication between two branches of enterprise A through VLAN 20 provided by thecarrier.
1. Create a bridge group and add a sub-interface to the bridge group.
2. Configure VLANs allowed by a sub-interface.
3. Configure basic QinQ on the CE interface connected to the PE so that the CE canthe S-VLAN tag to user packets.
8/10/2019 QinQ Configuration.pdf
25/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 25/76
4. Add interfaces of the PE and P to VLAN 20 so that packets from VLAN 20 areallowed to pass through.
Procedure
1. Create a bridge group and add a sub-interface to the bridge group.
system-view[Huawei] sysname CE1[CE1] bridge 1[CE1-bridge1] quit[CE1] interface gigabitethernet 0/0/0.1[CE1-GigabitEthernet0/0/0.1] bridge 1[CE1-GigabitEthernet0/0/0.1] bridge vlan-transmit enable
The configuration of CE2 is similar to that of CE1, and is not mentioned here.
2. Configure VLANs allowed by a sub-interface.
[CE1-GigabitEthernet0/0/0.1] vlan allow-pass vid 10 to 50
The configuration of CE2 is similar to that of CE1, and is not mentioned here.
3. Configure CE1 interface connected to the PE to add a VLAN tag to user packets.[CE1-GigabitEthernet0/0/0.1] vlan dot1q-tunnel 20[CE1-GigabitEthernet0/0/0.1] quit
The configuration of CE2 is similar to that of CE1, and is not mentioned here.
4. Add GE0/0/0 and GE0/0/1 on PE1 to VLAN 20 in trunk mode.
system-view[Huawei] sysname PE1[PE1] vlan batch 20[PE1] interface gigabitethernet 0/0/0[PE1-GigabitEthernet0/0/0] port link-type trunk[PE1-GigabitEthernet0/0/0] port trunk allow-pass vlan 20[PE1-GigabitEthernet0/0/0] quit[PE1] interface gigabitethernet 0/0/1[PE1-GigabitEthernet0/0/1] port link-type trunk[PE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 20[PE1-GigabitEthernet0/0/1] quit
The configurations of PE2 and P are similar to the configuration of PE1, and are notmentioned here.
5. Verify the configuration.
On a PC in a VLAN of a branch in enterprise A, ping a PC in the same VLAN of the other branch in enterprise A. The ping operation succeeds, indicating that usersusing the same service can communicate with each other.
Configuration Files
Configuration file of CE1
# sysname CE1#bridge 1#
8/10/2019 QinQ Configuration.pdf
26/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 26/76
interface GigabitEthernet0/0/0#interface GigabitEthernet0/0/0.1 bridge 1 bridge vlan-transmit enable vlan allow-pass vid 10 to 50
vlan dot1q-tunnel 20#return
Configuration file of CE2# sysname CE2#bridge 1#interface GigabitEthernet0/0/0#interface GigabitEthernet0/0/0.1 bridge 1 bridge vlan-transmit enable vlan allow-pass vid 10 to 50
vlan dot1q-tunnel 20#return
Configuration file of PE1
# sysname PE1# vlan batch 20#interface GigabitEthernet0/0/0 port link-type trunk
port trunk allow-pass vlan 20#interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 20#return
Configuration file of PE2
# sysname PE2# vlan batch 20#interface GigabitEthernet0/0/0 port link-type trunk port trunk allow-pass vlan 20#interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 20#return
Configuration file of P
8/10/2019 QinQ Configuration.pdf
27/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 27/76
# sysname P# vlan batch 20#interface GigabitEthernet0/0/0 port link-type trunk port trunk allow-pass vlan 20#interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 20#return
Parent topic: Configuration Examples
1.7.2 Example for Configuring Selective QinQ
Networking Requirements
As shown in Figure 1 , enterprise A has two branches that connect to the carrier network through PE1 and PE2 respectively. Enterprise A has different services, so different VLANs areassigned. Data services are transmitted in VLAN 10 to VLAN 30, and voice services aretransmitted in VLAN 31 to VLAN 50.
The requirements are as follows:
VLANs are assigned independently in enterprise A, and are independent of carrier VLANs or VLANs of other enterprises.
Traffic between two branches of enterprise A is transparently transmitted through the public network, users using the same service in different branches of enterprise A areallowed to communicate, and users using different services must be isolated.
Voice services with high priority are transmitted first.
Figure 1 Networking diagram for configuring selective QinQ
8/10/2019 QinQ Configuration.pdf
28/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 28/76
Configuration Roadmap
The configuration roadmap is as follows:
You can configure selective QinQ on the CE user-side interface and implementcommunication between two branches of enterprise A through VLAN 20 and VLAN 21
provided by the carrier.
1. Create a bridge group and add a sub-interface to the bridge group.
2. Configure VLANs allowed by the sub-interface on the user side of the CE,configure the CE user-side interface to add different outer VLAN tags to packetswith different user VLAN IDs, and re-mark voice services with high priority.
3. Add the CE interface connected to the PE, PE interface, and P interface to VLAN20 and VLAN 21 so that packets from VLAN 20 and VLAN 21 are allowed to passthrough.
Procedure
1. Create a bridge group and add a sub-interface to the bridge group.
system-view[Huawei] sysname CE1[CE1] bridge 1[CE1-bridge1] quit[CE1] interface gigabitethernet 0/0/1.1[CE1-GigabitEthernet0/0/1.1] bridge 1[CE1-GigabitEthernet0/0/1.1] bridge vlan-transmit enable[CE1-GigabitEthernet0/0/1.1] quit[CE1] interface gigabitethernet 0/0/1.2
8/10/2019 QinQ Configuration.pdf
29/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 29/76
[CE1-GigabitEthernet0/0/1.2] bridge 1[CE1-GigabitEthernet0/0/1.2] bridge vlan-transmit enable[CE1-GigabitEthernet0/0/1.2] quit
The configuration of CE2 is similar to that of CE1, and is not mentioned here.
2. Configure CE1 user-side interface to add VLAN tags to user packets and re-mark voice services with high priority.
[CE1] interface gigabitethernet 0/0/1.1
[CE1-GigabitEthernet0/0/1.1] vlan stacking vid 10 to 30 pe-vid 20[CE1-GigabitEthernet0/0/1.1] quit[CE1] interface gigabitethernet 0/0/1.2[CE1-GigabitEthernet0/0/1.2] vlan stacking vid 31 to 50 pe-vid 21 remark-8021p 7[CE1-GigabitEthernet0/0/1.2] quit
The configuration of CE2 is similar to that of CE1, and is not mentioned here.
3. Add GE0/0/0 on CE1, and GE0/0/0 and GE0/0/1 on PE1 to VLAN 20 and VLAN21 in trunk mode.
# Add GE10/0/0 on CE1 to VLAN 20 and VLAN 21 in trunk mode. The
configuration of CE2 is similar to that of CE1, and is not mentioned here.[CE1] vlan batch 20 to 21[CE1] interface gigabitethernet 0/0/0[CE1-GigabitEthernet0/0/0] port link-type trunk[CE1-GigabitEthernet0/0/0] port trunk allow-pass vlan 20 21[CE1-GigabitEthernet0/0/0] quit
# Add GE0/0/0 and GE0/0/1 on PE1 to VLAN 20 and VLAN 21 in trunk mode. Theconfigurations of PE2 and P are similar to the configuration of PE1, and are notmentioned here.
system-view[Huawei] sysname PE1[PE1] vlan batch 20 to 21[PE1] interface gigabitethernet 0/0/0[PE1-GigabitEthernet0/0/0] port link-type trunk[PE1-GigabitEthernet0/0/0] port trunk allow-pass vlan 20 21[PE1-GigabitEthernet0/0/0] quit[PE1] interface gigabitethernet 0/0/1[PE1-GigabitEthernet0/0/1] port link-type trunk[PE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 20 21[PE1-GigabitEthernet0/0/1] quit
4. Verify the configuration.
On a PC in a VLAN of a branch in enterprise A, ping a PC in the same VLAN of the other branch in enterprise A. The ping operation succeeds, indicating that usersusing the same service can communicate with each other.
Configuration Files
Configuration file of CE1
# sysname CE1# vlan batch 20 to 21#
8/10/2019 QinQ Configuration.pdf
30/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 30/76
bridge 1#interface GigabitEthernet0/0/0 port link-type trunk port trunk allow-pass vlan 20 to 21#interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/1.1 bridge 1
bridge vlan-transmit enable vlan stacking vid 10 to 30 pe-vid 20#interface GigabitEthernet0/0/1.2 bridge 1
bridge vlan-transmit enable vlan stacking vid 31 to 50 pe-vid 21 remark 8021p 7#return
Configuration file of CE2
#
sysname CE2# vlan batch 20 to 21#bridge 1#interface GigabitEthernet0/0/0 port link-type trunk port trunk allow-pass vlan 20 to 21#interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/1.1 bridge 1
bridge vlan-transmit enable vlan stacking vid 10 to 30 pe-vid 20#interface GigabitEthernet0/0/1.2 bridge 1
bridge vlan-transmit enable vlan stacking vid 31 to 50 pe-vid 21 remark 8021p 7#return
Configuration file of PE1
# sysname PE1# vlan batch 20 to 21#interface GigabitEthernet0/0/0 port link-type trunk port trunk allow-pass vlan 20 to 21#interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 20 to 21#
8/10/2019 QinQ Configuration.pdf
31/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 31/76
return
Configuration file of PE2
# sysname PE2# vlan batch 20 to 21#interface GigabitEthernet0/0/0
port link-type trunk port trunk allow-pass vlan 20 to 21#interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 20 to 21#return
Configuration file of P
# sysname P# vlan batch 20 to 21#interface GigabitEthernet0/0/0 port link-type trunk port trunk allow-pass vlan 20 to 21#interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 20 to 21#return
Parent topic: Configuration Examples
1.7.3 Example for Configuring VLL AccessThrough Dot1q Sub-interfaces
Networking Requirements
As shown in Figure 1 , CE1 and CE2 are connected to PE1 and PE2 respectively throughVLANs.
A Martini VLL is created between CE1 and CE2 so that user networks connected to CE1 andCE2 can communicate.
Figure 1 Networking diagram for configuring a sub-interface for dot1q VLAN tag termination toaccess a VLL network
8/10/2019 QinQ Configuration.pdf
32/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 32/76
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an IGP on the PE and P devices on the backbone network to ensure
reachability between them, and enable MPLS.2. Use the default tunnel policy to create an LSP and configure the LSP as the tunnel
for data transmission.
3. Enable MPLS L2VPN and create VC connections on the PEs.
4. Configure the dot1q sub-interfaces on the PE interfaces connecting to CEs toimplement VLL access.
Procedure
1. Configure IP addresses for interfaces on the CE, PE and P devices according toFigure 1 .
CE1 is used as an example.
# Configure CE1.
system-view[Huawei] sysname CE1[CE1] interface gigabitethernet 1/0/0.1[CE1-GigabitEthernet1/0/0] ip address 100.1.1.1 255.255.255.0[CE1-GigabitEthernet1/0/0] quit
The configuration details of other devices are not mentioned here.
2. Configure packets sent from CEs to PEs carry a VLAN tag.
This example uses VLAN 10.
# Configure CE1.
[CE1] interface gigabitethernet 1/0/0.1[CE1-GigabitEthernet1/0/0.1] dot1q termination vid 10[CE1-GigabitEthernet1/0/0.1] quit
# Configure CE2.
[CE2] interface gigabitethernet 1/0/0.1
8/10/2019 QinQ Configuration.pdf
33/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 33/76
[CE2-GigabitEthernet1/0/0.1] dot1q termination vid 10[CE2-GigabitEthernet1/0/0.1] quit
3. Configure IGP on the MPLS backbone network. (In this example, OSPF is used.)
When configuring OSPF, advertise the 32-bit addresses of loopback interfaces onPEs and P. The loopback interface addresses are the LSR IDs.
PE1 is used as an example.
# Configure PE1.
[PE1] ospf 1[PE1-ospf-1] area 0[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0[PE1-ospf-1-area-0.0.0.0] quit[PE1-ospf-1] quit
The configuration details of other devices are not mentioned here.
4. Configure the basic MPLS capabilities and MPLS LDP on the MPLS network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9[PE1] mpls[PE1-mpls] quit[PE1] mpls ldp[PE1-mpls-ldp] quit[PE1] interface gigabitethernet 2/0/0[PE1-GigabitEthernet2/0/0] mpls[PE1-GigabitEthernet2/0/0] mpls ldp[PE1-GigabitEthernet2/0/0] quit
# Configure the P.
[P] mpls lsr-id 2.2.2.9
[P] mpls[P-mpls] quit[P] mpls ldp[P-mpls-ldp] quit[P] interface gigabitethernet 2/0/0[P-GigabitEthernet2/0/0] mpls[P-GigabitEthernet2/0/0] mpls ldp[P-GigabitEthernet2/0/0] quit[P] interface gigabitethernet 1/0/0[P-GigabitEthernet1/0/0] mpls[P-GigabitEthernet1/0/0] mpls ldp[P-GigabitEthernet1/0/0] quit
# Configure PE2.[PE2] mpls lsr-id 3.3.3.9[PE2] mpls[PE2-mpls] quit[PE2] mpls ldp[PE2-mpls-ldp] quit[PE2] interface gigabitethernet 1/0/0[PE2-GigabitEthernet1/0/0] mpls[PE2-GigabitEthernet1/0/0] mpls ldp[PE2-GigabitEthernet1/0/0] quit
5. Set up a remote LDP session between PEs.
8/10/2019 QinQ Configuration.pdf
34/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 34/76
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration, run the display mpls ldp session command on PE1 to viewthe establishment of the LDP session. You can find that an LDP session is set up
between PE1 and PE2.
Take the display on PE1 for example.
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Passive 0000:00:11 46/45
3.3.3.9:0 Operational DU Passive 0000:00:01 8/8
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
6. Enable MPLS L2VPN and create VCs on the PEs.
# Configure PE1: Create a VC on GE1/0/0.1, which is connected to CE1.
[PE1] mpls l2vpn[PE1-l2vpn] mpls l2vpn default martini[PE1-l2vpn] quit[PE1] interface gigabitethernet 1/0/0.1[PE1-GigabitEthernet1/0/0.1] dot1q termination vid 10[PE1-GigabitEthernet1/0/0.1] mpls l2vc 3.3.3.9 101[PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2: Create a VC on GE2/0/0.1, which is connected to CE2.
[PE2] mpls l2vpn[PE2-l2vpn] mpls l2vpn default martini[PE2-l2vpn] quit[PE2] interface gigabitethernet 2/0/0.1[PE2-GigabitEthernet2/0/0.1] dot1q termination vid 10
8/10/2019 QinQ Configuration.pdf
35/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 35/76
[PE2-GigabitEthernet2/0/0.1] mpls l2vc 1.1.1.9 101[PE2-GigabitEthernet2/0/0.1] quit
7. Verify the configuration.
View the L2VPN connection information on the PEs, and you can see that an L2VCis set up and is in Up state.
Take the display on PE1 for example.
[PE1] display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up
Administrator PW : no
session state : up
AC status : up
VC state : up
Label state : 0
Token state : 0VC ID : 101
VC type : VLAN
destination : 3.3.3.9
local group ID : 0 remote group ID : 0
local VC label : 1024 remote VC label : 1024
local AC OAM State : up
local PSN OAM State : up
local forwarding state : forwarding
local status code : 0x0
remote AC OAM state : up
remote PSN OAM state : up
remote forwarding state: forwarding
remote status code : 0x0
ignore standby state : no
BFD for PW : unavailable
VCCV State : up
manual fault : not set
active state : active
8/10/2019 QinQ Configuration.pdf
36/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 36/76
forwarding entry : exist
link state : up
local VC MTU : 1500 remote VC MTU : 1500
local VCCV : alert ttl lsp-ping bfd
remote VCCV : alert ttl lsp-ping bfd
local control word : disable remote control word : disable
tunnel policy name : --
PW template name : --
primary or secondary : primary
load balance type : flow
Access-port : false
Switchover Flag : false
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL type : lsp , TNL ID : 0x5
Backup TNL type : lsp , TNL ID : 0x0
create time : 0 days, 0 hours, 27 minutes, 15 seconds
up time : 0 days, 0 hours, 2 minutes, 22 seconds
last change time : 0 days, 0 hours, 2 minutes, 22 seconds
VC last up time : 2011/09/26 15:29:03
VC total up time : 0 days, 0 hours, 2 minutes, 22 seconds
CKey : 5
NKey : 4
PW redundancy mode : frr
AdminPw interface : --
AdminPw link state : --
Diffserv Mode : uniform
Service Class : --
Color : --
DomainId : --
Domain Name : --
8/10/2019 QinQ Configuration.pdf
37/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 37/76
CE1 and CE2 can ping each other.
Take the display on CE1 for example.
[CE1] ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 100.1.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms
Configuration Files
Configuration file of CE1
# sysname CE1#interface GigabitEthernet1/0/0#interface GigabitEthernet1/0/0.1 dot1q termination vid 10 ip address 100.1.1.1 255.255.255.0#return
Configuration file of PE1
# sysname PE1#mpls lsr-id 1.1.1.9mpls#mpls l2vpn mpls l2vpn default martini#mpls ldp#mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9#interface GigabitEthernet1/0/0#interface GigabitEthernet1/0/0.1 dot1q termination vid 10 mpls l2vc 3.3.3.9 101#interface GigabitEthernet2/0/0 ip address 10.1.1.1 255.255.255.0 mpls mpls ldp#
8/10/2019 QinQ Configuration.pdf
38/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 38/76
interface LoopBack1 ip address 1.1.1.9 255.255.255.255#ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.255#return
Configuration file of P# sysname P#mpls lsr-id 2.2.2.9mpls#mpls ldp#interface GigabitEthernet1/0/0 ip address 10.2.2.2 255.255.255.0 mpls mpls ldp#interface GigabitEthernet2/0/0 ip address 10.1.1.2 255.255.255.0 mpls mpls ldp#interface LoopBack1 ip address 2.2.2.9 255.255.255.255#ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 10.2.2.0 0.0.0.255#return
Configuration file of PE2
# sysname PE2#mpls lsr-id 3.3.3.9mpls#mpls l2vpn mpls l2vpn default martini#mpls ldp#mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9#interface GigabitEthernet1/0/0 ip address 10.2.2.1 255.255.255.0 mpls mpls ldp#
8/10/2019 QinQ Configuration.pdf
39/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 39/76
interface GigabitEthernet2/0/0#interface GigabitEthernet2/0/0.1 dot1q termination vid 10 mpls l2vc 1.1.1.9 101#interface LoopBack1 ip address 3.3.3.9 255.255.255.255#ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 10.2.2.0 0.0.0.255#return
Configuration file of CE2
# sysname CE2#interface GigabitEthernet1/0/0#interface GigabitEthernet1/0/0.1 dot1q termination vid 10 ip address 100.1.1.2 255.255.255.0#return
Parent topic: Configuration Examples
1.7.4 Example for Configuring a QinQ Sub-interface to Access a VLL Network
Networking Requirements
As shown in Figure 1 , CE1 and CE2 are connected to PE1 and PE2 respectively throughVLANs.
A Martini VLL is created between CE1 and CE2 so that user networks connected to CE1 andCE2 can communicate.
Figure 1 Networking diagram for configuring a sub-interface for dot1q VLAN tag termination toaccess a VLL network
8/10/2019 QinQ Configuration.pdf
40/76
8/10/2019 QinQ Configuration.pdf
41/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 41/76
[CE2-GigabitEthernet1/0/0.1] qinq termination pe-vid 100 ce-vid 10[CE2-GigabitEthernet1/0/0.1] quit
3. Configure IGP on the MPLS backbone network. (In this example, OSPF is used.)
When configuring OSPF, advertise the 32-bit addresses of loopback interfaces onPEs and P. The loopback interface addresses are the LSR IDs.
PE1 is used as an example.
# Configure PE1.
[PE1] ospf 1[PE1-ospf-1] area 0[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0[PE1-ospf-1-area-0.0.0.0] quit[PE1-ospf-1] quit
The configuration details of other devices are not mentioned here.
4. Configure the basic MPLS capabilities and MPLS LDP on the MPLS network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9[PE1] mpls[PE1-mpls] quit[PE1] mpls ldp[PE1-mpls-ldp] quit[PE1] interface gigabitethernet 2/0/0[PE1-GigabitEthernet2/0/0] mpls[PE1-GigabitEthernet2/0/0] mpls ldp[PE1-GigabitEthernet2/0/0] quit
# Configure the P.
[P] mpls lsr-id 2.2.2.9
[P] mpls[P-mpls] quit[P] mpls ldp[P-mpls-ldp] quit[P] interface gigabitethernet 2/0/0[P-GigabitEthernet2/0/0] mpls[P-GigabitEthernet2/0/0] mpls ldp[P-GigabitEthernet2/0/0] quit[P] interface gigabitethernet 1/0/0[P-GigabitEthernet1/0/0] mpls[P-GigabitEthernet1/0/0] mpls ldp[P-GigabitEthernet1/0/0] quit
# Configure PE2.[PE2] mpls lsr-id 3.3.3.9[PE2] mpls[PE2-mpls] quit[PE2] mpls ldp[PE2-mpls-ldp] quit[PE2] interface gigabitethernet 1/0/0[PE2-GigabitEthernet1/0/0] mpls[PE2-GigabitEthernet1/0/0] mpls ldp[PE2-GigabitEthernet1/0/0] quit
5. Set up a remote LDP session between PEs.
8/10/2019 QinQ Configuration.pdf
42/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 42/76
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration, run the display mpls ldp session command on PE1 to viewthe establishment of the LDP session. You can find that an LDP session is set up
between PE1 and PE2.
Take the display on PE1 for example.
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Passive 0000:00:11 46/45
3.3.3.9:0 Operational DU Passive 0000:00:01 8/8
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
6. Enable MPLS L2VPN and create VCs on the PEs.
# Configure PE1: Create a VC on GE1/0/0.1, which is connected to CE1.
[PE1] mpls l2vpn[PE1-l2vpn] mpls l2vpn default martini
[PE1-l2vpn] quit[PE1] interface gigabitethernet 1/0/0.1[PE1-GigabitEthernet1/0/0.1] qinq termination pe-vid 100 ce-vid 10[PE1-GigabitEthernet1/0/0.1] mpls l2vc 3.3.3.9 101[PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2: Create a VC on GE2/0/0.1, which is connected to CE2.
[PE2] mpls l2vpn[PE2-l2vpn] mpls l2vpn default martini[PE2-l2vpn] quit[PE2] interface gigabitethernet 2/0/0.1[PE2-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10
8/10/2019 QinQ Configuration.pdf
43/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 43/76
[PE2-GigabitEthernet2/0/0.1] mpls l2vc 1.1.1.9 101[PE2-GigabitEthernet2/0/0.1] quit
7. Verify the configuration.
View the L2VPN connection information on the PEs, and you can see that an L2VCis set up and is in Up state.
Take the display on PE1 for example.
[PE1] display mpls l2vc interface gigabitethernet 1/0/0.1 *client interface : GigabitEthernet1/0/0.1 is up
Administrator PW : no
session state : up
AC status : up
VC state : up
Label state : 0
Token state : 0VC ID : 101
VC type : VLAN
destination : 3.3.3.9
local group ID : 0 remote group ID : 0
local VC label : 1024 remote VC label : 1024
local AC OAM State : up
local PSN OAM State : up
local forwarding state : forwarding
local status code : 0x0
remote AC OAM state : up
remote PSN OAM state : up
remote forwarding state: forwarding
remote status code : 0x0
ignore standby state : no
BFD for PW : unavailable
VCCV State : up
manual fault : not set
active state : active
8/10/2019 QinQ Configuration.pdf
44/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 44/76
forwarding entry : exist
link state : up
local VC MTU : 1500 remote VC MTU : 1500
local VCCV : alert ttl lsp-ping bfd
remote VCCV : alert ttl lsp-ping bfd
local control word : disable remote control word : disable
tunnel policy name : --
PW template name : --
primary or secondary : primary
load balance type : flow
Access-port : false
Switchover Flag : false
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL type : lsp , TNL ID : 0x5
Backup TNL type : lsp , TNL ID : 0x0
create time : 0 days, 0 hours, 27 minutes, 15 seconds
up time : 0 days, 0 hours, 2 minutes, 22 seconds
last change time : 0 days, 0 hours, 2 minutes, 22 seconds
VC last up time : 2011/09/26 15:29:03
VC total up time : 0 days, 0 hours, 2 minutes, 22 seconds
CKey : 5
NKey : 4
PW redundancy mode : frr
AdminPw interface : --
AdminPw link state : --
Diffserv Mode : uniform
Service Class : --
Color : --
DomainId : --
Domain Name : --
8/10/2019 QinQ Configuration.pdf
45/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 45/76
CE1 and CE2 can ping each other.
Take the display on CE1 for example.
[CE1] ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=28 ms --- 100.1.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/15/31 ms
Configuration Files
Configuration file of CE1
# sysname CE1#interface GigabitEthernet1/0/0#interface GigabitEthernet1/0/0.1 qinq termination pe-vid 100 ce-vid 10 ip address 100.1.1.1 255.255.255.0#return
Configuration file of PE1
# sysname PE1#mpls lsr-id 1.1.1.9mpls#mpls l2vpn mpls l2vpn default martini#mpls ldp#mpls ldp remote-peer 3.3.3.9 remote-ip 3.3.3.9#interface GigabitEthernet1/0/0#interface GigabitEthernet1/0/0.1 qinq termination pe-vid 100 ce-vid 10 mpls l2vc 3.3.3.9 101#interface GigabitEthernet2/0/0 ip address 10.1.1.1 255.255.255.0 mpls mpls ldp#
8/10/2019 QinQ Configuration.pdf
46/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 46/76
interface LoopBack1 ip address 1.1.1.9 255.255.255.255#ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 10.1.1.0 0.0.0.255#return
Configuration file of P# sysname P#mpls lsr-id 2.2.2.9mpls#mpls ldp#interface GigabitEthernet2/0/0 ip address 10.1.1.2 255.255.255.0 mpls mpls ldp#interface GigabitEthernet1/0/0 ip address 10.2.2.2 255.255.255.0 mpls mpls ldp#interface LoopBack1 ip address 2.2.2.9 255.255.255.255#ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 10.2.2.0 0.0.0.255#return
Configuration file of PE2
# sysname PE2#mpls lsr-id 3.3.3.9mpls#mpls l2vpn mpls l2vpn default martini#mpls ldp#mpls ldp remote-peer 1.1.1.9 remote-ip 1.1.1.9#interface GigabitEthernet1/0/0 ip address 10.2.2.1 255.255.255.0 mpls mpls ldp#
8/10/2019 QinQ Configuration.pdf
47/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 47/76
interface GigabitEthernet2/0/0#interface GigabitEthernet2/0/0.1 qinq termination pe-vid 100 ce-vid 10 mpls l2vc 1.1.1.9 101#interface LoopBack1 ip address 3.3.3.9 255.255.255.255#ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 10.2.2.0 0.0.0.255#return
Configuration file of CE2
# sysname CE2#interface GigabitEthernet1/0/0#interface GigabitEthernet1/0/0.1 qinq termination pe-vid 100 ce-vid 10 ip address 100.1.1.2 255.255.255.0#return
Parent topic: Configuration Examples
1.7.5 Example for Configuring a Sub-interfacefor Dot1q VLAN Tag Termination to Access anL3VPN Network
Networking Requirements
As shown in Figure 1 , CE1 and CE3 belong to VPN-A and CE2 and CE4 belong to VPN-B.The VPN target of VPN-A is 111:1, and VPN target of VPN-B is 222:2. Users in differentVPNs cannot communicate with each other.
Figure 1 Networking diagram for configuring a sub-interface for dot1q VLAN tag termination toaccess an L3VPN network
8/10/2019 QinQ Configuration.pdf
48/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 48/76
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure VPN instances on the PEs connecting to the CE on the backbonenetwork, bind the interfaces connected to CEs to the corresponding VPN instances,and specify the IP address of the interfaces connected to the CE.
2. Configure OSPF on the PEs to implement interconnection between PEs.
3. Configure basic MPLS functions and MPLS LDP, and set up MPLS LSPs.
4. Configure the Multi-protocol Extensions for Interior Border Gateway Protocol (MP-IBGP) on PEs to exchange VPN routing information.
5. Configure EBGP on CEs and PEs to exchange VPN routing information.
6. Configure dot1q sub-interfaces on the PE interfaces connected to CEs to connect thedot1q sub-interfaces to the L3VPN network.
Procedure
1. Configure OSPF on the MPLS backbone network so that the PEs and Ps cancommunicate with each other.
# Configure PE1.
system-view[Huawei] sysname PE1[PE1] interface loopback 1[PE1-LoopBack1] ip address 1.1.1.9 32[PE1-LoopBack1] quit
8/10/2019 QinQ Configuration.pdf
49/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 49/76
[PE1] interface gigabitethernet 3/0/0[PE1-GigabitEthernet3/0/0] ip address 172.1.1.1 24[PE1-GigabitEthernet3/0/0] quit[PE1] ospf 1[PE1-ospf-1] area 0[PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0[PE1-ospf-1-area-0.0.0.0] quit[PE1-ospf-1] quit
# Configure P. system-view[Huawei] sysname P[P] interface loopback 1[P-LoopBack1] ip address 2.2.2.9 32[P-LoopBack1] quit[P] interface gigabitethernet 1/0/0 [P-GigabitEthernet1/0/0] ip address 172.1.1.2 24[P-GigabitEthernet1/0/0] quit[P] interface gigabitethernet 2/0/0[P-GigabitEthernet2/0/0] ip address 172.2.1.1 24[P-GigabitEthernet2/0/0] quit
[P] ospf[P-ospf-1] area 0[P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255[P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0[P-ospf-1-area-0.0.0.0] quit[P-ospf-1] quit
# Configure PE2.
system-view[Huawei] sysname PE2[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.9 32[PE2-LoopBack1] quit[PE2] interface gigabitethernet 3/0/0 [PE2-GigabitEthernet3/0/0] ip address 172.2.1.2 24[PE2-GigabitEthernet3/0/0] quit[PE2] ospf[PE2-ospf-1] area 0[PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0[PE2-ospf-1-area-0.0.0.0] quit[PE2-ospf-1] quit
After the configuration is complete, OSPF neighbor relationships can be set up
between PE1, P, and PE2. Run the display ospf peer command. The commandoutput shows that the neighbor status is Full. Run the display ip routing-tablecommand. The command output shows that PEs have learned the routes toLoopback1 of each other.
The information displayed on PE1 is used as an example.
[PE1] display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: Public Destinations : 11 Routes : 11
8/10/2019 QinQ Configuration.pdf
50/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 50/76
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.9/32 Direct 0 0 D 127.0.0.1 LoopBack1 2.2.2.9/32 OSPF 10 1 D 172.1.1.2 GigabitEthernet3/0/0 3.3.3.9/32 OSPF 10 2 D 172.1.1.2 GigabitEthernet3/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.1.1.0/24 Direct 0 0 D 172.1.1.1 GigabitEthernet3/0/0 172.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet3/0/0 172.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet3/0/0 172.2.1.0/24 OSPF 10 2 D 172.1.1.2 GigabitEthernet3/0/0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[PE1] display ospf peer
OSPF Process 1 with Router ID 1.1.1.9 Neighbors
Area 0.0.0.0 interface 172.1.1.1(GigabitEthernet3/0/0)'s neighbors Router ID: 2.2.2.9 Address: 172.1.1.2 State: Full Mode:Nbr is Master Priority: 1
DR: 172.1.1.1 BDR: 172.1.1.2 MTU: 0Dead timer due in 37 sec Retrans timer interval: 5 Neighbor is up for 00:16:21 Authentication Sequence: [ 0 ]
2. Configure basic MPLS capabilities and MPLS LDP on the MPLS backbonenetwork to set up LDP LSPs.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9[PE1] mpls[PE1-mpls] quit[PE1] mpls ldp[PE1-mpls-ldp] quit[PE1] interface gigabitethernet 3/0/0[PE1-GigabitEthernet3/0/0] mpls[PE1-GigabitEthernet3/0/0] mpls ldp[PE1-GigabitEthernet3/0/0] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9[P] mpls[P-mpls] quit[P] mpls ldp
8/10/2019 QinQ Configuration.pdf
51/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 51/76
[P-mpls-ldp] quit[P] interface gigabitethernet 1/0/0[P-GigabitEthernet1/0/0] mpls[P-GigabitEthernet1/0/0] mpls ldp[P-GigabitEthernet1/0/0] quit[P] interface gigabitethernet 2/0/0[P-GigabitEthernet2/0/0] mpls[P-GigabitEthernet2/0/0] mpls ldp[P-GigabitEthernet2/0/0] quit
# Configure PE2.[PE2] mpls lsr-id 3.3.3.9[PE2] mpls[PE2-mpls] quit[PE2] mpls ldp[PE2-mpls-ldp] quit[PE2] interface gigabitethernet 3/0/0[PE2-GigabitEthernet3/0/0] mpls[PE2-GigabitEthernet3/0/0] mpls ldp[PE2-GigabitEthernet3/0/0] quit
After the configuration is complete, LDP sessions can be set up between PE1 and
the P and between the P and PE2. Run the display mpls ldp session command. Thecommand output shows that the Status field is Operational . Run the display mplsldp lsp command. Information about the established LDP LSPs is displayed.
The information displayed on PE1 is used as an example.
[PE1] display mpls ldp session
LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv ------------------------------------------------------------------------------ 2.2.2.9:0 Operational DU Active 0000:00:01 6/6 ------------------------------------------------------------------------------ TOTAL: 1 session(s) Found.
[PE1] display mpls ldp lsp
LDP LSP Information ------------------------------------------------------------------------------- DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterface
------------------------------------------------------------------------------- 1.1.1.9/32 3/NULL 2.2.2.9 127.0.0.1 InLoop0
*1.1.1.9/32 Liberal/1024 DS/2.2.2.92.2.2.9/32 NULL/3 - 172.1.1.2 GE3/0/0
2.2.2.9/32 1024/3 2.2.2.9 172.1.1.2 GE3/0/0
3.3.3.9/32 NULL/1025 - 172.1.1.2 GE3/0/0
8/10/2019 QinQ Configuration.pdf
52/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 52/76
3.3.3.9/32 1025/1025 2.2.2.9 172.1.1.2 GE3/0/0
------------------------------------------------------------------------------- TOTAL: 5 Normal LSP(s) Found. TOTAL: 1 Liberal LSP(s) Found. TOTAL: 0 Frr LSP(s) Found. A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale
A '*' before a UpstreamPeer means the session is stale
A '*' before a DS means the session is stale
A '*' before a NextHop means the LSP is FRR LSP
3. Configure packets sent from CEs to PEs carry a VLAN tag.
Here, the VLAN ID in packets sent by CE1 and CE3 is VLAN 10, and the VLANID in packets sent by CE2 and CE4 is VLAN 20.
# Configure CE1.
system-view[Huawei] sysname CE1[CE1] interface gigabitethernet 1/0/0.1[CE1-GigabitEthernet1/0/0.1] ip address 100.1.1.1 255.255.255.0[CE1-GigabitEthernet1/0/0.1] dot1q termination vid 10[CE1-GigabitEthernet1/0/0.1] quit
# Configure CE2.
system-view[Huawei] sysname CE2[CE2] interface gigabitethernet 1/0/0.1[CE2-GigabitEthernet1/0/0.1] ip address 100.1.1.1 255.255.255.0[CE2-GigabitEthernet1/0/0.1] dot1q termination vid 20[CE2-GigabitEthernet1/0/0.1] quit
# Configure CE3.
system-view[Huawei] sysname CE3[CE3] interface gigabitethernet 1/0/0.1[CE3-GigabitEthernet1/0/0.1] ip address 100.1.1.1 255.255.255.0[CE3-GigabitEthernet1/0/0.1] dot1q termination vid 10[CE3-GigabitEthernet1/0/0.1] quit
# Configure CE4.
system-view[Huawei] sysname CE4[CE4] interface gigabitethernet 1/0/0.1[CE4-GigabitEthernet1/0/0.1] ip address 100.1.1.1 255.255.255.0[CE4-GigabitEthernet1/0/0.1] dot1q termination vid 20[CE4-GigabitEthernet1/0/0.1] quit
4. Configure VPN instances on PEs and bind the instances to the interfaces connectedto CEs.
# Configure PE1.
[PE1] ip vpn-instance vpna
8/10/2019 QinQ Configuration.pdf
53/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 53/76
[PE1-vpn-instance-vpna] ipv4-family[PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1[PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both[PE1-vpn-instance-vpna-af-ipv4] quit[PE1-vpn-instance-vpna] quit[PE1] ip vpn-instance vpnb[PE1-vpn-instance-vpnb] ipv4-family[PE1-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2[PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both[PE1-vpn-instance-vpna-af-ipv4] quit[PE1-vpn-instance-vpnb] quit[PE1] interface gigabitethernet 1/0/0.1[PE1-GigabitEthernet1/0/0.1] ip binding vpn-instance vpna[PE1-GigabitEthernet1/0/0.1] ip address 10.1.1.2 24[PE1-GigabitEthernet1/0/0.1] dot1q termination vid 10[PE1-GigabitEthernet1/0/0.1] quit[PE1] interface gigabitethernet 2/0/0.1[PE1-GigabitEthernet2/0/0.1] ip binding vpn-instance vpnb[PE1-GigabitEthernet2/0/0.1] ip address 10.2.1.2 24[PE1-GigabitEthernet2/0/0.1] dot1q termination vid 20[PE1-GigabitEthernet2/0/0.1] quit
# Configure PE2.
[PE2] ip vpn-instance vpna[PE2-vpn-instance-vpna] ipv4-family[PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1[PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both[PE2-vpn-instance-vpna-af-ipv4] quit[PE2-vpn-instance-vpna] quit[PE2] ip vpn-instance vpnb[PE2-vpn-instance-vpnb] ipv4-family[PE2-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2[PE2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both[PE2-vpn-instance-vpnb-af-ipv4] quit[PE2-vpn-instance-vpnb] quit[PE2] interface gigabitethernet 1/0/0.1[PE2-GigabitEthernet1/0/0.1] ip binding vpn-instance vpna[PE2-GigabitEthernet1/0/0.1] ip address 10.3.1.2 24[PE2-GigabitEthernet1/0/0.1] dot1q termination vid 10[PE2-GigabitEthernet1/0/0.1] quit[PE2] interface gigabitethernet 2/0/0.1[PE2-GigabitEthernet2/0/0.1] ip binding vpn-instance vpnb[PE2-GigabitEthernet2/0/0.1] ip address 10.4.1.2 24[PE2-GigabitEthernet2/0/0.1] dot1q termination vid 20[PE2-GigabitEthernet2/0/0.1] quit
After the configuration is complete, run the display ip vpn-instance verbosecommand on the PEs to check the configuration of VPN instances. Each PE can
ping its connected CE.
NOTE:
If a PE has multiple interfaces bound to the same VPN instance, specify a source IP addresses bysetting -a source-ip-address in the ping -vpn-instance vpn-instance-name -a source-ip-address dest-ip-address command to ping the remote CE. If the source IP address is not specified, the pingoperation fails.
The information displayed on PE1 is used as an example.
[PE1] display ip vpn-instance verbose
8/10/2019 QinQ Configuration.pdf
54/76
8/10/2019 QinQ Configuration.pdf
55/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 55/76
After the configuration is complete, run the display bgp peer or display bgp vpnv4all peer command on the PEs. The command output shows that BGP peer relationships have been established between the PEs.
[PE1] display bgp peer
BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down StatePrefRcv
3.3.3.9 4 100 12 6 0 00:02:21 Established 0
[PE1] display bgp vpnv4 all peer
BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down StatePrefRcv
3.3.3.9 4 100 12 18 0 00:09:38 Established 0
6. Set up EBGP peer relationships between the PEs and CEs and import VPN routesinto BGP.
# Configure CE1.
[CE1] bgp 65410[CE1-bgp] peer 10.1.1.2 as-number 100[CE1-bgp] import-route direct[CE1-bgp] quit
NOTE:
The configuration on other CEs is similar to the configuration on CE1 and is not mentioned here.
# Configure PE1.
[PE1] bgp 100[PE1-bgp] ipv4-family vpn-instance vpna[PE1-bgp-vpna] peer 10.1.1.1 as-number 65410[PE1-bgp-vpna] import-route direct
[PE1-bgp-vpna] quit[PE1-bgp] ipv4-family vpn-instance vpnb[PE1-bgp-vpnb] peer 10.2.1.1 as-number 65420[PE1-bgp-vpnb] import-route direct[PE1-bgp-vpnb] quit[PE1-bgp] quit
NOTE:
The configuration on PE2 is similar to the configuration on PE1 and is not mentioned here.
After the configuration is complete, run the display bgp vpnv4 vpn-instance peercommand on the PEs. The command output shows that BGP peer relationships have
8/10/2019 QinQ Configuration.pdf
56/76
8/10/2019 QinQ Configuration.pdf
57/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 57/76
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.2.1.0/24 Direct 0 0 D 10.2.1.2 GigabitEthernet2/0/0 10.2.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0 10.2.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0 10.4.1.0/24 IBGP 255 0 RD 3.3.3.9 GigabitEthernet3/0/0255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
CEs in the same VPN can ping each other, whereas CEs in different VPNs cannot.
For example, CE1 can ping CE3 at 10.3.1.1 but cannot ping CE4 at 10.4.1.1.
[CE1] ping 10.3.1.1 PING 10.3.1.1: 56 data bytes, press CTRL_C to break Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=253 time=72 ms Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=253 time=34 ms Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=253 time=50 ms Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=253 time=50 ms
Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=253 time=34 ms --- 10.3.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/48/72 ms[CE1] ping 10.4.1.1 PING 10.4.1.1: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out
--- 10.4.1.1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss
Configuration Files
Configuration file of PE1
# sysname PE1#
ip vpn-instance vpna ipv4-family route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity#ip vpn-instance vpnb ipv4-family route-distinguisher 100:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity# mpls lsr-id 1.1.1.9
8/10/2019 QinQ Configuration.pdf
58/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 58/76
mpls#mpls ldp#interface GigabitEthernet1/0/0#interface GigabitEthernet1/0/0.1 dot1q termination vid 10 ip binding vpn-instance vpna ip address 10.1.1.2 255.255.255.0#interface GigabitEthernet2/0/0#interface GigabitEthernet2/0/0.1 dot1q termination vid 20 ip binding vpn-instance vpnb ip address 10.2.1.2 255.255.255.0#interface GigabitEthernet3/0/0 ip address 172.1.1.1 255.255.255.0 mpls mpls ldp
#interface LoopBack1 ip address 1.1.1.9 255.255.255.255#bgp 100 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4
policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpna import-route direct peer 10.1.1.1 as-number 65410# ipv4-family vpn-instance vpnb import-route direct peer 10.2.1.1 as-number 65420#ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 172.1.1.0 0.0.0.255#return
Configuration file of P
# sysname P# mpls lsr-id 2.2.2.9 mpls#
8/10/2019 QinQ Configuration.pdf
59/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 59/76
mpls ldp#interface GigabitEthernet1/0/0 ip address 172.1.1.2 255.255.255.0 mpls mpls ldp#interface GigabitEthernet2/0/0 ip address 172.2.1.1 255.255.255.0 mpls mpls ldp#interface LoopBack1 ip address 2.2.2.9 255.255.255.255#ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 172.1.1.0 0.0.0.255 network 172.2.1.0 0.0.0.255#return
Configuration file of PE2# sysname PE2#ip vpn-instance vpna
ipv4-familyroute-distinguisher 200:1
vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity#ip vpn-instance vpnb
ipv4-familyroute-distinguisher 200:2
vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity# mpls lsr-id 3.3.3.9 mpls#mpls ldp#interface GigabitEthernet1/0/0
#interface GigabitEthernet1/0/0.1 dot1q termination vid 10 ip binding vpn-instance vpna ip address 10.3.1.2 255.255.255.0#interface GigabitEthernet2/0/0#interface GigabitEthernet2/0/0.1 dot1q termination vid 20 ip binding vpn-instance vpnb ip address 10.4.1.2 255.255.255.0#
8/10/2019 QinQ Configuration.pdf
60/76
1/10/2014 QinQ Configuration
http://localhost:7890/printtopics.html?time=Wed%20Oct%2001%202014%2017:42:20%20GMT-0300%20(Pacific%20SA%20Daylight%20Time) 60/76
interface GigabitEthernet3/0/0 ip address 172.2.1.2 255.255.255.0 mpls mpls ldp#interface LoopBack1 ip address 3.3.3.9 255.255.25