“Multi Protocol Label Switching” is a mechanism in high-performance telecommunications networks that directs data from a network node to the next node based on shortest path labels ( Labels ) instead of network addresses ( Routes ), avoiding queries complexes in a routing table.

One of the benefits of MPLS, in addition to its interoperability with different types of technologies such as E1/xDSL/ATM/Ethernet, is the possibility of “VPNs” both at Layer 2 and Layer 3.

Huawei, in its “NE” line, allows us to use MPLS + VPNs resources where the MPLS activation process itself takes place as in any other router for this purpose, being a prerequisite:

  • Properly configured IGP
  • Loopback interface properly configured with IP /32
  • Redistribution of routes in IGP

 

For MPLS activation, on the NE40, assuming the loopback IP is 10.1.1.1:

[huawei] mpls lsr-id 10.1.1.1 
[huawei] mpls 
[huawei] mpls l2vpn

After that, we need to activate the protocols on the interfaces that will be part of MPLS

interface giga0/3/22.182
 mpls
 mpls te
 mpls rsvp-te
 mpls ldp

Virtual-Ethernet

Virtual Ethernet is used when we have the need to do services of “Layer 2” e “Layer 3” on the same device.

We know that in a VLL in Martini mode for example (MPLS + L2VC), applying Layer 2 settings is not allowed (“l2 binding vsi” ou “mpls l2vc”) and Layer 3 (“ip address x.x.x.x”) in the same interface, being necessary the proper “separation” of them.

Until then, in applications of this level, it was common to “side” “Layer2/Mpls/VLLs” in Switches or dedicated equipment for this purpose, however, using the virtual-ethernet in Huawei it becomes perfectly possible to have an MPLS approach, use L2VC tunnels or VPLS’es and still do “layer3” using only the box (router) without the need for other assets for this purpose.

Using the concept of “Virtual-Ethernet” in Huawei, we created two virtual interfaces that are properly “linked” where each of them belongs to a “side” being “layer 2” and “layer3”.

 

Possible applications

  • Redundancy based on MPLS and iBGP/BGP sessions where OSPF/MPLS and BGP work on the same box.
  • MPLS based redundancy for BNG scenarios ( IPoE / PPPoE ) where OSPF/MPLS and PPPoE-Service work on the same box.
  • Scenarios for Layer2 VPNs accessing a public network.
  • Scenarios for Layer 2 VANs accessing a Layer 3 VPN.

 

Limitations

  • “VE Groups” are only supported in “Virtual System” admin.
  • There is a limitation of 3 “VE Groups” per box (in case of NE40E-M2K)

 

Configuration example 1

Consider a scenario where we want to “terminate” an L2VC tunnel and, in the same box, close an eBGP session with a remote host (inside said VLL) using virtual-ethernet. We will receive it in an L2VC with ID “301” and also use a vlan with ID “301” to close the eBGP with our remote operator.

 

Pre-requisites:

  • Communication interfaces with “UP” and “Running” network equipment
  • Communication interfaces with properly addressed network equipment
  • IGP duly aligned on all network equipment.
  • Loopbacks properly defined on all network equipment.
  • Duly closed LDP sessions on all network devices.
  • L2VPN properly aligned on the remote host.

 

Settings:

Let’s create the virtual interface, and define it with the L2 function. The VE-GROUP is the 1.

interface virtual-ethernet 0/1/1
 ve-group 1 l2-terminate

After that, let’s create the L3 pair of the virtual interface.

interface virtual-ethernet 0/2/1 
 ve-group 1 l3-access

With these configurations, we have the “VE0/1/1” and “VE0/2/1” interfaces properly associated, where the “0/2/1” interface is responsible for the “layer3” side while the “0/1/1” ” is responsible for the “layer2” side. What properly associates the interfaces is the “ve-group”, where interfaces of the same group are associated with each other.

Now, we have to close the “L2VC” with our remote operator. For this, we are going to create a subinterface with ID “301” on the “layer2” side of our “virtual-ethernets”. And after that create the L2VC VPN with the remote PE.

interface virtual-ethernet 0/1/1.301
 vlan-type dot1q 301
 description L2-Terminate 301 - L2VC Binding
 mpls l2vc 10.1.1.4 301 raw

With that, we have the “layer2” side ready. We now have to configure the “layer3” side with settings related to IP connectivity.

Let’s assume that our operator has delivered the IP 192.168.10.2/30 to close an “eBGP”, therefore, we have to create the interface “VE0/2/1.301” and configure it with this data.

interface virtual-ethernet 0/2/1.301
 vlan-type dot1q 301
 ip address 192.168.10.2 30
 description Terminacao L3 de VPN VPWS NE

As we can see, the “VE0/1/1” and “VE0/2/1” interfaces are properly associated, where the “subinterfaces” –  both are part of the same “ve-group” –  are properly associated for whatever purpose, each one performing its function according to the declared, be it “l2-terminate” or “l3-access”.

If you have questions, please contact us! We are available to help them.

 

Cordial hugs,

Gabriel Henrique

IT Consulting  Team – Made4it