Having never configured and netlab-ed Huawei's VRP, i have been courios if this operating system supports SR-MPLS and how it is documented. This netlab uses a 6 years old VRP NE40 appliance to find this out. At the point of writing and constructing this netlab I had no information about the state of implementation of SR MPLS on VRP operating system. This is the 2nd version of the netlab. The 1-st netlab which is not documented here in my blog used the CE12800 GNS3 appliance to find it out, and failed horribly. Use a NE40 Huawei router appliance for this GNS3 setup, or any router appliance you have available. The CE Huawei appliance does not work, actually it can be setup and configured to have SR-MPLS, but the IP forwarding or label switching using SR-MPLS using the CE12800 switches fails.

Huawei nomenclature uses:

  • NE - NetEngine - router platform
  • CE - CloudEngine - switch platform

The CE term used here in this blog entry, when used means Customer Edge router, not CloudEngine.

This is plane SR-MPLS configuration using the Huawei's NE40 router. Trying to find out how far the Segment Routing is supported among all big router vendors. And if I am lucky maybe the SRv6 for IPv4 and IPv6 if I get it working, but this will be explained in a separate blog entry. This netlab will be know for experienced network engineers using the old-school (now deprecated) LDP protocol, here LDP is replaced with SR-MPLS.

NE40 image supports SR-MPLS out of the box. This is the version used over here in GNS3:

<PE1>display version

Huawei Versatile Routing Platform Software VRP (R) software, Version 8.180 (NE40E V800R011C00SPC607B607) Copyright (C) 2012-2018 Huawei Technologies Co., Ltd. HUAWEI NE40E uptime is 0 day, 0 hour, 8 minutes SVRP Platform Version 1.0

If you happen to build this network topology use routers, not switches.

Network topology

The topology is a star topology, all links are point to point using /31 IPv4 addressing:

      PE2
       |
       |
PE1 -- P1 -- PE3
       |
       |
      RRv4

IPv4 loopback0 address overview plus the according SR index, or MPLS label index and IS-IS NSAP addressing overview:

Router IPv4 Loopack0 SR MPLS index NSAP address
P1 1.2.3.4 1234 49.0001.1234.1234.1234.00
PE1 1.1.1.1 1 49.0001.1111.1111.1111.00
PE2 2.2.2.2 2 49.0001.2222.2222.2222.00
PE3 3.3.3.3 3 49.0001.3333.3333.3333.00
RRv4 4.4.4.4 4 49.0001.4444.4444.4444.00

All PE routers have internal BGP neighorship to the BGP route reflector.

Configuration overview

Building a SR-MPLS routing topology, the routers will forward IP addresses across the core using SR-MPLS, there is no LDP involved. ALL topology routers use following protocols:

  • IPv4
  • IS-IS
  • SR-MPLS

The PE and the RR routers additionally have following protocols configured and running:

  • BGP
  • VRF

There are CE (customer edge) routers connected to each PE (provider edge) router, which are not depicted in the network topology. Each CE (customer edge) is connected to the Ethernet1/0/0 port.

The naming of the routers in the topology is self-explanatory.

Every NE40 virtual router appliance needs following command before getting its main configuration. Deconfigure the provisioned dcn feature first.

Use following command to deconfigure dcn form the NE40 routers:

sys
undo dcn
y
commit

return
save
y

Configuration

Each router configuration is fully shown. Not breaking this into distinct parts to do it step by step. The building blocks used in this network topology are listed above for each router doing its function in the topology.

P1

The (P1) provider router has no BGP configuration. This is BGP-free core, the term often used in the cisco configuration. IP packets are forwarded using MPLS labels or SR labels :

sys
#
sysname P1
#
mpls
#
mpls lsr-id 1.2.3.4
#
segment-routing 
#
isis 1
 is-level level-2
 cost-style wide
 network-entity 49.0001.1234.1234.1234.00
 segment-routing mpls
 segment-routing global-block 16000 23999
#
interface Ethernet1/0/1
 ip address 10.0.0.0 255.255.255.254
 isis enable 1
 mpls
 undo shutdown
#
interface Ethernet1/0/2
 ip address 10.0.0.2 255.255.255.254
 isis enable 1
 mpls
 undo shutdown
#
interface Ethernet1/0/3
 ip address 10.0.0.4 255.255.255.254
 isis enable 1
 mpls
 undo shutdown
#
interface Ethernet1/0/4
 ip address 10.0.0.6 255.255.255.254
 isis enable 1
 mpls
 undo shutdown
#
interface LoopBack0
 ip address 1.2.3.4 255.255.255.255
 isis enable 1
 isis prefix-sid index 1234

commit

return

save

PE1

Provider Edge router configurations. The PE1 - PE3 configuration is identical, apart from its IP configuration. Adjust the IP addressing to your liking. The Ethernet0/0/0 port is the customer facing port on each PE router. The BGP configuration is same for all routers, all are connected to the BGP route reflector, here 4.4.4.4:

sys
#
sysname PE1
#
ip vpn-instance vpn10
 ipv4-family
  route-distinguisher 1:10
  vpn-target 1:1 export-extcommunity
  vpn-target 1:1 import-extcommunity
#
mpls
#
mpls lsr-id 1.1.1.1
#
segment-routing
#
isis 1
 is-level level-2
 cost-style wide
 network-entity 49.0001.1111.1111.1111.00
 segment-routing mpls
 segment-routing global-block 16000 23999
#
interface Ethernet1/0/0
 ip binding vpn-instance vpn10
 ip address 10.10.1.1 255.255.255.0
 undo shutdown
#
interface Ethernet1/0/1
 ip address 10.0.0.1 255.255.255.254
 isis enable 1
 mpls
 undo shutdown
#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255
 isis enable 1
 isis prefix-sid index 1
#
bgp 1
 router-id 1.1.1.1
 peer 4.4.4.4 as-number 1
 peer 4.4.4.4 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo peer 4.4.4.4 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 4.4.4.4 enable
  peer 4.4.4.4 next-hop-local
 #
 ipv4-family vpn-instance vpn10
  import-route direct
#
commit

return

save
y

RRv4

BGP route reflector configuration is explained over here

On the BGP route reflector a important command is undo policy vpn-target. If the command is not denied, prefixed by undo, no IBGP routes will show int the VRF routing table on the participating PE routers:

sys
#
sysname RRv4
#
mpls
#
mpls lsr-id 4.4.4.4
#
segment-routing 
#
isis 1
 is-level level-2
 cost-style wide
 network-entity 49.0001.4444.4444.4444.00
 segment-routing mpls
 segment-routing global-block 16000 23999
#
interface Ethernet1/0/4
 ip address 10.0.0.7 255.255.255.254
 isis enable 1
 mpls
 undo shutdown
#
interface LoopBack0
 ip address 4.4.4.4 255.255.255.255
 isis enable 1
 isis prefix-sid index 4
#
bgp 1
 router-id 4.4.4.4
 peer 1.1.1.1 as-number 1
 peer 1.1.1.1 connect-interface LoopBack0
 peer 2.2.2.2 as-number 1
 peer 2.2.2.2 connect-interface LoopBack0
 peer 3.3.3.3 as-number 1
 peer 3.3.3.3 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo peer 1.1.1.1 enable
  undo peer 2.2.2.2 enable
  undo peer 3.3.3.3 enable
 #
 ipv4-family vpnv4
  undo policy vpn-target
  peer 1.1.1.1 enable
  peer 1.1.1.1 reflect-client
  peer 2.2.2.2 enable
  peer 2.2.2.2 reflect-client
  peer 3.3.3.3 enable
  peer 3.3.3.3 reflect-client
commit

return

save
y

Full router configurations

Full configurations for all routers in the network topology:

Verify

Using verification commands from the official huawei NE40 documentation

SR-MPLS label

The verifying command for IS-IS is dis seg pre mpls forw

<PE1>display segment-routing prefix mpls forwarding

  Segment Routing Prefix MPLS Forwarding Information -------------------------------------------------------------- Role : I-Ingress, T-Transit, E-Egress, I&T-Ingress And Transit   Prefix Label OutLabel Interface NextHop Role MPLSMtu Mtu State  ----------------------------------------------------------------------------------------------------------------- 1.1.1.1/32 16001 NULL Loop0 127.0.0.1 E --- 1500 Active 2.2.2.2/32 16002 16002 Ethernet1/0/1 10.0.0.0 I&T --- 1500 Active 3.3.3.3/32 16003 16003 Ethernet1/0/1 10.0.0.0 I&T --- 1500 Active 4.4.4.4/32 16004 16004 Ethernet1/0/1 10.0.0.0 I&T --- 1500 Active 1.2.3.4/32 17234 3 Ethernet1/0/1 10.0.0.0 I&T --- 1500 Active   Total information(s): 5

MPLS labels or _SR labels assigned to each routers loopback in the topology. The simple configuration looks valid and is working. You can identify in the output shown above with the configuration explained in heading of this blog entry, and correlate the output with the data described at the beginning of this blog entry.

ping LSP

Do the ping lsp command to verify the segment routing connectivity.

<PE1>ping lsp -a 1.1.1.1 -c 3 segment-routing ip 3.3.3.3 32 version draft2

  LSP PING FEC: SEGMENT ROUTING IPV4 PREFIX 3.3.3.3/32 : 100 data bytes, press CTRL_C to break Reply from 3.3.3.3: bytes=100 Sequence=1 time=6 ms Reply from 3.3.3.3: bytes=100 Sequence=2 time=5 ms Reply from 3.3.3.3: bytes=100 Sequence=3 time=4 ms   --- FEC: SEGMENT ROUTING IPV4 PREFIX 3.3.3.3/32 ping statistics --- 3 packet(s) transmitted 3 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/5/6 ms

ICMP echo reply from PE3 to PE1 on the label switched path.

BGP VRF

Verify the VRF routing table on the PE1 router.

<PE1>display ip routing-table vpn-instance vpn10

Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route  ------------------------------------------------------------------------------ Routing Table : vpn10 Destinations : 7 Routes : 7   Destination/Mask Proto Pre Cost Flags NextHop Interface   10.10.1.0/24 Direct 0 0 D 10.10.1.1 Ethernet1/0/0 10.10.1.1/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0 10.10.1.255/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0 10.10.2.0/24 IBGP 255 0 RD 2.2.2.2 Ethernet1/0/1 10.10.3.0/24 IBGP 255 0 RD 3.3.3.3 Ethernet1/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

The PE1 router has the IBGP routes in the VRF vpn10 routing table. Things work.

ICMP vrf

From the PE1 router use the ping -vpn-instance vpn10 10.10.3.10 command to verify connectivity of the CE3 router connected to the PE3 router.

<PE1>ping -vpn-instance vpn10 10.10.3.10

  PING 10.10.3.10: 56 data bytes, press CTRL_C to break Reply from 10.10.3.10: bytes=56 Sequence=1 ttl=253 time=5 ms Reply from 10.10.3.10: bytes=56 Sequence=2 ttl=253 time=4 ms Reply from 10.10.3.10: bytes=56 Sequence=3 ttl=253 time=4 ms Reply from 10.10.3.10: bytes=56 Sequence=4 ttl=253 time=5 ms Reply from 10.10.3.10: bytes=56 Sequence=5 ttl=253 time=4 ms   --- 10.10.3.10 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/4/5 ms

And the CE3 router happily replies with ICMP echo.

CE1 traceroute

Now using the connecte CE1 router lets look how the traceroute looks. It will show MPLS labels configured. The CE routers are using Cisco IOS.

CE1#traceroute 10.10.3.10

Type escape sequence to abort. Tracing the route to 10.10.3.10 VRF info: (vrf in name/id, vrf out name/id) 1 10.10.1.1 7 msec 2 msec 1 msec 2 10.0.0.0 [MPLS: Labels 16003/48060 Exp 0] 11 msec 3 msec 4 msec 3 10.10.3.1 8 msec 4 msec 5 msec 4 10.10.3.10 4 msec 4 msec 5 msec

The output shows the MPLS label 16003 which is in fact the index 3 on the loopback0 of the PE3 router. Everything works fine.

Summary

Not having real Huawei hardware on site because political decisions, I want to state that it is good to see how far Huawei with its operating system VRP has implemented the SR-MPLS already back then in the year 2018. The VRP appliance is today dated or considered old in the year of this writing, 2024 November. The VRP NE40 appliance is today already 6 years old. The hardware vendor has been far back then in implementing this. As last sentence it is fair to say Huawei's documentation is decent and usable for configuring networking labs from scratch. Having netlab-ed this from scratch it took me few days to find things out, no real configuration experience using VRP. I have configured this having really no clue at all about VRP, knowing only the used protocols which are open for any vendor, and being determined that it has to work without knowing before if it really would work.

See also

References

Huawei tends to relocate the documentation. Not sure the URL's will be working. Well cisco does the same too, if we stay with facts: