Having never configured and netlab-ed Huawei's VRP, i have been courios if this operating system supports SR-MPLS and how it is documented. This netlab uses a 6 years old VRP NE40 appliance to find this out. At the point of writing and constructing this netlab I had no information about the state of implementation of SR MPLS on VRP operating system. This is the 2nd version of the netlab. The 1-st netlab which is not documented here in my blog used the CE12800 GNS3 appliance to find it out, and failed horribly. Use a NE40 Huawei router appliance for this GNS3 setup, or any router appliance you have available. The CE Huawei appliance does not work, actually it can be setup and configured to have SR-MPLS, but the IP forwarding or label switching using SR-MPLS using the CE12800 switches fails.
Huawei nomenclature uses:
- NE - NetEngine - router platform
- CE - CloudEngine - switch platform
The CE term used here in this blog entry, when used means Customer Edge router, not CloudEngine.
This is plane SR-MPLS configuration using the Huawei's NE40 router. Trying to find out how far the Segment Routing is supported among all big router vendors. And if I am lucky maybe the SRv6 for IPv4 and IPv6 if I get it working, but this will be explained in a separate blog entry. This netlab will be know for experienced network engineers using the old-school (now deprecated) LDP protocol, here LDP is replaced with SR-MPLS.
NE40 image supports SR-MPLS out of the box. This is the version used over here in GNS3:
Huawei Versatile Routing Platform Software VRP (R) software, Version 8.180 (NE40E V800R011C00SPC607B607) Copyright (C) 2012-2018 Huawei Technologies Co., Ltd. HUAWEI NE40E uptime is 0 day, 0 hour, 8 minutes SVRP Platform Version 1.0
If you happen to build this network topology use routers, not switches.
Network topology
The topology is a star topology, all links are point to point using /31 IPv4 addressing:
PE2
|
|
PE1 -- P1 -- PE3
|
|
RRv4
IPv4 loopback0 address overview plus the according SR index, or MPLS label index and IS-IS NSAP addressing overview:
Router | IPv4 Loopack0 | SR MPLS index | NSAP address |
---|---|---|---|
P1 | 1.2.3.4 | 1234 | 49.0001.1234.1234.1234.00 |
PE1 | 1.1.1.1 | 1 | 49.0001.1111.1111.1111.00 |
PE2 | 2.2.2.2 | 2 | 49.0001.2222.2222.2222.00 |
PE3 | 3.3.3.3 | 3 | 49.0001.3333.3333.3333.00 |
RRv4 | 4.4.4.4 | 4 | 49.0001.4444.4444.4444.00 |
All PE routers have internal BGP neighorship to the BGP route reflector.
Configuration overview
Building a SR-MPLS routing topology, the routers will forward IP addresses across the core using SR-MPLS, there is no LDP involved. ALL topology routers use following protocols:
- IPv4
- IS-IS
- SR-MPLS
The PE and the RR routers additionally have following protocols configured and running:
- BGP
- VRF
There are CE (customer edge) routers connected to each PE (provider edge) router, which are not depicted in the network topology. Each CE (customer edge) is connected to the Ethernet1/0/0
port.
The naming of the routers in the topology is self-explanatory.
Every NE40 virtual router appliance needs following command before getting its main configuration. Deconfigure the provisioned dcn
feature first.
Use following command to deconfigure dcn
form the NE40 routers:
sys
undo dcn
y
commit
return
save
y
Configuration
Each router configuration is fully shown. Not breaking this into distinct parts to do it step by step. The building blocks used in this network topology are listed above for each router doing its function in the topology.
P1
The (P1) provider router has no BGP configuration. This is BGP-free core, the term often used in the cisco configuration. IP packets are forwarded using MPLS labels or SR labels :
sys
#
sysname P1
#
mpls
#
mpls lsr-id 1.2.3.4
#
segment-routing
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0001.1234.1234.1234.00
segment-routing mpls
segment-routing global-block 16000 23999
#
interface Ethernet1/0/1
ip address 10.0.0.0 255.255.255.254
isis enable 1
mpls
undo shutdown
#
interface Ethernet1/0/2
ip address 10.0.0.2 255.255.255.254
isis enable 1
mpls
undo shutdown
#
interface Ethernet1/0/3
ip address 10.0.0.4 255.255.255.254
isis enable 1
mpls
undo shutdown
#
interface Ethernet1/0/4
ip address 10.0.0.6 255.255.255.254
isis enable 1
mpls
undo shutdown
#
interface LoopBack0
ip address 1.2.3.4 255.255.255.255
isis enable 1
isis prefix-sid index 1234
commit
return
save
PE1
Provider Edge router configurations. The PE1 - PE3 configuration is identical, apart from its IP configuration. Adjust the IP addressing to your liking. The Ethernet0/0/0
port is the customer facing port on each PE router. The BGP configuration is same for all routers, all are connected to the BGP route reflector, here 4.4.4.4:
sys
#
sysname PE1
#
ip vpn-instance vpn10
ipv4-family
route-distinguisher 1:10
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls
#
mpls lsr-id 1.1.1.1
#
segment-routing
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0001.1111.1111.1111.00
segment-routing mpls
segment-routing global-block 16000 23999
#
interface Ethernet1/0/0
ip binding vpn-instance vpn10
ip address 10.10.1.1 255.255.255.0
undo shutdown
#
interface Ethernet1/0/1
ip address 10.0.0.1 255.255.255.254
isis enable 1
mpls
undo shutdown
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
isis enable 1
isis prefix-sid index 1
#
bgp 1
router-id 1.1.1.1
peer 4.4.4.4 as-number 1
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo peer 4.4.4.4 enable
#
ipv4-family vpnv4
policy vpn-target
peer 4.4.4.4 enable
peer 4.4.4.4 next-hop-local
#
ipv4-family vpn-instance vpn10
import-route direct
#
commit
return
save
y
RRv4
BGP route reflector configuration is explained over here
On the BGP route reflector a important command is undo policy vpn-target
. If the command is not denied, prefixed by undo
, no IBGP routes will show int the VRF routing table on the participating PE routers:
sys
#
sysname RRv4
#
mpls
#
mpls lsr-id 4.4.4.4
#
segment-routing
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0001.4444.4444.4444.00
segment-routing mpls
segment-routing global-block 16000 23999
#
interface Ethernet1/0/4
ip address 10.0.0.7 255.255.255.254
isis enable 1
mpls
undo shutdown
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
isis enable 1
isis prefix-sid index 4
#
bgp 1
router-id 4.4.4.4
peer 1.1.1.1 as-number 1
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 as-number 1
peer 2.2.2.2 connect-interface LoopBack0
peer 3.3.3.3 as-number 1
peer 3.3.3.3 connect-interface LoopBack0
#
ipv4-family unicast
undo peer 1.1.1.1 enable
undo peer 2.2.2.2 enable
undo peer 3.3.3.3 enable
#
ipv4-family vpnv4
undo policy vpn-target
peer 1.1.1.1 enable
peer 1.1.1.1 reflect-client
peer 2.2.2.2 enable
peer 2.2.2.2 reflect-client
peer 3.3.3.3 enable
peer 3.3.3.3 reflect-client
commit
return
save
y
Full router configurations
Full configurations for all routers in the network topology:
- P1 full configuration
- PE1 full configuration
- PE2 full configuration
- PE3 full configuration
- RRv4 full configuration
Verify
Using verification commands from the official huawei NE40 documentation
SR-MPLS label
The verifying command for IS-IS is dis seg pre mpls forw
Segment Routing Prefix MPLS Forwarding Information -------------------------------------------------------------- Role : I-Ingress, T-Transit, E-Egress, I&T-Ingress And Transit Prefix Label OutLabel Interface NextHop Role MPLSMtu Mtu State ----------------------------------------------------------------------------------------------------------------- 1.1.1.1/32 16001 NULL Loop0 127.0.0.1 E --- 1500 Active 2.2.2.2/32 16002 16002 Ethernet1/0/1 10.0.0.0 I&T --- 1500 Active 3.3.3.3/32 16003 16003 Ethernet1/0/1 10.0.0.0 I&T --- 1500 Active 4.4.4.4/32 16004 16004 Ethernet1/0/1 10.0.0.0 I&T --- 1500 Active 1.2.3.4/32 17234 3 Ethernet1/0/1 10.0.0.0 I&T --- 1500 Active Total information(s): 5
MPLS labels or _SR labels assigned to each routers loopback in the topology. The simple configuration looks valid and is working. You can identify in the output shown above with the configuration explained in heading of this blog entry, and correlate the output with the data described at the beginning of this blog entry.
ping LSP
Do the ping lsp
command to verify the segment routing connectivity.
LSP PING FEC: SEGMENT ROUTING IPV4 PREFIX 3.3.3.3/32 : 100 data bytes, press CTRL_C to break Reply from 3.3.3.3: bytes=100 Sequence=1 time=6 ms Reply from 3.3.3.3: bytes=100 Sequence=2 time=5 ms Reply from 3.3.3.3: bytes=100 Sequence=3 time=4 ms --- FEC: SEGMENT ROUTING IPV4 PREFIX 3.3.3.3/32 ping statistics --- 3 packet(s) transmitted 3 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/5/6 ms
ICMP echo reply from PE3 to PE1 on the label switched path.
BGP VRF
Verify the VRF routing table on the PE1 router.
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route ------------------------------------------------------------------------------ Routing Table : vpn10 Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.10.1.0/24 Direct 0 0 D 10.10.1.1 Ethernet1/0/0 10.10.1.1/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0 10.10.1.255/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0 10.10.2.0/24 IBGP 255 0 RD 2.2.2.2 Ethernet1/0/1 10.10.3.0/24 IBGP 255 0 RD 3.3.3.3 Ethernet1/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
The PE1 router has the IBGP routes in the VRF vpn10 routing table. Things work.
ICMP vrf
From the PE1 router use the ping -vpn-instance vpn10 10.10.3.10
command to verify connectivity of the CE3 router connected to the PE3 router.
PING 10.10.3.10: 56 data bytes, press CTRL_C to break Reply from 10.10.3.10: bytes=56 Sequence=1 ttl=253 time=5 ms Reply from 10.10.3.10: bytes=56 Sequence=2 ttl=253 time=4 ms Reply from 10.10.3.10: bytes=56 Sequence=3 ttl=253 time=4 ms Reply from 10.10.3.10: bytes=56 Sequence=4 ttl=253 time=5 ms Reply from 10.10.3.10: bytes=56 Sequence=5 ttl=253 time=4 ms --- 10.10.3.10 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/4/5 ms
And the CE3 router happily replies with ICMP echo.
CE1 traceroute
Now using the connecte CE1 router lets look how the traceroute looks. It will show MPLS labels configured. The CE routers are using Cisco IOS.
Type escape sequence to abort. Tracing the route to 10.10.3.10 VRF info: (vrf in name/id, vrf out name/id) 1 10.10.1.1 7 msec 2 msec 1 msec 2 10.0.0.0 [MPLS: Labels 16003/48060 Exp 0] 11 msec 3 msec 4 msec 3 10.10.3.1 8 msec 4 msec 5 msec 4 10.10.3.10 4 msec 4 msec 5 msec
The output shows the MPLS label 16003
which is in fact the index 3
on the loopback0 of the PE3 router. Everything works fine.
Summary
Not having real Huawei hardware on site because political decisions, I want to state that it is good to see how far Huawei with its operating system VRP has implemented the SR-MPLS already back then in the year 2018. The VRP appliance is today dated or considered old in the year of this writing, 2024 November. The VRP NE40 appliance is today already 6 years old. The hardware vendor has been far back then in implementing this. As last sentence it is fair to say Huawei's documentation is decent and usable for configuring networking labs from scratch. Having netlab-ed this from scratch it took me few days to find things out, no real configuration experience using VRP. I have configured this having really no clue at all about VRP, knowing only the used protocols which are open for any vendor, and being determined that it has to work without knowing before if it really would work.
See also
References
Huawei tends to relocate the documentation. Not sure the URL's will be working. Well cisco does the same too, if we stay with facts: