Huawei MPLS VPN Cross-Domain Practical Solutions: Choosing the Wrong Networking Scheme Can Lead to Disaster!

A multinational company experienced a network outage for 3 days due to a misconfiguration in MPLS cross-domain settings! “Overseas branch disconnected for 3 days”! MPLS VPN cross-domain is like international express delivery—if you choose the wrong transportation route, the package will be lost! Today, we will break down Huawei’s “three cross-domain solutions”, covering everything from principles to configurations!

1. Option A: Hand-to-Hand Delivery by the Courier

Core Principle

  • “Back-to-Back VRF”: Two PE devices from different AS are directly connected, like couriers handing over packages in person.
  • “Features”: Simple configuration, suitable for small-scale cross-domain.

Practical Case: Headquarters-Branch Interconnection

“Requirement”: VPN interconnection between headquarters (AS 100) and branch (AS 200).“Configuration Steps”:

# PE configuration on AS100 side
ip vpn-instance VPN-A
route-distinguisher 100:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
interface GigabitEthernet0/0/1
ip binding vpn-instance VPN-A
ip address 10.1.1.1 30

# PE configuration on AS200 side
ip vpn-instance VPN-A
route-distinguisher 200:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
interface GigabitEthernet0/0/1
ip binding vpn-instance VPN-A
ip address 10.1.1.2 30

“Effect”: The two AS exchange VPN routes through direct connected interfaces,“suitable for small enterprises with fewer than 10 sites”

2. Option B: Intelligent Sorting at the Transfer Station

Core Principle

  • “MP-EBGP Cross-Domain”: ASBR devices exchange VPNv4 routes via MP-EBGP, like a large sorting center.
  • “Features”: Good scalability, suitable for medium scale.

Bloody Case: Carrier-Level Interconnection

“Requirement”: Carrier A (AS 100) and Carrier B (AS 200) exchange customer VPN routes.“Key Configuration”:

# ASBR configuration on AS100 side
bgp 100
peer 203.0.113.2 as-number 200
address-family vpnv4
 peer 203.0.113.2 enable
 peer 203.0.113.2 route-policy EXPORT_VPN permit

# ASBR configuration on AS200 side
bgp 200
peer 203.0.113.1 as-number 100
address-family vpnv4
 peer 203.0.113.1 enable

“Pitfall Guide”: Both ends must configure<span>route-policy</span> to filter invalid routes, otherwise it may cause route leakage!

3. Option C: Direct Access via Super Highway

Core Principle

  • “Multi-Hop MP-EBGP”: PE devices establish neighbors directly across AS, like international direct flights.
  • “Features”: Strong scalability, suitable for large multinational enterprises.

Multinational Group Networking Scheme

“Requirement”: PE devices in China and the US (AS 100/AS 200) directly exchange VPN routes.“Configuration Points”:

  1. “Underlying IGP Interconnection”: Ensure routing reachability between AS first.
  2. “Establish Multi-Hop EBGP”:
# Domestic PE configuration
bgp 100
peer 198.51.100.2 as-number 200
connect-interface LoopBack0
address-family vpnv4
 peer 198.51.100.2 enable
 peer 198.51.100.2 next-hop-local

# Foreign PE configuration
bgp 200
peer 203.0.113.1 as-number 100
connect-interface LoopBack0
address-family vpnv4
 peer 203.0.113.1 enable

“Effect”: VPN users in China and the US can communicate directly,“latency reduced by 40%”

4. Comparison Table of Three Major Solutions

“Comparison Item” Option A Option B Option C
“Configuration Complexity” ⭐⭐ ⭐⭐⭐ ⭐⭐⭐⭐
“Scalability” Up to 10 nodes Up to 100 nodes 1000+ nodes
“Typical Scenario” Enterprise branch interconnection Carrier interconnection Multinational group networking
“Routing Control Granularity” Port level ASBR level PE level
“Operational Cost” High (requires point-to-point configuration) Medium Low (centralized management)

5. Lifesaving Troubleshooting Command Package

display bgp vpnv4 all routing-table  # Check VPNv4 route propagation
display mpls lsp                     # Check label forwarding path
tracert vpn-instance VPN-A 192.168.1.1  # Trace cross-domain path
display ip routing-table vpn-instance VPN-A  # Check VRF routing table

“Classic Failure”: Route loss in Option B scheme.

# Found that ASBR did not correctly publish routes
<ASBR> display bgp vpnv4 peer  # Show neighbor status as Idle

“Fix”: Check if<span>route-policy</span> allows VPNv4 routes!

“Next Issue Revealed: Completely Replacing MPLS with SRv6, Follow Us to Stay Updated!”

Related posts

  1. MicroPython MQTT: A Non-blocking Way to Communicate with MQTT Broker
  2. Mastering Business Analysis Meetings: Essential Skills for Enterprises
  3. 10 Animated GIFs to Understand Common Bus Communication Principles
  4. Why Convert Files to Base64 for Upload?
  5. Key Summary of URL and HTTP Protocols
  6. What Did TCP Do Wrong in Abandoning HTTP 3.0?
  7. Enhancing Efficiency in Battery Swap Heavy-Duty Truck Operations
  8. Detailed Explanation of Multi-Point Drone Networking Technology
  9. Double Achievements! Witnessing the Power of ‘Team’ at Southeast University!
  10. Unveiling Low-Altitude Flight: Drones, Self-Organizing Networks, and Pilots
  11. Essential Skills for MCU Engineers: Optimizing ADC Sampling Accuracy
  12. DIY Project: Control Humidity with Raspberry Pi and Node.js
  13. Multifunctional FPGA-JTAG Overview
  14. Understanding CPU, MCU, MPU, SoC, DSP, ECU, GPU, and FPGA
  15. RT809H EMMC Data Partition Programming Guide
  16. Analysis and Verification of EtherCAT Slave Communication Link Based on FPGA
  17. Introduction to Low-Power Design in Digital ICs (Part 7)
  18. Research and Implementation of RSA Encryption Algorithm Improvement
  19. Mainstream Development Directions of Industrial Control Systems and the Significance and Value of APC Systems

Leave a Comment