Sunday , March 25 2018

basic QinQ configuration on Huawei switches

In traditional 802.1Q protocol, service provider should assign different VLAN IDs to users of different VLANs. The numer of VLANs is limited to 4094 IDs. In addition, different users cannot use the same VLAN ID.

A simple method to solve this is to implement QinQ. The QinQ technology improves the utilization of VLANs by adding another 802.1Q tag to a packet with an 802.1Q tag. In this manner, services from the private VLAN can be transparently transmitted through the public network. The ISP network only provides one VLAN ID for different VLANs from the same user network. This saves VLAN IDs of an ISP. Meanwhile, the QinQ provides a simple Layer 2 VPN solution to a small MAN or a local area networks.

QinQ tunneling on Huawei switches

Let’s assume that we have two enteprise networks. Each enterprise has two branch offices, located in different cities. As an ISP, we cannot force these enterprises to use different VLAN planning. In our case, both use VLAN 10 and our task is to transparently transmitt traffic, through ISP network, between remote offices.

What we want to achieve is to ensure communication between remote offices of each enterprise and to block communication between Enterprise_1 and Enterprise_2. We can use basic QinQ tunneling in this case. It adds the same outer VLAN tag to all the frames entering a Layer 2 port.

Read More »

RIP loop protection

I am going to show you how RIP loop protection works. Let’s take the topology from the previous post to demonstrate the features.

RIP topology

There are 2 methods of loop protection: Split Horizon and Poison Reverse.

Split Horizon

It prohibits a router to advertise a route back to neighbors, through the interface that receives the routes. Split Horizon is enabled by default on Huawei routers:

[R1]display rip 1 interface Serial 0/0/0 verbose
State : UP MTU : 500
Metricin : 0
Metricout : 1
Input : Enabled Output : Enabled
Protocol : RIPv2 Multicast
Send version : RIPv2 Multicast Packets
Receive version : RIPv2 Multicast and Broadcast Packets
Poison-reverse : Disabled

Authentication type : None
Replay Protection : Disabled

Split Horizon is disabled

Read More »

basic concept of RIP

Routing Information Protocol RIP is an interior gateway protocol IGP, implemented based on a distance-vector algorithm.

RIPv1 characteristics
  1. A classful routing protocol
  2. Uses broadcast address to update routes
  3. Uses UDP port 520 to send and receive packets

Let’s look at the captured request and response packets of RIPv1:



Read More »

Inter-VLAN communication on USG firewall

It’s time to check a firewall available in eNSP simulator. Today a simple task, just configuring inter-VLAN communication on Huawei USG5500.

Let’s look at the following topology:

Configuration roadmap:

  1. Configure L2 communication on the switch.
  2. As the switch is L2, configure subinterfaces on the firewall and enable L3 communication between different VLANs.
  3. Set IP addresses and gateways for all PCs.
  4. Create 2 security zones and configure interzone packet-filterfing to control traffic between VLANs.
  5. Security requirements for the network:
  • PC1 in VLAN100 and PC2 in VLAN200 can communicate each other.
  • PC3 in VLAN300 can access PC1 and PC2. PC1 and PC2 cannot access PC3.

Read More »

Huawei eNSP – news

After long time a new version of Huawei eNSP has been released:

Huawei eNSP

New features:

  • Support CE6800 DC switch.
  • Support any wvrp device.
  • Export vrpcfg.cfg from usg5500.

Read More »