Huawei HCIE Datacom Labs - Advanced IGP, BGP, MPLS VPN, EVPN

Configure fast reroute, bidirectional forwarding detection with BFD to accelerate OSPF convergence, adjust OSPF costs with route policies, and enable inter-area route filtering to shrink the LSDB.

Configure ospf on a four-router lab, with area zero for p1 and p2 and area one for p3, using loopback as router ID, process one, and verify peers and routes.

Configure isis on the P3 and P4 routers, enabling ethernet 100 interfaces and loopback zero on P4. Use area 1 and network id 49.0001.0000.0000.0003.00 to form adjacency and routing entries.

Adjust the OSPF cost on P2's Ethernet 101 to two to break the two equal-cost paths to 10.0.5.5, making the single best route through interface 100 with cost two.

Configure ospf with fast reroute on P2 to create a backup route to 10.0.5.5 via an lfa path, ensuring seamless failover when the main route through P1 fails.

Enable BFD for OSPF area zero to accelerate failover; set 500 ms timers and a multiplier of 3 on Ethernet 100 and 101 across P1 and P2.

Create the same loopback two interfaces on P1 and P2 and enable OSPF process one area zero to advertise the loopback two prefixes from both devices.

Limit OSPF equal-cost routes to one on P1 using maximum load balancing one, then verify P1 selects a single route by interface index and next-hop.

Create loopback three on P3, assign 10.3.3.3/24, and enable OSPF in area one as a broadcast interface; verify inter-area type three LSA on P1.

Configure an inter-area route filter on ABR P1 to deny 1.3.3.0/24 loopback from P3 into area zero using IP prefix list type three filter under OSPF process 1 area 1.

Advertise a default route in ISIS from P3 to P4 by configuring P3, then verify with display commands and confirm the LSP carries the default route via Ethernet 100.

Explore BGP features across a four-autonomous-system topology, configuring policies, gtsam security with authentication, route reflectors, loopback routing with communities, and outbound route filtering or ef features to control traffic.

Configure BGP between backbone and enterprise networks (HQ 650103, branch1 65001, branch2 65002; backbone 650100) using loopback 0 router IDs, static routes, and 2-hop BGP to verify with ping.

Configure Gtsam to secure BGP by TTL checks and authentication between peers, using one TTL hop and ciphered passwords to prevent spoofed BGP messages.

Configure ibgp in the backbone with P2 as route reflector and P2/P4 as clients, using a backbone peer group and loopback sources with next-hop local for IPv4 unicast routes.

Configure loopback one and loopback two on enterprise routers, advertise them in BGP, enable advertise community, and apply a routing policy to assign a specific community to loopback one.

Configure a bgp routing policy across branches to control loopback advertisements, using loopback one community filters and loopback two as-path filters, so hq learns all branch routes.

Configure bgp orf to filter outbound routes, letting P1 receive only four loopback prefixes from branches while P3 advertises loopback three to P4.

Configure MPLS and MPLS VPN in a three-branch backbone network, enabling route exchange between PS and CIS using BGP and OSPF between customer branches and PE routers.

Configure MPLS and MPLS LDP in the backbone network using ISIS routing, enable MPLS on backbone interfaces, and verify LDP adjacencies and LSP paths to establish an MPLS VPN.

Configure mp-bgp on the backbone, designate p2 as route reflector for p2 and p4 in the vpnv4 address family, enable mbgp between backbone routers, and verify peers.

Configure p1 and p2 to enable BGP routing between HQ and the backbone, using two VPN instances (vpn_in and vpn_out) to exchange customer routes and enable branch reachability.

Configure pe-ce routing for branches with vpn instances, route distinguishers, and route targets, and establish ospf and mbgp to exchange customer routes across the backbone.

Verify routes and connectivity between branches in the hcie datacom lab using bgp vpn v4, ospf, and vpn instances; troubleshoot with substitute as and validate reachability via ping.

Configure evpn to carry layer two and layer three services over mpls across a backbone and three branches, including bridge domain vpn and bgp evpn, tested in the Insp simulator.

Configure a bridge domain EVPN instance on PEs to provide layer two services over MPLS, including a VPN instance, BD mode, route distinguisher, and route target.

Configure ethernet segment between PE and CE by creating a layer-2 subinterface with dot1q encapsulation for VLAN 3 and applying rewrite pop single with bridge domain 10 for EVPN.

Establish a BGP EVPN peer relationship among three PE routers, using P2 as route reflector, configuring VPNv4 and EVPN families with reflect client settings.

Configure ce routers with vlan 3 subinterfaces on ethernet 000.1 and ip addresses 10.1.1.1/29, 1.1.1.2/29, 1.1.1.3/29 to access the l2vpn evpn, then verify connectivity.

Configure evpn layer three vpn v4 using layer 2 script, enable vpn v4 under ipv4 unicast, and verify the evpn peer with display bgp evpn peer across p2 and p4.

Configure BGP peering between P1 and P2 with two VPN instances, enabling HQ to learn routes from branches via evpn mpls routing and route distinguishers.

Configure branch peering by creating a vpn instance with route distinguisher and route target export/import for evpn, enable evpn mpls routing, bind ethernet 100, and establish p4-p3 and p2-p1 ospf/bgp.

Verify routes and confirm connectivity between branches using evpn with bgp, inspect routing tables and next hops, and validate mutual access through p1, p2, p3, p4, and hq.