HP FlexFabric 11900 Switch Series MPLS Configuration Guide Part number: 5998-5261 Software version: Release 2111 and later Document version: 6W100-20140110
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Configuring basic MPLS ·············································································································································· 1 Overview············································································································································································ 1 Basic concepts ·········································································································································
LDP configuration examples ·········································································································································· 30 LDP LSP configuration example ···························································································································· 30 Label acceptance control configuration example ······························································································ 34 Label advertisement control configuratio
Displaying and maintaining RSVP································································································································ 87 RSVP configuration examples ······································································································································· 87 Establishing an MPLS TE tunnel with RSVP-TE ···································································································· 87 RSVP GR configuration example ····
Configuring Configuring Configuring Configuring Configuring Configuring Configuring MPLS L3VPN inter-AS option B ····································································································· 156 MPLS L3VPN inter-AS option C ···································································································· 161 MPLS L3VPN carrier's carrier ······································································································· 168 nested VPN ··········
Configuring an inter-domain multi-segment PW ······························································································ 274 Configuring VPLS ···················································································································································· 281 Overview······································································································································································· 281 Basic VPLS archit
Support and other resources ·································································································································· 355 Contacting HP ······························································································································································ 355 Subscription service ············································································································································ 355 Relate
Configuring basic MPLS Unless otherwise specified, the term "interface" in this document collectively refers to VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide). Overview Multiprotocol Label Switching (MPLS) provides connection-oriented label switching over connectionless IP backbone networks.
• S—1-bit bottom of stack flag. A label stack can comprise multiple labels. The label nearest to the Layer 2 header is called the "top label," and the label nearest to the Layer 3 header is called the "bottom label." The S field is set to 1 if the label is the bottom label and set to 0 if not. • TTL—8-bit time to live field used for routing loop prevention. LSR A router that performs MPLS forwarding is a label switching router (LSR).
MPLS network architecture Figure 3 MPLS network architecture An MPLS network comprises the following types of LSRs: • Ingress LSR—Ingress LSR of packets. It labels packets entering into the MPLS network. • Transit LSR—Intermediate LSRs in the MPLS network. The transit LSRs on an LSP forward packets to the egress LSR according to labels. • Egress LSR—Egress LSR of packets. It removes labels from packets and forwards the packets to their destination networks.
Figure 4 Dynamic LSP establishment MPLS forwarding Figure 5 MPLS forwarding As shown in Figure 5, a packet is forwarded over the MPLS network in the following steps: 1. Router B (the ingress LSR) receives a packet with no label. It identifies the FIB entry that matches the destination address of the packet, pushes the outgoing label (40 in this example) to the packet, and forwards the labeled packet out of the interface VLAN-interface 20 to the next hop LSR Router C. 2.
outgoing interface VLAN-interface 40 to the next hop LSR Router E. If the LFIB entry records no outgoing interface or next hop information, Router D identifies the FIB entry by the IP header and then forwards the packet according to the FIB entry. PHP An egress node must perform two forwarding table lookups to forward a packet: two LFIB lookups (if the packet has more than one label), or one LFIB lookup and one FIB lookup (if the packet has only one label).
Configure link layer protocols to ensure connectivity at the link layer. • Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.Configure static routes or an IGP protocol to ensure IP connectivity among LSRs.To enable MPLS: • Step Enter system view. 1. Command Remarks system-view N/A By default, no LSR ID is configured. An LSR ID must be unique in an MPLS network and in IP address format.
If you do not configure the MPLS MTU of an interface, fragmentation of MPLS packets is based on the MTU of the interface without considering MPLS labels. An MPLS fragment might be larger than the interface MTU and be dropped. • Specifying the label type advertised by the egress In an MPLS network, an egress can advertise the following types of labels: • Implicit null label with a value of 3. • Explicit null label with a value of 0. • Non-null label.
Configuring TTL propagation When TTL propagation is enabled, the ingress node copies the TTL value of an IP packet to the TTL field of the label. Each LSR on the LSP decreases the label TTL value by 1. The LSR that pops the label copies the remaining label TTL value back to the IP TTL of the packet, so the IP TTL value can reflect how many hops the packet has traversed in the MPLS network. The IP tracert facility can show the real path along which the packet has traveled.
Step 1. Enter system view. Command Remarks system-view N/A By default, TTL propagation is enabled only for public-network packets. 2. Enable TTL propagation. mpls ttl propagate { public | vpn } This command affects only the propagation between IP TTL and label TTL. Within an MPLS network, TTL is always copied between the labels of an MPLS packet. After TTL propagation is enabled or disabled, execute the reset mpls ldp command to make the configuration take effect.
Task Command Display MPLS interface information. display mpls interface [ interface-type interface-number ] Display usage information about MPLS labels. display mpls label { label-value1 [ to label-value2 ] | all } Display LSP information.
Configuring a static LSP Overview A static label switched path (LSP) is established by manually specifying the incoming label and outgoing label on each node (ingress, transit, or egress node) of the forwarding path. Static LSPs consume fewer resources, but they cannot automatically adapt to network topology changes. Therefore, static LSPs are suitable for small and stable networks with simple topologies.
Step Command Remarks If you specify a next hop for the static LSP, make sure the ingress node has an active route to the specified next hop address. 2. Configure the ingress node of the static LSP. static-lsp ingress lsp-name destination dest-addr { mask | mask-length } { nexthop next-hop-addr | outgoing-interface interface-type interface-number } out-label out-label 3. Configure the transit node of the static LSP.
LSPs are unidirectional. You must configure an LSP for each direction of the data forwarding path. A route to the destination address of the LSP must be available on the ingress node, but it is not needed on transit and egress nodes. Therefore, you do not need to configure a routing protocol to ensure IP connectivity among all switches. Configuration procedure 1. Create VLANs and configure IP addresses for all interfaces, including the loopback interfaces, as shown in Figure 8. (Details not shown.) 2.
# Configure the LSP transit node, Switch B. [SwitchB] static-lsp transit CtoA in-label 40 nexthop 10.1.1.1 out-label 70 # Configure the LSP egress node, Switch A. [SwitchA] static-lsp egress CtoA in-label 70 Verifying the configuration # Use the display mpls static-lsp command on each switch to display information about static LSPs. Take Switch A as an example: [SwitchA] display mpls static-lsp Total: 2 Name FEC In/Out Label Nexthop/Out Interface State AtoC 21.1.1.0/24 NULL/30 10.1.1.
Configuring LDP Overview The Label Distribution Protocol (LDP) dynamically distributes FEC-label mapping information between LSRs to establish LSPs. Terminology LDP session Two LSRs establish a TCP-based LDP session to exchange FEC-label mappings. LDP peer Two LSRs that use LDP to exchange FEC-label mappings are LSR peers. Label spaces and LDP identifiers Label spaces include the following types: • Per-interface label space—Each interface uses a single, independent label space.
• Session messages—Establish, maintain, and terminate sessions between LDP peers, such as Initialization messages used for parameter negotiation and Keepalive messages used to maintain sessions. • Advertisement messages—Create, alter, and remove FEC-label mappings, such as Label Mapping messages used to advertise FEC-label mappings. • Notification messages—Provide advisory information and notify errors, such as Notification messages.
Figure 9 Dynamically establishing an LSP Label distribution and control Label advertisement modes Figure 10 Label advertisement modes DU mode Ingress 2) Unsolicitely distributes a label mapping for the FEC to the upstream. 1) Unsolicitely distributes a label mapping for a FEC to the upstream. Transit Egress 1) Sends a label request for a FEC to the downstream. 2) Sends a label request for the FEC to the downstream.
Label distribution control LDP controls label distribution in one of the following ways: • Independent label distribution—Distributes a FEC-label mapping to an upstream LSR at any time. An LSR might distribute a mapping for a FEC to its upstream LSR before it receives a label mapping for that FEC from its downstream LSR.
LDP GR LDP GR overview LDP Graceful Restart enables an LSR to retain MPLS forwarding entries during an LDP restart, ensuring continuous MPLS forwarding. Figure 12 LDP GR As shown in Figure 12, GR defines the following roles: • GR restarter—An LSR that performs GR. It must be GR-capable. • GR helper—A neighbor LSR that helps the GR restarter to complete GR. The device can act as a GR restarter or a GR helper.
restarter goes down, it marks the FEC-label mappings learned from the session as stale and starts the Reconnect timer received from the GR restarter. 3. After LDP completes restart, the GR restarter reestablishes an LDP session with the GR helper. If the LDP session is not set up before the Reconnect timer expires, the GR helper deletes the stale FEC-label mappings and the corresponding MPLS forwarding entries.
Tasks at a glance (Optional.) Enabling SNMP notifications for LDP Enabling LDP To enable LDP, you must enable LDP globally, and then enable LDP on relevant interfaces or configure IGP to automatically enable LDP on those interfaces. Enabling LDP globally Step Enter system view. 1. Command Remarks system-view N/A • Enable LDP for the local node and Enable LDP for the local node or for a VPN. 2. enter LDP view: mpls ldp • Enable LDP for a VPN and enter By default, LDP is disabled.
Configuring Link Hello timers Step Command Remarks 1. Enter system view. system-view N/A 2. Enter the view of the interface where you want to establish an LDP session. interface interface-type interface-number N/A 3. Configure the Link Hello hold time. mpls ldp timer hello-hold timeout By default, the Link Hello hold time is 15 seconds. 4. Configure the Link Hello interval. mpls ldp timer hello-interval interval By default, the Link Hello interval is five seconds.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Configure the Keepalive hold time. mpls ldp timer keepalive-hold timeout By default, the Keepalive hold time is 45 seconds. 4. Configure the Keepalive interval. mpls ldp timer keepalive-interval interval By default, the Keepalive interval is 15 seconds.
The LDP backoff mechanism can mitigate this problem by using an initial delay timer and a maximum delay timer. After LDP fails to establish a session with a peer LSR for the first time, LDP does not start an attempt until the initial delay timer expires. If the session setup fails again, LDP waits for two times the initial delay before the next attempt, and so forth until the maximum delay time is reached. After that, the maximum delay time will always take effect.
Use only host routes with a 32-bit mask to establish LSPs. • By default, LDP uses only host routes with a 32-bit mask to establish LSPs. The other two methods can result in more LSPs than the default policy. To change the policy, be sure that the system resources and bandwidth resources are sufficient. To configure an LSP generation policy: Step 1. Enter system view. Command Remarks system-view N/A • Enter LDP view: 2. Enter LDP view or enter LDP-VPN instance view.
Figure 14 Label advertisement control diagram A label advertisement policy on an LSR and a label acceptance policy on its upstream LSR can achieve the same purpose. HP recommends that you use label advertisement policies to reduce network load if downstream LSRs support label advertisement control. Before you configure an LDP label advertisement policy, create an IP prefix list. For information about IP prefix list configuration, see Layer 3—IP Routing Configuration Guide.
Figure 15 Label acceptance control diagram D o be la er s ilt g t f pin no ap m l A label advertisement policy on an LSR and a label acceptance policy on its upstream LSR can achieve the same purpose. HP recommends using the label advertisement policy to reduce network load. You must create an IP prefix list before you configure a label acceptance policy. For information about IP prefix list configuration, see Layer 3—IP Routing Configuration Guide.
Step Command Remarks • Enter LDP view: 2. Enter LDP view or enter LDP-VPN instance view. mpls ldp • Enter LDP-VPN instance view: N/A a. mpls ldp b. vpn-instance vpn-instance-name By default, loop detection is disabled. After loop detection is enabled, the device uses both the maximum hop count and the path vector methods to detect loops. 3. Enable loop detection. loop-detect 4. Specify the maximum hop count. maxhops hop-number By default, the maximum hop count is 32. 5.
Configuring LDP GR Before you configure LDP GR, enable LDP on the GR restarter and GR helpers. To configure LDP GR: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter LDP view. mpls ldp N/A 3. Enable LDP GR. graceful-restart By default, LDP GR is disabled. 4. Configure the Reconnect timer for LDP GR. graceful-restart timer reconnect reconnect-time By default, the Reconnect time is 120 seconds. 5. Configure the MPLS Forwarding State Holding timer for LDP GR.
Task Command Display LDP discovery information. display mpls ldp discovery [ vpn-instance vpn-instance-name ] [ interface interface-type interface-number | peer peer-lsr-id | targeted-peer peer-lsr-id ] [ verbose ] Display LDP FEC-label mapping information. display mpls ldp fec [ vpn-instance vpn-instance-name ] [ destination-address mask-length | summary ] Display LDP interface information. display mpls ldp interface [ interface-type interface-number ] Display LDP LSP information.
Configuration procedure 1. Configure IP addresses and masks for interfaces, including the loopback interfaces, as shown in Figure 16. (Details not shown.) 2. Configure OSPF on each switch to ensure IP connectivity between them: # Configure Switch A. system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.
3. 11.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 11.1.1.255/32 Direct 0 0 11.1.1.1 Vlan4 20.1.1.0/24 OSPF 10 2 10.1.1.2 Vlan2 21.1.1.0/24 OSPF 10 3 10.1.1.2 Vlan2 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 0 127.0.0.
[SwitchA] ip prefix-list switcha index 50 permit 21.1.1.0 24 [SwitchA] mpls ldp [SwitchA-ldp] lsp-trigger prefix-list switcha [SwitchA-ldp] quit # On Switch B, create IP prefix list switchb, and configure LDP to use only the routes permitted by the prefix list to establish LSPs. [SwitchB] ip prefix-list switchb index 10 permit 1.1.1.9 32 [SwitchB] ip prefix-list switchb index 20 permit 2.2.2.9 32 [SwitchB] ip prefix-list switchb index 30 permit 3.3.3.
100 bytes from 20.1.1.2: Sequence=2 time=1 ms 100 bytes from 20.1.1.2: Sequence=3 time=8 ms 100 bytes from 20.1.1.2: Sequence=4 time=2 ms 100 bytes from 20.1.1.2: Sequence=5 time=1 ms --- FEC: 21.1.1.0/24 ping statistics --5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max = 1/2/8 ms # On Switch C, test the connectivity of the LDP LSP from Switch C to Switch A. [SwitchC] ping mpls -a 21.1.1.1 ipv4 11.1.1.0 24 MPLS Ping FEC: 11.1.1.0/24 : 100 data bytes 100 bytes from 10.1.
Configuration considerations 1. Configure a routing protocol on each switch to make sure that the switches can reach each other. This example uses OSPF. 2. Enable LDP on each switch. 3. Configure LSP generation policies, so LDP establishes LSPs only for the routes 11.1.1.0/24 and 21.1.1.0/24. 4. Configure label acceptance policies, so LDP sets up LSPs only over the link Switch A—Switch B—Switch C, as follows: { { Switch A accepts only the label mapping for FEC 21.1.1.0/24 received from Switch B.
[SwitchC] mpls lsr-id 3.3.3.9 [SwitchC] mpls ldp [SwitchC-ldp] quit [SwitchC] interface vlan-interface 3 [SwitchC-Vlan-interface3] mpls enable [SwitchC-Vlan-interface3] mpls ldp enable [SwitchC-Vlan-interface3] quit [SwitchC] interface vlan-interface 7 [SwitchC-Vlan-interface7] mpls enable [SwitchC-Vlan-interface7] mpls ldp enable [SwitchC-Vlan-interface7] quit # Configure Switch D. system-view [SwitchD] mpls lsr-id 4.4.4.
# On Switch D, create IP prefix list switchd, and configure LDP to use only the routes permitted by the prefix list to establish LSPs. [SwitchD] ip prefix-list switchd index 10 permit 11.1.1.0 24 [SwitchD] ip prefix-list switchd index 20 permit 21.1.1.0 24 [SwitchD] mpls ldp [SwitchD-ldp] lsp-trigger prefix-list switchd [SwitchD-ldp] quit Configure label acceptance policies: 5. # On Switch A, create an IP prefix list prefix-from-b that permits subnet 21.1.1.0/24.
The output shows that the next hop of the LSP for FEC 21.1.1.0/24 is Switch B (10.1.1.2). The LSP has been set up over the link Switch A—Switch B—Switch C, not over the link Switch A—Switch D—Switch C. # On Switch A, test the connectivity of the LDP LSP from Switch A to Switch C. [SwitchA] ping mpls -a 11.1.1.1 ipv4 21.1.1.0 24 MPLS Ping FEC: 21.1.1.0/24 : 100 data bytes 100 bytes from 20.1.1.2: Sequence=1 time=1 ms 100 bytes from 20.1.1.2: Sequence=2 time=1 ms 100 bytes from 20.1.1.
Figure 18 Network diagram Configuration considerations 1. Configure a routing protocol on each switch to make sure the switches can reach each other. This example uses OSPF. 2. Enable LDP on each switch. 3. Configure LSP generation policies so LDP uses only the routes 11.1.1.0/24 and 21.1.1.0/24 to establish LSPs. 4. Configure label advertisement policies, so LDP sets up LSPs only over the link Switch A—Switch B—Switch C, as follows: { Switch A advertises only the label mapping for FEC 11.1.1.
[SwitchA-Vlan-interface6] mpls ldp enable [SwitchA-Vlan-interface6] quit # Configure Switch B. system-view [SwitchB] mpls lsr-id 2.2.2.9 [SwitchB] mpls ldp [SwitchB-ldp] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] mpls enable [SwitchB-Vlan-interface2] mpls ldp enable [SwitchB-Vlan-interface2] quit [SwitchB] interface vlan-interface 3 [SwitchB-Vlan-interface3] mpls enable [SwitchB-Vlan-interface3] mpls ldp enable [SwitchB-Vlan-interface3] quit # Configure Switch C.
[SwitchA-ldp] lsp-trigger prefix-list switcha [SwitchA-ldp] quit # On Switch B, create IP prefix list switchb, and configure LDP to use only the routes permitted by the prefix list to establish LSPs. [SwitchB] ip prefix-list switchb index 10 permit 11.1.1.0 24 [SwitchB] ip prefix-list switchb index 20 permit 21.1.1.
# On Switch D, create an IP prefix list prefix-to-a that denies subnet 21.1.1.0/24. Switch D uses this list to filter FEC-label mappings to be advertised to Switch A. [SwitchD] ip prefix-list prefix-to-a index 10 deny 21.1.1.0 24 [SwitchD] ip prefix-list prefix-to-a index 20 permit 0.0.0.0 0 less-equal 32 # On Switch D, create an IP prefix list peer-a that permits 1.1.1.9/32. Switch D uses this list to filter peers. [SwitchD] ip prefix-list peer-a index 10 permit 1.1.1.
FECs: 2 Ingress LSPs: 1 Transit LSPs: 1 Egress LSPs: 1 FEC In/Out Label Nexthop OutInterface 11.1.1.0/24 -/1277 20.1.1.1 Vlan-int3 1148/1277 20.1.1.1 Vlan-int3 21.1.1.0/24 1149/-/1276(L) -/1150(L) [SwitchD] display mpls ldp lsp Status Flags: * - stale, L - liberal Statistics: FECs: 2 Ingress LSPs: 0 FEC In/Out Label 11.1.1.0/24 1151/- Transit LSPs: 0 Nexthop Egress LSPs: 2 OutInterface -/1277(L) 21.1.1.
Configuring MPLS TE Overview TE and MPLS TE Network congestion can degrade the network backbone performance. It might occur when network resources are inadequate or when load distribution is unbalanced. Traffic engineering (TE) is intended to avoid the latter situation where partial congestion might occur because of improper resource allocation.
Dynamic CRLSP establishment Dynamic CRLSPs are dynamically established through a label distribution protocol (such as RSVP-TE). The label distribution protocol advertises labels to establish CRLSPs and reserves bandwidth resources on each node along the calculated path. Dynamic CRLSPs adapt to network changes and support CRLSP backup, but they require complicated configurations. The device supports the label distribution protocol of RSVP-TE for MPLS TE.
Figure 19 Diagram for make-before-break As shown in Figure 19, a CRLSP with 30 M reserved bandwidth has been set up from Router A to Router D through the path Router A—Router B—Router C—Router D. To increase the reserved bandwidth to 40 M, a new CRLSP must be set up through the path Router A— —Router E—Router C—Router D. To achieve this purpose, RSVP-TE needs to reserve 30M bandwidth for the old CRLSP and 40M bandwidth for the new CRLSP on the link Router C—Router D, but the link bandwidth is not enough.
Protocols and standards • RFC 2702, Requirements for Traffic Engineering Over MPLS • RFC 3564, Requirements for Support of Differentiated Service-aware MPLS Traffic Engineering • RFC 4124, Protocol Extensions for Support of Diffserv-aware MPLS Traffic Engineering • RFC 4125, Maximum Allocation Bandwidth Constraints Model for Diffserv-aware MPLS Traffic Engineering • RFC 4127, Russian Dolls Bandwidth Constraints Model for Diffserv-aware MPLS Traffic Engineering • ITU-T Recommendation Y.
Tasks at a glance (Required.) Perform at least one of the following tasks to configure an MPLS TE tunnel: • Configuring an MPLS TE tunnel to use a static CRLSP • Configuring an MPLS TE tunnel to use a dynamic CRLSP (Required.) Configuring static routing to direct traffic to an MPLS TE tunnel (Optional.) Configuring a bidirectional MPLS TE tunnel (Optional.) Configuring CRLSP backup Only MPLS TE tunnels established by RSVP-TE support this configuration.
Step Command Remarks 2. Create an MPLS TE tunnel interface and enter tunnel interface view. interface tunnel tunnel-number mode mpls-te By default, no tunnel interface is created. 3. Configure an IP address for the tunnel interface. ip address ip-address { mask-length | mask } By default, a tunnel interface does not have an IP address. 4. Specify the tunnel destination address. destination ip-address By default, no tunnel destination address is specified.
To configure RSVP-TE to establish an MPLS TE tunnel: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter MPLS TE tunnel interface view. interface tunnel tunnel-number [ mode mpls-te ] N/A 3. Configure MPLS TE to use RSVP-TE to establish the tunnel. mpls te signaling rsvp-te By default, MPLS TE uses RSVP-TE to establish a tunnel.
Configuring tunnel setup retry If the ingress node fails to establish an MPLS TE tunnel, it waits for the retry interval, and then tries to set up the tunnel again. It repeats this process until the tunnel is established or until the number of attempts reaches the maximum. If the tunnel cannot be established when the number of attempts reaches the maximum, the ingress waits for a longer period and then repeats the previous process. To configure tunnel setup retry: Step Command Remarks 1.
Configuring a bidirectional MPLS TE tunnel Before you create a bidirectional MPLS TE tunnel, complete the following tasks: • Disable the PHP function on both ends of the tunnel to assign a non-null label to the penultimate hop. • To set up a bidirectional MPLS TE tunnel in co-routed mode, you must specify the signaling protocol as RSVP-TE, and use the mpls te resv-style command to configure the resources reservation style as FF for the tunnel.
Step 3. Configure an associated bidirectional MPLS TE tunnel. Command Remarks mpls te bidirectional associated reverse-lsp { lsp-name lsp-name | lsr-id ingress-lsr-id tunnel-id tunnel-id } } By default, no bidirectional tunnel is configured, and tunnels established on the tunnel interface are unidirectional MPLS TE tunnels. Configuring CRLSP backup CRLSP backup provides end-to-end CRLSP protection. Only MPLS TE tunnels established through RSVP-TE support CRLSP backup.
Figure 20 Network diagram Loop0 2.2.2.2/32 Vlan-int2 3.2.1.1/24 Vlan-int1 2.1.1.2/24 Switch B Vlan-int1 2.1.1.1/24 Switch A Vlan-int2 3.2.1.2/24 Switch C Loop0 1.1.1.1/32 Loop0 3.3.3.3/32 Configuration procedure 1. Configure IP addresses and masks for interfaces. (Details not shown.) 2. Configure IS-IS to advertise interface addresses, including the loopback interface address: # Configure Switch A. system-view [SwitchA] isis 1 [SwitchA-isis-1] network-entity 00.0005.0000.0000.0001.
[SwitchC-isis-1] network-entity 00.0005.0000.0000.0003.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] isis enable 1 [SwitchC-Vlan-interface2] quit [SwitchC] interface loopback 0 [SwitchC-LoopBack0] isis enable 1 [SwitchC-LoopBack0] quit # Execute the display ip routing-table command on each switch. The output shows that the switches have learned the routes to one another, including the routes to the loopback interfaces. 3.
# Configure Switch A as the ingress node of the static CRLSP, and specify the next hop address as 2.1.1.2 and outgoing label as 20. [SwitchA] static-cr-lsp ingress static-cr-lsp-1 nexthop 2.1.1.2 out-label 20 # On Switch A, configure tunnel 0 to reference the static CRLSP static-cr-lsp-1.
Reverse-LSP name : - Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: - Class Type : - Tunnel Bandwidth : - Reserved Bandwidth : - Setup Priority : 0 Holding Priority : 0 Affinity Attr/Mask : -/- Explicit Path : - : - Backup Explicit Path : Metric Type : TE Record Route : - Record Label FRR Flag : - Backup Bandwidth Flag: - Backup Bandwidth Type: - Backup Bandwidth : - Route Pinning : - Retry Limit : 10 Retry Interval : 2 sec Reoptimization : - Reoptimization Freq : - B
Establishing an MPLS TE tunnel with RSVP-TE Network requirements Switch A, Switch B, Switch C, and Switch D run IS-IS. Use RSVP-TE to create an MPLS TE tunnel from Switch A to Switch D. Figure 21 Network diagram Device Interface IP address Device Interface IP address Switch A Loop0 1.1.1.9/32 Switch D Loop0 4.4.4.9/32 Vlan-int1 10.1.1.1/24 Vlan-int3 30.1.1.2/24 Switch B Loop0 2.2.2.9/32 Loop0 3.3.3.9/32 Vlan-int1 10.1.1.2/24 Vlan-int3 30.1.1.1/24 Vlan-int2 20.1.1.
[SwitchB-Vlan-interface1] isis enable 1 [SwitchB-Vlan-interface1] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] isis enable 1 [SwitchB-Vlan-interface2] quit [SwitchB] interface loopback 0 [SwitchB-LoopBack0] isis enable 1 [SwitchB-LoopBack0] quit # Configure Switch C. system-view [SwitchC] isis 1 [SwitchC-isis-1] network-entity 00.0005.0000.0000.0003.
# Configure Switch B. [SwitchB] mpls lsr-id 2.2.2.
[SwitchA-Tunnel1] mpls te signaling rsvp-te [SwitchA-Tunnel1] quit 5. Configure a static route on Switch A to direct the traffic destined for subnet 30.1.1.0/24 to MPLS TE tunnel 1. [SwitchA] ip route-static 30.1.1.2 24 tunnel 1 preference 1 Verifying the configuration # Execute the display interface tunnel command on Switch A. The output shows that the tunnel interface is up.
Route Pinning : Disabled Retry Limit : 10 Retry Interval : 2 sec Reoptimization : Disabled Reoptimization Freq : - Backup Type : None Backup LSP ID : - Auto Bandwidth : Disabled Auto Bandwidth Freq : - Min Bandwidth : - Max Bandwidth : - Collected Bandwidth : - # Execute the display ip routing-table command on Switch A. The output shows a static route entry with interface Tunnel 1 as the output interface.
[SwitchA-te] quit [SwitchA] rsvp [SwitchA-rsvp] quit [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] mpls enable [SwitchA-Vlan-interface1] mpls te enable [SwitchA-Vlan-interface1] rsvp enable [SwitchA-Vlan-interface1] quit # Configure Switch B. system-view [SwitchB] mpls lsr-id 2.2.2.
[SwitchD] rsvp [SwitchD-rsvp] quit [SwitchD] interface vlan-interface 3 [SwitchD-Vlan-interface3] mpls enable [SwitchD-Vlan-interface3] mpls te enable [SwitchD-Vlan-interface3] rsvp enable [SwitchD-Vlan-interface3] quit 4. Configure a co-routed bidirectional MPLS TE tunnel: # Configure Switch A as the active end of the co-routed bidirectional tunnel. [SwitchA] interface tunnel 1 mode mpls-te [SwitchA-Tunnel1] ip address 7.1.1.1 255.255.255.0 [SwitchA-Tunnel1] destination 4.4.4.
Tunnel State : Up (Main CRLSP up, Reverse CRLSP up) Tunnel Attributes : LSP ID : - Admin State : Normal Tunnel ID : 8 Ingress LSR ID Signaling : - Egress LSR ID : - : RSVP-TE Static CRLSP Name : - Resv Style : FF Tunnel mode : Co-routed, passive Reverse-LSP name : - Reverse-LSP LSR ID : 1.1.1.
Nexthop : 127.0.0.1 Out-Interface: Destination : 10.1.1.2 FEC : 10.1.1.2 Protocol : Local LSR Type : Ingress Service : - NHLFE ID : 1026 State : Active Nexthop : 10.1.1.2 Out-Interface: Vlan1 # Execute the display interface tunnel command on Switch D. The output shows that the tunnel interface is up. [SwitchD] display interface tunnel Tunnel4 current state: UP Line protocol current state: UP Description: Tunnel8 Interface The Maximum Transmit Unit is 64000 Internet Address is 8.1.1.
Explicit Path : - Backup Explicit Path : Metric Type : TE Record Route : Disabled Record Label FRR Flag : Disabled Backup Bandwidth Flag: Disabled Backup Bandwidth Type: - : Disabled Backup Bandwidth : - Route Pinning : Disabled Retry Limit : 10 Retry Interval : 2 sec Reoptimization : Disabled Reoptimization Freq : - Backup Type : None Backup LSP ID : - Auto Bandwidth : Disabled Auto Bandwidth Freq : - Min Bandwidth : - Max Bandwidth : - Collected Bandwidth : - # Execut
CRLSP backup configuration example Network requirements Switch A, Switch B, Switch C, and Switch D run IS-IS. Use RSVP-TE to establish an MPLS TE tunnel from Switch A to Switch C. Enable CRLSP hot backup for the tunnel to simultaneously establish a primary CRLSP and a backup CRLSP. When the primary CRLSP fails, traffic is switched to the backup CRLSP.
[SwitchA-Vlan-interface1] rsvp enable [SwitchA-Vlan-interface1] quit [SwitchA] interface vlan-interface 4 [SwitchA-Vlan-interface4] mpls enable [SwitchA-Vlan-interface4] mpls te enable [SwitchA-Vlan-interface4] rsvp enable [SwitchA-Vlan-interface4] quit # Perform the same configurations on Switch B, Switch C, and Switch D as on Switch A. (Details not shown.) 4.
10.1.1.2 Local -/- Vlan1 30.1.1.2 Local -/- Vlan4 # Execute the display rsvp lsp verbose command on Switch A to display the paths used by the two CRLSPs. [SwitchA] display rsvp lsp verbose Tunnel name: Tunnel3 Destination: 3.3.3.9 Source: 1.1.1.9 Tunnel ID: 3 LSP ID: 30106 LSR type: Ingress Direction: Unidirectional Setup priority: 7 Holding priority: 7 In-Label: - Out-Label: 1137 In-Interface: - Out-Interface: Vlan1 Nexthop: 10.1.1.
ket, press CTRL_C to break 1 10.1.1.2 (10.1.1.2) 1.000 ms 1.000 ms 1.000 ms 2 * * * # Shut down interface VLAN-interface 2 on Switch B, and then tracert the tunnel destination. The output shows that packets are forwarded on the CRLSP that traverses Switch D. [SwitchA] tracert –a 1.1.1.9 3.3.3.9 traceroute to 3.3.3.9 (3.3.3.9) from 9.1.1.1, 30 hops at most, 40 bytes each pac ket, press CTRL_C to break 1 30.1.1.2 (30.1.1.2) 2 * * * 3.000 ms 7.000 ms 3.
Configuring a static CRLSP Overview A static Constraint-based Routed Label Switched Path (CRLSP) is established by manually specifying the incoming label, outgoing label, and required bandwidth on each node (ingress, transit, or egress node) of the forwarding path. If the device does not have enough bandwidth resources required by a CRLSP, the CRLSP cannot be established. Static CRLSPs consume fewer resources, but they cannot automatically adapt to network topology changes.
Step 1. Enter system view. Command Remarks system-view N/A • Configure the ingress node: Use one command according to the position of a device on the network. static-cr-lsp ingress lsp-name { nexthop next-hop-addr | outgoing-interface interface-type interface-number } out-label out-label-value • Configure a transit node: 2.
Figure 24 Network diagram Loop0 2.2.2.2/32 Vlan-int2 3.2.1.1/24 Vlan-int1 2.1.1.2/24 Switch B Vlan-int1 2.1.1.1/24 Switch A Vlan-int2 3.2.1.2/24 Switch C Loop0 1.1.1.1/32 Loop0 3.3.3.3/32 Configuration procedure 1. Configure IP addresses and masks for interfaces. (Details not shown.) 2. Configure IS-IS to advertise interface addresses, including the loopback interface address: # Configure Switch A. system-view [SwitchA] isis 1 [SwitchA-isis-1] network-entity 00.0005.0000.0000.0001.
[SwitchC-isis-1] network-entity 00.0005.0000.0000.0003.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] isis enable 1 [SwitchC-Vlan-interface2] quit [SwitchC] interface loopback 0 [SwitchC-LoopBack0] isis enable 1 [SwitchC-LoopBack0] quit # Execute the display ip routing-table command on each switch. The output shows that the switches have learned the routes to one another, including the routes to the loopback interfaces. 3.
# Configure Switch A as the ingress node of the static CRLSP, and specify the next hop address as 2.1.1.2 and outgoing label as 20. [SwitchA] static-cr-lsp ingress static-cr-lsp-1 nexthop 2.1.1.2 out-label 20 # On Switch A, configure tunnel 0 to reference the static CRLSP static-cr-lsp-1.
Reverse-LSP name : - Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: - Class Type : - Tunnel Bandwidth : - Reserved Bandwidth : - Setup Priority : 0 Holding Priority : 0 Affinity Attr/Mask : -/- Explicit Path : - : - Backup Explicit Path : Metric Type : TE Record Route : - Record Label FRR Flag : - Backup Bandwidth Flag: - Backup Bandwidth Type: - Backup Bandwidth : - Route Pinning : - Retry Limit : 10 Retry Interval : 2 sec Reoptimization : - Reoptimization Freq : - B
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 1.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 2.1.1.0/24 Direct 0 0 2.1.1.1 Vlan1 2.1.1.0/32 Direct 0 0 2.1.1.1 Vlan1 2.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 2.1.1.255/32 Direct 0 0 2.1.1.1 Vlan1 2.2.2.2/32 IS_L1 15 10 2.1.1.2 Vlan1 3.2.1.0/24 Static 1 0 0.0.0.0 Tun0 3.3.3.3/32 IS_L1 15 20 2.1.1.2 Vlan1 6.1.1.0/24 Direct 0 0 6.1.1.1 Tun0 6.1.1.0/32 Direct 0 0 6.1.1.1 Tun0 6.1.1.1/32 Direct 0 0 127.0.0.
Configuring RSVP Overview The Resource Reservation Protocol (RSVP) is a signaling protocol that reserves resources on a network. Extended RSVP supports MPLS label distribution and allows resource reservation information to be transmitted with label bindings. This extended RSVP is called "RSVP-TE." RSVP-TE is a label distribution protocol for MPLS TE. It distributes MPLS labels and reserve resources on the nodes of a specific path to establish a CRLSP.
New objects added to the Resv message include: • LABEL—Advertises the label allocated by the downstream node to the upstream node. • RECORD_ROUTE—Records the path that the CRLSP actually traverses and the label allocated by each node on the path. CRLSP setup procedure Figure 25 Setting up a CRLSP Ingress Sender Egress Path Path Resv Resv Receiver As shown in Figure 25, a CRLSP is set up using the following steps: 1.
Path and Resv states to be refreshed. The Srefresh function reduces the number of refresh messages on the network and speeds up refresh message processing. Reliable RSVP message delivery An RSVP sender cannot know or retransmit lost RSVP messages. The reliable RSVP message delivery mechanism is designed to ensure reliable transmission. This mechanism requires the peer device to acknowledge each RSVP message received from the local device.
about the GR restarter and continue sending hello packets periodically to the GR restarter until the restart timer expires. If a GR helper receives a hello message from the GR restarter before the restart timer expires, the recovery timer is started and signaling packet exchange is triggered to restore the original soft state. Otherwise, all RSVP soft state information and forwarding entries relevant to the neighbor are removed.
Step Command Remarks 2. Enter RSVP view. rsvp N/A 3. Configure the refresh interval for Path and Resv messages. refresh interval interval By default, the refresh interval is 30 seconds for both path and Resv messages. 4. Configure the PSB and RSB timeout multiplier. keep-multiplier number By default, the PSB and RSB timeout multiplier is 3.
If the device receives a hello request from the neighbor, the device replies with a hello ACK message. If the device receives no hello request from the neighbor within the interval specified by the hello interval command, the device sends hello requests to the neighbor. When the number of consecutive lost hellos or erroneous hellos from the neighbor reaches the maximum (specified by the hello lost command), the device determines the neighbor is in fault.
Step Command Remarks 4. Enable RSVP authentication for the RSVP neighbor and specify the authentication key. authentication key { cipher | plain } auth-key By default, RSVP authentication is disabled. 5. Enable challenge-response handshake for the RSVP neighbor. authentication challenge By default, the challenge-response handshake function is disabled. Configure the idle timeout for the RSVP security associations with the RSVP neighbor.
Step 5. 6. Command Remarks Configure the global idle timeout for RSVP security associations. authentication lifetime life-time By default, the idle timeout is 1800 seconds (30 minutes). Specify the global RSVP authentication window size—the maximum number of authenticated RSVP messages that can be received out of sequence. authentication window-size number By default, only one authenticated RSVP message can be received out of sequence.
Displaying and maintaining RSVP Execute display commands in any view and reset commands in user view. Task Command Display RSVP information. display rsvp [ interface [ interface-type interface-number ] ] Display information about the security associations established with RSVP neighbors. display rsvp authentication [ from ip-address ] [ to ip-address ] [ verbose ] Display information about CRLSPs established through RSVP.
Figure 26 Network diagram Device Interface IP address Device Interface IP address Switch A Loop0 1.1.1.9/32 Switch D Loop0 4.4.4.9/32 Vlan-int1 10.1.1.1/24 Vlan-int3 30.1.1.2/24 Switch B Loop0 2.2.2.9/32 Loop0 3.3.3.9/32 Vlan-int1 10.1.1.2/24 Vlan-int3 30.1.1.1/24 Vlan-int2 20.1.1.1/24 Vlan-int2 20.1.1.2/24 Switch C Configuration procedure 1. Configure IP addresses and masks for interfaces. (Details not shown.) 2.
# Configure Switch C. system-view [SwitchC] isis 1 [SwitchC-isis-1] network-entity 00.0005.0000.0000.0003.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 3 [SwitchC-Vlan-interface3] isis enable 1 [SwitchC-Vlan-interface3] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] isis enable 1 [SwitchC-Vlan-interface2] quit [SwitchC] interface loopback 0 [SwitchC-LoopBack0] isis enable 1 [SwitchC-LoopBack0] quit # Configure Switch D.
[SwitchB-Vlan-interface1] mpls te enable [SwitchB-Vlan-interface1] rsvp enable [SwitchB-Vlan-interface1] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] mpls enable [SwitchB-Vlan-interface2] mpls te enable [SwitchB-Vlan-interface2] rsvp enable [SwitchB-Vlan-interface2] quit # Configure Switch C. [SwitchC] mpls lsr-id 3.3.3.
Verifying the configuration # Execute the display interface tunnel command on Switch A. The output shows that the tunnel interface is up. [SwitchA] display interface tunnel Tunnel1 Current state: UP Line protocol state: UP Description: Tunnel1 Interface Bandwidth: 64kbps Maximum Transmit Unit: 64000 Internet Address is 7.1.1.1/24 Primary Tunnel source unknown, destination 4.4.4.
Min Bandwidth : - Collected Bandwidth : - Max Bandwidth : - # Execute the display ip routing-table command on Switch A. The output shows a static route entry with interface Tunnel 1 as the output interface. RSVP GR configuration example Network requirements Switch A, Switch B, and Switch C run IS-IS. Use RSVP-TE to establish a TE tunnel from Switch A to Switch C. Configure RSVP GR on the switches to ensure continuous forwarding when a switch reboots.
[SwitchB-mpls] interface vlan-interface 1 [SwitchB-Vlan-interface1] mpls enable [SwitchB-Vlan-interface1] mpls te enable [SwitchB-Vlan-interface1] rsvp enable [SwitchB-Vlan-interface1] rsvp hello enable [SwitchB-Vlan-interface1] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] mpls enable [SwitchB-Vlan-interface2] mpls te enable [SwitchB-Vlan-interface2] rsvp enable [SwitchB-Vlan-interface2] rsvp hello enable [SwitchB-Vlan-interface2] quit # Configure Switch C.
Configuring tunnel policies Overview Tunnel policies enable a PE to forward traffic for each MPLS VPN over a preferred tunnel or over multiple tunnels when the PE has multiple tunnels to the peer PE. The tunnels supported by MPLS VPN include MPLS LSPs and MPLS TE tunnels. For more information about MPLS TE, see "Configuring MPLS TE." For more information about MPLS VPNs, see "Configuring MPLS L3VPN," "Configuring MPLS L2VPN," and "Configuring VPLS.
Figure 28 MPLS VPN tunnel selection diagram As shown in Figure 28, PE 1 and PE 2 have multiple tunnels in between and they are connected to multiple MPLS VPNs. You can control the paths for VPN traffic by using one of the following methods: • Configure multiple tunnel policies, and specify a preferred tunnel for each policy by using the preferred-path command. Apply these policies to different MPLS VPNs to forward the traffic of each VPN over a specific tunnel.
Displaying tunnel information Execute the display command in any view. Task Command Display tunnel information. display mpls tunnel { all | statistics | [ vpn-instance vpn-instance-name ] destination { tunnel-ipv4-dest | tunnel-ipv6-dest } } Tunnel policy configuration examples Preferred tunnel configuration example Network requirements PE 1 has multiple tunnels to reach PE 2: one MPLS TE tunnel on the interface Tunnel 1, and one LDP LSP tunnel. Two MPLS VPN instances, vpna and vpnb, exist on PE 1.
Configuration procedure 1. Create tunnel policy preferredte1, and configure tunnel 1 as the preferred tunnel. system-view [PE1] tunnel-policy preferredte1 [PE1-tunnel-policy-preferredte1] preferred-path tunnel 1 [PE1-tunnel-policy-preferredte1] quit 2. Create MPLS VPN instance vpna, and apply tunnel policy preferredte1 to it.
Table 1 Tunnel policies used for VPN instances VPN instance Tunnel policy vpna, vpnb Use MPLS TE tunnel Tunnel1 as the preferred tunnel. vpnc, vpnd Use MPLS TE tunnel Tunnel3 as the preferred tunnel. vpne Uses one tunnel selected in LDP LSP-MPLS TE order. Configuration procedure 1. Configure tunnel policies on PE 1: # Create tunnel policy preferredte1, and configure tunnel 1 as the preferred tunnel.
# Create MPLS VPN instance vpne, and apply tunnel policy select-lsp to it.
Configuring MPLS L3VPN This chapter describes MPLS L3VPN configuration. Overview MPLS L3VPN is a L3VPN technology used to interconnect geographically dispersed VPN sites. MPLS L3VPN uses BGP to advertise VPN routes and uses MPLS to forward VPN packets over a service provider backbone. MPLS L3VPN provides flexible networking modes, excellent scalability, and convenient support for MPLS QoS and MPLS TE.
MPLS L3VPN concepts Site A site has the following features: • A site is a group of IP systems with IP connectivity that does not rely on any service provider network. • The classification of a site depends on the topology relationship of the devices, rather than the geographical positions, though the devices at a site are, in most cases, adjacent to each other geographically. • The devices at a site can belong to multiple VPNs, which means that a site can belong to multiple VPNs.
As shown in Figure 30, a VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, followed by a four-byte IPv4 prefix. The RD and the IPv4 prefix form a unique VPN-IPv4 prefix. An RD can be in one of the following formats: • When the Type field is 0, the Administrator subfield occupies two bytes, the Assigned number subfield occupies four bytes, and the RD format is 16-bit AS number:32-bit user-defined number. For example, 100:1.
2. From the ingress PE to the egress PE: The ingress PE adds RD and route target attributes to these standard IPv4 routes to create VPN-IPv4 routes, saves them to the routing table of the VPN instance created for the CE, and advertises the VPN-IPv4 routes to the egress PE through MP-BGP. 3.
MPLS L3VPN networking schemes In MPLS L3VPNs, route target attributes are used to control the advertisement and reception of VPN routes between sites. They work independently and can be configured with multiple values to support flexible VPN access control and implement multiple types of VPN networking schemes. Basic VPN networking scheme In the simplest case, all users in a VPN form a closed user group. They can forward traffic to each other but cannot communicate with any user outside the VPN.
• All spoke PEs can receive VPN-IPv4 routes advertised by the hub PE. • The hub PE advertises the routes learned from a spoke PE to the other spoke PEs so the spoke sites can communicate with each other through the hub site. • The import target attribute of a spoke PE is different from the export target attribute of any other spoke PE. Therefore, any two spoke PEs cannot directly advertise VPN-IPv4 routes to each other or directly access each other.
Figure 34 Network diagram for extranet networking scheme VPN 1 Site 1 CE VPN 1: Import:100:1 Export:100:1 PE 1 VPN 1 PE 3 CE Site 3 PE 2 VPN 1: Import:100:1,200:1 Export:100:1,200:1 CE Site 2 VPN 2: Import:200:1 Export:200:1 VPN 2 As shown in Figure 34, route targets configured on PEs produce the following results: • PE 3 can receive VPN-IPv4 routes from PE 1 and PE 2. • PE 1 and PE 2 can receive VPN-IPv4 routes advertised by PE 3.
Figure 35 Network diagram for inter-AS option A Inter-AS option A is easy to carry out because no special configuration is required on the PEs acting as the ASBRs. However, it has limited scalability because the PEs acting as the ASBRs must manage all the VPN routes and create VPN instances on a per-VPN basis. This leads to excessive VPN-IPv4 routes on the PEs. Creating a separate subinterface for each VPN also requires additional system resources.
Figure 36 Network diagram for inter-AS option B PIB M P G IB M IB P- M P- P G IB G P G P PM Inter-AS option B has better scalability than option A. When adopting the MP-EBGP method, follow these guidelines: • ASBRs do not perform route target filtering on VPN-IPv4 routes that they receive from each other. Therefore, the ISPs in different ASs must agree on the route exchange. • VPN-IPv4 routes are exchanged only between VPN peers.
Figure 37 Network diagram for inter-AS option C P G IB P G IB To improve the scalability, you can specify an RR in each AS to maintain all VPN-IPv4 routes and to exchange VPN-IPv4 routes with PEs in the AS. The RRs in two ASs establish an inter-AS VPNv4 connection to advertise VPN-IPv4 routes, as shown in Figure 38.
session established between the routers of the Level 2 carrier. This can greatly reduce the number of routes maintained by the Level 1 carrier network. Compared with the common MPLS L3VPN, the carrier's carrier is different because of the way in which a CE of a Level 1 carrier (a Level 2 carrier) accesses a PE of the Level 1 carrier: • If the PE and the CE are in a same AS, you must configure IGP and LDP between them.
Figure 40 Scenario where the Level 2 carrier is an MPLS L3VPN service provider NOTE: If equal cost routes exist between the Level 1 carrier and the Level 2 carrier, HP recommends that you establish equal cost LSPs between them. Nested VPN The nested VPN technology exchanges VPNv4 routes between PEs and CEs of the ISP MPLS L3VPN and allows a customer to manage its own internal VPNs. Figure 41 shows a nested VPN network. On the service provider's MPLS VPN network, there is a customer VPN named VPN A.
Figure 41 Network diagram for nested VPN P VPN A CE 8 Provider PE Provider MPLS VPN backbone Provider PE VPN A-2 VPN A-1 CE 2 CE 1 Customer MPLS VPN network Customer MPLS VPN Customer PE Customer PE CE 3 VPN A-1 CE 7 CE 5 CE 4 VPN A-1 VPN A-2 CE 6 VPN A-2 Propagation of routing information In a nested VPN network, routing information is propagated by using the following process: 1. A provider PE and its CEs exchange VPNv4 routes, which carry information about customer VPNs. 2.
Nested VPN is flexible and easy to implement. It reduces networking costs, provides diversified VPN networking methods for customers, and allows for multi-level hierarchical access control over internal VPNs. HoVPN In MPLS L3VPN solutions, PEs are the key devices, which provide the following functions: • User access, requiring that the PEs must have a large number of interfaces.
• A UPE provides user access. It maintains the routes of directly connected VPN sites. It does not maintain the routes of the remote sites in the VPN, or it only maintains their summary routes. A UPE assigns inner labels to the routes of its directly connected sites, and advertises the labels along with VPN routes to the SPE through MP-BGP. • An SPE manages and advertises VPN routes. It maintains all the routes of the VPNs connected through UPEs, including the routes of both the local and remote sites.
MP-BGP advertises all the VPN routes of UPEs to the SPEs, and advertises the default routes of the VPN instance of the SPEs or the VPN routes permitted by the routing policies to the UPEs. The SPE maintains the VPN routes of all sites in the HoVPN. Each UPE maintains only VPN routes of its directly connected sites. An MPE has fewer routes than the SPE but has more routes than a UPE. OSPF VPN extension This section describes the OSPF VPN extension.
Figure 44 Application of OSPF in VPN With the standard BGP/OSPF interaction, PE 2 advertises the BGP VPN routes to CE 21 and CE 22 in Type 5 LSAs (ASE LSAs). However, CE 11, CE 21, and CE 22 belong to the same OSPF domain, and route advertisements between them should use Type 3 LSAs (inter-area routes). With the extended BGP/OSPF interaction, PEs advertise routes from one site to another site in Type 3 LSAs.
Figure 45 Network diagram for sham link To use the inter-area route, you can establish a sham link between the two PEs to change the inter-area route to an intra-area route. The sham link is advertised in a Type 1 LSA as an intra-area point-to-point link. You can also select the sham link or the backdoor link by adjusting their costs. The sham link is considered a link between the two VPN instances.
Figure 46 Application of BGP AS number substitution CE 3 PE 1 EBGP_Update: 10.1.0.0/16 AS_PATH: 800 AS 100 MPLS backbone PE 2 VPNv4_Update: 10.1.0.0/16 RD: 100:1 AS_PATH: 800 AS 800 Site 2 EBGP_Update: 10.1.0.0/16 AS_PATH: 100, 100 CE 1 AS 800 Site 1 CE 2 In Figure 46, both Site and Site 2 use the AS number 800. AS number substitution is enabled on PE 2 for CE 2. Before advertising updates received from CE 1 to CE 2, PE 2 substitutes its own AS number 100 for the AS number 800.
Tasks at a glance 2. (Required.) Associating a VPN instance with an interface 3. (Optional.) Configuring route related attributes for a VPN instance (Required.) Configuring routing between a PE and a CE (Required.) Configuring routing between PEs (Optional.) Configuring BGP VPNv4 route control Configuration prerequisites Before you configure basic MPLS L3VPN, complete the following tasks: • Configure an IGP for the MPLS backbone (on the PEs and Ps) to ensure IP connectivity.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A By default, no VPN instance is associated with an interface. Associate a VPN instance with the interface. 3. ip binding vpn-instance vpn-instance-name The ip binding vpn-instance command deletes the IP address of the current interface. You must reconfigure an IP address for the interface after configuring the command.
Step Command Remarks By default, all routes matching the import target attribute are accepted. 5. Apply an import routing policy. import route-policy route-policy The specified routing policy must have been created. For information about routing policies, see Layer 3—IP Routing Configuration Guide. By default, routes to be advertised are not filtered. 6. 7. Apply an export routing policy. Apply a tunnel policy to the VPN instance.
Step Command Remarks 1. Enter system view. system-view N/A 2. Create a RIP process for a VPN instance and enter RIP view. rip [ process-id ] vpn-instance vpn-instance-name Perform this configuration on the PE. On the CE, create a common RIP process. 3. Enable RIP on the interface attached to the specified network. network network-address By default, RIP is disabled on an interface.
Step Command Remarks The defaults are as follows: Configure the type codes of OSPF extended community attributes. 4. ext-community-type { domain-id type-code1 | router-id type-code2 | route-type type-code3 } • 0x0005 for Domain ID. • 0x0107 for Router ID. • 0x0306 for Route Type. Perform this configuration on the PE. 5. Create an OSPF area and enter area view. area area-id By default, no OSPF area is created. 6. Enable OSPF on the interface attached to the specified network in the area.
Step Command Remarks By default, no BGP peer is configured. 4. Configure the CE as the VPN EBGP peer. peer { group-name | ip-address } as-number as-number 5. Create and enter BGP VPN IPv4 unicast family view. address-family ipv4 [ unicast ] N/A 6. Enable IPv4 unicast route exchange with the specified peer or peer group. peer { group-name | ip-address } enable By default, BGP does not exchange IPv4 unicast routes with any peer. Redistribute the routes of the local CE.
Step (Optional.) Configure route redistribution. 6. Command Remarks import-route protocol [ { process-id | all-processes } [ med med-value | route-policy route-policy-name ] * ] A CE must redistribute its routes to the PE so the PE can advertise them to the peer CE. Configuring IBGP between a PE and a CE Use IBGP between PE and CE only in a basic MPLS L3VPN network. In networks such as Hub&Spoke, Extranet, inter-AS VPN, carrier's carrier, nested VPN, and HoVPN, you cannot use IBGP between PE and CE.
2. Configure the CE: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Configure the PE as an IBGP peer. peer { group-name | ip-address } as-number as-number By default, no BGP peer is created. 4. Create and enter BGP IPv4 unicast family view. address-family ipv4 [ unicast ] N/A 5. Enable IPv4 unicast route exchange with the specified peer or peer group.
Step Command Remarks 3. Enter BGP-VPNv4 address family view. address-family vpnv4 N/A 4. Configure filtering of advertised routes. filter-policy { acl-number | prefix-list prefix-list-name } export [ protocol process-id ] Optional. 5. Configure filtering of received routes. filter-policy { acl-number | prefix-list prefix-list-name } import 6. Advertise community attributes to a peer or peer group. peer { group-name | ip-address } advertise-community 7.
Step Command Remarks 15. Apply a prefix list to filter routes received from or advertised to a peer or peer group. peer { group-name | ip-address } prefix-list prefix-list-name { export | import } By default, no prefix list based filtering is configured. Optional. 16. Configure BGP updates advertised to an EBGP peer or peer group to carry only public AS numbers. peer { group-name | ip-address } public-as-only 17.
Configuring inter-AS option A Inter-AS option A applies to scenarios with a few VPNs. To configure inter-AS option A, create VPN instances on PEs and ASBR-PEs. The VPN instances on PEs are used to allow CEs to access the network, and the VPN instances on ASBR-PEs are used to access the peer ASBR-PEs. An ASBR-PE considers the peer ASBR-PE as a CE.
Configuring a PE Establish an ordinary IBGP peer relationship between a PE and an ASBR-PE in an AS, and an MP-EBGP peer relationship between PEs of different ASs. The PEs and ASBR-PEs in an AS must be able to exchange labeled IPv4 routes. To configure a PE for inter-AS option C: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Configure the ASBR-PE in the same AS as an IBGP peer.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Configure the PE in the same AS as an IBGP peer. peer { group-name | ip-address } as-number as-number By default, no BGP peer is created. 4. Configure the peer ASBR-PE as an EBGP peer. peer { group-name | ip-address } as-number as-number By default, no BGP peer is created. 5. Enter BGP IPv4 unicast address family view. address-family ipv4 [ unicast ] N/A 6.
To build a nested VPN network, perform the following configurations: • Configurations between customer PE and customer CE—Configure VPN instances on the customer PE and configure route exchange between customer PE and customer CE. • Configurations between customer PE and provider CE—Configure BGP VPNv4 route exchange between them.
Do not configure the peer default-route-advertise vpn-instance and peer upe route-policy commands at the same time. Do not connect an SPE to a CE directly. If an SPE must be directly connected to a CE, the VPN instance on the SPE and that on the UPE must be configured with different RDs. To configure HoVPN: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Specify a BGP peer or peer group.
Configuring a loopback interface Step Command Remarks 1. Enter system view. system-view N/A 2. Create a loopback interface and enter loopback interface view. interface loopback interface-number N/A 3. Bind the loopback interface to a VPN instance. ip binding vpn-instance vpn-instance-name By default, the interface is associated with no VPN instance. 4. Configure the address of the loopback interface.
Step Command Remarks 5. sham-link source-ip-address destination-ip-address [ cost cost | dead dead-interval | hello hello-interval | { { hmac-md5 | md5 } key-id { cipher cipher-string | plain plain-string } | simple { cipher cipher-string | plain plain-string } } | retransmit retrans-interval | trans-delay delay ] * By default, no sham link is configured. Configure a sham link.
Step 5. Command Enable the BGP AS number substitution function. peer { ip-address | group-name } substitute-as Remarks By default, BGP AS number substitution is disabled. For more information about this command, see Layer 3—IP Routing Command Reference. Enabling SNMP notifications for MPLS L3VPN This feature enables generating SNMP notifications for MPLS L3VPN when important events occur (for example, when the maximum number of routes in a VPN instance is exceeded), as defined in RFC 4382.
Task Command Remarks Display the routing table for a VPN instance. For more information about this command, see Layer 3—IP Routing Command Reference. display ip routing-table vpn-instance vpn-instance-name [ statistics | verbose ] Available in any view. Display information about a specified or all VPN instances. display ip vpn-instance [ instance-name vpn-instance-name ] Available in any view. Display the FIB of a VPN instance. display fib vpn-instance vpn-instance-name Available in any view.
Task Command Remarks Display BGP VPNv4 route statistics. display bgp routing-table vpnv4 statistics Available in any view. Display BGP VPNv4 address family update group information. display bgp update-group vpnv4 [ vpn-instance vpn-instance-name ] [ ip-address ] Available in any view. Display OSPF sham link information (in standalone mode). display ospf [ process-id ] sham-link [ area area-id ] [ standby slot slot-number ] Available in any view. Display OSPF sham link information (in IRF mode).
Vlan-int13 172.1.1.1/24 Loop0 3.3.3.9/32 Vlan-int12 10.2.1.2/24 PE 2 Vlan-int12 172.2.1.2/24 CE 2 Vlan-int12 10.2.1.1/24 Vlan-int11 10.3.1.2/24 CE 3 Vlan-int11 10.3.1.1/24 Vlan-int13 10.4.1.2/24 CE 4 Vlan-int13 10.4.1.1/24 Configuration procedure 1. Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone: # Configure PE 1. system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.
[PE2-Vlan-interface12] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit # Execute the display ospf peer command to verify that OSPF adjacencies in Full state have been established between PE 1, P, and PE 2. Execute the display ip routing-table command to verify that the PEs have learned the routes to the loopback interfaces of each other.
[PE1-Vlan-interface13] mpls enable [PE1-Vlan-interface13] mpls ldp enable [PE1-Vlan-interface13] quit # Configure the P device. [P] mpls lsr-id 2.2.2.9 [P] mpls ldp [P-ldp] quit [P] interface vlan-interface 13 [P-Vlan-interface13] mpls enable [P-Vlan-interface13] mpls ldp enable [P-Vlan-interface13] quit [P] interface vlan-interface 12 [P-Vlan-interface12] mpls enable [P-Vlan0interface12] mpls ldp enable [P-Vlan-interface12] quit # Configure PE 2. [PE2] mpls lsr-id 3.3.3.
[PE1-vpn-instance-vpn1] quit [PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:2 [PE1-vpn-instance-vpn2] vpn-target 222:2 [PE1-vpn-instance-vpn2] quit [PE1] interface vlan-interface 11 [PE1-Vlan-interface11] ip binding vpn-instance vpn1 [PE1-Vlan-interface11] ip address 10.1.1.2 24 [PE1-Vlan-interface11] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip binding vpn-instance vpn2 [PE1-Vlan-interface12] ip address 10.2.1.
--- Ping statistics for 10.1.1.1 --5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/stddev = 0.000/0.800/2.000/0.748 ms 4. Establish EBGP peer relationships between PEs and CEs, and redistribute VPN routes into BGP: # Configure CE 1. system-view [CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] address-family ipv4 unicast [CE1-bgp-ipv4] peer 10.1.1.
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 0 [PE1-bgp] address-family vpnv4 [PE1-bgp-vpnv4] peer 3.3.3.9 enable [PE1-bgp-vpnv4] quit [PE1-bgp] quit # Configure PE 2. [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0 [PE2-bgp] address-family vpnv4 [PE2-bgp-vpnv4] peer 1.1.1.
Configuring a hub-spoke network Network requirements The Spoke-CEs cannot communicate directly. They can communicate only through Hub-CE. Configure EBGP between the Spoke-CEs and Spoke-PEs and between Hub-CE and Hub-PE to exchange VPN routing information. Configure OSPF between the Spoke-PEs and Hub-PE to implement communication between the PEs, and configure MP-IBGP between them to exchange VPN routing information.
[Spoke-PE1] ospf [Spoke-PE1-ospf-1] area 0 [Spoke-PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [Spoke-PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [Spoke-PE1-ospf-1-area-0.0.0.0] quit [Spoke-PE1-ospf-1] quit # Configure Spoke-PE 2. system-view [Spoke-PE2] interface loopback 0 [Spoke-PE2-LoopBack0] ip address 3.3.3.9 32 [Spoke-PE2-LoopBack0] quit [Spoke-PE2] interface vlan-interface 5 [Spoke-PE2-Vlan-interface5] ip address 172.2.1.
[Spoke-PE1] interface vlan-interface 4 [Spoke-PE1-Vlan-interface4] mpls enable [Spoke-PE1-Vlan-interface4] mpls ldp enable [Spoke-PE1-Vlan-interface4] quit # Configure Spoke-PE 2. [Spoke-PE2] mpls lsr-id 3.3.3.9 [Spoke-PE2] mpls ldp [Spoke-PE2-ldp] quit [Spoke-PE2] interface vlan-interface 5 [Spoke-PE2-Vlan-interface5] mpls enable [Spoke-PE2-Vlan-interface5] mpls ldp enable [Spoke-PE2-Vlan-interface5] quit # Configure Hub-PE. [Hub-PE] mpls lsr-id 2.2.2.
[Spoke-PE2-Vlan-interface3] ip address 10.2.1.2 24 [Spoke-PE2-Vlan-interface3] quit # Configure Hub-PE.
[Spoke-CE1-bgp-ipv4] import-route direct [Spoke-CE1-bgp-ipv4] quit [Spoke-CE1-bgp] quit # Configure Spoke-CE 2. system-view [Spoke-CE2] bgp 65420 [Spoke-CE2-bgp] peer 10.2.1.2 as-number 100 [Spoke-CE2-bgp] address-family ipv4 [Spoke-CE2-bgp-ipv4] peer 10.2.1.2 enable [Spoke-CE2-bgp-ipv4] import-route direct [Spoke-CE2-bgp-ipv4] quit [Spoke-CE2-bgp] quit # Configure Hub-CE. system-view [Hub-CE] bgp 65430 [Hub-CE-bgp] peer 10.3.1.2 as-number 100 [Hub-CE-bgp] peer 10.4.1.
[Hub-PE-bgp-vpn1-in] address-family ipv4 [Hub-PE-bgp-ipv4-vpn1-in] peer 10.3.1.1 enable [Hub-PE-bgp-ipv4-vpn1-in] import-route direct [Hub-PE-bgp-ipv4-vpn1-in] quit [Hub-PE-bgp-vpn1-in] quit [Hub-PE-bgp] ip vpn-instance vpn1-out [Hub-PE-bgp-vpn1-out] peer 10.4.1.1 as-number 65430 [Hub-PE-bgp-vpn1-out] address-family ipv4 [Hub-PE-bgp-ipv4-vpn1-out] peer 10.4.1.
Verifying the configuration # Execute the display ip routing-table vpn-instance command on the PEs to display the routes to the CEs. The next hop of the route from a Spoke-PE to its connected Spoke-CE is Hub-PE. Take Spoke-PE 1 as an example: [Spoke-PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost NextHop Interface 10.0.0.0/24 BGP 255 0 2.2.2.9 NULL0 10.1.1.0/24 Direct 0 0 10.1.1.2 Vlan2 10.1.1.
Figure 49 Network diagram MPLS backbone Loop0 MPLS backbone Loop0 AS 100 AS 200 Vlan-int12 Vlan-int11 Loop0 Vlan-int12 Vlan-int11 ASBR-PE 2 ASBR-PE 1 Vlan-int11 Loop0 Vlan-int11 PE 2 PE 1 Vlan-int12 Vlan-int12 Vlan-int12 Vlan-int12 CE 1 CE 2 AS 65001 Device AS 65002 Interface IP address CE 1 Vlan-int12 10.1.1.1/24 PE 1 Loop0 1.1.1.9/32 Vlan-int12 10.1.1.2/24 Vlan-int11 172.1.1.2/24 Loop0 2.2.2.
[ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls ldp [ASBR-PE1-ldp] quit [ASBR-PE1] interface vlan-interface 11 [ASBR-PE1-Vlan-interface11] mpls enable [ASBR-PE1-Vlan-interface11] mpls ldp enable [ASBR-PE1-Vlan-interface11] quit # Configure basic MPLS on ASBR-PE 2, and enable MPLS LDP on the interface connected to PE 2. system-view [ASBR-PE2] mpls lsr-id 3.3.3.
[CE2-Vlan-interface12] ip address 10.2.1.1 24 [CE2-Vlan-interface12] quit # Configure PE 2. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance] route-distinguisher 200:2 [PE2-vpn-instance] vpn-target 200:1 both [PE2-vpn-instance] quit [PE2] interface vlan-interface 12 [PE2-Vlan-interface12] ip binding vpn-instance vpn1 [PE2-Vlan-interface12] ip address 10.2.1.2 24 [PE2-Vlan-interface12] quit # On ASBR-PE 1, create a VPN instance, and bind the instance to the interface connected to ASBR-PE 2.
[PE1-bgp-ipv4-vpn1] peer 10.1.1.1 enable [PE1-bgp-ipv4-vpn1] import-route direct [PE1-bgp-ipv4-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 2. [CE2] bgp 65002 [CE2-bgp] peer 10.2.1.2 as-number 200 [CE2-bgp] address-family ipv4 unicast [CE2-bgp-ipv4] peer 10.2.1.2 enable [CE2-bgp-ipv4] import-route direct [CE2-bgp-ipv4] quit [CE2-bgp] quit # Configure PE 2. [PE2] bgp 200 [PE2-bgp] ip vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.2.1.
[ASBR-PE1-bgp-vpnv4] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ip vpn-instance vpn1 [ASBR-PE2-bgp-vpn1] peer 192.1.1.1 as-number 100 [ASBR-PE2-bgp-vpn1] address-family ipv4 unicast [ASBR-PE2-bgp-ipv4-vpn1] peer 192.1.1.1 enable [ASBR-PE2-bgp-ipv4-vpn1] quit [ASBR-PE2-bgp-vpn1] quit [ASBR-PE2-bgp] peer 4.4.4.9 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [ASBR-PE2-bgp] address-family vpnv4 [ASBR-PE2-bgp-vpnv4] peer 4.4.4.
Figure 50 Network diagram MPLS backbone Loop0 MPLS backbone Loop0 AS 100 AS 600 Vlan-int12 Vlan-int12 Vlan-int11 Vlan-int11 ASBR-PE 2 ASBR-PE 1 Loop0 Vlan-int11 Loop0 Vlan-int11 PE 2 PE 1 Vlan-int12 Vlan-int12 Site 1 Site 2 CE 1 CE 2 AS 65001 Device Interface PE 1 ASBR-PE 1 AS 65002 IP address Device Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 Vlan-int12 30.0.0.1/8 Vlan-int12 20.0.0.1/8 Vlan-int11 1.1.1.2/8 Vlan-int11 9.1.1.2/8 ASBR-PE 2 Interface IP address Loop0 3.
[PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1, and configure the RD and route target attributes. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Bind the interface connected with CE 1 to the created VPN instance.
# Configure interface VLAN-interface 12, and enable MPLS on it. [ASBR-PE1] interface vlan-interface 12 [ASBR-PE1-Vlan-interface12] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Vlan-interface12] mpls enable [ASBR-PE1-Vlan-interface12] quit # Configure interface Loopback 0, and enable IS-IS on it. [ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.3.3.9 32 [ASBR-PE1-LoopBack0] isis enable 1 [ASBR-PE1-LoopBack0] quit # Enable BGP on ASBR-PE 1. [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 2.2.2.
[ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit # Enable BGP on ASBR-PE 2. [ASBR-PE2] bgp 600 [ASBR-PE2-bgp] peer 11.0.0.2 as-number 100 [ASBR-PE2-bgp] peer 11.0.0.2 connect-interface vlan-interface 12 [ASBR-PE2-bgp] peer 5.5.5.9 as-number 600 [ASBR-PE2-bgp] peer 5.5.5.9 connect-interface loopback 0 # Disable route target based filtering of received VPNv4 routes.
# Bind the interface connected with CE 2 to the created VPN instance. [PE2] interface Vlan-interface12 [PE2-Vlan-interface12] ip binding vpn-instance vpn1 [PE2-Vlan-interface12] ip address 20.0.0.1 8 [PE2-Vlan-interface12] quit # Enable BGP on PE 2. [PE2] bgp 600 # Configure IBGP peer 4.4.4.9 as a VPNv4 peer. [PE2-bgp] peer 4.4.4.9 as-number 600 [PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE2-bgp] address-family vpnv4 [PE2-bgp-vpnv4] peer 4.4.4.
Figure 51 Network diagram Loop0 MPLS backbone Loop0 MPLS backbone AS 600 AS 100 Vlan-int12 Vlan-int12 Vlan-int11 Vlan-int11 ASBR-PE 1 Loop0 Vlan-int11 PE 1 ASBR-PE 2 Vlan-int11 Site 2 Site 1 Loop0 Vlan-int12 PE 2 Vlan-int12 MP-EBGP Vlan-int12 Vlan-int12 Site 1 Site 2 CE 1 CE 2 Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 ASBR-PE 1 CE 1 Vlan-int11 1.1.1.2/8 Vlan-int11 9.1.1.2/8 Vlan-int12 30.0.0.
# Configure the LSR ID, and enable MPLS and LDP. [PE1] mpls lsr-id 2.2.2.9 [PE1] mpls ldp [PE1-ldp] quit # Configure interface VLAN-interface 11, and enable IS-IS, MPLS, and LDP on the interface. [PE1] interface vlan-interface 11 [PE1-Vlan-interface11] ip address 1.1.1.2 255.0.0.0 [PE1-Vlan-interface11] isis enable 1 [PE1-Vlan-interface11] mpls enable [PE1-Vlan-interface11] mpls ldp enable [PE1-Vlan-interface11] quit # Configure interface Loopback 0, and enable IS-IS on it.
[PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 30.0.0.2 as-number 65001 [PE1-bgp-vpn1] address-family ipv4 unicast [PE1-bgp-ipv4-vpn1] peer 30.0.0.2 enable [PE1-bgp-ipv4-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit 3. Configure ASBR-PE 1: # Enable IS-IS on ASBR-PE 1. system-view [ASBR-PE1] isis 1 [ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00 [ASBR-PE1-isis-1] quit # Configure the LSR ID, and enable MPLS and LDP. [ASBR-PE1] mpls lsr-id 3.3.3.
[ASBR-PE1-bgp] address-family ipv4 unicast [ASBR-PE1-bgp-ipv4] peer 2.2.2.9 enable [ASBR-PE1-bgp-ipv4] peer 2.2.2.9 route-policy policy2 export # Enable the capability to advertise labeled routes to IBGP peer 2.2.2.9 and to receive labeled routes from the peer. [ASBR-PE1-bgp-ipv4] peer 2.2.2.9 label-route-capability # Redistribute routes from IS-IS process 1 to BGP. [ASBR-PE1-bgp-ipv4] import-route isis 1 [ASBR-PE1-bgp-ipv4] quit # Apply the routing policy policy1 to routes advertised to EBGP peer 11.0.
# Create routing policies. [ASBR-PE2] route-policy policy1 permit node 1 [ASBR-PE2-route-policy-policy1-1] apply mpls-label [ASBR-PE2-route-policy-policy1-1] quit [ASBR-PE2] route-policy policy2 permit node 1 [ASBR-PE2-route-policy-policy2-1] if-match mpls-label [ASBR-PE2-route-policy-policy2-1] apply mpls-label [ASBR-PE2-route-policy-policy2-1] quit # Enable BGP on ASBR-PE 2, and enable the capability to advertise labeled routes to IBGP peer 5.5.5.9 and to receive labeled routes from the peer.
[PE2-Vlan-interface11] mpls ldp enable [PE2-Vlan-interface11] quit # Configure interface Loopback 0, and enable IS-IS on it. [PE2] interface loopback 0 [PE2-LoopBack0] ip address 5.5.5.9 32 [PE2-LoopBack0] isis enable 1 [PE2-LoopBack0] quit # Create VPN instance vpn1, and configure the RD and route target attributes.
system-view [CE2] interface vlan-interface 12 [CE2-Vlan-interface12] ip address 20.0.0.2 24 [CE2-Vlan-interface12] quit # Configure 20.0.0.1 as an EBGP peer, and redistribute direct routes. [CE2] bgp 65002 [CE2-bgp] peer 20.0.0.1 as-number 600 [CE2-bgp] address-family ipv4 unicast [CE2-bgp-ipv4] peer 20.0.0.
Figure 52 Network diagram Device Interface IP address Device Interface IP address CE 3 Vlan-int11 100.1.1.1/24 CE 4 Vlan-int11 120.1.1.1/24 PE 3 Loop0 1.1.1.9/32 PE 4 Loop0 6.6.6.9/32 CE 1 PE 1 Vlan-int11 100.1.1.2/24 Vlan-int11 120.1.1.2/24 Vlan-int12 10.1.1.1/24 Vlan-int12 20.1.1.2/24 Loop0 2.2.2.9/32 Loop0 5.5.5.9/32 Vlan-int12 10.1.1.2/24 CE 2 Vlan-int11 21.1.1.2/24 Vlan-int11 11.1.1.1/24 Vlan-int12 20.1.1.1/24 Loop0 3.3.3.9/32 Loop0 4.4.4.
[PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip address 30.1.1.1 24 [PE1-Vlan-interface12] isis enable 1 [PE1-Vlan-interface12] mpls enable [PE1-Vlan-interface12] mpls ldp enable [PE1-Vlan-interface12] mpls ldp transport-address interface [PE1-Vlan-interface12] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] address-family vpnv4 [PE1-bgp-vpnv4] peer 4.4.4.
# Configure PE 3. system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 1.1.1.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 1.1.1.9 [PE3] mpls ldp [PE3-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0000.0001.00 [PE3-isis-2] quit [PE3] interface loopback 0 [PE3-LoopBack0] isis enable 2 [PE3-LoopBack0] quit [PE3] interface vlan-interface 12 [PE3-Vlan-interface12] ip address 10.1.1.
# Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] mpls ldp [PE1-ldp] vpn-instance vpn1 [PE1-ldp-vpn-instance-vpn1] quit [PE1-ldp] quit [PE1] isis 2 vpn-instance vpn1 [PE1-isis-2] network-entity 10.0000.0000.0000.0003.00 [PE1-isis-2] import-route bgp [PE1-isis-2] quit [PE1] interface vlan-interface11 [PE1-Vlan-interface11] ip binding vpn-instance vpn1 [PE1-Vlan-interface11] ip address 11.1.
[CE3-bgp] address-family ipv4 unicast [CE3-bgp-ipv4] peer 100.1.1.2 enable [CE3-bgp-ipv4] import-route direct [CE3-bgp-ipv4] quit [CE3-bgp] quit # Configure PE 3. [PE3] ip vpn-instance vpn1 [PE3-vpn-instance-vpn1] route-distinguisher 100:1 [PE3-vpn-instance-vpn1] vpn-target 1:1 [PE3-vpn-instance-vpn1] quit [PE3] interface Vlan-interface11 [PE3-Vlan-interface11] ip binding vpn-instance vpn1 [PE3-Vlan-interface11] ip address 100.1.1.
30.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 30.1.1.2/32 Direct 0 0 30.1.1.2 Vlan12 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 # Execute the display ip routing-table vpn-instance command on PE 1 and PE 2. The output shows that the internal routes of the customer carrier network are present in the VPN routing tables, but the VPN routes that the customer carrier maintains are not.
Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Cost NextHop Interface 1.1.1.9/32 Direct 0 Pre 0 127.0.0.1 InLoop0 2.2.2.9/32 ISIS 15 10 10.1.1.2 Vlan12 5.5.5.9/32 ISIS 15 84 10.1.1.2 Vlan12 6.6.6.9/32 ISIS 15 84 10.1.1.2 Vlan12 10.1.1.0/24 Direct 0 0 10.1.1.1 Vlan12 10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 10.1.1.2/32 Direct 0 0 10.1.1.2 Vlan12 11.1.1.0/24 ISIS 15 20 10.1.1.2 Vlan12 20.1.1.0/24 ISIS 15 84 10.1.1.
To implement exchange of sub-VPN routes between customer PEs and service provider PEs, MP-EBGP peers must be established between service provider PEs and customer CEs. • Figure 53 Network diagram Device Interface IP address Device Interface IP address CE 1 Loop0 2.2.2.9/32 CE 2 Loop0 5.5.5.9/32 Vlan-int2 10.1.1.2/24 Vlan-int1 21.1.1.2/24 Vlan-int1 11.1.1.1/24 Vlan-int2 20.1.1.1/24 Vlan-int1 100.1.1.1/24 CE 4 Vlan-int1 120.1.1.1/24 CE 5 Vlan-int3 110.1.1.
[PE1-isis-1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface vlan-interface 2 [PE1-Vlan-interface2] ip address 30.1.1.1 24 [PE1-Vlan-interface2] isis enable 1 [PE1-Vlan-interface2] mpls enable [PE1-Vlan-interface2] mpls ldp enable [PE1-Vlan-interface2] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] address-family vpnv4 [PE1-bgp-vpnv4] peer 4.4.4.
# Configure PE 3. system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 1.1.1.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 1.1.1.9 [PE3] mpls ldp [PE3-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0000.0001.00 [PE3-isis-2] quit [PE3] interface loopback 0 [PE3-LoopBack0] isis enable 2 [PE3-LoopBack0] quit [PE3-Vlan-interface2] ip address 10.1.1.
[PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] interface vlan-interface1 [PE1-Vlan-interface1] ip binding vpn-instance vpn1 [PE1-Vlan-interface1] ip address 11.1.1.2 24 [PE1-Vlan-interface1] mpls enable [PE1-Vlan-interface1] quit [PE1] bgp 100 [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 11.1.1.1 as-number 200 [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 1. [CE1] interface vlan-interface 1 [CE1-Vlan-interface1] ip address 11.1.1.
# Configure PE 3. [PE3] ip vpn-instance SUB_VPN1 [PE3-vpn-instance-SUB_VPN1] route-distinguisher 100:1 [PE3-vpn-instance-SUB_VPN1] vpn-target 2:1 [PE3-vpn-instance-SUB_VPN1] quit [PE3] interface vlan-interface 1 [PE3-Vlan-interface1] ip binding vpn-instance SUB_VPN1 [PE3-Vlan-interface1] ip address 100.1.1.
# Enable CE 1 to exchange VPNv4 routes with PE 1. [CE1] bgp 200 [CE1-bgp] address-family vpnv4 [CE1-bgp-vpnv4] peer 11.1.1.2 enable # Allow the local AS number to appear in the AS-PATH attribute of the routes received. [CE1-bgp-vpnv4] peer 11.1.1.2 allow-as-loop 2 # Disable route target based filtering of received VPNv4 routes. [CE1-bgp-vpnv4] undo policy vpn-target [CE1-bgp-vpnv4] quit [CE1-bgp] quit # Configure PE 2 and CE 2 in the same way that PE 1 and CE 1 are configured. (Details not shown.) 6.
30.1.1.0/24 Direct 0 0 30.1.1.1 Vlan2 30.1.1.0/32 Direct 0 0 30.1.1.1 Vlan2 30.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 30.1.1.255/32 Direct 0 0 30.1.1.1 Vlan2 30.1.1.2/32 Direct 0 0 30.1.1.2 Vlan2 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0 255.255.255.
Total number of routes: 1 Network NextHop * > 100.1.1.0/24 1.1.1.9 MED LocPrf PrefVal Path/Ogn 0 200 65410? Route Distinguisher: 101:1 Total number of routes: 1 Network NextHop * > 110.1.1.0/24 1.1.1.9 MED LocPrf PrefVal Path/Ogn 0 200 65411? Route Distinguisher: 200:1 Total number of routes: 1 Network NextHop * > 120.1.1.0/24 11.1.1.2 MED LocPrf PrefVal Path/Ogn 0 100 200 65420? Route Distinguisher: 201:1 Total number of routes: 1 Network NextHop * > 130.1.1.0/24 11.1.1.
# Execute the display ip routing-table command on CE 3 and CE 4. The output shows that the routing tables contain routes of remote sub-VPNs. Take CE 3 as an example: [CE3] display ip routing-table Destinations : 13 Routes : 13 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 Pre 0 127.0.0.1 InLoop0 100.1.1.0/24 Direct 0 0 100.1.1.1 Vlan1 100.1.1.0/32 Direct 0 0 100.1.1.1 Vlan1 100.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 100.1.1.255/32 Direct 0 0 100.1.1.
Configuring HoVPN Network requirements There are two levels of networks, the backbone and the MPLS VPN networks, as shown in Figure 54. • SPEs act as PEs to allow MPLS VPNs to access the backbone. • UPEs act as PEs of the MPLS VPNs to allow end users to access the VPNs. • Performance requirements for the UPEs are lower than those for the SPEs.
[UPE1-ldp] quit [UPE1] interface vlan-interface 11 [UPE1-Vlan-interface11] ip address 172.1.1.1 24 [UPE1-Vlan-interface11] mpls enable [UPE1-Vlan-interface11] mpls ldp enable [UPE1-Vlan-interface11] quit # Configure the IGP protocol (OSPF, in this example). [UPE1] ospf [UPE1-ospf-1] area 0 [UPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [UPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [UPE1-ospf-1-area-0.0.0.
[UPE1-bgp-vpn2] peer 10.4.1.1 as-number 65420 [UPE1-bgp-vpn2] address-family ipv4 unicast [UPE1-bgp-ipv4-vpn2] peer 10.4.1.1 enable [UPE1-bgp-ipv4-vpn2] import-route direct [UPE1-bgp-ipv4-vpn2] quit [UPE1-bgp-vpn2] quit [UPE1-bgp] quit 2. Configure CE 1. system-view [CE1] interface vlan-interface 12 [CE1-Vlan-interface12] ip address 10.2.1.1 255.255.255.0 [CE1-Vlan-interface12] quit [CE1] bgp 65410 [CE1-bgp] peer 10.2.1.2 as-number 100 [CE1-bgp] address-family ipv4 unicast [CE1-bgp-ipv4] peer 10.2.
[UPE2-ospf-1] area 0 [UPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [UPE2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [UPE2-ospf-1-area-0.0.0.0] quit [UPE2-ospf-1] quit # Configure VPN instances vpn1 and vpn2, allowing CE 3 and CE 4 to access UPE 2.
system-view [CE3] interface vlan-interface 12 [CE3-Vlan-interface12] ip address 10.1.1.1 255.255.255.0 [CE3-Vlan-interface12] quit [CE3] bgp 65430 [CE3-bgp] peer 10.1.1.2 as-number 100 [CE3-bgp] address-family ipv4 unicast [CE3-bgp-ipv4] peer 10.1.1.2 enable [CE3-bgp-ipv4] import-route direct [CE3-bgp-ipv4] quit [CE3-bgp] quit 6. Configure CE 4. system-view [CE4] interface vlan-interface 13 [CE4-Vlan-interface13] ip address 10.3.1.1 255.255.255.
[SPE1-ospf-1-area-0.0.0.0] quit [SPE1-ospf-1] quit # Configure VPN instances vpn1 and vpn2. [SPE1] ip vpn-instance vpn1 [SPE1-vpn-instance-vpn1] route-distinguisher 500:1 [SPE1-vpn-instance-vpn1] vpn-target 100:1 both [SPE1-vpn-instance-vpn1] quit [SPE1] ip vpn-instance vpn2 [SPE1-vpn-instance-vpn2] route-distinguisher 700:1 [SPE1-vpn-instance-vpn2] vpn-target 100:2 both [SPE1-vpn-instance-vpn2] quit # Establish an MP-IBGP peer relationship with UPE 1, and redistribute VPN routes.
[SPE2-Vlan-interface12] mpls enable [SPE2-Vlan-interface12] mpls ldp enable [SPE2-Vlan-interface12] quit [SPE2] interface vlan-interface 11 [SPE2-Vlan-interface11] ip address 172.2.1.2 24 [SPE2-Vlan-interface11] mpls enable [SPE2-Vlan-interface11] mpls ldp enable [SPE2-Vlan-interface11] quit # Configure the IGP protocol (OSPF, in this example). [SPE2] ospf [SPE2-ospf-1] area 0 [SPE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [SPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [SPE2-ospf-1-area-0.0.0.
[SPE2-bgp] address-family vpnv4 [SPE2-bgp-vpnv4] peer 4.4.4.9 upe route-policy hope export Verifying the configuration # Verify that CE 1 and CE3 can learn each other's interface routes and can ping each other. Verify that CE 2 and CE 4 cannot learn each other's interface routes and cannot ping each other. (Details not shown.) Configuring OSPF sham links Network requirements As shown in Figure 55: • CE 1 and CE 2 belong to VPN 1 and are connected to PE 1 and PE 2, respectively.
2. Configure MPLS L3VPN on the backbone: # Configure basic MPLS and MPLS LDP on PE 1 to establish LDP LSPs. system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls ldp [PE1-ldp] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip address 10.1.1.1 24 [PE1-Vlan-interface12] mpls enable [PE1-Vlan-interface12] mpls ldp enable [PE1-Vlan-interface12] quit # Configure PE 1 to take PE 2 as an MP-IBGP peer.
[PE2-bgp-vpnv4] peer 1.1.1.9 enable [PE2-bgp-vpnv4] quit [PE2-bgp] quit # Configure OSPF on PE 2. [PE2]ospf 1 [PE2-ospf-1]area 0 [PE2-ospf-1-area-0.0.0.0]network 2.2.2.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0]quit [PE2-ospf-1]quit 3. Configure PEs to allow CE access: # Configure PE 1.
[PE2-ospf-100] quit [PE2] bgp 100 [PE2-bgp] ip vpn-instance vpn1 [PE2-bgp-vpn1] address-family ipv4 unicast [PE2-bgp-ipv4-vpn1] import-route ospf 100 [PE2-bgp-ipv4-vpn1] import-route direct [PE2-bgp-ipv4-vpn1] quit [PE2-bgp-vpn1] quit [PE2-bgp] quit # Execute the display ip routing-table vpn-instance command on the PEs to verify that the path to the peer CE is along the OSPF route across the customer networks, instead of the BGP route across the backbone. 4. Configure a sham link: # Configure PE 1.
Area 0.0.0.1 Neighbor ID Source IP 120.1.1.2 3.3.3.3 Destination IP 5.5.5.5 State Cost P-2-P 10 # Execute the display ospf sham-link area command. The output shows that the peer state is Full: [PE1] display ospf sham-link area 1 OSPF Process 100 with Router ID 100.1.1.2 Sham-Link: 3.3.3.3 --> 5.5.5.5 Neighbor ID: 120.1.1.2 State: Full Area: 0.0.0.
Configuration procedure 1. Configuring basic MPLS L3VPN: { Configure OSPF on the MPLS backbone to allow the PEs and P device to learn the routes of the loopback interfaces from each other. { Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs. { Establish MP-IBGP peer relationship between the PEs to advertise VPNv4 routes. { Configure the VPN instance of VPN 1 on PE 2 to allow CE 2 to access the network.
10.2.1.0/24 Direct 0 0 10.2.1.2 Vlan12 10.2.1.0/32 Direct 0 0 10.2.1.2 Vlan12 10.2.1.2/32 Direct 0 0 127.0.0.1 InLoop0 10.2.1.255/32 Direct 0 0 10.2.1.2 Vlan12 100.1.1.0/24 BGP 0 1.1.1.9 Vlan11 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 200.1.1.0/24 BGP 0 10.2.1.1 Vlan12 224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0 224.0.0.
[PE2-bgp-vpn1] quit [PE2-bgp] quit Verifying the configuration # The output shows that among the routes advertised by PE 2 to CE 2, the AS_PATH of 100.1.1.0/24 has changed from 100 600 to 100 100. *Jun 13 16:15:59:456 2012 PE2 BGP/7/DEBUG: -MDC=1; BGP.vpn1: Send UPDATE to peer 10.2.1.1 for following destinations: Origin : Incomplete AS Path : 100 100 Next Hop : 10.2.1.2 100.1.1.0/24, # Display again the routing information that CE 2 has received and the routing table.
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 # After you also configure BGP AS substitution on PE 1, the VLAN interfaces of CE 1 and CE 2 can ping each other.
Configuring IPv6 MPLS L3VPN Overview IPv6 MPLS L3VPN uses BGP to advertise IPv6 VPN routes and uses MPLS to forward IPv6 VPN packets on the service provider backbone. Figure 57 shows a typical IPv6 MPLS L3VPN model. The service provider backbone in the IPv6 MPLS L3VPN model is an IPv4 network. IPv6 runs inside the VPNs and between CE and PE. Therefore, PEs must support both IPv4 and IPv6. The PE-CE interfaces of a PE run IPv6, and the PE-P interface of a PE runs IPv4.
As shown in Figure 58, the IPv6 MPLS L3VPN packet forwarding procedure is as follows: 1. The PC at Site 1 sends an IPv6 packet destined for 2001:2::1, the PC at Site 2. CE 1 transmits the packet to PE 1. 2. Based on the inbound interface and destination address of the packet, PE 1 finds a matching entry from the routing table of the VPN instance, labels the packet with both a private network label (inner label) and a public network label (outer label), and forwards the packet out. 3.
To deploy special IPv6 MPLS L3VPN networks, such as inter-AS VPN, you must also perform specific configurations in addition to the basic IPv6 MPLS L3VPN configuration. For details, see the related sections. Tasks at a glance Configuring basic IPv6 MPLS L3VPN Configuring inter-AS IPv6 VPN Configuring basic IPv6 MPLS L3VPN The key task in IPv6 MPLS L3VPN configuration is to manage the advertisement of IPv6 VPN routes on the MPLS backbone, including management of PE-CE route exchange and PE-PE route exchange.
Step Command Remarks 1. Enter system view. system-view N/A 2. Create a VPN instance and enter VPN instance view. ip vpn-instance vpn-instance-name By default, no VPN instance is created. 3. Configure an RD for the VPN instance. route-distinguisher route-distinguisher By default, no RD is specified. 4. 5. By default, no description is configured for a VPN instance. (Optional.) Configure a description for the VPN instance. description text (Optional.) Configure an ID for the VPN instance.
Step 1. 2. Enter system view. Enter VPN instance view or IPv6 VPN view. Command Remarks system-view N/A • Enter VPN instance view: Configurations made in VPN instance view apply to both IPv4 VPN and IPv6 VPN. ip vpn-instance vpn-instance-name • Enter IPv6 VPN view: address-family ipv6 3. 4. Configure route targets. Set the maximum number of active routes allowed.
Configuring routing between a PE and a CE You can configure IPv6 static routing, RIPng, OSPFv3, IPv6 IS-IS, EBGP, or IBGP between a PE and a CE. Configuring IPv6 static routing between a PE and a CE Step 1. 2. Enter system view. Configure an IPv6 static route for a VPN instance.
Step Command Remarks Perform this configuration on the PE. On the CE, create a common OSPF process. Create an OSPFv3 process for a VPN instance and enter OSPFv3 view. ospfv3 [ process-id ] vpn-instance vpn-instance-name 3. Set the router ID. router-id router-id N/A 4. Return to system view. quit N/A 5. Enter interface view. interface interface-type interface-number N/A 2. Enable OSPFv3 on the interface. 6. Deleting a VPN instance also deletes all related OSPFv3 processes.
Step Command Remarks 3. Enter BGP-VPN instance view. ip vpn-instance vpn-instance-name N/A 4. Configure the CE as the VPN EBGP peer. peer { group-name | ipv6-address } as-number as-number By default, no BGP peer is configured. Create and enter BGP-VPN IPv6 unicast address family view. address-family ipv6 [ unicast ] Configuration commands in BGP-VPN IPv6 unicast address family view are the same as those in BGP IPv6 unicast address family view.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Enter BGP-VPN instance view. ip vpn-instance vpn-instance-name Configuration commands in BGP-VPN instance view are the same as those in BGP view. For details, see Layer 3—IP Routing Configuration Guide. 4. Configure the CE as the VPN IBGP peer. peer { group-name | ipv6-address } as-number as-number By default, no BGP peer is created. 5. Create and enter BGP VPN IPv6 unicast family view.
Step Command Remarks 4. Create and enter BGP IPv6 unicast family view. address-family ipv6 [ unicast ] N/A 5. Enable IPv6 unicast route exchange with the specified peer or peer group. peer { group-name | ipv6-address } enable By default, BGP does not exchange IPv6 unicast routes with any peer. 6. (Optional.) Configure route redistribution.
Step Command Remarks 5. (Optional.) Configure filtering of received routes. filter-policy { acl6-number | prefix-list ipv6-prefix-name } import By default, the PE does not filter received routes. 6. Configure ACL-based route filtering for the specified peer or peer group. peer { group-name | ip-address } filter-policy acl6-number { export | import } By default, no ACL-based route filtering is configured. 7. Configure IPv6 prefix list-based route filtering for the specified peer or peer group.
There are three inter-AS VPN solutions (for more information, see "Configuring MPLS L3VPN"). IPv6 MPLS L3VPN supports only inter-AS VPN option A and option C. Before configuring inter-AS IPv6 VPN, complete these tasks: • Configure an IGP for the MPLS backbone in each AS to ensure IP connectivity. • Configure basic MPLS for the MPLS backbone of each AS. • Configure MPLS LDP for the MPLS backbones so that LDP LSPs can be established.
Step Command Remarks 6. Enable the PE to exchange labeled routes with the ASBR-PE in the same AS. peer { group-name | ip-address } label-route-capability By default, the PE does not advertise labeled routes to any IPv4 peer/peer group. 7. Return to BGP view. quit N/A 8. Configure the PE of another AS as the EBGP peer. peer { group-name | ip-address } as-number as-number N/A 9. Enter BGP-VPNv6 address family view.
Task Command Remarks Display the IPv6 routing table for a VPN instance. For more information about this command, see Layer 3—IP Routing Command Reference. display ipv6 routing-table vpn-instance vpn-instance-name [ verbose ] Available in any view. Display information about a VPN instance or all VPN instances. display ip vpn-instance [ instance-name vpn-instance-name ] Available in any view. Display FIB entries that match the specified destination IP address in the specified VPN instance.
IPv6 MPLS L3VPN configuration examples Configuring IPv6 MPLS L3VPNs Network requirements CE 1 and CE 3 belong to VPN 1. CE 2 and CE 4 belong to VPN 2. VPN 1 uses route target attributes 111:1. VPN 2 uses route target attributes 222:2. Users of different VPNs cannot access each other. Run EBGP between CE and PE switches to exchange VPN routing information. PEs use OSPF to communicate with each other and use MP-IBGP to exchange VPN routing information.
[PE1-LoopBack0] quit [PE1] interface vlan-interface 13 [PE1-Vlan-interface13] ip address 172.1.1.1 24 [PE1- Vlan-interface13] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure the P switch.
system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface vlan-interface 13 [P-Vlan-interface13] ip address 172.1.1.
Summary Count : 5 OSPF Routing table Status : Summary Count : 3 Destination/Mask Proto Pre Cost NextHop Interface 2.2.2.9/32 OSPF 10 1 172.1.1.2 Vlan13 3.3.3.9/32 OSPF 10 2 172.1.1.2 Vlan13 172.2.1.0/24 OSPF 10 2 172.1.1.2 Vlan13 OSPF Routing table Status : Summary Count : 2 Destination/Mask Proto Pre Cost NextHop Interface 1.1.1.9/32 OSPF 10 0 1.1.1.9 Loop0 172.1.1.0/24 OSPF 10 1 172.1.1.
[P-Vlan-interface12] mpls enable [P-Vlan0interface12] mpls ldp enable [P-Vlan-interface12] quit # Configure PE 2. [PE2] mpls lsr-id 3.3.3.9 [PE2] mpls ldp [PE2-ldp] quit [PE2] interface vlan-interface 12 [PE2-Vlan-interface12] mpls enable [PE2-Vlan-interface12] mpls ldp enable [PE2-Vlan-interface12] quit # Execute the display mpls ldp peer command to verify that LDP sessions in Operational state have been established between PE 1, P, and PE 2.
# Configure PE 2.
[CE1-bgp] quit # Configure the other three CEs (CE 2 through CE 4) in the same way that CE 1 is configured. (Details not shown.) # Configure PE 1.
Destinations : 6 Routes : 6 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2001:1::/96 Protocol : Direct NextHop : :: Preference: 0 Interface : Vlan11 Cost : 0 Destination: 2001:1::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2001:3::/96 Protocol : BGP4+ NextHop : ::FFFF:3.3.3.
Interface : NULL0 Cost : 0 Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 # CEs of the same VPN can ping each other, and CEs of different VPNs cannot ping each other. For example, CE 1 can ping CE 3 (2001:3::1), but cannot ping CE 4 (2001:4::1): Configuring IPv6 MPLS L3VPN inter-AS option A Network requirements CE 1 and CE 2 belong to the same VPN.
# Execute the display ospf peer command to verify that OSPF adjacencies in Full state have been established between each ASBR-PE and the PE in the same AS, and that PE and ASBR-PE routers in the same AS have learned the routes to the loopback interfaces of each other. Each ASBR-PE and the PE in the same AS can ping each other. 2. Configure basic MPLS and enable MPLS LDP on each MPLS backbone to establish LDP LSPs: # Configure basic MPLS on PE 1, and enable MPLS LDP for the interface connected to ASBR-PE 1.
# Configure CE 1. system-view [CE1] interface vlan-interface 12 [CE1-Vlan-interface12] ipv6 address 2001:1::1 96 [CE1-Vlan-interface12] quit # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip binding vpn-instance vpn1 [PE1-Vlan-interface12] ipv6 address 2001:1::2 96 [PE1-Vlan-interface12] quit # Configure CE 2.
[ASBR-PE2-Vlan-interface12] quit # Execute the display ip vpn-instance command to display the VPN instance configurations. Each PE can ping its attached CE, and ASBR-PE 1 and ASBR-PE 2 can ping each other. 4. Establish an EBGP peer relationship between PE and CE switches, and redistribute VPN routes into BGP: # Configure CE 1.
[PE1-bgp] address-family vpnv6 [PE1-bgp-vpnv6] peer 2.2.2.9 enable [PE1-bgp-vpnv6] quit [PE1-bgp] quit # Configure ASBR-PE 1. [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] ip vpn-instance vpn1 [ASBR-PE1-bgp-vpn1] peer 2002:1::2 as-number 200 [ASBR-PE1-bgp-vpn1] address-family ipv6 unicast [ASBR-PE1-bgp-ipv6-vpn1] peer 2002:1::2 enable [ASBR-PE1-bgp-ipv6-vpn1] quit [ASBR-PE1-bgp-vpn1] quit [ASBR-PE1-bgp] peer 1.1.1.9 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.
Configuring IPv6 MPLS L3VPN inter-AS option C Network requirements Site 1 and Site 2 belong to the same VPN. Site 1 accesses the network through PE 1 in AS 100, and Site 2 accesses the network through PE 2 in AS 600. PEs in the same AS run IS-IS. PE 1 and ASBR-PE 1 exchange labeled IPv4 routes by IBGP. PE 2 and ASBR-PE 2 exchange labeled IPv4 routes by IBGP. PE 1 and PE 2 use EBGP to exchange VPNv6 routes.
[CE1-bgp] peer 2001::1 as-number 100 [CE1-bgp] address-family ipv6 unicast [CE1-bgp-ipv6] peer 2001::1 enable [CE1-bgp-ipv6] import-route direct [CE1-bgp-ipv6] quit [CE1-bgp] quit 2. Configure PE 1: # Enable IS-IS on PE 1. system-view [PE1] isis 1 [PE1-isis-1] network-entity 10.111.111.111.111.00 [PE1-isis-1] quit # Configure an LSR ID, and enable MPLS and LDP. [PE1] mpls lsr-id 2.2.2.
[PE1-bgp-ipv4] peer 3.3.3.9 enable [PE1-bgp-ipv4] peer 3.3.3.9 label-route-capability [PE1-bgp-ipv4] quit # Configure the maximum hop count from PE 1 to EBGP peer 5.5.5.9 as 10. [PE1-bgp] peer 5.5.5.9 as-number 600 [PE1-bgp] peer 5.5.5.9 connect-interface loopback 0 [PE1-bgp] peer 5.5.5.9 ebgp-max-hop 10 # Configure peer 5.5.5.9 as a VPNv6 peer. [PE1-bgp] address-family vpnv6 [PE1-bgp-vpnv6] peer 5.5.5.
# Create routing policies. [ASBR-PE1] route-policy policy1 permit node 1 [ASBR-PE1-route-policy-policy1-1] apply mpls-label [ASBR-PE1-route-policy-policy1-1] quit [ASBR-PE1] route-policy policy2 permit node 1 [ASBR-PE1-route-policy-policy2-1] if-match mpls-label [ASBR-PE1-route-policy-policy2-1] apply mpls-label [ASBR-PE1-route-policy-policy2-1] quit # Enable BGP on ASBR-PE 1 and apply routing policy policy2 to routes advertised to IBGP peer 2.2.2.9 [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 2.2.2.
[ASBR-PE2-Vlan-interface11] mpls ldp enable [ASBR-PE2-Vlan-interface11] quit # Configure interface Loopback 0, and enable IS-IS on it. [ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit # Configure interface VLAN-interface 12, and enable MPLS on it. [ASBR-PE2] interface vlan-interface 12 [ASBR-PE2-Vlan-interface12] ip address 11.0.0.1 255.0.0.
[PE2] isis 1 [PE2-isis-1] network-entity 10.444.444.444.444.00 [PE2-isis-1] quit # Configure an LSR ID, and enable MPLS and LDP. [PE2] mpls lsr-id 5.5.5.9 [PE2] mpls ldp [PE2-ldp] quit # Configure interface VLAN-interface 11, and enable IS-IS, MPLS, and LDP on the interface. [PE2] interface vlan-interface 11 [PE2-Vlan-interface11] ip address 9.1.1.2 255.0.0.
[PE2-bgp-vpnv6] peer 2.2.2.9 enable [PE2-bgp-vpnv6] quit # Configure 2002::2 as an EBGP peer, and redistribute BGP routes to the routing table of vpn1. [PE2-bgp] ip vpn-instance vpn1 [PE2-bgp-vpn1] peer 2002::2 as-number 65002 [PE2-bgp-vpn1] address-family ipv6 unicast [PE2-bgp-ipv6-vpn1] peer 2002::2 enable [PE2-bgp-ipv6-vpn1] quit [PE2-bgp-vpn1] quit [PE2-bgp] quit 6. Configure CE 2: # Configure an IPv6 address for VLAN-interface 12.
Figure 62 Network diagram Loop0 Provider carrier Loop0 Vlan-int12 PE 1 PE 2 Vlan-int12 Vlan-int11 Vlan-int11 AS 100 Loop0 AS 100 Customer carrier Customer carrier Vlan-int11 Vlan-int12 Vlan-int11 CE 1 Vlan-int12 CE 2 Vlan-int12 Vlan-int12 PE 3 Vlan-int11 Vlan-int11 Loop0 Vlan-int11 PE 4 Loop0 MP-IBGP Vlan-int11 CE 4 AS 65420 CE 3 AS 65410 Configuration procedure 1. Configure MPLS L3VPN on the provider carrier backbone.
[PE1-bgp-vpnv4] quit [PE1-bgp] quit # Configure PE 2 in the same way that PE 1 is configured. (Details not shown.) # Execute the display mpls ldp peer command on PE 1 or PE 2 to verify that the LDP session has been established. # Execute the display bgp peer vpnv4 command to verify that a BGP peer relationship has been established and has reached the Established state. # Execute the display isis peer command to verify that an IS-IS neighbor relationship has been set up.
[PE3-LoopBack0] isis enable 2 [PE3-LoopBack0] quit [PE3] interface vlan-interface 12 [PE3-Vlan-interface12] ip address 10.1.1.1 24 [PE3-Vlan-interface12] isis enable 2 [PE3-Vlan-interface12] mpls enable [PE3-Vlan-interface12] mpls ldp enable [PE3-Vlan-interface12] mpls ldp transport-address interface [PE3-Vlan-interface12] quit # Configure CE 1. system-view [CE1] interface loopback 0 [CE1-LoopBack0] ip address 2.2.2.9 32 [CE1-LoopBack0] quit [CE1] mpls lsr-id 2.2.2.
[PE1] interface vlan-interface11 [PE1-Vlan-interface11] ip binding vpn-instance vpn1 [PE1-Vlan-interface11] ip address 11.1.1.
[PE3-Vlan-interface11] quit [PE3] bgp 100 [PE3-bgp] ip vpn-instance vpn1 [PE3-bgp-vpn1] peer 2001:1::1 as-number 65410 [PE3-bgp-vpn1] address-family ipv6 unicast [PE3-bgp-ipv6-vpn1] peer 2001:1::1 enable [PE3-bgp-ipv6-vpn1] import-route direct [PE3-bgp-ipv6-vpn1] quit [PE3-bgp-vpn1] quit [PE3-bgp] quit # Configure PE 4 and CE 4 in the same way that PE 3 and CE 3 are configured. (Details not shown.) 5.
5.5.5.9/32 BGP 255 0 4.4.4.9 NULL0 6.6.6.9/32 BGP 255 0 4.4.4.9 NULL0 10.1.1.0/24 ISIS 15 20 11.1.1.1 Vlan11 11.1.1.0/24 Direct 0 0 11.1.1.1 Vlan11 11.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 11.1.1.2/32 Direct 0 0 11.1.1.2 Vlan11 20.1.1.0/24 BGP 255 0 4.4.4.9 NULL0 21.1.1.0/24 BGP 255 0 4.4.4.9 NULL0 21.1.1.2/32 BGP 255 0 4.4.4.9 NULL0 # Execute the display ip routing-table command on CE 1 and CE 2.
Destination: 2001:2::/96 Protocol : BGP4+ NextHop : ::FFFF:606:609 Preference: 0 Interface : NULL0 Cost : 0 Destination: FE80::/10 Protocol NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost # Verify that PE 3 and PE 4 can ping each other. (Details not shown.) # Verify that CE 3 and CE 4 can ping each other. (Details not shown.
Configuring MPLS L2VPN MPLS L2VPN provides point-to-point and point-to-multipoint connections. This chapter describes only the MPLS L2VPN technologies that provide point-to-point connections. For information about the MPLS L2VPN technologies that provide point-to-multipoint connections, see "Configuring VPLS." Overview MPLS L2VPN is an implementation of Pseudo Wire Emulation Edge-to-Edge (PWE3). It offers Layer 2 VPN services over an MPLS or IP backbone.
label block is the sum of the LRs of all previously assigned label blocks. For example, if the LR and LO of the first label block is 10 and 0, the LO of the second label block is 10. If the LR of the second label block is 20, the LO of the third label block is 30. A label block whose LB, LO, and LR are 1000, 10, and 5 is represented as 1000/10/5.
a PW ID and a PW type to identify a PW. The PW ID is the ID of the PW between PEs. The PW type specifies the encapsulation type for data transmitted over the PW, such as ATM, FR, Ethernet, or VLAN. PEs advertise the PW label and PW ID FEC in label mapping messages to create a PW. Dynamic PWs have simple configurations but consume more resources than static PWs. To establish BGP PWs, BGP advertises label block information in an extended BGP update to PEs in the same VPN.
• The primary PW is deleted because the LDP session between PEs goes down, or the link detection mechanism detects that the primary PW has failed. • A manual PW switchover is performed. Multi-segment PW A multi-segment PW includes multiple concatenated static or LDP PWs. Creating two PWs for a cross-connect on a PE can concatenate the two PWs.
Figure 66 Intra-domain multi-segment PW MPLS or IP backbone PW 1 CE 1 PE 1 PE 2 Tunnel PE 3 Tunnel PW PW 2 PE 4 CE 2 Inter-domain multi-segment PW An inter-domain multi-segment PW has concatenated PWs in different ASs, and is a method for inter-AS option B networking. As shown in Figure 67, you can create an inter-domain multi-segment PW between PE 1 and PE 2 in different ASs by concatenating PW 1 and PW 2 on ASBR 1 and concatenating PW 2 and PW 3 on ASBR 2.
• MPLS L2VPN connection—To create an MPLS L2VPN connection, configure an AC, configure a PW in cross-connect view or auto-discovery cross-connect view, and bind the AC with the PW in cross-connect view or auto-discovery cross-connect view. • Multi-segment PW—To create a multi-segment PW, configure two PWs and bind the two PWs in cross-connect view. To configure MPLS L2VPN on a PE: Tasks at a glance Remarks (Required.) Enabling L2VPN N/A (Required.
Step 1. Enter system view. Command Remarks system-view N/A • Enter Layer 2 Ethernet interface 2. 3. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. Create a service instance and enter service instance view. view: interface interface-type interface-number • Enter Layer 2 aggregate interface N/A view: interface bridge-aggregation interface-number service-instance instance-id By default, no service instance is created.
Configuring a PW Configuring a PW class You can configure PW attributes such as the PW type and enable control word in a PW class. PWs with the same attributes can reference the same PW class. To configure a PW class: Step Command Remarks 1. Enter system view. system-view N/A 2. Create a PW class and enter PW class view. pw-class class-name By default, no PW class is created. 3. (Optional.) Enable control word. control-word enable By default, control word is disabled. 4. (Optional.
Step Command Remarks By default, no LDP PW is configured. Configure an LDP PW and enter cross-connect PW view. 4. peer ip-address pw-id pw-id [ pw-class class-name | tunnel-policy tunnel-policy-name ] * If the specified peer PE is not directly connected, the local PE automatically sends a targeted hello to create an LDP session to the peer PE and then exchanges the PW ID FEC and PW label mapping with the peer.
Step Command Remarks peer { group-name | ip-address } reflect-client By default, no route reflector or client is configured. 10. (Optional.) Enable L2VPN information reflection between clients. reflect between-clients By default, L2VPN information reflection is enabled between clients. 11. (Optional.) Configure the cluster ID of the route reflector. reflector cluster-id { cluster-id | ip-address } By default, a route reflector uses its own router ID as the cluster ID. 12. (Optional.
Step 9. Command Create a cross-connect and enter auto-discovery cross-connect view. 10. (Optional.) Reference a tunnel policy. Remarks By default, no cross-connect is created. connection remote-site-id remote-site-id tunnel-policy tunnel-policy-name After you execute this command, a PW to the specified remote site is created and is bound to the cross-connect. By default, no tunnel policy is referenced. Binding an AC to a cross-connect This task is mutually exclusive with Ethernet link aggregation.
Step Bind the service instance on the interface to the BGP cross-connect. 6. Command Remarks ac interface interface-type interface-number service-instance instance-id [ access-mode { ethernet | vlan } ] By default, no service instance is bound to the BGP cross-connect. Configuring PW redundancy This task includes the following configurations: • Create a backup PW for the primary PW.
Configure LDP PW redundancy Step Command Remarks 1. Enter system view. system-view N/A 2. Enter cross-connect group view. xconnect-group group-name N/A 3. Enter cross-connect view. connection connection-name N/A 4. (Optional.) Specify whether to switch traffic from the backup PW to the primary PW when the primary PW recovers, and specify the wait time for the switchover.
Task Command Display BGP L2VPN peer group information. display bgp group l2vpn [ group-name ] Display L2VPN label block information maintained by BGP. display bgp l2vpn signaling [ peer ip-address { advertised | received } [ statistics ] | route-distinguisher route-distinguisher [ site-id site-id [ label-offset label-offset [ advertise-info ] ] ] | statistics ] Display BGP L2VPN peer information.
[CE1] interface ten-gigabitethernet 1/0/1 [CE1-Ten-GigabitEthernet1/0/1] port link-type trunk [CE1-Ten-GigabitEthernet1/0/1] port trunk permit vlan 10 [CE1-Ten-GigabitEthernet1/0/1] quit 2. Configure PE 1: # Configure an LSR ID. system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.2.2.2 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 192.2.2.2 # Enable L2VPN. [PE1] l2vpn enable # Enable global LDP.
3. Configure the P device: # Configure an LSR ID.
system-view [P] interface loopback 0 [P-LoopBack0] ip address 192.4.4.4 32 [P-LoopBack0] quit [P] mpls lsr-id 192.4.4.4 # Enable global LDP. [P] mpls ldp [P-ldp] quit # Configure VLAN-interface 20 connected to PE 1 and enable LDP on the interface. [P] interface vlan-interface 20 [P-Vlan-interface20] ip address 10.1.1.
[PE2-Vlan-interface30] mpls ldp enable [PE2-Vlan-interface30] quit # Configure OSPF on PE 2 for LDP to create LSPs. [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 10.2.2.1 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 192.3.3.3 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit # Create service instance 10 on Ten-GigabitEthernet 1/0/1 to match packets that have an outer VLAN ID of 10.
Xconnect-group Name: vpna Peer PW ID In/Out Label Proto Flag 192.2.2.2 3 200/100 Static M Link ID State 0 Up # Verify that CE 1 and CE 2 can ping each other. (Details not shown.) Configuring an LDP PW Network requirements Create an LDP PW between PE 1 and PE 2 over the backbone so VLAN 10 on CE 1 can communicate with VLAN 10 on CE 2. Figure 69 Network diagram Device Interface PE 1 PE 2 IP address Device Interface IP address Loop0 192.2.2.2/32 P Loop0 192.4.4.4/32 Vlan-int20 10.1.
# Enable global LDP. [PE1] mpls ldp [PE1-ldp] quit # Configure VLAN-interface 20 connected to the P device and enable LDP on the interface. [PE1] interface vlan-interface 20 [PE1-Vlan-interface20] ip address 10.1.1.1 24 [PE1-Vlan-interface20] mpls enable [PE1-Vlan-interface20] mpls ldp enable [PE1-Vlan-interface20] quit # Configure OSPF on PE 1 for LDP to create LSPs. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 192.2.2.2 0.0.0.
[P-Vlan-interface20] mpls enable [P-Vlan-interface20] mpls ldp enable [P-Vlan-interface20] quit # Configure VLAN-interface 30 connected to PE 2 and enable LDP on the interface. [P] interface vlan-interface 30 [P-Vlan-interface30] ip address 10.2.2.2 24 [P-Vlan-interface30] mpls enable [P-Vlan-interface30] mpls ldp enable [P-Vlan-interface30] quit # Configure OSPF on the P device for LDP to create LSPs. [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255 [P-ospf-1-area-0.0.0.
[PE2-Ten-GigabitEthernet1/0/1-srv10] encapsulation s-vid 10 [PE2-Ten-GigabitEthernet1/0/1-srv10] quit [PE2-Ten-GigabitEthernet1/0/1] quit # Create a cross-connect group named vpna, create a cross-connect named ldp in the group, and bind service instance 10 on Ten-GigabitEthernet 1/0/1 to the cross-connect. [PE2] xconnect-group vpna [PE2-xcg-vpna] connection ldp [PE2-xcg-vpna-ldp] ac interface Ten-GigabitEthernet 1/0/1 service-instance 10 # Create an LDP PW for the cross-connect to bind the AC to the PW.
Figure 70 Network diagram Device Interface PE 1 PE 2 IP address Device Interface IP address Loop0 192.2.2.2/32 P Loop0 192.4.4.4/32 Vlan-int20 10.1.1.1/24 Vlan-int20 10.1.1.2/24 Loop0 192.3.3.3/32 Vlan-int30 10.2.2.2/24 Vlan-int30 10.2.2.1/24 Configuration procedure Before you perform the following configurations, configure VLANs and add ports to VLANs on switches. 1. Configure CE 1.
[PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 192.2.2.2 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Create an IBGP connection to PE 2 and enable BGP to advertise L2VPN information to PE 2. [PE1] bgp 100 [PE1-bgp] peer 192.3.3.3 as-number 100 [PE1-bgp] peer 192.3.3.3 connect-interface loopback 0 [PE1-bgp] address-family l2vpn [PE1-bgp-l2vpn] peer 192.3.3.
[P-Vlan-interface20] quit # Configure VLAN-interface 30 (the interface connected to PE 2), and enable LDP on the interface. [P] interface vlan-interface 30 [P-Vlan-interface30] ip address 10.2.2.2 24 [P-Vlan-interface30] mpls enable [P-Vlan-interface30] mpls ldp enable [P-Vlan-interface30] quit # Enable OSPF for LSP establishment. [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.
[PE2-bgp-l2vpn] quit [PE2-bgp] quit # Create service instance 10 on Ten-GigabitEthernet 1/0/1 to match packets that have an outer VLAN ID of 10.
Configuring LDP PW redundancy Network requirements Create two LDP PWs to implement PW redundancy between CE 1 and CE 2. The primary PW goes through PE 1—PE 2. The backup PW goes through PE 1—PE 3. When the primary PW fails, CE 1 and CE 2 communicate through the backup PW. Figure 71 Network diagram Device Interface IP address Device CE 1 Vlan-int10 100.1.1.1/24 PE 2 Loop0 2.2.2.2/32 PE 1 Loop0 1.1.1.1/32 Vlan-int10 - Vlan-int10 - Vlan-int12 12.1.1.2/24 Vlan-int12 12.1.1.1/24 Loop0 3.3.
[PE1] mpls ldp [PE1-ldp] quit # Configure VLAN interface 12 (the interface connected to PE 2) and VLAN interface 13 (the interface connected to PE 3), and enable LDP for the interfaces. [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip address 12.1.1.1 24 [PE1-Vlan-interface12] mpls enable [PE1-Vlan-interface12] mpls ldp enable [PE1-Vlan-interface12] quit [PE1] interface vlan-interface 13 [PE1-Vlan-interface12] ip address 13.1.1.
[PE2] interface loopback 0 [PE2-LoopBack0] ip address 2.2.2.2 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 2.2.2.2 # Enable global MPLS LDP. [PE2] mpls ldp [PE2-ldp] quit # Configure VLAN interface 12 (the interface connected to PE 1), and enable LDP on it. [PE2] interface vlan-interface 12 [PE2-Vlan-interface12] ip address 12.1.1.2 24 [PE2-Vlan-interface12] mpls enable [PE2-Vlan-interface12] mpls ldp enable [PE2-Vlan-interface12] quit # Configure OSPF on PE 2 for LDP to create LSPs.
[PE3] mpls ldp [PE3-ldp] quit # Configure VLAN interface 13 (the interface connected to PE 1), and enable LDP on it. [PE3] interface vlan-interface 13 [PE3-Vlan-interface13] ip address 13.1.1.3 24 [PE3-Vlan-interface13] mpls enable [PE3-Vlan-interface13] mpls ldp enable [PE3-Vlan-interface13] quit # Configure OSPF on PE 3 for LDP to create LSPs. [PE3] ospf [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE3-ospf-1-area-0.0.0.
2.2.2.2 20 65662/65660 LDP M 1 Up 3.3.3.3 30 65659/65655 LDP B 1 Blocked # Display detailed information about the primary and backup PWs on PE 1. display l2vpn pw verbose Xconnect-group Name: vpna Connection: ldp Peer: 2.2.2.
l2vpn switchover peer 2.2.2.2 pw-id 20 # Display L2VPN PW information on PE 1. The output shows that the PW switchover is successful. display l2vpn pw Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon Total number of PWs: 2, 1 up, 1 blocked, 0 down, 0 defect Xconnect-group Name: vpna Peer PW ID In/Out Label Proto Flag Link ID State 2.2.2.2 20 65662/65660 LDP M 1 Blocked 3.3.3.
[CE1] interface vlan-interface 10 [CE1-Vlan-interface10] ip address 100.1.1.1 24 [CE1-Vlan-interface10] quit [CE1] interface ten-gigabitethernet 1/0/1 [CE1-Ten-GigabitEthernet1/0/1] port link-type trunk [CE1-Ten-GigabitEthernet1/0/1] port trunk permit vlan 10 [CE1-Ten-GigabitEthernet1/0/1] quit 2. Configure PE 1: # Configure an LSR ID. system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.2.2.2 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 192.2.2.2 # Enable L2VPN.
# Create a cross-connect group named vpn1, create a cross-connect named ldpsvc in the group, and create an LDP PW and a static PW for the cross-connect to form a multi-segment PW that includes the two PWs. [P] xconnect-group vpn1 [P-xcg-vpn1] connection ldpsvc [P-xcg-vpn1-ldpsvc] peer 192.2.2.2 pw-id 1000 [P-xcg-vpn1-ldpsvc-192.2.2.2-1000] quit [P-xcg-vpn1-ldpsvc] peer 192.3.3.3 pw-id 1000 in-label 100 out-label 200 [P-xcg-vpn1-ldpsvc-192.3.3.3-1000] quit [P-xcg-vpn1-ldpsvc] quit [P-xcg-vpn1] quit 4.
[CE2-Ten-GigabitEthernet1/0/1] port link-type trunk [CE2-Ten-GigabitEthernet1/0/1] port trunk permit vlan 10 [CE2-Ten-GigabitEthernet1/0/1] quit Verifying the configuration # Display L2VPN PW information on P. The output shows that two PWs have been created to form a multi-segment PW.
Connect the two public tunnels on ASBR 2. • Figure 73 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan-int10 100.1.1.1/24 ASBR 1 Loop0 192.2.2.2/32 PE 1 Loop0 192.1.1.1/32 Vlan-int23 23.1.1.2/24 Vlan-int23 23.1.1.1/24 Vlan-int26 26.2.2.2/24 PE 2 Loop0 192.4.4.4/32 Loop0 192.3.3.3/32 Vlan-int22 22.2.2.1/24 Vlan-int26 26.2.2.3/24 CE 2 Vlan-int10 100.1.1.2/24 Vlan-int22 22.2.2.
[PE1-ldp] quit # Configure VLAN-interface 23 connected to ASBR 1 and enable LDP on the interface. [PE1] interface vlan-interface 23 [PE1-Vlan-interface23] ip address 23.1.1.1 24 [PE1-Vlan-interface23] mpls enable [PE1-Vlan-interface23] mpls ldp enable [PE1-Vlan-interface23] quit # Configure OSPF on PE 1 for LDP to create LSPs. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 23.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 192.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.
[ASBR1-Vlan-interface23] mpls enable [ASBR1-Vlan-interface23] mpls ldp enable [ASBR1-Vlan-interface23] quit # Configure VLAN-interface 26 connected to ASBR 2 and enable LDP on the interface. [ASBR1] interface vlan-interface 26 [ASBR1-Vlan-interface26] ip address 26.2.2.2 24 [ASBR1-Vlan-interface26] mpls enable [ASBR1-Vlan-interface26] quit # Configure OSPF on ASBR 1 for LDP to create LSPs. [ASBR1] ospf [ASBR1-ospf-1] area 0 [ASBR1-ospf-1-area-0.0.0.0] network 23.1.1.2 0.0.0.255 [ASBR1-ospf-1-area-0.0.0.
# Enable global LDP. [ASBR2] mpls ldp [ASBR2-ldp] quit # Configure VLAN-interface 22 connected to PE 2 and enable LDP on the interface. [ASBR2] interface vlan-interface 22 [ASBR2-Vlan-interface22] ip address 22.2.2.3 24 [ASBR2-Vlan-interface22] mpls enable [ASBR2-Vlan-interface22] mpls ldp enable [ASBR2-Vlan-interface22] quit # Configure VLAN-interface 26 connected to ASBR 1 and enable LDP on the interface. [ASBR2] interface vlan-interface 26 [ASBR2-Vlan-interface26] ip address 26.2.2.
[PE2] interface loopback 0 [PE2-LoopBack0] ip address 192.4.4.4 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 192.4.4.4 # Enable L2VPN. [PE2] l2vpn enable # Enable global LDP. [PE2] mpls ldp [PE2-ldp] quit # Configure VLAN-interface 22 connected to ASBR 1 and enable LDP on the interface. [PE2] interface vlan-interface 22 [PE2-Vlan-interface22] ip address 22.2.2.
[CE2-Ten-GigabitEthernet1/0/1] port link-type trunk [CE2-Ten-GigabitEthernet1/0/1] port trunk permit vlan 10 [CE2-Ten-GigabitEthernet1/0/1] quit Verifying the configuration # Display L2VPN PW information on PE 1. The output shows that a PW has been created. [PE1] display l2vpn pw Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon Total number of PWs: 1, 1 up, 0 blocked, 0 down, 0 defect Xconnect-group Name: vpn1 Peer PW ID In/Out Label Proto Flag Link ID State 192.2.2.
Configuring VPLS Overview Virtual Private LAN Service (VPLS) delivers a point-to-multipoint L2VPN service over an MPLS or IP backbone. The provider backbone emulates a switch to connect all geographically dispersed sites of each customer network. The backbone is transparent to the customer sites, which can communicate with each other as if they were on the same LAN.
packet is forwarded to the correct VSI. The outer label is the public LSP or MPLS TE tunnel label, which makes sure the packet is correctly forwarded to the remote PE. • VPLS instance—A customer network might include multiple geographically dispersed sites (such as site 1 and site 3 in Figure 74.) The service provider uses VPLS to connect all the sites to create a single Layer 2 VPN, which is referred to as a "VPLS instance." Sites in different VPLS instances cannot communicate with each other at Layer 2.
If the source MAC address of a packet from a CE does not exist in the MAC address table, the PE learns the source MAC address on the AC connected to the CE. • Learning the source MAC addresses of remote sites connected through PWs: A VSI regards a PW as a logical Ethernet interface. If the source MAC address of a packet received from a PW does not exist in the MAC address table, the PE learns the source MAC address on the PW of the VSI.
Multicast and broadcast traffic forwarding and flooding: After a PE receives a multicast or broadcast packet from an AC, the PE floods the packet to all other ACs and the PWs in the VSI bound to the AC. After a PE receives a multicast or broadcast packet from a PW, the PE floods the packet to all ACs in the VSI bound to the PW. PW full mesh and split horizon A loop prevention protocol such as STP is required in a Layer 2 network to avoid loops.
Before you perform this task, configure an LSR ID for the PE with the mpls lsr-id command, and enable MPLS with the mpls enable command on the backbone interface of the PE. For more information about these commands, see MPLS Command Reference. To enable L2VPN: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable L2VPN. l2vpn enable By default, L2VPN is disabled. Configuring an AC An AC is a service instance on a Layer 2 Ethernet interface or Layer 2 aggregate interface.
Configuring a VSI Step Command Remarks 1. Enter system view. system-view N/A 2. Create a VSI and enter VSI view. vsi vsi-name By default, no VSI is created. 3. (Optional.) Configure a description for the VSI. description text By default, no description is configured for a VSI. 4. (Optional.) Configure the default PW ID for the VSI. default-pw-id default-pw-id By default, no default PW ID is configured for the VSI. 5. Configure an MTU for the VSI.
Step Command Configure a static PW, and enter VSI static PW view. 4. Remarks peer ip-address [ pw-id pw-id ] in-label label-value out-label label-value [ no-split-horizon | pw-class class-name | tunnel-policy tunnel-policy-name ] * By default, no static PW is configured. If you have configured a default PW ID for the VSI with the default-pw-id command, you can use the default PW ID without providing a PW ID in the peer command.
Step Command Remarks 5. Enable BGP to exchange L2VPN information with the specified peer or peer group. peer { group-name | ip-address } enable By default, BGP cannot exchange L2VPN information with any peer or peer group. 6. Enable BGP to exchange label block information with the specified peer or peer group. peer { group-name | ip-address } signaling By default, BGP can exchange label block information with a BGP L2VPN peer or peer group. (Optional.
Step Command Remarks Configure the VSI to automatically discover neighbors through BGP and enter auto-discovery VSI view. auto-discovery bgp By default, a VSI does not automatically discover neighbors through BGP. 4. Configure an RD for the auto-discovery VSI. route-distinguisher route-distinguisher By default, no RD is configured for the auto-discovery VSI. 5. Configure route targets for the auto-discovery VSI.
Step Command Remarks Enable BGP to exchange label block information with the specified peer or peer group. peer { group-name | ip-address } auto-discovery [ non-standard ] By default, BGP can exchange VPLS PE information with a BGP L2VPN peer or peer group by using RFC 6074 MP_REACH_NLRI. (Optional.) Permit the local AS number to appear in routes from the specified peer or peer group and specify the appearance times.
Step Command Remarks 4. Configure an RD for the auto-discovery VSI. route-distinguisher route-distinguisher By default, no RD is configured for the auto-discovery VSI. 5. Configure route targets for the auto-discovery VSI. vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ] By default, no route targets are configured for the auto-discovery VSI. 6. (Optional.) Reference a PW class. pw-class class-name By default, no PW class is referenced. 7. (Optional.
Configuring MAC address learning Step Command Remarks 1. Enter system view. system-view N/A 2. Enter VSI view. vsi vsi-name N/A 3. Enable MAC address learning for the VSI. mac-learning enable By default, MAC address learning is enabled for a VSI. Displaying and maintaining VPLS Execute display commands in any view and the reset command in user view. Task Command Display LDP PW label information.
Task Command Display BGP L2VPN update group information. display bgp update-group l2vpn [ ip-address ] Clear MAC address entries for one or all VSIs. reset l2vpn mac-address [ vsi vsi-name ] Reset L2VPN BGP sessions. reset bgp { as-number | ip-address | all | external | group group-name | internal } l2vpn VPLS configuration examples Static PW configuration example Network requirements Configure VPLS on each PE, and establish static PWs between the PEs to interconnect the CEs.
# Enable global LDP. [PE1] mpls ldp [PE1-ldp] quit # Configure VLAN-interface 20 connected to PE 2 and enable LDP on the interface. [PE1] interface vlan-interface 20 [PE1-Vlan-interface20] ip address 20.1.1.1 24 [PE1-Vlan-interface20] mpls enable [PE1-Vlan-interface20] mpls ldp enable [PE1-Vlan-interface20] quit # Configure VLAN-interface 30 connected to PE 3 and enable LDP on the interface. [PE1] interface vlan-interface 30 [PE1-Vlan-interface30] ip address 30.1.1.
[PE2] l2vpn enable # Enable global LDP. [PE2] mpls ldp [PE2-ldp] quit # Configure VLAN-interface 20 connected to PE 1, and enable LDP on the interface. [PE2] interface vlan-interface 20 [PE2-Vlan-interface20] ip address 20.1.1.2 24 [PE2-Vlan-interface20] mpls enable [PE2-Vlan-interface20] mpls ldp enable [PE2-Vlan-interface20] quit # Configure VLAN-interface 40 connected to PE 3, and enable LDP on the interface. [PE2] interface vlan-interface 40 [PE2-Vlan-interface40] ip address 40.1.1.
# Enable L2VPN. [PE3] l2vpn enable # Enable global LDP. [PE3] mpls ldp [PE3-ldp] quit # Configure VLAN-interface 30 connected to PE 1, and enable LDP on the interface. [PE3] interface vlan-interface 30 [PE3-Vlan-interface30] ip address 30.1.1.3 24 [PE3-Vlan-interface30] mpls enable [PE3-Vlan-interface30] mpls ldp enable [PE3-Vlan-interface30] quit # Configure VLAN-interface 40 connected to PE 2, and enable LDP on the interface. [PE3] interface vlan-interface 40 [PE3-Vlan-interface40] ip address 40.1.1.
Signaling Protocol : Static Link ID : 8 PW State : Up In Label : 100 Out Label: 100 MTU : 1500 PW Attributes : Main VCCV CC : - VCCV BFD : - Tunnel Group ID : 0x1800000760000005 Tunnel NHLFE IDs : 131 Peer: 3.3.3.
[PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls ldp [PE1-ldp] quit # Enable L2VPN. [PE1] l2vpn enable # Configure VSI aaa that uses LDP as the PW signaling protocol, and establish a PW to PE 2 and PE 3, respectively. [PE1] vsi aaa [PE1-vsi-aaa] pwsignaling ldp [PE1-vsi-aaa-ldp] peer 2.2.2.9 pw-id 500 [PE1-vsi-aaa-ldp-2.2.2.9-500] quit [PE1-vsi-aaa-ldp] peer 3.3.3.9 pw-id 500 [PE1-vsi-aaa-ldp-3.3.3.
[PE2-Ten-GigabitEthernet1/0/1-srv10] encapsulation default # Bind service instance 10 to the VSI aaa. [PE2-Ten-GigabitEthernet1/0/1-srv10] xconnect vsi aaa 4. Configure PE 3: # Configure basic MPLS. system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 3.3.3.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 3.3.3.9 [PE3] mpls ldp [PE3-ldp] quit # Enable L2VPN.
Signaling Protocol : LDP Link ID : 9 PW State : Up In Label : 131160 Out Label: 131156 MTU : 1500 PW Attributes : Main VCCV CC : - VCCV BFD : - Tunnel Group ID : 0x1800000860000007 Tunnel NHLFE IDs : 132 BGP PW configuration example Network requirements Create BGP PWs among PEs so CEs in different sites of VPN 1 can communicate with each other. Figure 78 Network diagram Loop0 3.3.3.
[PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0 [PE1-bgp] address-family l2vpn [PE1-bgp-l2vpn] peer 2.2.2.9 enable [PE1-bgp-l2vpn] peer 3.3.3.9 enable [PE1-bgp-l2vpn] quit [PE1-bgp] quit # Enable L2VPN. [PE1] l2vpn enable # Configure the VSI aaa to use BGP to establish BGP PWs to PE 2 and PE 3.
[PE2] l2vpn enable # Configure the VSI aaa to use BGP to establish BGP PWs to PE 1 and PE 3. [PE2] vsi aaa [PE2-vsi-aaa] auto-discovery bgp [PE2-vsi-aaa-auto] route-distinguisher 1:1 [PE2-vsi-aaa-auto] vpn-target 1:1 [PE2-vsi-aaa-auto] signaling-protocol bgp [PE2-vsi-aaa-auto-bgp] site 2 range 10 default-offset 0 [PE2-vsi-aaa-auto-bgp] quit [PE2-vsi-aaa-auto] quit [PE2-vsi-aaa] quit # Create service instance 10 on Ten-GigabitEthernet 1/0/1 to match all packets.
[PE3-vsi-aaa-auto-bgp] quit [PE3-vsi-aaa-auto] quit [PE3-vsi-aaa] quit # Create service instance 10 on Ten-GigabitEthernet 1/0/1 to match all packets. [PE3] interface ten-gigabitethernet1/0/1 [PE3-Ten-GigabitEthernet1/0/1] service-instance 10 [PE3-Ten-GigabitEthernet1/0/1-srv10] encapsulation default # Bind service instance 10 to the VSI aaa. [PE3-Ten-GigabitEthernet1/0/1-srv10] xconnect vsi aaa Verifying the configuration # Execute the display l2vpn pw verbose command on PE 1.
Link ID : 9 Local Label Block : 131153/10/0 Remote Label Block : 131255/10/0 Export Route Target: 1:1 Remote Site ID : 3 Offset : 0 RD : 1:1 PW State : Up Encapsulation : BGP-VPLS MTU : 1500 Nexthop : 3.3.3.
[PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls ldp [PE1-ldp] quit # Establish IBGP connections to PE 1 and PE 2 and use BGP to advertise VPLS PE information. [PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 as-number 100 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0 [PE1-bgp] address-family l2vpn [PE1-bgp-l2vpn] peer 2.2.2.9 enable [PE1-bgp-l2vpn] peer 3.3.3.
[PE2-bgp] peer 1.1.1.9 connect-interface loopback 0 [PE2-bgp] peer 3.3.3.9 as-number 100 [PE2-bgp] peer 3.3.3.9 connect-interface loopback 0 [PE2-bgp] address-family l2vpn [PE2-bgp-l2vpn] peer 1.1.1.9 enable [PE2-bgp-l2vpn] peer 3.3.3.9 enable [PE2-bgp-l2vpn] quit [PE2-bgp] quit # Enable L2VPN. [PE2] l2vpn enable # Configure the VSI aaa to use BGP to discover remote PEs and use LDP to establish LDP PWs to PE 1 and PE 3.
# Enable L2VPN. [PE3] l2vpn enable # Configure the VSI aaa to use BGP to discover remote PEs and use LDP to establish LDP PWs to PE 1 and PE 2. [PE3] vsi aaa [PE3-vsi-aaa] auto-discovery bgp [PE3-vsi-aaa-auto] route-distinguisher 1:1 [PE3-vsi-aaa-auto] vpn-target 1:1 [PE3-vsi-aaa-auto] signaling-protocol ldp [PE3-vsi-aaa-auto-ldp] vpls-id 100:100 [PE3-vsi-aaa-auto-ldp] quit [PE3-vsi-aaa-auto] quit [PE3-vsi-aaa] quit # Create service instance 10 on Ten-GigabitEthernet 1/0/1 to match all packets.
VSI Name: aaa PW State: Up PW Status Communication: Notification method PW ID FEC (Local/Remote): Local AII : (1.1.1.9, 2.2.2.9) Remote AII : (2.2.2.9, 1.1.1.9) PW Type : VLAN/VLAN Group ID : 0/0 Label : 131153/131255 Control Word: Disabled/Disabled VCCV CV Type: -/VCCV CC Type: -/MTU : 1500/1500 PW Status : PW forwarding/PW forwarding Peer: 3.3.3.9 VPLS ID: 100:100 VSI Name: aaa PW State: Up PW Status Communication: Notification method PW ID FEC (Local/Remote): Local AII : (1.1.1.9, 3.3.3.
Configuring MCE This chapter describes MCE configuration. For information about the related routing protocols, see Layer 3—IP Routing Configuration Guide. MPLS L3VPN overview MPLS L3VPN is a L3VPN technology used to interconnect geographically dispersed VPN sites. MPLS L3VPN uses BGP to advertise VPN routes and uses MPLS to forward VPN packets over a service provider backbone. MPLS L3VPN provides flexible networking modes, excellent scalability, and convenient support for MPLS QoS and MPLS TE.
MPLS L3VPN concepts Site A site has the following features: • A site is a group of IP systems with IP connectivity that does not rely on any service provider network. • The classification of a site depends on the topology relationship of the devices, rather than the geographical positions, though the devices at a site are, in most cases, adjacent to each other geographically. • The devices at a site can belong to multiple VPNs, which means that a site can belong to multiple VPNs.
As shown in Figure 81, a VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, followed by a four-byte IPv4 prefix. The RD and the IPv4 prefix form a unique VPN-IPv4 prefix. An RD can be in one of the following formats: • When the Type field is 0, the Administrator subfield occupies two bytes, the Assigned number subfield occupies four bytes, and the RD format is 16-bit AS number:32-bit user-defined number. For example, 100:1.
Figure 82 Network diagram for the MCE function As shown in Figure 82, the MCE device creates a routing table for each VPN. VLAN interface 2 binds to VPN 1 and VLAN-interface 3 binds to VPN 2. When receiving a route, the MCE device determines the source of the routing information according to the number of the receiving interface, and then adds it to the corresponding routing table. The MCE connects to PE 1 through a trunk link that permits packets tagged with VLAN 2 or VLAN 3.
Configuring VPN instances VPN instances isolate VPN routes from public network routes and routes among VPNs. You must configure VPN instances for an MCE networking scheme. Creating a VPN instance A VPN instance is a collection of the VPN membership and routing rules of its associated site. A VPN instance might not correspond to one VPN. To create and configure a VPN instance: Step Command Remarks 1. Enter system view. system-view N/A 2. Create a VPN instance and enter VPN instance view.
Configuring route related attributes for a VPN instance VPN routes are controlled and advertised on a PE by using the following process: 1. When a VPN route learned from a site gets redistributed into BGP, BGP associates it with a route target extended community attribute list, which is typically the export target attribute of the VPN instance associated with the site. 2. The VPN instance determines which routes it can accept and redistribute according to the import-extcommunity in the route target. 3.
Step Command Apply a tunnel policy to the VPN instance. 7. Remarks By default, only one tunnel is selected (no load balancing) in this order: LSP tunnel and CRLSP tunnel. tnl-policy tunnel-policy-name The specified tunnel policy must have been created. For information about tunnel policies, see "Configuring tunnel policies." Configuring routing on an MCE MCE implements service isolation through route isolation.
Step 3. (Optional.) Configure the default preference for static routes. Command Remarks ip route-static default-preference default-preference-value The default preference is 60. Configuring RIP between an MCE and a VPN site A RIP process belongs to the public network or a single VPN instance. If you create a RIP process without binding it to a VPN instance, the process belongs to the public network. Binding RIP processes to VPN instances can isolate routes of different VPNs.
Step Command Remarks Perform this configuration on the MCE. On a VPN site, create a common OSPF process. 2. Create an OSPF process for a VPN instance and enter OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * An OSPF process bound to a VPN instance does not use the public network router ID configured in system view. Therefore, configure a router ID for the OSPF process.
Step Command Remarks 8. Create an OSPF area and enter OSPF area view. area area-id By default, no OSPF area is created. 9. Enable OSPF on the interface attached to the specified network in the area. network ip-address wildcard-mask By default, an interface neither belongs to any area nor runs OSPF. Configuring IS-IS between an MCE and a VPN site An IS-IS process belongs to the public network or a single VPN instance.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Enter BGP-VPN instance view. ip vpn-instance vpn-instance-name N/A 4. Configure an EBGP peer. peer { group-name | ip-address } as-number as-number By default, no BGP peer is configured. 5. Enter BGP-VPN IPv4 unicast address family view. address-family ipv4 [ unicast ] N/A Enable BGP to exchange IPv4 unicast routes with the peer.
Step Command Remarks 3. Configure the MCE as an EBGP peer. peer { group-name | ip-address } as-number as-number N/A 4. Enter BGP-VPN IPv4 unicast address family view. address-family ipv4 [ unicast ] N/A 5. Enable BGP to exchange IPv4 unicast routes with the peer. peer { group-name | ip-address } enable By default, BGP does not exchange IPv4 unicast routes with any peer. Redistribute the IGP routes of the VPN into BGP.
Step (Optional.) Configure filtering of advertised routes. 9. 10. (Optional.) Configure filtering of received routes. 2. Command Remarks filter-policy { acl-number | prefix-list prefix-list-name } export [ protocol process-id ] By default, BGP does not filter advertised routes. filter-policy { acl-number | prefix-list prefix-list-name } import By default, BGP does not filter received routes. Command Remarks Configure a VPN site: Step 1. Enter system view. system-view N/A 2. Enter BGP view.
Step Command Remarks By default, no static route is configured. The default preference is 60. 2. Configure a static route for a VPN instance.
Step 5. Command (Optional.) Configure the type codes of OSPF extended community attributes. ext-community-type { domain-id type-code1 | router-id type-code2 | route-type type-code3 } Remarks The defaults are as follows: • 0x0005 for Domain ID. • 0x0107 for Router ID. • 0x0306 for Route Type. By default, no route tag is configured. 6. 7. (Optional.) Configure the external route tag for imported VPN routes. route-tag tag-value Redistribute the VPN routes.
Step 2. 3. Command Remarks Create an IS-IS process for a VPN instance and enter IS-IS view. isis [ process-id ] vpn-instance vpn-instance-name N/A Configure a network entity title. network-entity net By default, no NET is configured. By default, IS-IS does not redistribute routes from any other routing protocol. 4. Redistribute VPN routes.
Configuring IBGP between an MCE and a PE Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Enter BGP-VPN instance view. ip vpn-instance vpn-instance-name N/A 4. Configure the PE as an IBGP peer. peer { group-name | ip-address } as-number as-number N/A 5. Enter BGP-VPN IPv4 unicast address family view. address-family ipv4 [ unicast ] N/A Enable BGP to exchange IPv4 unicast routes with the peer.
MCE configuration examples Configuring the MCE that uses OSPF to advertise VPN routes to the PE Network requirements As shown in Figure 83, the MCE device is connected to VPN 1 through VLAN-interface 10 and is connected with VPN 2 through VLAN-interface 20. RIP runs in VPN 2. Configure the MCE device to separate routes from different VPNs and to advertise the VPN routes to PE 1 through OSPF.
[MCE-vpn-instance-vpn1] quit [MCE] ip vpn-instance vpn2 [MCE-vpn-instance-vpn2] route-distinguisher 20:1 [MCE-vpn-instance-vpn2] vpn-target 20:1 [MCE-vpn-instance-vpn2] quit # Create VLAN 10, add Ten-GigabitEthernet 1/0/1 to VLAN 10, and create VLAN-interface 10. [MCE] vlan 10 [MCE-vlan10] port ten-gigabitethernet 1/0/1 [MCE-vlan10] quit # Bind VLAN-interface 10 to VPN instance vpn1, and configure an IP address for VLAN-interface 10.
# On the MCE, display the routing information maintained for VPN instance vpn1. [MCE] display ip routing-table vpn-instance vpn1 Destinations : 13 Routes : 13 Destination/Mask Proto 0.0.0.0/32 10.214.10.0/24 Pre Cost NextHop Interface Direct 0 0 127.0.0.1 InLoop0 Direct 0 0 10.214.10.3 Vlan10 10.214.10.0/32 Direct 0 0 10.214.10.3 Vlan10 10.214.10.3/32 Direct 0 0 127.0.0.1 InLoop0 10.214.10.255/32 Direct 0 0 10.214.10.3 Vlan10 127.0.0.0/8 Direct 0 0 127.0.0.
10.214.20.0/32 Direct 0 0 10.214.20.3 Vlan20 10.214.20.3/32 Direct 0 0 127.0.0.1 InLoop0 10.214.20.255/32 Direct 0 0 10.214.20.3 Vlan20 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 192.168.10.0/24 OSPF 2 10.214.20.2 Vlan20 224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0 255.255.255.
[PE1] interface vlan-interface 30 [PE1-Vlan-interface30] ip binding vpn-instance vpn1 [PE1-Vlan-interface30] ip address 30.1.1.2 24 [PE1-Vlan-interface30] quit # On PE 1, create VLAN 40 and VLAN-interface 40, bind the VLAN interface to VPN instance vpn2, and configure an IP address for the VLAN interface. [PE1] vlan 40 [PE1-vlan40] quit [PE1] interface vlan-interface 40 [PE1-Vlan-interface40] ip binding vpn-instance vpn2 [PE1-Vlan-interface40] ip address 40.1.1.
30.1.1.255/32 Direct 0 0 30.1.1.2 Vlan30 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 192.168.0.0/24 OSPF 1 30.1.1.1 Vlan30 224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 150 # On PE 1, display the routing information for VPN 2.
Figure 84 Network diagram Configuration procedure 1. Create VPN instances on the MCE and PE 1, and bind the VPN instances to VLAN interfaces. For the configuration procedure, see "Configure the VPN instances on the MCE and PE 1:." 2. Configure routing between the MCE and VPN sites: # Enable an OSPF process on the devices in the two VPNs, and advertise the subnets. (Details not shown.) # Configure OSPF on the MCE, and bind OSPF process 10 to VPN instance vpn1 to learn the routes of VPN 1.
10.214.10.0/32 Direct 0 0 10.214.10.3 Vlan10 10.214.10.3/32 Direct 0 0 127.0.0.1 InLoop0 10.214.10.255/32 Direct 0 0 10.214.10.3 Vlan10 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 192.168.0.0/24 OSPF 2 10.214.10.2 Vlan10 224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 0 127.
[PE1] bgp 200 [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 30.1.1.1 as-number 100 [PE1-bgp-vpn1] address-family ipv4 [PE1-bgp-ipv4-vpn1] peer 30.1.1.1 enable [PE1-bgp-ipv4-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # Use similar procedures to configure VPN 2 settings on MCE and PE 1. (Details not shown.) Verifying the configuration # Display the routing information for VPN 1 on PE 1.
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 Now, the MCE has redistributed the OSPF routes of the two VPN instances into the EBGP routing tables of PE 1.
Configuring IPv6 MCE This chapter describes IPv6 MCE configuration. Overview In MPLS L3VPN networks, MCE uses static routes or dynamic routing protocols to advertise IPv4 routes between internal networks and PEs and forwards IPv4 packets. In IPv6 MPLS L3VPN networks, IPv6 MCE uses IPv6 static routes and dynamic routing protocols to advertise IPv6 routes between internal networks and PEs and forwards IPv6 packets. The fundamentals of IPv6 MCE are the same as those of MCE.
Step 4. 5. Command Remarks By default, no description is configured for a VPN instance. (Optional.) Configure a description for the VPN instance. description text (Optional.) Configure an ID for the VPN instance. vpn-id vpn-id The description should contain the VPN instance's related information, such as its relationship with a certain VPN. By default, no ID is configured for a VPN instance.
Step 2. Enter VPN instance view or IPv6 VPN view. Command Remarks • Enter VPN instance view: Configurations made in VPN instance view apply to both IPv4 VPN and IPv6 VPN. ip vpn-instance vpn-instance-name • Enter IPv6 VPN view: address-family ipv6 3. 4. Configure route targets. Set the maximum number of active routes supported.
Configuring routing on an MCE An MCE implements service isolation through route isolation. MCE routing configuration includes the following: • MCE-VPN site routing configuration • MCE-PE routing configuration On a PE in an MCE network environment, disable routing loop detection to avoid route loss during route calculation, and disable route redistribution between routing protocols to save system resources.
Step Command Remarks 1. Enter system view. system-view N/A 2. Create a RIPng process for a VPN instance and enter RIPng view. ripng [ process-id ] vpn-instance vpn-instance-name Perform this configuration on the MCE. On a VPN site, configure normal RIPng. 3. Redistribute remote site routes advertised by the PE. import-route protocol [ process-id ] [ allow-ibgp ] [ cost cost | route-policy route-policy-name ] * By default, no routes are redistributed into RIPng. 4. (Optional.
Configuring IPv6 IS-IS between an MCE and a VPN site An IPv6 IS-IS process belongs to the public network or a single IPv6 VPN instance. If you create an IPv6 IS-IS process without binding it to an IPv6 VPN instance, the process belongs to the public network.
Step Command Remarks 5. Enter BGP-VPN IPv6 unicast address family view. address-family ipv6 [ unicast ] N/A 6. Enable BGP to exchange IPv6 unicast routes with the specified peer. peer { group-name | ip-address } enable By default, BGP does not exchange IPv6 unicast routes with any peer. 7. Redistribute remote site routes advertised by the PE. import-route protocol [ process-id [ med med-value | route-policy route-policy-name ] *] By default, no route redistribution is configured. 8.
Step Command Remarks 4. Configure an IBGP peer. peer { group-name | ipv6-address } as-number as-number N/A 5. Enter BGP-VPN IPv6 unicast address family view. address-family ipv6 [ unicast ] N/A 6. Enable BGP to exchange IPv6 unicast routes with the peer. peer { group-name | ipv6-address } enable By default, BGP does not exchange IPv6 unicast routes with any peer. By default, no RR or RR client is configured.
Step Command import-route protocol [ process-id [ med med-value | route-policy route-policy-name ] *] Redistribute the IGP routes of the VPN into BGP. 6. Remarks By default, no routes are redistributed into BGP. A VPN site must advertise VPN network addresses to the connected MCE. Configuring routing between an MCE and a PE MCE-PE routing configuration includes these tasks: • Binding the MCE-PE interfaces to IPv6 VPN instances. • Performing routing configurations.
Step Command Remarks 6. Enter interface view. interface interface-type interface-number N/A 7. Enable the RIPng process on the interface. ripng process-id enable By default, RIPng is disabled on an interface. Configuring OSPFv3 between an MCE and a PE Step Command Remarks 1. Enter system view. system-view N/A 2. Create an OSPFv3 process for an IPv6 VPN instance and enter OSPFv3 view. ospfv3 [ process-id | vpn-instance vpn-instance-name ] * N/A Set the router ID.
Step Command Remarks 6. (Optional.) Configure filtering of advertised routes. ipv6 filter-policy { acl6-number | prefix-list prefix-list-name | route-policy route-policy-name } export [ protocol [ process-id ] ] By default, IPv6 IS-IS does not filter advertised routes. 7. Return to system view. quit N/A 8. Enter interface view. interface interface-type interface-number N/A 9. Enable the IPv6 IS-IS process on the interface.
Step Command Remarks Enter BGP-VPN IPv6 unicast address family view. address-family ipv6 [ unicast ] N/A Enable BGP to exchange IPv6 unicast routes with the peer. peer { group-name | ipv6-address } enable By default, BGP does not exchange IPv6 unicast routes with any peer. 7. Redistribute the VPN routes of the VPN site. import-route protocol [ process-id [ med med-value | route-policy route-policy-name ] * ] By default, no routes are redistributed into BGP. 8. (Optional.
Figure 85 Network diagram VPN 2 Site 1 CE PE 2 PE 1 XGE1/0/1 Vlan-int30: 30::2/64 Vlan-int40: 40::2/64 VPN 1 2012:1::/64 Vlan-int11 2012:1::2/64 VR 1 Vlan-int10 2001:1::2/64 XGE1/0/1 Vlan-int10 2001:1::1/64 MCE XGE1/0/3 Vlan-int30: 30::1/64 Vlan-int40: 40::1/64 XGE1/0/2 Vlan-int20 2002:1::1/64 PE 3 CE VPN 1 Site 2 Vlan-int20 2002:1::2/64 VR 2 Vlan-int21 2012::2/64 VPN 2 2012::/64 Configuration procedure Assume that the system name of the MCE device is MCE, the system names of the edge devices o
# Bind VLAN-interface 10 to VPN instance vpn1, and configure an IPv6 address for the VLAN interface. [MCE] interface vlan-interface 10 [MCE-Vlan-interface10] ip binding vpn-instance vpn1 [MCE-Vlan-interface10] ipv6 address 2001:1::1 64 [MCE-Vlan-interface10] quit # Configure VLAN 20, add Ten-GigabitEthernet 1/0/2 to VLAN 20, bind VLAN-interface 20 to VPN instance vpn2, and assign an IPv6 address to VLAN-interface 20.
# Configure RIPng, and advertise subnets 2012::/64 and 2002:1::/64. system-view [VR2] ripng 20 [VR2-ripng-20] quit [VR2] interface vlan-interface 20 [VR2-Vlan-interface20] ripng 20 enable [VR2-Vlan-interface20] quit [VR2] interface vlan-interface 21 [VR2-Vlan-interface21] ripng 20 enable [VR2-Vlan-interface21] quit # On the MCE, display the routing table of VPN instance vpn1.
NextHop : :: Preference: 0 Interface : Vlan20 Cost : 0 Destination: 2002:1::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2012::/64 Protocol : RIPng NextHop : FE80::20C:29FF:FE40:701 Preference: 100 Interface : Vlan20 Cost : 1 Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 T
[MCE-Vlan-interface40] ip binding vpn-instance vpn2 [MCE-Vlan-interface40] ipv6 address 40::1 64 [MCE-Vlan-interface40] quit # On PE 1, create VLAN 30 and VLAN-interface 30, bind VLAN-interface 30 to VPN instance vpn1, and configure an IPv6 address for the VLAN-interface 30.
[PE1] display ipv6 routing-table vpn-instance vpn1 Destinations : 6 Routes : 6 Destination: ::1/128 Protocol NextHop : ::1 Preference: 0 : Direct Interface : InLoop0 Cost : 0 Destination: 30::/64 Protocol : Direct NextHop : :: Preference: 0 Interface : Vlan30 Cost : 0 Destination: 30::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2012:1::/64 Protocol : OSPFv3 NextHop : FE80::202:FF:FE02:2 Preference: 150 Interface : Vlan3
Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 Now, the routing information for the two VPNs has been added into the routing tables on PE 1.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index AS A IPv6 MPLS L3VPN inter-AS IPv6 VPN configuration, 211 AC MPLS L2VPN AC configuration, 246 IPv6 MPLS L3VPN inter-AS IPv6 VPN option A configuration, 212 MPLS L2VPN AC/cross-connect binding, 251 MPLS L2VPN attachment circuit (AC), 241 IPv6 MPLS L3VPN inter-AS IPv6 VPN option C configuration, 212 MPLS VPLS architecture, 281 MPLS VPLS configuration, 285 IPv6 MPLS L3VPN inter-AS option A configuration, 222 MPLS VPLS Layer 3 Ethernet interface, 285 MPLS VPLS Layer 3 Ethernet subinterface, 285
MPLS L3VPN VPN instance with interface, 119, 313 MPLS L2VPN PW, 261 MPLS L2VPN PW BGP configuration, 249 attachment circuit.
MPLS VPLS architecture, 281 C carrier's carrier class MPLS FEC, 1 IPv6 MPLS L3VPN configuration, 233 MPLS L2VPN PW configuration, 248 MPLS L3VPN, 109 MPLS L3VPN configuration, 168 MPLS L3VPN Level 1 carrier, 109 MPLS VPLS PW class configuration, 286 configuring IPv6 MCE, 347 MPLS L3VPN Level 2 carrier, 109 IPv6 MPLS L3VPN, 201, 202, 215, 215 CE IPv6 MPLS L3VPN basics, 203 IPv6 MPLS L3VPN BGP VPNv6 route control configuration, 210 IPv6 MPLS L3VPN BGP VPNv6 route control, 210 IPv6 MPLS L3VPN inte
IPv6 MPLS L3VPN VPN instance, 203, 336 MPLS L3VPN MCE, 309 IPv6 MPLS L3VPN VPN instance route related attributes, 204, 337 MPLS L3VPN MCE routing, 315 MCE, 326 MPLS L3VPN MCE-PE EBGP, 324 MPLS L3VPN MCE-PE, 331 MPLS basic, 5 MPLS L3VPN MCE-PE IBGP, 325, 346 MPLS basics, 1 MPLS L3VPN MCE-PE IS-IS, 323 MPLS exclusive tunnel, 96 MPLS L3VPN MCE-PE OSPF, 322 MPLS L2VPN, 241, 245, 254 MPLS L3VPN MCE-PE RIP, 322 MPLS L2VPN AC, 246 MPLS L3VPN MCE-PE routing, 321 MPLS L2VPN AC/cross-connect binding,
MPLS VPLS LDP PW (BGP auto-discovery/on switch), 304 MPLS LDP session parameter, 22 MPLS LDP session parameter (Basic Discovery mechanism), 22 MPLS VPLS MAC address learning, 292 MPLS LDP session parameter (Extended Discovery mechanism), 23 MPLS VPLS PW, 286 MPLS LDP session protection, 28 MPLS VPLS static PW, 286, 293 MPLS VPLS PW class, 286 MPLS LDP targeted hello parameters, 22 MPLS MTU, 6 MPLS preferred tunnel, 96 MPLS VPLS VSI, 286 connecting MPLS L2VPN AC/cross-connect binding, 251 MPLS pref
MPLS TE tunnel over static CRLSP, 49, 53 IPv6 MPLS L3VPN VPN instance creation, 203, 336 MPLS TE tunnel with RSVP-TE, 58 IPv6 MPLS L3VPN VPN instance interface association, 204, 337 static configuration, 72, 72, 73 IPv6 MPLS L3VPN VPN instance route related attributes, 204, 337 cross-connect MPLS L2VPN, 241 MCE configuration, 326 MPLS L2VPN AC/cross-connect binding, 251 MPLS L3VPN architecture, 100, 309 MPLS L2VPN cross-connect, 247 MPLS L3VPN basic configuration, 118, 138 customer edge device.
MPLS L3VPN inter-AS VPN option B, 106, 107 MPLS VPLS BGP PW configuration, 300 MPLS VPLS configuration, 293 MPLS L3VPN inter-AS VPN option C, 106, 108 MPLS VPLS LDP PW configuration (BGP auto-discovery/on switch), 304 MPLS L3VPN MCE-PE EBGP configuration, 324 MPLS VPLS PW LDP configuration, 297 MPLS L3VPN MCE-VPN site EBGP configuration, 318 MPLS VPLS PW static configuration, 293 MPLS L3VPN PE/CE EBGP configuration, 123 provider device. See P egress LSR (MPLS), 3 provider edge device.
MPLS label format, 1 GRE MPLS LDP, 15 MPLS exclusive tunnel configuration, 96 MPLS LDP configuration, 15, 20, 30 MPLS preferred tunnel configuration, 96 MPLS LDP label acceptance control, 34 MPLS LDP label advertisement control, 38 MPLS preferred tunnel+selection order configuration, 97 MPLS LDP label mapping, 15 MPLS tunnel policy configuration, 94, 96 MPLS tunnel selection order configuration, 97 MPLS LDP LSP configuration, 30 MPLS LDP peer, 15 MPLS LDP session, 15 format H hello MPLS LDP sessi
MPLS LDP label acceptance policy, 26 MPLS L3VPN MCE-VPN site IBGP configuration, 320 MPLS LDP label advertisement control, 38 MPLS L3VPN PE/CE IBGP configuration, 125 MPLS LDP label advertisement policy, 25 ICMP MPLS LDP label control, 17 MPLS TTL-expired message sending, 9 MPLS LDP label distribution, 17 identifier (LDP), 15 MPLS LDP label distribution control mode, 25 implementing MPLS LDP loop detection, 27 MPLS L3VPN HoVPN (MPLS L3VPN), 113 MPLS LDP LSP configuration, 30 MPLS VPLS, 282 M
inter-AS IPv6 VPN option C PE configuration, 212 inter-AS IPv6 VPN option C routing policy configuration, 213 inter-AS option A configuration, 222 inter-AS option C configuration, 227 keepalive parameter (LDP), 22 L L2VPN BGP PW configuration, 261 label distribution protocol. Use LDP MCE routing configuration, 339 Label Forwarding Information Base.
FEC-label mapping, 15 protocols and standards, 20 GR, 19 session, 15 GR configuration, 29 session establishment, 16 GR helper, 19 session maintenance, 16 GR restarter, 19 session parameters, 22 hello parameters, 21 session parameters (Basic Discovery mechanism), 22 identifier, 15 session parameters (Extended Discovery mechanism), 23 label acceptance control, 34 label acceptance policy, 26 session protection, 28 label advertisement control, 38 session reset, 29 label advertisement modes, 17
MPLS control plane, 2 IPv6 MCE, 347 MPLS exclusive tunnel configuration, 96 MCE, 325 MPLS LDP configuration, 15, 20, 30 MPLS, 9 MPLS LDP label acceptance control, 34 MPLS L3VPN, 136, 213 MPLS LDP label advertisement control, 38 MPLS LDP peer, 16 MPLS LDP loop detection, 27 MPLS TE, 53 MPLS LDP LSP configuration, 30 MPLS TE RSVP, 87 MPLS LDP LSP establishment, 16 MPLS VPLS, 292 MPLS LDP LSP generation policy, 24 make-before-break (MPLS TE), 45 MPLS preferred tunnel configuration, 96 mappin
IPv6 MPLS L3VPN MCE-VPN site routing configuration, 339 MPLS LDP label distribution control, 25 IPv6 MPLS L3VPN MCE-VPN site static routing configuration, 339 MPLS LDP label ordered distribution, 18 maintaining, 325 MPLS LDP label retention liberal, 18 MPLS LDP label independent distribution, 18 MPLS LDP label retention conservative, 18 MCE-PE EBGP configuration, 324 MPLS TE bidirectional tunnel associated mode, 46 MCE-PE IBGP configuration, 325, 346 MCE-PE IS-IS configuration, 323 MCE-PE OSPF conf
protocols and standards, 5 PW static configuration, 248, 254 SNMP notifications enable, 9 PW static redundancy configuration, 252 static CRLSP configuration, 72, 72, 73 static PW configuration, 248 TE. See MPLS TE VPLS configuration, 284 Transport Profile.
MCE-PE EBGP configuration, 324 VPN instance route related attribute configuration, 120, 314 MCE-PE IBGP configuration, 325, 346 VPN-IPv4 address, 101, 310 MCE-PE IS-IS configuration, 323 MCE-PE OSPF configuration, 322 MPLS QoS IPv6 MPLS L3VPN carrier's carrier configuration, 233 MCE-PE RIP configuration, 322 MCE-PE routing configuration, 321 IPv6 MPLS L3VPN configuration, 201, 202, 215, 215 MCE-PE static routing configuration, 321 MCE-VPN site configuration, 326 IPv6 MPLS L3VPN inter-AS option A co
MPLS L3VPN BGP AS number substitution configuration, 196 MPLS L3VPN carrier's carrier configuration, 168 MPLS VPLS traffic forwarding, 283 Multiprotocol Label Switching.
IPv6 MPLS L3VPN MCE-VPN site IPv6 IS-IS configuration, 341 MPLS L2VPN PW (multi-segment), 244 IPv6 MPLS L3VPN MCE-VPN site OSPFv3 configuration, 340 MPLS L2VPN PW class configuration, 248 MPLS L2VPN PW BGP configuration, 249 MPLS L2VPN PW configuration, 248, 248 IPv6 MPLS L3VPN MCE-VPN site RIPng configuration, 339 MPLS L2VPN PW LDP configuration, 248 MPLS L2VPN PW LDP redundancy configuration, 253 IPv6 MPLS L3VPN MCE-VPN site routing configuration, 339 MPLS L2VPN PW redundancy, 243 IPv6 MPLS L3VPN
MPLS L3VPN MCE-PE static routing configuration, 321 MPLS L3VPN VPN instance configuration, 119, 313 MPLS L3VPN MCE-VPN site EBGP configuration, 318 MPLS L3VPN VPN instance interface association, 119, 313 MPLS L3VPN VPN instance creation, 119, 313 MPLS L3VPN MCE-VPN site IBGP configuration, 320 MPLS L3VPN VPN instance route related attribute configuration, 120, 314 MPLS L3VPN MCE-VPN site IS-IS configuration, 318 MPLS L3VPN VPN-IPv4 address, 101, 310 MPLS LDP backoff configuration, 23 MPLS L3VPN MCE
MPLS L3VPN concepts, 101, 310 MPLS TTL propagation, 8 MPLS TTL-expired message sending, 9 MPLS L3VPN configuration, 100, 118, 138 MPLS tunnel policy configuration, 94 MPLS L3VPN HoVPN configuration, 185 MPLS VPLS AC configuration, 285 MPLS L3VPN hub-spoke network configuration, 145 MPLS VPLS BGP PW configuration, 287 MPLS L3VPN inter-AS option A configuration, 151 MPLS VPLS LDP PW configuration (BGP auto-discovery), 289 MPLS L3VPN inter-AS option C configuration, 161 MPLS L3VPN inter-AS option B
MPLS L2VPN PW intra-domain multi-segment configuration, 271 MPLS TE RSVP-TE tunnel establishment, 87 notifying MPLS L2VPN PW LDP redundancy configuration, 253 MPLS LDP notification message, 15 number substitution MPLS L2VPN PW LDP VLAN mode configuration, 258 MPLS L3VPN BGP AS, 117, 135 O MPLS L2VPN PW redundancy, 243 OAM MPLS L2VPN PW redundancy configuration, 252 MPLS TE bidirectional tunnel, 46 MPLS L2VPN PW static configuration, 254 object MPLS TE RSVP-TE object types, 79 MPLS L2VPN static P
MPLS LDP link hello, 21, 22 IPv6 MPLS L3VPN PE/CE OSPFv3, 206 MPLS LDP session, 22 IPv6 MPLS L3VPN PE/CE RIPng, 206 MPLS LDP targeted hello, 21, 22 IPv6 MPLS L3VPN PE/CE routing, 206 IPv6 MPLS L3VPN PE/CE static routing, 206 path MPLS LDP loop detection path vector, 27 IPv6 MPLS L3VPN PE/PE routing, 126 MPLS TE RSVP-TE Path message, 79 IPv6 MPLS L3VPN PE/PE routing configuration, 126, 210 MPLS TE RSVP-TE PathErr message, 79 MPLS L2VPN AC configuration, 246 MPLS TE RSVP-TE PathTear message, 79 M
configuring IPv6 MPLS L3VPN inter-AS IPv6 VPN option C routing policy, 213 MPLS LDP peer maintenance, 16 MPLS LDP session parameters, 22 configuring IPv6 MPLS L3VPN inter-AS option A, 222 MPLS LDP session protection, 28 MPLS LDP targeted hello parameters, 22 configuring IPv6 MPLS L3VPN inter-AS option C, 227 penultimate hop popping.
configuring MPLS L3VPN inter-AS VPN option C PE, 130 configuring MPLS exclusive tunnel, 96 configuring MPLS L2VPN, 245, 254 configuring MPLS L2VPN AC, 246 configuring MPLS L3VPN loopback interface, 134 configuring MPLS L2VPN AC/cross-connect binding, 251 configuring MPLS L3VPN MCE-PE, 331 configuring MPLS L2VPN BGP PW, 249, 261 configuring MPLS L3VPN MCE-PE EBGP, 324 configuring MPLS L2VPN cross-connect, 247 configuring MPLS L3VPN MCE-PE IBGP, 325, 346 configuring MPLS L2VPN inter-domain multi-segm
configuring MPLS TE tunnel to use static CRLSP, 49 configuring MPLS LDP label distribution control mode, 25 configuring MPLS TTL propagation, 8 configuring MPLS LDP link hello parameter, 22 configuring MPLS tunnel policy, 94, 96 configuring MPLS LDP loop detection, 27 configuring MPLS tunnel selection order, 97 configuring MPLS LDP LSP, 30 configuring MPLS VPLS, 284, 293 configuring MPLS LDP LSP generation policy, 24 configuring MPLS VPLS AC, 285 configuring MPLS LDP MD5 authentication, 24 confi
MPLS L2VPN BGP PW configuration, 261 enabling MPLS LDP, 21 enabling MPLS LDP globally, 21 MPLS L2VPN inter-domain multi-segment PW, 245 enabling MPLS LDP on interface, 21 MPLS L2VPN intra-domain multi-segment PW, 244 enabling MPLS LDP SNMP notification, 29 enabling MPLS SNMP notifications, 9 MPLS L2VPN LDP PW redundancy configuration, 266 enabling MPLS TE, 48 MPLS L2VPN multi-segment PW, 244 MPLS L2VPN pseudowire (PW), 241 enabling MPLS TE label recording, 50 MPLS L2VPN PW BGP configuration, 249
IPv6 MPLS L3VPN MCE-PE OSPFv3 configuration, 345 IPv6 MPLS L3VPN inter-AS IPv6 VPN configuration, 211 IPv6 MPLS L3VPN MCE-PE RIPng configuration, 344 IPv6 MPLS L3VPN inter-AS IPv6 VPN option A configuration, 212 MPLS L3VPN inter-AS VPN option B, 106, 107 IPv6 MPLS L3VPN inter-AS IPv6 VPN option C configuration, 212 MPLS L3VPN inter-AS VPN option C, 106, 108 IPv6 MPLS L3VPN VPN instance route related attributes, 204, 337 MPLS L3VPN loopback route, 134 redundancy MPLS L3VPN BGP VPNv4 route control co
MPLS L3VPN BGP route target attributes, 102, 311 IPv6 MPLS L3VPN MCE-PE RIPng configuration, 344 MPLS L3VPN BGP VPNv4 route control configuration, 126 IPv6 MPLS L3VPN MCE-VPN site EBGP configuration, 341 MPLS L3VPN carrier's carrier configuration, 168 IPv6 MPLS L3VPN MCE-VPN site IBGP configuration, 342 MPLS L3VPN configuration, 138 MPLS L3VPN egress PE VPN label processing mode, 135 IPv6 MPLS L3VPN MCE-VPN site IPv6 IS-IS configuration, 341 MPLS L3VPN HoVPN configuration, 185 IPv6 MPLS L3VPN MCE-V
MPLS L3VPN OSPF VPN on PE, 115 MPLS TE CRLSP backup, 53, 68 MPLS L3VPN PE/PE routing configuration, 126 MPLS TE CRLSP dynamic establishment, 45 MPLS L3VPN route advertisement, 102 MPLS TE make-before-break FF, 45 MPLS L3VPN SNMP notification, 136 MPLS TE make-before-break SE, 45 MPLS LFIB, 2 MPLS TE tunnel over static CRLSP, 53 MPLS LSP, 2 MPLS TE tunnel with RSVP-TE, 49, 58 MPLS LSP establishment, 3 tunnel establishment, 87 MPLS LSR, 2 MPLS PHP, 5 MPLS TE bidirectional tunnel, 62 S scheme MP
MPLS egress label type advertisement, 7 MPLS L2VPN AC configuration, 246 MPLS L3VPN egress PE VPN label processing mode, 135 MPLS L2VPN AC/cross-connect binding, 251 MPLS L2VPN BGP PW, 261 SPE-UPE (MPLS L3VPN HoVPN), 114 MPLS L2VPN configuration, 241, 245, 254 Srefresh MPLS L2VPN cross-connect, 241 MPLS TE RSVP Srefresh configuration, 83 MPLS L2VPN cross-connect configuration, 247 static MPLS L2VPN LDP PW redundancy configuration, 266 IPv6 MPLS L3VPN MCE-PE IPv6 static routing configuration, 344
MPLS VPLS traffic flooding, 283 MPLS TE RSVP-TE ResvConf message, 79 MPLS VPLS traffic forwarding, 283 MPLS TE RSVP-TE ResvErr message, 79 traffic forwarding MPLS TE RSVP-TE ResvTear message, 79 MPLS TE RSVP-TE SESSION_ATTRIBUTE object, 79 MPLS TE, 45 MPLS TE make-before-break, 45 MPLS VPLS broadcast traffic flooding, 283 MPLS VPLS multicast traffic flooding, 283 U unicast MPLS VPLS traffic flooding, 283 MPLS VPLS unicast traffic flooding, 283 transit LSR (MPLS), 3 transport address (LDP), 22 trappi
MPLS L2VPN PW intra-domain multi-segment configuration, 271 MPLS L2VPN PW LDP VLAN mode configuration, 258 MPLS L2VPN PW static configuration, 254 MPLS L2VPN static PW, 248 MPLS PW static configuration, 293 PW class configuration, 286 PW configuration, 286 PW creation, 282 PW full mesh forwarding, 284 PW LDP configuration, 287, 297 PW split horizon forwarding, 284 PW static configuration, 286 traffic flooding, 283 traffic forwarding, 283 VSI configuration, 286 VSI/AC binding, 291 VPN hierarchy of VPN.
