HP FlexFabric 11900 Switch Series MPLS Configuration Guide Part number: 5998-4063 Software version: Release 2105 and later Document version: 6W100-20130515
Legal and notice information © Copyright 2013 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Configuring MCE ························································································································································· 1 MCE overview ··································································································································································· 1 MPLS L3VPN overview ····································································································································
Configuring LDP ························································································································································· 59 Overview········································································································································································· 59 Terminology ··················································································································································
Configuring BGP VPNv4 route control ············································································································· 113 Configuring inter-AS VPN ··········································································································································· 115 Configuring inter-AS option A···························································································································· 115 Configuring inter-AS option B ·····
Configuring a service instance on a Layer 2 Ethernet interface····································································· 228 Configuring a cross-connect ······································································································································· 228 Configuring a PW ························································································································································ 229 Configuring a PW class············
Configuring MCE This chapter covers Multi-VPN-Instance CE (MCE) configuration only. For information about routing protocols, see Layer 3—IP Services Configuration Guide. MCE overview MPLS L3VPN overview MPLS L3VPN is a PE-based L3VPN technology. It uses BGP to advertise VPN routes and uses MPLS to forward VPN packets over the service provider backbone. MPLS L3VPN provides flexible networking modes, excellent scalability, and convenient support for MPLS QoS and MPLS TE.
After a PE learns VPN routing information from a CE, it uses BGP to advertise the VPN routing information to other PEs. A PE maintains routing information for only directly connected VPNs, rather than all VPNs on the provider network. A P router maintains only routes to PEs and does not deal with VPN routing information.
Figure 2 VPN-IPv4 address structure The MCE device does not support advertising VPN routes through MP-BGP. However, to run BGP VPN instances on the MCE device, you must configure a unique RD for each VPN instance to distinguish between the VPN instances.
For better services and higher security, a private network is usually divided into multiple VPNs to isolate services. To meet these requirements, you can configure a CE for each VPN, which increases device expenses and maintenance costs. Or, you can configure multiple VPNs to use the same CE and the same routing table, which sacrifices data security. Using the Multi-VPN-Instance CE (MCE) function, you can remove the contradiction of low cost and high security in multi-VPN networks.
Configuring VPN instances on an MCE device Configuring VPN instances is required in all MCE networking schemes. VPN instances isolate not only VPN routes from public network routes, but also routes among VPNs. This feature allows VPN instances to be used in networking scenarios besides MCE. Creating a VPN instance You can configure a description for a VPN instance to record its related information, such as its relationship with a certain VPN.
• When a VPN route learned from a site gets redistributed into BGP, BGP associates it with a route target extended community attribute list, which is usually the export target attribute list of the VPN instance associated with the site. • The VPN instance determines which routes it can accept and redistribute according to the import-extcommunity in the route target.
MCE-PE routing configuration • Configuration prerequisites Before you configure routing on an MCE, complete the following tasks: • Configure VPN instances, and bind the VPN instances with the interfaces connected to the VPN sites and the PE. • Configure the link layer and network layer protocols on related interfaces to ensure IP connectivity. Configuring routing between an MCE and a VPN site Configuring static routing between an MCE and a VPN site An MCE can reach a VPN site through a static route.
Step Command Remarks 2. Create a RIP process for a VPN instance and enter RIP view. rip [ process-id ] vpn-instance vpn-instance-name Perform this configuration on the MCE. On the VPN site, create a normal RIP process. 3. Enable RIP on the interface attached to the specified network. network network-address By default, RIP is disabled on an interface. 4. Redistribute remote site routes advertised by the PE.
Step Command Remarks The default domain ID is 0. Perform this configuration only on the MCE. 3. (Optional.) Configure the OSPF domain ID. The domain ID of an OSPF process is included in the routes generated by the process. When an OSPF route is redistributed into BGP, the OSPF domain ID is included in the BGP VPN route and delivered as a BGP extended community attribute. domain-id domain-id [ secondary ] An OSPF process can be configured with only one domain ID.
Step Command Remarks By default, OSPF does not redistribute the default route. 7. (Optional.) Configure OSPF to redistribute the default route. default-route-advertise summary cost cost 8. Create an OSPF area and enter OSPF area view. area area-id By default, no OSPF area is created. 9. Enable OSPF on the interface attached to the specified network in the area. network ip-address wildcard-mask By default, an interface does not run OSPF.
carry the OSPF domain ID by configuring the domain-id command in OSPF view. The domain ID is added to BGP VPN routes as an extended community attribute. 1. Configure the MCE: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Enter BGP-VPN instance view. ip vpn-instance vpn-instance-name N/A 4. Specify an EBGP peer or peer group. peer { group-name | ip-address } as-number as-number By default, no BGP peer or peer group is specified. 5.
Step Command Remarks 3. Configure the MCE as an EBGP peer. peer { group-name | ip-address } as-number as-number By default, no BGP peer or peer group is configured. 4. Create and enter BGP-VPN IPv4 address family view. ipv4-family [ unicast ] N/A 5. Enable BGP to exchange IPv4 unicast routing information with the specified peer or peer group. peer { group-name | ip-address } enable By default, BGP does not exchange IPv4 unicast routing information with any peer or peer group.
Step Command Remarks 10. (Optional.) Configure a filtering policy to filter received routes. filter-policy { acl-number | prefix-list prefix-list-name } import By default, BGP does not filter received routes. Command Remarks 2. Configure the VPN site: Step 1. Enter system view. system-view N/A 2. Enable BGP and enter BGP view. bgp as-number By default, BGP is disabled. 3. Configure the MCE as an IBGP peer.
Configuring RIP between an MCE and a PE Step Command Remarks 1. Enter system view. system-view N/A 2. Create a RIP process for a VPN instance and enter RIP view. rip [ process-id ] vpn-instance vpn-instance-name N/A Enable RIP on the interface attached to the specified network. network network-address By default, RIP is disabled on an interface. 4. Redistribute the VPN routes.
Step Command Remarks By default, no route tag is configured. 6. 7. (Optional.) Configure the external route tag for imported VPN routes. route-tag tag-value Redistribute the VPN routes. import-route protocol [ process-id | all-processes | allow-ibgp ] [ cost cost | route-policy route-policy-name | tag tag | type type ] * In some networks, a VPN might be connected to multiple MCEs.
Step Command Remarks By default, IS-IS does not redistribute routes from any other routing protocol. 4. (Optional.) Redistribute the VPN routes. import-route protocol [ process-id | all-processes | allow-ibgp ] [ cost cost | cost-type { external | internal } | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name | tag tag ] * 5. (Optional.) Configure a filtering policy to filter advertised routes.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enable BGP and enter BGP view. bgp as-number By default, BGP is not enabled. 3. Enter BGP-VPN instance view. ip vpn-instance vpn-instance-name N/A 4. Specify the PE as an IBGP peer. peer { group-name | ip-address } [ as-number as-number ] By default, no BGP peer or peer group is specified. 5. Create and enter BGP-VPN IPv4 address family view. ipv4-family [ unicast ] N/A 6.
Configure the MCE device to separate routes from different VPNs and advertise the VPN routes to PE 1 through OSPF. Figure 4 Network diagram VPN 2 Site 1 CE 1 PE 2 PE 1 XGE1/0/1 Vlan-int30: 30.1.1.2/24 Vlan-int40: 40.1.1.2/24 PE 3 CE 2 MCE VPN 1 192.168.0.0/24 VR 1 XGE1/0/1 Vlan-int10 10.214.10.3/24 XGE1/0/3 Vlan-int30: 30.1.1.1/24 Vlan-int40: 40.1.1.1/24 XGE1/0/2 Vlan-int20 10.214.20.3/24 VPN 1 Site 2 VR 2 VPN 2 192.168.10.
# Bind VLAN-interface 10 with VPN instance vpn1, and configure an IP address for VLAN-interface 10. [MCE-Vlan-interface10] ip binding vpn-instance vpn1 [MCE-Vlan-interface10] ip address 10.214.10.3 24 # Configure VLAN 20, add port Ten-GigabitEthernet 1/0/2 to VLAN 20, bind VLAN-interface 20 with VPN instance vpn2, and specify an IP address for VLAN-interface 20.
10.214.10.255/32 Direct 0 0 10.214.10.3 Vlan10 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 192.168.0.0/24 Static 60 0 10.214.10.2 Vlan10 224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 The output shows that the MCE has a static route for VPN instance vpn1.
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 The output shows that the MCE has learned the private routes of VPN 2. The MCE maintains the routes of VPN 1 and those of VPN 2 in two different routing tables. In this way, routes from different VPNs are separated. 3. Configure routing between MCE and PE 1: # The MCE uses port Ten-GigabitEthernet 1/0/3 to connect to PE's port Ten-GigabitEthernet 1/0/1.
[PE1-Vlan-interface40] ip address 40.1.1.2 24 [PE1-Vlan-interface40] quit # Configure the IP address of the interface Loopback 0 as 101.101.10.1 for the MCE and as 100.100.10.1 for PE 1. Specify the loopback interface address as the router ID for the MCE and PE 1. (Details not shown) # Enable OSPF process 10 on the MCE, bind the process to VPN instance vpn1, and set the domain ID to 10. [MCE] ospf 10 router-id 101.101.10.
The following output shows that PE 1 has learned the private route of VPN 2 through OSPF. [PE1] display ip routing-table vpn-instance vpn2 Destinations : 13 Routes : 13 Destination/Mask Proto 0.0.0.0/32 40.1.1.0/24 Pre Cost NextHop Interface Direct 0 0 127.0.0.1 InLoop0 Direct 0 0 40.1.1.2 Vlan40 40.1.1.0/32 Direct 0 0 40.1.1.2 Vlan40 40.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0 40.1.1.255/32 Direct 0 0 40.1.1.2 Vlan40 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.
Figure 5 Network diagram VPN 2 Site 1 CE 1 PE 2 PE 1 XGE1/0/1 Vlan-int30: 30.1.1.2/24 Vlan-int40: 40.1.1.2/24 PE 3 CE 2 MCE VPN 1 192.168.0.0/24 VR 1 XGE1/0/3 Vlan-int30: 30.1.1.1/24 Vlan-int40: 40.1.1.1/24 XGE1/0/2 Vlan-int20 10.214.20.3/24 XGE1/0/1 Vlan-int10 10.214.10.3/24 VPN 1 Site 2 VR 2 VPN 2 192.168.10.0/24 Configuration procedure 1. Configure VPN instances: Create VPN instances on the MCE and PE 1, and bind the VPN instances with VLAN interfaces.
10.214.10.0/32 Direct 0 0 10.214.10.3 Vlan10 10.214.10.3/32 Direct 0 0 127.0.0.1 InLoop0 10.214.10.255/32 Direct 0 0 10.214.10.3 Vlan10 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 192.168.0.0/24 OSPF 2 10.214.10.2 Vlan10 224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 0 127.
[PE1] bgp 200 [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 30.1.1.1 as-number 100 [PE1-bgp-vpn1] ipv4-family [PE1-bgp-ipv4-vpn1] peer 30.1.1.1 enable [PE1-bgp-ipv4-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # On PE 1, display the routing information of VPN instance vpn1. [PE1] display ip routing-table vpn-instance vpn1 Destinations : 13 Routes : 13 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 Pre 0 127.0.0.1 InLoop0 30.1.1.0/24 Direct 0 0 30.1.1.2 Vlan30 30.
Now, the MCE has redistributed the OSPF routes of the two VPN instances into the EBGP routing tables of PE 1.
Configuring IPv6 MCE This chapter describes how to configure the IPv6 MCE function. Overview In MPLS L3VPN networks, MCE uses static routes or dynamic routing protocols to advertise IPv4 routes between internal networks and PEs and forwards IPv4 packets. In IPv6 MPLS L3VPN networks, IPv6 MCE uses IPv6 static routes and dynamic routing protocols to advertise IPv6 routes between internal networks and PEs and forwards IPv6 packets. The fundamentals of IPv6 MCE are the same as those of MCE.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Associate the current interface with a VPN instance. ip binding vpn-instance vpn-instance-name By default, no VPN instance is associated with an interface. NOTE: The ip binding vpn-instance command deletes the IPv6 address of the current interface. You must reconfigure an IPv6 address for the interface after configuring the command.
Step Command Remarks By default, advertised routes are not filtered. (Optional.) Apply an export routing policy. 7. export route-policy route-policy Make sure the routing policy already exists. Otherwise, the device does not filter advertised routes. NOTE: • Route related attributes configured in VPN instance view are applicable to both IPv4 VPNs and IPv6 VPNs. • You can configure route related attributes for IPv6 VPNs in both VPN instance view and IPv6 VPN view.
Step Command Remarks 2. Configure an IPv6 static route for an IPv6 VPN instance. ipv6 route-static vpn-instance s-vpn-instance-name ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | nexthop-address [ public ] | vpn-instance d-vpn-instance-name nexthop-address } [ permanent ] [ preference preference-value ] [ tag tag-value ] [ description description-text ] 3. (Optional.) Configure the default precedence for IPv6 static routes.
By configuring OSPFv3 process-to-IPv6 VPN instance bindings on an IPv6 MCE, you allow routes of different IPv6 VPNs to be exchanged between the IPv6 MCE and the sites through different OSPFv3 processes, ensuring the separation and security of IPv6 VPN routes. For more information about OSPFv3, see Layer 3—IP Routing Configuration Guide. To configure OSPFv3 between IPv6 MCE and VPN site: Step 1. Enter system view. Command Remarks system-view N/A Perform this configuration on the IPv6 MCE.
Step Command Remarks By default, no routes from any other routing protocol are redistributed to IPv6 IS-IS. (Optional.) Redistribute remote site routes advertised by the PE. ipv6 import-route protocol [ process-id ] [ allow-ibgp ] [ cost cost | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name | tag tag ] * 6. Return to system view. quit N/A 7. Enter interface view. interface interface-type interface-number N/A 8. Enable the IPv6 IS-IS process on the interface.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Configure the MCE as the EBGP peer. peer ipv6-address as-number as-number By default, no BGP peer is configured. 4. Create and enter BGP IPv6 address family view. ipv6-family [ unicast ] N/A 5. Enable BGP to exchange IPv6 unicast routing information with the EBGP peer. peer ipv6-address enable By default, BGP cannot exchange IPv6 unicast routing information with a peer. (Optional.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Configure the MCE as an IBGP peer. peer { group-name | ipv6-address } as-number as-number By default, no BGP peer is configured. 4. Create and enter BGP IPv6 address family view. ipv6-family [ unicast ] N/A 5. Enable BGP to exchange IPv6 unicast routing information with the IBGP peer.
Step Command Remarks 1. Enter system view. system-view N/A 2. Create a RIPng process for an IPv6 VPN instance and enter RIPng view. ripng [ process-id ] vpn-instance vpn-instance-name N/A 3. Redistribute the VPN routes. import-route protocol [ process-id ] [ allow-ibgp ] [ cost cost | route-policy route-policy-name ] * By default, no route of any other routing protocol is redistributed into RIPng. 4. (Optional.) Configure the default cost value for the redistributed routes.
Step Command Remarks Create an IS-IS process for an IPv6 VPN instance and enter IS-IS view. isis [ process-id ] vpn-instance vpn-instance-name N/A 3. Configure a network entity title. network-entity net By default, no NET is configured. 4. Enable the IPv6 capacity for the IS-IS process. ipv6 enable By default, IPv6 is disabled. 2. By default, IS-IS does not redistribute routes of any other routing protocol. 5. (Optional.) Redistribute the VPN routes.
Step Command Remarks 8. (Optional.) Configure a filtering policy to filter advertised routes. filter-policy { acl6-number | prefix-list ip-prefix-name } export [ direct | isisv6 process-id | ospfv3 process-id | ripng process-id | static ] By default, BGP does not filter advertised routes. 9. (Optional.) Configure a filtering policy to filter received routes. filter-policy { acl6-number | ipv6-prefix ip-prefix-name } import By default, BGP does not filter received routes.
For commands that display information about a routing table, see Layer 3—IP Routing Command Reference. IPv6 MCE configuration example Network requirements As shown in Figure 6, the IPv6 MCE device is connected to VPN 1 through VLAN-interface 10 and to VPN 2 through VLAN-interface 20. RIPng is used in VPN 2. Configure the IPv6 MCE to separate routes from different VPNs and advertise VPN routes to PE 1 through OSPFv3.
[MCE-vpn-instance-vpn1] route-distinguisher 10:1 [MCE-vpn-instance-vpn1] vpn-target 10:1 [MCE-vpn-instance-vpn1] quit [MCE] ip vpn-instance vpn2 [MCE-vpn-instance-vpn2] route-distinguisher 20:1 [MCE-vpn-instance-vpn2] vpn-target 20:1 [MCE-vpn-instance-vpn2] quit # Create VLAN 10, add port Ten-GigabitEthernet 1/0/1 to VLAN 10, and create VLAN-interface 10.
# On the MCE, configure an IPv6 static route to 2012:1::/64, specify the next hop as 2001:1::2, and bind the static route with VPN instance vpn1. [MCE] ipv6 route-static vpn-instance vpn1 2012:1:: 64 vpn-instance vpn1 2001:1::2 # Run RIPng in VPN 2. Configure RIPng process 20 for VPN instance vpn2 on the MCE, so that the MCE can learn the routes of VPN 2 and add them to the routing table of VPN instance vpn2. # Configure RIPng process 20, binding it with VPN instance vpn2.
[MCE] display ipv6 routing-table vpn-instance vpn2 Routing Table : vpn2 Destinations : 5 Routes : 5 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2002:1::/64 Protocol : Direct NextHop : 2002:1::1 Preference: 0 Interface : Vlan20 Cost : 0 Destination: 2002:1::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2012::/64 Protocol : RIPng NextHop : FE80::20F:E2FF:FE3E:9CA
# On the MCE, create VLAN 40 and VLAN-interface 40, bind VLAN-interface 40 with VPN instance vpn2 and configure an IPv6 address for the VLAN-interface 40. [MCE] vlan 40 [MCE-vlan40] quit [MCE] interface vlan-interface 40 [MCE-Vlan-interface40] ip binding vpn-instance vpn2 [MCE-Vlan-interface40] ipv6 address 40::1 64 [MCE-Vlan-interface40] quit # On PE 1, create VLAN 30 and VLAN-interface 30, bind VLAN-interface 30 with VPN instance vpn1 and configure an IPv6 address for the VLAN-interface 30.
Routing Table : vpn1 Destinations : 5 Routes : 5 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 30::/64 Protocol : Direct NextHop : 30::2 Preference: 0 Interface : Vlan30 Cost : 0 Destination: 30::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2012:1::/64 Protocol : OSPFv3 NextHop : FE80::202:FF:FE02:2 Preference: 150 Interface : Vlan30 Cost : 1 Destination:
Interface : NULL0 Cost : 0 Now, the routing information of the two VPNs has been added into the routing tables on PE 1.
Configuring basic MPLS Multiprotocol Label Switching (MPLS) provides connection-oriented label switching over connectionless IP backbone networks. Overview MPLS integrates both the flexibility of IP routing and the simplicity of Layer 2 switching, and delivers the following advantages: • High speed and efficiency—MPLS uses short- and fixed-length labels to forward packets, avoiding complicated routing table lookups. • Multiprotocol support—MPLS resides between the link layer and the network layer.
LSR A router that performs MPLS forwarding is a label switching router (LSR). LSP A label switched path (LSP) is the path along which packets of a FEC travel through an MPLS network. An LSP is a unidirectional packet forwarding path. Two neighboring LSRs are called the "upstream LSR" and "downstream LSR" along the direction of an LSP. In Figure 8, LSR B is the downstream LSR of LSR A, and LSR A is the upstream LSR of LSR B.
• Ingress LSR—Ingress LSR of packets. It labels packets entering into the MPLS network. • Transit LSR—Intermediate LSRs in the MPLS network. The transit LSRs on an LSP forward packets to the egress LSR according to labels. • Egress LSR—Egress LSR of packets. It removes labels from packets and forwards the packets to their destination networks. LSP establishment LSPs include static and dynamic LSPs. • Static LSP To establish a static LSP, you must configure an LFIB entry on each LSR along the LSP.
MPLS forwarding Figure 11 MPLS forwarding As shown in Figure 11, a packet is forwarded over the MPLS network in the following steps: 1. Router B (the ingress LSR) receives a packet with no label. It identifies the FIB entry that matches the destination address of the packet, pushes the outgoing label (40 in this example) to the packet, and forwards the labeled packet out of the interface VLAN-interface 20 to the next hop LSR Router C. 2.
packet matches an LFIB entry comprising the explicit null label, the penultimate hop replaces the value of the top label with value 0, and forwards the packet to the egress node. The egress node gets the TC information, pops the label of the packet, and forwards the packet.
Configuring MPLS MTU MPLS inserts the label stack between the link layer header and network layer header of each packet. To make sure the size of MPLS labeled packets is smaller than the MTU of an interface, configure an MPLS MTU on the interface. MPLS compares each MPLS packet against the interface MPLS MTU.
Configuration guidelines If the penultimate hop supports PHP, HP recommends that you configure the egress to advertise an implicit null label to the penultimate hop. If you want to simplify packet forwarding on the egress but keep labels in packets for the egress to determine QoS policies, you can configure the egress to advertise an explicit null label to the penultimate hop. HP recommends not using non-null labels except in some special scenarios.
When TTL propagation is disabled, the ingress node sets the label TTL to 255. Each LSR on the LSP decreases the label TTL value by 1. The LSR that pops the label does not change the IP TTL value when popping the label. Therefore, the MPLS backbone nodes are invisible to user networks, and the IP tracert facility cannot show the real path in the MPLS network.
Displaying and maintaining MPLS Execute display commands in any view. Task Command Display MPLS interface information. display mpls interface [ interface-type interface-number ] Display usage information about MPLS labels. display mpls label { label-value1 [ to label-value2 ] | all } Display LSP information.
Configuring a static LSP Overview A static label switched path (LSP) is established by manually specifying the incoming label and outgoing label on each node (ingress, transit, or egress node) of the forwarding path. Static LSPs consume fewer resources, but they cannot automatically adapt to network topology changes. Therefore, static LSPs are suitable for small and stable networks with simple topologies.
Step 3. Configure the transit node of the static LSP. 4. Configure the egress node of the static LSP. Command Remarks static-lsp transit lsp-name in-label in-label nexthop next-hop-addr out-label out-label If you specify a next hop for the static LSP, make sure the transit node has an active route to the specified next hop address.
Configuration procedure 1. Create VLANs and specify IP addresses for all interfaces, including the loopback interfaces, as shown in Figure 14. (Details not shown.) 2. Configure a static route to the destination address of each LSP: # On Switch A, configure a static route to network 21.1.1.0/24. system-view [SwitchA] ip route-static 21.1.1.0 24 10.1.1.2 # On Switch C, configure a static route to network 11.1.1.0/24. system-view [SwitchC] ip route-static 11.1.1.0 255.255.255.0 20.1.1.
Verifying the configuration # Use the display mpls static-lsp command on each switch to view information about static LSPs. Take Switch A as an example: [SwitchA] display mpls static-lsp Total: 2 Name FEC In/Out Label Nexthop/Out Interface State AtoC 21.1.1.0/24 NULL/30 10.1.1.
Configuring LDP Overview The Label Distribution Protocol (LDP) dynamically distributes FEC-label mapping information between LSRs to establish LSPs. Terminology LDP session Two LSRs establish a TCP-based LDP session to exchange FEC-label mappings. LDP peer Two LSRs that use LDP to exchange FEC-label mappings are LSR peers. Label spaces and LDP identifiers Label spaces include the following types: • Per-interface label space—Each interface uses a single, independent label space.
• Advertisement messages—Create, alter, and remove FEC-label mappings, such as Label Mapping messages used to advertise FEC-label mappings. • Notification messages—Provide advisory information and notify errors, such as Notification messages. LDP uses UDP to transport discovery messages for efficiency, and uses TCP to transport session, advertisement, and notification messages for reliability.
Figure 15 Dynamically establishing an LSP Label distribution and control Label advertisement modes Figure 16 Label advertisement modes DU mode Ingress 2) Unsolicitely distributes a label mapping for the FEC to the upstream. 1) Unsolicitely distributes a label mapping for a FEC to the upstream. Transit Egress 1) Sends a label request for a FEC to the downstream. 2) Sends a label request for the FEC to the downstream.
Label distribution control LDP controls label distribution in one of the following ways: • Independent label distribution—Distributes a FEC-label mapping to an upstream LSR at any time. An LSR may distribute a mapping for a FEC to its upstream LSR before it receives a label mapping for that FEC from its downstream LSR.
LDP GR LDP GR overview LDP Graceful Restart enables an LSR to retain MPLS forwarding entries during an LDP restart, ensuring continuous MPLS forwarding. Figure 18 LDP GR As shown in Figure 18, GR defines the following roles: • GR restarter—An LSR that performs GR. It must be GR-capable. • GR helper—A neighbor LSR that helps the GR restarter to complete GR. The device can act as a GR restarter or a GR helper.
restarter goes down, it marks the FEC-label mappings learned from the session as stale and starts the Reconnect timer received from the GR restarter. 3. After LDP completes restart, the GR restarter re-establishes an LDP session with the GR helper. If the LDP session is not set up before the Reconnect timer expires, the GR helper deletes the stale FEC-label mappings and the corresponding MPLS forwarding entries.
Enabling LDP To enable LDP, you must enable LDP globally, and then enable LDP on relevant interfaces or configure IGP to automatically enable LDP on those interfaces. Enabling LDP globally Step Enter system view. 1. Command Remarks system-view N/A • Enable LDP for the local node and Enable LDP for the local node or for a VPN. 2. enter LDP view: mpls ldp • Enable LDP for a VPN and enter By default, LDP is disabled. LDP-VPN instance view: a. mpls ldp b.
Step Command Remarks Enter the view of the interface where you want to establish an LDP session. interface interface-type interface-number N/A 3. Configure the Link Hello hold time. mpls ldp timer hello-hold timeout By default, the Link Hello hold time is 15 seconds. 4. Configure the Link Hello interval. mpls ldp timer hello-interval interval By default, the Link Hello interval is 5 seconds. 2. Configuring Targeted Hello timers for an LDP peer Step Command Remarks 1. Enter system view.
Step Command Remarks 2. Enter interface view. interface interface-type interface-number N/A 3. Configure the Keepalive hold time. mpls ldp timer keepalive-hold timeout By default, the Keepalive hold time is 45 seconds. 4. Configure the Keepalive interval. mpls ldp timer keepalive-interval interval By default, the Keepalive interval is 15 seconds.
The LDP backoff mechanism can mitigate this problem by using an initial delay timer and a maximum delay timer. After LDP fails to establish a session with a peer LSR for the first time, LDP does not start an attempt until the initial delay timer expires. If the session setup fails again, LDP waits for two times the initial delay before the next attempt, and so forth until the maximum delay time is reached. After that, the maximum delay time will always take effect.
By default, LDP uses only host routes with a 32-bit mask to establish LSPs. The other two methods can result in more LSPs than the default policy. To change the policy, be sure that the system resources and bandwidth resources are sufficient. Configure an LSP generation policy: Step 1. Enter system view. Command Remarks system-view N/A • Enter LDP view: 2. Enter LDP view or enter LDP-VPN instance view. mpls ldp • Enter LDP-VPN instance view: N/A a. mpls ldp b. vpn-instance vpn-instance-name 3.
Figure 20 Label advertisement control diagram A label advertisement policy on an LSR and a label acceptance policy on its upstream LSR can achieve the same purpose. HP recommends that you use label advertisement policies to reduce network load if downstream LSRs support label advertisement control. Before you configure an LDP label advertisement policy, create an IP prefix list. For information about IP prefix list configuration, see Layer 3—IP Routing Configuration Guide.
Figure 21 Label acceptance control diagram D o be la er s ilt g t f pin no ap m l A label advertisement policy on an LSR and a label acceptance policy on its upstream LSR can achieve the same purpose. HP recommends that you use the label advertisement policy to reduce network load. You must create an IP prefix list before you configure a label acceptance policy. For information about IP prefix list configuration, see Layer 3—IP Routing Configuration Guide.
Step Command Remarks • Enter LDP view: 2. Enter LDP view or enter LDP-VPN instance view. mpls ldp • Enter LDP-VPN instance view: N/A a. mpls ldp b. vpn-instance vpn-instance-name By default, loop detection is disabled. After loop detection is enabled, the device uses both the maximum hop count and the path vector methods to detect loops. 3. Enable loop detection. loop-detect 4. Specify the maximum hop count. maxhops hop-number By default, the maximum hop count is 32. 5.
Configuring LDP GR Before you configure LDP GR, enable LDP on the GR restarter and GR helpers. To configure LDP GR: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter LDP view. mpls ldp N/A 3. Enable LDP GR. graceful-restart By default, LDP GR is disabled. 4. Configure the Reconnect timer for LDP GR. graceful-restart timer reconnect reconnect-time By default, the Reconnect time is 120 seconds. 5. Configure the MPLS Forwarding State Holding timer for LDP GR.
LDP configuration examples LDP LSP configuration example Network requirements Switch A, Switch B, and Switch C all support MPLS. Configure LDP to establish LSPs between Switch A and Switch C, so subnets 11.1.1.0/24 and 21.1.1.0/24 can reach each other over MPLS. Configure LDP to establish LSPs for only destinations 1.1.1.9/32, 2.2.2.9/32, 3.3.3.9/32, 11.1.1.0/24, and 21.1.1.0/24 on Switch A, Switch B, and Switch C. Figure 22 Network diagram Loop0 2.2.2.9/32 Loop0 1.1.1.9/32 Loop0 3.3.3.9/32 Vlan-int2 10.
[SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit # Configure Switch C. system-view [SwitchC] ospf [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [SwitchC-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 21.1.1.0 0.0.0.
[SwitchA-Vlan-interface2] mpls enable [SwitchA-Vlan-interface2] mpls ldp enable [SwitchA-Vlan-interface2] quit # Configure Switch B. [SwitchB] mpls lsr-id 2.2.2.
[SwitchC] ip prefix-list switchc index 20 permit 2.2.2.9 32 [SwitchC] ip prefix-list switchc index 30 permit 3.3.3.9 32 [SwitchC] ip prefix-list switchc index 40 permit 11.1.1.0 24 [SwitchC] ip prefix-list switchc index 50 permit 21.1.1.0 24 [SwitchC] mpls ldp [SwitchC-ldp] lsp-trigger prefix-list switchc [SwitchC-ldp] quit 5. Verify the configuration: # Execute the display mpls ldp lsp command on each switch to view the LDP LSP information.
Figure 23 Network diagram Configuration considerations 1. Configure a routing protocol on each switch to make sure that the switches can reach each other. This example uses OSPF. 2. Enable LDP on each switch. 3. Configure LSP generation policies, so LDP establishes LSPs only for the routes 11.1.1.0/24 and 21.1.1.0/24. 4. Configure label acceptance policies, so LDP sets up LSPs only over the link Switch A—Switch B—Switch C, as follows: { { Switch A accepts only the label mapping for FEC 21.1.1.
[SwitchA-Vlan-interface6] mpls ldp enable [SwitchA-Vlan-interface6] quit # Configure Switch B. system-view [SwitchB] mpls lsr-id 2.2.2.9 [SwitchB] mpls ldp [SwitchB-ldp] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] mpls enable [SwitchB-Vlan-interface2] mpls ldp enable [SwitchB-Vlan-interface2] quit [SwitchB] interface vlan-interface 3 [SwitchB-Vlan-interface3] mpls enable [SwitchB-Vlan-interface3] mpls ldp enable [SwitchB-Vlan-interface3] quit # Configure Switch C.
[SwitchA-ldp] lsp-trigger prefix-list switcha [SwitchA-ldp] quit # On Switch B, create IP prefix list switchb, and configure LDP to use only the routes permitted by the prefix list to establish LSPs. [SwitchB] ip prefix-list switchb index 10 permit 11.1.1.0 24 [SwitchB] ip prefix-list switchb index 20 permit 21.1.1.
[SwitchC-ldp] quit 6. Verify the configuration: # Execute the display mpls ldp lsp command on each switch to view the LDP LSP information. For example, on Switch A: [SwitchA] display mpls ldp lsp Status Flags: * - stale, L - liberal Statistics: FECs: 2 Ingress LSPs: 1 FEC In/Out Label 11.1.1.0/24 1277/- Transit LSPs: 1 Egress LSPs: 1 Nexthop OutInterface -/1276 10.1.1.2 Vlan-int2 1276/1276 10.1.1.2 Vlan-int2 -/1148(L) 21.1.1.
2. Enable LDP on each switch. 3. Configure LSP generation policies so LDP uses only the routes 11.1.1.0/24 and 21.1.1.0/24 to establish LSPs. 4. Configure label advertisement policies, so LDP sets up LSPs only over the link Switch A—Switch B—Switch C, as follows: { Switch A advertises only the label mapping for FEC 11.1.1.0/24 to Switch B. { Switch C advertises only the label mapping for FEC 21.1.1.0/24 to Switch B. { Switch D does not advertise label mapping for FEC 21.1.1.0/24 to Switch A.
[SwitchC-Vlan-interface3] mpls enable [SwitchC-Vlan-interface3] mpls ldp enable [SwitchC-Vlan-interface3] quit [SwitchC] interface vlan-interface 7 [SwitchC-Vlan-interface7] mpls enable [SwitchC-Vlan-interface7] mpls ldp enable [SwitchC-Vlan-interface7] quit # Configure Switch D. system-view [SwitchD] mpls lsr-id 4.4.4.
[SwitchD-ldp] lsp-trigger prefix-list switchd [SwitchD-ldp] quit 5. Configure label advertisement policies: # On Switch A, create an IP prefix list prefix-to-b that permits subnet 11.1.1.0/24. Switch A uses this list to filter FEC-label mappings advertised to Switch B. [SwitchA] ip prefix-list prefix-to-b index 10 permit 11.1.1.0 24 # On Switch A, create an IP prefix list peer-b that permits 2.2.2.9/32. Switch A uses this list to filter peers. [SwitchA] ip prefix-list peer-b index 10 permit 2.2.2.
6. Verify the configuration: # Execute the display mpls ldp lsp command on each switch to view the LDP LSP information. [SwitchA] display mpls ldp lsp Status Flags: * - stale, L - liberal Statistics: FECs: 2 Ingress LSPs: 1 FEC In/Out Label 11.1.1.0/24 1277/- Transit LSPs: 1 Egress LSPs: 1 Nexthop OutInterface -/1276 10.1.1.2 Vlan-int2 1276/1276 10.1.1.2 Vlan-int2 -/1151(L) -/1277(L) 21.1.1.
Configuring tunnel policies Overview Tunnel policies enable a PE to forward traffic for each MPLS VPN over multiple LSP tunnels to achieve load sharing when the PE has multiple tunnels to the peer PE. For more information about MPLS VPNs, see "Configuring MPLS L3VPN." Configuring a tunnel policy To select multiple tunnels for load sharing, create a tunnel policy and specify the number of tunnels by using the select-seq load-balance-number command.
Displaying tunnel information Execute the display command in any view: Task Command Display tunnel information. display mpls tunnel { all | statistics | [ vpn-instance vpn-instance-name ] destination { tunnel-ipv4-dest | tunnel-ipv6-dest } } Tunnel policy configuration example Network requirements PE 1 has three LSP tunnels to reach PE 2. Two MPLS VPN instances, vpna and vpnb, exist on PE 1. Configure a tunnel policy on PE 1 to achieve load sharing over the three LSP tunnels for each VPN instance.
Configuring MPLS L3VPN This chapter describes MPLS L3VPN configuration. Overview MPLS L3VPN is a L3VPN technology. It uses BGP to advertise VPN routes and uses MPLS to forward VPN packets over a service provider backbone. MPLS L3VPN provides flexible networking modes, excellent scalability, and convenient support for MPLS QoS and MPLS TE.
• A site is a group of IP systems with IP connectivity that does not rely on any service provider network. • The classification of a site depends on the topology relationship of the devices, rather than the geographical positions, though the devices at a site are, in most cases, adjacent to each other geographically. • The devices at a site can belong to multiple VPNs, which means that a site can belong to multiple VPNs. • A site is connected to a provider network through one or more CEs.
• When the Type field is 0, the Administrator subfield occupies two bytes, the Assigned number subfield occupies four bytes, and the RD format is 16-bit AS number:32-bit user-defined number. For example, 100:1. • When the Type field is 1, the Administrator subfield occupies four bytes, the Assigned number subfield occupies two bytes, and the RD format is 32-bit IPv4 address:16-bit user-defined number. For example, 172.1.1.1:1.
3. From the egress PE to the remote CE: After receiving the VPN-IPv4 routes, the egress PE compares their export target attribute with the local import target attribute, and, if they match, adds the routes to the routing table of the VPN instance. Then the egress PE restores the VPN-IPv4 routes to the original IPv4 routes and advertises those routes to the connected CE through static routing, RIP, OSPF, IS-IS, EBGP, or IBGP.
MPLS L3VPN networking schemes In MPLS L3VPNs, route target attributes are used to control the advertisement and reception of VPN routes between sites. They work independently and can be configured with multiple values to support flexible VPN access control and implement multiple types of VPN networking schemes. Basic VPN networking scheme In the simplest case, all users in a VPN form a closed user group. They can forward traffic to each other but cannot communicate with any user outside the VPN.
• The hub PE advertises the routes learned from a spoke PE to the other spoke PEs so the spoke sites can communicate with each other through the hub site. • The import target attribute of a spoke PE is different from the export target attribute of any other spoke PE. Therefore, any two spoke PEs cannot directly advertise VPN-IPv4 routes to each other or directly access each other.
Figure 31 Network diagram for extranet networking scheme VPN 1 Site 1 CE VPN 1: Import:100:1 Export:100:1 PE 1 VPN 1 PE 3 CE Site 3 PE 2 VPN 1: Import:100:1,200:1 Export:100:1,200:1 CE Site 2 VPN 2: Import:200:1 Export:200:1 VPN 2 As shown in Figure 31, route targets configured on PEs produce the following results: • PE 3 can receive VPN-IPv4 routes from PE 1 and PE 2. • PE 1 and PE 2 can receive VPN-IPv4 routes advertised by PE 3.
Figure 32 Network diagram for inter-AS option A Inter-AS option A is easy to carry out because no special configuration is required on the PEs acting as the ASBRs. However, it has limited scalability because the PEs acting as the ASBRs must manage all the VPN routes and create VPN instances on a per-VPN basis. This leads to excessive VPN-IPv4 routes on the PEs. Creating a separate subinterface for each VPN also requires additional system resources.
Figure 33 Network diagram for inter-AS option B PIB M P G IB M IB P- M P- P G IB G P G P PM Inter-AS option B has better scalability than option A. When adopting the MP-EBGP method, note the following: • ASBRs do not perform route target filtering on VPN-IPv4 routes that they receive from each other. Therefore, the ISPs in different ASs must agree on the route exchange. • VPN-IPv4 routes are exchanged only between VPN peers.
Figure 34 Network diagram for inter-AS option C VPN 1 VPN 1 Multi-hop MP-EBGP CE 1 CE 3 PE 3 IB G P G AS 200 G P M G P- IB IB P- PE 2 MPLS backbone M P AS 100 IB P- M P- M MPLS backbone ASBR 2 ASBR 1 (PE) (PE) EBGP P PE 1 PE 4 Multi-hop MP-EBGP VPN LSP LSP CE 2 CE 4 VPN 2 VPN 2 To improve the scalability, you can specify an RR in each AS to maintain all VPN-IPv4 routes and to exchange VPN-IPv4 routes with PEs in the AS.
session established between the routers of the Level 2 carrier. This can greatly reduce the number of routes maintained by the Level 1 carrier network. Compared with the common MPLS L3VPN, the carrier's carrier is different because of the way in which a CE of a Level 1 carrier (a Level 2 carrier) accesses a PE of the Level 1 carrier: • If the PE and the CE are in a same AS, you must configure IGP and LDP between them.
Figure 37 Scenario where the Level 2 carrier is an MPLS L3VPN service provider NOTE: If equal cost routes exist between the Level 1 carrier and the Level 2 carrier, HP recommends that you establish equal cost LSPs between them. Nested VPN The nested VPN technology exchanges VPNv4 routes between PEs and CEs of the ISP MPLS L3VPN and allows a customer to manage its own internal VPNs. Figure 38 shows a nested VPN network. On the service provider's MPLS VPN network, there is a customer VPN named VPN A.
Figure 38 Network diagram for nested VPN P VPN A CE 8 Provider PE Provider MPLS VPN backbone Provider PE VPN A-2 VPN A-1 CE 2 CE 1 Customer MPLS VPN network Customer MPLS VPN Customer PE Customer PE CE 3 VPN A-1 CE 7 CE 5 CE 4 VPN A-1 VPN A-2 CE 6 VPN A-2 Propagation of routing information In a nested VPN network, routing information is propagated using the following process: 1. A provider PE and its CEs exchange VPNv4 routes, which carry information about customer VPNs. 2.
Nested VPN is flexible and easy to implement. It reduces networking costs, provides diversified VPN networking methods for customers, and allows for multi-level hierarchical access control over internal VPNs. HoVPN In MPLS L3VPN solutions, PEs are the key devices, which provide the following functions: • User access, requiring that the PEs must have a large number of interfaces.
• A UPE provides user access. It maintains the routes of directly connected VPN sites. It does not maintain the routes of the remote sites in the VPN, or it only maintains their summary routes. A UPE assigns inner labels to the routes of its directly connected sites, and advertises the labels along with VPN routes to the SPE through MP-BGP. • An SPE manages and advertises VPN routes. It maintains all the routes of the VPNs connected through UPEs, including the routes of both the local and remote sites.
MP-BGP advertises all the VPN routes of UPEs to the SPEs, and advertises the default routes of the VPN instance of the SPEs or the VPN routes permitted by the routing policies to the UPEs. The SPE maintains the VPN routes of all sites in the HoVPN. Each UPE maintains only VPN routes of its directly connected sites. An MPE has fewer routes than the SPE but has more routes than a UPE. OSPF VPN extension This section describes the OSPF VPN extension.
Figure 41 Application of OSPF in VPN With the standard BGP/OSPF interaction, PE 2 advertises the BGP VPN routes to CE 21 and CE 22 in Type 5 LSAs (ASE LSAs). However, CE 11, CE 21, and CE 22 belong to the same OSPF domain, and route advertisements between them should use Type 3 LSAs (inter-area routes). With the extended BGP/OSPF interaction, PEs advertise routes from one site to another site in Type 3 LSAs.
Figure 42 Application of BGP AS number substitution CE 3 PE 1 EBGP_Update: 10.1.0.0/16 AS_PATH: 800 AS 100 MPLS backbone PE 2 VPNv4_Update: 10.1.0.0/16 RD: 100:1 AS_PATH: 800 AS 800 Site 2 EBGP_Update: 10.1.0.0/16 AS_PATH: 100, 100 CE 1 AS 800 Site 1 CE 2 In Figure 42, both Site and Site 2 use the AS number 800. AS number substitution is enabled on PE 2 for CE 2. Before advertising updates received from CE 1 to CE 2, PE 2 substitutes its own AS number 100 for the AS number 800.
Configuration prerequisites Before you configure basic MPLS L3VPN, complete the following tasks: • Configure an IGP for the MPLS backbone (on the PEs and Ps) to achieve IP connectivity. • Configure basic MPLS for the MPLS backbone. • Configure MPLS LDP for the MPLS backbone so that LDP LSPs can be established. • Configure IP addresses for CE interfaces connected to PEs. Configuring VPN instances VPN instances isolate VPN routes from public network routes and routes among VPNs.
Configuring route related attributes for a VPN instance VPN routes are controlled and advertised on a PE using the following process: • When a VPN route learned from a site gets redistributed into BGP, BGP associates it with a route target extended community attribute list, which is usually the export target attribute of the VPN instance associated with the site. • The VPN instance determines which routes it can accept and redistribute according to the import-extcommunity in the route target.
Step 7. Command Remarks By default, only one tunnel is selected (no load balancing) in this order: LSP tunnel, GRE tunnel, CR-LSP tunnel. Apply a tunnel policy to the VPN instance. tnl-policy tunnel-policy-name The specified tunnel policy must have been created. For information about tunnel policies, see Configuring tunnel policies. Configuring routing between a PE and a CE You can configure static routing, RIP, OSPF, IS-IS, EBGP, or IBGP between a PE and a CE.
An OSPF process belongs to the public network or a single VPN instance. If you create an OSPF process without binding it to a VPN instance, the process belongs to the public network. To configure OSPF between a PE and a CE: Step Command Remarks 1. Enter system view. system-view N/A 2. Create an OSPF process for a VPN instance and enter the OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * Perform this configuration on the PE.
Step Command Remarks 1. Enter system view. system-view N/A 2. Create an IS-IS process for a VPN instance and enter IS-IS view. isis [ process-id ] vpn-instance vpn-instance-name Perform this configuration on the PE. On the CE, configure common IS-IS. 3. Configure a network entity title for the IS-IS process. network-entity net By default, no NET is configured. 4. Return to system view. quit N/A 5. Enter interface view. interface interface-type interface-number N/A 6.
Step Command Remarks By default, BGP discards incoming route updates that contain the local AS number. (Optional.) Allow the local AS number to appear in the AS_PATH attribute of a received route, and set the maximum number of repetitions. 8. 2. peer { group-name | ip-address } allow-as-loop [ number ] BGP detects routing loops by examining AS numbers. In a hub-spoke network where EBGP is running between a PE and a CE, the routing information the PE advertises to a CE carries the AS number of the PE.
Step Command Remarks 4. Configure the CE as the VPN IBGP peer. peer { group-name | ip-address } as-number as-number By default, no BGP peer is created. 5. Create and enter BGP VPN IPv4 unicast family view. ipv4-family [ unicast ] N/A 6. Enable IPv4 unicast route exchange with the specified peer. peer { group-name | ip-address } enable By default, BGP does not exchange IPv4 unicast routes with any peer. Configure the CE as a client of the RR. 7.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Configure the remote PE as a BGP peer. peer { group-name | ip-address } as-number as-number By default, no BGP peer is created. 4. Specify the source interface for route updates. peer { group-name | ip-address } connect-interface interface-type interface-number By default, BGP uses the egress interface of the optimal route destined for the peer as the source interface. 5.
Step Command Remarks Advertise a default VPN route to a peer or peer group. peer { group-name | ip-address } default-route-advertise vpn-instance vpn-instance-name Optional. 10. Apply an ACL to filter routes received from or advertised to a peer or peer group. peer { group-name | ip-address } filter-policy acl-number { export | import } Optional. 11. Save all route updates from a peer or peer group.
Step Command Remarks 20. Enable route target-based filtering of received VPNv4 routes. policy vpn-target By default, this feature is enabled. 21. Enable route reflection between clients. reflect between-clients By default, route reflection between clients is enabled on the RR. 22. Configure a cluster ID for the route reflector. reflector cluster-id { cluster-id | ip-address } By default, the RR uses its own router ID as the cluster ID. 23. Configure filtering of reflected routes.
To configure inter-AS option B on an ASBR PE: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view of the interface connecting to the remote ASBR-PE. interface interface-type interface-number N/A 3. Configure the IP address of the interface. ip address ip-address { mask | mask-length } N/A 4. Return to system view. quit N/A 5. Enter BGP view. bgp as-number N/A 6. Enter BGP-VPNv4 address family view. ipv4-family vpnv4 N/A 7.
Step Command Remarks ipv4-family vpnv4 N/A 10. Enable the PE to exchange VPNv4 routes with the peer or peer group. peer { group-name | ip-address } enable By default, BGP does not exchange VPNv4 routes with any peer. 11. (Optional.) Configure the PE to not change the next hop of routes advertised to the EBGP peer. peer { group-name | ip-address } next-hop-invariable Configure this command on the RR so the RR does not change the next hop of advertised VPNv4 routes. 9.
• Assigns MPLS labels to routes received from the PEs in the local AS before advertising them to the peer ASBR PE. • Assigns new MPLS labels to labeled IPv4 routes advertised to PEs in the local AS. Which IPv4 routes are assigned with MPLS labels depends on the routing policy. Only routes that meet the criteria are assigned with labels. All other routes are still common IPv4 routes. To configure a routing policy for inter-AS option C on an ASBR PE: Step Command Remarks 1. Enter system view.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Enter BGP-VPN VPNv4 address family view. ipv4-family vpnv4 N/A 4. Enable nested VPN. nesting-vpn By default, nested VPN is disabled. 5. Return to BGP view. quit N/A 6. Enter BGP-VPN view. ip vpn-instance vpn-instance-name N/A 7. Specify the peer CE or the peer group of the peer CE. peer { group-name | peer-address } as-number as-number By default, no peer is specified. 8.
Step Command • Advertise a default VPN route Advertise routes to the UPE. 7. to the UPE: peer { group-name | ip-address } default-route-advertise vpn-instance vpn-instance-name • Advertise routes permitted by a routing policy to the UPE: peer { group-name | ip-address } upe route-policy route-policy-name export Remarks Use either command. By default, no route is advertised to the UPE. Do not configure both commands.
Step 4. 5. Configure a BGP peer or peer group. Enable the BGP AS number substitution function. Command Remarks peer { group-name | ip-address } as-number as-number N/A peer { ip-address | group-name } substitute-as By default, BGP AS number substitution is disabled. For more information about this command, see Layer 3—IP Routing Command Reference. Displaying and maintaining MPLS L3VPN You can use soft-reset or reset BGP connections to apply new BGP configurations.
Task Command Remarks Display BGP VPNv4 route advertisement information. display bgp routing-table vpnv4 [ route-distinguisher route-distinguisher ] network-address [ mask | mask-length ] advertise-info Available in any view. Display BGP VPNv4 routes matching the specified AS PATH list. display bgp routing-table vpnv4 [ route-distinguisher route-distinguisher ] as-path-acl as-path-acl-number Available in any view. Display BGP VPNv4 routes matching the specified BGP community list.
Figure 43 Network diagram Device Interface IP address Device CE 1 Vlan-int11 10.1.1.1/24 P PE 1 Loop0 1.1.1.9/32 Interface IP address Loop0 2.2.2.9/32 Vlan-int12 172.2.1.1/24 Vlan-int13 172.1.1.2/24 Loop0 3.3.3.9/32 172.2.1.2/24 Vlan-int11 10.1.1.2/24 Vlan-int13 172.1.1.1/24 Vlan-int12 10.2.1.2/24 Vlan-int12 CE 2 Vlan-int12 10.2.1.1/24 Vlan-int11 10.3.1.2/24 CE 3 Vlan-int11 10.3.1.1/24 Vlan-int13 10.4.1.2/24 CE 4 Vlan-int13 10.4.1.
[P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface vlan-interface 13 [P-Vlan-interface13] ip address 172.1.1.2 24 [P- Vlan-interface13] quit [P] interface vlan-interface 12 [P-Vlan-interface12] ip address 172.2.1.1 24 [P-Vlan-interface12] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit # Configure PE 2.
Destination/Mask Proto Pre Cost NextHop Interface 1.1.1.9/32 OSPF 10 0 1.1.1.9 Loop0 172.1.1.0/24 OSPF 10 1 172.1.1.1 Vlan13 [PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.1(Vlan-interface13)'s neighbors Router ID: 2.2.2.9 State: Full Address: 172.1.1.2 Mode: Nbr is Master DR: 172.1.1.2 BDR: 172.1.1.
After the configurations, LDP sessions are established between PE 1, P, and PE 2. Execute the display mpls ldp peer command. The output shows that the session status is Operational. Execute the display mpls ldp lsp command. The output shows the LSPs established by LDP. Take PE 1 as an example: [PE1] display mpls ldp peer Total number of peers: 1 Peer LDP ID State LAM Role GR MD5 KA Sent/Rcvd 2.2.2.
[PE2-Vlan-interface11] ip binding vpn-instance vpn1 [PE2-Vlan-interface11] ip address 10.3.1.2 24 [PE2-Vlan-interface11] quit [PE2] interface vlan-interface 13 [PE2-Vlan-interface13] ip binding vpn-instance vpn2 [PE2-Vlan-interface13] ip address 10.4.1.2 24 [PE2-Vlan-interface13] quit # Configure IP addresses for the CEs according to Figure 43. (Details not shown.) After completing the configurations, execute the display ip vpn-instance command on the PEs to view the configuration of the VPN instance.
[PE1-bgp] ip vpn-instance vpn2 [PE1-bgp-vpn2] peer 10.2.1.1 as-number 65420 [PE1-bgp-vpn2] ipv4-family unicast [PE1-bgp-ipv4-vpn1] peer 10.2.1.1 enable [PE1-bgp-ipv4-vpn2] import-route direct [PE1-bgp-ipv4-vpn2] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure PE 2 in the same way that PE 1 is configured. (Details not shown.) After completing the configurations, execute the display bgp peer ipv4 vpn-instance command on the PEs.
Peer 3.3.3.9 6. AS MsgRcvd 100 3 MsgSent OutQ PrefRcv Up/Down 6 0 State 0 00:00:32 Established Verify the configuration: Execute the display ip routing-table vpn-instance command on the PEs. The output shows the routes to the CEs. Take PE 1 as an example: [PE1] display ip routing-table vpn-instance vpn1 Destinations : 13 Routes : 13 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 Pre 0 127.0.0.1 InLoop0 10.1.1.0/24 Direct 0 0 10.1.1.2 Vlan11 10.1.1.
Configuring an MPLS L3VPN over a GRE tunnel Network requirements CE 1 and CE 2 belong to VPN 1. The PEs support MPLS. The P switch does not support MPLS and provides only IP functions. On the backbone, use a GRE tunnel to encapsulate and forward VPN packets to implement MPLS L3VPN. Configure tunnel policies on the PEs, and specify the tunnel type for VPN traffic as GRE. Figure 44 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan-int12 10.1.1.1/24 P Vlan-int11 172.
system-view [PE2] mpls lsr-id 2.2.2.9 3. Configure VPN instances on PEs, and apply tunnel policies to the VPN instances to use a GRE tunnel for VPN packet forwarding: # Configure PE 1.
[PE1] ping -vpn-instance vpn1 10.1.1.1 PING 10.1.1.1 (10.1.1.1): 56 data bytes 56 bytes from 10.1.1.1: icmp_seq=0 ttl=255 time=1.000 ms 56 bytes from 10.1.1.1: icmp_seq=1 ttl=255 time=0.000 ms 56 bytes from 10.1.1.1: icmp_seq=2 ttl=255 time=0.000 ms 56 bytes from 10.1.1.1: icmp_seq=3 ttl=255 time=0.000 ms 56 bytes from 10.1.1.1: icmp_seq=4 ttl=255 time=0.000 ms --- 10.1.1.1 ping statistics --5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/stddev = 0.000/0.200/1.000/0.
# Configure PE 1. [PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 as-number 100 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-vpnv4] peer 2.2.2.9 enable [PE1-bgp-vpnv4] quit [PE1-bgp] quit # Configure PE 2 in the same way that PE 1 is configured. (Details not shown.) After completing the configuration, execute the display bgp peer vpnv4 command on the PEs. The output shows that BGP peer relationship has been established between the PEs and has reached the Established state.
10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 10.1.1.255/32 Direct 0 0 10.1.1.1 Vlan12 10.2.1.0/24 BGP 0 10.1.1.2 Vlan12 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 255 # CE 1 and CE 2 can ping each other.
Figure 45 Network diagram MPLS backbone Loop0 MPLS backbone Loop0 AS 100 AS 200 Vlan-int12 Vlan-int11 Loop0 Vlan-int12 Vlan-int11 ASBR-PE 2 ASBR-PE 1 Vlan-int11 Loop0 Vlan-int11 PE 2 PE 1 Vlan-int12 Vlan-int12 Vlan-int12 Vlan-int12 CE 1 CE 2 AS 65001 AS 65002 Device Interface IP address Device Interface IP address CE 1 Vlan-int12 10.1.1.1/24 CE 2 Vlan-int12 10.2.1.1/24 PE 1 Loop0 1.1.1.9/32 PE 2 Loop0 4.4.4.9/32 ASBR-PE 1 Vlan-int12 10.1.1.2/24 Vlan-int12 10.2.1.
[ASBR-PE1] mpls ldp [ASBR-PE1-ldp] quit [ASBR-PE1] interface vlan-interface 11 [ASBR-PE1-Vlan-interface11] mpls enable [ASBR-PE1-Vlan-interface11] mpls ldp enable [ASBR-PE1-Vlan-interface11] quit # Configure basic MPLS on ASBR PE 2, and enable MPLS LDP on the interface connected to PE 2. system-view [ASBR-PE2] mpls lsr-id 3.3.3.
[CE2-Vlan-interface12] ip address 10.2.1.1 24 [CE2-Vlan-interface12] quit # Configure PE 2. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance] route-distinguisher 200:2 [PE2-vpn-instance] vpn-target 100:1 both [PE2-vpn-instance] quit [PE2] interface vlan-interface 12 [PE2-Vlan-interface12] ip binding vpn-instance vpn1 [PE2-Vlan-interface12] ip address 10.2.1.2 24 [PE2-Vlan-interface12] quit # On ASBR PE 1, create a VPN instance, and bind the instance to the interface connected to ASBR PE 2.
[PE1-bgp-vpn1] ipv4-family unicast [PE1-bgp-ipv4-vpn1] peer 10.1.1.1 enable [PE1-bgp-ipv4-vpn1] import-route direct [PE1-bgp-ipv4-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 2. [CE2] bgp 65002 [CE2-bgp] peer 10.2.1.2 as-number 200 [CE2-bgp] ipv4-family unicast [CE2-bgp-ipv4] peer 10.2.1.2 enable [CE2-bgp-ipv4] import-route direct [CE2-bgp-ipv4] quit [CE2-bgp] quit # Configure PE 2. [PE2] bgp 200 [PE2-bgp] ip vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.2.1.
[ASBR-PE1-bgp-vpnv4] peer 1.1.1.9 next-hop-local [ASBR-PE1-bgp-vpnv4] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ip vpn-instance vpn1 [ASBR-PE2-bgp-vpn1] peer 192.1.1.1 as-number 100 [ASBR-PE2-bgp-vpn1] ipv4-family unicast [ASBR-PE2-bgp-ipv4-vpn1] peer 192.1.1.1 enable [ASBR-PE2-bgp-ipv4-vpn1] quit [ASBR-PE2-bgp-vpn1] quit [ASBR-PE2-bgp] peer 4.4.4.9 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.
Figure 46 Network diagram MPLS backbone Loop0 MPLS backbone Loop0 AS 100 AS 600 Vlan-int12 Vlan-int12 Vlan-int11 Vlan-int11 ASBR-PE 2 ASBR-PE 1 Loop0 Vlan-int11 Loop0 Vlan-int11 PE 2 PE 1 Vlan-int12 Vlan-int12 Site 1 Site 2 CE 1 CE 2 AS 65001 Device Interface PE 1 ASBR-PE 1 AS 65002 IP address Device Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 Vlan-int12 30.0.0.1/8 Vlan-int12 20.0.0.1/8 Vlan-int11 1.1.1.2/8 Vlan-int11 9.1.1.2/8 ASBR-PE 2 Interface IP address Loop0 3.
[PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1, and configure the RD and route target attributes. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Bind the interface connected with CE 1 to the created VPN instance.
# Configure interface VLAN-interface 12, and enable MPLS on it. [ASBR-PE1] interface vlan-interface 12 [ASBR-PE1-Vlan-interface12] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Vlan-interface12] mpls enable [ASBR-PE1-Vlan-interface12] quit # Configure interface Loopback 0, and enable IS-IS on it. [ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.3.3.9 32 [ASBR-PE1-LoopBack0] isis enable 1 [ASBR-PE1-LoopBack0] quit # Enable BGP on ASBR-PE 1. [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 2.2.2.
[ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit # Enable BGP on ASBR-PE 2. [ASBR-PE2] bgp 600 [ASBR-PE2-bgp] peer 11.0.0.2 as-number 100 [ASBR-PE2-bgp] peer 11.0.0.2 connect-interface vlan-interface 12 [ASBR-PE2-bgp] peer 5.5.5.9 as-number 600 [ASBR-PE2-bgp] peer 5.5.5.9 connect-interface loopback 0 # Disable route target based filtering of received VPNv4 routes.
# Bind the interface connected with CE 2 to the created VPN instance. [PE2] interface Vlan-interface12 [PE2-Vlan-interface12] ip binding vpn-instance vpn1 [PE2-Vlan-interface12] ip address 20.0.0.1 8 [PE2-Vlan-interface12] quit # Enable BGP on PE 2. [PE2] bgp 600 # Configure IBGP peer 4.4.4.9 as a VPNv4 peer. [PE2-bgp] peer 4.4.4.9 as-number 600 [PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-vpnv4] peer 4.4.4.
Figure 47 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 Loop1 30.0.0.1/32 Loop1 20.0.0.1/32 Vlan-int11 1.1.1.2/8 Vlan-int11 9.1.1.2/8 Loop0 3.3.3.9/32 Loop0 4.4.4.9/32 ASBR-PE 1 ASBR-PE 2 Vlan-int11 1.1.1.1/8 Vlan-int11 9.1.1.1/8 Vlan-int12 11.0.0.2/8 Vlan-int12 11.0.0.1/8 Configuration procedure 1. Configure PE 1: # Configure IS-IS on PE 1. system-view [PE1] isis 1 [PE1-isis-1] network-entity 10.
[PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Configure interface Loopback 1, and bind the interface to VPN instance vpn1. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ip address 30.0.0.1 32 [PE1-LoopBack1] quit # Enable BGP on PE 1.
[ASBR-PE1-Vlan-interface11] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-Vlan-interface11] isis enable 1 [ASBR-PE1-Vlan-interface11] mpls enable [ASBR-PE1-Vlan-interface11] mpls ldp enable [ASBR-PE1-Vlan-interface11] quit # Configure interface VLAN-interface 12, and enable MPLS on it. [ASBR-PE1] interface vlan-interface 12 [ASBR-PE1-Vlan-interface12] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Vlan-interface12] mpls enable [ASBR-PE1-Vlan-interface12] quit # Configure interface Loopback 0, and enable IS-IS on it.
3. Configure ASBR-PE 2: # Enable IS-IS on ASBR-PE 2. system-view [ASBR-PE2] isis 1 [ASBR-PE2-isis-1] network-entity 10.222.222.222.222.00 [ASBR-PE2-isis-1] quit # Configure the LSR ID, and enable MPLS and LDP. [ASBR-PE2] mpls lsr-id 4.4.4.9 [ASBR-PE2] mpls ldp [ASBR-PE2-ldp] quit # Configure interface VLAN-interface 11, and enable IS-IS, MPLS, and LDP on the interface. [ASBR-PE2] interface vlan-interface 11 [ASBR-PE2-Vlan-interface11] ip address 9.1.1.1 255.0.0.
[ASBR-PE2-bgp-ipv4] import-route isis 1 [ASBR-PE2-bgp-ipv4] quit # Apply the routing policy policy1 to routes advertised to EBGP peer 11.0.0.2. [ASBR-PE2-bgp] peer 11.0.0.2 as-number 100 [ASBR-PE2-bgp] ipv4-family unicast [ASBR-PE2-bgp-ipv4] peer 11.0.0.2 enable [ASBR-PE2-bgp-ipv4] peer 11.0.0.2 route-policy policy1 export # Enable the capability to advertise labeled routes to EBGP peer 11.0.0.2 and to receive labeled routes from the peer. [ASBR-PE2-bgp-ipv4] peer 11.0.0.
[PE2] bgp 600 # Enable the capability to advertise labeled routes to IBGP peer 4.4.4.9 and to receive labeled routes from the peer. [PE2-bgp] peer 4.4.4.9 as-number 600 [PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE2-bgp] ipv4-family unicast [PE2-bgp-ipv4] peer 4.4.4.9 enable [PE2-bgp-ipv4] peer 4.4.4.9 label-route-capability [PE2-bgp-ipv4] quit # Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10. [PE2-bgp] peer 2.2.2.9 as-number 100 [PE2-bgp] peer 2.2.2.
• PE 3 and PE 4 are the customer carrier's PE switches. They provide MPLS L3VPN services for the end customers. • CE 3 and CE 4 are customers of the customer carrier. The key to carrier's carrier deployment is to configure exchange of two kinds of routes: • Exchange of the customer carrier's internal routes on the provider carrier's backbone. • Exchange of the end customers' VPN routes between PE 3 and PE 4, the PEs of the customer carrier.
[PE1] mpls ldp [PE1-ldp] quit [PE1] isis 1 [PE1-isis-1] network-entity 10.0000.0000.0000.0004.00 [PE1-isis-1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip address 30.1.1.1 24 [PE1-Vlan-interface12] isis enable 1 [PE1-Vlan-interface12] mpls enable [PE1-Vlan-interface12] mpls ldp enable [PE1-Vlan-interface12] mpls ldp transport-address interface [PE1-Vlan-interface12] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.
System Id: 0000.0000.0005 Interface: Vlan-interface12 State: Up 2. HoldTime: Circuit Id: 0000.0000.0005.02 8s Type: L2(L1L2) PRI: 64 Configure the customer carrier network. Enable IS-IS as the IGP and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2: # Configure PE 3. system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 1.1.1.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 1.1.1.9 [PE3] mpls ldp [PE3-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0000.0001.
After the configurations, PE 3 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them. # Configure PE 4 and CE 2 in the same way that PE 3 and CE 1 are configured. (Details not shown.) 3. Perform configurations to allow CEs of the customer carrier to access PEs of the provider carrier, and redistribute IS-IS routes to BGP and BGP routes to IS-IS on the PEs: # Configure PE 1.
# Configure CE 3. system-view [CE3] interface vlan-interface11 [CE3-Vlan-interface11] ip address 100.1.1.1 24 [CE3-Vlan-interface11] quit [CE3] bgp 65410 [CE3-bgp] peer 100.1.1.2 as-number 100 [CE3-bgp] ipv4-family unicast [CE3-bgp-ipv4] peer 100.1.1.2 enable [CE3-bgp-ipv4] import-route direct [CE3-bgp-ipv4] quit [CE3-bgp] quit # Configure PE 3.
[PE1] display ip routing-table Routing Tables: Public Destinations : 7 Destination/Mask Proto 3.3.3.9/32 4.4.4.9/32 30.1.1.0/24 30.1.1.1/32 Routes : 7 Pre Cost NextHop Interface Direct 0 0 127.0.0.1 InLoop0 ISIS 10 30.1.1.2 Vlan12 Direct 0 0 30.1.1.1 Vlan12 Direct 0 0 127.0.0.1 InLoop0 30.1.1.2/32 Direct 0 0 30.1.1.2 Vlan12 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.
21.1.1.2/32 ISIS 74 11.1.1.2 Vlan11 127.0.0.0/8 Direct 0 15 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 # Execute the display ip routing-table command on PE 3 and PE 4. The output shows that the internal routes of the customer carrier network are present in the public network routing tables. Take PE 3 as an example: [PE3] display ip routing-table Routing Tables: Public Destinations : 11 Destination/Mask Proto 1.1.1.9/32 2.2.2.
56 bytes from 120.1.1.1: icmp_seq=0 ttl=255 time=1.000 ms 56 bytes from 120.1.1.1: icmp_seq=1 ttl=255 time=0.000 ms 56 bytes from 120.1.1.1: icmp_seq=2 ttl=255 time=0.000 ms 56 bytes from 120.1.1.1: icmp_seq=3 ttl=255 time=0.000 ms 56 bytes from 120.1.1.1: icmp_seq=4 ttl=255 time=0.000 ms --- 120.1.1.1 ping statistics --5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/stddev = 0.000/0.200/1.000/0.
CE 1 Loop0 2.2.2.9/32 Vlan-int2 10.1.1.2/24 CE 2 Loop0 5.5.5.9/32 Vlan-int1 21.1.1.2/24 Vlan-int1 11.1.1.1/24 Vlan-int2 20.1.1.1/24 CE 3 Vlan-int1 100.1.1.1/24 CE 4 Vlan-int1 120.1.1.1/24 CE 5 Vlan-int3 110.1.1.1/24 CE 6 Vlan-int3 130.1.1.1/24 PE 1 Loop0 3.3.3.9/32 PE 2 Loop0 4.4.4.9/32 Vlan-int1 11.1.1.2/24 Vlan-int1 21.1.1.1/24 Vlan-int2 30.1.1.1/24 Vlan-int2 30.1.1.2/24 PE 3 Loop0 1.1.1.9/32 Loop0 6.6.6.9/32 Vlan-int1 100.1.1.2/24 PE 4 Vlan-int1 120.1.1.
Take PE 1 as an example: [PE1] display mpls ldp peer Total number of peers: 1 Peer LDP ID State LAM Role GR MD5 KA Sent/Rcvd 4.4.4.9:0 Operational DU Active Off Off 8/8 [PE1] display bgp peer vpnv4 BGP local router ID: 3.3.3.9 Local AS number: 100 Total number of peers: 1 Peer 4.4.4.
[CE1] interface loopback 0 [CE1-LoopBack0] ip address 2.2.2.9 32 [CE1-LoopBack0] quit [CE1] mpls lsr-id 2.2.2.9 [CE1] mpls ldp [CE1-ldp] quit [CE1] isis 2 [CE1-isis-2] network-entity 10.0000.0000.0000.0002.00 [CE1-isis-2] quit [CE1] interface loopback 0 [CE1-LoopBack0] isis enable 2 [CE1-LoopBack0] quit [CE1] interface vlan-interface 2 [CE1-Vlan-interface2] ip address 10.1.1.
# Configure PE 2 and CE 2 in the same way that PE 1 and CE 1 are configured. (Details not shown.) 4. Connect sub-VPN CEs to the customer VPN PEs: # Configure CE 3. system-view [CE3] interface vlan-interface 1 [CE3-Vlan-interface1] ip address 100.1.1.1 24 [CE3-Vlan-interface1] quit [CE3] bgp 65410 [CE3-bgp] peer 100.1.1.2 as-number 200 [CE3-bgp] ipv4-family unicast [CE3-bgp-ipv4] peer 100.1.1.2 enable [CE3-bgp-ipv4] import-route direct [CE3-bgp-ipv4] quit [CE3-bgp] quit # Configure CE 5.
[PE3-bgp-ipv4-SUB_VPN1] peer 100.1.1.1 enable [PE3-bgp-ipv4-SUB_VPN1] import-route direct [PE3-bgp-ipv4-SUB_VPN1] quit [PE3-bgp-SUB_VPN1] quit [PE3-bgp] ip vpn-instance SUB_VPN2 [PE3-bgp-SUB_VPN2] peer 100.1.1.1 as-number 65411 [PE3-bgp-SUB_VPN2] ipv4-family unicast [PE3-bgp-ipv4-SUB_VPN2] peer 110.1.1.
# Allow the local AS number to appear in the AS-PATH attribute of the routes received. [PE3-bgp-vpnv4] peer 2.2.2.9 allow-as-loop 2 [PE3-bgp-vpnv4] quit [PE3-bgp] quit # Configure CE 1. [CE1] bgp 200 [CE1-bgp] peer 1.1.1.9 as-number 200 [CE1-bgp] peer 1.1.1.9 connect-interface loopback 0 [CE1-bgp] ipv4-family vpnv4 [CE1-bgp-vpnv4] peer 1.1.1.9 enable [CE1-bgp-vpnv4] undo policy vpn-target [CE1-bgp-vpnv4] quit [CE1-bgp] quit # Configure PE 4 and CE 2 in the same way that PE 3 and CE 1 are configured.
11.1.1.0/32 Direct 0 0 11.1.1.1 Vlan1 11.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 11.1.1.255/32 Direct 0 0 11.1.1.1 Vlan1 11.1.1.2/32 Direct 0 0 11.1.1.2 Vlan1 100.1.1.0/24 BGP 255 0 11.1.1.1 NULL0 110.1.1.0/24 BGP 255 0 11.1.1.1 NULL0 120.1.1.0/24 BGP 255 0 4.4.4.9 NULL0 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 130.1.1.
Route Distinguisher: 201:1 Total number of routes: 1 Network NextHop * > 130.1.1.0/24 11.1.1.2 MED LocPrf PrefVal Path/Ogn 0 100 200 65421? # Execute the display ip routing-table vpn-instance SUB_VPN1 command on PE 3 and PE 4 to verify that the VPN routing tables contain routes sent by the provider PE to user sub-VPN. Take PE 3 as an example: [PE3] display ip routing-table vpn-instance SUB_VPN1 Destinations : 11 Routes : 11 Destination/Mask Proto 0.0.0.0/32 100.1.1.
# Execute the display ip routing-table command on CE5 and CE 6 to verify that the routing tables contain routes of remote sub-VPNs. Take CE5 as an example; [CE5] display ip routing-table Destinations : 13 Routes : 13 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 Pre 0 127.0.0.1 InLoop0 110.1.1.0/24 Direct 0 0 110.1.1.1 Vlan1 110.1.1.0/32 Direct 0 0 110.1.1.1 Vlan1 110.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 110.1.1.255/32 Direct 0 0 110.1.1.1 Vlan1 127.0.
ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host --- 130.1.1.1 ping statistics --5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss Configuring HoVPN Network requirements There are two levels of networks, the backbone and the MPLS VPN networks, as shown in Figure 50. • SPEs act as PEs to allow MPLS VPNs to access the backbone. • UPEs act as PEs of the MPLS VPNs to allow end users to access the VPNs.
# Configure basic MPLS and MPLS LDP to establish LDP LSPs. system-view [UPE1] interface loopback 0 [UPE1-LoopBack0] ip address 1.1.1.9 32 [UPE1-LoopBack0] quit [UPE1] mpls lsr-id 1.1.1.9 [UPE1] mpls ldp [UPE1-ldp] quit [UPE1] interface vlan-interface 11 [UPE1-Vlan-interface11] ip address 172.1.1.1 24 [UPE1-Vlan-interface11] mpls enable [UPE1-Vlan-interface11] mpls ldp enable [UPE1-Vlan-interface11] quit # Configure the IGP protocol (OSPF, in this example).
[UPE1-bgp-vpn1] ipv4-family unicast [UPE1-bgp-ipv4-vpn1] peer 10.2.1.1 enable [UPE1-bgp-ipv4-vpn1] import-route direct [UPE1-bgp-ipv4-vpn1] quit [UPE1-bgp-vpn1] quit # Establish an EBGP peer relationship with CE 2, and redistribute VPN routes into BGP. [UPE1-bgp] ip vpn-instance vpn2 [UPE1-bgp-vpn2] peer 10.4.1.1 as-number 65420 [UPE1-bgp-vpn2] ipv4-family unicast [UPE1-bgp-ipv4-vpn2] peer 10.4.1.
[UPE2] interface vlan-interface 11 [UPE2-Vlan-interface11] ip address 172.2.1.1 24 [UPE2-Vlan-interface11] mpls enable [UPE2-Vlan-interface11] mpls ldp enable [UPE2-Vlan-interface11] quit # Configure the IGP protocol (OSPF, in this example). [UPE2] ospf [UPE2-ospf-1] area 0 [UPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [UPE2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [UPE2-ospf-1-area-0.0.0.
[UPE2-bgp-vpn2] ipv4-family unicast [UPE2-bgp-ipv4-vpn2] peer 10.3.1.1 enable [UPE2-bgp-ipv4-vpn2] import-route direct [UPE2-bgp-ipv4-vpn2] quit [UPE2-bgp-vpn2] quit [UPE2-bgp] quit 5. Configure CE 3: system-view [CE3] interface vlan-interface 12 [CE3-Vlan-interface12] ip address 10.1.1.1 255.255.255.0 [CE3-Vlan-interface12] quit [CE3] bgp 65430 [CE3-bgp] peer 10.1.1.2 as-number 100 [CE3-bgp] ipv4-family unicast [CE3-bgp-ipv4] peer 10.1.1.
[SPE1-Vlan-interface12] quit # Configure the IGP protocol (OSPF, in this example). [SPE1] ospf [SPE1-ospf-1] area 0 [SPE1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [SPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.0] quit [SPE1-ospf-1] quit # Configure VPN instances vpn1 and vpn2.
[SPE2-LoopBack0] ip address 3.3.3.9 32 [SPE2-LoopBack0] quit [SPE2] mpls lsr-id 3.3.3.9 [SPE2] mpls ldp [SPE2-ldp] quit [SPE2] interface vlan-interface 12 [SPE2-Vlan-interface12] ip address 180.1.1.2 24 [SPE2-Vlan-interface12] mpls enable [SPE2-Vlan-interface12] mpls ldp enable [SPE2-Vlan-interface12] quit [SPE2] interface vlan-interface 11 [SPE2-Vlan-interface11] ip address 172.2.1.
[SPE2-bgp] quit # Advertise to UPE 2 the routes permitted by a routing policy (the routes of CE 1). [SPE2] ip prefix-list hope index 10 permit 10.2.1.1 24 [SPE2] route-policy hope permit node 0 [SPE2-route-policy-hope-0] if-match ip address prefix-list hope [SPE2-route-policy-hope-0] quit [SPE2] bgp 100 [SPE2-bgp] ipv4-family vpnv4 [SPE2-bgp-vpnv4] peer 4.4.4.9 upe route-policy hope export 9.
Configuration procedure 1. Configuring basic MPLS L3VPN: { Configure OSPF on the MPLS backbone to allow the PEs and P device to learn the routes of the loopback interfaces from each other. { Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs. { Establish MP-IBGP peer relationship between the PEs to advertise VPNv4 routes. { Configure the VPN instance of VPN 1 on PE 2 to allow CE 2 to access the network.
10.2.1.0/32 Direct 0 0 10.2.1.2 Vlan12 10.2.1.2/32 Direct 0 0 127.0.0.1 InLoop0 10.2.1.255/32 Direct 0 0 10.2.1.2 Vlan12 100.1.1.0/24 BGP 0 1.1.1.9 Vlan11 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 200.1.1.0/24 BGP 0 10.2.1.1 Vlan12 224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0 255.255.255.
[PE2-bgp] quit 3. Verify the configuration: # The output shows that among the routes advertised by PE 2 to CE 2, the AS_PATH of 100.1.1.0/24 has changed from 100 600 to 100 100: *Jun 13 16:15:59:456 2012 PE2 BGP/7/DEBUG: -MDC=1; BGP.vpn1: Send UPDATE to peer 10.2.1.1 for following destinations: Origin : Incomplete AS Path : 100 100 Next Hop : 10.2.1.2 100.1.1.0/24, # Display again the routing information that CE 2 has received and the routing table: display bgp routing-table ipv4 peer 10.2.1.
# After you also configure BGP AS substitution on PE 1, the VLAN interfaces of CE 1 and CE 2 can ping each other.
Configuring IPv6 MPLS L3VPN Overview IPv6 MPLS L3VPN uses BGP to advertise IPv6 VPN routes and uses MPLS to forward IPv6 VPN packets on the service provider backbone. Figure 52 shows a typical IPv6 MPLS L3VPN model. The service provider backbone in the IPv6 MPLS L3VPN model is an IPv4 network. IPv6 runs inside the VPNs and between CE and PE. Therefore, PEs must support both IPv4 and IPv6. The PE-CE interfaces of a PE run IPv6, and the PE-P interface of a PE runs IPv4.
As shown in Figure 53, the IPv6 MPLS L3VPN packet forwarding procedure is using the following process: 1. The PC at Site 1 sends an IPv6 packet destined for 2001:2::1, the PC at Site 2. CE 1 transmits the packet to PE 1. 2. Based on the inbound interface and destination address of the packet, PE 1 finds a matching entry from the routing table of the VPN instance, labels the packet with both inner and outer labels, and forwards the packet out. 3.
To deploy special IPv6 MPLS L3VPN networks, such as inter-AS VPN, you must also perform specific configurations in addition to the basic IPv6 MPLS L3VPN configuration. For details, see the related sections. Tasks at a glance Configuring basic IPv6 MPLS L3VPN Configuring inter-AS IPv6 VPN Configuring basic IPv6 MPLS L3VPN The key task in IPv6 MPLS L3VPN configuration is to manage the advertisement of IPv6 VPN routes on the MPLS backbone, including management of PE-CE route exchange and PE-PE route exchange.
Step Command Remarks 2. Create a VPN instance and enter VPN instance view. ip vpn-instance vpn-instance-name By default, no VPN instance is created. 3. Configure an RD for the VPN instance. route-distinguisher route-distinguisher By default, no RD is specified. (Optional.) Configure a description for the VPN instance. 4. By default, no description is configured for a VPN instance.
Step 2. Enter VPN instance view or IPv6 VPN view. Command Remarks • Enter VPN instance view: Configurations made in VPN instance view apply to both IPv4 VPN and IPv6 VPN. ip vpn-instance vpn-instance-name • Enter IPv6 VPN view: ipv6-family 3. 4. Configure route targets. Set the maximum number of routes supported.
Configuring IPv6 static routing between a PE and a CE Step 1. 2. Enter system view. Configure an IPv6 static route for a VPN instance.
Step Command Remarks Perform this configuration on the PE. On the CE, create a common OSPF process. Create an OSPFv3 process for a VPN instance and enter OSPFv3 view. 2. ospfv3 [ process-id ] vpn-instance vpn-instance-name The maximum number of OSPFv3 processes for a VPN instance depends on the device model. Deleting a VPN instance also deletes all related OSPFv3 processes. 3. Set the router ID. router-id router-id N/A 4. Return to system view. quit N/A 5. Enter interface view.
Step Command Remarks 2. Enable BGP and enter BGP view. bgp as-number N/A 3. Enter BGP-VPN view. ip vpn-instance vpn-instance-name N/A 4. Configure the CE as the VPN EBGP peer. peer { group-name | ipv6-address } as-number as-number By default, no BGP peer is configured. Create and enter BGP-VPN IPv6 unicast address family view. ipv6-family [ unicast ] Configuration commands in BGP-VPN IPv6 unicast address family view are the same as those in BGP IPv6 unicast address family view.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Configure the remote PE as the peer. peer { group-name | ipv6-address } as-number as-number By default, no BGP peer is configured. 4. Specify the source interface for route update packets sent to the specified peer.
Step Command Remarks 10. Apply a routing policy to routes advertised to or received from the peer or peer group. peer { group-name | ip-address } route-policy route-policy-name { export | import } By default, no routing policy is applied for a peer. 11. Enable route target filtering for received BGP-VPNv6 routes. policy vpn-target By default, route target filtering is enabled. 12. Configure the local PE as the route reflector and specify the peer as the client.
• Configure basic IPv6 MPLS L3VPN on each AS. • Configure VPN instances on both PEs and ASBR PEs. The VPN instances on PEs allow CEs to access the network, and those on ASBR PEs are for access of the peer ASBR PEs. For more configuration information, see "Configuring MPLS L3VPN.
Configuring the ASBR PEs In the inter-AS IPv6 VPN option C solution, an inter-AS LSP is needed, and the routes advertised between the PEs and ASBRs must carry MPLS label information. The configuration is the same as that in the Inter-AS IPv4 VPN option C solution. For more information, see "Configuring MPLS L3VPN.
Task Command Remarks Display FIB entries that match the specified destination IP address in the specified VPN instance. display ipv6 fib vpn-instance vpn-instance-name ipv6-address [ prefix-length ] Available in any view. Display BGP VPNv6 peer group information. display bgp group vpnv6 [ group-name ] Available in any view. Display BGP VPNv6 peer information. display bgp peer vpnv6 [ group-name log-info | ip-address { log-info | verbose } | verbose ] Available in any view.
Figure 54 Network diagram Device Interface IP address Device Interface CE 1 Vlan-int11 2001:1::1/96 P Loop0 2.2.2.9/32 PE 1 Loop0 1.1.1.9/32 Vlan-int12 172.2.1.1/24 Vlan-int11 2001:1::2/96 Vlan-int13 172.1.1.2/24 Vlan-int13 172.1.1.1/24 Loop0 3.3.3.9/32 Vlan-int12 2001:2::2/96 Vlan-int12 172.2.1.
[P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface vlan-interface 13 [P-Vlan-interface13] ip address 172.1.1.2 24 [P- Vlan-interface13] quit [P] interface vlan-interface 12 [P-Vlan-interface12] ip address 172.2.1.1 24 [P-Vlan-interface12] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit # Configure PE 2.
Destination/Mask Proto Pre Cost NextHop Interface 1.1.1.9/32 OSPF 10 0 1.1.1.9 Loop0 172.1.1.0/24 OSPF 10 1 172.1.1.1 Vlan13 [PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.1(Vlan-interface13)'s neighbors Router ID: 2.2.2.9 State: Full Address: 172.1.1.2 Mode: Nbr is Master DR: 172.1.1.2 BDR: 172.1.1.
After the configurations, LDP sessions are established between PE 1, P, and PE 2. Execute the display mpls ldp peer command. The output shows that the session status is Operational. Execute the display mpls ldp lsp command. The output shows the LSPs established by LDP. Take PE 1 as an example: [PE1] display mpls ldp peer Total number of peers: 1 Peer LDP ID State LAM Role GR MD5 KA Sent/Rcvd 2.2.2.
[PE2-Vlan-interface11] ip binding vpn-instance vpn1 [PE2-Vlan-interface11] ipv6 address 2001:3::2 96 [PE2-Vlan-interface11] quit [PE2] interface vlan-interface 13 [PE2-Vlan-interface13] ip binding vpn-instance vpn2 [PE2-Vlan-interface13] ipv6 address 2001:4::2 96 [PE2-Vlan-interface13] quit # Configure IP addresses for the CEs according to Figure 54. (Details not shown.
[PE1-bgp-vpn1] quit [PE1-bgp] ip vpn-instance vpn2 [PE1-bgp-vpn2] peer 2001:2::1 as-number 65420 [PE1-bgp-vpn2] ipv6-family unicast [PE1-bgp-ipv6-vpn2] peer 2001:2::1 enable [PE1-bgp-ipv6-vpn2] import-route direct [PE1-bgp-ipv6-vpn2] quit [PE1-bgp-vpn2] quit [PE1-bgp] quit # Configure PE 2 in the same way that PE 1 is configured. (Details not shown.) After completing the configurations, execute the display bgp peer ipv6 vpn-instance command on the PEs.
Destination: 2001:1::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2001:3::/96 Protocol : BGP4+ NextHop : ::FFFF:3.3.3.
Configuring an IPv6 MPLS L3VPN over a GRE tunnel Network requirements CE 1 and CE 2 belong to VPN 1. The PE switches support MPLS. The P switch does not support MPLS and provides only IP functions. On the backbone, use a GRE tunnel to encapsulate and forward VPN packets to implement IPv6 MPLS L3VPN. Configure tunnel policies on the PEs, and specify the tunnel type for VPN traffic as GRE.
# Configure PE 2. system-view [PE2] mpls lsr-id 2.2.2.9 3. Configure VPN instances on PEs to allow CE access, and apply tunnel policies to the VPN instances to use a GRE tunnel for VPN packet forwarding: # Configure PE 1.
vpn1 100:1 2012/02/13 15:59:50 [PE1] ping -vpn-instance vpn1 2001:1::1 PING6(104=40+8+56 bytes) 2001:1::2 --> 2001:1::1 56 bytes from 2001:1::1, icmp_seq=0 hlim=64 time=0.000 ms 56 bytes from 2001:1::1, icmp_seq=1 hlim=64 time=1.000 ms 56 bytes from 2001:1::1, icmp_seq=2 hlim=64 time=0.000 ms 56 bytes from 2001:1::1, icmp_seq=3 hlim=64 time=1.000 ms 56 bytes from 2001:1::1, icmp_seq=4 hlim=64 time=0.000 ms --- 2001:1::1 ping6 statistics --5 packet(s) transmitted, 5 packet(s) received, 0.
[PE1-bgp] ipv6-family vpnv6 [PE1-bgp-vpnv6] peer 2.2.2.9 enable [PE1-bgp-vpnv6] quit [PE1-bgp] quit # Configure PE 2 in the same way that PE 1 is configured. (Details not shown.) After completing the configurations, execute the display bgp peer vpnv6 command on the PEs. The output shows that a BGP peer relationship has been established between the PEs and has reached the Established state. [PE1] display bgp peer vpnv6 BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peer 2.2.
Figure 56 Network diagram MPLS backbone Loop0 MPLS backbone Loop0 AS 100 AS 200 Vlan-int12 Vlan-int11 Loop0 Vlan-int12 Vlan-int11 ASBR-PE 2 ASBR-PE 1 Vlan-int11 Loop0 Vlan-int11 PE 2 PE 1 Vlan-int12 Vlan-int12 Vlan-int12 Vlan-int12 CE 1 CE 2 AS 65001 Device AS 65002 Interface IP address Device Interface IP address CE 1 Vlan-int12 2001:1::1/96 CE 2 Vlan-int12 2001:2::1/96 PE 1 Loop0 1.1.1.9/32 PE 2 Loop0 4.4.4.
system-view [ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls ldp [ASBR-PE1-ldp] quit [ASBR-PE1] interface vlan-interface 11 [ASBR-PE1-Vlan-interface11] mpls enable [ASBR-PE1-Vlan-interface11] mpls ldp enable [ASBR-PE1-Vlan-interface11] quit # Configure basic MPLS on ASBR-PE 2, and enable MPLS LDP for the interface connected to PE 2. system-view [ASBR-PE2] mpls lsr-id 3.3.3.
system-view [CE2] interface vlan-interface 12 [CE2-Vlan-interface12] ipv6 address 2001:2::1 96 [CE2-Vlan-interface12] quit # Configure PE 2.
[PE1] bgp 100 [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 2001:1::1 as-number 65001 [PE1-bgp-vpn1] ipv6-family unicast [PE1-bgp-ipv6-vpn1] peer 2001:1::1 enable [PE1-bgp-ipv6-vpn1] import-route direct [PE1-bgp-ipv6-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 2. [CE2] bgp 65002 [CE2-bgp] peer 2001:2::2 as-number 200 [CE2-bgp] ipv6-family [CE2-bgp-ipv6] peer 2001:2::2 enable [CE2-bgp-ipv6] import-route direct [CE2-bgp-ipv6] quit [CE2-bgp] quit # Configure PE 2.
[ASBR-PE1-bgp] ipv6-family vpnv6 [ASBR-PE1-bgp-vpnv6] peer 1.1.1.9 enable [ASBR-PE1-bgp-vpnv6] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ip vpn-instance vpn1 [ASBR-PE2-bgp-vpn1] peer 2002:1::1 as-number 100 [ASBR-PE2-bgp-vpn1] ipv6-family unicast [ASBR-PE2-bgp-ipv6-vpn1] peer 2002:1::1 enable [ASBR-PE2-bgp-ipv6-vpn1] quit [ASBR-PE2-bgp-vpn1] quit [ASBR-PE2-bgp] peer 4.4.4.9 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.
Figure 57 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 Loop1 2001:1::1/128 Loop1 2001:1::2/12 8 Vlan-int11 9.1.1.2/8 Loop0 4.4.4.9/32 ASBR-PE 1 Vlan-int11 1.1.1.2/8 Loop0 3.3.3.9/32 Vlan-int11 1.1.1.1/8 Vlan-int11 9.1.1.1/8 Vlan-int12 11.0.0.2/8 Vlan-int12 11.0.0.1/8 ASBR-PE 2 Configuration procedure 1. Configure PE 1: # Run IS-IS on PE 1. system-view [PE1] isis 1 [PE1-isis-1] network-entity 10.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Configure interface Loopback 1, and bind the interface to VPN instance vpn1. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ipv6 address 2001:1::1 128 [PE1-LoopBack1] quit # Start BGP.
[ASBR-PE1] interface vlan-interface 11 [ASBR-PE1-Vlan-interface11] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-Vlan-interface11] isis enable 1 [ASBR-PE1-Vlan-interface11] mpls enable [ASBR-PE1-Vlan-interface11] mpls ldp enable [ASBR-PE1-Vlan-interface11] quit # Configure interface VLAN-interface 12, and enable MPLS on it. [ASBR-PE1] interface vlan-interface 12 [ASBR-PE1-Vlan-interface12] ip address 11.0.0.2 255.0.0.
[ASBR-PE1-bgp] quit 3. Configure ASBR-PE 2: # Start IS-IS on ASBR-PE 2. system-view [ASBR-PE2] isis 1 [ASBR-PE2-isis-1] network-entity 10.333.333.333.333.00 [ASBR-PE2-isis-1] quit # Configure an LSR ID, and enable MPLS and LDP. [ASBR-PE2] mpls lsr-id 4.4.4.9 [ASBR-PE2] mpls ldp [ASBR-PE2-ldp] quit # Configure interface VLAN-interface 11, and enable IS-IS, MPLS, and LDP on the interface. [ASBR-PE2] interface vlan-interface 11 [ASBR-PE2-Vlan-interface11] ip address 9.1.1.1 255.0.0.
# Redistribute routes from IS-IS process 1 [ASBR-PE2-bgp-ipv4] import-route isis 1 [ASBR-PE2-bgp-ipv4] quit # Apply routing policy policy1 to routes advertised to EBGP peer 11.0.0.2. [ASBR-PE2-bgp] peer 11.0.0.2 as-number 100 [ASBR-PE2-bgp] ipv6-family unicast [ASBR-PE2-bgp-ipv4] peer 11.0.0.2 enable [ASBR-PE2-bgp-ipv4] peer 11.0.0.2 route-policy policy1 export # Enable the capability to advertise labeled routes to and receive labeled routes from EBGP peer 11.0.0.2. [ASBR-PE2-bgp-ipv4] peer 11.0.0.
# Start BGP on PE 2. [PE2] bgp 600 # Configure the capability to advertise labeled routes to IBGP peer 4.4.4.9 and to receive labeled routes from the peer. [PE2-bgp] peer 4.4.4.9 as-number 600 [PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE2-bgp] ipv6-family unicast [PE2-bgp-ipv4] peer 4.4.4.9 enable [PE2-bgp-ipv4] peer 4.4.4.9 label-route-capability [PE2-bgp-ipv4] quit # Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10. [PE2-bgp] peer 2.2.2.9 as-number 100 [PE2-bgp] peer 2.2.
• CE 1 and CE 2 are the customer carrier's switches. They connect to the provider carrier's backbone as CE switches. • PE 3 and PE 4 are the customer carrier's PE switches. They provide IPv6 MPLS L3VPN services for end customers. • CE 3 and CE 4 are customers of the customer carrier. The key to the carrier's carrier deployment is to configure exchange of two kinds of routes: • Exchange of the customer carrier's internal routes on the provider carrier's backbone.
[PE1-LoopBack0] quit [PE1] mpls lsr-id 3.3.3.9 [PE1] mpls ldp [PE1-ldp] quit [PE1] isis 1 [PE1-isis-1] network-entity 10.0000.0000.0000.0004.00 [PE1-isis-1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip address 30.1.1.
Interface: Vlan-interface12 State: Up HoldTime: Circuit Id: 0000.0000.0005.02 8s Type: L1(L1L2) PRI: 64 System Id: 0000.0000.0005 Interface: Vlan-interface12 State: Up 2. HoldTime: Circuit Id: 0000.0000.0005.02 8s Type: L2(L1L2) PRI: 64 Configure the customer carrier network. Start IS-IS as the IGP, and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2: # Configure PE 3. system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 1.1.1.
[CE1-Vlan-interface12] mpls ldp transport-address interface [CE1-Vlan-interface12] quit After the configurations, PE 3 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them. # Configure PE 4 and CE 2 in the same way that PE 3 and CE 1 are configured. (Details not shown.) 3. Connect the customer carrier to the provider carrier: # Configure PE 1.
4. Connect end customers to the customer carrier: # Configure CE 3. system-view [CE3] interface vlan-interface11 [CE3-Vlan-interface11] ipv6 address 2001:1::1 96 [CE3-Vlan-interface11] quit [CE3] bgp 65410 [CE3-bgp] peer 2001:1::2 as-number 100 [CE3-bgp] ipv6-family [CE3-bgp-ipv6] peer 2001:1::2 enable [CE3-bgp-ipv6] import-route direct [CE3-bgp-ipv6] quit [CE3-bgp] quit # Configure PE 3.
# Execute the display ip routing-table command on PE 1 and PE 2. The output shows that only routes of the provider carrier network are present in the public network routing table of PE 1 and PE 2. Take PE 1 as an example: [PE1] display ip routing-table Routing Tables: Public Destinations : 7 Destination/Mask Proto 3.3.3.9/32 4.4.4.9/32 30.1.1.0/24 30.1.1.1/32 Routes : 7 Pre Cost NextHop Interface Direct 0 0 127.0.0.1 InLoop0 ISIS 10 30.1.1.2 Vlan12 Direct 0 0 30.1.1.
11.1.1.2/32 Direct 0 0 11.1.1.2 Vlan11 20.1.1.0/24 ISIS 15 74 11.1.1.2 Vlan11 21.1.1.0/24 ISIS 15 74 11.1.1.2 Vlan11 21.1.1.2/32 ISIS 15 74 11.1.1.2 Vlan11 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 # Execute the display ipv6 routing-table vpn-instance command on PE 3 and PE 4. The output shows that the remote VPN route is present in the VPN routing table.
Configuring MPLS L2VPN MPLS L2VPN provides point-to-point and point-to-multipoint connections. This chapter describes only the MPLS L2VPN technologies that provide point-to-point connections. For information about the MPLS L2VPN technologies that provide point-to-multipoint connections, see "Configuring VPLS." Overview MPLS L2VPN is an implementation of Pseudo Wire Emulation Edge-to-Edge (PWE3). It offers Layer 2 VPN services over an MPLS or IP backbone.
MPLS L2VPN connection establishment To set up an MPLS L2VPN connection: 1. Set up a public tunnel to carry one or more PWs between PEs: The public tunnel can be an LSP, MPLS TE, or GRE tunnel. If multiple public tunnels exist between two PEs, you can configure a tunnel policy to control tunnel selection. For more information about tunnel policies, see "Configuring tunnel policies." If a PW is established over an LSP or MPLS TE tunnel, packets on the PW have two labels.
Figure 60 Packet encapsulation PW redundancy PW redundancy provides redundant links between PEs so that the customer networks can communicate when the path over one PW fails. As shown in Figure 61, PE 1 establishes two PWs (one primary and one backup). The CEs communicate through the primary PW. When the primary PW fails, PE 1 brings up the backup PW and forwards packets from CE 1 to CE 2 through the backup PW.
Multi-segment PW A multi-segment PW comprises multiple concatenated static or dynamic PWs. Creating two PWs for a cross-connect on a PE can concatenate the two PWs. Upon receiving a packet from one PW, the PE removes the tunnel ID and PW label of the packet, adds the PW label of the other PW, and forwards the packet over the public tunnel. As shown in Figure 62, you can create a multi-segment PW between PE 1 and PE 4 by concatenating PW 1 and PW 2 on PE 2, and PW 2 and PW 3 on PE 3.
Figure 63 Intra-domain multi-segment PW MPLS or IP backbone PW 1 CE 1 PE 1 PE 2 Tunnel PE 3 Tunnel PW PW 2 PE 4 CE 2 Inter-domain multi-segment PW An inter-domain multi-segment PW includes concatenated PWs in different ASs. It is a method for inter-AS option B networking. As shown in Figure 64, you can create an inter-domain multi-segment PW between PE 1 and PE 2 in different ASs by concatenating PW 1 and PW 2 on ASBR 1 and concatenating PW 2 and PW 3 on ASBR 2.
• Remote connection—To create a remote connection, configure an AC, configure a PW in cross-connect view, and bind the AC with the PW in cross-connect view. • Multi-segment PW—To create a multi-segment PW, configure two PWs and bind the two PWs in cross-connect view. To configure MPLS L2VPN on a PE: Tasks at a glance Remarks (Required.) Enabling L2VPN N/A (Required.) Configuring an AC: Choose either task depending on the AC type.
Configuring a Layer 2 Ethernet interface Configure the Layer 2 Ethernet interface connected to the CE to create a Layer 2 link between the PE and CE. The Layer 2 interface type determines the access mode of the AC. On the Layer 2 Ethernet interface, you can use the access-mode keyword of the ac interface command to specify the access mode as Ethernet (the default) or VLAN.
Step Command Remarks The default MTU is 1500 bytes. 6. Configure an MTU for the cross-connect. The two PEs at the ends of an LDP PW must have the same MTU on the cross-connect. Otherwise, the PW cannot go up. mtu mtu Configuring a PW Configuring a PW class You can configure PW attributes such as the PW type in a PW class. PWs with the same attributes can reference the same PW class. To configure a PW class: Step Command Remarks 1. Enter system view. system-view N/A 2.
Step Command Remarks 2. Enter cross-connect group view. xconnect-group group-name N/A 3. Enter cross-connect view. connection connection-name N/A By default, no LDP PW is configured. Configure an LDP PW and enter PW view. 4.
Configure static PW redundancy Step Command Remarks 1. Enter system view. system-view N/A 2. Enter cross-connect group view. xconnect-group group-name N/A 3. Enter cross-connect view. connection connection-name N/A 4. (Optional.) Specify whether to switch traffic from the backup PW to the primary PW when the primary PW recovers, and specify the wait time for the switchover.
Step 8. Manually switch traffic to the backup PW of the specified PW. Command Remarks l2vpn switchover peer ip-address pw-id pw-id N/A Displaying and maintaining MPLS L2VPN Task Command Remarks Display LDP PW label information. display l2vpn ldp [ peer ip-address [ pw-id pw-id ] | xconnect-group group-name ] [ verbose ] Available in any view. Display cross-connect forwarding information (in standalone mode).
Figure 65 Network diagram Device Interface PE 1 PE 2 IP address Device Interface IP address Loop0 192.2.2.2/32 P Loop0 192.4.4.4/32 Vlan-int20 10.1.1.1/24 Vlan-int30 10.2.2.2/24 Loop0 192.3.3.3/32 Vlan-int20 10.1.1.2/24 Vlan-int30 10.2.2.1/24 Configuration procedure Before you perform the following configurations, configure VLANs and add ports to VLANs on switches. 1.
[PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 192.2.2.2 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Create the service instance 10 on Ten-GigabitEthernet 1/0/1 to match packets with VLAN ID 10.
[P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit 4. Configure PE 2: # Configure an LSR ID. system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 192.3.3.3 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 192.3.3.3 # Enable L2VPN. [PE2] l2vpn enable # Enable global LDP.
5. Configure CE 2: system-view [CE2] interface ten-gigabitethernet 1/0/1 [CE2-Ten-GigabitEthernet1/0/1] port link-type trunk [CE2-Ten-GigabitEthernet1/0/1] port trunk permit vlan 10 [CE2-Ten-GigabitEthernet1/0/1] quit Verify the configuration # Display L2VPN PW information on PE 1. The output shows that a static PW has been established.
Figure 66 Network diagram Device Interface PE 1 PE 2 IP address Device Interface IP address Loop0 192.2.2.2/32 P Loop0 192.4.4.4/32 Vlan-int20 10.1.1.1/24 Vlan-int20 10.1.1.2/24 Loop0 192.3.3.3/32 Vlan-int30 10.2.2.2/24 Vlan-int30 10.2.2.1/24 Configuration procedure Before you perform the following configurations, configure VLANs and add ports to VLANs on switches. 1.
[PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 192.2.2.2 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Create the service instance 10 on Ten-GigabitEthernet 1/0/1 to match packets with VLAN ID 10.
[P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit 4. Configure PE 2: # Configure an LSR ID. system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 192.3.3.3 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 192.3.3.3 # Enable L2VPN. [PE2] l2vpn enable # Enable global LDP.
5. Configure CE 2: system-view [CE2] interface ten-gigabitethernet 1/0/1 [CE2-Ten-GigabitEthernet1/0/1] port link-type trunk [CE2-Ten-GigabitEthernet1/0/1] port trunk permit vlan 10 [CE2-Ten-GigabitEthernet1/0/1] quit Verify the configuration # Display L2VPN PW information on PE 1. The output shows that an LDP PW has been established.
Figure 67 Network diagram Device Interface IP address Device Interface CE 1 Vlan-int10 100.1.1.1/24 P Loop0 192.4.4.4/32 PE 1 Loop0 192.2.2.2/32 Vlan-int23 23.1.1.2/24 Vlan-int23 23.1.1.1/24 Vlan-int26 26.2.2.2/24 Vlan-int10 100.1.1.2/24 CE 2 PE 2 IP address Loop0 192.3.3.3/32 Vlan-int26 26.2.2.1/24 Configuration procedure Before you perform the following configurations, configure VLANs and add ports to VLANs on CEs. 1.
[PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 23.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 192.2.2.2 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Create a service instance on Ten-GigabitEthernet 1/0/1 connected to CE 1.
[P-ospf-1-area-0.0.0.0] network 26.2.2.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit 4. Configure PE 2: system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 192.3.3.3 32 [PE2-LoopBack0] quit # Configure an LSR ID. [PE2] mpls lsr-id 192.3.3.3 # Enable L2VPN. [PE2] l2vpn enable # Enable global LDP. [PE2] mpls ldp [PE2-ldp] quit # Configure VLAN-interface 26 connected to the P device and enable LDP on the interface.
[CE2] interface vlan-interface 10 [CE2-Vlan-interface10] ip address 100.1.1.2 24 [CE2-Vlan-interface10] quit Verify the configuration # Display L2VPN PW information on PE 1. The output shows that an LDP PW has been established. [PE1] display l2vpn pw Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon Total number of PWs: 1, 1 up, 0 blocked, 0 down, 0 defect Xconnect-group Name: vpn1 Peer PW ID In/Out Label 192.3.3.
Figure 68 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan-int10 100.1.1.1/24 PE 2 Loop0 2.2.2.2/32 PE 1 Loop0 1.1.1.1/32 Vlan-int10 - Vlan-int12 12.1.1.2/24 Loop0 3.3.3.3/32 CE 2 Vlan-int10 - Vlan-int12 12.1.1.1/24 Vlan-int13 13.1.1.1/24 Vlan-int10 - Vlan-int10 100.1.1.2/24 Vlan-int13 13.1.1.3/24 PE 3 Configuration procedure Before you perform the following configurations, configure VLANs and add ports to VLANs on switches. 1.
[PE1-Vlan-interface12] quit [PE1] interface vlan-interface 13 [PE1-Vlan-interface12] ip address 13.1.1.1 24 [PE1-Vlan-interface12] mpls enable [PE1-Vlan-interface12] mpls ldp enable [PE1-Vlan-interface12] quit # Configure OSPF on PE 1 for LDP to create LSPs. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Enable L2VPN.
[PE2-Vlan-interface12] ip address 12.1.1.2 24 [PE2-Vlan-interface12] mpls enable [PE2-Vlan-interface12] mpls ldp enable [PE2-Vlan-interface12] quit # Configure OSPF on PE 2 for LDP to create LSPs. [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit # Enable L2VPN.
[PE3] ospf [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] quit [PE3-ospf-1] quit # Enable L2VPN. [PE3] l2vpn enable # Create the service instance 10 on Ten-GigabitEthernet 1/0/1 to match packets with VLAN ID 10.
In Label : 65662 Out Label: 65660 Wait to Restore Time: 0 sec MTU : 1500 PW Attributes : Main Tunnel Group ID : 0x1800000760000005 Tunnel NHLFE IDs : 133 Peer: 3.3.3.3 PW ID: 30 Signaling Protocol : LDP Link ID : 1 PW State : Blocked In Label : 65659 Out Label: 65655 MTU : 1500 PW Attributes : Backup Tunnel Group ID : 0x1800000860000006 Tunnel NHLFE IDs : 135 # Display L2VPN PW information on PE 2. The output shows that an LDP PW has been established.
Total number of PWs: 2, 1 up, 1 blocked, 0 down, 0 defect Xconnect-group Name: vpna Peer PW ID In/Out Label Proto Flag Link ID State 2.2.2.2 20 65662/65660 LDP M 1 Blocked 3.3.3.3 30 65659/65655 LDP B 1 Up # CE 1 and CE 2 can ping each other. [CE1] ping 100.1.1.2 PING 100.1.1.2 (100.1.1.2): 56 data bytes 56 bytes from 100.1.1.2: icmp_seq=0 ttl=255 time=4.000 ms 56 bytes from 100.1.1.2: icmp_seq=1 ttl=255 time=9.000 ms 56 bytes from 100.1.1.2: icmp_seq=2 ttl=255 time=3.
Configuration procedure Before you perform the following configurations, configure VLANs and add ports to VLANs on CEs. 1. Configure CE 1: system-view [CE1] interface vlan-interface 10 [CE1-Vlan-interface10] ip address 100.1.1.1 24 [CE1-Vlan-interface10] quit 2. Configure PE 1: system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.2.2.2 32 [PE1-LoopBack0] quit # Configure an LSR ID. [PE1] mpls lsr-id 192.2.2.2 # Enable L2VPN.
# Create a cross-connect group named vpn1, create a cross-connect named ldpsvc in the group, and create an LDP PW and a static PW for the cross-connect to form a multi-segment PW that includes the two PWs. [P] xconnect-group vpn1 [P-xcg-vpn1] connection ldpsvc [P-xcg-vpn1-ldpsvc] peer 192.2.2.2 pw-id 1000 [P-xcg-vpn1-ldpsvc-192.2.2.2-1000] quit [P-xcg-vpn1-ldpsvc] peer 192.3.3.3 pw-id 1000 in-label 100 out-label 200 [P-xcg-vpn1-ldpsvc-192.3.3.3-1000] quit [P-xcg-vpn1-ldpsvc] quit [P-xcg-vpn1] quit 4.
Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon Total number of PWs: 2, 2 up, 0 blocked, 0 down, 0 defect Xconnect-group Name: vpn1 Peer PW ID In/Out Label 192.2.2.2 1000 65669/65655 192.3.3.3 1000 100/200 Proto Flag LDP Link ID M Static M 0 1 State Up Up # Display L2VPN PW information on PE 1. The output shows that a PW has been created.
Figure 70 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan-int10 100.1.1.1/24 ASBR 1 Loop0 192.2.2.2/32 PE 1 Loop0 192.1.1.1/32 Vlan-int23 23.1.1.2/24 Vlan-int23 23.1.1.1/24 PE 2 Loop0 192.4.4.4/32 Vlan-int22 CE 2 Vlan-int10 Vlan-int26 26.2.2.2/24 Loop0 192.3.3.3/32 22.2.2.1/24 Vlan-int26 26.2.2.3/24 100.1.1.2/24 Vlan-int22 22.2.2.
# Configure OSPF on PE 1 for LDP to create LSPs. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 23.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 192.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Create a service instance on Ten-GigabitEthernet 1/0/1 connected to CE 1.
# Configure OSPF on ASBR 1 for LDP to create LSPs. [ASBR1] ospf [ASBR1-ospf-1] area 0 [ASBR1-ospf-1-area-0.0.0.0] network 23.1.1.2 0.0.0.255 [ASBR1-ospf-1-area-0.0.0.0] network 192.2.2.2 0.0.0.0 [ASBR1-ospf-1-area-0.0.0.0] quit [ASBR1-ospf-1] quit # Configure BGP to advertise labeled routes on ASBR1. [ASBR1] bgp 100 [ASBR1-bgp] peer 26.2.2.3 as-number 200 [ASBR1-bgp] address-family ipv4 unicast [ASBR1-bgp-ipv4] import-route direct [ASBR1-bgp-ipv4] peer 26.2.2.3 enable [ASBR1-bgp-ipv4] peer 26.2.2.
[ASBR2-Vlan-interface22] quit # Configure VLAN-interface 26 connected to ASBR 1 and enable LDP on the interface. [ASBR2] interface vlan-interface 26 [ASBR2-Vlan-interface26] ip address 26.2.2.3 24 [ASBR2-Vlan-interface26] mpls enable [ASBR2-Vlan-interface26] quit # Configure OSPF on ASBR 2 for LDP to create LSPs. [ASBR2] ospf [ASBR2-ospf-1] area 0 [ASBR2-ospf-1-area-0.0.0.0] network 22.2.2.3 0.0.0.255 [ASBR2-ospf-1-area-0.0.0.0] network 192.3.3.3 0.0.0.0 [ASBR2-ospf-1-area-0.0.0.
[PE2-ldp] quit # Configure VLAN-interface 22 connected to ASBR 1 and enable LDP on the interface. [PE2] interface vlan-interface 22 [PE2-Vlan-interface22] ip address 22.2.2.1 24 [PE2-Vlan-interface22] mpls enable [PE2-Vlan-interface22] mpls ldp enable [PE2-Vlan-interface22] quit # Configure OSPF on PE 2 for LDP to create LSPs. [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 22.2.2.1 0.0.0.255 [PE2-ospf-1-area-0.0.0.
[ASBR1] display l2vpn pw Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon Total number of PWs: 2, 2 up, 0 blocked, 0 down, 0 defect Xconnect-group Name: vpn1 Peer PW ID In/Out Label Proto Flag Link ID State 192.1.1.1 1000 65659/65661 LDP M 0 Up 192.3.3.3 1000 65658/65661 LDP M 1 Up # Display L2VPN PW information on ASBR 2. The output shows that two PWs have been created to form a multi-segment PW.
Configuring VPLS Overview Virtual Private LAN Service (VPLS) provides point-to-multipoint L2VPN services over an MPLS or IP backbone. The provider backbone emulates a switch to connect all geographically dispersed sites of each customer network. The backbone is transparent to the customer sites and the sites can communicate with each other as if they were on the same LAN.
single Layer 2 VPN, which is referred to as a "VPLS instance." Sites in different VPLS instances cannot communicate with each other at Layer 2. • VSI—A virtual switch instance provides Layer 2 switching services for a VPLS instance on a PE. A VSI acts as a virtual switch that has all the functions of a conventional Ethernet switch, including source MAC address learning, MAC address aging, and flooding. VPLS uses VSIs to forward Layer 2 data packets in VPLS instances.
Figure 72 Source MAC address learning on a PE If no packet is received from a MAC address before the aging timer expires, VPLS deletes the MAC address to save MAC address table resources. When an AC or a PW goes down, the PE deletes MAC addresses on the AC or PW and sends an LDP address withdrawal message to notify all other PEs in the VPLS instance to delete those MAC addresses for fast convergence of the MAC address table.
PW full mesh and split horizon A loop prevention protocol such as STP is required in a Layer 2 network to avoid loops. However, deploying a loop prevention protocol on PEs brings management and maintenance difficulties. Therefore, VPLS uses the following methods to prevent loops: • Full mesh—Every two PEs in a VPLS instance must establish a PW to create a full mesh of PWs among PEs in the VPLS instance.
This chapter describes only VPLS configurations on a PE. For more information about other configurations, see specific configuration guides. To configure VPLS on a PE, perform the following tasks: Tasks at a glance Remarks (Required.) Enabling L2VPN N/A (Required.) Configuring an AC N/A (Required.) Configuring a VSI N/A Configuring a PW: • (Optional.) Configuring a PW class • (Required.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Layer 2 Ethernet interface view. interface interface-type interface-number N/A 3. Create a service instance and enter service instance view. service-instance instance-id By default, no service instance is created. • Match all incoming packets: encapsulation default • Match incoming packets with 4. Configure match criteria for the service instance.
Configuring a static PW Step Command Remarks 1. Enter system view. system-view N/A 2. Enter VSI view. vsi vsi-name N/A 3. Configure the VSI to establish a static PW, and enter VSI static view. pwsignaling static By default, no PW signaling protocol is specified. Configure a VPLS PW and enter VSI static PW view. peer ip-address pw-id pw-id in-label label-value out-label label-value [ pw-class class-name | tunnel-policy tunnel-policy-name ] * By default, no VPLS PW is configured. 4.
Step Command Remarks 2. Enter Layer 2 Ethernet interface view. interface interface-type interface-number N/A 3. Create an Ethernet service instance and enter Ethernet service instance view. service-instance instance-id By default, no Ethernet service instance exist on a Layer 2 Ethernet interface. Bind the Ethernet service instance to a VSI. xconnect vsi vsi-name [ access-mode { ethernet | vlan } ] * By default, a service instance is not bound to any VSI. 4.
Configuring a dual-homed PE with redundant LDP PWs Step Command Remarks 1. Enter system view. system-view N/A 2. Enter VSI view. vsi vsi-name N/A 3. Configure the VSI to LDP to establish PWs, and enter VSI LDP view. pwsignaling ldp By default, no PW signaling protocol is specified for the VSI. (Optional.) Specify whether to switch traffic from the backup PW to the primary PW when the primary PW recovers, and the wait time for the switchover.
Task Command Display L2VPN forwarding information (in IRF mode). display l2vpn forwarding { ac | pw } [ vsi vsi-name ] [ chassis chassis-number slot slot-number ] [ verbose ] Display MAC address table information for one or all VSIs. display l2vpn mac-address [ vsi vsi-name ] [ dynamic ] [ count ] Display L2VPN PW information. display l2vpn pw [ vsi vsi-name ] [ ldp | static ] [ verbose ] Display PW class information.
[PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.9 # Enable L2VPN. [PE1] l2vpn enable # Enable global LDP. [PE1] mpls ldp [PE1-ldp] quit # Configure VLAN-interface 20 connected to PE 2 and enable LDP on the interface. [PE1] interface vlan-interface 20 [PE1-Vlan-interface20] ip address 20.1.1.
# Configure an LSR ID. system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 2.2.2.9 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 2.2.2.9 # Enable L2VPN. [PE2] l2vpn enable # Enable global LDP. [PE2] mpls ldp [PE2-ldp] quit # Configure VLAN-interface 20 connected to PE 1 and enable LDP on the interface. [PE2] interface vlan-interface 20 [PE2-Vlan-interface20] ip address 20.1.1.
3. Configure PE 3: # Configure an LSR ID. system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 3.3.3.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 3.3.3.9 # Enable L2VPN. [PE3] l2vpn enable # Enable global LDP. [PE3] mpls ldp [PE3-ldp] quit # Configure VLAN-interface 30 connected to PE 1 and enable LDP on the interface. [PE3] interface vlan-interface 30 [PE3-Vlan-interface30] ip address 30.1.1.
[PE3-Ten-GigabitEthernet1/0/1-srv10] quit Verifying the configuration # Execute the display l2vpn pw verbose command on PE 1. The output shows two static PWs in up state have been established. [PE1] display l2vpn pw verbose VSI Name: svc Peer: 2.2.2.9 PW ID: 3 Signaling Protocol : Static Link ID : 8 PW State : Up In Label : 100 Out Label: 100 MTU : 1500 PW Attributes : Main Tunnel Group ID : 0x1800000760000005 Tunnel NHLFE IDs : 133 Peer: 3.3.3.
# Configure basic MPLS. system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls ldp [PE1-ldp] quit # Enable L2VPN. [PE1] l2vpn enable # Configure VSI aaa that uses LDP as the PW signaling protocol, and establish a PW with PE 2 and PE 3, respectively. [PE1] vsi aaa [PE1-vsi-aaa] pwsignaling ldp [PE1-vsi-aaa-ldp] peer 3.3.3.9 pw-id 500 [PE1-vsi-aaa-ldp-3.3.3.9-500] quit [PE1-vsi-aaa-ldp] peer 2.2.2.
[PE2-vsi-aaa-ldp] quit [PE2-vsi-aaa] quit # Create service instance 10 on Ten-GigabitEthernet1/0/1, and bind the service instance to the VSI aaa. [PE2] interface ten-gigabitethernet 1/0/1 [PE2-Ten-GigabitEthernet1/0/1] service-instance 1000 [PE2-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 100 [PE2-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi aaa [PE2-Ten-GigabitEthernet1/0/1-srv1000] quit [PE2-Ten-GigabitEthernet1/0/1] quit 4. Configure PE 3: # Configure basic MPLS.
Link ID : 8 PW State : Up In Label : 131090 Out Label: 131089 MTU : 1500 PW Attributes : Main Tunnel Group ID : 0x1800000760000005 Tunnel NHLFE IDs : 133 Peer: 2.2.2.9 PW ID: 500 Signaling Protocol : LDP Link ID : 9 PW State : Up In Label : 131091 Out Label: 131092 MTU : 1500 PW Attributes : Main Tunnel Group ID : 0x1800000860000006 Tunnel NHLFE IDs : 135 [PE2] display l2vpn pw verbose VSI Name: aaa Peer: 1.1.1.
Tunnel Group ID : 0x1800000760000008 Tunnel NHLFE IDs : 137 277
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index AC routing information (MPLS L3VPN), 90 MPLS L2VPN AC configuration, 227 aging MAC address (VPLS), 261 MPLS L2VPN AC Layer 2 interface, 228 architecture MPLS L2VPN AC service instance on Layer 2 Ethernet interface, 228 VPLS, 260 AS MPLS L2VPN AC/cross-connect binding, 230 IPv6 MPLS L3VPN configuration, 189 MPLS L2VPN attachment circuit (AC), 222 VPLS architecture, 260 inter-AS IPv6 VPN IPv6 MPLS L3VPN inter-AS IPv6 VPN option C configuration, 190 VPLS configuration, 264 VPLS Layer 3 Ethe
AS number substitution (MPLS L3VPN), 104 MPLS L3VPN inter-AS VPN option C ASBR routing policy, 117 MPLS L3VPN inter-AS configuration, 116 VPN option BGP extended attributes (MPLS L3VPN), 3 C configuring AS number substitution (MPLS L3VPN), 120 AS number substitution IPv6 MPLS L3VPN basic configuration, 182 BGP (MPLS L3VPN), 104 IPv6 MPLS L3VPN carrier's carrier configuration, 214 configuring BGP (MPLS L3VPN), 120 IPv6 MPLS L3VPN configuration, 180, 181, 192 ASBR IPv6 MPLS L3VPN inter-AS IPv6 VP
MPLS L3VPN PE/CE IBGP configuration, 111 carrier's carrier IPv6 MPLS L3VPN configuration, 214 MPLS L3VPN PE/CE IS-IS configuration, 109 MPLS L3VPN, 97 MPLS L3VPN PE/CE OSPF configuration, 108 MPLS L3VPN configuration, 150 MPLS L3VPN PE/CE RIP configuration, 108 MPLS L3VPN Level 1 carrier, 97 MPLS L3VPN PE/CE routing configuration, 108 MPLS L3VPN Level 2 carrier, 97 MPLS L3VPN PE/CE static routing configuration, 108 CE MPLS L3VPN PE/PE routing configuration, 112 IPv6 MPLS L3VPN BGP VPNv6 route c
IBGP between MCE and VPN site, 12 LDP backoff, 67 IPv6 IS-IS between IPv6 MCE and PE, 36 LDP GR, 73 IPv6 IS-IS between IPv6 MCE and VPN site, 32 LDP Hello parameters, 65 IPv6 MCE, 28 LDP label acceptance control, 77 IPv6 MPLS L3VPN, 180, 181, 192 LDP label acceptance policy, 70 IPv6 MPLS L3VPN basics, 182 LDP label advertisement control, 81 IPv6 MPLS L3VPN BGP VPNv6 route control, 188 LDP label advertisement policy, 69 LDP label distribution control mode, 69 IPv6 MPLS L3VPN carrier's carrier,
MPLS L2VPN PW redundancy, 230 MPLS tunnel policy, 86, 87 MPLS L2VPN static PW, 229, 232 OSPF between MCE and PE, 14 MPLS L2VPN static PW redundancy, 231 OSPF between MCE and VPN site, 8 MPLS L3VPN, 88, 105, 122 OSPFv3 between IPv6 MCE and PE, 36 MPLS L3VPN basics, 105, 122 OSPFv3 between IPv6 MCE and VPN site, 31 MPLS L3VPN BGP AS number substitution, 175 RIP between MCE and PE, 14 MPLS L3VPN BGP VPNv4 route control, 113 RIP between MCE and VPN site, 7 MPLS L3VPN carrier's carrier, 150 RIPng
IPv6 MPLS L3VPN VPN instance interface association, 183 MPLS L2VPN, 222 MPLS L2VPN AC/cross-connect binding, 230 IPv6 MPLS L3VPN VPN instance route related attributes, 183 MPLS L2VPN cross-connect, 228 customer edge device. See CE IPv6 MPLS L3VPN/GRE tunnel configuration, 200 detecting LDP loop detection, 71 LDP configuration, 74 device LDP label acceptance control, 77 customer edge device.
MPLS L3VPN inter-AS VPN option C, 94, 96 LDP peer extended discovery, 60 LDP session parameters mechanism), 66 (Basic MPLS L3VPN PE/CE EBGP configuration, 110 Discovery egress LSR (MPLS), 47 LDP session parameters (Extended Discovery mechanism), 66, 67 enabling L2VPN (VPLS), 264 displaying LDP, 65 IPv6 MCE, 38 LDP globally, 65 LDP, 73 LDP on interface, 65 MCE, 17 MPLS, 50 MPLS, 54 MPLS L2VPN, 227 MPLS L2VPN, 232 MPLS TTL-expired message sending, 53 MPLS L3VPN, 121, 191 Ethernet MPLS tu
hub and spoke MPLS FEC label, 46 MPLS L3VPN networking scheme, 92 forwarding hub-spoke networking equivalence class.
LDP session reset, 73 MPLS L3VPN VPN instance interface association, 106 LSP static configuration, 55, 56 VPN (MPLS L3VPN), 2, 89 MPLS basic configuration, 46, 50 inter-AS VPN IPv4 IPv6 MPLS L3VPN configuration, 189 MPLS L3VPN inter-AS VPN option B, 94, 95 IPv6 MPLS L3VPN option A configuration, 203 MPLS L3VPN inter-AS VPN option C, 94, 96 IPv6 MPLS L3VPN option C configuration, 190, 208 MPLS L3VPN VPN-IPv4 address, 89 IPv6 MPLS L3VPN configuration, 115 MPLS L3VPN.
PE/CE static routing configuration, 185 configuring RIPng between IPv6 MCE and PE, 35 PE/PE routing configuration, 187 configuring RIPng between IPv6 MCE and VPN site, 31 routing information advertisement, 181 VPN instance configuration, 182 configuring routing between IPv6 MCE and PE, 35 VPN instance creation, 182 VPN instance interface association, 183 configuring routing between IPv6 MCE and VPN site, 30 VPN instance route related attributes, 183 configuring VPN instance, 28 IS-IS configuring
switched path. Use LSP label space, 59 switching router. Use LSR loop detection configuration, 71 Label Distribution Protocol. Use LDP LSP establishment, 60 LAN LSP generation policy, 68 MD5 authentication, 68 virtual private LAN service. See VPLS message types, 59 Layer 2 MPLS L2VPN inter-domain multi-segment PW configuration, 253 MPLS VPN. See MPLS L2VPN Layer 3 MPLS L2VPN intra-domain multi-segment PW configuration, 250 MPLS L3VPN.
LSR learning MAC address (VPLS), 261 LDP configuration, 59, 64, 74 level MPLS L3VPN Level 1 carrier, 97 LDP FEC, 59 MPLS L3VPN Level 2 carrier, 97 LDP FEC-label mapping, 59 LDP GR, 63 LFIB FTN map, 47 LDP identifier, 59 ILM, 47 LDP label acceptance control, 77 MPLS control plane, 47 LDP label advertisement control, 81 MPLS forwarding plane, 47 LDP label space, 59 MPLS forwarding process, 49 LDP peer, 59 NHLFE, 47 LDP session, 59 MPLS control plane, 47 link LDP session protection, 72 MPLS
using OSPF to advertise VPN routes to PE, 17 LDP operation, 60 LDP session, 59 MCE (BGP/MPLS VPN), 3 LDP terminology, 59 MCE (MPLS L3VPN), 1 MD5 MCE LDP authentication configuration, 68 associating instance with interface, 5 message configuration examples, 17 configuring, 1 LDP advertisement, 59 configuring EBGP between MCE and PE, 16 LDP discovery, 59 configuring EBGP between MCE and VPN site, 10 LDP notification, 59 LDP session, 59 configuring IBGP between MCE and PE, 16 mode configuring
LDP label distribution, 61 network structure, 222 LDP message types, 59 PW (multi-segment), 225 LDP operation, 60 PW class configuration, 229 LDP session protection, 72 PW configuration, 229 LDP session reset, 73 PW LDP configuration, 229 LFIB, 47 PW LDP redundancy configuration, 231 LSP, 47 PW redundancy, 224 LSP establishment, 48 PW redundancy configuration, 230 LSP static configuration, 55, 56 PW static redundancy configuration, 231 LSR, 47 static PW configuration, 229, 232 MTU config
inter-AS option A configuration, 134 route target attribute (BGP extended attribute), 3 inter-AS option B configuration, 139 routing information advertisement, 90 inter-AS option C configuration, 144 site, 2, 88 inter-AS VPN, 94 specifying VPN label processing mode on egress PE, 120 inter-AS VPN configuration, 115 VPN instance, 2, 89 inter-AS VPN option A configuration, 115 VPN instance configuration, 106 inter-AS VPN option B configuration, 115 VPN instance creation, 106 inter-AS VPN option C
MPLS L3VPN nested VPN configuration, 158 MPLS L2VPN configuration, 226, 232 MPLS L3VPN/GRE tunnel configuration, 130 MPLS L2VPN inter-domain, 226 MPLS L2VPN intra-domain, 225 MPLS TE MPLS L2VPN PW inter-domain multi-segment configuration, 253 IPv6 MPLS L3VPN basic configuration, 182 IPv6 MPLS L3VPN carrier's carrier configuration, 214 MPLS L2VPN PW intra-domain multi-segment configuration, 250 IPv6 MPLS L3VPN configuration, 180, 181, 192 IPv6 MPLS L3VPN configuration, 203 inter-AS option A IPv6
configuring IPv6 IS-IS between IPv6 MCE and VPN site, 32 IPv6 MPLS L3VPN inter-AS IPv6 VPN option C configuration, 190 configuring IPv6 static routing between IPv6 MCE and PE, 35 IPv6 MPLS L3VPN network schemes, 181 IPv6 MPLS L3VPN packet forwarding, 180 configuring IPv6 static routing between IPv6 MCE and VPN site, 30 IPv6 MPLS L3VPN PE/CE EBGP configuration, 186 configuring IS-IS between MCE and PE, 15 IPv6 MPLS L3VPN configuration, 186 configuring IS-IS between MCE and VPN site, 10 PE/CE IPv6
LDP session protection, 72 MPLS L3VPN HoVPN recursion, 102 LDP session reset, 73 MPLS L3VPN HoVPN SPE-UPE, 102 MPLS architecture, 47 MPLS L3VPN inter-AS VPN, 94 MPLS control plane, 47 MPLS L3VPN inter-AS VPN configuration, 115 MPLS egress label type advertisement, 51 MPLS L3VPN inter-AS configuration, 115 VPN option A MPLS L3VPN inter-AS configuration, 115 VPN option B MPLS forwarding process, 49 MPLS L3VPN inter-AS configuration, 116 VPN option C MPLS L2VPN AC Layer 2 interface, 228
MPLS L3VPN VPN instance route related attribute configuration, 107 IPv6 MPLS L3VPN configuration, 208 MPLS L3VPN VPN-IPv4 address, 89 IPv6 MPLS L3VPN/GRE tunnel configuration, 200 MPLS LFIB, 47 option C LDP configuration, 59, 64, 74 MPLS LSP, 47 LDP label acceptance control, 77 MPLS LSP establishment, 48 LDP label advertisement control, 81 MPLS LSR, 47 LDP terminology, 59 MPLS MTU configuration, 51 LSP static configuration, 55, 56 MPLS PHP, 49 MPLS basic concepts, 46 MPLS TTL propagation,
MPLS L2VPN intra-domain multi-segment PW configuration, 250 MPLS L3VPN/GRE tunnel configuration, 130 MPLS tunnel policy configuration, 86, 87 MPLS L2VPN LDP configuration, 240 VPLS architecture, 260 VPLS configuration, 260, 263, 269 PW flexible mode MPLS L2VPN LDP PW redundancy configuration, 244 VPLS implementation, 261 VPLS PW LDP configuration, 273 MPLS L2VPN LDP PW VLAN mode configuration, 236 VPLS PW static configuration, 269 next hop label forwarding entry.
MPLS L2VPN PW redundancy configuration, 230 IPv6 MPLS L3VPN PE/CE OSPFv3 configuration, 185 MPLS L2VPN PW configuration, 231 IPv6 MPLS L3VPN PE/CE RIPng configuration, 185 static redundancy IPv6 MPLS L3VPN PE/CE routing configuration, 184 MPLS L2VPN static PW configuration, 232 packet IPv6 MPLS L3VPN configuration, 185 IPv6 MPLS L3VPN packet forwarding, 180 MPLS control plane, 47 PE/CE static routing MPLS egress label type advertisement, 51 IPv6 MPLS L3VPN PE/PE routing configuration, 187 MPL
configuring EBGP between MCE and VPN site, 10 peer LDP LSR, 59 configuring IBGP between IPv6 MCE and PE, 38 LDP peer maintenance, 60 configuring IBGP between IPv6 MCE and VPN site, 34 LDP session parameters, 66 LDP session protection, 72 configuring IBGP between MCE and PE, 16 penultimate hop popping.
configuring MPLS L2VPN AC, 227 configuring IPv6 MPLS L3VPN PE/CE routing, 184 configuring MPLS L2VPN AC Layer 2 interface, 228 configuring IPv6 MPLS L3VPN PE/CE static routing, 185 configuring MPLS L2VPN AC service instance on Layer 2 Ethernet interface, 228 configuring IPv6 MPLS L3VPN PE/PE routing, 187 configuring MPLS L2VPN AC/cross-connect binding, 230 configuring IPv6 MPLS L3VPN VPN instance, 182 configuring MPLS L2VPN cross-connect, 228 configuring IPv6 MPLS L3VPN VPN instance route related a
configuring MPLS L3VPN inter-AS VPN option B, 115 configuring RIPng between IPv6 MCE and VPN site, 31 configuring MPLS L3VPN inter-AS VPN option C, 116 configuring static LSP, 55, 56 configuring static routing between MCE and PE, 13 configuring MPLS L3VPN inter-AS VPN option C ASBR PE, 117 configuring static routing between MCE and VPN site, 7 configuring MPLS L3VPN inter-AS VPN option C ASBR routing policy, 117 configuring VPLS, 263, 269 configuring MPLS L3VPN inter-AS VPN option C PE, 116 configu
enabling MPLS L2VPN, 227 MPLS L2VPN multi-segment PW, 225 enabling MPLS TTL-expired message sending, 53 MPLS L2VPN pseudowire (PW), 222 MPLS L2VPN PW class configuration, 229 maintaining MPLS L3VPN, 121, 191 MPLS L2VPN PW configuration, 229 maintaining VPLS, 268 MPLS L2VPN PW LDP configuration, 229 resetting LDP session, 73 MPLS L2VPN PW LDP redundancy configuration, 231 specifying MPLS egress label type advertisement, 51 MPLS L2VPN PW redundancy, 224 specifying VPN label processing mode on egre
configuring IPv6 IS-IS between IPv6 MCE and PE, 36 retaining LDP label retention modes, 62 configuring IPv6 IS-IS between IPv6 MCE and VPN site, 32 RIP configuring RIP between MCE and PE, 14 configuring IPv6 static routing between IPv6 MCE and PE, 35 configuring RIP between MCE and VPN site, 7 MPLS L3VPN PE/CE RIP configuration, 108 configuring IPv6 static routing between IPv6 MCE and VPN site, 30 RIPng configuring IS-IS between MCE and PE, 15 configuring RIPng between IPv6 MCE and PE, 35 configur
configuring VPN instance route related attribute (MCE), 5 IPv6 MPLS L3VPN VPN instance interface association, 183 information advertisement (MPLS L3VPN), 90 IPv6 MPLS L3VPN VPN instance route related attributes, 183 IPv6 MPLS L3VPN basic configuration, 182 IPv6 MPLS L3VPN/GRE tunnel configuration, 200 IPv6 MPLS L3VPN BGP VPNv6 route control configuration, 188 MPLS basic configuration, 46, 50 IPv6 MPLS L3VPN carrier's carrier configuration, 214 MPLS forwarding process, 49 IPv6 MPLS L3VPN configurat
MPLS L3VPN networking, 92 MPLS L2VPN PW static configuration, 232 MPLS L3VPN networking (basic), 92 MPLS L2VPN PW configuration, 231 MPLS L3VPN networking (extranet), 93 static redundancy MPLS L3VPN PE/CE static routing configuration, 108 MPLS L3VPN networking (hub and spoke), 92 security VPLS PW static configuration, 266, 269 LDP MD5 authentication, 68 static label switched path.
UPE MPLS L2VPN PW (multi-segment), 225 MPLS L3VPN HoVPN configuration, 119 MPLS L2VPN PW configuration, 229 virtual MPLS L2VPN PW LDP redundancy configuration, 231 private LAN service. See VPLS MPLS L2VPN PW redundancy, 224 switch instance. See VSI MPLS L2VPN PW redundancy configuration, 230 MPLS L2VPN PW configuration, 231 static Virtual Private LAN Service.
VPLS VPLS PW LDP configuration, 273 configuration, 263 VPN VPLS associating instance with interface (IPv6 MCE), 28 L2VPN enable, 264 VPLS associating instance with interface (MCE), 5 AC configuration, 264 BGP AS number substitution (MPLS L3VPN), 104 VPLS BGP SoO (MPLS L3VPN), 104 VSI configuration, 265 configuring BGP AS number substitution (MPLS L3VPN), 120 VPLS PW configuration, 265 configuring dual-homed PE with redundant LDP PWs (VPLS), 268 VPLS PW class configuration, 265 configuring d
configuring IS-IS between MCE and PE, 15 MAC address aging (VPLS), 261 configuring IS-IS between MCE and VPN site, 10 MAC address learning (VPLS), 261 MAC address widthdrawal (VPLS), 261 configuring OSPF between MCE and PE, 14 MPLS L3VPN.
