HP 6600/HSR6600 Routers MPLS Configuration Guide Part number: 5998-1509 Software version: A6602-CMW520-R3103 A6600-CMW520-R3102-RPE A6600-CMW520-R3102-RSE HSR6602_MCP-CMW520-R3102 Document version: 6PW103-20130628
Legal and notice information © Copyright 2013 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Configuring basic MPLS ·············································································································································· 1 Overview············································································································································································ 1 Basic concepts ·········································································································································
Configuring MPLS TE ················································································································································· 38 Overview········································································································································································· 38 Basic concepts ···················································································································································
Configuring FRR ····························································································································································· 75 Enabling FRR on the ingress node of a protected LSP ······················································································· 76 Configuring a bypass tunnel on its PLR ··············································································································· 76 Configuring node protection ··········
Inspecting VCs ····················································································································································· 169 Configuring Kompella MPLS L2VPN ·························································································································· 169 Configuring BGP L2VPN capability ·················································································································· 169 Creating and configuring an MPLS
MPLS L3VPN routing information advertisement ······························································································ 251 Inter-AS VPN ························································································································································ 252 Carrier's carrier ··················································································································································· 255 Nested VPN ·················
IPv6 MPLS L3VPN packet forwarding ··············································································································· 388 IPv6 MPLS L3VPN routing information advertisement ····················································································· 388 IPv6 MPLS L3VPN network schemes and functions·························································································· 389 IPv6 MPLS L3VPN configuration task list ··········································
Configuring basic MPLS Overview Multiprotocol Label Switching (MPLS) enables connection-oriented label switching on connectionless IP networks. It integrates both the flexibility of IP routing and the level of simplicity of Layer 2 switching. MPLS has the following advantages: • MPLS forwards packets according to short- and fixed-length labels, instead of Layer 3 header analysis and complicated routing table lookup, enabling highly-efficient and fast data forwarding on backbone networks.
• S—One bit in length. MPLS supports multiple levels of labels. This field indicates whether a label is at the bottom of the label stack. A value of 1 indicates that the label is at the bottom of the label stack. • TTL—Eight bits in length. Like the homonymous IP header field, it is used to prevent loops. LSR A label switching router (LSR) is a fundamental component on an MPLS network. LSRs support label distribution and label swapping.
MPLS network structure Figure 3 Diagram of the MPLS network structure LSRs in the same routing or administrative domain form an MPLS domain. An MPLS domain consists of the following types of LSRs: • Ingress LSRs receive and label packets coming into the MPLS domain. • Transit LSRs forward packets along LSPs to their egress LERs according to the labels. • Egress LSRs remove labels from packets and forward the packets to their destination networks.
NOTE: In this document, the term "label distribution protocols" refers to all protocols for label distribution. The term "LDP" refers to the RFC 5036 LDP. A dynamic LSP is established in the following procedure: A downstream LSR classifies FECs according to destination addresses. It assigns a label to a FEC, and distributes the FEC-label binding to its upstream LSR, which then establishes an LFIB entry for the FEC according to the binding information.
Figure 5 Label advertisement modes DU mode Ingress 2) Unsolicitely distribute a label mapping for the FEC to the upstream. 1) Unsolicitely distribute a label mapping for a FEC to the upstream. Transit Egress 1) Send a label request for a FEC to the downstream. 2) Send a label request for the FEC to the downstream. DoD mode 4) Distribute a label mapping for the FEC to the upstream upon receiving the request. 3) Distribute a label mapping for the FEC to the upstream upon receiving the request.
Figure 6 Independent label distribution control mode • In ordered mode, an LSR distributes its label binding for a FEC upstream only when it receives a label binding for the FEC from its downstream or it is the egress of the FEC. In Figure 5, label distribution control is in ordered mode. If the label advertisement mode is DU, an LSR distributes a label upstream only when it receives a label binding for the FEC from its downstream.
• Incoming Label Map—ILM maps each incoming label to a set of NHLFEs. It is used to forward labeled packets. When an LSR receives a labeled packet, it looks for the corresponding ILM entry. If the Token value of the ILM entry is not null, the LSR looks for the corresponding NHLFE entry to determine the label operation to be performed. FTN and ILM are associated with NHLFE through Token.
node needs to do two forwarding table lookups to forward a packet: looking up the LFIB twice or looking up the LFIB and the FIB once each. The penultimate hop popping (PHP) feature can pop the label at the penultimate node to relieve the egress of the label operation burden. PHP is configured on the egress node.
{ Extended discovery mechanism—Discovers indirectly connected LDP peers and establishes targeted hello adjacencies. An LSR periodically sends LDP Hello messages to a given IP address so that the LSR with the IP address can discover the LDP peer.
Protocols • RFC 3031, Multiprotocol Label Switching Architecture • RFC 3032, MPLS Label Stack Encoding • RFC 5036, LDP Specification MPLS configuration task list Task Remarks Enabling the MPLS function Required. Configuring a static LSP Required. Establishing dynamic LSPs through LDP Maintaining LDP sessions Managing and optimizing MPLS forwarding Configuring MPLS statistics collection and reading Inspecting LSPs Configuring MPLS LDP capability Required.
Task Remarks Enabling MPLS trap Optional. Enabling the MPLS function In an MPLS domain, you must enable MPLS on all routers before you can configure other MPLS features. Before you enable MPLS, complete the following tasks: • Configure link layer protocols to ensure the connectivity at the link layer. • Assign IP addresses to interfaces so that all neighboring nodes can reach each other at the network layer. • Configure static routes or an IGP protocol for the LSRs to communicate with each other.
Make sure the ingress LSR has a route to the FEC destination. This is not required on the transit LSRs and egress LSR. • Configuration guidelines Follow these guidelines when you configure a static LSP: • Do not specify a P2MP interface (such as a P2MP-type ATM subinterface or frame relay subinterface) as the outgoing interface. Otherwise, the static LSP cannot be up.
Step Command Remarks Optional. By default, the LDP LSR ID is the same as the MPLS LSR ID. You need to perform this task only in a multi-VPN context to make sure that different LDP instances have different LDP LSR IDs if their address spaces overlap. Otherwise, TCP connections cannot be established. 3. Configure the LDP LSR ID. lsr-id lsr-id 4. Return to system view. quit N/A 5. Enter interface view. interface interface-type interface-number N/A 6. Enable LDP capability for the interface.
Step Command Remarks Optional. Configure the LDP transport address. 5. mpls ldp transport-address { ip-address | interface } The default takes the value of the MPLS LSR ID. The specified IP address must be the IP address of an interface on the device. Configuring remote LDP session parameters LDP sessions established between remote LDP peers are remote LDP sessions. Remote LDP sessions are mainly used in Martini MPLS L2VPN, Martini VPLS, and MPLS LDP over MPLS TE.
Step Set the targeted Keepalive timer. 6. Command Remarks mpls ldp timer keepalive-hold value Optional. The default value is 45 seconds. Optional. Configure the LDP transport address. 7. mpls ldp transport-address ip-address The default takes the value of the MPLS LSR ID. The specified IP address must be the IP address of an interface on the device.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter MPLS view. mpls N/A Optional. By default, only host routes with 32-bit masks can trigger establishment of LSPs. 3. Configure the LSP establishment triggering policy. lsp-trigger [ vpn-instance vpn-instance-name ] { all | ip-prefix prefix-name } If the vpn-instance vpn-instance-name option is specified, the command configures an LSP establishment triggering policy for the specified VPN.
Configuring LDP loop detection LSPs established in an MPLS domain might be looping. The LDP loop detection mechanism can detect looping LSPs and prevent LDP messages from looping forever. LDP loop detection can be in either of the following modes: • Maximum hop count—A label request message or label mapping message carries information about its hop count, which increments by 1 for each hop.
Configuring LDP MD5 authentication LDP sessions are established based on TCP connections. To improve the security of LDP sessions, you can configure MD5 authentication for the underlying TCP connections, so that the TCP connections can be established only if the peers have the same authentication password. IMPORTANT: To establish an LDP session successfully between two LDP peers, make sure their LDP MD5 authentication settings are the same. To configure LDP MD5 authentication: Step Command Remarks 1.
Label advertisement control Label advertisement control is for filtering label bindings to be advertised. A downstream LSR advertises only the label bindings of the specified FECs to the specified upstream LSR. As shown in Figure 9, downstream device LSR A advertises to upstream device LSR B only label bindings with FEC destinations permitted by prefix list B, and advertises to upstream device LSR C only label bindings with FEC destinations permitted by prefix list C.
Configuring BFD for MPLS LDP Use BFD to help MPLS promptly detect a neighbor failure or link failure between two remote LDP peers. BFD can help MPLS LDP detect communication failures only between remote LDP peers. For configuration examples, see "Configuring VPLS." For more information about BFD, see High Availability Configuration Guide. To configure BFD for MPLS LDP: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter MPLS LDP remote peer view.
• If fragmentation is allowed, the LSR removes the label stack from the packet, fragments the IP packet (the length of a fragment is the MPLS MTU minus the length of the label stack), adds the label stack back into each fragment, and then forwards the fragments. • If fragmentation is not allowed, the LSR drops the packet directly. To configure the MPLS MTU of an interface: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view.
Figure 10 TTL processing when TTL propagation is enabled Disable TTL propagation—When an LSR labels a packet, it does not copy the TTL value of the original IP packet to the TTL field of the label, and the label's TTL is set to 255. When an LSR pops the stack-top label, it does not copy the label's TTL to the original packet, and if the LSR is the egress LSR, it decreases the TTL value of the original packet by 1. Other LSRs do not change the TTL value of the original packet.
Step Command Remarks Optional. Enable MPLS TTL propagation. 3. ttl propagate { public | vpn } Enabled only for public network packets by default.
Configuring LDP GR MPLS has two separate planes: the forwarding plane and the control plane. Using this feature, LDP Graceful Restart (GR) preserves the LFIB information when the signaling protocol or control plane fails, so that LSRs can still forward packets according to LFIB, ensuring continuous data transmission. A device that participates in a GR process can be a GR restarter or a GR helper. • GR restarter—Router that gracefully restarts due to a manually configured command or a fault.
5. After the recovery time elapses, the GR helper deletes the FEC-label bindings that are still marked stale. 6. When the MPLS forwarding state holding timer expires, the GR restarter deletes the label forwarding entries that are still marked stale. Configuration prerequisites Configure MPLS LDP capability on each device acting as the GR restarter or a GR helper. (The device can act as a GR restarter or a GR helper as needed in the LDP GR process.
The LDP GR function can also implement nonstop data forwarding, but it requires that the GR restarter and all its neighbors support LDP GR. With the LDP NSR function, the neighboring devices do not need to support LDP NSR. They are not aware of any switchover event on the NSR-enabled device. The LDP GR feature and the LDP NSR feature are mutually exclusive. Do not configure both features on the device.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter MPLS view. mpls N/A 3. Enable MPLS statistics for specific LSPs. statistics { ipv4 destination mask [ vpn-instance vpn-instance-name ] | ipv6 destination mask | static } By default, MPLS statistics are disabled for all LSPs. 4. Set the LSP statistics reading interval. statistics interval interval-time The default interval is 0 seconds. The system does not read LSP statistics.
Task Command Perform MPLS LSP tracert to locate errors along an MPLS LSP. tracert lsp [ -a source-ip | -exp exp-value | -h ttl-value | -r reply-mode |-t time-out ] * ipv4 dest-addr mask-length [ destination-ip-addr-header ] Enabling MPLS trap With the MPLS trap function enabled, trap packets of the notifications level are generated to report critical MPLS events. Such trap packets are sent to the information center of the device.
Task Command Remarks Display information about LSPs.
Displaying MPLS LDP operation Task Command Remarks Display information about LDP. display mpls ldp [ all [ verbose ] [ | { begin | exclude | include } regular-expression ] ] Available in any view. Display the label advertisement information for the specified FEC. display mpls ldp fec [ vpn-instance vpn-instance-name ] dest-addr mask-length [ | { begin | exclude | include } regular-expression ] Available in any view. Display information about LDP-enabled interfaces.
Clearing MPLS statistics Task Command Remarks Clear MPLS statistics for one or all MPLS interfaces. reset mpls statistics interface { interface-type interface-number | all } Available in user view. Clear MPLS statistics for all LSPs or the LSP with a specific index or name. reset mpls statistics lsp { index | all | name lsp-name } Available in user view. Clear statistics for all LSPs or the LSP with a specific incoming label. reset mpls statistics lsp [ in-label in-label ] Available in user view.
Configuration procedure 1. Configure IP addresses for the interfaces, according to Figure 13. (Details not shown.) 2. Configure a static route to the FEC destination address on each ingress node: # Configure a static route to network 21.1.1.0/24 on Router A. system-view [RouterA] ip route-static 21.1.1.0 24 10.1.1.2 # Configure a static route to network 11.1.1.0/24 on Router C. system-view [RouterC] ip route-static 11.1.1.0 255.255.255.0 20.1.1.1 3.
[RouterC] static-lsp ingress CtoA destination 11.1.1.0 24 nexthop 20.1.1.1 out-label 40 # Configure the LSP transit node, Router B. [RouterB] static-lsp transit CtoA incoming-interface serial 2/1/1 in-label 40 nexthop 10.1.1.1 out-label 70 # Configure the LSP egress node, Router A. [RouterA] static-lsp egress CtoA incoming-interface serial 2/1/0 in-label 70 6. Verify the configuration: # Execute the display mpls static-lsp command on each router to view static LSP information.
Configuring LDP to establish LSPs dynamically Network requirements Router A, Router B, and Router C support MPLS. Configure LDP to establish LSPs between Router A and Router C so that subnets 11.1.1.0/24 and 21.1.1.0/24 can reach each other over MPLS. Test the connectivity of the LSPs. Figure 14 Network diagram Configuration considerations • Enable LDP on the LSRs. LDP dynamically distributes labels and establishes LSPs and thus there is no need to manually configure labels for LSPs.
system-view [RouterC] ospf [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [RouterC-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] network 21.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit # Execute the display ip routing-table command on each router. The output shows that each router has learned the routes to other routers.
[RouterB] interface serial 2/1/1 [RouterB-Serial2/1/1] mpls [RouterB-Serial2/1/1] mpls ldp [RouterB-Serial2/1/1] quit # Configure MPLS and MPLS LDP on Router C. [RouterC] mpls lsr-id 3.3.3.
[RouterC-mpls] lsp-trigger all [RouterC-mpls] quit 5. Verify the configuration: # Execute the display mpls ldp lsp command on each router to view LDP LSP information. Take Router A as an example: [RouterA] display mpls ldp lsp LDP LSP Information ------------------------------------------------------------------SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface -----------------------------------------------------------------1 1.1.1.9/32 3/NULL 127.0.0.1 -------/InLoop0 2 2.2.2.
Configuring MPLS TE Overview Network congestion is one of the major problems that can degrade your network backbone performance. It might occur when network resources are inadequate or when load distribution is unbalanced. Traffic engineering (TE) is intended to avoid the latter situation where partial congestion might occur because of improper resource allocation.
With MPLS TE, a network administrator can eliminate network congestion by creating some LSPs and congestion bypass nodes. Special offline tools are also available for the traffic analysis performed when the number of LSPs is large. Basic concepts LSP tunnel—On an LSP, after packets are labeled at the ingress node, the packets are forwarded based on label. The traffic is transparent to the transits nodes on the LSP. In this sense, an LSP can be regarded as a tunnel.
RSVP is a well-established technology in terms of its architecture, protocol procedures and support to services. CR-LDP is an emerging technology with better scalability. Both CR-LDP and RSVP-TE are supported on your device. Forwarding packets Packets are forwarded over established tunnels. CR-LSP Unlike ordinary LSPs established based on routing information, CR-LSPs are established based on criteria such as bandwidth, selected path, and QoS parameters, in addition to routing information.
If a network does not run IGP TE extension, the network administrator is unable to identify from which part of the network the required bandwidth can be obtained when setting up a CR-LSP. In this case, loose explicit route (ER-hop) with required resources is used. The established CR-LSP, however, might change when the route changes, for example, when a better next hop becomes available.
Resource reservation style—Assigned to each LSP set up using RSVP-TE. During an RSVP session, the receiver decides which reservation style can be used for this session and which LSPs can be used. The following reservation styles are available: • FF—Fixed-filter style, where resources are reserved for individual senders and cannot be shared among senders on the same session. • SE—Shared-explicit style, where resources are reserved for senders on the same session and shared among them.
• ResvErr messages—Sent downstream to notify the downstream nodes that an error occurs during Resv message processing or that a reservation error occurs because of preemption. • ResvConf messages—Sent to receivers to confirm Resv messages. • Hello messages—Sent between any two directly connected RSVP neighbors to set up and maintain the neighbor relationship that has local significance on the link. The TE extension to RSVP adds new objects to the Path message and the Resv message.
the Message_ID_ACK object are used to acknowledge RSVP messages, improving transmission reliability. On an interface enabled with the Message_ID mechanism, you can configure RSVP message retransmission. If a node sends a message carrying the Message_ID object, and the ACK_Desired flag in the object is set, the node expects a response that carries the Message_ID_ACK object during the initial retransmission interval (Rf).
information about the GR restarter and keep sending Hello packets periodically to the GR restarter until the restart timer expires. If a GR helper and the GR restarter reestablish a Hello session before the restart timer expires, the recovery timer is started and signaling packet exchanging is triggered to restore the original soft state. Otherwise, all RSVP soft state information and forwarding entries relevant to the neighbor are removed.
Figure 17 IGP shortcut and forwarding adjacency A TE tunnel is present between Router D and Router C. With IGP shortcut enabled, the ingress node Router D can use this tunnel when calculating IGP routes. This tunnel, however, is invisible to Router A. Therefore, Router A cannot use this tunnel to reach Router C. With forwarding adjacency enabled, Router A can know the presence of the TE tunnel and forward traffic to Router C to Router D though this tunnel.
• Standard backup where a secondary CR-LSP is created to take over after the primary CR-LSP fails. FRR FRR provides a quick per-link or per-node protection on an LSP. In this method, once a link or node fails on a path, FRR comes up to reroute the path to a new link or node to bypass the failed link or node. This can happen in as fast as 50 milliseconds, thereby minimizing data loss.
Figure 19 FRR node protection Deploying FRR When configuring the bypass LSP, make sure the protected link or node is not on the bypass LSP. As bypass LSPs are pre-established, FRR requires extra bandwidth. When network bandwidth is insufficient, use FRR for crucial interfaces or links only. DiffServ-aware TE Diff-Serv is a model that provides differentiated QoS guarantees based on class of service. MPLS TE is a traffic engineering solution that focuses on optimizing network resources allocation.
• The prestandard mode is proprietary, and therefore a device operating in prestandard mode cannot communicate with devices of some other vendors. The IETF mode is a standard mode implemented according to relative RFCs. A device operating in IETF mode can communicate with devices of other vendors. How DS-TE operates A device takes the following steps to establish MPLS TE tunnels according to CTs of traffic trunks: 1. Determines the CT of traffic flows.
• The total bandwidth occupied by CT 0, CT 1, and CT 2 cannot exceed the maximum reservable bandwidth. Figure 21 MAM bandwidth constraints model 3. Checks whether the traffic trunk matches an existing TE class. The device checks whether the CT and the LSP setup/holding priority of the traffic trunk matches an existing TE class.
To simplify the configuration, when setting up an LDP LSP across the core layer, you can use the MPLS TE tunnel that is already established in the core layer. As shown in Figure 23, when using the MPLS TE tunnel to establish the LDP LSP, you do not need to establish local LDP sessions between neighboring LSRs in the core layer. All you need to do is to establish a remote session between the ingress node and egress node of the MPLS TE tunnel.
Task Remarks Configuring an MPLS TE tunnel Creating an MPLS TE tunnel over a static CR-LSP Required. Configuring an MPLS TE tunnel with a dynamic signaling protocol Use either method. Configuring RSVP-TE advanced features Optional. Tuning CR-LSP setup Optional. Tuning MPLS TE tunnel setup Optional. Forwarding traffic along MPLS TE tunnels using static routes Configuring traffic forwarding Forwarding traffic along MPLS TE tunnels using policy routing Required. Use any method.
Step Command Remarks ip address ip-address netmask Optional. 10. Set the tunnel protocol to MPLS TE. tunnel-protocol mpls te N/A 11. Configure the destination address of the tunnel. destination ip-address N/A 12. Configure the tunnel ID of the tunnel. mpls te tunnel-id tunnel-id N/A 13. Submit the current tunnel configuration. mpls te commit N/A 9. Assign an IP address to the tunnel interface. For information about tunnel interfaces, see Layer 3—IP Services Configuration Guide.
Creating an MPLS TE tunnel over a static CR-LSP Creating MPLS TE tunnels over static CR-LSPs does not involve configuration of tunnel constraints or the issue of IGP TE extension or CSPF. Create a static CR-LSP and a TE tunnel using static signaling and then associate them. Despite its ease of configuration, the application of MPLS TE tunnels over static CR-LSPs is restricted because they cannot dynamically adapt to network changes. Static CR-LSPs are special static LSPs.
Step 5. Return to system view. Command Remarks quit N/A • On the ingress node: static-cr-lsp ingress tunnel-name destination dest-addr { nexthop next-hop-addr | outgoing-interface interface-type interface-number } out-label out-label-value [ bandwidth [ ct0 | ct1 | ct2 | ct3 ] bandwidth-value ] • On a transit node: 6.
Task Remarks Configuring MPLS TE properties for a link Optional. Configuring CSPF Optional. Configuring OSPF TE Required when CSPF is configured. Configuring IS-IS TE Choose one depending on the IGP protocol used. Configuring an MPLS TE explicit path Optional. Configuring MPLS TE tunnel constraints Optional. Establishing an MPLS TE tunnel with CR-LDP Optional. Use either method. Establishing an MPLS TE tunnel with RSVP-TE By default, RSVP-TE is used for establishing an MPLS TE tunnel.
Configuring CSPF With CSPF enabled, a node uses CSPF to calculate the shortest path that satisfies TE requirements. To configure CSPF: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter MPLS view. mpls N/A 3. Enable CSPF on your device. mpls te cspf Disabled by default. Configuring OSPF TE Configure OSPF TE if the routing protocol is OSPF and a dynamic signaling protocol is used for MPLS TE tunnel setup.
the MTU of each IS-IS enabled interface to be equal to or greater than 512 bytes to guarantee that IS-IS LSPs can be flooded on the network. IS-IS TE does not support secondary IP address advertisement. With IS-IS TE enabled on an interface configured with multiple IP addresses, IS-IS TE advertises only the primary IP address of the interface through the sub-TLV of IS reachability TLV (type 22). HP recommends that you avoid enabling IS-IS TE on an interface configured with secondary IP addresses.
Step Command Remarks Optional. 3. 4. Add a node to the explicit path. Specify a next hop IP address on the explicit path. add hop ip-address1 [ include [ loose | strict ] | exclude ] { after | before } ip-address2 next hop ip-address [ include [ loose | strict ] | exclude ] By default, the include keyword and the strict keyword apply. The explicit path traverses the specified node and the next node is a strict node. The next hop is a strict node by default.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter MPLS TE tunnel interface view. interface tunnel tunnel-number N/A 3. Set the signaling protocol for setting up MPLS TE tunnels to CR-LDP. mpls te signal-protocol crldp RSVP-TE applies by default. Submit current tunnel configuration. mpls te commit N/A 4.
Establish an MPLS TE tunnel with RSVP-TE. • Configuring RSVP reservation style Each LSP set up using RSVP-TE is assigned a resource reservation style. During an RSVP session, the receiver decides which reservation style can be used for this session and thus which LSPs can be used. The following reservation styles are available: • FF—Resources are reserved for individual senders and cannot be shared among senders on the same session.
Configuring the RSVP refresh mechanism To enhance reliability of RSVP message transmission, the Message_ID extension mechanism is used to acknowledge RSVP messages. The Message_ID extension mechanism is also referred to as "the reliability mechanism" throughout this document. After you enable RSVP message acknowledgement on an interface, you can enable retransmission. To use Srefresh, you must use the Message_ID extension.
Configuring RSVP-TE resource reservation confirmation Reservation confirmation is initiated by the receiver, which sends the Resv message with an object requesting reservation confirmation. Receiving the ResvConf message does not mean resource reservation is established. It only indicates that resources are reserved on the farthest upstream node where the Resv message arrived and the resources can be preempted. To configure RSVP-TE resource reservation confirmation: Step Command Remarks 1.
Step 3. Configure a DSCP value for outgoing RSVP packets. Command Remarks mpls rsvp-te dscp dscp-value By default, the DSCP value for outgoing RSVP packets is 48. Configuring RSVP-TE GR The RSVP-TE GR function depends on the extended hello capability of RSVP-TE. Enable the extended hello capability of RSVP-TE before configuring RSVP-TE GR. To configure RSVP-TE GR on each device to act as the GR restarter or a GR helper: Step Command Remarks 1. Enter system view. system-view N/A 2.
Tuning CR-LSP setup A CR-LSP is established through the signaling protocol based on the path calculated by CSPF using TEDB and constraints. MPLS TE can affect CSPF calculation in many ways to determine the path that a CR-LSP can traverse. The configuration tasks described in this section are about CSPF of MPLS TE. They must be used in conjunction with CSPF and the dynamic signal protocol (CR-LDP or RSVP-TE). Before performing them, be aware of each configuration objective and its impact on your system.
Configuring route pinning Route pinning cannot be used together with reoptimization or automatic bandwidth adjustment. To configure route pinning: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter MPLS TE tunnel interface view. interface tunnel tunnel-number N/A 3. Enable route pinning. mpls te route-pinning Disabled by default. 4. Submit current tunnel configuration. mpls te commit N/A.
Step Command Remarks Optional. 6. Configure the affinity attribute of the MPLS TE tunnel. mpls te affinity property properties [ mask mask-value ] The default affinity attribute is 0x00000000, and the default mask is 0x00000000. 7. Submit current tunnel configuration. mpls te commit N/A Configuring CR-LSP reoptimization Dynamic CR-LSP optimization involves the periodic calculation of paths that traffic trunks traverse.
Step 4. Submit current tunnel configuration. Command Remarks mpls te commit N/A Configuring route and label recording Step Command Remarks 1. Enter system view. system-view N/A 2. Enter MPLS TE tunnel interface view. interface tunnel tunnel-number N/A Use either command. 3. 4. Enable the system to record routes or labels when setting up the tunnel. Submit current tunnel configuration.
To avoid flapping caused by improper preemptions between CR-LSPs, the setup priority of a CR-LSP must not be set higher than its holding priority. To assign priorities to a tunnel: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter MPLS TE tunnel interface view. interface tunnel tunnel-number N/A 3. Assign priorities to the tunnel. mpls te priority setup-priority [ hold-priority ] 4. Submit current tunnel configuration. mpls te commit Optional.
Step Command Remarks 3. Define an ACL rule. rule [ rule-id ] { deny | permit } protocol [ destination { dest-addr dest-wildcard | any } | destination-port operator port1 [ port2 ] | dscp dscp | established | fragment | icmp-type { icmp-type icmp-code | icmp-message } | logging | precedence precedence | reflective | source { sour-addr sour-wildcard | any } | source-port operator port1 [ port2 ] | time-range time-name | tos tos | vpn-instance vpn-instance-name ] * N/A 4. Return to system view.
Configuring an IGP shortcut Step Command Remarks 1. Enter system view. system-view N/A 2. Enter MPLS TE tunnel interface view. interface tunnel tunnel-number N/A MPLS TE tunnels are not considered in the enhanced SPF calculation of IGP. Configure the IGP to take the MPLS TE tunnels in up state into account when performing enhanced SPF calculation. mpls te igp shortcut [ isis | ospf ] 4. Assign a metric to the MPLS TE tunnel.
Step Command Remarks 6. Exit to system view. quit N/A 7. Enter OSPF view. ospf [ process-id ] N/A 8. Enable forwarding adjacency. enable traffic-adjustment advertise Disabled by default. Configuring traffic forwarding tuning parameters In MPLS TE, you can configure traffic forwarding tuning parameters, such as the failed link timer and flooding thresholds, to change paths that IP or MPLS traffic flows traverse or to define type of traffic that may travel down a TE tunnel.
Step 3. Command Configure the up/down thresholds for IGP to flood bandwidth changes. mpls te bandwidth change thresholds { down | up } percent Remarks Optional. Both up and down flooding thresholds are 10 by default. Specifying the link metric type for tunnel path calculation Step Command Remarks 1. Enter system view. system-view N/A 2. Enter MPLS view. mpls N/A 3. Specify the metric type to use when no metric type is explicitly configured for a tunnel.
Configuring automatic bandwidth adjustment The configurations described in this section are used in conjunction with CSPF and the dynamic signaling protocol CR-LDP or RSVP-TE. Configuration guidelines • The sampling interval configured in MPLS view applies to all MPLS TE tunnels. The output rates of all MPLS TE tunnels are recorded every sampling interval to calculate the actual average bandwidth of an MPLS TE tunnel in one sampling interval.
Step Command Remarks 10. Return to user view. return N/A Optional. 11. Reset automatic bandwidth adjustment. reset mpls te auto-bandwidth adjustment timers After this command is executed, the system clears the output rate sampling information and the remaining time to the next bandwidth adjustment to start a new output rate sampling and bandwidth adjustment. Configuring CR-LSP backup CR-LSP backup provides end-to-end path protection to protect the entire LSP.
A bypass tunnel only forwards data traffic when a protected tunnel fails. To allow a bypass tunnel to also forward data traffic when the protected tunnels are normal, you must make sure that the bypass tunnel has adequate bandwidth. A bypass tunnel cannot be used for services like VPN. NOTE: • The FRR feature is not supported when the signaling protocol is CR-LDP. • Do not configure both FRR and RSVP authentication on the same interface.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view of the bypass tunnel. interface tunnel tunnel-number N/A • For node protection, this is the 3. Specify the destination address of the bypass tunnel. destination ip-address LSR ID of the next hop router of PLR. • For link protection, this is the LSR ID of the next hop device of PLR. Bandwidth is not protected by default. 4. Configure the bandwidth and the type of LSPs that the bypass tunnel can protect.
NOTE: RSVP hello extension is configured to detect node failures caused by problems such as signaling error other than failures caused by link failures. Configuring the FRR polling timer The protection provided by FRR is temporary. Once a protected LSP becomes available again or a new LSP is established, traffic is switched to the protected or new LSP.
Configuring MPLS LSP tracert MPLS LSP tracert can be used to locate errors of an MPLS TE tunnel. It sends MPLS echo requests to the nodes along the MPLS TE tunnel to be inspected, with the TTL increasing from 1 to a specific value. Each node along the MPLS TE tunnel returns an MPLS echo reply to the ingress due to TTL timeout. Thus, the ingress can collect information about each hop along the MPLS TE tunnel, so as to locate the failed node.
Task Command Remarks Display information about static CR-LSPs. display mpls static-cr-lsp [ lsp-name lsp-name ] [ egress | ingress | transit ] [ { include | exclude } ip-address prefix-length ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display RSVP-TE configuration. display mpls rsvp-te [ interface [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] ] Available in any view. Display the RSVP-TE tunnel information.
Task Command Remarks Display criteria-compliant information about CSPF-based TEDB. display mpls te cspf tedb { all | area area-id | interface ip-address | network-lsa | node [ mpls-lsr-id ] } [ | { begin | exclude | include } regular-expression ] Available in any view. Display information about the CR-LSPs carried on the specified or all links.
Task Command Remarks Display the latest TE information advertised by IS-IS TE. display isis traffic-eng advertisements [ [ level-1 | level-1-2 | level-2 ] | [ lsp-id lsp-id | local ] ] * [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display information about TE links for IS-IS.
Figure 24 Network diagram Configuration procedure 1. Configure IP addresses and masks for the interfaces according to Figure 24. (Details not shown.) 2. Enable IS-IS to advertise host routes with LSR IDs as destinations: # Configure Router A. system-view [RouterA] isis 1 [RouterA-isis-1] network-entity 00.0005.0000.0000.0001.
[RouterC-isis-1] network-entity 00.0005.0000.0000.0003.00 [RouterC-isis-1] quit [RouterC] interface giabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] isis enable 1 [RouterC-GigabitEthernet2/1/1] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] isis enable 1 [RouterC-LoopBack0] quit Execute the display ip routing-table command on each router. The output shows that all nodes have learned the host routes of other nodes with LSR IDs as destinations.
[RouterC] mpls lsr-id 3.3.3.3 [RouterC] mpls [RouterC-mpls] mpls te [RouterC-mpls] quit [RouterC] interface giabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] mpls [RouterC-GigabitEthernet2/1/1] mpls te [RouterC-GigabitEthernet2/1/1] quit 4. Configure an MPLS TE tunnel: # Configure an MPLS TE tunnel on Router A. [RouterA] interface tunnel 0 [RouterA-Tunnel0] ip address 6.1.1.1 255.255.255.0 [RouterA-Tunnel0] tunnel-protocol mpls te [RouterA-Tunnel0] destination 3.3.3.
0 packets output, 0 bytes 0 output error Execute the display mpls te tunnel command on each router to view information about the MPLS TE tunnel. [RouterA] display mpls te tunnel LSP-Id Destination In/Out-If 1.1.1.1:1 3.3.3.
7. Create a static route to direct traffic to the MPLS TE tunnel: [RouterA] ip route-static 3.2.1.2 24 tunnel 0 preference 1 Execute the display ip routing-table command on Router A. You can see a static route entry with interface Tunnel0 as the outgoing interface. MPLS TE tunnel using RSVP-TE configuration example Network requirements Router A, Router B, Router C, and Router D are running IS-IS and all of them are Level-2 routers.
[RouterA-LoopBack0] isis circuit-level level-2 [RouterA-LoopBack0] quit # Configure Router B. system-view [RouterB] isis 1 [RouterB-isis-1] network-entity 00.0005.0000.0000.0002.
[RouterD-LoopBack0] quit Execute the display ip routing-table command on each router. The output shows that all nodes have learned the host routes of other nodes with LSR IDs as destinations. Take Router A for example: [RouterA] display ip routing-table Routing Tables: Public Destinations : 10 Destination/Mask 3. Proto Pre Routes : 10 Cost NextHop Interface 1.1.1.9/32 Direct 0 0 127.0.0.1 InLoop0 2.2.2.9/32 ISIS 15 10 10.1.1.2 GE2/1/1 3.3.3.9/32 ISIS 15 20 10.1.1.2 GE2/1/1 4.4.4.
# Configure Router C. [RouterC] mpls lsr-id 3.3.3.
[RouterD-isis-1] cost-style wide [RouterD-isis-1] traffic-eng level-2 [RouterD-isis-1] quit 5. Configure MPLS TE attributes of links: # Configure maximum link bandwidth and maximum reservable bandwidth on Router A. [RouterA] interface giabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] mpls te max-link-bandwidth 10000 [RouterA-GigabitEthernet2/1/1] mpls te max-reservable-bandwidth 5000 [RouterA-GigabitEthernet2/1/1] quit # Configure maximum link bandwidth and maximum reservable bandwidth on Router B.
[RouterA] display interface tunnel Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 64000 Internet Address is 7.1.1.1/24 Primary Encapsulation is TUNNEL, service-loopback-group ID not set Tunnel source unknown, destination 4.4.4.
Interfaces Protected: - VPN Bind Type : NONE VPN Bind Value : - Car Policy : Disabled Tunnel Group : Primary Primary Tunnel : - Backup Tunnel : - Group Status : - Execute the display mpls te cspf tedb all command on Router A to view information about links in TEDB. [RouterA] display mpls te cspf tedb all 8. Maximum Node Supported: 128 Maximum Link Supported: 256 Current Total Node Number: 4 Current Total Link Number: 6 Id MPLS LSR-Id IGP Process-Id Area Link-Count 1 3.3.
Figure 26 Network diagram Device Router A Router B Interface IP address Device Router C Interface IP address Loop0 1.1.1.9/32 Loop0 3.3.3.9/32 GE2/1/1 10.1.1.1/24 GE2/1/1 30.1.1.1/24 Loop0 2.2.2.9/32 POS5/1/0 20.1.1.2/24 Loop0 4.4.4.9/32 GE2/1/1 30.1.1.2/24 GE2/1/1 10.1.1.2/24 POS5/1/0 20.1.1.1/24 Router D Configuration procedure 1. Configure IP addresses and masks for the interfaces according to Figure 26. (Details not shown.) 2.
[RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit # Configure OSPF on Router D. system-view [RouterD] ospf [RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [RouterD-ospf-1-area-0.0.0.
Destinations : 10 4. Destination/Mask Proto 1.1.1.9/32 2.2.2.9/32 Routes : 10 Pre Cost NextHop Interface Direct 0 0 127.0.0.1 InLoop0 OSPF 10 1 10.1.1.2 GE2/1/1 3.3.3.9/32 O_ASE 150 1 10.1.1.2 GE2/1/1 4.4.4.9/32 O_ASE 150 1 10.1.1.2 GE2/1/1 10.1.1.0/24 Direct 0 0 10.1.1.1 GE2/1/1 10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 20.1.1.0/24 O_ASE 150 1 10.1.1.2 GE2/1/1 30.1.1.0/24 O_ASE 150 1 10.1.1.2 GE2/1/1 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.
[RouterC-mpls] mpls rsvp-te [RouterC-mpls] mpls te cspf [RouterC-mpls] quit [RouterC] interface giabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] mpls [RouterC-GigabitEthernet2/1/1] mpls te [RouterC-GigabitEthernet2/1/1] mpls rsvp-te [RouterC-GigabitEthernet2/1/1] quit [RouterC] interface pos 5/1/0 [RouterC-POS5/1/0] mpls [RouterC-POS5/1/0] mpls te [RouterC-POS5/1/0] mpls rsvp-te [RouterC-POS5/1/0] quit # Configure Router D. [RouterD] mpls lsr-id 4.4.4.
# Configure Router D. [RouterD] ospf [RouterD-ospf-1] opaque-capability enable [RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0.0.0.0] mpls-te enable [RouterD-ospf-1-area-0.0.0.0] quit [RouterD-ospf-1] quit 6. Configure a loose explicit route: # Configure a loose explicit route on Router A. [RouterA] explicit-path atod enable [RouterA-explicit-path-atod] next hop 10.1.1.2 include loose [RouterA-explicit-path-atod] next hop 20.1.1.2 include loose [RouterA-explicit-path-atod] next hop 30.1.1.
[RouterA-Tunnel1] ip address 7.1.1.1 255.255.255.0 [RouterA-Tunnel1] tunnel-protocol mpls te [RouterA-Tunnel1] destination 4.4.4.9 [RouterA-Tunnel1] mpls te tunnel-id 10 [RouterA-Tunnel1] mpls te signal-protocol rsvp-te [RouterA-Tunnel1] mpls te bandwidth 2000 [RouterA-Tunnel1] mpls te path explicit-path atod preference 5 [RouterA-Tunnel1] mpls te commit [RouterA-Tunnel1] quit 9. Verify the configuration: Execute the display interface tunnel command on Router A.
Explicit Path Name : atod Tie-Breaking Policy : None Metric Type : None Loop Detection : Disabled Record Route : Disabled Record Label : Disabled FRR Flag : Disabled BackUpBW Flag: Not Supported BackUpBW Type : - BackUpBW - Route Pinning : Disabled Retry Limit : 10 Retry Interval: Reopt : Disabled Reopt Freq Back Up Type : None Back Up LSPID : - Auto BW : Min BW : Current Collected BW: - Interfaces Protected: - VPN Bind Type : NONE VPN Bind Value : -
10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 20.1.1.0/24 O_ASE 1 10.1.1.2 GE2/1/1 30.1.1.0/24 Static 1 0 7.1.1.1 Tun1 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 150 RSVP-TE GR configuration example Network requirements Router A, Router B and Router C are running IS-IS. All of them are Level-2 devices and support RSVP hello extension. Use RSVP-TE to create a TE tunnel from Router A to Router C.
[RouterB-mpls] mpls rsvp-te hello [RouterB-mpls] interface giabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] mpls [RouterB-GigabitEthernet2/1/1] mpls te [RouterB-GigabitEthernet2/1/1] mpls rsvp-te [RouterB-GigabitEthernet2/1/1] mpls rsvp-te hello [RouterB-GigabitEthernet2/1/1] quit [RouterB] interface giabitethernet 2/1/2 [RouterB-GigabitEthernet2/1/2] mpls [RouterB-GigabitEthernet2/1/2] mpls te [RouterB-GigabitEthernet2/1/2] mpls rsvp-te [RouterB-GigabitEthernet2/1/2] mpls rsvp-te hello [RouterB-GigabitE
Neighbor Addr: 10.1.1.2 SrcInstance: 880 NbrSrcInstance: 5017 PSB Count: 0 RSB Count: 1 Hello Type Sent: REQ Neighbor Hello Extension: ENABLE SRefresh Enable: NO Graceful Restart State: Ready Restart Time: 120 Sec Recovery Time: 300 Sec MPLS RSVP-TE and BFD cooperation configuration example Network requirements Run OSPF on Router A and Router B to ensure IP connectivity. Enable MPLS RSVP-TE BFD on the interfaces connecting the two routers.
[RouterB-GigabitEthernet2/1/1] mpls te [RouterB-GigabitEthernet2/1/1] mpls rsvp-te [RouterB-GigabitEthernet2/1/1] mpls rsvp-te bfd enable [RouterB-GigabitEthernet2/1/1] quit 2. Configure OSPF: # Configure Router A. system-view [RouterA] ospf [Router-A-ospf-1] area 0 [Router-A-ospf-1-area-0.0.0.0] network 12.12.12.1 0.0.0.255 [Router-A-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [Router-A-ospf-1-area-0.0.0.0] quit [Router-A-ospf-1] quit # Configure Router B.
5. Verify the configuration: # Display detailed information about the BFD session between Router A and Router B. display bfd session verbose Total Session Num: 1 Init Mode: Active Session Working Under Ctrl Mode: Local Discr: 19 Remote Discr: 18 Source IP: 12.12.12.1 Destination IP: 12.12.12.
2. Enable OSPF to advertise host routes with LSR IDs as destinations. (Details not shown.) After configuration, you can execute the display ip routing-table command on each router. The output shows that all nodes have learned the host routes of other nodes with LSR IDs as destinations. 3. Configure basic MPLS TE, and enable CSPF: # Configure Router A. [RouterA] mpls lsr-id 1.1.1.
[RouterD-mpls] mpls te cspf [RouterD-mpls] quit [RouterD] interface giabitethernet 2/1/1 [RouterD-GigabitEthernet2/1/1] mpls [RouterD-GigabitEthernet2/1/1] mpls te [RouterD-GigabitEthernet2/1/1] quit 4. Configure OSPF TE: # Configure Router A. [RouterA] ospf [RouterA-ospf-1] opaque-capability enable [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] mpls-te enable [RouterA-ospf-1-area-0.0.0.0] quit [RouterA-ospf-1] quit # Configure Router B.
[RouterB-GigabitEthernet2/1/2] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet2/1/2] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet2/1/2] quit # Configure maximum link bandwidth and maximum reservable bandwidth on Router C.
[RouterC-GigabitEthernet2/1/1] mpls ldp [RouterC-GigabitEthernet2/1/1] quit [RouterC] interface giabitethernet 2/1/2 [RouterC-GigabitEthernet2/1/2] mpls ldp [RouterC-GigabitEthernet2/1/2] quit # Configure Router D. [RouterD] mpls ldp [RouterD-mpls-ldp] quit [RouterD] interface giabitethernet 2/1/1 [RouterD-GigabitEthernet2/1/1] mpls ldp [RouterD-GigabitEthernet2/1/1] quit Execute the display mpls ldp session command on each router.
Last 300 seconds output: 0 packets input, 0 bytes/sec, 0 packets/sec 0 bytes 0 input error 0 packets output, 0 bytes 0 output error Execute the display mpls te tunnel-interface command on Router A to view information about the tunnel. [RouterA] display mpls te tunnel-interface Tunnel Name : Tunnel2 Tunnel Desc : Tunnel2 Interface Tunnel State Desc : CR-LSP is Up Tunnel Attributes : LSP ID : 1.1.1.9:2 Session ID : Admin State : UP Oper State Ingress LSR ID : 1.1.1.
Area ID : 0.0.0.0 Traffic Engineering LSA's of the database -----------------------------------------------LSA [ 1 ] -----------------------------------------------LSA Type : Opq-Area Opaque Type : 1 Opaque ID : 1 Advertising Router ID : 1.1.1.9 LSA : 811 Age Length : 200 LSA : E O Options LS Seq Number : 8000000D CheckSum : B1C4 Link Type : MultiAccess Link ID : 10.1.1.2 Local Interface Address : 10.1.1.1 Remote Interface Address : 0.0.0.
BC [ 1] = 0 bytes/sec ------------------------------------------------ LSA [ 2 ] -----------------------------------------------LSA 8. Type : Opq-Area Opaque Type : 1 Opaque ID : 0 Advertising Router ID : 1.1.1.9 LSA : 1118 Age Length : 28 LSA : E O Options LS Seq Number : 8000000B CheckSum : ECBF MPLS TE Router ID : 1.1.1.9 Create a static route to direct traffic to the MPLS TE tunnel: [RouterA] ip route-static 30.1.1.
Figure 30 Network diagram Device Interface IP address Device Interface IP address Router A Loop0 1.1.1.9/32 Router D Loop0 4.4.4.9/32 GE 2/1/1 10.1.1.1/24 POS 5/1/0 30.1.1.2/24 POS 5/1/1 30.1.1.1/24 POS 5/1/1 40.1.1.1/24 Loop0 2.2.2.9/32 Loop0 3.3.3.9/32 GE 2/1/1 10.1.1.2/24 GE 2/1/1 20.1.1.2/24 GE 2/1/2 20.1.1.1/24 POS 5/1/1 40.1.1.2/24 Router B Router C Configuration procedure 1. Configure IP addresses and masks for the interfaces according to Figure 30.
Follow the same steps to configure Router B, Router C, and Router D. 4. Create an MPLS TE tunnel on Router A: # Configure the MPLS TE tunnel carried on the primary LSP. [RouterA] interface tunnel 3 [RouterA-Tunnel3] ip address 9.1.1.1 255.255.255.0 [RouterA-Tunnel3] tunnel-protocol mpls te [RouterA-Tunnel3] destination 3.3.3.9 [RouterA-Tunnel3] mpls te tunnel-id 10 [RouterA-Tunnel3] mpls te record-route # Enable hot LSP backup.
Hop 1 10.1.1.2 Hop 2 2.2.2.9 Hop 3 20.1.1.1 Hop 4 20.1.1.2 Hop 5 3.3.3.9 Tunnel Interface Name : Tunnel3 Lsp ID : 1.1.1.9 :2054 Hop Information Hop 0 30.1.1.1 Hop 1 30.1.1.2 Hop 2 4.4.4.9 Hop 3 40.1.1.1 Hop 4 40.1.1.2 Hop 5 3.3.3.9 # Execute the tracert command to draw the picture of the path that a packet must travel to reach the tunnel destination. [RouterA] tracert –a 1.1.1.9 3.3.3.9 traceroute to 3.3.3.9(3.3.3.9) 30 hops max,40 bytes packet 1 10.1.1.2 25 ms 30.1.1.2 25 ms 10.1.1.
Create a bypass LSP that traverses the path Router B→Router E→Router C. Router B is the PLR and Router C is the MP. Explicitly route the primary TE tunnel and the bypass TE tunnel with the signaling protocol being RSVP-TE. Figure 31 Network diagram Device Interface IP address Device Interface IP address Router A Loop0 1.1.1.1/32 Router E Loop0 5.5.5.5/32 GE 2/1/1 2.1.1.1/24 POS 5/1/0 3.2.1.2/24 Loop0 2.2.2.2/32 GE 2/1/1 2.1.1.2/24 GE 2/1/2 Router B Router D POS 5/1 3.3.1.
3. 4.1.1.0/24 ISIS 15 30 2.1.1.2 GE2/1/1 4.4.4.4/32 ISIS 15 30 2.1.1.2 GE2/1/1 5.5.5.5/32 ISIS 15 20 2.1.1.2 GE2/1/1 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 Configure basic MPLS TE, and enable RSVP-TE and CSPF: # Configure Router A. system-view [RouterA] mpls lsr-id 1.1.1.
[RouterA-explicit-path-pri-path] next hop 3.1.1.2 [RouterA-explicit-path-pri-path] next hop 4.1.1.2 [RouterA-explicit-path-pri-path] next hop 4.4.4.4 [RouterA-explicit-path-pri-path] quit # Configure the MPLS TE tunnel carried on the primary LSP. [RouterA] interface tunnel 4 [RouterA-Tunnel4] ip address 10.1.1.1 255.255.255.0 [RouterA-Tunnel4] tunnel-protocol mpls te [RouterA-Tunnel4] destination 4.4.4.
5.
Execute the display mpls lsp command on each router for LSP entries. You can see that two LSPs are traversing Router B and Router C. [RouterA] display mpls lsp -----------------------------------------------------------------LSP Information: RSVP LSP -----------------------------------------------------------------FEC In/Out Label In/Out IF 4.4.4.
LSP-Id Destination In/Out-If 1.1.1.1:1 4.4.4.4 GE2/1/1/- Name Tunnel4 [RouterE] display mpls te tunnel LSP-Id Destination In/Out-If 2.2.2.2:1 3.3.3.3 POS5/1/0/POS5/1 Name Tunnel5 Execute the display mpls lsp verbose command on Router B. You can see that the bypass tunnel is bound with the protected interface GigabitEthernet 2/1/2 and is unused.
%Sep 7 08:53:34 2004 RouterB IFNET/5/UPDOWN:Line protocol on the interface GigabitEthernet2/1/2 turns into DOWN state # Execute the display interface tunnel 4 command on Router A to identify the state of the primary LSP. You can see that the tunnel interface is still up. # Execute the display mpls te tunnel-interface command on Router A to view the configuration of the tunnel interface.
Session ID : Admin State : 10 Ingress LSR ID : 1.1.1.1 Egress LSR ID: 4.4.4.
In-Interface : GigabitEthernet2/1/1 Out-Interface : GigabitEthernet2/1/2 LspIndex : 4097 Tunnel ID : 0x22001 LsrType : Transit Bypass In Use : In Use BypassTunnel : Tunnel Index[Tunnel5], InnerLabel[1024] Mpls-Mtu : 1500 No : 2 IngressLsrID : 2.2.2.2 LocalLspID : 1 Tunnel-Interface : Tunnel5 Fec : 3.3.3.3/32 Nexthop : 3.2.1.
Use RSVP-TE to create a TE tunnel from Router A to Router D. Traffic of the tunnel belongs to CT 2, and the tunnel needs a bandwidth of 4000 kbps. For each link that the tunnel traverses, set the maximum bandwidth to 10000 kbps, the maximum reservable bandwidth to 10000 kbps, and BC 1, BC 2, and BC 3 to 8000 kbps, 5000 kbps, and 2000 kbps, respectively. Figure 32 Network diagram Device Interface IP address Device Interface IP address Router A Loop0 1.1.1.9/32 Router C Loop0 3.3.3.
[RouterB-GigabitEthernet2/1/1] isis enable 1 [RouterB-GigabitEthernet2/1/1] isis circuit-level level-2 [RouterB-GigabitEthernet2/1/1] quit [RouterB] interface pos 5/1/0 [RouterB-POS5/1/0] isis enable 1 [RouterB-POS5/1/0] isis circuit-level level-2 [RouterB-POS5/1/0] quit [RouterB] interface loopback 0 [RouterB-LoopBack0] isis enable 1 [RouterB-LoopBack0] isis circuit-level level-2 [RouterB-LoopBack0] quit # Configurations on Router C.
3. 2.2.2.9/32 ISIS 15 10 10.1.1.2 GE2/1/1 3.3.3.9/32 ISIS 15 20 10.1.1.2 GE2/1/1 4.4.4.9/32 ISIS 15 30 10.1.1.2 GE2/1/1 10.1.1.0/24 Direct 0 0 10.1.1.1 GE2/1/1 10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 20.1.1.0/24 ISIS 15 20 10.1.1.2 GE2/1/1 30.1.1.0/24 ISIS 15 30 10.1.1.2 GE2/1/1 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.
[RouterC-mpls] quit [RouterC] interface giabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] mpls [RouterC-GigabitEthernet2/1/1] mpls te [RouterC-GigabitEthernet2/1/1] mpls rsvp-te [RouterC-GigabitEthernet2/1/1] quit [RouterC] interface pos 5/1/0 [RouterC-POS5/1/0] mpls [RouterC-POS5/1/0] mpls te [RouterC-POS5/1/0] mpls rsvp-te [RouterC-POS5/1/0] quit # Configure Router D. [RouterD] mpls lsr-id 4.4.4.
[RouterA] interface giabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] mpls te max-link-bandwidth 10000 [RouterA-GigabitEthernet2/1/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterA-GigabitEthernet2/1/1] quit # Configure the maximum bandwidth and bandwidth constraints on Router B.
[RouterA] display interface tunnel Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 64000 Internet Address is 7.1.1.1/24 Primary Encapsulation is TUNNEL, service-loopback-group ID not set Tunnel source unknown, destination 4.4.4.
Interfaces Protected: - VPN Bind Type : NONE VPN Bind Value : - Car Policy : Disabled Tunnel Group : Primary Primary Tunnel : - Backup Tunnel : - Group Status : - # Execute the display mpls te cspf tedb all command on Router A to view the link information in the TEDB. [RouterA] display mpls te cspf tedb all Maximum Node Supported: 128 Maximum Link Supported: 256 Current Total Node Number: 4 Current Total Link Number: 6 Id MPLS LSR-Id IGP Process-Id Area Link-Count 1 3.3.3.
8. Create a static route to direct traffic destined for subnet 30.1.1.0/24 into the MPLS TE tunnel: [RouterA] ip route-static 30.1.1.2 24 tunnel 1 preference 1 Execute the display ip routing-table command on Router A. The routing table has a static route entry with interface Tunnel 1 as the outgoing interface. MPLS LDP over MPLS TE configuration example Network requirements Router A through Router E all support MPLS and run OSPF as the IGP.
[RouterB] mpls lsr-id 2.2.2.2 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls rsvp-te [RouterB-mpls] mpls te cspf [RouterB-mpls] quit [RouterB] interface pos 5/1/0 [RouterB-POS5/1/0] mpls [RouterB-POS5/1/0] mpls te [RouterB-POS5/1/0] mpls rsvp-te [RouterB-POS5/1/0] quit # Configure Router E. system-view [RouterE] mpls lsr-id 5.5.5.
# Configure an MPLS TE tunnel. [RouterB] interface tunnel 4 [RouterB-Tunnel4] ip address 10.1.1.1 255.255.255.0 [RouterB-Tunnel4] tunnel-protocol mpls te [RouterB-Tunnel4] destination 3.3.3.3 [RouterB-Tunnel4] mpls te tunnel-id 10 # Configure IGP shortcut. [RouterB-Tunnel4] mpls te igp shortcut [RouterB-Tunnel4] mpls te igp metric relative -1 [RouterB-Tunnel4] mpls te commit # Enable MPLS. [RouterB-Tunnel4] mpls [RouterB-Tunnel4] quit # Configure OSPF TE.
6. Destination/Mask Proto Pre Cost NextHop Interface 1.1.1.1/32 OSPF 10 1 2.1.1.1 GE2/1/1 2.1.1.0/24 Direct 0 0 2.1.1.2 GE2/1/1 2.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0 2.2.2.2/32 Direct 0 0 127.0.0.1 InLoop0 3.1.1.0/24 Direct 0 0 3.1.1.1 GE2/1/2 3.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 3.3.3.3/32 OSPF 10 1 10.1.1.1 Tun4 4.1.1.0/24 OSPF 10 2 10.1.1.1 Tun4 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.
Negotiated Keepalive Timer : 45 Sec Keepalive Message Sent/Rcvd : 437/437 (Message Count) Label Advertisement Mode : Downstream Unsolicited Label Resource Status(Peer/Local) : Available/Available Peer Discovery Mechanism : Basic Session existed time : 000:01:48 LDP Basic Discovery Source : GigabitEthernet2/1/1 (DDD:HH:MM) Addresses received from peer: (Count: 2) 2.1.1.1 1.1.1.1 ---------------------------------------------------------------------Peer LDP ID : 3.3.3.3:0 TCP Connection : 2.
7. Verify the configuration: Execute the display mpls lsp command on Router B. The output shows that the LDP LSP from Router B to Router C is nested within the MPLS TE tunnel. The outgoing interface of the LDP LSP is the MPLS TE tunnel interface. [RouterB] display mpls lsp include 3.3.3.3 32 verbose ---------------------------------------------------------------------LSP Information: RSVP LSP ---------------------------------------------------------------------No : 1 IngressLsrID : 2.2.2.
Out-Interface : Tunnel4 LspIndex : 6148 Tunnel ID : 0x11000f LsrType : Transit Outgoing Tunnel ID : 0x15000d Label Operation : SWAP MPLS TE in MPLS L3VPN configuration example Network requirements CE 1 and CE 2 belong to VPN 1. They are connected to the MPLS backbone respectively through PE 1 and PE 2. The IGP protocol running on the MPLS backbone is OSPF. • Set up an MPLS TE tunnel to forward traffic of VPN 1 from PE 1 to PE 2.
# Configure PE 2. system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 3.3.3.3 255.255.255.255 [PE2-LoopBack0] quit [PE2] interface pos 5/1/1 [PE2-POS5/1/1] ip address 10.0.0.2 255.255.255.0 [PE2-POS5/1/1] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 10.0.0.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit After you complete the configuration, the PEs establish an OSPF neighbor relationship.
[PE1] interface pos 5/1/1 [PE1-POS5/1/1] mpls [PE1-POS5/1/1] mpls te [PE1-POS5/1/1] mpls rsvp-te [PE1-POS5/1/1] quit # Configure PE 2. [PE2] mpls lsr-id 3.3.3.3 [PE2] mpls [PE2-mpls] lsp-trigger all [PE2-mpls] mpls te [PE2-mpls] mpls rsvp-te [PE2-mpls] mpls te cspf [PE2-mpls] quit [PE2] interface pos 5/1/1 [PE2-POS5/1/1] mpls [PE2-POS5/1/1] mpls te [PE2-POS5/1/1] mpls rsvp-te [PE2-POS5/1/1] quit 3. Enable OSPF TE: # Configure PE 1.
5. Configure the VPN instance on each PE, and bind it to the interface connected to the CE: # Configure on CE 1. system-view [CE1] interface giabitethernet 2/1/1 [CE1-GigabitEthernet2/1/1] ip address 192.168.1.2 255.255.255.0 [CE1-GigabitEthernet2/1/1] quit # Configure the VPN instance on PE 1, and use CR-LSP for VPN setup. Bind the VPN instance with the interface connected to CE 1.
PING 192.168.1.2: 56 data bytes, press CTRL_C to break Reply from 192.168.1.2: bytes=56 Sequence=1 ttl=255 time=47 ms Reply from 192.168.1.2: bytes=56 Sequence=2 ttl=255 time=26 ms Reply from 192.168.1.2: bytes=56 Sequence=3 ttl=255 time=26 ms Reply from 192.168.1.2: bytes=56 Sequence=4 ttl=255 time=26 ms Reply from 192.168.1.2: bytes=56 Sequence=5 ttl=255 time=26 ms --- 192.168.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.
Execute the display bgp peer command and the display bgp vpn-instance peer command on PEs. The output shows that the BGP peer relationships have been formed between PEs and between PEs and CEs and have reached Established state. Take PE 1 for example: [PE1-bgp] display bgp peer BGP local router ID : 2.2.2.2 Local AS number : 100 Total number of peers : 1 Peer V AS 3.3.3.
No : 1 IngressLsrID : 2.2.2.2 LocalLspID : 1 Tunnel-Interface : Tunnel1 Fec : 3.3.3.3/32 Nexthop : 10.0.0.
Outgoing Tunnel ID : 0x0 Label Operation : POP No : 4 VrfIndex : Fec : 3.3.3.3/32 Nexthop : 10.0.0.2 In-Label : NULL Out-Label : 3 In-Interface : ---------- Out-Interface : POS5/1/1 LspIndex : 10242 Tunnel ID : 0x22000 LsrType : Ingress Outgoing Tunnel ID : 0x0 Label Operation : PUSH # Execute the display interface tunnel command on PE 1. The output shows that traffic is forwarded along the CR-LSP of the TE tunnel.
Solution 1. Use the display current-configuration command to verify that MPLS TE is configured on involved interfaces. 2. Use the debugging ospf mpls-te command to verify that OSPF can receive the TE LINK establishment message. 3. Use the display ospf peer command to verify that OSPF neighbors are established correctly.
Configuring MPLS L2VPN Overview MPLS L2VPN is an MPLS-based Layer 2 VPN technology. It uses MPLS to establish Layer 2 connections between network nodes. Using MPLS L2VPN, carriers can transparently transport Layer 2 data of different data link layer protocols (including ATM, FR, VLAN, Ethernet, and PPP) over a single MPLS or IP backbone. From the perspective of users, the MPLS or IP backbone network is a Layer 2 switched network.
MPLS L2VPN network models MPLS L2VPN network models include remote connection model and local connection model. Remote connection model As shown in Figure 35, this model connects two Layer 2 customer networks over an MPLS or IP backbone. Figure 35 Remote connection Local connection model As shown in Figure 36, this model connects two Layer 2 customer networks to the same PE. The customer networks exchange packets with each other through the PE. The PE functions like a Layer 2 switch.
To set up a VC, the two PEs assign VC labels to each other to set up a pair of unidirectional LSPs in opposite directions. By VC setup mode, MPLS L2VPN can be implemented in Circuit Cross Connect (CCC) mode, Static Virtual Circuit (SVC) mode, Martini mode, or Kompella mode. For more information, see "Implementation of MPLS L2VPN." 3. Set up ACs and bind the ACs to the VC, so the PEs can forward user packets from ACs through the VC: a.
This packet forwarding process is not applicable to the CCC mode of MPLS L2VPN. For more information about the CCC mode of MPLS L2VPN, see "CCC MPLS L2VPN." Local connection operation Local connection establishment To set up a local MPLS L2VPN connection between two CEs: 1. Set up ACs: Configure the link layer protocol on the PE and a connected CE to set up a link layer connection (such as a PPP connection) between the PE and the CE. 2.
Figure 39 CCC MPLS L2VPN network diagram After you complete the configurations as shown in Figure 39, a static LSP from PE 1 to PE 2 and a static LSP from PE 2 to PE 1 are established. Bind the two LSPs to Interface A on PE 1 and to Interface B on PE 2. A CCC connection is successfully established. The following describes how a packet is forwarded from CE 1 to CE 2: 1.
Figure 40 Label distribution in Martini mode Kompella MPLS L2VPN Kompella MPLS L2VPN employs two levels of labels to transfer user packets, and uses BGP as the signaling protocol to distribute the inner VC label. Different from other MPLS L2VPN modes, Kompella introduces the concept of VPN. It allows CEs in the same VPN to establish a connection. CEs in different VPNs cannot establish a connection. Kompella MPLS L2VPN has the following basic concepts: • CE ID—Kompella numbers CEs inside a VPN.
• Label-block Offset—Offset of the label block. When CEs increase in a VPN and the existing label block size is not enough, you do not need to withdraw the label block on the PEs. Instead, you can assign a new label block in addition to the existing label block to enlarge the label range. A PE uses LO to identify a label block among all label blocks, and to determine from which label block it assigns labels. The LO value of a label block is the sum of LRs of all previously assigned label blocks.
A PE adds the VC label assigned by the peer PE into a Layer 2 packet from a local CE. For example, when PE 1 forwards packets from CE 1 to CE 2, it adds VC label 3001. Figure 42 Label distribution in Kompella mode As shown in Figure 42, CE 1 and CE 2 belong to VPN 1. CE 3 and CE 4 belong to VPN 2. Configure route targets for the two VPNs to make sure CEs in the same VPN can set up a VC and CEs in different VPNs cannot. A VC is set up as follows (take the VC between CE 1 and CE 2 as an example): 1.
Table 2 Comparing MPLS L2VPN implementation modes Mode VC label encapsulation and distribution Advantages and disadvantages Application scenario Advantages: • Requires no signaling protocol and occupies fewer network resources. CCC VC label encapsulation: one level of label VC label distribution: static configuration • Network devices only need to support MPLS. • Better QoS for traffic as LSPs are exclusive to CCC connections. • Supports local and remote connections.
VC types A PE encapsulates a Layer 2 packet received from an AC according to the VC type. The VC type is determined by the AC type, as shown in Table 3. Table 3 Relationship between AC types and VC types AC type VC type PPP PPP HDLC HDLC FR DLCI mode FR FR port mode Ethernet Ethernet VLAN ATM ATM AAL5 transparent transport VC type for PPP/HDLC links If the AC type is PPP, the VC type is PPP. If the AC type is HDLC, the VC type is HDLC.
{ { If the peer PE does not require the ingress to rewrite the P-tag: The PE keeps the P-Tag unchanged for the packet and then encapsulates the packet. If the packet contains no P-tag, the PE adds a null label (the label value is 0) into the packet, and then encapsulates the packet. If the peer PE requires the ingress to rewrite the P-tag: The PE changes the P-Tag to the VLAN tag (the tag may be a null tag) expected by the peer PE, and then encapsulates the packet.
• Avoid packet disorder—In case of multi-path forwarding, packets received might be disordered. You can configure the control word function on the device, so the device can reorder the packets according to the sequence number carried in the control word field. • Transfer specific Layer 2 frame flags—When a PE processes Layer 2 packets, it might discard some information, such as the FECN bit and BECN bit of Frame Relay.
• The LDP session between the two endpoint PEs of the primary VC (for example, the LDP session between PE 1 and PE 2 in Figure 44) goes down, causing deletion of the primary VC. • A VC switchover command is executed. MPLS L2VPN configuration task list To set up a remote VC connection between two PEs, complete the following tasks: • Configure an IGP on PEs and P devices to ensure IP connectivity in the backbone. • Configure MPLS, GRE, or MPLS TE to set up public tunnels across the backbone network.
Step Command Remarks 4. Return to system view. quit N/A 5. Enable L2VPN and enter L2VPN view. l2vpn Disabled by default. 6. Enable MPLS L2VPN. mpls l2vpn Disabled by default. Configuring a PE-CE interface A PE-CE interface refers to a PE's interface connected to a CE. On a PE-CE interface, you must configure the link layer protocol to set up an AC between the PE and CE. The configurations on the interface vary with different VC types.
Step Command Remarks 2. Enter interface view. interface { serial | pos } interface-number After you configure FR DLCI or FR port mode encapsulation on a serial interface, you must use the reset fr inarp command to clear FR dynamic address mappings between the PE and the CE. For more information about the reset fr inarp command, see Layer 2—WAN Command Reference. 3. Configure the link layer protocol. link-protocol fr [ nonstandard | ietf ] By default, the link layer protocol of an interface is PPP.
Step Command Create a default IPoA mapping for the PVC. 4. Remarks Optional. map ip default By default, no IP address mapping exists. For more information about PVCs and ATM interfaces, see Layer 2—WAN Configuration Guide. Configuring CCC MPLS L2VPN Configuring a local CCC connection To create a local CCC connection on a PE: Step 1. 2. Command Remarks Enter system view. system-view N/A Create a local CCC connection on the PE to connect two CEs.
Step 1. 2. Command Remarks Enter system view. system-view N/A Create a remote CCC connection. ccc ccc-connection-name interface interface-type interface-number in-label in-label-value out-label out-label-value { nexthop ip-address | out-interface interface-type interface-number } [ control-word | no-control-word ] The interface interface-type interface-number option specifies a PE-CE interface of the PE.
Configuring a static VC on a Layer 3 interface Step Command Remarks 1. Enter system view. system-view N/A 2. Enter the view of the interface connecting the CE. interface interface-type interface-number N/A Create a static VC. mpls static-l2vc destination destination-router-id transmit-vpn-label transmit-label-value receive-vpn-label receive-label-value [ { control-word | ethernet | no-control-word | vlan } | tunnel-policy tunnel-policy-name ] * This feature is not supported on VLAN interfaces.
Configuring primary and backup static VCs for a service instance NOTE: This feature is supported only on routers with SAP-4EXPs. To perform this task, complete the following operations on a PE: • Create a service instance on a Layer 2 Ethernet interface. • Configure a packet matching rule for the service instance. • Create a primary static VC and a backup static VC for the service instance.
Step 9. Command Create a primary static VC and a backup static VC and enter static-xpeer view 10. Configure the VC labels for the primary VC.
After you configure a Martini VC for a service instance applied on a Layer 2 Ethernet interface, the interface uses the service instance to match incoming packets. Packets matching the service instance are forwarded over the VC. A service instance can match all packets received on the interface, packets carrying the specified VLAN tags, all tagged packets, or packets with no VLAN tags. Service instances can be created only on Layer 2 Ethernet interfaces.
Create a Martini VC for the service instance. • After you perform these configurations, packets arriving at the Layer 2 Ethernet interface and matching the packet matching rule are forwarded over the created VC. To create a Martini VC for a service instance: Step Command Remarks N/A 1. Enter system view. system-view 2. Create a PW class and enter PW class view. pw-class pw-class-name Specify the VC type. trans-mode { ethernet | vlan } 3. Optional. By default, no PW class is created. Optional.
Step Command Remarks 11. Display information about one or all service instances configured on the interface. display service-instance interface interface-type interface-number [ service-instance instance-id ] [ | { begin | exclude | include } regular-expression ] Available in any view. To ensure normal forwarding of VPN traffic, the Layer 2 Ethernet interface must allow the VLANs that might appear in the VPN traffic.
Step Command Remarks 4. Specify the interface for the TCP connection. peer { group-name | ip-address } connect-interface interface-type interface-number N/A 5. Enter BGP L2VPN address family view. l2vpn-family N/A 6. Enable the filtering by the route target extended community attributes for the received routing information. policy vpn-target Enable the specified peer or peers to exchange BGP routing information for the BGP-L2VPN address family. peer { group-name | ip-address } enable 7.
Creating a CE connection Configuration parameters and guidelines • id ce-id: Specifies the CE ID of a local CE connected to the PE. • range ce-range: Specifies the CE range—the maximum number of CEs to which the specified CE can connect. You can configure a CE range greater than what is required based on your estimate of future VPN expansion. This can reduce configuration workload required when CEs are added into the VPN in future. • default-offset default-offset: Specifies the initial CE ID, 0 or 1.
Configuration procedure To create a CE connection: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter MPLS L2VPN view. mpls l2vpn vpn-name N/A 3. Create a CE, specify the CE name, CE ID, CE range, and the initial CE ID, and enter MPLS L2VPN CE view. ce ce-name [ id ce-id [ range ce-range ] [ default-offset default-offset ] ] N/A 4. Create a Kompella connection.
Task Command Remarks Display information about static VCs. display mpls static-l2vc [ interface interface-type interface-number [ service-instance instance-id ] ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display information about Martini VCs. display mpls l2vc [ interface interface-type interface-number [ service-instance instance-id ] | remote-info ] [ | { begin | exclude | include } regular-expression ] Available in any view.
Figure 45 Network diagram CE 2 S2/1/0 100.1.1.2/24 Local CCC connection S2/1/0 100.1.1.1/24 S2/1/1 S2/1/0 PE CE 1 Loop0 172.1.1.1/32 Configuration considerations Because a local CCC connection is bidirectional, one local CCC connection is enough for CE 1 and CE 2 to communicate with each other. Configuration procedure 1. Configure CE 1: # Configure the link protocol type as PPP on interface Serial 2/1/0 (the interface connected to the PE), and configure an IP address for the interface.
[PE] interface serial 2/1/1 [PE-Serial2/1/1] link-protocol ppp [PE-Serial2/1/1] quit # Create a local connection between CE 1 and CE 2. [PE] ccc ce1-ce2 interface serial 2/1/0 out-interface serial 2/1/1 3. Configure CE 2: # Configure the link protocol type of interface Serial 2/1/0 (the interface connected to the PE) as PPP, and configure an IP address for the interface.
Figure 46 Network diagram Device Interface IP address Device Interface IP address CE 1 POS5/1/0 100.1.1.1/24 CE 2 POS5/1/0 100.1.1.2/24 PE 1 Loop0 10.0.0.1/32 P Loop0 10.0.0.2/32 POS5/1/1 10.1.1.1/24 POS5/1/0 10.2.2.2/24 Loop0 10.0.0.3/32 POS5/1/1 10.1.1.2/24 POS5/1/0 10.2.2.1/24 PE 2 Configuration considerations The following steps are required: 1. Create a remote CCC connection on the PEs. No static LSP is required on the PEs. 2. Enable MPLS L2VPN on the PEs.
[PE1-l2vpn] quit # Configure interface POS 5/1/0. [PE1] interface pos 5/1/0 [PE1-POS5/1/0] link-protocol ppp [PE1-POS5/1/0] quit # Configure interface POS 5/1/1, and enable MPLS. [PE1] interface pos 5/1/1 [PE1-POS5/1/1] link-protocol ppp [PE1-POS5/1/1] ip address 10.1.1.
[Sysname] sysname PE2 [PE2] interface loopback 0 [PE2-LoopBack0] ip address 10.0.0.3 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 10.0.0.3 [PE2] mpls [PE2-mpls] quit # Enable L2VPN and MPLS L2VPN. [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit # Configure interface POS 5/1/1. [PE2] interface pos 5/1/1 [PE2-POS5/1/1] link-protocol ppp [PE2-POS5/1/1] quit # Configure interface POS 5/1/0 and enable MPLS. [PE2] interface pos 5/1/0 [PE2-POS5/1/0] link-protocol ppp [PE2-POS5/1/0] ip address 10.2.2.
Out-interface : POS5/1/1 # Ping CE 2 from CE 1. The output shows that CE 1 and CE 2 can ping each other. [CE1] ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=180 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=70 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=60 ms --- 100.1.1.
2. Set up an SVC: Enable MPLS L2VPN on PE 1 and PE 2, create a static VC, and specify the VC labels. Configuration procedure 1. Configure CE 1: # Configure the link protocol as PPP on interface POS 5/1/0 (the interface connected to PE 1), and configure an IP address for the interface. system-view [Sysname] sysname CE1 [CE1] interface pos 5/1/0 [CE1-POS5/1/0] link-protocol ppp [CE1-POS5/1/0] ip address 100.1.1.1 24 2. Configure PE 1: # Configure the LSR ID and enable MPLS globally.
[PE1-POS5/1/0] mpls static-l2vc destination 192.3.3.3 transmit-vpn-label 100 receive-vpn-label 200 [PE1-POS5/1/0] quit 3. Configure the P router: # Configure the LSR ID and enable MPLS globally. system-view [Sysname] sysname P [P] interface loopback 0 [P-LoopBack0] ip address 192.4.4.4 32 [P-LoopBack0] quit [P] mpls lsr-id 192.4.4.4 [P] mpls [P-mpls] quit # Enable LDP globally. [P] mpls ldp [P-mpls-ldp] quit # Configure the interface connected with PE 1, and enable LDP on the interface.
[PE2-mpls] quit # Enable L2VPN and MPLS L2VPN. [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit # Enable LDP globally. [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure the interface connected with the P router, and enable LDP on the interface. [PE2] interface pos 5/1/0 [PE2-POS5/1/0] link-protocol ppp [PE2-POS5/1/0] ip address 10.2.2.1 24 [PE2-POS5/1/0] mpls [PE2-POS5/1/0] mpls ldp [PE2-POS5/1/0] quit # Configure OSPF on PE 2 for establishing LSPs. [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.
POS5/1/1 up 192.2.2.2 200 100 - # Ping CE 2 from CE 1. The output shows that CE 1 and CE 2 can ping each other. [CE1] ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=150 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=130 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=130 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=140 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=80 ms --- 100.
[Sysname] sysname CE1 [CE1] interface serial 2/1/0 [CE1-Serial2/1/0] link-protocol ppp [CE1-Serial2/1/0] ip address 100.1.1.1 24 2. Configure PE 1: # Configure the LSR ID and enable MPLS globally. system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.2.2.2 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 192.2.2.2 [PE1] mpls [PE1-mpls] quit # Enable L2VPN and MPLS L2VPN. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Enable LDP globally.
system-view [Sysname] sysname P [P] interface loopback 0 [P-LoopBack0] ip address 192.4.4.4 32 [P-LoopBack0] quit [P] mpls lsr-id 192.4.4.4 [P] mpls [P-mpls] quit # Enable LDP globally. [P] mpls ldp [P-mpls-ldp] quit # Configure the interface connected to PE 1, and enable LDP on the interface. [P] interface serial 2/1/0 [P-Serial2/1/0] link-protocol ppp [P-Serial2/1/0] ip address 10.1.1.
# Enable LDP globally. [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure the peer relationship with PE 1 so that the LDP remote session can be established between them. [PE2] mpls ldp remote-peer 2 [PE2-mpls-ldp-remote-2] remote-ip 192.2.2.2 [PE2-mpls-ldp-remote-2] quit # Configure the interface connected to the P device, and enable LDP on the interface. [PE2] interface serial 2/1/1 [PE2-Serial2/1/1] link-protocol ppp [PE2-Serial2/1/1] ip address 10.2.2.
Transport Client VC Local Remote VC ID Intf State VC Label VC Label 101 S2/1/0 up 1025 1024 # Ping CE 2 from CE 1. The output shows that CE 1 and CE 2 can ping each other. [CE1] ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=30 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=50 ms Reply from 100.1.1.
Configuration procedure 1. Configure CE 1: # Assign IP address to interfaces. system-view [Sysname] sysname CE1 [CE1] interface serial 2/1/0 [CE1-Serial2/1/0] link-protocol ppp [CE1-Serial2/1/0] ip address 100.1.1.1 24 [CE1-Serial2/1/0] ip address 100.2.1.1 24 sub [CE1-Serial2/1/0] quit [CE1] interface serial 2/1/1 [CE1-Serial2/1/1] link-protocol ppp [CE1-Serial2/1/1] ip address 100.3.1.1 24 [CE1-Serial2/1/1] quit # Configure IS-IS. [CE1] isis 1 [CE1-isis-1] network-entity 10.0000.0000.0001.
[PE1-Serial2/1/2] ip address 13.1.1.1 24 [PE1-Serial2/1/2] mpls [PE1-Serial2/1/2] mpls ldp [PE1-Serial2/1/2] quit # Configure OSPF on PE 1. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Enable L2VPN and MPLS L2VPN.
[PE2-ospf-1] quit # Enable L2VPN and MPLS L2VPN. [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit # Create a VC on the interface connected to CE 2. This interface needs no IP address. [PE2] interface serial 2/1/1 [PE2-Serial2/1/1] mpls l2vc 1.1.1.1 20 [PE2-Serial2/1/1] quit 4. Configure PE 3: # Configure the LSR ID and enable MPLS globally. system-view [Sysname] sysname PE3 [PE3] interface loopback 0 [PE3-LoopBack0] ip address 3.3.3.3 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 3.3.3.
[Sysname] sysname CE2 [CE2] interface serial 2/1/0 [CE2-Serial2/1/0] link-protocol ppp [CE2-Serial2/1/0] ip address 100.1.1.2 24 [CE2-Serial2/1/0] quit [CE2] interface serial 2/1/1 [CE2-Serial2/1/1] link-protocol ppp [CE2-Serial2/1/1] ip address 100.2.1.2 24 # Configure IS-IS. [CE2] isis 1 [CE2-isis-1] network-entity 10.0000.0000.0002.
***VC ID : 30 VC State : blocked Destination : 3.3.3.3 Local Group ID : 0 Remote Group ID : 0 Local VC Label : 1027 Remote VC Label : 1050 Tunnel Policy : - Tunnel Type : lsp Tunnel ID : 0xd2001 Remote VCCV CC Type : CW, RA Remote VCCV CV Type : LSPV # Display VC information on PE 2. The output shows that a VC has been established on PE 2.
Reply from 100.3.1.1: bytes=56 Sequence=5 ttl=255 time=70 ms --- 100.3.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/50/70 ms # Use the mpls l2vc switchover command on PE 1 to switch the working VC. system-view [PE1] interface serial 2/1/0 [PE1-Serial2/1/0] mpls l2vc switchover [PE1-Serial2/1/0] quit # Display VC information on PE 1. The output shows that the backup VC is now up.
Example for configuring Kompella MPLS L2VPN Network requirements CEs are connected to PEs through Serial interfaces. The link layer encapsulation protocol is PPP. Establish a Kompella VC, so CE 1 and CE 2 can exchange Layer 2 packets across the backbone. Figure 50 Network diagram Device Interface IP address Device Interface IP address CE 1 S2/1/0 30.1.1.1/24 CE 2 S2/1/0 30.1.1.2/24 PE 1 Loop0 1.1.1.9/32 P Loop0 2.2.2.9/32 POS5/1/1 168.1.1.1/24 POS5/1/0 168.1.1.2/24 PE 2 Loop0 3.3.3.
[PE1-bgp-af-l2vpn] policy vpn-target [PE1-bgp-af-l2vpn] peer 3.3.3.9 enable [PE1-bgp-af-l2vpn] quit [PE1-bgp] quit # Configure PE 2. system-view [Sysname] sysname PE2 [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0 [PE2-bgp] l2vpn-family [PE2-bgp-af-l2vpn] policy vpn-target [PE2-bgp-af-l2vpn] peer 1.1.1.
Display the MPLS L2VPN connection information on PE1. [PE1] display mpls l2vpn connection 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown VPN name: vpn1, 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id route-distinguisher intf 2 100:1 S2/1/0 rmt up 3.3.3.9 # Ping CE 2 from CE 1. The output shows that CE 1 and CE 2 can ping each other. [CE1] ping 30.1.1.2 PING 30.1.1.
system-view [Sysname] sysname PE [PE] l2vpn [PE-l2vpn] mpls l2vpn [PE-l2vpn] quit [PE] mpls l2vpn vpn1 encapsulation ppp [PE-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE-mpls-l2vpn-vpn1] vpn-target 111:1 [PE-mpls-l2vpn-vpn1] ce ce1 id 1 [PE-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 2 interface serial 2/1/0 [PE-mpls-l2vpn-ce-vpn1-ce1] quit [PE-mpls-l2vpn-vpn1] ce ce2 id 2 [PE-mpls-l2vpn-ce-vpn1-ce2] connection ce-offset 1 interface serial 2/1/1 [PE-mpls-l2vpn-vpn1] quit 2.
0.00% packet loss round-trip min/avg/max = 34/68/94 ms Example for configuring a VC for a service instance This configuration example applies only to routers with SAP-4EXPs. Network requirements CE 1 and CE 2 are connected to PE 1 and PE 2 through Layer 3 Ethernet interfaces. On PE 1 and PE 2, create a VC for CE 1 and CE 2 in service instance view, so CE 1 and CE 2 can exchange Layer 2 packet across the backbone.
[PE1] mpls [PE1-mpls] quit # Enable L2VPN and MPLS L2VPN. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Enable LDP globally. [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure PE 1 to establish an LDP remote session with PE 2. [PE1] mpls ldp remote-peer 1 [PE1-mpls-ldp-remote-1] remote-ip 192.3.3.3 [PE1-mpls-ldp-remote-1] quit # Configure the interface connected with the P device and enable LDP on the interface. [PE1] interface ten-GigabitEthernet 1/0/2 [PE1-Ten-GigabitEthernet1/0/2] ip address 23.
[P-mpls-ldp] quit # Configure the interface connected with PE 1 and enable LDP on the interface. [P] interface ten-GigabitEthernet1/0/2 [P-Ten-GigabitEthernet1/0/2] ip address 23.1.1.2 24 [P-Ten-GigabitEthernet1/0/2] mpls [P-Ten-GigabitEthernet1/0/2] mpls ldp [P-Ten-GigabitEthernet1/0/2] quit # Configure the interface connected with PE 2 and enable LDP on the interface. [P] interface ten-GigabitEthernet1/0/3 [P-Ten-GigabitEthernet1/0/3] ip address 26.2.2.
[PE2-Ten-GigabitEthernet1/0/3] mpls ldp [PE2-Ten-GigabitEthernet1/0/3] quit # Configure OSPF. [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 192.3.3.3 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 26.2.2.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit # On the interface connected to CE 2, create a service instance and create a VC.
Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/68/94 ms Troubleshooting MPLS L2VPN This section describes troubleshooting techniques for MPLS L2VPN. Symptom 1 After the L2VPN configuration, the peer PEs cannot ping each other. The display mpls l2vc command output shows that the VC is down and the remote VC label is invalid (displayed as --).
Configuring VPLS Overview Virtual Private LAN Service (VPLS), also called "Transparent LAN Service" or "virtual private switched network service," can deliver a point-to-multipoint L2VPN service over public networks. With VPLS, geographically-dispersed sites can interconnect and communicate over MAN or WAN as if they were on the same LAN. VPLS provides Layer 2 VPN services. However, it supports multipoint services rather than the point-to-point services the traditional VPN supports.
• PW signaling—The PW signaling protocol is the fundament of VPLS. It is used for creating and maintaining PWs and automatically discovering VSI peer PEs. Two PW signaling protocols are available: LDP and BGP. Figure 53 VPLS network diagram Site 1 Tunnel VPN 1 PW AC CE 1 VPN 2 Site 2 MPLS backbone CE 2 Forwarder P CE 3 VPN 1 CE 4 PE 1 PE 2 PWSignaling VPN 2 Site 3 PW establishment VPLS uses PWs to transfer data over the public network.
A PW consists of two unidirectional VC LSPs. A PW is up only when both of the VC LSPs are up. When the inbound VC LSP learns a new MAC address, the PW must map the MAC address to the outbound VC LSP. { Local MAC address learning of interfaces directly connected to users. This refers to learning source MAC addresses from Layer 2 packets originated by CEs. This occurs on the corresponding VSI interfaces. Figure 54 shows the procedure of MAC address learning and flooding on PEs.
VPLS loop avoidance To avoid loops in a VPLS network, full mesh and split horizon forwarding are used instead of STP at the private network side. • Full mesh—PEs are logically fully meshed (so are PWs). Each PE must create for each VPLS forwarding instance a tree to all the other PEs of the instance. • Split horizon forwarding—Each PE must support horizontal split to avoid loops. A PE cannot forward packets through PWs of the same VSI, because all the PEs of a VSI are directly connected.
Advantages of H-VPLS access • H-VPLS has lower requirements on the multi-tenant unit switch (MTU-s). It has distinct hierarchies which fulfill definite tasks. • H-VPLS reduces the logical complexity of the fully meshed network consisting of PEs and the configuration complexity. H-VPLS with LSP access Figure 55 H-VPLS with LSP access As shown in Figure 55, UPE functions as the MTU-s and establishes only a virtual link U-PW with NPE 1. It does not establish virtual links with any other peers.
As shown in Figure 56, MTU is a standard bridging device and QinQ is enabled on its interfaces connected to CEs. Data forwarding in H-VPLS with QinQ access is as follows: 1. Upon receiving a packet from a CE, MTU labels the packet with a VLAN tag as the multiplex distinguishing flag, and transparently sends the packet to PE 1 through the QinQ tunnel. 2.
• The two PEs use different PW signaling protocols. In such cases, you can establish multiple continuous PW segments that function as a single PW, called a "multi-hop PW," a virtual connection between the two PEs. Figure 58 Diagram for multi-hop PW As shown in Figure 58, PE 1 and PE 2 are in different ASs. To set up a multi-hop PW between PE 1 and PE 2, do the following: • Establish three PWs: PW 1 between PE 1 and ASBR 1, PW 2 between ASBR 1 and ASBR 2, and PW 3 between ASBR 2 between PE 2.
Task Remarks Configuring VPLS instance attributes Optional. Inspecting PWs Optional. Enabling L2VPN and MPLS L2VPN Enable L2VPN and MPLS L2VPN before you perform VPLS-related configurations. To enable L2VPN and MPLS L2VPN: Step Command 1. Enter system view. system-view 2. Enable L2VPN and enter L2VPN view. l2vpn 3. Enable MPLS L2VPN. mpls l2vpn For more information about the l2vpn command and the mpls l2vpn command, see MPLS Command Reference.
4. Specify the local and remote VC labels. To configure a static VPLS instance: Step Command Remarks N/A 1. Enter system view. system-view 2. Create a PW class and enter its view. pw-class pw-class-name Configure the PW transport mode. trans-mode { ethernet | vlan } 3. Optional. By default, no PW class is created. Optional. VLAN by default. Optional. 4. Specify a tunneling policy.
Configuring LDP VPLS Before you configure LDP VPLS, complete the following tasks: • Configure an IGP on the MPLS backbone devices (PEs and P devices) to ensure IP connectivity. For configuration information, see Layer 3—IP Routing Configuration Guide. • Configure basic MPLS on the MPLS backbone devices (PEs and P devices) to establish LSP tunnels over the backbone network. For configuration information, see "Configuring basic MPLS." • Configure LDP remote peers on PEs to establish remote LDP sessions.
Step Command Remarks 5. Return to system view. quit N/A 6. Create an LDP VPLS instance and enter VSI view. vsi vsi-name static [ p2p ] N/A 7. Specify LDP as the PW signaling protocol and enter VSI LDP view. pwsignal ldp N/A 8. Specify an ID for the VPLS instance. vsi-id vsi-id N/A 9. Create a peer PE for the VPLS instance and enter L2VPN peer view. peer ip-address [ pw-class class-name | [ pw-id pw-id ] [ upe | backup-peer ip-address [ backup-pw-id pw-id ] ] ] * N/A 10.
Step Command Remarks 2. Enter BGP view. bgp as-number N/A 3. Enter BGP-VPLS address family view. vpls-family N/A 4. Activate a peer. peer peer-address enable No peer is activated by default. For more configurations in BGP-VPLS address family view, see "Configuring MPLS L3VPN.
that match the service instance are forwarded by the VPLS instance bound with the service instance. A service instance supports multiple types of packet matching rules (such as matching all packets received on the port, packets carrying the specified VLAN tags, all tagged packets, and all packets with no VLAN tags), providing a more flexible VPLS instance access control.
Step 4. 5. Configure a packet matching rule for the service instance. Associate the service instance with a VPLS instance. Command Remarks encapsulation { port-based | s-vid vlan-id [ only-tagged ] | tagged | untagged } By default, no packet matching rule is configured for a service instance. xconnect vsi vsi-name [ access-mode { ethernet | vlan } ] * By default, a service instance is not associated with any VPLS instance.
Step Command Specify the multicast suppression ratio for the VPLS instance. multicast-restrain ratio Specify the unknown unicast suppression ratio for the VPLS instance. unknown-unicast-restrain ratio 7. Specify the encapsulation type of the VPLS instance. encapsulation { bgp-vpls | ethernet | vlan } 8. Set the MTU of the VPLS instance. mtu mtu Set the description of the VPLS instance. description text 5. 6. Remarks Optional. 100 percent by default. Optional. 100 percent by default. Optional.
Displaying and maintaining VPLS Task Command Remarks Display the VPLS information in the BGP routing table. display bgp vpls { all | group [ group-name ] | peer [ [ ip-address ] verbose ] | route-distinguisher route-distinguisher [ site-id site-id [ label-offset label-offset ] ] } [ | { begin | exclude | include } regular-expression ] Available in any view. Display the MAC address table information for one or all VPLS instances.
On PE 1 and PE 2, perform the following configuration: • Configure VPLS instance aaa to use LDP (Martini mode) and VPLS instance bbb to use BGP (Kompella mode), and configure the AS number as 100. • Configure service instance 1 to match packets that are received on interface Ten-GigabitEthernet 1/0/1 and carry the VLAN tag of 100. Bind service instance 1 to VPLS instance aaa.
[PE1-Ten-GigabitEthernet1/0/2] mpls ldp [PE1-Ten-GigabitEthernet1/0/2] quit # Configure OSPF. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 23.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure BGP extensions. [PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0 [PE1-bgp] vpls-family [PE1-bgp-af-vpls] peer 3.3.3.
# Configure an IP address for loopback 0. system-view [Sysname] sysname P [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit # Configure the LSR ID and enable MPLS globally. [P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit # Enable LDP globally. [P] mpls ldp [P-mpls-ldp] quit # Configure the interface connected to PE 1 and enable LDP on the interface. [P] interface ten-GigabitEthernet 1/0/2 [P-Ten-GigabitEthernet1/0/2] ip address 23.1.1.
# Enable LDP globally. [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure PE 2 to establish a remote LDP peer PE 1. [PE2] mpls ldp remote-peer 2 [PE2-mpls-ldp-remote-2] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-2] quit # Configure the interface connected to the P device and enable LDP on the interface. [PE2] interface ten-GigabitEthernet 1/0/3 [PE2-Ten-GigabitEthernet1/0/3] ip address 26.2.2.
[PE2-Ten-GigabitEthernet1/0/1] port link-type trunk [PE2-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100 200 [PE2-Ten-GigabitEthernet1/0/1] service-instance 1 [PE2-Ten-GigabitEthernet1/0/1-srv1] encapsulation s-vid 100 [PE2-Ten-GigabitEthernet1/0/1-srv1] xconnect vsi aaa [PE2-Ten-GigabitEthernet1/0/1-srv1] quit [PE2-Ten-GigabitEthernet1/0/1] service-instance 2 [PE2-Ten-GigabitEthernet1/0/1-srv2] encapsulation s-vid 200 [PE2-Ten-GigabitEthernet1/0/1-srv2] xconnect vsi bbb [PE2-Ten-GigabitEthernet1/0/1-s
Figure 60 Network diagram Configuration procedure 1. Configure PE 1: # Configure an IGP, such as OSPF. (Details not shown.) # Configure basic MPLS. system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure an IP address for interface GigabitEthernet 2/1/1. [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip address 10.
[PE1-l2vpn] quit # Create VPLS instance aaa that uses LDP signaling. [PE1] vsi aaa static [PE1-vsi-aaa] pwsignal ldp [PE1-vsi-aaa-ldp] vsi-id 500 [PE1-vsi-aaa-ldp] peer 2.2.2.9 [PE1-vsi-aaa-ldp] quit [PE1-vsi-aaa] quit # Create VPLS instance bbb that uses BGP signaling.
[PE2-mpls-ldp] quit # Configure an IP address for interface GigabitEthernet 2/1/1. [PE2] interface gigabitethernet 2/1/1 [PE2-GigabitEthernet2/1/1] ip address 10.10.10.11 24 # Configure basic MPLS on GigabitEthernet 2/1/1. [PE2-GigabitEthernet2/1/1] mpls [PE2-GigabitEthernet2/1/1] mpls ldp [PE2-GigabitEthernet2/1/1] quit # Configure the remote LDP peer. [PE2] mpls ldp remote-peer 2 [PE2-mpls-remote-2] remote-ip 1.1.1.9 [PE2-mpls-remote-2] quit # Configure MP-BGP for VPLS. [PE2] bgp 100 [PE2-bgp] peer 1.
# Configure interface GigabitEthernet 2/1/2 and bind VPLS instance aaa, bbb, or ccc to the interface. [PE2] interface gigabitethernet 2/1/2 To bind VPLS instance aaa to the interface: [PE2-GigabitEthernet2/1/2] l2 binding vsi aaa To bind VPLS instance bbb to the interface: [PE2-GigabitEthernet2/1/2] l2 binding vsi bbb To bind VPLS instance ccc to the interface: [PE2-GigabitEthernet2/1/2] l2 binding vsi ccc [PE2-GigabitEthernet2/1/2] quit 3.
# Configure basic MPLS on GigabitEthernet 2/1/2, the interface connected to NPE 1. [UPE] interface gigabitethernet 2/1/2 [UPE-GigabitEthernet2/1/2] ip address 10.1.1.1 24 [UPE-GigabitEthernet2/1/2] mpls [UPE-GigabitEthernet2/1/2] mpls ldp [UPE-GigabitEthernet2/1/2] quit # Configure the remote LDP peer. [UPE] mpls ldp remote-peer 1 [UPE-mpls-remote-1] remote-ip 2.2.2.9 [UPE-mpls-remote-1] quit # Enable L2VPN and MPLS L2VPN.
[NPE1-GigabitEthernet2/1/2] mpls ldp [NPE1-GigabitEthernet2/1/2] quit # Configure the remote LDP peer UPE. [NPE1] mpls ldp remote-peer 2 [NPE1-mpls-remote-2] remote-ip 1.1.1.9 [NPE1-mpls-remote-2] quit # Configure the remote LDP peer NPE 3. [NPE1] mpls ldp remote-peer 3 [NPE1-mpls-remote-3] remote-ip 3.3.3.9 [NPE1-mpls-remote-3] quit # Enable L2VPN and MPLS L2VPN. [NPE1] l2vpn [NPE1-l2vpn] mpls l2vpn [NPE1-l2vpn] quit # Create VPLS instance aaa that uses LDP signaling.
[NPE3-l2vpn] mpls l2vpn [NPE3-l2vpn] quit # Create VPLS instance aaa that uses LDP signaling. [NPE3] vsi aaa static [NPE3-vsi-aaa] pwsignal ldp [NPE3-vsi-aaa-ldp] vsi-id 500 [NPE3-vsi-aaa-ldp] peer 2.2.2.9 [NPE3-vsi-aaa-ldp] quit [NPE3-vsi-aaa] quit # Configure interface GigabitEthernet 2/1/1 and bind VPLS instance aaa to the interface. [NPE3] interface gigabitethernet 2/1/1 [NPE3-GigabitEthernet2/1/1] l2 binding vsi aaa [NPE3-GigabitEthernet2/1/1] quit 5.
system-view [Sysname] sysname UPE [UPE] interface loopback 0 [UPE-LoopBack0] ip address 1.1.1.1 32 [UPE-LoopBack0] quit [UPE] mpls lsr-id 1.1.1.1 [UPE] mpls [UPE-mpls] quit [UPE] mpls ldp [UPE-mpls-ldp] quit # Configure an IP address for the interface connected to NPE 1, and enable MPLS and MPLS LDP. [UPE] interface gigabitethernet 2/1/4 [UPE-GigabitEthernet2/1/4] ip address 12.1.1.
[UPE] interface gigabitethernet 2/1/2 [UPE-GigabitEthernet2/1/2] l2 binding vsi aaa [UPE-GigabitEthernet2/1/2] quit 3. Configure NPE 1: # Configure basic MPLS. system-view [Sysname] sysname NPE1 [NPE1] interface loopback 0 [NPE1-LoopBack0] ip address 2.2.2.2 32 [NPE1-LoopBack0] quit [NPE1] mpls lsr-id 2.2.2.2 [NPE1] mpls [NPE1–mpls] quit [NPE1] mpls ldp [NPE1–mpls-ldp] quit # Configure an IP address for the interface connected to UPE, and enable MPLS and MPLS LDP.
The configuration procedure on NPE 2 is similar to that on NPE 1. 4. Configure NPE 3: # Configure basic MPLS. system-view [Sysname] sysname NPE3 [NPE3] interface loopback 0 [NPE3-LoopBack0] ip address 4.4.4.4 32 [NPE3-LoopBack0] quit [NPE3] mpls lsr-id 4.4.4.4 [NPE3] mpls [NPE3–mpls] quit [NPE3] mpls ldp [NPE3–mpls-ldp] quit # Configure an IP address for the interface connected to NPE 1, and enable MPLS and MPLS LDP.
[NPE3-GigabitEthernet2/1/3] quit 5. Verify the configuration: Execute the display vpls connection command on each PE. You can see that a PW connection in up state has been established between the PEs. Configuring BFD for the primary link in an H-VPLS network Network requirements In the H-VPLS network, Router A is the UPE, Router B is the primary NPE and Router C is the backup NPE. Enable MPLS on the connecting interfaces between the routers, and configure OSPF on the routers to ensure IP connectivity.
[RouterA-mpls-ldp-remote-routerc] remote-ip bfd [RouterA-mpls-ldp-remote-routerc] quit [RouterA] interface gigabitethernet 2/1/2 [RouterA-GigabitEthernet2/1/2] mpls [RouterA-GigabitEthernet2/1/2] mpls ldp [RouterA-GigabitEthernet2/1/2] quit [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] mpls [RouterA-GigabitEthernet2/1/1] mpls ldp [RouterA-GigabitEthernet2/1/1] quit # Configure Router B. system-view [RouterB] mpls lsr-id 2.2.2.
[RouterA] interface loopback 0 [RouterA-LoopBack0] ip address 1.1.1.1 32 [RouterA-LoopBack0] quit # Configure Router B. [RouterB] interface gigabitethernet 2/1/2 [RouterB-GigabitEthernet2/1/2] ip address 12.1.1.2 24 [RouterB-GigabitEthernet2/1/2] quit [RouterB] interface loopback 0 [RouterB-LoopBack0] ip address 2.2.2.2 32 [RouterB-LoopBack0] quit # Configure Router C. [RouterC] interface gigabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] ip address 13.1.1.
[RouterA-vsi-vpna-ldp] vsi-id 100 [RouterA-vsi-vpna-ldp] peer 2.2.2.2 backup-peer 3.3.3.3 [RouterA-vsi-vpna-ldp] quit [RouterA-vsi-vpna] quit [RouterA] interface gigabitethernet 2/1/3 [RouterA-GigabitEthernet2/1/3] l2 binding vsi vpna [RouterA-GigabitEthernet2/1/3] quit # Configure Router B. [RouterB] l2vpn [RouterB-l2vpn] mpls l2vpn [RouterB-l2vpn] quit [RouterB] vsi vpna static [RouterB-vsi-vpna] pwsignal ldp [RouterB-vsi-vpna-ldp] vsi-id 100 [RouterB-vsi-vpna-ldp] peer 1.1.1.
Recv Pkt Num: 70 Send Pkt Num: 68 Hold Time: 1600ms Connect Type: Indirect Running Up for: 00:00:01 Auth mode: None Protocol: MFW/LDP Diag Info: No Diagnostic # Execute the display vpls connection vsi vpna command on Router A. The output shows that the link between Router A and Router B is up.
[PE1-LoopBack0] ip address 1.1.1.1 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit # Create a remote peer. [PE1] mpls ldp remote-peer 1 [PE1-mpls-ldp-remote-1] remote-ip 2.2.2.2 [PE1-mpls-ldp-remote-1] quit # Configure OSPF. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.
[ASBR1] mpls lsr-id 2.2.2.2 [ASBR1] mpls [ASBR1–mpls] quit [ASBR1] mpls ldp [ASBR1–mpls-ldp] quit # Create remote LDP peers. [ASBR1] mpls ldp remote-peer 1 [ASBR1-mpls-ldp-remote-1] remote-ip 3.3.3.3 [ASBR1-mpls-ldp-remote-1] quit [ASBR1] mpls ldp remote-peer 2 [ASBR1-mpls-ldp-remote-2] remote-ip 1.1.1.1 [ASBR1-mpls-ldp-remote-2] quit # Configure OSPF. [ASBR1] ospf [ASBR1-ospf-1] area 0 [ASBR1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [ASBR1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.
[ASBR1-bgp] peer 11.1.1.3 as-number 200 [ASBR1-bgp] peer 11.1.1.3 route-policy map export [ASBR1-bgp] peer 11.1.1.3 label-route-capability [ASBR1-bgp] quit [ASBR1] route-policy map permit node 10 [ASBR1-route-policy] apply mpls-label [ASBR1-route-policy] quit 3. Configurations on ASBR 2: # Configure basic MPLS. system-view [Sysname] sysname ASBR2 [ASBR2] interface loopback 0 [ASBR2-LoopBack0] ip address 3.3.3.3 32 [ASBR2-LoopBack0] quit [ASBR2] mpls lsr-id 3.3.3.
[ASBR2-l2vpn] quit # Configure a P2P-capable VPLS instance aaa that uses LDP signaling. [ASBR2] vsi aaa static p2p [ASBR2-vsi-aaa] pwsignal ldp [ASBR2-vsi-aaa-ldp] vsi-id 500 [ASBR2-vsi-aaa-ldp] peer 4.4.4.4 upe [ASBR2-vsi-aaa-ldp-4.4.4.4] quit [ASBR2-vsi-aaa-ldp] peer 2.2.2.2 [ASBR2-vsi-aaa-ldp-2.2.2.2] quit [ASBR2-vsi-aaa-ldp] quit [ASBR2-vsi-aaa] quit # Configure BGP to advertise labeled unicast routes. [ASBR2] bgp 200 [ASBR2-bgp] import-route direct [ASBR2-bgp] peer 11.1.1.
[PE2-GigabitEthernet2/1/2] mpls [PE2-GigabitEthernet2/1/2] mpls ldp [PE2-GigabitEthernet2/1/2] quit # Enable L2VPN and MPLS L2VPN. [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit # Configure VPLS instance aaa that uses LDP signaling. [PE2] vsi aaa static [PE2-vsi-aaa] pwsignal ldp [PE2-vsi-aaa-ldp] vsi-id 500 [PE2-vsi-aaa-ldp] peer 3.3.3.3 [PE2-vsi-aaa-ldp-3.3.3.3] quit [PE2-vsi-aaa-ldp] quit [PE2-vsi-aaa] quit # Bind VPLS instance aaa to GigabitEthernet 2/1/1, the interface connected to CE 2.
Configuring MPLS L3VPN This chapter describes only MPLS L3VPN configuration. For information about MPLS basics, see "Configuring basic MPLS." For information about BGP, see Layer 3—IP Routing Configuration Guide. Overview MPLS L3VPN is a PE-based L3VPN technology. It uses BGP to advertise VPN routes and uses MPLS to forward VPN packets over service provider backbones. MPLS L3VPN provides flexible networking modes, excellent scalability, and convenient support for MPLS QoS and MPLS TE.
After a PE learns VPN routing information from a CE, it uses BGP to exchange VPN routing information to other PEs. A PE maintains routing information only for directly connected VPNs rather than all VPNs on the provider network. A P router maintains only routes to PEs and does not deal with VPN routing information.
A VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, followed by a four-byte IPv4 address prefix. Figure 66 VPN-IPv4 address structure Route Distinguisher (8 bytes) 2 bytes Type 6 bytes Administrator subfield 4 bytes Assigned number subfield IPv4 address prefix Upon receiving an IPv4 route from a CE, a PE changes the route to a VPN route by adding an RD and then advertises the VPN route to the peer PE. The RD ensures the uniqueness of the VPN route.
Like RDs, route target attributes can be of the following formats: • 16-bit AS number:32-bit user-defined number. For example, 100:1. • 32-bit IPv4 address:16-bit user-defined number. For example, 172.1.1.1:1. • 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1. The SoO attribute specifies the site where the route update is originated. It prevents the receiving router from advertising the route update back to the originating site.
• Layer 1 labels—Outer labels, used for label switching inside the backbone. They indicate LSPs from the local PEs to the remote PEs. Based on Layer 1 labels, VPN packets can be label switched along the LSPs to the remote PEs. • Layer 2 labels—Inner labels, used for forwarding packets from the remote PEs to the CEs. An inner label indicates to which site, or more precisely, to which CE the packet should be sent. A PE finds the interface for forwarding a packet according to the inner label.
Figure 68 Network diagram for basic VPN networking scheme In Figure 68, for example, the route target for VPN 1 is 100:1 on the PEs, while that for VPN 2 is 200:1. The two VPN 1 sites can communicate with each other, and the two VPN 2 sites can communicate with each other. However, the VPN 1 sites cannot communicate with the VPN 2 sites.
Figure 69 Network diagram for hub and spoke networking scheme VPN 1 Site 1 VPN 1: Import: Hub Export: Spoke VPN 1-out: Export: Hub Spoke-CE Hub-PE Hub-CE Spoke-PE Site 3 Spoke-PE VPN 1-in: Import: Spoke Spoke-CE Site 2 VPN 1 VPN 1 VPN 1: Import: Hub Export: Spoke In Figure 69, the spoke sites communicate with each other through the hub site.
Figure 70 Network diagram for extranet networking scheme VPN 1 Site 1 VPN 1: Import:100:1 Export:100:1 CE PE 1 VPN 1 PE 3 CE Site 3 PE 2 CE Site 2 VPN 2 VPN 2: Import:200:1 Export:200:1 VPN 1: Import:100:1,200:1 Export:100:1,200:1 In Figure 70, VPN 1 and VPN 2 can access Site 3 of VPN 1. • PE 3 can receive the VPN-IPv4 routes advertised by PE 1 and PE 2. • PE 1 and PE 2 can receive the VPN-IPv4 routes advertised by PE 3.
The route between the CE and the PE can be a static route, RIP route, OSPF route, IS-IS route, EBGP route, or IBGP route. No matter which routing protocol is used, the CE always advertises standard IPv4 routes to the PE.
Figure 71 Network diagram for inter-AS option A Inter-AS option A is easy to carry out because no special configuration is required on the PEs acting as the ASBRs. However, it has limited scalability because the PEs acting as the ASBRs must manage all the VPN routes and create VPN instances on a per-VPN basis. This leads to excessive VPN-IPv4 routes on the PEs. Moreover, the requirement to create a separate subinterface for each VPN also calls for higher performance of the PEs.
Figure 72 Network diagram for inter-AS option B PIB M P G IB M IB P- M P- P G IB G P G P PM In terms of scalability, inter-AS option B is better than option A. When adopting the MP-EBGP method, note the following: • ASBRs perform no route target filtering on VPN-IPv4 routes that they receive from each other. Therefore, the ISPs in different ASs that exchange VPN-IPv4 routes must agree on the route exchange. • VPN-IPv4 routes are exchanged only between VPN peers.
Figure 73 Network diagram for inter-AS option C VPN 1 VPN 1 Multi-hop MP-EBGP CE 1 CE 3 PE 3 PE 1 IB G P P G AS 200 G P M G P- IB IB P- PE 2 MPLS backbone M P AS 100 IB P- M P- M MPLS backbone ASBR 2 ASBR 1 (PE) (PE) EBGP PE 4 Multi-hop MP-EBGP VPN LSP LSP CE 2 CE 4 VPN 2 VPN 2 To improve the scalability, you can specify an RR in each AS, making it maintain all VPN-IPv4 routes and exchange VPN-IPv4 routes with PEs in the AS.
of the Level 2 carrier. Routes of the customer networks connected to a Level 2 carrier are exchanged through the BGP session established between the routers of the Level 2 carrier. This can greatly reduce the number of routes maintained by the Level 1 carrier network.
Figure 76 Scenario where the Level 2 carrier is an MPLS L3VPN service provider NOTE: If equal cost routes exist between the Level 1 carrier and the Level 2 carrier, HP recommends that you establish equal cost LSPs between them. Nested VPN In an MPLS L3VPN network, generally a service provider runs an MPLS L3VPN backbone and provides VPN services through PEs. Different sites of a VPN customer are connected to the PEs through CEs to implement communication.
Figure 77 Network diagram for nested VPN Propagation of routing information In a nested VPN network, routing information is propagated as follows: 1. A provider PE and its CEs exchange VPNv4 routes, which carry information about users' internal VPNs. 2. After receiving a VPNv4 route, a provider PE keeps the user's internal VPN information, and appends the user's MPLS VPN attributes on the service provider network.
Nested VPN is flexible and easy to implement and can reduce the cost because a customer only needs to pay for one MPLS VPN to have multiple internal VPNs connected. Nested VPN provides diversified VPN networking methods for a customer, and allows for multi-level hierarchical access control over the internal VPNs. Multi-role host The VPN attributes of the packets forwarded from a CE to a PE depend on the VPN instance bound to the inbound interface.
As in the typical hierarchical network model, HoVPN has different requirements on the devices at different layers of the hierarchy. Implementation of HoVPN Figure 78 Basic architecture of HoVPN As shown in Figure 78, devices directly connected to CEs are called underlayer PEs (UPEs) or user-end PEs, whereas devices that are connected to UPEs and are in the internal network are called superstratum PEs (SPE) or service provider-end PEs.
SPE-UPE The MP-BGP running between SPE and UPE can be either MP-IBGP or MP-EBGP. Which one to use depends on whether the UPE and SPE belong to a same AS. With MP-IBGP, to advertise routes between IBGP peers, the SPE acts as the RR and advertises routes from IBGP peer UPE to IBGP peer SPE. However, it does not act as the RR of the other PEs. Recursion and extension of HoVPN HoVPN supports HoPE recursion: • A HoPE can act as a UPE to form a new HoPE with an SPE.
OSPF for VPNs on a PE OSPF is a prevalent IGP protocol. It often runs between a PE and a CE to simplify CE configuration and management because the CEs only need to support OSPF. In addition, if the customers require MPLS L3VPN services through conventional OSPF backbone, using OSPF between a PE and a CE can simplify the transition. For OSPF to run between CE and PE, the PE must support multiple OSPF processes. Each OSPF process must correspond to a VPN instance and have its own interface and routing table.
With the standard BGP/OSPF interaction, PE 2 advertises the BGP VPN routes to CE 21 and CE 22 through Type 5 LSAs (ASE LSAs). However, CE 11, CE 21, and CE 22 belong to the same OSPF domain, and the route advertisement between them should use Type 3 LSAs (inter-AS routes). To solve the problem, the PE uses an extended BGP/OSPF interaction process called BGP/OSPF interoperability to advertise routes from one site to another, differentiating the routes from real AS-External routes.
The sham link is considered the link between the two VPN instances with one endpoint address in each VPN instance. The endpoint address is a loopback interface address with a 32-bit mask in the VPN address space on the PE. Different sham links of the same OSPF process can share an endpoint address, but that of different OSPF processes cannot. BGP advertises the endpoint addresses of sham links as VPN-IPv4 addresses. A route across the sham link cannot be redistributed into BGP as a VPN-IPv4 route.
routing loop, you can configure a routing policy on PE2 to add the SoO attribute to route updates received from CE 2 and CE 3 so that PE 2 does not advertise route updates from CE 3 to CE 2. Multi-VPN-instance CE BGP/MPLS VPN transmits private network data through MPLS tunnels over the public network. However, the traditional MPLS L3VPN architecture requires that each VPN instance use an exclusive CE to connect to a PE, as shown in Figure 65.
NOTE: To implement dynamic IP assignment for DHCP clients in private networks, you can configure DHCP server or DHCP relay agent on the MCE. The IP address spaces for different private networks cannot overlap. MPLS L3VPN configuration task list Task Remarks Configuring basic MPLS L3VPN Configuring inter-AS VPN By configuring basic MPLS L3VPN, you can construct simple VPN networks over an MPLS backbone.
Configuration prerequisites Before you configure basic MPLS L3VPN, complete the following tasks: • Configure an IGP for the MPLS backbone (on the PEs and Ps) to achieve IP connectivity. • Configure basic MPLS for the MPLS backbone. • Configure MPLS LDP for the MPLS backbone so that LDP LSPs can be established. Configuring VPN instances VPN instances isolate not only VPN routes from public network routes, but also routes among VPNs.
Step Command Remarks 2. Enter interface view. interface interface-type interface-number N/A 3. Associate a VPN instance with the interface. ip binding vpn-instance vpn-instance-name No VPN instance is associated with an interface by default. NOTE: The ip binding vpn-instance command deletes the IP address of the current interface. You must re-configure an IP address for the interface after configuring the command.
Step Command Remarks Optional. Apply an export routing policy. 7. By default, routes to be advertised are not filtered. export route-policy route-policy Make sure the routing policy already exists. Otherwise, the device does not filter routes to be advertised. NOTE: • Route related attributes configured in VPN instance view are applicable to both IPv4 VPNs and IPv6 VPNs. • You can configure route related attributes for IPv4 VPNs in both VPN instance view and IPv4 VPN view.
Step 2. Create a tunneling policy and enter tunneling policy view. Command Remarks tunnel-policy tunnel-policy-name N/A Optional. By default, no preferred tunnel is configured. 3. Configure a preferred tunnel and specify a tunnel interface for it. preferred-path number interface tunnel tunnel-number [ disable-fallback ] In a tunneling policy, you can configure up to 64 preferred tunnels.
To configure an LDP instance: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable LDP for a VPN instance, create an LDP instance, and enter MPLS LDP VPN instance view. mpls ldp vpn-instance vpn-instance-name Disabled by default. Configure LDP parameters except LDP GR for the instance. For configuration information, see "Configuring basic MPLS." Optional. 3. Except the command for LDP GR, all commands available in MPLS LDP view can be configured in MPLS LDP VPN instance view.
Step Command Remarks • Method 1: 2. Configure a static route for a VPN instance. ip route-static dest-address { mask | mask-length } { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] [ tag tag-value ] [ description description-text ] Use either command as needed.
Step Command Remarks Perform the configurations on PEs. On CEs, create a normal OSPF process. 2. Create an OSPF process for a VPN instance and enter the OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * 3. Configure the OSPF domain ID. domain-id domain-id [ secondary ] Optional. 0 by default. Optional. 4. Configure the type codes of OSPF extended community attributes.
Step Command Remarks 5. Enter interface view. interface interface-type interface-number N/A 6. Enable the IS-IS process on the interface. isis enable [ process-id ] Disabled by default. For more information about IS-IS, see Layer 3—IP Routing Configuration Guide. Configuring EBGP between a PE and a CE 1. Configure the PE: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable BGP and enter BGP view. bgp as-number N/A 3. Enter BGP VPN instance view.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A For more information about BGP peer and peer group configuration, see Layer 3—IP Routing Configuration Guide. This chapter does not differentiate between peer and peer group. 3. Configure the PE as the EBGP peer. peer { group-name | ip-address } as-number as-number 4. Configure the route redistribution and advertisement behavior.
Step Command Remarks Optional. 7. Configure the cluster ID for the RR. reflector cluster-id { cluster-id | ip-address } 8. Configure BGP to filter routes to be advertised. filter-policy { acl-number | ip-prefix ip-prefix-name } export [ direct | isis process-id | ospf process-id | rip process-id | static ] Configure BGP to filter received routes. filter-policy { acl-number | ip-prefix ip-prefix-name } import 9. By default, each RR in a cluster uses its own router ID as the cluster ID.
Configuring routing between PEs Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Configure the remote PE as the peer. peer { group-name | ip-address } as-number as-number N/A 4. Specify the source interface for route updates. peer { group-name | ip-address } connect-interface interface-type interface-number By default, BGP uses the source interface of the optimal route update packet. 5. Enter BGP-VPNv4 subaddress family view.
Step 6. 7. 8. Command Remarks Allow the local AS number to appear in the AS_PATH attribute of a received route and set the maximum number of repetitions. peer { group-name | ip-address } allow-as-loop [ number ] Optional. Enable a peer or peer group for an address family and enable the exchange of BGP routing information forf the address family. peer { group-name | ip-address } enable By default, only IPv4 routing information is exchanged between BGP peers. Add a peer into an existing peer group.
Step Command Remarks 3. Configure the remote PE as the peer. peer ip-address as-number as-number N/A 4. Specify the interface for TCP connection. peer ip-address connect-interface interface-type interface-number N/A 5. Enter BGP-VPNv4 subaddress family view. ipv4-family vpnv4 N/A 6. Set the default value of the local preference. default local-preference value Optional. 100 by default. Optional. 7. Set the default value for the system MED.
Step Command 17. Make BGP updates to be sent carry no private AS numbers. peer { group-name | ip-address } public-as-only 18. Apply a routing policy to a peer or peer group. peer { group-name | ip-address } route-policy route-policy-name { export | import } Remarks Optional. By default, a BGP update carries private AS numbers. Optional. By default, no routing policy is applied to a peer or peer group. For more information about BGP routing, see Layer 3—IP Routing Configuration Guide.
Change the next hop on an ASBR. With this method, MPLS LDP is not required between ASBRs. • The device supports only the second method. Therefore, MP-EBGP routes get their next hops changed by default before being redistributed to MP-IBGP. However, normal EBGP routes to be advertised to IBGP do not have their next hops changed by default. To change the next hop to a local address, use the peer { ip-address | group-name } next-hop-local command.
Step Command Remarks 3. Configure the ASBR PE in the same AS as the IBGP peer. peer { group-name | ip-address } as-number as-number N/A 4. Enable the PE to exchange labeled IPv4 routes with the ASBR PE in the same AS. peer { group-name | ip-address } label-route-capability By default, the device does not advertise labeled routes to the IPv4 peer or peer group. 5. Configure the PE of another AS as the EBGP peer. peer { group-name | ip-address } as-number as-number N/A 6.
Step Command Remarks 7. Enable the ASBR PE to exchange labeled IPv4 routes with the peer ASBR PE. peer { group-name | ip-address } label-route-capability By default, the device does not advertise labeled routes to the IPv4 peer. 8. Apply a routing policy to the routes advertised by peer ASBR PE. peer { group-name | ip-address } route-policy route-policy-name export By default, no routing policy is applied to a peer or peer group.
To configure nested VPN: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Enter BGP VPN instance view. ipv4-family vpn-instance vpn-instance-name N/A 4. Configure a CE peer or peer group. peer { group-name | peer-address } as-number number N/A 5. Return to BGP view. quit N/A 6. Enter BGP-VPNv4 subaddress family view. ipv4-family vpnv4 N/A 7. Enable nested VPN. nesting-vpn Disabled by default. 8.
Step Command 2. Create a policy and enter policy routing view. policy-based-route policy-name { deny | permit } node node-number 3. Specify the VPN instances for forwarding packets. apply access-vpn vpn-instance vpn-instance-name&<1-6> 4. Return to system view. quit 5. Enter the view of the interface connecting a CE. interface interface-type interface-number 6. Apply policy routing to the interface.
Step Advertise routes to the UPE. 6. Command Remarks • (Method 1) Advertise a default Use either command. Do not use both the commands. VPN route: peer { group-name | ip-address } default-route-advertise vpn-instance vpn-instance-name • (Method 2) Advertise routes permitted by a routing policy: peer { group-name | ip-address } upe route-policy route-policy-name export By default, BGP does not advertise routes to a VPNv4 peer.
Redistributing the loopback interface route and OSPF routes into BGP Step Command 1. Enter system view. system-view 2. Enter BGP view. bgp as-number 3. Enter BGP VPN instance view. ipv4-family vpn-instance vpn-instance-name 4. Redistribute direct routes into BGP (to redistribute the loopback interface route into BGP). import-route direct [ med med-value | route-policy route-policy-name ] * 5. Redistribute OSPF VPN routes.
Step Command Remarks 5. sham-link source-ip-address destination-ip-address [ cost cost | dead dead-interval | hello hello-interval | retransmit retrans-interval | trans-delay delay | { simple [ cipher | plain ] password | { md5 | hmac-md5 } key-id [ cipher | plain ] password } ]* By default, no sham link is configured. Configure a sham link. Configuring routing on an MCE MCE implements service isolation through route isolation.
Step Command Remarks • ip route-static dest-address { mask | mask-length } { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] [ tag tag-value ] [ description description-text ] 2. 3. Configure a static route for a VPN instance. Configure the default precedence for static routes. Use either command as needed. • ip route-static vpn-instance Perform this configuration on the MCE.
An OSPF process that is bound with a VPN instance does not use the public network router ID configured in system view. Therefore, you must configure a router ID when starting the OSPF process. To configure OSPF between an MCE and a VPN site: Step Command Remarks 1. Enter system view. system-view N/A 2. Create an OSPF process for a VPN instance and enter OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * Perform this configuration on the MCE.
Step Command Remarks Optional. Redistribute remote site routes advertised by the PE. import-route { isis [ process-id ] | ospf [ process-id ] | rip [ process-id ] | bgp [ allow-ibgp ] | direct | static } [ cost cost | cost-type { external | internal } | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name | tag tag ] * 5. Return to system view. quit N/A 6. Enter interface view. interface interface-type interface-number N/A 7. Enable the IS-IS process on the interface.
Step Command Configure a filtering policy to filter the received routes. 8. Remarks Optional. filter-policy { acl-number | ip-prefix ip-prefix-name } import By default, BGP does not filter the received routes. BGP checks routing loops by examining AS numbers. When EBGP is used, the MCE advertises routing information carrying the local AS number to the site and then receives routing updates from the site.
Step Command Remarks Optional. By default, no RR or RR client is configured. 5. Configure the system to be the RR and specify the peer as the client of the RR. peer { group-name | ip-address } reflect-client 6. Redistribute remote site routes advertised by the PE. import-route protocol [ process-id | all-processes ] [ med med-value | route-policy route-policy-name ] * 7. Configure a filtering policy to filter the routes to be advertised.
Configuring static routing between MCE and PE Step 1. Enter system view. Command Remarks system-view N/A • ip route-static dest-address { mask | mask-length } 2. 3. { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] [ tag tag-value ] [ description description-text ] Configure a static route for a VPN instance. • ip route-static vpn-instance Configure the default precedence for static routes.
Step Command Remarks Routing loop detection is enabled by default. You must disable routing loop detection for a VPN OSPF process on the MCE. Otherwise, the MCE cannot receive OSPF routes from the PE. 3. Disable routing loop detection. vpn-instance-capability simple 4. Configure the OSPF domain ID. domain-id domain-id [ secondary ] 5. Redistribute the VPN routes. import-route protocol [ process-id | allow-ibgp ] [ cost cost | type type | tag tag | route-policy route-policy-name ] * 6.
Step Command Remarks Configure a filtering policy to filter the redistributed routes. filter-policy { acl-number | ip-prefix ip-prefix-name | route-policy route-policy-name } export [ isis process-id | ospf process-id | rip process-id | bgp | direct | static ] 6. Return to system view. quit N/A 7. Enter interface view. interface interface-type interface-number N/A 8. Enable the IS-IS process on the interface. isis enable [ process-id ] Disabled by default. 5. Optional.
Step Command Remarks 4. Configure the PE as the IBGP peer. peer { group-name | ip-address } as-number as-number N/A 5. Redistribute the VPN routes of the VPN site. import-route protocol [ process-id | all-processes ] [ med med-value | route-policy route-policy-name ] * By default, No route redistribution is configured. 6. Configure a filtering policy to filter the routes to be advertised.
To configure BGP AS number substitution and SoO: Step 1. Enter system view. Command Remarks system-view N/A Optional. No routing policy is created by default. 2. Create a routing policy and enter routing policy view. route-policy route-policy-name permit node node-number 3. Specify an SoO attribute value. apply extcommunity soo site-of-origin additive Optional. 4. Return to system view. quit N/A 5. Enter BGP view. bgp as-number N/A 6. Enter BGP VPN instance view.
Task Command Remarks Hard reset BGP connections of a VPN instance. reset bgp vpn-instance vpn-instance-name { as-number | ip-address | all | external | group group-name } Available in user view. Hard reset BGP VPNv4 connections. reset bgp vpnv4 { as-number | ip-address | all | external | internal | group group-name } Available in user view. Displaying and maintaining MPLS L3VPN Task Command Remarks Display information about the routing table associated with a VPN instance.
Task Command Remarks display bgp vpnv4 all peer [ ip-address verbose | verbose ] [ | { begin | exclude | include } regular-expression ] Display information about BGP VPNv4 peers. display bgp vpnv4 vpn-instance vpn-instance-name peer [ group-name log-info | ip-address { log-info | verbose } | verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display the IP prefix information for the ORF packets received from the specified BGP peer.
Task Command Remarks Display the BGP VPNv4 routing information for a specific VPN instance.
MPLS L3VPN configuration examples Configuring MPLS L3VPNs using EBGP between a PE and a CE Network requirements CE 1 and CE 3 belong to VPN 1. CE 2 and CE 4 belong to VPN 2. VPN 1 uses route target attribute 111:1. VPN 2 uses route target attribute 222:2. Users of different VPNs cannot access each other. A PE and its connected CE use EBGP exchange VPN routing information. PEs use OSPF to communicate with each other and use MP-IBGP to exchange VPN routing information.
[PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] interface pos 5/1/1 [PE1-POS5/1/1] ip address 172.1.1.1 24 [PE1-POS5/1/1] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure the P device.
system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface pos 5/1/1 [P-POS5/1/1] ip address 172.1.1.
Routing Tables: Public Destinations : 8 Pre Routes : 8 Destination/Mask Proto Cost NextHop Interface 1.1.1.9/32 Direct 0 0 127.0.0.1 InLoop0 2.2.2.9/32 OSPF 10 1 172.1.1.2 POS5/1/1 3.3.3.9/32 OSPF 10 2 172.1.1.2 POS5/1/1 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 172.1.1.0/24 Direct 0 0 172.1.1.1 POS5/1/1 172.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 172.2.1.0/24 OSPF 1 172.1.1.
[P-POS5/1/2] quit # Configure PE 2. [PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 5/1/1 [PE2-POS5/1/1] mpls [PE2-POS5/1/1] mpls ldp [PE2-POS5/1/1] quit After the configurations, LDP sessions are established between PE 1, P, and PE 2. Execute the display mpls ldp session command. The output shows that the session status is Operational. Execute the display mpls ldp lsp command. The output shows the LSPs established by LDP.
[PE1-GigabitEthernet2/1/1] quit [PE1] interface gigabitethernet 2/1/2 [PE1-GigabitEthernet2/1/2] ip binding vpn-instance vpn2 [PE1-GigabitEthernet2/1/2] ip address 10.2.1.2 24 [PE1-GigabitEthernet2/1/2] quit # Configure PE 2.
[CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit # Configure the other three CEs in a similar way to configuring CE 1. (Details not shown.) # Configure PE 1. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.1 as-number 65410 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] ipv4-family vpn-instance vpn2 [PE1-bgp-vpn2] peer 10.2.1.
[PE1] display bgp peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 6. Peer AS 3.3.3.9 100 MsgRcvd Peers in established state : 1 MsgSent 2 OutQ 6 PrefRcv 0 Up/Down 0 State 00:00:12 Established Verify the configuration: Execute the display ip routing-table vpn-instance command on the PEs. The output shows the routes to the CEs.
--- 10.4.1.1 ping statistics --5 packet(s) transmitted 0 packet(s) received 100.00% packet loss Configuring MPLS L3VPNs using IBGP between a PE and a CE Network requirements CE 1 and CE 3 belong to VPN 1. CE 2 and CE 4 belong to VPN 2. VPN 1 uses route target attribute 111:1. VPN 2 uses route target attribute 222:2. Users of different VPNs cannot access each other. IBGP is used to exchange VPN routing information between CE and PE.
# Configure PE 1. system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] interface pos 5/1/1 [PE1-POS5/1/1] ip address 172.1.1.1 24 [PE1-POS5/1/1] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure the P router. system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.
the display ip routing-table command. The output shows that the PEs have learned the routes to the loopback interfaces of each other. Take PE 1 as an example: [PE1] display ip routing-table Routing Tables: Public Destinations : 8 Destination/Mask Proto 1.1.1.9/32 2.2.2.9/32 Pre Routes : 8 Cost NextHop Interface Direct 0 0 127.0.0.1 InLoop0 OSPF 10 1 172.1.1.2 POS5/1/1 3.3.3.9/32 OSPF 10 2 172.1.1.2 POS5/1/1 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.
[P-POS5/1/2] mpls ldp [P-POS5/1/2] quit # Configure PE 2. [PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 5/1/1 [PE2-POS5/1/1] mpls [PE2-POS5/1/1] mpls ldp [PE2-POS5/1/1] quit After the configurations, P establishes an LDP session with PE 1 and PE 2 respectively. Execute the display mpls ldp session command. The output shows that the session status is Operational. Execute the display mpls ldp lsp command.
[PE1-GigabitEthernet2/1/1] ip address 10.1.1.2 24 [PE1-GigabitEthernet2/1/1] quit [PE1] interface gigabitethernet 2/1/2 [PE1-GigabitEthernet2/1/2] ip binding vpn-instance vpn2 [PE1-GigabitEthernet2/1/2] ip address 10.2.1.2 24 [PE1-GigabitEthernet2/1/2] quit # Configure PE 2.
# On CE 1, configure PE 1 as the IBGP peer, and configure a routing policy for the routes received from PE 1, changing the next hop address of the routes to the IP address of PE 1. system-view [CE1] route-policy ce-ibgp permit node 0 [CE1-route-policy] apply ip-address next-hop 10.1.1.2 [CE1-route-policy] quit [CE1] bgp 100 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] peer 10.1.1.
[PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 route-policy pe-ibgp import [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # On PE 2, configure PE 1 as the MP-IBGP peer, and configure a routing policy for the routes received from PE 1, changing the next hop address of the routes as the loopback interface address of PE 1.
Routing Tables: vpn2 Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost NextHop Interface 5.5.5.9/32 BGP 255 0 10.2.1.1 GE2/1/2 7.7.7.9/32 BGP 255 0 3.3.3.9 NULL0 10.2.1.0/24 Direct 0 0 10.2.1.2 GE2/1/2 10.2.1.2/32 Direct 0 0 127.0.0.1 InLoop0 10.4.1.0/24 BGP 0 3.3.3.9 NULL0 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 255 CEs of the same VPN can ping each other, whereas those of different VPNs cannot.
Figure 86 Network diagram POS5/1/1 POS5/1/2 P Loop0 Loop0 POS5/1/1 POS5/1/1 GRE tunnel PE 1 GE2/1/1 PE 2 Tunnel0 Tunnel0 GE2/1/1 AS 100 GE2/1/1 GE2/1/1 CE 1 CE 2 VPN 1 AS 65410 VPN 1 AS 65420 Device Interface IP address Device Interface IP address CE 1 GE 2/1/1 10.1.1.1/24 P POS 5/1/1 172.1.1.2/24 PE 1 Loop0 1.1.1.9/32 POS 5/1/2 172.2.1.1/24 CE 2 GE 2/1/1 10.1.1.2/24 Loop0 2.2.2.9/32 POS 5/1/2 172.1.1.1/24 PE 2 GE 2/1/1 10.2.1.2/24 Tunnel0 20.1.1.
[PE1] tunnel-policy gre1 [PE1-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1 [PE1-tunnel-policy-gre1] quit [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] tnl-policy gre1 [PE1-vpn-instance-vpn1] quit [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ip address 10.1.1.2 24 [PE1-GigabitEthernet2/1/1] quit # Configure PE 2.
Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=9 ms --- 10.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 7/21/33 ms 4. Establish EBGP peer relationships between PEs and CEs to allow VPN routes to be redistributed: # Configure CE 1. [CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit # Configure PE 1. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.
Local AS number : 100 Total number of peers : 1 Peer 2.2.2.9 6. Peers in established state : 1 AS MsgRcvd MsgSent OutQ PrefRcv 100 3 3 0 1 Up/Down State 00:00:34 Established Configure a GRE tunnel: # Configure PE 1. [PE1] interface tunnel 0 [PE1-Tunnel0] tunnel-protocol gre [PE1-Tunnel0] source loopback 0 [PE1-Tunnel0] destination 2.2.2.9 [PE1-Tunnel0] ip address 20.1.1.1 24 [PE1-Tunnel0] mpls [PE1-Tunnel0] quit # Configure PE 2.
172.1.1.2/32 Direct 0 0 172.1.1.2 POS5/1/2 172.2.1.0/24 OSPF 3124 172.1.1.2 POS5/1/2 10 [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 3 Destination/Mask Proto 10.1.1.0/24 10.1.1.2/32 10.2.1.0/24 Routes : 3 Pre Cost NextHop Interface Direct 0 0 10.1.1.2 GE2/1/1 Direct 0 0 127.0.0.1 InLoop0 BGP 0 2.2.2.9 NULL0 255 The CEs can ping each other. [CE1] ping 10.2.1.1 PING 10.2.1.1: 56 data bytes, press CTRL_C to break Reply from 10.2.1.
Figure 87 Network diagram Device Interface IP address Device Interface IP address Spoke-CE 1 GE2/1/1 10.1.1.1/24 Hub-CE GE2/1/1 10.3.1.1/24 Spoke-PE 1 Loop0 1.1.1.9/32 GE2/1/2 10.4.1.1/24 GE2/1/1 10.1.1.2/24 Loop0 2.2.2.9/32 POS5/1/1 172.1.1.1/24 POS5/1/1 172.1.1.2/24 Spoke-CE 2 GE2/1/1 10.2.1.1/24 POS5/1/2 172.2.1.2/24 Spoke-PE 2 Loop0 3.3.3.9/32 GE2/1/1 10.3.1.2/24 GE2/1/1 10.2.1.2/24 GE2/1/2 10.4.1.2/24 POS5/1/1 172.2.1.1/24 Hub-PE Configuration procedure 1.
[Spoke-PE2-LoopBack0] quit [Spoke-PE2] interface pos 5/1/1 [Spoke-PE2-POS5/1/1] ip address 172.2.1.1 24 [Spoke-PE2-POS5/1/1] quit [Spoke-PE2] ospf [Spoke-PE2-ospf-1] area 0 [Spoke-PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [Spoke-PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [Spoke-PE2-ospf-1-area-0.0.0.0] quit [Spoke-PE2-ospf-1] quit # Configure the Hub-PE. system-view [Hub-PE] interface loopback 0 [Hub-PE-LoopBack0] ip address 2.2.2.
172.2.1.0/24 OSPF 10 1 172.1.1.2 POS5/1/1 [Spoke-PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.1(POS5/1/1)'s neighbors Router ID: 2.2.2.9 State: Full Address: 172.1.1.2 Mode:Nbr is DR: 172.1.1.1 Master BDR: 172.1.1.2 Dead timer due in 38 GR State: Normal Priority: 1 MTU: 0 sec Neighbor is up for 00:02:44 Authentication Sequence: [ 0 ] Neighbor state change count: 5 2.
After the configuration, LDP sessions are established between Spoke-PE 1 and Hub-PE, and between Spoke-PE 2 and Hub-PE. Execute the display mpls ldp session command. The output shows that the session status is Operational. Execute the display mpls ldp lsp command. The output shows the LSPs established by LDP.
[Hub-PE] ip vpn-instance vpn1-in [Hub-PE-vpn-instance-vpn1-in] route-distinguisher 100:3 [Hub-PE-vpn-instance-vpn1-in] vpn-target 222:2 import-extcommunity [Hub-PE-vpn-instance-vpn1-in] quit [Hub-PE] ip vpn-instance vpn1-out [Hub-PE-vpn-instance-vpn1-out] route-distinguisher 100:4 [Hub-PE-vpn-instance-vpn1-out] vpn-target 111:1 export-extcommunity [Hub-PE-vpn-instance-vpn1-out] quit [Hub-PE] interface gigabitethernet 2/1/1 [Hub-PE-GigabitEthernet2/1/1] ip binding vpn-instance vpn1-in [Hub-PE-GigabitEthernet
system-view [Spoke-CE2] bgp 65420 [Spoke-CE2-bgp] peer 10.2.1.2 as-number 100 [Spoke-CE2-bgp] import-route direct [Spoke-CE2-bgp] quit # Configure the Hub-CE. system-view [Hub-CE] bgp 65430 [Hub-CE-bgp] peer 10.3.1.2 as-number 100 [Hub-CE-bgp] peer 10.4.1.2 as-number 100 [Hub-CE-bgp] import-route direct [Hub-CE-bgp] quit # Configure Spoke-PE 1. [Spoke-PE1] bgp 100 [Spoke-PE1-bgp] ipv4-family vpn-instance vpn1 [Spoke-PE1-bgp-vpn1] peer 10.1.1.
Total number of peers : 1 Peer 10.1.1.1 5. Peers in established state : 1 AS MsgRcvd 65410 6 MsgSent OutQ PrefRcv Up/Down 7 0 State 2 00:03:16 Established Configure an MP-IBGP peer relationship between a spoke-PE and the hub-PE: # Configure Spoke-PE 1. [Spoke-PE1] bgp 100 [Spoke-PE1-bgp] peer 2.2.2.9 as-number 100 [Spoke-PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [Spoke-PE1-bgp] ipv4-family vpnv4 [Spoke-PE1-bgp-af-vpnv4] peer 2.2.2.
6. Verify the configuration: # Execute the display ip routing-table vpn-instance command on a PE. The output shows that the PE has learned routes to each CE, and for a spoke-PE, the next hop of the route to the peer spoke-CE is the Hub-PE. Take Spoke-PE 1 as an example: [Spoke-PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost NextHop Interface 10.0.0.0/24 BGP 255 0 2.2.2.9 NULL0 10.1.1.0/24 Direct 0 0 10.1.1.
Figure 88 Network diagram Device Interface IP address Device Interface IP address CE 1 GE 2/1/1 10.1.1.1/24 CE 2 GE 2/1/1 10.2.1.1/24 PE 1 Loop0 1.1.1.9/32 PE 2 Loop0 4.4.4.9/32 GE 2/1/1 10.1.1.2/24 GE 2/1/1 10.2.1.2/24 POS 5/1/1 162.1.1.2/24 Loop0 3.3.3.9/32 ASBR-PE 1 POS 5/1/1 172.1.1.2/24 Loop0 2.2.2.9/32 POS 5/1/1 172.1.1.1/24 POS 5/1/1 162.1.1.1/24 POS 5/1/2 192.1.1.1/24 POS 5/1/2 192.1.1.2/24 ASBR-PE 2 Configuration procedure 1.
[PE1-POS5/1/1] mpls [PE1-POS5/1/1] mpls ldp [PE1-POS5/1/1] quit # Configure basic MPLS on ASBR PE 1 and enable MPLS LDP on the interface connected to PE 1. system-view [ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit [ASBR-PE1] interface pos 5/1/1 [ASBR-PE1-POS5/1/1] mpls [ASBR-PE1-POS5/1/1] mpls ldp [ASBR-PE1-POS5/1/1] quit # Configure basic MPLS on ASBR PE 2 and enable MPLS LDP on the interface connected to PE 2.
# Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ip address 10.1.1.2 24 [PE1-GigabitEthernet2/1/1] quit # Configure CE 2. system-view [CE2] interface gigabitethernet 2/1/1 [CE2-GigabitEthernet2/1/1] ip address 10.2.1.
4. Establish EBGP peer relationships between PEs and CEs to allow VPN routes to be redistributed: # Configure CE 1. [CE1] bgp 65001 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit # Configure PE 1. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.1 as-number 65001 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 2. [CE2] bgp 65002 [CE2-bgp] peer 10.2.1.
[ASBR-PE1-bgp] quit # Configure ASBR-PE 2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ipv4-family vpn-instance vpn1 [ASBR-PE2-bgp-vpn1] peer 192.1.1.1 as-number 100 [ASBR-PE2-bgp-vpn1] quit [ASBR-PE2-bgp] peer 4.4.4.9 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [ASBR-PE2-bgp] ipv4-family vpnv4 [ASBR-PE2-bgp-af-vpnv4] peer 4.4.4.9 enable [ASBR-PE2-bgp-af-vpnv4] peer 4.4.4.9 next-hop-local [ASBR-PE2-bgp-af-vpnv4] quit [ASBR-PE2-bgp] quit # Configure PE 2. [PE2] bgp 200 [PE2-bgp] peer 3.3.
Figure 89 Network diagram MPLS backbone Loop0 MPLS backbone Loop0 AS 100 AS 600 S2/1/2 S2/1/1 ASBR-PE 1 Loop0 S2/1/2 ASBR-PE 2 S2/1/1 Loop0 S2/1/1 S2/1/1 PE 2 PE 1 GE2/1/1 GE2/1/1 Site 2 Site 1 CE 1 CE 2 AS 65001 Device Interface PE 1 ASBR-PE 1 AS 65002 IP address Device Interface IP address Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 GE 2/1/1 30.0.0.1/8 GE 2/1/1 20.0.0.1/8 S 2/1/1 1.1.1.2/8 S 2/1/1 9.1.1.2/8 Loop0 3.3.3.9/32 Loop0 4.4.4.9/32 S 2/1/1 1.1.1.
# Configure interface Loopback 0 and start IS-IS on it. [PE1] interface loopback 0 [PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and route target attributes.
[ASBR-PE1-Serial2/1/1] mpls [ASBR-PE1-Serial2/1/1] mpls ldp [ASBR-PE1-Serial2/1/1] quit # Configure interface Serial 2/1/2 and enable MPLS. [ASBR-PE1] interface serial 2/1/2 [ASBR-PE1-Serial2/1/2] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Serial2/1/2] mpls [ASBR-PE1-Serial2/1/2] quit # Configure interface Loopback 0 and start IS-IS on it. [ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.3.3.9 32 [ASBR-PE1-LoopBack0] isis enable 1 [ASBR-PE1-LoopBack0] quit # Start BGP on ASBR-PE 1.
[ASBR-PE2] interface serial 2/1/2 [ASBR-PE2-Serial2/1/2] ip address 11.0.0.1 255.0.0.0 [ASBR-PE2-Serial2/1/2] mpls [ASBR-PE2-Serial2/1/2] quit # Configure interface Loopback 0 and start IS-IS on it. [ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit # Start BGP on ASBR-PE 2. [ASBR-PE2] bgp 600 [ASBR-PE2-bgp] peer 11.0.0.2 as-number 100 [ASBR-PE2-bgp] peer 5.5.5.9 as-number 600 [ASBR-PE2-bgp] peer 5.5.5.
[PE2-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and route target attributes. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 12:12 [PE2-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity [PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE2-vpn-instance-vpn1] quit # Bind the interface connected to CE 2 with the created VPN instance.
Figure 90 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 Loop1 30.0.0.1/32 Loop1 20.0.0.1/32 S 2/1/1 1.1.1.2/8 S 2/1/1 9.1.1.2/8 Loop0 3.3.3.9/32 Loop0 4.4.4.9/32 ASBR-PE 1 ASBR-PE 2 S 2/1/1 1.1.1.1/8 S 2/1/1 9.1.1.1/8 S 2/1/2 11.0.0.2/8 S 2/1/2 11.0.0.1/8 Configuration procedure 1. Configure PE 1: # Run IS-IS on PE 1. system-view [PE1] isis 1 [PE1-isis-1] network-entity 10.1111.1111.1111.1111.
[PE1-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and route target attributes. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Configure interface Loopback 1 and bind the interface to VPN instance vpn1. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ip address 30.0.0.
[ASBR-PE1] interface serial 2/1/1 [ASBR-PE1-Serial2/1/1] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-Serial2/1/1] isis enable 1 [ASBR-PE1-Serial2/1/1] mpls [ASBR-PE1-Serial2/1/1] mpls ldp [ASBR-PE1-Serial2/1/1] quit # Configure interface Serial 2/1/2 and enable MPLS on it. [ASBR-PE1] interface serial 2/1/2 [ASBR-PE1-Serial2/1/2] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Serial2/1/2] mpls [ASBR-PE1-Serial2/1/2] quit # Configure interface Loopback 0 and start IS-IS on it.
[ASBR-PE2-isis-1] quit # Configure LSR ID, enable MPLS and LDP. [ASBR-PE2] mpls lsr-id 4.4.4.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] label advertise non-null [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit # Configure interface Serial 2/1/1, and start IS-IS and enable MPLS and LDP on the interface. [ASBR-PE2] interface serial 2/1/1 [ASBR-PE2-Serial2/1/1] ip address 9.1.1.1 255.0.0.
# Configure the capability to advertise labeled routes to EBGP peer 11.0.0.2 and to receive labeled routes from the peer. [ASBR-PE2-bgp] peer 11.0.0.2 label-route-capability [ASBR-PE2-bgp] quit 4. Configure PE 2: # Start IS-IS on PE 2. system-view [PE2] isis 1 [PE2-isis-1] network-entity 10.4444.4444.4444.4444.00 [PE2-isis-1] quit # Configure LSR ID, enable MPLS and LDP. [PE2] mpls lsr-id 5.5.5.
[PE2-bgp] peer 4.4.4.9 label-route-capability # Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10. [PE2-bgp] peer 2.2.2.9 as-number 100 [PE2-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE2-bgp] peer 2.2.2.9 ebgp-max-hop 10 # Configure peer 2.2.2.9 as a VPNv4 peer. [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 2.2.2.9 enable [PE2-bgp-af-vpnv4] quit # Redistribute direct routes to the routing table of vpn1.
Figure 91 Network diagram Device Interface IP address Device Interface IP address CE 3 GE 2/1/1 100.1.1.1/24 CE 4 GE 2/1/1 120.1.1.1/24 PE 3 Loop0 1.1.1.9/32 PE 4 Loop0 6.6.6.9/32 CE 1 PE 1 GE 2/1/1 100.1.1.2/24 GE 2/1/1 120.1.1.2/24 POS 5/1/2 10.1.1.1/24 POS 5/1/2 20.1.1.2/24 Loop0 2.2.2.9/32 Loop0 5.5.5.9/32 CE 2 POS 5/1/1 10.1.1.2/24 POS 5/1/1 21.1.1.2/24 POS 5/1/2 11.1.1.1/24 POS 5/1/2 20.1.1.1/24 Loop0 3.3.3.9/32 Loop0 4.4.4.9/32 POS 5/1/1 11.1.1.
[PE1-LoopBack0] quit [PE1] interface pos 5/1/2 [PE1-POS5/1/2] ip address 30.1.1.1 24 [PE1-POS5/1/2] isis enable 1 [PE1-POS5/1/2] mpls [PE1-POS5/1/2] mpls ldp [PE1-POS5/1/2] mpls ldp transport-address interface [PE1-POS5/1/2] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.4.4.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # Configure PE 2 in a similar way to configuring PE 1.
[PE3] mpls lsr-id 1.1.1.9 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0001.00 [PE3-isis-2] quit [PE3] interface loopback 0 [PE3-LoopBack0] isis enable 2 [PE3-LoopBack0] quit [PE3] interface pos 5/1/2 [PE3-POS5/1/2] ip address 10.1.1.1 24 [PE3-POS5/1/2] isis enable 2 [PE3-POS5/1/2] mpls [PE3-POS5/1/2] mpls ldp [PE3-POS5/1/2] mpls ldp transport-address interface [PE3-POS5/1/2] quit # Configure CE 1.
[PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] mpls ldp vpn-instance vpn1 [PE1-mpls-ldp-vpn-instance-vpn1] quit [PE1] isis 2 vpn-instance vpn1 [PE1-isis-2] network-entity 10.0000.0000.0000.0003.00 [PE1-isis-2] import-route bgp allow-ibgp [PE1-isis-2] quit [PE1] interface pos 5/1/1 [PE1-POS5/1/1] ip binding vpn-instance vpn1 [PE1-POS5/1/1] ip address 11.1.1.
[PE3-vpn-instance-vpn1] vpn-target 1:1 [PE3-vpn-instance-vpn1] quit [PE3] interface gigabitethernet 2/1/1 [PE3-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE3-GigabitEthernet2/1/1] ip address 100.1.1.2 24 [PE3-GigabitEthernet2/1/1] quit [PE3] bgp 100 [PE3-bgp] ipv4-family vpn-instance vpn1 [PE3-bgp-vpn1] peer 100.1.1.1 as-number 65410 [PE3-bgp-vpn1] import-route direct [PE3-bgp-vpn1] quit [PE3-bgp] quit # Configure PE 4 and CE 4 in a similar way to configuring PE 3 and CE 3. (Details not shown.) 5.
2.2.2.9/32 ISIS 15 10 11.1.1.1 POS5/1/1 5.5.5.9/32 BGP 255 0 4.4.4.9 NULL0 6.6.6.9/32 BGP 255 0 4.4.4.9 NULL0 10.1.1.0/24 ISIS 15 20 11.1.1.1 POS5/1/1 11.1.1.0/24 Direct 0 0 11.1.1.1 POS5/1/1 11.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 11.1.1.2/32 Direct 0 0 11.1.1.2 POS5/1/1 20.1.1.0/24 BGP 255 0 4.4.4.9 NULL0 21.1.1.0/24 BGP 255 0 4.4.4.9 NULL0 21.1.1.2/32 BGP 255 0 4.4.4.9 NULL0 Execute the display ip routing-table command on CE 1 and CE 2.
21.1.1.0/24 ISIS 15 84 10.1.1.2 POS5/1/2 21.1.1.2/32 ISIS 15 84 10.1.1.2 POS5/1/2 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 Execute the display ip routing-table vpn-instance command on PE 3 and PE 4. The output shows that the routes of the remote VPN customers are present in the VPN routing tables.
• PE 1 and PE 2 are PE devices on the service provider backbone. Both of them support the nested VPN function. • CE 1 and CE 2 are connected to the service provider backbone. Both of them support VPNv4 routes. • PE 3 and PE 4 are PE devices of the customer VPN. Both of them support MPLS L3VPN. • CE 3 through CE 6 are CE devices of sub-VPNs for the customer VPN.
Configuration procedure 1. Configure MPLS L3VPN on the service provider backbone—enable IS-IS, enable LDP, and establish an MP-IBGP peer relationship between PE 1 and PE 2: # Configure PE 1. system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 3.3.3.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 3.3.3.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] isis 1 [PE1-isis-1] network-entity 10.0000.0000.0004.
LAM : Label Advertisement Mode FT : Fault Tolerance [PE1] display bgp peer BGP local router ID : 3.3.3.9 Local AS number : 100 Total number of peers : 1 Peer 4.4.4.9 Peers in established state : 1 AS MsgRcvd MsgSent OutQ PrefRcv 100 162 145 0 0 Up/Down State 02:12:47 Established [PE1] display isis peer Peer information for ISIS(1) ---------------------------System Id Interface Circuit Id 0000.0000.0005 POS5/1/2 2.
[CE1-isis-2] quit [CE1] interface loopback 0 [CE1-LoopBack0] isis enable 2 [CE1-LoopBack0] quit [CE1] interface pos 5/1/1 [CE1-POS5/1/1] ip address 10.1.1.2 24 [CE1-POS5/1/1] isis enable 2 [CE1-POS5/1/1] mpls [CE1-POS5/1/1] mpls ldp [CE1-POS5/1/1] quit After the configurations, LDP and IS-IS neighbor relationship can be established between PE 3 and CE 1. # Configure PE 4 and CE 2 in a similar way to configuring PE 3 and CE 1. (Details not shown.) 3.
[CE3-bgp] import-route direct [CE3-bgp] quit # Configure CE 5. system-view [CE5] interface gigabitethernet 2/1/1 [CE5-GigabitEthernet2/1/1] ip address 110.1.1.1 24 [CE5-GigabitEthernet2/1/1] quit [CE5] bgp 65411 [CE5-bgp] peer 110.1.1.2 as-number 200 [CE5-bgp] import-route direct [CE5-bgp] quit # Configure PE 3.
[PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # Configure CE 1, enabling VPNv4 capability and establishing VPNv4 neighbor relationship between CE 1 and PE 1. [CE1] bgp 200 [CE1-bgp] ipv4-family vpnv4 [CE1-bgp-af-vpnv4] peer 11.1.1.2 enable # Allow the local AS number to appear in the AS-PATH attribute of the routes received. [CE1-bgp-af-vpnv4] peer 11.1.1.2 allow-as-loop 2 # Disable route target based filtering of received VPNv4 routes.
3.3.3.9/32 Direct 0 0 127.0.0.1 InLoop0 4.4.4.9/32 ISIS 10 30.1.1.2 POS5/1/2 30.1.1.0/24 Direct 0 0 30.1.1.1 POS5/1/2 30.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 30.1.1.2/32 Direct 0 0 30.1.1.2 POS5/1/2 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 15 Execute the display ip routing-table vpn-instance command on PE 1 and PE 2 to verify that the VPN routing tables contain sub-VPN routes. Take PE 1 as an example.
*^ 100.1.1.0/24 1.1.1.9 1024/1024 Route Distinguisher: 101:1 Network NextHop In/Out Label * > 110.1.1.0/24 1.1.1.9 1025/1025 MED LocPrf MED LocPrf MED LocPrf Route Distinguisher: 200:1 Network NextHop In/Out Label * > 120.1.1.0/24 11.1.1.2 1026/1027 Route Distinguisher: 201:1 Network NextHop In/Out Label * > 130.1.1.0/24 11.1.1.
Execute the display ip routing-table command on CE 5 and CE 6 to verify that the routing tables contain routes of remote sub-VPNs. Take CE5 as an example. [CE5] display ip routing-table Routing Tables: Public Destinations : 5 Destination/Mask Proto 110.1.1.0/24 110.1.1.1/32 Routes : 5 Pre Cost NextHop Interface Direct 0 0 110.1.1.1 GE2/1/1 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 130.1.1.0/24 BGP 0 110.1.1.
Request time out Request time out --- 130.1.1.1 ping statistics --5 packet(s) transmitted 0 packet(s) received 100.00% packet loss Configuring multi-role host Network requirements Host A is connected to CE 1. Its IP address is 100.1.1.2 and it can access VPN 1 and VPN 2. Bind interface Serial 2/1/2 of PE 1 to VPN instance vpn1, and interface Serial 2/1/2 of PE 2 to VPN instance vpn2. Figure 93 Network diagram Configuration procedure 1.
system-view [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:2 [PE1-vpn-instance-vpn2] vpn-target 100:2 both [PE1-vpn-instance-vpn2] quit # Bind the interface of PE 1 that is connected with CE 1 to VPN instance vpn1. [PE1] interface serial 2/1/2 [PE1-Serial2/1/2] ip binding vpn-instance vpn1 [PE1-Serial2/1/2] ip address 1.1.
Figure 94 Network diagram Loop0 Loop0 GE2/1/2 SPE 1 Loop0 GE2/1/1 GE2/1/1 GE2/1/3 SPE 2 GE2/1/2 GE2/1/1 AS 100 UPE 1 UPE 2 GE2/1/2 GE2/1/1 VPN 1 GE2/1/2 VPN 2 GE2/1/1 GE2/1/1 CE 2 AS 65420 GE2/1/3 VPN 1 GE2/1/1 CE 1 AS 65410 Loop0 VPN 2 GE2/1/1 CE 3 AS 65430 CE 4 AS 65440 Device Interface IP address Device Interface IP address CE 1 GE 2/1/1 10.2.1.1/24 CE 3 GE 2/1/1 10.1.1.1/24 CE 2 GE 2/1/1 10.4.1.1/24 CE 4 GE 2/1/1 10.3.1.1/24 UPE 1 Loop0 1.1.1.
[UPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [UPE1-ospf-1-area-0.0.0.0] quit [UPE1-ospf-1] quit # Configure VPN instances vpn1 and vpn2, allowing CE 1 and CE 2 to access UPE 1.
[CE2-GigabitEthernet2/1/1] ip address 10.4.1.1 255.255.255.0 [CE2-GigabitEthernet2/1/1] quit [CE2] bgp 65420 [CE2-bgp] peer 10.4.1.2 as-number 100 [CE2-bgp] import-route direct [CE2] quit 4. Configure UPE 2: # Configure basic MPLS and MPLS LDP to establish LDP LSPs. system-view [UPE2] interface loopback 0 [UPE2-LoopBack0] ip address 4.4.4.9 32 [UPE2-LoopBack0] quit [UPE2] mpls lsr-id 4.4.4.
[UPE2] bgp 100 [UPE2-bgp] peer 3.3.3.9 as-number 100 [UPE2-bgp] peer 3.3.3.9 connect-interface loopback 0 [UPE2-bgp] ipv4-family vpnv4 [UPE2-bgp-af-vpnv4] peer 3.3.3.9 enable [UPE2-bgp-af-vpnv4] quit [UPE2-bgp] ipv4-family vpn-instance vpn1 [UPE2-bgp-vpn1] peer 10.1.1.1 as-number 65430 [UPE2-bgp-vpn1] import-route direct [UPE2-bgp-vpn1] quit [UPE2-bgp] ipv4-family vpn-instance vpn2 [UPE2-bgp-vpn1] peer 10.3.1.1 as-number 65440 [UPE2-bgp-vpn1] import-route direct [UPE2-bgp-vpn1] quit [UPE2-bgp] quit 5.
[SPE1-GigabitEthernet2/1/1] quit [SPE1] interface gigabitethernet 2/1/2 [SPE1-GigabitEthernet2/1/2] ip address 180.1.1.1 24 [SPE1-GigabitEthernet2/1/2] mpls [SPE1-GigabitEthernet2/1/2] mpls ldp [SPE1-GigabitEthernet2/1/2] quit # Configure the IGP protocol, OSPF, for example. [SPE1] ospf [SPE1-ospf-1] area 0 [SPE1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [SPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.
[SPE1-bgp] ipv4-family vpnv4 [SPE1-bgp-af-vpnv4] peer 1.1.1.9 upe route-policy hope export 8. Configure SPE 2: # Configure basic MPLS and MPLS LDP to establish LDP LSPs. system-view [SPE2] interface loopback 0 [SPE2-LoopBack0] ip address 3.3.3.9 32 [SPE2-LoopBack0] quit [SPE2] mpls lsr-id 3.3.3.9 [SPE2] mpls [SPE2-mpls] quit [SPE2] mpls ldp [SPE2-mpls-ldp] quit [SPE2] interface gigabitethernet 2/1/1 [SPE2-GigabitEthernet2/1/1] ip address 180.1.1.
[SPE2-bgp] peer 2.2.2.9 connect-interface loopback 0 [SPE2-bgp] ipv4-family vpnv4 [SPE2-bgp-af-vpnv4] peer 2.2.2.9 enable [SPE2-bgp-af-vpnv4] peer 4.4.4.9 enable [SPE2-bgp-af-vpnv4] peer 4.4.4.9 upe [SPE2-bgp-af-vpnv4] quit [SPE2-bgp]ipv4-family vpn-instance vpn1 [SPE2-bgp-vpn1] quit [SPE2-bgp]ipv4-family vpn-instance vpn2 [SPE2-bgp-vpn2] quit [SPE2-bgp] quit # Configure SPE 2 to advertise to UPE 2 the routes permitted by a routing policy, that is, the routes of CE 1.
Figure 95 Network diagram Device Interface IP address Device Interface IP address CE 1 GE 2/1/1 100.1.1.1/24 CE 2 GE 2/1/1 120.1.1.1/24 S 2/1/2 20.1.1.1/24 S 2/1/2 30.1.1.2/24 PE 1 Loop0 1.1.1.9/32 Loop0 2.2.2.9/32 Loop1 3.3.3.3/32 Loop1 5.5.5.5/32 GE 2/1/1 100.1.1.2/24 GE 2/1/1 120.1.1.2/24 S 2/1/2 10.1.1.1/24 S 2/1/1 10.1.1.2/24 S 2/1/1 30.1.1.1/24 S 2/1/2 20.1.1.2/24 Router A PE 2 Configuration procedure 1.
[PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface serial 2/1/2 [PE1-Serial2/1/2] ip address 10.1.1.1 24 [PE1-Serial2/1/2] mpls [PE1-Serial2/1/2] mpls ldp [PE1-Serial2/1/2] quit # Configure PE 1 to take PE 2 as the MP-IBGP peer. [PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 as-number 100 [PE1-bgp] peer 2.2.2.
[PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit # Configure OSPF on PE 2. [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit 3. Configure VPN instances on PEs: # Configure PE 1 to allow CE 1 to access the network.
[PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route ospf 100 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] quit After completing the configurations, execute the display ip routing-table vpn-instance command on the PEs, you can see that the path to the peer CE is along the OSPF route across the customer networks, instead of the BGP route across the backbone. Take PE 1 as an example: [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 5 4.
20.1.1.0/24 OSPF 1563 100.1.1.1 GE2/1/1 100.1.1.0/24 Direct 0 10 0 100.1.1.2 GE2/1/1 100.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0 120.1.1.0/24 BGP 0 2.2.2.9 NULL0 255 Execute the display ip routing-table command on the CEs, and you can see that the cost of the OSPF route to the peer CE is now 10 (the cost configured for the sham link), and that the next hop is now the Ethernet interface connected to the PE. This means that VPN traffic to the peer is forwarded over the backbone.
Figure 96 Network diagram VPN 2 Site 1 CE PE 2 PE 1 GE3/1/3.1 20.1.1.1/24 GE3/1/2 10.214.10.2/24 VPN 1 192.168.0.0 GE3/1/1 192.168.0.1/24 VR 1 GE3/1/1.1 20.1.1.2/24 GE3/1/1.2 30.1.1.2/24 GE3/1/3.2 30.1.1.1/24 MCE GE3/1/1 10.214.10.3/24 PE 3 GE3/1/2 10.214.20.3/24 CE VPN 1 Site 2 GE3/1/1 10.214.20.2/24 VR 2 GE3/1/2 192.168.10.1/24 VPN 2 192.168.10.
[MCE-GigabitEthernet3/1/1] quit # Bind interface GigabitEthernet 3/1/2 with VPN instance vpn2, and configure an IP address for the interface. [MCE] interface gigabitethernet 3/1/2 [MCE-GigabitEthernet3/1/2] ip binding vpn-instance vpn2 [MCE-GigabitEthernet3/1/2] ip address 10.214.20.3 24 [MCE-GigabitEthernet3/1/2] quit # On PE 1, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance.
Routing Tables: vpn1 Destinations : 5 Destination/Mask Proto 10.214.10.0/24 Routes : 5 Pre Cost NextHop Interface Direct 0 0 10.214.10.3 GE3/1/1 10.214.10.3/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 192.168.0.0/24 Static 60 0 10.214.10.2 GE3/1/1 [MCE] display ip routing-table vpn-instance vpn2 Routing Tables: vpn2 Destinations : 5 Destination/Mask Proto 10.214.20.0/24 10.214.20.
# On PE 1, bind subinterface GigabitEthernet 3/1/1.2 with the VPN instance vpn2, configure the subinterface to terminate VLAN 20, and configure an IP address for the subinterface. [PE1] interface gigabitethernet 3/1/1.2 [PE1-GigabitEthernet3/1/1.2] ip binding vpn-instance vpn2 [PE1-GigabitEthernet3/1/1.2] vlan-type dot1q vid 20 [PE1-GigabitEthernet3/1/1.2] ip address 30.1.1.2 24 [PE1-GigabitEthernet3/1/1.2] quit # Configure the IP address of the interface Loopback0 as 101.101.10.1 for the MCE and as 100.
30.1.1.0/24 Direct 0 0 30.1.1.2 GE3/1/1.2 30.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 192.168.10.0/24 O_ASE 1 30.1.1.1 GE3/1/1.2 150 Now, the routing information for the two VPNs has been redistributed into the routing tables on PE 1. Configuring BGP AS number substitution Network requirements As shown in Figure 703, CE 1 and CE 2 belong to VPN 1 and are connected to PE 1 and PE 2 respectively.
{ Configure BGP between PE 1 and CE 1, and between PE 2 and CE 2 to inject routes of CEs into PEs. After completing the configurations, execute the display ip routing-table command on CE 2, you can see that CE 2 has learned the route to network 10.1.1.0/24, where the interface used by CE 1 to access PE 1 resides, but it has not learned the route to the VPN (100.1.1.0/24) behind CE 1. The situation on CE 1 is similar.
BGP Local router ID is 10.2.1.1 Status codes: * - valid, ^ - VPN best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete 2. Network NextHop *> 10.1.1.0/24 10.2.1.2 MED *> 10.1.1.1/32 10.2.1.2 * 10.2.1.0/24 10.2.1.2 0 * 10.2.1.1/32 10.2.1.2 0 LocPrf PrefVal Path/Ogn 0 100? 0 100? 0 100? 0 100? Configure BGP AS number substitution: # Configure BGP AS number substitution on PE 2.
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 200.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 After you also configure BGP AS substitution on PE 1, the GigabitEthernet interfaces of CE 1 and CE 2 can ping each other: ping –a 100.1.1.1 200.1.1.1 PING 200.1.1.1: 56 data bytes, press CTRL_C to break Reply from 200.1.1.1: bytes=56 Sequence=1 ttl=253 time=109 ms Reply from 200.1.1.1: bytes=56 Sequence=2 ttl=253 time=67 ms Reply from 200.1.1.
Figure 98 Network diagram CE 1 Loop0 GE2/1/1 MPLS backbone AS 100 GE2/1/1 Loop0 Loop0 GE2/1/3 PE 1 GE2/1/2 Loop0 GE2/1/1 VPN 1 AS 600 GE2/1/2 GE2/1/3 PE 2 GE2/1/3 GE2/1/2 Loop0 GE2/1/1 PE 3 P GE2/1/2 GE2/1/1 CE 3 Loop0 GE2/1/1 CE 2 VPN 1 AS 600 GE2/1/1 Device Interface IP address Device Interface IP address CE 1 Loop0 100.1.1.1/32 CE 3 Loop0 200.1.1.1/32 GE2/1/1 10.1.1.1/24 GE2/1/1 10.3.1.1/24 CE 2 GE2/1/1 10.2.1.1/24 Loop0 2.2.2.9/32 PE 1 Loop0 1.1.1.
display bgp routing-table peer 10.2.1.2 received-routes Total Number of Routes: 8 BGP Local router ID is 10.2.1.1 Status codes: * - valid, ^ - VPN best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete 3. Network NextHop *> 10.1.1.0/24 10.2.1.2 MED *> 10.1.1.1/32 10.2.1.2 * 10.2.1.0/24 10.2.1.2 0 * 10.2.1.1/32 10.2.1.2 0 * 10.3.1.0/24 10.2.1.2 * 10.3.1.1/32 *> 100.1.1.1/32 *> 200.1.1.
10.2.1.0/24 Direct 0 0 10.2.1.1 GE2/1/1 10.2.1.1/32 Direct 0 0 127.0.0.1 InLoop0 10.3.1.0/24 BGP 255 0 10.2.1.2 GE2/1/1 10.3.1.1/32 BGP 255 0 10.2.1.2 GE2/1/1 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 200.1.1.1/32 BGP 0 10.2.1.
Configuring IPv6 MPLS L3VPN Overview MPLS L3VPN applies to the IPv4 environment. It uses BGP to advertise IPv4 VPN routes and uses MPLS to forward IPv4 VPN packets on the service provider backbone. IPv6 MPLS L3VPN functions similarly. It uses BGP to advertise IPv6 VPN routes and uses MPLS to forward IPv6 VPN packets on the service provider backbone. Figure 819 shows the typical IPv6 MPLS L3VPN model. The service provider backbone in the IPv6 MPLS L3VPN model is an IPv4 network.
IPv6 MPLS L3VPN packet forwarding Figure 100 IPv6 MPLS L3VPN packet forwarding diagram As shown in Figure 820, the IPv6 MPLS L3VPN packet forwarding procedure is as follows: 1. The PC at Site 1 sends an IPv6 packet destined for 2001:2::1, the PC at Site 2. CE 1 transmits the packet to PE 1. 2. Based on the inbound interface and destination address of the packet, PE 1 searches the routing table of the VPN instance.
Routing information exchange from the ingress PE to the egress PE After learning the IPv6 VPN routes from the CE, the ingress PE adds RDs and route targets for these standard IPv6 routes to create VPN-IPv6 routes, saves them to the routing table of the VPN instance created for the CE, and then triggers MPLS to assign VPN labels for them. Then, the ingress PE advertises the VPN-IPv6 routes to the egress PE through MP-BGP.
Task Remarks Configuring VPN instances Creating a VPN instance Required. Associating a VPN instance with an interface Required. Configuring route related attributes for a VPN instance Optional. Configuring a tunneling policy for a VPN instance Optional. Configuring an LDP instance Optional. Configuring routing between a PE and a CE Required. Configuring routing between PEs Required. Configuring routing features for the BGP-VPNv6 subaddress family Optional.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Associate a VPN instance with the interface. ip binding vpn-instance vpn-instance-name No VPN instance is associated with an interface by default. NOTE: The ip binding vpn-instance command clears the IP address of the interface on which it is configured. Be sure to re-configure an IP address for the interface after configuring the command.
Step Command Remarks Optional. 6. Apply an import routing policy. import route-policy route-policy By default, all routes matching the import target attribute are accepted. Make sure the routing policy already exists. Otherwise, the device does not filter received routes. Optional. 7. Apply an export routing policy. By default, routes to be advertised are not filtered. export route-policy route-policy Make sure the routing policy already exists.
Step Command Remarks 1. Enter system view. system-view N/A 2. Create a tunneling policy and enter tunneling policy view. tunnel-policy tunnel-policy-name N/A Optional. By default, no preferred tunnel is configured. 3. Configure a preferred tunnel and specify a tunnel interface for it. preferred-path number interface tunnel tunnel-number [ disable-fallback ] In a tunneling policy, you can configure up to 64 preferred tunnels.
NOTE: • A tunneling policy configured in VPN instance view is applicable to both IPv4 VPNs and IPv6 VPNs. • You can configure a tunneling policy for IPv6 VPNs in both VPN instance view and IPv6 VPN view. A tunneling policy configured in IPv6 VPN view takes precedence. Configuring an LDP instance LDP instances are for carrier's carrier network applications. This task is to enable LDP for an existing VPN instance, create an LDP instance for the VPN instance, and configure LDP parameters for the LDP instance.
Step Command Remarks 3. Return to system view. quit N/A 4. Enter interface view. interface interface-type interface-number N/A 5. Enable RIPng on the interface. ripng process-id enable By default, RIPng is disabled on an interface. For more information about RIPng, see Layer 3—IP Routing Configuration Guide. Configuring OSPFv3 between a PE and a CE An OSPFv3 process belongs to the public network or a single VPN instance.
Step Command Remarks 4. Enable the IPv6 capacity for the IS-IS process. ipv6 enable Disabled by default. 5. Return to system view. quit N/A 6. Enter interface view. interface interface-type interface-number N/A 7. Enable the IPv6 capacity for the IS-IS process on the interface. isis ipv6 enable [ process-id ] Disabled by default. For more information about IPv6 IS-IS, see Layer 3—IP Routing Configuration Guide. Configuring EBGP between a PE and a CE 1.
Step 5. Command Configure route redistribution and advertisement. import-route protocol [ process-id ] [ med med-value | route-policy route-policy-name ] * Remarks Optional. A CE must advertise its VPN routes to the connected PE so that the PE can advertise them to the peer CE. NOTE: • After an IPv6 BGP-VPN instance is configured, exchange of BGP routes for the VPN instance is the same as exchange of ordinary BGP routes.
Step Command Remarks 4. Specify the interface for TCP connections. peer ip-address connect-interface interface-type interface-number N/A 5. Enter BGP-VPNv6 subaddress family view. ipv6-family vpnv6 N/A 6. Set the default value of the local preference. default local-preference value 7. Set the default value for the system MED. default med med-value By default, the default value of the system MED is 0. 8. Configure a filtering policy to filter routes to be advertised.
Step Command Remarks Optional. 18. Configure a cluster ID for the route reflector. reflector cluster-id { cluster-id | ip-address } By default, each RR in a cluster uses its own router ID as the cluster ID. If more than one RR exists in a cluster, use this command to configure the same cluster ID for all RRs in the cluster to avoid rout loops. Optional. By default, an RR does not filter the reflected routes. 19. Create an RR reflection policy.
For more configuration information, see "Configuring MPLS L3VPN." In the inter-AS IPv6 VPN option A solution, for the same IPv6 VPN, the route targets configured on the PEs must match those configured on the ASBR-PEs in the same AS to make sure VPN routes sent by the PEs (or ASBR-PEs) can be received by the ASBR-PEs (or PEs). Route targets configured on the PEs in different ASs do not have such requirements.
Configuring routing on an MCE An MCE implements service isolation through route isolation. MCE routing configuration includes: • MCE-VPN site routing configuration • MCE-PE routing configuration On the PE in an MCE network environment, disable routing loop detection to avoid route loss during route calculation and disable route redistribution between routing protocols to save system resources.
Step Command Remarks 1. Enter system view. system-view N/A 2. Create a RIPng process for a VPN instance and enter RIPng view. ripng [ process-id ] vpn-instance vpn-instance-name Perform this configuration on the MCE. On a VPN site, configure normal RIPng. 3. Redistribute remote site routes advertised by the PE. import-route protocol [ process-id ] [ allow-ibgp ] [ cost cost | route-policy route-policy-name ] * By default, no route of any other routing protocol is redistributed into RIPng. 4.
For more information about OSPFv3, see Layer 3—IP Routing Configuration Guide. Configuring IPv6 IS-IS between an MCE and a VPN site An IPv6 IS-IS process belongs to the public network or a single IPv6 VPN instance. If you create an IPv6 IS-IS process without binding it to an IPv6 VPN instance, the process belongs to the public network.
Step Command Remarks 3. Enter IPv6 BGP-VPN instance view. ipv6-family vpn-instance vpn-instance-name N/A 4. Specify an IPv6 BGP peer in an AS. peer ipv6-address as-number as-number N/A 5. Redistribute remote site routes advertised by the PE. import-route protocol [ process-id [ med med-value | route-policy route-policy-name ] * ] By default, No route redistribution is configured. 6. Configure a filtering policy to filter the routes to be advertised.
Perform the following configuration tasks on the MCE. Configurations on the PE are similar to those on the PE in common IPv6 MPLS L3VPN network solutions. For more information, see "Configuring routing between a PE and a CE" Configuring IPv6 static routing between an MCE and a PE Step 1. Enter system view. Command Remarks system-view N/A • ipv6 route-static ipv6-address prefix-length 2. Configure an IPv6 static route for an IPv6 VPN instance.
Step Command Remarks Set the router ID. router-id router-id N/A Redistribute the VPN routes. import-route protocol [ process-id | allow-ibgp ] [ cost value | route-policy route-policy-name | type type ] * By default, no route of any other routing protocol is redistributed into OSPFv3. 5. Configure a filtering policy to filter the redistributed routes.
For more information about IPv6 IS-IS, see Layer 3—IP Routing Configuration Guide. Configuring EBGP between an MCE and a PE Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Enter IPv6 BGP-VPN instance view. ipv6-family vpn-instance vpn-instance-name N/A 4. Configure the PE as the EBGP peer. peer ipv6-address as-number as-number N/A 5. Redistribute the VPN routes.
Task Command Remarks Hard reset the IPv6 BGP connections of a VPN instance. reset bgp ipv6 vpn-instance vpn-instance-name { as-number | ipv6-address | all | external } Available in user view. Hard reset BGP VPNv6 connections. reset bgp vpnv6 { as-number | ip-address | all | external | internal } Available in user view. Displaying information about IPv6 MPLS L3VPN Task Command Remarks Display information about the IPv6 routing table associated with a VPN instance.
Task Command Remarks Display BGP VPNv6 routing information for a specific VPN instance. display bgp vpnv6 vpn-instance vpn-instance-name routing-table [ network-address prefix-length [ longer-prefixes ] | peer ipv6-address { advertised-routes | received-routes } ] [ | { begin | exclude | include } regular-expression ] Available in any view. For commands that display information about a routing table, see Layer 3—IP Routing Command Reference.
Figure 101 Network diagram AS 65410 VPN 1 AS 65430 VPN 1 CE 1 CE 3 GE2/1/1 GE2/1/1 Loop0 GE2/1/1 PE1 PE2 POS5/1/1 Loop0 POS5/1/1 GE2/1/2 Loop0 POS5/1/1 P MPLS backbone GE2/1/1 GE2/1/2 GE2/1/1 CE 4 CE 2 VPN 2 AS 65420 Device GE2/1/1 POS5/1/2 VPN 2 AS 65440 Interface IP address Device Interface CE 1 GE2/1/1 2001:1::1/96 P Loop0 2.2.2.9/32 PE 1 Loop0 1.1.1.9/32 POS5/1/1 172.1.1.2/24 GE2/1/1 2001:1::2/96 POS5/1/2 172.2.1.1/24 GE2/1/2 2001:2::2/96 Loop0 3.3.3.
[P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface pos 5/1/1 [P-POS5/1/1] ip address 172.1.1.2 24 [P-POS5/1/1] quit [P] interface pos 5/1/2 [P-POS5/1/2] ip address 172.2.1.1 24 [P-POS5/1/2] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit # Configure PE 2.
Neighbors Area 0.0.0.0 interface 172.1.1.1(POS5/1/1)'s neighbors Router ID: 172.1.1.2 State: Full DR: None Address: 172.1.1.2 Mode:Nbr is BDR: None Dead timer due in 38 Master GR State: Normal Priority: 1 MTU: 1500 sec Neighbor is up for 00:02:44 Authentication Sequence: [ 0 ] Neighbor state change count: 5 2. Configure basic MPLS and enable MPLS LDP on the MPLS backbone to establish LDP LSPs: # Configure PE 1. [PE1] mpls lsr-id 1.1.1.
Execute the display mpls ldp lsp command. The output shows the LSPs established by LDP. Take PE 1 as an example: [PE1] display mpls ldp session LDP Session(s) in Public Network Total number of sessions: 1 ---------------------------------------------------------------Peer-ID Status LAM SsnRole FT MD5 KA-Sent/Rcv --------------------------------------------------------------2.2.2.
[PE2-vpn-instance-vpn2] quit [PE2] interface gigabitethernet 2/1/1 [PE2-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/1/1] ipv6 address 2001:3::2 96 [PE2-GigabitEthernet2/1/1] quit [PE2] interface gigabitethernet 2/1/2 [PE2-GigabitEthernet2/1/2] ip binding vpn-instance vpn2 [PE2-GigabitEthernet2/1/2] ipv6 address 2001:4::2 24 [PE2-GigabitEthernet2/1/2] quit # Configure IP addresses for the CEs according to Figure 821. (Details not shown.
# Configure PE 1. [PE1] bgp 100 [PE1-bgp] ipv6-family vpn-instance vpn1 [PE1-bgp-ipv6-vpn1] peer 2001:1::1 as-number 65410 [PE1-bgp-ipv6-vpn1] import-route direct [PE1-bgp-ipv6-vpn1] quit [PE1-bgp] ipv6-family vpn-instance vpn2 [PE1-bgp-ipv6-vpn2] peer 2001:2::1 as-number 65420 [PE1-bgp-ipv6-vpn2] import-route direct [PE1-bgp-ipv6-vpn2] quit [PE1-bgp] quit # Configure PE 2 in a similar way to configuring PE 1. (Details not shown.
3.3.3.9 6. 100 2 6 0 0 00:00:12 Established Verify the configuration: # Execute the display ipv6 routing-table vpn-instance command on the PEs. The output shows the routes to the CEs.
bytes=56 Sequence=5 hop limit=64 time = 1 ms --- 2001:3::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms [CE1] ping ipv6 2001:4::1 PING 2001:4::1 : 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 2001:4::1 ping statistics --5 packet(s) transmitted 0 packet(s) received 100.
Figure 102 Network diagram POS5/1/1 POS5/1/2 P Loop0 Loop0 POS5/1/1 POS5/1/1 GRE tunnel PE 1 GE2/1/1 PE 2 Tunnel0 Tunnel0 GE2/1/1 AS 100 GE2/1/1 GE2/1/1 CE 1 CE 2 VPN 1 AS 65410 VPN 1 AS 65420 Device Interface IP address Device Interface IP address CE 1 GE2/1/1 2001:1::1/96 P POS5/1/1 172.1.1.2/24 PE 1 Loop0 1.1.1.9/32 POS5/1/2 172.2.1.1/24 GE2/1/1 2001:1::2/96 Loop0 2.2.2.9/32 POS5/1/1 172.1.1.1/24 GE2/1/1 2001:2::2/96 Tunnel0 20.1.1.1/24 POS5/1/1 172.2.1.
# Configure PE 1.
bytes=56 Sequence=2 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=3 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=4 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=5 hop limit=64 time = 1 ms --- 2001:1::1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms 4. Establish EBGP peer relationships between PEs and CEs to allow them to exchange VPN routes: # Configure CE 1.
# Configure PE 2 in a similar way to configuring PE 1. (Details not shown.) After completing the configuration, execute the display bgp peer command or the display bgp vpnv6 all peer command on the PEs. A BGP peer relationship has been established between the PEs, and has reached Established state. [PE1] display bgp vpnv6 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 6. Peer AS 2.2.2.
round-trip min/avg/max = 1/1/1 ms Configuring inter-AS IPv6 VPN option A Network requirements CE 1 and CE 2 belong to the same VPN. CE 1 accesses the network through PE 1 in AS 100 and CE 2 accesses the network through PE 2 in AS 200. An inter-AS IPv6 MPLS L3VPN is implemented using option A, where the VRF-to-VRF method is used to manage VPN routes. The MPLS backbone in each AS runs OSPF.
adjacencies are in Full state, and that the PE and ASBR PE in the same AS have learned the routes to the loopback interfaces of each other and can ping each other. 2. Configure basic MPLS and enable MPLS LDP on each MPLS backbone to establish LDP LSPs: # Configure basic MPLS on PE 1 and enable MPLS LDP for both PE 1 and the interface connected to ASBR-PE 1. system-view [PE1] mpls lsr-id 1.1.1.
[PE2-POS5/1/1] mpls [PE2-POS5/1/1] mpls ldp [PE2-POS5/1/1] quit After the configurations, each PE and the ASBR PE in the same AS can establish the LDP neighbor relationship. Execute the display mpls ldp session command on the routers. The output shows that the session status is Operational. 3. Configure a VPN instance on the PEs: For the same VPN, the route targets for the VPN instance on the PE must match those for the VPN instance on the ASBR-PE in the same AS.
# Configure ASBR-PE 2, creating a VPN instance and binding the VPN instance to the interface connected to ASBR-PE 1 (ASBR-PE 2 considers ASBR-PE 1 its attached CE).
[PE1-bgp-af-vpnv6] peer 2.2.2.9 enable [PE1-bgp-af-vpnv6] quit [PE1-bgp] quit # Configure ASBR-PE 1. [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] ipv6-family vpn-instance vpn1 [ASBR-PE1-bgp-ipv6-vpn1] peer 2002:1::2 as-number 200 [ASBR-PE1-bgp-ipv6-vpn1] quit [ASBR-PE1-bgp] peer 1.1.1.9 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback 0 [ASBR-PE1-bgp] ipv6-family vpnv6 [ASBR-PE1-bgp-af-vpnv6] peer 1.1.1.9 enable [ASBR-PE1-bgp-af-vpnv6] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2.
ASBR-PE 1 and ASBR-PE 2 use MP-EBGP to exchange labeled IPv4 routes. Figure 104 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 ASBR-PE 1 Loop1 2001:1::1/128 Loop1 2001:1::2/128 S2/1/1 1.1.1.2/8 S2/1/1 9.1.1.2/8 Loop0 3.3.3.9/32 Loop0 4.4.4.9/32 S2/1/1 1.1.1.1/8 S2/1/1 9.1.1.1/8 S2/1/2 11.0.0.2/8 S2/1/2 11.0.0.1/8 ASBR-PE 2 Configuration procedure 1. Configure PE 1: # Configure IS-IS on PE 1.
[PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1, and configure the RD and route target attributes for it. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Configure interface Loopback 1 and bind the interface to VPN instance vpn1.
# Configure interface Serial 2/1/1, and start IS-IS and enable MPLS and LDP on the interface. [ASBR-PE1] interface serial 2/1/1 [ASBR-PE1-Serial2/1/1] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-Serial2/1/1] isis enable 1 [ASBR-PE1-Serial2/1/1] mpls [ASBR-PE1-Serial2/1/1] mpls ldp [ASBR-PE1-Serial2/1/1] quit # Configure interface Serial 2/1/2 and enable MPLS on it. [ASBR-PE1] interface serial 2/1/2 [ASBR-PE1-Serial2/1/2] ip address 11.0.0.2 255.0.0.
[ASBR-PE2-isis-1] network-entity 10.3333.3333.3333.3333.00 [ASBR-PE2-isis-1] quit # Configure an LSR ID, and enable MPLS and LDP. [ASBR-PE2] mpls lsr-id 4.4.4.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] label advertise non-null [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit # Configure interface Serial 2/1/1, and start IS-IS and enable MPLS and LDP on the interface. [ASBR-PE2] interface serial 2/1/1 [ASBR-PE2-Serial2/1/1] ip address 9.1.1.1 255.0.0.
[ASBR-PE2-bgp] peer 11.0.0.2 route-policy policy1 export # Configure the capability to advertise labeled routes to and receive labeled routes from EBGP peer 11.0.0.2. [ASBR-PE2-bgp] peer 11.0.0.2 label-route-capability [ASBR-PE2-bgp] quit 4. Configure PE 2: # Start IS-IS on PE 2. system-view [PE2] isis 1 [PE2-isis-1] network-entity 10.4444.4444.4444.4444.00 [PE2-isis-1] quit # Configure an LSR ID, and enable MPLS and LDP. [PE2] mpls lsr-id 5.5.5.
[PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE2-bgp] peer 4.4.4.9 label-route-capability # Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10. [PE2-bgp] peer 2.2.2.9 as-number 100 [PE2-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE2-bgp] peer 2.2.2.9 ebgp-max-hop 10 # Configure peer 2.2.2.9 as a VPNv6 peer. [PE2-bgp] ipv6-family vpnv6 [PE2-bgp-af-vpnv6] peer 2.2.2.9 enable [PE2-bgp-af-vpnv6] quit # Redistribute direct routes to the routing table of vpn1.
--- 2001:1::2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms Configuring carrier's carrier Network requirements Configure carrier's carrier for the scenario shown in Figure 1011. In this scenario: • PE 1 and PE 2 are the provider carrier's PE routers. They provide VPN services to the customer carrier. • CE 1 and CE 2 are the customer carrier's routers. They are connected to the provider carrier's backbone as CE routers.
Figure 105 Network diagram Device Interface IP address Device Interface IP address CE 3 GE2/1/1 2001:1::1/96 CE 4 GE2/1/1 2001:2::1/96 PE 3 Loop0 1.1.1.9/32 PE 4 Loop0 6.6.6.9/32 CE 1 PE 1 GE2/1/1 2001:1::2/96 GE2/1/1 2001:2::2/96 POS5/1/2 10.1.1.1/24 POS5/1/2 20.1.1.2/24 Loop0 2.2.2.9/32 Loop0 5.5.5.9/32 POS5/1/1 10.1.1.2/24 POS5/1/1 21.1.1.2/24 POS5/1/2 11.1.1.1/24 POS5/1/2 20.1.1.1/24 CE 2 Loop0 3.3.3.9/32 Loop0 4.4.4.9/32 POS5/1/1 11.1.1.
[PE1-LoopBack0] quit [PE1] interface pos 5/1/2 [PE1-POS5/1/2] ip address 30.1.1.1 24 [PE1-POS5/1/2] isis enable 1 [PE1-POS5/1/2] mpls [PE1-POS5/1/2] mpls ldp [PE1-POS5/1/2] mpls ldp transport-address interface [PE1-POS5/1/2] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.4.4.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # Configure PE 2 in a similar way to configuring PE 1.
[PE3] mpls lsr-id 1.1.1.9 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0001.00 [PE3-isis-2] quit [PE3] interface loopback 0 [PE3-LoopBack0] isis enable 2 [PE3-LoopBack0] quit [PE3] interface pos 5/1/2 [PE3-POS5/1/2] ip address 10.1.1.1 24 [PE3-POS5/1/2] isis enable 2 [PE3-POS5/1/2] mpls [PE3-POS5/1/2] mpls ldp [PE3-POS5/1/2] mpls ldp transport-address interface [PE3-POS5/1/2] quit # Configure CE 1.
[PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] mpls ldp vpn-instance vpn1 [PE1-mpls-ldp-vpn-instance-vpn1] quit [PE1] isis 2 vpn-instance vpn1 [PE1-isis-2] network-entity 10.0000.0000.0000.0003.00 [PE1-isis-2] import-route bgp allow-ibgp [PE1-isis-2] quit [PE1] interface pos 5/1/1 [PE1-POS5/1/1] ip binding vpn-instance vpn1 [PE1-POS5/1/1] ip address 11.1.1.
[PE3-vpn-instance-vpn1] vpn-target 1:1 [PE3-vpn-instance-vpn1] quit [PE3] interface gigabitethernet 2/1/1 [PE3-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE3-GigabitEthernet2/1/1] ipv6 address 2001:1::2 96 [PE3-GigabitEthernet2/1/1] quit [PE3] bgp 100 [PE3-bgp] ipv6-family vpn-instance vpn1 [PE3-bgp-ipv6-vpn1] peer 2001:1::1 as-number 65410 [PE3-bgp-ipv6-vpn1] import-route direct [PE3-bgp-ipv6-vpn1] quit [PE3-bgp] quit # Configure PE 4 and CE 4 in a similar way to configuring PE 3 and CE 3.
2.2.2.9/32 ISIS 15 10 11.1.1.1 POS5/1/1 5.5.5.9/32 BGP 255 0 4.4.4.9 NULL0 6.6.6.9/32 BGP 255 0 4.4.4.9 NULL0 10.1.1.0/24 ISIS 15 20 11.1.1.1 POS5/1/1 11.1.1.0/24 Direct 0 0 11.1.1.1 POS5/1/1 11.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 11.1.1.2/32 Direct 0 0 11.1.1.2 POS5/1/1 20.1.1.0/24 BGP 255 0 4.4.4.9 NULL0 21.1.1.0/24 BGP 255 0 4.4.4.9 NULL0 21.1.1.2/32 BGP 255 0 4.4.4.
6.6.6.9/32 ISIS 84 10.1.1.2 POS5/1/2 10.1.1.0/24 Direct 0 15 0 10.1.1.1 POS5/1/2 10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 10.1.1.2/32 Direct 0 0 10.1.1.2 POS5/1/2 11.1.1.0/24 ISIS 15 20 10.1.1.2 POS5/1/2 20.1.1.0/24 ISIS 15 84 10.1.1.2 POS5/1/2 21.1.1.0/24 ISIS 15 84 10.1.1.2 POS5/1/2 21.1.1.2/32 ISIS 15 84 10.1.1.2 POS5/1/2 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 # Ping PE 3 from PE 4 and ping PE 4 from PE 3.
Configuring MCE Network requirements As shown in Figure 1078, VPN 2 runs RIPng. Configure the MCE device to separate routes from different VPNs and advertise the VPN routes to PE 1 through IPv6 ISIS. Figure 106 Network diagram VPN 2 Site 1 CE PE 2 PE 1 GE2/1/1.2 GE2/1/1.1 VPN 1 2012:1::/64 GE2/1/2 2012:1::2/64 VR 1 GE2/1/3.2 GE2/1/1 GE2/1/3.
# Bind interface GigabitEthernet 2/1/1 with VPN instance vpn1 and configure an IPv6 address for the interface. [MCE] interface gigabitethernet 2/1/1 [MCE-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [MCE-GigabitEthernet2/1/1] ipv6 address 2001:1::1 64 [MCE-GigabitEthernet2/1/1] quit # Bind interface GigabitEthernet 2/1/2 with VPN instance vpn2, and configure an IPv6 address for the interface.
[VR2] ripng 20 [VR2-ripng-20] quit [VR2] interface gigabitethernet 2/1/1 [VR2-GigabitEthernet2/1/1] ripng 20 enable [VR2-GigabitEthernet2/1/1] quit [VR2] interface gigabitethernet 2/1/2 [VR2-GigabitEthernet2/1/2] ripng 20 enable [VR2-GigabitEthernet2/1/2] quit # On the MCE, display the routing tables of the VPN instances vpn1 and vpn2.
3. Configure routing between the MCE and PE 1: # The MCE is connected to PE 1 through subinterfaces. On the MCE, configure subinterfaces GigabitEthernet 2/1/3.1 and GigabitEthernet 2/1/3.2. [MCE] interface gigabitethernet 2/1/3.1 [MCE-GigabitEthernet2/1/3.1] vlan-type dot1q vid 10 [MCE-GigabitEthernet2/1/3.1] ipv6 address 2001:2::3 64 [MCE-GigabitEthernet2/1/3.1] quit [MCE] interface gigabitethernet 2/1/3.2 [MCE-GigabitEthernet2/1/3.2] vlan-type dot1q vid 20 [MCE-GigabitEthernet2/1/3.
Interface : InLoop0 Cost : 0 Destination: 2001:2::/64 Protocol : Direct NextHop : 2001:2::4 Preference: 0 Interface : GigabitEthernet2/1/1.1 Cost : 0 Destination: 2001:2::4/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2012:1::/64 Protocol : ISISv6 NextHop : FE80::200:5EFF:FE01:1C05 Preference: 15 Interface : GigabitEthernet2/1/1.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index BCDEIMORSTV Configuring VPLS instance attributes,216 B Contacting HP,446 Binding a VPLS instance,214 Conventions,447 C Creating an MPLS TE tunnel over a static CR-LSP,54 Configuring a PE-CE interface,160 D Configuring a static LSP,11 Displaying and maintaining MPLS,28 Configuring an MPLS TE tunnel with a dynamic signaling protocol,55 Displaying and maintaining MPLS L2VPN,172 Displaying and maintaining MPLS L3VPN,299 Configuring an OSPF sham link,286 Displaying and maintaining MPLS TE,79
Overview,244 Specifying the VPN label processing mode,297 Overview,1 T Overview,203 Troubleshooting MPLS L2VPN,202 Overview,147 Troubleshooting MPLS TE,145 Overview,387 Troubleshooting VPLS,243 R Tuning CR-LSP setup,65 Related information,446 Tuning MPLS TE tunnel setup,67 Resetting BGP connections,298 V Resetting BGP connections,407 VPLS configuration examples,218 S VPLS configuration task list,209 450
