HP MSR Router Series MPLS Configuration Guide(V7) Part number: 5998-5680 Software version: CMW710-R0106 Document version: 6PW100-20140607
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Configuring basic MPLS ·············································································································································· 1 Overview············································································································································································ 1 Basic concepts ·········································································································································
Configuring a label acceptance policy ······················································································································· 30 Configuring LDP loop detection ···································································································································· 31 Configuring LDP session protection ······························································································································ 32 Configuring LDP GR
Configuring MPLS TE FRR ·············································································································································· 81 Enabling FRR ·························································································································································· 81 Configuring a bypass tunnel on the PLR ············································································································· 82 Configuring node fa
Tunnel selection order configuration example ································································································· 163 Preferred tunnel and tunnel selection order configuration example ······························································ 164 Configuring MPLS L3VPN ······································································································································· 166 Overview····························································
Configuring Configuring Configuring Configuring Configuring Configuring MCE ················································································································································ 284 BGP AS number substitution ········································································································· 290 BGP AS number substitution and SoO attribute ········································································· 293 MPLS L3VPN FRR through VPN
Configuring a cross-connect ······································································································································· 382 Configuring a PW ························································································································································ 383 Configuring a PW class······································································································································ 383 Configuri
Configuring PS attributes for the protection group ··································································································· 436 Configuring command switching for the protection group ······················································································ 437 Configuring the PSC message sending interval ········································································································ 437 Displaying and maintaining MPLS protection switching ····
Configuring basic MPLS In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. Overview Multiprotocol Label Switching (MPLS) provides connection-oriented label switching over connectionless IP backbone networks. It integrates both the flexibility of IP routing and the simplicity of Layer 2 switching.
LSR A router that performs MPLS forwarding is a label switching router (LSR). LSP A label switched path (LSP) is the path along which packets of an FEC travel through an MPLS network. An LSP is a unidirectional packet forwarding path. Two neighboring LSRs are called the upstream LSR and downstream LSR along the direction of an LSP. In Figure 2, LSR B is the downstream LSR of LSR A, and LSR A is the upstream LSR of LSR B.
• Ingress LSR—Ingress LSR of packets. It labels packets entering into the MPLS network. • Transit LSR—Intermediate LSRs in the MPLS network. The transit LSRs on an LSP forward packets to the egress LSR according to labels. • Egress LSR—Egress LSR of packets. It removes labels from packets and forwards the packets to their destination networks. LSP establishment LSPs include static and dynamic LSPs. • Static LSP—To establish a static LSP, you must configure an LFIB entry on each LSR along the LSP.
MPLS forwarding Figure 5 MPLS forwarding As shown in Figure 5, a packet is forwarded over the MPLS network as follows: 1. Router B (the ingress LSR) receives a packet with no label. It then does the following: a. Identifies the FIB entry that matches the destination address of the packet. b. Adds the outgoing label (40, in this example) to the packet. c. Forwards the labeled packet out of the interface GigabitEthernet 2/1/2 to the next hop LSR Router C. 2.
• One LFIB lookup and one FIB lookup (if the packet has only one label). The penultimate hop popping (PHP) feature can pop the label at the penultimate node, so the egress node only performs one table lookup. A PHP-capable egress node sends the penultimate node an implicit null label of 3. This label never appears in the label stack of packets.
Step Command Remarks By default, no LSR ID is configured. An LSR ID must be unique in an MPLS network and in IP address format. HP recommends that you use the IP address of a loopback interface as an LSR ID. 2. Configure an LSR ID for the local node. mpls lsr-id lsr-id 3. Enter the view of the interface that needs to perform MPLS forwarding. interface interface-type interface-number N/A 4. Enable MPLS on the interface. mpls enable By default, MPLS is disabled on the interface.
Specifying the label type advertised by the egress In an MPLS network, an egress can advertise the following types of labels: • Implicit null label with a value of 3. • Explicit null label with a value of 0. • Non-null label. For LSPs established by a label distribution protocol, the label advertised by the egress determines how the penultimate hop processes a labeled packet. • If the egress advertises an implicit null label, the penultimate hop directly pops the top label of a matching packet.
hops the packet has traversed in the MPLS network. The IP tracert facility can show the real path along which the packet has traveled. Figure 6 TTL propagation When TTL propagation is disabled, the ingress node sets the label TTL to 255. Each LSR on the LSP decreases the label TTL value by 1. The LSR that pops the label does not change the IP TTL value when popping the label.
Step Command Remarks By default, TTL propagation is enabled only for public-network packets. 2. Enable TTL propagation. mpls ttl propagate { public | vpn } This command affects only the propagation between IP TTL and label TTL. Within an MPLS network, TTL is always copied between the labels of an MPLS packet. Enabling sending of MPLS TTL-expired messages This feature enables an LSR to generate an ICMP TTL-expired message upon receiving an MPLS packet with a TTL of 1.
Enabling MPLS label forwarding statistics MPLS label forwarding forwards a labeled packet based on its incoming label. Perform this task to enable MPLS label forwarding statistics and MPLS statistics reading, so that you can use the display mpls lsp verbose command to view MPLS label statistics. To enable MPLS label forwarding statistics: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable MPLS label forwarding statistics for specific LSPs.
Task Command Display MPLS Nexthop Information Base (NIB) information. display mpls nib [ nib-id ] Display usage information about NIDs. display mpls nid [ nid-value1 [ to nid-value2 ] ] Display LSP statistics. display mpls lsp statistics Display MPLS summary information. display mpls summary Display ILM entries (MSR2000/MSR3000). display mpls forwarding ilm [ label ] Display ILM entries (MSR4000).
Configuring a static LSP Overview A static label switched path (LSP) is established by manually specifying the incoming label and outgoing label on each node (ingress, transit, or egress node) of the forwarding path. Static LSPs consume fewer resources, but they cannot automatically adapt to network topology changes. Therefore, static LSPs are suitable for small and stable networks with simple topologies. Follow these guidelines to establish a static LSP: The ingress node does the following: • a.
Step Command Remarks 2. Configure the ingress node of the static LSP. static-lsp ingress lsp-name destination dest-addr { mask | mask-length } { nexthop next-hop-addr | outgoing-interface interface-type interface-number } out-label out-label If you specify a next hop for the static LSP, make sure the ingress node has an active route to the specified next hop address. 3. Configure the transit node of the static LSP.
A route to the destination address of the LSP must be available on the ingress node, but it is not needed on transit and egress nodes. Therefore, you do not need to configure a routing protocol to ensure IP connectivity among all routers. Configuration procedure 1. Configure IP addresses for all interfaces, including the loopback interfaces, as shown in Figure 8. (Details not shown.) 2.
[RouterB] static-lsp transit CtoA in-label 40 nexthop 10.1.1.1 out-label 70 # Configure the LSP egress node, Router A. [RouterA] static-lsp egress CtoA in-label 70 Verifying the configuration # Display static LSP information on routers, for example, on Router A. [RouterA] display mpls static-lsp Total: 2 Name FEC In/Out Label Nexthop/Out Interface State AtoC 21.1.1.0/24 NULL/30 10.1.1.2 Up CtoA -/- 70/NULL - Up # Test the connectivity of the LSP from Router A to Router C.
Configuring LDP In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. Overview The Label Distribution Protocol (LDP) dynamically distributes FEC-label mapping information between LSRs to establish LSPs. Terminology LDP session Two LSRs establish a TCP-based LDP session to exchange FEC-label mappings. LDP peer Two LSRs that use LDP to exchange FEC-label mappings are LSR peers.
• Discovery messages—Declare and maintain the presence of LSRs, such as Hello messages. • Session messages—Establish, maintain, and terminate sessions between LDP peers, such as Initialization messages used for parameter negotiation and Keepalive messages used to maintain sessions. • Advertisement messages—Create, alter, and remove FEC-label mappings, such as Label Mapping messages used to advertise FEC-label mappings.
Figure 9 Dynamically establishing an LSP Label distribution and control Label advertisement modes Figure 10 Label advertisement modes LDP advertises label-FEC mappings in one of the following ways: • Downstream Unsolicited (DU) mode—Distributes FEC-label mappings to the upstream LSR, without waiting for label requests. The device supports only the DU mode. • Downstream on Demand (DoD) mode—Sends a label request for an FEC to the downstream LSR.
Label distribution control LDP controls label distribution in one of the following ways: • Independent label distribution—Distributes an FEC-label mapping to an upstream LSR at any time. An LSR might distribute a mapping for an FEC to its upstream LSR before it receives a label mapping for that FEC from its downstream LSR.
LDP GR LDP Graceful Restart enables an LSR to retain MPLS forwarding entries during an LDP restart, ensuring continuous MPLS forwarding. Figure 12 LDP GR As shown in Figure 12, GR defines the following roles: • GR restarter—An LSR that performs GR. It must be GR-capable. • GR helper—A neighbor LSR that helps the GR restarter to complete GR. The device can act as a GR restarter or a GR helper.
3. After LDP completes restart, the GR restarter reestablishes an LDP session to the GR helper. If the LDP session is not set up before the Reconnect timer expires, the GR helper deletes the stale FEC-label mappings and the corresponding MPLS forwarding entries. If the LDP session is successfully set up before the Reconnect timer expires, the GR restarter sends the remaining time of the MPLS Forwarding State Holding timer as the LDP Recovery time to the GR helper. 4.
{ { With LDP NSR, LDP peers of the local device are not notified of any switchover event on the local device. The local device does not require help from a peer to restore the MPLS forwarding information. With LDP GR, the LDP peer must be able to identify the GR capability flag (in the Initialization message) of the GR restarter. The LDP peer acts as a GR helper to help the GR restarter to restore MPLS forwarding information.
If a notification delay is configured, LDP notifies IGP of the LDP-IGP synchronization states in bulk when one of the following events occurs: • { LDP recovers to the status before the restart or switchover. { The maximum delay timer expires. LDP FRR A link or router failure on a path can cause packet loss until LDP establishes a new LSP on the new path. LDP FRR enables fast rerouting to minimize the failover time. LDP FRR is based on IP FRR and is enabled automatically after IP FRR is enabled.
Tasks at a glance (Optional.) Configuring Hello parameters (Optional.) Configuring LDP session parameters (Optional.) Configuring LDP backoff (Optional.) Configuring LDP MD5 authentication (Optional.) Configuring LDP to redistribute BGP IPv4 unicast routes (Optional.) Configuring an LSP generation policy (Optional.) Configuring the LDP label distribution control mode (Optional.) Configuring a label advertisement policy (Optional.) Configuring a label acceptance policy (Optional.
Enabling LDP on an interface Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number If the interface is bound to a VPN instance, you must enable LDP for the VPN instance by using the vpn-instance command in LDP view. 3. Enable LDP on the interface. mpls ldp enable By default, LDP is disabled on an interface.
Configuring LDP session parameters This task configures the following LDP session parameters: • Keepalive hold time and Keepalive interval. • LDP transport address—IP address for establishing TCP connections. LDP uses Basic Discovery and Extended Discovery mechanisms to discovery LDP peers and establish LDP sessions with them. When you configure LDP session parameters, follow these guidelines: • The configured LDP transport address must be the IP address of an up interface on the device.
Step Command Remarks 3. Specify an LDP peer and enter LDP peer view. The device will send unsolicited Targeted Hellos to the peer and can respond to Targeted Hellos sent from the targeted peer. targeted-peer peer-lsr-id By default, the device does not send Targeted Hellos to or receive Targeted Hellos from any peer. 4. Configure the Keepalive hold time. mpls ldp timer keepalive-hold timeout By default, the Keepalive hold time is 45 seconds. 5. Configure the Keepalive interval.
Step Command Remarks 1. Enter system view. system-view N/A • Enter LDP view: 2. Enter LDP view or enter LDP-VPN instance view. mpls ldp • Enter LDP-VPN instance view: N/A a. mpls ldp b. vpn-instance vpn-instance-name 3. Enable LDP authentication. MD5 md5-authentication peer-lsr-id { cipher | plain } password By default, LDP MD5 authentication is disabled.
• Use the routes permitted by an IP prefix list to establish LSPs. For information about IP prefix list configuration, see Layer 3—IP Routing Configuration Guide. • Use only host routes with a 32-bit mask to establish LSPs. By default, LDP uses only host routes with a 32-bit mask to establish LSPs. The other two methods can result in more LSPs than the default policy. To change the policy, be sure that the system resources and bandwidth resources are sufficient.
Figure 15 Label advertisement control diagram A label advertisement policy on an LSR and a label acceptance policy on its upstream LSR can achieve the same purpose. HP recommends that you use label advertisement policies to reduce network load if downstream LSRs support label advertisement control. Before you configure an LDP label advertisement policy, create an IP prefix list. For information about IP prefix list configuration, see Layer 3—IP Routing Configuration Guide.
Figure 16 Label acceptance control diagram D o be la er s ilt g t f pin no ap m l A label advertisement policy on an LSR and a label acceptance policy on its upstream LSR can achieve the same purpose. HP recommends using the label advertisement policy to reduce network load. You must create an IP prefix list before you configure a label acceptance policy. For information about IP prefix list configuration, see Layer 3—IP Routing Configuration Guide.
Step Command Remarks • Enter LDP view: 2. Enter LDP view or enter LDP-VPN instance view. mpls ldp • Enter LDP-VPN instance view: N/A a. mpls ldp b. vpn-instance vpn-instance-name By default, loop detection is disabled. After loop detection is enabled, the device uses both the maximum hop count and the path vector methods to detect loops. 3. Enable loop detection. loop-detect 4. Specify the maximum hop count. maxhops hop-number By default, the maximum hop count is 32. 5.
Configuring LDP GR Before you configure LDP GR, enable LDP on the GR restarter and GR helpers. To configure LDP GR: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter LDP view. mpls ldp N/A 3. Enable LDP GR. graceful-restart By default, LDP GR is disabled. 4. Configure the Reconnect timer for LDP GR. graceful-restart timer reconnect reconnect-time By default, the Reconnect time is 120 seconds. 5. Configure the MPLS Forwarding State Holding timer for LDP GR.
To configure LDP-OSPF synchronization for an OSPF process: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPF view. ospf [ process-id | router-id router-id ] * N/A mpls ldp sync By default, LDP-OSPF synchronization is disabled. 4. Return to system view. quit N/A 5. Enter interface view. interface interface-type interface-number N/A 6. (Optional.) Disable LDP-IGP synchronization on the interface.
Step Command Remarks 11. (Optional.) Set the maximum delay for LDP to notify IGP of the LDP-IGP synchronization status after an LDP restart or active/standby switchover. igp sync delay on-restart time By default, the maximum notification delay is 90 seconds. Configuring LDP-ISIS synchronization LDP-IGP synchronization is not supported for an IS-IS process that belongs to a VPN instance. To configure LDP-ISIS synchronization for an IS-IS process: Step Command Remarks 1. Enter system view.
Specifying a DSCP value for outgoing LDP packets To control the transmission preference of outgoing LDP packets, specify a DSCP value for outgoing LDP packets. To specify a DSCP value for outgoing LDP packets: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter LDP view. mpls ldp N/A dscp dscp-value By default, the DSCP value for outgoing LDP packets is 48. 3. Specify a DSCP value outgoing LDP packets.
Task Command Display LDP discovery information (MSR4000). display mpls ldp discovery [ vpn-instance vpn-instance-name ] [ interface interface-type interface-number | peer peer-lsr-id | targeted-peer peer-lsr-id ] [ verbose ] [ standby slot slot-number ] Display LDP FEC-label mapping information (MSR2000/MSR3000). display mpls ldp fec [ vpn-instance vpn-instance-name ] [ destination-address mask-length | summary ] Display LDP FEC-label mapping information (MSR4000).
Figure 17 Network diagram Requirements analysis • To ensure that the LSRs establish LSPs automatically, enable LDP on each LSR. • To establish LDP LSPs, configure a routing protocol to ensure IP connectivity between the LSRs. This example uses OSPF. • To control the number of LSPs, configure an LSP generation policy on each LSR. Configuration procedure 1. Configure IP addresses and masks for interfaces, including the loopback interfaces, as shown in Figure 17. (Details not shown.) 2.
[RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit # Verify that the routers have learned the routes to each other. For example, on Router A: [RouterA] display ip routing-table Destinations : 21 3. Routes : 21 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 Pre 0 127.0.0.1 InLoop0 1.1.1.9/32 Direct 0 0 127.0.0.1 InLoop0 2.2.2.9/32 OSPF 10 1 10.1.1.2 S2/1/0 3.3.3.9/32 OSPF 10 2 10.1.1.2 S2/1/0 10.1.1.0/24 Direct 0 0 10.1.1.1 S2/1/0 10.1.1.
[RouterB-Serial2/1/1] mpls ldp enable [RouterB-Serial2/1/1] quit # Configure Router C. [RouterC] mpls lsr-id 3.3.3.9 [RouterC] mpls ldp [RouterC-ldp] quit [RouterC] interface serial 2/1/0 [RouterC-Serial2/1/0] mpls enable [RouterC-Serial2/1/0] mpls ldp enable [RouterC-Serial2/1/0] quit 4. Configure LSP generation policies: # On Router A, create IP prefix list routera, and configure LDP to use only the routes permitted by the prefix list to establish LSPs.
FEC In/Out Label 1.1.1.9/32 3/- Nexthop OutInterface -/3 10.1.1.2 S2/1/0 1279/3 10.1.1.2 S2/1/0 -/1278 10.1.1.2 S2/1/0 1278/1278 10.1.1.2 S2/1/0 -/1276 10.1.1.2 S2/1/0 1276/1276 10.1.1.2 S2/1/0 -/1279(L) 2.2.2.9/32 3.3.3.9/32 11.1.1.0/24 1277/-/1277(L) 21.1.1.0/24 # Test the connectivity of the LDP LSP from Router A to Router C. [RouterA] ping mpls -a 11.1.1.1 ipv4 21.1.1.0 24 MPLS Ping FEC: 21.1.1.0/24 : 100 data bytes 100 bytes from 20.1.1.
Figure 18 Network diagram Requirements analysis • To ensure that the LSRs establish LSPs automatically, enable LDP on each LSR. • To establish LDP LSPs, configure a routing protocol to ensure IP connectivity between the LSRs. This example uses OSPF. • To ensure that LDP establishes LSPs only for the routes 11.1.1.0/24 and 21.1.1.0/24, configure LSP generation policies on each LSR.
[RouterA-Serial2/1/1] mpls ldp enable [RouterA-Serial2/1/1] quit # Configure Router B. system-view [RouterB] mpls lsr-id 2.2.2.9 [RouterB] mpls ldp [RouterB-ldp] quit [RouterB] interface serial 2/1/0 [RouterB-Serial2/1/0] mpls enable [RouterB-Serial2/1/0] mpls ldp enable [RouterB-Serial2/1/0] quit [RouterB] interface serial 2/1/1 [RouterB-Serial2/1/1] mpls enable [RouterB-Serial2/1/1] mpls ldp enable [RouterB-Serial2/1/1] quit # Configure Router C. system-view [RouterC] mpls lsr-id 3.
[RouterA-ldp] lsp-trigger prefix-list routera [RouterA-ldp] quit # On Router B, create IP prefix list routerb, and configure LDP to use only the routes permitted by the prefix list to establish LSPs. [RouterB] ip prefix-list routerb index 10 permit 11.1.1.0 24 [RouterB] ip prefix-list routerb index 20 permit 21.1.1.
[RouterC-ldp] quit Verifying the configuration # Display LDP LSP information on routers, for example, on Router A. [RouterA] display mpls ldp lsp Status Flags: * - stale, L - liberal, B - backup FECs: 2 Ingress: 1 Transit 1 Egress: 1 FEC In/Out Label Nexthop OutInterface 11.1.1.0/24 1277/- -/1276 10.1.1.2 S2/1/0 1276/1276 10.1.1.2 S2/1/0 -/1148(L) 21.1.1.0/24 -/1149(L) The output shows that the next hop of the LSP for FEC 21.1.1.0/24 is Router B (10.1.1.2).
Configure LDP to establish LSPs only on the link Router A—Router B—Router C to forward traffic between subnets 11.1.1.0/24 and 21.1.1.0/24. Figure 19 Network diagram Requirements analysis • To ensure that the LSRs establish LSPs automatically, enable LDP on each LSR. • To establish LDP LSPs, configure a routing protocol to ensure IP connectivity between the LSRs. This example uses OSPF. • To ensure that LDP establishes LSPs only for the routes 11.1.1.0/24 and 21.1.1.
[RouterA] interface serial 2/1/1 [RouterA-Serial2/1/1] mpls enable [RouterA-Serial2/1/1] mpls ldp enable [RouterA-Serial2/1/1] quit # Configure Router B. system-view [RouterB] mpls lsr-id 2.2.2.
[RouterA] ip prefix-list routera index 20 permit 21.1.1.0 24 [RouterA] mpls ldp [RouterA-ldp] lsp-trigger prefix-list routera [RouterA-ldp] quit # On Router B, create IP prefix list routerb, and configure LDP to use only the routes permitted by the prefix list to establish LSPs. [RouterB] ip prefix-list routerb index 10 permit 11.1.1.0 24 [RouterB] ip prefix-list routerb index 20 permit 21.1.1.
[RouterC-ldp] quit # On Router D, create an IP prefix list prefix-to-a that denies subnet 21.1.1.0/24. Router D uses this list to filter FEC-label mappings to be advertised to Router A. [RouterD] ip prefix-list prefix-to-a index 10 deny 21.1.1.0 24 [RouterD] ip prefix-list prefix-to-a index 20 permit 0.0.0.0 0 less-equal 32 # On Router D, create an IP prefix list peer-a that permits 1.1.1.9/32. Router D uses this list to filter peers. [RouterD] ip prefix-list peer-a index 10 permit 1.1.1.
FEC In/Out Label Nexthop OutInterface 11.1.1.0/24 -/1277 20.1.1.1 S2/1/0 1148/1277 20.1.1.1 S2/1/0 21.1.1.0/24 1149/-/1276(L) -/1150(L) [RouterD] display mpls ldp lsp Status Flags: * - stale, L - liberal, B - backup FECs: 2 Ingress: 0 Transit: 0 Egress: 2 FEC In/Out Label Nexthop OutInterface 11.1.1.0/24 1151/-/1277(L) 21.1.1.0/24 1150/- The output shows that Router A and Router C have received FEC-label mappings only from Router B.
LDP FRR configuration example Network requirements Router S, Router A, and Router D reside in the same OSPF domain. Configure OSPF FRR so LDP can establish a primary LSP and a backup LSP on the Router S—Router D and the Router S—Router A—Router D links, respectively. When the primary LSP operates correctly, traffic between subnets 11.1.1.0/24 and 21.1.1.0/24 is forwarded through the LSP. When the primary LSP fails, traffic between the two subnets can be immediately switched to the backup LSP.
# Configure Router D. system-view [RouterD] bfd echo-source-ip 11.11.11.11 [RouterD] ospf 1 [RouterD-ospf-1] fast-reroute lfa [RouterD-ospf-1] quit { (Method 2.) Enable OSPF FRR to specify a backup next hop by using a routing policy: # Configure Router S. system-view [RouterS] bfd echo-source-ip 10.10.10.10 [RouterS] ip prefix-list abc index 10 permit 21.1.1.
[RouterD-mpls-ldp] quit [RouterD] interface gigabitethernet 2/1/1 [RouterD-GigabitEthernet2/1/1] mpls enable [RouterD-GigabitEthernet2/1/1] mpls ldp enable [RouterD-GigabitEthernet2/1/1] quit [RouterD] interface gigabitethernet 2/1/2 [RouterD-GigabitEthernet2/1/2] mpls enable [RouterD-GigabitEthernet2/1/2] mpls ldp enable [RouterD-GigabitEthernet2/1/2] quit # Configure Router A. [RouterA] mpls lsr-id 2.2.2.
Configuring MPLS TE Overview TE and MPLS TE Network congestion can degrade the network backbone performance. It might occur when network resources are inadequate or when load distribution is unbalanced. Traffic engineering (TE) is intended to avoid the latter situation where partial congestion might occur because of improper resource allocation.
3. A label distribution protocol (such as RSVP-TE) advertises labels to establish CRLSPs and reserve bandwidth resources on each node along the calculated path. Dynamic CRLSPs adapt to network changes and support CRLSP backup and fast reroute, but they require complicated configurations. Advertising TE attributes MPLS TE uses extended link state IGPs, such as OSPF and IS-IS, to advertise TE attributes for links.
To avoid flapping caused by improper preemptions, the setup priority value of a tunnel must be equal to or greater than the holding priority value. • Explicit path Explicit path specifies the nodes to pass and the nodes to not pass for a tunnel. Explicit paths include the following types: { { Strict explicit path—Among the nodes that the path must traverse, a node and its previous hop must be connected directly.
tunnel can participate IGP routing calculation. Automatic route advertisement is easy to configure and maintain. Automatic route advertisement can be implemented by using the following methods: • IGP shortcut—Also known as AutoRoute Announce. It considers the MPLS TE tunnel as a link that directly connects the tunnel ingress node and the egress node. Only the ingress node uses the MPLS TE tunnel during IGP route calculation.
CRLSPs separately. The make-before-break mechanism uses the SE resource reservation style to address this problem. The resource reservation style refers to the style in which RSVP-TE reserves bandwidth resources during CRLSP establishment. The resource reservation style used by an MPLS TE tunnel is determined by the ingress node, and is advertised to other nodes through RSVP.
MPLS TE sets up the tunnel on another path. When the link has enough bandwidth, the tunnel optimization function can switch the MPLS TE tunnel to the optimal path. Automatic bandwidth adjustment Because users cannot estimate accurately how much traffic they need to transmit through a service provider network, the service provider should be able to do the following: • Create MPLS TE tunnels with the bandwidth initially requested by the users.
Protection modes FRR provides the following protection modes: • Link protection—The PLR and the MP are connected through a direct link and the primary CRLSP traverses this link. When the link fails, traffic is switched to the bypass tunnel. As shown in Figure 23, the primary CRLSP is Router A—Router B—Router C—Router D, and the bypass tunnel is Router B—Router F—Router C. This mode is also called next-hop (NHOP) protection.
Basic concepts • CT—Class Type. DS-TE allocates link bandwidth, implements constraint-based routing, and performs admission control on a per class type basis. A given traffic flow belongs to the same CT on all links. • BC—Bandwidth Constraint. BC restricts the bandwidth for one or more CTs. • Bandwidth constraint model—Algorithm for implementing bandwidth constraints on different CTs. A BC model comprises two factors, the maximum number of BCs (MaxBC) and the mappings between BCs and CTs.
Figure 25 RDM bandwidth constraints model In MAM model, a BC constrains the bandwidth for only one CT. This ensures bandwidth isolation among CTs no matter whether preemption is used or not. Compared with RDM, MAM is easier to configure. MAM is suitable for networks where traffic of each CT is stable and no traffic bursts occur. Figure 26 shows an example: • BC 0 is for CT 0. The bandwidth occupied by the traffic of CT 0 cannot exceed BC 0. • BC 1 is for CT 1.
During the delivery of the Resv message, a CRLSP in the other direction is established. The CRLSPs of a bidirectional MPLS TE tunnel established in co-routed mode use the same path. • Associated mode—In this mode, you establish a bidirectional MPLS TE tunnel by binding two unidirectional CRLSPs in opposite directions. The two CRLSPs can be established in different modes and use different paths. For example, one CRLSP is established statically and the other CRLSP is established dynamically by RSVP-TE.
10. On the ingress node of the MPLS TE tunnel, configure RSVP-TE to establish a CRLSP based on the tunnel constraints and link TE attributes. 11. On the ingress node of the MPLS TE tunnel, configure static routing, PBR, or automatic route advertisement to direct traffic to the MPLS TE tunnel. You can also configure other MPLS TE functions such as the DS-TE, automatic bandwidth adjustment, and FRR as needed. To configure MPLS TE, perform the following tasks: Tasks at a glance (Required.
Step Command Remarks 2. Enable MPLS TE and enter MPLS TE view. mpls te By default, MPLS TE is disabled. 3. Return to system view. quit N/A 4. Enter interface view. interface interface-type interface-number N/A 5. Enable MPLS TE for the interface. mpls te enable By default, MPLS TE is disabled on an interface. Configuring a tunnel interface To configure an MPLS TE tunnel, you must create an MPLS TE tunnel interface and enter tunnel interface view.
Table 1 Default TE classes in IETF mode TE Class CT Priority 0 0 7 1 1 7 2 2 7 3 3 7 4 0 0 5 1 0 6 2 0 7 3 0 Configuring an MPLS TE tunnel to use a static CRLSP To configure an MPLS TE tunnel to use a static CRLSP, perform the following tasks: • Establish the static CRLSP. • Specify the MPLS TE tunnel establishment mode as static. • Configure the MPLS TE tunnel to reference the static CRLSP. Other configurations, such as tunnel constraints and IGP extension, are not needed.
• Establish the CRLSP by using the signaling protocol RSVP-TE. You must configure the IGP TE extension to form a TEDB. Otherwise, the path is created based on IGP routing rather than computed by CSPF. Configuration task list To establish an MPLS TE tunnel by using a dynamic CRLSP: Tasks at a glance (Required.) Configuring MPLS TE attributes for a link (Required.) Advertising link TE attributes by using IGP TE extension (Required.) Configuring MPLS TE tunnel constraints (Required.
Step Command Remarks • Configure the maximum reservable bandwidth of the link (BC 0) and BC 1 in RDM model of the prestandard DS-TE: mpls te max-reservable-bandwidth bandwidth-value [ bc1 bc1-bandwidth ] • Configure the maximum reservable 4. Configure the maximum reservable bandwidth.
Step Command Remarks 4. Enter area view. area area-id N/A 5. Enable MPLS TE for the OSPF area. mpls te enable By default, an OSPF area does not support MPLS TE. Configuring IS-IS TE IS-IS TE uses a sub-TLV of the extended IS reachability TLV (type 22) to carry TE attributes. Because the extended IS reachability TLV carries wide metrics, specify a wide metric-compatible metric style for the IS-IS process before enabling IS-IS TE.
Step Command Remarks 3. Configure bandwidth required for the tunnel, and specify a CT for the tunnel's traffic. mpls te bandwidth [ ct0 | ct1 | ct2 | ct3 ] bandwidth By default, no bandwidth is assigned, and the class type is CT 0. Configuring the affinity attribute for an MPLS TE tunnel The associations between the link attribute and the affinity attribute might vary by vendor.
Step Command Remarks 2. Create an explicit path and enter its view. explicit-path path-name By default, no explicit path exists on the device. 3. Enable the explicit path. undo disable By default, an explicit path is enabled. By default, an explicit path does not include any node. 4. Add or modify a node in the explicit path.
Configuring the metric type for path selection Each MPLS TE link has two metrics: IGP metric and TE metric. By planning the two metrics, you can select different tunnels for different classes of traffic. For example, use the IGP metric to represent a link delay (a smaller IGP metric value indicates a lower link delay), and use the TE metric to represent a link bandwidth value (a smaller TE metric value indicates a bigger link bandwidth value).
Step Command Remarks 2. Enter MPLS TE tunnel interface view. interface tunnel tunnel-number [ mode mpls-te ] N/A 3. Enable route pinning. mpls te route-pinning By default, route pinning is disabled. Configuring tunnel reoptimization Tunnel reoptimization allows you to manually or dynamically trigger the ingress node to recalculate a path. If the ingress node recalculates a better path, it creates a new CRLSP, switches the traffic from the old CRLSP to the new CRLSP, and then deletes the old CRLSP.
Step Command Remarks 3. Configure the up/down threshold. mpls te bandwidth change thresholds { down | up } percent By default, the up/down threshold is 10% of the link reservable bandwidth. 4. Return to system view. quit N/A 5. Enter MPLS TE view. mpls te N/A 6. Configure the flooding interval. link-management periodic-flooding timer interval By default, the flooding interval is 180 seconds.
Configuring tunnel setup retry If the ingress node fails to establish an MPLS TE tunnel, it waits for the retry interval, and then tries to set up the tunnel again. It repeats this process until the tunnel is established or until the number of attempts reaches the maximum. If the tunnel cannot be established when the number of attempts reaches the maximum, the ingress waits for a longer period and then repeats the previous process. To configure tunnel setup retry: Step Command Remarks 1.
Step 7. (Optional.) Reset the automatic bandwidth adjustment. Command Remarks reset mpls te auto-bandwidth-adjustment timers After this command is executed, the system clears the output rate sampling information and the remaining time to the next bandwidth adjustment to start a new output rate sampling and bandwidth adjustment. Configuring RSVP resource reservation style Step Command Remarks 1. Enter system view. system-view N/A 2. Enter MPLS TE tunnel interface view.
Step Command Remarks By default, no destination address is configured for a tunnel bundle interface. 4. Configure the destination address for the tunnel bundle interface. destination ip-address HP recommends configuring the same destination address for a tunnel bundle interface and its member interfaces. Otherwise, traffic cannot be forwarded unless the tunnel bundle interface's destination address can be reached through the member interfaces.
Configuring PBR to direct traffic to an MPLS TE tunnel or tunnel bundle For more information about the commands in this task, see Layer 3—IP Routing Command Reference. To configure PBR to direct traffic to an MPLS TE tunnel or tunnel bundle: Step Command Remarks 1. Enter system view. system-view N/A 2. Create a PBR policy node and enter policy node view. policy-based-route policy-name [ deny | permit ] node node-number By default, no PBR policy node is created. 3. Configure an ACL match criterion.
• The route to the tunnel interface address (or the tunnel bundle interface address) and the route to the tunnel destination must be in the same OSPF area or at the same IS-IS level. Configuring IGP shortcut Step Command Remarks 1. Enter system view. system-view N/A • Enter MPLS TE tunnel interface view: 2. Enter interface view.
Configuring a bidirectional MPLS TE tunnel Before you create a bidirectional MPLS TE tunnel, complete the following tasks: • Disable the PHP function on both ends of the tunnel. • To set up a bidirectional MPLS TE tunnel in co-routed mode, you must specify the signaling protocol as RSVP-TE, and use the mpls te resv-style command to configure the resources reservation style as FF for the tunnel.
Step Command Remarks 3. Configure an associated bidirectional MPLS TE tunnel. mpls te bidirectional associated reverse-lsp { lsp-name lsp-name | lsr-id ingress-lsr-id tunnel-id tunnel-id } } By default, no bidirectional tunnel is configured, and tunnels established on the tunnel interface are unidirectional MPLS TE tunnels. Configuring CRLSP backup CRLSP backup provides end-to-end CRLSP protection. Only MPLS TE tunnels established through RSVP-TE support CRLSP backup.
Step Command Remarks By default, FRR is disabled. 3. Enable FRR. mpls te fast-reroute [ bandwidth ] If you specify the bandwidth keyword, the primary CRLSP must have bandwidth protection. Configuring a bypass tunnel on the PLR Overview To configure FRR, you must configure bypass tunnels for primary CRLSPs on the PLR.
Bandwidth required by primary CRLSP Primary CRLSP requires bandwidth protection or not Bypass tunnel providing bandwidth protection protection for the primary CRLSP, and performs best-effort forwarding for traffic of the primary CRLSP. No The primary CRLSP can be bound to the bypass tunnel when all the following conditions are met: • The bandwidth that the bypass tunnel can protect is no less than the bandwidth required by the primary CRLSP.
• Use bypass tunnels to protect only critical interfaces or links when bandwidth is insufficient. Bypass tunnels are pre-established and require extra bandwidth. • Make sure the bandwidth assigned to the bypass tunnel is no less than the total bandwidth needed by all primary CRLSPs to be protected by the bypass tunnel. Otherwise, some primary CRLSPs might not be protected by the bypass tunnel. • A bypass tunnel typically does not forward data when the primary CRLSP operates correctly.
Automatically setting up bypass tunnels With auto FRR, if the PLR is the penultimate node of a primary CRLSP, the PLR does not create a node-protection bypass tunnel for the primary CRLSP. To configure auto FRR on the PLR: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter MPLS TE view. mpls te N/A 3. Enable the auto FRR function globally. auto-tunnel backup By default, the auto FRR function is disabled globally. 4.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view of the connecting interface between the PLR and the protected node. interface interface-type interface-number N/A • (Method 1) Enable RSVP hello By default, RSVP hello extension is disabled, and BFD is not configured. 3. Configure node fault detection. extension on the interface: rsvp hello enable For more information about the rsvp hello enable command and the rsvp bfd enable command, see "Configuring RSVP.
Displaying and maintaining MPLS TE Execute display commands in any view and reset commands in user view. Task Command Display information about explicit paths. display explicit-path [ path-name ] Display link and node information in an IS-IS TEDB. display isis mpls te advertisement [ [ level-1 | level-2 ] | [ originate-system system-id | local ] | verbose ] * [ process-id ] Display sub-TLV information for IS-IS TE.
Figure 27 Network diagram Configuration procedure 1. Configure IP addresses and masks for interfaces. (Details not shown.) 2. Configure IS-IS to advertise interface addresses, including the loopback interface address: # Configure Router A. system-view [RouterA] isis 1 [RouterA-isis-1] network-entity 00.0005.0000.0000.0001.
[RouterC-isis-1] network-entity 00.0005.0000.0000.0003.00 [RouterC-isis-1] quit [RouterC] interface gigabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] isis enable 1 [RouterC-GigabitEthernet2/1/1] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] isis enable 1 [RouterC-LoopBack0] quit # Execute the display ip routing-table command on each router to verify that the routers have learned the routes to one another, including the routes to the loopback interfaces. (Details not shown.) 3.
[RouterB] interface gigabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet2/1/1] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet2/1/1] quit [RouterB] interface gigabitethernet 2/1/2 [RouterB-GigabitEthernet2/1/2] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet2/1/2] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet2/1/2] quit # Configure the maximum link bandwidth and maximum reservable bandwidth on Router C.
Line protocol state: UP Description: Tunnel0 Interface Bandwidth: 64kbps Maximum Transmit Unit: 1496 Internet Address is 6.1.1.1/24 Primary Tunnel source unknown, destination 3.3.3.
Collected Bandwidth : - # Execute the display mpls lsp command or the display mpls static-cr-lsp command on each router to display the static CRLSP information. [RouterA] display mpls lsp FEC Proto 1.1.1.1/0/1 StaticCR -/20 In/Out Label Interface/Out NHLFE GE2/1/1 2.1.1.2 Local -/- GE2/1/1 FEC Proto In/Out Label Interface/Out NHLFE - StaticCR 20/30 GE2/1/2 3.2.1.
Table 3 Interface and IP address assignment Device Interface IP address Device Interface IP address Router A Loop0 1.1.1.9/32 Router C Loop0 3.3.3.9/32 GE2/1/1 10.1.1.1/24 GE2/1/1 30.1.1.1/24 Loop0 2.2.2.9/32 POS2/2/0 20.1.1.2/24 GE2/1/1 10.1.1.2/24 Loop0 4.4.4.9/32 POS2/2/0 20.1.1.1/24 GE2/1/1 30.1.1.2/24 Router B Router D Configuration procedure 1. Configure IP addresses and masks for interfaces. (Details not shown.) 2.
[RouterC-isis-1] quit [RouterC] interface gigabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] isis enable 1 [RouterC-GigabitEthernet2/1/1] isis circuit-level level-2 [RouterC-GigabitEthernet2/1/1] quit [RouterC] interface pos 2/2/0 [RouterC-POS2/2/0] isis enable 1 [RouterC-POS2/2/0] isis circuit-level level-2 [RouterC-POS2/2/0] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] isis enable 1 [RouterC-LoopBack0] isis circuit-level level-2 [RouterC-LoopBack0] quit # Configure Router D.
[RouterB] interface gigabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] mpls enable [RouterB-GigabitEthernet2/1/1] mpls te enable [RouterB-GigabitEthernet2/1/1] rsvp enable [RouterB-GigabitEthernet2/1/1] quit [RouterB] interface pos 2/2/0 [RouterB-POS2/2/0] mpls enable [RouterB-POS2/2/0] mpls te enable [RouterB-POS2/2/0] rsvp enable [RouterB-POS2/2/0] quit # Configure Router C. [RouterC] mpls lsr-id 3.3.3.
[RouterB-isis-1] quit # Configure Router C. [RouterC] isis 1 [RouterC-isis-1] cost-style wide [RouterC-isis-1] mpls te enable level-2 [RouterC-isis-1] quit # Configure Router D. [RouterD] isis 1 [RouterD-isis-1] cost-style wide [RouterD-isis-1] mpls te enable level-2 [RouterD-isis-1] quit 5. Configure MPLS TE attributes of links: # Configure the maximum link bandwidth and maximum reservable bandwidth on Router A.
# Configure MPLS TE to use RSVP-TE to establish the tunnel. [RouterA-Tunnel1] mpls te signaling rsvp-te # Assign 2000 kbps bandwidth to the tunnel. [RouterA-Tunnel1] mpls te bandwidth 2000 [RouterA-Tunnel1] quit 7. Configure a static route on Router A to direct the traffic destined for subnet 30.1.1.0/24 to MPLS TE tunnel 1. [RouterA] ip route-static 30.1.1.2 24 tunnel 1 preference 1 Verifying the configuration # Execute the display interface tunnel command on Router A.
Backup Explicit Path : Metric Type : TE Record Route : Disabled Record Label FRR Flag : Disabled Bandwidth Protection : Disabled Backup Bandwidth Flag: Disabled Backup Bandwidth : - Bypass Tunnel : No Route Pinning : Disabled Retry Limit Reoptimization : Disabled Backup Bandwidth Type: Auto Created : No : 10 Retry Interval : 2 sec : Disabled Reoptimization Freq : - Backup Type : None Backup LSP ID : - Auto Bandwidth : Disabled Auto Bandwidth Freq : - Min Bandwidth : - Max B
Device Interface IP address Router B Loop0 2.2.2.9/32 GE2/1/1 10.1.1.2/24 POS2/2/0 20.1.1.1/24 Device Router D Interface IP address POS2/2/0 20.1.1.2/24 Loop0 4.4.4.9/32 GE2/1/1 30.1.1.2/24 Configuration procedure 1. Configure IP addresses and masks for interfaces. (Details not shown.) 2. Configure OSPF to advertise routes within the ASs, and redistribute the direct and BGP routes into OSPF on Router B and Router C: # Configure Router A.
# Execute the display ip routing-table command on each router to verify that the routers have learned the routes to one another, including the routes to the loopback interfaces. Take Router A as an example: [RouterA] display ip routing-table Destinations : 6 3. Routes : 6 Destination/Mask Proto Cost NextHop Interface 1.1.1.9/32 Direct 0 Pre 0 127.0.0.1 InLoop0 2.2.2.9/32 OSPF 1 10.1.1.2 GE2/1/1 10.1.1.0/24 Direct 0 0 10.1.1.1 GE2/1/1 10.1.1.1/32 Direct 0 0 127.0.0.
4. 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 Configure an LSR ID, and enable MPLS, MPLS TE, and RSVP-TE: # Configure Router A. [RouterA] mpls lsr-id 1.1.1.9 [RouterA] mpls te [RouterA-te] quit [RouterA] rsvp [RouterA-rsvp] quit [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] mpls enable [RouterA-GigabitEthernet2/1/1] mpls te enable [RouterA-GigabitEthernet2/1/1] rsvp enable [RouterA-GigabitEthernet2/1/1] quit # Configure Router B.
[RouterD] mpls lsr-id 4.4.4.9 [RouterD] mpls te [RouterD-te] quit [RouterD] rsvp [RouterD-rsvp] quit [RouterD] interface gigabitethernet 2/1/1 [RouterD-GigabitEthernet2/1/1] mpls enable [RouterD-GigabitEthernet2/1/1] mpls te enable [RouterD-GigabitEthernet2/1/1] rsvp enable [RouterD-GigabitEthernet2/1/1] quit 5. Configure OSPF TE: # Configure Router A. [RouterA] ospf [RouterA-ospf-1] opaque-capability enable [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] mpls te enable [RouterA-ospf-1-area-0.0.0.
[RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] mpls te max-link-bandwidth 10000 [RouterA-GigabitEthernet2/1/1] mpls te max-reservable-bandwidth 5000 [RouterA-GigabitEthernet2/1/1] quit # Configure the maximum link bandwidth and maximum reservable bandwidth on Router B.
Verifying the configuration # Execute the display interface tunnel command on Router A. The output shows that the tunnel interface is up. [RouterA] display interface tunnel 1 Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 64000 Internet Address is 7.1.1.1/24 Primary Tunnel source unknown, destination 4.4.4.
Auto Bandwidth : Disabled Auto Bandwidth Freq : - Min Bandwidth : - Max Bandwidth : - Collected Bandwidth : - # Execute the display ip routing-table command on Router A. The output shows a static route entry with interface Tunnel 1 as the output interface. [RouterA] display ip routing-table Destinations : 14 Routes : 14 Destination/Mask Proto 1.1.1.9/32 2.2.2.9/32 Pre Cost NextHop Interface Direct 0 0 127.0.0.1 InLoop0 OSPF 10 1 10.1.1.2 GE2/1/1 3.3.3.9/32 O_ASE 150 1 10.1.
Device Interface IP address Router B Loop0 2.2.2.9/32 GE2/1/1 10.1.1.2/24 POS2/2/0 20.1.1.1/24 Device Router D Interface IP address POS2/2/0 20.1.1.2/24 Loop0 4.4.4.9/32 GE2/1/1 30.1.1.2/24 Configuration procedure 1. Configure IP addresses and masks for interfaces. (Details not shown.) 2. Configure IS-IS to advertise interface addresses, including the loopback interface address: For more information, see "Establishing an MPLS TE tunnel with RSVP-TE." 3.
[RouterC-te] quit [RouterC-] rsvp [RouterC-rsvp] quit [RouterC] interface gigabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] mpls enable [RouterC-GigabitEthernet2/1/1] mpls te enable [RouterC-GigabitEthernet2/1/1] rsvp enable [RouterC-GigabitEthernet2/1/1] quit [RouterC] interface pos 2/2/0 [RouterC-POS2/2/0] mpls enable [RouterC-POS2/2/0] mpls te enable [RouterC-POS2/2/0] rsvp enable [RouterC-POS2/2/0] quit # Configure Router D. system-view [RouterD] mpls lsr-id 4.4.4.
5. Configure a co-routed bidirectional MPLS TE tunnel: # Configure Router A as the active end of the co-routed bidirectional tunnel. [RouterA] interface tunnel 1 mode mpls-te [RouterA-Tunnel1] ip address 7.1.1.1 255.255.255.0 [RouterA-Tunnel1] destination 4.4.4.9 [RouterA-Tunnel1] mpls te signaling rsvp-te [RouterA-Tunnel1] mpls te resv-style ff [RouterA-Tunnel1] mpls te bidirectional co-routed active [RouterA-Tunnel1] quit # Configure Router D as the passive end of the co-routed bidirectional tunnel.
Reverse-LSP name : - Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: - Class Type : CT0 Tunnel Bandwidth : 0 kbps Reserved Bandwidth : 0 kbps Setup Priority : 7 Holding Priority : 7 Affinity Attr/Mask : 0/0 Explicit Path : - : Disabled Backup Explicit Path : Metric Type : TE Record Route : Disabled Record Label FRR Flag : Disabled Bandwidth Protection : Disabled Backup Bandwidth Flag: Disabled Backup Bandwidth : - Bypass Tunnel : No Route Pinning : Disabled Retry Limit Backu
LSR Type : Ingress Service : - NHLFE ID : 1026 State : Active Nexthop : 10.1.1.2 Out-Interface: GE2/1/1 # Execute the display interface tunnel command on Router D. The output shows that the tunnel interface is up. [RouterD] display interface tunnel Tunnel4 current state: UP Line protocol current state: UP Description: Tunnel8 Interface The Maximum Transmit Unit is 64000 Internet Address is 8.1.1.1/24 Primary Tunnel source unknown, destination 1.1.1.
Bypass Tunnel : - Route Pinning : - Auto Created : - Retry Limit Reoptimization : - Retry Interval : - : - Reoptimization Freq : - Backup Type : - Backup LSP ID : - Auto Bandwidth : - Auto Bandwidth Freq : - Min Bandwidth : - Max Bandwidth : - Collected Bandwidth : - # Execute the display mpls lsp verbose command on Router D to display detailed information about the bidirectional MPLS TE tunnel. [RouterD] display mpls lsp verbose Destination : 4.4.4.9 FEC : 1.1.1.
Use RSVP-TE to establish an MPLS TE tunnel from Router A to Router C. Enable CRLSP hot backup for the tunnel to simultaneously establish a primary CRLSP and a backup CRLSP. When the primary CRLSP fails, traffic is switched to the backup CRLSP. Figure 31 Network diagram Table 6 Interface and IP address assignment Device Interface IP address Device Interface IP address Router A Loop0 1.1.1.9/32 Router D Loop0 4.4.4.9/32 GE2/1/1 10.1.1.1/24 POS2/2/0 30.1.1.2/24 POS2/2/1 30.1.1.
[RouterA-GigabitEthernet2/1/1] quit [RouterA] interface pos 2/2/1 [RouterA-POS2/2/1] mpls enable [RouterA-POS2/2/1] mpls te enable [RouterA-POS2/2/1] rsvp enable [RouterA-POS2/2/1] quit # Configure Router B, Router C, and Router D in the same way that Router A is configured. (Details not shown.) 4. Configure an MPLS TE tunnel on Router A: # Configure MPLS TE tunnel interface Tunnel 3. [RouterA] interface tunnel 3 mode mpls-te [RouterA-Tunnel3] ip address 9.1.1.1 255.255.255.
1.1.1.9/3/30106 RSVP -/1137 GE2/1/1 1.1.1.9/3/30107 RSVP -/1150 POS2/2/1 10.1.1.2 Local -/- GE2/1/1 30.1.1.2 Local -/- POS2/2/1 # Execute the display rsvp lsp verbose command on Router A to display the paths used by the two CRLSPs. [RouterA] display rsvp lsp verbose Tunnel name: RouterA_t3 Destination: 3.3.3.9 Source: 1.1.1.
# Tracert the tunnel destination 3.3.3.9. The output shows that the used CRLSP is the one that traverses Router B. [RouterA] tracert –a 1.1.1.9 3.3.3.9 traceroute to 3.3.3.9 (3.3.3.9) from 1.1.1.9, 30 hops at most, 40 bytes each packet, press CTRL_C to break 1 10.1.1.2 (10.1.1.2) 1.000 ms 1.000 ms 1.000 ms 2 * * * # Shut down interface GigabitEthernet 2/1/2 on Router B, and then tracert the tunnel destination. The output shows that packets are forwarded on the CRLSP that traverses Router D.
Figure 32 Network diagram Table 7 Interface and IP address assignment Device Interface IP address Device Interface IP address Router A Loop0 1.1.1.1/32 Router E Loop0 5.5.5.5/32 GE2/1/1 2.1.1.1/24 POS2/2/0 3.2.1.2/24 Loop0 2.2.2.2/32 POS2/2/1 3.3.1.1/24 GE2/1/1 2.1.1.2/24 Loop0 3.3.3.3/32 GE2/1/2 3.1.1.1/24 GE2/1/1 4.1.1.1/24 POS2/2/0 3.2.1.1/24 GE2/1/2 3.1.1.2/24 Loop0 4.4.4.4/32 POS2/2/0 3.3.1.2/24 GE2/1/1 4.1.1.
[RouterA-rsvp] quit [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] mpls enable [RouterA-GigabitEthernet2/1/1] mpls te enable [RouterA-GigabitEthernet2/1/1] rsvp enable [RouterA-GigabitEthernet2/1/1] quit # Configure Router B. system-view [RouterB] mpls lsr-id 2.2.2.
[RouterA-Tunnel4] mpls te path preference 1 explicit-path pri-path # Enable FRR for the MPLS TE tunnel. [RouterA-Tunnel4] mpls te fast-reroute [RouterA-Tunnel4] quit # Execute the display interface tunnel command on Router A. The output shows that the tunnel interface Tunnel4 is up. [RouterA] display interface tunnel Tunnel4 current state: UP Line protocol current state: UP Description: Tunnel3 Interface The Maximum Transmit Unit is 64000 Internet Address is 9.1.1.
5. Route Pinning : Disabled Retry Limit : 10 Retry Interval : 2 sec Reoptimization : Disabled Reoptimization Freq : - Backup Type : None Backup LSP ID : - Auto Bandwidth : Disabled Auto Bandwidth Freq : - Min Bandwidth : - Max Bandwidth : - Collected Bandwidth : - Configure a bypass tunnel on Router B (the PLR): # Configure an explicit path for the bypass tunnel. [RouterB] explicit-path by-path [RouterB-explicit-path-by-path] nexthop 3.2.1.
2.2.2.2/5/31857 RSVP -/3 GE2/1/2 3.2.1.2 Local -/- POS2/2/0 3.1.1.2 Local -/- GE2/1/2 # Shut down the protected interface GigabitEthernet 2/1/2 on the PLR (Router B). [RouterB] interface gigabitethernet 2/1/2 [RouterB-GigabitEthernet2/1/2] shutdown [RouterB-GigabitEthernet2/1/2] quit # Execute the display interface tunnel 4 command on Router A to display information about the primary CRLSP. The output shows that the tunnel interface is still up. (Details not shown.
# Execute the display mpls lsp command on Router B. The output shows that the bypass tunnel is in use. [RouterB] display mpls lsp FEC Proto In/Out Label Interface/Out NHLFE 1.1.1.1/4/18753 RSVP 1122/3 Tun5 2.2.2.2/5/40312 RSVP -/1150 GE2/1/4 3.2.1.2 Local -/- GE2/1/4 # On the PLR, configure the interval for selecting an optimal bypass tunnel as 5 seconds.
Figure 33 Network diagram Table 8 Interface and IP address assignment Device Interface IP address Device Interface IP address Router A Loop0 1.1.1.1/32 Router E Loop0 5.5.5.5/32 GE2/1/1 2.1.1.1/24 POS2/2/0 3.2.1.2/24 Loop0 2.2.2.2/32 POS2/2/1 3.4.1.1/24 GE2/1/1 2.1.1.2/24 Loop0 3.3.3.3/32 GE2/1/2 3.1.1.1/24 GE2/1/1 4.1.1.1/24 POS2/2/0 3.2.1.1/24 GE2/1/2 3.1.1.2/24 POS2/2/1 3.3.1.1/24 POS2/2/0 3.4.1.2/24 Loop0 4.4.4.4/32 Loop0 5.5.5.5/32 GE2/1/1 4.1.1.
[RouterA] mpls te [RouterA-te] quit [RouterA] rsvp [RouterA-rsvp] quit [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] mpls enable [RouterA-GigabitEthernet2/1/1] mpls te enable [RouterA-GigabitEthernet2/1/1] rsvp enable [RouterA-GigabitEthernet2/1/1] quit # Configure Router B. system-view [RouterB] mpls lsr-id 2.2.2.
# Create MPLS TE tunnel interface Tunnel1 for the primary CRLSP. [RouterA] interface tunnel 1 mode mpls-te [RouterA-Tunnel1] ip address 10.1.1.1 255.255.255.0 # Specify the tunnel destination address as the LSR ID of Router D. [RouterA-Tunnel1] destination 4.4.4.4 # Specify the tunnel signaling protocol as RSVP-TE. [RouterA-Tunnel1] mpls te signaling rsvp-te # Specify the explicit path as pri-path. [RouterA-Tunnel1] mpls te path preference 1 explicit-path pri-path # Enable FRR for the MPLS TE tunnel.
Explicit Path : exp1 Backup Explicit Path : Metric Type : TE Record Route : Enabled Record Label FRR Flag : Enabled Bandwidth Protection : Disabled Backup Bandwidth Flag: Disabled 5.
Reverse-LSP LSR ID : - Reverse-LSP Tunnel ID: - Class Type : CT0 Tunnel Bandwidth : 0 kbps Reserved Bandwidth : 0 kbps Setup Priority : 7 Holding Priority : 7 Affinity Attr/Mask : 0/0 Explicit Path : - : Disabled Backup Explicit Path : Metric Type : TE Record Route : Enabled Record Label FRR Flag : Disabled Bandwidth Protection : Disabled Backup Bandwidth Flag: Disabled Backup Bandwidth : - Bypass Tunnel : Yes Route Pinning : Disabled Retry Limit Reoptimization Backup Bandwi
Auto Bandwidth : Disabled Auto Bandwidth Freq : - Min Bandwidth : - Max Bandwidth : - Collected Bandwidth : - # Execute the display mpls lsp command on Router B. The output shows that the current bypass tunnel that protects the primary CRLSP is Tunnel 50. [RouterB] display mpls lsp FEC Proto In/Out Label Interface/Out NHLFE 2.2.2.2/51/16802 RSVP -/3 POS2/2/0 2.2.2.2/1/16802 RSVP -/1151 GE2/1/2 -/3 Tun50 Backup 2.2.2.2/50/16802 RSVP -/3 POS2/2/1 3.2.1.2 Local -/- POS2/2/1 3.3.
Use RSVP-TE to create a TE tunnel from Router A to Router D. Traffic of the tunnel belongs to CT 2, and the tunnel needs a bandwidth of 4000 kbps. The maximum bandwidth of the link that the tunnel traverses is 10000 kbps and the maximum reservable bandwidth of the link is 10000 kbps. BC 1, BC 2, and BC 3 are 8000 kbps, 5000 kbps, and 2000 kbps. Figure 34 Network diagram Table 9 Interface and IP address assignment Device Interface IP address Device Interface IP address Router A Loop0 1.1.1.
[RouterB-isis-1] network-entity 00.0005.0000.0000.0002.
3. Destination/Mask Proto Cost NextHop Interface 1.1.1.9/32 Direct 0 Pre 0 127.0.0.1 InLoop0 2.2.2.9/32 ISIS 15 10 10.1.1.2 GE2/1/1 3.3.3.9/32 ISIS 15 20 10.1.1.2 GE2/1/1 4.4.4.9/32 ISIS 15 30 10.1.1.2 GE2/1/1 10.1.1.0/24 Direct 0 0 10.1.1.1 GE2/1/1 10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 20.1.1.0/24 ISIS 15 20 10.1.1.2 GE2/1/1 30.1.1.0/24 ISIS 15 30 10.1.1.2 GE2/1/1 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.
[RouterC] interface gigabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] mpls enable [RouterC-GigabitEthernet2/1/1] mpls te enable [RouterC-GigabitEthernet2/1/1] rsvp enable [RouterC-GigabitEthernet2/1/1] quit [RouterC] interface pos 2/2/0 [RouterC-POS2/2/0] mpls enable [RouterC-POS2/2/0] mpls te enable [RouterC-POS2/2/0] rsvp enable [RouterC-POS2/2/0] quit # Configure Router D. [RouterD] mpls lsr-id 4.4.4.
[RouterA-GigabitEthernet2/1/1] mpls te max-link-bandwidth 10000 [RouterA-GigabitEthernet2/1/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterA-GigabitEthernet2/1/1] quit # Configure the maximum bandwidth, maximum reservable bandwidth, and bandwidth constraints on Router B.
[RouterA-Tunnel1] quit 7. Configure a static route on Router A to direct the traffic destined for subnet 30.1.1.0/24 to MPLS TE tunnel 1. [RouterA] ip route-static 30.1.1.2 24 tunnel 1 preference 1 Verifying the configuration # Execute the display interface tunnel command on Router A. The output shows that the tunnel interface is up.
Backup Bandwidth : - Bypass Tunnel : No Route Pinning : Disabled Retry Limit Auto Created : No : 10 Retry Interval : 2 sec Reoptimization : Disabled Reoptimization Freq : - Backup Type : None Backup LSP ID : - Auto Bandwidth : Disabled Auto Bandwidth Freq : - Min Bandwidth : - Max Bandwidth : - Collected Bandwidth : - # Execute the display mpls te link-management bandwidth-allocation command on Router A to display bandwidth information on interface GigabitEthernet 2/1/1.
Solution 1. Perform the following tasks to resolve the problem: a. Use the display current-configuration command to verify that MPLS TE is configured on involved interfaces. b. Use the debugging ospf mpls-te command to verify that OSPF can receive the TE LINK establishment message. c. Use the display ospf peer command to verify that OSPF neighbors are established correctly. 2. If the problem persists, contact HP Support.
Configuring a static CRLSP Overview A static Constraint-based Routed Label Switched Path (CRLSP) is established by manually specifying CRLSP setup information on the ingress, transit, and egress nodes of the forwarding path. The CRLSP setup information includes the incoming label, outgoing label, and required bandwidth. If the device does not have enough bandwidth resources required by a CRLSP, the CRLSP cannot be established.
To configure a static CRLSP: Step Command Remarks 1. Enter system view. system-view N/A • Configure the ingress node: Use one command according to the position of a device on the network. static-cr-lsp ingress lsp-name { nexthop next-hop-addr | outgoing-interface interface-type interface-number } out-label out-label-value [ bandwidth [ ct0 | ct1 | ct2 | ct3 ] bandwidth-value ] 2. Create a static CRLSP.
Figure 35 Network diagram Configuration procedure 1. Configure IP addresses and masks for interfaces. (Details not shown.) 2. Configure IS-IS to advertise interface addresses, including the loopback interface address: # Configure Router A. system-view [RouterA] isis 1 [RouterA-isis-1] network-entity 00.0005.0000.0000.0001.
[RouterC-isis-1] network-entity 00.0005.0000.0000.0003.00 [RouterC-isis-1] quit [RouterC] interface gigabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] isis enable 1 [RouterC-GigabitEthernet2/1/1] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] isis enable 1 [RouterC-LoopBack0] quit # Execute the display ip routing-table command on each router to verify that the routers have learned the routes to one another, including the routes to the loopback interfaces. (Details not shown.) 3.
[RouterB] interface gigabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet2/1/1] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet2/1/1] quit [RouterB] interface gigabitethernet 2/1/2 [RouterB-GigabitEthernet2/1/2] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet2/1/2] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet2/1/2] quit # On Router C, configure the maximum bandwidth and the maximum reservable bandwidth.
Line protocol state: UP Description: Tunnel0 Interface Bandwidth: 64kbps Maximum Transmit Unit: 1496 Internet Address is 6.1.1.1/24 Primary Tunnel source unknown, destination 3.3.3.
# Execute the display mpls lsp command or the display mpls static-cr-lsp command on each router to display static CRLSP information. [RouterA] display mpls lsp FEC Proto In/Out Label Interface/Out NHLFE 1.1.1.1/0/1 StaticCR -/20 GE2/1/1 2.1.1.2 Local -/- GE2/1/1 FEC Proto In/Out Label Interface/Out NHLFE - StaticCR 20/30 GE2/1/2 3.2.1.
Configuring RSVP Overview The Resource Reservation Protocol (RSVP) is a signaling protocol that reserves resources on a network. Extended RSVP supports MPLS label distribution and allows resource reservation information to be transmitted with label bindings. This extended RSVP is called RSVP-TE. RSVP-TE is a label distribution protocol for MPLS TE. It distributes MPLS labels and reserves resources on the nodes of a specific path to establish a CRLSP.
• LABEL—Advertises the label allocated by the downstream node to the upstream node. • RECORD_ROUTE—Records the path that the CRLSP actually traverses and the label allocated by each node on the path. CRLSP setup procedure Figure 36 Setting up a CRLSP Ingress Sender Egress Path Path Resv Resv Receiver As shown in Figure 36, a CRLSP is set up using the following steps: 1.
Reliable RSVP message delivery An RSVP sender cannot know or retransmit lost RSVP messages. The reliable RSVP message delivery mechanism is designed to ensure reliable transmission. This mechanism requires the peer device to acknowledge each RSVP message received from the local device. If no acknowledgement is received, the local device retransmits the message. To implement reliable RSVP message delivery, a node sends an RSVP message that includes a Message_ID object in which the ACK_Desired flag is set.
A GR helper considers that a GR restarter is rebooting when it does not receive hellos or receives erroneous hellos from the restarter in three consecutive hello intervals. When a GR restarter is rebooting, the GR helpers perform the following tasks: • Retain soft state information about the GR restarter. • Continue sending hello packets periodically to the GR restarter until the restart timer expires.
Configuring RSVP refresh Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RSVP view. rsvp N/A 3. Configure the refresh interval for Path and Resv messages. refresh interval interval By default, the refresh interval is 30 seconds for both path and Resv messages. 4. Configure the PSB and RSB timeout multiplier. keep-multiplier number By default, the PSB and RSB timeout multiplier is 3.
If the device receives a hello request from the neighbor, the device replies with a hello ACK message. If the device receives no hello request from the neighbor within the interval specified by the hello interval command, the device sends hello requests to the neighbor. When the number of consecutive lost hellos or erroneous hellos from the neighbor reaches the maximum (specified by the hello lost command), the device determines the neighbor is in fault.
Step Command Remarks 4. Enable RSVP authentication for the RSVP neighbor and specify the authentication key. authentication key { cipher | plain } auth-key By default, RSVP authentication is disabled. 5. Enable challenge-response handshake for the RSVP neighbor. authentication challenge By default, the challenge-response handshake function is disabled. 6. Configure the idle timeout for the RSVP security associations with the RSVP neighbor.
Step Command Remarks 5. Configure the global idle timeout for RSVP security associations. authentication lifetime life-time By default, the idle timeout is 1800 seconds (30 minutes). 6. Specify the global RSVP authentication window size—the maximum number of RSVP authenticated messages that can be received out of sequence. authentication window-size number By default, only one RSVP authenticated message can be received out of sequence.
Enabling BFD for RSVP If a link fails, MPLS TE tunnels over the link fail to forward packets. MPLS TE cannot quickly detect a link failure. To address this issue, you can enable BFD for RSVP so MPLS TE can quickly switch data from the primary path to the backup path upon a link failure. To enable BFD for RSVP: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number You must enable RSVP on the interface. 3.
RSVP configuration examples Establishing an MPLS TE tunnel with RSVP-TE Network requirements Router A, Router B, Router C, and Router D run IS-IS and all of them are Layer 2 routers. Use RSVP-TE to create an MPLS TE tunnel from Router A to Router D. The MPLS TE tunnel requires a bandwidth of 2000 kbps. The maximum bandwidth of the link that the tunnel traverses is 10000 kbps and the maximum reservable bandwidth of the link is 5000 kbps.
[RouterA] interface loopback 0 [RouterA-LoopBack0] isis enable 1 [RouterA-LoopBack0] isis circuit-level level-2 [RouterA-LoopBack0] quit # Configure Router B. system-view [RouterB] isis 1 [RouterB-isis-1] network-entity 00.0005.0000.0000.0002.
[RouterD-LoopBack0] isis enable 1 [RouterD-LoopBack0] isis circuit-level level-2 [RouterD-LoopBack0] quit # Execute the display ip routing-table command on each router to verify that the routers have learned the routes to one another, including the routes to the loopback interfaces. (Details not shown.) 3. Configure an LSR ID, and enable MPLS, MPLS TE, and RSVP: # Configure Router A. [RouterA] mpls lsr-id 1.1.1.
[RouterC-POS2/2/0] mpls te enable [RouterC-POS2/2/0] rsvp enable [RouterC-POS2/2/0] quit # Configure Router D. [RouterD] mpls lsr-id 4.4.4.9 [RouterD] mpls te [RouterD-te] quit [RouterD] rsvp [RouterD-rsvp] quit [RouterD] interface gigabitethernet 2/1/1 [RouterD-GigabitEthernet2/1/1] mpls enable [RouterD-GigabitEthernet2/1/1] mpls te enable [RouterD-GigabitEthernet2/1/1] rsvp enable [RouterD-GigabitEthernet2/1/1] quit 4. Configure IS-IS TE: # Configure Router A.
[RouterB] interface pos 2/2/0 [RouterB-POS2/2/0] mpls te max-link-bandwidth 10000 [RouterB-POS2/2/0] mpls te max-reservable-bandwidth 5000 [RouterB-POS2/2/0] quit # Configure the maximum link bandwidth and maximum reservable bandwidth on Router C.
Output queue - Urgent queuing: Size/Length/Discards 0/100/0 Output queue - Protocol queuing: Size/Length/Discards 0/500/0 Output queue - FIFO queuing: Size/Length/Discards 0/75/0 Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops # Execute the display mpls te tunnel-interface command on Router A to display detailed info
Configure RSVP GR on the routers to ensure continuous forwarding when a router reboots. Figure 38 Network diagram Configuration procedure 1. Configure IP addresses and masks for interfaces. (Details not shown.) 2. Configure IS-IS to advertise interface addresses, including the loopback interface address. (Details not shown.) 3. Configure an LSR ID, enable MPLS, MPLS TE, RSVP, and RSVP hello extension: # Configure Router A. system-view [RouterA] mpls lsr-id 1.1.1.
# Configure Router C. system-view [RouterC] mpls lsr-id 3.3.3.9 [RouterC] mpls te [RouterC-te] quit [RouterC] rsvp [RouterC-rsvp] rsvp [RouterC-mpls] interface gigabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] mpls enable [RouterC-GigabitEthernet2/1/1] mpls te enable [RouterC-GigabitEthernet2/1/1] rsvp enable [RouterC-GigabitEthernet2/1/1] rsvp hello enable [RouterC-GigabitEthernet2/1/1] quit 4. Configure IS-IS TE. (Details not shown.) 5. Configure an MPLS TE tunnel. (Details not shown.
Configuring tunnel policies Overview Tunnel policies enable a PE to forward traffic for each MPLS VPN over a preferred tunnel or over multiple tunnels. The tunnels supported by MPLS VPN include MPLS LSPs, MPLS TE tunnels, and GRE tunnels. To enhance availability, you can associate multiple MPLS TE tunnels to a tunnel bundle, and specify the tunnel bundle as a preferred tunnel. For more information about MPLS TE, see "Configuring MPLS TE.
Figure 39 MPLS VPN tunnel selection diagram As shown in Figure 39, PE 1 and PE 2 have multiple tunnels in between and they are connected to multiple MPLS VPNs. You can control the paths for VPN traffic by using one of the following methods: • Configure multiple tunnel policies, and specify a preferred tunnel for each policy by using the preferred-path command. Apply these policies to different MPLS VPNs to forward the traffic of each VPN over a specific tunnel.
Displaying tunnel information Execute display commands in any view. Task Command Display tunnel information. display mpls tunnel { all | statistics | [ vpn-instance vpn-instance-name ] destination { tunnel-ipv4-dest | tunnel-ipv6-dest } } Tunnel policy configuration examples Preferred tunnel configuration example Network requirements PE 1 has multiple tunnels to reach PE 2: one MPLS TE tunnel on interface Tunnel 1, one GRE tunnel on interface Tunnel 2, and one LDP LSP tunnel.
Configuration procedure 1. Configure tunnel policies on PE 1: # Create tunnel policy preferredte1, and configure tunnel 1 as the preferred tunnel. system-view [PE1] tunnel-policy preferredte1 [PE1-tunnel-policy-preferredte1] preferred-path tunnel 1 [PE1-tunnel-policy-preferredte1] quit # Create tunnel policy preferredgre2, and configure tunnel 2 as the preferred tunnel.
Preferred tunnel and tunnel selection order configuration example Network requirements PE 1 has multiple tunnels to reach PE 2: two MPLS TE tunnels on interfaces Tunnel 1 and Tunnel 3, one GRE tunnel on interface Tunnel 2, and one LDP LSP tunnel. PE 1 has multiple MPLS VPN instances: vpna, vpnb, vpnc, vpnd, vpne, vpnf, and vpng. Table 11 shows the tunnel policy that PE 1 uses for each VPN instance.
[PE1] ip vpn-instance vpnb [PE1-vpn-instance-vpnb] route-distinguisher 100:2 [PE1-vpn-instance-vpnb] vpn-target 100:2 [PE1-vpn-instance-vpnb] tnl-policy preferredte1 [PE1-vpn-instance-vpnb] quit # Create MPLS VPN instances vpnc and vpnd, and apply tunnel policy preferredte3 to them.
Configuring MPLS L3VPN In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. Overview MPLS L3VPN is a L3VPN technology used to interconnect geographically dispersed VPN sites. MPLS L3VPN uses BGP to advertise VPN routes and uses MPLS to forward VPN packets over a service provider backbone.
MPLS L3VPN concepts Site A site has the following features: • A site is a group of IP systems with IP connectivity that does not rely on any service provider network. • The classification of a site depends on the topology relationship of the devices, rather than the geographical positions. However, the devices at a site are, in most cases, adjacent to each other geographically. • The devices at a site can belong to multiple VPNs, which means that a site can belong to multiple VPNs.
As shown in Figure 41, a VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, followed by a four-byte IPv4 prefix. The RD and the IPv4 prefix form a unique VPN-IPv4 prefix. An RD can be in one of the following formats: • When the Type field is 0, the Administrator subfield occupies two bytes, the Assigned number subfield occupies four bytes, and the RD format is 16-bit AS number:32-bit user-defined number. For example, 100:1.
2. From the ingress PE to the egress PE: The ingress PE does the following: a. Adds RDs and route target attributes to these standard IPv4 routes to create VPN-IPv4 routes. b. Saves the VPN-IPv4 routes to the routing table of the VPN instance created for the CE. c. Advertises the VPN-IPv4 routes to the egress PE through MP-BGP. 3. From the egress PE to the remote CE: After receiving the VPN-IPv4 routes, the egress PE does the following: a.
3. P devices forward the packet to PE 2 by the outer tag. If the outer tag is an MPLS label, the label is removed from the packet at the penultimate hop. If the outer tag is GRE encapsulation, PE 2 removes the GRE encapsulation. 4. PE 2 finds the matching VPN route according to the inner label and destination address of the packet, and then forwards the packet out of the interface to CE 2. 5. CE 2 transmits the packet to the destination through IP forwarding.
In a hub and spoke network as shown in Figure 44, configure route targets as follows: • On spoke PEs (PEs connected to spoke sites), set the export target to Spoke and the import target to Hub. • On the hub PE (PE connected to the hub site), use two interfaces or subinterfaces that each belong to a different VPN instance to connect the hub CE. One VPN instance receives routes from spoke PEs and has the import target set to Spoke.
After spoke sites exchange routes through the hub site, they can communicate with each other through the hub site. Extranet networking scheme The extranet networking scheme allows specific resources in a VPN to be accessed by users not in the VPN.
• Multihop EBGP redistribution of labeled VPN-IPv4 routes between PE routers—PEs advertise VPN-IPv4 routes to each other through MP-EBGP. This solution is also called inter-AS option C. Inter-AS option A In this solution, PEs of two ASs are directly connected through multiple subinterfaces, and each PE is also the ASBR of its AS. Each PE treats the other as a CE and advertises unlabeled IPv4 unicast routes through EBGP. The PEs associate a VPN instance with at least one subinterface.
Figure 47 Network diagram for inter-AS option B VPN 1 VPN 1 CE 3 PIB G ASBR 2 (PE) P G M PIB P G IB VPN LSP 1 LSP 1 MPLS backbone PM PE 2 CE 2 PE 3 M P G IB P- MPLS backbone AS 100 ASBR 1 (PE) MP-EBGP M PE 1 P CE 1 AS 200 PE 4 VPN LSP 3 VPN LSP2 LSP 2 CE 4 Private LSP VPN 2 Public LSP VPN 2 As shown in Figure 47, VPN 1 routes are advertised from CE 1 to CE 3 by using the following process: 1. PE 1 advertises the VPN routes learned from CE 1 to ASBR 1 through MP-IBGP.
bottlenecks, which hinders network extension. Inter-AS option C has better scalability because it makes PEs directly exchange VPN-IPv4 routes. In this solution, PEs exchange VPN-IPv4 routes over a multihop MP-EBGP session. Each PE must have a route to the peer PE and a label for the route so that the inter-AS public tunnel between the PEs can be set up. Inter-AS option C sets up a public tunnel by using the following methods: • A label distribution protocol, for example, LDP.
The public tunnel from PE 3 to ASBR 2 is set up. The next hop for the route to PE 1 is ASBR 2. The incoming label for the public tunnel on ASBR 2 is L3, and the outgoing label is L2. 6. Within AS 200, the public tunnel from PE 3 to ASBR 2 is required to be set up hop by hop through a label distribution protocol, for example, LDP. MPLS packets cannot be forwarded directly from PE 3 to ASBR 2. Assume that the outgoing label for the public tunnel on PE 3 is Lv.
• The customer is called the customer carrier or the Level 2 carrier. This networking model is referred to as carrier's carrier. The PEs of the Level 2 carrier directly exchange customer networks over a BGP session. The Level 1 carrier only learns the backbone networks of the Level 2 carrier, without learning customer networks.
Figure 51 Scenario where the Level 2 carrier is an MPLS L3VPN service provider NOTE: If equal cost routes exist between the Level 1 carrier and the Level 2 carrier, HP recommends that you establish equal cost LSPs between them. Nested VPN The nested VPN technology exchanges VPNv4 routes between PEs and CEs of the ISP MPLS L3VPN and allows a customer to manage its own internal VPNs. Figure 52 shows a nested VPN network. On the service provider's MPLS VPN network, there is a customer VPN named VPN A.
Figure 52 Network diagram for nested VPN P VPN A CE 8 Provider PE Provider MPLS VPN backbone Provider PE VPN A-2 VPN A-1 CE 2 CE 1 Customer MPLS VPN network Customer MPLS VPN Customer PE Customer PE CE 3 VPN A-1 CE 7 CE 5 CE 4 VPN A-1 VPN A-2 CE 6 VPN A-2 Propagation of routing information In a nested VPN network, routing information is propagated by using the following process: 1.
HoVPN divides PEs into underlayer PEs (UPEs) or user-end PEs, and superstratum PEs (SPEs) or service provider-end PEs. UPEs and SPEs have different functions and comprise a hierarchical PE. The HoPE and common PEs can coexist in an MPLS network. Figure 53 Basic architecture of HoVPN As shown in Figure 53, UPEs and SPEs play the following different roles: • A UPE is directly connected to CEs. It provides user access. It maintains the routes of directly connected VPN sites.
Figure 54 Recursion of HoPEs Figure 54 shows a three-level HoPE. The PE in the middle is called the "middle-level PE (MPE)." MP-BGP runs between SPE and MPE, and between MPE and UPE. MP-BGP advertises the following routes: • All the VPN routes of UPEs to the SPEs. • The default routes of the VPN instance of the SPEs or the VPN routes permitted by the routing policies to the UPEs. The SPE maintains the VPN routes of all sites in the HoVPN.
Figure 55 Network diagram for BGP/OSPF interaction As shown in Figure 55, CE 11, CE 21, and CE 22 belong to the same VPN and the same OSPF domain. Before domain ID configuration, VPN 1 routes are advertised from CE 11 to CE 21 and CE 22 by using the following process: 1. PE 1 redistributes OSPF routes from CE 11 into BGP, and advertises the VPN routes to PE 2 through BGP. 2.
As shown in Figure 56, Site 1 is connected to two PEs. When a PE advertises VPN routes learned from MP-BGP to Site 1 through OSPF, the routes might be received by the other PE. This results in a routing loop. OSPF VPN extension uses the following tags to avoid routing loops: • DN bit (for Type 3 LSAs)—When a PE redistributes BGP routes into OSPF and creates Type 3 LSAs, it sets the DN bit for the LSAs.
The BGP AS number substitution function allows geographically different CEs to use the same AS number. If the AS_PATH of a route contains the AS number of a CE, the PE replaces the AS number with its own AS number before advertising the route to that CE. After you enable the BGP AS number substitution function, the PE performs BGP AS number substitution for all routes and re-advertises them to connected CEs in the peer group.
VPNv4 route backup for a VPNv4 route Figure 59 Network diagram As show in Figure 59, configure FRR on the ingress node PE 1, and specify the backup next hop as PE 3. When PE 1 receives a VPNv4 route to CE 2 from both PE 2 and PE 3, it uses the route from PE 2 as the primary link, and the route from PE 3 as the backup link. Configure BFD for LSPs or MPLS TE tunnels on PE 1 to detect the connectivity of the LSP tunnel between PE 1 and PE 2.
through the path CE 1—PE 1—PE 2—PE 3—CE 2. This avoids traffic interruption before route convergence completes (switching back to the link CE 1—PE 1—PE 3—CE 2). In this scenario, PE 2 is responsible for primary link detection and traffic switchover. IPv4 route backup for a VPNv4 route Figure 61 Network diagram As shown in Figure 61, on PE 2, specify the backup next hop for VPN 1 as CE 2.
Figure 62 Network diagram for the MCE function As shown in Figure 62, the MCE exchanges private routes with VPN sites and PE 1, and adds the private routes to the routing tables of corresponding VPN instances. • Route exchange between MCE and VPN site—Create VPN instances VPN 1 and VPN 2 on the MCE. Bind GigabitEthernet 2/0/1 to VPN 1, and GigabitEthernet 2/0/2 to VPN 2. The MCE adds a received route to the routing table of the VPN instance that is bound to the receiving VLAN interface.
MPLS L3VPN configuration task list Tasks at a glance (Required.) Configuring basic MPLS L3VPN (Optional.) Configuring inter-AS VPN (Optional.) Configuring nested VPN (Optional.) Configuring HoVPN (Optional.) Configuring an OSPF sham link (Optional.) Configuring routing on an MCE (Optional.) Specifying the VPN label processing mode on the egress PE (Optional.) Configuring BGP AS number substitution and SoO attribute (Optional.) Enabling SNMP notifications for MPLS L3VPN (Optional.
To create and configure a VPN instance: Step Command Remarks 1. Enter system view. system-view N/A 2. Create a VPN instance and enter VPN instance view. ip vpn-instance vpn-instance-name By default, no VPN instance is created. 3. Configure an RD for the VPN instance. route-distinguisher route-distinguisher By default, no RD is specified for a VPN instance. 4. (Optional.) description instance. description text By default, no description is configured for a VPN instance. 5. (Optional.
Step Command Remarks • Enter VPN instance view: Configurations made in VPN instance view apply to both IPv4 VPN and IPv6 VPN. ip vpn-instance vpn-instance-name 2. Enter VPN instance view or IPv4 VPN view • Enter IPv4 VPN view: a. ip vpn-instance vpn-instance-name b. ipv4-family 3. Configure route targets. 4. Set the maximum number of active routes allowed.
Configuring static routing between a PE and a CE Step Command Remarks 1. Enter system view. system-view N/A By default, no static route is configured for a VPN instance. 2. Configure a static route for a VPN instance.
Step Command Remarks Perform this configuration on the PE. On the CE, create a common OSPF process. 2. Create an OSPF process for a VPN instance and enter the OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * The maximum number of OSPF processes that a VPN instance can run depends on the device memory. Deleting a VPN instance also deletes all related OSPF processes. The default domain ID is 0. Perform this configuration on the PE. On the CE, configure common OSPF.
Step Command Remarks 2. Create an IS-IS process for a VPN instance and enter IS-IS view. isis [ process-id ] vpn-instance vpn-instance-name Perform this configuration on the PE. On the CE, configure common IS-IS. 3. Configure a network entity title for the IS-IS process. network-entity net By default, no NET is configured. 4. Return to system view. quit N/A 5. Enter interface view. interface interface-type interface-number N/A 6. Enable the IS-IS process on the interface.
Step Command Remarks By default, BGP discards incoming route updates that contain the local AS number. 8. (Optional.) Allow the local AS number to appear in the AS_PATH attribute of a received route, and set the maximum number of repetitions. 2. peer { group-name | ip-address } allow-as-loop [ number ] BGP detects routing loops by examining AS numbers. In a hub-spoke network where EBGP is running between a PE and a CE, the routing information the PE advertises to a CE carries the AS number of the PE.
Step Command Remarks 2. Enter BGP view. bgp as-number N/A ip vpn-instance vpn-instance-name Configuration commands in BGP-VPN instance view are the same as those in BGP view. For more information, see Layer 3—IP Routing Configuration Guide. 4. Configure the CE as the VPN IBGP peer. peer { group-name | ip-address } as-number as-number By default, no BGP peer is created. 5. Create the BGP-VPN IPv4 unicast family and enter its view.
Step Command Remarks 5. Enable IPv4 unicast route exchange with the specified peer or peer group. peer { group-name | ip-address } enable By default, BGP does not exchange IPv4 unicast routes with any peer. 6. (Optional.) Configure route redistribution. import-route protocol [ { process-id | all-processes } [ allow-direct | med med-value | route-policy route-policy-name ] *] A CE must redistribute its routes to the PE so the PE can advertise them to the peer CE.
Step Command Remarks 5. Configure filtering of received routes. filter-policy { acl-number | prefix-list prefix-list-name } import 6. Advertise community attributes to a peer or peer group. peer { group-name | ip-address } advertise-community 7. Allow the local AS number to appear in the AS_PATH attribute of routes received from the peer, and set the maximum number of repetitions. peer { group-name | ip-address } allow-as-loop [ number ] 8.
Step Command Remarks Optional. 16. Configure BGP updates advertised to an EBGP peer or peer group to carry only public AS numbers. peer { group-name | ip-address } public-as-only 17. Configure the router as a route reflector and specify a peer or peer group as its client. peer { group-name | ip-address } reflect-client By default, no RR is configured. 18. Specify the maximum number of routes BGP can receive from a peer or peer group.
Configuring inter-AS option B To configure inter-AS option B, perform configurations on PEs and ASBRs. • PE configuration: Configure basic MPLS L3VPN, and specify the ASBR in the same AS as an MP-IBGP peer. The route targets for the VPN instances on the PEs in different ASs must match for the same VPN. For information about PE configuration, see "Configuring basic MPLS L3VPN.
Step Command Remarks 11. Enter BGP VPNv4 address family view. address-family vpnv4 N/A 12. Enable BGP to exchange VPNv4 routes with the PE in the same AS and the ASBR in different ASs. peer { group-name | ip-address } enable By default, BGP cannot exchange VPNv4 routing information with a peer. 13. Disable route target based filtering of VPNv4 routes. By default, the PE filters received VPNv4 routes by route targets.
Step Command Remarks 3. Configure the ASBR in the same AS as an IBGP peer. peer { group-name | ip-address } as-number as-number By default, no BGP peer is created. 4. Configure the PE of another AS as an EBGP peer. peer { group-name | ip-address } as-number as-number By default, no BGP peer is created. 5. Create the BGP IPv4 unicast address family and enter its view. address-family ipv4 [ unicast ] By default, the BGP IPv4 unicast address family is not created. 6.
Step Command Remarks 3. (Optional.) Match IPv4 routes carrying labels. if-match mpls-label By default, no MPLS label match criterion is configured. 4. (Optional.) Set labels for IPv4 routes. apply mpls-label By default, no MPLS label is set for IPv4 routes. 5. Return to system view. quit N/A 6. Enter interface view of the interface connecting to an internal router of the AS. interface interface-type interface-number N/A 7. Enable MPLS on the interface.
Configuring nested VPN For a network with many VPNs, nested VPN is a good solution to implement layered management of VPNs and to conceal the deployment of internal VPNs. To build a nested VPN network, perform the following configurations: • Configurations between customer PE and customer CE—Configure VPN instances on the customer PE and configure route exchange between customer PE and customer CE. • Configurations between customer PE and provider CE—Configure BGP VPNv4 route exchange between them.
Step Command Remarks 10. (Optional.) Configure the SoO attribute for the BGP peer or peer group. peer { group-name | ip-address } soo site-of-origin By default, the SoO attribute is not configured. Configuring HoVPN In a HoVPN networking scenario, perform basic MPLS L3VPN settings on UPE and SPE. In addition, configure the following settings on the SPE: • Specify the BGP peer or peer group as a UPE.
Step Command Remarks • Advertise a default VPN route By default, no route is advertised to the UPE. to the UPE: peer { group-name | ip-address } default-route-advertise vpn-instance vpn-instance-name Do not configure both commands. • Advertise routes permitted by a The peer default-route-advertise vpn-instance command advertises a default route using the local address as the next hop to the UPE, regardless of whether the default route is present in the local routing table.
Redistributing the loopback interface route Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Enter BGP-VPN instance view. ip vpn-instance vpn-instance-name N/A 4. Enter BGP-VPN unicast address view. address-family ipv4 [ unicast ] N/A import-route direct By default, no direct routes are redistributed into BGP. IPv4 family 5. Redistribute direct routes into BGP (including the loopback interface route).
• MCE-PE routing configuration. On the PE, do the following: • Disable routing loop detection to avoid route loss during route calculation. • Disable route redistribution between routing protocols to save system resources. Before you configure routing on an MCE, configure VPN instances, and bind the VPN instances to the interfaces connected to the VPN sites and the PE.
Step Command Remarks 2. Create a RIP process for a VPN instance and enter RIP view. rip [ process-id ] vpn-instance vpn-instance-name Perform this configuration on the MCE. On a VPN site, create a common RIP process. 3. Enable RIP on the interface attached to the specified network. network network-address By default, RIP is disabled on an interface. 4. Redistribute remote site routes advertised by the PE into RIP.
Step Command Remarks 4. Redistribute remote site routes advertised by the PE into OSPF. import-route protocol [ process-id | all-processes | allow-ibgp ] [ allow-direct | cost cost | route-policy route-policy-name | tag tag | type type ] * By default, no routes are redistributed into OSPF. 5. Create an OSPF area and enter OSPF area view. area area-id By default, no OSPF area is created. 6. Enable OSPF on the interface attached to the specified network in the area.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A ip vpn-instance vpn-instance-name N/A 4. Configure an EBGP peer. peer { group-name | ip-address } as-number as-number By default, no BGP peer is configured. 5. Enter BGP-VPN IPv4 unicast address family view. address-family ipv4 [ unicast ] N/A 6. Enable BGP to exchange IPv4 unicast routes with the peer.
Step Command Remarks 6. Redistribute the IGP routes of the VPN into BGP. import-route protocol [ { process-id | all-processes } [ allow-direct | med med-value | route-policy route-policy-name ] *] By default, no routes are redistributed into BGP. A VPN site must advertise the VPN network addresses it can reach to the connected MCE.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Configure the MCE as an IBGP peer. peer { group-name | ip-address } as-number as-number N/A 4. Enter BGP-VPN IPv4 unicast address family view. address-family ipv4 [ unicast ] N/A 5. Enable BGP to exchange IPv4 unicast routes with the peer. peer { group-name | ip-address } enable By default, BGP does not exchange IPv4 unicast routes with any peer. 6.
Configuring RIP between an MCE and a PE Step Command Remarks 1. Enter system view. system-view N/A 2. Create a RIP process for a VPN instance and enter RIP view. rip [ process-id ] vpn-instance vpn-instance-name N/A 3. Enable RIP on the interface attached to the specified network. network network-address By default, RIP is disabled on an interface. 4. Redistribute routes.
Step Command Remarks 9. Enable OSPF on the interface attached to the specified network in the area. network ip-address wildcard-mask By default, an interface neither belongs to any area nor runs OSPF. Configuring IS-IS between an MCE and a PE Step Command Remarks 1. Enter system view. system-view N/A 2. Create an IS-IS process for a VPN instance and enter IS-IS view. isis [ process-id ] vpn-instance vpn-instance-name N/A 3. Configure entity title.
Step Command Remarks 7. Redistribute the VPN routes of the VPN site. import-route protocol [ process-id | all-processes ] [ allow-direct | med med-value | route-policy route-policy-name ] * By default, no routes are redistributed into BGP. 8. (Optional.) filtering of routes. Configure advertised filter-policy { acl-number | prefix-list prefix-list-name } export [ protocol process-id ] By default, BGP does not filter advertised routes. 9. (Optional.) Configure filtering of received routes.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Specify the VPN label processing mode as POPGO forwarding. vpn popgo The default is POP forwarding. Configuring BGP AS number substitution and SoO attribute When CEs at different sites have the same AS number, configure the BGP AS number substitution function to avoid route loss.
Step Command Remarks 2. Enable SNMP notifications for MPLS L3VPN. snmp-agent trap enable l3vpn By default, SNMP notifications for MPLS L3VPN are enabled. Configuring MPLS L3VPN FRR There are two methods to configure MPLS L3VPN FRR: • Method 1—Execute the pic command in BGP-VPN IPv4 unicast address family view. The device calculates a backup next hop for a BGP route in the VPN instance if there are two or more unequal-cost routes to reach the destination.
Step Command Remarks • Configure BFD to test the 4. Use BFD to test the connectivity of the LSP or MPLS TE tunnel. connectivity of the LSP for the specified FEC: mpls bfd dest-addr mask-length [ nexthop nexthop-address [ discriminator local local-id remote remote-id ] ] [ template template-name ] • Configure BFD to test the connectivity of the MPLS TE tunnel for the tunnel interface: a. interface tunnel mode mpls-te number b.
Step Command Remarks 11. Enter BGP-VPN IPv4 unicast address family view. address-family ipv4 [ unicast ] N/A By default, MPLS L3VPN FRR is disabled. • (Method 1) Enable MPLS L3VPN FRR for the address family: pic 12. Enable MPLS L3VPN FRR. • (Method 2) Reference a routing policy to specify a backup next hop for the address family: fast-reroute route-policy route-policy-name Method 1 might result in routing loops. Use it with caution. By default, no routing policy is referenced.
Task Command Remarks Display FIB entries that match the specified destination IP address in the specified VPN instance. display fib vpn-instance vpn-instance-name ip-address [ mask | mask-length ] Available in any view. Display BGP VPNv4 peer group information. display bgp group vpnv4 [ vpn-instance vpn-instance-name ] [ group-name group-name ] Available in any view. Display BGP VPNv4 peer information (MSR2000/MSR3000).
Task Command Remarks Display incoming labels for BGP VPNv4 routes. display bgp routing-table vpnv4 inlabel Available in any view. Display outgoing labels for BGP VPNv4 routes (MSR2000/MSR3000). display bgp routing-table vpnv4 outlabel Available in any view. Display outgoing labels for BGP VPNv4 routes (MSR4000). display bgp routing-table vpnv4 outlabel [ standby slot slot-number ] Available in any view. Display BGP VPNv4 address family update group information.
Figure 63 Network diagram AS 65410 AS 65430 VPN 1 VPN 1 CE 3 CE 1 GE2/1/1 GE2/1/1 Loop0 GE2/1/1 PE 2 PE 1 POS2/1/0 POS2/1/0 Loop0 GE2/1/2 GE2/1/1 POS2/1/1 POS2/1/0 Loop0 GE2/1/2 P MPLS backbone GE2/1/1 GE2/1/1 CE 2 CE 4 VPN 2 VPN 2 AS 65420 AS 65440 Table 12 Interface and IP assignment Device Interface IP address Device Interface IP address CE 1 GE2/1/1 10.1.1.1/24 P Loop0 2.2.2.9/32 PE 1 Loop0 1.1.1.9/32 POS2/1/0 172.1.1.2/24 GE2/1/1 10.1.1.2/24 POS2/1/1 172.2.1.
[PE1-ospf-1] quit # Configure the P device.
system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface pos 2/1/0 [P-Pos2/1/0] ip address 172.1.1.2 24 [P-Pos2/1/0] quit [P] interface pos 2/1/1 [P-Pos2/1/1] ip address 172.2.1.1 24 [P-Pos2/1/1] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.
Destination/Mask Proto Pre Cost NextHop Interface 1.1.1.9/32 OSPF 10 0 1.1.1.9 Loop0 172.1.1.0/24 OSPF 10 1 172.1.1.1 POS2/1/0 # On PE 1, verify that OSPF adjacencies in Full state have been established between PE 1, P, and PE 2. [PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.1(POS2/1/0)'s neighbors Router ID: 2.2.2.9 State: Full Address: 172.1.1.2 Mode: Nbr is Master DR: 172.1.1.2 BDR: 172.1.1.
[PE2-Pos2/1/0] mpls ldp enable [PE2-Pos2/1/0] quit # On PE 1, verify that LDP sessions in Operational state have been established between PE 1, P, and PE 2. [PE1] display mpls ldp peer Total number of peers: 1 Peer LDP ID State LAM Role GR MD5 KA Sent/Rcvd 2.2.2.9:0 Operational DU Passive Off Off 5/5 # On PE 1, verify that the LSPs have been established by LDP.
[PE2] interface gigabitethernet 2/1/1 [PE2-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/1/1] ip address 10.3.1.2 24 [PE2-GigabitEthernet2/1/1] quit [PE2] interface gigabitethernet 2/1/2 [PE2-GigabitEthernet2/1/2] ip binding vpn-instance vpn2 [PE2-GigabitEthernet2/1/2] ip address 10.4.1.2 24 [PE2-GigabitEthernet2/1/2] quit # Configure IP addresses for the CEs according to Figure 63. (Details not shown.
[PE1-bgp-ipv4-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] ip vpn-instance vpn2 [PE1-bgp-vpn2] peer 10.2.1.1 as-number 65420 [PE1-bgp-vpn2] address-family ipv4 unicast [PE1-bgp-ipv4-vpn2] peer 10.2.1.1 enable [PE1-bgp-ipv4-vpn2] import-route direct [PE1-bgp-ipv4-vpn2] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure PE 2 in the same way that PE 1 is configured. (Details not shown.) # Execute the display bgp peer ipv4 vpn-instance command on the PEs.
Peer 3.3.3.9 AS MsgRcvd 100 3 MsgSent OutQ PrefRcv Up/Down 6 0 State 0 00:00:32 Established Verifying the configuration # Execute the display ip routing-table vpn-instance command on the PEs. [PE1] display ip routing-table vpn-instance vpn1 Destinations : 13 Routes : 13 Destination/Mask Proto 0.0.0.0/32 10.1.1.0/24 Pre Cost NextHop Interface Direct 0 0 127.0.0.1 InLoop0 Direct 0 0 10.1.1.2 GE2/1/1 10.1.1.0/32 Direct 0 0 10.1.1.2 GE2/1/1 10.1.1.2/32 Direct 0 0 127.0.0.
Figure 64 Network diagram Table 13 Interface and IP assignment Device Interface IP address Device Interface IP address CE 1 GE2/1/1 10.1.1.1/24 P POS2/1/0 172.1.1.2/24 PE 1 Loop0 1.1.1.9/32 POS2/1/1 172.2.1.1/24 GE2/1/1 10.1.1.2/24 Loop0 2.2.2.9/32 POS2/1/1 172.1.1.1/24 GE2/1/1 10.2.1.2/24 Tunnel0 20.1.1.1/24 POS2/1/0 172.2.1.2/24 GE2/1/1 10.2.1.1/24 Tunnel0 20.1.1.2/24 CE 2 PE 2 Configuration procedure 1.
[PE1-tunnel-policy-gre1] select-seq gre load-balance-number 1 [PE1-tunnel-policy-gre1] quit [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] tnl-policy gre1 [PE1-vpn-instance-vpn1] quit [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ip address 10.1.1.2 24 [PE1-GigabitEthernet2/1/1] quit # Configure PE 2.
56 bytes from 10.1.1.1: icmp_seq=3 ttl=255 time=0.000 ms 56 bytes from 10.1.1.1: icmp_seq=4 ttl=255 time=0.000 ms --- Ping statistics for 10.1.1.1 --5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.000/0.200/1.000/0.400 ms 4. Establish EBGP peer relationships between PEs and CEs, and redistribute VPN routes into BGP: # Configure CE 1. [CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] address-family ipv4 unicast [CE1-bgp-ipv4] peer 10.1.1.
[PE1-bgp-vpnv4] quit [PE1-bgp] quit # Configure PE 2 in the same way that PE 1 is configured. (Details not shown.) # Execute the display bgp peer vpnv4 command on the PEs. This example uses PE 1 to verify that a BGP peer relationship in Established state has been established between the PEs. [PE1] display bgp peer vpnv4 BGP local router ID: 1.1.1.9 Local AS number: 100 Total number of peers: 1 Peer 2.2.2.9 6.
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 # Verify that CE 1 and CE 2 can ping each other. (Details not shown.) Configuring a hub-spoke network Network requirements The Spoke-CEs cannot communicate directly. They can communicate only through Hub-CE. Configure EBGP between the Spoke-CEs and Spoke-PEs and between Hub-CE and Hub-PE to exchange VPN routing information.
Configuration procedure 1. Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone: # Configure Spoke-PE 1. system-view [Spoke-PE1] interface loopback 0 [Spoke-PE1-LoopBack0] ip address 1.1.1.9 32 [Spoke-PE1-LoopBack0] quit [Spoke-PE1] interface pos 2/1/0 [Spoke-PE1-Pos2/1/0] ip address 172.1.1.1 24 [Spoke-PE1-Pos2/1/0] quit [Spoke-PE1] ospf [Spoke-PE1-ospf-1] area 0 [Spoke-PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [Spoke-PE1-ospf-1-area-0.0.0.
[Hub-PE-ospf-1] quit # Execute the display ospf peer command on the devices to verify that OSPF adjacencies in Full state have been established between Spoke-PE 1, Spoke-PE 2, and Hub-PE. Execute the display ip routing-table command on the devices to verify that the PEs have learned the routes to the loopback interfaces of each other. (Details not shown.) 2. Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs: # Configure Spoke-PE 1. [Spoke-PE1] mpls lsr-id 1.1.1.
[Spoke-PE1-GigabitEthernet2/1/1] ip address 10.1.1.2 24 [Spoke-PE1-GigabitEthernet2/1/1] quit # Configure Spoke-PE 2.
--- Ping statistics for 10.1.1.1 --5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.666/2.075/2.710/0.406 ms 4. Establish EBGP peer relationships between the PEs and CEs, and redistribute VPN routes into BGP: # Configure Spoke-CE 1. system-view [Spoke-CE1] bgp 65410 [Spoke-CE1-bgp] peer 10.1.1.2 as-number 100 [Spoke-CE1-bgp] address-family ipv4 [Spoke-CE1-bgp-ipv4] peer 10.1.1.
[Spoke-PE2-bgp-vpn1] address-family ipv4 [Spoke-PE2-bgp-ipv4-vpn1] peer 10.2.1.1 enable [Spoke-PE2-bgp-ipv4-vpn1] import-route direct [Spoke-PE2-bgp-ipv4-vpn1] quit [Spoke-PE2-bgp-vpn1] quit [Spoke-PE2-bgp] quit # Configure Hub-PE. [Hub-PE] bgp 100 [Hub-PE-bgp] ip vpn-instance vpn1-in [Hub-PE-bgp-vpn1-in] peer 10.3.1.1 as-number 65430 [Hub-PE-bgp-vpn1-in] address-family ipv4 [Hub-PE-bgp-ipv4-vpn1-in] peer 10.3.1.
[Hub-PE-bgp] peer 3.3.3.9 connect-interface loopback 0 [Hub-PE-bgp] address-family vpnv4 [Hub-PE-bgp-vpnv4] peer 1.1.1.9 enable [Hub-PE-bgp-vpnv4] peer 3.3.3.9 enable [Hub-PE-bgp-vpnv4] quit [Hub-PE-bgp] quit # Execute the display bgp peer vpnv4 command on the PEs to verify that a BGP peer relationship in Established state has been established between the PEs. (Details not shown.
Run OSPF on the MPLS backbone of each AS. Figure 66 Network diagram MPLS backbone Loop0 MPLS backbone Loop0 AS 100 AS 200 POS2/1/1 POS2/1/1 POS2/1/0 ASBR-PE 1 Loop0 ASBR-PE 2 POS2/1/0 POS2/1/0 Loop0 POS2/1/0 PE 2 PE 1 GE2/1/1 GE2/1/1 GE2/1/1 GE2/1/1 CE 1 CE 2 AS 65001 AS 65002 Table 15 Interface and IP assignment Device Interface IP address Device Interface IP address CE 1 GE2/1/1 10.1.1.1/24 CE 2 GE2/1/1 10.2.1.1/24 PE 1 Loop0 1.1.1.9/32 PE 2 Loop0 4.4.4.
[PE1-Pos2/1/0] mpls enable [PE1-Pos2/1/0] mpls ldp enable [PE1-Pos2/1/0] quit # Configure basic MPLS on ASBR-PE 1, and enable MPLS LDP on the interface connected to PE 1. system-view [ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls ldp [ASBR-PE1-ldp] quit [ASBR-PE1] interface pos 2/1/0 [ASBR-PE1-Pos2/1/0] mpls enable [ASBR-PE1-Pos2/1/0] mpls ldp enable [ASBR-PE1-Pos2/1/0] quit # Configure basic MPLS on ASBR-PE 2, and enable MPLS LDP on the interface connected to PE 2.
[PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ip address 10.1.1.2 24 [PE1-GigabitEthernet2/1/1] quit # Configure CE 2. system-view [CE2] interface gigabitethernet 2/1/1 [CE2-GigabitEthernet2/1/1] ip address 10.2.1.1 24 [CE2-GigabitEthernet2/1/1] quit # Configure PE 2.
[CE1-bgp] quit # Configure PE 1. [PE1] bgp 100 [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.1 as-number 65001 [PE1-bgp-vpn1] address-family ipv4 unicast [PE1-bgp-ipv4-vpn1] peer 10.1.1.1 enable [PE1-bgp-ipv4-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 2. [CE2] bgp 65002 [CE2-bgp] peer 10.2.1.2 as-number 200 [CE2-bgp] address-family ipv4 unicast [CE2-bgp-ipv4] peer 10.2.1.2 enable [CE2-bgp-ipv4] import-route direct [CE2-bgp-ipv4] quit [CE2-bgp] quit # Configure PE 2.
[ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback 0 [ASBR-PE1-bgp] address-family vpnv4 [ASBR-PE1-bgp-vpnv4] peer 1.1.1.9 enable [ASBR-PE1-bgp-vpnv4] peer 1.1.1.9 next-hop-local [ASBR-PE1-bgp-vpnv4] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ip vpn-instance vpn1 [ASBR-PE2-bgp-vpn1] peer 192.1.1.1 as-number 100 [ASBR-PE2-bgp-vpn1] address-family ipv4 unicast [ASBR-PE2-bgp-ipv4-vpn1] peer 192.1.1.
Figure 67 Network diagram Table 16 Interface and IP assignment Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 GE2/1/1 30.0.0.1/8 GE2/1/1 20.0.0.1/8 S2/1/0 1.1.1.2/8 S2/1/0 9.1.1.2/8 Loop0 3.3.3.9/32 Loop0 4.4.4.9/32 S2/1/0 1.1.1.1/8 S2/1/0 9.1.1.1/8 S2/1/1 11.0.0.2/8 S2/1/1 11.0.0.1/8 ASBR-PE 1 ASBR-PE 2 Configuration procedure 1. Configure PE 1: # Configure IS-IS on PE 1.
[PE1-Serial2/1/0] quit # Configure interface Loopback 0, and enable IS-IS on it. [PE1] interface loopback 0 [PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1, and configure the RD and route target attributes.
[ASBR-PE1-Serial2/1/0] mpls enable [ASBR-PE1-Serial2/1/0] mpls ldp enable [ASBR-PE1-Serial2/1/0] quit # Configure interface Serial 2/1/1, and enable MPLS. [ASBR-PE1] interface serial 2/1/1 [ASBR-PE1-Serial2/1/1] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Serial2/1/1] mpls enable [ASBR-PE1-Serial2/1/1] quit # Configure interface Loopback 0, and enable IS-IS on it. [ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.3.3.
[ASBR-PE2-Serial2/1/1] mpls enable [ASBR-PE2-Serial2/1/1] quit # Configure interface Loopback 0, and enable IS-IS on it. [ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit # Enable BGP on ASBR-PE 2. [ASBR-PE2] bgp 600 [ASBR-PE2-bgp] peer 11.0.0.2 as-number 100 [ASBR-PE2-bgp] peer 11.0.0.2 connect-interface serial 2/1/1 [ASBR-PE2-bgp] peer 5.5.5.9 as-number 600 [ASBR-PE2-bgp] peer 5.5.5.
[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE2-vpn-instance-vpn1] quit # Bind the interface connected to CE 1 to the created VPN instance. [PE2] interface gigabitethernet 2/1/1 [PE2-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/1/1] ip address 20.0.0.1 8 [PE2-GigabitEthernet2/1/1] quit # Enable BGP on PE 2. [PE2] bgp 600 # Configure IBGP peer 4.4.4.9 as a VPNv4 peer. [PE2-bgp] peer 4.4.4.
ASBR-PE 1 and ASBR-PE 2 use EBGP to exchange labeled IPv4 routes. Figure 68 Network diagram Table 17 Interface and IP assignment Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 GE2/1/1 30.0.0.1/24 GE2/1/1 20.0.0.1/24 S2/1/0 1.1.1.2/8 S2/1/0 9.1.1.2/8 Loop0 3.3.3.9/32 Loop0 4.4.4.9/32 S2/1/0 1.1.1.1/8 S2/1/0 9.1.1.1/8 S2/1/1 11.0.0.2/8 S2/1/1 11.0.0.1/8 GE2/1/1 30.0.0.2/24 GE2/1/1 20.0.0.
# Configure IS-IS on PE 1. system-view [PE1] isis 1 [PE1-isis-1] network-entity 10.111.111.111.111.00 [PE1-isis-1] quit # Configure LSR ID, and enable MPLS and LDP. [PE1] mpls lsr-id 2.2.2.9 [PE1] mpls ldp [PE1-ldp] quit # Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface. [PE1] interface serial 2/1/0 [PE1-Serial2/1/0] ip address 1.1.1.2 255.0.0.
# Configure peer 5.5.5.9 as a VPNv4 peer. [PE1-bgp] address-family vpnv4 [PE1-bgp-vpnv4] peer 5.5.5.9 enable [PE1-bgp-vpnv4] quit # Establish an EBGP peer relationship with CE 1, and add the learned BGP routes to the routing table of VPN instance vpn1. [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 30.0.0.2 as-number 65001 [PE1-bgp-vpn1] address-family ipv4 unicast [PE1-bgp-ipv4-vpn1] peer 30.0.0.2 enable [PE1-bgp-ipv4-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit 3.
[ASBR-PE1-route-policy-policy2-1] quit # Start BGP on ASBR-PE 1, and apply the routing policy policy2 to routes advertised to IBGP peer 2.2.2.9. [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 2.2.2.9 as-number 100 [ASBR-PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [ASBR-PE1-bgp] address-family ipv4 unicast [ASBR-PE1-bgp-ipv4] peer 2.2.2.9 enable [ASBR-PE1-bgp-ipv4] peer 2.2.2.9 route-policy policy2 export # Enable the capability to advertise labeled routes to IBGP peer 2.2.2.
[ASBR-PE2-LoopBack0] quit # Configure interface Serial 2/1/1, and enable MPLS on the interface. [ASBR-PE2] interface serial 2/1/1 [ASBR-PE2-Serial2/1/1] ip address 11.0.0.1 255.0.0.0 [ASBR-PE2-Serial2/1/1] mpls enable [ASBR-PE2-Serial2/1/1] quit # Create routing policies.
[PE2-ldp] quit # Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface. [PE2] interface serial 2/1/0 [PE2-Serial2/1/0] ip address 9.1.1.2 255.0.0.0 [PE2-Serial2/1/0] isis enable 1 [PE2-Serial2/1/0] mpls enable [PE2-Serial2/1/0] mpls ldp enable [PE2-Serial2/1/0] quit # Configure the interface Loopback 0, and enable IS-IS on it. [PE2] interface loopback 0 [PE2-LoopBack0] ip address 5.5.5.
[PE2-bgp-vpn1] address-family ipv4 unicast [PE2-bgp-ipv4-vpn1] peer 20.0.0.2 enable [PE2-bgp-ipv4-vpn1] quit [PE2-bgp-vpn1] quit [PE2-bgp] quit 6. Configure CE 2: # Configure an IP address for GigabitEthernet 2/1/1. system-view [CE2] interface gigabitethernet 2/1/1 [CE2-GigabitEthernet2/1/1] ip address 20.0.0.2 24 [CE2-GigabitEthernet2/1/1] quit # Establish an EBGP peer relationship with PE 2, and redistribute VPN routes. [CE2] bgp 65002 [CE2-bgp] peer 20.0.0.
Figure 69 Network diagram Table 18 Interface and IP assignment Device Interface IP address Device Interface IP address CE 3 GE2/1/1 100.1.1.1/24 CE 4 GE2/1/1 120.1.1.1/24 PE 3 Loop0 1.1.1.9/32 PE 4 Loop0 6.6.6.9/32 GE2/1/1 100.1.1.2/24 GE2/1/1 120.1.1.2/24 POS2/1/1 10.1.1.1/24 POS2/1/1 20.1.1.2/24 Loop0 2.2.2.9/32 Loop0 5.5.5.9/32 POS2/1/0 10.1.1.2/24 POS2/1/0 21.1.1.2/24 POS2/1/1 11.1.1.1/24 POS2/1/1 20.1.1.1/24 Loop0 3.3.3.9/32 Loop0 4.4.4.9/32 POS2/1/0 11.1.1.
[PE1-isis-1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface pos 2/1/1 [PE1-Pos2/1/1] ip address 30.1.1.1 24 [PE1-Pos2/1/1] isis enable 1 [PE1-Pos2/1/1] mpls enable [PE1-Pos2/1/1] mpls ldp enable [PE1-Pos2/1/1] mpls ldp transport-address interface [PE1-Pos2/1/1] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] address-family vpnv4 [PE1-bgp-vpnv4] peer 4.4.4.
2. Configure the customer carrier network. Enable IS-IS as the IGP, and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2: # Configure PE 3. system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 1.1.1.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 1.1.1.9 [PE3] mpls ldp [PE3-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0000.0001.
3. Allow CEs of the customer carrier to access PEs of the provider carrier, and redistribute IS-IS routes to BGP and BGP routes to IS-IS on the PEs: # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] mpls ldp [PE1-ldp] vpn-instance vpn1 [PE1-ldp-vpn-instance-vpn1] quit [PE1-ldp] quit [PE1] isis 2 vpn-instance vpn1 [PE1-isis-2] network-entity 10.0000.0000.0000.0003.
[CE3] bgp 65410 [CE3-bgp] peer 100.1.1.2 as-number 100 [CE3-bgp] address-family ipv4 unicast [CE3-bgp-ipv4] peer 100.1.1.2 enable [CE3-bgp-ipv4] import-route direct [CE3-bgp-ipv4] quit [CE3-bgp] quit # Configure PE 3. [PE3] ip vpn-instance vpn1 [PE3-vpn-instance-vpn1] route-distinguisher 100:1 [PE3-vpn-instance-vpn1] vpn-target 1:1 [PE3-vpn-instance-vpn1] quit [PE3] interface gigabitethernet 2/1/1 [PE3-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE3-GigabitEthernet2/1/1] ip address 100.1.1.
3.3.3.9/32 Direct 0 0 127.0.0.1 InLoop0 4.4.4.9/32 ISIS 10 30.1.1.2 POS2/1/1 30.1.1.0/24 Direct 0 0 30.1.1.1 POS2/1/1 30.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 30.1.1.2/32 Direct 0 0 30.1.1.2 POS2/1/1 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 15 # Verify that the VPN routing table contains the internal routes of the customer carrier, but it does not contain the VPN routes that the customer carrier maintains.
# Verify that the public network routing table contains the internal routes of the customer carrier network. [PE3] display ip routing-table Routing Tables: Public Destinations : 11 Destination/Mask Proto 1.1.1.9/32 2.2.2.9/32 Routes : 11 Pre Cost NextHop Interface Direct 0 0 127.0.0.1 InLoop0 ISIS 15 10 10.1.1.2 POS2/1/1 5.5.5.9/32 ISIS 15 84 10.1.1.2 POS2/1/1 6.6.6.9/32 ISIS 15 84 10.1.1.2 POS2/1/1 10.1.1.0/24 Direct 0 0 10.1.1.1 POS2/1/1 10.1.1.1/32 Direct 0 0 127.0.0.
b. Adds the export target attribute of the MPLS VPN on the service provider network to the extended community attribute list. c. Forwards the VPNv4 route. To implement exchange of sub-VPN routes between customer PEs and service provider PEs, MP-EBGP peers must be established between provider PEs and provider CEs.
[PE1] interface loopback 0 [PE1-LoopBack0] ip address 3.3.3.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 3.3.3.9 [PE1] mpls ldp [PE1-ldp] quit [PE1] isis 1 [PE1-isis-1] network-entity 10.0000.0000.0000.0004.00 [PE1-isis-1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface pos 2/1/1 [PE1-Pos2/1/1] ip address 30.1.1.
Interface: POS2/1/1 State: Up HoldTime: Circuit Id: 0000.0000.0005.02 8s Type: L1(L1L2) PRI: 64 System Id: 0000.0000.0005 Interface: POS2/1/1 State: Up 2. HoldTime: Circuit Id: 0000.0000.0005.02 8s Type: L2(L1L2) PRI: 64 Configure the customer VPN. Enable IS-IS, and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2: # Configure PE 3. system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 1.1.1.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 1.1.1.
An LDP session and IS-IS neighbor relationship can be established between PE 3 and CE 1. # Configure PE 4 and CE 2 in the same way that PE 3 and CE 1 are configured. (Details not shown.) 3. Connect CE 1 and CE 2 to service provider PEs: # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] interface pos 2/1/0 [PE1-Pos2/1/0] ip binding vpn-instance vpn1 [PE1-Pos2/1/0] ip address 11.1.1.
[CE5] bgp 65411 [CE5-bgp] peer 110.1.1.2 as-number 200 [CE5-bgp] address-family ipv4 unicast [CE5-bgp-ipv4] peer 110.1.1.2 enable [CE5-bgp-ipv4] import-route direct [CE5-bgp-ipv4] quit [CE5-bgp] quit # Configure PE 3.
[PE1-bgp-vpnv4] quit [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] address-family vpnv4 [PE1-bgp-vpnv4-vpn1] peer 11.1.1.1 enable [PE1-bgp-vpnv4-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # On CE 1, enable VPNv4 route exchange with PE 1. [CE1] bgp 200 [CE1-bgp] address-family vpnv4 [CE1-bgp-vpnv4] peer 11.1.1.2 enable # Allow the local AS number to appear in the AS-PATH attribute of the routes received. [CE1-bgp-vpnv4] peer 11.1.1.
Destinations : 14 Routes : 14 Destination/Mask Proto 0.0.0.0/32 3.3.3.9/32 Pre Cost NextHop Interface Direct 0 0 127.0.0.1 InLoop0 Direct 0 0 127.0.0.1 InLoop0 4.4.4.9/32 ISIS 10 30.1.1.2 POS2/1/1 30.1.1.0/24 Direct 0 0 30.1.1.1 POS2/1/1 30.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 30.1.1.2/32 Direct 0 0 30.1.1.2 POS2/1/1 30.1.1.255/32 Direct 0 0 30.1.1.2 POS2/1/1 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.
Total number of routes from all PEs: 4 Route Distinguisher: 100:1 Total number of routes: 1 Network NextHop * > 100.1.1.0/24 1.1.1.9 MED LocPrf PrefVal Path/Ogn 0 200 65410? Route Distinguisher: 101:1 Total number of routes: 1 Network NextHop * > 110.1.1.0/24 1.1.1.9 MED LocPrf PrefVal Path/Ogn 0 200 65411? Route Distinguisher: 200:1 Total number of routes: 1 Network NextHop * > 120.1.1.0/24 11.1.1.
4. 127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 Display the routing table on the CEs of sub-VPNs in the customer VPN, for example, on CE 3 and CE 5: # Verify that the routing tables contains the route to the remote sub-VPN on CE 3. [CE3] display ip routing-table Destinations : 13 Routes : 13 Destination/Mask Proto 0.0.0.0/32 100.1.1.
Configuring HoVPN Network requirements As shown in Figure 71, there are two levels of networks: the backbone and the MPLS VPN networks. • SPEs act as PEs to allow MPLS VPNs to access the backbone. • UPEs act as PEs of the MPLS VPNs to allow end users to access the VPNs. • Performance requirements for the UPEs are lower than those for the SPEs.
system-view [UPE1] interface loopback 0 [UPE1-LoopBack0] ip address 1.1.1.9 32 [UPE1-LoopBack0] quit [UPE1] mpls lsr-id 1.1.1.9 [UPE1] mpls ldp [UPE1-ldp] quit [UPE1] interface gigabitethernet 2/1/3 [UPE1-GigabitEthernet2/1/3] ip address 172.1.1.1 24 [UPE1-GigabitEthernet2/1/3] mpls enable [UPE1-GigabitEthernet2/1/3] mpls ldp enable [UPE1-GigabitEthernet2/1/3] quit # Configure the IGP protocol (OSPF, in this example). [UPE1] ospf [UPE1-ospf-1] area 0 [UPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.
[UPE1-bgp-ipv4-vpn1] import-route direct [UPE1-bgp-ipv4-vpn1] quit [UPE1-bgp-vpn1] quit # Establish an EBGP peer relationship with CE 2, and redistribute VPN routes into BGP. [UPE1-bgp] ip vpn-instance vpn2 [UPE1-bgp-vpn2] peer 10.4.1.1 as-number 65420 [UPE1-bgp-vpn2] address-family ipv4 unicast [UPE1-bgp-ipv4-vpn2] peer 10.4.1.1 enable [UPE1-bgp-ipv4-vpn2] import-route direct [UPE1-bgp-ipv4-vpn2] quit [UPE1-bgp-vpn2] quit [UPE1-bgp] quit 2. Configure CE 1.
[UPE2-GigabitEthernet2/1/1] mpls enable [UPE2-GigabitEthernet2/1/1] mpls ldp enable [UPE2-GigabitEthernet2/1/1] quit # Configure the IGP protocol (OSPF, in this example). [UPE2] ospf [UPE2-ospf-1] area 0 [UPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [UPE2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [UPE2-ospf-1-area-0.0.0.0] quit [UPE2-ospf-1] quit # Configure VPN instances vpn1 and vpn2, allowing CE 3 and CE 4 to access UPE 2.
[UPE2-bgp-ipv4-vpn2] import-route direct [UPE2-bgp-ipv4-vpn2] quit [UPE2-bgp-vpn2] quit [UPE2-bgp] quit 5. Configure CE 3. system-view [CE3] interface gigabitethernet 2/1/1 [CE3-GigabitEthernet2/1/1] ip address 10.1.1.1 255.255.255.0 [CE3-GigabitEthernet2/1/1] quit [CE3] bgp 65430 [CE3-bgp] peer 10.1.1.2 as-number 100 [CE3-bgp] address-family ipv4 unicast [CE3-bgp-ipv4] peer 10.1.1.2 enable [CE3-bgp-ipv4] import-route direct [CE3-bgp-ipv4] quit [CE3-bgp] quit 6. Configure CE 4.
# Configure the IGP protocol, OSPF, in this example. [SPE1] ospf [SPE1-ospf-1] area 0 [SPE1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [SPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.0] quit [SPE1-ospf-1] quit # Configure VPN instances vpn1 and vpn2.
system-view [SPE2] interface loopback 0 [SPE2-LoopBack0] ip address 3.3.3.9 32 [SPE2-LoopBack0] quit [SPE2] mpls lsr-id 3.3.3.9 [SPE2] mpls ldp [SPE2-ldp] quit [SPE2] interface gigabitethernet 2/1/1 [SPE2-GigabitEthernet2/1/1] ip address 180.1.1.2 24 [SPE2-GigabitEthernet2/1/1] mpls enable [SPE2-GigabitEthernet2/1/1] mpls ldp enable [SPE2-GigabitEthernet2/1/1] quit [SPE2] interface gigabitethernet 2/1/2 [SPE2-GigabitEthernet2/1/2] ip address 172.2.1.
# Create BGP-VPN instances for VPN instances vpn1 and vpn2, so the VPNv4 routes learned according to the RT attributes can be added into the BGP routing tables of the corresponding VPN instances. [SPE2-bgp] ip vpn-instance vpn1 [SPE2-bgp-vpn1] quit [SPE2-bgp] ip vpn-instance vpn2 [SPE2-bgp-vpn2] quit [SPE2-bgp] quit # Advertise to UPE 2 the routes permitted by a routing policy (the routes of CE 1). [SPE2] ip prefix-list hope index 10 permit 10.2.1.
Device Interface IP address Device Interface IP address PE 1 Loop0 1.1.1.9/32 PE 2 Loop0 2.2.2.9/32 Loop1 3.3.3.3/32 Loop1 5.5.5.5/32 GE2/1/1 100.1.1.2/24 GE2/1/1 120.1.1.2/24 S2/1/1 10.1.1.1/24 S2/1/0 10.1.1.2/24 S2/1/0 30.1.1.1/24 S2/1/1 20.1.1.2/24 Router A Configuration procedure 1. Configure OSPF on the customer networks. Configure conventional OSPF on CE 1, Router A, and CE 2 to advertise addresses of the interfaces as shown in Figure 72.
[PE2] interface loopback 0 [PE2-LoopBack0] ip address 2.2.2.9 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 2.2.2.9 [PE2] mpls ldp [PE2-ldp] quit [PE2] interface serial 2/1/1 [PE2-Serial2/1/1] ip address 10.1.1.2 24 [PE2-Serial2/1/1] mpls enable [PE2-Serial2/1/1] mpls ldp enable [PE2-Serial2/1/1] quit # Configure PE 2 to take PE 1 as an MP-IBGP peer. [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0 [PE2-bgp] address-family vpnv4 [PE2-bgp-vpnv4] peer 1.1.1.
[PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure PE 2 to allow CE 2 to access the network. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 100:2 [PE2-vpn-instance-vpn1] vpn-target 1:1 [PE2-vpn-instance-vpn1] quit [PE2] interface gigabitethernet 2/1/1 [PE2-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/1/1] ip address 120.1.1.
[PE2-ospf-100-area-0.0.0.1] quit [PE2-ospf-100] quit Verifying the configuration # Execute the display ip routing-table vpn-instance command again on the PEs to verify the following results: (Details not shown.) • The path to the peer CE is now along the BGP route across the backbone. • A route to the sham link destination address exists. # Execute the display ip routing-table command on the CEs.
Figure 73 Network diagram Configuration procedure Assume that: • The system name of the MCE device is MCE. • The system names of the edge routers of VPN 1 and VPN 2 are VR 1 and VR 2, respectively. • The system name of PE 1 is PE1. 1. Configure VPN instances on the MCE and PE 1: # On the MCE, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance.
[MCE-GigabitEthernet2/1/1] ip address 10.214.10.3 24 [MCE-GigabitEthernet2/1/1] quit # Bind interface GigabitEthernet 2/1/2 to VPN instance vpn2, and configure an IP address for the interface. [MCE] interface gigabitethernet 2/1/2 [MCE-GigabitEthernet2/1/2] ip binding vpn-instance vpn2 [MCE-GigabitEthernet2/1/2] ip address 10.214.20.3 24 [MCE-GigabitEthernet2/1/2] quit # On PE 1, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance.
Destinations : 13 Routes : 13 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 Pre 0 127.0.0.1 InLoop0 10.214.10.0/24 Direct 0 0 10.214.10.3 GE2/1/1 10.214.10.0/32 Direct 0 0 10.214.10.3 GE2/1/1 10.214.10.3/32 Direct 0 0 127.0.0.1 InLoop0 10.214.10.255/32 Direct 0 0 10.214.10.3 GE2/1/1 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 127.255.255.
# On the MCE, bind subinterface GigabitEthernet 2/1/3.2 to the VPN instance vpn2. [MCE] interface gigabitethernet 2/1/3.2 [MCE-GigabitEthernet2/1/3.2] ip binding vpn-instance vpn2 # Configure the subinterface to terminate VLAN 20. [MCE-GigabitEthernet2/1/3.2] vlan-type dot1q vid 20 # Configure an IP address for the subinterface. [MCE-GigabitEthernet2/1/3.2] ip address 30.1.1.1 24 [MCE-GigabitEthernet2/1/3.2] quit # On PE 1, bind subinterface GigabitEthernet 2/1/1.1 to the VPN instance vpn1.
[PE1-ospf-10-area-0.0.0.0] quit [PE1-ospf-10] quit # Configure OSPF process 20 between MCE and PE 1, and redistribute routes from RIP process 20 into OSPF. (Details not shown.) Verifying the configuration # Verify that PE 1 has learned the static route of VPN 1 through OSPF. [PE1] display ip routing-table vpn-instance vpn1 Destinations : 13 Routes : 13 Destination/Mask Proto 0.0.0.0/32 20.1.1.0/24 Pre Cost NextHop Interface Direct 0 0 127.0.0.1 InLoop0 Direct 0 0 20.1.1.2 GE2/1/1.1 20.1.
Configuring BGP AS number substitution Network requirements As shown in Figure 74, CE 1 and CE 2 belong to VPN 1 and are connected to PE 1 and PE 2, respectively. The two CEs have the same AS number, 600. Configure BGP AS number substitution on the PEs to enable the CEs to communicate with each other. Figure 74 Network diagram Table 22 Interface and IP assignment Device Interface IP address Device Interface IP address CE 1 GE2/1/1 10.1.1.1/24 P Loop0 2.2.2.9/32 GE2/1/2 100.1.1.
For more information about basic MPLS L3VPN configurations, see "Configuring basic MPLS L3VPN." # Execute the display ip routing-table command on CE 2. The output shows that CE 2 has learned the route to network 10.1.1.0/24, where the interface used by CE 1 to access PE 1 resides. However, it has not learned the route to the VPN (100.1.1.0/24) behind CE 1. display ip routing-table Destinations : 17 Routes : 17 Destination/Mask Proto 0.0.0.0/32 10.1.1.0/24 10.2.1.0/24 10.2.1.
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 # Enable BGP update packet debugging on PE 2. The output shows that PE 2 advertises the route to 100.1.1.0/24, and the AS_PATH is 100 600. terminal monitor terminal logging level 7 debugging bgp update vpn-instance vpn1 10.2.1.1 ipv4 refresh bgp all export ipv4 vpn-instance vpn1 *Jun 13 16:12:52:096 2012 PE2 BGP/7/DEBUG; BGP.
Next Hop : 10.2.1.2 100.1.1.0/24, # Display again the routing information that CE 2 has received, and the routing table. display bgp routing-table ipv4 peer 10.2.1.2 received-routes Total number of routes: 3 BGP local router ID is 200.1.1.1 Status codes: * - valid, > - best, d - dampened, h - history, s - suppressed, S - stale, i - internal, e - external Origin: i - IGP, e - EGP, ? - incomplete Network NextHop * >e 10.1.1.0/24 10.2.1.2 * 10.2.1.2 e 10.2.1.0/24 * >e 100.1.1.
CE 1 and CE 2 reside in the same site. CE1, CE2, and CE 3 all use AS number 600. • To avoid route loss, configure BGP AS number substitution on PEs. • To avoid routing loops, configure the same SoO attribute on PE 1 and PE 2 for CE 1 and CE 2.
{ Configure the VPN instance of VPN 1 on PE 3 to allow CE 3 to access the network. { Configure BGP as the PE-CE routing protocol, and redistribute routes of CEs into PEs. For more information about basic MPLS L3VPN configurations, see "Configuring basic MPLS L3VPN." 2. Configure BGP AS number substitution: # Configure BGP AS number substitution on PE 1, PE 2, and PE 3. For more information about the configuration, see "Configuring BGP AS number substitution." # Display routing information on CE 2.
Destinations : 14 Routes : 14 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 Pre 0 127.0.0.1 InLoop0 10.2.1.0/24 Direct 0 0 10.2.1.1 GE2/1/1 10.2.1.0/32 Direct 0 0 10.2.1.1 GE2/1/1 10.2.1.1/32 Direct 0 0 127.0.0.1 Inloop0 10.2.1.255/32 Direct 0 0 10.2.1.1 GE2/1/1 10.3.1.0/24 BGP 0 10.2.1.2 GE2/1/1 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 127.255.255.
Table 24 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 Loop0 5.5.5.5/32 PE 1 Loop0 1.1.1.1/32 GE2/1/1 10.2.1.1/24 GE2/1/1 10.2.1.2/24 Loop0 2.2.2.2/32 GE2/1/2 172.1.1.1/24 GE2/1/1 172.1.1.2/24 GE2/1/3 172.2.1.1/24 GE2/1/2 10.1.1.2/24 Loop0 4.4.4.4/32 Loop0 3.3.3.3/32 GE2/1/1 10.1.1.1/24 GE2/1/1 172.2.1.3/24 GE2/1/2 10.3.1.1/24 GE2/1/2 10.3.1.2/24 PE 2 PE 3 CE 2 Configuration procedure 1.
Verifying the configuration # Display detailed information about the route to 4.4.4.4/32 on PE 1. The output shows the backup next hop for the route. [PE1] display ip routing-table vpn-instance vpn1 4.4.4.4 32 verbose Summary Count : 1 Destination: 4.4.4.
Figure 77 Network diagram Loop0 PE 2 GE2/1/1 GE2/1/2 GE2/1/3 PE 1 VPN 1 VPN 1 GE2/1/1 GE2/1/2 GE2/1/1 MPLS GE2/1/3 backbone Loop0 GE2/1/1 Loop0 GE2/1/2 CE 2 CE 1 Loop0 GE2/1/3 GE2/1/2 GE2/1/1 Primary link PE 3 Backup link Loop0 Table 25 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 Loop0 5.5.5.5/32 PE 2 Loop0 2.2.2.2/32 GE2/1/1 10.2.1.1/24 GE2/1/1 172.1.1.2/24 Loop0 1.1.1.1/32 GE2/1/2 10.1.1.2/24 GE2/1/1 10.2.1.
[PE2-bgp] primary-path-detect bfd echo # Configure FRR for VPN instance vpn1 to reference routing policy frr. [PE2-bgp] ip vpn-instance vpn1 [PE2-bgp-vpn1] address-family ipv4 unicast [PE2-bgp-ipv4-vpn1] fast-reroute route-policy frr # Specify the preferred value as 200 for BGP routes received from CE 2. This value is greater than the preferred value (0) for routes from PE 3, so PE 2 prefers the routes from CE 2. [PE2-bgp-ipv4-vpn1] peer 10.1.1.
When BFD configured on PE 2 detects that the link between PE 2 and PE 3 fails, traffic from CE 1 to CE 2 goes through the path CE 1—PE 1—PE 2—CE 2. • Figure 78 Network diagram Table 26 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 Loop0 5.5.5.5/32 PE 2 Loop0 2.2.2.2/32 GE2/1/1 10.2.1.1/24 GE2/1/1 172.1.1.2/24 Loop0 1.1.1.1/32 GE2/1/2 10.1.1.2/24 GE2/1/1 10.2.1.2/24 GE2/1/3 172.3.1.2/24 GE2/1/2 172.1.1.1/24 Loop0 3.3.3.
[PE2-route-policy] quit # Configure FRR for VPN instance vpn1 to reference routing policy frr. [PE2] bgp 100 [PE2-bgp] ip vpn-instance vpn1 [PE2-bgp-vpn1] address-family ipv4 unicast [PE2-bgp-ipv4-vpn1] fast-reroute route-policy frr [PE2-bgp-ipv4-vpn1] quit [PE2-bgp-vpn1] quit # Specify the preferred value as 200 for BGP VPNv4 routes received from PE 3. This value is greater than the preferred value (0) for VPNv4 routes from CE 2, so PE 2 prefers the routes from PE 3.
Configuring IPv6 MPLS L3VPN In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. Overview IPv6 MPLS L3VPN uses BGP to advertise IPv6 VPN routes and uses MPLS to forward IPv6 VPN packets on the service provider backbone. Figure 79 shows a typical IPv6 MPLS L3VPN model. The service provider backbone in the IPv6 MPLS L3VPN model is an IPv4 network.
IPv6 MPLS L3VPN packet forwarding Figure 80 IPv6 MPLS L3VPN packet forwarding diagram Site 1 CE 1 CE 2 P 2001:1::1/96 P PE 2 PE 1 Layer1 2001:2::1 Site 2 2001:2::1/96 Layer2 Layer2 2001:2::1 2001:2::1 2001:2::1 As shown in Figure 80, the IPv6 MPLS L3VPN packet forwarding procedure is as follows: 1. The PC at Site 1 sends an IPv6 packet destined for 2001:2::1, the PC at Site 2. CE 1 transmits the packet to PE 1. 2.
The PEs use an IGP to ensure the connectivity between them. 3. From the egress PE to the remote peer CE. The egress PE restores the original IPv6 routes and advertises them to the remote CE over an IPv6 static route, RIPng route, OSPFv3 route, IPv6 IS-IS route, EBGP, or IBGP route. IPv6 MPLS L3VPN network schemes and functions IPv6 MPLS L3VPN supports the following network schemes and functions: • Basic VPN. • Inter-AS VPN option A. • Inter-AS VPN option C. • Carrier's carrier.
Before configuring basic IPv6 MPLS L3VPN, complete the following tasks: 1. Configure an IGP on the PEs and P devices to ensure IP connectivity within the MPLS backbone. 2. Configure basic MPLS for the MPLS backbone. 3. Configure MPLS LDP on PEs and P devices to establish LDP LSPs. Configuring VPN instances By configuring VPN instances on a PE, you isolate not only VPN routes from public network routes, but also routes between VPNs.
To associate a VPN instance with an interface: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A By default, no VPN instance is associated with an interface. 3. Associate a VPN instance with the interface. ip binding vpn-instance vpn-instance-name The ip binding vpn-instance command clears the IP address of the interface. Therefore, reconfigure an IP address for the interface after configuring this command.
Step Command Remarks By default, routes to be advertised are not filtered. 6. Apply an export routing policy. export route-policy route-policy Make sure the routing policy already exists. Otherwise, the device does not filter routes to be advertised. For information about routing policies, see Layer 3—IP Routing Configuration Guide. 7. Apply a tunnel policy to the VPN instance. By default, only one tunnel is selected (no load balancing) in this order: LSP tunnel, GRE tunnel, and CR-LSP tunnel.
Step Command Remarks 2. Create a RIPng process for a VPN instance and enter RIPng view. ripng [ process-id ] vpn-instance vpn-instance-name Perform this configuration on the PE. On the CE, create a common RIPng process. 3. Return to system view. quit N/A 4. Enter interface view. interface interface-type interface-number N/A 5. Enable RIPng on the interface. ripng process-id enable By default, RIPng is disabled on an interface.
Step Command Remarks 2. Create an IPv6 IS-IS process for a VPN instance and enter IS-IS view. isis [ process-id ] vpn-instance vpn-instance-name Perform this configuration on the PE. On the CE, create a common IPv6 IS-IS process. 3. Configure a network entity title for the IS-IS process. network-entity net By default, no NET is configured. 4. Enable IPv6 process. ipv6 enable IPv6 is disabled by default. 5. Return to system view. quit N/A 6. Enter interface view.
Step Command Remarks 9. (Optional.) Configure filtering of received routes. filter-policy { acl6-number | prefix-list ipv6-prefix-name } import By default, the PE does not filter received routes. Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Configure the PE as an EBGP peer. peer { group-name | ipv6-address } as-number as-number By default, no BGP peer is configured. 4. Create the BGP IPv6 unicast address family and enter its view.
Step Command Remarks 6. Enable IPv6 unicast route exchange with the specified peer. peer { group-name | ipv6-address } enable By default, BGP does not exchange IPv6 unicast routes with any peer. 7. Configure the CE as a client of the RR. peer { group-name | ipv6-address } reflect-client By default, no RR or RR client is configured, and the PE does not advertise routes learned from the IBGP peer CE to other IBGP peers, including VPNv6 IBGP peers.
Configuring routing between PEs Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Configure the remote PE as the peer. peer { group-name | ipv6-address } as-number as-number By default, no BGP peer is configured. 4. Specify the source interface for route update packets sent to the specified peer.
Step Command Remarks 9. Configure BGP updates sent to the peer to carry only public AS numbers. peer { group-name | ip-address } public-as-only By default, a BGP update carries both public and private AS numbers. 10. Apply a routing policy to routes advertised to or received from the peer or peer group. peer { group-name | ip-address } route-policy route-policy-name { export | import } By default, no routing policy is applied for a peer. 11.
• Configure MPLS LDP for the MPLS backbones so that LDP LSPs can be established. The following sections describe inter-AS IPv6 VPN option A and option C. Select one according to your network scenario. Configuring inter-AS IPv6 VPN option A Inter-AS IPv6 VPN option A applies to scenarios where the number of VPNs and that of VPN routes on the PEs are relatively small. To configure inter-AS IPv6 option A: • Configure basic IPv6 MPLS L3VPN on each AS. • Configure VPN instances on both PEs and ASBR-PEs.
Step Command Remarks 9. Enter BGP VPNv6 address family view. address-family vpnv6 N/A 10. Enable BGP to exchange BGP VPNv6 routing information with the EBGP peer. peer ip-address enable By default, the PE does not exchange labeled routes with any IPv4 peer/peer group. Configuring the ASBR-PEs In the inter-AS IPv6 VPN option C solution, an inter-AS LSP is needed, and the routes advertised between the PEs and ASBRs must carry MPLS label information.
Step Command Remarks 1. Enter system view. system-view N/A By default, no static route is configured. 2. Configure an IPv6 static route for an IPv6 VPN instance. ipv6 route-static vpn-instance s-vpn-instance-name ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | nexthop-address [ public ] | vpn-instance d-vpn-instance-name nexthop-address } [ permanent ] [ preference preference-value ] [ tag tag-value ] [ description description-text ] 3. (Optional.
By configuring OSPFv3 process-to-IPv6 VPN instance bindings on a MCE, you allow routes of different IPv6 VPNs to be exchanged between the MCE and the sites through different OSPFv3 processes, ensuring the separation and security of IPv6 VPN routes. For more information about OSPFv3, see Layer 3—IP Routing Configuration Guide. To configure OSPFv3 between an MCE and a VPN site: Step Command Remarks 1. Enter system view. system-view N/A Perform this configuration on the MCE.
Step Command Remarks 4. Enable IPv6 for the IPv6 IS-IS process. ipv6 enable By default, IPv6 is disabled. By default, no routes are redistributed to IPv6 IS-IS. 5. (Optional.) Redistribute remote site routes advertised by the PE. ipv6 import-route protocol [ process-id ] [ allow-ibgp ] [ allow-direct | cost cost | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name | tag tag ] * 6. Return to system view. quit N/A 7. Enter interface view.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Configure the MCE as an EBGP peer. peer { group-name | ipv6-address } as-number as-number By default, no BGP peer is configured. 4. Enter BGP IPv6 unicast address family view. address-family ipv6 [ unicast ] N/A 5. Enable BGP to exchange IPv6 unicast routes with the specified peer. peer { group-name | ip-address } enable By default, BGP does not exchange IPv6 unicast routes with any peer. 6.
Step Command Remarks 8. Redistribute remote site routes advertised by the PE into BGP. import-route protocol [ { process-id | all-processes } [ allow-direct | med med-value | route-policy route-policy-name ] *] By default, no routes are redistributed into BGP. 9. (Optional.) Configure filtering of advertised routes. filter-policy { acl6-number | prefix-list ipv6-prefix-name } export [ protocol process-id ] By default, BGP does not filter advertised routes. 10. (Optional.
Step Command Remarks 2. Configure an IPv6 static route for an IPv6 VPN instance. ipv6 route-static vpn-instance s-vpn-instance-name ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | nexthop-address [ public ] | vpn-instance d-vpn-instance-name nexthop-address } [ permanent ] [ preference preference-value ] [ tag tag-value ] [ description description-text ] By default, no IPv6 static route is configured. 3. (Optional.
Step Command Remarks 5. (Optional.) Configure filtering of advertised routes. filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } export [ bgp4+ | direct | isisv6 process-id | ospfv3 process-id | ripng process-id | static ] By default, redistributed routes are not filtered. 6. Return to system view. quit N/A 7. Enter interface view. interface interface-type interface-number N/A 8. Enable the OSPFv3 process on the interface.
Step Command Remarks 4. Configure the PE as an EBGP peer. peer { group-name | ipv6-address } as-number as-number By default, no BGP peer is configured. 5. Enter BGP-VPN IPv6 unicast address family view. address-family ipv6 [ unicast ] N/A 6. Enable BGP to exchange IPv6 unicast routes with the specified peer. peer { group-name | ip-address } enable By default, BGP does not exchange IPv6 unicast routes with any peer. 7. Redistribute VPN routes.
Configuring BGP AS number substitution and SoO attribute When CEs at different sites have the same AS number, configure the BGP AS number substitution function to avoid route loss. When a PE uses different interfaces to connect different CEs in a site, the BGP AS number substitution function introduces a routing loop. To remove the routing loop, configure the SoO attribute on the PE.
Task Command Remarks Display the IPv6 routing table for a VPN instance. display ipv6 routing-table vpn-instance vpn-instance-name [ verbose ] Available in any view. Display information about a specified VPN instance or all VPN instances. display ip vpn-instance [ instance-name vpn-instance-name ] Available in any view. Display the IPv6 FIB information for a VPN instance. display ipv6 fib vpn-instance vpn-instance-name [ acl6 acl6-number | ipv6-prefix ipv6-prefix-name ] Available in any view.
Task Command Remarks Display outgoing labels for all BGP VPNv6 routes (MSR4000). display bgp routing-table vpnv6 outlabel [ standby slot slot-number ] Available in any view. Display BGP VPNv6 address family update group information. display bgp update-group vpnv6 [ ip-address ] Available in any view. For more information about the display ipv6 routing-table, display bgp group vpnv6, display bgp peer vpnv6, and display bgp update-group vpnv6 commands, see Layer 3—IP Routing Command Reference.
Device Interface IP address Device Interface IP address GE2/1/2 2001:2::2/96 PE 2 Loop0 3.3.3.9/32 POS2/1/0 172.1.1.1/24 GE2/1/1 2001:3::2/96 CE 2 GE2/1/1 2001:2::1/96 GE2/1/2 2001:4::2/96 CE 3 GE2/1/1 2001:3::1/96 POS2/1/0 172.2.1.2/24 CE 4 GE2/1/1 2001:4::1/96 Configuration procedure 1. Configure OSPF on the MPLS backbone to ensure IP connectivity among the PEs and the P router: # Configure PE 1. system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.
[PE2-LoopBack0] quit [PE2] interface pos 2/1/0 [PE2-Pos2/1/0] ip address 172.2.1.2 24 [PE2-Pos2/1/0] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit # On PE 1, verify that the PEs have learned the routes to the loopback interfaces of each other.
[PE1] mpls ldp [PE1-ldp] quit [PE1] interface pos 2/1/0 [PE1-Pos2/1/0] mpls enable [PE1-Pos2/1/0] mpls ldp enable [PE1-Pos2/1/0] quit # Configure the P router. [P] mpls lsr-id 2.2.2.9 [P] mpls ldp [P-ldp] quit [P] interface pos 2/1/0 [P-Pos2/1/0] mpls enable [P-Pos2/1/0] mpls ldp enable [P-Pos2/1/0] quit [P] interface pos 2/1/1 [P-Pos2/1/1] mpls enable [P-Pos2/1/1] mpls ldp enable [P-Pos2/1/1] quit # Configure PE 2. [PE2] mpls lsr-id 3.3.3.
[PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 111:1 [PE1-vpn-instance-vpn1] quit [PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:2 [PE1-vpn-instance-vpn2] vpn-target 222:2 [PE1-vpn-instance-vpn2] quit [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ipv6 address 2001:1::2 96 [PE1-GigabitEthernet2/1/1] quit [PE1] interface gigabitethernet 2/1/2 [PE1-GigabitEthernet2/1/2] i
56 bytes from 2001:1::1, icmp_seq=4 hlim=64 time=0.000 ms --- Ping6 statistics for 2001:1::1 --5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.000/2.000/9.000/3.521 ms 4. Establish EBGP peer relationships between the PEs and CEs to allow them to exchange VPN routes: # Configure CE 1.
[PE1-bgp] quit # Configure PE 2. [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0 [PE2-bgp] address-family vpnv6 [PE2-bgp-vpnv6] peer 1.1.1.9 enable [PE2-bgp-vpnv6] quit [PE2-bgp] quit # Execute the display bgp peer vpnv6 command on the PEs to verify that a BGP peer relationship in Established state has been established between the PEs. (Details not shown.
Destination: 2001:2::/96 Protocol : Direct NextHop : :: Preference: 0 Interface : GE2/1/2 Cost : 0 Destination: 2001:2::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2001:4::/96 Protocol : BGP4+ NextHop : ::FFFF:3.3.3.
Figure 82 Network diagram Table 28 Interface and IP assignment Device Interface IP address Device Interface IP address CE 1 GE2/1/1 2001:1::1/96 P POS2/1/0 172.1.1.2/24 PE 1 Loop0 1.1.1.9/32 POS2/1/1 172.2.1.1/24 GE2/1/1 2001:1::2/96 Loop0 2.2.2.9/32 POS2/1/1 172.1.1.1/24 GE2/1/1 2001:2::2/96 Tunnel0 20.1.1.1/24 POS2/1/0 172.2.1.2/24 GE2/1/1 2001:2::1/96 Tunnel0 20.1.1.2/24 CE 2 PE 2 Configuration procedure 1.
[PE1-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1 [PE1-tunnel-policy-gre1] quit [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] tnl-policy gre1 [PE1-vpn-instance-vpn1] quit [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ipv6 address 2001:1::2 96 [PE1-GigabitEthernet2/1/1] quit # Configure PE 2.
56 bytes from 2001:1::1, icmp_seq=3 hlim=64 time=1.000 ms 56 bytes from 2001:1::1, icmp_seq=4 hlim=64 time=0.000 ms --- Ping6 statistics for 2001:1::1 --5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.000/0.400/1.000/0.490 ms 4. Establish EBGP peer relationships between PEs and CEs to allow them to exchange VPN routes: # Configure CE 1.
# Execute the display bgp peer vpnv6 command on the PEs. This example uses PE 1 to verify that a BGP peer relationship in Established state has been established between the PEs. [PE1] display bgp peer vpnv6 BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peer 2.2.2.9 6. Peers in established state : 1 AS MsgRcvd 100 3 MsgSent OutQ PrefRcv Up/Down 3 0 State 1 00:00:34 Established Configure a GRE tunnel: # Configure PE 1.
Figure 83 Network diagram MPLS backbone Loop0 MPLS backbone Loop0 AS 100 AS 200 POS2/1/1 POS2/1/1 POS2/1/0 ASBR-PE 1 Loop0 ASBR-PE 2 POS2/1/0 POS2/1/0 Loop0 POS2/1/0 PE 2 PE 1 GE2/1/1 GE2/1/1 GE2/1/1 GE2/1/1 CE 1 CE 2 AS 65001 AS 65002 Table 29 Interface and IP assignment Device Interface IP address Device Interface IP address CE 1 GE2/1/1 2001:1::1/96 CE 2 GE2/1/1 2001:2::1/96 PE 1 Loop0 1.1.1.9/32 PE 2 Loop0 4.4.4.
[PE1] mpls ldp [PE1-ldp] quit [PE1] interface pos 2/1/0 [PE1-Pos2/1/0] mpls enable [PE1-Pos2/1/0] mpls ldp enable [PE1-Pos2/1/0] quit # Configure basic MPLS on ASBR-PE 1, and enable MPLS LDP for both ASBR-PE 1 and the interface connected to PE 1. system-view [ASBR-PE1] mpls lsr-id 2.2.2.
# Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ipv6 address 2001:1::2 96 [PE1-GigabitEthernet2/1/1] quit # Configure CE 2.
[CE1] bgp 65001 [CE1-bgp] peer 2001:1::2 as-number 100 [CE1-bgp] address-family ipv6 unicast [CE1-bgp-ipv6] peer 2001:1::2 enable [CE1-bgp-ipv6] import-route direct [CE1-bgp-ipv6] quit [CE1-bgp] quit # Configure PE 1. [PE1] bgp 100 [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 2001:1::1 as-number 65001 [PE1-bgp-vpn1] address-family ipv6 unicast [PE1-bgp-ipv6-vpn1] peer 2001:1::1 enable [PE1-bgp-ipv6-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 2.
[ASBR-PE1-bgp-vpn1] address-family ipv6 unicast [ASBR-PE1-bgp-ipv6-vpn1] peer 2002:1::2 enable [ASBR-PE1-bgp-ipv6-vpn1] quit [ASBR-PE1-bgp-vpn1] quit [ASBR-PE1-bgp] peer 1.1.1.9 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback 0 [ASBR-PE1-bgp] address-family vpnv6 [ASBR-PE1-bgp-vpnv6] peer 1.1.1.9 enable [ASBR-PE1-bgp-vpnv6] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2.
Figure 84 Network diagram Table 30 Interface and IP assignment Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 GE2/1/1 2001::1/64 GE2/1/1 2002::1/64 S2/1/0 1.1.1.2/8 S2/1/0 9.1.1.2/8 Loop0 3.3.3.9/32 Loop0 4.4.4.9/32 S2/1/0 1.1.1.1/8 S2/1/0 9.1.1.1/8 S2/1/1 11.0.0.2/8 S2/1/1 11.0.0.1/8 GE2/1/1 2001::2/64 GE2/1/1 2002::2/64 ASBR-PE 1 CE 1 ASBR-PE 2 CE 1 Configuration procedure 1.
system-view [PE1] isis 1 [PE1-isis-1] network-entity 10.111.111.111.111.00 [PE1-isis-1] quit # Configure an LSR ID, and enable MPLS and LDP. [PE1] mpls lsr-id 2.2.2.9 [PE1] mpls ldp [PE1-ldp] quit # Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface. [PE1] interface serial 2/1/0 [PE1-Serial2/1/0] ip address 1.1.1.2 255.0.0.
[PE1-bgp] address-family vpnv6 [PE1-bgp-af-vpnv6] peer 5.5.5.9 enable [PE1-bgp-af-vpnv6] quit # Establish an EBGP peer relationship with CE 1, and add the learned BGP routes to the routing table of VPN instance vpn1. [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 2001::2 as-number 65001 [PE1-bgp-vpn1] address-family ipv6 unicast [PE1-bgp-ipv6-vpn1] peer 2001::2 enable [PE1-bgp-ipv6-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit 3. Configure ASBR-PE 1: # Start IS-IS on ASBR-PE 1.
# Start BGP on ASBR-PE 1, and apply routing policy policy2 to routes advertised to IBGP peer 2.2.2.9. [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 2.2.2.9 as-number 100 [ASBR-PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [ASBR-PE1-bgp] address-family ipv4 unicast [ASBR-PE1-bgp-ipv4] peer 2.2.2.9 enable [ASBR-PE1-bgp-ipv4] peer 2.2.2.9 route-policy policy2 export # Enable the capability to advertise labeled routes to and receive labeled routes from IBGP peer 2.2.2.9. [ASBR-PE1-bgp-ipv4] peer 2.2.2.
# Configure interface Serial 2/1/1, and enable MPLS on it. [ASBR-PE2] interface serial 2/1/1 [ASBR-PE2-Serial2/1/1] ip address 11.0.0.1 255.0.0.0 [ASBR-PE2-Serial2/1/1] mpls enable [ASBR-PE2-Serial2/1/1] quit # Create routing policies.
# Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface. [PE2] interface serial 2/1/0 [PE2-Serial2/1/0] ip address 9.1.1.2 255.0.0.0 [PE2-Serial2/1/0] isis enable 1 [PE2-Serial2/1/0] mpls enable [PE2-Serial2/1/0] mpls ldp enable [PE2-Serial2/1/0] quit # Configure interface Loopback 0, and start IS-IS on it. [PE2] interface loopback 0 [PE2-LoopBack0] ip address 5.5.5.
[PE2-bgp-ipv6-vpn1] peer 2002::2 enable [PE2-bgp-ipv6-vpn1] quit [PE2-bgp-vpn1] quit [PE2-bgp] quit 6. Configure CE 2: # Configure an IPv6 address for GigabitEthernet 2/1/1. system-view [CE2] interface gigabitethernet 2/1/1 [CE2-GigabitEthernet2/1/1] ipv6 address 2002::2 64 [CE2-GigabitEthernet2/1/1] quit # Establish an EBGP peer relationship with PE 2, and redistribute VPN routes.
Figure 85 Network diagram Table 31 Interface and IP assignment Device Interface IP address Device Interface IP address CE 3 GE2/1/1 2001:1::1/96 CE 4 GE2/1/1 2001:2::1/96 PE 3 Loop0 1.1.1.9/32 PE 4 Loop0 6.6.6.9/32 GE2/1/1 2001:1::2/96 GE2/1/1 2001:2::2/96 POS2/1/1 10.1.1.1/24 POS2/1/1 20.1.1.2/24 Loop0 2.2.2.9/32 Loop0 5.5.5.9/32 POS2/1/0 10.1.1.2/24 POS2/1/0 21.1.1.2/24 POS2/1/1 11.1.1.1/24 POS2/1/1 20.1.1.1/24 Loop0 3.3.3.9/32 Loop0 4.4.4.9/32 POS2/1/0 11.1.1.
[PE1-isis-1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface pos 2/1/1 [PE1-Pos2/1/1] ip address 30.1.1.1 24 [PE1-Pos2/1/1] isis enable 1 [PE1-Pos2/1/1] mpls enable [PE1-Pos2/1/1] mpls ldp enable [PE1-Pos2/1/1] mpls ldp transport-address interface [PE1-Pos2/1/1] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] address-family vpnv4 [PE1-bgp-vpnv4] peer 4.4.4.
2. Configure the customer carrier network. Start IS-IS as the IGP, and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2: # Configure PE 3. system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 1.1.1.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 1.1.1.9 [PE3] mpls ldp [PE3-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0000.0001.
3. Connect the customer carrier and the provider carrier: # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] mpls ldp [PE1-ldp] vpn-instance vpn1 [PE1-ldp-vpn-instance-vpn1] quit [PE1-ldp] quit [PE1] isis 2 vpn-instance vpn1 [PE1-isis-2] network-entity 10.0000.0000.0000.0003.
[CE3-bgp] peer 2001:1::2 as-number 100 [CE3-bgp] address-family ipv6 [CE3-bgp-ipv6] peer 2001:1::2 enable [CE3-bgp-ipv6] import-route direct [CE3-bgp-ipv6] quit [CE3-bgp] quit # Configure PE 3.
4.4.4.9/32 ISIS 10 30.1.1.2 POS2/1/1 30.1.1.0/24 Direct 0 15 0 30.1.1.1 POS2/1/1 30.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 30.1.1.2/32 Direct 0 0 30.1.1.2 POS2/1/1 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 # Verify that the VPN routing table contains the internal routes of the customer carrier network. [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 11 2.
[PE3] display ip routing-table Routing Tables: Public Destinations : 11 Destination/Mask Proto 1.1.1.9/32 2.2.2.9/32 Routes : 11 Pre Cost NextHop Interface Direct 0 0 127.0.0.1 InLoop0 ISIS 15 10 10.1.1.2 POS2/1/1 5.5.5.9/32 ISIS 15 84 10.1.1.2 POS2/1/1 6.6.6.9/32 ISIS 15 84 10.1.1.2 POS2/1/1 10.1.1.0/24 Direct 0 0 10.1.1.1 POS2/1/1 10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 10.1.1.2/32 Direct 0 0 10.1.1.2 POS2/1/1 11.1.1.0/24 ISIS 15 20 10.1.1.2 POS2/1/1 20.1.
Configuring IPv6 MCE Network requirements As shown in Figure 86, VPN 2 runs RIPng. Configure the MCE device to separate routes from different VPNs and advertise the VPN routes to PE 1 through OSPFv3. Figure 86 Network diagram Configuration procedure Assume that the system name of the MCE device is MCE, the system names of the edge routers of VPN 1 and VPN 2 are VR1 and VR2, and the system name of PE 1 is PE1. 1.
# Bind interface GigabitEthernet 2/1/1 to VPN instance vpn1, and configure an IPv6 address for the interface. [MCE] interface gigabitethernet 2/1/1 [MCE-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [MCE-GigabitEthernet2/1/1] ipv6 address 2001:1::1 64 [MCE-GigabitEthernet2/1/1] quit # Bind interface GigabitEthernet 2/1/2 to VPN instance vpn2, and configure an IPv6 address for the interface.
[VR2] ripng 20 [VR2-ripng-20] quit [VR2] interface gigabitethernet 2/1/1 [VR2-GigabitEthernet2/1/1] ripng 20 enable [VR2-GigabitEthernet2/1/1] quit [VR2] interface gigabitethernet 2/1/2 [VR2-GigabitEthernet2/1/2] ripng 20 enable [VR2-GigabitEthernet2/1/2] quit # On the MCE, display the routing tables of the VPN instances vpn1 and vpn2.
Destination: 2002:1::1/128 Protocol NextHop : ::1 Preference: 0 : Direct Interface : InLoop0 Cost : 0 Destination: 2012::/64 Protocol : RIPng NextHop : FE80::20C:29FF:FE40:701 Preference: 100 Interface : GE2/1/2 Cost : 1 Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 The output shows that the MCE has learned the private route of
[PE1-GigabitEthernet2/1/1.2] ip binding vpn-instance vpn2 # Configure the subinterface to terminate VLAN 20. [PE1-GigabitEthernet2/1/1.2] vlan-type dot1q vid 20 # Configure an IPv6 address for the subinterface. [PE1-GigabitEthernet2/1/1.2] ipv6 address 2002:2::4 64 [PE1-GigabitEthernet2/1/1.2] quit # Configure the IP address of the interface Loopback 0 as 101.101.10.1 for the MCE and as 100.100.10.1 for PE 1. Specify the loopback interface address as the router ID for the MCE and PE 1.
NextHop : FE80::200:5EFF:FE01:1C05 Preference: 15 Interface : GE2/1/1.1 Cost : 10 Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 # Verify that PE 1 has learned the private route of VPN 2 through OSPFv3.
Figure 87 Network diagram Table 32 Interface and IP assignment Device Interface IP address Device Interface IP address CE 1 GE2/1/1 10:1::2/96 P Loop0 2.2.2.9/32 GE2/1/2 100::1/96 GE2/1/1 20.1.1.2/24 Loop0 10.1.1.1/32 GE2/1/2 30.1.1.1/24 GE2/1/1 10:1::1/96 Loop0 10.1.1.2/32 GE2/1/2 20.1.1.1/24 GE2/1/1 10:2::1/96 GE2/1/1 10:2::2/96 GE2/1/2 30.1.1.2/24 GE2/1/2 200::1/96 PE 1 CE 2 PE 2 Configuration procedure 1.
Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 10:2::/96 Protocol : Direct NextHop : :: Preference: 0 Interface : GE2/1/1 Cost : 0 Destination: 10:2::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 200::/96 Protocol : Static NextHop : :: Preference: 60 Interface : NULL0 Cost : 0 Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface
Destination: 200::/96 Protocol NextHop : 10:2::2 Preference: 255 : BGP4+ Interface : GE2/1/1 Cost : 0 Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 # Enable BGP update packet debugging on PE 2. The output shows that PE 2 has advertised the route for 100::/96, and the AS_PATH is 100 600.
Verifying the configuration # The output shows that among the routes advertised by PE 2 to CE 2, the AS_PATH of 100::/96 has changed from 100 600 to 100 100. *Jun 27 18:07:34:420 2013 PE2 BGP/7/DEBUG; BGP_IPV6.vpn1: Send UPDATE to peer 10:2::2 for following destinations: Origin : Incomplete AS path : 100 100 Next hop : 10:2::1 100::/96, # Display again the routing information that CE 2 has received, and the routing table. The output shows that CE 2 has learned the route 100::/96.
Interface : NULL0 Cost : 0 Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 # Verify that GigabitEthernet 2/1/2 of CE 1 and GigabitEthernet 2/1/2 of CE 2 can ping each other. (Details not shown.
Device PE 3 Interface IP address GE2/1/2 20.1.1.1/24 GE2/1/3 30.1.1.1/24 Loop0 Device Interface IP address GE2/1/3 20.1.1.2/24 Loop0 3.3.3.9/32 4.4.4.9/32 GE2/1/1 30.1.1.2/24 GE2/1/1 10:3::2/96 GE2/1/2 40.1.1.2/24 GE2/1/2 50.1.1.2/24 GE2/1/3 50.1.1.1/24 P Configuration procedure 1. Configure basic IPv6 MPLS L3VPN: { Configure OSPF on the MPLS backbone to allow the PEs and P device to learn the routes of the loopback interfaces from each other.
3. Configure BGP SoO attribute: # On PE 1, configure the SoO attribute as 1:100 for CE 1. system-view [PE1] bgp 100 [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] address-family ipv6 [PE1-bgp-ipv6-vpn1] peer 10:1::1 soo 1:100 # On PE 2, configure the SoO attribute as 1:100 for CE 2.
Configuring MPLS L2VPN In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. MPLS L2VPN provides point-to-point and point-to-multipoint connections. This chapter describes only the MPLS L2VPN technologies that provide point-to-point connections. Overview MPLS L2VPN is an implementation of Pseudo Wire Emulation Edge-to-Edge (PWE3). It offers Layer 2 VPN services over an MPLS or IP backbone.
label block is the sum of the LRs of all previously assigned label blocks. For example, if the LR and LO of the first label block are 10 and 0, the LO of the second label block is 10. If the LR of the second label block is 20, the LO of the third label block is 30. A label block with LB, LO, and LR as 1000, 10, and 5, respectively, is represented as 1000/10/5. For example, a VPN has 10 sites, and a PE assigns the first label block LB1/0/10 to the VPN.
AC AC Figure 90 Local connection model Remote connection establishment To set up a remote MPLS L2VPN connection: 1. Set up a public tunnel to carry one or more PWs between PEs: The public tunnel can be an LSP, MPLS TE, or GRE tunnel. If multiple public tunnels exist between two PEs, you can configure a tunnel policy to control tunnel selection. For more information about tunnel policies, see "Configuring tunnel policies.
3. Set up an AC between a PE and a CE: Set up an AC by configuring a link layer connection (such as a PPP connection) between a PE and a CE. An AC can be one of the following types: { { { Layer 3 physical interface—Transparently forwards received packets over the bound PW. The Layer 3 physical interface can be an Ethernet interface, or an ATM interface. Layer 3 subinterface—Forwards packets received from the corresponding link (VLAN, ATM VPC, ATM VCC, or FR DLCI ) to the bound PW.
Ethernet over MPLS Ethernet over MPLS uses MPLS L2VPN to connect Ethernets, and delivers Ethernet packets through a PW over the MPLS backbone. The following PW types are available for Ethernet over MPLS: • Ethernet—P-tag is not transferred on a PW. { { For a packet from a CE: − If the packet contains a P-tag, the PE removes the P-tag, and adds a PW label and an outer tag into the packet before forwarding it.
Figure 91 Packet encapsulation in port mode • VLAN mode—A Layer 3 Ethernet subinterface or VLAN interface is bound to a PW. Packets received from the VLAN are forwarded through the bound PW. The peer PE can modify the VLAN tag as needed. The default data encapsulation type for VLAN mode is VLAN. PPP/HDLC over MPLS PPP/HDLC over MPLS uses an MPLS L2VPN to connect a PPP or an HDLC network, and delivers PPP or HDLC packets over the MPLS backbone through a PW. If the AC type is PPP, the PW type is PPP.
MPLS L2VPN interworking CEs might connect to PEs through various types of links, such as ATM, FR, HDLC, Ethernet, and PPP. MPLS L2VPN interworking connects such CEs and allow them to communicate. MPLS L2VPN supports Ethernet interworking and IP interworking modes. The device only supports IP interworking. Only local MPLS L2VPN connections, static PWs, LDP PWs, and remote CCC connections support the interworking feature.
Figure 93 PW redundancy The MPLS L2VPN determines whether the primary PW fails according to the LDP session status or the BFD result. The backup PW is used when one of the following conditions exists: • The public tunnel of the primary PW is deleted, or BFD detects that the public tunnel has failed. • The primary PW is deleted because the LDP session between PEs goes down, or BFD detects that the primary PW has failed. • A manual PW switchover is performed.
Intra-domain multi-segment PW An intra-domain multi-segment PW has concatenated PWs within an AS. You can create an intra-domain multi-segment PW between two PEs that have no public tunnel to each other. As shown in Figure 95, there is no public tunnel between PE 1 and PE 4. There is a public tunnel between PE 1 and PE 2 and a public tunnel between PE 2 and PE 4. To create an intra-domain multi-segment PW between PE 1 and PE 4, you can perform the following operations: 1.
Figure 96 Inter-domain multi-segment PW VCCV Virtual Circuit Connectivity Verification (VCCV) is an OAM function for L2VPN. It verifies the connectivity of PWs on the data plane. VCCV includes two modes: • Manual mode—Use the ping mpls pw command to manually test the connectivity of a PW. • Auto mode—Configure BFD or Raw BFD to automatically test the connectivity of a PW. For more information about VCCV, see "Configuring MPLS OAM.
Tasks at a glance Remarks (Required.) Configuring a cross-connect N/A Configuring a PW: • (Optional.) Configuring a PW class • (Required.) Choose either of the following tasks to configure a PW: { Configuring a static PW { Configuring an LDP PW { Configuring a BGP PW { Configuring a remote CCC connection Choose a PW configuration method depending on the MPLS L2VPN implementation. Skip these tasks for local connection configuration. For multi-segment PWs, skip this task. (Optional.
The PW type and AC access mode determine how the VLAN tag is processed by a PE. Therefore, the local PE and the peer PE must be configured with the same PW type and AC access mode. To configure the interface with Ethernet or VLAN encapsulation: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. (Optional.) Specify the default next hop IP address or MAC address. Required for MPLS L2VPN interworking.
Step Command Remarks 3. (Optional.) Configure a description for the cross-connect group. description text By default, no description is configured for the cross-connect group. 4. (Optional.) Enable the cross-connect group. undo shutdown By default, the cross-connect group is enabled. 5. Create a cross-connect and enter cross-connect view. connection connection-name By default, no cross-connect is created. The default MTU is 1500 bytes. 6. Configure an MTU for the PW.
Configuring an LDP PW Before you configure an LDP PW, enable global and interface MPLS LDP on the PE. For information about MPLS LDP configuration, see "Configuring LDP." To configure an LDP PW: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter cross-connect group view. xconnect-group group-name N/A 3. Enter cross-connect view. connection connection-name N/A By default, no LDP PW is configured. 4. Configure an LDP PW and enter cross-connect PW view.
Step Command Remarks 7. (Optional.) Permit the local AS number to appear in routes from the specified peer or peer group and specify the appearance times. peer { group-name | ip-address } allow-as-loop [ number ] By default, the local AS number is not allowed in routes from a peer or peer group. 8. (Optional.) Enable route target-based filtering of incoming BGP L2VPN information. policy vpn-target By default, route target-based filtering of incoming BGP L2VPN information is enabled. 9. (Optional.
Step Command Remarks 5. Configure route targets for the cross-connect group. vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ] By default, no route targets are configured for the cross-connect group. 6. (Optional.) Reference a PW class. pw-class class-name By default, no PW class is referenced. 7. (Optional.) Configure an MTU for the PW. mtu mtu The default MTU is 1500 bytes. 8. Create a local site and enter site view.
Step Command Remarks By default, no remote CCC connection is created. 4. Create a remote CCC connection. ccc in-label in-label-value out-label out-label-value { nexthop nexthop | out-interface interface-type interface-number } [ pw-class class-name ] Use the out-interface keyword to specify the outgoing interface only on a point-to-point link.
Configuring PW redundancy This task includes the following configurations: • Create a backup PW for the primary PW. • Specify whether to switch traffic from the backup PW to the primary PW when the primary PW recovers, and specify the wait time for the switchover. • Manually perform a PW switchover. Configuring static PW redundancy Step Command Remarks 1. Enter system view. system-view N/A 2. Enter cross-connect group view. xconnect-group group-name N/A 3. Enter cross-connect view.
Step Command Remarks 5. Enter cross-connect PW view. peer ip-address pw-id pw-id [ pw-class class-name | tunnel-policy tunnel-policy-name ] * N/A 6. Configure a backup LDP PW and enter backup cross-connect PW view. backup-peer ip-address pw-id pw-id [ pw-class class-name | tunnel-policy tunnel-policy-name ] * By default, no backup LDP PW is configured. 7. Return to user view. return N/A 8. Manually switch traffic to the backup PW of the specified PW.
Step Command Remarks 3. Enter cross-connect view. connection connection-name N/A 4. Enable interworking for the cross-connect. interworking ipv4 By default, the cross-connect does not support interworking. Displaying and maintaining MPLS L2VPN Execute display commands in any view and the reset command in user view. Task Command Display LDP PW label information.
MPLS L2VPN configuration examples Configuring local MPLS L2VPN connections Network requirements Configure local MPLS L2VPN connections between PE and CEs so that CE 1 and CE 2 can communicate with each other at Layer 2 through GigabitEthernet 2/1/1 and GigabitEthernet 2/1/2 on the PE. Figure 97 Network diagram Configuration procedure 1. Configure CE 1. system-view [CE1] interface gigabitethernet 2/1/1 [CE1-GigabitEthernet2/1/1] ip address 100.1.1.1 24 [CE1-GigabitEthernet2/1/1] quit 2.
Total number of cross-connections: 1 Total number of ACs: 2 AC Xconnect-group Link ID GE2/1/1 vpn1 0 GE2/1/2 vpn1 1 # Verify that CE 1 and CE 2 can ping each other. (Details not shown.) Configuring IP interworking over local MPLS L2VPN connections Network requirements CE 1 and PE are connected through Ethernet interfaces. CE 2 and PE are connected through serial interfaces, and use PPP as the link layer protocol.
# Configure the default next hop IP address as 10.1.1.1 on GigabitEthernet 2/1/1 (the interface connected to CE 1). This interface does not need an IP address. [PE] interface gigabitethernet 2/1/1 [PE-GigabitEthernet2/1/1] default-nexthop ip 10.1.1.1 [PE-GigabitEthernet2/1/1] quit # Configure the IPCP proxy IP address as the IP address of CE 1 on Serial 2/1/0 (the interface connected to CE 2). This interface does not need an IP address.
Figure 99 Network diagram Table 35 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 GE2/1/1 100.1.1.1/24 P Loop0 192.4.4.4/32 PE 1 Loop0 192.2.2.2/32 GE2/1/1 10.1.1.2/24 GE2/1/1 - GE2/1/2 10.2.2.2/24 GE2/1/2 10.1.1.1/24 Loop0 192.3.3.3/32 GE2/1/1 100.1.1.2/24 GE2/1/1 - GE2/1/2 10.2.2.1/24 CE 2 PE 2 Configuration procedure 1. Configure CE 1.
[PE1-GigabitEthernet2/1/2] mpls enable [PE1-GigabitEthernet2/1/2] mpls ldp enable [PE1-GigabitEthernet2/1/2] quit # Configure OSPF on PE 1 for LDP to create LSPs. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 192.2.2.2 0.0.0.0 [PE1-ospf-1-area-0.0.0.
[P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit 4. Configure PE 2: # Configure an LSR ID. system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 192.3.3.3 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 192.3.3.3 # Enable L2VPN. [PE2] l2vpn enable # Enable globally LDP.
Verifying the configuration # Display L2VPN PW information on PE 1. The output shows that a static PW has been established. [PE1] display l2vpn pw Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon Total number of PWs: 1, 1 up, 0 blocked, 0 down, 0 defect Xconnect-group Name: vpna Peer PW ID In/Out Label Proto 192.3.3.3 3 100/200 Static M Flag Link ID State 0 Up # Display L2VPN PW information on PE 2. The output shows that a static PW has been established.
Device Interface IP address CE 2 GE2/1/1 100.1.1.2/24 Device Interface IP address GE2/1/1 - GE2/1/2 10.2.2.1/24 Configuration procedure 1. Configure CE 1. system-view [CE1] interface gigabitethernet 2/1/1 [CE1-GigabitEthernet2/1/1] ip address 100.1.1.1 24 [CE1-GigabitEthernet2/1/1] quit 2. Configure PE 1: # Configure an LSR ID. system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.2.2.2 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 192.2.2.2 # Enable L2VPN.
[PE1-xcg-vpna] quit 3. Configure the P device: # Configure an LSR ID.
system-view [P] interface loopback 0 [P-LoopBack0] ip address 192.4.4.4 32 [P-LoopBack0] quit [P] mpls lsr-id 192.4.4.4 # Enable global LDP. [P] mpls ldp [P-ldp] quit # Configure GigabitEthernet 2/1/1 (the interface connected to PE 1), and enable LDP on the interface. [P] interface gigabitethernet 2/1/1 [P-GigabitEthernet2/1/1] ip address 10.1.1.
# Configure GigabitEthernet 2/1/2 (the interface connected to the P device), and enable LDP on the interface. [PE2] interface gigabitethernet 2/1/2 [PE2-GigabitEthernet2/1/2] ip address 10.2.2.1 24 [PE2-GigabitEthernet2/1/2] mpls enable [PE2-GigabitEthernet2/1/2] mpls ldp enable [PE2-GigabitEthernet2/1/2] quit # Configure OSPF on PE 2 for LDP to create LSPs. [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 192.3.3.3 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 10.2.2.0 0.0.0.
# Verify that CE 1 and CE 2 can ping each other. (Details not shown.) Configuring IP interworking over an LDP PW Network requirements CE 1 and PE 1 are connected through Ethernet interfaces. CE 2 and PE 2 are connected through serial interfaces, and they use PPP as the link layer protocol. Configure an LDP PW between PE 1 and PE 2 and enable interworking on PEs so GigabitEthernet 2/1/1 on CE 1 can communicate with Serial 2/1/0 on CE 2.
[PE1] mpls lsr-id 192.2.2.2 # Enable L2VPN. [PE1] l2vpn enable # Enable global LDP. [PE1] mpls ldp [PE1-ldp] quit # Configure the default next hop IP address as 100.1.1.1 on GigabitEthernet 2/1/1 (the interface connected to CE 1). This interface does not need an IP address. [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] default-nexthop ip 100.1.1.
# Configure GigabitEthernet 2/1/1 (the interface connected to PE 1), and enable LDP on the interface. [P] interface gigabitethernet 2/1/1 [P-GigabitEthernet2/1/1] ip address 10.1.1.2 24 [P-GigabitEthernet2/1/1] mpls enable [P-GigabitEthernet2/1/1] mpls ldp enable [P-GigabitEthernet2/1/1] quit # Configure GigabitEthernet 2/1/2 (the interface connected to PE 2), and enable LDP on the interface. [P] interface gigabitethernet 2/1/2 [P-GigabitEthernet2/1/2] ip address 10.2.2.
[PE2-ospf-1] quit # Configure the IPCP proxy IP address as the IP address of CE 1 on Serial 2/1/0 (the interface connected to CE 2). This interface does not need an IP address. [PE2] interface serial 2/1/0 [PE2-Serial2/1/0] link-protocol ppp [PE2-Serial2/1/0] ppp ipcp proxy 100.1.1.
Configuring a BGP PW Network requirements Create a BGP PW between PE 1 and PE 2 so CE 1 and CE 2 can communicate with each other. Figure 102 Network diagram Table 38 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 GE2/1/1 100.1.1.1/24 P Loop0 192.4.4.4/32 PE 1 Loop0 192.2.2.2/32 GE2/1/1 10.1.1.2/24 GE2/1/1 - GE2/1/2 10.2.2.2/24 GE2/1/2 10.1.1.1/24 Loop0 192.3.3.3/32 GE2/1/1 100.1.1.2/24 GE2/1/1 - GE2/1/2 10.2.2.
[PE1-ldp] quit # Configure GigabitEthernet 2/1/2 (the interface connected to the P device), and enable LDP on the interface. [PE1] interface gigabitethernet 2/1/2 [PE1-GigabitEthernet2/1/2] ip address 10.1.1.1 24 [PE1-GigabitEthernet2/1/2] mpls enable [PE1-GigabitEthernet2/1/2] mpls ldp enable [PE1-GigabitEthernet2/1/2] quit # Configure OSPF on PE 1 for LDP to create LSPs. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 192.2.2.2 0.0.0.
[P-GigabitEthernet2/1/1] ip address 10.1.1.2 24 [P-GigabitEthernet2/1/1] mpls enable [P-GigabitEthernet2/1/1] mpls ldp enable [P-GigabitEthernet2/1/1] quit # Configure GigabitEthernet 2/1/2 (the interface connected to PE 2), and enable LDP on the interface. [P] interface gigabitethernet 2/1/2 [P-GigabitEthernet2/1/2] ip address 10.2.2.2 24 [P-GigabitEthernet2/1/2] mpls enable [P-GigabitEthernet2/1/2] mpls ldp enable [P-GigabitEthernet2/1/2] quit # Configure OSPF on the P device for LDP to create LSPs.
[PE2-bgp] peer 192.2.2.2 as-number 100 [PE2-bgp] peer 192.2.2.2 connect-interface loopback 0 [PE2-bgp] address-family l2vpn [PE2-bgp-l2vpn] peer 192.2.2.2 enable [PE2-bgp-l2vpn] quit [PE2-bgp] quit # Create a cross-connect group named vpnb, create a local site named site 1, create a BGP PW from site 1 to the remote site site 2, and bind GigabitEthernet 2/1/1 to the PW.
Figure 103 Network diagram Table 39 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 GE2/1/1 100.1.1.1/24 P Loop0 192.4.4.4/32 PE 1 Loop0 192.2.2.2/32 GE2/1/1 10.1.1.2/24 GE2/1/1 - GE2/1/2 10.2.2.2/24 GE2/1/2 10.1.1.1/24 Loop0 192.3.3.3/32 GE2/1/1 100.1.1.2/24 GE2/1/1 - GE2/1/2 10.2.2.1/24 CE 2 PE 2 Configuration procedure 1. Configure CE 1.
# Configure OSPF. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 192.2.2.2 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Create a cross-connect group named ccc, create a remote CCC connection that has incoming label 101, outgoing label 201, and next hop 10.1.1.2, and bind GigabitEthernet 2/1/1 to the CCC connection.
4. Configure PE 2: # Configure an LSR ID. system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 192.3.3.3 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 192.3.3.3 # Enable L2VPN. [PE2] l2vpn enable # Configure GigabitEthernet 2/1/2 (the interface connected to the P device), and enable MPLS on the interface. [PE2] interface gigabitethernet 2/1/2 [PE2-GigabitEthernet2/1/2] ip address 10.2.2.1 24 [PE2-GigabitEthernet2/1/2] mpls enable [PE2-GigabitEthernet2/1/2] quit # Configure OSPF.
# Display L2VPN PW information on PE 2. The output shows that a remote CCC connection has been established. [PE2] display l2vpn pw Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon Total number of PWs: 1, 1 up, 0 blocked, 0 down, 0 defect Xconnect-group Name: ccc Peer PW ID/Rmt Site In/Out Label Proto Flag Link ID State 10.2.2.2 - 202/102 Static M 0 Up # Verify that CE 1 and CE 2 can ping each other. (Details not shown.
[CE1-GigabitEthernet2/1/1] ip address 100.1.1.1 24 [CE1-GigabitEthernet2/1/1] quit 2. Configure PE 1: # Configure an LSR ID. system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.2.2.2 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 192.2.2.2 # Enable L2VPN. [PE1] l2vpn enable # Configure MPLS TE to establish an MPLS TE tunnel between PE 1 and P. For more information, see "Configuring MPLS TE.
[P-xcg-vpn1-ldpsvc-192.3.3.3-1000] quit [P-xcg-vpn1-ldpsvc] quit [P-xcg-vpn1] quit 4. Configure PE 2: # Configure an LSR ID. system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 192.3.3.3 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 192.3.3.3 # Enable L2VPN. [PE2] l2vpn enable # Configure MPLS TE to establish an MPLS TE tunnel between P and PE 2. For more information, see "Configuring MPLS TE.
Peer PW ID In/Out Label Proto Flag Link ID State 192.4.4.4 1000 1150/1279 LDP M 1 Up # Display L2VPN PW information on PE 2. The output shows that a PW has been created. [PE2] display l2vpn pw Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon Total number of PWs: 1, 1 up, 0 blocked, 0 down, 0 defect Xconnect-group Name: vpn1 Peer PW ID In/Out Label Proto 192.4.4.
Device Interface IP address Device Interface IP address PE 2 Loop0 192.4.4.4/32 ASBR 2 Loop0 192.3.3.3/32 GE2/1/2 22.2.2.1/24 GE2/1/1 26.2.2.3/24 GE2/1/1 100.1.1.2/24 GE2/1/2 22.2.2.3/24 CE 2 Configuration procedure 1. Configure CE 1. system-view [CE1] interface gigabitethernet 2/1/1 [CE1-GigabitEthernet2/1/1] ip address 100.1.1.1 24 [CE1-GigabitEthernet2/1/1] quit 2. Configure PE 1: # Configure an LSR ID.
[PE1-xcg-vpn1-ldp] quit [PE1-xcg-vpn1] quit 3. Configure ASBR 1: # Configure an LSR ID. system-view [ASBR1] interface loopback 0 [ASBR1-LoopBack0] ip address 192.2.2.2 32 [ASBR1-LoopBack0] quit [ASBR1] mpls lsr-id 192.2.2.2 # Enable L2VPN. [ASBR1] l2vpn enable # Enable global LDP. [ASBR1] mpls ldp [ASBR1-ldp] quit # Configure GigabitEthernet 2/1/2 (the interface connected to PE 1), and enable LDP on the interface.
# Create a cross-connect group named vpn1, create a cross-connect named ldp in the group, and create two LDP PWs for the cross-connect to form a multi-segment PW. [ASBR1] xconnect-group vpn1 [ASBR1-xcg-vpn1] connection ldp [ASBR1-xcg-vpn1-ldp] peer 192.1.1.1 pw-id 1000 [ASBR1-xcg-vpn1-ldp-192.1.1.1-1000] quit [ASBR1-xcg-vpn1-ldp] peer 192.3.3.3 pw-id 1000 [ASBR1-xcg-vpn1-ldp-192.3.3.3-1000] quit [ASBR1-xcg-vpn1-ldp] quit [ASBR1-xcg-vpn1] quit 4. Configure ASBR 2: # Configure an LSR ID.
[ASBR2-bgp-ipv4] peer 26.2.2.2 enable [ASBR2-bgp-ipv4] peer 26.2.2.2 route-policy policy1 export [ASBR2-bgp-ipv4] peer 26.2.2.2 label-route-capability [ASBR2-bgp-ipv4] quit [ASBR2-bgp] quit [ASBR2] route-policy policy1 permit node 1 [ASBR2-route-policy-policy1-1] apply mpls-label [ASBR2-route-policy-policy1-1] quit # Create a cross-connect group named vpn1, create a cross-connect named ldp in the group, and create two LDP PWs for the cross-connect to form a multi-segment PW.
[PE2] xconnect-group vpn1 [PE2-xcg-vpn1] connection ldp [PE2-xcg-vpn1-ldp] ac interface gigabitethernet 2/1/1 [PE2-xcg-vpn1-ldp] peer 192.3.3.3 pw-id 1000 [PE2-xcg-vpn1-ldp-192.3.3.3-1000] quit [PE2-xcg-vpn1-ldp] quit [PE2-xcg-vpn1] quit 6. Configure CE 2. system-view [CE2] interface gigabitethernet 2/1/1 [CE2-GigabitEthernet2/1/1] ip address 100.1.1.2 24 [CE2-GigabitEthernet2/1/1] quit Verifying the configuration # Display L2VPN PW information on PE 1.
Xconnect-group Name: vpn1 Peer PW ID In/Out Label Proto Flag Link ID State 192.3.3.3 1000 1279/1150 LDP M 1 Up # Verify that CE 1 and CE 2 can ping each other. (Details not shown.
Configuring MPLS OAM Overview MPLS Operation, Administration, and Maintenance (OAM) provides fault management tools for the following: • MPLS data plane connectivity verification. • Data plane and control plane consistency verification. • Fault locating. These fault management tools include the following types: • On-demand tools—Tools that need to be triggered manually, such as MPLS ping and MPLS traceroute.
MPLS BFD MPLS BFD uses a BFD session to proactively verify the connectivity of an LSP tunnel, an MPLS TE tunnel, or a PW tunnel. MPLS BFD does the following: 1. Establishes a BFD session between the ingress and egress of the tunnel to be inspected. 2. Adds the label associated with the tunnel into a BFD control packet at the ingress. 3. Sends the packet to the egress node over the tunnel. 4. Determines the tunnel status according to the BFD control packet returned by the egress.
Configuring MPLS ping for LSPs Perform the following task in any view: Task Command Use MPLS ping to verify MPLS LSP connectivity for an IPv4 prefix.
• The source address of the BFD session is the MPLS LSR ID of the local device. Before configuring BFD for the LSP tunnel, configure an MPLS LSR ID for the local device and make sure a route is available on the remote device to reach the MPLS LSR ID. • If multiple LSPs exist for an FEC, you can do one of the following: • { Create a BFD session for an LSP by specifying the next hop of the LSP. { Create a BFD session for each LSP without specifying a next hop.
Configuring MPLS BFD for MPLS TE tunnels To run BFD on an MPLS TE tunnel, configure both the local and remote devices as described in Table 43.
The packets used to verify PW connectivity are collectively referred to as VCCV packets. A PE transfers VCCV packets through a control channel (CC). CCs include the following types: • control-word—Identifies VCCV packets through the control word (PW-ACH, PW Associated Channel Header). You can use this CC type only when the PW supports control word. For more information about control word, see "Configuring MPLS L2VPN.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enable MPLS BFD. mpls bfd enable By default, MPLS BFD is disabled. By default, no PW class is created. 3. Create a PW class and enter PW class view. pw-class class-name To use BFD to verify connectivity of a PW, you must create a PW class for the PW and configure VCCV settings in PW class view. By default, BFD is not used to verify PW connectivity. 4. Use BFD to verify PW connectivity.
Displaying MPLS OAM Execute display commands in any view. Task Command Display BFD information for LSP tunnels or MPLS TE tunnels. display mpls bfd [ ipv4 dest-addr mask-length | te tunnel tunnel-number ] Display BFD information for PWs. display l2vpn pw bfd [ peer peer-ip pw-id pw-id ] BFD for LSP configuration example Network requirements Use LDP to establish an LSP from 1.1.1.9/32 to 3.3.3.9/32 and an LSP from 3.3.3.9/32 to 1.1.1.9/32. Use BFD to verify LSP connectivity.
[RouterC] ospf [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [RouterC-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit 3. Enable MPLS and LDP: # Configure Router A. [RouterA] mpls lsr-id 1.1.1.
FEC Type: LSP FEC Info: Destination: 1.1.1.9 Mask Length: 32 NHLFE ID: Local Discr: 513 Remote Discr: 513 Source IP: 1.1.1.9 Destination IP: 3.3.3.9 Session State: Up Session Role: Active Template Name: - FEC Type: LSP FEC Info: Destination: 3.3.3.9 Mask Length: 32 NHLFE ID: 1042 Local Discr: 514 Remote Discr: 514 Source IP: 1.1.1.9 Destination IP: 127.0.0.
Configuring MPLS protection switching In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. Overview MPLS Protection Switching (PS) provides an end-to-end linear protection mechanism for MPLS TE tunnels. It associates an MPLS TE tunnel (working tunnel) with another MPLS TE tunnel (protection tunnel) to form a protection group.
Protection switching modes MPLS PS supports the following protection switching modes: • • 1:1 protection switching—Typically, traffic travels along the working tunnel. When either of the following occurs, the ingress node selects the traffic forwarding tunnel (working or protection tunnel) according to the protection state: { The ingress or egress node detects a failure on the working tunnel. { An external switching command is executed on the node.
MPLS protection switching configuration task list Before configuring MPLS protection switching, create two MPLS TE tunnels: one as the working tunnel, and the other as the protection tunnel. For information about creating an MPLS TE tunnel, see "Configuring MPLS TE." To configure MPLS protection switching, perform the following tasks: Tasks at a glance Remarks (Required.) Enabling MPLS protection switching N/A (Required.) Creating a protection group N/A (Optional.
Creating a protection group To create an MPLS TE protection group: 1. Create a tunnel bundle interface in protection switching mode. 2. Specify two member interfaces for the tunnel bundle interface by using the member interface command in tunnel bundle interface view: one for the working tunnel, and the other for the protection tunnel. In the protection group, the device determines the tunnel for traffic forwarding according to the external switching command and the signal fail.
Step Command Remarks 8. (Optional.) Configure the expected bandwidth of the tunnel bundle interface. bandwidth bandwidth-value By default, the expected bandwidth is 64 kbps. 9. (Optional.) Specify a service card for forwarding the traffic on the tunnel bundle interface (MSR4000). service slot slot-number By default, no service card is specified. 10. (Optional.) Restore the default settings for the tunnel bundle interface. default N/A 11. (Optional.) Bring up the tunnel bundle interface.
Step Command Remarks This command can be configured only on the tunnel bundle interface in 1:1 protection switching mode. 5. Configure the protection group to use bidirectional path switching. protection switching-mode bidirectional By default, the protection group in 1:1 protection switching mode uses unidirectional path switching. 1+1 protection switching mode supports only bidirectional path switching. Configuring command switching for the protection group Step Command Remarks 1.
Task Command Display tunnel bundle interface information. display interface [ tunnel-bundle [ number ] ] [ brief [ description | down ] ] Display the forwarding state information for MPLS protection groups (MSR2000/MSR3000). display mpls forwarding protection [ tunnel-bundle number ] Display the forwarding state information for MPLS protection groups (MSR4000).
Figure 107 Network diagram Configuration procedure 1. Configure IP addresses and masks for interfaces as shown in Figure 107. (Details not shown.) 2. Create MPLS TE tunnels on Router A: # Create two MPLS TE tunnels (Tunnel 1 and Tunnel 2) to Router D. For more information, see "Configuring MPLS TE." # Execute the display mpls tunnel all command on Router A to display information about the two MPLS TE tunnels. display mpls tunnel all Destination Type Tunnel/NHLFE VPN Instance 4.4.4.
Output queue - Urgent queuing: Size/Length/Discards 0/100/0 Output queue - Protocol queuing: Size/Length/Discards 0/500/0 Output queue - FIFO queuing: Size/Length/Discards 0/75/0 Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops 3.
514/514 1.1.1.1 127.0.0.1 Up 1127ms Tunnel2 Configure a static route to 4.4.4.4/32 through Tunnel-Bundle 0. 5. [RouterA] ip route-static 4.4.4.4 32 tunnel-bundle 0 preference 1 Verifying the configuration # Execute the display tunnel-bundle command on Router A to display information about the tunnel bundle interface and its member interfaces.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point. Represents a mesh access point.
Index BCDEILMOPRST Configuring LDP loop detection,31 B Configuring LDP MD5 authentication,27 BFD for LSP configuration example,429 Configuring LDP NSR,33 Binding an AC to a cross-connect,387 Configuring LDP session parameters,26 C Configuring LDP session protection,32 Configuring LDP to redistribute BGP IPv4 unicast routes,28 Configuration prerequisites,12 Configuration procedure,136 Configuring LDP-IGP synchronization,33 Configuration procedure,12 Configuring load sharing for an MPLS TE tunnel,
Displaying and maintaining IPv6 MPLS L3VPN,325 MPLS protection switching configuration example,438 Displaying and maintaining LDP,36 MPLS protection switching configuration task list,434 Displaying and maintaining MPLS,10 MPLS TE configuration examples,87 Displaying and maintaining MPLS L2VPN,390 MPLS TE configuration task list,63 Displaying and maintaining MPLS L3VPN,219 O Displaying and maintaining MPLS protection switching,437 Overview,136 Overview,1 Displaying and maintaining MPLS TE,87 Ove
