HP HPE FlexNetwork MSR Router Series Configuration Manual
  1. Manuals
  2. Brands
  3. HP Manuals
  4. Network Router
  5. HPE FlexNetwork MSR Router Series
  6. Configuration manual

HP HPE FlexNetwork MSR Router Series Configuration Manual

Hide thumbs
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
Table of Contents

Advertisement

Quick Links

Download this manual
HPE FlexNetwork MSR Router Series
Comware 7 MPLS Configuration Guide
Part number: 5998-8833
Software version: CMW710-R0305
Document version: 6PW106-20160308

Advertisement

Table of Contents
loading

Related Manuals for HP HPE FlexNetwork MSR Router Series

Summary of Contents for HP HPE FlexNetwork MSR Router Series

  • Page 1 HPE FlexNetwork MSR Router Series Comware 7 MPLS Configuration Guide Part number: 5998-8833 Software version: CMW710-R0305 Document version: 6PW106-20160308...
  • Page 2 © Copyright 2016 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents Configuring basic MPLS ················································································· 1 Overview ···························································································································································· 1 Basic concepts ··········································································································································· 1 MPLS network architecture ························································································································ 2 LSP establishment ····································································································································· 3 MPLS forwarding ········································································································································ 4 PHP ···························································································································································· 4 Protocols and standards ···························································································································· 5 Compatibility information ···································································································································· 5 MPLS configuration task list ······························································································································· 5 Enabling MPLS ··················································································································································...
  • Page 4 Configuring LDP session protection ················································································································· 34 Configuring LDP GR ········································································································································ 35 Configuring LDP NSR ······································································································································ 35 Configuring LDP-IGP synchronization ············································································································· 35 Configuring LDP-OSPF synchronization ·································································································· 36 Configuring LDP-ISIS synchronization ····································································································· 37 Configuring LDP FRR ······································································································································ 37 Setting a DSCP value for outgoing LDP packets ····························································································· 37 Resetting LDP sessions ···································································································································...
  • Page 5 Configuring a bidirectional MPLS TE tunnel ···································································································· 98 Configuring CRLSP backup ····························································································································· 99 Configuring MPLS TE FRR ···························································································································· 100 Enabling FRR ········································································································································· 100 Configuring a bypass tunnel on the PLR ································································································ 100 Configuring node fault detection ············································································································ 104 Configuring the optimal bypass tunnel selection interval ······································································· 105 Enabling SNMP notifications for MPLS TE ····································································································...
  • Page 6 Configuring MPLS L3VPN ·········································································· 188 Overview ························································································································································ 188 Basic MPLS L3VPN architecture ··········································································································· 188 MPLS L3VPN concepts ·························································································································· 188 MPLS L3VPN route advertisement ········································································································ 190 MPLS L3VPN packet forwarding ············································································································ 191 MPLS L3VPN networking schemes ······································································································· 192 Inter-AS VPN ·········································································································································· 194 Carrier's carrier ······································································································································...
  • Page 7 Configuring MPLS L3VPN FRR through VPNv4 route backup for a VPNv4 route ································ 323 Configuring MPLS L3VPN FRR through VPNv4 route backup for an IPv4 route ·································· 325 Configuring MPLS L3VPN FRR through IPv4 route backup for a VPNv4 route ···································· 327 Configuring IPv6 MPLS L3VPN ··································································...
  • Page 8 Configuring a cross-connect ·························································································································· 415 Configuring a PW ··········································································································································· 415 Configuring a PW class ·························································································································· 415 Configuring a static PW ·························································································································· 415 Configuring an LDP PW ························································································································· 416 Configuring a BGP PW ·························································································································· 416 Configuring a remote CCC connection ·································································································· 418 Binding an AC to a cross-connect ··················································································································...
  • Page 9 Configuring conventional L2VPN access to L3VPN or IP backbone ····························································· 500 Configuring improved L2VPN access to L3VPN or IP backbone ··································································· 500 Configuring an L2VE interface ··············································································································· 501 Configuring an L3VE interface ··············································································································· 501 Displaying and maintaining L2VPN access to L3VPN or IP backbone ·························································· 502 Improved L2VPN access to L3VPN or IP backbone configuration examples ················································...
  • Page 10 Index ··········································································································· 540 viii...

  • Page 11: Configuring Basic Mpls

    Configuring basic MPLS Multiprotocol Label Switching (MPLS) provides connection-oriented label switching over connectionless IP backbone networks. It integrates both the flexibility of IP routing and the simplicity of Layer 2 switching. Overview MPLS has the following features: • High speed and efficiency—MPLS uses short- and fixed-length labels to forward packets, avoiding complicated routing table lookups.

  • Page 12: Mpls Network Architecture

    A label switched path (LSP) is the path along which packets of an FEC travel through an MPLS network. An LSP is a unidirectional packet forwarding path. Two neighboring LSRs are called the upstream LSR and downstream LSR along the direction of an LSP. As shown in Figure 2, LSR B is the downstream LSR of LSR A, and LSR A is the upstream LSR of LSR B.

  • Page 13: Lsp Establishment

    • Egress LSR—Egress LSR of packets. It removes labels from packets and forwards the packets to their destination networks. LSP establishment LSPs include static and dynamic LSPs. • Static LSP—To establish a static LSP, you must configure an LFIB entry on each LSR along the LSP.

  • Page 14: Mpls Forwarding

    MPLS forwarding Figure 5 MPLS forwarding FIB table LFIB table Dest Out label Nexthop Out int In label Oper Out label Nexthop Out int GE2/0/2 GE2/0/2 10.1.0.0 Router C Router E LFIB table In label Oper Out label Nexthop Out int Swap GE2/0/2 Router D...

  • Page 15: Protocols And Standards

    • One LFIB lookup and one FIB lookup (if the packet has only one label). The penultimate hop popping (PHP) feature can pop the label at the penultimate node, so the egress node only performs one table lookup. A PHP-capable egress node sends the penultimate node an implicit null label of 3. This label never appears in the label stack of packets.

  • Page 16: Enabling Mpls

    Enabling MPLS Before you enable MPLS, perform the following tasks: • Configure link layer protocols to ensure connectivity at the link layer. • Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes. • Configure static routes or an IGP protocol to ensure IP connectivity among LSRs. To enable MPLS: Step Command...

  • Page 17: Specifying The Label Type Advertised By The Egress

    • MPLS packets carrying L2VPN or IPv6 packets are always forwarded by an interface, even if the length of the MPLS packets exceeds the MPLS MTU of the interface. Whether the forwarding can succeed depends on the actual forwarding capacity of the interface. •...

  • Page 18: Configuring Ttl Propagation

    Configuring TTL propagation When TTL propagation is enabled, the ingress node copies the TTL value of an IP packet to the TTL field of the label. Each LSR on the LSP decreases the label TTL value by 1. The LSR that pops the label copies the remaining label TTL value back to the IP TTL of the packet.

  • Page 19: Enabling Sending Of Mpls Ttl-Expired Messages

    Step Command Remarks By default, TTL propagation is enabled only for public-network packets. Enable TTL mpls ttl propagate { public | This command affects only the propagation propagation. vpn } between IP TTL and label TTL. Within an MPLS network, TTL is always copied between the labels of an MPLS packet.

  • Page 20: Enabling Mpls Label Forwarding Statistics For Lsps

    Enabling MPLS label forwarding statistics for LSPs MPLS label forwarding for LSPs forwards a labeled packet based on its incoming label. Perform this task to enable MPLS label forwarding statistics for LSPs and MPLS statistics reading. Then, you can use the display mpls lsp verbose command to view MPLS label statistics. To enable MPLS label forwarding statistics: Step Command...

  • Page 21: Enabling Snmp Notifications For Mpls

    Step Command Remarks Enable split horizon for By default, split horizon is mpls forwarding split-horizon MPLS forwarding. disabled for MPLS forwarding. Enabling SNMP notifications for MPLS This feature enables MPLS to generate SNMP notifications. The generated SNMP notifications are sent to the SNMP module. For more information about SNMP notifications, see Network Management and Monitoring Configuration Guide.
  • Page 22 Task Command devices in standalone mode). Display NHLFE entries (distributed devices in standalone mode/centralized display mpls forwarding nhlfe [ nid ] [ slot slot-number ] devices in IRF mode). Display NHLFE entries (distributed display mpls forwarding nhlfe [ nid ] [ chassis chassis-number devices in IRF mode).

  • Page 23: Configuring A Static Lsp

    Configuring a static LSP Overview A static label switched path (LSP) is established by manually specifying the incoming label and outgoing label on each node (ingress, transit, or egress node) of the forwarding path. Static LSPs consume fewer resources, but they cannot automatically adapt to network topology changes.

  • Page 24: Displaying Static Lsps

    Step Command Remarks outgoing-interface interface-type node has an active route to the interface-number } out-label out-label specified next hop address. You do not need to configure this Configure the egress static-lsp egress lsp-name in-label command if the outgoing label node of the static LSP. in-label configured on the penultimate hop of the static LSP is 0 or 3.
  • Page 25 <RouterA> system-view [RouterA] ip route-static 21.1.1.0 24 10.1.1.2 # On Router C, configure a static route to network 11.1.1.0/24. <RouterC> system-view [RouterC] ip route-static 11.1.1.0 255.255.255.0 20.1.1.1 Configure basic MPLS on the routers: # Configure Router A. [RouterA] mpls lsr-id 1.1.1.9 [RouterA] interface serial 2/1/0 [RouterA-Serial2/1/0] mpls enable [RouterA-Serial2/1/0] quit...
  • Page 26 # Test the connectivity of the LSP from Router A to Router C. [RouterA] ping mpls -a 11.1.1.1 ipv4 21.1.1.0 24 MPLS Ping FEC: 21.1.1.0/24 : 100 data bytes 100 bytes from 20.1.1.2: Sequence=1 time=4 ms 100 bytes from 20.1.1.2: Sequence=2 time=1 ms 100 bytes from 20.1.1.2: Sequence=3 time=1 ms 100 bytes from 20.1.1.2: Sequence=4 time=1 ms 100 bytes from 20.1.1.2: Sequence=5 time=1 ms...

  • Page 27: Configuring Ldp

    Configuring LDP Overview The Label Distribution Protocol (LDP) dynamically distributes FEC-label mapping information between LSRs to establish LSPs. Terminology LDP session Two LSRs establish a TCP-based LDP session to exchange FEC-label mappings. LDP peer Two LSRs that use LDP to exchange FEC-label mappings are LSR peers. Label spaces and LDP identifiers Label spaces include the following types: •...

  • Page 28: Ldp Operation

    • Advertisement messages—Create, alter, and remove FEC-label mappings, such as Label Mapping messages used to advertise FEC-label mappings. • Notification messages—Provide advisory information and notify errors, such as Notification messages. LDP uses UDP to transport discovery messages for efficiency, and uses TCP to transport session, advertisement, and notification messages for reliability.

  • Page 29: Label Distribution And Control

    Establishing LSPs LDP classifies FECs according to destination IP addresses in IP routing entries, creates FEC-label mappings, and advertises the mappings to LDP peers through LDP sessions. After an LDP peer receives an FEC-label mapping, it uses the received label and the label locally assigned to that FEC to create an LFIB entry for that FEC.
  • Page 30 • Downstream on Demand (DoD) mode—Sends a label request for an FEC to the downstream LSR. After receiving the label request, the downstream LSR distributes the FEC-label mapping for that FEC to the upstream LSR. NOTE: A pair of upstream and downstream LSRs must use the same label advertisement mode. Otherwise, the LSP cannot be established.

  • Page 31: Ldp Gr

    • Conservative label retention—Retains a received label mapping for an FEC only when the advertising LSR is the next hop of the FEC. This mechanism saves label resources, but it cannot quickly adapt to topology changes. LDP GR LDP Graceful Restart (GR) preserves label forwarding information when the signaling protocol or control plane fails, so that LSRs can still forward packets according to forwarding entries.

  • Page 32: Ldp Nsr

    a. Marks the FEC-label mappings learned from the session as stale. b. Starts the Reconnect timer received from the GR restarter. After LDP completes restart, the GR restarter re-establishes an LDP session to the GR helper. If the LDP session is not set up before the Reconnect timer expires, the GR helper deletes the stale FEC-label mappings and the corresponding MPLS forwarding entries.

  • Page 33: Ldp-Igp Synchronization

    LDP-IGP synchronization Basic operating mechanism LDP establishes LSPs based on the IGP optimal route. If LDP is not synchronized with IGP, MPLS traffic forwarding might be interrupted. LDP is not synchronized with IGP when one of the following situations occurs: •...

  • Page 34: Ldp Over Mpls Te

    You can use one of the following methods to enable IP FRR: • Configure an IGP to automatically calculate a backup next hop. • Configure an IGP to specify a backup next hop by using a routing policy. Figure 14 Network diagram for LDP FRR As shown in Figure 14, configure IP FRR on LSR A.

  • Page 35: Protocols

    carried on the MPLS TE LSP, creating a hierarchical LSP. For more information about MPLS TE tunnels, see "Configuring MPLS TE." Protocols • RFC 5036, LDP Specification • draft-ietf-mpls-ldp-ipv6-09.txt Compatibility information Commands and descriptions for centralized devices apply to the following routers: •...

  • Page 36: Enabling Ldp

    Enabling LDP To enable LDP, you must first enable LDP globally. Then, enable LDP on relevant interfaces or configure IGP to automatically enable LDP on those interfaces. Enabling LDP globally Step Command Remarks Enter system view. system-view • Enable LDP for the local node and enter LDP view: mpls ldp •...

  • Page 37: Configuring Ldp Session Parameters

    Step Command Remarks Enter the view of the interface interface-type interface where you want to interface-number establish an LDP session. mpls ldp timer hello-hold By default, the Link Hello hold Set the Link Hello hold time. timeout time is 15 seconds. mpls ldp timer hello-interval By default, the Link Hello interval Set the Link Hello interval.
  • Page 38 Step Command Remarks By default, the LDP transport address is the LSR ID of the local device if the interface where you want to establish an LDP session belongs to the public network. If the interface belongs to a VPN, the LDP transport address is the mpls ldp transport-address primary IP address of the...

  • Page 39: Configuring Ldp Backoff

    Step Command Remarks address. ipv6-address transport address is not configured. Configuring LDP backoff If LDP session parameters (for example, the label advertisement mode) are incompatible, two LDP peers cannot establish a session, and they will keep negotiating with each other. The LDP backoff mechanism can mitigate this problem by using an initial delay timer and a maximum delay timer.

  • Page 40: Configuring Ldp To Redistribute Bgp Unicast Routes

    Configuring LDP to redistribute BGP unicast routes By default, LDP automatically redistributes IGP routes, including the BGP routes that have been redistributed into IGP. Then, LDP assigns labels to the IGP routes and labeled BGP routes, if these routes are permitted by an LSP generation policy. LDP does not automatically redistribute BGP unicast routes if the routes are not redistributed into the IGP.

  • Page 41: Configuring The Ldp Label Distribution Control Mode

    Step Command Remarks mpls ldp LDP-VPN instance view. • Enter LDP-VPN instance view: a. mpls ldp b. vpn-instance vpn-instance-name By default, LDP uses only the Configure an IPv4 LSP lsp-trigger { all | prefix-list redistributed IPv4 routes with a generation policy. prefix-list-name } 32-bit mask to establish LSPs.

  • Page 42: Configuring A Label Acceptance Policy

    Figure 16 Label advertisement control diagram A label advertisement policy on an LSR and a label acceptance policy on its upstream LSR can achieve the same purpose. As a best practice, use label advertisement policies to reduce network load if downstream LSRs support label advertisement control. Before you configure an LDP label advertisement policy, create an IP prefix list.

  • Page 43: Configuring Ldp Loop Detection

    Figure 17 Label acceptance control diagram A label advertisement policy on an LSR and a label acceptance policy on its upstream LSR can achieve the same purpose. As a best practice, use the label advertisement policy to reduce network load. You must create an IP prefix list before you configure a label acceptance policy.

  • Page 44: Configuring Ldp Session Protection

    Step Command Remarks Enter system view. system-view • Enter LDP view: mpls ldp • Enter LDP-VPN instance view: Enter LDP view or enter LDP-VPN instance view. a. mpls ldp b. vpn-instance vpn-instance-name By default, loop detection is disabled. After loop detection is Enable loop detection.

  • Page 45: Configuring Ldp Gr

    Configuring LDP GR Before you configure LDP GR, enable LDP on the GR restarter and GR helpers. To configure LDP GR: Step Command Remarks Enter system view. system-view Enter LDP view. mpls ldp Enable LDP GR. graceful-restart By default, LDP GR is disabled. Set the Reconnect timer graceful-restart timer reconnect By default, the Reconnect time is...

  • Page 46: Configuring Ldp-Ospf Synchronization

    LDP-IGP synchronization protection is only applicable to an IPv4 network. Configuring LDP-OSPF synchronization LDP-IGP synchronization is not supported for an OSPF process and its OSPF areas if the OSPF process belongs to a VPN instance. To configure LDP-OSPF synchronization for an OSPF process: Step Command Remarks...

  • Page 47: Configuring Ldp-Isis Synchronization

    Step Command Remarks 10. (Optional.) Set the delay for By default, LDP immediately LDP to notify IGP of the LDP igp sync delay time notifies IGP of the LDP convergence. convergence completion. 11. (Optional.) Set the maximum delay for LDP to notify IGP of By default, the maximum the LDP-IGP synchronization igp sync delay on-restart time...

  • Page 48: Resetting Ldp Sessions

    To set a DSCP value for outgoing LDP packets: Step Command Remarks Enter system view. system-view Enter LDP view. mpls ldp Set a DSCP value for outgoing By default, the DSCP value for dscp dscp-value LDP packets. outgoing LDP packets is 48. Resetting LDP sessions Changes to LDP session parameters take effect only on new LDP sessions.

  • Page 49: Ipv4 Ldp Configuration Examples

    Task Command display mpls ldp discovery [ vpn-instance vpn-instance-name ] Display LDP discovery information [ [ interface interface-type interface-number | peer peer-lsr-id ] [ ipv6 ] | [ targeted-peer { ip-address | ipv6-address } ] ] [ verbose ] (distributed devices in IRF mode). [ standby chassis chassis-number slot slot-number ] Display LDP FEC-label mapping display mpls ldp fec [ vpn-instance vpn-instance-name ]...
  • Page 50 Configure LDP to establish LSPs between Router A and Router C, so subnets 11.1.1.0/24 and 21.1.1.0/24 can reach each other over MPLS. Configure LDP to establish LSPs only for destinations 1.1.1.9/32, 2.2.2.9/32, 3.3.3.9/32, 11.1.1.0/24, and 21.1.1.0/24 on Router A, Router B, and Router C. Figure 18 Network diagram Requirements analysis •...
  • Page 51 [RouterC-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [RouterC-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] network 21.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit # Verify that the routers have learned the routes to each other. This example uses Router A. [RouterA] display ip routing-table Destinations : 21 Routes : 21 Destination/Mask Proto...
  • Page 52 [RouterB-Serial2/1/0] quit [RouterB] interface serial 2/1/1 [RouterB-Serial2/1/1] mpls enable [RouterB-Serial2/1/1] mpls ldp enable [RouterB-Serial2/1/1] quit # Configure Router C. [RouterC] mpls lsr-id 3.3.3.9 [RouterC] mpls ldp [RouterC-ldp] quit [RouterC] interface serial 2/1/0 [RouterC-Serial2/1/0] mpls enable [RouterC-Serial2/1/0] mpls ldp enable [RouterC-Serial2/1/0] quit Configure IPv4 LSP generation policies: # On Router A, create IP prefix list routera, and configure LDP to use only the routes permitted by the prefix list to establish LSPs.

  • Page 53: Label Acceptance Control Configuration Example

    FECs: 5 Ingress: 3 Transit: 3 Egress: 2 In/Out Label Nexthop OutInterface 1.1.1.9/32 -/1279(L) 2.2.2.9/32 10.1.1.2 Ser2/1/0 1279/3 10.1.1.2 Ser2/1/0 3.3.3.9/32 -/1278 10.1.1.2 Ser2/1/0 1278/1278 10.1.1.2 Ser2/1/0 11.1.1.0/24 1277/- -/1277(L) 21.1.1.0/24 -/1276 10.1.1.2 Ser2/1/0 1276/1276 10.1.1.2 Ser2/1/0 # Test the connectivity of the LDP LSP from Router A to Router C. [RouterA] ping mpls -a 11.1.1.1 ipv4 21.1.1.0 24 MPLS Ping FEC: 21.1.1.0/24 : 100 data bytes 100 bytes from 20.1.1.2: Sequence=1 time=1 ms...
  • Page 54 Figure 19 Network diagram Loop0 2.2.2.9/32 Ser2/1/0 Ser2/1/1 10.1.1.2/24 20.1.1.1/24 Loop0 Loop0 1.1.1.9/32 Router B 3.3.3.9/32 Ser2/1/0 Ser2/1/0 20.1.1.2/24 10.1.1.1/24 Ser2/1/1 GE2/0/1 Ser2/1/1 GE2/0/1 40.1.1.2/24 11.1.1.1/24 30.1.1.1/24 Loop0 21.1.1.1/24 4.4.4.9/32 Router A Router C Ser2/1/0 Ser2/1/1 30.1.1.2/24 40.1.1.1/24 Router D 11.1.1.0/24 21.1.1.0/24 Requirements analysis...
  • Page 55 # Configure Router B. <RouterB> system-view [RouterB] mpls lsr-id 2.2.2.9 [RouterB] mpls ldp [RouterB-ldp] quit [RouterB] interface serial 2/1/0 [RouterB-Serial2/1/0] mpls enable [RouterB-Serial2/1/0] mpls ldp enable [RouterB-Serial2/1/0] quit [RouterB] interface serial 2/1/1 [RouterB-Serial2/1/1] mpls enable [RouterB-Serial2/1/1] mpls ldp enable [RouterB-Serial2/1/1] quit # Configure Router C.
  • Page 56 # On Router B, create IP prefix list routerb, and configure LDP to use only the routes permitted by the prefix list to establish LSPs. [RouterB] ip prefix-list routerb index 10 permit 11.1.1.0 24 [RouterB] ip prefix-list routerb index 20 permit 21.1.1.0 24 [RouterB] mpls ldp [RouterB-ldp] lsp-trigger prefix-list routerb [RouterB-ldp] quit...

  • Page 57: Label Advertisement Control Configuration Example

    Status Flags: * - stale, L - liberal, B - backup FECs: 2 Ingress: 1 Transit 1 Egress: 1 In/Out Label Nexthop OutInterface 11.1.1.0/24 1277/- -/1148(L) 21.1.1.0/24 -/1276 10.1.1.2 Ser2/1/0 1276/1276 10.1.1.2 Ser2/1/0 The output shows that the next hop of the LSP for FEC 21.1.1.0/24 is Router B (10.1.1.2). The LSP has been established over the link Router A—Router B—Router C, not over the link Router A—Router D—Router C.
  • Page 58 Figure 20 Network diagram Loop0 2.2.2.9/32 Ser2/1/0 Ser2/1/1 10.1.1.2/24 20.1.1.1/24 Loop0 Loop0 1.1.1.9/32 Router B 3.3.3.9/32 Ser2/1/0 Ser2/1/0 20.1.1.2/24 10.1.1.1/24 Ser2/1/1 GE2/0/1 Ser2/1/1 GE2/0/1 40.1.1.2/24 11.1.1.1/24 30.1.1.1/24 Loop0 21.1.1.1/24 4.4.4.9/32 Router A Router C Ser2/1/0 Ser2/1/1 30.1.1.2/24 40.1.1.1/24 Router D 11.1.1.0/24 21.1.1.0/24 Requirements analysis...
  • Page 59 # Configure Router B. <RouterB> system-view [RouterB] mpls lsr-id 2.2.2.9 [RouterB] mpls ldp [RouterB-ldp] quit [RouterB] interface serial 2/1/0 [RouterB-Serial2/1/0] mpls enable [RouterB-Serial2/1/0] mpls ldp enable [RouterB-Serial2/1/0] quit [RouterB] interface serial 2/1/1 [RouterB-Serial2/1/1] mpls enable [RouterB-Serial2/1/1] mpls ldp enable [RouterB-Serial2/1/1] quit # Configure Router C.
  • Page 60 # On Router B, create IP prefix list routerb, and configure LDP to use only the routes permitted by the prefix list to establish LSPs. [RouterB] ip prefix-list routerb index 10 permit 11.1.1.0 24 [RouterB] ip prefix-list routerb index 20 permit 21.1.1.0 24 [RouterB] mpls ldp [RouterB-ldp] lsp-trigger prefix-list routerb [RouterB-ldp] quit...
  • Page 61 # On Router D, create an IP prefix list peer-a that permits 1.1.1.9/32. Router D uses this list to filter peers. [RouterD] ip prefix-list peer-a index 10 permit 1.1.1.9 32 # On Router D, create an IP prefix list prefix-to-c that denies subnet 11.1.1.0/24. Router D uses this list to filter FEC-label mappings to be advertised to Router C.

  • Page 62: Ldp Frr Configuration Example

    [RouterD] display mpls ldp lsp Status Flags: * - stale, L - liberal, B - backup FECs: 2 Ingress: 0 Transit: 0 Egress: 2 In/Out Label Nexthop OutInterface 11.1.1.0/24 1151/- -/1277(L) 21.1.1.0/24 1150/- The output shows that Router A and Router C have received FEC-label mappings only from Router B. Router B has received FEC-label mappings from both Router A and Router C.
  • Page 63 Figure 21 Network diagram Loop0 2.2.2.2/32 Router A Backup LSP Primary LSP Loop0 Loop0 1.1.1.1/32 3.3.3.3/32 GE2/0/2 GE2/0/2 13.13.13.1/24 13.13.13.2/24 Router D Router S 11.1.1.0/24 21.1.1.0/24 Requirements analysis • To ensure that the LSRs establish IPv4 LSPs automatically, enable IPv4 LDP on each LSR. •...
  • Page 64 [RouterS-route-policy] apply fast-reroute backup-interface gigabitethernet 2/0/1 backup-nexthop 12.12.12.2 [RouterS-route-policy] quit [RouterS] ospf 1 [RouterS-ospf-1] fast-reroute route-policy frr [RouterS-ospf-1] quit # Configure Router D. <RouterD> system-view [RouterD] bfd echo-source-ip 10.10.10.10 [RouterD] ip prefix-list abc index 10 permit 11.1.1.0 24 [RouterD] route-policy frr permit node 10 [RouterD-route-policy] if-match ip address prefix-list abc [RouterD-route-policy] apply fast-reroute backup-interface gigabitethernet 2/0/1 backup-nexthop 24.24.24.2...

  • Page 65: Ipv6 Ldp Configuration Examples

    [RouterA-GigabitEthernet2/0/1] mpls enable [RouterA-GigabitEthernet2/0/1] mpls ldp enable [RouterA-GigabitEthernet2/0/1] quit [RouterA] interface gigabitethernet 2/0/2 [RouterA-GigabitEthernet2/0/2] mpls enable [RouterA-GigabitEthernet2/0/2] mpls ldp enable [RouterA-GigabitEthernet2/0/2] quit Configure IPv4 LSP generation policies so LDP uses all static routes and IGP routes to establish LSPs: # Configure Router S. [RouterS] mpls ldp [RouterS-ldp] lsp-trigger all [RouterS-ldp] quit...
  • Page 66 Figure 22 Network diagram Loop0 Loop0 Loop0 1.1.1.9/32 2.2.2.9/32 3.3.3.9/32 100::1/128 100::2/128 100::3/128 Ser2/1/0 Ser2/1/0 10::1/64 20::2/64 GE2/0/1 GE2/0/1 Ser2/1/0 Ser2/1/1 11::1/64 21::1/64 10::2/64 20::1/64 Router A Router B Router C 11::0/64 21::0/64 Requirements analysis • To ensure that the LSRs establish IPv6 LSPs automatically, enable IPv6 LDP on each LSR. •...
  • Page 67 [RouterB] interface serial 2/1/0 [RouterB-Serial2/1/0] ospfv3 1 area 0.0.0.0 [RouterB-Serial2/1/0] quit [RouterB] interface serial 2/1/1 [RouterB-Serial2/1/1] ospfv3 1 area 0.0.0.0 [RouterB-Serial2/1/1] quit # Configure Router C. <RouterC> system-view [RouterC] ospfv3 [RouterC-ospfv3-1] router-id 3.3.3.9 [RouterC-ospfv3-1] area 0 [RouterC-ospfv3-1-area-0.0.0.0] quit [RouterC-ospfv3-1] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] ospfv3 1 area 0.0.0.0 [RouterC-LoopBack0] quit...
  • Page 68 NextHop : FE80::20C:29FF:FE9D:EAC0 Preference: 10 Interface : Ser2/1/0 Cost Destination: 21::/64 Protocol : O_INTRA NextHop : FE80::20C:29FF:FE9D:EAC0 Preference: 10 Interface : Ser2/1/0 Cost Destination: 100::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 100::2/128 Protocol : O_INTRA NextHop : FE80::20C:29FF:FE9D:EAC0...
  • Page 69 [RouterB-Serial2/1/1] mpls ldp transport-address 20::1 [RouterB-Serial2/1/1] quit # Configure Router C. [RouterC] mpls lsr-id 3.3.3.9 [RouterC] mpls ldp [RouterC-ldp] quit [RouterC] interface serial 2/1/0 [RouterC-Serial2/1/0] mpls enable [RouterC-Serial2/1/0] mpls ldp ipv6 enable [RouterC-Serial2/1/0] mpls ldp transport-address 20::2 [RouterC-Serial2/1/0] quit Configure IPv6 LSP generation policies: # On Router A, create IPv6 prefix list routera, and configure LDP to use only the routes permitted by the prefix list to establish IPv6 LSPs.
  • Page 70 FEC: 11::/64 In/Out Label: 2426/- OutInterface : - Nexthop In/Out Label: -/2424(L) OutInterface : - Nexthop FEC: 21::/64 In/Out Label: -/2425 OutInterface : Ser2/1/0 Nexthop : FE80::20C:29FF:FE9D:EAC0 In/Out Label: 2423/2425 OutInterface : Ser2/1/0 Nexthop : FE80::20C:29FF:FE9D:EAC0 FEC: 100::1/128 In/Out Label: 1040377/- OutInterface : - Nexthop In/Out Label: -/2426(L)

  • Page 71: Ipv6 Label Acceptance Control Configuration Example

    56 bytes from 11::1, icmp_seq=4 hlim=63 time=1.000 ms --- Ping6 statistics for 11::1 --- 5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.000/1.200/2.000/0.400 ms IPv6 label acceptance control configuration example Network requirements Two links, Router A—Router B—Router C and Router A—Router D—Router C, exist between subnets 11::0/64 and 21::0/64.
  • Page 72 Configure OSPFv3 on each router to ensure IP connectivity between them. (Details not shown.) Enable MPLS and IPv6 LDP: # Configure Router A. <RouterA> system-view [RouterA] mpls lsr-id 1.1.1.9 [RouterA] mpls ldp [RouterA-ldp] quit [RouterA] interface serial 2/1/0 [RouterA-Serial2/1/0] mpls enable [RouterA-Serial2/1/0] mpls ldp ipv6 enable [RouterA-Serial2/1/0] mpls ldp transport-address 10::1 [RouterA-Serial2/1/0] quit...
  • Page 73 <RouterD> system-view [RouterD] mpls lsr-id 4.4.4.9 [RouterD] mpls ldp [RouterD-ldp] quit [RouterD] interface serial 2/1/0 [RouterD-Serial2/1/0] mpls enable [RouterD-Serial2/1/0] mpls ldp ipv6 enable [RouterD-Serial2/1/0] mpls ldp transport-address 30::2 [RouterD-Serial2/1/0] quit [RouterD] interface serial 2/1/1 [RouterD-Serial2/1/1] mpls enable [RouterD-Serial2/1/1] mpls ldp ipv6 enable [RouterD-Serial2/1/1] mpls ldp transport-address 40::1 [RouterD-Serial2/1/1] quit Configure IPv6 LSP generation policies:...
  • Page 74 [RouterA] ipv6 prefix-list prefix-from-d index 10 deny 21::0 64 # On Router A, configure IPv6 label acceptance policies to filter FEC-label mappings received from Router B and Router D. [RouterA] mpls ldp [RouterA-ldp] ipv6 accept-label peer 2.2.2.9 prefix-list prefix-from-b [RouterA-ldp] ipv6 accept-label peer 4.4.4.9 prefix-list prefix-from-d [RouterA-ldp] quit # On Router C, create an IPv6 prefix list prefix-from-b that permits subnet 11::0/64.

  • Page 75: Ipv6 Label Advertisement Control Configuration Example

    round-trip min/avg/max/std-dev = 1.000/2.600/4.000/1.020 ms # Test the connectivity of the IPv6 LDP LSP from Router C to Router A. [RouterC] ping ipv6 -a 21::1 11::1 Ping6(56 data bytes) 21::1 --> 11::1, press CTRL_C to break 56 bytes from 11::1, icmp_seq=0 hlim=63 time=1.000 ms 56 bytes from 11::1, icmp_seq=1 hlim=63 time=2.000 ms 56 bytes from 11::1, icmp_seq=2 hlim=63 time=1.000 ms 56 bytes from 11::1, icmp_seq=3 hlim=63 time=2.000 ms...
  • Page 76 • To ensure that LDP establishes IPv6 LSPs only over the link Router A—Router B—Router C, configure IPv6 label advertisement policies as follows: Router A advertises only the label mapping for FEC 11::0/64 to Router B. Router C advertises only the label mapping for FEC 21::0/64 to Router B. Router D does not advertise label mapping for FEC 21::0/64 to Router A.
  • Page 77 [RouterC-Serial2/1/0] mpls ldp ipv6 enable [RouterC-Serial2/1/0] mpls ldp transport-address 20::2 [RouterC-Serial2/1/0] quit [RouterC] interface serial 2/1/1 [RouterC-Serial2/1/1] mpls enable [RouterC-Serial2/1/1] mpls ldp ipv6 enable [RouterC-Serial2/1/1] mpls ldp transport-address 40::2 [RouterC-Serial2/1/1] quit # Configure Router D. <RouterD> system-view [RouterD] mpls lsr-id 4.4.4.9 [RouterD] mpls ldp [RouterD-ldp] quit [RouterD] interface serial 2/1/0...
  • Page 78 [RouterD] mpls ldp [RouterD-ldp] ipv6 lsp-trigger prefix-list routerd [RouterD-ldp] quit Configure IPv6 label advertisement policies: # On Router A, create an IPv6 prefix list prefix-to-b that permits subnet 11::0/64. Router A uses this list to filter FEC-label mappings advertised to Router B. [RouterA] ipv6 prefix-list prefix-to-b index 10 permit 11::0 64 # On Router A, create an IP prefix list peer-b that permits 2.2.2.9/32.
  • Page 79 [RouterA] display mpls ldp lsp ipv6 Status Flags: * - stale, L - liberal, B - backup FECs: 2 Ingress: 1 Transit: 1 Egress: 1 FEC: 11::/64 In/Out Label: 2417/- OutInterface : - Nexthop In/Out Label: -/1098(L) OutInterface : - Nexthop In/Out Label: -/2418(L) OutInterface : -...
  • Page 80 Nexthop [RouterD] display mpls ldp lsp ipv6 Status Flags: * - stale, L - liberal, B - backup FECs: 2 Ingress: 0 Transit: 0 Egress: 2 FEC: 11::/64 In/Out Label: 1098/- OutInterface : - Nexthop FEC: 21::/64 In/Out Label: 1097/- OutInterface : - Nexthop The output shows that Router A and Router C have received FEC-label mappings only from Router B.

  • Page 81: Configuring Mpls Te

    Configuring MPLS TE Overview TE and MPLS TE Network congestion can degrade the network backbone performance. It might occur when network resources are inadequate or when load distribution is unbalanced. Traffic engineering (TE) is intended to avoid the latter situation where partial congestion might occur because of improper resource allocation.
  • Page 82 A label distribution protocol (such as RSVP-TE) advertises labels to establish CRLSPs and reserves bandwidth resources on each node along the calculated path. Dynamic CRLSPs adapt to network changes and support CRLSP backup and fast reroute, but they require complicated configurations. Advertising TE attributes MPLS TE uses extended link state IGPs, such as OSPF and IS-IS, to advertise TE attributes for links.

  • Page 83: Crlsp Establishment Using Pce Path Calculation

    Explicit path specifies the nodes to pass and the nodes to not pass for a tunnel. Explicit paths include the following types: Strict explicit path—Among the nodes that the path must traverse, a node and its previous hop must be directly connected. Strict explicit path precisely specifies the path that an MPLS TE tunnel must traverse.

  • Page 84: Traffic Forwarding

    PCE 1 uses the local and received path information to select an end-to-end path for the PCC to reach the CRLSP destination, and sends the path to PCC as a reply. PCC uses the path calculated by PCEs to establish the CRLSP through RSVP-TE. Figure 25 BRPC path calculation Traffic forwarding After an MPLS TE tunnel is established, traffic is not forwarded on the tunnel automatically.

  • Page 85: Make-Before-Break

    Figure 26 IGP shortcut and forwarding adjacency diagram As shown in Figure 26, an MPLS TE tunnel exists from Router D to Router C. IGP shortcut enables only the ingress node Router D to use the MPLS TE tunnel in the IGP route calculation. Router A cannot use this tunnel to reach Router C.

  • Page 86: Route Pinning

    Figure 27 Diagram for make-before-break As shown in Figure 27, a CRLSP with 30 M reserved bandwidth has been set up from Router A to Router D through the path Router A—Router B—Router C—Router D. To increase the reserved bandwidth to 40 M, a new CRLSP must be set up through the path Router A——Router E—Router C—Router D.

  • Page 87: Crlsp Backup

    CRLSP is set up successfully, MPLS TE switches traffic to the new CRLSP and clears the old CRLSP. You can use a command to limit the maximum and minimum bandwidth. If the tunnel bandwidth calculated by auto bandwidth adjustment is greater than the maximum bandwidth, MPLS TE uses the maximum bandwidth to set up the new CRLSP.

  • Page 88: Diffserv-Aware Te

    Figure 28 FRR link protection • Node protection—The PLR and the MP are connected through a device and the primary CRLSP traverses this device. When the device fails, traffic is switched to the bypass tunnel. As shown in Figure 29, the primary CRLSP is Router A—Router B—Router C—Router D—Router E, and the bypass tunnel is Router B—Router F—Router D.
  • Page 89 • TE class—Defines a CT and a priority. The setup priority or holding priority of an MPLS TE tunnel for a CT must be the same as the priority of the TE class. The prestandard and IETF modes of DS-TE have the following differences: •...

  • Page 90: Bidirectional Mpls Te Tunnel

    − The total bandwidth occupied by CT 0, CT 1, and CT 2 cannot exceed the maximum reservable bandwidth. Figure 31 MAM bandwidth constraints model CT 0 BC 0 CT 1 BC 1 CT 2 BC 2 CT 0 CT 1 CT 2 Max reservable BW Checks whether the CT and the LSP setup/holding priority match an existing TE class.

  • Page 91: Mpls Te Configuration Task List

    • RFC 4125, Maximum Allocation Bandwidth Constraints Model for Diffserv-aware MPLS Traffic Engineering • RFC 4127, Russian Dolls Bandwidth Constraints Model for Diffserv-aware MPLS Traffic Engineering • ITU-T Recommendation Y.1720, Protection switching for MPLS networks • RFC 4655, A Path Computation Element (PCE)-Based Architecture •...

  • Page 92: Enabling Mpls Te

    For information about enabling RSVP, see "Configuring RSVP." Specify an LSR as a PCE and configure an IP address for the PCE. Create a tunnel interface on the ingress node of the MPLS TE tunnel. On the tunnel interface, specify the tunnel destination address (the egress node IP address), and configure MPLS TE tunnel constraints (such as the tunnel bandwidth constraints and affinity).

  • Page 93: Configuring A Tunnel Interface

    • Enable MPLS. For information about enabling MPLS, see "Configuring basic MPLS." To enable MPLS TE: Step Command Remarks Enter system view. system-view By default, MPLS TE is Enter MPLS TE view. mpls te disabled. Return to system view. quit interface interface-type Enter interface view.

  • Page 94: Configuring An Mpls Te Tunnel To Use A Static Crlsp

    Step Command Remarks class-type-number priority In prestandard mode, you cannot pri-number configure TE classes. Table 1 Default TE classes in IETF mode TE Class Priority Configuring an MPLS TE tunnel to use a static CRLSP To configure an MPLS TE tunnel to use a static CRLSP, perform the following tasks: •...

  • Page 95: Configuring An Mpls Te Tunnel To Use A Dynamic Crlsp

    Configuring an MPLS TE tunnel to use a dynamic CRLSP To configure an MPLS TE tunnel to use a CRLSP dynamically established by RSVP-TE, perform the following tasks: • Configure MPLS TE attributes for the links. • Configure IGP TE extension to advertise link TE attributes, so as to generate a TEDB on each node.

  • Page 96: Advertising Link Te Attributes By Using Igp Te Extension

    Step Command Remarks • Configure the maximum reservable bandwidth of the link (BC 0) and BC 1 in RDM model of the prestandard DS-TE: mpls te max-reservable-bandwidth bandwidth-value [ bc1 Use one command according bc1-bandwidth ] to the DS-TE mode and BC •...

  • Page 97: Configuring Mpls Te Tunnel Constraints

    Configuring IS-IS TE IS-IS TE uses a sub-TLV of the extended IS reachability TLV (type 22) to carry TE attributes. Because the extended IS reachability TLV carries wide metrics, specify a wide metric-compatible metric style for the IS-IS process before enabling IS-IS TE. Available metric styles for IS-IS TE include wide, compatible, or wide-compatible.
  • Page 98 To configure the affinity attribute for an MPLS TE tunnel: Step Command Remarks Enter system view. system-view Enter MPLS TE tunnel interface tunnel tunnel-number interface view. [ mode mpls-te ] By default, the affinity is mpls te affinity-attribute Set an affinity for the MPLS 0x00000000, and the mask is attribute-value [ mask TE tunnel.

  • Page 99: Establishing An Mpls Te Tunnel By Using Rsvp-Te

    Step Command Remarks [ mode mpls-te ] Configure the MPLS TE tunnel interface to use the mpls te path preference value By default, MPLS TE uses the explicit path, and specify a explicit-path path-name calculated path to establish a preference value for the [ no-cspf ] CRLSP.
  • Page 100 Step Command Remarks By default, a tunnel uses the TE Specify the metric type to metric for path selection. use when no metric type is path-metric-type { igp | te } Execute this command on the explicitly configured for a ingress node of an MPLS TE tunnel.

  • Page 101: Controlling Mpls Te Tunnel Setup

    Step Command Remarks mpls te reoptimization By default, tunnel reoptimization Enable tunnel reoptimization. [ frequency seconds ] is disabled. Return to user view. return (Optional.) Immediately reoptimize all MPLS TE tunnels that are enabled with mpls te reoptimization the tunnel reoptimization function.
  • Page 102 Step Command Remarks Enter system view. system-view Enter MPLS TE tunnel interface tunnel tunnel-number [ mode interface view. mpls-te ] • To record routes: By default, both route mpls te record-route Record routes or record recording and label • both routes and labels. To record both routes and labels: recording are disabled.

  • Page 103: Configuring An Mpls Te Tunnel To Use A Crlsp Calculated By Pces

    Step Command Remarks MPLS TE tunnels are recorded every sampling interval to calculate the actual average bandwidth of each MPLS TE tunnel in one sampling interval. Enter MPLS TE tunnel interface tunnel tunnel-number interface view. [ mode mpls-te ] • To enable automatic bandwidth adjustment: mpls te auto-bandwidth...

  • Page 104: Discovering Pces

    Step Command Remarks Enter MPLS TE view. mpls te By default, no PCE address is Configure a PCE IP address. pce address ip-address configured. Discovering PCEs After the PCE is manually specified or dynamically discovered, a PCC sends a PCEP connection request to the PCE, but it does not accept a request from the PCE.

  • Page 105: Configuring Pcep Session Parameters

    Step Command Remarks Enter system view. system-view Enter MPLS TE tunnel interface tunnel tunnel-number interface view. [ mode mpls-te ] Enable CRLSP backup mpls te backup { hot-standby | By default, tunnel backup is and specify the backup ordinary } disabled.

  • Page 106: Configuring Traffic Forwarding

    Step Command Remarks mode, and enter tunnel bundle interface view. By default, no IP address is Configure an IP address for ip address ip-address configured for a tunnel bundle the tunnel bundle interface. { mask-length | mask } interface. By default, no destination address is configured for a tunnel bundle interface.

  • Page 107: Configuring Pbr To Direct Traffic To An Mpls Te Tunnel Or Tunnel Bundle

    Configuring PBR to direct traffic to an MPLS TE tunnel or tunnel bundle For more information about the commands in this task, see Layer 3—IP Routing Command Reference. To configure PBR to direct traffic to an MPLS TE tunnel or tunnel bundle: Step Command Remarks...

  • Page 108: Configuring A Bidirectional Mpls Te Tunnel

    • The route to the tunnel interface address (or the tunnel bundle interface address) and the route to the tunnel destination must be in the same OSPF area or at the same IS-IS level. Configuring IGP shortcut Step Command Remarks Enter system view.

  • Page 109: Configuring Crlsp Backup

    • To set up a bidirectional MPLS TE tunnel in co-routed mode, you must specify the signaling protocol as RSVP-TE. To create a bidirectional MPLS TE tunnel, create an MPLS TE tunnel interface on both ends of the tunnel and enable the bidirectional tunnel function on the tunnel interfaces: •...

  • Page 110: Configuring Mpls Te Frr

    Step Command Remarks Enter system view. system-view Enter MPLS TE tunnel interface tunnel tunnel-number interface view. [ mode mpls-te ] Enable CRLSP backup and mpls te backup { hot-standby | By default, tunnel backup is specify the backup mode. ordinary } disabled.
  • Page 111 mode and the other in node protection mode. Automatically created bypass tunnels can be used to protect any type of CT, but they cannot provide bandwidth protection. A primary tunnel can have both manually configured and automatically created bypass tunnels. The PLR will select one bypass tunnel to protect the primary CRLSP.
  • Page 112 Primary Bandwidt CRLSP h required requires Bypass tunnel providing Bypass tunnel providing no bandwidth bandwidth protection bandwidth protection primary protection or CRLSP The primary CRLSP can be bound to the bypass tunnel when all the following conditions are met: The primary CRLSP can be bound •...
  • Page 113 Manually configuring a bypass tunnel The bypass tunnel setup method is the same as a normal MPLS TE tunnel. This section describes only FRR-related configurations. To configure a bypass tunnel on the PLR: Step Command Remarks Enter system view. system-view Enter tunnel interface view of interface tunnel tunnel-number the bypass tunnel.

  • Page 114: Configuring Node Fault Detection

    Step Command Remarks By default, the PLR automatically creates both a link-protection and a node-protection bypass tunnel (Optional.) Configure the for each of its primary CRLSPs. PLR to create only nhop-only Execution of this command link-protection bypass deletes all existing tunnels.

  • Page 115: Configuring The Optimal Bypass Tunnel Selection Interval

    Configuring the optimal bypass tunnel selection interval If you have specified multiple bypass tunnels for a primary CRLSP, MPLS TE selects an optimal bypass tunnel to protect the primary CRLSP. Sometimes, a bypass tunnel might become better than the current optimal bypass tunnel because, for example, the reservable bandwidth changes. Therefore, MPLS TE needs to poll the bypass tunnels periodically to update the optimal bypass tunnel.

  • Page 116: Mpls Te Configuration Examples

    Task Command display mpls te link-management Display bandwidth information on MPLS bandwidth-allocation [ interface interface-type TE-enabled interfaces. interface-number ] display mpls te pce discovery [ ip-address ] Display information about discovered PCEs. [ verbose ] Display PCC and PCE peer information. display mpls te pce peer [ ip-address ] [ verbose ] Display PCC and PCE statistics.
  • Page 117 Figure 32 Network diagram Configuration procedure Configure IP addresses and masks for interfaces. (Details not shown.) Configure IS-IS to advertise interface addresses, including the loopback interface address: # Configure Router A. <RouterA> system-view [RouterA] isis 1 [RouterA-isis-1] network-entity 00.0005.0000.0000.0001.00 [RouterA-isis-1] quit [RouterA] interface gigabitethernet 2/0/1 [RouterA-GigabitEthernet2/0/1] isis enable 1 [RouterA-GigabitEthernet2/0/1] quit...
  • Page 118 [RouterC-GigabitEthernet2/0/1] isis enable 1 [RouterC-GigabitEthernet2/0/1] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] isis enable 1 [RouterC-LoopBack0] quit # Execute the display ip routing-table command on each router to verify that the routers have learned the routes to one another, including the routes to the loopback interfaces. (Details not shown.) Configure an LSR ID, and enable MPLS and MPLS TE: # Configure Router A.
  • Page 119 [RouterB] interface gigabitethernet 2/0/2 [RouterB-GigabitEthernet2/0/2] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet2/0/2] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet2/0/2] quit # Set the maximum link bandwidth and maximum reservable bandwidth on Router C. [RouterC] interface gigabitethernet 2/0/1 [RouterC-GigabitEthernet2/0/1] mpls te max-link-bandwidth 10000 [RouterC-GigabitEthernet2/0/1] mpls te max-reservable-bandwidth 5000 [RouterC-GigabitEthernet2/0/1] quit Configure an MPLS TE tunnel on Router A: # Configure the MPLS TE tunnel interface Tunnel 0.
  • Page 120 Internet Address is 6.1.1.1/24 Primary Tunnel source unknown, destination 3.3.3.3 Tunnel TTL 255 Tunnel protocol/transport CR_LSP Output queue - Urgent queuing: Size/Length/Discards 0/100/0 Output queue - Protocol queuing: Size/Length/Discards 0/500/0 Output queue - FIFO queuing: Size/Length/Discards 0/75/0 Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops...

  • Page 121: Establishing An Mpls Te Tunnel With Rsvp-Te

    Proto In/Out Label Interface/Out NHLFE 1.1.1.1/0/1 StaticCR -/20 GE2/0/1 2.1.1.2 Local GE2/0/1 Tunnel0 Local NHLFE1025 [RouterB] display mpls lsp Proto In/Out Label Interface/Out NHLFE StaticCR 20/30 GE2/0/2 3.2.1.2 Local GE2/0/2 [RouterC] display mpls lsp Proto In/Out Label Interface/Out NHLFE StaticCR 30/- [RouterA] display mpls static-cr-lsp Name LSR Type...
  • Page 122 Device Interface IP address Device Interface IP address GE2/0/1 10.1.1.1/24 GE2/0/1 30.1.1.1/24 Router B Loop0 2.2.2.9/32 POS2/2/0 20.1.1.2/24 GE2/0/1 10.1.1.2/24 Router D Loop0 4.4.4.9/32 POS2/2/0 20.1.1.1/24 GE2/0/1 30.1.1.2/24 Configuration procedure Configure IP addresses and masks for interfaces. (Details not shown.) Configure IS-IS to advertise interface addresses, including the loopback interface address: # Configure Router A.
  • Page 123 [RouterC-GigabitEthernet2/0/1] isis circuit-level level-2 [RouterC-GigabitEthernet2/0/1] quit [RouterC] interface pos 2/2/0 [RouterC-POS2/2/0] isis enable 1 [RouterC-POS2/2/0] isis circuit-level level-2 [RouterC-POS2/2/0] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] isis enable 1 [RouterC-LoopBack0] isis circuit-level level-2 [RouterC-LoopBack0] quit # Configure Router D. <RouterD> system-view [RouterD] isis 1 [RouterD-isis-1] network-entity 00.0005.0000.0000.0004.00 [RouterD-isis-1] quit...
  • Page 124 [RouterB-GigabitEthernet2/0/1] quit [RouterB] interface pos 2/2/0 [RouterB-POS2/2/0] mpls enable [RouterB-POS2/2/0] mpls te enable [RouterB-POS2/2/0] rsvp enable [RouterB-POS2/2/0] quit # Configure Router C. [RouterC] mpls lsr-id 3.3.3.9 [RouterC] mpls te [RouterC-te] quit [RouterC] rsvp [RouterC-rsvp] quit [RouterC] interface gigabitethernet 2/0/1 [RouterC-GigabitEthernet2/0/1] mpls enable [RouterC-GigabitEthernet2/0/1] mpls te enable [RouterC-GigabitEthernet2/0/1] rsvp enable [RouterC-GigabitEthernet2/0/1] quit...
  • Page 125 [RouterC-isis-1] quit # Configure Router D. [RouterD] isis 1 [RouterD-isis-1] cost-style wide [RouterD-isis-1] mpls te enable level-2 [RouterD-isis-1] quit Configure MPLS TE attributes of links: # Set the maximum link bandwidth and maximum reservable bandwidth on Router A. [RouterA] interface gigabitethernet 2/0/1 [RouterA-GigabitEthernet2/0/1] mpls te max-link-bandwidth 10000 [RouterA-GigabitEthernet2/0/1] mpls te max-reservable-bandwidth 5000 [RouterA-GigabitEthernet2/0/1] quit...
  • Page 126 Configure a static route on Router A to direct the traffic destined for subnet 30.1.1.0/24 to MPLS TE tunnel 1. [RouterA] ip route-static 30.1.1.0 24 tunnel 1 preference 1 Verifying the configuration # Execute the display interface tunnel command on Router A. The output shows that the tunnel interface is up.

  • Page 127: Establishing An Inter-As Mpls Te Tunnel With Rsvp-Te

    Bypass Tunnel : No Auto Created : No Route Pinning : Disabled Retry Limit : 10 Retry Interval : 2 sec Reoptimization : Disabled Reoptimization Freq Backup Type : None Backup LSP ID Auto Bandwidth : Disabled Auto Bandwidth Freq Min Bandwidth Max Bandwidth Collected Bandwidth...
  • Page 128 Configuration procedure Configure IP addresses and masks for interfaces. (Details not shown.) Configure OSPF to advertise routes within the ASs, and redistribute the direct and BGP routes into OSPF on Router B and Router C: # Configure Router A. <RouterA> system-view [RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255...
  • Page 129 Destinations : 6 Routes : 6 Destination/Mask Proto Pre Cost NextHop Interfac 1.1.1.9/32 Direct 127.0.0.1 InLoop0 2.2.2.9/32 O_INTRA 10 10.1.1.2 GE2/0/1 10.1.1.0/24 Direct 10.1.1.1 GE2/0/1 10.1.1.1/32 Direct 127.0.0.1 InLoop0 127.0.0.0/8 Direct 127.0.0.1 InLoop0 127.0.0.1/32 Direct 127.0.0.1 InLoop0 Configure BGP on Router B and Router C to ensure that the ASs can communicate with each other: # Configure Router B.
  • Page 130 [RouterA] mpls te [RouterA-te] quit [RouterA] rsvp [RouterA-rsvp] quit [RouterA] interface gigabitethernet 2/0/1 [RouterA-GigabitEthernet2/0/1] mpls enable [RouterA-GigabitEthernet2/0/1] mpls te enable [RouterA-GigabitEthernet2/0/1] rsvp enable [RouterA-GigabitEthernet2/0/1] quit # Configure Router B. [RouterB] mpls lsr-id 2.2.2.9 [RouterB] mpls te [RouterB-te] quit [RouterB] rsvp [RouterB-rsvp] quit [RouterB] interface gigabitethernet 2/0/1 [RouterB-GigabitEthernet2/0/1] mpls enable...
  • Page 131 [RouterD-GigabitEthernet2/0/1] mpls enable [RouterD-GigabitEthernet2/0/1] mpls te enable [RouterD-GigabitEthernet2/0/1] rsvp enable [RouterD-GigabitEthernet2/0/1] quit Configure OSPF TE: # Configure Router A. [RouterA] ospf [RouterA-ospf-1] opaque-capability enable [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] mpls te enable [RouterA-ospf-1-area-0.0.0.0] quit [RouterA-ospf-1] quit # Configure Router B. [RouterB] ospf [RouterB-ospf-1] opaque-capability enable [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] mpls te enable...
  • Page 132 [RouterB-GigabitEthernet2/0/1] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet2/0/1] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet2/0/1] quit [RouterB] interface pos 2/2/0 [RouterB-POS2/2/0] mpls te max-link-bandwidth 10000 [RouterB-POS2/2/0] mpls te max-reservable-bandwidth 5000 [RouterB-POS2/2/0] quit # Set the maximum link bandwidth and maximum reservable bandwidth on Router C. [RouterC] interface gigabitethernet 2/0/1 [RouterC-GigabitEthernet2/0/1] mpls te max-link-bandwidth 10000 [RouterC-GigabitEthernet2/0/1] mpls te max-reservable-bandwidth 5000...
  • Page 133 Tunnel bandwidth 64 (kbps) Tunnel TTL 255 Tunnel protocol/transport CR_LSP Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 drops 3077 packets output, 197028 bytes, 0 drops # Execute the display mpls te tunnel-interface command on Router A to display detailed information about the MPLS TE tunnel.

  • Page 134: Establishing An Inter-Area Mpls Te Tunnel Over A Crlsp Calculated By Pces

    Destination/Mask Proto Pre Cost NextHop Interface 1.1.1.9/32 Direct 127.0.0.1 InLoop0 2.2.2.9/32 O_INTRA 10 10.1.1.2 GE2/0/1 3.3.3.9/32 O_ASE 150 1 10.1.1.2 GE2/0/1 4.4.4.9/32 O_ASE 150 1 10.1.1.2 GE2/0/1 7.1.1.0/24 Direct 7.1.1.1 Tun1 7.1.1.1/32 Direct 127.0.0.1 InLoop0 10.1.1.0/24 Direct 10.1.1.1 GE2/0/1 10.1.1.1/32 Direct 127.0.0.1 InLoop0...
  • Page 135 [RouterA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [RouterA-ospf-1-area-0.0.0.0] mpls te enable [RouterA-ospf-1-area-0.0.0.0] quit [RouterA-ospf-1] area 1 [RouterA-ospf-1-area-0.0.0.1] network 10.3.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.1] mpls te enable [RouterA-ospf-1-area-0.0.0.1] quit [RouterA-ospf-1] quit # Configure Router B. <RouterB> system-view [RouterB] ospf [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [RouterB-ospf-1-area-0.0.0.0] mpls te enable...
  • Page 136 [RouterA-GigabitEthernet2/0/1] mpls enable [RouterA-GigabitEthernet2/0/1] mpls te enable [RouterA-GigabitEthernet2/0/1] rsvp enable [RouterA-GigabitEthernet2/0/1] quit [RouterA] interface gigabitethernet 2/0/2 [RouterA-GigabitEthernet2/0/2] mpls enable [RouterA-GigabitEthernet2/0/2] mpls te enable [RouterA-GigabitEthernet2/0/2] rsvp enable [RouterA-GigabitEthernet2/0/2] quit # Configure Router B. [RouterB] mpls lsr-id 2.2.2.2 [RouterB] mpls te [RouterB-te] quit [RouterB] rsvp [RouterB-rsvp] quit [RouterB] interface gigabitethernet 2/0/1...
  • Page 137 # Configure Router A. [RouterA] mpls te [RouterA-te] pce address 1.1.1.1 # Configure Router B. [RouterB] mpls te [RouterB-te] pce address 2.2.2.2 Configure Router C as a PCC to use the path calculated by PCEs: # Configure MPLS TE tunnel interface Tunnel 1. [RouterC] interface tunnel 1 mode mpls-te [RouterC-Tunnel1] ip address 7.1.1.1 255.255.255.0 # Specify the tunnel destination address as the LSR ID of Router D.

  • Page 138: Bidirectional Mpls Te Tunnel Configuration Example

    Keepalive interval : Local 30 sec, Peer 30 sec Recommended DeadTimer : Local 120 sec, Peer 120 sec Tolerance: Min keepalive interval: 10 sec Max unknown messages Request timeout : 10 sec Delegation timeout : 30 sec Peer address: 3.3.3.3 TCP connection : 3.3.3.3:29507 ->...
  • Page 139 Device Interface IP address Device Interface IP address GE2/0/1 10.1.1.1/24 GE2/0/1 30.1.1.1/24 Router B Loop0 2.2.2.9/32 POS2/2/0 20.1.1.2/24 GE2/0/1 10.1.1.2/24 Router D Loop0 4.4.4.9/32 POS2/2/0 20.1.1.1/24 GE2/0/1 30.1.1.2/24 Configuration procedure Configure IP addresses and masks for interfaces. (Details not shown.) Configure IS-IS to advertise interface addresses, including the loopback interface address: For more information, see "Establishing an MPLS TE tunnel with...
  • Page 140 [RouterC-te] quit [RouterC-] rsvp [RouterC-rsvp] quit [RouterC] interface gigabitethernet 2/0/1 [RouterC-GigabitEthernet2/0/1] mpls enable [RouterC-GigabitEthernet2/0/1] mpls te enable [RouterC-GigabitEthernet2/0/1] rsvp enable [RouterC-GigabitEthernet2/0/1] quit [RouterC] interface pos 2/2/0 [RouterC-POS2/2/0] mpls enable [RouterC-POS2/2/0] mpls te enable [RouterC-POS2/2/0] rsvp enable [RouterC-POS2/2/0] quit # Configure Router D. <RouterD>...
  • Page 141 # Configure Router A as the active end of the co-routed bidirectional tunnel. [RouterA] interface tunnel 1 mode mpls-te [RouterA-Tunnel1] ip address 7.1.1.1 255.255.255.0 [RouterA-Tunnel1] destination 4.4.4.9 [RouterA-Tunnel1] mpls te signaling rsvp-te [RouterA-Tunnel1] mpls te resv-style ff [RouterA-Tunnel1] mpls te bidirectional co-routed active [RouterA-Tunnel1] quit # Configure Router D as the passive end of the co-routed bidirectional tunnel.
  • Page 142 Class Type : CT0 Tunnel Bandwidth : 0 kbps Reserved Bandwidth : 0 kbps Setup Priority Holding Priority Affinity Attr/Mask : 0/0 Explicit Path Backup Explicit Path : - Metric Type : TE Record Route : Disabled Record Label : Disabled FRR Flag : Disabled Bandwidth Protection : Disabled...
  • Page 143 NHLFE ID : 1026 State : Active Nexthop : 10.1.1.2 Out-Interface: GE2/0/1 # Execute the display interface tunnel command on Router D. The output shows that the tunnel interface is up. [RouterD] display interface tunnel Tunnel4 current state: UP Line protocol current state: UP Description: Tunnel8 Interface The Maximum Transmit Unit is 64000 Internet Address is 8.1.1.1/24 Primary...

  • Page 144: Crlsp Backup Configuration Example

    Retry Limit Retry Interval Reoptimization Reoptimization Freq Backup Type Backup LSP ID Auto Bandwidth Auto Bandwidth Freq Min Bandwidth Max Bandwidth Collected Bandwidth # Execute the display mpls lsp verbose command on Router D to display detailed information about the bidirectional MPLS TE tunnel. [RouterD] display mpls lsp verbose Destination : 4.4.4.9...
  • Page 145 Figure 37 Network diagram IP network IP network Router B Loop0 GE2/0/2 GE2/0/2 GE2/0/1 GE2/0/1 Router C Router A GE2/0/1 GE2/0/2 POS2/2/1 POS2/2/1 Loop0 Loop0 Router D POS2/2/0 POS2/2/1 Loop0 Table 6 Interface and IP address assignment Device Interface IP address Device Interface IP address...
  • Page 146 [RouterA-GigabitEthernet2/0/1] quit [RouterA] interface pos 2/2/1 [RouterA-POS2/2/1] mpls enable [RouterA-POS2/2/1] mpls te enable [RouterA-POS2/2/1] rsvp enable [RouterA-POS2/2/1] quit # Configure Router B, Router C, and Router D in the same way that Router A is configured. (Details not shown.) Configure an MPLS TE tunnel on Router A: # Configure MPLS TE tunnel interface Tunnel 3.
  • Page 147 Proto In/Out Label Interface/Out NHLFE 1.1.1.9/3/34311 RSVP -/1150 GE2/0/1 1.1.1.9/3/34312 RSVP -/1151 POS2/2/1 10.1.1.2 Local GE2/0/1 30.1.1.2 Local POS2/2/1 Tunnel3 Local NHLFE1026 Backup NHLFE1028 # Execute the display rsvp lsp verbose command on Router A to display the paths used by the two CRLSPs.

  • Page 148: Manual Bypass Tunnel For Frr Configuration Example

    Fast Reroute protection: None # Tracert MPLS TE tunnel 3. The output shows that the used CRLSP is the one that traverses Router [RouterA] tracert mpls te tunnel 3 MPLS trace route TE tunnel Tunnel3 Replier Time Type Downstream Ingress 10.1.1.2/[1147] 10.1.1.2 1 ms...
  • Page 149 Figure 38 Network diagram IP network IP network Router B Router C Loop0 Loop0 GE2/0/2 GE2/0/2 GE2/0/2 GE2/0/1 GE2/0/1 Router D Router A GE2/0/1 GE2/0/2 GE2/0/1 POS2/2/0 POS2/2/0 Loop0 Loop0 POS2/2/0 POS2/2/1 Primary CRLSP Bypass tunnel Loop0 Router E Table 7 Interface and IP address assignment Device Interface IP address...
  • Page 150 [RouterA-GigabitEthernet2/0/1] quit # Configure Router B. <RouterB> system-view [RouterB] mpls lsr-id 2.2.2.2 [RouterB] mpls te [RouterB-te] quit [RouterB] rsvp [RouterB-rsvp] quit [RouterB] interface gigabitethernet 2/0/1 [RouterB-GigabitEthernet2/0/1] mpls enable [RouterB-GigabitEthernet2/0/1] mpls te enable [RouterB-GigabitEthernet2/0/1] rsvp enable [RouterB-GigabitEthernet2/0/1] quit [RouterB] interface gigabitethernet 2/0/2 [RouterB-GigabitEthernet2/0/2] mpls enable [RouterB-GigabitEthernet2/0/2] mpls te enable [RouterB-GigabitEthernet2/0/2] rsvp enable...
  • Page 151 [RouterA] display interface tunnel Tunnel4 current state: UP Line protocol current state: UP Description: Tunnel3 Interface The Maximum Transmit Unit is 64000 Internet Address is 9.1.1.1/24 Primary Tunnel source unknown, destination 3.3.3.9 Tunnel bandwidth 64 (kbps) Tunnel TTL 255 Tunnel protocol/transport CR_LSP Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 1911 bytes/sec, 15288 bits/sec, 0 packets/sec...
  • Page 152 Configure a bypass tunnel on Router B (the PLR): # Configure an explicit path for the bypass tunnel. [RouterB] explicit-path by-path [RouterB-explicit-path-by-path] nexthop 3.2.1.2 [RouterB-explicit-path-by-path] nexthop 3.3.1.2 [RouterB-explicit-path-by-path] nexthop 3.3.3.3 [RouterB-explicit-path-by-path] quit # Create MPLS TE tunnel interface Tunnel 5 for the bypass tunnel. [RouterB] interface tunnel 5 mode mpls-te [RouterB-Tunnel5] ip address 11.1.1.1 255.255.255.0 # Specify the tunnel destination address as LSR ID of Router C.
  • Page 153 # Execute the display interface tunnel 4 command on Router A to display information about the primary CRLSP. The output shows that the tunnel interface is still up. (Details not shown.) # Execute the display mpls te tunnel-interface command on Router A to display detailed information about the tunnel interface.

  • Page 154: Auto Frr Configuration Example

    [RouterB] mpls te [RouterB-te] fast-reroute timer 5 [RouterB-te] quit # On the PLR, bring up the protected interface GigabitEthernet 2/0/2. [RouterB] interface gigabitethernet 2/0/2 [RouterB-GigabitEthernet2/0/2] undo shutdown [RouterB-GigabitEthernet2/0/2] quit # Execute the display interface tunnel 4 command on Router A to display information about the primary CRLSP.
  • Page 155 Table 8 Interface and IP address assignment Device Interface IP address Device Interface IP address Router A Loop0 1.1.1.1/32 Router E Loop0 5.5.5.5/32 GE2/0/1 2.1.1.1/24 POS2/2/0 3.2.1.2/24 Router B Loop0 2.2.2.2/32 POS2/2/1 3.4.1.1/24 GE2/0/1 2.1.1.2/24 Router C Loop0 3.3.3.3/32 GE2/0/2 3.1.1.1/24 GE2/0/1 4.1.1.1/24...
  • Page 156 [RouterB-GigabitEthernet2/0/2] mpls te enable [RouterB-GigabitEthernet2/0/2] rsvp enable [RouterB-GigabitEthernet2/0/2] rsvp bfd enable [RouterB-GigabitEthernet2/0/2] quit [RouterB] interface pos 2/2/0 [RouterB-POS2/2/0] mpls enable [RouterB-POS2/2/0] mpls te enable [RouterB-POS2/2/0] rsvp enable [RouterB-POS2/2/0] quit [RouterB] interface pos 2/2/1 [RouterB-POS2/2/1] mpls enable [RouterB-POS2/2/1] mpls te enable [RouterB-POS2/2/1] rsvp enable [RouterB-POS2/2/1] quit # Configure Router C in the same way that Router B is configured.
  • Page 157 Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 1911 bytes/sec, 15288 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 drops 1526 packets output, 22356852 bytes, 0 drops # Execute the display mpls te tunnel-interface command on Router A to display detailed information about the MPLS TE tunnel interface.
  • Page 158 [RouterB] display interface tunnel brief Brief information on interface(s) under route mode: Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface Link Protocol Main IP Description Tun50 DOWN DOWN Tun51 DOWN # Execute the display mpls te tunnel-interface command on Router B to display information about Tunnel 50 and Tunnel 51.
  • Page 159 Ingress LSR ID : 2.2.2.2 Egress LSR ID : 3.3.3.3 Signaling : RSVP-TE Static CRLSP Name Resv Style : SE Tunnel mode Reverse-LSP name Reverse-LSP LSR ID Reverse-LSP Tunnel ID: - Class Type : CT0 Tunnel Bandwidth : 0 kbps Reserved Bandwidth : 0 kbps Setup Priority...

  • Page 160: Ietf Ds-Te Configuration Example

    Average bitrate: 0 kbps Maximum burst: 1000.00 bytes Path MTU: 1500 Class type: CT0 RRO number: 12 2.1.1.1/32 Flag: 0x00 (No FRR) 2.1.1.2/32 Flag: 0x00 (No FRR) 1150 Flag: 0x01 (Global label) 2.2.2.2/32 Flag: 0x20 (No FRR/Node-ID) 3.1.1.1/32 Flag: 0x09 (FRR Avail/Node-Prot) 3.1.1.2/32 Flag: 0x00 (No FRR) 1151...
  • Page 161 Device Interface IP address Device Interface IP address GE2/0/2 100.1.1.1/24 POS2/2/0 20.1.1.2/24 Router B Loop0 2.2.2.9/32 Router D Loop0 4.4.4.9/32 GE2/0/1 10.1.1.2/24 GE2/0/1 30.1.1.2/24 POS2/2/0 20.1.1.1/24 GE2/0/2 100.1.2.1/24 Configuration procedure Configure IP addresses and masks for interfaces. (Details not shown.) Configure IS-IS to advertise interface addresses, including the loopback interface address: # Configure Router A.
  • Page 162 [RouterC-GigabitEthernet2/0/1] isis circuit-level level-2 [RouterC-GigabitEthernet2/0/1] quit [RouterC] interface pos 2/2/0 [RouterC-POS2/2/0] isis enable 1 [RouterC-POS2/2/0] isis circuit-level level-2 [RouterC-POS2/2/0] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] isis enable 1 [RouterC-LoopBack0] isis circuit-level level-2 [RouterC-LoopBack0] quit # Configure Router D. <RouterD> system-view [RouterD] isis 1 [RouterD-isis-1] network-entity 00.0005.0000.0000.0004.00 [RouterD-isis-1] quit...
  • Page 163 [RouterA-GigabitEthernet2/0/1] mpls enable [RouterA-GigabitEthernet2/0/1] mpls te enable [RouterA-GigabitEthernet2/0/1] rsvp enable [RouterA-GigabitEthernet2/0/1] quit # Configure Router B. [RouterB] mpls lsr-id 2.2.2.9 [RouterB] mpls te [RouterB-te] ds-te mode ietf [RouterB-te] quit [RouterB] rsvp [RouterB-rsvp] quit [RouterB] interface gigabitethernet 2/0/1 [RouterB-GigabitEthernet2/0/1] mpls enable [RouterB-GigabitEthernet2/0/1] mpls te enable [RouterB-GigabitEthernet2/0/1] rsvp enable [RouterB-GigabitEthernet2/0/1] quit...
  • Page 164 [RouterD-GigabitEthernet2/0/1] rsvp enable [RouterD-GigabitEthernet2/0/1] quit Enable IS-IS TE, and configure IS-IS to receive and send only packets whose cost style is wide: # Configure Router A. [RouterA] isis 1 [RouterA-isis-1] cost-style wide [RouterA-isis-1] mpls te enable level-2 [RouterA-isis-1] quit # Configure Router B. [RouterB] isis 1 [RouterB-isis-1] cost-style wide [RouterB-isis-1] mpls te enable level-2...
  • Page 165 [RouterC-GigabitEthernet2/0/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterC-GigabitEthernet2/0/1] quit [RouterC] interface pos 2/2/0 [RouterC-POS2/2/0] mpls te max-link-bandwidth 10000 [RouterC-POS2/2/0] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterC-POS2/2/0] quit # Set the maximum bandwidth, maximum reservable bandwidth, and bandwidth constraints on Router D.
  • Page 166 0 packets output, 0 bytes 0 drops # Execute the display mpls te tunnel-interface command on Router A to display detailed information about the MPLS TE tunnel. [RouterA] display mpls te tunnel-interface Tunnel Name : Tunnel 1 Tunnel State : Up (Main CRLSP up, Shared-resource CRLSP down) Tunnel Attributes LSP ID : 36882...

  • Page 167: Troubleshooting Mpls Te

    10000 8000 5000 2000 TE Class Class Type Priority BW Reserved(kbps) BW Available(kbps) 6000 4000 1000 1000 6000 4000 4000 1000 1000 # Execute the display ip routing-table command on Router A. The output shows a static route entry with interface Tunnel1 as the output interface. (Details not shown.) Troubleshooting MPLS TE No TE LSA generated Symptom...

  • Page 168: Configuring A Static Crlsp

    Configuring a static CRLSP Overview A static Constraint-based Routed Label Switched Path (CRLSP) is established by manually specifying CRLSP setup information on the ingress, transit, and egress nodes of the forwarding path. The CRLSP setup information includes the incoming label, outgoing label, and required bandwidth. If the device does not have enough bandwidth resources required by a CRLSP, the CRLSP cannot be established.

  • Page 169: Displaying Static Crlsps

    Step Command Remarks • Configure the ingress node: Use one command according static-cr-lsp ingress lsp-name to the position of a device on { nexthop next-hop-addr | the network. outgoing-interface interface-type interface-number } out-label By default, no static CRLSP out-label-value [ bandwidth [ ct0 | exists.
  • Page 170 Figure 41 Network diagram Loop0 2.2.2.2/32 GE2/0/2 GE2/0/1 2.1.1.2/24 3.2.1.1/24 Router B GE2/0/1 GE2/0/1 GE2/0/3 GE2/0/3 2.1.1.1/24 3.2.1.2/24 100.1.2.1/24 100.1.1.1/24 IP network IP network Router A Router C Loop0 Loop0 3.3.3.3/32 1.1.1.1/32 Configuration procedure Configure IP addresses and masks for interfaces. (Details not shown.) Configure IS-IS to advertise interface addresses, including the loopback interface address: # Configure Router A.
  • Page 171 [RouterC-isis-1] quit [RouterC] interface gigabitethernet 2/0/1 [RouterC-GigabitEthernet2/0/1] isis enable 1 [RouterC-GigabitEthernet2/0/1] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] isis enable 1 [RouterC-LoopBack0] quit # Execute the display ip routing-table command on each router to verify that the routers have learned the routes to one another, including the routes to the loopback interfaces. (Details not shown.) Configure an LSR ID, and enable MPLS and MPLS TE: # Configure Router A.
  • Page 172 [RouterB-GigabitEthernet2/0/1] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet2/0/1] quit [RouterB] interface gigabitethernet 2/0/2 [RouterB-GigabitEthernet2/0/2] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet2/0/2] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet2/0/2] quit # On Router C, set the maximum bandwidth and the maximum reservable bandwidth. [RouterC] interface gigabitethernet 2/0/1 [RouterC-GigabitEthernet2/0/1] mpls te max-link-bandwidth 10000 [RouterC-GigabitEthernet2/0/1] mpls te max-reservable-bandwidth 5000 [RouterC-GigabitEthernet2/0/1] quit...
  • Page 173 Maximum transmission unit: 1496 Internet address: 6.1.1.1/24 (primary) Tunnel source unknown, destination 3.3.3.3 Tunnel TTL 255 Tunnel protocol/transport CR_LSP Output queue - Urgent queuing: Size/Length/Discards 0/100/0 Output queue - Protocol queuing: Size/Length/Discards 0/500/0 Output queue - FIFO queuing: Size/Length/Discards 0/75/0 Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec...
  • Page 174 1.1.1.1/0/1 StaticCR -/20 GE2/0/1 2.1.1.2 Local GE2/0/1 [RouterB] display mpls lsp Proto In/Out Label Interface/Out NHLFE StaticCR 20/30 GE2/0/2 3.2.1.2 Local GE2/0/2 [RouterC] display mpls lsp Proto In/Out Label Interface/Out NHLFE StaticCR 30/- [RouterA] display mpls static-cr-lsp Name LSR Type In/Out Label Out Interface State...

  • Page 175: Configuring Rsvp

    Configuring RSVP Overview The Resource Reservation Protocol (RSVP) is a signaling protocol that reserves resources on a network. Extended RSVP supports MPLS label distribution and allows resource reservation information to be transmitted with label bindings. This extended RSVP is called RSVP-TE. RSVP-TE is a label distribution protocol for MPLS TE.

  • Page 176: Crlsp Setup Procedure

    CRLSP setup procedure Figure 42 Setting up a CRLSP Ingress Egress Path Path Resv Resv Sender Receiver As shown in Figure 42, a CRLSP is set up by using the following steps: The ingress LSR generates a Path message that carries LABEL_REQUEST, and then forwards the message along the path calculated by CSPF hop-by-hop towards the egress LSR.

  • Page 177: Rsvp Authentication

    by sending back a message that includes the Message_ID_ACK object. If the sender does not receive a Message_ID_ACK within the retransmission interval (Rf), it performs the following tasks: • Retransmits the message when Rf expires. • Sets the next transmission interval to (1 + delta) × Rf. The sender repeats this process until it receives the Message_ID_ACK before the retransmission time expires or it has transmitted the message three times.

  • Page 178: Protocols And Standards

    Protocols and standards • RFC 2205, Resource ReSerVation Protocol • RFC 3209, RSVP-TE: Extensions to RSVP for LSP Tunnels • RFC 2961, RSVP Refresh Overhead Reduction Extensions RSVP configuration task list Tasks at a glance (Required.) Enabling RSVP (Optional.) Perform the following tasks on each node of an MPLS TE tunnel according to your network requirements: •...

  • Page 179: Configuring Rsvp Srefresh And Reliable Rsvp Message Delivery

    Configuring RSVP Srefresh and reliable RSVP message delivery After Srefresh is enabled, RSVP maintains the path and reservation states by sending Srefresh messages rather than standard refresh messages. To configure Srefresh and reliable RSVP message delivery: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view.

  • Page 180: Configuring Rsvp Authentication

    Step Command Remarks consecutive lost or is 4. erroneous hellos. Set the interval for sending By default, hello requests are sent hello interval interval hello requests. every 5 seconds. Return to system view. quit interface interface-type Enter interface view. interface-number Enable RSVP hello By default, RSVP hello extension rsvp hello enable...

  • Page 181: Setting A Dscp Value For Outgoing Rsvp Packets

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, RSVP authentication Enable RSVP authentication is disabled. on the interface and rsvp authentication key { cipher Do not enable both RSVP configure the authentication | plain } auth-key authentication and FRR on the key.

  • Page 182: Configuring Rsvp Gr

    Step Command Remarks Enter RSVP view. rsvp Set a DSCP value for outgoing dscp dscp-value By default, the DSCP value is 48. RSVP packets. Configuring RSVP GR RSVP GR depends on the RSVP hello extension function. When configuring RSVP GR, you must enable RSVP hello extension.

  • Page 183: Rsvp Configuration Examples

    Task Command Display information about the security display rsvp authentication [ from ip-address ] [ to associations established with RSVP ip-address ] [ verbose ] neighbors. Display information about CRLSPs display rsvp lsp [ destination ip-address ] [ source established through RSVP. ip-address ] [ tunnel-id tunnel-id ] [ lsp-id lsp-id ] [ verbose ] display rsvp peer [ interface interface-type Display information about RSVP neighbors.
  • Page 184 Table 10 Interface and IP address assignment Device Interface IP address Device Interface IP address Router A Loop0 1.1.1.9/32 Router C Loop0 3.3.3.9/32 GE2/0/1 10.1.1.1/24 GE2/0/1 30.1.1.1/24 Router B Loop0 2.2.2.9/32 POS2/2/0 20.1.1.2/24 GE2/0/1 10.1.1.2/24 Router D Loop0 4.4.4.9/32 POS2/2/0 20.1.1.1/24 GE2/0/1 30.1.1.2/24...
  • Page 185 [RouterC] interface gigabitethernet 2/0/1 [RouterC-GigabitEthernet2/0/1] isis enable 1 [RouterC-GigabitEthernet2/0/1] isis circuit-level level-2 [RouterC-GigabitEthernet2/0/1] quit [RouterC] interface pos 2/2/0 [RouterC-POS2/2/0] isis enable 1 [RouterC-POS2/2/0] isis circuit-level level-2 [RouterC-POS2/2/0] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] isis enable 1 [RouterC-LoopBack0] isis circuit-level level-2 [RouterC-LoopBack0] quit # Configure Router D.
  • Page 186 [RouterB-GigabitEthernet2/0/1] mpls te enable [RouterB-GigabitEthernet2/0/1] rsvp enable [RouterB-GigabitEthernet2/0/1] quit [RouterB] interface pos 2/2/0 [RouterB-POS2/2/0] mpls enable [RouterB-POS2/2/0] mpls te enable [RouterB-POS2/2/0] rsvp enable [RouterB-POS2/2/0] quit # Configure Router C. [RouterC] mpls lsr-id 3.3.3.9 [RouterC] mpls te [RouterC-te] quit [RouterC] rsvp [RouterC-rsvp] quit [RouterC] interface gigabitethernet 2/0/1 [RouterC-GigabitEthernet2/0/1] mpls enable...
  • Page 187 [RouterC-isis-1] cost-style wide [RouterC-isis-1] mpls te enable level-2 [RouterC-isis-1] quit # Configure Router D. [RouterD] isis 1 [RouterD-isis-1] cost-style wide [RouterD-isis-1] mpls te enable level-2 [RouterD-isis-1] quit Configure MPLS TE attributes of links: # Set the maximum link bandwidth and maximum reservable bandwidth on Router A. [RouterA] interface gigabitethernet 2/0/1 [RouterA-GigabitEthernet2/0/1] mpls te max-link-bandwidth 10000 [RouterA-GigabitEthernet2/0/1] mpls te max-reservable-bandwidth 5000...
  • Page 188 [RouterA-Tunnel1] quit Configure a static route on Router A to direct the traffic destined for subnet 30.1.1.0/24 to MPLS TE tunnel 1. [RouterA] ip route-static 30.1.1.0 24 tunnel 1 preference 1 Verifying the configuration # Execute the display interface tunnel command on Router A. The output shows that the tunnel interface is up.

  • Page 189: Rsvp Gr Configuration Example

    FRR Flag : Disabled Backup Bandwidth Flag: Disabled Backup Bandwidth Type: - Backup Bandwidth Route Pinning : Disabled Retry Limit : 10 Retry Interval : 2 sec Reoptimization : Disabled Reoptimization Freq Backup Type : None Backup LSP ID Auto Bandwidth : Disabled Auto Bandwidth Freq Min Bandwidth...
  • Page 190 [RouterB] mpls lsr-id 2.2.2.9 [RouterB] mpls te [RouterB-te] quit [RouterB] rsvp [RouterB] quit [RouterB] interface gigabitethernet 2/0/1 [RouterB-GigabitEthernet2/0/1] mpls enable [RouterB-GigabitEthernet2/0/1] mpls te enable [RouterB-GigabitEthernet2/0/1] rsvp enable [RouterB-GigabitEthernet2/0/1] rsvp hello enable [RouterB-GigabitEthernet2/0/1] quit [RouterB] interface gigabitethernet 2/0/2 [RouterB-GigabitEthernet2/0/2] mpls enable [RouterB-GigabitEthernet2/0/2] mpls te enable [RouterB-GigabitEthernet2/0/2] rsvp enable [RouterB-GigabitEthernet2/0/2] rsvp hello enable...
  • Page 191 Hello state: Up Hello type: Active PSB count: 0 RSB count: 1 Src instance: 0x1f08 Dst instance: 0x22 Summary refresh: Disabled Graceful Restart state: Ready Peer GR restart time: 120000 ms Peer GR recovery time: 0 ms The output shows that the neighbor's GR state is Ready.

  • Page 192: Configuring Tunnel Policies

    Configuring tunnel policies Overview Tunnel policies enable a PE to forward traffic for each MPLS VPN over a preferred tunnel or over multiple tunnels. The tunnels supported by MPLS VPN include MPLS LSPs, MPLS TE tunnels, and GRE tunnels. To enhance availability, you can associate multiple MPLS TE tunnels to a tunnel bundle, and specify the tunnel bundle as a preferred tunnel.

  • Page 193: Configuration Procedure

    Figure 45 MPLS VPN tunnel selection diagram As shown in Figure 45, PE 1 and PE 2 have multiple tunnels in between and they are connected to multiple MPLS VPNs. You can control the paths for VPN traffic by using one of the following methods: •...

  • Page 194: Displaying Tunnel Information

    Displaying tunnel information Execute display commands in any view. Task Command display mpls tunnel { all | statistics | [ vpn-instance Display tunnel information. vpn-instance-name ] destination { tunnel-ipv4-dest | tunnel-ipv6-dest } } Tunnel policy configuration examples Preferred tunnel configuration example Network requirements PE 1 has multiple tunnels to reach PE 2: one MPLS TE tunnel on interface Tunnel 1, one GRE tunnel on interface Tunnel 2, and one LDP LSP tunnel.

  • Page 195: Tunnel Selection Order Configuration Example

    # Create tunnel policy preferredte1, and configure tunnel 1 as the preferred tunnel. <PE1> system-view [PE1] tunnel-policy preferredte1 [PE1-tunnel-policy-preferredte1] preferred-path tunnel 1 [PE1-tunnel-policy-preferredte1] quit # Create tunnel policy preferredgre2, and configure tunnel 2 as the preferred tunnel. [PE1] tunnel-policy preferredgre2 [PE1-tunnel-policy-preferredgre2] preferred-path tunnel 2 [PE1-tunnel-policy-preferredgre2] quit Configure MPLS VPN instances and apply tunnel policies to the VPN instances:...

  • Page 196: Preferred Tunnel And Tunnel Selection Order Configuration Example

    Preferred tunnel and tunnel selection order configuration example Network requirements PE 1 has multiple tunnels to reach PE 2: two MPLS TE tunnels on interfaces Tunnel 1 and Tunnel 3, one GRE tunnel on interface Tunnel 2, and one LDP LSP tunnel. PE 1 has multiple MPLS VPN instances: vpna, vpnb, vpnc, vpnd, vpne, vpnf, and vpng.
  • Page 197 [PE1-vpn-instance-vpnb] vpn-target 100:2 [PE1-vpn-instance-vpnb] tnl-policy preferredte1 [PE1-vpn-instance-vpnb] quit # Create MPLS VPN instances vpnc and vpnd, and apply tunnel policy preferredte3 to them. [PE1] ip vpn-instance vpnc [PE1-vpn-instance-vpnc] route-distinguisher 100:3 [PE1-vpn-instance-vpnc] vpn-target 100:3 [PE1-vpn-instance-vpnc] tnl-policy preferredte3 [PE1-vpn-instance-vpnc] quit [PE1] ip vpn-instance vpnd [PE1-vpn-instance-vpnd] route-distinguisher 100:4 [PE1-vpn-instance-vpnd] vpn-target 100:4 [PE1-vpn-instance-vpnd] tnl-policy preferredte3...

  • Page 198: Configuring Mpls L3Vpn

    Configuring MPLS L3VPN Overview MPLS L3VPN is a L3VPN technology used to interconnect geographically dispersed VPN sites. MPLS L3VPN uses BGP to advertise VPN routes and uses MPLS to forward VPN packets over a service provider backbone. MPLS L3VPN provides flexible networking modes, excellent scalability, and convenient support for MPLS QoS and MPLS TE.
  • Page 199 • The classification of a site depends on the topology relationship of the devices, rather than the geographical positions. However, the devices at a site are, in most cases, adjacent to each other geographically. • The devices at a site can belong to multiple VPNs, which means that a site can belong to multiple VPNs.

  • Page 200: Mpls L3Vpn Route Advertisement

    • When the Type field is 2, the Administrator subfield occupies four bytes, the Assigned number subfield occupies two bytes, and the RD format is 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1. To guarantee global uniqueness for a VPN-IPv4 address, do not set the Administrator subfield to any private AS number or private IP address.

  • Page 201: Mpls L3Vpn Packet Forwarding

    d. Advertises those routes to the connected CE over a static route, RIP route, OSPF route, IS-IS route, EBGP route, or IBGP route. MPLS L3VPN packet forwarding In a basic MPLS L3VPN (within a single AS), a PE adds the following information into VPN packets: •...

  • Page 202: Mpls L3Vpn Networking Schemes

    MPLS L3VPN networking schemes In MPLS L3VPNs, route target attributes are used to control the advertisement and reception of VPN routes between sites. They work independently and can be configured with multiple values to support flexible VPN access control and implement multiple types of VPN networking schemes. Basic VPN networking scheme In the simplest case, all users in a VPN form a closed user group.
  • Page 203 • The import target attribute of a spoke PE is different from the export target attribute of any other spoke PE. Any two spoke PEs do not directly advertise VPN-IPv4 routes to each other. Therefore, they cannot directly access each other. Figure 50 Network diagram for hub and spoke network A route in Site 1 is advertised to Site 2 by using the following process: Spoke-CE 1 advertises a route in Site 1 to Spoke-PE 1.

  • Page 204: Inter-As Vpn

    Figure 51 Network diagram for extranet networking scheme VPN 1 Site 1 VPN 1: Import:100:1 Export:100:1 PE 1 VPN 1 PE 3 Site 3 PE 2 VPN 1: Import:100:1,200:1 Export:100:1,200:1 VPN 2: Import:200:1 Site 2 Export:200:1 VPN 2 As shown in Figure 51, route targets configured on PEs produce the following results: •...
  • Page 205 Figure 52 Network diagram for inter-AS option A VPN 1 VPN 1 CE 1 CE 3 PE 1 PE 3 ASBR 2 ASBR 1 EBGP (PE) (PE) AS 200 AS 100 PE 2 PE 4 VPN LSP 1 VPN LSP 2 LSP 1 LSP 2 IP Forwarding...
  • Page 206 Figure 53 Network diagram for inter-AS option B VPN 1 VPN 1 CE 1 CE 3 ASBR 2 ASBR 1 PE 1 PE 3 (PE) (PE) MP-EBGP MPLS backbone MPLS backbone AS 100 AS 200 PE 2 PE 4 VPN LSP 1 VPN LSP 3 VPN LSP2 CE 4...
  • Page 207 In this solution, PEs exchange VPN-IPv4 routes over a multihop MP-EBGP session. Each PE must have a route to the peer PE and a label for the route so that the inter-AS public tunnel between the PEs can be set up. Inter-AS option C sets up a public tunnel by using the following methods: •...

  • Page 208: Carrier's Carrier

    Assume that the outgoing label for the public tunnel on PE 3 is Lv. After route advertisement and public tunnel setup, a packet is forwarded from CE 3 to CE 1 by using the following process: PE 3 performs the following routing table lookups for the packet: a.
  • Page 209 For packets between customer networks to travel through the Level 1 carrier, the PE of the Level 1 carrier and the CE of the Level 2 carrier must assign labels to the backbone networks of the Level 2 carrier. The CE of the Level 2 carrier is a PE within the Level 2 carrier network. Follow these guidelines to assign labels: •...

  • Page 210: Nested Vpn

    Figure 57 Scenario where the Level 2 carrier is an MPLS L3VPN service provider NOTE: As a best practice, establish equal cost LSPs between the Level 1 carrier and the Level 2 carrier if equal cost routes exist between them. Nested VPN The nested VPN technology exchanges VPNv4 routes between PEs and CEs of the ISP MPLS L3VPN and allows a customer to manage its own internal VPNs.

  • Page 211: Multirole Host

    Figure 58 Network diagram for nested VPN VPN A Provider MPLS Provider PE Provider PE CE 8 CE 7 VPN backbone VPN A-2 VPN A-1 CE 2 CE 1 Customer MPLS Customer MPLS VPN network Customer PE Customer PE CE 3 CE 4 CE 5 CE 6...

  • Page 212: Hovpn

    Figure 59 Network diagram As shown in Figure 59, the multirole host in site 1 needs to access both VPN 1 and VPN 2. Other hosts in site 1 only need to access VPN 1. To configure the multirole host feature, configure PE 1 as follows: •...
  • Page 213 Figure 60 Basic architecture of HoVPN As shown in Figure 60, UPEs and SPEs play the following different roles: • A UPE is directly connected to CEs. It provides user access. It maintains the routes of directly connected VPN sites. It does not maintain the routes of the remote sites in the VPN, or it only maintains their summary routes.

  • Page 214: Ospf Vpn Extension

    Figure 61 Recursion of HoPEs Figure 61 shows a three-level HoPE. The PE in the middle is called the middle-level PE (MPE). MP-BGP runs between SPE and MPE, and between MPE and UPE. MP-BGP advertises the following routes: • All the VPN routes of UPEs to the SPEs. •...
  • Page 215 Figure 62 Network diagram for BGP/OSPF interaction As shown in Figure 62, CE 11, CE 21, and CE 22 belong to the same VPN and the same OSPF domain. Before domain ID configuration, VPN 1 routes are advertised from CE 11 to CE 21 and CE 22 by using the following process: PE 1 redistributes OSPF routes from CE 11 into BGP, and advertises the VPN routes to PE 2 through BGP.

  • Page 216: Bgp As Number Substitution And Soo Attribute

    As shown in Figure 63, Site 1 is connected to two PEs. When a PE advertises VPN routes learned from MP-BGP to Site 1 through OSPF, the routes might be received by the other PE. This results in a routing loop. OSPF VPN extension uses the following tags to avoid routing loops: •...

  • Page 217: Mpls L3Vpn Frr

    The BGP AS number substitution function allows geographically different CEs to use the same AS number. If the AS_PATH of a route contains the AS number of a CE, the PE replaces the AS number with its own AS number before advertising the route to that CE. After you enable the BGP AS number substitution function, the PE performs BGP AS number substitution for all routes and re-advertises them to connected CEs in the peer group.
  • Page 218 VPNv4 route backup for a VPNv4 route Figure 66 Network diagram As shown in Figure 66, configure FRR on the ingress node PE 1, and specify the backup next hop for VPN 1 as PE 3. When PE 1 receives a VPNv4 route to CE 2 from both PE 2 and PE 3, it uses the route from PE 2 as the primary link, and the route from PE 3 as the backup link.

  • Page 219: Multi-Vpn Instance Ce

    In this scenario, PE 2 is responsible for primary link detection and traffic switchover. IPv4 route backup for a VPNv4 route Figure 68 Network diagram As shown in Figure 68, configure FRR on the egress node PE 2, and specify the backup next hop for VPN 1 as CE 2.

  • Page 220: Protocols And Standards

    Figure 69 Network diagram for the MCE function As shown in Figure 69, the MCE exchanges private routes with VPN sites and PE 1, and adds the private routes to the routing tables of corresponding VPN instances. • Route exchange between MCE and VPN site—Create VPN instances VPN 1 and VPN 2 on the MCE.

  • Page 221: Mpls L3Vpn Configuration Task List

    MPLS L3VPN configuration task list Tasks at a glance (Required.) Configuring basic MPLS L3VPN (Optional.) Configuring inter-AS VPN (Optional.) Configuring nested VPN (Optional.) Configuring multirole host (Optional.) Configuring HoVPN (Optional.) Configuring an OSPF sham link (Optional.) Configuring routing on an MCE (Optional.) Specifying the VPN label processing mode on the egress PE (Optional.)
  • Page 222 Creating a VPN instance A VPN instance is a collection of the VPN membership and routing rules of its associated site. A VPN instance might correspond to more than one VPN. To create and configure a VPN instance: Step Command Remarks Enter system view.

  • Page 223: Configuring Routing Between A Pe And A Ce

    Configuring route related attributes for a VPN instance Step Command Remarks Enter system view. system-view • Enter VPN instance view: Configurations made in VPN ip vpn-instance instance view apply to both IPv4 vpn-instance-name VPN and IPv6 VPN. Enter VPN instance •...
  • Page 224 Configuring static routing between a PE and a CE Step Command Remarks Enter system view. system-view By default, no static route is ip route-static vpn-instance configured for a VPN s-vpn-instance-name dest-address instance. { mask-length | mask } { interface-type interface-number [ next-hop-address ] Perform this configuration on Configure a static |next-hop-address [ public ] [ track...
  • Page 225 Step Command Remarks The domain ID is carried in the routes of the OSPF process. When redistributing routes from the OSPF process, BGP adds the domain ID as an extended community attribute into BGP routes. An OSPF process can be configured with only one primary domain ID.
  • Page 226 Step Command Remarks Enter system view. system-view Enable BGP and enter BGP bgp as-number view. Configuration commands in BGP-VPN instance view are Enter BGP-VPN instance ip vpn-instance the same as those in BGP view. vpn-instance-name view. For more information, see Layer 3—IP Routing Configuration Guide.
  • Page 227 as-number Create the BGP IPv4 unicast By default, the BGP IPv4 address-family ipv4 [ unicast ] family and enter its view. unicast family is not created. Enable IPv4 unicast route By default, BGP does not peer { group-name | ip-address exchange with the specified exchange IPv4 unicast [ mask-length ] } enable...

  • Page 228: Configuring Routing Between Pes

    Step Command Remarks (Optional.) Enable route Route reflection between reflect between-clients reflection between clients. clients is enabled by default. By default, the RR uses its own router ID as the cluster (Optional.) Configure the reflector cluster-id { cluster-id | If multiple RRs exist in a cluster ID for the RR.

  • Page 229: Configuring Bgp Vpnv4 Route Control

    Configuring BGP VPNv4 route control BGP VPNv4 route control is configured similarly with BGP route control, except that it is configured in BGP VPNv4 address family view. For detailed information about BGP route control, see Layer 3—IP Routing Configuration Guide. To configure BGP VPNv4 route control: Step Command...

  • Page 230: Configuring Inter-As Vpn

    Step Command Remarks clients. 14. (Optional.) Specify a peer { group-name | ip-address preferred value for routes By default, the preferred value is [ mask-length ] } preferred-value received from a peer or peer value group. 15. Apply a prefix list to filter peer { group-name | ip-address routes received from or [ mask-length ] } prefix-list...

  • Page 231: Configuring Inter-As Option B

    The route targets configured on the PEs must match those configured on the ASBRs in the same AS to make sure VPN routes sent by the PEs (or ASBRs) can be received by the ASBRs (or PEs). Route targets configured on the PEs in different ASs do not have such requirements. For more information, see "Configuring basic MPLS L3VPN."...

  • Page 232: Configuring Inter-As Option C

    Step Command Remarks 12. Enable BGP to exchange By default, BGP cannot exchange VPNv4 routes with the PE in peer { group-name | ip-address VPNv4 routing information with a the same AS and the ASBR [ mask-length ] } enable peer.
  • Page 233 Step Command Remarks address family and enter its address family is not created. view. Enable BGP to exchange By default, BGP does not peer { group-name | ip-address IPv4 unicast routes with the exchange IPv4 unicast routes with [ mask-length ] } enable ASBR in the same AS.

  • Page 234: Configuring Nested Vpn

    Step Command Remarks Enable MPLS on the By default, MPLS is disabled on mpls enable interface. the interface. Enable MPLS LDP on the By default, MPLS LDP is disabled mpls ldp enable interface. on the interface. Return to system view. quit 10.

  • Page 235: Configuring Multirole Host

    • Configurations between provider CE and provider PE—Configure VPN instances and enable nested VPN on the provider PE and configure BGP VPNv4 route exchange between the provider CE and provider PE. • Configurations between provider PEs—Configure BGP VPNv4 route exchange between them.

  • Page 236: Configuring And Applying Pbr

    Configuring and applying PBR Step Command Remarks Enter system view. system-view policy-based-route policy-name Create a policy node and By default, no policy node is { deny | permit } node enter policy node view. created. node-number By default, no match criterion is configured.

  • Page 237: Configuring An Ospf Sham Link

    • Specify the BGP peer or peer group as a UPE. • Advertise the default route of the specified VPN instance or routes matching a routing policy to the UPE. • Create a BGP-VPN instance so the learned VPNv4 routes can be added into the BGP routing table of the corresponding VPN instance by comparing RTs.

  • Page 238: Configuring A Loopback Interface

    Before you configure an OSPF sham link, perform the following tasks: • Configure basic MPLS L3VPN (OSPF is used between PE and CE). • Configure OSPF in the LAN where customer CEs reside. Configuring a loopback interface Step Command Remarks Enter system view.

  • Page 239: Configuring Routing On An Mce

    Step Command Remarks Enter OSPF area view. area area-id sham-link source-ip-address destination-ip-address [ cost cost | dead dead-interval | hello hello-interval | { { hmac-md5 | md5 } key-id { cipher By default, no sham link is Configure a sham link. cipher-string | plain plain-string } | configured.
  • Page 240 Configuring RIP between an MCE and a VPN site A RIP process belongs to the public network or a single VPN instance. If you create a RIP process without binding it to a VPN instance, the process belongs to the public network. Binding RIP processes to VPN instances can isolate routes of different VPNs.
  • Page 241 Step Command Remarks import-route protocol [ process-id | all-processes | Redistribute remote site allow-ibgp ] [ allow-direct | cost By default, no routes are routes advertised by the PE cost | nssa-only | route-policy redistributed into OSPF. into OSPF. route-policy-name | tag tag | type type ] * Create an OSPF area and By default, no OSPF area is...
  • Page 242 Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter BGP-VPN instance ip vpn-instance vpn-instance-name view. peer { group-name | ip-address By default, no BGP Configure an EBGP peer. [ mask-length ] } as-number as-number peer is configured. Enter BGP-VPN IPv4 unicast address family address-family ipv4 [ unicast ]...
  • Page 243 Step Command Remarks By default, no routes are import-route protocol redistributed into BGP. [ { process-id | all-processes } Redistribute the IGP routes A VPN site must advertise [ allow-direct | med med-value | of the VPN into BGP. the VPN network addresses route-policy route-policy-name ] it can reach to the connected MCE.

  • Page 244: Configuring Routing Between An Mce And A Pe

    Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number peer { group-name | ip-address Configure the MCE as an [ mask-length ] } as-number IBGP peer. as-number Enter BGP-VPN IPv4 unicast address-family ipv4 [ unicast ] address family view. Enable BGP to exchange By default, BGP does not peer { group-name | ip-address...
  • Page 245 Step Command Remarks Enable RIP on the By default, RIP is disabled on interface attached to network network-address an interface. the specified network. import-route protocol [ process-id | Redistribute the VPN all-processes | allow-ibgp ] [ allow-direct | By default, no routes are routes.
  • Page 246 Step Command Remarks Create an IS-IS process for a VPN isis [ process-id ] vpn-instance instance and enter vpn-instance-name IS-IS view. Configure a network network-entity net By default, no NET is configured. entity title. Create the IS-IS IPv4 By default, the IS-IS IPv4 unicast unicast address family address-family ipv4 [ unicast ] address family is not created.

  • Page 247: Specifying The Vpn Label Processing Mode On The Egress Pe

    Step Command Remarks (Optional.) Configure filter-policy { acl-number | prefix-list By default, BGP does not filter filtering of received prefix-list-name } import received routes. routes. Configuring IBGP between an MCE and a PE Step Command Remarks Enter system view. system-view Enter BGP view.

  • Page 248: Configuring Bgp As Number Substitution And Soo Attribute

    Configuring BGP AS number substitution and SoO attribute When CEs at different sites have the same AS number, configure the BGP AS number substitution function to avoid route loss. When a PE uses different interfaces to connect different CEs in a site, the BGP AS number substitution function introduces a routing loop.
  • Page 249 Step Command Remarks The mpls bfd enable command applies to VPNv4 route backup for a VPNv4 route and IPv4 route Enable MPLS BFD. mpls bfd enable backup for a VPNv4 route. For more information about this command, see MPLS Command Reference.

  • Page 250: Enabling Snmp Notifications For Mpls L3Vpn

    Step Command Remarks By default, ARP is used to detect the connectivity to the next hop. (Optional.) Use echo-mode BFD to detect Use this command if necessary in the connectivity to the primary-path-detect bfd echo VPNv4 route backup an IPv4 route. next hop of the primary For more information about this route.
  • Page 251 Task Command refresh bgp { ip-address [ mask-length ] | all | external | group Manually soft reset BGP sessions for group-name | internal } { export | import } vpnv4 [ vpn-instance VPNv4 address family. vpn-instance-name ] reset bgp { as-number | ip-address [ mask-length ] | all | external | Reset BGP sessions for VPNv4 internal | group group-name } vpnv4 [ vpn-instance address family.

  • Page 252: Mpls L3Vpn Configuration Examples

    MPLS L3VPN configuration examples Configuring basic MPLS L3VPN Network requirements CE 1 and CE 3 belong to VPN 1. CE 2 and CE 4 belong to VPN 2. VPN 1 uses route target attribute 111:1. VPN 2 uses route target attribute 222:2. Users of different VPNs cannot access each other.
  • Page 253 <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] interface pos 2/2/0 [PE1-Pos2/2/0] ip address 172.1.1.1 24 [PE1-Pos2/2/0] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure the P device.
  • Page 254 Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs: # Configure PE 1. [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls ldp [PE1-ldp] quit [PE1] interface pos 2/2/0 [PE1-Pos2/2/0] mpls enable [PE1-Pos2/2/0] mpls ldp enable [PE1-Pos2/2/0] quit # Configure the P device.
  • Page 255 [PE1-GigabitEthernet2/0/2] ip address 10.2.1.2 24 [PE1-GigabitEthernet2/0/2] quit # Configure PE 2. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit [PE2] ip vpn-instance vpn2 [PE2-vpn-instance-vpn2] route-distinguisher 200:2 [PE2-vpn-instance-vpn2] vpn-target 222:2 [PE2-vpn-instance-vpn2] quit [PE2] interface gigabitethernet 2/0/1 [PE2-GigabitEthernet2/0/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/0/1] ip address 10.3.1.2 24 [PE2-GigabitEthernet2/0/1] quit [PE2] interface gigabitethernet 2/0/2...
  • Page 256 [CE1-bgp-ipv4] import-route direct [CE1-bgp-ipv4] quit [CE1-bgp] quit # Configure the other three CEs in the same way that CE 1 is configured. (Details not shown.) # Configure PE 1. [PE1] bgp 100 [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.1 as-number 65410 [PE1-bgp-vpn1] address-family ipv4 unicast [PE1-bgp-ipv4-vpn1] peer 10.1.1.1 enable [PE1-bgp-ipv4-vpn1] quit...

  • Page 257: Configuring Mpls L3Vpn Over A Gre Tunnel

    Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 127.0.0.1 InLoop0 10.1.1.0/24 Direct 0 10.1.1.2 GE2/0/1 10.1.1.0/32 Direct 0 10.1.1.2 GE2/0/1 10.1.1.2/32 Direct 0 127.0.0.1 InLoop0 10.1.1.255/32 Direct 0 10.1.1.2 GE2/0/1 10.3.1.0/24 3.3.3.9 POS2/2/0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32...
  • Page 258 Table 14 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 GE2/0/1 10.1.1.1/24 POS2/2/0 172.1.1.2/24 PE 1 Loop0 1.1.1.9/32 POS2/2/1 172.2.1.1/24 GE2/0/1 10.1.1.2/24 PE 2 Loop0 2.2.2.9/32 POS2/2/1 172.1.1.1/24 GE2/0/1 10.2.1.2/24 Tunnel0 20.1.1.1/24 POS2/2/0 172.2.1.2/24 CE 2 GE2/0/1...
  • Page 259 [PE2] interface gigabitethernet 2/0/1 [PE2-GigabitEthernet2/0/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/0/1] ip address 10.2.1.2 24 [PE2-GigabitEthernet2/0/1] quit # Configure CE 1. <CE1> system-view [CE1] interface gigabitethernet 2/0/1 [CE1-GigabitEthernet2/0/1] ip address 10.1.1.1 24 [CE1-GigabitEthernet2/0/1] quit # Configure CE 2. <CE2> system-view [CE2] interface gigabitethernet 2/0/1 [CE2-GigabitEthernet2/0/1] ip address 10.2.1.1 24 [CE2-GigabitEthernet2/0/1] quit # Execute the display ip vpn-instance command on the PEs to display the configuration of the...
  • Page 260 [PE1-bgp-ipv4-vpn1] peer 10.1.1.1 enable [PE1-bgp-ipv4-vpn1] peer 10.1.1.1 next-hop-local [PE1-bgp-ipv4-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 2 and PE 2 in the same way that CE 1 and PE 1 are configured. (Details not shown.) # Execute the display bgp peer ipv4 vpn-instance command on the PEs to verify that a BGP peer relationship in Established state has been established between a PE and a CE.

  • Page 261: Configuring A Hub-Spoke Network

    10.1.1.1/32 Direct 0 127.0.0.1 InLoop0 10.1.1.255/32 Direct 0 10.1.1.1 GE2/0/1 10.2.1.0/24 10.1.1.2 GE2/0/1 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 127.0.0.1 InLoop0 224.0.0.0/4 Direct 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0.0.0.0 NULL0 255.255.255.255/32...
  • Page 262 Device Interface IP address Device Interface IP address Spoke-PE 2 Loop0 3.3.3.9/32 GE2/0/1 10.3.1.2/24 GE2/0/1 10.2.1.2/24 GE2/0/2 10.4.1.2/24 POS2/2/0 172.2.1.1/24 Configuration procedure Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone: # Configure Spoke-PE 1. <Spoke-PE1>...
  • Page 263 [Hub-PE-ospf-1] area 0 [Hub-PE-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [Hub-PE-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [Hub-PE-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [Hub-PE-ospf-1-area-0.0.0.0] quit [Hub-PE-ospf-1] quit # Execute the display ospf peer command on the devices to verify that OSPF adjacencies in Full state have been established between Spoke-PE 1, Spoke-PE 2, and Hub-PE. Execute the display ip routing-table command on the devices to verify that the PEs have learned the routes to the loopback interfaces of each other.
  • Page 264 [Spoke-PE1-vpn-instance-vpn1] quit [Spoke-PE1] interface gigabitethernet 2/0/1 [Spoke-PE1-GigabitEthernet2/0/1] ip binding vpn-instance vpn1 [Spoke-PE1-GigabitEthernet2/0/1] ip address 10.1.1.2 24 [Spoke-PE1-GigabitEthernet2/0/1] quit # Configure Spoke-PE 2. [Spoke-PE2] ip vpn-instance vpn1 [Spoke-PE2-vpn-instance-vpn1] route-distinguisher 100:2 [Spoke-PE2-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity [Spoke-PE2-vpn-instance-vpn1] vpn-target 222:2 export-extcommunity [Spoke-PE2-vpn-instance-vpn1] quit [Spoke-PE2] interface gigabitethernet 2/0/1 [Spoke-PE2-GigabitEthernet2/0/1] ip binding vpn-instance vpn1 [Spoke-PE2-GigabitEthernet2/0/1] ip address 10.2.1.2 24 [Spoke-PE2-GigabitEthernet2/0/1] quit...
  • Page 265 56 bytes from 10.1.1.1: icmp_seq=4 ttl=128 time=2.710 ms --- Ping statistics for 10.1.1.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.666/2.075/2.710/0.406 ms Establish EBGP peer relationships between the PEs and CEs, and redistribute VPN routes into BGP: # Configure Spoke-CE 1.
  • Page 266 [Spoke-PE2-bgp-vpn1] peer 10.2.1.1 as-number 65420 [Spoke-PE2-bgp-vpn1] address-family ipv4 [Spoke-PE2-bgp-ipv4-vpn1] peer 10.2.1.1 enable [Spoke-PE2-bgp-ipv4-vpn1] quit [Spoke-PE2-bgp-vpn1] quit [Spoke-PE2-bgp] quit # Configure Hub-PE. [Hub-PE] bgp 100 [Hub-PE-bgp] ip vpn-instance vpn1-in [Hub-PE-bgp-vpn1-in] peer 10.3.1.1 as-number 65430 [Hub-PE-bgp-vpn1-in] address-family ipv4 [Hub-PE-bgp-ipv4-vpn1-in] peer 10.3.1.1 enable [Hub-PE-bgp-ipv4-vpn1-in] quit [Hub-PE-bgp-vpn1-in] quit [Hub-PE-bgp] ip vpn-instance vpn1-out...
  • Page 267 [Hub-PE-bgp] address-family vpnv4 [Hub-PE-bgp-vpnv4] peer 1.1.1.9 enable [Hub-PE-bgp-vpnv4] peer 3.3.3.9 enable [Hub-PE-bgp-vpnv4] quit [Hub-PE-bgp] quit # Execute the display bgp peer vpnv4 command on the PEs to verify that a BGP peer relationship in Established state has been established between the PEs. (Details not shown.) Verifying the configuration # Execute the display ip routing-table vpn-instance command on the PEs to display the routes to the CEs.

  • Page 268: Configuring Mpls L3Vpn Inter-As Option A

    Configuring MPLS L3VPN inter-AS option A Network requirements CE 1 and CE 2 belong to the same VPN. CE 1 accesses the network through PE 1 in AS 100, and CE 2 accesses the network through PE 2 in AS 200. Configure inter-AS option A MPLS L3VPN, and use the VRF-to-VRF method to manage VPN routes.
  • Page 269 # Configure basic MPLS on PE 1, and enable MPLS LDP on the interface connected to ASBR-PE 1. <PE1> system-view [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls ldp [PE1-ldp] quit [PE1] interface pos 2/2/0 [PE1-Pos2/2/0] mpls enable [PE1-Pos2/2/0] mpls ldp enable [PE1-Pos2/2/0] quit # Configure basic MPLS on ASBR-PE 1, and enable MPLS LDP on the interface connected to PE 1.
  • Page 270 [CE1-GigabitEthernet2/0/1] ip address 10.1.1.1 24 [CE1-GigabitEthernet2/0/1] quit # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface gigabitethernet 2/0/1 [PE1-GigabitEthernet2/0/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/0/1] ip address 10.1.1.2 24 [PE1-GigabitEthernet2/0/1] quit # Configure CE 2.
  • Page 271 Establish EBGP peer relationships between PEs and CEs, and redistribute VPN routes into BGP: # Configure CE 1. [CE1] bgp 65001 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] address-family ipv4 unicast [CE1-bgp-ipv4] peer 10.1.1.2 enable [CE1-bgp-ipv4] import-route direct [CE1-bgp-ipv4] quit [CE1-bgp] quit # Configure PE 1.

  • Page 272: Configuring Mpls L3Vpn Inter-As Option B

    [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] ip vpn-instance vpn1 [ASBR-PE1-bgp-vpn1] peer 192.1.1.2 as-number 200 [ASBR-PE1-bgp-vpn1] address-family ipv4 unicast [ASBR-PE1-bgp-ipv4-vpn1] peer 192.1.1.2 enable [ASBR-PE1-bgp-ipv4-vpn1] quit [ASBR-PE1-bgp-vpn1] quit [ASBR-PE1-bgp] peer 1.1.1.9 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback 0 [ASBR-PE1-bgp] address-family vpnv4 [ASBR-PE1-bgp-vpnv4] peer 1.1.1.9 enable [ASBR-PE1-bgp-vpnv4] peer 1.1.1.9 next-hop-local [ASBR-PE1-bgp-vpnv4] quit [ASBR-PE1-bgp] quit...
  • Page 273 PEs in the same AS run IS-IS. PE 1 and ASBR-PE 1 exchange VPNv4 routes through MP-IBGP. PE 2 and ASBR-PE 2 exchange VPNv4 routes through MP-IBGP. ASBR-PE 1 and ASBR-PE 2 exchange VPNv4 routes through MP-EBGP. ASBRs do not perform route target filtering of received VPN-IPv4 routes. Figure 74 Network diagram MPLS backbone MPLS backbone...
  • Page 274 [PE1] interface serial 2/1/0 [PE1-Serial2/1/0] ip address 1.1.1.2 255.0.0.0 [PE1-Serial2/1/0] isis enable 1 [PE1-Serial2/1/0] mpls enable [PE1-Serial2/1/0] mpls ldp enable [PE1-Serial2/1/0] quit # Configure interface Loopback 0, and enable IS-IS on it. [PE1] interface loopback 0 [PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1, and configure the RD and route target attributes.
  • Page 275 # Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface. [ASBR-PE1] interface serial 2/1/0 [ASBR-PE1-Serial2/1/0] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-Serial2/1/0] isis enable 1 [ASBR-PE1-Serial2/1/0] mpls enable [ASBR-PE1-Serial2/1/0] mpls ldp enable [ASBR-PE1-Serial2/1/0] quit # Configure interface Serial 2/1/1, and enable MPLS. [ASBR-PE1] interface serial 2/1/1 [ASBR-PE1-Serial2/1/1] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Serial2/1/1] mpls enable...
  • Page 276 # Configure interface Serial 2/1/1, and enable MPLS. [ASBR-PE2] interface serial 2/1/1 [ASBR-PE2-Serial2/1/1] ip address 11.0.0.1 255.0.0.0 [ASBR-PE2-Serial2/1/1] mpls enable [ASBR-PE2-Serial2/1/1] quit # Configure interface Loopback 0, and enable IS-IS on it. [ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit # Enable BGP on ASBR-PE 2.

  • Page 277: Configuring Mpls L3Vpn Inter-As Option C

    [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 12:12 [PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE2-vpn-instance-vpn1] quit # Bind the interface connected to CE 1 to the created VPN instance. [PE2] interface gigabitethernet 2/0/1 [PE2-GigabitEthernet2/0/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/0/1] ip address 20.0.0.1 8 [PE2-GigabitEthernet2/0/1] quit # Enable BGP on PE 2.
  • Page 278 ASBR-PE 1 and ASBR-PE 2 use EBGP to exchange labeled IPv4 routes. Figure 75 Network diagram Table 18 Interface and IP address assignment Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 GE2/0/1 30.0.0.1/24 GE2/0/1 20.0.0.1/24...
  • Page 279 <PE1> system-view [PE1] isis 1 [PE1-isis-1] network-entity 10.111.111.111.111.00 [PE1-isis-1] quit # Configure LSR ID, and enable MPLS and LDP. [PE1] mpls lsr-id 2.2.2.9 [PE1] mpls ldp [PE1-ldp] quit # Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface. [PE1] interface serial 2/1/0 [PE1-Serial2/1/0] ip address 1.1.1.2 255.0.0.0 [PE1-Serial2/1/0] isis enable 1...
  • Page 280 [PE1-bgp-vpnv4] peer 5.5.5.9 enable [PE1-bgp-vpnv4] quit # Establish an EBGP peer relationship with CE 1, and add the learned BGP routes to the routing table of VPN instance vpn1. [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 30.0.0.2 as-number 65001 [PE1-bgp-vpn1] address-family ipv4 unicast [PE1-bgp-ipv4-vpn1] peer 30.0.0.2 enable [PE1-bgp-ipv4-vpn1] quit [PE1-bgp-vpn1] quit...
  • Page 281 [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 2.2.2.9 as-number 100 [ASBR-PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [ASBR-PE1-bgp] address-family ipv4 unicast [ASBR-PE1-bgp-ipv4] peer 2.2.2.9 enable [ASBR-PE1-bgp-ipv4] peer 2.2.2.9 route-policy policy2 export # Enable the capability to advertise labeled routes to IBGP peer 2.2.2.9 and to receive labeled routes from the peer.
  • Page 282 [ASBR-PE2-Serial2/1/1] quit # Create routing policies. [ASBR-PE2] route-policy policy1 permit node 1 [ASBR-PE2-route-policy-policy1-1] apply mpls-label [ASBR-PE2-route-policy-policy1-1] quit [ASBR-PE2] route-policy policy2 permit node 1 [ASBR-PE2-route-policy-policy2-1] if-match mpls-label [ASBR-PE2-route-policy-policy2-1] apply mpls-label [ASBR-PE2-route-policy-policy2-1] quit # Enable BGP on ASBR-PE 2, and enable the capability to advertise labeled routes to IBGP peer 5.5.5.9 and to receive labeled routes from the peer.
  • Page 283 [PE2-Serial2/1/0] quit # Configure the interface Loopback 0, and enable IS-IS on it. [PE2] interface loopback 0 [PE2-LoopBack0] ip address 5.5.5.9 32 [PE2-LoopBack0] isis enable 1 [PE2-LoopBack0] quit # Create VPN instance vpn1, and configure the RD and route target attributes. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 11:11 [PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity...

  • Page 284: Configuring Mpls L3Vpn Carrier's Carrier In The Same As

    [CE2] interface gigabitethernet 2/0/1 [CE2-GigabitEthernet2/0/1] ip address 20.0.0.2 24 [CE2-GigabitEthernet2/0/1] quit # Establish an EBGP peer relationship with PE 2, and redistribute VPN routes. [CE2] bgp 65002 [CE2-bgp] peer 20.0.0.1 as-number 600 [CE2-bgp] address-family ipv4 unicast [CE2-bgp-ipv4] peer 20.0.0.1 enable [CE2-bgp-ipv4] import-route direct [CE2-bgp-ipv4] quit [CE2-bgp] quit...
  • Page 285 Figure 76 Network diagram Table 19 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 3 GE2/0/1 100.1.1.1/24 CE 4 GE2/0/1 120.1.1.1/24 PE 3 Loop0 1.1.1.9/32 PE 4 Loop0 6.6.6.9/32 GE2/0/1 100.1.1.2/24 GE2/0/1 120.1.1.2/24 POS2/2/1 10.1.1.1/24 POS2/2/1 20.1.1.2/24...
  • Page 286 [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface pos 2/2/1 [PE1-Pos2/2/1] ip address 30.1.1.1 24 [PE1-Pos2/2/1] isis enable 1 [PE1-Pos2/2/1] mpls enable [PE1-Pos2/2/1] mpls ldp enable [PE1-Pos2/2/1] mpls ldp transport-address interface [PE1-Pos2/2/1] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] address-family vpnv4...
  • Page 287 # Configure CE 1. <CE1> system-view [CE1] interface loopback 0 [CE1-LoopBack0] ip address 2.2.2.9 32 [CE1-LoopBack0] quit [CE1] mpls lsr-id 2.2.2.9 [CE1] mpls ldp [CE1-ldp] quit [CE1] isis 2 [CE1-isis-2] network-entity 10.0000.0000.0000.0002.00 [CE1-isis-2] quit [CE1] interface loopback 0 [CE1-LoopBack0] isis enable 2 [CE1-LoopBack0] quit [CE1] interface pos 2/2/0 [CE1-Pos2/2/0] ip address 10.1.1.2 24...
  • Page 288 [PE1-Pos2/2/0] quit [PE1] bgp 100 [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] address-family ipv4 unicast [PE1-bgp-ipv4-vpn1] import isis 2 [PE1-bgp-ipv4-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 1. [CE1] interface pos 2/2/1 [CE1-Pos2/2/1] ip address 11.1.1.1 24 [CE1-Pos2/2/1] isis enable 2 [CE1-Pos2/2/1] mpls enable [CE1-Pos2/2/1] mpls ldp enable [CE1-Pos2/2/1] mpls ldp transport-address interface...
  • Page 289 [PE3-bgp] quit # Configure PE 4 and CE 4 in the same way that PE 3 and CE 3 are configured. (Details not shown.) Configure an MP-IBGP peer relationship between the PEs of the customer carrier to exchange the VPN routes of the end customers: # Configure PE 3.
  • Page 290 5.5.5.9/32 255 10 4.4.4.9 POS2/2/1 6.6.6.9/32 255 20 4.4.4.9 POS2/2/1 10.1.1.0/24 IS_L1 11.1.1.1 POS2/2/0 11.1.1.0/24 Direct 11.1.1.2 POS2/2/0 11.1.1.0/32 Direct 11.1.1.2 POS2/2/0 11.1.1.2/32 Direct 127.0.0.1 InLoop0 11.1.1.255/32 Direct 11.1.1.2 POS2/2/0 20.1.1.0/24 255 20 4.4.4.9 POS2/2/1 127.0.0.0/8 Direct 127.0.0.1 InLoop0 127.0.0.0/32 Direct 127.0.0.1 InLoop0...
  • Page 291 [PE3] display ip routing-table Destinations : 18 Routes : 18 Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/32 Direct 127.0.0.1 InLoop0 1.1.1.9/32 Direct 127.0.0.1 InLoop0 2.2.2.9/32 IS_L1 10.1.1.2 POS2/2/1 5.5.5.9/32 IS_L2 10.1.1.2 POS2/2/1 6.6.6.9/32 IS_L2 10.1.1.2 POS2/2/1 10.1.1.0/24 Direct 10.1.1.1 POS2/2/1 10.1.1.0/32 Direct 10.1.1.1...

  • Page 292: Configuring Mpls L3Vpn Carrier's Carrier In Different Ass

    Configuring MPLS L3VPN carrier's carrier in different ASs Network requirements Configure carrier's carrier for the scenario shown in Figure 77. In this scenario: • PE 1 and PE 2 are the provider carrier's PE routers. They provide VPN services for the customer carrier.
  • Page 293 Device Interface IP address Device Interface IP address PE 1 Loop0 3.3.3.9/32 PE 2 Loop0 4.4.4.9/32 POS2/2/0 11.1.1.2/24 POS2/2/0 30.1.1.2/24 POS2/2/1 30.1.1.1/24 POS2/2/1 21.1.1.1/24 Configuration procedure Configure MPLS L3VPN on the provider carrier backbone. Enable IS-IS as the IGP, enable LDP between PE 1 and PE 2, and establish an MP-IBGP peer relationship between the PEs: # Configure PE 1.
  • Page 294 <PE3> system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 1.1.1.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 1.1.1.9 [PE3] mpls ldp [PE3-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0000.0001.00 [PE3-isis-2] quit [PE3] interface loopback 0 [PE3-LoopBack0] isis enable 2 [PE3-LoopBack0] quit [PE3] interface pos 2/2/1 [PE3-Pos2/2/1] ip address 10.1.1.1 24 [PE3-Pos2/2/1] isis enable 2...
  • Page 295 Allow CEs of the customer carrier to access PEs of the provider carrier: # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] interface pos 2/2/0 [PE1-Pos2/2/0] ip binding vpn-instance vpn1 [PE1-Pos2/2/0] ip address 11.1.1.2 24 [PE1-Pos2/2/0] mpls enable [PE1-Pos2/2/0] quit [PE1] bgp 200...
  • Page 296 [CE3] interface gigabitethernet 2/0/1 [CE3-GigabitEthernet2/0/1] ip address 100.1.1.1 24 [CE3-GigabitEthernet2/0/1] quit [CE3] bgp 65410 [CE3-bgp] peer 100.1.1.2 as-number 100 [CE3-bgp] address-family ipv4 unicast [CE3-bgp-ipv4] peer 100.1.1.2 enable [CE3-bgp-ipv4] import-route direct [CE3-bgp-ipv4] quit [CE3-bgp] quit # Configure PE 3. [PE3] ip vpn-instance vpn1 [PE3-vpn-instance-vpn1] route-distinguisher 100:1 [PE3-vpn-instance-vpn1] vpn-target 1:1 [PE3-vpn-instance-vpn1] quit...
  • Page 297 Destinations : 14 Routes : 14 Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/32 Direct 127.0.0.1 InLoop0 3.3.3.9/32 Direct 127.0.0.1 InLoop0 4.4.4.9/32 IS_L1 30.1.1.2 POS2/2/1 30.1.1.0/24 Direct 30.1.1.1 POS2/2/1 30.1.1.0/32 Direct 30.1.1.1 POS2/2/1 30.1.1.1/32 Direct 127.0.0.1 InLoop0 30.1.1.255/32 Direct 30.1.1.1 POS2/2/1 127.0.0.0/8 Direct 127.0.0.1...
  • Page 298 2.2.2.9/32 Direct 127.0.0.1 InLoop0 6.6.6.9/32 255 0 11.1.1.2 POS2/2/1 10.1.1.0/24 Direct 10.1.1.2 POS2/2/0 10.1.1.0/32 Direct 10.1.1.2 POS2/2/0 10.1.1.2/32 Direct 127.0.0.1 InLoop0 10.1.1.255/32 Direct 10.1.1.2 POS2/2/0 11.1.1.0/24 Direct 11.1.1.1 POS2/2/1 11.1.1.0/32 Direct 11.1.1.1 POS2/2/1 11.1.1.1/32 Direct 127.0.0.1 InLoop0 11.1.1.255/32 Direct 11.1.1.1 POS2/2/1 127.0.0.0/8 Direct...

  • Page 299: Configuring Nested Vpn

    100.1.1.0/24 Direct 100.1.1.2 GE2/0/1 100.1.1.0/32 Direct 100.1.1.2 GE2/0/1 100.1.1.2/32 Direct 127.0.0.1 InLoop0 100.1.1.255/32 Direct 100.1.1.2 GE2/0/1 127.0.0.0/8 Direct 127.0.0.1 InLoop0 127.0.0.0/32 Direct 127.0.0.1 InLoop0 127.0.0.1/32 Direct 127.0.0.1 InLoop0 127.255.255.255/32 Direct 127.0.0.1 InLoop0 120.1.1.0/24 255 0 6.6.6.9 POS2/2/1 224.0.0.0/4 Direct 0.0.0.0 NULL0 224.0.0.0/24 Direct...
  • Page 300 Figure 78 Network diagram Loop0 Loop0 AS 100 PE 1 PE 2 POS2/2/1 POS2/2/0 POS2/2/0 POS2/2/1 Carrier VPN CE 1 CE 2 Customer VPN Customer VPN POS2/2/1 POS2/2/0 AS 200 AS 200 VPN 1 VPN 1 POS2/2/1 POS2/2/0 POS2/2/1 POS2/2/1 PE 3 PE 4 GE2/0/1...
  • Page 301 [PE1-isis-1] network-entity 10.0000.0000.0000.0004.00 [PE1-isis-1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface pos 2/2/1 [PE1-Pos2/2/1] ip address 30.1.1.1 24 [PE1-Pos2/2/1] isis enable 1 [PE1-Pos2/2/1] mpls enable [PE1-Pos2/2/1] mpls ldp enable [PE1-Pos2/2/1] mpls ldp transport-address interface [PE1-Pos2/2/1] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100...
  • Page 302 [PE3-Pos2/2/1] quit # Configure CE 1. <CE1> system-view [CE1] interface loopback 0 [CE1-LoopBack0] ip address 2.2.2.9 32 [CE1-LoopBack0] quit [CE1] mpls lsr-id 2.2.2.9 [CE1] mpls ldp [CE1-ldp] quit [CE1] isis 2 [CE1-isis-2] network-entity 10.0000.0000.0000.0002.00 [CE1-isis-2] quit [CE1] interface loopback 0 [CE1-LoopBack0] isis enable 2 [CE1-LoopBack0] quit [CE1] interface pos 2/2/0...
  • Page 303 [CE1] bgp 200 [CE1-bgp] peer 11.1.1.2 as-number 100 [CE1-bgp-vpn1] address-family ipv4 [CE1-bgp-ipv4-vpn1] peer 11.1.1.2 enable [CE1-bgp-ipv4-vpn1] quit [CE1-bgp] quit # Configure PE 2 and CE 2 in the same way that PE 1 and CE 1 are configured. (Details not shown.) Connect sub-VPN CEs to the customer VPN PEs: # Configure CE 3.
  • Page 304 [PE3-GigabitEthernet2/0/2] ip address 110.1.1.2 24 [PE3-GigabitEthernet2/0/2] quit [PE3] bgp 200 [PE3-bgp] ip vpn-instance SUB_VPN1 [PE3-bgp-SUB_VPN1] peer 100.1.1.1 as-number 65410 [PE3-bgp-SUB_VPN1] address-family ipv4 unicast [PE3-bgp-ipv4-SUB_VPN1] peer 100.1.1.1 enable [PE3-bgp-ipv4-SUB_VPN1] quit [PE3-bgp-SUB_VPN1] quit [PE3-bgp] ip vpn-instance SUB_VPN2 [PE3-bgp-SUB_VPN2] peer 110.1.1.1 as-number 65411 [PE3-bgp-SUB_VPN2] address-family ipv4 unicast [PE3-bgp-ipv4-SUB_VPN2] peer 110.1.1.1 enable [PE3-bgp-ipv4-SUB_VPN2] quit...
  • Page 305 [PE3-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE3-bgp] address-family vpnv4 [PE3-bgp-vpnv4] peer 2.2.2.9 enable # Allow the local AS number to appear in the AS-PATH attribute of the routes received. [PE3-bgp-vpnv4] peer 2.2.2.9 allow-as-loop 2 [PE3-bgp-vpnv4] quit [PE3-bgp] quit # Configure CE 1. [CE1] bgp 200 [CE1-bgp] peer 1.1.1.9 as-number 200 [CE1-bgp] peer 1.1.1.9 connect-interface loopback 0...
  • Page 306 11.1.1.0/24 Direct 11.1.1.2 POS2/2/0 11.1.1.0/32 Direct 11.1.1.2 POS2/2/0 11.1.1.2/32 Direct 127.0.0.1 InLoop0 11.1.1.255/32 Direct 11.1.1.2 POS2/2/0 100.1.1.0/24 255 0 11.1.1.1 POS2/2/0 110.1.1.0/24 255 0 11.1.1.1 POS2/2/0 120.1.1.0/24 255 0 4.4.4.9 POS2/2/1 127.0.0.0/8 Direct 127.0.0.1 InLoop0 127.0.0.0/32 Direct 127.0.0.1 InLoop0 127.0.0.1/32 Direct 127.0.0.1 InLoop0...
  • Page 307 Route Distinguisher: 201:1 Total number of routes: 1 Network NextHop LocPrf PrefVal Path/Ogn * >e 130.1.1.0/24 11.1.1.2 100 200 65421? Display the VPN routing table on the customer PEs, for example, on PE 3: # Verify that the VPN routing table contains routes sent by the provider PE to the sub-VPN. [PE3] display ip routing-table vpn-instance SUB_VPN1 Destinations : 13 Routes : 13...

  • Page 308: Configuring Multirole Host

    # Verify that the routing table contains the route to the remote sub-VPN on CE 5. [CE5] display ip routing-table Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/32 Direct 127.0.0.1 InLoop0 110.1.1.0/24 Direct 110.1.1.1 GE2/0/1 110.1.1.0/32 Direct 110.1.1.1...
  • Page 309 <CE1> system-view [CE1] interface gigabitethernet 2/0/1 [CE1-GigabitEthernet2/0/1] ip address 100.1.1.1 24 [CE1-GigabitEthernet2/0/1] quit [CE1] interface serial 2/1/0 [CE1-Serial2/1/0] ip address 1.1.1.2 24 [CE1-Serial2/1/0] quit # Configure a default route to PE 1. [CE1] ip route-static 0.0.0.0 0 1.1.1.1 Configure PE 1: # Create VPN instances vpn1 and vpn2 for VPN 1 and VPN 2, respectively, and configure different RDs and route targets for the VPN instances.

  • Page 310: Configuring Hovpn

    [PE1-Serial2/1/1] ip policy-based-route policy1 Configure basic MPLS L3VPN. (Details not shown.) Verifying the configuration # Verify that Host A can ping Host C, and that Host B cannot ping Host C. (Details not shown.) Configuring HoVPN Network requirements As shown in Figure 80, there are two levels of networks: the backbone and the MPLS VPN networks.
  • Page 311 Configuration procedure Configure UPE 1: # Configure basic MPLS and MPLS LDP to establish LDP LSPs. <UPE1> system-view [UPE1] interface loopback 0 [UPE1-LoopBack0] ip address 1.1.1.9 32 [UPE1-LoopBack0] quit [UPE1] mpls lsr-id 1.1.1.9 [UPE1] mpls ldp [UPE1-ldp] quit [UPE1] interface gigabitethernet 2/0/3 [UPE1-GigabitEthernet2/0/3] ip address 172.1.1.1 24 [UPE1-GigabitEthernet2/0/3] mpls enable [UPE1-GigabitEthernet2/0/3] mpls ldp enable...
  • Page 312 [UPE1-bgp-vpn1] peer 10.2.1.1 as-number 65410 [UPE1-bgp-vpn1] address-family ipv4 unicast [UPE1-bgp-ipv4-vpn1] peer 10.2.1.1 enable [UPE1-bgp-ipv4-vpn1] quit [UPE1-bgp-vpn1] quit # Establish an EBGP peer relationship with CE 2. [UPE1-bgp] ip vpn-instance vpn2 [UPE1-bgp-vpn2] peer 10.4.1.1 as-number 65420 [UPE1-bgp-vpn2] address-family ipv4 unicast [UPE1-bgp-ipv4-vpn2] peer 10.4.1.1 enable [UPE1-bgp-ipv4-vpn2] quit [UPE1-bgp-vpn2] quit [UPE1-bgp] quit...
  • Page 313 [UPE2-GigabitEthernet2/0/1] mpls enable [UPE2-GigabitEthernet2/0/1] mpls ldp enable [UPE2-GigabitEthernet2/0/1] quit # Configure the IGP protocol (OSPF, in this example). [UPE2] ospf [UPE2-ospf-1] area 0 [UPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [UPE2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [UPE2-ospf-1-area-0.0.0.0] quit [UPE2-ospf-1] quit # Configure VPN instances vpn1 and vpn2, allowing CE 3 and CE 4 to access UPE 2. [UPE2] ip vpn-instance vpn1 [UPE2-vpn-instance-vpn1] route-distinguisher 300:1 [UPE2-vpn-instance-vpn1] vpn-target 100:1 both...
  • Page 314 [UPE2-bgp] quit Configure CE 3. <CE3> system-view [CE3] interface gigabitethernet 2/0/1 [CE3-GigabitEthernet2/0/1] ip address 10.1.1.1 255.255.255.0 [CE3-GigabitEthernet2/0/1] quit [CE3] bgp 65430 [CE3-bgp] peer 10.1.1.2 as-number 100 [CE3-bgp] address-family ipv4 unicast [CE3-bgp-ipv4] peer 10.1.1.2 enable [CE3-bgp-ipv4] import-route direct [CE3-bgp-ipv4] quit [CE3-bgp] quit Configure CE 4.
  • Page 315 [SPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.0] quit [SPE1-ospf-1] quit # Configure VPN instances vpn1 and vpn2. [SPE1] ip vpn-instance vpn1 [SPE1-vpn-instance-vpn1] route-distinguisher 500:1 [SPE1-vpn-instance-vpn1] vpn-target 100:1 both [SPE1-vpn-instance-vpn1] quit [SPE1] ip vpn-instance vpn2 [SPE1-vpn-instance-vpn2] route-distinguisher 700:1 [SPE1-vpn-instance-vpn2] vpn-target 100:2 both [SPE1-vpn-instance-vpn2] quit # Establish MP-IBGP peer relationships with SPE 2 and UPE 1, and specify UPE 1 as a UPE.
  • Page 316 [SPE2] mpls ldp [SPE2-ldp] quit [SPE2] interface gigabitethernet 2/0/1 [SPE2-GigabitEthernet2/0/1] ip address 180.1.1.2 24 [SPE2-GigabitEthernet2/0/1] mpls enable [SPE2-GigabitEthernet2/0/1] mpls ldp enable [SPE2-GigabitEthernet2/0/1] quit [SPE2] interface gigabitethernet 2/0/2 [SPE2-GigabitEthernet2/0/2] ip address 172.2.1.2 24 [SPE2-GigabitEthernet2/0/2] mpls enable [SPE2-GigabitEthernet2/0/2] mpls ldp enable [SPE2-GigabitEthernet2/0/2] quit # Configure the IGP protocol, OSPF, in this example.

  • Page 317: Configuring An Ospf Sham Link

    [SPE2-bgp] quit # Advertise to UPE 2 the routes permitted by a routing policy (the routes of CE 1). [SPE2] ip prefix-list hope index 10 permit 10.2.1.1 24 [SPE2] route-policy hope permit node 0 [SPE2-route-policy-hope-0] if-match ip address prefix-list hope [SPE2-route-policy-hope-0] quit [SPE2] bgp 100 [SPE2-bgp] address-family vpnv4...
  • Page 318 Configuration procedure Configure OSPF on the customer networks. Configure conventional OSPF on CE 1, Router A, and CE 2 to advertise addresses of the interfaces as shown in Figure 81. Set the cost value to 2 for both the link between CE 1 and Router A, and the link between CE 2 and Router A.
  • Page 319 [PE2-Serial2/1/1] quit # Configure PE 2 to take PE 1 as an MP-IBGP peer. [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0 [PE2-bgp] address-family vpnv4 [PE2-bgp-vpnv4] peer 1.1.1.9 enable [PE2-bgp-vpnv4] quit [PE2-bgp] quit # Configure OSPF on PE 2. [PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0...
  • Page 320 [PE2-GigabitEthernet2/0/1] quit [PE2] ospf 100 vpn-instance vpn1 [PE2-ospf-100] domain-id 10 [PE2-ospf-100] area 1 [PE2-ospf-100-area-0.0.0.1] network 120.1.1.0 0.0.0.255 [PE2-ospf-100-area-0.0.0.1] quit [PE2-ospf-100] quit [PE2] bgp 100 [PE2-bgp] ip vpn-instance vpn1 [PE2-bgp-vpn1] address-family ipv4 unicast [PE2-bgp-ipv4-vpn1] import-route ospf 100 [PE2-bgp-ipv4-vpn1] import-route direct [PE2-bgp-ipv4-vpn1] quit [PE2-bgp-vpn1] quit [PE2-bgp] quit # Execute the display ip routing-table vpn-instance command on the PEs to verify that the...

  • Page 321: Configuring Mce

    [PE1] display ospf sham-link OSPF Process 100 with Router ID 100.1.1.2 Sham link Area Neighbor ID Source IP Destination IP State Cost 0.0.0.1 120.1.1.2 3.3.3.3 5.5.5.5 P-2-P # Verify that the peer state is Full on PE 1. [PE1] display ospf sham-link area 1 OSPF Process 100 with Router ID 100.1.1.2 Sham link: 3.3.3.3 -->...
  • Page 322 Figure 82 Network diagram VPN 2 Site 1 PE 2 PE 1 GE2/0/3.1 20.1.1.1/24 GE2/0/1.1 20.1.1.2/24 GE2/0/1.2 PE 3 30.1.1.2/24 GE2/0/2 GE2/0/3.2 VPN 1 10.214.10.2/24 30.1.1.1/24 192.168.0.0/24 GE2/0/1 GE2/0/1 VPN 1 10.214.10.3/24 192.168.0.1/24 GE2/0/2 VR 1 Site 2 10.214.20.3/24 GE2/0/2 10.214.20.2/24 VR 2 GE2/0/1...
  • Page 323 [MCE-GigabitEthernet2/0/1] quit # Bind interface Gigabitethernet 2/0/2 to VPN instance vpn2, and configure an IP address for the interface. [MCE] interface gigabitethernet 2/0/2 [MCE-GigabitEthernet2/0/2] ip binding vpn-instance vpn2 [MCE-GigabitEthernet2/0/2] ip address 10.214.20.3 24 [MCE-GigabitEthernet2/0/2] quit # On PE 1, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance.
  • Page 324 0.0.0.0/32 Direct 127.0.0.1 InLoop0 10.214.10.0/24 Direct 10.214.10.3 GE2/0/1 10.214.10.0/32 Direct 10.214.10.3 GE2/0/1 10.214.10.3/32 Direct 127.0.0.1 InLoop0 10.214.10.255/32 Direct 10.214.10.3 GE2/0/1 127.0.0.0/8 Direct 127.0.0.1 InLoop0 127.0.0.0/32 Direct 127.0.0.1 InLoop0 127.0.0.1/32 Direct 127.0.0.1 InLoop0 127.255.255.255/32 Direct 127.0.0.1 InLoop0 192.168.0.0/24 Static 10.214.10.2 GE2/0/1 224.0.0.0/4 Direct 0.0.0.0...
  • Page 325 [MCE-GigabitEthernet2/0/3.2] vlan-type dot1q vid 20 # Configure an IP address for the subinterface. [MCE-GigabitEthernet2/0/3.2] ip address 30.1.1.1 24 [MCE-GigabitEthernet2/0/3.2] quit # On PE 1, bind subinterface Gigabitethernet 2/0/1.1 to the VPN instance vpn1. [PE1] interface gigabitethernet 2/0/1.1 [PE1-GigabitEthernet2/0/1.1] ip binding vpn-instance vpn1 # Configure the subinterface to terminate VLAN 10.

  • Page 326: Configuring Bgp As Number Substitution

    [PE1] display ip routing-table vpn-instance vpn1 Destinations : 13 Routes : 13 Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/32 Direct 127.0.0.1 InLoop0 20.1.1.0/24 Direct 20.1.1.2 GE2/0/1.1 20.1.1.0/32 Direct 20.1.1.2 GE2/0/1.1 20.1.1.2/32 Direct 127.0.0.1 InLoop0 20.1.1.255/32 Direct 20.1.1.2 GE2/0/1.1 127.0.0.0/8 Direct 127.0.0.1 InLoop0 127.0.0.0/32...
  • Page 327 Figure 83 Network diagram Table 24 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 GE2/0/1 10.1.1.1/24 Loop0 2.2.2.9/32 GE2/0/2 100.1.1.1/24 GE2/0/1 20.1.1.2/24 PE 1 Loop0 1.1.1.9/32 GE2/0/2 30.1.1.1/24 GE2/0/1 10.1.1.2/24 PE 2 Loop0 3.3.3.9/32 GE2/0/2 20.1.1.1/24...
  • Page 328 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 127.0.0.1 InLoop0 10.1.1.0/24 10.2.1.2 GE2/0/1 10.2.1.0/24 Direct 0 10.2.1.1 GE2/0/1 10.2.1.0/32 Direct 0 10.2.1.1 GE2/0/1 10.2.1.1/32 Direct 0 127.0.0.1 InLoop0 10.2.1.255/32 Direct 0 10.2.1.1 GE2/0/1 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32...
  • Page 329 BGP.vpn1: Send UPDATE to peer 10.2.1.1 for following destinations: Origin : Incomplete AS Path : 100 600 Next Hop : 10.2.1.2 100.1.1.0/24, # Execute the display bgp routing-table ipv4 peer received-routes command on CE 2 to verify that CE 2 has not received the route to 100.1.1.0/24. <CE2>...

  • Page 330: Configuring Bgp As Number Substitution And Soo Attribute

    Origin: i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf PrefVal Path/Ogn * >e 10.1.1.0/24 10.2.1.2 100? e 10.2.1.0/24 10.2.1.2 100? * >e 100.1.1.0/24 10.2.1.2 100 100? <CE2> display ip routing-table Destinations : 18 Routes : 18 Destination/Mask Proto Cost...
  • Page 331 Figure 84 Network diagram CE 1 Loop0 GE2/0/1 MPLS backbone GE2/0/1 AS 100 Loop0 Loop0 Loop0 GE2/0/3 GE2/0/1 PE 1 GE2/0/2 VPN 1 GE2/0/2 AS 600 GE2/0/3 GE2/0/1 PE 2 GE2/0/3 GE2/0/2 PE 3 Loop0 CE 3 GE2/0/2 GE2/0/1 Loop0 GE2/0/1 CE 2 VPN 1...
  • Page 332 # Configure BGP AS number substitution on PE 1, PE 2, and PE 3. For more information about the configuration, see "Configuring BGP AS number substitution." # Display routing information on CE 2. The output shows that CE 2 has learned the route for 100.1.1.1/32 from CE 1.

  • Page 333: Configuring Mpls L3Vpn Frr Through Vpnv4 Route Backup For A Vpnv4 Route

    10.2.1.255/32 Direct 0 10.2.1.1 GE2/0/1 10.3.1.0/24 10.2.1.2 GE2/0/1 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 127.0.0.1 InLoop0 200.1.1.1/32 10.2.1.2 GE2/0/1 224.0.0.0/4 Direct 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0...
  • Page 334 Device Interface IP address Device Interface IP address GE2/0/2 10.1.1.2/24 CE 2 Loop0 4.4.4.4/32 PE 3 Loop0 3.3.3.3/32 GE2/0/1 10.1.1.1/24 GE2/0/1 172.2.1.3/24 GE2/0/2 10.3.1.1/24 GE2/0/2 10.3.1.2/24 Configuration procedure Configure IP addresses and masks for interfaces as shown in Table 26, and configure BGP and MPLS L3VPN.

  • Page 335: Configuring Mpls L3Vpn Frr Through Vpnv4 Route Backup For An Ipv4 Route

    Destination: 4.4.4.4/32 Protocol: BGP Process ID: 0 SubProtID: 0x1 Age: 00h00m03s Cost: 0 Preference: 255 IpPre: N/A QosLocalID: N/A Tag: 0 State: Active Adv OrigTblID: 0x0 OrigVrf: default-vrf TableID: 0x102 OrigAs: 300 NibID: 0x15000002 LastAs: 300 AttrID: 0x2 Neighbor: 2.2.2.2 Flags: 0x110060 OrigNextHop: 2.2.2.2 Label: 1146...
  • Page 336 Table 27 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 Loop0 5.5.5.5/32 PE 2 Loop0 2.2.2.2/32 GE2/0/1 10.2.1.1/24 GE2/0/1 172.1.1.2/24 PE 1 Loop0 1.1.1.1/32 GE2/0/2 10.1.1.2/24 GE2/0/1 10.2.1.2/24 GE2/0/3 172.3.1.2/24 GE2/0/2 172.1.1.1/24 PE 3 Loop0 3.3.3.3/32 GE2/0/3...

  • Page 337: Configuring Mpls L3Vpn Frr Through Ipv4 Route Backup For A Vpnv4 Route

    Summary Count : 1 Destination: 4.4.4.4/32 Protocol: BGP Process ID: 0 SubProtID: 0x2 Age: 01h54m24s Cost: 0 Preference: 10 IpPre: N/A QosLocalID: N/A Tag: 0 State: Active Adv OrigTblID: 0x0 OrigVrf: vpn1 TableID: 0x102 OrigAs: 300 NibID: 0x15000002 LastAs: 300 AttrID: 0x0 Neighbor: 10.1.1.1 Flags: 0x10060...
  • Page 338 Table 28 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 Loop0 5.5.5.5/32 PE 2 Loop0 2.2.2.2/32 GE2/0/1 10.2.1.1/24 GE2/0/1 172.1.1.2/24 PE 1 Loop0 1.1.1.1/32 GE2/0/2 10.1.1.2/24 GE2/0/1 10.2.1.2/24 GE2/0/3 172.3.1.2/24 GE2/0/2 172.1.1.1/24 PE 3 Loop0 3.3.3.3/32 GE2/0/3...
  • Page 339 [PE3] mpls bfd enable Verifying the configuration # Display detailed information about the route to 4.4.4.4/32 on PE 2. The output shows the backup next hop for the route. [PE2] display ip routing-table vpn-instance vpn1 4.4.4.4 32 verbose Summary Count : 1 Destination: 4.4.4.4/32 Protocol: BGP Process ID: 0...

  • Page 340: Configuring Ipv6 Mpls L3Vpn

    Configuring IPv6 MPLS L3VPN Overview IPv6 MPLS L3VPN uses BGP to advertise IPv6 VPN routes and uses MPLS to forward IPv6 VPN packets on the service provider backbone. Figure 88 shows a typical IPv6 MPLS L3VPN model. The service provider backbone in the IPv6 MPLS L3VPN model is an IPv4 network.

  • Page 341: Ipv6 Mpls L3Vpn Routing Information Advertisement

    Based on the inbound interface and destination address of the packet, PE 1 finds a matching entry from the routing table of the VPN instance, labels the packet with both a private network label (inner label) and a public network label (outer label), and forwards the packet out. The MPLS backbone transmits the packet to PE 2 by outer label.

  • Page 342: Protocols And Standards

    Protocols and standards • RFC 4659, BGP-MPLS IP Virtual Private Network (VPN) Extension for IPv6 VPN • RFC 6565, OSPFv3 as a Provider Edge to Customer Edge (PE-CE) Routing Protocol IPv6 MPLS L3VPN configuration task list Tasks at a glance (Required.) Configuring basic IPv6 MPLS L3VPN (Optional.)
  • Page 343 Creating a VPN instance A VPN instance is a collection of the VPN membership and routing rules of its associated site. A VPN instance might correspond to more than one VPN. To create and configure a VPN instance: Step Command Remarks Enter system view.
  • Page 344 Step Command Remarks By default, no VPN instance is associated with an interface. The ip binding vpn-instance Associate a VPN instance ip binding vpn-instance command clears the IP address of with the interface. vpn-instance-name the interface. Therefore, reconfigure an IP address for the interface after configuring this command.

  • Page 345: Configuring Routing Between A Pe And A Ce

    Step Command Remarks By default, only one tunnel is selected (no load balancing) in this order: LSP tunnel, GRE tunnel, and CR-LSP tunnel. Apply a tunnel policy to the tnl-policy tunnel-policy-name The specified tunnel policy must VPN instance. have been created. For information about tunnel policies, see "Configuring tunnel...
  • Page 346 Configuring OSPFv3 between a PE and a CE An OSPFv3 process belongs to the public network or a single VPN instance. If you create an OSPF process without binding it to a VPN instance, the process belongs to the public network. For more information about OSPFv3, see Layer 3—IP Routing Configuration Guide.
  • Page 347 Step Command Remarks By default, when a PE redistributes BGP routes into OSPFv3 and creates OSPFv3 LSAs, it sets the DN bit for the LSAs. (Optional.) Disable setting disable-dn-bit-set the DN bit in OSPFv3 LSAs. Before using this command, make sure it does not cause any routing loops.
  • Page 348 Step Command Remarks Create the IS-IS IPv6 unicast By default, the IS-IS IPv6 unicast address family and enter its address-family ipv6 [ unicast ] address family is not created. view. Return to system view. quit interface interface-type Enter interface view. interface-number Enable IPv6 for the IS-IS By default, IPv6 is disabled for the...
  • Page 349 Step Command Remarks Enter BGP view. bgp as-number peer { group-name | ipv6-address Configure the PE as an By default, no BGP peer is [ prefix-length ] } as-number EBGP peer. configured. as-number Create the BGP IPv6 unicast By default, the BGP IPv6 address family and enter its address-family ipv6 [ unicast ] unicast address family is not...

  • Page 350: Configuring Routing Between Pes

    Step Command Remarks By default, no RR or RR client is configured, and the PE does not advertise routes learned from the IBGP peer CE to other IBGP peers, including VPNv6 IBGP peers. The PE advertises routes learned from the CE to other IBGP peers only Configure the CE as a client peer { group-name | ipv6-address...

  • Page 351: Configuring Bgp Vpnv6 Route Control

    Step Command Remarks Enter BGP view. bgp as-number peer { group-name | ip-address Configure the remote PE as By default, no BGP peer is [ mask-length ] } as-number the peer. configured. as-number peer { group-name | ip-address By default, BGP uses the Specify the source interface [ mask-length ] } outbound interface of the best...

  • Page 352: Configuring Inter-As Ipv6 Vpn

    Step Command Remarks 10. Apply a routing policy to peer { group-name | ip-address routes advertised to or [ mask-length ] } route-policy By default, no routing policy is received from the peer or route-policy-name { export | applied for a peer. peer group.

  • Page 353: Configuring Inter-As Ipv6 Vpn Option A

    Configuring inter-AS IPv6 VPN option A Inter-AS IPv6 VPN option A applies to scenarios where the number of VPNs and that of VPN routes on the PEs are relatively small. To configure inter-AS IPv6 option A: • Configure basic IPv6 MPLS L3VPN on each AS. •...

  • Page 354: Configuring Multirole Host

    Configuring the ASBRs In the inter-AS IPv6 VPN option C solution, an inter-AS LSP is needed, and the routes advertised between the PEs and ASBRs must carry MPLS label information. The configuration is the same as that in the Inter-AS IPv4 VPN option C solution. For more information, see "Configuring MPLS L3VPN."...

  • Page 355: Configuring An Ipv6 Static Route

    Configuring an IPv6 static route Step Command Remarks Enter system system-view view. By default, no IPv6 static route is configured. ipv6 route-static vpn-instance The d-vpn-instance-name Configure an IPv6 s-vpn-instance-name ipv6-address argument represents the VPN static route for a prefix-length vpn-instance instance to which the multirole VPN instance to d-vpn-instance-name nexthop-address...

  • Page 356: Creating A Sham Link

    Step Command Remarks Redistribute direct routes into BGP (including the By default, no direct routes are import-route direct loopback interface redistributed into BGP. address). Creating a sham link Step Command Remarks Enter system view. system-view ospfv3 [ process-id | vpn-instance Enter OSPFv3 view.
  • Page 357 Step Command Remarks Enter system view. system-view By default, no IPv6 ipv6 route-static vpn-instance static route is s-vpn-instance-name ipv6-address prefix-length configured. { interface-type interface-number Configure an IPv6 [ next-hop-address ] | nexthop-address [ public ] | Perform this static route for an IPv6 vpn-instance d-vpn-instance-name configuration on the VPN instance.
  • Page 358 To configure OSPFv3 between an MCE and a VPN site: Step Command Remarks Enter system view. system-view Perform this configuration on the MCE. On a VPN site, configure common OSPFv3. Create an OSPFv3 process ospfv3 [ process-id | The maximum number of OSPFv3 for a VPN instance and enter vpn-instance processes for a VPN instance...
  • Page 359 Step Command Remarks Create the IS-IS IPv6 unicast By default, the IS-IS IPv6 unicast address family and enter its address-family ipv6 [ unicast ] address family is not created. view. By default, no routes are import-route protocol redistributed to IPv6 IS-IS. [ process-id ] [ allow-ibgp ] (Optional.) Redistribute [ allow-direct | cost cost |...
  • Page 360 Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number peer { group-name | ipv6-address Configure the MCE as an By default, no BGP peer is [ prefix-length ] } as-number EBGP peer. configured. as-number Enter BGP IPv6 unicast address-family ipv6 [ unicast ] address family view.

  • Page 361: Configuring Routing Between An Mce And A Pe

    Step Command Remarks import-route protocol Redistribute remote site [ { process-id | all-processes } By default, no routes are routes advertised by the PE [ allow-direct | med med-value | redistributed into BGP. into BGP. route-policy route-policy-name ] filter-policy { acl6-number | (Optional.) Configure filtering By default, BGP does not prefix-list ipv6-prefix-name }...
  • Page 362 Step Command Remarks ipv6 route-static vpn-instance s-vpn-instance-name ipv6-address prefix-length { interface-type interface-number Configure an IPv6 [ next-hop-address ] | nexthop-address [ public ] By default, no IPv6 static static route for an IPv6 | vpn-instance d-vpn-instance-name route is configured. VPN instance. nexthop-address } [ permanent ] [ preference preference-value ] [ tag tag-value ] [ description description-text ]...
  • Page 363 Step Command Remarks import-route protocol [ process-id | all-processes | allow-ibgp ] [ allow-direct | cost By default, no routes are Redistribute VPN routes. cost | nssa-only | route-policy redistributed into OSPFv3. route-policy-name | tag tag | type type ] * filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } (Optional.) Configure filtering...
  • Page 364 Configuring EBGP between an MCE and a PE Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter BGP-VPN instance ip vpn-instance view. vpn-instance-name peer { group-name | ipv6-address Configure the PE as an By default, no BGP peer is [ prefix-length ] } as-number EBGP peer.

  • Page 365: Configuring Bgp As Number Substitution And Soo Attribute

    Step Command Remarks (Optional.) Configure filter-policy { acl6-number | prefix-list By default, BGP does not filter filtering of received received routes. ipv6-prefix-name } import routes. Configuring BGP AS number substitution and SoO attribute When CEs at different sites have the same AS number, configure the BGP AS number substitution function to avoid route loss.

  • Page 366: Ipv6 Mpls L3Vpn Configuration Examples

    For more information about the refresh bgp vpnv6 and reset bgp vpnv6 commands, see Layer 3—IP Routing Command Reference. Execute the following commands in any view to display IPv6 MPLS L3VPN: Task Command Display the IPv6 routing table for a VPN display ipv6 routing-table vpn-instance vpn-instance-name instance.
  • Page 367 Figure 90 Network diagram AS 65410 AS 65430 VPN 1 VPN 1 CE 3 CE 1 GE2/0/1 GE2/0/1 Loop0 GE2/0/1 PE 2 GE2/0/1 PE 1 POS2/2/0 POS2/2/1 Loop0 Loop0 POS2/2/0 POS2/2/0 GE2/0/2 GE2/0/2 MPLS backbone GE2/0/1 GE2/0/1 CE 2 CE 4 VPN 2 VPN 2 AS 65420...
  • Page 368 [PE1-ospf-1] quit # Configure the P router. <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface pos 2/2/0 [P-Pos2/2/0] ip address 172.1.1.2 24 [P-Pos2/2/0] quit [P] interface pos 2/2/1 [P-Pos2/2/1] ip address 172.2.1.1 24 [P-Pos2/2/1] quit [P] ospf [P-ospf-1] area 0...
  • Page 369 [P] mpls ldp [P-ldp] quit [P] interface pos 2/2/0 [P-Pos2/2/0] mpls enable [P-Pos2/2/0] mpls ldp enable [P-Pos2/2/0] quit [P] interface pos 2/2/1 [P-Pos2/2/1] mpls enable [P-Pos2/2/1] mpls ldp enable [P-Pos2/2/1] quit # Configure PE 2. [PE2] mpls lsr-id 3.3.3.9 [PE2] mpls ldp [PE2-ldp] quit [PE2] interface pos 2/2/0 [PE2-Pos2/2/0] mpls enable...
  • Page 370 [PE2] interface gigabitethernet 2/0/1 [PE2-GigabitEthernet2/0/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/0/1] ipv6 address 2001:3::2 96 [PE2-GigabitEthernet2/0/1] quit [PE2] interface gigabitethernet 2/0/2 [PE2-GigabitEthernet2/0/2] ip binding vpn-instance vpn2 [PE2-GigabitEthernet2/0/2] ipv6 address 2001:4::2 96 [PE2-GigabitEthernet2/0/2] quit # Configure IP addresses for the CEs according to Figure 90.
  • Page 371 [PE1-bgp-ipv6-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] ip vpn-instance vpn2 [PE1-bgp-vpn2] peer 2001:2::1 as-number 65420 [PE1-bgp-vpn2] address-family ipv6 unicast [PE1-bgp-ipv6-vpn2] peer 2001:2::1 enable [PE1-bgp-ipv6-vpn2] quit [PE1-bgp-vpn2] quit [PE1-bgp] quit # Configure PE 2 in the same way that PE 1 is configured. (Details not shown.) # Execute the display bgp peer ipv6 vpn-instance command on the PEs to verify that a BGP peer relationship in Established state has been established between a PE and a CE.
  • Page 372 Interface : InLoop0 Cost Destination: 2001:3::/96 Protocol : BGP4+ NextHop : ::FFFF:3.3.3.9 Preference: 255 Interface : POS2/2/0 Cost Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0...

  • Page 373: Configuring An Ipv6 Mpls L3Vpn Over A Gre Tunnel

    Configuring an IPv6 MPLS L3VPN over a GRE tunnel Network requirements CE 1 and CE 2 belong to VPN 1. The PEs support MPLS, while the P router does not support MPLS and provides only IP functions. On the backbone, use a GRE tunnel to encapsulate and forward packets for IPv6 MPLS L3VPN. Configure tunnel policies on the PEs, and specify the tunnel type for VPN traffic as GRE.
  • Page 374 [PE1] mpls lsr-id 1.1.1.9 # Configure PE 2. <PE2> system-view [PE2] mpls lsr-id 2.2.2.9 Configure VPN instances on the PEs to allow CE access, and apply tunnel policies to the VPN instances to use a GRE tunnel for VPN packet forwarding: # Configure PE 1.
  • Page 375 # Use the ping command on the PEs to verify that the PEs can ping their attached CEs, for example, on PE 1. [PE1] ping ipv6 -vpn-instance vpn1 2001:1::1 Ping6(56 bytes) 2001:1::2 --> 2001:1::1, press CTRL_C to break 56 bytes from 2001:1::1, icmp_seq=0 hlim=64 time=0.000 ms 56 bytes from 2001:1::1, icmp_seq=1 hlim=64 time=1.000 ms 56 bytes from 2001:1::1, icmp_seq=2 hlim=64 time=0.000 ms 56 bytes from 2001:1::1, icmp_seq=3 hlim=64 time=1.000 ms...

  • Page 376: Configuring Ipv6 Mpls L3Vpn Inter-As Option A

    Configure a GRE tunnel: # Configure PE 1. [PE1] interface tunnel 0 mode gre [PE1-Tunnel0] source loopback 0 [PE1-Tunnel0] destination 2.2.2.9 [PE1-Tunnel0] ip address 20.1.1.1 24 [PE1-Tunnel0] mpls enable [PE1-Tunnel0] quit # Configure PE 2. [PE2] interface tunnel 0 mode gre [PE2-Tunnel0] source loopback 0 [PE2-Tunnel0] destination 1.1.1.9 [PE2-Tunnel0] ip address 20.1.1.2 24...
  • Page 377 Table 32 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 GE2/0/1 2001:1::1/96 CE 2 GE2/0/1 2001:2::1/96 PE 1 Loop0 1.1.1.9/32 PE 2 Loop0 4.4.4.9/32 GE2/0/1 2001:1::2/96 GE2/0/1 2001:2::2/96 POS2/2/0 172.1.1.2/24 POS2/2/0 162.1.1.2/24 ASBR-PE1 Loop0 2.2.2.9/32 ASBR-PE2...
  • Page 378 [ASBR-PE2] interface pos 2/2/0 [ASBR-PE2-Pos2/2/0] mpls enable [ASBR-PE2-Pos2/2/0] mpls ldp enable [ASBR-PE2-Pos2/2/0] quit # Configure basic MPLS on PE 2, and enable MPLS LDP for both PE 2 and the interface connected to ASBR-PE 2. <PE2> system-view [PE2] mpls lsr-id 4.4.4.9 [PE2] mpls ldp [PE2-ldp] quit [PE2] interface pos 2/2/0...
  • Page 379 # On ASBR-PE 1, create a VPN instance, and bind the VPN instance to the interface connected to ASBR-PE 2. ASBR-PE 1 considers ASBR-PE 2 to be its attached CE. [ASBR-PE1] ip vpn-instance vpn1 [ASBR-PE1-vpn-vpn1] route-distinguisher 100:1 [ASBR-PE1-vpn-vpn1] vpn-target 100:1 both [ASBR-PE1-vpn-vpn1] quit [ASBR-PE1] interface pos 2/2/1 [ASBR-PE1-Pos2/2/1] ip binding vpn-instance vpn1...
  • Page 380 [CE2-bgp] quit # Configure PE 2. [PE2] bgp 200 [PE2-bgp] ip vpn-instance vpn1 [PE2-bgp-vpn1] peer 2001:2::1 as-number 65002 [PE2-bgp-vpn1] address-family ipv6 unicast [PE2-bgp-ipv6-vpn1] peer 2001:2::1 enable [PE2-bgp-ipv6-vpn1] quit [PE2-bgp-vpn1] quit [PE2-bgp] quit Establish an IBGP peer relationship between each PE and the ASBR-PE in the same AS and an EBGP peer relationship between the ASBR-PEs: # Configure PE 1.

  • Page 381: Configuring Ipv6 Mpls L3Vpn Inter-As Option C

    # Configure PE 2. [PE2] bgp 200 [PE2-bgp] peer 3.3.3.9 as-number 200 [PE2-bgp] peer 3.3.3.9 connect-interface loopback 0 [PE2-bgp] address-family vpnv6 [PE2-bgp-vpnv6] peer 3.3.3.9 enable [PE2-bgp-vpnv6] quit [PE2-bgp] quit Verifying the configuration # Verify that the CEs can learn the route to each other and can ping each other. (Details not shown.) Configuring IPv6 MPLS L3VPN inter-AS option C Network requirements Site 1 and Site 2 belong to the same VPN.
  • Page 382 Device Interface IP address Device Interface IP address S2/1/1 11.0.0.2/8 S2/1/1 11.0.0.1/8 CE 1 GE2/0/1 2001::2/64 CE 1 GE2/0/1 2002::2/64 Configuration procedure Configure CE 1: # Configure an IPv6 address for Gigabitethernet 2/0/1. <CE1> system-view [CE1] interface gigabitethernet 2/0/1 [CE1-GigabitEthernet2/0/1] ipv6 address 2001::2 64 [CE1-GigabitEthernet2/0/1] quit # Establish an EBGP peer relationship with PE 1, and redistribute VPN routes.
  • Page 383 [PE1-vpn-instance-vpn1] quit # Associate interface Gigabitethernet 2/0/1 with VPN instance vpn1, and specify the IPv6 address for the interface. [PE1] interface gigabitethernet 2/0/1 [PE1-GigabitEthernet2/0/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/0/1] ipv6 address 2001::1 64 [PE1-GigabitEthernet2/0/1] quit # Start BGP on PE 1. [PE1] bgp 100 # Enable the capability to advertise labeled routes to and receive labeled routes from IBGP peer 3.3.3.9.
  • Page 384 [ASBR-PE1-Serial2/1/0] mpls enable [ASBR-PE1-Serial2/1/0] mpls ldp enable [ASBR-PE1-Serial2/1/0] quit # Configure interface Serial 2/1/1, and enable MPLS on it. [ASBR-PE1] interface serial 2/1/1 [ASBR-PE1-Serial2/1/1] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Serial2/1/1] mpls enable [ASBR-PE1-Serial2/1/1] quit # Configure interface Loopback 0, and start IS-IS on it. [ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.3.3.9 32 [ASBR-PE1-LoopBack0] isis enable 1...
  • Page 385 [ASBR-PE2] isis 1 [ASBR-PE2-isis-1] network-entity 10.333.333.333.333.00 [ASBR-PE2-isis-1] quit # Configure an LSR ID, and enable MPLS and LDP. [ASBR-PE2] mpls lsr-id 4.4.4.9 [ASBR-PE2] mpls ldp [ASBR-PE2-ldp] quit # Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface. [ASBR-PE2] interface serial 2/1/0 [ASBR-PE2-Serial2/1/0] ip address 9.1.1.1 255.0.0.0 [ASBR-PE2-Serial2/1/0] isis enable 1...
  • Page 386 [ASBR-PE2-bgp-ipv4] peer 11.0.0.2 enable [ASBR-PE2-bgp-ipv4] peer 11.0.0.2 route-policy policy1 export # Enable the capability to advertise labeled routes to and receive labeled routes from EBGP peer 11.0.0.2. [ASBR-PE2-bgp-ipv4] peer 11.0.0.2 label-route-capability [ASBR-PE2-bgp-ipv4] quit [ASBR-PE2-bgp] quit Configure PE 2: # Start IS-IS on PE 2. <PE2>...

  • Page 387: Configuring Ipv6 Mpls L3Vpn Carrier's Carrier In The Same As

    [PE2-bgp-ipv4] peer 4.4.4.9 enable [PE2-bgp-ipv4] peer 4.4.4.9 label-route-capability [PE2-bgp-ipv4] quit # Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10. [PE2-bgp] peer 2.2.2.9 as-number 100 [PE2-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE2-bgp] peer 2.2.2.9 ebgp-max-hop 10 # Configure peer 2.2.2.9 as a VPNv6 peer.
  • Page 388 • PE 3 and PE 4 are the customer carrier's PE routers. They provide IPv6 MPLS L3VPN services to end customers. • CE 3 and CE 4 are customers of the customer carrier. • The customer carrier and the provider carrier reside in the same AS. The key to the carrier's carrier deployment is to configure exchange of two kinds of routes: •...
  • Page 389 <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 3.3.3.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 3.3.3.9 [PE1] mpls ldp [PE1-ldp] quit [PE1] isis 1 [PE1-isis-1] network-entity 10.0000.0000.0000.0004.00 [PE1-isis-1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface pos 2/2/1 [PE1-POS2/2/1] ip address 30.1.1.1 24 [PE1-POS2/2/1] isis enable 1...
  • Page 390 [PE3] interface loopback 0 [PE3-LoopBack0] isis enable 2 [PE3-LoopBack0] quit [PE3] interface pos 2/2/1 [PE3-Pos2/2/1] ip address 10.1.1.1 24 [PE3-Pos2/2/1] isis enable 2 [PE3-Pos2/2/1] mpls enable [PE3-Pos2/2/1] mpls ldp enable [PE3-Pos2/2/1] mpls ldp transport-address interface [PE3-Pos2/2/1] quit # Configure CE 1. <CE1>...
  • Page 391 [PE1-isis-2-ipv4] quit [PE1-isis-2] quit [PE1] interface pos 2/2/0 [PE1-Pos2/2/0] ip binding vpn-instance vpn1 [PE1-Pos2/2/0] ip address 11.1.1.2 24 [PE1-Pos2/2/0] isis enable 2 [PE1-Pos2/2/0] mpls enable [PE1-Pos2/2/0] mpls ldp enable [PE1-Pos2/2/0] mpls ldp transport-address interface [PE1-Pos2/2/0] quit [PE1] bgp 100 [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] address-family ipv4 unicast [PE1-bgp-ipv4-vpn1] import isis 2 [PE1-bgp-ipv4-vpn1] quit...
  • Page 392 [PE3-GigabitEthernet2/0/1] ipv6 address 2001:1::2 96 [PE3-GigabitEthernet2/0/1] quit [PE3] bgp 100 [PE3-bgp] ip vpn-instance vpn1 [PE3-bgp-vpn1] peer 2001:1::1 as-number 65410 [PE3-bgp-vpn1] address-family ipv6 unicast [PE3-bgp-ipv6-vpn1] peer 2001:1::1 enable [PE3-bgp-ipv6-vpn1] quit [PE3-bgp-vpn1] quit [PE3-bgp] quit # Configure PE 4 and CE 4 in the same way that PE 3 and CE 3 are configured. (Details not shown.) Configure an MP-IBGP peer relationship between the PEs of the customer carrier to exchange the VPN routes of the end customers:...
  • Page 393 [PE1] display ip routing-table vpn-instance vpn1 Destinations : 18 Routes : 18 Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/32 Direct 127.0.0.1 InLoop0 1.1.1.9/32 IS_L1 11.1.1.1 POS2/2/0 2.2.2.9/32 IS_L1 11.1.1.1 POS2/2/0 5.5.5.9/32 255 10 4.4.4.9 POS2/2/1 6.6.6.9/32 255 20 4.4.4.9 POS2/2/1 10.1.1.0/24 IS_L1 11.1.1.1...
  • Page 394 224.0.0.0/4 Direct 0.0.0.0 NULL0 224.0.0.0/24 Direct 0.0.0.0 NULL0 255.255.255.255/32 Direct 127.0.0.1 InLoop0 Display the public network routing table and VPN routing table on the customer carrier PEs, for example, on PE 3: # Verify that the public network routing table contains the internal routes of the customer carrier network.

  • Page 395: Configuring Multirole Host

    NextHop : ::FFFF:6.6.6.9 Preference: 255 Interface : POS2/2/1 Cost Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : InLoop0 Cost Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost Verify that PE 3 and PE 4 can ping each other. (Details not shown.) Verify that CE 3 and CE 4 can ping each other.
  • Page 396 Configure PE 1: # Create VPN instances vpn1 and vpn2 for VPN 1 and VPN 2, respectively, and configure different RDs and route targets for the VPN instances. <PE1> system-view [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:2...

  • Page 397: Configuring An Ospfv3 Sham Link

    Configuring an OSPFv3 sham link Network requirements As shown in Figure 96, CE 1 and CE 2 belong to VPN 1. Configure an OSPFv3 sham link between PE 1 and PE 2 so traffic between CE 1 and CE 2 is forwarded through the MPLS backbone, instead of the backdoor link.
  • Page 398 [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls ldp [PE1-ldp] quit [PE1] interface serial 2/1/1 [PE1-Serial2/1/1] ip address 10.1.1.1 24 [PE1-Serial2/1/1] mpls enable [PE1-Serial2/1/1] mpls ldp enable [PE1-Serial2/1/1] quit # Configure PE 1 to take PE 2 as an MP-IBGP peer. [PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 as-number 100 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE1-bgp] address-family vpnv6...
  • Page 399 [PE2-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit Configure PEs to allow CE access: # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] interface gigabitethernet 2/0/1 [PE1-GigabitEthernet2/0/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/0/1] ipv6 address 100::2 64 [PE1-GigabitEthernet2/0/1] ospfv3 100 area 1 [PE1-GigabitEthernet2/0/1] quit [PE1] ospfv3 100...
  • Page 400 # Execute the display ipv6 routing-table vpn-instance command on the PEs to verify that the path to the peer CE is along the OSPFv3 route across the customer networks, instead of the IPv6 BGP route across the backbone. (Details not shown.) Configure a sham link: # Configure PE 1.

  • Page 401: Configuring Ipv6 Mce

    Source : 3::3 Destination : 5::5 Interface ID: 2147483649 Neighbor ID : 120.1.1.1, Neighbor state: Full Cost: 1 State: P-2-P Type: Sham Instance ID: 0 Timers: Hello 10, Dead 40, Retransmit 5, Transmit delay 1 Request list: 0 Retransmit list: 0 Configuring IPv6 MCE Network requirements As shown in...
  • Page 402 [MCE-vpn-instance-vpn1] vpn-target 10:1 [MCE-vpn-instance-vpn1] quit [MCE] ip vpn-instance vpn2 [MCE-vpn-instance-vpn2] route-distinguisher 20:1 [MCE-vpn-instance-vpn2] vpn-target 20:1 [MCE-vpn-instance-vpn2] quit # Bind interface Gigabitethernet 2/0/1 to VPN instance vpn1, and configure an IPv6 address for the interface. [MCE] interface gigabitethernet 2/0/1 [MCE-GigabitEthernet2/0/1] ip binding vpn-instance vpn1 [MCE-GigabitEthernet2/0/1] ipv6 address 2001:1::1 64 [MCE-GigabitEthernet2/0/1] quit # Bind interface Gigabitethernet 2/0/2 to VPN instance vpn2, and configure an IPv6 address for...
  • Page 403 # On VR 2, assign IPv6 address 2002:1::2/64 to the interface connected to the MCE. (Details not shown.) # On VR 2, configure RIPng and advertise subnets 2012::/64 and 2002:1::/64. <VR2> system-view [VR2] ripng 20 [VR2-ripng-20] quit [VR2] interface gigabitethernet 2/0/1 [VR2-GigabitEthernet2/0/1] ripng 20 enable [VR2-GigabitEthernet2/0/1] quit [VR2] interface gigabitethernet 2/0/2...
  • Page 404 Destination: 2002:1::/64 Protocol : Direct NextHop : :: Preference: 0 Interface : GE2/0/2 Cost Destination: 2002:1::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2012::/64 Protocol : RIPng NextHop : FE80::20C:29FF:FE40:701 Preference: 100 Interface : GE2/0/2 Cost Destination: FE80::/10 Protocol...
  • Page 405 # On PE 1, bind subinterface Gigabitethernet 2/0/1.2 to the VPN instance vpn2. [PE1] interface gigabitethernet 2/0/1.2 [PE1-GigabitEthernet2/0/1.2] ip binding vpn-instance vpn2 # Configure the subinterface to terminate VLAN 20. [PE1-GigabitEthernet2/0/1.2] vlan-type dot1q vid 20 # Configure an IPv6 address for the subinterface. [PE1-GigabitEthernet2/0/1.2] ipv6 address 2002:2::4 64 [PE1-GigabitEthernet2/0/1.2] quit # Configure the IP address of the interface Loopback 0 as 101.101.10.1 for the MCE and as...

  • Page 406: Configuring Bgp As Number Substitution

    Destination: 2012:1::/64 Protocol : O_ASE2 NextHop : FE80::200:5EFF:FE01:1C05 Preference: 15 Interface : GE2/0/1.1 Cost : 10 Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost...
  • Page 407 Figure 98 Network diagram Table 36 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 GE2/0/1 10:1::2/96 Loop0 2.2.2.9/32 GE2/0/2 100::1/96 GE2/0/1 20.1.1.2/24 PE 1 Loop0 10.1.1.1/32 GE2/0/2 30.1.1.1/24 GE2/0/1 10:1::1/96 PE 2 Loop0 10.1.1.2/32 GE2/0/2 20.1.1.1/24...
  • Page 408 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 10:2::/96 Protocol : Direct NextHop : :: Preference: 0 Interface : GE2/0/1 Cost Destination: 10:2::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 200::/96 Protocol...
  • Page 409 Interface : GE2/0/1 Cost Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost # Enable BGP update packet debugging on PE 2. The output shows that PE 2 has advertised the route for 100::/96, and the AS_PATH is 100 600.
  • Page 410 *Jun 27 18:07:34:420 2013 PE2 BGP/7/DEBUG: BGP_IPV6.vpn1: Send UPDATE to peer 10:2::2 for following destinations: Origin : Incomplete AS path : 100 100 Next hop : 10:2::1 100::/96, # Display again the routing information that CE 2 has received, and the routing table. The output shows that CE 2 has learned the route 100::/96.

  • Page 411: Configuring Bgp As Number Substitution And Soo Attribute

    NextHop : :: Preference: 0 Interface : NULL0 Cost Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost # Verify that Gigabitethernet 2/0/2 of CE 1 and Gigabitethernet 2/0/2 of CE 2 can ping each other. (Details not shown.) Configuring BGP AS number substitution and SoO attribute Network requirements...
  • Page 412 Device Interface IP address Device Interface IP address GE2/0/1 10:3::2/96 GE2/0/2 40.1.1.2/24 GE2/0/2 50.1.1.2/24 GE2/0/3 50.1.1.1/24 Configuration procedure Configure basic IPv6 MPLS L3VPN: Configure OSPF on the MPLS backbone to allow the PEs and P device to learn the routes of the loopback interfaces from each other.
  • Page 413 [PE1-bgp-vpn1] address-family ipv6 [PE1-bgp-ipv6-vpn1] peer 10:1::1 soo 1:100 # On PE 2, configure the SoO attribute as 1:100 for CE 2. [PE2] bgp 100 [PE2-bgp] ip vpn-instance vpn1 [PE2-bgp-vpn1] address-family ipv6 [PE2-bgp-ipv6-vpn1] peer 10:2::1 soo 1:100 Verifying the configuration # PE 2 does not advertise routes received from CE 1 to CE 2 because the same SoO attribute has been configured.

  • Page 414: Configuring Mpls L2Vpn

    Configuring MPLS L2VPN MPLS L2VPN provides point-to-point and point-to-multipoint connections. This chapter describes only the MPLS L2VPN technologies that provide point-to-point connections. For information about the MPLS L2VPN technologies that provide point-to-multipoint connections, see "Configuring VPLS." Overview MPLS L2VPN is an implementation of Pseudo Wire Emulation Edge-to-Edge (PWE3). It offers Layer 2 VPN services over an MPLS or IP backbone.

  • Page 415: Mpls L2Vpn Network Models

    For example, a VPN has 10 sites, and a PE assigns the first label block LB1/0/10 to the VPN. When another 15 sites are added, the PE keeps the first label block and assigns the second label block LB2/10/15 to extend the network. LB1 and LB2 are the initial label values that are randomly selected by the PE.

  • Page 416: Remote Connection Establishment

    Remote connection establishment To set up a remote MPLS L2VPN connection: Set up a public tunnel to carry one or more PWs between PEs: The public tunnel can be an LSP, MPLS TE, or GRE tunnel. If multiple public tunnels exist between two PEs, you can configure a tunnel policy to control tunnel selection.

  • Page 417: Local Connection Establishment

    NOTE: When VLANs are globally unique, packets with the same VLAN ID are forwarded over the PW bound with that VLAN ID regardless of the receiving interfaces. If VLANs are unique on a per interface basis, packets with the same VLAN ID from different interfaces can be forwarded over different PWs.
  • Page 418 You cannot rewrite or remove existing tags. • VLAN—Packets transmitted over a PW must carry a P-tag. For a packet from a CE: − If the peer PE does not require the ingress to rewrite the P-tag, the PE keeps the P-tag unchanged for the packet, and then encapsulates the packet.

  • Page 419: Control Word

    The peer PE removes the outer encapsulation to get the original PPP or HDLC packet, and then forwards the packet to the user network. Control word The control word field is between the MPLS label stack and the Layer 2 data. It carries control information for the Layer 2 frame, for example, the sequence number.

  • Page 420: Pw Redundancy

    In an MPLS L2VPN interworking scenario, link layer negotiation packets cannot be delivered on the backbone network. Therefore, Layer 2 connections cannot be established between CEs. CEs must establish Layer 2 connections with the PEs. For example, CE 2 and PE 2 must perform PPP negotiation to establish a PPP connection.
  • Page 421 Figure 105 Multi-segment PW MPLS or IP backbone PE 3 PE 2 PW 2 PE 1 PE 4 CE 1 CE 2 Multi-segment PWs include intra-domain multi-segment PWs and inter-domain multi-segment PWs. Intra-domain multi-segment PW An intra-domain multi-segment PW has concatenated PWs within an AS. You can create an intra-domain multi-segment PW between two PEs that have no public tunnel to each other.

  • Page 422: Vccv

    • Concatenate PW 2 and PW 3 on ASBR 2. Figure 107 Inter-domain multi-segment PW VCCV Virtual Circuit Connectivity Verification (VCCV) is an OAM feature for L2VPN. It verifies the connectivity of PWs on the data plane. VCCV includes the following modes: •...

  • Page 423: Enabling L2Vpn

    • Local connection—To create a local connection, configure two ACs and bind the two ACs in cross-connect view. • Multi-segment PW—To create a multi-segment PW, configure two PWs and bind the two PWs in cross-connect view. To configure MPLS L2VPN on a PE: Tasks at a glance Remarks (Required.)

  • Page 424: Configuring The Interface With Ethernet Or Vlan Encapsulation

    Configuring the interface with Ethernet or VLAN encapsulation On a Layer 3 Ethernet interface (including Layer 3 Ethernet interface, Layer 3 virtual Ethernet interface, and VE-L2VPN interface), both the default PW type and default access mode are Ethernet. On a Layer 3 Ethernet subinterface or VLAN interface, both the default PW type and default access mode are VLAN.

  • Page 425: Configuring A Cross-Connect

    Configuring a cross-connect Step Command Remarks Enter system view. system-view Create a cross-connect By default, no cross-connect group and enter xconnect-group group-name group is created. cross-connect group view. (Optional.) Configure a By default, no description is description for the description text configured for the cross-connect cross-connect group.

  • Page 426: Configuring An Ldp Pw

    Step Command Remarks Enter cross-connect view. connection connection-name peer ip-address pw-id pw-id Configure a static PW, and in-label label-value out-label By default, no static PW is enter cross-connect PW label-value [ pw-class class-name configured. view. | tunnel-policy tunnel-policy-name ] * Configure the expected By default, the expected value is bandwidth bandwidth-value...
  • Page 427 Step Command Remarks L2VPN address family view. Enable BGP to exchange BGP By default, BGP cannot exchange peer { group-name | ip-address L2VPN information with the BGP L2VPN information with any [ mask-length ] } enable specified peer or peer group. peer or peer group.

  • Page 428: Configuring A Remote Ccc Connection

    Step Command Remarks and enter auto-discovery BGP. cross-connect group view. Configure an RD for the route-distinguisher By default, no RD is configured for cross-connect group. route-distinguisher the cross-connect group. vpn-target vpn-target&<1-8> By default, no route targets are Configure route targets for [ both | export-extcommunity | configured for the cross-connect the cross-connect group.

  • Page 429: Binding An Ac To A Cross-Connect

    Step Command Remarks class-name ] point-to-point link. On other types of interfaces such as Layer 3 Ethernet interface, VLAN interface, and Layer 3 aggregate interface, you must use the nexthop keyword to specify the IP address of the next hop. Binding an AC to a cross-connect This task is mutually exclusive with Ethernet link aggregation.

  • Page 430: Configuring Static Pw Redundancy

    Configuring static PW redundancy Step Command Remarks Enter system view. system-view Enter cross-connect group xconnect-group group-name view. Enter cross-connect view. connection connection-name (Optional.) Specify whether to switch traffic from the By default, traffic is immediately backup PW to the primary switched back from the backup revertive { wtr wtr-time | never } PW when the primary PW...

  • Page 431: Configuring Interworking For A Cross-Connect

    Step Command Remarks view. [ pw-class class-name | tunnel-policy tunnel-policy-name ] * backup-peer ip-address pw-id Configure a backup LDP PW pw-id [ pw-class class-name | By default, no backup LDP PW is and enter backup tunnel-policy configured. cross-connect PW view. tunnel-policy-name ] * Return to user view.

  • Page 432: Enabling Snmp Notifications For L2Vpn Pw

    Step Command Remarks view. Enter cross-connect view. connection connection-name Enable interworking for the By default, the cross-connect interworking ipv4 cross-connect. does not support interworking. Enabling SNMP notifications for L2VPN PW This feature enables the L2VPN module to generate SNMP notifications upon PW status changes. The generated SNMP notifications are sent to the SNMP module.

  • Page 433: Mpls L2Vpn Configuration Examples

    Task Command Display BGP L2VPN peer group display bgp group l2vpn [ group-name group-name ] information. display bgp l2vpn signaling [ peer ip-address { advertised | received } [ statistics ] | route-distinguisher route-distinguisher Display L2VPN label block information maintained by BGP. [ site-id site-id [ label-offset label-offset [ advertise-info ] ] ] | statistics ] Display BGP L2VPN peer...

  • Page 434: Configuring Ip Interworking Over Local Mpls L2Vpn Connections

    Configure PE: # Enable L2VPN. <PE> system-view [PE] l2vpn enable # Create a cross-connect group named vpn1, create a cross-connect named vpn1 in the group, and bind GigabitEthernet 2/0/1 and GigabitEthernet 2/0/2 to the cross-connect. [PE] xconnect-group vpn1 [PE-xcg-vpn1] connection vpn1 [PE-xcg-vpn1-vpn1] ac interface gigabitethernet 2/0/1 [PE-xcg-vpn1-vpn1] ac interface gigabitethernet 2/0/2 [PE-xcg-vpn1-vpn1] quit...
  • Page 435 [CE1-GigabitEthernet2/0/1] ip address 10.1.1.1 24 [CE1-GigabitEthernet2/0/1] quit Configure CE 2. <CE2> system-view [CE2] interface serial 2/1/0 [CE2-Serial2/1/0] link-protocol ppp [CE2-Serial2/1/0] ip address 10.1.1.2 24 [CE2-Serial2/1/0] quit Configure PE: # Enable L2VPN. <PE> system-view [PE] l2vpn enable # Configure the default next hop IP address as 10.1.1.1 on GigabitEthernet 2/0/1 (the interface connected to CE 1).

  • Page 436: Configuring A Static Pw

    Configuring a static PW Network requirements Create a static PW between PE 1 and PE 2 over the backbone to allow communication between CE 1 and CE 2. Figure 110 Network diagram Table 39 Interface and IP address assignment Device Interface IP address Device...
  • Page 437 [PE1-ldp] quit # Configure GigabitEthernet 2/0/2 (the interface connected to the P device), and enable LDP on the interface. [PE1] interface gigabitethernet 2/0/2 [PE1-GigabitEthernet2/0/2] ip address 10.1.1.1 24 [PE1-GigabitEthernet2/0/2] mpls enable [PE1-GigabitEthernet2/0/2] mpls ldp enable [PE1-GigabitEthernet2/0/2] quit # Configure OSPF for LDP to create LSPs. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255...
  • Page 438 [P-GigabitEthernet2/0/2] quit # Configure OSPF for LDP to create LSPs. [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit Configure PE 2: # Configure an LSR ID. <PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 192.3.3.3 32 [PE2-LoopBack0] quit...

  • Page 439: Configuring An Ldp Pw

    [CE2-GigabitEthernet2/0/1] ip address 100.1.1.2 24 [CE2-GigabitEthernet2/0/1] quit Verifying the configuration # Display L2VPN PW information on PE 1. The output shows that a static PW has been established. [PE1] display l2vpn pw Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon Total number of PWs: 1, 1 up, 0 blocked, 0 down, 0 defect Xconnect-group Name: vpna Peer...
  • Page 440 Device Interface IP address Device Interface IP address CE 2 GE2/0/1 100.1.1.2/24 GE2/0/1 GE2/0/2 10.2.2.1/24 Configuration procedure Configure CE 1. <CE1> system-view [CE1] interface gigabitethernet 2/0/1 [CE1-GigabitEthernet2/0/1] ip address 100.1.1.1 24 [CE1-GigabitEthernet2/0/1] quit Configure PE 1: # Configure an LSR ID. <PE1>...
  • Page 441 # Configure an LSR ID. <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 192.4.4.4 32 [P-LoopBack0] quit [P] mpls lsr-id 192.4.4.4 # Enable global LDP. [P] mpls ldp [P-ldp] quit # Configure GigabitEthernet 2/0/1 (the interface connected to PE 1), and enable LDP on the interface.
  • Page 442 [PE2-GigabitEthernet2/0/2] mpls ldp enable [PE2-GigabitEthernet2/0/2] quit # Configure OSPF for LDP to create LSPs. [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 192.3.3.3 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 10.2.2.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit # Create a cross-connect group named vpna, create a cross-connect named ldp in the group, and bind GigabitEthernet 2/0/1 to the cross-connect.

  • Page 443: Configuring Ip Interworking Over An Ldp Pw

    Configuring IP interworking over an LDP PW Network requirements CE 1 and PE 1 are connected through Ethernet interfaces. CE 2 and PE 2 are connected through serial interfaces, and they use PPP as the link layer protocol. Configure an LDP PW between PE 1 and PE 2 and enable interworking on PEs to allow communication between CE 1 and CE 2.
  • Page 444 # Enable global LDP. [PE1] mpls ldp [PE1-ldp] quit # Configure the default next hop IP address as 100.1.1.1 on GigabitEthernet 2/0/1 (the interface connected to CE 1). This interface does not need an IP address. [PE1] interface gigabitethernet 2/0/1 [PE1-GigabitEthernet2/0/1] default-nexthop ip 100.1.1.1 [PE1-GigabitEthernet2/0/1] quit # Configure GigabitEthernet 2/0/2 (the interface connected to the P device), and enable LDP on...
  • Page 445 [P-GigabitEthernet2/0/1] mpls ldp enable [P-GigabitEthernet2/0/1] quit # Configure GigabitEthernet 2/0/2 (the interface connected to PE 2), and enable LDP on the interface. [P] interface gigabitethernet 2/0/2 [P-GigabitEthernet2/0/2] ip address 10.2.2.2 24 [P-GigabitEthernet2/0/2] mpls enable [P-GigabitEthernet2/0/2] mpls ldp enable [P-GigabitEthernet2/0/2] quit # Configure OSPF for LDP to create LSPs.

  • Page 446: Configuring A Bgp Pw

    [PE2-Serial2/1/0] quit # Create a cross-connect group named vpna, create a cross-connect named ldp in the group, enable interworking for the cross-connect, and bind Serial 2/1/0 to the cross-connect. [PE2] xconnect-group vpna [PE2-xcg-vpna] connection ldp [PE2-xcg-vpna-ldp] interworking ipv4 [PE2-xcg-vpna-ldp] ac interface serial 2/1/0 # Create an LDP PW for the cross-connect to bind the AC to the PW.
  • Page 447 Figure 113 Network diagram Table 42 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 GE2/0/1 100.1.1.1/24 Loop0 192.4.4.4/32 PE 1 Loop0 192.2.2.2/32 GE2/0/1 10.1.1.2/24 GE2/0/1 GE2/0/2 10.2.2.2/24 GE2/0/2 10.1.1.1/24 PE 2 Loop0 192.3.3.3/32 CE 2 GE2/0/1 100.1.1.2/24...
  • Page 448 [PE1-GigabitEthernet2/0/2] mpls ldp enable [PE1-GigabitEthernet2/0/2] quit # Configure OSPF for LDP to create LSPs. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 192.2.2.2 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Create an IBGP connection to PE 2, and enable BGP to advertise L2VPN information to PE 2. [PE1] bgp 100 [PE1-bgp] peer 192.3.3.3 as-number 100 [PE1-bgp] peer 192.3.3.3 connect-interface loopback 0...
  • Page 449 [P-GigabitEthernet2/0/2] ip address 10.2.2.2 24 [P-GigabitEthernet2/0/2] mpls enable [P-GigabitEthernet2/0/2] mpls ldp enable [P-GigabitEthernet2/0/2] quit # Configure OSPF for LDP to create LSPs. [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit Configure PE 2: # Configure an LSR ID.

  • Page 450: Configuring A Remote Ccc Connection

    [PE2] xconnect-group vpnb [PE2-xcg-vpnb] auto-discovery bgp [PE2-xcg-vpnb-auto] route-distinguisher 2:2 [PE2-xcg-vpnb-auto] vpn-target 2:2 export-extcommunity [PE2-xcg-vpnb-auto] vpn-target 2:2 import-extcommunity [PE2-xcg-vpnb-auto] site 2 range 10 default-offset 0 [PE2-xcg-vpnb-auto-2] connection remote-site-id 1 [PE2-xcg-vpnb-auto-2-1] ac interface gigabitethernet 2/0/1 [PE2-xcg-vpnb-auto-2-1] return Configure CE 2. <CE2> system-view [CE2] interface gigabitethernet 2/0/1 [CE2-GigabitEthernet2/0/1] ip address 100.1.1.2 24 [CE2-GigabitEthernet2/0/1] quit...
  • Page 451 Figure 114 Network diagram Table 43 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 GE2/0/1 100.1.1.1/24 Loop0 192.4.4.4/32 PE 1 Loop0 192.2.2.2/32 GE2/0/1 10.1.1.2/24 GE2/0/1 GE2/0/2 10.2.2.2/24 GE2/0/2 10.1.1.1/24 PE 2 Loop0 192.3.3.3/32 CE 2 GE2/0/1 100.1.1.2/24...
  • Page 452 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 192.2.2.2 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Create a cross-connect group named ccc, create a remote CCC connection that has incoming label 101, outgoing label 201, and next hop 10.1.1.2, and bind GigabitEthernet 2/0/1 to the CCC connection.
  • Page 453 [PE2] interface loopback 0 [PE2-LoopBack0] ip address 192.3.3.3 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 192.3.3.3 # Enable L2VPN. [PE2] l2vpn enable # Configure GigabitEthernet 2/0/2 (the interface connected to the P device), and enable MPLS on the interface. [PE2] interface gigabitethernet 2/0/2 [PE2-GigabitEthernet2/0/2] ip address 10.2.2.1 24 [PE2-GigabitEthernet2/0/2] mpls enable [PE2-GigabitEthernet2/0/2] quit...

  • Page 454: Configuring An Intra-Domain Multi-Segment Pw

    Xconnect-group Name: ccc Peer PW ID/Rmt Site In/Out Label Proto Flag Link ID State 10.2.2.2 202/102 Static # Verify that CE 1 and CE 2 can ping each other. (Details not shown.) Configuring an intra-domain multi-segment PW Network requirements As shown in Figure 115, there is no public tunnel between PE 1 and PE 2.
  • Page 455 [PE1-LoopBack0] ip address 192.2.2.2 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 192.2.2.2 # Enable L2VPN. [PE1] l2vpn enable # Enable LDP globally. [PE1] mpls ldp [PE1-ldp] quit # Configure MPLS TE to establish an MPLS TE tunnel between PE 1 and P. For more information, see "Configuring MPLS TE."...
  • Page 456 [P-xcg-vpn1] quit Configure PE 2: # Configure an LSR ID. <PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 192.3.3.3 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 192.3.3.3 # Enable L2VPN. [PE2] l2vpn enable # Configure MPLS TE to establish an MPLS TE tunnel between P and PE 2. For more information, see "Configuring MPLS TE."...

  • Page 457: Configuring An Inter-Domain Multi-Segment Pw

    [PE2] display l2vpn pw Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon Total number of PWs: 1, 1 up, 0 blocked, 0 down, 0 defect Xconnect-group Name: vpn1 Peer PW ID In/Out Label...
  • Page 458 Configuration procedure Configure CE 1. <CE1> system-view [CE1] interface gigabitethernet 2/0/1 [CE1-GigabitEthernet2/0/1] ip address 100.1.1.1 24 [CE1-GigabitEthernet2/0/1] quit Configure PE 1: # Configure an LSR ID. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.1.1.1 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 192.1.1.1 # Enable L2VPN.
  • Page 459 [ASBR1-LoopBack0] quit [ASBR1] mpls lsr-id 192.2.2.2 # Enable L2VPN. [ASBR1] l2vpn enable # Enable global LDP. [ASBR1] mpls ldp [ASBR1-ldp] quit # Configure GigabitEthernet 2/0/2 (the interface connected to PE 1), and enable LDP on the interface. [ASBR1] interface gigabitethernet 2/0/2 [ASBR1-GigabitEthernet2/0/2] ip address 23.1.1.2 24 [ASBR1-GigabitEthernet2/0/2] mpls enable [ASBR1-GigabitEthernet2/0/2] mpls ldp enable...
  • Page 460 [ASBR1-xcg-vpn1-ldp] quit [ASBR1-xcg-vpn1] quit Configure ASBR 2: # Configure an LSR ID. <ASBR2> system-view [ASBR2] interface loopback 0 [ASBR2-LoopBack0] ip address 192.3.3.3 32 [ASBR2-LoopBack0] quit [ASBR2] mpls lsr-id 192.3.3.3 # Enable L2VPN. [ASBR2] l2vpn enable # Enable global LDP. [ASBR2] mpls ldp [ASBR2-ldp] quit # Configure GigabitEthernet 2/0/2 (the interface connected to PE 2), and enable LDP on the interface.
  • Page 461 # Create a cross-connect group named vpn1, create a cross-connect named ldp in the group, and create two LDP PWs for the cross-connect to form a multi-segment PW. [ASBR2] xconnect-group vpn1 [ASBR2-xcg-vpn1] connection ldp [ASBR2-xcg-vpn1-ldp] peer 192.2.2.2 pw-id 1000 [ASBR2-xcg-vpn1-ldp-192.2.2.2-1000] quit [ASBR2-xcg-vpn1-ldp] peer 192.4.4.4 pw-id 1000 [ASBR2-xcg-vpn1-ldp-192.4.4.4-1000] quit [ASBR2-xcg-vpn1-ldp] quit...
  • Page 462 [CE2] interface gigabitethernet 2/0/1 [CE2-GigabitEthernet2/0/1] ip address 100.1.1.2 24 [CE2-GigabitEthernet2/0/1] quit Verifying the configuration # Display L2VPN PW information on PE 1. The output shows that an LDP PW has been created. [PE1] display l2vpn pw Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon Total number of PWs: 1, 1 up, 0 blocked, 0 down, 0 defect Xconnect-group Name: vpn1 Peer...

  • Page 463: Configuring Vpls

    Configuring VPLS Overview Virtual Private LAN Service (VPLS) delivers a point-to-multipoint L2VPN service over an MPLS or IP backbone. The provider backbone emulates a switch to connect all geographically dispersed sites of each customer network. The backbone is transparent to the customer sites. The sites can communicate with each other as if they were on the same LAN.

  • Page 464: Vpls Implementation

    to create a single Layer 2 VPN, which is referred to as a VPLS instance. Sites in different VPLS instances cannot communicate with each other at Layer 2. • VSI—A virtual switch instance provides Layer 2 switching services for a VPLS instance on a PE. A VSI acts as a virtual switch that has all the functions of a conventional Ethernet switch, including source MAC address learning, MAC address aging, and flooding.
  • Page 465 Figure 118 Source MAC address learning on a PE The MAC address table uses an aging timer for each dynamic MAC address entry. If no packet is received from a MAC address before the aging timer expires, VPLS deletes the MAC address. When an AC or a PW goes down, the PE deletes MAC addresses on the AC or PW.

  • Page 466: H-Vpls

    PW full mesh and split horizon A Layer 2 network requires a loop prevention protocol such as STP to avoid loops. However, a loop prevention protocol on PEs brings management and maintenance difficulties. Therefore, VPLS uses the following methods to prevent loops: •...
  • Page 467 Figure 120 H-VPLS using Ethernet access As shown in Figure 120, the edge domain is an Ethernet network. The UPE and NPE 1 establish a point-to-point Ethernet QinQ connection in between. After the UPE receives a packet from a CE, it adds an outer VLAN tag into the packet and forwards the packet to NPE 1.

  • Page 468: Hub-Spoke Networking

    • A primary and backup U-PW switchover is triggered by a command. Hub-spoke networking The hub-spoke network model has one hub site and multiple spoke sites. The spoke sites cannot directly communicate with each other. Traffic between spoke sites must travel through the hub site, so the hub site can implement centralized traffic management.

  • Page 469: Vpls Configuration Task List

    • MSR3012/3024/3044/3064. Commands and descriptions for distributed devices apply to MSR4060 and MSR4080 routers. VPLS configuration task list To configure a VPLS network, perform the following tasks: • Configure an IGP to ensure IP connectivity within the backbone. • Configure basic MPLS, LDP, GRE, or MPLS TE to establish public tunnels on the backbone network.

  • Page 470: Configuring An Ac

    Configuring an AC An AC can be one of the following types on a PE: • Layer 3 Ethernet interface—Transparently forwards received packets to the bound VSI. • Layer 3 Ethernet subinterface—Forwards received packets to the bound VSI. In this mode, VLANs are unique on a per-interface basis rather than on a per-device basis.

  • Page 471: Configuring A Pw

    Configuring a PW Configuring a PW class In a PW class, you can configure PW attributes such as the PW type, and whether to enable control word. To simplify PW configuration, you can configure PWs with the same attributes by referencing the same PW class.

  • Page 472: Configuring An Ldp Pw

    Configuring an LDP PW Before you configure an LDP PW, enable global and interface MPLS LDP on the PE. For information about MPLS LDP configuration, see "Configuring LDP." To configure an LDP PW: Step Command Remarks Enter system view. system-view Enter VSI view.
  • Page 473 Step Command Remarks BGP L2VPN address family view. Enable BGP to exchange By default, BGP cannot exchange peer { group-name | ip-address L2VPN information with the L2VPN information with any peer [ mask-length ] } enable specified peer or peer group. or peer group.

  • Page 474: Configuring A Bgp Auto-Discovery Ldp Pw

    Step Command Remarks enter auto-discovery VSI through BGP. view. Configure an RD for the route-distinguisher By default, no RD is configured for auto-discovery VSI. route-distinguisher the auto-discovery VSI. vpn-target vpn-target&<1-8> By default, no route targets are Configure route targets for [ both | export-extcommunity | configured for the auto-discovery the auto-discovery VSI.
  • Page 475 Step Command Remarks routes from the specified [ number ] or peer group. peer or peer group and specify the appearance times. (Optional.) Enable route By default, route target-based target-based filtering of policy vpn-target filtering of incoming BGP L2VPN incoming BGP L2VPN information is enabled.

  • Page 476: Configuring Upe Dual Homing

    Step Command Remarks (Optional.) Reference a By default, no tunnel policy is tunnel-policy tunnel-policy-name tunnel policy. referenced. Use LDP to create a PW to an automatically discovered By default, no signaling protocol is remote PE and enter signaling-protocol ldp specified. auto-discovery VSI LDP signaling view.

  • Page 477: Configuring Ldp Pw Redundancy

    Step Command Remarks Enter VSI view. vsi vsi-name [ hub-spoke ] Specify static signaling for By default, no PW signaling PWs, and enter VSI static pwsignaling static protocol is specified for the VSI. view. (Optional.) Specify whether to switch traffic from the By default, when the primary PW backup PW to the primary recovers, traffic is immediately...

  • Page 478: Configuring Mac Address Learning

    Step Command Remarks By default, no backup LDP PW is configured. If both a default PW ID in the default-pw-id command and a PW ID in the backup-peer backup-peer ip-address [ pw-id Configure a backup LDP PW command are configured, the pw-id ] [ pw-class class-name | and enter VSI LDP backup PW ID in the backup-peer...
  • Page 479 Task Command display l2vpn ldp [ peer ip-address [ pw-id pw-id | vpls-id Display LDP PW label information. vpls-id ] | vsi vsi-name ] [ verbose ] Display L2VPN forwarding information display l2vpn forwarding { ac | pw } [ vsi vsi-name ] [ verbose ] (centralized devices in standalone mode).

  • Page 480: Vpls Configuration Examples

    VPLS configuration examples Static PW configuration example Network requirements Configure VPLS on each PE, and establish static PWs between the PEs to interconnect the CEs. Figure 123 Network diagram Configuration procedure This task includes the following configurations: • Configure basic MPLS on each PE: configure LSR ID, enable LDP, run IGP (OSPF in this example) to establish LSPs.
  • Page 481 # Configure GigabitEthernet 2/0/3 (the interface connected to PE 3), and enable LDP on the interface. [PE1] interface gigabitethernet 2/0/3 [PE1-GigabitEthernet2/0/3] ip address 30.1.1.1 24 [PE1-GigabitEthernet2/0/3] mpls enable [PE1-GigabitEthernet2/0/3] mpls ldp enable [PE1-GigabitEthernet2/0/3] quit # Configure OSPF for LDP to create LSPs. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255...
  • Page 482 # Configure GigabitEthernet 2/0/3 (the interface connected to PE 3), and enable LDP on the interface. [PE2] interface gigabitethernet 2/0/3 [PE2-GigabitEthernet2/0/3] ip address 40.1.1.2 24 [PE2-GigabitEthernet2/0/3] mpls enable [PE2-GigabitEthernet2/0/3] mpls ldp enable [PE2-GigabitEthernet2/0/3] quit # Configure OSPF for LDP to create LSPs. [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255...
  • Page 483 # Configure GigabitEthernet 2/0/3 (the interface connected to PE 2), and enable LDP on the interface. [PE3] interface gigabitethernet 2/0/3 [PE3-GigabitEthernet2/0/3] ip address 40.1.1.3 24 [PE3-GigabitEthernet2/0/3] mpls enable [PE3-GigabitEthernet2/0/3] mpls ldp enable [PE3-GigabitEthernet2/0/3] quit # Configure OSPF for LDP to create LSPs. [PE3] ospf [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255...

  • Page 484: Ldp Pw Configuration Example

    PW Attributes : Main VCCV CC VCCV BFD Tunnel Group ID : 0x260000002 Tunnel NHLFE IDs : 1028 LDP PW configuration example Network requirements Configure VPLS on each PE, and establish LDP PWs between the PEs to interconnect the CEs. Figure 124 Network diagram Configuration procedure Configure an IGP and public tunnels on each PE.
  • Page 485 [PE1-vsi-aaa-ldp] quit [PE1-vsi-aaa] quit # Bind VSI aaa to GigabitEthernet 2/0/1 (the interface connected to CE 1). [PE1] interface gigabitethernet 2/0/1 [PE1-GigabitEthernet2/0/1] xconnect vsi aaa [PE1-GigabitEthernet2/0/1] quit Configure PE 2: # Configure basic MPLS. <PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 2.2.2.9 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 2.2.2.9...

  • Page 486: Bgp Pw Configuration Example

    [PE3-vsi-aaa-ldp-2.2.2.9-500] quit [PE3-vsi-aaa-ldp] quit [PE3-vsi-aaa] quit # Bind VSI aaa to GigabitEthernet 2/0/1 (the interface connected to CE 3). [PE3] interface gigabitethernet 2/0/1 [PE3-GigabitEthernet2/0/1] xconnect vsi aaa Verifying the configuration # Verify that two LDP PWs in up state have been established on PE 1. [PE1] display l2vpn pw verbose VSI Name: aaa Peer: 2.2.2.9...
  • Page 487 Figure 125 Network diagram Configuration procedure Configure an IGP and public tunnels on each PE. (Details not shown.) Configure PE 1: # Configure basic MPLS. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls ldp [PE1-ldp] quit # Establish IBGP connections to PE 2 and PE 3, and use BGP to advertise VPLS label block...
  • Page 488 [PE1-vsi-aaa-auto-bgp] quit [PE1-vsi-aaa-auto] quit [PE1-vsi-aaa] quit # Bind GigabitEthernet 2/0/1 to VSI aaa. [PE1] interface gigabitethernet 2/0/1 [PE1-GigabitEthernet2/0/1] xconnect vsi aaa [PE1-GigabitEthernet2/0/1] quit Configure PE 2: # Configure basic MPLS. <PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 2.2.2.9 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 2.2.2.9 [PE2] mpls ldp...
  • Page 489 [PE3-LoopBack0] ip address 3.3.3.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 3.3.3.9 [PE3] mpls ldp [PE3-ldp] quit # Establish IBGP connections to PE 1 and PE 2, and use BGP to advertise VPLS label block information. [PE3] bgp 100 [PE3-bgp] peer 1.1.1.9 as-number 100 [PE3-bgp] peer 1.1.1.9 connect-interface loopback 0 [PE3-bgp] peer 2.2.2.9 as-number 100 [PE3-bgp] peer 2.2.2.9 connect-interface loopback 0...

  • Page 490: Bgp Auto-Discovery Ldp Pw Configuration Example

    Signaling Protocol : BGP Link ID : 10 PW State : Up In Label : 1296 Out Label: 1025 : 1500 PW Attributes : Main VCCV CC VCCV BFD Tunnel Group ID : 0x800000060000000 Tunnel NHLFE IDs : 1026 # Display VPLS label block information received from PE 2 and PE 3 on PE 1. [PE1] display l2vpn bgp verbose VSI Name: aaa Remote Site ID...
  • Page 491 Figure 126 Network diagram Configuration procedure Configure an IGP and public tunnels on each PE. (Details not shown.) Configure PE 1: # Configure basic MPLS. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls ldp [PE1-ldp] quit # Establish IBGP connections to PE 1 and PE 2, and use BGP to advertise VPLS PE...
  • Page 492 [PE1-vsi-aaa-auto-ldp] vpls-id 100:100 [PE1-vsi-aaa-auto-ldp] quit [PE1-vsi-aaa-auto] quit [PE1-vsi-aaa] quit # Bind GigabitEthernet 2/0/1 to VSI aaa. [PE1] interface gigabitethernet 2/0/1 [PE1-GigabitEthernet2/0/1] xconnect vsi aaa [PE1-GigabitEthernet2/0/1] quit Configure PE 2: # Configure basic MPLS. <PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 2.2.2.9 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 2.2.2.9 [PE2] mpls ldp...
  • Page 493 <PE3> system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 3.3.3.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 3.3.3.9 [PE3] mpls ldp [PE3-ldp] quit # Establish IBGP connections to PE 1 and PE 2, and use BGP to advertise VPLS PE information. [PE3] bgp 100 [PE3-bgp] peer 1.1.1.9 as-number 100 [PE3-bgp] peer 1.1.1.9 connect-interface loopback 0...
  • Page 494 Tunnel Group ID : 0x800000060000000 Tunnel NHLFE IDs : 1029 Peer: 3.3.3.9 VPLS ID: 100:100 Signaling Protocol : LDP Link ID PW State : Up In Label : 1554 Out Label: 1416 : 1500 PW Attributes : Main VCCV CC VCCV BFD Tunnel Group ID : 0x800000160000001...

  • Page 495: H-Vpls Using Mpls Access Configuration Example

    H-VPLS using MPLS access configuration example Network requirements Configure an H-VPLS network using MPLS access to avoid full-mesh PW configuration. The H-VPLS uses LDP as the PW signaling protocol. Figure 127 Network diagram Configuration procedure Configure an IGP and public tunnels on each PE. (Details not shown.) Configure UPE: # Configure basic MPLS.
  • Page 496 # Configure basic MPLS. <NPE1> system-view [NPE1] interface loopback 0 [NPE1-LoopBack0] ip address 2.2.2.9 32 [NPE1-LoopBack0] quit [NPE1] mpls lsr-id 2.2.2.9 [NPE1] mpls ldp [NPE1–ldp] quit # Enable L2VPN. [NPE1] l2vpn enable # Configure VSI aaa that uses LDP as the PW signaling protocol, establish a U-PW to the UPE, and establish N-PWs to NPE 2 and NPE 3.
  • Page 497 # Configure basic MPLS. <NPE3> system-view [NPE3] interface loopback 0 [NPE3-LoopBack0] ip address 4.4.4.9 32 [NPE3-LoopBack0] quit [NPE3] mpls lsr-id 4.4.4.9 [NPE3] mpls ldp [NPE3–ldp] quit # Enable L2VPN. [NPE3] l2vpn enable # Configure VSI aaa that uses LDP as the PW signaling protocol, and establish N-PWs to NPE 1 and NPE 2.
  • Page 498 Tunnel Group ID : 0x460000000 Tunnel NHLFE IDs : 1030 Peer: 3.3.3.9 PW ID: 500 Signaling Protocol : LDP Link ID PW State : Up In Label : 1276 Out Label: 1275 : 1500 PW Attributes : Main VCCV CC VCCV BFD Tunnel Group ID : 0x560000001...

  • Page 499: Hub-Spoke Vpls Configuration Example

    Link ID PW State : Up In Label : 1279 Out Label: 1278 : 1500 PW Attributes : Main VCCV CC VCCV BFD Tunnel Group ID : 0x660000000 Tunnel NHLFE IDs : 1031 Peer: 3.3.3.9 PW ID: 500 Signaling Protocol : LDP Link ID PW State : Up...
  • Page 500 [Spoke-PE1-LoopBack0] ip address 1.1.1.9 32 [Spoke-PE1-LoopBack0] quit [Spoke-PE1] mpls lsr-id 1.1.1.9 [Spoke-PE1] mpls ldp [Spoke-PE1-ldp] quit # Enable L2VPN. [Spoke-PE1] l2vpn enable # Create VSI aaa, enable hub-spoke capability for the VSI, specify the PW signaling protocol as LDP, establish a PW to Hub-PE, and specify the PW as the hub link. [Spoke-PE1] vsi aaa hub-spoke [Spoke-PE1-vsi-aaa] pwsignaling ldp [Spoke-PE1-vsi-aaa-ldp] peer 3.3.3.9 pw-id 500 hub...
  • Page 501 [Hub-PE] mpls lsr-id 3.3.3.9 [Hub-PE] mpls ldp [Hub-PE–ldp] quit # Enable L2VPN. [Hub-PE] l2vpn enable # Create VSI aaa, enable hub-spoke capability for the VSI, specify the PW signaling protocol as LDP, and establish PWs to Spoke-PE 1 and Spoke-PE 2. [Hub-PE] vsi aaa hub-spoke [Hub-PE-vsi-aaa] pwsignaling ldp [Hub-PE-vsi-aaa-ldp] peer 1.1.1.9 pw-id 500...

  • Page 502: H-Vpls Upe Dual Homing Configuration Example

    Peer: 1.1.1.9 PW ID: 500 Signaling Protocol : LDP Link ID PW State : Up In Label : 1274 Out Label: 1276 : 1500 PW Attributes : Main, Spoke link VCCV CC VCCV BFD Tunnel Group ID : 0x760000000 Tunnel NHLFE IDs : 1032 Peer: 2.2.2.9 PW ID: 500...
  • Page 503 Configuration procedure Configure an IGP and public tunnels on each PE. (Details not shown.) Configure UPE: # Configure basic MPLS. <UPE> system-view [UPE] interface loopback 0 [UPE-LoopBack0] ip address 1.1.1.1 32 [UPE-LoopBack0] quit [UPE] mpls lsr-id 1.1.1.1 [UPE] mpls ldp [UPE-ldp] quit # Enable L2VPN.
  • Page 504 [NPE1-vsi-aaa-ldp-1.1.1.1-500] quit [NPE1-vsi-aaa-ldp] peer 3.3.3.3 pw-id 500 [NPE1-vsi-aaa-ldp-3.3.3.3-500] quit [NPE1-vsi-aaa-ldp] peer 4.4.4.4 pw-id 500 [NPE1-vsi-aaa-ldp-4.4.4.4-500] quit [NPE1-vsi-aaa-ldp] quit [NPE1-vsi-aaa] quit Configure NPE 2: # Configure basic MPLS. <NPE2> system-view [NPE2] interface loopback 0 [NPE2-LoopBack0] ip address 3.3.3.3 32 [NPE2-LoopBack0] quit [NPE2] mpls lsr-id 3.3.3.3 [NPE2] mpls ldp [NPE2–ldp] quit...
  • Page 505 [NPE3-vsi-aaa-ldp-3.3.3.3-500] quit [NPE3-vsi-aaa-ldp] quit [NPE3-vsi-aaa] quit # Bind GigabitEthernet 2/0/1 (the interface connected to CE 3) to VSI aaa. [NPE3] interface gigabitethernet 2/0/1 [NPE3-GigabitEthernet2/0/1] xconnect vsi aaa [NPE3-GigabitEthernet2/0/1] quit Verifying the configuration # Verify that PWs in up state have been established on each PE. [UPE] display l2vpn pw verbose VSI Name: aaa Peer: 2.2.2.2...
  • Page 506 : 1500 PW Attributes : Main VCCV CC VCCV BFD Tunnel Group ID : 0x160000005 Tunnel NHLFE IDs : 1027 Peer: 4.4.4.4 PW ID: 500 Signaling Protocol : LDP Link ID : 10 PW State : Up In Label : 1278 Out Label: 1279 : 1500 PW Attributes...
  • Page 507 [NPE3] display l2vpn pw verbose VSI Name: aaa Peer: 2.2.2.2 PW ID: 500 Signaling Protocol : LDP Link ID PW State : Up In Label : 1279 Out Label: 1278 : 1500 PW Attributes : Main VCCV CC VCCV BFD Tunnel Group ID : 0x60000000 Tunnel NHLFE IDs...

  • Page 508: Configuring L2Vpn Access To L3Vpn Or Ip Backbone

    Configuring L2VPN access to L3VPN or IP backbone Both MPLS L2VPN and VPLS support the L2VPN access to L3VPN or IP backbone feature. MPLS L2VPN provides point-to-point connections, and VPLS provides point-to-multipoint connections. Unless otherwise specified, the term "MPLS L2VPN" in this document refers to both MPLS L2VPN and VPLS.

  • Page 509: Improved L2Vpn Access To L3Vpn Or Ip Backbone

    backbone through PE 3. PE 3 acts as a PE in the MPLS L3VPN/IP backbone and as a CE in the MPLS L2VPN at the same time. A packet from VPN site 1 to VPN site 2 is forwarded as follows: A user in VPN site 1 sends a packet to PE 1.

  • Page 510: Configuring Conventional L2Vpn Access To L3Vpn Or Ip Backbone

    Create an access VE interface on the PE-agg to provide access to the backbone, and configure the interface and the L2VE interface have the same interface number. This interface is referred to as the VE-L3VPN (L3VE) interface. The functions and configurations of the interface are similar to those of the access interface (Access int) in Figure 130.

  • Page 511: Configuring An L2Ve Interface

    Configuring an L2VE interface Step Command Remarks Enter system view. system-view By default, no L2VE interface is created on the device. Create an L2VE interface and interface ve-l2vpn enter its view. interface-number You can create a maximum of 8192 L2VE interfaces on a device. By default, the description of the (Optional.) Configure a interface is VE-L2VPNnumber...

  • Page 512: Displaying And Maintaining L2Vpn Access To L3Vpn Or Ip Backbone

    Displaying and maintaining L2VPN access to L3VPN or IP backbone Execute display commands in any view and reset commands in user view. Task Command Display information about L2VE display interface [ ve-l2vpn [ interface-number ] | ve-l3vpn [ interface-number ] ] [ brief [ description | down ] ] interfaces or L3VE interfaces.
  • Page 513 Figure 132 Network diagram Table 46 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 Ser2/1/0 100.1.1.1/24 PE-agg Loop0 3.3.3.9/32 PE 1 Loop0 1.1.1.9/32 POS2/2/0 10.2.2.2/24 POS2/2/0 10.2.1.1/24 POS2/2/1 10.3.3.1/24 Loop0 2.2.2.9/32 VE-L3VPN1 100.1.1.2/24 POS2/2/0 10.2.1.2/24 PE 2...
  • Page 514 [PE1-ospf-1] quit # Configure the P device. <P> system-view [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 10.2.2.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit # Configure PE-agg. [PEagg] ospf [PEagg-ospf-1] area 0 [PEagg-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PEagg-ospf-1-area-0.0.0.0] network 10.2.2.0 0.0.0.255 [PEagg-ospf-1-area-0.0.0.0] quit [PEagg-ospf-1] quit...
  • Page 515 [PEagg-Pos2/2/0] quit c. Enable L2VPN on PE 1 and PE-agg: # Configure PE 1. [PE1] l2vpn enable # Configure PE-agg. [PEagg] l2vpn enable d. Configure the AC interfaces of PE 1 and PE-agg, create PWs that support interworking, and bind the interface to the PWs: # On Serial 2/1/0 of PE 1, configure PPP to support IPCP negotiation without IP address.
  • Page 516 [PEagg-LoopBack0] isis enable 1 [PEagg-LoopBack0] quit # Configure PE 2. [PE2] isis 1 [PE2-isis-1] network-entity 10.0000.0000.0002.00 [PE2-isis-1] quit [PE2] interface pos 2/2/0 [PE2-Pos2/2/0] isis enable 1 [PE2-Pos2/2/0] quit [PE2] interface loopback 0 [PE2-LoopBack0] isis enable 1 [PE2-LoopBack0] quit b. Configure basic MPLS and MPLS LDP on PE-agg and PE 2: # Configure PE-agg.
  • Page 517 # Configure CE 1 and specify PE-agg as the peer. <CE1> system-view [CE1] bgp 65010 [CE1-bgp] peer 100.1.1.2 as-number 100 [CE1-bgp] address-family ipv4 [CE1-bgp-ipv4] peer 100.1.1.2 enable [CE1-bgp-ipv4] import-route direct [CE1-bgp-ipv4] quit [CE1-bgp] quit # Configure PE-agg and specify CE 1 as the peer. [PEagg] bgp 100 [PEagg-bgp] ip vpn-instance VPN1 [PEagg-bgp-VPN1] peer 100.1.1.1 as-number 65010...

  • Page 518: Access To Ip Backbone Through An Ldp Vpls

    [PE2-bgp] peer 3.3.3.9 as-number 100 [PE2-bgp] peer 3.3.3.9 connect-interface loopback 0 [PE2-bgp] address-family vpnv4 [PE2-bgp-vpnv4] peer 3.3.3.9 enable [PE2-bgp-vpnv4] quit [PE2-bgp] quit The default MTU value varies by interface type. To avoid packet fragmentation, set the MTU value for each POS interface on each device to 1500. The following shows the MTU configuration on PE 1.
  • Page 519 Figure 133 Network diagram Table 47 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 GE2/0/1 100.1.1.1/24 PE-agg Loop0 3.3.3.9/32 PE 1 Loop0 1.1.1.9/32 POS2/2/0 10.2.2.2/24 POS2/2/0 10.2.1.1/24 POS2/2/1 10.3.3.1/24 Loop0 2.2.2.9/32 VE-L3VPN1 100.1.1.2/24 POS2/2/0 10.2.1.2/24 PE 2...
  • Page 520 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure the P device. <P> system-view [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] network 10.2.2.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit # Configure PE-agg. [PEagg] ospf [PEagg-ospf-1] area 0 [PEagg-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PEagg-ospf-1-area-0.0.0.0] network 10.2.2.0 0.0.0.255 [PEagg-ospf-1-area-0.0.0.0] quit...
  • Page 521 [PEagg-Pos2/2/0] mpls ldp enable [PEagg-Pos2/2/0] quit c. Enable L2VPN on PE 1 and PE-agg: # Configure PE 1. [PE1] l2vpn enable # Configure PE-agg. [PEagg] l2vpn enable d. Create VSIs on PE 1 and PE-agg: # On PE 1, create VSI vpna, and specify the PW signaling protocol for the VSI as LDP. [PE1] vsi vpna [PE1-vsi-vpna] pwsignal ldp # On PE 1, create LDP PW 500 to the peer PE 3.3.3.9.
  • Page 522 <PE2> system-view [PE2] ospf 2 [PE2-ospf-2] area 0 [PE2-ospf-2-area-0.0.0.0] network 100.2.1.0 0.0.0.255 [PE2-ospf-2-area-0.0.0.0] network 10.3.3.0 0.0.0.255 [PE2-ospf-2-area-0.0.0.0] quit [PE2-ospf-2] quit # Configure OSPF process 2 on CE 2 to advertise routing information. <CE2> system-view [CE2] ospf 2 [CE2-ospf-2] area 0 [CE2-ospf-2-area-0.0.0.0] network 100.2.1.0 0.0.0.255 [CE2-ospf-2-area-0.0.0.0] quit [CE2-ospf-2] quit...

  • Page 523: Configuring Mpls Oam

    Configuring MPLS OAM Overview MPLS Operation, Administration, and Maintenance (OAM) provides fault management tools for the following purposes: • MPLS data plane connectivity verification. • Data plane and control plane consistency verification. • Fault locating. These fault management tools include the following types: •...

  • Page 524: Periodic Mpls Tracert

    • Static mode—You manually specify the local and remote discriminators through command lines to establish the BFD session. • Dynamic mode—The system automatically runs MPLS ping to negotiate the discriminators to establish the BFD session. In static mode, the egress node returns a BFD control packet to the ingress node through the reverse tunnel.

  • Page 525: Configuring Mpls Tracert For Lsps

    Task Command [ address-increment ] ] ] Configuring MPLS tracert for LSPs Perform the following task in any view: Task Command tracert mpls [ -a source-ip | -exp exp-value | -h ttl-value | -r Use MPLS tracert to trace the LSPs for reply-mode | -rtos tos-value | -t time-out | -v | fec-check ] * ipv4 an IPv4 prefix.

  • Page 526: Configuring Periodic Mpls Tracert For Lsps

    Step Command Remarks Enter system view. system-view By default, BFD for MPLS is Enable BFD for MPLS. mpls bfd enable disabled. mpls bfd dest-addr mask-length [ nexthop nexthop-address By default, BFD is not configured Configure BFD to verify LSP [ discriminator local local-id to verify LSP connectivity for an connectivity for an FEC.

  • Page 527: Configuring Bfd For Mpls Te Tunnels

    Configuring BFD for MPLS TE tunnels To run BFD on an MPLS TE tunnel, configure both the local and remote devices as described Table Table 49 Configurations on the local and remote devices BFD session Execute the "mpls Execute the Configure the establishment Node type...

  • Page 528: Configuring Mpls Ping For A Pw

    The packets used to verify PW connectivity are collectively referred to as VCCV packets. A PE transfers VCCV packets through a control channel (CC). CCs include the following types: • control-word—Identifies VCCV packets through the control word (PW-ACH, PW Associated Channel Header).
  • Page 529 Step Command Remarks By default, no PW class is created. To use BFD to verify connectivity of Create a PW class and pw-class class-name a PW, you must create a PW class enter PW class view. for the PW and configure VCCV settings in PW class view.
  • Page 530 Step Command Remarks a PW, you must create a PW class for the PW and configure VCCV settings in PW class view. By default, BFD is not used to verify PW connectivity. Use BFD to verify PW vccv bfd [ raw-bfd ] [ template If you specify the raw-bfd keyword connectivity.

  • Page 531: Displaying Mpls Oam

    Step Command Remarks a PW, you must create a PW class for the PW and configure VCCV settings in PW class view. By default, BFD is not used to verify PW connectivity. Use BFD to verify PW vccv bfd [ raw-bfd ] [ template If you specify the raw-bfd keyword connectivity.

  • Page 532: Bfd For Lsp Configuration Example

    BFD for LSP configuration example Network requirements Use LDP to establish an LSP from 1.1.1.9/32 to 3.3.3.9/32 and an LSP from 3.3.3.9/32 to 1.1.1.9/32. Use BFD to verify LSP connectivity. Figure 134 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF to ensure IP connectivity between the routers: # Configure Router A.
  • Page 533 [RouterA] interface gigabitethernet 2/0/1 [RouterA-GigabitEthernet2/0/1] mpls enable [RouterA-GigabitEthernet2/0/1] mpls ldp enable [RouterA-GigabitEthernet2/0/1] quit # Configure Router B. [RouterB] mpls lsr-id 2.2.2.9 [RouterB] mpls ldp [RouterB-ldp] quit [RouterB] interface gigabitethernet 2/0/1 [RouterB-GigabitEthernet2/0/1] mpls enable [RouterB-GigabitEthernet2/0/1] mpls ldp enable [RouterB-GigabitEthernet2/0/1] quit [RouterB] interface gigabitethernet 2/0/2 [RouterB-GigabitEthernet2/0/2] mpls enable [RouterB-GigabitEthernet2/0/2] mpls ldp enable [RouterB-GigabitEthernet2/0/2] quit...
  • Page 534 FEC Info: Destination: 3.3.3.9 Mask Length: 32 NHLFE ID: 1042 Local Discr: 514 Remote Discr: 514 Source IP: 1.1.1.9 Destination IP: 127.0.0.1 Session State: Up Session Role: Passive Template Name: - The output shows that two BFD sessions have been established between Router A and Router C. One session verifies the connectivity of the LSP from 3.3.3.9/32 to 1.1.1.9/32, and the other session verifies the connectivity of the LSP from 1.1.1.9/32 to 3.3.3.9/32.

  • Page 535: Configuring Mpls Protection Switching

    Configuring MPLS protection switching Overview MPLS Protection Switching (PS) provides an end-to-end linear protection mechanism for MPLS TE tunnels. It associates an MPLS TE tunnel (working tunnel) with another MPLS TE tunnel (protection tunnel) to form a protection group. When the working tunnel fails, traffic is immediately switched to the protection tunnel, ensuring continuous traffic forwarding.

  • Page 536: Path Switching Modes

    An external switching command is executed on the node. • 1+1 protection switching—Typically, traffic travels along both the working and protection tunnels, and the egress node receives traffic from the working tunnel. When either of the following events occurs, the egress node determines from which tunnel it receives traffic according to the protection state: The ingress or egress node detects a failure on the working tunnel.

  • Page 537: Mpls Protection Switching Configuration Task List

    MPLS protection switching configuration task list Before configuring MPLS protection switching, create two MPLS TE tunnels: one as the working tunnel, and the other as the protection tunnel. For information about creating an MPLS TE tunnel, "Configuring MPLS TE." To configure MPLS protection switching, perform the following tasks: Tasks at a glance Remarks (Required.)
  • Page 538 In the protection group, the device determines the tunnel for traffic forwarding according to the external switching command and the signal fail. Follow these restrictions and guidelines when you create a protection group: • The tunnel bundle interface is up after the IP address and tunnel destination address for the interface are configured and at least one of its member interfaces is up.

  • Page 539: Configuring Ps Attributes For The Protection Group

    Step Command Remarks 11. (Optional.) Specify a backup traffic processing unit for the tunnel bundle interface (distributed service standby slot By default, no backup traffic devices in standalone slot-number processing unit is specified. mode/centralized devices in IRF mode). 12. (Optional.) Specify a backup traffic service standby chassis processing unit for the tunnel By default, no backup traffic...

  • Page 540: Configuring Command Switching For The Protection Group

    Step Command Remarks switching-mode group to use bidirectional on the tunnel bundle interface in 1:1 path switching. bidirectional protection switching mode. By default, the protection group in 1:1 protection switching mode uses unidirectional path switching. 1+1 protection switching mode supports only bidirectional path switching.

  • Page 541: Mpls Protection Switching Configuration Example

    Task Command [ description | down ] ] Display forwarding state information for display mpls forwarding protection [ tunnel-bundle MPLS protection groups (centralized devices number ] in standalone mode). Display forwarding state information for display mpls forwarding protection [ tunnel-bundle MPLS protection groups (distributed devices in standalone mode/centralized devices in number ] [ slot slot-number ]...

  • Page 542: Configuration Procedure

    Figure 135 Network diagram Loop0 2.2.2.2/32 GE2/0/2 GE2/0/1 4.1.1.1/24 2.1.1.2/24 Router B Loop0 Loop0 1.1.1.1/32 4.4.4.4/32 GE2/0/1 GE2/0/1 2.1.1.1/24 4.1.1.2/24 GE2/0/2 GE2/0/2 3.1.1.1/24 5.1.1.2/24 Router A Router D Router C GE2/0/1 GE2/0/2 3.1.1.2/24 5.1.1.1/24 Loop0 3.3.3.3/32 Configuration procedure Configure IP addresses and masks for interfaces as shown in Figure 135.
  • Page 543 Output queue - Urgent queuing: Size/Length/Discards 0/100/0 Output queue - Protocol queuing: Size/Length/Discards 0/500/0 Output queue - FIFO queuing: Size/Length/Discards 0/75/0 Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops Configure a tunnel bundle interface for the protection group:...

  • Page 544: Verifying The Configuration

    Verifying the configuration # Display information about the tunnel bundle interface and its member interfaces on Router A. [RouterA] display tunnel-bundle Tunnel-Bundle Name : Tunnel-Bundle 0 Bundle State : Up Bundle Attributes Bundle Mode : 1:1 Tunnel Type : CR_LSP Tunnel Destination : 4.4.4.4 Bundle Members :...

  • Page 545: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.

  • Page 546: Network Topology Icons

    Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 547: Support And Other Resources

    Hewlett Packard Enterprise Support Center More Information on Access to Support Materials page: www.hpe.com/support/AccessToSupportMaterials IMPORTANT: Access to some updates might require product entitlement when accessed through the Hewlett Packard Enterprise Support Center. You must have an HP Passport set up with relevant entitlements.

  • Page 548: Websites

    Websites Website Link Networking websites Hewlett Packard Enterprise Information Library for www.hpe.com/networking/resourcefinder Networking Hewlett Packard Enterprise Networking website www.hpe.com/info/networking Hewlett Packard Enterprise My Networking website www.hpe.com/networking/support Hewlett Packard Enterprise My Networking Portal www.hpe.com/networking/mynetworking Hewlett Packard Enterprise Networking Warranty www.hpe.com/networking/warranty General websites Hewlett Packard Enterprise Information Library www.hpe.com/info/enterprise/docs Hewlett Packard Enterprise Support Center...
  • Page 549 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.
  • Page 550 Index MPLS L2VPN BGP label block information Numerics advertisement, MPLS L3VPN basics, 1MPLS PS mode, MPLS L3VPN HoVPN, MPLS L3VPN route advertisement, MPLS PS mode, MPLS TE attribute advertisement, MPLS TE CRLSP dynamic establishment, MPLS TE link attribute (IGP TE extension), MPLS L2VPN AC configuration, MPLS TE link attribute (IS-IS TE), MPLS L2VPN AC Layer 3 interface (Ethernet...
  • Page 551 IPv6 MPLS L3VPN inter-AS option C, MPLS TE auto FRR configuration, MPLS L3VPN BGP AS number substitution, MPLS TE automatic bandwidth adjustment, 76, MPLS L3VPN BGP AS number substitution+SoO MPLS TE traffic forwarding automatic route attribute, 206, 238, advertisement (forwarding adjacency), MPLS L3VPN carrier's carrier different ASs, MPLS TE traffic forwarding automatic route advertisement (IGP shortcut),...
  • Page 552 MPLS L2VPN remote CCC connection backoff mechanism (LDP), configuration, bandwidth MPLS TE automatic bandwidth MPLS L3VPN, adjustment, 92, MPLS L3VPN basics, MPLS TE CRLSP dynamic establishment, MPLS L3VPN BGP AS number substitution, MPLS TE CRLSP flooding, MPLS L3VPN BGP AS number substitution+SoO MPLS TE CRLSP static implementation, attribute, 206, 238, MPLS TE DS-TE bandwidth constraint,...
  • Page 553 MPLS TE tunnel implementation (co-routed IPv6 MPLS L3VPN OSPF sham link creation, mode), IPv6 MPLS L3VPN PE-CE EBGP, binding IPv6 MPLS L3VPN PE-CE IBGP, MPLS L2VPN cross-connect+AC binding, IPv6 MPLS L3VPN PE-CE IPv6 IS-IS, VPLS VSI+AC, IPv6 MPLS L3VPN PE-CE OSPFv3, broadcast IPv6 MPLS L3VPN PE-CE RIPng, VPLS traffic flooding,...
  • Page 554 MPLS L2VPN information, IPv6 MPLS L3VPN inter-AS option C, MPLS protection switching (PS) command and IPv6 MPLS L3VPN loopback interface, hardware compatibility, IPv6 MPLS L3VPN MCE, MPLS protection switching (PS) feature and IPv6 MPLS L3VPN MCE routing, hardware compatibility, IPv6 MPLS L3VPN MCE-PE EBGP, MPLS protection switching (PS) information, IPv6 MPLS L3VPN MCE-PE IBGP, VPLS command and hardware...
  • Page 555 LDP BGP unicast route redistribution, MPLS L2VPN local connection, LDP FRR, MPLS L2VPN local connection IP interworking, LDP GR, MPLS L2VPN multi-segment PW configuration (inter-domain), LDP hello parameter, MPLS L2VPN multi-segment PW configuration LDP IPv4 session parameter (Extended (intra-domain), Discovery), MPLS L2VPN PW, LDP IPv6 session parameter (Extended Discovery),...
  • Page 556 MPLS L3VPN MCE-PE RIP, MPLS PS protection group attributes, MPLS L3VPN MCE-PE routing, MPLS PS protection group command switching, MPLS L3VPN MCE-PE static routing, MPLS PSC message send interval, MPLS L3VPN MCE-VPN site EBGP, MPLS TE, 71, 81, MPLS L3VPN MCE-VPN site IBGP, MPLS TE auto FRR, MPLS L3VPN MCE-VPN site IS-IS, MPLS TE automatic bandwidth adjustment,...
  • Page 557 MPLS TE tunnel/tunnel bundle traffic direction VPLS VSI, (automatic route advertisement/forwarding connecting adjacency), MPLS L2VPN BGP PW remote CCC MPLS TE tunnel/tunnel bundle traffic direction connection, (automatic route advertisement/IGP MPLS L2VPN cross-connect configuration, shortcut), MPLS L2VPN cross-connect interworking, MPLS TE tunnel/tunnel bundle traffic direction MPLS L2VPN cross-connect+AC binding, (PBR), MPLS L2VPN local connection establishment,...
  • Page 558 MPLS TE FRR node fault detection, MPLS TE FRR node protection, detecting MPLS TE FRR optimal bypass tunnel selection LDP loop detection, interval, MPLS TE FRR node fault detection, MPLS TE IETF DS-TE configuration, MPLS TE loop detection, MPLS TE inter-area tunnel establishment device (CRLSP+PCE calculation), customer edge device.
  • Page 559 LDP discovery message type, MPLS TE CRLSP establishment, LDP peer basic discovery, MPLS TE PCE discovery, LDP peer extended discovery, MPLS TE tunnel configuration (dynamic CRLSP), LDP session parameters (Basic Discovery), LDP session parameters (Extended EBGP Discovery), IPv6 MPLS L3VPN MCE-PE EBGP, MPLS TE PCE, IPv6 MPLS L3VPN MCE-PE routing, displaying...
  • Page 560 RSVP BFD, VPLS L2VPN, fast reroute. Use VPLS SNMP notification, IPv4 LDP configuration, encapsulating MPLS L2VPN AC Layer 3 interface (Ethernet IPv4 LDP label acceptance control, encapsulation), IPv4 LDP label advertisement control, MPLS L2VPN AC Layer 3 interface (HDLC IPv4 LDP LSP configuration, encapsulation), IPv6 LDP configuration, MPLS L2VPN AC Layer 3 interface (PPP...
  • Page 561 MPLS LSP establishment, MPLS TE, MPLS LSR, MPLS TE auto FRR configuration, MPLS process, MPLS TE FRR bypass CRLSP, MPLS TE bidirectional tunnel, MPLS TE FRR bypass tunnel on PLR configuration restrictions, MPLS TE CRLSP backup, MPLS TE FRR configuration, MPLS TE DS-TE, MPLS TE FRR configuration on PLR, MPLS TE FRR,...
  • Page 562 MPLS L2VPN PPP/HDLC over MPLS, MPLS L3VPN MCE-VPN site IBGP, MPLS L3VPN PE-CE IBGP, hello LDP session protection, ICMP RSVP GR, MPLS TTL-expired message send, RSVP GR configuration, identifier (LDP), RSVP hello extension, IETF DS-TE MPLS TE DiffServ-aware TE mode, RSVP-TE Hello message, MPLS TE IETF DS-TE configuration, hierarchical VPLS.
  • Page 563 configuration, LDP GR configuration, MPLS L2VPN, LDP label acceptance policy, LDP label advertisement policy, interval MPLS PSC message send interval, LDP label control, MPLS TE CRLSP flooding, LDP label distribution, MPLS TE FRR optimal bypass tunnel selection LDP label distribution control mode, interval, LDP loop detection, interworking...
  • Page 564 IPv6 MPLS L3VPN MCE-PE IPv6 IS-IS, OSPF sham link creation, IPv6 MPLS L3VPN MCE-VPN site IPv6 IS-IS, OSPFv3 sham link, IPv6 MPLS L3VPN PE-CE IPv6 IS-IS, packet forwarding, PBR application, IPv6 MPLS L3VPN basics, PBR configuration, BGP AS number substitution, PE-CE EBGP, BGP AS number substitution+SoO PE-CE IBGP,...
  • Page 565 distribution protocol. Use enable globally, Label Forwarding Information Base. Use enable on interface, LFIB MPLS egress label type advertisement, FEC, MPLS FEC label format, FEC-label mapping, MPLS forwarding process, FRR configuration, 23, MPLS L3VPN Layer 1 label packet forwarding, GR configuration, MPLS L3VPN Layer 2 label packet GR helper, forwarding,...
  • Page 566 MPLS L2VPN multi-segment PW configuration LDP session protection, (intra-domain), MPLS L2VPN attachment circuit (AC), MPLS L3VPN access (LDP MPLS L2VPN), MPLS L3VPN OSPF sham link, 206, 227, MPLS OAM BFD for VPLS LDP PW, MPLS L3VPN OSPF sham link creation, NSR, MPLS TE attribute advertisement, NSR configuration,...
  • Page 567 LDP configuration, 17, LDP configuration, 17, LDP loop detection, LDP FEC, LDP LSP establishment, LDP FEC-label mapping, LDP LSP generation policy, LDP GR, LDP over MPLS TE, LDP identifier, MPLS control plane, LDP label space, MPLS dynamic LSP establishment, LDP peer, MPLS label forwarding statistics enable, LDP session, MPLS OAM BFD for LSP, 515, 522,...
  • Page 568 LDP configuration, 17, LDP authentication configuration, LDP GR, RSVP authentication, LDP label control, LDP label distribution, message CRLSP setup, LDP message types, LDP advertisement, LDP operation, LDP discovery, LDP session, LDP notification, LDP terminology, LDP session, Maximum Allocation Model. See MPLS PSC message send interval, IPv6 MPLS L3VPN configuration, MPLS TTL-expired message send,...
  • Page 569 MPLS L2VPN remote connection, label forwarding statistics enable for VPN instance, LDP backoff, MPLS TE FRR CRLSP link protection, LDP BGP unicast route redistribution, MPLS TE FRR merge point, LDP configuration, 17, MP-IBGP MPLS L3VPN hub-spoke network, LDP display, LDP FRR, MPLS basic concepts, LDP FRR configuration,...
  • Page 570 protection switching (PS) enable, cross-connect interworking configuration, protection switching (PS) group creation, cross-connect+AC binding, protection switching (PS) maintain, display, protection switching (PS) mode, enable, protection switching (PS) path switching Ethernet over MPLS, mode, H-VPLS configuration (MPLS access), protection switching (PS) protocols and H-VPLS UPE dual homing configuration, standards, interworking,...
  • Page 571 BGP AS number substitution, MCE-PE IBGP, BGP AS number substitution+SoO MCE-PE IS-IS, attribute, 206, 238, MCE-PE OSPF, BGP route target attributes, MCE-PE RIP, BGP VPNv4 route control, MCE-PE routing, BGP-OSPF interaction, MCE-PE static routing, carrier's carrier, MCE-VPN site EBGP, carrier's carrier different ASs, MCE-VPN site IBGP, carrier's carrier same AS, MCE-VPN site IS-IS,...
  • Page 572 VPN instance, MPLS L3VPN configuration, 188, VPN instance configuration, MPLS L3VPN HoVPN, VPN instance creation, MPLS L3VPN inter-AS option A, VPN instance route related attributes, MPLS L3VPN inter-AS option B, VPN instance+interface association, MPLS L3VPN inter-AS option C, VPN-IPv4 address, MPLS L3VPN MCE configuration, MPLS L3VPN multirole host, MPLS OAM...
  • Page 573 IPv6 MPLS L3VPN carrier's carrier same PS enable, PS group creation, IPv6 MPLS L3VPN configuration, 330, PS path switching mode, IPv6 MPLS L3VPN inter-AS option A, PS protection group attributes, IPv6 MPLS L3VPN inter-AS option C, PS protection group command switching, IPv6 MPLS L3VPN MCE configuration, PS triggering mode, IPv6 MPLS L3VPN multirole host,...
  • Page 574 tunnel/tunnel bundle traffic direction (automatic IPv6 MPLS L3VPN BGP AS number substitution, route advertisement), IPv6 MPLS L3VPN BGP AS number tunnel/tunnel bundle traffic direction (PBR), substitution+SoO attribute, 355, IPv6 MPLS L3VPN BGP VPNv6 route control, MPLS-TP MPLS TE bidirectional tunnel, IPv6 MPLS L3VPN carrier's carrier same AS, IPv6 MPLS L3VPN configuration, MPLS MTU configuration,...
  • Page 575 IPv6 MPLS L3VPN PE-CE RIPng, MPLS architecture, IPv6 MPLS L3VPN PE-CE routing, MPLS control plane, IPv6 MPLS L3VPN PE-CE static routing, MPLS egress label type advertisement, IPv6 MPLS L3VPN PE-PE routing, MPLS FEC, IPv6 MPLS L3VPN routing information MPLS FEC label format, advertisement, MPLS forwarding plane, IPv6 MPLS L3VPN VPN instance,...
  • Page 576 MPLS L3VPN BGP AS number substitution, MPLS L3VPN MCE-VPN site RIP, MPLS L3VPN BGP AS number substitution+SoO MPLS L3VPN MCE-VPN site routing, attribute, 206, 238, MPLS L3VPN MCE-VPN site static routing, MPLS L3VPN BGP route target attributes, MPLS L3VPN MP-BGP, MPLS L3VPN BGP VPNv4 route control, MPLS L3VPN multirole host, 201, MPLS L3VPN BGP-OSPF interaction,...
  • Page 577 MPLS LFIB, MPLS TE tunnel configuration (dynamic CRLSP), MPLS LSP, MPLS TE tunnel configuration (static CRLSP), MPLS LSP establishment, MPLS TE tunnel establishment (RSVP-TE), MPLS LSR, MPLS TE tunnel establishment (static CRLSP), MPLS MTU configuration, MPLS TE tunnel interface, MPLS OAM BFD for LSP, 515, MPLS TE tunnel load sharing, MPLS OAM BFD for MPLS L2VPN PW, MPLS TE tunnel reoptimization,...
  • Page 578 L2VPN access configuration, MPLS L3VPN BGP AS number substitution+SoO attribute, 206, 238, L2VPN improved access configuration, LDP configuration, 17, MPLS basic concepts, MPLS basics configuration, 1, MPLS L2VPN PW VCCV, MPLS L2VPN basic concepts, MPLS OAM. See MPLS OAM MPLS L2VPN configuration, 404, 412, MPLS TE bidirectional tunnel, MPLS L3VPN, object...
  • Page 579 IPv6 MPLS L3VPN configuration, IP backbone access (LDP VPLS), MPLS L3VPN application, L2VPN access configuration, MPLS L3VPN configuration, L2VPN improved access configuration, MPLS L3VPN multirole host, 201, 225, MPLS L2VPN configuration, 404, MPLS L2VPN static PW configuration, MPLS TE CRLSP establishment (PCE path calculation), MPLS L3VPN access (LDP MPLS L2VPN), MPLS TE PCEP session parameters,...
  • Page 580 IPv6 MPLS L3VPN PE-CE EBGP, LDP peer maintenance, IPv6 MPLS L3VPN PE-CE IBGP, LDP session parameters, IPv6 MPLS L3VPN PE-CE IPv6 IS-IS, LDP session protection, IPv6 MPLS L3VPN PE-CE OSPFv3, LDP targeted hello timer, IPv6 MPLS L3VPN PE-CE RIPng, penultimate hop popping. Use IPv6 MPLS L3VPN PE-CE routing, per-interface label space (LDP), per-platform label space (LDP),...
  • Page 581 configuring IPv6 MPLS L3VPN inter-AS IPv6 VPN priority MPLS TE tunnel holding priority, option C PE, configuring IPv6 MPLS L3VPN inter-AS IPv6 VPN MPLS TE tunnel setup priority, option C routing policy, procedure configuring IPv6 MPLS L3VPN inter-AS option advertising MPLS TE link attribute (IGP TE extension), configuring IPv6 MPLS L3VPN inter-AS option applying IPv6 MPLS L3VPN PBR,...
  • Page 582 configuring IPv6 MPLS L3VPN PE-CE configuring LDP session parameter, OSPFv3, configuring LDP session parameter (Basic configuring IPv6 MPLS L3VPN PE-CE RIPng, Discovery), configuring IPv6 MPLS L3VPN PE-CE configuring LDP session protection, routing, configuring LDP-IGP synchronization, configuring IPv6 MPLS L3VPN PE-CE static configuring LDP-IS-IS synchronization, routing, configuring LDP-OSPF synchronization,...
  • Page 583 configuring MPLS L2VPN static PW configuring MPLS L3VPN MCE-PE OSPF, redundancy, configuring MPLS L3VPN MCE-PE RIP, configuring MPLS L3VPN, configuring MPLS L3VPN MCE-PE routing, configuring MPLS L3VPN access (LDP MPLS configuring MPLS L3VPN MCE-PE static L2VPN), routing, configuring MPLS L3VPN basics, 211, configuring MPLS L3VPN MCE-VPN site EBGP, configuring MPLS L3VPN BGP AS number configuring MPLS L3VPN MCE-VPN site IBGP,...
  • Page 584 configuring MPLS OAM ping for MPLS TE configuring MPLS TE PCE, tunnel, configuring MPLS TE PCEP session parameters, configuring MPLS OAM ping for PW, configuring MPLS TE RSVP-TE RSVP resource configuring MPLS OAM tracert for LSP, reservation style, configuring MPLS OAM tracert for LSP configuring MPLS TE traffic forwarding, (periodic), configuring MPLS TE tunnel (dynamic CRLSP),...
  • Page 585 configuring RSVP reliable message displaying MPLS OAM, delivery, displaying MPLS static CRLSP, configuring RSVP Srefresh, displaying MPLS TE, configuring static CRLSP, displaying MPLS TE protection switching (PS), configuring static LSP, displaying RSVP, configuring tunnel policy, displaying static LSP, configuring tunnel selection order, displaying tunnel information, configuring VPLS, displaying VPLS,...
  • Page 586 establishing MPLS TE tunnel with RSVP-TE, protocols and standards, establishing RSVP-TE tunnel, PSC message send interval, maintaining IPv6 MPLS L3VPN, triggering mode, maintaining L2VPN access, protocols and standards IPv6 MPLS L3VPN, maintaining MPLS, LDP, maintaining MPLS L2VPN, MPLS, maintaining MPLS L3VPN, MPLS L3VPN, maintaining MPLS TE, MPLS OAM,...
  • Page 587 MPLS L2VPN PW VCCV, redundancy H-VPLS UPE, MPLS L2VPN remote CCC connection configuration, MPLS L2VPN LDP PW redundancy, MPLS L2VPN static PW, MPLS L2VPN PW redundancy, 410, MPLS L2VPN static PW configuration, MPLS L2VPN static PW redundancy, MPLS L2VPN static PW redundancy, VPLS UPE dual homing (redundant LDP PWs), MPLS L2VPN type, VPLS UPE dual homing (redundant static PWs),...
  • Page 588 IPv6 MPLS L3VPN inter-AS IPv6 VPN option IPv6 MPLS L3VPN MCE-VPN site RIPng, IPv6 MPLS L3VPN MCE-VPN site routing, IPv6 MPLS L3VPN VPN instance route related IPv6 MPLS L3VPN MCE-VPN site static routing, attributes, IPv6 MPLS L3VPN multirole host, LDP BGP unicast route redistribution, IPv6 MPLS L3VPN multirole host static route, MPLS L3VPN BGP VPNv4 route control, IPv6 MPLS L3VPN network schemes,...
  • Page 589 MPLS L3VPN inter-AS option A, MPLS TE FRR, MPLS L3VPN inter-AS option B, MPLS TE FRR manual bypass tunnel, MPLS L3VPN inter-AS option C, MPLS TE IETF DS-TE configuration, MPLS L3VPN loopback address MPLS TE inter-AS tunnel establishment redistribution, (RSVP-TE), MPLS L3VPN MCE, MPLS TE make-before-break, MPLS L3VPN MCE configuration,...
  • Page 590 MPLS TE configuration, 71, LDP session parameters, MPLS TE CRLSP backup, 99, LDP session reset, MPLS TE CRLSP dynamic establishment, MPLS OAM BFD dynamic mode, MPLS TE CRLSP path selection, MPLS OAM BFD static mode, MPLS TE CRLSP setup, MPLS TE PCEP session parameters, MPLS TE FRR, RSVP-TE SESSION_ATTRIBUTE object, MPLS TE FRR bypass tunnel on PLR,...
  • Page 591 RSVP Srefresh configuration, MPLS TE configuration, static substituting IPv6 MPLS L3VPN MCE-PE IPv6 static IPv6 MPLS L3VPN BGP AS number substitution, routing, IPv6 MPLS L3VPN BGP AS number IPv6 MPLS L3VPN MCE-VPN site static substitution+SoO attribute, routing, IPv6 MPLS L3VPN BGP AS+SoO attribute, IPv6 MPLS L3VPN multirole host static route, MPLS L3VPN BGP AS number substitution, IPv6 MPLS L3VPN PE-CE static routing,...
  • Page 592 VPLS hub-spoke networking, configuration, 182, 182, information display, traceroute. See tracert tracert tunneling MPLS OAM configuration, exclusive tunnel configuration, MPLS OAM tracert, IPv6 MPLS L3VPN/GRE tunnel, MPLS OAM tracert (periodic), MPLS L2VPN public tunnel, MPLS OAM tracert for LSP, MPLS L3VPN/GRE tunnel, MPLS OAM tracert for LSP (periodic), MPLS OAM BFD for LSP, MPLS OAM tracert for MPLS TE tunnel,...
  • Page 593 preferred tunnel configuration, switch instance. Use preferred tunnel+selection order, Virtual Circuit Connectivity Verification. See VCCV RSVP-TE tunnel establishment, VLAN MPLS L2VPN AC Layer 3 interface (VLAN tunnel policy configuration, 182, 182, encapsulation), tunnel selection order configuration, MPLS L2VPN BGP PW, VPLS architecture, MPLS L2VPN LDP PW, type...
  • Page 594 MPLS L2VPN BGP PW, VPLS PW creation, MPLS L2VPN configuration, 404, 412, VPN instance MPLS label forwarding statistics enable, MPLS L2VPN LDP PW, MPLS L2VPN LDP PW IP interworking, MPLS L3VPN inter-AS VPN option A, 194, MPLS L2VPN local connection, MPLS L2VPN local connection IP configuration, interworking,...

Table of Contents