Contents Configuring basic MPLS ················································································· 1 Overview ···························································································································································· 1 Basic concepts ··········································································································································· 1 MPLS network structure ····························································································································· 2 LSP establishment and label distribution ··································································································· 3 MPLS forwarding ········································································································································ 5 LDP ···························································································································································· 7 Protocols ···················································································································································· 8 MPLS configuration task list ······························································································································· 9 Enabling the MPLS function ·····························································································································...
Page 4
Traffic forwarding ····································································································································· 44 Automatic bandwidth adjustment ············································································································· 46 CR-LSP backup ······································································································································· 46 FRR ·························································································································································· 46 DiffServ-aware TE ···································································································································· 47 MPLS LDP over MPLS TE ······················································································································· 49 Protocols and standards ·························································································································· 50 MPLS TE configuration task list ······················································································································· 51 Configuring basic MPLS TE ····························································································································· 51 Configuring DiffServ-aware TE ························································································································...
Page 5
MPLS TE configuration examples ···················································································································· 82 MPLS TE using static CR-LSP configuration example ············································································ 82 MPLS TE tunnel using RSVP-TE configuration example ········································································· 86 Inter-AS MPLS TE tunnel using RSVP-TE Configuration example ·························································· 92 RSVP-TE GR configuration example ····································································································· 100 MPLS RSVP-TE and BFD cooperation configuration example ······························································...
Page 7
Configuring a static route ······················································································································· 279 Configuring HoVPN ········································································································································ 279 Configuring an OSPF sham link ····················································································································· 280 Configuring a loopback interface ············································································································ 280 Redistributing the loopback interface route and OSPF routes into BGP ················································ 280 Creating a sham link ······························································································································ 281 Configuring routing on an MCE ······················································································································...
Page 8
Document conventions and icons ······························································· 438 Conventions ··················································································································································· 438 Network topology icons ·································································································································· 439 Support and other resources ······································································ 440 Accessing Hewlett Packard Enterprise Support ···························································································· 440 Accessing updates ········································································································································· 440 Websites ················································································································································ 441 Customer self repair ······························································································································· 441 Remote support ······································································································································ 441 Documentation feedback ·······················································································································...
Configuring basic MPLS Overview Multiprotocol Label Switching (MPLS) enables connection-oriented label switching on connectionless IP networks. It integrates both the flexibility of IP routing and the level of simplicity of Layer 2 switching. MPLS has the following advantages: • MPLS forwards packets according to short- and fixed-length labels, instead of Layer 3 header analysis and complicated routing table lookup, enabling highly-efficient and fast data forwarding on backbone networks.
A label switching router (LSR) is a fundamental component on an MPLS network. LSRs support label distribution and label swapping. A label edge router (LER) is an LSR that resides at the edge of an MPLS network and is connected to another network.
LSRs in the same routing or administrative domain form an MPLS domain. An MPLS domain consists of the following types of LSRs: • Ingress LSRs receive and label packets coming into the MPLS domain. • Transit LSRs forward packets along LSPs to their egress LERs according to the labels. •...
Page 12
Figure 4 Process of dynamic LSP establishment Ingress Egress LSR A LSR B LSR C LSR D LSR E LSR F LSR G LSR H Label mapping Label distribution and management An LSR informs its upstream LSRs of labels assigned to FECs through label advertisement. The label advertisement modes include downstream unsolicited (DU) and downstream on demand (DoD).
• In independent mode, an LSR can distribute label bindings upstream at anytime. This means that an LSR might have distributed a label binding for a FEC to its upstream LSR before it receives a binding for that FEC from its downstream LSR. As shown in Figure 6, in independent label distribution control mode, if the label advertisement mode is DU, an LSR assigns labels to...
Page 14
receives an unlabeled packet, it looks for the corresponding FIB entry. If the Token value of the FIB entry is not Invalid, the packet must be forwarded through MPLS. The LSR then looks for the corresponding NHLFE entry according to the Token value to determine the label operation to be performed.
In an MPLS network, when an egress node receives a labeled packet, it looks up the LFIB, pops the label of the packet, and then performs the next level label forwarding or performs IP forwarding. The egress node needs to do two forwarding table lookups to forward a packet: looking up the LFIB twice or looking up the LFIB and the FIB once each.
If two LSRs each have the same transport address (the source IP address used to establish a TCP connection to the peer) for the basic and extended discovery mechanisms, the LSRs can establish both a link hello adjacency and a targeted hello adjacency with each other, and the two adjacencies are associated with the same session.
MPLS configuration task list Task Remarks Enabling the MPLS function Required. Configuring a static LSP Required. Configuring MPLS LDP capability Required. Configuring local LDP session Optional. parameters Configuring remote LDP session Optional. parameters Use either the static Configuring PHP Optional. or dynamic LSP Configuring the policy for triggering Establishing dynamic LSPs...
Enabling the MPLS function In an MPLS domain, you must enable MPLS on all routers before you can configure other MPLS features. Before you enable MPLS, complete the following tasks: • Configure link layer protocols to ensure the connectivity at the link layer. •...
• On the ingress LSR, the specified next hop or outgoing interface must be consistent with the next hop or outgoing interface of the optimal route in the routing table. If you configure a static IP route for the LSP, be sure to specify the same next hop or outgoing interface for the static route and the static LSP.
Step Command Remarks Enable LDP capability for the mpls ldp Not enabled by default. interface. NOTE: Disabling LDP on an interface terminates all LDP sessions on the interface. As a result, all LSPs using the sessions are deleted. Configuring local LDP session parameters LDP sessions established between local LDP peers are local LDP sessions.
Step Command Remarks Enter system view. system-view Create a remote peer entity mpls ldp remote-peer and enter MPLS LDP remote remote-peer-name peer view. The remote peer IP address must Configure the remote peer IP remote-ip ip-address be different from all existing address.
Step Command Remarks Enter MPLS view. mpls Optional. Specify the type of the label to be distributed by the label advertise { explicit-null | By default, an egress distributes egress to the penultimate implicit-null | non-null } to the penultimate hop an implicit hop.
Step Command Remarks Enter system view. system-view Enter MPLS LDP view. mpls ldp Optional. The default mode is ordered. Specify the label distribution For LDP sessions existing before label-distribution { independent control mode. the command is configured, you | ordered } must reset the LDP sessions for the specified label distribution control mode to take effect.
Step Command Remarks Enter system view. system-view Enter MPLS LDP view. mpls ldp By default, loop detection is Enable loop detection. loop-detect disabled. Optional. Set the maximum hop count. hops-count hop-number The default value is 32. Optional. Set the maximum path path-vectors pv-number vector length.
Page 25
Figure 8 Network diagram of label acceptance control Label advertisement control Label advertisement control is for filtering label bindings to be advertised. A downstream LSR advertises only the label bindings of the specified FECs to the specified upstream LSR. As shown Figure 9, downstream device LSR A advertises to upstream device LSR B only label bindings with FEC destinations permitted by prefix list B, and advertises to upstream device LSR C only label...
Step Command Remarks Enter MPLS LDP mpls ldp view. Optional. Configure a label accept-label peer peer-id ip-prefix Not configured by acceptance policy. ip-prefix-name default. Configure a label advertise-label ip-prefix ip-prefix-name [ peer Not configured by advertisement policy. peer-ip-prefix-name ] default. Maintaining LDP sessions This section describes how to detect communication failures between remote LDP peers and reset LDP sessions.
Configuring MPLS MTU An MPLS label stack is inserted between the link layer header and the network layer header. During MPLS forwarding, a packet, after encapsulated with an MPLS label, might exceed the allowed length of the link layer and cannot be forwarded, although the network layer packet is smaller than the interface MTU.
Page 28
Figure 10 TTL processing when TTL propagation is enabled • Disable TTL propagation—When an LSR labels a packet, it does not copy the TTL value of the original IP packet to the TTL field of the label, and the label's TTL is set to 255. When an LSR pops the stack-top label, it does not copy the label's TTL to the original packet, and if the LSR is the egress LSR, it decreases the TTL value of the original packet by 1.
Sending back ICMP TTL exceeded messages for MPLS TTL expired packets After you enable an LSR to send back ICMP TTL exceeded messages for MPLS TTL expired packets, when the LSR receives an MPLS packet that carries a label with TTL being 1, it generates an ICMP TTL exceeded message, and send the message to the packet sender in one of the following ways: •...
Page 30
• GR restarter—Router that gracefully restarts due to a manually configured command or a fault. It must be GR-capable. • GR helper—Neighbor of the GR restarter. A GR helper maintains the neighbor relationship with the GR restarter and helps the GR restarter restore its LFIB information. A GR helper must be GR-capable.
Configuration procedure The LDP GR feature and the LDP NSR feature are mutually exclusive. Do not configure both features on the device. To configure LDP GR: Step Command Remarks Enter system view. system-view Enter MPLS LDP view. mpls ldp Enable MPLS LDP GR. graceful-restart Disabled by default.
Step Command Remarks Enable the NSR function. non-stop-routing Disabled by default. Configuring MPLS statistics collection and reading Configuring MPLS statistics collection and reading (method To use display commands to view MPLS statistics, first enable MPLS statistics and then set the statistics reading interval, as follows: Step Command...
network maintenance difficult. To find LSP failures in time and locate the failed node, the device provides the following mechanisms: • MPLS LSP ping • MPLS LSP tracert Configuring MPLS LSP ping MPLS LSP ping is for testing the connectivity of an LSP. At the ingress, it adds the label for the FEC to be inspected into an MPLS echo request, which then is forwarded along the LSP to the egress.
Such a BFD session is used for connectivity detection of an LSP from the local device to the remote device. Configuration prerequisites Before enabling BFD for an LSP, complete the following tasks: • Configure an IP address for the loopback interface, and configure the IP address as the MPLS LSR ID of the device.
Step Command Remarks Enter system view. system-view 2. Enable LSP verification and mpls lspv Not enabled by default. enter the MPLS LSPV view. periodic-tracertdestination-addr 3. Configure periodic tracert for essmask-length[-a source-ip | an LSP to the specified FEC -exp exp-value | -h Not configured by default.
Page 36
Task Command Remarks display mpls label { label-value1 Display information about [ to label-value2 ] | all } [ | { begin specified MPLS labels or all Available in any view. | exclude | include } labels. regular-expression ] display mpls lsp [ incoming-interface interface-type interface-number ] [ outgoing-interface...
Task Command Remarks display mpls statistics interface { interface-type Display MPLS statistics for one or interface-number | all } [ | { begin | Available in any view. all interfaces. exclude | include } regular-expression ] display mpls statistics lsp Display statistics for all LSPs or [ in-label in-label ] [ | { begin | the LSP with a specific incoming...
Task Command Remarks display mpls ldp lsp [ all | [ vpn-instance Display information about LSPs vpn-instance-name ] [ dest-addr Available in any view. established by LDP. mask-length ] ] [ | { begin | exclude | include } regular-expression ] Display information about display mpls ldp cr-lsp [ lspid CR-LSPs established by...
Page 39
Figure 13 Network diagram Configuration considerations • On an LSP, the outgoing label of an upstream LSR must be identical with the incoming label of its downstream LSR. • Configure an LSP for each direction on the forwarding path. • Configure a static route to the destination address of the LSP on each ingress node.
Page 40
[RouterC] mpls lsr-id 3.3.3.9 [RouterC] mpls [RouterC-mpls] quit [RouterC] interface serial 2/1/0 [RouterC-Serial2/1/0] mpls [RouterC-Serial2/1/0] quit Configure a static LSP from Router A to Router C: # Configure the LSP ingress node, Router A. [RouterA] static-lsp ingress AtoC destination 21.1.1.0 24 nexthop 10.1.1.2 out-label # Configure the LSP transit node, Router B.
LSP Ping FEC: IPV4 PREFIX 11.1.1.0/24 : 100 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=100 Sequence=1 time = 3 ms Reply from 10.1.1.1: bytes=100 Sequence=2 time = 2 ms Reply from 10.1.1.1: bytes=100 Sequence=3 time = 2 ms Reply from 10.1.1.1: bytes=100 Sequence=4 time = 2 ms Reply from 10.1.1.1: bytes=100 Sequence=5 time = 2 ms --- FEC: IPV4 PREFIX 11.1.1.0/24 ping statistics ---...
Page 42
[RouterA-ospf-1] quit # Configure OSPF on Router B. <RouterB> system-view [RouterB] ospf [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [RouterB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit # Configure OSPF on Router C. <RouterC> system-view [RouterC] ospf [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [RouterC-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255...
Page 43
[RouterA-Serial2/1/0] quit # Configure MPLS and MPLS LDP on Router B. [RouterB] mpls lsr-id 2.2.2.9 [RouterB] mpls [RouterB-mpls] quit [RouterB] mpls ldp [RouterB-mpls-ldp] quit [RouterB] interface serial 2/1/0 [RouterB-Serial2/1/0] mpls [RouterB-Serial2/1/0] mpls ldp [RouterB-Serial2/1/0] quit [RouterB] interface serial 2/1/1 [RouterB-Serial2/1/1] mpls [RouterB-Serial2/1/1] mpls ldp [RouterB-Serial2/1/1] quit # Configure MPLS and MPLS LDP on Router C.
Page 44
# Configure the LSP establishment triggering policy on Router A. [RouterA] mpls [RouterA-mpls] lsp-trigger all [RouterA-mpls] quit # Configure the LSP establishment triggering policy on Router B. [RouterB] mpls [RouterB-mpls] lsp-trigger all [RouterB-mpls] quit # Configure the LSP establishment triggering policy on Router C. [RouterC] mpls [RouterC-mpls] lsp-trigger all [RouterC-mpls] quit...
Page 45
Reply from 10.1.1.1: bytes=100 Sequence=3 time = 2 ms Reply from 10.1.1.1: bytes=100 Sequence=4 time = 3 ms Reply from 10.1.1.1: bytes=100 Sequence=5 time = 2 ms --- FEC: LDP IPV4 PREFIX 11.1.1.0/24 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/3 ms...
Configuring MPLS TE Overview Network congestion is one of the major problems that can degrade your network backbone performance. It might occur when network resources are inadequate or when load distribution is unbalanced. Traffic engineering (TE) is intended to avoid the latter situation where partial congestion might occur because of improper resource allocation.
Basic concepts LSP tunnel—On an LSP, after packets are labeled at the ingress node, the packets are forwarded based on label. The traffic is transparent to the transits nodes on the LSP. In this sense, an LSP can be regarded as a tunnel. MPLS TE tunnel—Rerouting and transmission over multiple paths might involve multiple LSP tunnels.
CR-LSP Unlike ordinary LSPs established based on routing information, CR-LSPs are established based on criteria such as bandwidth, selected path, and QoS parameters, in addition to routing information. The mechanism setting up and managing constraints is called Constraint-based Routing (CR). CR-LSP uses the following concepts: •...
Reoptimization Traffic engineering is a process of allocating or reallocating network resources. You can configure it to meet desired QoS. Service providers use some mechanism to optimize CR-LSPs for best use of network resources. They can do this manually but CR-LSP measurement and tuning are required. Alternatively, they can use MPLS TE where CR-LSPs are dynamically optimized.
Page 50
Figure 15 Diagram for make-before-break Figure 15 presents a scenario where a path Router A — Router B — Router C — Router D is established with 30 Mbps reserved bandwidth between Router A and Router D. The remaining bandwidth is then 30 Mbps. If 40 Mbps path bandwidth is requested, the remaining bandwidth of the Router A—Router B—Router C—Router D path is inadequate.
Page 51
Setting up an LSP tunnel Figure 16 Setting up an LSP tunnel The following is a simplified procedure for setting up an LSP tunnel with RSVP: The ingress LSR sends a Path message that carries the label request information, and then forwards the message along the path calculated by CSPF hop-by-hop towards the egress LSR.
PSB, RSB and BSB timeouts To create an LSP tunnel, the sender sends a Path message with a LABEL_REQUEST object. After receiving this Path message, the receiver assigns a label for the path and puts the label binding in the LABEL object in the returned Resv message. The LABEL_REQUEST object is stored in the path state block (PSB) on the upstream nodes, while the LABEL object is stored in the reservation state block (RSB) on the downstream nodes.
Page 53
Static routing Static routing is the easiest way to route traffic along an MPLS TE tunnel. You only need to manually create a route that reaches the destination through the tunnel interface. For more information about static routing, see Layer 3—IP Routing Configuration Guide. Policy-based routing You can also use policy-based routing to route traffic over an MPLS TE tunnel.
Automatic bandwidth adjustment Because users cannot estimate accurately how much traffic they need to transmit though service provider networks, they are more willing to pay for used bandwidth. Therefore, a service provider should be able to create TE tunnels from CR-LSPs with initially requested bandwidth for users, and automatically tune the bandwidth resources assigned to these CR-LSPs when user services increase.
Figure 18 FRR link protection • Node protection—The PLR and the MP are connected through a device and the primary LSP traverses this device. When the device fails, traffic is switched to the bypass LSP. As shown Figure 19, the primary LSP is Router A — Router B — Router C — Router D — Router E, and the bypass LSP is Router B —...
Page 56
• Bandwidth Constraint (BC)—Restricts the bandwidth for one or more class types. • Bandwidth constraint model—Algorithm for implementing bandwidth constraints on different CTs. A BC model comprises two factors, the maximum number of Bandwidth Constraints (MaxBC) and the mappings between BCs and CTs. DS-TE supports two BC models, Russian Dolls Model (RDM) and Maximum Allocation Model (MAM).
Figure 20 RDM bandwidth constraints model In MAM model, a BC constrains the bandwidth of only one CT on an interface. This ensures isolation across CTs no matter whether preemption is used or not. Compared with RDM, MAM is easy to understand and configure.
Figure 22 Establish an LDP LSP across the network core layer To simplify the configuration, when setting up an LDP LSP across the core layer, you can use the MPLS TE tunnel that is already established in the core layer. As shown in Figure 23, when using the MPLS TE tunnel to establish the LDP LSP, you do not need to establish local LDP sessions between...
• RFC 3564, Requirements for Support of Differentiated Service-aware MPLS Traffic Engineering • ITU-T Recommendation Y.1720, Protection switching for MPLS networks MPLS TE configuration task list Task Remarks Configuring basic MPLS TE Required. Configuring DiffServ-aware TE Optional. Configuring an Creating an MPLS TE tunnel over a static CR-LSP Required.
Step Command Remarks Enter MPLS view. mpls Enable global MPLS TE. mpls te Disabled by default. Return to system view. quit Enter the interface view of an interface interface-type MPLS TE link. interface-number Enable interface MPLS TE. mpls te Disabled by default. Return to system view.
TE Class Priority Creating an MPLS TE tunnel over a static CR-LSP Creating MPLS TE tunnels over static CR-LSPs does not involve configuration of tunnel constraints or the issue of IGP TE extension or CSPF. Create a static CR-LSP and a TE tunnel using static signaling and then associate them.
Step Command Remarks Enter system view. system-view Enter the interface view interface tunnel tunnel-number of an MPLS TE tunnel. Configure the tunnel to mpls te signal-protocol static use static CR-LSP. Submit the current tunnel mpls te commit configuration. Return to system view. quit •...
Before you perform the configuration, complete the following tasks: • Configure static routing or an IGP protocol to ensure all LSRs are reachable. • Configure basic MPLS. • Configure basic MPLS TE. Complete the following tasks to configure an MPLS TE tunnel using a dynamic signaling protocol: Task Remarks Configuring MPLS TE properties for a link...
Configuring CSPF With CSPF enabled, a node uses CSPF to calculate the shortest path that satisfies TE requirements. To configure CSPF: Step Command Remarks Enter system view. system-view Enter MPLS view. mpls Enable CSPF on your mpls te cspf Disabled by default. device.
Page 65
the interface through the sub-TLV of IS reachability TLV (type 22). As a best practice, avoid enabling IS-IS TE on an interface configured with secondary IP addresses. For more information about IS-IS, see Layer 3—IP Routing Configuration Guide. To configure IS-IS TE: Step Command Remarks...
Page 66
Step Command Remarks The next hop is a strict node by default. Specify a next hop IP next hop ip-address [ include Repeat this step to define a address on the explicit path. [ loose | strict ] | exclude ] sequential set of the hops that the explicit path traverses.
Establishing an MPLS TE tunnel with RSVP-TE To use RSVP-TE as the signaling protocol for setting up the MPLS TE tunnel, you must enable both MPLS TE and RSVP-TE on the interfaces for the tunnel to use on each node along the tunnel. To establish an MPLS TE tunnel with RSVP-TE: Step Command...
To configure RSVP reservation style: Step Command Remarks Enter system view. system-view Enter MPLS TE tunnel interface tunnel tunnel-number interface view. Optional. Configure the resources reservation style for the mpls te resv-style { ff | se } The default resource reservation tunnel.
Configuring RSVP authentication RSVP adopts hop-by-hop authentication to prevent fake resource reservation requests from occupying network resources. It requires that the interfaces at the two ends of a link must share the same authentication key to exchange RSVP messages. To configure RSVP authentication: Step Command Remarks...
Step Command Remarks mpls rsvp-te timer Optional. Set the RSVP-TE GR graceful-restart recovery recovery timer. 300 seconds by default. recovery-time Enter interface view of MPLS interface interface-type TE link. interface-number Enable RSVP hello mpls rsvp-te hello Disabled by default. extension for the interface. Configuring cooperation of RSVP-TE and BFD On an MPLS TE network, if a link between neighboring LSRs fails, the corresponding MPLS TE tunnel will fail to forward packets.
Step Command Remarks Specify the tie breaker that a Optional. tunnel uses to select a path mpls te tie-breaking { least-fill | when multiple paths with the The random keyword applies by most-fill | random } same metric are present on default.
The associations between administrative groups and affinities might vary by vendor. To ensure the successful establishment of a tunnel between two devices from different vendors, correctly configure their respective administrative groups and affinities. To configure the administrative group and affinity attribute: Step Command Remarks...
Configuring loop detection Step Command Remarks Enter system view. system-view Enter MPLS TE tunnel interface tunnel tunnel-number interface view. Enable the system to perform loop detection when mpls te loop-detection Disabled by default. setting up a tunnel. Submit current tunnel mpls te commit configuration.
Assigning priorities to a tunnel Two priorities, setup priority and holding priority, are assigned to paths for MPLS TE to make preemption decision. For a new path to preempt an existing path, the setup priority of the new path must be greater than the holding priority of the existing path. To avoid flapping caused by improper preemptions between CR-LSPs, the setup priority of a CR-LSP must not be set higher than its holding priority.
Step Command Remarks Enter system view. system-view The default ACL rule Create and enter the view acl number acl-number [ match-order { auto | match order is of an advanced IPv4 ACL. config } ] config. rule [ rule-id ] { deny | permit } protocol [ destination { dest-addr dest-wildcard | any } | destination-port operator port1 [ port2 ] | dscp dscp | established | fragment | icmp-type...
Page 77
Step Command Remarks Enter system view. system-view Enter MPLS TE tunnel interface tunnel tunnel-number interface view. MPLS TE tunnels are not Configure the IGP to take the considered in the enhanced SPF MPLS TE tunnels in up state calculation of IGP. mpls te igp shortcut [ isis | into account when ospf ]...
Configuring traffic forwarding tuning parameters In MPLS TE, you can configure traffic forwarding tuning parameters, such as the failed link timer and flooding thresholds, to change paths that IP or MPLS traffic flows traverse or to define type of traffic that may travel down a TE tunnel.
Step Command Remarks Specify the metric type to Optional. use when no metric type is mpls te path metric-type { igp | TE metrics of links are used by explicitly configured for a te } default. tunnel. Return to system view. quit If you do not configure the mpls te path metric-type command in...
this timer, MPLS TE resizes the tunnel bandwidth using the maximum tunnel output rate sampled before the expiration of the timer as the bandwidth constraint to set up a new LSP tunnel. If the setup attempt succeeds, traffic is switched to the new LSP tunnel and the old LSP tunnel is cleared.
• Configure basic MPLS TE. • Configure MPLS TE tunnels. Configure CR-LSP backup mode at the ingress node of a tunnel. The system automatically selects the primary LSP and backup LSP. You do not need to configure them. To configure CR-LSP backup: Step Command Remarks...
Step Command Remarks Enter system view. system-view Enter tunnel interface view of interface tunnel tunnel-number the protected LSP. Enable FRR. mpls te fast-reroute Disabled by default. Submit current tunnel mpls te commit configuration. Configuring a bypass tunnel on its PLR After a tunnel is specified to protect an interface, its corresponding LSP becomes a bypass LSP.
Step Command Remarks mpls te fast-reroute Bind the bypass tunnel with bypass-tunnel tunnel the protected interface. tunnel-number Configuring node protection To use FRR for node protection, perform the configuration in this section on the PLR and the protected node. If you only need to protect links, skip this section. To configure node protection: Step Command...
Inspecting an MPLS TE tunnel When an MPLS TE tunnel fails or affects data forwarding due to performance degradation, the control plane cannot detect the fault or cannot do so in time. This brings difficulty to network maintenance. To detect MPLS TE tunnel failures in time and locate the failed node, the device provides the following mechanisms: •...
• Static—If you specify the local and remote discriminator values by using the discriminator keyword when configuring the mpls tebfd enable command, the BFD session is established with the specified discriminator values. Such a BFD sessioncan detect the connectivity of a pair of MPLS TE tunnels in opposite directions (one from local to remote, and the other from remote to local) between two devices.
Step Command Remarks 5. Configure BFD to check the mpls te bfd By default, BFD is not configured connectivity of the MPLS TE enable[discriminator local to check connectivity of MPLS TE tunnel. local-idremoteremote-id] tunnels. 6. Configure MPLS TE to tear Optional.
To enable MPLS TE statistics collection: Step Command Remarks Enter system view. system-view Enter MPLS view. mpls Enable statistics collection statistics te ingress-lsr-id Disabled by default. for the RSVP-TE tunnel. tunnel-id You can use the display mpls statistics lsp command, the display mpls statistics lsp in-label command, and the display mpls statistics tunnel command to view the MPLS TE tunnel statistics.
Page 88
Task Command Remarks display mpls rsvp-te psb-content ingress-lsr-id lspid Display information about tunnel-id egress-lsr-id [ | { begin | Available in any view. RSVP-TE PSB. exclude | include } regular-expression ] display mpls rsvp-te rsb-content ingress-lsr-id Ispid Display information about tunnel-id egress-lsr-id Available in any view.
Page 89
Task Command Remarks display mpls te tunnel statistics Display statistics about MPLS TE [ | { begin | exclude | include } Available in any view. tunnels. regular-expression ] display mpls te tunnel-interface Display information about MPLS tunnel number [ | { begin | Available in any view.
Task Command Remarks reset mpls rsvp-te statistics Clear the statistics about { global | interface Available in user view. RSVP-TE. [ interface-type interface-number ] MPLS TE configuration examples MPLS TE using static CR-LSP configuration example Network requirements Router A, Router B, and Router C run IS-IS. Establish a TE tunnel using a static CR-LSP between Router A and Router C.
[RouterB] display mpls static-cr-lsp total statics-cr-lsp : 1 Name I/O Label I/O If State Tunnel0 20/30 GE2/1/1/GE2/1/2 [RouterC] display mpls static-cr-lsp total statics-cr-lsp : 1 Name I/O Label I/O If State Tunnel0 30/NULL GE2/1/1/- On an MPLS TE tunnel configured using a static CR-LSP, traffic is forwarded directly based on label at the transit nodes and egress node.
Page 98
[RouterB-isis-1] traffic-eng level-2 [RouterB-isis-1] quit # Configure Router C. [RouterC] isis 1 [RouterC-isis-1] cost-style wide [RouterC-isis-1] traffic-eng level-2 [RouterC-isis-1] quit # Configure Router D. [RouterD] isis 1 [RouterD-isis-1] cost-style wide [RouterD-isis-1] traffic-eng level-2 [RouterD-isis-1] quit Configure MPLS TE attributes of links: # Configure maximum link bandwidth and maximum reservable bandwidth on Router A.
Page 99
[RouterA-Tunnel1] mpls te tunnel-id 10 [RouterA-Tunnel1] mpls te signal-protocol rsvp-te [RouterA-Tunnel1] mpls te bandwidth 2000 [RouterA-Tunnel1] mpls te commit [RouterA-Tunnel1] quit Verify the configuration: Execute the display interface tunnel command on Router A. You can see that the tunnel interface is up. [RouterA] display interface tunnel Tunnel1 current state: UP Line protocol current state: UP...
Route Pinning Disabled Retry Limit Retry Interval: 10 sec Reopt Disabled Reopt Freq Back Up Type None Back Up LSPID Auto BW Disabled Auto BW Freq : Min BW Max BW Current Collected BW: Interfaces Protected: VPN Bind Type NONE VPN Bind Value Car Policy Disabled...
Page 101
Figure 26 Network diagram Device Interface IP address Device Interface IP address Router A Loop0 1.1.1.9/32 Router C Loop0 3.3.3.9/32 GE2/1/1 10.1.1.1/24 GE2/1/1 30.1.1.1/24 Router B Loop0 2.2.2.9/32 POS5/1/0 20.1.1.2/24 GE2/1/1 10.1.1.2/24 Router D Loop0 4.4.4.9/32 POS5/1/0 20.1.1.1/24 GE2/1/1 30.1.1.2/24 Configuration procedure Configure IP addresses and masks for the interfaces according to Figure...
Page 102
[RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit # Configure OSPF on Router D. <RouterD> system-view [RouterD] ospf [RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [RouterD-ospf-1-area-0.0.0.0] quit [RouterD-ospf-1] quit After the configurations, execute the display ip routing-table command on each device.
Page 103
Destination/Mask Proto Cost NextHop Interface 1.1.1.9/32 Direct 0 127.0.0.1 InLoop0 2.2.2.9/32 OSPF 10.1.1.2 GE2/1/1 3.3.3.9/32 O_ASE 10.1.1.2 GE2/1/1 4.4.4.9/32 O_ASE 10.1.1.2 GE2/1/1 10.1.1.0/24 Direct 0 10.1.1.1 GE2/1/1 10.1.1.1/32 Direct 0 127.0.0.1 InLoop0 20.1.1.0/24 O_ASE 10.1.1.2 GE2/1/1 30.1.1.0/24 O_ASE 10.1.1.2 GE2/1/1 127.0.0.0/8 Direct 0 127.0.0.1...
Page 105
[RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0.0.0.0] mpls-te enable [RouterD-ospf-1-area-0.0.0.0] quit [RouterD-ospf-1] quit Configure a loose explicit route: # Configure a loose explicit route on Router A. [RouterA] explicit-path atod enable [RouterA-explicit-path-atod] next hop 10.1.1.2 include loose [RouterA-explicit-path-atod] next hop 20.1.1.2 include loose [RouterA-explicit-path-atod] next hop 30.1.1.2 include loose [RouterA-explicit-path-atod] quit Configure MPLS TE attributes of links:...
Page 106
[RouterA-Tunnel1] mpls te signal-protocol rsvp-te [RouterA-Tunnel1] mpls te bandwidth 2000 [RouterA-Tunnel1] mpls te path explicit-path atod preference 5 [RouterA-Tunnel1] mpls te commit [RouterA-Tunnel1] quit Verify the configuration: Execute the display interface tunnel command on Router A. The output shows that the tunnel interface is up.
Page 107
Record Route Disabled Record Label : Disabled FRR Flag Disabled BackUpBW Flag: Not Supported BackUpBW Type BackUpBW Route Pinning Disabled Retry Limit Retry Interval: 2 sec Reopt Disabled Reopt Freq Back Up Type None Back Up LSPID Auto BW Disabled Auto BW Freq : Min BW Max BW...
127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 RSVP-TE GR configuration example Network requirements Router A, Router B and Router C are running IS-IS. All of them are Level-2 devices and support RSVP hello extension. Use RSVP-TE to create a TE tunnel from Router A to Router C. Router A, Router B and Router C are RSVP-TE neighbors.
MPLS RSVP-TE and BFD cooperation configuration example Network requirements Run OSPF on Router A and Router B to ensure IP connectivity. Enable MPLS RSVP-TE BFD on the interfaces connecting the two routers. If the physical link between Router A and Router B fails, BFD can detect the failure quickly and inform MPLS RSVP-TE of the failure.
Page 111
[RouterA] ospf [Router-A-ospf-1] area 0 [Router-A-ospf-1-area-0.0.0.0] network 12.12.12.1 0.0.0.255 [Router-A-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [Router-A-ospf-1-area-0.0.0.0] quit [Router-A-ospf-1] quit # Configure Router B. <RouterB>system-view [RouterB] ospf [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 12.12.12.2 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit Configure IP addresses for the interfaces: # Configure Router A.
Diag Info: No Diagnostic MPLS TE using CR-LDP configuration example Network requirements Router A, Router B, Router C and Router D are running OSPF and all of them are in area 0. Use CR-LDP to create a TE tunnel from Router A to Router D, making sure that the maximum bandwidth of each link that the tunnel traverses is 10000 kbps and the maximum reservable bandwidth is 5000 kbps.
Page 114
[RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] mpls-te enable [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit # Configure Router C. [RouterC] ospf [RouterC-ospf-1] opaque-capability enable [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] mpls-te enable [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit # Configure Router D. [RouterD] ospf [RouterD-ospf-1] opaque-capability enable [RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0.0.0.0] mpls-te enable [RouterD-ospf-1-area-0.0.0.0] quit [RouterD-ospf-1] quit...
Page 115
Execute the display mpls te cspf tedb all command on each router to view information about links in TEDB. Take Router A for example: [RouterA] display mpls te cspf tedb all Maximum Node Supported: 128 Maximum Link Supported: 256 Current Total Node Number: 4 Current Total Link Number: 6 MPLS LSR-Id Process-Id...
Page 116
----------------------------------------------------------------- 2.2.2.9:0 Operational Passive 11/11 ----------------------------------------------------------------- LAM : Label Advertisement Mode : Fault Tolerance Create an MPLS TE tunnel: # Create an MPLS TE tunnel on Router A. [RouterA] interface tunnel 2 [RouterA-Tunnel2] ip address 8.1.1.1 255.255.255.0 [RouterA-Tunnel2] tunnel-protocol mpls te [RouterA-Tunnel2] destination 4.4.4.9 [RouterA-Tunnel2] mpls te tunnel-id 10 [RouterA-Tunnel2] mpls te signal-protocol crldp...
Page 117
Setup Priority Hold Priority: Affinity Prop/Mask 0x0/0x0 Explicit Path Name Tie-Breaking Policy : None Metric Type None Record Route Disabled Record Label : Disabled FRR Flag Disabled BackUpBW Flag: Not Supported BackUpBW Type BackUpBW Route Pinning Disabled Retry Limit Retry Interval: 10 sec Reopt Disabled...
Page 118
Link Type : MultiAccess Link ID : 10.1.1.2 Local Interface Address : 10.1.1.1 Remote Interface Address : 0.0.0.0 TE Metric Maximum Bandwidth : 1250000 bytes/sec Maximum Reservable BW : 625000 bytes/sec Admin Group : 0X0 Unreserved Bandwidth for each TE Class: Unreserved BW [ 0] =625000 bytes/sec Unreserved BW [ 1] =625000...
[RouterA] ip route-static 30.1.1.2 24 tunnel 2 preference 1 Execute the display ip routing-table command on Router A. You can see a static route entry with Tunnel2 as the outgoing interface. CR-LSP backup configuration example Network requirements Set up an MPLS TE tunnel from Router A to Router C. Use CR-LSP hot backup for it. Figure 30 Network diagram Device Interface...
Page 120
[RouterA] interface giabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] mpls [RouterA-GigabitEthernet2/1/1] mpls te [RouterA-GigabitEthernet2/1/1] mpls rsvp-te [RouterA-GigabitEthernet2/1/1] quit [RouterA] interface pos 5/1/1 [RouterA-POS55/1/1] mpls [RouterA-POS5/1/1] mpls te [RouterA-POS5/1/1] mpls rsvp-te [RouterA-POS5/1/1] quit Follow the same steps to configure Router B, Router C, and Router D. Create an MPLS TE tunnel on Router A: # Configure the MPLS TE tunnel carried on the primary LSP.
Page 121
1.1.1.9:6 3.3.3.9 -/GE2/1/1 Tunnel3 1.1.1.9:2054 3.3.3.9 -/POS5/1/1 Tunnel3 # Execute the display mpls te tunnel path command on Router A to identify the paths that the two tunnels traverse: [RouterA] display mpls te tunnel path Tunnel Interface Name : Tunnel3 Lsp ID : 1.1.1.9 :6 Hop Information Hop 0...
Execute the display ip routing-table command on Router A. You can see a static route entry with Tunnel 3 as the outgoing interface. FRR configuration example Network requirements On the LSP Router A—Router B—Router C—Router D, use FRR to protect the link Router B—Router C.
Page 124
[RouterB-POS5/1/0] mpls te [RouterB-POS5/1/0] mpls rsvp-te [RouterB-POS5/1/0] quit Follow the same steps to configure Router C, Router D, and Router E. Create an MPLS TE tunnel on Router A, the ingress node of the primary LSP: # Create an explicit path for the primary LSP. [RouterA] explicit-path pri-path [RouterA-explicit-path-pri-path] next hop 2.1.1.2 [RouterA-explicit-path-pri-path] next hop 3.1.1.2...
Page 125
Tunnel Attributes LSP ID 1.1.1.1:1 Session ID Admin State Oper State Ingress LSR ID 1.1.1.1 Egress LSR ID: 4.4.4.4 Signaling Prot RSVP Resv Style Class Type Tunnel BW 0 kbps Reserved BW 0 kbps Setup Priority Hold Priority: Affinity Prop/Mask 0x0/0x0 Explicit Path Name pri-path...
Page 126
[RouterB-Tunnel5] mpls te commit [RouterB-Tunnel5] quit # Bind the bypass tunnel with the protected interface. [RouterB] interface giabitethernet 2/1/2 [RouterB-GigabitEthernet2/1/2] mpls te fast-reroute bypass-tunnel tunnel 5 [RouterB-GigabitEthernet2/1/2] quit Execute the display interface tunnel command on Router B. You can see that Tunnel 5 is up. Execute the display mpls lsp command on each router for LSP entries.
Page 127
1.1.1.1:1 4.4.4.4 GE2/1/1/GE2/1/2 Tunnel4 2.2.2.2:1 3.3.3.3 -/POS5/1/0 Tunnel5 [RouterC] display mpls te tunnel LSP-Id Destination In/Out-If Name 1.1.1.1:1 4.4.4.4 GE2/1/2/GE2/1/1 Tunnel4 2.2.2.2:1 3.3.3.3 POS5/1/0/- Tunnel5 [RouterD] display mpls te tunnel LSP-Id Destination In/Out-If Name 1.1.1.1:1 4.4.4.4 GE2/1/1/- Tunnel4 [RouterE] display mpls te tunnel LSP-Id Destination In/Out-If...
Page 128
BypassTunnel Tunnel Index[---] Mpls-Mtu 1500 Verify the FRR function: # Shut down the protected outgoing interface on PLR. [RouterB] interface giabitethernet 2/1/2 [RouterB-GigabitEthernet2/1/2] shutdown %Sep 7 08:53:34 2004 RouterB IFNET/5/UPDOWN:Line protocol on the interface GigabitEthernet2/1/2 turns into DOWN state # Execute the display interface tunnel 4 command on Router A to identify the state of the primary LSP.
Page 129
Tunnel Name Tunnel4 Tunnel Desc Tunnel4 Interface Tunnel State Desc Modifying CR-LSP is setting up Tunnel Attributes LSP ID 1.1.1.1:1025 Session ID Admin State Oper State Modified Ingress LSR ID 1.1.1.1 Egress LSR ID: 4.4.4.4 Signaling Prot RSVP Resv Style Class Type Tunnel BW 0 kbps...
Page 130
4.4.4.4/32 Nexthop 3.1.1.2 In-Label 1024 Out-Label 1024 In-Interface GigabitEthernet2/1/1 Out-Interface GigabitEthernet2/1/2 LspIndex 4097 Tunnel ID 0x22001 LsrType Transit Bypass In Use In Use BypassTunnel Tunnel Index[Tunnel5], InnerLabel[1024] Mpls-Mtu 1500 IngressLsrID 2.2.2.2 LocalLspID Tunnel-Interface Tunnel5 3.3.3.3/32 Nexthop 3.2.1.2 In-Label NULL Out-Label 1024 In-Interface ----------...
IETF DS-TE configuration example Network requirements Router A, Router B, Router C, and Router D are running IS-IS and all of them are Level-2 routers. Use RSVP-TE to create a TE tunnel from Router A to Router D. Traffic of the tunnel belongs to CT 2, and the tunnel needs a bandwidth of 4000 kbps.
Page 134
[RouterC-mpls] mpls te [RouterC-mpls] mpls rsvp-te [RouterC-mpls] mpls te cspf [RouterC-mpls] mpls te ds-te mode ietf [RouterC-mpls] quit [RouterC] interface giabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] mpls [RouterC-GigabitEthernet2/1/1] mpls te [RouterC-GigabitEthernet2/1/1] mpls rsvp-te [RouterC-GigabitEthernet2/1/1] quit [RouterC] interface pos 5/1/0 [RouterC-POS5/1/0] mpls [RouterC-POS5/1/0] mpls te [RouterC-POS5/1/0] mpls rsvp-te [RouterC-POS5/1/0] quit # Configure Router D.
Page 135
[RouterD-isis-1] traffic-eng level-2 [RouterD-isis-1] quit Configure MPLS TE attributes of links: # Configure the maximum bandwidth and bandwidth constraints on Router A. [RouterA] interface giabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] mpls te max-link-bandwidth 10000 [RouterA-GigabitEthernet2/1/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterA-GigabitEthernet2/1/1] quit # Configure the maximum bandwidth and bandwidth constraints on Router B.
Page 136
Verify the configuration: # Execute the display interface tunnel command on Router A. You can see that the tunnel interface is up. [RouterA] display interface tunnel Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 64000 Internet Address is 7.1.1.1/24 Primary Encapsulation is TUNNEL, service-loopback-group ID not set Tunnel source unknown, destination 4.4.4.9...
Page 137
Min BW Max BW Current Collected BW: Interfaces Protected: VPN Bind Type NONE VPN Bind Value Car Policy Disabled Tunnel Group Primary Primary Tunnel Backup Tunnel Group Status # Execute the display mpls te cspf tedb all command on Router A to view the link information in the TEDB.
Create a static route to direct traffic destined for subnet 30.1.1.0/24 into the MPLS TE tunnel: [RouterA] ip route-static 30.1.1.2 24 tunnel 1 preference 1 Execute the display ip routing-table command on Router A. The routing table has a static route entry with interface Tunnel 1 as the outgoing interface.
MPLS TE in MPLS L3VPN configuration example Network requirements CE 1 and CE 2 belong to VPN 1. They are connected to the MPLS backbone respectively through PE 1 and PE 2. The IGP protocol running on the MPLS backbone is OSPF. •...
Page 145
[PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 10.0.0.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit After you complete the configuration, the PEs establish an OSPF neighbor relationship. Execute the display ospf peer verbose command. You can see that the neighborship state is FULL.
Page 146
[PE2-mpls] mpls te [PE2-mpls] mpls rsvp-te [PE2-mpls] mpls te cspf [PE2-mpls] quit [PE2] interface pos 5/1/1 [PE2-POS5/1/1] mpls [PE2-POS5/1/1] mpls te [PE2-POS5/1/1] mpls rsvp-te [PE2-POS5/1/1] quit Enable OSPF TE: # Configure PE 1. [PE1] ospf [PE1-ospf-1] opaque-capability enable [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] mpls-te enable [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit...
Page 147
[PE1-vpn-instance-vpn1] tnl-policy policy1 [PE1-vpn-instance-vpn1] quit [PE1] tunnel-policy policy1 [PE1-tunnel-policy-policy1] tunnel select-seq cr-lsp load-balance-number 1 [PE1-tunnel-policy-policy1] quit [PE1] interface giabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ip address 192.168.1.1 255.255.255.0 [PE1-GigabitEthernet2/1/1] quit # Configure on CE 2. <CE2> system-view [CE2] interface giabitethernet 2/1/1 [CE2-GigabitEthernet2/1/1] ip address 192.168.2.2 255.255.255.0 [CE2-GigabitEthernet2/1/1] quit # Configure the VPN instance on PE 2, and bind it with the interface connected to CE 2.
Page 148
Configure BGP: # Configure CE 1. [CE1] bgp 65001 [CE1-bgp] peer 192.168.1.1 as-number 100 [CE1-bgp] quit # Configure PE 1 to establish the EBGP peer relationship with CE 1, and the IBGP peer relationship with PE 2. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 192.168.1.2 as-number 65001 [PE1-bgp-vpn1] import-route direct...
Page 149
192.168.1.2 4 65001 4 00:02:13 Established Ping CE 2 on CE 1 and vice versa to test connectivity. [CE1] ping 192.168.2.2 PING 192.168.2.2: 56 data bytes, press CTRL_C to break Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=253 time=61 ms Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=253 time=54 ms Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=253 time=53 ms Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=253 time=57 ms Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=253 time=36 ms...
# Execute the display interface tunnel command on PE 1. The output shows that traffic is forwarded along the CR-LSP of the TE tunnel. [PE1] display interface tunnel 1 Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 1500 Internet Address is 12.1.1.1/24 Primary Encapsulation is TUNNEL, service-loopback-group ID not set...
Configuring MPLS L2VPN Overview MPLS L2VPN is an MPLS-based Layer 2 VPN technology. It uses MPLS to establish Layer 2 connections between network nodes. Using MPLS L2VPN, carriers can transparently transport Layer 2 data of different data link layer protocols (including ATM, FR, VLAN, Ethernet, and PPP) over a single MPLS or IP backbone. From the perspective of users, the MPLS or IP backbone network is a Layer 2 switched network.
Remote connection model As shown in Figure 35, this model connects two Layer 2 customer networks over an MPLS or IP backbone. Figure 35 Remote connection Local connection model As shown in Figure 36, this model connects two Layer 2 customer networks to the same PE. The customer networks exchange packets with each other through the PE.
a. Set up an AC: Configure the link layer protocol on a PE and the connected CE to set up a link layer connection (such as a PPP connection) between the PE and the CE. b. Bind the AC to the VC: For most link layer protocols, you bind the AC to the VC by binding the PE's Layer 3 interface connected to the CE to the VC.
Configure the link layer protocol on the PE and a connected CE to set up a link layer connection (such as a PPP connection) between the PE and the CE. Bind the two ACs that connect the two CEs: You can bind the ACs by binding the PE's Layer 3 interfaces connected to the two CEs. After the binding, the PE forward packets received from one AC to another.
Page 156
After receiving the packet, PE 2 deletes the label from the packet, and then forwards the packet out of the bound interface Interface B to CE 2. Unlike other MPLS L2VPN modes, CCC employs only one level of label to transfer user packets. A static LSP forwards only packets from the AC bound to the static LSP.
Page 157
• Export target attribute—When a PE sends L2VPN information (such as CE ID and RD) to the peer PE through a BGP update message, it sets the route target attribute carried in the update message to export target. • Import target attribute—When a PE receives an update message from the peer PE, it checks the route target attribute in the update message.
Page 158
As shown in Figure 41, PEs calculates VC labels for a VC as follows (take the VC between CE 1 and CE 12 as an example): • PE 1 calculates the VC label it assigns to the VC: PE 1 compares the ID (12) of the peer CE (CE 12) with the label blocks assigned by PE 1. If a label block satisfies LO<=CE ID<LO+LR, PE 1 assigns a label from the label block.
Page 159
The VC is successfully set up after both PE 1 and PE 2 calculate the VC labels. Table 2 compares the implementation modes of MPLS L2VPN. Table 2 Comparing MPLS L2VPN implementation modes VC label Application Mode encapsulation and Advantages and disadvantages scenario distribution Advantages:...
VC types A PE encapsulates a Layer 2 packet received from an AC according to the VC type. The VC type is determined by the AC type, as shown in Table Table 3 Relationship between AC types and VC types AC type VC type HDLC...
If the peer PE requires the ingress to rewrite the P-tag: The PE changes the P-Tag to the VLAN tag (the tag might be a null tag) expected by the peer PE, and then encapsulates the packet. If the packet contains no P-tag, the PE adds a VLAN tag expected by the peer PE (the tag value might be 0) and then encapsulates the packet.
the padding string according to the payload length field of the control word, so as to abstract the correct original payload of the packet. For some VC types, such as FR DLCI and ATM AAL5 transparent transport, packets transmitted on a VC always carry the control word field.
To set up a local VC connection, you only need to bind two ACs on the PE. This document only describes the MPLS L2VPN-related configurations on PEs. The MPLS L2VPN is transparent to a user network. You do not need to perform MPLS L2VPN-specific configurations on CEs.
Configuring the interface with PPP encapsulation Step Command Remarks Enter system view. system-view Enter interface view. interface { serial | pos } number Optional. Configure the link layer link-protocol ppp protocol. PPP by default. Configuring the interface with HDLC encapsulation Step Command Remarks...
Configuring the interface with Ethernet encapsulation Ethernet interfaces use Ethernet encapsulation. For configuration information about Ethernet interfaces, see Interface Configuration Guide. Configuring the interface with VLAN encapsulation Ethernet subinterfaces use VLAN encapsulation. For more information about Ethernet subinterface configuration, see Interface Configuration Guide. Configuring the interface with transparent ATM AAL5 frame encapsulation Step...
• On the two PEs of the connection, use the ccc interface in-label out-label command to specify the incoming and the outgoing labels, and other information as needed. You do not need to configure two static LSPs (with the static-lsp command) for each remote CCC connection.
After you configure SVC on a Layer 3 interface, packets arriving at this interface are forwarded over the VC. As a best practice, configure SVC on a Layer 3 interface when all users connected to the Layer 3 interface have their packets forwarded over the same VC. After you configure SVC for a service instance applied on a Layer 2 Ethernet interface, the interface uses the service instance to match incoming packets.
Step Command Remarks Optional. By default, no VC labels are configured for the backup VC. Configure the VC labels for static backup-label local local-vc You must perform this command the backup VC. remote remote-vc if you have specified the backup-peer keyword in the mpls static-l2vc command.
Step Command Remarks Return to system view. quit Enter Layer 2 Ethernet interface interface-type interface view. interface-number Create a service instance By default, no service instance is and enter service instance service-instance instance-id created. view. Configure a packet encapsulation { s-vid vlan-id By default, no packet matching rule matching rule for the [ only-tagged ] | port-based |...
Create a VC in Martini mode, in one of the following ways: Configure a Martini VC on a Layer 3 interface. In this way, packets arriving at this interface are forwarded over the created VC. As a best practice, create a VC on a Layer 3 interface when all users connected to the interface have their packets forwarded over the same VC.
Creating a Martini VC for a service instance To complete this task, perform the following configurations on a PE: • Create a service instance on a Layer 2 Ethernet interface. • Configure a packet matching rule for the service instance. •...
Step Command Remarks display service-instance interface interface-type 11. Display information about interface-number one or all service instances Available in any view. [ service-instance instance-id ] [ | configured on the interface. { begin | exclude | include } regular-expression ] To ensure normal forwarding of VPN traffic, the Layer 2 Ethernet interface must allow the VLANs that might appear in the VPN traffic.
Step Command Remarks You must create an L2VPN on the mpls l2vpn vpn-name PE for each VPN where a directly [ encapsulation { atm-aal5 | Create an MPLS L2VPN and connected CE resides. When ethernet | fr | hdlc | ppp | vlan } enter MPLS L2VPN view.
• ce-offset ce-id: Specifies the ID of the peer CE that establishes a local or remote connection with the local CE. If you execute the connection command without specifying the ce-offset ce-id option: When you first execute the connection command, the PE creates a connection between the local CE and the peer CE with an ID of default-offset.
Displaying and maintaining MPLS L2VPN Task Command Remarks display ccc [ ccc-name ccc-name | type Display information about CCC { local | remote } ] [ | { begin | exclude | Available in any view. connections. include } regular-expression ] display l2vpn ccc-interface vc-type { all Display information about | bgp-vc | ccc | ldp-vc | static-vc } [ up |...
Intf1 : Serial2/1/0 (up) Intf2 : Serial2/1/1 (up) # Ping CE 2 from CE 1. The output shows that CE 1 and CE 2 can ping each other. [CE1] ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=180 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=10 ms...
Page 179
Configuration procedure Configure CE 1: # Configure the link protocol as PPP on interface POS 5/1/0 (the interface connected to PE 1), and configure an IP address for the interface. <Sysname> system-view [Sysname] sysname CE1 [CE1] interface pos 5/1/0 [CE1-POS5/1/0] link-protocol ppp [CE1-POS5/1/0] ip address 100.1.1.1 24 Configure PE 1: # Configure the LSR ID and enable MPLS globally.
Page 180
# Configure interface POS 5/1/1, and enable MPLS. [P] interface pos 5/1/1 [P-POS5/1/1] link-protocol ppp [P-POS5/1/1] ip address 10.1.1.2 24 [P-POS5/1/1] mpls [P-POS5/1/1] quit # Configure interface POS 5/1/0, and enable MPLS. [P] interface pos 5/1/0 [P-POS5/1/0] link-protocol ppp [P-POS5/1/0] ip address 10.2.2.2 24 [P-POS5/1/0] mpls [P-POS5/1/0] quit # Create a static LSP for forwarding packets from PE 1 to PE 2.
# Configure the link protocol as PPP on interface POS 5/1/0 (the interface connected to PE 2), and configure an IP address for the interface. <Sysname> system-view [Sysname] sysname CE2 [CE2] interface pos 5/1/0 [CE2-POS5/1/0] link-protocol ppp [CE2-POS5/1/0] ip address 100.1.1.2 24 Verifying the configuration: # Display CCC connection information on PE 1.
Figure 47 Network diagram PE 1 PE 2 Loop0 Loop0 Loop0 POS5/1/0 POS5/1/1 POS5/1/1 POS5/1/0 POS5/1/1 POS5/1/0 POS5/1/0 POS5/1/0 CE 2 CE 1 Device Interface IP address Device Interface IP address CE 1 POS5/1/0 100.1.1.1/24 CE 2 POS5/1/0 100.1.1.2/24 PE 1 Loop0 192.2.2.2/32 Loop0...
Page 183
[PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Enable LDP globally. [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure the interface for connecting to the P device, and enable LDP on the interface. [PE1] interface pos 5/1/1 [PE1-POS5/1/1] link-protocol ppp [PE1-POS5/1/1] ip address 10.1.1.1 24 [PE1-POS5/1/1] mpls [PE1-POS5/1/1] mpls ldp [PE1-POS5/1/1] quit...
Page 184
[P-POS5/1/0] ip address 10.2.2.2 24 [P-POS5/1/0] mpls [P-POS5/1/0] mpls ldp [P-POS5/1/0] quit # Configure OSPF on the P router for establishing LSPs. [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit Configure PE 2: # Configure the LSR ID and enable MPLS globally.
[PE2-POS5/1/1] quit Configure CE 2: # Configure the link protocol as PPP on interface POS 5/1/0 (the interface connected to PE 2), and configure an IP address for the interface. <Sysname> system-view [Sysname] sysname CE2 [CE2] interface pos 5/1/0 [CE2-POS5/1/0] link-protocol ppp [CE2-POS5/1/0] ip address 100.1.1.2 24 Verifying the configuration: # Display static VC information on PE 1.
Page 186
Figure 48 Network diagram Device Interface IP address Device Interface IP address CE 1 S2/1/0 100.1.1.1/24 CE 2 S2/1/0 100.1.1.2/24 PE 1 Loop0 192.2.2.2/32 Loop0 192.4.4.4/32 S2/1/1 10.1.1.1/24 S2/1/0 10.1.1.2/24 PE 2 Loop0 192.3.3.3/32 S2/1/1 10.2.2.2/24 S2/1/1 10.2.2.1/24 Configuration procedure Configure CE 1: # Configure the link protocol type as PPP on interface Serial 2/1/0 (the interface connected to the PE 1), and configure an IP address for the interface.
Page 187
[PE1] mpls ldp remote-peer 1 [PE1-mpls-ldp-remote-1] remote-ip 192.3.3.3 [PE1-mpls-ldp-remote-1] quit # Configure the interface connected to the P device, and enable LDP on the interface. [PE1] interface serial 2/1/1 [PE1-Serial2/1/1] link-protocol ppp [PE1-Serial2/1/1] ip address 10.1.1.1 24 [PE1-Serial2/1/1] mpls [PE1-Serial2/1/1] mpls ldp [PE1-Serial2/1/1] quit # Configure OSPF on PE 1 for establishing LSPs.
Page 188
# Configure OSPF on the P device for establishing LSPs. [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit Configure PE 2: # Configure the LSR ID and enable MPLS globally. <Sysname>...
Configure CE 2: # Configure the link protocol type as PPP on interface Serial 2/1/0 (the interface connected to the PE 2), and configure an IP address for the interface. <Sysname> system-view [Sysname] sysname CE2 [CE2] interface serial 2/1/0 [CE2-Serial2/1/0] link-protocol ppp [CE2-Serial2/1/0] ip address 100.1.1.2 24 Verifying the configuration: # Display VC information on PE 1.
Page 190
Figure 49 Network diagram Device Interface IP address Device Interface IP address CE 1 S2/1/0 100.1.1.1/24 PE 2 Loop0 2.2.2.2/32 S2/1/0 100.2.1.1/24 sub S2/1/0 12.1.1.2/24 S2/1/1 100.3.1.1/24 PE 3 Loop0 3.3.3.3/32 PE 1 Loop0 1.1.1.1/32 S2/1/0 13.1.1.3/24 S2/1/1 12.1.1.1/24 CE 2 S2/1/0 100.1.1.2/24 S2/1/2...
Page 191
<Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.1 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit # Enable MPLS LDP globally. [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure interface Serial 2/1/1 and Serial 2/1/2, so that PE 1 can establish an LDP session with PE 2 and PE 3, respectively.
Page 192
[PE2-LoopBack0] ip address 2.2.2.2 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit # Enable MPLS LDP globally. [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure interface serial 2/1/0, so that PE 2 can establish an LDP session with PE 1. [PE2] interface serial 2/1/0 [PE2-Serial2/1/0] ip address 12.1.1.2 24 [PE2-Serial2/1/0] mpls...
Page 193
[PE3-Serial2/1/0] quit # Configure OSPF on PE 3. [PE3] ospf [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] quit [PE3-ospf-1] quit # Enable L2VPN and MPLS L2VPN. [PE3] l2vpn [PE3-l2vpn] mpls l2vpn [PE3-l2vpn] quit # Create a VC on the interface connected to CE 2. This interface needs no IP address. [PE3] interface serial 2/1/1 [PE3-Serial2/1/1] mpls l2vc 1.1.1.1 30 [PE3-Serial2/1/1] quit...
Page 194
# Display the detailed VC information on PE 1. The output shows that two VCs have been established, one up and one blocked. <PE1> display mpls l2vc interface vlan-interface 10 ***VC ID : 20 VC State : up Destination : 2.2.2.2 Client Intf : Serial2/1/0 is up Service ID...
Page 195
--- 100.1.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/50/70 ms # From CE2, ping subnet 100.3.1.0/24 connected to CE1. The ping operation succeeds. [CE2] ping 100.3.1.1 PING 100.3.1.1: 56 data bytes, press CTRL_C to break Reply from 100.3.1.1: bytes=56 Sequence=1 ttl=255 time=30 ms Reply from 100.3.1.1: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 100.3.1.1: bytes=56 Sequence=3 ttl=255 time=50 ms...
[CE2] ping 100.3.1.1 PING 100.3.1.1: 56 data bytes, press CTRL_C to break Reply from 100.3.1.1: bytes=56 Sequence=1 ttl=255 time=30 ms Reply from 100.3.1.1: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 100.3.1.1: bytes=56 Sequence=3 ttl=255 time=50 ms Reply from 100.3.1.1: bytes=56 Sequence=4 ttl=255 time=40 ms Reply from 100.3.1.1: bytes=56 Sequence=5 ttl=255 time=70 ms --- 100.3.1.1 ping statistics --- 5 packet(s) transmitted...
Page 197
After configuration, you can execute the display mpls ldp session and display mpls ldp peer commands to view the LDP sessions and peer relationship established, or the display mpls lsp command to view the LSPs established. Configure BGP L2VPN capability: # Configure PE 1.
[PE1-mpls-l2vpn-vpn1] quit # Configure PE 2. [PE2] mpls l2vpn vpn1 encapsulation ppp [PE2-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE2-mpls-l2vpn-vpn1] vpn-target 1:1 [PE2-mpls-l2vpn-vpn1] ce ce2 id 2 range 10 [PE2-mpls-l2vpn-ce-vpn1-ce2] connection ce-offset 1 interface serial 2/1/0 [PE2-mpls-l2vpn-ce-vpn1-ce2] quit [PE2-mpls-l2vpn-vpn1] quit Verifying the configuration: # Execute the display mpls l2vpn connection command on the PEs. The output shows that a VC in up state has been established between the PEs.
S2/1/1 # Display the local L2VPN connections. [PE] display mpls l2vpn vpn-name vpn1 local-ce ce-name ce-id range conn-num 8192/0/10 8202/0/10 # Ping CE 2 from CE 1. The output shows that CE 1 and CE 2 can ping each other. [CE1] ping 30.1.1.2 PING 30.1.1.2: 56 data bytes, press CTRL_C to break...
Page 201
Configuration procedure Configure CE 1: # Configure an IP address for interface Ten-GigabitEthernet1/0/1, the interface connected to PE 1. <Sysname> system-view [Sysname] sysname CE1 [CE1] interface ten-GigabitEthernet 1/0/1 [CE1-Ten-GigabitEthernet1/0/1] ip address 100.1.1.1 24 Configure PE 1: <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.2.2.2 32 [PE1-LoopBack0] quit...
Page 202
[PE1-Ten-GigabitEthernet1/0/1-srv1]xconnect peer 192.3.3.3 pw-id 1000 access-mode ethernet [PE1-Ten-GigabitEthernet1/0/1-srv1] quit [PE1-Ten-GigabitEthernet1/0/1] quit Configure the P device: <Sysname> system-view [Sysname] sysname P [P] interface loopback 0 [P-LoopBack0] ip address 192.4.4.4 32 [P-LoopBack0] quit # Configure the MPLS LSR ID and enable MPLS globally. [P] mpls lsr-id 192.4.4.4 [P] mpls [P-mpls] quit...
Page 203
[PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit # Enable LDP globally. [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure PE 2 to establish a remote LDP connection with PE 1. [PE2] mpls ldp remote-peer 2 [PE2-mpls-ldp-remote-2] remote-ip 192.2.2.2 [PE2-mpls-ldp-remote-2] quit # Configure the interface connected with the P device and enable LDP on the interface. [PE2] interface ten-GigabitEthernet 1/0/3 [PE2-Ten-GigabitEthernet1/0/3] ip address 26.2.2.1 24 [PE2-Ten-GigabitEthernet1/0/3] mpls...
# Display VC information on PE 2. The output shows that a VC has been established. [PE2] display mpls l2vc Total ldp vc : 1 1 up 0 down 0 blocked Transport Client Service Local Remote VC ID Intf State VC Label VC Label 1000...
Configuring VPLS Overview Virtual Private LAN Service (VPLS), also called "Transparent LAN Service" or "virtual private switched network service," can deliver a point-to-multipoint L2VPN service over public networks. With VPLS, geographically-dispersed sites can interconnect and communicate over MAN or WAN as if they were on the same LAN.
Page 206
Figure 53 VPLS network diagram Site 1 Tunnel VPN 1 CE 1 VPN 2 Site 2 MPLS backbone CE 2 Forwarder CE 3 PE 1 VPN 1 PE 2 CE 4 PWSignaling VPN 2 Site 3 PW establishment VPLS uses PWs to transfer data over the public network. A PW is established based on an MPLS tunnel (including LSP and CR-LSP) or a GRE tunnel.
Page 207
Figure 54 MAC learning and flooding on PEs • MAC address reclaim: Dynamic address learning must support refreshing and relearning. The VPLS draft defines a dynamic address learning method that uses the address reclaim message, which carries MAC TLV. Upon receiving such a message, a device removes MAC addresses or relearns them according to the specified parameters in the TLV.
VPLS packet encapsulation Packet encapsulation on an AC The packet encapsulation type of an AC depends on the user VSI access mode, which can be VLAN or Ethernet. • VLAN access—The Ethernet header of a packet sent by a CE to a PE or sent by a PE to a CE includes a VLAN tag that is added in the header as a service delimiter for the service provider network to identify the user.
Page 209
H-VPLS with LSP access Figure 55 H-VPLS with LSP access As shown in Figure 55, UPE functions as the MTU-s and establishes only a virtual link U-PW with NPE 1. It does not establish virtual links with any other peers. Data forwarding in H-VPLS with LSP access is as follows: Upon receiving a packet from a CE, UPE tags the packet with the MPLS label for the U-PW, namely, "the multiplex distinguishing flag,"...
When receiving the packet, PE 1 determines which VSI the packet belongs to by the VLAN tag and, based on the destination MAC address of the packet, tags the packet with the multiplex distinguishing flag (MPLS label) for the PW. Then, it forwards the packet. Upon receiving the packet from the PW, PE 1 determines to which VSI the packet belongs by the multiplex distinguishing flag (MPLS label) and, based on the destination MAC address of the packet, labels the packet with the VLAN tag.
Figure 58 Diagram for multi-hop PW As shown in Figure 58, PE 1 and PE 2 are in different ASs. To set up a multi-hop PW between PE 1 and PE 2, perform the following tasks: • Establish three PWs: PW 1 between PE 1 and ASBR 1, PW 2 between ASBR 1 and ASBR 2, and PW 3 between ASBR 2 between PE 2.
To enable L2VPN and MPLS L2VPN: Step Command Enter system view. system-view Enable L2VPN and enter L2VPN view. l2vpn Enable MPLS L2VPN. mpls l2vpn For more information about the l2vpn command and the mpls l2vpn command, see MPLS Command Reference. Configuring static VPLS Before you configure static VPLS, complete the following tasks: •...
Step Command Remarks Optional. By default, the tunneling policy specified through the tnl-policy Specify a tunneling policy. pw-tunnel-policy policy-name command in VSI view is used. For information about configuring a tunneling policy, see "Configuring MPLS L3VPN." Return to system view. quit Create a static VPLS By default, no VPLS instance...
Configuring an LDP VPLS instance When creating an LDP VPLS instance, perform the following configurations: Specify a globally unique name for the VPLS instance and set the peer discovery mechanism to manual configuration. Configure LDP as the PW signaling protocol. Specify the ID of the VPLS instance.
NOTE: • The PW to PW (P2P) mode VSI is applicable only to point to point MPLS L2VPN. • To configure a multi-hop PW, specify the p2p keyword when you create a VPLS instance to enable the P2P capability, and specify the two peer PEs by using the peer command in the VPLS instance view to associate two PWs.
Step Command vpn-target vpn-target&<1-16> [ both | Configure VPN targets for the VPLS instance. import-extcommunity | export-extcommunity ] site site-id [ range site-range ] [ default-offset { 0 | Create a site for the VPLS instance. 1 } ] Resetting VPLS BGP connections When the BGP routing policy or protocol is changed, reset BGP connections in a VPLS to make the new configurations take effect on the VPLS connections.
Step Command Remarks l2 binding vsi vsi-name Bind the Layer 3 interface to By default, a Layer 3 interface is [ access-mode { ethernet | a VPLS instance. not bound to any VPLS instance. vlan } ] * Binding a service instance to a VPLS instance To bind a service instance to a VPLS instance, create the service instance on a Layer 2 Ethernet interface, configure a packet matching rule for the service instance, and then bind the service instance to the VPLS instance.
Step Command Remarks Set the maximum number of Optional. MAC addresses that the mac-table limit mac-limit-number device can learn for the The default limit is 16384. VPLS instance. Optional. Configure the device to drop packets with unknown By default, the device forwards source MAC addresses after packets with unknown source mac-table limit drop-unknown...
Step Command Remarks Optional. By default, no tunneling policy is specified for a VPLS instance and a VPLS instance uses the default tunneling policy. The 11. Specify a tunneling policy for default tunneling policy selects tnl-policy tunnel-policy-name the VPLS instance. only one tunnel in this order: LSP tunnel, GRE tunnel, CR-LSP tunnel.
Task Command Remarks display vsi [ vsi-name ] [ verbose ] [ | Display information about one or { begin | exclude | include } Available in any view. all VPLS instances. regular-expression ] display vsi remote { bgp | ldp } [ | Display information about remote { begin | exclude | include } Available in any view.
Page 221
[PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit # Configure the LSR ID and enable MPLS globally. [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit # Enable L2VPN and MPLS L2VPN. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Enable LDP globally.
Page 222
[PE1] vsi bbb auto [PE1-vsi-bbb] pwsignal bgp [PE1-vsi-bbb-bgp] route-distinguisher 100:1 [PE1-vsi-bbb-bgp] vpn-target 111:1 [PE1-vsi-bbb-bgp] site 10 [PE1-vsi-bbb-bgp] quit [PE1-vsi-bbb] quit # On the interface connecting CE 1, create service instance 1 and bind it to VPLS instance aaa, and create service instance 2 and bind it to VPLS instance bbb. [PE1] interface Ten-GigabitEthernet 1/0/1 [PE1-Ten-GigabitEthernet1/0/1] port link-mode bridge [PE1-Ten-GigabitEthernet1/0/1] port link-type trunk...
Configuring VPLS instances Network requirements CE 1 and CE 2 reside in different sites of VPN 1. Each CE is connected to the interface GigabitEthernet 2/1/2 of a PE. The PEs are connected to each other through interface GigabitEthernet 2/1/1. Configure an LDP VPLS instance aaa (the Martini mode), and a BGP VPLS instance bbb (the Kompella mode, the AS number is 100), and a static VPLS instance ccc.
[NPE3-vsi-aaa-ldp] quit [NPE3-vsi-aaa] quit # Bind the VPLS instance aaa to GigabitEthernet 2/1/3, the interface connected to CE 3. [NPE3] interface gigabitethernet 2/1/3 [NPE3-GigabitEthernet2/1/3] l2 binding vsi aaa [NPE3-GigabitEthernet2/1/3] quit Verifying the configuration: # Execute the display vpls connection command on each PE. The output shows that a PW connection in up state has been established between the PEs.
Session State: Up Interface: LoopBack0 Min Trans Inter: 400ms Act Trans Inter: 400ms Min Recv Inter: 400ms Act Detect Inter: 2000ms Recv Pkt Num: 70 Send Pkt Num: 68 Hold Time: 1600ms Connect Type: Indirect Running Up for: 00:00:01 Auth mode: None Protocol: MFW/LDP Diag Info: No Diagnostic # Execute the display vpls connection vsi vpna command on Router A.
Configuring MPLS L3VPN This chapter describes only MPLS L3VPN configuration. For information about MPLS basics, see "Configuring basic MPLS." For information about BGP, see Layer 3—IP Routing Configuration Guide. Overview MPLS L3VPN is a PE-based L3VPN technology. It uses BGP to advertise VPN routes and uses MPLS to forward VPN packets over service provider backbones.
When VPN traffic travels over the MPLS backbone, the ingress PE functions as the ingress Label Switching Router (LSR), the egress PE functions as the egress LSR, and P routers function as the transit LSRs. MPLS L3VPN concepts Site A site has the following features: •...
Page 247
Figure 66 VPN-IPv4 address structure Route Distinguisher (8 bytes) 2 bytes 6 bytes 4 bytes Type Administrator subfield Assigned number subfield IPv4 address prefix Upon receiving an IPv4 route from a CE, a PE changes the route to a VPN route by adding an RD and then advertises the VPN route to the peer PE.
The SoO attribute specifies the site where the route update is originated. It prevents the receiving router from advertising the route update back to the originating site. If the AS-path attribute is lost, the router can use the SoO attribute to avoid routing loops. The SoO attribute has the following formats: •...
Figure 67 VPN packet forwarding Site 2 Site 1 CE 1 CE 2 PE 2 PE 1 2.1.1.1/24 1.1.1.2/24 Layer1 Layer2 Layer2 1.1.1.2 1.1.1.2 1.1.1.2 1.1.1.2 A VPN packet is forwarded in the following way: Site 1 sends an IP packet with the destination address of 1.1.1.2. CE 1 transmits the packet to PE 1.
Page 250
Figure 68 Network diagram for basic VPN networking scheme Figure 68, for example, the route target for VPN 1 is 100:1 on the PEs, while that for VPN 2 is 200:1. The two VPN 1 sites can communicate with each other, and the two VPN 2 sites can communicate with each other.
Page 251
Figure 69 Network diagram for hub and spoke networking scheme VPN 1 VPN 1: Import: Hub Site 1 Export: Spoke VPN 1-out: Spoke-CE Export: Hub Hub-CE Hub-PE Spoke-PE Site 3 Spoke-PE VPN 1-in: VPN 1 Import: Spoke Spoke-CE VPN 1: Site 2 Import: Hub Export: Spoke...
Figure 70 Network diagram for extranet networking scheme VPN 1 VPN 1: Import:100:1 Site 1 Export:100:1 PE 1 VPN 1 PE 3 Site 3 PE 2 VPN 2: VPN 1: Site 2 Import:200:1 Import:100:1,200:1 Export:200:1 Export:100:1,200:1 VPN 2 Figure 70, VPN 1 and VPN 2 can access Site 3 of VPN 1. •...
Routing information exchange from the ingress PE to the egress PE After learning the VPN routing information from the CE, the ingress PE adds RDs and route targets for these standard IPv4 routes to create VPN-IPv4 routes, save them to the routing table of the VPN instance that is created for the CE, and then trigger MPLS to assign VPN labels for them.
Page 254
Figure 71 Network diagram for inter-AS option A Inter-AS option A is easy to carry out because no special configuration is required on the PEs acting as the ASBRs. However, it has limited scalability because the PEs acting as the ASBRs must manage all the VPN routes and create VPN instances on a per-VPN basis.
Page 255
Figure 72 Network diagram for inter-AS option B In terms of scalability, inter-AS option B is better than option A. When adopting the MP-EBGP method, note the following: • ASBRs perform no route target filtering on VPN-IPv4 routes that they receive from each other. Therefore, the ISPs in different ASs that exchange VPN-IPv4 routes must agree on the route exchange.
Figure 73 Network diagram for inter-AS option C VPN 1 VPN 1 Multi-hop MP-EBGP CE 1 CE 3 PE 3 PE 1 ASBR 2 ASBR 1 (PE) EBGP (PE) MPLS backbone MPLS backbone AS 100 AS 200 PE 4 PE 2 Multi-hop MP-EBGP VPN LSP CE 4...
Page 257
exchanged through the BGP session established between the routers of the Level 2 carrier. This can greatly reduce the number of routes maintained by the Level 1 carrier network. Implementation of carrier's carrier Compared with the common MPLS L3VPN, the carrier's carrier is different because of the way in which a CE of a Level 1 carrier, that is, a Level 2 carrier, accesses a PE of the Level 1 carrier: •...
Figure 76 Scenario where the Level 2 carrier is an MPLS L3VPN service provider NOTE: As a best practice, establish equal cost LSPs between the Level 1 carrier and the Level 2 carrier if equal cost routes exist between them. Nested VPN In an MPLS L3VPN network, generally a service provider runs an MPLS L3VPN backbone and provides VPN services through PEs.
Page 259
Figure 77 Network diagram for nested VPN Propagation of routing information In a nested VPN network, routing information is propagated as follows: A provider PE and its CEs exchange VPNv4 routes, which carry information about users' internal VPNs. After receiving a VPNv4 route, a provider PE keeps the user's internal VPN information, and appends the user's MPLS VPN attributes on the service provider network.
Multi-role host The VPN attributes of the packets forwarded from a CE to a PE depend on the VPN instance bound to the inbound interface. Therefore, all CEs whose packets are forwarded through the same inbound interface of a PE must belong to the same VPN. In a real network, however, a CE may need to access multiple VPNs through a single physical interface.
Page 261
Implementation of HoVPN Figure 78 Basic architecture of HoVPN As shown in Figure 78, devices directly connected to CEs are called underlayer PEs (UPEs) or user-end PEs, whereas devices that are connected to UPEs and are in the internal network are called superstratum PEs (SPE) or service provider-end PEs.
With MP-IBGP, to advertise routes between IBGP peers, the SPE acts as the RR and advertises routes from IBGP peer UPE to IBGP peer SPE. However, it does not act as the RR of the other PEs. Recursion and extension of HoVPN HoVPN supports HoPE recursion: •...
Page 263
• Configuration of OSPF areas between a PE and a CE The OSPF area between a PE and a CE can be either a non-backbone area or a backbone area. In the OSPF VPN extension application, the MPLS VPN backbone is considered the backbone area (area 0).
Page 264
Each OSPF domain must have a configurable domain ID. As a best practice, configure the same domain ID or adopt the default ID for all OSPF processes of the same VPN, so the system can know that all VPN routes with the same domain ID are from the same VPN. •...
BGP AS number substitution and SoO Because BGP detects routing loops by AS number, if EBGP runs between PEs and CEs, you must assign different AS numbers to geographically different sites to ensure correct transmission of the routing information. The BGP AS number substitution function allows physically dispersed CEs to use the same AS number.
Backup between two VPNv4 routes Figure 83 Backup between two VPNv4 routes Configure FRR on PE 1 and specify the backup next hop to reach CE 2 as PE 3. When PE 1 receives a VPNv4 route to CE 2 from both PE 2 and PE 3, it uses the route from PE 2 as the primary route, and the route from PE 3 as the backup route.
For better services and higher security, a private network is usually divided into multiple VPNs to isolate services. To meet these requirements, you can configure a CE for each VPN, which increases device expense and maintenance costs. Or, you can configure multiple VPNs to use the same CE and the same routing table, which sacrifices data security.
Page 268
Remark Task Configuring basic MPLS L3VPN Configuring soft GRE Soft GRE can replace MPLS LDP, MPLS TE, or GREto set up a public tunnel for an MPLS L3VPN network. It has simpler configuration. After soft GRE is enabled on a PE, the PE uses an encapsulation method for VPN packets: •...
Configuring basic MPLS L3VPN The key task in MPLS L3VPN configuration is to manage the advertisement of VPN routes on the MPLS backbone, including PE-CE route exchange and PE-PE route exchange. To configure basic MPLS L3VPN: Task Remarks Creating a VPN instance Required.
Page 270
Step Command Remarks A VPN instance takes effect only after you configure an RD for it. Before configuring an RD, you Configure an RD for the VPN route-distinguisher cannot configure any other instance. route-distinguisher parameters for the VPN instance except a reserved VLAN and a description.
Page 271
Step Command Remarks A single vpn-target command vpn-target vpn-target&<1-8> can configure up to eight route Configure route targets. [ both | export-extcommunity | targets. You can configure up to import-extcommunity ] 64 route targets for a VPN instance. Optional. By default, a VPN instance Set the maximum number of supports 100000 routes at most.
Page 272
• If the matching tunnel is unavailable (for example, the tunnel is down or the tunnel's ACL does not permit the traffic) and is not specified with the disable-fallback keyword, the local PE continues to match other tunnels. If the tunnel is specified with the disable-fallback keyword, the local PE stops matching and tunnel selection fails.
NOTE: • A tunneling policy configured in VPN instance view is applicable to both IPv4 VPNs and IPv6 VPNs. • You can configure a tunneling policy for IPv4 VPNs in both VPN instance view and IPv4 VPN view. A tunneling policy configured in IPv4 VPN view takes precedence. Configuring an LDP instance LDP instances are for carrier's carrier network applications.
Page 274
Step Command Remarks • Method 1: ip route-static dest-address { mask | mask-length } { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } Use either command as [ preference preference-value ] [ tag needed. tag-value ] [ description Perform this configuration on description-text ] Configure a static...
Page 275
Step Command Remarks Optional. Configure the OSPF domain domain-id domain-id [ secondary ] 0 by default. Optional. The defaults are as follows: ext-community-type • Configure the type codes of 0x0005 for Domain ID. { domain-id type-code1 | OSPF extended community •...
Page 276
Configuring EBGP between a PE and a CE Configure the PE: Step Command Remarks Enter system view. system-view Enable BGP and enter BGP bgp as-number view. Enter BGP VPN instance ipv4-family vpn-instance view. vpn-instance-name Configure the CE as the peer { group-name | ip-address } VPN EBGP peer.
Page 277
Step Command Remarks Optional. import-route protocol Configure the route [ process-id ] [ med med-value | A CE must advertise its routes to redistribution and route-policy route-policy-name ] the connected PE so the PE can advertisement behavior. advertise them to the peer CE. NOTE: •...
Step Command Remarks filter-policy { acl-number | Optional. ip-prefix ip-prefix-name } export Configure BGP to filter [ direct | isis process-id | ospf By default, BGP does not filter routes to be advertised. process-id | rip process-id | routes to be advertised. static ] Optional.
Step Command Remarks Enter BGP-VPNv4 ipv4-family vpnv4 subaddress family view. Enable the exchange of BGP-VPNv4 routing peer { group-name | ip-address } By default, BGP peers exchange information with the enable IPv4 routing information only. specified peer. Configuring routing features for BGP VPNv4 subaddress family With BGP VPNv4 subaddress family, there are a variety of routing features that are the same as those for BGP IPv4 unicast routing.
Page 280
Step Command Remarks Optional. By default, the system uses the local address as the next hop of a route to be advertised to an EBGP Configure the system to use peer. In the inter-AS option C the local address as the next peer { group-name | ip-address } solution, configure the peer hop of a route to be...
Step Command Remarks filter-policy { acl-number | Optional. ip-prefix ip-prefix-name } export Filter all or certain types of [ direct | isis process-id | ospf By default, BGP does not filter routes to be advertised. process-id | rip process-id | routes to be advertised.
• Soft GRE—Used when no public tunnel exists or the existing public tunnels do not meet tunnel policy requirements. Soft GRE encapsulates VPN packets with a GRE header and then an IP header. The destination IP address of the IP header is the IP address of the remote PE (BGP VPNv4 peer). The source IP address is the output interface address by default.
In other words, configure VPN instances on PEs and ASBR PEs respectively. The VPN instances on PEs are used to allow CEs to access the network, and those on ASBR PEs are used to access the peer ASBR PEs. For more information, see "Configuring basic MPLS L3VPN."...
Page 284
Configuring the PEs You must establish an ordinary IBGP peer relationship between a PE and an ASBR PE in an AS and an MP-EBGP peer relationship between PEs of different ASs. The PEs and ASBR PEs in an AS must be able to exchange labeled IPv4 routes. To configure a PE for inter-AS option C: Step Command...
Step Command Remarks Enable the ASBR PE to By default, the device does not exchange labeled IPv4 peer { group-name | ip-address } advertise labeled routes to the routes with the PEs in the label-route-capability IPv4 peer or peer group. same AS.
When you configure nested VPN, follow these guidelines: • The address ranges for sub-VPNs of a VPN cannot overlap. • Do not give nested VPN peers addresses that public network peers use. • Before specifying a nested VPN peer or peer group, configure the corresponding CE peer or peer group in BGP VPN instance view.
Configuring and applying policy routing Step Command Enter system view. system-view policy-based-route policy-name { deny | permit } Create a policy and enter policy routing view. node node-number Specify the VPN instances for forwarding apply access-vpn vpn-instance packets. vpn-instance-name&<1-6> Return to system view. quit Enter the view of the interface connecting a CE.
Step Command Remarks Use either command. Do not use • (Method 1) Advertise a both the commands. default VPN route: By default, BGP does not peer { group-name | advertise routes to a VPNv4 peer. ip-address } default-route-advertise With the peer vpn-instance default-route-advertise vpn-instance-name...
On the PE in an MCE network environment, disable routing loop detection to avoid route loss during route calculation and disable route redistribution between routing protocols to save system resources. Before you configure routing on an MCE, complete the following tasks: •...
Page 291
Step Command Remarks Enable RIP on the interface By default, RIP is disabled on an attached to the specified network network-address interface. network. import-route protocol Redistribute remote site [ process-id ] [ allow-ibgp ] [ cost By default, no route is routes advertised by the PE.
Page 292
Configuring IS-IS between an MCE and a VPN site An IS-IS process belongs to the public network or a single VPN instance. If you create an IS-IS process without binding it to a VPN instance, the process belongs to the public network. Binding IS-IS processes to VPN instances can isolate routes of different VPNs.
Page 293
Step Command Remarks Allow the local AS number to appear in the AS_PATH peer { group-name | ip-address } attribute of a received route Optional. allow-as-loop [ number ] and set the maximum number of repetitions. Redistribute remote site import-route protocol [ process-id | By default, no route routes advertised by the all-processes ] [ med med-value |...
Step Command Remarks Enter BGP-VPN instance ipv4-family vpn-instance view. vpn-instance-name peer { group-name | ip-address } Configure an IBGP peer. as-number as-number Optional. By default, no RR or RR client is configured. After you configure a VPN site as an IBGP peer of the MCE, the Configure the system to be MCE does not advertise the BGP peer { group-name | ip-address }...
Page 295
Perform the following configuration tasks on MCE. Configurations on the PE are similar to those on the PE in common MPLS L3VPN network solutions (see "Configuring static routing between a PE and a CE"). Configuring static routing between MCE and PE Step Command Remarks...
Page 296
Step Command Remarks Routing loop detection is enabled by default. You must disable routing loop Disable routing loop vpn-instance-capability simple detection for a VPN OSPF detection. process on the MCE. Otherwise, the MCE cannot receive OSPF routes from the PE. Optional.
Page 297
Step Command Remarks filter-policy { acl-number | ip-prefix Optional. Configure a filtering ip-prefix-name | route-policy policy to filter the route-policy-name } export [ isis By default, IS-IS does not filter redistributed routes. process-id | ospf process-id | rip redistributed routes. process-id | bgp | direct | static ] Return to system view.
Step Command Remarks import-route protocol [ process-id | Redistribute the VPN By default, No route all-processes ] [ med med-value | routes of the VPN site. redistribution is configured. route-policy route-policy-name ] * Optional. filter-policy { acl-number | ip-prefix Configure a filtering ip-prefix-name } export [ direct | isis By default, BGP does not policy to filter the routes...
Step Command Remarks Enter system view. system-view Optional. No routing policy is created by default. Create a routing policy and route-policy route-policy-name enter routing policy view. If the PE connects to multiple CEs permit node node-number in the same site, use a routing policy to add the SoO attribute to the routes received from the CEs.
Resetting BGP connections When BGP configuration changes, you can use the soft reset function or reset BGP connections to make new configurations take effect. Soft reset requires that BGP peers have route refreshment capability (supporting Route-Refresh messages). NOTE: Soft reset of BGP connections refers to updating BGP routing information without breaking BGP neighbor relationships.
Page 301
Task Command Remarks display bgp vpnv4 { all | vpn-instance Display information about a vpn-instance-name } group [ group-name ] specified or all BGP VPNv4 peer Available in any view. [ | { begin | exclude | include } group. regular-expression ] Display information about BGP display bgp vpnv4 { all | vpn-instance...
Task Command Remarks reset bgp vpn-instance vpn-instance-name ip-address flap-info Clear route flap history reset bgp vpn-instance information about a BGP peer of a Available in user view. vpn-instance-name flap-info [ ip-address VPN instance. [ mask | mask-length ] | as-path-acl as-path-acl-number | regexp as-path-regexp ] For commands to display information about a routing table, see Layer 3—IP Routing Command...
Page 304
POS5/1/1 172.1.1.1/24 GE2/1/1 10.3.1.2/24 CE 2 GE2/1/1 10.2.1.1/24 GE2/1/2 10.4.1.2/24 CE 3 GE2/1/1 10.3.1.1/24 POS5/1/1 172.2.1.2/24 CE 4 GE2/1/1 10.4.1.1/24 Configuration procedure Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone: # Configure PE 1. <PE1>...
Page 305
[PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit After the configurations, OSPF adjacencies are established between PE 1, P, and PE 2. Execute the display ospf peer command. The output shows that the adjacency status is Full. Execute the display ip routing-table command.
Page 307
[PE1-vpn-instance-vpn1] quit [PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:2 [PE1-vpn-instance-vpn2] vpn-target 222:2 [PE1-vpn-instance-vpn2] quit [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ip address 10.1.1.2 24 [PE1-GigabitEthernet2/1/1] quit [PE1] interface gigabitethernet 2/1/2 [PE1-GigabitEthernet2/1/2] ip binding vpn-instance vpn2 [PE1-GigabitEthernet2/1/2] ip address 10.2.1.2 24 [PE1-GigabitEthernet2/1/2] quit # Configure PE 2.
Page 308
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/23/56 ms Establish EBGP peer relationships between PEs and CEs to allow VPN routes to be redistributed: # Configure CE 1. <CE1> system-view [CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit # Configure the other three CEs in a similar way to configuring CE 1.
Page 309
[PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit After completing the configuration, execute the display bgp peer command or the display bgp vpnv4 all peer command on the PEs. The output shows that a BGP peer relationship has been established between the PEs, and has reached Established state.
PING 10.4.1.1: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 10.4.1.1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss Configuring MPLS L3VPNs using IBGP between a PE and a Network requirements CE 1 and CE 3 belong to VPN 1.
Page 311
GE2/1/1 10.2.1.1/24 CE 4 Loop0 7.7.7.9/32 CE 3 Loop0 6.6.6.9/32 GE2/1/1 10.4.1.1/24 GE2/1/1 10.3.1.1/24 Configuration procedure Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone: # Configure PE 1. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] interface pos 5/1/1...
Page 312
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit After the configurations, P establishes an OSPF adjacency with PE 1 and PE 2 respectively. Execute the display ospf peer command. The output shows that the adjacency status is Full. Execute the display ip routing-table command. The output shows that the PEs have learned the routes to the loopback interfaces of each other.
Page 313
[P-POS5/1/1] mpls ldp [P-POS5/1/1] quit [P] interface pos 5/1/2 [P-POS5/1/2] mpls [P-POS5/1/2] mpls ldp [P-POS5/1/2] quit # Configure PE 2. [PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 5/1/1 [PE2-POS5/1/1] mpls [PE2-POS5/1/1] mpls ldp [PE2-POS5/1/1] quit After the configurations, P establishes an LDP session with PE 1 and PE 2 respectively.
Page 314
[PE1-vpn-instance-vpn2] quit [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ip address 10.1.1.2 24 [PE1-GigabitEthernet2/1/1] quit [PE1] interface gigabitethernet 2/1/2 [PE1-GigabitEthernet2/1/2] ip binding vpn-instance vpn2 [PE1-GigabitEthernet2/1/2] ip address 10.2.1.2 24 [PE1-GigabitEthernet2/1/2] quit # Configure PE 2. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit...
Page 315
Establish IBGP peer relationships between PEs and CEs to redistribute VPN routes, and configure routing policies to change the next hop of the routes: # On CE 1, configure PE 1 as the IBGP peer, and configure a routing policy for the routes received from PE 1, changing the next hop address of the routes to the IP address of PE 1.
Page 316
[PE1-route-policy] quit [PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 route-policy pe-ibgp import [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # On PE 2, configure PE 1 as the MP-IBGP peer, and configure a routing policy for the routes received from PE 1, changing the next hop address of the routes as the loopback interface address of PE 1.
Routing Tables: vpn2 Destinations : 7 Routes : 7 Destination/Mask Proto Cost NextHop Interface 5.5.5.9/32 10.2.1.1 GE2/1/2 7.7.7.9/32 3.3.3.9 NULL0 10.2.1.0/24 Direct 0 10.2.1.2 GE2/1/2 10.2.1.2/32 Direct 0 127.0.0.1 InLoop0 10.4.1.0/24 3.3.3.9 NULL0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 CEs of the same VPN can ping each other, whereas those of different VPNs cannot.
Page 318
Figure 88 Network diagram POS5/1/1 POS5/1/2 Loop0 Loop0 POS5/1/1 POS5/1/1 GRE tunnel PE 2 PE 1 Tunnel0 Tunnel0 GE2/1/1 GE2/1/1 AS 100 GE2/1/1 GE2/1/1 CE 1 CE 2 VPN 1 VPN 1 AS 65410 AS 65420 Device Interface IP address Device Interface IP address...
Page 319
[PE1-tunnel-policy-gre1] quit [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] tnl-policy gre1 [PE1-vpn-instance-vpn1] quit [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ip address 10.1.1.2 24 [PE1-GigabitEthernet2/1/1] quit # Configure PE 2. [PE2] tunnel-policy gre1 [PE2-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1 [PE2-tunnel-policy-gre1] quit [PE2] ip vpn-instance vpn1...
Page 320
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 7/21/33 ms Establish EBGP peer relationships between PEs and CEs to allow VPN routes to be redistributed: # Configure CE 1. [CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit # Configure PE 1.
Destinations : 3 Routes : 3 Destination/Mask Proto Cost NextHop Interface 10.1.1.0/24 Direct 0 10.1.1.2 GE2/1/1 10.1.1.2/32 Direct 0 127.0.0.1 InLoop0 10.2.1.0/24 2.2.2.9 NULL0 The CEs can ping each other. [CE1] ping 10.2.1.1 PING 10.2.1.1: 56 data bytes, press CTRL_C to break Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=253 time=41 ms Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=253 time=69 ms Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=253 time=68 ms...
Page 323
Spoke-PE 1 Loop0 1.1.1.9/32 GE2/1/2 10.4.1.1/24 GE2/1/1 10.1.1.2/24 Hub-PE Loop0 2.2.2.9/32 POS5/1/1 172.1.1.1/24 POS5/1/1 172.1.1.2/24 Spoke-CE 2 GE2/1/1 10.2.1.1/24 POS5/1/2 172.2.1.2/24 Spoke-PE 2 Loop0 3.3.3.9/32 GE2/1/1 10.3.1.2/24 GE2/1/1 10.2.1.2/24 GE2/1/2 10.4.1.2/24 POS5/1/1 172.2.1.1/24 Configuration procedure Configure an IGP in the MPLS backbone to ensure IP connectivity between spoke-PE and hub-PE: # Configure Spoke-PE 1.
Page 324
[Hub-PE-POS5/1/2] ip address 172.2.1.2 24 [Hub-PE-POS5/1/2] quit [Hub-PE] ospf [Hub-PE-ospf-1] area 0 [Hub-PE-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [Hub-PE-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [Hub-PE-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [Hub-PE-ospf-1-area-0.0.0.0] quit [Hub-PE-ospf-1] quit After the configuration, OSPF adjacencies are established between Spoke-PE 1 and Hub-PE, and between Spoke-PE 2 and Hub-PE.
Page 326
------------------------------------------------------------------ A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale Configure VPN instances on the spoke-PEs and the hub-PE to allow CEs to access the PEs: # Configure Spoke-PE 1.
Page 327
VPN-Instance Name Create time vpn1 100:1 2009/04/08 10:55:07 Spoke-PE 1 can ping Spoke-CE 1 successfully: [Spoke-PE1] ping -vpn-instance vpn1 10.1.1.1 PING 10.1.1.1: 56 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=56 ms Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=4 ms Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=4 ms Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=52 ms Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=3 ms...
Page 328
[Spoke-PE2-bgp-vpn1] quit [Spoke-PE2-bgp] quit # Configure the Hub-PE. [Hub-PE] bgp 100 [Hub-PE-bgp] ipv4-family vpn-instance vpn1-in [Hub-PE-bgp-vpn1-in] peer 10.3.1.1 as-number 65430 [Hub-PE-bgp-vpn1-in] import-route direct [Hub-PE-bgp-vpn1-in] quit [Hub-PE-bgp] ipv4-family vpn-instance vpn1-out [Hub-PE-bgp-vpn1-out] peer 10.4.1.1 as-number 65430 [Hub-PE-bgp-vpn1-out] peer 10.4.1.1 allow-as-loop [Hub-PE-bgp-vpn1-out] import-route direct [Hub-PE-bgp-vpn1-out] quit [Hub-PE-bgp] quit After the configurations, execute the display bgp vpnv4 vpn-instance peer command on the...
Page 329
[Hub-PE-bgp] peer 3.3.3.9 as-number 100 [Hub-PE-bgp] peer 3.3.3.9 connect-interface loopback 0 [Hub-PE-bgp] ipv4-family vpnv4 [Hub-PE-bgp-af-vpnv4] peer 1.1.1.9 enable [Hub-PE-bgp-af-vpnv4] peer 3.3.3.9 enable [Hub-PE-bgp-af-vpnv4] quit [Hub-PE-bgp] quit After the configurations, execute the display bgp peer command or the display bgp vpnv4 all peer command on the PEs.
Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=250 time=2 ms --- 10.2.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/3 ms Configuring inter-AS option A Network requirements CE 1 and CE 2 belong to the same VPN. CE 1 accesses the network through PE 1 in AS 100 and CE 2 accesses the network through PE 2 in AS 200.
Page 331
This example uses OSPF. Be sure to advertise the route to the 32-bit loopback interface address of each router through OSPF. The loopback interface address of a router is to be used as the router's LSR ID. (Details not shown.) After the configurations, each ASBR PE and the PE in the same AS can establish OSPF adjacencies.
Page 332
[PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 5/1/1 [PE2-POS5/1/1] mpls [PE2-POS5/1/1] mpls ldp [PE2-POS5/1/1] quit After the configurations, each PE and the ASBR PE in the same AS can establish neighbor relationship. Execute the display mpls ldp session command on the devices. The output shows that the session status is Operational.
Page 333
[ASBR-PE1] interface pos 5/1/2 [ASBR-PE1-POS5/1/2] ip binding vpn-instance vpn1 [ASBR-PE1-POS5/1/2] ip address 192.1.1.1 24 [ASBR-PE1-POS5/1/2] quit # Configure ASBR PE 2, creating a VPN instance and binding the instance to the interface connected with ASBR PE 1. (ASBR PE 2 considers ASBR PE 1 its CE.) [ASBR-PE2] ip vpn-instance vpn1 [ASBR-PE2-vpn-vpn1] route-distinguisher 200:2 [ASBR-PE2-vpn-vpn1] vpn-target 100:1 both...
Page 335
PEs in the same AS run IS-IS. PE 1 and ASBR-PE 1 exchange labeled IPv4 routes by MP-IBGP. PE 2 and ASBR-PE 2 exchange labeled IPv4 routes by MP-IBGP. ASBR-PE 1 and ASBR-PE 2 exchange labeled IPv4 routes by MP-EBGP. ASBRs do not perform route target filtering of received VPN-IPv4 routes.
Page 336
[PE1-Serial2/1/1] ip address 1.1.1.2 255.0.0.0 [PE1-Serial2/1/1] isis enable 1 [PE1-Serial2/1/1] mpls [PE1-Serial2/1/1] mpls ldp [PE1-Serial2/1/1] quit # Configure interface Loopback 0 and start IS-IS on it. [PE1] interface loopback 0 [PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and route target attributes.
Page 337
# Configure interface Serial 2/1/1, and start IS-IS and enable MPLS and LDP on the interface. [ASBR-PE1] interface serial 2/1/1 [ASBR-PE1-Serial2/1/1] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-Serial2/1/1] isis enable 1 [ASBR-PE1-Serial2/1/1] mpls [ASBR-PE1-Serial2/1/1] mpls ldp [ASBR-PE1-Serial2/1/1] quit # Configure interface Serial 2/1/2 and enable MPLS. [ASBR-PE1] interface serial 2/1/2 [ASBR-PE1-Serial2/1/2] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Serial2/1/2] mpls...
Page 338
[ASBR-PE2-Serial2/1/1] quit # Configure interface Serial 2/1/2 and enable MPLS. [ASBR-PE2] interface serial 2/1/2 [ASBR-PE2-Serial2/1/2] ip address 11.0.0.1 255.0.0.0 [ASBR-PE2-Serial2/1/2] mpls [ASBR-PE2-Serial2/1/2] quit # Configure interface Loopback 0 and start IS-IS on it. [ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit # Start BGP on ASBR-PE 2.
Page 341
# Create VPN instance vpn1 and configure the RD and route target attributes. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Configure interface Loopback 1 and bind the interface to VPN instance vpn1. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ip address 30.0.0.1 32...
Page 342
[ASBR-PE1-Serial2/1/1] mpls [ASBR-PE1-Serial2/1/1] mpls ldp [ASBR-PE1-Serial2/1/1] quit # Configure interface Serial 2/1/2 and enable MPLS on it. [ASBR-PE1] interface serial 2/1/2 [ASBR-PE1-Serial2/1/2] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Serial2/1/2] mpls [ASBR-PE1-Serial2/1/2] quit # Configure interface Loopback 0 and start IS-IS on it. [ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.3.3.9 32 [ASBR-PE1-LoopBack0] isis enable 1...
Page 343
[ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit # Configure interface Serial 2/1/1, and start IS-IS and enable MPLS and LDP on the interface. [ASBR-PE2] interface serial 2/1/1 [ASBR-PE2-Serial2/1/1] ip address 9.1.1.1 255.0.0.0 [ASBR-PE2-Serial2/1/1] isis enable 1 [ASBR-PE2-Serial2/1/1] mpls [ASBR-PE2-Serial2/1/1] mpls ldp [ASBR-PE2-Serial2/1/1] quit # Configure interface Loopback 0 and start IS-IS on it.
Page 344
[PE2] isis 1 [PE2-isis-1] network-entity 10.4444.4444.4444.4444.00 [PE2-isis-1] quit # Configure LSR ID, enable MPLS and LDP. [PE2] mpls lsr-id 5.5.5.9 [PE2] mpls [PE2-mpls] label advertise non-null [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure interface Serial 2/1/1, and start IS-IS and enable MPLS and LDP on the interface. [PE2] interface serial 2/1/1 [PE2-Serial2/1/1] ip address 9.1.1.2 255.0.0.0 [PE2-Serial2/1/1] isis enable 1...
# Redistribute direct routes to the routing table of vpn1. [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] quit Verify the configuration: After the configurations, PE 1 and PE 2 can ping each other: [PE2] ping –vpn-instance vpn1 30.0.0.1 [PE1] ping –vpn-instance vpn1 20.0.0.1 Configuring carrier's carrier Network requirements...
Page 346
POS5/1/2 10.1.1.1/24 POS5/1/2 20.1.1.2/24 CE 1 Loop0 2.2.2.9/32 CE 2 Loop0 5.5.5.9/32 POS5/1/1 10.1.1.2/24 POS5/1/1 21.1.1.2/24 POS5/1/2 11.1.1.1/24 POS5/1/2 20.1.1.1/24 PE 1 Loop0 3.3.3.9/32 PE 2 Loop0 4.4.4.9/32 POS5/1/1 11.1.1.2/24 POS5/1/1 30.1.1.2/24 POS5/1/2 30.1.1.1/24 POS5/1/2 21.1.1.1/24 Configuration procedure Configure MPLS L3VPN on the provider carrier backbone—start IS-IS as the IGP, enable LDP between PE 1 and PE 2, and establish an MP-IBGP peer relationship between the PEs: # Configure PE 1.
Page 347
LDP Session(s) in Public Network Total number of sessions: 1 ---------------------------------------------------------------- Peer-ID Status SsnRole KA-Sent/Rcv ---------------------------------------------------------------- 4.4.4.9:0 Operational Active 378/378 ---------------------------------------------------------------- LAM : Label Advertisement Mode : Fault Tolerance [PE1] display bgp peer BGP local router ID : 3.3.3.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer...
Page 349
# Configure CE 1. [CE1] interface pos 5/1/2 [CE1-POS5/1/2] ip address 11.1.1.1 24 [CE1-POS5/1/2] isis enable 2 [CE1-POS5/1/2] mpls [CE1-POS5/1/2] mpls ldp [CE1-POS5/1/2] mpls ldp transport-address interface [CE1-POS5/1/2] quit After the configurations, PE 1 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them.
Page 350
Verify the configuration: After completing all the configurations, execute the display ip routing-table command on PE 1 and PE 2. The output shows that only routes of the provider carrier network are present in the public network routing table of PE 1 and PE 2. Take PE 1 as an example: [PE1] display ip routing-table Routing Tables: Public Destinations : 7...
Page 351
11.1.1.1/32 Direct 0 127.0.0.1 InLoop0 11.1.1.2/32 Direct 0 11.1.1.2 POS5/1/2 20.1.1.0/24 ISIS 11.1.1.2 POS5/1/2 21.1.1.0/24 ISIS 11.1.1.2 POS5/1/2 21.1.1.2/32 ISIS 11.1.1.2 POS5/1/2 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Execute the display ip routing-table command on PE 3 and PE 4. The output shows that the internal routes of the customer carrier network are present in the public network routing tables.
0.00% packet loss round-trip min/avg/max = 60/87/127 ms CE 3 and CE 4 can ping each other: [CE3] ping 120.1.1.1 PING 120.1.1.1: 56 data bytes, press CTRL_C to break Reply from 120.1.1.1: bytes=56 Sequence=1 ttl=252 time=102 ms Reply from 120.1.1.1: bytes=56 Sequence=2 ttl=252 time=69 ms Reply from 120.1.1.1: bytes=56 Sequence=3 ttl=252 time=105 ms Reply from 120.1.1.1: bytes=56 Sequence=4 ttl=252 time=88 ms Reply from 120.1.1.1: bytes=56 Sequence=5 ttl=252 time=87 ms...
Page 353
Figure 94 Network diagram Loop0 Loop0 AS 100 PE 1 PE 2 POS5/1/2 POS5/1/1 POS5/1/1 POS5/1/2 Carrier VPN CE 1 CE 2 Customer VPN Customer VPN POS5/1/2 POS5/1/1 AS 200 AS 200 VPN 1 VPN 1 POS5/1/1 POS5/1/2 POS5/1/2 POS5/1/2 PE 3 PE 4 GE2/1/1...
Page 358
[PE3-bgp] ipv4-family vpnv4 [PE3-bgp-af-vpnv4] peer 2.2.2.9 enable # Allow the local AS number to appear in the AS-PATH attribute of the routes received. [PE3-bgp-af-vpnv4] peer 2.2.2.9 allow-as-loop 2 [PE3-bgp-af-vpnv4] quit [PE3-bgp] quit # Configure CE 1. [CE1] bgp 200 [CE1-bgp] peer 1.1.1.9 as-number 200 [CE1-bgp] peer 1.1.1.9 connect-interface loopback 0 [CE1-bgp] ipv4-family vpnv4 [CE1-bgp-af-vpnv4] peer 1.1.1.9 enable...
Page 359
127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 130.1.1.0/24 4.4.4.9 NULL0 Execute the display bgp vpnv4 all routing-table command on CE 1 and CE 2 to verify that the VPNv4 routing tables on the customer VPN contain internal sub-VPN routes. Take CE 1 as an example.
Page 360
Routing Tables: SUB_VPN1 Destinations : 5 Routes : 5 Destination/Mask Proto Cost NextHop Interface 100.1.1.0/24 Direct 0 100.1.1.2 GE2/1/1 100.1.1.2/32 Direct 0 127.0.0.1 InLoop0 120.1.1.0/24 2.2.2.9 NULL0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Execute the display ip routing-table command on CE 3 and CE 4 to verify that the routing tables contain routes of remote sub-VPNs.
--- 120.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 69/90/105 ms CE 5 and CE 6 can ping each other successfully. [CE5] ping 130.1.1.1 PING 130.1.1.1: 56 data bytes, press CTRL_C to break Reply from 130.1.1.1: bytes=56 Sequence=1 ttl=252 time=102 ms Reply from 130.1.1.1: bytes=56 Sequence=2 ttl=252 time=69 ms Reply from 130.1.1.1: bytes=56 Sequence=3 ttl=252 time=105 ms...
Page 362
Figure 95 Network diagram Configuration procedure Configure CE 1: # Configure the IP addresses of the interfaces on CE 1. <CE1> system-view [CE1] interface gigabitethernet 2/1/1 [CE1-GigabitEthernet2/1/1] ip address 100.1.1.1 24 [CE1-GigabitEthernet2/1/1] quit [CE1] interface serial 2/1/1 [CE1-Serial2/1/1] ip address 1.1.1.2 24 [CE1-Serial2/1/1] quit # Configure a default route to PE 1 on CE 1.
[PE1] ip route-static vpn-instance vpn2 100.1.1.0 24 vpn-instance vpn1 1.1.1.2 [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn2 [PE1-bgp-vpn2] import-route static [PE1-bgp-vpn2] quit [PE1-bgp] quit # Configure a routing policy, allowing packets from Host A that have no routes in the native VPN instance to be forwarded along private network routes in VPN instance vpn2.
Page 364
CE 1 GE2/1/1 10.2.1.1/24 CE 3 GE2/1/1 10.1.1.1/24 CE 2 GE2/1/1 10.4.1.1/24 CE 4 GE2/1/1 10.3.1.1/24 UPE 1 Loop0 1.1.1.9/32 UPE 2 Loop0 4.4.4.9/32 GE2/1/1 10.2.1.2/24 GE2/1/1 172.2.1.1/24 GE2/1/2 10.4.1.2/24 GE2/1/2 10.1.1.2/24 GE2/1/3 172.1.1.1/24 GE2/1/3 10.3.1.2/24 SPE 1 Loop0 2.2.2.9/32 SPE 2 Loop0 3.3.3.9/32...
Page 365
[UPE1] interface gigabitethernet 2/1/2 [UPE1-GigabitEthernet2/1/2] ip binding vpn-instance vpn2 [UPE1-GigabitEthernet2/1/2] ip address 10.4.1.2 24 [UPE1-GigabitEthernet2/1/2] quit # Configure UPE 1 to establish MP-IBGP peer relationship with SPE 1 and to inject VPN routes. [UPE1] bgp 100 [UPE1-bgp] peer 2.2.2.9 as-number 100 [UPE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [UPE1-bgp] ipv4-family vpnv4 [UPE1-bgp-af-vpnv4] peer 2.2.2.9 enable...
Page 366
[UPE2-mpls-ldp] quit [UPE2] interface gigabitethernet 2/1/1 [UPE2-GigabitEthernet2/1/1] ip address 172.2.1.1 24 [UPE2-GigabitEthernet2/1/1] mpls [UPE2-GigabitEthernet2/1/1] mpls ldp [UPE2-GigabitEthernet2/1/1] quit # Configure the IGP protocol, OSPF, for example. [UPE2] ospf [UPE2-ospf-1] area 0 [UPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [UPE2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [UPE2-ospf-1-area-0.0.0.0] quit [UPE2-ospf-1] quit # Configure VPN instances vpn1 and vpn2, allowing CE 3 and CE 4 to access UPE 2.
[SPE2-bgp] ipv4-family vpnv4 [SPE2-bgp-af-vpnv4] peer 4.4.4.9 upe route-policy hope export Configuring OSPF sham links Network requirements CE 1 and CE 2 belong to VPN 1 and are connected to PE 1 and PE 2, respectively. CE 1 and CE 2 are in the same OSPF area. VPN traffic between CE 1 and CE 2 is required to be forwarded through the MPLS backbone, instead of any route in the OSPF area.
Page 371
20.1.1.2/32 Direct 0 20.1.1.2 S2/1/2 30.1.1.0/24 OSPF 3124 20.1.1.2 S2/1/2 100.1.1.0/24 Direct 0 100.1.1.1 GE2/1/1 100.1.1.1/32 Direct 0 127.0.0.1 InLoop0 120.1.1.0/24 OSPF 3125 20.1.1.2 S2/1/2 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configure MPLS L3VPN on the backbone: # Configure basic MPLS and MPLS LDP on PE 1 to establish LDP LSPs.
Page 372
[PE2] interface serial 2/1/2 [PE2-Serial2/1/2] ip address 10.1.1.2 24 [PE2-Serial2/1/2] mpls [PE2-Serial2/1/2] mpls ldp [PE2-Serial2/1/2] quit # Configure PE 2 to take PE 1 as the MP-IBGP peer. [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit...
Page 374
After completing the configurations, execute the display ip routing-table vpn-instance command again on the PEs, you can see that the path to the peer CE is now along the BGP route across the backbone, and that a route to the sham link destination address is present. Take PE 1 as an example: [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1...
Configuring MCE Network requirements As shown in Figure 98, VPN 2 runs RIP. Configure the MCE device to separate routes from different VPNs and advertise the VPN routes to PE 1 through OSPF. Figure 98 Network diagram VPN 2 Site 1 PE 2 PE 1 GE3/1/3.1...
Page 376
# Bind interface GigabitEthernet 3/1/1 with VPN instance vpn1 and configure an IP address for the interface. [MCE] interface gigabitethernet 3/1/1 [MCE-GigabitEthernet3/1/1] ip binding vpn-instance vpn1 [MCE-GigabitEthernet3/1/1] ip address 10.214.10.3 24 [MCE-GigabitEthernet3/1/1] quit # Bind interface GigabitEthernet 3/1/2 with VPN instance vpn2, and configure an IP address for the interface.
Page 377
Routing Tables: vpn1 Destinations : 5 Routes : 5 Destination/Mask Proto Cost NextHop Interface 10.214.10.0/24 Direct 0 10.214.10.3 GE3/1/1 10.214.10.3/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 192.168.0.0/24 Static 60 10.214.10.2 GE3/1/1 [MCE] display ip routing-table vpn-instance vpn2 Routing Tables: vpn2 Destinations : 5 Routes : 5...
Page 378
# On PE 1, bind subinterface GigabitEthernet 3/1/1.2 with the VPN instance vpn2, configure the subinterface to terminate VLAN 20, and configure an IP address for the subinterface. [PE1] interface gigabitethernet 3/1/1.2 [PE1-GigabitEthernet3/1/1.2] ip binding vpn-instance vpn2 [PE1-GigabitEthernet3/1/1.2] vlan-type dot1q vid 20 [PE1-GigabitEthernet3/1/1.2] ip address 30.1.1.2 24 [PE1-GigabitEthernet3/1/1.2] quit # Configure the IP address of the interface Loopback0 as 101.101.10.1 for the MCE and as...
127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 192.168.10.0/24 O_ASE 30.1.1.1 GE3/1/1.2 Now, the routing information for the two VPNs has been redistributed into the routing tables on PE 1. Configuring BGP AS number substitution Network requirements As shown in Figure 99, CE 1 and CE 2 belong to VPN 1 and are connected to PE 1 and PE 2 respectively.
Page 380
by CE 1 to access PE 1 resides, but it has not learned the route to the VPN (100.1.1.0/24) behind CE 1. The situation on CE 1 is similar. <CE2> display ip routing-table Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Cost...
Page 381
*> 10.1.1.0/24 10.2.1.2 100? *> 10.1.1.1/32 10.2.1.2 100? 10.2.1.0/24 10.2.1.2 100? 10.2.1.1/32 10.2.1.2 100? Configure BGP AS number substitution: # Configure BGP AS number substitution on PE 2. <PE2> system-view [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.2.1.1 substitute-as [PE2-bgp-vpn1] quit [PE2-bgp] quit The output shows that among the routes advertised by PE 2 to CE 2, the AS_PATH of...
<CE1> ping –a 100.1.1.1 200.1.1.1 PING 200.1.1.1: 56 data bytes, press CTRL_C to break Reply from 200.1.1.1: bytes=56 Sequence=1 ttl=253 time=109 ms Reply from 200.1.1.1: bytes=56 Sequence=2 ttl=253 time=67 ms Reply from 200.1.1.1: bytes=56 Sequence=3 ttl=253 time=66 ms Reply from 200.1.1.1: bytes=56 Sequence=4 ttl=253 time=85 ms Reply from 200.1.1.1: bytes=56 Sequence=5 ttl=253 time=70 ms --- 200.1.1.1 ping statistics --- 5 packet(s) transmitted...
Page 383
PE 3 Loop0 4.4.4.9/32 GE2/1/1 30.1.1.2/24 GE2/1/1 10.3.1.2/24 GE2/1/2 40.1.1.2/24 GE2/1/2 50.1.1.2/24 GE2/1/3 50.1.1.1/24 Configuration procedure Configure basic MPLS L3VPN: Configure OSPF on the MPLS backbone to allow the PEs and P device to learn the routes of the loopback interfaces from each other.
[PE1-bgp] quit # On PE 2, configure a routing policy named soo to add the specified SoO attribute. <PE2> system-view [PE2] route-policy soo permit node 10 [PE2-route-policy] apply extcommunity soo 1:100 additive [PE2-route-policy] quit # On PE 2, apply the routing policy soo to routes received from CE 2. [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.2.1.1 route-policy soo import...
Page 385
Figure 101 Network diagram Device Interface IP address Device Interface IP address CE 1 GE2/1/1 10.2.1.1/24 PE 1 Loop0 1.1.1.1/32 PE 2 Loop0 2.2.2.2/32 GE2/1/1 10.2.1.2/24 GE2/1/1 172.1.1.2/24 GE2/1/2 172.1.1.1/24 10.1.1.2/24 GE2/1/3 172.2.1.1/24 GE2/1/2 PE 3 Loop0 3.3.3.3/32 CE 2 Loop0 4.4.4.4/32 GE2/1/1...
Display routes destined for 4.4.4.4/32 on PE 1. You can see that the active route has a backup next hop. [PE1] display ip routing-table vpn-instance vpn1 4.4.4.4 verbose Routing Table : vpn1 Summary Count : 2 Destination: 4.4.4.4/32 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0...
Page 387
Figure 102 Network diagram Device Interface IP address Device Interface IP address CE 1 GE 2/1/1 10.2.1.1/24 PE 2 Loop0 2.2.2.2/32 PE 1 Loop0 1.1.1.1/32 GE 2/1/1 172.1.1.2/24 GE 2/1/1 10.2.1.2/24 GE 2/1/2 10.1.1.2/24 GE 2/1/2 172.1.1.1/24 GE 2/1/3 172.3.1.1/24 GE 2/1/3 172.2.1.1/24 PE 3...
Configuring IPv6 MPLS L3VPN Overview MPLS L3VPN applies to the IPv4 environment. It uses BGP to advertise IPv4 VPN routes and uses MPLS to forward IPv4 VPN packets on the service provider backbone. IPv6 MPLS L3VPN functions similarly. It uses BGP to advertise IPv6 VPN routes and uses MPLS to forward IPv6 VPN packets on the service provider backbone.
The PC at Site 1 sends an IPv6 packet destined for 2001:2::1, the PC at Site 2. CE 1 transmits the packet to PE 1. Based on the inbound interface and destination address of the packet, PE 1 searches the routing table of the VPN instance.
IPv6 MPLS L3VPN configuration task list Task Remarks Configuring basic IPv6 MPLS L3VPN By configuring basic IPv6 MPLS L3VPN, you can construct simple IPv6 VPN networks over an MPLS Configuring inter-AS IPv6 VPN backbone. To deploy special IPv6 MPLS L3VPN networks, such as inter-AS VPN, you must also perform some Configuring routing on an MCE specific configurations in addition to the basic IPv6...
Step Command Remarks Enter system view. system-view Create a VPN instance and ip vpn-instance enter VPN instance view. vpn-instance-name Configure an RD for the VPN route-distinguisher instance. route-distinguisher Configure a description for description text Optional. the VPN instance. Associating a VPN instance with an interface After creating and configuring a VPN instance, associate the VPN instance with the interface for connecting the CE.
Page 393
Step Command Remarks A single vpn-target command vpn-target vpn-target&<1-8> can configure up to eight route Configure route targets. [ both | export-extcommunity | targets. You can configure up to import-extcommunity ] 64 route targets for a VPN instance. Optional. By default, a VPN instance supports up to 100000 routes.
Page 394
• If the matching tunnel is unavailable (for example, the tunnel is down or the tunnel's ACL does not permit the traffic) and is not specified with the disable-fallback keyword, the local PE continues to match other tunnels. If the tunnel is specified with the disable-fallback keyword, the local PE stops matching and tunnel selection fails.
Step Command Remarks By default, only one tunnel is selected (no load balancing) in this order: LSP tunnel, GRE tunnel, CR-LSP tunnel. The tunneling policy to be applied Apply the tunneling policy tnl-policy tunnel-policy-name must have existed. Otherwise, the to the VPN instance. default tunneling policy is used.
Page 396
Configuring RIPng between a PE and a CE A RIPng process belongs to the public network or a single VPN instance. If you create a RIPng process without binding it to a VPN instance, the process belongs to the public network. To configure RIPng between a PE and a CE: Step Command...
Page 397
Step Command Remarks Enter system view. system-view Create an IPv6 IS-IS Perform this configuration on isis [ process-id ] vpn-instance process for a VPN instance PEs. On CEs, create a normal vpn-instance-name and enter IS-IS view. IPv6 IS-IS process. Configure a network entity network-entity net Not configured by default.
Step Command Remarks Optional. import-route protocol Configure route A CE must advertise its VPN [ process-id ] [ med med-value | redistribution and routes to the connected PE so route-policy route-policy-name ] advertisement. that the PE can advertise them to the peer CE.
Page 399
Step Command Remarks Enter BGP-VPNv6 ipv6-family vpnv6 subaddress family view. Optional. Set the default value of the default local-preference value local preference. 100 by default. Optional. Set the default value for the default med med-value By default, the default value of the system MED.
Step Command Remarks Optional. By default, each RR in a cluster uses its own router ID as the cluster ID. 19. Configure a cluster ID for the reflector cluster-id { cluster-id | route reflector. If more than one RR exists in a ip-address } cluster, use this command to configure the same cluster ID for...
Configuring inter-AS IPv6 VPN option B For inter-AS option B, only one method is available: Change the next hop on an ASBR. With this method, MPLS LDP is not required between ASBRs. Therefore, MP-EBGP routes get their next hops changed by default before being redistributed to MP-IBGP. However, normal EBGP routes to be advertised to IBGP do not have their next hops changed by default.
Step Command Remarks Enable the PE to exchange By default, the PE does not peer { group-name | ip-address } labeled routes with the advertise labeled routes to the label-route-capability ASBR PE in the same AS. IPv4 peer/peer group. Configure the PE of another peer { group-name | ip-address } AS as the EBGP peer.
Configuring routing between an MCE and a VPN site You can configure static routing, RIPng, OSPFv3, IPv6 IS-IS, or EBGP between an MCE and a VPN site. Configuring static routing between an MCE and a VPN site An MCE can reach a VPN site through an IPv6 static route. IPv6 static routing on a traditional CE is globally effective and thus does not support address overlapping among VPNs.
Page 404
Step Command Remarks Enable RIPng on the ripng process-id enable Disabled by default. interface. For more information about RIPng, see Layer 3—IP Routing Configuration Guide. Configuring OSPFv3 between an MCE and a VPN site An OSPFv3 process belongs to the public network or a single IPv6 VPN instance. If you create an OSPFv3 process without binding it to an IPv6 VPN instance, the process belongs to the public network.
Page 405
Step Command Remarks Configure a network entity network-entity net Not configured by default. title for the IS-IS process. Enable the IPv6 capacity for ipv6 enable Disabled by default. the IPv6 IS-IS process. Optional. By default, no routes from any ipv6 import-route protocol other routing protocol are [ process-id ] [ allow-ibgp ] [ cost redistributed to IPv6 IS-IS.
NOTE: After you configure an IPv6 BGP VPN instance, the IPv6 BGP route exchange for the IPv6 VPN instance is the same with the normal IPv6 BGP VPN route exchange. For more information about IPv6 BGP, see Layer 3—IP Routing Configuration Guide. Configure the VPN site: Step Command...
Page 407
Step Command Remarks Enter system view. system-view Create a RIPng process for ripng [ process-id ] vpn-instance an IPv6 VPN instance and vpn-instance-name enter RIPng view. import-route protocol By default, no route of any other [ process-id ] [ allow-ibgp ] [ cost Redistribute the VPN routes.
Page 408
Step Command Remarks Create an IS-IS process for isis [ process-id ] vpn-instance an IPv6 VPN instance and vpn-instance-name enter IS-IS view. Configure a network entity network-entity net Not configured by default. title. Enable the IPv6 capacity for ipv6 enable Disabled by default.
NOTE: IPv6 BGP runs within a VPN in the same way as it runs within a public network. For more information about IPv6 BGP, see Layer 3—IP Routing Configuration Guide. Resetting BGP connections When BGP configuration changes, use the soft reset function or reset BGP connections to make the changes take effect.
Task Command Remarks Display information about BGP display bgp vpnv6 all peer [ ipv4-address verbose | verbose ] [ | { begin | exclude | VPNv6 peers established Available in any view. between PEs. include } regular-expression ] display bgp vpnv6 vpn-instance Display information about IPv6 vpn-instance-name peer [ ipv6-address BGP peers established between...
Page 411
Figure 105 Network diagram AS 65410 AS 65430 VPN 1 VPN 1 CE 1 CE 3 GE2/1/1 GE2/1/1 Loop0 GE2/1/1 GE2/1/1 POS5/1/1 POS5/1/2 Loop0 Loop0 POS5/1/1 POS5/1/1 GE2/1/2 GE2/1/2 MPLS backbone GE2/1/1 GE2/1/1 CE 4 CE 2 VPN 2 VPN 2 AS 65420 AS 65440 Device...
Page 413
Area 0.0.0.0 interface 172.1.1.1(POS5/1/1)'s neighbors Router ID: 172.1.1.2 Address: 172.1.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: None BDR: None MTU: 1500 Dead timer due in 38 Neighbor is up for 00:02:44 Authentication Sequence: [ 0 ] Neighbor state change count: 5 Configure basic MPLS and enable MPLS LDP on the MPLS backbone to establish LDP LSPs: # Configure PE 1.
Page 414
LDP Session(s) in Public Network Total number of sessions: 1 ---------------------------------------------------------------- Peer-ID Status SsnRole KA-Sent/Rcv --------------------------------------------------------------- 2.2.2.9:0 Operational Passive --------------------------------------------------------------- LAM : Label Advertisement Mode : Fault Tolerance [PE1] display mpls ldp lsp LDP LSP Information ------------------------------------------------------------------ DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface ------------------------------------------------------------------ 1.1.1.9/32...
Page 415
[PE2-GigabitEthernet2/1/1] ipv6 address 2001:3::2 96 [PE2-GigabitEthernet2/1/1] quit [PE2] interface gigabitethernet 2/1/2 [PE2-GigabitEthernet2/1/2] ip binding vpn-instance vpn2 [PE2-GigabitEthernet2/1/2] ipv6 address 2001:4::2 24 [PE2-GigabitEthernet2/1/2] quit # Configure IP addresses for the CEs according to Figure 105. (Details not shown.) After completing the configurations, execute the display ip vpn-instance command on the PEs to view information about the VPN instances.
Page 416
[PE1-bgp-ipv6-vpn1] import-route direct [PE1-bgp-ipv6-vpn1] quit [PE1-bgp] ipv6-family vpn-instance vpn2 [PE1-bgp-ipv6-vpn2] peer 2001:2::1 as-number 65420 [PE1-bgp-ipv6-vpn2] import-route direct [PE1-bgp-ipv6-vpn2] quit [PE1-bgp] quit # Configure PE 2 in a similar way to configuring PE 1. (Details not shown.) After completing the configurations, execute the display bgp vpnv6 vpn-instance peer command on the PEs.
0.00% packet loss round-trip min/avg/max = 1/1/1 ms [CE1] ping ipv6 2001:4::1 PING 2001:4::1 : 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 2001:4::1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss...
Page 419
CE 2 GE2/1/1 2001:2::1/96 Tunnel0 20.1.1.2/24 Configuration procedure Configure an IGP on the MPLS backbone to achieve IP connectivity among the PEs and the P router: This example uses OSPF. (Details not shown.) After the configurations, OSPF adjacencies are established between PE 1, P, and PE 2. Execute the display ospf peer command.
Page 420
[PE2-GigabitEthernet2/1/1] quit # Configure CE 1. <CE1> system-view [CE1] interface gigabitethernet 2/1/1 [CE1-GigabitEthernet2/1/1] ipv6 address 2001:1::1 24 [CE1-GigabitEthernet2/1/1] quit # Configure CE 2. <CE2> system-view [CE2] interface gigabitethernet 2/1/1 [CE2-GigabitEthernet2/1/1] ipv6 address 2001:2::1 24 [CE2-GigabitEthernet2/1/1] quit After completing the configurations, execute the display ip vpn-instance command on the PEs to view information about the VPN instance.
Page 421
[PE1-bgp-ipv6-vpn1] import-route direct [PE1-bgp-ipv6-vpn1] quit [PE1-bgp] quit # Configure CE 2 and PE 2 in a similar way to configuring CE 1 and PE 1. (Details not shown.) After completing the configurations, execute the display bgp vpnv6 vpn-instance peer command on the PEs. BGP peer relationships have been established between PEs and CEs, and have reached Established state.
[PE2-Tunnel0] mpls [PE2-Tunnel0] quit Verify the configuration: # Display the routing table of each CE. The CEs have learned the route to each other. # From each CE, ping the other CE. The CEs can ping each other. [CE1] ping ipv6 2001:2::1 PING 2001:2::1 : 56 data bytes, press CTRL_C to break Reply from 2001:2::1...
Page 423
Figure 107 Network diagram Device Interface IP address Device Interface IP address CE 1 GE2/1/1 2001:1::1/96 CE 2 GE2/1/1 2001:2::1/96 PE 1 Loop0 1.1.1.9/32 PE 2 Loop0 4.4.4.9/32 GE2/1/1 2001:1::2/96 GE2/1/1 2001:2::2/96 POS5/1/1 172.1.1.2/24 POS5/1/1 162.1.1.2/24 ASBR-PE1 Loop0 2.2.2.9/32 ASBR-PE2 Loop0 3.3.3.9/32 POS5/1/1...
Page 424
[PE1-POS5/1/1] mpls ldp [PE1-POS5/1/1] quit # Configure basic MPLS on ASBR-PE 1 and enable MPLS LDP for both ASBR-PE 1 and the interface connected to PE 1. <ASBR-PE1> system-view [ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit [ASBR-PE1] interface pos 5/1/1 [ASBR-PE1-POS5/1/1] mpls...
Page 425
# Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ipv6 address 2001:1::2 96 [PE1-GigabitEthernet2/1/1] quit # Configure CE 2. <CE2> system-view [CE2] interface gigabitethernet 2/1/1 [CE2-GigabitEthernet2/1/1] ipv6 address 2001:2::1 96 [CE2-GigabitEthernet2/1/1] quit # Configure PE 2.
Page 426
# Configure CE 1. [CE1] bgp 65001 [CE1-bgp] ipv6-family [CE1-bgp-af-ipv6] peer 2001:1::2 as-number 100 [CE1-bgp-af-ipv6] import-route direct [CE1-bgp-af-ipv6] quit # Configure PE 1. [PE1] bgp 100 [PE1-bgp] ipv6-family vpn-instance vpn1 [PE1-bgp-ipv6-vpn1] peer 2001:1::1 as-number 65001 [PE1-bgp-ipv6-vpn1] import-route direct [PE1-bgp-ipv6-vpn1] quit [PE1-bgp] quit # Configure CE 2.
bytes=56 Sequence=3 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=4 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=5 hop limit=64 time = 1 ms --- 2001:1::1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms [PE1] ping ipv6 –vpn-instance vpn1 2001:1::2...
Page 434
Figure 109 Network diagram Device Interface IP address Device Interface IP address CE 3 GE2/1/1 2001:1::1/96 CE 4 GE2/1/1 2001:2::1/96 PE 3 Loop0 1.1.1.9/32 PE 4 Loop0 6.6.6.9/32 GE2/1/1 2001:1::2/96 GE2/1/1 2001:2::2/96 POS5/1/2 10.1.1.1/24 POS5/1/2 20.1.1.2/24 CE 1 Loop0 2.2.2.9/32 CE 2 Loop0 5.5.5.9/32...
Page 438
[PE3-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE3-GigabitEthernet2/1/1] ipv6 address 2001:1::2 96 [PE3-GigabitEthernet2/1/1] quit [PE3] bgp 100 [PE3-bgp] ipv6-family vpn-instance vpn1 [PE3-bgp-ipv6-vpn1] peer 2001:1::1 as-number 65410 [PE3-bgp-ipv6-vpn1] import-route direct [PE3-bgp-ipv6-vpn1] quit [PE3-bgp] quit # Configure PE 4 and CE 4 in a similar way to configuring PE 3 and CE 3. (Details not shown.) Configure an MP-IBGP peer relationship between the PEs of the customer carrier to exchange the VPN routes of the end customers: # Configure PE 3.
Page 439
11.1.1.1/32 Direct 0 127.0.0.1 InLoop0 11.1.1.2/32 Direct 0 11.1.1.2 POS5/1/1 20.1.1.0/24 4.4.4.9 NULL0 21.1.1.0/24 4.4.4.9 NULL0 21.1.1.2/32 4.4.4.9 NULL0 # Execute the display ipv6 routing-table vpn-instance command on PE 1 and PE 2. The output shows that their VPN routing tables do not contain the VPN routes that the customer carrier maintains.
21.1.1.0/24 ISIS 10.1.1.2 POS5/1/2 21.1.1.2/32 ISIS 10.1.1.2 POS5/1/2 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Ping PE 3 from PE 4 and ping PE 4 from PE 3. PE 3 and PE 4 can ping each other: [PE3] ping 20.1.1.2 PING 20.1.1.2: 56 data bytes, press CTRL_C to break...
Page 441
Figure 110 Network diagram VPN 2 Site 1 PE 2 PE 1 GE2/1/1.2 PE 3 GE2/1/1.1 GE2/1/3.2 GE2/1/1 VPN 1 GE2/1/3.1 2001:1::2/96 2012:1::/64 GE2/1/1 GE2/1/2 VPN 1 2001:1::1/64 2012:1::2/64 GE2/1/2 VR 1 Site 2 2002:1::1/64 GE2/1/1 2002:1::2/64 VR 2 GE2/1/2 2012::2/64 VPN 2 2012::/64...
Page 442
[MCE] interface gigabitethernet 2/1/2 [MCE-GigabitEthernet2/1/2] ip binding vpn-instance vpn2 [MCE-GigabitEthernet2/1/2] ipv6 address 2002:1::1 64 [MCE-GigabitEthernet2/1/2] quit # On PE 1, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance. <PE1> system-view [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 30:1 [PE1-vpn-instance-vpn1] vpn-target 10:1 [PE1-vpn-instance-vpn1] quit...
Page 444
<PE1> system-view [PE1] interface gigabitethernet 2/1/1.1 [PE1-GigabitEthernet2/1/1.1] vlan-type dot1q vid 10 [PE1-GigabitEthernet2/1/1.1] ipv6 address 2001:2::4 64 [PE1-GigabitEthernet2/1/1.1] quit [PE1] interface gigabitethernet 2/1/1.2 [PE1-GigabitEthernet2/1/1.2] vlan-type dot1q vid 20 [PE1-GigabitEthernet2/1/1.2] ipv6 address 2002:2::4 64 [PE1-GigabitEthernet2/1/1.2] quit # Enable IPv6 ISIS process 10 on the MCE, bind the process to VPN instance vpn1, and redistribute the IPv6 static route of VPN 1.
Page 445
Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost The output shows that PE 1 has learned the private route of VPN 1 through IPv6 ISIS. Take similar procedures to configure IPv6 ISIS process 20 between the MCE and PE 1 and redistribute VPN 2's routes from RIPng process 20 into the IPv6 ISIS routing table of the MCE.
Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.
Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Hewlett Packard Enterprise Support Center More Information on Access to Support Materials page: www.hpe.com/support/AccessToSupportMaterials IMPORTANT: Access to some updates might require product entitlement when accessed through the Hewlett Packard Enterprise Support Center. You must have an HP Passport set up with relevant entitlements.
Websites Website Link Networking websites Hewlett Packard Enterprise Information Library for www.hpe.com/networking/resourcefinder Networking Hewlett Packard Enterprise Networking website www.hpe.com/info/networking Hewlett Packard Enterprise My Networking website www.hpe.com/networking/support Hewlett Packard Enterprise My Networking Portal www.hpe.com/networking/mynetworking Hewlett Packard Enterprise Networking Warranty www.hpe.com/networking/warranty General websites Hewlett Packard Enterprise Information Library www.hpe.com/info/enterprise/docs Hewlett Packard Enterprise Support Center...
Page 450
part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.
Index configuring ATM AAL5 frame encapsulation (MPLS L2VPN), 157 AC packet encapsulation (VPLS), 200 attribute address advertising TE attribute (MPLS TE), 39 address space overlapping (MPLS affinity attribute (MPLS TE), 40 L3VPN), 238 BGP extended community (MPLS L3VPN), 239 configuring BGP-VPNv6 subaddress family configuring affinity attribute (CR-LSP MPLS routing (IPv6 MPLS L3VPN), 390 TE), 64...
Page 452
extended community attributes (MPLS configuring PE and CE routing (IPv6 MPLS L3VPN), 239 L3VPN), 387 MP-BGP (MPLS L3VPN), 240 configuring PE and CE routing (MPLS L3VPN), 265 OSPF sham link (MPLS L3VPN), 256 configuring PE and CE static routing (IPv6 MPLS redistributing OSPF loopback interface route L3VPN), 387 (MPLS L3VPN), 280...
Page 453
CR-LSP reoptimization (MPLS TE), 65 IPv6 static routing between IPv6 MCE and PE, 398 CSPF (MPLS TE), 56 IPv6 static routing between IPv6 MCE and VPN EBGP between IPv6 MCE and PE, 400 site, 395 EBGP between IPv6 MCE and VPN site, 397 IS-IS between MCE and PE, 288 EBGP between MCE and PE, 289 IS-IS between MCE and VPN site, 284...
Page 454
OSPF between MCE and PE, 287 RSVP-TE refresh mechanism (MPLS TE), 60 OSPF between MCE and VPN site, 283 RSVP-TE reservation style (MPLS TE), 59 OSPF loopback interface (MPLS L3VPN), 280 RSVP-TE resource reservation confirmation (MPLS TE), 61 OSPF sham link (MPLS L3VPN), 280, 362 RSVP-TE state timer (MPLS TE), 60 OSPFv3 between IPv6 MCE and PE, 399 static LSP (MPLS), 10, 30...
Page 455
Martini VC on Layer 3 interface (MPLS redistributing OSPF loopback interface route into L2VPN), 162 BGP (MPLS L3VPN), 280 OSPF sham link (MPLS L3VPN), 281 dynamic signaling (configuring tunnel MPLS TE), 54 tunnel over static CR-LSP (MPLS TE), 53 VPN instance (IPv6 MPLS L3VPN), 383 EBGP VPN instance (MPLS L3VPN), 261 configuring between PE and CE (MPLS...
Page 458
configuring PE and CE IPv6 IS-IS, 388 advertisement mode (MPLS), 4 configuring PE and CE OSPFv3, 388 configuring filtering (LDP MPLS), 16 configuring PE and CE RIPng, 388 configuring label acceptance control (LDP MPLS), 16 configuring PE and CE routing, 387 configuring label advertisement control (LDP configuring PE and CE static routing, 387 MPLS), 17...
Page 468
configuring PE and PE routing (MPLS configuring affinity attribute (CR-LSP MPLS L3VPN), 270 TE), 64 OSPF multi-instance on PE (MPLS configuring ATM AAL5 frame encapsulation L3VPN), 254 (MPLS L2VPN), 157 PE and CE routing information exchange configuring BFD for LDP (MPLS), 18 (IPv6 MPLS L3VPN), 382 configuring BFD for primary link (H-VPLS), 227 PE and PE routing information exchange...
Page 469
configuring HoVPN (MPLS L3VPN), 279, 355 configuring IS-IS between MCE and VPN site, 284 configuring hub-spoke network (MPLS L3VPN), 314 configuring IS-IS TE (MPLS TE), 56 configuring IBGP between MCE and PE, 289 configuring Kompella (MPLS L2VPN), 164, 188 configuring IBGP between MCE and VPN configuring Kompella local connection(MPLS site, 285 L2VPN), 190...
Page 470
configuring nested VPN (MPLS configuring primary and backup SVCs on Layer 3 L3VPN), 277, 344 interface (MPLS L2VPN), 159 configuring node protection (MPLS TE), 75 configuring PW redundancy for H-VPLS (VPLS), 223 configuring OSPF (MPLS TE), 56 configuring remote CCC connection (MPLS configuring OSPF between MCE and PE, 287 L2VPN), 157, 170 configuring OSPF between MCE and VPN...
Page 472
refresh mechanism (configuring RSVP-TE MPLS CE and PE routing information exchange (IPv6 TE), 60 MPLS L3VPN), 382 remote peer configuring BGP VPNv4 subaddress family (MPLS L3VPN), 271 configuring for PE (Martini MPLS L2VPN), 162 configuring BGP VPNv4 subaddress family reoptimizing (configuring CR-LSPMPLS TE), 65 common feature (MPLS L3VPN), 271 reservation configuring BGP VPNv4 subaddress family...
Page 473
configuring PE and CE (MPLS L3VPN), 265 information advertisement (IPv6 MPLS L3VPN), 382 configuring PE and CE EBGP (IPv6 MPLS L3VPN), 389 information advertisement (MPLS L3VPN), 244 configuring PE and CE EBGP (MPLS information exchange CE to PE (MPLS L3VPN), 268 L3VPN), 244 configuring PE and CE IBGP (MPLS information exchange PE to PE (MPLS...
Page 474
RSB timeout (MPLS TE), 44 configuring IPv6 static routing between IPv6 MCE and VPN site, 395 RSVP refresh mechanism (MPLS TE), 43 configuring PE and CE (IPv6 MPLS L3VPN), 387 setting up LSP tunnel (MPLS TE), 43 configuring PE and CE (MPLS L3VPN), 265 soft state (MPLS TE), 46 configuring static routing between MCE and PE, 287...
Page 476
configuring for service instance (MPLS CE and PE routing information exchange (IPv6 L2VPN), 192 MPLS L3VPN), 382 creating Martini for service instance (MPLS configuring (Kompella MPLS L2VPN), 164 L2VPN), 163 configuring BGP (VPLS), 207 creating Martini on Layer 3 interface (MPLS configuring BGP AS number substitution (MPLS L2VPN), 162 L3VPN), 290, 371, 374...
Page 477
configuring inter-AS IPv6 VPN option C (IPv6 configuring OSPF loopback interface (MPLS MPLS L3VPN), 393, 393, 419 L3VPN), 280 configuring inter-AS option A (MPLS configuring OSPF sham link (MPLS L3VPN), 322 L3VPN), 280, 362 configuring inter-AS option B (MPLS configuring OSPFv3 between IPv6 MCE and L3VPN), 326 PE, 399 configuring inter-AS option C (MPLS...