Page 1 HPE FlexNetwork HSR6800 Routers MPLS Configuration Guide Part number:5998-4494R Software version: HSR6800-CMW520-R3303P25 Document version: 6W105-20151231...
Page 2 © Copyright 2015 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Page 3: Table Of Contents
Contents Configuring basic MPLS ················································································· 1 Overview ···························································································································································· 1 Basic concepts ··········································································································································· 1 MPLS network structure ····························································································································· 2 LSP establishment and label distribution ··································································································· 3 MPLS forwarding ········································································································································ 5 LDP ···························································································································································· 7 Protocols ···················································································································································· 8 MPLS configuration task list ······························································································································· 9 Enabling the MPLS function ·····························································································································...
Page 4 Traffic forwarding ····································································································································· 44 Automatic bandwidth adjustment ············································································································· 46 CR-LSP backup ······································································································································· 46 FRR ·························································································································································· 46 DiffServ-aware TE ···································································································································· 47 MPLS LDP over MPLS TE ······················································································································· 49 Protocols and standards ·························································································································· 50 MPLS TE configuration task list ······················································································································· 51 Configuring basic MPLS TE ····························································································································· 51 Configuring DiffServ-aware TE ························································································································...
Page 5 MPLS TE configuration examples ···················································································································· 82 MPLS TE using static CR-LSP configuration example ············································································ 82 MPLS TE tunnel using RSVP-TE configuration example ········································································· 86 Inter-AS MPLS TE tunnel using RSVP-TE Configuration example ·························································· 92 RSVP-TE GR configuration example ····································································································· 100 MPLS RSVP-TE and BFD cooperation configuration example ······························································...
Page 6 Configuring VPLS ······················································································· 197 Overview ························································································································································ 197 Operation of VPLS ································································································································· 197 VPLS packet encapsulation ··················································································································· 200 H-VPLS implementation ························································································································· 200 Multi-hop PW ·········································································································································· 202 VPLS configuration task list ··························································································································· 203 Enabling L2VPN and MPLS L2VPN ·············································································································· 203 Configuring static VPLS ································································································································· 204 Configuring a static VPLS instance ········································································································...
Page 7 Configuring a static route ······················································································································· 279 Configuring HoVPN ········································································································································ 279 Configuring an OSPF sham link ····················································································································· 280 Configuring a loopback interface ············································································································ 280 Redistributing the loopback interface route and OSPF routes into BGP ················································ 280 Creating a sham link ······························································································································ 281 Configuring routing on an MCE ······················································································································...
Page 8 Document conventions and icons ······························································· 438 Conventions ··················································································································································· 438 Network topology icons ·································································································································· 439 Support and other resources ······································································ 440 Accessing Hewlett Packard Enterprise Support ···························································································· 440 Accessing updates ········································································································································· 440 Websites ················································································································································ 441 Customer self repair ······························································································································· 441 Remote support ······································································································································ 441 Documentation feedback ·······················································································································...
Page 9: Configuring Basic Mpls
Configuring basic MPLS Overview Multiprotocol Label Switching (MPLS) enables connection-oriented label switching on connectionless IP networks. It integrates both the flexibility of IP routing and the level of simplicity of Layer 2 switching. MPLS has the following advantages: • MPLS forwards packets according to short- and fixed-length labels, instead of Layer 3 header analysis and complicated routing table lookup, enabling highly-efficient and fast data forwarding on backbone networks.
Page 10: Mpls Network Structure
A label switching router (LSR) is a fundamental component on an MPLS network. LSRs support label distribution and label swapping. A label edge router (LER) is an LSR that resides at the edge of an MPLS network and is connected to another network.
Page 11: Lsp Establishment And Label Distribution
LSRs in the same routing or administrative domain form an MPLS domain. An MPLS domain consists of the following types of LSRs: • Ingress LSRs receive and label packets coming into the MPLS domain. • Transit LSRs forward packets along LSPs to their egress LERs according to the labels. •...
Page 12 Figure 4 Process of dynamic LSP establishment Ingress Egress LSR A LSR B LSR C LSR D LSR E LSR F LSR G LSR H Label mapping Label distribution and management An LSR informs its upstream LSRs of labels assigned to FECs through label advertisement. The label advertisement modes include downstream unsolicited (DU) and downstream on demand (DoD).
Page 13: Mpls Forwarding
• In independent mode, an LSR can distribute label bindings upstream at anytime. This means that an LSR might have distributed a label binding for a FEC to its upstream LSR before it receives a binding for that FEC from its downstream LSR. As shown in Figure 6, in independent label distribution control mode, if the label advertisement mode is DU, an LSR assigns labels to...
Page 14 receives an unlabeled packet, it looks for the corresponding FIB entry. If the Token value of the FIB entry is not Invalid, the packet must be forwarded through MPLS. The LSR then looks for the corresponding NHLFE entry according to the Token value to determine the label operation to be performed.
Page 15: Ldp
In an MPLS network, when an egress node receives a labeled packet, it looks up the LFIB, pops the label of the packet, and then performs the next level label forwarding or performs IP forwarding. The egress node needs to do two forwarding table lookups to forward a packet: looking up the LFIB twice or looking up the LFIB and the FIB once each.
Page 16: Protocols
If two LSRs each have the same transport address (the source IP address used to establish a TCP connection to the peer) for the basic and extended discovery mechanisms, the LSRs can establish both a link hello adjacency and a targeted hello adjacency with each other, and the two adjacencies are associated with the same session.
Page 17: Mpls Configuration Task List
MPLS configuration task list Task Remarks Enabling the MPLS function Required. Configuring a static LSP Required. Configuring MPLS LDP capability Required. Configuring local LDP session Optional. parameters Configuring remote LDP session Optional. parameters Use either the static Configuring PHP Optional. or dynamic LSP Configuring the policy for triggering Establishing dynamic LSPs...
Page 18: Enabling The Mpls Function
Enabling the MPLS function In an MPLS domain, you must enable MPLS on all routers before you can configure other MPLS features. Before you enable MPLS, complete the following tasks: • Configure link layer protocols to ensure the connectivity at the link layer. •...
Page 19: Configuration Procedure
• On the ingress LSR, the specified next hop or outgoing interface must be consistent with the next hop or outgoing interface of the optimal route in the routing table. If you configure a static IP route for the LSP, be sure to specify the same next hop or outgoing interface for the static route and the static LSP.
Page 20: Configuring Local Ldp Session Parameters
Step Command Remarks Enable LDP capability for the mpls ldp Not enabled by default. interface. NOTE: Disabling LDP on an interface terminates all LDP sessions on the interface. As a result, all LSPs using the sessions are deleted. Configuring local LDP session parameters LDP sessions established between local LDP peers are local LDP sessions.
Page 21: Configuring Php
Step Command Remarks Enter system view. system-view Create a remote peer entity mpls ldp remote-peer and enter MPLS LDP remote remote-peer-name peer view. The remote peer IP address must Configure the remote peer IP remote-ip ip-address be different from all existing address.
Page 22: Configuring The Policy For Triggering Lsp Establishment
Step Command Remarks Enter MPLS view. mpls Optional. Specify the type of the label to be distributed by the label advertise { explicit-null | By default, an egress distributes egress to the penultimate implicit-null | non-null } to the penultimate hop an implicit hop.
Page 23: Configuring Ldp Loop Detection
Step Command Remarks Enter system view. system-view Enter MPLS LDP view. mpls ldp Optional. The default mode is ordered. Specify the label distribution For LDP sessions existing before label-distribution { independent control mode. the command is configured, you | ordered } must reset the LDP sessions for the specified label distribution control mode to take effect.
Page 24: Configuring Ldp Md5 Authentication
Step Command Remarks Enter system view. system-view Enter MPLS LDP view. mpls ldp By default, loop detection is Enable loop detection. loop-detect disabled. Optional. Set the maximum hop count. hops-count hop-number The default value is 32. Optional. Set the maximum path path-vectors pv-number vector length.
Page 25 Figure 8 Network diagram of label acceptance control Label advertisement control Label advertisement control is for filtering label bindings to be advertised. A downstream LSR advertises only the label bindings of the specified FECs to the specified upstream LSR. As shown Figure 9, downstream device LSR A advertises to upstream device LSR B only label bindings with FEC destinations permitted by prefix list B, and advertises to upstream device LSR C only label...
Page 26: Maintaining Ldp Sessions
Step Command Remarks Enter MPLS LDP mpls ldp view. Optional. Configure a label accept-label peer peer-id ip-prefix Not configured by acceptance policy. ip-prefix-name default. Configure a label advertise-label ip-prefix ip-prefix-name [ peer Not configured by advertisement policy. peer-ip-prefix-name ] default. Maintaining LDP sessions This section describes how to detect communication failures between remote LDP peers and reset LDP sessions.
Page 27: Configuring Mpls Mtu
Configuring MPLS MTU An MPLS label stack is inserted between the link layer header and the network layer header. During MPLS forwarding, a packet, after encapsulated with an MPLS label, might exceed the allowed length of the link layer and cannot be forwarded, although the network layer packet is smaller than the interface MTU.
Page 28 Figure 10 TTL processing when TTL propagation is enabled • Disable TTL propagation—When an LSR labels a packet, it does not copy the TTL value of the original IP packet to the TTL field of the label, and the label's TTL is set to 255. When an LSR pops the stack-top label, it does not copy the label's TTL to the original packet, and if the LSR is the egress LSR, it decreases the TTL value of the original packet by 1.
Page 29: Sending Back Icmp Ttl Exceeded Messages For Mpls Ttl Expired Packets
Sending back ICMP TTL exceeded messages for MPLS TTL expired packets After you enable an LSR to send back ICMP TTL exceeded messages for MPLS TTL expired packets, when the LSR receives an MPLS packet that carries a label with TTL being 1, it generates an ICMP TTL exceeded message, and send the message to the packet sender in one of the following ways: •...
Page 30 • GR restarter—Router that gracefully restarts due to a manually configured command or a fault. It must be GR-capable. • GR helper—Neighbor of the GR restarter. A GR helper maintains the neighbor relationship with the GR restarter and helps the GR restarter restore its LFIB information. A GR helper must be GR-capable.
Page 31: Configuring Ldp Nsr
Configuration procedure The LDP GR feature and the LDP NSR feature are mutually exclusive. Do not configure both features on the device. To configure LDP GR: Step Command Remarks Enter system view. system-view Enter MPLS LDP view. mpls ldp Enable MPLS LDP GR. graceful-restart Disabled by default.
Page 32: Configuring Mpls Statistics Collection And Reading
Step Command Remarks Enable the NSR function. non-stop-routing Disabled by default. Configuring MPLS statistics collection and reading Configuring MPLS statistics collection and reading (method To use display commands to view MPLS statistics, first enable MPLS statistics and then set the statistics reading interval, as follows: Step Command...
Page 33: Configuring Mpls Lsp Ping
network maintenance difficult. To find LSP failures in time and locate the failed node, the device provides the following mechanisms: • MPLS LSP ping • MPLS LSP tracert Configuring MPLS LSP ping MPLS LSP ping is for testing the connectivity of an LSP. At the ingress, it adds the label for the FEC to be inspected into an MPLS echo request, which then is forwarded along the LSP to the egress.
Page 34: Configuring Periodic Lsp Tracert
Such a BFD session is used for connectivity detection of an LSP from the local device to the remote device. Configuration prerequisites Before enabling BFD for an LSP, complete the following tasks: • Configure an IP address for the loopback interface, and configure the IP address as the MPLS LSR ID of the device.
Page 35: Enabling Mpls Trap
Step Command Remarks Enter system view. system-view 2. Enable LSP verification and mpls lspv Not enabled by default. enter the MPLS LSPV view. periodic-tracertdestination-addr 3. Configure periodic tracert for essmask-length[-a source-ip | an LSP to the specified FEC -exp exp-value | -h Not configured by default.
Page 36 Task Command Remarks display mpls label { label-value1 Display information about [ to label-value2 ] | all } [ | { begin specified MPLS labels or all Available in any view. | exclude | include } labels. regular-expression ] display mpls lsp [ incoming-interface interface-type interface-number ] [ outgoing-interface...
Page 37: Displaying Mpls Ldp Operation
Task Command Remarks display mpls statistics interface { interface-type Display MPLS statistics for one or interface-number | all } [ | { begin | Available in any view. all interfaces. exclude | include } regular-expression ] display mpls statistics lsp Display statistics for all LSPs or [ in-label in-label ] [ | { begin | the LSP with a specific incoming...
Page 38: Clearing Mpls Statistics
Task Command Remarks display mpls ldp lsp [ all | [ vpn-instance Display information about LSPs vpn-instance-name ] [ dest-addr Available in any view. established by LDP. mask-length ] ] [ | { begin | exclude | include } regular-expression ] Display information about display mpls ldp cr-lsp [ lspid CR-LSPs established by...
Page 39 Figure 13 Network diagram Configuration considerations • On an LSP, the outgoing label of an upstream LSR must be identical with the incoming label of its downstream LSR. • Configure an LSP for each direction on the forwarding path. • Configure a static route to the destination address of the LSP on each ingress node.
Page 40 [RouterC] mpls lsr-id 3.3.3.9 [RouterC] mpls [RouterC-mpls] quit [RouterC] interface serial 2/1/0 [RouterC-Serial2/1/0] mpls [RouterC-Serial2/1/0] quit Configure a static LSP from Router A to Router C: # Configure the LSP ingress node, Router A. [RouterA] static-lsp ingress AtoC destination 21.1.1.0 24 nexthop 10.1.1.2 out-label # Configure the LSP transit node, Router B.
Page 41: Configuring Ldp To Establish Lsps Dynamically
LSP Ping FEC: IPV4 PREFIX 11.1.1.0/24 : 100 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=100 Sequence=1 time = 3 ms Reply from 10.1.1.1: bytes=100 Sequence=2 time = 2 ms Reply from 10.1.1.1: bytes=100 Sequence=3 time = 2 ms Reply from 10.1.1.1: bytes=100 Sequence=4 time = 2 ms Reply from 10.1.1.1: bytes=100 Sequence=5 time = 2 ms --- FEC: IPV4 PREFIX 11.1.1.0/24 ping statistics ---...
Page 42 [RouterA-ospf-1] quit # Configure OSPF on Router B. <RouterB> system-view [RouterB] ospf [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [RouterB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit # Configure OSPF on Router C. <RouterC> system-view [RouterC] ospf [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [RouterC-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255...
Page 43 [RouterA-Serial2/1/0] quit # Configure MPLS and MPLS LDP on Router B. [RouterB] mpls lsr-id 2.2.2.9 [RouterB] mpls [RouterB-mpls] quit [RouterB] mpls ldp [RouterB-mpls-ldp] quit [RouterB] interface serial 2/1/0 [RouterB-Serial2/1/0] mpls [RouterB-Serial2/1/0] mpls ldp [RouterB-Serial2/1/0] quit [RouterB] interface serial 2/1/1 [RouterB-Serial2/1/1] mpls [RouterB-Serial2/1/1] mpls ldp [RouterB-Serial2/1/1] quit # Configure MPLS and MPLS LDP on Router C.
Page 44 # Configure the LSP establishment triggering policy on Router A. [RouterA] mpls [RouterA-mpls] lsp-trigger all [RouterA-mpls] quit # Configure the LSP establishment triggering policy on Router B. [RouterB] mpls [RouterB-mpls] lsp-trigger all [RouterB-mpls] quit # Configure the LSP establishment triggering policy on Router C. [RouterC] mpls [RouterC-mpls] lsp-trigger all [RouterC-mpls] quit...
Page 45 Reply from 10.1.1.1: bytes=100 Sequence=3 time = 2 ms Reply from 10.1.1.1: bytes=100 Sequence=4 time = 3 ms Reply from 10.1.1.1: bytes=100 Sequence=5 time = 2 ms --- FEC: LDP IPV4 PREFIX 11.1.1.0/24 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/3 ms...
Page 46: Configuring Mpls Te
Configuring MPLS TE Overview Network congestion is one of the major problems that can degrade your network backbone performance. It might occur when network resources are inadequate or when load distribution is unbalanced. Traffic engineering (TE) is intended to avoid the latter situation where partial congestion might occur because of improper resource allocation.
Page 47: Basic Concepts
Basic concepts LSP tunnel—On an LSP, after packets are labeled at the ingress node, the packets are forwarded based on label. The traffic is transparent to the transits nodes on the LSP. In this sense, an LSP can be regarded as a tunnel. MPLS TE tunnel—Rerouting and transmission over multiple paths might involve multiple LSP tunnels.
Page 48: Cr-Lsp
CR-LSP Unlike ordinary LSPs established based on routing information, CR-LSPs are established based on criteria such as bandwidth, selected path, and QoS parameters, in addition to routing information. The mechanism setting up and managing constraints is called Constraint-based Routing (CR). CR-LSP uses the following concepts: •...
Page 49: Cr-Ldp
Reoptimization Traffic engineering is a process of allocating or reallocating network resources. You can configure it to meet desired QoS. Service providers use some mechanism to optimize CR-LSPs for best use of network resources. They can do this manually but CR-LSP measurement and tuning are required. Alternatively, they can use MPLS TE where CR-LSPs are dynamically optimized.
Page 50 Figure 15 Diagram for make-before-break Figure 15 presents a scenario where a path Router A — Router B — Router C — Router D is established with 30 Mbps reserved bandwidth between Router A and Router D. The remaining bandwidth is then 30 Mbps. If 40 Mbps path bandwidth is requested, the remaining bandwidth of the Router A—Router B—Router C—Router D path is inadequate.
Page 51 Setting up an LSP tunnel Figure 16 Setting up an LSP tunnel The following is a simplified procedure for setting up an LSP tunnel with RSVP: The ingress LSR sends a Path message that carries the label request information, and then forwards the message along the path calculated by CSPF hop-by-hop towards the egress LSR.
Page 52: Traffic Forwarding
PSB, RSB and BSB timeouts To create an LSP tunnel, the sender sends a Path message with a LABEL_REQUEST object. After receiving this Path message, the receiver assigns a label for the path and puts the label binding in the LABEL object in the returned Resv message. The LABEL_REQUEST object is stored in the path state block (PSB) on the upstream nodes, while the LABEL object is stored in the reservation state block (RSB) on the downstream nodes.
Page 53 Static routing Static routing is the easiest way to route traffic along an MPLS TE tunnel. You only need to manually create a route that reaches the destination through the tunnel interface. For more information about static routing, see Layer 3—IP Routing Configuration Guide. Policy-based routing You can also use policy-based routing to route traffic over an MPLS TE tunnel.
Page 54: Automatic Bandwidth Adjustment
Automatic bandwidth adjustment Because users cannot estimate accurately how much traffic they need to transmit though service provider networks, they are more willing to pay for used bandwidth. Therefore, a service provider should be able to create TE tunnels from CR-LSPs with initially requested bandwidth for users, and automatically tune the bandwidth resources assigned to these CR-LSPs when user services increase.
Page 55: Diffserv-Aware Te
Figure 18 FRR link protection • Node protection—The PLR and the MP are connected through a device and the primary LSP traverses this device. When the device fails, traffic is switched to the bypass LSP. As shown Figure 19, the primary LSP is Router A — Router B — Router C — Router D — Router E, and the bypass LSP is Router B —...
Page 56 • Bandwidth Constraint (BC)—Restricts the bandwidth for one or more class types. • Bandwidth constraint model—Algorithm for implementing bandwidth constraints on different CTs. A BC model comprises two factors, the maximum number of Bandwidth Constraints (MaxBC) and the mappings between BCs and CTs. DS-TE supports two BC models, Russian Dolls Model (RDM) and Maximum Allocation Model (MAM).
Page 57: Mpls Ldp Over Mpls Te
Figure 20 RDM bandwidth constraints model In MAM model, a BC constrains the bandwidth of only one CT on an interface. This ensures isolation across CTs no matter whether preemption is used or not. Compared with RDM, MAM is easy to understand and configure.
Page 58: Protocols And Standards
Figure 22 Establish an LDP LSP across the network core layer To simplify the configuration, when setting up an LDP LSP across the core layer, you can use the MPLS TE tunnel that is already established in the core layer. As shown in Figure 23, when using the MPLS TE tunnel to establish the LDP LSP, you do not need to establish local LDP sessions between...
Page 59: Mpls Te Configuration Task List
• RFC 3564, Requirements for Support of Differentiated Service-aware MPLS Traffic Engineering • ITU-T Recommendation Y.1720, Protection switching for MPLS networks MPLS TE configuration task list Task Remarks Configuring basic MPLS TE Required. Configuring DiffServ-aware TE Optional. Configuring an Creating an MPLS TE tunnel over a static CR-LSP Required.
Page 60: Configuring Diffserv-Aware Te
Step Command Remarks Enter MPLS view. mpls Enable global MPLS TE. mpls te Disabled by default. Return to system view. quit Enter the interface view of an interface interface-type MPLS TE link. interface-number Enable interface MPLS TE. mpls te Disabled by default. Return to system view.
Page 61: Creating An Mpls Te Tunnel Over A Static Cr-Lsp
TE Class Priority Creating an MPLS TE tunnel over a static CR-LSP Creating MPLS TE tunnels over static CR-LSPs does not involve configuration of tunnel constraints or the issue of IGP TE extension or CSPF. Create a static CR-LSP and a TE tunnel using static signaling and then associate them.
Page 62: Configuring An Mpls Te Tunnel With A Dynamic Signaling Protocol
Step Command Remarks Enter system view. system-view Enter the interface view interface tunnel tunnel-number of an MPLS TE tunnel. Configure the tunnel to mpls te signal-protocol static use static CR-LSP. Submit the current tunnel mpls te commit configuration. Return to system view. quit •...
Page 63: Configuring Mpls Te Properties For A Link
Before you perform the configuration, complete the following tasks: • Configure static routing or an IGP protocol to ensure all LSRs are reachable. • Configure basic MPLS. • Configure basic MPLS TE. Complete the following tasks to configure an MPLS TE tunnel using a dynamic signaling protocol: Task Remarks Configuring MPLS TE properties for a link...
Page 64: Configuring Cspf
Configuring CSPF With CSPF enabled, a node uses CSPF to calculate the shortest path that satisfies TE requirements. To configure CSPF: Step Command Remarks Enter system view. system-view Enter MPLS view. mpls Enable CSPF on your mpls te cspf Disabled by default. device.
Page 65 the interface through the sub-TLV of IS reachability TLV (type 22). As a best practice, avoid enabling IS-IS TE on an interface configured with secondary IP addresses. For more information about IS-IS, see Layer 3—IP Routing Configuration Guide. To configure IS-IS TE: Step Command Remarks...
Page 66 Step Command Remarks The next hop is a strict node by default. Specify a next hop IP next hop ip-address [ include Repeat this step to define a address on the explicit path. [ loose | strict ] | exclude ] sequential set of the hops that the explicit path traverses.
Page 67: Configuring Rsvp-Te Advanced Features
Establishing an MPLS TE tunnel with RSVP-TE To use RSVP-TE as the signaling protocol for setting up the MPLS TE tunnel, you must enable both MPLS TE and RSVP-TE on the interfaces for the tunnel to use on each node along the tunnel. To establish an MPLS TE tunnel with RSVP-TE: Step Command...
Page 68: Configuring Rsvp State Timers
To configure RSVP reservation style: Step Command Remarks Enter system view. system-view Enter MPLS TE tunnel interface tunnel tunnel-number interface view. Optional. Configure the resources reservation style for the mpls te resv-style { ff | se } The default resource reservation tunnel.
Page 69: Configuring The Rsvp Hello Extension
Step Command Remarks mpls rsvp-te timer retransmission Optional. { increment-value [ increment-value ] | Enable retransmission. retransmit-value [ retrans-timer-value ] } Disabled by default. Optional. Enable summary refresh. mpls rsvp-te srefresh Disabled by default. Configuring the RSVP hello extension RSVP hello extension tests the reachability of RSVP neighboring nodes. It is defined in RFC 3209. To configure the RSVP hello extension: Step Command...
Page 70: Configuring Rsvp Authentication
Configuring RSVP authentication RSVP adopts hop-by-hop authentication to prevent fake resource reservation requests from occupying network resources. It requires that the interfaces at the two ends of a link must share the same authentication key to exchange RSVP messages. To configure RSVP authentication: Step Command Remarks...
Page 71: Configuring Cooperation Of Rsvp-Te And Bfd
Step Command Remarks mpls rsvp-te timer Optional. Set the RSVP-TE GR graceful-restart recovery recovery timer. 300 seconds by default. recovery-time Enter interface view of MPLS interface interface-type TE link. interface-number Enable RSVP hello mpls rsvp-te hello Disabled by default. extension for the interface. Configuring cooperation of RSVP-TE and BFD On an MPLS TE network, if a link between neighboring LSRs fails, the corresponding MPLS TE tunnel will fail to forward packets.
Page 72: Configuring Route Pinning
Step Command Remarks Specify the tie breaker that a Optional. tunnel uses to select a path mpls te tie-breaking { least-fill | when multiple paths with the The random keyword applies by most-fill | random } same metric are present on default.
Page 73: Configuring Cr-Lsp Reoptimization
The associations between administrative groups and affinities might vary by vendor. To ensure the successful establishment of a tunnel between two devices from different vendors, correctly configure their respective administrative groups and affinities. To configure the administrative group and affinity attribute: Step Command Remarks...
Page 74: Configuring Loop Detection
Configuring loop detection Step Command Remarks Enter system view. system-view Enter MPLS TE tunnel interface tunnel tunnel-number interface view. Enable the system to perform loop detection when mpls te loop-detection Disabled by default. setting up a tunnel. Submit current tunnel mpls te commit configuration.
Page 75: Assigning Priorities To A Tunnel
Assigning priorities to a tunnel Two priorities, setup priority and holding priority, are assigned to paths for MPLS TE to make preemption decision. For a new path to preempt an existing path, the setup priority of the new path must be greater than the holding priority of the existing path. To avoid flapping caused by improper preemptions between CR-LSPs, the setup priority of a CR-LSP must not be set higher than its holding priority.
Page 76: Forwarding Traffic Along Mpls Te Tunnels Through Automatic Route Advertisement
Step Command Remarks Enter system view. system-view The default ACL rule Create and enter the view acl number acl-number [ match-order { auto | match order is of an advanced IPv4 ACL. config } ] config. rule [ rule-id ] { deny | permit } protocol [ destination { dest-addr dest-wildcard | any } | destination-port operator port1 [ port2 ] | dscp dscp | established | fragment | icmp-type...
Page 77 Step Command Remarks Enter system view. system-view Enter MPLS TE tunnel interface tunnel tunnel-number interface view. MPLS TE tunnels are not Configure the IGP to take the considered in the enhanced SPF MPLS TE tunnels in up state calculation of IGP. mpls te igp shortcut [ isis | into account when ospf ]...
Page 78: Configuring Traffic Forwarding Tuning Parameters
Configuring traffic forwarding tuning parameters In MPLS TE, you can configure traffic forwarding tuning parameters, such as the failed link timer and flooding thresholds, to change paths that IP or MPLS traffic flows traverse or to define type of traffic that may travel down a TE tunnel.
Page 79: Configuring Automatic Bandwidth Adjustment
Step Command Remarks Specify the metric type to Optional. use when no metric type is mpls te path metric-type { igp | TE metrics of links are used by explicitly configured for a te } default. tunnel. Return to system view. quit If you do not configure the mpls te path metric-type command in...
Page 80: Configuration Procedure
this timer, MPLS TE resizes the tunnel bandwidth using the maximum tunnel output rate sampled before the expiration of the timer as the bandwidth constraint to set up a new LSP tunnel. If the setup attempt succeeds, traffic is switched to the new LSP tunnel and the old LSP tunnel is cleared.
Page 81: Configuring Frr
• Configure basic MPLS TE. • Configure MPLS TE tunnels. Configure CR-LSP backup mode at the ingress node of a tunnel. The system automatically selects the primary LSP and backup LSP. You do not need to configure them. To configure CR-LSP backup: Step Command Remarks...
Page 82: Configuring A Bypass Tunnel On Its Plr
Step Command Remarks Enter system view. system-view Enter tunnel interface view of interface tunnel tunnel-number the protected LSP. Enable FRR. mpls te fast-reroute Disabled by default. Submit current tunnel mpls te commit configuration. Configuring a bypass tunnel on its PLR After a tunnel is specified to protect an interface, its corresponding LSP becomes a bypass LSP.
Page 83: Configuring Node Protection
Step Command Remarks mpls te fast-reroute Bind the bypass tunnel with bypass-tunnel tunnel the protected interface. tunnel-number Configuring node protection To use FRR for node protection, perform the configuration in this section on the PLR and the protected node. If you only need to protect links, skip this section. To configure node protection: Step Command...
Page 84: Inspecting An Mpls Te Tunnel
Inspecting an MPLS TE tunnel When an MPLS TE tunnel fails or affects data forwarding due to performance degradation, the control plane cannot detect the fault or cannot do so in time. This brings difficulty to network maintenance. To detect MPLS TE tunnel failures in time and locate the failed node, the device provides the following mechanisms: •...
Page 85: Configuration Guidelines
• Static—If you specify the local and remote discriminator values by using the discriminator keyword when configuring the mpls tebfd enable command, the BFD session is established with the specified discriminator values. Such a BFD sessioncan detect the connectivity of a pair of MPLS TE tunnels in opposite directions (one from local to remote, and the other from remote to local) between two devices.
Page 86: Configuring Periodic Lsp Tracert For An Mpls Te Tunnel
Step Command Remarks 5. Configure BFD to check the mpls te bfd By default, BFD is not configured connectivity of the MPLS TE enable[discriminator local to check connectivity of MPLS TE tunnel. local-idremoteremote-id] tunnels. 6. Configure MPLS TE to tear Optional.
Page 87: Displaying And Maintaining Mpls Te
To enable MPLS TE statistics collection: Step Command Remarks Enter system view. system-view Enter MPLS view. mpls Enable statistics collection statistics te ingress-lsr-id Disabled by default. for the RSVP-TE tunnel. tunnel-id You can use the display mpls statistics lsp command, the display mpls statistics lsp in-label command, and the display mpls statistics tunnel command to view the MPLS TE tunnel statistics.
Page 88 Task Command Remarks display mpls rsvp-te psb-content ingress-lsr-id lspid Display information about tunnel-id egress-lsr-id [ | { begin | Available in any view. RSVP-TE PSB. exclude | include } regular-expression ] display mpls rsvp-te rsb-content ingress-lsr-id Ispid Display information about tunnel-id egress-lsr-id Available in any view.
Page 89 Task Command Remarks display mpls te tunnel statistics Display statistics about MPLS TE [ | { begin | exclude | include } Available in any view. tunnels. regular-expression ] display mpls te tunnel-interface Display information about MPLS tunnel number [ | { begin | Available in any view.
Page 90: Mpls Te Configuration Examples
Task Command Remarks reset mpls rsvp-te statistics Clear the statistics about { global | interface Available in user view. RSVP-TE. [ interface-type interface-number ] MPLS TE configuration examples MPLS TE using static CR-LSP configuration example Network requirements Router A, Router B, and Router C run IS-IS. Establish a TE tunnel using a static CR-LSP between Router A and Router C.
Page 91 [RouterB-isis-1] network-entity 00.0005.0000.0000.0002.00 [RouterB-isis-1] quit [RouterB] interface giabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] isis enable 1 [RouterB-GigabitEthernet2/1/1] quit [RouterB] interface giabitethernet 2/1/2 [RouterB-GigabitEthernet2/1/2] isis enable 1 [RouterB-GigabitEthernet2/1/2] quit [RouterB] interface loopback 0 [RouterB-LoopBack0] isis enable 1 [RouterB-LoopBack0] quit # Configure Router C. <RouterB> system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 00.0005.0000.0000.0003.00 [RouterC-isis-1] quit...
Page 92 [RouterB] mpls lsr-id 2.2.2.2 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] quit [RouterB] interface giabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] mpls [RouterB-GigabitEthernet2/1/1] mpls te [RouterB-GigabitEthernet2/1/1] quit [RouterB] interface giabitethernet 2/1/2 [RouterB-GigabitEthernet2/1/2] mpls [RouterB-GigabitEthernet2/1/2] mpls te [RouterB-GigabitEthernet2/1/2] quit # Configure Router C. [RouterC] mpls lsr-id 3.3.3.3 [RouterC] mpls [RouterC-mpls] mpls te [RouterC-mpls] quit...
Page 93 The Maximum Transmit Unit is 64000 Internet Address is 6.1.1.1/24 Primary Encapsulation is TUNNEL, service-loopback-group ID not set Tunnel source unknown, destination 3.3.3.3 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0...
Page 94: Mpls Te Tunnel Using Rsvp-Te Configuration Example
[RouterB] display mpls static-cr-lsp total statics-cr-lsp : 1 Name I/O Label I/O If State Tunnel0 20/30 GE2/1/1/GE2/1/2 [RouterC] display mpls static-cr-lsp total statics-cr-lsp : 1 Name I/O Label I/O If State Tunnel0 30/NULL GE2/1/1/- On an MPLS TE tunnel configured using a static CR-LSP, traffic is forwarded directly based on label at the transit nodes and egress node.
Page 95 <RouterA> system-view [RouterA] isis 1 [RouterA-isis-1] network-entity 00.0005.0000.0000.0001.00 [RouterA-isis-1] quit [RouterA] interface giabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] isis enable 1 [RouterA-GigabitEthernet2/1/1] isis circuit-level level-2 [RouterA-GigabitEthernet2/1/1] quit [RouterA] interface loopback 0 [RouterA-LoopBack0] isis enable 1 [RouterA-LoopBack0] isis circuit-level level-2 [RouterA-LoopBack0] quit # Configure Router B. <RouterB>...
Page 96 [RouterD] isis 1 [RouterD-isis-1] network-entity 00.0005.0000.0000.0004.00 [RouterD-isis-1] quit [RouterD] interface giabitethernet 2/1/1 [RouterD-GigabitEthernet2/1/1] isis enable 1 [RouterD-GigabitEthernet2/1/1] isis circuit-level level-2 [RouterD-GigabitEthernet2/1/1] quit [RouterD] interface loopback 0 [RouterD-LoopBack0] isis enable 1 [RouterD-LoopBack0] isis circuit-level level-2 [RouterD-LoopBack0] quit Execute the display ip routing-table command on each router. The output shows that all nodes have learned the host routes of other nodes with LSR IDs as destinations.
Page 97 [RouterB] interface giabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] mpls [RouterB-GigabitEthernet2/1/1] mpls te [RouterB-GigabitEthernet2/1/1] mpls rsvp-te [RouterB-GigabitEthernet2/1/1] quit [RouterB] interface pos 5/1/0 [RouterB-POS5/1/0] mpls [RouterB-POS5/1/0] mpls te [RouterB-POS5/1/0] mpls rsvp-te [RouterB-POS5/1/0] quit # Configure Router C. [RouterC] mpls lsr-id 3.3.3.9 [RouterC] mpls [RouterC-mpls] mpls te [RouterC-mpls] mpls rsvp-te [RouterC-mpls] mpls te cspf [RouterC-mpls] quit...
Page 98 [RouterB-isis-1] traffic-eng level-2 [RouterB-isis-1] quit # Configure Router C. [RouterC] isis 1 [RouterC-isis-1] cost-style wide [RouterC-isis-1] traffic-eng level-2 [RouterC-isis-1] quit # Configure Router D. [RouterD] isis 1 [RouterD-isis-1] cost-style wide [RouterD-isis-1] traffic-eng level-2 [RouterD-isis-1] quit Configure MPLS TE attributes of links: # Configure maximum link bandwidth and maximum reservable bandwidth on Router A.
Page 99 [RouterA-Tunnel1] mpls te tunnel-id 10 [RouterA-Tunnel1] mpls te signal-protocol rsvp-te [RouterA-Tunnel1] mpls te bandwidth 2000 [RouterA-Tunnel1] mpls te commit [RouterA-Tunnel1] quit Verify the configuration: Execute the display interface tunnel command on Router A. You can see that the tunnel interface is up. [RouterA] display interface tunnel Tunnel1 current state: UP Line protocol current state: UP...
Page 100: Inter-As Mpls Te Tunnel Using Rsvp-Te Configuration Example
Route Pinning Disabled Retry Limit Retry Interval: 10 sec Reopt Disabled Reopt Freq Back Up Type None Back Up LSPID Auto BW Disabled Auto BW Freq : Min BW Max BW Current Collected BW: Interfaces Protected: VPN Bind Type NONE VPN Bind Value Car Policy Disabled...
Page 101 Figure 26 Network diagram Device Interface IP address Device Interface IP address Router A Loop0 1.1.1.9/32 Router C Loop0 3.3.3.9/32 GE2/1/1 10.1.1.1/24 GE2/1/1 30.1.1.1/24 Router B Loop0 2.2.2.9/32 POS5/1/0 20.1.1.2/24 GE2/1/1 10.1.1.2/24 Router D Loop0 4.4.4.9/32 POS5/1/0 20.1.1.1/24 GE2/1/1 30.1.1.2/24 Configuration procedure Configure IP addresses and masks for the interfaces according to Figure...
Page 102 [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit # Configure OSPF on Router D. <RouterD> system-view [RouterD] ospf [RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [RouterD-ospf-1-area-0.0.0.0] quit [RouterD-ospf-1] quit After the configurations, execute the display ip routing-table command on each device.
Page 103 Destination/Mask Proto Cost NextHop Interface 1.1.1.9/32 Direct 0 127.0.0.1 InLoop0 2.2.2.9/32 OSPF 10.1.1.2 GE2/1/1 3.3.3.9/32 O_ASE 10.1.1.2 GE2/1/1 4.4.4.9/32 O_ASE 10.1.1.2 GE2/1/1 10.1.1.0/24 Direct 0 10.1.1.1 GE2/1/1 10.1.1.1/32 Direct 0 127.0.0.1 InLoop0 20.1.1.0/24 O_ASE 10.1.1.2 GE2/1/1 30.1.1.0/24 O_ASE 10.1.1.2 GE2/1/1 127.0.0.0/8 Direct 0 127.0.0.1...
Page 104 [RouterC-mpls] quit [RouterC] interface giabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] mpls [RouterC-GigabitEthernet2/1/1] mpls te [RouterC-GigabitEthernet2/1/1] mpls rsvp-te [RouterC-GigabitEthernet2/1/1] quit [RouterC] interface pos 5/1/0 [RouterC-POS5/1/0] mpls [RouterC-POS5/1/0] mpls te [RouterC-POS5/1/0] mpls rsvp-te [RouterC-POS5/1/0] quit # Configure Router D. [RouterD] mpls lsr-id 4.4.4.9 [RouterD] mpls [RouterD-mpls] mpls te [RouterD-mpls] mpls rsvp-te [RouterD-mpls] mpls te cspf...
Page 105 [RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0.0.0.0] mpls-te enable [RouterD-ospf-1-area-0.0.0.0] quit [RouterD-ospf-1] quit Configure a loose explicit route: # Configure a loose explicit route on Router A. [RouterA] explicit-path atod enable [RouterA-explicit-path-atod] next hop 10.1.1.2 include loose [RouterA-explicit-path-atod] next hop 20.1.1.2 include loose [RouterA-explicit-path-atod] next hop 30.1.1.2 include loose [RouterA-explicit-path-atod] quit Configure MPLS TE attributes of links:...
Page 106 [RouterA-Tunnel1] mpls te signal-protocol rsvp-te [RouterA-Tunnel1] mpls te bandwidth 2000 [RouterA-Tunnel1] mpls te path explicit-path atod preference 5 [RouterA-Tunnel1] mpls te commit [RouterA-Tunnel1] quit Verify the configuration: Execute the display interface tunnel command on Router A. The output shows that the tunnel interface is up.
Page 107 Record Route Disabled Record Label : Disabled FRR Flag Disabled BackUpBW Flag: Not Supported BackUpBW Type BackUpBW Route Pinning Disabled Retry Limit Retry Interval: 2 sec Reopt Disabled Reopt Freq Back Up Type None Back Up LSPID Auto BW Disabled Auto BW Freq : Min BW Max BW...
Page 108: Rsvp-Te Gr Configuration Example
127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 RSVP-TE GR configuration example Network requirements Router A, Router B and Router C are running IS-IS. All of them are Level-2 devices and support RSVP hello extension. Use RSVP-TE to create a TE tunnel from Router A to Router C. Router A, Router B and Router C are RSVP-TE neighbors.
Page 109 [RouterB-GigabitEthernet2/1/1] mpls rsvp-te hello [RouterB-GigabitEthernet2/1/1] quit [RouterB] interface giabitethernet 2/1/2 [RouterB-GigabitEthernet2/1/2] mpls [RouterB-GigabitEthernet2/1/2] mpls te [RouterB-GigabitEthernet2/1/2] mpls rsvp-te [RouterB-GigabitEthernet2/1/2] mpls rsvp-te hello [RouterB-GigabitEthernet2/1/2] quit # Configure Router C. <RouterC> system-view [RouterC] mpls lsr-id 3.3.3.9 [RouterC] mpls [RouterC-mpls] mpls te [RouterC-mpls] mpls rsvp-te [RouterC-mpls] mpls rsvp-te hello [RouterC-mpls] interface giabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] mpls...
Page 110: Mpls Rsvp-Te And Bfd Cooperation Configuration Example
MPLS RSVP-TE and BFD cooperation configuration example Network requirements Run OSPF on Router A and Router B to ensure IP connectivity. Enable MPLS RSVP-TE BFD on the interfaces connecting the two routers. If the physical link between Router A and Router B fails, BFD can detect the failure quickly and inform MPLS RSVP-TE of the failure.
Page 111 [RouterA] ospf [Router-A-ospf-1] area 0 [Router-A-ospf-1-area-0.0.0.0] network 12.12.12.1 0.0.0.255 [Router-A-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [Router-A-ospf-1-area-0.0.0.0] quit [Router-A-ospf-1] quit # Configure Router B. <RouterB>system-view [RouterB] ospf [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 12.12.12.2 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit Configure IP addresses for the interfaces: # Configure Router A.
Page 112: Mpls Te Using Cr-Ldp Configuration Example
Diag Info: No Diagnostic MPLS TE using CR-LDP configuration example Network requirements Router A, Router B, Router C and Router D are running OSPF and all of them are in area 0. Use CR-LDP to create a TE tunnel from Router A to Router D, making sure that the maximum bandwidth of each link that the tunnel traverses is 10000 kbps and the maximum reservable bandwidth is 5000 kbps.
Page 113 [RouterB] mpls lsr-id 2.2.2.9 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls te cspf [RouterB-mpls] quit [RouterB] interface giabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] mpls [RouterB-GigabitEthernet2/1/1] mpls te [RouterB-GigabitEthernet2/1/1] quit [RouterB] interface giabitethernet 2/1/2 [RouterB-GigabitEthernet2/1/2] mpls [RouterB-GigabitEthernet2/1/2] mpls te [RouterB-GigabitEthernet2/1/2] quit # Configure Router C. [RouterC] mpls lsr-id 3.3.3.9 [RouterC] mpls [RouterC-mpls] mpls te...
Page 114 [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] mpls-te enable [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit # Configure Router C. [RouterC] ospf [RouterC-ospf-1] opaque-capability enable [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] mpls-te enable [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit # Configure Router D. [RouterD] ospf [RouterD-ospf-1] opaque-capability enable [RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0.0.0.0] mpls-te enable [RouterD-ospf-1-area-0.0.0.0] quit [RouterD-ospf-1] quit...
Page 115 Execute the display mpls te cspf tedb all command on each router to view information about links in TEDB. Take Router A for example: [RouterA] display mpls te cspf tedb all Maximum Node Supported: 128 Maximum Link Supported: 256 Current Total Node Number: 4 Current Total Link Number: 6 MPLS LSR-Id Process-Id...
Page 116 ----------------------------------------------------------------- 2.2.2.9:0 Operational Passive 11/11 ----------------------------------------------------------------- LAM : Label Advertisement Mode : Fault Tolerance Create an MPLS TE tunnel: # Create an MPLS TE tunnel on Router A. [RouterA] interface tunnel 2 [RouterA-Tunnel2] ip address 8.1.1.1 255.255.255.0 [RouterA-Tunnel2] tunnel-protocol mpls te [RouterA-Tunnel2] destination 4.4.4.9 [RouterA-Tunnel2] mpls te tunnel-id 10 [RouterA-Tunnel2] mpls te signal-protocol crldp...
Page 117 Setup Priority Hold Priority: Affinity Prop/Mask 0x0/0x0 Explicit Path Name Tie-Breaking Policy : None Metric Type None Record Route Disabled Record Label : Disabled FRR Flag Disabled BackUpBW Flag: Not Supported BackUpBW Type BackUpBW Route Pinning Disabled Retry Limit Retry Interval: 10 sec Reopt Disabled...
Page 118 Link Type : MultiAccess Link ID : 10.1.1.2 Local Interface Address : 10.1.1.1 Remote Interface Address : 0.0.0.0 TE Metric Maximum Bandwidth : 1250000 bytes/sec Maximum Reservable BW : 625000 bytes/sec Admin Group : 0X0 Unreserved Bandwidth for each TE Class: Unreserved BW [ 0] =625000 bytes/sec Unreserved BW [ 1] =625000...
Page 119: Cr-Lsp Backup Configuration Example
[RouterA] ip route-static 30.1.1.2 24 tunnel 2 preference 1 Execute the display ip routing-table command on Router A. You can see a static route entry with Tunnel2 as the outgoing interface. CR-LSP backup configuration example Network requirements Set up an MPLS TE tunnel from Router A to Router C. Use CR-LSP hot backup for it. Figure 30 Network diagram Device Interface...
Page 120 [RouterA] interface giabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] mpls [RouterA-GigabitEthernet2/1/1] mpls te [RouterA-GigabitEthernet2/1/1] mpls rsvp-te [RouterA-GigabitEthernet2/1/1] quit [RouterA] interface pos 5/1/1 [RouterA-POS55/1/1] mpls [RouterA-POS5/1/1] mpls te [RouterA-POS5/1/1] mpls rsvp-te [RouterA-POS5/1/1] quit Follow the same steps to configure Router B, Router C, and Router D. Create an MPLS TE tunnel on Router A: # Configure the MPLS TE tunnel carried on the primary LSP.
Page 121 1.1.1.9:6 3.3.3.9 -/GE2/1/1 Tunnel3 1.1.1.9:2054 3.3.3.9 -/POS5/1/1 Tunnel3 # Execute the display mpls te tunnel path command on Router A to identify the paths that the two tunnels traverse: [RouterA] display mpls te tunnel path Tunnel Interface Name : Tunnel3 Lsp ID : 1.1.1.9 :6 Hop Information Hop 0...
Page 122: Frr Configuration Example
Execute the display ip routing-table command on Router A. You can see a static route entry with Tunnel 3 as the outgoing interface. FRR configuration example Network requirements On the LSP Router A—Router B—Router C—Router D, use FRR to protect the link Router B—Router C.
Page 123 Destination/Mask Proto Cost NextHop Interface 1.1.1.1/32 Direct 0 127.0.0.1 InLoop0 2.1.1.0/24 Direct 0 2.1.1.1 GE2/1/1 2.1.1.1/32 Direct 0 127.0.0.1 InLoop0 2.2.2.2/32 ISIS 2.1.1.2 GE2/1/1 3.1.1.0/24 ISIS 2.1.1.2 GE2/1/1 3.2.1.0/24 ISIS 2.1.1.2 GE2/1/1 3.3.1.0/24 ISIS 2.1.1.2 GE2/1/1 3.3.3.3/32 ISIS 2.1.1.2 GE2/1/1 4.1.1.0/24 ISIS 2.1.1.2...
Page 124 [RouterB-POS5/1/0] mpls te [RouterB-POS5/1/0] mpls rsvp-te [RouterB-POS5/1/0] quit Follow the same steps to configure Router C, Router D, and Router E. Create an MPLS TE tunnel on Router A, the ingress node of the primary LSP: # Create an explicit path for the primary LSP. [RouterA] explicit-path pri-path [RouterA-explicit-path-pri-path] next hop 2.1.1.2 [RouterA-explicit-path-pri-path] next hop 3.1.1.2...
Page 125 Tunnel Attributes LSP ID 1.1.1.1:1 Session ID Admin State Oper State Ingress LSR ID 1.1.1.1 Egress LSR ID: 4.4.4.4 Signaling Prot RSVP Resv Style Class Type Tunnel BW 0 kbps Reserved BW 0 kbps Setup Priority Hold Priority: Affinity Prop/Mask 0x0/0x0 Explicit Path Name pri-path...
Page 126 [RouterB-Tunnel5] mpls te commit [RouterB-Tunnel5] quit # Bind the bypass tunnel with the protected interface. [RouterB] interface giabitethernet 2/1/2 [RouterB-GigabitEthernet2/1/2] mpls te fast-reroute bypass-tunnel tunnel 5 [RouterB-GigabitEthernet2/1/2] quit Execute the display interface tunnel command on Router B. You can see that Tunnel 5 is up. Execute the display mpls lsp command on each router for LSP entries.
Page 127 1.1.1.1:1 4.4.4.4 GE2/1/1/GE2/1/2 Tunnel4 2.2.2.2:1 3.3.3.3 -/POS5/1/0 Tunnel5 [RouterC] display mpls te tunnel LSP-Id Destination In/Out-If Name 1.1.1.1:1 4.4.4.4 GE2/1/2/GE2/1/1 Tunnel4 2.2.2.2:1 3.3.3.3 POS5/1/0/- Tunnel5 [RouterD] display mpls te tunnel LSP-Id Destination In/Out-If Name 1.1.1.1:1 4.4.4.4 GE2/1/1/- Tunnel4 [RouterE] display mpls te tunnel LSP-Id Destination In/Out-If...
Page 128 BypassTunnel Tunnel Index[---] Mpls-Mtu 1500 Verify the FRR function: # Shut down the protected outgoing interface on PLR. [RouterB] interface giabitethernet 2/1/2 [RouterB-GigabitEthernet2/1/2] shutdown %Sep 7 08:53:34 2004 RouterB IFNET/5/UPDOWN:Line protocol on the interface GigabitEthernet2/1/2 turns into DOWN state # Execute the display interface tunnel 4 command on Router A to identify the state of the primary LSP.
Page 129 Tunnel Name Tunnel4 Tunnel Desc Tunnel4 Interface Tunnel State Desc Modifying CR-LSP is setting up Tunnel Attributes LSP ID 1.1.1.1:1025 Session ID Admin State Oper State Modified Ingress LSR ID 1.1.1.1 Egress LSR ID: 4.4.4.4 Signaling Prot RSVP Resv Style Class Type Tunnel BW 0 kbps...
Page 130 4.4.4.4/32 Nexthop 3.1.1.2 In-Label 1024 Out-Label 1024 In-Interface GigabitEthernet2/1/1 Out-Interface GigabitEthernet2/1/2 LspIndex 4097 Tunnel ID 0x22001 LsrType Transit Bypass In Use In Use BypassTunnel Tunnel Index[Tunnel5], InnerLabel[1024] Mpls-Mtu 1500 IngressLsrID 2.2.2.2 LocalLspID Tunnel-Interface Tunnel5 3.3.3.3/32 Nexthop 3.2.1.2 In-Label NULL Out-Label 1024 In-Interface ----------...
Page 131: Ietf Ds-Te Configuration Example
IETF DS-TE configuration example Network requirements Router A, Router B, Router C, and Router D are running IS-IS and all of them are Level-2 routers. Use RSVP-TE to create a TE tunnel from Router A to Router D. Traffic of the tunnel belongs to CT 2, and the tunnel needs a bandwidth of 4000 kbps.
Page 132 [RouterB-isis-1] network-entity 00.0005.0000.0000.0002.00 [RouterB-isis-1] quit [RouterB] interface giabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] isis enable 1 [RouterB-GigabitEthernet2/1/1] isis circuit-level level-2 [RouterB-GigabitEthernet2/1/1] quit [RouterB] interface pos 5/1/0 [RouterB-POS5/1/0] isis enable 1 [RouterB-POS5/1/0] isis circuit-level level-2 [RouterB-POS5/1/0] quit [RouterB] interface loopback 0 [RouterB-LoopBack0] isis enable 1 [RouterB-LoopBack0] isis circuit-level level-2 [RouterB-LoopBack0] quit # Configurations on Router C.
Page 133 Destinations : 10 Routes : 10 Destination/Mask Proto Cost NextHop Interface 1.1.1.9/32 Direct 0 127.0.0.1 InLoop0 2.2.2.9/32 ISIS 10.1.1.2 GE2/1/1 3.3.3.9/32 ISIS 10.1.1.2 GE2/1/1 4.4.4.9/32 ISIS 10.1.1.2 GE2/1/1 10.1.1.0/24 Direct 0 10.1.1.1 GE2/1/1 10.1.1.1/32 Direct 0 127.0.0.1 InLoop0 20.1.1.0/24 ISIS 10.1.1.2 GE2/1/1 30.1.1.0/24...
Page 134 [RouterC-mpls] mpls te [RouterC-mpls] mpls rsvp-te [RouterC-mpls] mpls te cspf [RouterC-mpls] mpls te ds-te mode ietf [RouterC-mpls] quit [RouterC] interface giabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] mpls [RouterC-GigabitEthernet2/1/1] mpls te [RouterC-GigabitEthernet2/1/1] mpls rsvp-te [RouterC-GigabitEthernet2/1/1] quit [RouterC] interface pos 5/1/0 [RouterC-POS5/1/0] mpls [RouterC-POS5/1/0] mpls te [RouterC-POS5/1/0] mpls rsvp-te [RouterC-POS5/1/0] quit # Configure Router D.
Page 135 [RouterD-isis-1] traffic-eng level-2 [RouterD-isis-1] quit Configure MPLS TE attributes of links: # Configure the maximum bandwidth and bandwidth constraints on Router A. [RouterA] interface giabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] mpls te max-link-bandwidth 10000 [RouterA-GigabitEthernet2/1/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterA-GigabitEthernet2/1/1] quit # Configure the maximum bandwidth and bandwidth constraints on Router B.
Page 136 Verify the configuration: # Execute the display interface tunnel command on Router A. You can see that the tunnel interface is up. [RouterA] display interface tunnel Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 64000 Internet Address is 7.1.1.1/24 Primary Encapsulation is TUNNEL, service-loopback-group ID not set Tunnel source unknown, destination 4.4.4.9...
Page 137 Min BW Max BW Current Collected BW: Interfaces Protected: VPN Bind Type NONE VPN Bind Value Car Policy Disabled Tunnel Group Primary Primary Tunnel Backup Tunnel Group Status # Execute the display mpls te cspf tedb all command on Router A to view the link information in the TEDB.
Page 138: Mpls Ldp Over Mpls Te Configuration Example
Create a static route to direct traffic destined for subnet 30.1.1.0/24 into the MPLS TE tunnel: [RouterA] ip route-static 30.1.1.2 24 tunnel 1 preference 1 Execute the display ip routing-table command on Router A. The routing table has a static route entry with interface Tunnel 1 as the outgoing interface.
Page 139 [RouterB] mpls lsr-id 2.2.2.2 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls rsvp-te [RouterB-mpls] mpls te cspf [RouterB-mpls] quit [RouterB] interface pos 5/1/0 [RouterB-POS5/1/0] mpls [RouterB-POS5/1/0] mpls te [RouterB-POS5/1/0] mpls rsvp-te [RouterB-POS5/1/0] quit # Configure Router E. <RouterE> system-view [RouterE] mpls lsr-id 5.5.5.5 [RouterE] mpls [RouterE-mpls] mpls te [RouterE-mpls] mpls rsvp-te...
Page 140 [RouterB] interface tunnel 4 [RouterB-Tunnel4] ip address 10.1.1.1 255.255.255.0 [RouterB-Tunnel4] tunnel-protocol mpls te [RouterB-Tunnel4] destination 3.3.3.3 [RouterB-Tunnel4] mpls te tunnel-id 10 # Configure IGP shortcut. [RouterB-Tunnel4] mpls te igp shortcut [RouterB-Tunnel4] mpls te igp metric relative -1 [RouterB-Tunnel4] mpls te commit # Enable MPLS.
Page 141 1.1.1.1/32 OSPF 2.1.1.1 GE2/1/1 2.1.1.0/24 Direct 0 2.1.1.2 GE2/1/1 2.1.1.2/32 Direct 0 127.0.0.1 InLoop0 2.2.2.2/32 Direct 0 127.0.0.1 InLoop0 3.1.1.0/24 Direct 0 3.1.1.1 GE2/1/2 3.1.1.1/32 Direct 0 127.0.0.1 InLoop0 3.3.3.3/32 OSPF 10.1.1.1 Tun4 4.1.1.0/24 OSPF 10.1.1.1 Tun4 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32...
Page 142 Label Advertisement Mode : Downstream Unsolicited Label Resource Status(Peer/Local) : Available/Available Peer Discovery Mechanism : Basic Session existed time : 000:01:48 (DDD:HH:MM) LDP Basic Discovery Source : GigabitEthernet2/1/1 Addresses received from peer: (Count: 2) 2.1.1.1 1.1.1.1 ---------------------------------------------------------------------- Peer LDP ID : 3.3.3.3:0 Local LDP ID : 2.2.2.2:0...
Page 143 LSP Information: RSVP LSP ---------------------------------------------------------------------- IngressLsrID 2.2.2.2 LocalLspID Tunnel-Interface Tunnel4 3.3.3.3/32 Nexthop 3.2.1.2 In-Label NULL Out-Label 1024 In-Interface ---------- Out-Interface POS5/1/0 LspIndex 3073 Tunnel ID 0x11000c LsrType Ingress Bypass In Use Not Exists BypassTunnel Tunnel Index[---] ---------------------------------------------------------------------- LSP Information: LDP LSP ---------------------------------------------------------------------- VrfIndex 3.3.3.3/32...
Page 144: Mpls Te In Mpls L3Vpn Configuration Example
MPLS TE in MPLS L3VPN configuration example Network requirements CE 1 and CE 2 belong to VPN 1. They are connected to the MPLS backbone respectively through PE 1 and PE 2. The IGP protocol running on the MPLS backbone is OSPF. •...
Page 145 [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 10.0.0.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit After you complete the configuration, the PEs establish an OSPF neighbor relationship. Execute the display ospf peer verbose command. You can see that the neighborship state is FULL.
Page 146 [PE2-mpls] mpls te [PE2-mpls] mpls rsvp-te [PE2-mpls] mpls te cspf [PE2-mpls] quit [PE2] interface pos 5/1/1 [PE2-POS5/1/1] mpls [PE2-POS5/1/1] mpls te [PE2-POS5/1/1] mpls rsvp-te [PE2-POS5/1/1] quit Enable OSPF TE: # Configure PE 1. [PE1] ospf [PE1-ospf-1] opaque-capability enable [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] mpls-te enable [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit...
Page 147 [PE1-vpn-instance-vpn1] tnl-policy policy1 [PE1-vpn-instance-vpn1] quit [PE1] tunnel-policy policy1 [PE1-tunnel-policy-policy1] tunnel select-seq cr-lsp load-balance-number 1 [PE1-tunnel-policy-policy1] quit [PE1] interface giabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ip address 192.168.1.1 255.255.255.0 [PE1-GigabitEthernet2/1/1] quit # Configure on CE 2. <CE2> system-view [CE2] interface giabitethernet 2/1/1 [CE2-GigabitEthernet2/1/1] ip address 192.168.2.2 255.255.255.0 [CE2-GigabitEthernet2/1/1] quit # Configure the VPN instance on PE 2, and bind it with the interface connected to CE 2.
Page 148 Configure BGP: # Configure CE 1. [CE1] bgp 65001 [CE1-bgp] peer 192.168.1.1 as-number 100 [CE1-bgp] quit # Configure PE 1 to establish the EBGP peer relationship with CE 1, and the IBGP peer relationship with PE 2. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 192.168.1.2 as-number 65001 [PE1-bgp-vpn1] import-route direct...
Page 149 192.168.1.2 4 65001 4 00:02:13 Established Ping CE 2 on CE 1 and vice versa to test connectivity. [CE1] ping 192.168.2.2 PING 192.168.2.2: 56 data bytes, press CTRL_C to break Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=253 time=61 ms Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=253 time=54 ms Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=253 time=53 ms Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=253 time=57 ms Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=253 time=36 ms...
Page 150 BypassTunnel Tunnel Index[---] Mpls-Mtu 1500 ------------------------------------------------------------------ LSP Information: BGP ------------------------------------------------------------------ VrfIndex vpn1 192.168.1.0/24 Nexthop 192.168.1.1 In-Label 1024 Out-Label NULL In-Interface ---------- Out-Interface ---------- LspIndex 8193 Tunnel ID LsrType Egress Outgoing Tunnel ID Label Operation ------------------------------------------------------------------ LSP Information: LDP LSP ------------------------------------------------------------------ VrfIndex 2.2.2.2/32 Nexthop...
Page 151: Troubleshooting Mpls Te
# Execute the display interface tunnel command on PE 1. The output shows that traffic is forwarded along the CR-LSP of the TE tunnel. [PE1] display interface tunnel 1 Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 1500 Internet Address is 12.1.1.1/24 Primary Encapsulation is TUNNEL, service-loopback-group ID not set...
Page 152: Configuring Mpls L2Vpn
Configuring MPLS L2VPN Overview MPLS L2VPN is an MPLS-based Layer 2 VPN technology. It uses MPLS to establish Layer 2 connections between network nodes. Using MPLS L2VPN, carriers can transparently transport Layer 2 data of different data link layer protocols (including ATM, FR, VLAN, Ethernet, and PPP) over a single MPLS or IP backbone. From the perspective of users, the MPLS or IP backbone network is a Layer 2 switched network.
Page 153: Remote Connection Operation
Remote connection model As shown in Figure 35, this model connects two Layer 2 customer networks over an MPLS or IP backbone. Figure 35 Remote connection Local connection model As shown in Figure 36, this model connects two Layer 2 customer networks to the same PE. The customer networks exchange packets with each other through the PE.
Page 154: Local Connection Operation
a. Set up an AC: Configure the link layer protocol on a PE and the connected CE to set up a link layer connection (such as a PPP connection) between the PE and the CE. b. Bind the AC to the VC: For most link layer protocols, you bind the AC to the VC by binding the PE's Layer 3 interface connected to the CE to the VC.
Page 155: Implementation Of Mpls L2Vpn
Configure the link layer protocol on the PE and a connected CE to set up a link layer connection (such as a PPP connection) between the PE and the CE. Bind the two ACs that connect the two CEs: You can bind the ACs by binding the PE's Layer 3 interfaces connected to the two CEs. After the binding, the PE forward packets received from one AC to another.
Page 156 After receiving the packet, PE 2 deletes the label from the packet, and then forwards the packet out of the bound interface Interface B to CE 2. Unlike other MPLS L2VPN modes, CCC employs only one level of label to transfer user packets. A static LSP forwards only packets from the AC bound to the static LSP.
Page 157 • Export target attribute—When a PE sends L2VPN information (such as CE ID and RD) to the peer PE through a BGP update message, it sets the route target attribute carried in the update message to export target. • Import target attribute—When a PE receives an update message from the peer PE, it checks the route target attribute in the update message.
Page 158 As shown in Figure 41, PEs calculates VC labels for a VC as follows (take the VC between CE 1 and CE 12 as an example): • PE 1 calculates the VC label it assigns to the VC: PE 1 compares the ID (12) of the peer CE (CE 12) with the label blocks assigned by PE 1. If a label block satisfies LO<=CE ID<LO+LR, PE 1 assigns a label from the label block.
Page 159 The VC is successfully set up after both PE 1 and PE 2 calculate the VC labels. Table 2 compares the implementation modes of MPLS L2VPN. Table 2 Comparing MPLS L2VPN implementation modes VC label Application Mode encapsulation and Advantages and disadvantages scenario distribution Advantages:...
Page 160: Vc Types
VC types A PE encapsulates a Layer 2 packet received from an AC according to the VC type. The VC type is determined by the AC type, as shown in Table Table 3 Relationship between AC types and VC types AC type VC type HDLC...
Page 161: Control Word
If the peer PE requires the ingress to rewrite the P-tag: The PE changes the P-Tag to the VLAN tag (the tag might be a null tag) expected by the peer PE, and then encapsulates the packet. If the packet contains no P-tag, the PE adds a VLAN tag expected by the peer PE (the tag value might be 0) and then encapsulates the packet.
Page 162: Vc Redundancy
the padding string according to the payload length field of the control word, so as to abstract the correct original payload of the packet. For some VC types, such as FR DLCI and ATM AAL5 transparent transport, packets transmitted on a VC always carry the control word field.
Page 163: Configuring Basic Mpls L2Vpn
To set up a local VC connection, you only need to bind two ACs on the PE. This document only describes the MPLS L2VPN-related configurations on PEs. The MPLS L2VPN is transparent to a user network. You do not need to perform MPLS L2VPN-specific configurations on CEs.
Page 164: Configuring The Interface With Ppp Encapsulation
Configuring the interface with PPP encapsulation Step Command Remarks Enter system view. system-view Enter interface view. interface { serial | pos } number Optional. Configure the link layer link-protocol ppp protocol. PPP by default. Configuring the interface with HDLC encapsulation Step Command Remarks...
Page 165: Configuring The Interface With Ethernet Encapsulation
Configuring the interface with Ethernet encapsulation Ethernet interfaces use Ethernet encapsulation. For configuration information about Ethernet interfaces, see Interface Configuration Guide. Configuring the interface with VLAN encapsulation Ethernet subinterfaces use VLAN encapsulation. For more information about Ethernet subinterface configuration, see Interface Configuration Guide. Configuring the interface with transparent ATM AAL5 frame encapsulation Step...
Page 166: Configuring Svc Mpls L2Vpn
• On the two PEs of the connection, use the ccc interface in-label out-label command to specify the incoming and the outgoing labels, and other information as needed. You do not need to configure two static LSPs (with the static-lsp command) for each remote CCC connection.
Page 167: Configuring A Static Vc On A Layer 3 Interface
After you configure SVC on a Layer 3 interface, packets arriving at this interface are forwarded over the VC. As a best practice, configure SVC on a Layer 3 interface when all users connected to the Layer 3 interface have their packets forwarded over the same VC. After you configure SVC for a service instance applied on a Layer 2 Ethernet interface, the interface uses the service instance to match incoming packets.
Page 168: Configuring Primary And Backup Static Vcs For A Service Instance
Step Command Remarks Optional. By default, no VC labels are configured for the backup VC. Configure the VC labels for static backup-label local local-vc You must perform this command the backup VC. remote remote-vc if you have specified the backup-peer keyword in the mpls static-l2vc command.
Page 169: Configuring Martini Mpls L2Vpn
Step Command Remarks Return to system view. quit Enter Layer 2 Ethernet interface interface-type interface view. interface-number Create a service instance By default, no service instance is and enter service instance service-instance instance-id created. view. Configure a packet encapsulation { s-vid vlan-id By default, no packet matching rule matching rule for the [ only-tagged ] | port-based |...
Page 170: Configuring The Remote Peer For A Pe
Create a VC in Martini mode, in one of the following ways: Configure a Martini VC on a Layer 3 interface. In this way, packets arriving at this interface are forwarded over the created VC. As a best practice, create a VC on a Layer 3 interface when all users connected to the interface have their packets forwarded over the same VC.
Page 171: Creating A Martini Vc For A Service Instance
Creating a Martini VC for a service instance To complete this task, perform the following configurations on a PE: • Create a service instance on a Layer 2 Ethernet interface. • Configure a packet matching rule for the service instance. •...
Page 172: Configuring Kompella Mpls L2Vpn
Step Command Remarks display service-instance interface interface-type 11. Display information about interface-number one or all service instances Available in any view. [ service-instance instance-id ] [ | configured on the interface. { begin | exclude | include } regular-expression ] To ensure normal forwarding of VPN traffic, the Layer 2 Ethernet interface must allow the VLANs that might appear in the VPN traffic.
Page 173: Creating A Ce Connection
Step Command Remarks You must create an L2VPN on the mpls l2vpn vpn-name PE for each VPN where a directly [ encapsulation { atm-aal5 | Create an MPLS L2VPN and connected CE resides. When ethernet | fr | hdlc | ppp | vlan } enter MPLS L2VPN view.
Page 174: Resetting L2Vpn Bgp Sessions
• ce-offset ce-id: Specifies the ID of the peer CE that establishes a local or remote connection with the local CE. If you execute the connection command without specifying the ce-offset ce-id option: When you first execute the connection command, the PE creates a connection between the local CE and the peer CE with an ID of default-offset.
Page 175: Displaying And Maintaining Mpls L2Vpn
Displaying and maintaining MPLS L2VPN Task Command Remarks display ccc [ ccc-name ccc-name | type Display information about CCC { local | remote } ] [ | { begin | exclude | Available in any view. connections. include } regular-expression ] display l2vpn ccc-interface vc-type { all Display information about | bgp-vc | ccc | ldp-vc | static-vc } [ up |...
Page 176: Mpls L2Vpn Configuration Examples
Task Command Remarks display mpls l2vpn fib pw vpws [ interface interface-type Display MPLS L2VPN PW interface-number [ service-instance information. (In standalone Available in any view. service-instanceid ] ] [ slot slot-number ] mode.) [ verbose ] [ | { begin | exclude | include } regular-expression ] display mpls l2vpn fib pw vpws [ interface interface-type...
Page 177 <Sysname> system-view [Sysname] sysname CE1 [CE1] interface serial 2/1/0 [CE1-Serial2/1/0] link-protocol ppp [CE1-Serial2/1/0] ip address 100.1.1.1 24 Configure the PE: # Configure the LSR ID and enable MPLS globally. <Sysname> system-view [Sysname] sysname PE [PE] interface loopback 0 [PE-LoopBack0] ip address 172.1.1.1 32 [PE-LoopBack0] quit [PE] mpls lsr-id 172.1.1.1 [PE] mpls...
Page 178: Example For Configuring A Remote Ccc Connection
Intf1 : Serial2/1/0 (up) Intf2 : Serial2/1/1 (up) # Ping CE 2 from CE 1. The output shows that CE 1 and CE 2 can ping each other. [CE1] ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=180 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=10 ms...
Page 179 Configuration procedure Configure CE 1: # Configure the link protocol as PPP on interface POS 5/1/0 (the interface connected to PE 1), and configure an IP address for the interface. <Sysname> system-view [Sysname] sysname CE1 [CE1] interface pos 5/1/0 [CE1-POS5/1/0] link-protocol ppp [CE1-POS5/1/0] ip address 100.1.1.1 24 Configure PE 1: # Configure the LSR ID and enable MPLS globally.
Page 180 # Configure interface POS 5/1/1, and enable MPLS. [P] interface pos 5/1/1 [P-POS5/1/1] link-protocol ppp [P-POS5/1/1] ip address 10.1.1.2 24 [P-POS5/1/1] mpls [P-POS5/1/1] quit # Configure interface POS 5/1/0, and enable MPLS. [P] interface pos 5/1/0 [P-POS5/1/0] link-protocol ppp [P-POS5/1/0] ip address 10.2.2.2 24 [P-POS5/1/0] mpls [P-POS5/1/0] quit # Create a static LSP for forwarding packets from PE 1 to PE 2.
Page 181: Example For Configuring Svc Mpls L2Vpn With The Vc Type Of Ppp
# Configure the link protocol as PPP on interface POS 5/1/0 (the interface connected to PE 2), and configure an IP address for the interface. <Sysname> system-view [Sysname] sysname CE2 [CE2] interface pos 5/1/0 [CE2-POS5/1/0] link-protocol ppp [CE2-POS5/1/0] ip address 100.1.1.2 24 Verifying the configuration: # Display CCC connection information on PE 1.
Page 182: Configuration Considerations
Figure 47 Network diagram PE 1 PE 2 Loop0 Loop0 Loop0 POS5/1/0 POS5/1/1 POS5/1/1 POS5/1/0 POS5/1/1 POS5/1/0 POS5/1/0 POS5/1/0 CE 2 CE 1 Device Interface IP address Device Interface IP address CE 1 POS5/1/0 100.1.1.1/24 CE 2 POS5/1/0 100.1.1.2/24 PE 1 Loop0 192.2.2.2/32 Loop0...
Page 183 [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Enable LDP globally. [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure the interface for connecting to the P device, and enable LDP on the interface. [PE1] interface pos 5/1/1 [PE1-POS5/1/1] link-protocol ppp [PE1-POS5/1/1] ip address 10.1.1.1 24 [PE1-POS5/1/1] mpls [PE1-POS5/1/1] mpls ldp [PE1-POS5/1/1] quit...
Page 184 [P-POS5/1/0] ip address 10.2.2.2 24 [P-POS5/1/0] mpls [P-POS5/1/0] mpls ldp [P-POS5/1/0] quit # Configure OSPF on the P router for establishing LSPs. [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit Configure PE 2: # Configure the LSR ID and enable MPLS globally.
Page 185: Example For Configuring Martini Mpls L2Vpn With The Vc Type Of Ppp
[PE2-POS5/1/1] quit Configure CE 2: # Configure the link protocol as PPP on interface POS 5/1/0 (the interface connected to PE 2), and configure an IP address for the interface. <Sysname> system-view [Sysname] sysname CE2 [CE2] interface pos 5/1/0 [CE2-POS5/1/0] link-protocol ppp [CE2-POS5/1/0] ip address 100.1.1.2 24 Verifying the configuration: # Display static VC information on PE 1.
Page 186 Figure 48 Network diagram Device Interface IP address Device Interface IP address CE 1 S2/1/0 100.1.1.1/24 CE 2 S2/1/0 100.1.1.2/24 PE 1 Loop0 192.2.2.2/32 Loop0 192.4.4.4/32 S2/1/1 10.1.1.1/24 S2/1/0 10.1.1.2/24 PE 2 Loop0 192.3.3.3/32 S2/1/1 10.2.2.2/24 S2/1/1 10.2.2.1/24 Configuration procedure Configure CE 1: # Configure the link protocol type as PPP on interface Serial 2/1/0 (the interface connected to the PE 1), and configure an IP address for the interface.
Page 187 [PE1] mpls ldp remote-peer 1 [PE1-mpls-ldp-remote-1] remote-ip 192.3.3.3 [PE1-mpls-ldp-remote-1] quit # Configure the interface connected to the P device, and enable LDP on the interface. [PE1] interface serial 2/1/1 [PE1-Serial2/1/1] link-protocol ppp [PE1-Serial2/1/1] ip address 10.1.1.1 24 [PE1-Serial2/1/1] mpls [PE1-Serial2/1/1] mpls ldp [PE1-Serial2/1/1] quit # Configure OSPF on PE 1 for establishing LSPs.
Page 188 # Configure OSPF on the P device for establishing LSPs. [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit Configure PE 2: # Configure the LSR ID and enable MPLS globally. <Sysname>...
Page 189: Example For Configuring Martini Vc Redundancy
Configure CE 2: # Configure the link protocol type as PPP on interface Serial 2/1/0 (the interface connected to the PE 2), and configure an IP address for the interface. <Sysname> system-view [Sysname] sysname CE2 [CE2] interface serial 2/1/0 [CE2-Serial2/1/0] link-protocol ppp [CE2-Serial2/1/0] ip address 100.1.1.2 24 Verifying the configuration: # Display VC information on PE 1.
Page 190 Figure 49 Network diagram Device Interface IP address Device Interface IP address CE 1 S2/1/0 100.1.1.1/24 PE 2 Loop0 2.2.2.2/32 S2/1/0 100.2.1.1/24 sub S2/1/0 12.1.1.2/24 S2/1/1 100.3.1.1/24 PE 3 Loop0 3.3.3.3/32 PE 1 Loop0 1.1.1.1/32 S2/1/0 13.1.1.3/24 S2/1/1 12.1.1.1/24 CE 2 S2/1/0 100.1.1.2/24 S2/1/2...
Page 191 <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.1 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit # Enable MPLS LDP globally. [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure interface Serial 2/1/1 and Serial 2/1/2, so that PE 1 can establish an LDP session with PE 2 and PE 3, respectively.
Page 192 [PE2-LoopBack0] ip address 2.2.2.2 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit # Enable MPLS LDP globally. [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure interface serial 2/1/0, so that PE 2 can establish an LDP session with PE 1. [PE2] interface serial 2/1/0 [PE2-Serial2/1/0] ip address 12.1.1.2 24 [PE2-Serial2/1/0] mpls...
Page 193 [PE3-Serial2/1/0] quit # Configure OSPF on PE 3. [PE3] ospf [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] quit [PE3-ospf-1] quit # Enable L2VPN and MPLS L2VPN. [PE3] l2vpn [PE3-l2vpn] mpls l2vpn [PE3-l2vpn] quit # Create a VC on the interface connected to CE 2. This interface needs no IP address. [PE3] interface serial 2/1/1 [PE3-Serial2/1/1] mpls l2vc 1.1.1.1 30 [PE3-Serial2/1/1] quit...
Page 194 # Display the detailed VC information on PE 1. The output shows that two VCs have been established, one up and one blocked. <PE1> display mpls l2vc interface vlan-interface 10 ***VC ID : 20 VC State : up Destination : 2.2.2.2 Client Intf : Serial2/1/0 is up Service ID...
Page 195 --- 100.1.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/50/70 ms # From CE2, ping subnet 100.3.1.0/24 connected to CE1. The ping operation succeeds. [CE2] ping 100.3.1.1 PING 100.3.1.1: 56 data bytes, press CTRL_C to break Reply from 100.3.1.1: bytes=56 Sequence=1 ttl=255 time=30 ms Reply from 100.3.1.1: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 100.3.1.1: bytes=56 Sequence=3 ttl=255 time=50 ms...
Page 196: Example For Configuring Kompella Mpls L2Vpn
[CE2] ping 100.3.1.1 PING 100.3.1.1: 56 data bytes, press CTRL_C to break Reply from 100.3.1.1: bytes=56 Sequence=1 ttl=255 time=30 ms Reply from 100.3.1.1: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 100.3.1.1: bytes=56 Sequence=3 ttl=255 time=50 ms Reply from 100.3.1.1: bytes=56 Sequence=4 ttl=255 time=40 ms Reply from 100.3.1.1: bytes=56 Sequence=5 ttl=255 time=70 ms --- 100.3.1.1 ping statistics --- 5 packet(s) transmitted...
Page 197 After configuration, you can execute the display mpls ldp session and display mpls ldp peer commands to view the LDP sessions and peer relationship established, or the display mpls lsp command to view the LSPs established. Configure BGP L2VPN capability: # Configure PE 1.
Page 198: Example For Configuring A Kompella Local Connection
[PE1-mpls-l2vpn-vpn1] quit # Configure PE 2. [PE2] mpls l2vpn vpn1 encapsulation ppp [PE2-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE2-mpls-l2vpn-vpn1] vpn-target 1:1 [PE2-mpls-l2vpn-vpn1] ce ce2 id 2 range 10 [PE2-mpls-l2vpn-ce-vpn1-ce2] connection ce-offset 1 interface serial 2/1/0 [PE2-mpls-l2vpn-ce-vpn1-ce2] quit [PE2-mpls-l2vpn-vpn1] quit Verifying the configuration: # Execute the display mpls l2vpn connection command on the PEs. The output shows that a VC in up state has been established between the PEs.
Page 199: Verify Your Configuration
Figure 51 Network diagram Configuration procedure Configure the PE: # Configure basic MPLS. (Details not shown.) # Configure the L2VPN and the CE connection. <Sysname> system-view [Sysname] sysname PE [PE] l2vpn [PE-l2vpn] mpls l2vpn [PE-l2vpn] quit [PE] mpls l2vpn vpn1 encapsulation ppp [PE-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE-mpls-l2vpn-vpn1] vpn-target 111:1 [PE-mpls-l2vpn-vpn1] ce ce1 id 1...
Page 200: Example For Configuring A Vc For A Service Instance
S2/1/1 # Display the local L2VPN connections. [PE] display mpls l2vpn vpn-name vpn1 local-ce ce-name ce-id range conn-num 8192/0/10 8202/0/10 # Ping CE 2 from CE 1. The output shows that CE 1 and CE 2 can ping each other. [CE1] ping 30.1.1.2 PING 30.1.1.2: 56 data bytes, press CTRL_C to break...
Page 201 Configuration procedure Configure CE 1: # Configure an IP address for interface Ten-GigabitEthernet1/0/1, the interface connected to PE 1. <Sysname> system-view [Sysname] sysname CE1 [CE1] interface ten-GigabitEthernet 1/0/1 [CE1-Ten-GigabitEthernet1/0/1] ip address 100.1.1.1 24 Configure PE 1: <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.2.2.2 32 [PE1-LoopBack0] quit...
Page 202 [PE1-Ten-GigabitEthernet1/0/1-srv1]xconnect peer 192.3.3.3 pw-id 1000 access-mode ethernet [PE1-Ten-GigabitEthernet1/0/1-srv1] quit [PE1-Ten-GigabitEthernet1/0/1] quit Configure the P device: <Sysname> system-view [Sysname] sysname P [P] interface loopback 0 [P-LoopBack0] ip address 192.4.4.4 32 [P-LoopBack0] quit # Configure the MPLS LSR ID and enable MPLS globally. [P] mpls lsr-id 192.4.4.4 [P] mpls [P-mpls] quit...
Page 203 [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit # Enable LDP globally. [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure PE 2 to establish a remote LDP connection with PE 1. [PE2] mpls ldp remote-peer 2 [PE2-mpls-ldp-remote-2] remote-ip 192.2.2.2 [PE2-mpls-ldp-remote-2] quit # Configure the interface connected with the P device and enable LDP on the interface. [PE2] interface ten-GigabitEthernet 1/0/3 [PE2-Ten-GigabitEthernet1/0/3] ip address 26.2.2.1 24 [PE2-Ten-GigabitEthernet1/0/3] mpls...
Page 204: Troubleshooting Mpls L2Vpn
# Display VC information on PE 2. The output shows that a VC has been established. [PE2] display mpls l2vc Total ldp vc : 1 1 up 0 down 0 blocked Transport Client Service Local Remote VC ID Intf State VC Label VC Label 1000...
Page 205: Configuring Vpls
Configuring VPLS Overview Virtual Private LAN Service (VPLS), also called "Transparent LAN Service" or "virtual private switched network service," can deliver a point-to-multipoint L2VPN service over public networks. With VPLS, geographically-dispersed sites can interconnect and communicate over MAN or WAN as if they were on the same LAN.
Page 206 Figure 53 VPLS network diagram Site 1 Tunnel VPN 1 CE 1 VPN 2 Site 2 MPLS backbone CE 2 Forwarder CE 3 PE 1 VPN 1 PE 2 CE 4 PWSignaling VPN 2 Site 3 PW establishment VPLS uses PWs to transfer data over the public network. A PW is established based on an MPLS tunnel (including LSP and CR-LSP) or a GRE tunnel.
Page 207 Figure 54 MAC learning and flooding on PEs • MAC address reclaim: Dynamic address learning must support refreshing and relearning. The VPLS draft defines a dynamic address learning method that uses the address reclaim message, which carries MAC TLV. Upon receiving such a message, a device removes MAC addresses or relearns them according to the specified parameters in the TLV.
Page 208: Vpls Packet Encapsulation
VPLS packet encapsulation Packet encapsulation on an AC The packet encapsulation type of an AC depends on the user VSI access mode, which can be VLAN or Ethernet. • VLAN access—The Ethernet header of a packet sent by a CE to a PE or sent by a PE to a CE includes a VLAN tag that is added in the header as a service delimiter for the service provider network to identify the user.
Page 209 H-VPLS with LSP access Figure 55 H-VPLS with LSP access As shown in Figure 55, UPE functions as the MTU-s and establishes only a virtual link U-PW with NPE 1. It does not establish virtual links with any other peers. Data forwarding in H-VPLS with LSP access is as follows: Upon receiving a packet from a CE, UPE tags the packet with the MPLS label for the U-PW, namely, "the multiplex distinguishing flag,"...
Page 210: Multi-Hop Pw
When receiving the packet, PE 1 determines which VSI the packet belongs to by the VLAN tag and, based on the destination MAC address of the packet, tags the packet with the multiplex distinguishing flag (MPLS label) for the PW. Then, it forwards the packet. Upon receiving the packet from the PW, PE 1 determines to which VSI the packet belongs by the multiplex distinguishing flag (MPLS label) and, based on the destination MAC address of the packet, labels the packet with the VLAN tag.
Page 211: Vpls Configuration Task List
Figure 58 Diagram for multi-hop PW As shown in Figure 58, PE 1 and PE 2 are in different ASs. To set up a multi-hop PW between PE 1 and PE 2, perform the following tasks: • Establish three PWs: PW 1 between PE 1 and ASBR 1, PW 2 between ASBR 1 and ASBR 2, and PW 3 between ASBR 2 between PE 2.
Page 212: Configuring Static Vpls
To enable L2VPN and MPLS L2VPN: Step Command Enter system view. system-view Enable L2VPN and enter L2VPN view. l2vpn Enable MPLS L2VPN. mpls l2vpn For more information about the l2vpn command and the mpls l2vpn command, see MPLS Command Reference. Configuring static VPLS Before you configure static VPLS, complete the following tasks: •...
Page 213: Configuring Ldp Vpls
Step Command Remarks Optional. By default, the tunneling policy specified through the tnl-policy Specify a tunneling policy. pw-tunnel-policy policy-name command in VSI view is used. For information about configuring a tunneling policy, see "Configuring MPLS L3VPN." Return to system view. quit Create a static VPLS By default, no VPLS instance...
Page 214: Configuring An Ldp Vpls Instance
Configuring an LDP VPLS instance When creating an LDP VPLS instance, perform the following configurations: Specify a globally unique name for the VPLS instance and set the peer discovery mechanism to manual configuration. Configure LDP as the PW signaling protocol. Specify the ID of the VPLS instance.
Page 215: Configuring Bgp Vpls
NOTE: • The PW to PW (P2P) mode VSI is applicable only to point to point MPLS L2VPN. • To configure a multi-hop PW, specify the p2p keyword when you create a VPLS instance to enable the P2P capability, and specify the two peer PEs by using the peer command in the VPLS instance view to associate two PWs.
Page 216: Resetting Vpls Bgp Connections
Step Command vpn-target vpn-target&<1-16> [ both | Configure VPN targets for the VPLS instance. import-extcommunity | export-extcommunity ] site site-id [ range site-range ] [ default-offset { 0 | Create a site for the VPLS instance. 1 } ] Resetting VPLS BGP connections When the BGP routing policy or protocol is changed, reset BGP connections in a VPLS to make the new configurations take effect on the VPLS connections.
Page 217: Binding A Service Instance To A Vpls Instance
Step Command Remarks l2 binding vsi vsi-name Bind the Layer 3 interface to By default, a Layer 3 interface is [ access-mode { ethernet | a VPLS instance. not bound to any VPLS instance. vlan } ] * Binding a service instance to a VPLS instance To bind a service instance to a VPLS instance, create the service instance on a Layer 2 Ethernet interface, configure a packet matching rule for the service instance, and then bind the service instance to the VPLS instance.
Page 218: Configuring Vpls Instance Attributes
Step Command Remarks Set the maximum number of Optional. MAC addresses that the mac-table limit mac-limit-number device can learn for the The default limit is 16384. VPLS instance. Optional. Configure the device to drop packets with unknown By default, the device forwards source MAC addresses after packets with unknown source mac-table limit drop-unknown...
Page 219: Displaying And Maintaining Vpls
Step Command Remarks Optional. By default, no tunneling policy is specified for a VPLS instance and a VPLS instance uses the default tunneling policy. The 11. Specify a tunneling policy for default tunneling policy selects tnl-policy tunnel-policy-name the VPLS instance. only one tunnel in this order: LSP tunnel, GRE tunnel, CR-LSP tunnel.
Page 220: Vpls Configuration Examples
Task Command Remarks display vsi [ vsi-name ] [ verbose ] [ | Display information about one or { begin | exclude | include } Available in any view. all VPLS instances. regular-expression ] display vsi remote { bgp | ldp } [ | Display information about remote { begin | exclude | include } Available in any view.
Page 221 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit # Configure the LSR ID and enable MPLS globally. [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit # Enable L2VPN and MPLS L2VPN. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Enable LDP globally.
Page 222 [PE1] vsi bbb auto [PE1-vsi-bbb] pwsignal bgp [PE1-vsi-bbb-bgp] route-distinguisher 100:1 [PE1-vsi-bbb-bgp] vpn-target 111:1 [PE1-vsi-bbb-bgp] site 10 [PE1-vsi-bbb-bgp] quit [PE1-vsi-bbb] quit # On the interface connecting CE 1, create service instance 1 and bind it to VPLS instance aaa, and create service instance 2 and bind it to VPLS instance bbb. [PE1] interface Ten-GigabitEthernet 1/0/1 [PE1-Ten-GigabitEthernet1/0/1] port link-mode bridge [PE1-Ten-GigabitEthernet1/0/1] port link-type trunk...
Page 223 [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 23.1.1.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 26.2.2.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit Configure PE 2: <Sysname> system-view [Sysname] sysname PE2 [PE2] interface loopback 0 [PE2-LoopBack0] ip address 3.3.3.9 32 [PE2-LoopBack0] quit # Configure the LSR-ID and enable MPLS globally. [PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit...
Page 224 # Configure VPLS instance aaa that uses LDP signaling. [PE2] vsi aaa static [PE2-vsi-aaa] pwsignal ldp [PE2-vsi-aaa-ldp] vsi-id 500 [PE2-vsi-aaa-ldp] peer 1.1.1.9 [PE2-vsi-aaa-ldp] quit [PE2-vsi-aaa] quit # Configure VPLS instance bbb that uses BGP signaling. [PE2] vsi bbb auto [PE2-vsi-bbb] pwsignal bgp [PE2-vsi-bbb-bgp] route-distinguisher 100:1 [PE2-vsi-bbb-bgp] vpn-target 111:1 [PE2-vsi-bbb-bgp] site 20...
Page 225: Configuring Vpls Instances
Configuring VPLS instances Network requirements CE 1 and CE 2 reside in different sites of VPN 1. Each CE is connected to the interface GigabitEthernet 2/1/2 of a PE. The PEs are connected to each other through interface GigabitEthernet 2/1/1. Configure an LDP VPLS instance aaa (the Martini mode), and a BGP VPLS instance bbb (the Kompella mode, the AS number is 100), and a static VPLS instance ccc.
Page 226 [PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 as-number 100 [PE1-bgp] peer 2.2.2.9 connection-interface loopback 0 [PE1-bgp] vpls-family [PE1-bgp-af-vpls] peer 2.2.2.9 enable [PE1-bgp-af-vpls] quit [PE1-bgp] quit # Enable L2VPN and MPLS L2VPN. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Create VPLS instance aaa that uses LDP signaling. [PE1] vsi aaa static [PE1-vsi-aaa] pwsignal ldp [PE1-vsi-aaa-ldp] vsi-id 500...
Page 227 <Sysname> system-view [Sysname] sysname PE2 [PE2] interface loopback 0 [PE2-LoopBack0] ip address 2.2.2.9 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 2.2.2.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure an IP address for interface GigabitEthernet 2/1/1. [PE2] interface gigabitethernet 2/1/1 [PE2-GigabitEthernet2/1/1] ip address 10.10.10.11 24 # Configure basic MPLS on GigabitEthernet 2/1/1.
Page 228: Configuring H-Vpls With Lsp Access
# Create VPLS instance ccc that uses static labels. [PE2] vsi ccc static [PE2-vsi-ccc] pwsignal static [PE2-vsi-ccc-static] peer 1.1.1.9 [PE2-vsi-ccc-static-1.1.1.9] static label local 200 remote 100 [PE2-vsi-ccc-static-1.1.1.9] quit [PE2-vsi-ccc-static] quit [PE2-vsi-ccc] quit # Configure interface GigabitEthernet 2/1/2 and bind VPLS instance aaa, bbb, or ccc to the interface.
Page 229 [UPE-LoopBack0] quit [UPE] mpls lsr-id 1.1.1.9 [UPE] mpls [UPE-mpls] quit [UPE] mpls ldp [UPE-mpls-ldp] quit # Configure basic MPLS on GigabitEthernet 2/1/2, the interface connected to NPE 1. [UPE] interface gigabitethernet 2/1/2 [UPE-GigabitEthernet2/1/2] ip address 10.1.1.1 24 [UPE-GigabitEthernet2/1/2] mpls [UPE-GigabitEthernet2/1/2] mpls ldp [UPE-GigabitEthernet2/1/2] quit # Configure the remote LDP peer.
Page 230 [NPE1-GigabitEthernet2/1/1] quit # Configure basic MPLS on GigabitEthernet 2/1/2, the interface connected to NPE 3. [NPE1] interface gigabitethernet 2/1/2 [NPE1-GigabitEthernet2/1/2] ip address 11.1.1.1 24 [NPE1-GigabitEthernet2/1/2] mpls [NPE1-GigabitEthernet2/1/2] mpls ldp [NPE1-GigabitEthernet2/1/2] quit # Configure the remote LDP peer UPE. [NPE1] mpls ldp remote-peer 2 [NPE1-mpls-remote-2] remote-ip 1.1.1.9 [NPE1-mpls-remote-2] quit # Configure the remote LDP peer NPE 3.
Page 231: Configuring Pw Redundancy For H-Vpls Access
[NPE3-mpls-remote-1] remote-ip 2.2.2.9 [NPE3-mpls-remote-1] quit # Enable L2VPN and MPLS L2VPN. [NPE3] l2vpn [NPE3-l2vpn] mpls l2vpn [NPE3-l2vpn] quit # Create VPLS instance aaa that uses LDP signaling. [NPE3] vsi aaa static [NPE3-vsi-aaa] pwsignal ldp [NPE3-vsi-aaa-ldp] vsi-id 500 [NPE3-vsi-aaa-ldp] peer 2.2.2.9 [NPE3-vsi-aaa-ldp] quit [NPE3-vsi-aaa] quit # Configure interface GigabitEthernet 2/1/1 and bind VPLS instance aaa to the interface.
Page 232 Configure UPE: # Configure basic MPLS. <Sysname> system-view [Sysname] sysname UPE [UPE] interface loopback 0 [UPE-LoopBack0] ip address 1.1.1.1 32 [UPE-LoopBack0] quit [UPE] mpls lsr-id 1.1.1.1 [UPE] mpls [UPE-mpls] quit [UPE] mpls ldp [UPE-mpls-ldp] quit # Configure an IP address for the interface connected to NPE 1, and enable MPLS and MPLS LDP.
Page 233 [UPE-GigabitEthernet2/1/1] l2 binding vsi aaa [UPE-GigabitEthernet2/1/1] quit # Bind the VPLS instance aaa to GigabitEthernet 2/1/2, the interface connected to CE 2. [UPE] interface gigabitethernet 2/1/2 [UPE-GigabitEthernet2/1/2] l2 binding vsi aaa [UPE-GigabitEthernet2/1/2] quit Configure NPE 1: # Configure basic MPLS. <Sysname>...
Page 234 [NPE1-vsi-aaa-ldp] peer 1.1.1.1 upe [NPE1-vsi-aaa-ldp] peer 4.4.4.4 [NPE1-vsi-aaa-ldp] quit [NPE1-vsi-aaa] quit The configuration procedure on NPE 2 is similar to that on NPE 1. Configure NPE 3: # Configure basic MPLS. <Sysname> system-view [Sysname] sysname NPE3 [NPE3] interface loopback 0 [NPE3-LoopBack0] ip address 4.4.4.4 32 [NPE3-LoopBack0] quit [NPE3] mpls lsr-id 4.4.4.4...
Page 235: Configuring Bfd For The Primary Link In An H-Vpls Network
[NPE3-vsi-aaa-ldp] quit [NPE3-vsi-aaa] quit # Bind the VPLS instance aaa to GigabitEthernet 2/1/3, the interface connected to CE 3. [NPE3] interface gigabitethernet 2/1/3 [NPE3-GigabitEthernet2/1/3] l2 binding vsi aaa [NPE3-GigabitEthernet2/1/3] quit Verifying the configuration: # Execute the display vpls connection command on each PE. The output shows that a PW connection in up state has been established between the PEs.
Page 236 [RouterA-mpls-ldp-remote-routerb] remote-ip bfd [RouterA-mpls-ldp-remote-routerb] quit [RouterA] mpls ldp remote-peer routerc [RouterA-mpls-ldp-remote-routerc] remote-ip 3.3.3.3 [RouterA-mpls-ldp-remote-routerc] remote-ip bfd [RouterA-mpls-ldp-remote-routerc] quit [RouterA] interface gigabitethernet 2/1/2 [RouterA-GigabitEthernet2/1/2] mpls [RouterA-GigabitEthernet2/1/2] mpls ldp [RouterA-GigabitEthernet2/1/2] quit [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] mpls [RouterA-GigabitEthernet2/1/1] mpls ldp [RouterA-GigabitEthernet2/1/1] quit # Configure Router B.
Page 237 [RouterA-GigabitEthernet2/1/2] quit [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] ip address 13.1.1.1 24 [RouterA-GigabitEthernet2/1/1] quit [RouterA] interface loopback 0 [RouterA-LoopBack0] ip address 1.1.1.1 32 [RouterA-LoopBack0] quit # Configure Router B. [RouterB] interface gigabitethernet 2/1/2 [RouterB-GigabitEthernet2/1/2] ip address 12.1.1.2 24 [RouterB-GigabitEthernet2/1/2] quit [RouterB] interface loopback 0 [RouterB-LoopBack0] ip address 2.2.2.2 32 [RouterB-LoopBack0] quit # Configure Router C.
Page 238 [RouterA-l2vpn] quit [RouterA] vsi vpna static [RouterA-vsi-vpna] pwsignal ldp [RouterA-vsi-vpna-ldp] vsi-id 100 [RouterA-vsi-vpna-ldp] peer 2.2.2.2 backup-peer 3.3.3.3 [RouterA-vsi-vpna-ldp] quit [RouterA-vsi-vpna] quit [RouterA] interface gigabitethernet 2/1/3 [RouterA-GigabitEthernet2/1/3] l2 binding vsi vpna [RouterA-GigabitEthernet2/1/3] quit # Configure Router B. [RouterB] l2vpn [RouterB-l2vpn] mpls l2vpn [RouterB-l2vpn] quit [RouterB] vsi vpna static [RouterB-vsi-vpna] pwsignal ldp...
Page 239: Implementing Multi-As Vpn Through Multi-Hop Pw
Session State: Up Interface: LoopBack0 Min Trans Inter: 400ms Act Trans Inter: 400ms Min Recv Inter: 400ms Act Detect Inter: 2000ms Recv Pkt Num: 70 Send Pkt Num: 68 Hold Time: 1600ms Connect Type: Indirect Running Up for: 00:00:01 Auth mode: None Protocol: MFW/LDP Diag Info: No Diagnostic # Execute the display vpls connection vsi vpna command on Router A.
Page 240 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.1 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit # Create a remote peer. [PE1] mpls ldp remote-peer 1 [PE1-mpls-ldp-remote-1] remote-ip 2.2.2.2 [PE1-mpls-ldp-remote-1] quit # Configure OSPF. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0...
Page 241 [ASBR1] mpls lsr-id 2.2.2.2 [ASBR1] mpls [ASBR1–mpls] quit [ASBR1] mpls ldp [ASBR1–mpls-ldp] quit # Create remote LDP peers. [ASBR1] mpls ldp remote-peer 1 [ASBR1-mpls-ldp-remote-1] remote-ip 3.3.3.3 [ASBR1-mpls-ldp-remote-1] quit [ASBR1] mpls ldp remote-peer 2 [ASBR1-mpls-ldp-remote-2] remote-ip 1.1.1.1 [ASBR1-mpls-ldp-remote-2] quit # Configure OSPF. [ASBR1] ospf [ASBR1-ospf-1] area 0 [ASBR1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0...
Page 242 [ASBR1-bgp] peer 11.1.1.3 route-policy map export [ASBR1-bgp] peer 11.1.1.3 label-route-capability [ASBR1-bgp] quit [ASBR1] route-policy map permit node 10 [ASBR1-route-policy] apply mpls-label [ASBR1-route-policy] quit Configurations on ASBR 2: # Configure basic MPLS. <Sysname> system-view [Sysname] sysname ASBR2 [ASBR2] interface loopback 0 [ASBR2-LoopBack0] ip address 3.3.3.3 32 [ASBR2-LoopBack0] quit [ASBR2] mpls lsr-id 3.3.3.3...
Page 243 [ASBR2] vsi aaa static p2p [ASBR2-vsi-aaa] pwsignal ldp [ASBR2-vsi-aaa-ldp] vsi-id 500 [ASBR2-vsi-aaa-ldp] peer 4.4.4.4 upe [ASBR2-vsi-aaa-ldp-4.4.4.4] quit [ASBR2-vsi-aaa-ldp] peer 2.2.2.2 [ASBR2-vsi-aaa-ldp-2.2.2.2] quit [ASBR2-vsi-aaa-ldp] quit [ASBR2-vsi-aaa] quit # Configure BGP to advertise labeled unicast routes. [ASBR2] bgp 200 [ASBR2-bgp] import-route direct [ASBR2-bgp] peer 11.1.1.2 as-number 100 [ASBR2-bgp] peer 11.1.1.2 route-policy map export [ASBR2-bgp] peer 11.1.1.2 label-route-capability...
Page 244: Troubleshooting Vpls
# Enable L2VPN and MPLS L2VPN. [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit # Configure VPLS instance aaa that uses LDP signaling. [PE2] vsi aaa static [PE2-vsi-aaa] pwsignal ldp [PE2-vsi-aaa-ldp] vsi-id 500 [PE2-vsi-aaa-ldp] peer 3.3.3.3 [PE2-vsi-aaa-ldp-3.3.3.3] quit [PE2-vsi-aaa-ldp] quit [PE2-vsi-aaa] quit # Bind VPLS instance aaa to GigabitEthernet 2/1/1, the interface connected to CE 2.
Page 245: Configuring Mpls L3Vpn
Configuring MPLS L3VPN This chapter describes only MPLS L3VPN configuration. For information about MPLS basics, see "Configuring basic MPLS." For information about BGP, see Layer 3—IP Routing Configuration Guide. Overview MPLS L3VPN is a PE-based L3VPN technology. It uses BGP to advertise VPN routes and uses MPLS to forward VPN packets over service provider backbones.
Page 246: Mpls L3Vpn Concepts
When VPN traffic travels over the MPLS backbone, the ingress PE functions as the ingress Label Switching Router (LSR), the egress PE functions as the egress LSR, and P routers function as the transit LSRs. MPLS L3VPN concepts Site A site has the following features: •...
Page 247 Figure 66 VPN-IPv4 address structure Route Distinguisher (8 bytes) 2 bytes 6 bytes 4 bytes Type Administrator subfield Assigned number subfield IPv4 address prefix Upon receiving an IPv4 route from a CE, a PE changes the route to a VPN route by adding an RD and then advertises the VPN route to the peer PE.
Page 248: Mpls L3Vpn Packet Forwarding
The SoO attribute specifies the site where the route update is originated. It prevents the receiving router from advertising the route update back to the originating site. If the AS-path attribute is lost, the router can use the SoO attribute to avoid routing loops. The SoO attribute has the following formats: •...
Page 249: Mpls L3Vpn Networking Schemes
Figure 67 VPN packet forwarding Site 2 Site 1 CE 1 CE 2 PE 2 PE 1 2.1.1.1/24 1.1.1.2/24 Layer1 Layer2 Layer2 1.1.1.2 1.1.1.2 1.1.1.2 1.1.1.2 A VPN packet is forwarded in the following way: Site 1 sends an IP packet with the destination address of 1.1.1.2. CE 1 transmits the packet to PE 1.
Page 250 Figure 68 Network diagram for basic VPN networking scheme Figure 68, for example, the route target for VPN 1 is 100:1 on the PEs, while that for VPN 2 is 200:1. The two VPN 1 sites can communicate with each other, and the two VPN 2 sites can communicate with each other.
Page 251 Figure 69 Network diagram for hub and spoke networking scheme VPN 1 VPN 1: Import: Hub Site 1 Export: Spoke VPN 1-out: Spoke-CE Export: Hub Hub-CE Hub-PE Spoke-PE Site 3 Spoke-PE VPN 1-in: VPN 1 Import: Spoke Spoke-CE VPN 1: Site 2 Import: Hub Export: Spoke...
Page 252: Mpls L3Vpn Routing Information Advertisement
Figure 70 Network diagram for extranet networking scheme VPN 1 VPN 1: Import:100:1 Site 1 Export:100:1 PE 1 VPN 1 PE 3 Site 3 PE 2 VPN 2: VPN 1: Site 2 Import:200:1 Import:100:1,200:1 Export:200:1 Export:100:1,200:1 VPN 2 Figure 70, VPN 1 and VPN 2 can access Site 3 of VPN 1. •...
Page 253: Inter-As Vpn
Routing information exchange from the ingress PE to the egress PE After learning the VPN routing information from the CE, the ingress PE adds RDs and route targets for these standard IPv4 routes to create VPN-IPv4 routes, save them to the routing table of the VPN instance that is created for the CE, and then trigger MPLS to assign VPN labels for them.
Page 254 Figure 71 Network diagram for inter-AS option A Inter-AS option A is easy to carry out because no special configuration is required on the PEs acting as the ASBRs. However, it has limited scalability because the PEs acting as the ASBRs must manage all the VPN routes and create VPN instances on a per-VPN basis.
Page 255 Figure 72 Network diagram for inter-AS option B In terms of scalability, inter-AS option B is better than option A. When adopting the MP-EBGP method, note the following: • ASBRs perform no route target filtering on VPN-IPv4 routes that they receive from each other. Therefore, the ISPs in different ASs that exchange VPN-IPv4 routes must agree on the route exchange.
Page 256: Carrier's Carrier
Figure 73 Network diagram for inter-AS option C VPN 1 VPN 1 Multi-hop MP-EBGP CE 1 CE 3 PE 3 PE 1 ASBR 2 ASBR 1 (PE) EBGP (PE) MPLS backbone MPLS backbone AS 100 AS 200 PE 4 PE 2 Multi-hop MP-EBGP VPN LSP CE 4...
Page 257 exchanged through the BGP session established between the routers of the Level 2 carrier. This can greatly reduce the number of routes maintained by the Level 1 carrier network. Implementation of carrier's carrier Compared with the common MPLS L3VPN, the carrier's carrier is different because of the way in which a CE of a Level 1 carrier, that is, a Level 2 carrier, accesses a PE of the Level 1 carrier: •...
Page 258: Nested Vpn
Figure 76 Scenario where the Level 2 carrier is an MPLS L3VPN service provider NOTE: As a best practice, establish equal cost LSPs between the Level 1 carrier and the Level 2 carrier if equal cost routes exist between them. Nested VPN In an MPLS L3VPN network, generally a service provider runs an MPLS L3VPN backbone and provides VPN services through PEs.
Page 259 Figure 77 Network diagram for nested VPN Propagation of routing information In a nested VPN network, routing information is propagated as follows: A provider PE and its CEs exchange VPNv4 routes, which carry information about users' internal VPNs. After receiving a VPNv4 route, a provider PE keeps the user's internal VPN information, and appends the user's MPLS VPN attributes on the service provider network.
Page 260: Multi-Role Host
Multi-role host The VPN attributes of the packets forwarded from a CE to a PE depend on the VPN instance bound to the inbound interface. Therefore, all CEs whose packets are forwarded through the same inbound interface of a PE must belong to the same VPN. In a real network, however, a CE may need to access multiple VPNs through a single physical interface.
Page 261 Implementation of HoVPN Figure 78 Basic architecture of HoVPN As shown in Figure 78, devices directly connected to CEs are called underlayer PEs (UPEs) or user-end PEs, whereas devices that are connected to UPEs and are in the internal network are called superstratum PEs (SPE) or service provider-end PEs.
Page 262: Ospf Vpn Extension
With MP-IBGP, to advertise routes between IBGP peers, the SPE acts as the RR and advertises routes from IBGP peer UPE to IBGP peer SPE. However, it does not act as the RR of the other PEs. Recursion and extension of HoVPN HoVPN supports HoPE recursion: •...
Page 263 • Configuration of OSPF areas between a PE and a CE The OSPF area between a PE and a CE can be either a non-backbone area or a backbone area. In the OSPF VPN extension application, the MPLS VPN backbone is considered the backbone area (area 0).
Page 264 Each OSPF domain must have a configurable domain ID. As a best practice, configure the same domain ID or adopt the default ID for all OSPF processes of the same VPN, so the system can know that all VPN routes with the same domain ID are from the same VPN. •...
Page 265: Bgp As Number Substitution And Soo
BGP AS number substitution and SoO Because BGP detects routing loops by AS number, if EBGP runs between PEs and CEs, you must assign different AS numbers to geographically different sites to ensure correct transmission of the routing information. The BGP AS number substitution function allows physically dispersed CEs to use the same AS number.
Page 266: Multi-Vpn-Instance Ce
Backup between two VPNv4 routes Figure 83 Backup between two VPNv4 routes Configure FRR on PE 1 and specify the backup next hop to reach CE 2 as PE 3. When PE 1 receives a VPNv4 route to CE 2 from both PE 2 and PE 3, it uses the route from PE 2 as the primary route, and the route from PE 3 as the backup route.
Page 267: Mpls L3Vpn Configuration Task List
For better services and higher security, a private network is usually divided into multiple VPNs to isolate services. To meet these requirements, you can configure a CE for each VPN, which increases device expense and maintenance costs. Or, you can configure multiple VPNs to use the same CE and the same routing table, which sacrifices data security.
Page 268 Remark Task Configuring basic MPLS L3VPN Configuring soft GRE Soft GRE can replace MPLS LDP, MPLS TE, or GREto set up a public tunnel for an MPLS L3VPN network. It has simpler configuration. After soft GRE is enabled on a PE, the PE uses an encapsulation method for VPN packets: •...
Page 269: Configuring Basic Mpls L3Vpn
Configuring basic MPLS L3VPN The key task in MPLS L3VPN configuration is to manage the advertisement of VPN routes on the MPLS backbone, including PE-CE route exchange and PE-PE route exchange. To configure basic MPLS L3VPN: Task Remarks Creating a VPN instance Required.
Page 270 Step Command Remarks A VPN instance takes effect only after you configure an RD for it. Before configuring an RD, you Configure an RD for the VPN route-distinguisher cannot configure any other instance. route-distinguisher parameters for the VPN instance except a reserved VLAN and a description.
Page 271 Step Command Remarks A single vpn-target command vpn-target vpn-target&<1-8> can configure up to eight route Configure route targets. [ both | export-extcommunity | targets. You can configure up to import-extcommunity ] 64 route targets for a VPN instance. Optional. By default, a VPN instance Set the maximum number of supports 100000 routes at most.
Page 272 • If the matching tunnel is unavailable (for example, the tunnel is down or the tunnel's ACL does not permit the traffic) and is not specified with the disable-fallback keyword, the local PE continues to match other tunnels. If the tunnel is specified with the disable-fallback keyword, the local PE stops matching and tunnel selection fails.
Page 273: Configuring Routing Between A Pe And A Ce
NOTE: • A tunneling policy configured in VPN instance view is applicable to both IPv4 VPNs and IPv6 VPNs. • You can configure a tunneling policy for IPv4 VPNs in both VPN instance view and IPv4 VPN view. A tunneling policy configured in IPv4 VPN view takes precedence. Configuring an LDP instance LDP instances are for carrier's carrier network applications.
Page 274 Step Command Remarks • Method 1: ip route-static dest-address { mask | mask-length } { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } Use either command as [ preference preference-value ] [ tag needed. tag-value ] [ description Perform this configuration on description-text ] Configure a static...
Page 275 Step Command Remarks Optional. Configure the OSPF domain domain-id domain-id [ secondary ] 0 by default. Optional. The defaults are as follows: ext-community-type • Configure the type codes of 0x0005 for Domain ID. { domain-id type-code1 | OSPF extended community •...
Page 276 Configuring EBGP between a PE and a CE Configure the PE: Step Command Remarks Enter system view. system-view Enable BGP and enter BGP bgp as-number view. Enter BGP VPN instance ipv4-family vpn-instance view. vpn-instance-name Configure the CE as the peer { group-name | ip-address } VPN EBGP peer.
Page 277 Step Command Remarks Optional. import-route protocol Configure the route [ process-id ] [ med med-value | A CE must advertise its routes to redistribution and route-policy route-policy-name ] the connected PE so the PE can advertisement behavior. advertise them to the peer CE. NOTE: •...
Page 278: Configuring Routing Between Pes
Step Command Remarks filter-policy { acl-number | Optional. ip-prefix ip-prefix-name } export Configure BGP to filter [ direct | isis process-id | ospf By default, BGP does not filter routes to be advertised. process-id | rip process-id | routes to be advertised. static ] Optional.
Page 279: Configuring Routing Features For Bgp Vpnv4 Subaddress Family
Step Command Remarks Enter BGP-VPNv4 ipv4-family vpnv4 subaddress family view. Enable the exchange of BGP-VPNv4 routing peer { group-name | ip-address } By default, BGP peers exchange information with the enable IPv4 routing information only. specified peer. Configuring routing features for BGP VPNv4 subaddress family With BGP VPNv4 subaddress family, there are a variety of routing features that are the same as those for BGP IPv4 unicast routing.
Page 280 Step Command Remarks Optional. By default, the system uses the local address as the next hop of a route to be advertised to an EBGP Configure the system to use peer. In the inter-AS option C the local address as the next peer { group-name | ip-address } solution, configure the peer hop of a route to be...
Page 281: Configuring Soft Gre
Step Command Remarks filter-policy { acl-number | Optional. ip-prefix ip-prefix-name } export Filter all or certain types of [ direct | isis process-id | ospf By default, BGP does not filter routes to be advertised. process-id | rip process-id | routes to be advertised.
Page 282: Configuring Inter-As Vpn
• Soft GRE—Used when no public tunnel exists or the existing public tunnels do not meet tunnel policy requirements. Soft GRE encapsulates VPN packets with a GRE header and then an IP header. The destination IP address of the IP header is the IP address of the remote PE (BGP VPNv4 peer). The source IP address is the output interface address by default.
Page 283: Configuring Inter-As Option B
In other words, configure VPN instances on PEs and ASBR PEs respectively. The VPN instances on PEs are used to allow CEs to access the network, and those on ASBR PEs are used to access the peer ASBR PEs. For more information, see "Configuring basic MPLS L3VPN."...
Page 284 Configuring the PEs You must establish an ordinary IBGP peer relationship between a PE and an ASBR PE in an AS and an MP-EBGP peer relationship between PEs of different ASs. The PEs and ASBR PEs in an AS must be able to exchange labeled IPv4 routes. To configure a PE for inter-AS option C: Step Command...
Page 285: Configuring Nested Vpn
Step Command Remarks Enable the ASBR PE to By default, the device does not exchange labeled IPv4 peer { group-name | ip-address } advertise labeled routes to the routes with the PEs in the label-route-capability IPv4 peer or peer group. same AS.
Page 286: Configuring Multi-Role Host
When you configure nested VPN, follow these guidelines: • The address ranges for sub-VPNs of a VPN cannot overlap. • Do not give nested VPN peers addresses that public network peers use. • Before specifying a nested VPN peer or peer group, configure the corresponding CE peer or peer group in BGP VPN instance view.
Page 287: Configuring And Applying Policy Routing
Configuring and applying policy routing Step Command Enter system view. system-view policy-based-route policy-name { deny | permit } Create a policy and enter policy routing view. node node-number Specify the VPN instances for forwarding apply access-vpn vpn-instance packets. vpn-instance-name&<1-6> Return to system view. quit Enter the view of the interface connecting a CE.
Page 288: Configuring An Ospf Sham Link
Step Command Remarks Use either command. Do not use • (Method 1) Advertise a both the commands. default VPN route: By default, BGP does not peer { group-name | advertise routes to a VPNv4 peer. ip-address } default-route-advertise With the peer vpn-instance default-route-advertise vpn-instance-name...
Page 289: Creating A Sham Link
Step Command Enter BGP VPN instance view. ipv4-family vpn-instance vpn-instance-name Redistribute direct routes into BGP (to import-route direct [ med med-value | redistribute the loopback interface route into route-policy route-policy-name ] * BGP). import-route ospf [ { process-id | all-processes } Redistribute OSPF VPN routes.
Page 290: Configuring Routing Between An Mce And A Vpn Site
On the PE in an MCE network environment, disable routing loop detection to avoid route loss during route calculation and disable route redistribution between routing protocols to save system resources. Before you configure routing on an MCE, complete the following tasks: •...
Page 291 Step Command Remarks Enable RIP on the interface By default, RIP is disabled on an attached to the specified network network-address interface. network. import-route protocol Redistribute remote site [ process-id ] [ allow-ibgp ] [ cost By default, no route is routes advertised by the PE.
Page 292 Configuring IS-IS between an MCE and a VPN site An IS-IS process belongs to the public network or a single VPN instance. If you create an IS-IS process without binding it to a VPN instance, the process belongs to the public network. Binding IS-IS processes to VPN instances can isolate routes of different VPNs.
Page 293 Step Command Remarks Allow the local AS number to appear in the AS_PATH peer { group-name | ip-address } attribute of a received route Optional. allow-as-loop [ number ] and set the maximum number of repetitions. Redistribute remote site import-route protocol [ process-id | By default, no route routes advertised by the all-processes ] [ med med-value |...
Page 294: Configuring Routing Between Mce And Pe
Step Command Remarks Enter BGP-VPN instance ipv4-family vpn-instance view. vpn-instance-name peer { group-name | ip-address } Configure an IBGP peer. as-number as-number Optional. By default, no RR or RR client is configured. After you configure a VPN site as an IBGP peer of the MCE, the Configure the system to be MCE does not advertise the BGP peer { group-name | ip-address }...
Page 295 Perform the following configuration tasks on MCE. Configurations on the PE are similar to those on the PE in common MPLS L3VPN network solutions (see "Configuring static routing between a PE and a CE"). Configuring static routing between MCE and PE Step Command Remarks...
Page 296 Step Command Remarks Routing loop detection is enabled by default. You must disable routing loop Disable routing loop vpn-instance-capability simple detection for a VPN OSPF detection. process on the MCE. Otherwise, the MCE cannot receive OSPF routes from the PE. Optional.
Page 297 Step Command Remarks filter-policy { acl-number | ip-prefix Optional. Configure a filtering ip-prefix-name | route-policy policy to filter the route-policy-name } export [ isis By default, IS-IS does not filter redistributed routes. process-id | ospf process-id | rip redistributed routes. process-id | bgp | direct | static ] Return to system view.
Page 298: Specifying The Vpn Label Processing Mode
Step Command Remarks import-route protocol [ process-id | Redistribute the VPN By default, No route all-processes ] [ med med-value | routes of the VPN site. redistribution is configured. route-policy route-policy-name ] * Optional. filter-policy { acl-number | ip-prefix Configure a filtering ip-prefix-name } export [ direct | isis By default, BGP does not policy to filter the routes...
Page 299: Configuring Mpls L3Vpn Frr
Step Command Remarks Enter system view. system-view Optional. No routing policy is created by default. Create a routing policy and route-policy route-policy-name enter routing policy view. If the PE connects to multiple CEs permit node node-number in the same site, use a routing policy to add the SoO attribute to the routes received from the CEs.
Page 300: Resetting Bgp Connections
Resetting BGP connections When BGP configuration changes, you can use the soft reset function or reset BGP connections to make new configurations take effect. Soft reset requires that BGP peers have route refreshment capability (supporting Route-Refresh messages). NOTE: Soft reset of BGP connections refers to updating BGP routing information without breaking BGP neighbor relationships.
Page 301 Task Command Remarks display bgp vpnv4 { all | vpn-instance Display information about a vpn-instance-name } group [ group-name ] specified or all BGP VPNv4 peer Available in any view. [ | { begin | exclude | include } group. regular-expression ] Display information about BGP display bgp vpnv4 { all | vpn-instance...
Page 302 Task Command Remarks display bgp vpnv4 route-distinguisher route-distinguisher routing-table [ [ network-address [ mask | mask-length ] | as-path-acl as-path-acl-number | cidr | community [ aa:nn ]&<1-13> [ no-advertise | no-export | no-export-subconfed ] * [ whole-match ] | Display the BGP VPNv4 routing community-list Available in any view.
Page 303: Mpls L3Vpn Configuration Examples
Task Command Remarks reset bgp vpn-instance vpn-instance-name ip-address flap-info Clear route flap history reset bgp vpn-instance information about a BGP peer of a Available in user view. vpn-instance-name flap-info [ ip-address VPN instance. [ mask | mask-length ] | as-path-acl as-path-acl-number | regexp as-path-regexp ] For commands to display information about a routing table, see Layer 3—IP Routing Command...
Page 304 POS5/1/1 172.1.1.1/24 GE2/1/1 10.3.1.2/24 CE 2 GE2/1/1 10.2.1.1/24 GE2/1/2 10.4.1.2/24 CE 3 GE2/1/1 10.3.1.1/24 POS5/1/1 172.2.1.2/24 CE 4 GE2/1/1 10.4.1.1/24 Configuration procedure Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone: # Configure PE 1. <PE1>...
Page 305 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit After the configurations, OSPF adjacencies are established between PE 1, P, and PE 2. Execute the display ospf peer command. The output shows that the adjacency status is Full. Execute the display ip routing-table command.
Page 306 [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 5/1/1 [P-POS5/1/1] mpls [P-POS5/1/1] mpls ldp [P-POS5/1/1] quit [P] interface pos 5/1/2 [P-POS5/1/2] mpls [P-POS5/1/2] mpls ldp [P-POS5/1/2] quit # Configure PE 2. [PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 5/1/1 [PE2-POS5/1/1] mpls...
Page 307 [PE1-vpn-instance-vpn1] quit [PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:2 [PE1-vpn-instance-vpn2] vpn-target 222:2 [PE1-vpn-instance-vpn2] quit [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ip address 10.1.1.2 24 [PE1-GigabitEthernet2/1/1] quit [PE1] interface gigabitethernet 2/1/2 [PE1-GigabitEthernet2/1/2] ip binding vpn-instance vpn2 [PE1-GigabitEthernet2/1/2] ip address 10.2.1.2 24 [PE1-GigabitEthernet2/1/2] quit # Configure PE 2.
Page 308 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/23/56 ms Establish EBGP peer relationships between PEs and CEs to allow VPN routes to be redistributed: # Configure CE 1. <CE1> system-view [CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit # Configure the other three CEs in a similar way to configuring CE 1.
Page 309 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit After completing the configuration, execute the display bgp peer command or the display bgp vpnv4 all peer command on the PEs. The output shows that a BGP peer relationship has been established between the PEs, and has reached Established state.
Page 310: Configuring Mpls L3Vpns Using Ibgp Between A Pe And A Ce
PING 10.4.1.1: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 10.4.1.1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss Configuring MPLS L3VPNs using IBGP between a PE and a Network requirements CE 1 and CE 3 belong to VPN 1.
Page 311 GE2/1/1 10.2.1.1/24 CE 4 Loop0 7.7.7.9/32 CE 3 Loop0 6.6.6.9/32 GE2/1/1 10.4.1.1/24 GE2/1/1 10.3.1.1/24 Configuration procedure Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone: # Configure PE 1. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] interface pos 5/1/1...
Page 312 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit After the configurations, P establishes an OSPF adjacency with PE 1 and PE 2 respectively. Execute the display ospf peer command. The output shows that the adjacency status is Full. Execute the display ip routing-table command. The output shows that the PEs have learned the routes to the loopback interfaces of each other.
Page 313 [P-POS5/1/1] mpls ldp [P-POS5/1/1] quit [P] interface pos 5/1/2 [P-POS5/1/2] mpls [P-POS5/1/2] mpls ldp [P-POS5/1/2] quit # Configure PE 2. [PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 5/1/1 [PE2-POS5/1/1] mpls [PE2-POS5/1/1] mpls ldp [PE2-POS5/1/1] quit After the configurations, P establishes an LDP session with PE 1 and PE 2 respectively.
Page 314 [PE1-vpn-instance-vpn2] quit [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ip address 10.1.1.2 24 [PE1-GigabitEthernet2/1/1] quit [PE1] interface gigabitethernet 2/1/2 [PE1-GigabitEthernet2/1/2] ip binding vpn-instance vpn2 [PE1-GigabitEthernet2/1/2] ip address 10.2.1.2 24 [PE1-GigabitEthernet2/1/2] quit # Configure PE 2. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit...
Page 315 Establish IBGP peer relationships between PEs and CEs to redistribute VPN routes, and configure routing policies to change the next hop of the routes: # On CE 1, configure PE 1 as the IBGP peer, and configure a routing policy for the routes received from PE 1, changing the next hop address of the routes to the IP address of PE 1.
Page 316 [PE1-route-policy] quit [PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 route-policy pe-ibgp import [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # On PE 2, configure PE 1 as the MP-IBGP peer, and configure a routing policy for the routes received from PE 1, changing the next hop address of the routes as the loopback interface address of PE 1.
Page 317: Configuring An Mpls L3Vpn That Uses A Gre Tunnel
Routing Tables: vpn2 Destinations : 7 Routes : 7 Destination/Mask Proto Cost NextHop Interface 5.5.5.9/32 10.2.1.1 GE2/1/2 7.7.7.9/32 3.3.3.9 NULL0 10.2.1.0/24 Direct 0 10.2.1.2 GE2/1/2 10.2.1.2/32 Direct 0 127.0.0.1 InLoop0 10.4.1.0/24 3.3.3.9 NULL0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 CEs of the same VPN can ping each other, whereas those of different VPNs cannot.
Page 318 Figure 88 Network diagram POS5/1/1 POS5/1/2 Loop0 Loop0 POS5/1/1 POS5/1/1 GRE tunnel PE 2 PE 1 Tunnel0 Tunnel0 GE2/1/1 GE2/1/1 AS 100 GE2/1/1 GE2/1/1 CE 1 CE 2 VPN 1 VPN 1 AS 65410 AS 65420 Device Interface IP address Device Interface IP address...
Page 319 [PE1-tunnel-policy-gre1] quit [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] tnl-policy gre1 [PE1-vpn-instance-vpn1] quit [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ip address 10.1.1.2 24 [PE1-GigabitEthernet2/1/1] quit # Configure PE 2. [PE2] tunnel-policy gre1 [PE2-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1 [PE2-tunnel-policy-gre1] quit [PE2] ip vpn-instance vpn1...
Page 320 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 7/21/33 ms Establish EBGP peer relationships between PEs and CEs to allow VPN routes to be redistributed: # Configure CE 1. [CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit # Configure PE 1.
Page 321: Configure A Gre Tunnel
2.2.2.9 00:00:34 Established Configure a GRE tunnel: # Configure PE 1. [PE1] interface tunnel 0 [PE1-Tunnel0] tunnel-protocol gre [PE1-Tunnel0] source loopback 0 [PE1-Tunnel0] destination 2.2.2.9 [PE1-Tunnel0] ip address 20.1.1.1 24 [PE1-Tunnel0] mpls [PE1-Tunnel0] quit # Configure PE 2. [PE2] interface tunnel 0 [PE2-Tunnel0] tunnel-protocol gre [PE2-Tunnel0] source loopback 0 [PE2-Tunnel0] destination 1.1.1.9...
Page 322: Configuring A Hub-Spoke Network
Destinations : 3 Routes : 3 Destination/Mask Proto Cost NextHop Interface 10.1.1.0/24 Direct 0 10.1.1.2 GE2/1/1 10.1.1.2/32 Direct 0 127.0.0.1 InLoop0 10.2.1.0/24 2.2.2.9 NULL0 The CEs can ping each other. [CE1] ping 10.2.1.1 PING 10.2.1.1: 56 data bytes, press CTRL_C to break Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=253 time=41 ms Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=253 time=69 ms Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=253 time=68 ms...
Page 323 Spoke-PE 1 Loop0 1.1.1.9/32 GE2/1/2 10.4.1.1/24 GE2/1/1 10.1.1.2/24 Hub-PE Loop0 2.2.2.9/32 POS5/1/1 172.1.1.1/24 POS5/1/1 172.1.1.2/24 Spoke-CE 2 GE2/1/1 10.2.1.1/24 POS5/1/2 172.2.1.2/24 Spoke-PE 2 Loop0 3.3.3.9/32 GE2/1/1 10.3.1.2/24 GE2/1/1 10.2.1.2/24 GE2/1/2 10.4.1.2/24 POS5/1/1 172.2.1.1/24 Configuration procedure Configure an IGP in the MPLS backbone to ensure IP connectivity between spoke-PE and hub-PE: # Configure Spoke-PE 1.
Page 324 [Hub-PE-POS5/1/2] ip address 172.2.1.2 24 [Hub-PE-POS5/1/2] quit [Hub-PE] ospf [Hub-PE-ospf-1] area 0 [Hub-PE-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [Hub-PE-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [Hub-PE-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [Hub-PE-ospf-1-area-0.0.0.0] quit [Hub-PE-ospf-1] quit After the configuration, OSPF adjacencies are established between Spoke-PE 1 and Hub-PE, and between Spoke-PE 2 and Hub-PE.
Page 325 [Spoke-PE1-POS5/1/1] mpls [Spoke-PE1-POS5/1/1] mpls ldp [Spoke-PE1-POS5/1/1] quit # Configure Spoke-PE 2. [Spoke-PE2] mpls lsr-id 3.3.3.9 [Spoke-PE2] mpls [Spoke-PE2-mpls] quit [Spoke-PE2] mpls ldp [Spoke-PE2-mpls-ldp] quit [Spoke-PE2] interface pos 5/1/1 [Spoke-PE2-POS5/1/1] mpls [Spoke-PE2-POS5/1/1] mpls ldp [Spoke-PE2-POS5/1/1] quit # Configure the Hub-PE. [Hub-PE] mpls lsr-id 2.2.2.9 [Hub-PE] mpls [Hub-PE-mpls] quit [Hub-PE] mpls ldp...
Page 326 ------------------------------------------------------------------ A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale Configure VPN instances on the spoke-PEs and the hub-PE to allow CEs to access the PEs: # Configure Spoke-PE 1.
Page 327 VPN-Instance Name Create time vpn1 100:1 2009/04/08 10:55:07 Spoke-PE 1 can ping Spoke-CE 1 successfully: [Spoke-PE1] ping -vpn-instance vpn1 10.1.1.1 PING 10.1.1.1: 56 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=56 ms Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=4 ms Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=4 ms Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=52 ms Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=3 ms...
Page 328 [Spoke-PE2-bgp-vpn1] quit [Spoke-PE2-bgp] quit # Configure the Hub-PE. [Hub-PE] bgp 100 [Hub-PE-bgp] ipv4-family vpn-instance vpn1-in [Hub-PE-bgp-vpn1-in] peer 10.3.1.1 as-number 65430 [Hub-PE-bgp-vpn1-in] import-route direct [Hub-PE-bgp-vpn1-in] quit [Hub-PE-bgp] ipv4-family vpn-instance vpn1-out [Hub-PE-bgp-vpn1-out] peer 10.4.1.1 as-number 65430 [Hub-PE-bgp-vpn1-out] peer 10.4.1.1 allow-as-loop [Hub-PE-bgp-vpn1-out] import-route direct [Hub-PE-bgp-vpn1-out] quit [Hub-PE-bgp] quit After the configurations, execute the display bgp vpnv4 vpn-instance peer command on the...
Page 329 [Hub-PE-bgp] peer 3.3.3.9 as-number 100 [Hub-PE-bgp] peer 3.3.3.9 connect-interface loopback 0 [Hub-PE-bgp] ipv4-family vpnv4 [Hub-PE-bgp-af-vpnv4] peer 1.1.1.9 enable [Hub-PE-bgp-af-vpnv4] peer 3.3.3.9 enable [Hub-PE-bgp-af-vpnv4] quit [Hub-PE-bgp] quit After the configurations, execute the display bgp peer command or the display bgp vpnv4 all peer command on the PEs.
Page 330: Configuring Inter-As Option A
Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=250 time=2 ms --- 10.2.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/3 ms Configuring inter-AS option A Network requirements CE 1 and CE 2 belong to the same VPN. CE 1 accesses the network through PE 1 in AS 100 and CE 2 accesses the network through PE 2 in AS 200.
Page 331 This example uses OSPF. Be sure to advertise the route to the 32-bit loopback interface address of each router through OSPF. The loopback interface address of a router is to be used as the router's LSR ID. (Details not shown.) After the configurations, each ASBR PE and the PE in the same AS can establish OSPF adjacencies.
Page 332 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 5/1/1 [PE2-POS5/1/1] mpls [PE2-POS5/1/1] mpls ldp [PE2-POS5/1/1] quit After the configurations, each PE and the ASBR PE in the same AS can establish neighbor relationship. Execute the display mpls ldp session command on the devices. The output shows that the session status is Operational.
Page 333 [ASBR-PE1] interface pos 5/1/2 [ASBR-PE1-POS5/1/2] ip binding vpn-instance vpn1 [ASBR-PE1-POS5/1/2] ip address 192.1.1.1 24 [ASBR-PE1-POS5/1/2] quit # Configure ASBR PE 2, creating a VPN instance and binding the instance to the interface connected with ASBR PE 1. (ASBR PE 2 considers ASBR PE 1 its CE.) [ASBR-PE2] ip vpn-instance vpn1 [ASBR-PE2-vpn-vpn1] route-distinguisher 200:2 [ASBR-PE2-vpn-vpn1] vpn-target 100:1 both...
Page 334: Configuring Inter-As Option B
[PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 2.2.2.9 enable [PE1-bgp-af-vpnv4] peer 2.2.2.9 next-hop-local [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # Configure ASBR-PE 1. [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] ipv4-family vpn-instance vpn1 [ASBR-PE1-bgp-vpn1] peer 192.1.1.2 as-number 200 [ASBR-PE1-bgp-vpn1] quit [ASBR-PE1-bgp] peer 1.1.1.9 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback 0 [ASBR-PE1-bgp] ipv4-family vpnv4 [ASBR-PE1-bgp-af-vpnv4] peer 1.1.1.9 enable...
Page 335 PEs in the same AS run IS-IS. PE 1 and ASBR-PE 1 exchange labeled IPv4 routes by MP-IBGP. PE 2 and ASBR-PE 2 exchange labeled IPv4 routes by MP-IBGP. ASBR-PE 1 and ASBR-PE 2 exchange labeled IPv4 routes by MP-EBGP. ASBRs do not perform route target filtering of received VPN-IPv4 routes.
Page 336 [PE1-Serial2/1/1] ip address 1.1.1.2 255.0.0.0 [PE1-Serial2/1/1] isis enable 1 [PE1-Serial2/1/1] mpls [PE1-Serial2/1/1] mpls ldp [PE1-Serial2/1/1] quit # Configure interface Loopback 0 and start IS-IS on it. [PE1] interface loopback 0 [PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and route target attributes.
Page 337 # Configure interface Serial 2/1/1, and start IS-IS and enable MPLS and LDP on the interface. [ASBR-PE1] interface serial 2/1/1 [ASBR-PE1-Serial2/1/1] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-Serial2/1/1] isis enable 1 [ASBR-PE1-Serial2/1/1] mpls [ASBR-PE1-Serial2/1/1] mpls ldp [ASBR-PE1-Serial2/1/1] quit # Configure interface Serial 2/1/2 and enable MPLS. [ASBR-PE1] interface serial 2/1/2 [ASBR-PE1-Serial2/1/2] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Serial2/1/2] mpls...
Page 338 [ASBR-PE2-Serial2/1/1] quit # Configure interface Serial 2/1/2 and enable MPLS. [ASBR-PE2] interface serial 2/1/2 [ASBR-PE2-Serial2/1/2] ip address 11.0.0.1 255.0.0.0 [ASBR-PE2-Serial2/1/2] mpls [ASBR-PE2-Serial2/1/2] quit # Configure interface Loopback 0 and start IS-IS on it. [ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit # Start BGP on ASBR-PE 2.
Page 339: Configuring Inter-As Option C
[PE2-LoopBack0] isis enable 1 [PE2-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and route target attributes. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 12:12 [PE2-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity [PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE2-vpn-instance-vpn1] quit # Bind the interface connected to CE 2 with the created VPN instance. [PE2] interface gigabitethernet 2/1/1 [PE2-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/1/1] ip address 20.0.0.1 8...
Page 340 Figure 92 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 Loop1 30.0.0.1/32 Loop1 20.0.0.1/32 S2/1/1 1.1.1.2/8 S2/1/1 9.1.1.2/8 ASBR-PE 1 Loop0 3.3.3.9/32 ASBR-PE 2 Loop0 4.4.4.9/32 S2/1/1 1.1.1.1/8 S2/1/1 9.1.1.1/8 S2/1/2 11.0.0.2/8 S2/1/2...
Page 341 # Create VPN instance vpn1 and configure the RD and route target attributes. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Configure interface Loopback 1 and bind the interface to VPN instance vpn1. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ip address 30.0.0.1 32...
Page 342 [ASBR-PE1-Serial2/1/1] mpls [ASBR-PE1-Serial2/1/1] mpls ldp [ASBR-PE1-Serial2/1/1] quit # Configure interface Serial 2/1/2 and enable MPLS on it. [ASBR-PE1] interface serial 2/1/2 [ASBR-PE1-Serial2/1/2] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Serial2/1/2] mpls [ASBR-PE1-Serial2/1/2] quit # Configure interface Loopback 0 and start IS-IS on it. [ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.3.3.9 32 [ASBR-PE1-LoopBack0] isis enable 1...
Page 343 [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit # Configure interface Serial 2/1/1, and start IS-IS and enable MPLS and LDP on the interface. [ASBR-PE2] interface serial 2/1/1 [ASBR-PE2-Serial2/1/1] ip address 9.1.1.1 255.0.0.0 [ASBR-PE2-Serial2/1/1] isis enable 1 [ASBR-PE2-Serial2/1/1] mpls [ASBR-PE2-Serial2/1/1] mpls ldp [ASBR-PE2-Serial2/1/1] quit # Configure interface Loopback 0 and start IS-IS on it.
Page 344 [PE2] isis 1 [PE2-isis-1] network-entity 10.4444.4444.4444.4444.00 [PE2-isis-1] quit # Configure LSR ID, enable MPLS and LDP. [PE2] mpls lsr-id 5.5.5.9 [PE2] mpls [PE2-mpls] label advertise non-null [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure interface Serial 2/1/1, and start IS-IS and enable MPLS and LDP on the interface. [PE2] interface serial 2/1/1 [PE2-Serial2/1/1] ip address 9.1.1.2 255.0.0.0 [PE2-Serial2/1/1] isis enable 1...
Page 345: Configuring Carrier's Carrier
# Redistribute direct routes to the routing table of vpn1. [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] quit Verify the configuration: After the configurations, PE 1 and PE 2 can ping each other: [PE2] ping –vpn-instance vpn1 30.0.0.1 [PE1] ping –vpn-instance vpn1 20.0.0.1 Configuring carrier's carrier Network requirements...
Page 346 POS5/1/2 10.1.1.1/24 POS5/1/2 20.1.1.2/24 CE 1 Loop0 2.2.2.9/32 CE 2 Loop0 5.5.5.9/32 POS5/1/1 10.1.1.2/24 POS5/1/1 21.1.1.2/24 POS5/1/2 11.1.1.1/24 POS5/1/2 20.1.1.1/24 PE 1 Loop0 3.3.3.9/32 PE 2 Loop0 4.4.4.9/32 POS5/1/1 11.1.1.2/24 POS5/1/1 30.1.1.2/24 POS5/1/2 30.1.1.1/24 POS5/1/2 21.1.1.1/24 Configuration procedure Configure MPLS L3VPN on the provider carrier backbone—start IS-IS as the IGP, enable LDP between PE 1 and PE 2, and establish an MP-IBGP peer relationship between the PEs: # Configure PE 1.
Page 347 LDP Session(s) in Public Network Total number of sessions: 1 ---------------------------------------------------------------- Peer-ID Status SsnRole KA-Sent/Rcv ---------------------------------------------------------------- 4.4.4.9:0 Operational Active 378/378 ---------------------------------------------------------------- LAM : Label Advertisement Mode : Fault Tolerance [PE1] display bgp peer BGP local router ID : 3.3.3.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer...
Page 348 [CE1-LoopBack0] quit [CE1] mpls lsr-id 2.2.2.9 [CE1] mpls [CE1-mpls] quit [CE1] mpls ldp [CE1-mpls-ldp] quit [CE1] isis 2 [CE1-isis-2] network-entity 10.0000.0000.0002.00 [CE1-isis-2] quit [CE1] interface loopback 0 [CE1-LoopBack0] isis enable 2 [CE1-LoopBack0] quit [CE1] interface pos 5/1/1 [CE1-POS5/1/1] ip address 10.1.1.2 24 [CE1-POS5/1/1] isis enable 2 [CE1-POS5/1/1] mpls [CE1-POS5/1/1] mpls ldp...
Page 349 # Configure CE 1. [CE1] interface pos 5/1/2 [CE1-POS5/1/2] ip address 11.1.1.1 24 [CE1-POS5/1/2] isis enable 2 [CE1-POS5/1/2] mpls [CE1-POS5/1/2] mpls ldp [CE1-POS5/1/2] mpls ldp transport-address interface [CE1-POS5/1/2] quit After the configurations, PE 1 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them.
Page 350 Verify the configuration: After completing all the configurations, execute the display ip routing-table command on PE 1 and PE 2. The output shows that only routes of the provider carrier network are present in the public network routing table of PE 1 and PE 2. Take PE 1 as an example: [PE1] display ip routing-table Routing Tables: Public Destinations : 7...
Page 351 11.1.1.1/32 Direct 0 127.0.0.1 InLoop0 11.1.1.2/32 Direct 0 11.1.1.2 POS5/1/2 20.1.1.0/24 ISIS 11.1.1.2 POS5/1/2 21.1.1.0/24 ISIS 11.1.1.2 POS5/1/2 21.1.1.2/32 ISIS 11.1.1.2 POS5/1/2 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Execute the display ip routing-table command on PE 3 and PE 4. The output shows that the internal routes of the customer carrier network are present in the public network routing tables.
Page 352: Configuring Nested Vpn
0.00% packet loss round-trip min/avg/max = 60/87/127 ms CE 3 and CE 4 can ping each other: [CE3] ping 120.1.1.1 PING 120.1.1.1: 56 data bytes, press CTRL_C to break Reply from 120.1.1.1: bytes=56 Sequence=1 ttl=252 time=102 ms Reply from 120.1.1.1: bytes=56 Sequence=2 ttl=252 time=69 ms Reply from 120.1.1.1: bytes=56 Sequence=3 ttl=252 time=105 ms Reply from 120.1.1.1: bytes=56 Sequence=4 ttl=252 time=88 ms Reply from 120.1.1.1: bytes=56 Sequence=5 ttl=252 time=87 ms...
Page 353 Figure 94 Network diagram Loop0 Loop0 AS 100 PE 1 PE 2 POS5/1/2 POS5/1/1 POS5/1/1 POS5/1/2 Carrier VPN CE 1 CE 2 Customer VPN Customer VPN POS5/1/2 POS5/1/1 AS 200 AS 200 VPN 1 VPN 1 POS5/1/1 POS5/1/2 POS5/1/2 POS5/1/2 PE 3 PE 4 GE2/1/1...
Page 354 [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface pos 5/1/2 [PE1-POS5/1/2] ip address 30.1.1.1 24 [PE1-POS5/1/2] isis enable 1 [PE1-POS5/1/2] mpls [PE1-POS5/1/2] mpls ldp [PE1-POS5/1/2] mpls ldp transport-address interface [PE1-POS5/1/2] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.4.4.9 enable...
Page 355 [PE3-LoopBack0] quit [PE3] mpls lsr-id 1.1.1.9 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0001.00 [PE3-isis-2] quit [PE3] interface loopback 0 [PE3-LoopBack0] isis enable 2 [PE3-LoopBack0] quit [PE3] interface pos 5/1/2 [PE3-POS5/1/2] ip address 10.1.1.1 24 [PE3-POS5/1/2] isis enable 2 [PE3-POS5/1/2] mpls [PE3-POS5/1/2] mpls ldp...
Page 356 [PE1-vpn-instance-vpn1] quit [PE1] interface pos 5/1/1 [PE1-POS5/1/1] ip binding vpn-instance vpn1 [PE1-POS5/1/1] ip address 11.1.1.2 24 [PE1-POS5/1/1] mpls [PE1-POS5/1/1] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 11.1.1.1 as-number 200 [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 1. [CE1] interface pos 5/1/2 [CE1-POS5/1/2] ip address 11.1.1.1 24 [CE1-POS5/1/2] mpls...
Page 357 [PE3-GigabitEthernet2/1/1] quit [PE3] ip vpn-instance SUB_VPN2 [PE3-vpn-instance-SUB_VPN2] route-distinguisher 101:1 [PE3-vpn-instance-SUB_VPN2] vpn-target 2:2 [PE3-vpn-instance-SUB_VPN2] quit [PE3] interface gigabitethernet 2/1/2 [PE3-GigabitEthernet2/1/2] ip binding vpn-instance SUB_VPN2 [PE3-GigabitEthernet2/1/2] ip address 110.1.1.2 24 [PE3-GigabitEthernet2/1/2] quit [PE3] bgp 200 [PE3-bgp] ipv4-family vpn-instance SUB_VPN1 [PE3-bgp-SUB_VPN1] peer 100.1.1.1 as-number 65410 [PE3-bgp-SUB_VPN1] import-route direct [PE3-bgp-SUB_VPN1] quit [PE3-bgp] ipv4-family vpn-instance SUB_VPN2...
Page 358 [PE3-bgp] ipv4-family vpnv4 [PE3-bgp-af-vpnv4] peer 2.2.2.9 enable # Allow the local AS number to appear in the AS-PATH attribute of the routes received. [PE3-bgp-af-vpnv4] peer 2.2.2.9 allow-as-loop 2 [PE3-bgp-af-vpnv4] quit [PE3-bgp] quit # Configure CE 1. [CE1] bgp 200 [CE1-bgp] peer 1.1.1.9 as-number 200 [CE1-bgp] peer 1.1.1.9 connect-interface loopback 0 [CE1-bgp] ipv4-family vpnv4 [CE1-bgp-af-vpnv4] peer 1.1.1.9 enable...
Page 359 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 130.1.1.0/24 4.4.4.9 NULL0 Execute the display bgp vpnv4 all routing-table command on CE 1 and CE 2 to verify that the VPNv4 routing tables on the customer VPN contain internal sub-VPN routes. Take CE 1 as an example.
Page 360 Routing Tables: SUB_VPN1 Destinations : 5 Routes : 5 Destination/Mask Proto Cost NextHop Interface 100.1.1.0/24 Direct 0 100.1.1.2 GE2/1/1 100.1.1.2/32 Direct 0 127.0.0.1 InLoop0 120.1.1.0/24 2.2.2.9 NULL0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Execute the display ip routing-table command on CE 3 and CE 4 to verify that the routing tables contain routes of remote sub-VPNs.
Page 361: Configuring Multi-Role Host
--- 120.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 69/90/105 ms CE 5 and CE 6 can ping each other successfully. [CE5] ping 130.1.1.1 PING 130.1.1.1: 56 data bytes, press CTRL_C to break Reply from 130.1.1.1: bytes=56 Sequence=1 ttl=252 time=102 ms Reply from 130.1.1.1: bytes=56 Sequence=2 ttl=252 time=69 ms Reply from 130.1.1.1: bytes=56 Sequence=3 ttl=252 time=105 ms...
Page 362 Figure 95 Network diagram Configuration procedure Configure CE 1: # Configure the IP addresses of the interfaces on CE 1. <CE1> system-view [CE1] interface gigabitethernet 2/1/1 [CE1-GigabitEthernet2/1/1] ip address 100.1.1.1 24 [CE1-GigabitEthernet2/1/1] quit [CE1] interface serial 2/1/1 [CE1-Serial2/1/1] ip address 1.1.1.2 24 [CE1-Serial2/1/1] quit # Configure a default route to PE 1 on CE 1.
Page 363: Configuring Hovpn
[PE1] ip route-static vpn-instance vpn2 100.1.1.0 24 vpn-instance vpn1 1.1.1.2 [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn2 [PE1-bgp-vpn2] import-route static [PE1-bgp-vpn2] quit [PE1-bgp] quit # Configure a routing policy, allowing packets from Host A that have no routes in the native VPN instance to be forwarded along private network routes in VPN instance vpn2.
Page 364 CE 1 GE2/1/1 10.2.1.1/24 CE 3 GE2/1/1 10.1.1.1/24 CE 2 GE2/1/1 10.4.1.1/24 CE 4 GE2/1/1 10.3.1.1/24 UPE 1 Loop0 1.1.1.9/32 UPE 2 Loop0 4.4.4.9/32 GE2/1/1 10.2.1.2/24 GE2/1/1 172.2.1.1/24 GE2/1/2 10.4.1.2/24 GE2/1/2 10.1.1.2/24 GE2/1/3 172.1.1.1/24 GE2/1/3 10.3.1.2/24 SPE 1 Loop0 2.2.2.9/32 SPE 2 Loop0 3.3.3.9/32...
Page 365 [UPE1] interface gigabitethernet 2/1/2 [UPE1-GigabitEthernet2/1/2] ip binding vpn-instance vpn2 [UPE1-GigabitEthernet2/1/2] ip address 10.4.1.2 24 [UPE1-GigabitEthernet2/1/2] quit # Configure UPE 1 to establish MP-IBGP peer relationship with SPE 1 and to inject VPN routes. [UPE1] bgp 100 [UPE1-bgp] peer 2.2.2.9 as-number 100 [UPE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [UPE1-bgp] ipv4-family vpnv4 [UPE1-bgp-af-vpnv4] peer 2.2.2.9 enable...
Page 366 [UPE2-mpls-ldp] quit [UPE2] interface gigabitethernet 2/1/1 [UPE2-GigabitEthernet2/1/1] ip address 172.2.1.1 24 [UPE2-GigabitEthernet2/1/1] mpls [UPE2-GigabitEthernet2/1/1] mpls ldp [UPE2-GigabitEthernet2/1/1] quit # Configure the IGP protocol, OSPF, for example. [UPE2] ospf [UPE2-ospf-1] area 0 [UPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [UPE2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [UPE2-ospf-1-area-0.0.0.0] quit [UPE2-ospf-1] quit # Configure VPN instances vpn1 and vpn2, allowing CE 3 and CE 4 to access UPE 2.
Page 367 [CE3] interface gigabitethernet 2/1/1 [CE3-GigabitEthernet2/1/1] ip address 10.1.1.1 255.255.255.0 [CE3-GigabitEthernet2/1/1] quit [CE3] bgp 65430 [CE3-bgp] peer 10.1.1.2 as-number 100 [CE3-bgp] import-route direct [CE3] quit Configure CE 4: <CE4> system-view [CE4] interface gigabitethernet 2/1/1 [CE4-GigabitEthernet2/1/1] ip address 10.3.1.1 255.255.255.0 [CE4-GigabitEthernet2/1/1] quit [CE4] bgp 65440 [CE4-bgp] peer 10.3.1.2 as-number 100 [CE4-bgp] import-route direct...
Page 368 [SPE1-vpn-instance-vpn1 ] vpn-target 100:1 both [SPE1-vpn-instance-vpn1] quit [SPE1] ip vpn-instance vpn2 [SPE1-vpn-instance-vpn2] route-distinguisher 700:1 [SPE1-vpn-instance-vpn2] vpn-target 100:2 both [SPE1-vpn-instance-vpn2] quit # Configure SPE 1 to establish MP-IBGP peer relationship with UPE 1 and to inject VPN routes, and specify UPE 1. [SPE1] bgp 100 [SPE1-bgp] peer 1.1.1.9 as-number 100 [SPE1-bgp] peer 1.1.1.9 connect-interface loopback 0...
Page 369 [SPE2-GigabitEthernet2/1/1] quit [SPE2] interface gigabitethernet 2/1/2 [SPE2-GigabitEthernet2/1/2] ip address 172.2.1.2 24 [SPE2-GigabitEthernet2/1/2] mpls [SPE2-GigabitEthernet2/1/2] mpls ldp [SPE2-GigabitEthernet2/1/2] quit # Configure the IGP protocol, OSPF, for example. [SPE2] ospf [SPE2-ospf-1] area 0 [SPE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [SPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [SPE2-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255 [SPE2-ospf-1-area-0.0.0.0] quit [SPE2-ospf-1] quit # Configure VPN instances vpn1 and vpn2.
Page 370: Configuring Ospf Sham Links
[SPE2-bgp] ipv4-family vpnv4 [SPE2-bgp-af-vpnv4] peer 4.4.4.9 upe route-policy hope export Configuring OSPF sham links Network requirements CE 1 and CE 2 belong to VPN 1 and are connected to PE 1 and PE 2, respectively. CE 1 and CE 2 are in the same OSPF area. VPN traffic between CE 1 and CE 2 is required to be forwarded through the MPLS backbone, instead of any route in the OSPF area.
Page 371 20.1.1.2/32 Direct 0 20.1.1.2 S2/1/2 30.1.1.0/24 OSPF 3124 20.1.1.2 S2/1/2 100.1.1.0/24 Direct 0 100.1.1.1 GE2/1/1 100.1.1.1/32 Direct 0 127.0.0.1 InLoop0 120.1.1.0/24 OSPF 3125 20.1.1.2 S2/1/2 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configure MPLS L3VPN on the backbone: # Configure basic MPLS and MPLS LDP on PE 1 to establish LDP LSPs.
Page 372 [PE2] interface serial 2/1/2 [PE2-Serial2/1/2] ip address 10.1.1.2 24 [PE2-Serial2/1/2] mpls [PE2-Serial2/1/2] mpls ldp [PE2-Serial2/1/2] quit # Configure PE 2 to take PE 1 as the MP-IBGP peer. [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit...
Page 373 [PE2-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/1/1] ip address 120.1.1.2 24 [PE2-GigabitEthernet2/1/1] quit [PE2] ospf 100 vpn-instance vpn1 [PE2-ospf-100] domain-id 10 [PE2-ospf-100] area 1 [PE2-ospf-100-area-0.0.0.1] network 120.1.1.0 0.0.0.255 [PE2-ospf-100-area-0.0.0.1] quit [PE2-ospf-100] quit [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route ospf 100 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] quit...
Page 374 After completing the configurations, execute the display ip routing-table vpn-instance command again on the PEs, you can see that the path to the peer CE is now along the BGP route across the backbone, and that a route to the sham link destination address is present. Take PE 1 as an example: [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1...
Page 375: Configuring Mce
Configuring MCE Network requirements As shown in Figure 98, VPN 2 runs RIP. Configure the MCE device to separate routes from different VPNs and advertise the VPN routes to PE 1 through OSPF. Figure 98 Network diagram VPN 2 Site 1 PE 2 PE 1 GE3/1/3.1...
Page 376 # Bind interface GigabitEthernet 3/1/1 with VPN instance vpn1 and configure an IP address for the interface. [MCE] interface gigabitethernet 3/1/1 [MCE-GigabitEthernet3/1/1] ip binding vpn-instance vpn1 [MCE-GigabitEthernet3/1/1] ip address 10.214.10.3 24 [MCE-GigabitEthernet3/1/1] quit # Bind interface GigabitEthernet 3/1/2 with VPN instance vpn2, and configure an IP address for the interface.
Page 377 Routing Tables: vpn1 Destinations : 5 Routes : 5 Destination/Mask Proto Cost NextHop Interface 10.214.10.0/24 Direct 0 10.214.10.3 GE3/1/1 10.214.10.3/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 192.168.0.0/24 Static 60 10.214.10.2 GE3/1/1 [MCE] display ip routing-table vpn-instance vpn2 Routing Tables: vpn2 Destinations : 5 Routes : 5...
Page 378 # On PE 1, bind subinterface GigabitEthernet 3/1/1.2 with the VPN instance vpn2, configure the subinterface to terminate VLAN 20, and configure an IP address for the subinterface. [PE1] interface gigabitethernet 3/1/1.2 [PE1-GigabitEthernet3/1/1.2] ip binding vpn-instance vpn2 [PE1-GigabitEthernet3/1/1.2] vlan-type dot1q vid 20 [PE1-GigabitEthernet3/1/1.2] ip address 30.1.1.2 24 [PE1-GigabitEthernet3/1/1.2] quit # Configure the IP address of the interface Loopback0 as 101.101.10.1 for the MCE and as...
Page 379: Configuring Bgp As Number Substitution
127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 192.168.10.0/24 O_ASE 30.1.1.1 GE3/1/1.2 Now, the routing information for the two VPNs has been redistributed into the routing tables on PE 1. Configuring BGP AS number substitution Network requirements As shown in Figure 99, CE 1 and CE 2 belong to VPN 1 and are connected to PE 1 and PE 2 respectively.
Page 380 by CE 1 to access PE 1 resides, but it has not learned the route to the VPN (100.1.1.0/24) behind CE 1. The situation on CE 1 is similar. <CE2> display ip routing-table Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Cost...
Page 381 *> 10.1.1.0/24 10.2.1.2 100? *> 10.1.1.1/32 10.2.1.2 100? 10.2.1.0/24 10.2.1.2 100? 10.2.1.1/32 10.2.1.2 100? Configure BGP AS number substitution: # Configure BGP AS number substitution on PE 2. <PE2> system-view [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.2.1.1 substitute-as [PE2-bgp-vpn1] quit [PE2-bgp] quit The output shows that among the routes advertised by PE 2 to CE 2, the AS_PATH of...
Page 382: Configuring Bgp As Number Substitution And Soo
<CE1> ping –a 100.1.1.1 200.1.1.1 PING 200.1.1.1: 56 data bytes, press CTRL_C to break Reply from 200.1.1.1: bytes=56 Sequence=1 ttl=253 time=109 ms Reply from 200.1.1.1: bytes=56 Sequence=2 ttl=253 time=67 ms Reply from 200.1.1.1: bytes=56 Sequence=3 ttl=253 time=66 ms Reply from 200.1.1.1: bytes=56 Sequence=4 ttl=253 time=85 ms Reply from 200.1.1.1: bytes=56 Sequence=5 ttl=253 time=70 ms --- 200.1.1.1 ping statistics --- 5 packet(s) transmitted...
Page 383 PE 3 Loop0 4.4.4.9/32 GE2/1/1 30.1.1.2/24 GE2/1/1 10.3.1.2/24 GE2/1/2 40.1.1.2/24 GE2/1/2 50.1.1.2/24 GE2/1/3 50.1.1.1/24 Configuration procedure Configure basic MPLS L3VPN: Configure OSPF on the MPLS backbone to allow the PEs and P device to learn the routes of the loopback interfaces from each other.
Page 384: Example 1 For Configuring Mpls L3Vpn Frr
[PE1-bgp] quit # On PE 2, configure a routing policy named soo to add the specified SoO attribute. <PE2> system-view [PE2] route-policy soo permit node 10 [PE2-route-policy] apply extcommunity soo 1:100 additive [PE2-route-policy] quit # On PE 2, apply the routing policy soo to routes received from CE 2. [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.2.1.1 route-policy soo import...
Page 385 Figure 101 Network diagram Device Interface IP address Device Interface IP address CE 1 GE2/1/1 10.2.1.1/24 PE 1 Loop0 1.1.1.1/32 PE 2 Loop0 2.2.2.2/32 GE2/1/1 10.2.1.2/24 GE2/1/1 172.1.1.2/24 GE2/1/2 172.1.1.1/24 10.1.1.2/24 GE2/1/3 172.2.1.1/24 GE2/1/2 PE 3 Loop0 3.3.3.3/32 CE 2 Loop0 4.4.4.4/32 GE2/1/1...
Page 386: Example 2 For Configuring Mpls L3Vpn Frr
Display routes destined for 4.4.4.4/32 on PE 1. You can see that the active route has a backup next hop. [PE1] display ip routing-table vpn-instance vpn1 4.4.4.4 verbose Routing Table : vpn1 Summary Count : 2 Destination: 4.4.4.4/32 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0...
Page 387 Figure 102 Network diagram Device Interface IP address Device Interface IP address CE 1 GE 2/1/1 10.2.1.1/24 PE 2 Loop0 2.2.2.2/32 PE 1 Loop0 1.1.1.1/32 GE 2/1/1 172.1.1.2/24 GE 2/1/1 10.2.1.2/24 GE 2/1/2 10.1.1.2/24 GE 2/1/2 172.1.1.1/24 GE 2/1/3 172.3.1.1/24 GE 2/1/3 172.2.1.1/24 PE 3...
Page 388 NextHop: 10.1.1.1 Interface: GigabitEthernet2/1/2 BkNextHop: 3.3.3.3 BkInterface: NULL0 RelyNextHop: 0.0.0.0 Neighbor : 10.1.1.1 Tunnel ID: 0x64000C Label: 65536 BKTunnel ID: 0x64000A BKLabel: 1026 State: Active Adv GotQ Age: 00h00m16s Tag: 0 Destination: 4.4.4.4/32 Protocol: BGP Process ID: 0 Preference: 255 Cost: 0 IpPrecedence: QosLcId:...
Page 389: Configuring Ipv6 Mpls L3Vpn
Configuring IPv6 MPLS L3VPN Overview MPLS L3VPN applies to the IPv4 environment. It uses BGP to advertise IPv4 VPN routes and uses MPLS to forward IPv4 VPN packets on the service provider backbone. IPv6 MPLS L3VPN functions similarly. It uses BGP to advertise IPv6 VPN routes and uses MPLS to forward IPv6 VPN packets on the service provider backbone.
Page 390: Ipv6 Mpls L3Vpn Routing Information Advertisement
The PC at Site 1 sends an IPv6 packet destined for 2001:2::1, the PC at Site 2. CE 1 transmits the packet to PE 1. Based on the inbound interface and destination address of the packet, PE 1 searches the routing table of the VPN instance.
Page 391: Ipv6 Mpls L3Vpn Configuration Task List
IPv6 MPLS L3VPN configuration task list Task Remarks Configuring basic IPv6 MPLS L3VPN By configuring basic IPv6 MPLS L3VPN, you can construct simple IPv6 VPN networks over an MPLS Configuring inter-AS IPv6 VPN backbone. To deploy special IPv6 MPLS L3VPN networks, such as inter-AS VPN, you must also perform some Configuring routing on an MCE specific configurations in addition to the basic IPv6...
Page 392: Configuring Route Related Attributes For A Vpn Instance
Step Command Remarks Enter system view. system-view Create a VPN instance and ip vpn-instance enter VPN instance view. vpn-instance-name Configure an RD for the VPN route-distinguisher instance. route-distinguisher Configure a description for description text Optional. the VPN instance. Associating a VPN instance with an interface After creating and configuring a VPN instance, associate the VPN instance with the interface for connecting the CE.
Page 393 Step Command Remarks A single vpn-target command vpn-target vpn-target&<1-8> can configure up to eight route Configure route targets. [ both | export-extcommunity | targets. You can configure up to import-extcommunity ] 64 route targets for a VPN instance. Optional. By default, a VPN instance supports up to 100000 routes.
Page 394 • If the matching tunnel is unavailable (for example, the tunnel is down or the tunnel's ACL does not permit the traffic) and is not specified with the disable-fallback keyword, the local PE continues to match other tunnels. If the tunnel is specified with the disable-fallback keyword, the local PE stops matching and tunnel selection fails.
Page 395: Configuring Routing Between A Pe And A Ce
Step Command Remarks By default, only one tunnel is selected (no load balancing) in this order: LSP tunnel, GRE tunnel, CR-LSP tunnel. The tunneling policy to be applied Apply the tunneling policy tnl-policy tunnel-policy-name must have existed. Otherwise, the to the VPN instance. default tunneling policy is used.
Page 396 Configuring RIPng between a PE and a CE A RIPng process belongs to the public network or a single VPN instance. If you create a RIPng process without binding it to a VPN instance, the process belongs to the public network. To configure RIPng between a PE and a CE: Step Command...
Page 397 Step Command Remarks Enter system view. system-view Create an IPv6 IS-IS Perform this configuration on isis [ process-id ] vpn-instance process for a VPN instance PEs. On CEs, create a normal vpn-instance-name and enter IS-IS view. IPv6 IS-IS process. Configure a network entity network-entity net Not configured by default.
Page 398: Configuring Routing Between Pes
Step Command Remarks Optional. import-route protocol Configure route A CE must advertise its VPN [ process-id ] [ med med-value | redistribution and routes to the connected PE so route-policy route-policy-name ] advertisement. that the PE can advertise them to the peer CE.
Page 399 Step Command Remarks Enter BGP-VPNv6 ipv6-family vpnv6 subaddress family view. Optional. Set the default value of the default local-preference value local preference. 100 by default. Optional. Set the default value for the default med med-value By default, the default value of the system MED.
Page 400: Configuring Inter-As Ipv6 Vpn
Step Command Remarks Optional. By default, each RR in a cluster uses its own router ID as the cluster ID. 19. Configure a cluster ID for the reflector cluster-id { cluster-id | route reflector. If more than one RR exists in a ip-address } cluster, use this command to configure the same cluster ID for...
Page 401: Configuring Inter-As Ipv6 Vpn Option B
Configuring inter-AS IPv6 VPN option B For inter-AS option B, only one method is available: Change the next hop on an ASBR. With this method, MPLS LDP is not required between ASBRs. Therefore, MP-EBGP routes get their next hops changed by default before being redistributed to MP-IBGP. However, normal EBGP routes to be advertised to IBGP do not have their next hops changed by default.
Page 402: Configuring Routing On An Mce
Step Command Remarks Enable the PE to exchange By default, the PE does not peer { group-name | ip-address } labeled routes with the advertise labeled routes to the label-route-capability ASBR PE in the same AS. IPv4 peer/peer group. Configure the PE of another peer { group-name | ip-address } AS as the EBGP peer.
Page 403: Configuring Routing Between An Mce And A Vpn Site
Configuring routing between an MCE and a VPN site You can configure static routing, RIPng, OSPFv3, IPv6 IS-IS, or EBGP between an MCE and a VPN site. Configuring static routing between an MCE and a VPN site An MCE can reach a VPN site through an IPv6 static route. IPv6 static routing on a traditional CE is globally effective and thus does not support address overlapping among VPNs.
Page 404 Step Command Remarks Enable RIPng on the ripng process-id enable Disabled by default. interface. For more information about RIPng, see Layer 3—IP Routing Configuration Guide. Configuring OSPFv3 between an MCE and a VPN site An OSPFv3 process belongs to the public network or a single IPv6 VPN instance. If you create an OSPFv3 process without binding it to an IPv6 VPN instance, the process belongs to the public network.
Page 405 Step Command Remarks Configure a network entity network-entity net Not configured by default. title for the IS-IS process. Enable the IPv6 capacity for ipv6 enable Disabled by default. the IPv6 IS-IS process. Optional. By default, no routes from any ipv6 import-route protocol other routing protocol are [ process-id ] [ allow-ibgp ] [ cost redistributed to IPv6 IS-IS.
Page 406: Configuring Routing Between An Mce And A Pe
NOTE: After you configure an IPv6 BGP VPN instance, the IPv6 BGP route exchange for the IPv6 VPN instance is the same with the normal IPv6 BGP VPN route exchange. For more information about IPv6 BGP, see Layer 3—IP Routing Configuration Guide. Configure the VPN site: Step Command...
Page 407 Step Command Remarks Enter system view. system-view Create a RIPng process for ripng [ process-id ] vpn-instance an IPv6 VPN instance and vpn-instance-name enter RIPng view. import-route protocol By default, no route of any other [ process-id ] [ allow-ibgp ] [ cost Redistribute the VPN routes.
Page 408 Step Command Remarks Create an IS-IS process for isis [ process-id ] vpn-instance an IPv6 VPN instance and vpn-instance-name enter IS-IS view. Configure a network entity network-entity net Not configured by default. title. Enable the IPv6 capacity for ipv6 enable Disabled by default.
Page 409: Resetting Bgp Connections
NOTE: IPv6 BGP runs within a VPN in the same way as it runs within a public network. For more information about IPv6 BGP, see Layer 3—IP Routing Configuration Guide. Resetting BGP connections When BGP configuration changes, use the soft reset function or reset BGP connections to make the changes take effect.
Page 410: Ipv6 Mpls L3Vpn Configuration Examples
Task Command Remarks Display information about BGP display bgp vpnv6 all peer [ ipv4-address verbose | verbose ] [ | { begin | exclude | VPNv6 peers established Available in any view. between PEs. include } regular-expression ] display bgp vpnv6 vpn-instance Display information about IPv6 vpn-instance-name peer [ ipv6-address BGP peers established between...
Page 411 Figure 105 Network diagram AS 65410 AS 65430 VPN 1 VPN 1 CE 1 CE 3 GE2/1/1 GE2/1/1 Loop0 GE2/1/1 GE2/1/1 POS5/1/1 POS5/1/2 Loop0 Loop0 POS5/1/1 POS5/1/1 GE2/1/2 GE2/1/2 MPLS backbone GE2/1/1 GE2/1/1 CE 4 CE 2 VPN 2 VPN 2 AS 65420 AS 65440 Device...
Page 412 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface pos 5/1/1 [P-POS5/1/1] ip address 172.1.1.2 24 [P-POS5/1/1] quit [P] interface pos 5/1/2 [P-POS5/1/2] ip address 172.2.1.1 24 [P-POS5/1/2] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit...
Page 413 Area 0.0.0.0 interface 172.1.1.1(POS5/1/1)'s neighbors Router ID: 172.1.1.2 Address: 172.1.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: None BDR: None MTU: 1500 Dead timer due in 38 Neighbor is up for 00:02:44 Authentication Sequence: [ 0 ] Neighbor state change count: 5 Configure basic MPLS and enable MPLS LDP on the MPLS backbone to establish LDP LSPs: # Configure PE 1.
Page 414 LDP Session(s) in Public Network Total number of sessions: 1 ---------------------------------------------------------------- Peer-ID Status SsnRole KA-Sent/Rcv --------------------------------------------------------------- 2.2.2.9:0 Operational Passive --------------------------------------------------------------- LAM : Label Advertisement Mode : Fault Tolerance [PE1] display mpls ldp lsp LDP LSP Information ------------------------------------------------------------------ DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface ------------------------------------------------------------------ 1.1.1.9/32...
Page 415 [PE2-GigabitEthernet2/1/1] ipv6 address 2001:3::2 96 [PE2-GigabitEthernet2/1/1] quit [PE2] interface gigabitethernet 2/1/2 [PE2-GigabitEthernet2/1/2] ip binding vpn-instance vpn2 [PE2-GigabitEthernet2/1/2] ipv6 address 2001:4::2 24 [PE2-GigabitEthernet2/1/2] quit # Configure IP addresses for the CEs according to Figure 105. (Details not shown.) After completing the configurations, execute the display ip vpn-instance command on the PEs to view information about the VPN instances.
Page 416 [PE1-bgp-ipv6-vpn1] import-route direct [PE1-bgp-ipv6-vpn1] quit [PE1-bgp] ipv6-family vpn-instance vpn2 [PE1-bgp-ipv6-vpn2] peer 2001:2::1 as-number 65420 [PE1-bgp-ipv6-vpn2] import-route direct [PE1-bgp-ipv6-vpn2] quit [PE1-bgp] quit # Configure PE 2 in a similar way to configuring PE 1. (Details not shown.) After completing the configurations, execute the display bgp vpnv6 vpn-instance peer command on the PEs.
Page 417 [PE1] display ipv6 routing-table vpn-instance vpn1 Routing Table : Destinations : 3 Routes : 3 Destination: 2001:1::/96 Protocol : Direct NextHop : 2001:1::2 Preference: 0 Interface : GE2/1/1 Cost Destination: 2001:1::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2001:2::/96...
Page 418: Configuring An Ipv6 Mpls L3Vpn That Uses A Gre Tunnel
0.00% packet loss round-trip min/avg/max = 1/1/1 ms [CE1] ping ipv6 2001:4::1 PING 2001:4::1 : 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 2001:4::1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss...
Page 419 CE 2 GE2/1/1 2001:2::1/96 Tunnel0 20.1.1.2/24 Configuration procedure Configure an IGP on the MPLS backbone to achieve IP connectivity among the PEs and the P router: This example uses OSPF. (Details not shown.) After the configurations, OSPF adjacencies are established between PE 1, P, and PE 2. Execute the display ospf peer command.
Page 420 [PE2-GigabitEthernet2/1/1] quit # Configure CE 1. <CE1> system-view [CE1] interface gigabitethernet 2/1/1 [CE1-GigabitEthernet2/1/1] ipv6 address 2001:1::1 24 [CE1-GigabitEthernet2/1/1] quit # Configure CE 2. <CE2> system-view [CE2] interface gigabitethernet 2/1/1 [CE2-GigabitEthernet2/1/1] ipv6 address 2001:2::1 24 [CE2-GigabitEthernet2/1/1] quit After completing the configurations, execute the display ip vpn-instance command on the PEs to view information about the VPN instance.
Page 421 [PE1-bgp-ipv6-vpn1] import-route direct [PE1-bgp-ipv6-vpn1] quit [PE1-bgp] quit # Configure CE 2 and PE 2 in a similar way to configuring CE 1 and PE 1. (Details not shown.) After completing the configurations, execute the display bgp vpnv6 vpn-instance peer command on the PEs. BGP peer relationships have been established between PEs and CEs, and have reached Established state.
Page 422: Configuring Inter-As Ipv6 Vpn Option A
[PE2-Tunnel0] mpls [PE2-Tunnel0] quit Verify the configuration: # Display the routing table of each CE. The CEs have learned the route to each other. # From each CE, ping the other CE. The CEs can ping each other. [CE1] ping ipv6 2001:2::1 PING 2001:2::1 : 56 data bytes, press CTRL_C to break Reply from 2001:2::1...
Page 423 Figure 107 Network diagram Device Interface IP address Device Interface IP address CE 1 GE2/1/1 2001:1::1/96 CE 2 GE2/1/1 2001:2::1/96 PE 1 Loop0 1.1.1.9/32 PE 2 Loop0 4.4.4.9/32 GE2/1/1 2001:1::2/96 GE2/1/1 2001:2::2/96 POS5/1/1 172.1.1.2/24 POS5/1/1 162.1.1.2/24 ASBR-PE1 Loop0 2.2.2.9/32 ASBR-PE2 Loop0 3.3.3.9/32 POS5/1/1...
Page 424 [PE1-POS5/1/1] mpls ldp [PE1-POS5/1/1] quit # Configure basic MPLS on ASBR-PE 1 and enable MPLS LDP for both ASBR-PE 1 and the interface connected to PE 1. <ASBR-PE1> system-view [ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit [ASBR-PE1] interface pos 5/1/1 [ASBR-PE1-POS5/1/1] mpls...
Page 425 # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ipv6 address 2001:1::2 96 [PE1-GigabitEthernet2/1/1] quit # Configure CE 2. <CE2> system-view [CE2] interface gigabitethernet 2/1/1 [CE2-GigabitEthernet2/1/1] ipv6 address 2001:2::1 96 [CE2-GigabitEthernet2/1/1] quit # Configure PE 2.
Page 426 # Configure CE 1. [CE1] bgp 65001 [CE1-bgp] ipv6-family [CE1-bgp-af-ipv6] peer 2001:1::2 as-number 100 [CE1-bgp-af-ipv6] import-route direct [CE1-bgp-af-ipv6] quit # Configure PE 1. [PE1] bgp 100 [PE1-bgp] ipv6-family vpn-instance vpn1 [PE1-bgp-ipv6-vpn1] peer 2001:1::1 as-number 65001 [PE1-bgp-ipv6-vpn1] import-route direct [PE1-bgp-ipv6-vpn1] quit [PE1-bgp] quit # Configure CE 2.
Page 427: Configuring Inter-As Ipv6 Vpn Option C
[ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ipv6-family vpn-instance vpn1 [ASBR-PE2-bgp-ipv6-vpn1] peer 2002:1::1 as-number 100 [ASBR-PE2-bgp-ipv6-vpn1] quit [ASBR-PE2-bgp] peer 4.4.4.9 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [ASBR-PE2-bgp] ipv6-family vpnv6 [ASBR-PE2-bgp-af-vpnv6] peer 4.4.4.9 enable [ASBR-PE2-bgp-af-vpnv6] quit [ASBR-PE2-bgp] quit # Configure PE 2. [PE2] bgp 200 [PE2-bgp] peer 3.3.3.9 as-number 200 [PE2-bgp] peer 3.3.3.9 connect-interface loopback 0...
Page 428 Loop1 2001:1::1/128 Loop1 2001:1::2/128 S2/1/1 1.1.1.2/8 S2/1/1 9.1.1.2/8 ASBR-PE 1 Loop0 3.3.3.9/32 ASBR-PE 2 Loop0 4.4.4.9/32 S2/1/1 1.1.1.1/8 S2/1/1 9.1.1.1/8 S2/1/2 11.0.0.2/8 S2/1/2 11.0.0.1/8 Configuration procedure Configure PE 1: # Configure IS-IS on PE 1. <PE1> system-view [PE1] isis 1 [PE1-isis-1] network-entity 10.1111.1111.1111.00 [PE1-isis-1] quit # Configure an LSR ID, and enable MPLS and LDP.
Page 429 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0 [PE1-bgp] peer 3.3.3.9 label-route-capability # Configure the maximum hop count from PE 1 to EBGP peer 5.5.5.9 as 10. [PE1-bgp] peer 5.5.5.9 as-number 600 [PE1-bgp] peer 5.5.5.9 connect-interface loopback 0 [PE1-bgp] peer 5.5.5.9 ebgp-max-hop 10 # Configure peer 5.5.5.9 as a VPNv6 peer.
Page 430 [ASBR-PE1] route-policy policy1 permit node 1 [ASBR-PE1-route-policy1] apply mpls-label [ASBR-PE1-route-policy1] quit [ASBR-PE1] route-policy policy2 permit node 1 [ASBR-PE1-route-policy2] if-match mpls-label [ASBR-PE1-route-policy2] apply mpls-label [ASBR-PE1-route-policy2] quit # Start BGP on ASBR-PE 1 and redistribute routes from IS-IS process 1. [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] import-route isis 1 # Apply routing policy policy2 to filter routes advertised to IBGP peer 2.2.2.9.
Page 431 [ASBR-PE2-LoopBack0] quit # Configure interface Serial 2/1/2 and enable MPLS on it. [ASBR-PE2] interface serial 2/1/2 [ASBR-PE2-Serial2/1/2] ip address 11.0.0.1 255.0.0.0 [ASBR-PE2-Serial2/1/2] mpls [ASBR-PE2-Serial2/1/2] quit # Create routing policies. [ASBR-PE2] route-policy policy1 permit node 1 [ASBR-PE2-route-policy1] apply mpls-label [ASBR-PE2-route-policy1] quit [ASBR-PE2] route-policy policy2 permit node 1 [ASBR-PE2-route-policy2] if-match mpls-label [ASBR-PE2-route-policy2] apply mpls-label...
Page 432 [PE2-Serial2/1/1] mpls [PE2-Serial2/1/1] mpls ldp [PE2-Serial2/1/1] quit # Configure interface Loopback 0 and start IS-IS on it. [PE2] interface loopback 0 [PE2-LoopBack0] ip address 5.5.5.9 32 [PE2-LoopBack0] isis enable 1 [PE2-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and route target attributes for it. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 11:11 [PE2-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity...
Page 433: Configuring Carrier's Carrier
bytes=56 Sequence=3 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=4 hop limit=64 time = 1 ms Reply from 2001:1::1 bytes=56 Sequence=5 hop limit=64 time = 1 ms --- 2001:1::1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms [PE1] ping ipv6 –vpn-instance vpn1 2001:1::2...
Page 434 Figure 109 Network diagram Device Interface IP address Device Interface IP address CE 3 GE2/1/1 2001:1::1/96 CE 4 GE2/1/1 2001:2::1/96 PE 3 Loop0 1.1.1.9/32 PE 4 Loop0 6.6.6.9/32 GE2/1/1 2001:1::2/96 GE2/1/1 2001:2::2/96 POS5/1/2 10.1.1.1/24 POS5/1/2 20.1.1.2/24 CE 1 Loop0 2.2.2.9/32 CE 2 Loop0 5.5.5.9/32...
Page 435 [PE1] interface pos 5/1/2 [PE1-POS5/1/2] ip address 30.1.1.1 24 [PE1-POS5/1/2] isis enable 1 [PE1-POS5/1/2] mpls [PE1-POS5/1/2] mpls ldp [PE1-POS5/1/2] mpls ldp transport-address interface [PE1-POS5/1/2] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.4.4.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit...
Page 436 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0001.00 [PE3-isis-2] quit [PE3] interface loopback 0 [PE3-LoopBack0] isis enable 2 [PE3-LoopBack0] quit [PE3] interface pos 5/1/2 [PE3-POS5/1/2] ip address 10.1.1.1 24 [PE3-POS5/1/2] isis enable 2 [PE3-POS5/1/2] mpls [PE3-POS5/1/2] mpls ldp [PE3-POS5/1/2] mpls ldp transport-address interface...
Page 437 [PE1-vpn-instance-vpn1] quit [PE1] mpls ldp vpn-instance vpn1 [PE1-mpls-ldp-vpn-instance-vpn1] quit [PE1] isis 2 vpn-instance vpn1 [PE1-isis-2] network-entity 10.0000.0000.0000.0003.00 [PE1-isis-2] import-route bgp allow-ibgp [PE1-isis-2] quit [PE1] interface pos 5/1/1 [PE1-POS5/1/1] ip binding vpn-instance vpn1 [PE1-POS5/1/1] ip address 11.1.1.2 24 [PE1-POS5/1/1] isis enable 2 [PE1-POS5/1/1] mpls [PE1-POS5/1/1] mpls ldp [PE1-POS5/1/1] mpls ldp transport-address interface...
Page 438 [PE3-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE3-GigabitEthernet2/1/1] ipv6 address 2001:1::2 96 [PE3-GigabitEthernet2/1/1] quit [PE3] bgp 100 [PE3-bgp] ipv6-family vpn-instance vpn1 [PE3-bgp-ipv6-vpn1] peer 2001:1::1 as-number 65410 [PE3-bgp-ipv6-vpn1] import-route direct [PE3-bgp-ipv6-vpn1] quit [PE3-bgp] quit # Configure PE 4 and CE 4 in a similar way to configuring PE 3 and CE 3. (Details not shown.) Configure an MP-IBGP peer relationship between the PEs of the customer carrier to exchange the VPN routes of the end customers: # Configure PE 3.
Page 439 11.1.1.1/32 Direct 0 127.0.0.1 InLoop0 11.1.1.2/32 Direct 0 11.1.1.2 POS5/1/1 20.1.1.0/24 4.4.4.9 NULL0 21.1.1.0/24 4.4.4.9 NULL0 21.1.1.2/32 4.4.4.9 NULL0 # Execute the display ipv6 routing-table vpn-instance command on PE 1 and PE 2. The output shows that their VPN routing tables do not contain the VPN routes that the customer carrier maintains.
Page 440: Configuring Mce
21.1.1.0/24 ISIS 10.1.1.2 POS5/1/2 21.1.1.2/32 ISIS 10.1.1.2 POS5/1/2 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Ping PE 3 from PE 4 and ping PE 4 from PE 3. PE 3 and PE 4 can ping each other: [PE3] ping 20.1.1.2 PING 20.1.1.2: 56 data bytes, press CTRL_C to break...
Page 441 Figure 110 Network diagram VPN 2 Site 1 PE 2 PE 1 GE2/1/1.2 PE 3 GE2/1/1.1 GE2/1/3.2 GE2/1/1 VPN 1 GE2/1/3.1 2001:1::2/96 2012:1::/64 GE2/1/1 GE2/1/2 VPN 1 2001:1::1/64 2012:1::2/64 GE2/1/2 VR 1 Site 2 2002:1::1/64 GE2/1/1 2002:1::2/64 VR 2 GE2/1/2 2012::2/64 VPN 2 2012::/64...
Page 442 [MCE] interface gigabitethernet 2/1/2 [MCE-GigabitEthernet2/1/2] ip binding vpn-instance vpn2 [MCE-GigabitEthernet2/1/2] ipv6 address 2002:1::1 64 [MCE-GigabitEthernet2/1/2] quit # On PE 1, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance. <PE1> system-view [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 30:1 [PE1-vpn-instance-vpn1] vpn-target 10:1 [PE1-vpn-instance-vpn1] quit...
Page 443 Destinations : 5 Routes : 5 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2001:1::/64 Protocol : Direct NextHop : 2001:1::1 Preference: 0 Interface : GigabitEthernet2/1/1 Cost Destination: 2001:1::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface...
Page 444 <PE1> system-view [PE1] interface gigabitethernet 2/1/1.1 [PE1-GigabitEthernet2/1/1.1] vlan-type dot1q vid 10 [PE1-GigabitEthernet2/1/1.1] ipv6 address 2001:2::4 64 [PE1-GigabitEthernet2/1/1.1] quit [PE1] interface gigabitethernet 2/1/1.2 [PE1-GigabitEthernet2/1/1.2] vlan-type dot1q vid 20 [PE1-GigabitEthernet2/1/1.2] ipv6 address 2002:2::4 64 [PE1-GigabitEthernet2/1/1.2] quit # Enable IPv6 ISIS process 10 on the MCE, bind the process to VPN instance vpn1, and redistribute the IPv6 static route of VPN 1.
Page 445 Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost The output shows that PE 1 has learned the private route of VPN 1 through IPv6 ISIS. Take similar procedures to configure IPv6 ISIS process 20 between the MCE and PE 1 and redistribute VPN 2's routes from RIPng process 20 into the IPv6 ISIS routing table of the MCE.
Page 446: Document Conventions And Icons
Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.
Page 447: Network Topology Icons
Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Page 448: Support And Other Resources
Hewlett Packard Enterprise Support Center More Information on Access to Support Materials page: www.hpe.com/support/AccessToSupportMaterials IMPORTANT: Access to some updates might require product entitlement when accessed through the Hewlett Packard Enterprise Support Center. You must have an HP Passport set up with relevant entitlements.
Page 449: Websites
Websites Website Link Networking websites Hewlett Packard Enterprise Information Library for www.hpe.com/networking/resourcefinder Networking Hewlett Packard Enterprise Networking website www.hpe.com/info/networking Hewlett Packard Enterprise My Networking website www.hpe.com/networking/support Hewlett Packard Enterprise My Networking Portal www.hpe.com/networking/mynetworking Hewlett Packard Enterprise Networking Warranty www.hpe.com/networking/warranty General websites Hewlett Packard Enterprise Information Library www.hpe.com/info/enterprise/docs Hewlett Packard Enterprise Support Center...
Page 450 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.
Page 451: Index
Index configuring ATM AAL5 frame encapsulation (MPLS L2VPN), 157 AC packet encapsulation (VPLS), 200 attribute address advertising TE attribute (MPLS TE), 39 address space overlapping (MPLS affinity attribute (MPLS TE), 40 L3VPN), 238 BGP extended community (MPLS L3VPN), 239 configuring BGP-VPNv6 subaddress family configuring affinity attribute (CR-LSP MPLS routing (IPv6 MPLS L3VPN), 390 TE), 64...
Page 452 extended community attributes (MPLS configuring PE and CE routing (IPv6 MPLS L3VPN), 239 L3VPN), 387 MP-BGP (MPLS L3VPN), 240 configuring PE and CE routing (MPLS L3VPN), 265 OSPF sham link (MPLS L3VPN), 256 configuring PE and CE static routing (IPv6 MPLS redistributing OSPF loopback interface route L3VPN), 387 (MPLS L3VPN), 280...
Page 453 CR-LSP reoptimization (MPLS TE), 65 IPv6 static routing between IPv6 MCE and PE, 398 CSPF (MPLS TE), 56 IPv6 static routing between IPv6 MCE and VPN EBGP between IPv6 MCE and PE, 400 site, 395 EBGP between IPv6 MCE and VPN site, 397 IS-IS between MCE and PE, 288 EBGP between MCE and PE, 289 IS-IS between MCE and VPN site, 284...
Page 454 OSPF between MCE and PE, 287 RSVP-TE refresh mechanism (MPLS TE), 60 OSPF between MCE and VPN site, 283 RSVP-TE reservation style (MPLS TE), 59 OSPF loopback interface (MPLS L3VPN), 280 RSVP-TE resource reservation confirmation (MPLS TE), 61 OSPF sham link (MPLS L3VPN), 280, 362 RSVP-TE state timer (MPLS TE), 60 OSPFv3 between IPv6 MCE and PE, 399 static LSP (MPLS), 10, 30...
Page 455 Martini VC on Layer 3 interface (MPLS redistributing OSPF loopback interface route into L2VPN), 162 BGP (MPLS L3VPN), 280 OSPF sham link (MPLS L3VPN), 281 dynamic signaling (configuring tunnel MPLS TE), 54 tunnel over static CR-LSP (MPLS TE), 53 VPN instance (IPv6 MPLS L3VPN), 383 EBGP VPN instance (MPLS L3VPN), 261 configuring between PE and CE (MPLS...
Page 456 fast reroute. See FRR administrative group (MPLS TE), 40 FEC (MPLS), 1 configuring administrative group (CR-LSP MPLS TE), 64 FF style (configuring RSVP-TE reservation MPLS TE), 59 filtering (configuring LDP label MPLS), 16 HDLC flooding MAC address (VPLS), 198 configuring encapsulation (MPLS L2VPN), 156 forwarding hello extension (configuring RSVP-TE MPLS TE), 61 automatic route advertisement traffic...
Page 457 associating VPN with interface (MPLS creating SVC on Layer 3 interface (MPLS L3VPN), 262 L2VPN), 159 configuring attribute (VPLS), 210 redistributing OSPF loopback route into BGP (MPLS L3VPN), 280 configuring BGP (VPLS), 207 configuring LDP (IPv6 MPLS L3VPN), 387 configuring LDP GR (MPLS), 21 configuring LDP (MPLS L3VPN), 265 configuring MPLS, 1 configuring LDP (VPLS), 206...
Page 458 configuring PE and CE IPv6 IS-IS, 388 advertisement mode (MPLS), 4 configuring PE and CE OSPFv3, 388 configuring filtering (LDP MPLS), 16 configuring PE and CE RIPng, 388 configuring label acceptance control (LDP MPLS), 16 configuring PE and CE routing, 387 configuring label advertisement control (LDP configuring PE and CE static routing, 387 MPLS), 17...
Page 459 operation (MPLS), 7, 7 MPLS, 2 path vector (MPLS), 15 setting up tunnel (RSVP-TE MPLS TE), 43 resetting session (MPLS), 18 restarting with GR (MPLS), 23 configuring TTL processing mode (MPLS), 19 session establishment (MPLS), 7 MPLS, 2 session maintenance (MPLS), 7 session termination (MPLS), 7 MAC address learning MAC address (VPLS), 198...
Page 460 configuring static routing between MCE and displaying operation, 27 VPN site, 282 enabling, 10 MD5 (configuring LDP authentication (MPLS), 16 enabling trap, 27 message establishing dynamic LSP through LDP, 11 configuring LDP GR (MPLS), 21 establishing LSP, 3 LDP message type (MPLS), 7 FEC, 1 RSVP refresh mechanism (RSVP-TE MPLS forwarding, 5...
Page 461 configuring HDLC encapsulation, 156 configuring BGP VPNv4 subaddress family routing, 271 configuring Kompella, 164, 188 configuring BGP VPNv4 subaddress family configuring Kompella local connection, 190 specific routing, 272 configuring local CCC connection, 157, 168 configuring carrier's carrier, 337 configuring Martini, 161 configuring FRR, 291 configuring Martini VC redundancy, 181 configuring HoVPN, 279, 355...
Page 462 inter-AS option A, 245 configuring failed link timer, 70 inter-AS option B, 246 configuring FRR, 73 inter-AS option C, 247 configuring FRR polling timer, 75 inter-AS VPN, 245 configuring IS-IS TE, 56 IPv6. See IPv6 MPLS L3VPN configuring label recording, 66 maintaining, 292 configuring loop detection, 66 MP-BGP, 240...
Page 463 PSB timeout (RSVP-TE), 44 CE and PE routing information exchange (IPv6 MPLS L3VPN), 382 reoptimizing, 41 clearing statistics (MPLS), 30 route pinning (CR-LSP), 40 configuring administrative group (CR-LSP MPLS RSB timeout (RSVP-TE), 44 TE), 64 RSVP refresh mechanism (RSVP-TE), 43 configuring affinity attribute (CR-LSP MPLS RSVP-TE, 41 TE), 64...
Page 464 configuring inter-AS VPN ASBR PE routing configuring OSPF (MPLS TE), 56 policy (MPLS L3VPN), 277 configuring OSPF loopback interface (MPLS configuring inter-AS VPN option A (MPLS L3VPN), 280 L3VPN), 274 configuring OSPF sham link (MPLS configuring inter-AS VPN option B (MPLS L3VPN), 280, 362 L3VPN), 275 configuring PE and CE EBGP (IPv6 MPLS...
Page 465 configuring RSVP-TE resource reservation establishing path (MPLS TE), 39 confirmation (MPLS TE), 61 establishing RSVP-TE tunnel (MPLS TE), 59 configuring RSVP-TE state timer (MPLS extranet networking scheme (MPLS L3VPN), 243 TE), 60 FEC (MPLS), 1 configuring static LSP (MPLS), 10 forwarding (MPLS), 5 configuring traffic forwarding (MPLS TE), 67 forwarding packet (MPLS TE), 39...
Page 466 managing forwarding (MPLS), 18 RSVP-TE resource reservation style (MPLS TE), 46 maximum hop count (MPLS), 15 RSVP-TE soft state (MPLS TE), 46 MP-BGP (MPLS L3VPN), 240 scheme (IPv6 MPLS L3VPN), 382 MPLS structure, 2 setting up LSP tunnel (RSVP-TE MPLS TE), 43 nested VPN (MPLS L3VPN), 250 site (MPLS L3VPN), 238 networking scheme (MPLS L3VPN), 241...
Page 467 configuring inter-AS IPv6 VPN (IPv6 MPLS sending back ICMP TTL exceeded messages L3VPN), 392, 414 (MPLS), 21 configuring inter-AS VPN (MPLS L3VPN), 274 parameter inter-AS (MPLS L3VPN), 245 configuring local LDP session parameter (MPLS), 12 option B configuring remote LDP session parameter configuring inter-AS (MPLS L3VPN), 326 (MPLS), 12 configuring inter-AS VPN (MPLS L3VPN), 275...
Page 468 configuring PE and PE routing (MPLS configuring affinity attribute (CR-LSP MPLS L3VPN), 270 TE), 64 OSPF multi-instance on PE (MPLS configuring ATM AAL5 frame encapsulation L3VPN), 254 (MPLS L2VPN), 157 PE and CE routing information exchange configuring BFD for LDP (MPLS), 18 (IPv6 MPLS L3VPN), 382 configuring BFD for primary link (H-VPLS), 227 PE and PE routing information exchange...
Page 469 configuring HoVPN (MPLS L3VPN), 279, 355 configuring IS-IS between MCE and VPN site, 284 configuring hub-spoke network (MPLS L3VPN), 314 configuring IS-IS TE (MPLS TE), 56 configuring IBGP between MCE and PE, 289 configuring Kompella (MPLS L2VPN), 164, 188 configuring IBGP between MCE and VPN configuring Kompella local connection(MPLS site, 285 L2VPN), 190...
Page 470 configuring nested VPN (MPLS configuring primary and backup SVCs on Layer 3 L3VPN), 277, 344 interface (MPLS L2VPN), 159 configuring node protection (MPLS TE), 75 configuring PW redundancy for H-VPLS (VPLS), 223 configuring OSPF (MPLS TE), 56 configuring remote CCC connection (MPLS configuring OSPF between MCE and PE, 287 L2VPN), 157, 170 configuring OSPF between MCE and VPN...
Page 471 configuring VPN instance (IPv6 MPLS optimizing forwarding (MPLS), 18 L3VPN), 383 redistributing OSPF loopback interface route into configuring VPN instance (MPLS BGP (MPLS L3VPN), 280 L3VPN), 261 resetting BGP connection (IPv6 MPLS configuring VPN instance route related L3VPN), 401 attribute (IPv6 MPLS L3VPN), 384 resetting BGP connection (MPLS L3VPN), 292 configuring VPN instance route related resetting BGP connection (VPLS), 208...
Page 472 refresh mechanism (configuring RSVP-TE MPLS CE and PE routing information exchange (IPv6 TE), 60 MPLS L3VPN), 382 remote peer configuring BGP VPNv4 subaddress family (MPLS L3VPN), 271 configuring for PE (Martini MPLS L2VPN), 162 configuring BGP VPNv4 subaddress family reoptimizing (configuring CR-LSPMPLS TE), 65 common feature (MPLS L3VPN), 271 reservation configuring BGP VPNv4 subaddress family...
Page 473 configuring PE and CE (MPLS L3VPN), 265 information advertisement (IPv6 MPLS L3VPN), 382 configuring PE and CE EBGP (IPv6 MPLS L3VPN), 389 information advertisement (MPLS L3VPN), 244 configuring PE and CE EBGP (MPLS information exchange CE to PE (MPLS L3VPN), 268 L3VPN), 244 configuring PE and CE IBGP (MPLS information exchange PE to PE (MPLS...
Page 474 RSB timeout (MPLS TE), 44 configuring IPv6 static routing between IPv6 MCE and VPN site, 395 RSVP refresh mechanism (MPLS TE), 43 configuring PE and CE (IPv6 MPLS L3VPN), 387 setting up LSP tunnel (MPLS TE), 43 configuring PE and CE (MPLS L3VPN), 265 soft state (MPLS TE), 46 configuring static routing between MCE and PE, 287...
Page 475 configuring forwarding (MPLS TE), 67 RSVP-TE resource reservation style (MPLS TE), 46 configuring forwarding tuning parameter (MPLS TE), 70 RSVP-TE soft state (MPLS TE), 46 configuring IS-IS TE (MPLS TE), 56 setting up LSP tunnel (RSVP-TE MPLS TE), 43 configuring OSPF (MPLS TE), 56 static route forwarding along tunnel (MPLS TE), 67 configuring route pinning (CR-LSP MPLS...
Page 476 configuring for service instance (MPLS CE and PE routing information exchange (IPv6 L2VPN), 192 MPLS L3VPN), 382 creating Martini for service instance (MPLS configuring (Kompella MPLS L2VPN), 164 L2VPN), 163 configuring BGP (VPLS), 207 creating Martini on Layer 3 interface (MPLS configuring BGP AS number substitution (MPLS L2VPN), 162 L3VPN), 290, 371, 374...
Page 477 configuring inter-AS IPv6 VPN option C (IPv6 configuring OSPF loopback interface (MPLS MPLS L3VPN), 393, 393, 419 L3VPN), 280 configuring inter-AS option A (MPLS configuring OSPF sham link (MPLS L3VPN), 322 L3VPN), 280, 362 configuring inter-AS option B (MPLS configuring OSPFv3 between IPv6 MCE and L3VPN), 326 PE, 399 configuring inter-AS option C (MPLS...
Page 478 HoVPN network model (MPLS L3VPN), 252 HoVPN recursion (MPLS L3VPN), 254 HoVPN SPE-UPE (MPLS L3VPN), 253 hub-spoke networking scheme (MPLS L3VPN), 242 implementing HoVPN (MPLS L3VPN), 253 instance (MPLS L3VPN), 238 inter-AS (MPLS L3VPN), 245 inter-AS option A (MPLS L3VPN), 245 inter-AS option B (MPLS L3VPN), 246 inter-AS option C (MPLS L3VPN), 247 loop avoidance (VPLS), 199...

HP HSR6800 Configuration Manual

Configuring Basic MPLS

Configuring MPLS te

Configuring MPLS L2VPN

Configuring VPLS

Configuring MPLS L3VPN

Configuring Ipv6 MPLS L3VPN

Quick Links

Troubleshooting

Related Manuals for HP HSR6800

Summary of Contents for HP HSR6800