Page 1 HP MSR Router Series MPLS Configuration Guide(V7) Part number: 5998-5680 Software version: CMW710-R0106 Document version: 6PW100-20140607...
Page 2 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Page 3: Table Of Contents
Contents Configuring basic MPLS ·············································································································································· 1 Overview ············································································································································································ 1 Basic concepts ·························································································································································· 1 MPLS network architecture ······································································································································ 2 LSP establishment ······················································································································································ 3 MPLS forwarding ······················································································································································ 4 PHP ············································································································································································· 4 Protocols and standards ·········································································································································· 5 ...
Page 4 Configuring a label acceptance policy ······················································································································· 30 Configuring LDP loop detection ···································································································································· 31 Configuring LDP session protection ······························································································································ 32 Configuring LDP GR ······················································································································································· 33 Configuring LDP NSR ····················································································································································· 33 Configuring LDP-IGP synchronization ·························································································································· 33 Configuring LDP-OSPF synchronization ··············································································································...
Page 5 Configuring MPLS TE FRR ·············································································································································· 81 Enabling FRR ·························································································································································· 81 Configuring a bypass tunnel on the PLR ············································································································· 82 Configuring node fault detection ························································································································· 85 Configuring the optimal bypass tunnel selection interval ·················································································· 86 Enabling SNMP notifications for MPLS TE ··················································································································· 86 ...
Page 6 Tunnel selection order configuration example ································································································· 163 Preferred tunnel and tunnel selection order configuration example ······························································ 164 Configuring MPLS L3VPN ······································································································································· 166 Overview ······································································································································································· 166 Basic MPLS L3VPN architecture ························································································································· 166 MPLS L3VPN concepts ········································································································································ 167 ...
Page 7 Configuring MCE ················································································································································ 284 Configuring BGP AS number substitution ········································································································· 290 Configuring BGP AS number substitution and SoO attribute ········································································· 293 Configuring MPLS L3VPN FRR through VPNv4 route backup for a VPNv4 route ········································ 296 Configuring MPLS L3VPN FRR through VPNv4 route backup for an IPv4 route ··········································· 298 ...
Page 8 Configuring a cross-connect ······································································································································· 382 Configuring a PW ························································································································································ 383 Configuring a PW class ······································································································································ 383 Configuring a static PW ····································································································································· 383 Configuring an LDP PW ······································································································································ 384 Configuring a BGP PW ······································································································································ 384 Configuring a remote CCC connection ············································································································...
Page 9 Displaying and maintaining MPLS protection switching ·························································································· 437 MPLS protection switching configuration example ··································································································· 438 Support and other resources ·································································································································· 442 Contacting HP ······························································································································································ 442 Subscription service ············································································································································ 442 Related information ······················································································································································ 442 Documents ···························································································································································· 442 ...
Page 10: Configuring Basic Mpls
Configuring basic MPLS In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. Overview Multiprotocol Label Switching (MPLS) provides connection-oriented label switching over connectionless IP backbone networks. It integrates both the flexibility of IP routing and the simplicity of Layer 2 switching.
Page 11: Mpls Network Architecture
A router that performs MPLS forwarding is a label switching router (LSR). A label switched path (LSP) is the path along which packets of an FEC travel through an MPLS network. An LSP is a unidirectional packet forwarding path. Two neighboring LSRs are called the upstream LSR and downstream LSR along the direction of an LSP.
Page 12: Lsp Establishment
Ingress LSR—Ingress LSR of packets. It labels packets entering into the MPLS network. • • Transit LSR—Intermediate LSRs in the MPLS network. The transit LSRs on an LSP forward packets to the egress LSR according to labels. Egress LSR—Egress LSR of packets. It removes labels from packets and forwards the packets to their •...
Page 13: Mpls Forwarding
MPLS forwarding Figure 5 MPLS forwarding As shown in Figure 5, a packet is forwarded over the MPLS network as follows: Router B (the ingress LSR) receives a packet with no label. It then does the following: Identifies the FIB entry that matches the destination address of the packet. Adds the outgoing label (40, in this example) to the packet.
Page 14: Protocols And Standards
One LFIB lookup and one FIB lookup (if the packet has only one label). • The penultimate hop popping (PHP) feature can pop the label at the penultimate node, so the egress node only performs one table lookup. A PHP-capable egress node sends the penultimate node an implicit null label of 3. This label never appears in the label stack of packets.
Page 15: Configuring Mpls Mtu
By default, no LSR ID is configured. An LSR ID must be unique in an MPLS Configure an LSR ID for the local network and in IP address format. HP mpls lsr-id lsr-id node. recommends that you use the IP address of a loopback interface as an LSR ID.
Page 16: Specifying The Label Type Advertised By The Egress
Configuration guidelines If the penultimate hop supports PHP, HP recommends that you configure the egress to advertise an implicit null label to the penultimate hop. If you want to simplify packet forwarding on the egress but keep labels to determine QoS policies, configure the egress to advertise an explicit null label to the penultimate hop.
Page 17 MPLS network. Figure 7 Without TTL propagation Follow these guidelines when you configure TTL propagation: HP recommends setting the same TTL processing mode on all LSRs of an LSP. • • To enable TTL propagation for a VPN, you must enable it on all PE devices in the VPN, so that you can get the same traceroute result (hop count) from those PEs.
Page 18: Enabling Sending Of Mpls Ttl-Expired Messages
Step Command Remarks By default, TTL propagation is enabled only for public-network packets. mpls ttl propagate { public | This command affects only the propagation Enable TTL propagation. vpn } between IP TTL and label TTL. Within an MPLS network, TTL is always copied between the labels of an MPLS packet.
Page 19: Enabling Mpls Label Forwarding Statistics
Enabling MPLS label forwarding statistics MPLS label forwarding forwards a labeled packet based on its incoming label. Perform this task to enable MPLS label forwarding statistics and MPLS statistics reading, so that you can use the display mpls lsp verbose command to view MPLS label statistics. To enable MPLS label forwarding statistics: Step Command...
Page 20 Display MPLS summary information. display mpls summary Display ILM entries display mpls forwarding ilm [ label ] (MSR2000/MSR3000). Display ILM entries (MSR4000). display mpls forwarding ilm [ label ] [ slot slot-number ] Display NHLFE entries display mpls forwarding nhlfe [ nid ] (MSR2000/MSR3000).
Page 21: Configuring A Static Lsp
Configuring a static LSP Overview A static label switched path (LSP) is established by manually specifying the incoming label and outgoing label on each node (ingress, transit, or egress node) of the forwarding path. Static LSPs consume fewer resources, but they cannot automatically adapt to network topology changes. Therefore, static LSPs are suitable for small and stable networks with simple topologies.
Page 22: Displaying Static Lsps
Step Command Remarks static-lsp ingress lsp-name destination If you specify a next hop for the Configure dest-addr { mask | mask-length } { nexthop static LSP, make sure the ingress ingress node of the next-hop-addr | outgoing-interface node has an active route to the static LSP.
Page 23 A route to the destination address of the LSP must be available on the ingress node, but it is not needed on transit and egress nodes. Therefore, you do not need to configure a routing protocol to ensure IP connectivity among all routers. Configuration procedure Configure IP addresses for all interfaces, including the loopback interfaces, as shown in Figure...
Page 24 [RouterB] static-lsp transit CtoA in-label 40 nexthop 10.1.1.1 out-label 70 # Configure the LSP egress node, Router A. [RouterA] static-lsp egress CtoA in-label 70 Verifying the configuration # Display static LSP information on routers, for example, on Router A. [RouterA] display mpls static-lsp Total: 2 Name In/Out Label Nexthop/Out Interface...
Page 25: Configuring Ldp
Configuring LDP In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. Overview The Label Distribution Protocol (LDP) dynamically distributes FEC-label mapping information between LSRs to establish LSPs.
Page 26: Ldp Operation
Discovery messages—Declare and maintain the presence of LSRs, such as Hello messages. • • Session messages—Establish, maintain, and terminate sessions between LDP peers, such as Initialization messages used for parameter negotiation and Keepalive messages used to maintain sessions. Advertisement messages—Create, alter, and remove FEC-label mappings, such as Label Mapping •...
Page 27: Label Distribution And Control
Figure 9 Dynamically establishing an LSP Label distribution and control Label advertisement modes Figure 10 Label advertisement modes LDP advertises label-FEC mappings in one of the following ways: Downstream Unsolicited (DU) mode—Distributes FEC-label mappings to the upstream LSR, without • waiting for label requests.
Page 28 Label distribution control LDP controls label distribution in one of the following ways: • Independent label distribution—Distributes an FEC-label mapping to an upstream LSR at any time. An LSR might distribute a mapping for an FEC to its upstream LSR before it receives a label mapping for that FEC from its downstream LSR.
Page 29: Ldp Gr
LDP GR LDP Graceful Restart enables an LSR to retain MPLS forwarding entries during an LDP restart, ensuring continuous MPLS forwarding. Figure 12 LDP GR As shown in Figure 12, GR defines the following roles: GR restarter—An LSR that performs GR. It must be GR-capable. •...
Page 30: Ldp Nsr
LDP NSR The following matrix shows the feature and hardware compatibility: Hardware LDP NSR compatibility MSR2000 MSR3000 MSR4000 LDP nonstop routing (NSR) backs up protocol states and data (including LDP session and LSP information) from the active process to the standby process. When the LDP primary process fails, the backup process seamlessly takes over primary processing.
Page 31: Ldp-Igp Synchronization
With LDP NSR, LDP peers of the local device are not notified of any switchover event on the local device. The local device does not require help from a peer to restore the MPLS forwarding information. With LDP GR, the LDP peer must be able to identify the GR capability flag (in the Initialization message) of the GR restarter.
Page 32: Ldp Frr
When IGP route convergence occurs, LDP establishes a new LSP according to the optimal path. If a new LSP is not established after IGP route convergence, traffic forwarding might be interrupted. Therefore, HP recommends that you enable LDP-IGP synchronization to work with LDP FRR to reduce traffic interruption.
Page 33: Enabling Ldp
Tasks at a glance (Optional.) Configuring Hello parameters (Optional.) Configuring LDP session parameters (Optional.) Configuring LDP backoff (Optional.) Configuring LDP MD5 authentication (Optional.) Configuring LDP to redistribute BGP IPv4 unicast routes (Optional.) Configuring an LSP generation policy (Optional.) Configuring the LDP label distribution control mode (Optional.) Configuring a label advertisement policy (Optional.)
Page 34: Enabling Ldp On An Interface
Enabling LDP on an interface Step Command Remarks Enter system view. system-view If the interface is bound to a VPN instance, you must enable LDP for the VPN Enter interface view. interface interface-type interface-number instance by using the vpn-instance command in LDP view.
Page 35: Configuring Ldp Session Parameters
Configuring LDP session parameters This task configures the following LDP session parameters: Keepalive hold time and Keepalive interval. • LDP transport address—IP address for establishing TCP connections. • LDP uses Basic Discovery and Extended Discovery mechanisms to discovery LDP peers and establish LDP sessions with them.
Page 36: Configuring Ldp Backoff
Step Command Remarks Specify an LDP peer and enter LDP peer view. The device will By default, the device does not send unsolicited Targeted Hellos send Targeted Hellos to or targeted-peer peer-lsr-id to the peer and can respond to receive Targeted Hellos from Targeted Hellos sent from the any peer.
Page 37: Configuring Ldp To Redistribute Bgp Ipv4 Unicast Routes
Step Command Remarks Enter system view. system-view • Enter LDP view: mpls ldp Enter LDP view or enter • Enter LDP-VPN instance view: LDP-VPN instance view. mpls ldp vpn-instance vpn-instance-name Enable md5-authentication peer-lsr-id { cipher | By default, LDP MD5 authentication.
Page 38: Configuring The Ldp Label Distribution Control Mode
Use the routes permitted by an IP prefix list to establish LSPs. For information about IP prefix list • configuration, see Layer 3—IP Routing Configuration Guide. Use only host routes with a 32-bit mask to establish LSPs. • By default, LDP uses only host routes with a 32-bit mask to establish LSPs. The other two methods can result in more LSPs than the default policy.
Page 39: Configuring A Label Acceptance Policy
A label advertisement policy on an LSR and a label acceptance policy on its upstream LSR can achieve the same purpose. HP recommends that you use label advertisement policies to reduce network load if downstream LSRs support label advertisement control.
Page 40: Configuring Ldp Loop Detection
A label advertisement policy on an LSR and a label acceptance policy on its upstream LSR can achieve the same purpose. HP recommends using the label advertisement policy to reduce network load. You must create an IP prefix list before you configure a label acceptance policy. For information about IP prefix list configuration, see Layer 3—IP Routing Configuration Guide.
Page 41: Configuring Ldp Session Protection
Step Command Remarks • Enter LDP view: mpls ldp Enter LDP view or enter • Enter LDP-VPN instance view: LDP-VPN instance view. mpls ldp vpn-instance vpn-instance-name By default, loop detection is disabled. After loop detection is Enable loop detection. loop-detect enabled, the device uses both the maximum hop count and the path vector methods to...
Page 42: Configuring Ldp Gr
State Holding time is 180 seconds. timer for LDP GR. Configuring LDP NSR The following matrix shows the feature and hardware compatibility: Hardware LDP NSR compatibility MSR2000 MSR3000 MSR4000 To configure LDP NSR: Step Command Remarks Enter system view.
Page 43 To configure LDP-OSPF synchronization for an OSPF process: Step Command Remarks Enter system view. system-view ospf [ process-id | router-id Enter OSPF view. router-id ] * Enable LDP-OSPF By default, LDP-OSPF synchronization mpls ldp sync synchronization. is disabled. Return to system view. quit interface interface-type Enter interface view.
Page 44: Configuring Ldp-Isis Synchronization
Step Command Remarks (Optional.) Set the maximum delay for LDP to notify IGP of By default, the maximum notification the LDP-IGP synchronization igp sync delay on-restart time delay is 90 seconds. status after an LDP restart or active/standby switchover. Configuring LDP-ISIS synchronization LDP-IGP synchronization is not supported for an IS-IS process that belongs to a VPN instance.
Page 45: Specifying A Dscp Value For Outgoing Ldp Packets
Configuration Guide. Displaying and maintaining LDP Execute display commands in any view. Task Command display mpls ldp discovery [ vpn-instance vpn-instance-name ] Display LDP discovery information [ interface interface-type interface-number | peer peer-lsr-id | (MSR2000/MSR3000). targeted-peer peer-lsr-id ] [ verbose ]...
Page 46: Ldp Configuration Examples
] [ verbose ] [ standby slot slot-number ] Display LDP FEC-label mapping display mpls ldp fec [ vpn-instance vpn-instance-name ] information (MSR2000/MSR3000). [ destination-address mask-length | summary ] display mpls ldp fec [ vpn-instance vpn-instance-name ] Display LDP FEC-label mapping [ destination-address mask-length | summary ] [ standby slot information (MSR4000).
Page 47 Figure 17 Network diagram Requirements analysis To ensure that the LSRs establish LSPs automatically, enable LDP on each LSR. • To establish LDP LSPs, configure a routing protocol to ensure IP connectivity between the LSRs. This • example uses OSPF. To control the number of LSPs, configure an LSP generation policy on each LSR.
Page 48 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit # Verify that the routers have learned the routes to each other. For example, on Router A: [RouterA] display ip routing-table Destinations : 21 Routes : 21 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 127.0.0.1 InLoop0 1.1.1.9/32 Direct 0...
Page 49 [RouterB-Serial2/1/1] mpls ldp enable [RouterB-Serial2/1/1] quit # Configure Router C. [RouterC] mpls lsr-id 3.3.3.9 [RouterC] mpls ldp [RouterC-ldp] quit [RouterC] interface serial 2/1/0 [RouterC-Serial2/1/0] mpls enable [RouterC-Serial2/1/0] mpls ldp enable [RouterC-Serial2/1/0] quit Configure LSP generation policies: # On Router A, create IP prefix list routera, and configure LDP to use only the routes permitted by the prefix list to establish LSPs.
Page 50: Label Acceptance Control Configuration Example
In/Out Label Nexthop OutInterface 1.1.1.9/32 -/1279(L) 2.2.2.9/32 10.1.1.2 S2/1/0 1279/3 10.1.1.2 S2/1/0 3.3.3.9/32 -/1278 10.1.1.2 S2/1/0 1278/1278 10.1.1.2 S2/1/0 11.1.1.0/24 1277/- -/1277(L) 21.1.1.0/24 -/1276 10.1.1.2 S2/1/0 1276/1276 10.1.1.2 S2/1/0 # Test the connectivity of the LDP LSP from Router A to Router C. [RouterA] ping mpls -a 11.1.1.1 ipv4 21.1.1.0 24 MPLS Ping FEC: 21.1.1.0/24 : 100 data bytes 100 bytes from 20.1.1.2: Sequence=1 time=1 ms...
Page 51 Figure 18 Network diagram Requirements analysis To ensure that the LSRs establish LSPs automatically, enable LDP on each LSR. • To establish LDP LSPs, configure a routing protocol to ensure IP connectivity between the LSRs. This • example uses OSPF. To ensure that LDP establishes LSPs only for the routes 1 1.1.1.0/24 and 21.1.1.0/24, configure LSP •...
Page 52 [RouterA-Serial2/1/1] mpls ldp enable [RouterA-Serial2/1/1] quit # Configure Router B. <RouterB> system-view [RouterB] mpls lsr-id 2.2.2.9 [RouterB] mpls ldp [RouterB-ldp] quit [RouterB] interface serial 2/1/0 [RouterB-Serial2/1/0] mpls enable [RouterB-Serial2/1/0] mpls ldp enable [RouterB-Serial2/1/0] quit [RouterB] interface serial 2/1/1 [RouterB-Serial2/1/1] mpls enable [RouterB-Serial2/1/1] mpls ldp enable [RouterB-Serial2/1/1] quit # Configure Router C.
Page 53 [RouterA-ldp] lsp-trigger prefix-list routera [RouterA-ldp] quit # On Router B, create IP prefix list routerb, and configure LDP to use only the routes permitted by the prefix list to establish LSPs. [RouterB] ip prefix-list routerb index 10 permit 11.1.1.0 24 [RouterB] ip prefix-list routerb index 20 permit 21.1.1.0 24 [RouterB] mpls ldp [RouterB-ldp] lsp-trigger prefix-list routerb...
Page 54: Label Advertisement Control Configuration Example
[RouterC-ldp] quit Verifying the configuration # Display LDP LSP information on routers, for example, on Router A. [RouterA] display mpls ldp lsp Status Flags: * - stale, L - liberal, B - backup FECs: 2 Ingress: 1 Transit 1 Egress: 1 In/Out Label Nexthop OutInterface...
Page 55 Configure LDP to establish LSPs only on the link Router A—Router B—Router C to forward traffic between subnets 1 1.1.1.0/24 and 21.1.1.0/24. Figure 19 Network diagram Requirements analysis To ensure that the LSRs establish LSPs automatically, enable LDP on each LSR. •...
Page 56 [RouterA] interface serial 2/1/1 [RouterA-Serial2/1/1] mpls enable [RouterA-Serial2/1/1] mpls ldp enable [RouterA-Serial2/1/1] quit # Configure Router B. <RouterB> system-view [RouterB] mpls lsr-id 2.2.2.9 [RouterB] mpls ldp [RouterB-ldp] quit [RouterB] interface serial 2/1/0 [RouterB-Serial2/1/0] mpls enable [RouterB-Serial2/1/0] mpls ldp enable [RouterB-Serial2/1/0] quit [RouterB] interface serial 2/1/1 [RouterB-Serial2/1/1] mpls enable [RouterB-Serial2/1/1] mpls ldp enable...
Page 57 [RouterA] ip prefix-list routera index 20 permit 21.1.1.0 24 [RouterA] mpls ldp [RouterA-ldp] lsp-trigger prefix-list routera [RouterA-ldp] quit # On Router B, create IP prefix list routerb, and configure LDP to use only the routes permitted by the prefix list to establish LSPs. [RouterB] ip prefix-list routerb index 10 permit 11.1.1.0 24 [RouterB] ip prefix-list routerb index 20 permit 21.1.1.0 24 [RouterB] mpls ldp...
Page 58 [RouterC-ldp] quit # On Router D, create an IP prefix list prefix-to-a that denies subnet 21.1.1.0/24. Router D uses this list to filter FEC-label mappings to be advertised to Router A. [RouterD] ip prefix-list prefix-to-a index 10 deny 21.1.1.0 24 [RouterD] ip prefix-list prefix-to-a index 20 permit 0.0.0.0 0 less-equal 32 # On Router D, create an IP prefix list peer-a that permits 1.1.1.9/32.
Page 59 In/Out Label Nexthop OutInterface 11.1.1.0/24 -/1277 20.1.1.1 S2/1/0 1148/1277 20.1.1.1 S2/1/0 21.1.1.0/24 1149/- -/1276(L) -/1150(L) [RouterD] display mpls ldp lsp Status Flags: * - stale, L - liberal, B - backup FECs: 2 Ingress: 0 Transit: 0 Egress: 2 In/Out Label Nexthop OutInterface 11.1.1.0/24...
Page 60: Ldp Frr Configuration Example
LDP FRR configuration example Network requirements Router S, Router A, and Router D reside in the same OSPF domain. Configure OSPF FRR so LDP can establish a primary LSP and a backup LSP on the Router S—Router D and the Router S—Router A—Router D links, respectively.
Page 61 # Configure Router D. <RouterD> system-view [RouterD] bfd echo-source-ip 11.11.11.11 [RouterD] ospf 1 [RouterD-ospf-1] fast-reroute lfa [RouterD-ospf-1] quit (Method 2.) Enable OSPF FRR to specify a backup next hop by using a routing policy: # Configure Router S. <RouterS> system-view [RouterS] bfd echo-source-ip 10.10.10.10 [RouterS] ip prefix-list abc index 10 permit 21.1.1.0 24 [RouterS] route-policy frr permit node 10...
Page 62 [RouterD-mpls-ldp] quit [RouterD] interface gigabitethernet 2/1/1 [RouterD-GigabitEthernet2/1/1] mpls enable [RouterD-GigabitEthernet2/1/1] mpls ldp enable [RouterD-GigabitEthernet2/1/1] quit [RouterD] interface gigabitethernet 2/1/2 [RouterD-GigabitEthernet2/1/2] mpls enable [RouterD-GigabitEthernet2/1/2] mpls ldp enable [RouterD-GigabitEthernet2/1/2] quit # Configure Router A. [RouterA] mpls lsr-id 2.2.2.2 [RouterA] mpls ldp [RouterA-mpls-ldp] quit [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] mpls enable [RouterA-GigabitEthernet2/1/1] mpls ldp enable...
Page 63: Configuring Mpls Te
Configuring MPLS TE Overview TE and MPLS TE Network congestion can degrade the network backbone performance. It might occur when network resources are inadequate or when load distribution is unbalanced. Traffic engineering (TE) is intended to avoid the latter situation where partial congestion might occur because of improper resource allocation. TE can make the best use of network resources and avoid uneven load distribution by the following: Real-time monitoring of traffic and traffic load on network elements.
Page 64 A label distribution protocol (such as RSVP-TE) advertises labels to establish CRLSPs and reserve bandwidth resources on each node along the calculated path. Dynamic CRLSPs adapt to network changes and support CRLSP backup and fast reroute, but they require complicated configurations. Advertising TE attributes MPLS TE uses extended link state IGPs, such as OSPF and IS-IS, to advertise TE attributes for links.
Page 65: Traffic Forwarding
To avoid flapping caused by improper preemptions, the setup priority value of a tunnel must be equal to or greater than the holding priority value. Explicit path • Explicit path specifies the nodes to pass and the nodes to not pass for a tunnel. Explicit paths include the following types: Strict explicit path—Among the nodes that the path must traverse, a node and its previous hop must be connected directly.
Page 66: Make-Before-Break
tunnel can participate IGP routing calculation. Automatic route advertisement is easy to configure and maintain. Automatic route advertisement can be implemented by using the following methods: IGP shortcut—Also known as AutoRoute Announce. It considers the MPLS TE tunnel as a link that •...
Page 67: Route Pinning
CRLSPs separately. The make-before-break mechanism uses the SE resource reservation style to address this problem. The resource reservation style refers to the style in which RSVP-TE reserves bandwidth resources during CRLSP establishment. The resource reservation style used by an MPLS TE tunnel is determined by the ingress node, and is advertised to other nodes through RSVP.
Page 68: Automatic Bandwidth Adjustment
MPLS TE sets up the tunnel on another path. When the link has enough bandwidth, the tunnel optimization function can switch the MPLS TE tunnel to the optimal path. Automatic bandwidth adjustment Because users cannot estimate accurately how much traffic they need to transmit through a service provider network, the service provider should be able to do the following: Create MPLS TE tunnels with the bandwidth initially requested by the users.
Page 69: Diffserv-Aware Te
DS-TE defines different bandwidth constraints for class types. It maps each traffic class type to the CRLSP that is constraint-compliant for the class type. The device supports these DS-TE modes: Prestandard mode—HP proprietary DS-TE. • IETF mode—Complies with RFC 4124, RFC 4125, and RFC 4127.
Page 70 Basic concepts CT—Class Type. DS-TE allocates link bandwidth, implements constraint-based routing, and • performs admission control on a per class type basis. A given traffic flow belongs to the same CT on all links. • BC—Bandwidth Constraint. BC restricts the bandwidth for one or more CTs. Bandwidth constraint model—Algorithm for implementing bandwidth constraints on different CTs.
Page 71: Bidirectional Mpls Te Tunnel
Figure 25 RDM bandwidth constraints model In MAM model, a BC constrains the bandwidth for only one CT. This ensures bandwidth isolation among CTs no matter whether preemption is used or not. Compared with RDM, MAM is easier to configure. MAM is suitable for networks where traffic of each CT is stable and no traffic bursts occur.
Page 72: Protocols And Standards
During the delivery of the Resv message, a CRLSP in the other direction is established. The CRLSPs of a bidirectional MPLS TE tunnel established in co-routed mode use the same path. Associated mode—In this mode, you establish a bidirectional MPLS TE tunnel by binding two •...
Page 73: Enabling Mpls Te
On the ingress node of the MPLS TE tunnel, configure RSVP-TE to establish a CRLSP based on the tunnel constraints and link TE attributes. On the ingress node of the MPLS TE tunnel, configure static routing, PBR, or automatic route advertisement to direct traffic to the MPLS TE tunnel.
Page 74: Configuring A Tunnel Interface
Step Command Remarks Enable MPLS TE and enter MPLS mpls te By default, MPLS TE is disabled. TE view. Return to system view. quit interface interface-type Enter interface view. interface-number By default, MPLS TE is disabled Enable MPLS TE for the interface. mpls te enable on an interface.
Page 75: Configuring An Mpls Te Tunnel To Use A Static Crlsp
Table 1 Default TE classes in IETF mode TE Class Priority Configuring an MPLS TE tunnel to use a static CRLSP To configure an MPLS TE tunnel to use a static CRLSP, perform the following tasks: Establish the static CRLSP. •...
Page 76: Configuration Task List
Establish the CRLSP by using the signaling protocol RSVP-TE. • You must configure the IGP TE extension to form a TEDB. Otherwise, the path is created based on IGP routing rather than computed by CSPF. Configuration task list To establish an MPLS TE tunnel by using a dynamic CRLSP: Tasks at a glance (Required.) Configuring MPLS TE attributes for a link...
Page 77: Advertising Link Te Attributes By Using Igp Te Extension
Step Command Remarks • Configure the maximum reservable bandwidth of the link (BC 0) and BC 1 in RDM model of the prestandard DS-TE: mpls te max-reservable-bandwidth bandwidth-value [ bc1 bc1-bandwidth ] Use one command according • Configure the maximum reservable to the DS-TE mode and BC bandwidth of the link and the BCs in model configured in...
Page 78: Configuring Mpls Te Tunnel Constraints
Step Command Remarks Enter area view. area area-id Enable MPLS TE for the OSPF By default, an OSPF area does not mpls te enable area. support MPLS TE. Configuring IS-IS TE IS-IS TE uses a sub-TLV of the extended IS reachability TLV (type 22) to carry TE attributes. Because the extended IS reachability TLV carries wide metrics, specify a wide metric-compatible metric style for the IS-IS process before enabling IS-IS TE.
Page 79 Step Command Remarks Configure bandwidth required By default, no bandwidth is mpls te bandwidth [ ct0 | ct1 | ct2 for the tunnel, and specify a CT assigned, and the class type is CT | ct3 ] bandwidth for the tunnel's traffic. Configuring the affinity attribute for an MPLS TE tunnel The associations between the link attribute and the affinity attribute might vary by vendor.
Page 80: Establishing An Mpls Te Tunnel By Using Rsvp-Te
Step Command Remarks Create an explicit path and By default, no explicit path exists explicit-path path-name enter its view. on the device. By default, an explicit path is Enable the explicit path. undo disable enabled. By default, an explicit path does not include any node.
Page 81 Configuring the metric type for path selection Each MPLS TE link has two metrics: IGP metric and TE metric. By planning the two metrics, you can select different tunnels for different classes of traffic. For example, use the IGP metric to represent a link delay (a smaller IGP metric value indicates a lower link delay), and use the TE metric to represent a link bandwidth value (a smaller TE metric value indicates a bigger link bandwidth value).
Page 82 Step Command Remarks Enter MPLS TE tunnel interface interface tunnel tunnel-number view. [ mode mpls-te ] By default, route pinning is Enable route pinning. mpls te route-pinning disabled. Configuring tunnel reoptimization Tunnel reoptimization allows you to manually or dynamically trigger the ingress node to recalculate a path.
Page 83: Controlling Mpls Te Tunnel Setup
Step Command Remarks By default, the up/down threshold Configure the up/down mpls te bandwidth change is 10% of the link reservable threshold. thresholds { down | up } percent bandwidth. Return to system view. quit Enter MPLS TE view. mpls te link-management By default, the flooding interval is Configure the flooding interval.
Page 84: Configuring Automatic Bandwidth Adjustment
Configuring tunnel setup retry If the ingress node fails to establish an MPLS TE tunnel, it waits for the retry interval, and then tries to set up the tunnel again. It repeats this process until the tunnel is established or until the number of attempts reaches the maximum.
Page 85: Configuring Load Sharing For An Mpls Te Tunnel
Therefore, HP recommends that you use the SE style. Configuring load sharing for an MPLS TE tunnel MPLS TE tunnel load sharing specifies multiple member interfaces (MPLS TE tunnel interfaces) for a tunnel bundle interface in load sharing mode.
Page 86: Configuring Traffic Forwarding
Step Command Remarks By default, no destination address is configured for a tunnel bundle interface. HP recommends configuring the same destination address for a Configure the destination tunnel bundle interface and its address for the tunnel bundle destination ip-address member interfaces. Otherwise, interface.
Page 87: Configuring Pbr To Direct Traffic To An Mpls Te Tunnel Or Tunnel Bundle
The destination address of the MPLS TE tunnel or tunnel bundle can be the LSR ID of the egress node • or the primary IP address of an interface on the egress node. HP recommends configuring the destination address of the MPLS TE tunnel or tunnel bundle as the LSR ID of the egress node.
Page 88 The route to the tunnel interface address (or the tunnel bundle interface address) and the route to the • tunnel destination must be in the same OSPF area or at the same IS-IS level. Configuring IGP shortcut Step Command Remarks Enter system view.
Page 89: Configuring A Bidirectional Mpls Te Tunnel
Configuring a bidirectional MPLS TE tunnel Before you create a bidirectional MPLS TE tunnel, complete the following tasks: Disable the PHP function on both ends of the tunnel. • To set up a bidirectional MPLS TE tunnel in co-routed mode, you must specify the signaling protocol •...
Page 90: Configuring Crlsp Backup
Step Command Remarks mpls te bidirectional associated By default, no bidirectional tunnel Configure an associated reverse-lsp { lsp-name lsp-name | is configured, and tunnels bidirectional MPLS TE tunnel. lsr-id ingress-lsr-id tunnel-id established on the tunnel interface tunnel-id } } are unidirectional MPLS TE tunnels. Configuring CRLSP backup CRLSP backup provides end-to-end CRLSP protection.
Page 91: Configuring A Bypass Tunnel On The Plr
Step Command Remarks By default, FRR is disabled. If you specify the bandwidth Enable FRR. mpls te fast-reroute [ bandwidth ] keyword, the primary CRLSP must have bandwidth protection. Configuring a bypass tunnel on the PLR Overview To configure FRR, you must configure bypass tunnels for primary CRLSPs on the PLR. To configure bypass tunnels on the PLR, you can use the following methods: •...
Page 92 Bandwidth Primary CRLSP required by requires Bypass tunnel providing Bypass tunnel providing no primary bandwidth bandwidth protection bandwidth protection CRLSP protection or not protection for the primary CRLSP, and performs best-effort forwarding for traffic of the primary CRLSP. The primary CRLSP can be bound to the bypass tunnel when all the following conditions are met: The primary CRLSP can be bound to...
Page 93 Use bypass tunnels to protect only critical interfaces or links when bandwidth is insufficient. Bypass • tunnels are pre-established and require extra bandwidth. Make sure the bandwidth assigned to the bypass tunnel is no less than the total bandwidth needed •...
Page 94: Configuring Node Fault Detection
Automatically setting up bypass tunnels With auto FRR, if the PLR is the penultimate node of a primary CRLSP, the PLR does not create a node-protection bypass tunnel for the primary CRLSP. To configure auto FRR on the PLR: Step Command Remarks Enter system view.
Page 95: Configuring The Optimal Bypass Tunnel Selection Interval
Step Command Remarks Enter system view. system-view Enter interface view of the connecting interface between interface interface-type the PLR and the protected interface-number node. By default, RSVP hello • (Method 1) Enable RSVP hello extension is disabled, and extension on the interface: BFD is not configured.
Page 96: Displaying And Maintaining Mpls Te
Displaying and maintaining MPLS TE Execute display commands in any view and reset commands in user view. Task Command Display information about explicit paths. display explicit-path [ path-name ] display isis mpls te advertisement [ [ level-1 | level-2 ] | Display link and node information in an IS-IS [ originate-system system-id | local ] | verbose ] * TEDB.
Page 97 Figure 27 Network diagram Configuration procedure Configure IP addresses and masks for interfaces. (Details not shown.) Configure IS-IS to advertise interface addresses, including the loopback interface address: # Configure Router A. <RouterA> system-view [RouterA] isis 1 [RouterA-isis-1] network-entity 00.0005.0000.0000.0001.00 [RouterA-isis-1] quit [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] isis enable 1 [RouterA-GigabitEthernet2/1/1] quit...
Page 98 [RouterC-isis-1] network-entity 00.0005.0000.0000.0003.00 [RouterC-isis-1] quit [RouterC] interface gigabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] isis enable 1 [RouterC-GigabitEthernet2/1/1] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] isis enable 1 [RouterC-LoopBack0] quit # Execute the display ip routing-table command on each router to verify that the routers have learned the routes to one another, including the routes to the loopback interfaces.
Page 99 [RouterB] interface gigabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet2/1/1] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet2/1/1] quit [RouterB] interface gigabitethernet 2/1/2 [RouterB-GigabitEthernet2/1/2] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet2/1/2] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet2/1/2] quit # Configure the maximum link bandwidth and maximum reservable bandwidth on Router C. [RouterC] interface gigabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] mpls te max-link-bandwidth 10000 [RouterC-GigabitEthernet2/1/1] mpls te max-reservable-bandwidth 5000...
Page 100 Line protocol state: UP Description: Tunnel0 Interface Bandwidth: 64kbps Maximum Transmit Unit: 1496 Internet Address is 6.1.1.1/24 Primary Tunnel source unknown, destination 3.3.3.3 Tunnel TTL 255 Tunnel protocol/transport CR_LSP Output queue - Urgent queuing: Size/Length/Discards 0/100/0 Output queue - Protocol queuing: Size/Length/Discards 0/500/0 Output queue - FIFO queuing: Size/Length/Discards 0/75/0 Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec...
Page 101: Establishing An Mpls Te Tunnel With Rsvp-Te
Collected Bandwidth # Execute the display mpls lsp command or the display mpls static-cr-lsp command on each router to display the static CRLSP information. [RouterA] display mpls lsp Proto In/Out Label Interface/Out NHLFE 1.1.1.1/0/1 StaticCR -/20 GE2/1/1 2.1.1.2 Local GE2/1/1 [RouterB] display mpls lsp Proto In/Out Label...
Page 102 Table 3 Interface and IP address assignment Device Interface IP address Device Interface IP address Router A Loop0 1.1.1.9/32 Router C Loop0 3.3.3.9/32 GE2/1/1 10.1.1.1/24 GE2/1/1 30.1.1.1/24 Router B Loop0 2.2.2.9/32 POS2/2/0 20.1.1.2/24 GE2/1/1 10.1.1.2/24 Router D Loop0 4.4.4.9/32 POS2/2/0 20.1.1.1/24 GE2/1/1 30.1.1.2/24...
Page 103 [RouterC-isis-1] quit [RouterC] interface gigabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] isis enable 1 [RouterC-GigabitEthernet2/1/1] isis circuit-level level-2 [RouterC-GigabitEthernet2/1/1] quit [RouterC] interface pos 2/2/0 [RouterC-POS2/2/0] isis enable 1 [RouterC-POS2/2/0] isis circuit-level level-2 [RouterC-POS2/2/0] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] isis enable 1 [RouterC-LoopBack0] isis circuit-level level-2 [RouterC-LoopBack0] quit # Configure Router D.
Page 104 [RouterB] interface gigabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] mpls enable [RouterB-GigabitEthernet2/1/1] mpls te enable [RouterB-GigabitEthernet2/1/1] rsvp enable [RouterB-GigabitEthernet2/1/1] quit [RouterB] interface pos 2/2/0 [RouterB-POS2/2/0] mpls enable [RouterB-POS2/2/0] mpls te enable [RouterB-POS2/2/0] rsvp enable [RouterB-POS2/2/0] quit # Configure Router C. [RouterC] mpls lsr-id 3.3.3.9 [RouterC] mpls te [RouterC-te] quit [RouterC] rsvp...
Page 105 [RouterB-isis-1] quit # Configure Router C. [RouterC] isis 1 [RouterC-isis-1] cost-style wide [RouterC-isis-1] mpls te enable level-2 [RouterC-isis-1] quit # Configure Router D. [RouterD] isis 1 [RouterD-isis-1] cost-style wide [RouterD-isis-1] mpls te enable level-2 [RouterD-isis-1] quit Configure MPLS TE attributes of links: # Configure the maximum link bandwidth and maximum reservable bandwidth on Router A.
Page 106 # Configure MPLS TE to use RSVP-TE to establish the tunnel. [RouterA-Tunnel1] mpls te signaling rsvp-te # Assign 2000 kbps bandwidth to the tunnel. [RouterA-Tunnel1] mpls te bandwidth 2000 [RouterA-Tunnel1] quit Configure a static route on Router A to direct the traffic destined for subnet 30.1.1.0/24 to MPLS TE tunnel 1.
Page 107: Establishing An Inter-As Mpls Te Tunnel With Rsvp-Te
Backup Explicit Path : - Metric Type : TE Record Route : Disabled Record Label : Disabled FRR Flag : Disabled Bandwidth Protection : Disabled Backup Bandwidth Flag: Disabled Backup Bandwidth Type: - Backup Bandwidth Bypass Tunnel : No Auto Created : No Route Pinning : Disabled...
Page 108 Device Interface IP address Device Interface IP address Router B Loop0 2.2.2.9/32 POS2/2/0 20.1.1.2/24 GE2/1/1 10.1.1.2/24 Router D Loop0 4.4.4.9/32 POS2/2/0 20.1.1.1/24 GE2/1/1 30.1.1.2/24 Configuration procedure Configure IP addresses and masks for interfaces. (Details not shown.) Configure OSPF to advertise routes within the ASs, and redistribute the direct and BGP routes into OSPF on Router B and Router C: # Configure Router A.
Page 109 # Execute the display ip routing-table command on each router to verify that the routers have learned the routes to one another, including the routes to the loopback interfaces. Take Router A as an example: [RouterA] display ip routing-table Destinations : 6 Routes : 6 Destination/Mask Proto...
Page 110 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configure an LSR ID, and enable MPLS, MPLS TE, and RSVP-TE: # Configure Router A. [RouterA] mpls lsr-id 1.1.1.9 [RouterA] mpls te [RouterA-te] quit [RouterA] rsvp [RouterA-rsvp] quit [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] mpls enable [RouterA-GigabitEthernet2/1/1] mpls te enable [RouterA-GigabitEthernet2/1/1] rsvp enable...
Page 111 [RouterD] mpls lsr-id 4.4.4.9 [RouterD] mpls te [RouterD-te] quit [RouterD] rsvp [RouterD-rsvp] quit [RouterD] interface gigabitethernet 2/1/1 [RouterD-GigabitEthernet2/1/1] mpls enable [RouterD-GigabitEthernet2/1/1] mpls te enable [RouterD-GigabitEthernet2/1/1] rsvp enable [RouterD-GigabitEthernet2/1/1] quit Configure OSPF TE: # Configure Router A. [RouterA] ospf [RouterA-ospf-1] opaque-capability enable [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] mpls te enable [RouterA-ospf-1-area-0.0.0.0] quit...
Page 112 [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] mpls te max-link-bandwidth 10000 [RouterA-GigabitEthernet2/1/1] mpls te max-reservable-bandwidth 5000 [RouterA-GigabitEthernet2/1/1] quit # Configure the maximum link bandwidth and maximum reservable bandwidth on Router B. [RouterB] interface gigabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet2/1/1] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet2/1/1] quit [RouterB] interface pos 2/2/0 [RouterB-POS2/2/0] mpls te max-link-bandwidth 10000...
Page 113 Verifying the configuration # Execute the display interface tunnel command on Router A. The output shows that the tunnel interface is up. [RouterA] display interface tunnel 1 Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 64000 Internet Address is 7.1.1.1/24 Primary Tunnel source unknown, destination 4.4.4.9 Tunnel bandwidth 64 (kbps)
Page 114: Bidirectional Mpls Te Tunnel Configuration Example
Auto Bandwidth : Disabled Auto Bandwidth Freq Min Bandwidth Max Bandwidth Collected Bandwidth # Execute the display ip routing-table command on Router A. The output shows a static route entry with interface Tunnel 1 as the output interface. [RouterA] display ip routing-table Destinations : 14 Routes : 14 Destination/Mask...
Page 115 Device Interface IP address Device Interface IP address Router B Loop0 2.2.2.9/32 POS2/2/0 20.1.1.2/24 GE2/1/1 10.1.1.2/24 Router D Loop0 4.4.4.9/32 POS2/2/0 20.1.1.1/24 GE2/1/1 30.1.1.2/24 Configuration procedure Configure IP addresses and masks for interfaces. (Details not shown.) Configure IS-IS to advertise interface addresses, including the loopback interface address: For more information, see "Establishing an MPLS TE tunnel with RSVP-TE."...
Page 116 [RouterC-te] quit [RouterC-] rsvp [RouterC-rsvp] quit [RouterC] interface gigabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] mpls enable [RouterC-GigabitEthernet2/1/1] mpls te enable [RouterC-GigabitEthernet2/1/1] rsvp enable [RouterC-GigabitEthernet2/1/1] quit [RouterC] interface pos 2/2/0 [RouterC-POS2/2/0] mpls enable [RouterC-POS2/2/0] mpls te enable [RouterC-POS2/2/0] rsvp enable [RouterC-POS2/2/0] quit # Configure Router D. <RouterD>...
Page 117 Configure a co-routed bidirectional MPLS TE tunnel: # Configure Router A as the active end of the co-routed bidirectional tunnel. [RouterA] interface tunnel 1 mode mpls-te [RouterA-Tunnel1] ip address 7.1.1.1 255.255.255.0 [RouterA-Tunnel1] destination 4.4.4.9 [RouterA-Tunnel1] mpls te signaling rsvp-te [RouterA-Tunnel1] mpls te resv-style ff [RouterA-Tunnel1] mpls te bidirectional co-routed active [RouterA-Tunnel1] quit # Configure Router D as the passive end of the co-routed bidirectional tunnel.
Page 118 Reverse-LSP name Reverse-LSP LSR ID Reverse-LSP Tunnel ID: - Class Type : CT0 Tunnel Bandwidth : 0 kbps Reserved Bandwidth : 0 kbps Setup Priority Holding Priority Affinity Attr/Mask : 0/0 Explicit Path Backup Explicit Path : - Metric Type : TE Record Route : Disabled...
Page 119 LSR Type : Ingress Service NHLFE ID : 1026 State : Active Nexthop : 10.1.1.2 Out-Interface: GE2/1/1 # Execute the display interface tunnel command on Router D. The output shows that the tunnel interface is up. [RouterD] display interface tunnel Tunnel4 current state: UP Line protocol current state: UP Description: Tunnel8 Interface...
Page 120: Crlsp Backup Configuration Example
Bypass Tunnel Auto Created Route Pinning Retry Limit Retry Interval Reoptimization Reoptimization Freq Backup Type Backup LSP ID Auto Bandwidth Auto Bandwidth Freq Min Bandwidth Max Bandwidth Collected Bandwidth # Execute the display mpls lsp verbose command on Router D to display detailed information about the bidirectional MPLS TE tunnel.
Page 121 Use RSVP-TE to establish an MPLS TE tunnel from Router A to Router C. Enable CRLSP hot backup for the tunnel to simultaneously establish a primary CRLSP and a backup CRLSP. When the primary CRLSP fails, traffic is switched to the backup CRLSP. Figure 31 Network diagram Table 6 Interface and IP address assignment Device...
Page 122 [RouterA-GigabitEthernet2/1/1] quit [RouterA] interface pos 2/2/1 [RouterA-POS2/2/1] mpls enable [RouterA-POS2/2/1] mpls te enable [RouterA-POS2/2/1] rsvp enable [RouterA-POS2/2/1] quit # Configure Router B, Router C, and Router D in the same way that Router A is configured. (Details not shown.) Configure an MPLS TE tunnel on Router A: # Configure MPLS TE tunnel interface Tunnel 3.
Page 123 1.1.1.9/3/30106 RSVP -/1137 GE2/1/1 1.1.1.9/3/30107 RSVP -/1150 POS2/2/1 10.1.1.2 Local GE2/1/1 30.1.1.2 Local POS2/2/1 # Execute the display rsvp lsp verbose command on Router A to display the paths used by the two CRLSPs. [RouterA] display rsvp lsp verbose Tunnel name: RouterA_t3 Destination: 3.3.3.9 Source: 1.1.1.9 Tunnel ID: 3...
Page 124: Manual Bypass Tunnel For Frr Configuration Example
# Tracert the tunnel destination 3.3.3.9. The output shows that the used CRLSP is the one that traverses Router B. [RouterA] tracert –a 1.1.1.9 3.3.3.9 traceroute to 3.3.3.9 (3.3.3.9) from 1.1.1.9, 30 hops at most, 40 bytes each packet, press CTRL_C to break 1 10.1.1.2 (10.1.1.2) 1.000 ms...
Page 125 Figure 32 Network diagram Table 7 Interface and IP address assignment Device Interface IP address Device Interface IP address Router A Loop0 1.1.1.1/32 Router E Loop0 5.5.5.5/32 GE2/1/1 2.1.1.1/24 POS2/2/0 3.2.1.2/24 Router B Loop0 2.2.2.2/32 POS2/2/1 3.3.1.1/24 GE2/1/1 2.1.1.2/24 Router C Loop0 3.3.3.3/32 GE2/1/2...
Page 126 [RouterA-rsvp] quit [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] mpls enable [RouterA-GigabitEthernet2/1/1] mpls te enable [RouterA-GigabitEthernet2/1/1] rsvp enable [RouterA-GigabitEthernet2/1/1] quit # Configure Router B. <RouterB> system-view [RouterB] mpls lsr-id 2.2.2.2 [RouterB] mpls te [RouterB-te] quit [RouterB] rsvp [RouterB-rsvp] quit [RouterB] interface gigabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] mpls enable [RouterB-GigabitEthernet2/1/1] mpls te enable [RouterB-GigabitEthernet2/1/1] rsvp enable...
Page 127 [RouterA-Tunnel4] mpls te path preference 1 explicit-path pri-path # Enable FRR for the MPLS TE tunnel. [RouterA-Tunnel4] mpls te fast-reroute [RouterA-Tunnel4] quit # Execute the display interface tunnel command on Router A. The output shows that the tunnel interface Tunnel4 is up. [RouterA] display interface tunnel Tunnel4 current state: UP Line protocol current state: UP...
Page 128 Route Pinning : Disabled Retry Limit : 10 Retry Interval : 2 sec Reoptimization : Disabled Reoptimization Freq Backup Type : None Backup LSP ID Auto Bandwidth : Disabled Auto Bandwidth Freq Min Bandwidth Max Bandwidth Collected Bandwidth Configure a bypass tunnel on Router B (the PLR): # Configure an explicit path for the bypass tunnel.
Page 129 2.2.2.2/5/31857 RSVP GE2/1/2 3.2.1.2 Local POS2/2/0 3.1.1.2 Local GE2/1/2 # Shut down the protected interface GigabitEthernet 2/1/2 on the PLR (Router B). [RouterB] interface gigabitethernet 2/1/2 [RouterB-GigabitEthernet2/1/2] shutdown [RouterB-GigabitEthernet2/1/2] quit # Execute the display interface tunnel 4 command on Router A to display information about the primary CRLSP.
Page 130: Auto Frr Configuration Example
# Execute the display mpls lsp command on Router B. The output shows that the bypass tunnel is in use. [RouterB] display mpls lsp Proto In/Out Label Interface/Out NHLFE 1.1.1.1/4/18753 RSVP 1122/3 Tun5 2.2.2.2/5/40312 RSVP -/1150 GE2/1/4 3.2.1.2 Local GE2/1/4 # On the PLR, configure the interval for selecting an optimal bypass tunnel as 5 seconds.
Page 131 Figure 33 Network diagram Table 8 Interface and IP address assignment Device Interface IP address Device Interface IP address Router A Loop0 1.1.1.1/32 Router E Loop0 5.5.5.5/32 GE2/1/1 2.1.1.1/24 POS2/2/0 3.2.1.2/24 Router B Loop0 2.2.2.2/32 POS2/2/1 3.4.1.1/24 GE2/1/1 2.1.1.2/24 Router C Loop0 3.3.3.3/32 GE2/1/2...
Page 132 [RouterA] mpls te [RouterA-te] quit [RouterA] rsvp [RouterA-rsvp] quit [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] mpls enable [RouterA-GigabitEthernet2/1/1] mpls te enable [RouterA-GigabitEthernet2/1/1] rsvp enable [RouterA-GigabitEthernet2/1/1] quit # Configure Router B. <RouterB> system-view [RouterB] mpls lsr-id 2.2.2.2 [RouterB] mpls te [RouterB-te] quit [RouterB] rsvp [RouterB-rsvp] quit [RouterB] interface gigabitethernet 2/1/1...
Page 133 # Create MPLS TE tunnel interface Tunnel1 for the primary CRLSP. [RouterA] interface tunnel 1 mode mpls-te [RouterA-Tunnel1] ip address 10.1.1.1 255.255.255.0 # Specify the tunnel destination address as the LSR ID of Router D. [RouterA-Tunnel1] destination 4.4.4.4 # Specify the tunnel signaling protocol as RSVP-TE. [RouterA-Tunnel1] mpls te signaling rsvp-te # Specify the explicit path as pri-path.
Page 134 Explicit Path : exp1 Backup Explicit Path : - Metric Type : TE Record Route : Enabled Record Label : Enabled FRR Flag : Enabled Bandwidth Protection : Disabled Backup Bandwidth Flag: Disabled Backup Bandwidth Type: - Backup Bandwidth Bypass Tunnel : No Auto Created : No...
Page 135 Reverse-LSP LSR ID Reverse-LSP Tunnel ID: - Class Type : CT0 Tunnel Bandwidth : 0 kbps Reserved Bandwidth : 0 kbps Setup Priority Holding Priority Affinity Attr/Mask : 0/0 Explicit Path Backup Explicit Path : - Metric Type : TE Record Route : Enabled Record Label...
Page 136: Ietf Ds-Te Configuration Example
Auto Bandwidth : Disabled Auto Bandwidth Freq Min Bandwidth Max Bandwidth Collected Bandwidth # Execute the display mpls lsp command on Router B. The output shows that the current bypass tunnel that protects the primary CRLSP is Tunnel 50. [RouterB] display mpls lsp Proto In/Out Label Interface/Out NHLFE...
Page 137 Use RSVP-TE to create a TE tunnel from Router A to Router D. Traffic of the tunnel belongs to CT 2, and the tunnel needs a bandwidth of 4000 kbps. The maximum bandwidth of the link that the tunnel traverses is 10000 kbps and the maximum reservable bandwidth of the link is 10000 kbps.
Page 138 [RouterB-isis-1] network-entity 00.0005.0000.0000.0002.00 [RouterB-isis-1] quit [RouterB] interface gigabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] isis enable 1 [RouterB-GigabitEthernet2/1/1] isis circuit-level level-2 [RouterB-GigabitEthernet2/1/1] quit [RouterB] interface pos 2/2/0 [RouterB-POS2/2/0] isis enable 1 [RouterB-POS2/2/0] isis circuit-level level-2 [RouterB-POS2/2/0] quit [RouterB] interface loopback 0 [RouterB-LoopBack0] isis enable 1 [RouterB-LoopBack0] isis circuit-level level-2 [RouterB-LoopBack0] quit # Configure Router C.
Page 139 Destination/Mask Proto Cost NextHop Interface 1.1.1.9/32 Direct 0 127.0.0.1 InLoop0 2.2.2.9/32 ISIS 10.1.1.2 GE2/1/1 3.3.3.9/32 ISIS 10.1.1.2 GE2/1/1 4.4.4.9/32 ISIS 10.1.1.2 GE2/1/1 10.1.1.0/24 Direct 0 10.1.1.1 GE2/1/1 10.1.1.1/32 Direct 0 127.0.0.1 InLoop0 20.1.1.0/24 ISIS 10.1.1.2 GE2/1/1 30.1.1.0/24 ISIS 10.1.1.2 GE2/1/1 127.0.0.0/8 Direct 0 127.0.0.1...
Page 140 [RouterC] interface gigabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] mpls enable [RouterC-GigabitEthernet2/1/1] mpls te enable [RouterC-GigabitEthernet2/1/1] rsvp enable [RouterC-GigabitEthernet2/1/1] quit [RouterC] interface pos 2/2/0 [RouterC-POS2/2/0] mpls enable [RouterC-POS2/2/0] mpls te enable [RouterC-POS2/2/0] rsvp enable [RouterC-POS2/2/0] quit # Configure Router D. [RouterD] mpls lsr-id 4.4.4.9 [RouterD] mpls te [RouterD-te] ds-te mode ietf [RouterD-te] quit...
Page 141 [RouterA-GigabitEthernet2/1/1] mpls te max-link-bandwidth 10000 [RouterA-GigabitEthernet2/1/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterA-GigabitEthernet2/1/1] quit # Configure the maximum bandwidth, maximum reservable bandwidth, and bandwidth constraints on Router B. [RouterB] interface gigabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet2/1/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterB-GigabitEthernet2/1/1] quit...
Page 142 [RouterA-Tunnel1] quit Configure a static route on Router A to direct the traffic destined for subnet 30.1.1.0/24 to MPLS TE tunnel 1. [RouterA] ip route-static 30.1.1.2 24 tunnel 1 preference 1 Verifying the configuration # Execute the display interface tunnel command on Router A. The output shows that the tunnel interface is up.
Page 143: Troubleshooting Mpls Te
Backup Bandwidth Bypass Tunnel : No Auto Created : No Route Pinning : Disabled Retry Limit : 10 Retry Interval : 2 sec Reoptimization : Disabled Reoptimization Freq Backup Type : None Backup LSP ID Auto Bandwidth : Disabled Auto Bandwidth Freq Min Bandwidth Max Bandwidth Collected Bandwidth...
Page 144 Use the debugging ospf mpls-te command to verify that OSPF can receive the TE LINK establishment message. Use the display ospf peer command to verify that OSPF neighbors are established correctly. If the problem persists, contact HP Support.
Page 145: Configuring A Static Crlsp
Configuring a static CRLSP Overview A static Constraint-based Routed Label Switched Path (CRLSP) is established by manually specifying CRLSP setup information on the ingress, transit, and egress nodes of the forwarding path. The CRLSP setup information includes the incoming label, outgoing label, and required bandwidth. If the device does not have enough bandwidth resources required by a CRLSP, the CRLSP cannot be established.
Page 146: Displaying Static Crlsps
To configure a static CRLSP: Step Command Remarks Enter system view. system-view • Configure the ingress node: Use one command according to static-cr-lsp ingress lsp-name { nexthop the position of a device on the next-hop-addr | outgoing-interface network. interface-type interface-number } By default, no static CRLSP out-label out-label-value [ bandwidth exists.
Page 147 Figure 35 Network diagram Configuration procedure Configure IP addresses and masks for interfaces. (Details not shown.) Configure IS-IS to advertise interface addresses, including the loopback interface address: # Configure Router A. <RouterA> system-view [RouterA] isis 1 [RouterA-isis-1] network-entity 00.0005.0000.0000.0001.00 [RouterA-isis-1] quit [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] isis enable 1 [RouterA-GigabitEthernet2/1/1] quit...
Page 148 [RouterC-isis-1] network-entity 00.0005.0000.0000.0003.00 [RouterC-isis-1] quit [RouterC] interface gigabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] isis enable 1 [RouterC-GigabitEthernet2/1/1] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] isis enable 1 [RouterC-LoopBack0] quit # Execute the display ip routing-table command on each router to verify that the routers have learned the routes to one another, including the routes to the loopback interfaces.
Page 149 [RouterB] interface gigabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet2/1/1] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet2/1/1] quit [RouterB] interface gigabitethernet 2/1/2 [RouterB-GigabitEthernet2/1/2] mpls te max-link-bandwidth 10000 [RouterB-GigabitEthernet2/1/2] mpls te max-reservable-bandwidth 5000 [RouterB-GigabitEthernet2/1/2] quit # On Router C, configure the maximum bandwidth and the maximum reservable bandwidth. [RouterC] interface gigabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] mpls te max-link-bandwidth 10000 [RouterC-GigabitEthernet2/1/1] mpls te max-reservable-bandwidth 5000...
Page 150 Line protocol state: UP Description: Tunnel0 Interface Bandwidth: 64kbps Maximum Transmit Unit: 1496 Internet Address is 6.1.1.1/24 Primary Tunnel source unknown, destination 3.3.3.3 Tunnel TTL 255 Tunnel protocol/transport CR_LSP Output queue - Urgent queuing: Size/Length/Discards 0/100/0 Output queue - Protocol queuing: Size/Length/Discards 0/500/0 Output queue - FIFO queuing: Size/Length/Discards 0/75/0 Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec...
Page 151 # Execute the display mpls lsp command or the display mpls static-cr-lsp command on each router to display static CRLSP information. [RouterA] display mpls lsp Proto In/Out Label Interface/Out NHLFE 1.1.1.1/0/1 StaticCR -/20 GE2/1/1 2.1.1.2 Local GE2/1/1 [RouterB] display mpls lsp Proto In/Out Label Interface/Out NHLFE...
Page 152: Configuring Rsvp
Configuring RSVP Overview The Resource Reservation Protocol (RSVP) is a signaling protocol that reserves resources on a network. Extended RSVP supports MPLS label distribution and allows resource reservation information to be transmitted with label bindings. This extended RSVP is called RSVP-TE. RSVP-TE is a label distribution protocol for MPLS TE.
Page 153: Crlsp Setup Procedure
LABEL—Advertises the label allocated by the downstream node to the upstream node. • • RECORD_ROUTE—Records the path that the CRLSP actually traverses and the label allocated by each node on the path. CRLSP setup procedure Figure 36 Setting up a CRLSP Ingress Egress Path...
Page 154: Rsvp Authentication
Reliable RSVP message delivery An RSVP sender cannot know or retransmit lost RSVP messages. The reliable RSVP message delivery mechanism is designed to ensure reliable transmission. This mechanism requires the peer device to acknowledge each RSVP message received from the local device.
Page 155: Protocols And Standards
A GR helper considers that a GR restarter is rebooting when it does not receive hellos or receives erroneous hellos from the restarter in three consecutive hello intervals. When a GR restarter is rebooting, the GR helpers perform the following tasks: •...
Page 156: Configuring Rsvp Refresh
Configuring RSVP refresh Step Command Remarks Enter system view. system-view Enter RSVP view. rsvp By default, the refresh interval is 30 Configure the refresh interval refresh interval interval seconds for both path and Resv for Path and Resv messages. messages. Configure the PSB and RSB By default, the PSB and RSB keep-multiplier number...
Page 157: Configuring Rsvp Authentication
If the device receives a hello request from the neighbor, the device replies with a hello ACK message. If the device receives no hello request from the neighbor within the interval specified by the hello interval command, the device sends hello requests to the neighbor. When the number of consecutive lost hellos or erroneous hellos from the neighbor reaches the maximum (specified by the hello lost command), the device determines the neighbor is in fault.
Page 158 Step Command Remarks Enable RSVP authentication for authentication key { cipher | By default, RSVP authentication is the RSVP neighbor and specify plain } auth-key disabled. the authentication key. Enable challenge-response By default, the challenge-response handshake for the RSVP authentication challenge handshake function is disabled.
Page 159: Specifying A Dscp Value For Outgoing Rsvp Packets
Step Command Remarks Configure the global idle By default, the idle timeout is 1800 timeout for RSVP security authentication lifetime life-time seconds (30 minutes). associations. Specify the global RSVP authentication window By default, only one RSVP size—the maximum number of authentication window-size authenticated message can be RSVP authenticated messages...
Page 160: Enabling Bfd For Rsvp
Enabling BFD for RSVP If a link fails, MPLS TE tunnels over the link fail to forward packets. MPLS TE cannot quickly detect a link failure. To address this issue, you can enable BFD for RSVP so MPLS TE can quickly switch data from the primary path to the backup path upon a link failure.
Page 161: Rsvp Configuration Examples
RSVP configuration examples Establishing an MPLS TE tunnel with RSVP-TE Network requirements Router A, Router B, Router C, and Router D run IS-IS and all of them are Layer 2 routers. Use RSVP-TE to create an MPLS TE tunnel from Router A to Router D. The MPLS TE tunnel requires a bandwidth of 2000 kbps.
Page 162 [RouterA] interface loopback 0 [RouterA-LoopBack0] isis enable 1 [RouterA-LoopBack0] isis circuit-level level-2 [RouterA-LoopBack0] quit # Configure Router B. <RouterB> system-view [RouterB] isis 1 [RouterB-isis-1] network-entity 00.0005.0000.0000.0002.00 [RouterB-isis-1] quit [RouterB] interface gigabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] isis enable 1 [RouterB-GigabitEthernet2/1/1] isis circuit-level level-2 [RouterB-GigabitEthernet2/1/1] quit [RouterB] interface pos 2/2/0 [RouterB-POS2/2/0] isis enable 1...
Page 163 [RouterD-LoopBack0] isis enable 1 [RouterD-LoopBack0] isis circuit-level level-2 [RouterD-LoopBack0] quit # Execute the display ip routing-table command on each router to verify that the routers have learned the routes to one another, including the routes to the loopback interfaces. (Details not shown.) Configure an LSR ID, and enable MPLS, MPLS TE, and RSVP: # Configure Router A.
Page 164 [RouterC-POS2/2/0] mpls te enable [RouterC-POS2/2/0] rsvp enable [RouterC-POS2/2/0] quit # Configure Router D. [RouterD] mpls lsr-id 4.4.4.9 [RouterD] mpls te [RouterD-te] quit [RouterD] rsvp [RouterD-rsvp] quit [RouterD] interface gigabitethernet 2/1/1 [RouterD-GigabitEthernet2/1/1] mpls enable [RouterD-GigabitEthernet2/1/1] mpls te enable [RouterD-GigabitEthernet2/1/1] rsvp enable [RouterD-GigabitEthernet2/1/1] quit Configure IS-IS TE: # Configure Router A.
Page 165 [RouterB] interface pos 2/2/0 [RouterB-POS2/2/0] mpls te max-link-bandwidth 10000 [RouterB-POS2/2/0] mpls te max-reservable-bandwidth 5000 [RouterB-POS2/2/0] quit # Configure the maximum link bandwidth and maximum reservable bandwidth on Router C. [RouterC] interface gigabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] mpls te max-link-bandwidth 10000 [RouterC-GigabitEthernet2/1/1] mpls te max-reservable-bandwidth 5000 [RouterC-GigabitEthernet2/1/1] quit [RouterC] interface pos 2/2/0 [RouterC-POS2/2/0] mpls te max-link-bandwidth 10000...
Page 166: Rsvp Gr Configuration Example
Output queue - Urgent queuing: Size/Length/Discards 0/100/0 Output queue - Protocol queuing: Size/Length/Discards 0/500/0 Output queue - FIFO queuing: Size/Length/Discards 0/75/0 Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops # Execute the display mpls te tunnel-interface command on Router A to display detailed information...
Page 167 Configure RSVP GR on the routers to ensure continuous forwarding when a router reboots. Figure 38 Network diagram Configuration procedure Configure IP addresses and masks for interfaces. (Details not shown.) Configure IS-IS to advertise interface addresses, including the loopback interface address. (Details not shown.) Configure an LSR ID, enable MPLS, MPLS TE, RSVP, and RSVP hello extension: # Configure Router A.
Page 168 # Configure Router C. <RouterC> system-view [RouterC] mpls lsr-id 3.3.3.9 [RouterC] mpls te [RouterC-te] quit [RouterC] rsvp [RouterC-rsvp] rsvp [RouterC-mpls] interface gigabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] mpls enable [RouterC-GigabitEthernet2/1/1] mpls te enable [RouterC-GigabitEthernet2/1/1] rsvp enable [RouterC-GigabitEthernet2/1/1] rsvp hello enable [RouterC-GigabitEthernet2/1/1] quit Configure IS-IS TE. (Details not shown.) Configure an MPLS TE tunnel.
Page 169: Configuring Tunnel Policies
This method explicitly specifies an MPLS TE tunnel, GRE tunnel, or tunnel bundle for an MPLS VPN, facilitating traffic planning. HP recommends that you use this method. To select multiple tunnels for load sharing, create a tunnel policy and specify the tunnel selection •...
Page 170: Configuration Procedure
The second method distributes traffic of a single VPN to multiple tunnels. The transmission delays on different tunnels can greatly vary. Therefore, the destination device or the upper layer application might take a great time to sequence the packets. HP recommends not using the second method. Configuration procedure...
Page 171: Displaying Tunnel Information
Displaying tunnel information Execute display commands in any view. Task Command display mpls tunnel { all | statistics | [ vpn-instance vpn-instance-name ] Display tunnel information. destination { tunnel-ipv4-dest | tunnel-ipv6-dest } } Tunnel policy configuration examples Preferred tunnel configuration example Network requirements PE 1 has multiple tunnels to reach PE 2: one MPLS TE tunnel on interface Tunnel 1, one GRE tunnel on interface Tunnel 2, and one LDP LSP tunnel.
Page 172: Tunnel Selection Order Configuration Example
Configuration procedure Configure tunnel policies on PE 1: # Create tunnel policy preferredte1, and configure tunnel 1 as the preferred tunnel. <PE1> system-view [PE1] tunnel-policy preferredte1 [PE1-tunnel-policy-preferredte1] preferred-path tunnel 1 [PE1-tunnel-policy-preferredte1] quit # Create tunnel policy preferredgre2, and configure tunnel 2 as the preferred tunnel. [PE1] tunnel-policy preferredgre2 [PE1-tunnel-policy-preferredgre2] preferred-path tunnel 2 [PE1-tunnel-policy-preferredgre2] quit...
Page 173: Preferred Tunnel And Tunnel Selection Order Configuration Example
Preferred tunnel and tunnel selection order configuration example Network requirements PE 1 has multiple tunnels to reach PE 2: two MPLS TE tunnels on interfaces Tunnel 1 and Tunnel 3, one GRE tunnel on interface Tunnel 2, and one LDP LSP tunnel. PE 1 has multiple MPLS VPN instances: vpna, vpnb, vpnc, vpnd, vpne, vpnf, and vpng.
Page 174 [PE1] ip vpn-instance vpnb [PE1-vpn-instance-vpnb] route-distinguisher 100:2 [PE1-vpn-instance-vpnb] vpn-target 100:2 [PE1-vpn-instance-vpnb] tnl-policy preferredte1 [PE1-vpn-instance-vpnb] quit # Create MPLS VPN instances vpnc and vpnd, and apply tunnel policy preferredte3 to them. [PE1] ip vpn-instance vpnc [PE1-vpn-instance-vpnc] route-distinguisher 100:3 [PE1-vpn-instance-vpnc] vpn-target 100:3 [PE1-vpn-instance-vpnc] tnl-policy preferredte3 [PE1-vpn-instance-vpnc] quit [PE1] ip vpn-instance vpnd...
Page 175: Configuring Mpls L3Vpn
Configuring MPLS L3VPN In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. Overview MPLS L3VPN is a L3VPN technology used to interconnect geographically dispersed VPN sites. MPLS L3VPN uses BGP to advertise VPN routes and uses MPLS to forward VPN packets over a service provider backbone.
Page 176: Mpls L3Vpn Concepts
MPLS L3VPN concepts Site A site has the following features: A site is a group of IP systems with IP connectivity that does not rely on any service provider network. • • The classification of a site depends on the topology relationship of the devices, rather than the geographical positions.
Page 177: Mpls L3Vpn Route Advertisement
As shown in Figure 41, a VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, followed by a four-byte IPv4 prefix. The RD and the IPv4 prefix form a unique VPN-IPv4 prefix. An RD can be in one of the following formats: When the Type field is 0, the Administrator subfield occupies two bytes, the Assigned number •...
Page 178: Mpls L3Vpn Packet Forwarding
From the ingress PE to the egress PE: The ingress PE does the following: Adds RDs and route target attributes to these standard IPv4 routes to create VPN-IPv4 routes. Saves the VPN-IPv4 routes to the routing table of the VPN instance created for the CE. Advertises the VPN-IPv4 routes to the egress PE through MP-BGP.
Page 179: Mpls L3Vpn Networking Schemes
P devices forward the packet to PE 2 by the outer tag. If the outer tag is an MPLS label, the label is removed from the packet at the penultimate hop. If the outer tag is GRE encapsulation, PE 2 removes the GRE encapsulation.
Page 180 In a hub and spoke network as shown in Figure 44, configure route targets as follows: • On spoke PEs (PEs connected to spoke sites), set the export target to Spoke and the import target to Hub. On the hub PE (PE connected to the hub site), use two interfaces or subinterfaces that each belong •...
Page 181: Inter-As Vpn
After spoke sites exchange routes through the hub site, they can communicate with each other through the hub site. Extranet networking scheme The extranet networking scheme allows specific resources in a VPN to be accessed by users not in the VPN.
Page 182 Multihop EBGP redistribution of labeled VPN-IPv4 routes between PE routers—PEs advertise • VPN-IPv4 routes to each other through MP-EBGP. This solution is also called inter-AS option C. Inter-AS option A In this solution, PEs of two ASs are directly connected through multiple subinterfaces, and each PE is also the ASBR of its AS.
Page 183 Figure 47 Network diagram for inter-AS option B VPN 1 VPN 1 CE 1 CE 3 ASBR 2 ASBR 1 PE 1 PE 3 (PE) (PE) MP-EBGP MPLS backbone MPLS backbone AS 100 AS 200 PE 2 PE 4 VPN LSP 1 VPN LSP 3 VPN LSP2 CE 4...
Page 184 bottlenecks, which hinders network extension. Inter-AS option C has better scalability because it makes PEs directly exchange VPN-IPv4 routes. In this solution, PEs exchange VPN-IPv4 routes over a multihop MP-EBGP session. Each PE must have a route to the peer PE and a label for the route so that the inter-AS public tunnel between the PEs can be set up.
Page 185: Carrier's Carrier
The public tunnel from PE 3 to ASBR 2 is set up. The next hop for the route to PE 1 is ASBR 2. The incoming label for the public tunnel on ASBR 2 is L3, and the outgoing label is L2. Within AS 200, the public tunnel from PE 3 to ASBR 2 is required to be set up hop by hop through a label distribution protocol, for example, LDP.
Page 186 The customer is called the customer carrier or the Level 2 carrier. • This networking model is referred to as carrier's carrier. The PEs of the Level 2 carrier directly exchange customer networks over a BGP session. The Level 1 carrier only learns the backbone networks of the Level 2 carrier, without learning customer networks.
Page 187: Nested Vpn
Figure 51 Scenario where the Level 2 carrier is an MPLS L3VPN service provider NOTE: If equal cost routes exist between the Level 1 carrier and the Level 2 carrier, HP recommends that you establish equal cost LSPs between them.
Page 188: Hovpn
Figure 52 Network diagram for nested VPN VPN A Provider MPLS Provider PE Provider PE CE 8 CE 7 VPN backbone VPN A-2 VPN A-1 CE 2 CE 1 Customer MPLS Customer MPLS VPN network Customer PE Customer PE CE 3 CE 4 CE 5 CE 6...
Page 189 HoVPN divides PEs into underlayer PEs (UPEs) or user-end PEs, and superstratum PEs (SPEs) or service provider-end PEs. UPEs and SPEs have different functions and comprise a hierarchical PE. The HoPE and common PEs can coexist in an MPLS network. Figure 53 Basic architecture of HoVPN As shown in Figure...
Page 190: Ospf Vpn Extension
Figure 54 Recursion of HoPEs Figure 54 shows a three-level HoPE. The PE in the middle is called the "middle-level PE (MPE)." MP-BGP runs between SPE and MPE, and between MPE and UPE. MP-BGP advertises the following routes: • All the VPN routes of UPEs to the SPEs. The default routes of the VPN instance of the SPEs or the VPN routes permitted by the routing •...
Page 191 Figure 55 Network diagram for BGP/OSPF interaction As shown in Figure 55, CE 1 1, CE 21, and CE 22 belong to the same VPN and the same OSPF domain. Before domain ID configuration, VPN 1 routes are advertised from CE 1 1 to CE 21 and CE 22 by using the following process: PE 1 redistributes OSPF routes from CE 11 into BGP, and advertises the VPN routes to PE 2 through BGP.
Page 192: Bgp As Number Substitution And Soo Attribute
As shown in Figure 56, Site 1 is connected to two PEs. When a PE advertises VPN routes learned from MP-BGP to Site 1 through OSPF, the routes might be received by the other PE. This results in a routing loop.
Page 193: Mpls L3Vpn Frr
The BGP AS number substitution function allows geographically different CEs to use the same AS number. If the AS_PATH of a route contains the AS number of a CE, the PE replaces the AS number with its own AS number before advertising the route to that CE. After you enable the BGP AS number substitution function, the PE performs BGP AS number substitution for all routes and re-advertises them to connected CEs in the peer group.
Page 194 VPNv4 route backup for a VPNv4 route Figure 59 Network diagram As show in Figure 59, configure FRR on the ingress node PE 1, and specify the backup next hop as PE 3. When PE 1 receives a VPNv4 route to CE 2 from both PE 2 and PE 3, it uses the route from PE 2 as the primary link, and the route from PE 3 as the backup link.
Page 195: Multi-Vpn Instance Ce
through the path CE 1—PE 1—PE 2—PE 3—CE 2. This avoids traffic interruption before route convergence completes (switching back to the link CE 1—PE 1—PE 3—CE 2). In this scenario, PE 2 is responsible for primary link detection and traffic switchover. IPv4 route backup for a VPNv4 route Figure 61 Network diagram As shown in...
Page 196: Protocols And Standards
Figure 62 Network diagram for the MCE function As shown in Figure 62, the MCE exchanges private routes with VPN sites and PE 1, and adds the private routes to the routing tables of corresponding VPN instances. Route exchange between MCE and VPN site—Create VPN instances VPN 1 and VPN 2 on the •...
Page 197: Mpls L3Vpn Configuration Task List
MPLS L3VPN configuration task list Tasks at a glance (Required.) Configuring basic MPLS L3VPN (Optional.) Configuring inter-AS VPN (Optional.) Configuring nested VPN (Optional.) Configuring HoVPN (Optional.) Configuring an OSPF sham link (Optional.) Configuring routing on an MCE (Optional.) Specifying the VPN label processing mode on the egress PE (Optional.) Configuring BGP AS number substitution and SoO attribute (Optional.)
Page 198 SNMP context for the VPN snmp context-name context-name configured. instance. The following matrix shows the maximum number of VPN instances that can be created in the system: Hardware Maximum value MSR2000 1023 MSR3000 2047 MSR4000 4095 Associating a VPN instance with an interface After creating and configuring a VPN instance, associate the VPN instance with the interface connected to the CE.
Page 199: Configuring Routing Between A Pe And A Ce
Step Command Remarks Configurations made in VPN • Enter VPN instance view: instance view apply to both IPv4 ip vpn-instance vpn-instance-name VPN and IPv6 VPN. • Enter IPv4 VPN view: Enter VPN instance view IPv4 VPN prefers the or IPv4 VPN view vpn-instance configurations in IPv4 VPN view vpn-instance-name...
Page 200 Configuring static routing between a PE and a CE Step Command Remarks Enter system view. system-view By default, no static route is ip route-static vpn-instance configured for a VPN s-vpn-instance-name dest-address { mask-length instance. | mask } { interface-type interface-number [ next-hop-address ] |next-hop-address Perform this configuration on Configure a static route...
Page 201 Step Command Remarks Perform this configuration on the PE. On the CE, create a common OSPF process. Create an OSPF process for a ospf [ process-id | router-id The maximum number of OSPF VPN instance and enter the router-id | vpn-instance processes that a VPN instance can OSPF view.
Page 202 Step Command Remarks Create an IS-IS process for a Perform this configuration on the isis [ process-id ] vpn-instance VPN instance and enter IS-IS PE. On the CE, configure common vpn-instance-name view. IS-IS. Configure a network entity title network-entity net By default, no NET is configured.
Page 203 Step Command Remarks By default, BGP discards incoming route updates that contain the local AS number. BGP detects routing loops by examining AS numbers. In a hub-spoke network where EBGP is running (Optional.) Allow the local AS between a PE and a CE, the number to appear in the routing information the PE peer { group-name | ip-address }...
Page 204 Step Command Remarks Enter BGP view. bgp as-number Configuration commands in BGP-VPN instance view are the Enter BGP-VPN instance ip vpn-instance same as those in BGP view. For view. vpn-instance-name more information, see Layer 3—IP Routing Configuration Guide. Configure the CE as the VPN peer { group-name | ip-address } By default, no BGP peer is IBGP peer.
Page 205: Configuring Routing Between Pes
Step Command Remarks Enable IPv4 unicast route By default, BGP does not peer { group-name | ip-address } exchange with the specified exchange IPv4 unicast routes enable peer or peer group. with any peer. import-route protocol [ { process-id | all-processes } A CE must redistribute its routes (Optional.) Configure route [ allow-direct | med med-value |...
Page 206 Step Command Remarks Optional. Configure filtering of received filter-policy { acl-number | By default, BGP does not filter routes. prefix-list prefix-list-name } import received routes. Optional. Advertise community attributes peer { group-name | ip-address } By default, no community attributes to a peer or peer group.
Page 207: Configuring Inter-As Vpn
Step Command Remarks Optional. Configure updates By default, BGP route updates advertised to an EBGP peer or peer { group-name | ip-address } advertised to an EBGP peer or peer peer group to carry only public public-as-only group can carry both public and AS numbers.
Page 208: Configuring Inter-As Option B
Configuring inter-AS option B To configure inter-AS option B, perform configurations on PEs and ASBRs. PE configuration: • Configure basic MPLS L3VPN, and specify the ASBR in the same AS as an MP-IBGP peer. The route targets for the VPN instances on the PEs in different ASs must match for the same VPN. For information about PE configuration, see "Configuring basic MPLS L3VPN."...
Page 209: Configuring Inter-As Option C
Step Command Remarks Enter BGP VPNv4 address address-family vpnv4 family view. Enable exchange By default, BGP cannot exchange VPNv4 routes with the PE in the peer { group-name | ip-address } VPNv4 routing information with a same AS and the ASBR in enable peer.
Page 210 Step Command Remarks Configure the ASBR in the peer { group-name | ip-address } By default, no BGP peer is created. same AS as an IBGP peer. as-number as-number Configure the PE of another AS peer { group-name | ip-address } By default, no BGP peer is created.
Page 211 Step Command Remarks (Optional.) Match IPv4 routes By default, no MPLS label match if-match mpls-label carrying labels. criterion is configured. (Optional.) Set labels for IPv4 By default, no MPLS label is set for apply mpls-label routes. IPv4 routes. Return to system view. quit Enter interface view of the interface interface-type...
Page 212: Configuring Nested Vpn
Configuring nested VPN For a network with many VPNs, nested VPN is a good solution to implement layered management of VPNs and to conceal the deployment of internal VPNs. To build a nested VPN network, perform the following configurations: • Configurations between customer PE and customer CE—Configure VPN instances on the customer PE and configure route exchange between customer PE and customer CE.
Page 213: Configuring Hovpn
Step Command Remarks (Optional.) Configure the SoO peer { group-name | ip-address } By default, the SoO attribute is not attribute for the BGP peer or soo site-of-origin configured. peer group. Configuring HoVPN In a HoVPN networking scenario, perform basic MPLS L3VPN settings on UPE and SPE. In addition, configure the following settings on the SPE: Specify the BGP peer or peer group as a UPE.
Page 214: Configuring An Ospf Sham Link
Step Command Remarks By default, no route is advertised to • Advertise a default VPN route the UPE. to the UPE: peer { group-name | Do not configure both commands. ip-address } The peer default-route-advertise default-route-advertise vpn-instance command advertises vpn-instance a default route using the local Advertise routes to the UPE.
Page 215: Redistributing The Loopback Interface Route
Step Command Remarks Enter system view. system-view ospf [ process-id | router-id HP recommends that you specify a Enter OSPF view. router-id | vpn-instance router ID. vpn-instance-name ] * If BGP runs within an MPLS backbone, and the BGP AS...
Page 216: Configuring Routing Between An Mce And A Vpn Site
MCE-PE routing configuration. • On the PE, do the following: Disable routing loop detection to avoid route loss during route calculation. • Disable route redistribution between routing protocols to save system resources. • Before you configure routing on an MCE, configure VPN instances, and bind the VPN instances to the interfaces connected to the VPN sites and the PE.
Page 217 Step Command Remarks Perform this configuration on the Create a RIP process for a VPN rip [ process-id ] vpn-instance MCE. On a VPN site, create a instance and enter RIP view. vpn-instance-name common RIP process. Enable RIP on the interface By default, RIP is disabled on an attached specified...
Page 218 Step Command Remarks import-route protocol [ process-id | all-processes | allow-ibgp ] Redistribute remote site routes By default, no routes are [ allow-direct | cost cost | advertised by the PE into OSPF. redistributed into OSPF. route-policy route-policy-name | tag tag | type type ] * Create an OSPF area and By default, no OSPF area is area area-id...
Page 219 Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter BGP-VPN instance ip vpn-instance vpn-instance-name view. peer { group-name | ip-address } By default, no BGP peer is Configure an EBGP peer. as-number as-number configured. Enter BGP-VPN IPv4 unicast address-family ipv4 [ unicast ] address family view.
Page 220 Step Command Remarks By default, no routes are import-route protocol redistributed into BGP. [ { process-id | all-processes } Redistribute the IGP routes of [ allow-direct | med med-value | A VPN site must advertise the the VPN into BGP. route-policy route-policy-name ] VPN network addresses it can reach to the connected MCE.
Page 221: Configuring Routing Between An Mce And A Pe
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Configure the MCE as an peer { group-name | ip-address } IBGP peer. as-number as-number Enter BGP-VPN IPv4 unicast address-family ipv4 [ unicast ] address family view. Enable BGP to exchange By default, BGP does not peer { group-name | ip-address } IPv4 unicast routes with the...
Page 222 Configuring RIP between an MCE and a PE Step Command Remarks Enter system view. system-view Create a RIP process for rip [ process-id ] vpn-instance a VPN instance and vpn-instance-name enter RIP view. Enable By default, RIP is disabled on interface attached to the network network-address an interface.
Page 223 Step Command Remarks Enable OSPF on the interface By default, an interface neither attached specified network ip-address wildcard-mask belongs to any area nor runs network in the area. OSPF. Configuring IS-IS between an MCE and a PE Step Command Remarks Enter system view.
Page 224: Specifying The Vpn Label Processing Mode On The Egress Pe
Step Command Remarks import-route protocol [ process-id | Redistribute all-processes ] [ allow-direct | med By default, no routes are routes of the VPN site. med-value | route-policy redistributed into BGP. route-policy-name ] * (Optional.) Configure filter-policy { acl-number | prefix-list By default, BGP does not filter filtering advertised...
Page 225: Configuring Bgp As Number Substitution And Soo Attribute
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Specify label processing mode as POPGO vpn popgo The default is POP forwarding. forwarding. Configuring BGP AS number substitution and SoO attribute When CEs at different sites have the same AS number, configure the BGP AS number substitution function to avoid route loss.
Page 226: Configuring Mpls L3Vpn Frr
Step Command Remarks Enable SNMP notifications for By default, SNMP notifications for snmp-agent trap enable l3vpn MPLS L3VPN. MPLS L3VPN are enabled. Configuring MPLS L3VPN FRR There are two methods to configure MPLS L3VPN FRR: • Method 1—Execute the pic command in BGP-VPN IPv4 unicast address family view. The device calculates a backup next hop for a BGP route in the VPN instance if there are two or more unequal-cost routes to reach the destination.
Page 227 Step Command Remarks • Configure BFD to test the connectivity of the LSP for the specified FEC: mpls bfd dest-addr mask-length [ nexthop nexthop-address By default, BFD is not configured to [ discriminator local local-id test the connectivity of the LSP or remote remote-id ] ] [ template MPLS TE tunnel.
Page 228: Displaying And Maintaining Mpls L3Vpn
Step Command Remarks Enter BGP-VPN IPv4 unicast address-family ipv4 [ unicast ] address family view. By default, MPLS L3VPN FRR is disabled. Method 1 might result in routing loops. Use it with caution. • (Method 1) Enable MPLS L3VPN By default, no routing policy is FRR for the address family: referenced.
Page 229 Display BGP VPNv4 peer vpn-instance-name ] [ { ip-address | information Available in any view. group-name group-name } log-info | (MSR2000/MSR3000). [ ip-address ] verbose ] display bgp peer vpnv4 [ vpn-instance vpn-instance-name ] [ { ip-address | Display BGP VPNv4 peer group-name group-name } log-info | Available in any view.
Page 230: Mpls L3Vpn Configuration Examples
VPNv4 routes. Display outgoing labels for BGP VPNv4 routes display bgp routing-table vpnv4 outlabel Available in any view. (MSR2000/MSR3000). Display outgoing labels for BGP display bgp routing-table vpnv4 outlabel Available in any view. VPNv4 routes (MSR4000). [ standby slot slot-number ]...
Page 231 Figure 63 Network diagram AS 65410 AS 65430 VPN 1 VPN 1 CE 3 CE 1 GE2/1/1 GE2/1/1 Loop0 PE 2 GE2/1/1 GE2/1/1 PE 1 POS2/1/0 POS2/1/1 Loop0 Loop0 POS2/1/0 POS2/1/0 GE2/1/2 GE2/1/2 MPLS backbone GE2/1/1 GE2/1/1 CE 2 CE 4 VPN 2 VPN 2 AS 65420...
Page 232 [PE1-ospf-1] quit # Configure the P device. <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface pos 2/1/0 [P-Pos2/1/0] ip address 172.1.1.2 24 [P-Pos2/1/0] quit [P] interface pos 2/1/1 [P-Pos2/1/1] ip address 172.2.1.1 24 [P-Pos2/1/1] quit [P] ospf [P-ospf-1] area 0...
Page 233 Destination/Mask Proto Cost NextHop Interface 1.1.1.9/32 OSPF 1.1.1.9 Loop0 172.1.1.0/24 OSPF 172.1.1.1 POS2/1/0 # On PE 1, verify that OSPF adjacencies in Full state have been established between PE 1, P, and PE 2. [PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.1(POS2/1/0)'s neighbors Router ID: 2.2.2.9...
Page 234 [PE2-Pos2/1/0] mpls ldp enable [PE2-Pos2/1/0] quit # On PE 1, verify that LDP sessions in Operational state have been established between PE 1, P, and PE 2. [PE1] display mpls ldp peer Total number of peers: 1 Peer LDP ID State Role KA Sent/Rcvd...
Page 235 [PE2] interface gigabitethernet 2/1/1 [PE2-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/1/1] ip address 10.3.1.2 24 [PE2-GigabitEthernet2/1/1] quit [PE2] interface gigabitethernet 2/1/2 [PE2-GigabitEthernet2/1/2] ip binding vpn-instance vpn2 [PE2-GigabitEthernet2/1/2] ip address 10.4.1.2 24 [PE2-GigabitEthernet2/1/2] quit # Configure IP addresses for the CEs according to Figure 63.
Page 236 [PE1-bgp-ipv4-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] ip vpn-instance vpn2 [PE1-bgp-vpn2] peer 10.2.1.1 as-number 65420 [PE1-bgp-vpn2] address-family ipv4 unicast [PE1-bgp-ipv4-vpn2] peer 10.2.1.1 enable [PE1-bgp-ipv4-vpn2] import-route direct [PE1-bgp-ipv4-vpn2] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure PE 2 in the same way that PE 1 is configured. (Details not shown.) # Execute the display bgp peer ipv4 vpn-instance command on the PEs.
Page 237: Configuring Mpls L3Vpn Over A Gre Tunnel
Peer MsgRcvd MsgSent OutQ PrefRcv Up/Down State 3.3.3.9 0 00:00:32 Established Verifying the configuration # Execute the display ip routing-table vpn-instance command on the PEs. [PE1] display ip routing-table vpn-instance vpn1 Destinations : 13 Routes : 13 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32...
Page 238 Figure 64 Network diagram Table 13 Interface and IP assignment Device Interface IP address Device Interface IP address CE 1 GE2/1/1 10.1.1.1/24 POS2/1/0 172.1.1.2/24 PE 1 Loop0 1.1.1.9/32 POS2/1/1 172.2.1.1/24 GE2/1/1 10.1.1.2/24 PE 2 Loop0 2.2.2.9/32 POS2/1/1 172.1.1.1/24 GE2/1/1 10.2.1.2/24 Tunnel0 20.1.1.1/24 POS2/1/0...
Page 239 [PE1-tunnel-policy-gre1] select-seq gre load-balance-number 1 [PE1-tunnel-policy-gre1] quit [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] tnl-policy gre1 [PE1-vpn-instance-vpn1] quit [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ip address 10.1.1.2 24 [PE1-GigabitEthernet2/1/1] quit # Configure PE 2. [PE2] tunnel-policy gre1 [PE2-tunnel-policy-gre1] select-seq gre load-balance-number 1 [PE2-tunnel-policy-gre1] quit...
Page 240 56 bytes from 10.1.1.1: icmp_seq=3 ttl=255 time=0.000 ms 56 bytes from 10.1.1.1: icmp_seq=4 ttl=255 time=0.000 ms --- Ping statistics for 10.1.1.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.000/0.200/1.000/0.400 ms Establish EBGP peer relationships between PEs and CEs, and redistribute VPN routes into BGP: # Configure CE 1.
Page 241: Configure A Gre Tunnel
[PE1-bgp-vpnv4] quit [PE1-bgp] quit # Configure PE 2 in the same way that PE 1 is configured. (Details not shown.) # Execute the display bgp peer vpnv4 command on the PEs. This example uses PE 1 to verify that a BGP peer relationship in Established state has been established between the PEs. [PE1] display bgp peer vpnv4 BGP local router ID: 1.1.1.9 Local AS number: 100...
Page 242: Configuring A Hub-Spoke Network
224.0.0.0/4 Direct 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 127.0.0.1 InLoop0 # Verify that CE 1 and CE 2 can ping each other. (Details not shown.) Configuring a hub-spoke network Network requirements The Spoke-CEs cannot communicate directly. They can communicate only through Hub-CE. Configure EBGP between the Spoke-CEs and Spoke-PEs and between Hub-CE and Hub-PE to exchange VPN routing information.
Page 243 Configuration procedure Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone: # Configure Spoke-PE 1. <Spoke-PE1> system-view [Spoke-PE1] interface loopback 0 [Spoke-PE1-LoopBack0] ip address 1.1.1.9 32 [Spoke-PE1-LoopBack0] quit [Spoke-PE1] interface pos 2/1/0 [Spoke-PE1-Pos2/1/0] ip address 172.1.1.1 24 [Spoke-PE1-Pos2/1/0] quit [Spoke-PE1] ospf [Spoke-PE1-ospf-1] area 0...
Page 244 [Hub-PE-ospf-1] quit # Execute the display ospf peer command on the devices to verify that OSPF adjacencies in Full state have been established between Spoke-PE 1, Spoke-PE 2, and Hub-PE. Execute the display ip routing-table command on the devices to verify that the PEs have learned the routes to the loopback interfaces of each other.
Page 245 [Spoke-PE1-GigabitEthernet2/1/1] ip address 10.1.1.2 24 [Spoke-PE1-GigabitEthernet2/1/1] quit # Configure Spoke-PE 2. [Spoke-PE2] ip vpn-instance vpn1 [Spoke-PE2-vpn-instance-vpn1] route-distinguisher 100:2 [Spoke-PE2-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity [Spoke-PE2-vpn-instance-vpn1] vpn-target 222:2 export-extcommunity [Spoke-PE2-vpn-instance-vpn1] quit [Spoke-PE2] interface gigabitethernet 2/1/1 [Spoke-PE2-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [Spoke-PE2-GigabitEthernet2/1/1] ip address 10.2.1.2 24 [Spoke-PE2-GigabitEthernet2/1/1] quit # Configure Hub-PE.
Page 246 --- Ping statistics for 10.1.1.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.666/2.075/2.710/0.406 ms Establish EBGP peer relationships between the PEs and CEs, and redistribute VPN routes into BGP: # Configure Spoke-CE 1. <Spoke-CE1> system-view [Spoke-CE1] bgp 65410 [Spoke-CE1-bgp] peer 10.1.1.2 as-number 100 [Spoke-CE1-bgp] address-family ipv4...
Page 247 [Spoke-PE2-bgp-vpn1] address-family ipv4 [Spoke-PE2-bgp-ipv4-vpn1] peer 10.2.1.1 enable [Spoke-PE2-bgp-ipv4-vpn1] import-route direct [Spoke-PE2-bgp-ipv4-vpn1] quit [Spoke-PE2-bgp-vpn1] quit [Spoke-PE2-bgp] quit # Configure Hub-PE. [Hub-PE] bgp 100 [Hub-PE-bgp] ip vpn-instance vpn1-in [Hub-PE-bgp-vpn1-in] peer 10.3.1.1 as-number 65430 [Hub-PE-bgp-vpn1-in] address-family ipv4 [Hub-PE-bgp-ipv4-vpn1-in] peer 10.3.1.1 enable [Hub-PE-bgp-ipv4-vpn1-in] import-route direct [Hub-PE-bgp-ipv4-vpn1-in] quit [Hub-PE-bgp-vpn1-in] quit [Hub-PE-bgp] ip vpn-instance vpn1-out...
Page 248: Configuring Mpls L3Vpn Inter-As Option A
[Hub-PE-bgp] peer 3.3.3.9 connect-interface loopback 0 [Hub-PE-bgp] address-family vpnv4 [Hub-PE-bgp-vpnv4] peer 1.1.1.9 enable [Hub-PE-bgp-vpnv4] peer 3.3.3.9 enable [Hub-PE-bgp-vpnv4] quit [Hub-PE-bgp] quit # Execute the display bgp peer vpnv4 command on the PEs to verify that a BGP peer relationship in Established state has been established between the PEs. (Details not shown.) Verifying the configuration # Execute the display ip routing-table vpn-instance command on the PEs to display the routes to the CEs.
Page 249 Run OSPF on the MPLS backbone of each AS. Figure 66 Network diagram MPLS backbone MPLS backbone Loop0 Loop0 AS 100 AS 200 POS2/1/1 POS2/1/1 POS2/1/0 POS2/1/0 ASBR-PE 1 ASBR-PE 2 Loop0 Loop0 POS2/1/0 POS2/1/0 PE 2 PE 1 GE2/1/1 GE2/1/1 GE2/1/1 GE2/1/1...
Page 250 [PE1-Pos2/1/0] mpls enable [PE1-Pos2/1/0] mpls ldp enable [PE1-Pos2/1/0] quit # Configure basic MPLS on ASBR-PE 1, and enable MPLS LDP on the interface connected to PE 1. <ASBR-PE1> system-view [ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls ldp [ASBR-PE1-ldp] quit [ASBR-PE1] interface pos 2/1/0 [ASBR-PE1-Pos2/1/0] mpls enable [ASBR-PE1-Pos2/1/0] mpls ldp enable [ASBR-PE1-Pos2/1/0] quit...
Page 251 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ip address 10.1.1.2 24 [PE1-GigabitEthernet2/1/1] quit # Configure CE 2. <CE2> system-view [CE2] interface gigabitethernet 2/1/1 [CE2-GigabitEthernet2/1/1] ip address 10.2.1.1 24 [CE2-GigabitEthernet2/1/1] quit # Configure PE 2. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:2 [PE2-vpn-instance-vpn1] vpn-target 200:1 both [PE2-vpn-instance-vpn1] quit [PE2] interface gigabitethernet 2/1/1...
Page 252 [CE1-bgp] quit # Configure PE 1. [PE1] bgp 100 [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.1 as-number 65001 [PE1-bgp-vpn1] address-family ipv4 unicast [PE1-bgp-ipv4-vpn1] peer 10.1.1.1 enable [PE1-bgp-ipv4-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 2. [CE2] bgp 65002 [CE2-bgp] peer 10.2.1.2 as-number 200 [CE2-bgp] address-family ipv4 unicast [CE2-bgp-ipv4] peer 10.2.1.2 enable [CE2-bgp-ipv4] import-route direct...
Page 253: Configuring Mpls L3Vpn Inter-As Option B
[ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback 0 [ASBR-PE1-bgp] address-family vpnv4 [ASBR-PE1-bgp-vpnv4] peer 1.1.1.9 enable [ASBR-PE1-bgp-vpnv4] peer 1.1.1.9 next-hop-local [ASBR-PE1-bgp-vpnv4] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ip vpn-instance vpn1 [ASBR-PE2-bgp-vpn1] peer 192.1.1.1 as-number 100 [ASBR-PE2-bgp-vpn1] address-family ipv4 unicast [ASBR-PE2-bgp-ipv4-vpn1] peer 192.1.1.1 enable [ASBR-PE2-bgp-ipv4-vpn1] quit [ASBR-PE2-bgp-vpn1] quit...
Page 254 Figure 67 Network diagram Table 16 Interface and IP assignment Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 GE2/1/1 30.0.0.1/8 GE2/1/1 20.0.0.1/8 S2/1/0 1.1.1.2/8 S2/1/0 9.1.1.2/8 ASBR-PE 1 Loop0 3.3.3.9/32 ASBR-PE 2 Loop0 4.4.4.9/32 S2/1/0...
Page 255 [PE1-Serial2/1/0] quit # Configure interface Loopback 0, and enable IS-IS on it. [PE1] interface loopback 0 [PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1, and configure the RD and route target attributes. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity...
Page 256 [ASBR-PE1-Serial2/1/0] mpls enable [ASBR-PE1-Serial2/1/0] mpls ldp enable [ASBR-PE1-Serial2/1/0] quit # Configure interface Serial 2/1/1, and enable MPLS. [ASBR-PE1] interface serial 2/1/1 [ASBR-PE1-Serial2/1/1] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Serial2/1/1] mpls enable [ASBR-PE1-Serial2/1/1] quit # Configure interface Loopback 0, and enable IS-IS on it. [ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.3.3.9 32 [ASBR-PE1-LoopBack0] isis enable 1...
Page 257 [ASBR-PE2-Serial2/1/1] mpls enable [ASBR-PE2-Serial2/1/1] quit # Configure interface Loopback 0, and enable IS-IS on it. [ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit # Enable BGP on ASBR-PE 2. [ASBR-PE2] bgp 600 [ASBR-PE2-bgp] peer 11.0.0.2 as-number 100 [ASBR-PE2-bgp] peer 11.0.0.2 connect-interface serial 2/1/1 [ASBR-PE2-bgp] peer 5.5.5.9 as-number 600 [ASBR-PE2-bgp] peer 5.5.5.9 connect-interface loopback 0...
Page 258: Configuring Mpls L3Vpn Inter-As Option C
[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE2-vpn-instance-vpn1] quit # Bind the interface connected to CE 1 to the created VPN instance. [PE2] interface gigabitethernet 2/1/1 [PE2-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/1/1] ip address 20.0.0.1 8 [PE2-GigabitEthernet2/1/1] quit # Enable BGP on PE 2.
Page 259 ASBR-PE 1 and ASBR-PE 2 use EBGP to exchange labeled IPv4 routes. Figure 68 Network diagram Table 17 Interface and IP assignment Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 GE2/1/1 30.0.0.1/24 GE2/1/1 20.0.0.1/24 S2/1/0...
Page 260 # Configure IS-IS on PE 1. <PE1> system-view [PE1] isis 1 [PE1-isis-1] network-entity 10.111.111.111.111.00 [PE1-isis-1] quit # Configure LSR ID, and enable MPLS and LDP. [PE1] mpls lsr-id 2.2.2.9 [PE1] mpls ldp [PE1-ldp] quit # Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface. [PE1] interface serial 2/1/0 [PE1-Serial2/1/0] ip address 1.1.1.2 255.0.0.0 [PE1-Serial2/1/0] isis enable 1...
Page 261 # Configure peer 5.5.5.9 as a VPNv4 peer. [PE1-bgp] address-family vpnv4 [PE1-bgp-vpnv4] peer 5.5.5.9 enable [PE1-bgp-vpnv4] quit # Establish an EBGP peer relationship with CE 1, and add the learned BGP routes to the routing table of VPN instance vpn1. [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 30.0.0.2 as-number 65001 [PE1-bgp-vpn1] address-family ipv4 unicast...
Page 262 [ASBR-PE1-route-policy-policy2-1] quit # Start BGP on ASBR-PE 1, and apply the routing policy policy2 to routes advertised to IBGP peer 2.2.2.9. [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 2.2.2.9 as-number 100 [ASBR-PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [ASBR-PE1-bgp] address-family ipv4 unicast [ASBR-PE1-bgp-ipv4] peer 2.2.2.9 enable [ASBR-PE1-bgp-ipv4] peer 2.2.2.9 route-policy policy2 export # Enable the capability to advertise labeled routes to IBGP peer 2.2.2.9 and to receive labeled routes from the peer.
Page 263 [ASBR-PE2-LoopBack0] quit # Configure interface Serial 2/1/1, and enable MPLS on the interface. [ASBR-PE2] interface serial 2/1/1 [ASBR-PE2-Serial2/1/1] ip address 11.0.0.1 255.0.0.0 [ASBR-PE2-Serial2/1/1] mpls enable [ASBR-PE2-Serial2/1/1] quit # Create routing policies. [ASBR-PE2] route-policy policy1 permit node 1 [ASBR-PE2-route-policy-policy1-1] apply mpls-label [ASBR-PE2-route-policy-policy1-1] quit [ASBR-PE2] route-policy policy2 permit node 1 [ASBR-PE2-route-policy-policy2-1] if-match mpls-label...
Page 264 [PE2-ldp] quit # Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface. [PE2] interface serial 2/1/0 [PE2-Serial2/1/0] ip address 9.1.1.2 255.0.0.0 [PE2-Serial2/1/0] isis enable 1 [PE2-Serial2/1/0] mpls enable [PE2-Serial2/1/0] mpls ldp enable [PE2-Serial2/1/0] quit # Configure the interface Loopback 0, and enable IS-IS on it. [PE2] interface loopback 0 [PE2-LoopBack0] ip address 5.5.5.9 32 [PE2-LoopBack0] isis enable 1...
Page 265: Configuring Mpls L3Vpn Carrier's Carrier
[PE2-bgp-vpn1] address-family ipv4 unicast [PE2-bgp-ipv4-vpn1] peer 20.0.0.2 enable [PE2-bgp-ipv4-vpn1] quit [PE2-bgp-vpn1] quit [PE2-bgp] quit Configure CE 2: # Configure an IP address for GigabitEthernet 2/1/1. <CE2> system-view [CE2] interface gigabitethernet 2/1/1 [CE2-GigabitEthernet2/1/1] ip address 20.0.0.2 24 [CE2-GigabitEthernet2/1/1] quit # Establish an EBGP peer relationship with PE 2, and redistribute VPN routes. [CE2] bgp 65002 [CE2-bgp] peer 20.0.0.1 as-number 600 [CE2-bgp] address-family ipv4 unicast...
Page 266 Figure 69 Network diagram Table 18 Interface and IP assignment Device Interface IP address Device Interface IP address CE 3 GE2/1/1 100.1.1.1/24 CE 4 GE2/1/1 120.1.1.1/24 PE 3 Loop0 1.1.1.9/32 PE 4 Loop0 6.6.6.9/32 GE2/1/1 100.1.1.2/24 GE2/1/1 120.1.1.2/24 POS2/1/1 10.1.1.1/24 POS2/1/1 20.1.1.2/24 CE 1...
Page 267 [PE1-isis-1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface pos 2/1/1 [PE1-Pos2/1/1] ip address 30.1.1.1 24 [PE1-Pos2/1/1] isis enable 1 [PE1-Pos2/1/1] mpls enable [PE1-Pos2/1/1] mpls ldp enable [PE1-Pos2/1/1] mpls ldp transport-address interface [PE1-Pos2/1/1] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] address-family vpnv4...
Page 268 Configure the customer carrier network. Enable IS-IS as the IGP, and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2: # Configure PE 3. <PE3> system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 1.1.1.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 1.1.1.9 [PE3] mpls ldp...
Page 269 Allow CEs of the customer carrier to access PEs of the provider carrier, and redistribute IS-IS routes to BGP and BGP routes to IS-IS on the PEs: # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] mpls ldp [PE1-ldp] vpn-instance vpn1...
Page 270 [CE3] bgp 65410 [CE3-bgp] peer 100.1.1.2 as-number 100 [CE3-bgp] address-family ipv4 unicast [CE3-bgp-ipv4] peer 100.1.1.2 enable [CE3-bgp-ipv4] import-route direct [CE3-bgp-ipv4] quit [CE3-bgp] quit # Configure PE 3. [PE3] ip vpn-instance vpn1 [PE3-vpn-instance-vpn1] route-distinguisher 100:1 [PE3-vpn-instance-vpn1] vpn-target 1:1 [PE3-vpn-instance-vpn1] quit [PE3] interface gigabitethernet 2/1/1 [PE3-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE3-GigabitEthernet2/1/1] ip address 100.1.1.2 24 [PE3-GigabitEthernet2/1/1] quit...
Page 271 3.3.3.9/32 Direct 0 127.0.0.1 InLoop0 4.4.4.9/32 ISIS 30.1.1.2 POS2/1/1 30.1.1.0/24 Direct 0 30.1.1.1 POS2/1/1 30.1.1.1/32 Direct 0 127.0.0.1 InLoop0 30.1.1.2/32 Direct 0 30.1.1.2 POS2/1/1 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Verify that the VPN routing table contains the internal routes of the customer carrier, but it does not contain the VPN routes that the customer carrier maintains.
Page 272: Configuring Nested Vpn
# Verify that the public network routing table contains the internal routes of the customer carrier network. [PE3] display ip routing-table Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Cost NextHop Interface 1.1.1.9/32 Direct 0 127.0.0.1 InLoop0 2.2.2.9/32 ISIS 10.1.1.2...
Page 273 Adds the export target attribute of the MPLS VPN on the service provider network to the extended community attribute list. Forwards the VPNv4 route. To implement exchange of sub-VPN routes between customer PEs and service provider PEs, • MP-EBGP peers must be established between provider PEs and provider CEs. Figure 70 Network diagram AS 100 PE 1...
Page 274 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 3.3.3.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 3.3.3.9 [PE1] mpls ldp [PE1-ldp] quit [PE1] isis 1 [PE1-isis-1] network-entity 10.0000.0000.0000.0004.00 [PE1-isis-1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface pos 2/1/1 [PE1-Pos2/1/1] ip address 30.1.1.1 24 [PE1-Pos2/1/1] isis enable 1 [PE1-Pos2/1/1] mpls enable...
Page 275 Interface: POS2/1/1 Circuit Id: 0000.0000.0005.02 State: Up HoldTime: Type: L1(L1L2) PRI: 64 System Id: 0000.0000.0005 Interface: POS2/1/1 Circuit Id: 0000.0000.0005.02 State: Up HoldTime: Type: L2(L1L2) PRI: 64 Configure the customer VPN. Enable IS-IS, and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2: # Configure PE 3.
Page 276 An LDP session and IS-IS neighbor relationship can be established between PE 3 and CE 1. # Configure PE 4 and CE 2 in the same way that PE 3 and CE 1 are configured. (Details not shown.) Connect CE 1 and CE 2 to service provider PEs: # Configure PE 1.
Page 277 [CE5] bgp 65411 [CE5-bgp] peer 110.1.1.2 as-number 200 [CE5-bgp] address-family ipv4 unicast [CE5-bgp-ipv4] peer 110.1.1.2 enable [CE5-bgp-ipv4] import-route direct [CE5-bgp-ipv4] quit [CE5-bgp] quit # Configure PE 3. [PE3] ip vpn-instance SUB_VPN1 [PE3-vpn-instance-SUB_VPN1] route-distinguisher 100:1 [PE3-vpn-instance-SUB_VPN1] vpn-target 2:1 [PE3-vpn-instance-SUB_VPN1] quit [PE3] interface gigabitethernet 2/1/1 [PE3-GigabitEthernet2/1/1] ip binding vpn-instance SUB_VPN1 [PE3-GigabitEthernet2/1/1] ip address 100.1.1.2 24 [PE3-GigabitEthernet2/1/1] quit...
Page 278 [PE1-bgp-vpnv4] quit [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] address-family vpnv4 [PE1-bgp-vpnv4-vpn1] peer 11.1.1.1 enable [PE1-bgp-vpnv4-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # On CE 1, enable VPNv4 route exchange with PE 1. [CE1] bgp 200 [CE1-bgp] address-family vpnv4 [CE1-bgp-vpnv4] peer 11.1.1.2 enable # Allow the local AS number to appear in the AS-PATH attribute of the routes received.
Page 279 Destinations : 14 Routes : 14 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 127.0.0.1 InLoop0 3.3.3.9/32 Direct 0 127.0.0.1 InLoop0 4.4.4.9/32 ISIS 30.1.1.2 POS2/1/1 30.1.1.0/24 Direct 0 30.1.1.1 POS2/1/1 30.1.1.1/32 Direct 0 127.0.0.1 InLoop0 30.1.1.2/32 Direct 0 30.1.1.2 POS2/1/1 30.1.1.255/32 Direct 0 30.1.1.2...
Page 280 Total number of routes from all PEs: 4 Route Distinguisher: 100:1 Total number of routes: 1 Network NextHop LocPrf PrefVal Path/Ogn * > 100.1.1.0/24 1.1.1.9 200 65410? Route Distinguisher: 101:1 Total number of routes: 1 Network NextHop LocPrf PrefVal Path/Ogn * >...
Page 281 127.255.255.255/32 Direct 0 127.0.0.1 InLoop0 224.0.0.0/4 Direct 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 127.0.0.1 InLoop0 Display the routing table on the CEs of sub-VPNs in the customer VPN, for example, on CE 3 and CE 5: # Verify that the routing tables contains the route to the remote sub-VPN on CE 3.
Page 282: Configuring Hovpn
Configuring HoVPN Network requirements As shown in Figure 71, there are two levels of networks: the backbone and the MPLS VPN networks. SPEs act as PEs to allow MPLS VPNs to access the backbone. • • UPEs act as PEs of the MPLS VPNs to allow end users to access the VPNs. Performance requirements for the UPEs are lower than those for the SPEs.
Page 283 <UPE1> system-view [UPE1] interface loopback 0 [UPE1-LoopBack0] ip address 1.1.1.9 32 [UPE1-LoopBack0] quit [UPE1] mpls lsr-id 1.1.1.9 [UPE1] mpls ldp [UPE1-ldp] quit [UPE1] interface gigabitethernet 2/1/3 [UPE1-GigabitEthernet2/1/3] ip address 172.1.1.1 24 [UPE1-GigabitEthernet2/1/3] mpls enable [UPE1-GigabitEthernet2/1/3] mpls ldp enable [UPE1-GigabitEthernet2/1/3] quit # Configure the IGP protocol (OSPF, in this example).
Page 284 [UPE1-bgp-ipv4-vpn1] import-route direct [UPE1-bgp-ipv4-vpn1] quit [UPE1-bgp-vpn1] quit # Establish an EBGP peer relationship with CE 2, and redistribute VPN routes into BGP. [UPE1-bgp] ip vpn-instance vpn2 [UPE1-bgp-vpn2] peer 10.4.1.1 as-number 65420 [UPE1-bgp-vpn2] address-family ipv4 unicast [UPE1-bgp-ipv4-vpn2] peer 10.4.1.1 enable [UPE1-bgp-ipv4-vpn2] import-route direct [UPE1-bgp-ipv4-vpn2] quit [UPE1-bgp-vpn2] quit [UPE1-bgp] quit...
Page 285 [UPE2-GigabitEthernet2/1/1] mpls enable [UPE2-GigabitEthernet2/1/1] mpls ldp enable [UPE2-GigabitEthernet2/1/1] quit # Configure the IGP protocol (OSPF, in this example). [UPE2] ospf [UPE2-ospf-1] area 0 [UPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [UPE2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [UPE2-ospf-1-area-0.0.0.0] quit [UPE2-ospf-1] quit # Configure VPN instances vpn1 and vpn2, allowing CE 3 and CE 4 to access UPE 2. [UPE2] ip vpn-instance vpn1 [UPE2-vpn-instance-vpn1] route-distinguisher 300:1 [UPE2-vpn-instance-vpn1] vpn-target 100:1 both...
Page 286 [UPE2-bgp-ipv4-vpn2] import-route direct [UPE2-bgp-ipv4-vpn2] quit [UPE2-bgp-vpn2] quit [UPE2-bgp] quit Configure CE 3. <CE3> system-view [CE3] interface gigabitethernet 2/1/1 [CE3-GigabitEthernet2/1/1] ip address 10.1.1.1 255.255.255.0 [CE3-GigabitEthernet2/1/1] quit [CE3] bgp 65430 [CE3-bgp] peer 10.1.1.2 as-number 100 [CE3-bgp] address-family ipv4 unicast [CE3-bgp-ipv4] peer 10.1.1.2 enable [CE3-bgp-ipv4] import-route direct [CE3-bgp-ipv4] quit [CE3-bgp] quit...
Page 287 # Configure the IGP protocol, OSPF, in this example. [SPE1] ospf [SPE1-ospf-1] area 0 [SPE1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [SPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.0] quit [SPE1-ospf-1] quit # Configure VPN instances vpn1 and vpn2. [SPE1] ip vpn-instance vpn1 [SPE1-vpn-instance-vpn1] route-distinguisher 500:1 [SPE1-vpn-instance-vpn1] vpn-target 100:1 both [SPE1-vpn-instance-vpn1] quit...
Page 288 <SPE2> system-view [SPE2] interface loopback 0 [SPE2-LoopBack0] ip address 3.3.3.9 32 [SPE2-LoopBack0] quit [SPE2] mpls lsr-id 3.3.3.9 [SPE2] mpls ldp [SPE2-ldp] quit [SPE2] interface gigabitethernet 2/1/1 [SPE2-GigabitEthernet2/1/1] ip address 180.1.1.2 24 [SPE2-GigabitEthernet2/1/1] mpls enable [SPE2-GigabitEthernet2/1/1] mpls ldp enable [SPE2-GigabitEthernet2/1/1] quit [SPE2] interface gigabitethernet 2/1/2 [SPE2-GigabitEthernet2/1/2] ip address 172.2.1.2 24 [SPE2-GigabitEthernet2/1/2] mpls enable...
Page 289: Configuring An Ospf Sham Link
# Create BGP-VPN instances for VPN instances vpn1 and vpn2, so the VPNv4 routes learned according to the RT attributes can be added into the BGP routing tables of the corresponding VPN instances. [SPE2-bgp] ip vpn-instance vpn1 [SPE2-bgp-vpn1] quit [SPE2-bgp] ip vpn-instance vpn2 [SPE2-bgp-vpn2] quit [SPE2-bgp] quit # Advertise to UPE 2 the routes permitted by a routing policy (the routes of CE 1).
Page 290 Device Interface IP address Device Interface IP address PE 1 Loop0 1.1.1.9/32 PE 2 Loop0 2.2.2.9/32 Loop1 3.3.3.3/32 Loop1 5.5.5.5/32 GE2/1/1 100.1.1.2/24 GE2/1/1 120.1.1.2/24 S2/1/1 10.1.1.1/24 S2/1/0 10.1.1.2/24 Router A S2/1/0 30.1.1.1/24 S2/1/1 20.1.1.2/24 Configuration procedure Configure OSPF on the customer networks. Configure conventional OSPF on CE 1, Router A, and CE 2 to advertise addresses of the interfaces as shown in Figure...
Page 291 [PE2] interface loopback 0 [PE2-LoopBack0] ip address 2.2.2.9 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 2.2.2.9 [PE2] mpls ldp [PE2-ldp] quit [PE2] interface serial 2/1/1 [PE2-Serial2/1/1] ip address 10.1.1.2 24 [PE2-Serial2/1/1] mpls enable [PE2-Serial2/1/1] mpls ldp enable [PE2-Serial2/1/1] quit # Configure PE 2 to take PE 1 as an MP-IBGP peer. [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0...
Page 292 [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure PE 2 to allow CE 2 to access the network. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 100:2 [PE2-vpn-instance-vpn1] vpn-target 1:1 [PE2-vpn-instance-vpn1] quit [PE2] interface gigabitethernet 2/1/1 [PE2-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet2/1/1] ip address 120.1.1.2 24 [PE2-GigabitEthernet2/1/1] quit [PE2] ospf 100 vpn-instance vpn1 [PE2-ospf-100] domain-id 10...
Page 293: Configuring Mce
[PE2-ospf-100-area-0.0.0.1] quit [PE2-ospf-100] quit Verifying the configuration # Execute the display ip routing-table vpn-instance command again on the PEs to verify the following results: (Details not shown.) The path to the peer CE is now along the BGP route across the backbone. •...
Page 294 Figure 73 Network diagram Configuration procedure Assume that: The system name of the MCE device is MCE. • The system names of the edge routers of VPN 1 and VPN 2 are VR 1 and VR 2, respectively. • The system name of PE 1 is PE1. •...
Page 295 [MCE-GigabitEthernet2/1/1] ip address 10.214.10.3 24 [MCE-GigabitEthernet2/1/1] quit # Bind interface GigabitEthernet 2/1/2 to VPN instance vpn2, and configure an IP address for the interface. [MCE] interface gigabitethernet 2/1/2 [MCE-GigabitEthernet2/1/2] ip binding vpn-instance vpn2 [MCE-GigabitEthernet2/1/2] ip address 10.214.20.3 24 [MCE-GigabitEthernet2/1/2] quit # On PE 1, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance.
Page 296 Destinations : 13 Routes : 13 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 127.0.0.1 InLoop0 10.214.10.0/24 Direct 0 10.214.10.3 GE2/1/1 10.214.10.0/32 Direct 0 10.214.10.3 GE2/1/1 10.214.10.3/32 Direct 0 127.0.0.1 InLoop0 10.214.10.255/32 Direct 0 10.214.10.3 GE2/1/1 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0...
Page 297 # On the MCE, bind subinterface GigabitEthernet 2/1/3.2 to the VPN instance vpn2. [MCE] interface gigabitethernet 2/1/3.2 [MCE-GigabitEthernet2/1/3.2] ip binding vpn-instance vpn2 # Configure the subinterface to terminate VLAN 20. [MCE-GigabitEthernet2/1/3.2] vlan-type dot1q vid 20 # Configure an IP address for the subinterface. [MCE-GigabitEthernet2/1/3.2] ip address 30.1.1.1 24 [MCE-GigabitEthernet2/1/3.2] quit # On PE 1, bind subinterface GigabitEthernet 2/1/1.1 to the VPN instance vpn1.
Page 298 [PE1-ospf-10-area-0.0.0.0] quit [PE1-ospf-10] quit # Configure OSPF process 20 between MCE and PE 1, and redistribute routes from RIP process 20 into OSPF. (Details not shown.) Verifying the configuration # Verify that PE 1 has learned the static route of VPN 1 through OSPF. [PE1] display ip routing-table vpn-instance vpn1 Destinations : 13 Routes : 13...
Page 299: Configuring Bgp As Number Substitution
Configuring BGP AS number substitution Network requirements As shown in Figure 74, CE 1 and CE 2 belong to VPN 1 and are connected to PE 1 and PE 2, respectively. The two CEs have the same AS number, 600. Configure BGP AS number substitution on the PEs to enable the CEs to communicate with each other.
Page 300 For more information about basic MPLS L3VPN configurations, see "Configuring basic MPLS L3VPN." # Execute the display ip routing-table command on CE 2. The output shows that CE 2 has learned the route to network 10.1.1.0/24, where the interface used by CE 1 to access PE 1 resides. However, it has not learned the route to the VPN (100.1.1.0/24) behind CE 1.
Page 301 224.0.0.0/4 Direct 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 127.0.0.1 InLoop0 # Enable BGP update packet debugging on PE 2. The output shows that PE 2 advertises the route to 100.1.1.0/24, and the AS_PATH is 100 600. <PE2>...
Page 302: Configuring Bgp As Number Substitution And Soo Attribute
Next Hop : 10.2.1.2 100.1.1.0/24, # Display again the routing information that CE 2 has received, and the routing table. <CE2> display bgp routing-table ipv4 peer 10.2.1.2 received-routes Total number of routes: 3 BGP local router ID is 200.1.1.1 Status codes: * - valid, > - best, d - dampened, h - history, s - suppressed, S - stale, i - internal, e - external Origin: i - IGP, e - EGP, ? - incomplete Network...
Page 303 CE 1 and CE 2 reside in the same site. CE1, CE2, and CE 3 all use AS number 600. • To avoid route loss, configure BGP AS number substitution on PEs. To avoid routing loops, configure the same SoO attribute on PE 1 and PE 2 for CE 1 and CE 2. •...
Page 304 Configure the VPN instance of VPN 1 on PE 3 to allow CE 3 to access the network. Configure BGP as the PE-CE routing protocol, and redistribute routes of CEs into PEs. For more information about basic MPLS L3VPN configurations, see "Configuring basic MPLS L3VPN."...
Page 305: Configuring Mpls L3Vpn Frr Through Vpnv4 Route Backup For A Vpnv4 Route
Destinations : 14 Routes : 14 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 127.0.0.1 InLoop0 10.2.1.0/24 Direct 0 10.2.1.1 GE2/1/1 10.2.1.0/32 Direct 0 10.2.1.1 GE2/1/1 10.2.1.1/32 Direct 0 127.0.0.1 Inloop0 10.2.1.255/32 Direct 0 10.2.1.1 GE2/1/1 10.3.1.0/24 10.2.1.2 GE2/1/1 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0...
Page 306 Table 24 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 Loop0 5.5.5.5/32 PE 1 Loop0 1.1.1.1/32 GE2/1/1 10.2.1.1/24 GE2/1/1 10.2.1.2/24 PE 2 Loop0 2.2.2.2/32 GE2/1/2 172.1.1.1/24 GE2/1/1 172.1.1.2/24 GE2/1/3 172.2.1.1/24 GE2/1/2 10.1.1.2/24 CE 2 Loop0 4.4.4.4/32 PE 3...
Page 307: Configuring Mpls L3Vpn Frr Through Vpnv4 Route Backup For An Ipv4 Route
Verifying the configuration # Display detailed information about the route to 4.4.4.4/32 on PE 1. The output shows the backup next hop for the route. [PE1] display ip routing-table vpn-instance vpn1 4.4.4.4 32 verbose Summary Count : 1 Destination: 4.4.4.4/32 Protocol: BGP Process ID: 0 SubProtID: 0x1...
Page 308 Figure 77 Network diagram Loop0 PE 2 GE2/1/1 GE2/1/2 GE2/1/3 PE 1 VPN 1 GE2/1/1 VPN 1 GE2/1/1 GE2/1/2 MPLS Loop0 Loop0 backbone GE2/1/3 GE2/1/1 CE 2 CE 1 GE2/1/2 Loop0 GE2/1/3 GE2/1/1 GE2/1/2 Primary link PE 3 Backup link Loop0 Table 25 Interface and IP address assignment Device...
Page 309: Configuring Mpls L3Vpn Frr Through Ipv4 Route Backup For A Vpnv4 Route
[PE2-bgp] primary-path-detect bfd echo # Configure FRR for VPN instance vpn1 to reference routing policy frr. [PE2-bgp] ip vpn-instance vpn1 [PE2-bgp-vpn1] address-family ipv4 unicast [PE2-bgp-ipv4-vpn1] fast-reroute route-policy frr # Specify the preferred value as 200 for BGP routes received from CE 2. This value is greater than the preferred value (0) for routes from PE 3, so PE 2 prefers the routes from CE 2.
Page 310 When BFD configured on PE 2 detects that the link between PE 2 and PE 3 fails, traffic from CE 1 • to CE 2 goes through the path CE 1—PE 1—PE 2—CE 2. Figure 78 Network diagram Table 26 Interface and IP address assignment Device Interface IP address...
Page 311 [PE2-route-policy] quit # Configure FRR for VPN instance vpn1 to reference routing policy frr. [PE2] bgp 100 [PE2-bgp] ip vpn-instance vpn1 [PE2-bgp-vpn1] address-family ipv4 unicast [PE2-bgp-ipv4-vpn1] fast-reroute route-policy frr [PE2-bgp-ipv4-vpn1] quit [PE2-bgp-vpn1] quit # Specify the preferred value as 200 for BGP VPNv4 routes received from PE 3. This value is greater than the preferred value (0) for VPNv4 routes from CE 2, so PE 2 prefers the routes from PE [PE2-bgp] address-family vpnv4 [PE2-bgp-vpnv4] peer 3.3.3.3 preferred-value 200...
Page 312: Configuring Ipv6 Mpls L3Vpn
Configuring IPv6 MPLS L3VPN In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. Overview IPv6 MPLS L3VPN uses BGP to advertise IPv6 VPN routes and uses MPLS to forward IPv6 VPN packets on the service provider backbone.
Page 313: Ipv6 Mpls L3Vpn Packet Forwarding
IPv6 MPLS L3VPN packet forwarding Figure 80 IPv6 MPLS L3VPN packet forwarding diagram Site 2 Site 1 CE 1 CE 2 PE 2 PE 1 2001:1::1/96 2001:2::1/96 Layer1 Layer2 2001:2::1 2001:2::1 Layer2 2001:2::1 2001:2::1 As shown in Figure 80, the IPv6 MPLS L3VPN packet forwarding procedure is as follows: The PC at Site 1 sends an IPv6 packet destined for 2001:2::1, the PC at Site 2.
Page 314: Ipv6 Mpls L3Vpn Network Schemes And Functions
The PEs use an IGP to ensure the connectivity between them. From the egress PE to the remote peer CE. The egress PE restores the original IPv6 routes and advertises them to the remote CE over an IPv6 static route, RIPng route, OSPFv3 route, IPv6 IS-IS route, EBGP, or IBGP route. IPv6 MPLS L3VPN network schemes and functions IPv6 MPLS L3VPN supports the following network schemes and functions: Basic VPN.
Page 315: Configuring Vpn Instances
SNMP context for the VPN snmp context-name context-name configured. instance. The following matrix shows the maximum number of VPN instances that can be created in the system: Hardware Maximum value MSR2000 1023 MSR3000 2047 MSR4000 4095 Associating a VPN instance with an interface After creating and configuring a VPN instance, associate the VPN instance with the interface connected to the CE.
Page 316 To associate a VPN instance with an interface: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, no VPN instance is associated with an interface. The ip binding vpn-instance Associate a VPN instance with ip binding vpn-instance command clears the IP address of the interface.
Page 317: Configuring Routing Between A Pe And A Ce
Step Command Remarks By default, routes to be advertised are not filtered. Make sure the routing policy already exists. Otherwise, the Apply an export routing policy. export route-policy route-policy device does not filter routes to be advertised. For information about routing policies, see Layer 3—IP Routing Configuration Guide.
Page 318 Step Command Remarks Create a RIPng process for a Perform this configuration on the ripng [ process-id ] vpn-instance VPN instance and enter RIPng PE. On the CE, create a common vpn-instance-name view. RIPng process. Return to system view. quit interface interface-type Enter interface view.
Page 319 Step Command Remarks Create an IPv6 IS-IS process for Perform this configuration on the isis [ process-id ] vpn-instance a VPN instance and enter IS-IS PE. On the CE, create a common vpn-instance-name view. IPv6 IS-IS process. Configure a network entity title network-entity net By default, no NET is configured.
Page 320 Step Command Remarks filter-policy { acl6-number | (Optional.) Configure By default, the PE does not filter prefix-list ipv6-prefix-name } filtering of received routes. received routes. import Configure the CE: Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number peer { group-name | Configure the PE as an EBGP By default, no BGP peer is...
Page 321 Step Command Remarks Enable IPv6 unicast route By default, BGP does not peer { group-name | exchange with the specified exchange IPv6 unicast routes ipv6-address } enable peer. with any peer. By default, no RR or RR client is configured, and the PE does not advertise routes learned from the IBGP peer CE to other IBGP peers, including VPNv6 IBGP...
Page 322: Configuring Routing Between Pes
Configuring routing between PEs Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number peer { group-name | Configure the remote PE as the By default, no BGP peer is ipv6-address } as-number peer. configured. as-number Specify the source interface for peer { group-name | ip-address } By default, BGP uses the outbound route update packets sent to...
Page 323: Configuring Inter-As Ipv6 Vpn
Step Command Remarks Configure BGP updates sent to By default, a BGP update carries peer { group-name | ip-address } the peer to carry only public both public and private AS public-as-only AS numbers. numbers. Apply a routing policy to routes peer { group-name | ip-address } By default, no routing policy is advertised to or received from...
Page 324: Configuring Inter-As Ipv6 Vpn Option A
Configure MPLS LDP for the MPLS backbones so that LDP LSPs can be established. • The following sections describe inter-AS IPv6 VPN option A and option C. Select one according to your network scenario. Configuring inter-AS IPv6 VPN option A Inter-AS IPv6 VPN option A applies to scenarios where the number of VPNs and that of VPN routes on the PEs are relatively small.
Page 325: Configuring Routing On An Mce
Step Command Remarks Enter BGP VPNv6 address address-family vpnv6 family view. Enable BGP to exchange BGP By default, the PE does not VPNv6 routing information peer ip-address enable exchange labeled routes with any with the EBGP peer. IPv4 peer/peer group. Configuring the ASBR-PEs In the inter-AS IPv6 VPN option C solution, an inter-AS LSP is needed, and the routes advertised between the PEs and ASBRs must carry MPLS label information.
Page 326 Step Command Remarks Enter system view. system-view By default, no static ipv6 route-static vpn-instance s-vpn-instance-name route is configured. ipv6-address prefix-length { interface-type Configure an IPv6 static interface-number [ next-hop-address ] | Perform this route for an IPv6 VPN nexthop-address [ public ] | vpn-instance configuration on the instance.
Page 327 By configuring OSPFv3 process-to-IPv6 VPN instance bindings on a MCE, you allow routes of different IPv6 VPNs to be exchanged between the MCE and the sites through different OSPFv3 processes, ensuring the separation and security of IPv6 VPN routes. For more information about OSPFv3, see Layer 3—IP Routing Configuration Guide. To configure OSPFv3 between an MCE and a VPN site: Step Command...
Page 328 Step Command Remarks Enable IPv6 for the IPv6 IS-IS ipv6 enable By default, IPv6 is disabled. process. By default, no routes are ipv6 import-route protocol redistributed to IPv6 IS-IS. [ process-id ] [ allow-ibgp ] (Optional.) Redistribute remote [ allow-direct | cost cost | [ level-1 If you do not specify the route level site routes advertised by the PE.
Page 329 Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number peer { group-name | Configure the MCE as an By default, no BGP peer is ipv6-address } as-number EBGP peer. configured. as-number Enter IPv6 unicast address-family ipv6 [ unicast ] address family view.
Page 330: Configuring Routing Between An Mce And A Pe
Step Command Remarks import-route protocol Redistribute remote site [ { process-id | all-processes } By default, no routes are routes advertised by the PE [ allow-direct | med med-value | redistributed into BGP. into BGP. route-policy route-policy-name ] filter-policy { acl6-number | (Optional.) Configure By default, BGP does not filter...
Page 331 Step Command Remarks ipv6 route-static vpn-instance s-vpn-instance-name ipv6-address prefix-length { interface-type Configure an IPv6 static interface-number [ next-hop-address ] | nexthop-address By default, no IPv6 route for an IPv6 VPN [ public ] | vpn-instance d-vpn-instance-name static route is instance. nexthop-address } [ permanent ] [ preference configured.
Page 332 Step Command Remarks filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } (Optional.) Configure filtering By default, redistributed routes are export [ bgp4+ | direct | isisv6 of advertised routes. not filtered. process-id | ospfv3 process-id | ripng process-id | static ] Return to system view.
Page 333 Step Command Remarks peer { group-name | Configure the PE as an EBGP By default, no BGP peer is ipv6-address } as-number peer. configured. as-number Enter BGP-VPN IPv6 unicast address-family ipv6 [ unicast ] address family view. Enable BGP to exchange IPv6 peer { group-name | ip-address } By default, BGP does not exchange unicast...
Page 334: Configuring Bgp As Number Substitution And Soo Attribute
Configuring BGP AS number substitution and SoO attribute When CEs at different sites have the same AS number, configure the BGP AS number substitution function to avoid route loss. When a PE uses different interfaces to connect different CEs in a site, the BGP AS number substitution function introduces a routing loop.
Page 335 [ { ip-address | information group-name group-name } log-info | Available in any view. (MSR2000/MSR3000). [ ip-address ] verbose ] display bgp peer vpnv6 [ { ip-address | Display BGP VPNv6 peer group-name group-name } log-info | Available in any view.
Page 336: Ipv6 Mpls L3Vpn Configuration Examples
Task Command Remarks Display outgoing labels for all BGP display bgp routing-table vpnv6 outlabel Available in any view. VPNv6 routes (MSR4000). [ standby slot slot-number ] Display BGP VPNv6 address display bgp update-group vpnv6 Available in any view. family update group information. [ ip-address ] For more information about the display ipv6 routing-table, display bgp group vpnv6, display bgp peer vpnv6, and display bgp update-group vpnv6 commands, see Layer 3—IP Routing Command Reference.
Page 337 Device Interface IP address Device Interface IP address GE2/1/2 2001:2::2/96 PE 2 Loop0 3.3.3.9/32 POS2/1/0 172.1.1.1/24 GE2/1/1 2001:3::2/96 CE 2 GE2/1/1 2001:2::1/96 GE2/1/2 2001:4::2/96 CE 3 GE2/1/1 2001:3::1/96 POS2/1/0 172.2.1.2/24 CE 4 GE2/1/1 2001:4::1/96 Configuration procedure Configure OSPF on the MPLS backbone to ensure IP connectivity among the PEs and the P router: # Configure PE 1.
Page 338 [PE2-LoopBack0] quit [PE2] interface pos 2/1/0 [PE2-Pos2/1/0] ip address 172.2.1.2 24 [PE2-Pos2/1/0] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit # On PE 1, verify that the PEs have learned the routes to the loopback interfaces of each other. [PE1] display ip routing-table protocol ospf Summary Count : 5 OSPF Routing table Status : <Active>...
Page 339 [PE1] mpls ldp [PE1-ldp] quit [PE1] interface pos 2/1/0 [PE1-Pos2/1/0] mpls enable [PE1-Pos2/1/0] mpls ldp enable [PE1-Pos2/1/0] quit # Configure the P router. [P] mpls lsr-id 2.2.2.9 [P] mpls ldp [P-ldp] quit [P] interface pos 2/1/0 [P-Pos2/1/0] mpls enable [P-Pos2/1/0] mpls ldp enable [P-Pos2/1/0] quit [P] interface pos 2/1/1 [P-Pos2/1/1] mpls enable...
Page 340 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 111:1 [PE1-vpn-instance-vpn1] quit [PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:2 [PE1-vpn-instance-vpn2] vpn-target 222:2 [PE1-vpn-instance-vpn2] quit [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ipv6 address 2001:1::2 96 [PE1-GigabitEthernet2/1/1] quit [PE1] interface gigabitethernet 2/1/2 [PE1-GigabitEthernet2/1/2] ip binding vpn-instance vpn2 [PE1-GigabitEthernet2/1/2] ipv6 address 2001:2::2 96 [PE1-GigabitEthernet2/1/2] quit...
Page 341 56 bytes from 2001:1::1, icmp_seq=4 hlim=64 time=0.000 ms --- Ping6 statistics for 2001:1::1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.000/2.000/9.000/3.521 ms Establish EBGP peer relationships between the PEs and CEs to allow them to exchange VPN routes: # Configure CE 1.
Page 342 [PE1-bgp] quit # Configure PE 2. [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0 [PE2-bgp] address-family vpnv6 [PE2-bgp-vpnv6] peer 1.1.1.9 enable [PE2-bgp-vpnv6] quit [PE2-bgp] quit # Execute the display bgp peer vpnv6 command on the PEs to verify that a BGP peer relationship in Established state has been established between the PEs.
Page 343: Configuring An Ipv6 Mpls L3Vpn Over A Gre Tunnel
Destination: 2001:2::/96 Protocol : Direct NextHop : :: Preference: 0 Interface : GE2/1/2 Cost Destination: 2001:2::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2001:4::/96 Protocol : BGP4+ NextHop : ::FFFF:3.3.3.9 Preference: 255 Interface : POS2/1/0 Cost Destination: FE80::/10 Protocol...
Page 344 Figure 82 Network diagram Table 28 Interface and IP assignment Device Interface IP address Device Interface IP address CE 1 GE2/1/1 2001:1::1/96 POS2/1/0 172.1.1.2/24 PE 1 Loop0 1.1.1.9/32 POS2/1/1 172.2.1.1/24 GE2/1/1 2001:1::2/96 PE 2 Loop0 2.2.2.9/32 POS2/1/1 172.1.1.1/24 GE2/1/1 2001:2::2/96 Tunnel0 20.1.1.1/24 POS2/1/0...
Page 345 [PE1-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1 [PE1-tunnel-policy-gre1] quit [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] tnl-policy gre1 [PE1-vpn-instance-vpn1] quit [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ipv6 address 2001:1::2 96 [PE1-GigabitEthernet2/1/1] quit # Configure PE 2.
Page 346 56 bytes from 2001:1::1, icmp_seq=3 hlim=64 time=1.000 ms 56 bytes from 2001:1::1, icmp_seq=4 hlim=64 time=0.000 ms --- Ping6 statistics for 2001:1::1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.000/0.400/1.000/0.490 ms Establish EBGP peer relationships between PEs and CEs to allow them to exchange VPN routes: # Configure CE 1.
Page 347: Configuring Ipv6 Mpls L3Vpn Inter-As Option A
# Execute the display bgp peer vpnv6 command on the PEs. This example uses PE 1 to verify that a BGP peer relationship in Established state has been established between the PEs. [PE1] display bgp peer vpnv6 BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1...
Page 348 Figure 83 Network diagram MPLS backbone Loop0 Loop0 MPLS backbone AS 100 AS 200 POS2/1/1 POS2/1/1 POS2/1/0 POS2/1/0 ASBR-PE 2 ASBR-PE 1 Loop0 Loop0 POS2/1/0 POS2/1/0 PE 2 PE 1 GE2/1/1 GE2/1/1 GE2/1/1 GE2/1/1 CE 1 CE 2 AS 65001 AS 65002 Table 29 Interface and IP assignment Device...
Page 349 [PE1] mpls ldp [PE1-ldp] quit [PE1] interface pos 2/1/0 [PE1-Pos2/1/0] mpls enable [PE1-Pos2/1/0] mpls ldp enable [PE1-Pos2/1/0] quit # Configure basic MPLS on ASBR-PE 1, and enable MPLS LDP for both ASBR-PE 1 and the interface connected to PE 1. <ASBR-PE1>...
Page 350 # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet2/1/1] ipv6 address 2001:1::2 96 [PE1-GigabitEthernet2/1/1] quit # Configure CE 2. <CE2> system-view [CE2] interface gigabitethernet 2/1/1 [CE2-GigabitEthernet2/1/1] ipv6 address 2001:2::1 96 [CE2-GigabitEthernet2/1/1] quit # Configure PE 2.
Page 351 [CE1] bgp 65001 [CE1-bgp] peer 2001:1::2 as-number 100 [CE1-bgp] address-family ipv6 unicast [CE1-bgp-ipv6] peer 2001:1::2 enable [CE1-bgp-ipv6] import-route direct [CE1-bgp-ipv6] quit [CE1-bgp] quit # Configure PE 1. [PE1] bgp 100 [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 2001:1::1 as-number 65001 [PE1-bgp-vpn1] address-family ipv6 unicast [PE1-bgp-ipv6-vpn1] peer 2001:1::1 enable [PE1-bgp-ipv6-vpn1] quit [PE1-bgp-vpn1] quit...
Page 352: Configuring Ipv6 Mpls L3Vpn Inter-As Option C
[ASBR-PE1-bgp-vpn1] address-family ipv6 unicast [ASBR-PE1-bgp-ipv6-vpn1] peer 2002:1::2 enable [ASBR-PE1-bgp-ipv6-vpn1] quit [ASBR-PE1-bgp-vpn1] quit [ASBR-PE1-bgp] peer 1.1.1.9 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback 0 [ASBR-PE1-bgp] address-family vpnv6 [ASBR-PE1-bgp-vpnv6] peer 1.1.1.9 enable [ASBR-PE1-bgp-vpnv6] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ip vpn-instance vpn1 [ASBR-PE2-bgp-vpn1] peer 2002:1::1 as-number 100 [ASBR-PE2-bgp-vpn1] address-family ipv6 unicast...
Page 353 Figure 84 Network diagram Table 30 Interface and IP assignment Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 GE2/1/1 2001::1/64 GE2/1/1 2002::1/64 S2/1/0 1.1.1.2/8 S2/1/0 9.1.1.2/8 ASBR-PE 1 Loop0 3.3.3.9/32 ASBR-PE 2 Loop0 4.4.4.9/32 S2/1/0...
Page 354 <PE1> system-view [PE1] isis 1 [PE1-isis-1] network-entity 10.111.111.111.111.00 [PE1-isis-1] quit # Configure an LSR ID, and enable MPLS and LDP. [PE1] mpls lsr-id 2.2.2.9 [PE1] mpls ldp [PE1-ldp] quit # Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface. [PE1] interface serial 2/1/0 [PE1-Serial2/1/0] ip address 1.1.1.2 255.0.0.0 [PE1-Serial2/1/0] isis enable 1...
Page 355 [PE1-bgp] address-family vpnv6 [PE1-bgp-af-vpnv6] peer 5.5.5.9 enable [PE1-bgp-af-vpnv6] quit # Establish an EBGP peer relationship with CE 1, and add the learned BGP routes to the routing table of VPN instance vpn1. [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 2001::2 as-number 65001 [PE1-bgp-vpn1] address-family ipv6 unicast [PE1-bgp-ipv6-vpn1] peer 2001::2 enable [PE1-bgp-ipv6-vpn1] quit...
Page 356 # Start BGP on ASBR-PE 1, and apply routing policy policy2 to routes advertised to IBGP peer 2.2.2.9. [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 2.2.2.9 as-number 100 [ASBR-PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [ASBR-PE1-bgp] address-family ipv4 unicast [ASBR-PE1-bgp-ipv4] peer 2.2.2.9 enable [ASBR-PE1-bgp-ipv4] peer 2.2.2.9 route-policy policy2 export # Enable the capability to advertise labeled routes to and receive labeled routes from IBGP peer 2.2.2.9.
Page 357 # Configure interface Serial 2/1/1, and enable MPLS on it. [ASBR-PE2] interface serial 2/1/1 [ASBR-PE2-Serial2/1/1] ip address 11.0.0.1 255.0.0.0 [ASBR-PE2-Serial2/1/1] mpls enable [ASBR-PE2-Serial2/1/1] quit # Create routing policies. [ASBR-PE2] route-policy policy1 permit node 1 [ASBR-PE2-route-policy-policy1-1] apply mpls-label [ASBR-PE2-route-policy-policy1-1] quit [ASBR-PE2] route-policy policy2 permit node 1 [ASBR-PE2-route-policy-policy2-1] if-match mpls-label [ASBR-PE2-route-policy-policy2-1] apply mpls-label [ASBR-PE2-route-policy-policy2-1] quit...
Page 358 # Configure interface Serial 2/1/0, and enable IS-IS, MPLS, and LDP on the interface. [PE2] interface serial 2/1/0 [PE2-Serial2/1/0] ip address 9.1.1.2 255.0.0.0 [PE2-Serial2/1/0] isis enable 1 [PE2-Serial2/1/0] mpls enable [PE2-Serial2/1/0] mpls ldp enable [PE2-Serial2/1/0] quit # Configure interface Loopback 0, and start IS-IS on it. [PE2] interface loopback 0 [PE2-LoopBack0] ip address 5.5.5.9 32 [PE2-LoopBack0] isis enable 1...
Page 359: Configuring Ipv6 Mpls L3Vpn Carrier's Carrier
[PE2-bgp-ipv6-vpn1] peer 2002::2 enable [PE2-bgp-ipv6-vpn1] quit [PE2-bgp-vpn1] quit [PE2-bgp] quit Configure CE 2: # Configure an IPv6 address for GigabitEthernet 2/1/1. <CE2> system-view [CE2] interface gigabitethernet 2/1/1 [CE2-GigabitEthernet2/1/1] ipv6 address 2002::2 64 [CE2-GigabitEthernet2/1/1] quit # Establish an EBGP peer relationship with PE 2, and redistribute VPN routes. [CE2] bgp 65002 [CE2-bgp] peer 2002::1 as-number 600 [CE2-bgp] address-family ipv6 unicast...
Page 360 Figure 85 Network diagram Table 31 Interface and IP assignment Device Interface IP address Device Interface IP address CE 3 GE2/1/1 2001:1::1/96 CE 4 GE2/1/1 2001:2::1/96 PE 3 Loop0 1.1.1.9/32 PE 4 Loop0 6.6.6.9/32 GE2/1/1 2001:1::2/96 GE2/1/1 2001:2::2/96 POS2/1/1 10.1.1.1/24 POS2/1/1 20.1.1.2/24 CE 1...
Page 361 [PE1-isis-1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface pos 2/1/1 [PE1-Pos2/1/1] ip address 30.1.1.1 24 [PE1-Pos2/1/1] isis enable 1 [PE1-Pos2/1/1] mpls enable [PE1-Pos2/1/1] mpls ldp enable [PE1-Pos2/1/1] mpls ldp transport-address interface [PE1-Pos2/1/1] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] address-family vpnv4...
Page 362 Configure the customer carrier network. Start IS-IS as the IGP, and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2: # Configure PE 3. <PE3> system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 1.1.1.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 1.1.1.9 [PE3] mpls ldp...
Page 363 Connect the customer carrier and the provider carrier: # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] mpls ldp [PE1-ldp] vpn-instance vpn1 [PE1-ldp-vpn-instance-vpn1] quit [PE1-ldp] quit [PE1] isis 2 vpn-instance vpn1 [PE1-isis-2] network-entity 10.0000.0000.0000.0003.00 [PE1-isis-2] import-route bgp allow-ibgp [PE1-isis-2] quit [PE1] interface pos 2/1/0...
Page 364 [CE3-bgp] peer 2001:1::2 as-number 100 [CE3-bgp] address-family ipv6 [CE3-bgp-ipv6] peer 2001:1::2 enable [CE3-bgp-ipv6] import-route direct [CE3-bgp-ipv6] quit [CE3-bgp] quit # Configure PE 3. [PE3] ip vpn-instance vpn1 [PE3-vpn-instance-vpn1] route-distinguisher 100:1 [PE3-vpn-instance-vpn1] vpn-target 1:1 [PE3-vpn-instance-vpn1] quit [PE3] interface gigabitethernet 2/1/1 [PE3-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [PE3-GigabitEthernet2/1/1] ipv6 address 2001:1::2 96 [PE3-GigabitEthernet2/1/1] quit [PE3] bgp 100...
Page 365 4.4.4.9/32 ISIS 30.1.1.2 POS2/1/1 30.1.1.0/24 Direct 0 30.1.1.1 POS2/1/1 30.1.1.1/32 Direct 0 127.0.0.1 InLoop0 30.1.1.2/32 Direct 0 30.1.1.2 POS2/1/1 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Verify that the VPN routing table contains the internal routes of the customer carrier network. [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 11...
Page 366 [PE3] display ip routing-table Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Cost NextHop Interface 1.1.1.9/32 Direct 0 127.0.0.1 InLoop0 2.2.2.9/32 ISIS 10.1.1.2 POS2/1/1 5.5.5.9/32 ISIS 10.1.1.2 POS2/1/1 6.6.6.9/32 ISIS 10.1.1.2 POS2/1/1 10.1.1.0/24 Direct 0 10.1.1.1 POS2/1/1 10.1.1.1/32 Direct 0 127.0.0.1...
Page 367: Configuring Ipv6 Mce
Configuring IPv6 MCE Network requirements As shown in Figure 86, VPN 2 runs RIPng. Configure the MCE device to separate routes from different VPNs and advertise the VPN routes to PE 1 through OSPFv3. Figure 86 Network diagram Configuration procedure Assume that the system name of the MCE device is MCE, the system names of the edge routers of VPN 1 and VPN 2 are VR1 and VR2, and the system name of PE 1 is PE1.
Page 368 # Bind interface GigabitEthernet 2/1/1 to VPN instance vpn1, and configure an IPv6 address for the interface. [MCE] interface gigabitethernet 2/1/1 [MCE-GigabitEthernet2/1/1] ip binding vpn-instance vpn1 [MCE-GigabitEthernet2/1/1] ipv6 address 2001:1::1 64 [MCE-GigabitEthernet2/1/1] quit # Bind interface GigabitEthernet 2/1/2 to VPN instance vpn2, and configure an IPv6 address for the interface.
Page 369 [VR2] ripng 20 [VR2-ripng-20] quit [VR2] interface gigabitethernet 2/1/1 [VR2-GigabitEthernet2/1/1] ripng 20 enable [VR2-GigabitEthernet2/1/1] quit [VR2] interface gigabitethernet 2/1/2 [VR2-GigabitEthernet2/1/2] ripng 20 enable [VR2-GigabitEthernet2/1/2] quit # On the MCE, display the routing tables of the VPN instances vpn1 and vpn2. [MCE] display ipv6 routing-table vpn-instance vpn1 Destinations : 6 Routes : 6 Destination: ::1/128...
Page 370 Destination: 2002:1::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2012::/64 Protocol : RIPng NextHop : FE80::20C:29FF:FE40:701 Preference: 100 Interface : GE2/1/2 Cost Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost Destination: FF00::/8 Protocol...
Page 371 [PE1-GigabitEthernet2/1/1.2] ip binding vpn-instance vpn2 # Configure the subinterface to terminate VLAN 20. [PE1-GigabitEthernet2/1/1.2] vlan-type dot1q vid 20 # Configure an IPv6 address for the subinterface. [PE1-GigabitEthernet2/1/1.2] ipv6 address 2002:2::4 64 [PE1-GigabitEthernet2/1/1.2] quit # Configure the IP address of the interface Loopback 0 as 101.101.10.1 for the MCE and as 100.100.10.1 for PE 1.
Page 372: Configuring Bgp As Number Substitution
NextHop : FE80::200:5EFF:FE01:1C05 Preference: 15 Interface : GE2/1/1.1 Cost : 10 Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost # Verify that PE 1 has learned the private route of VPN 2 through OSPFv3. [PE1] display ipv6 routing-table vpn-instance vpn2 Destinations : 6 Routes : 6 Destination: ::1/128...
Page 373 Figure 87 Network diagram Table 32 Interface and IP assignment Device Interface IP address Device Interface IP address CE 1 GE2/1/1 10:1::2/96 Loop0 2.2.2.9/32 GE2/1/2 100::1/96 GE2/1/1 20.1.1.2/24 PE 1 Loop0 10.1.1.1/32 GE2/1/2 30.1.1.1/24 GE2/1/1 10:1::1/96 PE 2 Loop0 10.1.1.2/32 GE2/1/2 20.1.1.1/24 GE2/1/1...
Page 374 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 10:2::/96 Protocol : Direct NextHop : :: Preference: 0 Interface : GE2/1/1 Cost Destination: 10:2::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 200::/96 Protocol...
Page 375 Next hop : ::FFFF:10.1.1.1 100::/96, *Jun 27 23:59:30:085 2013 HP BGP/7/DEBUG; BGP.vpn1: Send UPDATE MSG to peer 10:2::2(IPv6-UNC) NextHop: 10:2::1. # Execute the display bgp routing-table ipv6 peer received-routes command on CE 2 to verify that CE 2 has not received the route to 100::/96.
Page 376 Verifying the configuration # The output shows that among the routes advertised by PE 2 to CE 2, the AS_PATH of 100::/96 has changed from 100 600 to 100 100. *Jun 27 18:07:34:420 2013 PE2 BGP/7/DEBUG; BGP_IPV6.vpn1: Send UPDATE to peer 10:2::2 for following destinations: Origin : Incomplete AS path...
Page 377: Configuring Bgp As Number Substitution And Soo Attribute
Interface : NULL0 Cost Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost # Verify that GigabitEthernet 2/1/2 of CE 1 and GigabitEthernet 2/1/2 of CE 2 can ping each other. (Details not shown.) Configuring BGP AS number substitution and SoO attribute Network requirements...
Page 378 Device Interface IP address Device Interface IP address GE2/1/2 20.1.1.1/24 GE2/1/3 20.1.1.2/24 GE2/1/3 30.1.1.1/24 Loop0 3.3.3.9/32 PE 3 Loop0 4.4.4.9/32 GE2/1/1 30.1.1.2/24 GE2/1/1 10:3::2/96 GE2/1/2 40.1.1.2/24 GE2/1/2 50.1.1.2/24 GE2/1/3 50.1.1.1/24 Configuration procedure Configure basic IPv6 MPLS L3VPN: Configure OSPF on the MPLS backbone to allow the PEs and P device to learn the routes of the loopback interfaces from each other.
Page 379 Configure BGP SoO attribute: # On PE 1, configure the SoO attribute as 1:100 for CE 1. <PE1> system-view [PE1] bgp 100 [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] address-family ipv6 [PE1-bgp-ipv6-vpn1] peer 10:1::1 soo 1:100 # On PE 2, configure the SoO attribute as 1:100 for CE 2. [PE2] bgp 100 [PE2-bgp] ip vpn-instance vpn1 [PE2-bgp-vpn1] address-family ipv6...
Page 380: Configuring Mpls L2Vpn
Configuring MPLS L2VPN In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. MPLS L2VPN provides point-to-point and point-to-multipoint connections. This chapter describes only the MPLS L2VPN technologies that provide point-to-point connections.
Page 381: Mpls L2Vpn Network Models
label block is the sum of the LRs of all previously assigned label blocks. For example, if the LR and LO of the first label block are 10 and 0, the LO of the second label block is 10. If the LR of the second label block is 20, the LO of the third label block is 30.
Page 382: Remote Connection Establishment
Figure 90 Local connection model Remote connection establishment To set up a remote MPLS L2VPN connection: Set up a public tunnel to carry one or more PWs between PEs: The public tunnel can be an LSP, MPLS TE, or GRE tunnel. If multiple public tunnels exist between two PEs, you can configure a tunnel policy to control tunnel selection.
Page 383: Local Connection Establishment
Set up an AC between a PE and a CE: Set up an AC by configuring a link layer connection (such as a PPP connection) between a PE and a CE. An AC can be one of the following types: Layer 3 physical interface—Transparently forwards received packets over the bound PW.
Page 384 Ethernet over MPLS Ethernet over MPLS uses MPLS L2VPN to connect Ethernets, and delivers Ethernet packets through a PW over the MPLS backbone. The following PW types are available for Ethernet over MPLS: Ethernet—P-tag is not transferred on a PW. •...
Page 385: Control Word
Figure 91 Packet encapsulation in port mode VLAN mode—A Layer 3 Ethernet subinterface or VLAN interface is bound to a PW. Packets • received from the VLAN are forwarded through the bound PW. The peer PE can modify the VLAN tag as needed.
Page 386: Mpls L2Vpn Interworking
MPLS L2VPN interworking CEs might connect to PEs through various types of links, such as ATM, FR, HDLC, Ethernet, and PPP. MPLS L2VPN interworking connects such CEs and allow them to communicate. MPLS L2VPN supports Ethernet interworking and IP interworking modes. The device only supports IP interworking.
Page 387: Multi-Segment Pw
Figure 93 PW redundancy The MPLS L2VPN determines whether the primary PW fails according to the LDP session status or the BFD result. The backup PW is used when one of the following conditions exists: • The public tunnel of the primary PW is deleted, or BFD detects that the public tunnel has failed. The primary PW is deleted because the LDP session between PEs goes down, or BFD detects that the •...
Page 388 Intra-domain multi-segment PW An intra-domain multi-segment PW has concatenated PWs within an AS. You can create an intra-domain multi-segment PW between two PEs that have no public tunnel to each other. As shown in Figure 95, there is no public tunnel between PE 1 and PE 4. There is a public tunnel between PE 1 and PE 2 and a public tunnel between PE 2 and PE 4.
Page 389: Vccv
Figure 96 Inter-domain multi-segment PW VCCV Virtual Circuit Connectivity Verification (VCCV) is an OAM function for L2VPN. It verifies the connectivity of PWs on the data plane. VCCV includes two modes: Manual mode—Use the ping mpls pw command to manually test the connectivity of a PW. •...
Page 390: Enabling L2Vpn
Tasks at a glance Remarks (Required.) Configuring a cross-connect Configuring a • (Optional.) Configuring a PW class Choose a PW configuration • method depending on the MPLS (Required.) Choose either of the following tasks to configure a PW: L2VPN implementation. Configuring a static PW Skip these tasks for local Configuring an LDP PW...
Page 391: Configuring The Interface With Ppp Encapsulation
The PW type and AC access mode determine how the VLAN tag is processed by a PE. Therefore, the local PE and the peer PE must be configured with the same PW type and AC access mode. To configure the interface with Ethernet or VLAN encapsulation: Step Command Remarks...
Page 392: Configuring A Pw
Step Command Remarks (Optional.) Configure a By default, no description is description for the description text configured for the cross-connect cross-connect group. group. (Optional.) Enable the By default, the cross-connect group undo shutdown cross-connect group. is enabled. Create a cross-connect and By default, no cross-connect is connection connection-name enter cross-connect view.
Page 393: Configuring An Ldp Pw
Configuring an LDP PW Before you configure an LDP PW, enable global and interface MPLS LDP on the PE. For information about MPLS LDP configuration, see "Configuring LDP." To configure an LDP PW: Step Command Remarks Enter system view. system-view Enter cross-connect group xconnect-group group-name view.
Page 394 Step Command Remarks (Optional.) Permit the local AS By default, the local AS number to appear in routes from peer { group-name | ip-address } number is not allowed in the specified peer or peer group allow-as-loop [ number ] routes from a peer or peer and specify the appearance group.
Page 395: Configuring A Remote Ccc Connection
Step Command Remarks vpn-target vpn-target&<1-8> [ both By default, no route targets are Configure route targets for the | export-extcommunity | configured for the cross-connect cross-connect group. import-extcommunity ] group. (Optional.) Reference a PW By default, no PW class is pw-class class-name class.
Page 396: Binding An Ac To A Cross-Connect
Step Command Remarks By default, no remote CCC connection is created. Use the out-interface keyword to specify the outgoing interface ccc in-label in-label-value out-label only on a point-to-point link. On Create a remote CCC out-label-value { nexthop nexthop | other types of interfaces such as connection.
Page 397: Configuring Pw Redundancy
Configuring PW redundancy This task includes the following configurations: Create a backup PW for the primary PW. • Specify whether to switch traffic from the backup PW to the primary PW when the primary PW • recovers, and specify the wait time for the switchover. Manually perform a PW switchover.
Page 398: Configuring Interworking For A Cross-Connect
Step Command Remarks peer ip-address pw-id pw-id Enter cross-connect PW view. [ pw-class class-name | tunnel-policy tunnel-policy-name ] * Configure a backup LDP PW backup-peer ip-address pw-id By default, no backup LDP PW is and enter backup pw-id [ pw-class class-name | configured.
Page 399: Displaying And Maintaining Mpls L2Vpn
] [ verbose ] Display cross-connect forwarding display l2vpn forwarding { ac | pw } [ xconnect-group group-name ] information (MSR2000/MSR3000). [ verbose ] Display cross-connect forwarding display l2vpn forwarding { ac | pw } [ xconnect-group group-name ] information (MSR4000).
Page 400: Mpls L2Vpn Configuration Examples
MPLS L2VPN configuration examples Configuring local MPLS L2VPN connections Network requirements Configure local MPLS L2VPN connections between PE and CEs so that CE 1 and CE 2 can communicate with each other at Layer 2 through GigabitEthernet 2/1/1 and GigabitEthernet 2/1/2 on the PE. Figure 97 Network diagram Configuration procedure Configure CE 1.
Page 401: Configuring Ip Interworking Over Local Mpls L2Vpn Connections
Total number of cross-connections: 1 Total number of ACs: 2 Xconnect-group Link ID GE2/1/1 vpn1 GE2/1/2 vpn1 # Verify that CE 1 and CE 2 can ping each other. (Details not shown.) Configuring IP interworking over local MPLS L2VPN connections Network requirements CE 1 and PE are connected through Ethernet interfaces.
Page 402: Configuring A Static Pw
# Configure the default next hop IP address as 10.1.1.1 on GigabitEthernet 2/1/1 (the interface connected to CE 1). This interface does not need an IP address. [PE] interface gigabitethernet 2/1/1 [PE-GigabitEthernet2/1/1] default-nexthop ip 10.1.1.1 [PE-GigabitEthernet2/1/1] quit # Configure the IPCP proxy IP address as the IP address of CE 1 on Serial 2/1/0 (the interface connected to CE 2).
Page 403 Figure 99 Network diagram Table 35 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 GE2/1/1 100.1.1.1/24 Loop0 192.4.4.4/32 PE 1 Loop0 192.2.2.2/32 GE2/1/1 10.1.1.2/24 GE2/1/1 GE2/1/2 10.2.2.2/24 GE2/1/2 10.1.1.1/24 PE 2 Loop0 192.3.3.3/32 CE 2 GE2/1/1 100.1.1.2/24...
Page 404 [PE1-GigabitEthernet2/1/2] mpls enable [PE1-GigabitEthernet2/1/2] mpls ldp enable [PE1-GigabitEthernet2/1/2] quit # Configure OSPF on PE 1 for LDP to create LSPs. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 192.2.2.2 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Create a cross-connect group named vpna, create a cross-connect named svc in the group, bind GigabitEthernet 2/1/1 to the cross-connect, and create a static PW for the cross-connect to bind the AC to the PW.
Page 405 [P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit Configure PE 2: # Configure an LSR ID. <PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 192.3.3.3 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 192.3.3.3 # Enable L2VPN.
Page 406: Configuring An Ldp Pw
Verifying the configuration # Display L2VPN PW information on PE 1. The output shows that a static PW has been established. [PE1] display l2vpn pw Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon Total number of PWs: 1, 1 up, 0 blocked, 0 down, 0 defect Xconnect-group Name: vpna Peer...
Page 407 Device Interface IP address Device Interface IP address CE 2 GE2/1/1 100.1.1.2/24 GE2/1/1 GE2/1/2 10.2.2.1/24 Configuration procedure Configure CE 1. <CE1> system-view [CE1] interface gigabitethernet 2/1/1 [CE1-GigabitEthernet2/1/1] ip address 100.1.1.1 24 [CE1-GigabitEthernet2/1/1] quit Configure PE 1: # Configure an LSR ID. <PE1>...
Page 408 [PE1-xcg-vpna] quit Configure the P device: # Configure an LSR ID. <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 192.4.4.4 32 [P-LoopBack0] quit [P] mpls lsr-id 192.4.4.4 # Enable global LDP. [P] mpls ldp [P-ldp] quit # Configure GigabitEthernet 2/1/1 (the interface connected to PE 1), and enable LDP on the interface.
Page 409 # Configure GigabitEthernet 2/1/2 (the interface connected to the P device), and enable LDP on the interface. [PE2] interface gigabitethernet 2/1/2 [PE2-GigabitEthernet2/1/2] ip address 10.2.2.1 24 [PE2-GigabitEthernet2/1/2] mpls enable [PE2-GigabitEthernet2/1/2] mpls ldp enable [PE2-GigabitEthernet2/1/2] quit # Configure OSPF on PE 2 for LDP to create LSPs. [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 192.3.3.3 0.0.0.0...
Page 410: Configuring Ip Interworking Over An Ldp Pw
# Verify that CE 1 and CE 2 can ping each other. (Details not shown.) Configuring IP interworking over an LDP PW Network requirements CE 1 and PE 1 are connected through Ethernet interfaces. CE 2 and PE 2 are connected through serial interfaces, and they use PPP as the link layer protocol.
Page 411 [PE1] mpls lsr-id 192.2.2.2 # Enable L2VPN. [PE1] l2vpn enable # Enable global LDP. [PE1] mpls ldp [PE1-ldp] quit # Configure the default next hop IP address as 100.1.1.1 on GigabitEthernet 2/1/1 (the interface connected to CE 1). This interface does not need an IP address. [PE1] interface gigabitethernet 2/1/1 [PE1-GigabitEthernet2/1/1] default-nexthop ip 100.1.1.1 [PE1-GigabitEthernet2/1/1] quit...
Page 412 # Configure GigabitEthernet 2/1/1 (the interface connected to PE 1), and enable LDP on the interface. [P] interface gigabitethernet 2/1/1 [P-GigabitEthernet2/1/1] ip address 10.1.1.2 24 [P-GigabitEthernet2/1/1] mpls enable [P-GigabitEthernet2/1/1] mpls ldp enable [P-GigabitEthernet2/1/1] quit # Configure GigabitEthernet 2/1/2 (the interface connected to PE 2), and enable LDP on the interface.
Page 413 [PE2-ospf-1] quit # Configure the IPCP proxy IP address as the IP address of CE 1 on Serial 2/1/0 (the interface connected to CE 2). This interface does not need an IP address. [PE2] interface serial 2/1/0 [PE2-Serial2/1/0] link-protocol ppp [PE2-Serial2/1/0] ppp ipcp proxy 100.1.1.1 [PE2-Serial2/1/0] quit # Create a cross-connect group named vpna, create a cross-connect named ldp in the group,...
Page 414: Configuring A Bgp Pw
Configuring a BGP PW Network requirements Create a BGP PW between PE 1 and PE 2 so CE 1 and CE 2 can communicate with each other. Figure 102 Network diagram Table 38 Interface and IP address assignment Device Interface IP address Device Interface...
Page 415 [PE1-ldp] quit # Configure GigabitEthernet 2/1/2 (the interface connected to the P device), and enable LDP on the interface. [PE1] interface gigabitethernet 2/1/2 [PE1-GigabitEthernet2/1/2] ip address 10.1.1.1 24 [PE1-GigabitEthernet2/1/2] mpls enable [PE1-GigabitEthernet2/1/2] mpls ldp enable [PE1-GigabitEthernet2/1/2] quit # Configure OSPF on PE 1 for LDP to create LSPs. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255...
Page 416 [P-GigabitEthernet2/1/1] ip address 10.1.1.2 24 [P-GigabitEthernet2/1/1] mpls enable [P-GigabitEthernet2/1/1] mpls ldp enable [P-GigabitEthernet2/1/1] quit # Configure GigabitEthernet 2/1/2 (the interface connected to PE 2), and enable LDP on the interface. [P] interface gigabitethernet 2/1/2 [P-GigabitEthernet2/1/2] ip address 10.2.2.2 24 [P-GigabitEthernet2/1/2] mpls enable [P-GigabitEthernet2/1/2] mpls ldp enable [P-GigabitEthernet2/1/2] quit # Configure OSPF on the P device for LDP to create LSPs.
Page 417: Configuring A Remote Ccc Connection
[PE2-bgp] peer 192.2.2.2 as-number 100 [PE2-bgp] peer 192.2.2.2 connect-interface loopback 0 [PE2-bgp] address-family l2vpn [PE2-bgp-l2vpn] peer 192.2.2.2 enable [PE2-bgp-l2vpn] quit [PE2-bgp] quit # Create a cross-connect group named vpnb, create a local site named site 1, create a BGP PW from site 1 to the remote site site 2, and bind GigabitEthernet 2/1/1 to the PW.
Page 418 Figure 103 Network diagram Table 39 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 GE2/1/1 100.1.1.1/24 Loop0 192.4.4.4/32 PE 1 Loop0 192.2.2.2/32 GE2/1/1 10.1.1.2/24 GE2/1/1 GE2/1/2 10.2.2.2/24 GE2/1/2 10.1.1.1/24 PE 2 Loop0 192.3.3.3/32 CE 2 GE2/1/1 100.1.1.2/24...
Page 419 # Configure OSPF. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 192.2.2.2 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Create a cross-connect group named ccc, create a remote CCC connection that has incoming label 101, outgoing label 201, and next hop 10.1.1.2, and bind GigabitEthernet 2/1/1 to the CCC connection.
Page 420 Configure PE 2: # Configure an LSR ID. <PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 192.3.3.3 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 192.3.3.3 # Enable L2VPN. [PE2] l2vpn enable # Configure GigabitEthernet 2/1/2 (the interface connected to the P device), and enable MPLS on the interface.
Page 421: Configuring An Intra-Domain Multi-Segment Pw
# Display L2VPN PW information on PE 2. The output shows that a remote CCC connection has been established. [PE2] display l2vpn pw Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon Total number of PWs: 1, 1 up, 0 blocked, 0 down, 0 defect Xconnect-group Name: ccc Peer...
Page 422 [CE1-GigabitEthernet2/1/1] ip address 100.1.1.1 24 [CE1-GigabitEthernet2/1/1] quit Configure PE 1: # Configure an LSR ID. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.2.2.2 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 192.2.2.2 # Enable L2VPN. [PE1] l2vpn enable # Configure MPLS TE to establish an MPLS TE tunnel between PE 1 and P. For more information, see "Configuring MPLS TE."...
Page 423 [P-xcg-vpn1-ldpsvc-192.3.3.3-1000] quit [P-xcg-vpn1-ldpsvc] quit [P-xcg-vpn1] quit Configure PE 2: # Configure an LSR ID. <PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 192.3.3.3 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 192.3.3.3 # Enable L2VPN. [PE2] l2vpn enable # Configure MPLS TE to establish an MPLS TE tunnel between P and PE 2. For more information, see "Configuring MPLS TE."...
Page 424: Configuring An Inter-Domain Multi-Segment Pw
Peer PW ID In/Out Label Proto Flag Link ID State 192.4.4.4 1000 1150/1279 # Display L2VPN PW information on PE 2. The output shows that a PW has been created. [PE2] display l2vpn pw Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon Total number of PWs: 1, 1 up, 0 blocked, 0 down, 0 defect Xconnect-group Name: vpn1 Peer...
Page 425 Device Interface IP address Device Interface IP address PE 2 Loop0 192.4.4.4/32 ASBR 2 Loop0 192.3.3.3/32 GE2/1/2 22.2.2.1/24 GE2/1/1 26.2.2.3/24 CE 2 GE2/1/1 100.1.1.2/24 GE2/1/2 22.2.2.3/24 Configuration procedure Configure CE 1. <CE1> system-view [CE1] interface gigabitethernet 2/1/1 [CE1-GigabitEthernet2/1/1] ip address 100.1.1.1 24 [CE1-GigabitEthernet2/1/1] quit Configure PE 1: # Configure an LSR ID.
Page 426 [PE1-xcg-vpn1-ldp] quit [PE1-xcg-vpn1] quit Configure ASBR 1: # Configure an LSR ID. <ASBR1> system-view [ASBR1] interface loopback 0 [ASBR1-LoopBack0] ip address 192.2.2.2 32 [ASBR1-LoopBack0] quit [ASBR1] mpls lsr-id 192.2.2.2 # Enable L2VPN. [ASBR1] l2vpn enable # Enable global LDP. [ASBR1] mpls ldp [ASBR1-ldp] quit # Configure GigabitEthernet 2/1/2 (the interface connected to PE 1), and enable LDP on the interface.
Page 427 # Create a cross-connect group named vpn1, create a cross-connect named ldp in the group, and create two LDP PWs for the cross-connect to form a multi-segment PW. [ASBR1] xconnect-group vpn1 [ASBR1-xcg-vpn1] connection ldp [ASBR1-xcg-vpn1-ldp] peer 192.1.1.1 pw-id 1000 [ASBR1-xcg-vpn1-ldp-192.1.1.1-1000] quit [ASBR1-xcg-vpn1-ldp] peer 192.3.3.3 pw-id 1000 [ASBR1-xcg-vpn1-ldp-192.3.3.3-1000] quit [ASBR1-xcg-vpn1-ldp] quit...
Page 428 [ASBR2-bgp-ipv4] peer 26.2.2.2 enable [ASBR2-bgp-ipv4] peer 26.2.2.2 route-policy policy1 export [ASBR2-bgp-ipv4] peer 26.2.2.2 label-route-capability [ASBR2-bgp-ipv4] quit [ASBR2-bgp] quit [ASBR2] route-policy policy1 permit node 1 [ASBR2-route-policy-policy1-1] apply mpls-label [ASBR2-route-policy-policy1-1] quit # Create a cross-connect group named vpn1, create a cross-connect named ldp in the group, and create two LDP PWs for the cross-connect to form a multi-segment PW.
Page 429 [PE2] xconnect-group vpn1 [PE2-xcg-vpn1] connection ldp [PE2-xcg-vpn1-ldp] ac interface gigabitethernet 2/1/1 [PE2-xcg-vpn1-ldp] peer 192.3.3.3 pw-id 1000 [PE2-xcg-vpn1-ldp-192.3.3.3-1000] quit [PE2-xcg-vpn1-ldp] quit [PE2-xcg-vpn1] quit Configure CE 2. <CE2> system-view [CE2] interface gigabitethernet 2/1/1 [CE2-GigabitEthernet2/1/1] ip address 100.1.1.2 24 [CE2-GigabitEthernet2/1/1] quit Verifying the configuration # Display L2VPN PW information on PE 1.
Page 430 Xconnect-group Name: vpn1 Peer PW ID In/Out Label Proto Flag Link ID State 192.3.3.3 1000 1279/1150 # Verify that CE 1 and CE 2 can ping each other. (Details not shown.)
Page 431: Configuring Mpls Oam
Configuring MPLS OAM Overview MPLS Operation, Administration, and Maintenance (OAM) provides fault management tools for the following: MPLS data plane connectivity verification. • Data plane and control plane consistency verification. • Fault locating. • These fault management tools include the following types: On-demand tools—Tools that need to be triggered manually, such as MPLS ping and MPLS •...
Page 432: Mpls Bfd
MPLS BFD MPLS BFD uses a BFD session to proactively verify the connectivity of an LSP tunnel, an MPLS TE tunnel, or a PW tunnel. MPLS BFD does the following: Establishes a BFD session between the ingress and egress of the tunnel to be inspected. Adds the label associated with the tunnel into a BFD control packet at the ingress.
Page 433: Configuring Mpls Ping For Lsps
Configuring MPLS ping for LSPs Perform the following task in any view: Task Command ping mpls [ -a source-ip | -c count | -exp exp-value | -h ttl-value | -m wait-time | -r reply-mode | -rtos tos-value | -s Use MPLS ping to verify MPLS LSP connectivity packet-size | -t time-out | -v ] * ipv4 dest-addr mask-length for an IPv4 prefix.
Page 434: Configuring Mpls Oam For Mpls Te Tunnels
The source address of the BFD session is the MPLS LSR ID of the local device. Before configuring BFD • for the LSP tunnel, configure an MPLS LSR ID for the local device and make sure a route is available on the remote device to reach the MPLS LSR ID.
Page 435: Configuring Mpls Bfd For Mpls Te Tunnels
Configuring MPLS BFD for MPLS TE tunnels To run BFD on an MPLS TE tunnel, configure both the local and remote devices as described in Table Table 43 Configurations on the local and remote devices BFD session Execute the Execute the "mpls bfd Configure the establishment Node type...
Page 436: Configuring Mpls Ping For A Pw
The packets used to verify PW connectivity are collectively referred to as VCCV packets. A PE transfers VCCV packets through a control channel (CC). CCs include the following types: control-word—Identifies VCCV packets through the control word (PW-ACH, PW Associated • Channel Header).
Page 437 Step Command Remarks Enter system view. system-view Enable MPLS BFD. mpls bfd enable By default, MPLS BFD is disabled. By default, no PW class is created. To use BFD to verify connectivity of a Create a PW class and enter pw-class class-name PW, you must create a PW class for PW class view.
Page 438: Displaying Mpls Oam
Displaying MPLS OAM Execute display commands in any view. Task Command Display BFD information for LSP tunnels display mpls bfd [ ipv4 dest-addr mask-length | te tunnel or MPLS TE tunnels. tunnel-number ] Display BFD information for PWs. display l2vpn pw bfd [ peer peer-ip pw-id pw-id ] BFD for LSP configuration example Network requirements Use LDP to establish an LSP from 1.1.1.9/32 to 3.3.3.9/32 and an LSP from 3.3.3.9/32 to 1.1.1.9/32.
Page 439 [RouterC] ospf [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [RouterC-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit Enable MPLS and LDP: # Configure Router A. [RouterA] mpls lsr-id 1.1.1.9 [RouterA] mpls ldp [RouterA-ldp] quit [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] mpls enable [RouterA-GigabitEthernet2/1/1] mpls ldp enable [RouterA-GigabitEthernet2/1/1] quit # Configure Router B.
Page 440 FEC Type: LSP FEC Info: Destination: 1.1.1.9 Mask Length: 32 NHLFE ID: - Local Discr: 513 Remote Discr: 513 Source IP: 1.1.1.9 Destination IP: 3.3.3.9 Session State: Up Session Role: Active Template Name: - FEC Type: LSP FEC Info: Destination: 3.3.3.9 Mask Length: 32 NHLFE ID: 1042 Local Discr: 514...
Page 441: Configuring Mpls Protection Switching
Configuring MPLS protection switching In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. Overview MPLS Protection Switching (PS) provides an end-to-end linear protection mechanism for MPLS TE tunnels.
Page 442: Protection Switching Modes
Protection switching modes MPLS PS supports the following protection switching modes: 1:1 protection switching—Typically, traffic travels along the working tunnel. When either of the • following occurs, the ingress node selects the traffic forwarding tunnel (working or protection tunnel) according to the protection state: The ingress or egress node detects a failure on the working tunnel.
Page 443: Mpls Protection Switching Configuration Task List
MPLS protection switching configuration task list Before configuring MPLS protection switching, create two MPLS TE tunnels: one as the working tunnel, and the other as the protection tunnel. For information about creating an MPLS TE tunnel, see "Configuring MPLS TE." To configure MPLS protection switching, perform the following tasks: Tasks at a glance Remarks...
Page 444: Creating A Protection Group
• for the tunnel bundle interface are configured and at least one of its member interfaces is up. HP recommends configuring the same tunnel destination address for the tunnel bundle interface • and its member interfaces. If they have different tunnel destination addresses, make sure the member interfaces have a route to the tunnel bundle interface.
Page 445: Configuring Ps Attributes For The Protection Group
Step Command Remarks (Optional.) Configure By default, the expected expected bandwidth of the bandwidth bandwidth-value bandwidth is 64 kbps. tunnel bundle interface. (Optional.) Specify a service card for forwarding the traffic By default, no service card is service slot slot-number on the tunnel bundle interface specified.
Page 446: Configuring Command Switching For The Protection Group
Step Command Remarks This command can be configured only on the tunnel bundle interface in 1:1 protection switching mode. Configure the protection group By default, the protection group in protection switching-mode bidirectional path 1:1 protection switching mode uses bidirectional switching. unidirectional path switching.
Page 447: Mpls Protection Switching Configuration Example
[ description | down ] ] Display the forwarding state information for MPLS protection groups display mpls forwarding protection [ tunnel-bundle number ] (MSR2000/MSR3000). Display the forwarding state information for display mpls forwarding protection [ tunnel-bundle number ] MPLS protection groups (MSR4000).
Page 448 Figure 107 Network diagram Configuration procedure Configure IP addresses and masks for interfaces as shown in Figure 107. (Details not shown.) Create MPLS TE tunnels on Router A: # Create two MPLS TE tunnels (Tunnel 1 and Tunnel 2) to Router D. For more information, see "Configuring MPLS TE."...
Page 449 Output queue - Urgent queuing: Size/Length/Discards 0/100/0 Output queue - Protocol queuing: Size/Length/Discards 0/500/0 Output queue - FIFO queuing: Size/Length/Discards 0/75/0 Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops Configure a tunnel bundle interface for the protection group:...
Page 450 514/514 1.1.1.1 127.0.0.1 1127ms Tunnel2 Configure a static route to 4.4.4.4/32 through Tunnel-Bundle 0. [RouterA] ip route-static 4.4.4.4 32 tunnel-bundle 0 preference 1 Verifying the configuration # Execute the display tunnel-bundle command on Router A to display information about the tunnel bundle interface and its member interfaces.
Page 451: Support And Other Resources
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...
Page 452: Conventions
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 453 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Page 454 Configuring the PSC message sending interval,437 Configuring HoVPN,204 Configuring traffic forwarding,77 Configuring inter-AS IPv6 VPN,314 Configuring TTL propagation,7 Configuring inter-AS VPN,198 Contacting HP,442 Configuring interworking for a cross-connect,389 Conventions,443 Configuring LDP backoff,27 Creating a protection group,435 Configuring LDP FRR,35 Configuring LDP GR,33...
Page 455 Displaying and maintaining IPv6 MPLS L3VPN,325 MPLS protection switching configuration example,438 Displaying and maintaining LDP,36 MPLS protection switching configuration task list,434 Displaying and maintaining MPLS,10 MPLS TE configuration examples,87 Displaying and maintaining MPLS L2VPN,390 MPLS TE configuration task list,63 Displaying and maintaining MPLS L3VPN,219 Displaying and maintaining MPLS protection Overview,136...

This manual is also suitable for:

Msr2003 Msr3044 Msr3064 Msr3012 Msr4000 Msr4060 ... Show all

HP MSR2000 Configuration Manual

Quick Links

Related Manuals for HP MSR2000

Summary of Contents for HP MSR2000