Page 2
ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by contractual confidentiality obligations. All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE CORPORATION or of their respective owners.
About This Manual Purpose This manual is the ZXR10 5900E Series (V3.00.11) Easy-Maintenance MPLS Routing Switch Configuration Guide (VPN), which is applicable to the ZXR10 5900E (V3.00.11) series switches. Intended Audience This manual is intended for: Network planning engineer Debugging engineer...
Page 6
This page intentionally left blank. SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Since label switching is used in network, the IP addresses used by users in their Local Area Networks (LAN) can be repeated. In this way, IP resource utilization rate is improved. 3. Improve network speed SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Page 8
ZXR10 5900E Series Configuration Guide (VPN) Since label switching is used, the time for address search in each hop process is shortened. In this way, the time of data transmission time is reduced in network, and the network speed is improved.
Page 9
ID). Router IP address is a public address. If the type domain is 2, the administrator domain contain four bytes Autonomous à System ID. AN field: The number assigned by a network operator SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Page 10
ZXR10 5900E Series Configuration Guide (VPN) If the type field is 0, AN field covers four bytes. à If the type field is 1, AN field covers two bytes. à If the type field is 2, AN field covers two bytes.
{ipv4|ipv6} This activates IPv4 or IPv6 ZXR10(config-vrf-vrf-name)# address family. route-target [ This creates route-target ZXR10(config-vrf-vrf-name-af-ipv4)# import | export | both]<extended-community> extension community attribute route-target [ relating to VRF. ZXR10(config-vrf-vrf-name-af-ipv6)# import | export | both]<extended-community> SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Page 12
ZXR10 5900E Series Configuration Guide (VPN) Step Command Function interface < interface-name> This enters interface ZXR10(config)# configuration mode. ip vrf forwarding < This associates interface to ZXR10(config-if-interface-name)# vrf-name> VRF. Delete the existent IP address of the interface before using this command.
Page 14
ZXR10 5900E Series Configuration Guide (VPN) PE1(config-bgp-af-ipv4-vrf)#redistribute static PE1(config-bgp-af-ipv4-vrf)#exit Configuring RIP Protocol Between CE and PE To run RIP between CE and PE, perform the following steps on ZXR10 5900E. Step Command Function router rip This enters RIP configuration mode.
ZXR10 5900E Series Configuration Guide (VPN) Configuring OSPF between CE and PE To run OSPF between CE and PE, perform the following steps on ZXR10 5900E. Step Command Function router ospf < process-id>[ vrf < vrf-name>] This enters OSPF VRF ZXR10(config)# configuration mode.
5,100-byte ICMP echos to 10.1.1.1,timeout is 2 seconds. !!!!! Success rate is 100 percent(5/5),round-trip min/avg/max= 0/0/10 ms. Configuring EBGP between CE and PE To configure EBGP between a CE and a PE, perform the following steps on ZXR10 5900E. 1-11 SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5900E Series Configuration Guide (VPN) Step Command Function router bgp < as-number> This enters into BGP route ZXR10(config)# configuration mode. address-family ipv4 vrf < vrf-name> This enters into the ZXR10(config-bgp)# corresponding VRF address family configuration mode. neighbor < ip-address>...
ZXR10(config-bgp)# family configuration mode. neighbor <ip-address> This activates vpnv4 ability of ZXR10(config-bgp-af-vpnv4)# neighbor. activate Configuration Example As shown in Figure 1-5, run MPBGP between PE1 and PE2. Figure 1-5 MPBGP Protocol Configuration 1-13 SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Page 20
ZXR10 5900E Series Configuration Guide (VPN) Caution! Before perform the following configurations, make sure that PE1 and PE2 can be ping each other by using their loopback addresses. PE1 configuration, PE1(config)#router bgp 100 PE1(config-bgp)#neighbor 1.1.1.3 remote-as 100 PE1(config-bgp)#neighbor 1.1.1.3 activate PE1(config-bgp)#neighbor 1.1.1.3 update-source loopback1...
1-6. P acts as router reflector (RR), the loopback1 address of PE1 is 61.139.36.34/32, the loopback2 address of PE2 is 61.139.36.35/32, and the loopback1 address of P is 61.139.36.31/32. Figure 1-6 RR Configuration Example Topology Configuration Requirements 1-15 SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Page 22
ZXR10 5900E Series Configuration Guide (VPN) Make sure that PE1 and PE2 can learn loopback addresses between each other. à PE1 and PE2 establish LDP neighborhood with RR respectively. RR establishes MP-IBGP neighborhood with PE1 and PE2 respectively. PE1 à...
Routes of vpn: status codes: *valid, >best, s-stale Dest NextHop Intag Outtag RtPrf Protocol *>10.10.0.0/16 30.1.2.1 164963 163863 bgp-int 1.1.3 Maintaining MPLS VPN To maintain MPLS VPN, use the following commands on ZXR10 5900E. 1-17 SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5900E Series Configuration Guide (VPN) Command Function ping [ vrf < vrf-name>]< ip-address> This inspects network connectivity. ZXR10# show ip vrf [[[ brief | detail ][< vrf-name>]]| summary] This shows VRF information. ZXR10# show ip protocol routing vrf <vrf-name>[network This shows VRF routing table.
ZXR10 5900E Series Configuration Guide (VPN) Configuration Thought 1. Configure the IP addresses of loopback and physical interfaces on CE1. Configure OSPF route. 2. Advertise the loopback interface IP address and the direct-connected network segment in OSPF. 3. Set up SHAM-LINK.
Site 1 connects to AS100, and site 2 connects to AS200. Both site 1 and site 2 provide MPLS VPN. To set up MPLS VPN connection between site 1 and site 2, back-to-back (VRF—VRF) is used. This is the simplest mode to realize VPN between ASs. 1-27 SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5900E Series Configuration Guide (VPN) Figure 1-9 MPLS VPN Cross-Domain Configuration Example Configuration Thought 1. All of PE1, PE2 and PE3, PE4 have VPN1. The RD is 1:1, and the RT is 1:1. 2. Establish LDP, IGP and MPIGP neighborhoods between PE1 and PE2. Establish LDP, IGP and MP-IBGP neighborhoods between PE3 and PE4.
Page 35
Enable LDP between PE3 and PE4 to establish LSP. Configuration Verification Use show bgp vpnv4 unicast vrf vpn1 summary on PE1 to view the EBGP neighborhood establishing with 100.1.1.2. PE1#show bgp vpnv4 unicast vrf vpn1 summary 1-29 SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Page 36
ZXR10 5900E Series Configuration Guide (VPN) Neighbor MsgRcvd MsgSend Up/Down State/PfxRcd 100.1.1.2 65000 00:10:00 Use show bgp vpnv4 unicast neighbor 1.2.3.4 on PE2 to view the configuration, PE2#show bgp vpnv4 unicast neighbor 1.2.3.4 BGP neighbor is 1.2.3.4, remote AS 100, external link BGP version 4, remote router ID 1.2.3.4...
Page 37
For address family: IPv6 Multicast no activate Weight is 0 All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes All sent nlri 0, unnlri 0, 0 advertised prefixes Maximum limit 4294967295 1-31 SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Page 38
ZXR10 5900E Series Configuration Guide (VPN) Threshold for warning message 75% For address family: VPNv6 Unicast no activate Weight is 0 All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes All sent nlri 0, unnlri 0, 0 advertised prefixes...
Page 39
0 IPv4 route-target end_of_ribs, 0 notifications For address family: IPv4 Unicast Weight is 0 All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes All sent nlri 0, unnlri 0, 0 advertised prefixes Maximum limit 4294967295 1-33 SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Page 40
ZXR10 5900E Series Configuration Guide (VPN) Threshold for warning message 75% For address family: IPv4 Multicast no activate Weight is 0 All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes All sent nlri 0, unnlri 0, 0 advertised prefixes...
By means of the aggregation-address command in BGP vrf address family mode, BGP protocol can aggregate the learnt VPN routes to a route for advertising. In this way, the route entries in VPN routing table can be reduced observably. 1-35 SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
150.2.0.0/16 to PE1 respectively. PE1 aggregates two routes to 150.0.0.0/8, and then advertises it to PE2. After that, PE2 only learns the aggregated route 150.0.0.0/8. Figure 1-10 MPLS VPN Route Aggregation Configuration Example Topology Device Interface Name Address gei-0/1/1/1 (vlan1) 20.0.0.2/24 1-37 SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Page 44
ZXR10 5900E Series Configuration Guide (VPN) Device Interface Name Address gei-0/1/1/2 (vlan1) 20.0.0.1/24 gei-0/1/1/4 (vlan2) 30.0.0.1/24 gei-0/1/1/5 (vlan3) 10.0.0.1/24 gei-0/1/1/6 (vlan3) 10.0.0.2/24 gei-0/1/1/3 (vlan2) 30.0.0.2/24 Configuration Thought 1. Establish MP-BGP neighborhood between PE1 and PE2. The loopback address of PE1 is 1.1.1.1/32, and that of PE2 is 1.1.1.2/32.
When the total number of VRF routes exceeds the threshold warning-only value, give an alarm but not restrict the routes. 1.3.3 Maintaining VPN Route Restriction and Alarm To maintain VPN route restriction and alarm, use the following command on ZXR10 5900E. 1-41 SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Page 48
ZXR10 5900E Series Configuration Guide (VPN) Command Function This shows VRF configuration is show ip vrf detail ZXR10# detail. When the detailed information of the VRF is displayed, the information related to route restriction and alarm is displayed. The following is a sample output of the show ip vrf detail...
1-11, a L3VPN network is constructed. VRF named zte is configured on PE1, and its both of its RT and RD is 1:1. The interface int 1 is bound to VRF zte. The IP address of int 1 is 10.1.1.1/24, and that of port 1 is 10.1.1.2/24. CE1 accesses to PE1 through EBGP.
Page 50
Use show bgp vpnv4 unicast vrf zte summary on PE1 to view whether the neighborhood between PE1 and CE1 is established. 2. Configure the maximum value of VRF zte routes is 100 on PE1, and the route alarm threshold value is 60%.
Page 51
5. CE1 continues to advertise 30 route entries to PE1. There are 100 EBGP route entries (It exceeds 100 of alarm threshold value). Use show ip protocol routing vrf-summary zte on PE1 to view the 100 VRF EBGP route entries. PE1(config)#show ip protocol routing vrf-summary zte...
Page 52
PE1(config-vrf-zte-af-ipv4)#exit View the number of current routes, route restriction value, and alarm threshold value of vrf zte on PE1. The total number of routes is 50, there is no alarm appears because the route threshold value is not exceeded. PE1(config)#show ip vrf detail zte VRF zte (VRF Id = 9);...
Page 53
Interface: vlan1 Advertise another 60 routes from CE1. The number of routes exceeds the threshold value. PE1 displays the corresponding alarm. VRF zte of PE1 does not restrict extra routes. An alarm 200310 ID 162 level 3 cleared at 09:54:59 06-06-2014 sent by ZXR10 MP-0/T1/0 %L3VPN% Routes limit is reached.
To connect all the user LANs and provide L2 switch service, it emulates operator network to a LAN switch or bridge. The difference between VPLS and VPWS is that VPWS provides point to point service only while VPLS provides point to multi-points SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5900E Series Configuration Guide (VPN) services. That is, CE device on VPWS selects a virtual wire to send data to a user site, while CE device on VPLS sends all data to its PE device connecting only. MPLS L2VPN Principle VPWS: VPWS is to establish a special line and provide Layer 2 transparent transmission service on the basis of MPLS network.
L2VPN instance and member information can be configured only when the L2VPN service is enabled. Configuring an MSPW The Multi-Segment Pseudo-Wire (MSPW) is an emulational end-to-end pseudo wire established between two PEs. To configure an MSPW on the ZXR10 5900E, perform the following steps: SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Page 58
ZXR10 5900E Series Configuration Guide (VPN) Step Command Function mspw <instance-name>[for {ethernet Creates an MSPW instance. ZXR10(config)# {tagged|raw}|fr {port|dlci|dlci-old}|tdm {aal1|aal2|satop {e1|e3|t1|t3}|cesopsn {basic|cas}|sonet-sdh {cesom|ceop}}|atm {port|vpc|vcc|vpc-group|vcc-group|sdu|pdu}|ip|hdlc|ppp}] pseudo-wire <pw-name> Binds the MSPW instance to ZXR10(config-mspw)# the PW interface. Describes the MSPW instance. description<description>...
Default-VC ID Default VC ID of the VPLS instance Number of PWs Number of ACs description Description of the VPN The following is sample output from the show l2vpn summary command: ZXR10(config)#show l2vpn summary SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Page 60
ZXR10 5900E Series Configuration Guide (VPN) The summary information about configured L2VPN: vpn type configure/maximum VPLS 1/4095 VPWS 1/4095 MSPW 1/8192 For a description of the parameters in the execution result, refer to the following table: Parameter Description vpn type...
It is also called emulation circuit. TAG is added by service provider to distinguish users. It is called Service Delimiting (SDT), also called PTAG. VPLS working principle is shown in Figure 2-3. SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5900E Series Configuration Guide (VPN) Figure 2-3 VPLS Working Principle VPLS working flow is described below. VPLS establishes full connection of PW among the VPLS instances of PE1, PE2 and PE3. All the VPLS instances belonging to a VPLS domain use the same VCID.
Enables the mac-withdraw function. mac-withdraw ZXR10(config-vpls)# access- Configures the Ethernet parameters for the ZXR10(config-vpls-zte-ac-vlan2)# params ethernet Configures the PW. pw pw1 ZXR10(config)# vpls zte ZXR10(config)# pseudo-wire pw1 ZXR10(config-vpls-zte)# neighbor ZXR10(config-vpls-zte-pw-pw1)# <ipv4-address>[ vcid <1-4294967295>] SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Page 64
ZXR10 5900E Series Configuration Guide (VPN) Step Command Function Configures the application tunnel policy for ZXR10(config-vpls-zte-pw-pw1- the PW. tunnel-policy neighbour-1.1.1.1)# <policy-name> Configures the signaling type for the PW. pseudo-wire pw1 ZXR10(config-vpls-zte)# neighbour ZXR10(config-vpls-zte-pw-pw1)# 1.1.1.1 vcid 100 ZXR10(config-vpls-zte-pw-pw1- signal {dynamic|static neighbour-1.1.1.1)# local-label <16-1048575>...
<instance-name>]|[peer <ipv4-address>]}[detail] the instance name. Displays the brief information about the PW. show pwe3 signal ZXR10# show pwe3 signal fec128 {detail [local-label Displays the detailed information of the PW. ZXR10# <16-1048575>| peer <peerip>] 2-11 SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Page 66
ZXR10 5900E Series Configuration Guide (VPN) Command Function Displays the signaling status statistics show pwe3 signal statistics ZXR10# information of each type of PW. The following is sample output from the show l2vpn brief command: VPLS count:1 VPWS count:1 MSPW count:1...
Page 68
ZXR10 5900E Series Configuration Guide (VPN) 100.100.1.2 ethernet fei-0/1/0/4 81920 Ready ^^^^^^^^ VPWS:1 fei-0/1/0/3 81920 LMNSA. ZXR10(config)# For a description of the parameters in the execution result, refer to the following table: show Command Output Description Neighbourhood Peer address AGI/VC-ID...
Page 69
The following is sample output from the show pwe3 signal statistics command: ZXR10(config)#show pwe3 signal statistics The statistics of dynamic PWs or PW-segments: Headers : APP - application instance of PW, C-bit - the PWs using control word, ether - the ethernet raw PWs, 2-15 SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Page 70
ZXR10 5900E Series Configuration Guide (VPN) vlan - the ethernet tagged PWs, others - the non-ethernet PWs, used - signal procedures succeeded and VC-LSPs or transit-LSPs formed Codes : ?application instance not configured ----+-----+-----------------+----------------------+---------------- type|count|all dynamic PWs |used dynamic PWs |unused dynamic PWs...
Page 73
S UP 81920 81920 L:test 1.1.1.2 128 Ethernet S UP 81921 81921 L:test PE1(config)#show l2vpn summary The summary information about configured L2VPN: vpn type configure/maximum VPLS 1/4095 VPWS 0/4095 MSPW 0/8192 VLSS 0/8000 2-19 SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5900E Series Configuration Guide (VPN) PE2: PE2(config)#show l2vpn forwardinfo Headers: PWType - Pseudo Wire type and Pseudo Wire connection mode Llabel - Local label, Rlabel - Remote label VPNowner - Owner type and instance name Codes : H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW...
PW. Configures the redundancy protect-type ZXR10(config-vpws-zte-pw-pw1-rm)# {1+1|1:1}{bidirectional|unidirectional}[receiving protection mode for the PW. {selective|both}] protect-strategy {aps|mc-aps {master|backup}} Configures the standby PW and exit ZXR10(config-vpws-zte-pw-pw1-rm)# protection relationship. exit ZXR10(config-vpws-zte-pw-pw1)# backup-pw <pw-name> protect ZXR10(config-vpws-zte)# <pw-name> 2-21 SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Page 76
ZXR10 5900E Series Configuration Guide (VPN) Step Command Function Configures the standby PW. neighbour ZXR10(config-vpws-zte-protect-pw2)# <ipv4-address>[ vcid <1-4294967295>] Enables the use of the control ZXR10(config-vpws-zte-pw-pw1-neighbour-1.1.1.2)# word for the PW. ontrol-word preferred Enables the VCCV function for ZXR10(config-vpws-zte-pw-pw1-neighbour-1.1.1.2)# ccv bfd capability {basic|status} encapsulation {raw|ip} the PW.
PW interface type is dynamic dynamic PW interface type is static static <16-1048575> Range of the PW label 2.3.3 Maintaining VPWS Instances To maintain VPWS instances on the ZXR10 5900E, run the following command: 2-23 SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Page 78
ZXR10 5900E Series Configuration Guide (VPN) Command Function Displays the list of LSVPN show l2vpn brief ZXR10# instances and the number of AC and PW interfaces bound to L2VPN instances. Displays the number of L2VPN show l2vpn summary ZXR10# instances.
Page 79
Labels - local label (in label) and remote label (out label) Codes : L - Local configured; M - Mapping received; N - Negotiated; S - mapping Sent; A - AC ready (VPWS) or service Attached (VPLS/MSPW); C - Control word used; 2-25 SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Page 80
ZXR10 5900E Series Configuration Guide (VPN) - PW signal procedures succeeded and both VC-LSPs formed; Down - PW not UP; Vague - session state is not UP; Ready - session state is UP; - session state is not UP and PW's remote label is staling;...
Page 81
Whether the signalling negotiation is successful Sent Whether local end sends a mapping message to the peer end AC ready Whether the binding interface is in up status (for VPWS) application Application information 2-27 SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
ZXR10 5900E Series Configuration Guide (VPN) show Command Output Description service-type Application type instance-id VPN instance ID LDP session LDP session state attachment-circuit Name of the binding interface (VPWS binding interface) local-description Description of the local interface (interface name) remote-description...
Page 84
ZXR10 5900E Series Configuration Guide (VPN) ZXR10(config-if-vlan2)#exit ZXR10(config)#mpls l2vpn enable ZXR10(config)#vpws test ZXR10(config-vpws-test)#mtu 100 ZXR10(config-vpws-test)#access-point vlan2 ZXR10(config-vpws-test-ac-vlan2)#access-params ethernet ZXR10(config-vpws-test-ac-vlan2-eth)#exit ZXR10(config-vpws-test-ac-vlan2)#exit ZXR10(config)#pseudo-wire pw1 ZXR10(config-vpws-test-pw-pw1)#neighbour 1.1.1.1 vcid 100 ZXR10(config-vpws-test-pw-pw1-neighbour-1.1.1.1)#exit ZXR10(config-vpws-test-pw-pw1)#exit ZXR10(config-vpws-test)#exit ZXR10(config)# Configuration Verification Run the show l2vpn forwardinfo command to verify that the VPWS PW is configured successfully on the switch.
Page 88
Tables This page intentionally left blank. SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Page 89
- Internet Engineering Task Force ILMI - Interim Local Management Interface - Internet Protocol IS-IS - Intermediate System-to-Intermediate System - Internet Service Provider - Local Area Network - Local Management Interface - Label Switched Path SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...
Page 90
ZXR10 5900E Series Configuration Guide (VPN) - Link State Packet - Metropolitan Area Network MC-ELAM - Multi-Chassis Ethernet Link Aggregation Manager MPLS - Multiprotocol Label Switching - Network Address Translation OSPF - Open Shortest Path First - Provider Edge - Pseudo Wire...
Page 91
Glossary - Virtual Private Network VPWS - Virtual Private Wire Service - Virtual Route Forwarding - Wide Area Network SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential...