1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526
HP 6127XLG Blade Switch Series
MPLS
Part number: 797711-001
Software version: Release 2418P03
Document version: 6W100-20150806

Advertising

   Also See for HP 6127xlg

   Related Manuals for HP 6127xlg

   Summary of Contents for HP 6127xlg

  • Page 1: Configuration Guide

    HP 6127XLG Blade Switch Series MPLS Configuration Guide Part number: 797711-001 Software version: Release 2418P03 Document version: 6W100-20150806...

  • Page 2

    The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents Configuring basic MPLS ·············································································································································· 1   Overview ············································································································································································ 1   Basic concepts ·························································································································································· 1   MPLS network architecture ······································································································································ 3   LSP establishment ······················································································································································ 3   MPLS forwarding ······················································································································································ 4   PHP ············································································································································································· 5   Protocols and standards ·········································································································································· 5  ...

  • Page 4: Table Of Contents

    Configuring a label advertisement policy ··················································································································· 29   Configuring a label acceptance policy ······················································································································· 30   Configuring LDP loop detection ···································································································································· 31   Configuring LDP session protection ······························································································································ 31   Configuring LDP GR ······················································································································································· 32   Configuring LDP NSR ····················································································································································· 32  ...

  • Page 5: Table Of Contents

    Configuring a bypass tunnel on the PLR ············································································································· 78   Configuring node fault detection ························································································································· 82   Configuring the optimal bypass tunnel selection interval ·················································································· 82   Displaying and maintaining MPLS TE ·························································································································· 83   MPLS TE configuration examples ·································································································································· 84  ...

  • Page 6: Table Of Contents

    Tunnel selection order configuration example ································································································· 158   Preferred tunnel and tunnel selection order configuration example ······························································ 158   Configuring MPLS L3VPN ······································································································································· 161   Overview ······································································································································································· 161   Basic MPLS L3VPN architecture ························································································································· 161   MPLS L3VPN concepts ········································································································································ 162  ...

  • Page 7: Table Of Contents

    Configuring IPv6 MPLS L3VPN ······························································································································ 275   Overview ······································································································································································· 275   IPv6 MPLS L3VPN packet forwarding ··············································································································· 275   IPv6 MPLS L3VPN routing information advertisement ····················································································· 276   IPv6 MPLS L3VPN network schemes and features ··························································································· 276   Protocols and standards ····································································································································· 277  ...

  • Page 8: Table Of Contents

    Configuring a BGP PW ······································································································································ 347   Configuring a remote CCC connection ············································································································ 351   Configuring LDP PW redundancy ······················································································································ 354   Configuring an intra-domain multi-segment PW ······························································································ 360   Configuring an inter-domain multi-segment PW ······························································································ 364   Configuring VPLS ···················································································································································· 371  ...

  • Page 9: Table Of Contents

      Displaying and maintaining IPv6 MCE······················································································································ 469   IPv6 MCE configuration example ······························································································································· 470   Support and other resources ·································································································································· 477   Contacting HP ······························································································································································ 477   Subscription service ············································································································································ 477   Related information ······················································································································································ 477   Documents ···························································································································································· 477  ...

  • Page 10: Configuring Basic Mpls

    Configuring basic MPLS Multiprotocol Label Switching (MPLS) provides connection-oriented label switching over connectionless IP backbone networks. It integrates both the flexibility of IP routing and the simplicity of Layer 2 switching. In this chapter, the term "interface" refers to a Layer 3 interface. It can be a VLAN interface or a Layer 3 Ethernet interface.

  • Page 11

    S—1-bit bottom of stack flag. A label stack can have multiple labels. The label nearest to the Layer • 2 header is called the top label, and the label nearest to the Layer 3 header is called the bottom label. The S field is set to 1 if the label is the bottom label and set to 0 if not. •...

  • Page 12: Mpls Network Architecture

    MPLS network architecture Figure 3 MPLS network architecture An MPLS network has the following types of LSRs: Ingress LSR—Ingress LSR of packets. It labels packets entering into the MPLS network. • Transit LSR—Intermediate LSRs in the MPLS network. The transit LSRs on an LSP forward packets to •...

  • Page 13: Mpls Forwarding

    Figure 4 Dynamic LSP establishment MPLS forwarding Figure 5 MPLS forwarding As shown in Figure 5, a packet is forwarded over the MPLS network in the following steps: Router B (the ingress LSR) receives a packet with no label. It then does the following: Identifies the FIB entry that matches the destination address of the packet.

  • Page 14: Protocols And Standards

    Forwards the labeled packet out of the outgoing interface VLAN-interface 30 to the next hop LSR Router D. When receiving the labeled packet, Router D (the egress) processes the packet as follows: Identifies the LFIB entry that has an incoming label of 50. Removes the label from the packet.

  • Page 15: Enabling Mpls

    By default, no LSR ID is configured. An LSR ID must be unique in an MPLS Configure an LSR ID for the local network and in IP address format. HP mpls lsr-id lsr-id node. recommends that you use the IP address of a loopback interface as an LSR ID.

  • Page 16: Specifying The Label Type Advertised By The Egress

    Configuration guidelines If the penultimate hop supports PHP, HP recommends that you configure the egress to advertise an implicit null label to the penultimate hop. If you want to simplify packet forwarding on the egress but keep labels to determine QoS policies, configure the egress to advertise an explicit null label to the penultimate hop.

  • Page 17: Configuring Ttl Propagation

    For BGP LSPs, the mpls label advertise command takes effect only for the BGP LSPs established after the command is executed. To apply the new setting to BGP LSPs established before the command is executed, delete the routes corresponding to the BGP LSPs, and then redistribute the routes. Configuration procedure To specify the type of label that the egress node will advertise to the penultimate hop: Step...

  • Page 18: Enabling Sending Of Mpls Ttl-expired Messages

    Figure 7 Without TTL propagation Follow these guidelines when you configure TTL propagation: HP recommends setting the same TTL processing mode on all LSRs of an LSP. • To enable TTL propagation for a VPN, you must enable it on all PE devices in the VPN, so that you •...

  • Page 19: Enabling Mpls Forwarding Statistics

    Enabling MPLS forwarding statistics MPLS label forwarding forwards a labeled packet based on its incoming label. Perform this task to enable MPLS label forwarding statistics and MPLS statistics reading, so that you can use the display mpls lsp verbose command to view MPLS label statistics. To enable MPLS label forwarding statistics: Step Command...

  • Page 20

    Task Command display mpls lsp [ egress | in-label label-value | ingress | outgoing-interface interface-type interface-number | protocol { bgp Display LSP information. | ldp | local | rsvp-te | static | static-cr } | transit ] [ vpn-instance vpn-instance-name ] [ ipv4-dest mask-length | ipv6 [ ipv6-dest prefix-length ] ] [ verbose ] Display MPLS Nexthop Information Base display mpls nib [ nib-id ]...

  • Page 21: Configuring A Static Lsp

    Configuring a static LSP Overview A static label switched path (LSP) is established by manually specifying the incoming label and outgoing label on each node (ingress, transit, or egress node) of the forwarding path. Static LSPs consume fewer resources, but they cannot automatically adapt to network topology changes. Therefore, static LSPs are suitable for small and stable networks with simple topologies.

  • Page 22: Displaying Static Lsps

    Step Command Remarks static-lsp ingress lsp-name destination If you specify a next hop for the Configure the dest-addr { mask | mask-length } { nexthop static LSP, make sure the ingress ingress node of the next-hop-addr | outgoing-interface node has an active route to the static LSP.

  • Page 23: Configuration Restrictions And Guidelines

    Configuration restrictions and guidelines For an LSP, the outgoing label specified on an LSR must be identical with the incoming label • specified on the downstream LSR. • LSPs are unidirectional. You must configure an LSP for each direction of the data forwarding path. A route to the destination address of the LSP must be available on the ingress node and the egress •...

  • Page 24: Verifying The Configuration

    # Configure the LSP egress node, Switch C. [SwitchC] static-lsp egress AtoC in-label 50 Configure a static LSP from Switch C to Switch A: # Configure the LSP ingress node, Switch C. [SwitchC] static-lsp ingress CtoA destination 11.1.1.0 24 nexthop 20.1.1.1 out-label # Configure the LSP transit node, Switch B.

  • Page 25: Configuring Ldp

    Configuring LDP Overview The Label Distribution Protocol (LDP) dynamically distributes FEC-label mapping information between LSRs to establish LSPs. Terminology LDP session Two LSRs establish a TCP-based LDP session to exchange FEC-label mappings. LDP peer Two LSRs that use LDP to exchange FEC-label mappings are LSR peers. Label spaces and LDP identifiers Label spaces include the following types: •...

  • Page 26: Ldp Operation

    Session messages—Establish, maintain, and terminate sessions between LDP peers, such as • Initialization messages used for parameter negotiation and Keepalive messages used to maintain sessions. • Advertisement messages—Create, alter, and remove FEC-label mappings, such as Label Mapping messages used to advertise FEC-label mappings. Notification messages—Provide advisory information and notify errors, such as Notification •...

  • Page 27: Label Distribution And Control

    Figure 9 Dynamically establishing an LSP Label distribution and control Label advertisement modes Figure 10 Label advertisement modes LDP advertises label-FEC mappings in one of the following ways: Downstream Unsolicited (DU) mode—Distributes FEC-label mappings to the upstream LSR, without • waiting for label requests.

  • Page 28

    Label distribution control LDP controls label distribution in one of the following ways: • Independent label distribution—Distributes an FEC-label mapping to an upstream LSR at any time. An LSR might distribute a mapping for an FEC to its upstream LSR before it receives a label mapping for that FEC from its downstream LSR.

  • Page 29

    LDP GR LDP GR overview LDP Graceful Restart (GR) enables an LSR to retain MPLS forwarding entries during an LDP restart, ensuring continuous MPLS forwarding. Figure 12 LDP GR As shown in Figure 12, GR defines the following roles: GR restarter—An LSR that performs GR. It must be GR-capable. •...

  • Page 30

    Marks the FEC-label mappings learned from the session as stale. Starts the Reconnect timer received from the GR restarter. After LDP completes restart, the GR restarter re-establishes an LDP session with the GR helper. If the LDP session is not set up before the Reconnect timer expires, the GR helper deletes the stale FEC-label mappings and the corresponding MPLS forwarding entries.

  • Page 31: Ldp-igp Synchronization

    LDP-IGP synchronization Basic operating mechanism LDP establishes LSPs based on the IGP optimal route. If LDP is not synchronized with IGP, MPLS traffic forwarding might be interrupted. LDP is not synchronized with IGP when one of the following occurs: A link is up, and IGP advertises and uses this link. However, LDP LSPs on this link have not been •...

  • Page 32: Protocols

    When IGP route convergence occurs, LDP establishes a new LSP according to the optimal path. If a new LSP is not established after IGP route convergence, traffic forwarding might be interrupted. Therefore, HP recommends that you enable LDP IGP synchronization to work with LDP FRR to reduce the traffic interruption time.

  • Page 33: Enabling Ldp

    Tasks at a glance (Optional.) Configuring LDP backoff (Optional.) Configuring LDP MD5 authentication (Optional.) Configuring an LSP generation policy (Optional.) Configuring the LDP label distribution control mode (Optional.) Configuring a label advertisement policy (Optional.) Configuring a label acceptance policy (Optional.) Configuring LDP loop detection (Optional.) Configuring LDP session protection...

  • Page 34: Configuring Hello Parameters

    Step Command Remarks If the interface is bound to a VPN instance, you must enable LDP for the VPN Enter interface view. interface interface-type interface-number instance by using the vpn-instance command in LDP view. By default, LDP is disabled Enable LDP on the interface. mpls ldp enable on an interface.

  • Page 35: Configuring Ldp Session Parameters

    Configuring LDP session parameters This task configures the following LDP session parameters: • Keepalive hold time and Keepalive interval. LDP transport address—IP address for establishing TCP connections. • LDP uses Basic Discovery and Extended Discovery mechanisms to discovery LDP peers and establish LDP sessions with them.

  • Page 36: Configuring Ldp Backoff

    Step Command Remarks Specify an LDP peer and enter LDP peer view. The device will By default, the device does not send unsolicited Targeted send Targeted Hellos to or targeted-peer peer-lsr-id Hellos to the peer and can receive Targeted Hellos from respond to Targeted Hellos sent any peer.

  • Page 37: Configuring An Lsp Generation Policy

    To configure LDP MD5 authentication: Step Command Remarks Enter system view. system-view • Enter LDP view: mpls ldp Enter LDP view or enter • Enter LDP-VPN instance view: LDP-VPN instance view. mpls ldp vpn-instance vpn-instance-name Enable LDP MD5 md5-authentication peer-lsr-id { cipher | By default, LDP MD5 authentication.

  • Page 38: Configuring A Label Advertisement Policy

    A label advertisement policy on an LSR and a label acceptance policy on its upstream LSR can achieve the same purpose. HP recommends that you use label advertisement policies to reduce network load if downstream LSRs support label advertisement control.

  • Page 39: Configuring A Label Acceptance Policy

    A label advertisement policy on an LSR and a label acceptance policy on its upstream LSR can achieve the same purpose. HP recommends using the label advertisement policy to reduce network load. You must create an IP prefix list before you configure a label acceptance policy. For information about IP prefix list configuration, see Layer 3—IP Routing Configuration Guide.

  • Page 40: Configuring Ldp Loop Detection

    Configuring LDP loop detection LDP detects and terminates LSP loops in the following ways: • Maximum hop count—LDP adds a hop count in a label request or label mapping message. The hop count value increments by 1 on each LSR. When the maximum hop count is reached, LDP considers that a loop has occurred and terminates the establishment of the LSP.

  • Page 41: Configuring Ldp Gr

    available, and the FEC-label mappings based on this session are not deleted. When the direct link recovers, the LDP peers do not need to re-establish the LDP session or re-learn the FEC-label mappings. When you enable the session protection function, you can also specify the session protection duration. If the Link Hello adjacency does not recover within the duration, LDP deletes the Targeted Hello adjacency and the LDP session.

  • Page 42: Configuring Ldp-ospf Synchronization

    You can execute the mpls ldp igp sync disable command to disable LDP-IGP synchronization on interfaces where LDP-IGP synchronization is not required. Configuring LDP-OSPF synchronization LDP-IGP synchronization is not supported for an OSPF process and its OSPF areas if the OSPF process belongs to a VPN instance.

  • Page 43: Configuring Ldp-isis Synchronization

    Step Command Remarks (Optional.) Disable LDP-IGP By default, LDP-IGP synchronization on the mpls ldp igp sync disable synchronization is not disabled interface. on an interface. Return to system view. quit Enter LDP view. mpls ldp (Optional.) Set the delay for By default, LDP immediately LDP to notify IGP of the LDP igp sync delay time...

  • Page 44: Configuring Ldp Frr

    Configuring LDP FRR LDP FRR is based on IP FRR, and is enabled automatically after IP FRR is enabled. For information about configuring IP FRR, see Layer 3—IP Routing Configuration Guide. Resetting LDP sessions Changes to LDP session parameters take effect only on new LDP sessions. To apply the changes to an existing LDP session, you must reset all LDP sessions by executing the reset mpls ldp command.

  • Page 45: Ldp Configuration Examples

    Task Command Display LDP-IGP synchronization display mpls ldp igp sync [ interface interface-type information. interface-number ] display mpls ldp lsp [ vpn-instance vpn-instance-name ] Display LDP LSP information. [ destination-address mask-length ] Display LDP running parameters. display mpls ldp parameter [ vpn-instance vpn-instance-name ] Display LDP peer and session display mpls ldp peer [ vpn-instance vpn-instance-name ] information.

  • Page 46

    # Configure Switch A. <SwitchA> system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit...

  • Page 47

    127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 127.0.0.1 InLoop0 224.0.0.0/4 Direct 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 127.0.0.1 InLoop0 Enable MPLS and LDP: # Configure Switch A. [SwitchA] mpls lsr-id 1.1.1.9 [SwitchA] mpls ldp [SwitchA-ldp] quit...

  • Page 48

    # On Switch B, create IP prefix list switchb, and configure LDP to use only the routes permitted by the prefix list to establish LSPs. [SwitchB] ip prefix-list switchb index 10 permit 1.1.1.9 32 [SwitchB] ip prefix-list switchb index 20 permit 2.2.2.9 32 [SwitchB] ip prefix-list switchb index 30 permit 3.3.3.9 32 [SwitchB] ip prefix-list switchb index 40 permit 11.1.1.0 24 [SwitchB] ip prefix-list switchb index 50 permit 21.1.1.0 24...

  • Page 49: Label Acceptance Control Configuration Example

    --- FEC: 21.1.1.0/24 ping statistics --- 5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max = 1/2/8 ms # Test the connectivity of the LDP LSP from Switch C to Switch A. [SwitchC] ping mpls -a 21.1.1.1 ipv4 11.1.1.0 24 MPLS Ping FEC: 11.1.1.0/24 : 100 data bytes 100 bytes from 10.1.1.1: Sequence=1 time=1 ms 100 bytes from 10.1.1.1: Sequence=2 time=1 ms...

  • Page 50

    To ensure that LDP establishes LSPs only for the routes 1 1.1.1.0/24 and 21.1.1.0/24, configure LSP • generation policies on each LSR. To ensure that LDP establishes LSPs only over the link Switch A—Switch B—Switch C, configure label • acceptance policies as follows: Switch A accepts only the label mapping for FEC 21.1.1.0/24 received from Switch B.

  • Page 51

    [SwitchC-Vlan-interface3] mpls ldp enable [SwitchC-Vlan-interface3] quit [SwitchC] interface vlan-interface 7 [SwitchC-Vlan-interface7] mpls enable [SwitchC-Vlan-interface7] mpls ldp enable [SwitchC-Vlan-interface7] quit # Configure Switch D. <SwitchD> system-view [SwitchD] mpls lsr-id 4.4.4.9 [SwitchD] mpls ldp [SwitchD-ldp] quit [SwitchD] interface vlan-interface 6 [SwitchD-Vlan-interface6] mpls enable [SwitchD-Vlan-interface6] mpls ldp enable [SwitchD-Vlan-interface6] quit [SwitchD] interface vlan-interface 7...

  • Page 52

    [SwitchD-ldp] quit Configure label acceptance policies: # On Switch A, create an IP prefix list prefix-from-b that permits subnet 21.1.1.0/24. Switch A uses this list to filter FEC-label mappings received from Switch B. [SwitchA] ip prefix-list prefix-from-b index 10 permit 21.1.1.0 24 # On Switch A, create an IP prefix list prefix-from-d that denies subnet 21.1.1.0/24.

  • Page 53: Label Advertisement Control Configuration Example

    100 bytes from 20.1.1.2: Sequence=3 time=8 ms 100 bytes from 20.1.1.2: Sequence=4 time=2 ms 100 bytes from 20.1.1.2: Sequence=5 time=1 ms --- FEC: 21.1.1.0/24 ping statistics --- 5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max = 1/2/8 ms # Test the connectivity of the LDP LSP from Switch C to Switch A.

  • Page 54

    Requirements analysis To ensure that the LSRs establish LSPs automatically, enable LDP on each LSR. • • To establish LDP LSPs, configure a routing protocol to ensure IP connectivity between the LSRs. This example uses OSPF. To ensure that LDP establishes LSPs only for the routes 1 1.1.1.0/24 and 21.1.1.0/24, configure LSP •...

  • Page 55

    [SwitchC] mpls lsr-id 3.3.3.9 [SwitchC] mpls ldp [SwitchC-ldp] quit [SwitchC] interface vlan-interface 3 [SwitchC-Vlan-interface3] mpls enable [SwitchC-Vlan-interface3] mpls ldp enable [SwitchC-Vlan-interface3] quit [SwitchC] interface vlan-interface 7 [SwitchC-Vlan-interface7] mpls enable [SwitchC-Vlan-interface7] mpls ldp enable [SwitchC-Vlan-interface7] quit # Configure Switch D. <SwitchD> system-view [SwitchD] mpls lsr-id 4.4.4.9 [SwitchD] mpls ldp [SwitchD-ldp] quit...

  • Page 56

    # On Switch D, create IP prefix list switchd, and configure LDP to use only the routes permitted by the prefix list to establish LSPs. [SwitchD] ip prefix-list switchd index 10 permit 11.1.1.0 24 [SwitchD] ip prefix-list switchd index 20 permit 21.1.1.0 24 [SwitchD] mpls ldp [SwitchD-ldp] lsp-trigger prefix-list switchd [SwitchD-ldp] quit...

  • Page 57

    # On Switch D, configure a label advertisement policy, so Switch D does not advertise label mappings for FEC 21.1.1.0/24 to Switch A, and does not advertise label mappings for FEC 11.1.1.0/24 to Switch C. [SwitchD] mpls ldp [SwitchD-ldp] advertise-label prefix-list prefix-to-a peer peer-a [SwitchD-ldp] advertise-label prefix-list prefix-to-c peer peer-c [SwitchD-ldp] quit Verifying the configuration...

  • Page 58: Ldp Frr Configuration Example

    -/1277(L) 21.1.1.0/24 1150/- The output shows that Switch A and Switch C have received FEC-label mappings only from Switch B. Switch B has received FEC-label mappings from both Switch A and Switch C. Switch D does not receive FEC-label mappings from Switch A or Switch C. LDP has established an LSP only over the link Switch A—Switch B—Switch C.

  • Page 59

    Figure 20 Network diagram Requirements analysis • To ensure that the LSRs establish LSPs automatically, enable LDP on each LSR. To establish LDP LSPs, configure a routing protocol to ensure IP connectivity between the LSRs. This • example uses OSPF. To ensure that LDP establishes LSPs only for the routes 1 1.1.1.0/24 and 21.1.1.0/24, configure LSP •...

  • Page 60

    [SwitchS] ip prefix-list abc index 10 permit 21.1.1.0 24 [SwitchS] route-policy frr permit node 10 [SwitchS-route-policy] if-match ip address prefix-list abc [SwitchS-route-policy] apply fast-reroute backup-interface vlan-interface 12 backup-nexthop 12.12.12.2 [SwitchS-route-policy] quit [SwitchS] ospf 1 [SwitchS-ospf-1] fast-reroute route-policy frr [SwitchS-ospf-1] quit # Configure Switch D.

  • Page 61

    [SwitchA] mpls ldp [SwitchA-mpls-ldp] quit [SwitchA] interface vlan-interface 12 [SwitchA-Vlan-interface12] mpls enable [SwitchA-Vlan-interface12] mpls ldp enable [SwitchA-Vlan-interface12] quit [SwitchA] interface vlan-interface 24 [SwitchA-Vlan-interface24] mpls enable [SwitchA-Vlan-interface24] mpls ldp enable [SwitchA-Vlan-interface24] quit Configure LSP generation policies so LDP using all static routes and IGP routes to establish LSPs: # Configure Switch S.

  • Page 62: Configuring Mpls Te

    Configuring MPLS TE Overview TE and MPLS TE Network congestion can degrade the network backbone performance. It might occur when network resources are inadequate or when load distribution is unbalanced. Traffic engineering (TE) is intended to avoid the latter situation where partial congestion might occur because of improper resource allocation. TE can make the best use of network resources and avoid uneven load distribution by the following: Real-time monitoring of traffic and traffic load on network elements.

  • Page 63

    MPLS TE uses the CSPF algorithm to calculate the shortest path to the tunnel destination. The path must meet constraints such as bandwidth and explicit routing. A label distribution protocol (such as RSVP-TE) advertises labels to establish CRLSPs and reserve bandwidth resources on each node along the calculated path.

  • Page 64: Traffic Forwarding

    higher than the holding priority of the existing tunnel. Both setup and holding priorities are in the range of 0 to 7. A smaller value indicates a higher priority. To avoid flapping caused by improper preemptions, the setup priority of a tunnel must not be higher than its holding priority, namely, the setup priority value must be equal to or greater than the holding priority value.

  • Page 65: Make-before-break

    Forwarding adjacency—Considers the MPLS TE tunnel as a link that directly connects the tunnel • ingress node and the egress node and advertises the link to the network through an IGP, so every node in the network uses the MPLS TE tunnel during IGP route calculation. Figure 21 IGP shortcut and forwarding adjacency diagram As shown in Figure...

  • Page 66: Route Pinning

    Figure 22 Diagram for make-before-break As shown in Figure 22, a CRLSP with 30 M reserved bandwidth has been set up from Router A to Router D through the path Router A—Router B—Router C—Router D. To increase the reserved bandwidth to 40 M, a new CRLSP must be set up through the path Router A— —Router E—Router C—Router D.

  • Page 67: Crlsp Backup

    computes the average output rate within the sampling interval. When the auto bandwidth adjustment frequency timer expires, MPLS TE resizes the tunnel bandwidth to the maximum average output rate sampled during the adjustment time to set up a new CRLSP. If the new CRLSP is set up successfully, MPLS TE switches traffic to the new CRLSP and clears the old CRLSP.

  • Page 68: Diffserv-aware Te

    DS-TE defines different bandwidth constraints for class types. It maps each traffic class type to the CRLSP that is constraint-compliant for the class type. The device supports these DS-TE modes: Prestandard mode—HP proprietary DS-TE. • • IETF mode—Complies with RFC 4124, RFC 4125, and RFC 4127.

  • Page 69

    between BCs and CTs. DS-TE supports two BC models, Russian Dolls Model (RDM) and Maximum Allocation Model (MAM). TE class—Defines a CT and a priority. The setup priority or holding priority of an MPLS TE tunnel for • a CT must be the same as the priority of the TE class. The prestandard and IETF modes of DS-TE have the following differences: The prestandard mode supports two CTs (CT 0 and CT 1), eight priorities, and up to 16 TE classes.

  • Page 70: Bidirectional Mpls Te Tunnel

    MAM is suitable for networks where traffic of each CT is stable and no traffic bursts occur. Figure 26 shows an example: BC 0 is for CT 0. The bandwidth occupied by the traffic of CT 0 cannot exceed BC 0. •...

  • Page 71

    Protocols and standards RFC 2702, Requirements for Traffic Engineering Over MPLS • • RFC 3564, Requirements for Support of Differentiated Service-aware MPLS Traffic Engineering RFC 4124, Protocol Extensions for Support of Diffserv-aware MPLS Traffic Engineering • RFC 4125, Maximum Allocation Bandwidth Constraints Model for Diffserv-aware MPLS Traffic •...

  • Page 72: Enabling Mpls Te

    Tasks at a glance (Required.) Enabling MPLS TE (Required.) Configuring a tunnel interface (Optional.) Configuring DS-TE (Required.) Perform at least one of the following tasks to configure an MPLS TE tunnel: • Configuring an MPLS TE tunnel to use a static CRLSP •...

  • Page 73: Configuring A Tunnel Interface

    Configuring a tunnel interface To configure an MPLS TE tunnel, you must create an MPLS TE tunnel interface and enter tunnel interface view. All MPLS TE tunnel attributes are configured in tunnel interface view. For more information about tunnel interfaces, see Layer 3—IP Services Configuration Guide. Perform this task on the ingress node of the MPLS TE tunnel.

  • Page 74: Configuring An Mpls Te Tunnel To Use A Static Crlsp

    TE Class Priority Configuring an MPLS TE tunnel to use a static CRLSP To configure an MPLS TE tunnel to use a static CRLSP, perform the following tasks: Establish the static CRLSP. • • Specify the MPLS TE tunnel establishment mode as static. Configure the MPLS TE tunnel to reference the static CRLSP.

  • Page 75: Configuration Task List

    Configuration task list To establish an MPLS TE tunnel by using a dynamic CRLSP: Tasks at a glance (Required.) Configuring MPLS TE attributes for a link (Required.) Advertising link TE attributes by using IGP TE extension (Required.) Configuring MPLS TE tunnel constraints (Required.) Establishing an MPLS TE tunnel by using RSVP-TE (Optional.)

  • Page 76: Advertising Link Te Attributes By Using Igp Te Extension

    Step Command Remarks Configure the link By default, the link attribute mpls te link-attribute attribute-value attribute. value is 0x00000000. Advertising link TE attributes by using IGP TE extension Both OSPF and IS-IS are extended to advertise link TE attributes. The extensions are called OSPF TE and IS-IS TE.

  • Page 77: Configuring Mpls Te Tunnel Constraints

    Step Command Remarks Enter system view. system-view Create an IS-IS process and isis [ process-id ] By default, no IS-IS process exists. enter IS-IS view. By default, only narrow metric style packets can be received and sent. cost-style { wide | Specify a metric style.

  • Page 78

    Configuring a setup priority and a holding priority for an MPLS TE tunnel Step Command Remarks Enter system view. system-view Enter MPLS TE tunnel interface interface tunnel tunnel-number view. [ mode mpls-te ] Configure a setup priority and By default, the setup priority and mpls te priority setup-priority a holding priority for the MPLS the holding priority are both 7 for...

  • Page 79: Establishing An Mpls Te Tunnel By Using Rsvp-te

    Establishing an MPLS TE tunnel by using RSVP-TE Before you configure this task, you must use the rsvp command and the rsvp enable command to enable RSVP on all nodes and interfaces that the MPLS TE tunnel traverses. Perform this task on the ingress node of the MPLS TE tunnel. To configure RSVP-TE to establish an MPLS TE tunnel: Step Command...

  • Page 80

    Step Command Remarks Return to system view. quit Enter MPLS TE tunnel interface interface tunnel tunnel-number view. [ mode mpls-te ] By default, no link metric type is specified and the one specified in Specify the metric type for MPLS TE view is used. mpls te path-metric-type { igp | te } path selection.

  • Page 81: Controlling Mpls Te Tunnel Setup

    Step Command Remarks mpls te reoptimization [ frequency By default, tunnel reoptimization is Enable tunnel reoptimization. seconds ] disabled. Return to user view. return (Optional.) Immediately reoptimize all MPLS TE tunnels mpls te reoptimization that are enabled with the tunnel reoptimization function. Configuring TE flooding thresholds and interval When the bandwidth of an MPLS TE link changes, IGP floods the new bandwidth information, so the ingress node can use CSPF to recalculate the path.

  • Page 82

    Enabling route and label recording Perform this task to record the nodes that an MPLS TE tunnel traverses and the label assigned by each node. The recorded information helps you know about the path used by the MPLS TE tunnel and the label distribution information, and when the tunnel fails, it helps you locate the fault.

  • Page 83

    SE. Configure the resources In current MPLS TE applications, reservation style for the mpls te resv-style { ff | se } tunnels are established usually by tunnel. using the make-before-break mechanism. Therefore, HP recommends that you use the SE style.

  • Page 84: Configuring Traffic Forwarding

    The destination address of the MPLS TE tunnel can be the LSR ID of the egress node or the primary • IP address of an interface on the egress node. HP recommends configuring the destination address of the MPLS TE tunnel as the LSR ID of the egress node.

  • Page 85: Configuring A Bidirectional Mpls Te Tunnel

    Step Command Remarks By default, IGP shortcut is disabled. If no IGP is specified, both Enable IGP shortcut. mpls te igp shortcut [ isis | ospf ] OSPF and IS-IS will include the MPLS TE tunnel in route calculation. By default, the metric of an Assign a metric to the mpls te igp metric { absolute value | MPLS TE tunnel equals its IGP...

  • Page 86: Configuring Crlsp Backup

    Step Command Remarks Enter MPLS TE tunnel interface interface tunnel tunnel-number view. [ mode mpls-te ] Configure a co-routed By default, no bidirectional tunnel bidirectional MPLS TE tunnel mpls te bidirectional co-routed is configured, and tunnels and specify the local end as active established on the tunnel interface the active end of the tunnel.

  • Page 87: Configuring Mpls Te Frr

    Step Command Remarks Specify a path for the primary mpls te path preference value By default, MPLS TE uses the CRLSP and set the preference { dynamic | explicit-path dynamically calculated path to set of the path. path-name } [ no-cspf ] up the primary CRLSP.

  • Page 88

    node protection mode. Automatically created bypass tunnels can be used to protect any type of CT, but they cannot provide bandwidth protection. A primary tunnel can have both manually configured and automatically created bypass tunnels. The PLR will select one bypass tunnel to protect the primary CRLSP. The selected bypass tunnel is bound to the primary CRLSP.

  • Page 89

    Bandwidth Primary CRLSP required by requires Bypass tunnel providing Bypass tunnel providing no primary bandwidth bandwidth protection bandwidth protection CRLSP protection or not The primary CRLSP can be bound to the bypass tunnel when all the following conditions are met: The primary CRLSP can be bound to •...

  • Page 90

    FRR protection type (whether or not to provide bandwidth protection for the primary CRLSP) changes. Manually configuring a bypass tunnel The bypass tunnel setup method is the same as a normal MPLS TE tunnel. This section describes only FRR-related configurations. To configure a bypass tunnel on the PLR: Step Command...

  • Page 91: Configuring Node Fault Detection

    Step Command Remarks (Optional.) Configure a By default, a bypass tunnel is removal timer for unused timers removal unused seconds removed after it is unused for 3600 bypass tunnels. seconds. (Optional.) Return to system quit view. (Optional.) Enter interface interface interface-type view.

  • Page 92: Displaying And Maintaining Mpls Te

    optimal bypass tunnel because, for example, the reservable bandwidth changes. Therefore, MPLS TE needs to poll the bypass tunnels periodically to update the optimal bypass tunnel. Perform this task on the PLR to configure the interval for selecting an optimal bypass tunnel: Step Command Remarks...

  • Page 93: Mpls Te Configuration Examples

    MPLS TE configuration examples Establishing an MPLS TE tunnel over a static CRLSP Network requirements Switch A, Switch B, and Switch C run IS-IS. Establish an MPLS TE tunnel over a static CRLSP from Switch A to Switch C. The MPLS TE tunnel requires a bandwidth of 2000 kbps. The maximum bandwidth of the link that the tunnel traverses is 10000 kbps.

  • Page 94

    [SwitchB-Vlan-interface1] isis enable 1 [SwitchB-Vlan-interface1] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] isis enable 1 [SwitchB-Vlan-interface2] quit [SwitchB] interface loopback 0 [SwitchB-LoopBack0] isis enable 1 [SwitchB-LoopBack0] quit # Configure Switch C. <SwitchC> system-view [SwitchC] isis 1 [SwitchC-isis-1] network-entity 00.0005.0000.0000.0003.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] isis enable 1 [SwitchC-Vlan-interface2] quit...

  • Page 95

    [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] mpls enable [SwitchC-Vlan-interface2] mpls te enable [SwitchC-Vlan-interface2] quit Configure MPLS TE attributes of links: # Configure the maximum link bandwidth and maximum reservable bandwidth on Switch A. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] mpls te max-link-bandwidth 10000 [SwitchA-Vlan-interface1] mpls te max-reservable-bandwidth 5000 [SwitchA-Vlan-interface1] quit # Configure the maximum link bandwidth and maximum reservable bandwidth on Switch B.

  • Page 96

    # Configure Switch C as the egress node of the static CRLSP, and specify the incoming label as 30. [SwitchC] static-cr-lsp egress static-cr-lsp-1 in-label 30 Configure a static route on Switch A to direct traffic destined for subnet 3.2.1.0/24 to MPLS TE tunnel 0.

  • Page 97: Establishing An Mpls Te Tunnel With Rsvp-te

    Metric Type : TE Record Route Record Label FRR Flag Bandwidth Protection : - Backup Bandwidth Flag: - Backup Bandwidth Type: - Backup Bandwidth Bypass Tunnel Auto Created Route Pinning Retry Limit Retry Interval : 2 sec Reoptimization Reoptimization Freq Backup Type Backup LSP ID Auto Bandwidth...

  • Page 98

    Figure 28 Network diagram Table 3 Interface and IP address assignment Device Interface IP address Device Interface IP address Switch A Loop0 1.1.1.9/32 Switch D Loop0 4.4.4.9/32 Vlan-int1 10.1.1.1/24 Vlan-int3 30.1.1.2/24 Switch B Loop0 2.2.2.9/32 Switch C Loop0 3.3.3.9/32 Vlan-int1 10.1.1.2/24 Vlan-int3 30.1.1.1/24...

  • Page 99

    [SwitchB-Vlan-interface1] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] isis enable 1 [SwitchB-Vlan-interface2] isis circuit-level level-2 [SwitchB-Vlan-interface2] quit [SwitchB] interface loopback 0 [SwitchB-LoopBack0] isis enable 1 [SwitchB-LoopBack0] isis circuit-level level-2 [SwitchB-LoopBack0] quit # Configure Switch C. <SwitchC> system-view [SwitchC] isis 1 [SwitchC-isis-1] network-entity 00.0005.0000.0000.0003.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 3 [SwitchC-Vlan-interface3] isis enable 1...

  • Page 100

    [SwitchA] rsvp [SwitchA-rsvp] quit [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] mpls enable [SwitchA-Vlan-interface1] mpls te enable [SwitchA-Vlan-interface1] rsvp enable [SwitchA-Vlan-interface1] quit # Configure Switch B. [SwitchB] mpls lsr-id 2.2.2.9 [SwitchB] mpls te [SwitchB-te] quit [SwitchB] rsvp [SwitchB-rsvp] quit [SwitchB] interface vlan-interface 1 [SwitchB-Vlan-interface1] mpls enable [SwitchB-Vlan-interface1] mpls te enable [SwitchB-Vlan-interface1] rsvp enable...

  • Page 101

    [SwitchD-Vlan-interface3] rsvp enable [SwitchD-Vlan-interface3] quit Configure IS-IS TE: # Configure Switch A. [SwitchA] isis 1 [SwitchA-isis-1] cost-style wide [SwitchA-isis-1] mpls te enable level-2 [SwitchA-isis-1] quit # Configure Switch B. [SwitchB] isis 1 [SwitchB-isis-1] cost-style wide [SwitchB-isis-1] mpls te enable level-2 [SwitchB-isis-1] quit # Configure Switch C.

  • Page 102

    [SwitchC-Vlan-interface2] quit # Configure the maximum link bandwidth and maximum reservable bandwidth on Switch D. [SwitchD] interface vlan-interface 3 [SwitchD-Vlan-interface3] mpls te max-link-bandwidth 10000 [SwitchD-Vlan-interface3] mpls te max-reservable-bandwidth 5000 [SwitchD-Vlan-interface3] quit Configure an MPLS TE tunnel on Switch A: # Configure MPLS TE tunnel interface Tunnel 1. [SwitchA] interface tunnel 1 mode mpls-te [SwitchA-Tunnel1] ip address 7.1.1.1 255.255.255.0 # Specify the tunnel destination address as the LSR ID of Switch D.

  • Page 103: Establishing An Inter-as Mpls Te Tunnel With Rsvp-te

    Ingress LSR ID : 1.1.1.9 Egress LSR ID : 4.4.4.9 Signaling : RSVP-TE Static CRLSP Name Resv Style : SE Tunnel mode Reverse-LSP name Reverse-LSP LSR ID Reverse-LSP Tunnel ID: - Class Type : CT0 Tunnel Bandwidth : 2000 kbps Reserved Bandwidth : 2000 kbps Setup Priority...

  • Page 104

    Figure 29 Network diagram Table 4 Interface and IP address assignment Device Interface IP address Device Interface IP address Switch A Loop0 1.1.1.9/32 Switch D Loop0 4.4.4.9/32 Vlan-int1 10.1.1.1/24 Vlan-int3 30.1.1.2/24 Switch B Loop0 2.2.2.9/32 Switch C Loop0 3.3.3.9/32 Vlan-int1 10.1.1.2/24 Vlan-int3 30.1.1.1/24...

  • Page 105

    # Configure Switch C. <SwitchC> system-view [SwitchC] ospf [SwitchC-ospf-1] import-route direct [SwitchC-ospf-1] import-route bgp [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit # Configure Switch D. <SwitchD> system-view [SwitchD] ospf [SwitchD-ospf-1] area 0 [SwitchD-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [SwitchD-ospf-1-area-0.0.0.0] quit...

  • Page 106

    [SwitchC-bgp-ipv4] peer 20.1.1.1 enable [SwitchC-bgp-ipv4] import-route ospf [SwitchC-bgp-ipv4] import-route direct [SwitchC-bgp-ipv4] quit [SwitchC-bgp] quit # Execute the display ip routing-table command on each switch to verify that the switches have learned AS-external routes. Take Switch A as an example: [SwitchA] display ip routing-table Destinations : 10 Routes : 10 Destination/Mask...

  • Page 107

    [SwitchB-Vlan-interface2] mpls te enable [SwitchB-Vlan-interface2] rsvp enable [SwitchB-Vlan-interface2] quit # Configure Switch C. [SwitchC] mpls lsr-id 3.3.3.9 [SwitchC] mpls te [SwitchC-te] quit [SwitchC] rsvp [SwitchC-rsvp] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] mpls enable [SwitchC-Vlan-interface2] mpls te enable [SwitchC-Vlan-interface2] rsvp enable [SwitchC-Vlan-interface2] quit [SwitchC] interface vlan-interface 3 [SwitchC-Vlan-interface3] mpls enable...

  • Page 108

    [SwitchC-ospf-1] opaque-capability enable [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] mpls te enable [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit # Configure Switch D. [SwitchD] ospf [SwitchD-ospf-1] opaque-capability enable [SwitchD-ospf-1] area 0 [SwitchD-ospf-1-area-0.0.0.0] mpls te enable [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit Configure an explicit route on Switch A. Specify Switch B and Switch D as loose nodes, and Switch C as a strict node.

  • Page 109

    [SwitchD-Vlan-interface3] quit Configure an MPLS TE tunnel on Switch A: # Configure the MPLS TE tunnel interface Tunnel 1. [SwitchA] interface tunnel 1 mode mpls [SwitchA-Tunnel1] ip address 7.1.1.1 255.255.255.0 # Specify the tunnel destination address as the LSR ID of Switch D. [SwitchA-Tunnel1] destination 4.4.4.9 # Configure MPLS TE to use RSVP-TE to establish the tunnel.

  • Page 110

    Resv Style : SE Tunnel mode Reverse-LSP name Reverse-LSP LSR ID Reverse-LSP Tunnel ID: - Class Type : CT0 Tunnel Bandwidth : 2000 kbps Reserved Bandwidth : 2000 kbps Setup Priority Holding Priority Affinity Attr/Mask : 0/0 Explicit Path : atod Backup Explicit Path : - Metric Type : TE...

  • Page 111: Bidirectional Mpls Te Tunnel Configuration Example

    Bidirectional MPLS TE tunnel configuration example Network requirements Switch A, Switch B, Switch C, and Switch D all run IS-IS and they are all level-2 switches. Use RSVP-TE to establish a bidirectional MPLS TE tunnel between Switch A and Switch D. Figure 30 Network diagram Table 5 Interface and IP address assignment Device...

  • Page 112

    [SwitchA-Vlan-interface1] rsvp enable [SwitchA-Vlan-interface1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] mpls lsr-id 2.2.2.9 [SwitchB] mpls te [SwitchB-te] quit [SwitchB] rsvp [SwitchB-rsvp] quit [SwitchB] interface vlan-interface 1 [SwitchB-Vlan-interface1] mpls enable [SwitchB-Vlan-interface1] mpls te enable [SwitchB-Vlan-interface1] rsvp enable [SwitchB-Vlan-interface1] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] mpls enable [SwitchB-Vlan-interface2] mpls te enable...

  • Page 113

    [SwitchD-Vlan-interface3] quit Configure IS-IS TE: # Configure Switch A. [SwitchA] isis 1 [SwitchA-isis-1] cost-style wide [SwitchA-isis-1] mpls te enable level-2 [SwitchA-isis-1] quit # Configure Switch B. [SwitchB] isis 1 [SwitchB-isis-1] cost-style wide [SwitchB-isis-1] mpls te enable level-2 [SwitchB-isis-1] quit # Configure Switch C. [SwitchC] isis 1 [SwitchC-isis-1] cost-style wide [SwitchC-isis-1] mpls te enable level-2...

  • Page 114

    Description: Tunnel1 Interface The Maximum Transmit Unit is 64000 Internet Address is 7.1.1.1/24 Primary Tunnel source unknown, destination 4.4.4.9 Tunnel bandwidth 64 (kbps) Tunnel protocol/transport CR_LSP Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 drops 0 packets output, 0 bytes, 0 drops...

  • Page 115

    Destination : 4.4.4.9 : 1.1.1.9/1/30478 Protocol : RSVP LSR Type : Ingress Service NHLFE ID : 1027 State : Active Out-Label : 1149 Nexthop : 10.1.1.2 Out-Interface: Vlan1 Destination : 4.4.4.9 : 1.1.1.9/1/30478 Protocol : RSVP LSR Type : Egress Service In-Label : 1151...

  • Page 116

    # Execute the display mpls te tunnel-interface command on Switch D to display detailed information about the MPLS TE tunnel. [SwitchD] display mpls te tunnel-interface [SwitchD] display mpls te tunnel-interface Tunnel Name : Tunnel 4 Tunnel State : Up (Main CRLSP up, Reverse CRLSP up) Tunnel Attributes LSP ID Tunnel ID...

  • Page 117: Crlsp Backup Configuration Example

    : 1.1.1.9/1/30478 Protocol : RSVP LSR Type : Ingress Service NHLFE ID : 1025 State : Active Out-Label : 1150 Nexthop : 30.1.1.1 Out-Interface: Vlan1 Destination : 30.1.1.1 : 30.1.1.1 Protocol : Local LSR Type : Ingress Service NHLFE ID : 1024 State : Active...

  • Page 118

    Table 6 Interface and IP address assignment Device Interface IP address Device Interface IP address Switch A Loop0 1.1.1.9/32 Switch D Loop0 4.4.4.9/32 Vlan-int1 10.1.1.1/24 Vlan-int4 30.1.1.2/24 Vlan-int4 30.1.1.1/24 Vlan-int3 40.1.1.1/24 Switch B Loop0 2.2.2.9/32 Switch C Loop0 3.3.3.9/32 Vlan-int1 10.1.1.2/24 Vlan-int2 20.1.1.2/24...

  • Page 119

    [SwitchA-Tunnel3] quit Configure a static route on Switch A to direct the traffic destined for subnet 20.1.1.0/24 to MPLS TE tunnel 3. [SwitchA] ip route-static 20.1.1.2 24 tunnel 3 preference 1 Verifying the configuration # Execute the display interface tunnel command on Switch A. The output shows that the tunnel interface Tunnel 3 is up.

  • Page 120

    10.1.1.1/32 Flag: 0x00 (No FRR) 10.1.1.2/32 Flag: 0x00 (No FRR) 2.2.2.9/32 Flag: 0x20 (No FRR/Node-ID) 20.1.1.1/32 Flag: 0x00 (No FRR) 20.1.1.2/32 Flag: 0x00 (No FRR) 3.3.3.9/32 Flag: 0x20 (No FRR/Node-ID) Fast Reroute protection: None Tunnel name: Tunnel3 Destination: 3.3.3.9 Source: 1.1.1.9 Tunnel ID: 3 LSP ID: 30107 LSR type: Ingress...

  • Page 121: Manual Bypass Tunnel For Frr Configuration Example

    # Execute the display ip routing-table command on Switch A. The output shows a static route entry with interface Tunnel 3 as the output interface. (Details not shown.) Manual bypass tunnel for FRR configuration example Network requirements On the primary CRLSP Switch A—Switch B—Switch C—Switch D, use FRR to protect the link Switch B—Switch C.

  • Page 122

    Configure an LSR ID, and enable MPLS, MPLS TE, and RSVP-TE on each switch. Enable BFD for RSVP-TE on Switch B and Switch C: # Configure Switch A. <SwitchA> system-view [SwitchA] mpls lsr-id 1.1.1.1 [SwitchA] mpls te [SwitchA-te] quit [SwitchA] rsvp [SwitchA-rsvp] quit [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] mpls enable...

  • Page 123

    # Create MPLS TE tunnel interface Tunnel4 for the primary CRLSP. [SwitchA] interface tunnel 4 mode mpls-te [SwitchA-Tunnel4] ip address 10.1.1.1 255.255.255.0 # Specify the tunnel destination address as the LSR ID of Switch D. [SwitchA-Tunnel4] destination 4.4.4.4 # Specify the tunnel signaling protocol as RSVP-TE. [SwitchA-Tunnel4] mpls te signaling rsvp-te # Specify the explicit path to be used as pri-path.

  • Page 124

    Affinity Attr/Mask : 0/0 Explicit Path : pri-path Backup Explicit Path : - Metric Type : TE Record Route : Enabled Record Label : Enabled FRR Flag : Enabled Bandwidth Protection : Disabled Backup Bandwidth Flag: Disabled Backup Bandwidth Type: - Backup Bandwidth Bypass Tunnel : No...

  • Page 125

    Verifying the configuration # Execute the display mpls lsp command on each switch. The output shows the LSP entries. Switch B and Switch C each have two CRLSPs. The bypass tunnel backs up the primary CRLSP. [SwitchA] display mpls lsp Proto In/Out Label Interface/Out NHLFE...

  • Page 126: Auto Frr Configuration Example

    Backup Bandwidth Flag: Disabled Backup Bandwidth Type: - Backup Bandwidth Bypass Tunnel : No Auto Created : No Route Pinning : Disabled Retry Limit : 10 Retry Interval : 2 sec Reoptimization : Disabled Reoptimization Freq Backup Type : None Backup LSP ID Auto Bandwidth : Disabled...

  • Page 127

    Figure 33 Network diagram Table 8 Interface and IP address assignment Device Interface IP address Device Interface IP address Switch A Loop0 1.1.1.1/32 Switch E Loop0 5.5.5.5/32 Vlan-int1 2.1.1.1/24 Vlan-int4 3.2.1.2/24 Switch B Loop0 2.2.2.2/32 Vlan-int5 3.4.1.1/24 Vlan-int1 2.1.1.2/24 Switch C Loop0 3.3.3.3/32 Vlan-int2...

  • Page 128

    [SwitchA] mpls te [SwitchA-te] quit [SwitchA] rsvp [SwitchA-rsvp] quit [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] mpls enable [SwitchA-Vlan-interface1] mpls te enable [SwitchA-Vlan-interface1] rsvp enable [SwitchA-Vlan-interface1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] mpls lsr-id 2.2.2.2 [SwitchB] mpls te [SwitchB-te] quit [SwitchB] rsvp [SwitchB-rsvp] quit [SwitchB] interface vlan-interface 1...

  • Page 129

    # Configure an MPLS TE tunnel. [SwitchA] interface tunnel 1 mode mpls-te [SwitchA-Tunnel1] ip address 10.1.1.1 255.255.255.0 # Specify the tunnel destination address as the LSR ID of Switch D. [SwitchA-Tunnel1] destination 4.4.4.4 # Specify the tunnel signaling protocol as RSVP-TE. [SwitchA-Tunnel1] mpls te signaling rsvp-te # Specify the explicit path as pri-path.

  • Page 130

    Explicit Path : exp1 Backup Explicit Path : - Metric Type : TE Record Route : Enabled Record Label : Enabled FRR Flag : Enabled Bandwidth Protection : Disabled Backup Bandwidth Flag: Disabled Backup Bandwidth Type: - Backup Bandwidth Bypass Tunnel : No Auto Created : No...

  • Page 131

    Reverse-LSP LSR ID Reverse-LSP Tunnel ID: - Class Type : CT0 Tunnel Bandwidth : 0 kbps Reserved Bandwidth : 0 kbps Setup Priority Holding Priority Affinity Attr/Mask : 0/0 Explicit Path Backup Explicit Path : - Metric Type : TE Record Route : Enabled Record Label...

  • Page 132

    Auto Bandwidth : Disabled Auto Bandwidth Freq Min Bandwidth Max Bandwidth Collected Bandwidth # Execute the display mpls lsp command on Switch B. The output shows that the current bypass tunnel that protects the primary CRLSP is Tunnel 50. [SwitchB] display mpls lsp Proto In/Out Label Interface/Out NHLFE...

  • Page 133: Ietf Ds-te Configuration Example

    IETF DS-TE configuration example Network requirements Switch A, Switch B, Switch C, and Switch D run IS-IS and all of them are Level-2 switches. Use RSVP-TE to create a TE tunnel from Switch A to Switch D. Traffic of the tunnel belongs to CT 2, and the tunnel needs a bandwidth of 4000 kbps.

  • Page 134

    [SwitchA-LoopBack0] isis circuit-level level-2 [SwitchA-LoopBack0] quit # Configure Switch B. <SwitchB> system-view [SwitchB] isis 1 [SwitchB-isis-1] network-entity 00.0005.0000.0000.0002.00 [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 1 [SwitchB-Vlan-interface1] isis enable 1 [SwitchB-Vlan-interface1] isis circuit-level level-2 [SwitchB-Vlan-interface1] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] isis enable 1 [SwitchB-Vlan-interface2] isis circuit-level level-2 [SwitchB-Vlan-interface2] quit [SwitchB] interface loopback 0...

  • Page 135

    [SwitchD-LoopBack0] quit # Execute the display ip routing-table command on each switch to verify that the switches have learned the routes to one another, including the routes to the loopback interfaces. Take Switch A as an example: [SwitchA] display ip routing-table Destinations : 10 Routes : 10 Destination/Mask...

  • Page 136

    # Configure Switch C. [SwitchC] mpls lsr-id 3.3.3.9 [SwitchC] mpls te [SwitchC-te] ds-te mode ietf [SwitchC-te] quit [SwitchC] rsvp [SwitchC-rsvp] quit [SwitchC] interface vlan-interface 3 [SwitchC-Vlan-interface3] mpls enable [SwitchC-Vlan-interface3] mpls te enable [SwitchC-Vlan-interface3] rsvp enable [SwitchC-Vlan-interface3] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] mpls enable [SwitchC-Vlan-interface2] mpls te enable [SwitchC-Vlan-interface2] rsvp enable...

  • Page 137

    [SwitchD-isis-1] cost-style wide [SwitchD-isis-1] mpls te enable level-2 [SwitchD-isis-1] quit Configure MPLS TE attributes of links: # Configure the maximum bandwidth, maximum reservable bandwidth, and bandwidth constraints on Switch A. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] mpls te max-link-bandwidth 10000 [SwitchA-Vlan-interface1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [SwitchA-Vlan-interface1] quit # Configure the maximum bandwidth, maximum reservable bandwidth, and bandwidth...

  • Page 138

    # Configure MPLS TE to use RSVP-TE to establish the tunnel. [SwitchA-Tunnel1] mpls te signaling rsvp-te # Assign 4000 kbps bandwidth to CT 2 for the tunnel. [SwitchA-Tunnel1] mpls te bandwidth ct2 4000 # Set the tunnel setup priority and holding priority both to 0. [SwitchA-Tunnel1] mpls te priority 0 [SwitchA-Tunnel1] quit Configure a static route on Switch A to direct the traffic destined for subnet 30.1.1.0/24 to MPLS...

  • Page 139

    Backup Explicit Path : - Metric Type : TE Record Route : Disabled Record Label : Disabled FRR Flag : Disabled Bandwidth Protection : Disabled Backup Bandwidth Flag: Disabled Backup Bandwidth Type: - Backup Bandwidth Bypass Tunnel : No Auto Created : No Route Pinning : Disabled...

  • Page 140: Troubleshooting Mpls Te

    Use the debugging ospf mpls-te command to verify that OSPF can receive the TE LINK establishment message. Use the display ospf peer command to verify that OSPF neighbors are established correctly. If the problem persists, contact HP Support.

  • Page 141: Configuring A Static Crlsp

    Configuring a static CRLSP Overview A static Constraint-based Routed Label Switched Path (CRLSP) is established by manually specifying CRLSP setup information on the ingress, transit, and egress nodes of the forwarding path. The CRLSP setup information includes the incoming label, outgoing label, and required bandwidth. If the device does not have enough bandwidth resources required by a CRLSP, the CRLSP cannot be established.

  • Page 142: Displaying Static Crlsps

    To configure a static CRLSP: Step Command Remarks Enter system view. system-view • Configure the ingress node: Use one command according to static-cr-lsp ingress lsp-name { nexthop the position of a device on the next-hop-addr | outgoing-interface network. interface-type interface-number } By default, no static CRLSP out-label out-label-value [ bandwidth exists.

  • Page 143: Configuration Procedure

    Figure 35 Network diagram Loop0 2.2.2.2/32 Vlan-int2 Vlan-int1 3.2.1.1/24 2.1.1.2/24 Switch B Vlan-int1 Vlan-int2 2.1.1.1/24 3.2.1.2/24 Switch A Switch C Loop0 Loop0 3.3.3.3/32 1.1.1.1/32 Configuration procedure Configure IP addresses and masks for interfaces. (Details not shown.) Configure IS-IS to advertise interface addresses, including the loopback interface address: # Configure Switch A.

  • Page 144

    [SwitchC] isis 1 [SwitchC-isis-1] network-entity 00.0005.0000.0000.0003.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] isis enable 1 [SwitchC-Vlan-interface2] quit [SwitchC] interface loopback 0 [SwitchC-LoopBack0] isis enable 1 [SwitchC-LoopBack0] quit # Execute the display ip routing-table command on each switch to verify that the switches have learned the routes to one another, including the routes to the loopback interfaces.

  • Page 145

    # Configure MPLS TE to use a static CRLSP to establish the tunnel. [SwitchA-Tunnel0] mpls te signaling static [SwitchA-Tunnel0] quit Create a static CRLSP: # Configure Switch A as the ingress node of the static CRLSP, specify the next hop address as 2.1.1.2 and outgoing label as 20.

  • Page 146

    LSP ID Tunnel ID Admin State : Normal Ingress LSR ID : 1.1.1.1 Egress LSR ID : 3.3.3.3 Signaling : Static Static CRLSP Name : static-cr-lsp-1 Resv Style Tunnel mode Reverse-LSP name Reverse-LSP LSR ID Reverse-LSP Tunnel ID: - Class Type Tunnel Bandwidth Reserved Bandwidth Setup Priority...

  • Page 147

    # Execute the display ip routing-table command on Switch A. The output shows a static route entry with interface Tunnel 0 as the output interface. [SwitchA] display ip routing-table Destinations : 12 Routes : 12 Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/32 Direct...

  • Page 148: Configuring Rsvp

    Configuring RSVP Overview The Resource Reservation Protocol (RSVP) is a signaling protocol that reserves resources on a network. Extended RSVP supports MPLS label distribution and allows resource reservation information to be transmitted with label bindings. This extended RSVP is called RSVP-TE. RSVP-TE is a label distribution protocol for MPLS TE.

  • Page 149: Crlsp Setup Procedure

    New objects added to the Resv message include: • LABEL—Advertises the label allocated by the downstream node to the upstream node. RECORD_ROUTE—Records the path that the CRLSP actually traverses and the label allocated by • each node on the path. CRLSP setup procedure Figure 36 Setting up a CRLSP Ingress...

  • Page 150: Rsvp Authentication

    Path and Resv states to be refreshed. The Srefresh function reduces the number of refresh messages on the network and speeds up refresh message processing. Reliable RSVP message delivery An RSVP sender cannot know or retransmit lost RSVP messages. The reliable RSVP message delivery mechanism is designed to ensure reliable transmission.

  • Page 151

    device and all its neighbors have the RSVP GR capability and have exchanged GR parameters, each of them can function as the GR helper of another device. A GR helper considers that a GR restarter is rebooting when it does not receive hellos or receives erroneous hellos from the restarter in three consecutive hello intervals.

  • Page 152: Configuring Rsvp Refresh

    Step Command Remarks By default, RSVP is disabled on Enable RSVP for the interface. rsvp enable an interface. Configuring RSVP refresh Step Command Remarks Enter system view. system-view Enter RSVP view. rsvp By default, the refresh interval is 30 Configure the refresh interval refresh interval interval seconds for both path and Resv for Path and Resv messages.

  • Page 153: Configuring Rsvp Hello Extension

    Step Command Remarks By default, the RSVP message retransmission interval is 500 milliseconds. Configure the retransmission rsvp reduction retransmit interval This command takes effect after interval for reliable RSVP retrans-timer-value reliable RSVP message delivery is message delivery. enabled by using the rsvp reduction srefresh reliability command.

  • Page 154

    RSVP neighbor view—Configuration applies only to RSVP security associations with the specified • RSVP neighbor. Interface view—Configuration applies only to RSVP security associations established on the current • interface. Configurations in RSVP neighbor view, interface view, and RSVP view are in descending order of priority. To configure RSVP authentication in RSVP neighbor view: Step Command...

  • Page 155: Specifying A Dscp Value For Outgoing Rsvp Packets

    Step Command Remarks Specify the maximum number of out-of-sequence RSVP By default, only one RSVP rsvp authentication window-size authentication messages that authenticated message can be number can be received on the received out of sequence. interface. To configure RSVP authentication in RSVP view: Step Command Remarks...

  • Page 156: Enabling Bfd For Rsvp

    To configure RSVP GR: Step Command Remarks Enter system view. system-view Enter RSVP view. rsvp Enable GR for RSVP. graceful-restart enable By default, RSVP GR is disabled. Return to system view. quit interface interface-type Enter interface view. interface-number By default, RSVP hello extension is Enable RSVP hello extension.

  • Page 157: Rsvp Configuration Examples

    Task Command display rsvp reservation [ destination ip-address ] [ source Display information about RSVP resource ip-address ] [ tunnel-id tunnel-id ] [ nexthop ip-address ] reservation states. [ verbose ] display rsvp sender [ destination ip-address ] [ source Display information about RSVP path states.

  • Page 158

    Configuration procedure Configure IP addresses and masks for interfaces. (Details not shown.) Configure IS-IS to advertise interface addresses, including the loopback interface address: # Configure Switch A. <SwitchA> system-view [SwitchA] isis 1 [SwitchA-isis-1] network-entity 00.0005.0000.0000.0001.00 [SwitchA-isis-1] quit [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] isis enable 1 [SwitchA-Vlan-interface1] quit [SwitchA] interface loopback 0...

  • Page 159

    [SwitchD] interface vlan-interface 3 [SwitchD-Vlan-interface3] isis enable 1 [SwitchD-Vlan-interface3] quit [SwitchD] interface loopback 0 [SwitchD-LoopBack0] isis enable 1 [SwitchD-LoopBack0] quit # Execute the display ip routing-table command on each switch to verify that the switches have learned the routes to one another, including the host to the loopback interfaces. (Details not shown.) Configure an LSR ID, and enable MPLS, MPLS TE, and RSVP: # Configure Switch A.

  • Page 160

    [SwitchC-Vlan-interface3] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] mpls enable [SwitchC-Vlan-interface2] mpls te enable [SwitchC-Vlan-interface2] rsvp enable [SwitchC-Vlan-interface2] quit # Configure Switch D. [SwitchD] mpls lsr-id 4.4.4.9 [SwitchD] mpls te [SwitchD-te] quit [SwitchD] rsvp [SwitchD-rsvp] quit [SwitchD] interface vlan-interface 3 [SwitchD-Vlan-interface3] mpls enable [SwitchD-Vlan-interface3] mpls te enable [SwitchD-Vlan-interface3] rsvp enable [SwitchD-Vlan-interface3] quit...

  • Page 161: Rsvp Gr Configuration Example

    Input: 0 packets, 0 bytes, 0 drops Output: 177 packets, 11428 bytes, 0 drops # Execute the display mpls te tunnel-interface command on Switch A. The output shows detailed information about the MPLS TE tunnel. [SwitchA] display mpls te tunnel-interface Tunnel Name : Tunnel 1 Tunnel State...

  • Page 162

    Figure 38 Network diagram Configuration procedure Configure IP addresses and masks for interfaces. (Details not shown.) Configure IS-IS to advertise interface addresses, including the loopback interface address. (Details not shown.) Configure an LSR ID, enable MPLS, MPLS TE, RSVP, and RSVP hello extension: # Configure Switch A.

  • Page 163

    <SwitchC> system-view [SwitchC] mpls lsr-id 3.3.3.9 [SwitchC] mpls te [SwitchC-te] quit [SwitchC] rsvp [SwitchC-rsvp] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] mpls enable [SwitchC-Vlan-interface2] mpls te enable [SwitchC-Vlan-interface2] rsvp enable [SwitchC-Vlan-interface2] rsvp hello enable [SwitchC-Vlan-interface2] quit Configure an MPLS TE tunnel. (Details not shown.) Configure RSVP GR: # Configure Switch A.

  • Page 164: Configuring Tunnel Policies

    LSPs is less than 3, VPN uses CRLSP tunnels. The tunnels selected by this method are not fixed, complicating traffic planning. HP recommends not using this method. If you configure both methods for a tunnel policy, the tunnel policy selects tunnels in the following steps: If the destination address of a preferred tunnel identifies a peer PE, the tunnel policy uses the preferred tunnel to forward traffic destined for the peer PE without using any other tunnels.

  • Page 165

    The second method distributes traffic of a single VPN to multiple tunnels. The transmission delays on different tunnels can greatly vary. Therefore, the destination device or the upper layer application might take a great time to sequence the packets. HP recommends not using the second method. Configuration procedure...

  • Page 166: Displaying Tunnel Information

    Displaying tunnel information Execute display commands in any view. Task Command display mpls tunnel { all | statistics | [ vpn-instance vpn-instance-name ] Display tunnel information. destination { tunnel-ipv4-dest | tunnel-ipv6-dest } } Tunnel policy configuration examples Preferred tunnel configuration example Network requirements PE 1 has multiple tunnels to reach PE 2: one MPLS TE tunnel on the interface Tunnel 1, and one LDP LSP tunnel.

  • Page 167: Tunnel Selection Order Configuration Example

    Configuration procedure Create tunnel policy preferredte1, and configure tunnel 1 as the preferred tunnel. <PE1> system-view [PE1] tunnel-policy preferredte1 [PE1-tunnel-policy-preferredte1] preferred-path tunnel 1 [PE1-tunnel-policy-preferredte1] quit Create MPLS VPN instance vpna, and apply tunnel policy preferredte1 to it. [PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] route-distinguisher 100:1 [PE1-vpn-instance-vpna] vpn-target 100:1 [PE1-vpn-instance-vpna] tnl-policy preferredte1...

  • Page 168

    Table 11 Tunnel policies used for VPN instances VPN instance Tunnel policy vpna, vpnb Use MPLS TE tunnel Tunnel1 as the preferred tunnel. vpnc, vpnd Use MPLS TE tunnel Tunnel3 as the preferred tunnel. vpne Uses one tunnel selected in LDP LSP-MPLS TE order. Configuration procedure Configure tunnel policies on PE 1: # Create tunnel policy preferredte1, and configure tunnel 1 as the preferred tunnel.

  • Page 169

    # Create MPLS VPN instance vpne and apply tunnel policy select-lsp to it. [PE1] ip vpn-instance vpne [PE1-vpn-instance-vpne] route-distinguisher 100:5 [PE1-vpn-instance-vpne] vpn-target 100:5 [PE1-vpn-instance-vpne] tnl-policy select-lsp...

  • Page 170: Configuring Mpls L3vpn

    Configuring MPLS L3VPN This chapter describes MPLS L3VPN configuration. Overview MPLS L3VPN is a L3VPN technology used to interconnect geographically dispersed VPN sites. MPLS L3VPN uses BGP to advertise VPN routes and uses MPLS to forward VPN packets over a service provider backbone.

  • Page 171: Mpls L3vpn Concepts

    MPLS L3VPN concepts Site A site has the following features: A site is a group of IP systems with IP connectivity that does not rely on any service provider network. • The classification of a site depends on the topology relationship of the devices, rather than the •...

  • Page 172: Mpls L3vpn Route Advertisement

    As shown in Figure 41, a VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, followed by a four-byte IPv4 prefix. The RD and the IPv4 prefix form a unique VPN-IPv4 prefix. An RD can be in one of the following formats: When the Type field is 0, the Administrator subfield occupies two bytes, the Assigned number •...

  • Page 173: Mpls L3vpn Packet Forwarding

    From the ingress PE to the egress PE: The ingress PE performs the following operations: Adds RD and route target attributes to these standard IPv4 routes to create VPN-IPv4 routes. Saves them to the routing table of the VPN instance created for the CE. Advertises the VPN-IPv4 routes to the egress PE through MP-BGP.

  • Page 174: Mpls L3vpn Networking Schemes

    PE 2 performs the following operations: Uses the inner label to find the matching VPN instance to which the destination address of the packet belongs. Looks up the routing table of the VPN instance for the output interface. Removes the inner label and forwards the packet out of the interface to CE 2. CE 2 transmits the packet to the destination through IP forwarding.

  • Page 175

    In a hub and spoke network as shown in Figure 44, configure route targets as follows: • On spoke PEs (PEs connected to spoke sites), set the export target to Spoke and the import target to Hub. On the hub PE (PE connected to the hub site), use two interfaces that each belong to a different VPN •...

  • Page 176: Inter-as Vpn

    After spoke sites exchange routes through the hub site, they can communicate with each other through the hub site. Extranet networking scheme The extranet networking scheme allows specific resources in a VPN to be accessed by users not in the VPN.

  • Page 177

    Multihop EBGP redistribution of labeled VPN-IPv4 routes between PE routers—PEs advertise • VPN-IPv4 routes to each other through MP-EBGP. This solution is also called inter-AS option C. Inter-AS option A In this solution, PEs of two ASs are directly connected through multiple subinterfaces, and each PE is also the ASBR of its AS.

  • Page 178

    Figure 47 Network diagram for inter-AS option B As shown in Figure 47, VPN 1 routes are advertised from CE 1 to CE 3 by using the following process: PE 1 advertises the VPN routes learned from CE 1 to ASBR 1 through MP-IBGP. Assume that the inner label assigned by PE 1 to the routes is L1.

  • Page 179

    bottlenecks, which hinders network extension. Inter-AS option C has better scalability because it makes PEs directly exchange VPN-IPv4 routes. In this solution, PEs exchange VPN-IPv4 routes over a multihop MP-EBGP session. Each PE must have a route to the peer PE and a label for the route so that the inter-AS public tunnel between the PEs can be set up.

  • Page 180: Carrier's Carrier

    ASBR 2 assigns a label (L3) to the route destined for PE 1, and advertises the route and its label (L3) to PE 3. The next hop for the route is ASBR 2. The incoming label for the public tunnel on ASBR 2 is L3, and the outgoing label is L2.

  • Page 181

    The MPLS L3VPN service provider is called the provider carrier or the Level 1 carrier. • • The customer is called the customer carrier or the Level 2 carrier. This networking model is referred to as carrier's carrier. The PEs of the Level 2 carrier directly exchange customer networks over a BGP session. The Level 1 carrier only learns the backbone networks of the Level 2 carrier, without learning customer networks.

  • Page 182: Nested Vpn

    Figure 51 Scenario where the Level 2 carrier is an MPLS L3VPN service provider NOTE: If equal cost routes exist between the Level 1 carrier and the Level 2 carrier, HP recommends that you establish equal cost LSPs between them.

  • Page 183: Hovpn

    Figure 52 Network diagram for nested VPN VPN A Provider MPLS Provider PE Provider PE CE 8 CE 7 VPN backbone VPN A-2 VPN A-1 CE 2 CE 1 Customer MPLS Customer MPLS VPN network Customer PE Customer PE CE 3 CE 4 CE 5 CE 6...

  • Page 184

    HoVPN divides PEs into underlayer PEs (UPEs) or user-end PEs, and superstratum PEs (SPEs) or service provider-end PEs. UPEs and SPEs have different functions and comprise a hierarchical PE. The HoPE and common PEs can coexist in an MPLS network. Figure 53 Basic architecture of HoVPN As shown in Figure...

  • Page 185: Ospf Vpn Extension

    Figure 54 Recursion of HoPEs Figure 54 shows a three-level HoPE. The PE in the middle is called the middle-level PE (MPE). MP-BGP runs between SPE and MPE, and between MPE and UPE. MP-BGP advertises the following routes: • All the VPN routes of UPEs to the SPEs. The default routes of the VPN instance of the SPEs or the VPN routes permitted by the routing •...

  • Page 186

    Figure 55 Network diagram for BGP/OSPF interaction As shown in Figure 55, CE 1 1, CE 21, and CE 22 belong to the same VPN and the same OSPF domain. Before a domain ID is configured, VPN 1 routes are advertised from CE 1 1 to CE 21 and CE 22 by using the following process: PE 1 redistributes OSPF routes from CE 11 into BGP, and advertises the VPN routes to PE 2 through BGP.

  • Page 187

    As shown in Figure 56, Site 1 is connected to two PEs. When a PE advertises VPN routes learned from MP-BGP to Site 1 through OSPF, the routes might be received by the other PE. This results in a routing loop.

  • Page 188: Bgp As Number Substitution

    BGP AS number substitution BGP detects routing loops by examining AS numbers. If EBGP runs between PE and CE, you must assign different AS numbers to geographically different sites to ensure correct transmission of routing information. The BGP AS number substitution feature allows physically dispersed CEs to use the same AS number. The feature is a BGP outbound policy and affects routes to be advertised.

  • Page 189

    IPv4 route backup for a VPNv4 route. • VPNv4 route backup for a VPNv4 route Figure 59 Network diagram As show in Figure 59, configure FRR on the ingress node PE 1, and specify the backup next hop for VPN 1 as PE 3.

  • Page 190

    PE 2 switches traffic to the link PE 2—PE 3—CE 2, and traffic from CE 1 to CE 2 goes through the path CE 1—PE 1—PE 2—PE 3—CE 2. This avoids traffic interruption before route convergence completes (switching to the link CE 1—PE 1—PE 3—CE 2). In this scenario, PE 2 is responsible for primary link detection and traffic switchover.

  • Page 191: Configuring Basic Mpls L3vpn

    Tasks at a glance (Optional.) Configuring HoVPN (Optional.) Configuring an OSPF sham link (Optional.) Specifying the VPN label processing mode on the egress PE (Optional.) Configuring BGP AS number substitution (Optional.) Configuring MPLS L3VPN FRR (Optional.) Enabling logging for BGP route flapping (Optional.) Enabling SNMP notifications for MPLS L3VPN Configuring basic MPLS L3VPN...

  • Page 192

    Step Command Remarks Create a VPN instance and By default, no VPN instance is ip vpn-instance vpn-instance-name enter VPN instance view. created. Configure an RD for the VPN route-distinguisher By default, no RD is specified for a instance. route-distinguisher VPN instance. (Optional.) Configure a By default, no description is description for the VPN...

  • Page 193: Configuring Routing Between A Pe And A Ce

    Step Command Remarks By default, the number of active routes allowed for a VPN instance is not limited. Set the maximum routing-table limit number number of active routes Setting the maximum number of { warn-threshold | simply-alert } allowed. active routes for a VPN instance can prevent the PE from learning too many routes.

  • Page 194

    Step Command Remarks By default, no static route is ip route-static vpn-instance configured for a VPN s-vpn-instance-name dest-address { mask-length instance. | mask } { interface-type interface-number [ next-hop-address ] |next-hop-address Perform this configuration on Configure a static route [ public ] [ track track-entry-number ] | the PE.

  • Page 195

    Step Command Remarks The default domain ID is 0. Perform this configuration on the The domain ID is carried in the routes of the OSPF process. When redistributing routes from the OSPF process, BGP adds the domain ID (Optional.) Configure an as an extended community domain-id domain-id [ secondary ] OSPF domain ID.

  • Page 196

    Configuring EBGP between a PE and a CE Configure the PE: Step Command Remarks Enter system view. system-view Enable BGP and enter BGP bgp as-number view. Configuration commands in BGP-VPN instance view are the Enter BGP-VPN instance ip vpn-instance same as those in BGP view. For view.

  • Page 197

    Step Command Remarks Enter BGP view. bgp as-number peer { group-name | ip-address Configure the PE as a BGP By default, no BGP peer is [ mask-length ] } as-number peer. created. as-number Create the BGP IPv4 unicast By default, the BGP IPv4 unicast address-family ipv4 [ unicast ] family and enter its view.

  • Page 198: Configuring Routing Between Pes

    Step Command Remarks By default, no RR or RR client is configured, and the PE does not advertise routes learned from the IBGP peer CE to other IBGP peers, including VPNv4 IBGP peers. The PE advertises routes learned from the CE to other Configure the CE as a client peer { group-name | ip-address IBGP peers only when you...

  • Page 199: Configuring Bgp Vpnv4 Route Control

    Step Command Remarks Enter BGP view. bgp as-number peer { group-name | ip-address Configure the remote PE as a [ mask-length ] } as-number By default, no BGP peer is created. BGP peer. as-number By default, BGP uses the egress peer { group-name | ip-address Specify the source interface interface of the optimal route...

  • Page 200

    Step Command Remarks peer { group-name | ip-address Advertise a default VPN route [ mask-length ] } By default, no default VPN route is to a peer or peer group. default-route-advertise advertised to a peer or peer group. vpn-instance vpn-instance-name Apply an ACL to filter routes peer { group-name | ip-address By default, no ACL-based filtering...

  • Page 201: Configuring Inter-as Vpn

    Step Command Remarks By default, route reflection Enable route reflection reflect between-clients between clients is enabled on the between clients. Configure a cluster ID for the reflector cluster-id { cluster-id | By default, the RR uses its own route reflector. ip-address } router ID as the cluster ID.

  • Page 202: Configuring Inter-as Option C

    Step Command Remarks Enter system view. system-view Enter interface view of the interface interface-type interface connected to an interface-number internal router of the AS. By default, MPLS is disabled on the Enable MPLS on the interface. mpls enable interface. Enable MPLS LDP on the By default, MPLS LDP is disabled mpls ldp enable interface.

  • Page 203

    ASBR configuration: • Configure a routing protocol, and enable MPLS and LDP on the interface connecting to an internal router of the AS. Specify the PE in the same AS as an IBGP peer, and the ASBR in a different AS as an EBGP peer.

  • Page 204

    Configuring an ASBR To set up an inter-AS public tunnel for the inter-AS option C solution, an ASBR must assign an MPLS label to the route destined for a PE, and advertise the label along with the route. Typically, the routes advertised by an ASBR through BGP include the PE address as well as other routes.

  • Page 205

    Step Command Remarks peer { group-name | ip-address Configure the ASBR in [ mask-length ] } as-number By default, no BGP peer is created. another AS as an EBGP peer. as-number Create the BGP IPv4 unicast By default, the BGP IPv4 unicast address family and enter its address-family ipv4 [ unicast ] address family is not created.

  • Page 206: Configuring Nested Vpn

    Configuring nested VPN For a network with many VPNs, nested VPN is a good solution to implement layered management of VPNs and to conceal the deployment of internal VPNs. To build a nested VPN network, perform the following configurations: Configurations between customer PE and customer CE—Configure VPN instances on the customer •...

  • Page 207: Configuring Hovpn

    Associating an interface with a VPN instance is not required on the SPE because no interface on the SPE is directly connected to the customer network. HP recommends not configuring the peer default-route-advertise vpn-instance and peer upe route-policy commands at the same time.

  • Page 208: Configuring An Ospf Sham Link

    Step Command Remarks • Advertise a default VPN route By default, no route is advertised to to the UPE: the UPE. peer { group-name | ip-address Do not configure both commands. [ mask-length ] } default-route-advertise The peer default-route-advertise vpn-instance vpn-instance command advertises vpn-instance-name a default route using the local...

  • Page 209: Redistributing The Loopback Interface Route

    Step Command Remarks Enter system view. system-view ospf [ process-id | router-id HP recommends that you specify a Enter OSPF view. router-id | vpn-instance router ID. vpn-instance-name ] * If BGP runs within an MPLS backbone, and the BGP AS...

  • Page 210: Specifying The Vpn Label Processing Mode On The Egress Pe

    Specifying the VPN label processing mode on the egress PE An egress PE can process VPN labels in either POPGO or POP mode. • POPGO forwarding—Pops the label and forwards the packet out of the egress interface corresponding to the label. POP forwarding—Pops the label and forwards the packet through the FIB table.

  • Page 211

    Method 1—Execute the pic command in BGP-VPN IPv4 unicast address family view. The device • calculates a backup next hop for each BGP route in the VPN instance if there are two or more unequal-cost routes to reach the destination. •...

  • Page 212

    Step Command Remarks By default, no routing policy is created. Create a routing policy This step is required to enable MPLS route-policy route-policy-name permit and enter routing policy L3VPN FRR in Method 2. node node-number view. For more information about this command, see Layer 3—IP Routing Command Reference.

  • Page 213: Enabling Logging For Bgp Route Flapping

    Enabling logging for BGP route flapping This feature enables BGP to generate logs for BGP route flappings that trigger log generation. The generated logs are sent to the information center. For more information about information center, see Network Management and Monitoring Configuration Guide. To enable logging for BGP route flapping: Step Command...

  • Page 214

    Execute the following commands in user view to soft reset or reset BGP connections: Task Command refresh bgp { ip-address [ mask-length ] | all | external | group Soft reset BGP sessions for VPNv4 group-name | internal } { export | import } vpnv4 [ vpn-instance address family.

  • Page 215: Mpls L3vpn Configuration Examples

    Task Command Display OSPF sham link display ospf [ process-id ] sham-link [ area area-id ] [ standby slot information. slot-number ] For more information about the display ip routing-table, display bgp group vpnv4, display bgp peer vpnv4, and display bgp update-group vpnv4 commands, see Layer 3—IP Routing Command Reference. MPLS L3VPN configuration examples Configuring basic MPLS L3VPN Network requirements...

  • Page 216

    Device Interface IP address Device Interface IP address CE 2 Vlan-int12 10.2.1.1/24 Vlan-int11 10.3.1.2/24 CE 3 Vlan-int11 10.3.1.1/24 Vlan-int13 10.4.1.2/24 CE 4 Vlan-int13 10.4.1.1/24 Configuration procedure Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone: # Configure PE 1.

  • Page 217

    [PE2-Vlan-interface12] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit # Execute the display ospf peer command to verify that OSPF adjacencies in Full state have been established between PE 1, P, and PE 2. Execute the display ip routing-table command to verify that the PEs have learned the routes to the loopback interfaces of each other.

  • Page 218

    [PE1-vpn-instance-vpn1] quit [PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:2 [PE1-vpn-instance-vpn2] vpn-target 222:2 [PE1-vpn-instance-vpn2] quit [PE1] interface vlan-interface 11 [PE1-Vlan-interface11] ip binding vpn-instance vpn1 [PE1-Vlan-interface11] ip address 10.1.1.2 24 [PE1-Vlan-interface11] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip binding vpn-instance vpn2 [PE1-Vlan-interface12] ip address 10.2.1.2 24 [PE1-Vlan-interface12] quit # Configure PE 2.

  • Page 219

    --- Ping statistics for 10.1.1.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.000/0.800/2.000/0.748 ms Establish EBGP peer relationships between PEs and CEs, and redistribute VPN routes into BGP: # Configure CE 1. <CE1> system-view [CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] address-family ipv4 unicast...

  • Page 220: Configuring A Hub-spoke Network

    [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0 [PE2-bgp] address-family vpnv4 [PE2-bgp-vpnv4] peer 1.1.1.9 enable [PE2-bgp-vpnv4] quit [PE2-bgp] quit # Execute the display bgp peer vpnv4 command on the PEs to verify that a BGP peer relationship in Established state has been established between the PEs. (Details not shown.) Verifying the configuration # Execute the display ip routing-table vpn-instance command on the PEs.

  • Page 221

    Figure 63 Network diagram Table 13 Interface and IP address assignment Device Interface IP address Device Interface IP address Spoke-CE 1 Vlan-int2 10.1.1.1/24 Hub-CE Vlan-int6 10.3.1.1/24 Spoke-PE 1 Loop0 1.1.1.9/32 Vlan-int7 10.4.1.1/24 Vlan-int2 10.1.1.2/24 Hub-PE Loop0 2.2.2.9/32 Vlan-int4 172.1.1.1/24 Vlan-int4 172.1.1.2/24 Spoke-CE 2 Vlan-int3...

  • Page 222

    [Spoke-PE1-ospf-1] quit # Configure Spoke-PE 2. <Spoke-PE2> system-view [Spoke-PE2] interface loopback 0 [Spoke-PE2-LoopBack0] ip address 3.3.3.9 32 [Spoke-PE2-LoopBack0] quit [Spoke-PE2] interface vlan-interface 5 [Spoke-PE2-Vlan-interface5] ip address 172.2.1.1 24 [Spoke-PE2-Vlan-interface5] quit [Spoke-PE2] ospf [Spoke-PE2-ospf-1] area 0 [Spoke-PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [Spoke-PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [Spoke-PE2-ospf-1-area-0.0.0.0] quit [Spoke-PE2-ospf-1] quit # Configure Hub-PE.

  • Page 223

    [Spoke-PE2] mpls lsr-id 3.3.3.9 [Spoke-PE2] mpls ldp [Spoke-PE2-ldp] quit [Spoke-PE2] interface vlan-interface 5 [Spoke-PE2-Vlan-interface5] mpls enable [Spoke-PE2-Vlan-interface5] mpls ldp enable [Spoke-PE2-Vlan-interface5] quit # Configure Hub-PE. [Hub-PE] mpls lsr-id 2.2.2.9 [Hub-PE] mpls ldp [Hub-PE-ldp] quit [Hub-PE] interface vlan-interface 4 [Hub-PE-Vlan-interface4] mpls enable [Hub-PE-Vlan-interface4] mpls ldp enable [Hub-PE-Vlan-interface4] quit [Hub-PE] interface vlan-interface 5...

  • Page 224

    [Hub-PE-vpn-instance-vpn1-in] vpn-target 222:2 import-extcommunity [Hub-PE-vpn-instance-vpn1-in] quit [Hub-PE] ip vpn-instance vpn1-out [Hub-PE-vpn-instance-vpn1-out] route-distinguisher 100:4 [Hub-PE-vpn-instance-vpn1-out] vpn-target 111:1 export-extcommunity [Hub-PE-vpn-instance-vpn1-out] quit [Hub-PE] interface vlan-interface 6 [Hub-PE-Vlan-interface6] ip binding vpn-instance vpn1-in [Hub-PE-Vlan-interface6] ip address 10.3.1.2 24 [Hub-PE-Vlan-interface6] quit [Hub-PE] interface vlan-interface 7 [Hub-PE-Vlan-interface7] ip binding vpn-instance vpn1-out [Hub-PE-Vlan-interface7] ip address 10.4.1.2 24 [Hub-PE-Vlan-interface7] quit # Configure IP addresses for the CEs according to...

  • Page 225

    [Spoke-CE2] bgp 65420 [Spoke-CE2-bgp] peer 10.2.1.2 as-number 100 [Spoke-CE2-bgp] address-family ipv4 [Spoke-CE2-bgp-ipv4] peer 10.2.1.2 enable [Spoke-CE2-bgp-ipv4] import-route direct [Spoke-CE2-bgp-ipv4] quit [Spoke-CE2-bgp] quit # Configure Hub-CE. <Hub-CE> system-view [Hub-CE] bgp 65430 [Hub-CE-bgp] peer 10.3.1.2 as-number 100 [Hub-CE-bgp] peer 10.4.1.2 as-number 100 [Hub-CE-bgp] address-family ipv4 [Hub-CE-bgp-ipv4] peer 10.3.1.2 enable [Hub-CE-bgp-ipv4] peer 10.4.1.2 enable...

  • Page 226

    [Hub-PE-bgp-vpn1-out] peer 10.4.1.1 as-number 65430 [Hub-PE-bgp-vpn1-out] address-family ipv4 [Hub-PE-bgp-ipv4-vpn1-out] peer 10.4.1.1 enable [Hub-PE-bgp-ipv4-vpn1-out] peer 10.4.1.1 allow-as-loop 2 [Hub-PE-bgp-ipv4-vpn1-out] import-route direct [Hub-PE-bgp-ipv4-vpn1-out] quit [Hub-PE-bgp-vpn1-out] quit [Hub-PE-bgp] quit # Execute the display bgp peer ipv4 vpn-instance command on the PEs to verify that a BGP peer relationship in Established state has been established between a PE and a CE.

  • Page 227: Configuring Mpls L3vpn Inter-as Option A

    Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 127.0.0.1 InLoop0 10.1.1.0/24 Direct 0 10.1.1.2 Vlan2 10.1.1.0/32 Direct 0 10.1.1.2 Vlan2 10.1.1.2/32 Direct 0 127.0.0.1 InLoop0 10.1.1.255/32 Direct 0 10.1.1.2 Vlan2 10.2.1.0/24 2.2.2.9 Vlan4 10.3.1.0/24 2.2.2.9 Vlan4 10.4.1.0/24 2.2.2.9 Vlan4 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0...

  • Page 228

    Figure 64 Network diagram MPLS backbone Loop0 Loop0 MPLS backbone AS 100 AS 200 Vlan-int12 Vlan-int12 Vlan-int11 Vlan-int11 ASBR-PE 2 ASBR-PE 1 Loop0 Loop0 Vlan-int11 Vlan-int11 PE 2 PE 1 Vlan-int12 Vlan-int12 Vlan-int12 Vlan-int12 CE 1 CE 2 AS 65001 AS 65002 Table 14 Interface and IP address assignment Device...

  • Page 229

    [PE1-Vlan-interface11] quit # Configure basic MPLS on ASBR-PE 1, and enable MPLS LDP on the interface connected to PE 1. <ASBR-PE1> system-view [ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls ldp [ASBR-PE1-ldp] quit [ASBR-PE1] interface vlan-interface 11 [ASBR-PE1-Vlan-interface11] mpls enable [ASBR-PE1-Vlan-interface11] mpls ldp enable [ASBR-PE1-Vlan-interface11] quit # Configure basic MPLS on ASBR-PE 2, and enable MPLS LDP on the interface connected to PE 2.

  • Page 230

    [PE1-Vlan-interface12] quit # Configure CE 2. <CE2> system-view [CE2] interface vlan-interface 12 [CE2-Vlan-interface12] ip address 10.2.1.1 24 [CE2-Vlan-interface12] quit # Configure PE 2. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance] route-distinguisher 200:2 [PE2-vpn-instance] vpn-target 200:1 both [PE2-vpn-instance] quit [PE2] interface vlan-interface 12 [PE2-Vlan-interface12] ip binding vpn-instance vpn1 [PE2-Vlan-interface12] ip address 10.2.1.2 24 [PE2-Vlan-interface12] quit...

  • Page 231

    [PE1] bgp 100 [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.1 as-number 65001 [PE1-bgp-vpn1] address-family ipv4 unicast [PE1-bgp-ipv4-vpn1] peer 10.1.1.1 enable [PE1-bgp-ipv4-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 2. [CE2] bgp 65002 [CE2-bgp] peer 10.2.1.2 as-number 200 [CE2-bgp] address-family ipv4 unicast [CE2-bgp-ipv4] peer 10.2.1.2 enable [CE2-bgp-ipv4] import-route direct [CE2-bgp-ipv4] quit...

  • Page 232: Configuring Mpls L3vpn Inter-as Option B

    [ASBR-PE1-bgp-vpnv4] peer 1.1.1.9 enable [ASBR-PE1-bgp-vpnv4] peer 1.1.1.9 next-hop-local [ASBR-PE1-bgp-vpnv4] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ip vpn-instance vpn1 [ASBR-PE2-bgp-vpn1] peer 192.1.1.1 as-number 100 [ASBR-PE2-bgp-vpn1] address-family ipv4 unicast [ASBR-PE2-bgp-ipv4-vpn1] peer 192.1.1.1 enable [ASBR-PE2-bgp-ipv4-vpn1] quit [ASBR-PE2-bgp-vpn1] quit [ASBR-PE2-bgp] peer 4.4.4.9 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [ASBR-PE2-bgp] address-family vpnv4...

  • Page 233

    Figure 65 Network diagram MPLS backbone Loop0 Loop0 MPLS backbone AS 100 AS 600 Vlan-int12 Vlan-int12 Vlan-int11 Vlan-int11 ASBR-PE 2 ASBR-PE 1 Loop0 Loop0 Vlan-int11 Vlan-int11 PE 2 PE 1 Vlan-int12 Vlan-int12 Site 1 Site 2 CE 1 CE 2 AS 65001 AS 65002 Table 15 Interface and IP address assignment...

  • Page 234

    [PE1-Vlan-interface11] quit # Configure interface Loopback 0, and enable IS-IS on it. [PE1] interface loopback 0 [PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1, and configure the RD and route target attributes. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity...

  • Page 235

    [ASBR-PE1-Vlan-interface11] mpls enable [ASBR-PE1-Vlan-interface11] mpls ldp enable [ASBR-PE1-Vlan-interface11] quit # Configure interface VLAN-interface 12, and enable MPLS on it. [ASBR-PE1] interface vlan-interface 12 [ASBR-PE1-Vlan-interface12] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Vlan-interface12] mpls enable [ASBR-PE1-Vlan-interface12] quit # Configure interface Loopback 0, and enable IS-IS on it. [ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.3.3.9 32 [ASBR-PE1-LoopBack0] isis enable 1...

  • Page 236

    [ASBR-PE2-Vlan-interface12] mpls enable [ASBR-PE2-Vlan-interface12] quit # Configure interface Loopback 0, and enable IS-IS on it. [ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit # Enable BGP on ASBR-PE 2. [ASBR-PE2] bgp 600 [ASBR-PE2-bgp] peer 11.0.0.2 as-number 100 [ASBR-PE2-bgp] peer 11.0.0.2 connect-interface vlan-interface 12 [ASBR-PE2-bgp] peer 5.5.5.9 as-number 600 [ASBR-PE2-bgp] peer 5.5.5.9 connect-interface loopback 0...

  • Page 237: Configuring Mpls L3vpn Inter-as Option C

    [PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE2-vpn-instance-vpn1] quit # Bind the interface connected with CE 2 to the created VPN instance. [PE2] interface vlan-interface12 [PE2-Vlan-interface12] ip binding vpn-instance vpn1 [PE2-Vlan-interface12] ip address 20.0.0.1 8 [PE2-Vlan-interface12] quit # Enable BGP on PE 2.

  • Page 238

    ASBR-PE 1 and ASBR-PE 2 use EBGP to exchange labeled IPv4 routes. Figure 66 Network diagram Loop0 Loop0 MPLS backbone MPLS backbone AS 100 AS 600 Vlan-int12 Vlan-int12 Vlan-int11 Vlan-int11 ASBR-PE 1 ASBR-PE 2 Loop0 Loop0 Vlan-int11 Vlan-int11 Site 2 PE 2 Site 1 PE 1...

  • Page 239

    # Configure IS-IS on PE 1. <PE1> system-view [PE1] isis 1 [PE1-isis-1] network-entity 10.111.111.111.111.00 [PE1-isis-1] quit # Configure the LSR ID, and enable MPLS and LDP. [PE1] mpls lsr-id 2.2.2.9 [PE1] mpls ldp [PE1-ldp] quit # Configure interface VLAN-interface 11, and enable IS-IS, MPLS, and LDP on the interface. [PE1] interface vlan-interface 11 [PE1-Vlan-interface11] ip address 1.1.1.2 255.0.0.0 [PE1-Vlan-interface11] isis enable 1...

  • Page 240

    # Configure peer 5.5.5.9 as a VPNv4 peer. [PE1-bgp] address-family vpnv4 [PE1-bgp-vpnv4] peer 5.5.5.9 enable [PE1-bgp-vpnv4] quit # Configure 30.0.0.2 as an EBGP peer, and redistribute BGP routes to the routing table of vpn1. [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 30.0.0.2 as-number 65001 [PE1-bgp-vpn1] address-family ipv4 unicast [PE1-bgp-ipv4-vpn1] peer 30.0.0.2 enable [PE1-bgp-ipv4-vpn1] quit...

  • Page 241

    # Enable BGP on ASBR-PE 1, and apply the routing policy policy2 to routes advertised to IBGP peer 2.2.2.9. [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] peer 2.2.2.9 as-number 100 [ASBR-PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [ASBR-PE1-bgp] address-family ipv4 unicast [ASBR-PE1-bgp-ipv4] peer 2.2.2.9 enable [ASBR-PE1-bgp-ipv4] peer 2.2.2.9 route-policy policy2 export # Enable the capability to advertise labeled routes to IBGP peer 2.2.2.9 and to receive labeled routes from the peer.

  • Page 242

    # Configure interface VLAN-interface 12, and enable MPLS on it. [ASBR-PE2] interface vlan-interface 12 [ASBR-PE2-Vlan-interface12] ip address 11.0.0.1 255.0.0.0 [ASBR-PE2-Vlan-interface12] mpls enable [ASBR-PE2-Vlan-interface12] quit # Create routing policies. [ASBR-PE2] route-policy policy1 permit node 1 [ASBR-PE2-route-policy-policy1-1] apply mpls-label [ASBR-PE2-route-policy-policy1-1] quit [ASBR-PE2] route-policy policy2 permit node 1 [ASBR-PE2-route-policy-policy2-1] if-match mpls-label [ASBR-PE2-route-policy-policy2-1] apply mpls-label [ASBR-PE2-route-policy-policy2-1] quit...

  • Page 243

    # Configure interface VLAN-interface 11, and enable IS-IS, MPLS, and LDP on the interface. [PE2] interface vlan-interface 11 [PE2-Vlan-interface11] ip address 9.1.1.2 255.0.0.0 [PE2-Vlan-interface11] isis enable 1 [PE2-Vlan-interface11] mpls enable [PE2-Vlan-interface11] mpls ldp enable [PE2-Vlan-interface11] quit # Configure interface Loopback 0, and enable IS-IS on it. [PE2] interface loopback 0 [PE2-LoopBack0] ip address 5.5.5.9 32 [PE2-LoopBack0] isis enable 1...

  • Page 244: Configuring Mpls L3vpn Carrier's Carrier

    [PE2-bgp-ipv4-vpn1] quit [PE2-bgp-vpn1] quit [PE2-bgp] quit Configure CE 2: # Configure an IP address for VLAN-interface 12. <CE2> system-view [CE2] interface vlan-interface 12 [CE2-Vlan-interface12] ip address 20.0.0.2 24 [CE2-Vlan-interface12] quit # Configure 20.0.0.1 as an EBGP peer, and redistribute direct routes. [CE2] bgp 65002 [CE2-bgp] peer 20.0.0.1 as-number 600 [CE2-bgp] address-family ipv4 unicast...

  • Page 245

    Figure 67 Network diagram Table 17 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 3 Vlan-int11 100.1.1.1/24 CE 4 Vlan-int11 120.1.1.1/24 PE 3 Loop0 1.1.1.9/32 PE 4 Loop0 6.6.6.9/32 Vlan-int11 100.1.1.2/24 Vlan-int11 120.1.1.2/24 Vlan-int12 10.1.1.1/24 Vlan-int12 20.1.1.2/24...

  • Page 246

    [PE1-isis-1] network-entity 10.0000.0000.0000.0004.00 [PE1-isis-1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip address 30.1.1.1 24 [PE1-Vlan-interface12] isis enable 1 [PE1-Vlan-interface12] mpls enable [PE1-Vlan-interface12] mpls ldp enable [PE1-Vlan-interface12] mpls ldp transport-address interface [PE1-Vlan-interface12] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100...

  • Page 247

    [PE3-Vlan-interface12] mpls ldp enable [PE3-Vlan-interface12] mpls ldp transport-address interface [PE3-Vlan-interface12] quit # Configure CE 1. <CE1> system-view [CE1] interface loopback 0 [CE1-LoopBack0] ip address 2.2.2.9 32 [CE1-LoopBack0] quit [CE1] mpls lsr-id 2.2.2.9 [CE1] mpls ldp [CE1-ldp] quit [CE1] isis 2 [CE1-isis-2] network-entity 10.0000.0000.0000.0002.00 [CE1-isis-2] quit [CE1] interface loopback 0...

  • Page 248

    [PE1-Vlan-interface11] mpls ldp enable [PE1-Vlan-interface11] mpls ldp transport-address interface [PE1-Vlan-interface11] quit [PE1] bgp 100 [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] address-family ipv4 unicast [PE1-bgp-ipv4-vpn1] import isis 2 [PE1-bgp-ipv4-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 1. [CE1] interface vlan-interface 11 [CE1-Vlan-interface11] ip address 11.1.1.1 24 [CE1-Vlan-interface11] isis enable 2 [CE1-Vlan-interface11] mpls enable...

  • Page 249

    [PE3-bgp-ipv4-vpn1] peer 100.1.1.1 enable [PE3-bgp-ipv4-vpn1] import-route direct [PE3-bgp-ipv4-vpn1] quit [PE3-bgp-vpn1] quit [PE3-bgp] quit # Configure PE 4 and CE 4 in the same way that PE 3 and CE 3 are configured. (Details not shown.) Configure MP-IBGP peer relationship between the PEs of the customer carrier to exchange the end customers' VPN routes: # Configure PE 3.

  • Page 250

    Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 127.0.0.1 InLoop0 1.1.1.9/32 ISIS 11.1.1.1 Vlan11 2.2.2.9/32 ISIS 11.1.1.1 Vlan11 5.5.5.9/32 4.4.4.9 Vlan12 6.6.6.9/32 4.4.4.9 Vlan12 10.1.1.0/24 ISIS 11.1.1.1 Vlan11 11.1.1.0/24 Direct 0 11.1.1.2 Vlan11 11.1.1.0/32 Direct 0 11.1.1.2 Vlan11 11.1.1.2/32 Direct 0 127.0.0.1 InLoop0 11.1.1.255/32...

  • Page 251

    Display the public network routing table and VPN routing table on the customer carrier PEs, for example, on PE 3: # Verify that the public network routing table contains the internal routes of the customer carrier network. [PE3] display ip routing-table Destinations : 18 Routes : 18 Destination/Mask...

  • Page 252

    Configuring nested VPN Network requirements The service provider provides nested VPN services for users, as shown in Figure PE 1 and PE 2 are PE devices on the service provider backbone. Both of them support the nested • VPN feature. CE 1 and CE 2 are connected to the service provider backbone.

  • Page 253

    Device Interface IP address Device Interface IP address CE 3 Vlan-int1 100.1.1.1/24 CE 4 Vlan-int1 120.1.1.1/24 CE 5 Vlan-int3 110.1.1.1/24 CE 6 Vlan-int3 130.1.1.1/24 PE 1 Loop0 3.3.3.9/32 PE 2 Loop0 4.4.4.9/32 Vlan-int1 11.1.1.2/24 Vlan-int1 21.1.1.1/24 Vlan-int2 30.1.1.1/24 Vlan-int2 30.1.1.2/24 PE 3 Loop0 1.1.1.9/32...

  • Page 254

    Execute the display mpls ldp peer command to verify that an LDP session in Operational state has been established between PE 1 and PE 2. (Details not shown.) Execute the display bgp peer vpnv4 command to verify that a BGP peer relationship in Established state has been established between PE 1 and PE 2.

  • Page 255

    [CE1-Vlan-interface2] quit An LDP session and an IS-IS neighbor relationship can be established between PE 3 and CE 1. # Configure PE 4 and CE 2 in the same way that PE 3 and CE 1 are configured. (Details not shown.) Connect CE 1 and CE 2 to service provider PEs: # Configure PE 1.

  • Page 256

    [CE3-bgp-ipv4] quit [CE3-bgp] quit # Configure CE 5. <CE5> system-view [CE5] interface vlan-interface 3 [CE5-Vlan-interface3] ip address 110.1.1.1 24 [CE5-Vlan-interface3] quit [CE5] bgp 65411 [CE5-bgp] peer 110.1.1.2 as-number 200 [CE5-bgp] address-family ipv4 unicast [CE5-bgp-ipv4] peer 110.1.1.2 enable [CE5-bgp-ipv4] import-route direct [CE5-bgp-ipv4] quit [CE5-bgp] quit # Configure PE 3.

  • Page 257

    # Configure PE 4, CE 4, and CE 6 in the same way that PE 3, CE 3, and CE 5 are configured. (Details not shown.) Establish MP-EBGP peer relationships between service provider PEs and their CEs to exchange user VPNv4 routes: # On PE 1, enable nested VPN and VPNv4 route exchange with CE 1.

  • Page 258

    [CE1-bgp-vpnv4] quit [CE1-bgp] quit # Configure PE 4 and CE 2 in the same way that PE 3 and CE 1 are configured. (Details not shown.) Verifying the configuration Display the public routing table and VPN routing table on the provider PEs, for example, on PE 1: # Verify that the public routing table contains only routes on the service provider network.

  • Page 259

    255.255.255.255/32 Direct 0 127.0.0.1 InLoop0 Display the VPNv4 routing table on the provider CEs, for example, on CE 1. # Verify that the VPNv4 routing table on the customer VPN contains internal sub-VPN routes. [CE1] display bgp routing-table vpnv4 BGP Local router ID is 2.2.2.9 Status codes: * - valid, >...

  • Page 260

    0.0.0.0/32 Direct 0 127.0.0.1 InLoop0 100.1.1.0/24 Direct 0 100.1.1.2 Vlan1 100.1.1.2/32 Direct 0 127.0.0.1 InLoop0 120.1.1.0/24 2.2.2.9 Vlan2 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 127.0.0.1 InLoop0 224.0.0.0/4 Direct 0 0.0.0.0 NULL0 224.0.0.0/24...

  • Page 261

    224.0.0.0/4 Direct 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 127.0.0.1 InLoop0 Verify that CE 3 and CE 4 can ping each other. (Details not shown.) Verify that CE5 and CE 6 can ping each other. (Details not shown.) Verify that CE 3 and CE 6 cannot ping each other.

  • Page 262

    Device Interface IP address Device Interface IP address Vlan-int11 172.1.1.2/24 Vlan-int11 172.2.1.2/24 Vlan-int12 180.1.1.1/24 Vlan-int12 180.1.1.2/24 Configuration procedure Configure UPE 1: # Configure basic MPLS and MPLS LDP to establish LDP LSPs. <UPE1> system-view [UPE1] interface loopback 0 [UPE1-LoopBack0] ip address 1.1.1.9 32 [UPE1-LoopBack0] quit [UPE1] mpls lsr-id 1.1.1.9 [UPE1] mpls ldp...

  • Page 263

    [UPE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [UPE1-bgp] address-family vpnv4 [UPE1-bgp-vpnv4] peer 2.2.2.9 enable [UPE1-bgp-vpnv4] quit # Establish an EBGP peer relationship with CE 1, and redistribute VPN routes into BGP. [UPE1-bgp] ip vpn-instance vpn1 [UPE1-bgp-vpn1] peer 10.2.1.1 as-number 65410 [UPE1-bgp-vpn1] address-family ipv4 unicast [UPE1-bgp-ipv4-vpn1] peer 10.2.1.1 enable [UPE1-bgp-ipv4-vpn1] import-route direct [UPE1-bgp-ipv4-vpn1] quit...

  • Page 264

    <UPE2> system-view [UPE2] interface loopback 0 [UPE2-Loopback0] ip address 4.4.4.9 32 [UPE2-Loopback0] quit [UPE2] mpls lsr-id 4.4.4.9 [UPE2] mpls ldp [UPE2-ldp] quit [UPE2] interface vlan-interface 11 [UPE2-Vlan-interface11] ip address 172.2.1.1 24 [UPE2-Vlan-interface11] mpls enable [UPE2-Vlan-interface11] mpls ldp enable [UPE2-Vlan-interface11] quit # Configure the IGP protocol (OSPF, in this example).

  • Page 265

    [UPE2-bgp-ipv4-vpn1] import-route direct [UPE2-bgp-ipv4-vpn1] quit [UPE2-bgp-vpn1] quit # Establish an EBGP peer relationship with CE 4, and redistribute VPN routes into BGP. [UPE2-bgp] ip vpn-instance vpn2 [UPE2-bgp-vpn2] peer 10.3.1.1 as-number 65440 [UPE2-bgp-vpn2] address-family ipv4 unicast [UPE2-bgp-ipv4-vpn2] peer 10.3.1.1 enable [UPE2-bgp-ipv4-vpn2] import-route direct [UPE2-bgp-ipv4-vpn2] quit [UPE2-bgp-vpn2] quit [UPE2-bgp] quit...

  • Page 266

    [SPE1-Vlan-interface11] mpls enable [SPE1-Vlan-interface11] mpls ldp enable [SPE1-Vlan-interface11] quit [SPE1] interface vlan-interface 12 [SPE1-Vlan-interface12] ip address 180.1.1.1 24 [SPE1-Vlan-interface12] mpls enable [SPE1-Vlan-interface12] mpls ldp enable [SPE1-Vlan-interface12] quit # Configure the IGP protocol (OSPF, in this example). [SPE1] ospf [SPE1-ospf-1] area 0 [SPE1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [SPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255...

  • Page 267

    [SPE1] route-policy hope permit node 0 [SPE1-route-policy-hope-0] if-match ip address prefix-list hope [SPE1-route-policy-hope-0] quit [SPE1] bgp 100 [SPE1-bgp] address-family vpnv4 [SPE1-bgp-vpnv4] peer 1.1.1.9 upe route-policy hope export Configure SPE 2: # Configure basic MPLS and MPLS LDP to establish LDP LSPs. <SPE2>...

  • Page 268

    [SPE2-bgp] peer 2.2.2.9 connect-interface loopback 0 [SPE2-bgp] address-family vpnv4 [SPE2-bgp-vpnv4] peer 2.2.2.9 enable [SPE2-bgp-vpnv4] peer 4.4.4.9 enable [SPE2-bgp-vpnv4] peer 4.4.4.9 upe [SPE2-bgp-vpnv4] peer 4.4.4.9 next-hop-local [SPE2-bgp-vpnv4] quit # Create BGP-VPN instances for VPN instances vpn1 and vpn2, so the VPNv4 routes learned according to the RT attributes can be added into the BGP routing tables of the corresponding VPN instances.

  • Page 269

    Figure 70 Network diagram Loop0 Loop0 Vlan-int12 PE 1 PE 2 Vlan-int12 Vlan-int11 Vlan-int11 Sham-link Loop1 Loop1 OSPF Area 1 Vlan-int11 Vlan-int11 Vlan-int13 Vlan-int12 Vlan-int12 Vlan-int13 CE 1 Switch A CE 2 Backdoor link Table 20 Interface and IP address assignment Device Interface IP address...

  • Page 270

    [PE1-Vlan-interface12] mpls ldp enable [PE1-Vlan-interface12] quit # Configure PE 1 to take PE 2 as an MP-IBGP peer. [PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 as-number 100 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE1-bgp] address-family vpnv4 [PE1-bgp-vpnv4] peer 2.2.2.9 enable [PE1-bgp-vpnv4] quit [PE1-bgp] quit # Configure OSPF on PE 1.

  • Page 271

    [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] interface vlan-interface 11 [PE1-Vlan-interface11] ip binding vpn-instance vpn1 [PE1-Vlan-interface11] ip address 100.1.1.2 24 [PE1-Vlan-interface11] quit [PE1] ospf 100 vpn-instance vpn1 [PE1-ospf-100] domain-id 10 [PE1-ospf-100] area 1 [PE1-ospf-100-area-0.0.0.1] network 100.1.1.0 0.0.0.255 [PE1-ospf-100-area-0.0.0.1] quit [PE1-ospf-100] quit [PE2] bgp 100...

  • Page 272

    Configure a sham link: # Configure PE 1. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ip address 3.3.3.3 32 [PE1-LoopBack1] quit [PE1] ospf 100 [PE1-ospf-100] area 1 [PE1-ospf-100-area-0.0.0.1] sham-link 3.3.3.3 5.5.5.5 cost 10 [PE1-ospf-100-area-0.0.0.1] quit [PE1-ospf-100] quit # Configure PE 2.

  • Page 273: Configuring Bgp As Number Substitution

    Request list: 0 Retransmit list: 0 Configuring BGP AS number substitution Network requirements As shown in Figure 71, CE 1 and CE 2 belong to VPN 1 and are connected to PE 1 and PE 2, respectively. The two CEs have the same AS number, 600. Configure BGP AS number substitution on the PEs to enable the CEs to communicate with each other.

  • Page 274

    Configure the VPN instance of VPN 1 on PE 1 to allow CE 1 to access the network. Configure BGP between PE 1 and CE 1, and between PE 2 and CE 2 and redistribute routes of CEs into PEs. For more information about basic MPLS L3VPN configurations, see "Configuring basic MPLS L3VPN."...

  • Page 275

    127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 127.0.0.1 InLoop0 200.1.1.0/24 10.2.1.1 Vlan12 224.0.0.0/4 Direct 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 127.0.0.1 InLoop0 # Enable BGP update packet debugging on PE 2. The output shows that PE 2 advertises the route to 100.1.1.1/32, and the AS_PATH is 100 600.

  • Page 276

    BGP.vpn1: Send UPDATE to peer 10.2.1.1 for following destinations: Origin : Incomplete AS Path : 100 100 Next Hop : 10.2.1.2 100.1.1.0/24, # Display again the routing information that CE 2 has received and the routing table. <CE2> display bgp routing-table ipv4 peer 10.2.1.2 received-routes Total number of routes: 3 BGP local router ID is 200.1.1.1 Status codes: * - valid, >...

  • Page 277: Configuring Mpls L3vpn Frr Through Vpnv4 Route Backup For A Vpnv4 Route

    Configuring MPLS L3VPN FRR through VPNv4 route backup for a VPNv4 route Network requirements CE 1 and CE 2 belong to VPN 1. Configure EBGP between CEs and PEs to exchange VPN routes. Configure OSPF to ensure connectivity between PEs, and configure MP-IBGP to exchange VPNv4 routing information between PEs.

  • Page 278

    For more information about configuring basic MPLS L3VPN, see "Configuring basic MPLS L3VPN." Configure MPLS L3VPN FRR on PE 1: # Configure BFD to test the connectivity of the LSP to 2.2.2.2/32. <PE1> system-view [PE1] mpls bfd enable [PE1] mpls bfd 2.2.2.2 32 # Create routing policy frr, and specify the backup next hop as 3.3.3.3 for the route to 4.4.4.4/32.

  • Page 279: Configuring Mpls L3vpn Frr Through Vpnv4 Route Backup For An Ipv4 Route

    AttrID: 0x2 Neighbor: 2.2.2.2 Flags: 0x110060 OrigNextHop: 2.2.2.2 Label: 1146 RealNextHop: 172.1.1.2 BkLabel: 1275 BkNextHop: 172.2.1.3 Tunnel ID: Invalid Interface: Vlan-int11 BkTunnel ID: Invalid BkInterface: Vlan-int12 FtnIndex: 0x0 Configuring MPLS L3VPN FRR through VPNv4 route backup for an IPv4 route Network requirements CE 1 and CE 2 belong to VPN 1.

  • Page 280

    Device Interface IP address Device Interface IP address Vlan-int12 172.2.1.1/24 Vlan-int12 172.2.1.3/24 CE 2 Loop0 4.4.4.4/32 Vlan-int14 10.3.1.2/24 Vlan-int13 10.1.1.1/24 Vlan-int15 172.3.1.3/24 Vlan-int14 10.3.1.1/24 Configuration procedure Configure IP addresses and masks for interfaces as shown in Table 23, and configure BGP and MPLS L3VPN.

  • Page 281: Configuring Mpls L3vpn Frr Through Ipv4 Route Backup For A Vpnv4 Route

    Cost: 0 Preference: 10 IpPre: N/A QosLocalID: N/A Tag: 0 State: Active Adv OrigTblID: 0x0 OrigVrf: vpn1 TableID: 0x102 OrigAs: 300 NibID: 0x15000002 LastAs: 300 AttrID: 0x0 Neighbor: 10.1.1.1 Flags: 0x10060 OrigNextHop: 10.1.1.1 Label: NULL RealNextHop: 10.1.1.1 BkLabel: 1275 BkNextHop: 172.3.1.3 Tunnel ID: Invalid Interface: Vlan-int13 BkTunnel ID: 0x409...

  • Page 282

    Table 24 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 Loop0 5.5.5.5/32 PE 2 Loop0 2.2.2.2/32 Vlan-int10 10.2.1.1/24 Vlan-int11 172.1.1.2/24 PE 1 Loop0 1.1.1.1/32 Vlan-int13 10.1.1.2/24 Vlan-int10 10.2.1.2/24 Vlan-int15 172.3.1.2/24 Vlan-int11 172.1.1.1/24 PE 3 Loop0 3.3.3.3/32 Vlan-int12...

  • Page 283

    Enable MPLS BFD on PE 3. <PE3> system-view [PE3] mpls bfd enable Verifying the configuration # Display detailed information about the route to 4.4.4.4/32 on PE 2. The output shows the backup next hop for the route. [PE2] display ip routing-table vpn-instance vpn1 4.4.4.4 32 verbose Summary Count : 1 Destination: 4.4.4.4/32 Protocol: BGP...

  • Page 284: Configuring Ipv6 Mpls L3vpn

    Configuring IPv6 MPLS L3VPN Overview IPv6 MPLS L3VPN uses BGP to advertise IPv6 VPN routes and uses MPLS to forward IPv6 VPN packets on the service provider backbone. Figure 75 shows a typical IPv6 MPLS L3VPN model. The service provider backbone in the IPv6 MPLS L3VPN model is an IPv4 network.

  • Page 285: Ipv6 Mpls L3vpn Routing Information Advertisement

    As shown in Figure 76, the IPv6 MPLS L3VPN packet forwarding procedure is as follows: The PC at Site 1 sends an IPv6 packet destined for 2001:2::1, the PC at Site 2. CE 1 transmits the packet to PE 1. Based on the inbound interface and destination address of the packet, PE 1 finds a matching entry from the routing table of the VPN instance, labels the packet with both a private network label (inner label) and a public network label (outer label), and forwards the packet out.

  • Page 286

    OSPFv3 VPN extension. (OSPFv3 Type 3, Type 5, and Type 7 LSAs support the DN bit. By default, • OSPFv3 VPN extension uses the DN bit to avoid routing loops.) Protocols and standards RFC 4659, BGP-MPLS IP Virtual Private Network (VPN) Extension for IPv6 VPN •...

  • Page 287: Configuring Vpn Instances

    Configure basic MPLS for the MPLS backbone. • • Configure MPLS LDP on PEs and Ps to establish LDP LSPs. Configuring VPN instances By configuring VPN instances on a PE, you isolate not only VPN routes from public network routes, but also routes between VPNs.

  • Page 288

    Step Command Remarks By default, no VPN instance is associated with an interface. The ip binding vpn-instance Associate a VPN instance ip binding vpn-instance command clears the IP address of with the interface. vpn-instance-name the interface. Therefore, re-configure an IP address for the interface after configuring this command.

  • Page 289

    Step Command Remarks By default, routes to be advertised are not filtered. Make sure the routing policy already exists. Otherwise, the Apply an export routing export route-policy route-policy device does not filter routes to be policy. advertised. For information about routing policies, see Layer 3—IP Routing Configuration Guide.

  • Page 290

    Step Command Remarks Enter system view. system-view Create a RIPng process for a Perform this configuration on the ripng [ process-id ] vpn-instance VPN instance and enter RIPng PE. On the CE, create a common vpn-instance-name view. RIPng process. Return to system view. quit interface interface-type Enter interface view.

  • Page 291

    By default, the PE checks the DN bit in OSPFv3 LSAs to avoid routing loops. This command is compatible with (Optional.) Enable the the old protocol (RFC 4577). HP external route check feature route-tag-check enable recommends not using this for OSPFv3 LSAs.

  • Page 292

    Step Command Remarks By default, OSPFv3 is disabled on an interface. Enable OSPFv3 on the ospfv3 process-id area area-id interface. [ instance instance-id ] Perform this configuration on the Configuring IPv6 IS-IS between a PE and a CE An IPv6 IS-IS process belongs to the public network or a single VPN instance. If you create an IPv6 IS-IS process without binding it to a VPN instance, the process belongs to the public network.

  • Page 293

    Step Command Remarks By default, the BGP-VPN IPv6 unicast address family is not created. Configuration commands in Create the BGP-VPN IPv6 BGP-VPN IPv6 unicast address unicast address family and address-family ipv6 [ unicast ] family view are the same as enter its view.

  • Page 294

    Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Configuration commands in BGP-VPN instance view are the Enter BGP-VPN instance ip vpn-instance same as those in BGP view. For view. vpn-instance-name details, see Layer 3—IP Routing Configuration Guide. peer { group-name | Configure the CE as the By default, no BGP peer is...

  • Page 295

    Step Command Remarks Create the BGP IPv6 unicast By default, the BGP IPv6 unicast address-family ipv6 [ unicast ] family and enter its view. family is not created. Enable IPv6 unicast route peer { group-name | By default, BGP does not exchange with the specified ipv6-address [ prefix-length ] } exchange IPv6 unicast routes...

  • Page 296

    Step Command Remarks filter-policy { acl6-number | Configure filtering of By default, BGP does not filter prefix-list ipv6-prefix-name } advertised routes. advertised routes. export [ protocol process-id ] filter-policy { acl6-number | Configure filtering of received By default, BGP does not filter prefix-list ipv6-prefix-name } routes.

  • Page 297: Configuring Inter-as Ipv6 Vpn

    Step Command Remarks By default, an RR does not filter reflected routes. Only IBGP routes whose extended community attribute matches the Configure filtering of reflected rr-filter specified community list are routes. extended-community-number reflected. By configuring different filtering policies on RRs, you can implement load balancing among the RRs.

  • Page 298

    Configuring the PEs Establish an IBGP peer relationship between a PE and an ASBR-PE in an AS, and an MP-EBGP peer relationship between PEs in different ASs. The PEs and ASBR-PEs in an AS must be able to exchange labeled routes. To configure a PE for inter-AS IPv6 VPN option C: Step Command...

  • Page 299: Configuring An Ospfv3 Sham Link

    Configuring an OSPFv3 sham link Before you configure an OSPFv3 sham link, configure basic IPv6 MPLS L3VPN (OSPFv3 is used between PE and CE). Configuring a loopback interface Step Command Remarks Enter system view. system-view Create a loopback interface By default, no loopback and enter loopback interface interface loopback interface-number interface is created.

  • Page 300: Enabling Logging For Bgp Routing Flapping

    Step Command Remarks sham-link source-ipv6-address destination-ipv6-address [ cost cost | Configure an OSPFv3 dead dead-interval | hello hello-interval | By default, no sham link is sham link. instance instance-id | ipsec-profile configured. profile-name | retransmit retrans-interval | trans-delay delay ] * Enabling logging for BGP routing flapping This feature enables BGP to generate logs for BGP route flappings that trigger log generation.

  • Page 301: Ipv6 Mpls L3vpn Configuration Examples

    For more information about the refresh bgp vpnv6 and reset bgp vpnv6 commands, see Layer 3—IP Routing Command Reference. Execute the following commands in any view to display IPv6 MPLS L3VPN: Task Command Display the IPv6 routing table for a display ipv6 routing-table vpn-instance vpn-instance-name [ verbose | VPN instance.

  • Page 302

    Run EBGP between CE and PE switches to exchange VPN routing information. PEs use OSPF to communicate with each other and use MP-IBGP to exchange VPN routing information. Figure 77 Network diagram Table 25 Interface and IP address assignment Device Interface IP address Device...

  • Page 303

    [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure the P switch. <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface vlan-interface 13 [P-Vlan-interface13] ip address 172.1.1.2 24 [P- Vlan-interface13] quit [P] interface vlan-interface 12 [P-Vlan-interface12] ip address 172.2.1.1 24 [P-Vlan-interface12] quit...

  • Page 304

    [PE1-Vlan-interface13] quit # Configure the P switch. [P] mpls lsr-id 2.2.2.9 [P] mpls ldp [P-ldp] quit [P] interface vlan-interface 13 [P-Vlan-interface13] mpls enable [P-Vlan-interface13] mpls ldp enable [P-Vlan-interface13] quit [P] interface vlan-interface 12 [P-Vlan-interface12] mpls enable [P-Vlan-interface12] mpls ldp enable [P-Vlan-interface12] quit # Configure PE 2.

  • Page 305

    [PE2] ip vpn-instance vpn2 [PE2-vpn-instance-vpn2] route-distinguisher 200:2 [PE2-vpn-instance-vpn2] vpn-target 222:2 [PE2-vpn-instance-vpn2] quit [PE2] interface vlan-interface 11 [PE2-Vlan-interface11] ip binding vpn-instance vpn1 [PE2-Vlan-interface11] ipv6 address 2001:3::2 96 [PE2-Vlan-interface11] quit [PE2] interface vlan-interface 13 [PE2-Vlan-interface13] ip binding vpn-instance vpn2 [PE2-Vlan-interface13] ipv6 address 2001:4::2 96 [PE2-Vlan-interface13] quit # Configure IP addresses for the CEs according to Figure...

  • Page 306

    [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 2001:1::1 as-number 65410 [PE1-bgp-vpn1] address-family ipv6 unicast [PE1-bgp-ipv6-vpn1] peer 2001:1::1 enable [PE1-bgp-ipv6-vpn1] import-route direct [PE1-bgp-ipv6-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] ip vpn-instance vpn2 [PE1-bgp-vpn2] peer 2001:2::1 as-number 65420 [PE1-bgp-vpn2] address-family ipv6 unicast [PE1-bgp-ipv6-vpn2] peer 2001:2::1 enable [PE1-bgp-ipv6-vpn2] import-route direct [PE1-bgp-ipv6-vpn2] quit [PE1-bgp-vpn2] quit...

  • Page 307

    Destination: 2001:1::/96 Protocol : Direct NextHop : :: Preference: 0 Interface : Vlan11 Cost Destination: 2001:1::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2001:3::/96 Protocol : BGP4+ NextHop : ::FFFF:3.3.3.9 Preference: 255 Interface : Vlan13 Cost Destination: FE80::/10 Protocol...

  • Page 308: Configuring Ipv6 Mpls L3vpn Inter-as Option A

    # Verify that CEs of the same VPN can ping each other, and CEs of different VPNs cannot ping each other. For example, CE 1 can ping CE 3 (2001:3::1), but cannot ping CE 4 (2001:4::1). (Details not shown.) Configuring IPv6 MPLS L3VPN inter-AS option A Network requirements CE 1 and CE 2 belong to the same VPN.

  • Page 309

    # Execute the display ospf peer command to verify that each ASBR-PE has established an OSPF adjacency in Full state with the PE in the same AS, and that the PEs and ASBR-PEs in the same AS have learned the routes to the loopback interfaces of each other. Verify that each ASBR-PE and the PE in the same AS can ping each other.

  • Page 310

    # Configure CE 1. <CE1> system-view [CE1] interface vlan-interface 12 [CE1-Vlan-interface12] ipv6 address 2001:1::1 96 [CE1-Vlan-interface12] quit # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip binding vpn-instance vpn1 [PE1-Vlan-interface12] ipv6 address 2001:1::2 96 [PE1-Vlan-interface12] quit # Configure CE 2.

  • Page 311

    [ASBR-PE2-Vlan-interface12] quit # Execute the display ip vpn-instance command to display VPN instance configurations. Verify that each PE can ping its attached CE, and ASBR-PE 1 and ASBR-PE 2 can ping each other. (Details not shown.) Establish an EBGP peer relationship between PE and CE switches, and redistribute VPN routes into BGP: # Configure CE 1.

  • Page 312

    [PE1-bgp-vpnv6] peer 2.2.2.9 enable [PE1-bgp-vpnv6] quit [PE1-bgp] quit # Configure ASBR-PE 1. [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] ip vpn-instance vpn1 [ASBR-PE1-bgp-vpn1] peer 2002:1::2 as-number 200 [ASBR-PE1-bgp-vpn1] address-family ipv6 unicast [ASBR-PE1-bgp-ipv6-vpn1] peer 2002:1::2 enable [ASBR-PE1-bgp-ipv6-vpn1] quit [ASBR-PE1-bgp-vpn1] quit [ASBR-PE1-bgp] peer 1.1.1.9 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback 0 [ASBR-PE1-bgp] address-family vpnv6 [ASBR-PE1-bgp-vpnv6] peer 1.1.1.9 enable...

  • Page 313: Configuring Ipv6 Mpls L3vpn Inter-as Option C

    Configuring IPv6 MPLS L3VPN inter-AS option C Network requirements Site 1 and Site 2 belong to the same VPN. Site 1 accesses the network through PE 1 in AS 100. Site 2 accesses the network through PE 2 in AS 600. PEs in the same AS run IS-IS. PE 1 and ASBR-PE 1 exchange labeled IPv4 routes by IBGP.

  • Page 314

    [CE1-Vlan-interface12] ip address 2001::2 64 [CE1-Vlan-interface12] quit # Configure 2001::1 as an EBGP peer, and redistribute direct routes. [CE1] bgp 65001 [CE1-bgp] peer 2001::1 as-number 100 [CE1-bgp] address-family ipv6 unicast [CE1-bgp-ipv6] peer 2001::1 enable [CE1-bgp-ipv6] import-route direct [CE1-bgp-ipv6] quit [CE1-bgp] quit Configure PE 1: # Run IS-IS on PE 1.

  • Page 315

    # Enable the capability to advertise labeled routes to and receive labeled routes from the IBGP peer 3.3.3.9. [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0 [PE1-bgp] address-family ipv4 unicast [PE1-bgp-ipv4] peer 3.3.3.9 enable [PE1-bgp-ipv4] peer 3.3.3.9 label-route-capability [PE1-bgp-ipv4] quit # Configure the maximum hop count from PE 1 to EBGP peer 5.5.5.9 as 10.

  • Page 316

    # Configure interface Loopback 0, and start IS-IS on it. [ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.3.3.9 32 [ASBR-PE1-LoopBack0] isis enable 1 [ASBR-PE1-LoopBack0] quit # Create routing policies. [ASBR-PE1] route-policy policy1 permit node 1 [ASBR-PE1-route-policy-policy1-1] apply mpls-label [ASBR-PE1-route-policy-policy1-1] quit [ASBR-PE1] route-policy policy2 permit node 1 [ASBR-PE1-route-policy-policy2-1] if-match mpls-label [ASBR-PE1-route-policy-policy2-1] apply mpls-label...

  • Page 317

    # Configure interface VLAN-interface 11, and enable IS-IS, MPLS, and LDP on the interface. [ASBR-PE2] interface vlan-interface 11 [ASBR-PE2-Vlan-interface11] ip address 9.1.1.1 255.0.0.0 [ASBR-PE2-Vlan-interface11] isis enable 1 [ASBR-PE2-Vlan-interface11] mpls enable [ASBR-PE2-Vlan-interface11] mpls ldp enable [ASBR-PE2-Vlan-interface11] quit # Configure interface Loopback 0, and start IS-IS on it. [ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32 [ASBR-PE2-LoopBack0] isis enable 1...

  • Page 318

    [ASBR-PE2-bgp] quit Configure PE 2: # Enable IS-IS on PE 2. <PE2> system-view [PE2] isis 1 [PE2-isis-1] network-entity 10.444.444.444.444.00 [PE2-isis-1] quit # Configure an LSR ID, and enable MPLS and LDP. [PE2] mpls lsr-id 5.5.5.9 [PE2] mpls ldp [PE2-ldp] quit # Configure interface VLAN-interface 11, and enable IS-IS, MPLS, and LDP on the interface.

  • Page 319: Configuring Ipv6 Mpls L3vpn Carrier's Carrier

    [PE2-bgp] peer 2.2.2.9 as-number 100 [PE2-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE2-bgp] peer 2.2.2.9 ebgp-max-hop 10 # Configure peer 2.2.2.9 as a VPNv6 peer. [PE2-bgp] address-family vpnv6 [PE2-bgp-vpnv6] peer 2.2.2.9 enable [PE2-bgp-vpnv6] quit # Configure 2002::2 as an EBGP peer, and redistribute BGP routes to the routing table of vpn1. [PE2-bgp] ip vpn-instance vpn1 [PE2-bgp-vpn1] peer 2002::2 as-number 65002 [PE2-bgp-vpn1] address-family ipv6 unicast...

  • Page 320

    Exchange of the customer carrier's internal routes on the provider carrier's backbone. • • Exchange of the end customers' internal routes between PE 3 and PE 4, the PEs of the customer carrier. An MP-IBGP peer relationship must be established between PE 3 and PE 4. Figure 80 Network diagram Loop0 Loop0...

  • Page 321

    [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] address-family vpnv4 [PE1-bgp-vpnv4] peer 4.4.4.9 enable [PE1-bgp-vpnv4] quit [PE1-bgp] quit # Configure PE 2 in the same way that PE 1 is configured. (Details not shown.) # On PE 1 or PE 2, execute the following commands: Execute the display mpls ldp peer command to verify that an LDP session in Operational state has been established between PE 1 and PE 2.

  • Page 322

    [CE1] interface loopback 0 [CE1-LoopBack0] isis enable 2 [CE1-LoopBack0] quit [CE1] interface vlan-interface 12 [CE1-Vlan-interface12] ip address 10.1.1.2 24 [CE1-Vlan-interface12] isis enable 2 [CE1-Vlan-interface12] mpls enable [CE1-Vlan-interface12] mpls ldp enable [CE1-Vlan-interface12] mpls ldp transport-address interface [CE1-Vlan-interface12] quit PE 3 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them. # Configure PE 4 and CE 2 in the same way that PE 3 and CE 1 are configured.

  • Page 323

    [CE1-Vlan-interface11] mpls ldp enable [CE1-Vlan-interface11] mpls ldp transport-address interface [CE1-Vlan-interface11] quit PE 1 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them. # Configure PE 2 and CE 2 in the same way that PE 1 and CE 1 are configured. (Details not shown.) Connect end customers to the customer carrier: # Configure CE 3.

  • Page 324

    [PE3-bgp-vpnv6] quit [PE3-bgp] quit # Configure PE 3 in the same way that PE 3 is configured. (Details not shown.) Verifying the configuration Display the public network routing table and VPN routing table on the provider carrier PEs, for example, on PE 1: # Verify that the public network routing table contains only routes of the provider carrier network.

  • Page 325

    224.0.0.0/4 Direct 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 127.0.0.1 InLoop0 Verify that the routing table contains the internal routes of the customer carrier network on the customer carrier CEs, for example, on CE 1. [CE1] display ip routing-table Destinations : 21 Routes : 21 Destination/Mask...

  • Page 326

    11.1.1.0/24 ISIS 10.1.1.2 Vlan12 20.1.1.0/24 ISIS 10.1.1.2 Vlan12 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 127.0.0.1 InLoop0 224.0.0.0/4 Direct 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 127.0.0.1 InLoop0 # Verify that the VPN routing table has the remote VPN route.

  • Page 327

    Figure 81 Network diagram Loop0 Loop0 Vlan-int12 PE 1 PE 2 Vlan-int12 Vlan-int11 Vlan-int11 Sham-link Loop1 Loop1 OSPFv3 Area 1 Vlan-int11 Vlan-int11 Vlan-int13 Vlan-int12 Vlan-int12 Vlan-int13 CE 1 Switch A CE 2 Backdoor link Table 28 Interface and IP address assignment Device Interface IP address...

  • Page 328

    [PE1-Vlan-interface12] ip address 10.1.1.1 24 [PE1-Vlan-interface12] mpls enable [PE1-Vlan-interface12] mpls ldp enable [PE1-Vlan-interface12] quit # Configure PE 1 to take PE 2 as an MP-IBGP peer. [PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 as-number 100 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE1-bgp] address-family vpnv6 [PE1-bgp-vpnv6] peer 2.2.2.9 enable [PE1-bgp-vpnv6] quit...

  • Page 329

    Configure PEs to allow CE access: # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] interface vlan-interface 11 [PE1-Vlan-interface11] ip binding vpn-instance vpn1 [PE1-Vlan-interface11] ipv6 address 100::2 64 [PE1-Vlan-interface11] ospfv3 100 area 1 [PE1-Vlan-interface11] quit [PE1] ospfv3 100 [PE1-ospfv3-100] router-id 100.1.1.1...

  • Page 330

    Configure a sham link: # Configure PE 1. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ipv6 address 3::3 128 [PE1-LoopBack1] quit [PE1] ospfv3 100 [PE1-ospfv3-100] area 1 [PE1-ospfv3-100-area-0.0.0.1] sham-link 3::3 5::5 [PE1-ospfv3-100-area-0.0.0.1] quit [PE1-ospfv3-100] quit # Configure PE 2. [PE2] interface loopback 1 [PE2-LoopBack1] ip binding vpn-instance vpn1 [PE2-LoopBack1] ipv6 address 5::5 128...

  • Page 331

    Interface ID: 2147483649 Neighbor ID : 120.1.1.1, Neighbor state: Full Cost: 1 State: P-2-P Type: Sham Instance ID: 0 Timers: Hello 10, Dead 40, Retransmit 5, Transmit delay 1 Request list: 0 Retransmit list: 0...

  • Page 332: Configuring Mpls L2vpn

    Configuring MPLS L2VPN MPLS L2VPN provides point-to-point and point-to-multipoint connections. This chapter describes only the MPLS L2VPN technologies that provide point-to-point connections. For information about the MPLS L2VPN technologies that provide point-to-multipoint connections, see "Configuring VPLS." Overview MPLS L2VPN is an implementation of Pseudo Wire Emulation Edge-to-Edge (PWE3). It offers Layer 2 VPN services over an MPLS or IP backbone.

  • Page 333: Mpls L2vpn Network Models

    and LO of the first label block are 10 and 0, the LO of the second label block is 10. If the LR of the second label block is 20, the LO of the third label block is 30. A label block whose LB, LO, and LR are 1000, 10, and 5 is represented as 1000/10/5. Assume that a VPN has 10 sites, and a PE assigns the first label block LB1/0/10 to the VPN.

  • Page 334: Pw Redundancy

    To establish an LDP PW, configure LDP and specify the peer PE address on the two PEs. LDP defines a new FEC type named PW ID FEC for PEs to exchange PW-label bindings. The new FEC type uses a PW ID and a PW type to identify a PW. The PW ID is the ID of the PW between PEs. The PW type specifies the encapsulation type for data transmitted over the PW, such as ATM, FR, Ethernet, or VLAN.

  • Page 335: Multi-segment Pw

    Figure 83 PW redundancy The MPLS L2VPN determines whether the primary PW fails according to the LDP session status or the BFD result. The backup PW is used when one of the following conditions exists: • The public tunnel of the primary PW is deleted, or BFD detects that the public tunnel has failed. The primary PW is deleted because the LDP session between PEs goes down, or BFD detects that the •...

  • Page 336

    Intra-domain multi-segment PW An intra-domain multi-segment PW has concatenated PWs within an AS. You can create an intra-domain multi-segment PW between two PEs that have no public tunnel to each other. As shown in Figure 85, there is no public tunnel between PE 1 and PE 4. There is a public tunnel between PE 1 and PE 2 and a public tunnel between PE 2 and PE 4.

  • Page 337: Vccv

    Figure 86 Inter-domain multi-segment PW VCCV Virtual Circuit Connectivity Verification (VCCV) is an OAM feature for L2VPN. It verifies the connectivity of PWs on the data plane. VCCV includes two modes: Manual mode—Use the ping mpls pw command to manually test the connectivity of a PW. •...

  • Page 338: Enabling L2vpn

    Tasks at a glance Remarks Configuring a • (Optional.) Configuring a PW class • (Required.) Choose either of the following tasks to configure a PW: Choose a PW configuration method depending on the MPLS Configuring a static PW L2VPN implementation. Configuring an LDP PW Configuring a BGP PW Configuring a remote CCC connection...

  • Page 339: Configuring A Cross-connect

    Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type Enter Layer 2 Ethernet interface-number interface view or Layer 2 • Enter Layer 2 aggregate aggregate interface view. interface view: interface bridge-aggregation interface-number Create an Ethernet service By default, no Ethernet service instance and enter Ethernet service-instance instance-id instance is created.

  • Page 340: Configuring A Pw

    Configuring a PW Configuring a PW class You can configure PW attributes such as the PW type and enable control word in a PW class. PWs with the same attributes can reference the same PW class. To configure a PW class: Step Command Remarks...

  • Page 341: Configuring A Bgp Pw

    Step Command Remarks By default, no LDP PW is configured. After an LDP PW is created, the peer ip-address pw-id pw-id Configure an LDP PW and local PE automatically sends a [ pw-class class-name | enter cross-connect PW view. targeted hello to create an LDP tunnel-policy tunnel-policy-name ] * session to the peer PE.

  • Page 342

    Step Command Remarks (Optional.) Configure the router peer { group-name | ip-address By default, no route reflector as a route reflector and specify a [ mask-length ] } reflect-client or client is configured. peer or peer group as its client. (Optional.) Enable L2VPN By default, L2VPN information reflection between...

  • Page 343: Configuring A Remote Ccc Connection

    Step Command Remarks Create a local site and enter site site-id [ range range-value ] By default, no local site is created. site view. [ default-offset default-offset ] By default, no cross-connect is created. Create a cross-connect and connection remote-site-id After you execute this command, a enter auto-discovery remote-site-id...

  • Page 344: Binding An Ac To A Cross-connect

    Binding an AC to a cross-connect This task is mutually exclusive with Ethernet link aggregation. If an Ethernet interface has been added to a link aggregation group, you cannot bind an Ethernet service instance on the interface to a cross-connect, and vice versa. On a Layer 2 Ethernet or Layer 2 aggregate interface, you can create an Ethernet service instance and bind it to a cross-connect.

  • Page 345: Configuring Static Pw Redundancy

    Manually perform a PW switchover. • Configuring static PW redundancy Step Command Remarks Enter system view. system-view Enter cross-connect group xconnect-group group-name view. Enter cross-connect view. connection connection-name (Optional.) Specify whether to switch traffic from the By default, traffic is immediately backup PW to the primary switched back from the backup revertive { wtr wtr-time | never }...

  • Page 346: Enabling Mac Address Software Learning On An Interface

    To avoid impacting the system, HP recommends not enabling this feature when a large number of MAC addresses change frequently. To enable MAC address software learning on an interface:...

  • Page 347: Displaying And Maintaining Mpls L2vpn

    Step Command Remarks By default, the MAC address learning limit is not set. Set the MAC address Layer 2 aggregate interfaces do learning limit on the mac-address max-mac-count count not support this command. interface. For more information about this command, see Layer 2—LAN Switching Command Reference.

  • Page 348: Mpls L2vpn Configuration Examples

    MPLS L2VPN configuration examples Configuring a static PW Network requirements Create a static PW between PE 1 and PE 2 over the backbone so that CE 1 and CE 2 can communicate within VLAN 10. Figure 87 Network diagram Table 29 Interface and IP address assignment Device Interface IP address...

  • Page 349

    # Enable L2VPN. [PE1] l2vpn enable # Enable global LDP. [PE1] mpls ldp [PE1-ldp] quit # Configure VLAN-interface 20 (the interface connected to the P device), and enable LDP on the interface. [PE1] interface vlan-interface 20 [PE1-Vlan-interface20] ip address 10.1.1.1 24 [PE1-Vlan-interface20] mpls enable [PE1-Vlan-interface20] mpls ldp enable [PE1-Vlan-interface20] quit...

  • Page 350

    # Enable global LDP. [P] mpls ldp [P-ldp] quit # Configure VLAN-interface 20 (the interface connected to PE 1), and enable LDP on the interface. [P] interface vlan-interface 20 [P-Vlan-interface20] ip address 10.1.1.2 24 [P-Vlan-interface20] mpls enable [P-Vlan-interface20] mpls ldp enable [P-Vlan-interface20] quit # Configure VLAN-interface 30 (the interface connected to PE 2), and enable LDP on the interface.

  • Page 351

    [PE2-ospf-1-area-0.0.0.0] network 192.3.3.3 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit # Create VLAN 10 and assign Ten-GigabitEthernet 1/0/1 to the VLAN. [PE2] vlan 10 [PE2-vlan10] port ten-gigabitethernet 1/0/1 [PE2-vlan10] quit # Create Ethernet service instance 10 on Ten-GigabitEthernet 1/0/1 to match packets that have an outer VLAN ID of 10.

  • Page 352: Configuring An Ldp Pw

    192.2.2.2 200/100 Static M # Verify that CE 1 and CE 2 can ping each other. (Details not shown.) Configuring an LDP PW Network requirements Create an LDP PW between PE 1 and PE 2 over the backbone so VLAN 10 on CE 1 can communicate with VLAN 10 on CE 2.

  • Page 353

    # Enable L2VPN. [PE1] l2vpn enable # Enable global LDP. [PE1] mpls ldp [PE1-ldp] quit # Configure VLAN-interface 20 (the interface connected to the P device), and enable LDP on the interface. [PE1] interface vlan-interface 20 [PE1-Vlan-interface20] ip address 10.1.1.1 24 [PE1-Vlan-interface20] mpls enable [PE1-Vlan-interface20] mpls ldp enable [PE1-Vlan-interface20] quit...

  • Page 354

    # Enable global LDP. [P] mpls ldp [P-ldp] quit # Configure VLAN-interface 20 (the interface connected to PE 1), and enable LDP on the interface. [P] interface vlan-interface 20 [P-Vlan-interface20] ip address 10.1.1.2 24 [P-Vlan-interface20] mpls enable [P-Vlan-interface20] mpls ldp enable [P-Vlan-interface20] quit # Configure VLAN-interface 30 (the interface connected to PE 2), and enable LDP on the interface.

  • Page 355

    [PE2-ospf-1-area-0.0.0.0] network 10.2.2.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit # Create VLAN 10 and assign Ten-GigabitEthernet 1/0/1 to the VLAN. [PE2] vlan 10 [PE2-vlan10] port ten-gigabitethernet 1/0/1 [PE2-vlan10] quit # Create Ethernet service instance 10 on Ten-GigabitEthernet 1/0/1 to match packets that have an outer VLAN ID of 10.

  • Page 356

    192.2.2.2 65679/65679 # Verify that CE 1 and CE 2 can ping each other. (Details not shown.) Configuring a BGP PW Network requirements Create a BGP PW between PE 1 and PE 2 so VLAN 10 on CE 1 can communicate with VLAN 10 on CE Figure 89 Network diagram Table 31 Interface and IP address assignment Device...

  • Page 357

    # Enable L2VPN. [PE1] l2vpn enable # Enable LDP globally. [PE1] mpls ldp [PE1-ldp] quit # Configure VLAN-interface 20 (the interface connected to P), and enable LDP on the interface. [PE1] interface vlan-interface 20 [PE1-Vlan-interface20] ip address 10.1.1.1 24 [PE1-Vlan-interface20] mpls enable [PE1-Vlan-interface20] mpls ldp enable [PE1-Vlan-interface20] quit # Enable OSPF for LSP establishment.

  • Page 358

    [PE1-xcg-vpnb-auto-1-2] ac interface ten-gigabitethernet 1/0/1 service-instance 10 [PE1-xcg-vpnb-auto-1-2] return Configure P: # Configure an LSR ID. <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 192.4.4.4 32 [P-LoopBack0] quit [P] mpls lsr-id 192.4.4.4 # Enable LDP globally. [P] mpls ldp [P-ldp] quit # Configure VLAN-interface 20 (the interface connected to PE 1), and enable LDP on the interface.

  • Page 359

    [PE2-Vlan-interface30] ip address 10.2.2.1 24 [PE2-Vlan-interface30] mpls enable [PE2-Vlan-interface30] mpls ldp enable [PE2-Vlan-interface30] quit # Enable OSPF for LSP establishment. [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 192.3.3.3 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 10.2.2.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit # Create an IBGP connection to PE 1, and enable BGP to advertise L2VPN information to PE 1. [PE2] bgp 100 [PE2-bgp] peer 192.2.2.2 as-number 100 [PE2-bgp] peer 192.2.2.2 connect-interface loopback 0...

  • Page 360

    [CE2-FortyGigE1/1/1] quit Verifying the configuration # Display L2VPN PW information on PE 1. The output shows that a PW has been established. <PE1> display l2vpn pw Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon Total number of PWs: 1, 1 up, 0 blocked, 0 down, 0 defect Xconnect-group Name: vpnb Peer...

  • Page 361

    Device Interface IP address Device Interface IP address Vlan-int30 10.2.2.1/24 Configuration procedure Before you perform the following configurations, configure VLANs and add ports to VLANs. Configure CE 1. <CE1> system-view [CE1] interface fortygige 1/1/1 [CE1-FortyGigE1/1/1] port link-type trunk [CE1-FortyGigE1/1/1] port trunk permit vlan 10 [CE1-FortyGigE1/1/1] quit Configure PE 1: # Configure an LSR ID.

  • Page 362

    Configure P: # Configure an LSR ID. <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 192.4.4.4 32 [P-LoopBack0] quit [P] mpls lsr-id 192.4.4.4 # Configure VLAN-interface 20 (the interface connected to PE 1), and enable MPLS on the interface. [P] interface vlan-interface 20 [P-Vlan-interface20] ip address 10.1.1.2 24 [P-Vlan-interface20] mpls enable...

  • Page 363: Configuring Ldp Pw Redundancy

    [PE2-Ten-GigabitEthernet1/0/1-srv10] quit [PE2-Ten-GigabitEthernet1/0/1] quit # Create a cross-connect group named ccc, and create a remote CCC connection that has incoming label 202, outgoing label 102, and next hop 10.2.2.2. [PE2] xconnect-group ccc [PE2-xcg-ccc] connection ccc [PE2-xcg-ccc-ccc] ccc in-label 202 out-label 102 nexthop 10.2.2.2 # Bind Ethernet service instance 10 on Ten-GigabitEthernet 1/0/1 to the CCC connection.

  • Page 364

    Figure 91 Network diagram Table 33 Interface and IP address assignment Device Interface IP address Device Interface IP address CE 1 Vlan-int10 100.1.1.1/24 PE 2 Loop0 2.2.2.2/32 PE 1 Loop0 1.1.1.1/32 Vlan-int10 Vlan-int10 Vlan-int12 12.1.1.2/24 Vlan-int12 12.1.1.1/24 PE 3 Loop0 3.3.3.3/32 Vlan-int13 13.1.1.1/24...

  • Page 365

    # Configure VLAN interface 12 (the interface connected to PE 2) and VLAN interface 13 (the interface connected to PE 3), and enable LDP for the interfaces. [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip address 12.1.1.1 24 [PE1-Vlan-interface12] mpls enable [PE1-Vlan-interface12] mpls ldp enable [PE1-Vlan-interface12] quit [PE1] interface vlan-interface 13 [PE1-Vlan-interface13] ip address 13.1.1.1 24...

  • Page 366

    <PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 2.2.2.2 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 2.2.2.2 # Enable global MPLS LDP. [PE2] mpls ldp [PE2-ldp] quit # Configure VLAN interface 12 (the interface connected to PE 1), and enable LDP on it. [PE2] interface vlan-interface 12 [PE2-Vlan-interface12] ip address 12.1.1.2 24 [PE2-Vlan-interface12] mpls enable...

  • Page 367

    [PE3-LoopBack0] quit [PE3] mpls lsr-id 3.3.3.3 # Enable global MPLS LDP. [PE3] mpls ldp [PE3-ldp] quit # Configure VLAN interface 13 (the interface connected to PE 1), and enable LDP on it. [PE3] interface vlan-interface 13 [PE3-Vlan-interface13] ip address 13.1.1.3 24 [PE3-Vlan-interface13] mpls enable [PE3-Vlan-interface13] mpls ldp enable [PE3-Vlan-interface13] quit...

  • Page 368

    <PE1> display l2vpn pw Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon Total number of PWs: 2, 1 up, 1 blocked, 0 down, 0 defect Xconnect-group Name: vpna Peer PW ID In/Out Label...

  • Page 369: Configuring An Intra-domain Multi-segment Pw

    Peer PW ID In/Out Label Proto Flag Link ID State 1.1.1.1 65779/65650 # Verify that CE 1 and CE 2 can ping each other. (Details not shown.) # Manually switch to the backup PW on PE 1. <PE1> l2vpn switchover peer 2.2.2.2 pw-id 20 # Display L2VPN PW information on PE 1.

  • Page 370

    Device Interface IP address Device Interface IP address Vlan-int26 26.2.2.1/24 Configuration procedure Configure CE 1. <CE1> system-view [CE1] vlan 10 [CE1-vlan10] quit [CE1] interface vlan-interface 10 [CE1-Vlan-interface10] ip address 100.1.1.1 24 [CE1-Vlan-interface10] quit [CE1] interface fortygige 1/1/1 [CE1-FortyGigE1/1/1] port link-type trunk [CE1-FortyGigE1/1/1] port trunk permit vlan 10 [CE1-FortyGigE1/1/1] quit Configure PE 1:...

  • Page 371

    [PE1-xcg-vpn1] quit Configure P: # Configure an LSR ID. <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 192.4.4.4 32 [P-LoopBack0] quit [P] mpls lsr-id 192.4.4.4 # Enable L2VPN. [P] l2vpn enable # Configure MPLS TE to establish an MPLS TE tunnel between PE 1 and P, and between P and PE 2.

  • Page 372

    # Create a cross-connect group named vpn1, create a cross-connect named svc in the group, and bind Ethernet service instance 1000 on Ten-GigabitEthernet 1/0/1 to the cross-connect. [PE2] xconnect-group vpn1 [PE2-xcg-vpn1] connection svc [PE2-xcg-vpn1-svc] ac interface ten-gigabitethernet 1/0/1 service-instance 1000 # Create a static PW for the cross-connect to bind the AC to the PW.

  • Page 373: Configuring An Inter-domain Multi-segment Pw

    Peer PW ID In/Out Label Proto Flag Link ID State 192.4.4.4 1000 200/100 Static M # Verify that CE 1 and CE 2 can ping each other. (Details not shown.) Configuring an inter-domain multi-segment PW Network requirements PE 1 and ASBR 1 belong to AS 100. PE 2 and ASBR 2 belong to AS 200. Set up an inter-domain multi-segment PW (a method for inter-AS Option B networking) between PE 1 and PE 2, so CE 1 and CE 2 can communicate over the backbone.

  • Page 374

    <CE1> system-view [CE1] vlan 10 [CE1-vlan10] quit [CE1] interface vlan-interface 10 [CE1-Vlan-interface10] ip address 100.1.1.1 24 [CE1-Vlan-interface10] quit [CE1] interface fortygige 1/1/1 [CE1-FortyGigE1/1/1] port link-type trunk [CE1-FortyGigE1/1/1] port trunk permit vlan 10 [CE1-FortyGigE1/1/1] quit Configure PE 1: # Configure an LSR ID. <PE1>...

  • Page 375

    # Create a cross-connect group named vpn1, create a cross-connect named ldp in the group, and bind Ethernet service instance 1000 on Ten-GigabitEthernet 1/0/1 to the cross-connect. [PE1] xconnect-group vpn1 [PE1-xcg-vpn1] connection ldp [PE1-xcg-vpn1-ldp] ac interface ten-gigabitethernet 1/0/1 service-instance 1000 # Create an LDP PW for the cross-connect to bind the AC to the PW.

  • Page 376

    [ASBR1-bgp-ipv4] peer 26.2.2.3 enable [ASBR1-bgp-ipv4] peer 26.2.2.3 route-policy policy1 export [ASBR1-bgp-ipv4] peer 26.2.2.3 label-route-capability [ASBR1-bgp-ipv4] quit [ASBR1-bgp] quit [ASBR1] route-policy policy1 permit node 1 [ASBR1-route-policy-policy1-1] apply mpls-label [ASBR1-route-policy-policy1-1] quit # Create a cross-connect group named vpn1, create a cross-connect named ldp in the group, and create two LDP PWs for the cross-connect to form a multi-segment PW.

  • Page 377

    [ASBR2-ospf-1-area-0.0.0.0] quit [ASBR2-ospf-1] quit # Configure BGP to advertise labeled routes on ASBR 2. [ASBR2] bgp 200 [ASBR2-bgp] peer 26.2.2.2 as-number 100 [ASBR2-bgp] address-family ipv4 unicast [ASBR2-bgp-ipv4] import-route direct [ASBR2-bgp-ipv4] peer 26.2.2.2 enable [ASBR2-bgp-ipv4] peer 26.2.2.2 route-policy policy1 export [ASBR2-bgp-ipv4] peer 26.2.2.2 label-route-capability [ASBR2-bgp-ipv4] quit [ASBR2-bgp] quit [ASBR2] route-policy policy1 permit node 1...

  • Page 378

    [PE2-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 22.2.2.1 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit # Create VLAN 10 and assign Ten-GigabitEthernet 1/0/1 to the VLAN. [PE2] vlan 10 [PE2-vlan10] port ten-gigabitethernet 1/0/1 [PE2-vlan10] quit # Create Ethernet service instance 1000 on Ten-GigabitEthernet 1/0/1 to match packets that have an outer VLAN ID of 10.

  • Page 379

    # Display L2VPN PW information on ASBR 1. The output shows that two PWs have been created to form a multi-segment PW. [ASBR1] display l2vpn pw Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon Total number of PWs: 2, 2 up, 0 blocked, 0 down, 0 defect Xconnect-group Name: vpn1 Peer...

  • Page 380: Configuring Vpls

    Configuring VPLS Overview Virtual Private LAN Service (VPLS) delivers a point-to-multipoint L2VPN service over an MPLS or IP backbone. The provider backbone emulates a switch to connect all geographically dispersed sites of each customer network. The backbone is transparent to the customer sites. The sites can communicate with each other as if they were on the same LAN.

  • Page 381: Vpls Implementation

    packet is forwarded to the correct VSI. The outer label is the public LSP or MPLS TE tunnel label, which makes sure the packet is correctly forwarded to the remote PE. VPLS instance—A customer network might include multiple geographically dispersed sites (such as •...

  • Page 382

    If the source MAC address of a packet from a CE does not exist in the MAC address table, the PE learns the source MAC address on the AC connected to the CE. Learning the source MAC addresses of remote sites connected through PWs: •...

  • Page 383: H-vpls

    Multicast and broadcast traffic forwarding and flooding After a PE receives a multicast or broadcast packet from an AC, the PE floods the packet to all other ACs and the PWs in the VSI bound to the AC. After a PE receives a multicast or broadcast packet from a PW, the PE floods the packet to all ACs in the VSI bound to the PW.

  • Page 384

    As shown in Figure 96, the edge domain is an MPLS network. The UPE creates a U-PW with NPE 1. The UPE does not create PWs to any remote PEs. After receiving a packet from a CE, the UPE adds the label assigned to the U-PW into the packet and then forwards the packet to NPE 1 through a public tunnel.

  • Page 385: Vpls Configuration Task List

    • • A primary and backup U-PW switchover is triggered by a command. HP recommends executing the port bridge enable command on the NPE 1' interface connected to NPE 4 when the following conditions are met: • The MPLS network (edge domain) is configured with a fast switchover mechanism, for example, LDP FRR or MPLS TE FRR.

  • Page 386

    To configure VPLS on a PE, perform the following tasks: Tasks at a glance Remarks (Required.) Enabling L2VPN In an H-VPLS using MPLS access, do (Required.) Configuring an AC not perform this task on the access NPEs of the UPEs. (Required.) Configuring a VSI Configuring a...

  • Page 387: Configuring A Vsi

    An AC is an Ethernet service instance on a Layer 2 Ethernet interface or Layer 2 aggregate interface. The AC forwards packets that are received on the interface and meet the match criteria of the Ethernet service instance to the bound VSI. On a PE, configure an Ethernet service instance on the Layer 2 Ethernet interface or Layer 2 aggregate interface that connects to a CE to match packets for the AC.

  • Page 388

    Configuring a PW Configuring a PW class In a PW class, you can configure PW attributes such as the PW type, and whether to enable control word. To simplify PW configuration, you can configure PWs with the same attributes by referencing the same PW class.

  • Page 389

    Step Command Remarks Enter system view. system-view Enter VSI view. vsi vsi-name Specify LDP signaling By default, no PW signaling protocol is for PWs, and enter VSI pwsignaling ldp specified. LDP signaling view. By default, no LDP PW is configured. If both a default PW ID in the default-pw-id command and a PW ID in the peer command are configured, the...

  • Page 390

    Step Command Remarks (Optional.) Permit the local AS number to appear in routes peer { group-name | ip-address By default, the local AS number is from the specified peer or [ mask-length ] } allow-as-loop not allowed in routes from a peer peer group and specify the [ number ] or peer group.

  • Page 391: Configuring A Bgp Auto-discovery Ldp Pw

    Step Command Remarks vpn-target vpn-target&<1-8> [ both By default, no route targets are Configure route targets for the | export-extcommunity | configured for the auto-discovery auto-discovery VSI. import-extcommunity ] VSI. (Optional.) Reference a PW By default, no PW class is pw-class class-name class.

  • Page 392

    Step Command Remarks (Optional.) Permit the local AS number to appear in routes peer { group-name | ip-address By default, the local AS number from the specified peer or [ mask-length ] } allow-as-loop is not allowed in routes from a peer group and specify the [ number ] peer or peer group.

  • Page 393

    Step Command Remarks vpn-target vpn-target&<1-8> [ both By default, no route targets are Configure route targets for the | export-extcommunity | configured for the auto-discovery auto-discovery VSI. import-extcommunity ] VSI. (Optional.) Reference a PW By default, no PW class is pw-class class-name class.

  • Page 394: Configuring Upe Dual Homing

    Configuring UPE dual homing This task includes the following configurations: • Create a backup PW for the primary PW. Specify whether to switch traffic from the backup PW to the primary PW when the primary PW • recovers, and the wait time for the switchover. Perform a manual PW switchover.

  • Page 395

    Configuring LDP PW redundancy Step Command Remarks Enter system view. system-view Enter VSI view. vsi vsi-name Specify LDP signaling for PWs, By default, no PW signaling and enter VSI LDP signaling pwsignaling ldp protocol is specified for the VSI. view. (Optional.) Specify whether to switch traffic from the backup By default, when the primary PW...

  • Page 396: Enabling Packet Statistics For An Ethernet Service Instance

    Enabling packet statistics for an Ethernet service instance Perform this task to enable packet statistics for an Ethernet service instance. To display packet statistics on the Ethernet service instance, use the display l2vpn service-instance verbose command. To enable packet statistics for an Ethernet service instance: Step Command Remarks...

  • Page 397: Vpls Configuration Examples

    Task Command Display VSI information. display l2vpn vsi [ name vsi-name ] [ verbose ] Display information about automatically display l2vpn auto-discovery [ peer ip-address ] [ vsi discovered VPLS PEs. vsi-name ] display l2vpn bgp [ peer ip-address | local ] [ vsi vsi-name ] Display VPLS label block information.

  • Page 398

    Figure 99 Network diagram Configuration procedure This task includes the following configurations: Configure basic MPLS on each PE: configure LSR ID, enable LDP, run IGP (OSPF in this example) to • establish LSPs. Establish static PWs: enable L2VPN, create static PWs, and specify labels. •...

  • Page 399

    # Configure OSPF for LDP to create LSPs. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Create a VSI, specify the peer PEs, and establish static PWs to the peer PEs. [PE1] vsi svc [PE1-vsi-svc] pwsignaling static [PE1-vsi-svc-static] peer 2.2.2.9 pw-id 3 in-label 100 out-label 100...

  • Page 400

    [PE2-Vlan-interface40] quit # Configure OSPF for LDP to create LSPs. [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit # Create a VSI, specify the peer PEs, and establish static PWs to the peer PEs. [PE2] vsi svc [PE2-vsi-svc] pwsignaling static [PE2-vsi-svc-static] peer 1.1.1.9 pw-id 3 in-label 100 out-label 100...

  • Page 401

    [PE3-Vlan-interface40] mpls ldp enable [PE3-Vlan-interface40] quit # Configure OSPF for LDP to create LSPs. [PE3] ospf [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [PE3-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [PE3-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE3-ospf-1-area-0.0.0.0] quit [PE3-ospf-1] quit # Create a VSI, specify the peer PEs, and establish static PWs to the peer PEs. [PE3] vsi svc [PE3-vsi-svc] pwsignaling static [PE3-vsi-svc-static] peer 1.1.1.9 pw-id 3 in-label 200 out-label 200...

  • Page 402: Ldp Pw Configuration Example

    Tunnel Group ID : 0x1800000260000002 Tunnel NHLFE IDs : 138 LDP PW configuration example Network requirements Configure VPLS on each PE, and establish LDP PWs between the PEs to interconnect the CEs. Figure 100 Network diagram Configuration procedure Configure an IGP and public tunnels on each PE. (Details not shown.) Configure PE 1: # Configure basic MPLS.

  • Page 403

    [PE1-vsi-aaa] quit # Create Ethernet service instance 10 on Ten-GigabitEthernet 1/0/1 to match all packets. [PE1] interface ten-gigabitethernet 1/0/1 [PE1-Ten-GigabitEthernet1/0/1] service-instance 10 [PE1-Ten-GigabitEthernet1/0/1-srv10] encapsulation default # Bind Ethernet service instance 10 to the VSI aaa. [PE1-Ten-GigabitEthernet1/0/1-srv10] xconnect vsi aaa Configure PE 2: # Configure basic MPLS.

  • Page 404: Bgp Pw Configuration Example

    # Configure VSI aaa that uses LDP as the PW signaling protocol, and establish PWs to PE 1 and PE 2. [PE3] vsi aaa [PE3-vsi-aaa] pwsignaling ldp [PE3-vsi-aaa-ldp] peer 1.1.1.9 pw-id 500 [PE3-vsi-aaa-ldp-1.1.1.9-500] quit [PE3-vsi-aaa-ldp] peer 2.2.2.9 pw-id 500 [PE3-vsi-aaa-ldp-2.2.2.9-500] quit [PE3-vsi-aaa-ldp] quit [PE3-vsi-aaa] quit # Create Ethernet service instance 10 on Ten-GigabitEthernet 1/0/1 to match all packets.

  • Page 405

    Figure 101 Network diagram Configuration procedure Configure the IGP and public tunnels. (Details not shown.) Configure PE 1: # Configure basic MPLS. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls ldp [PE1-ldp] quit # Establish IBGP connections to PE 2 and PE 3, and use BGP to advertise VPLS label block information.

  • Page 406

    [PE1-vsi-aaa-auto] signaling-protocol bgp [PE1-vsi-aaa-auto-bgp] site 1 range 10 default-offset 0 [PE1-vsi-aaa-auto-bgp] quit [PE1-vsi-aaa-auto] quit [PE1-vsi-aaa] quit # Create Ethernet service instance 10 on Ten-GigabitEthernet 1/0/1 to match all packets. [PE1] interface ten-gigabitethernet 1/0/1 [PE1-Ten-GigabitEthernet1/0/1] service-instance 10 [PE1-Ten-GigabitEthernet1/0/1-srv10] encapsulation default # Bind Ethernet service instance 10 to the VSI aaa. [PE1-Ten-GigabitEthernet1/0/1-srv10] xconnect vsi aaa Configure PE 2: # Configure basic MPLS.

  • Page 407

    [PE2-Ten-GigabitEthernet1/0/1-srv10] encapsulation default # Bind Ethernet service instance 10 to the VSI aaa. [PE2-Ten-GigabitEthernet1/0/1-srv10] xconnect vsi aaa Configure PE 3: # Configure basic MPLS. <PE3> system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 3.3.3.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 3.3.3.9 [PE3] mpls ldp [PE3-ldp] quit # Establish IBGP connections to PE 1 and PE 2, and use BGP to advertise VPLS label block...

  • Page 408

    Peer: 2.2.2.9 Remote Site: 2 Signaling Protocol : BGP Link ID PW State : Up In Label : 131195 Out Label: 131225 : 1500 PW Attributes : Main VCCV CC VCCV BFD Tunnel Group ID : 0x1800000160000001 Tunnel NHLFE IDs : 137 Peer: 3.3.3.9 Remote Site: 3...

  • Page 409: Bgp Auto-discovery Ldp Pw Configuration Example

    Remote Label Block : 131224/10/0 Export Route Target: 1:1 BGP auto-discovery LDP PW configuration example Network requirements Use BGP to discover remote PEs and use LDP to create PWs among PEs so CEs in different sites of VPN 1 can communicate with each other. Figure 102 Network diagram Configuration procedure Configure the IGP and public tunnels.

  • Page 410

    # Enable L2VPN. [PE1] l2vpn enable # Configure the VSI aaa to use BGP to discover remote PEs and use LDP to establish LDP PWs to PE 2 and PE 3. [PE1] vsi aaa [PE1-vsi-aaa] auto-discovery bgp [PE1-vsi-aaa-auto] route-distinguisher 1:1 [PE1-vsi-aaa-auto] vpn-target 1:1 [PE1-vsi-aaa-auto] signaling-protocol ldp [PE1-vsi-aaa-auto-ldp] vpls-id 100:100...

  • Page 411

    [PE2-vsi-aaa-auto] signaling-protocol ldp [PE2-vsi-aaa-auto-ldp] vpls-id 100:100 [PE2-vsi-aaa-auto-ldp] quit [PE2-vsi-aaa-auto] quit [PE2-vsi-aaa] quit # Create Ethernet service instance 10 on Ten-GigabitEthernet 1/0/1 to match all packets. [PE2] interface ten-gigabitethernet 1/0/1 [PE2-Ten-GigabitEthernet1/0/1] service-instance 10 [PE2-Ten-GigabitEthernet1/0/1-srv10] encapsulation default # Bind Ethernet service instance 10 to the VSI aaa. [PE2-Ten-GigabitEthernet1/0/1-srv10] xconnect vsi aaa Configure PE 3: # Configure basic MPLS.

  • Page 412

    [PE3-Ten-GigabitEthernet1/0/1-srv10] encapsulation default # Bind Ethernet service instance 10 to the VSI aaa. [PE3-Ten-GigabitEthernet1/0/1-srv10] xconnect vsi aaa Verifying the configuration # Verify that two LDP PWs have been established on PE 1. [PE1] display l2vpn pw verbose VSI Name: aaa Peer: 2.2.2.9 VPLS ID: 100:100 Signaling Protocol...

  • Page 413: H-vpls Using Access Configuration Example

    PW State: Up PW Status Communication: Notification method PW ID FEC (Local/Remote): Local AII : (1.1.1.9, 3.3.3.9) Remote AII : (3.3.3.9, 1.1.1.9) PW Type : VLAN/VLAN Group ID : 0/0 Label : 131154/131116 Control Word: Disabled/Disabled VCCV CV Type: -/- VCCV CC Type: -/- : 1500/1500 PW Status...

  • Page 414

    [UPE-ldp] quit # Enable L2VPN. [UPE] l2vpn enable # Configure VSI aaa to use LDP to establish a U-PW to NPE 1. [UPE] vsi aaa [UPE-vsi-aaa] pwsignaling ldp [UPE-vsi-aaa-ldp] peer 2.2.2.9 pw-id 500 [UPE-vsi-aaa-ldp-2.2.2.9-500] quit [UPE-vsi-aaa-ldp] quit [UPE-vsi-aaa] quit # Create Ethernet service instance 10 on Ten-GigabitEthernet 1/0/1 to match all packets. [UPE] interface ten-gigabitethernet 1/0/1 [UPE-Ten-GigabitEthernet1/0/1] service-instance 10 [UPE-Ten-GigabitEthernet1/0/1-srv10] encapsulation default...

  • Page 415

    [NPE2] mpls ldp [NPE2–ldp] quit # Enable L2VPN. [NPE2] l2vpn enable # Configure VSI aaa that uses LDP as the PW signaling protocol, and establish N-PWs to NPE 1 and NPE 3. [NPE2] vsi aaa [NPE2-vsi-aaa] pwsignal ldp [NPE2-vsi-aaa-ldp] peer 2.2.2.9 pw-id 500 [NPE2-vsi-aaa-ldp-2.2.2.9-500] quit [NPE2-vsi-aaa-ldp] peer 4.4.4.9 pw-id 500 [NPE2-vsi-aaa-ldp-4.4.4.9-500] quit...

  • Page 416

    [NPE3-Ten-GigabitEthernet1/0/1-srv10] xconnect vsi aaa Verifying the configuration # Verify that PWs in up state have been established on each PE. [UPE] display l2vpn pw verbose VSI Name: aaa Peer: 2.2.2.9 PW ID: 500 Signaling Protocol : LDP Link ID PW State : Up In Label : 131177 Out Label: 131177...

  • Page 417

    VSI Name: aaa Peer: 2.2.2.9 PW ID: 500 Signaling Protocol : LDP Link ID PW State : Up In Label : 131175 Out Label: 131176 : 1500 PW Attributes : Main VCCV CC VCCV BFD Tunnel Group ID : 0x1800000660000000 Tunnel NHLFE IDs : 131 Peer: 4.4.4.9...

  • Page 418: H-vpls Upe Dual Homing Configuration Example

    H-VPLS UPE dual homing configuration example Network requirements To improve reliability of the H-VPLS network, UPE establishes a U-PW with NPE 1 and NPE 2, respectively. The U-PW between UPE and NPE 1 is the primary PW and that between UPE and NPE 2 is the backup PW.

  • Page 419

    [UPE-vsi-aaa-ldp-3.3.3.3-500-backup] quit [UPE-vsi-aaa-ldp-2.2.2.2-500] quit [UPE-vsi-aaa-ldp] quit [UPE-vsi-aaa] quit # Create VLAN 10 and assign Ten-GigabitEthernet 1/0/1 to the VLAN. [UPE] vlan 10 [UPE-vlan10] port ten-gigabitethernet 1/0/1 [UPE-vlan10] quit # On interface Ten-GigabitEthernet 1/0/1 (the interface connected to CE 1), create an Ethernet service instance and bind the Ethernet service instance to VSI aaa.

  • Page 420

    [NPE1-vsi-aaa-ldp] quit [NPE1-vsi-aaa] quit Configure NPE 2: # Configure basic MPLS. <NPE2> system-view [NPE2] interface loopback 0 [NPE2-LoopBack0] ip address 3.3.3.3 32 [NPE2-LoopBack0] quit [NPE2] mpls lsr-id 3.3.3.3 [NPE2] mpls ldp [NPE2–ldp] quit # Enable L2VPN. [NPE2] l2vpn enable # Configure VSI aaa that uses LDP as the PW signaling protocol, and establish PWs to UPE, NPE 2, and NPE 3.

  • Page 421

    [NPE3] vlan 10 [NPE3-vlan10] port ten-gigabitethernet 1/0/1 [NPE3-vlan10] quit # On interface Ten-GigabitEthernet 1/0/1 (the interface connected to CE 3), create an Ethernet service instance and bind the Ethernet service instance to VSI aaa. [NPE3] interface ten-gigabitethernet 1/0/1 [NPE3-Ten-GigabitEthernet1/0/1] service-instance 1000 [NPE3-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 10 [NPE3-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi aaa [NPE3-Ten-GigabitEthernet1/0/1-srv1000] quit...

  • Page 422

    Peer: 3.3.3.3 PW ID: 500 Signaling Protocol : LDP Link ID PW State : Up In Label : 131280 Out Label: 131290 : 1500 PW Attributes : Main VCCV CC VCCV BFD Tunnel Group ID : 0x1800000160000005 Tunnel NHLFE IDs : 137 Peer: 4.4.4.4 PW ID: 500...

  • Page 423

    VCCV CC VCCV BFD Tunnel Group ID : 0x1800000160000001 Tunnel NHLFE IDs : 138 [NPE3] display l2vpn pw verbose VSI Name: aaa Peer: 2.2.2.2 PW ID: 500 Signaling Protocol : LDP Link ID PW State : Up In Label : 131279 Out Label: 131278 : 1500 PW Attributes...

  • Page 424: Configuring Mpls Oam

    Configuring MPLS OAM Overview MPLS Operation, Administration, and Maintenance (OAM) provides fault management tools for the following purposes: • MPLS data plane connectivity verification. Data plane and control plane consistency verification. • Fault locating. • These fault management tools include the following types: On-demand tools—Tools that need to be triggered manually, such as MPLS ping and MPLS tracert.

  • Page 425: Periodic Mpls Tracert

    When BFD detects a connectivity failure, it triggers the pre-configured action, such as FRR or path protection switching, to ensure uninterrupted traffic forwarding. A BFD session for LSP, MPLS TE tunnel, or PW connectivity verification can be established in one of the following modes: Static mode—You manually specify the local and remote discriminators through command lines to •...

  • Page 426: Configuring Mpls Ping For Lsps

    Configuring MPLS ping for LSPs Perform the following task in any view: Task Command ping mpls [ -a source-ip | -c count | -exp exp-value | -h ttl-value | -m wait-time | -r reply-mode | -rtos tos-value | -s Use MPLS ping to verify MPLS LSP connectivity packet-size | -t time-out | -v ] * ipv4 dest-addr mask-length for an IPv4 prefix.

  • Page 427: Configuring Periodic Mpls Tracert For Lsps

    On a BFD session established in static mode, the ingress node and egress node both operate in • active mode. On a BFD session established in dynamic mode, the egress node operates in active mode and the ingress node operates in passive mode. Executing the bfd session init-mode command on the ingress or egress node does not change the node's operating mode.

  • Page 428: Configuring Mpls Oam For A Pw

    To establish a static BFD session, ensure that the local and remote discriminators configured locally • are identical with the remote and local discriminators configured on the remote device, respectively. The source address of the BFD session is the MPLS LSR ID of the local device. Before you configure •...

  • Page 429: Configuring Bfd For A Pw

    Create the PW, and reference the PW class created in the previous step for the PW. Perform the following task in any view: Task Command ping mpls [ -a source-ip | -c count | -exp exp-value | -h ttl-value | -m Use MPLS ping to verify the wait-time | -r reply-mode | -rtos tos-value | -s packet-size | -t time-out | connectivity of a PW.

  • Page 430

    Step Command Remarks peer ip-address pw-id pw-id Configure a PW, specify the [ in-label label-value out-label created PW class for it, and By default, no PW is configured. label-value ] pw-class class-name enter PW view. [ tunnel-policy tunnel-policy-name ] By default, no local and remote discriminators are configured.

  • Page 431

    Step Command Remarks peer ip-address pw-id pw-id Configure a VPLS PW, in-label label-value out-label specify the created PW class label-value pw-class class-name By default, no VPLS PW is for it, and enter VSI static [ hub | no-split-horizon | configured. PW view.

  • Page 432: Displaying Mpls Oam

    Step Command Remarks Configure a VPLS PW, peer ip-address pw-id pw-id specify the created PW class pw-class class-name [ hub | By default, no VPLS PW is for it, and enter VSI LDP PW no-split-horizon | tnl-policy configured. view. tunnel-policy-name ] * By default, no local and remote discriminators are configured.

  • Page 433

    Figure 105 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF to ensure IP connectivity between the switches: # Configure Switch A. <SwitchA> system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B.

  • Page 434

    [SwitchB] mpls lsr-id 2.2.2.9 [SwitchB] mpls ldp [SwitchB-ldp] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] mpls enable [SwitchB-Vlan-interface2] mpls ldp enable [SwitchB-Vlan-interface2] quit [SwitchB] interface vlan-interface 3 [SwitchB-Vlan-interface3] mpls enable [SwitchB-Vlan-interface3] mpls ldp enable [SwitchB-Vlan-interface3] quit # Configure Switch C. [SwitchC] mpls lsr-id 3.3.3.9 [SwitchC] mpls ldp [SwitchC-ldp] quit [SwitchC] interface vlan-interface 3...

  • Page 435: Bfd For Pw Configuration Example

    Source IP: 1.1.1.9 Destination IP: 127.0.0.1 Session State: Up Session Role: Passive Template Name: - The output shows that two BFD sessions have been established between Switch A and Switch C. One session verifies the connectivity of the LSP from 3.3.3.9/32 to 1.1.1.9/32 and the other session verifies the connectivity of the LSP from 1.1.1.9/32 to 3.3.3.9/32.

  • Page 436

    [CE1-Vlan-interface10] ip address 100.1.1.1 24 [CE1-Vlan-interface10] quit Configure PE 1: # Configure an LSR ID. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.1 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.1 # Enable global MPLS LDP. [PE1] mpls ldp [PE1-ldp] quit # Establish LDP sessions with PE 2 and PE 3.

  • Page 437

    # Create cross-connect group vpna and create a cross-connect named ldp in the cross-connect group. Bind the cross-connect to interface VLAN-interface 10 and create the primary and backup LDP PWs in the cross-connect. The primary PW references the PW class pwa. [PE1] xconnect-group vpna [PE1-xcg-vpna] connection ldp [PE1-xcg-vpna-ldp] ac interface vlan-interface 10...

  • Page 438

    [PE2-pw-pwa] vccv bfd [PE2-pw-pwa] vccv cc router-alert [PE2-pw-pwa] quit # Create cross-connect group vpna and create a cross-connect named ldp in the cross-connect group. Bind the cross-connect to interface VLAN-interface 10 and create an LDP PW that references the PW class pwa in the cross-connect [PE2] xconnect-group vpna [PE2-xcg-vpna] connection ldp [PE2-xcg-vpna-ldp] ac interface vlan-interface 10...

  • Page 439

    [PE3-xcg-vpna-ldp] ac interface vlan-interface 10 [PE3-xcg-vpna-ldp] peer 1.1.1.1 pw-id 30 [PE3-xcg-vpna-ldp-1.1.1.1-30] quit [PE3-xcg-vpna-ldp] quit [PE3-xcg-vpna] quit Configure CE 2. <CE2> system-view [CE2] interface vlan-interface 10 [CE2-Vlan-interface10] ip address 100.1.1.2 24 [CE2-Vlan-interface10] quit Verifying the configuration # Display L2VPN PW information on PE 1. The output shows that two PWs (one primary and one backup) have been established.

  • Page 440

    PW ID: 3 Connection ID: 2147483648 Link ID: 1 Local Discr: 514 Remote Discr: 514 Source IP: 1.1.1.1 Destination IP: 127.0.0.2 Session State: Up Session Role: Active Template Name: - # Verify that CE 1 and CE 2 can ping each other. (Details not shown.) # Shut down the PW between PE 1 and PE 2.

  • Page 441: Configuring Mce

    Configuring MCE This chapter describes MCE configuration. For information about the related routing protocols, see Layer IP Routing Configuration Guide. — MPLS L3VPN overview MPLS L3VPN is a L3VPN technology used to interconnect geographically dispersed VPN sites. MPLS L3VPN uses BGP to advertise VPN routes and uses MPLS to forward VPN packets over a service provider backbone.

  • Page 442

    MPLS L3VPN concepts Site A site has the following features: A site is a group of IP systems with IP connectivity that does not rely on any service provider network. • The classification of a site depends on the topology relationship of the devices, rather than the •...

  • Page 443: Mce Overview

    As shown in Figure 108, a VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, followed by a four-byte IPv4 prefix. The RD and the IPv4 prefix form a unique VPN-IPv4 prefix. An RD can be in one of the following formats: When the Type field is 0, the Administrator subfield occupies two bytes, the Assigned number •...

  • Page 444: Mce Configuration Task List

    Figure 109 Network diagram for the MCE function As shown in Figure 109, the MCE exchanges private routes with VPN sites and PE 1, and adds the private routes to the routing tables of corresponding VPN instances. Route exchange between MCE and VPN site—Create VPN instances VPN 1 and VPN 2 on the •...

  • Page 445

    Configuring VPN instances VPN instances isolate VPN routes from public network routes and routes among VPNs. You must configure VPN instances for an MCE network. Creating a VPN instance A VPN instance is a collection of the VPN membership and routing rules of its associated site. A VPN instance may not correspond to one VPN.

  • Page 446: Configuring Route Related Attributes For A Vpn Instance

    Configuring route related attributes for a VPN instance Step Command Remarks Enter system view. system-view Configurations made in VPN • Enter VPN instance view: instance view apply to both IPv4 ip vpn-instance vpn-instance-name VPN and IPv6 VPN. • Enter IPv4 VPN view: Enter VPN instance view IPv4 VPN prefers the or IPv4 VPN view.

  • Page 447: Configuring Routing On An Mce

    Configuring routing on an MCE MCE implements service isolation through route isolation. MCE routing configuration includes the following: • MCE-VPN site routing configuration. MCE-PE routing configuration. • On the PE, do the following: Disable routing loop detection to avoid route loss during route calculation. •...

  • Page 448

    instances can isolate routes of different VPNs. For more information about RIP, see Layer 3—IP Routing Configuration Guide. To configure RIP between an MCE and a VPN site: Step Command Remarks Enter system view. system-view Create a RIP process for a Perform this configuration on the rip [ process-id ] vpn-instance VPN instance and enter RIP...

  • Page 449

    VPN routes. loops. To avoid such routing loops, you can configure route tags for VPN instances on an MCE. HP recommends that you configure the same route tag for the same VPN on the MCEs.

  • Page 450

    To configure IS-IS between an MCE and a VPN site: Step Command Remarks Enter system view. system-view Create an IS-IS process for a Perform this configuration on the isis [ process-id ] vpn-instance VPN instance and enter IS-IS MCE. On a VPN site, configure a vpn-instance-name view.

  • Page 451

    Step Command Remarks Allow the local AS number to appear in the AS_PATH peer { group-name | ip-address By default, BGP discards attribute of routes received [ mask-length ] } allow-as-loop incoming route updates that from the peer, and set the [ number ] contain the local AS number.

  • Page 452

    Step Command Remarks peer { group-name | ip-address Configure an IBGP peer. [ mask-length ] } as-number as-number Enter BGP-VPN IPv4 unicast address-family ipv4 [ unicast ] address family view. Enable BGP to exchange By default, BGP does not peer { group-name | ip-address IPv4 unicast routes with the exchange IPv4 unicast routes [ mask-length ] } enable...

  • Page 453: Configuring Routing Between An Mce And A Pe

    Step Command Remarks By default, no routes are import-route protocol redistributed into BGP. Redistribute the IGP routes [ { process-id | all-processes } A VPN site must advertise VPN of the VPN into BGP. [ med med-value | route-policy network addresses to the route-policy-name ] * ] connected MCE.

  • Page 454

    VPN routes. loops. To avoid such routing loops, you can configure route tags for VPN instances on an MCE. HP recommends that you configure the same route tag for the same VPN on the MCEs.

  • Page 455

    Step Command Remarks By default, OSPF does not redistribute the default route. (Optional.) Configure OSPF default-route-advertise summary This command redistributes the to redistribute the default cost cost default route in a Type-3 LSA. The route. MCE advertises the default route to the PE.

  • Page 456

    Configuring EBGP between an MCE and a PE Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter BGP-VPN instance ip vpn-instance vpn-instance-name view. Configure the PE as an peer { group-name | ip-address EBGP peer. [ mask-length ] } as-number as-number Enter BGP-VPN IPv4 unicast address family address-family ipv4 [ unicast ]...

  • Page 457: Displaying And Maintaining Mce

    Step Command Remarks (Optional.) Configure filter-policy { acl-number | prefix-list By default, BGP does not filter filtering of received prefix-list-name } import received routes. routes. Displaying and maintaining MCE Execute display commands in any view. Task Command Display information about a specified or display ip vpn-instance [ instance-name vpn-instance-name ] all VPN instances.

  • Page 458

    Figure 110 Network diagram Configuration procedure Assume that the system name of the MCE device is MCE, the system names of the edge devices of VPN 1 and VPN 2 are VR1 and VR2, respectively, and the system name of PE 1 is PE1. Configure the VPN instances on the MCE and PE 1: # On the MCE, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance.

  • Page 459

    [MCE] interface vlan-interface 20 [MCE-Vlan-interface20] ip binding vpn-instance vpn2 [MCE-Vlan-interface20] ip address 10.214.20.3 24 [MCE-Vlan-interface20] quit # On PE 1, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance. <PE1> system-view [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 10:1 [PE1-vpn-instance-vpn1] vpn-target 10:1 [PE1-vpn-instance-vpn1] quit...

  • Page 460

    # Run OSPF in VPN 2. Create OSPF process 20 and bind it to VPN instance vpn2 on the MCE, so that the MCE can learn the routes of VPN 2 and add them to the routing table of the VPN instance vpn2.

  • Page 461

    [MCE-Vlan-interface30] quit # On the MCE, bind VLAN-interface 40 to VPN instance vpn2, and configure an IP address for the VLAN interface. [MCE] interface vlan-interface 40 [MCE-Vlan-interface40] ip binding vpn-instance vpn2 [MCE-Vlan-interface40] ip address 40.1.1.1 24 [MCE-Vlan-interface40] quit # On PE 1, bind VLAN-interface 30 to VPN instance vpn1, and configure an IP address for the VLAN interface.

  • Page 462

    Verifying the configuration # On PE 1, display the routing information for VPN 1. The output shows that the static route of VPN 1 has been redistributed to the OSPF routing table of PE 1. [PE1] display ip routing-table vpn-instance vpn1 Destinations : 13 Routes : 13 Destination/Mask...

  • Page 463: Configuring The Mce That Uses Ebgp To Advertise Vpn Routes To The Pe

    Configuring the MCE that uses EBGP to advertise VPN routes to the PE Network requirements As shown in Figure 1 1 1, configure the MCE to advertise the routes of VPNs 1 and 2 to PE 1, so that the sites of each VPN can communicate with each other over the MPLS backbone.

  • Page 464

    [MCE-ospf-10] quit # Display the routing table of VPN 1 on the MCE. [MCE] display ip routing-table vpn-instance vpn1 Destinations : 13 Routes : 13 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 127.0.0.1 InLoop0 10.214.10.0/24 Direct 0 10.214.10.3 Vlan10 10.214.10.0/32 Direct 0 10.214.10.3...

  • Page 465

    # Enter the BGP-VPN instance view of VPN instance vpn1. [MCE-bgp] ip vpn-instance vpn1 # Specify the EBGP peer PE 1 in AS 200. [MCE-bgp-vpn1] peer 30.1.1.2 as-number 200 # Activate the EBGP VPNv4 peer PE 1, and redistribute routing information from OSPF process 10 to BGP.

  • Page 466

    40.1.1.0/24 Direct 0 40.1.1.2 Vlan40 40.1.1.0/32 Direct 0 40.1.1.2 Vlan40 40.1.1.2/32 Direct 0 127.0.0.1 InLoop0 40.1.1.255/32 Direct 0 40.1.1.2 Vlan40 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 127.0.0.1 InLoop0 192.168.10.0/24 40.1.1.1 Vlan40...

  • Page 467: Configuring Ipv6 Mce

    Configuring IPv6 MCE This chapter describes IPv6 MCE configuration. Overview In MPLS L3VPN networks, MCE uses static routes or dynamic routing protocols to advertise IPv4 routes between internal networks and PEs and forwards IPv4 packets. In IPv6 MPLS L3VPN networks, IPv6 MCE uses IPv6 static routes and dynamic routing protocols to advertise IPv6 routes between internal networks and PEs and forwards IPv6 packets.

  • Page 468: Associating A Vpn Instance With An Interface

    Step Command Remarks By default, no description is configured for a VPN instance. (Optional.) Configure a The description should contain the description for the VPN description text VPN instance's related instance. information, such as its relationship with a certain VPN. (Optional.) Configure an ID By default, no ID is configured for a vpn-id vpn-id...

  • Page 469

    Step Command Remarks • Enter VPN instance view: Configurations made in VPN ip vpn-instance instance view apply to both IPv4 vpn-instance-name VPN and IPv6 VPN. Enter VPN instance view or • Enter IPv6 VPN view: IPv6 VPN prefers the IPv6 VPN view. ip vpn-instance configurations in IPv6 VPN view vpn-instance-name...

  • Page 470

    Configuring routing on an MCE An MCE implements service isolation through route isolation. MCE routing configuration includes the following: • MCE-VPN site routing configuration. MCE-PE routing configuration. • On a PE in an MCE network environment, do the following: Disable routing loop detection to avoid route loss during route calculation. •...

  • Page 471

    Step Command Remarks Enter system view. system-view Create a RIPng process for a Perform this configuration on the ripng [ process-id ] vpn-instance VPN instance and enter RIPng MCE. On a VPN site, configure vpn-instance-name view. normal RIPng. import-route protocol [ process-id ] Redistribute remote site routes By default, no routes are [ allow-ibgp ] [ cost cost |...

  • Page 472

    Step Command Remarks import-route protocol [ process-id | all-processes | allow-ibgp ] [ cost Redistribute remote site routes By default, no routes are cost | nssa-only | route-policy advertised by the PE. redistributed into OSPFv3. route-policy-name | tag tag | type type ] * Return to system view.

  • Page 473

    Configure the MCE: Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter BGP-VPN instance ip vpn-instance view. vpn-instance-name peer { group-name | Specify an IPv6 BGP peer in By default, no BGP peer is ipv6-address [ prefix-length ] } an AS.

  • Page 474

    Configuring IBGP between an MCE and a VPN site To use IBGP between an MCE and a VPN site, you must configure a BGP peer for each IPv6 VPN instance on the MCE, and redistribute the IGP routes of each VPN instance on the VPN site. Configure the MCE: Step Command...

  • Page 475

    Step Command Remarks peer { group-name | Configure the MCE as an ipv6-address [ prefix-length ] } IBGP peer. as-number as-number Enter BGP-VPN IPv6 unicast address-family ipv6 [ unicast ] address family view. Enable BGP to exchange peer { group-name | By default, BGP does not IPv6 unicast routes with the ipv6-address [ prefix-length ] }...

  • Page 476

    Step Command Remarks Create a RIPng process for an ripng [ process-id ] vpn-instance IPv6 VPN instance and enter vpn-instance-name RIPng view. import-route protocol [ process-id ] By default, no routes are Redistribute VPN routes. [ allow-ibgp ] [ cost cost | redistributed into RIPng.

  • Page 477

    Step Command Remarks interface interface-type Enter interface view. interface-number Enable the OSPFv3 process ospfv3 process-id area area-id By default, OSPFv3 is disabled on on the interface. [ instance instance-id ] an interface. Configuring IPv6 IS-IS between an MCE and a PE Step Command Remarks...

  • Page 478: Displaying And Maintaining Ipv6 Mce

    Step Command Remarks Enable BGP to exchange IPv6 peer { group-name | ipv6-address By default, BGP does not exchange unicast routes with the [ prefix-length ] } enable IPv6 unicast routes with any peer. specified peer. import-route protocol [ process-id By default, no routes are Redistribute VPN routes.

  • Page 479: Ipv6 Mce Configuration Example

    Task Command Display information about a specified VPN instance or all VPN display ip vpn-instance [ instance-name vpn-instance-name ] instances. Display BGP peer group information display bgp group ipv6 [ unicast ] vpn-instance vpn-instance-name for a VPN instance. [ group-name group-name ] display bgp peer ipv6 [ unicast ] vpn-instance vpn-instance-name Display BGP peer information for a [ ipv6-address prefix-length | { ipv6-address | group-name...

  • Page 480

    Figure 112 Network diagram Configuration procedure Assume that the system name of the MCE device is MCE, the system names of the edge devices of VPN 1 and VPN 2 are VR1 and VR2, respectively, and the system name of PE 1 is PE1. Configure the VPN instances on the MCE and PE 1: # On the MCE, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance.

  • Page 481

    [MCE-Vlan-interface10] quit # Bind VLAN-interface 20 to VPN instance vpn2, and configure an IPv6 address for the VLAN interface. [MCE] interface vlan-interface 20 [MCE-Vlan-interface20] ip binding vpn-instance vpn2 [MCE-Vlan-interface20] ipv6 address 2002:1::1 64 [MCE-Vlan-interface20] quit # On PE 1, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance.

  • Page 482

    [VR2-Vlan-interface21] ripng 20 enable [VR2-Vlan-interface21] quit # On the MCE, display the routing table of VPN instance vpn1. [MCE] display ipv6 routing-table vpn-instance vpn1 Destinations : 6 Routes : 6 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost...

  • Page 483

    NextHop : FE80::20C:29FF:FE40:701 Preference: 100 Interface : Vlan20 Cost Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost The output shows that the MCE has learned the private route of VPN 2. The MCE maintains the routes of VPN 1 and VPN 2 in two different routing tables.

  • Page 484

    # Enable OSPFv3 on VLAN-interface 30. [MCE] interface vlan-interface 30 [MCE-Vlan-interface30] ospfv3 10 area 0.0.0.0 [MCE-Vlan-interface30] quit # On PE 1, enable OSPFv3 process 10 and bind the process to VPN instance vpn1. [PE1] ospfv3 10 vpn-instance vpn1 [PE1-ospfv3-10] router-id 100.100.10.1 [PE1-ospfv3-10] quit # Enable OSPFv3 on VLAN-interface 30.

  • Page 485

    [PE1] display ipv6 routing-table vpn-instance vpn2 Destinations : 6 Routes : 6 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 40::/64 Protocol : Direct NextHop : :: Preference: 0 Interface : Vlan40 Cost Destination: 40::2/128 Protocol : Direct...

  • Page 486: Support And Other Resources

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...

  • Page 487: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...

  • Page 488

    Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 489: Index

    Index MPLS TE link attribute (OSPF TE), MPLS TE traffic forwarding automatic route advertisement (forwarding adjacency), MPLS L2VPN AC configuration, MPLS TE traffic forwarding automatic route MPLS L2VPN attachment circuit (AC), advertisement (IGP shortcut), MPLS L2VPN cross-connect+AC binding, MPLS TE tunnel traffic direction (automatic route VPLS architecture, advertisement), VPLS configuration,...

  • Page 490

    MPLS L3VPN inter-AS VPN option C ASBR, H-VPLS UPE dual homing configuration, associating VPLS BGP PW configuration, IPv6 MPLS L3VPN VPN instance with VPLS configuration, 371, 376, interface, 278, VPLS LDP PW configuration, MPLS L3VPN VPN instance with VPLS LDP PW configuration (BGP interface, 183, auto-discovery), attachment circuit.

  • Page 491

    IPv6 MPLS L3VPN inter-AS option C, VPLS BGP label block information advertisement, IPv6 MPLS L3VPN logging for BGP route flapping, VPLS BGP PW configuration, 380, IPv6 MPLS L3VPN loopback address VPLS BGP PW creation, redistribution, VPLS LDP PW configuration (BGP IPv6 MPLS L3VPN MCE, auto-discovery), 382, IPv6 MPLS L3VPN OSPFv3 sham link,...

  • Page 492

    IPv6 MPLS L3VPN PE-CE OSPFv3, IPv6 MPLS L3VPN inter-AS IPv6 VPN option C IPv6 MPLS L3VPN PE-CE RIPng, IPv6 MPLS L3VPN inter-AS IPv6 VPN option C IPv6 MPLS L3VPN PE-CE static routing, routing policy, IPv6 MPLS L3VPN routing information IPv6 MPLS L3VPN inter-AS option A, advertisement, IPv6 MPLS L3VPN inter-AS option C, MPLS L2VPN AC configuration,...

  • Page 493

    LDP label advertisement control, MPLS L3VPN carrier's carrier, LDP label advertisement policy, MPLS L3VPN FRR, LDP label distribution control mode, MPLS L3VPN FRR (IPv4 route/VPNv4 route backup), LDP link hello timer, MPLS L3VPN FRR (VPNv4 route/IPv4 route LDP loop detection, backup), LDP LSP, MPLS L3VPN FRR (VPNv4 route/route backup),...

  • Page 494

    MPLS L3VPN PE-CE IS-IS, MPLS TE link attribute advertisement (OSPF TE), MPLS L3VPN PE-CE OSPF, MPLS TE RSVP-TE RSVP resource reservation style, MPLS L3VPN PE-CE RIP, MPLS TE traffic forwarding, MPLS L3VPN PE-CE routing, MPLS TE tunnel affinity attribute, MPLS L3VPN PE-CE static routing, MPLS TE tunnel automatic route advertisement traffic direction (forwarding adjacency), MPLS L3VPN PE-PE routing,...

  • Page 495

    VPLS LDP PW, 379, MPLS TE dynamic implementation, VPLS LDP PW (BGP auto-discovery), 382, MPLS TE FRR, 58, 58, VPLS MAC address learning, MPLS TE FRR bypass tunnel on PLR, VPLS PW, MPLS TE FRR link protection, 58, VPLS PW class, MPLS TE FRR manual bypass tunnel, 1 12 VPLS static PW, 379,...

  • Page 496

    LDP loop detection, LDP discovery message type, MPLS TE FRR node fault detection, LDP peer basic discovery, MPLS TE loop detection, LDP peer extended discovery, device LDP session parameters (Basic Discovery), customer edge device. See LDP session parameters (Extended Discovery), IPv6 MCE configuration, displaying IPv6 MPLS L3VPN,...

  • Page 497

    EBGP MPLS TE inter-AS tunnel with RSVP-TE, IPv6 MPLS L3VPN MCE/VPN site EBGP, MPLS TE tunnel over static CRLSP, IPv6 MPLS L3VPN MCE-PE EBGP, MPLS TE tunnel with RSVP-TE, 70, IPv6 MPLS L3VPN MCE-PE routing, RSVP TE tunnel, IPv6 MPLS L3VPN PE/CE EBGP, Ethernet MPLS L3VPN hub-spoke network, 21 1...

  • Page 498

    LDP GR, MPLS L3VPN FRR IPv4 route backup (VPNv4 route), LDP NSR, MPLS L3VPN FRR VPNv4 route backup (IPv4 MPLS FEC, route), MPLS FEC label format, MPLS L3VPN FRR VPNv4 route backup (VPNv4 MPLS forwarding plane, route), MPLS forwarding statistics, MPLS TE, MPLS L3VPN packet forwarding, MPLS TE auto FRR configuration,...

  • Page 499

    RSVP GR, MPLS TTL-expired message send, RSVP GR configuration, identifier (LDP), RSVP hello extension, IETF DS-TE RSVP-TE Hello message, MPLS TE DiffServ-aware TE mode, hierarchical VPLS. Use H-VPLS MPLS TE IETF DS-TE configuration, hierarchy of PE. See HoVPN LDP-IGP synchronization, 22, of VPN.

  • Page 500

    MPLS L3VPN option C, 167, 169, 193, LDP session protection, inter-domain multi-segment PW LDP session reset, configuration, LDP SNMP notification, MPLS L2VPN, LDP-IGP synchronization, 22, interval LDP-IS-IS synchronization, MPLS TE CRLSP flooding, LDP-OSPF synchronization, MPLS TE FRR optimal bypass tunnel selection MPLS basics configuration, 1, interval, static LSP configuration, 12,...

  • Page 501

    inter-AS IPv6 VPN option A, IS-IS inter-AS IPv6 VPN option C, LDP-IS-IS synchronization, inter-AS IPv6 VPN option C ASBR-PE, MPLS L3VPN MCE-PE IS-IS, inter-AS IPv6 VPN option C PE, MPLS L3VPN MCE-VPN site IS-IS, inter-AS IPv6 VPN option C routing policy, MPLS L3VPN PE-CE IS-IS configuration, inter-AS option A, MPLS TE attribute advertisement,...

  • Page 502

    RSVP-TE tunnel establishment, loop detection configuration, static CRLSP configuration, 132, LSP configuration, static LSP configuration, 12, LSP establishment, switched path. Use LSP generation policy, switching router. Use MD5 authentication, message types, virtual private LAN service. Use VPLS MPLS L2VPN BGP PW, Layer 2 MPLS L2VPN configuration, MPLS VPN.

  • Page 503

    MPLS forwarding plane, MPLS forwarding process, troubleshooting MPLS TE no TE LSA generated, link IPv6 MPLS L3VPN OSPF sham link, dynamic LSP establishment, IPv6 MPLS L3VPN OSPF sham link exclusive tunnel configuration, creation, LDP configuration, 16, 23, IPv6 MPLS L3VPN OSPFv3 sham link, LDP label acceptance control, LDP FRR, LDP label advertisement control,...

  • Page 504

    LDP peer, Maximum Allocation Model. See LDP session, MPLS control plane, configuration, MPLS network architecture, displaying, MPLS TTL propagation, IPv6 MPLS L3VPN MCE routing, MPLS TTL-expired message send, IPv6 MPLS L3VPN MCE/VPN site EBGP, IPv6 MPLS L3VPN MCE/VPN site IBGP, IPv6 MPLS L3VPN MCE/VPN site IPv6 IS-IS, MAC address IPv6 MPLS L3VPN MCE/VPN site OSPFv3,...

  • Page 505

    LDP advertisement, FEC, LDP discovery, FEC label format, LDP notification, forwarding plane, LDP session, forwarding process, MPLS TTL-expired message send, forwarding statistics enable, RSVP authentication, IPv4 LDP label acceptance control, RSVP refresh message, IPv4 LDP label advertisement control, RSVP reliable message delivery, IPv4 LDP LSP configuration, RSVP Srefresh mechanism, L2VPN.

  • Page 506

    preferred tunnel configuration, PW redundancy, preferred tunnel+selection order PW redundancy configuration, configuration, PW VCCV, protocols and standards, remote CCC connection configuration, RSVP display, static PW configuration, 331, RSVP maintain, static PW redundancy configuration, RSVP protocols and standards, VPLS configuration, 376, SNMP notifications enable, VPLS MAC address learning, static CRLSP configuration, 132,...

  • Page 507

    IPv6. See IPv6 MPLS L3VPN PE-PE routing, IPv6 MCE, protocols and standards, logging for BGP route flapping, route advertisement, loopback interface, routing loop avoidance, loopback route redistribution, site, 162, maintain, SNMP notification enable, MCE, 432, VPN instance, 162, MCE EBGP VPN route advertising, VPN instance configuration, 182, MCE OSPF VPN route advertising, VPN instance creation, 182,...

  • Page 508

    MPLS L3VPN configuration, 161, IPv6 MPLS L3VPN inter-AS option C, MPLS L3VPN HoVPN, IPv6 MPLS L3VPN OSPFv3 sham link, MPLS L3VPN inter-AS option A, link attribute advertisement (IGP TE extension), MPLS L3VPN inter-AS option B, link attribute advertisement (IS-IS TE), MPLS L3VPN inter-AS option C, link attribute advertisement (OSPF TE), MPLS L3VPN MCE EBGP VPN route...

  • Page 509

    traffic forwarding configuration, IPv6 MPLS L3VPN basics, traffic forwarding static routing, IPv6 MPLS L3VPN BGP VPNv6 route control, troubleshoot, IPv6 MPLS L3VPN carrier's carrier, troubleshoot no TE LSA generated, IPv6 MPLS L3VPN configuration, tunnel automatic bandwidth adjustment, IPv6 MPLS L3VPN features, tunnel configuration over dynamic CRLSP, IPv6 MPLS L3VPN inter-AS IPv6 VPN, tunnel configuration over static CRLSP,...

  • Page 510

    IPv6 MPLS L3VPN VPN instance, MPLS L2VPN BGP PW remote CCC connection, IPv6 MPLS L3VPN VPN instance configuration, MPLS L2VPN cross-connect configuration, 330, IPv6 MPLS L3VPN VPN instance MPLS L2VPN cross-connect+AC binding, 335, creation, 278, MPLS L2VPN LDP PW, 331, IPv6 MPLS L3VPN VPN instance interface MPLS L2VPN LDP PW redundancy, 336, association, 278,...

  • Page 511

    MPLS L3VPN inter-AS VPN option A, 168, MPLS L3VPN PE-CE static routing, MPLS L3VPN inter-AS VPN option B, MPLS L3VPN PE-PE routing, MPLS L3VPN inter-AS VPN option C, MPLS L3VPN route advertisement, MPLS L3VPN logging for BGP route MPLS L3VPN routing loop avoidance, flapping, MPLS L3VPN site, 162, MPLS L3VPN loopback interface,...

  • Page 512

    MPLS TE FRR node fault detection, VPLS VSI configuration, MPLS TE FRR optimal bypass tunnel selection VPLS VSI+AC binding, interval, network management MPLS TE IETF DS-TE configuration, IPv6 MCE configuration, MPLS TE inter-AS tunnel with RSVP-TE, IPv6 MPLS L3VPN, 277, MPLS TE make-before-break, IPv6 MPLS L3VPN configuration, MPLS TE route pinning,...

  • Page 513

    MPLS SNMP notifications, P device MPLS L3VPN architecture, 161, H-VPLS, number MPLS L2VPN configuration, MPLS L3VPN BGP AS number MPLS L2VPN static PW configuration, substitution, 179, 201, packet IPv6 MPLS L3VPN packet forwarding, LDP FRR, LDP FRR configuration, MPLS L2VPN PW VCCV, MPLS control plane, MPLS OAM.

  • Page 514

    IPv6 MPLS L3VPN MCE/VPN site IBGP, MPLS L3VPN MCE-PE RIP, IPv6 MPLS L3VPN MCE/VPN site IPv6 MPLS L3VPN MCE-PE routing, IS-IS, MPLS L3VPN MCE-PE static routing, IPv6 MPLS L3VPN MCE/VPN site OSPFv3, MPLS L3VPN MP-BGP, IPv6 MPLS L3VPN MCE/VPN site RIPng, MPLS L3VPN nested VPN, 173, IPv6 MPLS L3VPN MCE/VPN site routing, MPLS L3VPN OSPF area PE-CE configuration,...

  • Page 515

    LDP LSP generation policy, configuring IPv6 MPLS L3VPN inter-AS option MPLS L3VPN inter-AS VPN option C routing policy, configuring IPv6 MPLS L3VPN loopback interface, tunnel policy configuration, configuring IPv6 MPLS L3VPN MCE routing, POP label forwarding mode (MPLS L3VPN), configuring IPv6 MPLS L3VPN MCE/VPN site POPGO label forwarding mode (MPLS L3VPN), routing, preference...

  • Page 516

    configuring LDP, configuring MPLS L2VPN PW, configuring LDP backoff, configuring MPLS L2VPN PW class, configuring LDP FRR, 35, configuring MPLS L2VPN PW redundancy, configuring LDP GR, configuring MPLS L2VPN remote CCC connection, configuring LDP hello parameter, configuring MPLS L2VPN static PW, 331, configuring LDP label acceptance control, configuring MPLS L2VPN static PW configuring LDP label acceptance policy,...

  • Page 517

    configuring MPLS L3VPN MCE-PE OSPF, configuring MPLS OAM ping for LSP, configuring MPLS L3VPN MCE-PE RIP, configuring MPLS OAM ping for PW, configuring MPLS L3VPN MCE-PE routing, configuring MPLS OAM tracert for LSP, configuring MPLS L3VPN MCE-PE static configuring MPLS OAM tracert for LSP routing, (periodic), configuring MPLS L3VPN MCE-VPN site...

  • Page 518

    configuring MPLS TE tunnel over static configuring VPLS static PW, 379, CRLSP, configuring VPLS UPE dual homing, configuring MPLS TE tunnel setup priority, configuring VPLS UPE dual homing (redundant LDP configuring MPLS TE tunnel setup retry, PWs), configuring MPLS TE tunnel strict explicit configuring VPLS UPE dual homing (redundant static path, PWs),...

  • Page 519

    enabling MPLS TE loop detection, MPLS, enabling MPLS TE route recording, MPLS L3VPN, enabling MPLS TTL-expired message send, MPLS OAM, enabling packet statistics for Ethernet service MPLS TE, instance, RSVP, enabling RSVP, provider enabling RSVP BFD, device. See P device enabling VPLS L2VPN, edge device.

  • Page 520

    MPLS OAM BFD for MPLS L2VPN PW, RSVP Srefresh configuration, MPLS OAM BFD for PW, 420, RSVP Srefresh mechanism, MPLS OAM BFD for VPLS LDP PW, reliable message delivery (RSVP), 140, MPLS OAM BFD for VPLS static PW, remote MPLS OAM for PW, MPLS L2VPN BGP PW remote CCC connection, MPLS OAM ping for PW,...

  • Page 521

    MPLS L3VPN VPN instance route related IPv6 MPLS L3VPN PE/CE routing, attribute configuration, IPv6 MPLS L3VPN PE-CE IPv6 IS-IS, MPLS L3VPN VPN instance route related IPv6 MPLS L3VPN PE-CE OSPFv3, attributes, IPv6 MPLS L3VPN PE-CE RIPng, routing IPv6 MPLS L3VPN PE-CE static routing, IPv6 MCE configuration, IPv6 MPLS L3VPN PE-PE routing, IPv6 MPLS L3VPN, 277,...

  • Page 522

    MPLS L3VPN MCE OSPF VPN routes MPLS TE tunnel traffic direction (automatic route advertising, advertisement), MPLS L3VPN MCE routing, MPLS TE tunnel traffic direction (static routing), MPLS L3VPN MCE-PE EBGP, MPLS TE tunnel with RSVP-TE, MPLS L3VPN MCE-PE IBGP configuration, RSVP configuration, 139, 142, MPLS L3VPN MCE-PE IS-IS, RSVP GR configuration,...

  • Page 523

    MPLS TE IETF DS-TE configuration, sham link MPLS TE inter-AS tunnel with RSVP-TE, IPv6 MPLS L3VPN OSPF sham link configuration, MPLS TE link attribute, IPv6 MPLS L3VPN OSPF sham link creation, MPLS TE make-before-break FF, IPv6 MPLS L3VPN OSPFv3 sham link, MPLS TE make-before-break SE, MPLS L3VPN OSPF sham link, MPLS TE tunnel constraints,...

  • Page 524

    MPLS TE tunnel configuration over static CRLSP, LDP session, MPLS TE tunnel over static CRLSP, TE database. See TEDB MPLS TE tunnel traffic direction (static TEDB routing), MPLS TE attribute advertisement, VPLS static PW configuration, 379, MPLS TE CSPF calculation, VPLS UPE dual homing (redundant static timer PWs),...

  • Page 525

    MPLS TTL propagation, tunnel policy configuration, 155, 155, MPLS TTL-expired message send, tunnel selection order configuration, tunnel policy VPLS architecture, configuration, 155, 155, type information display, RSVP-TE EXPLICIT_ROUTE object, tunneling RSVP-TE Hello message, RSVP-TE LABEL_REQUEST object, exclusive tunnel configuration, RSVP-TE Path message, MPLS L2VPN public tunnel, RSVP-TE PathErr message, MPLS OAM BFD for LSP,...

  • Page 526

    BGP label block information advertisement, PW LDP configuration, BGP PW configuration, 380, PW split horizon forwarding, BGP PW creation, static PW configuration, 379, BGP VPLS PE information advertisement, unicast traffic flooding, broadcast traffic flooding, unicast traffic forwarding, broadcast traffic forwarding, UPE dual homing (redundant LDP PWs), configuration, 371, 376, UPE dual homing (redundant static PWs),...

Comments to this Manuals

Symbols: 0
Latest comments: