Page of 428
Download Table of ContentsContents Print This PagePrint Bookmark
   
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428
HP 10500 Switch Series
MPLS
Part number: 5998-2212
Software version: Release 1201 and later
Document version: 6W102-20130530

Advertising

   Summary of Contents for HP 10500 SERIES

  • Page 1: Configuration Guide

    HP 10500 Switch Series MPLS Configuration Guide Part number: 5998-2212 Software version: Release 1201 and later Document version: 6W102-20130530...

  • Page 2

    The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents Configuring MCE ························································································································································· 1   Overview ············································································································································································ 1   MPLS L3VPN overview ············································································································································· 1   MPLS L3VPN concepts ············································································································································· 2   Multi-VPN-instance CE ············································································································································· 4   Using MCE in tunneling applications ····················································································································· 5   Configuring routing on an MCE ······································································································································ 6  ...

  • Page 4: Table Of Contents

    Configuring remote LDP session parameters ······································································································ 64   Configuring PHP ···················································································································································· 65   Configuring the policy for triggering LSP establishment ··················································································· 65   Configuring the label distribution control mode ································································································ 66   Configuring LDP loop detection ··························································································································· 67   Configuring LDP MD5 authentication ·················································································································· 68  ...

  • Page 5: Table Of Contents

    Configuring RSVP authentication ······················································································································· 110   Configuring DSCP for outgoing RSVP packets ································································································· 110   Configuring RSVP-TE GR ····································································································································· 110   Tuning CR-LSP setup ····················································································································································· 111   Configuring route pinning ·································································································································· 111   Configuring administrative group and affinity attribute ·················································································· 111  ...

  • Page 6: Table Of Contents

    Configuring the BGP extension ·························································································································· 171   Configuring a BGP VPLS instance ····················································································································· 171   Resetting VPLS BGP connections ························································································································ 171   Binding a service instance with a VPLS instance ······································································································ 172   Configuring MAC address learning··························································································································· 172   Configuring VPLS instance attributes ·························································································································· 172  ...

  • Page 7: Table Of Contents

    HoVPN ·································································································································································· 243   OSPF VPN extension ··········································································································································· 245   BGP AS number substitution and SoO ·············································································································· 247   MPLS L3VPN configuration task list ···························································································································· 248   Configuring basic MPLS L3VPN ································································································································· 248   Configuring VPN instances ································································································································ 249   Configuring routing between PE and CE ··········································································································...

  • Page 8: Table Of Contents

    Configuring inter-AS IPv6 VPN option C ·········································································································· 373   Configuring carrier's carrier ······························································································································ 380   Support and other resources ·································································································································· 388   Contacting HP ······························································································································································ 388   Subscription service ············································································································································ 388   Related information ······················································································································································ 388   Documents ···························································································································································· 388  ...

  • Page 9: Configuring Mce

    Configuring MCE The term "router" in this chapter refers to both routers and Layer 3 switches. This chapter covers only MCE-related configuration. For information about routing protocols, see Layer 3—IP Services Configuration Guide. The term "Layer 3 interface" in this chapter refers to route-mode (or Layer 3) Ethernet ports. You can set an Ethernet port to operate in route mode by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).

  • Page 10: Mpls L3vpn Concepts

    Figure 1 Network diagram for MPLS L3VPN model CEs and PEs mark the boundary between the service providers and the customers. After a CE establishes adjacency with a directly connected PE, it advertises its VPN routes to the PE and learns remote VPN routes from the PE.

  • Page 11

    Address space overlapping Each VPN independently manages the addresses it uses. The assembly of such addresses for a VPN is called an address space. The address spaces of VPNs may overlap. For example, if both VPN 1 and VPN 2 use the addresses on network segment 10.1 10.10.0/24, address space overlapping occurs.

  • Page 12: Multi-vpn-instance Ce

    An RD can be in one of the following formats distinguished by the Type field: When the value of the Type field is 0, the Administrator subfield occupies two bytes, the Assigned • number subfield occupies four bytes, and the RD format is 16-bit AS number:32-bit user-defined number.

  • Page 13: Using Mce In Tunneling Applications

    Figure 3 shows how an MCE maintains the routing entries of multiple VPNs and how an MCE exchanges VPN routes with PEs. Figure 3 Network diagram for the MCE function VPN 1 VPN 2 Site 1 Site 1 VLAN-int2 VLAN-int7 VLAN-int8 VLAN-int3 VPN 2...

  • Page 14: Configuring Routing On An Mce

    By establishing multiple tunnels between two MCE devices and binding the tunnel interfaces with VPN instances, you can make the routing information and data of the VPN instances delivered to the peer devices through the bound tunnel interfaces. According to the tunnel interfaces receiving the routes, an MCE device determines the VPN instances that the routes belong to and advertises the routes to the corresponding sites.

  • Page 15

    BGP within the VPN, the routes may be learned by other MCE devices, generating route loops. To prevent route loops, configure route tags for different VPN instances on each MCE. HP recommends that you assign the same route tag to the same VPN on all MCEs.

  • Page 16: Route Exchange Between An Mce And A Pe

    Route exchange between an MCE and a PE Routing information entries are bound to specific VPN instances on an MCE device, and packets of each VPN instance are forwarded between MCE and PE according to interface. As a result, VPN routing information can be transmitted by performing relatively simple configurations between MCE and PE, such as importing the VPN routing entries on MCE devices to the routing table of the routing protocol running between MCE and PEs.

  • Page 17: Associating A Vpn Instance With An Interface

    NOTE: For easy management, set the same RD for the same VPN instance on the MCE and the PE. Associating a VPN instance with an interface After creating and configuring a VPN instance, associate the VPN instance with the interfaces connected to the VPN sites.

  • Page 18

    To configure route related attributes of a VPN instance: Step Command Remarks Enter system view. system-view Enter VPN instance view. ip vpn-instance vpn-instance-name Enter IPv4 VPN view. ipv4-family Optional. A single vpn-target command can Associate the current VPN vpn-target vpn-target&<1-8> configure up to eight VPN targets.

  • Page 19

    Configuring static routing between MCE and VPN site An MCE can reach a VPN site through a static route. Static routing on a traditional CE is globally effective and thus does not support address overlapping among VPNs. An MCE supports binding a static route with a VPN instance, so that the static routes of different VPN instances can be isolated from each other.

  • Page 20

    Step Command Remarks Configure the default cost Optional. value for the redistributed default cost value 0 by default. routes. Configuring OSPF between MCE and VPN site An OSPF process belongs to the public network or a single VPN instance. If you create an OSPF process without binding it to a VPN instance, the process belongs to the public network.

  • Page 21

    Configuring IS-IS between MCE and VPN site An IS-IS process belongs to the public network or a single VPN instance. If you create an IS-IS process without binding it to a VPN instance, the process belongs to the public network. By configuring IS-IS process-to-VPN instance bindings on a MCE, you allow routes of different VPNs to be exchanged between the MCE and the sites through different IS-IS processes, ensuring the separation and security of VPN routes.

  • Page 22

    Step Command Remarks peer { group-name | ip-address } Configure an EBGP peer. as-number as-number Allow the local AS number to appear in the AS_PATH attribute of a received route, peer { group-name | ip-address } Optional. and set the maximum number allow-as-loop [ number ] of times that such case is allowed to appear.

  • Page 23: Configuring Routing Between Mce And Pe

    Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number ipv4-family vpn-instance Enter BGP-VPN instance view. vpn-instance-name peer { group-name | ip-address } Configure an IBGP peer. as-number as-number Optional. Configure the system to be the peer { group-name | ip-address } RR and specify the peer as the By default, no RR or RR client is reflect-client...

  • Page 24

    Configuring static routing between MCE and PE Step Command Remarks Enter system view. system-view • ip route-static dest-address { mask | mask-length } { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] [ tag tag-value ] [ description description-text ] Configure a static route Use either...

  • Page 25

    Step Command Remarks Disabled by default. You must disable routing loop detection Disable routing loop vpn-instance-capability simple for a VPN OSPF process on the MCE. detection. Otherwise, the MCE cannot receive OSPF routes from the PE. Optional. Configure the OSPF domain-id domain-id domain ID.

  • Page 26

    Step Command Remarks filter-policy { acl-number | ip-prefix Optional. Configure a filtering ip-prefix-name | route-policy policy to filter the route-policy-name } export [ isis By default, IS-IS does not filter redistributed routes. process-id | ospf process-id | rip redistributed routes. process-id | bgp | direct | static ] Return to system view.

  • Page 27: Resetting Bgp Connections

    Step Command Remarks import-route protocol [ process-id | Redistribute the VPN By default, no route all-processes ] [ med med-value | routes of the VPN site. redistribution is configured. route-policy route-policy-name ] * Configure the egress Optional. router of the site as a peer { group-name | ip-address } By default, no route reflector or client of the route...

  • Page 28: Displaying And Maintaining Mce

    Displaying and maintaining MCE Task Command Remarks Display information about the display ip routing-table vpn-instance routing table associated with a vpn-instance-name [ verbose ] [ | { begin | Available in any view. VPN instance. exclude | include } regular-expression ] Display information about a display ip vpn-instance [ instance-name specific VPN instance or all VPN...

  • Page 29: Mce Configuration Examples

    Task Command Remarks display bgp vpnv4 vpn-instance vpn-instance-name routing-table [ network-address [ { mask | mask-length } [ longer-prefixes ] ] | as-path-acl as-path-acl-number | cidr | community [ aa:nn ]&<1-13> [ no-advertise | no-export | no-export-subconfed ] * [ whole-match ] | community-list { basic-community-list-number Display the BGP VPNv4 routing [ whole-match ] |...

  • Page 30

    Figure 6 Network diagram Configuration procedure Assume that the system name of the MCE device is MCE, the system names of the edge devices of VPN 1 and VPN 2 are VR1 and VR2, respectively, and the system name of PE 1 is PE1. Configure the VPN instances on the MCE and PE 1: # On the MCE, configure VPN instances vpn1 and vpn2, and specify an RD and VPN targets for each VPN instance.

  • Page 31

    [MCE-Vlan-interface10] ip binding vpn-instance vpn1 [MCE-Vlan-interface10] ip address 10.214.10.3 24 # Configure VLAN 20, add port GigabitEthernet 1/0/2 to VLAN 20, bind VLAN-interface 20 with VPN instance vpn2, and specify an IP address for VLAN-interface 20. [MCE-Vlan-interface10] quit [MCE] vlan 20 [MCE-vlan20] port gigabitethernet 1/0/2 [MCE-vlan20] quit [MCE] interface vlan-interface 20...

  • Page 32

    # Run RIP in VPN 2. Create RIP process 20 and bind it with VPN instance vpn2 on the MCE, so the MCE can learn the routes of VPN 2 and add them to the routing table of the VPN instance vpn2. [MCE] rip 20 vpn-instance vpn2 # Advertise subnet 10.214.20.0.

  • Page 33

    [MCE-Vlan-interface30] ip address 30.1.1.1 24 [MCE-Vlan-interface30] quit # On the MCE, create VLAN 40 and VLAN-interface 40, bind the VLAN interface with VPN instance vpn2, and configure an IP address for the VLAN interface. [MCE] vlan 40 [MCE-vlan40] quit [MCE] interface vlan-interface 40 [MCE-Vlan-interface40] ip binding vpn-instance vpn2 [MCE-Vlan-interface40] ip address 40.1.1.1 24 [MCE-Vlan-interface40] quit...

  • Page 34: Using Bgp To Advertise Vpn Routes To The Pe

    # On PE 1, display the routing table of VPN1. [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 5 Routes : 5 Destination/Mask Proto Cost NextHop Interface 30.1.1.0/24 Direct 0 30.1.1.2 Vlan30 30.1.1.2/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1...

  • Page 35

    Figure 7 Network diagram Configuration procedure Create VPN instances on the MCE and PE 1, and bind the VPN instances with VLAN interfaces in the same way as that described in "Using OSPF to advertise VPN routes to the PE." (Details not shown.) Configure routing between the MCE and VPN sites:...

  • Page 36

    127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 192.168.0.0/24 OSPF 10.214.10.2 Vlan10 The output shows that the MCE has learned the private route of VPN 1 through OSPF process 10. # On MCE, bind OSPF process 20 with VPN instance vpn2 to learn the routes of VPN 2. (Details not shown.) Then, display the routing table of VPN 2.

  • Page 37: Using Tunnels To Advertise Vpn Routes

    192.168.0.0/24 30.1.1.1 Vlan30 # Perform similar configuration on the MCE and PE 1 for VPN 2. Redistribute the OSPF routes of VPN instance vpn2 into the EBGP routing table. (Details not shown.) [PE1] display ip routing-table vpn-instance vpn2 Routing Tables: vpn2 Destinations : 5 Routes : 5 Destination/Mask...

  • Page 38

    For VPN 1, advertise interface addresses on the two MCEs in area 0, making the entire VPN a single OSPF domain. For VPN 2, advertise interface addresses for RIP and OSPF calculations, and in addition, redistribute OSPF routes to RIP and RIP routes to OSPF on MCE 1. Figure 9 Network topology of VPN 1 with the MCEs Figure 10 Network topology of VPN 2 with the MCEs Configuration procedure...

  • Page 39

    [MCE1-Tunnel0] tunnel-protocol gre # Specify the source address of the tunnel. [MCE1-Tunnel0] source vlan-interface 100 # Specify the destination address of the tunnel. [MCE1-Tunnel0] destination 172.16.1.1 [MCE1-Tunnel0] quit # Create loopback group 1 and specify the service type as tunnel. [MCE1] service-loopback group 1 type tunnel # Add any unused port (GigabitEthernet 1/0/3 in this example) to loopback group 1.

  • Page 40

    [MCE2-Vlan-interface101] quit # Create the tunnel interface Tunnel0. [MCE2] interface tunnel 0 # Configure an IP address for the Tunnel0 interface. [MCE2-Tunnel0] ip address 10.1.1.2 255.255.255.0 # Specify the tunnel protocol as GRE. [MCE2-Tunnel0] tunnel-protocol gre # Specify the source address of the tunnel. [MCE2-Tunnel0] source vlan-interface 100 # Specify the destination address of the tunnel.

  • Page 41

    [MCE1-vpn-instance-vpn2] vpn-target 1:3 [MCE1-vpn-instance-vpn2] quit # Bind VLAN-interface 10 and Tunnel0 with VPN instance vpn1, and configure IP addresses for the VLAN interface and tunnel interface. [MCE1] vlan 10 [MCE1-vlan10] port gigabitethernet 1/0/10 [MCE1-vlan10] quit [MCE1] interface vlan-interface 10 [MCE1-Vlan-interface10] ip binding vpn-instance vpn1 [MCE1-Vlan-interface10] ip address 10.214.10.1 24 [MCE1-Vlan-interface10] quit [MCE1] interface tunnel 0...

  • Page 42

    [MCE2-Vlan-interface20] ip binding vpn-instance vpn1 [MCE2-Vlan-interface20] ip address 10.214.30.1 24 [MCE2-Vlan-interface20] quit [MCE2] interface tunnel 0 [MCE2-Tunnel0] ip binding vpn-instance vpn1 [MCE2-Tunnel0] ip address 10.1.1.2 24 # Bind VLAN-interface 21 and Tunnel 1 with VPN instance vpn2, and configure IP addresses for the VLAN interface and tunnel interface.

  • Page 43

    # Advertise the address of tunnel interface Tunnel 1. [MCE1-ospf-2-area-0.0.0.0] network 10.1.2.1 0.0.0.255 # Configure RIP process 1 for VPN instance vpn2. [MCE1] rip 1 vpn-instance vpn2 [MCE1-rip-1] # Advertise the IP address of VLAN-interface 11. [MCE1-rip-1] network 10.214.20.1 # Redistribute routes learned by OSPF process 2 to RIP process 1. [MCE1-rip-1] import-route ospf 2 [MCE1-rip-1] quit # Redistribute routes learned by RIP process 1 to OSPF process 2.

  • Page 44: Configuring Ipv6 Mce

    Configuring IPv6 MCE This chapter describes how to configure the IPv6 MCE function. Overview In an IPv6 MPLS L3 VPN, an IPv6 MCE advertises IPv6 routing information between the VPN site and the connected PE and forwards IPv6 packets. An IPv6 MCE operates in the same way as an IPv4 MCE. For more information, see "Configuring MCE."...

  • Page 45: Configuring Route Attributes For A Vpn Instance

    Step Command Remarks interface interface-type Enter interface view. interface-number Associate a VPN instance ip binding vpn-instance No VPN instance is associated with the interface. vpn-instance-name with an interface by default. NOTE: The ip binding vpn-instance command clears the IPv6 address of the interface on which it is configured. Be sure to re-configure an IPv6 address for the interface after configuring the command.

  • Page 46: Configuring Routing On An Ipv6 Mce

    Step Command Remarks Optional. Apply an export routing export route-policy route-policy By default, routes to be advertised policy. are not filtered. NOTE: Route related attributes configured in VPN instance view are applicable to both IPv4 VPNs and IPv6 • VPNs. •...

  • Page 47

    Step Command Remarks • ipv6 route-static ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | next-hop-address | vpn-instance d-vpn-instance-name Use either command. nexthop-address } [ preference Perform this preference-value ] Configure an IPv6 static route configuration on the • ipv6 route-static vpn-instance for an IPv6 VPN instance.

  • Page 48

    For more information about OSPFv3, see Layer 3—IP Routing Configuration Guide. To configure OSPFv3 between IPv6 MCE and VPN site: Step Command Remarks Enter system view. system-view Create an OSPFv3 process for Perform this configuration on the ospfv3 [ process-id ] vpn-instance a VPN instance and enter IPv6 MCE.

  • Page 49

    Step Command Remarks Optional. By default, no routes from any ipv6 import-route protocol other routing protocol are [ process-id ] [ allow-ibgp ] [ cost Redistribute remote site routes redistributed to IPv6 IS-IS. cost | [ level-1 | level-1-2 | advertised by the PE.

  • Page 50: Configuring Routing Between Ipv6 Mce And Pe

    Configure a VPN site: Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. Configure the IPv6 MCE as peer ipv6-address as-number the EBGP peer. as-number Optional. By default, no route redistribution import-route protocol [ process-id Redistribute the IGP routes of is configured.

  • Page 51

    Step Command Remarks import-route protocol [ process-id ] By default, no route of any Redistribute the VPN [ allow-ibgp ] [ cost cost | route-policy other routing protocol is routes. route-policy-name ] * redistributed into RIPng. Configure the default cost Optional.

  • Page 52

    Step Command Remarks Enable the IPv6 capacity for the IS-IS ipv6 enable Disabled by default. process. Optional. By default, IS-IS does not ipv6 import-route protocol [ process-id ] redistribute routes of any other Redistribute the VPN [ allow-ibgp ] [ cost cost | [ level-1 | routing protocol.

  • Page 53: Resetting Ipv6 Bgp Connections

    Resetting IPv6 BGP connections When BGP configuration changes, you can use the soft reset function or reset BGP connections to make new configurations take effect. Soft reset requires that BGP peers have route refreshment capability (supporting Route-Refresh messages). To hard reset or soft reset BGP connections: Task Command Remarks...

  • Page 54: Ipv6 Mce Configuration Example

    IPv6 MCE configuration example Network requirements As shown in Figure 1 1, the IPv6 MCE device is connected to VPN 1 through VLAN-interface 10 and to VPN 2 through VLAN-interface 20. RIPng is used in VPN 2. Configure the IPv6 MCE to separate routes from different VPNs and advertise VPN routes to PE 1 through OSPFv3.

  • Page 55

    [MCE] ip vpn-instance vpn2 [MCE-vpn-instance-vpn2] route-distinguisher 20:1 [MCE-vpn-instance-vpn2] vpn-target 20:1 [MCE-vpn-instance-vpn2] quit # Create VLAN 10, add port GigabitEthernet 1/0/1 to VLAN 10, and create VLAN-interface 10. [MCE] vlan 10 [MCE-vlan10] port gigabitethernet 1/0/1 [MCE-vlan10] quit # Bind VLAN-interface 10 with VPN instance vpn1, and configure an IPv6 address for the VLAN interface.

  • Page 56

    # Configure RIPng process 20, binding it with VPN instance vpn2. [MCE] ripng 20 vpn-instance vpn2 # Advertise subnet 2002:1::/64 through RIPng. [MCE] interface vlan-interface 20 [MCE-Vlan-interface20] ripng 20 enable [MCE-Vlan-interface20] quit # On VR 2, assign IPv6 address 2002:1::2/64 to the interface connected to the MCE and 2012::2/64 to the interface connected to VPN 2.

  • Page 57

    NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2002:1::/64 Protocol : Direct NextHop : 2002:1::1 Preference: 0 Interface : Vlan20 Cost Destination: 2002:1::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2012::/64 Protocol : RIPng NextHop : FE80::20F:E2FF:FE3E:9CA2...

  • Page 58

    [MCE-Vlan-interface40] ipv6 address 40::1 64 [MCE-Vlan-interface40] quit # On PE 1, create VLAN 30 and VLAN-interface 30, bind VLAN-interface 30 with VPN instance vpn1 and configure an IPv6 address for the VLAN-interface 30. [PE1] vlan 30 [PE1-vlan30] quit [PE1] interface vlan-interface 30 [PE1-Vlan-interface30] ip binding vpn-instance vpn1 [PE1-Vlan-interface30] ipv6 address 30::2 64 [PE1-Vlan-interface30] quit...

  • Page 59

    Destination: 30::/64 Protocol : Direct NextHop : 30::2 Preference: 0 Interface : Vlan30 Cost Destination: 30::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2012:1::/64 Protocol : OSPFv3 NextHop : FE80::202:FF:FE02:2 Preference: 150 Interface : Vlan30 Cost Destination: FE80::/10 Protocol...

  • Page 60: Configuring Basic Mpls

    Configuring basic MPLS This chapter describes how to configure basic MPLS. MPLS overview Multiprotocol Label Switching (MPLS) enables connection-oriented label switching on connectionless IP networks. It integrates both the flexibility of IP routing and the level of simplicity of Layer 2 switching. MPLS has the following advantages: •...

  • Page 61

    S—One bit in length. MPLS supports multiple levels of labels. This field indicates whether a label is • at the bottom of the label stack. A value of 1 indicates that the label is at the bottom of the label stack.

  • Page 62: Mpls Network Structure

    MPLS network structure Figure 14 Diagram of the MPLS network structure LSRs in the same routing or administrative domain form an MPLS domain. An MPLS domain consists of the following types of LSRs: Ingress LSRs receive and label packets coming into the MPLS domain. •...

  • Page 63: Label Distribution And Management

    A downstream LSR classifies FECs according to destination addresses. It assigns a label to a FEC, and distributes the FEC-label binding to its upstream LSR, which then establishes an LFIB entry for the FEC according to the binding information. After all LSRs along the packet forwarding path establish a LFIB entry for the FEC, an LSP is established for packets of this FEC.

  • Page 64

    In DU mode, an LSR assigns a label to a FEC and then distributes the FEC-label binding to its • upstream LSR without solicitation. The switch supports only the DU mode. In DoD mode, an LSR assigns a label to a FEC and distributes the FEC-label binding to its upstream •...

  • Page 65: Mpls Forwarding

    MPLS forwarding This section describes the MPLS forwarding information. LFIB An LFIB comprises the following table entries: • Next Hop Label Forwarding Entry (NHLFE)—Describes the label operation to be performed. It is used to forward MPLS packets. FEC to NHLFE (FTN) map—FTN maps each FEC to a set of NHLFEs at the ingress LSR. The FTN map •...

  • Page 66

    Upon receiving the labeled packet, Router C looks for the ILM entry that contains the label 40 to get the Token value. Because the Token value is not empty, Router C looks for the NHLFE entry containing the Token value. According to the NHLFE entry, Router C swaps the original label with label 50, and then forwards the labeled packet to the next hop LSR (Router D) through the outgoing interface (GigabitEthernet 1/0/2).

  • Page 67

    LDP session, advertisement, and notification messages use TCP for reliability. Discovery messages use UDP for efficiency. LDP operation LDP goes through the following phases in operation: Discovery Each LSR sends hello messages periodically to notify neighboring LSRs of its presence. In this way, LSRs can automatically discover their LDP peers.

  • Page 68: Protocols

    Loss of session connectivity An LSR determines the integrity of an LDP session according to the LDP PDU (which carries one or more LDP messages) transmitted on the session. Before the Keepalive timer times out, if two LDP peers have no information to exchange, they can send Keepalive messages to each other to maintain the LDP session.

  • Page 69: Enabling The Mpls Function

    An MPLS LSR ID is in the format of an IP address and must be unique Configure the MPLS LSR ID. mpls lsr-id lsr-id within an MPLS domain. HP recommends using the IP address of a loopback interface on an LSR as the MPLS LSR ID.

  • Page 70: Configuring A Static Lsp

    Step Command Remarks By default, MPLS is disabled on Enable MPLS for the interface. mpls interfaces. Configuring a static LSP The principle of establishing a static LSP is that the outgoing label of an upstream LSR is the incoming label of its downstream LSR. Before you configure a static LSP, complete the following tasks: Determine the ingress LSR, transit LSRs, and egress LSR for the static LSP.

  • Page 71: Establishing Dynamic Lsps Through Ldp

    Establishing dynamic LSPs through LDP Perform the tasks in this section so the switch can use LDP to set up dynamic LSPs. Configuring MPLS LDP capability Step Command Remarks Enter system view. system-view Enable LDP capability globally and mpls ldp Not enabled by default.

  • Page 72: Configuring Remote Ldp Session Parameters

    Step Command Remarks Optional. Set the link Hello timer. mpls ldp timer hello-hold value 15 seconds by default. Optional. mpls ldp timer keepalive-hold Set the link Keepalive timer. value 45 seconds by default. Optional. The default takes the value of the MPLS LSR ID.

  • Page 73: Configuring Php

    Step Command Remarks Optional. Set the targeted Keepalive mpls ldp timer keepalive-hold timer. value The default value is 45 seconds. Optional. The default takes the value of the MPLS LSR ID. Configure the LDP transport mpls ldp transport-address The specified IP address must be address.

  • Page 74: Configuring The Label Distribution Control Mode

    Step Command Remarks Enter system view. system-view Enter MPLS view. mpls Optional. By default, only host routes with 32-bit masks can trigger establishment of LSPs. If the vpn-instance Configure the LSP lsp-trigger [ vpn-instance vpn-instance-name option is establishment triggering vpn-instance-name ] { all | ip-prefix specified, the command configures policy.

  • Page 75: Configuring Ldp Loop Detection

    LSPs. LDP loop detection can result in LSP update, which generates redundant information and consume • many system resources. HP recommends configuring the routing protocol's loop detection mechanism. Configuration procedure...

  • Page 76: Configuring Ldp Md5 Authentication

    Configuring LDP MD5 authentication LDP sessions are established based on TCP connections. To improve the security of LDP sessions, you can configure MD5 authentication for the underlying TCP connections, so that the TCP connections can be established only if the peers have the same authentication password. IMPORTANT: To establish an LDP session successfully between two LDP peers, make sure their LDP MD5 authentication settings are the same.

  • Page 77: Configuring A Dscp For Outgoing Ldp Packets

    For two neighboring LSRs, configuring a label acceptance control policy on the upstream LSR and configuring a label advertisement control policy on the downstream LSR have the same effect. To reduce network traffic, HP recommends configuring only label advertisement control policies. To configure LDP label filtering policies:...

  • Page 78: Maintaining Ldp Sessions

    To configure a DSCP value for outgoing LDP packets: Step Command Remarks Enter system view. system-view Enter MPLS LDP view. mpls ldp Configure a DSCP value for By default, the DSCP value for dscp dscp-value outgoing LDP packets. outgoing LDP packets is 48. Maintaining LDP sessions This section describes how to detect communication failures between remote LDP peers and reset LDP sessions.

  • Page 79: Configuring A Ttl Processing Mode For An Lsr

    Figure 22 TTL processing when TTL propagation is disabled Configuration guidelines HP recommends configuring the same TTL processing mode on all LSRs along an LSP. To enable IP TTL propagation for a VPN, you must enable it on all PE devices in the VPN, so that you can get the same traceroute result (hop count) from those PEs.

  • Page 80: Sending Back Icmp Ttl Exceeded Messages For Mpls Ttl Expired Packets

    Configuration procedure To configure TTL propagation of MPLS: Step Command Remarks Enter system view. system-view Enter MPLS view. mpls Optional. Enable MPLS TTL propagation. ttl propagate { public | vpn } Enabled only for public network packets by default. Sending back ICMP TTL exceeded messages for MPLS TTL expired packets After you enable an LSR to send back ICMP TTL exceeded messages for MPLS TTL expired packets, when the LSR receives an MPLS packet that carries a label with TTL being 1, it generates an ICMP TTL exceeded...

  • Page 81: Configuring Ldp Gr

    Step Command Remarks Optional. Use either approach as required. By default, an ICMP TTL exceeded message is sent back along an IP Configure the device to use IP route when the TTL of an MPLS • (Approach 1) Use IP routes: routes or LSPs to send back the packet with a one-level label stack ttl expiration pop...

  • Page 82

    Whenever restarting, the GR restarter preserves all MPLS forwarding entries, marks them as stale, and starts the MPLS forwarding state holding timer for them. After a GR helper detects that the LDP session with the GR restarter is down, it marks the FEC-label bindings learned from the session as stale and keeps these FEC-label bindings for a period of time defined by the fault tolerant (FT) reconnect time argument.

  • Page 83: Configuring Ldp Nsr

    To restart MPLS LDP gracefully, perform the following commad in user view: Task Command Restart MPLS LDP gracefully. graceful-restart mpls ldp Configuring LDP NSR Nonstop routing (NSR) is a mechanism for keeping on data transmission during an active/standby switchover. NSR for LDP can back up LDP session information and LSP information from the active MPU to the standby MPU of a device.

  • Page 84: Configuring Mpls Lsp Ping

    Periodic LSP tracert • Configuring MPLS LSP ping MPLS LSP ping is for testing the connectivity of an LSP. At the ingress, it adds the label for the FEC to be inspected into an MPLS echo request, which then is forwarded along the LSP to the egress. The egress processes the request packet and returns an MPLS echo reply to the ingress.

  • Page 85: Configuring Periodic Lsp Tracert

    then the BFD session is established based on the negotiated discriminator values. Such a BFD session is used for connectivity detection of an LSP from the local device to the remote device. Configuration prerequistes The BFD session parameters configured on the loopback interface whose IP address is configured •...

  • Page 86: Enabling Mpls Trap

    Step Command Remarks Enter system view. system-view Enable LSP verification and mpls lspv Not enabled by default. enter the MPLS LSPV view. periodic-tracert Configure periodic tracert for destination-address mask-length an LSP to the specified FEC [ -a source-ip | -exp exp-value | -h Not configured by default.

  • Page 87

    Task Command Remarks display mpls ilm [ label ] [ verbose ] [ chassis chassis-number Display information about ILM slot slot-number ] [ | { begin | Available in any view. entries. (In IRF mode.) exclude | include } regular-expression ] display mpls label { label-value1 Display information about [ to label-value2 ] | all } [ | { begin...

  • Page 88: Displaying Mpls Ldp Operation

    Task Command Remarks display mpls static-lsp [ lsp-name lsp-name ] [ { exclude | include } Display information about static dest-addr mask-length ] [ verbose ] Available in any view. LSPs. [ | { begin | exclude | include } regular-expression ] display mpls route-state [ vpn-instance vpn-instance-name ]...

  • Page 89: Clearing Mpls Statistics

    Task Command Remarks display mpls ldp session [ all [ verbose ] | [ vpn-instance Display information about LDP vpn-instance-name ] [ peer-id | Available in any view. sessions between LDP peers. verbose ] ] [ | { begin | exclude | include } regular-expression ] display mpls ldp session all Display statistics information about...

  • Page 90: Configuration Considerations

    Figure 24 Network diagram Loop0 Loop0 Loop0 2.2.2.9/32 3.3.3.9/32 1.1.1.9/32 Vlan-int2 Vlan-int3 10.1.1.1/24 20.1.1.2/24 Vlan-int4 Vlan-int5 Vlan-int3 Vlan-int2 11.1.1.1/24 21.1.1.1/24 10.1.1.2/24 20.1.1.1/24 Switch A Switch B Switch C 11.1.1.0/24 21.1.1.0/24 Configuration considerations • On an LSP, the out label of an upstream LSR must be identical with the in label of its downstream LSR.

  • Page 91

    [SwitchB-Vlan-interface3] quit # Configure MPLS on Switch C. [SwitchC] mpls lsr-id 3.3.3.9 [SwitchC] mpls [SwitchC-mpls] quit [SwitchC] interface vlan-interface 3 [SwitchC-Vlan-interface3] mpls [SwitchC-Vlan-interface3] quit Create a static LSP from Switch A to Switch C: # Configure the LSP ingress, Switch A. [SwitchA] static-lsp ingress AtoC destination 21.1.1.0 24 nexthop 10.1.1.2 out-label # Configure the LSP transit node, Switch B.

  • Page 92: Configuring Ldp To Establish Lsps Dynamically

    0.00% packet loss round-trip min/avg/max = 1/1/2 ms # On Switch C, test the connectivity of the LSP from Switch C to Switch A. [SwitchC] ping lsp -a 21.1.1.1 ipv4 11.1.1.0 24 LSP Ping FEC: IPV4 PREFIX 11.1.1.0/24 : 100 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=100 Sequence=1 time = 3 ms Reply from 10.1.1.1: bytes=100 Sequence=2 time = 2 ms...

  • Page 93

    [Sysname] sysname SwitchA [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure OSPF on Switch B. <Sysname> system-view [Sysname] sysname SwitchB [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255...

  • Page 94

    # Configure MPLS and MPLS LDP on Switch A. [SwitchA] mpls lsr-id 1.1.1.9 [SwitchA] mpls [SwitchA-mpls] quit [SwitchA] mpls ldp [SwitchA-mpls-ldp] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] mpls [SwitchA-Vlan-interface2] mpls ldp [SwitchA-Vlan-interface2] quit # Configure MPLS and MPLS LDP on Switch B. [SwitchB] mpls lsr-id 2.2.2.9 [SwitchB] mpls [SwitchB-mpls] quit...

  • Page 95

    [SwitchA] display mpls ldp peer LDP Peer Information in Public network Total number of peers: 1 ----------------------------------------------------------------- Peer-ID Transport-Address Discovery-Source ---------------------------------------------------------------- 2.2.2.9:0 2.2.2.9 Vlan-interface2 ---------------------------------------------------------------- Allow all static routes and IGP routes to trigger LDP to establish LSPs: # Configure the LSP establishment triggering policy on Switch A. [SwitchA] mpls [SwitchA-mpls] lsp-trigger all [SwitchA-mpls] return...

  • Page 96: Configuring Bfd For Lsps

    --- FEC: IPV4 PREFIX 21.1.1.0/24 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/2/3 ms # On Switch C, test the connectivity of the LDP LSP from Switch C to Switch A. [SwitchC] ping lsp ipv4 11.1.1.0 24 LSP Ping FEC: IPV4 PREFIX 11.1.1.0/24 : 100 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=100 Sequence=1 time = 2 ms...

  • Page 97

    Local Discr : 130 Remote Discr : 130 Tunnel ID : --- NextHop : --- Session State : Up Source IP : 3.3.3.9 Session Role : Passive : 21.1.1.0/24 Type : LSP Local Discr : 129 Remote Discr : 129 Tunnel ID : 0x6040000 NextHop...

  • Page 98: Configuring Mpls Te

    Configuring MPLS TE This chapter describes how to configure MPLS TE. MPLS TE overview Network congestion is one of the major problems that can degrade your network backbone performance. It may occur either when network resources are inadequate or when load distribution is unbalanced.

  • Page 99: Basic Concepts

    With MPLS TE, a network administrator can eliminate network congestion by creating some LSPs and congestion bypass nodes. Special offline tools are also available for the traffic analysis performed when the number of LSPs is large. Basic concepts LSP tunnel •...

  • Page 100: Cr-lsp

    They are different in that CR-LDP establishes LSPs using TCP, and RSVP-TE uses raw IP. RSVP is a well-established technology in terms of its architecture, protocol procedures and support to services. CR-LDP is an emerging technology with better scalability. The switch supports only RSVP-TE. Forwarding packets Packets are forwarded over established tunnels.

  • Page 101: Rsvp-te

    If a network does not run IGP TE extension, the network administrator is unable to identify from which part of the network the required bandwidth can be obtained when setting up a CR-LSP. In this case, loose explicit route (ER-hop) with required resources is used. The established CR-LSP, however, may change when the route changes, for example, when a better next hop becomes available.

  • Page 102

    Fixed-filter (FF) style—Resources are reserved for individual senders and cannot be shared among senders on the same session. Shared-explicit (SE) style—Resources are reserved for senders on the same session and shared among them. NOTE: SE is only used for make-before-break because multiple LSPs cannot be present on the same session. Make-before-break Make-before-break is a mechanism to change MPLS TE tunnel attributes with minimum data loss and without extra bandwidth.

  • Page 103

    ResvConf messages—Sent to receivers to confirm Resv messages. • Hello messages—Sent between any two directly connected RSVP neighbors to set up and maintain • the neighbor relationship that has local significance on the link. The TE extension to RSVP adds new objects to the Path message and the Resv message. These objects carry not only label bindings but also routing constraints, supporting CR-LSP and FRR.

  • Page 104

    On an interface enabled with the Message_ID mechanism, you can configure RSVP message retransmission. If a node sends a message carrying the Message_ID object, and the ACK_Desired flag in the object is set, the node expects a response that carries the Message_ID_ACK object during the initial retransmission interval (Rf).

  • Page 105: Traffic Forwarding

    If a GR helper and the GR restarter reestablish a Hello session before the restart timer expires, the recovery timer is started and signaling packet exchanging is triggered to restore the original soft state. Otherwise, all RSVP soft state information and forwarding entries relevant to the neighbor are removed. If the recovery timer expires, soft state information and forwarding entries that are not restored during the GR restarting process are removed.

  • Page 106: Cr-lsp Backup

    Figure 28 IGP shortcut and forwarding adjacency A TE tunnel is present between Router D and Router C. With IGP shortcut enabled, the ingress node Router D can use this tunnel when calculating IGP routes. This tunnel, however, is invisible to Router A. Router A cannot use this tunnel to reach Router C.

  • Page 107

    Protected LSP—A primary LSP to be protected. • Bypass LSP—An LSP used to protect primary LSPs. • • Point of local repair (PLR)—The ingress node of a bypass LSP. It must be located on a protected LSP but must not be the egress node. Merge point (MP)—The egress node of the bypass LSP.

  • Page 108: Ps For An Mpls Te Tunnel

    PS for an MPLS TE tunnel Protection switching (PS) refers to establishing one or more protection tunnels (backup tunnels) for a main tunnel. A main tunnel and its protection tunnels form a protection group. When the main tunnel fails, data is switched to a protection tunnel immediately, greatly improving the reliability of the network.

  • Page 109: Mpls Te Configuration Task List

    RFC 3209, RSVP-TE: Extensions to RSVP for LSP Tunnels • RFC 2961, RSVP Refresh Overhead Reduction Extensions • • RFC 3564, Requirements for Support of Differentiated Service-aware MPLS Traffic Engineering ITU-T Recommendation Y.1720, Protection switching for MPLS networks • MPLS TE configuration task list Task Remarks Configuring basic MPLS TE...

  • Page 110: Creating An Mpls Te Tunnel Over A Static Cr-lsp

    Step Command Remarks Enter the interface view of an interface interface-type MPLS TE link. interface-number Enable interface MPLS TE. mpls te Disabled by default. Return to system view. quit Create a tunnel interface and interface tunnel tunnel-number enter its view. Assign an IP address to the ip address ip-address netmask Optional.

  • Page 111: Configuring An Mpls Te Tunnel With A Dynamic Signaling Protocol

    Step Command Remarks Enter the interface view of an interface tunnel tunnel-number MPLS TE tunnel. Configure the tunnel to use mpls te signal-protocol static static CR-LSP. Submit current tunnel mpls te commit configuration. Return to system view. quit • On the ingress node: static-cr-lsp ingress tunnel-name destination dest-addr nexthop next-hop-addr out-label...

  • Page 112: Configuration Procedure

    Configure basic MPLS TE. • Configuration procedure Task Remarks Configuring CSPF Optional. Configuring OSPF TE Required when CSPF is configured. Choose one depending on the IGP protocol used. Configuring IS-IS TE Configuring an MPLS TE explicit path Optional. Configuring MPLS TE tunnel constraints Optional.

  • Page 113

    IP addresses, IS-IS TE advertises only the primary IP address of the interface through the sub-TLV of IS reachability TLV (type 22). HP recommends that you avoid enabling IS-IS TE on an interface configured with secondary IP addresses.

  • Page 114

    When establishing an MPLS TE tunnel between areas or ASs, use a loose explicit route, specify the ABR or ASBR as the next hop of the route, and make sure the tunnel's ingress node and the ABR or ASBR can reach each other.

  • Page 115: Configuring Rsvp-te Advanced Features

    Establishing an MPLS TE tunnel with RSVP-TE To use RSVP-TE to set up an MPLS TE tunnel, enable both MPLS TE and RSVP-TE on the interfaces for the tunnel to use on each node along the tunnel. To establish an MPLS TE tunnel with RSVP-TE: Step Command Remarks...

  • Page 116: Configuring Rsvp State Timers

    In current MPLS TE applications, the SE style is mainly used for make-before-break. The FF style is rarely used. To configure RSVP reservation style: Step Command Remarks Enter system view. system-view Enter MPLS TE tunnel interface interface tunnel tunnel-number view. Optional.

  • Page 117: Configuring The Rsvp Hello Extension

    Step Command Remarks Optional. Enable the reliability mechanism mpls rsvp-te reliability of RSVP-TE. Disabled by default. mpls rsvp-te timer retransmission Optional. Enable retransmission. { increment-value [ increment-value ] | Disabled by default. retransmit-value [ retrans-timer-value ] } * Optional. Enable summary refresh. mpls rsvp-te srefresh Disabled by default.

  • Page 118: Configuring Rsvp Authentication

    Step Command Remarks Enable resource reservation mpls rsvp-te resvconfirm Disabled by default. confirmation. Configuring RSVP authentication RSVP adopts hop-by-hop authentication to prevent fake resource reservation requests from occupying network resources. The interfaces at the two ends of a link must share the same authentication key to exchange RSVP messages.

  • Page 119: Tuning Cr-lsp Setup

    Step Command Remarks Enable global RSVP hello mpls rsvp-te hello Disabled by default. extension. Enable MPLS RSVP-TE GR. mpls rsvp-te graceful-restart Disabled by default. Optional. Set the RSVP-TE GR restart mpls rsvp-te timer graceful-restart timer. restart restart-time 120 seconds by default. Optional.

  • Page 120: Configuring Cr-lsp Reoptimization

    Suppose the affinity of an MPLS TE tunnel is 0xFFFFFFFF and the mask is 0x0000FFFF. For a link to be used by the tunnel, the leftmost 16 bits of its administrative group attribute can be 0s or 1s, but at least one of the rest bits must be 1.

  • Page 121: Tuning Mpls Te Tunnel Setup

    Tuning MPLS TE tunnel setup This section only covers the configuration tasks for tuning MPLS TE tunnel setup. You must use the configurations described in this section together with a dynamic signaling protocol (such as RSVP-TE). Before performing the configuration tasks, be aware of each configuration objective and its impact on your system.

  • Page 122: Assigning Priorities To A Tunnel

    Step Command Remarks Optional. Configure the tunnel setup mpls te timer retry seconds retry interval. The default is 2 seconds. Submit current tunnel mpls te commit configuration. Assigning priorities to a tunnel Two priorities, setup priority and holding priority, are assigned to paths for MPLS TE to make preemption decision.

  • Page 123: Forwarding Traffic Along Mpls Te Tunnels Through Automatic Route Advertisement

    Step Command Remarks ip route-static dest-address { mask The interface-type argument in the | mask-length } interface-type ip route-static command must be interface-number tunnel. In addition, the preference Create a static route for [ gateway-address ] | vpn-instance value must be set. forwarding traffic along an d-vpn-instance-name MPLS TE tunnel.

  • Page 124: Configuring Traffic Forwarding Tuning Parameters

    Create a bi-directional MPLS TE tunnel and enable forwarding adjacency at both ends of the tunnel to make forwarding adjacency take effect. To configure a forwarding adjacency: Step Command Remarks Enter system view. system-view Enter MPLS TE tunnel interface interface tunnel tunnel-number view.

  • Page 125: Specifying The Link Metric Type For Tunnel Path Calculation

    Specifying the link metric type for tunnel path calculation Step Command Remarks Enter system view. system-view Enter MPLS view. mpls Specify the metric type to use Optional. when metric type mpls te path metric-type { igp | te } TE metrics of links are used by explicitly configured for a default.

  • Page 126: Configuring Frr

    Configure CR-LSP backup mode at the ingress node of a tunnel. The system automatically selects the primary LSP and backup LSP. You do not need to configure them. Before you configure CR-LSP backup, complete the following tasks: Configure basic MPLS. •...

  • Page 127: Configuring A Bypass Tunnel On Its Plr

    Step Command Remarks Enter system view. system-view Enter tunnel interface view of interface tunnel tunnel-number the protected LSP. Disabled by default. Do not configure both FRR and Enable FRR. mpls te fast-reroute RSVP authentication on the same interface. Submit current tunnel mpls te commit configuration.

  • Page 128: Configuring Node Protection

    Step Command Remarks Enter interface view of the interface interface-type outgoing interface of the interface-number protected LSP. mpls te fast-reroute Bind the bypass tunnel with bypass-tunnel tunnel the protected interface. tunnel-number Configuring node protection To use FRR for node protection, perform the tasks in this section on the PLR and the protected node. If you only need to protect links, skip this section.

  • Page 129: Inspecting An Mpls Te Tunnel

    Inspecting an MPLS TE tunnel When an MPLS TE tunnel fails or affects data forwarding due to performance degradation, the control plane cannot detect the fault or cannot do so in time. This brings difficulty to network maintenance. To detect MPLS TE tunnel failures in time and locate the failed node, the device provides the following mechanisms: MPLS LSP ping •...

  • Page 130

    packet received from the egress. Upon detecting an MPLS TE tunnel failure, BFD triggers protection switching to switch traffic to another tunnel. A BFD session for MPLS TE tunnel detection can be static or dynamic. Static—If you specify the local and remote discriminator values by using the discriminator keyword •...

  • Page 131: Configuring Periodic Lsp Tracert For An Mpls Te Tunnel

    Step Command Remarks By default, LSP inspection is disabled. Enable LSP inspection and mpls lspv For more information about the enter MPLS LSPV view. mpls lspv command, see MPLS Command Reference. Return to system view. quit Enter the tunnel interface view interface tunnel tunnel-number of an MPLS TE tunnel.

  • Page 132: Configuring Protection Switching

    Step Command Remarks Configure MPLS TE to tear Optional. down a failed RSVP TE tunnel mpls te failure-action teardown Not configured by default. and reestablish it. Configuring protection switching Before you configure protection switching, complete following tasks: • Configure basic MPLS. Enable MPLS TE and create an MPLS TE tunnel.

  • Page 133

    Task Command Remarks display mpls rsvp-te [ interface [ interface-type interface-number ] Display RSVP-TE configuration. Available in any view. [ | { begin | exclude | include } regular-expression ] ] display mpls rsvp-te established [ interface interface-type Display the RSVP-TE tunnel interface-number ] [ | { begin | Available in any view.

  • Page 134

    Task Command Remarks display mpls te link-administration Display information about the admission-control [ interface CR-LSPs carried on the specified or interface-type interface-number ] [ | Available in any view. all links. { begin | exclude | include } regular-expression ] display mpls te tunnel [ destination dest-addr ] [ lsp-id lsr-id lsp-id ] [ lsr-role { all | egress | ingress |...

  • Page 135: Configuring Mpls Te Examples

    Task Command Remarks display isis traffic-eng network [ level-1 | level-1-2 | level-2 ] Display information about TE [ process-id | vpn-instance Available in any view. networks for IS-IS. vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] display isis traffic-eng statistics [ process-id | vpn-instance...

  • Page 136

    Figure 31 Network diagram Configuration procedure Configure IP addresses and masks for interfaces according to Figure 31. (Details not shown.) Enable IS-IS to advertise host routes with LSR IDs as destinations: # Configure Switch A. <SwitchA> system-view [SwitchA] isis 1 [SwitchA-isis-1] network-entity 00.0005.0000.0000.0001.00 [SwitchA-isis-1] quit [SwitchA] interface vlan-interface 1...

  • Page 137

    [SwitchC-isis-1] network-entity 00.0005.0000.0000.0003.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] isis enable 1 [SwitchC-Vlan-interface2] quit [SwitchC] interface loopback 0 [SwitchC-LoopBack0] isis enable 1 [SwitchC-LoopBack0] quit # Execute the display ip routing-table command on each switch. The output shows that all nodes have learned the host routes of other nodes with LSR IDs as destinations.

  • Page 138

    [SwitchC] mpls lsr-id 3.3.3.3 [SwitchC] mpls [SwitchC-mpls] mpls te [SwitchC-mpls] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] mpls [SwitchC-Vlan-interface2] mpls te [SwitchC-Vlan-interface2] quit Configure an MPLS TE tunnel on Switch A: [SwitchA] interface tunnel 0 [SwitchA-Tunnel0] ip address 6.1.1.1 255.255.255.0 [SwitchA-Tunnel0] tunnel-protocol mpls te [SwitchA-Tunnel0] destination 3.3.3.3 [SwitchA-Tunnel0] mpls te tunnel-id 10 [SwitchA-Tunnel0] mpls te signal-protocol static...

  • Page 139

    0 output error # Execute the display mpls te tunnel command on each switch to view information about the MPLS TE tunnel. [SwitchA] display mpls te tunnel LSP-Id Destination In/Out-If Name 1.1.1.1:1 3.3.3.3 -/Vlan1 Tunnel0 [SwitchB] display mpls te tunnel LSP-Id Destination In/Out-If...

  • Page 140: Mpls Te Using Rsvp-te Configuration Example

    # Create a static route to direct traffic to the MPLS TE tunnel. [SwitchA] ip route-static 3.2.1.2 24 tunnel 0 preference 1 # Execute the display ip routing-table command on Switch A. You can see a static route entry with interface Tunnel 0 as the outgoing interface.

  • Page 141

    [SwitchA-LoopBack0] quit # Configure Switch B. <SwitchB> system-view [SwitchB] isis 1 [SwitchB-isis-1] network-entity 00.0005.0000.0000.0002.00 [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 1 [SwitchB-Vlan-interface1] isis enable 1 [SwitchB-Vlan-interface1] isis circuit-level level-2 [SwitchB-Vlan-interface1] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] isis enable 1 [SwitchB-Vlan-interface2] isis circuit-level level-2 [SwitchB-Vlan-interface2] quit [SwitchB] interface loopback 0 [SwitchB-LoopBack0] isis enable 1...

  • Page 142

    # Execute the display ip routing-table command on each switch. The output shows that all nodes have learned the host routes of other nodes with LSR IDs as destinations. Take Switch A for example: [SwitchA] display ip routing-table Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask...

  • Page 143

    [SwitchC] mpls lsr-id 3.3.3.9 [SwitchC] mpls [SwitchC-mpls] mpls te [SwitchC-mpls] mpls rsvp-te [SwitchC-mpls] mpls te cspf [SwitchC-mpls] quit [SwitchC] interface vlan-interface 3 [SwitchC-Vlan-interface3] mpls [SwitchC-Vlan-interface3] mpls te [SwitchC-Vlan-interface3] mpls rsvp-te [SwitchC-Vlan-interface3] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] mpls [SwitchC-Vlan-interface2] mpls te [SwitchC-Vlan-interface2] mpls rsvp-te [SwitchC-Vlan-interface2] quit # Configure Switch D.

  • Page 144

    [SwitchD-isis-1] traffic-eng level-2 [SwitchD-isis-1] quit Configure MPLS TE attributes of links: # Configure maximum link bandwidth and maximum reservable bandwidth on Switch A. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] mpls te max-link-bandwidth 10000 [SwitchA-Vlan-interface1] mpls te max-reservable-bandwidth 5000 [SwitchA-Vlan-interface1] quit # Configure maximum link bandwidth and maximum reservable bandwidth on Switch B. [SwitchB] interface vlan-interface 1 [SwitchB-Vlan-interface1] mpls te max-link-bandwidth 10000 [SwitchB-Vlan-interface1] mpls te max-reservable-bandwidth 5000...

  • Page 145

    Description: Tunnel1 Interface The Maximum Transmit Unit is 64000 Internet Address is 7.1.1.1/24 Primary Encapsulation is TUNNEL, service-loopback-group ID not set Tunnel source unknown, destination 4.4.4.9 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0...

  • Page 146: Rsvp-te Gr Configuration Example

    Car Policy Disabled Tunnel Group Primary Primary Tunnel Backup Tunnel Group Status # Execute the display mpls te cspf tedb all command on Switch A to view information about links in TEDB. [SwitchA] display mpls te cspf tedb all Maximum Node Supported: 128 Maximum Link Supported: 256 Current Total Node Number: 4 Current Total Link Number: 6...

  • Page 147

    [SwitchA-mpls] mpls te [SwitchA-mpls] mpls rsvp-te [SwitchA-mpls] mpls rsvp-te hello [SwitchA-mpls] interface vlan-interface 1 [SwitchA-Vlan-interface1] mpls [SwitchA-Vlan-interface1] mpls te [SwitchA-Vlan-interface1] mpls rsvp-te [SwitchA-Vlan-interface1] mpls rsvp-te hello [SwitchA-Vlan-interface1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] mpls lsr-id 2.2.2.9 [SwitchB] mpls [SwitchB-mpls] mpls te [SwitchB-mpls] mpls rsvp-te [SwitchB-mpls] mpls rsvp-te hello...

  • Page 148: Mpls Rsvp-te And Bfd Cooperation Configuration Example

    [SwitchA] mpls [SwitchA-mpls] mpls rsvp-te graceful-restart # Configure Switch B. <SwitchB> system-view [SwitchB] mpls [SwitchB-mpls] mpls rsvp-te graceful-restart # Configure Switch C. <SwitchC> system-view [SwitchC] mpls [SwitchC-mpls] mpls rsvp-te graceful-restart Verify the configuration: After the configuration, a tunnel is created between Switch A and Switch C. Execute the display mpls rsvp-te peer command.

  • Page 149

    [SwitchA-mpls] mpls rsvp-te [SwitchA-mpls] quit [SwitchA] interface vlan-interface 12 [SwitchA-Vlan-interface12] mpls [SwitchA-Vlan-interface12] mpls te [SwitchA-Vlan-interface12] mpls rsvp-te [SwitchA-Vlan-interface12] mpls rsvp-te bfd enable [SwitchA-Vlan-interface12] quit # Configure Switch B. <SwitchB> system-view [SwitchB] mpls lsr-id 2.2.2.2 [SwitchB] mpls [SwitchB-mpls] mpls te [SwitchB-mpls] mpls rsvp-te [SwitchB-mpls] quit [SwitchB] interface vlan-interface 12 [SwitchB-Vlan-interface12] mpls...

  • Page 150: Cr-lsp Backup Configuration Example

    [SwitchA-Tunnel1] tunnel-protocol mpls te [SwitchA-Tunnel1] destination 2.2.2.2 [SwitchA-Tunnel1] mpls te tunnel-id 10 [SwitchA-Tunnel1] mpls te signal-protocol rsvp-te [SwitchA-Tunnel1] mpls te commit [SwitchA-Tunnel1] return Verify the configuration: On Switch A, display the detailed information about the BFD session between Switch A and Switch <SwitchA>...

  • Page 151

    Vlan-int1 10.1.1.1/24 Vlan-int4 30.1.1.2/24 Vlan-int4 30.1.1.1/24 Vlan-int3 40.1.1.1/24 Switch B Loop0 2.2.2.9/32 Switch C Loop0 3.3.3.9/32 Vlan-int1 10.1.1.2/24 Vlan-int2 20.1.1.2/24 Vlan-int2 20.1.1.1/24 Vlan-int3 40.1.1.2/24 Configuration procedure Configure IP addresses and masks for interfaces according to Figure 35. (Details not shown.) Configure the IGP protocol: # Enable IS-IS to advertise host routes with LSR IDs as destinations on each node.

  • Page 152

    # Execute the display interface tunnel command on Switch A. [SwitchA] display interface tunnel Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 64000 Internet Address is 9.1.1.1/24 Primary Encapsulation is TUNNEL, service-loopback-group ID not set Tunnel source unknown, destination 3.3.3.9 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards)

  • Page 153: Frr Configuration Example

    Hop 3 40.1.1.1 Hop 4 40.1.1.2 Hop 5 3.3.3.9 # Execute the tracert command to draw the picture of the path that a packet must travel to reach the tunnel destination. [SwitchA] tracert –a 1.1.1.9 3.3.3.9 traceroute to 3.3.3.9(3.3.3.9) 30 hops max,40 bytes packet 1 10.1.1.2 25 ms 30.1.1.2 25 ms 10.1.1.2 25 ms 2 40.1.1.2 45 ms 20.1.1.2 29 ms 40.1.1.2 54 ms The output shows that the current LSP traverses Switch B but not Switch D.

  • Page 154

    Figure 36 Network diagram Device Interface IP address Device Interface IP address Switch A Loop0 1.1.1.1/32 Switch E Loop0 5.5.5.5/32 Vlan-int1 2.1.1.1/24 Vlan-int4 3.2.1.2/24 Switch B Loop0 2.2.2.2/32 Vlan-int5 3.3.1.1/24 Vlan-int1 2.1.1.2/24 Switch C Loop0 3.3.3.3/32 Vlan-int2 3.1.1.1/24 Vlan-int3 4.1.1.1/24 Vlan-int4 3.2.1.1/24 Vlan-int2...

  • Page 155

    127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configure basic MPLS TE, and enable RSVP-TE and CSPF: # Configure Switch A. [SwitchA] mpls lsr-id 1.1.1.1 [SwitchA] mpls [SwitchA-mpls] mpls te [SwitchA-mpls] mpls rsvp-te [SwitchA-mpls] mpls te cspf [SwitchA-mpls] quit [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] mpls [SwitchA-Vlan-interface1] mpls te [SwitchA-Vlan-interface1] mpls rsvp-te...

  • Page 156

    [SwitchA-Tunnel4] ip address 10.1.1.1 255.255.255.0 [SwitchA-Tunnel4] tunnel-protocol mpls te [SwitchA-Tunnel4] destination 4.4.4.4 [SwitchA-Tunnel4] mpls te tunnel-id 10 [SwitchA-Tunnel4] mpls te path explicit-path pri-path preference 1 # Enable FRR. [SwitchA-Tunnel4] mpls te fast-reroute [SwitchA-Tunnel4] mpls te commit [SwitchA-Tunnel4] quit # Execute the display interface tunnel command on Switch A. [SwitchA] display interface tunnel Tunnel4 current state: UP Line protocol current state: UP...

  • Page 157

    Record Route Enabled Record Label : Enabled FRR Flag Enabled BackUpBW Flag: Not Supported BackUpBW Type BackUpBW Route Pinning Disabled Retry Limit Retry Interval: 10 sec Reopt Disabled Reopt Freq Back Up Type None Back Up LSPID Auto BW Disabled Auto BW Freq : Min BW Max BW...

  • Page 158

    In/Out Label In/Out IF Vrf Name 4.4.4.4/32 NULL/1024 -/Vlan1 [SwitchB] display mpls lsp ------------------------------------------------------------------ LSP Information: RSVP LSP ------------------------------------------------------------------ In/Out Label In/Out IF Vrf Name 4.4.4.4/32 1024/1024 Vlan1/Vlan2 3.3.3.3/32 NULL/1024 -/Vla4 [SwitchC] display mpls lsp ------------------------------------------------------------------ LSP Information: RSVP LSP ------------------------------------------------------------------ In/Out Label In/Out IF...

  • Page 159

    # Execute the display mpls lsp verbose command on Switch B. [SwitchB] display mpls lsp verbose ------------------------------------------------------------------- LSP Information: RSVP LSP ------------------------------------------------------------------- IngressLsrID 1.1.1.1 LocalLspID Tunnel-Interface Tunnel4 4.4.4.4/32 Nexthop 3.1.1.2 In-Label 1024 Out-Label 1024 In-Interface Vlan-interface1 Out-Interface Vlan-interface2 LspIndex 4097 Tunnel ID 0x22001 LsrType...

  • Page 160

    # Execute the display mpls te tunnel-interface command on Switch A to view the configuration of the tunnel interface. [SwitchA] display mpls te tunnel-interface Tunnel Name : Tunnel4 Tunnel Desc : Tunnel4 Interface Tunnel State Desc : Modifying CR-LSP is setting up Tunnel Attributes LSP ID 1.1.1.1:1...

  • Page 161

    Class Type Tunnel BW 0 kbps Reserved BW 0 kbps Setup Priority Hold Priority: Affinity Prop/Mask 0x0/0x0 Explicit Path Name pri-path Tie-Breaking Policy : None Metric Type None Record Route Enabled Record Label : Enabled FRR Flag Enabled BackUpBW Flag: Not Supported BackUpBW Type BackUpBW...

  • Page 162: Mpls Te In Mpls L3vpn Configuration Example

    Bypass In Use In Use BypassTunnel Tunnel Index[Tunnel5], InnerLabel[1024] Mpls-Mtu 1500 IngressLsrID 2.2.2.2 LocalLspID Tunnel-Interface Tunnel5 3.3.3.3/32 Nexthop 3.2.1.2 In-Label NULL Out-Label 1024 In-Interface ---------- Out-Interface Vlan-interface4 LspIndex 4098 Tunnel ID 0x22002 LsrType Ingress Bypass In Use Not Exists BypassTunnel Tunnel Index[---] Mpls-Mtu 1500...

  • Page 163

    To allow the MPLS L3VPN traffic to travel the TE tunnel, configure a tunneling policy to use a CR-LSP as the VPN tunnel when creating the VPN. Figure 37 Network diagram Configuration procedure Configure OSPF, making sure PE 1 and PE 2 can learn LSR-ID routes from each other: # Configure PE 1.

  • Page 164

    # After you complete the configuration, the PEs are able to establish the OSPF neighbor relationship. Execute the display ospf peer verbose command. You can see that the neighbor relationship state is FULL. Execute the display ip routing-table command. You can see that the PEs have learned the routes to the loopback interfaces of each other.

  • Page 165

    [PE2-Vlan-interface2] mpls [PE2-Vlan-interface2] mpls te [PE2-Vlan-interface2] mpls rsvp-te [PE2-Vlan-interface2] quit Enable OSPF TE: # Configure PE 1. [PE1] ospf [PE1-ospf-1] opaque-capability enable [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] mpls-te enable [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure PE 2. [PE2] ospf [PE2-ospf-1] opaque-capability enable [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] mpls-te enable [PE2-ospf-1-area-0.0.0.0] quit...

  • Page 166

    [PE1-tunnel-policy-policy1] quit [PE1] interface vlan-interface 1 [PE1-Vlan-interface1] ip binding vpn-instance vpn1 [PE1-Vlan-interface1] ip address 192.168.1.1 255.255.255.0 [PE1-Vlan-interface1] quit # Configure on CE 2. <CE2> system-view [CE2] interface vlan-interface 3 [CE2-Vlan-interface3] ip address 192.168.2.2 255.255.255.0 [CE2-Vlan-interface3] quit # Configure the VPN instance on PE 2, and bind it with the interface connected to CE 2. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 100:2 [PE2-vpn-instance-vpn1] vpn-target 100:1 both...

  • Page 167

    [CE1-bgp] peer 192.168.1.1 as-number 100 [CE1-bgp] quit # Configure PE 1 to establish the EBGP peer relationship with CE 1, and the IBGP peer relationship with PE 2. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 192.168.1.2 as-number 65001 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] peer 3.3.3.3 as-number 100...

  • Page 168

    [CE1] ping 192.168.2.2 PING 192.168.2.2: 56 data bytes, press CTRL_C to break Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=253 time=61 ms Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=253 time=54 ms Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=253 time=53 ms Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=253 time=57 ms Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=253 time=36 ms --- 192.168.2.2 ping statistics --- 5 packet(s) transmitted...

  • Page 169

    LSP Information: BGP ------------------------------------------------------------------ VrfIndex vpn1 192.168.1.0/24 Nexthop 192.168.1.1 In-Label 1024 Out-Label NULL In-Interface ---------- Out-Interface ---------- LspIndex 8193 Tunnel ID LsrType Egress Outgoing Tunnel ID Label Operation ------------------------------------------------------------------ LSP Information: LDP LSP ------------------------------------------------------------------ VrfIndex 2.2.2.2/32 Nexthop 127.0.0.1 In-Label Out-Label NULL In-Interface Vlan-interface2...

  • Page 170: Troubleshooting Mpls Te

    [PE1] display interface tunnel 1 Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 1500 Internet Address is 12.1.1.1/24 Primary Encapsulation is TUNNEL, service-loopback-group ID not set Tunnel source unknown, destination 3.3.3.3 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0...

  • Page 171: Configuring Vpls

    Configuring VPLS This chapter describes how to configure VPLS. VPLS overview Virtual Private LAN Service (VPLS), also called "Transparent LAN Service (TLS)" or "virtual private switched network service," can deliver a point-to-multipoint L2VPN service over public networks. With VPLS, geographically-dispersed sites can interconnect and communicate over MAN or WAN as if they were on the same LAN.

  • Page 172: Mac Address Learning And Flooding

    PW signaling—The PW signaling protocol is the fundament of VPLS. It is used for creating and • maintaining PWs and automatically discovering VSI peer PEs. Two PW signaling protocols are available: LDP and BGP. Figure 38 VPLS network diagram Site 1 Tunnel VPN 1 CE 1...

  • Page 173: Vpls Loop Avoidance

    Figure 39 MAC learning and flooding on PEs MAC address reclaim • Dynamic address learning must support refreshing and relearning. The VPLS draft defines a dynamic address learning method that uses the address reclaim message, which carries MAC TLV. Upon receiving such a message, a device removes MAC addresses or relearns them according to the specified parameters in the TLV.

  • Page 174: Vpls Packet Encapsulation

    Split horizon forwarding—Each PE must support horizontal split to avoid loops. A PE cannot • forward packets through PWs of the same VSI, because all PEs of a VSI are directly connected. Packets from PWs on the public network side cannot be forwarded to other PWs. They can only be forwarded to the private network side.

  • Page 175

    H-VPLS with LSP access Figure 40 H-VPLS with LSP access As shown in Figure 40, UPE functions as the MTU-s and establishes only a virtual link U-PW with NPE 1. It does not establish virtual links with any other peers. Data forwarding in H-VPLS with LSP access is as follows: Upon receiving a packet from a CE, UPE tags the packet with the MPLS label for the U-PW, namely, "the multiplex distinguishing flag,"...

  • Page 176: Vpls Configuration Task List

    When receiving the packet, PE 1 determines which VSI the packet belongs to by the VLAN tag and, based on the destination MAC address of the packet, tags the packet with the multiplex distinguishing flag (MPLS label) for the PW. Then, it forwards the packet. Upon receiving the packet from the PW, PE 1 determines to which VSI the packet belongs by the multiplex distinguishing flag (MPLS label) and, based on the destination MAC address of the packet, labels the packet with the VLAN tag.

  • Page 177: Enabling L2vpn And Mpls L2vpn

    Task Remarks Configuring VPLS instance attributes Optional. Enabling L2VPN and MPLS L2VPN Enable L2VPN and MPLS L2VPN before you perform VPLS-related configurations. To enable L2VPN and MPLS L2VPN: Step Command Enter system view. system-view Enable L2VPN and enter L2VPN view. l2vpn Enable MPLS L2VPN.

  • Page 178: Configuring Bgp Vpls

    PW class to be referenced. A PW class defines the PW transport mode and tunneling policy for the PW. To configure an LDP VPLS instance: Step Command Remarks Enter system view. system-view Optional. Create a PW class and enter pw-class pw-class-name its view.

  • Page 179: Configuring The Bgp Extension

    Configuring the BGP extension Before configuring BGP VPLS, configure BGP parameters on the PEs. For configuration details, see Layer 3—IP Routing Configuration Guide. To configure BGP extension: Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number For more configurations in Enter BGP-VPLS address...

  • Page 180: Binding A Service Instance With A Vpls Instance

    Binding a service instance with a VPLS instance To bind a service instance with a VPLS instance, create the service instance on a Layer 2 Ethernet interface, configure a packet matching rule for the service instance, and then bind the service instance with the VPLS instance.

  • Page 181: Displaying And Maintaining Vpls

    Step Command Remarks Optional. Specify encapsulation encapsulation { bgp-vpls | ethernet vlan by default, which type of the VPLS instance. | vlan } corresponds to the VSI PW encapsulation type of tagged. Optional. Set the description of the VPLS description text instance.

  • Page 182: Vpls Configuration Examples

    Task Command Remarks display mpls l2vpn fib ac vpls [ vsi vsi-name | interface interface-type Display the AC entry information of interface-number [ service-instance one or all VPLS instances (in service-instanceid ] ] [ slot Available in any view. standalone mode). slot-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ]...

  • Page 183: Binding Service Instances With Vpls Instances

    Binding service instances with VPLS instances Network requirements CE 1 and CE 2 are connected to PE 1 and PE 2 through VLANs. On PE 1 and PE 2, perform the following configuration: • Configure VPLS instance aaa to use LDP (Martini mode) and VPLS instance bbb to use BGP (Kompella mode), and configure the AS number as 100.

  • Page 184

    [PE1-mpls-ldp-remote-1] quit # Configure the interface connected to the P device and enable LDP on the interface. [PE1] interface vlan-interface 2 [PE1-Vlan-interface2] ip address 23.1.1.1 24 [PE1-Vlan-interface2] mpls [PE1-Vlan-interface2] mpls ldp [PE1-Vlan-interface2] quit # Configure OSPF. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 23.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit...

  • Page 185

    [PE1-GigabitEthernet1/0/1-srv2000] quit [PE1-GigabitEthernet1/0/1] quit Configure the P device: # Configure an IP address for loopback 0. <Sysname> system-view [Sysname] sysname P [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit # Configure the LSR ID and enable MPLS globally. [P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit...

  • Page 186

    # Enable L2VPN and MPLS L2VPN. [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit # Enable LDP globally. [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure PE 2 to establish a remote LDP peer PE 1. [PE2] mpls ldp remote-peer 2 [PE2-mpls-ldp-remote-2] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-2] quit # Configure the interface connected to the P device and enable LDP on the interface.

  • Page 187: Configuring Pw Redundancy For H-vpls Access

    # On the interface connecting CE 2, create service instance 1000 and bind it with VPLS instance aaa, and create service instance 2000 and bind it with VPLS instance bbb. [PE2] interface gigabitethernet 1/0/1 [PE2-GigabitEthernet1/0/1] service-instance 1000 [PE2-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 100 [PE2-GigabitEthernet1/0/1-srv1000] xconnect vsi aaa [PE2-GigabitEthernet1/0/1-srv1000] quit [PE2-GigabitEthernet1/0/1] service-instance 2000...

  • Page 188

    Figure 44 Network diagram Configuration procedure Configure the IGP protocol on the MPLS backbone. (Details not shown.) Configure UPE: # Configure basic MPLS. <Sysname> system-view [Sysname] sysname UPE [UPE] interface loopback 0 [UPE-LoopBack0] ip address 1.1.1.1 32 [UPE-LoopBack0] quit [UPE] mpls lsr-id 1.1.1.1 [UPE] mpls [UPE-mpls] quit [UPE] mpls ldp...

  • Page 189

    # Configure the remote LDP peer NPE 2. [UPE] mpls ldp remote-peer 2 [UPE-mpls-remote-1] remote-ip 3.3.3.3 [UPE-mpls-remote-1] quit # Enable L2VPN and MPLS L2VPN. [UPE] l2vpn [UPE-l2vpn] mpls l2vpn [UPE-l2vpn] quit # Configure the basic attributes of VPLS instance aaa, which uses LDP. [UPE] vsi aaa static [UPE-vsi-aaa] pwsignal ldp [UPE-vsi-aaa-ldp] vsi-id 500...

  • Page 190

    [NPE1] interface vlan-interface 15 [NPE1-Vlan-interface15] ip address 15.1.1.1 24 [NPE1-Vlan-interface15] mpls [NPE1-Vlan-interface15] mpls ldp [NPE1-Vlan-interface15] quit # Configure the remote LDP peer UPE. [NPE1] mpls ldp remote-peer 2 [NPE1-mpls-remote-2] remote-ip 1.1.1.1 [NPE1-mpls-remote-2] quit # Configure the remote LDP peer NPE 3. [NPE1] mpls ldp remote-peer 3 [NPE1-mpls-remote-3] remote-ip 4.4.4.4 [NPE1-mpls-remote-3] quit...

  • Page 191: Configuring Bfd For The Primary Link In An H-vpls Network

    [NPE3-Vlan-interface16] ip address 16.1.1.2 255.255.255.0 [NPE3-Vlan-interface16] mpls [NPE3-Vlan-interface16] mpls ldp [NPE3-Vlan-interface16] quit # Configure the remote LDP session. [NPE3] mpls ldp remote-peer 1 [NPE3-mpls-remote-1] remote-ip 2.2.2.2 [NPE3-mpls-remote-1] quit [NPE3] mpls ldp remote-peer 2 [NPE3-mpls-remote-2] remote-ip 3.3.3.3 [NPE3-mpls-remote-2] quit # Enable L2VPN and MPLS L2VPN. [NPE3] l2vpn [NPE3-l2vpn] mpls l2vpn [NPE3-l2vpn] quit...

  • Page 192

    Figure 45 Network diagram Configuration procedure Configure basic MPLS: # Configure Switch A. <SwitchA> system-view [SwitchA] mpls lsr-id 1.1.1.9 [SwitchA] mpls [SwitchA-mpls] quit [SwitchA] mpls ldp [SwitchA-mpls-ldp] quit [SwitchA] mpls ldp remote-peer switchb [SwitchA-mpls-ldp-remote-switchb] remote-ip 2.2.2.9 [SwitchA-mpls-ldp-remote-switchb] remote-ip bfd [SwitchA-mpls-ldp-remote-switchb] quit [SwitchA] mpls ldp remote-peer switchc [SwitchA-mpls-ldp-remote-switchc] remote-ip 3.3.3.9 [SwitchA-mpls-ldp-remote-switchc] remote-ip bfd...

  • Page 193

    <SwitchB> system-view [SwitchB] mpls lsr-id 2.2.2.9 [SwitchB] mpls [SwitchB-mpls] quit [SwitchB] mpls ldp [SwitchB-mpls-ldp] quit [SwitchB] mpls ldp remote-peer switcha [SwitchB-mpls-ldp-remote-switcha] remote-ip 1.1.1.9 [SwitchB-mpls-ldp-remote-switcha] remote-ip bfd [SwitchB-mpls-ldp-remote-switcha] quit [SwitchB] vlan 12 [SwitchB-vlan12] port gigabitethernet 1/0/1 [SwitchB-vlan12] quit [SwitchB] interface vlan-interface 12 [SwitchB-Vlan-interface12] mpls [SwitchB-Vlan-interface12] mpls ldp [SwitchB-Vlan-interface12] quit...

  • Page 194

    [SwitchB-Vlan-interface12] ip address 12.1.1.2 24 [SwitchB-Vlan-interface12] quit [SwitchB] interface loopback 0 [SwitchB-LoopBack0] ip address 2.2.2.9 32 [SwitchB-LoopBack0] quit # Configure Switch C. [SwitchC] interface vlan-interface 13 [SwitchC-Vlan-interface13] ip address 13.1.1.3 24 [SwitchC-Vlan-interface13] quit [SwitchC] interface loopback 0 [SwitchC-LoopBack0] ip address 3.3.3.9 32 [SwitchC-LoopBack0] quit Configure basic OSPF functions: # Configure Switch A.

  • Page 195

    [SwitchA-vlan100] port gigabitethernet 1/0/1 [SwitchA-vlan100] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] l2 binding vsi vpna [SwitchA-Vlan-interface100] return # Configure Switch B. [SwitchB] l2vpn [SwitchB-l2vpn] mpls l2vpn [SwitchB-l2vpn] quit [SwitchB] vsi vpna static [SwitchB-vsi-vpna] pwsignal ldp [SwitchB-vsi-vpna-ldp] vsi-id 100 [SwitchB-vsi-vpna-ldp] peer 1.1.1.9 upe [SwitchB-vsi-vpna-ldp] quit [SwitchB-vsi-vpna] quit # Configure Switch C.

  • Page 196: Troubleshooting Vpls

    Min Recv Inter: 400ms Act Detect Inter: 3000ms Running Up for: 00:00:01 Auth mode: None Connect Type: Indirect Board Num: 6 Protocol: MFW/LDP Diag Info: No Diagnostic # Execute the display vpls connection vsi vpna command on Switch A. <SwitchA> display vpls connection vsi vpna Total 2 connection(s), connection(s): 1 up, 1 block, 0 down VSI Name: vpna...

  • Page 197

    View the current configuration by using the display current-configuration command. Make sure the • two peers have the same PW ID and transport mode.

  • Page 198: Configuring Mpls L2vpn

    Configuring MPLS L2VPN This chapter describes how to configure MPLS L2VPN. MPLS L2VPN overview MPLS L2VPN is an MPLS-based Layer 2 VPN technology. It uses MPLS to establish Layer 2 connections between network nodes. Using MPLS L2VPN, carriers can transparently transport Layer 2 data of different data link layer protocols (including ATM, FR, VLAN, Ethernet, and PPP) over a single MPLS or IP backbone.

  • Page 199: Mpls L2vpn Network Models

    Provider device—P devices do not directly connect to CEs. They only need to forward user packets • between PEs. MPLS L2VPN network models MPLS L2VPN network models include remote connection model and local connection model. Remote connection model As shown in Figure 1, the remote connection model connects two Layer 2 customer networks over an MPLS or IP backbone.

  • Page 200

    The public tunnel can be an LSP, MPLS TE, or GRE tunnel. For more information about LSP and MPLS TE tunnels, see "Configuring basic MPLS" and "Configuring MPLS TE." For more information about GRE tunnels, see Layer 3—IP Services Configuration Guide. If multiple public tunnels exist between two PEs, you can configure a tunneling policy to control tunnel selection.

  • Page 201: Implementation Of Mpls L2vpn

    After PE 2 receives the packet from the public tunnel, it identifies the VC to which the packet belongs according to the VC label of the packet, deletes the tunnel tag and the VC label from the packet, and then forwards the resulting packet to CE 2 through the AC bound to the VC. This packet forwarding process is not applicable to the CCC mode of MPLS L2VPN.

  • Page 202

    Martini MPLS L2VPN Martini MPLS L2VPN employs two levels of labels to transfer user packets, and uses LDP as the signaling protocol to distribute the inner VC label. To exchange VC labels between PEs, Martini extended LDP by adding the VC FEC. The VC FEC contains the following information: VC type—Encapsulation type of the VC.

  • Page 203

    Route target attributes define which PEs can receive L2VPN information, and from which PEs that a PE can receive L2VPN information. Different from Martini mode, the Kompella mode does not distribute the VC label assigned by the local PE directly to the peer PE through the signaling protocol. Instead, it uses label blocks to assign labels to multiple connections at time.

  • Page 204

    PE 1 compares the ID (12) of the peer CE (CE 12) with the label blocks assigned by PE 1. If a label block satisfies LO<=CE ID<LO+LR, PE 1 assigns a label from the label block. In this example, label block 2 (1055/5/10) satisfies LO<=CE ID<LO+LR (5<=12<5+10).

  • Page 205

    Table 1 compares the implementaion modes of MPLS L2VPN. Table 1 Comparing MPLS L2VPN implementation modes VC label encapsulation Application Mode Advantages and disadvantages and distribution secnario Advantanges: • Requires no signaling protocol and occupies fewer network resources. Small-scale • Network devices only need to support MPLS.

  • Page 206: Vc Encapsulations Types

    VC encapsulations types Before adding a VC label to a Layer 2 packet, a PE encapsulates the Layer 2 packet according to the AC link type. VC encapsulation types for an Ethernet AC link include Ethernet and VLAN. Ethernet—P-Tag is not transferred on a VC. •...

  • Page 207: Configuring Basic Mpls L2vpn

    Task Remarks Required. Perform this task to enable MPLS L2VPN. You can Configuring basic MPLS L2VPN perform other MPLS L2VPN configurations only after you enable MPLS L2VPN. Required. Configuring a PE-CE interface Perform this task to set up an AC between a PE and a Configuring CCC MPLS L2VPN Use one of the approaches according to the MPLS Configuring SVC MPLS L2VPN...

  • Page 208: Configuring Vlan Encapsulation

    By default, a Layer 3 Ethernet interface uses Ethernet encapsulation. For configuration information about Layer 3 Ethernet interfaces, see Layer 2—LAN Switching Configuration Guide. Configuring VLAN encapsulation Martini MPLS L2VPN configuration for a service instance allows you to configure an encapsulation type for a PE-CE interface while other types of MPLS L2VPN require a PE-CE interface to use the default encapsulation type.

  • Page 209: Configuring Svc Mpls L2vpn

    VC for a received packet according to only the VLAN tag carried in the packet. It cannot differentiate the users and services on different Layer 2 Ethernet interfaces. HP recommends that you configure SVC on a VLAN interface when all users connected to the VLAN interface have their packets forwarded over the same VC.

  • Page 210: Configuring The Remote Peer

    VC. A service instance can match all packets received on the interface, packets carrying the specified VLAN tags, all tagged packets, or packets with no VLAN tags. HP recommends that you use this method when the users connected to the same VLAN interface must use different VCs.

  • Page 211

    After you perform these configurations, packets arriving at the Layer 2 Ethernet interface and matching the packet matching rule are forwarded over the created VC. To configure multiple VCs with the same attributes (such as VC encapsulation type and VC tunneling policy), create a PW class, configure VC attributes in the PW class, and then reference the PW class in each VC.

  • Page 212: Inspecting Vcs Through Mpls Lsp Ping

    Step Command Remarks display service-instance interface Display information about interface-type interface-number one or all service instances [ service-instance instance-id ] [ | Available in any view. configured on the interface. { begin | exclude | include } regular-expression ] Inspecting VCs through MPLS LSP ping MPLS LSP ping is available only for Martini VCs.

  • Page 213: Creating And Configuring Mpls L2vpn

    The mtu command affects only parameter negotiation. It Set the MTU for the L2VPN. mtu mtu does not affect data forwarding. HP does not recommend using this command Creating a CE connection Configuration parameters and guidelines id ce-id: Specifies the CE ID of a local CE connected to the PE.

  • Page 214

    CE and the peer CE with an ID of "previous connection CE ID+2." When you plan a VPN, HP recommends that you set CE IDs in incremental sequence and then configure CE connections in the sequence of CE IDs so you can omit the ce-offset keyword (use the default setting) for most connections.

  • Page 215: Resetting L2vpn Bgp Sessions

    Step Command Remarks Create a CE, specify the CE name, CE ID, and the ce ce-name [ id ce-id [ range ce-range ] CE ID initial offset, and [ default-offset ce-offset ] ] enter MPLS L2VPN CE view. The ce-offset ce-id option determines whether the connection is a local connection or a remote connection.

  • Page 216

    Task Command Remarks display mpls l2vc [ interface interface-type interface-number Display information about Martini [ service-instance instance-id ] | Available in any view. VCs. remote-info ] [ | { begin | exclude | include } regular-expression ] display mpls l2vpn connection [ vpn-name vpn-name [ remote-ce ce-id | down | up | verbose ] | Display information about...

  • Page 217: Mpls L2vpn Configuration Examples

    Task Command Remarks display mpls l2vpn fib pw vpws [ interface interface-type interface-number [ service-instance Display the MPLS L2VPN PW service-instanceid ] ] [ chassis Available in any view. information (in IRF mode). chassis-number slot slot-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ] display pw-class [ pw-class-name ] Display information about one or...

  • Page 218

    [CE1] interface vlan-interface 10 [CE1-Vlan-interface10] ip address 100.1.1.1 24 Configure PE 1: # Configure the LSR ID and enable MPLS globally. <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 10.0.0.1 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 10.0.0.1 [PE1] mpls [PE1-mpls] quit # Enable L2VPN and MPLS L2VPN.

  • Page 219

    # Create a static LSP for forwarding packets from PE 1 to PE 2. [P] static-lsp transit pe1_pe2 incoming-interface vlan-interface 30 in-label 200 nexthop 10.2.2.1 out-label 201 # Create a static LSP for forwarding packets from PE 2 to PE 1. [P] static-lsp transit pe2_pe1 incoming-interface vlan-interface 20 in-label 101 nexthop 10.1.1.1 out-label 100 Configure PE 2:...

  • Page 220

    Intf : Vlan-interface10 (up) In-label : 100 Out-label : 200 Nexthop : 10.1.1.2 The output shows that a remote CCC connection has been established. # Ping CE 2 from CE 1. [CE1] ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=180 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=10 ms...

  • Page 221

    Configure the LSR ID, enable MPLS and LDP, and run IGP (OSPF in this example) between PE 1, the P device, and PE 2 to establish LSPs. Configure SVC MPLS L2VPN. Enable MPLS L2VPN on PE 1 and PE 2 and create a static VC and specify the VC labels. Configuration procedure On CE 1, configure an IP address for VLAN-interface 10 connected to PE.

  • Page 222

    Configure the P device: # Configure the LSR ID and enable MPLS globally. <Sysname> system-view [Sysname] sysname P [P] interface loopback 0 [P-LoopBack0] ip address 192.4.4.4 32 [P-LoopBack0] quit [P] mpls lsr-id 192.4.4.4 [P] mpls [P-mpls] quit # Enable LDP globally. [P] mpls ldp [P-mpls-ldp] quit # Configure the interface connected with PE 1, and enable LDP on the interface.

  • Page 223

    # Enable LDP globally. [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure the interface connected with the P device, and enable LDP on the interface. [PE2] interface vlan-interface 30 [PE2-Vlan-interface30] ip address 10.2.2.1 24 [PE2-Vlan-interface30] mpls [PE2-Vlan-interface30] mpls ldp [PE2-Vlan-interface30] quit # Configure OSPF on PE 2 for establishing LSPs.

  • Page 224: Configuring Martini Mpls L2vpn

    Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=80 ms --- 100.1.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 80/126/150 ms The output shows that CE 1 and CE 2 can ping each other. Configuring Martini MPLS L2VPN Network requirements CEs are connected to PEs through VLAN interfaces.

  • Page 225

    [PE1] mpls [PE1-mpls] quit # Enable L2VPN and MPLS L2VPN. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Enable LDP globally. [PE1] mpls ldp [PE1-mpls-ldp] quit # Establish a remote session between PE 1 and PE 2. [PE1] mpls ldp remote-peer 1 [PE1-mpls-ldp-remote-1] remote-ip 192.3.3.3 [PE1-mpls-ldp-remote-1] quit # Configure the interface connected with the P device, and enable LDP on the interface.

  • Page 226

    [P-Vlan-interface20] mpls [P-Vlan-interface20] mpls ldp [P-Vlan-interface20] quit # Configure the interface connected with PE 2, and enable LDP on the interface. [P] interface vlan-interface 30 [P-Vlan-interface30] ip address 10.2.2.2 24 [P-Vlan-interface30] mpls [P-Vlan-interface30] mpls ldp [P-Vlan-interface30] quit # Configure OSPF on the P device for establishing LSPs. [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255...

  • Page 227

    [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 192.3.3.3 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 10.2.2.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit # Create a L2VPN connection on the interface connected to CE 2. The interface requires no IP address. [PE2] interface vlan-interface 10 [PE2-Vlan-interface10] mpls l2vc 192.2.2.2 101 [PE2-Vlan-interface10] quit On CE 2, configure an IP address for VLAN-interface 10.

  • Page 228: Configuring Kompella Mpls L2vpn

    Configuring Kompella MPLS L2VPN Network requirements CEs are connected to PEs through VLAN interfaces. Establish a Kompella MPLS L2VPN between CE 1 and CE 2. Figure 11 Network diagram PE 2 PE 1 Loop0 Loop0 Loop0 Vlan-int30 Vlan-int20 Vlan-int20 Vlan-int30 Vlan-int10 Vlan-int10 Kompella...

  • Page 229

    [PE1-bgp] peer 4.4.4.4 connect-interface loopback 0 [PE1-bgp] l2vpn-family [PE1-bgp-af-l2vpn] policy vpn-target [PE1-bgp-af-l2vpn] peer 4.4.4.4 enable [PE1-bgp-af-l2vpn] quit [PE1-bgp] quit # Configure PE 2. <Sysname> system-view [Sysname] sysname PE2 [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit [PE2] bgp 100 [PE2-bgp] peer 2.2.2.2 as-number 100 [PE2-bgp] peer 2.2.2.2 connect-interface loopback 0 [PE2-bgp] l2vpn-family [PE2-bgp-af-l2vpn] policy vpn-target...

  • Page 230: Configuring A Vc For A Service Instance

    # Configure VLAN interfaces in the same way as that for Martini MPLS L2VPN. (Details not shown.) Verify your configuration: # Issue the display mpls l2vpn connection command on the PEs. The output shows that a VC in up state has been established between the PEs. Take PE 1 as an example: Display the MPLS L2VPN connection information on PE 1.

  • Page 231

    Figure 12 Network diagram PE 1 PE 2 Loop0 Loop0 Loop0 Vlan-int23 Vlan-int26 Vlan-int23 Vlan-int26 Eth1/1 Eth1/1 Maitini Vlan-int10 Vlan-int10 CE 2 CE 1 Device Interface IP address Device Interface IP address CE 1 Vlan-int10 100.1.1.1/24 CE 2 Vlan-int10 100.1.1.2/24 PE 1 Loop0 192.2.2.2/32...

  • Page 232

    [PE1-mpls-ldp-remote-1] quit # Configure the interface connected with the P device and enable LDP on the interface. [PE1] interface vlan-interface 23 [PE1-Vlan-interface23] ip address 23.1.1.1 24 [PE1-Vlan-interface23] mpls [PE1-Vlan-interface23] mpls ldp [PE1-Vlan-interface23] quit # Configure OSPF. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 23.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 192.2.2.2 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit...

  • Page 233

    [P-Vlan-interface26] mpls ldp [P-Vlan-interface26] quit # Configure OSPF. [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 23.1.1.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 26.2.2.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit Configure PE 2: # Configure an IP address for loopaback 0. <Sysname>...

  • Page 234

    [PE2] interface gigabitEthernet 1/0/1 [PE2-GigabitEthernet1/0/1] port access vlan 10 [PE2-GigabitEthernet1/0/1] service-instance 1000 [PE2-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 10 [PE2-GigabitEthernet1/0/1-srv1000] xconnect peer 192.2.2.2 pw-id 1000 [PE2-GigabitEthernet1/0/1-srv1000] quit [PE2-GigabitEthernet1/0/1] quit On CE 2, configure an IP address for interface VLAN-interface 10 connected to PE 2. <Sysname>...

  • Page 235: Troubleshooting Mpls L2vpn

    Troubleshooting MPLS L2VPN Symptom PEs cannot ping each other. The display mpls l2vc command output shows that the VC is down and the remote VC label is invalid. Analysis The reason the VC is down may be that the PEs are configured with different encapsulation types. Solution Verify that the local PE and the peer PE are configured with the same encapsulation type.

  • Page 236: Configuring Mpls L3vpn

    Configuring MPLS L3VPN This chapter describes only MPLS L3VPN related information. For information about basic MPLS configuration, see "Configuring basic MPLS." For information about BGP, see Layer 3—IP Routing Configuration Guide. The term "router" in this chapter represents both routers and Layer 3 switches. MPLS L3VPN overview MPLS L3VPN is a PE-based L3VPN technology.

  • Page 237

    After a PE learns VPN routing information from a CE, it uses BGP to exchange VPN routing information to other PEs. A PE maintains routing information for only directly connected VPNs, rather than all VPNs on the provider network. A P router maintains only routes to PEs and does not deal with VPN routing information. When VPN traffic travels over the MPLS backbone, the ingress PE functions as the ingress LSR, the egress PE functions as the egress LSR, and P routers function as the transit LSRs.

  • Page 238

    Figure 14 VPN-IPv4 address structure Route Distinguisher (8 bytes) 2 bytes 6 bytes 4 bytes Type Administrator subfield Assigned number subfield IPv4 address prefix Upon receiving an IPv4 route from a CE, a PE changes the route to a VPN route by adding an RD and then advertises the VPN route to the peer PE.

  • Page 239: Mpls L3vpn Packet Forwarding

    32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. • For example, 65536:1. The Site of Origin (SoO) attribute specifies the site where the route update is originated. It prevents the receiving router from advertising the route update back to the originating site. If the AS-path attribute is lost, the router can use the SoO attribute to avoid routing loops.

  • Page 240: Mpls L3vpn Networking Schemes

    Layer 2 labels—Inner labels, used for forwarding packets from the remote PEs to the CEs. An inner • label indicates to which site, or more precisely, to which CE the packet should be sent. A PE finds the interface for forwarding a packet according to the inner label. If two CEs belong to the same VPN and are connected to the same PE, each CE only needs to know how to reach the other CE.

  • Page 241

    Figure 16 Network diagram for basic VPN networking scheme Figure 16, for example, the route target for VPN 1 is 100:1 on the PEs, while that for VPN 2 is 200:1. The two VPN 1 sites can communicate with each other, and the two VPN 2 sites can communicate with each other.

  • Page 242

    Figure 17 Network diagram for hub and spoke networking scheme VPN 1 VPN 1: Import: Hub Site 1 Export: Spoke VPN 1-out: Spoke-CE Export: Hub Hub-CE Hub-PE Spoke-PE Site 3 Spoke-PE VPN 1-in: VPN 1 Import: Spoke Spoke-CE VPN 1: Site 2 Import: Hub Export: Spoke...

  • Page 243: Mpls L3vpn Routing Information Advertisement

    Figure 18 Network diagram for extranet networking scheme VPN 1 VPN 1: Import:100:1 Site 1 Export:100:1 PE 1 VPN 1 PE 3 Site 3 PE 2 VPN 2: VPN 1: Site 2 Import:200:1 Import:100:1,200:1 Export:200:1 Export:100:1,200:1 VPN 2 Figure 18, VPN 1 and VPN 2 can access Site 3 of VPN 1. PE 3 can receive the VPN-IPv4 routes advertised by PE 1 and PE 2.

  • Page 244: Inter-as Vpn

    The route between the CE and the PE can be a static route, RIP route, OSPF route, IS-IS route, EBGP route, or IBGP route. No matter which routing protocol is used, the CE always advertises standard IPv4 routes to the PE. Routing information exchange from the ingress PE to the egress PE After learning the VPN routing information from the CE, the ingress PE adds RDs and route targets for these standard IPv4 routes to create VPN-IPv4 routes, save them to the routing table of the VPN instance...

  • Page 245

    Figure 19 Network diagram for inter-AS option A Inter-AS option A is easy to carry out because no special configuration is required on the PEs acting as the ASBRs. However, it has limited scalability because the PEs acting as the ASBRs must manage all VPN routes and create VPN instances on a per-VPN basis.

  • Page 246

    Figure 20 Network diagram for inter-AS option B In terms of scalability, inter-AS option B is better than option A. When adopting the MP-EBGP method, note the following: ASBRs perform no route target filtering on VPN-IPv4 routes that they receive from each other. •...

  • Page 247: Carrier's Carrier

    Figure 21 Network diagram for inter-AS option C VPN 1 VPN 1 Multi-hop MP-EBGP CE 1 CE 3 PE 3 PE 1 ASBR 2 ASBR 1 (PE) (PE) EBGP MPLS backbone MPLS backbone AS 100 AS 200 PE 4 PE 2 Multi-hop MP-EBGP VPN LSP CE 4...

  • Page 248

    through the BGP session established between the routers of the Level 2 carrier. This can greatly reduce the number of routes maintained by the Level 1 carrier network. Compared with the common MPLS L3VPN, the carrier's carrier is different because of the way in which a CE of a Level 1 carrier, that is, a Level 2 carrier, accesses a PE of the Level 1 carrier: If the PE and the CE are in a same AS, you must configure IGP and LDP between them.

  • Page 249: Nested Vpn

    Figure 24 Scenario where the Level 2 carrier is an MPLS L3VPN service provider NOTE: If equal cost routes exist between the Level 1 carrier and the Level 2 carrier, HP recommends establishing equal cost LSPs between them. Nested VPN In an MPLS L3VPN network, generally a service provider runs an MPLS L3VPN backbone and provides VPN services through PEs.

  • Page 250

    Figure 25 Network diagram for nested VPN Propagation of routing information In a nested VPN network, routing information is propagated in the following way: A provider PE and its CEs exchange VPNv4 routes, which carry information about users' internal VPNs. After receiving a VPNv4 route, a provider PE keeps the user's internal VPN information, and appends the user's MPLS VPN attributes on the service provider network.

  • Page 251: Hovpn

    Nested VPN is flexible and easy to implement and can reduce the cost because a customer only needs to pay for one MPLS VPN to have multiple internal VPNs connected. Nested VPN provides diversified VPN networking methods for a customer, and allows for multi-level hierarchical access control over the internal VPNs.

  • Page 252

    As shown in Figure 26, devices directly connected to CEs are called underlayer PEs (UPEs) or user-end PEs, whereas devices that are connected to UPEs and are in the internal network are called superstratum PEs (SPE) or service provider-end PEs. The hierarchical PE consists of multiple UPEs and SPEs, which function together as a traditional PE.

  • Page 253: Ospf Vpn Extension

    Figure 27 Recursion of HoPEs Figure 27 shows a three-level HoPE. The PE in the middle is called the middle-level PE (MPE). MP-BGP runs between SPE and MPE, and between MPE and UPE. The term "MPE" does not really exist in a HoVPN model. It is used here just for the convenience of description.

  • Page 254

    OSPF attributes. Each OSPF domain must have a configurable domain ID. HP recommends that you configure the same domain ID or adopt the default ID for all OSPF processes of the same VPN, so the system can know that all VPN routes with the same domain ID are from the same VPN.

  • Page 255: Bgp As Number Substitution And Soo

    If the PE needs to advertise to a CE the routes from other OSPF domains, it must indicate that it is the ASBR, and advertise the routes using Type 5 LSAs. Sham link Generally, BGP peers carry routing information on the MPLS VPN backbone through the BGP extended community attributes.

  • Page 256: Mpls L3vpn Configuration Task List

    With the BGP AS number substitution function, when a PE advertises a route to a CE of the specified peer, if an AS number identical to that of the CE exist in the AS_PATH of the route, it is replaced with that of the After you enable the BGP AS number substitution function, the PE re-advertises all routing information to the connected CEs in the peer group, performing BGP AS number substitution based on the previous principle.

  • Page 257: Configuring Vpn Instances

    Task Remarks Creating a VPN instance Required. Associating a VPN instance with an Required. interface Configuring route related attributes Configuring VPN instances Optional. for a VPN instance Configuring a tunneling policy for a Optional. VPN instance Configuring an LDP instance Optional.

  • Page 258

    Associating a VPN instance with an interface After creating and configuring a VPN instance, you must associate the VPN instance with the interface connected to the CE. Any LDP-capable interface can be associated with a VPN instance. For information about LDP-capable interfaces, see "Configuring basic MPLS."...

  • Page 259

    Step Command Remarks Optional. Setting the maximum number of Set the maximum number of routing-table limit number routes for a VPN instance is for routes allowed. { warn-threshold | simply-alert } preventing too many routes from being redistributed into the PE. Optional.

  • Page 260

    To configure a tunneling policy for a VPN instance: Step Command Remarks Enter system view. system-view Create a tunneling policy and enter tunnel-policy tunnel-policy-name tunneling policy view. Optional. By default, no preferred tunnel is configured. Configure a preferred preferred-path number interface In a tunneling policy, you can configure up tunnel and specify a tunnel tunnel-number...

  • Page 261: Configuring Routing Between Pe And Ce

    Configuring an LDP instance A LDP instance refers to an LDP-capable VPN instance. LDP instances are for carrier's carrier network applications. This task is to configure the LDP capability for an existing VPN instance, create an LDP instance for the VPN instance, and configure LDP parameters for the LDP instance.

  • Page 262

    Step Command Remarks • Approach 1: ip route-static dest-address { mask | mask-length } { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance Use either command as d-vpn-instance-name gateway-address } needed. [ preference preference-value ] [ tag Perform this configuration on tag-value ] [ description description-text ] Configure a static route PEs.

  • Page 263

    Step Command Remarks Create an OSPF process for a ospf [ process-id | router-id Perform the configurations on PEs. VPN instance and enter the router-id | vpn-instance On CEs, create a normal OSPF OSPF view. vpn-instance-name ] * process. Optional. Configure the OSPF domain domain-id domain-id [ secondary ] 0 by default.

  • Page 264

    Step Command Remarks interface interface-type Enter interface view. interface-number Enable the IS-IS process on isis enable [ process-id ] Disabled by default. the interface. Configuring EBGP between PE and CE Configure the PE: Step Command Remarks Enter system view. system-view Enable BGP and enter BGP bgp as-number view.

  • Page 265

    Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number For information about BGP peer and peer group configuration, see Configure the PE as the EBGP peer { group-name | ip-address } Layer 3—IP Routing Configuration peer. as-number as-number Guide.

  • Page 266

    Step Command Remarks Optional. Enabled by default. Enable route reflection reflect between-clients If the clients are fully meshed, you between clients. do not need to enable route reflection. Optional. By default, each RR in a cluster uses its own router ID as the cluster ID. Configure the cluster ID for the reflector cluster-id { cluster-id | If more than one RR exists in a...

  • Page 267: Configuring Routing Between Pes

    NOTE: Exchange of BGP routes of a VPN instance is the same as that of ordinary BGP routes. • The BGP configuration task in BGP VPN instance view is the same as that in BGP view. For more • Layer 3—IP Routing Configuration Guide information, see Configuring routing between PEs Step...

  • Page 268

    Step Command Remarks Use one of the commands as needed. • ipv4-family vpnv4 For information about BGP-L2VPN • Enter address family view. l2vpn-family address family and VPLS address • vpls-family family, see MPLS Command Reference. Allow the local AS number to appear in the AS_PATH peer { group-name | ip-address } attribute of a received route...

  • Page 269

    Step Command Remarks Optional. By default, an RR does not filter the reflected routes. With an RR reflection policy, only IBGP routes whose Extended rr-filter Create an RR reflection policy. Communities attribute matches the extended-community-list-number specified one are reflected. By configuring different RR reflection policies on different RRs, you can implement load balancing among the RRs.

  • Page 270: Configuring Inter-as Vpn

    Step Command Remarks Optional. peer { group-name | ip-address } Advertise a default VPN route default-route-advertise By default, no default VPN route is to a peer or peer group. vpn-instance vpn-instance-name advertised to a peer or peer group. Optional. peer { group-name | ip-address } Apply a filtering policy to a filter-policy acl-number { export | By default, no filtering policy is...

  • Page 271: Configuring Inter-as Option B

    To configure inter-AS option A, complete the following tasks: Configure basic MPLS L3VPN on each AS. • • Configure each ASBR-PE, taking the peer ASBR-PE as its CE. In other words, configure VPN instances on PEs and ASBR PEs, respectively. The VPN instances on PEs are used to allow CEs to access the network, and those on ASBR PEs are used to access the peer ASBR PEs.

  • Page 272: Configuring Inter-as Option C

    Configuring inter-AS option C To configure inter-AS option C, perform proper configurations on PEs and ASBR PEs, and configure routing policies on the ASBR PEs. Configuring the PEs You must establish an ordinary IBGP peer relationship between PEs and ASBR PEs in an AS and MP-EBGP peer relationship between PEs of different ASs.

  • Page 273: Configuring Nested Vpn

    Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Configure each PE in the peer { group-name | ip-address } same AS as the IBGP peer. as-number as-number Enable the ASBR PE to By default, the device does not peer { group-name | ip-address } exchange labeled IPv4 routes advertise labeled routes to the IPv4...

  • Page 274: Configuration Restrictions And Guidelines

    implement layered management of internal VPNs easily with a low cost and simple management operation. Before you configure nested VPN, configure basic MPLS L3VPN settings. For configuration information, "Configuring basic MPLS L3VPN." Configuration restrictions and guidelines The address ranges for sub-VPNs of a VPN cannot overlap. •...

  • Page 275: Configuring Hovpn

    Configuring HoVPN For hierarchical VPNs, you can adopt HoVPN to reduce the performance requirements for PEs. Before you configure HoVPN, complete basic MPLS L3VPN settings on UPE and SPE. Do not connect an SPE to a CE directly. If an SPE must be directly connected to a CE, the VPN instance on the SPE and that on the UPE must be configured with different RDs.

  • Page 276: Configuring A Loopback Interface

    Configure OSPF in the LAN where CEs reside. • Configuring a loopback interface Step Command Remarks Enter system view. system-view Create a loopback interface interface loopback and enter loopback interface interface-number view. Bind the loopback interface to ip binding vpn-instance By default, an interface is a VPN instance.

  • Page 277: Configuring Bgp As Number Substitution And Soo

    If you start OSPF but do not configure the router ID, the system automatically elects one. However, the same election rules produce the same router ID. Therefore, HP recommends that you configure the router ID when starting an OSPF process. For the election rules, see Layer 3—IP Routing Configuration Guide.

  • Page 278

    Step Command Remarks Enable the BGP AS number peer { ip-address | group-name } Disabled by default. substitution function. substitute-as Apply the routing policy to peer { ip-address | group-name } Optional. routes received from the route-policy route-policy-name Not applied by default. specified peer.

  • Page 279

    Task Command Remarks display fib vpn-instance vpn-instance-name Display information about the FIB [ acl acl-number | ip-prefix ip-prefix-name ] Available in any view. of a VPN instance. [ | { begin | exclude | include } regular-expression ] Display information about the FIB display fib vpn-instance vpn-instance-name of a VPN instance that matches the ip-address [ mask | mask-length ] [ | { begin...

  • Page 280

    Task Command Remarks display bgp vpnv4 route-distinguisher route-distinguisher routing-table [ [ network-address [ mask | mask-length ] | as-path-acl as-path-acl-number | cidr | community [ aa:nn ]&<1-13> [ no-advertise | no-export | no-export-subconfed ] * Display the BGP VPNv4 routing [ whole-match ] | community-list Available in any view.

  • Page 281: Mpls L3vpn Configuration Examples

    For commands to display information about a routing table, see Layer 3—IP Routing Command Reference. MPLS L3VPN configuration examples This section provides examples on how to configure MPLS L3VPN. Configuring MPLS L3VPNs using EBGP between PE and CE Network requirements CE 1 and CE 3 belong to VPN 1.

  • Page 282

    <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] interface vlan-interface 13 [PE1-Vlan-interface13] ip address 172.1.1.1 24 [PE1-Vlan-interface13] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure the P device.

  • Page 283

    routing-table command. The output shows that the PEs have learned the routes to the loopback interfaces of each other. Take PE 1 as an example: [PE1] display ip routing-table Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Cost NextHop Interface...

  • Page 284

    [P-Vlan0interface12] mpls ldp [P-Vlan-interface12] quit # Configure PE 2. [PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface vlan-interface 12 [PE2-Vlan-interface12] mpls [PE2-Vlan-interface12] mpls ldp [PE2-Vlan-interface12] quit After the configurations, LDP sessions are established between PE 1, P, and PE 2. Issue the display mpls ldp session command.

  • Page 285

    [PE1-Vlan-interface11] ip address 10.1.1.2 24 [PE1-Vlan-interface11] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip binding vpn-instance vpn2 [PE1-Vlan-interface12] ip address 10.2.1.2 24 [PE1-Vlan-interface12] quit # Configure PE 2. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit [PE2] ip vpn-instance vpn2 [PE2-vpn-instance-vpn2] route-distinguisher 200:2 [PE2-vpn-instance-vpn2] vpn-target 222:2 [PE2-vpn-instance-vpn2] quit...

  • Page 286

    <CE1> system-view [CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit # Configure the other three CEs in a similar way to configuring CE 1. (Details not shown.) # Configure PE 1. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.1 as-number 65410 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit...

  • Page 287

    After completing the configuration, issue the display bgp peer command or the display bgp vpnv4 all peer command on the PEs. The output shows that BGP peer relationship has been established between the PEs, and has reached Established state. [PE1] display bgp peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1...

  • Page 288: Configuring Mpls L3vpns Using Ibgp Between Pe And Ce

    Request time out Request time out Request time out --- 10.4.1.1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss Configuring MPLS L3VPNs using IBGP between PE and CE Network requirements CE 1 and CE 3 belong to VPN 1. CE 2 and CE 4 belong to VPN 2. VPN 1 uses route target attribute 1 1 1:1.

  • Page 289

    Configuration procedure Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone: # Configure PE 1. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] interface vlan-interface 13 [PE1-Vlan-interface13] ip address 172.1.1.1 24 [PE1-Vlan-interface13] quit [PE1] ospf [PE1-ospf-1] area 0...

  • Page 290

    [PE2-ospf-1] quit After the configurations, P establishes an OSPF adjacency with PE 1 and PE 2, respectively. Issue the display ospf peer command. The output shows that the adjacency status is Full. Issue the display ip routing-table command. The output shows that the PEs have learned the routes to the loopback interfaces of each other.

  • Page 291

    [P-Vlan-interface13] quit [P] interface vlan-interface 12 [P-Vlan-interface12] mpls [P-Vlan0interface12] mpls ldp [P-Vlan-interface12] quit # Configure PE 2. [PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface vlan-interface 12 [PE2-Vlan-interface12] mpls [PE2-Vlan-interface12] mpls ldp [PE2-Vlan-interface12] quit After the configurations, P establishes an LDP session with PE 1 and PE 2, respectively.

  • Page 292

    [PE1-vpn-instance-vpn2] quit [PE1] interface vlan-interface 11 [PE1-Vlan-interface11] ip binding vpn-instance vpn1 [PE1-Vlan-interface11] ip address 10.1.1.2 24 [PE1-Vlan-interface11] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip binding vpn-instance vpn2 [PE1-Vlan-interface12] ip address 10.2.1.2 24 [PE1-Vlan-interface12] quit # Configure PE 2. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit...

  • Page 293

    Establish IBGP peer relationships between PEs and CEs to redistribute VPN routes, and configure routing policies to change the next hop of the routes: # On CE 1, configure PE 1 as the IBGP peer, and configure a routing policy for the routes received from PE 1, changing the next hop address of the routes to the IP address of PE 1.

  • Page 294

    [PE1-route-policy] apply ip-address next-hop 3.3.3.9 [PE1-route-policy] quit [PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 route-policy pe-ibgp import [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # On PE 2, configure PE 1 as the MP-IBGP peer, and configure a routing policy for the routes received from PE 1, changing the next hop address of the routes as the loopback interface address of PE 1.

  • Page 295: Configuring A Hub-spoke Network

    127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 [PE1] display ip routing-table vpn-instance vpn2 Routing Tables: vpn2 Destinations : 5 Routes : 5 Destination/Mask Proto Cost NextHop Interface 5.5.5.9/32 10.2.1.1 Vlan12 7.7.7.9/32 3.3.3.9 NULL0 10.2.1.0/24 Direct 0 10.2.1.2 Vlan12 10.2.1.2/32 Direct 0...

  • Page 296

    Configure OSPF between spoke-PE and hub-PE to ensure IP connectivity between PEs, and configure MP-IBGP to exchange VPN routing information. Figure 33 Network diagram Device Interface IP address Device Interface IP address Spoke-CE 1 Vlan-int2 10.1.1.1/24 Hub-CE Vlan-int6 10.3.1.1/24 Spoke-PE 1 Loop0 1.1.1.9/32 Vlan-int7...

  • Page 297

    <Spoke-PE2> system-view [Spoke-PE2] interface loopback 0 [Spoke-PE2-LoopBack0] ip address 3.3.3.9 32 [Spoke-PE2-LoopBack0] quit [Spoke-PE2] interface vlan-interface 5 [Spoke-PE2-Vlan-interface5] ip address 172.2.1.1 24 [Spoke-PE2-Vlan-interface5] quit [Spoke-PE2] ospf [Spoke-PE2-ospf-1] area 0 [Spoke-PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [Spoke-PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [Spoke-PE2-ospf-1-area-0.0.0.0] quit [Spoke-PE2-ospf-1] quit # Configure the Hub-PE.

  • Page 298

    127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 172.1.1.0/24 Direct 0 172.1.1.1 Vlan4 172.1.1.1/32 Direct 0 127.0.0.1 InLoop0 172.2.1.0/24 OSPF 172.1.1.2 Vlan4 [Spoke-PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.1(Vlan-interface4)'s neighbors Router ID: 2.2.2.9 Address: 172.1.1.2 GR State: Normal State: Full...

  • Page 299

    [Hub-PE-Vlan-interface5] mpls ldp [Hub-PE-Vlan-interface5] quit After the configuration, LDP sessions are established between Spoke-PE 1 and Hub-PE, and between Spoke-PE 2 and Hub-PE. Issue the display mpls ldp session command. The output shows that the session status is Operational. Issue the display mpls ldp lsp command. Takes Spoke-PE 1 as an example: [Spoke-PE1] display mpls ldp session LDP Session(s) in Public Network...

  • Page 300

    # Configure the Hub-PE. [Hub-PE] ip vpn-instance vpn1-in [Hub-PE-vpn-instance-vpn1-in] route-distinguisher 100:3 [Hub-PE-vpn-instance-vpn1-in] vpn-target 222:2 import-extcommunity [Hub-PE-vpn-instance-vpn1-in] quit [Hub-PE] ip vpn-instance vpn1-out [Hub-PE-vpn-instance-vpn1-out] route-distinguisher 100:4 [Hub-PE-vpn-instance-vpn1-out] vpn-target 111:1 export-extcommunity [Hub-PE-vpn-instance-vpn1-out] quit [Hub-PE] interface vlan-interface 6 [Hub-PE-Vlan-interface6] ip binding vpn-instance vpn1-in [Hub-PE-Vlan-interface6] ip address 10.3.1.2 24 [Hub-PE-Vlan-interface6] quit [Hub-PE] interface vlan-interface 7 [Hub-PE-Vlan-interface7] ip binding vpn-instance vpn1-out...

  • Page 301

    # Configure Spoke-CE 2. <Spoke-CE2> system-view [Spoke-CE2] bgp 65420 [Spoke-CE2-bgp] peer 10.2.1.2 as-number 100 [Spoke-CE2-bgp] import-route direct [Spoke-CE2-bgp] quit # Configure the Hub-CE. <Hub-CE> system-view [Hub-CE] bgp 65430 [Hub-CE-bgp] peer 10.3.1.2 as-number 100 [Hub-CE-bgp] peer 10.4.1.2 as-number 100 [Hub-CE-bgp] import-route direct [Hub-CE-bgp] quit # Configure Spoke-PE 1.

  • Page 302

    Total number of peers : 1 Peers in established state : 1 Peer MsgRcvd MsgSent OutQ PrefRcv Up/Down State 10.1.1.1 65410 2 00:03:16 Established Configure an MP-IBGP peer relationship between a spoke-PE and the hub-PE: # Configure Spoke-PE 1. [Spoke-PE1] bgp 100 [Spoke-PE1-bgp] peer 2.2.2.9 as-number 100 [Spoke-PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [Spoke-PE1-bgp] ipv4-family vpnv4...

  • Page 303: Configuring Inter-as Option A

    # Issue the display ip routing-table vpn-instance command on a PE. The output shows that the PE has learned routes to each CE, and for a spoke-PE, the next hop of the route to the peer spoke-CE is the Hub-PE. [Spoke-PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 8...

  • Page 304

    Figure 34 Network diagram MPLS backbone MPLS backbone Loop0 Loop0 AS 100 AS 200 Vlan-int12 Vlan-int12 Vlan-int11 Vlan-int11 ASBR-PE 1 ASBR-PE 2 Loop0 Loop0 Vlan-int11 Vlan-int11 PE 2 PE 1 Vlan-int12 Vlan-int12 Vlan-int12 Vlan-int12 CE 1 CE 2 AS 65001 AS 65002 Device Interface...

  • Page 305

    [PE1-Vlan-interface11] quit # Configure basic MPLS on ASBR PE 1 and enable MPLS LDP on the interface connected to PE 1. <ASBR-PE1> system-view [ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit [ASBR-PE1] interface vlan-interface 11 [ASBR-PE1-Vlan-interface11] mpls [ASBR-PE1-Vlan-interface11] mpls ldp [ASBR-PE1-Vlan-interface11] quit...

  • Page 306

    [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip binding vpn-instance vpn1 [PE1-Vlan-interface12] ip address 10.1.1.2 24 [PE1-Vlan-interface12] quit # Configure CE 2. <CE2> system-view [CE2] interface vlan-interface 12 [CE2-Vlan-interface12] ip address 10.2.1.1 24 [CE2-Vlan-interface12] quit # Configure PE 2.

  • Page 307

    [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit # Configure PE 1. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.1 as-number 65001 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 2. [CE2] bgp 65002 [CE2-bgp] peer 10.2.1.2 as-number 200 [CE2-bgp] import-route direct [CE2-bgp] quit...

  • Page 308

    [ASBR-PE2-bgp] ipv4-family vpn-instance vpn1 [ASBR-PE2-bgp-vpn1] peer 192.1.1.1 as-number 100 [ASBR-PE2-bgp-vpn1] quit [ASBR-PE2-bgp] peer 4.4.4.9 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [ASBR-PE2-bgp] ipv4-family vpnv4 [ASBR-PE2-bgp-af-vpnv4] peer 4.4.4.9 enable [ASBR-PE2-bgp-af-vpnv4] peer 4.4.4.9 next-hop-local [ASBR-PE2-bgp-af-vpnv4] quit [ASBR-PE2-bgp] quit # Configure PE 2. [PE2] bgp 200 [PE2-bgp] peer 3.3.3.9 as-number 200 [PE2-bgp] peer 3.3.3.9 connect-interface loopback 0...

  • Page 309

    Figure 35 Network diagram MPLS backbone MPLS backbone Loop0 Loop0 AS 100 AS 600 Vlan-int12 Vlan-int12 Vlan-int11 Vlan-int11 ASBR-PE 1 ASBR-PE 2 Loop0 Loop0 Vlan-int11 Vlan-int11 PE 2 PE 1 Vlan-int12 Vlan-int12 Site 1 Site 2 CE 1 CE 2 AS 65001 AS 65002 Device...

  • Page 310

    [PE1-Vlan-interface11] mpls ldp [PE1-Vlan-interface11] quit # Configure interface Loopback 0 and start IS-IS on it. [PE1] interface loopback 0 [PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and route target attributes. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity...

  • Page 311

    [ASBR-PE1] interface vlan-interface 11 [ASBR-PE1-Vlan-interface11] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-Vlan-interface11] isis enable 1 [ASBR-PE1-Vlan-interface11] mpls [ASBR-PE1-Vlan-interface11] mpls ldp [ASBR-PE1-Vlan-interface11] quit # Configure interface VLAN-interface 12 and enable MPLS on it. [ASBR-PE1] interface vlan-interface 12 [ASBR-PE1-Vlan-interface12] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Vlan-interface12] mpls [ASBR-PE1-Vlan-interface12] quit # Configure interface Loopback 0 and start IS-IS on it.

  • Page 312

    [ASBR-PE2-Vlan-interface11] mpls [ASBR-PE2-Vlan-interface11] mpls ldp [ASBR-PE2-Vlan-interface11] quit # Configure interface VLAN-interface 12 and enable MPLS on it. [ASBR-PE2] interface vlan-interface 12 [ASBR-PE2-Vlan-interface12] ip address 11.0.0.1 255.0.0.0 [ASBR-PE2-Vlan-interface12] mpls [ASBR-PE2-Vlan-interface12] quit # Configure interface Loopback 0 and start IS-IS on it. [ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32 [ASBR-PE2-LoopBack0] isis enable 1...

  • Page 313

    [PE2-Vlan-interface11] quit # Configure interface Loopback 0 and start IS-IS on it. [PE2] interface loopback 0 [PE2-LoopBack0] ip address 5.5.5.9 32 [PE2-LoopBack0] isis enable 1 [PE2-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and route target attributes. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 12:12 [PE2-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity...

  • Page 314

    Figure 36 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 Loop1 30.0.0.1/32 Loop1 20.0.0.1/32 Vlan-int11 1.1.1.2/8 Vlan-int11 9.1.1.2/8 ASBR-PE 1 Loop0 3.3.3.9/32 ASBR-PE 2 Loop0 4.4.4.9/32 Vlan-int11 1.1.1.1/8 Vlan-int11 9.1.1.1/8 Vlan-int12 11.0.0.2/8 Vlan-int12...

  • Page 315

    [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and route target attributes. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Configure interface Loopback 1 and bind the interface to VPN instance vpn1. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ip address 30.0.0.1 32...

  • Page 316

    # Configure interface VLAN-interface 11, and start IS-IS and enable MPLS and LDP on the interface. [ASBR-PE1] interface vlan-interface 11 [ASBR-PE1-Vlan-interface11] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-Vlan-interface11] isis enable 1 [ASBR-PE1-Vlan-interface11] mpls [ASBR-PE1-Vlan-interface11] mpls ldp [ASBR-PE1-Vlan-interface11] quit # Configure interface VLAN-interface 12 and enable MPLS on it. [ASBR-PE1] interface vlan-interface 12 [ASBR-PE1-Vlan-interface12] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Vlan-interface12] mpls...

  • Page 317

    [ASBR-PE2] isis 1 [ASBR-PE2-isis-1] network-entity 10.3333.3333.3333.3333.00 [ASBR-PE2-isis-1] quit # Configure LSR ID, enable MPLS and LDP. [ASBR-PE2] mpls lsr-id 4.4.4.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] label advertise non-null [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit # Configure interface VLAN-interface 11, and start IS-IS and enable MPLS and LDP on the interface.

  • Page 318

    # Use routing policy policy1 to filter routes advertised to EBGP peer 11.0.0.2. [ASBR-PE2-bgp] peer 11.0.0.2 as-number 100 [ASBR-PE2-bgp] peer 11.0.0.2 route-policy policy1 export # Configure the capability to advertise labeled routes to EBGP peer 11.0.0.2 and to receive labeled routes from the peer. [ASBR-PE2-bgp] peer 11.0.0.2 label-route-capability [ASBR-PE2-bgp] quit Configure PE 2:...

  • Page 319: Configuring Carrier's Carrier

    # Configure the capability to advertise labeled routes to IBGP peer 4.4.4.9 and to receive labeled routes from the peer. [PE2-bgp] peer 4.4.4.9 as-number 600 [PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE2-bgp] peer 4.4.4.9 label-route-capability # Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10. [PE2-bgp] peer 2.2.2.9 as-number 100 [PE2-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE2-bgp] peer 2.2.2.9 ebgp-max-hop 10...

  • Page 320

    Figure 37 Network diagram Loop0 Loop0 Provider carrier Vlan-int12 PE 1 PE 2 Vlan-int12 Vlan-int11 Vlan-int11 AS 100 AS 100 Loop0 Customer carrier Customer carrier Vlan-int11 Vlan-int11 Vlan-int12 Vlan-int12 CE 1 CE 2 Vlan-int12 Vlan-int12 PE 4 Vlan-int11 PE 3 Vlan-int11 Loop0 Loop0...

  • Page 321

    [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip address 30.1.1.1 24 [PE1-Vlan-interface12] isis enable 1 [PE1-Vlan-interface12] mpls [PE1-Vlan-interface12] mpls ldp [PE1-Vlan-interface2] mpls ldp transport-address interface [PE1-Vlan-interface2] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.4.4.9 enable [PE1-bgp-af-vpnv4] quit...

  • Page 322

    [PE3-LoopBack0] quit [PE3] mpls lsr-id 1.1.1.9 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0000.0001.00 [PE3-isis-2] quit [PE3] interface loopback 0 [PE3-LoopBack0] isis enable 2 [PE3-LoopBack0] quit [PE3] interface vlan-interface 12 [PE3-Vlan-interface12] ip address 10.1.1.1 24 [PE3-Vlan-interface12] isis enable 2 [PE3-Vlan-interface12] mpls [PE3-Vlan-interface12] mpls ldp...

  • Page 323

    # Configure PE 1 and inject IS-IS routes. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] mpls ldp vpn-instance vpn1 [PE1-mpls-ldp-vpn-instance-vpn1] quit [PE1] isis 2 vpn-instance vpn1 [PE1-isis-2] network-entity 10.0000.0000.0000.0003.00 [PE1-isis-2] import-route bgp allow-ibgp [PE1-isis-2] quit [PE1] interface vlan-interface 11 [PE1-Vlan-interface11] ip binding vpn-instance vpn1 [PE1-Vlan-interface11] ip address 11.1.1.2 24...

  • Page 324

    [PE3-vpn-instance-vpn1] route-distinguisher 100:1 [PE3-vpn-instance-vpn1] vpn-target 1:1 [PE3-vpn-instance-vpn1] quit [PE3] interface vlan-interface 11 [PE3-Vlan-interface11] ip binding vpn-instance vpn1 [PE3-Vlan-interface11] ip address 100.1.1.2 24 [PE3-Vlan-interface11] quit [PE3] bgp 100 [PE3-bgp] ipv4-family vpn-instance vpn1 [PE3-bgp-vpn1] peer 100.1.1.1 as-number 65410 [PE3-bgp-vpn1] import-route direct [PE3-bgp-vpn1] quit [PE3-bgp] quit # Configure PE 4 and CE 4 in a similar way to configuring PE 3 and CE 3.

  • Page 325

    1.1.1.9/32 ISIS 11.1.1.1 Vlan11 2.2.2.9/32 ISIS 11.1.1.1 Vlan11 5.5.5.9/32 4.4.4.9 NULL0 6.6.6.9/32 4.4.4.9 NULL0 10.1.1.0/24 ISIS 11.1.1.1 Vlan11 11.1.1.0/24 Direct 0 11.1.1.1 Vlan11 11.1.1.1/32 Direct 0 127.0.0.1 InLoop0 11.1.1.2/32 Direct 0 11.1.1.2 Vlan11 20.1.1.0/24 4.4.4.9 NULL0 21.1.1.0/24 4.4.4.9 NULL0 21.1.1.2/32 4.4.4.9 NULL0 # Issue the display ip routing-table command on CE 1 and CE 2.

  • Page 326

    20.1.1.0/24 ISIS 10.1.1.2 Vlan12 21.1.1.0/24 ISIS 10.1.1.2 Vlan12 21.1.1.2/32 ISIS 10.1.1.2 Vlan12 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Issue the display ip routing-table vpn-instance command on PE 3 and PE 4. The output shows that the routes of the remote VPN customers are present in the VPN routing tables. Take PE 3 as an example: [PE3] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1...

  • Page 327

    PE 1 and PE 2 are PE devices on the service provider backbone. Both of them support the nested • VPN function. CE 1 and CE 2 are connected to the service provider backbone. Both of them support VPNv4 • routes.

  • Page 328

    Configuration procedure Configure MPLS L3VPN on the service provider backbone, using IS-IS as the IGP protocol, and enabling LDP and establishing MP-IBGP peer relationship between PE 1 and PE 2: # Configure PE 1. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 3.3.3.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 3.3.3.9...

  • Page 329

    [PE1] display bgp peer BGP local router ID : 3.3.3.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer MsgRcvd MsgSent OutQ PrefRcv Up/Down State 4.4.4.9 02:12:47 Established [PE1] display isis peer Peer information for ISIS(1) ---------------------------- System Id...

  • Page 330

    [CE1] interface loopback 0 [CE1-LoopBack0] isis enable 2 [CE1-LoopBack0] quit [CE1] interface vlan-interface 12 [CE1-Vlan-interface12] ip address 10.1.1.2 24 [CE1-Vlan-interface12] isis enable 2 [CE1-Vlan-interface12] mpls [CE1-Vlan-interface12] mpls ldp [CE1-Vlan-interface12] quit After the configurations, LDP and IS-IS neighbor relationship can be established between PE 3 and CE 1.

  • Page 331

    [CE3-bgp] quit # Configure CE 5. <CE5> system-view [CE5] interface vlan-interface 13 [CE5-Vlan-interface13] ip address 110.1.1.1 24 [CE5-Vlan-interface13] quit [CE5] bgp 65411 [CE5-bgp] peer 110.1.1.2 as-number 200 [CE5-bgp] import-route direct [CE5-bgp] quit # Configure PE 3. [PE3] ip vpn-instance SUB_VPN1 [PE3-vpn-instance-SUB_VPN1] route-distinguisher 100:1 [PE3-vpn-instance-SUB_VPN1] vpn-target 2:1 [PE3-vpn-instance-SUB_VPN1] quit...

  • Page 332

    [PE1-bgp] quit # Configure CE 1, enabling VPNv4 capability and establishing VPNv4 neighbor relationship between CE 1 and PE 1. [CE1] bgp 200 [CE1-bgp] ipv4-family vpnv4 [CE1-bgp-af-vpnv4] peer 11.1.1.2 enable # Allow the local AS number to appear in the AS-PATH attribute of the routes received. [CE1-bgp-af-vpnv4] peer 11.1.1.2 allow-as-loop 2 # Disable route target based filtering of received VPNv4 routes.

  • Page 333

    30.1.1.0/24 Direct 0 30.1.1.1 Vlan12 30.1.1.1/32 Direct 0 127.0.0.1 InLoop0 30.1.1.2/32 Direct 0 30.1.1.2 Vlan12 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Execute the display ip routing-table vpn-instance command on PE 1 and PE 2 to verify that the VPN routing tables contain sub-VPN routes.

  • Page 334

    Route Distinguisher: 101:1 Network NextHop In/Out Label LocPrf * > 110.1.1.0/24 1.1.1.9 1025/1025 Route Distinguisher: 200:1 Network NextHop In/Out Label LocPrf * > 120.1.1.0/24 11.1.1.2 1026/1027 Route Distinguisher: 201:1 Network NextHop In/Out Label LocPrf * > 130.1.1.0/24 11.1.1.2 1027/1028 # Execute the display ip routing-table vpn-instance SUB_VPN1 command on PE 3 and PE 4 to verify that the VPN routing tables contain routes sent by the provider PE to user sub-VPN.

  • Page 335

    [CE5] display ip routing-table Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Cost NextHop Interface 110.1.1.0/24 Direct 0 110.1.1.1 Vlan11 110.1.1.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 130.1.1.0/24 110.1.1.2 Vlan11 CE 3 and CE 4 can ping each other.

  • Page 336

    --- 130.1.1.1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss Configuring HoVPN Network requirements There are two levels of networks, the backbone and the MPLS VPN networks, as shown in Figure SPEs act as PEs to allow MPLS VPNs to access the backbone. •...

  • Page 337

    <UPE1> system-view [UPE1] interface loopback 0 [UPE1-LoopBack0] ip address 1.1.1.9 32 [UPE1-LoopBack0] quit [UPE1] mpls lsr-id 1.1.1.9 [UPE1] mpls [UPE1-mpls] quit [UPE1] mpls ldp [UPE1-mpls-ldp] quit [UPE1] interface vlan-interface 11 [UPE1-Vlan-interface11] ip address 172.1.1.1 24 [UPE1-Vlan-interface11] mpls [UPE1-Vlan-interface11] mpls ldp [UPE1-Vlan-interface11] quit # Configure the IGP protocol, OSPF, for example.

  • Page 338

    [UPE1-bgp-vpn1] quit [UPE1-bgp] ipv4-family vpn-instance vpn2 [UPE1-bgp-vpn1] peer 10.4.1.1 as-number 65420 [UPE1-bgp-vpn1] import-route direct [UPE1-bgp-vpn1] quit [UPE1-bgp] quit Configure CE 1. <CE1> system-view [CE1] interface vlan-interface 12 [CE1-Vlan-interface12] ip address 10.2.1.1 255.255.255.0 [CE1-Vlan-interface12] quit [CE1] bgp 65410 [CE1-bgp] peer 10.2.1.2 as-number 100 [CE1-bgp] import-route direct [CE1] quit Configure CE 2.

  • Page 339

    # Configure VPN instances vpn1 and vpn2, allowing CE 3 and CE 4 to access UPE 2. [UPE2] ip vpn-instance vpn1 [UPE2-vpn-instance-vpn1] route-distinguisher 300:1 [UPE2-vpn-instance-vpn1] vpn-target 100:1 both [UPE2-vpn-instance-vpn1] quit [UPE2] ip vpn-instance vpn2 [UPE2-vpn-instance-vpn2] route-distinguisher 400:2 [UPE2-vpn-instance-vpn2] vpn-target 100:2 both [UPE2-vpn-instance-vpn2] quit [UPE2] interface vlan-interface 12 [UPE2-Vlan-interface12] ip binding vpn-instance vpn1...

  • Page 340

    [CE4-bgp] peer 10.3.1.2 as-number 100 [CE4-bgp] import-route direct [CE4] quit Configure SPE 1: # Configure basic MPLS and MPLS LDP to establish LDP LSPs. <SPE1> system-view [SPE1] interface loopback 0 [SPE1-LoopBack0] ip address 2.2.2.9 32 [SPE1-LoopBack0] quit [SPE1] mpls lsr-id 2.2.2.9 [SPE1] mpls [SPE1-mpls] quit [SPE1] mpls ldp...

  • Page 341

    [SPE1-bgp] peer 3.3.3.9 as-number 100 [SPE1-bgp] peer 3.3.3.9 connect-interface loopback 0 [SPE1-bgp] ipv4-family vpnv4 [SPE1-bgp-af-vpnv4] peer 3.3.3.9 enable [SPE1-bgp-af-vpnv4] peer 1.1.1.9 enable [SPE1-bgp-af-vpnv4] peer 1.1.1.9 upe [SPE1-bgp-af-vpnv4] quit [SPE1-bgp]ipv4-family vpn-instance vpn1 [SPE1-bgp-vpn1] quit [SPE1-bgp]ipv4-family vpn-instance vpn2 [SPE1-bgp-vpn2] quit [SPE1-bgp] quit # Configure SPE 1 to advertise to UPE 1 the routes permitted by a routing policy, that is, the routes of CE 3.

  • Page 342: Configuring Ospf Sham Links

    [SPE2-ospf-1-area-0.0.0.0] quit [SPE2-ospf-1] quit # Configure VPN instances vpn1 and vpn2. [SPE2] ip vpn-instance vpn1 [SPE2-vpn-instance-vpn1] route-distinguisher 600:1 [SPE2-vpn-instance-vpn1 ] vpn-target 100:1 both [SPE2-vpn-instance-vpn1] quit [SPE2] ip vpn-instance vpn2 [SPE2-vpn-instance-vpn2] route-distinguisher 800:1 [SPE2-vpn-instance-vpn2] vpn-target 100:2 both [SPE2-vpn-instance-vpn2] quit # Configure SPE 2 to establish MP-IBGP peer relationship with UPE 2 and to inject VPN routes, and specify UPE 2.

  • Page 343

    Figure 40 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan-int11 100.1.1.1/24 CE 2 Vlan-int11 120.1.1.1/24 Vlan-int13 20.1.1.1/24 Vlan-int12 30.1.1.2/24 PE 1 Loop0 1.1.1.9/32 PE 2 Loop0 2.2.2.9/32 Loop1 3.3.3.3/32 Loop1 5.5.5.5/32 Vlan-int11 100.1.1.2/24 Vlan-int11 120.1.1.2/24 Vlan-int12 10.1.1.1/24 Vlan-int12...

  • Page 344

    [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip address 10.1.1.1 24 [PE1-Vlan-interface12] mpls [PE1-Vlan-interface12] mpls ldp [PE1-Vlan-interface12] quit # Configure PE 1 to take PE 2 as the MP-IBGP peer.

  • Page 345

    [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit # Configure OSPF on PE 2. [PE2]ospf 1 [PE2-ospf-1]area 0 [PE2-ospf-1-area-0.0.0.0]network 2.2.2.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0]quit [PE2-ospf-1]quit Configure PEs to allow CEs to access the network: # Configure PE 1 to allow CE 1 to access the network. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 1:1...

  • Page 346

    [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route ospf 100 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] quit After completing the configurations, issue the display ip routing-table vpn-instance command on the PEs, you can see that the path to the peer CE is along the OSPF route across the customer networks, instead of the BGP route across the backbone.

  • Page 347: Configuring Bgp As Number Substitution

    20.1.1.0/24 OSPF 1563 100.1.1.1 Vlan11 100.1.1.0/24 Direct 0 100.1.1.2 Vlan11 100.1.1.2/32 Direct 0 127.0.0.1 InLoop0 120.1.1.0/24 2.2.2.9 NULL0 # Issue the display ip routing-table command on the CEs, you can see that the cost of the OSPF route to the peer CE is now 10 (the cost configured for the sham link), and that the next hop is now the VLAN interface 11 connected to the PE.

  • Page 348

    Figure 41 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan-int11 10.1.1.1/24 Loop0 2.2.2.9/32 Vlan-int12 100.1.1.1/24 Vlan-int11 30.1.1.1/24 PE 1 Loop0 1.1.1.9/32 Vlan-int12 20.1.1.2/24 Vlan-int11 10.1.1.2/24 PE 2 Loop0 3.3.3.9/32 Vlan-int12 20.1.1.1/24 Vlan-int11 30.1.1.2/24 CE 2 Vlan-int12 10.2.1.1/24 Vlan-int12...

  • Page 349

    10.2.1.0/24 Direct 0 10.2.1.1 Vlan11 10.2.1.1/32 Direct 0 127.0.0.1 InLoop0 10.2.1.2/32 Direct 0 10.2.1.2 Vlan11 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 200.1.1.0/24 Direct 0 200.1.1.1 InLoop0 200.1.1.1/32 Direct 0 127.0.0.1 InLoop0 Execute the display ip routing-table vpn-instance command on the PEs. You can see the route to the VPN behind the peer CE.

  • Page 350

    [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.2.1.1 substitute-as [PE2-bgp-vpn1] quit [PE2-bgp] quit The output shows that among the routes advertised by PE 2 to CE 2, the AS_PATH of 100.1.1.1/32 has changed from 100 600 to 100 100: *0.13498737 PE2 RM/7/RMDEBUG: BGP.vpn1: Send UPDATE to 10.2.1.1 for following destinations : Origin...

  • Page 351

    --- 200.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 66/79/109 ms Configuring BGP AS number substitution and SoO Network requirements CE 1, CE 2, and CE 3 belong to VPN 1 and connect to PE1, PE 2, and PE 3, respectively. CE 1 and CE 2 reside in the same site.

  • Page 352

    Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs. Establish MP-IBGP peer relationships between the PEs to advertise VPN IPv4 routes. Configure VPN 1 on PE 1 to allow CE 1 to access the network. Configure VPN 1 on PE 2 to allow CE 2 to access the network.

  • Page 353

    [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.2.1.1 route-policy soo import [PE2-bgp-vpn1] quit [PE2-bgp] quit # PE 2 does not advertise routes received from CE 1 to CE 2 because the same SoO attribute has been configured. Display the routing table of CE 2. You can see that the route 100.1.1.1/32 has been removed.

  • Page 354: Configuring Ipv6 Mpls L3vpn

    Configuring IPv6 MPLS L3VPN This chapter describes how to configure IPv6 MPLS L3VPN. Overview MPLS L3VPN applies to the IPv4 environment. It uses BGP to advertise IPv4 VPN routes and uses MPLS to forward IPv4 VPN packets on the service provider backbone. IPv6 MPLS L3VPN functions similarly.

  • Page 355: Ipv6 Mpls L3vpn Packet Forwarding

    IPv6 MPLS L3VPN packet forwarding Figure 44 IPv6 MPLS L3VPN packet forwarding diagram As shown in Figure 44, the IPv6 MPLS L3VPN packet forwarding procedure is as follows: The PC at Site 1 sends an IPv6 packet destined for 2001:2::1, the PC at Site 2. CE 1 transmits the packet to PE 1.

  • Page 356: Ipv6 Mpls L3vpn Network Schemes And Functions

    The PEs use an IGP to ensure the connectivity between them. Routing information exchange from the egress PE to the remote CE The exchange of routing information between the egress PE and the remote CE is the same as that between the local CE and the ingress PE.

  • Page 357

    Configure an IGP on the PEs and Ps to ensure IP connectivity within the MPLS backbone. • Configure basic MPLS for the MPLS backbone • • Configure MPLS LDP on PEs and Ps to establish LDP LSPs Configuring VPN instances By configuring VPN instances on a PE, you isolate not only VPN routes from public network routes, but also routes of a VPN from those of another VPN.

  • Page 358: Configuring Route Related Attributes For A Vpn Instance

    Configuring route related attributes for a VPN instance The control process of VPN route advertisement is as follows: When a VPN route learned from a CE gets redistributed into BGP, BGP associates it with a route • target extended community attribute list, which is usually the export target attribute of the VPN instance associated with the CE.

  • Page 359

    Configuring a tunneling policy for a VPN instance When multiple tunnels exist in an MPLS L3VPN network, you can configure a tunneling policy to specify the type and number of tunnels to be used by using the tunnel select-seq command or the preferred-path command.

  • Page 360

    Step Command Remarks Optional. By default, only one tunnel is selected (no load balancing) in this order: LSP tunnel, CR-LSP tunnel. NOTE: • A tunnel type closer to the select-seq keyword has a higher priority. For Specify the tunnel example, with the tunnel select-seq lsp selection preference tunnel select-seq { cr-lsp | lsp } * cr-lsp load-balance-number 1...

  • Page 361

    Step Command Remarks Enter system view. system-view Use either command • ipv6 route-static ipv6-address prefix-length as needed. { interface-type interface-number [ next-hop-address ] | next-hop-address | Perform this vpn-instance d-vpn-instance-name configuration on PEs. nexthop-address } [ preference preference-value ] On CEs, configure Configure an IPv6 static •...

  • Page 362

    Step Command Remarks interface interface-type Enter interface view. interface-number By default, OSPFv3 is disabled on Enable OSPFv3 on the ospfv3 process-id area area-id an interface. interface. [ instance instance-id ] Perform this configuration on PEs. Configuring IPv6 IS-IS between PE and CE An IPv6 IS-IS process belongs to the public network or a single VPN instance.

  • Page 363

    Step Command Remarks filter-policy { acl6-number | Optional. Configure a filtering policy to ipv6-prefix ipv6-prefix-name } filter the routes to be By default, BGP does not filter export [ direct | isisv6 process-id | advertised. routes to be advertised. ripng process-id | static ] Optional.

  • Page 364: Configuring Routing Features For The Bgp-vpnv6 Subaddress Family

    Step Command Remarks Enable the exchange of BGP-VPNv6 routing By default, BGP peers exchange peer ip-address enable information with the specified only IPv4 routing information. peer. Configuring routing features for the BGP-VPNv6 subaddress family A variety of routing features for the BGP-VPNv6 subaddress family are the same as those for BGP IPv6 unicast routing.

  • Page 365: Configuring Inter-as Ipv6 Vpn

    Step Command Remarks Optional. Configure BGP updates to the peer to not carry private AS peer ip-address public-as-only By default, a BGP update carries numbers. private AS numbers. Optional. peer ip-address route-policy Apply a routing policy for the route-policy-name { export | By default, no routing policy is peer.

  • Page 366: Configuring Inter-as Ipv6 Vpn Option A

    Configuring MPLS LDP for the MPLS backbones so that LDP LSPs can be established • The following sections describe inter-AS IPv6 VPN option A and option C. Select one according to your network scenario. Configuring inter-AS IPv6 VPN option A Inter-AS IPv6 VPN option A applies to scenarios where the number of VPNs and that of VPN routes on the PEs are relatively small.

  • Page 367

    Step Command Remarks Enable the PE to exchange BGP VPNv6 routing peer ip-address enable information with the EBGP peer. Configuring the ASBR PEs In the inter-AS IPv6 VPN option C solution, an inter-AS LSP is required, and the routes advertised between the relevant PEs and ASBRs must carry MPLS label information.

  • Page 368: Ipv6 Mpls L3vpn Configuration Examples

    Task Command Remarks Display information about the IPv6 display ipv6 routing-table vpn-instance routing table associated with a vpn-instance-name [ verbose ] [ | { begin | Available in any view. VPN instance. exclude | include } regular-expression ] display ip vpn-instance [ instance-name Display information about a vpn-instance-name ] [ | { begin | exclude | Available in any view.

  • Page 369: Configuring Ipv6 Mpls L3vpns

    Configuring IPv6 MPLS L3VPNs Network requirements CE 1 and CE 3 belong to VPN 1. CE 2 and CE 4 belong to VPN 2. VPN 1 uses route target attributes 1 1 1:1. VPN 2 uses route target attributes 222:2. Users of different VPNs cannot access each other.

  • Page 370

    [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure the P switch. <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface vlan-interface 13 [P-Vlan-interface13] ip address 172.1.1.2 24 [P- Vlan-interface13] quit [P] interface vlan-interface 12 [P-Vlan-interface12] ip address 172.2.1.1 24...

  • Page 371

    3.3.3.9/32 OSPF 172.1.1.2 Vlan13 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 172.1.1.0/24 Direct 0 172.1.1.1 Vlan13 172.1.1.1/32 Direct 0 127.0.0.1 InLoop0 172.1.1.2/32 Direct 0 172.1.1.2 Vlan13 172.2.1.0/24 OSPF 172.1.1.2 Vlan13 [PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.1(Vlan-interface13)'s neighbors Router ID: 172.1.1.2...

  • Page 372

    [PE2-mpls-ldp] quit [PE2] interface vlan-interface 12 [PE2-Vlan-interface12] mpls [PE2-Vlan-interface12] mpls ldp [PE2-Vlan-interface12] quit After the configurations, LDP sessions are established between PE 1, P, and PE 2. Issue the display mpls ldp session command. The output shows that the session status is Operational. Issue the display mpls ldp lsp command.

  • Page 373

    [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit [PE2] ip vpn-instance vpn2 [PE2-vpn-instance-vpn2] route-distinguisher 200:2 [PE2-vpn-instance-vpn2] vpn-target 222:2 [PE2-vpn-instance-vpn2] quit [PE2] interface vlan-interface 11 [PE2-Vlan-interface11] ip binding vpn-instance vpn1 [PE2-Vlan-interface11] ipv6 address 2001:3::2 96 [PE2-Vlan-interface11] quit [PE2] interface vlan-interface 13 [PE2-Vlan-interface13] ip binding vpn-instance vpn2 [PE2-Vlan-interface13] ipv6 address 2001:4::2 96...

  • Page 374

    [CE1-bgp] ipv6-family [CE1-bgp-af-ipv6] peer 2001:1::2 as-number 100 [CE1-bgp-af-ipv6] import-route direct [CE1-bgp-af-ipv6] quit # Configure the other three CEs (CE 2 through CE 4) in a similar way to configuring CE 1. (Details not shown.) # Configure PE 1. [PE1] bgp 100 [PE1-bgp] ipv6-family vpn-instance vpn1 [PE1-bgp-ipv6-vpn1] peer 2001:1::1 as-number 65410 [PE1-bgp-ipv6-vpn1] import-route direct...

  • Page 375

    After completing the configurations, issue the display bgp peer command or the display bgp vpnv6 all peer command on the PEs. The output shows a BGP peer relationship has been established between the PEs, and has reached Established state. [PE1] display bgp peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1...

  • Page 376

    bytes=56 Sequence=1 hop limit=64 time = 1 ms Reply from 2001:3::1 bytes=56 Sequence=2 hop limit=64 time = 1 ms Reply from 2001:3::1 bytes=56 Sequence=3 hop limit=64 time = 1 ms Reply from 2001:3::1 bytes=56 Sequence=4 hop limit=64 time = 1 ms Reply from 2001:3::1 bytes=56 Sequence=5 hop limit=64 time = 1 ms...

  • Page 377

    Figure 46 Network diagram MPLS backbone MPLS backbone Loop0 Loop0 AS 100 AS 200 Vlan-int12 Vlan-int12 Vlan-int11 Vlan-int11 ASBR-PE 1 ASBR-PE 2 Loop0 Loop0 Vlan-int11 Vlan-int11 PE 2 PE 1 Vlan-int12 Vlan-int12 Vlan-int12 Vlan-int12 CE 1 CE 2 AS 65001 AS 65002 Device Interface...

  • Page 378

    [PE1] interface vlan-interface 11 [PE1-Vlan-interface11] mpls [PE1-Vlan-interface11] mpls ldp [PE1-Vlan-interface11] quit # Configure basic MPLS on ASBR-PE 1 and enable MPLS LDP for ASBR-PE 1 and for the interface connected to PE 1. <ASBR-PE1> system-view [ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit...

  • Page 379

    <CE1> system-view [CE1] interface vlan-interface 12 [CE1-Vlan-interface12] ipv6 address 2001:1::1 96 [CE1-Vlan-interface12] quit # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip binding vpn-instance vpn1 [PE1-Vlan-interface12] ipv6 address 2001:1::2 96 [PE1-Vlan-interface12] quit # Configure CE 2.

  • Page 380

    After completing the configurations, you can view the VPN instance configurations by issuing the display ip vpn-instance command. Each PE can ping its attached CE, and ASBR-PE 1 and ASBR-PE 2 can ping each other. Establish EBGP peer relationship between PE and CE switches to allow VPN routes to be redistributed: # Configure CE 1.

  • Page 381: Configuring Inter-as Ipv6 Vpn Option C

    [ASBR-PE1-bgp] ipv6-family vpnv6 [ASBR-PE1-bgp-af-vpnv6] peer 1.1.1.9 enable [ASBR-PE1-bgp-af-vpnv6] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ipv6-family vpn-instance vpn1 [ASBR-PE2-bgp-ipv6-vpn1] peer 2002:1::1 as-number 100 [ASBR-PE2-bgp-ipv6-vpn1] quit [ASBR-PE2-bgp] peer 4.4.4.9 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [ASBR-PE2-bgp] ipv6-family vpnv6 [ASBR-PE2-bgp-af-vpnv6] peer 4.4.4.9 enable [ASBR-PE2-bgp-af-vpnv6] quit...

  • Page 382

    Figure 47 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 Loop1 2001:1::1/128 Loop1 2001:1::2/12 Vlan-int11 1.1.1.2/8 Vlan-int11 9.1.1.2/8 ASBR-PE 1 Loop0 3.3.3.9/32 ASBR-PE 2 Loop0 4.4.4.9/32 Vlan-int11 1.1.1.1/8 Vlan-int11 9.1.1.1/8 Vlan-int12 11.0.0.2/8 Vlan-int12...

  • Page 383

    [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and route target attributes for it. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Configure interface Loopback 1 and bind the interface to VPN instance vpn1. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ipv6 address 2001:1::1 128...

  • Page 384

    # Configure interface VLAN-interface 11, and start IS-IS and enable MPLS and LDP on the interface. [ASBR-PE1] interface vlan-interface 11 [ASBR-PE1-Vlan-interface11] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-Vlan-interface11] isis enable 1 [ASBR-PE1-Vlan-interface11] mpls [ASBR-PE1-Vlan-interface11] mpls ldp [ASBR-PE1-Vlan-interface11] quit # Configure interface VLAN-interface 12 and enable MPLS on it. [ASBR-PE1] interface vlan-interface 12 [ASBR-PE1-Vlan-interface12] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Vlan-interface12] mpls...

  • Page 385

    [ASBR-PE2] isis 1 [ASBR-PE2-isis-1] network-entity 10.333.333.333.333.00 [ASBR-PE2-isis-1] quit # Configure an LSR ID, enable MPLS and LDP. [ASBR-PE2] mpls lsr-id 4.4.4.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] label advertise non-null [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit # Configure interface VLAN-interface 11, start IS-IS and enable MPLS and LDP on the interface. [ASBR-PE2] interface vlan-interface 11 [ASBR-PE2-Vlan-interface11] ip address 9.1.1.1 255.0.0.0 [ASBR-PE2-Vlan-interface11] isis enable 1...

  • Page 386

    [ASBR-PE2-bgp] peer 11.0.0.2 as-number 100 [ASBR-PE2-bgp] peer 11.0.0.2 route-policy policy1 export # Configure the capability to advertise labeled routes to and receive labeled routes from EBGP peer 11.0.0.2. [ASBR-PE2-bgp] peer 11.0.0.2 label-route-capability [ASBR-PE2-bgp] quit Configure PE 2: # Start IS-IS on PE 2. <PE2>...

  • Page 387

    # Configure the capability to advertise labeled routes to IBGP peer 4.4.4.9 and to receive labeled routes from the peer. [PE2-bgp] peer 4.4.4.9 as-number 600 [PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE2-bgp] peer 4.4.4.9 label-route-capability # Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10. [PE2-bgp] peer 2.2.2.9 as-number 100 [PE2-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE2-bgp] peer 2.2.2.9 ebgp-max-hop 10...

  • Page 388

    Reply from 2001:1::2 bytes=56 Sequence=5 hop limit=64 time = 1 ms --- 2001:1::2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms Configuring carrier's carrier Network requirements Configure carrier's carrier for the scenario shown in Figure 48.

  • Page 389

    CE 1 Loop0 2.2.2.9/32 CE 2 Loop0 5.5.5.9/32 Vlan-int12 10.1.1.2/24 Vlan-int11 21.1.1.2/24 Vlan-int11 11.1.1.1/24 Vlan-int12 20.1.1.1/24 PE 1 Loop0 3.3.3.9/32 PE 2 Loop0 4.4.4.9/32 Vlan-int11 11.1.1.2/24 Vlan-int12 30.1.1.2/24 Vlan-int12 30.1.1.1/24 Vlan-int11 21.1.1.1/24 Configuration procedure Configure MPLS L3VPN on the provider carrier backbone: start IS-IS as the IGP, enable LDP on PE 1 and PE 2, and establish MP-IBGP peer relationship between the PEs: # Configure PE 1.

  • Page 390

    LDP Session(s) in Public Network Total number of sessions: 1 ---------------------------------------------------------------- Peer-ID Status SsnRole KA-Sent/Rcv ---------------------------------------------------------------- 4.4.4.9:0 Operational Active 378/378 ---------------------------------------------------------------- LAM : Label Advertisement Mode : Fault Tolerance [PE1] display bgp peer BGP local router ID : 3.3.3.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer...

  • Page 391

    [CE1-LoopBack0] quit [CE1] mpls lsr-id 2.2.2.9 [CE1] mpls [CE1-mpls] quit [CE1] mpls ldp [CE1-mpls-ldp] quit [CE1] isis 2 [CE1-isis-2] network-entity 10.0000.0000.0000.0002.00 [CE1-isis-2] quit [CE1] interface loopback 0 [CE1-LoopBack0] isis enable 2 [CE1-LoopBack0] quit [CE1] interface vlan-interface 12 [CE1-Vlan-interface12] ip address 10.1.1.2 24 [CE1-Vlan-interface12] isis enable 2 [CE1-Vlan-interface12] mpls [CE1-Vlan-interface12] mpls ldp...

  • Page 392

    # Configure CE 1. [CE1] interface vlan-interface11 [CE1-Vlan-interface11] ip address 11.1.1.1 24 [CE1-Vlan-interface11] isis enable 2 [CE1-Vlan-interface11] mpls [CE1-Vlan-interface11] mpls ldp [CE1-Vlan-interface11] mpls ldp transport-address interface [CE1-Vlan-interface11] quit After the configurations, PE 1 and CE 1 can establish the LDP session and IS-IS neighbor relationship between them.

  • Page 393

    [PE3-bgp] quit # Configure PE 4 in a similar way to configuring PE 3. (Details not shown.) Verify the configuration: # Issue the display ip routing-table command on PE 1 and PE 2. The output shows that only routes of the provider carrier network are present in the public network routing table of PE 1 and PE 2. Take PE 1 as an example: [PE1] display ip routing-table Routing Tables: Public...

  • Page 394

    5.5.5.9/32 ISIS 11.1.1.2 Vlan11 6.6.6.9/32 ISIS 11.1.1.2 Vlan11 10.1.1.0/24 Direct 0 10.1.1.2 Vlan12 10.1.1.1/32 Direct 0 10.1.1.1 Vlan12 10.1.1.2/32 Direct 0 127.0.0.1 InLoop0 11.1.1.0/24 Direct 0 11.1.1.1 Vlan11 11.1.1.1/32 Direct 0 127.0.0.1 InLoop0 11.1.1.2/32 Direct 0 11.1.1.2 Vlan11 20.1.1.0/24 ISIS 11.1.1.2 Vlan11 21.1.1.0/24...

  • Page 395

    [CE3] ping ipv6 2001:2::1 PING 2001:2::1 : 56 data bytes, press CTRL_C to break Reply from 2001:2::1 bytes=56 Sequence=1 hop limit=64 time = 1 ms Reply from 2001:2::1 bytes=56 Sequence=2 hop limit=64 time = 1 ms Reply from 2001:2::1 bytes=56 Sequence=3 hop limit=64 time = 1 ms Reply from 2001:2::1 bytes=56 Sequence=4 hop limit=64...

  • Page 396: Support And Other Resources

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...

  • Page 397: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...

  • Page 398

    Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 399: Index

    Index AC packet encapsulation (VPLS), 166 VPN instance with interface (IPv6 MCE MPLS access (H-VPLS mode), 166 L3VPN), 36 address VPN instance with interface (IPv6 MPLS L3VPN), address space overlapping (MPLS L3VPN), 3, 229 configuring BGP-VPNv6 subaddress family routing VPN instance with interface (MCE MPLS L3VPN), (IPv6 MPLS L3VPN), 356 configuring MAC address learning (VPLS), 172 VPN instance with interface (MPLS L3VPN), 250...

  • Page 400

    configuring MCE and PE route advertising (MPLS configuring PE and CE IBGP (MPLS L3VPN), 257, L3VPN), 26 configuring OSPF sham link (MPLS L3VPN), 267, configuring PE and CE IPv6 IS-IS (IPv6 MPLS L3VPN), 354 configuring SoO (MPLS L3VPN), 269, 343 configuring PE and CE IS-IS (MPLS L3VPN), 255 configuring VPNv4 subaddress family common configuring PE and CE OSPF (MPLS L3VPN), 254...

  • Page 401

    BGP VPNv4 subaddress family routing (MPLS IPv6 MCE and VPN site EBGP routing (MPLS L3VPN), 259 L3VPN), 41 BGP VPNv4 subaddress family specific routing IPv6 MCE and VPN site IPv6 IS-IS routing (MPLS (MPLS L3VPN), 261 L3VPN), 40 BGP-VPNv6 subaddress family routing (IPv6 MPLS IPv6 MCE and VPN site OSPFv3 routing (MPLS L3VPN), 356 L3VPN), 39...

  • Page 402

    MCE and PE routing (MPLS L3VPN), 15 RSVP-TE BFD cooperation (MPLS TE), 140 MCE and PE static routing (MPLS L3VPN), 16 RSVP-TE GR (MPLS TE), 1 10, 138 MCE and VPN EBGP routing (MPLS L3VPN), 13 RSVP-TE hello extension (MPLS TE), 109 MCE and VPN IBGP routing (MPLS L3VPN), 14 RSVP-TE refresh mechanism (MPLS TE), 108 MCE and VPN IS-IS routing (MPLS L3VPN), 13...

  • Page 403

    creating distributing CE connection (Kompella MPLS L2VPN), 205 configuring label distribution control mode (MPLS), Martini VC for service instance (MPLS L2VPN), label (MPLS), 54, 55 Martini VC on Layer 3 interface (MPLS L2VPN), label control mode (MPLS), 55 redistributing OSPF loopback interface route into OSPF sham link (MPLS L3VPN), 268 BGP (MPLS L3VPN), 268 tunnel over static CR-LSP (MPLS TE), 102...

  • Page 404

    filtering (configuring LDP label MPLS), 68 configuring PW redundancy (VPLS), 179 flooding MAC address (VPLS), 164 implementing, 166 forwarding LSP access, 167 automatic route advertisement traffic forwarding LSP access PW redundancy, 168 along tunnel (MPLS TE), 1 15 QuinQ access, 167 configuring traffic forwarding (MPLS TE), 1 14 IBGP configuring traffic tuning parameter (MPLS TE), 1 16...

  • Page 405

    creating Martini VC for service (MPLS L2VPN), configuring MCE and PE OSPFv3 routing (MPLS L3VPN), 43 creating VPN (IPv6 MPLS L3VPN), 349 configuring MCE and PE RIPng routing (MPLS creating VPN (MCE MPLS L3VPN), 8 L3VPN), 42 creating VPN (MPLS L3VPN), 249 configuring MCE and PE routing (MPLS L3VPN), OSPF multi-instance on PE (MPLS L3VPN), 245 VPN (MPLS L3VPN), 3, 229...

  • Page 406

    configuring PE and CE OSPFv3, 353 configuring label distribution control mode (MPLS), configuring PE and CE RIPng, 353 configuring PE and CE routing, 352 configuring recording (MPLS TE), 1 13 configuring PE and CE static routing, 352 distribution (MPLS), 54, 55 configuring PE and PE routing, 355 distribution control mode (MPLS), 55 configuring VPN instance, 349...

  • Page 407

    MPLS, 53 MPLS operation, 78 link MPLS TE, 124 configuring BFD for primary link (H-VPLS), 183 VPLS, 173 configuring failed timer (MPLS TE), 1 16 make-before-break (RSVP-TE MPLS TE), 94 configuring MCE routing (MPLS L3VPN), 6, 10 managing creating OSPF sham link (MPLS L3VPN), 268 forwarding (MPLS), 70 FRR protection (MPLS TE), 99 label (MPLS), 55...

  • Page 408

    configuring PE EBGP routing (MPLS L3VPN), 18 metric (MPLS TE tunnel routing), 1 17 configuring PE IBGP routing (MPLS L3VPN), 18 mode configuring PE IS-IS routing (MPLS L3VPN), 17 advertisement mode (MPLS), 55 configuring PE OSPF route advertising (MPLS configuring label distribution control (MPLS), 66 L3VPN), 21 configuring LSR TTL processing (MPLS), 71 configuring PE OSPF routing (MPLS L3VPN), 16...

  • Page 409

    label, 52 implementing CCC, 193 label advertisement mode, 55 implementing Kompella, 194 label distribution, 54, 55 implementing Martini, 194 label management, 55 implementing SVC, 193 label retention mode, 55 inspecting VC, 204 LDP, 55, 58 maintaining, 207 LDP concept, 58 resetting BGP L2VPN session (Kompella), 207 LDP discovery, 59 troubleshooting, 227...

  • Page 410

    configuring IPv6 MCE and VPN site IPv6 IS-IS configuring VPN instance route related attribute routing, 40 (MCE), 9 configuring IPv6 MCE and VPN site OSPFv3 configuring VPN instance tunneling policy, 251 routing, 39 creating OSPF sham link, 268 configuring IPv6 MCE and VPN site RIPng routing, creating VPN instance, 249 creating VPN instance (IPv6 MCE), 36 configuring IPv6 MCE and VPN site routing, 38...

  • Page 411

    routing information exchange PE to remote CE, configuring RSVP-TE reservation style, 107 configuring RSVP-TE resource reservation routing policy, 231 confirmation, 109 site, 2, 229 configuring RSVP-TE state timer, 108 tunneling policy, 231 configuring static CR-LSP, 127 VPN instance, 3, 229 configuring traffic forwarding, 1 14 VPN target attribute, 4 configuring traffic forwarding tuning parameter,...

  • Page 412

    setting up LSP tunnel (RSVP-TE), 95 configuring BGP AS number substitution (MPLS static route traffic forwarding along tunnel, 1 14 L3VPN), 269, 343 static routing, 97 configuring BGP extension (VPLS), 171 traffic characteristics, 92 configuring BGP instance (VPLS), 171 traffic forwarding, 97 configuring BGP L2VPN capability (Kompella troubleshooting, 162 MPLS L2VPN), 204...

  • Page 413

    configuring IS-IS TE (MPLS TE), 105 configuring MCE and VPN IBGP routing (MPLS configuring Kompella (MPLS L2VPN), 204, 220 L3VPN), 14 configuring label distribution control mode (MPLS), configuring MCE and VPN IS-IS routing (MPLS L3VPN), 13 configuring label recording (MPLS TE), 1 13 configuring MCE and VPN OSPF routing (MPLS configuring LDP (VPLS), 169 L3VPN), 12...

  • Page 414

    configuring PE-CE interface of PE (MPLS L2VPN), configuring VPN instance (MPLS L3VPN), 249 configuring VPN instance route related attribute configuring periodic LSP tracert (MPLS TE), 123 (IPv6 MCE MPLS L3VPN), 37 configuring periodic LSP tracert (MPLS), 77 configuring VPN instance route related attribute configuring PHP (MPLS), 65 (IPv6 MPLS L3VPN), 350 configuring protection switching (MPLS TE), 124...

  • Page 415

    hub-spoke networking scheme (MPLS L3VPN), 233 OSPF multi-instance on PE (MPLS L3VPN), 245 H-VPLS access mode, 166 OSPF sham link (MPLS L3VPN), 247 H-VPLS with LSP access, 167 OSPF VPN extension (MPLS L3VPN), 245 H-VPLS with LSP access PW redundancy, 168 packet encapsulation (VPLS), 166 H-VPLS with QuinQ access, 167 packet forwarding (IPv6 MPLS L3VPN), 347...

  • Page 416

    static LSP configuration (MPLS), 81 LDP session establishment (MPLS), 59 static route traffic forwarding along tunnel (MPLS LDP session maintenance (MPLS), 59 TE), 1 14 LDP session termination (MPLS), 59 static routing (MPLS TE), 97 optimizing traffic characteristics (MPLS TE), 92 configuring CR-LSP reoptimization (MPLS TE), 1 12 traffic forwarding (MPLS TE), 97 forwarding (MPLS), 70...

  • Page 417

    configuring IPv6 MCE and VPN site routing (MPLS configuring MCE EBGP routing (MPLS L3VPN), 18 L3VPN), 39 configuring MCE IBGP routing (MPLS L3VPN), 18 configuring PE and CE (IPv6 MPLS L3VPN), 353 configuring MCE IS-IS routing (MPLS L3VPN), 17 packet configuring MCE OSPF routing (MPLS L3VPN), 16 AC encapsulation (VPLS), 166 configuring MCE RIP routing (MPLS L3VPN), 16...

  • Page 418

    policy configuring BGP-VPNv6 subaddress family routing configuring inter-AS IPv6 VPN ASBR PE routing (IPv6 MPLS L3VPN), 356 option C (IPv6 MPLS L3VPN), 359 configuring bypass tunnel on PLR (MPLS TE), 1 19 configuring inter-AS VPN ASBR PE routing policy configuring carrier's carrier (IPv6 MPLS L3VPN), (MPLS L3VPN), 265 configuring LSP triggering (MPLS), 65 configuring carrier's carrier (MPLS L3VPN), 31 1...

  • Page 419

    configuring IPv6 MCE and PE OSPFv3 routing configuring MAC address learning (VPLS), 172 (MPLS L3VPN), 43 configuring Martini (MPLS L2VPN), 201, 216 configuring IPv6 MCE and PE RIPng routing (MPLS configuring Martini remote peer (MPLS L2VPN), L3VPN), 42 configuring IPv6 MCE and PE routing (MPLS configuring MCE (MPLS L3VPN), 21 L3VPN), 42 configuring MCE and PE BGP route advertising...

  • Page 420

    configuring OSPF sham link (MPLS L3VPN), 267, configuring RSVP-TE reservation style (MPLS TE), configuring PE and CE EBGP (IPv6 MPLS L3VPN), configuring RSVP-TE resource reservation confirmation (MPLS TE), 109 configuring PE and CE EBGP (MPLS L3VPN), 256, configuring RSVP-TE state timer (MPLS TE), 108 configuring static CR-LSP (MPLS TE), 127 configuring PE and CE IBGP (MPLS L3VPN), 257, configuring static LSP (MPLS), 62, 81...

  • Page 421

    creating VPN instance (MPLS L3VPN), 249 propagating routing information (nested VPN MPLS displaying information (IPv6 MPLS L3VPN), 359 L3VPN), 242 displaying IPv6 MCE information (MPLS L3VPN), protection configuring FRR polling timer (MPLS TE), 120 displaying LDP operation (MPLS), 80 configuring node (MPLS TE), 120 displaying MCE (MPLS L3VPN), 20 FRR (MPLS TE), 99 displaying MPLS L2VPN, 207...

  • Page 422

    configuring IPv6 MCE and PE EBGP (MPLS L3VPN), 2205 (Resource ReSerVation Protocol), 100 2702 (Requirements for Traffic Engineering Over configuring IPv6 MCE and PE IPv6 IS-IS (MPLS MPLS), 100 L3VPN), 43 2961 (RSVP Refresh Overhead Reduction configuring IPv6 MCE and PE OSPFv3 (MPLS Extensions), 100 L3VPN), 43 3031 (Multiprotocol Label Switching Architecture),...

  • Page 423

    configuring OSPF loopback interface (MPLS MCE and VPN IS-IS (MPLS L3VPN), 7 L3VPN), 268 MCE and VPN OSPF (MPLS L3VPN), 7 configuring OSPF sham link (MPLS L3VPN), 267, MCE and VPN RIP (MPLS L3VPN), 7 MCE and VPN route exchange (MPLS L3VPN), 6 configuring PE and CE (IPv6 MPLS L3VPN), 352 MCE and VPN static routing (MPLS L3VPN), 7 configuring PE and CE (MPLS L3VPN), 253...

  • Page 424

    networking (MPLS L3VPN), 232 clearing (MPLS), 81 SE style (configuring RSVP-TE reservation MPLS TE), configuring (MPLS), 75 strict route (CR-LSP explicit route MPLS TE), 92 sending back ICMP TTL exceeded messages (MPLS), structure (MPLS network), 54 service configuring (MPLS L2VPN), 201, 212 binding with VLPS instance, 172, 175 implementing (MPLS L2VPN), 193 creating Martini VC instance (MPLS L2VPN), 202...

  • Page 425

    configuring tunnel dynamic signaling protocol applications (MCE), 5 (MPLS TE), 103 assigning priority (MPLS TE), 1 14 configuring tunnel traffic flow type (MPLS TE), 1 17 configuring administrative group (CR-LSP MPLS TE), creating tunnel over static CR-LSP (MPLS TE), 102 1 1 1 CR-LSP (MPLS TE), 92 configuring affinity attribute (CR-LSP MPLS TE), 1 1 1...

  • Page 426

    configuring PW redundancy for H-VPLS, 179 configuring hub-spoke network (MPLS L3VPN), displaying, 173 enabling L2VPN and MPLS L2VPN, 169 configuring instance (IPv6 MCE MPLS L3VPN), 36 H-VPLS access mode, 166 configuring instance (IPv6 MPLS L3VPN), 349 H-VPLS with LSP access, 167 configuring instance (MCE MPLS L3VPN), 8 H-VPLS with LSP access PW redundancy, 168 configuring instance (MPLS L3VPN), 249...

  • Page 427

    configuring IPv6 MCE static routing (MPLS L3VPN), configuring PE and PE routing (MPLS L3VPN), 259 configuring VPLS, 163, 174 configuring IPv6 MPLS L3VPN, 346, 348, 361 creating instance (IPv6 MCE MPLS L3VPN), 36 configuring LDP (VPLS), 169 creating instance (IPv6 MPLS L3VPN), 349 configuring LDP instance (IPv6 MPLS L3VPN), 352 creating instance (MCE MPLS L3VPN), 8 configuring LDP instance (MPLS L3VPN), 253...

  • Page 428

    resetting IPv6 BGP connection (MPLS L3VPN), 45 VPNv4 subaddress family routing information advertisement (IPv6 MPLS configuring common routing (MPLS L3VPN), 259 L3VPN), 347 configuring routing (MPLS L3VPN), 259 target attribute (MPLS L3VPN), 4 configuring specific routing (MPLS L3VPN), 261 VPN-IPv4 address (MPLS L3VPN), 3, 229...

Comments to this Manuals

Symbols: 0
Latest comments: