H3C S5500-HI Series Mpls Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Network Router
  5. S5500-HI Switch Series
  6. Mpls configuration manual

H3C S5500-HI Series Mpls Configuration Manual

Hide thumbs Also See for S5500-HI Series:
1
2
3
4
5
6
Table Of Contents
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual
H3C S5500-HI Switch Series
MPLS Configuration Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: Release 5501
Document version: 6W100-20140103

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S5500-HI Series and is the answer not in the manual?

Questions and answers

Related Manuals for H3C S5500-HI Series

Summary of Contents for H3C S5500-HI Series

  • Page 1 H3C S5500-HI Switch Series MPLS Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 5501 Document version: 6W100-20140103...
  • Page 2 Copyright © 2014, Hangzhou H3C Technologies Co., Ltd. and its licensors All rights reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.
  • Page 3 The H3C S5500-HI documentation set includes 12 configuration guides, which describe the software features for the H3C S5500-HI Switch Series and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
  • Page 4 Convention Description Square brackets enclose a set of optional syntax choices separated by vertical bars, from [ x | y | ... ] which you select one or none. Asterisk marked braces enclose a set of required syntax choices separated by vertical { x | y | ...
  • Page 5 Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. About the H3C S5500-HI documentation set The H3C S5500-HI documentation set includes: Category Documents Purposes Marketing brochure Describe product specifications and benefits.

  • Page 6: Obtaining Documentation

    Obtaining documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support & Documents > Technical Documents] –...

  • Page 7: Table Of Contents

    Contents Configuring MCE ························································································································································· 1   MCE overview ··································································································································································· 1   MPLS L3VPN overview ············································································································································· 1   MPLS L3VPN concepts ············································································································································· 2   Multi-VPN-instance CE ············································································································································· 4   How MCE works ······················································································································································ 5   Using MCE in tunneling applications ····················································································································· 5  ...
  • Page 8 Configuring remote LDP session parameters ······································································································ 65   Configuring PHP ···················································································································································· 66   Configuring the policy for triggering LSP establishment ··················································································· 67   Configuring the label distribution control mode ································································································ 67   Configuring LDP loop detection ··························································································································· 68   Configuring LDP MD5 authentication ·················································································································· 69  ...
  • Page 9 Configuring RSVP-TE resource reservation confirmation ················································································· 110   Configuring RSVP authentication ······················································································································· 111   Configuring DSCP for outgoing RSVP packets ································································································· 111   Configuring RSVP-TE GR ····································································································································· 111   Tuning CR-LSP setup ····················································································································································· 112   Configuring route pinning ·································································································································· 112  ...
  • Page 10 Configuring an LDP VPLS instance····················································································································· 170   Configuring BGP VPLS ················································································································································· 171   Configuring the BGP extension ·························································································································· 171   Configuring a BGP VPLS instance ····················································································································· 171   Resetting VPLS BGP connections ························································································································ 172   Binding a service instance with a VPLS instance ······································································································ 172  ...
  • Page 11 Inter-AS VPN ························································································································································ 235   Carrier's carrier ··················································································································································· 238   Nested VPN ························································································································································· 240   HoVPN ·································································································································································· 242   OSPF VPN extension ··········································································································································· 244   BGP AS number substitution and SoO ·············································································································· 246   MPLS L3VPN configuration task list ···························································································································· 247  ...
  • Page 12 Configuration prerequisites ································································································································ 357   Configuring inter-AS IPv6 VPN option A ·········································································································· 357   Configuring inter-AS IPv6 VPN option C ·········································································································· 357   Resetting BGP connections ·········································································································································· 358   Displaying information about IPv6 MPLS L3VPN ······································································································ 359   IPv6 MPLS L3VPN configuration examples ··············································································································· 360  ...

  • Page 13: Configuring Mce

    Configuring MCE The term "router" in this document refers to both routers and Layer 3 switches. The term "interface" in this document refers to Layer 3 interfaces that include VLAN interfaces, Layer 3 Ethernet interfaces, and Layer 3 aggregate interfaces. You can set an Ethernet port as a Layer 3 Ethernet interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).

  • Page 14: Mpls L3Vpn Concepts

    Figure 1 Network diagram for MPLS L3VPN model CEs and PEs mark the boundary between the service providers and the customers. After a CE establishes adjacency with a directly connected PE, it advertises its VPN routes to the PE and learns remote VPN routes from the PE.
  • Page 15 Address space overlapping Each VPN independently manages the addresses it uses. The assembly of such addresses for a VPN is called an address space. The address spaces of VPNs may overlap. For example, if both VPN 1 and VPN 2 use the addresses on network segment 10.1 10.10.0/24, address space overlapping occurs.

  • Page 16: Multi-Vpn-Instance Ce

    An RD can be in one of the following formats distinguished by the Type field: • When the value of the Type field is 0, the Administrator subfield occupies two bytes, the Assigned number subfield occupies four bytes, and the RD format is 16-bit AS number:32-bit user-defined number.

  • Page 17: How Mce Works

    How MCE works Figure 3 shows how an MCE maintains the routing entries of multiple VPNs and how an MCE exchanges VPN routes with PEs. Figure 3 Network diagram for the MCE function VPN 1 VPN 2 Site 1 Site 1 VLAN-int2 VLAN-int7 VLAN-int8...

  • Page 18: Configuring Routing On An Mce

    By establishing multiple tunnels between two MCE devices and binding the tunnel interfaces with VPN instances, you can make the routing information and data of the VPN instances delivered to the peer devices through the bound tunnel interfaces. According to the tunnel interfaces receiving the routes, an MCE device determines the VPN instances that the routes belong to and advertises the routes to the corresponding sites.
  • Page 19 BGP within the VPN, the routes may be learned by other MCE devices, generating route loops. To prevent route loops, configure route tags for different VPN instances on each MCE. H3C recommends that you assign the same route tag to the same VPN on all MCEs.

  • Page 20: Route Exchange Between An Mce And A Pe

    Route exchange between an MCE and a PE Routing information entries are bound to specific VPN instances on an MCE device, and packets of each VPN instance are forwarded between MCE and PE according to interface. As a result, VPN routing information can be transmitted by performing relatively simple configurations between MCE and PE, such as importing the VPN routing entries on MCE devices to the routing table of the routing protocol running between MCE and PEs.
  • Page 21 Step Command Remarks Configure a description for description text Optional the VPN instance. Associating a VPN instance with an interface After VPN instances are configured, you must associate the VPN instances with the interfaces connecting the VPN sites, and: In an MPLS L3VPN application, you must also associate the VPN instances with the interfaces •...

  • Page 22: Configuring Routing On An Mce

    Step Command Remarks Enter system view. system-view Enter VPN instance view. ip vpn-instance vpn-instance-name Enter IPv4 VPN view. ipv4-family Optional. A single vpn-target command can Associate the current VPN vpn-target vpn-target&<1-8> configure up to eight route targets. instance with one or more [ both | export-extcommunity | You can configure up to 64 route route targets.

  • Page 23: Configuring Routing Between Mce And Vpn Site

    Configure the link layer and network layer protocols on related interfaces to ensure IP connectivity. • Configuring routing between MCE and VPN site Configuring static routing between MCE and VPN site An MCE can reach a VPN site through a static route. Static routing on a traditional CE is globally effective and thus does not support address overlapping among VPNs.
  • Page 24 Step Command Remarks import-route protocol [ process-id ] Redistribute remote site routes [ allow-ibgp ] [ cost cost | By default, no route is redistributed advertised by the PE. route-policy route-policy-name | into RIP. tag tag ] * Configure the default cost Optional.
  • Page 25 VPN routes. the routes, resulting in routing loops. To avoid such routing loops, you can configure route tags for VPN instances on an MCE. H3C recommends configuring the same route tag for the same VPN on the MCEs.
  • Page 26 Step Command Remarks Configure a network entity network-entity net Not configured by default. title. Optional. import-route { isis [ process-id ] | ospf [ process-id ] | rip By default, IS-IS does not [ process-id ] | bgp [ allow-ibgp ] | redistribute routes of any other Redistribute remote site routes direct | static } [ cost cost |...
  • Page 27 Step Command Remarks Optional. Configure a filtering policy to filter-policy { acl-number | By default, BGP does not filter the filter the received routes. ip-prefix ip-prefix-name } import received routes. BGP checks routing loops by examining AS numbers. When EBGP is used, the MCE advertises routing information carrying the local AS number to the site and then receives routing updates from the site.

  • Page 28: Configuring Routing Between Mce And Pe

    Step Command Remarks import-route protocol [ process-id Redistribute remote site routes By default, no route redistribution | all-processes ] [ med med-value | advertised by the PE. is configured. route-policy route-policy-name ] * filter-policy { acl-number | Optional. Configure a filtering policy to ip-prefix ip-prefix-name } export filter the routes to be By default, BGP does not filter the...
  • Page 29 Step Command Remarks • ip route-static dest-address { mask | mask-length } { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] [ tag tag-value ] [ description description-text ] Configure a static route for a Use either •...
  • Page 30 Step Command Remarks Disabled by default. You must disable routing loop Disable routing loop detection for a VPN OSPF process on vpn-instance-capability simple detection. the MCE. Otherwise, the MCE cannot receive OSPF routes from the Optional. Configure the OSPF domain-id domain-id [ secondary ] domain ID.
  • Page 31 Step Command Remarks filter-policy { acl-number | ip-prefix Optional. Configure a filtering ip-prefix-name | route-policy policy to filter route-policy-name } export [ isis By default, IS-IS does not filter advertised routes. process-id | ospf process-id | rip advertised routes. process-id | bgp | direct | static ] Return to system view.

  • Page 32: Resetting Bgp Connections

    Step Command Remarks import-route protocol [ process-id | Redistribute the VPN routes By default, no route all-processes ] [ med med-value | of the VPN site. redistribution is configured. route-policy route-policy-name ] * Optional. Configure the egress router peer { group-name | ip-address } of the site as a client of the By default, no route reflector or reflect-client...

  • Page 33: Displaying And Maintaining Mce

    Displaying and maintaining MCE Task Command Remarks Display information about the display ip routing-table vpn-instance routing table associated with a vpn-instance-name [ verbose ] [ | { begin | Available in any view VPN instance. exclude | include } regular-expression ] Display information about a display ip vpn-instance [ instance-name specific VPN instance or all VPN...

  • Page 34: Mce Configuration Examples

    Task Command Remarks display bgp vpnv4 vpn-instance vpn-instance-name routing-table [ network-address [ { mask | mask-length } [ longer-prefixes ] ] | as-path-acl as-path-acl-number | cidr | community [ aa:nn ]&<1-13> [ no-advertise | no-export | no-export-subconfed ] * [ whole-match ] | community-list { basic-community-list-number Display the BGP VPNv4 routing [ whole-match ] |...
  • Page 35 Figure 6 Network diagram Configuration procedure Assume that the system name of the MCE device is MCE, the system names of the edge devices of VPN 1 and VPN 2 are VR1 and VR2, respectively, and the system name of PE 1 is PE1. Configure the VPN instances on the MCE and PE 1: # On the MCE, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance.
  • Page 36 [MCE-Vlan-interface10] ip address 10.214.10.3 24 # Configure VLAN 20, add port GigabitEthernet 1/0/2 to VLAN 20, bind VLAN-interface 20 with VPN instance vpn2, and specify an IP address for VLAN-interface 20. [MCE-Vlan-interface10] quit [MCE] vlan 20 [MCE-vlan20] port gigabitethernet 1/0/2 [MCE-vlan20] quit [MCE] interface vlan-interface 20 [MCE-Vlan-interface20] ip binding vpn-instance vpn2...
  • Page 37 # Run RIP in VPN 2. Create RIP process 20 and bind it with VPN instance vpn2 on the MCE, so that the MCE can learn the routes of VPN 2 and add them to the routing table of the VPN instance vpn2.
  • Page 38 [MCE-Vlan-interface30] ip binding vpn-instance vpn1 [MCE-Vlan-interface30] ip address 30.1.1.1 24 [MCE-Vlan-interface30] quit # On the MCE, create VLAN 40 and VLAN-interface 40, bind the VLAN interface with VPN instance vpn2, and configure an IP address for the VLAN interface. [MCE] vlan 40 [MCE-vlan40] quit [MCE] interface vlan-interface 40 [MCE-Vlan-interface40] ip binding vpn-instance vpn2...

  • Page 39: Using Bgp To Advertise Vpn Routes To The Pe

    [PE1-ospf-10] quit # On PE 1, display the routing table of VPN1. [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 5 Routes : 5 Destination/Mask Proto Cost NextHop Interface 30.1.1.0/24 Direct 0 30.1.1.2 Vlan30 30.1.1.2/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8...
  • Page 40 Figure 7 Network diagram Configuration procedure Configure VPN instances: # Create VPN instances on the MCE and PE 1, and bind the VPN instances with VLAN interfaces. For the configuration procedure, see "Using OSPF to advertise VPN routes to the PE."...
  • Page 41 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 192.168.0.0/24 OSPF 10.214.10.2 Vlan10 The output shows that the MCE has learned the private route of VPN 1 through OSPF process 10. # On MCE, bind OSPF process 20 with VPN instance vpn2 to learn the routes of VPN 2. The configuration procedure is similar to that for OSPF process 10.

  • Page 42: Using Tunnels To Advertise Vpn Routes

    127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 192.168.0.0/24 30.1.1.1 Vlan30 # Perform similar configuration on the MCE and PE 1 for VPN 2. Redistribute the OSPF routes of VPN instance vpn2 into the EBGP routing table. (Details not shown.) The following output shows that PE 1 has learned the private route of VPN 2 through BGP: [PE1] display ip routing-table vpn-instance vpn2 Routing Tables: vpn2 Destinations : 5...
  • Page 43 network is simplified into two separate topologies, as shown in Figure 9 Figure 10. Thus, MCEs advertise routes of different VPNs through different paths. For VPN 1, advertise interface addresses on the two MCEs in area 0, making the entire VPN a single OSPF domain.
  • Page 44 # Specify the tunnel protocol as GRE. [MCE1-Tunnel0] tunnel-protocol gre # Specify the source address of the tunnel. [MCE1-Tunnel0] source vlan-interface 100 # Specify the destination address of the tunnel. [MCE1-Tunnel0] destination 172.16.1.1 [MCE1-Tunnel0] quit # Create loopback group 1 and specify the service type as tunnel. [MCE1] service-loopback group 1 type tunnel # Add any unused port (GigabitEthernet 1/0/3 in this example) to loopback group 1.
  • Page 45 [MCE2-Vlan-interface101] ip address 172.16.2.1 255.255.255.0 [MCE2-Vlan-interface101] quit # Create the interface Tunnel0. [MCE2] interface tunnel 0 # Configure an IP address for the Tunnel0 interface. [MCE2-Tunnel0] ip address 10.1.1.2 255.255.255.0 # Specify the tunnel protocol as GRE. [MCE2-Tunnel0] tunnel-protocol gre # Specify the source address of the tunnel.
  • Page 46 [MCE1-vpn-instance-vpn2] route-distinguisher 1:3 [MCE1-vpn-instance-vpn2] vpn-target 1:3 [MCE1-vpn-instance-vpn2] quit # Bind VLAN-interface 10 and Tunnel 0 with VPN instance vpn1, and configure IP addresses for the VLAN interface and tunnel interface. [MCE1] vlan 10 [MCE1-vlan10] port gigabitethernet 1/0/10 [MCE1-vlan10] quit [MCE1] interface vlan-interface 10 [MCE1-Vlan-interface10] ip binding vpn-instance vpn1 [MCE1-Vlan-interface10] ip address 10.214.10.1 24 [MCE1-Vlan-interface10] quit...
  • Page 47 [MCE2] interface vlan-interface 20 [MCE2-Vlan-interface20] ip binding vpn-instance vpn1 [MCE2-Vlan-interface20] ip address 10.214.30.1 24 [MCE2-Vlan-interface20] quit [MCE2] interface tunnel 0 [MCE2-Tunnel0] ip binding vpn-instance vpn1 [MCE2-Tunnel0] ip address 10.1.1.2 24 # Bind VLAN-interface 21 and Tunnel 1 with VPN instance vpn2, and configure IP addresses for the VLAN interface and tunnel interface.
  • Page 48 [MCE1-ospf-2-area-0.0.0.0] # Advertise the address of tunnel interface Tunnel 1. [MCE1-ospf-2-area-0.0.0.0] network 10.1.2.1 0.0.0.255 # Configure RIP process 1 for VPN instance vpn2. [MCE1] rip 1 vpn-instance vpn2 [MCE1-rip-1] # Advertise the IP address of VLAN-interface 11. [MCE1-rip-1] network 10.214.20.1 # Redistribute routes learned by OSPF process 2 to RIP process 1.

  • Page 49: Configuring Ipv6 Mce

    Configuring IPv6 MCE Overview In an IPv6 MPLS L3 VPN, an IPv6 MCE advertises IPv6 routing information between the VPN and the connected PE and forwards IPv6 packets. An IPv6 MCE operates in the same way as an IPv4 MCE. For more information, see "Configuring MCE."...
  • Page 50 Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Associate a VPN instance ip binding vpn-instance By default, no VPN instance is with the interface. vpn-instance-name associated with the interface. Configuring route related attributes for a VPN instance The control process of VPN route advertisement is as follows: When a VPN route learned from a CE gets redistributed into BGP, BGP associates it with a route •...

  • Page 51: Configuring Routing On An Ipv6 Mce

    NOTE: Route related attributes configured in VPN instance view are applicable to both IPv4 VPNs and IPv6 • VPNs. You can configure route related attributes for IPv6 VPNs in both VPN instance view and IPv6 VPN view. • Those configured in IPv6 VPN view take precedence. Configuring routing on an IPv6 MCE An IPv6 MCE implements service isolation through route isolation.
  • Page 52 Step Command Remarks • ipv6 route-static ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | next-hop-address | vpn-instance d-vpn-instance-name Use either command. nexthop-address } [ preference Perform this preference-value ] Configure an IPv6 static route configuration on the • ipv6 route-static vpn-instance for an IPv6 VPN instance.
  • Page 53 For more information about OSPFv3, see Layer 3—IP Routing Configuration Guide. To configure OSPFv3 between IPv6 MCE and VPN site: Step Command Remarks Enter system view. system-view Create an OSPFv3 process for Perform this configuration on the ospfv3 [ process-id ] vpn-instance a VPN instance and enter IPv6 MCE.
  • Page 54 Step Command Remarks Optional. By default, no routes from any ipv6 import-route protocol other routing protocol are [ process-id ] [ allow-ibgp ] [ cost Redistribute remote site routes redistributed to IPv6 IS-IS. cost | [ level-1 | level-1-2 | advertised by the PE.

  • Page 55: Configuring Routing Between Ipv6 Mce And Pe

    Configure a VPN site: Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. Configure the IPv6 MCE as peer ipv6-address as-number the EBGP peer. as-number Optional. By default, no route redistribution import-route protocol [ process-id Redistribute the IGP routes of is configured.
  • Page 56 Step Command Remarks Create a RIPng process for an ripng [ process-id ] vpn-instance IPv6 VPN instance and enter vpn-instance-name RIPng view. import-route protocol [ process-id ] By default, no route of any other Redistribute the VPN routes. [ allow-ibgp ] [ cost cost | routing protocol is redistributed route-policy route-policy-name ] * into RIPng.
  • Page 57 Step Command Remarks Configure a network entity network-entity net Not configured by default. title. Enable the IPv6 capacity for ipv6 enable Disabled by default. the IS-IS process. Optional. By default, IS-IS does not ipv6 import-route protocol redistribute routes of any other [ process-id ] [ allow-ibgp ] [ cost routing protocol.

  • Page 58: Resetting Bgp Connections

    Resetting BGP connections When BGP configuration changes, you can use the soft reset function or reset BGP connections to make new configurations take effect. Soft reset requires that BGP peers have route refreshment capability (supporting Route-Refresh messages). Use the following commands to hard reset or soft reset BGP connections: Step Command Remarks...

  • Page 59: Ipv6 Mce Configuration Examples

    IPv6 MCE configuration examples Using IPv6 ISIS to advertise VPN routes to the PE Network requirements As shown in Figure 1 1, the IPv6 MCE device is connected to VPN 1 through VLAN-interface 10 and to VPN 2 through VLAN-interface 20. RIPng is used in VPN 2. Configure the IPv6 MCE to separate routes from different VPNs and advertise VPN routes to PE 1 through OSPFv3.
  • Page 60 [MCE-vpn-instance-vpn1] vpn-target 10:1 [MCE-vpn-instance-vpn1] quit [MCE] ip vpn-instance vpn2 [MCE-vpn-instance-vpn2] route-distinguisher 20:1 [MCE-vpn-instance-vpn2] vpn-target 20:1 [MCE-vpn-instance-vpn2] quit # Create VLAN 10, add port GigabitEthernet 1/0/1 to VLAN 10, and create VLAN-interface 10. [MCE] vlan 10 [MCE-vlan10] port gigabitethernet 1/0/1 [MCE-vlan10] quit # Bind VLAN-interface 10 with VPN instance vpn1, and configure an IPv6 address for the VLAN interface.
  • Page 61 # Run RIPng in VPN 2. Configure RIPng process 20 for VPN instance vpn2 on the MCE, so that the MCE can learn the routes of VPN 2 and add them to the routing table of VPN instance vpn2. # Configure RIPng process 20, binding it with VPN instance vpn2. [MCE] ripng 20 vpn-instance vpn2 # Advertise subnet 2002:1::/64 through RIPng.
  • Page 62 Destinations : 5 Routes : 5 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2002:1::/64 Protocol : Direct NextHop : 2002:1::1 Preference: 0 Interface : Vlan20 Cost Destination: 2002:1::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface...
  • Page 63 [MCE-vlan40] quit [MCE] interface vlan-interface 40 [MCE-Vlan-interface40] ip binding vpn-instance vpn2 [MCE-Vlan-interface40] ipv6 address 40::1 64 [MCE-Vlan-interface40] quit # On PE 1, create VLAN 30 and VLAN-interface 30, bind VLAN-interface 30 with VPN instance vpn1 and configure an IPv6 address for the VLAN-interface 30. [PE1] vlan 30 [PE1-vlan30] quit [PE1] interface vlan-interface 30...
  • Page 64 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 30::/64 Protocol : Direct NextHop : 30::2 Preference: 0 Interface : Vlan30 Cost Destination: 30::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2012:1::/64 Protocol...

  • Page 65: Configuring Basic Mpls

    Configuring basic MPLS The S5500-28SC-HI and S5500-52SC-HI switches do not support MPLS. MPLS overview Multiprotocol Label Switching (MPLS) enables connection-oriented label switching on connectionless IP networks. It integrates both the flexibility of IP routing and the simplicity of Layer 2 switching. MPLS has the following advantages: MPLS forwards packets according to short- and fixed-length labels, instead of Layer 3 header •...
  • Page 66 S—One bit in length. MPLS supports multiple levels of labels. This field indicates whether a label is • at the bottom of the label stack. A value of 1 indicates that the label is at the bottom of the label stack.

  • Page 67: Mpls Network Structure

    MPLS network structure Figure 14 Diagram of the MPLS network structure LSRs in the same routing or administrative domain form an MPLS domain. An MPLS domain consists of the following types of LSRs: • Ingress LSRs receive and label packets coming into the MPLS domain. Transit LSRs forward packets along LSPs to their egress LERs according to the labels.

  • Page 68: Label Distribution And Management

    A downstream LSR classifies FECs according to destination addresses. It assigns a label to a FEC, and distributes the FEC-label binding to its upstream LSR, which then establishes an LFIB entry for the FEC according to the binding information. After all LSRs along the packet forwarding path establish a LFIB entry for the FEC, an LSP is established for packets of this FEC.
  • Page 69 In DU mode, an LSR assigns a label to a FEC and then distributes the FEC-label binding to its • upstream LSR without solicitation. The switch supports only the DU mode. In DoD mode, an LSR assigns a label to a FEC and distributes the FEC-label binding to its upstream •...

  • Page 70: Mpls Forwarding

    MPLS forwarding LFIB An LFIB comprises the following table entries: Next Hop Label Forwarding Entry (NHLFE)—Describes the label operation to be performed. It is • used to forward MPLS packets. • FEC to NHLFE (FTN) map—FTN maps each FEC to a set of NHLFEs at the ingress LSR. The FTN map is used for forwarding unlabeled packets that need MPLS forwarding.

  • Page 71: Ldp

    Upon receiving the labeled packet, Router C looks for the ILM entry that contains the label 40 to get the Token value. Because the Token value is not empty, Router C looks for the corresponding NHLFE entry containing the Token value. According to the NHLFE entry, Router C swaps the original label with label 50, and then forwards the labeled packet to the next hop LSR (Router D) through the outgoing interface.
  • Page 72 Basic concepts of LDP LDP session—LDP sessions are established between LSRs over TCP connections to exchange • messages for label binding, label releasing, and error notification. • LDP peer—Two LSRs using LDP to exchange FEC-label bindings are LDP peers. LDP message type LDP messages fall into the following types: •...

  • Page 73: Protocols

    LSP establishment and maintenance LDP sends label requests and label binding messages between LDP peers to establish LSPs. For the LSP establishment process, see "LSP establishment and label distribution." Session termination An LSR terminates its LDP session with an LDP peer in the following cases: All Hello adjacencies deleted between the two peers LDP peers periodically send Hello messages to indicate that they intend to keep the Hello adjacency.

  • Page 74: Enabling The Mpls Function

    Task Remarks Configuring LDP loop detection Optional Configuring LDP MD5 authentication Optional Configuring LDP label filtering Optional Configuring DSCP for outgoing LDP Optional packets Configuring BFD for MPLS LDP Optional Maintaining LDP sessions Resetting LDP sessions Optional Configuring TTL processing mode at Optional ingress Managing and optimizing MPLS...

  • Page 75: Configuring A Static Lsp

    An MPLS LSR ID is in the format of an IP address and must be unique Configure the MPLS LSR ID. mpls lsr-id lsr-id within an MPLS domain. H3C recommends using the IP address of a loopback interface on an LSR as the MPLS LSR ID.

  • Page 76: Establishing Dynamic Lsps Through Ldp

    Step Command Remarks • On the ingress node: static-lsp ingress lsp-name destination dest-addr mask | mask-length } { nexthop next-hop-addr | out-label out-label • On a transit node: static-lsp transit lsp-name Follow the configuration guidelines to set correct incoming-interface interface-type Configure a static LSP.

  • Page 77: Configuring Local Ldp Session Parameters

    Configuring local LDP session parameters LDP sessions established between local LDP peers are local LDP sessions. To establish a local LDP session: Determine the LDP transport addresses of the two peers and make sure that the LDP transport • addresses are reachable to each other. This step is to establish the TCP connection. •...

  • Page 78: Configuring Php

    Step Command Remarks Enter system view. system-view Create a remote peer entity mpls ldp remote-peer and enter MPLS LDP remote remote-peer-name peer view. The remote peer IP address must be Configure the remote peer IP remote-ip ip-address different from all existing remote address.

  • Page 79: Configuring The Policy For Triggering Lsp Establishment

    Step Command Remarks Optional. Specify the type of the label to label advertise { explicit-null | By default, an egress distributes to be distributed by the egress to implicit-null | non-null } the penultimate hop an implicit null the penultimate hop. label.

  • Page 80: Configuring Ldp Loop Detection

    To configure the LDP label distribution control mode: Step Command Remarks Enter system view. system-view Enter MPLS LDP view. mpls ldp Optional. Ordered by default. For LDP sessions existing before the Specify the label distribution label-distribution { independent | command is configured, you must control mode.

  • Page 81: Configuring Ldp Md5 Authentication

    LDP loop detection can result in LSP update, which generates redundant information and consume • many system resources. H3C recommends configuring the routing protocol's loop detection mechanism. Configuration procedure To configure LDP loop detection: Step Command Remarks Enter system view.
  • Page 82 For two neighboring LSRs, configuring a label acceptance control policy on the upstream LSR and configuring a label advertisement control policy on the downstream LSR have the same effect. To reduce network traffic, H3C recommends configuring only label advertisement control policies.

  • Page 83: Configuring Dscp For Outgoing Ldp Packets

    To configure LDP label filtering policies: Step Command Remarks Enter system view. system-view Enter MPLS LDP view. mpls ldp Optional. Configure a label acceptance accept-label peer peer-id ip-prefix control policy. ip-prefix-name Not configured by default. advertise-label ip-prefix Configure a label ip-prefix-name [ peer Not configured by default.

  • Page 84: Resetting Ldp Sessions

    Resetting LDP sessions If you change LDP session parameters when some LDP sessions are up, the LDP sessions cannot function normally. In this case, reset LDP sessions so the LDP peers will renegotiate parameters and establish new sessions. Use the following command to reset LDP sessions: Task Command Remarks...

  • Page 85: Sending Back Icmp Ttl Exceeded Messages For Mpls Ttl Expired Packets

    Figure 22 Label TTL processing when IP TTL propagation is disabled Configuration guidelines To enable IP TTL propagation for a VPN, you must enable it on all PE devices in the VPN, so you can get the same traceroute result (hop count) from those PEs. For more information about PEs, see "Configuring MPLS L3VPN."...

  • Page 86: Configuring Ldp Gr

    carry only one level of labels but these devices have no IP routes to the packet senders, the first method is not applicable. In this case, you can configure the undo ttl expiration pop command on these devices so the devices use the second method. For more information about HoVPN and nested VPN, see "Configuring MPLS L3VPN."...
  • Page 87 Figure 23 LDP GR GR helper GR restarter GR helper GR helper LDP session with GR capability As shown in Figure 23, two LDP peers perform GR negotiation when establishing an LDP session. The LDP session established is GR capable only when both peers support LDP GR. The working procedure of LDP GR is as follows: Whenever restarting, the GR restarter preserves all MPLS forwarding entries, marks them as stale, and starts the MPLS forwarding state holding timer for them.

  • Page 88: Setting Mpls Statistics Reading Interval

    Step Command Remarks Enter system view. system-view Enter MPLS LDP view. mpls ldp Enable MPLS LDP GR. graceful-restart Disabled by default. Optional. graceful-restart timer reconnect Set the FT reconnect time. timer 300 seconds by default. Optional. Set the LDP neighbor liveness graceful-restart timer time.

  • Page 89: Configuring Mpls Lsp Ping

    MPLS LSP tracert • • BFD for LSPs Periodic LSP tracert • Configuring MPLS LSP ping MPLS LSP ping is for checking the connectivity of an LSP. At the ingress, it adds the label for the FEC to be inspected into an MPLS echo request, which then is forwarded along the LSP to the egress. The egress processes the request packet and returns an MPLS echo reply to the ingress.

  • Page 90: Configuring Bfd For Lsps

    Task Command Remarks Available in any view. tracert lsp [ -a source-ip | -exp When equal-cost LSPs exist exp-value | -h ttl-value | -r Perform MPLS LSP tracert to locate between the ingress node and the reply-mode |-t time-out ] * ipv4 errors along an MPLS LSP.

  • Page 91: Configuring Periodic Lsp Tracert

    Configuration procedure To configure BFD for LSPs: Step Command Remarks Enter system view. system-view Enable LSP verification and mpls lspv Not enabled by default enter the MPLS LSPV view. bfd enable destination-address Configure BFD to detect LSP mask-length [ nexthop Not configured by default connectivity.

  • Page 92: Enabling Mpls Trap

    Enabling MPLS trap With the MPLS trap function enabled, trap packets of the notifications level are generated to report critical MPLS events. Such trap packets are sent to the information center of the device. Whether and where the packets are output depend on the configurations of the information center. For information on how to configure the information center, see Network Management and Monitoring Configuration Guide.

  • Page 93: Displaying Mpls Ldp Operation

    Task Command Remarks display mpls lsp bfd [ ipv4 Display the BFD detection destination-address mask-length ] [ | { begin | Available in any view information for an LSP. exclude | include } regular-expression ] display mpls nhlfe [ token ] [ verbose ] [ slot Display information about NHLFE slot-number ] [ include text | { | { begin | Available in any view...

  • Page 94: Clearing Mpls Statistics

    Task Command Remarks display mpls ldp remote-peer [ remote-name Display information about remote remote-peer-name ] [ | { begin | exclude | Available in any view LDP peers. include } regular-expression ] display mpls ldp session [ all [ verbose ] | Display information about LDP [ vpn-instance vpn-instance-name ] [ peer-id | Available in any view...
  • Page 95 Figure 24 Network diagram Loop0 Loop0 Loop0 2.2.2.9/32 3.3.3.9/32 1.1.1.9/32 Vlan-int2 Vlan-int3 10.1.1.1/24 20.1.1.2/24 Vlan-int4 Vlan-int5 Vlan-int2 Vlan-int3 11.1.1.1/24 21.1.1.1/24 10.1.1.2/24 20.1.1.1/24 Switch A Switch B Switch C 11.1.1.0/24 21.1.1.0/24 Configuration considerations On an LSP, the out label of an upstream LSR must be identical with the in label of its downstream •...
  • Page 96 [SwitchB-Vlan-interface3] quit # Configure Switch C. [SwitchC] mpls lsr-id 3.3.3.9 [SwitchC] mpls [SwitchC-mpls] quit [SwitchC] interface vlan-interface 3 [SwitchC-Vlan-interface3] mpls [SwitchC-Vlan-interface3] quit Create a static LSP from Switch A to Switch C: # Configure the LSP ingress, Switch A. [SwitchA] static-lsp ingress AtoC destination 21.1.1.0 24 nexthop 10.1.1.2 out-label # Configure the LSP transit node, Switch B.

  • Page 97: Configuring Ldp To Establish Lsps Dynamically

    0.00% packet loss round-trip min/avg/max = 1/1/2 ms # On Switch C, test the connectivity of the LSP from Switch C to Switch A. [SwitchC] ping lsp -a 21.1.1.1 ipv4 11.1.1.0 24 LSP Ping FEC: IPV4 PREFIX 11.1.1.0/24 : 100 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=100 Sequence=1 time = 3 ms Reply from 10.1.1.1: bytes=100 Sequence=2 time = 2 ms...
  • Page 98 [Sysname] sysname SwitchA [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure OSPF on Switch B. <Sysname> system-view [Sysname] sysname SwitchB [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255...
  • Page 99 # Configure MPLS and MPLS LDP on Switch A. [SwitchA] mpls lsr-id 1.1.1.9 [SwitchA] mpls [SwitchA-mpls] quit [SwitchA] mpls ldp [SwitchA-mpls-ldp] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] mpls [SwitchA-Vlan-interface2] mpls ldp [SwitchA-Vlan-interface2] quit # Configure MPLS and MPLS LDP on Switch B. [SwitchB] mpls lsr-id 2.2.2.9 [SwitchB] mpls [SwitchB-mpls] quit...
  • Page 100 LDP Peer Information in Public network Total number of peers: 1 ----------------------------------------------------------------- Peer-ID Transport-Address Discovery-Source ---------------------------------------------------------------- 2.2.2.9:0 2.2.2.9 Vlan-interface2 ---------------------------------------------------------------- Allow all static routes and IGP routes to trigger LDP to establish LSPs: # Configure the LSP establishment triggering policy on Switch A. [SwitchA] mpls [SwitchA-mpls] lsp-trigger all [SwitchA-mpls] return...

  • Page 101: Configuring Bfd For Lsps

    5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/2/3 ms # On Switch C, test the connectivity of the LDP LSP from Switch C to Switch A. [SwitchC] ping lsp ipv4 11.1.1.0 24 LSP Ping FEC: IPV4 PREFIX 11.1.1.0/24 : 100 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=100 Sequence=1 time = 2 ms Reply from 10.1.1.1: bytes=100 Sequence=2 time = 2 ms...
  • Page 102 Tunnel ID : --- NextHop : --- Session State : Up Source IP : 3.3.3.9 Session Role : Passive : 21.1.1.0/24 Type : LSP Local Discr : 129 Remote Discr : 129 Tunnel ID : 0x6040000 NextHop : 10.1.1.2 Session State : Up Source IP : 1.1.1.9 Session Role...

  • Page 103: Configuring Mpls Te

    Configuring MPLS TE The S5500-28SC-HI and S5500-52SC-HI switches do not support MPLS TE. Overview Network congestion is one of the major problems that can degrade your network backbone performance. It may occur either when network resources are inadequate or when load distribution is unbalanced.

  • Page 104: Basic Concepts Of Mpls Te

    With MPLS TE, a network administrator can eliminate network congestion by creating some LSPs and congestion bypass nodes. Special offline tools are also available for the traffic analysis performed when the number of LSPs is large. Basic concepts of MPLS TE LSP tunnel On an LSP, after packets are labeled at the ingress node, the packets are forwarded based on label.

  • Page 105: Cr-Lsp

    They are different in that CR-LDP establishes LSPs using TCP while RSVP-TE uses raw IP. RSVP is a well-established technology in terms of its architecture, protocol procedures and support to services. CR-LDP is an emerging technology with better scalability. The switch supports only the RSVP-TE signaling protocol. Forwarding packets Packets are forwarded over established tunnels.

  • Page 106: Rsvp-Te

    explicit route (ER-hop) with required resources is used. The established CR-LSP, however, may change when the route changes, for example, when a better next hop becomes available. If this is undesirable, the network administrator can set up the CR-LSP using route underpinning to make it a permanent path. Administrative group and affinity attribute The affinity attribute of an MPLS TE tunnel identifies the properties of the links that the tunnel can use.
  • Page 107 Fixed-filter (FF) style—Resources are reserved for individual senders and cannot be shared among senders on the same session. Shared-explicit (SE) style—Resources are reserved for senders on the same session and shared among them. SE is only used for make-before-break because multiple LSPs cannot be present on the same session.
  • Page 108 ResvConf messages—Sent to receivers to confirm Resv messages. • • Hello messages—Sent between any two directly connected RSVP neighbors to set up and maintain the neighbor relationship that has local significance on the link. The TE extension to RSVP adds new objects to the Path message and the Resv message. These objects carry not only label bindings but also routing constraints, supporting CR-LSP and FRR.
  • Page 109 On an interface enabled with the Message_ID mechanism, you can configure RSVP message retransmission. If a node sends a message carrying the Message_ID object, and the ACK_Desired flag in the object is set, the node expects a response that carries the Message_ID_ACK object during the initial retransmission interval (Rf).

  • Page 110: Traffic Forwarding

    If a GR helper and the GR restarter reestablish a Hello session before the restart timer expires, the recovery timer is started and signaling packet exchanging is triggered to restore the original soft state. Otherwise, all RSVP soft state information and forwarding entries relevant to the neighbor are removed. If the recovery timer expires, soft state information and forwarding entries that are not restored during the GR restarting process are removed.

  • Page 111: Cr-Lsp Backup

    Figure 28 IGP shortcut and forwarding adjacency A TE tunnel is present between Router D and Router C. With IGP shortcut enabled, the ingress node Router D can use this tunnel when calculating IGP routes. This tunnel, however, is invisible to Router A; therefore, Router A cannot use this tunnel to reach Router C.
  • Page 112 Basic concepts The following are concepts that FRR involves throughout this document: • Primary LSP—The protected LSP. Bypass LSP—An LSP used to protect the primary LSP. • Point of local repair (PLR)—The ingress of the bypass LSP. It must be located on the primary LSP but •...

  • Page 113: Ps For An Mpls Te Tunnel

    PS for an MPLS TE tunnel Protection switching (PS) refers to establishing one or more protection tunnels (backup tunnels) for a primary tunnel. A primary tunnel and its protection tunnels form a protection group. When the primary tunnel fails, data is switched to a protection tunnel immediately, greatly improving the reliability of the network.

  • Page 114: Mpls Te Configuration Task List

    RFC 2961, RSVP Refresh Overhead Reduction Extensions • • RFC 3564, Requirements for Support of Differentiated Service-aware MPLS Traffic Engineering ITU-T Recommendation Y.1720, Protection switching for MPLS networks • MPLS TE configuration task list Task Remarks Configuring basic MPLS TE Creating an MPLS TE Tunnel over a static CR-LSP Configuring an Use either approach.

  • Page 115: Creating An Mpls Te Tunnel Over A Static Cr-Lsp

    Step Command Remarks Enable interface MPLS TE. mpls te Disabled by default. Return to system view. quit Create a tunnel interface and interface tunnel tunnel-number enter its view. Assign an IP address to the ip address ip-address netmask Optional. tunnel interface. Set the tunnel protocol to tunnel-protocol mpls te MPLS TE.

  • Page 116: Creating An Mpls Te Tunnel With A Dynamic Signaling Protocol

    Step Command Remarks Configure the tunnel to mpls te signal-protocol static use static CR-LSP. Submit the current tunnel mpls te commit configuration. Exit to system view. quit Use any of the commands according to the location of the • At the ingress node: device in the network.

  • Page 117: Configuration Procedure

    Configure basic MPLS TE. • Configuration procedure Complete the following tasks to configure an MPLS TE tunnel using a dynamic signaling protocol: Task Remarks Configuring CSPF Optional. Configuring OSPF TE Required when CSPF is configured. Choose one depending on the IGP protocol used. Configuring IS-IS TE Configuring an MPLS TE explicit path Optional.
  • Page 118 IS-IS TE does not support secondary IP address advertisement. With IS-IS TE enabled on an interface configured with multiple IP addresses, IS-IS TE advertises only the primary IP address of the interface through the sub-TLV of IS reachability TLV (type 22). H3C recommends avoiding enabling IS-IS TE on an interface configured with secondary IP addresses.
  • Page 119 When inserting nodes to an explicit path or modifying nodes on it, you can configure the include keyword to have the established LSP traverse the specified nodes or the exclude keyword to have the established LSP bypass the specified nodes. To configure an MPLS TE explicit path: Step Command...

  • Page 120: Configuring Rsvp-Te Advanced Features

    Step Command Remarks Submit current tunnel mpls te commit configuration. Establishing an MPLS TE tunnel with RSVP-TE To use RSVP-TE as the signaling protocol for setting up the MPLS TE tunnel, you must enable both MPLS TE and RSVP-TE on the interfaces for the tunnel to use on each node along the tunnel. To establish an MPLS TE tunnel with RSVP-TE: Step Command...

  • Page 121: Configuring Rsvp State Timers

    FF—Resources are reserved for individual senders and cannot be shared among senders on the • same session. SE—Resources are reserved for senders on the same session and shared among them. • In current MPLS TE applications, the SE style is mainly used for make-before-break. The FF style is rarely used.

  • Page 122: Configuring The Rsvp Hello Extension

    Step Command Remarks Enter system view. system-view Enter interface view of MPLS interface interface-type TE link. interface-number Optional. Enable the reliability mpls rsvp-te reliability mechanism of RSVP-TE. Disabled by default. mpls rsvp-te timer retransmission { increment-value Optional. Enable retransmission. [ increment-value ] | Disabled by default.

  • Page 123: Configuring Rsvp Authentication

    To configure RSVP-TE resource reservation confirmation: Step Command Remarks Enter system view. system-view Enter MPLS view. mpls Enable resource reservation mpls rsvp-te resvconfirm Disabled by default. confirmation. Configuring RSVP authentication RSVP adopts hop-by-hop authentication to prevent fake resource reservation requests from occupying network resources.

  • Page 124: Tuning Cr-Lsp Setup

    Step Command Remarks Enable global RSVP hello mpls rsvp-te hello Disabled by default. extension. Enable MPLS RSVP-TE GR. mpls rsvp-te graceful-restart Disabled by default. Optional. Set the RSVP-TE GR restart mpls rsvp-te timer graceful-restart timer. restart restart-time 120 seconds by default. Optional.

  • Page 125: Configuring Cr-Lsp Reoptimization

    Suppose the affinity of an MPLS TE tunnel is 0xFFFFFFFF and the mask is 0x0000FFFF. For a link to be used by the tunnel, the leftmost 16 bits of its administrative group attribute can be 0s or 1s, but at least one of the rest bits must be 1.

  • Page 126: Tuning Mpls Te Tunnel Setup

    Step Command Remarks Perform reoptimization on all MPLS TE tunnels with reoptimization mpls te reoptimization Optional. enabled. Tuning MPLS TE tunnel setup This section only covers the configuration tasks for tuning MPLS TE tunnel setup. The configurations described in this section must be used together with a dynamic signaling protocol (such as RSVP-TE).

  • Page 127: Assigning Priorities To A Tunnel

    To configure tunnel setup retry: Step Command Remarks Enter system view. system-view Enter MPLS TE tunnel interface interface tunnel tunnel-number view. Optional. Configure maximum number mpls te retry times of tunnel setup retries. The default is 10. Optional. Configure the tunnel setup mpls te timer retry seconds retry interval.

  • Page 128: Forwarding Traffic Along Mpls Te Tunnels Through Automatic Route Advertisement

    Step Command Remarks ip route-static dest-address { mask The interface-type argument must | mask-length } interface-type be tunnel, and the preference interface-number value must be set. Create a static route for [ gateway-address ] | vpn-instance forwarding traffic along an For more information about the d-vpn-instance-name MPLS TE tunnel.

  • Page 129: Configuring Traffic Forwarding Tuning Parameters

    Configuring forwarding adjacency To make forwarding adjacency take effect, create a bi-directional MPLS TE tunnel and enable forwarding adjacency at both ends of the tunnel. To configure forwarding adjacency: Step Command Remarks Enter system view. system-view Enter MPLS TE tunnel interface interface tunnel tunnel-number view.

  • Page 130: Specifying The Link Metric Type For Tunnel Path Calculation

    Specifying the link metric type for tunnel path calculation To specify the metric type for tunnel path calculation: Step Command Remarks Enter system view. system-view Enter MPLS view. mpls Specify the metric type to use Optional. when no metric type is mpls te path metric-type { igp | te } TE metrics of links are used by explicitly configured for a...

  • Page 131: Configuring Cr-Lsp Backup

    Configuring CR-LSP backup CR-LSP backup provides end-to-end path protection to protect the entire LSP. Before you configure CR-LSP backup, complete the following tasks: • Configure basic MPLS Configure basic MPLS TE • Configure MPLS TE tunnels • Configure CR-LSP backup mode at the ingress node of a tunnel. The system automatically selects the primary LSP and backup LSP.

  • Page 132: Enabling Frr On The Headend Of A Primary Lsp

    Establish an MPLS TE tunnel with RSVP-TE. • • Set up primary LSPs. Enabling FRR on the headend of a primary LSP Step Command Remarks Enter system view. system-view Enter tunnel interface view of interface tunnel tunnel-number the primary LSP. Disabled by default.

  • Page 133: Configuring Node Protection

    Step Command Remarks Enter interface view of the interface interface-type outgoing interface of the interface-number protected LSP. Bind the bypass tunnel with mpls te fast-reroute bypass-tunnel the protected interface. tunnel tunnel-number Configuring node protection RSVP hello extension is configured to detect node failures caused by problems such as signaling error other than failures caused by link failures.

  • Page 134: Inspecting An Mpls Te Tunnel

    Inspecting an MPLS TE tunnel On an MPLS TE network, when an MPLS TE tunnel fails, the control plane cannot detect the failure or cannot do so in time. This brings difficulty to network maintenance. To detect MPLS TE tunnel failures in time and locate the failed node, the device provides the following mechanisms: MPLS LSP ping •...
  • Page 135 BFD control packet received from the egress. Upon detecting an MPLS TE tunnel failure, BFD triggers protection switching to switch traffic to another tunnel. A BFD session for MPLS TE tunnel detection can be static or dynamic. Static—If you specify the local and remote discriminator values by using the discriminator keyword •...

  • Page 136: Configuring Periodic Lsp Tracert For An Mpls Te Tunnel

    Step Command Remarks By default, LSP verification is disabled. Enable LSP verification and mpls lspv For more information about the enter MPLS LSPV view. mpls lspv command, see MPLS Command Reference. Return to system view. quit Enter the tunnel interface view interface tunnel tunnel-number of an MPLS TE tunnel.

  • Page 137: Configuring Protection Switching

    Step Command Remarks Configure MPLS TE to tear Optional. down a failed RSVP TE tunnel mpls te failure-action teardown Not configured by default. and reestablish it. Configuring protection switching Before you configure protection switching, complete the following tasks: Configure basic MPLS •...
  • Page 138 Task Command Remarks display mpls rsvp-te established [ interface interface-type Display the RSVP-TE tunnel interface-number ] [ | { begin | Available in any view information. exclude | include } regular-expression ] display mpls rsvp-te peer [ interface interface-type Display RSVP-TE neighbors. interface-number ] [ | { begin | Available in any view exclude | include }...
  • Page 139 Task Command Remarks display mpls te tunnel [ destination dest-addr ] [ lsp-id lsr-id lsp-id ] [ lsr-role { all | egress | ingress | remote | transit } ] [ name name ] Display information about MPLS TE [ { incoming-interface | Available in any view tunnels.

  • Page 140: Mpls Te Configuration Examples

    Task Command Remarks display isis traffic-eng statistics [ process-id | vpn-instance Display statistics about TE for IS-IS. vpn-instance-name ] [ | { begin | Available in any view exclude | include } regular-expression ] display tunnel-info { tunnel-id | all Display information about tunnels.
  • Page 141 Enable IS-IS to advertise host routes with LSR IDs as destinations: # Configure Switch A. <SwitchA> system-view [SwitchA] isis 1 [SwitchA-isis-1] network-entity 00.0005.0000.0000.0001.00 [SwitchA-isis-1] quit [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] isis enable 1 [SwitchA-Vlan-interface1] quit [SwitchA] interface loopback 0 [SwitchA-LoopBack0] isis enable 1 [SwitchA-LoopBack0] quit # Configure Switch B.
  • Page 142 3.2.1.0/24 ISIS 2.1.1.2 Vlan1 3.3.3.3/32 ISIS 2.1.1.2 Vlan1 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configure basic MPLS TE: # Configure Switch A. [SwitchA] mpls lsr-id 3.3.3.3 [SwitchA] mpls [SwitchA-mpls] mpls te [SwitchA-mpls] quit [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] mpls [SwitchA-Vlan-interface1] mpls te [SwitchA-Vlan-interface1] quit...
  • Page 143 # Configure Switch A as the ingress node of the static CR-LSP. [SwitchA] static-cr-lsp ingress Tunnel0 destination 3.3.3.3 nexthop 2.1.1.2 out-label # Configure Switch B as the transit node of the static CR-LSP. [SwitchB] static-cr-lsp transit tunnel0 incoming-interface Vlan-interface1 in-label 20 nexthop 3.2.1.2 out-label 30 # Configure Switch C as the egress node of the static CR-LSP.

  • Page 144: Mpls Te Using Rsvp-Te Configuration Example

    3.3.3.3/32 NULL/20 -/Vlan1 [SwitchB] display mpls lsp ------------------------------------------------------------------ LSP Information: STATIC CRLSP ------------------------------------------------------------------ In/Out Label In/Out IF Vrf Name 20/30 Vlan1/Vlan2 [SwitchC] display mpls lsp ------------------------------------------------------------------ LSP Information: STATIC CRLSP ------------------------------------------------------------------ In/Out Label In/Out IF Vrf Name 30/NULL Vlan1/- [SwitchA] display mpls static-cr-lsp total statics-cr-lsp : 1 Name I/O Label...
  • Page 145 Figure 32 Network diagram Device Interface IP address Device Interface IP address Switch A Loop0 1.1.1.9/32 Switch D Loop0 4.4.4.9/32 Vlan-int1 10.1.1.1/24 Vlan-int3 30.1.1.2/24 Switch B Loop0 2.2.2.9/32 Switch C Loop0 3.3.3.9/32 Vlan-int1 10.1.1.2/24 Vlan-int3 30.1.1.1/24 Vlan-int2 20.1.1.1/24 Vlan-int2 20.1.1.2/24 Configuration procedure Assign IP addresses and masks to interfaces (see Figure...
  • Page 146 [SwitchB-Vlan-interface2] quit [SwitchB] interface loopback 0 [SwitchB-LoopBack0] isis enable 1 [SwitchB-LoopBack0] isis circuit-level level-2 [SwitchB-LoopBack0] quit # Configure Switch C. <SwitchC> system-view [SwitchC] isis 1 [SwitchC-isis-1] network-entity 00.0005.0000.0000.0003.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 3 [SwitchC-Vlan-interface3] isis enable 1 [SwitchC-Vlan-interface3] isis circuit-level level-2 [SwitchC-Vlan-interface3] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] isis enable 1...
  • Page 147 20.1.1.0/24 ISIS 10.1.1.2 Vlan1 30.1.1.0/24 ISIS 10.1.1.2 Vlan1 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configure basic MPLS TE, and enable RSVP-TE and CSPF: # Configure Switch A. [SwitchA] mpls lsr-id 1.1.1.9 [SwitchA] mpls [SwitchA-mpls] mpls te [SwitchA-mpls] mpls rsvp-te [SwitchA-mpls] mpls te cspf [SwitchA-mpls] quit...
  • Page 148 [SwitchC-Vlan-interface2] mpls te [SwitchC-Vlan-interface2] mpls rsvp-te [SwitchC-Vlan-interface2] quit # Configure Switch D. [SwitchD] mpls lsr-id 4.4.4.9 [SwitchD] mpls [SwitchD-mpls] mpls te [SwitchD-mpls] mpls rsvp-te [SwitchD-mpls] mpls te cspf [SwitchD-mpls] quit [SwitchD] interface vlan-interface 3 [SwitchD-Vlan-interface3] mpls [SwitchD-Vlan-interface3] mpls te [SwitchD-Vlan-interface3] mpls rsvp-te [SwitchD-Vlan-interface3] quit Configure IS-IS TE: # Configure Switch A.
  • Page 149 Verify the configuration: # Execute the display interface tunnel command on Switch A. You can see that the tunnel interface is up. [SwitchA] display interface tunnel Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 64000 Internet Address is 7.1.1.1/24 Primary Encapsulation is TUNNEL, service-loopback-group ID not set Tunnel source unknown, destination 4.4.4.9...

  • Page 150: Rsvp-Te Gr Configuration Example

    Auto BW Disabled Auto BW Freq : Min BW Max BW Current Collected BW: Interfaces Protected: VPN Bind Type NONE VPN Bind Value Car Policy Disabled Tunnel Group Primary Primary Tunnel Backup Tunnel Group Status Oam Status # Execute the display mpls te cspf tedb all command on Switch A to view information about links in TEDB.
  • Page 151 Configure basic MPLS TE, and enable RSVP-TE and RSVP hello extension: # Configure Switch A. <SwitchA> system-view [SwitchA] mpls lsr-id 1.1.1.9 [SwitchA] mpls [SwitchA-mpls] mpls te [SwitchA-mpls] mpls rsvp-te [SwitchA-mpls] mpls rsvp-te hello [SwitchA-mpls] interface vlan-interface 1 [SwitchA-Vlan-interface1] mpls [SwitchA-Vlan-interface1] mpls te [SwitchA-Vlan-interface1] mpls rsvp-te [SwitchA-Vlan-interface1] mpls rsvp-te hello [SwitchA-Vlan-interface1] quit...

  • Page 152: Mpls Rsvp-Te And Bfd Cooperation Configuration Example

    Configure IS-IS TE. (Details not shown.) Configure the MPLS TE tunnel. (Details not shown.) Configure RSVP-TE GR: # Configure Switch A. <SwitchA> system-view [SwitchA] mpls [SwitchA-mpls] mpls rsvp-te graceful-restart # Configure Switch B. <SwitchB> system-view [SwitchB] mpls [SwitchB-mpls] mpls rsvp-te graceful-restart # Configure Switch C.
  • Page 153 Configuration procedure Configure basic MPLS RSVP-TE: # Configure Switch A. <SwitchA> system-view [SwitchA] mpls lsr-id 1.1.1.1 [SwitchA] mpls [SwitchA-mpls] mpls te [SwitchA-mpls] mpls rsvp-te [SwitchA-mpls] quit [SwitchA] interface vlan-interface 12 [SwitchA-Vlan-interface12] mpls [SwitchA-Vlan-interface12] mpls te [SwitchA-Vlan-interface12] mpls rsvp-te [SwitchA-Vlan-interface12] mpls rsvp-te bfd enable [SwitchA-Vlan-interface12] quit # Configure Switch B.

  • Page 154: Cr-Lsp Backup Configuration Example

    [SwitchA-Vlan-interface12] ip address 12.12.12.1 24 [SwitchA-Vlan-interface12] quit # Configure Switch B. [SwitchB] interface vlan-interface 12 [SwitchB-Vlan-interface12] ip address 12.12.12.2 24 Configure the MPLS TE tunnel: # Configure an RSVP-TE tunnel between Switch A and Switch B. [SwitchA] interface tunnel 1 [SwitchA-Tunnel1] ip address 10.10.10.1 24 [SwitchA-Tunnel1] tunnel-protocol mpls te [SwitchA-Tunnel1] destination 2.2.2.2...
  • Page 155 Figure 35 Network diagram Switch A Switch B Switch C Loop0 Loop0 Loop0 Vlan-int1 Vlan-int2 Vlan-int1 Vlan-int2 Vlan-int4 Vlan-int3 Switch D Vlan-int4 Vlan-int3 Loop0 Device Interface IP address Device Interface IP address Switch A Loop0 1.1.1.9/32 Switch D Loop0 4.4.4.9/32 Vlan-int1 10.1.1.1/24 Vlan-int4...
  • Page 156 [SwitchA-Vlan-interface4] mpls te [SwitchA-Vlan-interface4] mpls rsvp-te [SwitchA-Vlan-interface4] quit # Follow the same steps to configure Switch B, Switch C, and Switch D. (Details not shown.) Create an MPLS TE tunnel on Switch A: # Configure the MPLS TE tunnel carried on the primary LSP. [SwitchA] interface tunnel 1 [SwitchA-Tunnel1] ip address 9.1.1.1 24 [SwitchA-Tunnel1] tunnel-protocol mpls te...
  • Page 157 Hop Information Hop 0 10.1.1.1 Hop 1 10.1.1.2 Hop 2 2.2.2.9 Hop 3 20.1.1.1 Hop 4 20.1.1.2 Hop 5 3.3.3.9 Tunnel Interface Name : Tunnel1 Lsp ID : 1.1.1.9 :2054 Hop Information Hop 0 30.1.1.1 Hop 1 30.1.1.2 Hop 2 4.4.4.9 Hop 3 40.1.1.1...

  • Page 158: Frr Configuration Example

    FRR configuration example Network requirements On a primary LSP Switch A Switch B Switch C Switch D, use FRR to protect the link Switch B → → → → Switch C. Create a bypass LSP that traverses the path Switch B Switch Switch C.
  • Page 159 2.2.2.2/32 ISIS 2.1.1.2 Vlan1 3.1.1.0/24 ISIS 2.1.1.2 Vlan1 3.2.1.0/24 ISIS 2.1.1.2 Vlan1 3.3.1.0/24 ISIS 2.1.1.2 Vlan1 3.3.3.3/32 ISIS 2.1.1.2 Vlan1 4.1.1.0/24 ISIS 2.1.1.2 Vlan1 4.4.4.4/32 ISIS 2.1.1.2 Vlan1 5.5.5.5/32 ISIS 2.1.1.2 Vlan1 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configure basic MPLS TE, and enable RSVP-TE and CSPF:...
  • Page 160 # Create an explicit path for the primary LSP. [SwitchA] explicit-path pri-path [SwitchA-explicit-path-pri-path] next hop 2.1.1.2 [SwitchA-explicit-path-pri-path] next hop 3.1.1.2 [SwitchA-explicit-path-pri-path] next hop 4.1.1.2 [SwitchA-explicit-path-pri-path] next hop 4.4.4.4 [SwitchA-explicit-path-pri-path] quit # Configure the MPLS TE tunnel carried on the primary LSP. [SwitchA] interface tunnel 4 [SwitchA-Tunnel4] ip address 10.1.1.1 255.255.255.0 [SwitchA-Tunnel4] tunnel-protocol mpls te...
  • Page 161 Signaling Prot RSVP Resv Style Class Type Tunnel BW 0 kbps Reserved BW 0 kbps Setup Priority Hold Priority: Affinity Prop/Mask Explicit Path Name pri-path Tie-Breaking Policy : None Metric Type None Record Route Enabled Record Label : Enabled FRR Flag Enabled BackUpBW Flag: Not Supported...
  • Page 162 Execute the display mpls lsp command on each switch. You can see that two LSPs are traversing Switch B and Switch C. [SwitchA] display mpls lsp ------------------------------------------------------------------ LSP Information: RSVP LSP ------------------------------------------------------------------ In/Out Label In/Out IF Vrf Name 4.4.4.4/32 NULL/1024 -/Vlan1 [SwitchB] display mpls lsp ------------------------------------------------------------------...
  • Page 163 LSP-Id Destination In/Out-If Name 1.1.1.1:1 4.4.4.4 Vlan3/- Tunnel4 [SwitchE] display mpls te tunnel LSP-Id Destination In/Out-If Name 2.2.2.2:1 3.3.3.3 Vlan4/Vlan5 Tunnel5 Execute the display mpls lsp verbose command on Switch B. You can see that the bypass tunnel is bound with the protected interface VLAN-interface 2 and is currently unused. [SwitchB] display mpls lsp verbose ------------------------------------------------------------------- LSP Information: RSVP LSP...
  • Page 164 # Execute the display interface tunnel 4 command on Switch A to identify the state of the primary LSP. You can see that the tunnel interface is still up. # Execute the display mpls te tunnel-interface command on Switch A to verify the configuration of the tunnel interface.
  • Page 165 Admin State Oper State Modified Ingress LSR ID 1.1.1.1 Egress LSR ID: 4.4.4.4 Signaling Prot RSVP Resv Style Class Type Tunnel BW 0 kbps Reserved BW 0 kbps Setup Priority Hold Priority: Affinity Prop/Mask 0x0/0x0 Explicit Path Name pri-path Tie-Breaking Policy : None Metric Type None...

  • Page 166: Mpls Te In Mpls L3Vpn Configuration Example

    In-Interface Vlan-interface1 Out-Interface Vlan-interface2 LspIndex 4097 Tunnel ID 0x22001 LsrType Transit Bypass In Use In Use BypassTunnel Tunnel Index[Tunnel5], InnerLabel[1024] IngressLsrID 2.2.2.2 LocalLspID Tunnel-Interface Tunnel5 3.3.3.3/32 Nexthop 3.2.1.2 In-Label NULL Out-Label 1024 In-Interface ---------- Out-Interface Vlan-interface4 LspIndex 4098 Tunnel ID 0x22002 LsrType Ingress...
  • Page 167 To allow the MPLS L3VPN traffic to travel the TE tunnel, configure a tunneling policy to use a CR-LSP • as the VPN tunnel when creating the VPN. Figure 37 Network diagram Configuration procedure Configure OSPF, making sure that PE 1 and PE 2 can learn LSR-ID routes from each other: # Configure PE 1.
  • Page 168 After you complete the configuration, the PEs establish an OSPF neighborship. Execute the display ospf peer verbose command. You will see that the neighborship state is FULL. Execute the display ip routing-table command. You will see that the PEs have learned the routes to the loopback interfaces of each other.
  • Page 169 [PE2-Vlan-interface2] mpls [PE2-Vlan-interface2] mpls te [PE2-Vlan-interface2] mpls rsvp-te [PE2-Vlan-interface2] quit Enable OSPF TE: # Configure PE 1. [PE1] ospf [PE1-ospf-1] opaque-capability enable [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] mpls-te enable [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure PE 2. [PE2] ospf [PE2-ospf-1] opaque-capability enable [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] mpls-te enable [PE2-ospf-1-area-0.0.0.0] quit...
  • Page 170 [PE1] interface vlan-interface 1 [PE1-Vlan-interface1] ip binding vpn-instance vpn1 [PE1-Vlan-interface1] ip address 192.168.1.1 255.255.255.0 [PE1-Vlan-interface1] quit # Configure on CE 2. <CE2> system-view [CE2] interface vlan-interface 3 [CE2-Vlan-interface3] ip address 192.168.2.2 255.255.255.0 [CE2-Vlan-interface3] quit # Configure the VPN instance on PE 2, and bind it with the interface connected to CE 2. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 100:2 [PE2-vpn-instance-vpn1] vpn-target 100:1 both...
  • Page 171 # Configure CE 1. [CE1] bgp 65001 [CE1-bgp] peer 192.168.1.1 as-number 100 [CE1-bgp] quit # Configure PE 1 to establish the EBGP peer relationship with CE 1, and the IBGP peer relationship with PE 2. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 192.168.1.2 as-number 65001 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit...
  • Page 172 192.168.1.2 4 65001 00:02:13 Established Ping CE 2 on CE 1 and vice versa to test connectivity. [CE1] ping 192.168.2.2 PING 192.168.2.2: 56 data bytes, press CTRL_C to break Reply from 192.168.2.2: bytes=56 Sequence=1 ttl=253 time=61 ms Reply from 192.168.2.2: bytes=56 Sequence=2 ttl=253 time=54 ms Reply from 192.168.2.2: bytes=56 Sequence=3 ttl=253 time=53 ms Reply from 192.168.2.2: bytes=56 Sequence=4 ttl=253 time=57 ms Reply from 192.168.2.2: bytes=56 Sequence=5 ttl=253 time=36 ms...
  • Page 173 BypassTunnel Tunnel Index[---] ------------------------------------------------------------------ LSP Information: BGP ------------------------------------------------------------------ VrfIndex vpn1 192.168.1.0/24 Nexthop 192.168.1.1 In-Label 1024 Out-Label NULL In-Interface ---------- Out-Interface ---------- LspIndex 8193 Tunnel ID LsrType Egress Outgoing Tunnel ID Label Operation ------------------------------------------------------------------ LSP Information: LDP LSP ------------------------------------------------------------------ VrfIndex 2.2.2.2/32 Nexthop 127.0.0.1 In-Label...

  • Page 174: Troubleshooting Mpls Te

    # Execute the display interface tunnel command on PE 1. The output shows that traffic is being forwarded along the CR-LSP of the TE tunnel. [PE1] display interface tunnel 1 Tunnel1 current state: UP Line protocol current state: UP Description: Tunnel1 Interface The Maximum Transmit Unit is 1500 Internet Address is 12.1.1.1/24 Primary Encapsulation is TUNNEL, service-loopback-group ID not set...

  • Page 175: Configuring Vpls

    Configuring VPLS This chapter describes how to configure VPLS. The S5500-28SC-HI and S5500-52SC-HI switches do not support VPLS. VPLS overview Virtual Private LAN Service (VPLS), also called "Transparent LAN Service (TLS)" or "virtual private switched network service," can deliver a point-to-multipoint L2VPN service over public networks. With VPLS, geographically-dispersed sites can interconnect and communicate over MAN or WAN as if they were on the same LAN.

  • Page 176: Pw Establishment

    Forwarders—A forwarder functions as the VPLS forwarding table. Once a PE receives a packet • from an AC, the forwarder selects a PW for forwarding the packet. Tunnel—A tunnel, usually an MPLS tunnel, is a direct channel between a local PE and the peer PE •...

  • Page 177: Mac Address Learning And Flooding

    MAC address learning and flooding VPLS provides reachability by MAC address learning. Each PE maintains a MAC address table. Source MAC address learning • MAC address learning includes the following parts: Remote MAC address learning associated with PWs A PW consists of two unidirectional VC LSPs. A PW is up only when both of the VC LSPs are up.

  • Page 178: Vpls Loop Avoidance

    contains a null MAC address TLV list, these PEs remove all MAC addresses from the specified VSI, except for those learned from the PW that sent the message. MAC address aging • Remote MAC addresses learned by a PE that are related to VC labels but no longer in use must be aged out by an aging mechanism.

  • Page 179: H-Vpls Implementation

    the PE adds the VLAN tag expected by the peer PE or a null tag, and then a PW label and a tunnel label into the packet before sending the packet out. For a packet to be sent downstream, the PE rewrites, removes, or retains the service delimiter depending on your configuration.
  • Page 180 H-VPLS with QinQ access Figure 41 H-VPLS with QinQ access As shown in Figure 41, MTU is a standard bridging device and QinQ is enabled on its interfaces connected to CEs. Data forwarding in H-VPLS with QinQ access is as follows: Upon receiving a packet from a CE, MTU labels the packet with a VLAN tag as the multiplex distinguishing flag, and transparently sends the packet to PE 1 through the QinQ tunnel.

  • Page 181: Vpls Configuration Task List

    The H-VPLS with LSP access activates the backup link when: • The tunnel over which the primary PW is established is deleted, causing the PW to go down. BFD detects a primary link failure. • The LDP session between the peers of the primary PW goes down, and the PW is deleted as a •...

  • Page 182: Configuring An Ldp Vpls Instance

    Configuring an LDP VPLS instance When creating an LDP VPLS instance, perform the following configurations: Specify a globally unique name for the VPLS instance and set the peer discovery mechanism to manual configuration. Configure LDP as the PW signaling protocol. Specify the ID of the VPLS instance.

  • Page 183: Configuring Bgp Vpls

    Step Command Remarks Return to VSI LDP view. quit Optional. Enable the PW switchover dual-npe revertive [ wtr-time function By default, PW switchover is wtr-time ] switchover delay time. disabled. Configuring BGP VPLS Before you configure BGP VPLS, complete the following tasks: •...

  • Page 184: Resetting Vpls Bgp Connections

    Step Command Create a site for the VPLS instance. site site-id [ range site-range ] [ default-offset { 0 | 1 } ] Resetting VPLS BGP connections When the BGP routing policy or protocol is changed, reset BGP connections in a VPLS to make the new configurations take effect to the VPLS connections.

  • Page 185: Configuring Mac Address Learning

    Configuring MAC address learning Step Command Remarks Enter system view. system-view Enter VSI view. vsi vsi-name Enable disable Optional. address learning for the VPLS mac-learning { enable | disable } Enabled by default. instance. Configuring MAC address move When MAC address move is enabled on a PE, the source MAC address of a packet incoming from a port that is different from the port in the existing MAC entry that contains the source MAC address is added into the MAC address table of the VPLS instance of the incoming port.

  • Page 186: Inspecting Pws

    Step Command Remarks Optional. By default, no tunneling policy is specified for a VPLS instance and a VPLS instance uses the default tunneling policy. The default Specify a tunneling policy for tunneling policy selects only one tnl-policy tunnel-policy-name the VPLS instance. tunnel in this order: LSP tunnel, CR-LSP tunnel.

  • Page 187: Vpls Configuration Examples

    Task Command Remarks display vpls connection [ bgp | ldp | static | vsi vsi-name ] [ block | Display information about VPLS down | up ] [ verbose ] [ | { begin Available in any view connections. | exclude | include } regular-expression ] display mpls l2vpn fib ac vpls [ vsi vsi-name | interface interface-type...
  • Page 188 Configure service instance 1000 to match packets that are received on GigabitEthernet 1/0/1 and • carry the VLAN tag of 100. Bind service instance 1000 to VPLS instance aaa. Configure service instance 2000 to match packets that are received on GigabitEthernet 1/0/1 and •...
  • Page 189 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 23.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure BGP extensions. [PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0 [PE1-bgp] vpls-family [PE1-bgp-af-vpls] peer 3.3.3.9 enable [PE1-bgp-af-vpls] quit [PE1-bgp] quit # Configure the basic attributes of VPLS instance aaa, which uses LDP.
  • Page 190 [P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit # Enable LDP globally. [P] mpls ldp [P-mpls-ldp] quit # Configure the interface connected to PE 1 and enable LDP on the interface. [P] interface vlan-interface 2 [P-Vlan-interface2] ip address 23.1.1.2 24 [P-Vlan-interface2] mpls [P-Vlan-interface2] mpls ldp [P-Vlan-interface2] quit...
  • Page 191 # Configure the interface connected to the P device and enable LDP on the interface. [PE2] interface vlan-interface 3 [PE2-Vlan-interface3] ip address 26.2.2.1 24 [PE2-Vlan-interface3] mpls [PE2-Vlan-interface3] mpls ldp [PE2-Vlan-interface3] quit # Configure OSPF. [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 26.2.2.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit...

  • Page 192: Configuring Pw Redundancy For H-Vpls Access

    [PE2-GigabitEthernet1/0/1] quit Verify the configuration: Issue the display vpls connection command on the PEs. The output shows that a PW connection in up state has been established. Take PE 2 as an example: [PE2] display vpls connection vsi aaa verbose VSI Name: aaa Signaling: ldp **Remote Vsi ID...
  • Page 193 Configure UPE: # Configure basic MPLS. <Sysname> system-view [Sysname] sysname UPE [UPE] interface loopback 0 [UPE-LoopBack0] ip address 1.1.1.1 32 [UPE-LoopBack0] quit [UPE] mpls lsr-id 1.1.1.1 [UPE] mpls [UPE-mpls] quit [UPE] mpls ldp [UPE-mpls-ldp] quit # Configure an IP address for the interface connected to NPE 1, and enable MPLS and MPLS LDP. [UPE] interface vlan-interface 12 [UPE-Vlan-interface12] ip address 12.1.1.1 24 [UPE-Vlan-interface12] mpls...
  • Page 194 [UPE-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 10 [UPE-GigabitEthernet1/0/1-srv1000] xconnect vsi aaa [UPE-GigabitEthernet1/0/1-srv1000] quit # On the interface connected to CE 2, create a service instance and bind the VSI. [UPE] interface gigabitethernet 1/0/2 [UPE-GigabitEthernet1/0/2] service-instance 1000 [UPE-GigabitEthernet1/0/2-srv1000] encapsulation s-vid 11 [UPE-GigabitEthernet1/0/2-srv1000] xconnect vsi aaa [UPE-GigabitEthernet1/0/2-srv1000] quit Configure NPE 1: # Configure basic MPLS.
  • Page 195 [NPE1] vsi aaa static [NPE1-vsi-aaa] pwsignal ldp [NPE1-vsi-aaa-ldp] vsi-id 500 [NPE1-vsi-aaa-ldp] peer 1.1.1.1 upe [NPE1-vsi-aaa-ldp] peer 4.4.4.4 [NPE1-vsi-aaa-ldp] quit [NPE1-vsi-aaa] quit The configuration procedure on NPE 2 is similar to that on NPE 1. (Details not shown.) Configure NPE 3: # Configure basic MPLS.

  • Page 196: Configuring Bfd For The Primary Link In An H-Vpls Network

    [NPE3-vsi-aaa-ldp] peer 2.2.2.2 [NPE3-vsi-aaa-ldp] peer 3.3.3.3 [NPE3-vsi-aaa-ldp] quit [NPE3-vsi-aaa] quit # Create service instance on GigabitEthernet 1/0/1, the interface connecting CE 3, and bind the VPLS instance. [NPE3] interface gigabitethernet 1/0/1 [NPE3-GigabitEthernet1/0/1] service-instance 1000 [NPE3-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 10 [NPE3-GigabitEthernet1/0/1-srv1000] xconnect vsi aaa [NPE3-GigabitEthernet1/0/1-srv1000] quit After you complete the previous settings, execute the display vpls connection command on the PEs.
  • Page 197 [SwitchA-mpls-ldp] quit [SwitchA] mpls ldp remote-peer switchb [SwitchA-mpls-ldp-remote-switchb] remote-ip 2.2.2.9 [SwitchA-mpls-ldp-remote-switchb] remote-ip bfd [SwitchA-mpls-ldp-remote-switchb] quit [SwitchA] mpls ldp remote-peer switchc [SwitchA-mpls-ldp-remote-switchc] remote-ip 3.3.3.9 [SwitchA-mpls-ldp-remote-switchc] remote-ip bfd [SwitchA-mpls-ldp-remote-switchc] quit [SwitchA] vlan 12 [SwitchA-vlan12] port gigabitethernet 1/0/2 [SwitchA-vlan12] quit [SwitchA] vlan 13 [SwitchA-vlan13] port gigabitethernet 1/0/1 [SwitchA-vlan13] quit [SwitchA] interface vlan-interface 12...
  • Page 198 [SwitchC] mpls ldp remote-peer switcha [SwitchC-mpls-ldp-remote-switcha] remote-ip 1.1.1.9 [SwitchC-mpls-ldp-remote-switcha] remote-ip bfd [SwitchC-mpls-ldp-remote-switcha] quit [SwitchC] vlan 13 [SwitchC-vlan13] port gigabitethernet 1/0/1 [SwitchC-vlan13] quit [SwitchC] interface vlan-interface 13 [SwitchC-Vlan-interface13] mpls [SwitchC-Vlan-interface13] mpls ldp [SwitchC-Vlan-interface13] quit Configure related interfaces on the switches: # Configure Switch A. [SwitchA] interface vlan-interface 12 [SwitchA-Vlan-interface12] ip address 12.1.1.1 24 [SwitchA-Vlan-interface12] quit...
  • Page 199 [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 12.1.1.2 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit # Configure Switch C. [SwitchC] ospf [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 13.1.1.3 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit Configure a VPLS instance for each switch: # Configure Switch A.
  • Page 200 [SwitchC-vsi-vpna-ldp] quit [SwitchC-vsi-vpna] quit Verify the configuration: # Use the display bfd session verbose command to display information about the BFD sessions from Switch A to its neighbors. <SwitchA> display bfd session verbose Total Session Num: 2 Init Mode: Active Session Working Under Ctrl Mode: Local Discr: 21 Remote Discr: 20...

  • Page 201: Troubleshooting Vpls

    connection(s): 1 up, 0 block, 0 down VSI Name: vpna Signaling: ldp VsiID VsiType PeerAddr InLabel OutLabel LinkID VCState vlan 3.3.3.9 134216 140476 The output shows that the link to 3.3.3.9 is up. Troubleshooting VPLS Symptom The VPLS PW is not up. Analysis The public network LSP tunnel is not established.

  • Page 202: Configuring Mpls L2Vpn

    Configuring MPLS L2VPN This chapter describes how to configure MPLS L2VPN. The S5500-28SC-HI and S5500-52SC-HI switches do not support MPLS L2VPN. MPLS L2VPN overview MPLS L2VPN is an MPLS-based Layer 2 VPN technology. It uses MPLS to establish Layer 2 connections between network nodes.

  • Page 203: Mpls L2Vpn Network Models

    Provider device—P devices do not directly connect to CEs. They only need to forward user packets • between PEs along the public tunnel. MPLS L2VPN network models MPLS L2VPN network models include remote connection model and local connection model. Remote connection model As shown in Figure 46, this model connects two Layer 2 customer networks over an MPLS or IP backbone.
  • Page 204 If multiple public tunnels exist between two PEs, you can configure a tunneling policy to control tunnel selection. For more information about tunneling policy, see "Configuring MPLS L3VPN." Set up a VC to identify customer networks. To set up a VC, the two PEs assign VC labels to each other to set up a pair of unidirectional LSPs in opposite directions.

  • Page 205: Implementation Of Mpls L2Vpn

    After PE 2 receives the packet from the public tunnel, it identifies the VC to which the packet belongs according to the VC label of the packet, deletes the tunnel tag and the VC label from the packet, and then forwards the resulting packet to CE 2 through the AC bound to the VC. This packet forwarding process is not applicable to the CCC mode of MPLS L2VPN.
  • Page 206 Martini MPLS L2VPN Martini MPLS L2VPN employs two levels of labels to transfer user packets, and uses LDP as the signaling protocol to distribute the inner VC label. To exchange VC labels between PEs, Martini extended LDP by adding the VC FEC. The VC FEC contains the following information: VC type—Encapsulation type of the VC.
  • Page 207 In a word, route target attributes define which PEs can receive L2VPN information, and from which PEs that a PE can receive L2VPN information. Different from Martini mode, the Kompella mode does not distribute the VC label assigned by the local PE directly to the peer PE through the signaling protocol.
  • Page 208 PE 1 compares the ID (12) of the peer CE (CE 12) with the label blocks assigned by PE 1. If a label block satisfies LO<=CE ID<LO+LR, PE 1 assigns a label from the label block. In this example, label block 2 (1055/5/10) satisfies LO<=CE ID<LO+LR (5<=12<5+10).
  • Page 209 Table 1 compares the implementation modes of MPLS L2VPN. Table 1 Comparing the MPLS L2VPN implication modes VC label encapsulation Application Mode Advantages and disadvantages and distribution scenario Advantages: • Requires no signaling protocol and occupies few network resources. • Network devices only need to support MPLS.

  • Page 210: Vc Types

    VC types Before encapsulating Layer 2 packets with VC labels, PEs process the Layer 2 packets of different link layer protocols in different manners. A VC type identifies the mode in which a PE processes the Layer 2 packet on the VC. VC types and AC (PE-CE link) types are closely related. An Ethernet link can work with the following VC types: Ethernet—P-Tag is not transferred on a PW.

  • Page 211: Configuring Basic Mpls L2Vpn

    Task Remarks Required. Configuring a PE-CE interface of a PE Perform this task to set up an AC between a PE and a Configuring a remote CCC connection Use one of the approaches according to the MPLS Configuring SVC MPLS L2VPN L2VPN implementation method.

  • Page 212: Configuring Vlan Encapsulation

    Configuring VLAN encapsulation When you configure Martini MPLS L2VPN for a service instance, you can specify the encapsulation type for the PE-CE interface. When you configure MPLS L2VPN other than the Martini mode, you can only use the default encapsulation type on the PE-CE interface. By default, a VLAN interface uses VLAN encapsulation (the VLAN interface and the CE must reside in the same VLAN).

  • Page 213: Configuring Martini Mpls L2Vpn

    SVC supports these tunnel types: LDP LSP and CR-LSP. By default, LDP LSP tunnels are used. After you configure SVC on a Layer 3 interface (Layer 3 Ethernet interface or VLAN interface), packets arriving at this interface are forwarded over the VC. If the Layer 3 interface is a VLAN interface, all packets carrying the tag of the VLAN are forwarded over the VC, no matter which Layer 2 Ethernet ports that the packets arrive at.

  • Page 214: Configuring The Remote Peer

    users connected to the same VLAN interface must use different VCs to forward packets. For more information about service instances, see "Configuring VPLS." NOTE: Service instances can be created only on Layer 2 Ethernet interfaces or Layer 2 aggregate interfaces. Configuring the remote peer Step Command...
  • Page 215 Step Command Remarks Enter system view. system-view Optional. Create a PW class and enter pw-class pw-class-name PW class view. By default, no PW class is created. Optional. Specify the VC encapsulation trans-mode { ethernet | vlan } type. VLAN by default. Optional.

  • Page 216: Inspecting Vcs

    Inspecting VCs On a MPLS L2VPN network, you can use the MPLS LSP ping function to test the connectivity of VCs and get necessary information for troubleshooting VC failures On the local PE, the MPLS LSP ping function adds the label of the VC to be tested into MPLS Echo Request messages so the messages travel along the VC.

  • Page 217: Creating And Configuring An Mpls L2Vpn

    The mtu command affects only parameter negotiations, Set the Layer 2 MTU for the if any. It does not affect data mtu mtu MPLS L2VPN. forwarding. H3C does not recommend using this command. Creating a CE connection Configuration parameters and guidelines •...
  • Page 218 CE with an ID of "previous connection CE ID+2." When you plan a VPN, H3C recommends that you set CE IDs in incremental sequence and then configure connections in the sequence of the CE IDs, in which case you can omit the ce-offset keyword (use the default setting) for most of the connections.

  • Page 219: Displaying And Maintaining Mpls L2Vpn

    Step Command Remarks The ce-offset ce-id option determines whether the connection is a local connection or a remote connection. If the specified CE is connected to the same PE as the local CE, the connection is local connection. Otherwise, connection [ ce-offset ce-id ] interface Create Kompella the connection is a remote...

  • Page 220: Mpls L2Vpn Configuration Examples

    Task Command Remarks display mpls l2vpn connection [ vpn-name vpn-name [ remote-ce ce-id | down | up | verbose ] | Display information about summary | interface interface-type Available in any view Kompella VCs. interface-number ] [ | { begin | exclude | include } regular-expression ] display bgp l2vpn { all | group...
  • Page 221 Figure 53 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan-int10 100.1.1.1/24 CE 2 Vlan-int10 100.1.1.2/24 PE 1 Loop0 10.0.0.1/32 Loop0 10.0.0.2/32 Vlan-int30 10.1.1.1/24 Vlan-int20 10.2.2.2/24 PE 2 Loop0 10.0.0.3/32 Vlan-int30 10.1.1.2/24 Vlan-int20 10.2.2.1/24 Configuration considerations The following steps are required: Create remote CCC connections on the PEs.
  • Page 222 [PE1-Vlan-interface30] ip address 10.1.1.1 24 [PE1-Vlan-interface30] mpls [PE1-Vlan-interface30] quit # Create a remote connection from CE 1 to CE 2, using the interface connected to CE 1 as the incoming interface and that connecting the P device as the outgoing interface, setting the incoming label to 100 and the outgoing label to 200.
  • Page 223 [PE2-l2vpn] quit # Configure interface VLAN-interface 10. [PE2] interface vlan-interface 10 [PE2-Vlan-interface10] quit # Configure interface VLAN-interface 20 and enable MPLS. [PE2] interface vlan-interface 20 [PE2-Vlan-interface20] ip address 10.2.2.1 24 [PE2-Vlan-interface20] mpls [PE2-Vlan-interface20] quit # Create a remote connection from CE 2 to CE 1, using the interface connected to CE 2 as the incoming interface and that connecting the P device as the outgoing interface, setting the incoming label to 201 and the outgoing label to 101.

  • Page 224: Example For Configuring Svc Mpls L2Vpn

    Example for configuring SVC MPLS L2VPN Network requirements CEs are connected to PEs through VLAN interfaces. Establish an SVC between CE 1 and CE 2, so CE 1 and CE 2 can exchange Layer 2 packets across the backbone. Figure 54 Network diagram PE 1 PE 2 Loop0...
  • Page 225 [PE1-LoopBack0] ip address 192.2.2.2 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 192.2.2.2 [PE1] mpls [PE1-mpls] quit # Enable L2VPN and MPLS L2VPN. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Enable LDP globally. [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure the interface connected with the P device, and enable LDP on the interface. [PE1] interface vlan-interface 20 [PE1-Vlan-interface20] ip address 10.1.1.1 24 [PE1-Vlan-interface20] mpls...
  • Page 226 [P-Vlan-interface20] mpls ldp [P-Vlan-interface20] quit # Configure the interface connected with PE 2, and enable LDP on the interface. [P] interface vlan-interface 30 [P-Vlan-interface30] ip address 10.2.2.2 24 [P-Vlan-interface30] mpls [P-Vlan-interface30] mpls ldp [P-Vlan-interface30] quit # Configure OSPF on the P device for establishing LSPs. [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255...

  • Page 227: Example For Configuring Martini Mpls L2Vpn

    # Create a static VC on the interface connected to CE 2. The interface requires no IP address. [PE2] interface vlan-interface 10 [PE2-Vlan-interface10] mpls static-l2vc destination 192.2.2.2 transmit-vpn-label 200 receive-vpn-label 100 [PE2-Vlan-interface10] quit Configure CE 2: # Configure an IP address for the interface connected to PE 2. <Sysname>...
  • Page 228 Figure 55 Network diagram PE 1 PE 2 Loop0 Loop0 Loop0 Vlan-int30 Vlan-int20 Vlan-int20 Vlan-int30 Vlan-int10 Vlan-int10 Maitini Vlan-int10 Vlan-int10 CE 2 CE 1 Device Interface IP address Device Interface IP address CE 1 Vlan-int10 100.1.1.1/24 CE 2 Vlan-int10 100.1.1.2/24 PE 1 Loop0 192.2.2.2/32...
  • Page 229 [PE1-mpls-ldp-remote-1] quit # Configure the interface connected with the P device, and enable LDP on the interface. [PE1] interface vlan-interface 20 [PE1-Vlan-interface20] ip address 10.1.1.1 24 [PE1-Vlan-interface20] mpls [PE1-Vlan-interface20] mpls ldp [PE1-Vlan-interface20] quit # Configure OSPF on PE 1 for establishing LSPs. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255...
  • Page 230 [P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit Configure PE 2: # Configure the LSR ID and enable MPLS globally. <Sysname> system-view [Sysname] sysname PE2 [PE2] interface loopback 0 [PE2-LoopBack0] ip address 192.3.3.3 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 192.3.3.3 [PE2] mpls...

  • Page 231: Example For Configuring Kompella Mpls L2Vpn

    <Sysname> system-view [Sysname] sysname CE2 [CE2] interface vlan-interface 10 [CE2-Vlan-interface10] ip address 100.1.1.2 24 Verify your configuration: # Display VC information on PE 1. The output shows that a VC has been established. [PE1] display mpls l2vc Total ldp vc : 1 1 up 0 down 0 blocked...
  • Page 232 Figure 56 Network diagram PE 1 PE 2 Loop0 Loop0 Loop0 Vlan-int20 Vlan-int30 Vlan-int20 Vlan-int30 Vlan-int10 Vlan-int10 Kompella Vlan-int10 Vlan-int10 CE 1 CE 2 Device Interface IP address Device Interface IP address CE 1 Vlan-int10 100.1.1.1/24 CE 2 Vlan-int10 100.1.1.2/24 PE 1 Loop0 2.2.2.2/32...
  • Page 233 [Sysname] sysname PE2 [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit [PE2] bgp 100 [PE2-bgp] peer 2.2.2.2 as-number 100 [PE2-bgp] peer 2.2.2.2 connect-interface loopback 0 [PE2-bgp] l2vpn-family [PE2-bgp-af-l2vpn] policy vpn-target [PE2-bgp-af-l2vpn] peer 2.2.2.2 enable [PE2-bgp-af-l2vpn] quit [PE2-bgp] quit After completing the configurations, issue the display bgp l2vpn peer command on PE 1 and PE 2 to view the peer relationship established between the PEs.

  • Page 234: Example For Configuring A Vc For A Service Instance

    1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id route-distinguisher intf 4.4.4.4 100:1 Vlan10 # Ping CE 2 from CE 1. The output shows that CE 1 and CE 2 can ping each other. [CE1] ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break...
  • Page 235 # Configure an IP address for the interface connected to PE 1. <Sysname> system-view [Sysname] sysname CE1 [CE1] interface vlan-interface 10 [CE1-Vlan-interface10] ip address 100.1.1.1 24 Configure PE 1: <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.2.2.2 32 [PE1-LoopBack0] quit # Configure the LSR ID and enable MPLS globally.
  • Page 236 Configure the P device: <Sysname> system-view [Sysname] sysname P [P] interface loopback 0 [P-LoopBack0] ip address 192.4.4.4 32 [P-LoopBack0] quit # Configure the MPLS LSR ID and enable MPLS globally. [P] mpls lsr-id 192.4.4.4 [P] mpls [P-mpls] quit # Enable LDP globally. [P] mpls ldp [P-mpls-ldp] quit # Configure the interface connected with PE 1 and enable LDP on the interface.
  • Page 237 # Enable LDP globally. [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure PE 2 to establish a remote LDP connection with PE 1. [PE2] mpls ldp remote-peer 2 [PE2-mpls-ldp-remote-2] remote-ip 192.2.2.2 [PE2-mpls-ldp-remote-2] quit # Configure the interface connected to the P device and enable LDP on the interface. [PE2] interface vlan-interface 26 [PE2-Vlan-interface26] ip address 26.2.2.1 24 [PE2-Vlan-interface26] mpls...

  • Page 238: Troubleshooting Mpls L2Vpn

    Transport Client Service Local Remote VC ID Intf State VC Label VC Label 1000 GE1/0/1 1000 8192 8193 # Ping CE 2 from CE 1. The output shows that CE 1 and CE 2 can ping each other. [CE1] ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 ms...

  • Page 239: Configuring Mpls L3Vpn

    Configuring MPLS L3VPN The S5500-28SC-HI and S5500-52SC-HI switches do not support MPLS L3VPN. This chapter describes only MPLS L3VPN related information. For information about basic MPLS configuration, see "Configuring basic MPLS." For information about BGP, see Layer 3—IP Routing Configuration Guide. The term "router"...

  • Page 240: Mpls L3Vpn Concepts

    A CE is usually a router. After a CE establishes adjacency with a directly connected PE, it advertises its VPN routes to the PE and learns remote VPN routes from the PE. A CE and a PE use BGP/IGP to exchange routing information.
  • Page 241 PEs use MP-BGP to advertise VPN routes, and use VPN-IPv4 address family to solve the problem with traditional BGP. A VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, followed by a 4-byte IPv4 address prefix. Figure 59 VPN-IPv4 address structure When a PE receives an ordinary IPv4 route from a CE, it must advertise the VPN route to the peer PE.
  • Page 242 In other words, route target attributes define which sites can receive VPN-IPv4 routes, and from which sites that a PE can receive routes. Like RDs, route target attributes can be of the following formats: 16-bit AS number:32-bit user-defined number. For example, 100:1. •...

  • Page 243: Mpls L3Vpn Packet Forwarding

    MPLS L3VPN packet forwarding For basic MPLS L3VPN applications in a single AS, VPN packets are forwarded with the following layers of labels: Layer 1 labels—Outer labels, used for label switching inside the backbone. They indicate LSPs from • the local PEs to the remote PEs. Based on Layer 1 labels, VPN packets can be label switched along the LSPs to the remote PEs.
  • Page 244 For this networking scheme, the basic VPN networking scheme, you must assign a route target to each VPN for identifying the export target attribute and import target attribute of the VPN. Moreover, this route target cannot be used by any other VPNs. Figure 61 Network diagram for basic VPN networking scheme Figure 61, for example, the route target for VPN 1 is 100:1 on the PEs, while that for VPN 2 is 200:1.
  • Page 245 Figure 62 Network diagram for hub and spoke networking scheme Figure 62, the spoke sites communicate with each other through the hub site. The arrows in the figure indicate the advertising path of routes from Site 2 to Site 1: The hub PE can receive all the VPN-IPv4 routes advertised by spoke PEs.

  • Page 246: Mpls L3Vpn Routing Information Advertisement

    Figure 63 Network diagram for extranet networking scheme Figure 63, VPN 1 and VPN 2 can access Site 3 of VPN 1. PE 3 can receive the VPN-IPv4 routes advertised by PE 1 and PE 2. • PE 1 and PE 2 can receive the VPN-IPv4 routes advertised by PE 3. •...

  • Page 247: Inter-As Vpn

    The route between the CE and the PE can be a static route, RIP route, OSPF route, IS-IS route, EBGP route, or IBGP route. No matter which routing protocol is used, the CE always advertises standard IPv4 routes to the PE. Routing information exchange from the ingress PE to the egress PE After learning the VPN routing information from the CE, the ingress PE adds RDs and route targets for these standard IPv4 routes to create VPN-IPv4 routes, save them to the routing table of the VPN instance...
  • Page 248 Figure 64 Network diagram for inter-AS option A Inter-AS option A is easy to carry out because no special configuration is required on the PEs acting as the ASBRs. However, it has limited scalability because the PEs acting as the ASBRs must manage all the VPN routes and create VPN instances on a per-VPN basis.
  • Page 249 Figure 65 Network diagram for inter-AS option B In terms of scalability, inter-AS option B is better than option A. When adopting MP-EBGP method, note the following: ASBRs perform no route target filtering on VPN-IPv4 routes that they receive from each other. •...

  • Page 250: Carrier's Carrier

    Figure 66 Network diagram for inter-AS option C To improve the scalability, you can specify an RR in each AS, making it maintain all VPN-IPv4 routes and exchange VPN-IPv4 routes with PEs in the AS. The RRs in two ASs establish an inter-AS VPNv4 connection to advertise VPN-IPv4 routes.
  • Page 251 of the Level 2 carrier. Routes of the customer networks connected to a Level 2 carrier are exchanged through the BGP session established between the routers of the Level 2 carrier. This can greatly reduce the number of routes maintained by the Level 1 carrier network. Implementation of carrier's carrier Compared with the common MPLS L3VPN, the carrier's carrier is different because of the way in which a CE of a Level 1 carrier, that is, a Level 2 carrier, accesses a PE of the Level 1 carrier:...

  • Page 252: Nested Vpn

    MP-IBGP PE 3 PE 4 NOTE: If equal cost routes exist between the Level 1 carrier and the Level 2 carrier, H3C recommends establishing equal cost LSPs between them. Nested VPN Background In an MPLS L3VPN network, generally a service provider runs an MPLS L3VPN backbone and provides VPN services through PEs.
  • Page 253 Figure 70 Network diagram for nested VPN Propagation of routing information In a nested VPN network, routing information is propagated in the following process: A provider PE and its CEs exchange VPNv4 routes, which carry information about users' internal VPNs. After receiving a VPNv4 route, a provider PE keeps the user's internal VPN information, and appends the user's MPLS VPN attributes on the service provider network.

  • Page 254: Hovpn

    Nested VPN is flexible and easy to implement and can reduce the cost because a customer only needs to pay for one MPLS VPN to have multiple internal VPNs connected. Nested VPN provides diversified VPN networking methods for a customer, and allows for multi-level hierarchical access control over the internal VPNs.
  • Page 255 As shown in Figure 71, devices directly connected to CEs are called underlayer PEs or user-end PEs (UPEs), whereas devices that are connected with UPEs and are in the internal network are called superstratum PEs or service provider-end PEs (SPE). The hierarchical PE consists of multiple UPEs and SPEs, which function together as a traditional PE.

  • Page 256: Ospf Vpn Extension

    Figure 72 Recursion of HoPEs Figure 72 shows a three-level HoPE. The PE in the middle is called the middle-level PE (MPE). MP-BGP runs between SPE and MPE, and between MPE and UPE. The term "MPE" does not really exist in a HoVPN model. It is used here just for the convenience of description.
  • Page 257 OSPF attributes. Each OSPF domain must have a configurable domain ID. H3C recommends that you configure the same domain ID or adopt the default ID for all OSPF processes of the same VPN, so the system can know that all VPN routes with the same domain ID are from the same VPN.

  • Page 258: Bgp As Number Substitution And Soo

    If the PE needs to advertise to a CE the routes from other OSPF domains, it must indicate that it is the ASBR, and advertise the routes using Type 5 LSAs. Sham link Generally, BGP peers carry routing information on the MPLS VPN backbone through the BGP extended community attributes.

  • Page 259: Mpls L3Vpn Configuration Task List

    The BGP AS number substitution function allows physically dispersed CEs to use the same AS number. The function is a BGP outbound policy and functions on routes to be advertised. With the BGP AS number substitution function, when a PE advertises a route to a CE of the specified peer, if an AS number identical to that of the CE exist in the AS_PATH of the route, it will be replaced with that of the PE.

  • Page 260: Configuration Prerequisites

    Complete the following tasks to configure basic MPLS L3VPN: Task Remarks Creating a VPN instance Required Associating a VPN instance with an interface Required Configuring VPN Configuring route related attributes for a VPN instance Optional instances Configuring a tunneling policy for a VPN instance Optional Configuring an LDP instance Optional...
  • Page 261 Associating a VPN instance with an interface After creating and configuring a VPN instance, you need to associate the VPN instance with the interface for connecting the CE. Any LDP-capable interface can be associated with a VPN instance. For information about LDP-capable interfaces, see "Configuring basic MPLS."...
  • Page 262 Step Command Remarks Optional. Setting the maximum number of Set the maximum number of routing-table limit number routes for a VPN instance is for routes allowed. { warn-threshold | simply-alert } preventing too many routes from being redistributed into the PE. Optional.
  • Page 263 To configure a tunneling policy for a VPN instance: Step Command Remarks Enter system view. system-view Create a tunneling policy and enter tunnel-policy tunnel-policy-name tunneling policy view. Optional. By default, no preferred tunnel is configured. NOTE: Configure a preferred preferred-path number interface •...

  • Page 264: Configuring Routing Between Pe And Ce

    Configuring an LDP instance LDP instances are for carrier's carrier network applications. This task is to configure the LDP capability for an existing VPN instance, create an LDP instance for the VPN instance, and configure LDP parameters for the LDP instance. To configure an LDP instance: Step Command...
  • Page 265 Step Command Remarks • ip route-static dest-address { mask | mask-length } { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference Perform this configuration preference-value ] [ tag tag-value ] on PEs. On CEs, configure [ description description-text ] normal static routes.
  • Page 266 Step Command Remarks Create an OSPF process for a ospf [ process-id | router-id Perform the configurations on PEs. VPN instance and enter the router-id | vpn-instance On CEs, create a normal OSPF OSPF view. vpn-instance-name ] * process. Optional. Configure the OSPF domain domain-id domain-id [ secondary ] 0 by default.
  • Page 267 Step Command Remarks interface interface-type Enter interface view. interface-number Enable the IS-IS process on isis enable [ process-id ] Disabled by default. the interface. Configuring EBGP between PE and CE Configure the PE: Step Command Remarks Enter system view. system-view Enable BGP and enter BGP bgp as-number view.
  • Page 268 Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number For information about BGP peer and peer group configuration, see Configure the PE as the EBGP peer { group-name | ip-address } Layer 3—IP Routing Configuration peer. Guide. This chapter does not as-number as-number differentiate between peer and peer group.
  • Page 269 Step Command Remarks Optional. Enabled by default. Enable route reflection reflect between-clients If the clients are fully meshed, you between clients. do not need to enable route reflection. Optional. By default, each RR in a cluster uses its own router ID as the cluster ID. Configure the cluster ID for the reflector cluster-id { cluster-id | If more than one RR exists in a...

  • Page 270: Configuring Routing Between Pes

    Configuring routing between PEs Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Configure the remote PE as peer { group-name | ip-address } the peer. as-number as-number peer { group-name | ip-address } By default, BGP uses the source Specify the source interface connect-interface interface-type interface of the optimal route...
  • Page 271 Step Command Remarks Enable a peer or peer group for an address family and By default, only IPv4 routing peer { group-name | ip-address } enable the exchange of BGP information is exchanged between enable routing information of the BGP peers. address family.
  • Page 272 Configuring specific routing features for BGP-VPNv4 subaddress family Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Configure the remote PE as peer ip-address as-number the peer. as-number Specify the interface for TCP peer ip-address connect-interface connection. interface-type interface-number Enter BGP-VPNv4 subaddress ipv4-family vpnv4...

  • Page 273: Configuring Inter-As Vpn

    Step Command Remarks Optional. Specify not to change the next By default, a device uses its hop of a route when peer { group-name | ip-address } address as the next hop when advertising it to an EBGP next-hop-invariable advertising a route to its EBGP peer.

  • Page 274: Configuring Inter-As Option B

    can be received by the ASBR-PEs (or PEs). Route targets configured on the PEs in different ASs do not have such requirements. Configuring inter-AS option B For inter-AS option B, the following configuration methods are available: Do not change the next hop on an ASBR. With this method, you still must configure MPLS LDP •...
  • Page 275 The PEs and ASBR PEs in an AS must be able to exchange labeled IPv4 routes. To configure a PE for inter-AS option C: Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Configure the ASBR PE in the peer { group-name | ip-address } same AS as the IBGP peer.

  • Page 276: Configuring Nested Vpn

    Step Command Remarks Configure the ASBR PE to By default, a BGP speaker does not change the next hop to itself peer { group-name | ip-address } use its address as the next hop when advertising routes to PEs next-hop-local when advertising a route to its in the same AS.

  • Page 277: Configuring Hovpn

    Do not give nested VPN peers addresses that public network peers use. • • Before specifying a nested VPN peer or peer group, configure the corresponding CE peer or peer group in BGP VPN instance view. If a CE of a sub-VPN is directly connected to a service provider's PE, policy routing must be •...

  • Page 278: Configuring An Ospf Sham Link

    Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter BGP-VPNv4 subaddress ipv4-family vpnv4 family view. Enable the exchange of peer { group-name | ip-address } BGP-VPNv4 routing enable information with a peer. The default route of a VPN instance Specify a BGP peer or peer peer { group-name | ip-address } can be advertised to only a BGP...

  • Page 279: Redistributing The Loopback Interface Route And Ospf Routes Into Bgp

    If you start OSPF but do not configure the router ID, the system automatically elects one. However, the same election rules produce the same router ID. Therefore, H3C recommends that you configure the router ID when starting an OSPF process. For the election rules, see Layer 3—IP Routing Configuration Guide.

  • Page 280: Configuring Bgp As Number Substitution And Soo

    PE or PEs with the same AS number. Therefore, H3C recommends configuring different tags for different OSPF VPN instances. Configuring BGP AS number substitution and SoO When CEs at different sites have the same AS number, configure the BGP AS number substitution function to avoid route loss.

  • Page 281: Displaying And Maintaining Mpls L3Vpn

    Soft reset of BGP connections refers to updating BGP routing information without breaking BGP neighbor relationships. Hard reset of BGP connections refers to updating BGP routing information by breaking and then reestablishing BGP neighbor relationships. To hard reset or soft reset BGP connections: Step Command Remarks...
  • Page 282 Task Command Remarks display bgp vpnv4 { all | vpn-instance Display BGP VPNv4 AS path vpn-instance-name } paths Available in any view information. [ as-regular-expression | { | { begin | exclude | include } regular-expression } ] display bgp vpnv4 all peer [ ip-address verbose | verbose ] [ | { begin | exclude | include } regular-expression ] Display information about BGP...

  • Page 283: Mpls L3Vpn Configuration Examples

    Task Command Remarks display bgp vpnv4 vpn-instance vpn-instance-name routing-table [ [ network-address [ { mask | mask-length } [ longer-prefixes ] ] | as-path-acl as-path-acl-number | cidr | community [ aa:nn ]&<1-13> [ no-advertise | no-export | no-export-subconfed ] * [ whole-match ] | community-list Display the BGP VPNv4 routing { { basic-community-list-number |...
  • Page 284 VPN 1 uses route target attribute 1 1 1:1. VPN 2 uses route target attribute 222:2. Users of different • VPNs cannot access each other. EBGP is used to exchange VPN routing information between CE and PE. • PEs use OSPF to communicate with each other and use MP-IBGP to exchange VPN routing •...
  • Page 285 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure the P device. <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface vlan-interface 13 [P-Vlan-interface13] ip address 172.1.1.2 24 [P-Vlan-interface13] quit [P] interface vlan-interface 12 [P-Vlan-interface12] ip address 172.2.1.1 24 [P-Vlan-interface12] quit [P] ospf [P-ospf-1] area 0...
  • Page 286 172.1.1.1/32 Direct 0 127.0.0.1 InLoop0 172.2.1.0/24 OSPF 172.1.1.2 Vlan13 [PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.1(Vlan-interface13)'s neighbors Router ID: 172.1.1.2 Address: 172.1.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: 172.1.1.1 BDR: 172.1.1.2...
  • Page 287 After you complete the configurations, LDP sessions are established between PE 1, P, and PE 2. Issue the display mpls ldp session command. The output shows that the session status is Operational. Issue the display mpls ldp lsp command. The output shows the LSPs established by LDP.
  • Page 288 [PE2-vpn-instance-vpn2] route-distinguisher 200:2 [PE2-vpn-instance-vpn2] vpn-target 222:2 [PE2-vpn-instance-vpn2] quit [PE2] interface vlan-interface 11 [PE2-Vlan-interface11] ip binding vpn-instance vpn1 [PE2-Vlan-interface11] ip address 10.3.1.2 24 [PE2-Vlan-interface11] quit [PE2] interface vlan-interface 13 [PE2-Vlan-interface13] ip binding vpn-instance vpn2 [PE2-Vlan-interface13] ip address 10.4.1.2 24 [PE2-Vlan-interface13] quit # Configure IP addresses for the CEs according to Figure 76.
  • Page 289 [PE1-bgp-vpn1] quit [PE1-bgp] ipv4-family vpn-instance vpn2 [PE1-bgp-vpn2] peer 10.2.1.1 as-number 65420 [PE1-bgp-vpn2] import-route direct [PE1-bgp-vpn2] quit [PE1-bgp] quit # Configure PE 2 in a similar way as you configure PE 1. (Details not shown.) After completing the configurations, issue the display bgp vpnv4 vpn-instance peer command on the PEs.

  • Page 290: Configuring Mpls L3Vpns Using Ibgp Between Pe And Ce

    Routing Tables: vpn1 Destinations : 5 Routes : 5 Destination/Mask Proto Cost NextHop Interface 10.1.1.0/24 Direct 0 10.1.1.2 Vlan11 10.1.1.2/32 Direct 0 127.0.0.1 InLoop0 10.3.1.0/24 3.3.3.9 NULL0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 [PE1] display ip routing-table vpn-instance vpn2 Routing Tables: vpn2 Destinations : 5 Routes : 5...
  • Page 291 VPN 1 uses route target attribute 1 1 1:1. VPN 2 uses route target attribute 222:2. Users of different • VPNs cannot access each other. IBGP is used to exchange VPN routing information between CE and PE. • PEs use OSPF to communicate with each other and use MP-IBGP to exchange VPN routing •...
  • Page 292 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure the P switch. <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface vlan-interface 13 [P-Vlan-interface13] ip address 172.1.1.2 24 [P-Vlan-interface13] quit [P] interface vlan-interface 12 [P-Vlan-interface12] ip address 172.2.1.1 24...
  • Page 293 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 172.1.1.0/24 Direct 0 172.1.1.1 Vlan13 172.1.1.1/32 Direct 0 127.0.0.1 InLoop0 172.2.1.0/24 OSPF 172.1.1.2 Vlan13 [PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.1(Vlan-interface13)'s neighbors Router ID: 172.1.1.2 Address: 172.1.1.2 GR State: Normal...
  • Page 294 [PE2-Vlan-interface12] mpls [PE2-Vlan-interface12] mpls ldp [PE2-Vlan-interface12] quit After the configurations, P establishes an LDP session with PE 1 and PE 2 respectively. Issue the display mpls ldp session command. The output shows that the session status is Operational. Issue the display mpls ldp lsp command. The output shows the LSPs established by LDP. Take PE 1 as an example: [PE1] display mpls ldp session LDP Session(s) in Public Network...
  • Page 295 [PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit [PE2] ip vpn-instance vpn2 [PE2-vpn-instance-vpn2] route-distinguisher 200:2 [PE2-vpn-instance-vpn2] vpn-target 222:2 [PE2-vpn-instance-vpn2] quit [PE2] interface vlan-interface 11 [PE2-Vlan-interface11] ip binding vpn-instance vpn1 [PE2-Vlan-interface11] ip address 10.3.1.2 24 [PE2-Vlan-interface11] quit [PE2] interface vlan-interface 13 [PE2-Vlan-interface13] ip binding vpn-instance vpn2 [PE2-Vlan-interface13] ip address 10.4.1.2 24 [PE2-Vlan-interface13] quit # Configure IP addresses for the CEs according to in...
  • Page 296 [CE1-bgp] quit # Configure the other three CEs (CE 2 through CE 4) in a similar way as you configure CE 1. (Details not shown.) # On PE 1, configure the CE 1 and CE 2 as the IBGP peers, and configure PE 1 as the route reflector.
  • Page 297 # On PE 2, configure PE 1 as the MP-IBGP peer, and configure a routing policy for the routes received from PE 1, changing the next hop address of the routes as the loopback interface address of PE 1. [PE2] route-policy pe-ibgp permit node 0 [PE2-route-policy] apply ip-address next-hop 1.1.1.9 [PE2-route-policy] quit [PE2] bgp 100...

  • Page 298: Configuring A Hub-Spoke Network

    10.4.1.0/24 3.3.3.9 NULL0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 CEs of the same VPN can ping each other, whereas those of different VPNs cannot. For example, CE 1 can ping CE 3 (6.6.6.9), but cannot ping CE 4 (7.7.7.9): [CE1] ping 6.6.6.9 PING 6.6.6.9: 56 data bytes, press CTRL_C to break...
  • Page 299 Figure 78 Network diagram Device Interface IP address Device Interface IP address Spoke-CE 1 Vlan-int2 10.1.1.1/24 Hub-CE Vlan-int6 10.3.1.1/24 Spoke-PE 1 Loop0 1.1.1.9/32 Vlan-int7 10.4.1.1/24 Vlan-int2 10.1.1.2/24 Hub-PE Loop0 2.2.2.9/32 Vlan-int4 172.1.1.1/24 Vlan-int4 172.1.1.2/24 Spoke-CE 2 Vlan-int3 10.2.1.1/24 Vlan-int5 172.2.1.2/24 Spoke-PE 2 Loop0 3.3.3.9/32...
  • Page 300 [Spoke-PE2-LoopBack0] quit [Spoke-PE2] interface vlan-interface 5 [Spoke-PE2-Vlan-interface5] ip address 172.2.1.1 24 [Spoke-PE2-Vlan-interface5] quit [Spoke-PE2] ospf [Spoke-PE2-ospf-1] area 0 [Spoke-PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [Spoke-PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [Spoke-PE2-ospf-1-area-0.0.0.0] quit [Spoke-PE2-ospf-1] quit # Configure the Hub-PE. <Hub-PE> system-view [Hub-PE] interface loopback 0 [Hub-PE-LoopBack0] ip address 2.2.2.9 32 [Hub-PE-LoopBack0] quit [Hub-PE] interface vlan-interface 4...
  • Page 301 [Spoke-PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.1(Vlan-interface4)'s neighbors Router ID: 2.2.2.9 Address: 172.1.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: 172.1.1.1 BDR: 172.1.1.2 MTU: 0 Dead timer due in 38 Neighbor is up for 00:02:44 Authentication Sequence: [ 0 ] Neighbor state change count: 5...
  • Page 302 After the configuration, LDP sessions are established between Spoke-PE 1 and Hub-PE, and between Spoke-PE 2 and Hub-PE. Issue the display mpls ldp session command. The output shows that the session status is Operational. Issue the display mpls ldp lsp command. The output shows the LSPs established by LDP.
  • Page 303 [Hub-PE-vpn-instance-vpn1-in] vpn-target 222:2 import-extcommunity [Hub-PE-vpn-instance-vpn1-in] quit [Hub-PE] ip vpn-instance vpn1-out [Hub-PE-vpn-instance-vpn1-out] route-distinguisher 100:4 [Hub-PE-vpn-instance-vpn1-out] vpn-target 111:1 export-extcommunity [Hub-PE-vpn-instance-vpn1-out] quit [Hub-PE] interface vlan-interface 6 [Hub-PE-Vlan-interface6] ip binding vpn-instance vpn1-in [Hub-PE-Vlan-interface6] ip address 10.3.1.2 24 [Hub-PE-Vlan-interface6] quit [Hub-PE] interface vlan-interface 7 [Hub-PE-Vlan-interface7] ip binding vpn-instance vpn1-out [Hub-PE-Vlan-interface7] ip address 10.4.1.2 24 [Hub-PE-Vlan-interface7] quit # Configure IP addresses for the CEs according to...
  • Page 304 [Spoke-CE2-bgp] import-route direct [Spoke-CE2-bgp] quit # Configure the Hub-CE. <Hub-CE> system-view [Hub-CE] bgp 65430 [Hub-CE-bgp] peer 10.3.1.2 as-number 100 [Hub-CE-bgp] peer 10.4.1.2 as-number 100 [Hub-CE-bgp] import-route direct [Hub-CE-bgp] quit # Configure Spoke-PE 1. [Spoke-PE1] bgp 100 [Spoke-PE1-bgp] ipv4-family vpn-instance vpn1 [Spoke-PE1-bgp-vpn1] peer 10.1.1.1 as-number 65410 [Spoke-PE1-bgp-vpn1] import-route direct [Spoke-PE1-bgp-vpn1] quit...
  • Page 305 10.1.1.1 65410 2 00:03:16 Established Configure an MP-IBGP peer relationship between a spoke-PE and the hub-PE: # Configure Spoke-PE 1. [Spoke-PE1] bgp 100 [Spoke-PE1-bgp] peer 2.2.2.9 as-number 100 [Spoke-PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [Spoke-PE1-bgp] ipv4-family vpnv4 [Spoke-PE1-bgp-af-vpnv4] peer 2.2.2.9 enable [Spoke-PE1-bgp-af-vpnv4] quit [Spoke-PE1-bgp] quit # Configure Spoke-PE 2.

  • Page 306: Configuring Inter-As Option A

    Destinations : 8 Routes : 8 Destination/Mask Proto Cost NextHop Interface 10.0.0.0/24 2.2.2.9 NULL0 10.1.1.0/24 Direct 0 10.1.1.2 Vlan2 10.1.1.2/32 Direct 0 127.0.0.1 InLoop0 10.2.1.0/24 2.2.2.9 NULL0 10.3.1.0/24 2.2.2.9 NULL0 10.4.1.0/24 2.2.2.9 NULL0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Spoke-CE 1 and Spoke-CE 2 can ping each other.
  • Page 307 Figure 79 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan-int12 10.1.1.1/24 CE 2 Vlan-int12 10.2.1.1/24 PE 1 Loop0 1.1.1.9/32 PE 2 Loop0 4.4.4.9/32 Vlan-int12 10.1.1.2/24 Vlan-int12 10.2.1.2/24 Vlan-int11 172.1.1.2/24 Vlan-int11 162.1.1.2/24 ASBR-PE 1 Loop0 2.2.2.9/32 ASBR-PE 2 Loop0 3.3.3.9/32...
  • Page 308 [PE1-Vlan-interface11] mpls ldp [PE1-Vlan-interface11] quit # Configure MPLS basic capability on ASBR PE 1 and enable MPLS LDP on the interface connected to PE 1. <ASBR-PE1> system-view [ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit [ASBR-PE1] interface vlan-interface 11 [ASBR-PE1-Vlan-interface11] mpls [ASBR-PE1-Vlan-interface11] mpls ldp...
  • Page 309 [CE1-Vlan-interface12] ip address 10.1.1.1 24 [CE1-Vlan-interface12] quit # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip binding vpn-instance vpn1 [PE1-Vlan-interface12] ip address 10.1.1.2 24 [PE1-Vlan-interface12] quit # Configure CE 2.
  • Page 310 The PEs can ping the CEs and the ASBR PEs can ping each other. Establish EBGP peer relationships between PEs and CEs to allow VPN routes to be redistributed: # Configure CE 1. [CE1] bgp 65001 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit # Configure PE 1.

  • Page 311: Configuring Inter-As Option B

    [ASBR-PE1-bgp-af-vpnv4] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ipv4-family vpn-instance vpn1 [ASBR-PE2-bgp-vpn1] peer 192.1.1.1 as-number 100 [ASBR-PE2-bgp-vpn1] quit [ASBR-PE2-bgp] peer 4.4.4.9 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [ASBR-PE2-bgp] ipv4-family vpnv4 [ASBR-PE2-bgp-af-vpnv4] peer 4.4.4.9 enable [ASBR-PE2-bgp-af-vpnv4] peer 4.4.4.9 next-hop-local [ASBR-PE2-bgp-af-vpnv4] quit [ASBR-PE2-bgp] quit...
  • Page 312 Figure 80 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 Vlan-int12 30.0.0.1/8 Vlan-int12 20.0.0.1/8 Vlan-int11 1.1.1.2/8 Vlan-int11 9.1.1.2/8 ASBR-PE 1 Loop0 3.3.3.9/32 ASBR-PE 2 Loop0 4.4.4.9/32 Vlan-int11 1.1.1.1/8 Vlan-int11 9.1.1.1/8 Vlan-int12 11.0.0.2/8 Vlan-int12...
  • Page 313 [PE1-Vlan-interface11] quit # Configure interface Loopback 0 and start IS-IS on it. [PE1] interface loopback 0 [PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and route target attributes. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity...
  • Page 314 [ASBR-PE1-Vlan-interface11] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-Vlan-interface11] isis enable 1 [ASBR-PE1-Vlan-interface11] mpls [ASBR-PE1-Vlan-interface11] mpls ldp [ASBR-PE1-Vlan-interface11] quit # Configure interface VLAN-interface 12 and enable MPLS on it. [ASBR-PE1] interface vlan-interface 12 [ASBR-PE1-Vlan-interface12] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Vlan-interface12] mpls [ASBR-PE1-Vlan-interface12] quit # Configure interface Loopback 0 and start IS-IS on it. [ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.3.3.9 32 [ASBR-PE1-LoopBack0] isis enable 1...
  • Page 315 [ASBR-PE2-Vlan-interface11] mpls ldp [ASBR-PE2-Vlan-interface1] quit # Configure interface VLAN-interface 12 and enable MPLS on it. [ASBR-PE2] interface vlan-interface 12 [ASBR-PE2-Vlan-interface12] ip address 11.0.0.1 255.0.0.0 [ASBR-PE2-Vlan-interface12] mpls [ASBR-PE2-Vlan-interface12] quit # Configure interface Loopback 0 and start IS-IS on it. [ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit...

  • Page 316: Configuring Inter-As Option C

    # Configure interface Loopback 0 and start IS-IS on it. [PE2] interface loopback 0 [PE2-LoopBack0] ip address 5.5.5.9 32 [PE2-LoopBack0] isis enable 1 [PE2-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and route target attributes. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 12:12 [PE2-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity [PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity...
  • Page 317 ASBR-PE 1 and ASBR-PE 2 use MP-EBGP to exchange labeled IPv4 routes. • Figure 81 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 Loop1 30.0.0.1/32 Loop1 20.0.0.1/32 Vlan-int11 1.1.1.2/8 Vlan-int11 9.1.1.2/8 ASBR-PE 1 Loop0...
  • Page 318 [PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and route target attributes. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Configure interface Loopback 1 and bind the interface to VPN instance vpn1.
  • Page 319 [ASBR-PE1-mpls-ldp] quit # Configure interface VLAN-interface 11, and start IS-IS and enable MPLS and LDP on the interface. [ASBR-PE1] interface vlan-interface 11 [ASBR-PE1-Vlan-interface11] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-Vlan-interface11] isis enable 1 [ASBR-PE1-Vlan-interface11] mpls [ASBR-PE1-Vlan-interface11] mpls ldp [ASBR-PE1-Vlan-interface11] quit # Configure interface VLAN-interface 12 and enable MPLS on it. [ASBR-PE1] interface vlan-interface 12 [ASBR-PE1-Vlan-interface12] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Vlan-interface12] mpls...
  • Page 320 <ASBR-PE2> system-view [ASBR-PE2] isis 1 [ASBR-PE2-isis-1] network-entity 10.3333.3333.3333.3333.00 [ASBR-PE2-isis-1] quit # Configure LSR ID, enable MPLS and LDP. [ASBR-PE2] mpls lsr-id 4.4.4.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] label advertise non-null [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit # Configure interface VLAN-interface 11, and start IS-IS and enable MPLS and LDP on the interface.
  • Page 321 [ASBR-PE2-bgp] peer 5.5.5.9 route-policy policy2 export # Use routing policy policy1 to filter routes advertised to EBGP peer 11.0.0.2. [ASBR-PE2-bgp] peer 11.0.0.2 as-number 100 [ASBR-PE2-bgp] peer 11.0.0.2 route-policy policy1 export # Configure the capability to advertise labeled routes to EBGP peer 11.0.0.2 and to receive labeled routes from the peer.

  • Page 322: Configuring Carrier's Carrier

    [PE2] bgp 600 # Configure the capability to advertise labeled routes to IBGP peer 4.4.4.9 and to receive labeled routes from the peer. [PE2-bgp] peer 4.4.4.9 as-number 600 [PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE2-bgp] peer 4.4.4.9 label-route-capability # Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10. [PE2-bgp] peer 2.2.2.9 as-number 100 [PE2-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE2-bgp] peer 2.2.2.9 ebgp-max-hop 10...
  • Page 323 Figure 82 Network diagram Device Interface IP address Device Interface IP address CE 3 Vlan-int11 100.1.1.1/24 CE 4 Vlan-int11 120.1.1.1/24 PE 3 Loop0 1.1.1.9/32 PE 4 Loop0 6.6.6.9/32 Vlan-int11 100.1.1.2/24 Vlan-int11 120.1.1.2/24 Vlan-int12 10.1.1.1/24 Vlan-int12 20.1.1.2/24 CE 1 Loop0 2.2.2.9/32 CE 2 Loop0 5.5.5.9/32...
  • Page 324 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip address 30.1.1.1 24 [PE1-Vlan-interface12] isis enable 1 [PE1-Vlan-interface12] mpls [PE1-Vlan-interface12] mpls ldp [PE1-Vlan-interface2] mpls ldp transport-address interface [PE1-Vlan-interface2] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.4.4.9 enable [PE1-bgp-af-vpnv4] quit...
  • Page 325 [PE3-LoopBack0] quit [PE3] mpls lsr-id 1.1.1.9 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0000.0001.00 [PE3-isis-2] quit [PE3] interface loopback 0 [PE3-LoopBack0] isis enable 2 [PE3-LoopBack0] quit [PE3] interface vlan-interface 12 [PE3-Vlan-interface12] ip address 10.1.1.1 24 [PE3-Vlan-interface12] isis enable 2 [PE3-Vlan-interface12] mpls [PE3-Vlan-interface12] mpls ldp...
  • Page 326 # Configure PE 1 and inject IS-IS routes. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] mpls ldp vpn-instance vpn1 [PE1-mpls-ldp-vpn-instance-vpn1] quit [PE1] isis 2 vpn-instance vpn1 [PE1-isis-2] network-entity 10.0000.0000.0000.0003.00 [PE1-isis-2] import-route bgp allow-ibgp [PE1-isis-2] quit [PE1] interface vlan-interface 11 [PE1-Vlan-interface11] ip binding vpn-instance vpn1 [PE1-Vlan-interface11] ip address 11.1.1.2 24...
  • Page 327 [PE3-vpn-instance-vpn1] route-distinguisher 100:1 [PE3-vpn-instance-vpn1] vpn-target 1:1 [PE3-vpn-instance-vpn1] quit [PE3] interface vlan-interface 11 [PE3-Vlan-interface11] ip binding vpn-instance vpn1 [PE3-Vlan-interface11] ip address 100.1.1.2 24 [PE3-Vlan-interface11] quit [PE3] bgp 100 [PE3-bgp] ipv4-family vpn-instance vpn1 [PE3-bgp-vpn1] peer 100.1.1.1 as-number 65410 [PE3-bgp-vpn1] import-route direct [PE3-bgp-vpn1] quit [PE3-bgp] quit # Configure PE 4 and CE 4 in a similar way as you configure PE 3 and CE 3.
  • Page 328 1.1.1.9/32 ISIS 11.1.1.1 Vlan11 2.2.2.9/32 ISIS 11.1.1.1 Vlan11 5.5.5.9/32 4.4.4.9 NULL0 6.6.6.9/32 4.4.4.9 NULL0 10.1.1.0/24 ISIS 11.1.1.1 Vlan11 11.1.1.0/24 Direct 0 11.1.1.1 Vlan11 11.1.1.1/32 Direct 0 127.0.0.1 InLoop0 11.1.1.2/32 Direct 0 11.1.1.2 Vlan11 20.1.1.0/24 4.4.4.9 NULL0 21.1.1.0/24 4.4.4.9 NULL0 21.1.1.2/32 4.4.4.9 NULL0 Issue the display ip routing-table command on CE 1 and CE 2.

  • Page 329: Configuring Nested Vpn

    20.1.1.0/24 ISIS 10.1.1.2 Vlan12 21.1.1.0/24 ISIS 10.1.1.2 Vlan12 21.1.1.2/32 ISIS 10.1.1.2 Vlan12 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Issue the display ip routing-table vpn-instance command on PE 3 and PE 4. The output shows that the routes of the remote VPN customers are present in the VPN routing tables. Take PE 3 as an example: [PE3] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1...
  • Page 330 PE 1 and PE 2 are PE devices on the service provider backbone. Both of them support the nested • VPN function. CE 1 and CE 2 are connected to the service provider backbone. Both of them support VPNv4 • routes.
  • Page 331 Configuration procedure Configure MPLS L3VPN on the service provider backbone, using IS-IS as the IGP protocol, and enabling LDP and establishing MP-IBGP peer relationship between PE 1 and PE 2: # Configure PE 1. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 3.3.3.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 3.3.3.9...
  • Page 332 [PE1] display bgp peer BGP local router ID : 3.3.3.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer MsgRcvd MsgSent OutQ PrefRcv Up/Down State 4.4.4.9 02:12:47 Established [PE1] display isis peer Peer information for ISIS(1) ---------------------------- System Id...
  • Page 333 [CE1] interface loopback 0 [CE1-LoopBack0] isis enable 2 [CE1-LoopBack0] quit [CE1] interface vlan-interface 12 [CE1-Vlan-interface12] ip address 10.1.1.2 24 [CE1-Vlan-interface12] isis enable 2 [CE1-Vlan-interface12] mpls [CE1-Vlan-interface12] mpls ldp [CE1-Vlan-interface12] quit After the configurations, LDP and IS-IS neighbor relationship can be established between PE 3 and CE 1.
  • Page 334 [CE3-bgp] import-route direct [CE3-bgp] quit # Configure CE 5. <CE5> system-view [CE5] interface vlan-interface 13 [CE5-Vlan-interface13] ip address 110.1.1.1 24 [CE5-Vlan-interface13] quit [CE5] bgp 65411 [CE5-bgp] peer 110.1.1.2 as-number 200 [CE5-bgp] import-route direct [CE5-bgp] quit # Configure PE 3. [PE3] ip vpn-instance SUB_VPN1 [PE3-vpn-instance-SUB_VPN1] route-distinguisher 100:1 [PE3-vpn-instance-SUB_VPN1] vpn-target 2:1 [PE3-vpn-instance-SUB_VPN1] quit...
  • Page 335 [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # Configure CE 1, enabling VPNv4 capability and establishing VPNv4 neighbor relationship between CE 1 and PE 1. [CE1] bgp 200 [CE1-bgp] ipv4-family vpnv4 [CE1-bgp-af-vpnv4] peer 11.1.1.2 enable # Allow the local AS number to appear in the AS-PATH attribute of the routes received. [CE1-bgp-af-vpnv4] peer 11.1.1.2 allow-as-loop 2 # Disable route target based filtering of received VPNv4 routes.
  • Page 336 4.4.4.9/32 ISIS 30.1.1.2 Vlan12 30.1.1.0/24 Direct 0 30.1.1.1 Vlan12 30.1.1.1/32 Direct 0 127.0.0.1 InLoop0 30.1.1.2/32 Direct 0 30.1.1.2 Vlan12 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Execute the display ip routing-table vpn-instance command on PE 1 and PE 2 to verify that the VPN routing tables contain sub-VPN routes.
  • Page 337 100.1.1.0/24 1.1.1.9 1024/1024 Route Distinguisher: 101:1 Network NextHop In/Out Label LocPrf * > 110.1.1.0/24 1.1.1.9 1025/1025 Route Distinguisher: 200:1 Network NextHop In/Out Label LocPrf * > 120.1.1.0/24 11.1.1.2 1026/1027 Route Distinguisher: 201:1 Network NextHop In/Out Label LocPrf * > 130.1.1.0/24 11.1.1.2 1027/1028 Execute the display ip routing-table vpn-instance SUB_VPN1 command on PE 3 and PE 4 to verify...
  • Page 338 Execute the display ip routing-table command on CE5 and CE 6 to verify that the routing tables contain routes of remote sub-VPNs. Take CE5 as an example. [CE5] display ip routing-table Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Cost...

  • Page 339: Configuring Hovpn

    Request time out Request time out --- 130.1.1.1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss Configuring HoVPN Network requirements There are two levels of networks, the backbone and the MPLS VPN networks, as shown in Figure SPEs act as PEs to allow MPLS VPNs to access the backbone.
  • Page 340 # Configure MPLS basic capability and MPLS LDP to establish LDP LSPs. <UPE1> system-view [UPE1] interface loopback 0 [UPE1-LoopBack0] ip address 1.1.1.9 32 [UPE1-LoopBack0] quit [UPE1] mpls lsr-id 1.1.1.9 [UPE1] mpls [UPE1-mpls] quit [UPE1] mpls ldp [UPE1-mpls-ldp] quit [UPE1] interface vlan-interface 11 [UPE1-Vlan-interface11] ip address 172.1.1.1 24 [UPE1-Vlan-interface11] mpls [UPE1-Vlan-interface11] mpls ldp...
  • Page 341 [UPE1-bgp-vpn1] import-route direct [UPE1-bgp-vpn1] quit [UPE1-bgp] ipv4-family vpn-instance vpn2 [UPE1-bgp-vpn1] peer 10.4.1.1 as-number 65420 [UPE1-bgp-vpn1] import-route direct [UPE1-bgp-vpn1] quit [UPE1-bgp] quit Configure CE 1: <CE1> system-view [CE1] interface vlan-interface 12 [CE1-Vlan-interface12] ip address 10.2.1.1 255.255.255.0 [CE1-Vlan-interface12] quit [CE1] bgp 65410 [CE1-bgp] peer 10.2.1.2 as-number 100 [CE1-bgp] import-route direct [CE1] quit...
  • Page 342 [UPE2-ospf-1] quit # Configure VPN instances vpn1 and vpn2, allowing CE 3 and CE 4 to access UPE 2. [UPE2] ip vpn-instance vpn1 [UPE2-vpn-instance-vpn1] route-distinguisher 300:1 [UPE2-vpn-instance-vpn1] vpn-target 100:1 both [UPE2-vpn-instance-vpn1] quit [UPE2] ip vpn-instance vpn2 [UPE2-vpn-instance-vpn2] route-distinguisher 400:2 [UPE2-vpn-instance-vpn2] vpn-target 100:2 both [UPE2-vpn-instance-vpn2] quit [UPE2] interface vlan-interface 12 [UPE2-Vlan-interface12] ip binding vpn-instance vpn1...
  • Page 343 [CE4] bgp 65440 [CE4-bgp] peer 10.3.1.2 as-number 100 [CE4-bgp] import-route direct [CE4] quit Configure SPE 1: # Configure MPLS basic capability and MPLS LDP to establish LDP LSPs. <SPE1> system-view [SPE1] interface loopback 0 [SPE1-LoopBack0] ip address 2.2.2.9 32 [SPE1-LoopBack0] quit [SPE1] mpls lsr-id 2.2.2.9 [SPE1] mpls [SPE1-mpls] quit...
  • Page 344 [SPE1-bgp] peer 1.1.1.9 next-hop-local [SPE1-bgp] peer 3.3.3.9 as-number 100 [SPE1-bgp] peer 3.3.3.9 connect-interface loopback 0 [SPE1-bgp] ipv4-family vpnv4 [SPE1-bgp-af-vpnv4] peer 3.3.3.9 enable [SPE1-bgp-af-vpnv4] peer 1.1.1.9 enable [SPE1-bgp-af-vpnv4] peer 1.1.1.9 upe [SPE1-bgp-af-vpnv4] quit [SPE1-bgp]ipv4-family vpn-instance vpn1 [SPE1-bgp-vpn1] quit [SPE1-bgp]ipv4-family vpn-instance vpn2 [SPE1-bgp-vpn2] quit [SPE1-bgp] quit # Configure SPE 1 to advertise to UPE 1 the routes permitted by a routing policy, that is, the routes...

  • Page 345: Configuring Ospf Sham Links

    [SPE2-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255 [SPE2-ospf-1-area-0.0.0.0] quit [SPE2-ospf-1] quit # Configure VPN instances vpn1 and vpn2. [SPE2] ip vpn-instance vpn1 [SPE2-vpn-instance-vpn1] route-distinguisher 600:1 [SPE2-vpn-instance-vpn1 ] vpn-target 100:1 both [SPE2-vpn-instance-vpn1] quit [SPE2] ip vpn-instance vpn2 [SPE2-vpn-instance-vpn2] route-distinguisher 800:1 [SPE2-vpn-instance-vpn2] vpn-target 100:2 both [SPE2-vpn-instance-vpn2] quit # Configure SPE 2 to establish MP-IBGP peer relationship with UPE 2 and to inject VPN routes, and specify UPE 2.
  • Page 346 VPN traffic between CE 1 and CE 2 is required to be forwarded through the MPLS backbone, • instead of any route in the OSPF area. Figure 85 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan-int11 100.1.1.1/24 CE 2...
  • Page 347 # Configure MPLS basic capability and MPLS LDP on PE 1 to establish LDP LSPs. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip address 10.1.1.1 24 [PE1-Vlan-interface12] mpls...
  • Page 348 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit # Configure OSPF on PE 2. [PE2]ospf 1 [PE2-ospf-1]area 0 [PE2-ospf-1-area-0.0.0.0]network 2.2.2.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0]quit [PE2-ospf-1]quit Configure PEs to allow CEs to access the network: # Configure PE 1 to allow CE 1 to access the network.
  • Page 349 [PE2-ospf-100-area-0.0.0.1] quit [PE2-ospf-100] quit [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route ospf 100 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] quit After completing the configurations, issue the display ip routing-table vpn-instance command on the PEs, you can see that the path to the peer CE is along the OSPF route across the customer networks, instead of the BGP route across the backbone.

  • Page 350: Configuring Bgp As Number Substitution

    Destination/Mask Proto Cost NextHop Interface 3.3.3.3/32 Direct 0 127.0.0.1 InLoop0 5.5.5.5/32 2.2.2.9 NULL0 20.1.1.0/24 OSPF 1563 100.1.1.1 Vlan11 100.1.1.0/24 Direct 0 100.1.1.2 Vlan11 100.1.1.2/32 Direct 0 127.0.0.1 InLoop0 120.1.1.0/24 2.2.2.9 NULL0 Issue the display ip routing-table command on the CEs, and you can see that the cost of the OSPF route to the peer CE is now 10 (the cost configured for the sham link), and that the next hop is now the VLAN interface 11 connected to the PE.
  • Page 351 Figure 86 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan-int11 10.1.1.1/24 Loop0 2.2.2.9/32 Vlan-int12 100.1.1.1/24 Vlan-int11 30.1.1.1/24 PE 1 Loop0 1.1.1.9/32 Vlan-int12 20.1.1.2/24 Vlan-int11 10.1.1.2/24 PE 2 Loop0 3.3.3.9/32 Vlan-int12 20.1.1.1/24 Vlan-int11 30.1.1.2/24 CE 2 Vlan-int12 10.2.1.1/24 Vlan-int12...
  • Page 352 10.2.1.0/24 Direct 0 10.2.1.1 Vlan11 10.2.1.1/32 Direct 0 127.0.0.1 InLoop0 10.2.1.2/32 Direct 0 10.2.1.2 Vlan11 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 200.1.1.0/24 Direct 0 200.1.1.1 InLoop0 200.1.1.1/32 Direct 0 127.0.0.1 InLoop0 Issue the display ip routing-table vpn-instance command on the PEs. You can see the route to the VPN behind the peer CE.
  • Page 353 [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.2.1.1 substitute-as [PE2-bgp-vpn1] quit [PE2-bgp] quit The output shows that among the routes advertised by PE 2 to CE 2, the AS_PATH of 100.1.1.1/32 has changed from 100 600 to 100 100: *0.13498737 PE2 RM/7/RMDEBUG: BGP.vpn1: Send UPDATE to 10.2.1.1 for following destinations : Origin...

  • Page 354: Configuring Bgp As Number Substitution And Soo

    --- 200.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 66/79/109 ms Configuring BGP AS number substitution and SoO Network requirements CE 1, CE 2, and CE 3 belong to VPN 1 and connect to PE1, PE 2, and PE 3 respectively. CE 1 and CE 2 reside in the same site.
  • Page 355 Configure OSPF on the MPLS backbone to allow the PEs and P device to learn the routes of the loopback interfaces from each other. Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs. Establish MP-IBGP peer relationships between the PEs to advertise VPN IPv4 routes. Configure VPN 1 on PE 1 to allow CE 1 to access the network.
  • Page 356 [PE1] route-policy soo permit node 10 [PE1-route-policy] apply extcommunity soo 1:100 additive [PE1-route-policy] quit # On PE 1, apply the routing policy soo to routes received from CE 1. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.1 route-policy soo import [PE1-bgp-vpn1] quit [PE1-bgp] quit # On PE 2, configure a routing policy named soo to add the specified SoO attribute.

  • Page 357: Ipv6 Mpls L3Vpn Configuration

    IPv6 MPLS L3VPN configuration The S5500-28SC-HI and S5500-52SC-HI switches do not support IPv6 MPLS L3VPN. IPv6 MPLS L3VPN overview MPLS L3VPN applies to the IPv4 environment. It uses BGP to advertise IPv4 VPN routes and uses MPLS to forward IPv4 VPN packets on the service provider backbone. IPv6 MPLS L3VPN functions similarly.

  • Page 358: Ipv6 Mpls L3Vpn Packet Forwarding

    IPv6 MPLS L3VPN packet forwarding Figure 89 IPv6 MPLS L3VPN packet forwarding diagram As shown in Figure 89, the IPv6 MPLS L3VPN packet forwarding procedure is as follows: The PC at Site 1 sends an IPv6 packet destined for 2001:2::1, the PC at Site 2. CE 1 transmits the packet to PE 1.

  • Page 359: Ipv6 Mpls L3Vpn Network Schemes And Functions

    Then, the ingress PE advertises the VPN-IPv6 routes to the egress PE through MP-BGP. Finally, the egress PE compares the export target attributes of the VPN-IPv6 routes with the import target attributes that it maintains for the VPN instance and, if they are the same, adds the routes to the routing table of the VPN instance.

  • Page 360: Configuration Prerequisites

    Task Remarks Configuring route related attributes for a VPN Optional instance Configuring a tunneling policy for a VPN instance Optional Configuring an LDP instance Optional Configuring routing between PE and CE Required Configuring routing between PEs Required Configuring routing features for the BGP-VPNv6 subaddress family Optional Configuration prerequisites Before configuring basic IPv6 MPLS L3VPN, complete the following tasks:...

  • Page 361: Configuring Route Related Attributes For A Vpn Instance

    To associate a Layer 3 aggregate interface with a VPN instance, you must associate all the member ports of the aggregate interface with the VPN instance. Executing the ip binding vpn-instance command on an interface deletes the IPv6 address of that interface.
  • Page 362 Step Command Remarks Optional. By default, all routes matching the import target attribute are Apply an import routing accepted. import route-policy route-policy policy. Make sure the routing policy to be applied already exists. Otherwise, the switch does not filter received routes.

  • Page 363: Configuring Routing Between Pe And Ce

    IMPORTANT: Create a tunneling policy before applying it to a VPN instance. Otherwise, the default tunneling policy is used. The default tunneling policy selects only one tunnel in this order: LSP tunnel, CR-LSP tunnel. To configure a tunneling policy for a VPN instance: Step Command Remarks...
  • Page 364 Before configuring routing between PE and CE, complete the following tasks: • Assign an IPv6 address to the CE-PE interface of the CE. Assign an IPv6 address to the PE-CE interface of the PE. • Configuring IPv6 static routing between PE and CE Step Command Remarks...
  • Page 365 Step Command Remarks Enter system view. system-view Create an OSPFv3 process for Perform this configuration on PEs. ospfv3 [ process-id ] vpn-instance a VPN instance and enter the On CEs, create a normal OSPF vpn-instance-name OSPFv3 view. process. Set the router ID. router-id router-id Return to system view.

  • Page 366: Configuring Routing Between Pes

    Step Command Remarks Configure the CE as the VPN peer ipv6-address as-number EBGP peer. as-number A PE must redistribute the routes of import-route protocol [ process-id ] Redistribute the routes of the the local CEs into its VPN routing [ med med-value | route-policy local CEs.

  • Page 367: Configuring Routing Features For The Bgp-Vpnv6 Subaddress Family

    Step Command Remarks peer { group-name | ip-address } By default, BGP uses the outbound Specify the source interface connect-interface interface-type interface of the best route to the for route update packets. interface-number BGP peer. Enter BGP-VPNv6 subaddress ipv6-family vpnv6 family view.

  • Page 368: Configuring Inter-As Ipv6 Vpn

    Step Command Remarks Optional. Apply an IPv6-prefix list for peer ip-address ipv6-prefix the peer to filter By default, no IPv6 prefix list is prefix-name { export | import } received/advertised routes. applied for a peer. Specify the preference value Optional. peer ip-address preferred-value for the routes received from value...

  • Page 369: Configuration Prerequisites

    There are three inter-AS VPN solutions (see "Configuring MPLS L3VPN" for more information). Currently, IPv6 MPLS L3VPN supports only inter-AS VPN option A and option C. Configuration prerequisites Before configuring inter-AS IPv6 VPN, complete these tasks: Configuring an IGP for the MPLS backbone in each AS to ensure IP connectivity •...

  • Page 370: Resetting Bgp Connections

    Step Command Remarks Enable the PE to exchange By default, the PE does not peer { group-name | ip-address } labeled routes with the ASBR advertise labeled routes to the IPv4 label-route-capability PE in the same AS. peer/peer group. Configure the PE of another peer { group-name | ip-address } AS as the EBGP peer.

  • Page 371: Displaying Information About Ipv6 Mpls L3Vpn

    Step Command Remarks Hard reset BGP VPNv6 reset bgp vpnv6 { as-number | ip-address | Available in user view connections. all | external | internal } Displaying information about IPv6 MPLS L3VPN Task Command Remarks Display information about the IPv6 display ipv6 routing-table vpn-instance routing table associated with a vpn-instance-name [ verbose ] [ | { begin |...

  • Page 372: Ipv6 Mpls L3Vpn Configuration Examples

    IPv6 MPLS L3VPN configuration examples Configuring IPv6 MPLS L3VPNs Network requirements CE 1 and CE 3 belong to VPN 1. CE 2 and CE 4 belong to VPN 2. • VPN 1 uses route target attributes 1 1 1:1. VPN 2 uses route target attributes 222:2. Users of different •...
  • Page 373 [PE1-LoopBack0] quit [PE1] interface vlan-interface 13 [PE1-Vlan-interface13] ip address 172.1.1.1 24 [PE1- Vlan-interface13] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure the P switch. <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface vlan-interface 13...
  • Page 374 Destinations : 9 Routes : 9 Destination/Mask Proto Cost NextHop Interface 1.1.1.9/32 Direct 0 127.0.0.1 InLoop0 2.2.2.9/32 OSPF 172.1.1.2 Vlan13 3.3.3.9/32 OSPF 172.1.1.2 Vlan13 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 172.1.1.0/24 Direct 0 172.1.1.1 Vlan13 172.1.1.1/32 Direct 0 127.0.0.1 InLoop0...
  • Page 375 # Configure PE 2. [PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface vlan-interface 12 [PE2-Vlan-interface12] mpls [PE2-Vlan-interface12] mpls ldp [PE2-Vlan-interface12] quit After you complete the configurations, LDP sessions are established between PE 1, P, and PE 2. Issue the display mpls ldp session command.
  • Page 376 [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip binding vpn-instance vpn2 [PE1-Vlan-interface12] ipv6 address 2001:2::2 64 [PE1-Vlan-interface12] quit # Configure PE 2. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit [PE2] ip vpn-instance vpn2 [PE2-vpn-instance-vpn2] route-distinguisher 200:2 [PE2-vpn-instance-vpn2] vpn-target 222:2 [PE2-vpn-instance-vpn2] quit [PE2] interface vlan-interface 11 [PE2-Vlan-interface11] ip binding vpn-instance vpn1...
  • Page 377 Establish EBGP peer relationships between the PEs and CEs to allow them to exchange VPN routes: # Configure CE 1. <CE1> system-view [CE1] bgp 65410 [CE1-bgp] ipv6-family [CE1-bgp-af-ipv6] peer 2001:1::2 as-number 100 [CE1-bgp-af-ipv6] import-route direct [CE1-bgp-af-ipv6] quit # Configure the other three CEs (CE 2 through CE 4) in a similar way as you configure CE 1. (Details not shown.) # Configure PE 1.
  • Page 378 [PE2-bgp] ipv6-family vpnv6 [PE2-bgp-af-vpnv6] peer 1.1.1.9 enable [PE2-bgp-af-vpnv6] quit [PE2-bgp] quit After completing the configurations, issue the display bgp peer command or the display bgp vpnv6 all peer command on the PEs. The output shows a BGP peer relationship has been established between the PEs, and has reached the Established state.

  • Page 379: Configuring Inter-As Ipv6 Vpn Option A

    # From each CE, ping other CEs. CEs of the same VPN can ping each other, whereas those of different VPNs are not. For example, CE 1 can ping CE 3 (2001:3::1), but cannot ping CE 4 (2001:4::1): [CE1] ping ipv6 2001:3::1 PING 2001:3::1 : 56 data bytes, press CTRL_C to break Reply from 2001:3::1...
  • Page 380 Figure 91 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan-int12 2001:1::1/64 CE 2 Vlan-int12 2001:2::1/64 PE 1 Loop0 1.1.1.9/32 PE 2 Loop0 4.4.4.9/32 Vlan-int12 2001:1::2/64 Vlan-int12 2001:2::2/64 Vlan-int11 172.1.1.2/24 Vlan-int11 162.1.1.2/24 ASBR-PE 1 Loop0 2.2.2.9/32 ASBR-PE 2 Loop0 3.3.3.9/32...
  • Page 381 [PE1-Vlan-interface11] mpls [PE1-Vlan-interface11] mpls ldp [PE1-Vlan-interface11] quit # Configure the MPLS basic capability on ASBR-PE 1 and enable MPLS LDP for ASBR-PE 1 and for the interface connected to PE 1. <ASBR-PE1> system-view [ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit [ASBR-PE1] interface vlan-interface 11...
  • Page 382 [CE1] interface vlan-interface 12 [CE1-Vlan-interface12] ipv6 address 2001:1::1 64 [CE1-Vlan-interface12] quit # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip binding vpn-instance vpn1 [PE1-Vlan-interface12] ipv6 address 2001:1::2 64 [PE1-Vlan-interface12] quit # Configure CE 2.
  • Page 383 After completing the configurations, you can view the VPN instance configurations by issuing the display ip vpn-instance command. Each PE can ping its attached CE, and ASBR-PE 1 and ASBR-PE 2 can ping each other. Establish EBGP peer relationship between PE and CE switches to allow VPN routes to be redistributed: # Configure CE 1.

  • Page 384: Configuring Inter-As Ipv6 Vpn Option C

    [ASBR-PE1-bgp] ipv6-family vpnv6 [ASBR-PE1-bgp-af-vpnv6] peer 1.1.1.9 enable [ASBR-PE1-bgp-af-vpnv6] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ipv6-family vpn-instance vpn1 [ASBR-PE2-bgp-ipv6-vpn1] peer 2002:1::1 as-number 100 [ASBR-PE2-bgp-ipv6-vpn1] quit [ASBR-PE2-bgp] peer 4.4.4.9 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [ASBR-PE2-bgp] ipv6-family vpnv6 [ASBR-PE2-bgp-af-vpnv6] peer 4.4.4.9 enable [ASBR-PE2-bgp-af-vpnv6] quit...
  • Page 385 Figure 92 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 Loop1 2001:1::1/128 Loop1 2001:1::2/128 Vlan-int11 1.1.1.2/8 Vlan-int11 9.1.1.2/8 ASBR-PE 1 Loop0 3.3.3.9/32 ASBR-PE 2 Loop0 4.4.4.9/32 Vlan-int11 1.1.1.1/8 Vlan-int11 9.1.1.1/8 Vlan-int12 11.0.0.2/8 Vlan-int12...
  • Page 386 [PE1-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and route target attributes for it. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Configure interface Loopback 1 and bind the interface to VPN instance vpn1. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ipv6 address 2001:1::1 128...
  • Page 387 # Configure interface VLAN-interface 11, and start IS-IS and enable MPLS and LDP on the interface. [ASBR-PE1] interface vlan-interface 11 [ASBR-PE1-Vlan-interface11] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-Vlan-interface11] isis enable 1 [ASBR-PE1-Vlan-interface11] mpls [ASBR-PE1-Vlan-interface11] mpls ldp [ASBR-PE1-Vlan-interface11] quit # Configure interface VLAN-interface 12 and enable MPLS on it. [ASBR-PE1] interface vlan-interface 12 [ASBR-PE1-Vlan-interface12] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Vlan-interface12] mpls...
  • Page 388 [ASBR-PE2] isis 1 [ASBR-PE2-isis-1] network-entity 10.333.333.333.333.00 [ASBR-PE2-isis-1] quit # Configure an LSR ID, enable MPLS and LDP. [ASBR-PE2] mpls lsr-id 4.4.4.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] label advertise non-null [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit # Configure interface VLAN-interface 11, start IS-IS and enable MPLS and LDP on the interface. [ASBR-PE2] interface vlan-interface 11 [ASBR-PE2-Vlan-interface11] ip address 9.1.1.1 255.0.0.0 [ASBR-PE2-Vlan-interface11] isis enable 1...
  • Page 389 [ASBR-PE2-bgp] peer 11.0.0.2 as-number 100 [ASBR-PE2-bgp] peer 11.0.0.2 route-policy policy1 export # Configure the capability to advertise labeled routes to and receive labeled routes from EBGP peer 11.0.0.2. [ASBR-PE2-bgp] peer 11.0.0.2 label-route-capability [ASBR-PE2-bgp] quit Configure PE 2: # Start IS-IS on PE 2. <PE2>...
  • Page 390 # Configure the capability to advertise labeled routes to IBGP peer 4.4.4.9 and to receive labeled routes from the peer. [PE2-bgp] peer 4.4.4.9 as-number 600 [PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE2-bgp] peer 4.4.4.9 label-route-capability # Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10. [PE2-bgp] peer 2.2.2.9 as-number 100 [PE2-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE2-bgp] peer 2.2.2.9 ebgp-max-hop 10...

  • Page 391: Configuring Carrier's Carrier

    Reply from 2001:1::2 bytes=56 Sequence=5 hop limit=64 time = 1 ms --- 2001:1::2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms Configuring carrier's carrier Network requirements Configure carrier's carrier for the scenario shown in Figure 93.
  • Page 392 Figure 93 Network diagram Device Interface IP address Device Interface IP address CE 3 Vlan-int11 2001:1::1/64 CE 4 Vlan-int11 2001:2::1/64 PE 3 Loop0 1.1.1.9/32 PE 4 Loop0 6.6.6.9/32 Vlan-int11 2001:1::2/64 Vlan-int11 2001:2::2/64 Vlan-int12 10.1.1.1/24 Vlan-int12 20.1.1.2/24 CE 1 Loop0 2.2.2.9/32 CE 2 Loop0 5.5.5.9/32...
  • Page 393 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip address 30.1.1.1 24 [PE1-Vlan-interface12] isis enable 1 [PE1-Vlan-interface12] mpls [PE1-Vlan-interface12] mpls ldp [PE1-Vlan-interface2] mpls ldp transport-address interface [PE1-Vlan-interface2] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.4.4.9 enable [PE1-bgp-af-vpnv4] quit...
  • Page 394 [PE3-LoopBack0] quit [PE3] mpls lsr-id 1.1.1.9 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0000.0001.00 [PE3-isis-2] quit [PE3] interface loopback 0 [PE3-LoopBack0] isis enable 2 [PE3-LoopBack0] quit [PE3] interface vlan-interface 12 [PE3-Vlan-interface12] ip address 10.1.1.1 24 [PE3-Vlan-interface12] isis enable 2 [PE3-Vlan-interface12] mpls [PE3-Vlan-interface12] mpls ldp...
  • Page 395 [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] mpls ldp vpn-instance vpn1 [PE1-mpls-ldp-vpn-instance-vpn1] quit [PE1] isis 2 vpn-instance vpn1 [PE1-isis-2] network-entity 10.0000.0000.0000.0003.00 [PE1-isis-2] import-route bgp allow-ibgp [PE1-isis-2] quit [PE1] interface vlan-interface11 [PE1-Vlan-interface11] ip binding vpn-instance vpn1 [PE1-Vlan-interface11] ip address 11.1.1.2 24 [PE1-Vlan-interface11] isis enable 2 [PE1-Vlan-interface11] mpls...
  • Page 396 [PE3-vpn-instance-vpn1] route-distinguisher 100:1 [PE3-vpn-instance-vpn1] vpn-target 1:1 [PE3-vpn-instance-vpn1] quit [PE3] interface Vlan-interface11 [PE3-Vlan-interface11] ip binding vpn-instance vpn1 [PE3-Vlan-interface11] ipv6 address 2001:1::2 64 [PE3-Vlan-interface11] quit [PE3] bgp 100 [PE3-bgp] ipv6-family vpn-instance vpn1 [PE3-bgp-ipv6-vpn1] peer 2001:1::1 as-number 65410 [PE3-bgp-ipv6-vpn1] import-route direct [PE3-bgp-ipv6-vpn1] quit [PE3-bgp] quit # Configure PE 4 and CE 4 in a similar way as you configure PE 3 and CE 3.
  • Page 397 Destinations : 11 Routes : 11 Destination/Mask Proto Cost NextHop Interface 1.1.1.9/32 ISIS 11.1.1.1 Vlan11 2.2.2.9/32 ISIS 11.1.1.1 Vlan11 5.5.5.9/32 4.4.4.9 NULL0 6.6.6.9/32 4.4.4.9 NULL0 10.1.1.0/24 ISIS 11.1.1.1 Vlan11 11.1.1.0/24 Direct 0 11.1.1.1 Vlan11 11.1.1.1/32 Direct 0 127.0.0.1 InLoop0 11.1.1.2/32 Direct 0 11.1.1.2 Vlan11...
  • Page 398 10.1.1.0/24 Direct 0 10.1.1.1 Vlan12 10.1.1.1/32 Direct 0 127.0.0.1 InLoop0 10.1.1.2/32 Direct 0 10.1.1.2 Vlan12 11.1.1.0/24 ISIS 10.1.1.2 Vlan12 20.1.1.0/24 ISIS 10.1.1.2 Vlan12 21.1.1.0/24 ISIS 10.1.1.2 Vlan12 21.1.1.2/32 ISIS 10.1.1.2 Vlan12 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # PE 3 and PE 4 can ping each other: [PE3] ping 20.1.1.2...

  • Page 399: Index

    Index B C D E I M O R S T V Creating an MPLS TE tunnel with a dynamic signaling protocol,104 Binding a service instance with a VPLS instance,172 Displaying and maintaining MCE,21 Configuring a PE-CE interface of a PE,199 Displaying and maintaining MPLS,80...
  • Page 400 MPLS overview,53 MPLS TE configuration examples,128 Setting MPLS statistics reading interval,76 MPLS TE configuration task list,102 Troubleshooting MPLS L2VPN,226 Overview,91 Troubleshooting MPLS TE,162 Overview,37 Troubleshooting VPLS,189 Overview,227 Tuning CR-LSP setup,1 12 Tuning MPLS TE tunnel setup,1 14 Resetting BGP connections,46 Resetting BGP connections,20 VPLS configuration...

This manual is also suitable for:

S10500 series

Table of Contents