HPE 5820X Series Configuration Manual
  1. Manuals
  2. Brands
  3. HPE Manuals
  4. Switch
  5. 5820X Series
  6. Configuration manual
HPE 5820X Series Configuration Manual

HPE 5820X Series Configuration Manual

Mpls
Hide thumbs Also See for 5820X Series:
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual, Installation Manual
HPE 5820X & 5800 Switch Series
MPLS

Configuration Guide

Part number: 5998-7393R
Software version: Release 1810
Document version: 6W100-20160129

Advertisement

Table of Contents
loading

Related Manuals for HPE 5820X Series

Summary of Contents for HPE 5820X Series

  • Page 1: Configuration Guide

    HPE 5820X & 5800 Switch Series MPLS Configuration Guide Part number: 5998-7393R Software version: Release 1810 Document version: 6W100-20160129...
  • Page 2 © Copyright 2016 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents Configuring MCE ····························································································· 1 Overview ···························································································································································· 1 MPLS L3VPN ············································································································································· 1 MPLS L3VPN concepts ······························································································································ 2 Multi-VPN-instance CE ······························································································································ 4 Using MCE in tunneling applications ·········································································································· 5 Configuring routing on an MCE ·························································································································· 6 Route exchange between an MCE and a VPN site ··················································································· 6 Route exchange between an MCE and a PE ·····························································································...
  • Page 4 Configuring LDP label filtering ·················································································································· 66 Configuring DSCP for outgoing LDP packets ·························································································· 68 Maintaining LDP sessions ································································································································ 68 Configuring BFD for MPLS LDP ··············································································································· 68 Resetting LDP sessions ··························································································································· 69 Managing and optimizing MPLS forwarding ···································································································· 69 Configuring a TTL processing mode for an LSR ······················································································ 69 Sending back ICMP TTL exceeded messages for MPLS TTL expired packets ······································...
  • Page 5 Assigning priorities to a tunnel ··············································································································· 111 Configuring traffic forwarding ························································································································· 112 Forwarding traffic along MPLS TE tunnels using static routes ······························································· 112 Forwarding traffic along MPLS TE tunnels through automatic route advertisement ······························ 112 Configuring traffic forwarding tuning parameters ··························································································· 114 Configuring the failed link timer ··············································································································...
  • Page 6 Configuring MAC address learning ················································································································ 182 Configuring VPLS instance attributes ············································································································ 182 Inspecting PWs ·············································································································································· 183 Displaying and maintaining VPLS ·················································································································· 183 VPLS configuration examples ························································································································ 184 Binding service instances to VPLS instances ························································································ 185 Configuring hub-spoke VPLS ················································································································· 189 Configuring PW redundancy for H-VPLS access ···················································································...
  • Page 7 MPLS L3VPN configuration task list ·············································································································· 261 Configuring basic MPLS L3VPN ···················································································································· 262 Configuring VPN instances ···················································································································· 262 Configuring routing between PE and CE ······························································································· 266 Configuring routing between PEs ··········································································································· 271 Configuring routing features for BGP VPNv4 subaddress family ··························································· 272 Configuring inter-AS VPN ······························································································································...
  • Page 8 Support and other resources ······································································ 401 Accessing Hewlett Packard Enterprise Support ···························································································· 401 Accessing updates ········································································································································· 401 Websites ················································································································································ 402 Customer self repair ······························································································································· 402 Remote support ······································································································································ 402 Documentation feedback ······················································································································· 402 Index ··········································································································· 403...

  • Page 9: Configuring Mce

    Configuring MCE This chapter covers only MCE-related configuration. For information about routing protocols, see Layer 3—IP Services Configuration Guide. The term "router" in this chapter refers to both routers and Layer 3 switches. The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN interfaces, Layer 3 Ethernet interfaces, and Layer 3 aggregate interfaces.

  • Page 10: Mpls L3Vpn Concepts

    Figure 1 Network diagram for MPLS L3VPN model CEs and PEs mark the boundary between the service providers and the customers. After a CE establishes adjacency with a directly connected PE, it advertises its VPN routes to the PE and learns remote VPN routes from the PE. A CE and a PE use BGP/IGP to exchange routing information.
  • Page 11 The address spaces of VPNs may overlap. For example, if both VPN 1 and VPN 2 use the addresses on network segment 10.110.10.0/24, the address space overlaps. VPN instance In MPLS VPN, routes of different VPNs are identified by VPN instance. A PE creates and maintains a separate VPN instance for each VPN at a directly connected site.

  • Page 12: Multi-Vpn-Instance Ce

    To guarantee the global uniqueness of an RD, do not set the Administrator subfield to any private AS number or private IP address. Route target attributes MPLS L3VPN uses the BGP extended community attributes called "route target attributes" to control the advertisement of VPN routing information.

  • Page 13: Using Mce In Tunneling Applications

    Figure 3 Network diagram for the MCE function VPN 1 VPN 2 Site 1 Site 1 VLAN-int2 VLAN-int7 VLAN-int8 VLAN-int3 VPN 2 Site 2 Site 2 VPN 1 On the left-side network, there are two VPN sites, both of which are connected to the MPLS backbone through the MCE device.

  • Page 14: Configuring Routing On An Mce

    the corresponding sites. As shown in Figure 4, you can bind Tunnel 1 to VPN 1 to make the MCE devices deliver the routing information and data of VPN 1 through the tunnel. You can also use an MCE in a tunneling application as shown in Figure 5 to connect multiple remote CEs through tunnels.

  • Page 15: Route Exchange Between An Mce And A Pe

    emergence of MCE. MCE allows static-route-to-VPN-instance binding, which isolates the static routes of different VPNs. The switch can bind RIP processes to VPN instances. With these bindings on the MCE, private network routes of different VPNs can be exchanged between MCE and sites through different RIP processes, isolating and securing VPN routes.

  • Page 16: Configuring Vpn Instances

    • OSPF • IS-IS • IBGP • EBGP For information about routing protocol configuration and route import, see Layer 3—IP Routing Configuration Guide. Configuring VPN instances You must configure VPN instances in all MCE networking schemes. VPN instances isolate not only VPN routes from public network routes, but also routes of a VPN from those of another VPN.

  • Page 17: Configuring Route Attributes Of A Vpn Instance

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, no VPN instance is associated with any interface. Associating the interface with a Associate the interface with ip binding vpn-instance VPN instance clears the IP a VPN instance.

  • Page 18: Configuring Routing On An Mce

    Step Command Remarks Optional. Apply an import routing By default, all routes permitted by policy to the current VPN import route-policy route-policy the import target attribute can be instance. redistributed into the VPN instance. Optional. Apply an export routing By default, all VPN instance policy to the current VPN export route-policy route-policy routes permitted by the export...
  • Page 19 Step Command Remarks • ip route-static dest-address { mask | mask-length } { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } Use either command. [ preference preference-value ] [ tag Perform this tag-value ] [ description description-text ] Configure a static configuration on the route for a VPN...
  • Page 20 To configure OSPF between an MCE and a VPN site: Step Command Remarks Enter system view. system-view Perform this configuration on the MCE. On a VPN site, create a normal OSPF process. Create an OSPF process for ospf [ process-id | router-id An OSPF process can belong to a VPN instance and enter router-id | vpn-instance...
  • Page 21 Step Command Remarks Optional. import-route { isis [ process-id ] | By default, IS-IS does not ospf [ process-id ] | rip redistribute routes of any other [ process-id ] | bgp [ allow-ibgp ] | routing protocol. Redistribute remote site direct | static } [ cost cost | routes advertised by the PE.
  • Page 22 BGP checks routing loops by examining AS numbers. If EBGP is used, the MCE advertises routing information carrying the local AS number to the site and then receives routing updates from the site. The routing updates carry the AS number of the MCE, so the MCE discards the updates to avoid routing loops.

  • Page 23: Configuring Routing Between An Mce And A Pe

    NOTE: After you configure a VPN site as an IBGP peer of the MCE, the MCE does not advertise the BGP routes learned from the VPN site to other IBGP peers, including VPNv4 peers. An MCE advertises routes learned from a VPN site to other IBGP peers only when you configure the VPN site as a client of the RR (the MCE).
  • Page 24 Step Command Remarks Enter system view. system-view Create a RIP process for a rip [ process-id ] vpn-instance VPN instance and enter RIP vpn-instance-name view. Enable RIP on the interface By default, RIP is disabled attached to the specified network network-address on an interface.
  • Page 25 Configuring IS-IS between an MCE and a PE Step Command Remarks Enter system view. system-view Create an IS-IS process for a VPN isis [ process-id ] vpn-instance instance and enter vpn-instance-name IS-IS view. Configure a network By default, no network entity title network-entity net entity title.

  • Page 26: Resetting Bgp Connections

    NOTE: BGP runs within a VPN in the same way as it runs within a public network. For more information about BGP, see Layer 3—IP Routing Configuration Guide. Configuring IBGP between an MCE and a PE Step Command Remarks Enter system view. system-view Enter BGP view.

  • Page 27: Displaying And Maintaining Mce

    Task Command Refresh the BGP connections in a refresh bgp vpn-instance vpn-instance-name { ip-address | all | specific VPN instance. external | group group-name } { export | import } Reset BGP connections of a VPN reset bgp vpn-instance vpn-instance-name { as-number | instance.

  • Page 28: Configuration Examples

    Task Command Remarks display bgp vpnv4 vpn-instance vpn-instance-name routing-table [ network-address [ { mask | mask-length } [ longer-prefixes ] ] | as-path-acl as-path-acl-number | cidr | community [ aa:nn ]&<1-13> [ no-advertise | no-export | no-export-subconfed ] * [ whole-match ] | community-list { basic-community-list-number Display the BGP VPNv4 routing [ whole-match ] |...
  • Page 29 Figure 6 Network diagram Configuration procedure Assume that the system name of the MCE device is MCE, the system names of the edge devices of VPN 1 and VPN 2 are VR1 and VR2, respectively, and the system name of PE 1 is PE1. Configure the VPN instances on the MCE and PE 1: # On the MCE, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance.
  • Page 30 # Configure VLAN 20, add port GigabitEthernet 1/0/2 to VLAN 20, bind VLAN-interface 20 to VPN instance vpn2, and specify an IP address for VLAN-interface 20. [MCE-Vlan-interface10] quit [MCE] vlan 20 [MCE-vlan20] port gigabitethernet 1/0/2 [MCE-vlan20] quit [MCE] interface vlan-interface 20 [MCE-Vlan-interface20] ip binding vpn-instance vpn2 [MCE-Vlan-interface20] ip address 10.214.20.3 24 [MCE-Vlan-interface20] quit...
  • Page 31 [MCE-rip-20] network 10.214.20.0 [MCE-rip-20] quit # On VR 2, assign IP address 10.214.20.2/24 to the interface connected to MCE and 192.168.10.1/24 to the interface connected to VPN 2. (Details not shown.) # Configure RIP, and advertise subnets 192.168.10.0 and 10.214.20.0. <VR2>...
  • Page 32 [MCE] interface vlan-interface 40 [MCE-Vlan-interface40] ip binding vpn-instance vpn2 [MCE-Vlan-interface40] ip address 40.1.1.1 24 [MCE-Vlan-interface40] quit # On PE 1, create VLAN 30 and VLAN-interface 30, bind the VLAN interface to VPN instance vpn1, and configure an IP address for the VLAN interface. [PE1] vlan 30 [PE1-vlan30] quit [PE1] interface vlan-interface 30...

  • Page 33: Using Bgp To Advertise Vpn Routes To The Pe

    127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 192.168.0.0/24 O_ASE 30.1.1.1 Vlan30 The output shows that the static route of VPN 1 has been redistributed to the OSPF routing table of PE 1. Perform similar procedures to configure OSPF process 20 between MCE and PE 1, and redistribute VPN 2's routing information from RIP into the OSPF routing table of MCE.
  • Page 34 Figure 7 Network diagram Configuration procedure Configure VPN instances: Create VPN instances on the MCE and PE 1, and bind the VPN instances to VLAN interfaces. For the configuration procedure, see "Using OSPF to advertise VPN routes to the PE." Configure routing between the MCE and VPN sites: # Start an OSPF process on the devices in the two VPNs and advertise the subnets.
  • Page 35 192.168.0.0/24 OSPF 10.214.10.2 Vlan10 The output shows that the MCE has learned the private route of VPN 1 through OSPF process # On MCE, bind OSPF process 20 to VPN instance vpn2 to learn the routes of VPN 2. The configuration procedure is similar to that for OSPF process 10.

  • Page 36: Using Tunnels To Advertise Vpn Routes

    # Perform similar configuration on the MCE and PE 1 for VPN 2. Redistribute the OSPF routes of VPN instance vpn2 into the EBGP routing table. (Details not shown.) The following output shows that PE 1 has learned the private route of VPN 2 through BGP: [PE1] display ip routing-table vpn-instance vpn2 Routing Tables: vpn2 Destinations : 5...
  • Page 37 Figure 9 Network topology of VPN 1 with the MCEs Figure 10 Network topology of VPN 2 with the MCEs Configuration procedure Configure MCE 1: # Create VLAN 100 and VLAN 101, configure GigabitEthernet 1/0/15 as a trunk port, and add it to the two VLANs.
  • Page 38 # Create loopback group 1 and specify the service type as tunnel. [MCE1] service-loopback group 1 type tunnel # Add any unused port (GigabitEthernet 1/0/3 in this example) to loopback group 1. [MCE1] interface GigabitEthernet 1/0/3 [MCE1-GigabitEthernet1/0/3] undo stp enable [MCE1-GigabitEthernet1/0/3] port service-loopback group 1 # Reference the loopback group on the tunnel interface.
  • Page 39 [MCE2-Tunnel0] source vlan-interface 100 # Specify the destination address of the tunnel. [MCE2-Tunnel0] destination 192.168.1.1 [MCE2-Tunnel0] quit # Create loopback group 1 and specify its service type as tunnel. [MCE2] service-loopback group 1 type tunnel # Add any unused port (GigabitEthernet 1/0/3 in this example) to loopback group 1. [MCE2] interface GigabitEthernet 1/0/3 [MCE2-GigabitEthernet1/0/3] undo stp enable [MCE2-GigabitEthernet1/0/3] port service-loopback group 1...
  • Page 40 [MCE1-Vlan-interface10] quit [MCE1] interface tunnel 0 [MCE1-Tunnel0] ip binding vpn-instance vpn1 [MCE1-Tunnel0] ip address 10.1.1.1 24 # Bind VLAN-interface 11 and Tunnel1 to VPN instance vpn2, and configure IP addresses for the VLAN interface and tunnel interface. [MCE1] vlan 11 [MCE1-vlan11] port gigabitethernet 1/0/11 [MCE1-vlan11] quit [MCE1] interface vlan-interface 11...
  • Page 41 [MCE2-Vlan-interface21] ip binding vpn-instance vpn2 [MCE2-Vlan-interface21] ip address 10.214.40.1 24 [MCE2-Vlan-interface21] quit [MCE2] interface tunnel 1 [MCE2-Tunnel1] ip binding vpn-instance vpn2 [MCE2-Tunnel1] ip address 10.1.2.2 24 [MCE2-Tunnel1] quit Advertise routes of VPN 1: # On MCE 1, configure OSPF process 1 for VPN instance vpn1, and configure OSPF to support MCE.
  • Page 42 # On MCE 2, configure OSPF process 2 for VPN instance vpn2, and configure OSPF to support MCE. Be sure to configure the same OSPF area as that configured at site 2 of VPN 2, area 0 in this example. [MCE2] ospf 2 vpn-instance vpn2 router-id 172.16.2.1 [MCE2-ospf-2] vpn-instance-capability simple [MCE2-ospf-2] area 0...

  • Page 43: Configuring Ipv6 Mce

    Configuring IPv6 MCE This chapter describes how to configure the IPv6 MCE function. Overview In an IPv6 MPLS L3VPN, an IPv6 MCE advertises IPv6 routing information between the VPN site and the connected PE and forwards IPv6 packets. An IPv6 MCE operates in the same way as an IPv4 MCE.

  • Page 44: Configuring Route Related Attributes For A Vpn Instance

    Step Command Remarks By default, no VPN instance is associated with an interface. Associating an interface with a Associate a VPN instance ip binding vpn-instance VPN instance clears the IPv6 with the interface. vpn-instance-name address of the interface. Therefore, you must reconfigure the IPv6 address of the interface after executing this command.

  • Page 45: Configuring Routing On An Ipv6 Mce

    NOTE: • Route related attributes configured in VPN instance view are applicable to both IPv4 VPNs and IPv6 VPNs. • You can configure route related attributes for IPv6 VPNs in both VPN instance view and IPv6 VPN view. Those configured in IPv6 VPN view take precedence. Configuring routing on an IPv6 MCE An IPv6 MCE implements service isolation through route isolation.
  • Page 46 Step Command Remarks ipv6 route-static ipv6-address • prefix-length { interface-type interface-number [ next-hop-address ] | next-hop-address | vpn-instance d-vpn-instance-name nexthop-address } [ preference preference-value ] [ tag tag-value ] [ description Use either command. description-text ] Perform this Configure an IPv6 static ipv6 route-static vpn-instance •...
  • Page 47 By configuring OSPFv3 process-to-IPv6 VPN instance bindings on an IPv6 MCE, you allow routes of different IPv6 VPNs to be exchanged between the IPv6 MCE and the sites through different OSPFv3 processes, ensuring the separation and security of IPv6 VPN routes. For more information about OSPFv3, see Layer 3—IP Routing Configuration Guide.
  • Page 48 Step Command Remarks Optional. By default, no routes from any other routing protocol are ipv6 import-route protocol [ process-id ] [ allow-ibgp ] [ cost redistributed to IPv6 IS-IS. Redistribute remote site cost | [ level-1 | level-1-2 | routes advertised by the PE. If you do not specify the route level-2 ] | route-policy level in the command,...

  • Page 49: Configuring Routing Between Ipv6 Mce And Pe

    Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. Configure the IPv6 MCE as peer ipv6-address as-number the EBGP peer. as-number Optional. By default, no route redistribution import-route protocol is configured. Redistribute the IGP routes [ process-id [ med med-value | A VPN site must advertise the...
  • Page 50 Step Command Remarks import-route protocol [ process-id ] By default, no route of any Redistribute the VPN [ allow-ibgp ] [ cost cost | route-policy other routing protocol is routes. route-policy-name ] * redistributed into RIPng. Configure the default cost Optional.
  • Page 51 Step Command Remarks Optional. By default, IS-IS does not redistribute routes of any other ipv6 import-route protocol [ process-id ] [ allow-ibgp ] [ cost cost | routing protocol. Redistribute the VPN [ level-1 | level-1-2 | level-2 ] | routes.

  • Page 52: Resetting Ipv6 Bgp Connections

    Resetting IPv6 BGP connections When BGP configuration changes, you can use the soft reset function or reset BGP connections to make new configurations take effect. Soft reset requires that BGP peers have route refreshment capability (supporting Route-Refresh messages). To hard reset or soft reset BGP connections: Task Command Remarks...

  • Page 53: Ipv6 Mce Configuration Example

    IPv6 MCE configuration example Network requirements As shown in Figure 11, the IPv6 MCE device is connected to VPN 1 through VLAN-interface 10 and to VPN 2 through VLAN-interface 20. RIPng is used in VPN 2. Configure the IPv6 MCE to separate routes from different VPNs and advertise VPN routes to PE 1 through OSPFv3.
  • Page 54 [MCE-vpn-instance-vpn2] vpn-target 20:1 [MCE-vpn-instance-vpn2] quit # Create VLAN 10, add port GigabitEthernet 1/0/1 to VLAN 10, and create VLAN-interface 10. [MCE] vlan 10 [MCE-vlan10] port gigabitethernet 1/0/1 [MCE-vlan10] quit # Bind VLAN-interface 10 to VPN instance vpn1, and configure an IPv6 address for the VLAN interface.
  • Page 55 [MCE] interface vlan-interface 20 [MCE-Vlan-interface20] ripng 20 enable [MCE-Vlan-interface20] quit # On VR 2, assign IPv6 address 2002:1::2/64 to the interface connected to the MCE and 2012::2/64 to the interface connected to VPN 2. (Details not shown.) # Configure RIPng, and advertise subnets 2012::/64 and 2002:1::/64. <VR2>...
  • Page 56 Destination: 2002:1::/64 Protocol : Direct NextHop : 2002:1::1 Preference: 0 Interface : Vlan20 Cost Destination: 2002:1::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2012::/64 Protocol : RIPng NextHop : FE80::20F:E2FF:FE3E:9CA2 Preference: 100 Interface : Vlan20 Cost Destination: FE80::/10 Protocol...
  • Page 57 [PE1-vlan30] quit [PE1] interface vlan-interface 30 [PE1-Vlan-interface30] ip binding vpn-instance vpn1 [PE1-Vlan-interface30] ipv6 address 30::2 64 [PE1-Vlan-interface30] quit # On PE 1, create VLAN 40 and VLAN-interface 40, bind VLAN-interface 40 to VPN instance vpn2 and configure an IPv6 address for the VLAN-interface 40. [PE1] vlan 40 [PE1-vlan40] quit [PE1] interface vlan-interface 40...
  • Page 58 NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2012:1::/64 Protocol : OSPFv3 NextHop : FE80::202:FF:FE02:2 Preference: 150 Interface : Vlan30 Cost Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost The output shows that PE 1 has learned the private route of VPN 1 through OSPFv3. Take similar procedures to configure OSPFv3 process 20 between the MCE and PE 1 and redistribute VPN 2's routes from RIPng process 20 into the OSPFv3 routing table of the MCE.

  • Page 59: Configuring Basic Mpls

    (see Layer 2—LAN Switching Configuration Guide). This chapter describes how to configure basic MPLS. Hardware compatibility The HPE 5820X Switch Series does not support MPLS. MPLS overview Multiprotocol Label Switching (MPLS) enables connection-oriented label switching on connectionless IP networks.
  • Page 60 A label is encapsulated between the Layer 2 header and Layer 3 header of a packet. A label is four bytes in length and consists of the following fields: • Label—20 bits in length. Label value for identifying a FEC. •...

  • Page 61: Mpls Network Structure

    MPLS network structure Figure 14 Diagram of the MPLS network structure LSRs in the same routing or administrative domain form an MPLS domain. An MPLS domain consists of the following types of LSRs: • Ingress LSRs receive and label packets coming into the MPLS domain. •...
  • Page 62 Figure 15 Process of dynamic LSP establishment Ingress Egress LSR A LSR C LSR B LSR D LSR E LSR F LSR G LSR H Label mapping If equal-cost routes exist on the LSRs, MPLS establishes equal-cost LSPs based on these routes, and shares loads among the equal-cost LSPs.

  • Page 63: Mpls Forwarding

    Label distribution control modes include the independent mode and the ordered mode. • In independent mode, an LSR can distribute label bindings upstream at any time. This means that an LSR may have distributed a label binding for a FEC to its upstream LSR before it receives a binding for that FEC from its downstream LSR.
  • Page 64 • FEC to NHLFE (FTN) map—FTN maps each FEC to a set of NHLFEs at the ingress LSR. The FTN map is used for forwarding unlabeled packets that need MPLS forwarding. When an LSR receives an unlabeled packet, it looks for the corresponding FIB entry. If the Token value of the FIB entry is not Invalid, the packet must be forwarded through MPLS.

  • Page 65: Ldp

    In an MPLS network, when an egress node receives a labeled packet, it looks up the LFIB, pops the label of the packet, and then performs the next level label forwarding or performs IP forwarding. The egress node needs to do two forwarding table lookups to forward a packet: looking up the LFIB twice or looking up the LFIB and the FIB once each.
  • Page 66 LDP operation LDP goes through the following phases in operation: Discovery Each LSR sends hello messages periodically to notify neighboring LSRs of its presence. In this way, LSRs can automatically discover their LDP peers. LDP provides the following discovery mechanisms: Basic discovery mechanism—Discovers directly connected LSRs and establishes link hello adjacencies with them.

  • Page 67: Protocols

    Receiving a shutdown message from the peer An LSR can also send a Shutdown message to its LDP peer to terminate the LDP session. When receiving the Shutdown message from an LDP peer, an LSR terminates the session with the LDP peer. Protocols •...

  • Page 68: Enabling The Mpls Function

    Task Remarks Configuring MPLS LSP tracert Optional. Configuring BFD for LSPs Optional. Configuring periodic LSP tracert Optional. Enabling MPLS trap Optional. Enabling the MPLS function In an MPLS domain, you must enable MPLS on all routers before you can configure other MPLS features.

  • Page 69: Establishing Dynamic Lsps Through Ldp

    When you configure a static LSP, follow these configuration restrictions and guidelines: • The outgoing label of an upstream LSR is the incoming label of its downstream LSR. • When you configure a static LSP on the ingress LSR, the next hop specified must be consistent with the next hop of the optimal route in the routing table.

  • Page 70: Configuring Local Ldp Session Parameters

    Step Command Remarks Optional. By default, the LDP LSR ID is the same as the MPLS LSR ID. You need to perform this task only Configure the LDP LSR ID. in a multi-VPN context to make lsr-id lsr-id sure different LDP instances have different LDP LSR IDs if their address spaces overlap.

  • Page 71: Configuring Remote Ldp Session Parameters

    Configuring remote LDP session parameters LDP sessions established between remote LDP peers are remote LDP sessions. Remote LDP sessions are mainly used in Martini MPLS L2VPN, and Martini VPLS. For more information about remote session applications, see "Configuring MPLS L2VPN" and "Configuring VPLS."...

  • Page 72: Configuring The Policy For Triggering Lsp Establishment

    • The device supports PHP when it operates as a penultimate hop. • For LDP sessions that already exist before the label advertise command is configured, you must reset the LDP sessions by using the reset mpls ldp command for the PHP configuration to take effect.

  • Page 73: Configuring The Label Distribution Control Mode

    Configuring the label distribution control mode With the label re-advertisement function enabled, an LSR periodically looks for FECs not assigned with labels, assigns labels to them if any, and advertises the label-FEC bindings. You can set the label re-advertisement interval as needed. To configure the LDP label distribution control mode: Step Command...

  • Page 74: Configuring Ldp Md5 Authentication

    • All loop detection configurations take effect for only the LSPs established after the configurations. Changing the loop detection settings does not affect existing LSPs. You can execute the reset mpls ldp command in user view, so the loop detection settings also take effect for existing LSPs.
  • Page 75 Label acceptance control Label acceptance control is for filtering received label bindings. An upstream LSR filters the label bindings received from the specified downstream LSR and accepts only those permitted by the specified prefix list. As shown in Figure 19, upstream device LSR A filters the label bindings received from downstream device LSR B.

  • Page 76: Configuring Dscp For Outgoing Ldp Packets

    Configuration procedure For two neighboring LSRs, configuring a label acceptance control policy on the upstream LSR and configuring a label advertisement control policy on the downstream LSR have the same effect. To reduce network traffic, Hewlett Packard Enterprise recommends configuring only label advertisement control policies.

  • Page 77: Resetting Ldp Sessions

    Resetting LDP sessions If you change LDP session parameters when some LDP sessions are up, the LDP sessions cannot function correctly. In this case, reset LDP sessions so the LDP peers will renegotiate parameters and establish new sessions. To reset LDP sessions, perform the following task in user view: Task Command reset mpls ldp [ all | [ vpn-instance vpn-instance-name ] [ fec...

  • Page 78: Sending Back Icmp Ttl Exceeded Messages For Mpls Ttl Expired Packets

    Figure 22 TTL processing when TTL propagation is disabled Configuration guidelines Hewlett Packard Enterprise recommends configuring the same TTL processing mode on all LSRs along an LSP. To enable IP TTL propagation for a VPN, you must enable it on all PE devices in the VPN, so that you can get the same traceroute result (hop count) from those PEs.

  • Page 79: Configuring Ldp Gr

    To configure the device to send back an ICMP TTL exceeded message for a received MPLS TTL expired packet: Step Command Remarks Enter system view. system-view Enter MPLS view. mpls Enable the device to send Optional. back an ICMP TTL exceeded ttl expiration enable message when it receives an Enabled by default.
  • Page 80 Figure 23 LDP GR GR helper GR restarter GR helper GR helper LDP session with GR capability Two LDP peers perform GR negotiation when establishing an LDP session. The LDP session established is GR capable only when both peers support LDP GR. LDP GR operates in the following procedure: Whenever restarting, the GR restarter preserves all MPLS forwarding entries, marks them as stale, and starts the MPLS forwarding state holding timer for them.

  • Page 81: Configuring Ldp Nsr

    Step Command Remarks Enter MPLS LDP view. mpls ldp Enable MPLS LDP GR. Disabled by default. graceful-restart Optional. graceful-restart timer Set the FT reconnect time. reconnect timer 300 seconds by default. Optional. Set the LDP neighbor graceful-restart timer liveness time. neighbor-liveness timer 120 seconds by default.

  • Page 82: Inspecting Lsps

    Step Command Remarks Enter system view. system-view Enter MPLS view. mpls The default interval is 0 seconds. Set LSP statistics reading The system does not read LSP statistics interval interval-time interval. statistics. Inspecting LSPs In MPLS, the MPLS control plane is responsible for establishing LSPs. However, when an LSP fails to forward data, the control plane cannot detect the LSP failure or cannot do so in time.

  • Page 83: Configuring Bfd For Lsps

    For more information about ICMP time exceeded messages, ICMP destination unreachable messages, and ICMP extensions for MPLS, see Layer 3—IP Services Configuration Guide. Configuration procedure To locate errors of an LSP, perform the following task in any view: Task Command tracert lsp [ -a source-ip | -exp exp-value | -h Perform MPLS LSP tracert to locate errors along an ttl-value | -r reply-mode |-t time-out ] * ipv4...

  • Page 84: Configuring Periodic Lsp Tracert

    Configuration procedure To configure BFD for LSPs: Step Command Remarks Enter system view. system-view Enable LSP verification and Not enabled by default. mpls lspv enter the MPLS LSPV view. bfd enable destination-address Configure BFD to detect the mask-length [ nexthop Not configured by default.

  • Page 85: Displaying And Maintaining Mpls

    To enable the MPLS trap function: Step Command Remarks Enter system view. system-view By default, the MPLS trap is disabled. For more information about the Enable the MPLS trap. snmp-agent trap enable mpls command, see the snmp-agent trap enable command in Network Management and Monitoring Command Reference.

  • Page 86: Displaying Mpls Ldp Operation

    Task Command Remarks display mpls static-lsp [ lsp-name Display information about static lsp-name ] [ { exclude | include } dest-addr Available in any view. LSPs. mask-length ] [ verbose ] [ | { begin | exclude | include } regular-expression ] display mpls route-state [ vpn-instance Display LSP-related route vpn-instance-name ] [ dest-addr...

  • Page 87: Clearing Mpls Statistics

    Task Command Remarks display mpls ldp lsp [ all | [ vpn-instance Display information about LSPs vpn-instance-name ] [ dest-addr Available in any view. established by LDP. mask-length ] ] [ | { begin | exclude | include } regular-expression ] NOTE: The vpn-instance vpn-instance-name option is used to specify information about an LDP instance.
  • Page 88 • Configure a static route to the destination address of the LSP on each ingress node. Such a route is not required on the transit and egress nodes. You do not need to configure any routing protocol on the switches. Configuration procedure Configure IP addresses for the interfaces, according to Figure...
  • Page 89 # Configure the LSP ingress, Switch C. [SwitchC] static-lsp ingress CtoA destination 11.1.1.0 24 nexthop 20.1.1.1 out-label # Configure the LSP transit node, Switch B. [SwitchB] static-lsp transit CtoA incoming-interface vlan-interface 3 in-label 40 nexthop 10.1.1.1 out-label 70 # Configure the LSP egress, Switch A. [SwitchA] static-lsp egress CtoA incoming-interface vlan-interface 2 in-label 70 Verify the configuration: # Execute the display mpls static-lsp command on each switch to display static LSP...

  • Page 90: Configuring Ldp To Establish Lsps Dynamically

    Configuring LDP to establish LSPs dynamically Network requirements Switch A, Switch B, and Switch C support MPLS. Configure LDP to establish LSPs between Switch A and Switch C so that subnets 11.1.1.0/24 and 21.1.1.0/24 can reach each other over MPLS. Test the connectivity of the LSPs. Figure 25 Network diagram Loop0 Loop0...
  • Page 91 # Configure OSPF on Switch C. <Sysname> system-view [Sysname] sysname SwitchC [SwitchC] ospf [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [SwitchC-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 21.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit # Execute the display ip routing-table command on each switch. You will see that each switch has learned the routes to other switches.
  • Page 92 [SwitchB-Vlan-interface2] mpls ldp [SwitchB-Vlan-interface2] quit [SwitchB] interface vlan-interface 3 [SwitchB-Vlan-interface3] mpls [SwitchB-Vlan-interface3] mpls ldp [SwitchB-Vlan-interface3] quit # Configure MPLS and MPLS LDP on Switch C. [SwitchC] mpls lsr-id 3.3.3.9 [SwitchC] mpls [SwitchC-mpls] quit [SwitchC] mpls ldp [SwitchC-mpls-ldp] quit [SwitchC] interface vlan-interface 3 [SwitchC-Vlan-interface3] mpls [SwitchC-Vlan-interface3] mpls ldp [SwitchC-Vlan-interface3] quit...
  • Page 93 [SwitchC] mpls [SwitchC-mpls] lsp-trigger all [SwitchC-mpls] quit Verify the configuration: # Execute the display mpls ldp lsp command on each switch to display the LDP LSP information. Take Switch A as an example: <SwitchA> display mpls ldp lsp LDP LSP Information ------------------------------------------------------------------- DestAddress/Mask In/OutLabel...

  • Page 94: Configuring Bfd For Lsps

    Configuring BFD for LSPs Network requirements As shown in Figure 25, use LDP to establish an LSP from 11.1.1.0/24 to 21.1.1.0/24, and an LSP from 21.1.1.0/24 to 11.1.1.0/24. Configure BFD for the LSPs to detect LSP failures. Configuration procedure Configure LDP sessions (see "Configuring LDP to establish LSPs dynamically.") Enable BFD for LSPs:...
  • Page 95 Local Discr: 129 Remote Discr: 129 Source IP: 1.1.1.9 Destination IP: 127.0.0.1 Session State: Up Interface: LoopBack0 Min Trans Inter: 400ms Act Trans Inter: 400ms Min Recv Inter: 400ms Act Detect Inter: 2000ms Running Up for: 00:15:52 Auth mode: None Connect Type: Indirect Board Num: 6 Protocol: MFW/LSPV...

  • Page 96: Configuring Mpls Te

    Configuring MPLS TE This chapter describes how to configure MPLS TE. Hardware compatibility The HPE 5820X Switch Series does not support MPLS TE. MPLS TE overview Network congestion is one of the major problems that can degrade your network backbone performance.

  • Page 97: Basic Concepts

    With MPLS TE, a network administrator can eliminate network congestion by creating some LSPs and congestion bypass nodes. Special offline tools are also available for the traffic analysis performed when the number of LSPs is large. Basic concepts • LSP tunnel On an LSP, after packets are labeled at the ingress node, the packets are forwarded based on label.

  • Page 98: Cr-Lsp

    RSVP is a well-established technology in terms of its architecture, protocol procedures and support to services. CR-LDP is an emerging technology with better scalability. The switch supports only RSVP-TE. Forwarding packets Packets are forwarded over established tunnels. CR-LSP Unlike ordinary LSPs established based on routing information, CR-LSPs are established based on criteria such as bandwidth, selected path, and QoS parameters, in addition to routing information.

  • Page 99: Rsvp-Te

    available. If this is undesirable, the network administrator can set up the CR-LSP using route underpinning to make it a permanent path. Administrative group and affinity attribute The affinity attribute of an MPLS TE tunnel identifies the properties of the links that the tunnel can use.
  • Page 100 NOTE: SE is only used for make-before-break because multiple LSPs cannot be present on the same session. Make-before-break Make-before-break is a mechanism to change MPLS TE tunnel attributes with minimum data loss and without extra bandwidth. Figure 26 Diagram for make-before-break Figure 26 presents a scenario where a path Router A →...
  • Page 101 • New objects added to the Path message include LABEL_REQUEST, EXPLICIT_ROUTE, RECORD_ROUTE, and SESSION_ATTRIBUTE. • New objects added to the Resv message include LABEL and RECORD_ROUTE The LABEL_REQUEST object in the Path message requests the label bindings for an LSP. It is also saved in the path state block.

  • Page 102: Traffic Forwarding

    Send summary refreshes (Srefreshes) rather than retransmit standard Path or Resv messages to refresh related RSVP state. This reduces refresh traffic and allows nodes to make faster processing. To use summary refresh, you must use the Message_ID extension. Only states advertised using MESSAGE_ID included Path and Resv messages can be refreshed using summary refreshes.
  • Page 103 Even when an MPLS TE tunnel is available, traffic is IP routed if you do not configure it to travel the tunnel. For traffic to be routed along an MPLS TE tunnel, you can use static routing, policy-based routing, or automatic route advertisement. Static routing Static routing is the easiest way to route traffic along an MPLS TE tunnel.

  • Page 104: Bidirectional Mpls Te Tunnel

    The configuration of IGP shortcut and forwarding adjacency is broken down into tunnel configuration and IGP configuration. When making tunnel configuration on a TE tunnel interface, consider the following: • The tunnel destination address must be in the same area where the tunnel interface is located. •...

  • Page 105: Ps For An Mpls Te Tunnel

    • Point of local repair (PLR)—The ingress node of a bypass LSP. It must be located on a protected LSP but must not be the egress node. • Merge point (MP)—The egress node of the bypass LSP. It must be located on a protected LSP but must not be the ingress node.
  • Page 106 Protection switching modes The device supports the following protection switching modes: • 1:1 protection switching—Two tunnels, one primary and one backup, exist between the ingress node and the egress node. Typically, user data travels along the primary tunnel. If the ingress node detects a fault on the primary tunnel by using a probing mechanism (such as BFD), it switches data to the backup tunnel.

  • Page 107: Protocols And Standards

    Protocols and standards • RFC 2702, Requirements for Traffic Engineering Over MPLS • RFC 3212, Constraint-Based LSP Setup using LDP • RFC 2205, Resource ReSerVation Protocol • RFC 3209, RSVP-TE: Extensions to RSVP for LSP Tunnels • RFC 2961, RSVP Refresh Overhead Reduction Extensions •...

  • Page 108: Creating An Mpls Te Tunnel Over A Static Cr-Lsp

    Step Command Remarks Enter system view. system-view Enter MPLS view. mpls Enable global MPLS TE. Disabled by default. mpls te Return to system view. quit Enter the interface view of an interface interface-type MPLS TE link. interface-number Enable interface MPLS TE. Disabled by default.

  • Page 109: Configuring An Mpls Te Tunnel With A Dynamic Signaling Protocol

    • Do not configure the next hop address as a local public address when configuring the static CR-LSP on the ingress or a transit node. To create an MPLS TE tunnel over a static CR-LSP: Step Command Remarks Enter system view. system-view Enter the interface view of an interface tunnel tunnel-number...

  • Page 110: Configuration Prerequisites

    Configuration prerequisites Before you perform the configuration, complete the following tasks: • Configure static routing or an IGP protocol to make sure all LSRs can reach each other. • Configure basic MPLS. • Configure basic MPLS TE. Configuration procedure Task Remarks Configuring CSPF Optional.
  • Page 111 Step Command Remarks Enable the opaque LSA Disabled by default. opaque-capability enable capability. Enter OSPF area view. area area-id Enable MPLS TE in the Disabled by default. mpls-te enable OSPF area. Return to OSPF view. quit Configuring IS-IS TE Configure IS-IS TE if the routing protocol is IS-IS and a dynamic signaling protocol is used for MPLS TE tunnel setup.
  • Page 112 When inserting nodes to an explicit path or modifying nodes on it, you can configure the include keyword to have the established LSP traverse the specified nodes or the exclude keyword to have the established LSP bypass the specified nodes. When establishing an MPLS TE tunnel between areas or ASs, use a loose explicit route, specify the ABR or ASBR as the next hop of the route, and make sure the tunnel's ingress node and the ABR or ASBR can reach each other.

  • Page 113: Configuring Rsvp-Te Advanced Features

    To establish an MPLS TE tunnel with RSVP-TE: Step Command Remarks Enter system view. system-view Enter MPLS view. mpls Enable RSVP-TE for the Disabled by default. mpls rsvp-te switch. Return to system view. quit Enter interface view of MPLS interface interface-type TE link.

  • Page 114: Configuring Rsvp State Timers

    Step Command Remarks Enter MPLS TE tunnel interface tunnel tunnel-number interface view. Optional. Configure the resources reservation style for the mpls te resv-style { ff | se } The default resource reservation tunnel. style is SE. Submit current tunnel mpls te commit configuration.

  • Page 115: Configuring The Rsvp Hello Extension

    Step Command Remarks Optional. Enable summary refresh. mpls rsvp-te srefresh Disabled by default. Configuring the RSVP hello extension RSVP hello extension tests the reachability of RSVP neighboring nodes. It is defined in RFC 3209. To configure the RSVP hello extension: Step Command Remarks...

  • Page 116: Configuring Rsvp Authentication

    Configuring RSVP authentication RSVP adopts hop-by-hop authentication to prevent fake resource reservation requests from occupying network resources. The interfaces at the two ends of a link must share the same authentication key to exchange RSVP messages. To configure RSVP authentication: Step Command Remarks...

  • Page 117: Tuning Cr-Lsp Setup

    Step Command Remarks Enable RSVP hello Disabled by default. mpls rsvp-te hello extension for the interface. Tuning CR-LSP setup A CR-LSP is established through the signaling protocol based on the path calculated by CSPF using TEDB and constraints. MPLS TE can affect CSPF calculation in many ways to determine the path that a CR-LSP can traverse.

  • Page 118: Configuring Cr-Lsp Reoptimization

    Step Command Remarks Enter system view. system-view Enter interface view of MPLS interface interface-type TE link. interface-number Optional. Assign the link to a link mpls te link administrative administrative group. group value The default is 0x00000000. Return to system view. quit Enter MPLS TE tunnel interface tunnel tunnel-number...

  • Page 119: Configuring Route And Label Recording

    Step Command Remarks Enter system view. system-view Enter MPLS TE tunnel interface interface tunnel tunnel-number view. Enable the system to perform loop Disabled by default. mpls te loop-detection detection when setting up a tunnel. Submit current tunnel mpls te commit configuration.

  • Page 120: Configuring Traffic Forwarding

    To avoid flapping caused by improper preemptions between CR-LSPs, the setup priority of a CR-LSP must not be set higher than its holding priority. To assign priorities to a tunnel: Step Command Remarks Enter system view. system-view Enter MPLS TE tunnel interface tunnel tunnel-number interface view.
  • Page 121 Enable OSPF or IS-IS on the tunnel interface of the MPLS TE tunnel before configuring automatic route advertisement. To use automatic route advertisement, specify the destination address of the TE tunnel as the LSR ID of the peer and advertise the tunnel interface address to IGPs, such as OSPF and ISIS. Configure an IGP shortcut: Step Command...

  • Page 122: Configuring Traffic Forwarding Tuning Parameters

    Configuring traffic forwarding tuning parameters In MPLS TE, you can configure traffic forwarding tuning parameters, such as the failed link timer and flooding thresholds, to change paths that IP or MPLS traffic traverses or to define type of traffic that may travel down a TE tunnel.

  • Page 123: Configuring The Traffic Flow Type Of A Tunnel

    Step Command Remarks Optional. 10. Assign a TE metric to the If no TE metric is assigned to the mpls te metric value link. link, IGP metric is used as the TE metric by default. Configuring the traffic flow type of a tunnel Step Command Remarks...

  • Page 124: Configuring Cr-Lsp Backup

    Step Command Remarks Configure a co-routed By default, no bidirectional tunnel bidirectional MPLS TE is configured, and tunnels mpls te bidirectional co-routed tunnel and specify the local established on the tunnel active end as the active end of the interface are unidirectional MPLS tunnel.

  • Page 125: Configuring Frr

    Step Command Remarks Enter system view of the system-view ingress node. Enter MPLS TE tunnel interface tunnel tunnel-number interface view. Enable the specified backup mpls te backup { hot-standby | Disabled by default. mode for the current tunnel. ordinary } Submit current tunnel mpls te commit configuration.

  • Page 126: Configuring A Bypass Tunnel On Its Plr

    Configuring a bypass tunnel on its PLR After a tunnel is specified to protect an interface, its corresponding LSP becomes a bypass LSP. The setup of a bypass LSP must be manually performed on the PLR. The configuration of a bypass LSP is similar to that of a common LSP, but a bypass LSP cannot act as an LSP to be protected by another LSP at the same time.

  • Page 127: Configuring The Frr Polling Timer

    Step Command Remarks Enter the view of the interface directly interface interface-type connected to the protected node or interface-number PLR. Enable RSVP hello extension on the Disabled by default. mpls rsvp-te hello interface. NOTE: RSVP hello extension is configured to detect node failures caused by problems such as signaling error other than failures caused by link failures.

  • Page 128: Configuring Mpls Lsp Tracert

    Task Command ping lsp [ -a source-ip | -c count | -exp exp-value | -h Use MPLS LSP ping to test the connectivity of an ttl-value | -m wait-time | -r reply-mode | -s packet-size | MPLS TE tunnel. -t time-out | -v ] * te interface-type interface-number Configuring MPLS LSP tracert Use MPLS LSP tracert to locate errors of an MPLS TE tunnel.

  • Page 129: Configuring Periodic Lsp Tracert For An Mpls Te Tunnel

    • If you enable both FRR and BFD for an MPLS TE tunnel, to make sure the BFD session is not down during an FRR switching, give the BFD detection interval a greater value than the FRR detection interval. • In a BFD session for detecting an MPLS TE tunnel's connectivity, the ingress node always operates in active mode and the egress node always operates in passive mode.

  • Page 130: Configuring Dm

    Step Command Remarks Enter system view. system-view By default, LSP verification is disabled. Enable LSP verification and mpls lspv For more information about the enter MPLS LSPV view. mpls lspv command, see MPLS Command Reference. Return to system view. quit Enter the tunnel interface interface tunnel tunnel-number view of an MPLS TE tunnel.

  • Page 131: Configuring Protection Switching

    Configuring protection switching Before you configure protection switching, complete following tasks: • Configure basic MPLS. • Enable MPLS TE and create an MPLS TE tunnel. • Configure BFD for the MPLS TE tunnel. Before you configure a protection tunnel, prepare the following data: •...
  • Page 132 Task Command Remarks display mpls rsvp-te peer [ interface Display RSVP-TE neighbors. interface-type interface-number ] [ | { begin | Available in any view. exclude | include } regular-expression ] display mpls rsvp-te request [ interface Display information about RSVP interface-type interface-number ] [ | { begin | Available in any view.

  • Page 133: Configuring Mpls Te Examples

    Task Command Remarks Display information about the display ospf [ process-id ] specified or all OSPF processes traffic-adjustment [ | { begin | exclude | Available in any view. about traffic tuning. include } regular-expression ] display ospf [ process-id ] mpls-te [ area Display information about OSPF area-id ] [ self-originated ] [ | { begin | Available in any view.
  • Page 134 Figure 31 Network diagram Configuration procedure Configure IP addresses and masks for the interfaces according to Figure 31. (Details not shown.) Enable IS-IS to advertise routes destined for LSR IDs: # Configure Switch A. <SwitchA> system-view [SwitchA] isis 1 [SwitchA-isis-1] network-entity 00.0005.0000.0000.0001.00 [SwitchA-isis-1] quit [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] isis enable 1...
  • Page 135 [SwitchC-isis-1] network-entity 00.0005.0000.0000.0003.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] isis enable 1 [SwitchC-Vlan-interface2] quit [SwitchC] interface loopback 0 [SwitchC-LoopBack0] isis enable 1 [SwitchC-LoopBack0] quit Execute the display ip routing-table command on each switch. The output shows that all nodes have learned the host routes of other nodes with LSR IDs as destinations. Take Switch A for example: [SwitchA] display ip routing-table Routing Tables: Public...
  • Page 136 [SwitchC] mpls [SwitchC-mpls] mpls te [SwitchC-mpls] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] mpls [SwitchC-Vlan-interface2] mpls te [SwitchC-Vlan-interface2] quit Configure an MPLS TE tunnel: # Configure an MPLS TE tunnel on Switch A. [SwitchA] interface tunnel 0 [SwitchA-Tunnel0] ip address 6.1.1.1 255.255.255.0 [SwitchA-Tunnel0] tunnel-protocol mpls te [SwitchA-Tunnel0] destination 3.3.3.3 [SwitchA-Tunnel0] mpls te tunnel-id 10...
  • Page 137 # Execute the display mpls te tunnel command on each switch to display information about the MPLS TE tunnel. [SwitchA] display mpls te tunnel LSP-Id Destination In/Out-If Name 1.1.1.1:1 3.3.3.3 -/Vlan1 Tunnel0 [SwitchB] display mpls te tunnel LSP-Id Destination In/Out-If Name Vlan1/Vlan2 Tunnel0...

  • Page 138: Mpls Te Using Rsvp-Te Configuration Example

    # Execute the display ip routing-table command on Switch A. The output shows a static route entry with interface Tunnel 0 as the outgoing interface. MPLS TE using RSVP-TE configuration example Network requirements Switch A, Switch B, Switch C, and Switch D are running IS-IS and all of them are Level-2 devices. Use RSVP-TE to create a TE tunnel with 2000 kbps of bandwidth from Switch A to Switch D, making sure the maximum bandwidth of each link that the tunnel traverses is 10000 kbps and the maximum reservable bandwidth is 5000 kbps.
  • Page 139 <SwitchB> system-view [SwitchB] isis 1 [SwitchB-isis-1] network-entity 00.0005.0000.0000.0002.00 [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 1 [SwitchB-Vlan-interface1] isis enable 1 [SwitchB-Vlan-interface1] isis circuit-level level-2 [SwitchB-Vlan-interface1] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] isis enable 1 [SwitchB-Vlan-interface2] isis circuit-level level-2 [SwitchB-Vlan-interface2] quit [SwitchB] interface loopback 0 [SwitchB-LoopBack0] isis enable 1 [SwitchB-LoopBack0] isis circuit-level level-2 [SwitchB-LoopBack0] quit...
  • Page 140 # Execute the display ip routing-table command on each switch. The output shows that all nodes have learned the host routes of other nodes with LSR IDs as destinations. Take Switch A for example: [SwitchA] display ip routing-table Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask...
  • Page 141 [SwitchC] mpls lsr-id 3.3.3.9 [SwitchC] mpls [SwitchC-mpls] mpls te [SwitchC-mpls] mpls rsvp-te [SwitchC-mpls] mpls te cspf [SwitchC-mpls] quit [SwitchC] interface vlan-interface 3 [SwitchC-Vlan-interface3] mpls [SwitchC-Vlan-interface3] mpls te [SwitchC-Vlan-interface3] mpls rsvp-te [SwitchC-Vlan-interface3] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] mpls [SwitchC-Vlan-interface2] mpls te [SwitchC-Vlan-interface2] mpls rsvp-te [SwitchC-Vlan-interface2] quit # Configure Switch D.
  • Page 142 [SwitchD-isis-1] quit Configure MPLS TE attributes of links: # Configure maximum link bandwidth and maximum reservable bandwidth on Switch A. [SwitchA] interface vlan-interface 1 [SwitchA-Vlan-interface1] mpls te max-link-bandwidth 10000 [SwitchA-Vlan-interface1] mpls te max-reservable-bandwidth 5000 [SwitchA-Vlan-interface1] quit # Configure maximum link bandwidth and maximum reservable bandwidth on Switch B. [SwitchB] interface vlan-interface 1 [SwitchB-Vlan-interface1] mpls te max-link-bandwidth 10000 [SwitchB-Vlan-interface1] mpls te max-reservable-bandwidth 5000...
  • Page 143 The Maximum Transmit Unit is 64000 Internet Address is 7.1.1.1/24 Primary Encapsulation is TUNNEL, service-loopback-group ID not set Tunnel source unknown, destination 4.4.4.9 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0...

  • Page 144: Rsvp-Te Gr Configuration Example

    Primary Tunnel Backup Tunnel Group Status # Execute the display mpls te cspf tedb all command on Switch A to display information about links in TEDB. [SwitchA] display mpls te cspf tedb all Maximum Node Supported: 128 Maximum Link Supported: 256 Current Total Node Number: 4 Current Total Link Number: 6 MPLS LSR-Id...
  • Page 145 [SwitchA-Vlan-interface1] mpls [SwitchA-Vlan-interface1] mpls te [SwitchA-Vlan-interface1] mpls rsvp-te [SwitchA-Vlan-interface1] mpls rsvp-te hello [SwitchA-Vlan-interface1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] mpls lsr-id 2.2.2.9 [SwitchB] mpls [SwitchB-mpls] mpls te [SwitchB-mpls] mpls rsvp-te [SwitchB-mpls] mpls rsvp-te hello [SwitchB-mpls] interface vlan-interface 1 [SwitchB-Vlan-interface1] mpls [SwitchB-Vlan-interface1] mpls te [SwitchB-Vlan-interface1] mpls rsvp-te...

  • Page 146: Mpls Rsvp-Te And Bfd Cooperation Configuration Example

    [SwitchB-mpls] mpls rsvp-te graceful-restart # Configure Switch C. <SwitchC> system-view [SwitchC] mpls [SwitchC-mpls] mpls rsvp-te graceful-restart Verify the configuration: A tunnel is created between Switch A and Switch C. Execute the following command. The output shows that the neighbor's GR state is Ready. <SwitchA>...
  • Page 147 [SwitchA-Vlan-interface12] mpls rsvp-te [SwitchA-Vlan-interface12] mpls rsvp-te bfd enable [SwitchA-Vlan-interface12] quit # Configure Switch B. <SwitchB> system-view [SwitchB] mpls lsr-id 2.2.2.2 [SwitchB] mpls [SwitchB-mpls] mpls te [SwitchB-mpls] mpls rsvp-te [SwitchB-mpls] quit [SwitchB] interface vlan-interface 12 [SwitchB-Vlan-interface12] mpls [SwitchB-Vlan-interface12] mpls te [SwitchB-Vlan-interface12] mpls rsvp-te [SwitchB-Vlan-interface12] mpls rsvp-te bfd enable [SwitchB-Vlan-interface12] quit Configure OSPF:...

  • Page 148: Bidirectional Mpls Te Tunnel Configuration Example

    [SwitchA-Tunnel1] mpls te commit [SwitchA-Tunnel1] return Verify the configuration: On Switch A, display detailed information about the BFD session between Switch A and Switch <SwitchA> display bfd session verbose Total Session Num: 1 Init Mode: Active Session Working Under Ctrl Mode: Local Discr: 21 Remote Discr: 20 Source IP: 12.12.12.1...
  • Page 149 Configure IS-IS on each switch to advertise routes destined for LSR IDs. For more information, see "MPLS TE using RSVP-TE configuration example." Configure basic MPLS TE, and enable RSVP-TE and CSPF: # Configure Switch A. <SwitchA> system-view [SwitchA] mpls lsr-id 1.1.1.9 [SwitchA] mpls [SwitchA-mpls] label advertise non-null [SwitchA-mpls] mpls te...
  • Page 150 [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] mpls [SwitchC-Vlan-interface2] mpls te [SwitchC-Vlan-interface2] mpls rsvp-te [SwitchC-Vlan-interface2] quit # Configure Switch D. <SwitchD> system-view [SwitchD] mpls lsr-id 4.4.4.9 [SwitchD] mpls [SwitchD-mpls] label advertise non-null [SwitchD-mpls] mpls te [SwitchD-mpls] mpls rsvp-te [SwitchD-mpls] mpls te cspf [SwitchD-mpls] quit [SwitchD] interface vlan-interface 3 [SwitchD-Vlan-interface3] mpls...
  • Page 151 [SwitchA-Tunnel1] mpls te resv-style ff [SwitchA-Tunnel1] mpls te bidirectional co-routed active [SwitchA-Tunnel1] mpls te commit [SwitchA-Tunnel1] quit # Configure Switch A as the passive end of the co-routed bidirectional MPLS TE tunnel. [SwitchD] interface tunnel 4 [SwitchD-Tunnel4] ip address 8.1.1.1 255.255.255.0 [SwitchD-Tunnel4] tunnel-protocol mpls te [SwitchD-Tunnel4] destination 1.1.1.9 [SwitchD-Tunnel4] mpls te tunnel-id 4...
  • Page 152 Signaling Prot RSVP Resv Style Tunnel mode Co-routed, active Class Type Tunnel BW 0 kbps Reserved BW 0 kbps Setup Priority Hold Priority: Affinity Prop/Mask 0x0/0x0 Explicit Path Name Tie-Breaking Policy : None Metric Type None Record Route Disabled Record Label : Disabled FRR Flag Disabled...
  • Page 153 BypassTunnel Tunnel Index[---] IngressLsrID 1.1.1.9 LocalLspID Tunnel-Interface Tunnel1 4.4.4.9/32 Nexthop 10.1.1.2 In-Label NULL Out-Label 1029 In-Interface ---------- Out-Interface Vlan-interface1 LspIndex 3078 Tunnel ID 0xd2004 LsrType Ingress Bypass In Use Not Exists BypassTunnel Tunnel Index[---] # Execute the display interface tunnel command on Switch D. The output shows that a tunnel in up state has been established.
  • Page 154 Signaling Prot RSVP Resv Style Tunnel mode Co-routed, passive Class Type Tunnel BW 0 kbps Reserved BW 0 kbps Setup Priority Hold Priority: Affinity Prop/Mask 0x0/0x0 Explicit Path Name Tie-Breaking Policy : None Metric Type None Record Route Disabled Record Label : Disabled FRR Flag Disabled...

  • Page 155: Cr-Lsp Backup Configuration Example

    BypassTunnel Tunnel Index[---] IngressLsrID 1.1.1.9 LocalLspID Tunnel-Interface Tunnel1 4.4.4.9/32 Nexthop ------- In-Label 1025 Out-Label NULL In-Interface Vlan-interface3 Out-Interface ---------- LspIndex 3078 Tunnel ID LsrType Egress Bypass In Use Not Exists BypassTunnel Tunnel Index[---] CR-LSP backup configuration example Network requirements Set up an MPLS TE tunnel from Switch A to Switch C. Use CR-LSP hot backup for it. Figure 36 Network diagram Device Interface...
  • Page 156 Configuration procedure Configure IP addresses and masks for the interfaces according to Figure 36. (Details not shown.) Configure the IGP protocol: # Enable IS-IS on each switch to advertise routes destined for LSR IDs. (Details not shown.) # Execute the display ip routing-table command on each switch. The output shows that all nodes have learned the host routes of other nodes with LSR IDs as destinations.
  • Page 157 Tunnel source unknown, destination 3.3.3.9 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 Last 300 seconds input: 0 bytes/sec, 0 packets/sec Last 300 seconds output: 0 bytes/sec, 0 packets/sec 0 packets input,...

  • Page 158: Frr Configuration Example

    # Shut down VLAN-interface 2 on Switch B. Execute the tracert command on Switch A to draw the path to the tunnel destination. [SwitchA] tracert –a 1.1.1.9 3.3.3.9 traceroute to 3.3.3.9(3.3.3.9) 30 hops max,40 bytes packet 1 30.1.1.2 28 ms 27 ms 23 ms 2 40.1.1.2 50 ms...
  • Page 159 Switch B Loop0 2.2.2.2/32 Vlan-int5 3.3.1.1/24 Vlan-int1 2.1.1.2/24 Switch C Loop0 3.3.3.3/32 Vlan-int2 3.1.1.1/24 Vlan-int3 4.1.1.1/24 Vlan-int4 3.2.1.1/24 Vlan-int2 3.1.1.2/24 Switch D Loop0 4.4.4.4/32 Vlan-int5 3.3.1.2/24 Vlan-int3 4.1.1.2/24 Configuration procedure Configure IP addresses and masks for the interfaces according to Figure 37.
  • Page 160 [SwitchB-mpls] mpls te [SwitchB-mpls] mpls rsvp-te [SwitchB-mpls] mpls te cspf [SwitchB-mpls] quit [SwitchB] interface vlan-interface 1 [SwitchB-Vlan-interface1] mpls [SwitchB-Vlan-interface1] mpls te [SwitchB-Vlan-interface1] mpls rsvp-te [SwitchB-Vlan-interface1] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] mpls [SwitchB-Vlan-interface2] mpls te [SwitchB-Vlan-interface2] mpls rsvp-te [SwitchB-Vlan-interface2] quit [SwitchB] interface vlan-interface 4 [SwitchB-Vlan-interface4] mpls [SwitchB-Vlan-interface4] mpls te...
  • Page 161 Tunnel source unknown, destination 4.4.4.4 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 Last 300 seconds input: 0 bytes/sec, 0 packets/sec Last 300 seconds output: 0 bytes/sec, 0 packets/sec 0 packets input,...
  • Page 162 Configure a bypass tunnel on Switch B (the PLR): # Create an explicit path for the bypass LSP. [SwitchB] explicit-path by-path [SwitchB-explicit-path-by-path] next hop 3.2.1.2 [SwitchB-explicit-path-by-path] next hop 3.3.1.2 [SwitchB-explicit-path-by-path] next hop 3.3.3.3 [SwitchB-explicit-path-by-path] quit # Create the bypass tunnel. [SwitchB] interface tunnel 5 [SwitchB-Tunnel5] ip address 11.1.1.1 255.255.255.0 [SwitchB-Tunnel5] tunnel-protocol mpls te...
  • Page 163 LSP Information: RSVP LSP ------------------------------------------------------------------ In/Out Label In/Out IF Vrf Name 4.4.4.4/32 3/NULL Vlan3/- [SwitchE] display mpls lsp ------------------------------------------------------------------ LSP Information: RSVP LSP ------------------------------------------------------------------ In/Out Label In/Out IF Vrf Name 3.3.3.3/32 1024/3 Vlan4/Vlan5 Execute the display mpls te tunnel command on each switch. The output shows that two MPLS TE tunnels are traversing Switch B and Switch C.
  • Page 164 BypassTunnel Tunnel Index[Tunnel5], InnerLabel[1024] Mpls-Mtu 1500 IngressLsrID 2.2.2.2 LocalLspID Tunnel-Interface Tunnel5 3.3.3.3/32 Nexthop 3.2.1.2 In-Label NULL Out-Label 1024 In-Interface ---------- Out-Interface Vlan-interface4 LspIndex 4098 Tunnel ID 0x22002 LsrType Ingress Bypass In Use Not Exists BypassTunnel Tunnel Index[---] Mpls-Mtu 1500 Verify the FRR function: # Shut down the protected outgoing interface on PLR.
  • Page 165 Route Pinning Disabled Retry Limit Retry Interval: 10 sec Reopt Disabled Reopt Freq Back Up Type None Back Up LSPID Auto BW Disabled Auto BW Freq : Min BW Max BW Current Collected BW: Interfaces Protected: VPN Bind Type NONE VPN Bind Value Car Policy Disabled...
  • Page 166 Tunnel Group Primary Primary Tunnel Backup Tunnel Group Status If you execute the display mpls te tunnel-interface command immediately after an FRR protection switch, you are likely to see two CR-LSPs in up state are present. This is normal because the make-before-break mechanism of FRR introduces a delay before removing the old LSP after a new LSP is created.

  • Page 167: Mpls Te In Mpls L3Vpn Configuration Example

    [SwitchB-mpls] mpls te timer fast-reroute 5 [SwitchB-mpls] quit # Bring the protected outgoing interface up on PLR. [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] undo shutdown %Sep 7 09:01:31 2004 SwitchB IFNET/5/UPDOWN:Line protocol on the interface Vlan-interface2 turns into UP state # Execute the display interface tunnel 4 command on Switch A to identify the state of the primary LSP.
  • Page 168 [PE1-Vlan-interface2] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 10.0.0.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure PE 2. <PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 3.3.3.3 255.255.255.255 [PE2-LoopBack0] quit [PE2] interface vlan-interface 2 [PE2-Vlan-interface2] ip address 10.0.0.2 255.255.255.0 [PE2-Vlan-interface2] quit [PE2] ospf...
  • Page 169 [PE1] mpls lsr-id 2.2.2.2 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] mpls te [PE1-mpls] mpls rsvp-te [PE1-mpls] mpls te cspf [PE1-mpls] quit [PE1] interface vlan-interface 2 [PE1-Vlan-interface2] mpls [PE1-Vlan-interface2] mpls te [PE1-Vlan-interface2] mpls rsvp-te [PE1-Vlan-interface2] quit # Configure PE2. [PE2] mpls lsr-id 3.3.3.3 [PE2] mpls [PE2-mpls] lsp-trigger all [PE2-mpls] mpls te...
  • Page 170 [PE1-Tunnel1] mpls te signal-protocol rsvp-te [PE1-Tunnel1] mpls te commit [PE1-Tunnel1] quit Execute the display interface tunnel command on PE 1. The output shows that the tunnel interface is up. Configure the VPN instance on each PE, and bind it to the interface connected to the CE: # Configure on CE 1.
  • Page 171 Tunnel Policy : policy1 Interfaces : Vlan-interface1 Ping connected CEs on PEs to test connectivity. For example, ping CE 1 on PE 1: [PE1] ping -vpn-instance vpn1 192.168.1.2 PING 192.168.1.2: 56 data bytes, press CTRL_C to break Reply from 192.168.1.2: bytes=56 Sequence=1 ttl=255 time=47 ms Reply from 192.168.1.2: bytes=56 Sequence=2 ttl=255 time=26 ms Reply from 192.168.1.2: bytes=56 Sequence=3 ttl=255 time=26 ms Reply from 192.168.1.2: bytes=56 Sequence=4 ttl=255 time=26 ms...
  • Page 172 [PE2-bgp-af-vpnv4] peer 2.2.2.2 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit # Execute the display bgp peer command and the display bgp vpn-instance peer command on PEs. The output shows that the BGP peer relationships have been formed between PEs and between PEs and CEs and have reached Established state. Take PE 1 for example: [PE1-bgp] display bgp peer BGP local router ID : 2.2.2.2 Local AS number : 100...
  • Page 173 ------------------------------------------------------------------ LSP Information: RSVP LSP ------------------------------------------------------------------ IngressLsrID 2.2.2.2 LocalLspID Tunnel-Interface Tunnel1 3.3.3.3/32 Nexthop 10.0.0.2 In-Label NULL Out-Label 1024 In-Interface ---------- Out-Interface Vlan-interface2 LspIndex 2050 Tunnel ID 0x22004 LsrType Ingress Bypass In Use Not Exists BypassTunnel Tunnel Index[---] Mpls-Mtu 1500 ------------------------------------------------------------------ LSP Information: BGP ------------------------------------------------------------------ VrfIndex...

  • Page 174: Troubleshooting Mpls Te

    LsrType Egress Outgoing Tunnel ID Label Operation VrfIndex 3.3.3.3/32 Nexthop 10.0.0.2 In-Label NULL Out-Label In-Interface ---------- Out-Interface Vlan-interface2 LspIndex 10242 Tunnel ID 0x22000 LsrType Ingress Outgoing Tunnel ID Label Operation PUSH # Execute the display interface tunnel command on PE 1. The output shows that traffic is forwarded along the CR-LSP of the TE tunnel.
  • Page 175 Analysis For TE LSAs to be generated, at least one OSPF neighbor must reach the FULL state. Solution Execute the display current-configuration command to verify that MPLS TE is configured on involved interfaces. Execute the debugging ospf mpls-te command to observe whether OSPF can receive the TE LINK establishment message.

  • Page 176: Configuring Vpls

    Configuring VPLS This chapter describes how to configure VPLS. Hardware compatibility The HPE 5820X Switch Series does not support VPLS. VPLS overview Virtual Private LAN Service (VPLS), also called "Transparent LAN Service (TLS)" or "virtual private switched network service," can deliver a point-to-multipoint L2VPN service over public networks.

  • Page 177: Pw Establishment

    • Forwarders—A forwarder functions as the VPLS forwarding table. Once a PE receives a packet from an AC, the forwarder selects a PW for forwarding the packet. • Tunnel—A tunnel, usually an MPLS tunnel, is a direct channel between a local PE and the peer PE for transparent data transmission in-between.

  • Page 178: Mac Address Learning And Flooding

    MAC address learning and flooding VPLS provides reachability by MAC address learning. Each PE maintains a MAC address table. • Source MAC address learning MAC address learning includes the following parts: Remote MAC address learning associated with PWs A PW consists of two unidirectional VC LSPs. A PW is up only when both of the VC LSPs are up.

  • Page 179: Vpls Loop Avoidance

    • MAC address aging Remote MAC addresses learned by a PE that are related to VC labels but no longer in use must be aged out by an aging mechanism. The aging mechanism used here is the aging timer corresponding to the MAC address. When receiving a packet whose source MAC address has an aging timer started, the PE resets the aging timer.

  • Page 180: H-Vpls Implementation

    H-VPLS implementation Hierarchy of VPLS (H-VPLS) can extend the VPLS access range of a service provider and reduce costs. Advantages of H-VPLS access • H-VPLS has lower requirements on the multi-tenant unit switch (MTU-s). It has distinct hierarchies which fulfill definite tasks. •...
  • Page 181 H-VPLS with QinQ access Figure 42 H-VPLS with QinQ access As shown in Figure 42, MTU is a standard bridging device and QinQ is enabled on its interfaces connected to CEs. Data forwarding in H-VPLS with QinQ access is as follows: Upon receiving a packet from a CE, MTU labels the packet with a VLAN tag as the multiplex distinguishing flag, and transparently sends the packet to PE 1 through the QinQ tunnel.

  • Page 182: Hub-Spoke Vpls Implementation

    • BFD detects a primary link failure. • The LDP session between the peers of the primary PW goes down, and the PW is deleted as a result. Hub-spoke VPLS implementation In hub-spoke networking, one of the VPLS networking modes, there is one hub site and multiple spoke sites.

  • Page 183: Enabling L2Vpn And Mpls L2Vpn

    Task Remarks Enabling L2VPN and MPLS L2VPN Required. Configuring static VPLS Configure one type of VPLS as Configuring LDP VPLS needed. Configuring BGP VPLS Binding a service instance to a VPLS instance Required. Configuring traffic policing for VPLS Optional. Enabling VPLS statistics Optional.

  • Page 184: Configuring Ldp Vpls

    ID of the PW to the peer PE, which must be consistent with that specified on the peer PE. Type of the peer PE. Use the upe keyword to specify a UPE peer, which is an MTU-s device in the H-VPLS model, or use the backup-peer keyword to configure two NPE peers (one primary, one backup).

  • Page 185: Configuring An Ldp Vpls Instance

    • Configure an IGP on the MPLS backbone devices (PEs and P devices) to ensure IP connectivity. For configuration information, see Layer 3—IP Routing Configuration Guide. • Configure basic MPLS on the MPLS backbone devices (PEs and P devices) to establish LSP tunnels over the backbone network.

  • Page 186: Configuring Bgp Vpls

    Step Command Remarks Specify an ID for the VPLS vsi-id vsi-id instance. peer ip-address [ { hub | spoke } | Create a peer PE for the pw-class class-name | [ pw-id VPLS instance and enter pw-id ] [ upe | backup-peer L2VPN peer view.

  • Page 187: Resetting Vpls Bgp Connections

    Step Command Specify BGP as the PW signaling protocol and pwsignal bgp enter VSI-BGP view. Configure an RD for the VPLS instance. route-distinguisher route-distinguisher vpn-target vpn-target&<1-16> [ both | Configure VPN targets for the VPLS instance. import-extcommunity | export-extcommunity ] site site-id [ range site-range ] [ default-offset { 0 | Create a site for the VPLS instance.

  • Page 188: Configuring Traffic Policing For Vpls

    Step Command Remarks By default, no packet encapsulation { s-vid vlan-id Configure a packet matching matching rule is configured [ only-tagged ] | port-based | tagged | rule for the service instance. for a service instance. untagged } Associate service By default, a service xconnect vsi vsi-name [ access-mode instance...

  • Page 189: Enabling Vpls Statistics

    Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type Enter the view of the Layer 2 interface-number Ethernet interface or Layer 2 • Enter Layer 2 aggregate aggregate interface connected to interface view: the CE. interface bridge-aggregation interface-number Enter service instance view.

  • Page 190: Configuring Mac Address Learning

    Step Command Remarks • Enter Layer 2 Ethernet interface view: Enter the view of the Layer 2 interface interface-type Ethernet interface or Layer 2 interface-number aggregate interface connected • Enter Layer 2 aggregate interface to the CE. view: interface bridge-aggregation interface-number Enter service instance view.

  • Page 191: Inspecting Pws

    Step Command Remarks Optional. The default MTU is 1500 bytes. Set the MTU of the VPLS The MTU configured for a VPLS mtu mtu instance. instance applies only to link negotiation messages. It is not used for data packets. Optional. Configure the description of description text By default, no description is...

  • Page 192: Vpls Configuration Examples

    Task Command Remarks display bgp vpls { all | group [ group-name ] | peer [ [ ip-address ] Display VPLS information in the verbose ] | route-distinguisher Available in any view. BGP routing table. route-distinguisher [ site-id site-id [ label-offset label-offset ] ] } [ | { begin | exclude | include } regular-expression ] display mac-address vsi [ vsi-name ] Display MAC address table...

  • Page 193: Binding Service Instances To Vpls Instances

    Binding service instances to VPLS instances Network requirements CE 1 and CE 2 are connected to PE 1 and PE 2 through VLANs. On PE 1 and PE 2, perform the following configuration: • Configure VPLS instance aaa to use LDP (Martini mode) and VPLS instance bbb to use BGP (Kompella mode), and configure the AS number as 100.
  • Page 194 [PE1] interface vlan-interface 2 [PE1-Vlan-interface2] ip address 23.1.1.1 24 [PE1-Vlan-interface2] mpls [PE1-Vlan-interface2] mpls ldp [PE1-Vlan-interface2] quit # Configure OSPF. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 23.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure BGP extensions. [PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0...
  • Page 195 <Sysname> system-view [Sysname] sysname P [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit # Configure the LSR ID and enable MPLS globally. [P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit # Enable LDP globally. [P] mpls ldp [P-mpls-ldp] quit # Configure the interface connected to PE 1 and enable LDP on the interface.
  • Page 196 [PE2-mpls-ldp] quit # Configure PE 2 to establish a remote LDP peer PE 1. [PE2] mpls ldp remote-peer 2 [PE2-mpls-ldp-remote-2] remote-ip 1.1.1.9 [PE2-mpls-ldp-remote-2] quit # Configure the interface connected to the P device and enable LDP on the interface. [PE2] interface vlan-interface 3 [PE2-Vlan-interface3] ip address 26.2.2.1 24 [PE2-Vlan-interface3] mpls [PE2-Vlan-interface3] mpls ldp...

  • Page 197: Configuring Hub-Spoke Vpls

    [PE2-GigabitEthernet1/0/1] service-instance 2000 [PE2-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 200 [PE2-GigabitEthernet1/0/1-srv2000] xconnect vsi bbb [PE2-GigabitEthernet1/0/1-srv2000] quit [PE2-GigabitEthernet1/0/1] quit Verify the configuration: # Execute the display vpls connection command on the PEs. The output shows that a PW connection in up state has been established. Take PE 2 as an example: [PE2] display vpls connection vsi aaa verbose VSI Name: aaa Signaling: ldp...
  • Page 198 Configuration procedure Configure an IGP (such as OSPF) on the MPLS backbone. (Details not shown.) Configure Spoke-PE 1: # Configure basic MPLS. <Sysname> system-view [Sysname] sysname Spoke-PE1 [Spoke-PE1] interface loopback 0 [Spoke-PE1-LoopBack0] ip address 1.1.1.9 32 [Spoke-PE1-LoopBack0] quit [Spoke-PE1] mpls lsr-id 1.1.1.9 [Spoke-PE1] mpls [Spoke-PE1–mpls] quit [Spoke-PE1] mpls ldp...
  • Page 199 [Spoke-PE2-LoopBack0] ip address 2.2.2.9 32 [Spoke-PE2-LoopBack0] quit [Spoke-PE2] mpls lsr-id 2.2.2.9 [Spoke-PE2] mpls [Spoke-PE2–mpls] quit [Spoke-PE2] mpls ldp [Spoke-PE2–mpls-ldp] quit # Configure basic MPLS on the interface connected to Hub-PE. [Spoke-PE2] interface vlan-interface 20 [Spoke-PE2-Vlan-interface20] ip address 20.1.1.1 24 [Spoke-PE2-Vlan-interface20] mpls [Spoke-PE2-Vlan-interface20] mpls ldp [Spoke-PE2-Vlan-interface20] quit # Configure the remote LDP peer Hub-PE.

  • Page 200: Configuring Pw Redundancy For H-Vpls Access

    # Configure basic MPLS on the interface connected to Spoke-PE 1. [Hub-PE] interface vlan-interface 10 [Hub-PE-Vlan-interface10] ip address 10.1.1.2 24 [Hub-PE-Vlan-interface10] mpls [Hub-PE-Vlan-interface10] mpls ldp [Hub-PE-Vlan-interface10] quit # Configure basic MPLS on the interface connected to Spoke-PE 2. [Hub-PE] interface vlan-interface 20 [Hub-PE-Vlan-interface20] ip address 20.1.1.2 24 [Hub-PE-Vlan-interface20] mpls [Hub-PE-Vlan-interface20] mpls ldp...
  • Page 201 Establish fully meshed PWs among NPE 1, NPE 2, and NPE 3. Create a VPLS instance and configure it to support H-VPLS networking. Figure 47 Network diagram Loop0 2.2.2.2/32 NPE 1 Vlan-int12 Vlan-int15 12.1.1.2/24 15.1.1.1/24 CE 1 Vlan-int17 Loop0 17.1.1.1/24 Vlan-int12 GE1/0/1 4.4.4.4/32...
  • Page 202 [UPE-Vlan-interface13] mpls ldp [UPE-Vlan-interface13] quit # Configure the remote LDP peer NPE 1. [UPE] mpls ldp remote-peer 1 [UPE-mpls-remote-1] remote-ip 2.2.2.2 [UPE-mpls-remote-1] quit # Configure the remote LDP peer NPE 2. [UPE] mpls ldp remote-peer 2 [UPE-mpls-remote-1] remote-ip 3.3.3.3 [UPE-mpls-remote-1] quit # Enable L2VPN and MPLS L2VPN.
  • Page 203 [NPE1] interface vlan-interface 12 [NPE1-Vlan-interface12] ip address 12.1.1.2 24 [NPE1-Vlan-interface12] mpls [NPE1-Vlan-interface12] mpls ldp [NPE1-Vlan-interface12] quit # Configure an IP address for the interface connected to NPE 2, and enable MPLS and MPLS LDP. [NPE1] interface vlan-interface 17 [NPE1-Vlan-interface17] ip address 17.1.1.1 24 [NPE1-Vlan-interface17] mpls [NPE1-Vlan-interface17] mpls ldp [NPE1-Vlan-interface17] quit...
  • Page 204 [Sysname] sysname NPE3 [NPE3] interface loopback 0 [NPE3-LoopBack0] ip address 4.4.4.4 32 [NPE3-LoopBack0] quit [NPE3] mpls lsr-id 4.4.4.4 [NPE3] mpls [NPE3–mpls] quit [NPE3] mpls ldp [NPE3–mpls-ldp] quit # Configure an IP address for the interface connected to NPE 1, and enable MPLS and MPLS LDP.

  • Page 205: Configuring Bfd For The Primary Link In An H-Vpls Network

    [NPE3-GigabitEthernet1/0/1-srv1000] quit # Execute the display vpls connection command on the PEs. The output shows that a PW connection in up state has been established. Configuring BFD for the primary link in an H-VPLS network Network requirements In the H-VPLS network, Switch A is the UPE, Switch B is the primary NPE and Switch C is the backup NPE.
  • Page 206 [SwitchA-vlan12] port gigabitethernet 1/0/2 [SwitchA-vlan12] quit [SwitchA] vlan 13 [SwitchA-vlan13] port gigabitethernet 1/0/1 [SwitchA-vlan13] quit [SwitchA] interface vlan-interface 12 [SwitchA-Vlan-interface12] mpls [SwitchA-Vlan-interface12] mpls ldp [SwitchA-Vlan-interface12] quit [SwitchA] interface vlan-interface 13 [SwitchA-Vlan-interface13] mpls [SwitchA-Vlan-interface13] mpls ldp [SwitchA-Vlan-interface13] quit # Configure Switch B. <SwitchB>...
  • Page 207 [SwitchC-Vlan-interface13] quit Configure related interfaces on the switches: # Configure Switch A. [SwitchA] interface vlan-interface 12 [SwitchA-Vlan-interface12] ip address 12.1.1.1 24 [SwitchA-Vlan-interface12] quit [SwitchA] interface vlan-interface 13 [SwitchA-Vlan-interface13] ip address 13.1.1.1 24 [SwitchA-Vlan-interface13] quit [SwitchA] interface loopback 0 [SwitchA-LoopBack0] ip address 1.1.1.9 32 [SwitchA-LoopBack0] quit # Configure Switch B.
  • Page 208 [SwitchC-ospf-1] quit Configure a VPLS instance for each switch: # Configure Switch A. [SwitchA] l2vpn [SwitchA-l2vpn] mpls l2vpn [SwitchA-l2vpn] quit [SwitchA] vsi vpna static [SwitchA-vsi-vpna] pwsignal ldp [SwitchA-vsi-vpna-ldp] vsi-id 100 [SwitchA-vsi-vpna-ldp] peer 2.2.2.9 backup-peer 3.3.3.9 [SwitchA-vsi-vpna-ldp] quit [SwitchA-vsi-vpna] quit [SwitchA] vlan 100 [SwitchA-vlan100] port gigabitethernet 1/0/1 [SwitchA-vlan100] quit [SwitchA] interface vlan-interface 100...

  • Page 209: Troubleshooting Vpls

    Source IP: 1.1.1.9 Destination IP: 2.2.2.9 Session State: Up Interface: LoopBack0 Min Trans Inter: 400ms Act Trans Inter: 400ms Min Recv Inter: 400ms Act Detect Inter: 2000ms Running Up for: 00:00:01 Auth mode: None Connect Type: Indirect Board Num: 6 Protocol: MFW/LDP Diag Info: No Diagnostic Local Discr: 4...
  • Page 210 • The extended session is not operating correctly. • A private network interface is not bound to the corresponding VPLS instance or the private network interface is not up. Solution • Check the routing tables of the PEs to see whether a route is available between the two PEs. Verify that each device can ping the loopback interface of the peer and whether the LDP session operates correctly.

  • Page 211: Configuring Mpls L2Vpn

    Configuring MPLS L2VPN This chapter describes how to configure MPLS L2VPN. Hardware compatibility The HPE 5820X Switch Series does not support MPLS L2VPN. MPLS L2VPN overview MPLS L2VPN is an MPLS-based Layer 2 VPN technology. It uses MPLS to establish Layer 2 connections between network nodes.

  • Page 212: Mpls L2Vpn Network Models

    • Provider device—P devices do not directly connect to CEs. They only need to forward user packets between PEs. MPLS L2VPN network models MPLS L2VPN network models include remote connection model and local connection model. Remote connection model As shown in Figure 49, this model connects two Layer 2 customer networks over an MPLS or IP backbone.
  • Page 213 If multiple public tunnels exist between two PEs, you can configure a tunneling policy to control tunnel selection. For more information about tunneling policy, see "Configuring MPLS L3VPN." Set up a VC to identify customer networks. To set up a VC, the two PEs assign VC labels to each other to set up a pair of unidirectional LSPs in opposite directions.

  • Page 214: Implementation Of Mpls L2Vpn

    This packet forwarding process is not applicable to the CCC mode of MPLS L2VPN. For more information about the CCC mode of MPLS L2VPN, see "CCC MPLS L2VPN." Implementation of MPLS L2VPN This section describes how to set up a remote MPLS L2VPN connection in different modes. CCC MPLS L2VPN The CCC mode sets up a CCC connection by establishing two static LSPs in opposite directions and binding the static LSPs to ACs.
  • Page 215 The VC type and the VC ID uniquely identify a VC. On a PE, the VC ID uniquely identifies a VC among the VCs of the same type. As shown in Figure 53, the PEs send a VC FEC and VC label mapping to each other. After the VC labels are distributed, a VC is set up between the PEs.
  • Page 216 • Label-block Offset—Offset of the label block. When CEs increase in a VPN and the existing label block size is not enough, you do not need to withdraw the label block on the PEs. Instead, you can assign a new label block in addition to the existing label block to enlarge the label range. A PE uses LO to identify a label block among all label blocks, and to determine from which label block it assigns labels.
  • Page 217 Figure 55 Label distribution in Kompella mode As shown in Figure 55, CE 1 and CE 2 belong to VPN 1. CE 3 and CE 4 belong to VPN 2. Configure route targets for the two VPNs to make sure CEs in the same VPN can set up a VC and CEs in different VPNs cannot.
  • Page 218 Table 1 Comparing MPLS L2VPN implementation modes VC label Application Mode encapsulation and Advantages and disadvantages scenario distribution Advantages: • Requires no signaling protocol and occupies fewer network resources. Small-scale • Network devices only need to support network with a MPLS.

  • Page 219: Vc Encapsulations Types

    VC encapsulations types Before adding a VC label to a Layer 2 packet, a PE encapsulates the Layer 2 packet according to the AC link type. VC encapsulation types and AC link types are closely related. The following VC encapsulation types are available for an Ethernet link: •...

  • Page 220: Configuring Basic Mpls L2Vpn

    Task Remarks Configuring traffic policing for an AC Optional. Enabling traffic statistics for an AC Optional. Configuring basic MPLS L2VPN Step Command Remarks Enter system view. system-view Configure the LSR ID. mpls lsr-id lsr-id Configure basic MPLS and mpls enter MPLS view. Return to system view.

  • Page 221: Configuring A Remote Ccc Connection

    Configuring a remote CCC connection To configure a remote CCC connection, perform the following configuration on the PE and P devices: • On a PE, you do not need to create static LSPs (with the static-lsp command) for a remote CCC connection.

  • Page 222: Configuring A Static Vc On A Layer 3 Interface (Approach 1)

    After you configure an SVC for a service instance applied on a Layer 2 Ethernet interface or Layer 2 aggregate interface, the interface uses the service instance to match incoming packets. Packets matching the service instance are forwarded over the VC. A service instance can match all packets received on the interface, packets carrying the specified VLAN tags, all tagged packets, or packets with no VLAN tags.
  • Page 223 To create multiple VCs with the same attributes (such as VC encapsulation type and VC tunneling policy), you do not need to configure the attributes one by one for each VC. Instead, you can create a PW class, configure VC attributes in the PW class, and then reference the PW class in each VC. To create a static VC for a service instance: Step Command...

  • Page 224: Configuring Martini Mpls L2Vpn

    Step Command Remarks display service-instance interface 11. Display information about interface-type interface-number one or all service instances [ service-instance instance-id ] [ | Available in any view. configured on the interface. { begin | exclude | include } regular-expression ] For more information about commands service-instance, encapsulation, and display service-instance interface, see MPLS Command Reference.

  • Page 225: Creating A Martini Vc On A Layer 3 Interface

    Creating a Martini VC on a Layer 3 interface IMPORTANT: A Martini VC has two main parameters: IP address of the peer PE, and VC ID. The combination of the VC ID and the encapsulation type must be unique on a PE. Changing the encapsulation type may result in VC ID conflicts.

  • Page 226: Inspecting Vcs

    Step Command Remarks • Enter Layer 2 Ethernet interface view: interface interface-type Enter the view of the Layer 2 interface-number Ethernet interface or Layer 2 • Enter Layer 2 aggregate aggregate interface interface view: connected to a CE. interface bridge-aggregation interface-number Create a service instance By default, no service instance is...

  • Page 227: Configuring Kompella Mpls L2Vpn

    Configuring Kompella MPLS L2VPN To configure a Kompella MPLS L2VPN, perform the following configurations on PEs: • Configure BGP L2VPN capability. (Not needed for a local connection.) • Create and configure MPLS L2VPN. • Create a CE connection. Configuring BGP L2VPN capability Step Command Remarks...

  • Page 228: Creating A Ce Connection

    Step Command Remarks Associate the MPLS L2VPN vpn-target vpn-target&<1-16> [ both | with one or more route export-extcommunity | targets. import-extcommunity ] The mtu command affects only parameter negotiations, Set the Layer 2 MTU for the if any. It does not affect data mtu mtu MPLS L2VPN.

  • Page 229: Configuring Traffic Policing For An Ac

    When you plan a VPN, Hewlett Packard Enterprise recommends that you set CE IDs in incremental sequence and then configure connections in the sequence of CE IDs so you can omit the ce-offset keyword (use the default setting) for most connections. •...

  • Page 230: Enabling Traffic Statistics For An Ac

    After you apply an inbound or outbound global CAR action in service instance view, the device polices the inbound or outbound traffic matching the service instance according to the applied global CAR action. To apply a global CAR action for a service instance: Step Command Remarks...

  • Page 231: Displaying And Maintaining Mpls L2Vpn

    Displaying and maintaining MPLS L2VPN Task Command Remarks display ccc [ ccc-name ccc-name | type Display information about CCC { local | remote } ] [ | { begin | exclude | Available in any view. connections. include } regular-expression ] display l2vpn ccc-interface vc-type { all | Display information about bgp-vc | ccc | ldp-vc | static-vc } [ up |...

  • Page 232: Mpls L2Vpn Configuration Examples

    MPLS L2VPN configuration examples This section provides examples for configuring MPLS L2VPN. Example for configuring a remote CCC connection Network requirements The CEs are connected to the PEs through VLAN interfaces. Create a remote CCC connection, so CE 1 and CE 2 can exchange Layer 2 packets across the backbone network.
  • Page 233 [PE1-LoopBack0] quit [PE1] mpls lsr-id 10.0.0.1 [PE1] mpls [PE1-mpls] quit # Enable L2VPN and MPLS L2VPN. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Configure interface VLAN-interface 10. [PE2] interface vlan-interface 10 [PE2-Vlan-interface10] quit # Configure interface VLAN-interface 30 and enable MPLS. [PE1] interface vlan-interface 30 [PE1-Vlan-interface30] ip address 10.1.1.1 24 [PE1-Vlan-interface30] mpls...
  • Page 234 # Configure the LSR ID and enable MPLS globally. <Sysname> system-view [Sysname] sysname PE2 [PE2] interface loopback 0 [PE2-LoopBack0] ip address 10.0.0.3 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 10.0.0.3 [PE2] mpls [PE2-mpls] quit # Enable L2VPN and MPLS L2VPN. [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit # Configure interface VLAN-interface 10.

  • Page 235: Example For Configuring Svc Mpls L2Vpn

    PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=180 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=70 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=60 ms --- 100.1.1.2 ping statistics --- 5 packet(s) transmitted...
  • Page 236 # Configure an IP address for the interface connected to PE 1. <Sysname> system-view [Sysname] sysname CE1 [CE1] interface vlan-interface 10 [CE1-Vlan-interface10] ip address 100.1.1.1 24 Configure PE 1: # Configure the LSR ID and enable MPLS globally. <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.2.2.2 32...
  • Page 237 [P] mpls [P-mpls] quit # Enable LDP globally. [P] mpls ldp [P-mpls-ldp] quit # Configure the interface connected with PE 1, and enable LDP on the interface. [P] interface vlan-interface 20 [P-Vlan-interface20] ip address 10.1.1.2 24 [P-Vlan-interface20] mpls [P-Vlan-interface20] mpls ldp [P-Vlan-interface20] quit # Configure the interface connected with PE 2, and enable LDP on the interface.
  • Page 238 [PE2-Vlan-interface30] quit # Configure OSPF on PE 2 for establishing LSPs. [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 10.2.2.1 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 192.3.3.3 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit # Create a static VC on the interface connected to CE 2. The interface requires no IP address. [PE2] interface vlan-interface 10 [PE2-Vlan-interface10] mpls static-l2vc destination 192.2.2.2 transmit-vpn-label 200 receive-vpn-label 100...

  • Page 239: Example For Configuring Martini Mpls L2Vpn

    Example for configuring Martini MPLS L2VPN Network requirements CEs are connected to PEs through VLAN interfaces. Establish a Martini VC, so CE 1 and CE 2 can exchange Layer 2 packets across the backbone. Figure 58 Network diagram PE 1 PE 2 Loop0 Loop0...
  • Page 240 [PE1] mpls ldp [PE1-mpls-ldp] quit # Establish a remote session between PE 1 and PE 2. [PE1] mpls ldp remote-peer 1 [PE1-mpls-ldp-remote-1] remote-ip 192.3.3.3 [PE1-mpls-ldp-remote-1] quit # Configure the interface connected with the P device, and enable LDP on the interface. [PE1] interface vlan-interface 20 [PE1-Vlan-interface20] ip address 10.1.1.1 24 [PE1-Vlan-interface20] mpls...
  • Page 241 [P-Vlan-interface30] quit # Configure OSPF on the P device for establishing LSPs. [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit Configure PE 2: # Configure the LSR ID and enable MPLS globally. <Sysname>...

  • Page 242: Example For Configuring Kompella Mpls L2Vpn

    Configure CE 2: # Configure an IP address for the interface connected to PE 2. <Sysname> system-view [Sysname] sysname CE2 [CE2] interface vlan-interface 10 [CE2-Vlan-interface10] ip address 100.1.1.2 24 Verify the configuration: # Display VC information on PE 1. The output shows that a VC has been established. [PE1] display mpls l2vc Total ldp vc : 1 1 up...
  • Page 243 Figure 59 Network diagram PE 1 PE 2 Loop0 Loop0 Loop0 Vlan-int30 Vlan-int20 Vlan-int20 Vlan-int30 Vlan-int10 Vlan-int10 Kompella Vlan-int10 Vlan-int10 CE 1 CE 2 Device Interface IP address Device Interface IP address CE 1 Vlan-int10 100.1.1.1/24 CE 2 Vlan-int10 100.1.1.2/24 PE 1 Loop0 2.2.2.2/32...
  • Page 244 [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit [PE2] bgp 100 [PE2-bgp] peer 2.2.2.2 as-number 100 [PE2-bgp] peer 2.2.2.2 connect-interface loopback 0 [PE2-bgp] l2vpn-family [PE2-bgp-af-l2vpn] policy vpn-target [PE2-bgp-af-l2vpn] peer 2.2.2.2 enable [PE2-bgp-af-l2vpn] quit [PE2-bgp] quit After completing the configurations, execute the display bgp l2vpn peer command on PE 1 and PE 2 to display the peer relationship established between the PEs.

  • Page 245: Example For Configuring A Vc For A Service Instance

    CE name: ce1, id: 1, Rid type status peer-id route-distinguisher intf 4.4.4.4 100:1 Vlan10 # Ping CE 2 from CE 1. The output shows that CE 1 and CE 2 can ping each other. [CE1] ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 ms...
  • Page 246 [CE1] interface vlan-interface 10 [CE1-Vlan-interface10] ip address 100.1.1.1 24 Configure PE 1: <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.2.2.2 32 [PE1-LoopBack0] quit # Configure the LSR ID and enable MPLS globally. [PE1] mpls lsr-id 192.2.2.2 [PE1] mpls [PE1-mpls] quit # Enable L2VPN and MPLS L2VPN.
  • Page 247 [P] interface loopback 0 [P-LoopBack0] ip address 192.4.4.4 32 [P-LoopBack0] quit # Configure the MPLS LSR ID and enable MPLS globally. [P] mpls lsr-id 192.4.4.4 [P] mpls [P-mpls] quit # Enable LDP globally. [P] mpls ldp [P-mpls-ldp] quit # Configure the interface connected with PE 1 and enable LDP on the interface. [P] interface vlan-interface 23 [P-Vlan-interface23] ip address 23.1.1.2 24 [P-Vlan-interface23] mpls...
  • Page 248 # Configure PE 2 to establish a remote LDP connection with PE 1. [PE2] mpls ldp remote-peer 2 [PE2-mpls-ldp-remote-2] remote-ip 192.2.2.2 [PE2-mpls-ldp-remote-2] quit # Configure the interface connected to the P device and enable LDP on the interface. [PE2] interface vlan-interface 26 [PE2-Vlan-interface26] ip address 26.2.2.1 24 [PE2-Vlan-interface26] mpls [PE2-Vlan-interface26] mpls ldp...

  • Page 249: Troubleshooting Mpls L2Vpn

    PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 ms --- 100.1.1.2 ping statistics --- 5 packet(s) transmitted...

  • Page 250: Configuring Mpls L3Vpn

    The term "router" in this document represents both routers and Layer 3 switches. Hardware compatibility The HPE 5820X Switch Series does not support MPLS L3VPN. MPLS L3VPN overview MPLS L3VPN is a PE-based L3VPN technology. It uses BGP to advertise VPN routes and uses MPLS to forward VPN packets over service provider backbones.

  • Page 251: Mpls L3Vpn Concepts

    After a CE establishes an adjacency with a directly connected PE, it advertises its VPN routes to the PE and learns remote VPN routes from the PE. A CE and a PE can use BGP, an IGP, or static routing to exchange routing information.
  • Page 252 A VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, followed by a four-byte IPv4 address prefix. Figure 62 VPN-IPv4 address structure Route Distinguisher (8 bytes) 2 bytes 6 bytes 4 bytes Type Administrator subfield Assigned number subfield IPv4 address prefix Upon receiving an IPv4 route from a CE, a PE changes the route to a VPN route by adding an RD and then advertises the VPN route to the peer PE.

  • Page 253: Mpls L3Vpn Packet Forwarding

    • 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1. The Site of Origin (SoO) attribute specifies the site where the route update is originated. It prevents the receiving router from advertising the route update back to the originating site. If the AS-path attribute is lost, the router can use the SoO attribute to avoid routing loops.

  • Page 254: Mpls L3Vpn Networking Schemes

    Figure 63 VPN packet forwarding Site 2 Site 1 CE 1 CE 2 PE 2 PE 1 2.1.1.1/24 1.1.1.2/24 Layer1 Layer2 Layer2 1.1.1.2 1.1.1.2 1.1.1.2 1.1.1.2 A VPN packet is forwarded in the following way: Site 1 sends an IP packet with the destination address of 1.1.1.2. CE 1 transmits the packet to PE 1.
  • Page 255 Figure 64 Network diagram for basic VPN networking scheme Figure 64, for example, the route target for VPN 1 is 100:1 on the PEs, while that for VPN 2 is 200:1. The two VPN 1 sites can communicate with each other, and the two VPN 2 sites can communicate with each other.
  • Page 256 Figure 65 Network diagram for hub and spoke networking scheme VPN 1 VPN 1: Import: Hub Site 1 Export: Spoke VPN 1-out: Spoke-CE Export: Hub Hub-CE Hub-PE Spoke-PE Site 3 Spoke-PE VPN 1-in: VPN 1 Import: Spoke Spoke-CE VPN 1: Site 2 Import: Hub Export: Spoke...

  • Page 257: Mpls L3Vpn Routing Information Advertisement

    Figure 66 Network diagram for extranet networking scheme VPN 1 VPN 1: Import:100:1 Site 1 Export:100:1 PE 1 VPN 1 PE 3 Site 3 PE 2 VPN 2: VPN 1: Site 2 Import:200:1 Import:100:1,200:1 Export:200:1 Export:100:1,200:1 VPN 2 Figure 66, VPN 1 and VPN 2 can access Site 3 of VPN 1. •...

  • Page 258: Inter-As Vpn

    Routing information exchange from the ingress PE to the egress PE After learning the VPN routing information from the CE, the ingress PE adds RDs and route targets for these standard IPv4 routes to create VPN-IPv4 routes, save them to the routing table of the VPN instance that is created for the CE, and then trigger MPLS to assign VPN labels for them.
  • Page 259 Figure 67 Network diagram for inter-AS option A Inter-AS option A is easy to carry out because no special configuration is required on the PEs acting as the ASBRs. However, it has limited scalability because the PEs acting as the ASBRs must manage all VPN routes and create VPN instances on a per-VPN basis.
  • Page 260 Figure 68 Network diagram for inter-AS option B In terms of scalability, inter-AS option B is better than option A. When adopting the MP-EBGP method, note the following: • ASBRs perform no route target filtering on VPN-IPv4 routes that they receive from each other. Therefore, the ISPs in different ASs that exchange VPN-IPv4 routes must agree on the route exchange.

  • Page 261: Carrier's Carrier

    Figure 69 Network diagram for inter-AS option C VPN 1 VPN 1 Multi-hop MP-EBGP CE 1 CE 3 PE 3 PE 1 ASBR 2 ASBR 1 EBGP (PE) (PE) MPLS backbone MPLS backbone AS 100 AS 200 PE 4 PE 2 Multi-hop MP-EBGP VPN LSP CE 4...
  • Page 262 Compared with the common MPLS L3VPN, the carrier's carrier is different because of the way in which a CE of a Level 1 carrier, that is, a Level 2 carrier, accesses a PE of the Level 1 carrier: • If the PE and the CE are in a same AS, you must configure IGP and LDP between them. •...

  • Page 263: Nested Vpn

    NOTE: If equal cost routes exist between the Level 1 carrier and the Level 2 carrier, Hewlett Packard Enterprise recommends establishing equal cost LSPs between them. Nested VPN In an MPLS L3VPN network, generally a service provider runs an MPLS L3VPN backbone and provides VPN services through PEs.

  • Page 264: Hovpn

    After receiving a VPNv4 route, a provider PE keeps the user's internal VPN information, and appends the user's MPLS VPN attributes on the service provider network. That is, it replaces the RD of the VPNv4 route with the RD of the user's MPLS VPN on the service provider network and adds the export route-target (ERT) attribute of the user's MPLS VPN on the service provider network to the extended community attribute list of the route.
  • Page 265 Implementation of HoVPN Figure 74 Basic architecture of HoVPN As shown in Figure 74, devices directly connected to CEs are called underlayer PEs or user-end PEs (UPEs), whereas devices that are connected to UPEs and are in the internal network are called superstratum PEs or service provider-end PEs (SPEs).

  • Page 266: Ospf Vpn Extension

    With MP-IBGP, to advertise routes between IBGP peers, the SPE acts as the RR and advertises routes from IBGP peer UPE to IBGP peer SPE. However, it does not act as the RR of the other PEs. Recursion and extension of HoVPN HoVPN supports HoPE recursion: •...
  • Page 267 The OSPF area between a PE and a CE can be either a non-backbone area or a backbone area. In the OSPF VPN extension application, the MPLS VPN backbone is considered the backbone area (area 0). The area 0 of each VPN site must be connected to the MPLS VPN backbone because OSPF requires that the backbone area be contiguous.
  • Page 268 • Routing loop detection If OSPF runs between CEs and PEs and a VPN site is connected to multiple PEs, when a PE advertises the BGP VPN routes learned from MPLS/BGP to the VPN site through LSAs, the LSAs can be received by another PE, resulting in a routing loop. To avoid routing loops, when creating Type 3 LSAs, the PE always sets the flag bit DN for BGP VPN routes learned from MPLS/BGP, regardless of whether the PE and the CEs are connected through the OSPF backbone.

  • Page 269: Bgp As Number Substitution And Soo

    BGP AS number substitution and SoO Because BGP detects routing loops by AS number, if EBGP runs between PEs and CEs, you must assign different AS numbers to geographically different sites to ensure correct transmission of the routing information. The BGP AS number substitution function allows physically dispersed CEs to use the same AS number.

  • Page 270: Configuring Basic Mpls L3Vpn

    Configuring basic MPLS L3VPN The key task in MPLS L3VPN configuration is to manage the advertisement of VPN routes on the MPLS backbone, including PE-CE route exchange and PE-PE route exchange. To configure basic MPLS L3VPN: Task Remarks Creating a VPN instance Required.
  • Page 271 Associating a VPN instance with an interface After creating and configuring a VPN instance, you must associate the VPN instance with the interface connected to the CE. Any LDP-capable interface can be associated with a VPN instance. For information about LDP-capable interfaces, see "Configuring basic MPLS."...
  • Page 272 Step Command Remarks Optional. By default, all routes matching the import target attribute are Apply an import routing accepted. import route-policy route-policy policy. Make sure the routing policy already exists. Otherwise, the switch does not filter received routes. Optional. By default, routes to be advertised are not filtered.
  • Page 273 Step Command Remarks Enter system view. system-view Create a tunneling tunnel-policy policy and enter tunnel-policy-name tunneling policy view. Optional. By default, no preferred tunnel is configured. Configure a preferred preferred-path number In a tunneling policy, you can configure tunnel and specify a interface tunnel tunnel-number up to 64 preferred tunnels.

  • Page 274: Configuring Routing Between Pe And Ce

    This task is to configure the LDP capability for an existing VPN instance, create an LDP instance for the VPN instance, and configure LDP parameters for the LDP instance. To configure an LDP instance: Step Command Remarks Enter system view. system-view Enable LDP for a VPN instance, mpls ldp vpn-instance...
  • Page 275 Step Command Remarks • Approach 1: ip route-static dest-address { mask | mask-length } { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } Use either command as [ preference preference-value ] [ tag needed. tag-value ] [ description Perform this configuration on description-text ] Configure a static...
  • Page 276 Step Command Remarks Optional. Configure the OSPF domain domain-id domain-id [ secondary ] 0 by default. Optional. The defaults are as follows: ext-community-type • Configure the type codes of 0x0005 for Domain ID. { domain-id type-code1 | OSPF extended community •...
  • Page 277 Configuring EBGP between PE and CE Configure the PE: Step Command Remarks Enter system view. system-view Enable BGP and enter BGP bgp as-number view. Enter BGP VPN instance ipv4-family vpn-instance view. vpn-instance-name Configure the CE as the peer { group-name | ip-address } VPN EBGP peer.
  • Page 278 Step Command Remarks For information about BGP peer and peer group configuration, see Configure the PE as the peer { group-name | ip-address } Layer 3—IP Routing EBGP peer. Configuration Guide. This chapter as-number as-number does not differentiate between peer and peer group. Optional.

  • Page 279: Configuring Routing Between Pes

    Step Command Remarks Optional. By default, each RR in a cluster uses its own router ID as the cluster ID. Configure the cluster ID for reflector cluster-id { cluster-id | the RR. If more than one RR exists in a ip-address } cluster, use this command to configure the same cluster ID for...

  • Page 280: Configuring Routing Features For Bgp Vpnv4 Subaddress Family

    Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Configure the remote PE as peer { group-name | ip-address } the peer. as-number as-number peer { group-name | ip-address } By default, BGP uses the source Specify the source interface interface of the optimal route connect-interface interface-type for route updates.
  • Page 281 Step Command Remarks Enable a peer or peer group for an address family and By default, only IPv4 routing peer { group-name | ip-address } enable the exchange of BGP information is exchanged enable routing information for the between BGP peers. address family.
  • Page 282 Step Command Remarks Enter BGP view. bgp as-number Configure the remote PE as peer ip-address as-number the peer. as-number peer ip-address Specify the interface for TCP connect-interface interface-type connection. interface-number Enter BGP-VPNv4 ipv4-family vpnv4 subaddress family view. Optional. Set the default value of the default local-preference value local preference.

  • Page 283: Configuring Inter-As Vpn

    Step Command Remarks Optional. 17. Make BGP updates to be peer { group-name | ip-address } sent carry no private AS By default, a BGP update carries public-as-only numbers. private AS numbers. Optional. peer { group-name | ip-address } 18. Apply a routing policy to a route-policy route-policy-name By default, no routing policy is peer or peer group.

  • Page 284: Configuring Inter-As Option C

    The device supports only the second method. Therefore, MP-EBGP routes get their next hops changed by default before being redistributed to MP-IBGP. However, normal EBGP routes to be advertised to IBGP do not have their next hops changed by default. To change the next hop to a local address, use the peer { ip-address | group-name } next-hop-local command.
  • Page 285 Step Command Remarks Configure the PE of another peer { group-name | ip-address } AS as the EBGP peer. as-number as-number Enter BGP-VPNv4 ipv4-family vpnv4 subaddress family view. Enable the PE to exchange BGP VPNv4 routing peer { group-name | ip-address } information with the EBGP enable peer.

  • Page 286: Configuring Nested Vpn

    Configuring the routing policy After you configure and apply a routing policy on an ASBR PE, it does the following: • Assigns MPLS labels to the routes received from the PEs in the same AS before advertising them to the peer ASBR PE. •...

  • Page 287: Configuring Hovpn

    Step Command Remarks Enter BGP VPN instance ipv4-family vpn-instance view. vpn-instance-name peer { group-name | Configure a CE peer or peer peer-address } as-number group. number Return to BGP view. quit Enter BGP-VPNv4 ipv4-family vpnv4 subaddress family view. Enable nested VPN. Disabled by default.

  • Page 288: Configuring An Ospf Sham Link

    Step Command Remarks Use either approach. Do not configure both the peer • default-route-advertise (Approach 1) Advertise a vpn-instance command and the default VPN route: peer { group-name | peer upe route-policy command. ip-address } default-route-advertise By default, BGP does not vpn-instance advertise routes to a VPNv4 peer.

  • Page 289: Creating A Sham Link

    Step Command Enter system view. system-view Enter BGP view. bgp as-number Enter BGP VPN instance view. ipv4-family vpn-instance vpn-instance-name Redistribute direct routes into BGP (to import-route direct [ med med-value | redistribute the loopback interface route into route-policy route-policy-name ] * BGP).

  • Page 290: Resetting Bgp Connections

    With the BGP AS number substitution function, when a PE advertises a route to the specified CE, if an AS number identical to that of the CE exists in the AS_PATH of the route, it is replaced with that of the PE before the route is advertised.

  • Page 291: Displaying And Maintaining Mpls L3Vpn

    Task Command Remarks reset bgp vpn-instance Hard reset BGP connections of a vpn-instance-name { as-number | Available in VPN instance. ip-address | all | external | group user view. group-name } reset bgp vpnv4 { as-number | ip-address | Hard reset BGP VPNv4 Available in all | external | internal | group connections.
  • Page 292 Task Command Remarks display bgp vpnv4 { all | vpn-instance Display the IP prefix information vpn-instance-name } peer ip-address for the ORF packets received Available in any view. received ip-prefix [ | { begin | exclude | from the specified BGP peer. include } regular-expression ] display bgp vpnv4 all routing-table [ [ network-address [ { mask | mask-length }...

  • Page 293: Mpls L3Vpn Configuration Examples

    Task Command Remarks display tunnel-policy { all | policy-name Display information about a tunnel-policy-name } [ | { begin | exclude | Available in any view. specific or all tunnel policies. include } regular-expression ] display mpls ldp vpn-instance Display information about the vpn-instance-name [ | { begin | exclude | Available in any view.
  • Page 294 Figure 79 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan-int11 10.1.1.1/24 Loop0 2.2.2.9/32 PE 1 Loop0 1.1.1.9/32 Vlan-int12 172.2.1.1/24 Vlan-int11 10.1.1.2/24 Vlan-int13 172.1.1.2/24 Vlan-int13 172.1.1.1/24 PE 2 Loop0 3.3.3.9/32 Vlan-int12 10.2.1.2/24 Vlan-int12 172.2.1.2/24 CE 2 Vlan-int12 10.2.1.1/24 Vlan-int11...
  • Page 295 [P-LoopBack0] quit [P] interface vlan-interface 13 [P-Vlan-interface13] ip address 172.1.1.2 24 [P-Vlan-interface13] quit [P] interface vlan-interface 12 [P-Vlan-interface12] ip address 172.2.1.1 24 [P-Vlan-interface12] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit # Configure PE 2.
  • Page 296 State: Full Mode:Nbr is Master Priority: 1 DR: 172.1.1.1 BDR: 172.1.1.2 MTU: 0 Dead timer due in 38 Neighbor is up for 00:02:44 Authentication Sequence: [ 0 ] Neighbor state change count: 5 Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs: # Configure PE 1.
  • Page 297 --------------------------------------------------------------- 2.2.2.9:0 Operational Passive --------------------------------------------------------------- LAM : Label Advertisement Mode : Fault Tolerance # On PE 1, verify that the LSPs have been established by LDP. [PE1] display mpls ldp lsp LDP LSP Information ------------------------------------------------------------------ DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface ------------------------------------------------------------------ 1.1.1.9/32 3/NULL 127.0.0.1...
  • Page 298 [PE2-Vlan-interface13] ip binding vpn-instance vpn2 [PE2-Vlan-interface13] ip address 10.4.1.2 24 [PE2-Vlan-interface13] quit # Configure IP addresses for the CEs according to Figure 79. (Details not shown.) # Execute the display ip vpn-instance command on the PEs to display the configuration of the VPN instance, for example, on PE 1.
  • Page 299 # Execute the display bgp vpnv4 vpn-instance peer command on the PEs. This example uses PE 1 to verify that a BGP peer relationship in Established state has been established between a PE and a CE. [PE1] display bgp vpnv4 vpn-instance vpn1 peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1...

  • Page 300: Configuring Mpls L3Vpns Using Ibgp Between Pe And Ce

    Routing Tables: vpn2 Destinations : 5 Routes : 5 Destination/Mask Proto Cost NextHop Interface 10.2.1.0/24 Direct 0 10.2.1.2 Vlan12 10.2.1.2/32 Direct 0 127.0.0.1 InLoop0 10.4.1.0/24 3.3.3.9 NULL0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Verify that CEs of the same VPN can ping each other. Those of different VPNs cannot ping each other.
  • Page 301 Figure 80 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 1.1.1.9/32 PE 2 Loop0 3.3.3.9/32 Vlan-int11 10.1.1.2/24 Vlan-int12 172.2.1.2/24 Vlan-int13 172.1.1.1/24 Vlan-int11 10.3.1.2/24 Vlan-int12 10.2.1.2/24 Vlan-int13 10.4.1.2/24 CE 1 Loop0 4.4.4.9/32 Loop0 2.2.2.9/32 Vlan-int11 10.1.1.1/24 Vlan-int12 172.2.1.1/24 CE 2...
  • Page 302 <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface vlan-interface 13 [P-Vlan-interface13] ip address 172.1.1.2 24 [P-Vlan-interface13] quit [P] interface vlan-interface 12 [P-Vlan-interface12] ip address 172.2.1.1 24 [P-Vlan-interface12] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0...
  • Page 303 Neighbors Area 0.0.0.0 interface 172.1.1.1(Vlan-interface13)'s neighbors Router ID: 172.1.1.2 Address: 172.1.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: 172.1.1.1 BDR: 172.1.1.2 MTU: 0 Dead timer due in 38 Neighbor is up for 00:02:44 Authentication Sequence: [ 0 ] Neighbor state change count: 5 Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs: # Configure PE 1.
  • Page 304 Total number of sessions: 1 ---------------------------------------------------------------- Peer-ID Status SsnRole KA-Sent/Rcv --------------------------------------------------------------- 2.2.2.9:0 Operational Passive --------------------------------------------------------------- LAM : Label Advertisement Mode : Fault Tolerance # On PE 1, verify that the LSPs have been established by LDP. [PE1] display mpls ldp lsp LDP LSP Information ------------------------------------------------------------------ DestAddress/Mask...
  • Page 305 [PE2-Vlan-interface11] ip address 10.3.1.2 24 [PE2-Vlan-interface11] quit [PE2] interface vlan-interface 13 [PE2-Vlan-interface13] ip binding vpn-instance vpn2 [PE2-Vlan-interface13] ip address 10.4.1.2 24 [PE2-Vlan-interface13] quit # Configure IP addresses for the CEs according to in Figure 80. (Details not shown.) # Execute the display ip vpn-instance command on the PEs to display the configuration of the VPN instance, for example, on PE 1.
  • Page 306 [PE1-bgp-vpn1] peer 10.1.1.1 reflect-client [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] ipv4-family vpn-instance vpn2 [PE1-bgp-vpn2] peer 10.2.1.1 as-number 100 [PE1-bgp-vpn2] peer 10.2.1.1 reflect-client [PE1-bgp-vpn2] import-route direct [PE1-bgp-vpn2] quit [PE1-bgp] quit # Configure PE 2 in the same way that PE 1 is configured. (Details not shown.) # Execute the display bgp vpnv4 vpn-instance peer command on the PEs.
  • Page 307 [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit # Execute the display bgp peer command on the PEs. This example uses PE 1 to verify that a BGP peer relationship in Established state has been established between the PEs. [PE1] display bgp peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1...

  • Page 308: Configuring A Hub-Spoke Network

    5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/48/72 ms [CE1] ping 7.7.7.9 PING 7.7.7.9: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 7.7.7.9 ping statistics --- 5 packet(s) transmitted 0 packet(s) received...
  • Page 309 Vlan-int4 172.1.1.1/24 Vlan-int4 172.1.1.2/24 Spoke-CE 2 Vlan-int3 10.2.1.1/24 Vlan-int5 172.2.1.2/24 Spoke-PE 2 Loop0 3.3.3.9/32 Vlan-int6 10.3.1.2/24 Vlan-int3 10.2.1.2/24 Vlan-int7 10.4.1.2/24 Vlan-int5 172.2.1.1/24 Configuration procedure Configure an IGP in the MPLS backbone to ensure IP connectivity between spoke-PE and hub-PE: # Configure Spoke-PE 1. <Spoke-PE1>...
  • Page 310 [Hub-PE] ospf [Hub-PE-ospf-1] area 0 [Hub-PE-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [Hub-PE-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [Hub-PE-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [Hub-PE-ospf-1-area-0.0.0.0] quit [Hub-PE-ospf-1] quit # On Spoke-PE 1, verify that the PEs have learned the routes to the loopback interfaces of each other. [Spoke-PE1] display ip routing-table Routing Tables: Public Destinations : 10...
  • Page 311 [Spoke-PE1-Vlan-interface4] quit # Configure Spoke-PE 2. [Spoke-PE2] mpls lsr-id 3.3.3.9 [Spoke-PE2] mpls [Spoke-PE2-mpls] quit [Spoke-PE2] mpls ldp [Spoke-PE2-mpls-ldp] quit [Spoke-PE2] interface vlan-interface 5 [Spoke-PE2-Vlan-interface5] mpls [Spoke-PE2-Vlan-interface5] mpls ldp [Spoke-PE2-Vlan-interface5] quit # Configure the Hub-PE. [Hub-PE] mpls lsr-id 2.2.2.9 [Hub-PE] mpls [Hub-PE-mpls] quit [Hub-PE] mpls ldp [Hub-PE-mpls-ldp] quit...
  • Page 312 Configure VPN instances on the spoke-PEs and the hub-PE to allow CEs to access the PEs: # Configure Spoke-PE 1. [Spoke-PE1] ip vpn-instance vpn1 [Spoke-PE1-vpn-instance-vpn1] route-distinguisher 100:1 [Spoke-PE1-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity [Spoke-PE1-vpn-instance-vpn1] vpn-target 222:2 export-extcommunity [Spoke-PE1-vpn-instance-vpn1] quit [Spoke-PE1] interface vlan-interface 2 [Spoke-PE1-Vlan-interface2] ip binding vpn-instance vpn1 [Spoke-PE1-Vlan-interface2] ip address 10.1.1.2 24 [Spoke-PE1-Vlan-interface2] quit...
  • Page 313 [Spoke-PE1] ping -vpn-instance vpn1 10.1.1.1 PING 10.1.1.1: 56 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=56 ms Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=4 ms Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=4 ms Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=52 ms Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=3 ms --- 10.1.1.1 ping statistics --- 5 packet(s) transmitted...
  • Page 314 [Hub-PE-bgp] ipv4-family vpn-instance vpn1-in [Hub-PE-bgp-vpn1-in] peer 10.3.1.1 as-number 65430 [Hub-PE-bgp-vpn1-in] import-route direct [Hub-PE-bgp-vpn1-in] quit [Hub-PE-bgp] ipv4-family vpn-instance vpn1-out [Hub-PE-bgp-vpn1-out] peer 10.4.1.1 as-number 65430 [Hub-PE-bgp-vpn1-out] peer 10.4.1.1 allow-as-loop [Hub-PE-bgp-vpn1-out] import-route direct [Hub-PE-bgp-vpn1-out] quit [Hub-PE-bgp] quit # Execute the display bgp vpnv4 vpn-instance peer command on the PEs. This example uses Spoke-PE 1 to verify that a BGP peer relationship in Established state has been established between a PE and a CE.
  • Page 315 [Hub-PE-bgp-af-vpnv4] quit [Hub-PE-bgp] quit # Execute the display bgp peer command on the PEs. This example uses Spoke-PE 1 to verify that a BGP peer relationship in Established state has been established between the PEs. [Spoke-PE1] display bgp peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1...

  • Page 316: Configuring Inter-As Option A

    Configuring inter-AS option A Network requirements CE 1 and CE 2 belong to the same VPN. CE 1 accesses the network through PE 1 in AS 100 and CE 2 accesses the network through PE 2 in AS 200. Inter-AS MPLS L3VPN is implemented using option A, where the VRF-to-VRF method is used to manage VPN routes.
  • Page 317 [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface vlan-interface 11 [PE1-Vlan-interface11] mpls [PE1-Vlan-interface11] mpls ldp [PE1-Vlan-interface11] quit # Configure basic MPLS on ASBR PE 1, and enable MPLS LDP on the interface connected to PE 1.
  • Page 318 For the same VPN, the route targets for the VPN instance on the PE must match those for the VPN instance on the ASBR-PE in the same AS. This is not required for PEs in different ASs. # Configure CE 1. <CE1>...
  • Page 319 [ASBR-PE2-Vlan-interface12] ip address 192.1.1.2 24 [ASBR-PE2-Vlan-interface12] quit # Execute the display ip vpn-instance command to display VPN instance configurations. Verify that the PEs can ping the CEs, and the ASBR PEs can ping each other. (Details not shown.) Establish EBGP peer relationships between PEs and CEs to allow VPN routes to be redistributed: # Configure CE 1.

  • Page 320: Configuring Inter-As Option B

    [ASBR-PE1-bgp] ipv4-family vpnv4 [ASBR-PE1-bgp-af-vpnv4] peer 1.1.1.9 enable [ASBR-PE1-bgp-af-vpnv4] peer 1.1.1.9 next-hop-local [ASBR-PE1-bgp-af-vpnv4] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ipv4-family vpn-instance vpn1 [ASBR-PE2-bgp-vpn1] peer 192.1.1.1 as-number 100 [ASBR-PE2-bgp-vpn1] quit [ASBR-PE2-bgp] peer 4.4.4.9 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [ASBR-PE2-bgp] ipv4-family vpnv4 [ASBR-PE2-bgp-af-vpnv4] peer 4.4.4.9 enable [ASBR-PE2-bgp-af-vpnv4] peer 4.4.4.9 next-hop-local...
  • Page 321 Figure 83 Network diagram MPLS backbone MPLS backbone Loop0 Loop0 AS 100 AS 600 Vlan-int12 Vlan-int12 Vlan-int11 Vlan-int11 ASBR-PE 2 ASBR-PE 1 Loop0 Loop0 Vlan-int11 Vlan-int11 PE 2 PE 1 Vlan-int12 Vlan-int12 Site 1 Site 2 CE 1 CE 2 AS 65001 AS 65002 Device...
  • Page 322 # Configure interface Loopback 0 and start IS-IS on it. [PE1] interface loopback 0 [PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and route target attributes. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity...
  • Page 323 [ASBR-PE1-Vlan-interface11] mpls ldp [ASBR-PE1-Vlan-interface11] quit # Configure interface VLAN-interface 12 and enable MPLS on it. [ASBR-PE1] interface vlan-interface 12 [ASBR-PE1-Vlan-interface12] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Vlan-interface12] mpls [ASBR-PE1-Vlan-interface12] quit # Configure interface Loopback 0 and start IS-IS on it. [ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.3.3.9 32 [ASBR-PE1-LoopBack0] isis enable 1 [ASBR-PE1-LoopBack0] quit...
  • Page 324 [ASBR-PE2-Vlan-interface12] mpls [ASBR-PE2-Vlan-interface12] quit # Configure interface Loopback 0 and start IS-IS on it. [ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit # Start BGP on ASBR-PE 2. [ASBR-PE2] bgp 600 [ASBR-PE2-bgp] peer 11.0.0.2 as-number 100 [ASBR-PE2-bgp] peer 5.5.5.9 as-number 600 [ASBR-PE2-bgp] peer 5.5.5.9 connect-interface loopback 0 # Disable route target based filtering of received VPNv4 routes.

  • Page 325: Configuring Inter-As Option C

    [PE2-vpn-instance-vpn1] route-distinguisher 12:12 [PE2-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity [PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE2-vpn-instance-vpn1] quit # Bind the interface connected with CE 2 to the created VPN instance. [PE2] interface vlan-interface 12 [PE2-Vlan-interface12] ip binding vpn-instance vpn1 [PE2-Vlan-interface12] ip address 20.0.0.1 8 [PE2-Vlan-interface12] quit # Start BGP on PE 2.
  • Page 326 Figure 84 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 Loop1 30.0.0.1/32 Loop1 20.0.0.1/32 Vlan-int11 1.1.1.2/8 Vlan-int11 9.1.1.2/8 ASBR-PE 1 Loop0 3.3.3.9/32 ASBR-PE 2 Loop0 4.4.4.9/32 Vlan-int11 1.1.1.1/8 Vlan-int11 9.1.1.1/8 Vlan-int12 11.0.0.2/8 Vlan-int12...
  • Page 327 [PE1-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and route target attributes. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Configure interface Loopback 1 and bind the interface to VPN instance vpn1. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ip address 30.0.0.1 32...
  • Page 328 [ASBR-PE1-Vlan-interface11] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-Vlan-interface11] isis enable 1 [ASBR-PE1-Vlan-interface11] mpls [ASBR-PE1-Vlan-interface11] mpls ldp [ASBR-PE1-Vlan-interface11] quit # Configure interface VLAN-interface 12 and enable MPLS on it. [ASBR-PE1] interface vlan-interface 12 [ASBR-PE1-Vlan-interface12] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Vlan-interface12] mpls [ASBR-PE1-Vlan-interface12] quit # Configure interface Loopback 0 and start IS-IS on it. [ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.3.3.9 32 [ASBR-PE1-LoopBack0] isis enable 1...
  • Page 329 [ASBR-PE2] mpls [ASBR-PE2-mpls] label advertise non-null [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit # Configure interface VLAN-interface 11, and start IS-IS and enable MPLS and LDP on the interface. [ASBR-PE2] interface vlan-interface 11 [ASBR-PE2-Vlan-interface11] ip address 9.1.1.1 255.0.0.0 [ASBR-PE2-Vlan-interface11] isis enable 1 [ASBR-PE2-Vlan-interface11] mpls [ASBR-PE2-Vlan-interface11] mpls ldp [ASBR-PE2-Vlan-interface11] quit...
  • Page 330 [ASBR-PE2-bgp] quit Configure PE 2: # Start IS-IS on PE 2. <PE2> system-view [PE2] isis 1 [PE2-isis-1] network-entity 10.4444.4444.4444.4444.00 [PE2-isis-1] quit # Configure LSR ID, enable MPLS and LDP. [PE2] mpls lsr-id 5.5.5.9 [PE2] mpls [PE2-mpls] label advertise non-null [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure interface VLAN-interface 11, and start IS-IS and enable MPLS and LDP on the...

  • Page 331: Configuring Carrier's Carrier

    [PE2-bgp] peer 2.2.2.9 ebgp-max-hop 10 # Configure peer 2.2.2.9 as a VPNv4 peer. [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 2.2.2.9 enable [PE2-bgp-af-vpnv4] quit # Redistribute direct routes to the routing table of vpn1. [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] quit Verify the configuration: # Verify that PE 1 and PE 2 can ping each other.
  • Page 332 Figure 85 Network diagram Loop0 Loop0 Provider carrier Vlan-int12 PE 1 PE 2 Vlan-int12 Vlan-int11 Vlan-int11 AS 100 AS 100 Loop0 Customer carrier Customer carrier Vlan-int11 Vlan-int11 Vlan-int12 Vlan-int12 CE 1 CE 2 Vlan-int12 Vlan-int12 PE 4 Vlan-int11 PE 3 Vlan-int11 Loop0 Loop0...
  • Page 333 [PE1-LoopBack0] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip address 30.1.1.1 24 [PE1-Vlan-interface12] isis enable 1 [PE1-Vlan-interface12] mpls [PE1-Vlan-interface12] mpls ldp [PE1-Vlan-interface2] mpls ldp transport-address interface [PE1-Vlan-interface2] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.4.4.9 enable [PE1-bgp-af-vpnv4] quit...
  • Page 334 [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0000.0001.00 [PE3-isis-2] quit [PE3] interface loopback 0 [PE3-LoopBack0] isis enable 2 [PE3-LoopBack0] quit [PE3] interface vlan-interface 12 [PE3-Vlan-interface12] ip address 10.1.1.1 24 [PE3-Vlan-interface12] isis enable 2 [PE3-Vlan-interface12] mpls [PE3-Vlan-interface12] mpls ldp [PE3-Vlan-interface12] mpls ldp transport-address interface [PE3-Vlan-interface12] quit...
  • Page 335 [PE1-vpn-instance-vpn1] quit [PE1] mpls ldp vpn-instance vpn1 [PE1-mpls-ldp-vpn-instance-vpn1] quit [PE1] isis 2 vpn-instance vpn1 [PE1-isis-2] network-entity 10.0000.0000.0000.0003.00 [PE1-isis-2] import-route bgp allow-ibgp [PE1-isis-2] quit [PE1] interface vlan-interface 11 [PE1-Vlan-interface11] ip binding vpn-instance vpn1 [PE1-Vlan-interface11] ip address 11.1.1.2 24 [PE1-Vlan-interface11] isis enable 2 [PE1-Vlan-interface11] mpls [PE1-Vlan-interface11] mpls ldp [PE1-Vlan-interface11] mpls ldp transport-address interface...
  • Page 336 [PE3-Vlan-interface11] ip binding vpn-instance vpn1 [PE3-Vlan-interface11] ip address 100.1.1.2 24 [PE3-Vlan-interface11] quit [PE3] bgp 100 [PE3-bgp] ipv4-family vpn-instance vpn1 [PE3-bgp-vpn1] peer 100.1.1.1 as-number 65410 [PE3-bgp-vpn1] import-route direct [PE3-bgp-vpn1] quit [PE3-bgp] quit # Configure PE 4 and CE 4 in the same way that PE 3 and CE 3 are configured. (Details not shown.) Configure MP-IBGP peer relationship between the PEs of the customer carrier to exchange the end customers' VPN routes:...
  • Page 337 11.1.1.1/32 Direct 0 127.0.0.1 InLoop0 11.1.1.2/32 Direct 0 11.1.1.2 Vlan11 20.1.1.0/24 4.4.4.9 NULL0 21.1.1.0/24 4.4.4.9 NULL0 21.1.1.2/32 4.4.4.9 NULL0 # Verify that the public network routing table contains the internal routes of the customer carrier network, but does not contain the VPN routes that the customer carrier maintains on CEs, for example, on CE 1.

  • Page 338: Configuring Nested Vpn

    Routing Tables: vpn1 Destinations : 3 Routes : 3 Destination/Mask Proto Cost NextHop Interface 100.1.1.0/24 Direct 0 100.1.1.2 Vlan11 100.1.1.2/32 Direct 0 127.0.0.1 InLoop0 120.1.1.0/24 6.6.6.9 NULL0 # Verify that PE 3 and PE 4 can ping each other. [PE3] ping 20.1.1.2 PING 20.1.1.2: 56 data bytes, press CTRL_C to break Reply from 20.1.1.2: bytes=56 Sequence=1 ttl=252 time=127 ms...
  • Page 339 • When receiving a VPNv4 route from a CE (CE 1 or CE 2 in this example), a service provider PE replaces the RD of the VPNv4 route with the RD of the MPLS VPN on the service provider network where the CE resides, adds the export target attribute of the MPLS VPN on the service provider network to the extended community attribute list, and then forwards the VPNv4 route as usual.
  • Page 340 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] isis 1 [PE1-isis-1] network-entity 10.0000.0000.0000.0004.00 [PE1-isis-1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip address 30.1.1.1 24 [PE1-Vlan-interface12] isis enable 1 [PE1-Vlan-interface12] mpls [PE1-Vlan-interface12] mpls ldp [PE1-Vlan-interface12] quit...
  • Page 341 Configure the customer VPN. Use IS-IS as the IGP protocol, and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2: # Configure PE 3. <PE3> system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 1.1.1.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 1.1.1.9 [PE3] mpls...
  • Page 342 # Configure PE 4 and CE 2 in the same way that PE 3 and CE 1 are configured. (Details not shown.) Connect CE 1 and CE 2 to service provider PEs: # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit...
  • Page 343 # Configure PE 3. [PE3] ip vpn-instance SUB_VPN1 [PE3-vpn-instance-SUB_VPN1] route-distinguisher 100:1 [PE3-vpn-instance-SUB_VPN1] vpn-target 2:1 [PE3-vpn-instance-SUB_VPN1] quit [PE3] interface vlan-interface 11 [PE3-Vlan-interface11] ip binding vpn-instance SUB_VPN1 [PE3-Vlan-interface11] ip address 100.1.1.2 24 [PE3-Vlan-interface11] quit [PE3] ip vpn-instance SUB_VPN2 [PE3-vpn-instance-SUB_VPN2] route-distinguisher 101:1 [PE3-vpn-instance-SUB_VPN2] vpn-target 2:2 [PE3-vpn-instance-SUB_VPN2] quit [PE3] interface vlan-interface 13 [PE3-Vlan-interface13] ip binding vpn-instance SUB_VPN2...
  • Page 344 [CE1-bgp] quit # Configure PE 2 and CE 2 in the same way that PE 1 and CE 1 are configured. (Details not shown.) Establish MP-IBGP peer relationship between sub-VPN PEs and CEs of the customer VPN to exchange VPNv4 routes of sub-VPNs: # Configure PE 3.
  • Page 345 Destination/Mask Proto Cost NextHop Interface 11.1.1.0/24 Direct 0 11.1.1.1 Vlan11 11.1.1.1/32 Direct 0 127.0.0.1 InLoop0 11.1.1.2/32 Direct 0 11.1.1.2 Vlan11 100.1.1.0/24 11.1.1.1 NULL0 110.1.1.0/24 11.1.1.1 NULL0 120.1.1.0/24 4.4.4.9 NULL0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 130.1.1.0/24 4.4.4.9 NULL0 # Verify that the VPNv4 routing tables on the customer VPN contain internal sub-VPN routes on...
  • Page 346 * > 130.1.1.0/24 11.1.1.2 1027/1028 # Verify that the VPN routing tables contain routes sent by the provider PE to user sub-VPN on PEs, for example, on PE 3. [PE3] display ip routing-table vpn-instance SUB_VPN1 Routing Tables: SUB_VPN1 Destinations : 5 Routes : 5 Destination/Mask Proto...

  • Page 347: Configuring Hovpn

    Reply from 120.1.1.1: bytes=56 Sequence=2 ttl=252 time=69 ms Reply from 120.1.1.1: bytes=56 Sequence=3 ttl=252 time=105 ms Reply from 120.1.1.1: bytes=56 Sequence=4 ttl=252 time=88 ms Reply from 120.1.1.1: bytes=56 Sequence=5 ttl=252 time=87 ms --- 120.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 69/90/105 ms...
  • Page 348 • SPEs advertise routes permitted by the routing policies to UPEs, permitting CE 1 and CE 3 in VPN 1 to communicate with each other and forbidding CE 2 and CE 4 in VPN 2 to communicate with each other. Figure 87 Network diagram Device Interface...
  • Page 349 [UPE1] ospf [UPE1-ospf-1] area 0 [UPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [UPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [UPE1-ospf-1-area-0.0.0.0] quit [UPE1-ospf-1] quit # Configure VPN instances vpn1 and vpn2, allowing CE 1 and CE 2 to access UPE 1. [UPE1] ip vpn-instance vpn1 [UPE1-vpn-instance-vpn1] route-distinguisher 100:1 [UPE1-vpn-instance-vpn1] vpn-target 100:1 both [UPE1-vpn-instance-vpn1] quit [UPE1] ip vpn-instance vpn2...
  • Page 350 Configure CE 2. <CE2> system-view [CE2] interface vlan-interface 13 [CE2-Vlan-interface13] ip address 10.4.1.1 255.255.255.0 [CE2-Vlan-interface13] quit [CE2] bgp 65420 [CE2-bgp] peer 10.4.1.2 as-number 100 [CE2-bgp] import-route direct [CE2] quit Configure UPE 2: # Configure basic MPLS and MPLS LDP to establish LDP LSPs. <UPE2>...
  • Page 351 [UPE2-Vlan-interface13] quit # Configure UPE 2 to establish MP-IBGP peer relationship with SPE 2 and to inject VPN routes. [UPE2] bgp 100 [UPE2-bgp] peer 3.3.3.9 as-number 100 [UPE2-bgp] peer 3.3.3.9 connect-interface loopback 0 [UPE2-bgp] ipv4-family vpnv4 [UPE2-bgp-af-vpnv4] peer 3.3.3.9 enable [UPE2-bgp-af-vpnv4] quit [UPE2-bgp] ipv4-family vpn-instance vpn1 [UPE2-bgp-vpn1] peer 10.1.1.1 as-number 65430...
  • Page 352 [SPE1-Vlan-interface11] mpls [SPE1-Vlan-interface11] mpls ldp [SPE1-Vlan-interface11] quit [SPE1] interface vlan-interface 12 [SPE1-Vlan-interface12] ip address 180.1.1.1 24 [SPE1-Vlan-interface12] mpls [SPE1-Vlan-interface12] mpls ldp [SPE1-Vlan-interface12] quit # Configure the IGP protocol, OSPF, for example. [SPE1] ospf [SPE1-ospf-1] area 0 [SPE1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [SPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.0] quit...
  • Page 353 [SPE1-route-policy] quit [SPE1] bgp 100 [SPE1-bgp] ipv4-family vpnv4 [SPE1-bgp-af-vpnv4] peer 1.1.1.9 upe route-policy hope export Configure SPE 2: # Configure basic MPLS and MPLS LDP to establish LDP LSPs. <SPE2> system-view [SPE2] interface loopback 0 [SPE2-LoopBack0] ip address 3.3.3.9 32 [SPE2-LoopBack0] quit [SPE2] mpls lsr-id 3.3.3.9 [SPE2] mpls...

  • Page 354: Configuring Ospf Sham Links

    [SPE2-bgp] peer 2.2.2.9 as-number 100 [SPE2-bgp] peer 2.2.2.9 connect-interface loopback 0 [SPE2-bgp] ipv4-family vpnv4 [SPE2-bgp-af-vpnv4] peer 2.2.2.9 enable [SPE2-bgp-af-vpnv4] peer 4.4.4.9 enable [SPE2-bgp-af-vpnv4] peer 4.4.4.9 upe [SPE2-bgp-af-vpnv4] quit [SPE2-bgp]ipv4-family vpn-instance vpn1 [SPE2-bgp-vpn1] quit [SPE2-bgp]ipv4-family vpn-instance vpn2 [SPE2-bgp-vpn2] quit [SPE2-bgp] quit # Configure SPE 2 to advertise to UPE 2 the routes permitted by a routing policy, that is, the routes of CE 1.
  • Page 355 Vlan-int13 20.1.1.1/24 Vlan-int12 30.1.1.2/24 PE 1 Loop0 1.1.1.9/32 PE 2 Loop0 2.2.2.9/32 Loop1 3.3.3.3/32 Loop1 5.5.5.5/32 Vlan-int11 100.1.1.2/24 Vlan-int11 120.1.1.2/24 Vlan-int12 10.1.1.1/24 Vlan-int12 10.1.1.2/24 Switch A Vlan-int11 20.1.1.2/24 Vlan-int12 30.1.1.1/24 Configuration procedure Configure OSPF on the customer networks: Configure conventional OSPF on CE 1, Switch A, and CE 2 to advertise subnet addresses of the interfaces as shown in Figure 88.
  • Page 356 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 2.2.2.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # Configure OSPF on PE 1. [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure basic MPLS and MPLS LDP on PE 2 to establish LDP LSPs. <PE2>...
  • Page 357 [PE1-Vlan-interface11] ip binding vpn-instance vpn1 [PE1-Vlan-interface11] ip address 100.1.1.2 24 [PE1-Vlan-interface11] quit [PE1] ospf 100 vpn-instance vpn1 [PE1-ospf-100] domain-id 10 [PE1-ospf-100] area 1 [PE1-ospf-100-area-0.0.0.1] network 100.1.1.0 0.0.0.255 [PE1-ospf-100-area-0.0.0.1] quit [PE1-ospf-100] quit [PE2] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import-route ospf 100 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] quit...
  • Page 358 Configure a sham link: # Configure PE 1. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ip address 3.3.3.3 32 [PE1-LoopBack1] quit [PE1] ospf 100 [PE1-ospf-100] area 1 [PE1-ospf-100-area-0.0.0.1] sham-link 3.3.3.3 5.5.5.5 cost 10 [PE1-ospf-100-area-0.0.0.1] quit [PE1-ospf-100] quit # Configure PE 2.

  • Page 359: Configuring Bgp As Number Substitution

    127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Execute the display ospf sham-link command on the PEs to verify that a sham link has been established, for example, on PE 1. [PE1] display ospf sham-link OSPF Process 100 with Router ID 100.1.1.2 Sham Link: Area NeighborId...
  • Page 360 Vlan-int11 10.1.1.2/24 PE 2 Loop0 3.3.3.9/32 Vlan-int12 20.1.1.1/24 Vlan-int11 30.1.1.2/24 CE 2 Vlan-int12 10.2.1.1/24 Vlan-int12 10.2.1.2/24 Vlan-int13 200.1.1.1/24 Configuration procedure Configuring basic MPLS L3VPN: Configure OSPF on the MPLS backbone to allow the PEs and P device to learn the routes of the loopback interfaces from each other.
  • Page 361 <PE2> terminal monitor <PE2> terminal debugging <PE2> debugging bgp update vpn-instance vpn1 verbose <PE2> refresh bgp vpn-instance vpn1 all export *0.4402392 PE2 RM/7/RMDEBUG: BGP.vpn1: Send UPDATE to 10.2.1.1 for following destinations : Origin : Incomplete AS Path : 100 600 Next Hop : 10.2.1.2 100.1.1.1/32,...

  • Page 362: Configuring Bgp As Number Substitution And Soo

    *> 10.1.1.1/32 10.2.1.2 100? 10.2.1.0/24 10.2.1.2 100? 10.2.1.1/32 10.2.1.2 100? *> 100.1.1.1/32 10.2.1.2 100 100? <CE2> display ip routing-table Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Cost NextHop Interface 10.1.1.0/24 10.2.1.2 Vlan12 10.1.1.1/32 10.2.1.2 Vlan12 10.2.1.0/24 Direct 0 10.2.1.1 Vlan12...
  • Page 363 Figure 90 Network diagram CE 1 Loop0 Vlan-int2 MPLS backbone Vlan-int2 AS 100 Loop0 Vlan-int3 Loop0 Loop0 Vlan-int3 PE 1 Vlan-int4 VPN 1 Vlan-int6 AS 600 Vlan-int6 Vlan-int7 PE 2 Vlan-int4 Vlan-int5 PE 3 CE 3 Loop0 Vlan-int5 Vlan-int7 Loop0 Vlan-int2 CE 2 VPN 1...
  • Page 364 Total Number of Routes: 8 BGP Local router ID is 10.2.1.1 Status codes: * - valid, ^ - VPN best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...
  • Page 365 10.3.1.0/24 10.2.1.2 Vlan2 10.3.1.1/32 10.2.1.2 Vlan2 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 200.1.1.1/32 10.2.1.2 Vlan2...

  • Page 366: Configuring Ipv6 Mpls L3Vpn

    This chapter describes how to configure IPv6 MPLS L3VPN. Hardware compatibility The HPE 5820X Switch Series does not support IPv6 MPLS L3VPN. Overview MPLS L3VPN applies to the IPv4 environment. It uses BGP to advertise IPv4 VPN routes and uses MPLS to forward IPv4 VPN packets on the service provider backbone.

  • Page 367: Ipv6 Mpls L3Vpn Packet Forwarding

    IPv6 MPLS L3VPN packet forwarding Figure 92 IPv6 MPLS L3VPN packet forwarding diagram As shown in Figure 92, the IPv6 MPLS L3VPN packet forwarding procedure is as follows: The PC at Site 1 sends an IPv6 packet destined for 2001:2::1, the PC at Site 2. CE 1 transmits the packet to PE 1.

  • Page 368: Ipv6 Mpls L3Vpn Network Schemes And Functions

    Routing information exchange from the egress PE to the remote CE The exchange of routing information between the egress PE and the remote CE is the same as that between the local CE and the ingress PE. IPv6 MPLS L3VPN network schemes and functions IPv6 MPLS L3VPN supports the following network schemes and functions: •...

  • Page 369: Configuring Vpn Instances

    • Configure MPLS LDP on PEs and Ps to establish LDP LSPs. Configuring VPN instances By configuring VPN instances on a PE, you isolate not only VPN routes from public network routes, but also routes of a VPN from those of another VPN. This feature allows VPN instances to be used in network scenarios besides MPLS L3VPNs.
  • Page 370 • When a VPN route learned from a CE gets redistributed into BGP, BGP associates it with a route target extended community attribute list, which is usually the export target attribute of the VPN instance associated with the CE. • The VPN instance determines which routes it can accept and redistribute according to the import-extcommunity in the route target.
  • Page 371 With the tunnel select-seq command, you can specify the tunnel selection preference order and the number of tunnels for load balancing. With the preferred-path command, you can configure preferred tunnels that each correspond to a tunnel interface. After a tunneling policy is applied on a PE, the PE selects tunnels in this order: •...

  • Page 372: Configuring Routing Between Pe And Ce

    Step Command Remarks Optional. By default, only one tunnel is selected (no load balancing) in this order: LSP tunnel, CR-LSP tunnel. NOTE: • A tunnel type closer to the select-seq keyword has a higher priority. For example, with the tunnel Specify the tunnel selection preference tunnel select-seq { cr-lsp |...
  • Page 373 Step Command Remarks Enter system view. system-view • ipv6 route-static ipv6-address prefix-length { interface-type interface-number Use either command [ next-hop-address ] | next-hop-address | as needed. vpn-instance d-vpn-instance-name Perform this nexthop-address } [ preference configuration on PEs. preference-value ] [ tag tag-value ] On CEs, configure [ description description-text ] Configure an IPv6 static...
  • Page 374 Step Command Remarks interface interface-type Enter interface view. interface-number By default, OSPFv3 is disabled on an interface. Enable OSPFv3 on the ospfv3 process-id area area-id interface. [ instance instance-id ] Perform this configuration on PEs. Configuring IPv6 IS-IS between PE and CE An IPv6 IS-IS process belongs to the public network or a single VPN instance.

  • Page 375: Configuring Routing Between Pes

    Step Command Remarks filter-policy { acl6-number | Optional. Configure a filtering policy to ipv6-prefix ipv6-prefix-name } filter the routes to be By default, BGP does not filter export [ direct | isisv6 process-id advertised. routes to be advertised. | ripng process-id | static ] Optional.

  • Page 376: Configuring Routing Features For The Bgp-Vpnv6 Subaddress Family

    Step Command Remarks Enable the exchange of BGP-VPNv6 routing By default, BGP peers exchange peer ip-address enable information with the only IPv4 routing information. specified peer. Configuring routing features for the BGP-VPNv6 subaddress family A variety of routing features for the BGP-VPNv6 subaddress family are the same as those for BGP IPv6 unicast routing.

  • Page 377: Configuring Inter-As Ipv6 Vpn

    Step Command Remarks Optional. 14. Configure BGP updates to the peer to not carry private peer ip-address public-as-only By default, a BGP update carries AS numbers. private AS numbers. Optional. peer ip-address route-policy 15. Apply a routing policy for the route-policy-name { export | By default, no routing policy is peer.

  • Page 378: Configuring Inter-As Ipv6 Vpn Option A

    The following sections describe inter-AS IPv6 VPN option A and option C. Select one according to your network scenario. Configuring inter-AS IPv6 VPN option A Inter-AS IPv6 VPN option A applies to scenarios where the number of VPNs and that of VPN routes on the PEs are relatively small.

  • Page 379: Resetting Ipv6 Bgp Connections

    Configuring the ASBR PEs In the inter-AS IPv6 VPN option C solution, an inter-AS LSP is required, and the routes advertised between the relevant PEs and ASBRs must carry MPLS label information. The configuration is the same as that in the Inter-AS IPv4 VPN option C solution. For more information, see "Configuring MPLS L3VPN."...

  • Page 380: Ipv6 Mpls L3Vpn Configuration Examples

    Task Command Remarks display ipv6 fib vpn-instance Display information about the vpn-instance-name [ acl6 acl6-number | Available in any view. IPv6 FIB of a VPN instance. ipv6-prefix ipv6-prefix-name ] [ | { begin | exclude | include } regular-expression ] display ipv6 fib vpn-instance Display a VPN instance's FIB vpn-instance-name ipv6-address...
  • Page 381 Figure 93 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan-int11 2001:1::1/96 Loop0 2.2.2.9/32 PE 1 Loop0 1.1.1.9/32 Vlan-int12 172.2.1.1/24 Vlan-int11 2001:1::2/96 Vlan-int13 172.1.1.2/24 Vlan-int13 172.1.1.1/24 PE 2 Loop0 3.3.3.9/32 Vlan-int12 2001:2::2/96 Vlan-int12 172.2.1.2/24 CE 2 Vlan-int12 2001:2::1/96 Vlan-int11...
  • Page 382 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface vlan-interface 13 [P-Vlan-interface13] ip address 172.1.1.2 24 [P- Vlan-interface13] quit [P] interface vlan-interface 12 [P-Vlan-interface12] ip address 172.2.1.1 24 [P-Vlan-interface12] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit...
  • Page 383 Area 0.0.0.0 interface 172.1.1.1(Vlan-interface13)'s neighbors Router ID: 172.1.1.2 Address: 172.1.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: None BDR: None MTU: 1500 Dead timer due in 38 Neighbor is up for 00:02:44 Authentication Sequence: [ 0 ] Neighbor state change count: 5 Configure basic MPLS and enable MPLS LDP on the MPLS backbone to establish LDP LSPs: # Configure PE 1.
  • Page 384 ---------------------------------------------------------------- Peer-ID Status SsnRole KA-Sent/Rcv --------------------------------------------------------------- 2.2.2.9:0 Operational Passive --------------------------------------------------------------- LAM : Label Advertisement Mode : Fault Tolerance # On PE 1, verify that the LSPs have been established by LDP. [PE1] display mpls ldp lsp LDP LSP Information ------------------------------------------------------------------ DestAddress/Mask In/OutLabel Next-Hop...
  • Page 385 [PE2-Vlan-interface11] quit [PE2] interface vlan-interface 13 [PE2-Vlan-interface13] ip binding vpn-instance vpn2 [PE2-Vlan-interface13] ipv6 address 2001:4::2 96 [PE2-Vlan-interface13] quit # Configure IP addresses for the CEs according to Figure 93. (Details not shown.) # Execute the display ip vpn-instance command on the PEs to display the configuration of the VPN instance, for example, on PE 1.
  • Page 386 [PE1-bgp-ipv6-vpn1] import-route direct [PE1-bgp-ipv6-vpn1] quit [PE1-bgp] ipv6-family vpn-instance vpn2 [PE1-bgp-ipv6-vpn2] peer 2001:2::1 as-number 65420 [PE1-bgp-ipv6-vpn2] import-route direct [PE1-bgp-ipv6-vpn2] quit [PE1-bgp] quit # Configure PE 2 in the same way that PE 1 is configured. (Details not shown.) # Execute the display bgp vpnv6 vpn-instance peer command on the PEs. This example uses PE 1 to verify that a BGP peer relationship in Established state has been established between a PE and a CE.
  • Page 387 Destinations : 3 Routes : 3 Destination: 2001:1::/96 Protocol : Direct NextHop : 2001:1::2 Preference: 0 Interface : Vlan11 Cost Destination: 2001:1::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2001:2::/96 Protocol : BGP4+ NextHop : ::FFFF:303:309 Preference: 0 Interface...

  • Page 388: Configuring Inter-As Ipv6 Vpn Option A

    PING 2001:4::1 : 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 2001:4::1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss round-trip min/avg/max = 0/0/0 ms Configuring inter-AS IPv6 VPN option A Network requirements CE 1 and CE 2 belong to the same VPN.
  • Page 389 Configuration procedure Configure an IGP on each MPLS backbone to ensure IP connectivity within the backbone. This example uses OSPF. (Details not shown.) Be sure to advertise the 32-bit loopback interface address of each router through OSPF. The loopback interface address of a switch is to be used as the switch's LSR ID. # Execute the display ospf peer command to verify that each ASBR PE has established an OSPF adjacency in Full state with the PE in the same AS, and that PEs and ASBR PEs in the same AS can learn the routes to the loopback interfaces of each other.
  • Page 390 # Configure basic MPLS on PE 2, and enable MPLS LDP for PE 2 for the interface connected to ASBR-PE 2. <PE2> system-view [PE2] mpls lsr-id 4.4.4.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface vlan-interface 11 [PE2-Vlan-interface11] mpls [PE2-Vlan-interface11] mpls ldp [PE2-Vlan-interface11] quit...
  • Page 391 [ASBR-PE1-vpn-instance-vpn1] route-distinguisher 100:2 [ASBR-PE1-vpn-instance-vpn1] vpn-target 100:1 both [ASBR-PE1-vpn-instance-vpn1] quit [ASBR-PE1] interface vlan-interface 12 [ASBR-PE1-Vlan-interface12] ip binding vpn-instance vpn1 [ASBR-PE1-Vlan-interface12] ip address 192.1.1.1 24 [ASBR-PE1-Vlan-interface12] quit # On ASBR-PE 2, create a VPN instance, and bind the VPN instance to the interface connected to ASBR-PE 1.

  • Page 392: Configuring Inter-As Ipv6 Vpn Option C

    Establish IBGP peer relationship between each PE and the ASBR-PE in the same AS and EBGP peer relationship between the ASBR PEs: # Configure PE 1. [PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 as-number 100 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE1-bgp] ipv6-family vpnv6 [PE1-bgp-af-vpnv6] peer 2.2.2.9 enable [PE1-bgp-af-vpnv6] quit...
  • Page 393 PE 1 and ASBR-PE 1 exchange labeled IPv4 routes by MP-IBGP. PE 2 and ASBR-PE 2 exchange labeled IPv4 routes by MP-IBGP. PE 1 and PE 2 are MP-EBGP peers. ASBR-PE 1 and ASBR-PE 2 use their respective routing policies and label the routes received from each other.
  • Page 394 [PE1-Vlan-interface11] quit # Configure interface Loopback 0 and start IS-IS on it. [PE1] interface loopback 0 [PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and route target attributes for it. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity...
  • Page 395 [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit # Configure interface VLAN-interface 11, and start IS-IS and enable MPLS and LDP on the interface. [ASBR-PE1] interface vlan-interface 11 [ASBR-PE1-Vlan-interface11] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-Vlan-interface11] isis enable 1 [ASBR-PE1-Vlan-interface11] mpls [ASBR-PE1-Vlan-interface11] mpls ldp [ASBR-PE1-Vlan-interface11] quit # Configure interface VLAN-interface 12 and enable MPLS on it.
  • Page 396 <ASBR-PE2> system-view [ASBR-PE2] isis 1 [ASBR-PE2-isis-1] network-entity 10.333.333.333.333.00 [ASBR-PE2-isis-1] quit # Configure an LSR ID, enable MPLS and LDP. [ASBR-PE2] mpls lsr-id 4.4.4.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] label advertise non-null [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit # Configure interface VLAN-interface 11, start IS-IS and enable MPLS and LDP on the interface.
  • Page 397 [ASBR-PE2-bgp] peer 11.0.0.2 as-number 100 [ASBR-PE2-bgp] peer 11.0.0.2 route-policy policy1 export # Configure the capability to advertise labeled routes to and receive labeled routes from EBGP peer 11.0.0.2. [ASBR-PE2-bgp] peer 11.0.0.2 label-route-capability [ASBR-PE2-bgp] quit Configure PE 2: # Start IS-IS on PE 2. <PE2>...
  • Page 398 [PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE2-bgp] peer 4.4.4.9 label-route-capability # Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10. [PE2-bgp] peer 2.2.2.9 as-number 100 [PE2-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE2-bgp] peer 2.2.2.9 ebgp-max-hop 10 # Configure peer 2.2.2.9 as a VPNv6 peer.

  • Page 399: Configuring Carrier's Carrier

    5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms Configuring carrier's carrier Network requirements Configure carrier's carrier for the scenario shown in Figure 96. In this scenario: • PE 1 and PE 2 are the provider carrier's PE switches. They provide VPN services for the customer carrier.
  • Page 400 Vlan-int11 11.1.1.2/24 Vlan-int12 30.1.1.2/24 Vlan-int12 30.1.1.1/24 Vlan-int11 21.1.1.1/24 Configuration procedure Configure MPLS L3VPN on the provider carrier backbone. Start IS-IS as the IGP, enable LDP on PE 1 and PE 2, and establish MP-IBGP peer relationship between the PEs: # Configure PE 1. <PE1>...
  • Page 401 [PE1] display bgp peer BGP local router ID : 3.3.3.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer MsgRcvd MsgSent OutQ PrefRcv Up/Down State 4.4.4.9 02:12:47 Established # On PE 1, verify that the IS-IS neighbor relationship has been established. [PE1] display isis peer Peer information for ISIS(1) ----------------------------...
  • Page 402 [CE1-isis-2] network-entity 10.0000.0000.0000.0002.00 [CE1-isis-2] quit [CE1] interface loopback 0 [CE1-LoopBack0] isis enable 2 [CE1-LoopBack0] quit [CE1] interface vlan-interface 12 [CE1-Vlan-interface12] ip address 10.1.1.2 24 [CE1-Vlan-interface12] isis enable 2 [CE1-Vlan-interface12] mpls [CE1-Vlan-interface12] mpls ldp [CE1-Vlan-interface12] mpls ldp transport-address interface [CE1-Vlan-interface12] quit PE 3 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them.
  • Page 403 PE 1 and CE 1 can establish the LDP session and IS-IS neighbor relationship between them. # Configure PE 2 and CE 2 in the same way that PE 1 and CE 1 are configured. (Details not shown.) Connect end customers to the customer carrier: # Configure CE 3.
  • Page 404 Destination/Mask Proto Cost NextHop Interface 3.3.3.9/32 Direct 0 127.0.0.1 InLoop0 4.4.4.9/32 ISIS 30.1.1.2 Vlan12 30.1.1.0/24 Direct 0 30.1.1.1 Vlan12 30.1.1.1/32 Direct 0 127.0.0.1 InLoop0 30.1.1.2/32 Direct 0 30.1.1.2 Vlan12 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Verify that the VPN routing tables contain the internal routes of the customer carrier network on PEs.
  • Page 405 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Verify that the public network routing table contains the internal routes of the customer carrier network on PEs, for example, on PE 3. [PE3] display ip routing-table Routing Tables: Public Destinations : 11 Routes : 11 Destination/Mask Proto Cost...
  • Page 406 --- 2001:2::1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms...

  • Page 407: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Bold text represents commands and keywords that you enter literally as shown. Boldface Italic text represents arguments that you replace with actual values.

  • Page 408: Network Topology Icons

    Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 409: Support And Other Resources

    Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...

  • Page 410: Websites

    Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title, part number, edition, and publication date located on the front cover of the document. For online help...

  • Page 411: Index

    Index A B C D E H I M N O R T V Configuring VPLS instance attributes,182 Configuring VPN instances,35 Accessing Hewlett Packard Enterprise Support,401 Configuring VPN instances,8 Accessing updates,401 Conventions,399 Creating a bidirectional MPLS TE tunnel,115 Creating an MPLS TE tunnel over a static Binding a service instance to a VPLS instance,179 CR-LSP,100...
  • Page 412 MPLS L2VPN configuration examples,224 MPLS L2VPN configuration task list,211 Resetting BGP connections,18 MPLS L2VPN overview,203 Resetting BGP connections,282 MPLS L3VPN configuration examples,285 Resetting IPv6 BGP connections,44 MPLS L3VPN configuration task list,261 Resetting IPv6 BGP connections,371 MPLS L3VPN overview,242 MPLS overview,51 Troubleshooting MPLS L2VPN,241 MPLS TE configuration task...

This manual is also suitable for:

5800 series

Table of Contents