Download Print this page
   
1
2
Table of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402

Advertisement

HP 12500 Routing Switch Series
MPLS
Part number: 5998-2826
Software version: A12500-CMW520-R1726
Document version: 6W170-20111130

Advertisement

Troubleshooting

   Related Manuals for HP 12500 Series

   Summary of Contents for HP 12500 Series

  • Page 1: Configuration Guide

    HP 12500 Routing Switch Series MPLS Configuration Guide Part number: 5998-2826 Software version: A12500-CMW520-R1726 Document version: 6W170-20111130...

  • Page 2

    The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents Configuring basic MPLS ·············································································································································· 1   MPLS overview ·································································································································································· 1   Basic concepts ·························································································································································· 1   MPLS network structure ············································································································································ 3   LSP establishment and label distribution ················································································································ 3   MPLS forwarding ······················································································································································ 6   LDP ············································································································································································· 8   Protocols ····································································································································································...

  • Page 4: Table Of Contents

    Configuring MPLS TE ················································································································································· 41   MPLS TE overview ·························································································································································· 41   Traffic engineering and MPLS TE ························································································································· 41   Basic concepts ······················································································································································· 42   MPLS TE implementation ······································································································································· 42   CR-LSP ····································································································································································· 43   RSVP-TE ··································································································································································· 44   Traffic forwarding ·················································································································································· 48  ...

  • Page 5: Table Of Contents

    MPLS TE using RSVP-TE configuration example ································································································· 86   Configuration example of inter-AS MPLS TE tunnel using RSVP-TE ·································································· 92   RSVP-TE GR configuration example ····················································································································· 98   MPLS RSVP-TE and BFD cooperation configuration example ········································································· 101   CR-LSP backup configuration example ············································································································· 103  ...

  • Page 6: Table Of Contents

    Configuring MPLS L2VPN ··········································································································································· 175   Configuring a PE-CE interface of a PE ······················································································································· 176   Configuring Ethernet encapsulation for the interface ······················································································ 176   Configuring VLAN encapsulation for the interface ·························································································· 176   Configuring Martini MPLS L2VPN ······························································································································ 176  ...

  • Page 7: Table Of Contents

    Redistributing the loopback interface route and OSPF routes into BGP ························································ 234   Creating a sham link ··········································································································································· 235   Configuring routing on an MCE ································································································································· 235   Configuration prerequisites ································································································································ 235   Configuring routing between MCE and VPN site ···························································································· 236  ...

  • Page 8: Table Of Contents

    Configuring IPv6 MPLS L3VPNs ························································································································· 359   Configuring inter-AS IPv6 VPN option A ·········································································································· 367   Configuring inter-AS IPv6 VPN option C ·········································································································· 372   Configuring carrier’s carrier ······························································································································ 379   Configuring MCE ················································································································································ 386   Index ········································································································································································ 393  ...

  • Page 9: Mpls Overview

    Configuring basic MPLS NOTE: For more information about VPN, see the chapters “Configuring MPLS L2VPN” and “Configuring MPLS • L3VPN.” For more information about MPLS TE, see the chapter “Configuring MPLS TE.” • • The switch operates in IRF or standalone (the default) mode. For more information about IRF, see Configuration Guide router The term...

  • Page 10

    Figure 1 Format of a label 22 23 Label Layer 2 header Label Layer 3 header Layer 3 data As shown in Figure 1, a label is encapsulated between the Layer 2 header and Layer 3 header of a packet. A label is four bytes in length and consists of four fields: Label—20 bits in length.

  • Page 11: Mpls Network Structure

    MPLS network structure Figure 3 Diagram for the MPLS network structure As shown in Figure 3, LSRs in the same routing or administrative domain form an MPLS domain. An MPLS domain consists of the following types of LSRs: • Ingress LSRs receive and label packets coming into the MPLS domain. Transit LSRs forward packets along LSPs to their egress LERs according to the labels.

  • Page 12

    As shown in Figure 4, a dynamic LSP is established in the following procedure: A downstream LSR classifies FECs according to destination addresses. It assigns a label to a FEC, and distributes the FEC-label binding to its upstream LSR, which then establishes an LFIB entry for the FEC according to the binding information.

  • Page 13

    Figure 5 shows the two label advertisement modes, DU and DoD. In DU mode, an LSR assigns a label to a FEC and then distributes the FEC-label binding to its upstream LSR unsolicitedly. In DoD mode, an LSR assigns a label to a FEC and distributes the FEC-label binding to its upstream LSR only when it receives a label request from the upstream LSR.

  • Page 14: Mpls Forwarding

    Label retention modes include liberal and conservative. In liberal mode, an LSR keeps any received label binding regardless of whether the binding is from the next hop for the FEC or not. This allows for quicker adaptation to route changes but will waste label resources because LSRs keep extra labels.

  • Page 15

    MPLS data forwarding Figure 7 MPLS forwarding process diagram As shown in Figure 7, in an MPLS domain, a packet is forwarded in the following procedure: Router B (the ingress LSR) receives a packet carrying no label. It determines the FEC of the packet according to the destination address, and searches the FIB table for the Token value.

  • Page 16

    IPv4 explicit null label 0: The egress assigns an IPv4 explicit null label to a FEC and advertises the • FEC-label binding to the upstream LSR. When forwarding an MPLS packet, the upstream LSR replaces the label at the stack top with the explicit null label and then sends the packet to the egress. When the egress receives the packet, which carries a label of 0, it does not look up for the LFIB entry but pops the label stack directly and performs IPv4 forwarding.

  • Page 17: Protocols

    Initialize negotiation of session parameters such as the LDP version, label advertisement mode, and Keepalive interval. After establishing a session between them, the two LDP peers send Hello messages and Keepalive messages to maintain the session. LSP establishment and maintenance LDP sends label requests and label binding messages between LDP peers to establish LSPs.

  • Page 18: Enabling The Mpls Function

    Task Remarks Configuring PHP Optional Configuring the policy for triggering Optional LSP establishment Configuring the label distribution Optional control mode Configuring LDP loop detection Optional Configuring LDP MD5 authentication Optional Configuring LDP label filtering Optional Configuring BFD for MPLS LDP Optional Maintaining LDP sessions Resetting LDP sessions...

  • Page 19: Configuration Procedure

    Not enabled by default NOTE: An MPLS LSR ID is in the format of an IP address and must be unique within an MPLS domain. HP recommends using the IP address of a loopback interface on an LSR as the MPLS LSR ID.

  • Page 20: Configuring Mpls Ldp Capability

    To do… Use the command… Remarks static-lsp transit lsp-name incoming-interface interface-type interface-number in-label in-label Configure a static LSP taking the { nexthop next-hop-addr | Required current LSR as a transit LSR outgoing-interface interface-type interface-number } out-label out-label static-lsp egress lsp-name Configure a static LSP taking the incoming-interface interface-type Required...

  • Page 21: Configuring Local Ldp Session Parameters, Configuring Remote Ldp Session Parameters

    NOTE: Disabling LDP on an interface terminates all LDP sessions on the interface. As a result, all LSPs using the • sessions will be deleted. Usually, configuring the LDP LSR ID is not required, as it defaults to the MPLS LSR ID. In some •...

  • Page 22: Configuring Php

    To configure remote LDP session parameters: To do… Use the command… Remarks Enter system view system-view — Create a remote peer entity and mpls ldp remote-peer Required enter MPLS LDP remote peer view remote-peer-name Configure the remote peer IP remote-ip ip-address Required address Optional...

  • Page 23: Configuring The Policy For Triggering Lsp Establishment

    When working as the egress, the switch does not support distributing a normal label to the penultimate • hop (that is, it does not support the non-null type). HP recommends using a device that supports PHP as the penultimate hop.

  • Page 24: Configuring The Label Distribution Control Mode, Configuring Ldp Loop Detection

    Configuring the label distribution control mode With the label re-advertisement function enabled, an LSR periodically looks for FECs not assigned with labels, assigns labels to them if any, and advertises the label-FEC bindings. You can set the label re-advertisement interval as needed. To configure the LDP label distribution control mode: To do…...

  • Page 25: Configuring Ldp Md5 Authentication

    • LDP loop detection may result in LSP update, which will generate redundant information and consume many system resources. HP recommends configuring the routing protocol’s loop detection mechanism. Configuring LDP MD5 authentication LDP sessions are established based on TCP connections. To improve the security of LDP sessions, you can configure MD5 authentication for the underlying TCP connections, so that the TCP connections can be established only if the peers have the same authentication password.

  • Page 26

    Label acceptance control Label acceptance control is for filtering received label bindings. An upstream LSR filters the label bindings received from the specified downstream LSR and accepts only those permitted by the specified prefix list. As shown in Figure 8, upstream device LSR A filters the label bindings received from downstream device LSR B.

  • Page 27: Configuring Bfd For Mpls Ldp

    For two neighboring LSRs, configuring a label acceptance control policy on the upstream LSR and configuring a label advertisement control policy on the downstream LSR can achieve the same effect. To reduce the network load, HP recommends configuring only label advertisement control policies. Maintaining LDP sessions This section describes how to detect communication failures between remote LDP peers and reset LDP sessions.

  • Page 28: Resetting Ldp Sessions

    Resetting LDP sessions If you change LDP session parameters when some LDP sessions are up, the LDP sessions will not be able to function normally. In this case, reset LDP sessions so the LDP peers renegotiate parameters and establish new sessions. Use the following command to reset LDP sessions: To do…...

  • Page 29: Configuring Ttl Processing Mode At Ingress

    NOTE: MPLS packets carrying L2VPN or IPv6 packets are always successfully forwarded, even if they are larger • than the MPLS MTU. If the MPLS MTU of an interface is greater than the MTU of the interface, data forwarding may fail on the •...

  • Page 30: Sending Back Icmp Ttl Exceeded Messages For Mpls Ttl Expired Packets

    Figure 11 Label TTL processing when IP TTL propagation is disabled To configure IP TTL propagation of MPLS: To do… Use the command… Remarks Enter system view system-view — Enter MPLS view mpls — Optional Enable MPLS IP TTL propagation ttl propagate { public | vpn } Enabled for only public network packets by default...

  • Page 31: Configuring Ldp Gr

    is not applicable. In this case, you can configure the undo ttl expiration pop command on these devices so that the devices use the second method. NOTE: For more information about HoVPN and nested VPN, see the chapter “Configuring MPLS L3VPN.” To configure the switch to send back an ICMP TTL exceeded message for a received MPLS TTL expired packet: To do…...

  • Page 32

    Figure 12 LDP GR GR helper GR restarter GR helper GR helper LDP session with GR capability As shown in Figure 12, two LDP peers perform GR negotiation when establishing an LDP session. The LDP session established is GR capable only when both peers support LDP GR. The working procedure of LDP GR is as follows: Whenever restarting, the GR restarter preserves all MPLS forwarding entries, marks them as stale, and starts the MPLS forwarding state holding timer for them.

  • Page 33: Configuring Mpls Statistics Collection And Reading

    Configuring LDP GR To configure LDP GR: To do… Use the command… Remarks Enter system view system-view — Enter MPLS LDP view mpls ldp — Required Enable MPLS LDP GR graceful-restart Disabled by default Optional graceful-restart timer reconnect Set the FT reconnect time timer 300 seconds by default Optional...

  • Page 34: Inspecting Lsps

    Inspecting LSPs In MPLS, the MPLS control plane is responsible for establishing LSPs. However, when an LSP fails to forward data, the control plane cannot detect the LSP failure or cannot do so in time. This makes network maintenance difficult. To find LSP failures in time and locate the failed node, the switch provides the following mechanisms: MPLS LSP ping •...

  • Page 35

    a BFD control packet, forward the BFD control packet along the LSP to the egress, and determine the status of the LSP according to the reply received. Upon detecting an LSP failure, BFD triggers a traffic switchover. A BFD session for LSP connectivity detection can be static or dynamic. Static: If you specify the local and remote discriminator values by using the discriminator keyword •...

  • Page 36: Enabling Mpls Trap

    Configuring periodic LSP tracert The periodic LSP tracert function is for locating faults of an LSP periodically. It detects the consistency of the forwarding plane and control plane and records detection results into logs. You can know whether an LSP has failed by checking the logs. If you configure BFD as well as periodic tracert for an LSP, once the periodic LSP tracert function detects an LSP fault or inconsistency of the forwarding plane and control plane, the BFD session for the LSP will be deleted and a new BFD session will be established according to the control plane.

  • Page 37: Displaying And Maintaining Mpls, Displaying Mpls Operation

    Displaying and maintaining MPLS Displaying MPLS operation To do… Use the command… Remarks display mpls interface Display information about one or [ interface-type interface-number ] Available in any view all interfaces with MPLS enabled [ verbose ] [ | { begin | exclude | include } regular-expression ] display mpls ilm [ label ] Display information about ILM...

  • Page 38: Displaying Mpls Ldp Operation

    To do… Use the command… Remarks display mpls nhlfe [ token ] [ verbose ] [ chassis chassis-number Display information about NHLFE slot slot-number ] [ include text | { | Available in any view entries on the switch in IRF mode { begin | exclude | include } regular-expression } ] display mpls nhlfe reflist token...

  • Page 39: Clearing Mpls Statistics, Mpls Configuration Examples

    To do… Use the command… Remarks display mpls ldp peer [ all [ verbose ] | [ vpn-instance Display information about LDP vpn-instance-name ] [ peer-id | Available in any view peers verbose ] ] [ | { begin | exclude | include } regular-expression ] display mpls ldp remote-peer Display information about remote...

  • Page 40: Configuring Static Lsps

    NOTE: By default, Ethernet interfaces, VLAN interfaces, and aggregate interfaces are in DOWN state. To configure such an interface, first use the undo shutdown command to bring the interface up. Configuring static LSPs Network requirements Switch A, Switch B, and Switch C support MPLS. Establish static LSPs between Switch A and Switch C so that subnets 10.1.1.0/24 and 21.1.1.0/24 can access each other over MPLS.

  • Page 41

    [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] mpls [SwitchA-Vlan-interface2] quit # Configure MPLS on Switch B. [SwitchB] mpls lsr-id 2.2.2.9 [SwitchB] mpls [SwitchB-mpls] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] mpls [SwitchB-Vlan-interface2] quit [SwitchB] interface vlan-interface 3 [SwitchB-Vlan-interface3] mpls [SwitchB-Vlan-interface3] quit # Configure MPLS on Switch C. [SwitchC] mpls lsr-id 3.3.3.9 [SwitchC] mpls [SwitchC-mpls] quit...

  • Page 42: Configuring Ldp To Establish Lsps Dynamically

    # On Switch A, check the connectivity of the LSP from Switch A to Switch C. [SwitchA] ping lsp -a 11.1.1.1 ipv4 21.1.1.0 24 LSP Ping FEC: IPV4 PREFIX 21.1.1.0/24 : 100 data bytes, press CTRL_C to break Reply from 20.1.1.2: bytes=100 Sequence=1 time = 2 ms Reply from 20.1.1.2: bytes=100 Sequence=2 time = 2 ms Reply from 20.1.1.2: bytes=100 Sequence=3 time = 1 ms Reply from 20.1.1.2: bytes=100 Sequence=4 time = 2 ms...

  • Page 43: Configuration Considerations

    Configuration considerations Enable LDP on the LSRs. LDP dynamically distributes labels and establishes LSPs and thus there is no • need to manually configure labels for LSPs. • LDP uses routing information for label distribution. Therefore, you must configure a routing protocol to learn routing information.

  • Page 44

    1.1.1.9/32 Direct 0 127.0.0.1 InLoop0 2.2.2.9/32 OSPF 10.1.1.2 Vlan2 3.3.3.9/32 OSPF 10.1.1.2 Vlan2 10.1.1.0/24 Direct 0 10.1.1.1 Vlan2 10.1.1.1/32 Direct 0 127.0.0.1 InLoop0 11.1.1.0/24 Direct 0 11.1.1.1 Vlan4 11.1.1.1/32 Direct 0 127.0.0.1 InLoop0 20.1.1.0/24 OSPF 10.1.1.2 Vlan2 21.1.1.0/24 OSPF 10.1.1.2 Vlan2 127.0.0.0/8 Direct 0...

  • Page 45

    # After the configurations, two local LDP sessions are established, one between Switch A and Switch B and the other between Switch B and Switch C. Execute the display mpls ldp session command on each switch to view the LDP session information, and execute the display mpls ldp peer command to view the LDP peer information.

  • Page 46: Configuring Bfd For Lsps

    21.1.1.0/24 NULL/1027 10.1.1.2 -------/Vlan2 ------------------------------------------------------------------- A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale # On Switch A, check the connectivity of the LDP LSP from Switch A to Switch C. [SwitchA] ping lsp ipv4 21.1.1.0 24 LSP Ping FEC: IPV4 PREFIX 21.1.1.0/24 : 100 data bytes, press CTRL_C to break...

  • Page 47

    [SwitchC] mpls lspv [SwitchC-mpls-lspv] bfd enable 11.1.1.0 24 [SwitchC-mpls-lspv] quit Verify the configuration. Execute the display mpls lsp bfd command on Switch A and Switch C respectively to view information about the sessions established for the LSPs. Take Switch A as an example: [SwitchA] display mpls lsp bfd MPLS BFD Session(s) Information -----------------------------------------------------------------------------...

  • Page 48

    Running Up for: 00:15:44 Auth mode: None Connect Type: Indirect Board Num: 7 Protocol: MFW/LSPV Diag Info: No Diagnostic...

  • Page 49: Mpls Te Overview, Traffic Engineering And Mpls Te

    Configuring MPLS TE MPLS TE overview Traffic engineering and MPLS TE Network congestion is one of the major problems that can degrade your network backbone performance. It may occur either when network resources are inadequate or when load distribution is unbalanced.

  • Page 50: Mpls Te Implementation

    With MPLS TE, a network administrator can eliminate network congestion by creating some LSPs and congestion bypass nodes. Special offline tools are also available for the traffic analysis performed when the number of LSPs is large. Basic concepts LSP tunnel On an LSP, after packets are labeled at the ingress node, the packets are forwarded based on label.

  • Page 51: Cr-lsp

    Establishing paths RSVP-TE is the signaling for setting up LSP tunnels. RSVP-TE can carry constraints such as LSP bandwidth, some explicit route information, and color. RSVP-TE uses raw IP to establish LSPs. It is a well-established technology in terms of its architecture, protocol procedures and support to services.

  • Page 52: Rsvp-te

    Route pinning Route pinning prevents an established CR-LSP from changing upon route changes. If a network does not run IGP TE extension, the network administrator is unable to identify from which part of the network the required bandwidth will be obtained when setting up a CR-LSP. In this case, loose explicit route (ER-hop) with required resources is used.

  • Page 53

    Each LSP set up using RSVP-TE is assigned a resource reservation style. During an RSVP session, the receiver decides which reservation style can be used for this session and which LSPs can be used. The following reservation styles are available: Fixed-filter style (FF) where resources are reserved for individual senders and cannot be shared among senders on the same session.

  • Page 54

    PathErr messages: sent upstream to report Path message processing errors to senders. They do not • affect the state of the nodes along the path. ResvErr messages: sent downstream to notify the downstream nodes that error occurs during Resv • message processing or reservation error occurs as the result of preemption.

  • Page 55

    Message_ID extension • RSVP itself uses Raw IP to send messages. The Message_ID extension mechanism defined in RFC 2961 adds objects that can be carried in RSVP messages. Of them, the Message_ID object and the Message_ID_ACK object are used to acknowledge RSVP messages, improving transmission reliability.

  • Page 56: Traffic Forwarding

    A GR helper considers that a GR restarter is rebooting when it receives no Hello packets from the restarter in a specific period of time. When a GR restarter is rebooting, the GR helpers retain soft state information about the GR restarter and keep sending Hello packets periodically to the GR restarter until the restart timer expires.

  • Page 57: Cr-lsp Backup

    Figure 17 IGP shortcut and forwarding adjacency As shown in Figure 17, a TE tunnel is present between Router D and Router C. With IGP shortcut enabled, the ingress node Router D can use this tunnel when calculating IGP routes. This tunnel, however, is invisible to Router A;...

  • Page 58

    Once a link or node on an LSP configured with FRR fails, traffic is switched to the protection link and the ingress node of the LSP starts attempting to set up a new LSP. Basic concepts The following are concepts that FRR involves throughout this document: Primary LSP: The protected LSP.

  • Page 59: Protocols And Standards

    As bypass LSPs are pre-established, FRR requires extra bandwidth. When network bandwidth is insufficient, use FRR for crucial interfaces or links only. PS for an MPLS TE tunnel Protection switching (PS) refers to establishing one or more protection tunnels (backup tunnels) for a main tunnel.

  • Page 60: Mpls Te Configuration Task List

    MPLS TE configuration task list Complete the following tasks to configure MPLS TE: Task Remarks Configuring MPLS TE basic settings Required Creating MPLS TE tunnel over static CR-LSP Required Configuring an MPLS TE tunnel Use either approach Configuring MPLS TE tunnel with dynamic signaling protocol Configuring RSVP-TE advanced features Optional Tuning CR-LSP setup...

  • Page 61: Creating Mpls Te Tunnel Over Static Cr-lsp

    To do… Use the command… Remarks Required Enable global MPLS TE mpls te Disabled by default Return to system view quit –– Enter the interface view of an MPLS interface interface-type –– TE link interface-number Required Enable interface MPLS TE mpls te Disabled by default Return to system view...

  • Page 62

    Configuration procedure To create an MPLS TE tunnel over a CR-LSP: To do… Use the command… Remarks Enter system view system-view –– Enter the interface view of an MPLS interface tunnel tunnel-number –– TE tunnel Configure the tunnel to use static mpls te signal-protocol static Required CR-LSP...

  • Page 63: Configuration Prerequisites

    Configure MPLS TE properties for links and advertise them through IGP TE extension to form a TEDB. • • Configure tunnel constraints. Use the CSPF algorithm to calculate a preferred path based on the TEDB and tunnel constraints. • Establish the path by using the signaling protocol RSVP-TE. •...

  • Page 64

    MTU needs to be recalculated according to the packet structure. When TE is configured, HP recommends that you set the MTU of any interface with IS-IS enabled be equal to or greater than 512 bytes to guarantee that IS-IS LSPs can be flooded on the network.

  • Page 65

    IP addresses, IS-IS TE advertises only the primary IP address of the interface through the sub-TLV of IS reachability TLV (type 22). HP does not recommend enabling IS-IS TE on an interface configured with secondary IP addresses.

  • Page 66

    To do… Use the command... Remarks Required The next hop is a strict node by Specify a next hop IP address on next hop ip-address [ include default. the explicit path [ loose | strict ] | exclude ] Repeat this step to define a sequential set of the hops that the explicit path traverses.

  • Page 67: Configuring Rsvp-te Advanced Features

    To do… Use the command... Remarks interface interface-type Enter interface view of MPLS TE link –– interface-number Required Enable RSVP-TE on the interface mpls rsvp-te Disabled by default Enter MPLS TE tunnel interface view interface tunnel tunnel-number –– Set the signaling protocol for Optional setting up the MPLS TE tunnel to mpls te signal-protocol rsvp-te...

  • Page 68

    To do… Use the command... Remarks Enter MPLS TE tunnel interface view interface tunnel tunnel-number –– Optional Configure the resources mpls te resv-style { ff | se } The default resource reservation reservation style for the tunnel style is SE. Submit current tunnel configuration mpls te commit Required...

  • Page 69

    To do… Use the command... Remarks mpls rsvp-te timer retransmission { increment-value Optional Enable retransmission [ increment-value ] | Disabled by default retransmit-value [ retrans-timer-value ] } * Optional Enable summary refresh mpls rsvp-te srefresh Disabled by default Configuring the RSVP hello extension To configure the RSVP hello extension: To do…...

  • Page 70

    NOTE: Reservation confirmation is initiated by the receiver, which sends the Resv message with an object • requesting reservation confirmation. Receiving the ResvConf message does not mean resource reservation is established. It only indicates that • resources are reserved on the farthest upstream node where the Resv message arrived and the resources can be preempted.

  • Page 71: Tuning Cr-lsp Setup

    To do… Use the command... Remarks Required Enable RSVP hello extension for the mpls rsvp-te hello interface Disabled by default Configuring Cooperation of RSVP-TE and BFD On an MPLS TE network, if a link between neighboring LSRs fails, the corresponding MPLS TE tunnel will fail to forward packets.

  • Page 72

    To do… Use the command... Remarks Specify the tie breaker that a tunnel Optional uses to select a path when multiple mpls te tie-breaking { least-fill | The random keyword applies by paths with the same metric are most-fill | random } default.

  • Page 73: Tuning Mpls Te Tunnel Setup

    NOTE: The associations between administrative groups and affinities may vary by vendor. To ensure the successful establishment of a tunnel between two devices from different vendors, correctly configure their respective administrative groups and affinities. To configure the administrative group and affinity attribute: To do…...

  • Page 74: Configuration Procedures

    Configuration prerequisites The configurations described in this section need to be used together with a dynamic signaling protocol (such as RSVP-TE). Before performing them, be aware of each configuration objective and its impact on your system. Configuration procedures Configuring loop detection To configure loop detection: To do…...

  • Page 75: Configuring Traffic Forwarding

    Assigning priorities to a tunnel Two priorities, setup priority and holding priority, are assigned to paths for MPLS TE to make preemption decision. For a new path to preempt an existing path, the setup priority of the new path must be greater than the holding priority of the existing path.

  • Page 76

    NOTE: interface-type argument in the ip route-static command must be tunnel. In addition, the preference • value must be set. Layer 3—IP Routing Configuration Guide For more information about static routing, see • Forwarding traffic along MPLS TE tunnels through automatic route advertisement Two approaches, IGP shortcut and forwarding adjacency, are available to automatic route advertisement to advertise MPLS TE tunnel interface routes to IGPs, allowing traffic to be routed down MPLS TE tunnels.

  • Page 77: Configuring Traffic Forwarding Tuning Parameters

    You need to create a bi-directional MPLS TE tunnel and enable forwarding adjacency at both ends of the tunnel to make forwarding adjacency take effect. To configure forwarding adjacency: To do… Use the command... Remarks Enter system view system-view –– Enter MPLS TE tunnel interface view interface tunnel tunnel-number ––...

  • Page 78

    To do… Use the command... Remarks Enter system view system-view –– Enter MPLS view mpls –– Optional Configure the CSPF failed link mpls te cspf timer failed-link timer timer-interval The default is 10 seconds. Configuring flooding thresholds After bandwidths of links regulated by MPLS TE change, CSPF may need to recalculate paths. This tends to be resource consuming as recalculation involves IGP flooding.

  • Page 79: Configuring Cr-lsp Backup

    To do… Use the command... Remarks Optional If no TE metric is assigned to the Assign a TE metric to the link mpls te metric value link, IGP metric is used as the TE metric by default. NOTE: If you do not configure the mpls te path metric-type command in MPLS TE tunnel interface view, the configuration in MPLS view takes effect.

  • Page 80: Configuring Frr

    NOTE: Configure CR-LSP backup mode at the ingress node of a tunnel. The system automatically selects the primary LSP and backup LSP. You do not need to configure them. Configuring FRR NOTE: Do not configure both FRR and RSVP authentication on the same interface. As mentioned earlier, FRR provides quick but temporary per-link or per-node local protection on an LSP.

  • Page 81

    Configuring a bypass tunnel on its PLR After a tunnel is specified to protect an interface, its corresponding LSP becomes a bypass LSP. The setup of a bypass LSP must be manually performed on the PLR. The configuration of a bypass LSP is similar to that of a common LSP, but a bypass LSP cannot act as a primary LSP to be protected by another LSP at the same time.

  • Page 82: Inspecting An Mpls Te Tunnel

    To configure node protection: To do… Use the command... Remarks Enter system view system-view –– Enter MPLS view mpls –– Required Enable RSVP hello extension on mpls rsvp-te hello current node Disabled by default Exit to system view quit –– Enter the view of the interface interface interface-type directly connected to the protected...

  • Page 83: Configuring Mpls Lsp Ping

    Configuring MPLS LSP ping MPLS LSP ping can be used to check the connectivity of an MPLS TE tunnel. At the ingress, it adds the label of the tunnel into an MPLS echo request, and sends it along the MPLS TE tunnel to the egress. The ingress determines whether the MPLS TE tunnel is normal according to whether it can receive a reply from the egress.

  • Page 84

    Such a BFD session can detect the connectivity of a unidirectional (from the local device to the remote device) MPLS TE tunnel between two devices. After you enable BFD and configure the mpls te failure-action teardown command for an MPLS TE tunnel, once an RSVP-TE tunnel failure occurs, BFD can detect the failure, and if RSVP does not re-establish the tunnel within a specific period of time, MPLS TE will remove the failed RSVP-TE tunnel and then re-establish it.

  • Page 85

    NOTE: MPLS Command Reference For more information about the mpls lspv command, see Configuring periodic LSP tracert The periodic LSP tracert function for an MPLS TE tunnel is for locating faults of the MPLS TE tunnel periodically. It detects the consistency of the forwarding and control plane and records detection results into logs.

  • Page 86: Displaying And Maintaining Mpls Te

    Configure BFD for the MPLS TE tunnel • Before you configure a protection tunnel, prepare the following data: Interface number of the main tunnel in the protection group • ID of the protection tunnel in the protection group • Configuration procedure To configure protection switching: To do…...

  • Page 87

    To do… Use the command… Remarks display mpls rsvp-te request [ interface interface-type Display information about RSVP Available in any view interface-number ] [ | { begin | requests exclude | include } regular-expression ] display mpls rsvp-te reservation [ interface interface-type Display information about RSVP interface-number ] [ | { begin | Available in any view...

  • Page 88

    To do… Use the command… Remarks display mpls te tunnel [ destination dest-addr ] [ lsp-id lsr-id lsp-id ] [ lsr-role { all | egress | ingress | remote | transit } ] [ name name ] Display information about MPLS TE [ { incoming-interface | Available in any view tunnels...

  • Page 89: Mpls Te Configuration Examples

    To do… Use the command… Remarks display isis traffic-eng statistics [ process-id | vpn-instance Display statistics about TE for IS-IS vpn-instance-name ] [ | { begin | Available in any view exclude | include } regular-expression ] display isis traffic-eng sub-tlvs [ process-id | vpn-instance Display information about sub-TLVs vpn-instance-name ] [ | { begin |...

  • Page 90

    Figure 20 Network diagram Loop0 2.2.2.2/32 Vlan-int2 Vlan-int1 3.2.1.1/24 2.1.1.2/24 Switch B Vlan-int1 Vlan-int2 2.1.1.1/24 3.2.1.2/24 Switch A Switch C Loop0 Loop0 3.3.3.3/32 1.1.1.1/32 Configuration procedure Assign IP addresses and masks to interfaces (see Figure 20). Details not shown Enable IS-IS to advertise host routes with LSR IDs as destinations. # Configure Switch A.

  • Page 91

    [SwitchC] isis 1 [SwitchC-isis-1] network-entity 00.0005.0000.0000.0003.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] isis enable 1 [SwitchC-Vlan-interface2] quit [SwitchC] interface loopback 0 [SwitchC-LoopBack0] isis enable 1 [SwitchC-LoopBack0] quit Perform the display ip routing-table command on each switch. The output shows that all nodes have learned the host routes of other nodes with LSR IDs as destinations.

  • Page 92

    # Configure Switch C. [SwitchC] mpls lsr-id 3.3.3.3 [SwitchC] mpls [SwitchC-mpls] mpls te [SwitchC-mpls] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] mpls [SwitchC-Vlan-interface2] mpls te [SwitchC-Vlan-interface2] quit Configure an MPLS TE tunnel. Configure an MPLS TE tunnel on Switch A. [SwitchA] interface tunnel 0 [SwitchA-Tunnel0] ip address 6.1.1.1 255.255.255.0 [SwitchA-Tunnel0] tunnel-protocol mpls te [SwitchA-Tunnel0] destination 3.3.3.3...

  • Page 93

    0 input error 0 packets output, 0 bytes 0 output error Perform the display mpls te tunnel command on each switch to verify information about the MPLS TE tunnel. [SwitchA] display mpls te tunnel LSP-Id Destination In/Out-If Name 1.1.1.1:1 3.3.3.3 -/Vlan1 Tunnel0 [SwitchB] display mpls te tunnel...

  • Page 94: Mpls Te Using Rsvp-te Configuration Example

    NOTE: On an MPLS TE tunnel configured using a static CR-LSP, traffic is forwarded directly based on label at the transit nodes and egress node. Therefore, it is normal that the FEC field in the sample output is empty on Switch B and Switch C.

  • Page 95

    [SwitchA-Vlan-interface1] isis circuit-level level-2 [SwitchA-Vlan-interface1] quit [SwitchA] interface loopback 0 [SwitchA-LoopBack0] isis enable 1 [SwitchA-LoopBack0] isis circuit-level level-2 [SwitchA-LoopBack0] quit # Configure Switch B. <SwitchB> system-view [SwitchB] isis 1 [SwitchB-isis-1] network-entity 00.0005.0000.0000.0002.00 [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 1 [SwitchB-Vlan-interface1] isis enable 1 [SwitchB-Vlan-interface1] isis circuit-level level-2 [SwitchB-Vlan-interface1] quit [SwitchB] interface vlan-interface 2...

  • Page 96

    [SwitchD-Vlan-interface3] quit [SwitchD] interface loopback 0 [SwitchD-LoopBack0] isis enable 1 [SwitchD-LoopBack0] isis circuit-level level-2 [SwitchD-LoopBack0] quit Perform the display ip routing-table command on each switch. The output shows that all nodes have learned the host routes of other nodes with LSR IDs as destinations. Take Switch A for example: [SwitchA] display ip routing-table Routing Tables: Public...

  • Page 97

    [SwitchB-Vlan-interface2] mpls [SwitchB-Vlan-interface2] mpls te [SwitchB-Vlan-interface2] mpls rsvp-te [SwitchB-Vlan-interface2] quit # Configure Switch C. [SwitchC] mpls lsr-id 3.3.3.9 [SwitchC] mpls [SwitchC-mpls] mpls te [SwitchC-mpls] mpls rsvp-te [SwitchC-mpls] mpls te cspf [SwitchC-mpls] quit [SwitchC] interface vlan-interface 3 [SwitchC-Vlan-interface3] mpls [SwitchC-Vlan-interface3] mpls te [SwitchC-Vlan-interface3] mpls rsvp-te [SwitchC-Vlan-interface3] quit [SwitchC] interface vlan-interface 2...

  • Page 98

    [SwitchC-isis-1] traffic-eng level-2 [SwitchC-isis-1] quit # Configure Switch D. [SwitchD] isis 1 [SwitchD-isis-1] cost-style wide [SwitchD-isis-1] traffic-eng level-2 [SwitchD-isis-1] quit Create an MPLS TE tunnel. Create an MPLS TE tunnel on Switch A. [SwitchA] interface tunnel 1 [SwitchA-Tunnel1] ip address 7.1.1.1 255.255.255.0 [SwitchA-Tunnel1] tunnel-protocol mpls te [SwitchA-Tunnel1] destination 4.4.4.9 [SwitchA-Tunnel1] mpls te tunnel-id 10...

  • Page 99

    Admin State Oper State Ingress LSR ID 1.1.1.9 Egress LSR ID: 4.4.4.9 Signaling Prot RSVP Resv Style Class Type Tunnel BW 0 kbps Reserved BW 0 kbps Setup Priority Hold Priority: Affinity Prop/Mask 0x0/0x0 Explicit Path Name Tie-Breaking Policy : None Metric Type None...

  • Page 100: Configuration Example Of Inter-as Mpls Te Tunnel Using Rsvp-te

    Configuration example of inter-AS MPLS TE tunnel using RSVP-TE Network requirements Switch A and Switch B are in AS 100, and they run OSPF as the IGP. • Switch C and Switch D are in AS 200, and they run OSPF as the IGP. •...

  • Page 101

    [SwitchB-ospf-1] import-route bgp [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit # Configure OSPF on Switch C. <SwitchC> system-view [SwitchC] ospf [SwitchC-ospf-1] import-route direct [SwitchC-ospf-1] import-route bgp [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit...

  • Page 102

    [SwitchC] bgp 200 [SwitchC-bgp] peer 20.1.1.1 as-number 100 [SwitchC-bgp] import-route ospf [SwitchC-bgp] import-route direct [SwitchC-bgp] quit After the configuration, execute the display ip routing-table command on each device. The output shows that each device has learned the routes to the outside of the AS. Take Switch A as an example: [SwitchA] display ip routing-table Routing Tables: Public...

  • Page 103

    [SwitchB-Vlan-interface1] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] mpls [SwitchB-Vlan-interface2] mpls te [SwitchB-Vlan-interface2] mpls rsvp-te [SwitchB-Vlan-interface2] quit # Configure Switch C. [SwitchC] mpls lsr-id 3.3.3.9 [SwitchC] mpls [SwitchC-mpls] mpls te [SwitchC-mpls] mpls rsvp-te [SwitchC-mpls] mpls te cspf [SwitchC-mpls] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] mpls [SwitchC-Vlan-interface2] mpls te [SwitchC-Vlan-interface2] mpls rsvp-te...

  • Page 104

    [SwitchB-ospf-1-area-0.0.0.0] mpls-te enable [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit # Configure Switch C. [SwitchC] ospf [SwitchC-ospf-1] opaque-capability enable [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] mpls-te enable [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit # Configure Switch D. [SwitchD] ospf [SwitchD-ospf-1] opaque-capability enable [SwitchD-ospf-1] area 0 [SwitchD-ospf-1-area-0.0.0.0] mpls-te enable [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit Configure a loose explicit route.

  • Page 105

    Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 Last clearing of counters: Never Last 300 seconds input: 0 bytes/sec, 0 packets/sec Last 300 seconds output: 0 bytes/sec, 0 packets/sec 0 packets input, 0 bytes...

  • Page 106: Rsvp-te Gr Configuration Example

    Backup Tunnel Group Status Perform the display mpls te cspf tedb all command on Switch A to view information about links in TEDB. [SwitchA] display mpls te cspf tedb all Maximum Node Supported: 128 Maximum Link Supported: 256 Current Total Node Number: 2 Current Total Link Number: 2 MPLS LSR-Id Process-Id...

  • Page 107

    Figure 23 Network diagram Configuration procedure Assign IP addresses and masks to interfaces (see Figure 23). Details not shown Enable IS-IS to advertise host routes with LSR IDs as destinations. Details not shown Configure MPLS TE basic settings, and enable RSVP-TE and RSVP hello extension. # Configure Switch A.

  • Page 108

    # Configure Switch C. <SwitchC> system-view [SwitchC] mpls lsr-id 3.3.3.9 [SwitchC] mpls [SwitchC-mpls] mpls te [SwitchC-mpls] mpls rsvp-te [SwitchC-mpls] mpls rsvp-te hello [SwitchC-mpls] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] mpls [SwitchC-Vlan-interface2] mpls te [SwitchC-Vlan-interface2] mpls rsvp-te [SwitchC-Vlan-interface2] mpls rsvp-te hello [SwitchC-Vlan-interface2] quit Configure IS-IS TE.

  • Page 109: Mpls Rsvp-te And Bfd Cooperation Configuration Example

    MPLS RSVP-TE and BFD cooperation configuration example Network requirements Switch A and Switch B are connected directly. Enable MPLS RSVP-TE BFD on the VLAN interfaces connecting the two switches, and run OSPF on the switches to ensure reachability at the network layer. If the link between Switch A and Switch B fails, BFD can detect the failure quickly and inform MPLS RSVP-TE of the failure.

  • Page 110

    [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 12.12.12.1 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B. [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 12.12.12.2 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit Configure IP addresses for the interfaces. # Configure Switch A.

  • Page 111: Cr-lsp Backup Configuration Example

    CR-LSP backup configuration example Network requirements Set up an MPLS TE tunnel from Switch A to Switch C. Use CR-LSP hot backup for it. Figure 25 Network diagram Switch A Switch B Switch C Loop0 Loop0 Loop0 Vlan-int1 Vlan-int2 Vlan-int1 Vlan-int2 Vlan-int4 Vlan-int3...

  • Page 112

    [SwitchA-Vlan-interface1] mpls [SwitchA-Vlan-interface1] mpls te [SwitchA-Vlan-interface1] mpls rsvp-te [SwitchA-Vlan-interface1] quit [SwitchA] interface vlan-interface 4 [SwitchA-Vlan-interface4] mpls [SwitchA-Vlan-interface4] mpls te [SwitchA-Vlan-interface4] mpls rsvp-te [SwitchA-Vlan-interface4] quit NOTE: Follow the same steps to configure Switch B, Switch C, and Switch D. Create an MPLS TE tunnel on Switch A. # Configure the MPLS TE tunnel carried on the primary LSP.

  • Page 113

    Perform the display mpls te tunnel command on Switch A. You can see that two tunnels are present with the outgoing interface being VLAN-interface 1 and VLAN-interface 4 respectively. This indicates that a backup CR-LSP was created upon creation of the primary CR-LSP. [SwitchA] display mpls te tunnel LSP-Id Destination...

  • Page 114: Frr Configuration Example

    NOTE: Configuring ordinary CR-LSP backup is almost the same as configuring hot CR-LSP backup except that you need to replace the mpls te backup hot-standby command with the mpls te backup ordinary command. Unlike in hot CR-LSP backup where a secondary tunnel is created immediately upon creation of a primary tunnel, in ordinary CR-LSP backup, a secondary CR-LSP is created only after the primary LSP goes down.

  • Page 115

    Details not shown Configure the IGP protocol. # Enable IS-IS to advertise host routes with LSR IDs as destinations on each node. (Details not shown) # Perform the display ip routing-table command on each switch. You can see that all nodes have learned the host routes of other nodes with LSR IDs as destinations.

  • Page 116

    [SwitchB-Vlan-interface1] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] mpls [SwitchB-Vlan-interface2] mpls te [SwitchB-Vlan-interface2] mpls rsvp-te [SwitchB-Vlan-interface2] quit [SwitchB] interface vlan-interface 4 [SwitchB-Vlan-interface4] mpls [SwitchB-Vlan-interface4] mpls te [SwitchB-Vlan-interface4] mpls rsvp-te [SwitchB-Vlan-interface4] quit NOTE: Follow the same steps to configure Switch C, Switch D, and Switch E. Create an MPLS TE tunnel on Switch A, the ingress node of the primary LSP.

  • Page 117

    Last 300 seconds output: 0 bytes/sec, 0 packets/sec 0 packets input, 0 bytes 0 input error 0 packets output, 0 bytes 0 output error Perform the display mpls te tunnel-interface command on Switch A to verify the configuration of the tunnel interface. [SwitchA] display mpls te tunnel-interface Tunnel Name Tunnel4...

  • Page 118

    [SwitchB-explicit-path-by-path] next hop 3.3.3.3 [SwitchB-explicit-path-by-path] quit # Create the bypass tunnel. [SwitchB] interface tunnel 5 [SwitchB-Tunnel5] ip address 11.1.1.1 255.255.255.0 [SwitchB-Tunnel5] tunnel-protocol mpls te [SwitchB-Tunnel5] destination 3.3.3.3 [SwitchB-Tunnel5] mpls te tunnel-id 15 [SwitchB-Tunnel5] mpls te path explicit-path by-path preference 1 # Configure the bandwidth that the bypass tunnel protects.

  • Page 119

    ------------------------------------------------------------------ LSP Information: RSVP LSP ------------------------------------------------------------------ In/Out Label In/Out IF Vrf Name 3.3.3.3/32 1024/3 Vlan4/Vlan5 Perform the display mpls te tunnel command on each switch. You can see that two MPLS TE tunnels are traversing Switch B and Switch C. [SwitchA] display mpls te tunnel LSP-Id Destination...

  • Page 120

    IngressLsrID 2.2.2.2 LocalLspID Tunnel-Interface Tunnel5 3.3.3.3/32 Nexthop 3.2.1.2 In-Label NULL Out-Label 1024 In-Interface ---------- Out-Interface Vlan-interface4 LspIndex 4098 Tunnel ID 0x22002 LsrType Ingress Bypass In Use Not Exists BypassTunnel Tunnel Index[---] Mpls-Mtu 1500 Verify the FRR function. # Shut down the protected outgoing interface on PLR. [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] shutdown %Sep...

  • Page 121

    Back Up Type None Back Up LSPID Auto BW Disabled Auto BW Freq : Min BW Max BW Current Collected BW: Interfaces Protected: VPN Bind Type NONE VPN Bind Value Car Policy Disabled Tunnel Group Primary Primary Tunnel Backup Tunnel Group Status Tunnel Name Tunnel4...

  • Page 122

    Group Status NOTE: If you perform the display mpls te tunnel-interface command immediately after an FRR protection switch, you are likely to see two CR-LSPs in up state are present. This is normal because the make-before-break mechanism of FRR introduces a delay before removing the old LSP after a new LSP is created. Perform the display mpls lsp verbose command on Switch B.

  • Page 123: Mpls Te In Mpls L3vpn Configuration Example

    [SwitchB-mpls] mpls te timer fast-reroute 5 [SwitchB-mpls] quit # Bring the protected outgoing interface up on PLR. [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] undo shutdown %Sep 7 09:01:31 2004 SwitchB IFNET/5/UPDOWN:Line protocol on the interface Vlan-interface2 turns into UP state Perform the display interface tunnel 4 command on Switch A to identify the state of the primary LSP. You can see that the tunnel interface is up.

  • Page 124

    [PE1-LoopBack0] quit [PE1] interface vlan-interface 2 [PE1-Vlan-interface2] ip address 10.0.0.1 255.255.255.0 [PE1-Vlan-interface2] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 10.0.0.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure PE 2. <PE2> system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 3.3.3.3 255.255.255.255 [PE2-LoopBack0] quit [PE2] interface vlan-interface 2...

  • Page 125

    127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configure basic MPLS TE, enable RSVP-TE and CSPF. # Configure PE 1. [PE1] mpls lsr-id 2.2.2.2 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] mpls te [PE1-mpls] mpls rsvp-te [PE1-mpls] mpls te cspf [PE1-mpls] quit [PE1] interface vlan-interface 2 [PE1-Vlan-interface2] mpls [PE1-Vlan-interface2] mpls te [PE1-Vlan-interface2] mpls rsvp-te...

  • Page 126

    [PE1-Tunnel1] ip address 12.1.1.1 255.255.255.0 [PE1-Tunnel1] tunnel-protocol mpls te [PE1-Tunnel1] destination 3.3.3.3 [PE1-Tunnel1] mpls te tunnel-id 10 [PE1-Tunnel1] mpls te signal-protocol rsvp-te [PE1-Tunnel1] mpls te commit [PE1-Tunnel1] quit Perform the display interface tunnel command on PE 1. You can see that the tunnel interface is up. Configure the VPN instance on each PE, and bind it to the interface connected to the CE.

  • Page 127

    Up time : 0 days, 00 hours, 03 minutes and 09 seconds Route Distinguisher : 100:1 Export VPN Targets : 100:1 Import VPN Targets : 100:1 Tunnel Policy : policy1 Interfaces : Vlan-interface1 Ping connected CEs on PEs to test connectivity. For example, ping CE 1 on PE 1: [PE1] ping -vpn-instance vpn1 192.168.1.2 PING 192.168.1.2: 56 data bytes, press CTRL_C to break...

  • Page 128

    [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] peer 2.2.2.2 as-number 100 [PE2-bgp] peer 2.2.2.2 connect-interface loopback 0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 2.2.2.2 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit Perform the display bgp peer command and the display bgp vpn-instance peer command on PEs. The output shows that the BGP peer relationships have been formed between PEs and between PEs and CEs and have reached the established state.

  • Page 129

    round-trip min/avg/max = 35/48/74 ms The sample output shows that CE 1 and CE 2 can reach each other. Verify the configuration. Perform the display mpls lsp verbose command on PE 1. The output shows that the LSP with LspIndex 2050 is established by using RSVP-TE. It is the MPLS TE tunnel. [PE1] display mpls lsp verbose ------------------------------------------------------------------ LSP Information: RSVP LSP...

  • Page 130

    In-Label Out-Label NULL In-Interface Vlan-interface2 Out-Interface ---------- LspIndex 10241 Tunnel ID LsrType Egress Outgoing Tunnel ID Label Operation VrfIndex 3.3.3.3/32 Nexthop 10.0.0.2 In-Label NULL Out-Label In-Interface ---------- Out-Interface Vlan-interface2 LspIndex 10242 Tunnel ID 0x22000 LsrType Ingress Outgoing Tunnel ID Label Operation PUSH Perform the display interface tunnel command on PE 1.

  • Page 131: Troubleshooting Mpls Te

    Troubleshooting MPLS TE No TE LSA generated Symptom OSPF TE is configured but no TE LSAs can be generated to describe MPLS TE attributes. Analysis For TE LSAs to be generated, at least one OSPF neighbor must reach the FULL state. Solution Perform the display current-configuration command to check that MPLS TE is configured on involved interfaces.

  • Page 132: Configuring Vpls, Vpls Overview, Operation Of Vpls

    Configuring VPLS NOTE: The switch operates in IRF or standalone (the default) mode. For more information about IRF mode, see • IRF Configuration Guide The switch does not support VPLS when the system works in normal mode. For more information about •...

  • Page 133

    Tunnel—A tunnel, usually an MPLS tunnel, is a direct channel between a local PE and the peer PE • for transparent data transmission in-between. It is used to carry PWs. A tunnel can carry multiple PWs. • Encapsulation—Packets transmitted over a PW use the standard PW encapsulation formats and technologies: Ethernet and VLAN.

  • Page 134

    Figure 29 shows the procedure of MAC address learning and flooding on PEs. Figure 29 MAC learning and flooding on PEs • MAC address reclaim Dynamic address learning must support refreshing and relearning. The VPLS draft defines a dynamic address learning method that uses the address reclaim message, which carries MAC TLV. Upon receiving such a message, a device removes MAC addresses or relearns them according to the specified parameters in the TLV.

  • Page 135: Vpls Packet Encapsulation

    Split horizon forwarding—Each PE must support horizontal split to avoid loops. A PE cannot • forward packets through PWs of the same VSI, because all the PEs of a VSI are directly connected. Packets from PWs on the public network side cannot be forwarded to other PWs; they can only be forwarded to the private network side.

  • Page 136: H-vpls Implementation

    tunnel label into the packet before sending the packet out. If the packet contains no service delimiter, the PE adds the VLAN tag expected by the peer PE or a null tag, and then a PW label and a tunnel label into the packet before sending the packet out.

  • Page 137

    H-VPLS with QinQ access Figure 31 H-VPLS with QinQ access As shown in Figure 31, MTU is a standard bridging device and QinQ is enabled on its interfaces connected to CEs. Data forwarding in H-VPLS with QinQ access is as follows: Upon receiving a packet from a CE, MTU labels the packet with a VLAN tag as the multiplex •...

  • Page 138: Hub-spoke Vpls Implementation

    The H-VPLS with LSP access activates the backup link when: • The tunnel over which the primary PW is established is deleted, causing the PW to go down. BFD detects a main link failure. • The LDP session between the peers of the primary PW goes down, and the PW is deleted as a •...

  • Page 139: Multi-hop Pw

    When Spoke-PE 2 receives the packet from the PW, it determines by the MPLS label the VSI that the packet is for, and then forwards the packet to Spoke-CE 2. NOTE: In a hub-spoke network, you can configure only one hub-CE node. Multi-hop PW A PW cannot be setup directly between two PEs when: •...

  • Page 140: Vpls Configuration Task List

    VPLS configuration task list Complete the following tasks to configure VPLS: Task Remarks Configuring LDP VPLS Configure either type of VPLS as needed Configuring BGP VPLS Binding a VPLS instance Required Configuring VPLS and MAC-in-MAC dual-stack support Optional Configuring MAC address learning Optional Configuring VPLS instance attributes Required...

  • Page 141: Configuring An Ldp Vpls Instance

    Configure basic MPLS on the MPLS backbone devices (PEs and P devices) to establish LSP tunnels • on the backbone network. For configuration information, see the chapter “Configuring basic MPLS.” • Configure LDP remote peers on PEs to establish remote LDP sessions. For configuration information, see the chapter “Configuring basic MPLS.”...

  • Page 142: Configuring Bgp Vpls

    To do… Use the command… Remarks peer ip-address [ { hub | spoke } | pw-class class-name | [ pw-id Create a peer PE for the VPLS pw-id ] [ upe | backup-peer Required instance ip-address [ backup-pw-id pw-id ] ] ] * Optional Enable the PW switchover function dual-npe revertive [ wtr-time...

  • Page 143: Configuring A Bgp Vpls Instance

    Configuring a BGP VPLS instance When creating a BGP VPLS instance, you must specify a globally unique name for the VPLS instance and set the peer discovery mechanism to automatic configuration. When configuring a BGP VPLS instance, you must configure BGP as the signaling protocol to be used. To configure a BGP VPLS instance: To do…...

  • Page 144: Binding A Layer 3 Interface With A Vpls Instance

    NOTE: The interface bound with a VPLS instance does not support the redirection function (the redirect ACL and QoS Command Reference command). For more information about the redirect command, see Binding a Layer 3 interface with a VPLS instance To bind a Layer 3 interface with a VPLS instance: To do…...

  • Page 145: Configuring Vpls And Mac-in-mac Dual-stack Support

    To do… Use the command… Remarks Add the interface connecting the port interface Required CE to the VLAN Return to system view quit — Enter the view of the interface interface interface-type — connecting the CE interface-number Required Create a service instance and service-instance By default, no service instance is enter its view...

  • Page 146: Configuring Mac Address Learning

    Figure 35 Network diagram To configure the switch to support VPLS and MAC-in-MAC dual-stack, you need to create a VSI that supports VPLS and MAC-in-MAC dual-stack. To create such a VSI, specify the peer discovery mechanism, enable the MAC-in-MAC function, and specify the Backbone Service Instance Identifier (I-SID) for MAC-in-MAC when creating the VSI.

  • Page 147: Configuring Vpls Instance Attributes

    To do… Use the command… Remarks Enable the MAC address move function, so when the incoming Optional interfaces of packets change, the mac-move enable device changes the interfaces in Disabled by default. the corresponding MAC address entries accordingly Configuring VPLS instance attributes To configure VPLS instance attributes: To do…...

  • Page 148: Inspecting Pws

    If the AC interface is a Layer 2 interface, create a service instance on the interface, apply global • committed access rate (CAR) actions for the service instance, and then bind the service instance to a VPLS instance. This configuration task describes how to apply a CAR action for a service instance. Configuration prerequisites Use the qos car command in system view to configure a global CAR action.

  • Page 149: Displaying And Maintaining Vpls

    NOTE: MPLS LSP ping can be used to inspect only an LDP PW. • To use an A12500 switch to check the reachability of the VC to a peer PE, make sure that the peer PE • supports VC inspection. The peer PE, however, cannot use this function to check the reachability of the VC to the A12500 switch.

  • Page 150: Vpls Configuration Examples

    To do… Use the command… Remarks display mpls l2vpn fib pw vpls [ vsi Display information about VPLS vsi-name [ link link-id ] ] [ chassis PW entries on a switch running in chassis-number slot slot-number ] Available in any view IRF mode [ verbose ] [ | { begin | exclude | include } regular-expression ]...

  • Page 151

    Service instance 1000 matches the received packets that carry VLAN tag 100 on GigabitEthernet • 3/0/1. The matched packets are forwarded by VPLS instance aaa. Service instance 2000 matches the received packets that carry VLAN tag 200 on GigabitEthernet • 3/0/1.

  • Page 152

    [PE1-bgp-af-vpls] quit [PE1-bgp] quit # Enable L2VPN and MPLS L2VPN. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Configure the basic attributes of VPLS instance aaa, which uses LDP. [PE1] vsi aaa static [PE1-vsi-aaa] pwsignal ldp [PE1-vsi-aaa-ldp] vsi-id 500 [PE1-vsi-aaa-ldp] peer 2.2.2.9 [PE1-vsi-aaa-ldp] quit [PE1-vsi-aaa] quit # Configure the basic attributes of VPLS instance bbb, which uses BGP.

  • Page 153

    [PE2-Vlan-interface10] ip address 10.10.10.11 24 # Configure basic MPLS on the VLAN interface. [PE2-Vlan-interface10] mpls [PE2-Vlan-interface10] mpls ldp [PE2-Vlan-interface10] quit # Configure the remote LDP session. [PE2] mpls ldp remote-peer 2 [PE2-mpls-remote-2] remote-ip 1.1.1.9 [PE2-mpls-remote-2] quit # Configure BGP extensions. [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connection-interface loopback 0...

  • Page 154: Configuring H-vpls With Lsp Access

    Verify the configuration. After you complete the configuration, issue the display vpls connection command on the PEs. You will see that PW connections in up state have been established. Configuring H-VPLS with LSP access Network requirements UPE and NPE 1 are connected through interfaces named VLAN-interface 10. NPE 1 and NPE 3 are connected to each other through interfaces named VLAN-interface 20.

  • Page 155

    # Configure the remote LDP session. [UPE] mpls ldp remote-peer 1 [UPE-mpls-remote-1] remote-ip 2.2.2.9 [UPE-mpls-remote-1] quit # Enable L2VPN and MPLS L2VPN. [UPE] l2vpn [UPE-l2vpn] mpls l2vpn [UPE-l2vpn] quit # Configure the basic attributes of VPLS instance aaa, which uses LDP. [UPE] vsi aaa static [UPE-vsi-aaa] pwsignal ldp [UPE-vsi-aaa-ldp] vsi-id 500...

  • Page 156

    # Configure the remote LDP peer UPE. [NPE1] mpls ldp remote-peer 2 [NPE1-mpls-remote-2] remote-ip 1.1.1.9 [NPE1-mpls-remote-2] quit # Configure the remote LDP peer NPE 3. [NPE1] mpls ldp remote-peer 3 [NPE1-mpls-remote-3] remote-ip 3.3.3.9 [NPE1-mpls-remote-3] quit # Enable L2VPN and MPLS L2VPN. [NPE1] l2vpn [NPE1-l2vpn] mpls l2vpn [NPE1-l2vpn] quit...

  • Page 157: Configuring Hub-spoke Vpls

    # Configure the basic attributes of VPLS instance aaa, which uses LDP. [NPE3] vsi aaa static [NPE3-vsi-aaa] pwsignal ldp [NPE3-vsi-aaa-ldp] vsi-id 500 [NPE3-vsi-aaa-ldp] peer 2.2.2.9 [NPE3-vsi-aaa-ldp] quit [NPE3-vsi-aaa] quit # On interface GigabitEthernet 3/0/1 connected to CE 2, create a service instance and bind VPLS instance aaa to the service instance.

  • Page 158

    Configuration procedure Configure the IGP protocol on the MPLS backbone, which is OSPF in this example. (Details not shown) Configure Spoke-PE 1. # Configure basic MPLS. <Sysname> system-view [Sysname] sysname Spoke-PE1 [Spoke-PE1] interface loopback 0 [Spoke-PE1-LoopBack0] ip address 1.1.1.9 32 [Spoke-PE1-LoopBack0] quit [Spoke-PE1] mpls lsr-id 1.1.1.9 [Spoke-PE1] mpls...

  • Page 159

    # Configure basic MPLS. <Sysname> system-view [Sysname] sysname Spoke-PE2 [Spoke-PE2] interface loopback 0 [Spoke-PE2-LoopBack0] ip address 2.2.2.9 32 [Spoke-PE2-LoopBack0] quit [Spoke-PE2] mpls lsr-id 2.2.2.9 [Spoke-PE2] mpls [Spoke-PE2–mpls] quit [Spoke-PE2] mpls ldp [Spoke-PE2–mpls-ldp] quit # Configure basic MPLS on the interface connected to Hub-PE. [Spoke-PE2] interface vlan-interface 20 [Spoke-PE2-Vlan-interface20] ip address 20.1.1.1 24 [Spoke-PE2-Vlan-interface20] mpls...

  • Page 160

    [Hub-PE-LoopBack0] quit [Hub-PE] mpls lsr-id 3.3.3.9 [Hub-PE] mpls [Hub-PE–mpls] quit [Hub-PE] mpls ldp [Hub-PE–mpls-ldp] quit # Configure basic MPLS on the interface connected to Spoke-PE 1. [Hub-PE] interface vlan-interface 10 [Hub-PE-Vlan-interface10] ip address 10.1.1.2 24 [Hub-PE-Vlan-interface10] mpls [Hub-PE-Vlan-interface10] mpls ldp [Hub-PE-Vlan-interface10] quit # Configure basic MPLS on the interface connected to Spoke-PE 2.

  • Page 161: Configuring Pw Redundancy For H-vpls Access

    After you complete previous configurations, issue the display vpls connection command on the PEs. You will see that a PW connection in up state has been established. Configuring PW redundancy for H-VPLS access Network requirements As shown in Figure 39, establish a U-PW between UPE and NPE 1 and a backup U-PW between UPE and NPE 2.

  • Page 162

    [UPE-Vlan-interface12] ip address 12.1.1.1 24 [UPE-Vlan-interface12] mpls [UPE-Vlan-interface12] mpls ldp [UPE-Vlan-interface12] quit # Configure an IP address for the interface connected to NPE 2, and enable MPLS and MPLS LDP. [UPE] interface vlan-interface 13 [UPE-Vlan-interface13] ip address 13.1.1.1 255.255.255.0 [UPE-Vlan-interface13] mpls [UPE-Vlan-interface13] mpls ldp [UPE-Vlan-interface13] quit # Configure the remote LDP peer NPE 1.

  • Page 163

    [NPE1] interface loopback 0 [NPE1-LoopBack0] ip address 2.2.2.2 32 [NPE1-LoopBack0] quit [NPE1] mpls lsr-id 2.2.2.2 [NPE1] mpls [NPE1–mpls] quit [NPE1] mpls ldp [NPE1–mpls-ldp] quit # Configure an IP address for the interface connected to UPE, and enable MPLS and MPLS LDP. [NPE1] interface vlan-interface 12 [NPE1-Vlan-interface12] ip address 12.1.1.2 24 [NPE1-Vlan-interface12] mpls...

  • Page 164

    [NPE3-LoopBack0] ip address 4.4.4.4 32 [NPE3-LoopBack0] quit [NPE3] mpls lsr-id 4.4.4.4 [NPE3] mpls [NPE3–mpls] quit [NPE3] mpls ldp [NPE3–mpls-ldp] quit # Configure an IP address for the interface connected to NPE 1, and enable MPLS and MPLS LDP. [NPE3] interface vlan-interface 15 [NPE3-Vlan-interface15] ip address 15.1.1.2 24 [NPE3-Vlan-interface15] mpls [NPE3-Vlan-interface15] mpls ldp...

  • Page 165: Configuring Bfd For The Main Link In An H-vpls Network

    After you complete previous configurations, execute the display vpls connection command on the PEs. You will see that a PW connection in up state has been established. Configuring BFD for the main link in an H-VPLS network Network requirements In the H-VPLS network, Switch A is the UPE, Switch B is the main NPE and Switch C is the backup NPE. Enable MPLS on the interfaces connecting the switches, and enable OSPF on the switches to ensure IP connectivity.

  • Page 166

    [SwitchA] vlan 13 [SwitchA-vlan13] port gigabitethernet 3/0/1 [SwitchA-vlan13] quit [SwitchA] interface vlan-interface 12 [SwitchA-Vlan-interface12] mpls [SwitchA-Vlan-interface12] mpls ldp [SwitchA-Vlan-interface12] quit [SwitchA] interface vlan-interface 13 [SwitchA-Vlan-interface13] mpls [SwitchA-Vlan-interface13] mpls ldp [SwitchA-Vlan-interface13] quit # Configure Switch B. <SwitchB> system-view [SwitchB] mpls lsr-id 2.2.2.9 [SwitchB] mpls [SwitchB-mpls] quit [SwitchB] mpls ldp...

  • Page 167

    # Configure Switch A. [SwitchA] interface vlan-interface 12 [SwitchA-Vlan-interface12] ip address 12.1.1.1 24 [SwitchA-Vlan-interface12] quit [SwitchA] interface vlan-interface 13 [SwitchA-Vlan-interface13] ip address 13.1.1.1 24 [SwitchA-Vlan-interface13] quit [SwitchA] interface loopback 0 [SwitchA-LoopBack0] ip address 1.1.1.9 32 [SwitchA-LoopBack0] quit # Configure Switch B. [SwitchB] interface vlan-interface 12 [SwitchB-Vlan-interface12] ip address 12.1.1.2 24 [SwitchB-Vlan-interface12] quit...

  • Page 168

    Configure a VSI for each switch. # Configure Switch A. [SwitchA] l2vpn [SwitchA-l2vpn] mpls l2vpn [SwitchA-l2vpn] quit [SwitchA] vsi vpna static [SwitchA-vsi-vpna] pwsignal ldp [SwitchA-vsi-vpna-ldp] vsi-id 100 [SwitchA-vsi-vpna-ldp] peer 2.2.2.9 backup-peer 3.3.3.9 [SwitchA-vsi-vpna-ldp] quit [SwitchA-vsi-vpna] quit [SwitchA] vlan 100 [SwitchA-vlan100] port GigabitEthernet 3/0/1 [SwitchA-vlan100] quit [SwitchA] interface GigabitEthernet 3/0/1 [SwitchA-GigabitEthernet3/0/1] service-instance 1000...

  • Page 169: Implementing Multi-as Vpn Through Multi-hop Pw

    Session State: Up Interface: LoopBack0 Min Trans Inter: 400ms Act Trans Inter: 400ms Min Recv Inter: 400ms Act Detect Inter: 2000ms Running Up for: 00:00:01 Auth mode: None Connect Type: Indirect Board Num: 6 Protocol: MFW/LDP Diag Info: No Diagnostic Local Discr: 4 Remote Discr: 0 Source IP: 1.1.1.9...

  • Page 170

    Figure 41 Network diagram Configuration procedure Configure PE 1. # Configure basic MPLS. <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.1 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit # Create a remote peer.

  • Page 171

    [PE1-vsi-aaa] pwsignal ldp [PE1-vsi-aaa-ldp] vsi-id 500 [PE1-vsi-aaa-ldp] peer 2.2.2.2 [PE1-vsi-aaa-ldp] quit [PE1-vsi-aaa] quit # On interface GigabitEthernet 3/0/1 connected to CE 1, create a service instance and bind the service instance with the VPLS instance aaa. [PE1] interface GigabitEthernet 3/0/1 [PE1-GigabitEthernet3/0/1] service-instance 1000 [PE1-GigabitEthernet3/0/1-srv1000] encapsulation s-vid 100 [PE1-GigabitEthernet3/0/1-srv1000] xconnect vsi aaa...

  • Page 172

    [ASBR1-Vlan-interface11] mpls [ASBR1-Vlan-interface11] quit # Enable L2VPN and MPLS L2VPN. [ASBR1] l2vpn [ASBR1-l2vpn] mpls l2vpn [ASBR1-l2vpn] quit # Configure a P2P-capable VPLS instance that uses LDP signaling. [ASBR1] vsi aaa static p2p [ASBR1-vsi-aaa] pwsignal ldp [ASBR1-vsi-aaa-ldp] vsi-id 500 [ASBR1-vsi-aaa-ldp] peer 1.1.1.1 upe [ASBR1-vsi-aaa-ldp] peer 3.3.3.3 [ASBR1-vsi-aaa-ldp] quit [ASBR1-vsi-aaa] quit...

  • Page 173

    [ASBR2-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255 [ASBR2-ospf-1-area-0.0.0.0] quit [ASBR2-ospf-1] quit # Configure basic MPLS for the interface connecting ASBR 1. [ASBR2] interface vlan-interface 11 [ASBR2-Vlan-interface11] ip address 11.1.1.3 24 [ASBR2-Vlan-interface11] mpls [ASBR2-Vlan-interface11] quit # Configure basic MPLS for the interface connecting PE 2. [ASBR2] interface vlan-interface 12 [ASBR2-Vlan-interface12] ip address 12.1.1.3 24 [ASBR2-Vlan-interface12] mpls...

  • Page 174

    [PE2–mpls-ldp] quit # Create a remote peer. [PE2] mpls ldp remote-peer 1 [PE2-mpls-ldp-remote-1] remote-ip 3.3.3.3 [PE2-mpls-ldp-remote-1] quit # Configure OSPF. [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit # Configure basic MPLS for the interface connecting ASBR 2. [PE2] interface vlan-interface 12 [PE2-Vlan-interface12] ip address 12.1.1.4 24 [PE2-Vlan-interface12] mpls...

  • Page 175: Vpls And Mac-in-mac Dual-stack Support Configuration Example

    VPLS and MAC-in-MAC dual-stack support configuration example Network requirements As shown in Figure 42, establish a VPLS connection between PE and BEB-PE and a MAC-in-MAC connection between BEB-PE and BEB. To enable communication between the VPLS network and the PBBN, configure BEB-PE to support VPLS and MAC-in-MAC dual-stack. Create an LDP VPLS instance on the PE, with the name aaa, VSI ID 500, and peer PE’s address •...

  • Page 176

    [PE] mpls [PE-mpls] quit # Enable L2VPN and MPLS L2VPN. [PE] l2vpn [PE-l2vpn] mpls l2vpn [PE-l2vpn] quit # Enable LDP globally. [PE] mpls ldp [PE-mpls-ldp] quit # Configure VLAN-interface 23, the interface connecting BEB-PE, and enable LDP on the interface. [PE] interface vlan-interface 23 [PE-Vlan-interface23] ip address 23.1.1.1 24 [PE-Vlan-interface23] mpls...

  • Page 177

    # Configure an IP address for interface Loopback 0. <Sysname> system-view [Sysname] sysname BEB-PE [BEB-PE] interface loopback 0 [BEB-PE-LoopBack0] ip address 2.2.2.9 32 [BEB-PE-LoopBack0] quit # Configure the LSR-ID and enable MPLS globally. [BEB-PE] mpls lsr-id 2.2.2.9 [BEB-PE] mpls [BEB-PE-mpls] quit # Enable L2VPN and MPLS L2VPN.

  • Page 178

    # Configure port GigabitEthernet 3/0/1 as the uplink port of VSI aaa, and as a trunk port that permits packets of VLAN 20 to pass. BEB-PE] interface GigabitEthernet 3/0/1 [BEB-PE-GigabitEthernet3/0/1] port link-type trunk [BEB-PE-GigabitEthernet3/0/1] port trunk permit vlan 20 [BEB-PE-GigabitEthernet3/0/1] minm uplink vsi aaa [BEB-PE-GigabitEthernet3/0/1] quit Configure BEB.

  • Page 179: Troubleshooting Vpls

    # Execute the display minm connection command on BEB-PE. You can see the MAC-in-MAC uplink information of the VSI aaa. The information means that BEB-PE has learnt the B-MAC information from BEB, its peer device. [BEB-PE] display minm connection vsi aaa VSIID LinkID BMAC BVLAN Interface Name...

  • Page 180: Configuring Mpls L2vpn

    Configuring MPLS L2VPN NOTE: The switch does not support MPLS L2VPN when the system works in normal mode. For more information • Fundamentals Configuration Guide about system working modes, see MPLS L2VPN technologies can provide both point-to-point connections and point-to-multipoint •...

  • Page 181: Comparison With Traditional Vpn

    Comparison with traditional VPN Traditional VPNs based on Asynchronous Transfer Mode (ATM) or Frame Relay (FR) are quite popular. They share the network infrastructure of carriers. However, they have some inherent disadvantages: Dependence on dedicated media: To provide both ATM-based and FR-based VPN services, •...

  • Page 182: Mpls L2vpn Implementation

    Figure 44 illustrates how the label stack changes in the MPLS L2VPN forwarding process. Figure 44 MPLS L2VPN label stack processing 1) L2 PDU: Layer 2 protocol data unit 2) T represents tunnel label. V represents VC label. T’ represents swapped tunnel label. MPLS L2VPN implementation MPLS L2VPN can be implemented in one of the following methods: Circuit Cross Connect (CCC) and Static Virtual Circuit (SVC)—Two methods of implementing MPLS...

  • Page 183: Mpls L2vpn Configuration Task List

    a new VC, you only need to configure a one-way VC for each of the PEs. Your configuration will not affect the operation of the network. The Martini method applies to scenarios with sparse Layer 2 connections, such as a scenario with a star topology.

  • Page 184: Configuring Martini Mpls L2vpn

    Configuring a PE-CE interface of a PE Configuring Ethernet encapsulation for the interface By default, a Layer 3 Ethernet interface and a Layer 3 aggregate interface uses Ethernet encapsulation. For configuration information about a Layer 3 Ethernet interface, see Interface Configuration Guide. For configuration information about a Layer 3 aggregate interface, see Layer 2—LAN Switching Configuration Guide.

  • Page 185: Configuring A Martini Mpls L2vpn Connection Based On Layer 2 Ethernet Interface And Vlan

    Configuration procedure To configure a Martini MPLS L2VPN connection on a Layer 3 interface on a PE: To do… Use the command… Remarks Enter system view system-view — Enter the view for the interface interface interface-type The specified interface must be a connecting the CE interface-number Layer 3 interface.

  • Page 186

    NOTE: An MPLS L2VPN connection based on Layer 2 Ethernet interface and VLAN supports only LDP signaling • negotiation, that is, the Martini method. On the private VLAN interface bound with the Martini MPLS L2VPN, do not configure services other •...

  • Page 187

    To do… Use the command… Remarks Optional Specify the PW transport mode trans-mode { ethernet | vlan } VLAN by default Optional By default, the default tunneling policy is used. The default tunneling policy selects only one Specify the tunneling policy pw-tunnel-policy policy-name tunnel in this order: LSP tunnel, CR-LSP tunnel.

  • Page 188: Configuring Traffic Policing For An Ac

    NOTE: Up to 4094 service instances can be configured on a Layer 2 Ethernet interface. • The xconnect peer command is available for service instances with the ID in the range of 1 to 4094. • Configuring traffic policing for an AC Traffic policing limits the packet transmit rate to avoid network congestion.

  • Page 189: Displaying And Maintaining Mpls L2vpn

    To check VC connectivity: To do… Use the command… Remarks ping lsp [ -a source-ip | -c count | -exp exp-value | -h ttl-value | -m Required Use MPLS LSP ping to check the wait-time | -r reply-mode | -s connectivity of a VC Available in any view packet-size | -t time-out | -v ] * pw...

  • Page 190: Mpls L2vpn Configuration Example

    To do… Use the command… Remarks reset service-instance statistics [ interface Clear the traffic statistics for a interface-type interface-number Available in user view service instance on an interface [ service-instance instance-id [ inbound | outbound ] ] ] MPLS L2VPN configuration example NOTE: By default, Ethernet interfaces, VLAN interfaces, and aggregate interfaces are in DOWN state.

  • Page 191

    Configure PE 1. # Configure the LSR ID and enable MPLS globally. <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.2.2.2 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 192.2.2.2 [PE1] mpls [PE1-mpls] quit # Enable L2VPN and MPLS L2VPN. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit...

  • Page 192

    [Sysname] sysname P [P] interface loopback 0 [P-LoopBack0] ip address 192.4.4.4 32 [P-LoopBack0] quit [P] mpls lsr-id 192.4.4.4 [P] mpls [P-mpls] quit # Enable LDP globally. [P] mpls ldp [P-mpls-ldp] quit # Configure the interface connected with PE 1 and enable LDP on the interface. [P] interface vlan-interface 20 [P-Vlan-interface20] ip address 10.1.1.2 24 [P-Vlan-interface20] mpls...

  • Page 193

    # Configure PE 2 to establish a remote LDP connection with PE 1. [PE2] mpls ldp remote-peer 2 [PE2-mpls-ldp-remote-2] remote-ip 192.2.2.2 [PE2-mpls-ldp-remote-2] quit # Configure the interface connected to the P switch and enable LDP on the interface. [PE2] interface vlan-interface 30 [PE2-Vlan-interface30] ip address 10.2.2.1 24 [PE2-Vlan-interface30] mpls [PE2-Vlan-interface30] mpls ldp...

  • Page 194: Configuring A Martini Mpls L2vpn On A Layer 3 Ethernet Interface

    1000 Vlan10 8192 8193 # Ping CE 2 from CE 1. [CE1] ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 ms --- 100.1.1.2 ping statistics ---...

  • Page 195

    [CE1-GigabitEthernet5/0/1] port link-mode route [CE1-GigabitEthernet5/0/1] ip address 100.1.1.1 24 Configure PE 1. # Configure the LSR ID and enable MPLS globally. <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.2.2.2 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 192.2.2.2 [PE1] mpls # Enable L2VPN and MPLS L2VPN.

  • Page 196

    <Sysname> system-view [Sysname] sysname P [P] interface loopback 0 [P-LoopBack0] ip address 192.4.4.4 32 [P-LoopBack0] quit [P] mpls lsr-id 192.4.4.4 [P] mpls # Enable LDP globally. [P] mpls ldp [P-mpls-ldp] quit # Configure the interface connected with PE 1, namely GigabitEthernet 5/0/1, and enable LDP on the interface.

  • Page 197

    # Enable LDP globally. [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure the peer relationship with PE 1 so that the LDP remote session can be established between them. [PE2] mpls ldp remote-peer 2 [PE2-mpls-ldp-remote-2] remote-ip 192.2.2.2 [PE2-mpls-ldp-remote-2] quit # Configure the interface connected with the P device, namely GigabitEthernet 5/0/2, and enable LDP on the interface.

  • Page 198: Troubleshooting Mpls L2vpn

    Total ldp vc : 1 1 up 0 down 0 blocked Transport Client Service Local Remote VC ID Intf State VC Label VC Label GE5/0/1 65674 65880 # Ping CE 2 from CE 1. [CE1] ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=30 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=60 ms...

  • Page 199: Configuring Mpls L3vpn, Mpls L3vpn Overview, Introduction To Mpls L3vpn

    Configuring MPLS L3VPN NOTE: This chapter covers only introduction to and configuration of MPLS L3VPN. For information about MPLS Layer 3—IP Routing basics, see the chapter “Configuring basic MPLS.” For information about BGP, see Configuration Guide MPLS L3VPN overview Introduction to MPLS L3VPN MPLS L3VPN is a kind of PE-based L3VPN technology for service provider VPN solutions.

  • Page 200: Mpls L3vpn Concepts

    A CE is usually a router. After a CE establishes adjacency with a directly connected PE, it advertises its VPN routes to the PE and learns remote VPN routes from the PE. A CE and a PE use BGP/IGP to exchange routing information.

  • Page 201

    IPv4 address space. HP recommends that you configure a distinct RD for each VPN instance on a PE, guaranteeing that routes to the same CE use the same RD. The VPN-IPv4 address with an RD of 0 is in fact a globally unique IPv4 address.

  • Page 202

    A VPN instance on a PE supports two types of VPN target attributes: Export target attribute—A local PE sets this type of VPN target attribute for VPN-IPv4 routes learned from directly connected sites before advertising them to other PEs. Import target attribute—A PE checks the export target attribute of VPN-IPv4 routes advertised by other PEs.

  • Page 203: Mpls L3vpn Packet Forwarding, Mpls L3vpn Networking Schemes

    After a VPN instance is created, you can optionally configure a tunneling policy. By default, only one tunnel is selected (no load balancing) in this order: LSP tunnel, CR-LSP tunnel. A tunneling policy takes effect only within the local AS. MPLS L3VPN packet forwarding For basic MPLS L3VPN applications in a single AS, VPN packets are forwarded with two layers of labels: Layer 1 labels: Outer labels, used for label switching inside the backbone.

  • Page 204

    Basic VPN networking scheme In the simplest case, all users in a VPN form a closed user group. They can forward traffic to each other but cannot communicate with any user outside the VPN. For this networking scheme, the basic VPN networking scheme, you need to assign a VPN target to each VPN for identifying the export target attribute and import target attribute of the VPN.

  • Page 205

    Figure 51 Network diagram for hub and spoke networking scheme Figure 51, the spoke sites communicate with each other through the hub site. The arrows in the figure indicate the advertising path of routes from Site 2 to Site 1: The hub PE can receive all the VPN-IPv4 routes advertised by spoke PEs.

  • Page 206: Mpls L3vpn Routing Information Advertisement

    Figure 52 Network diagram for extranet networking scheme Figure 52, VPN 1 and VPN 2 can access Site 3 of VPN 1. PE 3 can receive the VPN-IPv4 routes advertised by PE 1 and PE 2. • PE 1 and PE 2 can receive the VPN-IPv4 routes advertised by PE 3. •...

  • Page 207: Inter-as Vpn

    The route between the CE and the PE can be a static route, RIP route, OSPF route, IS-IS route, eBGP, or iBGP route. No matter which routing protocol is used, the CE always advertises standard IPv4 routes to the PE. Routing information exchange from the ingress PE to the egress PE After learning the VPN routing information from the CE, the ingress PE adds RDs and VPN targets for these standard IPv4 routes to form VPN-IPv4 routes, saves them to the routing table of the VPN instance...

  • Page 208

    Figure 53 Network diagram for inter-AS option A This kind of solution is easy to carry out because no special configuration is required on the PEs acting as the ASBRs. However, it has limited scalability because the PEs acting as the ASBRs must manage all the VPN routes and create VPN instances on a per-VPN basis.

  • Page 209

    Figure 54 Network diagram for inter-AS option B In terms of scalability, inter-AS option B is better than option A. When adopting MP-eBGP method, note the following: ASBRs perform no VPN target filtering on VPN-IPv4 routes that they receive from each other. •...

  • Page 210: Carrier's Carrier

    Figure 55 Network diagram for inter-AS option C To improve the scalability, you can specify an RR in each AS, making it maintain all VPN-IPv4 routes and exchange VPN-IPv4 routes with PEs in the AS. The RRs in two ASs establish an inter-AS VPNv4 connection to advertise VPN-IPv4 routes, as shown in Figure Figure 56 Network diagram for inter-AS option C using RRs...

  • Page 211

    of the Level 2 carrier. Routes of the customer networks connected to a Level 2 carrier are exchanged through BGP sessions established between the routers of the Level 2 carrier. This can greatly reduce the number of routes maintained by the Level 1 carrier network. Implementation of carrier’s carrier Compared with the common MPLS L3VPN, the carrier’s carrier is different because of the way in which a CE of a Level 1 carrier, that is, a Level 2 carrier, accesses a PE of the Level 1 carrier:...

  • Page 212: Nested Vpn

    MP-IBGP PE 3 PE 4 NOTE: If there are equal cost routes between the Level 1 carrier and the Level 2 carrier, HP recommends establishing equal cost LSPs between them accordingly. Nested VPN Background In an MPLS L3VPN network, generally a service provider runs an MPLS L3VPN backbone and provides VPN services through PEs.

  • Page 213

    Figure 59 Network diagram for nested VPN Propagation of routing information In a nested VPN network, routing information is propagated in the following process: A provider PE and its CEs exchange VPNv4 routes, which carry information about users’ internal VPNs. After receiving a VPNv4 route, a provider PE keeps the user’s internal VPN information, and appends the user’s MPLS VPN attributes on the service provider network.

  • Page 214: Multi-role Host

    VPNs that take the interface connected to the CE as the next hop. NOTE: All IP addresses associated with the PE must be unique to implement the multi-role host feature. In practice, HP recommends centralizing the addresses of each VPN to improve the forwarding efficiency. HoVPN Why HoVPN? In MPLS L3VPN solutions, PEs are the key devices.

  • Page 215

    Basic architecture of HoVPN Figure 60 Basic architecture of HoVPN MPLS network VPN 1 VPN 2 VPN 1 VPN 2 Site 1 Site 2 As shown in Figure 60, routers directly connected to CEs are called underlayer PEs (UPEs) or user-end PEs, whereas routers that are connected with UPEs and are in the internal network are called superstratum PEs (SPE) or service provider-end PEs.

  • Page 216: Ospf Vpn Extension

    SPE-UPE The MP-BGP running between SPE and UPE can be either MP-iBGP or MP-eBGP. Which one to use depends on whether the UPE and SPE belong to a same AS. With MP-iBGP, in order to advertise routes between iBGP peers, the SPE acts as the RR and advertises routes from iBGP peer UPE to iBGP peer SPE.

  • Page 217

    OSPF for VPNs on a PE OSPF is a prevalent IGP protocol. It often runs between PE and CE to simplify CE configuration and management because the CEs only need to support OSPF. In addition, if the customers require MPLS L3VPN services through conventional OSPF backbone, using OSPF between PE and CE can simplify the transition.

  • Page 218

    OSPF attributes. Each OSPF domain must have a configurable domain ID. HP recommends that you configure the same domain ID or adopt the default ID for all OSPF processes of the same VPN, so the system can know that all VPN routes with the same domain ID are from the same VPN.

  • Page 219: Bgp As Number Substitution And Soo

    address space on the PE. Different sham links of the same OSPF process can share an endpoint address, but that of different OSPF processes cannot. BGP advertises the endpoint addresses of sham links as VPN-IPv4 addresses. A route across the sham link cannot be redistributed into BGP as a VPN-IPv4 route.

  • Page 220: Multi-vpn-instance Ce

    routing loop, you can configure a routing policy on PE2 to add the SoO attribute to route updates received from CE 2 and CE 3 so that PE 2 will not advertise route updates from CE 3 to CE 2. Multi-VPN-instance CE Using tunnels, MPLS L3VPN implements private network data transmission over the public network.

  • Page 221: Mpls L3vpn Configuration Task List, Configuring Basic Mpls L3vpn

    You can configure static routes, RIP, OSPF, IS-IS, eBGP, or iBGP between MCE and VPN site and between MCE and PE. NOTE: To implement dynamic IP assignment for DHCP clients in private networks, you can configure DHCP server or DHCP relay agent on the MCE. The IP address spaces for different private networks cannot overlap. MPLS L3VPN configuration task list Complete the following tasks to configure MPLS L3VPN: Task...

  • Page 222: Configuring Vpn Instances

    Configure basic MPLS for the MPLS backbone • • Configure MPLS LDP for the MPLS backbone so that LDP LSPs can be established Configuring VPN instances By configuring VPN instances on a PE, you can isolate not only VPN routes from public network routes, but also routes of a VPN from those of another VPN.

  • Page 223

    To do… Use the command… Remarks Optional The description should contain the Configure a description for the description text VPN instance’s related VPN instance information, such as its relationship with a certain VPN. Associating a VPN instance with an interface After creating and configuring a VPN instance, you need to associate the VPN instance with the interface for connecting the CE.

  • Page 224

    To do… Use the command… Remarks Optional By default, all routes matching the Apply an import routing policy import route-policy route-policy import target attribute are accepted. Optional Apply an export routing policy export route-policy route-policy By default, routes to be advertised are not filtered.

  • Page 225

    To do… Use the command… Remarks Create a tunneling policy and tunnel-policy tunnel-policy-name Required enter tunneling policy view Optional preferred-path number interface Configure a preferred tunnel and tunnel tunnel-number By default, no preferred tunnel is specify a tunnel interface for it [ disable-fallback ] configured.

  • Page 226: Configuring Routing Between Pe And Ce

    To do… Use the command… Remarks For configuration information, see Configure LDP parameters except the chapter “Configuring basic Optional LDP GR for the instance MPLS.” NOTE: Except the command for LDP GR, all commands available in MPLS LDP view can be configured in MPLS •...

  • Page 227

    NOTE: Layer 3—IP Routing Configuration Guide For information about static routing, see Configuring RIP between PE and CE A RIP process belongs to the public network or a single VPN instance. If you create a RIP process without binding it to a VPN instance, the process belongs to the public network. To configure RIP between PE and CE: To do…...

  • Page 228

    To do… Use the command… Remarks Required Create an OSPF area and enter area area-id By default, no OSPF area is area view created. Required Enable OSPF on the interface By default, an interface neither attached to the specified network network ip-address wildcard-mask belongs to any area nor runs in the area...

  • Page 229

    Configuring eBGP between PE and CE Configure the PE To configure the PE: To do… Use the command… Remarks Enter system view system-view — Enable BGP and enter BGP view bgp as-number — ipv4-family vpn-instance Enter BGP VPN instance view Required vpn-instance-name Configure the CE as the VPN eBGP...

  • Page 230

    NOTE: Exchange of BGP routes for a VPN instance is the same as that of ordinary BGP routes. • The BGP configuration task in BGP-VPN instance view is the same as that in BGP view. For more • Layer 3—IP Routing Configuration Guide information, see Layer 3—IP Routing Configuration •...

  • Page 231: Configuring Routing Between Pes

    To do… Use the command… Remarks Optional Configure BGP to filter received filter-policy { acl-number | By default, BGP does not filter routes ip-prefix ip-prefix-name } import received routes. NOTE: By default, a PE does not advertise routes learned from iBGP peer CEs to iBGP peers, including VPNv4 •...

  • Page 232: Configuring Routing Features For Bgp Vpnv4 Subaddress Family

    To do… Use the command… Remarks Configure the remote PE as the peer { group-name | ip-address } Required peer as-number as-number Required peer { group-name | ip-address } Specify the source interface for By default, BGP uses the source connect-interface interface-type route updates interface of the optimal route...

  • Page 233

    To do… Use the command… Remarks Optional By default, the system uses the local address as the next hop of a route to be advertised to an eBGP peer. Configure the system to use the In the inter-AS option C solution, local address as the next hop of a peer { group-name | ip-address } you must configure the peer...

  • Page 234

    To do… Use the command… Remarks Enter BGP view bgp as-number — Configure the remote PE as the peer ip-address as-number Required peer as-number Specify the interface for TCP peer ip-address connect-interface Required connection interface-type interface-number Enter BGP-VPNv4 subaddress ipv4-family vpnv4 —...

  • Page 235: Configuring Inter-as Vpn

    To do… Use the command… Remarks Optional Make BGP updates to be sent carry peer { group-name | ip-address } By default, a BGP update carries no private AS numbers public-as-only private AS numbers. Optional peer { group-name | ip-address } Apply a routing policy to a peer or route-policy route-policy-name By default, no routing policy is...

  • Page 236: Configuring Inter-as Option B

    NOTE: In the inter-AS option A solution, for the same VPN, the VPN targets configured on the PEs must match those configured on the ASBR-PEs in the same AS to make sure that VPN routes sent by the PEs (or ASBR-PEs) can be received by the ASBR-PEs (or PEs).

  • Page 237: Configuring Inter-as Option C

    Configuring inter-AS option C Configuring the PEs You need to establish ordinary iBGP peer relationships between PEs and ASBR PEs in an AS and MP-eBGP peer relationships between PEs of different ASs. The PEs and ASBR PEs in an AS must be able to exchange labeled IPv4 routes. To configure a PE for inter-AS option C: To do…...

  • Page 238

    To configure an ASBR PE for inter-AS option C: To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Configure each PE in the same AS peer { group-name | ip-address } Required as the iBGP peer as-number as-number Required...

  • Page 239: Configuring Nested Vpn

    NOTE: Layer 3—IP Routing Configuration Guide For information about routing policy configuration, see Configuring nested VPN For a network with many VPNs, if you want to implement layered management of VPNs and to conceal the deployment of internal VPNs, nested VPN is a good solution. By using nested VPN, you can implement layered management of internal VPNs easily with a low cost and simple management operation.

  • Page 240: Configuring A Static Route

    The address ranges for sub-VPNs of a VPN cannot overlap. • HP does not recommend giving nested VPN peers addresses that public network peers use. • Before specifying a nested VPN peer or peer group, be sure to configure the corresponding CE peer or •...

  • Page 241: Configuring Hovpn

    • route-policy command. HP does not recommend connecting an SPE to a CE directly. If an SPE must be directly connected to a • CE, the VPN instance on the SPE and that on the UPE must be configured with different RDs.

  • Page 242: Configuring A Loopback Interface

    Configuring an OSPF sham link The sham link is considered an OSPF intra-area route. It is used to make sure that the VPN traffic is transmitted over the backbone instead of the backdoor link between two CEs. The source and destination addresses of the sham link must be loopback interface addresses with 32-bit masks.

  • Page 243: Creating A Sham Link

    0. However, the same calculation rule produces the same tag, and hence the same tag will be created for multiple OSPF VPN instances on the same PE or PEs with the same AS number. Therefore, HP recommends configuring different tags for different OSPF VPN instance.

  • Page 244: Configuring Routing Between Mce And Vpn Site

    Configuring routing between MCE and VPN site Configuring static routing betweem MCE and VPN site An MCE can reach a VPN site through a static route. Static routing on a traditional CE is globally effective and thus does not support address overlapping among VPNs. An MCE supports binding a static route with a VPN instance, so that the static routes of different VPN instances can be isolated from each other.

  • Page 245

    To do… Use the command… Remarks Optional Configure the default cost value for default cost value the redistributed routes 0 by default NOTE: Layer 3—IP Routing Configuration Guide For more information about RIP, see Configuring OSPF between MCE and VPN site An OSPF process belongs to the public network or a single VPN instance.

  • Page 246

    NOTE: An OSPF process that is bound with a VPN instance does not use the public network router ID • configured in system view. Therefore, you need to configure a router ID when starting the OSPF process. All OSPF processes for the same VPN must be configured with the same OSPF domain ID to ensure correct route advertisement.

  • Page 247

    Configuring eBGP between MCE and VPN site To use eBGP for exchanging routing information between an MCE and VPN sites, you must configure a BGP peer for each VPN instance on the MCE, and redistribute the IGP routes of each VPN instance on the VPN sites.

  • Page 248

    After you configure a BGP VPN instance, the BGP route exchange for the VPN instance is the same with the normal BGP VPN route exchange. For more information about BGP, see Layer 3—IP Routing Configuration Guide. Configure a VPN site To configure the VPN site: To do…...

  • Page 249: Configuring Routing Between Mce And Pe

    NOTE: After you configure a VPN site as an iBGP peer of the MCE, the MCE does not advertise the BGP routes learned from the VPN site to other iBGP peers, including VPNv4 peers. Only when you configure the VPN site as a client of the RR (the MCE), does the MCE advertise routes learned from it to other iBGP peers.

  • Page 250

    Configuring RIP between MCE and PE To configure RIP between MCE and PE: To do… Use the command… Remarks Enter system view system-view — Create a RIP process for a rip [ process-id ] vpn-instance VPN instance and enter RIP Required vpn-instance-name view...

  • Page 251

    To do… Use the command… Remarks Optional Configure the default parameters for The default cost is 1, the default maximum default { cost cost | limit limit | tag tag | redistributed routes number of routes redistributed per time is type type } * (cost, route number, 1000, the default tag is 1, and default...

  • Page 252

    Configuring eBGP between MCE and PE To configure eBGP between MCE and PE: To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Enter BGP-VPN instance view ipv4-family vpn-instance vpn-instance-name Required Configure the PE as the eBGP peer { group-name | ip-address } Required peer...

  • Page 253: Specifying The Vpn Label Processing Mode

    Specifying the VPN label processing mode The VPN label processing mode of an egress PE can be either of the following: POPGO forwarding: Pop the label, and then search for the outbound interface according to the • label and forward the packet out the interface. POP forwarding: Pop the label, and then search the FIB to find the outbound interface and forward •...

  • Page 254: Displaying And Maintaining Mpls L3vpn

    To configure BGP AS number substitution and SoO: To do… Use the command… Remarks Enter system view system-view — Optional Create a routing policy and enter route-policy route-policy-name No routing policy is created by routing policy view permit node node-number default.

  • Page 255

    To do… Use the command… Remarks reset bgp vpn-instance vpn-instance-name Hard reset BGP connections of a { as-number | ip-address | all | external | Available in user view VPN instance group group-name } Hard reset BGP VPNv4 reset bgp vpnv4 { as-number | ip-address | Available in user view connections all | external | internal | group group-name }...

  • Page 256

    To do… Use the command… Remarks display bgp vpnv4 all routing-table [ [ network-address [ { mask | mask-length } [ longer-prefixes ] ] | as-path-acl as-path-acl-number | cidr | community [ aa:nn ]&<1-13> [ no-advertise | no-export | no-export-subconfed ] * [ whole-match ] | Display all BGP VPNv4 routing Available in any community-list { { basic-community-list-number |...

  • Page 257: Mpls L3vpn Configuration Examples

    To do… Use the command… Remarks display mpls ldp vpn-instance vpn-instance-name Display information about the Available in any [ | { begin | exclude | include } specified LDP instance view regular-expression ] reset bgp vpn-instance vpn-instance-name Clear the route flap dampening Available in user dampening [ network-address [ mask | information of a VPN instance...

  • Page 258

    Figure 66 Network diagram AS 65410 AS 65430 VPN 1 VPN 1 CE 3 CE 1 Vlan-int1 Vlan-int2 Loop0 PE 2 Vlan-int2 Vlan-int1 PE 1 Vlan-int3 Vlan-int1 Loop0 Loop0 Vlan-int3 Vlan-int1 Vlan-int2 Vlan-int3 MPLS backbone Vlan-int2 Vlan-int3 CE 2 CE 4 VPN 2 VPN 2 AS 65420...

  • Page 259

    [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface vlan-interface 3 [P-Vlan-interface3] ip address 172.1.1.2 24 [P- Vlan-interface3] quit [P] interface vlan-interface 1 [P-Vlan-interface1] ip address 172.2.1.1 24 [P-Vlan-interface1] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit...

  • Page 260

    Area 0.0.0.0 interface 172.1.1.1(Vlan-interface3)'s neighbors Router ID: 172.1.1.2 Address: 172.1.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: 172.1.1.1 BDR: 172.1.1.2 MTU: 0 Dead timer due in 38 Neighbor is up for 00:02:44 Authentication Sequence: [ 0 ] Neighbor state change count: 5 Configure basic MPLS configuration and MPLS LDP on the MPLS backbone to establish LDP LSPs.

  • Page 261

    LDP Session(s) in Public Network Total number of sessions: 1 ---------------------------------------------------------------- Peer-ID Status SsnRole KA-Sent/Rcv --------------------------------------------------------------- 2.2.2.9:0 Operational Passive --------------------------------------------------------------- LAM : Label Advertisement Mode : Fault Tolerance [PE1] display mpls ldp lsp LDP LSP Information ------------------------------------------------------------------ DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface ------------------------------------------------------------------ 1.1.1.9/32...

  • Page 262

    [PE2-Vlan-interface2] ip address 10.3.1.2 24 [PE2-Vlan-interface2] quit [PE2] interface vlan-interface 3 [PE2-Vlan-interface3] ip binding vpn-instance vpn2 [PE2-Vlan-interface3] ip address 10.4.1.2 24 [PE2-Vlan-interface3] quit # Configure IP addresses for the CEs as required in Figure 66. (Details not shown) After you complete the configuration, issue the display ip vpn-instance command on the PEs to view the configuration of the VPN instance.

  • Page 263

    [PE1-bgp] quit NOTE: The configurations for PE 2 are similar to those for PE 1. (Details not shown) After you complete the configuration, issue the display bgp vpnv4 vpn-instance peer command on the PEs. You will see that BGP peer relationships have been established between PEs and CEs, and have reached Established state.

  • Page 264: Configuring Mpls L3vpns Using Ibgp Between Pe And Ce

    Destination/Mask Proto Cost NextHop Interface 10.1.1.0/24 Direct 0 10.1.1.2 Vlan11 10.1.1.2/32 Direct 0 127.0.0.1 InLoop0 10.3.1.0/24 3.3.3.9 NULL0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 [PE1] display ip routing-table vpn-instance vpn2 Routing Tables: vpn2 Destinations : 5 Routes : 5 Destination/Mask Proto...

  • Page 265

    Use iBGP to exchange VPN routing information between CE and PE. In the MPLS backbone, use OSPF to ensure IP connectivity use MP-iBGP to exchange VPN routing information. Figure 67 Network diagram AS 100 AS 100 VPN 1 VPN 1 CE 1 CE 3 Loop0...

  • Page 266

    [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure the P switch. <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface vlan-interface 13 [P-Vlan-interface13] ip address 172.1.1.2 24 [P-Vlan-interface13] quit [P] interface vlan-interface 12 [P-Vlan-interface12] ip address 172.2.1.1 24 [P-Vlan-interface12] quit [P] ospf...

  • Page 267

    172.1.1.0/24 Direct 0 172.1.1.1 Vlan13 172.1.1.1/32 Direct 0 127.0.0.1 InLoop0 172.2.1.0/24 OSPF 172.1.1.2 Vlan13 [PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.1(Vlan-interface13)'s neighbors Router ID: 172.1.1.2 Address: 172.1.1.2 GR State: Normal State: Full Mode:Nbr is Master...

  • Page 268

    [PE2-Vlan-interface12] quit After you complete the configuration, P establishes an LDP session with PE 1 and PE 2, respectively. Issue the display mpls ldp session command. The output shows that the session status is Operational. Issue the display mpls ldp lsp command. The output shows the LSPs established by LDP.

  • Page 269

    [PE2] ip vpn-instance vpn2 [PE2-vpn-instance-vpn2] route-distinguisher 200:2 [PE2-vpn-instance-vpn2] vpn-target 222:2 [PE2-vpn-instance-vpn2] quit [PE2] interface vlan-interface 11 [PE2-Vlan-interface11] ip binding vpn-instance vpn1 [PE2-Vlan-interface11] ip address 10.3.1.2 24 [PE2-Vlan-interface11] quit [PE2] interface vlan-interface 13 [PE2-Vlan-interface13] ip binding vpn-instance vpn2 [PE2-Vlan-interface13] ip address 10.4.1.2 24 [PE2-Vlan-interface13] quit # Configure IP addresses for the CEs as per in Figure...

  • Page 270

    NOTE: The configurations for the other three CEs (CE 2 through CE 4) are similar to those for CE 1. (Details not shown) # On PE 1, configure the CE 1 and CE 2 as the iBGP peers, and configure PE 1 as the route reflector.

  • Page 271

    [PE1-bgp] quit # On PE 2, configure PE 1 as the MP-iBGP peer, and configure a routing policy for the routes received from PE 1, changing the next hop address of the routes as the loopback interface address of PE 1. [PE2] route-policy pe-ibgp permit node 0 [PE2-route-policy] apply ip-address next-hop 1.1.1.9 [PE2-route-policy] quit...

  • Page 272: Configuring A Hub-spoke Network

    10.2.1.2/32 Direct 0 127.0.0.1 InLoop0 10.4.1.0/24 3.3.3.9 NULL0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 CEs of the same VPN can ping each other, whereas those of different VPNs can not. For example, CE 1 can ping CE 3 (6.6.6.9), but cannot ping CE 4 (7.7.7.9): [CE1] ping 6.6.6.9 PING 6.6.6.9: 56 data bytes, press CTRL_C to break...

  • Page 273

    Figure 68 Network diagram Device Interface IP address Device Interface IP address Spoke-CE 1 Vlan-int2 10.1.1.1/24 Hub-CE Vlan-int6 10.3.1.1/24 Spoke-PE 1 Loop0 1.1.1.9/32 Vlan-int7 10.4.1.1/24 Vlan-int2 10.1.1.2/24 Hub-PE Loop0 2.2.2.9/32 Vlan-int4 172.1.1.1/24 Vlan-int4 172.1.1.2/24 Spoke-CE 2 Vlan-int3 10.2.1.1/24 Vlan-int5 172.2.1.2/24 Spoke-PE 2 Loop0 3.3.3.9/32...

  • Page 274

    [Spoke-PE2-LoopBack0] ip address 3.3.3.9 32 [Spoke-PE2-LoopBack0] quit [Spoke-PE2] interface vlan-interface 5 [Spoke-PE2-Vlan-interface5] ip address 172.2.1.1 24 [Spoke-PE2-Vlan-interface5] quit [Spoke-PE2] ospf [Spoke-PE2-ospf-1] area 0 [Spoke-PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [Spoke-PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [Spoke-PE2-ospf-1-area-0.0.0.0] quit [Spoke-PE2-ospf-1] quit # Configure the Hub-PE. <Hub-PE> system-view [Hub-PE] interface loopback 0 [Hub-PE-LoopBack0] ip address 2.2.2.9 32 [Hub-PE-LoopBack0] quit...

  • Page 275

    172.1.1.1/32 Direct 0 127.0.0.1 InLoop0 172.2.1.0/24 OSPF 172.1.1.2 Vlan4 [Spoke-PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.1(Vlan-interface4)'s neighbors Router ID: 2.2.2.9 Address: 172.1.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: 172.1.1.1 BDR: 172.1.1.2...

  • Page 276

    After the configuration, LDP sessions are established between Spoke-PE 1 and Hub-PE, and between Spoke-PE 2 and Hub-PE. Issue the display mpls ldp session command. The output shows that the session status is Operational. Issue the display mpls ldp lsp command. Takes Spoke-PE 1 as an example: [Spoke-PE1] display mpls ldp session LDP Session(s) in Public Network...

  • Page 277

    [Hub-PE-vpn-instance-vpn1-in] route-distinguisher 100:3 [Hub-PE-vpn-instance-vpn1-in] vpn-target 222:2 import-extcommunity [Hub-PE-vpn-instance-vpn1-in] quit [Hub-PE] ip vpn-instance vpn1-out [Hub-PE-vpn-instance-vpn1-out] route-distinguisher 100:4 [Hub-PE-vpn-instance-vpn1-out] vpn-target 111:1 export-extcommunity [Hub-PE-vpn-instance-vpn1-out] quit [Hub-PE] interface vlan-interface 6 [Hub-PE-Vlan-interface6] ip binding vpn-instance vpn1-in [Hub-PE-Vlan-interface6] ip address 10.3.1.2 24 [Hub-PE-Vlan-interface6] quit [Hub-PE] interface vlan-interface 7 [Hub-PE-Vlan-interface7] ip binding vpn-instance vpn1-out [Hub-PE-Vlan-interface7] ip address 10.4.1.2 24 [Hub-PE-Vlan-interface7] quit...

  • Page 278

    [Spoke-CE2] bgp 65420 [Spoke-CE2-bgp] peer 10.2.1.2 as-number 100 [Spoke-CE2-bgp] import-route direct [Spoke-CE2-bgp] quit # Configure the Hub-CE. <Hub-CE> system-view [Hub-CE] bgp 65430 [Hub-CE-bgp] peer 10.3.1.2 as-number 100 [Hub-CE-bgp] peer 10.4.1.2 as-number 100 [Hub-CE-bgp] import-route direct [Hub-CE-bgp] quit # Configure Spoke-PE 1. [Spoke-PE1] bgp 100 [Spoke-PE1-bgp] ipv4-family vpn-instance vpn1 [Spoke-PE1-bgp-vpn1] peer 10.1.1.1 as-number 65410...

  • Page 279

    Peer MsgRcvd MsgSent OutQ PrefRcv Up/Down State 10.1.1.1 65410 2 00:03:16 Established Configure an MP-iBGP peer relationship between a spoke-PE and the hub-PE. # Configure Spoke-PE 1. [Spoke-PE1] bgp 100 [Spoke-PE1-bgp] peer 2.2.2.9 as-number 100 [Spoke-PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [Spoke-PE1-bgp] ipv4-family vpnv4 [Spoke-PE1-bgp-af-vpnv4] peer 2.2.2.9 enable [Spoke-PE1-bgp-af-vpnv4] quit...

  • Page 280: Configuring Inter-as Option A

    [Spoke-PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 8 Routes : 8 Destination/Mask Proto Cost NextHop Interface 10.0.0.0/24 2.2.2.9 NULL0 10.1.1.0/24 Direct 0 10.1.1.2 Vlan2 10.1.1.2/32 Direct 0 127.0.0.1 InLoop0 10.2.1.0/24 2.2.2.9 NULL0 10.3.1.0/24 2.2.2.9 NULL0 10.4.1.0/24 2.2.2.9 NULL0 127.0.0.0/8...

  • Page 281

    Figure 69 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan-int1 10.1.1.1/24 CE 2 Vlan-int1 10.2.1.1/24 PE 1 Loop0 1.1.1.9/32 PE 2 Loop0 4.4.4.9/32 Vlan-int1 10.1.1.2/24 Vlan-int1 10.2.1.2/24 Vlan-int2 172.1.1.2/24 Vlan-int2 162.1.1.2/24 ASBR-PE 1 Loop0 2.2.2.9/32 ASBR-PE 2 Loop0 3.3.3.9/32...

  • Page 282

    [PE1-Vlan-interface1] mpls [PE1-Vlan-interface1] mpls ldp [PE1-Vlan-interface1] quit # Configure basic MPLS on ASBR PE 1 and enable MPLS LDP on the interface connected to PE 1. <ASBR-PE1> system-view [ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit [ASBR-PE1] interface vlan-interface 1 [ASBR-PE1-Vlan-interface1] mpls [ASBR-PE1-Vlan-interface1] mpls ldp...

  • Page 283

    [CE1-Vlan-interface1] ip address 10.1.1.1 24 [CE1-Vlan-interface1] quit # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface vlan-interface 1 [PE1-Vlan-interface1] ip binding vpn-instance vpn1 [PE1-Vlan-interface1] ip address 10.1.1.2 24 [PE1-Vlan-interface1] quit # Configure CE 2.

  • Page 284

    The PEs should be able to ping the CEs and the ASBR PEs should be able to ping each other. Establish eBGP peer relationships between PEs and CEs to allow VPN routes to be redistributed. # Configure CE 1. [CE1] bgp 65001 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit...

  • Page 285

    [ASBR-PE1-bgp-af-vpnv4] quit [ASBR-PE1-bgp] quit # Configure ASBR PE 2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ipv4-family vpn-instance vpn1 [ASBR-PE2-bgp-vpn1] peer 192.1.1.1 as-number 100 [ASBR-PE2-bgp-vpn1] quit [ASBR-PE2-bgp] peer 4.4.4.9 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [ASBR-PE2-bgp] ipv4-family vpnv4 [ASBR-PE2-bgp-af-vpnv4] peer 4.4.4.9 enable [ASBR-PE2-bgp-af-vpnv4] peer 4.4.4.9 next-hop-local [ASBR-PE2-bgp-af-vpnv4] quit [ASBR-PE2-bgp] quit...

  • Page 286

    Figure 70 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 Vlan-int1 30.0.0.1/8 Vlan-int1 20.0.0.1/8 Vlan-int2 1.1.1.2/8 Vlan-int2 9.1.1.2/8 ASBR-PE 1 Loop0 3.3.3.9/32 ASBR-PE 2 Loop0 4.4.4.9/32 Vlan-int1 1.1.1.1/8 Vlan-int1 9.1.1.1/8 Vlan-int2 11.0.0.2/8 Vlan-int2...

  • Page 287

    # Configure interface Loopback 0 and start IS-IS on it. [PE1] interface loopback 0 [PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and VPN target attributes. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity...

  • Page 288

    [ASBR-PE1-Vlan-interface1] mpls ldp [ASBR-PE1-Vlan-interface1] quit # Configure interface VLAN-interface 2 and enable MPLS on it. [ASBR-PE1] interface vlan-interface 2 [ASBR-PE1-Vlan-interface2] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Vlan-interface2] mpls [ASBR-PE1-Vlan-interface2] quit # Configure interface Loopback 0 and start IS-IS on it. [ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.3.3.9 32 [ASBR-PE1-LoopBack0] isis enable 1 [ASBR-PE1-LoopBack0] quit...

  • Page 289

    [ASBR-PE2-Vlan-interface2] mpls [ASBR-PE2-Vlan-interface2] quit # Configure interface Loopback 0 and start IS-IS on it. [ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit # Start BGP on ASBR-PE 2. [ASBR-PE2] bgp 600 [ASBR-PE2-bgp] peer 11.0.0.2 as-number 100 [ASBR-PE2-bgp] peer 5.5.5.9 as-number 600 [ASBR-PE2-bgp] peer 5.5.5.9 connect-interface loopback 0 # Specify not to filter the received VPNv4 routes using the import target attribute.

  • Page 290

    [PE2-vpn-instance-vpn1] route-distinguisher 12:12 [PE2-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity [PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE2-vpn-instance-vpn1] quit # Bind the interface connected with CE 2 to the created VPN instance. [PE2] interface vlan-interface 1 [PE2-Vlan-interface1] ip binding vpn-instance vpn1 [PE2-Vlan-interface1] ip address 20.0.0.1 8 [PE2-Vlan-interface1] quit # Start BGP on PE 2.

  • Page 291

    Figure 71 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 Loop1 30.0.0.1/32 Loop1 20.0.0.1/32 Vlan-int1 1.1.1.2/8 Vlan-int1 9.1.1.2/8 ASBR-PE 1 Loop0 3.3.3.9/32 ASBR-PE 2 Loop0 4.4.4.9/32 Vlan-int1 1.1.1.1/8 Vlan-int1 9.1.1.1/8 Vlan-int2 11.0.0.2/8 Vlan-int2...

  • Page 292

    # Create VPN instance vpn1 and configure the RD and VPN target attributes. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Configure interface Loopback 1 and bind the interface to VPN instance vpn1. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ip address 30.0.0.1 32...

  • Page 293

    [ASBR-PE1-Vlan-interface1] isis enable 1 [ASBR-PE1-Vlan-interface1] mpls [ASBR-PE1-Vlan-interface1] mpls ldp [ASBR-PE1-Vlan-interface1] quit # Configure interface VLAN-interface 2 and enable MPLS on it. [ASBR-PE1] interface vlan-interface 2 [ASBR-PE1-Vlan-interface2] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Vlan-interface2] mpls [ASBR-PE1-Vlan-interface2] quit # Configure interface Loopback 0 and start IS-IS on it. [ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.3.3.9 32 [ASBR-PE1-LoopBack0] isis enable 1...

  • Page 294

    [ASBR-PE2] mpls lsr-id 4.4.4.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit # Configure interface VLAN-interface 1, start IS-IS and enable MPLS and LDP on the interface. [ASBR-PE2] interface vlan-interface 1 [ASBR-PE2-Vlan-interface1] ip address 9.1.1.1 255.0.0.0 [ASBR-PE2-Vlan-interface1] isis enable 1 [ASBR-PE2-Vlan-interface1] mpls [ASBR-PE2-Vlan-interface1] mpls ldp [ASBR-PE2-Vlan-interface1] quit...

  • Page 295

    [ASBR-PE2-bgp] quit Configure PE 2. # Start IS-IS on PE 2. <PE2> system-view [PE2] isis 1 [PE2-isis-1] network-entity 10.4444.4444.4444.4444.00 [PE2-isis-1] quit # Configure LSR ID, enable MPLS and LDP. [PE2] mpls lsr-id 5.5.5.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit # Configure interface VLAN-interface 1, start IS-IS and enable MPLS and LDP on the interface.

  • Page 296: Configuring Carrier's Carrier In Ldp Mode

    [PE2-bgp] peer 2.2.2.9 ebgp-max-hop 10 # Configure peer 2.2.2.9 as a VPNv4 peer. [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 2.2.2.9 enable [PE2-bgp-af-vpnv4] quit # Redistribute direct routes to the routing table of vpn1. [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit [PE2-bgp] quit After you complete the previous configurations, PE 1 and PE 2 are able to ping each other: [PE2] ping –vpn-instance vpn1 30.0.0.1...

  • Page 297

    Figure 72 Network diagram Device Interface IP address Device Interface IP address CE 3 Vlan-int1 100.1.1.1/24 CE 4 Vlan-int1 120.1.1.1/24 PE 3 Loop0 1.1.1.9/32 PE 4 Loop0 6.6.6.9/32 Vlan-int1 100.1.1.2/24 Vlan-int1 120.1.1.2/24 Vlan-int2 10.1.1.1/24 Vlan-int2 20.1.1.2/24 CE 1 Loop0 2.2.2.9/32 CE 2 Loop0 5.5.5.9/32...

  • Page 298

    [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface vlan-interface 2 [PE1-Vlan-interface2] ip address 30.1.1.1 24 [PE1-Vlan-interface2] isis enable 1 [PE1-Vlan-interface2] mpls [PE1-Vlan-interface2] mpls ldp [PE1-Vlan-interface2] mpls ldp transport-address interface [PE1-Vlan-interface2] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.4.4.9 enable [PE1-bgp-af-vpnv4] quit...

  • Page 299

    Interface: Vlan2 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 29s Type: L1(L1L2) PRI: -- System Id: 0000.0000.0005 Interface: Vlan2 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 29s Type: L2(L1L2) PRI: -- Configure the customer carrier network: start IS-IS as the IGP and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2 respectively.

  • Page 300

    [CE1-Vlan-interface2] isis enable 2 [CE1-Vlan-interface2] mpls [CE1-Vlan-interface2] mpls ldp [CE1-Vlan-interface2] mpls ldp transport-address interface [CE1-Vlan-interface2] quit After you complete the previous configurations, PE 3 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them. NOTE: The configurations for PE 4 and CE 2 are similar to those for PE 3 and CE 1. (Details not shown) Perform configuration to allow CEs of the customer carrier to access PEs of the provider carrier, and redistribute IS-IS routes to BGP and BGP routes to IS-IS on the PEs.

  • Page 301

    NOTE: The configurations for PE 2 and CE 2 are similar to those for PE 1 and CE 1. (Details not shown) Perform configuration to allow CEs of customers to access the PEs of the customer carrier. # Configure CE 3. <CE3>...

  • Page 302

    Issue the display ip routing-table command on PE 1 and PE 2. You will see that only routes of the provider carrier network are present in the public network routing table of PE 1 and PE 2. Take PE 1 as an example: [PE1] display ip routing-table Routing Tables: Public Destinations : 7...

  • Page 303

    11.1.1.2/32 Direct 0 11.1.1.2 Vlan1 20.1.1.0/24 ISIS 11.1.1.2 Vlan1 21.1.1.0/24 ISIS 11.1.1.2 Vlan1 21.1.1.2/32 ISIS 11.1.1.2 Vlan1 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Issuing the display ip routing-table command on PE 3 and PE 4, you will see that the internal routes of the customer carrier network are present in the public network routing tables.

  • Page 304: Configuring Carrier's Carrier In Bgp Mode

    0.00% packet loss round-trip min/avg/max = 60/87/127 ms CE 3 and CE 4 can ping each other: [CE3] ping 120.1.1.1 PING 120.1.1.1: 56 data bytes, press CTRL_C to break Reply from 120.1.1.1: bytes=56 Sequence=1 ttl=252 time=102 ms Reply from 120.1.1.1: bytes=56 Sequence=2 ttl=252 time=69 ms Reply from 120.1.1.1: bytes=56 Sequence=3 ttl=252 time=105 ms Reply from 120.1.1.1: bytes=56 Sequence=4 ttl=252 time=88 ms Reply from 120.1.1.1: bytes=56 Sequence=5 ttl=252 time=87 ms...

  • Page 305

    Figure 73 Network diagram Device Interface IP address Device Interface IP address CE 3 Vlan-int1 100.1.1.1/24 CE 4 Vlan-int1 120.1.1.1/24 PE 3 Loop0 1.1.1.9/32 PE 4 Loop0 6.6.6.9/32 Vlan-int1 100.1.1.2/24 Vlan-int1 120.1.1.2/24 Vlan-int2 10.1.1.1/24 Vlan-int2 20.1.1.2/24 CE 1 Loop0 2.2.2.9/32 CE 2 Loop0 5.5.5.9/32...

  • Page 306

    [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface vlan-interface 2 [PE1-Vlan-interface2] ip address 30.1.1.1 24 [PE1-Vlan-interface2] isis enable 1 [PE1-Vlan-interface2] mpls [PE1-Vlan-interface2] mpls ldp [PE1-Vlan-interface2] mpls ldp transport-address interface [PE1-Vlan-interface2] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.4.4.9 enable...

  • Page 307

    Interface: Vlan2 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 29s Type: L1(L1L2) PRI: -- System Id: 0000.0000.0005 Interface: Vlan2 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 29s Type: L2(L1L2) PRI: -- Configure the customer carrier networks: start IS-IS as the IGP and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2 respectively.

  • Page 308

    [CE1-Vlan-interface2] isis enable 2 [CE1-Vlan-interface2] mpls [CE1-Vlan-interface2] mpls ldp [CE1-Vlan-interface2] mpls ldp transport-address interface [CE1-Vlan-interface2] quit After you complete the previous configurations, PE 3 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them. NOTE: The configurations for PE 4 and CE 2 are similar to those for PE 3 and CE 1. (Details not shown) Connect CEs of the customer carriers to PEs of the provider carrier.

  • Page 309

    After you complete the previous configurations, PE 1 and CE 1 can establish a BGP neighbor relationship between them. NOTE: The configurations for PE 2 and CE 2 are similar to those for PE 1 and CE 1. (Details not shown) Connect CEs of customers to the PEs of the customer carriers.

  • Page 310

    Verify the configuration. Execute the display ip routing-table command on PE 1 and PE 2. You can see that only routes of the provider carrier network are present in the public network routing tables of PE 1 and PE 2. Take PE 1 as an example: [PE1] display ip routing-table Routing Tables: Public...

  • Page 311

    11.1.1.0/24 Direct 0 11.1.1.1 Vlan1 11.1.1.1/32 Direct 0 127.0.0.1 InLoop0 11.1.1.2/32 Direct 0 11.1.1.2 Vlan1 20.1.1.0/24 ISIS 11.1.1.2 Vlan1 21.1.1.0/24 ISIS 11.1.1.2 Vlan1 21.1.1.2/32 ISIS 11.1.1.2 Vlan1 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Execute the display ip routing-table command on PE 3 and PE 4. You see that the internal routes of the customer carrier networks are present in the public network routing tables.

  • Page 312

    5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/87/127 ms CE 3 and CE 4 can ping each other: [CE3] ping 120.1.1.1 PING 120.1.1.1: 56 data bytes, press CTRL_C to break Reply from 120.1.1.1: bytes=56 Sequence=1 ttl=252 time=102 ms Reply from 120.1.1.1: bytes=56 Sequence=2 ttl=252 time=69 ms Reply from 120.1.1.1: bytes=56 Sequence=3 ttl=252 time=105 ms Reply from 120.1.1.1: bytes=56 Sequence=4 ttl=252 time=88 ms...

  • Page 313

    Figure 74 Network diagram Loop0 Loop0 AS 100 PE 1 PE 2 Vlan-int2 Vlan-int2 Vlan-int1 Vlan-int1 Carrier VPN CE 1 CE 2 Customer VPN Customer VPN Vlan-int1 Vlan-int1 AS 200 AS 200 VPN 1 VPN 1 Vlan-int2 Vlan-int2 PE 3 PE 4 Vlan-int2 Vlan-int2...

  • Page 314

    [PE1-isis-1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface vlan-interface 2 [PE1-Vlan-interface2] ip address 30.1.1.1 24 [PE1-Vlan-interface2] isis enable 1 [PE1-Vlan-interface2] mpls [PE1-Vlan-interface2] mpls ldp [PE1-Vlan-interface2] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.4.4.9 enable...

  • Page 315

    # Configure PE 3. <PE3> system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 1.1.1.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 1.1.1.9 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0000.0001.00 [PE3-isis-2] quit [PE3] interface loopback 0 [PE3-LoopBack0] isis enable 2 [PE3-LoopBack0] quit [PE3-Vlan-interface2] ip address 10.1.1.1 24...

  • Page 316

    NOTE: Configurations on PE 4 and CE 2 are similar to those on PE 3 and CE 1 respectively, and are thus omitted here. Connect CE 1 and CE 2 to service provider PEs. # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit...

  • Page 317

    [CE5-Vlan-interface3] ip address 110.1.1.1 24 [CE5-Vlan-interface3] quit [CE5] bgp 65411 [CE5-bgp] peer 110.1.1.2 as-number 200 [CE5-bgp] import-route direct [CE5-bgp] quit # Configure PE 3. [PE3] ip vpn-instance SUB_VPN1 [PE3-vpn-instance-SUB_VPN1] route-distinguisher 100:1 [PE3-vpn-instance-SUB_VPN1] vpn-target 2:1 [PE3-vpn-instance-SUB_VPN1] quit [PE3] interface vlan-interface 1 [PE3-Vlan-interface1] ip binding vpn-instance SUB_VPN1 [PE3-Vlan-interface1] ip address 100.1.1.2 24 [PE3-Vlan-interface1] quit...

  • Page 318

    # Configure CE 1, enabling VPNv4 capability and establishing a VPNv4 neighbor relationship between CE 1 and PE 1. [CE1] bgp 200 [CE1-bgp] ipv4-family vpnv4 [CE1-bgp-af-vpnv4] peer 11.1.1.2 enable # Allow the local AS number to appear in the AS-PATH attribute of the routes received. [CE1-bgp-af-vpnv4] peer 11.1.1.2 allow-as-loop 2 # Disable VPN target based filtering of received VPNv4 routes.

  • Page 319

    Destinations : 7 Routes : 7 Destination/Mask Proto Cost NextHop Interface 3.3.3.9/32 Direct 0 127.0.0.1 InLoop0 4.4.4.9/32 ISIS 30.1.1.2 Vlan2 30.1.1.0/24 Direct 0 30.1.1.1 Vlan2 30.1.1.1/32 Direct 0 127.0.0.1 InLoop0 30.1.1.2/32 Direct 0 30.1.1.2 Vlan2 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1...

  • Page 320

    Network NextHop In/Out Label LocPrf 100.1.1.0/24 1.1.1.9 1024/1024 Route Distinguisher: 101:1 Network NextHop In/Out Label LocPrf * > 110.1.1.0/24 1.1.1.9 1025/1025 Route Distinguisher: 200:1 Network NextHop In/Out Label LocPrf * > 120.1.1.0/24 11.1.1.2 1026/1027 Route Distinguisher: 201:1 Network NextHop In/Out Label LocPrf * >...

  • Page 321

    127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Execute the display ip routing-table command on CE 5 and CE 6 to verify that the routing tables contain routes of remote sub-VPNs. The following takes CE 5 for illustration. [CE5] display ip routing-table Routing Tables: Public Destinations : 5...

  • Page 322

    PING 130.1.1.1: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 130.1.1.1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss Configuring HoVPN Network requirements There are two levels of networks, the backbone and the MPLS VPN networks, as shown in Figure...

  • Page 323

    Figure 75 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan-int1 10.2.1.1/24 CE 3 Vlan-int1 10.1.1.1/24 CE 2 Vlan-int1 10.4.1.1/24 CE 4 Vlan-int1 10.3.1.1/24 UPE 1 Loop0 1.1.1.9/32 UPE 2 Loop0 4.4.4.9/32 Vlan-int1 172.1.1.1/24 Vlan-int1 172.2.1.1/24 Vlan-int2 10.2.1.2/24 Vlan-int2...

  • Page 324

    [UPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [UPE1-ospf-1-area-0.0.0.0] quit [UPE1-ospf-1] quit # Configure VPN instances vpn1 and vpn2, allowing CE 1 and CE 2 to access UPE 1. [UPE1] ip vpn-instance vpn1 [UPE1-vpn-instance-vpn1] route-distinguisher 100:1 [UPE1-vpn-instance-vpn1] vpn-target 100:1 both [UPE1-vpn-instance-vpn1] quit [UPE1] ip vpn-instance vpn2 [UPE1-vpn-instance-vpn2] route-distinguisher 100:2 [UPE1-vpn-instance-vpn2] vpn-target 100:2 both [UPE1-vpn-instance-vpn2] quit...

  • Page 325

    [CE2-Vlan-interface1] ip address 10.4.1.1 255.255.255.0 [CE2-Vlan-interface1] quit [CE2] bgp 65420 [CE2-bgp] peer 10.4.1.2 as-number 100 [CE2-bgp] import-route direct [CE2] quit Configure UPE 2. # Configure basic MPLS and MPLS LDP to establish LDP LSPs. <UPE2> system-view [UPE2] interface loopback 0 [UPE2-Loopback0] ip address 4.4.4.9 32 [UPE2-Loopback0] quit [UPE2] mpls lsr-id 4.4.4.9...

  • Page 326

    [UPE2] bgp 100 [UPE2-bgp] peer 3.3.3.9 as-number 100 [UPE2-bgp] peer 3.3.3.9 connect-interface loopback 0 [UPE2-bgp] ipv4-family vpnv4 [UPE2-bgp-af-vpnv4] peer 3.3.3.9 enable [UPE2-bgp-af-vpnv4] quit [UPE2-bgp] ipv4-family vpn-instance vpn1 [UPE2-bgp-vpn1] peer 10.1.1.1 as-number 65430 [UPE2-bgp-vpn1] import-route direct [UPE2-bgp-vpn1] quit [UPE2-bgp] ipv4-family vpn-instance vpn2 [UPE2-bgp-vpn1] peer 10.3.1.1 as-number 65440 [UPE2-bgp-vpn1] import-route direct [UPE2-bgp-vpn1] quit...

  • Page 327

    [SPE1-Vlan-interface1] quit [SPE1] interface vlan-interface 2 [SPE1-Vlan-interface2] ip address 180.1.1.1 24 [SPE1-Vlan-interface2] mpls [SPE1-Vlan-interface2] mpls ldp [SPE1-Vlan-interface2] quit # Configure the IGP protocol, OSPF, for example. [SPE1] ospf [SPE1-ospf-1] area 0 [SPE1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [SPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.0] quit [SPE1-ospf-1] quit # Configure VPN instances vpn1 and vpn2.

  • Page 328

    [SPE1-bgp] ipv4-family vpnv4 [SPE1-bgp-af-vpnv4] peer 1.1.1.9 upe route-policy hope export Configure SPE 2. # Configure basic MPLS and MPLS LDP to establish LDP LSPs. <SPE2> system-view [SPE2] interface loopback 0 [SPE2-LoopBack0] ip address 3.3.3.9 32 [SPE2-LoopBack0] quit [SPE2] mpls lsr-id 3.3.3.9 [SPE2] mpls [SPE2-mpls] quit [SPE2] mpls ldp...

  • Page 329: Configuring Ospf Sham Links

    [SPE2-bgp] peer 2.2.2.9 connect-interface loopback 0 [SPE2-bgp] ipv4-family vpnv4 [SPE2-bgp-af-vpnv4] peer 2.2.2.9 enable [SPE2-bgp-af-vpnv4] peer 4.4.4.9 enable [SPE2-bgp-af-vpnv4] peer 4.4.4.9 upe [SPE2-bgp-af-vpnv4] quit [SPE2-bgp]ipv4-family vpn-instance vpn1 [SPE2-bgp-vpn1] quit [SPE2-bgp]ipv4-family vpn-instance vpn2 [SPE2-bgp-vpn2] quit [SPE2-bgp] quit # Configure SPE 2 to advertise to UPE 2 the routes permitted by a routing policy, that is, the routes of CE 1.

  • Page 330

    Vlan-int1 100.1.1.2/24 Vlan-int1 120.1.1.2/24 Vlan-int2 10.1.1.1/24 Vlan-int2 10.1.1.2/24 Switch A Vlan-int1 20.1.1.2/24 Vlan-int2 30.1.1.1/24 Configuration procedure Configure OSPF on the customer networks. Configure conventional OSPF on CE 1, Switch A, and CE 2 to advertise segment addresses of the interfaces as shown in Figure 76.

  • Page 331

    [PE1-bgp] quit # Configure OSPF on PE 1. [PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure basic MPLS and MPLS LDP on PE 2 to establish LDP LSPs. <PE2>...

  • Page 332

    [PE1-Vlan-interface1] quit [PE1] ospf 100 vpn-instance vpn1 [PE1-ospf-100] domain-id 10 [PE1-ospf-100] area 1 [PE1-ospf-100-area-0.0.0.1] network 100.1.1.0 0.0.0.255 [PE1-ospf-100-area-0.0.0.1] quit [PE1-ospf-100] quit [PE2] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import-route ospf 100 [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure PE 2 to allow CE 2 to access the network. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 100:2 [PE2-vpn-instance-vpn1] vpn-target 1:1...

  • Page 333

    [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ip address 3.3.3.3 32 [PE1-LoopBack1] quit [PE1] ospf 100 [PE1-ospf-100] area 1 [PE1-ospf-100-area-0.0.0.1] sham-link 3.3.3.3 5.5.5.5 cost 10 [PE1-ospf-100-area-0.0.0.1] quit [PE1-ospf-100] quit # Configure PE 2. [PE2] interface loopback 1 [PE2-LoopBack1] ip binding vpn-instance vpn1 [PE2-LoopBack1] ip address 5.5.5.5 32 [PE2-LoopBack1] quit...

  • Page 334: Configuring Bgp As Number Substitution

    127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Issuing the display ospf sham-link command on the PEs, you can see the established sham link. Take PE 1 as an example: [PE1] display ospf sham-link OSPF Process 100 with Router ID 100.1.1.2 Sham Link: Area RouterId...

  • Page 335

    Vlan-int2 200.1.1.1/24 Configuration procedure Configuring basic MPLS L3VPN. Configure OSPF on the MPLS backbone to allow the PEs and P switch to learn the routes of the loopback interfaces from each other. Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs. Establish an MP-iBGP peer relationship between the PEs to advertise VPN IPv4 routes.

  • Page 336

    BGP Local router ID is 10.2.1.1 Status codes: * - valid, ^ - VPN best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...

  • Page 337

    127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 200.1.1.1/32 Direct 0 127.0.0.1 InLoop0 After configuring BGP AS substitution on PE 1 too, the VLAN interfaces of CE 1 and CE 2 should be able to ping each other: <CE1>...

  • Page 338

    Figure 78 Network diagram PC 1 AS 65410 172.18.0.1/16 Vlan-int 210 192.18.0.2/16 CE 1 Vlan-int 310 AS 100 20.2.1.1/24 Loop Loop 1.1.1.9/32 2.2.2.9/32 Vlan-int 310 Vlan-int 110 Vlan-int 110 20.2.1.2/24 192.168.1.1/24 192.168.1.2/24 Vlan-int 210 Vlan-int 210 PE 2 20.1.1.2/24 PE 1 20.3.1.2/24 Vlan-int 210 Vlan-int 210...

  • Page 339

    [PE1-Vlan-interface110] ip address 192.168.1.2 24 [PE2-Vlan-interface110] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit Configure the basic MPLS settings and create VPN instances. # Configure basic MPLS on PE1. [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] lsp-trigger all [PE1-mpls] quit...

  • Page 340

    [PE2] vlan 110 [PE2-vlan110] interface vlan-interface 110 [PE2-Vlan-interface110] mpls [PE2-Vlan-interface110] mpls ldp [PE2-Vlan-interface110] quit # Create a VPN instance for VPN 1 on PE 2 and bind VLAN-interface 210 to the VPN instance. [PE2] ip vpn-instance vpn1 [PE2-vpn-vpn1] route-distinguisher 300:1 [PE2-vpn-vpn1] vpn-target 100:1 both [PE2-vpn-vpn1] quit [PE2] vlan 210...

  • Page 341

    [PE1] bgp 100 [PE1-bgp] group 10 [PE1-bgp] peer 2.2.2.9 group 10 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpn] peer 10 enable [PE1-bgp-af-vpn] peer 2.2.2.9 group 10 [PE1-bgp-af-vpn] quit [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-af-vpn-instance] import-route direct [PE1-bgp-af-vpn-instance] group 20 external [PE1-bgp-af-vpn-instance] peer 20.2.1.1 group 20 as-number 65410 [PE1-bgp-af-vpn-instance] quit [PE1-bgp] ipv4-family vpn-instance vpn2...

  • Page 342: Configuring Bgp As Number Substitution And Soo

    Configuring BGP AS number substitution and SoO Network requirements CE 1, CE 2, and CE 3 belong to VPN 1 and connect to PE1, PE 2, and PE 3 respectively. CE 1 and CE 2 reside in the same site. CE1, CE2, and CE 3 all use AS number 600. To avoid route loss, configure BGP AS number substitution on PEs.

  • Page 343

    Configure VPN 1 on PE 3 to allow CE 3 to access the network. Configure BGP between PE 1 and CE 1, between PE 2 and CE 2, and between PE 3 and CE 3 to inject routes of CEs into PEs. Configure BGP AS number substitution.

  • Page 344

    [PE1-bgp-vpn1] quit [PE1-bgp] quit # On PE 2, configure a routing policy named soo to add the specified SoO attribute. <PE2> system-view [PE2] route-policy soo permit node 10 [PE2-route-policy] apply extcommunity soo 1:100 additive [PE2-route-policy] quit # On PE 2, apply the routing policy soo to routes received from CE 2. [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 10.2.1.1 route-policy soo import...

  • Page 345: Configuring Ipv6 Mpls L3vpn

    Configuring IPv6 MPLS L3VPN IPv6 MPLS L3VPN overview MPLS L3VPN applies to the IPv4 environment. It uses BGP to advertise IPv4 VPN routes and uses MPLS to forward IPv4 VPN packets on the service provider backbone. IPv6 MPLS L3VPN functions similarly. It uses BGP to advertise IPv6 VPN routes and uses MPLS to forward IPv6 VPN packets on the service provider backbone.

  • Page 346: Ipv6 Mpls L3vpn Packet Forwarding

    IPv6 MPLS L3VPN packet forwarding Figure 81 IPv6 MPLS L3VPN packet forwarding diagram As shown in Figure 81, the IPv6 MPLS L3VPN packet forwarding procedure is as follows: The PC at Site 1 sends an IPv6 packet destined for 2001:2::1, the PC at Site 2. CE 1 transmits the packet to PE 1.

  • Page 347: Ipv6 Mpls L3vpn Networking Schemes And Functions

    Then, the ingress PE advertises the VPN-IPv6 routes to the egress PE through MP-BGP. Finally, the egress PE compares the export target attributes of the VPN-IPv6 routes with the import target attributes that it maintains for the VPN instance and, if they are the same, adds the routes to the routing table of the VPN instance.

  • Page 348

    Task Remarks Configuring route related attributes Optional for a VPN instance Configuring a tunneling policy for a Optional VPN instance Configuring an LDP instance Optional Configuring routing between PE and CE Required Configuring routing between PEs Required Configuring routing features for the BGP-VPNv6 subaddress family Optional Configuration prerequisites Before configuring basic IPv6 MPLS L3VPN, complete the following tasks:...

  • Page 349: Configuring Route Related Attributes For A Vpn Instance

    NOTE: The reserved VLAN configuration can take effect only when the system works in standard mode. For • Fundamentals Configuration Guide more information about system working modes, see When the system works in standard mode, you must configure a reserved VLAN for a created VPN •...

  • Page 350

    The VPN instance determines which routes it can accept and redistribute according to the • import-extcommunity in the VPN target. The VPN instance determines how to change the VPN targets attributes for routes to be advertised • according to the export-extcommunity in the VPN target. When you configure route related attributes for a VPN instance, follow these guidelines: Route related attributes configured in VPN instance view are applicable to both IPv4 VPNs and IPv6 •...

  • Page 351

    The PE matches the peer PE address against the destination addresses of preferred tunnels, starting • from the tunnel with the smallest number. If no match is found, the local PE selects tunnels as configured by the tunnel select-seq command or the default tunneling policy if the tunnel select-seq command is not configured.

  • Page 352

    Configuring an LDP instance LDP instances are for carrier’s carrier networking applications. This task is to enable LDP for an existing VPN instance, create an LDP instance for the VPN instance, and configure LDP parameters for the LDP instance. For LDP instance configuration information, see the chapter “Configuring basic MPLS.” Configuring routing between PE and CE PE-CE route exchange can be implemented through IPv6 static routes, RIPng, OSPFv3, IPv6 IS-IS, and eBGP.

  • Page 353

    To do… Use the command… Remarks Return to system view quit — interface interface-type Enter interface view — interface-number Required Enable RIPng on the interface ripng process-id enable By default, RIPng is disabled on an interface. NOTE: Layer 3—IP Routing Configuration Guide For more information about RIPng, see Configuring OSPFv3 between PE and CE An OSPFv3 process belongs to the public network or a single VPN instance.

  • Page 354

    To do… Use the command… Remarks Required Create an IPv6 IS-IS process for a isis [ process-id ] vpn-instance Perform this configuration on PEs. VPN instance and enter IS-IS view vpn-instance-name On CEs, create a normal IPv6 IS-IS process. Required Configure a network entity title for network-entity net the IS-IS process...

  • Page 355

    To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Enter IPv6 BGP subaddress family ipv6-family Required view peer ipv6-address as-number Configure the PE as the eBGP peer Required as-number Optional import-route protocol [ process-id ] A CE needs to advertise its VPN Configure route redistribution and [ med med-value | route-policy...

  • Page 356

    To configure routing features for the BGP-VPNv6 subaddress family: To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Configure the remote PE as the peer ip-address as-number Required peer as-number Specify the interface for TCP peer ip-address connect-interface Required connections...

  • Page 357: Configuring Inter-as Ipv6 Vpn

    To do… Use the command… Remarks Optional By default, each RR in a cluster uses its own router ID as the cluster ID. Configure a cluster ID for the route reflector cluster-id { cluster-id | If more than one RR exists in a reflector ip-address } cluster, use this command to...

  • Page 358: Configuring Inter-as Ipv6 Vpn Option C

    To configure inter-AS IPv6 option A, you need to: • Perform basic IPv6 MPLS L3VPN configuration on each AS. Configure each ASBR, taking the peer ASBR PE as its CE. In other words, configure VPN instances • on both PEs and ASBR PEs. The VPN instances on PEs allow CEs to access the network, while those on ASBR PEs are for access of the peer ASBR PEs.

  • Page 359: Configuring Routing On An Mce

    Assigns MPLS labels to routes received from the PEs in the same AS before advertising them to the • peer ASBR PE. Assigns new MPLS labels to the labeled routes to be advertised to the PEs in the same AS. •...

  • Page 360

    Configuring RIPng between MCE and VPN site A RIPng process belongs to the public network or a single IPv6 VPN instance. If you create a RIPng process without binding it to an IPv6 VPN instance, the process belongs to the public network. By configuring RIPng process-to-IPv6 VPN instance bindings on a MCE, you allow routes of different VPNs to be exchanged between the MCE and the sites through different RIPng processes, ensuring the separation and security of IPv6 VPN routes.

  • Page 361

    To do… Use the command… Remarks Required import-route protocol [ process-id Redistribute remote site routes | allow-ibgp ] [ cost value | By default, no route of any other advertised by the PE. route-policy route-policy-name | routing protocol is redistributed type type ] * into OSPFv3.

  • Page 362

    To do… Use the command… Remarks Required Enable the IPv6 IS-IS process on the isis ipv6 enable [ process-id ] interface Disabled by default NOTE: Layer 3—IP Routing Configuration Guide For more information about IPv6 IS-IS, see Configuring eBGP between MCE and VPN site To use eBGP for exchanging routing information between an MCE and IPv6 VPN sites, you must configure a BGP peer for each IPv6 VPN instance on the MCE, and redistribute the IGP routes of each VPN instance on the IPv6 VPN sites.

  • Page 363

    To do… Use the command… Remarks Enter IPv6 address family view ipv6-family — Configure the MCE as the eBGP peer ipv6-address as-number Required peer as-number Optional By default, no route redistribution import-route protocol [ process-id Redistribute the IGP routes of the is configured.

  • Page 364

    To do… Use the command… Remarks Create a RIPng process for ripng [ process-id ] vpn-instance an IPv6 VPN instance and Required vpn-instance-name enter RIPng view Required import-route protocol [ process-id ] By default, no route of any Redistribute the VPN routes [ allow-ibgp ] [ cost cost | route-policy other routing protocol is route-policy-name ] *...

  • Page 365

    Configuring IPv6 IS-IS between MCE and PE To configure IPv6 IS-IS between MCE and PE: To do… Use the command… Remarks Enter system view system-view — Create an IS-IS process for isis [ process-id ] vpn-instance an IPv6 VPN instance and Required vpn-instance-name enter IS-IS view...

  • Page 366: Displaying And Maintaining Ipv6 Mpls L3vpn

    To do… Use the command… Remarks Optional Configure a filtering policy to filter-policy { acl6-number | ipv6-prefix filter the routes to be ip-prefix-name } export [ direct | isisv6 By default, BGP does not filter advertised process-id | ripng process-id | static ] the routes to be advertised.

  • Page 367: Ipv6 Mpls L3vpn Configuration Examples

    To do… Use the command… Remarks display ip vpn-instance [ instance-name Display information about a vpn-instance-name ] [ | { begin | exclude | Available in any view specific or all VPN instances include } regular-expression ] display ipv6 fib vpn-instance Display information about the IPv6 vpn-instance-name [ acl6 acl6-number | Available in any view...

  • Page 368

    Specify the import and export route targets as 1 1 1:1 for VPN 1 and 222:2 for VPN 2. Use eBGP to exchange VPN routing information between CE and PE. In the MPLS backbone, use OSPF to ensure IP connectivity and use MP-iBGP to exchange VPN routing information.

  • Page 369

    [PE1-ospf-1] quit # Configure the P switch. <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface vlan-interface 13 [P-Vlan-interface13] ip address 172.1.1.2 24 [P- Vlan-interface13] quit [P] interface vlan-interface 12 [P-Vlan-interface12] ip address 172.2.1.1 24 [P-Vlan-interface12] quit [P] ospf [P-ospf-1] area 0...

  • Page 370

    172.1.1.2/32 Direct 0 172.1.1.2 Vlan13 172.2.1.0/24 OSPF 172.1.1.2 Vlan13 [PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.1(Vlan-interface13)'s neighbors Router ID: 172.1.1.2 Address: 172.1.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: None BDR: None...

  • Page 371

    After you complete the previous configuration, LDP sessions are established between PE 1, P, and PE 2. Issue the display mpls ldp session command. You can see that the session status is Operational. Issue the display mpls ldp lsp command. You can see the LSPs established by LDP. The following takes PE 1 as an example: [PE1] display mpls ldp session LDP Session(s) in Public Network...

  • Page 372

    [PE2-vpn-instance-vpn2] route-distinguisher 200:2 [PE2-vpn-instance-vpn2] vpn-target 222:2 [PE2-vpn-instance-vpn2] quit [PE2] interface vlan-interface 11 [PE2-Vlan-interface11] ip binding vpn-instance vpn1 [PE2-Vlan-interface11] ipv6 address 2001:3::2 96 [PE2-Vlan-interface11] quit [PE2] interface vlan-interface 13 [PE2-Vlan-interface13] ip binding vpn-instance vpn2 [PE2-Vlan-interface13] ipv6 address 2001:4::2 96 [PE2-Vlan-interface13] quit # Configure IP addresses for the CEs as required in Figure 82.

  • Page 373

    NOTE: The configurations for the other three CEs (CE 2 through CE 4) are similar. (Details not shown) # Configure PE 1. [PE1] bgp 100 [PE1-bgp] ipv6-family vpn-instance vpn1 [PE1-bgp-ipv6-vpn1] peer 2001:1::1 as-number 65410 [PE1-bgp-ipv6-vpn1] import-route direct [PE1-bgp-ipv6-vpn1] quit [PE1-bgp] ipv6-family vpn-instance vpn2 [PE1-bgp-ipv6-vpn2] peer 2001:2::1 as-number 65420 [PE1-bgp-ipv6-vpn2] import-route direct [PE1-bgp-ipv6-vpn2] quit...

  • Page 374

    After you complete the previous configuration, issue the display bgp peer command or the display bgp vpnv6 all peer command on the PEs. You can see a BGP peer relationship in Established state has been established between the PEs. [PE1] display bgp peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 1...

  • Page 375: Configuring Inter-as Ipv6 Vpn Option A

    bytes=56 Sequence=1 hop limit=64 time = 1 ms Reply from 2001:3::1 bytes=56 Sequence=2 hop limit=64 time = 1 ms Reply from 2001:3::1 bytes=56 Sequence=3 hop limit=64 time = 1 ms Reply from 2001:3::1 bytes=56 Sequence=4 hop limit=64 time = 1 ms Reply from 2001:3::1 bytes=56 Sequence=5 hop limit=64 time = 1 ms...

  • Page 376

    Figure 83 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan-int12 2001:1::1/96 CE 2 Vlan-int12 2001:2::1/96 PE 1 Loop0 1.1.1.9/32 PE 2 Loop0 4.4.4.9/32 Vlan-int12 2001:1::2/96 Vlan-int12 2001:2::2/96 Vlan-int11 172.1.1.2/24 Vlan-int11 162.1.1.2/24 ASBR-PE 1 Loop0 2.2.2.9/32 ASBR-PE 2 Loop0 3.3.3.9/32...

  • Page 377

    [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface vlan-interface 11 [PE1-Vlan-interface11] mpls [PE1-Vlan-interface11] mpls ldp [PE1-Vlan-interface11] quit # Configure basic MPLS on ASBR-PE 1 and enable MPLS LDP for ASBR-PE 1 and for the interface connected to PE 1. <ASBR-PE1> system-view [ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] quit...

  • Page 378

    NOTE: For the same VPN, the VPN targets for the VPN instance on the PE must match those for the VPN instance of the ASBR-PE in the same AS. This is not required for PEs in different ASs. # Configure CE 1. <CE1>...

  • Page 379

    [ASBR-PE2-vpn-vpn-vpn1] quit [ASBR-PE2] interface vlan-interface 12 [ASBR-PE2-Vlan-interface12] ip binding vpn-instance vpn1 [ASBR-PE2-Vlan-interface12] ip address 192.1.1.2 24 [ASBR-PE2-Vlan-interface12] quit After completing the previous configuration, you can see the VPN instance configurations by issuing the display ip vpn-instance command. Each PE can ping its attached CE, and ASBR-PE 1 and ASBR-PE 2 can ping each other. Establish eBGP peer relationship between PE and CE switches to allow VPN routes to be redistributed.

  • Page 380

    [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] ipv6-family vpn-instance vpn1 [ASBR-PE1-bgp-ipv6-vpn1] peer 2002:1::2 as-number 200 [ASBR-PE1-bgp-ipv6-vpn1] quit [ASBR-PE1-bgp] peer 1.1.1.9 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback 0 [ASBR-PE1-bgp] ipv6-family vpnv6 [ASBR-PE1-bgp-af-vpnv6] peer 1.1.1.9 enable [ASBR-PE1-bgp-af-vpnv6] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ipv6-family vpn-instance vpn1 [ASBR-PE2-bgp-ipv6-vpn1] peer 2002:1::1 as-number 100...

  • Page 381

    Figure 84 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 Loop1 2001:1::1/128 Loop1 2001:1::2/12 Vlan-int11 1.1.1.2/8 Vlan-int11 9.1.1.2/8 ASBR-PE 1 Loop0 3.3.3.9/32 ASBR-PE 2 Loop0 4.4.4.9/32 Vlan-int11 1.1.1.1/8 Vlan-int11 9.1.1.1/8 Vlan-int12 11.0.0.2/8 Vlan-int12...

  • Page 382

    [PE1-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and VPN target attributes for it. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Configure interface Loopback 1 and bind the interface to VPN instance vpn1. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ipv6 address 2001:1::1 128...

  • Page 383

    [ASBR-PE1] interface vlan-interface 11 [ASBR-PE1-Vlan-interface11] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-Vlan-interface11] isis enable 1 [ASBR-PE1-Vlan-interface11] mpls [ASBR-PE1-Vlan-interface11] mpls ldp [ASBR-PE1-Vlan-interface11] quit # Configure interface VLAN-interface 12 and enable MPLS on it. [ASBR-PE1] interface vlan-interface 12 [ASBR-PE1-Vlan-interface12] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Vlan-interface12] mpls [ASBR-PE1-Vlan-interface12] quit # Configure interface Loopback 0 and start IS-IS on it.

  • Page 384

    [ASBR-PE2-isis-1] quit # Configure an LSR ID, enable MPLS and LDP. [ASBR-PE2] mpls lsr-id 4.4.4.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit # Configure interface VLAN-interface 11, start IS-IS and enable MPLS and LDP on the interface. [ASBR-PE2] interface vlan-interface 11 [ASBR-PE2-Vlan-interface11] ip address 9.1.1.1 255.0.0.0 [ASBR-PE2-Vlan-interface11] isis enable 1 [ASBR-PE2-Vlan-interface11] mpls...

  • Page 385

    # Configure the capability to advertise labeled routes to and receive labeled routes from eBGP peer 11.0.0.2. [ASBR-PE2-bgp] peer 11.0.0.2 label-route-capability [ASBR-PE2-bgp] quit Configure PE 2. # Start IS-IS on PE 2. <PE2> system-view [PE2] isis 1 [PE2-isis-1] network-entity 10.444.444.444.444.00 [PE2-isis-1] quit # Configure an LSR ID, and enable MPLS and LDP.

  • Page 386

    # Configure the maximum hop count from PE 2 to eBGP peer 2.2.2.9 as 10. [PE2-bgp] peer 2.2.2.9 as-number 100 [PE2-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE2-bgp] peer 2.2.2.9 ebgp-max-hop 10 # Configure peer 2.2.2.9 as a VPNv6 peer. [PE2-bgp] ipv6-family vpnv6 [PE2-bgp-af-vpnv6] peer 2.2.2.9 enable [PE2-bgp-af-vpnv6] quit # Redistribute direct routes to the routing table of vpn1.

  • Page 387: Configuring Carrier's Carrier

    0.00% packet loss round-trip min/avg/max = 1/1/1 ms Configuring carrier’s carrier Network requirements Configure carrier’s carrier for the scenario shown in Figure 85. In this scenario: PE 1 and PE 2 are the provider carrier’s PE switches. They provide VPN services for the customer •...

  • Page 388

    Vlan-int12 30.1.1.1/24 Vlan-int11 21.1.1.1/24 Configuration procedure Configure MPLS L3VPN on the provider carrier backbone: start IS-IS as the IGP, enable LDP on PE 1 and PE 2, and establish MP-iBGP peer relationship between the PEs. # Configure PE 1. <PE1> system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 3.3.3.9 32 [PE1-LoopBack0] quit...

  • Page 389

    Peer-ID Status SsnRole KA-Sent/Rcv ---------------------------------------------------------------- 4.4.4.9:0 Operational Active 378/378 ---------------------------------------------------------------- LAM : Label Advertisement Mode : Fault Tolerance [PE1] display bgp peer BGP local router ID : 3.3.3.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer MsgRcvd MsgSent...

  • Page 390

    [CE1-mpls] quit [CE1] mpls ldp [CE1-mpls-ldp] quit [CE1] isis 2 [CE1-isis-2] network-entity 10.0000.0000.0000.0002.00 [CE1-isis-2] quit [CE1] interface loopback 0 [CE1-LoopBack0] isis enable 2 [CE1-LoopBack0] quit [CE1] interface vlan-interface 12 [CE1-Vlan-interface12] ip address 10.1.1.2 24 [CE1-Vlan-interface12] isis enable 2 [CE1-Vlan-interface12] mpls [CE1-Vlan-interface12] mpls ldp [CE1-Vlan-interface12] mpls ldp transport-address interface [CE1-Vlan-interface12] quit...

  • Page 391

    [CE1] interface vlan-interface11 [CE1-Vlan-interface11] ip address 11.1.1.1 24 [CE1-Vlan-interface11] isis enable 2 [CE1-Vlan-interface11] mpls [CE1-Vlan-interface11] mpls ldp [CE1-Vlan-interface11] mpls ldp transport-address interface [CE1-Vlan-interface11] quit After you complete the previous configurations, PE 1 and CE 1 can establish the LDP session and IS-IS neighbor relationship between them.

  • Page 392

    [PE3-bgp] peer 6.6.6.9 connect-interface loopback 0 [PE3-bgp] ipv6-family vpnv6 [PE3-bgp-af-vpnv6] peer 6.6.6.9 enable [PE3-bgp-af-vpnv6] quit [PE3-bgp] quit NOTE: The configurations for PE 4 are similar to those for PE 3. (Details not shown) Verify your configuration. # Issue the display ip routing-table command on PE 1 and PE 2. You can see that only routes of the provider carrier network are present in the public network routing table of PE 1 and PE 2.

  • Page 393

    routing tables do not contain the VPN routes that the customer carrier maintains. Take CE 1 as an example: [CE1] display ip routing-table Routing Tables: Public Destinations : 16 Routes : 16 Destination/Mask Proto Cost NextHop Interface 1.1.1.9/32 ISIS 10.1.1.2 Vlan12 2.2.2.9/32 Direct 0...

  • Page 394: Configuring Mce

    Reply from 20.1.1.2: bytes=56 Sequence=5 ttl=252 time=60 ms --- 20.1.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/87/127 ms # CE 3 and CE 4 can ping each other: [CE3] ping ipv6 2001:2::1 PING 2001:2::1 : 56 data bytes, press CTRL_C to break Reply from 2001:2::1...

  • Page 395

    Figure 86 Network diagram VPN 2 Site 1 PE 2 PE 1 GE3/0/1 Vlan-int30: 30::2/64 Vlan-int40: 40::2/64 PE 3 Vlan-int10 VPN 1 GE3/0/3 VPN 1 2001:1::2/64 Site 2 Vlan-int30: 30::1/64 2012:1::/64 GE3/0/1 Vlan-int11 Vlan-int40: 40::1/64 Vlan-int10 GE3/0/2 2012:1::2/64 VR 1 2001:1::1/64 Vlan-int20 2002:1::1/64...

  • Page 396

    # Bind VLAN-interface 10 with VPN instance vpn1, and configure an IPv6 address for the VLAN interface. [MCE] interface vlan-interface 10 [MCE-Vlan-interface10] ip binding vpn-instance vpn1 [MCE-Vlan-interface10] ipv6 address 2001:1::1 64 [MCE-Vlan-interface10] quit # Configure VLAN 20, add port GigabitEthernet 3/0/2 to VLAN 20, bind VLAN-interface 20 with VPN instance vpn2, and assign an IPv6 address to VLAN-interface 20.

  • Page 397

    # Configure RIPng, and advertise subnets 2012::/64 and 2002:1::/64. <VR2> system-view [VR2] ripng 20 [VR2-ripng-20] quit [VR2] interface vlan-interface 20 [VR2-Vlan-interface20] ripng 20 enable [VR2-Vlan-interface20] quit [VR2] interface vlan-interface 21 [VR2-Vlan-interface21] ripng 20 enable [VR2-Vlan-interface21] quit # On the MCE, display the routing tables of VPN instances vpn1 and vpn2. [MCE] display ipv6 routing-table vpn-instance vpn1 Routing Table : vpn1 Destinations : 5...

  • Page 398

    The output shows that the MCE has learned the private route of VPN 2. The MCE maintains the routes of VPN 1 and those of VPN 2 in two different routing tables. In this way, routes from different VPNs are separated. Configure routing between the MCE and PE 1.

  • Page 399

    [PE1-Vlan-interface40] ipv6 address 40::2 64 [PE1-Vlan-interface40] quit # Configure the IP address of the interface Loopback0 as 101.101.10.1 for the MCE and as 100.100.10.1 for PE 1. Specify the loopback interface address as the router ID for the MCE and PE 1.

  • Page 400

    Routing Table : vpn2 Destinations : 5 Routes : 5 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 40::/64 Protocol : Direct NextHop : 40::2 Preference: 0 Interface : Vlan40 Cost Destination: 40::2/128 Protocol : Direct NextHop...

  • Page 401: Index

    Index B C D E I M S T V Binding a VPLS instance,135 Displaying and maintaining IPv6 MPLS L3VPN,358 Displaying and maintaining MPLS,29 Displaying and maintaining MPLS L2VPN,181 Configuring a PE-CE interface of a PE,176 Displaying and maintaining MPLS L3VPN,246 Configuring a static LSP,1 1...

  • Page 402

    Tuning MPLS TE tunnel setup,65 Troubleshooting MPLS L2VPN,190 Troubleshooting MPLS TE,123 VPLS configuration examples,142 Troubleshooting VPLS,171 VPLS configuration task list,132 Tuning CR-LSP setup,63 VPLS overview,124...

Comments to this Manuals

Symbols: 0
Latest comments: