H3C SR8800 10G Mpls Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Network Router
  5. SR8800 10G
  6. Mpls configuration manual
H3C SR8800 10G Mpls Configuration Manual

H3C SR8800 10G Mpls Configuration Manual

Core routers
Hide thumbs
1
2
3
4
5
Table Of Contents
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
Table of Contents

Advertisement

Quick Links

Download this manual
H3C SR8800 10G Core Routers
MPLS Configuration Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: SR8800-CMW520-R3347
Document version: 6W103-20120224

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SR8800 10G and is the answer not in the manual?

Questions and answers

Related Manuals for H3C SR8800 10G

Summary of Contents for H3C SR8800 10G

  • Page 1 H3C SR8800 10G Core Routers MPLS Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: SR8800-CMW520-R3347 Document version: 6W103-20120224...
  • Page 2 SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V G, V G, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice.
  • Page 3 The H3C SR8800 documentation set includes 13 configuration guides, which describe the software features for the H3C SR8800 10G Core Routers and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
  • Page 4 Layer 2 forwarding and other Layer 2 features. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your router. About the H3C SR8800 documentation set The H3C SR8800 documentation set includes: Category...

  • Page 5: Obtaining Documentation

    Obtaining documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support & Documents > Technical Documents] –...

  • Page 6: Table Of Contents

    Contents Configuring basic MPLS ·············································································································································· 1   MPLS overview ·································································································································································· 1   Basic concepts ·························································································································································· 1   Structure of the MPLS network ································································································································· 3   LSP establishment and label distribution ················································································································ 3   MPLS forwarding ······················································································································································ 6   LDP ············································································································································································· 8  ...
  • Page 7 MPLS TE configuration ··············································································································································· 41   MPLS TE overview ·························································································································································· 41   Traffic engineering and MPLS TE ························································································································· 41   Basic concepts of MPLS TE ··································································································································· 42   MPLS TE implementation ······································································································································· 42   CR-LSP ····································································································································································· 43   CR-LDP ···································································································································································· 44  ...
  • Page 8 Configuration procedure ······································································································································ 84   Displaying and maintaining MPLS TE ·························································································································· 84   MPLS TE configuration examples ·································································································································· 87   MPLS TE using static CR-LSP configuration example·························································································· 87   MPLS TE tunnel using RSVP-TE configuration example ······················································································ 91   Configuration example of inter-AS MPLS TE tunnel using RSVP-TE ·································································· 98  ...
  • Page 9 Configuration prerequisites ································································································································ 193   Configuration procedure ···································································································································· 193   Configuring SVC MPLS L2VPN ··································································································································· 195   Configuration prerequisites ································································································································ 195   Configuration procedure ···································································································································· 195   Configuring Martini MPLS L2VPN ······························································································································ 196   Creating a Martini MPLS L2VPN connection on a Layer 3 Ethernet interface/sub-interface ······················ 196  ...
  • Page 10 Configuring and applying policy routing ········································································································· 262   Configuring a static route ··································································································································· 263   Configuring HoVPN ····················································································································································· 263   Configuration prerequisites ································································································································ 263   Configuring HoVPN ············································································································································ 263   Configuring an OSPF sham link ································································································································· 264   Configuration prerequisites ································································································································ 264  ...
  • Page 11 Configuring routing between MCE and PE ······································································································ 366   Displaying and maintaining IPv6 MPLS L3VPN ········································································································ 369   Resetting BGP connections ································································································································· 369   Displaying information about IPv6 MPLS L3VPN ····························································································· 369   IPv6 MPLS L3VPN configuration examples ··············································································································· 371  ...

  • Page 12: Configuring Basic Mpls

    Configuring basic MPLS NOTE: For information about VPN, see the chapters “Configuring MPLS L2VPN” and “Configuring MPLS • L3VPN.” For information about MPLS TE, see the chapter “Configuring MPLS TE.” • MPLS overview Multiprotocol Label Switching (MPLS) is a new IP backbone technology. It introduces connection-oriented label switching into connectionless IP networks, and seamlessly integrates the flexibility of IP routing and the simplicity of Layer 2 switching.
  • Page 13 As shown in Figure 1, a label is encapsulated between the Layer 2 header and Layer 3 header of a packet. A label is four bytes in length and consists of the following fields: Label—20 bits in length. Label value for identifying a FEC. •...

  • Page 14: Structure Of The Mpls Network

    Structure of the MPLS network Figure 3 Diagram for the MPLS network structure As shown in Figure 3, the element of an MPLS network is LSR. LSRs in the same routing or administrative domain form an MPLS domain. An MPLS domain consists of the following types of LSRs: Ingress LSRs for receiving and labeling packets coming into the MPLS domain.
  • Page 15 NOTE: label distribution protocols In this document, the term represents all protocols for label distribution, and the term refers to the Label Distribution Protocol defined in RFC 5036. As shown in Figure 4, a dynamic LSP is established in the following procedure: A downstream LSR classifies FECs according to destination addresses, assigns a label to a FEC, and distributes the FEC-label binding to its upstream LSR, which then establishes an LFIB entry for the FEC according to the binding information.
  • Page 16 Figure 5 Label advertisement modes Figure 5 shows the two label advertisement modes, DU and DoD. In DU mode, an LSR assigns a label to a FEC and then distributes the FEC-label binding to its • upstream LSR unsolicitedly. In DoD mode, an LSR assigns a label to a FEC and distributes the FEC-label binding to its upstream •...

  • Page 17: Mpls Forwarding

    Figure 6 Independent label distribution control mode 1) Distribute a label to the upstream unsolicitedly DU mode 2) Distribute a label to the upstream unsolicitedly Transit Ingress Egress 1) Request the downstream to assign a label 2) Assign and distribute a label to the upstream upon DoD mode 3) Request the downstream to...
  • Page 18 corresponding NHLFE entry according to Token value to determine the label operation to be performed. Incoming Label Map (ILM)—ILM maps each incoming label to a set of NHLFEs. It is used when • forwarding labeled packets. When an LSR receives a labeled packet, it looks for the corresponding ILM entry.

  • Page 19: Ldp

    In an MPLS network, when an egress node receives a labeled packet, it looks up the LFIB, pops the label of the packet, and then performs the next level label forwarding or performs IP forwarding. An egress node needs to do forwarding table lookup twice to forward a packet: looks up the LFIB twice, or looks up the LFIB once and the FIB once.

  • Page 20: Protocols

    Every LSR that wants to establish LDP sessions sends Hello messages periodically to notify neighboring LSRs of its presence. In this way, LSRs can automatically discover their LDP peers. LDP provides the following discovery mechanisms: Basic discovery mechanism—Discovers local LDP peers, or, LSRs directly connected at the link layer.

  • Page 21: Mpls Configuration Task List

    RFC 5036, LDP Specification • MPLS configuration task list Complete the following tasks to configure MPLS: Task Remarks Enabling the MPLS function Required Configuring a static LSP Required Configuring MPLS LDP capability Required Configuring Local LDP session Optional parameters Configuring remote LDP session Optional parameters Use either the static...

  • Page 22: Enabling The Mpls Function

    Not enabled by default NOTE: An MPLS LSR ID is in the format of an IP address and must be unique within an MPLS domain. H3C recommends using the IP address of a loopback interface on an LSR as the MPLS LSR ID.

  • Page 23: Configuration Procedure

    Determine the ingress LSR, transit LSRs, and egress LSR for the static LSP. • • Enable MPLS on all these LSRs. Make sure that the ingress LSR has a route to the FEC destination. This is not required on the transit •...

  • Page 24: Configuring Local Ldp Session Parameters

    Step Command Remarks Optional. Configure the LDP LSR ID. lsr-id lsr-id MPLS LSR ID of the LSR by default. Return to system view. quit interface interface-type Enter interface view. interface-number Enable LDP capability for the mpls ldp Not enabled by default. interface.

  • Page 25: Configuring Remote Ldp Session Parameters

    Configuring remote LDP session parameters LDP sessions established between remote LDP peers are referred to as remote LDP sessions. Remote LDP sessions are mainly used in Martini MPLS L2VPN, Martini VPLS, and MPLS LDP over MPLS TE. For more information about remote session applications, see the chapters “Configuring MPLS L2VPN,” “Configuring VPLS,”...

  • Page 26: Configuring Php

    When working as the egress, the router cannot distribute a normal label to the penultimate hop (that is, • it does not support the non-null type). H3C recommends using a device that supports PHP as the penultimate hop. •...

  • Page 27: Configuring The Policy For Triggering Lsp Establishment

    Configuring the policy for triggering LSP establishment You can configure an LSP triggering policy on an LSR, so that only routes matching the policy can trigger establishment of LSPs, reducing the number of LSPs to be established on the LSR and avoiding instability of the LSR caused by excessive LSPs.

  • Page 28: Configuring Ldp Loop Detection

    Step Command Remarks Optional. Enable label re-advertisement du-readvertise for DU mode. Enabled by default. Optional. Set the interval for label du-readvertise timer value re-advertisement in DU mode. 30 seconds by default. Configuring LDP loop detection LSPs established in an MPLS domain may be looping. The LDP loop detection mechanism can detect looping LSPs and prevent LDP messages from looping forever.

  • Page 29: Configuring Ldp Md5 Authentication

    LDP loop detection may result in LSP update, which will generate redundant information and consume • many system resources, H3C recommends configuring the routing protocol’s loop detection mechanism. Configuring LDP MD5 authentication LDP sessions are established based on TCP connections. To improve the security of LDP sessions, you can configure MD5 authentication for the underlying TCP connections, so that the TCP connections can be established only if the peers have the same authentication password.
  • Page 30 Figure 8 Network diagram for label acceptance control Drop label bindings Label bindings not permitted Downstream Upstream LSR B LSR A Label bindings permitted by the label filtering configuration Accept label bindings Downstream LSR C Label advertisement control Label advertisement control is for filtering label bindings to be advertised. A downstream LSR advertises only the label bindings of the specified FECs to the specified upstream LSR.

  • Page 31: Maintaining Ldp Sessions

    For two neighboring LSRs, configuring a label acceptance control policy on the upstream LSR and configuring a label advertisement control policy on the downstream LSR can achieve the same effect. To reduce the network load, H3C recommends configuring only label advertisement control policies. Maintaining LDP sessions This section describes how to detect communication failures between remote LDP peers and reset LDP sessions.

  • Page 32: Managing And Optimizing Mpls Forwarding

    Use the following command to reset LDP sessions: Task Command Remarks reset mpls ldp [ all | [ vpn-instance Reset LDP sessions. vpn-instance-name ] [ fec mask | Available in user view peer peer-id ] ] Managing and optimizing MPLS forwarding Configuring MPLS MTU An MPLS label stack is inserted between the link layer header and network layer header of a packet.
  • Page 33 With IP TTL propagation enabled: When the ingress labels a packet, it copies the TTL value of the • original IP packet to the TTL field of the label. When an LSR forwards the labeled packet, it decrements the TTL value of the label at the stack top by 1. When an LSR pops a label, it copies the TTL value of the label at the stack top back to the TTL field of the IP packet.

  • Page 34: Sending Back Icmp Ttl Exceeded Messages For Mpls Ttl Expired Packets

    • If you enable MPLS IP TTL propagation for VPN packets on one LSR, H3C recommends that you enable it on all related provider edge (PE) devices, so you can get the same result when tracerting from those PEs. For more information about PE, see the chapter “Configuring MPLS L3VPN.”...

  • Page 35: Configuring Ldp Gr

    Step Command Remarks Optional. Use either approach as required. By default, an ICMP TTL exceeded message is sent back along an IP Configure the router to use IP route when the TTL of an MPLS • (Approach 1) Use IP routes: routes or LSPs to send back the packet with a one-level label stack ttl expiration pop...
  • Page 36 Whenever restarting, the GR restarter preserves all MPLS forwarding entries, marks them as stale, and starts the MPLS forwarding state holding timer for them. After a GR helper detects that the LDP session with the GR restarter is down, it marks the FEC-label bindings learned from the session as stale and will keep these FEC-label bindings for a period of time defined by the fault tolerant (FT) reconnect time argument.

  • Page 37: Configuring Mpls Statistics

    Task Command Remarks Restart MPLS LDP gracefully. graceful-restart mpls ldp Available in user view NOTE: The graceful-restart mpls ldp command is only used to test MPLS LDP GR function. It does not perform active/standby switchover. Do not perform this operation in other cases. Configuring MPLS statistics To view LSP statistics, you must set the interval for reading LSP statistics at first.

  • Page 38: Mpls Lsp Tracert

    Task Command Remarks ping lsp [ -a source-ip | -c count | -exp exp-value | -h ttl-value | -m Use MPLS LSP ping to check the wait-time | -r reply-mode | -s Available in any view connectivity of an MPLS LSP. packet-size | -t time-out | -v ] * ipv4 dest-addr mask-length [ destination-ip-addr-header ]...

  • Page 39: Configuring Periodic Lsp Tracert

    parameters for the loopback interface as needed. For more information about BFD, see High Availability Configuration Guide. To establish a static BFD session, make sure that there is already an LSP from the local router to the • remote router and an LSP from the remote router to the local router. Configuring BFD for LSPs To configure BFD for LSPs: Step...

  • Page 40: Enabling Mpls Trap

    Step Command Remarks periodic-tracert Configure periodic tracert for destination-address mask-length an LSP to the specified FEC [ -a source-ip | -exp exp-value | -h Not configured by default destination. ttl-value | -m wait-time | -t time-out | -u retry-attempt ] * Enabling MPLS trap If the MPLS trap function is enabled, trap packets of the notifications level will be generated to report critical MPLS events.

  • Page 41: Displaying Mpls Ldp Operation

    Task Command Remarks display mpls lsp [ incoming-interface interface-type interface-number ] [ outgoing-interface interface-type interface-number ] [ in-label in-label-value ] [ out-label out-label-value ] [ asbr | Display information about LSPs. [ vpn-instance vpn-instance-name ] [ protocol Available in any view { bgp | bgp-ipv6 | crldp | ldp | rsvp-te | static | static-cr } ] ] [ egress | ingress | transit ] [ { exclude | include } dest-addr...

  • Page 42: Clearing Mpls Statistics

    Task Command Remarks display mpls ldp interface [ all [ verbose ] | [ vpn-instance vpn-instance-name ] Display information about [ interface-type interface-number | verbose ] ] Available in any view LDP-enabled interfaces. [ | { begin | exclude | include } regular-expression ] display mpls ldp peer [ all [ verbose ] | Display information about LDP...

  • Page 43: Mpls Configuration Examples

    MPLS configuration examples Configuring static LSPs Network requirements Router A, Router B, and Router C support MPLS. Establish static LSPs between Router A and Router C so that subnets 10.1.1.0/24 and 21.1.1.0/24 can access each other over MPLS. Check the connectivity of the static LSPs. Figure 13 Network diagram Configuration considerations On an LSP, the outgoing label of an upstream LSR must be identical with the incoming label of its...
  • Page 44 [RouterA] interface Pos 2/1/1 [RouterA-Pos2/1/1] mpls [RouterA-Pos2/1/1] quit # Configure MPLS on Router B. [RouterB] mpls lsr-id 2.2.2.9 [RouterB] mpls [RouterB-mpls] quit [RouterB] interface Pos 2/1/1 [RouterB-Pos2/1/1] mpls [RouterB-Pos2/1/1] quit [RouterB] interface Pos 2/1/2 [RouterB-Pos2/1/2] mpls [RouterB-Pos2/1/2] quit # Configure MPLS on Router C. [RouterC] mpls lsr-id 3.3.3.9 [RouterC] mpls [RouterC-mpls] quit...

  • Page 45: Configuring Ldp To Establish Lsps Dynamically

    # On Router A, check the reachability of the LSP from Router A to Router C. [RouterA] ping lsp -a 11.1.1.1 ipv4 21.1.1.0 24 LSP Ping FEC: IPV4 PREFIX 21.1.1.0/24 : 100 data bytes, press CTRL_C to break Reply from 20.1.1.2: bytes=100 Sequence=1 time = 2 ms Reply from 20.1.1.2: bytes=100 Sequence=2 time = 2 ms Reply from 20.1.1.2: bytes=100 Sequence=3 time = 1 ms Reply from 20.1.1.2: bytes=100 Sequence=4 time = 2 ms...

  • Page 46: Configuration Considerations

    Configuration considerations Enable LDP on the LSRs. LDP dynamically distributes labels and establishes LSPs and thus there is no • need to manually configure labels for LSPs. • LDP uses routing information for label distribution. Therefore, you need to configure a routing protocol to learn routing information.
  • Page 47 10.1.1.0/24 Direct 0 10.1.1.1 Pos2/1/1 10.1.1.1/32 Direct 0 127.0.0.1 InLoop0 11.1.1.0/24 Direct 0 11.1.1.1 GE3/1/1 11.1.1.1/32 Direct 0 127.0.0.1 InLoop0 20.1.1.0/24 OSPF 10.1.1.2 Pos2/1/1 21.1.1.0/24 OSPF 10.1.1.2 Pos2/1/1 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Enable MPLS and MPLS LDP. # Configure MPLS and MPLS LDP on Router A.
  • Page 48 LDP Session(s) in Public Network Total number of sessions: 1 ---------------------------------------------------------------- Peer-ID Status SsnRole KA-Sent/Rcv ---------------------------------------------------------------- 2.2.2.9:0 Operational Passive ---------------------------------------------------------------- LAM : Label Advertisement Mode : Fault Tolerance [RouterA] display mpls ldp peer LDP Peer Information in Public network Total number of peers: 1 ----------------------------------------------------------------- Peer-ID Transport-Address...

  • Page 49: Configuring Bfd For Lsp Validity Check

    [RouterA] ping lsp ipv4 21.1.1.0 24 LSP Ping FEC: IPV4 PREFIX 21.1.1.0/24 : 100 data bytes, press CTRL_C to break Reply from 20.1.1.2: bytes=100 Sequence=1 time = 3 ms Reply from 20.1.1.2: bytes=100 Sequence=2 time = 2 ms Reply from 20.1.1.2: bytes=100 Sequence=3 time = 1 ms Reply from 20.1.1.2: bytes=100 Sequence=4 time = 1 ms Reply from 20.1.1.2: bytes=100 Sequence=5 time = 3 ms --- FEC: IPV4 PREFIX 21.1.1.0/24 ping statistics ---...
  • Page 50 [RouterC-mpls-lspv] quit Verify the configuration. Execute the display mpls lsp bfd command on Router A and Router C to view information about BFD sessions established for LSPs. Take Router A as an example: [RouterA] display mpls lsp bfd MPLS BFD Session(s) Information ----------------------------------------------------------------------------- : 11.1.1.0/24 Type...
  • Page 51 Hold Time: 1900ms Connect Type: Indirect Running Up for: 00:02:28 Auth mode: None Protocol: MFW/LSPV Diag Info: No Diagnostic...

  • Page 52: Mpls Te Configuration

    MPLS TE configuration MPLS TE overview Traffic engineering and MPLS TE Let us get familiar with traffic engineering (TE) before going on to MPLS-TE. Network congestion is one of the major problems that can degrade your network backbone performance. It may occur either when network resources are inadequate or when load distribution is unbalanced.

  • Page 53: Basic Concepts Of Mpls Te

    When network resources are insufficient, MPLS TE allows bandwidth-hungry LSPs or critical user • traffic to occupy the bandwidth for lower priority LSP tunnels. In case an LSP tunnel fails or congestion occurs on a network node, MPLS TE can provide route •...

  • Page 54: Cr-Lsp

    CSPF first prunes TE attribute incompliant links from the TEDB and then performs SPF calculation to identify the shortest path to an LSP egress. Establishing paths When setting up LSP tunnels, you may use two types of signaling: CR-LDP and RSVP-TE. Both can carry constraints such as LSP bandwidth, some explicit route information, and color and deliver the same function.

  • Page 55: Cr-Ldp

    For a new path to preempt an existing path, the setup priority of the new path must be greater than the holding priority of the existing path. To initiate a preemption, the Resv message of RSVP-TE is sent. To avoid flapping caused by improper preemptions between CR-LSPs, the setup priority of a CR-LSP should not be set higher than its holding priority.
  • Page 56 Using soft state mechanism to maintain resource reservation information. • Extended RSVP can support MPLS label distribution and allow resource reservation information to be transmitted with label bindings. This extended RSVP is called RSVP-TE, which is operating as a signaling protocol for LSP tunnel setup in MPLS TE.
  • Page 57 Figure 15 presents a scenario where a path Router A → Router B → Router C → Router D is established with 30 Mbps reserved bandwidth between Router A and Router D. The remaining bandwidth is then 30 Mbps. If 40 Mbps path bandwidth is requested, the remaining bandwidth of the Router A → Router B → Router C →...
  • Page 58 Figure 16 Set up an LSP tunnel The following is a simplified procedure for setting up an LSP tunnel with RSVP: The ingress LSR sends a Path message that carries the label request information, and then forwards the message along the path calculated by CSPF hop-by-hop towards the egress LSR. After receiving the Path message, the egress generates a Resv message carrying the reservation information and label and then forwards the message towards the ingress along the reverse direction of the path along which the Path message travels.

  • Page 59: Traffic Forwarding

    The LABEL_REQUEST object is stored in the path state block (PSB) on the upstream nodes, while the LABEL object is stored in the reservation state block (RSB) on the downstream nodes. The state stored in the PSB or RSB object times out and is removed after the number of consecutive non-refreshing times exceeds the PSB or RSB timeout keep-multiplier.
  • Page 60 NOTE: Layer 3—IP Routing Configuration Guide For more information about static routing, see Policy-based routing You can also use policy-based routing to route traffic over an MPLS TE tunnel. In this approach, you need to create a policy that specifies the MPLS TE tunnel interface as the output interface for traffic that matches certain criteria defined in the referenced ACL.

  • Page 61: Cr-Lsp Backup

    The configuration of IGP shortcut and forwarding adjacency is broken down into tunnel configuration and IGP configuration. When making tunnel configuration on a TE tunnel interface, consider the following: • The tunnel destination address should be in the same area where the tunnel interface is located. The tunnel destination address should be reachable through intra-area routing.

  • Page 62: Ps For An Mpls Te Tunnel

    Figure 18 FRR link protection • Node protection, where the PLR and the MP are connected through a router and the primary LSP traverses this router. When the router fails, traffic is switched to the bypass LSP. As shown in Figure 19, the primary LSP is Router A →...

  • Page 63: Diffserv-Aware Te

    Essentially, what DS-TE does is to map traffic trunks with LSPs, making each traffic trunk traverse the constraints-compliant path. The router supports the following DS-TE modes: • Prestandard mode—Implemented by using H3C proprietary mechanisms IETF mode—Implemented according to RFC 4124, RFC 4125, and RFC 4127. • Basic concepts •...
  • Page 64 NOTE: The prestandard mode supports two CTs (CT 0 and CT 1), eight priorities, and up to 16 TE classes. The • IETF mode supports four CTs (CT 0 through CT 3), eight priorities, and up to eight TE classes. The prestandard mode is proprietary, and therefore a device working in prestandard mode cannot •...

  • Page 65: Mpls Ldp Over Mpls Te

    BC 0 is for CT 0. The bandwidth occupied by the traffic of CT 0 cannot exceed BC 0. BC 1 is for CT 1. The bandwidth occupied by the traffic of CT 1 cannot exceed BC 1. BC 2 is for CT 2. The bandwidth occupied by the traffic of CT 2 cannot exceed BC 2. The total bandwidth occupied by CT 0, CT 1, and CT 2 cannot exceed the maximum reservable bandwidth.

  • Page 66: Protocols And Standards

    As the figure shows, in layered networks, MPLS TE is usually deployed only in the core layer, and MPLS networks in the distribution layer usually use LDP as the label distribution signaling. To set up an LDP LSP tunnel across the core layer, you need to establish a local LDP session between each pair of neighboring LSRs in the core layer.

  • Page 67: Configuring Mpls Te Basic Capabilities

    Task Remarks Configuring MPLS TE basic capabilities Required Configuring DiffServ-aware TE Optional Creating MPLS TE tunnel over static CR-LSP Required Configuring an MPLS TE tunnel Use either approach Configuring MPLS TE tunnel with dynamic signaling protocol Configuring RSVP-TE advanced features Optional Tuning CR-LSP setup Optional...

  • Page 68: Configuring Diffserv-Aware Te

    Step Command Remarks Return to system view. quit Enter the interface view of an interface interface-type MPLS TE link. interface-number Enable interface MPLS TE. mpls te Disabled by default Return to system view. quit –– Create a tunnel interface and interface tunnel tunnel-number enter its view.

  • Page 69: Creating Mpls Te Tunnel Over Static Cr-Lsp

    TE Class Priority Creating MPLS TE tunnel over static CR-LSP Creating MPLS TE tunnels over static CR-LSPs does not involve configuration of tunnel constraints or the issue of IGP TE extension or CSPF. What you need to do is to create a static CR-LSP and a TE tunnel using static signaling and then associate them.

  • Page 70: Configuring Mpls Te Tunnel With Dynamic Signaling Protocol

    Step Command Remarks • At the ingress: static-cr-lsp ingress tunnel-name destination dest-addr { nexthop next-hop-addr | outgoing-interface interface-type interface-number } out-label out-label-value [ bandwidth [ ct0 | ct1 | ct2 | ct3 ] bandwidth-value ] • On the transit node: static-cr-lsp transit tunnel-name -interface incoming...

  • Page 71: Configuration Prerequisites

    NOTE: To form a TEDB, you must configure the IGP TE extension for the nodes on the network to send TE LSAs. If the IGP TE extension is not configured, the CR-LSP is created based on IGP routing rather than computed by CSPF.
  • Page 72 Step Command Remarks Optional. Configure BC 0 and BC 1 of mpls te 0 for both BC 0 and BC 1 by the MPLS TE link in the RDM max-reservable-bandwidth default. model of the prestandard bandwidth-value [ bc1 In RDM model, BC 0 is the DS-TE.
  • Page 73 MTU needs to be recalculated according to the packet structure. When TE is configured, H3C recommends that you set the MTU of any interface with IS-IS enabled be equal to or greater than 512 octets to guarantee that IS-IS LSPs can be flooded on the network.
  • Page 74 IP addresses, IS-IS TE advertises only the primary IP address of the interface through the sub-TLV of IS reachability TLV (type 22). H3C does not recommend enabling IS-IS TE on an interface configured with secondary IP addresses.
  • Page 75 NOTE: When establishing an MPLS TE tunnel between areas or Autonomous Systems (ASs), you must use a loose explicit route, specify the area border router (ABR) or autonomous system boundary router (ASBR) as the next hop of the route, and make sure that the ABR or ASBR is reachable. Configuring MPLS TE tunnel constraints To configure MPLS TE tunnel constraints: Step...

  • Page 76: Configuring Rsvp-Te Advanced Features

    Step Command Remarks Enable RSVP-TE on your mpls rsvp-te Disabled by default. router. Exit to system view. quit Enter interface view of MPLS interface interface-type TE link. interface-number Enable RSVP-TE on the mpls rsvp-te Disabled by default. interface. Enter MPLS TE tunnel interface interface tunnel tunnel-number view.
  • Page 77 To configure RSVP reservation style: Step Command Remarks Enter system view. system-view Enter MPLS TE tunnel interface interface tunnel tunnel-number view. Optional. Configure the resources mpls te resv-style { ff | se } The default resource reservation reservation style for the tunnel. style is SE.
  • Page 78 Step Command Remarks Enable the reliability mpls rsvp-te reliability Optional mechanism of RSVP-TE. mpls rsvp-te timer retransmission Optional Enable retransmission. { increment-value [ increment-value ] | Disabled by default retransmit-value [ retrans-timer-value ] } * Optional Enable summary refresh. mpls rsvp-te srefresh Disabled by default Configuring the RSVP hello extension To configure the RSVP hello extension:...
  • Page 79 NOTE: Reservation confirmation is initiated by the receiver, which sends the Resv message with an object • requesting reservation confirmation. Receiving the ResvConf message does not mean resource reservation is established. It only indicates that • resources are reserved on the farthest upstream node where the Resv message arrived and the resources can be preempted.

  • Page 80: Tuning Cr-Lsp Setup

    Configuring Cooperation of RSVP-TE and BFD On an MPLS TE network, if a link between neighboring LSRs fails, the corresponding MPLS TE tunnel will fail to forward packets. MPLS TE itself cannot detect a link failure in time. To address this issue, you can enable Bidirectional Forwarding Detection (BFD) for RSVP-TE on the two peers of an RSVP-TE tunnel.
  • Page 81 Step Command Remarks Enter MPLS TE tunnel interface interface tunnel tunnel-number view. Optional. Specify the tie breaker for the current tunnel to select a path mpls te tie-breaking { least-fill | By default, a tunnel has no specific when multiple paths with the most-fill | random } tie breaker specified and uses the same metric are present.

  • Page 82: Tuning Mpls Te Tunnel Setup

    To configure the administrative group and affinity attribute: Step Command Remarks Enter system view. system-view Enter interface view of MPLS interface interface-type TE link. interface-number Optional. Assign the link to a link mpls te link administrative group administrative group. value The default is 0x00000000.

  • Page 83: Configuration Prerequisites

    Configuration prerequisites The configurations described in this section need to be used together with the dynamic signaling protocol CR-LDP or RSVP-TE. Before performing them, be aware of each configuration objective and its impact on your system. Configuration procedures Configuring loop detection To configure loop detection: Step Command...

  • Page 84: Configuring Traffic Forwarding

    Step Command Remarks Enter system view. system-view Enter MPLS TE tunnel interface interface tunnel tunnel-number view. Optional. Configure maximum number mpls te retry times of tunnel setup retries. The default is 10. Optional. Configure the tunnel setup mpls te timer retry seconds retry interval.
  • Page 85 Step Command Enter system view. system-view ip route-static dest-address { mask | mask-length } { next-hop-address [ track track-entry-number ] | interface-type interface-number next-hop-address [ bfd { control-packet | Create a static route for forwarding echo-packet } ] | vpn-instance d-vpn-instance-name traffic along an MPLS TE tunnel.

  • Page 86: Configuring Traffic Forwarding Tuning Parameters

    Step Command Remarks Optional. Assign a metric to the MPLS TE mpls te igp metric { absolute | The metrics of TE tunnels equal the tunnel. relative } value metrics of their corresponding IGP routes by default. Submit current tunnel mpls te commit configuration.

  • Page 87: Configuration Prerequisites

    Configuration prerequisites The configurations described in this section are used in conjunction with CSPF and the dynamic signaling protocol CR-LDP or RSVP-TE. Configuration procedure Configuring the failed link timer A CSPF failed link timer starts once a link goes down. If IGP removes or modifies the link before the timer expires, CSPF will update information about the link in TEDB and stops the timer.

  • Page 88: Configuring Cr-Lsp Backup

    Step Command Remarks Specify the metric type to use Optional. when no metric type is mpls te path metric-type { igp | te } TE metrics of links are used by explicitly configured for a default. tunnel. Exit to system view. quit Enter MPLS TE tunnel interface interface tunnel tunnel-number...

  • Page 89: Configuration Prerequisites

    Configuration prerequisites Before you configure CR-LSP backup, complete the following tasks: Configure MPLS basic capabilities • Configure MPLS TE basic capabilities • Configure MPLS TE tunnels • Configuration procedure To configure CR-LSP backup: Step Command Remarks Enter system view of the system-view ingress node.

  • Page 90: Configuration Prerequisites

    Configuration prerequisites Before you configure FRR, complete the following tasks: Configure IGP, ensuring that all LSRs are reachable • Configure MPLS basic capabilities • Configure MPLS TE basic capabilities • Establish an MPLS TE tunnel with RSVP-TE • • Set up primary LSPs Configuration procedure Enabling FRR on the headend of a primary LSP To enable FRR on the headend of a primary LSP:...
  • Page 91 Step Command Remarks • For node protection, this is the LSR ID of the next hop router of PLR. Specify the destination destination ip-address address of the bypass tunnel. • For link protection, this is the LSR ID of the next hop router of PLR.

  • Page 92: Inspecting An Mpls Te Tunnel

    Configuring the FRR polling timer The protection provided by FRR is temporary. Once a protected LSP becomes available again or a new LSP is established, traffic will be switched to the protected or new LSP. After this switchover, the PLR polls available bypass tunnels for the best one at the regular interval specified by the FRR polling timer: To configure the FRR polling timer: Step...

  • Page 93: Configuring Bfd For An Mpls Te Tunnel

    To locate errors of an MPLS TE tunnel: Task Command Use MPLS LSP tracert to locate tracert lsp [ -a source-ip | -exp exp-value | -h ttl-value | -r reply-mode |-t errors of an MPLS TE tunnel. time-out ] * te interface-type interface-number Configuring BFD for an MPLS TE tunnel You can configure BFD for an MPLS TE tunnel to implement fast detection of the connectivity of the tunnel.

  • Page 94: Configuring Periodic Lsp Tracert For An Mpls Te Tunnel

    NOTE: MPLS Command Reference For more information about the mpls lspv command, see • The BFD session parameters are those configured on the MPLS TE tunnel interface. The source address • of the BFD session is the MPLS LSR ID. Therefore, before configuring BFD to inspect an MPLS TE tunnel, make sure that there is a route on the peer router to the MPLS LSR ID, and you can also configure the BFD session parameters on the tunnel interface as needed.

  • Page 95: Configuring Protection Switching

    Step Command Remarks mpls te periodic-tracert [ -a Enable periodic LSP tracert for source-ip | -exp exp-value | -h By default, periodic LSP tracert is the MPLS TE tunnel. ttl-value | -m wait-time | -t time-out disabled for MPLS TE tunnels. | -u retry-attempt ] * Configure MPLS TE to tear Optional.
  • Page 96 Task Command Remarks Display information about explicit display explicit-path [ pathname ] [ | { begin | Available in any view paths. exclude | include } regular-expression ] display mpls static-cr-lsp [ lsp-name lsp-name ] Display information about static [ { include | exclude } ip-address prefix-length ] Available in any view CR-LSPs.
  • Page 97 Task Command Remarks display mpls te tunnel [ destination dest-addr ] [ lsp-id lsr-id lsp-id ] [ lsr-role { all | egress | ingress | remote | transit } ] [ name name ] Display information about MPLS TE [ { incoming-interface | outgoing-interface | Available in any view tunnels.

  • Page 98: Mpls Te Configuration Examples

    Task Command Remarks Display information about the display mpls te protection tunnel { tunnel-id | specified tunnels and their all } [ verbose ] [ | { begin | exclude | include } Available in any view protection tunnels. regular-expression ] display mpls te ds-te [ | { begin | exclude | Display information about DS-TE.
  • Page 99 [RouterA-LoopBack0] isis enable 1 [RouterA-LoopBack0] quit # Configure Router B. <RouterB> system-view [RouterB] isis 1 [RouterB-isis-1] network-entity 00.0005.0000.0000.0002.00 [RouterB-isis-1] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] isis enable 1 [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] isis enable 1 [RouterB-GigabitEthernet3/1/2] quit [RouterB] interface loopback 0 [RouterB-LoopBack0] isis enable 1 [RouterB-LoopBack0] quit...
  • Page 100 [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] quit # Configure Router B. [RouterB] mpls lsr-id 2.2.2.2 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls [RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] mpls [RouterB-GigabitEthernet3/1/2] mpls te [RouterB-GigabitEthernet3/1/2] quit...
  • Page 101 Perform the display interface tunnel command on Router A. You can find that the tunnel interface is up. [RouterA] display interface tunnel Tunnel3 current state: UP Line protocol current state: UP Description: Tunnel3 Interface The Maximum Transmit Unit is 1500 Internet Address is 6.1.1.1/24 Primary Encapsulation is TUNNEL, service-loopback-group ID not set Tunnel source unknown, destination 3.3.3.3...

  • Page 102: Mpls Te Tunnel Using Rsvp-Te Configuration Example

    ------------------------------------------------------------------ In/Out Label In/Out IF Vrf Name 30/NULL GE3/1/1/- [RouterA] display mpls static-cr-lsp total static-cr-lsp : 1 Name I/O Label I/O If State Tunnel3 3.3.3.3/32 NULL/20 -/GE3/1/1 [RouterB] display mpls static-cr-lsp total static-cr-lsp : 1 Name I/O Label I/O If State Tunnel3 20/30...
  • Page 103 Router A Loop0 1.1.1.9/32 Router C Loop0 3.3.3.9/32 GE 3/1/1 10.1.1.1/24 GE 3/1/1 30.1.1.1/24 Router B Loop0 2.2.2.9/32 POS 2/1/1 20.1.1.2/24 GE 3/1/1 10.1.1.2/24 Router D Loop0 4.4.4.9/32 POS 2/1/1 20.1.1.1/24 GE 3/1/1 30.1.1.2/24 Configuration procedure Assign IP addresses and masks to interfaces (see Figure Details not shown Enable IS-IS to advertise host routes with LSR IDs as destinations...
  • Page 104 [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] isis enable 1 [RouterC-GigabitEthernet3/1/1] isis circuit-level level-2 [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface pos 2/1/1 [RouterC-POS2/1/1] isis enable 1 [RouterC-POS2/1/1] isis circuit-level level-2 [RouterC-POS2/1/1] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] isis enable 1 [RouterC-LoopBack0] isis circuit-level level-2 [RouterC-LoopBack0] quit # Configure Router D.
  • Page 105 [RouterA-mpls] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te [RouterA-GigabitEthernet3/1/1] quit # Configure Router B. [RouterB] mpls lsr-id 2.2.2.9 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls rsvp-te [RouterB-mpls] mpls te cspf [RouterB-mpls] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls [RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] mpls rsvp-te...
  • Page 106 [RouterD-GigabitEthernet3/1/1] mpls [RouterD-GigabitEthernet3/1/1] mpls te [RouterD-GigabitEthernet3/1/1] mpls rsvp-te [RouterD-GigabitEthernet3/1/1] quit Configure IS-IS TE # Configure Router A. [RouterA] isis 1 [RouterA-isis-1] cost-style wide [RouterA-isis-1] traffic-eng level-2 [RouterA-isis-1] quit # Configure Router B. [RouterB] isis 1 [RouterB-isis-1] cost-style wide [RouterB-isis-1] traffic-eng level-2 [RouterB-isis-1] quit # Configure Router C.
  • Page 107 [RouterC-POS2/1/1] mpls te max-link-bandwidth 10000 [RouterC-POS2/1/1] mpls te max-reservable-bandwidth 5000 [RouterC-POS2/1/1] quit # Configure maximum link bandwidth and maximum reservable bandwidth on Router D. [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterD-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterD-GigabitEthernet3/1/1] quit Create an MPLS TE tunnel # Create an MPLS TE tunnel on Router A.
  • Page 108 LSP ID 1.1.1.9:3 Session ID Admin State Oper State Ingress LSR ID 1.1.1.9 Egress LSR ID: 4.4.4.9 Signaling Prot RSVP Resv Style Class Type Tunnel BW 2000 kbps Reserved BW 2000 kbps Setup Priority Hold Priority: Affinity Prop/Mask 0x0/0x0 Explicit Path Name Tie-Breaking Policy : None Metric Type...

  • Page 109: Configuration Example Of Inter-As Mpls Te Tunnel Using Rsvp-Te

    Configuration example of inter-AS MPLS TE tunnel using RSVP-TE Network requirements Router A and Router B are in AS 100, and they run OSPF as the IGP. Router C and Router D are in AS 200, and they run OSPF as the IGP. Establish an EBGP connection between ASBRs Router B and Router C.
  • Page 110 # Configure OSPF on Router B. <RouterB> system-view [RouterB] ospf [RouterB-ospf-1] import-route direct [RouterB-ospf-1] import-route bgp [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit # Configure OSPF on Router C. <RouterC> system-view [RouterC] ospf [RouterC-ospf-1] import-route direct [RouterC-ospf-1] import-route bgp [RouterC-ospf-1] area 0...
  • Page 111 [RouterB-bgp] peer 20.1.1.2 as-number 200 [RouterB-bgp] import-route ospf [RouterB-bgp] import-route direct [RouterB-bgp] quit # Configure Router C. [RouterC] bgp 200 [RouterC-bgp] peer 20.1.1.1 as-number 100 [RouterC-bgp] import-route ospf [RouterC-bgp] import-route direct [RouterC-bgp] quit After the configuration, execute the display ip routing-table command on each device. The output shows that each device has learned the routes to the outside of the AS.
  • Page 112 [RouterB-mpls] mpls te cspf [RouterB-mpls] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls [RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] mpls rsvp-te [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface POS 2/1/1 [RouterB-POS2/1/1] mpls [RouterB-POS2/1/1] mpls te [RouterB-POS2/1/1] mpls rsvp-te [RouterB-POS2/1/1] quit # Configure Router C. [RouterC] mpls lsr-id 3.3.3.9 [RouterC] mpls [RouterC-mpls] mpls te [RouterC-mpls] mpls rsvp-te...
  • Page 113 [RouterA-ospf-1] quit # Configure Router B. [RouterB] ospf [RouterB-ospf-1] opaque-capability enable [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] mpls-te enable [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit # Configure Router C. [RouterC] ospf [RouterC-ospf-1] opaque-capability enable [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] mpls-te enable [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit # Configure Router D.
  • Page 114 [RouterC-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterC-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000 [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface POS 2/1/1 [RouterC-POS2/1/1] mpls te max-link-bandwidth 10000 [RouterC-POS2/1/1] mpls te max-reservable-bandwidth 5000 [RouterC-POS2/1/1] quit # Configure the maximum link bandwidth and maximum reservable bandwidth on Router D. [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterD-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000...
  • Page 115 Perform the display mpls te tunnel-interface command on Router A to view the detailed information of the MPLS TE tunnel. [RouterA] display mpls te tunnel-interface Tunnel Name Tunnel1 Tunnel Desc Tunnel1 Interface Tunnel State Desc CR-LSP is Up Tunnel Attributes LSP ID 1.1.1.9:2 Session ID...

  • Page 116: Rsvp-Te Gr Configuration Example

    2.2.2.9 OSPF Create a static route for routing MPLS TE tunnel traffic [RouterA] ip route-static 30.1.1.2 24 tunnel 1 preference 1 Perform the display ip routing-table command on Router A. The output shows a static route entry with interface Tunnel 1 as the outgoing interface. [RouterA] display ip routing-table Routing Tables: Public Destinations : 14...
  • Page 117 Configure MPLS TE basic capabilities, and enable RSVP-TE and RSVP hello extension # Configure Router A. <RouterA> system-view [RouterA] mpls lsr-id 1.1.1.9 [RouterA] mpls [RouterA-mpls] mpls te [RouterA-mpls] mpls rsvp-te [RouterA-mpls] mpls rsvp-te hello [RouterA-mpls] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te hello...

  • Page 118: Mpls Rsvp-Te And Bfd Cooperation Configuration Example

    Details not shown Configure the MPLS TE tunnel Details not shown Configure RSVP-TE GR # Configure Router A. <RouterA> system-view [RouterA] mpls [RouterA-mpls] mpls rsvp-te graceful-restart # Configure Router B. <RouterB> system-view [RouterB] mpls [RouterB-mpls] mpls rsvp-te graceful-restart # Configure Router C. <RouterC>...
  • Page 119 Configuration procedure Configure MPLS RSVP-TE basic capabilities # Configure Router A. <RouterA> system-view [RouterA] mpls lsr-id 1.1.1.1 [RouterA] mpls [RouterA-mpls] mpls te [RouterA-mpls] mpls rsvp-te [RouterA-mpls] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te bfd enable [RouterA-GigabitEthernet3/1/1] quit # Configure Router B.

  • Page 120: Mpls Te Using Cr-Ldp Configuration Example

    # Configure Router A. [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] ip address 12.12.12.1 24 [RouterA-GigabitEthernet3/1/1] quit # Configure Router B. [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] ip address 12.12.12.2 24 Configure the MPLS TE tunnel # Configure an RSVP-TE tunnel between Router A and Router B. [RouterA] interface tunnel 1 [RouterA-Tunnel1] ip address 10.10.10.1 24 [RouterA-Tunnel1] tunnel-protocol mpls te...
  • Page 121 Figure 29 Network diagram Device Interface IP address Device Interface IP address Router A Loop0 1.1.1.9/32 Router D Loop0 4.4.4.9/32 GE 3/1/1 10.1.1.1/24 GE 3/1/1 30.1.1.2/24 Router B Loop0 2.2.2.9/32 Router C Loop0 3.3.3.9/32 GE 3/1/1 10.1.1.2/24 GE 3/1/1 30.1.1.1/24 GE 3/1/2 20.1.1.1/24 GE 3/1/2...
  • Page 122 [RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] mpls [RouterB-GigabitEthernet3/1/2] mpls te [RouterB-GigabitEthernet3/1/2] quit # Configure Router C. [RouterC] mpls lsr-id 3.3.3.9 [RouterC] mpls [RouterC-mpls] mpls te [RouterC-mpls] mpls te cspf [RouterC-mpls] quit [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls [RouterC-GigabitEthernet3/1/1] mpls te [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface GigabitEthernet 3/1/2...
  • Page 123 [RouterC-ospf-1] opaque-capability enable [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] mpls-te enable [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit # Configure Router D. [RouterD] ospf [RouterD-ospf-1] opaque-capability enable [RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0.0.0.0] mpls-te enable [RouterD-ospf-1-area-0.0.0.0] quit [RouterD-ospf-1] quit Configure MPLS TE attributes of links # Configure maximum link bandwidth and maximum reservable bandwidth on Router A. [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterA-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth 5000...
  • Page 124 2.2.2.9 OSPF 3.3.3.9 OSPF 4.4.4.9 OSPF 1.1.1.9 OSPF Configure LDP # Configure Router A. [RouterA] mpls ldp [RouterA-mpls-ldp] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls ldp [RouterA-GigabitEthernet3/1/1] quit # Configure Router B. [RouterB] mpls ldp [RouterB-mpls-ldp] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls ldp [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface GigabitEthernet 3/1/2...
  • Page 125 [RouterA] interface tunnel 4 [RouterA-Tunnel4] ip address 8.1.1.1 255.255.255.0 [RouterA-Tunnel4] tunnel-protocol mpls te [RouterA-Tunnel4] destination 4.4.4.9 [RouterA-Tunnel4] mpls te tunnel-id 10 [RouterA-Tunnel4] mpls te signal-protocol crldp [RouterA-Tunnel4] mpls te commit [RouterA-Tunnel4] quit # Perform the display interface tunnel command on Router A. You can find that the tunnel interface is up.
  • Page 126 FRR Flag Disabled BackUpBW Flag: Not Supported BackUpBW Type BackUpBW Route Pinning Disabled Retry Limit Retry Interval: 10 sec Reopt Disabled Reopt Freq Back Up Type None Back Up LSPID Auto BW Disabled Auto BW Freq : Min BW Max BW Current Collected BW: Interfaces Protected: VPN Bind Type...
  • Page 127 Maximum Bandwidth : 1250000 bytes/sec Maximum Reservable BW : 625000 bytes/sec Admin Group : 0X0 Unreserved Bandwidth for each TE Class: Unreserved BW [ 0] =625000 bytes/sec Unreserved BW [ 1] =625000 bytes/sec Unreserved BW [ 2] =625000 bytes/sec Unreserved BW [ 3] =625000 bytes/sec Unreserved BW [ 4] =625000 bytes/sec...

  • Page 128: Cr-Lsp Backup Configuration Example

    CR-LSP backup configuration example Network requirements Set up an MPLS TE tunnel from Router A to Router C. Use CR-LSP hot backup for it. Figure 30 Network diagram Device Interface IP address Device Interface IP address Router A Loop0 1.1.1.9/32 Router D Loop0 4.4.4.9/32...
  • Page 129 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te [RouterA-GigabitEthernet3/1/1] quit [RouterA] interface pos 2/1/2 [RouterA-POS2/1/2] mpls [RouterA-POS2/1/2] mpls te [RouterA-POS2/1/2] mpls rsvp-te [RouterA-POS2/1/2] quit NOTE: Follow the same steps to configure Router B, Router C, and Router D. • You need to configure the clock mode of the POS interface on Router D as master clock. •...
  • Page 130 # Perform the display mpls te tunnel command on Router A. You can find that two tunnels are present with the outgoing interface being GigabitEthernet 3/1/1 and POS 2/1/2 respectively. This indicates that a backup CR-LSP was created upon creation of the primary CR-LSP. [RouterA] display mpls te tunnel LSP-Id Destination...

  • Page 131: Frr Configuration Example

    NOTE: Configuring ordinary CR-LSP backup is almost the same as configuring hot CR-LSP backup except that you need to replace the mpls te backup hot-standby command with the mpls te backup ordinary command. Unlike in hot CR-LSP backup where a secondary tunnel is created immediately upon creation of a primary tunnel, in ordinary CR-LSP backup, a secondary CR-LSP is created only after the primary LSP goes down.
  • Page 132 Configuration procedure Assign IP addresses and masks to interfaces (see Figure Details not shown Configure the IGP protocol # Enable IS-IS to advertise host routes with LSR IDs as destinations on each node. (Details not shown) # Perform the display ip routing-table command on each router. You should see that all nodes learnt the host routes of other nodes with LSR IDs as destinations.
  • Page 133 [RouterB-mpls] quit [RouterB] interface GigabitEthernet 3/1/1 [RouterB-GigabitEthernet3/1/1] mpls [RouterB-GigabitEthernet3/1/1] mpls te [RouterB-GigabitEthernet3/1/1] mpls rsvp-te [RouterB-GigabitEthernet3/1/1] quit [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] mpls [RouterB-GigabitEthernet3/1/2] mpls te [RouterB-GigabitEthernet3/1/2] mpls rsvp-te [RouterB-GigabitEthernet3/1/2] quit [RouterB] interface pos 2/1/1 [RouterB-POS2/1/1] mpls [RouterB-POS2/1/1] mpls te [RouterB-POS2/1/1] mpls rsvp-te [RouterB-POS2/1/1] quit NOTE: Follow the same steps to configure Router C, Router D, and Router E.
  • Page 134 Encapsulation is TUNNEL, service-loopback-group ID not set Tunnel source unknown, destination 4.4.4.4 Tunnel protocol/transport CR_LSP Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) 0/500/0 Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0 Last 300 seconds input: 0 bytes/sec, 0 packets/sec Last 300 seconds output: 0 bytes/sec, 0 packets/sec...
  • Page 135 Backup Tunnel Group Status Oam Status Configure a bypass tunnel on Router B (the PLR) # Create an explicit path for the bypass LSP. [RouterB] explicit-path by-path [RouterB-explicit-path-by-path] next hop 3.2.1.2 [RouterB-explicit-path-by-path] next hop 3.3.1.2 [RouterB-explicit-path-by-path] next hop 3.3.3.3 [RouterB-explicit-path-by-path] quit # Create the bypass tunnel.
  • Page 136 3.3.3.3/32 3/NULL POS2/1/1/- [RouterD] display mpls lsp ------------------------------------------------------------------ LSP Information: RSVP LSP ------------------------------------------------------------------ In/Out Label In/Out IF Vrf Name 4.4.4.4/32 3/NULL GE3/1/1/- [RouterE] display mpls lsp ------------------------------------------------------------------ LSP Information: RSVP LSP ------------------------------------------------------------------ In/Out Label In/Out IF Vrf Name 3.3.3.3/32 1024/3 POS2/1/1/POS2/1/2 # Perform the display mpls te tunnel command on each router.
  • Page 137 LspIndex 4097 Tunnel ID 0x22001 LsrType Transit Bypass In Use Not Used BypassTunnel Tunnel Index[Tunnel5], InnerLabel[1024] Mpls-Mtu 1500 IngressLsrID 2.2.2.2 LocalLspID Tunnel-Interface Tunnel5 3.3.3.3/32 Nexthop 3.2.1.2 In-Label NULL Out-Label 1024 In-Interface ---------- Out-Interface POS2/1/1 LspIndex 4098 Tunnel ID 0x22002 LsrType Ingress Bypass In Use Not Exists...
  • Page 138 Tie-Breaking Policy : None Metric Type None Record Route Enabled Record Label : Enabled FRR Flag Enabled BackUpBW Flag: Not Supported BackUpBW Type BackUpBW Route Pinning Disabled Retry Limit Retry Interval: 10 sec Reopt Disabled Reopt Freq Back Up Type None Back Up LSPID Auto BW...
  • Page 139 Min BW Max BW Current Collected BW: Interfaces Protected: VPN Bind Type NONE VPN Bind Value Car Policy Disabled Tunnel Group Primary Primary Tunnel Backup Tunnel Group Status Oam Status NOTE: If you perform the display mpls te tunnel-interface command immediately after an FRR protection switch, you are likely to see two CR-LSPs in up state are present.

  • Page 140: Ietf Ds-Te Configuration Example

    LspIndex 4098 Tunnel ID 0x22002 LsrType Ingress Bypass In Use Not Exists BypassTunnel Tunnel Index[---] # Set the FRR polling timer to five seconds on PLR. [RouterB] mpls [RouterB-mpls] mpls te timer fast-reroute 5 [RouterB-mpls] quit # Bring the protected outgoing interface up on PLR. [RouterB] interface GigabitEthernet 3/1/2 [RouterB-GigabitEthernet3/1/2] undo shutdown %Sep...
  • Page 141 Router A Loop0 1.1.1.9/32 Router C Loop0 3.3.3.9/32 GE3/1/1 10.1.1.1/24 GE3/1/1 30.1.1.1/24 Router B Loop0 2.2.2.9/32 POS2/1/1 20.1.1.2/24 GE3/1/1 10.1.1.2/24 Router D Loop0 4.4.4.9/32 POS2/1/1 20.1.1.1/24 GE3/1/1 30.1.1.2/24 Configuration procedure Configure IP addresses for interfaces. Assign IP addresses and masks to interfaces (see Figure 32, details not shown).
  • Page 142 [RouterC-GigabitEthernet3/1/1] isis enable 1 [RouterC-GigabitEthernet3/1/1] isis circuit-level level-2 [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface POS 2/1/1 [RouterC-POS2/1/1] isis enable 1 [RouterC-POS2/1/1] isis circuit-level level-2 [RouterC-POS2/1/1] quit [RouterC] interface loopback 0 [RouterC-LoopBack0] isis enable 1 [RouterC-LoopBack0] isis circuit-level level-2 [RouterC-LoopBack0] quit # Configurations on Router D. <RouterD>...
  • Page 143 [RouterA-mpls] mpls te ds-te mode ietf [RouterA-mpls] quit [RouterA] interface GigabitEthernet 3/1/1 [RouterA-GigabitEthernet3/1/1] mpls [RouterA-GigabitEthernet3/1/1] mpls te [RouterA-GigabitEthernet3/1/1] mpls rsvp-te [RouterA-GigabitEthernet3/1/1] quit # Configure Router B. [RouterB] mpls lsr-id 2.2.2.9 [RouterB] mpls [RouterB-mpls] mpls te [RouterB-mpls] mpls rsvp-te [RouterB-mpls] mpls te cspf [RouterB-mpls] mpls te ds-te mode ietf [RouterB-mpls] quit [RouterB] interface GigabitEthernet 3/1/1...
  • Page 144 [RouterD-mpls] mpls te cspf [RouterD-mpls] mpls te ds-te mode ietf [RouterD-mpls] quit [RouterD] interface GigabitEthernet 3/1/1 [RouterD-GigabitEthernet3/1/1] mpls [RouterD-GigabitEthernet3/1/1] mpls te [RouterD-GigabitEthernet3/1/1] mpls rsvp-te [RouterD-GigabitEthernet3/1/1] quit Configure IS-IS TE # Configure Router A. [RouterA] isis 1 [RouterA-isis-1] cost-style wide [RouterA-isis-1] traffic-eng level-2 [RouterA-isis-1] quit # Configure Router B.
  • Page 145 # Configure the maximum bandwidth and bandwidth constraints on Router C. [RouterC] interface GigabitEthernet 3/1/1 [RouterC-GigabitEthernet3/1/1] mpls te max-link-bandwidth 10000 [RouterC-GigabitEthernet3/1/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterC-GigabitEthernet3/1/1] quit [RouterC] interface POS 2/1/1 [RouterC-POS2/1/1] mpls te max-link-bandwidth 10000 [RouterC-POS2/1/1] mpls te max-reservable-bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 [RouterC-POS2/1/1] quit...
  • Page 146 0 packets output, 0 bytes 0 output error # Execute the display mpls te tunnel-interface command on Router A to view the detailed information of the tunnel. [RouterA] display mpls te tunnel-interface Tunnel Name Tunnel1 Tunnel Desc Tunnel1 Interface Tunnel State Desc : CR-LSP is Up Tunnel Attributes : LSP ID...

  • Page 147: Mpls Ldp Over Mpls Te Configuration Example

    2.2.2.9 ISIS Level-2 4.4.4.9 ISIS Level-2 1.1.1.9 ISIS Level-2 # Execute the display mpls te link-administration bandwidth-allocation command on Router A to view interface bandwidth information. [RouterA] display mpls link-administration bandwidth-allocation interface GigabitEthernet 3/1/1 Link ID: GigabitEthernet 3/1/1 Max Link Bandwidth 10000 kbits/sec Max Reservable Bandwidth PreStandard RDM : 0 kbits/sec...
  • Page 148 Figure 33 Network diagram Device Interface IP address Device Interface IP address Router A Loop0 1.1.1.1/32 Router E Loop0 5.5.5.5/32 GE3/1/1 2.1.1.1/24 GE2/1/1 3.2.1.2/24 Router B Loop0 2.2.2.2/32 GE2/1/2 3.3.1.1/24 GE3/1/1 2.1.1.2/24 Router C Loop0 3.3.3.3/32 GE3/1/2 3.1.1.1/24 GE3/1/1 4.1.1.1/24 GE2/1/1 3.2.1.1/24 GE3/1/2...
  • Page 149 [RouterB-GigabitEthernet2/1/1] quit # Configure Router E. <RouterE> system-view [RouterE] mpls lsr-id 5.5.5.5 [RouterE] mpls [RouterE-mpls] mpls te [RouterE-mpls] mpls rsvp-te [RouterE-mpls] mpls te cspf [RouterE-mpls] quit [RouterE] interface GigabitEthernet 2/1/1 [RouterE-GigabitEthernet2/1/1] mpls [RouterE-GigabitEthernet2/1/1] mpls te [RouterE-GigabitEthernet2/1/1] mpls rsvp-te [RouterE-GigabitEthernet2/1/1] quit [RouterE] interface GigabitEthernet 2/1/2 [RouterE-GigabitEthernet2/1/2] mpls [RouterE-GigabitEthernet2/1/2] mpls te...
  • Page 150 [RouterB] ospf [RouterB-ospf-1] opaque-capability enable [RouterB-ospf-1] enable traffic-adjustment [RouterB-ospf-1] area 0.0.0.0 [RouterB-ospf-1-area-0.0.0.0] mpls-te enable [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit After previous configurations, execute the display interface tunnel command on Router B. You can see that tunnel interface Tunnel 3 is up. [RouterB] display interface tunnel Tunnel3 current state: UP Line protocol current state: UP...
  • Page 151 CAUTION: You must configure IGP shortcut or a static route for the MPLS TE tunnel, so that IP routing prefers the • MPLS TE tunnel interface as the outgoing interface. You must configure the tunnel tailend LSR ID as the tunnel destination. •...
  • Page 152 Session existed time : 000:01:48 (DDD:HH:MM) LDP Basic Discovery Source : GigabitEthernet3/1/1 Addresses received from peer: (Count: 2) 2.1.1.1 1.1.1.1 ---------------------------------------------------------------------- Peer LDP ID : 3.3.3.3:0 Local LDP ID : 2.2.2.2:0 TCP Connection : 2.2.2.2 <- 3.3.3.3 Session State : Operational Session Role : Passive Session FT Flag : Off...
  • Page 153 [RouterB] display mpls lsp include 3.3.3.3 32 verbose ---------------------------------------------------------------------- LSP Information: RSVP LSP ---------------------------------------------------------------------- IngressLsrID 2.2.2.2 LocalLspID Tunnel-Interface Tunnel3 3.3.3.3/32 Nexthop 3.2.1.2 In-Label NULL Out-Label 1024 In-Interface ---------- Out-Interface GigabitEthernet 2/1/1 LspIndex 3073 Tunnel ID 0x11000c LsrType Ingress Bypass In Use Not Exists BypassTunnel Tunnel Index[---]...

  • Page 154: Mpls Te In Mpls L3Vpn Configuration Example

    Outgoing Tunnel ID 0x15000d Label Operation SWAP MPLS TE in MPLS L3VPN configuration example Network requirements CE 1 and CE 2 belong to VPN 1. They are connected to the MPLS backbone respectively through PE 1 and PE 2. The IGP protocol running on the MPLS backbone is OSPF. Do the following: •...
  • Page 155 [PE2] interface loopback 0 [PE2-LoopBack0] ip address 3.3.3.3 255.255.255.255 [PE2-LoopBack0] quit [PE2] interface pos 2/1/2 [PE2-POS2/1/2] ip address 10.0.0.2 255.255.255.0 [PE2-POS2/1/2] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 10.0.0.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit After you complete the configuration, the PEs should be able to establish the OSPF neighborship. Perform the display ospf peer command;...
  • Page 156 [PE1-POS2/1/2] quit # Configure PE 2. [PE2] mpls lsr-id 3.3.3.3 [PE2] mpls [PE2-mpls] lsp-trigger all [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos 2/1/2 [PE2-POS2/1/2] mpls [PE2-POS2/1/2] mpls ldp [PE2-POS2/1/2] quit After you complete the configuration, PEs should be able to set up LDP sessions. Perform the display mpls ldp session command;...
  • Page 157 [PE2-ospf-1] opaque-capability enable [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] mpls-te enable [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit Configure an MPLS TE tunnel # Create a TE tunnel with PE 1 as the headend and PE 2 as the tail. The signaling protocol is CR-LDP. [PE1] interface tunnel 4 [PE1-Tunnel4] ip address 12.1.1.1 255.255.255.0 [PE1-Tunnel4] tunnel-protocol mpls te...
  • Page 158 [PE2-vpn-instance-vpn1] quit [PE2] interface GigabitEthernet 3/1/1 [PE2-GigabitEthernet3/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet3/1/1] ip address 192.168.2.1 255.255.255.0 [PE2-GigabitEthernet3/1/1] quit # Perform the display ip vpn-instance command on the PEs to verify the configuration of the VPN instance. Take PE 1 for example: [PE1] display ip vpn-instance instance-name vpn1 VPN-Instance Name and ID : vpn1, 1 Create time : 2006/09/27 15:10:29...
  • Page 159 [PE1-bgp] quit # Configure CE 2. [CE2] bgp 65002 [CE2-bgp] peer 192.168.2.1 as-number 100 [CE2-bgp] quit # Configure PE 2 to establish the EBGP peer relationship with CE 2 and the IBGP relationship with PE 1. [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1] peer 192.168.2.2 as-number 65002 [PE2-bgp-vpn1] import-route direct [PE2-bgp-vpn1] quit...
  • Page 160 Reply from 192.168.1.2: bytes=56 Sequence=1 ttl=253 time=38 ms Reply from 192.168.1.2: bytes=56 Sequence=2 ttl=253 time=61 ms Reply from 192.168.1.2: bytes=56 Sequence=3 ttl=253 time=74 ms Reply from 192.168.1.2: bytes=56 Sequence=4 ttl=253 time=36 ms Reply from 192.168.1.2: bytes=56 Sequence=5 ttl=253 time=35 ms --- 192.168.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received...
  • Page 161 Outgoing Tunnel ID Label Operation ------------------------------------------------------------------ LSP Information: LDP LSP ------------------------------------------------------------------ VrfIndex 2.2.2.2/32 Nexthop 127.0.0.1 In-Label Out-Label NULL In-Interface POS2/1/2 Out-Interface ---------- LspIndex 10241 Tunnel ID LsrType Egress Outgoing Tunnel ID Label Operation VrfIndex 3.3.3.3/32 Nexthop 10.0.0.2 In-Label NULL Out-Label In-Interface ---------- Out-Interface...

  • Page 162: Troubleshooting Mpls Te

    34 packets input, 2856 bytes 0 input error 34 packets output, 2856 bytes 0 output error Troubleshooting MPLS TE No TE LSA generated Symptom OSPF TE is configured but no TE LSAs can be generated to describe MPLS TE attributes. Analysis For TE LSAs to be generated, at least one OSPF neighbor must reach the FULL state.
  • Page 163 If your case is neither 1) nor 2), check the The current switch command field in the output of the display mpls te protection tunnel command. If its value is Force, a switching action with a higher priority than the signal switching is configured. If you expect that signaling can trigger switchover when the main tunnel recovers, you can use the mpls te protect-switch clear command to clear all configured switching actions.

  • Page 164: Configuring Vpls

    Configuring VPLS VPLS overview Virtual Private LAN Service (VPLS), also called Transparent LAN Service (TLS) or virtual private switched network service, can deliver a point-to-multipoint L2VPN service over public networks. With VPLS, geographically-dispersed sites can interconnect and communicate over MAN or WAN as if they were on the same LAN.
  • Page 165 PW signaling—The PW signaling protocol is the fundament of VPLS. It is used for creating and • maintaining PWs and automatically discovering VSI peer PE. Currently, there are two PW signaling protocols: LDP and BGP. Figure 35 shows a typical VPLS networking scenario. Figure 35 Network diagram for VPLS Site 1 Tunnel...
  • Page 166 Figure 36 MAC learning and flooding on PEs MAC address reclaim Dynamic address learning must support refreshing and relearning. The VPLS draft defines a dynamic address learning method that uses the address reclaim message, which carries MAC TLV. Upon receiving such a message, a router removes MAC addresses or relearns them according to the specified parameters in the TLV.

  • Page 167: Vpls Packet Encapsulation

    PEs are logically fully meshed (so are PWs), that is, each PE must create for each VPLS forwarding • instance a tree to all the other PEs of the instance. Each PE must support horizontal split to avoid loops, that is, a PE cannot forward packets via PWs •...

  • Page 168: H-Vpls Implementation

    In VLAN mode, packets transmitted over the PW must carry a P-Tag. For a packet from a CE, if it • contains the service delimiter, the PE keeps the P-Tag unchanged or changes the P-Tag to the VLAN tag expected by the peer PE or to a null tag (the tag value is 0), and then adds a PW label and a tunnel label into the packet before sending the packet out.
  • Page 169 H-VPLS with QinQ access Figure 38 H-VPLS with QinQ access As shown in Figure 38, MTU is a standard bridging device and QinQ is enabled on its interfaces connected to CEs. Data forwarding in H-VPLS with QinQ access is as follows: Upon receiving a packet from a CE, MTU labels the packet with a VLAN tag as the multiplex •...

  • Page 170: Hub-Spoke Vpls Implementation

    PW redundancy The network design with a single PW between a UPE and an NPE has a distinct drawback: once the PW experiences a failure, all VPNs connected to the aggregate device will lose connectivity. The H-VPLS with LSP access provides redundant links for PW backup. Normally, only the primary PW link is used. When the main link fails, the backup link takes over the VPN services.

  • Page 171: Multi-Hop Pw

    Hub-Spoke networking Figure 40 Hub-spoke networking Hub-CE Hub-PE Spoke-PE 1 Spoke-PE 2 Spoke-CE 1 Spoke-CE 2 Figure 40 shows a typical hub-spoke networking application. As the MAC address learning in a hub-spoke network is the same as that in a common network, the following describes only the data forwarding procedure: Upon receiving a packet from Spoke-CE 1, Spoke-PE 1 inserts an MPLS label into the packet according to the VSI to which Spoke-CE 1 belongs and then forwards the packet to Hub-PE.

  • Page 172: Vpls Configuration Task List

    Figure 41 Diagram for multi-hop PW MPLS backbone MPLS backbone ASBR 2 ASBR 1 AS 100 AS 200 PE 1 PE 2 PW 2 PW 1 PW 3 CE 1 CE 2 As shown in Figure 41, PE 1 and PE 2 are in different ASs. To set up a multi-hop PW between PE 1 and PE 2, you need to: Establish three PWs: PW 1 between PE 1 and ASBR 1, PW 2 between ASBR 1 and ASBR 2, and •...

  • Page 173: Configuring Ldp Vpls

    Configuring LDP VPLS Configuration prerequisites • Configure IGP on the MPLS backbone devices (PEs and P devices) to guarantee the IP connectivity of the MPLS backbone. For configuration details, see Layer 3—IP Routing Configuration Guide. Configure basic MPLS on the MPLS backbone devices (PEs and P devices) to establish LSP tunnels •...
  • Page 174 ID of the PW to the peer PE, which must be consistent with that specified on the peer PE. • • Type of the peer PE. If you specify a peer as a UPE, the peer is a user access convergence device in the H-VPLS model.

  • Page 175: Configuring Bgp Vpls

    NOTE: To configure a multi-hop PW, specify the p2p keyword when you create a VPLS instance to enable the • PW to PW (P2P) capability, and specify the two peer PEs by using the peer command in the VPLS instance view to associate two PWs. A P2P enabled VPLS instance cannot be bound with a Layer 3 interface or a service instance.

  • Page 176: Configuring A Bgp Vpls Instance

    Step Command Return to system view. quit Enable L2VPN and enter L2VPN view. l2vpn Enable MPLS L2VPN. mpls l2vpn NOTE: MPLS Command For more information about the l2vpn command the mpls l2vpn command, see Reference Configuring a BGP VPLS instance When creating a BGP VPLS instance, you must specify a globally unique name for the VPLS instance and set the peer discovery mechanism to automatic configuration.
  • Page 177 Binding a Layer 3 interface (other than VLAN interface) with the VPLS instance. After you configure • such a binding, all packets arriving at the Layer 3 interface will be forwarded through the VPLS instance. • Binding a Layer 2 port and a VLAN ID with the VPLS instance. After you configure such a binding, packets arriving at the Layer 2 port and carrying the specified VLAN tag will be forwarded through the VPLS instance.

  • Page 178: Configuring Mac Address Learning

    Step Command Remarks Enter system view. system-view Create the VLAN to be used by the service instance to vlan vlan-id match packets. Add the Layer 2 port that port interface connects the CE to the VLAN. Return to system view. quit Enter the view of the port interface interface-type...

  • Page 179: Configuring Vpls Attributes

    Configuring VPLS attributes To configure VPLS attributes: Step Command Remarks Enter system view. system-view Enter VSI view. vsi vsi-name Optional. Set the upper speed limit of bandwidth vpn-speed the VPLS instance. 102,400 kbps by default. Set the broadcast suppression Optional. percentage of the VPLS broadcast-restrain ratio 5 by default.

  • Page 180: Vpls Configuration Examples

    Task Command Remarks Display the MAC address table display mac-address vsi [ vsi-name ] [ blackhole | information of one or all VPLS dynamic | static ] [ count ] [ | { begin | exclude | Available in any view instances.
  • Page 181 Configuration procedure Configure PE 1. # Configure the IGP protocol, which is OSPF in this example. (Details not shown) # Configure basic MPLS. <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp...
  • Page 182 [PE1-vsi-bbb] pwsignal bgp [PE1-vsi-bbb-bgp] route-distinguisher 100:1 [PE1-vsi-bbb-bgp] vpn-target 111:1 [PE1-vsi-bbb-bgp] site 1 range 10 [PE1-vsi-bbb-bgp] quit [PE1-vsi-bbb] quit # Configure interface GigabitEthernet 3/1/2 and bind VPLS instance aaa or bbb to the interface. [PE1] interface GigabitEthernet3/1/2 // To bind VPLS instance aaa to interface GigabitEthernet 3/1/2: [PE1-GigabitEthernet3/1/2] l2 binding vsi aaa // To bind VPLS instance bbb to interface GigabitEthernet 3/1/2: [PE1-GigabitEthernet3/1/2] l2 binding vsi bbb...

  • Page 183: Configuring H-Vpls With Lsp Access

    [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit # Configure the VPLS instance aaa that uses LDP signaling. [PE2] vsi aaa static [PE2-vsi-aaa] pwsignal ldp [PE2-vsi-aaa-ldp] vsi-id 500 [PE2-vsi-aaa-ldp] peer 1.1.1.9 [PE2-vsi-aaa-ldp] quit [PE2-vsi-aaa] quit # Configure the VPLS instance bbb that uses BGP signaling. [PE2] vsi bbb auto [PE2-vsi-bbb] pwsignal bgp [PE2-vsi-bbb-bgp] route-distinguisher 100:1...
  • Page 184 Configuration procedure Configure the IGP protocol (such as OSPF) on the MPLS backbone. (Details not shown) Configure UPE. # Configure basic MPLS. <Sysname> system-view [Sysname] sysname UPE [UPE] interface loopback 0 [UPE-LoopBack0] ip address 1.1.1.9 32 [UPE-LoopBack0] quit [UPE] mpls lsr-id 1.1.1.9 [UPE] mpls [UPE-mpls] quit [UPE] mpls ldp...
  • Page 185 [NPE1] mpls lsr-id 2.2.2.9 [NPE1] mpls [NPE1–mpls] quit [NPE1] mpls ldp [NPE1–mpls-ldp] quit # Configure basic MPLS on the interface connected to UPE. [NPE1] interface GigabitEthernet3/1/1 [NPE1-GigabitEthernet3/1/1] ip address 10.1.1.2 24 [NPE1-GigabitEthernet3/1/1] mpls [NPE1-GigabitEthernet3/1/1] mpls ldp [NPE1-GigabitEthernet3/1/1] quit # Configure basic MPLS on the interface connected to NPE 3. [NPE1] interface GigabitEthernet3/1/2 [NPE1-GigabitEthernet3/1/2] ip address 11.1.1.1 24 [NPE1-GigabitEthernet3/1/2] mpls...

  • Page 186: Configuring Hub-Spoke Vpls

    [NPE3] mpls ldp [NPE3–mpls-ldp] quit # Configure basic MPLS on the interface connected to NPE 1. [NPE3] interface GigabitEthernet3/1/1 [NPE3-GigabitEthernet3/1/1] ip address 11.1.1.2 24 [NPE3-GigabitEthernet3/1/1] mpls [NPE3-GigabitEthernet3/1/1] mpls ldp [NPE3-GigabitEthernet3/1/1] quit # Configure the remote LDP session. [NPE3] mpls ldp remote-peer 1 [NPE3-mpls-remote-1] remote-ip 2.2.2.9 [NPE3-mpls-remote-1] quit # Enable L2VPN and MPLS L2VPN.
  • Page 187 Figure 44 Network diagram Configuration procedure Configure an IGP (such as OSPF) on the MPLS backbone. (Details not shown) Configure Spoke-PE 1. # Configure basic MPLS. <Sysname> system-view [Sysname] sysname Spoke-PE1 [Spoke-PE1] interface loopback 0 [Spoke-PE1-LoopBack0] ip address 1.1.1.9 32 [Spoke-PE1-LoopBack0] quit [Spoke-PE1] mpls lsr-id 1.1.1.9 [Spoke-PE1] mpls...
  • Page 188 # Configure LDP VPLS instance aaa that supports the hub-spoke model, and configure the peer as the hub. [Spoke-PE1] vsi aaa static hub-spoke [Spoke-PE1-vsi-aaa] pwsignal ldp [Spoke-PE1-vsi-aaa-ldp] vsi-id 500 [Spoke-PE1-vsi-aaa-ldp] peer 3.3.3.9 hub [Spoke-PE1-vsi-aaa-ldp] quit [Spoke-PE1-vsi-aaa] quit # Configure interface GigabitEthernet 3/1/2, bind VPLS instance aaa to the interface, and specify the attached CE as a spoke-CE.
  • Page 189 # Configure interface GigabitEthernet 3/1/2, bind VPLS instance aaa to the interface, and specify the attached CE as a spoke-CE. [Spoke-PE2] interface GigabitEthernet 3/1/2 [Spoke-PE2-GigabitEthernet3/1/2] l2 binding vsi aaa spoke [Spoke-PE2-GigabitEthernet3/1/2] quit Configure Hub-PE. # Configure basic MPLS. <Sysname> system-view [Sysname] sysname Hub-PE [Hub-PE] interface loopback 0 [Hub-PE-LoopBack0] ip address 3.3.3.9 32...

  • Page 190: Configuring Pw Redundancy For H-Vpls Access

    [Hub-PE-vsi-aaa-ldp] quit [Hub-PE-vsi-aaa] quit # Configure interface GigabitEthernet 3/1/3, bind VPLS instance aaa to the interface, and specifying the attached CE as the hub-CE. [Hub-PE] interface GigabitEthernet 3/1/3 [Hub-PE-GigabitEthernet3/1/3] l2 binding vsi aaa hub [Hub-PE-GigabitEthernet3/1/3] quit After completing previous configurations, issue the display vpls connection command on the PEs. You will see that a PW connection in up state has been established.
  • Page 191 [UPE] mpls lsr-id 1.1.1.1 [UPE] mpls [UPE-mpls] quit [UPE] mpls ldp [UPE-mpls-ldp] quit # Configure basic MPLS on the interface connected to NPE 1. [UPE] interface GigabitEthernet 3/1/2 [UPE-GigabitEthernet3/1/2] ip address 12.1.1.1 255.255.255.0 [UPE-GigabitEthernet3/1/2]mpls [UPE-GigabitEthernet3/1/2]mpls ldp [UPE-GigabitEthernet3/1/2]quit # Configure basic MPLS on the interface connected to NPE 2. [UPE]interface GigabitEthernet 3/1/3 [UPE-GigabitEthernet3/1/3] ip address 13.1.1.1 255.255.255.0 [UPE-GigabitEthernet3/1/3]mpls...
  • Page 192 [UPE-GigabitEthernet3/1/4] service-instance 1000 [UPE-GigabitEthernet3/1/4-srv1000] encapsulation s-vid 11 [UPE-GigabitEthernet3/1/4-srv1000] xconnect vsi aaa [UPE-GigabitEthernet3/1/4-srv1000] quit Configure NPE 1. # Configure basic MPLS. <Sysname> system-view [Sysname] sysname NPE1 [NPE1] interface loopback 0 [NPE1-LoopBack0] ip address 2.2.2.2 32 [NPE1-LoopBack0] quit [NPE1] mpls lsr-id 2.2.2.2 [NPE1] mpls [NPE1–mpls] quit [NPE1] mpls ldp...
  • Page 193 [NPE1-vsi-aaa-ldp] peer 4.4.4.4 [NPE1-vsi-aaa-ldp] quit [NPE1-vsi-aaa] quit The configuration procedure on NPE 2 is similar to that on NPE 1. (Details not shown) Configure NPE 3. # Configure basic MPLS. <Sysname> system-view [Sysname] sysname NPE3 [NPE3] interface loopback 0 [NPE3-LoopBack0] ip address 4.4.4.4 32 [NPE3-LoopBack0] quit [NPE3] mpls lsr-id 4.4.4.4 [NPE3] mpls...

  • Page 194: Implementing Multi-As Vpn Through Multi-Hop Pw

    [NPE3-vsi-aaa-ldp] quit [NPE3-vsi-aaa] quit # Create service instance on interface GigabitEthernet 3/1/1 connected to CE 3, and bind the VPLS instance. [NPE3] interface GigabitEthernet 3/1/1 [NPE3-GigabitEthernet3/1/1] service-instance 1000 [NPE3-GigabitEthernet3/1/1-srv1000] encapsulation s-vid 10 [NPE3-GigabitEthernet3/1/1-srv1000] xconnect vsi aaa [NPE3-GigabitEthernet3/1/1-srv1000] quit After completing the configurations, execute the display vpls connection command on the PEs. You will see that a PW connection in up state has been established.
  • Page 195 [PE1-GigabitEthernet3/1/2] mpls ldp [PE1-GigabitEthernet3/1/2] quit # Enable L2VPN and MPLS L2VPN. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Create VPLS instance aaa that uses LDP signaling. [PE1] vsi aaa static [PE1-vsi-aaa] pwsignal ldp [PE1-vsi-aaa-ldp] vsi-id 500 [PE1-vsi-aaa-ldp] peer 2.2.2.2 [PE1-vsi-aaa-ldp] quit [PE1-vsi-aaa] quit # Bind the VPLS instance aaa to GigabitEthernet 3/1/1, the interface connected to CE 1.
  • Page 196 # Configure basic MPLS for GigabitEthernet 3/1/2, the interface connected to ASBR 2. [ASBR1] interface GigabitEthernet 3/1/2 [ASBR1-GigabitEthernet3/1/2] ip address 11.1.1.2 24 [ASBR1-GigabitEthernet3/1/2] mpls [ASBR1-GigabitEthernet3/1/2] quit # Enable L2VPN and MPLS L2VPN. [ASBR1] l2vpn [ASBR1-l2vpn] mpls l2vpn [ASBR1-l2vpn] quit # Configure a P2P-capable VPLS instance aaa that uses LDP signaling. [ASBR1] vsi aaa static p2p [ASBR1-vsi-aaa] pwsignal ldp [ASBR1-vsi-aaa-ldp] vsi-id 500...
  • Page 197 [ASBR2-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255 [ASBR2-ospf-1-area-0.0.0.0] quit [ASBR2-ospf-1] quit # Configure basic MPLS for GigabitEthernet 3/1/1, the interface connecting ASBR 1. [ASBR2] interface GigabitEthernet 3/1/1 [ASBR2-GigabitEthernet3/1/1] ip address 11.1.1.3 24 [ASBR2-GigabitEthernet3/1/1] mpls [ASBR2-GigabitEthernet3/1/1] quit # Configure basic MPLS for GigabitEthernet 3/1/2, the interface connecting PE 2. [ASBR2] interface GigabitEthernet 3/1/2 [ASBR2-GigabitEthernet3/1/2] ip address 12.1.1.3 24 [ASBR2-GigabitEthernet3/1/2] mpls...

  • Page 198: Troubleshooting Vpls

    [PE2–mpls-ldp] quit # Configure basic MPLS for GigabitEthernet 3/1/2, the interface connected to ASBR 2. [PE2] interface GigabitEthernet 3/1/2 [PE2-GigabitEthernet3/1/2] ip address 12.1.1.4 24 [PE2-GigabitEthernet3/1/2] mpls [PE2-GigabitEthernet3/1/2] mpls ldp [PE2-GigabitEthernet3/1/2] quit # Enable L2VPN and MPLS L2VPN. [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit # Configure VPLS instance aaa that uses LDP signaling.
  • Page 199 Check whether the VPLS instances on the two peers are configured with the same MTU value. •...

  • Page 200: Configuring Mpls L2Vpn

    Configuring MPLS L2VPN NOTE: In this documentation, SPC cards refer to the cards prefixed with SPC, for example, SPC-GT48L, and SPE • cards refer to the cards prefixed with SPE, for example, SPE-1020-E-II. SPC cards do not support CCC, SVC, or Kompella MPLS L2VPNs. •...

  • Page 201: Basic Concepts Of Mpls L2Vpn

    Basic concepts of MPLS L2VPN In MPLS L2VPN, the concepts and principles of CE, PE and P are the same as those in MPLS L3VPN: Customer edge (CE) device—A CE resides on a customer network and has one or more interfaces •...
  • Page 202 CCC MPLS L2VPN Unlike common MPLS L2VPN, CCC employs just one level of label to transfer user data. Therefore, it uses label switched paths (LSPs) exclusively. A CCC LSP can transfer only the data of the CCC connection; it can neither be used for other MPLS L2VPN connections, nor for MPLS L3VPN or common IP packets. The most significant advantage of this method is that no label signaling is required for transferring Layer 2 VPN information.

  • Page 203: Mpls L2Vpn Configuration Task List

    The Martini method applies to scenarios with sparse Layer 2 connections, such as a scenario with a star topology. Kompella MPLS L2VPN Kompella MPLS L2VPN is different from Martini MPLS L2VPN in that it does not operate on the connections between CEs directly. It organizes different VPNs in the whole service provider network and encodes each CE in a VPN.

  • Page 204: Configuring Mpls L2Vpn

    Configuring MPLS L2VPN You can select any of the implementation methods for MPLS L2VPN as needed. However, no matter what method you select, you must complete the following tasks: Configure basic MPLS • Enable L2VPN • Enable MPLS L2VPN • To perform basic MPLS L2VPN configurations: Step Command...
  • Page 205 Step Command Enter system view. system-view ccc ccc-connection-name interface interface-type Create a local CCC connection between interface-number out-interface interface-type two CEs connected to the same PE. interface-number Configuring the remote CCC connection Configure the PEs To configure a PE: Step Command Enter system view.

  • Page 206: Configuring Svc Mpls L2Vpn

    CAUTION: With CCC, no static LSPs are required on the PEs but dedicated bidirectional static LSPs are required on • all the P routers between the PEs for transmitting the data of the CCC connection. MPLS Command Reference For static LSP configuration commands, see •...

  • Page 207: Configuring Martini Mpls L2Vpn

    Step Command mpls static-l2vc destination destination-router-id transmit-vpn-label transmit-label-value receive-vpn-label Create an SVC MPLS L2VPN connection. receive-label-value [ { control-word | ethernet | no-control-word | vlan } | tunnel-policy tunnel-policy-name ] * CAUTION: You need to ensure the validity of incoming labels and outgoing labels in an SVC L2VPN. •...

  • Page 208: Creating A Martini Mpls L2Vpn For A Service Instance

    Types and numbers of the interfaces connecting the CEs • • Destination address of the L2VPN connection and the PW ID (VC ID) PW class template • Configuration procedure To configure a Martini MPLS L2VPN connection on a Layer 3 Ethernet interface/sub-interface of the PE: Step Command Remarks...
  • Page 209 NOTE: Do not configure services other than L2VPN for the VLAN that is bound to the private network side of the • MPLS L2VPN. Do not enable port-based protocols such as STP, Ethernet OAM, 802.1X, GVRP, LLDP, DLDP, and LACP •...

  • Page 210: Configuring Kompella Mpls L2Vpn

    Step Command Remarks Optional. By default, the default tunneling Specify the tunneling policy is used. The default pw-tunnel-policy policy-name policy. tunneling policy selects only one tunnel (no load balancing) in this order: LSP tunnel, CR-LSP tunnel. Return to system view. quit Create the VLAN to be used by the service...

  • Page 211: Configuration Prerequisites

    To create a Kompella local connection, you only need to configure the VPN and CE connection on the PE. Neither IGP nor BGP L2VPN capability is required. Configuration prerequisites Before configuring Kompella MPLS L2VPN, complete the following tasks: Configure an IGP on the PEs and P routers to ensure IP connectivity within the MPLS backbone •...
  • Page 212 • • When you plan a VPN, H3C recommends encoding CE IDs in incremental sequence starting from 1 and then configuring connections in the sequence of the CE IDs, in which case you can omit the ce-offset keyword (use the default setting) for most of connections.

  • Page 213: Enabling The Mpls L2Vpn Mix Function

    Step Command Enter system view. system-view Enter MPLS L2VPN view. mpls l2vpn vpn-name Create a CE for a VPN and enter MPLS ce ce-name [ id ce-id [ range ce-range ] [ default-offset L2VPN CE view. ce-offset ] ] connection [ ce-offset id ] interface interface-type Create a Kompella connection.

  • Page 214: Displaying And Maintaining Mpls L2Vpn

    Displaying and maintaining MPLS L2VPN Displaying the operation of MPLS L2VPN Task Command Remarks display ccc [ ccc-name ccc-name | type { local | Display information about CCC remote } ] [ | { begin | exclude | include } Available in any view connections.

  • Page 215: Resetting Bgp L2Vpn Connections

    Resetting BGP L2VPN connections Task Command Remarks reset bgp l2vpn { as-number | ip-address | all | Available in user Reset BGP L2VPN connections. external | internal } view MPLS L2VPN configuration examples Example for configuring a local CCC connection Network requirements As shown in Figure...
  • Page 216 [PE] interface loopback 0 [PE-LoopBack0] ip address 172.1.1.1 32 [PE-LoopBack0] quit [PE] mpls lsr-id 172.1.1.1 [PE] mpls [PE-mpls] quit # Enable L2VPN and MPLS L2VPN. [PE] l2vpn [PE-l2vpn] mpls l2vpn [PE-l2vpn] quit # Configure interface GigabitEthernet 4/1/1. [PE] interface GigabitEthernet 4/1/1 [PE-GigabitEthernet4/1/1] quit # Configure interface GigabitEthernet 4/1/2.

  • Page 217: Example For Configuring A Remote Ccc Connection

    round-trip min/avg/max = 10/76/180 ms Example for configuring a remote CCC connection Network requirements As shown in Figure 50, the CEs are connected to the PEs through GigabitEthernet interfaces. Create a remote CCC connection between CE 1 and CE 2. The main steps for configuring a CCC remote connection are: Create a remote CCC connection on the PEs.
  • Page 218 # Enable L2VPN and MPLS L2VPN. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Configure interface GigabitEthernet 4/1/1. [PE1] interface GigabitEthernet 4/1/1 [PE1-GigabitEthernet4/1/1] quit # Configure interface GigabitEthernet 4/1/2, and enable MPLS. [PE1] interface GigabitEthernet 4/1/2 [PE1-GigabitEthernet4/1/2] ip address 10.1.1.1 24 [PE1-GigabitEthernet4/1/2] mpls [PE1-GigabitEthernet4/1/2] quit # Create a remote connection from CE 1 to CE 2, using the interface connecting CE 1 as the...
  • Page 219 [Sysname] sysname PE2 [PE2] interface loopback 0 [PE2-LoopBack0] ip address 10.0.0.3 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 10.0.0.3 [PE2] mpls [PE2-mpls] quit # Enable L2VPN and MPLS L2VPN. [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit # Configure interface GigabitEthernet 4/1/2. [PE2] interface GigabitEthernet 4/1/2 [PE2-GigabitEthernet4/1/2] quit # Configure interface GigabitEthernet 4/1/1 and enable MPLS.

  • Page 220: Example For Configuring Svc Mpls L2Vpn

    Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=60 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=70 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=60 ms --- 100.1.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 10/76/180 ms...
  • Page 221 [CE1-GigabitEthernet4/1/1] ip address 100.1.1.1 24 Configure PE 1. # Configure the LSR ID and enable MPLS globally. <Sysname> system-view [Sysname] sysname PE1 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.2.2.2 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 192.2.2.2 [PE1] mpls # Configure the LSP establishment triggering policy. [PE1-mpls] lsp-trigger all [PE1-mpls] quit # Enable L2VPN and MPLS L2VPN.
  • Page 222 [P-LoopBack0] quit [P] mpls lsr-id 192.4.4.4 [P] mpls # Enable LDP globally. [P] mpls ldp [P-mpls-ldp] quit # Configure the interface connected with PE 1, namely GigabitEthernet 4/1/2, and enable LDP on the interface. [P] interface GigabitEthernet 4/1/2 [P-GigabitEthernet4/1/2] ip address 10.1.1.2 24 [P-GigabitEthernet4/1/2] mpls [P-GigabitEthernet4/1/2] mpls ldp [P-GigabitEthernet4/1/2] quit...
  • Page 223 # Configure the interface connected with the P router, namely GigabitEthernet4/1/1, and enable LDP on the interface. [PE2] interface GigabitEthernet 4/1/1 [PE2-GigabitEthernet4/1/1] ip address 10.2.2.1 24 [PE2-GigabitEthernet4/1/1] mpls [PE2-GigabitEthernet4/1/1] mpls ldp [PE2-GigabitEthernet4/1/1] quit # Configure OSPF on PE 2 for establishing LSPs. [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 10.2.2.1 0.0.0.255...

  • Page 224: Example For Configuring Martini Mpls L2Vpn

    5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 80/126/150 ms Example for configuring Martini MPLS L2VPN Network requirements As shown in Figure 52, the CEs are connected to PEs through GigabitEthernet interfaces. Establish a Martini MPLS L2VPN between CE 1 and CE 2. Figure 52 Network diagram Device Interface...
  • Page 225 # Enable L2VPN and MPLS L2VPN. [PE1] l2vpn [PE1-l2vpn] mpls l2vpn [PE1-l2vpn] quit # Enable LDP globally. [PE1] mpls ldp [PE1-mpls-ldp] quit # Configure the peer relationship with PE 2 so that the LDP remote session can be established between them. [PE1] mpls ldp remote-peer 1 [PE1-mpls-ldp-remote-1] remote-ip 192.3.3.3 [PE1-mpls-ldp-remote-1] quit...
  • Page 226 [P-GigabitEthernet4/1/1] mpls [P-GigabitEthernet4/1/1] mpls ldp [P-GigabitEthernet4/1/1] quit # Configure the interface connected with PE 2, namely GigabitEthernet 4/1/2, and enable LDP on the interface. [P] interface GigabitEthernet4/1/2 [P-GigabitEthernet4/1/2] ip address 10.2.2.2 24 [P-GigabitEthernet4/1/2] mpls [P-GigabitEthernet4/1/2] mpls ldp [P-GigabitEthernet4/1/2] quit # Configure OSPF on the P router for establishing LSPs. [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255...
  • Page 227 [PE2-GigabitEthernet4/1/2] mpls ldp [PE2-GigabitEthernet4/1/2] quit # Configure OSPF on PE 2 for establishing LSPs. [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 192.3.3.3 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] network 10.2.2.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit # On the interface connecting CE 2, namely GigabitEthernet 4/1/1, create a Martini MPLS L2VPN connection.

  • Page 228: Example For Configuring Kompella Mpls L2Vpn

    0.00% packet loss round-trip min/avg/max = 30/50/70 ms Example for configuring Kompella MPLS L2VPN Network requirements As shown in Figure 53, the CEs are connected to PEs through GigabitEthernet interfaces. Establish a Kompella MPLS L2VPN between CE 1 and CE 2. Figure 53 Network diagram Device Interface...
  • Page 229 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0 [PE1-bgp] l2vpn-family [PE1-bgp-af-l2vpn] policy vpn-target [PE1-bgp-af-l2vpn] peer 3.3.3.9 enable [PE1-bgp-af-l2vpn] quit [PE1-bgp] quit # Configure PE 2. <Sysname> system-view [Sysname] sysname PE2 [PE2] l2vpn [PE2-l2vpn] mpls l2vpn [PE2-l2vpn] quit [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0 [PE2-bgp] l2vpn-family [PE2-bgp-af-l2vpn] policy vpn-target...

  • Page 230: Example For Configuring A Kompella Local Connection

    Issue the display mpls l2vpn connection command on the PEs. The output shows that an L2VPN connection is established between the PEs and the connection is up. Take PE 1 as an example: [PE1] display mpls l2vpn connection 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown VPN name: vpn1, 1 total connections,...
  • Page 231 <Sysname> system-view [Sysname] sysname PE [PE] l2vpn [PE-l2vpn] mpls l2vpn [PE-l2vpn] quit [PE] mpls l2vpn vpn1 encapsulation ethernet [PE-mpls-l2vpn-vpn1] route-distinguisher 100:1 [PE-mpls-l2vpn-vpn1] vpn-target 111:1 [PE-mpls-l2vpn-vpn1] ce ce1 id 1 [PE-mpls-l2vpn-ce-vpn1-ce1] connection ce-offset 2 interface GigabitEthernet4/1/1 [PE-mpls-l2vpn-ce-vpn1-ce1] quit [PE-mpls-l2vpn-vpn1] ce ce2 id 2 [PE-mpls-l2vpn-ce-vpn1-ce2] connection ce-offset 1 interface GigabitEthernet4/1/2 [PE-mpls-l2vpn-vpn1] quit Verify your configuration.

  • Page 232: Troubleshooting Mpls L2Vpn

    Troubleshooting MPLS L2VPN Symptom After the L2VPN configuration, the peer PEs cannot ping each other. The output of the display mpls l2vc command shows that the VC is down and the remote VC label is invalid. Analysis The reason the VC is down may be that the PEs are configured with different encapsulation types. Solution Check whether the local PE and the peer PE are configured with the same encapsulation type.

  • Page 233: Configuring Mpls L3Vpn

    Configuring MPLS L3VPN NOTE: This chapter covers only introduction to and configuration of MPLS L3VPN. For information about MPLS Layer 3—IP Routing basics, see the chapter “Configuring basic MPLS.” For information about BGP, see Configuration Guide MPLS L3VPN overview MPLS L3VPN is a PE-based L3VPN technology. It uses BGP to advertise VPN routes and uses MPLS to forward VPN packets over service provider backbones.

  • Page 234: Mpls L3Vpn Concepts

    A CE is usually a router. After a CE establishes adjacency with a directly connected PE, it advertises its VPN routes to the PE and learns remote VPN routes from the PE. A CE and a PE use BGP/IGP to exchange routing information.
  • Page 235 PEs use MP-BGP to advertise VPN routes, and use VPN-IPv4 address family to solve the problem with traditional BGP. A VPN-IPv4 address consists of 12 bytes. The first eight bytes represent the RD, followed by a 4-byte IPv4 address prefix, as shown in Figure Figure 56 VPN-IPv4 address structure When a PE receives an ordinary IPv4 route from a CE, it must advertise the VPN route to the peer PE.

  • Page 236: Mpls L3Vpn Packet Forwarding

    In other words, VPN target attributes define which sites can receive VPN-IPv4 routes, and from which sites that a PE can receive routes. Like RDs, VPN target attributes can be of three formats: 16-bit AS number:32-bit user-defined number. For example, 100:1. •...

  • Page 237: Mpls L3Vpn Networking Schemes

    Figure 57 VPN packet forwarding Site 1 sends an IP packet with the destination address of 1.1.1.2. CE 1 transmits the packet to PE PE 1 searches VPN instance entries based on the inbound interface and destination address of the packet.
  • Page 238 Figure 58 Network diagram for basic VPN networking scheme Figure 58, for example, the VPN target for VPN 1 is 100:1 on the PEs, while that for VPN 2 is 200:1. The two VPN 1 sites can communicate with each other, and the two VPN 2 sites can communicate with each other.
  • Page 239 Figure 59 Network diagram for hub and spoke networking scheme Figure 59, the spoke sites communicate with each other through the hub site. The arrows in the figure indicate the advertising path of routes from Site 2 to Site 1: The hub PE can receive all the VPN-IPv4 routes advertised by spoke PEs.

  • Page 240: Mpls L3Vpn Routing Information Advertisement

    Figure 60 Network diagram for extranet networking scheme Figure 60, VPN 1 and VPN 2 can access Site 3 of VPN 1. • PE 3 can receive the VPN-IPv4 routes advertised by PE 1 and PE 2. PE 1 and PE 2 can receive the VPN-IPv4 routes advertised by PE 3. •...

  • Page 241: Inter-As Vpn

    The route between the CE and the PE can be a static route, RIP route, OSPF route, IS-IS route, EBGP route, or IBGP route. No matter which routing protocol is used, the CE always advertises standard IPv4 routes to the PE. Routing information exchange from the ingress PE to the egress PE After learning the VPN routing information from the CE, the ingress PE adds RDs and VPN targets for these standard IPv4 routes to create VPN-IPv4 routes, save them to the routing table of the VPN instance...
  • Page 242 Figure 61 Network diagram for inter-AS option A This kind of solution is easy to carry out because no special configuration is required on the PEs acting as the ASBRs. However, it has limited scalability because the PEs acting as the ASBRs have to manage all the VPN routes and create VPN instances on a per-VPN basis.
  • Page 243 Figure 62 Network diagram for inter-AS option B In terms of scalability, inter-AS option B is better than option A. When adopting MP-EBGP method, note the following issues: ASBRs perform no VPN target filtering on VPN-IPv4 routes that they receive from each other. •...

  • Page 244: Carrier's Carrier

    Figure 63 Network diagram for inter-AS option C To improve the scalability, you can specify an RR in each AS, making it maintain all VPN-IPv4 routes and exchange VPN-IPv4 routes with PEs in the AS. The RRs in two ASs establish an inter-AS VPNv4 connection to advertise VPN-IPv4 routes, as shown in Figure Figure 64 Network diagram for inter-AS option C using RRs...
  • Page 245 of the Level 2 carrier. Routes of the customer networks connected to a Level 2 carrier are exchanged through the BGP session established between the routers of the Level 2 carrier. This can greatly reduce the number of routes maintained by the Level 1 carrier network. Implementation of carrier’s carrier Compared with the common MPLS L3VPN, the carrier’s carrier is different because of the way in which a CE of a Level 1 carrier, that is, a Level 2 carrier, accesses a PE of the Level 1 carrier:...

  • Page 246: Nested Vpn

    MP-IBGP PE 3 PE 4 CAUTION: If equal cost routes exist between the Level 1 carrier and the Level 2 carrier, H3C recommends establishing equal cost LSPs between them. Nested VPN Background In an MPLS L3VPN network, generally a service provider runs an MPLS L3VPN backbone and provides VPN services through PEs.
  • Page 247 Figure 67 Network diagram for nested VPN Provider MPLS VPN backbone Provider PE Provider PE CE 8 CE 7 VPN 2 VPN 1 CE 2 CE 1 Customer MPLS Customer MPLS VPN network VPN network Customer PE Customer PE CE 3 CE 4 CE 5 CE 6...

  • Page 248: Multi-Role Host

    VPNs that take the interface connected to the CE as the next hop. NOTE: All IP addresses associated with the PE must be unique to implement the multi-role host feature. In practice, H3C recommends centralizing the addresses of each VPN to improve the forwarding efficiency. HoVPN Why HoVPN? In MPLS L3VPN solutions, PEs are the key devices.
  • Page 249 As in the typical hierarchical network model, HoVPN has different requirements on the devices at different layers of the hierarchy. Implementation of HoVPN Figure 68 Basic architecture of HoVPN As shown in Figure 68, devices directly connected to CEs are called underlayer PEs (UPEs) or user-end PEs, whereas devices that are connected with UPEs and are in the internal network are called superstratum PEs (SPE) or service provider-end PEs.

  • Page 250: Ospf Vpn Extension

    The concepts of SPE and UPE are relative. In the hierarchical PE architecture, a PE may be the SPE of its underlayer PEs and a UPE of its SPE at the same time. The HoPE and common PEs can coexist in an MPLS network. SPE-UPE The MP-BGP running between SPE and UPE can be either MP-IBGP or MP-EBGP.
  • Page 251 NOTE: Layer 3—IP This section focuses on the OSPF VPN extension. For more information about OSPF, see Routing Configuration Guide OSPF for VPNs on a PE OSPF is a prevalent IGP protocol. It often runs between PE and CE to simplify CE configuration and management because the CEs only need to support OSPF.
  • Page 252 OSPF attributes. Each OSPF domain must have a configurable domain ID. H3C recommends that you configure the same domain ID or adopt the default ID for all OSPF processes of the same VPN, so the system can know that all VPN routes with the same domain ID are from the same VPN.

  • Page 253: Bgp As Number Substitution

    Figure 71 Network diagram for sham link To solve the problem, you can establish a sham link between the two PEs so that the routes between them over the MPLS VPN backbone become an intra-area route. The sham link acts as an intra-area point-to-point link and is advertised through the Type 1 LSA. You can select a route between the sham link and backdoor link by adjusting the metric.

  • Page 254: Multi-Vpn-Instance Ce

    Figure 72 Application of BGP AS number substitution Figure 72, both CE 1 and CE 2 use the AS number of 800. AS number substitution is enabled on PE 2 for CE 2. Before advertising updates received from CE 1 to CE 2, PE 2 finds that an AS number in the AS_PATH is the same as that of CE 2 and hence substitutes its own AS number 100 for the AS number.

  • Page 255: Mpls L3Vpn Configuration Task List

    Figure 73 Network diagram for the MCE function Establish a tunnel between the two sites of each VPN. Create a routing table for VPN 1 and VPN 2 respectively on the MCE device, and bind VLAN-interface 2 to VPN 1 and VLAN-interface 3 to VPN 2. When receiving a route, the MCE device can determine the source of the routing information according to the number of the receiving interface, and adds it to the corresponding routing table.

  • Page 256: Configuring Basic Mpls L3Vpn

    Task Remarks Configuring BGP AS number substitution Configuring basic MPLS L3VPN The key task in MPLS L3VPN configuration is to manage the advertisement of VPN routes on the MPLS backbone, including PE-CE route exchange and PE-PE route exchange. Complete the following tasks to configure basic MPLS L3VPN: Task Remarks Creating a VPN instance...
  • Page 257 Step Command Remarks Enter system view. system-view Create a VPN instance and ip vpn-instance vpn-instance-name enter VPN instance view. Configure an RD for the VPN route-distinguisher instance. route-distinguisher Configure a description for description text Optional the VPN instance. Associating a VPN instance with an interface After creating and configuring a VPN instance, you need to associate the VPN instance with the interface for connecting the CE.
  • Page 258 Step Command Remarks Set the maximum number of routing-table limit number Optional. routes allowed. { warn-threshold | simply-alert } Optional. Apply an import routing By default, all routes matching the import route-policy route-policy policy. import target attribute are accepted. Optional. Apply an export routing export route-policy route-policy By default, routes to be advertised...

  • Page 259: Configuring Routing Between Pe And Ce

    NOTE: If you specify more than one tunnel type and the number of tunnels of a type is less than the specified • number of tunnels for load balancing, tunnels of different types may be used. When you configure the tunnel selection preference order by using the tunnel select-seq command, a •...
  • Page 260 Configuration prerequisites Before you configure routing between PE and CE, complete the following tasks: • Assigning an IP address to the CE-PE interface of the CE. Assigning an IP address to the PE-CE interface of the PE. • Configuring static routing between PE and CE To configure static routing between PE and CE: Step Command...
  • Page 261 Configuring OSPF between PE and CE An OSPF process that is bound to a VPN instance does not use the public network router ID configured in system view. Therefore, you need to specify the router ID when starting a process or to configure the IP address for at least one interface of the VPN instance.
  • Page 262 NOTE: After configuring an OSPF process for a VPN instance, you must enable OSPF. The configuration • procedure is the same as that for a normal OSPF process. Layer 3—IP Routing Configuration Guide For more information about OSPF, see • domain-id •...
  • Page 263 Step Command Remarks filter-policy { acl-number | Optional. Configure BGP to filter routes ip-prefix ip-prefix-name } export By default, BGP does not filter to be advertised. [ direct | isis process-id | ospf routes to be advertised. process-id | rip process-id | static ] Optional.
  • Page 264 NOTE: IBGP can be used between PE and CE devices in only common MPLS L3VPN networking. In Extranet, inter-AS VPN, carrier’s carrier, nested VPN, and HoVPN networking, you cannot use IBGP between PE and CE devices. Configurations a PE To configure IBGP between PE and CE: Step Command Remarks...

  • Page 265: Configuring Routing Between Pes

    Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Configure the PE as the IBGP peer { group-name | ip-address } peer. as-number as-number Optional. Configure the route import-route protocol [ process-id ] A CE needs to advertise its routes redistribution and [ med med-value | route-policy to the connected PE so that the PE...
  • Page 266 routes for each type of the address families and only takes effect for the BGP routes in the address family view where the command is executed. To configure common routing features for all types of subaddress families: Step Command Remarks Enter system view.
  • Page 267 Step Command Remarks Optional. Enable route reflection reflect between-clients between clients. Enabled by default. Optional. Specify the cluster ID of the reflector cluster-id { cluster-id | Router ID of an RR in the cluster by ip-address } default. rr-filter Create an RR reflection policy. Optional.

  • Page 268: Configuring Inter-As Vpn

    Step Command Remarks Optional. Advertise a default route peer { group-name | ip-address } destined for a VPN instance to default-route-advertise By default, no default route is a peer or peer group. vpn-instance vpn-instance-name advertised to a peer or peer group. Optional.

  • Page 269: Configuring Inter-As Option A

    NOTE: When configuring basic MPLS L3VPN for each AS, specific configurations may be required on PEs or ASBR PEs. This depends on the inter-AS VPN solution selected. Configuring inter-AS option A Inter-AS option A applies to scenarios where the number of VPNs and that of VPN routes on the PEs are relatively small.

  • Page 270: Configuring Inter-As Option C

    In the inter-AS option B solution, the ASBR PEs need to maintain all VPNv4 routing information and advertise the information to peer ASBR PEs. In this case, the ASBR PEs must receive all VPNv4 routing information without performing VPN target filtering. In the inter-AS option B solution, for the same VPN, the VPN targets for the VPN instances on the PEs in different ASs must match.
  • Page 271 Step Command Remarks Optional. Configure the PE not to Required only when RRs are used change the next hop of a peer { group-name | ip-address } to advertise VPNv4 routes, where route when advertising it to next-hop-invariable the next hop of a route advertised the EBGP peer.

  • Page 272: Configuring Nested Vpn

    Which IPv4 routes are to be assigned with MPLS labels depends on the routing policy. Only routes that satisfy the criteria are assigned with labels. All the other routes are still common IPv4 routes. To configure a routing policy for inter-AS option C on an ASBR PE: Step Command Remarks...

  • Page 273: Configuring Multi-Role Host

    Step Command Remarks Activate a nested VPN peer or By default, only IPv4 routes and no peer { group-name | peer group, and enable the BGP-VPNv4 routes can be peer-address } vpn-instance BGP-VPNv4 route exchange exchanged between nested VPN vpn-instance-name enable capability.

  • Page 274: Configuring A Static Route

    Step Command Enter system view. system-view policy-based-route policy-name { deny | permit } Create a policy and enter policy routing view. node node-number Specify the VPN instances for forwarding apply access-vpn vpn-instance packets. vpn-instance-name&<1-6> Return to system view. quit Enter the view of the interface connecting a CE. interface interface-type interface-number Apply policy routing to the interface.

  • Page 275: Configuring An Ospf Sham Link

    Step Command Remarks • To advertise a default VPN route: peer { group-name | ip-address } default-route-advertise vpn-instance Configure either command as vpn-instance-name needed. Advertise a default VPN route or routes permitted by a • To advertise routes permitted by a By default, BGP does not routing policy to the UPE.

  • Page 276: Redistributing The Loopback Interface Route And Ospf Routes Into Bgp

    Step Command Remarks Configure the address of the ip address ip-address { mask | loopback interface. mask-length } Redistributing the loopback interface route and OSPF routes into BGP To redistribute the loopback interface route and OSPF routes into BGP: Step Command Enter system view.

  • Page 277: Configuring Routing On An Mce

    0. However, the same calculation rule produces the same tag, and hence the same tag will be created for multiple OSPF VPN instances on the same PE or PEs with the same AS number. Therefore, H3C recommends configuring different tags for different OSPF VPN instance.
  • Page 278 Step Command Remarks • ip route-static dest-address { mask | mask-length } { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] Use either command. [ tag tag-value ] [ description description-text ] Perform this Configure a static route •...
  • Page 279 By configuring OSPF process-to-VPN instance bindings on a MCE, you allow routes of different VPNs to be exchanged between the MCE and the sites through different OSPF processes, ensuring the separation and security of VPN routes. To configure route exchange through OSPF: Step Command Remarks...
  • Page 280 Step Command Remarks Enter system view. system-view Create an IS-IS process for a Perform this configuration on the isis [ process-id ] vpn-instance VPN instance and enter IS-IS MCE. On a VPN site, configure a vpn-instance-name view. normal IS-IS process. Configure a network entity network-entity net Not configured by default.
  • Page 281 Step Command Remarks import-route protocol [ process-id Redistribute remote site routes By default, no routes of any other | all-processes ] [ med med-value | advertised by the PE. protocol are redistributed to BGP. route-policy route-policy-name ] * filter-policy { acl-number | Optional.

  • Page 282: Configuring Routing Between Mce And Pe

    Configurations on the MCE To configure the MCE: Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number ipv4-family vpn-instance Enter BGP-VPN instance view. vpn-instance-name peer { group-name | ip-address } Configure an IBGP peer. as-number as-number Optional. Configure the system to be the peer { group-name | ip-address } RR and specify the peer as the...
  • Page 283 Bind the MCE-PE interfaces to VPN instances • • Perform route configurations Redistribute VPN routes into the routing protocol running between the MCE and the PE. • NOTE: Configurations in this section are made on the MCE. Configurations on the PE are similar to those on the PE in common MPLS L3VPN network solutions (see “Configuring routing between PE and CE”).
  • Page 284 NOTE: Layer 3—IP Routing Configuration Guide For more information about RIP, see Configuring OSPF between MCE and PE To configure OSPF between MCE and PE: Step Command Remarks Enter system view. system-view Create an OSPF process for a ospf [ process-id | router-id VPN instance and enter OSPF router-id | vpn-instance view.
  • Page 285 Step Command Remarks Configure a network entity network-entity net Not configured by default. title. Optional. import-route { isis [ process-id ] | ospf [ process-id ] | rip By default, IS-IS does not [ process-id ] | bgp [ allow-ibgp ] | redistribute routes of any other direct | static } [ cost cost | routing protocol.

  • Page 286: Specifying The Vpn Label Processing Mode

    NOTE: BGP runs within a VPN in the same way as it runs within a public network. For more information about Layer 3—IP Routing Configuration Guide BGP, see Configuring IBGP between MCE and PE To configure IBGP between MCE and PE: Step Command Remarks...

  • Page 287: Configuring Bgp As Number Substitution

    Configuring BGP AS number substitution Configuration prerequisites Before you configure BGP AS number substitution, complete the following tasks: Configure basic MPLS L3VPN • Ensure CEs at different sites to have the same AS number • Configuration procedure When CEs at different sites have the same AS number, configure the BGP AS number substitution function to avoid route loss.

  • Page 288: Displaying And Maintaining Mpls L3Vpn

    Step Command Remarks refresh bgp vpnv4 { ip-address | all | Perform a soft reset of the BGP external | group group-name | internal } Available in user view VPNv4 connections. { export | import } reset bgp vpn-instance vpn-instance-name Reset BGP connections of a { as-number | ip-address | all | external | Available in user view...
  • Page 289 Task Command Remarks display bgp vpnv4 all peer [ ip-address verbose | verbose ] [ | { begin | exclude | include } regular-expression ] Display information about BGP display bgp vpnv4 vpn-instance Available in any view VPNv4 peers. vpn-instance-name peer [ group-name log-info | ip-address { log-info | verbose } | verbose ] [ | { begin | exclude | include } regular-expression ]...
  • Page 290 Task Command Remarks display bgp vpnv4 route-distinguisher route-distinguisher routing-table [ [ network-address [ mask | mask-length ] | as-path-acl as-path-acl-number | cidr | community [ aa:nn ]&<1-13> [ no-advertise | no-export | no-export-subconfed ] * Display the BGP VPNv4 routing [ whole-match ] | community-list Available in any view information of a specific RD.

  • Page 291: Mpls L3Vpn Configuration Examples

    Task Command Remarks reset bgp vpn-instance vpn-instance-name ip-address flap-info Clear route flap history information reset bgp vpn-instance vpn-instance-name about a BGP peer of a VPN Available in user view flap-info [ ip-address [ mask | mask-length ] | instance. as-path-acl as-path-acl-number | regexp as-path-regexp ] NOTE: Layer 3—IP Routing Command...
  • Page 292 GE4/1/2 10.2.1.2/24 PE 2 Loop0 3.3.3.9/32 POS2/1/1 172.1.1.1/24 GE4/1/1 10.3.1.2/24 CE 2 GE4/1/1 10.2.1.1/24 GE4/1/2 10.4.1.2/24 CE 3 GE4/1/1 10.3.1.1/24 POS2/1/1 172.2.1.2/24 CE 4 GE4/1/1 10.4.1.1/24 Configuration procedure Configure an IGP on the MPLS backbone to implement IP connectivity within the backbone. # Configure PE 1.
  • Page 293 [PE2] interface pos 2/1/1 [PE2-POS2/1/1] ip address 172.2.1.2 24 [PE2-POS2/1/1] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit After you complete the configurations, OSPF adjacencies are established between PE 1, P, and PE 2.
  • Page 294 # Configure the P device. [P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] lsp-trigger all [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface pos 2/1/1 [P-POS2/1/1] mpls [P-POS2/1/1] mpls ldp [P-POS2/1/1] quit [P] interface pos 2/1/2 [P-POS2/1/2] mpls [P-POS2/1/2] mpls ldp [P-POS2/1/2] quit # Configure PE 2.
  • Page 295 A '*' before a Label means the USCB or DSCB is stale Configure VPN instances on PEs to allow CEs to access. # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 111:1 [PE1-vpn-instance-vpn1] quit [PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 100:2 [PE1-vpn-instance-vpn2] vpn-target 222:2 [PE1-vpn-instance-vpn2] quit...
  • Page 296 PING 10.1.1.1: 56 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=56 ms Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=4 ms Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=4 ms Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=52 ms Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=3 ms --- 10.1.1.1 ping statistics --- 5 packet(s) transmitted...
  • Page 297 Configure an MP-IBGP peer relationship between PEs # Configure PE 1. [PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # Configure PE 2. [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0...

  • Page 298: Configuring Mpls L3Vpns Using Ibgp Between Pe And Ce

    CEs of the same VPN can ping each other, whereas those of different VPNs can not. For example, CE 1 can ping CE 3 (10.3.1.1), but cannot ping CE 4 (10.4.1.1): [CE1] ping 10.3.1.1 PING 10.3.1.1: 56 data bytes, press CTRL_C to break Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=253 time=72 ms Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=253 time=34 ms Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=253 time=50 ms...
  • Page 299 Figure 75 Network diagram AS 100 AS 100 VPN 1 VPN 1 CE 3 Loop0 Loop0 CE 1 GE3/1/1 GE3/1/1 Loop0 PE 2 GE3/1/1 GE3/1/1 PE 1 POS5/1/1 POS5/1/2 Loop0 Loop0 POS5/1/1 POS5/1/1 GE3/1/2 GE3/1/2 MPLS backbone GE3/1/1 GE3/1/1 CE 2 Loop0 Loop0 CE 4...
  • Page 300 <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface pos 5/1/1 [P-POS5/1/1] ip address 172.1.1.2 24 [P-POS5/1/1] quit [P] interface pos 5/1/2 [P-POS5/1/2] ip address 172.2.1.1 24 [P-POS5/1/2] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0...
  • Page 301 Neighbors Area 0.0.0.0 interface 172.1.1.1(POS5/1/1)'s neighbors Router ID: 2.2.2.9 Address: 172.1.1.2 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: 172.1.1.1 BDR: 172.1.1.2 MTU: 0 Dead timer due in 38 Neighbor is up for 00:02:44 Authentication Sequence: [ 0 ] Neighbor state change count: 5 Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs.
  • Page 302 [PE1] display mpls ldp session LDP Session(s) in Public Network ---------------------------------------------------------------- Peer-ID Status SsnRole KA-Sent/Rcv --------------------------------------------------------------- 2.2.2.9:0 Operational Passive --------------------------------------------------------------- LAM : Label Advertisement Mode : Fault Tolerance [PE1] display mpls ldp lsp LDP LSP Information ------------------------------------------------------------------ DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface ------------------------------------------------------------------ 1.1.1.9/32...
  • Page 303 [PE2-GigabitEthernet3/1/1] ip address 10.3.1.2 24 [PE2-GigabitEthernet3/1/1] quit [PE2] interface GigabitEthernet 3/1/2 [PE2-GigabitEthernet3/1/2] ip binding vpn-instance vpn2 [PE2-GigabitEthernet3/1/2] ip address 10.4.1.2 24 [PE2-GigabitEthernet3/1/2 quit # Configure IP addresses for the CEs as per Figure 75. (Details not shown) After completing the configurations, issue the display ip vpn-instance command on the PEs to view the configuration of the VPN instances.
  • Page 304 [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] peer 10.1.1.1 as-number 100 [PE1-bgp-vpn1] peer 10.1.1.1 reflect-client [PE1-bgp-vpn1] import-route direct [PE1-bgp-vpn1] quit [PE1-bgp] ipv4-family vpn-instance vpn2 [PE1-bgp-vpn2] peer 10.2.1.1 as-number 100 [PE1-bgp-vpn2] peer 10.2.1.1 reflect-client [PE1-bgp-vpn2] import-route direct [PE1-bgp-vpn2] quit [PE1-bgp] quit NOTE: The configurations for PE 2 are similar to those for PE 1.
  • Page 305 [PE2-route-policy] quit [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 route-policy pe-ibgp import [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit Issue the display bgp peer command or the display bgp vpnv4 all peer command on the PEs. The output shows that a BGP peer relationship has been established between the PEs, and has reached the Established state.

  • Page 306: Configuring An Mpls L3Vpn That Uses A Gre Tunnel

    CEs of the same VPN can ping each other, whereas those of different VPNs can not. For example, CE 1 can ping CE 3 (6.6.6.9), but cannot ping CE 4 (7.7.7.9): [CE1] ping 6.6.6.9 PING 6.6.6.9: 56 data bytes, press CTRL_C to break Reply from 6.6.6.9: bytes=56 Sequence=1 ttl=253 time=72 ms Reply from 6.6.6.9: bytes=56 Sequence=2 ttl=253 time=34 ms Reply from 6.6.6.9: bytes=56 Sequence=3 ttl=253 time=50 ms...
  • Page 307 Figure 76 Network diagram Device Interface IP address Device Interface IP address CE 1 GE3/1/1 10.1.1.1/24 POS5/1/1 172.1.1.2/24 PE 1 Loop0 1.1.1.9/32 POS5/1/2 172.2.1.1/24 GE3/1/1 10.1.1.2/24 PE 2 Loop0 2.2.2.9/32 POS5/1/2 172.1.1.1/24 GE3/1/1 10.2.1.2/24 Tunnel0 20.1.1.1/24 POS5/1/1 172.2.1.2/24 CE 2 GE3/1/1 10.2.1.1/24 Tunnel0...
  • Page 308 [PE1] tunnel-policy gre1 [PE1-tunnel-policy-gre1] tunnel select-seq gre load-balance-number 1 [PE1-tunnel-policy-gre1] quit [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] tnl-policy gre1 [PE1-vpn-instance-vpn1] quit [PE1] interface GigabitEthernet 3/1/1 [PE1-GigabitEthernet3/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet3/1/1] ip address 10.1.1.2 24 [PE1-GigabitEthernet3/1/1] quit # Configure PE 2.
  • Page 309 Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=29 ms Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=9 ms --- 10.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 7/21/33 ms Establish EBGP peer relationships between PEs and CEs to allow VPN routes to be redistributed # Configure CE 1.
  • Page 310 NOTE: The configurations for PE 2 are similar to those for PE 1. (Details not shown) After completing the configuration, issue the display bgp peer command or the display bgp vpnv4 all peer command on the PEs. The output shows that BGP peer relationship has been established between the PEs, and has reached the Established state.

  • Page 311: Configuring Inter-As Option A

    2.2.2.9/32 OSPF 3125 172.1.1.2 POS5/1/2 10.2.1.0/24 Static 60 20.1.1.1 Tunnel0 20.1.1.0/24 Direct 0 20.1.1.1 Tunnel0 20.1.1.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 172.1.1.0/24 Direct 0 172.1.1.1 POS5/1/2 172.1.1.1/32 Direct 0 127.0.0.1 InLoop0 172.1.1.2/32 Direct 0 172.1.1.2...
  • Page 312 Figure 77 Network diagram MPLS backbone Loop0 Loop0 MPLS backbone AS 100 AS 200 POS2/1/2 POS2/1/2 POS2/1/1 POS2/1/1 ASBR-PE 2 ASBR-PE 1 Loop0 Loop0 POS2/1/1 POS2/1/1 PE 2 PE 1 GE4/1/2 GE4/1/2 GE4/1/1 GE4/1/1 CE 1 CE 2 AS 65001 AS 65002 Device Interface...
  • Page 313 [PE1] interface pos2/1/1 [PE1-POS2/1/1] mpls [PE1-POS2/1/1] mpls ldp [PE1-POS2/1/1] quit # Configure basic MPLS on ASBR PE 1 and enable MPLS LDP on the interface connected to PE 1. <ASBR-PE1> system-view [ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit [ASBR-PE1] interface pos2/1/1 [ASBR-PE1-POS2/1/1] clock master...
  • Page 314 # Configure CE 1. <CE1> system-view [CE1] interface GigabitEthernet 4/1/1 [CE1-GigabitEthernet4/1/1] ip address 10.1.1.1 24 [CE1-GigabitEthernet4/1/1] quit # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] quit [PE1] interface GigabitEthernet 4/1/2 [PE1-GigabitEthernet4/1/2] ip binding vpn-instance vpn1 [PE1-GigabitEthernet4/1/2] ip address 10.1.1.2 24 [PE1-GigabitEthernet4/1/2] quit # Configure CE 2.
  • Page 315 [ASBR-PE2-POS2/1/2] ip address 192.1.1.2 24 [ASBR-PE2-POS2/1/2] quit After completing the configurations, view the VPN instance configurations by issuing the display ip vpn-instance command. The PEs can ping their attached CEs and the ASBR PEs can ping each other. Establish EBGP peer relationships between PEs and CEs to allow VPN routes to be redistributed # Configure CE 1.

  • Page 316: Configuring Inter-As Option B

    [ASBR-PE1-bgp] peer 1.1.1.9 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback 0 [ASBR-PE1-bgp] ipv4-family vpnv4 [ASBR-PE1-bgp-af-vpnv4] peer 1.1.1.9 enable [ASBR-PE1-bgp-af-vpnv4] peer 1.1.1.9 next-hop-local [ASBR-PE1-bgp-af-vpnv4] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ipv4-family vpn-instance vpn1 [ASBR-PE2-bgp-vpn1] peer 192.1.1.1 as-number 100 [ASBR-PE2-bgp-vpn1] quit [ASBR-PE2-bgp] peer 4.4.4.9 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.9 connect-interface loopback 0...
  • Page 317 Figure 78 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 GE4/1/1 30.0.0.1/8 GE4/1/1 20.0.0.1/8 POS2/1/1 1.1.1.2/8 POS2/1/1 9.1.1.2/8 ASBR-PE 1 Loop0 3.3.3.9/32 ASBR-PE 2 Loop0 4.4.4.9/32 POS2/1/1 1.1.1.1/8 POS2/1/1 9.1.1.1/8 POS2/1/2 11.0.0.2/8 POS2/1/2...
  • Page 318 [PE1-POS2/1/1] quit # Configure interface Loopback 0 and start IS-IS on it. [PE1] interface loopback 0 [PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and VPN target attributes. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity...
  • Page 319 [ASBR-PE1-POS2/1/1] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-POS2/1/1] isis enable 1 [ASBR-PE1-POS2/1/1] mpls [ASBR-PE1-POS2/1/1] mpls ldp [ASBR-PE1-POS2/1/1] quit # Configure interface POS 2/1/2 and enable MPLS. [ASBR-PE1] interface POS 2/1/2 [ASBR-PE1-POS2/1/2] clock master [ASBR-PE1-POS2/1/2] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-POS2/1/2] mpls [ASBR-PE1-POS2/1/2] quit # Configure interface Loopback 0 and start IS-IS on it.
  • Page 320 [ASBR-PE2-POS2/1/1] mpls [ASBR-PE2-POS2/1/1] mpls ldp [ASBR-PE2-POS2/1/1] quit # Configure interface POS 2/1/2 and enable MPLS. [ASBR-PE2] interface POS 2/1/2 [ASBR-PE2-POS2/1/2] ip address 11.0.0.1 255.0.0.0 [ASBR-PE2-POS2/1/2] mpls [ASBR-PE2-POS2/1/2] quit # Configure interface Loopback 0 and start IS-IS on it. [ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit...

  • Page 321: Configuring Inter-As Option C

    # Configure interface Loopback 0 and start IS-IS on it. [PE2] interface loopback 0 [PE2-LoopBack0] ip address 5.5.5.9 32 [PE2-LoopBack0] isis enable 1 [PE2-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and VPN target attributes. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 12:12 [PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity...
  • Page 322 ASBR-PE 1 and ASBR-PE 2 use their respective routing policies and label the routes received from • each other. ASBR-PE 1 and ASBR-PE 2 use MP-EBGP to exchange labeled IPv4 routes. • Figure 79 Network diagram Device Interface IP address Device Interface IP address...
  • Page 323 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1 and configure the RD and VPN target attributes. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Configure interface Loopback 1 and bind the interface to VPN instance vpn1.
  • Page 324 [ASBR-PE1] mpls ldp [ASBR-PE1-mpls-ldp] quit # Configure interface POS 4/1/1, and start IS-IS and enable MPLS and LDP on the interface. [ASBR-PE1] interface POS 4/1/1 [ASBR-PE1-POS4/1/1] clock master [ASBR-PE1-POS4/1/1] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-POS4/1/1] isis enable 1 [ASBR-PE1-POS4/1/1] mpls [ASBR-PE1-POS4/1/1] mpls ldp [ASBR-PE1-POS4/1/1] quit # Configure interface POS 4/1/2 and enable MPLS on it.
  • Page 325 Configure ASBR-PE 2 # Start IS-IS on ASBR-PE 2. <ASBR-PE2> system-view [ASBR-PE2] isis 1 [ASBR-PE2-isis-1] network-entity 10.2222.2222.2222.2222.00 [ASBR-PE2-isis-1] quit # Configure LSR ID, enable MPLS and LDP. [ASBR-PE2] mpls lsr-id 4.4.4.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] label advertise non-null [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit # Configure interface POS 4/1/1, and start IS-IS and enable MPLS and LDP on the interface.
  • Page 326 # Use routing policy policy2 to filter routes advertised to IBGP peer 5.5.5.9. [ASBR-PE2-bgp] peer 5.5.5.9 route-policy policy2 export # Use routing policy policy1 to filter routes advertised to EBGP peer 11.0.0.2. [ASBR-PE2-bgp] peer 11.0.0.2 as-number 100 [ASBR-PE2-bgp] peer 11.0.0.2 route-policy policy1 export # Configure the capability to advertise labeled routes to EBGP peer 11.0.0.2 and to receive labeled routes from the peer.

  • Page 327: Configuring Carrier's Carrier

    [PE2] bgp 600 # Configure the capability to advertise labeled routes to IBGP peer 4.4.4.9 and to receive labeled routes from the peer. [PE2-bgp] peer 4.4.4.9 as-number 600 [PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE2-bgp] peer 4.4.4.9 label-route-capability # Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10. [PE2-bgp] peer 2.2.2.9 as-number 100 [PE2-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE2-bgp] peer 2.2.2.9 ebgp-max-hop 10...
  • Page 328 Figure 80 Network diagram Device Interface IP address Device Interface IP address CE 3 GE4/1/1 100.1.1.1/24 CE 4 GE4/1/1 120.1.1.1/24 PE 3 Loop0 1.1.1.9/32 PE 4 Loop0 6.6.6.9/32 GE4/1/1 100.1.1.2/24 GE4/1/1 120.1.1.2/24 POS2/1/2 10.1.1.1/24 POS2/1/2 20.1.1.2/24 CE 1 Loop0 2.2.2.9/32 CE 2 Loop0 5.5.5.9/32...
  • Page 329 [PE1-LoopBack0] quit [PE1] interface POS 2/1/2 [PE1-POS2/1/2] ip address 30.1.1.1 24 [PE1-POS2/1/2] isis enable 1 [PE1-POS2/1/2] mpls [PE1-POS2/1/2] mpls ldp [PE1-POS2/1/2] mpls ldp transport-address interface [PE1-POS2/1/2] quit [PE1] bgp 100 [PE1-bgp] peer 4.4.4.9 as-number 100 [PE1-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 4.4.4.9 enable [PE1-bgp-af-vpnv4] quit...
  • Page 330 [PE3-LoopBack0] ip address 1.1.1.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 1.1.1.9 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] isis 2 [PE3-isis-2] network-entity 10.0000.0000.0000.0001.00 [PE3-isis-2] quit [PE3] interface loopback 0 [PE3-LoopBack0] isis enable 2 [PE3-LoopBack0] quit [PE3] interface POS 2/1/2 [PE3-POS2/1/2] ip address 10.1.1.1 24 [PE3-POS2/1/2] isis enable 2 [PE3-POS2/1/2] mpls...
  • Page 331 Perform configuration to allow CEs of the customer carrier to access PEs of the provider carrier, and redistribute IS-IS routes to BGP and BGP routes to IS-IS on the PEs. # Configure PE 1. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 200:1 [PE1-vpn-instance-vpn1] vpn-target 1:1 [PE1-vpn-instance-vpn1] quit [PE1] mpls ldp vpn-instance vpn1...
  • Page 332 [CE3-bgp] peer 100.1.1.2 as-number 100 [CE3-bgp] import-route direct [CE3-bgp] quit # Configure PE 3. [PE3] ip vpn-instance vpn1 [PE3-vpn-instance-vpn1] route-distinguisher 100:1 [PE3-vpn-instance-vpn1] vpn-target 1:1 [PE3-vpn-instance-vpn1] quit [PE3] interface GigabitEthernet 4/1/1 [PE3-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE3-GigabitEthernet4/1/1] ip address 100.1.1.2 24 [PE3-GigabitEthernet4/1/1] quit [PE3] bgp 100 [PE3-bgp] ipv4-family vpn-instance vpn1...
  • Page 333 30.1.1.2/32 Direct 0 30.1.1.2 POS2/1/2 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Issue the display ip routing-table vpn-instance command on PE 1 and PE 2. The output shows that the internal routes of the customer carrier network are present in the VPN routing tables, but the VPN routes that the customer carrier maintains are not.
  • Page 334 Destinations : 11 Routes : 11 Destination/Mask Proto Cost NextHop Interface 1.1.1.9/32 Direct 0 127.0.0.1 InLoop0 2.2.2.9/32 ISIS 10.1.1.2 POS2/1/2 5.5.5.9/32 ISIS 10.1.1.2 POS2/1/2 6.6.6.9/32 ISIS 10.1.1.2 POS2/1/2 10.1.1.0/24 Direct 0 10.1.1.1 POS2/1/2 10.1.1.1/32 Direct 0 127.0.0.1 InLoop0 10.1.1.2/32 Direct 0 10.1.1.2 POS2/1/2 11.1.1.0/24...

  • Page 335: Configuring Nested Vpn

    --- 120.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 69/90/105 ms Configuring nested VPN Network requirements The service provider provides nested VPN services for users, as shown in Figure 81, where: PE 1 and PE 2 are PE devices on the service provider backbone. Both of them support the nested •...
  • Page 336 CE 3 GE3/1/1 100.1.1.1/24 CE 4 GE3/1/1 120.1.1.1/24 CE 5 GE3/1/1 110.1.1.1/24 CE 6 GE3/1/1 130.1.1.1/24 PE 1 Loop0 3.3.3.9/32 PE 2 Loop0 4.4.4.9/32 POS5/1/1 11.1.1.2/24 POS5/1/1 30.1.1.2/24 POS5/1/2 30.1.1.1/24 POS5/1/2 21.1.1.1/24 PE 3 Loop0 1.1.1.9/32 PE 4 Loop0 6.6.6.9/32 GE3/1/1 100.1.1.2/24 GE3/1/1...
  • Page 337 After completing the configurations, execute commands display mpls ldp session, display bgp peer and display isis peer respectively on either PE 1 or PE 2. The output shows that the LDP session is established, the BGP peer relationship is established and in Established state, and the IS-IS neighbor relationship is established and up.
  • Page 338 # Configure CE 1. <CE1> system-view [CE1] interface loopback 0 [CE1-LoopBack0] ip address 2.2.2.9 32 [CE1-LoopBack0] quit [CE1] mpls lsr-id 2.2.2.9 [CE1] mpls [CE1-mpls] quit [CE1] mpls ldp [CE1-mpls-ldp] quit [CE1] isis 2 [CE1-isis-2] network-entity 10.0000.0000.0000.0002.00 [CE1-isis-2] quit [CE1] interface loopback 0 [CE1-LoopBack0] isis enable 2 [CE1-LoopBack0] quit [CE1] interface pos 5/1/1...
  • Page 339 [CE1-POS5/1/2] mpls [CE1-POS5/1/2] quit [CE1] bgp 200 [CE1-bgp] peer 11.1.1.2 as-number 100 [CE1-bgp] import isis 2 [CE1-bgp] quit NOTE: Configurations on PE 2 and CE 2 are similar to those on PE 1 and CE 1 respectively, and are thus omitted here.
  • Page 340 [PE3-bgp] ipv4-family vpn-instance SUB_VPN1 [PE3-bgp-SUB_VPN1] peer 100.1.1.1 as-number 65410 [PE3-bgp-SUB_VPN1] import-route direct [PE3-bgp-SUB_VPN1] quit [PE3-bgp] ipv4-family vpn-instance SUB_VPN2 [PE3-bgp-SUB_VPN2] peer 110.1.1.1 as-number 65411 [PE3-bgp-SUB_VPN2] import-route direct [PE3-bgp-SUB_VPN2] quit [PE3-bgp] quit NOTE: Configurations on PE 4, CE 4 and CE 6 are similar to those on PE 3, CE 3 and CE 5 respectively, and are thus omitted here.
  • Page 341 # Allow the local AS number to appear in the AS-PATH attribute of the routes received. [PE3-bgp-af-vpnv4] peer 2.2.2.9 allow-as-loop 2 [PE3-bgp-af-vpnv4] quit [PE3-bgp] quit # Configure CE 1. [CE1] bgp 200 [CE1-bgp] peer 1.1.1.9 as-number 200 [CE1-bgp] peer 1.1.1.9 connect-interface loopback 0 [CE1-bgp] ipv4-family vpnv4 [CE1-bgp-af-vpnv4] peer 1.1.1.9 enable [CE1-bgp-af-vpnv4] undo policy vpn-target...
  • Page 342 120.1.1.0/24 4.4.4.9 NULL0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 130.1.1.0/24 4.4.4.9 NULL0 Execute the display bgp vpnv4 all routing-table command on CE 1 and CE 2 to verify that the VPNv4 routing tables on the customer VPN contain internal sub-VPN routes. The following takes CE 1 for illustration.
  • Page 343 [PE3] display ip routing-table vpn-instance SUB_VPN1 Routing Tables: SUB_VPN1 Destinations : 5 Routes : 5 Destination/Mask Proto Cost NextHop Interface 100.1.1.0/24 Direct 0 100.1.1.2 GE3/1/1 100.1.1.2/32 Direct 0 127.0.0.1 InLoop0 120.1.1.0/24 2.2.2.9 NULL0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Execute the display ip routing-table command on CE 3 and CE 4 to verify that the routing tables...

  • Page 344: Configuring Hovpn

    5 packet(s) received 0.00% packet loss round-trip min/avg/max = 69/90/105 ms CE 5 and CE 6 can ping each other successfully. [CE5] ping 130.1.1.1 PING 130.1.1.1: 56 data bytes, press CTRL_C to break Reply from 130.1.1.1: bytes=56 Sequence=1 ttl=252 time=102 ms Reply from 130.1.1.1: bytes=56 Sequence=2 ttl=252 time=69 ms Reply from 130.1.1.1: bytes=56 Sequence=3 ttl=252 time=105 ms Reply from 130.1.1.1: bytes=56 Sequence=4 ttl=252 time=88 ms...
  • Page 345 Figure 82 Network diagram Loop0 Loop0 GE4/1/2 GE4/1/1 SPE 1 SPE 2 Loop0 Loop0 GE4/1/1 GE4/1/2 GE4/1/3 GE4/1/1 AS 100 UPE 1 UPE 2 GE4/1/1 GE4/1/2 GE4/1/2 GE4/1/3 VPN 1 VPN 2 VPN 1 VPN 2 GE4/1/1 GE4/1/1 GE4/1/1 GE4/1/1 CE 1 CE 2 CE 3...
  • Page 346 [UPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [UPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [UPE1-ospf-1-area-0.0.0.0] quit [UPE1-ospf-1] quit # Configure VPN instances vpn1 and vpn2, allowing CE 1 and CE 2 to access UPE 1. [UPE1] ip vpn-instance vpn1 [UPE1-vpn-instance-vpn1] route-distinguisher 100:1 [UPE1-vpn-instance-vpn1] vpn-target 100:1 both [UPE1-vpn-instance-vpn1] quit [UPE1] ip vpn-instance vpn2 [UPE1-vpn-instance-vpn2] route-distinguisher 100:2...
  • Page 347 [CE2] interface GigabitEthernet 4/1/1 [CE2-GigabitEthernet4/1/1] ip address 10.4.1.1 255.255.255.0 [CE2-GigabitEthernet4/1/1] quit [CE2] bgp 65420 [CE2-bgp] peer 10.4.1.2 as-number 100 [CE2-bgp] import-route direct [CE2] quit Configure UPE 2 # Configure basic MPLS and MPLS LDP to establish LDP LSPs. <UPE2> system-view [UPE2] interface loopback 0 [UPE2-LoopBack0] ip address 4.4.4.9 32 [UPE2-LoopBack0] quit...
  • Page 348 # Configure UPE 2 to establish MP-IBGP peer relationship with SPE 2 and to inject VPN routes. [UPE2] bgp 100 [UPE2-bgp] peer 3.3.3.9 as-number 100 [UPE2-bgp] peer 3.3.3.9 connect-interface loopback 0 [UPE2-bgp] ipv4-family vpnv4 [UPE2-bgp-af-vpnv4] peer 3.3.3.9 enable [UPE2-bgp-af-vpnv4] quit [UPE2-bgp] ipv4-family vpn-instance vpn1 [UPE2-bgp-vpn1] peer 10.1.1.1 as-number 65430 [UPE2-bgp-vpn1] import-route direct...
  • Page 349 [SPE1-GigabitEthernet4/1/1] mpls [SPE1-GigabitEthernet4/1/1] mpls ldp [SPE1-GigabitEthernet4/1/1] quit [SPE1] interface GigabitEthernet 4/1/2 [SPE1-GigabitEthernet4/1/2] ip address 180.1.1.1 24 [SPE1-GigabitEthernet4/1/2] mpls [SPE1-GigabitEthernet4/1/2] mpls ldp [SPE1-GigabitEthernet4/1/2] quit # Configure the IGP protocol, OSPF, for example. [SPE1] ospf [SPE1-ospf-1] area 0 [SPE1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [SPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.0] quit...
  • Page 350 [SPE1-route-policy] quit [SPE1] bgp 100 [SPE1-bgp] ipv4-family vpnv4 [SPE1-bgp-af-vpnv4] peer 1.1.1.9 upe route-policy hope export Configure SPE 2 # Configure basic MPLS and MPLS LDP to establish LDP LSPs. <SPE2> system-view [SPE2] interface loopback 0 [SPE2-LoopBack0] ip address 3.3.3.9 32 [SPE2-LoopBack0] quit [SPE2] mpls lsr-id 3.3.3.9 [SPE2] mpls...

  • Page 351: Configuring Ospf Sham Links

    [SPE2-bgp] peer 4.4.4.9 next-hop-local [SPE2-bgp] peer 2.2.2.9 as-number 100 [SPE2-bgp] peer 2.2.2.9 connect-interface loopback 0 [SPE2-bgp] ipv4-family vpnv4 [SPE2-bgp-af-vpnv4] peer 2.2.2.9 enable [SPE2-bgp-af-vpnv4] peer 4.4.4.9 enable [SPE2-bgp-af-vpnv4] peer 4.4.4.9 upe [SPE2-bgp-af-vpnv4] quit [SPE2-bgp]ipv4-family vpn-instance vpn1 [SPE2-bgp-vpn1] quit [SPE2-bgp]ipv4-family vpn-instance vpn2 [SPE2-bgp-vpn2] quit [SPE2-bgp] quit # Configure SPE 2 to advertise to UPE 2 the routes permitted by a routing policy, that is, the routes...
  • Page 352 POS2/1/2 20.1.1.1/24 POS2/1/2 30.1.1.2/24 PE 1 Loop0 1.1.1.9/32 PE 2 Loop0 2.2.2.9/32 Loop1 3.3.3.3/32 Loop1 5.5.5.5/32 GE4/1/1 100.1.1.2/24 GE4/1/1 120.1.1.2/24 POS2/1/2 10.1.1.1/24 POS2/1/1 10.1.1.2/24 Router A POS2/1/1 30.1.1.1/24 POS2/1/2 20.1.1.2/24 Configuration procedure Configure OSPF on the customer networks Configure conventional OSPF on CE 1, Router A, and CE 2 to advertise segment addresses of the interfaces as shown in Figure 83.
  • Page 353 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 2.2.2.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit # Configure OSPF on PE 1. [PE1]ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure basic MPLS and MPLS LDP on PE 2 to establish LDP LSPs.
  • Page 354 [PE1-vpn-instance-vpn1] quit [PE1] interface GigabitEthernet 4/1/1 [PE1-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE1-GigabitEthernet4/1/1] ip address 100.1.1.2 24 [PE1-GigabitEthernet4/1/1] quit [PE1] ospf 100 vpn-instance vpn1 [PE1-ospf-100] domain-id 10 [PE1-ospf-100] area 1 [PE1-ospf-100-area-0.0.0.1] network 100.1.1.0 0.0.0.255 [PE1-ospf-100-area-0.0.0.1] quit [PE1-ospf-100] quit [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1] import-route ospf 100 [PE1-bgp-vpn1] import-route direct...
  • Page 355 100.1.1.2/32 Direct 0 127.0.0.1 InLoop0 120.1.1.0/24 OSPF 3126 100.1.1.1 GE4/1/1 Configure a sham link # Configure PE 1. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ip address 3.3.3.3 32 [PE1-LoopBack1] quit [PE1] ospf 100 [PE1-ospf-100] area 1 [PE1-ospf-100-area-0.0.0.1] sham-link 3.3.3.3 5.5.5.5 cost 10 [PE1-ospf-100-area-0.0.0.1] quit [PE1-ospf-100] quit...

  • Page 356: Configuring Bgp As Number Substitution

    30.1.1.0/24 OSPF 1574 100.1.1.2 GE4/1/1 100.1.1.0/24 Direct 0 100.1.1.1 GE4/1/1 100.1.1.1/32 Direct 0 127.0.0.1 InLoop0 120.1.1.0/24 OSPF 100.1.1.2 GE4/1/1 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Issue the display ospf sham-link command on the PEs. You can see the established sham link. Take PE 1 as an example: [PE1] display ospf sham-link OSPF Process 100 with Router ID 100.1.1.2...
  • Page 357 PE 1 Loop0 1.1.1.9/32 GE4/1/2 30.1.1.1/24 GE4/1/1 10.1.1.2/24 PE 2 Loop0 3.3.3.9/32 GE4/1/2 20.1.1.1/24 GE4/1/1 10.2.1.2/24 CE 2 GE4/1/1 10.2.1.1/24 GE4/1/2 30.1.1.2/24 GE4/1/2 200.1.1.1/24 Configuration procedure Configure basic MPLS L3VPN Configure OSPF on the MPLS backbone to allow the PEs and P device to learn the routes of the •...
  • Page 358 Enable BGP update packet debugging on PE 2. You can see that PE 2 advertises the route to 100.1.1.1/32, and the AS_PATH is 100 600. <PE2> terminal monitor <PE2> terminal debugging <PE2> debugging bgp update vpn-instance vpn1 verbose <PE2> refresh bgp vpn-instance vpn1 all export *0.4402392 PE2 RM/7/RMDEBUG: BGP.vpn1: Send UPDATE to 10.2.1.1 for following destinations : Origin...
  • Page 359 Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf PrefVal Path/Ogn *> 10.1.1.0/24 10.2.1.2 100? *> 10.1.1.1/32 10.2.1.2 100? 10.2.1.0/24 10.2.1.2 100? 10.2.1.1/32 10.2.1.2 100? *> 100.1.1.1/32 10.2.1.2 100 100? <CE2> display ip routing-table Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask...

  • Page 360: Configuring Ipv6 Mpls L3Vpn

    Configuring IPv6 MPLS L3VPN IPv6 MPLS L3VPN overview MPLS L3VPN applies to the IPv4 environment. It uses BGP to advertise IPv4 VPN routes and uses MPLS to forward IPv4 VPN packets on the service provider backbone. IPv6 MPLS L3VPN functions similarly. It uses BGP to advertise IPv6 VPN routes and uses MPLS to forward IPv6 VPN packets on the service provider backbone.

  • Page 361: Ipv6 Mpls L3Vpn Packet Forwarding

    IPv6 MPLS L3VPN packet forwarding Figure 86 IPv6 MPLS L3VPN packet forwarding diagram Site 2 Site 1 CE 1 CE 2 PE 2 PE 1 2001:1::1/96 2001:2::1/96 Layer1 Layer2 2001:2::1 2001:2::1 Layer2 2001:2::1 2001:2::1 As shown in Figure 86, the IPv6 MPLS L3VPN packet forwarding procedure is as follows: The PC at Site 1 sends an IPv6 packet destined for 2001:2::1, the PC at Site 2.

  • Page 362: Ipv6 Mpls L3Vpn Networking Schemes And Functions

    Then, the ingress PE advertises the VPN-IPv6 routes to the egress PE through MP-BGP. Finally, the egress PE compares the export target attributes of the VPN-IPv6 routes with the import target attributes that it maintains for the VPN instance and, if they are the same, adds the routes to the routing table of the VPN instance.

  • Page 363: Configuration Prerequisites

    Task Remarks Configuring route related attributes for a VPN Optional instance Configuring a tunneling policy for a VPN instance Optional Configuring an LDP instance Optional Configuring routing between PE and CE Required Configuring routing between PEs Required Configuring routing features for the BGP-VPNv6 subaddress family Optional Configuration prerequisites Before configuring basic IPv6 MPLS L3VPN, complete these tasks:...

  • Page 364: Configuring Route Related Attributes For A Vpn Instance

    Associating a VPN instance with an interface After creating and configuring a VPN instance, you need to associate the VPN instance with the interface for connecting the CE. Any LDP-capable interface can be associated with a VPN instance. For information about LDP-capable interfaces, see the chapter “Configuring basic MPLS.” To associate a VPN instance with an interface: Step Command...
  • Page 365 Step Command Remarks Optional Apply an export routing export route-policy route-policy By default, routes to be advertised policy. are not filtered. NOTE: Route related attributes configured in VPN instance view are applicable to both IPv4 VPNs and IPv6 • VPNs. You can configure route related attributes for IPv6 VPNs in both VPN instance view and IPv6 VPN view.

  • Page 366: Configuring Routing Between Pe And Ce

    NOTE: When you configure tunnel selection preference order by using the tunnel select-seq command, a • tunnel type closer to the select-seq keyword has a higher priority. For example, with the tunnel select-seq lsp cr-lsp load-balance-number 1 command configured, VPN uses a CR-LSP tunnel when no LSP exists.
  • Page 367 NOTE: Layer 3—IP Routing Configuration Guide For information about IPv6 static routing, see Configuring RIPng between PE and CE A RIPng process belongs to the public network or a single VPN instance. If you create a RIPng process without binding it to a VPN instance, the process belongs to the public network. To configure RIPng between PE and CE: Step Command...
  • Page 368 Configuring IPv6 IS-IS between PE and CE An IPv6 IS-IS process belongs to the public network or a single VPN instance. If you create an IPv6 IS-IS process without binding it to a VPN instance, the process belongs to the public network. To configure IPv6 IS-IS between PE and CE: Step Command...

  • Page 369: Configuring Routing Between Pes

    Step Command Remarks Optional filter-policy { acl6-number | Configure a filtering policy to ipv6-prefix ipv6-prefix-name } By default, the PE does not filter filter received routes. import received routes. Configurations on a CE To configure EBGP between PE and CE: Step Command Remarks...

  • Page 370: Configuring Routing Features For The Bgp-Vpnv6 Subaddress Family

    Step Command Remarks Enable the exchange of BGP-VPNv6 routing By default, BGP peers exchange peer ip-address enable information with the specified only IPv4 routing information. peer. Configuring routing features for the BGP-VPNv6 subaddress family A variety of routing features for the BGP-VPNv6 subaddress family are the same as those for BGP IPv6 unicast routing.

  • Page 371: Configuring Inter-As Ipv6 Vpn

    Step Command Remarks Optional Configure BGP updates to the peer to not carry private AS peer ip-address public-as-only By default, a BGP update carries numbers. private AS numbers. Optional peer ip-address route-policy Apply a routing policy for the route-policy-name { export | By default, no routing policy is peer.

  • Page 372: Configuring Inter-As Ipv6 Vpn Option A

    Configuring inter-AS IPv6 VPN option A Inter-AS IPv6 VPN option A applies to scenarios where the number of VPNs and that of VPN routes on the PEs are relatively small. It is easy to implement. To configure inter-AS IPv6 option A, you need to: •...

  • Page 373: Configuring Routing On An Mce

    Configuring the ASBR PEs In the inter-AS IPv6 VPN option C solution, an inter-AS LSP is required, and the routes advertised between the relevant PEs and ASBRs must carry MPLS label information. The configuration is the same as that in the Inter-AS IPv4 VPN option C solution (see the chapter “Configuring MPLS L3VPN”).
  • Page 374 Step Command Remarks configure normal ipv6 route-static vpn-instance static routes. s-vpn-instance-name&<1-6> ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | nexthop-address [ public ] | vpn-instance d-vpn-instance-name nexthop-address } [ preference preference-value ] Configure the default Optional ipv6 route-static default-preference precedence for IPv6 static default-preference-value 60 by default...
  • Page 375 Step Command Remarks Enter system view. system-view Create an OSPFv3 process for Perform this configuration on the ospfv3 [ process-id ] vpn-instance a VPN instance and enter MCE. On a VPN site, configure vpn-instance-name OSPFv3 view. normal OSPFv3. Set the router ID. router-id router-id Required import-route protocol [ process-id...
  • Page 376 Step Command Remarks Return to system view. quit interface interface-type Enter interface view. interface-number Enable the IPv6 IS-IS process isis ipv6 enable [ process-id ] Disabled by default on the interface. NOTE: Layer 3—IP Routing Configuration Guide For more information about IPv6 IS-IS, see Configuring EBGP between MCE and VPN site To use EBGP for exchanging routing information between an MCE and IPv6 VPN sites, you must configure a BGP peer for each IPv6 VPN instance on the MCE, and redistribute the IGP routes of each...

  • Page 377: Configuring Routing Between Mce And Pe

    Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. Configure the MCE as the peer ipv6-address as-number Required EBGP peer. as-number Optional By default, no route redistribution import-route protocol [ process-id Redistribute the IGP routes of is configured.
  • Page 378 Configuring RIPng between MCE and PE To configure RIPng between MCE and PE: Step Command Remarks Enter system view. system-view Create a RIPng process for an IPv6 VPN ripng [ process-id ] vpn-instance Required instance and enter vpn-instance-name RIPng view. import-route protocol [ process-id ] By default, no route of any Redistribute the VPN...
  • Page 379 Step Command Remarks Enable the OSPFv3 process ospfv3 process-id area area-id Disabled by default. on the interface. [ instance instance-id ] NOTE: Layer 3—IP Routing Configuration Guide For more information about OSPFv3, see Configuring IPv6 IS-IS between MCE and PE To configure IPv6 IS-IS between MCE and PE: Step Command...

  • Page 380: Displaying And Maintaining Ipv6 Mpls L3Vpn

    Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 BGP-VPN ipv6-family vpn-instance vpn-instance-name Required instance view. Configure the PE as the peer ipv6-address as-number as-number Required EBGP peer. import-route protocol [ process-id [ med Redistribute the VPN By default, No route med-value | route-policy routes.
  • Page 381 Task Command Remarks Display information about the IPv6 display ipv6 routing-table vpn-instance routing table associated with a vpn-instance-name [ verbose ] [ | { begin | Available in any view VPN instance. exclude | include } regular-expression ] Display information about a display ip vpn-instance [ instance-name specific VPN instance or all VPN vpn-instance-name ] [ | { begin | exclude |...

  • Page 382: Ipv6 Mpls L3Vpn Configuration Examples

    IPv6 MPLS L3VPN configuration examples Configuring IPv6 MPLS L3VPNs Network requirements CE 1 and CE 3 belong to VPN 1. CE 2 and CE 4 belong to VPN 2. • VPN 1 uses VPN target attributes 1 1 1:1. VPN 2 uses VPN target attributes 222:2. Users of different •...
  • Page 383 [PE1-LoopBack0] quit [PE1] interface pos2/1/1 [PE1-POS2/1/1] ip address 172.1.1.1 24 [PE1-POS2/1/1] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure the P router. <P> system-view [P] interface loopback 0 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface pos2/1/1...
  • Page 384 Destinations : 9 Routes : 9 Destination/Mask Proto Cost NextHop Interface 1.1.1.9/32 Direct 0 127.0.0.1 InLoop0 2.2.2.9/32 OSPF 172.1.1.2 POS2/1/1 3.3.3.9/32 OSPF 172.1.1.2 POS2/1/1 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 172.1.1.0/24 Direct 0 172.1.1.1 POS2/1/1 172.1.1.1/32 Direct 0 127.0.0.1 InLoop0...
  • Page 385 [PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface pos2/1/1 [PE2-POS2/1/1] mpls [PE2-POS2/1/1] mpls ldp [PE2-POS2/1/1] quit After you complete the configurations, LDP sessions are established between PE 1, P, and PE 2. Issue the display mpls ldp session command. The output shows that the session status is Operational.
  • Page 386 [PE1-GigabitEthernet4/1/2] ipv6 address 2001:2::2 96 [PE1-GigabitEthernet4/1/2] quit # Configure PE 2. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit [PE2] ip vpn-instance vpn2 [PE2-vpn-instance-vpn2] route-distinguisher 200:2 [PE2-vpn-instance-vpn2] vpn-target 222:2 [PE2-vpn-instance-vpn2] quit [PE2] interface GigabitEthernet 4/1/1 [PE2-GigabitEthernet4/1/1] ip binding vpn-instance vpn1 [PE2-GigabitEthernet4/1/1] ipv6 address 2001:3::2 96 [PE2-GigabitEthernet4/1/1] quit [PE2] interface GigabitEthernet 4/1/2...
  • Page 387 Establish EBGP peer relationships between the PEs and CEs to allow them to exchange VPN routes. # Configure CE 1. <CE1> system-view [CE1] bgp 65410 [CE1-bgp] ipv6-family [CE1-bgp-af-ipv6] peer 2001:1::2 as-number 100 [CE1-bgp-af-ipv6] import-route direct [CE1-bgp-af-ipv6] quit NOTE: The configurations for the CE 2 through CE 4 are similar. (Details not shown) # Configure PE 1.
  • Page 388 [PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 0 [PE2-bgp] ipv6-family vpnv6 [PE2-bgp-af-vpnv6] peer 1.1.1.9 enable [PE2-bgp-af-vpnv6] quit [PE2-bgp] quit After completing the configurations, issue the display bgp peer command or the display bgp vpnv6 all peer command on the PEs. You can see a BGP peer relationship has been established between the PEs, and has reached Established state.

  • Page 389: Configuring Inter-As Ipv6 Vpn Option A

    Interface : NULL0 Cost # From each CE, ping other CEs. CEs of the same VPN can ping each other, whereas those of different VPNs should not. For example, CE 1 can ping CE 3 (2001:3::1), but cannot ping CE 4 (2001:4::1): [CE1] ping ipv6 2001:3::1 PING 2001:3::1 : 56...
  • Page 390 Figure 88 Network diagram MPLS backbone Loop0 Loop0 MPLS backbone AS 100 AS 200 POS2/1/2 POS2/1/2 POS2/1/1 POS2/1/1 ASBR-PE 2 ASBR-PE 1 Loop0 Loop0 POS2/1/1 POS2/1/1 PE 2 PE 1 GE4/1/1 GE4/1/1 GE4/1/1 GE4/1/1 CE 1 CE 2 AS 65001 AS 65002 Device Interface...
  • Page 391 [PE1-mpls-ldp] quit [PE1] interface pos2/1/1 [PE1-POS2/1/1] mpls [PE1-POS2/1/1] mpls ldp [PE1-POS2/1/1] quit # Configure basic MPLS on ASBR-PE 1 and enable MPLS LDP for both ASBR-PE 1 and the interface connected to PE 1. <ASBR-PE1> system-view [ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls [ASBR-PE1-mpls] quit [ASBR-PE1] mpls ldp...
  • Page 392 NOTE: For the same VPN, the VPN targets for the VPN instance on the PE must match those for the VPN instance on the ASBR-PE in the same AS. This is not required for PEs in different ASs. # Configure CE 1. <CE1>...
  • Page 393 [ASBR-PE2-vpn-vpn1] quit [ASBR-PE2] interface POS 2/1/2 [ASBR-PE2-POS2/1/2] ip binding vpn-instance vpn1 [ASBR-PE2-POS2/1/2] ipv6 address 2002:1::2 96 [ASBR-PE2-POS2/1/2] quit After completing the configurations, you can view the VPN instance information by issuing the display ip vpn-instance command. Each PE can ping its attached CE, and ASBR-PE 1 and ASBR-PE 2 can ping each other. Establish EBGP peer relationships between PEs and CEs to allow them to exchange VPN routes.

  • Page 394: Configuring Inter-As Ipv6 Vpn Option C

    [ASBR-PE1] bgp 100 [ASBR-PE1-bgp] ipv6-family vpn-instance vpn1 [ASBR-PE1-bgp-ipv6-vpn1] peer 2002:1::2 as-number 200 [ASBR-PE1-bgp-ipv6-vpn1] quit [ASBR-PE1-bgp] peer 1.1.1.9 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback 0 [ASBR-PE1-bgp] ipv6-family vpnv6 [ASBR-PE1-bgp-af-vpnv6] peer 1.1.1.9 enable [ASBR-PE1-bgp-af-vpnv6] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ipv6-family vpn-instance vpn1 [ASBR-PE2-bgp-ipv6-vpn1] peer 2002:1::1 as-number 100...
  • Page 395 Figure 89 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 Loop1 2001:1::1/128 Loop1 2001:1::2/12 POS4/1/1 1.1.1.2/8 POS4/1/1 9.1.1.2/8 ASBR-PE 1 Loop0 3.3.3.9/32 ASBR-PE 2 Loop0 4.4.4.9/32 POS4/1/1 1.1.1.1/8 POS4/1/1 9.1.1.1/8 POS4/1/2 11.0.0.2/8 POS4/1/2...
  • Page 396 [PE1-LoopBack0] quit # Create VPN instance vpn1, and configure the RD and VPN target attributes for it. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Configure interface Loopback 1 and bind the interface to VPN instance vpn1. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ipv6 address 2001:1::1 128...
  • Page 397 [ASBR-PE1] interface POS 4/1/1 [ASBR-PE1-POS4/1/1] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-POS4/1/1] isis enable 1 [ASBR-PE1-POS4/1/1] mpls [ASBR-PE1-POS4/1/1] mpls ldp [ASBR-PE1-POS4/1/1] quit # Configure interface POS 4/1/2 and enable MPLS on it. [ASBR-PE1] interface POS 4/1/2 [ASBR-PE1-POS4/1/2] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-POS4/1/2] mpls [ASBR-PE1-POS4/1/2] quit # Configure interface Loopback 0 and start IS-IS on it.
  • Page 398 [ASBR-PE2-isis-1] quit # Configure an LSR ID, and enable MPLS and LDP. [ASBR-PE2] mpls lsr-id 4.4.4.9 [ASBR-PE2] mpls [ASBR-PE2-mpls] label advertise non-null [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit # Configure interface POS 4/1/1, and start IS-IS and enable MPLS and LDP on the interface. [ASBR-PE2] interface POS 4/1/1 [ASBR-PE2-POS4/1/1] ip address 9.1.1.1 255.0.0.0 [ASBR-PE2-POS4/1/1] isis enable 1...
  • Page 399 # Configure the capability to advertise labeled routes to and receive labeled routes from EBGP peer 11.0.0.2. [ASBR-PE2-bgp] peer 11.0.0.2 label-route-capability [ASBR-PE2-bgp] quit Configure PE 2 # Start IS-IS on PE 2. <PE2> system-view [PE2] isis 1 [PE2-isis-1] network-entity 10.111.111.111.111.00 [PE2-isis-1] quit # Configure an LSR ID, and enable MPLS and LDP.
  • Page 400 [PE2-bgp] peer 4.4.4.9 label-route-capability # Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10. [PE2-bgp] peer 2.2.2.9 as-number 100 [PE2-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE2-bgp] peer 2.2.2.9 ebgp-max-hop 10 # Configure peer 2.2.2.9 as a VPNv6 peer. [PE2-bgp] ipv6-family vpnv6 [PE2-bgp-af-vpnv6] peer 2.2.2.9 enable [PE2-bgp-af-vpnv6] quit...

  • Page 401: Configuring Carrier's Carrier

    5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms Configuring carrier’s carrier Network requirements Configure carrier’s carrier for the scenario shown in Figure 90. .In this scenario: PE 1 and PE 2 are the provider carrier’s PE routers. They provide VPN services to the customer •...
  • Page 402 PE 1 Loop0 3.3.3.9/32 PE 2 Loop0 4.4.4.9/32 POS2/1/1 11.1.1.2/24 POS2/1/1 30.1.1.2/24 POS2/1/2 30.1.1.1/24 POS2/1/2 21.1.1.1/24 Configuration procedure Configure MPLS L3VPN on the provider carrier backbone: start IS-IS as the IGP, enable LDP on PE 1 and PE 2, and establish an MP-IBGP peer relationship between the PEs. # Configure PE 1.
  • Page 403 ---------------------------------------------------------------- Peer-ID Status SsnRole KA-Sent/Rcv ---------------------------------------------------------------- 4.4.4.9:0 Operational Active 378/378 ---------------------------------------------------------------- LAM : Label Advertisement Mode : Fault Tolerance [PE1] display bgp peer BGP local router ID : 3.3.3.9 Local AS number : 100 Total number of peers : 1 Peers in established state : 1 Peer MsgRcvd...
  • Page 404 [CE1] mpls [CE1-mpls] quit [CE1] mpls ldp [CE1-mpls-ldp] quit [CE1] isis 2 [CE1-isis-2] network-entity 10.0000.0000.0000.0002.00 [CE1-isis-2] quit [CE1] interface loopback 0 [CE1-LoopBack0] isis enable 2 [CE1-LoopBack0] quit [CE1] interface POS2/1/1 [CE1-POS2/1/1] ip address 10.1.1.2 24 [CE1-POS2/1/1] isis enable 2 [CE1-POS2/1/1] mpls [CE1-POS2/1/1] mpls ldp [CE1-POS2/1/1] mpls ldp transport-address interface [CE1-POS2/1/1] quit...
  • Page 405 # Configure CE 1. [CE1] interface POS 2/1/2 [CE1-POS2/1/2] ip address 11.1.1.1 24 [CE1-POS2/1/2] isis enable 2 [CE1-POS2/1/2] mpls [CE1-POS2/1/2] mpls ldp [CE1-POS2/1/2] mpls ldp transport-address interface [CE1-POS2/1/2] quit After you complete the configurations, PE 1 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them.
  • Page 406 [PE3-bgp] peer 6.6.6.9 as-number 100 [PE3-bgp] peer 6.6.6.9 connect-interface loopback 0 [PE3-bgp] ipv6-family vpnv6 [PE3-bgp-af-vpnv6] peer 6.6.6.9 enable [PE3-bgp-af-vpnv6] quit [PE3-bgp] quit NOTE: The configurations for PE 4 are similar to those for PE 3. (Details not shown) Verify your configurations # Issue the display ip routing-table command on PE 1 and PE 2.
  • Page 407 [CE1] display ip routing-table Routing Tables: Public Destinations : 16 Routes : 16 Destination/Mask Proto Cost NextHop Interface 1.1.1.9/32 ISIS 10.1.1.2 POS2/1/1 2.2.2.9/32 Direct 0 127.0.0.1 InLoop0 5.5.5.9/32 ISIS 11.1.1.2 POS2/1/2 6.6.6.9/32 ISIS 11.1.1.2 POS2/1/2 10.1.1.0/24 Direct 0 10.1.1.2 POS2/1/1 10.1.1.1/32 Direct 0 10.1.1.1...
  • Page 408 Reply from 20.1.1.2: bytes=56 Sequence=5 ttl=252 time=60 ms --- 20.1.1.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 60/87/127 ms CE 3 and CE 4 can ping each other: [CE3] ping ipv6 2001:2::1 PING 2001:2::1 : 56 data bytes, press CTRL_C to break Reply from 2001:2::1...

  • Page 409: Index

    Index B C D E I M S T V Displaying and maintaining IPv6 MPLS L3VPN,369 Displaying and maintaining MPLS,29 Binding a VPLS instance,165 Displaying and maintaining MPLS L2VPN,203 Displaying and maintaining MPLS L3VPN,276 Displaying and maintaining MPLS TE,84 Configuring a static LSP,1 1 Displaying and maintaining VPLS,168...
  • Page 410 Troubleshooting MPLS TE,151 Troubleshooting VPLS,187 VPLS configuration examples,169 Tuning CR-LSP setup,69 VPLS configuration task list,161 Tuning MPLS TE tunnel setup,71 VPLS overview,153...

Table of Contents