H3C S9500 Series Operation Manual

Routing switches mpls l3vpn

Hide thumbs Also See for S9500 Series:

Command manual (1842 pages)

Operation manual (1504 pages)

Operating manual (76 pages)

Table of Contents

Quick Links

Download this manual See also: Command Manual, Operating Manual

Operation Manual - MPLS L3VPN

H3C S9500 Series Routing Switches

Chapter 1 MPLS L3VPN Configuration........................................................................................ 1-1

1.1 MPLS L3VPN Overview..................................................................................................... 1-1

1.1.1 MPLS L3VPN Model ............................................................................................... 1-2

1.1.2 MPLS L3VPN Implementation ................................................................................ 1-5

1.1.3 Nested MPLS L3VPN Implementation.................................................................... 1-7

1.1.4 Hierarchical MPLS L3VPN Implementation ............................................................ 1-8

1.1.5 Introduction to OSPF Multi-Instance ....................................................................... 1-9

1.1.6 Introduction to Multi-Role Host.............................................................................. 1-10

1.2 MPLS L3VPN Configuration ............................................................................................ 1-11

1.2.1 Configuring Various Kinds of Routers ................................................................... 1-11

1.2.2 Configuring CE Router .......................................................................................... 1-11

1.2.3 Configuring PE Router .......................................................................................... 1-13

1.2.4 Configuring P Router............................................................................................. 1-26

1.3 Displaying and Debugging MPLS L3VPN ....................................................................... 1-26

1.4 Typical MPLS L3VPN Configuration Examples............................................................... 1-28

1.4.1 Integrated MPLS L3VPN Configuration Example ................................................. 1-28

1.4.2 Extranet Configuration Example ........................................................................... 1-34

1.4.3 Hub&Spoke Configuration Example ..................................................................... 1-39

1.4.4 CE Dual-home Configuration Example ................................................................. 1-45

1.4.5 Cross-domain MPLS L3VPN Configuration Example ........................................... 1-51

1.4.6 Cross-Domain MPLS L3VPN Configuration Example - Option C ...................... 1-56

1.4.7 Hierarchical MPLS L3VPN Configuration Example .............................................. 1-64

1.4.8 OSPF Multi-instance Sham-link Configuration Example....................................... 1-67

1.4.9 Nested MPLS L3VPN Configuration Example ...................................................... 1-73

1.4.10 OSPF Multi-instance CE Configuration Example................................................ 1-79

1.4.11 Multi-Role Host Configuration Example .............................................................. 1-81

1.4.12 FIB Entry Application Configuration Example ..................................................... 1-85

1.5 Troubleshooting MPLS L3VPN Configuration ................................................................. 1-88

Table of Contents

Summary of Contents for H3C S9500 Series

Page 1: Table Of Contents
Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Table of Contents Table of Contents Chapter 1 MPLS L3VPN Configuration..................1-1 1.1 MPLS L3VPN Overview..................... 1-1 1.1.1 MPLS L3VPN Model ....................1-2 1.1.2 MPLS L3VPN Implementation ................1-5 1.1.3 Nested MPLS L3VPN Implementation..............1-7 1.1.4 Hierarchical MPLS L3VPN Implementation ............
Page 2: Chapter 1 Mpls L3Vpn Configuration
VPN represents a different service, making the network able to transmit services of different types in a flexible way. The H3C S9500 series routing switches provide full MPLS L3VPN networking capabilities: Address isolation, allowing the overlap of addresses of different VPNs and public networks.
Page 3: Mpls L3Vpn Model
Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration 1.1.1 MPLS L3VPN Model I. MPLS L3VPN model Figure 1-1 MPLS L3VPN model As shown in Figure 1-1, MPLS L3VPN model contains three parts: CE, PE and P.
Page 4 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration operations when required by a user to adjust the relation between the user's internal VPNs. These disadvantages not only increase the network operating cost, but also bring relevant management and security issues.
Page 5 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration each VPN-instance on the PE has an independent set of routing table and label forwarding table, in which the forwarding information of the message is saved...
Page 6: Mpls L3Vpn Implementation
Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration When matching the VPN Target attribute carried by the route to filter the routing information received by the PE router, if the export VPN target set of the received route contains identical items with the import VPN target set of the local end, the route is imported into the VPN routing table and then advertised to the connected CE .
Page 7 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration Between CE and PE A PE router can learn routing information about the CE connected to it through static route, RIP (supporting multi-instance), OSPF (supporting multi-instance) or EBGP, and imports it in a vpn-instance.
Page 8: Nested Mpls L3Vpn Implementation
Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration Layer 1 Layer1 Layer 2 Layer2 Layer 2 Layer2 1.1.1.2 1.1.1.2 1.1.1.2 1.1.1.2 1.1.1.2 1.1.1.2 1.1.1.2 1.1.1.2 1.1.1.1/24 Site 1 Site 2 1.1.1.2/24 Figure 1-4 Forwarding VPN packets Site 1 sends an IPv4 packet with the destination address 1.1.1.2 of to CE1.
Page 9: Hierarchical Mpls L3Vpn Implementation
As PE is required to aggregate multiple VPN routes on a MPLS L3VPN, it is prone to forming a bottleneck in a large-scale deployment or in the case that PE capacity is small. To solve the problem, Hangzhou H3C Technologies Co., Ltd. introduced the HoVPN (Hierarchy of VPN, Hierarchical MPLS L3VPN) solution.
Page 10: Introduction To Ospf Multi-Instance
Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration Figure 1-5 Hierarchical MPLS L3VPN 1.1.5 Introduction to OSPF Multi-Instance As one of the most popular IGP routing protocols, OSPF is used as an internal routing protocol in many VPNs.
Page 11: Introduction To Multi-Role Host
Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration VPN- GREEN CE31 Area 2 Site2 OSPF 100 VPN - GREEN OSPFArea2 VPN-RED CE11 VPN-RED Site1 Site2 OSPF Area0 OSPF Area1 Area0 CE21 MPLS VPN Backbone...
Page 12: Mpls L3Vpn Configuration
Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration different from common hosts; it is implemented by specifying an interface of another VPN as the egress interface through a static route in a VPN; and thus allowing one logical interface to access multiple VPNs.
Page 13 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration To do... Use the command... ip route-static [ vpn-instance vpn-instance-name-list ] ip-address { mask | mask-length } { interface-type Create a specified interface-number | vpn-instance vpn-instance-name...
Page 14: Configuring Pe Router
Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration 1.2.3 Configuring PE Router I. Configuring basic MPLS capability It includes configuring MPLS LSR ID, enable MPLS globally and enable MPLS in the corresponding VLAN interface view.
Page 15 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration Perform the following configuration in VPN-instance view to configure VPN-instance description: To do... Use the command... Configure VPN-instance description description vpn-instance-description Delete VPN-instance description undo description...
Page 16 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration Up to 16 VPN-targets can be configured with a command, and up to 20 vpn-targets can be configured for a VPN-instance. Limit the maximum number of routes in a VPN-instance This command is used to limit the maximum number of routes for a VPN-instance so as to avoid too many routes imported from a Site.
Page 17 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration By default, the vlan-id range of MPLS/VPN VLANs is from 0 to 1023, and the default value of vlan-id is 0. The value range of vlan-id is from 1 to 3071.
Page 18 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration Set the VPN range for the ports and set the range of MPLS/VPN VLAN vlan-id on the ports to 1 to 4094. Perform the following configuration in Ethernet interface view.
Page 19 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration Configure an outgoing routing policy for a VPN instance By configuring an outgoing routing policy for a VPN instance, you can set specific extended community attributes for specific routes.
Page 20 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration To do... Use the command... ipv4-family [ unicast ] vpn-instance Create PE-CE RIP instance vpn-instance-name undo ipv4-family [ unicast ] vpn-instance Delete PE-CE RIP instance vpn-instance-name Then configuring RIP multi-instance to import IBGP route.
Page 21 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration Perform the following configuration in the OSPF view to configure Domain ID: To do... Use the command... Configure Domain ID domain-id { id-number | id-addr }...
Page 22 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration Sham-links are required between two PEs when Backdoor links (that is, the OSPF links that do not pass through the MPLS backbone network) exist between the two PEs and data is expected to be transported over the MPLS backbone.
Page 23 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration To do... Use the command... Configure AS number for a peer { group-name | [ peer-address group specific neighbor group-name ] } as-number as-number Delete the AS number of a...
Page 24 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration By default, BGP is in asynchronous mode. Step 6: Permit route loop configuration in Hub&Spoke networking (optional) Generally speaking, PE-CE configuration is completed after you specify the AS number of neighbor;...
Page 25 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration In general, BGP uses the best local address in TCP connection. To keep TCP connection available even when the interface involved fails, you can perform the following configuration to permit BGP session over any interface through which TCP connection with the peer can be set up.
Page 26 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration To do... Use the command... Configure the local address as the next peer { group-name } next-hop-local hop in route advertisement undo peer { group-name }...
Page 27: Configuring P Router
Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration To do... Use the command... Configure BGP neighbor as the UPE of MPLS peer peer-address upe L3VPN Disable the configuration undo peer peer-address upe 1.2.4 Configuring P Router P router does not maintain VPN routes, but do keep connection with public network and coordinate with PE in creating LSPs.
Page 28 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration III. Displaying VPN-instance related information After the above configuration, executing the display command in any view can display the VPN-instance related information, including its RD, description, the interfaces associated with it, and so on.
Page 29: Typical Mpls L3Vpn Configuration Examples
VPNA includes CE1 and CE3; VPNB includes CE2 and CE4. Subscribers in different VPNs cannot access each other. The VPN-target attribute for VPNA is 111:1 and that for VPNB is 222:2. The PEs and P are H3C switches supporting MPLS, and CEs are common Layer 3 switches. Note: The configuration in this example is focused on: Configure EBGP to exchange VPN routing information between CEs and PEs.
Page 30 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration II. Network diagram AS 65430 AS 65410 VLAN201 VLAN201 VLAN201 VLAN201 168.3.1.1/16 168.3.1.1/16 168.1.1.1/16 VPN - A VPN - A VPN - A VPN - A...
Page 31 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration Note: The configuration on the other three CE switches (CE2 to CE4) is similar to that on CE1, the details are omitted here. Configure PE1 # Configure vpn-instance for VPNA on PE1, as well as other associated attributes to control advertisement of VPN routing information.
Page 32 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE1] mpls lsr-id 202.100.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1] vlan 201 [PE1-vlan201] port gigabitethernet 2/1/1 [PE1-vlan201] quit [PE1] interface Vlan-interface 201 [PE1-Vlan-interface201] ip address 172.1.1.1 255.255.0.0...
Page 33 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [P-LoopBack 0] quit [P] vlan 301 [P-vlan301] port gigabitethernet 3/1/1 [P-vlan301] quit [P] interface Vlan-interface 301 [P-Vlan-interface301] ip address 172.1.1.2 255.255.0.0 [P-Vlan-interface301] mpls [P-Vlan-interface301] mpls ldp enable...
Page 34 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [P-ospf-1] import-route direct Configure PE3 Note: The configuration on PE3 is similar to that on PE1, you should pay more attention to VPN routing attribute setting on PE3 to get information about how to control advertisement of a same VPN routing information (with same VPN-target) over MPLS network.
Page 35: Extranet Configuration Example
Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE3] mpls lsr-id 202.100.1.3 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3] vlan 201 [PE3-vlan201] interface gigabitethernet 2/1/1 [PE3-vlan201] quit [PE3] interface Vlan-interface 201 [PE3-Vlan-interface201] ip address 172.3.1.1 255.255.0.0...
Page 36 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration In this example, VPN function is provided by MPLS. There are some shared resources at the City C for the two VPNs. All subscribers in both VPNs can access the shared resources, but VPN subscribers in City A and City B cannot access each other.
Page 37 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration III. Configuration procedure Note: This configuration procedure has omitted configurations between PE and P, and configurations on CEs. For these details refer to the former example.
Page 38 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE-A] mpls [PE-A-mpls] quit [PE-A] mpls ldp # Set up MP-IBGP adjacency between PEs to exchange inter-PE VPN routing information and activate MP-IBGP peer in VPNv4 sub-address family view.
Page 39 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE-C] interface loopback 0 [PE-C-LoopBack0] ip address 20.1.1.1 255.255.255.255 [PE-C-LoopBack0] quit # Configure MPLS basic capacity. [PE-C] mpls lsr-id 20.1.1.1 [PE-C] mpls [PE-C-mpls] quit [PE-C] mpls ldp # Set up MP-IBGP adjacency between PEs to exchange inter-PE VPN routing information and activate MP-IBGP peer in VPNv4 sub-address family view.
Page 40: Hub&Spoke Configuration Example
Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration # Bind VPN-instance3 with the interface of VLAN301 which connects to CE-B. [PE-B] vlan 301 [PE-B-vlan301] port gigabitethernet 3/1/1 [PE-B-vlan301] quit [PE-B] interface Vlan-interface 301 [PE-B-Vlan-interface301] ip binding vpn-instance vpn-instance3 [PE-B-Vlan-interface301] ip address 172.17.0.1 255.255.0.0...
Page 41 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration Hub&Spoke networking topology is used: CE2 and CE3 are spoke-sites, while CE1 is a hub-site in the bank data center. CE1 controls communication between CE2 and CE3.
Page 42 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration II. Network diagram Figure 1-10 Network diagram for Hub&Spoke III. Configuration procedure Note: The following contents are omitted in this example: MPLS basic capacity configuration between PEs, configuration between PE and P, configuration between CEs.
Page 43 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration # Set up EBGP adjacency between PE1 and CE1, import intra-CE1 VPN routes learned into MBGP VPN-instance address family, with one routing loop permitted. [PE1] bgp 100...
Page 44 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE1] bgp 100 [PE1-bgp] group 22 [PE1-bgp] peer 22.1.1.1 group 22 as-number 100 [PE1-bgp] peer 22.1.1.1 connect-interface loopback 0 [PE1-bgp] group 33 [PE1-bgp] peer 33.1.1.1 group 33 as-number 100 [PE1-bgp] peer 33.1.1.1 connect-interface loopback 0...
Page 45 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE2] interface loopback 0 [PE2-LoopBack0] ip address 22.1.1.1 255.255.255.255 [PE2-LoopBack0] quit # Set up MP-IBGP adjacency between PE2 and PE1 to exchange inter-PE VPN routing information and activate MP-IBGP peer in VPNv4 sub-address family view.
Page 46: Ce Dual-Home Configuration Example
Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE3-Vlan-interface201] quit # Configure Loopback interface [PE3] interface loopback 0 [PE3-LoopBack0] ip address 33.1.1.1 255.255.255.255 [PE3-LoopBack0] quit # Set up MP-IBGP adjacency between PE3 and PE1 to exchange inter-PE VPN routing information and activate MP-IBGP peer in VPNv4 sub-address family view.
Page 47 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration II. Network diagram AS:65003 AS:65004 VLAN211 VLAN211 192.168.13.2/24 192.168.13.2/24 VLAN211 VLAN211 192.168.23.2/24 192.168.23.2/24 VLAN314 VLAN314 Loopback0 Loopback0 VLAN311 VLAN311 192.168.23.1/24 192.168.23.1/24 3.3.3.3/32 192.168.13.1/24 192.168.13.1/24 VLAN312...
Page 48 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration # Set up EBGP adjacency between PE1 and CE1 in VPN-instance 1, import intra-CE1 VPN routes learned into VPN-instance 1.1. [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpn-instance1.1...
Page 49 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration # Configure MPLS basic capacity, enable LDP on the interface connecting PE1 and PE2 and the interface connecting PE1 and PE3. [PE1] mpls lsr-id 1.1.1.1...
Page 50 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE1-bgp] peer 3.3.3.3 group 3 [PE1-bgp] peer 3.3.3.3 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpn] peer 2 enable [PE1-bgp-af-vpn] peer 2.2.2.2 group 2 [PE1-bgp-af-vpn] peer 3 enable [PE1-bgp-af-vpn] peer 3.3.3.3 group 3...
Page 51 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE2-bgp-af-vpn-instance] peer 172.22.22.2 group 17222 as-number 65002 [PE2-bgp-af-vpn] quit [PE2-bgp] quit # Bind the interface connecting PE2 and CE1 to VPN-instance 2.1 and the interface connecting PE2 and CE2 to VPN-instance 2.2.
Page 52: Cross-Domain Mpls L3Vpn Configuration Example
Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE3-bgp-af-vpn-instance] import-route direct [PE3-bgp-af-vpn-instance] import-route static [PE3-bgp-af-vpn-instance] group 192 external [PE3-bgp-af-vpn-instance] peer 192.168.13.2 group 192 as-number 65003 [PE3-bgp-af-vpn-instance] quit [PE3-bgp] quit # Set up EBGP adjacency between PE3 and CE4 in VPN-instance3.2, import intra-CE4 VPN routes learned into VPN-instance3.2.
Page 53 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration II. Network diagram AS 100 AS 200 VLAN205 VLAN205 10.1.1.2/2 VLAN205 20.1.1.1/24 VLAN205 VLAN206 10.1.1.1/24 20.1.1.2/24 PE1:1.1.1.1/32 98.98.98.1/24 PE2:2.2.2.2/32 VLAN201 VLAN203 VLAN204 172.11.11.1/24 VLAN202 98.98.98.2/24 VLAN206 172.12.12.1/24...
Page 54 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE1] vlan 205 [PE1-vlan205] port gigabitethernet 2/2/1 [PE1-vlan205] quit [PE1] interface Vlan-interface 205 [PE1-Vlan-interface205] mpls [PE1-Vlan-interface205] mpls ldp enable [PE1-Vlan-interface205] ip address 10.1.1.2 255.255.255.0 # Bind the VLAN interface with the VPN-instance.
Page 55 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp # Configure the VLAN interface connecting CE. [PE2] vlan 203 [PE2-vlan203] port gigabitethernet 2/1/1...
Page 56 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE2] bgp 200 [PE2-bgp] ipv4-family vpn-instance vpna [PE2-bgp-af-vpn-instance] import-route direct [PE2-bgp-af-vpn-instance] group 172-12 external [PE2-bgp-af-vpn-instance] peer 172.12.12.2 group 172-12 as-number 65012 [PE2-bgp] ipv4-family vpn-instance vpnb...
Page 57: Cross-Domain Mpls L3Vpn Configuration Example - Option C
Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [P1-Vlan-interface206] mpls [P1-Vlan-interface206] ip address 98.98.98.1 255.255.255.0 [P1-Vlan-interface206] quit # Configure IBGP neighbors and EBGP neighbors. [P1] bgp 100 [P1-bgp] group 1 internal [P1-bgp] peer 1.1.1.1 group 1 [P1-bgp] peer 1.1.1.1 connect-interface loopback0...
Page 58 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration II. Network diagram BGP/MPLS Backbone BGP/MPLS Backbone Loopback0 AS 100 AS 200 Loopback0 202.100.1.1/32 202.200.1.1/32 VLAN 210 VLAN 210 VLAN 310 192.1.1.2/24 162.1.1.1/16 VLAN 110 192.1.1.1/24...
Page 59 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [ASBR-PE1-LoopBack 0] ip address 202.100.1.1 255.255.255.255 [ASBR-PE1-LoopBack 0] quit [ASBR-PE1] vlan 110 [ASBR-PE1-vlan110] interface vlan 110 [ASBR-PE1-Vlan-interface110] ip address 172.1.1.1 255.255.0.0 [ASBR-PE1-Vlan-interface110] quit [ASBR-PE2] vlan 210 [ASBR-PE1-vlan210] interface vlan 210 [ASBR-PE1-Vlan-interface210] ip address 192.1.1.1 255.255.255.0...
Page 60 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [ASBR-PE2] ospf [ASBR-PE2-ospf-1] area 0 [ASBR-PE2-ospf-1-area-0.0.0.0] network 162.1.0.0 0.0.255.255 [ASBR-PE2-ospf-1-area-0.0.0.0] network 202.200.1.1 0.0.0.0 [ASBR-PE2-ospf-1-area-0.0.0.0] quit [ASBR-PE2-ospf-1] quit Configure basic MPLS capability on the MPLS backbone network to enable the network to forward VPN traffic.
Page 61 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [ASBR-PE2] mpls lsr-id 162.1.1.1 [ASBR-PE2-mpls] lsp-trigger all [ASBR-PE2-mpls] quit [ASBR-PE2] mpls ldp [ASBR-PE2-mpls-ldp] quit [ASBR-PE2] interface vlan 310 [ASBR-PE2-Vlan-interface310] mpls [ASBR-PE2-Vlan-interface310] mpls ldp enable [ASBR-PE2-Vlan-interface310] quit...
Page 62 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [CE2] vlan 510 [CE2-vlan510] interface vlan 510 [CE2-Vlan-interface510] ip address 168.2.2.2 255.255.0.0 [CE2-Vlan-interface510] quit # Create a VPN instance on PE2 and bind it to the interface connected to CE2...
Page 63 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE1-bgp-af-vpn-instance] import-route direct [PE1-bgp-af-vpn-instance] quit [PE1-bgp] group 20 [PE1-bgp] peer 20 label-route-capability [PE1-bgp] peer 202.100.1.1 group 20 [PE1-bgp] peer 202.100.1.1 connect-interface loopback0 [PE1-bgp] group 30 external [PE1-bgp] peer 30 ebgp-max-hop [PE1-bgp] peer 202.200.1.2 group 30 as-number 200...
Page 64 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [ASBR-PE1-bgp] peer 202.100.1.2 connect-interface loopback0 [ASBR-PE1-bgp] quit # Configure CE2. [CE2] bgp 65002 [CE2-bgp] group 10 external [CE2-bgp] peer 168.2.2.1 group 10 as-number 200 [CE2-bgp] quit # Configure PE2: set up EBGP peer relation with CE2, IBGP peer relation with ASBR-PE2, and Multihop MP-EBGP peer relation with PE1.
Page 65: Hierarchical Mpls L3Vpn Configuration Example
Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration # Configure ASBR-PE2: set up EBGP peer relation with ASBR-PE1, and IBGP peer relation with PE2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] import-route ospf [ASBR-PE2-bgp] group 10 external...
Page 66 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration II. Network diagram MPLS Upper layer VPN backbone Loopback0: 1.0.0.2 VLAN201 10.0.0.1/8 VLAN301 10.0.0.2/8 Loopback0:1.0.0.1 Lower layer VPN VPN 2 VPN 1 VPN 1 Site 1...
Page 67 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [SPE-vlan201] quit [SPE] interface Vlan-interface 201 [SPE-Vlan-interface201] ip address 10.0.0.1 255.0.0.0 [SPE-Vlan-interface201] mpls [SPE-Vlan-interface201] mpls ldp enable [SPE-Vlan-interface201] quit [SPE] interface loopback0 [SPE-LoopBack 0] ip address 1.0.0.2 255.255.255.255...
Page 68: Ospf Multi-Instance Sham-Link Configuration Example
I. Network requirements As shown in the following picture, a company connects to a WAN through OSPF multi-instance function of H3C router. OSPF is bind to VPN1.MPLS VPN backbone runs between PEs and OSPF runs between PE and CE. Configure a Sham-link between PE1 and PE2 to ensure the traffic between CE1 and CE2 does not pass the Backdoor link that directly connects CE1 and CE2.
Page 69 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration II. Network diagram LoopBack 0 : 3.3.3.3 LoopBack 0 : 3.3.3.3 LoopBack 0 : 3.3.3.3 LoopBack 0 : 3.3.3.3 LoopBack 0 : 1.1.1.1 CE 1...
Page 70 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE1-Vlan-interface201] quit [PE1] vlan 202 [PE1-vlan202] port gigabitethernet 2/1/2 [PE1-vlan202] quit [PE1] interface Vlan-interface 202 [PE1-Vlan-interface202] ip address 168.1.13.1 255.255.255.0 [PE1-Vlan-interface202] ospf cost 1 [PE1-Vlan-interface202] mpls...
Page 71 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE1-ospf-100-area-0.0.0.0] network 10.1.1.0 0.0.0.255 # Configuring Sham-link [PE1-ospf-100-area-0.0.0.1] sham-link 1.1.1.1 2.2.2.2 # Configure the routes distributed to PE2 and PE3. [PE1] ospf 1000 [PE1-ospf-1000] area 0 [H3C-ospf-1000-area-0.0.0.0] network 168.12.1.0 0.0.0.255...
Page 72 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE2-Vlan-interface202] ip address 168.1.23.2 255.255.255.0 [PE2-Vlan-interface202] ospf cost 1 [PE2-Vlan-interface202] mpls [PE2-Vlan-interface202] mpls ldp enable [PE2-Vlan-interface202] quit [PE2] interface LoopBack0 [PE2-LoopBack0] ip binding vpn-instance vpn1 [PE2-LoopBack0] ip address 2.2.2.2 255.255.255.255...
Page 73 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE2] ip route-static 50.1.1.1 255.255.255.255 168.1.12.1 [PE2] ip route-static 50.1.1.3 255.255.255.255 168.1.23.3 # Configure the routes distributed to PE1 and PE3. [PE1] ospf 1000 [PE1-ospf-1000]area 0 [H3C-ospf-1000-area-0.0.0.0] network 168.12.1.0 0.0.0.255...
Page 74: Nested Mpls L3Vpn Configuration Example
Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [CE2] interface Vlan-interface 201 [CE2-Vlan-interface201] ip address 20.1.1.1 255.255.255.0 [CE2-Vlan-interface201] ospf cost 1 # Configure OSPF. [CE2] ospf 100 router-id 20.20.20.20 [CE2-ospf-100] area 0.0.0.0 [CE2-ospf-100-area-0.0.0.0] network 12.1.1.0 0.0.0.255 [CE2-ospf-100-area-0.0.0.0] network 20.1.1.0 0.0.0.255...
Page 75 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration III. Configuration procedure Note: This procedure omits part of the configuration for CE router. Configure IGP on the service provider's backbone network. # Configure prov_pe1.
Page 76 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [prov_pe1] interface vlan 110 [prov_pe1- Vlan-interface110] mpls [prov_pe1- Vlan-interface110] mpls ldp enable [prov_pe1- Vlan-interface110] quit # Configure prov_pe2. [prov_pe2] mpls lsr-id 4.4.4.4 [prov_pe2] mpls ldp...
Page 77 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [prov_pe1-vpn-instance] quit [prov_pe1] ip vpn-instance vpn1 [prov_pe1-vpn-instance] route-distinguisher 1:1 [prov_pe1-vpn-instance] vpn-target 1:1 [prov_pe1-vpn-instance] vpn-target 3:3 [prov_pe1-vpn-instance] quit [prov_pe1] vlan 310 [prov_pe1] interface vlan 310 [prov_pe1-Vlan-interface310] ip binding vpn-instance customer_vpn [prov_pe1-Vlan-interface310] ip address 1.1.1.2 255.0.0.0...
Page 78 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [cust_pe2-LoopBack0] ip address 7.7.7.7 255.255.255.255 [cust_pe2-LoopBack0] quit [cust_pe2] mpls lsr-id 7.7.7.7 [cust_pe2] interface vlan 410 [cust_pe2-Vlan-interface410] ip address 2.1.1.1 255.0.0.0 [cust_pe2-Vlan-interface410] mpls [cust_pe2-Vlan-interface410] quit Configure EBGP between provider PE and customer PE.
Page 79 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [prov_pe2-bgp-af-vpn] peer 2.1.1.1 vpn-instance customer_vpn route-policy com2 import # Configure cust_pe1 [cust_pe1] bgp 600 [cust_pe1-bgp] group ebgp external [cust_pe1-bgp] undo peer ebgp enable [cust_pe1-bgp] peer 1.1.1.2 group ebgp as-number 100...
Page 80: Ospf Multi-Instance Ce Configuration Example
Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [cust_pe2] interface vlan 610 [cust_pe2-Vlan-interface610] ip binding vpn-instance vpn1 [cust_pe2-Vlan-interface610] ip address 16.1.1.2 255.0.0.0 [cust_pe2-Vlan-interface510] quit [cust_pe2] bgp 500 [cust_pe2-bgp] undo peer ebgp enable [cust_pe2-bgp] ipv4-family vpn-instance vpn1 [cust_pe2-bgp-af-vpn-instance] group cegroup external [cust_pe2-bgp-af-vpn-instance] peer 16.1.1.1 group cegroup as-number 50002...
Page 81 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [CE-vpn-vpn2] vpn-target 200:1 import-extcommunity # Configure VLAN201. [CE] vlan 201 [CE-vlan201] port gigabitethernet 2/1/1 [CE-vlan201] quit [CE] interface Vlan-interface 201 [CE-Vlan-interface201] ip binding vpn-instance vpn1 [CE-Vlan-interface201] ip address 10.1.1.2 255.255.255.0...
Page 82: Multi-Role Host Configuration Example
Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [CE-ospf-300] area 0.0.0.1 [CE-ospf-300-area-0.0.0.1] network 20.1.1.0 0.0.0.255 [CE-ospf-300-area-0.0.0.1] network 20.2.1.0 0.0.0.255 1.4.11 Multi-Role Host Configuration Example I. Network requirements CE1 and CE3 belong to VPN1, and CE2 belong to VPN2.
Page 83 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE1] vlan 110 [PE1-vlan110] interface vlan-interface 110 [PE1-Vlan-interface110] ip address 192.168.1.1 24 [PE1-Vlan-interface110] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit...
Page 84 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE1-vpn-vpn1] quit [PE1] ip vpn-instance vpn2 [PE1-vpn-vpn2] route-distinguisher 100:2 [PE1-vpn-vpn2] vpn-target 100:2 both [PE1-vpn-vpn2] quit [PE1] vlan 310 [PE1-vlan310] interface vlan-interface 310 [PE1-Vlan-interface310] ip binding vpn-instance vpn1 [PE1-Vlan-interface310] ip address 20.2.1.2 24...
Page 85 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [CE1-Vlan-interface310] ip address 20.2.1.1 24 [CE1-Vlan-interface310] quit [CE1] bgp 65410 [CE1-bgp] import-route direct [CE1-bgp] group 10 external [CE1-bgp] peer 20.2.1.2 group 10 as-number 100 [CE1-bgp] quit...
Page 86: Fib Entry Application Configuration Example
Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE1-bgp-af-vpn-instance] import-route direct [PE1-bgp-af-vpn-instance] import-route static # Configure PE2: set up IBGP peer relation with PE1 in BGP-VPNv4 sub-address family view; set up EBGP peer relation with CE3 in BGP-VPN instance view.
Page 87 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration LSP is removed, the FIB entries generated by the dynamic routing protocol can be used for IP forwarding. II. Networking diagram 3.3.3.3 VLAN20 1.1.1.1 VLAN10 2.2.2.2...
Page 88 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure the static LSP to PE2. [PE1] mpls [PE1-mpls] static-lsp ingress lsp1 destination 3.3.3.3 32 nexthop 10.1.1.2...
Page 89: Troubleshooting Mpls L3Vpn Configuration
Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration [P] interface Vlan-interface 20 [P-Vlan-interface20] ip address 20.1.1.1 255.255.255.0 [P-Vlan-interface20] ospf cost 1 [P-Vlan-interface20] mpls [P-Vlan-interface20] quit # Enable OSPF on the loopback interface and the interfaces through which the P device connects to PE1 and PE2 for intra-MPLS domain interworking.
Page 90 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration Check whether the routing attributes import/export relation of each VPN-instance is correct. Check from the hub PE that whether the routing information between two VPN instances can be learnt by each other.
Page 91 Operation Manual – MPLS L3VPN H3C S9500 Series Routing Switches Chapter 1 MPLS L3VPN Configuration Check whether the BGP information is correct on the PE at the peer end; check whether specified the local Loopback interface as the interface to create adjacent with the peer end;...

H3C S9500 Series Operation Manual

Quick Links

Table of Contents

Related Manuals for H3C S9500 Series

Summary of Contents for H3C S9500 Series

Table of Contents