H3C S5560S-EI Series Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. S5560S-EI Series
  6. Configuration manual

H3C S5560S-EI Series Configuration Manual

Mce configuration
Hide thumbs Also See for S5560S-EI Series:
Table of Contents

Advertisement

Quick Links

Download this manual
MCE Configuration Guide
This configuration guide is applicable to the following switches and software versions:
H3C S5560S-EI switch series (Release 6309P01 and later)
H3C S5560S-SI switch series (Release 6310 and later)
H3C S5500V3-SI switch series (Release 6310 and later)
H3C MS4520V2 switch series (MS4520V2-28S and MS4520V2-24TP switches) (Release 6310 and later)
H3C WS5850-WiNet switch series (Release 6308P01 and later)
New H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: Release 63xx
Document version: 6W103-20210730

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S5560S-EI Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for H3C S5560S-EI Series

Summary of Contents for H3C S5560S-EI Series

  • Page 1 H3C S5560S-SI switch series (Release 6310 and later) H3C S5500V3-SI switch series (Release 6310 and later) H3C MS4520V2 switch series (MS4520V2-28S and MS4520V2-24TP switches) (Release 6310 and later) H3C WS5850-WiNet switch series (Release 6308P01 and later) New H3C Technologies Co., Ltd.
  • Page 2 The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.
  • Page 3 Preface This configuration guide describes the MCE fundamentals and configuration procedures. This preface includes the following topics about the documentation: • Audience • Conventions • Documentation feedback Audience This documentation is intended for: • Network planners. • Field technical support and servicing engineers. •...
  • Page 4 Symbols Convention Description An alert that calls attention to important information that if not understood or followed WARNING! can result in personal injury. An alert that calls attention to important information that if not understood or followed CAUTION: can result in data loss, data corruption, or damage to hardware or software. An alert that calls attention to essential information.
  • Page 5 Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

  • Page 6: Table Of Contents

    Contents Configuring MCE ··························································································· 1 About MCE ························································································································································· 1 MPLS L3VPN problems solved by MCE ···································································································· 1 Basic MPLS L3VPN architecture ··············································································································· 1 MCE-related MPLS L3VPN concepts ········································································································ 2 MCE working mechanism ·························································································································· 3 Restrictions and guidelines: MCE configuration································································································· 4 MCE tasks at a glance ·······································································································································...
  • Page 7 Example: Configuring IPv6 MCE ·············································································································· 34...

  • Page 8: Configuring Mce

    Configuring MCE About MCE The Multi-VPN Instance Customer Edge (MCE) feature allows multiple VPNs to share a CE with ensured data security in an MPLS L3VPN network. MCE provides traffic separation between VPNs by distinguishing routes of the VPNs. MPLS L3VPN problems solved by MCE MPLS L3VPN is a L3VPN technology used to interconnect geographically dispersed VPN sites.

  • Page 9: Mce-Related Mpls L3Vpn Concepts

    Figure 1 Basic MPLS L3VPN architecture VPN 1 VPN 2 Site 1 Site 3 Site 2 VPN 2 Site 4 VPN 1 MCE-related MPLS L3VPN concepts Site A site has the following features: • A site is a group of IP systems with IP connectivity that does not rely on any service provider networks.

  • Page 10: Mce Working Mechanism

    VPN-IPv4 address Each VPN independently manages its address space. The address spaces of VPNs might overlap. For example, if both VPN 1 and VPN 2 use the addresses on subnet 10.110.10.0/24, address space overlapping occurs. Multiprotocol BGP (MP-BGP) can solve this problem by advertising VPN-IPv4 addresses (also called VPNv4 addresses).

  • Page 11: Restrictions And Guidelines: Mce Configuration

    • Route exchange between MCE and VPN site—Create VPN instances VPN 1 and VPN 2 on the MCE. Bind VLAN-interface 2 to VPN 1, and VLAN-interface 3 to VPN 2. The MCE adds a received route to the routing table of the VPN instance that is bound to the receiving interface. •...

  • Page 12: Configuring Vpn Instances

    Configuring routing between an MCE and a PE Configuring VPN instances Creating a VPN instance About VPN instances A VPN instance is a collection of the VPN membership and routing rules of its associated site. A VPN instance might correspond to more than one VPN. Procedure Enter system view.

  • Page 13: Configuring Route Related Attributes For A Vpn Instance

    Configuring route related attributes for a VPN instance Restrictions and guidelines If you configure route related attributes in both VPN instance view and VPN instance IPv4 address family view, IPv4 VPN uses the configuration in VPN instance IPv4 address family view. Prerequisites Before you perform this task, create the routing policies to be used by this task.

  • Page 14: Configuring Rip Between An Mce And A Vpn Site

    Perform this configuration on the MCE. On the VPN site, configure a common static route. Procedure Enter system view. system-view Configure a static route for a VPN instance. ip route-static vpn-instance s-vpn-instance-name dest-address { mask-length | mask } { interface-type interface-number [ next-hop-address ] | next-hop-address [ public ] | vpn-instance d-vpn-instance-name next-hop-address } (Optional.) Configure the default preference for static routes.

  • Page 15: Configuring Is-Is Between An Mce And A Vpn Site

    ospf [ process-id ] router-id router-id vpn-instance vpn-instance-name Keywords Usage guidelines An OSPF process that is bound to a VPN instance does not use the router-id public network router ID configured in system view. Therefore, you must router-id specify a router ID when creating a process or configure an IP address for a minimum of one interface in the VPN instance.

  • Page 16: Configuring Ebgp Between An Mce And A Vpn Site

    Return to system view. quit Enter interface view. interface interface-type interface-number Enable the IS-IS process on the interface. isis enable [ process-id ] By default, no IS-IS process is enabled on the interface. Configuring EBGP between an MCE and a VPN site About EBGP between an MCE and a VPN site To run EBGP between an MCE and a VPN site, you must configure a BGP peer for each VPN instance on the MCE, and redistribute the IGP routes of each VPN instance on the VPN site.

  • Page 17: Configuring Ibgp Between An Mce And A Vpn Site

    system-view Enter BGP instance view. bgp as-number [ instance instance-name ] By default, BGP is not enabled. Configure the MCE as an EBGP peer. peer { group-name | ipv4-address [ mask-length ] } as-number as-number Enter BGP IPv4 unicast address family view. address-family ipv4 [ unicast ] Enable BGP to exchange IPv4 unicast routes with the specified peer or peer group.

  • Page 18: Configuring Routing Between An Mce And A Pe

    routes learned from a VPN site only when you configure the VPN site as a client of the RR (the MCE). Redistribute remote site routes advertised by the PE into BGP. import-route protocol [ { process-id | all-processes } [ allow-direct | med med-value | route-policy route-policy-name ] * ] By default, no routes are redistributed into BGP.

  • Page 19: Configuring Rip Between An Mce And A Pe

    ip route-static default-preference default-preference The default preference is 60. Configuring RIP between an MCE and a PE Enter system view. system-view Create a RIP process for a VPN instance and enter RIP view. rip [ process-id ] vpn-instance vpn-instance-name Enable RIP on the interface attached to the specified network. network network-address [ wildcard-mask ] By default, RIP is disabled on an interface.

  • Page 20: Configuring Ebgp Between An Mce And A Pe

    Configure a network entity title. network-entity net By default, no NET is configured. Create the IS-IS IPv4 unicast address family and enter its view. address-family ipv4 [ unicast ] Redistribute VPN routes. import-route protocol [ as-number ] [ process-id | all-processes | allow-ibgp ] [ allow-direct | cost cost-value | cost-type { external | internal } | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name | tag tag ] *...

  • Page 21: Display And Maintenance Commands For Mce

    system-view Enter BGP instance view. bgp as-number [ instance instance-name ] By default, BGP is not enabled. Enter BGP-VPN instance view. ip vpn-instance vpn-instance-name Configure the PE as an IBGP peer. peer { group-name | ipv4-address [ mask-length ] } as-number as-number Enter BGP-VPN IPv4 unicast address family view.
  • Page 22 Figure 4 Network diagram VPN 2 Site 1 CE 1 PE 2 PE 1 Vlan-int30: 30.1.1.2/24 Vlan-int40: 40.1.1.2/24 PE 3 CE 2 Vlan-int30: 30.1.1.1/24 VPN 1 VPN 1 Vlan-int40: 40.1.1.1/24 Vlan-int10 192.168.0.0/24 Site 2 10.214.10.3/24 Vlan-int20 VR 1 10.214.20.3/24 VR 2 VPN 2 192.168.10.0/24 Procedure...
  • Page 23 [MCE-Vlan-interface20] quit # On PE 1, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance. <PE1> system-view [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 10:1 [PE1-vpn-instance-vpn1] vpn-target 10:1 [PE1-vpn-instance-vpn1] quit [PE1] ip vpn-instance vpn2 [PE1-vpn-instance-vpn2] route-distinguisher 20:1 [PE1-vpn-instance-vpn2] vpn-target 20:1 [PE1-vpn-instance-vpn2] quit...
  • Page 24 [MCE-ospf-2] area 0 [MCE-ospf-2-area-0.0.0.0] network 10.214.20.0 0.0.0.255 [MCE-ospf-2-area-0.0.0.0] quit [MCE-ospf-2] quit # On VR 2, assign IP address 10.214.20.2/24 to the interface connected to MCE and 192.168.10.1/24 to the interface connected to VPN 2. (Details not shown.) # Configure OSPF process 2, and advertise subnets 192.168.10.0 and 10.214.20.0. <VR2>...
  • Page 25 # On PE 1, bind VLAN-interface 30 to VPN instance vpn1, and configure an IP address for the VLAN interface. [PE1] interface vlan-interface 30 [PE1-Vlan-interface30] ip binding vpn-instance vpn1 [PE1-Vlan-interface30] ip address 30.1.1.2 24 [PE1-Vlan-interface30] quit # Bind VLAN-interface 40 to VPN instance vpn2, and configure an IP address for the VLAN interface.

  • Page 26: Example: Configuring The Mce That Uses Ebgp To Advertise Vpn Routes To The Pe

    30.1.1.255/32 Direct 30.1.1.2 Vlan30 127.0.0.0/8 Direct 127.0.0.1 InLoop0 127.0.0.0/32 Direct 127.0.0.1 InLoop0 127.0.0.1/32 Direct 127.0.0.1 InLoop0 127.255.255.255/32 Direct 127.0.0.1 InLoop0 192.168.0.0/24 O_ASE2 150 1 30.1.1.1 Vlan30 224.0.0.0/4 Direct 0.0.0.0 NULL0 224.0.0.0/24 Direct 0.0.0.0 NULL0 255.255.255.255/32 Direct 127.0.0.1 InLoop0 # Verify that PE 1 has learned the routes of OSPF process 20 in VPN 2 through OSPF. [PE1] display ip routing-table vpn-instance vpn2 Destinations : 13 Routes : 13...
  • Page 27 Figure 5 Network diagram VPN 2 Site 1 CE 1 PE 2 PE 1 Vlan-int30: 30.1.1.2/24 Vlan-int40: 40.1.1.2/24 PE 3 CE 2 Vlan-int30: 30.1.1.1/24 VPN 1 VPN 1 Vlan-int40: 40.1.1.1/24 Vlan-int10 192.168.0.0/24 Site 2 10.214.10.3/24 Vlan-int20 VR 1 10.214.20.3/24 VR 2 VPN 2 192.168.10.0/24 Procedure...
  • Page 28 10.214.10.3/32 Direct 127.0.0.1 InLoop0 10.214.10.255/32 Direct 10.214.10.3 Vlan10 127.0.0.0/8 Direct 127.0.0.1 InLoop0 127.0.0.0/32 Direct 127.0.0.1 InLoop0 127.0.0.1/32 Direct 127.0.0.1 InLoop0 127.255.255.255/32 Direct 127.0.0.1 InLoop0 192.168.0.0/24 O_INTRA 10 10.214.10.2 Vlan10 224.0.0.0/4 Direct 0.0.0.0 NULL0 224.0.0.0/24 Direct 0.0.0.0 NULL0 255.255.255.255/32 Direct 127.0.0.1 InLoop0 The output shows that the MCE has learned the private route of VPN 1 through OSPF process # On the MCE, bind OSPF process 20 to VPN instance vpn2 to learn the routes of VPN 2.
  • Page 29 # On PE 1, enable BGP in AS 200, and specify the MCE as its EBGP peer. [PE1] bgp 200 [PE1-bgp-default] ip vpn-instance vpn1 [PE1-bgp-default-vpn1] peer 30.1.1.1 as-number 100 [PE1-bgp-default-vpn1] address-family ipv4 [PE1-bgp-default-ipv4-vpn1] peer 30.1.1.1 enable [PE1-bgp-default-ipv4-vpn1] quit [PE1-bgp-default-vpn1] quit [PE1-bgp-default] quit # Use similar procedures to configure VPN 2 settings on MCE and PE 1.
  • Page 30 255.255.255.255/32 Direct 127.0.0.1 InLoop0 The MCE has redistributed the OSPF routes of the two VPN instances into the EBGP routing tables of PE 1.

  • Page 31: Configuring Ipv6 Mce

    Configuring IPv6 MCE About IPv6 MCE IPv6 MCE provides traffic separation between VPNs by distinguishing routes of the VPNs. It allows multiple VPNs to share the same CE with ensured data security in an IPv6 MPLS L3VPN network. IPv6 MPLS L3VPN uses BGP to advertise IPv6 VPN routes and uses MPLS to forward IPv6 VPN packets on the service provider backbone.

  • Page 32: Associating A Vpn Instance With A Layer 3 Interface

    By default, no RD is configured for a VPN instance. (Optional.) Configure a description for the VPN instance. description text By default, no description is configured for a VPN instance. The description should contain the VPN instance's related information, such as its relationship with a certain VPN.

  • Page 33: Configuring Routing Between An Mce And A Vpn Site

    Configure route targets. vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ] By default, no route targets are configured. Set the maximum number of active routes. routing-table limit number { warn-threshold | simply-alert } By default, the number of active routes in a VPN instance is not limited. Setting the maximum number of active routes for a VPN instance can prevent the device from storing too many routes.

  • Page 34: Configuring Ripng Between An Mce And A Vpn Site

    Configuring RIPng between an MCE and a VPN site About RIPng between an MCE and a VPN site By configuring RIPng process-to-IPv6 VPN instance bindings on a MCE, you allow routes of different VPNs to be exchanged between the MCE and the sites through different RIPng processes, ensuring the separation and security of IPv6 VPN routes.

  • Page 35: Configuring Ipv6 Is-Is Between An Mce And A Vpn Site

    import-route protocol [ as-number ] [ process-id | all-processes | allow-ibgp ] [ allow-direct | cost cost-value | nssa-only | route-policy route-policy-name | tag tag | type type ] * By default, no routes are redistributed into OSPFv3. Return to system view. quit Enter interface view.

  • Page 36: Configuring Ebgp Between An Mce And A Vpn Site

    Configuring EBGP between an MCE and a VPN site About EBGP between an MCE and a VPN site To use EBGP between an MCE and IPv6 VPN sites, you must configure a BGP peer for each IPv6 VPN instance on the MCE, and redistribute the IGP routes of each VPN instance on the IPv6 VPN sites.

  • Page 37: Configuring Ibgp Between An Mce And A Vpn Site

    By default, no routes are redistributed into BGP. Configuring IBGP between an MCE and a VPN site About IBGP between an MCE and a VPN site To use IBGP between an MCE and a VPN site, you must configure a BGP peer for each IPv6 VPN instance on the MCE, and redistribute the IGP routes of each VPN instance on the VPN site.

  • Page 38: Configuring Routing Between An Mce And A Pe

    peer { group-name | ipv6-address [ prefix-length ] } as-number as-number Enter BGP IPv6 unicast address family view. address-family ipv6 [ unicast ] Enable BGP to exchange IPv6 unicast routes with the peer. peer { group-name | ipv6-address [ prefix-length ] } enable By default, BGP does not exchange IPv6 unicast routes with any peer.

  • Page 39: Configuring Ospfv3 Between An Mce And A Pe

    Return to system view. quit Enter interface view. interface interface-type interface-number Enable the RIPng process on the interface. ripng process-id enable By default, RIPng is disabled on an interface. Configuring OSPFv3 between an MCE and a PE Enter system view. system-view Create an OSPFv3 process for an IPv6 VPN instance and enter OSPFv3 view.

  • Page 40: Configuring Ebgp Between An Mce And A Pe

    import-route protocol [ as-number | process-id ] [ allow-ibgp ] [ allow-direct | cost cost-value | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name | tag tag ] * By default, IPv6 IS-IS does not redistribute routes from any other routing protocol. If you do not specify the route level in the command, the command redistributes routes to the level-2 routing table.

  • Page 41: Display And Maintenance Commands For Ipv6 Mce

    Enter BGP-VPN IPv6 unicast address family view. address-family ipv6 [ unicast ] Enable BGP to exchange IPv6 unicast routes with the specified peer. peer { group-name | ipv6-address [ prefix-length ] } enable By default, BGP does not exchange IPv6 unicast routes with peers. Redistribute the VPN routes of the VPN site.
  • Page 42 Figure 6 Network diagram VPN 2 Site 1 PE 2 PE 1 Vlan-int30: 30::2/64 Vlan-int40: 40::2/64 PE 3 Vlan-int10 VPN 1 VPN 1 Vlan-int30: 30::1/64 2001:1::2/64 Site 2 2012:1::/64 Vlan-int40: 40::1/64 Vlan-int11 Vlan-int10 2012:1::2/64 2001:1::1/64 Vlan-int20 VR 1 2002:1::1/64 Vlan-int20 2002:1::2/64 VR 2 Vlan-int21...
  • Page 43 [MCE] interface vlan-interface 20 [MCE-Vlan-interface20] ip binding vpn-instance vpn2 [MCE-Vlan-interface20] ipv6 address 2002:1::1 64 [MCE-Vlan-interface20] quit # On PE 1, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance. <PE1> system-view [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 10:1 [PE1-vpn-instance-vpn1] vpn-target 10:1 [PE1-vpn-instance-vpn1] quit...
  • Page 44 Destinations : 6 Routes : 6 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2001:1::/64 Protocol : Direct NextHop : :: Preference: 0 Interface : Vlan10 Cost Destination: 2001:1::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface...
  • Page 45 Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost The output shows that the MCE has learned the private route of VPN 2. The MCE maintains the routes of VPN 1 and VPN 2 in two different routing tables. In this way, routes from different VPNs are separated.
  • Page 46 # Enable OSPFv3 on VLAN-interface 30. [PE1] interface vlan-interface 30 [PE1-Vlan-interface30] ospfv3 10 area 0.0.0.0 [PE1-Vlan-interface30] quit # Configure OSPFv3 process 20 between the MCE and PE 1. (Details not shown.) # Redistribute VPN 2's routes from RIPng process 20 into the OSPFv3 routing table of the MCE. (Details not shown.) Verifying the configuration # Verify that PE 1 has learned the private route of VPN 1 through OSPFv3.
  • Page 47 Destination: 40::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2012::/64 Protocol : O_ASE2 NextHop : FE80::200:FF:FE0F:5 Preference: 150 Interface : Vlan40 Cost Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost Destination: FF00::/8 Protocol...

This manual is also suitable for:

S5560s-si seriesS5500v3-si seriesMs4520v2 series ws5850-winet series ms4520v2-28sMs4520v2-24tp

Table of Contents