background image

 

MPLS L3VPN concepts 

Site 

A site has the following features: 

 

A site is a group of IP systems with IP connectivity that does not rely on any service provider network. 

 

The classification of a site depends on the topology relationship of the devices, rather than the 
geographical positions, though the devices at a site are, in most cases, adjacent to each other 

geographically.  

 

The devices at a site can belong to multiple VPNs, which means that a site can belong to multiple 
VPNs. 

 

A site is connected to a provider network through one or more CEs. A site can contain multiple CEs, 

but a CE can belong to only one site.  

Sites connected to the same provider network can be classified into different sets by policies. Only the 

sites in the same set can access each other through the provider network. Such a set is called a VPN. 

VPN instance 

VPN instances, also called virtual routing and forwarding (VRF) instances, implement route isolation, 

data independence, and data security for VPNs.  
A VPN instance has the following components: 

 

A separate Label Forwarding Information Base (LFIB).  

 

An IP routing table.  

 

Interfaces bound to the VPN instance. 

 

VPN instance administration information, including route distinguishers (RDs), route targets (RTs), 
and route filtering policies. 

To associate a site with a VPN instance, bind the VPN instance to the PE's interface connected to the site. 

A site can be associated with only one VPN instance, and different sites can associate with the same 

VPN instance. A VPN instance contains the VPN membership and routing rules of associated sites.  

Address space overlapping 

Each VPN independently manages its address space. 
The address spaces of VPNs might overlap. For example, if both VPN 1 and VPN 2 use the addresses on 

subnet 10.110.10.0/24, address space overlapping occurs. 

VPN-IPv4 address 

BGP cannot process overlapping VPN address spaces. For example, if both VPN 1 and VPN 2 use the 
subnet 10.110.10.0/24 and each advertise a route destined for the subnet, BGP selects only one of them, 

resulting in the loss of the other route.  
Multiprotocol BGP (MP-BGP) can solve this problem by advertising VPN-IPv4 prefixes. 

Figure 2

 

VPN-IPv4 address structure 

 

 

Type

2 bytes

4 bytes

IPv4 address prefix

6 bytes

Route Distinguisher (8 bytes)

Assigned number subfield

Administrator subfield 

Summary of Contents for S6800 Series

Page 1: ...H3C S6800 Switch Series MCE Configuration Guide Hangzhou H3C Technologies Co Ltd http www h3c com Software version Release 2407 Document version 6W100 20131205...

Page 2: ...ne SecPath SecCenter SecBlade Comware ITCMM and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the property of their respective...

Page 3: ...ork planners Field technical support and servicing engineers Network administrators working with the S6800 series Conventions This section describes the conventions used in this documentation set Comm...

Page 4: ...n to important information that if not understood or followed can result in data loss data corruption or damage to hardware or software IMPORTANT An alert that calls attention to essential information...

Page 5: ...cement of SFP SFP XFP transceiver modules H3C LSVM1AC650 LSVM1DC650 Power Modules User Manual Describes the appearance specifications and installation and removal of hot swappable power modules Softwa...

Page 6: ...Technical support service h3c com http www h3c com Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...

Page 7: ...g and maintaining MCE 14 MCE configuration examples 15 Configuring the MCE that uses OSPF to advertise VPN routes to the PE 15 Configuring the MCE that uses EBGP to advertise VPN routes to the PE 20 C...

Page 8: ...ure 1 Basic MPLS L3VPN architecture A basic MPLS L3VPN architecture has the following types of devices Customer edge device A CE device resides on a customer network and has one or more interfaces dir...

Page 9: ...rding Information Base LFIB An IP routing table Interfaces bound to the VPN instance VPN instance administration information including route distinguishers RDs route targets RTs and route filtering po...

Page 10: ...checks the export target attribute of VPN IPv4 routes received from other PEs If the export target attribute matches the import target attribute of a VPN instance the PE adds the routes to the routin...

Page 11: ...nds the packet through the corresponding tunnel You can configure static routes OSPF EBGP or IBGP between an MCE and a VPN site and between an MCE and a PE NOTE To implement dynamic IP assignment for...

Page 12: ...for the VPN instance description text By default no description is configured for a VPN instance 5 Optional Configure a VPN ID for the VPN instance vpn id vpn id By default no VPN ID is configured fo...

Page 13: ...Configurations made in VPN instance view apply to both IPv4 VPN and IPv6 VPN IPv4 VPN prefers the configurations in IPv4 VPN view over the configurations in VPN instance view 3 Configure route target...

Page 14: ...to a VPN instance so that the static routes of different VPN instances can be isolated from each other To configure a static route to a VPN site Step Command Remarks 1 Enter system view system view N...

Page 15: ...orrect route advertisement 4 Optional Configure the type codes of OSPF extended community attributes ext community type domain id type code1 router id type code2 route type type code3 The defaults are...

Page 16: ...You can configure filtering policies to filter received routes and advertised routes 1 Configure the MCE Routes redistributed from OSPF to BGP have their OSPF attributes removed To enable BGP to dist...

Page 17: ...protocol process id By default BGP does not filter advertised routes 10 Optional Configure filtering of received routes filter policy acl number prefix list prefix list name import By default BGP doe...

Page 18: ...ther IBGP peers including VPNv4 peers The MCE advertises routes learned from a VPN site only when you configure the VPN site as a client of the RR the MCE 8 Redistribute remote site routes advertised...

Page 19: ...ations on the MCE For information about configuring the PE see the documentation for the PE Configuring static routing between an MCE and a PE Step Command Remarks 1 Enter system view system view N A...

Page 20: ...routing loops you can configure route tags for VPN instances on an MCE HP recommends that you configure the same route tag for the same VPN on the MCEs 7 Redistribute the VPN routes import route prot...

Page 21: ...import route protocol process id all processes allow direct med med value route policy route policy name By default no routes are redistributed into BGP 8 Optional Configure filtering of advertised r...

Page 22: ...tes from different VPNs and to advertise the VPN routes to PE 1 through OSPF Figure 4 Network diagram Configuration procedure Assume that the system name of the MCE device is MCE the system names of t...

Page 23: ...n 20 MCE vlan20 port fortygige 1 0 2 MCE vlan20 quit MCE interface vlan interface 20 MCE Vlan interface20 ip binding vpn instance vpn2 MCE Vlan interface20 ip address 10 214 20 3 24 MCE Vlan interface...

Page 24: ...0 0 0 0 0 NULL0 224 0 0 0 24 Direct 0 0 0 0 0 0 NULL0 255 255 255 255 32 Direct 0 0 127 0 0 1 InLoop0 The output shows that the MCE has a static route for VPN instance vpn1 Run OSPF in VPN 2 Create O...

Page 25: ...o PE s port FortyGigE 1 0 1 Configure the two ports as trunk ports and configure them to permit packets carrying VLAN tags 30 and 40 to pass MCE interface fortygige 1 0 3 MCE FortyGigE1 0 3 port link...

Page 26: ...etection and set the domain ID to 10 MCE ospf 10 router id 101 101 10 1 vpn instance vpn1 MCE ospf 10 vpn instance capability simple MCE ospf 10 domain id 10 On the MCE advertise subnet 30 1 1 0 in ar...

Page 27: ...roto Pre Cost NextHop Interface 0 0 0 0 32 Direct 0 0 127 0 0 1 InLoop0 40 1 1 0 24 Direct 0 0 40 1 1 2 Vlan40 40 1 1 0 32 Direct 0 0 40 1 1 2 Vlan40 40 1 1 2 32 Direct 0 0 127 0 0 1 InLoop0 40 1 1 25...

Page 28: ...ails not shown Configure OSPF on the MCE and bind OSPF process 10 with VPN instance vpn1 to learn the routes of VPN 1 MCE system view MCE ospf 10 router id 10 10 10 1 vpn instance vpn1 MCE ospf 10 are...

Page 29: ...20 3 Vlan20 10 214 20 0 32 Direct 0 0 10 214 20 3 Vlan20 10 214 20 3 32 Direct 0 0 127 0 0 1 InLoop0 10 214 20 255 32 Direct 0 0 10 214 20 3 Vlan20 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 0...

Page 30: ...32 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 127 255 255 255 32 Direct 0 0 127 0 0 1 InLoop0 192 168 0 0 24 BGP 255 3 30 1 1 1 Vlan30 224 0 0 0 4 Direct 0 0 0 0 0 0 NULL0...

Page 31: ...24 255 255 255 255 32 Direct 0 0 127 0 0 1 InLoop0 Now the MCE has redistributed the OSPF routes of the two VPN instances into the EBGP routing tables of PE 1...

Page 32: ...onfiguring route related attributes for a VPN instance Configuring routing on an MCE Required Configuring routing between an MCE and a VPN site Required Configuring routing between an MCE and a PE Con...

Page 33: ...vpn instance vpn instance name By default no VPN instance is associated with an interface The ip binding vpn instance command clears the IP address of the interface Therefore re configure an IP addres...

Page 34: ...ute policy By default all routes matching the import target attribute are accepted Make sure the routing policy already exists Otherwise the device does not filter received routes For information abou...

Page 35: ...anent preference preference value tag tag value description description text Use either command as needed Perform this configuration on the MCE On a VPN site configure normal IPv6 static routes 3 Opti...

Page 36: ...view bgp as number N A 3 Enter BGP VPN instance view ip vpn instance vpn instance name N A 4 Specify an IPv6 BGP peer in an AS peer group name ipv6 address as number as number By default no BGP peer i...

Page 37: ...nce on the MCE and redistribute the IGP routes of each VPN instance on the VPN site 1 Configure the MCE Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 En...

Page 38: ...6 unicast address family view address family ipv6 unicast N A 5 Enable BGP to exchange IPv6 unicast routes with the peer peer group name ipv6 address enable By default BGP does not exchange IPv6 unica...

Page 39: ...tribute VPN routes import route protocol process id all processes allow ibgp allow direct cost cost route policy route policy name type type By default no routes are redistributed into OSPFv3 5 Option...

Page 40: ...tes Displaying and maintaining IPv6 MCE Execute display commands in any view Task Command Display information about a specified VPN instance or all VPN instances display ip vpn instance instance name...

Page 41: ...ance vpn1 vpn target 10 1 MCE vpn instance vpn1 quit MCE ip vpn instance vpn2 MCE vpn instance vpn2 route distinguisher 20 1 MCE vpn instance vpn2 vpn target 20 1 MCE vpn instance vpn2 quit Create VLA...

Page 42: ...1 vpn instance vpn2 quit 2 Configure routing between the MCE and VPN sites The MCE is connected to VPN 1 directly and no routing protocol is enabled in VPN 1 Therefore you can configure IPv6 static ro...

Page 43: ...VR2 Vlan interface21 quit On the MCE display the routing table of VPN instance vpn1 MCE display ipv6 routing table vpn instance vpn1 Destinations 6 Routes 6 Destination 1 128 Protocol Direct NextHop...

Page 44: ...re routing between the MCE and PE 1 On the MCE configure the port connected to PE 1 as a trunk port and configure it to permit packets of VLAN 30 and VLAN 40 to pass with VLAN tags MCE interface forty...

Page 45: ...vpn2 PE1 Vlan interface40 ipv6 address 40 2 64 PE1 Vlan interface40 quit Enable OSPFv3 process 10 on the MCE bind the process to VPN instance vpn1 and redistribute the IPv6 static route of VPN 1 MCE o...

Page 46: ...1 64 Protocol OSPFv3 NextHop FE80 202 FF FE02 2 Preference 150 Interface Vlan30 Cost 1 Destination FE80 10 Protocol Direct NextHop Preference 0 Interface NULL0 Cost 0 Destination FF00 8 Protocol Dire...

Page 47: ...50 Interface Vlan40 Cost 1 Destination FE80 10 Protocol Direct NextHop Preference 0 Interface NULL0 Cost 0 Destination FF00 8 Protocol Direct NextHop Preference 0 Interface NULL0 Cost 0 Now the routin...

Page 48: ...3 28 IPv6 MPLS L3VPN MCE VPN site routing 28 IPv6 MPLS L3VPN MCE VPN site static routing 28 IPv6 MPLS L3VPN VPN instance 25 IPv6 MPLS L3VPN VPN instance route related attributes 26 MCE 15 MPLS L3VPN M...

Page 49: ...guration 32 MCE PE IPv6 static routing configuration 31 MCE PE OSPFv3 configuration 32 MCE VPN site EBGP configuration 29 MCE VPN site IBGP configuration 30 MCE VPN site OSPFv3 configuration 28 MCE VP...

Page 50: ...te EBGP configuration 29 IPv6 MPLS L3VPN MCE VPN site IBGP configuration 30 IPv6 MPLS L3VPN MCE VPN site OSPFv3 configuration 28 IPv6 MPLS L3VPN MCE VPN site routing configuration 28 IPv6 MPLS L3VPN M...

Page 51: ...L3VPN VPN instance with interface 5 configuring IPv6 MCE 33 configuring IPv6 MPLS L3VPN MCE routing 27 configuring IPv6 MPLS L3VPN MCE PE 31 configuring IPv6 MPLS L3VPN MCE PE EBGP 32 configuring IPv...

Page 52: ...uting configuration 28 IPv6 MPLS L3VPN VPN instance configuration 25 IPv6 MPLS L3VPN VPN instance creation 25 IPv6 MPLS L3VPN VPN instance interface association 26 IPv6 MPLS L3VPN VPN instance route r...

Reviews: