H3C SR8800 10G Mpls Configuration Manual Download Page 1

Page: 1 / 410

H3C SR8800 10G Core Routers

MPLS Configuration Guide

Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com

Software version: SR8800-CMW520-R3347
Document version: 6W103-20120224

Summary of Contents for SR8800 10G

Page 1: ...H3C SR8800 10G Core Routers MPLS Configuration Guide Hangzhou H3C Technologies Co Ltd http www h3c com Software version SR8800 CMW520 R3347 Document version 6W103 20120224...

Page 2: ...ware Secware Storware NQA VVG V2 G Vn G PSPT XGbus N Bus TiGem InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are th...

Page 3: ...k administrators working with the SR8800 series Conventions This section describes the conventions used in this documentation set Command conventions Convention Description Boldface Bold text represen...

Page 4: ...alert that calls attention to essential information NOTE An alert that contains additional or supplementary information TIP An alert that provides helpful information Network topology icons Represents...

Page 5: ...a quick reference to all available commands Operations and maintenance Release notes Provide information about the product release including the version history hardware and software compatibility ma...

Page 6: ...ring LDP loop detection 17 Configuring LDP MD5 authentication 18 Configuring LDP label filtering 18 Maintaining LDP sessions 20 Configuring BFD for MPLS LDP 20 Resetting LDP sessions 20 Managing and o...

Page 7: ...re 60 Configuring RSVP TE advanced features 65 Configuration prerequisites 65 Configuration procedure 65 Tuning CR LSP setup 69 Configuration prerequisites 69 Configuration procedure 69 Tuning MPLS TE...

Page 8: ...implementation 157 Hub spoke VPLS implementation 159 Multi hop PW 160 VPLS configuration task list 161 Configuring LDP VPLS 162 Configuration prerequisites 162 Enabling L2VPN and MPLS L2VPN 162 Config...

Page 9: ...pella MPLS L2VPN 217 Example for configuring a Kompella local connection 219 Troubleshooting MPLS L2VPN 221 Configuring MPLS L3VPN 222 MPLS L3VPN overview 222 MPLS L3VPN concepts 223 MPLS L3VPN packet...

Page 10: ...uses a GRE tunnel 295 Configuring inter AS option A 300 Configuring inter AS option B 305 Configuring inter AS option C 310 Configuring carrier s carrier 316 Configuring nested VPN 324 Configuring Ho...

Page 11: ...369 Resetting BGP connections 369 Displaying information about IPv6 MPLS L3VPN 369 IPv6 MPLS L3VPN configuration examples 371 Configuring IPv6 MPLS L3VPNs 371 Configuring inter AS IPv6 VPN option A 37...

Page 12: ...s Residing between the link layer and the network layer MPLS can work on various link layer protocols for example PPP ATM frame relay and Ethernet provide connection oriented services for various netw...

Page 13: ...ER is an LSR that resides at the edge of an MPLS network and is connected to another network LSP A label switched path LSP is the path along which packets of a FEC travel through an MPLS network An LS...

Page 14: ...Rs of the bindings so as to establish the LFIB on each LSR LSPs can be established through manual configuration or be established dynamically through label distribution protocols 1 Establishing a stat...

Page 15: ...ng information After all LSRs along the packet forwarding path establish a LFIB entry for the FEC an LSP is established for packets of this FEC Figure 4 Process of dynamic LSP establishment Label dist...

Page 16: ...de otherwise no LSP can be established normally 2 Label distribution control modes Two label distribution control modes are available independent and ordered In independent mode an LSR can distribute...

Page 17: ...changes but will waste label resources as LSRs need to keep extra labels In conservative mode an LSR keeps only label bindings that are from its next hops for the FECs This allows LSRs to maintain fe...

Page 18: ...ter B looks for the corresponding NHLFE entry of the Token value According to the NHLFE entry Router B pushes label 40 to the packet and then forwards the labeled packet to the next hop LSR Router C t...

Page 19: ...implicit null label and never appears in the label stack When an LSR finds that it is assigned an implicit null label it directly performs a pop operation rather than substitutes the implicit null lab...

Page 20: ...ndings between LDP peers and thereby establish LSPs For the LSP establishment process see LSP establishment and label distribution 4 Session termination An LSR terminates its LDP session with an LDP p...

Page 21: ...el distribution control mode Optional Configuring LDP loop detection Optional Configuring LDP MD5 authentication Optional Configuring LDP label filtering Optional Maintaining LDP sessions Configuring...

Page 22: ...otocol ensuring that LSRs can communicate with each other at the network layer Configuration procedure To enable MPLS Step Command Remarks 1 Enter system view system view N A 2 Configure the MPLS LSR...

Page 23: ...ic lsp egress lsp name incoming interface interface type interface number in label in label NOTE If the outgoing interface specified for a static LSP is a P2MP interface such as a P2MP ATM subinterfac...

Page 24: ...as local LDP sessions To establish a local LDP session Determine the LDP transport addresses of the two peers and make sure that the LDP transport addresses are reachable to each other This is to esta...

Page 25: ...much you need to adjust timers to ensure the stability of the LDP sessions To configure remote LDP session parameters Step Command Remarks 1 Enter system view system view N A 2 Create a remote peer e...

Page 26: ...iguring LDP to advertise prefix based labels through a remote session is for implementing MPLS LDP over MPLS TE For information about MPLS LDP over MPLS TE see the chapter Configuring MPLS TE Configur...

Page 27: ...ks can trigger establishment of LSPs NOTE For an LSP to be established an exactly matching routing entry must exist on the LSR For example on an LSR to establish an LSP to a loopback address with a 32...

Page 28: ...l request message or label mapping message carries path information in the form of path vector list When such a message reaches an LSR the LSR checks the path vector list of the message to see whether...

Page 29: ...ep Command Remarks 1 Enter system view system view N A 2 Enter MPLS LDP view mpls ldp N A 3 Enable LDP MD5 authentication and set the password md5 password cipher plain peer lsr id password Disabled b...

Page 30: ...tions permitted by prefix list C Figure 9 Network diagram for label advertisement control Configuration prerequisites Before you configure LDP label filtering policies you must create an IP prefix lis...

Page 31: ...eers fails the LDP session will be down and as a result MPLS forwarding will fail By cooperating with bidirectional forwarding detection BFD MPLS LDP can be quickly aware of communication failures bet...

Page 32: ...k adds the label stack back into each fragment and then forwards the fragments If fragmentation is not allowed the LSR drops the packet directly To configure the MPLS MTU of an interface Step Command...

Page 33: ...agation disabled When the ingress labels a packet it does not copy the TTL value of the original IP packet to the TTL field of the label and the label TTL is set to 255 When an LSR forwards the labele...

Page 34: ...cket sender it sends the ICMP TTL exceeded message to the packet sender directly through the IP route If the LSR has no route to the packet sender it forwards the ICMP TTL exceeded message along the L...

Page 35: ...ne Using this feature LDP Graceful Restart GR preserves the LFIB information when the signaling protocol or control plane fails so that LSRs can still forward packets according to LFIB ensuring contin...

Page 36: ...GR restarter 5 After the recovery time elapses the GR helper deletes the FEC label bindings that are still marked stale 6 When the MPLS forwarding state holding timer expires the GR restarter deletes...

Page 37: ...istics Inspecting LSPs In MPLS the MPLS control plane is responsible for establishing LSPs However when an LSP fails to forward data the control plane cannot detect the LSP failure or cannot do so in...

Page 38: ...into a BFD control packet forward the BFD control packet along the LSP to the egress and determine the status of the LSP according to the reply received Upon detecting an LSP failure BFD triggers a tr...

Page 39: ...s in active mode and the egress node always works in passive mode The bfd session init mode command does not take effect on the ingress and egress nodes of such a BFD session Even if you configure the...

Page 40: ...trap function Step Command Remarks 1 Enter system view system view N A 2 Enable the MPLS trap function snmp agent trap enable mpls Disabled by default NOTE For more information about the snmp agent tr...

Page 41: ...xclude include regular expression Available in any view Display information about static LSPs display mpls static lsp lsp name lsp name include exclude dest addr mask length verbose begin exclude incl...

Page 42: ...tatistics information about all LSP sessions display mpls ldp session all statistics begin exclude include regular expression Available in any view Display information about LSPs established by LDP di...

Page 43: ...re is no need to configure such a static route on the transit and egress nodes and thus you do not need to configure any routing protocol on the routers Configuration procedure 1 Configure the IP addr...

Page 44: ...incoming interface Pos 2 1 1 in label 30 nexthop 20 1 1 2 out label 50 Configure the LSP egress Router C RouterC static lsp egress AtoC incoming interface Pos 2 1 1 in label 50 5 Create a static LSP...

Page 45: ...m Router C to Router A RouterC ping lsp a 21 1 1 1 ipv4 11 1 1 0 24 LSP Ping FEC IPV4 PREFIX 11 1 1 0 24 100 data bytes press CTRL_C to break Reply from 10 1 1 1 bytes 100 Sequence 1 time 3 ms Reply f...

Page 46: ...erA ospf 1 area 0 0 0 0 quit RouterA ospf 1 quit Configure OSPF on Router B RouterB system view RouterB ospf RouterB ospf 1 area 0 RouterB ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 RouterB ospf 1 ar...

Page 47: ...ls RouterB mpls quit RouterB mpls ldp RouterB mpls ldp quit RouterB interface Pos 2 1 1 RouterB Pos2 1 1 mpls RouterB Pos2 1 1 mpls ldp RouterB Pos2 1 1 quit RouterB interface Pos 2 1 2 RouterB Pos2 1...

Page 48: ...s RouterB mpls lsp trigger all RouterB mpls quit Configure the LSP establishment triggering policy on Router C RouterC mpls RouterC mpls lsp trigger all RouterC mpls quit 5 Verify the configuration Ex...

Page 49: ...ms Reply from 10 1 1 1 bytes 100 Sequence 2 time 2 ms Reply from 10 1 1 1 bytes 100 Sequence 3 time 2 ms Reply from 10 1 1 1 bytes 100 Sequence 4 time 3 ms Reply from 10 1 1 1 bytes 100 Sequence 5 tim...

Page 50: ...from 1 1 1 0 24 to 21 1 1 0 24 and the other for detecting the connectivity of the LSP from 21 1 1 0 24 to 1 1 1 0 24 Use the following command to view the verbose information of the BFD sessions Rou...

Page 51: ...40 Hold Time 1900ms Connect Type Indirect Running Up for 00 02 28 Auth mode None Protocol MFW LSPV Diag Info No Diagnostic...

Page 52: ...iprotocol Label Switching MPLS Because IGPs are topology driven and consider only network connectivity they fail to present some dynamic factors such as bandwidth and traffic characteristics This IGP...

Page 53: ...e configured manually Dynamic CR LSP processing to handle three types of CR LSPs basic CR LSPs backup CR LSPs and fast rerouted CR LSPs Static CR LSP processing is simple while dynamic CR LSP processi...

Page 54: ...lled Constraint based Routing CR CR LSP involves these concepts Strict and loose explicit routes Traffic characteristics Preemption Route pinning Administrative group and affinity attribute Reoptimiza...

Page 55: ...ess of allocating reallocating network resources You may configure it to meet desired QoS Normally service providers use some mechanism to optimize CR LSPs for best use of network resources They can d...

Page 56: ...h LSP set up using RSVP TE is assigned a resource reservation style During an RSVP session the receiver decides which reservation style can be used for this session and thus which LSPs can be used Two...

Page 57: ...once created to remove the path state and related reservation state on each node along the path ResvTear messages Sent upstream immediately once created to remove the reservation state on each node a...

Page 58: ...ay be unbearable As tuning refresh intervals is not adequate to address the two problems the refreshing mechanism was extended in RFC 2961 RSVP Refresh Overhead Reduction Extensions as follows to addr...

Page 59: ...lo capability of RSVP TE A GR capable device advertises its GR capability and relevant time parameters to its neighbors by extended RSVP hello packets If a device and all its neighbors have the RSVP G...

Page 60: ...int links and TE tunnel interfaces can be set as outgoing interfaces IGP shortcut also known as autoroute announce considers a TE tunnel as a logical interface directly connected to the destination wh...

Page 61: ...tandard backup where a secondary CR LSP is created to take over after the primary CR LSP fails FRR Overview Fast Reroute FRR provides a quick per link or per node protection on an LSP In this approach...

Page 62: ...A main tunnel and its protection tunnels form a protection group When the main tunnel fails data is switched to a protection tunnel immediately greatly improving the reliability of the network When t...

Page 63: ...ndwidth constraints Essentially what DS TE does is to map traffic trunks with LSPs making each traffic trunk traverse the constraints compliant path The router supports the following DS TE modes Prest...

Page 64: ...MPLS TE tunnel interface to configure the bandwidth constraints of the tunnel interface The router determines whether there is enough bandwidth to establish an MPLS TE tunnel for a traffic trunk accor...

Page 65: ...ss The router checks whether the CT and the LSP setup holding priority of the traffic trunk matches an existing TE class An MPLS TE tunnel can be established for the traffic trunk only when the follow...

Page 66: ...established between the MPLS TE tunnel headend and tailend The LDP LSP is carried on the MPLS TE tunnel In this way a hierarchical LSP is formed Figure 23 Configure an LDP LSP over an MPLS TE LSP NOT...

Page 67: ...CR LSP backup Optional Configuring FRR Optional Inspecting an MPLS TE tunnel Optional Configuring protection switching Optional Configuring MPLS TE basic capabilities MPLS TE basic capabilities are es...

Page 68: ...nel configuration mpls te commit N A NOTE For more information about tunnel interfaces see Layer 3 IP Services Configuration Guide Configuring DiffServ aware TE To configure DS TE Step Command Remarks...

Page 69: ...nges Static CR LSPs are special static LSPs They share the same constraints and use the same label space Configuration prerequisites Before making the configuration do the following Configure static r...

Page 70: ...TE tunnel carried over the static CR LSP The tunnel name argument in the static cr lsp ingress command is case sensitive Suppose you create a tunnel interface with the interface tunnel 2 command To sp...

Page 71: ...iguring MPLS TE properties for a link Optional Configuring CSPF Optional Configuring OSPF TE Required when CSPF is configured Choose one depending on the IGP protocol used Configuring IS IS TE Configu...

Page 72: ...h Optional 0 for BC 0 through BC 3 by default In RDM model BC 0 is the maximum reservable bandwidth of a link Configuring CSPF To configure CSPF Step Command Remarks 1 Enter system view system view N...

Page 73: ...oded normally on all interfaces with IS IS enabled the MTU of any IS IS enabled interface including 27 octets of LSP header and two octets of TLV header cannot be less than 284 octets If an LSP must a...

Page 74: ...MPLS TE explicit path Step Command Remarks 1 Enter system view system view N A 2 Create an explicit path for MPLS TE tunneling and enter its view explicit path path name disable enable N A 3 Add a no...

Page 75: ...use and set the preference of the path mpls te path dynamic explicit path pathname preference value Optional By default a tunnel uses the dynamically calculated path 5 Submit current tunnel configura...

Page 76: ...SP setup RSVP TE provides many configurable options with respect to reliability network resources and other advanced features of MPLS TE Before performing the configuration tasks in this section be aw...

Page 77: ...l is 30 seconds 4 Configure the keep multiplier for PSB and RSB mpls rsvp te keep multiplier number Optional The default is 3 5 Configure the blockade timeout multiplier mpls rsvp te blockade multipli...

Page 78: ...lost before the link is considered failed mpls rsvp te hello lost times Optional By default the link is considered failed if three consecutive hellos are lost 5 Configure the hello interval mpls rsvp...

Page 79: ...svp te authentication cipher plain auth key NOTE FRR and RSVP authentication cannot run at the same time Configuring RSVP TE GR The RSVP TE GR function depends on the extended hello capability of RSVP...

Page 80: ...R LSP can traverse Configuration prerequisites The configuration tasks described in this section are about CSPF of MPLS TE They must be used in conjunction with CSPF and the dynamic signal protocol CR...

Page 81: ...trative group and affinity attribute The affinity attribute of an MPLS TE tunnel identifies the properties of the links that the tunnel can use Together with the link administrative group it decides w...

Page 82: ...commit N A Configuring CR LSP reoptimization Dynamic CR LSP optimization involves periodic calculation of paths that traffic trunks should traverse If a better route is found for an existing CR LSP a...

Page 83: ...ing To configure route and label recording Step Command Remarks 1 Enter system view system view N A 2 Enter MPLS TE tunnel interface view interface tunnel tunnel number N A 3 Enable the system to reco...

Page 84: ...To avoid flapping caused by improper preemptions between CR LSPs the setup priority of a CR LSP should not be set higher than its holding priority To assign priorities to a tunnel Step Command Remark...

Page 85: ...unnel interface address to IGPs such as OSPF and ISIS Before configuring automatic route advertisement enable OSPF or ISIS on the MPLS TE tunnel interface Two approaches IGP shortcut and forwarding ad...

Page 86: ...nnel to IGP neighbors mpls te igp advertise hold time value Routes of MPLS TE tunnels are not advertised to IGP neighbors by default 4 Assign a metric to the MPLS TE tunnel mpls te igp metric absolute...

Page 87: ...late paths This tends to be resource consuming as recalculation involves IGP flooding To reduce recalculations and flood only significant changes you may configure the following two IGP flooding thres...

Page 88: ...e interface number N A 10 Assign a TE metric to the link mpls te metric value Optional If no TE metric is assigned to the link IGP metric is used as the TE metric by default NOTE If you do not configu...

Page 89: ...As mentioned earlier Fast Reroute FRR provides quick but temporary per link or per node local protection on an LSP FRR uses bypass tunnels to protect primary tunnels As bypass tunnels are pre establi...

Page 90: ...LSP becomes a bypass LSP The setup of a bypass LSP must be manually performed on the PLR The configuration of a bypass LSP is similar to that of a common LSP However a bypass LSP cannot be configured...

Page 91: ...is can defeat your attempts to binding a primary LSP to a bypass tunnel Therefore when configuring a bypass tunnel you must configure the bandwidth that it is intended to protect with the mpls te back...

Page 92: ...ring MPLS LSP ping MPLS LSP ping can be used to check the connectivity of an MPLS TE tunnel At the ingress it adds the label for the MPLS TE tunnel to be inspected into an MPLS echo request which then...

Page 93: ...om remote to local between two routers Dynamic If you do not specify the local and remote discriminator values when configuring the mpls te bfd enable command the MPLS LSP ping will be run automatical...

Page 94: ...nd does not take effect on the ingress and egress nodes of such a BFD session Even if you configure the two nodes to both work in passive mode the BFD session will still be established successfully Co...

Page 95: ...an MPLS TE tunnel Configure BFD for the MPLS TE tunnel Before configuring a protection tunnel prepare the following data Interface number of the main tunnel in the protection group ID of the protectio...

Page 96: ...information about RSVP TE PSB display mpls rsvp te psb content ingress lsr id lspid tunnel id egress lsr id begin include exclude regular expression Available in any view Display information about RSV...

Page 97: ...in any view Display the latest TE information advertised by IS IS TE display isis traffic eng advertisements level 1 level 1 2 level 2 lsp id lsp id local process id vpn instance vpn instance name be...

Page 98: ...configuration examples MPLS TE using static CR LSP configuration example Network requirements Router A Router B and Router C run IS IS Establish a TE tunnel using a static CR LSP between Router A and...

Page 99: ...3 1 1 isis enable 1 RouterC GigabitEthernet3 1 1 quit RouterC interface loopback 0 RouterC LoopBack0 isis enable 1 RouterC LoopBack0 quit Perform the display ip routing table command on each router Yo...

Page 100: ...3 1 1 mpls te RouterC GigabitEthernet3 1 1 quit 4 Configure an MPLS TE tunnel Configure an MPLS TE tunnel on Router A RouterA interface tunnel 3 RouterA Tunnel3 ip address 6 1 1 1 255 255 255 0 Router...

Page 101: ...packets sec 0 packets input 0 bytes 0 input error 0 packets output 0 bytes 0 output error Perform the display mpls te tunnel command on each router to verify information about the MPLS TE tunnel Route...

Page 102: ...EC field in the sample output is empty on Router B and Router C 7 Create a static route for routing MPLS TE tunnel traffic RouterA ip route static 3 2 1 2 24 tunnel 3 preference 1 Perform the display...

Page 103: ...uterA GigabitEthernet3 1 1 quit RouterA interface loopback 0 RouterA LoopBack0 isis enable 1 RouterA LoopBack0 isis circuit level level 2 RouterA LoopBack0 quit Configure Router B RouterB system view...

Page 104: ...able 1 RouterD LoopBack0 isis circuit level level 2 RouterD LoopBack0 quit Perform the display ip routing table command on each router You can see that all nodes learnt the host routes of other nodes...

Page 105: ...pos 2 1 1 RouterB POS2 1 1 mpls RouterB POS2 1 1 mpls te RouterB POS2 1 1 mpls rsvp te RouterB POS2 1 1 quit Configure Router C RouterC mpls lsr id 3 3 3 9 RouterC mpls RouterC mpls mpls te RouterC mp...

Page 106: ...n Router A RouterA interface GigabitEthernet 3 1 1 RouterA GigabitEthernet3 1 1 mpls te max link bandwidth 10000 RouterA GigabitEthernet3 1 1 mpls te max reservable bandwidth 5000 RouterA GigabitEther...

Page 107: ...n Perform the display interface tunnel command on Router A You can find that the tunnel interface is up RouterA display interface tunnel Tunnel4 current state UP Line protocol current state UP Descrip...

Page 108: ...BW Interfaces Protected VPN Bind Type NONE VPN Bind Value Car Policy Disabled Tunnel Group Primary Primary Tunnel Backup Tunnel Group Status Oam Status Perform the display mpls te cspf tedb all comman...

Page 109: ...h is 10000 kbps and maximum reservable bandwidth is 5000 kbps Figure 26 Network diagram Device Interface IP address Device Interface IP address Router A Loop0 1 1 1 9 32 Router C Loop0 3 3 3 9 32 GE3...

Page 110: ...RouterD ospf 1 area 0 0 0 0 network 30 1 1 0 0 0 0 255 RouterD ospf 1 area 0 0 0 0 network 4 4 4 9 0 0 0 0 RouterD ospf 1 area 0 0 0 0 quit RouterD ospf 1 quit After the configurations execute the dis...

Page 111: ...0 1 10 1 1 2 GE3 1 1 3 3 3 9 32 O_ASE 150 1 10 1 1 2 GE3 1 1 4 4 4 9 32 O_ASE 150 1 10 1 1 2 GE3 1 1 10 1 1 0 24 Direct 0 0 10 1 1 1 GE3 1 1 10 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 20 1 1 0 24 O_ASE...

Page 112: ...1 1 mpls RouterC GigabitEthernet3 1 1 mpls te RouterC GigabitEthernet3 1 1 mpls rsvp te RouterC GigabitEthernet3 1 1 quit RouterC interface POS 2 1 1 RouterC POS2 1 1 mpls RouterC POS2 1 1 mpls te Ro...

Page 113: ...20 1 1 2 include loose RouterA explicit path atod next hop 30 1 1 2 include loose RouterA explicit path atod quit 7 Configure MPLS TE attributes of links Configure the maximum link bandwidth and maxi...

Page 114: ...nel id 10 RouterA Tunnel1 mpls te signal protocol rsvp te RouterA Tunnel1 mpls te bandwidth 2000 RouterA Tunnel1 mpls te path explicit path atod preference 5 RouterA Tunnel1 mpls te commit RouterA Tun...

Page 115: ...Loop Detection Disabled Record Route Disabled Record Label Disabled FRR Flag Disabled BackUpBW Flag Not Supported BackUpBW Type BackUpBW Route Pinning Disabled Retry Limit 10 Retry Interval 2 sec Reo...

Page 116: ...0 1 InLoop0 10 1 1 0 24 Direct 0 0 10 1 1 1 GE3 1 1 10 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 20 1 1 0 24 O_ASE 150 1 10 1 1 2 GE3 1 1 30 1 1 0 24 Static 1 0 7 1 1 1 Tun1 127 0 0 0 8 Direct 0 0 127 0 0...

Page 117: ...gabitEthernet 3 1 1 RouterB GigabitEthernet3 1 1 mpls RouterB GigabitEthernet3 1 1 mpls te RouterB GigabitEthernet3 1 1 mpls rsvp te RouterB GigabitEthernet3 1 1 mpls rsvp te hello RouterB GigabitEthe...

Page 118: ...eighbor s GR status is Ready RouterA display mpls rsvp te peer Interface GigabitEthernet3 1 1 Neighbor Addr 10 1 1 2 SrcInstance 880 NbrSrcInstance 5017 PSB Count 0 RSB Count 1 Hello Type Sent REQ Nei...

Page 119: ...B mpls quit RouterB interface GigabitEthernet 3 1 1 RouterB GigabitEthernet3 1 1 mpls RouterB GigabitEthernet3 1 1 mpls te RouterB GigabitEthernet3 1 1 mpls rsvp te RouterB GigabitEthernet3 1 1 mpls r...

Page 120: ...n Display the detailed information of the BFD session between Router A and Router B RouterA display bfd session verbose Total Session Num 1 Init Mode Active Session Working Under Ctrl Mode Local Discr...

Page 121: ...fter configuration you can perform the display ip routing table command on each router You can see that all nodes learnt the host routes of other nodes with LSR IDs as destinations 3 Configure MPLS TE...

Page 122: ...erC GigabitEthernet3 1 2 mpls te RouterC GigabitEthernet3 1 2 quit Configure Router D RouterD mpls lsr id 4 4 4 9 RouterD mpls RouterD mpls mpls te RouterD mpls mpls te cspf RouterD mpls quit RouterD...

Page 123: ...mpls te max link bandwidth 10000 RouterB GigabitEthernet3 1 2 mpls te max reservable bandwidth 5000 RouterB GigabitEthernet3 1 2 quit Configure maximum link bandwidth and maximum reservable bandwidth...

Page 124: ...nterface GigabitEthernet 3 1 1 RouterC GigabitEthernet3 1 1 mpls ldp RouterC GigabitEthernet3 1 1 quit RouterC interface GigabitEthernet 3 1 2 RouterC GigabitEthernet3 1 2 mpls ldp RouterC GigabitEthe...

Page 125: ...gent queuing Size Length Discards 0 100 0 Output queue Protocol queuing Size Length Discards 0 500 0 Output queue FIFO queuing Size Length Discards 0 75 0 Last 300 seconds input 0 bytes sec 0 packets...

Page 126: ...Primary Tunnel Backup Tunnel Group Status Oam Status Perform the display ospf mpls te command on Router A to view LSAs of OSPF TE RouterA display ospf mpls te area 0 self originated OSPF Process 100 w...

Page 127: ...erved BW 10 0 bytes sec Unreserved BW 11 0 bytes sec Unreserved BW 12 0 bytes sec Unreserved BW 13 0 bytes sec Unreserved BW 14 0 bytes sec Unreserved BW 15 0 bytes sec Bandwidth Constraints BC 0 6250...

Page 128: ...1 24 POS 2 1 2 40 1 1 2 24 Configuration procedure 1 Assign IP addresses and masks to interfaces see Figure 30 Details not shown 2 Configure the IGP protocol Enable IS IS to advertise host routes with...

Page 129: ...id 10 Enable hot LSP backup RouterA Tunnel4 mpls te backup hot standby RouterA Tunnel4 mpls te commit RouterA Tunnel4 quit Perform the display interface tunnel command on Router A You can find that T...

Page 130: ...4 4 4 9 Hop 3 40 1 1 1 Hop 4 40 1 1 2 Hop 5 3 3 3 9 Perform the tracert command to draw the picture of the path that a packet must travel to reach the tunnel destination RouterA tracert a 1 1 1 9 3 3...

Page 131: ...Tunnel4 as the outgoing interface FRR configuration example Network requirements On a primary LSP Router A Router B Router C Router D use FRR to protect the link Router B Router C Do the following Cr...

Page 132: ...SIS 15 20 2 1 1 2 GE3 1 1 3 2 1 0 24 ISIS 15 20 2 1 1 2 GE3 1 1 3 3 1 0 24 ISIS 15 30 2 1 1 2 GE3 1 1 3 3 3 3 32 ISIS 15 20 2 1 1 2 GE3 1 1 4 1 1 0 24 ISIS 15 30 2 1 1 2 GE3 1 1 4 4 4 4 32 ISIS 15 30...

Page 133: ...for the primary LSP RouterA explicit path pri path RouterA explicit path pri path next hop 2 1 1 2 RouterA explicit path pri path next hop 3 1 1 2 RouterA explicit path pri path next hop 4 1 1 2 Rout...

Page 134: ...interface Tunnel Name Tunnel4 Tunnel Desc Tunnel4 Interface Tunnel State Desc CR LSP is Up Tunnel Attributes LSP ID 1 1 1 1 1 Session ID 10 Admin State UP Oper State UP Ingress LSR ID 1 1 1 1 Egress L...

Page 135: ...Tunnel5 mpls te backup bandwidth 10000 RouterB Tunnel5 mpls te commit RouterB Tunnel5 quit Bind the bypass tunnel with the protected interface RouterB interface GigabitEthernet 3 1 2 RouterB GigabitEt...

Page 136: ...2 2 1 3 3 3 3 POS2 1 1 Tunnel5 RouterC display mpls te tunnel LSP Id Destination In Out If Name 1 1 1 1 1 4 4 4 4 GE3 1 2 GE3 1 1 Tunnel4 2 2 2 2 1 3 3 3 3 POS2 1 1 Tunnel5 RouterD display mpls te tun...

Page 137: ...rB IFNET 5 UPDOWN Line protocol on the interface GigabitEthernet3 1 2 turns into DOWN state Perform the display interface tunnel 4 command on Router A to identify the state of the primary LSP You can...

Page 138: ...el Name Tunnel4 Tunnel Desc Tunnel4 Interface Tunnel State Desc Modifying CR LSP is setting up Tunnel Attributes LSP ID 1 1 1 1 1025 Session ID 10 Admin State Oper State Modified Ingress LSR ID 1 1 1...

Page 139: ...P after a new LSP is created Perform the display mpls lsp verbose command on Router B You can find that the bypass tunnel is in use RouterB display mpls lsp verbose LSP Information RSVP LSP No 1 Ingre...

Page 140: ...that Tunnel5 is still bound with interface GigabitEthernet 3 1 2 and is unused 7 Create a static route for routing MPLS TE tunnel traffic RouterA ip route static 4 1 1 2 24 tunnel 4 preference 1 Perf...

Page 141: ...evel 2 RouterA GigabitEthernet3 1 1 quit RouterA interface loopback 0 RouterA LoopBack0 isis enable 1 RouterA LoopBack0 isis circuit level level 2 RouterA LoopBack0 quit Configurations on Router B Rou...

Page 142: ...sis circuit level level 2 RouterD LoopBack0 quit Execute the display ip routing table command on each router You see that each router has learnt the routes to the LSR IDs of the other routers Take Rou...

Page 143: ...rsvp te RouterB GigabitEthernet3 1 1 quit RouterB interface POS 2 1 1 RouterB POS2 1 1 mpls RouterB POS2 1 1 mpls te RouterB POS2 1 1 mpls rsvp te RouterB POS2 1 1 quit Configure Router C RouterC mpl...

Page 144: ...t style wide RouterD isis 1 traffic eng level 2 RouterD isis 1 quit 5 Configure MPLS TE attributes of links Configure the maximum bandwidth and bandwidth constraints on Router A RouterA interface Giga...

Page 145: ...uterA Tunnel1 ip address 7 1 1 1 255 255 255 0 RouterA Tunnel1 tunnel protocol mpls te RouterA Tunnel1 destination 4 4 4 9 RouterA Tunnel1 mpls te tunnel id 10 RouterA Tunnel1 mpls te signal protocol...

Page 146: ...None Metric Type None Record Route Disabled Record Label Disabled FRR Flag Disabled BackUpBW Flag Not Supported BackUpBW Type BackUpBW Route Pinning Disabled Retry Limit 10 Retry Interval 10 sec Reopt...

Page 147: ...ETF Mode MAM kbps 0 0 10000 0 1 0 8000 0 2 0 5000 0 3 0 2000 0 TE CLASS CLASS TYPE PRIORITY BW RESERVED kbps BW AVAILABLE kbps 0 0 7 0 6000 1 1 7 0 4000 2 2 7 0 1000 3 3 7 0 1000 4 0 0 0 6000 5 1 0 0...

Page 148: ...ails not shown 2 Configure the IGP protocol Enable OSPF on each router to advertise subnets to which interfaces belong and the host routes with LSR IDs as destinations Details not shown 3 Configure MP...

Page 149: ...outerC system view RouterC mpls lsr id 3 3 3 3 RouterC mpls RouterC mpls mpls te RouterC mpls mpls rsvp te RouterC mpls mpls te cspf RouterC mpls quit RouterC interface GigabitEthernet 2 1 1 RouterC G...

Page 150: ...eue Protocol queuing Size Length Discards 0 500 0 Output queue FIFO queuing Size Length Discards 0 75 0 Last 300 seconds input 0 bytes sec 0 packets sec Last 300 seconds output 8 bytes sec 0 packets s...

Page 151: ...quit RouterC interface GigabitEthernet 3 1 1 RouterC GigabitEthernet3 1 1 mpls RouterC GigabitEthernet3 1 1 mpls ldp RouterC GigabitEthernet3 1 1 quit RouterC mpls ldp remote peer b RouterC mpls ldp...

Page 152: ...2 4 1 1 1 3 3 3 3 Execute the display mpls ldp lsp command on Router B You can see that Router C sent label mapping messages to Router B and established an LDP LSP RouterB display mpls ldp lsp LDP LS...

Page 153: ...unnel ID 0x11000c LsrType Ingress Bypass In Use Not Exists BypassTunnel Tunnel Index LSP Information LDP LSP No 2 VrfIndex Fec 3 3 3 3 32 Nexthop 10 1 1 1 In Label NULL Out Label 3 In Interface Out In...

Page 154: ...eling policy to use a CR LSP as the VPN tunnel when creating the VPN Figure 34 Network diagram Configuration procedure 1 Configure OSPF ensuring that PE 1 and PE 2 can learn routes from each other Con...

Page 155: ...Process 1 with Router ID 2 2 2 2 Neighbors Area 0 0 0 0 interface 10 0 0 1 POS2 1 2 s neighbors Router ID 3 3 3 3 Address 10 0 0 2 GR State Normal State Full Mode Nbr is Master Priority 1 DR None BDR...

Page 156: ...p session LDP Session s in Public Network Peer ID Status LAM SsnRole FT MD5 KA Sent Rcv 3 3 3 3 0 Operational DU Passive Off Off 2 2 LAM Label Advertisement Mode FT Fault Tolerance 3 Enable MPLS TE CS...

Page 157: ...2 255 255 255 0 CE1 GigabitEthernet3 1 1 quit Configure the VPN instance on PE 1 and use CR LSP for VPN setup Bind the VPN instance with the interface connected to CE 1 PE1 ip vpn instance vpn1 PE1 vp...

Page 158: ...k Reply from 192 168 1 2 bytes 56 Sequence 1 ttl 255 time 47 ms Reply from 192 168 1 2 bytes 56 Sequence 2 ttl 255 time 26 ms Reply from 192 168 1 2 bytes 56 Sequence 3 ttl 255 time 26 ms Reply from 1...

Page 159: ...umber 100 Total number of peers 1 Peers in established state 1 Peer V AS MsgRcvd MsgSent OutQ Up Down State PrefRcv 3 3 3 3 4 100 3 3 0 00 00 11 Established 0 PE1 bgp display bgp vpn instance vpn1 pee...

Page 160: ...Verify the configuration Perform the display mpls lsp verbose command on PE 1 You can find an LSP with LspIndex 2050 This is the LSP that is the MPLS TE tunnel established using CR LDP PE1 display mp...

Page 161: ...tunnel command on PE 1 The output shows that traffic is being forwarded along the CR LSP of the TE tunnel PE1 display interface tunnel 4 Tunnel1 current state UP Line protocol current state UP Descrip...

Page 162: ...mmand the Switch Result field has a value of Protect tunnel and the Work tunnel defect state field has a value of No defect Analysis Possible reasons include The reverting mode is non revertive The re...

Page 163: ...ls te protection tunnel command If its value is Force a switching action with a higher priority than the signal switching is configured If you expect that signaling can trigger switchover when the mai...

Page 164: ...f a VPLS network core domain and provides transparent VPLS transport services between core networks VSI Virtual switch instance that maps actual access links to virtual links PW Pseudo wire that is th...

Page 165: ...ng includes two parts Remote MAC address learning associated with PWs A PW consists of two unidirectional VC LSPs A PW is up only when both of the VC LSPs are up When the inbound VC LSP learns a new M...

Page 166: ...corresponding MAC entries in the FIB table of the VPLS instance and sends the message to other PEs that are directly connected through LDP sessions If the message contains a null MAC address TLV list...

Page 167: ...l This mode is also called the Kompella mode NOTE For more information about the Martini mode and Kompella mode see the chapter Configuring MPLS L2VPN VPLS packet encapsulation Packet encapsulation on...

Page 168: ...and the configuration complexity H VPLS with LSP access Figure 37 H VPLS with LSP access As shown in Figure 37 UPE functions as the convergence device MTU s and establishes only a virtual link U PW wi...

Page 169: ...lag MPLS label for the PW Then it forwards the packet Upon receiving the packet from the PW PE 1 determines to which VSI the packet belongs by the multiplex distinguishing flag MPLS label and based on...

Page 170: ...own BFD detects a primary link failure The LDP session between the peers of the primary PW goes down and the PW is deleted as a result Hub spoke VPLS implementation In hub spoke networking one of the...

Page 171: ...and then forwards the packet back to Hub PE 4 Receiving the packet from the AC Hub PE determines by the VLAN tag the VSI that the packet is for inserts an MPLS label to which the PW corresponds based...

Page 172: ...labels of the packet and then adds the inner and outer labels of PW 3 or PW 2 to the packet Thus PW 1 PW 2 and PW 3 are put end to end and a multi hop PW is formed across the ASs NOTE Only LDP VPLS c...

Page 173: ...pls l2vpn NOTE For more information about the l2vpn command and the mpls l2vpn command see MPLS Command Reference Configuring an LDP VPLS instance Configuration prerequisites Configuring IGP on the PE...

Page 174: ...ep Command Remarks 1 Enter system view system view N A 2 Create a PW class template and enter its view pw class pw class name Optional By default no PW class template is created 3 Configure the PW tra...

Page 175: ...es PEs and P devices to establish LSP tunnels on the backbone network For configuration information see the chapter Configuring basic MPLS Configuring the BGP extension Before configuring BGP VPLS you...

Page 176: ...em view 2 Create a BGP VPLS instance and enter VSI view vsi vsi name auto 3 Specify BGP as the PW signaling protocol and enter VSI BGP view pwsignal bgp 4 Configure an RD for the VPLS instance route d...

Page 177: ...nterface interface type interface number N A 3 Bind the interface with a VPLS instance l2 binding vsi vsi name access mode ethernet vlan hub spoke By default an interface is not bound with any VPLS in...

Page 178: ...TE You can configure up to 4094 service instances on a Layer 2 Ethernet port The xconnect vsi command is only available for service instances with the ID in the range of 1 to 4094 For the access mode...

Page 179: ...VPLS service of the VPLS instance shutdown Optional Enabled by default 9 Specify a tunneling policy for the VPLS instance tnl policy tunnel policy name Optional By default no tunneling policy is spec...

Page 180: ...expression Available in any view Display information about one or all VPLS instances display vsi vsi name verbose begin exclude include regular expression Available in any view Display information ab...

Page 181: ...PE1 GigabitEthernet3 1 1 mpls ldp PE1 GigabitEthernet3 1 1 quit Configure the remote LDP session PE1 mpls ldp remote peer 1 PE1 mpls remote 1 remote ip 2 2 2 9 PE1 mpls remote 1 quit Configure BGP ex...

Page 182: ...asic MPLS Sysname system view Sysname sysname PE2 PE2 interface loopback 0 PE2 LoopBack0 ip address 2 2 2 9 32 PE2 LoopBack0 quit PE2 mpls lsr id 2 2 2 9 PE2 mpls PE1 mpls quit PE2 mpls ldp PE2 mpls l...

Page 183: ...rface GigabitEthernet 3 1 2 and bind VPLS instance aaa or bbb to the interface PE2 interface GigabitEthernet 3 1 2 To bind VPLS instance aaa to interface GigabitEthernet 3 1 2 PE2 GigabitEthernet3 1 2...

Page 184: ...hernet3 1 1 quit Configure the remote LDP session UPE mpls ldp remote peer 1 UPE mpls remote 1 remote ip 2 2 2 9 UPE mpls remote 1 quit Enable L2VPN and MPLS L2VPN UPE l2vpn UPE l2vpn mpls l2vpn UPE l...

Page 185: ...e remote LDP session with UPE NPE1 mpls ldp remote peer 2 NPE1 mpls remote 2 remote ip 1 1 1 9 NPE1 mpls remote 2 quit Configure the remote LDP session with NPE 3 NPE1 mpls ldp remote peer 3 NPE1 mpls...

Page 186: ...ignaling NPE3 vsi aaa static NPE3 vsi aaa pwsignal ldp NPE3 vsi aaa ldp vsi id 500 NPE3 vsi aaa ldp peer 2 2 2 9 NPE3 vsi aaa ldp quit NPE3 vsi aaa quit Configure interface GigabitEthernet 3 1 2 and b...

Page 187: ...PE1 mpls quit Spoke PE1 mpls ldp Spoke PE1 mpls ldp quit Configure basic MPLS on the interface connected to Hub PE Spoke PE1 interface GigabitEthernet 3 1 1 Spoke PE1 GigabitEthernet3 1 1 ip address 1...

Page 188: ...LoopBack0 quit Spoke PE2 mpls lsr id 2 2 2 9 Spoke PE2 mpls Spoke PE2 mpls quit Spoke PE2 mpls ldp Spoke PE2 mpls ldp quit Configure basic MPLS on the interface connected to Hub PE Spoke PE2 interfac...

Page 189: ...mpls Hub PE GigabitEthernet3 1 1 mpls ldp Hub PE GigabitEthernet3 1 1 quit Configure basic MPLS on the interface connected to Spoke PE 2 Hub PE interface GigabitEthernet 3 1 2 Hub PE GigabitEthernet3...

Page 190: ...nection U PW with NPE 1 and NPE 2 with the NPE 2 link as the backup NPE 1 and NPE 2 each establish a PW connection N PW with NPE 3 CE 3 is connected to the network through NPE 3 UPE is connected to NP...

Page 191: ...e LDP session with NPE 2 UPE mpls ldp remote peer 2 UPE mpls remote 1 remote ip 3 3 3 3 UPE mpls remote 1 quit Enable L2VPN and MPLS L2VPN UPE l2vpn UPE l2vpn mpls l2vpn UPE l2vpn quit Configure the V...

Page 192: ...NPE1 GigabitEthernet3 1 2 mpls ldp NPE1 GigabitEthernet3 1 2 quit Configure an IP address for the interface connected to NPE 3 and then enable MPLS and MPLS LDP NPE1 interface GigabitEthernet 3 1 5 N...

Page 193: ...GigabitEthernet3 1 5 mpls ldp NPE3 GigabitEthernet3 1 5 quit Configure an IP address for the interface connected to NPE 2 and then enable MPLS and MPLS LDP NPE3 interface GigabitEthernet 3 1 6 NPE3 G...

Page 194: ...has been established Implementing multi AS VPN through multi hop PW Network requirements Each CE is connected to a PE through an Ethernet Create a VPLS instance that supports P2P on ASBR 1 and ASBR 2...

Page 195: ...ew Sysname sysname ASBR1 ASBR1 interface loopback 0 ASBR1 LoopBack0 ip address 2 2 2 2 32 ASBR1 LoopBack0 quit ASBR1 mpls lsr id 2 2 2 2 ASBR1 mpls ASBR1 mpls quit ASBR1 mpls ldp ASBR1 mpls ldp quit C...

Page 196: ...labeled unicast routes ASBR1 bgp 100 ASBR1 bgp import route direct ASBR1 bgp peer 11 1 1 3 as number 200 ASBR1 bgp peer 11 1 1 3 route policy map export ASBR1 bgp peer 11 1 1 3 label route capability...

Page 197: ...pn mpls l2vpn ASBR2 l2vpn quit Configure a P2P capable VPLS instance aaa that uses LDP signaling ASBR2 vsi aaa static p2p ASBR2 vsi aaa pwsignal ldp ASBR2 vsi aaa ldp vsi id 500 ASBR2 vsi aaa ldp peer...

Page 198: ...play vpls connection command on each device You will see that a PW in up state has been established between the devices Troubleshooting VPLS Symptom The VPLS link PW is not up Analysis The public netw...

Page 199: ...188 Check whether the VPLS instances on the two peers are configured with the same MTU value...

Page 200: ...nections over the network Consider ATM as an example Each customer edge CE device can connect to the MPLS network through an ATM virtual circuit VC to communicate with another CE This is similar to th...

Page 201: ...other Inner label also called VC label is used to identify different connections between VPNs Upon receiving packets a PE determines to which CE the packets are to be forwarded according to the VC lab...

Page 202: ...d resembles the Martini method closely and is in fact a static implementation of the Martini method The difference is that it does not use LDP to transfer Layer 2 VC and link information You only need...

Page 203: ...nfiguration workload in the case of expansion Imagine that an enterprise VPN contains 10 CEs and the number may increase to 20 in future service expansion In this case you can set the CE range of each...

Page 204: ...N mpls l2vpn Disabled by default Configuring CCC MPLS L2VPN Configuration prerequisites Before configuring CCC L2VPN complete the following tasks Configure basic MPLS on the PEs and P routers Enable M...

Page 205: ...each remote CCC connection Instead you only need to configure the incoming and outgoing labels where the incoming label must be exclusively for the CCC connection The labels function as static LSPs On...

Page 206: ...VPLS instance Configuring SVC MPLS L2VPN SVC MPLS L2VPN does not use any signaling protocol to transfer L2VPN information Instead it uses tunnels to transport data between PEs SVC supports these tunn...

Page 207: ...t a VLAN interface see Creating a Martini MPLS L2VPN connection on a Layer 3 Ethernet interface sub interface Configuring it in a service instance see Creating a Martini MPLS L2VPN for a service insta...

Page 208: ...as two main parameters IP address of the peer PE and VC ID Do not configure both MPLS and Martini MPLS L2VPN on a Layer 3 Ethernet interface sub interface Otherwise neither MPLS nor MPLS L2VPN service...

Page 209: ...ports To solve the problem you can create a Martini MPLS L2VPN connection in a service instance More specifically 1 Create a service instance on a Layer 2 Ethernet port 2 Specify a packet matching VL...

Page 210: ...ice instance and enter service instance view service instance instance id By default no service instance is created 13 Specify a packet matching VLAN ID for the service instance encapsulation s vid vl...

Page 211: ...guring BGP L2VPN capability To configure BGP L2VPN capability Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Establish the peer relationship with the pee...

Page 212: ...To facilitate the configuration encode the CE IDs in continuous natural numbers starting from 1 The CE range of a VPN indicates the maximum number of CEs that can be connected to the VPN You can conf...

Page 213: ...LS instance Enabling the MPLS L2VPN mix function If you configure MPLS L2VPN services including VLL and VPLS on both the SPC card and the SPE card of a router you need to enable the MPLS L2VPN mix fun...

Page 214: ...ailable in any view Display information about L2VPN in the BGP routing table display bgp l2vpn all group group name peer ip address verbose route distinguisher rd ce id ce id label offset label offset...

Page 215: ...he PE through GigabitEthernet interfaces Create a local CCC connection between CE 1 and CE 2 NOTE Because a local CCC connection is bidirectional one is enough The PE interfaces connecting the CEs req...

Page 216: ...ip address 100 1 1 2 24 4 Verify your configuration Display CCC connection information on the PE The output shows that a local CCC connection has been established PE display ccc Total ccc vc 1 Local...

Page 217: ...packets to be transferred in both directions Figure 50 Network diagram Device Interface IP address Device Interface IP address CE 1 GE4 1 1 100 1 1 1 24 P Loop0 10 0 0 2 32 PE 1 Loop0 10 0 0 1 32 GE4...

Page 218: ...obally Sysname system view Sysname sysname P P interface loopback 0 P LoopBack0 ip address 10 0 0 2 32 P LoopBack0 quit P mpls lsr id 10 0 0 2 P mpls P mpls quit Configure interface GigabitEthernet 4...

Page 219: ...ting the P router as the outgoing interface setting the incoming label to 201 and the outgoing label to 101 PE2 ccc ce2 ce1 interface GigabitEthernet 4 1 2 in label 201 out label 101 nexthop 10 2 2 2...

Page 220: ...dress Device Interface IP address CE 1 GE4 1 1 100 1 1 1 24 P Loop0 192 4 4 4 32 PE 1 Loop0 192 2 2 2 32 GE4 1 1 10 2 2 2 24 GE4 1 2 10 1 1 1 24 GE4 1 2 10 1 1 2 24 CE 2 GE4 1 1 100 1 1 2 24 PE 2 Loop...

Page 221: ...PE1 GigabitEthernet4 1 2 ip address 10 1 1 1 24 PE1 GigabitEthernet4 1 2 mpls PE1 GigabitEthernet4 1 2 mpls ldp PE1 GigabitEthernet4 1 2 quit Configure OSPF on PE 1 for establishing LSPs PE1 ospf PE1...

Page 222: ...net4 1 1 mpls P GigabitEthernet4 1 1 mpls ldp P GigabitEthernet4 1 1 quit Configure OSPF on the P router for establishing LSPs P ospf P ospf 1 area 0 P ospf 1 area 0 0 0 0 network 10 1 1 2 0 0 0 255 P...

Page 223: ...1 1 CE2 GigabitEthernet4 1 1 ip address 100 1 1 2 24 6 Verify your configuration Display SVC L2VPN connection information on PE 1 or PE 2 The output shows that an L2VPN connection has been establishe...

Page 224: ...32 PE 1 Loop0 192 2 2 2 32 GE4 1 1 10 1 1 2 24 GE4 1 2 10 1 1 1 24 GE4 1 2 10 2 2 2 24 CE 2 GE4 1 1 100 1 1 2 24 PE 2 Loop0 192 3 3 3 32 GE4 1 2 10 2 2 1 24 Configuration procedure 1 Configure CE 1 Sy...

Page 225: ...ospf PE1 ospf 1 area 0 PE1 ospf 1 area 0 0 0 0 network 10 1 1 1 0 0 0 255 PE1 ospf 1 area 0 0 0 0 network 192 2 2 2 0 0 0 0 PE1 ospf 1 area 0 0 0 0 quit PE1 ospf 1 quit On the interface connecting CE...

Page 226: ...Configure the LSR ID and enable MPLS globally Sysname system view Sysname sysname PE2 PE2 interface loopback 0 PE2 LoopBack0 ip address 192 3 3 3 32 PE2 LoopBack0 quit PE2 mpls lsr id 192 3 3 3 PE2 mp...

Page 227: ...e output shows that an L2VPN connection is established PE1 display mpls l2vc Total ldp vc 1 1 up 0 down 0 blocked Transport Client VC Local Remote VC ID Intf State VC Label VC Label 101 GE4 1 1 up 102...

Page 228: ...bone This example uses OSPF Details not shown After configuration issuing the display ip routing table command on each LSR you should see that it has learned the routes to the LSR IDs of the other LSR...

Page 229: ...isplay bgp l2vpn peer BGP local router ID 1 1 1 9 Local AS number 100 Total number of peers 1 Peers in established state 1 Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up Down State 3 3 3 9 4 100 2 5 0 0 00...

Page 230: ...1 1 2 PING 30 1 1 2 56 data bytes press CTRL_C to break Reply from 30 1 1 2 bytes 56 Sequence 1 ttl 255 time 90 ms Reply from 30 1 1 2 bytes 56 Sequence 2 ttl 255 time 77 ms Reply from 30 1 1 2 bytes...

Page 231: ...nnections connections 2 up 0 down 2 local 0 remote 0 unknown VPN name vpn1 2 total connections connections 2 up 0 down 2 local 0 remote 0 unknown CE name ce1 id 1 Rid type status peer id route disting...

Page 232: ...te VC label is invalid Analysis The reason the VC is down may be that the PEs are configured with different encapsulation types Solution Check whether the local PE and the peer PE are configured with...

Page 233: ...tomer edge CE device A CE resides on a customer network and has one or more interfaces directly connected to service provider networks It can be a router a switch or a host It can neither sense the pr...

Page 234: ...ame provider network can be classified into different sets by policies Only the sites in the same set can access each other through the provider network Such a set is called a VPN Address space overla...

Page 235: ...he Type field When the value of the Type field is 0 the Administrator subfield occupies two bytes the Assigned number subfield occupies four bytes and the RD format is 16 bit AS number 32 bit user def...

Page 236: ...ommunities in the import target attribute An export routing policy can reject the routes selected by the communities in the export target attribute After a VPN instance is created you can configure an...

Page 237: ...rds the packet out the interface to CE 2 5 CE 2 transmits the packet to the destination by IP forwarding MPLS L3VPN networking schemes In MPLS L3VPNs VPN target attributes are used to control the adve...

Page 238: ...ing scheme can be used to implement the monitoring and filtering of user communications This networking scheme requires two VPN targets one for the hub and the other for the spoke The VPN target setti...

Page 239: ...ith each other through the hub site The import target attribute of any spoke PE is distinct from the export VPN targets of the other spoke PEs Therefore any two spoke PEs can neither directly advertis...

Page 240: ...In basic MPLS L3VPN networking the advertisement of VPN routing information involves CEs and PEs A P router maintains only the routes of the backbone and does not need to know any VPN routing informat...

Page 241: ...and IBGP routes The exchange of routing information between the egress PE and the remote CE is the same as that between the local CE and the ingress PE Inter AS VPN In some networking scenarios multi...

Page 242: ...Inter AS option B In this kind of solution two ASBRs use MP EBGP to exchange labeled VPN IPv4 routes that they have obtained from the PEs in their respective ASs As shown in Figure 62 the routes are a...

Page 243: ...nter AS VPNs However they require that the ASBRs maintain and advertise VPN IPv4 routes When every AS needs to exchange a great amount of VPN routes the ASBRs may become bottlenecks hindering network...

Page 244: ...is possible that a customer of the MPLS L3VPN service provider is also a service provider In this case the MPLS L3VPN service provider is called the provider carrier or the Level 1 carrier while the...

Page 245: ...l the routes exchanged between them In either case you need to enable MPLS on the CE of the Level 1 carrier Moreover the CE holds the VPN routes of the Level 2 carrier but it does not advertise the ro...

Page 246: ...easy to deploy but it increases the network operation cost and brings issues on management and security because The number of VPNs that PEs must support will increase sharply Any modification of an i...

Page 247: ...er 4 After another provider PE receives the VPNv4 routes it matches the VPNv4 routes based on its local VPNs Each local VPN accepts routes of its own and advertises them to its connected sub VPN CEs s...

Page 248: ...zing the addresses of each VPN to improve the forwarding efficiency HoVPN Why HoVPN In MPLS L3VPN solutions PEs are the key devices They provide the following functions User access This means that the...

Page 249: ...tain the routes of the remote sites in the VPN or only maintains their summary routes A UPE assigns inner labels to the routes of its directly connected sites and advertises the labels to the SPE alon...

Page 250: ...n SPE A HoPE can act as an SPE to form a new HoPE with multiple UPEs HoVPN supports multi level recursion With recursion of HoPEs a VPN can be extended infinitely in theory Figure 69 Recursion of HoPE...

Page 251: ...VPN site contains an OSPF area 0 the connected PE must be connected to the backbone area of the VPN site through area 0 You can configure a logical connection by using a virtual link BGP OSPF interact...

Page 252: ...es learned from MPLS BGP to the VPN site through LSAs the LSAs may be received by another PE resulting in a routing loop To avoid routing loops when creating Type 3 LSAs the PE always sets the flag bi...

Page 253: ...ny area You need to configure it manually In addition the local VPN instance must have a route to the destination of the sham link NOTE When configuring an OSPF sham link redistribute OSPF VPN routes...

Page 254: ...onal MPLS L3VPN architecture requires that each VPN instance exclusively use a CE to connect with a PE as shown in Figure 55 For better services and higher security a private network is usually divide...

Page 255: ...packet through the corresponding tunnel You can configure static routes RIP OSPF IS IS EBGP or IBGP between MCE and VPN site and between MCE and PE NOTE To implement dynamic IP assignment for DHCP cli...

Page 256: ...PLS L3VPN complete the following tasks Configure an IGP for the MPLS backbone on the PEs and Ps to achieve IP connectivity Configure basic MPLS for the MPLS backbone Configure MPLS LDP for the MPLS ba...

Page 257: ...default NOTE The ip binding vpn instance command clears the IP address of the interface on which it is configured Be sure to re configure an IP address for the interface after configuring the command...

Page 258: ...PN instance to support preventing too many routes from being redistributed into the PE Create a routing policy before associating it with a VPN instance Otherwise the router cannot filter the routes t...

Page 259: ...e the LDP capability for an existing VPN instance create an LDP instance for the VPN instance and configure LDP parameters for the LDP instance To configure an LDP instance Step Command Remarks 1 Ente...

Page 260: ...address vpn instance d vpn instance name gateway address preference preference value tag tag value description description text Use either command Perform this configuration on PEs On CEs configure no...

Page 261: ...s ext community type domain id type code1 router id type code2 route type type code3 Optional The defaults are as follows 0x0005 for Domain ID 0x0107 for Router ID and 0x0306 for Route Type Perform th...

Page 262: ...3 Configure a network entity title for the IS IS process network entity net Not configured by default 4 Return to system view quit N A 5 Enter interface view interface interface type interface number...

Page 263: ...receives from the CE also include the number of the AS where the PE resides This causes the PE unable to receive the route updates In this case routing loops must be allowed 2 Configurations on a CE...

Page 264: ...igure BGP to filter routes to be advertised filter policy acl number ip prefix ip prefix name export direct isis process id ospf process id rip process id static Optional By default BGP does not filte...

Page 265: ...Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Configure the remote PE as the peer peer group name ip address as number as number N A 4 Specify the source int...

Page 266: ...g information is exchanged between BGP peers 8 Add a peer into an existing peer group peer ip address group group name Optional 9 Configure the system to use the local address as the next hop of a rou...

Page 267: ...dress family view ipv4 family vpnv4 N A 6 Set the default value of the local preference default local preference value Optional 100 by default 7 Set the default value for the system MED default med me...

Page 268: ...eference value for the routes received from the peer peer group peer group name ip address preferred value value Optional 0 by default 17 Make BGP updates to be sent carry no private AS numbers peer g...

Page 269: ...VPN the VPN targets configured on the PEs must match those configured on the ASBR PEs in the same AS to make sure that VPN routes sent by the PEs or ASBR PEs can be received by the ASBR PEs or PEs VPN...

Page 270: ...the peer ip address group name next hop local command For information about the command see Layer 3 IP Routing Configuration Guide Configuring inter AS option C Configuring the PEs You need to establ...

Page 271: ...ber N A 3 Configure each PE in the same AS as the IBGP peer peer group name ip address as number as number N A 4 Enable the ASBR PE to exchange labeled IPv4 routes with the PEs in the same AS peer gro...

Page 272: ...ng Configuration Guide Configuring nested VPN For a network with many VPNs if you want to implement layered management of VPNs and to conceal the deployment of internal VPNs nested VPN is a good solut...

Page 273: ...nce view Nested VPN does not support multi hop EBGP networking A service provider PE and its peer must use the addresses of the directly connected interfaces to establish neighbor relationship Nested...

Page 274: ...a PE specifying the egress of another private network or public network as the egress of the static route Thus packets from the multi role host for accessing a certain VPN can return based on the rou...

Page 275: ...ct an SPE to a CE directly If an SPE must be directly connected to a CE the VPN instance on the SPE and that on the UPE must be configured with different RDs Configuring an OSPF sham link The sham lin...

Page 276: ...alue route policy route policy name 5 Redistribute OSPF VPN routes import route ospf process id all processes allow direct med med value route policy route policy name Creating a sham link To create a...

Page 277: ...PN site routing configuration MCE PE routing configuration On the PE in an MCE network environment disable routing loop detection to avoid route loss during route calculation and disable route redistr...

Page 278: ...figuring RIP to VPN bindings on a CE you allow routes of different VPNs to be exchanged between the CE and the sites through different RIP processes ensuring the separation and security of VPN routes...

Page 279: ...F on the interface attached to the specified network in the area network ip address wildcard mask By default an interface neither belongs to any area nor runs OSPF NOTE An OSPF process that is bound w...

Page 280: ...rface interface type interface number N A 7 Enable the IS IS process on the interface isis enable process id Disabled by default NOTE For more information about IS IS see Layer 3 IP Routing Configurat...

Page 281: ...nal OSPF attribute cannot be restored making the route unable to be distinguished from routes redistributed from other domains To distinguish routes of different OSPF domains you need to enable a rout...

Page 282: ...d static Optional By default BGP does not filter the routes to be advertised 8 Configure a filtering policy to filter received routes filter policy acl number ip prefix ip prefix name import Optional...

Page 283: ...ress mask mask length gateway address public interface type interface number gateway address vpn instance d vpn instance name gateway address preference preference value tag tag value description desc...

Page 284: ...umber ip prefix ip prefix name export protocol process id Optional By default redistributed routes are not filtered 7 Configure the default parameters for redistributed routes cost route number tag an...

Page 285: ...N A 8 Enable the IS IS process on the interface isis enable process id Disabled by default NOTE For more information about IS IS see Layer 3 IP Routing Configuration Guide Configuring EBGP between MC...

Page 286: ...to be advertised 7 Configure a filtering policy to filter the received routes filter policy acl number ip prefix ip prefix name import Optional By default BGP does not filter the received routes Spec...

Page 287: ...emarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Enter BGP VPN instance view ipv4 family vpn instance vpn instance name N A 4 Enable the BGP AS number substitution funct...

Page 288: ...vpn instance vpn instance name acl acl number ip prefix ip prefix name begin exclude include regular expression Available in any view Display information about the FIB of a VPN instance that matches t...

Page 289: ...ance vpn instance name peer ip address received ip prefix begin exclude include regular expression Available in any view Display all BGP VPNv4 routing information display bgp vpnv4 all routing table n...

Page 290: ...dampened dampening parameter different origin as flap info network address mask mask length longer match as path acl as path acl number peer ip address advertised routes received routes statistic beg...

Page 291: ...E 2 and CE 4 belong to VPN 2 VPN 1 uses VPN target attributes 1 1 1 1 while VPN 2 uses VPN target attributes 222 2 Users of different VPNs cannot access each other EBGP is used to exchange VPN routing...

Page 292: ...0 0 0 network 172 1 1 0 0 0 0 255 PE1 ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 PE1 ospf 1 area 0 0 0 0 quit PE1 ospf 1 quit Configure the P device P system view P interface loopback 0 P LoopBack0 i...

Page 293: ...ect 0 0 127 0 0 1 InLoop0 2 2 2 9 32 OSPF 10 1 172 1 1 2 POS2 1 1 3 3 3 9 32 OSPF 10 2 172 1 1 2 POS2 1 1 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 172 1 1 0 2...

Page 294: ...ished between PE 1 P and PE 2 Issue the display mpls ldp session command The output shows that the session status is Operational Issue the display mpls ldp lsp command The output shows that the LSPs e...

Page 295: ...vpn instance vpn1 quit PE2 ip vpn instance vpn2 PE2 vpn instance vpn2 route distinguisher 200 2 PE2 vpn instance vpn2 vpn target 222 2 PE2 vpn instance vpn2 quit PE2 interface GigabitEthernet 4 1 1 PE...

Page 296: ...are similar to those for CE 1 Details not shown Configure PE 1 PE1 bgp 100 PE1 bgp ipv4 family vpn instance vpn1 PE1 bgp vpn1 peer 10 1 1 1 as number 65410 PE1 bgp vpn1 import route direct PE1 bgp vpn...

Page 297: ...100 Total number of peers 1 Peers in established state 1 Peer AS MsgRcvd MsgSent OutQ PrefRcv Up Down State 3 3 3 9 100 2 6 0 0 00 00 12 Established 6 Verify your configurations Issue the display ip r...

Page 298: ...s transmitted 5 packet s received 0 00 packet loss round trip min avg max 34 48 72 ms CE1 ping 10 4 1 1 PING 10 4 1 1 56 data bytes press CTRL_C to break Request time out Request time out Request tim...

Page 299: ...Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone Configure PE 1 PE1 system view PE1 interface loopback 0 PE1 LoopBack0 ip address 1 1 1 9 32 PE1 LoopBack0 quit PE1...

Page 300: ...3 3 3 9 0 0 0 0 PE2 ospf 1 area 0 0 0 0 quit PE2 ospf 1 quit After you complete the configurations P establishes an OSPF adjacency with PE 1 and PE 2 respectively Issue the display ospf peer command T...

Page 301: ...PE1 POS5 1 1 quit Configure the P router P mpls lsr id 2 2 2 9 P mpls P mpls quit P mpls ldp P mpls ldp quit P interface pos 5 1 1 P POS5 1 1 mpls P POS5 1 1 mpls ldp P POS5 1 1 quit P interface pos...

Page 302: ...rget 111 1 PE1 vpn instance vpn1 quit PE1 ip vpn instance vpn2 PE1 vpn instance vpn2 route distinguisher 100 2 PE1 vpn instance vpn2 vpn target 222 2 PE1 vpn instance vpn2 quit PE1 interface GigabitEt...

Page 303: ...56 Sequence 2 ttl 255 time 4 ms Reply from 10 1 1 1 bytes 56 Sequence 3 ttl 255 time 4 ms Reply from 10 1 1 1 bytes 56 Sequence 4 ttl 255 time 52 ms Reply from 10 1 1 1 bytes 56 Sequence 5 ttl 255 ti...

Page 304: ...eers 1 Peers in established state 1 Peer AS MsgRcvd MsgSent OutQ PrefRcv Up Down State 10 1 1 1 100 26 21 0 2 00 11 08 Established 5 Configure an MP IBGP peer relationship between PEs On PE 1 configur...

Page 305: ...e the display ip routing table vpn instance command on the PEs The output shows the routes to the peer CEs Take PE 1 as an example PE1 display ip routing table vpn instance vpn1 Routing Tables vpn1 De...

Page 306: ...g statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 34 48 72 ms CE1 ping 7 7 7 9 PING 7 7 7 9 56 data bytes press CTRL_C to break Request time out Request t...

Page 307: ...backbone After you complete the configurations OSPF adjacencies are established between PE 1 P and PE 2 Issue the display ospf peer command The output shows that the adjacency status is Full Issue th...

Page 308: ...n instance vpn1 PE2 GigabitEthernet3 1 1 ip address 10 2 1 2 24 PE2 GigabitEthernet3 1 1 quit Configure CE 1 CE1 system view CE1 interface GigabitEthernet 3 1 1 CE1 GigabitEthernet3 1 1 ip address 10...

Page 309: ...ions for CE 2 are similar to those for CE 1 and the configurations for PE 2 are similar to those for PE 1 Details not shown After completing the configuration issue the display bgp vpnv4 vpn instance...

Page 310: ...1 1 24 PE1 Tunnel0 mpls PE1 Tunnel0 quit Configure PE 2 PE2 interface tunnel 0 PE2 Tunnel0 tunnel protocol gre PE2 Tunnel0 source loopback 0 PE2 Tunnel0 destination 1 1 1 9 PE2 Tunnel0 ip address 20 1...

Page 311: ...0 2 2 2 9 NULL0 The CEs can ping each other CE1 ping 10 2 1 1 PING 10 2 1 1 56 data bytes press CTRL_C to break Reply from 10 2 1 1 bytes 56 Sequence 1 ttl 253 time 41 ms Reply from 10 2 1 1 bytes 56...

Page 312: ...by OSPF After you complete the configurations each ASBR PE and the PE in the same AS can establish OSPF adjacencies Issue the display ospf peer verbose command The output shows that the adjacencies r...

Page 313: ...ace pos2 1 1 ASBR PE2 POS2 1 1 clock master ASBR PE2 POS2 1 1 mpls ASBR PE2 POS2 1 1 mpls ldp ASBR PE2 POS2 1 1 quit Configure basic MPLS on PE 2 and enable MPLS LDP on the interface connected to ASBR...

Page 314: ...E2 interface GigabitEthernet 4 1 2 PE2 GigabitEthernet4 1 2 ip binding vpn instance vpn1 PE2 GigabitEthernet4 1 2 ip address 10 2 1 2 24 PE2 GigabitEthernet4 1 2 quit Configure ASBR PE 1 creating a VP...

Page 315: ...p quit Configure CE 2 CE2 bgp 65002 CE2 bgp peer 10 2 1 2 as number 200 CE2 bgp import route direct CE2 bgp quit Configure PE 2 PE2 bgp 200 PE2 bgp ipv4 family vpn instance vpn1 PE2 bgp vpn1 peer 10 2...

Page 316: ...ure PE 2 PE2 bgp 200 PE2 bgp peer 3 3 3 9 as number 200 PE2 bgp peer 3 3 3 9 connect interface loopback 0 PE2 bgp ipv4 family vpnv4 PE2 bgp af vpnv4 peer 3 3 3 9 enable PE2 bgp af vpnv4 peer 3 3 3 9 n...

Page 317: ...0 1 8 Configuration procedure 1 Configure PE 1 Start IS IS on PE 1 PE1 system view PE1 isis 1 PE1 isis 1 network entity 10 1111 1111 1111 1111 00 PE1 isis 1 quit Configure LSR ID enable MPLS and LDP...

Page 318: ...1 1 quit Start BGP on PE 1 PE1 bgp 100 Configure IBGP peer 3 3 3 9 as a VPNv4 peer PE1 bgp peer 3 3 3 9 as number 100 PE1 bgp peer 3 3 3 9 connect interface loopback 0 PE1 bgp ipv4 family vpnv4 PE1 bg...

Page 319: ...600 Specify not to filter the received VPNv4 routes using the import target attribute ASBR PE1 bgp ipv4 family vpnv4 ASBR PE1 bgp af vpnv4 undo policy vpn target Configure both IBGP peer 2 2 2 0 and...

Page 320: ...Nv4 routes using the import target attribute ASBR PE2 bgp ipv4 family vpnv4 ASBR PE2 bgp af vpnv4 undo policy vpn target Configure both IBGP peer 5 5 5 9 and EBGP peer 11 0 0 2 as VPNv4 peers ASBR PE2...

Page 321: ...4 peer PE2 bgp peer 4 4 4 9 as number 600 PE2 bgp peer 4 4 4 9 connect interface loopback 0 PE2 bgp ipv4 family vpnv4 PE2 bgp af vpnv4 peer 4 4 4 9 enable PE2 bgp af vpnv4 quit Redistribute direct rou...

Page 322: ...4 1 1 9 1 1 1 8 POS4 1 2 11 0 0 2 8 POS4 1 2 11 0 0 1 8 Configuration procedure 1 Configure PE 1 Run IS IS on PE 1 PE1 system view PE1 isis 1 PE1 isis 1 network entity 10 1111 1111 1111 1111 00 PE1 is...

Page 323: ...eled routes from the peer PE1 bgp peer 3 3 3 9 as number 100 PE1 bgp peer 3 3 3 9 connect interface loopback 0 PE1 bgp peer 3 3 3 9 label route capability Configure the maximum hop count from PE 1 to...

Page 324: ...1 route policy1 quit ASBR PE1 route policy policy2 permit node 1 ASBR PE1 route policy2 if match mpls label ASBR PE1 route policy2 apply mpls label ASBR PE1 route policy2 quit Start BGP on ASBR PE 1 a...

Page 325: ...LoopBack0 ip address 4 4 4 9 32 ASBR PE2 LoopBack0 isis enable 1 ASBR PE2 LoopBack0 quit Configure interface POS 4 1 2 and enable MPLS on it ASBR PE2 interface POS 4 1 2 ASBR PE2 POS4 1 2 ip address...

Page 326: ...t PE2 mpls ldp PE2 mpls ldp quit Configure interface POS 4 1 1 and start IS IS and enable MPLS and LDP on the interface PE2 interface POS 4 1 1 PE2 POS4 1 1 ip address 9 1 1 2 255 0 0 0 PE2 POS4 1 1 i...

Page 327: ...PE 1 and PE 2 can ping each other PE2 ping vpn instance vpn1 30 0 0 1 PE1 ping vpn instance vpn1 20 0 0 1 Configuring carrier s carrier Network requirements Configure carrier s carrier for the scenar...

Page 328: ...2 Loop0 4 4 4 9 32 POS2 1 1 11 1 1 2 24 POS2 1 1 30 1 1 2 24 POS2 1 2 30 1 1 1 24 POS2 1 2 21 1 1 1 24 Configuration procedure 1 Configure MPLS L3VPN on the provider carrier backbone start IS IS as th...

Page 329: ...been established and has reached the Established state Issue the display isis peer command the output shows that the IS IS neighbor relationship has been set up Take PE 1 as an example PE1 display mp...

Page 330: ...erface loopback 0 CE1 LoopBack0 ip address 2 2 2 9 32 CE1 LoopBack0 quit CE1 mpls lsr id 2 2 2 9 CE1 mpls CE1 mpls quit CE1 mpls ldp CE1 mpls ldp quit CE1 isis 2 CE1 isis 2 network entity 10 0000 0000...

Page 331: ...S2 1 1 mpls ldp PE1 POS2 1 1 mpls ldp transport address interface PE1 POS2 1 1 quit PE1 bgp 100 PE1 bgp ipv4 family vpn instance vpn1 PE1 bgp vpn1 import isis 2 PE1 bgp vpn1 quit PE1 bgp quit Configur...

Page 332: ...ustomer carrier to exchange the VPN routes of the end customers Configure PE 3 PE3 bgp 100 PE3 bgp peer 6 6 6 9 as number 100 PE3 bgp peer 6 6 6 9 connect interface loopback 0 PE3 bgp ipv4 family vpnv...

Page 333: ...and CE 2 The output shows that the internal routes of the customer carrier network are present in the public network routing tables but the VPN routes that the customer carrier maintains are not Take...

Page 334: ...Destination Mask Proto Pre Cost NextHop Interface 100 1 1 0 24 Direct 0 0 100 1 1 2 GE4 1 1 100 1 1 2 32 Direct 0 0 127 0 0 1 InLoop0 120 1 1 0 24 BGP 255 0 6 6 6 9 NULL0 PE 3 and PE 4 can ping each...

Page 335: ...erstand the processing of routes of sub VPNs on the service provider PEs which is described as follows When receiving a VPNv4 route from a CE CE 1 or CE 2 in this example a service provider PE replace...

Page 336: ...ure PE 1 PE1 system view PE1 interface loopback 0 PE1 LoopBack0 ip address 3 3 3 9 32 PE1 LoopBack0 quit PE1 mpls lsr id 3 3 3 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit PE1 isis 1 PE1 is...

Page 337: ...s in established state 1 Peer AS MsgRcvd MsgSent OutQ PrefRcv Up Down State 4 4 4 9 100 162 145 0 0 02 12 47 Established PE1 display isis peer Peer information for ISIS 1 System Id Interface Circuit I...

Page 338: ...d IS IS neighbor relationship can be established between PE 3 and CE 1 NOTE Configurations on PE 4 and CE 2 are similar to those on PE 3 and CE 1 respectively and are thus omitted here 3 Connect CE 1...

Page 339: ...ress 110 1 1 1 24 CE5 GigabitEthernet3 1 1 quit CE5 bgp 65411 CE5 bgp peer 110 1 1 2 as number 200 CE5 bgp import route direct CE5 bgp quit Configure PE 3 PE3 ip vpn instance SUB_VPN1 PE3 vpn instance...

Page 340: ...n instance vpn1 enable PE1 bgp af vpnv4 quit PE1 bgp quit Configure CE 1 enabling VPNv4 capability and establishing VPNv4 neighbor relationship between CE 1 and PE 1 CE1 bgp 200 CE1 bgp ipv4 family vp...

Page 341: ...lowing takes PE 1 for illustration PE1 display ip routing table Routing Tables Public Destinations 7 Routes 7 Destination Mask Proto Pre Cost NextHop Interface 3 3 3 9 32 Direct 0 0 127 0 0 1 InLoop0...

Page 342: ...incomplete Total number of routes from all PE 4 Route Distinguisher 100 1 Network NextHop In Out Label MED LocPrf 100 1 1 0 24 1 1 1 9 1024 1024 Route Distinguisher 101 1 Network NextHop In Out Label...

Page 343: ...p0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 Execute the display ip routing table command on CE 5 and CE 6 to verify that the routing tables contain routes of remote sub VPNs The following takes CE5 f...

Page 344: ...ms CE 3 and CE 6 cannot ping each other CE3 ping 130 1 1 1 PING 130 1 1 1 56 data bytes press CTRL_C to break Request time out Request time out Request time out Request time out Request time out 130 1...

Page 345: ...e basic MPLS and MPLS LDP to establish LDP LSPs UPE1 system view UPE1 interface loopback 0 UPE1 LoopBack0 ip address 1 1 1 9 32 UPE1 LoopBack0 quit UPE1 mpls lsr id 1 1 1 9 UPE1 mpls UPE1 mpls quit UP...

Page 346: ...1 2 ip binding vpn instance vpn2 UPE1 GigabitEthernet4 1 2 ip address 10 4 1 2 24 UPE1 GigabitEthernet4 1 2 quit Configure UPE 1 to establish MP IBGP peer relationship with SPE 1 and to inject VPN ro...

Page 347: ...le UPE2 ospf UPE2 ospf 1 area 0 UPE2 ospf 1 area 0 0 0 0 network 172 2 1 0 0 0 0 255 UPE2 ospf 1 area 0 0 0 0 network 4 4 4 9 0 0 0 0 UPE2 ospf 1 area 0 0 0 0 quit UPE2 ospf 1 quit Configure VPN insta...

Page 348: ...CE3 interface GigabitEthernet 4 1 1 CE3 GigabitEthernet4 1 1 ip address 10 1 1 1 255 255 255 0 CE3 GigabitEthernet4 1 1 quit CE3 bgp 65430 CE3 bgp peer 10 1 1 2 as number 100 CE3 bgp import route dir...

Page 349: ...vpn instance vpn2 route distinguisher 700 1 SPE1 vpn instance vpn2 vpn target 100 2 both SPE1 vpn instance vpn2 quit Configure SPE 1 to establish MP IBGP peer relationship with UPE 1 and to inject VPN...

Page 350: ...SPE2 GigabitEthernet4 1 2 mpls ldp SPE2 GigabitEthernet4 1 2 quit Configure the IGP protocol OSPF for example SPE2 ospf SPE2 ospf 1 area 0 SPE2 ospf 1 area 0 0 0 0 network 3 3 3 9 0 0 0 0 SPE2 ospf 1...

Page 351: ...icy hope permit node 0 SPE2 route policy if match ip prefix hope SPE2 route policy quit SPE2 bgp 100 SPE2 bgp ipv4 family vpnv4 SPE2 bgp af vpnv4 peer 4 4 4 9 upe route policy hope export Configuring...

Page 352: ...ation Mask Proto Pre Cost NextHop Interface 20 1 1 0 24 Direct 0 0 20 1 1 1 POS2 1 2 20 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 20 1 1 2 32 Direct 0 0 20 1 1 2 POS2 1 2 30 1 1 0 24 OSPF 10 3124 20 1 1 2...

Page 353: ...ldp quit PE2 interface POS 2 1 2 PE2 POS2 1 2 ip address 10 1 1 2 24 PE2 POS2 1 2 mpls PE2 POS2 1 2 mpls ldp PE2 POS2 1 2 quit Configure PE 2 to take PE 1 as the MP IBGP peer PE2 bgp 100 PE2 bgp peer...

Page 354: ...1 ip binding vpn instance vpn1 PE2 GigabitEthernet4 1 1 ip address 120 1 1 2 24 PE2 GigabitEthernet4 1 1 quit PE2 ospf 100 vpn instance vpn1 PE2 ospf 100 domain id 10 PE2 ospf 100 area 1 PE2 ospf 100...

Page 355: ...ckbone and that a route to the sham link destination address is present Take PE 1 as an example PE1 display ip routing table vpn instance vpn1 Routing Tables vpn1 Destinations 6 Routes 6 Destination M...

Page 356: ...5 P 2 P 10 Issue the display ospf sham link area command You can see that the peer state is Full PE1 display ospf sham link area 1 OSPF Process 100 with Router ID 100 1 1 2 Sham Link 3 3 3 3 5 5 5 5...

Page 357: ...by CE 1 to access PE 1 resides but has not learned the route to the VPN 100 1 1 0 24 behind CE 1 The situation on CE 1 is similar CE2 display ip routing table Routing Tables Public Destinations 8 Rou...

Page 358: ...gin i IGP e EGP incomplete Network NextHop MED LocPrf PrefVal Path Ogn 10 1 1 0 24 10 2 1 2 0 100 10 1 1 1 32 10 2 1 2 0 100 10 2 1 0 24 10 2 1 2 0 0 100 10 2 1 1 32 10 2 1 2 0 0 100 2 Configure BGP A...

Page 359: ...0 10 2 1 2 GE4 1 1 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 200 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 After configuring BGP AS substitution on PE 1 too the G...

Page 360: ...packets on the service provider backbone Figure 85 shows the typical IPv6 MPLS L3VPN model At present the service provider backbone in the IPv6 MPLS L3VPN model is an IPv4 network IPv6 runs inside th...

Page 361: ...ting information advertisement The IPv6 VPN routing information of a local CE is advertised to a remote peer PE in three steps 1 From the local CE to the ingress PE 2 From the ingress PE to the egress...

Page 362: ...rier Multi VPN instance CE IPv6 MPLS L3VPN configuration task list Complete the following tasks to configure IPv6 MPLS L3VPN Task Remarks Configuring basic IPv6 MPLS L3VPN By configuring basic IPv6 MP...

Page 363: ...utes but also routes of a VPN from those of another VPN This feature allows VPN instances to be used in networking scenarios besides MPLS L3VPNs All VPN instance configurations are performed on PEs or...

Page 364: ...route advertisement is as follows When a VPN route learned from a CE gets redistributed into BGP BGP associates it with a VPN target extended community attribute list which is usually the export targ...

Page 365: ...with a VPN instance Otherwise the device cannot filter the routes to be received and advertised Configuring a tunneling policy for a VPN instance To configure a tunneling policy for a VPN instance Ste...

Page 366: ...VPN instance create an LDP instance for the VPN instance and configure LDP parameters for the LDP instance For LDP instance configuration information see the chapter Configuring MPLS L3VPN Configuring...

Page 367: ...see Layer 3 IP Routing Configuration Guide Configuring OSPFv3 between PE and CE An OSPFv3 process belongs to the public network or a single VPN instance If you create an OSPF process without binding...

Page 368: ...for the IS IS process on the interface isis ipv6 enable process id Disabled by default NOTE For more information about IPv6 IS IS see Layer 3 IP Routing Configuration Guide Configuring EBGP between PE...

Page 369: ...an advertise them to the peer CE NOTE After an IPv6 BGP VPN instance is configured exchange of BGP routes for the VPN instance is the same as exchange of ordinary BGP routes The configuration commands...

Page 370: ...default local preference value Optional 100 by default 7 Set the default value for the system MED default med med value Optional By default the default value of the system MED is 0 8 Configure a filt...

Page 371: ...r id ip address Optional By default a route reflector uses its router ID as the cluster ID 19 Create an RR reflection policy rr filter extended community list number Optional NOTE For information abou...

Page 372: ...ts configured on the PEs in different ASs do not have such requirements Configuring inter AS IPv6 VPN option C Configuring the PEs You need to establish ordinary IBGP peer relationships between PEs an...

Page 373: ...edistribution between routing protocols to save system resources Configuration prerequisites Before you configure routing on an MCE complete the following tasks On the MCE configure VPN instances and...

Page 374: ...enter RIPng view ripng process id vpn instance vpn instance name Perform this configuration on the MCE On a VPN site configure normal RIPng 3 Redistribute remote site routes advertised by the PE impor...

Page 375: ...you create an IPv6 IS IS process without binding it to an IPv6 VPN instance the process belongs to the public network By configuring IPv6 IS IS process to IPv6 VPN instance bindings on a MCE you allo...

Page 376: ...6 BGP VPN instance view ipv6 family vpn instance vpn instance name Required 4 Specify an IPv6 BGP peer in an AS peer ipv6 address as number as number Required 5 Redistribute remote site routes adverti...

Page 377: ...n this section are configured on the MCE Configurations on the PE are similar to those on the PE in common IPv6 MPLS L3VPN network solutions see Configuring routing between PE and CE Configuring IPv6...

Page 378: ...For more information about RIPng see Layer 3 IP Routing Configuration Guide Configuring OSPFv3 between MCE and PE To configure OSPFv3 between MCE and PE Step Command Remarks 1 Enter system view syste...

Page 379: ...id allow ibgp cost cost level 1 level 1 2 level 2 route policy route policy name tag tag Optional By default IS IS does not redistribute routes of any other routing protocol If you do not specify the...

Page 380: ...hin a VPN in the same way as it runs within a public network For more information about IPv6 BGP see Layer 3 IP Routing Configuration Guide Displaying and maintaining IPv6 MPLS L3VPN Resetting BGP con...

Page 381: ...e verbose begin exclude include regular expression Available in any view Display information about IPv6 BGP peers established between the PE and CE in a VPN instance display bgp vpnv6 vpn instance vpn...

Page 382: ...1 96 P Loop0 2 2 2 9 32 PE 1 Loop0 1 1 1 9 32 POS2 1 1 172 1 1 2 24 GE4 1 1 2001 1 2 96 POS2 1 2 172 2 1 1 24 GE4 1 2 2001 2 2 96 PE 2 Loop0 3 3 3 9 32 POS2 1 1 172 1 1 1 24 GE4 1 1 2001 3 2 96 CE 2...

Page 383: ...pf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 P ospf 1 area 0 0 0 0 quit P ospf 1 quit Configure PE 2 PE2 system view PE2 interface loopback 0 PE2 LoopBack0 ip address 3 3 3 9 32 PE2 LoopBack0 quit PE2 in...

Page 384: ...OS2 1 1 s neighbors Router ID 172 1 1 2 Address 172 1 1 2 GR State Normal State Full Mode Nbr is Master Priority 1 DR None BDR None MTU 1500 Dead timer due in 38 sec Neighbor is up for 00 02 44 Authen...

Page 385: ...rmation SN DestAddress Mask In OutLabel Next Hop In Out Interface 1 1 1 1 9 32 3 NULL 127 0 0 1 POS2 1 1 InLoop0 2 2 2 2 9 32 NULL 3 172 1 1 2 POS2 1 1 3 3 3 3 9 32 NULL 1024 172 1 1 2 POS2 1 1 A befo...

Page 386: ...ot shown After completing the configurations issue the display ip vpn instance command on the PEs to view information about the VPN instances Use the ping command to test connectivity between the PEs...

Page 387: ...NOTE The configurations for PE 2 are similar to those for PE 1 Details not shown After completing the configurations issue the display bgp vpnv6 vpn instance peer command on the PEs BGP peer relation...

Page 388: ...nfigurations Issue the display ipv6 routing table vpn instance command on the PEs The output shows the routes to the CEs The following takes PE 1 as an example PE1 display ipv6 routing table vpn insta...

Page 389: ...hop limit 64 time 1 ms 2001 3 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 1 1 1 ms CE1 ping ipv6 2001 4 1 PING 2001 4 1 56 data bytes press CT...

Page 390: ...s of a router is to be used as the router s LSR ID After you complete the configurations each ASBR PE and the PE in the same AS can establish an OSPF adjacency Issue the display ospf peer command and...

Page 391: ...mpls lsr id 3 3 3 9 ASBR PE2 mpls ASBR PE2 mpls quit ASBR PE2 mpls ldp ASBR PE2 mpls ldp quit ASBR PE2 interface pos2 1 1 ASBR PE2 POS2 1 1 mpls ASBR PE2 POS2 1 1 mpls ldp ASBR PE2 POS2 1 1 quit Conf...

Page 392: ...PE2 ip vpn instance vpn1 PE2 vpn instance vpn1 route distinguisher 200 2 PE2 vpn instance vpn1 vpn target 100 1 both PE2 vpn instance vpn1 quit PE2 interface GigabitEthernet 4 1 1 PE2 GigabitEthernet4...

Page 393: ...pv6 family vpn instance vpn1 PE1 bgp ipv6 vpn1 peer 2001 1 1 as number 65001 PE1 bgp ipv6 vpn1 import route direct PE1 bgp ipv6 vpn1 quit PE1 bgp quit Configure CE 2 CE2 bgp 65002 CE1 bgp ipv6 family...

Page 394: ...PE2 bgp 200 PE2 bgp peer 3 3 3 9 as number 200 PE2 bgp peer 3 3 3 9 connect interface loopback 0 PE2 bgp ipv6 family vpnv6 PE2 bgp af vpnv6 peer 3 3 3 9 enable PE2 bgp af vpnv6 quit PE2 bgp quit 6 Ver...

Page 395: ...view PE1 isis 1 PE1 isis 1 network entity 10 111 111 111 111 00 PE1 isis 1 quit Configure an LSR ID and enable MPLS and LDP PE1 mpls lsr id 2 2 2 9 PE1 mpls PE1 mpls label advertise non null PE1 mpls...

Page 396: ...gp peer 3 3 3 9 label route capability Configure the maximum hop count from PE 1 to EBGP peer 5 5 5 9 as 10 PE1 bgp peer 5 5 5 9 as number 600 PE1 bgp peer 5 5 5 9 connect interface loopback 0 PE1 bgp...

Page 397: ...PE1 route policy2 quit Start BGP on ASBR PE 1 and redistribute routes from IS IS process 1 ASBR PE1 bgp 100 ASBR PE1 bgp import route isis 1 Apply routing policy policy2 to filter routes advertised to...

Page 398: ...S4 1 2 mpls ASBR PE2 POS4 1 2 quit Create routing policies ASBR PE2 route policy policy1 permit node 1 ASBR PE2 route policy1 apply mpls label ASBR PE2 route policy1 quit ASBR PE2 route policy policy2...

Page 399: ...S4 1 1 quit Configure interface Loopback 0 and start IS IS on it PE2 interface loopback 0 PE2 LoopBack0 ip address 5 5 5 9 32 PE2 LoopBack0 isis enable 1 PE2 LoopBack0 quit Create VPN instance vpn1 an...

Page 400: ...ytes press CTRL_C to break Reply from 2001 1 1 bytes 56 Sequence 1 hop limit 64 time 1 ms Reply from 2001 1 1 bytes 56 Sequence 2 hop limit 64 time 1 ms Reply from 2001 1 1 bytes 56 Sequence 3 hop lim...

Page 401: ...ers of the customer carrier The key to the carrier s carrier deployment is to configure exchange of two kinds of routes Exchange of the customer carrier s internal routes on the provider carrier s bac...

Page 402: ...1 24 PE1 POS2 1 2 isis enable 1 PE1 POS2 1 2 mpls PE1 POS2 1 2 mpls ldp PE1 POS2 1 2 mpls ldp transport address interface PE1 POS2 1 2 quit PE1 bgp 100 PE1 bgp peer 4 4 4 9 as number 100 PE1 bgp peer...

Page 403: ...rt IS IS as the IGP and enable LDP between PE 3 and CE 1 and between PE 4 and CE 2 Configure PE 3 PE3 system view PE3 interface loopback 0 PE3 LoopBack0 ip address 1 1 1 9 32 PE3 LoopBack0 quit PE3 mp...

Page 404: ...for PE 3 and CE 1 Details not shown 3 Connect the customer carrier to the provider carrier Configure PE 1 PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 200 1 PE1 vpn instance vpn...

Page 405: ...CE3 bgp ipv6 family CE3 bgp peer 2001 1 2 as number 100 CE3 bgp import route direct CE3 bgp quit Configure PE 3 PE3 ip vpn instance vpn1 PE3 vpn instance vpn1 route distinguisher 100 1 PE3 vpn instan...

Page 406: ...uting table vpn instance command on PE 1 and PE 2 The output shows that the internal routes of the customer carrier network are present in the VPN routing tables Take PE 1 as an example PE1 display ip...

Page 407: ...The output shows that the internal routes of the customer carrier network are present in the public network routing tables Take PE 3 as an example PE3 display ip routing table Routing Tables Public D...

Page 408: ...a bytes press CTRL_C to break Reply from 2001 2 1 bytes 56 Sequence 1 hop limit 64 time 1 ms Reply from 2001 2 1 bytes 56 Sequence 2 hop limit 64 time 1 ms Reply from 2001 2 1 bytes 56 Sequence 3 hop...

Page 409: ...warding 73 Configuring traffic forwarding tuning parameters 75 Configuring VPLS attributes 168 Creating MPLS TE tunnel over static CR LSP 58 D Displaying and maintaining IPv6 MPLS L3VPN 369 Displaying...

Page 410: ...399 Troubleshooting MPLS TE 151 Troubleshooting VPLS 187 Tuning CR LSP setup 69 Tuning MPLS TE tunnel setup 71 V VPLS configuration examples 169 VPLS configuration task list 161 VPLS overview 153...

Search results

Summary of Contents for SR8800 10G

Reviews:

Related manuals for SR8800 10G

Brands by name

Popular brands

H3C SR8800 10G, Mpls Configuration Manual

Search results

Summary of Contents for SR8800 10G

Reviews:

Related manuals for SR8800 10G

Brands by name

Popular brands