Hangzhou H3C Technologies Co., Ltd H3C S9500 Series Operation Manual Download Page 207

Page: 207 / 339

Operation Manual – MPLS L3VPN
H3C S9500 Series Routing Switches

Chapter 1 MPLS L3VPN Configuration

1-7

PE 2 searches VPN instance entries according to the inner label and destination

address of the packet to determine the outbound interface and then forwards the

packet out the interface to CE 2.

CE 2 transmits the packet to the destination by IP forwarding.

1.1.4 MPLS L3VPN Networking Schemes

In MPLS L3VPNs, VPN target attributes are used to control the advertisement and

reception of VPN routes between sites. They work independently and can be

configured with multiple values to support flexible VPN access control and implement

multiple types of VPN networking schemes.

I. Basic VPN networking scheme

In the simplest case, all users in a VPN form a closed user group. They can forward

traffic to each other but cannot communicate with any user outside the VPN.

For this networking scheme, the basic VPN networking scheme, you need to assign a

VPN target to each VPN for identifying the export target attribute and import target

attribute of the VPN. Moreover, this VPN target cannot be used by any other VPNs.

Figure 1-4

Network diagram for basic VPN networking scheme

Figure 1-4

, for example, the VPN target for VPN 1 is 100:1 on the PEs, while that for

VPN 2 is 200:1. The two VPN 1 sites can communicate with each other, and the two

VPN 2 sites can communicate with each other. However, the VPN 1 sites cannot

communicate with the VPN 2 sites.

II. Hub and spoke networking scheme

For a VPN where a central access control device is required and all users must

communicate with each other through the access control device, the hub and spoke

Summary of Contents for H3C S9500 Series

Page 1: ...H3C S9500 Series Routing Switches Operation Manual Hangzhou H3C Technologies Co Ltd http www h3c com Manual Version T2 081655 20080530 C 2 03 Product Version S9500 CMW520 R2132 ...

Page 2: ...m InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice Every effort has been made in the preparation of this document to ensure accuracy of the contents but all statements information and recommendation...

Page 3: ... commands Organization H3C Configuration Manual is organized as follows Part Contents 00 Product Overview includes Obtaining the Documentation Product Features and Features 01 Access Volume includes Ethernet Interface Configuration POS Interface Configuration GVRP Configuration Link Aggregation Configuration Port Mirroring Configuration RPR Configuration Ethernet OAM Configuration MSTP Configurati...

Page 4: ...onfiguration MPLS L3VPN Configuration MPLS Hybrid Insertion Configuration and GRE Configuration 06 QoS ACL Volume includes QoS Configuration and ACL Configuration 07 Security Volume includes 802 1x Configuration AAA RADIUS HWTACACS Configuration MAC Authentication Configuration L3 NAT Configuration Password Control Configuration SSH2 0 Configuration and Portal Configuration 08 System Volume includ...

Page 5: ... y Alternative items are grouped in braces and separated by vertical bars A minimum of one or a maximum of all can be selected x y Optional alternative items are grouped in square brackets and separated by vertical bars Many or none can be selected 1 n The argument s before the ampersand sign can be entered 1 to n times A line starting with the sign is comments II GUI conventions Convention Descri...

Page 6: ...scription Warning Means reader be extremely careful Improper operation may cause bodily injury Caution Means reader be careful Improper operation may cause data loss or damage to equipment Note Means a complementary description ...

Page 7: ...S overview z MPLS basic attributes configuration MPLS TE Network congestionoccur either when network resources are inadequate or when load distribution is unbalanced Traffic engineering TE is intended to avoid the latter situation where partial congestion may occur as the result of inefficient resource allocation The volume describes z MPLS TE overview z MPLS TE configuration VPLS VPLS can deliver...

Page 8: ... feature is used to enable deployment of MPLS VPN services on cards that do not support MPLS The volume describes z MPLS hybrid insertion overview z MPLS hybrid insertion configuration GRE GRE is a protocol designed for performing encapsulation of one network layer protocol over another network layer protocol The volume describes z GRE overview z GRE configuration ...

Page 9: ... 17 1 4 1 Configuration Prerequisites 1 17 1 4 2 Configuration Procedure 1 18 1 5 Configuring PHP 1 18 1 5 1 Configuration Prerequisites 1 18 1 5 2 Configuration Procedure 1 18 1 6 Configuring a Static LSP 1 19 1 6 1 Configuration Prerequisites 1 19 1 6 2 Configuration Procedure 1 19 1 7 Configuring MPLS LDP 1 20 1 7 1 Configuration Prerequisites 1 20 1 7 2 MPLS LDP Configuration Tasks 1 20 1 7 3 ...

Page 10: ...MP Responses 1 28 1 10 Setting the Interval for Reporting Statistics 1 29 1 11 Inspecting an MPLS LSP 1 30 1 12 Enabling MPLS Trap 1 30 1 13 Displaying and Maintaining MPLS 1 30 1 13 1 Resetting LDP Sessions 1 30 1 13 2 Displaying MPLS Operation 1 31 1 13 3 Displaying MPLS LDP Operation 1 32 1 13 4 Clearing MPLS Statistics 1 33 1 14 MPLS Configuration Examples 1 33 1 14 1 LDP Session Configuration...

Page 11: ... function as a router while running MPLS The term router in this document refers to a router in a generic sense or a Layer 3 Ethernet switch running MPLS z For the S9500 Series Routing Switches only the line processor units LPUs and VPLS service processor cards SPCs whose names contain such suffix like C CA or CB support MPLS To enable the MPLS VPN function on an S9500 switch you need to configure...

Page 12: ...of source address destination address source port destination port protocol type and VPN For example in the traditional IP forwarding using longest match all packets to the same destination belongs to the same FEC II Label A label is a short fixed length identifier for identifying a FEC A FEC may correspond to multiple labels in scenarios where for example load sharing is required while a label ca...

Page 13: ... is inserted between the data link layer header and the network layer header as a shim As such an MPLS label can be supported by any link layer protocol Figure 1 2 shows the place of a label in a packet Figure 1 2 Place of a label in a packet Note Currently the S9500 series does not support the cell mode III LSR Label switching router LSR is a fundamental component on an MPLS network All LSRs supp...

Page 14: ...tocols that are extended to support label distribution such as border gateway protocol BGP and resource reservation protocol RSVP In addition you can configure static LSPs Note z For information about CR LDP and RSVP refer to MPLS TE Configuration in the MPLS VPN Volume z For information about BGP refer to BGP Configuration in the IP Routing Volume z Currently the S9500 series does not support CR ...

Page 15: ...vel 1 while the label at the top has a level of m An unlabeled packet can be considered as a packet with an empty label stack that is a label stack whose depth is 0 1 1 2 Architecture of MPLS I Structure of the MPLS network As shown in Figure 1 4 the element of an MPLS network is LSR LSRs in the same routing or administrative domain form an MPLS domain In an MPLS domain LSRs residing at the domain...

Page 16: ...next hop according to the label of the packet and forwards the packet to the next hop None of the transit LSRs performs Layer 3 processing 4 When the egress LER receives the packet it removes the label from the packet and performs IP forwarding Obviously MPLS is not a service or application but actually a tunneling technology and a routing and switching technology platform combining label switchin...

Page 17: ...quires that OSPF or IS IS be extended to carry link state information 1 1 4 Applications of MPLS By integrating both Layer 2 fast switching and Layer 3 routing and forwarding MPLS features improved route lookup speed However with the development of the application specific integrated circuit ASIC technology route lookup speed is no longer the bottleneck hindering network development This makes MPL...

Page 18: ...erefore it is necessary to extend BGP to carry VPN routing information II MPLS based TE MPLS based TE and the Diff Serv feature allow not only high network utilization but different levels of services based on traffic precedence providing voice and video streams with services of low delay low packet loss and stable bandwidth guarantee Since TE is more difficult to be implemented on an entire netwo...

Page 19: ...ream LSR does not wait for any label request from an upstream LSR before binding a label to a particular FEC An upstream LSR and its downstream LSR must use the same label advertisement mode otherwise no LSP can be established normally For more information refer to LDP Label Distribution II Label distribution control mode There are two label distribution control modes z Independent In this mode an...

Page 20: ... packet is classified into a certain FEC at the ingress LER Packets of the same FEC travel along the same path in the MPLS domain that is the same LSP For each incoming packet an LSR examines the label uses the ILM to map the label to an NHLFE replaces the old label with a new label and then forwards the labeled packet to the next hop 1 2 2 PHP As described in Architecture of MPLS each transit LSR...

Page 21: ...t decrement when the packet passes a hop and the result of tracert does not show the hops within the MPLS backbone as if the ingress and egress were connected directly Caution z Within an MPLS domain TTL propagation always occurs between the multi level labels z The TTL value of a transmitted local packet is always copied regardless of whether IP TTL propagation is enabled or not This ensures that...

Page 22: ...s of the same FEC Thus the LSP can be checked z MPLS LSP ping is a tool for checking the validity and availability of an LSP It uses messages called MPLS echo requests In a ping operation an MPLS echo request is forwarded along an LSP to the egress where the control plane determines whether the LSR itself is the egress of the FEC and responds with an MPLS echo reply When the ping initiator receive...

Page 23: ...sessions come in two categories z Local LDP session Established between two directly connected LSRs z Remote LDP session Established between two indirectly connected LSRs III LDP message type There are four types of LDP messages z Discovery message Used to declare and maintain the presence of an LSR on a network z Session message Used to establish maintain and terminate sessions between LDP peers ...

Page 24: ...As described previously there are two label advertisement modes The main difference between them is whether the downstream advertises the bindings unsolicitedly or on demand The following details the advertisement process for each of the two modes I DoD mode In DoD mode an upstream LSR sends a label request message containing the description of a FEC to its downstream LSR which assigns a label to ...

Page 25: ...s presence This way LSRs can automatically find their peers without manual configuration LDP provides two discovery mechanisms z Basic discovery mechanism The basic discovery mechanism is used to discover local LDP peers that is LSRs directly connected at link layer and to further establish local LDP sessions Using this mechanism an LSR periodically sends LDP link Hellos as UDP packets out an inte...

Page 26: ...upstream LSRs and has at least one free label it assigns a label to the FEC and sends the label binding information to the upstream LSRs 3 Upon receiving the label binding information an upstream LSR records the binding Then it checks whether the source LSR of the binding information is the next hop of the FEC If yes it adds an entry in its LFIB assigns a label to the FEC and sends the new label b...

Page 27: ...sage can include path information in the format of path vector list When such a message reaches an LSR the LSR checks the path vector list of the message to see whether its MPLS LSR ID is in the list If either of the following cases occurs the attempt to establish an LSP fails z The MPLS LSR ID of the LSR is already in the path vector list z Hop counts of the path reaches the specified limit If th...

Page 28: ...ote An LSR ID uses the format of an IP address and is unique within an MPLS domain You are recommended to use the IP address of a loopback interface on an LSR as the LSR ID 1 5 Configuring PHP You configure PHP on the egress and select the type of labels for the egress to distribute based on whether the penultimate hop supports PHP 1 5 1 Configuration Prerequisites Before configuring PHP be sure t...

Page 29: ... non null Optional By default an egress supports PHP and distributes to the penultimate hop an implicit null label Note that you must reset LDP sessions for the configuration to take effect 1 6 Configuring a Static LSP An LSP can be static or dynamic A static LSP is manually configured while a dynamic LSP is established by MPLS LDP For a static LSP to work all LSRs along the LSP must be configured...

Page 30: ...ress lsp name incoming interface interface type interface number in label in label Optional Note z If you specify the next hop when configuring a static LSP and the address of the next hop is in the routing table you must specify the next hop when configuring the static IP route z If you specify the outgoing interface for a static LSP you must also specify the outgoing interface when configuring t...

Page 31: ...ection Optional Configuring LDP MD5 Authentication Optional Enabling MTU Signaling Optional 1 7 3 Configuring MPLS LDP Capability Follow these steps to enable MPLS LDP capability To do Use the command Remarks Enter system view system view Enable LDP capability for the current node and enter MPLS LDP view mpls ldp Required Not enabled by default Configure the LDP LSR ID lsr id lsr id Optional MPLS ...

Page 32: ...s of the interface or that of a specified interface Follow these steps to configure local LDP session parameters To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface number Set the link Hello timer mpls ldp timer hello hold value Optional 15 seconds by default Set the link Keepalive timer mpls ldp timer keepalive hold value Optional 45...

Page 33: ...onfiguration in the MPLS VPN Volume Caution z If Hello adjacency exists between two peers no remote adjacency can be established between them If remote adjacency exists between two peers and local adjacency is then created for the remote peer the remote adjacency is removed That is only one remote session or local session can exist between two LSRs and the local session takes precedence over the r...

Page 34: ...routing entry must exist on the LSR With loopback addresses using 32 bit masks only exactly matched host routing entries can trigger LDP to establish LSPs 1 7 7 Specifying the Label Processing Modes Follow these steps to specify the LDP label advertisement mode distribution control mode and retention mode To do Use the command Remarks Enter system view system view Enter interface view interface in...

Page 35: ...timer value Optional 30 seconds by default 1 7 8 Configuring LDP Loop Detection Follow these steps to configure LDP loop detection To do Use the command Remarks Enter system view system view Enable LDP capability and enter MPLS LDP view mpls ldp Required Enable loop detection loop detect Required Disabled by default Set the maximum hop count for loop detection hops count hop number Optional 32 by ...

Page 36: ... MTU of each connected link LDP can automatically calculate the minimum MTU of all interfaces on an LSP At ingress MPLS uses the calculated minimum MTU to determine the size of the MPLS forwarding packets preventing a packet of a bigger size from being dropped by a transit LSR Follow these steps to enable MTU signaling To do Use the command Remarks Enter system view system view Enable LDP capabili...

Page 37: ... ID that is different from the MPLS LSR ID for TCP connections to be established normally Follow these steps to configure LDP instances To do Use the command Remarks Enter system view system view Enable LDP capability for a VPN instance and enter MPLS LDP VPN instance view mpls ldp vpn instance vpn instance name Required Configure the LSR ID for the VPN instance lsr id lsr id Optional MPLS LSR ID ...

Page 38: ...s the smaller one between the IP TTL and MPLS TTL as the TTL of the IP packet and decrements the value by 1 z If you want to enable MPLS IP TTL propagation for VPN packets on one LSR you are recommended to do so on related PEs guaranteeing that you can get the same result when tracerting from those PEs 1 9 3 Specifying the Type of Path for ICMP Responses ICMP responses can use two kinds of paths I...

Page 39: ...view mpls Specify that the ICMP response be transported back along the IP route when the TTL of an MPLS packet expires ttl expiration pop Specify that the ICMP response be transported back along the LSP when the TTL of an MPLS packet expires undo ttl expiration pop Optional Use either command By default the ICMP response message of an MPLS packet with a one level label is transported back along th...

Page 40: ... number Available in any view Locate an MPLS LSP error tracert lsp a source ip exp exp value h ttl value r reply mode t time out ipv4 dest addr mask length destination ip addr header te interface type interface number Available in any view 1 12 Enabling MPLS Trap Follow these steps to enable the MPLS trap function To do Use the command Remarks Enter system view system view Enable the MPLS trap fun...

Page 41: ...ce type interface number in label in label value out label out label value exclude include dest addr mask length vpn instance vpn instance name asbr protocol bgp bgp ipv6 crldp ldp rsvp te static static cr egress ingress transit verbose Available in any view Display LSP statistics display mpls lsp statistics Available in any view Display information about static LSPs display mpls static lsp lsp na...

Page 42: ...ormation about LDP remote peers display mpls ldp remote peer remote name remote peer name begin exclude include regular expression Available in any view Display information about specified or all LDP sessions display mpls ldp session vpn instance vpn instance name verbose peer id all verbose begin exclude include regular expression Available in any view Display information about LSPs established b...

Page 43: ...quirements z Switch A Switch B and Switch C support MPLS and use OSPF as the IGP for the MPLS backbone z A local LDP session is required between Switch A and Switch B and a second local LDP session is required between Switch B and Switch C z A remote LDP session is required between Switch A and Switch C II Network diagram Figure 1 8 Network diagram for LDP session configuration III Configuration p...

Page 44: ... 0 0 network 20 1 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 0 quit SwitchC ospf 1 quit After completing the above configurations you will see that every switch has learned the route to the LSR ID of its peer when you execute the display ip routing table command The following takes Switch A as an example SwitchA display ip routing table Routing Tables Public Destinations 9 Routes 9 Destination Mask P...

Page 45: ... Sequence 0 3 Configure MPLS basic capability and enable LDP Configure Switch A SwitchA mpls lsr id 1 1 1 9 SwitchA mpls SwitchA mpls quit SwitchA mpls ldp SwitchA mpls ldp quit SwitchA interface Vlan interface 1 SwitchA Vlan interface1 mpls SwitchA Vlan interface1 mpls ldp SwitchA Vlan interface1 quit Configure Switch B SwitchB mpls lsr id 2 2 2 9 SwitchB mpls SwitchB mpls quit SwitchB mpls ldp S...

Page 46: ...mpls ldp session LDP Session s in Public Network Total number of sessions 1 Peer ID Status LAM SsnRole FT MD5 KA Sent Rcv 2 2 2 9 0 Operational DU Passive Off Off 5 5 LAM Label Advertisement Mode FT Fault Tolerance SwitchA display mpls ldp peer LDP Peer Information in Public network Total number of peers 1 Peer ID Transport Address Discovery Source 2 2 2 9 0 2 2 2 9 Vlan interface1 4 Configure the...

Page 47: ...0 3 3 3 9 Remote Peer peerc 1 14 2 Configuring LDP to Establish LSPs I Network requirements On the network in Figure 1 8 an LSP is required to be established between Switch A and Switch C Check the validity and reachability of the LSP II Network diagram See Figure 1 8 III Configuration procedure 1 Configure LDP sessions Refer to LDP Session Configuration Example 2 Configure the LSP establishment t...

Page 48: ... Out Interface 1 1 1 1 9 32 3 NULL 127 0 0 1 Vlan1 InLoop0 2 2 2 2 9 32 NULL 3 10 1 1 2 Vlan1 3 3 3 3 9 32 NULL 1025 10 1 1 2 Vlan1 4 20 1 1 0 24 NULL 3 10 1 1 2 Vlan1 A before an LSP means the LSP is not established A before a Label means the USCB or DSCB is stale Check the validity and reachability of the LSP SwitchA ping lsp ipv4 3 3 3 9 32 LSP PING FEC LDP IPV4 PREFIX 3 3 3 9 32 100 data bytes...

Page 49: ...ill lead to the failure of LDP session establishment The TCP connection established uses LSR ID as the address by default Therefore if you do not configure the mpls ldp transport address command the route to the address of LSR ID must be advertised to the peer Solution z Check whether the current LSR has obtained the route to the LSR ID of the peer by issuing the display ip routing table command z...

Page 50: ...SP 1 16 1 4 1 Configuration Prerequisites 1 16 1 4 2 Configuration Procedure 1 17 1 5 Configuring MPLS TE Tunnel with Dynamic Signaling Protocol 1 18 1 5 1 Configuration Prerequisites 1 18 1 5 2 Configuration Procedure 1 19 1 6 Configuring RSVP TE Advanced Features 1 23 1 6 1 Configuration Prerequisites 1 24 1 6 2 Configuration Procedure 1 24 1 7 Tuning CR LSP Setup 1 27 1 7 1 Configuration Prereq...

Page 51: ...1 40 1 12 2 Configuration Procedure 1 40 1 13 Displaying and Maintaining MPLS TE 1 43 1 14 MPLS TE Configuration Example 1 45 1 14 1 MPLS TE Using Static CR LSP Configuration Example 1 45 1 14 2 MPLS TE Using RSVP TE Configuration Example 1 50 1 14 3 CR LSP Backup Configuration Example 1 58 1 14 4 FRR Configuration Example 1 61 1 14 5 MPLS TE in MPLS L3VPN Configuration Example 1 72 1 15 Troublesh...

Page 52: ...or VPLS SPCs You can identify the suffix of an LPU by the silkscreen in the upper right corner of the LPU s front panel As an example the silkscreen of an LSB1P4G8CA0 LPU is P4G8CA and therefore the suffix of the LPU is CA When configuring multiprotocol path label switching traffic engineering MPLS TE go to these sections for information you are interested in z MPLS TE Overview z MPLS TE Configura...

Page 53: ... resources utilization Bandwidth is a crucial resource on networks Efficiently managing it is one major task of TE 1 TE solution As existing interior gateway protocols IGPs are topology driven and consider only network connectivity they fail to present some dynamic factors such as bandwidth and traffic characteristics This IGP disadvantage can be repaired by using an overlay model such as IP over ...

Page 54: ...a tunnel II MPLS TE tunnel Reroute and transmission over multiple paths may involve multiple LSP tunnels A set of such LSP tunnels is called a traffic engineered tunnel TE tunnel 1 1 3 MPLS TE Implementation MPLS TE mainly accomplishes two functions z Static constraint based routed LSP CR LSP processing to create and remove static CR LSPs The bandwidth of LSPs must be configured manually z Dynamic...

Page 55: ... When setting up LSP tunnels you may use two types of signaling CR LDP and RSVP TE Both can carry constraints such as LSP bandwidth some explicit route information and color and deliver the same function They are different in that CR LDP establishes LSPs using TCP while RSVP TE using raw IP RSVP is a well established technology in terms of its architecture protocol procedures and support to servic...

Page 56: ... path preemption Two priorities setup priority and holding priority are assigned to paths for making preemption decision Both setup and holding priorities range from 0 to 7 with a lower numerical number indicating a higher priority For a new path to preempt an existing path the setup priority of the new path must be greater than the holding priority of the existing path To initiate a preemption th...

Page 57: ...n use MPLS TE where CR LSPs are dynamically optimized Dynamic CR LSP optimization involves periodic calculation of paths that traffic trunks should traverse If a better route is found for an existing CR LSP a new CR LSP will be established to replace the old one and services will be switched to the new CR LSP 1 1 5 CR LDP Constraint based routed label distribution protocol CR LDP is an extension t...

Page 58: ...col for LSP tunnel setup in MPLS TE II Basic concepts of RSVP TE 1 Soft state Soft state is a mechanism used in RSVP TE to periodically refresh the resource reservation state on a node The resource reservation state includes the path state and the reservation state The path state is generated and refreshed by the Path message and the reservation state is generated and refreshed by the Resv message...

Page 59: ...outer A and Router D The remaining bandwidth is then 30 Mbps If 40 Mbps path bandwidth is requested the remaining bandwidth of the Router A Router B Router C Router D path will be inadequate The problem cannot be addressed by selecting another path Router A Router E Router C Router D because the bandwidth of the Router C Router D link is inadequate To address the problem you may use the make befor...

Page 60: ...hbor relationship that has local significance on the link The TE extension to RSVP adds new objects to the Path message and the Resv message These objects carry not only label bindings but also routing constraints supporting CR LSP and FRR z New objects added to the Path message include LABEL_REQUEST EXPLICIT_ROUTE RECORD_ROUTE and SESSION_ATTRIBUTE z New objects added to the Resv message include ...

Page 61: ...essages Of them the Message_ID object and the Message_ID_ACK object are used to acknowledge RSVP messages thus improving transmission reliability On an interface enabled with the Message_ID mechanism you may configure RSVP message retransmission After the interface sends an RSVP message it waits for acknowledgement If no ACK is received before the initial retransmission interval Rf seconds for exa...

Page 62: ...ng an MPLS TE tunnel you can use static routing or automatic route advertisement I Static routing Static routing is the easiest way to route traffic along an MPLS TE tunnel You only need to manually create a route that reaches the destination through the tunnel interface II Automatic route advertisement You can use automatic route advertisement to advertise MPLS TE tunnel interface routes to IGPs ...

Page 63: ...ing z The tunnel destination address should be in the same area where the tunnel interface is located z The tunnel destination address should be reachable through intra area routing 1 1 8 CR LSP Backup CR LSP backup provides end to end path protection for the entire LSP without time limitation This is different from fast reroute FRR which provides quick but temporary per link or per node protectio...

Page 64: ...mary LSP z Point of local repair PLR The ingress of the bypass LSP It must be located on the primary LSP but must not be the egress z Merge point MP The egress of the bypass LSP It must be located on the primary LSP but must not be the ingress III Protection FRR provides link protection and node protection for an LSP as follows z Link protection where the PLR and the MP are connected through a dir...

Page 65: ...r links only 1 1 10 Protocols and Standards z RFC 2702 Requirements for Traffic Engineering Over MPLS z RFC 3212 Constraint Based LSP Setup using LDP z RFC 2205 Resource ReSerVation Protocol z RFC 3209 RSVP TE Extensions to RSVP for LSP Tunnels z RFC 2961 RSVP Refresh Overhead Reduction Extensions z RFC 3564 Requirements for Support of Differentiated Service aware MPLS Traffic Engineering 1 2 MPLS...

Page 66: ...ies are essential to MPLS TE feature configurations After configuring the basic capabilities you need to make other configurations in order to use MPLS TE depending on the actual requirements 1 3 1 Configuration Prerequisites Before the configuration do the following z Configure static routing or IGPs to make sure all LSRs are reachable z Configure MPLS basic capabilities Note For configuration in...

Page 67: ...quired Note Depending on the MPLS TE signaling protocol a tunnel uses the basic capabilities you configured in this section may be inadequate for the tunnel to work and you may need to make extra configurations 1 4 Creating MPLS TE Tunnel over Static CR LSP Creating MPLS TE tunnels over static CR LSPs does not involve configuration of tunnel constraints or the issue of IGP TE extension or CSPF Wha...

Page 68: ...on mpls te commit Required Exit to system view quit At the ingress static cr lsp ingress tunnel name destination dest addr nexthop next hop addr outgoing interface interface type interface number out label out label value bandwidth bc0 bc1 bandwidth value On the transit node static cr lsp transit tunnel name incoming interface interface type interface number in label in label value nexthop next ho...

Page 69: ...otocol Dynamic signaling protocol can adapt the path of a TE tunnel to network changes and implement redundancy FRR and other advanced features The following describes how to create an MPLS TE tunnel with a dynamic signaling protocol z Configure MPLS TE properties for links and advertise them through IGP TE extension to form a TEDB z Configure tunnel constraints z Use the CSPF algorithm to calcula...

Page 70: ...steps to configure MPLS TE properties for a link To do Use command to Remarks Enter system view system view Enter interface view of MPLS TE link interface interface type interface number Configure maximum link bandwidth mpls te max link bandwidth bandwidth value bc1 bc1 bandwidth Optional Configure maximum reservable bandwidth of the MPLS TE link mpls te max reservable bandwidth bandwidth value bc...

Page 71: ...hese steps to configure CSPF To do Use command to Remarks Enter system view system view Enter MPLS view mpls Enable CSPF on your device mpls te cspf Required Disabled by default IV Configuring IS IS TE Configure IS IS TE if the routing protocol is IS IS and a dynamic signaling protocol is used for MPLS TE tunnel setup In case both OSPF TE and IS IS TE are available OSPF TE takes priority The IS IS...

Page 72: ...ed z Loose where the two nodes have devices in between When inserting nodes to an explicit path or modifying nodes on it you may configure the include keyword to have the established LSP traverse the specified nodes or the exclude keyword to have the established LSP bypass the specified nodes Caution z According to RFC 3784 the length of the IS reachability TLV type 22 may reach the maximum of 255...

Page 73: ...peat this step to define a sequential set of the hops that the explicit path traverses Modify the IP address of current node on the explicit path modify hop ip address1 ip address2 include loose strict exclude Optional By default the include keyword and the strict keyword apply In other words the explicit path traverses the specified node and the next node is a strict node Remove a node from the e...

Page 74: ...k interface interface type interface number Enable RSVP TE on the interface mpls rsvp te Required Disabled by default Enter MPLS TE tunnel interface view interface tunnel tunnel number Set the signaling protocol for setting up the MPLS TE tunnel to RSVP TE mpls te signal protocol rsvp te Optional RSVP TE applies by default Submit current tunnel configuration mpls te commit Required Caution To use ...

Page 75: ...n z Configuring RSVP authentication I Configuring RSVP reservation style Each LSP set up using RSVP TE is assigned a resource reservation style During an RSVP session the receiver decides which reservation style can be used for this session and thus which LSPs can be used Currently two reservation styles are available z Fixed filter style FF where resources are reserved for individual senders and ...

Page 76: ...er mpls rsvp te blockade multiplier number Optional The default blockade timeout multiplier is 4 Submit current tunnel configuration mpls te commit Required III Configuring the RSVP refreshing mechanism To enhance reliability of RSVP message transmission the Message_ID extension mechanism is used to acknowledge RSVP messages The Message_ID extension mechanism is also referred to as the reliability...

Page 77: ...e global RSVP hello extension mpls rsvp te hello Required Disabled by default Configure the maximum number of consecutive hellos that should be lost before the link is considered failed mpls rsvp te hello lost times Optional By default the link is considered failed if three consecutive hellos are lost Configure the hello interval mpls rsvp te timer hello timevalue Optional The default is 3 seconds...

Page 78: ...iguring RSVP authentication RSVP adopts hop by hop authentication to prevent fake resource reservation requests from occupying network resources It requires that the interfaces at the two ends of a link must share the same authentication key to exchange RSVP messages Follow these steps to configure RSVP authentication To do Use command to Remarks Enter system view system view Enter interface view ...

Page 79: ...th to the end of a tunnel If multiple paths are present with the same metric only one of them is selected Tie breakers include largest currently available bandwidth least currently available bandwidth or random selection Follow these steps to configure CSPF tie breaking method To do Use command to Remarks Enter system view system view Enter MPLS view mpls Configure the tie breaker used when multip...

Page 80: ...bute of an MPLS TE tunnel identifies the properties of the links that the tunnel can use Together with the link administrative group it decides which links the MPLS TE tunnel can use This is done by ANDing the 32 bit affinity attribute with the 32 bit link administrative group attribute When doing that a 32 bit mask is used The affinity bits corresponding to the 1s in the mask are do care bits whi...

Page 81: ... tunnel tunnel number Configure the affinity attribute of the MPLS TE tunnel mpls te affinity property properties mask mask value Optional The default affinity attribute is 0x00000000 and the default mask is 0x00000000 Submit current tunnel configuration mpls te commit Required IV Configuring CR LSP reoptimization Dynamic CR LSP optimization involves periodic calculation of paths that traffic trun...

Page 82: ...ch configuration objective and its impact on your system 1 8 2 Configuration Procedures Tuning MPLS TE tunnel setup involves these tasks z Configuring loop detection z Configuring route and label recording z Configuring tunnel setup retry z Assigning priorities to a tunnel I Configuring loop detection Follow these steps to configure loop detection To do Use command to Remarks Enter system view sys...

Page 83: ...l is setup or the specified maximum number of retries is reached Follow these steps to configure tunnel setup retry To do Use command to Remarks Enter system view system view Enter MPLS TE tunnel interface view interface tunnel tunnel number Configure the maximum number of tunnel setup retries mpls te retry times Optional The default is 5 Configure the tunnel setup retry interval mpls te timer ret...

Page 84: ...ure MPLS TE basic capabilities z Configure MPLS TE tunnels 1 9 2 Configuration Procedures Configuring traffic forwarding involves these tasks z Forwarding traffic along MPLS TE tunnels using static routes z Forwarding traffic along MPLS TE tunnels through automatic route advertisement I Forwarding traffic along MPLS TE tunnels using static routes Follow these steps to create static routes for rout...

Page 85: ...faces as outgoing interfaces are advertised to neighboring devices but not in the IGP shortcut approach Therefore TE tunnels are visible to other devices in the forwarding adjacency approach but not in the IGP shortcut approach You may assign a metric either absolute or relative to TE tunnels for the purpose of path calculation in either approach If it is absolute the metric is directly used for p...

Page 86: ...hese steps to configure forwarding adjacency To do Use command to Remarks Enter system view system view Enter MPLS TE tunnel interface view interface tunnel tunnel number Enable IGP to advertise the route of the MPLS TE tunnel to IGP neighbors mpls te igp advertise hold time value Required Routes of MPLS TE tunnels are not advertised to IGP neighbors by default Assign a metric to the MPLS TE tunne...

Page 87: ...removes or modifies the link before the timer expires CSPF will update information about the link in TEDB and stops the timer If IGP does not remove or modify the link before the timer expires the state of the link in TEDB will change to up Follow these steps to configure failed link timer To do Use command to Remarks Enter system view system view Enter MPLS view mpls Configure the CSPF failed lin...

Page 88: ... metric This TE metric or the IGP metric of the link is used for routing MPLS TE tunnels depending on which metric type is specified Follow these steps to configure the link metric used for routing a tunnel To do Use command to Remarks Enter system view system view Enter MPLS view mpls Configure the link metric type used for routing TE tunnels without metric type mpls te path metric type igp te Op...

Page 89: ...ic flow type of a tunnel Follow these steps to configure the traffic flow type of a tunnel To do Use command to Remarks Enter system view system view Enter MPLS TE tunnel interface view interface tunnel tunnel number Configure the traffic flow type of the TE tunnel mpls te vpn binding acl acl number vpn instance vpn instance name Optional Traffic flow types of TE tunnels are not restricted by defa...

Page 90: ... protect primary tunnels As bypass tunnels are pre established they require extra bandwidth and are usually used to protect crucial interfaces or links only A bypass LSP can protect more than one physical interface other than its own outgoing interface An interface can be protected by more than one bypass LSP The number of bypass LSPs depends on the size of the system memory You can define which t...

Page 91: ...on the headend of a primary LSP To do Use command to Remarks Enter system view system view Enter tunnel interface view of the primary LSP interface tunnel tunnel number Enable FRR mpls te fast reroute Required Disabled by default Submit current tunnel configuration mpls te commit Required II Configuring a bypass tunnel on its PLR After a tunnel is specified to protect an interface its correspondin...

Page 92: ...of the bypass tunnel interface tunnel tunnel number Specify the destination of the bypass tunnel destination ip address Required z To configure node protection specify the LSR ID of the next hop of the PLR s next hop as the destination z To configure link protection specify the LSR ID of the PLR s next hop as the destination Configure the bandwidth and type of LSP that the bypass tunnel can protec...

Page 93: ...iew Enter MPLS view mpls Enable RSVP hello extension on current node mpls rsvp te hello Required Disabled by default Exit to system view quit Enter the view of the interface directly connected to the protected node or PLR interface interface type interface number Enable RSVP hello extension on the interface mpls rsvp te hello Required Disabled by default Note RSVP hello extension is configured to ...

Page 94: ...le in any view Display RSVP TE configuration display mpls rsvp te interface interface type interface number begin include exclude regular expression Available in any view Display global or interface RSVP TE information display mpls rsvp te established interface interface type interface number begin include exclude regular expression Available in any view Display RSVP TE neighbors display mpls rsvp...

Page 95: ...nterface ip address network lsa node mpls lsr id begin include exclude regular expression Available in any view Display information about the CR LSPs carried on the specified or all links display mpls te link administration admission control interface interface type interface number Available in any view Display bandwidths allocated to the specified or all MPLS TE enabled interfaces display mpls t...

Page 96: ...evel 1 level 1 2 level 2 verbose process id vpn instance vpn instance name Available in any view Display information about TE networks for IS IS display isis traffic eng network level 1 level 1 2 level 2 process id vpn instance vpn instance name Available in any view Display statistics about TE for IS IS display isis traffic eng statistics process id vpn instance vpn instance name Available in any...

Page 97: ...tise host routes with LSR IDs as destinations Configure Switch A SwitchA system view SwitchA isis 1 SwitchA isis 1 network entity 00 0005 0000 0000 0001 00 SwitchA isis 1 quit SwitchA interface Vlan interface 1 SwitchA Vlan interface1 isis enable 1 SwitchA Vlan interface1 quit SwitchA interface loopback 1 SwitchA LoopBack1 isis enable 1 SwitchA LoopBack1 quit Configure Switch B SwitchB system view...

Page 98: ...s learnt the host routes of other nodes with LSR IDs as destinations Take Switch A for example SwitchA display ip routing table Routing Tables Public Destinations 8 Routes 8 Destination Mask Proto Pre Cost NextHop Interface 1 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 2 1 1 0 24 Direct 0 0 2 1 1 1 Vlan1 2 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 2 2 2 2 32 ISIS 15 10 2 1 1 2 Vlan1 3 2 1 0 24 ISIS 15 20 2 ...

Page 99: ...4 Configure an MPLS TE tunnel Configure an MPLS TE tunnel on Switch A SwitchA interface Tunnel 3 0 0 SwitchA Tunnel3 0 0 ip address 6 1 1 1 255 255 255 0 SwitchA Tunnel3 0 0 tunnel protocol mpls te SwitchA Tunnel3 0 0 destination 3 3 3 3 SwitchA Tunnel3 0 0 mpls te signal protocol static SwitchA Tunnel3 0 0 mpls te commit SwitchA Tunnel3 0 0 quit 5 Create a static CR LSP Configure Switch A as the ...

Page 100: ... seconds output 0 bytes sec 0 packets sec 0 packets input 0 bytes 0 input error 0 packets output 0 bytes 0 output error Perform the display mpls te tunnel command on each switch to verify information about the MPLS TE tunnel SwitchA display mpls te tunnel LSP Id Destination In Out If Name 1 1 1 1 1 3 3 3 3 Vlan1 Tunnel3 0 0 SwitchB display mpls te tunnel LSP Id Destination In Out If Name Vlan1 Vla...

Page 101: ...c cr lsp Name FEC I O Label I O If Stat Tunnel3 0 0 30 NULL Vlan2 Up On an MPLS TE tunnel configured using a static CR LSP traffic is forwarded directly based on label at the transit nodes and egress node Therefore it is normal that the FEC field in the sample output is empty on Switch B and Switch C 1 14 2 MPLS TE Using RSVP TE Configuration Example I Network requirements z Switch A Switch B Swit...

Page 102: ...24 Figure 1 7 Set up MPLS TE tunnels using RSVP TE III Configuration procedure 1 Assign IP addresses and masks to interfaces see Figure 1 7 Omitted 2 Enable IS IS to advertise host routes with LSR IDs as destinations Configure Switch A SwitchA system view SwitchA isis 1 SwitchA isis 1 network entity 00 0005 0000 0000 0001 00 SwitchA isis 1 quit SwitchA interface vlan interface 1 SwitchA Vlan inter...

Page 103: ...SwitchC isis 1 quit SwitchC interface vlan interface 3 SwitchC Vlan interface3 isis enable 1 SwitchC Vlan interface3 isis circuit level level 2 SwitchC Vlan interface3 quit SwitchC interface vlan interface 2 SwitchC Vlan interface2 isis enable 1 SwitchC Vlan interface2 isis circuit level level 2 SwitchC Vlan interface2 quit SwitchC interface loopback 1 SwitchC LoopBack1 isis enable 1 SwitchC LoopB...

Page 104: ...1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 20 1 1 0 24 ISIS 15 20 10 1 1 2 Vlan1 30 1 1 0 24 ISIS 15 30 10 1 1 2 Vlan1 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 3 Configure MPLS TE basic capabilities and enable RSVP TE and CSPF Configure Switch A SwitchA mpls lsr id 1 1 1 9 SwitchA mpls SwitchA mpls mpls te SwitchA mpls mpls rsvp te SwitchA mpls mpls te cspf Swi...

Page 105: ...C Vlan interface3 mpls SwitchC Vlan interface3 mpls te SwitchC Vlan interface3 mpls rsvp te SwitchC Vlan interface3 quit SwitchC interface vlan interface 2 SwitchC Vlan interface2 mpls SwitchC Vlan interface2 mpls te SwitchC Vlan interface2 mpls rsvp te SwitchC Vlan interface2 quit Configure Switch D SwitchD mpls lsr id 4 4 4 9 SwitchD mpls SwitchD mpls mpls te SwitchD mpls mpls rsvp te SwitchD mp...

Page 106: ...ce1 mpls te max reservable bandwidth 50 SwitchA Vlan interface1 quit Configure maximum link bandwidth and maximum reservable bandwidth on Switch B SwitchB interface vlan interface 1 SwitchB Vlan interface1 mpls te max link bandwidth 100 SwitchB Vlan interface1 mpls te max reservable bandwidth 50 SwitchB Vlan interface1 quit SwitchB interface vlan interface 2 SwitchB Vlan interface2 mpls te max lin...

Page 107: ...nnel3 0 1 quit 7 Verify the configuration Perform the display interface tunnel command on Switch A You can find that the tunnel interface is up SwitchA display interface tunnel Tunnel3 0 1 current state UP Line protocol current state UP Description Tunnel3 0 1 Interface The Maximum Transmit Unit is 1500 Internet Address is 7 1 1 1 24 Primary Encapsulation is TUNNEL aggregation ID not set Tunnel so...

Page 108: ...pBW Flag Not Supported BackUpBW Type BackUpBW Route Pinning Disabled Retry Limit 5 Retry Interval 10 sec Reopt Disabled Reopt Freq Back Up Type None Back Up LSPID Auto BW Disabled Auto BW Freq Min BW Max BW Current Collected BW Interfaces Protected VPN Bind Type NONE VPN Bind Value Car Policy Disabled Perform the display mpls te cspf tedb all command on Switch A to view information about links in ...

Page 109: ... 24 Vlan int4 30 1 1 1 24 Vlan int3 40 1 1 1 24 Switch B Loopback1 2 2 2 9 32 Switch C Loopback1 3 3 3 9 32 Vlan int1 10 1 1 2 24 Vlan int2 20 1 1 2 24 Vlan int2 20 1 1 1 24 Vlan int3 40 1 1 2 24 Figure 1 8 CR LSP backup III Configuration procedure 1 Assign IP addresses and masks to interfaces see Figure 1 8 Omitted 2 Configure the IGP protocol Enable IS IS to advertise host routes with LSR IDs as...

Page 110: ...imary LSP SwitchA interface Tunnel 3 0 1 SwitchA Tunnel3 0 1 ip address 7 1 1 1 255 255 255 0 SwitchA Tunnel3 0 1 tunnel protocol mpls te SwitchA Tunnel3 0 1 destination 3 3 3 9 Enable hot LSP backup SwitchA Tunnel3 0 1 mpls te backup hot standby SwitchA Tunnel3 0 1 mpls te commit SwitchA Tunnel3 0 1 quit Perform the display interface tunnel command on Switch A You can find that Tunnel 3 0 1 is up...

Page 111: ...y mpls te tunnel path command on Switch A to identify the paths that the two tunnels traverse SwitchA display mpls te tunnel path Tunnel Interface Name Tunnel3 0 1 Lsp ID 1 1 1 9 1024 Hop Information Hop 0 10 1 1 1 Hop 1 10 1 1 2 Hop 2 2 2 2 9 Hop 3 20 1 1 1 Hop 4 20 1 1 2 Hop 5 3 3 3 9 Tunnel Interface Name Tunnel3 0 1 Lsp ID 1 1 1 9 2048 Hop Information Hop 0 30 1 1 1 Hop 1 30 1 1 2 Hop 2 4 4 4 ...

Page 112: ...9 vlan2 Tunnel3 0 1 Note Configuring ordinary CR LSP backup is almost the same as configuring hot CR LSP backup except that you need to replace the mpls te backup hot standby command with the mpls te backup ordinary command Unlike in hot CR LSP backup where a secondary tunnel is created immediately upon creation of a primary tunnel in ordinary CR LSP backup a secondary CR LSP is created only after...

Page 113: ... 4 4 4 32 Vlan int5 3 3 1 2 24 Vlan int3 4 1 1 2 24 Figure 1 9 Link protection using the FRR approach III Configuration procedure 1 Assign IP addresses and masks to interfaces see Figure 1 9 Omitted 2 Configure the IGP protocol Enable IS IS to advertise host routes with LSR IDs as destinations on each node Omitted Perform the display ip routing table command on each switch You should see that all ...

Page 114: ... 1 SwitchA Vlan interface1 mpls SwitchA Vlan interface1 mpls te SwitchA Vlan interface1 mpls rsvp te SwitchA Vlan interface1 quit Configure Switch B SwitchB mpls lsr id 2 2 2 2 SwitchB mpls SwitchB mpls mpls te SwitchB mpls mpls rsvp te SwitchB mpls quit SwitchB interface Vlan interface 1 SwitchB Vlan interface1 mpls SwitchB Vlan interface1 mpls te SwitchB Vlan interface1 mpls rsvp te SwitchB Vlan...

Page 115: ...hA Tunnel3 0 4 tunnel protocol mpls te SwitchA Tunnel3 0 4 destination 4 4 4 4 SwitchA Tunnel3 0 4 mpls te path explicit path pri path Enable FRR SwitchA Tunnel3 0 4 mpls te fast reroute SwitchA Tunnel3 0 4 mpls te commit SwitchA Tunnel3 0 4 quit Perform the display interface tunnel command on Switch A You can find that Tunnel 3 0 4 is up SwitchA display interface tunnel Tunnel3 0 4 current state ...

Page 116: ... Priority 7 Hold Priority 7 Affinity Prop Mask 0 0 Explicit Path Name pri path Tie Breaking Policy None Metric Type None Loop Detection Disabled Record Route Enabled Record Label Enabled FRR Flag Enabled BackUpBW Flag Not Supported BackUpBW Type BackUpBW Route Pinning Disabled Retry Limit 5 Retry Interval 10 sec Reopt Disabled Reopt Freq Back Up Type None Back Up LSPID Auto BW Disabled Auto BW Fre...

Page 117: ...itchB interface Vlan interface 2 SwitchB Vlan interface2 mpls te fast reroute bypass tunnel tunnel 3 0 5 SwitchB Vlan interface2 quit Perform the display interface tunnel command on Switch B You can find that Tunnel 3 0 5 is up Perform the display mpls lsp command on each switch You can find that two LSPs are traversing Switch B and Switch C SwitchA display mpls lsp LSP Information RSVP LSP FEC In...

Page 118: ... Destination In Out If Name 1 1 1 1 1 4 4 4 4 Vlan1 Vlan2 Tunnel3 0 4 2 2 2 2 1 3 3 3 3 Vlan4 Tunnel3 0 5 SwitchC display mpls te tunnel LSP Id Destination In Out If Name 1 1 1 1 1 4 4 4 4 Vlan2 Vlan3 Tunnel3 0 4 2 2 2 2 1 3 3 3 3 Vlan5 Tunnel3 0 5 SwitchD display mpls te tunnel LSP Id Destination In Out If Name 1 1 1 1 1 4 4 4 4 Vlan3 Tunnel3 0 4 SwitchE display mpls te tunnel LSP Id Destination ...

Page 119: ...002 LsrType Ingress Bypass In Use Not Exists BypassTunnel Tunnel Index Mpls Mtu 1500 6 Verify the FRR function Shut down the protected outgoing interface on PLR SwitchB interface vlan interface 2 SwitchB Vlan interface2 shutdown Mar 28 21 07 46 623 2007 SwitchB IFNET 4 LINK UPDOWN Vlan interface2 link status is DOWN Mar 28 21 07 46 735 2007 SwitchB IFNET 4 UPDOWN Line protocol on the interface Vla...

Page 120: ...cy None Metric Type None Loop Detection Disabled Record Route Enabled Record Label Enabled FRR Flag Enabled BackUpBW Flag Not Supported BackUpBW Type BackUpBW Route Pinning Disabled Retry Limit 5 Retry Interval 10 sec Reopt Disabled Reopt Freq Back Up Type None Back Up LSPID Auto BW Disabled Auto BW Freq Min BW Max BW Current Collected BW Interfaces Protected VPN Bind Type NONE VPN Bind Value Car ...

Page 121: ...ck Up LSPID Auto BW Disabled Auto BW Freq Min BW Max BW Current Collected BW Interfaces Protected VPN Bind Type NONE VPN Bind Value Car Policy Disabled Note If you perform the display mpls te tunnel interface command immediately after an FRR protection switch you are likely to see two CR LSPs in up state This is normal because the make before break mechanism of FRR introduces a delay before removi...

Page 122: ...nterface4 LspIndex 4098 Token 22002 LsrType Ingress Bypass In Use Not Exists BypassTunnel Tunnel Index Mpls Mtu 1500 Set the FRR polling timer to five seconds on PLR SwitchB mpls SwitchB mpls mpls te timer fast reroute 5 SwitchB mpls quit Bring the protected outgoing interface up on PLR SwitchB interface vlan interface 2 SwitchB Vlan interface2 undo shutdown Mar 28 21 09 06 860 2007 SwitchB IFNET ...

Page 123: ...IGP protocol running on the MPLS backbone is OSPF Do the following z Set up an MPLS TE tunnel to forward the VPN traffic from PE 1 to PE 2 z To allow the MPLS L3VPN traffic to travel the TE tunnel configure a tunneling policy to use a CR LSP as the VPN tunnel when creating the VPN II Network diagram Figure 1 10 MPLS TE application in VPN III Configuration procedure 1 Configure OSPF ensuring that P...

Page 124: ...he PEs should be able to establish the OSPF neighborship Perform the display ospf peer command you should see that the neighborship state is FULL Perform the display ip routing table command you should see that the PEs learnt the routes to the loopback interfaces of each other Take PE 1 for example PE1 display ospf peer OSPF Process 1 with Router ID 2 2 2 2 Neighbor Brief Information Area 0 0 0 0 ...

Page 125: ... mpls ldp PE2 mpls ldp quit PE2 interface vlan interface 2 PE2 Vlan interface2 mpls PE2 Vlan interface2 mpls ldp PE2 Vlan interface2 quit After you complete the configuration PEs should be able to set up LDP sessions Perform the display mpls ldp session command you should see that the session state is operational Take PE 1 for example PE1 display mpls ldp session LDP Session s in Public Network To...

Page 126: ...ability enable PE2 ospf 1 area 0 PE2 ospf 1 area 0 0 0 0 mpls te enable PE2 ospf 1 area 0 0 0 0 quit PE2 ospf 1 quit 4 Configure an MPLS TE tunnel Create a TE tunnel with PE 1 as the headend and PE 2 as the tail The signaling protocol is RSVP TE PE1 interface tunnel 3 0 6 PE1 Tunnel3 0 6 ip address 12 1 1 1 255 255 255 0 PE1 Tunnel3 0 6 tunnel protocol mpls te PE1 Tunnel3 0 6 destination 3 3 3 3 P...

Page 127: ...55 255 255 0 PE1 Vlan interface1 quit Configure on CE 2 CE2 interface vlan interface 3 CE2 Vlan interface3 ip address 192 168 2 2 255 255 255 0 CE2 Vlan interface3 quit Configure the VPN instance on PE 2 and bind it with the interface connected to CE 2 PE2 ip vpn instance vpn1 PE2 vpn instance vpn1 route distinguisher 100 2 PE2 vpn instance vpn1 vpn target 100 1 both PE2 vpn instance vpn1 quit PE2...

Page 128: ...ansmitted 5 packet s received 0 00 packet loss round trip min avg max 26 30 47 ms The sample output shows that PE 1 can reach CE 1 6 Configure BGP Configure CE 1 CE1 bgp 65001 CE1 bgp peer 192 168 1 1 as number 100 CE1 bgp quit Configure PE 1 to establish the EBGP peer relationship with CE 1 and the IBGP peer relationship with PE 2 PE1 bgp 100 PE1 bgp ipv4 family vpn instance vpn1 PE1 bgp vpn1 pee...

Page 129: ...eers 1 Peers in established state 1 Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up Down State 3 3 3 3 4 100 3 3 0 0 00 00 11 Established PE1 bgp display bgp vpnv4 vpn instance vpn1 peer BGP local router ID 2 2 2 2 Local AS number 100 Total number of peers 1 Peers in established state 1 Peer V AS MsgRcvd MsgSent OutQ PrefRcv Up Down State 192 168 1 2 4 65001 4 5 0 0 00 02 13 Established Ping CE 2 on CE ...

Page 130: ...ted 5 packet s received 0 00 packet loss round trip min avg max 35 48 74 ms The sample output shows that CE 1 and CE 2 can reach each other 7 Verify the configuration Perform the display mpls lsp verbose command on PE 1 You can find an LSP with LspIndex 2050 This is the LSP that is the MPLS TE tunnel established using RSVP TE PE1 display mpls lsp verbose LSP Information RSVP LSP No 1 IngressLsrID ...

Page 131: ...abel Operation POP LSP Information LDP LSP No 3 VrfIndex Fec 2 2 2 2 32 Nexthop 127 0 0 1 In Label 3 Out Label NULL In Interface Vlan interface2 Out Interface LspIndex 10241 Token 0 LsrType Egress Outgoing token 0 Label Operation POP No 4 VrfIndex Fec 3 3 3 3 32 Nexthop 10 0 0 2 In Label NULL Out Label 3 In Interface Out Interface Vlan interface2 LspIndex 10242 Token 22000 LsrType Ingress Outgoing...

Page 132: ...Analysis For TE LSAs to be generated at least one OSPF neighbor must reach the FULL state Solution 1 Perform the display current configuration command to check that MPLS TE is configured on involved interfaces 2 Perform the debugging ospf mpls te command to observe whether OSPF can receive the TE LINK establishment message 3 Perform the display ospf peer command to check that OSPF neighbors are es...

Page 133: ...1 9 1 5 Configuring Remote LDP Sessions 1 9 1 6 Configuring BGP Extensions 1 9 1 7 Configuring MPLS L2VPN 1 10 1 8 Configuring a VPLS Instance 1 10 1 8 1 Configuring an LDP VPLS Instance 1 10 1 8 2 Configuring a BGP VPLS Instance 1 11 1 9 Setting the Access Mode and Binding the VPLS Instance 1 12 1 10 Configuring VPLS Attributes 1 13 1 11 Displaying and Maintaining VPLS 1 14 1 12 VPLS Configuratio...

Page 134: ... card You can distinguish the name suffix of a card by the silk screen on top right of the card s front panel For example the silk screen of the LSB1P4G8CA0 card is P4G8CA with suffix CA When configuring VPLS go to these sections for information you are interested in z VPLS Overview z Configuration Task List z Displaying and Maintaining VPLS z VPLS Configuration Example z Troubleshooting VPLS 1 1 ...

Page 135: ...orks z VSI Virtual switch instance that maps actual VPLS access links to virtual links z PW Pseudo wire that is the bidirectional virtual connection between VSIs A PW consists of two unidirectional MPLS virtual circuits VCs z AC Attachment circuit that connects the CE to the PE It can use physical interfaces or virtual interfaces Usually all user packets on an AC including Layer 2 and Layer 3 prot...

Page 136: ...re are two PW signaling protocols LDP and BGP z QoS Quality of service QoS is implemented by mapping the preference information in the packet header to the QoS preference information transferred on the public network Figure 1 1 shows a typical VPLS networking scenario Figure 1 1 Network diagram for VPLS II MAC address learning and flooding VPLS provides reachability information by learning MAC add...

Page 137: ...ccording to the specified parameters in the TLV If NULL is specified the device removes all MAC addresses of the VSI except for those learned from the PW that received the address reclaim message The address reclaim message is very useful when the network topology changes and it is required to remove the learned MAC addresses quickly There are two types of address reclaim messages those with MAC a...

Page 138: ... because all the PEs of a VSI instance are directly connected In other words packets from PWs on the public network side cannot be forwarded to other PWs they can only be forwarded to the private network side IV Peer PE discovery and PW signaling protocol z For PE devices in the same VSI you can configure the remote PE addresses manually or using an automatic discovery mechanism Currently LDP and ...

Page 139: ...adds the service delimiter into the packet depends on your configuration However rewriting and removing of any existing tags are not allowed z In tagged mode any packet to the PW must carry P TAG For a packet from a CE if it contains the service delimiter the system directly adds two levels of MPLS labels into the packet and sends the packet out Otherwise the system adds a null tag together with t...

Page 140: ... label and based on the destination MAC address of the packet tags the packet with the multiplex distinguishing flag for N PW and forwards the packet z Upon receiving the packet from N PW NPE 1 tags the packet with the multiplex distinguishing flag for U PW and sends the packet to UPE which forwards the packet to the CE For packets to be exchanged between CE 1 and CE 2 UPE can forward them directl...

Page 141: ...he destination MAC address of the packet labels the packet with the VLAN tag Then it forwards the packet through the QinQ tunnel to MTU which forwards the packet to the CE For packets to be exchanged between CE 1 and CE 2 MTU can forward them directly without PE 1 because it holds the bridging function by itself For the first data packet with an unknown destination MAC address or a broadcast packe...

Page 142: ... Configuration in MPLS Volume 1 6 Configuring BGP Extensions In Kompella mode VSI uses extended BGP as the signaling protocol to distribute VC labels Therefore you need to configure BGP parameters on the PEs For configuration information refer to BGP Configuration in IP Routing Volume I Configuration prerequisites Before configuring BGP extensions complete these tasks z Configuring IGP on the PEs ...

Page 143: ...bone z Configuring MPLS basic capability for the MPLS backbone on the PEs and P devices z Configuring MPLS L2VPN II Configuration procedure When creating an LDP VPLS instance you must specify a globally unique name for the VPLS instance and set the peer discovery mechanism to manual configuration In L2VPN implementation the Martini mode uses extended LDP remote LDP sessions as the signaling for tr...

Page 144: ...VSI view vsi vsi name static Required Specify LDP as the PW signaling protocol and enter VSI LDP view pwsignal ldp Required Specify an ID for the VPLS instance vsi id vsi id Required Create a peer PE for the VPLS instance peer ip address negotiation vc id pw id tnl policy tunnel policy name upe dual npe trans mode raw tagged Required 1 8 2 Configuring a BGP VPLS Instance I Configuration prerequisi...

Page 145: ... vpn target vpn target 1 16 both import extcommunity export extcommunity Required Create a site for the VPLS instance site site id range site range default offset 0 1 Required 1 9 Setting the Access Mode and Binding the VPLS Instance I Configuration prerequisites z Configuring the VPLS instance VSI z Configuring basic VLAN interface parameters For configuration information refer to VLAN Configurat...

Page 146: ...l and you have to remove both of them before reconfiguration 1 10 Configuring VPLS Attributes Follow these steps to configure VPLS attributes To do Use the command Remarks Enter system view system view Enter VSI view vsi vsi name Set the speed limit of the VPLS instance bandwidth vpn speed Optional 102400 kbps by default Set the broadcast suppression percentage of the VPLS instance broadcast restr...

Page 147: ...vpls all group group name peer ip address verbose route distinguisher route distinguisher site id site id label offset label offset Available in any view Display the MAC address table information of one or all VPLS instances display mac address vsi vsi name dynamic count Available in any view Display information about VPLS connections display vpls connection bgp ldp vsi vsi name block down up verb...

Page 148: ...ly access the PE devices through ports Ethernet 4 1 2 which belong to VLAN 100 on the PE devices z The PEs are connected through Ethernet 4 1 1 which belongs to VLAN 10 z VPLS instance aaa uses LDP that is the Martini mode while bbb uses BGP that is the Kompella mode The AS number is 100 II Network diagram Figure 1 5 Network diagram for configuring VPLS instances III Configuration procedure 1 Conf...

Page 149: ... interface10 ip address 10 10 10 10 24 Configure MPLS basic capability on the VLAN interface PE1 Vlan interface10 mpls PE1 Vlan interface10 mpls ldp PE1 Vlan interface10 quit Configure BGP extension PE1 bgp 100 PE1 bgp peer 2 2 2 9 as number 100 PE1 bgp peer 2 2 2 9 connection interface loopback 0 PE1 bgp vpls family PE1 bgp af vpls peer 2 2 2 9 enable PE1 bgp af vpls quit PE1 bgp quit Configure M...

Page 150: ...uit Create VLAN 100 and VLAN interface 100 Bind VPLS instance aaa or bbb to the interface PE1 vlan 100 PE1 Vlan 100 port Ethernet 4 1 2 PE1 Vlan 100 interface Vlan interface 100 Bind VPLS instance aaa to VLAN interface 100 PE1 Vlan interface100 l2 binding vsi aaa Bind VPLS instance bbb to VLAN interface 100 PE1 Vlan interface100 l2 binding vsi bbb PE1 Vlan interface100 quit 2 Configure PE 2 Config...

Page 151: ...PE2 bgp 100 PE2 bgp peer 1 1 1 9 as number 100 PE2 bgp peer 1 1 1 9 connection interface loopback 0 PE2 bgp vpls family PE2 bgp af vpls peer 1 1 1 9 enable PE2 bgp af vpls quit PE2 bgp quit Configure MPLS L2VPN PE2 mpls l2vpn Configure the basic attributes of VPLS instance aaa which uses LDP PE2 vsi aaa static PE2 vsi aaa pwsignal ldp PE2 vsi aaa ldp vsi id 500 PE2 vsi aaa ldp peer 1 1 1 9 PE2 vsi...

Page 152: ...can execute the display vpls connection command on the PEs There should be a PW connection established which is in the up state 1 12 2 Configuration Example for H VPLS Using LSP I Network requirements z A PW connection U PW is set between UPE and NPE 1 and between UPE and NPE 2 respectively for backup purpose CE 1 and CE 2 access the network through UPE z A PW connection N PW is set between NPE 1 ...

Page 153: ...ing H VPLS using LSP III Configuration procedure 1 Configure the IGP protocol on the MPLS backbone which is OSPF in this example The configuration details are omitted here 2 Configure UPE Configure MPLS basic capability Sysname system view Sysname sysname UPE UPE mpls lsr id 60 4 4 4 UPE mpls UPE mpls quit UPE mpls ldp UPE mpls ldp quit Configure to redirect VPLS traffic to the virtual service por...

Page 154: ...igure MPLS L2VPN UPE mpls l2vpn Configure the basic attributes of VPLS instance aaa which uses LDP and configure the peer as the Dual NPE type UPE vsi aaa static UPE vsi aaa pwsignal ldp UPE vsi aaa ldp vsi id 500 UPE vsi aaa ldp peer 60 1 1 1 dual npe UPE vsi aaa ldp peer 60 2 2 2 dual npe UPE vsi aaa ldp quit UPE vsi aaa quit Bind VPLS instance aaa to the MPLS VPLS virtual service interface UPE ...

Page 155: ...NPE1 vlan10 quit NPE1 interface Vlan interface 10 NPE1 Vlan interface10 ip address 60 41 41 1 24 NPE1 Vlan interface10 mpls NPE1 Vlan interface10 mpls ldp NPE1 Vlan interface10 quit Configure MPLS basic capability on the interface connected with NPE 2 NPE1 vlan 50 NPE1 vlan50 port Ethernet 4 1 5 NPE1 vlan50 quit NPE1 interface Vlan interface 50 NPE1 Vlan interface50 ip address 60 15 15 1 24 NPE1 V...

Page 156: ...VPLS0 0 2 quit 4 Configure NPE 2 Configure MPLS basic capability Sysname system view Sysname sysname NPE2 NPE2 mpls lsr id 60 2 2 2 NPE2 mpls NPE2 mpls quit NPE2 mpls ldp NPE2 mpls ldp quit Configure to redirect VPLS traffic to the virtual service port that corresponds to the L3 card NPE2 interface MPLS VPLS 0 0 2 NPE2 MPLS VPLS0 0 2 l2vpn vpls service binding service id 1 NPE2 MPLS VPLS0 0 2 quit...

Page 157: ... 24 NPE2 Vlan interface40 mpls NPE2 Vlan interface40 mpls ldp NPE2 Vlan interface40 quit Configure MPLS L2VPN NPE2 mpls l2vpn Configure the basic attributes of VPLS instance aaa which uses LDP NPE2 vsi aaa static NPE2 vsi aaa pwsignal ldp NPE2 vsi aaa ldp vsi id 500 NPE2 vsi aaa ldp peer 60 4 4 4 upe NPE2 vsi aaa ldp peer 60 3 3 3 NPE2 vsi aaa ldp peer 60 1 1 1 NPE2 vsi aaa ldp quit NPE2 vsi aaa q...

Page 158: ...Configure MPLS basic capability on the interface connected with NPE 2 PE vlan 40 PE vlan40 port Ethernet 4 1 4 PE vlan40 quit PE interface Vlan interface 40 PE Vlan interface40 ip address 60 14 14 3 24 PE Vlan interface40 mpls PE Vlan interface40 mpls ldp PE Vlan interface40 quit Configure MPLS L2VPN PE mpls l2vpn Configure the basic attributes of VPLS instance aaa which uses LDP PE vsi aaa static...

Page 159: ...roubleshooting VPLS Symptom The VPLS link PW is not up Analysis z The public network LSP tunnel is not established z The extended session is not working normally z A private VLAN virtual interface is not bound with the corresponding VPLS instance and is not up z The MTU parameters of the VPLS instances in LDP mode on the two peers are not consistent z If the VLAN interface is not up the PW is not ...

Page 160: ...ing Martini MPLS L2VPN 1 10 1 5 1 Configuration Prerequisites 1 11 1 5 2 Configuration Procedure 1 11 1 6 Configuring Kompella MPLS L2VPN 1 12 1 6 1 Configuration Prerequisites 1 12 1 6 2 Configuration Procedure 1 12 1 7 Displaying and Maintaining MPLS L2VPN 1 15 1 7 1 Displaying the Operation of MPLS L2VPN 1 15 1 7 2 Resetting BGP L2VPN Connections 1 16 1 8 MPLS L2VPN Configuration Example 1 16 1...

Page 161: ...ing MPLS z For the S9500 series only the interface boards with the suffixes C CA or CB and VPLS service processor cards support the MPLS function To enable MPLS on the S9500 series you need to use the interface cards that support MPLS or VPLS service processor cards The suffix of a board can be identified through the silkscreen on the upper right corner of the front panel of the card For example t...

Page 162: ...deployment To add a site to an existing VPN you have to modify the configurations of all edge nodes connected with the VPN site MPLS L2VPN is developed as a solution to address the above disadvantages II MPLS L2VPN MPLS L2VPN provides Layer 2 VPN services on the MPLS network It allows carriers to establish L2VPNs on different data link layer protocols In addition the MPLS network provides traditio...

Page 163: ...LS L3VPN z Customer edge device CE A CE resides on a customer network and has one or more interfaces directly connected with service provider networks It can be a router a switch or a host It cannot sense the existence of any VPN neither does it need to support MPLS z Provider edge device PE A PE resides on a service provider network and directly connects one or more CEs to the network On an MPLS ...

Page 164: ... PPP links to implement MPLS L2VPN It uses label distribution protocol LDP as a signaling protocol to transfer VC labels The Kompella draft defines a CE to CE mode for implementing MPLS L2VPN on the MPLS network It uses extended BGP as the signaling protocol to advertise Layer 2 reachability information and VC labels In addition MPLS L2VPN can also be implemented by configuring VC labels staticall...

Page 165: ...om one PE to another Note You must configure for each remote CCC connection two LSPs one for inbound and the other for outbound on the P device along the remote connection 1 1 3 SVC MPLS L2VPN Static virtual circuit SVC also implements MPLS L2VPN by static configuration It transfers L2VPN information without using any signaling protocol The SVC method resembles the Martini method closely but does ...

Page 166: ... VPN For a connection to be established between two CEs you only need to perform these tasks on the PEs z Configuring CE IDs of the local and remote CEs respectively z Specifying the circuit ID that the local CE assigns to the connection such as the VPI VCI with ATM Kompella MPLS L2VPN uses extended BGP as the signaling protocol to distribute VC labels Its label block mode allows it to assign labe...

Page 167: ...ble MPLS L2VPN mpls l2vpn Required 1 3 Configuring CCC MPLS L2VPN Before configuring a CCC connection you need to configure the interface connected to the CE namely the CE interface For VLAN access however you do not need to configure any VC 1 3 1 Configuration Prerequisites Before configuring CCC L2VPN complete these tasks z Configuring IGP on the PEs and P devices to guarantee the IP connectivit...

Page 168: ...rface 1 3 2 Configuration Procedure I Configuring the local CCC connection Follow these steps to create a local CCC connection on a PE To do Use the command Remarks Enter system view system view Create a local CCC connection between two CEs connected to the same PE ccc ccc connection name interface interface type interface number out interface interface type interface number Required II Configurin...

Page 169: ...exthop next hop addr outgoing interface interface type interface number out label out label Required Caution z With CCC no static LSPs are required on the PEs but dedicated bidirectional static LSPs are required on all the P devices between the PEs for transmitting the data of the CCC connection z For static LSP configuration commands refer to MPLS Basics Commands in MPLS VPN Volume z Do not enabl...

Page 170: ...teps to configure SVC MPLS L2VPN on the PE To do Use the command Remarks Enter system view system view Enter interface view for the VLAN virtual interface connecting the CE interface interface type interface number Create an SVC MPLS L2VPN connection mpls static l2vc destination destination router id transmit vpn label transmit label value receive vpn label receive label value tunnel policy tunnel...

Page 171: ...the following data z Types and numbers of the interfaces connecting the CEs z L2VC destination address and VC ID z Tunneling policy 1 5 2 Configuration Procedure Follow these steps to configure Martini MPLS L2VPN on the PE To do Use the command Remarks Enter system view system view Enter interface view for the VLAN virtual interface connecting the CE interface interface type interface number Creat...

Page 172: ...ions of these two services to restore normal operation 1 6 Configuring Kompella MPLS L2VPN Kompella MPLS L2VPN uses extended BGP as the signaling protocol to transfer L2VPN information between PEs To create a Kompella local connection you only need to configure the VPN and CE connection on the PE Neither IGP nor BGP L2VPN capability is required 1 6 1 Configuration Prerequisites Before configuring ...

Page 173: ... target extended community attributes for the received routing information policy vpn target Optional Enabled by default Enable the specified peer or peers to exchange BGP routing information of the BGP L2VPN address family peer group name ip address enable Required II Configuring VPN Follow these steps to configure VPN To do Use the command Remarks Enter system view system view Create a VPN and e...

Page 174: ...N and enter MPLS L2VPN view mpls l2vpn vpn name encapsulation ethernet vlan Required Create a CE for a VPN and enter MPLS L2VPN CE view ce ce name id ce id range ce range default offset ce offset Required Create a Kompella connection connection ce offset id interface interface type interface number tunnel policy tunnel policy name Required Caution Do not enable VLL and MPLS on a VLAN interface of ...

Page 175: ...not reduce it to 5 The only way to reduce the CE range is to delete the CE and re create it When you increase the CE range for example from 10 to 20 the system does not release the original label block and then re apply for a new label block of the size of 20 Instead the system applies for a supplementary label block of the size of 10 This ensures that the existing services will not be interrupted...

Page 176: ...ion about PEs display mpls l2vpn vpn name vpn name local ce remote ce Available in any view Display the Route Target list of MPLS L2VPN display mpls l2vpn export route target list import route target list Available in any view Display MPLS L2VPN forwarding information display mpls l2vpn forwarding info vc label interface interface type interface number begin exclude include regular expression Avai...

Page 177: ...1 32 Figure 1 3 Network diagram for configuring a local CCC connection III Configuration procedure 1 Configure CE A Sysname system view Sysname sysname CEA CEA interface Vlan interface 1 CEA Vlan interface1 ip address 100 1 1 1 24 2 Configure the PE Configure the LSR ID and enable MPLS globally Sysname system view Sysname sysname PE PE interface loopback 0 PE LoopBack0 ip address 172 1 1 1 32 PE L...

Page 178: ...0 1 1 2 of CE B and CE B should be able to ping interface 100 1 1 1 of CE A Display CCC connection information on the PE PE display ccc Total ccc vc 1 Local ccc vc 1 1 up Remote ccc vc 0 0 up Name cea ceb Type local State up Intf1 vlan interface 1 up Intf2 Vlan interface 2 up On CE A ping interface 100 1 1 2 of CE B CEA ping 100 1 1 2 PING 100 1 1 2 56 data bytes press CTRL_C to break Reply from 1...

Page 179: ...e connection PE A PE B P Vlan int2 Vlan int1 Vlan int2 Vlan int1 Vlan int1 Vlan int2 Vlan int1 Vlan int1 Loop0 Loop0 Loop0 Device Interface IP address Device Interface IP address CE A Vlan int1 100 1 1 1 24 P Loop0 10 0 0 2 32 PE A Loop0 10 0 0 1 32 Vlan int2 10 2 2 2 24 Vlan int2 10 1 1 1 24 Vlan int1 10 1 1 2 24 CE B Vlan int1 100 1 1 2 24 PE B Loop0 10 0 0 3 32 Vlan int1 10 2 2 1 24 Figure 1 4 ...

Page 180: ...nnection from CE A to CE B using the interface connecting CE A as the incoming interface and that connecting the P device as the outgoing interface setting the incoming label to 100 and the outgoing label to 200 PEA ccc CEA CEB interface Vlan interface 1 in label 100 out label 200 next hop 10 1 1 2 3 Configure the P device Configure the LSR ID and enable MPLS globally Sysname system view Sysname s...

Page 181: ...thop 10 2 2 1 out label 201 Create a static LSP for forwarding packets from PE B to PE A P static lsp transit PEB_PEA incoming interface Vlan interface 2 in label 101 nexthop 10 1 1 1 out label 100 4 Configure PE B Configure the LSR ID and enable MPLS globally Sysname system view Sysname sysname PEB PEB interface Loopback 0 PEB LoopBack0 ip address 10 0 0 3 32 PEB LoopBack0 quit PEB mpls lsr id 10...

Page 182: ...he above configurations you can display CCC connection information on the PE There should be one remote CCC connection established CE A should be able to ping interface 100 1 1 2 of CE B and CE B should be able to ping interface 100 1 1 1 of CE A Display CCC connection information on the PE PE display ccc Total ccc vc 1 Local ccc vc 0 0 up Remote ccc vc 1 1 up Name cea ceb Type remote State up Int...

Page 183: ...Loop0 192 2 2 2 32 Vlan int1 10 2 2 2 24 Vlan int2 10 1 1 1 24 Vlan int2 10 1 1 2 24 CE B Vlan int1 100 1 1 2 24 PE B Loop0 192 3 3 3 32 Vlan int1 10 2 2 1 24 Figure 1 5 Network diagram for configuring SCV MPLS L2VPN III Configuration procedure The main steps are the following two z Configure MPLS basic forwarding capability on the PEs and P device This includes configuring the LSR ID enabling MPL...

Page 184: ... interface connected with the P device namely VLAN interface 2 and enable LDP on the interface PEA interface Vlan interface 2 PEA Vlan interface2 ip address 10 1 1 1 24 PEA Vlan interface2 mpls PEA Vlan interface2 mpls ldp PEA Vlan interface2 quit Configure OSPF on PE A for establishing LSPs PEA ospf PEA ospf 1 area 0 PEA ospf 1 area 0 0 0 0 network 10 1 1 1 0 0 0 255 PEA ospf 1 area 0 0 0 0 netwo...

Page 185: ... interface P interface vlan interface 2 P Vlan interface2 ip address 10 1 1 2 24 P Vlan interface2 mpls P Vlan interface2 mpls ldp P Vlan interface2 quit Configure the interface connected with PE B namely VLAN interface 1 and enable LDP on the interface P interface vlan interface 1 P Vlan interface1 ip address 10 2 2 2 24 P Vlan interface1 mpls P Vlan interface1 mpls ldp P Vlan interface1 quit Con...

Page 186: ...an interface1 ip address 10 2 2 1 24 PEB Vlan interface1 mpls PEB Vlan interface1 mpls ldp PEB Vlan interface1 quit Configure OSPF on PE B for establishing LSPs PEB ospf PEB ospf 1 area 0 PEB ospf 1 area 0 0 0 0 network 10 2 2 1 0 0 0 255 PEB ospf 1 area 0 0 0 0 network 192 3 3 3 0 0 0 0 PEB ospf 1 area 0 0 0 0 quit PEB ospf 1 quit On the interface connecting CE B namely VLAN interface 2 create an...

Page 187: ...ytes press CTRL_C to break Reply from 100 1 1 2 bytes 56 Sequence 1 ttl 255 time 150 ms Reply from 100 1 1 2 bytes 56 Sequence 2 ttl 255 time 130 ms Reply from 100 1 1 2 bytes 56 Sequence 3 ttl 255 time 130 ms Reply from 100 1 1 2 bytes 56 Sequence 4 ttl 255 time 140 ms Reply from 100 1 1 2 bytes 56 Sequence 5 ttl 255 time 80 ms 100 1 1 2 ping statistics 5 packet s transmitted 5 packet s received ...

Page 188: ... for configuring Martini MPLS L2VPN III Configuration procedure 1 Configure CE A Sysname system view Sysname sysname CEA CEA vlan 10 CEA vlan10 port Ethernet 4 1 2 CEA vlan10 quit CEA interface Vlan interface 10 CEA Vlan interface10 ip address 100 1 1 1 24 2 Configure PE A Sysname system view Sysname sysname PEA PEA interface Loopback 0 PEA LoopBack0 ip address 192 2 2 2 32 PEA LoopBack0 quit Conf...

Page 189: ...12 mpls ldp PEA Vlan interface12 quit Configure OSPF on PE A for establishing LSPs PEA ospf PEA ospf 1 area 0 PEA ospf 1 area 0 0 0 0 network 10 1 1 1 0 0 0 255 PEA ospf 1 area 0 0 0 0 network 192 2 2 2 0 0 0 0 PEA ospf 1 area 0 0 0 0 quit PEA ospf 1 quit On the interface connecting CE A namely VLAN interface 10 create a Martini MPLS L2VPN connection The interface requires no IP address PEA vlan 1...

Page 190: ...interface12 quit Configure the interface connected with PE B namely VLAN interface 23 and enable LDP on the interface P vlan 23 P vlan23 port Ethernet 4 1 1 P vlan23 quit P interface Vlan interface23 P Vlan interface23 ip address 10 2 2 2 24 P Vlan interface23 mpls P Vlan interface23 mpls ldp P Vlan interface23 quit Configure OSPF on the P device for establishing LSPs P ospf P ospf 1 area 0 P ospf...

Page 191: ...AN interface 23 and enable LDP on the interface PEB vlan 23 PEB vlan23 port Ethernet 4 1 1 PEB vlan23 quit PEB interface Vlan interface 23 PEB Vlan interface23 ip address 10 2 2 1 24 PEB Vlan interface23 mpls PEB Vlan interface23 mpls ldp PEB Vlan interface23 quit Configure OSPF on PE B for establishing LSPs PEB ospf PEB ospf 1 area 0 PEB ospf 1 area 0 0 0 0 network 10 2 2 1 0 0 0 255 PEB ospf 1 a...

Page 192: ...1 1 up 0 down Transport Client VC Local Remote Tunnel VC ID Intf State VC Label VC Label Policy 101 Vlan10 up 61441 61442 default Display L2VPN connection information on PE B PEB display mpls l2vc total ldp vc 1 1 up 0 down Transport Client VC Local Remote Tunnel VC ID Intf State VC Label VC Label Policy 101 Vlan10 up 61442 61441 default On CE A ping interface 100 1 1 2 of CE B CEA ping 100 1 1 2 ...

Page 193: ...net 4 1 2 is bound with VLAN 10 on CE B access end II Network diagram Device Interface IP address Device Interface IP address CE A Vlan int10 100 1 1 1 24 P Loop0 3 3 3 3 32 PE A Loop0 2 2 2 2 32 Vlan int12 10 1 1 2 24 Vlan int12 10 1 1 1 24 Vlan int23 10 2 2 2 24 CE B Vlan int10 100 1 1 2 24 PE B Loop0 4 4 4 4 32 Vlan int23 10 2 2 1 24 Figure 1 7 Network diagram for configuring Kompella MPLS L2VP...

Page 194: ...iew Sysname sysname PEB PEB mpls l2vpn PEB bgp 100 PEB bgp peer 2 2 2 2 as number 100 PEB bgp peer 2 2 2 2 connect interface loopback 0 PEB bgp l2vpn family PEB bgp af l2vpn peer 2 2 2 2 enable PEB bgp af l2vpn quit PEB bgp quit After completing the above configurations you can issue the display bgp l2vpn peer command on PE A and PE B to view the peer relationship established between the PEs The s...

Page 195: ... mpls l2vpn connection command on the PEs You should see that an L2VPN connection is established between the PEs and the connection is up CE A and CE B should be able to ping each other The following takes PE A as an example PEA display mpls l2vpn connection 1 total connections connections 1 up 0 down 0 local 1 remote 0 unknown VPN name vpn1 1 total connections connections 1 up 0 down 0 local 1 re...

Page 196: ...1 Configure the PE Configure MPLS basic capability The configuration steps are omitted Configure the L2VPN and the CE connection Sysname system view Sysname sysname PE PE mpls l2vpn PE mpls l2vpn vpn1 encapsulation vlan PE mpls l2vpn vpn1 route distinguisher 100 1 PE mpls l2vpn vpn1 vpn target 111 1 PE mpls l2vpn vpn1 ce ce1 id 1 PE mpls l2vpn ce vpn1 ce1 connection ce offset 2 interface vlan inte...

Page 197: ...1 Rid type status peer id route distinguisher intf 2 loc up Vlan100 CE name ce2 id 2 Rid type status peer id route distinguisher intf 1 loc up Vlan200 Display the VPN local connection information PE display mpls l2vpn vpn name vpn1 local ce ce name ce id range conn num LB ce1 1 10 1 61442 0 10 ce2 2 10 1 61452 0 10 On CE A ping interface 30 1 1 2 of CE B CEA ping 30 1 1 2 PING 30 1 1 2 56 data byt...

Page 198: ...l2vc command shows that the VC is down and the remote VC label is invalid Analysis The reason the VC is down may be that the PEs are configured with different encapsulation types Solution z Check whether the local PE and the peer PE are configured with the same encapsulation type If not the connection is destined to fail z Check whether the PEs are configured with the Remote argument and whether t...

Page 199: ...5 1 3 4 Configuring a Tunneling Policy of a VPN Instance 1 26 1 4 Configuring Basic MPLS L3VPN 1 27 1 4 1 Configuration Prerequisites 1 28 1 4 2 Configuring a VPN Instance 1 28 1 4 3 Configuring Route Advertisement between PE and CE 1 28 1 4 4 Configuring Route Advertisement Between PEs 1 33 1 4 5 Configuring Routing Features for BGP VPNv4 Subaddress Family 1 34 1 5 Configuring Inter Provider VPN ...

Page 200: ...ctions 1 47 1 10 2 Displaying and Maintaining MPLS L3VPN 1 48 1 11 MPLS L3VPN Configuration Example 1 50 1 11 1 Example for Configuring MPLS L3VPNs 1 50 1 11 2 Example for Configuring Inter Provider VPN Option A 1 59 1 11 3 Example for Configuring Inter Provider VPN Option B 1 64 1 11 4 Example for Configuring Inter Provider VPN Option C 1 70 1 11 5 Example for Configuring Carrier s Carrier 1 77 1...

Page 201: ...P and VPN refer to the relevant manuals or volumes z For an S9500 Series routing switch only line processor units LPUs with a suffix of C CA or CB and VPLS service processor cards SPCs support MPLS For S9500 Series routing switches to support MPLS VPN functions you need to equip them with MPLS capable LPUs or VPLS SPCs You can identify the suffix of an LPU by the silkscreen in the upper right corn...

Page 202: ... A PE resides on a service provider network and connects one or more CEs to the network On an MPLS network all VPN processing occurs on the PEs z Provider P device A P device is a backbone device on a service provider network It is not directly connected with any CE It only needs to be equipped with basic MPLS forwarding capability Figure 1 1 shows the MPLS L3VPN model VPN 1 CE Site 1 VPN 2 CE CE ...

Page 203: ...can belong to only one site Sites connected to the same provider network can be classified into different sets by policies Only the sites in the same set can access each other through the provider network Such a set is called a VPN II Address space overlapping Each VPN independently manages the addresses that it uses The assembly of such addresses for a VPN is called an address space The address s...

Page 204: ...A service provider can independently assign RDs provided the assigned RDs are unique Thus a PE can advertise different routes to VPNs even if the VPNs are from different service providers and are using the same IPv4 address space You are recommended to configure a distinct RD for each VPN instance on a PE guaranteeing that routes to the same CE use the same RD The VPN IPv4 address with an RD of 0 ...

Page 205: ...get attributes can be of two types of formats z 16 bit AS number 32 bit user defined number For example 100 1 z 32 bit IPv4 address 16 bit user defined number For example 172 1 1 1 1 VI MP BGP Multiprotocol extensions for BGP 4 MP BGP advertises VPN composition information and routes between PEs It is backward compatible and supports both traditional IPv4 address family and other address families ...

Page 206: ...ed along the LSPs to the remote PEs z Layer 2 labels Inner labels used for forwarding packets from the remote PEs to the CEs An inner label indicates to which site or more precisely to which CE the packet should be sent A PE finds the interface for forwarding a packet according to the inner label If two sites CEs belong to the same VPN and are connected to the same PE each of them only needs to kn...

Page 207: ...plest case all users in a VPN form a closed user group They can forward traffic to each other but cannot communicate with any user outside the VPN For this networking scheme the basic VPN networking scheme you need to assign a VPN target to each VPN for identifying the export target attribute and import target attribute of the VPN Moreover this VPN target cannot be used by any other VPNs Figure 1 ...

Page 208: ... export target attribute of the VPN instance for the latter to Hub Figure 1 5 Network diagram for hub and spoke networking scheme In Figure 1 5 the spoke sites communicate with each other through the hub site The arrows in the figure indicate the advertising path of routes from Site 2 to Site 1 z The hub PE can receive all the VPN IPv4 routes advertised by spoke PEs z All spoke PEs can receive the...

Page 209: ...municate with each other z PE 3 advertises neither the VPN IPv4 routes received from PE 1 to PE 2 nor the VPN IPv4 routes received from PE 2 to PE 1 that is routes learned from an IBGP neighbor will not be advertised to any other IBGP neighbor Therefore Site 1 of VPN 1 and Site 2 of VPN 2 cannot communicate with each other 1 1 5 MPLS L3VPN Routing Information Advertisement In basic MPLS L3VPN netw...

Page 210: ...d determines whether to add the routes to the routing table of the VPN instance PEs use IGP to ensure the connectivity between them III Routing information exchange from the egress PE to the remote CE A remote CE can learn VPN routes from the egress PE in a number of ways The routes can be static routes RIP routes OSPF routes IS IS routes or EBGP routes The exchange of routing information between ...

Page 211: ... MPLS on the CE of the Level 2 carrier Moreover The CE holds the VPN routes of the Level 2 carrier but it does not advertise the routes to the PE of the Level 1 carrier it only exchanges the routes with other PEs of the Level 2 carrier A Level 2 carrier can be an ordinary ISP or an MPLS L3VPN service provider When the Level 2 carrier is an ordinary ISP its PEs run IGP to communicate with the CEs r...

Page 212: ...ents three inter provider VPN solutions z VRF to VRF ASBRs manage VPN routes between them through VLAN interfaces This solution is also called inter provider VPN option A z EBGP advertisement of labeled VPN IPv4 routes ASBRs advertise labeled VPN IPv4 routes to each other through MP EBGP This solution is also called inter provider VPN option B z Multi hop EBGP advertisement of labeled VPN IPv4 rou...

Page 213: ...ve to manage all the VPN routes and create VPN instances on a per VPN basis This leads to excessive VPN IPv4 routes on the PEs Moreover the requirement to create a separate VLAN interface for each VPN also calls for higher performance of the PEs II Inter provider VPN option B In this kind of solution two ASBRs use MP EBGP to exchange labeled VPN IPv4 routes that they have obtained from the PEs in ...

Page 214: ...k nor with MP EBGP peers with whom it has not reached agreement on the route exchange III Inter provider VPN option C The above two kinds of solutions can satisfy the needs for inter provider VPNs However they require that the ASBRs maintain and advertise VPN IPv4 routes When every AS needs to exchange a great amount of VPN routes the ASBRs may become bottlenecks hindering network extension One wa...

Page 215: ...u can specify an RR in each AS making it maintain all VPN IPv4 routes and exchange VPN IPv4 routes with PEs in the AS The RRs in two ASs establish an inter provider VPNv4 connection to advertise VPN IPv4 routes as shown in Figure 1 12 Figure 1 12 Network diagram for inter provider VPN option C using RRs 1 1 8 HoVPN I Background 1 Hierarchical model and plane model In MPLS L3VPN solutions PEs are t...

Page 216: ...rtain PE has limited performance or scalability the performance or scalability of the whole network is influenced Due to the above difference you are faced with the scalability problem when deploying PEs at any of the three layers Therefore the plane model is not applicable to the large scale VPN deployment 2 HoVPN To solve the scalability problem of the plane model MPLS L3VPN must transition to t...

Page 217: ...s all the routes of the VPNs connected through UPEs including the routes of both the local and remote sites An SPE does not advertise routes of the remote sites to UPEs it only advertises to UPEs the default routes of VPN instances or summary routes along with labels Different roles mean different requirements z SPE An SPE is required to have large capacity routing table high forwarding performanc...

Page 218: ... HoPEs Figure 1 14 shows a three level HoPE The PE in the middle is called the middle level PE MPE MP BGP runs between SPE and MPE as well as between MPE and UPE Note The term of MPE does not really exist in a HoVPN model It is used here just for the convenience of description MP BGP advertises all the VPN routes of the UPEs to the SPEs but advertises only the default routes of the VPN instance of...

Page 219: ...OSPF areas between PEs and CEs The OSPF area between a PE and a CE can be either a non backbone area or a backbone area In the OSPF VPN extension application the MPLS VPN backbone is considered the backbone area area 0 Since OSPF requires that the backbone area must be contiguous the area 0 of each VPN site must be connected with the MPLS VPN backbone That is if a VPN site contains an OSPF area 0 ...

Page 220: ... to CE 21 and CE 22 through Type 5 LSAs ASE LSAs However CE 11 CE 21 and CE 22 belong to the same OSPF domain and the route advertisement between them should use Type 3 LSAs inter provider routes To solve the above problems PE uses an extended BGP OSPF interaction process called BGP OSPF interoperability to advertise routes from one site to another differentiating the routes from real AS External ...

Page 221: ...ere is an intra area OSPF link called backdoor link between them In this case the route connecting the two sites through PEs is an inter area route It is not preferred by OSPF because its preference is lower than that of the intra area route across the backdoor link Figure 1 16 Network diagram for sham link To solve the problem you can establish a sham link between the two PEs so that the routes b...

Page 222: ...ore you can run multiple OSPF processes on a routing device and bind them to different VPN instances In practice you can create OSPF instances for different services to separate services and ensure their security 1 1 10 BGP AS Number Substitution Since BGP detects routing loops by AS number if EBGP runs between PEs and CEs you must assign different AS numbers to geographically different sites to e...

Page 223: ...umber 100 for the AS number In this way CE 2 can normally receive the routing information from CE 1 AS number substitution also applies to a PE connecting multiple CEs through different interfaces such as PE 2 in Figure 1 17 which connects CE 2 and CE 3 Note For a multi homed CE that is a CE connected with multiple PEs the BGP AS number substitution function must be used in combination with the si...

Page 224: ...kes effect only after you configure an RD for it Before configuring an RD for a VPN instance you can configure no parameters for the instance other than a description A VPN instance description is a piece of descriptive information about the VPN instance You can use it to keep information such as the relationship of the VPN instance with a VPN Follow these steps to create and configure a VPN insta...

Page 225: ...learned from a CE gets redistributed into BGP BGP associates it with a VPN target extended community attribute list which is usually the export target attribute of the VPN instance associated with the CE z The VPN instance determines which routes it can accept and redistribute according to the import extcommunity in the VPN target z The VPN instance determines how to change the VPN targets attribu...

Page 226: ...VPN instance you must create the routing policy at first Otherwise the default routing policy is used z Change of the limit on the the number of routes in a VPN instance by using the routing table limit command does not affect the existing routing table To make the change take effect immediately you need to restart the routing protocol or shutdown and then undo shutdown the relevant interfaces 1 3...

Page 227: ... it with the VPN instance Otherwise the default policy will be used 1 4 Configuring Basic MPLS L3VPN This section describes how to configure a simple MPLS L3VPN where only one carrier is involved the MPLS backbone is not inter provider and none of the PEs or CEs functions as a PE and a CE at the same time Some special MPLS L3VPN networking scenarios such as HoVPN multi role host and inter provider...

Page 228: ...nter VPN instance view ip vpn instance vpn instance name Required No VPN instance exists by default Configure an RD for the VPN instance route distinguisher route distinguisher Required Associate the current VPN instance with one or more VPN targets vpn target vpn target 1 8 both export extcommunity import extcommunity Required Return to system view quit Enter interface view interface interface ty...

Page 229: ...eway address preference preference value tag tag value description description text Required Note Perform this configuration on the PEs The configuration method on the CEs is the same for configuring ordinary static routes II Configuring RIP between PE and CE A RIP process belongs to only one VPN instance If you run a RIP process without binding it to a VPN instance the process is considered a pub...

Page 230: ...E and CE and enter the OSPF view ospf process id router id router id vpn instance vpn instance name Required Configure the OSPF domain ID domain id domain id secondary Optional 0 by default Note z Perform the configurations on PEs Only conventional OSPF is required on CEs z After a VPN instance is deleted all related OSPF processes are deleted at the same time An OSPF process can be configured wit...

Page 231: ...to configure IS IS between PE and CE To do Use the command Remarks Enter system view system view Create an IS IS instance between PE and CE and enter IS IS view isis process id vpn instance vpn instance name Required Note z After configuring an IS IS instance you must start IS IS by using the same method for starting a common IS IS process z For description and detailed configuration about IS IS r...

Page 232: ... received routes Allow the local AS number to appear in the AS_PATH attribute of a received route and set the maximum number of repetitions peer group name ip address allow as loop number Optional For the hub and spoke networking scheme Note Normally BGP detects routing loops by AS number In the hub and spoke networking scheme however with EBGP running between PE and CE the routing information the...

Page 233: ...er to BGP Configuration and BGP Commands in IP Routing Volume This chapter does not differentiate between peer and peer group 1 4 4 Configuring Route Advertisement Between PEs Follow these steps to configure route advertisement between PEs To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Required Configure the remote PE as the peer peer group name ip address...

Page 234: ... of subaddress families To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Required Configure the remote PE as the peer peer ip address as number as number Required Specify the interface for TCP connection peer ip address connect interface interface type interface number Required ipv4 family vpnv4 l2vpn family Enter address family view vpls family Required Use...

Page 235: ...ween clients Optional Enabled by default Specify the cluster ID of the RR reflector cluster id cluster id ip address Optional Router ID of an RR in the cluster by default Create an RR reflection policy rr filter extended community list number Optional Note For information about BGP L2VPN address family and VPLS address family refer to MPLS L2VPN Commands and VPLS Commands in MPLS VPN Volume II Con...

Page 236: ...r peer group Specify to filter routes received from or to be advertised to a peer or peer group based on an AS_PATH list peer group name ip address as path acl aspath filter number import export Optional By default no AS filtering list is applied to a peer or peer group Specify to advertise all default routes of a VPN instance to a peer or peer group peer group name ip address default route advert...

Page 237: ...er Provider VPN If the MPLS backbone on which the VPN routes rely spans multiple ASs you need to configure inter provider VPN There are three inter provider VPN solutions refer to Multi AS VPN You can choose them as required 1 5 1 Configuration Prerequisites Before configuring inter provider VPN complete these tasks z Configuring IGP for the MPLS backbones in each AS to implement IP connectivity o...

Page 238: ...s used to access its peer ASBR PE Refer to Configuring Basic MPLS L3VPN Note In the inter provider VPN option A solution for the same VPN the VPN targets for the VPN instances of the PEs must match those for the VPN instances of the ASBR PEs in the same AS It is not required for PEs in different ASs 1 5 3 Configuring Inter Provider VPN Option B Follow these steps to configure inter provider VPN op...

Page 239: ...ose for the VPN instances of the ASBR PEs in the same AS This is true for PEs in different ASs Caution For inter provider VPN option B two configuration methods are available z Do not change the next hop on an ASBR With this method you still need to configure MPLS LDP between ASBRs z Change the next hop on an ASBR With this method MPLS LDP is not required between ASBRs Currently only the second me...

Page 240: ...information with the peer peer peer address enable Required Configure the PE not to change the next hop of a route when advertising it to the EBGP peer peer peer address next hop invariable Optional Required only when RRs are used to advertise VPNv4 routes where the next hop of a route advertised between RRs cannot be changed Usually this step is not needed II Configuring the ASBR PEs In the inter...

Page 241: ...s next hop local Required By default a BGP speaker does not use its address as the next hop when advertising a route to its IBGP peer Configure the remote ASBR PE as the EBGP peer peer peer address as number as number Required Enable the ASBR PE to exchange labeled IPv4 routes with the peer ASBR PE peer peer address label route capability Required By default the device does not advertise labeled r...

Page 242: ... Configure the device to assign labels to IPv4 routes apply mpls label Required By default an IPv4 route does not carry any label Follow these steps to configure a routing policy for inter provider VPN option C in the direction from ASBR to PE To do Use the command Remarks Enter system view system view Enter routing policy view route policy policy name permit node seq number Required Configure the...

Page 243: ... Configuring HoVPNs Follow these steps to configure HoVPN To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Enter BGP VPNv4 subaddress family view ipv4 family vpnv4 Required Enable the exchange of BGP VPNv4 routing information with a peer peer group name ip address enable Required Specify a BGP peer or peer group as the UPE peer group name ip address upe Requ...

Page 244: ...esides the loopback interfaces must be bound to the VPN instances and be advertised through BGP 1 7 1 Configuration Prerequisites Before configuring OSPF sham link be sure to complete these tasks z Configuring basic MPLS L3VPN OSPF is used between PE and CE z Configuring OSPF in the LAN where CEs reside 1 7 2 Configuring a Loopback Interface Follow these steps to configure a loopback interface To ...

Page 245: ... configure a sham link To do Use the command Remarks Enter system view system view Enter OSPF view ospf process id router id router id vpn instance vpn instance name Required You are recommended to configure the router id argument Configure the route tag route tag tag id Required Enter OSPF area view area area id Required Configure a sham link sham link source ip address destination ip address cos...

Page 246: ...erent OSPF VPN instance 1 8 Configuring Multi VPN instance CE Multi VPN instance CE is used in LANs By configuring multiple OSPF instances on CEs you can implement service isolation One OSPF process can belong to only one VPN instance one VPN instance can run several OSPF processes 1 8 1 Configuration Prerequisites Before configuring multi VPN instance CE complete these tasks z Configuring VPN ins...

Page 247: ...rocedure When CEs at different sites have the same AS number you need to configure the BGP AS number substitution function to avoid route loss Follow these steps to configure the BGP AS number substitution function To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Required Enter BGP VPN instance view ipv4 family vpn instance vpn instance name Required Enable ...

Page 248: ... view 1 10 2 Displaying and Maintaining MPLS L3VPN To do Use the command Remarks Display information about the routing table associated with a VPN instance display ip routing table vpn instance vpn instance name verbose Available in any view Display information about a specified or all VPN instances display ip vpn instance instance name vpn instance name verbose brief Available in any view Display...

Page 249: ...nformation display bgp vpnv4 all routing table network address mask mask length longer prefixes as path acl as path acl number cidr community aa nn 1 13 no export subconfed no advertise no export whole match community list basic community list number whole match adv community list number 1 16 different origin as regular expression as regular expression statistic Available in any view Display the B...

Page 250: ... any view Display information about OSPF sham links display ospf process id sham link area area id Available in any view Display information about a specified or all tunnel policies display tunnel policy all policy name tunnel policy name Available in any view Clear the route flap dampening information of a VPN instance reset bgp vpn instance vpn instance name dampening network address mask mask l...

Page 251: ... 1 2 24 Vlan int1 172 2 1 2 24 CE 2 Vlan int1 10 2 1 1 24 Vlan int2 10 3 1 2 24 CE 3 Vlan int1 10 3 1 1 24 Vlan int3 10 4 1 2 24 CE 4 Vlan int1 10 4 1 1 24 Figure 1 18 Configure MPLS L3VPNs III Configuration procedure 1 Configure IGP on the MPLS backbone enabling the PEs and the P device to communicate Configure PE 1 PE1 interface loopback 0 PE1 LoopBack0 ip address 1 1 1 9 32 PE1 LoopBack0 quit P...

Page 252: ...address 3 3 3 9 32 PE2 LoopBack0 quit PE2 interface vlan interface 1 PE2 Vlan interface1 ip address 172 2 1 2 24 PE2 Vlan interface1 quit PE2 ospf PE2 ospf 1 area 0 PE2 ospf 1 area 0 0 0 0 network 172 2 1 0 0 0 0 255 PE2 ospf 1 area 0 0 0 0 network 3 3 3 9 0 0 0 0 PE2 ospf 1 area 0 0 0 0 quit PE2 ospf 1 quit After you complete the above configurations OSPF adjacency should be established between P...

Page 253: ...terface State 172 1 1 2 172 1 1 2 1 38 Vlan3 Full DR 2 Configure MPLS basic capability and MPLS LDP on the MPLS backbone to establish LDP LSPs Configure PE 1 PE1 mpls lsr id 1 1 1 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit PE1 interface vlan interface 3 PE1 Vlan interface3 mpls PE1 Vlan interface3 mpls ldp PE1 Vlan interface3 quit Configure the P device P mpls lsr id 2 2 2 9 P mpls P ...

Page 254: ...y mpls ldp session LDP Session s in Public Network Total number of sessions 1 Peer ID Status LAM SsnRole FT MD5 KA Sent Rcv 2 2 2 9 0 Operational DU Passive Off Off 5 5 LAM Label Advertisement Mode FT Fault Tolerance PE1 display mpls ldp lsp LDP LSP Information SN DestAddress Mask In OutLabel Next Hop In Out Interface 1 1 1 1 9 32 3 NULL 127 0 0 1 Vlan3 InLoop0 2 2 2 2 9 32 NULL 3 172 1 1 2 Vlan3 ...

Page 255: ...PE2 interface vlan interface 2 PE2 Vlan interface2 ip binding vpn instance vpna PE2 Vlan interface2 ip address 10 3 1 2 24 PE2 Vlan interface2 quit PE2 interface vlan interface 3 PE2 Vlan interface3 ip binding vpn instance vpnb PE2 Vlan interface3 ip address 10 4 1 2 24 PE2 Vlan interface3 quit Configure IP addresses for the CEs as required in Figure 1 18 The detailed configuration steps are omitt...

Page 256: ...between PEs and CEs to allow VPN routes to be injected Configure CE 1 CE1 bgp 65410 CE1 bgp peer 10 1 1 2 as number 100 CE1 bgp import route direct CE1 bgp quit Note The configurations for the other three CEs are similar to the above The detailed configuration steps are omitted Configure PE 1 PE1 bgp 100 PE1 bgp ipv4 family vpn instance vpna PE1 bgp vpna peer 10 1 1 1 as number 65410 PE1 bgp vpna ...

Page 257: ... 0 PE1 bgp ipv4 family vpnv4 PE1 bgp af vpnv4 peer 3 3 3 9 enable PE1 bgp af vpnv4 quit Configure PE 2 PE2 bgp 100 PE2 bgp peer 1 1 1 9 as number 100 PE2 bgp peer 1 1 1 9 connect interface loopback 0 PE2 bgp ipv4 family vpnv4 PE2 bgp af vpnv4 peer 1 1 1 9 enable PE2 bgp af vpnv4 quit After completing the above configuration if you issue the display bgp peer command or the display bgp vpnv4 all pee...

Page 258: ...nt VPNs should not For example CE 1 should be capable of pinging CE 3 10 3 1 1 but should not be capable of pinging CE 4 10 4 1 1 CE1 ping 10 3 1 1 PING 10 3 1 1 56 data bytes press CTRL_C to break Reply from 10 3 1 1 bytes 56 Sequence 1 ttl 253 time 72 ms Reply from 10 3 1 1 bytes 56 Sequence 2 ttl 253 time 34 ms Reply from 10 3 1 1 bytes 56 Sequence 3 ttl 253 time 50 ms Reply from 10 3 1 1 bytes...

Page 259: ...ce Interface IP address Device Interface IP address CE 1 Vlan int1 10 1 1 1 24 CE 2 Vlan int1 10 2 1 1 24 PE 1 Loop0 1 1 1 9 32 PE 2 Loop0 4 4 4 9 32 Vlan int1 10 1 1 2 24 Vlan int1 10 2 1 2 24 Vlan int2 172 1 1 2 24 Vlan int2 162 1 1 2 24 ASBR PE 1 Loop0 2 2 2 9 32 ASBR PE 2 Loop0 3 3 3 9 32 Vlan int1 172 1 1 1 24 Vlan int1 162 1 1 1 24 Vlan int2 192 1 1 1 24 Vlan int2 192 1 1 2 24 Figure 1 19 Co...

Page 260: ...1 mpls lsr id 1 1 1 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit PE1 interface Vlan interface 2 PE1 Vlan interface2 mpls PE1 Vlan interface2 mpls ldp PE1 Vlan interface2 quit Configure MPLS basic capability on ASBR PE 1 and enable MPLS LDP on the interface connected to PE 1 ASBR PE1 mpls lsr id 2 2 2 9 ASBR PE1 mpls ASBR PE1 mpls quit ASBR PE1 mpls ldp ASBR PE1 mpls ldp quit ASBR PE1 in...

Page 261: ... field has a value of Operational in the output information 3 Configure VPN instances on PEs to allow CEs to access Note The VPN targets for the VPN instances of the PEs must match those for the VPN instances of the ASBR PEs in the same AS It is not required for PEs in different ASs Configure CE 1 CE1 interface Vlan interface 1 CE1 Vlan interface1 ip address 10 1 1 1 24 CE1 Vlan interface1 quit Co...

Page 262: ...rface2 ip binding vpn instance vpna ASBR PE1 Vlan interface2 ip address 192 1 1 1 24 ASBR PE1 Vlan interface2 quit Configure ASBR PE 2 creating a VPN instance and binding the instance to the interface connected with ASBR PE 1 Note that ASBR PE 2 considers ASBR PE 1 its CE ASBR PE2 ip vpn instance vpna ASBR PE2 vpn vpn vpna route distinguisher 200 1 ASBR PE2 vpn vpn vpna vpn target 100 1 both ASBR ...

Page 263: ... ipv4 family vpn instance vpna PE2 bgp vpna peer 10 2 1 1 as number 65002 PE2 bgp vpna import route direct PE2 bgp vpna quit PE2 bgp quit 5 Establish IBGP peer relationship between each PE and the ASBR PE in the same AS and EBGP peer relationship between the ASBR PEs Configure PE 1 PE1 bgp 100 PE1 bgp peer 2 2 2 9 as number 100 PE1 bgp peer 2 2 2 9 connect interface loopback 0 PE1 bgp ipv4 family ...

Page 264: ...uit ASBR PE2 bgp quit Configure PE 2 PE2 bgp 200 PE2 bgp peer 3 3 3 9 as number 200 PE2 bgp peer 3 3 3 9 connect interface loopback 0 PE2 bgp ipv4 family vpnv4 PE2 bgp af vpnv4 peer 3 3 3 9 enable PE2 bgp af vpnv4 peer 3 3 3 9 next hop local PE2 bgp af vpnv4 quit PE2 bgp quit 6 Verify your configurations After you complete the above configurations the CEs should be able to learn the interface rout...

Page 265: ...2 2 2 9 32 PE 2 Loop1 5 5 5 9 32 Vlan int1 30 0 0 1 8 Vlan int1 20 0 0 1 8 Vlan int2 1 1 1 2 8 Vlan int2 9 1 1 2 8 ASBR PE 1 Loop1 3 3 3 9 32 ASBR PE 2 Loop1 4 4 4 9 32 Vlan int1 1 1 1 1 8 Vlan int1 9 1 1 1 8 Vlan int2 11 0 0 2 8 Vlan int2 11 0 0 1 8 Figure 1 20 Configure inter provider VPN option B III Configuration procedure 1 Configure PE 1 Sysname system view Sysname sysname PE1 Run IS IS on P...

Page 266: ...t 1 1 2 2 3 3 import extcommunity PE1 vpn instance vpn1 vpn target 3 3 export extcommunity PE1 vpn instance vpn1 quit Bind the interface connected with CE 1 to the created VPN instance PE1 interface vlan interface 1 PE1 Vlan interface1 ip binding vpn instance vpn1 PE1 Vlan interface1 ip address 30 0 0 1 8 PE1 Vlan interface1 quit Start BGP on PE 1 PE1 bgp 100 Configure IBGP peer 3 3 3 9 as a VPNv4...

Page 267: ... MPLS on it ASBR PE1 interface vlan interface 2 ASBR PE1 Vlan interface2 ip address 11 0 0 2 255 0 0 0 ASBR PE1 Vlan interface2 mpls ASBR PE1 Vlan interface2 quit Configure interface loopback1 and start IS IS on it ASBR PE1 interface loopback 1 ASBR PE1 LoopBack1 ip address 3 3 3 9 32 ASBR PE1 LoopBack1 isis enable 1 ASBR PE1 LoopBack1 quit Start BGP on ASBR PE 1 ASBR PE1 bgp 100 ASBR PE1 bgp peer...

Page 268: ...PE2 Vlan interface1 isis enable 1 ASBR PE2 Vlan interface1 mpls ASBR PE2 Vlan interface1 mpls ldp ASBR PE2 Vlan interface1 quit Configure interface VLAN interface 2 and enable MPLS on it ASBR PE2 interface vlan interface 2 ASBR PE2 Vlan interface2 ip address 11 0 0 1 255 0 0 0 ASBR PE2 Vlan interface2 mpls ASBR PE2 Vlan interface2 quit Configure interface loopback1 and start IS IS on it ASBR PE2 i...

Page 269: ...9 PE2 mpls PE2 mpls quit PE2 mpls ldp PE2 mpls ldp quit Configure interface VLAN interface 2 start IS IS and enable MPLS and LDP on the interface PE2 interface vlan interface 2 PE2 Vlan interface2 ip address 9 1 1 2 255 0 0 0 PE2 Vlan interface2 isis enable 1 PE2 Vlan interface2 mpls PE2 Vlan interface2 mpls ldp PE2 Vlan interface2 quit Configure interface loopback1 and start IS IS on it PE2 inter...

Page 270: ...pn1 PE2 bgp vpn1 import route direct PE2 bgp vpn1 quit PE2 bgp quit 5 Verify your configurations After you complete the above configurations PE 1 and PE 2 should be able to ping each other PE2 ping vpn instance vpn1 30 0 0 1 PE1 ping vpn instance vpn1 20 0 0 1 1 11 4 Example for Configuring Inter Provider VPN Option C I Network requirements z Site 1 and Site 2 belong to the same VPN Site 1 accesse...

Page 271: ... 1 8 Figure 1 21 Configure inter provider VPN option C III Configuration procedure 1 Configure PE 1 Sysname system view Sysname sysname PE1 Run IS IS on PE 1 PE1 isis 1 PE1 isis 1 network entity 10 111 111 111 111 00 PE1 isis 1 quit Configure LSR ID enable MPLS and LDP PE1 mpls lsr id 2 2 2 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit Configure interface VLAN interface 1 start IS IS and...

Page 272: ...vpn instance vpn1 PE1 LoopBack6 ip address 30 0 0 1 32 PE1 LoopBack6 quit Start BGP on PE 1 PE1 bgp 100 Configure the capability to advertise labeled routes to IBGP peer 3 3 3 9 and to receive labeled routes from the peer PE1 bgp peer 3 3 3 9 as number 100 PE1 bgp peer 3 3 3 9 connect interface loopback 1 PE1 bgp peer 3 3 3 9 label route capability Configure the maximum hop count from PE 1 to EBGP...

Page 273: ...an interface1 mpls ASBR PE1 Vlan interface1 mpls ldp ASBR PE1 Vlan interface1 quit Configure interface VLAN interface 2 and enable MPLS on it ASBR PE1 interface vlan interface 2 ASBR PE1 Vlan interface2 ip address 11 0 0 2 255 0 0 0 ASBR PE1 Vlan interface2 mpls ASBR PE1 Vlan interface2 quit Configure interface loopback1 and start IS IS on it ASBR PE1 interface loopback 1 ASBR PE1 LoopBack1 ip add...

Page 274: ... 11 0 0 1 ASBR PE1 bgp peer 11 0 0 1 as number 600 ASBR PE1 bgp peer 11 0 0 1 route policy policy1 export Configure the capability to advertise labeled routes to EBGP peer 11 0 0 1 and to receive labeled routes from the peer ASBR PE1 bgp peer 11 0 0 1 label route capability 3 Configure ASBR PE 2 Sysname system view Sysname sysname ASBR PE2 Start IS IS on ASBR PE 2 ASBR PE2 isis 1 ASBR PE2 isis 1 n...

Page 275: ... route policy apply mpls label ASBR PE2 route policy quit Start BGP on ASBR PE 2 and specify to inject routes of IS IS process 1 ASBR PE2 bgp 600 ASBR PE2 bgp import route isis 1 Configure the capability to advertise labeled routes to IBGP peer 5 5 5 9 and to receive labeled routes from the peer ASBR PE2 bgp peer 5 5 5 9 as number 600 ASBR PE2 bgp peer 5 5 5 9 connect interface loopback 1 ASBR PE2...

Page 276: ...E2 Vlan interface1 mpls PE2 Vlan interface1 mpls ldp PE2 Vlan interface1 quit Configure interface loopback1 and start IS IS on it PE2 interface loopback 1 PE2 LoopBack1 ip address 5 5 5 9 32 PE2 LoopBack1 isis enable 1 PE2 LoopBack1 quit Create VPN instance vpn1 and configure the RD and VPN target attributes PE2 ip vpn instance vpn1 PE2 vpn instance vpn1 route distinguisher 11 11 PE2 vpn instance ...

Page 277: ... import route direct PE2 bgp vpn1 quit After you complete the above configurations PE 1 and PE 2 should be able to ping each other PE2 ping vpn instance vpn1 30 0 0 1 PE1 ping vpn instance vpn1 20 0 0 1 1 11 5 Example for Configuring Carrier s Carrier I Network requirements The Level 2 carrier provides MPLS L3VPN services to customers As shown in Figure 1 22 z PE 1 and PE 2 are PEs of the Level 1 ...

Page 278: ...Vlan int2 Vlan int2 Vlan int1 Vlan int1 Vlan int2 Vlan int2 Vlan int1 Vlan int1 MP IBGP Loop1 Device Interface IP address Device Interface IP address CE 3 Vlan int1 100 1 1 1 24 CE 4 Vlan int1 120 1 1 1 24 PE 3 Loop1 1 1 1 9 32 PE 4 Loop1 6 6 6 9 32 Vlan int1 100 1 1 2 24 Vlan int1 120 1 1 2 24 Vlan int2 10 1 1 1 24 Vlan int2 20 1 1 2 24 CE 1 Loop1 2 2 2 9 32 CE 2 Loop1 5 5 5 9 32 Vlan int2 10 1 1...

Page 279: ...mpls ldp transport address interface PE1 Vlan interface2 quit PE1 bgp 100 PE1 bgp peer 4 4 4 9 as number 100 PE1 bgp peer 4 4 4 9 connect interface loopback 1 PE1 bgp ipv4 family vpnv4 PE1 bgp af vpnv4 peer 4 4 4 9 enable PE1 bgp af vpnv4 quit PE1 bgp quit Note The configurations for PE 2 are similar to those for PE 1 The detailed configuration steps are omitted After completing the above configur...

Page 280: ...47 Established PE1 display isis peer Peer information for ISIS 1 System Id 0000 0000 0005 Interface Vlan interface44 Circuit Id 0000 0000 0004 02 State Up HoldTime 29s Type L1 L1L2 PRI 64 System Id 0000 0000 0005 Interface Vlan interface44 Circuit Id 0000 0000 0004 02 State Up HoldTime 30s Type L2 L1L2 PRI 64 2 Configure the Level 2 carrier network start IS IS as the IGP and enable LDP between PE ...

Page 281: ...e loopback 1 CE1 LoopBack1 ip address 2 2 2 9 32 CE1 LoopBack1 quit CE1 mpls lsr id 2 2 2 9 CE1 mpls CE1 mpls quit CE1 mpls ldp CE1 mpls ldp quit CE1 isis 2 CE1 isis 2 network entity 10 0000 0000 0000 0002 00 CE1 isis 2 quit CE1 interface loopback 1 CE1 LoopBack1 isis enable 2 CE1 LoopBack1 quit CE1 interface vlan interface 2 CE1 Vlan interface2 ip address 10 1 1 2 24 CE1 Vlan interface2 isis enab...

Page 282: ...n1 PE1 isis 2 network entity 10 0000 0000 0000 0003 00 PE1 isis 2 import route bgp PE1 isis 2 quit PE1 interface vlan interface 1 PE1 Vlan interface1 ip binding vpn instance vpn1 PE1 Vlan interface1 ip address 11 1 1 2 24 PE1 Vlan interface1 isis enable 2 PE1 Vlan interface1 mpls PE1 Vlan interface1 mpls ldp PE1 Vlan interface1 mpls ldp transport address interface Configure CE 1 CE1 interface vlan...

Page 283: ... direct CE3 bgp quit Configure PE 3 PE3 ip vpn instance vpn1 PE3 vpn instance vpn1 route distinguisher 100 1 PE3 vpn instance vpn1 vpn target 1 1 PE3 vpn instance vpn1 quit PE3 interface vlan interface 1 PE3 Vlan interface1 ip binding vpn instance vpn1 PE3 Vlan interface1 ip address 100 1 1 2 24 PE3 Vlan interface1 quit PE3 bgp 100 PE3 bgp ipv4 family vpn instance vpn1 PE3 bgp vpn1 peer 100 1 1 1 ...

Page 284: ...as an example PE1 display ip routing table Routing Tables Public Destinations 7 Routes 7 Destination Mask Proto Pre Cost NextHop Interface 3 3 3 9 32 Direct 0 0 127 0 0 1 InLoop0 4 4 4 9 32 ISIS 15 10 30 1 1 2 Vlan2 30 1 1 0 24 Direct 0 0 30 1 1 1 Vlan2 30 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 30 1 1 2 32 Direct 0 0 30 1 1 2 Vlan2 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 12...

Page 285: ...t NextHop Interface 1 1 1 9 32 ISIS 15 10 10 1 1 2 Vlan2 2 2 2 9 32 Direct 0 0 127 0 0 1 InLoop0 5 5 5 9 32 ISIS 15 74 11 1 1 2 Vlan1 6 6 6 9 32 ISIS 15 74 11 1 1 2 Vlan1 10 1 1 0 24 Direct 0 0 10 1 1 2 Vlan2 10 1 1 1 32 Direct 0 0 10 1 1 1 Vlan2 10 1 1 2 32 Direct 0 0 127 0 0 1 InLoop0 11 1 1 0 24 Direct 0 0 11 1 1 1 Vlan1 11 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 11 1 1 2 32 Direct 0 0 11 1 1 2 V...

Page 286: ...outes 3 Destination Mask Proto Pre Cost NextHop Interface 100 1 1 0 24 Direct 0 0 100 1 1 2 Vlan1 100 1 1 2 32 Direct 0 0 127 0 0 1 InLoop0 120 1 1 0 24 BGP 255 0 6 6 6 9 NULL0 PE 3 and PE 4 should be able to ping each other PE3 ping 20 1 1 2 PING 20 1 1 2 56 data bytes press CTRL_C to break Reply from 20 1 1 2 bytes 56 Sequence 1 ttl 252 time 127 ms Reply from 20 1 1 2 bytes 56 Sequence 2 ttl 252...

Page 287: ... to allow MPLS VPNs to access the backbone z UPEs act as PEs of the MPLS VPNs to allow end users to access the VPNs z Performance requirements for the UPEs are lower than those for the SPEs II Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan int1 10 2 1 1 24 CE 3 Vlan int1 10 1 1 1 24 CE 2 Vlan int1 10 4 1 1 24 CE 4 Vlan int1 10 3 1 1 24 UPE 1 Loop1 1 1 1 9 32 UPE ...

Page 288: ...0 0 0 0 255 UPE1 ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 UPE1 ospf 1 area 0 0 0 0 quit UPE1 ospf 1 quit UPE1 ip vpn instance vpn1 UPE1 vpn instance vpn1 route distinguisher 100 1 UPE1 vpn instance vpn1 vpn target 100 1 both UPE1 vpn instance vpn1 quit UPE1 ip vpn instance vpn2 UPE1 vpn instance vpn2 route distinguisher 100 2 UPE1 vpn instance vpn2 vpn target 100 2 both UPE1 vpn instance vpn2 q...

Page 289: ...stem view Sysname sysname CE1 CE1 interface vlan interface 1 CE1 Vlan interface1 ip address 10 2 1 1 255 255 255 0 CE1 Vlan interface1 quit CE1 bgp 65410 CE1 bgp peer 10 2 1 2 as number 100 CE1 bgp import route direct CE1 quit 3 Configure CE 2 Sysname system view Sysname sysname CE2 CE2 interface vlan interface 1 CE2 Vlan interface1 ip address 10 4 1 1 255 255 255 0 CE2 Vlan interface1 quit CE2 bg...

Page 290: ...stinguisher 400 2 UPE2 vpn instance vpn2 vpn target 100 2 both UPE2 vpn instance vpn2 quit UPE2 interface vlan interface 2 UPE2 Vlan interface2 ip binding vpn instance vpn1 UPE2 Vlan interface2 ip address 10 1 1 2 24 UPE2 Vlan interface2 quit UPE2 interface vlan interface 3 UPE2 Vlan interface3 ip binding vpn instance vpn2 UPE2 Vlan interface3 ip address 10 3 1 2 24 UPE2 Vlan interface3 quit UPE2 ...

Page 291: ...5 255 0 CE4 Vlan interface1 quit CE4 bgp 65440 CE4 bgp peer 10 3 1 2 as number 100 CE4 bgp import route direct CE4 quit 7 Configure SPE 1 Sysname system view Sysname sysname SPE1 SPE1 interface loopback 1 SPE1 LoopBack1 ip address 2 2 2 9 32 SPE1 LoopBack1 quit SPE1 mpls lsr id 2 2 2 9 SPE1 mpls SPE1 mpls quit SPE1 mpls ldp SPE1 mpls ldp quit SPE1 interface vlan interface 1 SPE1 Vlan interface1 ip...

Page 292: ...peer 1 1 1 9 connect interface loopback 1 SPE1 bgp peer 1 1 1 9 next hop local SPE1 bgp peer 3 3 3 9 as number 100 SPE1 bgp peer 3 3 3 9 connect interface loopback 1 SPE1 bgp ipv4 family vpnv4 SPE1 bgp af vpnv4 peer 3 3 3 9 enable SPE1 bgp af vpnv4 peer 1 1 1 9 enable SPE1 bgp af vpnv4 peer 1 1 1 9 upe SPE1 bgp af vpnv4 peer 1 1 1 9 default route advertise vpn instance vpna SPE1 bgp af vpnv4 peer ...

Page 293: ...et 100 1 both SPE2 vpn instance vpna quit SPE2 ip vpn instance vpnb SPE2 vpn instance vpnb route distinguisher 800 1 SPE2 vpn instance vpnb vpn target 100 2 both SPE2 vpn instance vpnb quit Configure SPE 2 to establish MP IBGP peer relationship with UPE 2 and to inject VPN routes and specify UPE 2 SPE2 bgp 100 SPE2 bgp peer 4 4 4 9 as number 100 SPE2 bgp peer 4 4 4 9 connect interface loopback 1 S...

Page 294: ... 24 Vlan int2 20 1 1 1 24 Vlan int2 30 1 1 2 24 PE 1 Loop1 1 1 1 9 32 PE 2 Loop1 2 2 2 9 32 Loop10 3 3 3 3 32 Loop10 5 5 5 5 32 Vlan int1 100 1 1 2 24 Vlan int1 120 1 1 2 24 Vlan int2 10 1 1 1 24 Vlan int2 10 1 1 2 24 Switch A Vlan int1 20 1 1 2 24 Vlan int2 30 1 1 1 24 Figure 1 24 Configure an OSPF sham link III Configuration procedure 1 Configure OSPF on the customer networks Configure conventio...

Page 295: ...n PE 1 to establish LDP LSPs Sysname system view Sysname sysname PE1 PE1 interface loopback 1 PE1 LoopBack1 ip address 1 1 1 9 32 PE1 LoopBack1 quit PE1 mpls lsr id 1 1 1 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit PE1 interface vlan interface 2 PE1 Vlan interface2 ip address 10 1 1 1 24 PE1 Vlan interface2 mpls PE1 Vlan interface2 mpls ldp PE1 Vlan interface2 quit Configure PE 1 to ta...

Page 296: ...ure PE 2 to take PE 1 as the MP IBGP peer PE2 bgp 100 PE2 bgp peer 1 1 1 9 as number 100 PE2 bgp peer 1 1 1 9 connect interface loopback 1 PE2 bgp ipv4 family vpnv4 PE2 bgp af vpnv4 peer 1 1 1 9 enable PE2 bgp af vpnv4 quit PE2 bgp quit Configure OSPF on PE 2 PE2 ospf 1 PE2 ospf 1 area 0 PE2 ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 PE2 ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 PE2 ospf 1 a...

Page 297: ...nterface vlan interface 1 PE2 Vlan interface1 ip binding vpn instance vpn1 PE2 Vlan interface1 ip address 120 1 1 2 24 PE2 Vlan interface1 quit PE2 ospf 100 vpn instance vpn1 PE2 ospf 100 domain id 10 PE2 ospf 100 area 1 PE2 ospf 100 area 0 0 0 1 network 120 1 1 0 0 0 0 255 PE2 ospf 100 area 0 0 0 1 quit PE2 ospf 100 quit PE2 bgp 100 PE2 bgp ipv4 family vpn instance vpn1 PE2 bgp vpn1 import route ...

Page 298: ...nstance vpn1 PE2 LoopBack10 ip address 5 5 5 5 32 PE2 LoopBack10 quit PE2 ospf 100 PE2 ospf 100 area 1 PE2 ospf 100 area 0 0 0 1 sham link 5 5 5 5 3 3 3 3 cost 10 PE2 ospf 100 area 0 0 0 1 quit PE2 ospf 100 quit After completing the above configurations if you issue the display ip routing table vpn instance command again on the PEs you should see that the path to the peer CE is now along the BGP r...

Page 299: ... 0 0 127 0 0 1 InLoop0 120 1 1 0 24 OSPF 10 12 100 1 1 2 Vlan1 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 Issuing the display ospf sham link command on the PEs you should see the established sham link Takes PE 1 as an example PE1 display ospf sham link OSPF Process 100 with Router ID 100 1 1 2 Sham Link Area RouterId Source IP Destination IP State Cost 0 0 0...

Page 300: ... basic MPLS L3VPN z Configure OSPF on the MPLS backbone to allow the PEs and P device to learn the routes of the loopback interfaces from each other z Configure MPLS basic capability and MPLS LDP on the MPLS backbone to establish LDP LSPs z Establish MP IBGP neighbor relationship between the PEs to advertise VPN IPv4 routes z Configure the VPN instance of VPN 2 on PE 2 to allow CE 2 to access the ...

Page 301: ...bles vpn1 Destinations 7 Routes 7 Destination Mask Proto Pre Cost NextHop Interface 10 1 1 0 24 BGP 255 0 1 1 1 9 NULL0 10 1 1 1 32 BGP 255 0 1 1 1 9 NULL0 10 2 1 0 24 Direct 0 0 10 2 1 2 Vlan1 10 2 1 1 32 Direct 0 0 10 2 1 1 Vlan1 10 2 1 2 32 Direct 0 0 127 0 0 1 InLoopBack0 100 1 1 1 32 BGP 255 0 1 1 1 9 NULL0 200 1 1 1 32 BGP 255 0 10 2 1 1 Vlan1 Enabling BGP update packet debugging on PE 2 you...

Page 302: ...H of 100 1 1 1 32 has changed from 100 600 to 100 100 Jan 30 17 11 30 362 2007 PE2 RM 7 RMDEBUG BGP vpn1 Send UPDATE to 10 2 1 1 for following destinations Origin Incomplete AS Path 100 100 Next Hop 10 2 1 2 100 1 1 1 32 Display again the routing information that CE 2 receives and the routing table CE2 display bgp routing table peer 10 2 1 2 received routes Total Number of Routes 5 BGP Local route...

Page 303: ... After configuring BGP AS substitution on PE 1 too the interfaces of CE 1 and CE 2 should be able to ping each other CE1 ping a 100 1 1 1 200 1 1 1 PING 200 1 1 1 56 data bytes press CTRL_C to break Reply from 200 1 1 1 bytes 56 Sequence 1 ttl 253 time 109 ms Reply from 200 1 1 1 bytes 56 Sequence 2 ttl 253 time 67 ms Reply from 200 1 1 1 bytes 56 Sequence 3 ttl 253 time 66 ms Reply from 200 1 1 1...

Page 304: ...oopback Group 1 3 1 2 3 Configuring Port based QoS Policy 1 3 1 3 Configuring Hybrid Insertion Based on L3 SPUs 1 4 1 3 1 Configuring MPLS Service Redirection at Public Network Side 1 4 1 3 2 Configuring VPLS Service Redirection at Public Network Side 1 5 1 3 3 Binding VPLS Virtual Service Interface with VPLS Instance 1 5 1 3 4 Configuring Backup Interface for Virtual Service Interface 1 6 1 3 5 D...

Page 305: ...d QoS refer to related manuals z A routing switch running MPLS has the functions of a router The term router in this document refers to a router in a generic sense or a Layer 3 Ethernet switch running MPLS z For an S9500 Series routing switch only line processor units LPUs with a suffix of C CA or CB and VPLS service processor cards SPCs support MPLS For S9500 Series routing switches to support MP...

Page 306: ... insertions I Hybrid insertion based on LPUs with a suffix of C CA or CB z Support hybrid insertion of LPUs with a suffix of C CA or CB and non MPLS SPUs z The service at the L3VPN private network side must be redirected to the MPLS service loopback group on the MPLS board for processing II Hybrid insertion based on L3 SPUs z Support hybrid insertion of L3 SPUs and non L3 SPUs z VPLS service and M...

Page 307: ...ion group must be manual Set the type of service loopback group to MPLS link aggregation group agg id service type ipv6 ipv6mc mpls tunnel Required Add the port of MPLS board to the loopback group port link aggregation group agg id Required 1 2 3 Configuring Port based QoS Policy Follow these steps to configure a port based QoS policy To do Use the command Remarks Enter system view system view Ent...

Page 308: ...sertion z You can add multiple ports to an MPLS loopback group for load sharing purpose z LSB1GV48DA0 LSB1GV48DB0 and LSB1XP4DB0 do not support L2VPN hybrid insertion 1 3 Configuring Hybrid Insertion Based on L3 SPUs Before configuring the hybrid insertion based on L3 SPUs you need to z Redirect the MPLS and VPLS services at the public network side to the virtual service interface on the L3 board ...

Page 309: ...etwork Side VPLS service redirection is to redirect the VPLS service to the MPLS VPLS virtual service interface on the L3 board capable of MPLS processing Follow these steps to configure VPLS service redirection at the public network side To do Use the command Remarks Enter system view system view Enter MPLS VPLS virtual service interface view interface MPLS VPLS interface number Redirect the VPLS...

Page 310: ... vsi vsi name Required 1 3 4 Configuring Backup Interface for Virtual Service Interface With the backup interface of virtual service interface the service can be switched to the backup interface once the virtual service interface is in down state thus ensuring uninterrupted traffic forwarding Follow these steps to configure the backup interface for the virtual service interface To do Use the comma...

Page 311: ...r all policies display qos policy user defined policy name classifier tcl name Available in any view Display configuration and operation information about policies of a specified interface or all interfaces display qos policy interface interface type interface number inbound outbound Available in any view Display information about configured traffic behaviors display traffic behavior user defined ...

Page 312: ...PEs A non MPLS board with FE ports resides in Slot 3 and an MPLS board with GE ports in Slot 2 III Configuration procedure 1 Configure CE 1 Establish the EBGP neighbor relationship between CE 1 and PE 1 Inject a directly connected route and a static route to redistribute the VPN private network user routes of CE 1 to BGP routes and then advertise injected routes to PE 1 CE1 system view CE1 vlan 10...

Page 313: ...loopback interface PE1 ospf 1 router id 1 1 1 1 PE1 ospf 1 area 0 PE1 ospf 1 area 0 0 0 0 network 196 168 1 0 0 0 0 255 PE1 ospf 1 area 0 0 0 0 network 1 1 1 1 0 0 0 0 PE1 ospf 1 area 0 0 0 0 quit Configure the VPN instance The configuration on VPN B is similar with that on VPN A The following provides the configuration on VPN A only PE1 system view PE1 ip vpn instance vpna PE1 vpn vpna route dist...

Page 314: ...PE1 vlan10 interface vlan interface 10 PE1 vlan interface10 quit Bind the VPN A to the VLAN interface that connects PE 1 and CE 1 PE1 Vlan interface10 ip binding vpn instance vpna PE1 Vlan interface10 ip address 10 10 10 1 24 PE1 Vlan interface10 quit Establish the EBGP neighbor relationship between PE 1 and CE 1 and inject the interface routes of VPN instance PE1 bgp 100 PE1 bgp ipv4 family vpn i...

Page 315: ...0 mpls P vlan interface100 mpls ldp P vlan interface100 quit P vlan 200 P vlan200 port GigabitEthernet 2 1 2 P vlan200 interface vlan interface 200 P vlan interface200 ip address 196 168 2 2 255 255 255 0 P vlan interface200 mpls P vlan interface200 mpls ldp P vlan interface200 quit Configure the OSPF P ospf 1 router id 3 3 3 3 P ospf 1 area 0 P ospf 1 area 0 0 0 0 network 196 168 1 0 0 0 0 255 P ...

Page 316: ...PE2 ip vpn instance vpna PE2 vpn vpna route distinguisher 100 1 PE2 vpn vpna vpn target 100 1 both PE2 vpn vpna quit Configure the MPLS service loopback group PE2 link aggregation group 1 mode manual PE2 link aggregation group 1 service type mpls Add multiple ports to the MPLS service loopback group PE2 inter GigabitEthernet 2 2 3 PE2 GigabitEthernet2 2 3 stp disable PE2 GigabitEthernet2 2 3 port ...

Page 317: ...instance import route direct PE2 bgp af vpn instance quit PE2 bgp quit Establish the MBGP neighbor relationship between PEs to exchange VPN routing information among PEs Activate the IBGP peer in VPNv4 address family view PE2 bgp 100 PE2 bgp group 100 PE2 bgp peer 1 1 1 1 group 100 PE2 bgp peer 1 1 1 1 connect interface loopback0 PE2 bgp ipv4 family vpnv4 PE2 bgp af vpn peer 100 enable PE2 bgp af ...

Page 318: ...m view CE1 vlan 10 CE1 interface vlan interface 10 CE1 vlan interface10 ip address 10 10 10 1 255 255 255 0 CE1 vlan interface10 quit 2 Configure PE 1 Configure the global MPLS PE1 mpls lsr id 1 1 1 1 PE1 mpls PE1 mpls ldp Configure a public network interface and enable MPLS on the interface PE1 interface loopback0 PE1 LoopBack0 ip address 1 1 1 1 32 PE1 LoopBack0 quit PE1 vlan 100 PE1 vlan100 por...

Page 319: ...disable PE1 GigabitEthernet2 2 4 port link aggregation group 1 Configure the VLAN interface PE1 vlan 10 PE1 vlan10 port Ethernet 3 1 1 PE1 vlan10 interface vlan interface 10 PE1 vlan interface10 quit Bind the VPNA to the VLAN interface that connects PE 1 and CE 1 PE1 Vlan interface10 mpls l2vc 2 2 2 2 100 PE1 Vlan interface10 quit 3 Configure the P device Configure the global MPLS P mpls lsr id 3 ...

Page 320: ...rk interface and enable MPLS on the interface PE2 interface loopback0 PE2 LoopBack0 ip address 2 2 2 2 32 PE2 LoopBack0 quit PE2 vlan 200 PE2 vlan200 port GigabitEthernet 2 2 1 PE2 vlan200 interface vlan interface 200 PE2 vlan interface200 ip address 196 168 2 1 255 255 255 0 PE2 vlan interface200 mpls PE2 vlan interface200 mpls ldp PE2 vlan interface200 quit Start the OSPF on the interface connec...

Page 321: ...interface 10 PE2 vlan interface10 mpls l2vc 1 1 1 1 100 PE2 vlan interface10 quit Note z Currently only MPLS boards with a suffix of CA or CB support VLL L2VPN Thus VLL hybrid insertion includes Hybrid insertion of non MPLS boards and MPLS boards with a suffix of CA Hybrid insertion of MPLS boards with a suffix of C and MPLS boards with a suffix of CA z All MPLS boards support MPLS L3VPN Thus L3VP...

Page 322: ...2 PE1 LoopBack0 quit PE1 mpls lsr id 1 1 1 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit Redirect the service to the virtual service interface on the L3 board and configure the backup interface for the virtual service interface PE1 interface MPLS VPLS 0 0 2 PE1 MPLS VPLS0 0 2 l2vpn vpls service binding service id 1 PE1 MPLS VPLS0 0 2 backup interface MPLS VPLS 1 0 2 PE1 MPLS VPLS0 0 2 qu...

Page 323: ...S VPLS0 0 2 quit Configure VLAN 100 and create VLAN interface 100 PE1 vlan 100 PE1 Vlan 100 port Ethernet 4 1 2 PE1 Vlan 100 interface Vlan interface 100 Bind VPLS instance aaa with VLAN interface 100 PE1 Vlan interface100 l2 binding vsi aaa 2 Configure PE 2 Configure the IGP protocol which is OSPF in this example Configure the basic MPLS capability Sysname system view Sysname sysname PE2 PE2 inte...

Page 324: ...igure LDP VPLS instance aaa PE2 vsi aaa static PE2 vsi aaa pwsignal ldp PE2 vsi aaa ldp vsi id 500 PE2 vsi aaa ldp peer 1 1 1 9 PE2 vsi aaa ldp quit PE2 vsi aaa quit Bind the MPLS VPLS virtual service interface with the VPLS instance aaa PE2 interface MPLS VPLS 0 0 2 PE2 MPLS VPLS0 0 2 l2vpn vpls service binding vsi aaa PE2 MPLS VPLS0 0 2 quit Configure VLAN 100 and create VLAN interface 100 PE2 v...

Page 325: ... 1 1 1 1 2 GRE Applications 1 3 1 2 Configuring a GRE over IPv4 Tunnel 1 4 1 2 1 Configuration Prerequisites 1 4 1 2 2 Configuration Procedure 1 5 1 3 Displaying and Maintaining GRE 1 7 1 4 GRE Tunnel Configuration Examples 1 7 1 4 1 GRE IPv4 over IPv4 Tunnel Configuration Example 1 7 1 4 2 GRE IPv6 over IPv4 Tunnel Configuration Example 1 10 1 5 Troubleshooting GRE 1 13 ...

Page 326: ...iguring IS IS IPv6 IS IS or multicasting on tunnels 1 1 GRE Overview 1 1 1 Introduction to GRE Generic routing encapsulation GRE is a protocol designed for performing encapsulation of one network layer protocol for example IP or IPX over another network layer protocol for example IP GRE uses the tunneling technology and serves as a Layer 3 tunneling protocol of virtual private network VPN A tunnel...

Page 327: ...n address and the routing table II Format of an encapsulated packet Figure 1 2 shows the format of an encapsulated packet Figure 1 2 Format of an encapsulated packet As an example Figure 1 3 shows the format of an X protocol packet encapsulated for transmission over an IP tunnel Figure 1 3 Format of an X packet encapsulated for transmission over an IP tunnel These are the involved terms z Payload ...

Page 328: ...ata volumes will degrade the forwarding efficiency for the GRE enabled device to some extent 1 1 2 GRE Applications GRE supports these types of applications z Multi protocol communications through a single protocol backbone z Scope enlargement of the network running a hop limited protocol z VPN creation by connecting discontinuous subnets I Multi protocol communications through a single protocol b...

Page 329: ...ontinuous subnets Figure 1 6 Connect discontinuous subnets with a tunnel to form a VPN In the example as shown in Figure 1 6 Group1 and Group2 running Novell IPX are deployed in different cities They can constitute a trans WAN virtual private network VPN through the GRE tunnel 1 2 Configuring a GRE over IPv4 Tunnel 1 2 1 Configuration Prerequisites Interfaces on a device such as VLAN interfaces an...

Page 330: ... prefix length ipv6 address prefix length ipv6 address ipv6 address prefix length eui 64 Any of the three must be selected By default no IPv4 address is configured on a tunnel interface Whether to configure an IPv4 or IPv6 address on a tunnel interface depends on the actual needs By default no IPv6 global unique address or site local address is configured on a tunnel interface ipv6 address auto li...

Page 331: ...ue for the tunnel interface mtu mtu size Optional Note that z For a tunnel interface that is configured with any of the above features all the configuration disappears once that interface is deleted z The source address and destination address of a tunnel uniquely identify a path They must be configured at both ends of the tunnel and are mutually the source address and the destination address z Tw...

Page 332: ...f match conditions for the expediting function only the physical ports with the link type as Access or Hybrid can be bound to the VLAN interface that acts as the source interface of a tunnel Moreover when the link type of a port is Hybrid the untagged attribute must be specified for the VLAN that sends GRE tunnel packets z The XP4DB GV48DA and GV48DB boards do not support the expediting function o...

Page 333: ...ame1 interface vlan interface 101 Sysname1 Vlan interface101 ip address 192 13 2 1 255 255 255 0 Sysname1 Vlan interface101 quit Create an interface named Tunnel 4 0 1 Sysname1 interface tunnel 4 0 1 Configure an IPv4 address for interface Tunnel 4 0 1 Sysname1 Tunnel4 0 1 ip address 10 1 2 1 255 255 255 0 Configure the tunnel encapsulation mode Sysname1 Tunnel4 0 1 tunnel protocol gre Configure t...

Page 334: ...255 255 0 tunnel 4 0 1 2 Configure Switch B Configure VLAN interface 100 Sysname2 system view Sysname2 vlan 100 Sysname2 vlan100 port GigabitEthernet 4 1 1 Sysname2 vlan100 quit Sysname2 interface vlan interface 100 Sysname2 Vlan interface100 ip address 10 1 3 1 255 255 255 0 Sysname2 Vlan interface100 quit Configure VLAN interface 101 the physical interface for the tunnel Sysname2 vlan 101 Sysnam...

Page 335: ...rvice loop group 1 in tunnel interface view Sysname2 interface tunnel 4 0 1 Sysname2 Tunnel4 0 1 aggregation group 1 Sysname2 Tunnel4 0 1 quit Add interface GigabitEthernet 4 1 3 to service loop group 1 Sysname2 interface GigabitEthernet 4 1 3 Sysname2 GigabitEthernet4 1 3 stp disable Sysname2 GigabitEthernet4 1 3 port link aggregation group 1 Configure a static route from Switch B through interfa...

Page 336: ... an IPv6 address for interface Tunnel 4 0 1 Sysname1 Tunnel4 0 1 ipv6 address 2001 1 1 64 Configure the tunnel encapsulation mode Sysname1 Tunnel4 0 1 tunnel protocol gre Configure the source address of interface Tunnel 4 0 1 to be the IP address of the Vlan interface to GigabitEthernet 4 1 2 belongs Sysname1 Tunnel4 0 1 source vlan interface 101 Configure the destination address of interface Tunn...

Page 337: ...hernet 4 1 1 Sysname2 vlan100 quit Sysname2 interface vlan interface 100 Sysname2 Vlan interface100 ipv6 address 2003 1 2 64 Sysname2 Vlan interface100 quit Configure interface VLAN interface 101 the physical interface for the tunnel Sysname2 vlan 101 Sysname2 vlan101 port GigabitEthernet 4 1 2 Sysname2 vlan101 quit Sysname2 interface vlan interface 101 Sysname2 Vlan interface101 ip address 131 10...

Page 338: ...1 Sysname2 Tunnel4 0 1 quit Add GigabitEthernet 4 1 3 to service loop group 1 Sysname2 interface GigabitEthernet 4 1 3 Sysname2 GigabitEthernet4 1 3 stp disable Sysname2 GigabitEthernet4 1 3 port link aggregation group 1 Configure a static route from Switch B through interface Tunnel 4 0 1 to Group1 Sysname2 ipv6 route static 2002 0 64 Tunnel 4 0 1 1 5 Troubleshooting GRE The GRE configurations ar...

Page 339: ...e display ip routing table command in any view respectively On Switch A observe whether there is a route from itself through Tunnel 1 0 0 to 10 2 0 0 16 On Switch B observe whether there is a route from itself through Tunnel 1 0 0 to 10 1 0 0 16 z For any missing static routes use the ip route static command in system view to configure ...

Search results

Summary of Contents for H3C S9500 Series

Reviews:

Brands by name

Popular brands

Hangzhou H3C Technologies Co., Ltd H3C S9500 Series, Operation Manual

Search results

Summary of Contents for H3C S9500 Series

Reviews:

Brands by name

Popular brands