manualshive.com logo in svg

HP 12500 Series, Configuration Manual

The HP 12500 Series is an advanced networking solution designed to meet high-performance requirements. To fully utilize its features, refer to the Quickspecs manual available for free download at our website. Obtain detailed instructions and optimize your network management effortlessly with this remarkable product.

Share
Download
background image

 

231 

 

NOTE: 

For information about routing policy configuration, see 

Layer 3—IP Routing Configuration Guide. 

 

Configuring nested VPN 

For a network with many VPNs, if you want to implement layered management of VPNs and to conceal 

the deployment of internal VPNs, nested VPN is a good solution. By using nested VPN, you can 
implement layered management of internal VPNs easily with a low cost and simple management 

operation. 

Configuration prerequisites 

Before configuring nested VPN, configure the basic MPLS L3VPN capability (see “

Configuring basic 

MPLS L3VPN

”). 

Configuring nested VPN 

To configure nested VPN: 

To do… 

Use the command… 

Remarks 

Enter system view 

system-view 

— 

Enter BGP view 

bgp 

as-number

 — 

Enter BGP VPN instance view 

ipv4-family vpn-instance 

vpn-instance-name

 

— 

Configure a CE peer or peer group 

peer 

group-name 

|

 

peer-address 

as-number 

number 

 

Required 

Return to BGP view 

quit 

— 

Enter BGP-VPNv4 subaddress 
family view 

ipv4-family vpnv4 

— 

Enable nested VPN 

nesting-vpn 

Required 
Disabled by default. 

Activate a nested VPN peer or peer 
group, and enable the BGP-VPNv4 
route exchange capability 

peer 

group-name 

|

 

peer-address 

vpn-instance 

vpn-instance-name

 enable 

Required 
By default, only IPv4 routes and no 
BGP-VPNv4 routes can be 

exchanged between nested VPN 

peers/peer groups. 

Add a peer to the nested VPN peer 
group 

peer

 peer-address 

vpn-instance 

vpn-instance-name 

group 

group-name

 

Optional 
By default, a peer is not in any 
nested VPN peer group. 

Apply a routing policy to routes 
received from a nested VPN peer 

or peer group 

peer

 { 

group-name 

|

 

peer-address 

vpn-instance 

vpn-instance-name

 route-policy 

route-policy-name 

import 

Optional 
By default, no routing policy is 
applied to routes received from a 

nested VPN peer or peer group. 

 

Summary of Contents for 12500 Series

Page 1: ...HP 12500 Routing Switch Series MPLS Configuration Guide Part number 5998 2826 Software version A12500 CMW520 R1726 Document version 6W170 20111130 ...

Page 2: ...MATERIAL INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE Hewlett Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing performance or use of this material The only warranties for HP products and services are set forth in the express warranty statements accompan...

Page 3: ...ction 16 Configuring LDP MD5 authentication 17 Configuring LDP label filtering 17 Maintaining LDP sessions 19 Configuring BFD for MPLS LDP 19 Resetting LDP sessions 20 Managing and optimizing MPLS forwarding 20 Configuring MPLS MTU 20 Configuring TTL processing mode at ingress 21 Sending back ICMP TTL exceeded messages for MPLS TTL expired packets 22 Configuring LDP GR 23 Configuring MPLS statisti...

Page 4: ...P setup 63 Configuration prerequisites 63 Configuration procedure 63 Tuning MPLS TE tunnel setup 65 Configuration prerequisites 66 Configuration procedures 66 Configuring traffic forwarding 67 Configuration prerequisites 67 Configuration procedures 67 Configuring traffic forwarding tuning parameters 69 Configuration prerequisites 69 Configuration procedure 69 Configuring CR LSP backup 71 Configura...

Page 5: ...nsion 134 Configuring a BGP VPLS instance 135 Resetting VPLS BGP connections 135 Binding a VPLS instance 135 Binding a Layer 3 interface with a VPLS instance 136 Binding a service instance with a VPLS instance 136 Configuring VPLS and MAC in MAC dual stack support 137 Configuring MAC address learning 138 Configuring VPLS instance attributes 139 Configuring traffic policing for an AC 139 Inspecting...

Page 6: ...schemes 195 MPLS L3VPN routing information advertisement 198 Inter AS VPN 199 Carrier s carrier 202 Nested VPN 204 Multi role host 206 HoVPN 206 OSPF VPN extension 208 BGP AS number substitution and SoO 211 Multi VPN instance CE 212 MPLS L3VPN configuration task list 213 Configuring basic MPLS L3VPN 213 Configuration prerequisites 213 Configuring VPN instances 214 Configuring routing between PE an...

Page 7: ...ng BGP AS number substitution 326 Configuring multi role host 329 Configuring BGP AS number substitution and SoO 334 Configuring IPv6 MPLS L3VPN 337 IPv6 MPLS L3VPN overview 337 IPv6 MPLS L3VPN packet forwarding 338 IPv6 MPLS L3VPN routing information advertisement 338 IPv6 MPLS L3VPN networking schemes and functions 339 IPv6 MPLS L3VPN configuration task list 339 Configuring basic IPv6 MPLS L3VPN...

Page 8: ...vi Configuring IPv6 MPLS L3VPNs 359 Configuring inter AS IPv6 VPN option A 367 Configuring inter AS IPv6 VPN option C 372 Configuring carrier s carrier 379 Configuring MCE 386 Index 393 ...

Page 9: ...ing highly efficient and fast data forwarding on backbone networks MPLS resides between the link layer and the network layer It can work over various link layer protocols for example PPP ATM frame relay and Ethernet provide connection oriented services for various network layer protocols for example IPv4 IPv6 and IPX and work with mainstream network technologies MPLS is connection oriented and sup...

Page 10: ... LER A label edge router LER resides at the edge of an MPLS network and is connected with another network LSP A label switched path LSP is the path along which packets of a FEC travel through an MPLS network An LSP is a unidirectional path from the ingress of an MPLS network to the egress On an LSP two neighboring LSRs are called the upstream LSR and downstream LSR respectively In Figure 2 LSR B i...

Page 11: ...gh manual configuration To establish a static LSP you must assign a label to the FEC on each LSR along the packet forwarding path Establishment of static LSPs consumes fewer resources than dynamic LSP establishment However static LSPs cannot adapt to network topology changes Therefore static LSPs are suitable for small scale networks with simple stable topologies Establishing an LSP through a labe...

Page 12: ... Process of dynamic LSP establishment Label distribution and management An LSR informs its upstream LSRs of labels assigned to FECs through label advertisement The label advertisement modes include downstream unsolicited DU and downstream on demand DoD The label distribution control modes include independent and ordered Label management specifies the mode for processing a received label binding th...

Page 13: ...DoD the LSR distributes a label to its upstream as long as it receives a label request from the upstream Figure 6 Independent label distribution control mode In ordered mode an LSR distributes its label binding for a FEC upstream only when it receives a label binding for the FEC from its downstream or it is the egress of the FEC In Figure 5 label distribution control is in ordered mode In this cas...

Page 14: ...t is used to forward MPLS packets FEC to NHLFE FTN map FTN maps each FEC to a set of NHLFEs at the ingress LSR The FTN map is used for forwarding unlabeled packets that need MPLS forwarding When an LSR receives an unlabeled packet it looks for the corresponding FIB entry If the Token value of the FIB entry is not Invalid the packet needs to be forwarded through MPLS The LSR then looks for the corr...

Page 15: ...0 and then forwards the labeled packet to the next hop LSR Router D through the outgoing interface GE3 0 2 3 Upon receiving the labeled packet Router D the egress looks for the ILM entry according to the label 50 to get the Token value Because the Token is empty Router D removes the label from the packet If the ILM entry records the outgoing interface Router D forwards the packet through the outgo...

Page 16: ...notification LDP peer Two LSRs using LDP to exchange FEC label bindings are LDP peers LDP message type LDP messages fall into the following types Discovery messages declare and maintain the presence of LSRs Session messages establish maintain and terminate sessions between LDP peers Advertisement messages create alter and remove FEC label bindings Notification messages provide advisory information...

Page 17: ...ity An LSR determines the integrity of an LDP session according to the LDP PDU which carries one or more LDP messages transmitted on the session Before the Keepalive timer times out if two LDP peers have no information to exchange they can send Keepalive messages to each other to maintain the LDP session If an LSR does not receive any LDP PDU from its peer during a Keepalive interval it closes the...

Page 18: ...d reading Setting MPLS statistics reading interval Optional Inspecting LSPs Configuring MPLS LSP ping Optional Configuring MPLS LSP tracert Optional Configuring BFD for LSPs Optional Configuring periodic LSP tracert Optional Enabling MPLS trap Optional NOTE Layer 3 interfaces such as Layer 3 Ethernet interfaces and VLAN interfaces support MPLS Tunnel interfaces and Layer 2 interfaces do not suppor...

Page 19: ...uring a static LSP The principle of establishing a static LSP is that the outgoing label of an upstream LSR is the incoming label of its downstream LSR Configuration prerequisites Before you configure a static LSP complete the following tasks Determine the ingress LSR transit LSRs and egress LSR for the static LSP Enable MPLS on all these LSRs Make sure that the ingress LSR has a route to the FEC ...

Page 20: ... you configure a static IP route for the LSP be sure to specify the same next hop or outgoing interface for the static route and the static LSP For an ingress or transit LSR do not specify the public address of an interface on the LSR as the next hop address For information about configuring a static IP route see Layer 3 IP Routing Configuration Guide Establishing dynamic LSPs through LDP Configur...

Page 21: ...terface interface type interface number Set the link Hello timer mpls ldp timer hello hold value Optional 15 seconds by default Set the link Keepalive timer mpls ldp timer keepalive hold value Optional 45 seconds by default Configure the LDP transport address mpls ldp transport address ip address interface Optional MPLS LSR ID of the LSR by default CAUTION If you configure an LDP transport address...

Page 22: ...mote peer IP addresses If a local adjacency exists between two peers no remote adjacency can be established between them If a remote adjacency exists between two peers you can configure a local adjacency for them However the local adjacency can be established only when the transport address and keepalive settings for the local peer and those for the remote peer match respectively in which case the...

Page 23: ...lishment of LSPs reducing the number of LSPs to be established on the LSR and avoiding instability of the LSR caused by excessive LSPs An LSR supports two types of LSP triggering policies Allowing all routing entries to trigger establishment of LSPs Filtering routing entries by an IP prefix list so that static and IGP routes denied by the IP prefix list will not trigger LSP establishment To use th...

Page 24: ...e LDP loop detection mechanism can detect looping LSPs and prevent LDP messages from looping forever LDP loop detection can be in either of two modes Maximum hop count A label request message or label mapping message carries information about its hop count which increments by 1 for each hop When this value reaches the specified limit LDP considers that a loop is present and terminates the establis...

Page 25: ...g the routing protocol s loop detection mechanism Configuring LDP MD5 authentication LDP sessions are established based on TCP connections To improve the security of LDP sessions you can configure MD5 authentication for the underlying TCP connections so that the TCP connections can be established only if the peers have the same authentication password To configure LDP MD5 authentication To do Use ...

Page 26: ...bel advertisement control Label advertisement control is for filtering label bindings to be advertised A downstream LSR advertises only the label bindings of the specified FECs to the specified upstream LSR As shown in Figure 9 downstream device LSR A advertises to upstream device LSR B only label bindings with FEC destinations permitted by prefix list B and advertises to upstream device LSR C onl...

Page 27: ...ion failures between remote LDP peers and reset LDP sessions Configuring BFD for MPLS LDP MPLS itself cannot detect a neighbor failure or link failure in time If communication between two remote LDP peers fails the LDP session will be down and as a result MPLS forwarding will fail By cooperating with bidirectional forwarding detection BFD MPLS LDP can be quickly aware of communication failures bet...

Page 28: ...cannot be forwarded although the network layer packet is smaller than the MTU of the interface To address the issue you can configure the MPLS MTU on an interface of an LSR Then the LSR will compare the length of an MPLS packet against the configured MPLS MTU on the interface When the packet is larger than the MPLS MTU If fragmentation is allowed the LSR removes the label stack from the packet fra...

Page 29: ... of the label at the stack top by 1 When an LSR pops a label it copies the TTL value of the label at the stack top back to the TTL field of the IP packet In this case the TTL value of a packet is decreased hop by hop when forwarded along the LSP Therefore the result of tracert will reflect the real path along which the packet has traveled Figure 10 Label TTL processing when IP TTL propagation is e...

Page 30: ...nformation about PE see the chapter Configuring MPLS L3VPN Sending back ICMP TTL exceeded messages for MPLS TTL expired packets After you enable an LSR to send back ICMP TTL exceeded messages for MPLS TTL expired packets when the LSR receives an MPLS packet that carries a label with TTL being 1 it will generate an ICMP TTL exceeded message and send the message to the packet sender in one of the fo...

Page 31: ...vel along the local IP routes This configuration does not take effect when the MPLS packets carry multiple levels of labels ICMP TTL exceeded messages for such MPLS packets always travel along the LSPs Specify that ICMP TTL exceeded messages for MPLS packets with only one level of label travel along the LSPs undo ttl expiration pop Configuring LDP GR MPLS has two separate planes the forwarding pla...

Page 32: ...time if the LDP session fails to be re established the GR helper will delete the FEC label bindings marked stale 4 If the session is re established successfully during the LDP recovery time the GR helper and the GR restarter will use the new LDP session to exchange the label mapping information update the LFIB and delete the stale marks of the corresponding forwarding entries The LDP recovery time...

Page 33: ...the packet forwarding path is changed and whether packet forwarding is interrupted Use the following command to restart MPLS LDP gracefully To do Use the command Remarks Restart MPLS LDP gracefully graceful restart mpls ldp Required Available in user view NOTE The graceful restart mpls ldp command is only used to test MPLS LDP GR function It does not perform active standby switchover Do not perfor...

Page 34: ... source ip c count exp exp value h ttl value m wait time r reply mode s packet size t time out v ipv4 dest addr mask length destination ip addr header Required Available in any view Configuring MPLS LSP tracert MPLS LSP tracert is for locating LSP errors It consecutively sends the MPLS echo requests along the LSP to be inspected with the TTL increasing from 1 to a specific value Then each hop alon...

Page 35: ...s for the loopback interface and configure the IP address as the MPLS LSR ID You can also configure BFD session parameters for the loopback interface as needed For more information about BFD see High Availability Configuration Guide To establish a static BFD session make sure that there is already an LSP from the local switch to the remote switch and an LSP from the remote switch to the local swit...

Page 36: ...ure periodic tracert for an LSP to the specified FEC destination periodic tracert destination address mask length a source ip exp exp value h ttl value m wait time t time out u retry attempt Required Not configured by default Enabling MPLS trap With the MPLS trap function enabled trap packets of the notifications level are generated to report critical MPLS events Such trap packets are sent to the ...

Page 37: ...label value2 all begin exclude include regular expression Available in any view Display information about LSPs display mpls lsp incoming interface interface type interface number outgoing interface interface type interface number in label in label value out label out label value asbr vpn instance vpn instance name protocol bgp bgp ipv6 crldp ldp rsvp te static static cr egress ingress transit excl...

Page 38: ...play mpls route state vpn instance vpn instance name dest addr mask length begin exclude include regular expression Available in any view Display statistics for all LSPs or the LSP with a specific index or name display mpls statistics lsp index all name lsp name begin exclude include regular expression Available in any view Display MPLS statistics for one or all interfaces display mpls statistics ...

Page 39: ...vpn instance vpn instance name dest addr mask length begin exclude include regular expression Available in any view Display information about CR LSPs established by CR LDP display mpls ldp cr lsp lspid lsr id lsp id begin exclude include regular expression Available in any view Display information about the specified LDP instance display mpls ldp vpn instance vpn instance name begin exclude includ...

Page 40: ...ach ingress node Such a route is not required on the transit and egress nodes You do not need to configure any routing protocol on the switches Configuration procedure 1 Configure IP addresses for the interfaces according to Figure 13 Details not shown 2 Configure a static route to the destination address of the FEC on each ingress node Configure a static route to network 21 1 1 0 24 on Switch A S...

Page 41: ...SwitchB static lsp transit AtoC incoming interface vlan interface 2 in label 30 nexthop 20 1 1 2 out label 50 Configure the LSP egress Switch C SwitchC static lsp egress AtoC incoming interface vlan interface 3 in label 50 5 Create a static LSP from Switch C to Switch A Configure the LSP ingress Switch C SwitchC static lsp ingress CtoA destination 11 1 1 0 24 nexthop 20 1 1 1 out label 40 Configur...

Page 42: ...tes press CTRL_C to break Reply from 10 1 1 1 bytes 100 Sequence 1 time 3 ms Reply from 10 1 1 1 bytes 100 Sequence 2 time 2 ms Reply from 10 1 1 1 bytes 100 Sequence 3 time 2 ms Reply from 10 1 1 1 bytes 100 Sequence 4 time 2 ms Reply from 10 1 1 1 bytes 100 Sequence 5 time 2 ms FEC IPV4 PREFIX 11 1 1 0 24 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min ...

Page 43: ...chA ospf 1 area 0 0 0 0 quit SwitchA ospf 1 quit Configure OSPF on Switch B Sysname system view Sysname sysname SwitchB SwitchB ospf SwitchB ospf 1 area 0 SwitchB ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 SwitchB ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 network 20 1 1 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 quit SwitchB ospf 1 quit Configure OSPF on Switch C Sys...

Page 44: ...tchA mpls ldp quit SwitchA interface vlan interface 2 SwitchA Vlan interface2 mpls SwitchA Vlan interface2 mpls ldp SwitchA Vlan interface2 quit Configure Switch B SwitchB mpls lsr id 2 2 2 9 SwitchB mpls SwitchB mpls quit SwitchB mpls ldp SwitchB mpls ldp quit SwitchB interface vlan interface 2 SwitchB Vlan interface2 mpls SwitchB Vlan interface2 mpls ldp SwitchB Vlan interface2 quit SwitchB inte...

Page 45: ...urce 2 2 2 9 0 2 2 2 9 Vlan interface2 4 Allow all static routes and IGP routes to trigger LDP to establish LSPs Configure the LSP establishment triggering policy on Switch A SwitchA mpls SwitchA mpls lsp trigger all SwitchA mpls return Configure the LSP establishment triggering policy on Switch B SwitchB mpls SwitchB mpls lsp trigger all SwitchB mpls quit Configure the LSP establishment triggerin...

Page 46: ...C ping lsp ipv4 11 1 1 0 24 LSP Ping FEC IPV4 PREFIX 11 1 1 0 24 100 data bytes press CTRL_C to break Reply from 10 1 1 1 bytes 100 Sequence 1 time 2 ms Reply from 10 1 1 1 bytes 100 Sequence 2 time 2 ms Reply from 10 1 1 1 bytes 100 Sequence 3 time 2 ms Reply from 10 1 1 1 bytes 100 Sequence 4 time 3 ms Reply from 10 1 1 1 bytes 100 Sequence 5 time 2 ms FEC IPV4 PREFIX 11 1 1 0 24 ping statistics...

Page 47: ...en Switch A and Switch C one for detecting the connectivity of the LSP Switch A Switch B Switch C and the other for detecting the connectivity of the LSP Switch C Switch B Switch A You can use the following command to view the verbose information of the BFD sessions SwitchA display bfd session verbose Total session number 2 Up session number 2 Init mode Active IPv4 session working under Ctrl mode ...

Page 48: ...40 Running Up for 00 15 44 Auth mode None Connect Type Indirect Board Num 7 Protocol MFW LSPV Diag Info No Diagnostic ...

Page 49: ...ail to present some dynamic factors such as bandwidth and traffic characteristics This IGP disadvantage can be repaired by using an overlay model such as IP over ATM or IP over FR An overlay model provides a virtual topology above the physical network topology for a more scalable network design It also provides better traffic and resources control support for implementing a variety of traffic engi...

Page 50: ...advertising TE attributes calculating paths establishing paths and forwarding packets Advertising TE attributes MPLS TE must be aware of dynamic TE attributes of each link on the network This is achieved by extending link state based IGPs such as OSPF and IS IS OSPF and IS IS extensions add to link states such TE attributes as link bandwidth color among which maximum reservable link bandwidth and ...

Page 51: ...se explicit route if the downstream LSR selection conditions rather than LSRs are defined Traffic characteristics Traffic is described in terms of peak rate committed rate and service granularity The peak and committed rates describe the bandwidth constraints of a path while the service granularity specifies a constraint on the delay variation that the CR LDP MPLS domain may introduce to a path s ...

Page 52: ...traffic trunks will traverse If a better route is found for an existing CR LSP a new CR LSP is established to replace the old one and services are switched to the new CR LSP RSVP TE Overview Two QoS models are available Integrated Service IntServ and Differentiated Service DiffServ Resource Reservation Protocol RSVP is designed for IntServ It reserves resources on each node along a path RSVP opera...

Page 53: ...e Router A Router B Router C Router D path is inadequate The problem cannot be addressed by selecting another path Router A Router E Router C Router D because the bandwidth of the Router C Router D link is inadequate To address the problem you may use the make before break mechanism It allows the new path to share the bandwidth of the original path at the Router C Router D link Upon creation of th...

Page 54: ...unnel with RSVP 1 The ingress LSR sends a Path message that carries the label request information and then forwards the message along the path calculated by CSPF hop by hop towards the egress LSR 2 After receiving the Path message the egress generates a Resv message carrying the reservation information and label and then forwards the message towards the ingress along the reverse direction of the p...

Page 55: ...ock PSB on the upstream nodes while the LABEL object is stored in the reservation state block RSB on the downstream nodes The state stored in the PSB or RSB object times out and is removed after the number of consecutive non refreshing times exceeds the PSB or RSB timeout keep multiplier Sometimes although a reservation request does not pass admission control on some node you may want to store the...

Page 56: ... routed if you do not configure it to travel the tunnel For traffic to be routed along an MPLS TE tunnel you can use static routing policy routing or automatic route advertisement Static routing Static routing is the easiest way to route traffic along an MPLS TE tunnel You only need to manually create a route that reaches the destination through the tunnel interface NOTE For more information about...

Page 57: ...d path protection for the entire LSP without time limitation This is different from Fast Reroute FRR which provides quick but temporary per link or per node protection on an LSP In the same TE tunnel the LSP used to back up a primary LSP is called a secondary LSP When the ingress of a TE tunnel detects that the primary LSP is unavailable it switches traffic to the secondary LSP and after the prima...

Page 58: ...ion for an LSP Link protection where the PLR and the MP are connected through a direct link and the primary LSP traverses this link When the link fails traffic is switched to the bypass LSP As shown in Figure 18 the primary LSP is Router A Router B Router C Router D and the bypass LSP is Router B Router F Router C Figure 18 FRR link protection Node protection where the PLR and the MP are connected...

Page 59: ...externally configured switching command which can define the following switching actions in the descending order of priority clear Clears all configured switching actions lock lockout of protection Always uses the main LSP to transfer data force forced switch Forces data to travel on the backup LSP manual manual switch Switches data from the main LSP to the backup LSP Signal switching Signal Fail ...

Page 60: ...h automatic route advertisement Configuring traffic forwarding tuning parameters Optional Configuring CR LSP backup Optional Configuring FRR Optional Inspecting an MPLS TE tunnel Optional Configuring protection switching Optional Configuring MPLS TE basic settings This configuration task includes the basic settings required for all MPLS TE features Configuration prerequisites Before you configure ...

Page 61: ...e current tunnel configuration mpls te commit Required NOTE For information about tunnel interfaces see Layer 3 IP Services Configuration Guide Creating MPLS TE tunnel over static CR LSP Creating MPLS TE tunnels over static CR LSPs does not involve configuration of tunnel constraints or the issue of IGP TE extension or CSPF Create a static CR LSP and a TE tunnel using static signaling and then ass...

Page 62: ...ace type interface number in label in label value nexthop next hop addr out label out label value bandwidth ct0 ct1 ct2 ct3 bandwidth value Create a static CR LSP on the egress node static cr lsp egress tunnel name incoming interface interface type interface number in label in label value bandwidth ct0 ct1 ct2 ct3 bandwidth value NOTE The tunnel name argument in the static cr lsp ingress command m...

Page 63: ...asic MPLS Configure MPLS TE basic settings Configuration procedure Complete the following tasks to configure an MPLS TE tunnel using a dynamic signaling protocol Task Remarks Configuring CSPF Optional Configuring OSPF TE Required when CSPF is configured Choose one depending on the IGP protocol used Configuring IS IS TE Configuring an MPLS TE explicit path Optional Configuring MPLS TE tunnel constr...

Page 64: ...ng protocol is IS IS and a dynamic signaling protocol is used for MPLS TE tunnel setup In case both OSPF TE and IS IS TE are available OSPF TE takes priority The IS IS TE extension uses the sub TLV of IS reachability TLV type 22 to carry TE attributes Before configuring IS IS TE configure the IS IS wide metric style which can be wide compatible or wide compatible NOTE According to RFC 3784 the len...

Page 65: ...h the sub TLV of IS reachability TLV type 22 HP does not recommend enabling IS IS TE on an interface configured with secondary IP addresses Configuring an MPLS TE explicit path An explicit path is a set of nodes The relationship between any two neighboring nodes on an explicit path can be either strict or loose Strict The two nodes are directly connected Loose The two nodes have devices in between...

Page 66: ...mous Systems ASs you must use a loose explicit route specify the area border router ABR or autonomous system boundary router ASBR as the next hop of the route and make sure that the tunnel s ingress node and the ABR or ASBR are reachable to each other Configuring MPLS TE tunnel constraints To configure MPLS TE tunnel constraints To do Use the command Remarks Enter system view system view Enter MPL...

Page 67: ...iability network resources and other advanced features of MPLS TE Before performing the configuration tasks in this section be aware of each configuration objective and its impact on your network Configuration prerequisites Before you configure RSVP TE advanced features complete the following tasks Configure basic MPLS Configure MPLS TE basic settings Establish an MPLS TE tunnel with RSVP TE Confi...

Page 68: ...ultiplier number Optional The default is 3 Configure the blockade timeout multiplier mpls rsvp te blockade multiplier number Optional The default blockade timeout multiplier is 4 Configuring the RSVP refreshing mechanism To enhance reliability of RSVP message transmission the Message_ID extension mechanism is used to acknowledge RSVP messages The Message_ID extension mechanism is also referred to ...

Page 69: ...d failed mpls rsvp te hello lost times Optional By default the link is considered failed if three consecutive hellos are lost Configure the hello interval mpls rsvp te timer hello timevalue Optional The default is 3 seconds Exit to system view quit Enter interface view of MPLS TE link interface interface type interface number Enable interface RSVP hello extension mpls rsvp te hello Required Disabl...

Page 70: ... RSVP authentication mpls rsvp te authentication cipher plain auth key Required Disabled by default NOTE Do not configure both FRR and RSVP authentication on the same interface Configuring RSVP TE GR The RSVP TE GR function depends on the extended hello capability of RSVP TE Be sure to enable the extended hello capability of RSVP TE before configuring RSVP TE GR To configure RSVP TE GR on each dev...

Page 71: ... is established through the signaling protocol based on the path calculated by CSPF using TEDB and constraints MPLS TE can affect CSPF calculation in many ways to determine the path that a CR LSP can traverse Configuration prerequisites The configuration tasks described in this section are about CSPF of MPLS TE They must be used in conjunction with CSPF and the dynamic signal protocol RSVP TE Befo...

Page 72: ...system view system view Enter MPLS TE tunnel interface view interface tunnel tunnel number Enable route pinning mpls te route pinning Required Disabled by default Submit current tunnel configuration mpls te commit Required Configuring administrative group and affinity attribute The affinity attribute of an MPLS TE tunnel identifies the properties of the links that the tunnel can use Together with ...

Page 73: ...he default affinity attribute is 0x00000000 and the default mask is 0x00000000 Submit current tunnel configuration mpls te commit Required Configuring CR LSP reoptimization Dynamic CR LSP optimization involves periodic calculation of paths that traffic trunks traverse If a better route is found for an existing CR LSP a new CR LSP is established to replace the old one and services are switched to t...

Page 74: ...ce view interface tunnel tunnel number Enable the system to record routes or label bindings when setting up the tunnel Record routes mpls te record route Required Use either of the commands Both route recording and label binding recording are disabled by default Record routes and label bindings mpls te record route label Submit current tunnel configuration mpls te commit Required Configuring tunne...

Page 75: ...priority hold priority Optional The default setup and holding priorities are 7 Submit current tunnel configuration mpls te commit Required Configuring traffic forwarding Configuration prerequisites Before you configure traffic forwarding complete the following tasks Configure basic MPLS Configure MPLS TE basic settings Configure MPLS TE tunnels Configuration procedures Forwarding traffic along MPL...

Page 76: ...f path calculation in either approach If it is absolute the metric is directly used for path calculation If it is relative the cost of the corresponding IGP path must be added to the metric before it can be used for path calculation Enable OSPF or IS IS on the tunnel interface of the MPLS TE tunnel before configuring automatic route advertisement 1 Configure IGP shortcut To configure IGP shortcut ...

Page 77: ...se Required Disabled by default NOTE If you use automatic route advertisement you must specify the destination address of the TE tunnel as the LSR ID of the peer and advertise the tunnel interface address to IGPs such as OSPF and ISIS Configuring traffic forwarding tuning parameters In MPLS TE you may configure traffic forwarding tuning parameters such as the failed link timer and flooding thresho...

Page 78: ...ew system view Enter MPLS TE tunnel interface view interface interface type interface number Configure the up down thresholds for IGP to flood bandwidth changes mpls te bandwidth change thresholds down up percent Optional Both up and down flooding thresholds are 10 by default Specifying the link metric type for tunnel path calculation To specify the metric type for tunnel path calculation To do Us...

Page 79: ...r vpn instance vpn instance name Optional Traffic flow types of TE tunnels are not restricted by default Submit current tunnel configuration mpls te commit Required Configuring CR LSP backup CR LSP backup provides end to end path protection to protect the entire LSP Configuration prerequisites Before you configure CR LSP backup complete the following tasks Configure basic MPLS Configure MPLS TE ba...

Page 80: ...ndwidth assigned to the bypass LSP is not less than the total bandwidth needed by all protected LSPs Normally bypass tunnels only forward data traffic when protected primary tunnels fail To allow a bypass tunnel to forward data traffic while protecting the primary tunnel you need to make sure that bypass tunnels are available with adequate bandwidth A bypass tunnel cannot be used for services like...

Page 81: ...mber Specify the destination address of the bypass tunnel destination ip address Required For node protection this is the LSR ID of the next hop router of PLR For link protection this is the LSR ID of the next hop device of PLR Configure the bandwidth and type of LSP that the bypass tunnel can protect mpls te backup bandwidth bandwidth ct0 ct1 ct2 ct3 bandwidth un limited Required Bandwidth is not...

Page 82: ...e again or a new LSP is established traffic is switched to the protected or new LSP After this switchover the PLR polls available bypass tunnels for the best one at the regular interval specified by the FRR polling timer To configure the FRR polling timer To do Use the command Remarks Enter system view of the PLR node system view Enter MPLS view mpls Configure the FRR polling timer mpls te timer f...

Page 83: ...e errors of an MPLS TE tunnel tracert lsp a source ip exp exp value h ttl value r reply mode t time out te interface type interface number Required Available in any view Configuring BFD for an MPLS TE tunnel You can configure BFD for an MPLS TE tunnel to implement fast detection of the connectivity of the tunnel After you configure BFD for an MPLS TE tunnel a BFD session will be established betwee...

Page 84: ...ssion Even if you configure the two nodes to both work in passive mode the BFD session will still be established successfully Configuration prerequisites The source address of the BFD session is the MPLS LSR ID Before configuring BFD to inspect an MPLS TE tunnel make sure that there is a route on the peer device to the MPLS LSR ID You can also configure the BFD session parameters on the tunnel int...

Page 85: ...ilure and if RSVP does not re establish the RSVP TE tunnel within a specific period of time MPLS TE will remove the failed RSVP TE tunnel and then re establish it To configure periodic LSP tracert for an MPLS TE tunnel To do Use the command Remarks Enter system view system view Enable LSP verification and enter MPLS LSPV view mpls lspv Required By default LSP verification is disabled Return to sys...

Page 86: ...ration of the tunnel mpls te commit Required Displaying and maintaining MPLS TE To do Use the command Remarks Display information about explicit paths display explicit path path name begin exclude include regular expression Available in any view Display information about static CR LSPs display mpls static cr lsp lsp name lsp name include exclude ip address prefix length verbose begin exclude inclu...

Page 87: ... rsvp te sender interface interface type interface number begin exclude include regular expression Available in any view Display statistics about RSVP TE display mpls rsvp te statistics global interface interface type interface number begin exclude include regular expression Available in any view Display criteria compliant information about CSPF based TEDB display mpls te cspf tedb all area area i...

Page 88: ...pression Available in any view Display the information of the specified or all OSPF processes about traffic tuning display ospf process id traffic adjustment begin exclude include regular expression Available in any view Display information about OSPF TE display ospf process id mpls te area area id self originated begin exclude include regular expression Available in any view Display the latest TE...

Page 89: ...d te tunnel tunnel number begin exclude include regular expression Available in any view Display information about the specified tunnels and their protection tunnels display mpls te protection tunnel tunnel id all verbose begin exclude include regular expression Available in any view Clear the statistics about RSVP TE reset mpls rsvp te statistics global interface interface type interface number A...

Page 90: ...hA LoopBack0 isis enable 1 SwitchA LoopBack0 quit Configure Switch B SwitchB system view SwitchB isis 1 SwitchB isis 1 network entity 00 0005 0000 0000 0002 00 SwitchB isis 1 quit SwitchB interface vlan interface 1 SwitchB Vlan interface1 isis enable 1 SwitchB Vlan interface1 quit SwitchB interface vlan interface 2 SwitchB Vlan interface2 isis enable 1 SwitchB Vlan interface2 quit SwitchB interfac...

Page 91: ...t 0 0 2 1 1 1 Vlan1 2 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 2 2 2 2 32 ISIS 15 10 2 1 1 2 Vlan1 3 2 1 0 24 ISIS 15 20 2 1 1 2 Vlan1 3 3 3 3 32 ISIS 15 20 2 1 1 2 Vlan1 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 3 Configure MPLS TE basic settings Configure Switch A SwitchA mpls lsr id 1 1 1 1 SwitchA mpls SwitchA mpls mpls te SwitchA mpls quit SwitchA interfa...

Page 92: ...CR LSP SwitchB static cr lsp transit tunnel0 incoming interface Vlan interface1 in label 20 nexthop 3 2 1 2 out label 30 Configure Switch C as the egress node of the static CR LSP SwitchC static cr lsp egress tunnel0 incoming interface Vlan interface2 in label 30 6 Verify the configuration Perform the display interface tunnel command on Switch A You can find that the tunnel interface is up SwitchA...

Page 93: ...fy information about the static CR LSP SwitchA display mpls lsp LSP Information STATIC CRLSP FEC In Out Label In Out IF Vrf Name 3 3 3 3 32 NULL 20 Vlan1 SwitchB display mpls lsp LSP Information STATIC CRLSP FEC In Out Label In Out IF Vrf Name 20 30 Vlan1 Vlan2 SwitchC display mpls lsp LSP Information STATIC CRLSP FEC In Out Label In Out IF Vrf Name 30 NULL Vlan1 SwitchA display mpls static cr lsp...

Page 94: ...IS and all of them are Level 2 devices Use RSVP TE to create a TE tunnel with 2000 kbps of bandwidth from Switch A to Switch D Figure 21 Network diagram Device Interface IP address Device Interface IP address Switch A Loop0 1 1 1 9 32 Switch D Loop0 4 4 4 9 32 Vlan int1 10 1 1 1 24 Vlan int3 30 1 1 2 24 Switch B Loop0 2 2 2 9 32 Switch C Loop0 3 3 3 9 32 Vlan int1 10 1 1 2 24 Vlan int3 30 1 1 1 24...

Page 95: ...is enable 1 SwitchB LoopBack0 isis circuit level level 2 SwitchB LoopBack0 quit Configure Switch C SwitchC system view SwitchC isis 1 SwitchC isis 1 network entity 00 0005 0000 0000 0003 00 SwitchC isis 1 quit SwitchC interface vlan interface 3 SwitchC Vlan interface3 isis enable 1 SwitchC Vlan interface3 isis circuit level level 2 SwitchC Vlan interface3 quit SwitchC interface vlan interface 2 Sw...

Page 96: ...7 0 0 1 InLoop0 20 1 1 0 24 ISIS 15 20 10 1 1 2 Vlan1 30 1 1 0 24 ISIS 15 30 10 1 1 2 Vlan1 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 3 Configure MPLS TE basic settings and enable RSVP TE and CSPF Configure Switch A SwitchA mpls lsr id 1 1 1 9 SwitchA mpls SwitchA mpls mpls te SwitchA mpls mpls rsvp te SwitchA mpls mpls te cspf SwitchA mpls quit SwitchA int...

Page 97: ...nterface2 mpls te SwitchC Vlan interface2 mpls rsvp te SwitchC Vlan interface2 quit Configure Switch D SwitchD mpls lsr id 4 4 4 9 SwitchD mpls SwitchD mpls mpls te SwitchD mpls mpls rsvp te SwitchD mpls mpls te cspf SwitchD mpls quit SwitchD interface vlan interface 3 SwitchD Vlan interface3 mpls SwitchD Vlan interface3 mpls te SwitchD Vlan interface3 mpls rsvp te SwitchD Vlan interface3 quit 4 C...

Page 98: ...t state UP Line protocol current state UP Description Tunnel1 Interface The Maximum Transmit Unit is 64000 Internet Address is 7 1 1 1 24 Primary Encapsulation is TUNNEL service loopback group ID not set Tunnel source unknown destination 4 4 4 9 Tunnel protocol transport CR_LSP Output queue Urgent queuing Size Length Discards 0 100 0 Output queue Protocol queuing Size Length Discards 0 500 0 Outpu...

Page 99: ...es Protected VPN Bind Type NONE VPN Bind Value Car Policy Disabled Tunnel Group Primary Primary Tunnel Backup Tunnel Group Status Perform the display mpls te cspf tedb all command on Switch A to view information about links in TEDB SwitchA display mpls te cspf tedb all Maximum Node Supported 128 Maximum Link Supported 256 Current Total Node Number 4 Current Total Link Number 6 Id MPLS LSR Id IGP P...

Page 100: ...e Interface IP address Switch A Loop0 1 1 1 9 32 Switch D Loop0 4 4 4 9 32 Vlan int1 10 1 1 1 24 Vlan int3 30 1 1 2 24 Switch B Loop0 2 2 2 9 32 Switch C Loop0 3 3 3 9 32 Vlan int1 10 1 1 2 24 Vlan int3 30 1 1 1 24 Vlan int2 20 1 1 1 24 Vlan int2 20 1 1 2 24 Configuration procedure 1 Assign IP addresses and masks to interfaces see Figure 22 2 Configure OSPF to advertise routes within the ASs Confi...

Page 101: ... 0 0 0 SwitchD ospf 1 area 0 0 0 0 quit SwitchD ospf 1 quit After the configurations execute the display ip routing table command on each device The output shows that the switch in an AS has learned the route to the LSR ID of the other device in the AS Take Switch A as an example SwitchA display ip routing table Routing Tables Public Destinations 6 Routes 6 Destination Mask Proto Pre Cost NextHop ...

Page 102: ...1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 20 1 1 0 24 O_ASE 150 1 10 1 1 2 Vlan1 30 1 1 0 24 O_ASE 150 1 10 1 1 2 Vlan1 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 4 Configure MPLS TE basic settings and enable RSVP TE and CSPF Configure Switch A SwitchA mpls lsr id 1 1 1 9 SwitchA mpls SwitchA mpls mpls te SwitchA mpls mpls rsvp te SwitchA mpls mpls te cspf Switc...

Page 103: ...SwitchC Vlan interface3 mpls SwitchC Vlan interface3 mpls te SwitchC Vlan interface3 mpls rsvp te SwitchC Vlan interface3 quit Configure Switch D SwitchD mpls lsr id 4 4 4 9 SwitchD mpls SwitchD mpls mpls te SwitchD mpls mpls rsvp te SwitchD mpls mpls te cspf SwitchD mpls quit SwitchD interface vlan interface 3 SwitchD Vlan interface3 mpls SwitchD Vlan interface3 mpls te SwitchD Vlan interface3 mp...

Page 104: ... next hop 30 1 1 2 include loose SwitchA explicit path atod quit 7 Create an MPLS TE tunnel Create an MPLS TE tunnel on Switch A SwitchA interface tunnel 1 SwitchA Tunnel1 ip address 7 1 1 1 255 255 255 0 SwitchA Tunnel1 tunnel protocol mpls te SwitchA Tunnel1 destination 4 4 4 9 SwitchA Tunnel1 mpls te tunnel id 10 SwitchA Tunnel1 mpls te signal protocol rsvp te SwitchA Tunnel1 mpls te path expli...

Page 105: ...Tunnel State Desc CR LSP is Up Tunnel Attributes LSP ID 1 1 1 9 2 Session ID 10 Admin State UP Oper State UP Ingress LSR ID 1 1 1 9 Egress LSR ID 4 4 4 9 Signaling Prot RSVP Resv Style SE Class Type CT0 Tunnel BW 0 kbps Reserved BW 0 kbps Setup Priority 7 Hold Priority 7 Affinity Prop Mask 0x0 0x0 Explicit Path Name atod Tie Breaking Policy None Metric Type None Loop Detection Disabled Record Rout...

Page 106: ...14 Routes 14 Destination Mask Proto Pre Cost NextHop Interface 1 1 1 9 32 Direct 0 0 127 0 0 1 InLoop0 2 2 2 9 32 OSPF 10 1 10 1 1 2 Vlan1 3 3 3 9 32 O_ASE 150 1 10 1 1 2 Vlan1 4 4 4 9 32 O_ASE 150 1 10 1 1 2 Vlan1 7 1 1 0 24 Direct 0 0 7 1 1 1 Tun1 7 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 10 1 1 0 24 Direct 0 0 10 1 1 1 Vlan1 10 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 20 1 1 0 24 O_ASE 150 1 10 1 1 ...

Page 107: ... mpls SwitchA Vlan interface1 mpls te SwitchA Vlan interface1 mpls rsvp te SwitchA Vlan interface1 mpls rsvp te hello SwitchA Vlan interface1 quit Configure Switch B SwitchB system view SwitchB mpls lsr id 2 2 2 9 SwitchB mpls SwitchB mpls mpls te SwitchB mpls mpls rsvp te SwitchB mpls mpls rsvp te hello SwitchB mpls interface vlan interface 1 SwitchB Vlan interface1 mpls SwitchB Vlan interface1 m...

Page 108: ...tem view SwitchA mpls SwitchA mpls mpls rsvp te graceful restart Configure Switch B SwitchB system view SwitchB mpls SwitchB mpls mpls rsvp te graceful restart Configure Switch C SwitchC system view SwitchC mpls SwitchC mpls mpls rsvp te graceful restart 7 Verify the configuration After the configuration a tunnel will be created between Switch A and Switch C Issuing the following command you will ...

Page 109: ...s mpls te SwitchA mpls mpls rsvp te SwitchA mpls quit SwitchA interface vlan interface 12 SwitchA Vlan interface12 mpls SwitchA Vlan interface12 mpls te SwitchA Vlan interface12 mpls rsvp te SwitchA Vlan interface12 mpls rsvp te bfd enable SwitchA Vlan interface12 quit Configure Switch B SwitchB system view SwitchB mpls lsr id 2 2 2 2 SwitchB mpls SwitchB mpls mpls te SwitchB mpls mpls rsvp te Swi...

Page 110: ...re the MPLS TE tunnel Configure an RSVP TE tunnel between Switch A and Switch B SwitchA interface tunnel 1 SwitchA Tunnel1 ip address 10 10 10 1 24 SwitchA Tunnel1 tunnel protocol mpls te SwitchA Tunnel1 destination 2 2 2 2 SwitchA Tunnel1 mpls te tunnel id 10 SwitchA Tunnel1 mpls te signal protocol rsvp te SwitchA Tunnel1 mpls te commit SwitchA Tunnel1 return 5 Verify the configuration On Switch ...

Page 111: ...and masks to interfaces see Figure 25 Details not shown 2 Configure the IGP protocol Enable IS IS to advertise host routes with LSR IDs as destinations on each node Details not shown Perform the display ip routing table command on each switch You can see that all nodes have learned the host routes of other nodes with LSR IDs as destinations 3 Configure MPLS TE basic settings and enable RSVP TE and...

Page 112: ... backup SwitchA Tunnel1 mpls te backup hot standby SwitchA Tunnel1 mpls te commit SwitchA Tunnel1 quit Perform the display interface tunnel command on Switch A You can see that Tunnel1 is up SwitchA display interface tunnel Tunnel1 current state UP Line protocol current state UP Description Tunnel1 Interface The Maximum Transmit Unit is 64000 Internet Address is 9 1 1 1 24 Primary Encapsulation is...

Page 113: ...Hop 2 4 4 4 9 Hop 3 40 1 1 1 Hop 4 40 1 1 2 Hop 5 3 3 3 9 Perform the tracert command to draw the picture of the path that a packet must travel to reach the tunnel destination SwitchA tracert a 1 1 1 9 3 3 3 9 traceroute to 3 3 3 9 3 3 3 9 30 hops max 40 bytes packet 1 10 1 1 2 25 ms 30 1 1 2 25 ms 10 1 1 2 25 ms 2 40 1 1 2 45 ms 20 1 1 2 29 ms 40 1 1 2 54 ms The sample output shows that the curre...

Page 114: ...tect the link Switch B Switch C Do the following Create a bypass LSP that traverses the path Switch B Switch E Switch C Switch B is the PLR and Switch C is the MP Explicitly route the primary TE tunnel and the bypass TE tunnel with the signaling protocol being RSVP TE Figure 26 Network diagram Device Interface IP address Device Interface IP address Switch A Loop0 1 1 1 1 32 Switch E Loop0 5 5 5 5 ...

Page 115: ... 15 30 2 1 1 2 Vlan1 3 3 3 3 32 ISIS 15 20 2 1 1 2 Vlan1 4 1 1 0 24 ISIS 15 30 2 1 1 2 Vlan1 4 4 4 4 32 ISIS 15 30 2 1 1 2 Vlan1 5 5 5 5 32 ISIS 15 20 2 1 1 2 Vlan1 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 3 Configure MPLS TE basic settings and enable RSVP TE and CSPF Configure Switch A SwitchA mpls lsr id 1 1 1 1 SwitchA mpls SwitchA mpls mpls te SwitchA ...

Page 116: ... TE tunnel carried on the primary LSP SwitchA interface tunnel 4 SwitchA Tunnel4 ip address 10 1 1 1 255 255 255 0 SwitchA Tunnel4 tunnel protocol mpls te SwitchA Tunnel4 destination 4 4 4 4 SwitchA Tunnel4 mpls te tunnel id 10 SwitchA Tunnel4 mpls te path explicit path pri path preference 1 Enable FRR SwitchA Tunnel4 mpls te fast reroute SwitchA Tunnel4 mpls te commit SwitchA Tunnel4 quit Perform...

Page 117: ...kbps Setup Priority 7 Hold Priority 7 Affinity Prop Mask 0 0 Explicit Path Name pri path Tie Breaking Policy None Metric Type None Record Route Enabled Record Label Enabled FRR Flag Enabled BackUpBW Flag Not Supported BackUpBW Type BackUpBW Route Pinning Disabled Retry Limit 10 Retry Interval 10 sec Reopt Disabled Reopt Freq Back Up Type None Back Up LSPID Auto BW Disabled Auto BW Freq Min BW Max ...

Page 118: ... interface2 mpls te fast reroute bypass tunnel tunnel 5 SwitchB Vlan interface2 quit Perform the display interface tunnel command on Switch B You can see that Tunnel5 is up Perform the display mpls lsp command on each switch You can see that two LSPs are traversing Switch B and Switch C SwitchA display mpls lsp LSP Information RSVP LSP FEC In Out Label In Out IF Vrf Name 4 4 4 4 32 NULL 1024 Vlan1...

Page 119: ...3 3 3 3 Vlan5 Tunnel5 SwitchD display mpls te tunnel LSP Id Destination In Out If Name 1 1 1 1 1 4 4 4 4 Vlan3 Tunnel4 SwitchE display mpls te tunnel LSP Id Destination In Out If Name 2 2 2 2 1 3 3 3 3 Vlan4 Vlan5 Tunnel5 Perform the display mpls lsp verbose command on Switch B You can see that the bypass tunnel is bound with the protected interface VLAN interface 2 and is currently unused SwitchB...

Page 120: ...u can see that the tunnel interface is still up Perform the display mpls te tunnel interface command on Switch A to verify the configuration of the tunnel interface SwitchA display mpls te tunnel interface Tunnel Name Tunnel4 Tunnel Desc Tunnel4 Interface Tunnel State Desc Modifying CR LSP is setting up Tunnel Attributes LSP ID 1 1 1 1 1 Session ID 10 Admin State UP Oper State UP Ingress LSR ID 1 ...

Page 121: ...ss LSR ID 4 4 4 4 Signaling Prot RSVP Resv Style SE Class Type CT0 Tunnel BW 0 kbps Reserved BW 0 kbps Setup Priority 7 Hold Priority 7 Affinity Prop Mask 0x0 0x0 Explicit Path Name pri path Tie Breaking Policy None Metric Type None Record Route Enabled Record Label Enabled FRR Flag Enabled BackUpBW Flag Not Supported BackUpBW Type BackUpBW Route Pinning Disabled Retry Limit 10 Retry Interval 10 s...

Page 122: ...on RSVP LSP No 1 IngressLsrID 1 1 1 1 LocalLspID 1 Tunnel Interface Tunnel4 Fec 4 4 4 4 32 Nexthop 3 1 1 2 In Label 1024 Out Label 1024 In Interface Vlan interface1 Out Interface Vlan interface2 LspIndex 4097 Tunnel ID 0x22001 LsrType Transit Bypass In Use In Use BypassTunnel Tunnel Index Tunnel5 InnerLabel 1024 Mpls Mtu 1500 No 2 IngressLsrID 2 2 2 2 LocalLspID 1 Tunnel Interface Tunnel5 Fec 3 3 ...

Page 123: ...ip route static 4 1 1 2 24 tunnel 4 preference 1 Perform the display ip routing table command on Switch A You can see a static route entry with Tunnel4 as the outgoing interface MPLS TE in MPLS L3VPN configuration example Network requirements CE 1 and CE 2 belong to VPN 1 They are connected to the MPLS backbone respectively through PE 1 and PE 2 The IGP protocol running on the MPLS backbone is OSP...

Page 124: ... the OSPF neighbor relationship Perform the display ospf peer verbose command you will see that the neighbor relationship state is FULL Perform the display ip routing table command you will see that the PEs have learned the routes to the loopback interfaces of each other Take PE 1 for example PE1 display ospf peer verbose OSPF Process 1 with Router ID 2 2 2 2 Neighbors Area 0 0 0 0 interface 10 0 ...

Page 125: ... rsvp te PE2 mpls mpls te cspf PE2 mpls quit PE2 interface vlan interface 2 PE2 Vlan interface2 mpls PE2 Vlan interface2 mpls te PE2 Vlan interface2 mpls rsvp te PE2 Vlan interface2 quit 3 Enable OSPF TE Configure PE 1 PE1 ospf PE1 ospf 1 opaque capability enable PE1 ospf 1 area 0 PE1 ospf 1 area 0 0 0 0 mpls te enable PE1 ospf 1 area 0 0 0 0 quit PE1 ospf 1 quit Configure PE 2 PE2 ospf PE2 ospf 1...

Page 126: ...pn1 quit PE1 tunnel policy policy1 PE1 tunnel policy policy1 tunnel select seq cr lsp load balance number 1 PE1 tunnel policy policy1 quit PE1 interface vlan interface 1 PE1 Vlan interface1 ip binding vpn instance vpn1 PE1 Vlan interface1 ip address 192 168 1 1 255 255 255 0 PE1 Vlan interface1 quit Configure on CE 2 CE2 system view CE2 interface vlan interface 3 CE2 Vlan interface3 ip address 192...

Page 127: ... received 0 00 packet loss round trip min avg max 26 30 47 ms The sample output shows that PE 1 can reach CE 1 6 Configure BGP Configure CE 1 CE1 bgp 65001 CE1 bgp peer 192 168 1 1 as number 100 CE1 bgp quit Configure PE 1 to establish the EBGP peer relationship with CE 1 and the IBGP peer relationship with PE 2 PE1 bgp 100 PE1 bgp ipv4 family vpn instance vpn1 PE1 bgp vpn1 peer 192 168 1 2 as num...

Page 128: ... Up Down State PrefRcv 192 168 1 2 4 65001 4 5 0 0 00 02 13 Established 0 Ping CE 2 on CE 1 and vice versa to test connectivity CE1 ping 192 168 2 2 PING 192 168 2 2 56 data bytes press CTRL_C to break Reply from 192 168 2 2 bytes 56 Sequence 1 ttl 253 time 61 ms Reply from 192 168 2 2 bytes 56 Sequence 2 ttl 253 time 54 ms Reply from 192 168 2 2 bytes 56 Sequence 3 ttl 253 time 53 ms Reply from 1...

Page 129: ...ID 2 2 2 2 LocalLspID 1 Tunnel Interface Tunnel1 Fec 3 3 3 3 32 Nexthop 10 0 0 2 In Label NULL Out Label 1024 In Interface Out Interface Vlan interface2 LspIndex 2050 Tunnel ID 0x22004 LsrType Ingress Bypass In Use Not Exists BypassTunnel Tunnel Index Mpls Mtu 1500 LSP Information BGP LSP No 2 VrfIndex vpn1 Fec 192 168 1 0 24 Nexthop 192 168 1 1 In Label 1024 Out Label NULL In Interface Out Interf...

Page 130: ...the TE tunnel PE1 display interface tunnel 1 Tunnel1 current state UP Line protocol current state UP Description Tunnel1 Interface The Maximum Transmit Unit is 1500 Internet Address is 12 1 1 1 24 Primary Encapsulation is TUNNEL service loopback group ID not set Tunnel source unknown destination 3 3 3 3 Tunnel protocol transport CR_LSP Output queue Urgent queuing Size Length Discards 0 100 0 Outpu...

Page 131: ...ommand with higher priority forces data to travel along the protection tunnel Solution 1 Execute the display mpls te protection tunnel command If the Mode field in the output is Non revertive the configuration defines that reverting should not occur If you expect that protection switching will be triggered when the main tunnel recovers you can configure the mpls te protection tunnel command in the...

Page 132: ...network A PE maps and forwards packets between private networks and public network tunnels A PE can be a UPE or NPE UPE User facing provider edge device that functions as the user access convergence device NPE Network provider edge device that functions as the network core PE An NPE resides at the edge of a VPLS network core domain and provides transparent VPLS transport services between core netw...

Page 133: ...the private network side of the PEs Otherwise a broadcast storm will occur crashing down the network For more information about STP see Layer 2 LAN Switching Configuration Guide For more information about RRPP see High Availability Configuration Guide MAC address learning and flooding VPLS provides reachability by MAC address learning Each PE maintains a MAC address table Source MAC address learni...

Page 134: ...kup link becomes active and a message with the instruction of relearning MAC entries arrives a PE updates the corresponding MAC entries in the FIB table of the VPLS instance and sends the message to other PEs that are directly connected through LDP sessions If the message contains a null MAC address TLV list these PEs remove all MAC addresses from the specified VSI except for those learned from th...

Page 135: ...ulation type of an AC depends on the user VSI access mode which can be VLAN or Ethernet VLAN access The Ethernet header of a packet sent by a CE to a PE or sent by a PE to a CE includes a VLAN tag that is added in the header as a service delimiter for the service provider network to identify the user The tag is called a P Tag Ethernet access The Ethernet header of a packet upstream from the CE or ...

Page 136: ...re 30 UPE functions as the convergence device MTU s and establishes only a virtual link U PW with NPE 1 It does not establish virtual links with any other peers Data forwarding in H VPLS with LSP access is as follows Upon receiving a packet from a CE UPE tags the packet with the MPLS label for the U PW namely the multiplex distinguishing flag and then sends the packet to NPE 1 When receiving the p...

Page 137: ...with the VLAN tag Then it forwards the packet through the QinQ tunnel to MTU which in turn forwards the packet to the CE For packets to be exchanged between CE 1 and CE 2 MTU can forward them directly without PE 1 because it holds the bridging function by itself For the first data packet with an unknown destination MAC address or a broadcast packet MTU broadcasts the packet to CE 2 through the bri...

Page 138: ... the hub site facilitating centralized management of traffic Hub Spoke networking Figure 33 Hub spoke networking Figure 33 shows a typical hub spoke networking application As the MAC address learning in a hub spoke network is the same as that in a common network the following describes only the data forwarding procedure 1 Upon receiving a packet from Spoke CE 1 Spoke PE 1 inserts an MPLS label int...

Page 139: ...or multi hop PW As shown in Figure 34 PE 1 and PE 2 are in different ASs To set up a multi hop PW between PE 1 and PE 2 you need to Establish three PWs PW 1 between PE 1 and ASBR 1 PW 2 between ASBR 1 and ASBR 2 and PW 3 between ASBR 2 between PE 2 Associate PW 1 and PW 2 on ASBR 1 Then when receiving a packet from PW 1 or PW 2 ASBR 1 removes the existing inner and outer labels of the packet and a...

Page 140: ...a Units BPDUs on a VPLS PW Enabling L2VPN and MPLS L2VPN Enable L2VPN and MPLS L2VPN before you perform VPLS related configurations To enable L2VPN and MPLS L2VPN To do Use the command Remarks Enter system view system view Enable L2VPN and enter L2VPN view l2vpn Required Enable MPLS L2VPN mpls l2vpn Required NOTE For detailed information about the l2vpn command and the mpls l2vpn command see MPLS ...

Page 141: ... when creating the peer the local PE is a UPE and you create a primary NPE and a secondary NPE on it On a UPE you can configure only one pair of primary and secondary NPEs The specified remote NPE peers must be fully meshed but it is not necessary for a UPE to connect with all the NPEs PW class template to be referenced A PW class template defines the PW transport mode and tunneling policy to be u...

Page 142: ...requisites Before you configure BGP VPLS complete the following tasks Configure an IGP on the MPLS backbone devices PEs and P devices to guarantee the IP connectivity of the MPLS backbone For configuration information see Layer 3 IP Routing Configuration Guide Configure basic MPLS on the MPLS backbone devices PEs and P devices to establish LSP tunnels on the backbone network For configuration info...

Page 143: ...l is changed you must reset the BGP connections in a VPLS to make the new configurations take effect to all connections To reset VPLS BGP connections To do Use the command Remarks Reset a specific or all VPLS BGP connections reset bgp vpls as number ip address all external internal Available in user view Binding a VPLS instance You can establish the association between packets and a VPLS instance ...

Page 144: ... VPLS instance For more information see Binding a service instance with a VPLS instance On the interface that is bound with a VPLS instance do not configure other Layer 3 applications A P2P enabled VPLS instance cannot be bound with a Layer 3 interface If you bind a Layer 3 interface with a VPLS instance IP related functions on the sub interfaces of the Layer 3 interface will fail For example the ...

Page 145: ...stance is not bound with any VPLS instance CAUTION Do not bind the control VLAN of an RRPP domain with a VPLS instance Otherwise a broadcast storm will occur crashing down the network For more information about RRPP see High Availability Configuration Guide NOTE Only when the VPLS instance is enabled with the hub spoke capability the hub spoke keyword included in the vsi static command can you fur...

Page 146: ...ic minm i sid i sid minm i sid i sid auto static Required NOTE A VSI enabled with the hub spoke capability the hub spoke keyword included in the vsi static command does not support cooperation with the MAC in MAC feature Configuring MAC address learning To configure the MAC address learning function To do Use the command Remarks Enter system view system view Enter VSI view vsi vsi name Enable disa...

Page 147: ...nce description text Optional No description set by default Shut down the VPLS service of the VPLS instance shutdown Optional By default the VPLS service of a VPLS instance is enabled Specify a tunneling policy for the VPLS instance tnl policy tunnel policy name Optional By default no tunneling policy is specified for a VPLS instance and a VPLS instance uses the default tunneling policy The defaul...

Page 148: ...pe interface number Enter service instance view service instance instance id Apply a global CAR action to the inbound or outbound traffic on the AC car inbound outbound name car name Required By default no global CAR is applied to an AC NOTE To configure traffic policing for an AC you must first configure this task before you bind the service instance to the VPLS instance Inspecting PWs On a VPLS ...

Page 149: ... view Display information about VPLS connections display vpls connection bgp ldp vsi vsi name block down up verbose begin exclude include regular expression Available in any view Display information about VPLS AC entries on a switch running in standalone mode display mpls l2vpn fib ac vpls vsi vsi name interface interface type interface number service instance service instanceid slot slot number v...

Page 150: ...in any view Display information about one or all fast switching groups display l2vpn fast switch group group index begin exclude include regular expression Available in any view Clear the MAC address table of one or all VPLS instances reset mac address vsi vsi name Available in user view Clear the traffic statistics for a service instance on an interface reset service instance statistics interface...

Page 151: ...sname PE1 PE1 interface loopback 0 PE1 LoopBack0 ip address 1 1 1 9 32 PE1 LoopBack0 quit PE1 mpls lsr id 1 1 1 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit Configure interface VLAN interface 10 PE1 interface vlan interface 10 PE1 Vlan interface10 ip address 10 10 10 10 24 Configure basic MPLS on the VLAN interface PE1 Vlan interface10 mpls PE1 Vlan interface10 mpls ldp PE1 Vlan interfa...

Page 152: ... instances and bind the VPLS instances PE1 interface GigabitEthernet 3 0 1 PE1 GigabitEthernet3 0 1 service instance 1000 PE1 GigabitEthernet3 0 1 srv1000 encapsulation s vid 100 PE1 GigabitEthernet3 0 1 srv1000 xconnect vsi aaa PE1 GigabitEthernet3 0 1 srv1000 quit PE1 GigabitEthernet3 0 1 service instance 2000 PE1 GigabitEthernet3 0 1 srv1000 encapsulation s vid 200 PE1 GigabitEthernet3 0 1 srv1...

Page 153: ...wsignal ldp PE2 vsi aaa ldp vsi id 500 PE2 vsi aaa ldp peer 1 1 1 9 PE2 vsi aaa ldp quit PE2 vsi aaa quit Configure the basic attributes of VPLS instance bbb which uses BGP PE2 vsi bbb auto PE2 vsi bbb pwsignal bgp PE2 vsi bbb bgp route distinguisher 100 1 PE2 vsi bbb bgp vpn target 111 1 PE2 vsi bbb bgp site 2 range 10 PE2 vsi bbb bgp quit PE2 vsi bbb quit On interface GigabitEthernet 3 0 1 conne...

Page 154: ...ance and bind it to the VPLS instance aaa The service instance matches the received packets that carry VLAN tag 100 on GigabitEthernet 3 0 1 The matched packets are forwarded by VPLS instance aaa Figure 37 Network diagram Configuration procedure 1 Configure the IGP protocol on the MPLS backbone which is OSPF in this example Details not shown 2 Configure UPE Configure basic MPLS Sysname system view...

Page 155: ...0 1 srv1000 encapsulation s vid 100 UPE GigabitEthernet3 0 1 srv1000 xconnect vsi aaa UPE GigabitEthernet3 0 1 srv1000 quit UPE GigabitEthernet3 0 1 quit 3 Configure NPE 1 Configure basic MPLS Sysname system view Sysname sysname NPE1 NPE1 interface loopback 0 NPE1 LoopBack0 ip address 2 2 2 9 32 NPE1 LoopBack0 quit NPE1 mpls lsr id 2 2 2 9 NPE1 mpls NPE1 mpls quit NPE1 mpls ldp NPE1 mpls ldp quit ...

Page 156: ...dp peer 3 3 3 9 NPE1 vsi aaa ldp quit NPE1 vsi aaa quit 4 Configure NPE 3 Configure basic MPLS Sysname system view Sysname sysname NPE3 NPE3 interface loopback 0 NPE3 LoopBack0 ip address 3 3 3 9 32 NPE3 LoopBack0 quit NPE3 mpls lsr id 3 3 3 9 NPE3 mpls NPE3 mpls quit NPE3 mpls ldp NPE3 mpls ldp quit Configure basic MPLS on the interface connected to NPE 1 NPE3 interface vlan interface 20 NPE3 Vla...

Page 157: ...complete previous configurations issue the display vpls connection command on the PEs You will see that a PW connection in up state has been established Configuring hub spoke VPLS Network requirements Set up a PW between Spoke PE 1 and Hub PE and a PW between Spoke PE 2 and Hub PE Configure VPLS instance aaa to support hub spoke networking On Spoke PE 1 Hub PE and Spoke PE 2 configure a service in...

Page 158: ...mote peer 1 Spoke PE1 mpls remote 1 remote ip 3 3 3 9 Spoke PE1 mpls remote 1 quit Enable L2VPN and MPLS L2VPN Spoke PE1 l2vpn Spoke PE1 l2vpn mpls l2vpn Spoke PE1 l2vpn quit Configure the basic attributes of VPLS instance aaa which uses LDP and configure the peer as the hub Spoke PE1 vsi aaa static hub spoke Spoke PE1 vsi aaa pwsignal ldp Spoke PE1 vsi aaa ldp vsi id 500 Spoke PE1 vsi aaa ldp pee...

Page 159: ...2 l2vpn mpls l2vpn Spoke PE2 l2vpn quit Configure the basic attributes of VPLS instance aaa which uses LDP and configure the peer as the hub Spoke PE2 vsi aaa static hub spoke Spoke PE2 vsi aaa pwsignal ldp Spoke PE2 vsi aaa ldp vsi id 500 Spoke PE2 vsi aaa ldp peer 3 3 3 9 hub Spoke PE2 vsi aaa ldp quit Spoke PE2 vsi aaa quit On the interface GigabitEthernet 3 0 1 connected to Spoke CE 2 create a...

Page 160: ... mpls ldp remote peer 2 Hub PE mpls remote 2 remote ip 2 2 2 9 Hub PE mpls remote 2 quit Enable L2VPN and MPLS L2VPN Hub PE l2vpn Hub PE l2vpn mpls l2vpn Hub PE l2vpn quit Configure the basic attributes of VPLS instance aaa which uses LDP and configure the peers as spokes Hub PE vsi aaa static hub spoke Hub PE vsi aaa pwsignal ldp Hub PE vsi aaa ldp vsi id 500 Hub PE vsi aaa ldp peer 1 1 1 9 spoke...

Page 161: ...vice instance and bind it to the VPLS instance The service instance matches the received packets that carry VLAN tag 100 on GigabitEthernet 3 0 1 The matched packets are forwarded by the VPLS instance Figure 39 Network diagram Configuration procedure 1 Configure the IGP protocol on the MPLS backbone which is OSPF in this example Details not shown 2 Configure UPE Configure basic MPLS Sysname system...

Page 162: ...utes of VPLS instance aaa which uses LDP UPE vsi aaa static UPE vsi aaa pwsignal ldp UPE vsi aaa ldp vsi id 500 UPE vsi aaa ldp peer 2 2 2 2 backup peer 3 3 3 3 UPE vsi aaa ldp dual npe revertive wtr time 1 UPE vsi aaa ldp quit UPE vsi aaa quit On the interface connected to CE 1 create a service instance and bind the VSI UPE interface GigabitEthernet 3 0 1 UPE GigabitEthernet3 0 1 service instance...

Page 163: ... NPE1 Vlan interface15 mpls ldp NPE1 Vlan interface15 quit Configure the remote LDP peer UPE NPE1 mpls ldp remote peer 2 NPE1 mpls remote 2 remote ip 1 1 1 1 NPE1 mpls remote 2 quit Configure the remote LDP peer NPE 3 NPE1 mpls ldp remote peer 3 NPE1 mpls remote 3 remote ip 4 4 4 4 NPE1 mpls remote 3 quit Enable L2VPN and MPLS L2VPN NPE1 l2vpn NPE1 l2vpn mpls l2vpn NPE1 l2vpn quit Configure the ba...

Page 164: ...the remote LDP session NPE3 mpls ldp remote peer 1 NPE3 mpls remote 1 remote ip 2 2 2 2 NPE3 mpls remote 1 quit NPE3 mpls ldp remote peer 2 NPE3 mpls remote 2 remote ip 3 3 3 3 NPE3 mpls remote 2 quit Enable L2VPN and MPLS L2VPN NPE3 l2vpn NPE3 l2vpn mpls l2vpn NPE3 l2vpn quit Configure the basic attributes of VPLS instance aaa which uses LDP NPE3 vsi aaa static NPE3 vsi aaa pwsignal ldp NPE3 vsi ...

Page 165: ...rk diagram Configuration procedure 1 Configure basic MPLS Configure Switch A SwitchA system view SwitchA mpls lsr id 1 1 1 9 SwitchA mpls SwitchA mpls quit SwitchA mpls ldp SwitchA mpls ldp quit SwitchA mpls ldp remote peer switchb SwitchA mpls ldp remote switchb remote ip 2 2 2 9 SwitchA mpls ldp remote switchb remote ip bfd SwitchA mpls ldp remote switchb quit SwitchA mpls ldp remote peer switch...

Page 166: ...bfd SwitchB mpls ldp remote switcha quit SwitchB vlan 12 SwitchB vlan12 port gigabitethernet 3 0 1 SwitchB vlan12 quit SwitchB interface vlan interface 12 SwitchB Vlan interface12 mpls SwitchB Vlan interface12 mpls ldp SwitchB Vlan interface12 quit Configure Switch C SwitchC system view SwitchC mpls lsr id 3 3 3 9 SwitchC mpls SwitchC mpls quit SwitchC mpls ldp SwitchC mpls ldp quit SwitchC mpls l...

Page 167: ...3 1 1 3 24 SwitchC Vlan interface13 quit SwitchC interface loopback 0 SwitchC LoopBack0 ip address 3 3 3 9 32 SwitchC LoopBack0 quit 3 Configure basic OSPF functions Configure Switch A SwitchA ospf SwitchA ospf 1 area 0 SwitchA ospf 1 area 0 0 0 0 network 12 1 1 1 0 0 0 255 SwitchA ospf 1 area 0 0 0 0 network 13 1 1 1 0 0 0 255 SwitchA ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 SwitchA ospf 1 are...

Page 168: ...ure Switch B SwitchB l2vpn SwitchB l2vpn mpls l2vpn SwitchB l2vpn quit SwitchB vsi vpna static SwitchB vsi vpna pwsignal ldp SwitchB vsi vpna ldp vsi id 100 SwitchB vsi vpna ldp peer 1 1 1 9 upe SwitchB vsi vpna ldp quit SwitchB vsi vpna quit Configure Switch C SwitchC l2vpn SwitchC l2vpn mpls l2vpn SwitchC l2vpn quit SwitchC vsi vpna static SwitchC vsi vpna pwsignal ldp SwitchC vsi vpna ldp vsi i...

Page 169: ...1 up 1 block 0 down VSI Name vpna Signaling ldp VsiID VsiType PeerAddr InLabel OutLabel LinkID VCState 100 vlan 2 2 2 9 134312 138882 1 up 100 vlan 3 3 3 9 134216 140476 2 block Disconnect the link between Switch A and Switch B Then execute the display vpls connection vsi vpna command You can see that the link to 3 3 3 9 is up SwitchA display vpls connection vsi vpna Total 1 connection s connectio...

Page 170: ... 2 2 PE1 mpls ldp remote 1 quit Configure OSPF PE1 ospf PE1 ospf 1 area 0 PE1 ospf 1 area 0 0 0 0 network 1 1 1 1 0 0 0 0 PE1 ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 PE1 ospf 1 area 0 0 0 0 quit PE1 ospf 1 quit Configure basic MPLS for the interface connecting ASBR 1 PE1 interface vlan interface 10 PE1 Vlan interface10 ip address 10 1 1 1 24 PE1 Vlan interface10 mpls PE1 Vlan interface10 mp...

Page 171: ...mpls lsr id 2 2 2 2 ASBR1 mpls ASBR1 mpls quit ASBR1 mpls ldp ASBR1 mpls ldp quit Create remote LDP peers ASBR1 mpls ldp remote peer 1 ASBR1 mpls ldp remote 1 remote ip 3 3 3 3 ASBR1 mpls ldp remote 1 quit ASBR1 mpls ldp remote peer 2 ASBR1 mpls ldp remote 2 remote ip 1 1 1 1 ASBR1 mpls ldp remote 2 quit Configure OSPF ASBR1 ospf ASBR1 ospf 1 area 0 ASBR1 ospf 1 area 0 0 0 0 network 2 2 2 2 0 0 0 ...

Page 172: ... policy map export ASBR1 bgp peer 11 1 1 3 label route capability ASBR1 bgp quit ASBR1 route policy map permit node 10 ASBR1 route policy apply mpls label ASBR1 route policy quit 3 Configure ASBR 2 Configure basic MPLS Sysname system view Sysname sysname ASBR2 ASBR2 interface loopback 0 ASBR2 LoopBack0 ip address 3 3 3 3 32 ASBR2 LoopBack0 quit ASBR2 mpls lsr id 3 3 3 3 ASBR2 mpls ASBR2 mpls quit ...

Page 173: ...nfigure a P2P capable VPLS instance that uses LDP signaling ASBR2 vsi aaa static p2p ASBR2 vsi aaa pwsignal ldp ASBR2 vsi aaa ldp vsi id 500 ASBR2 vsi aaa ldp peer 4 4 4 4 upe ASBR2 vsi aaa ldp peer 2 2 2 2 ASBR2 vsi aaa ldp quit ASBR2 vsi aaa quit Configure BGP to advertise labeled unicast routes ASBR2 bgp 200 ASBR2 bgp import route direct ASBR2 bgp peer 11 1 1 2 as number 100 ASBR2 bgp peer 11 1...

Page 174: ...d MPLS L2VPN PE2 l2vpn PE2 l2vpn mpls l2vpn PE2 l2vpn quit Configure a VPLS instance named aaa that uses LDP signaling PE2 vsi aaa static PE2 vsi aaa pwsignal ldp PE2 vsi aaa ldp vsi id 500 PE2 vsi aaa ldp peer 3 3 3 3 PE2 vsi aaa ldp quit PE2 vsi aaa quit On interface GigabitEthernet 3 0 1 connected to CE 2 create a service instance and bind the service instance with the VPLS instance aaa PE2 int...

Page 175: ... 20 On BEB s interface GigabitEthernet 3 0 2 which is connected to CE 2 create a service instance to match packets with the outer VLAN tag 2 and bind the service instance with the MAC in MAC instance aaa After the configuration BEB forwards packets received from CE 2 that carry the VLAN tag of 2 through GigabitEthernet 3 0 1 the port connecting BEB PE On the BEB PE create a VSI aaa that supports V...

Page 176: ...it Create a VSI named aaa use LDP as the PW signaling set VSI ID to 500 and specify the peer address as 2 2 2 9 PE vsi aaa static PE vsi aaa pwsignal ldp PE vsi aaa ldp vsi id 500 PE vsi aaa ldp peer 2 2 2 9 PE vsi aaa ldp quit PE vsi aaa quit Configure GigabitEthernet 3 0 1 the interface connecting CE 1 as a trunk port that allows packets of VLAN 2 to pass PE interface GigabitEthernet 3 0 1 PE Gi...

Page 177: ...23 mpls ldp BEB PE Vlan interface23 quit Create a remote peer BEB PE mpls ldp remote peer 1 BEB PE mpls ldp remote 1 remote ip 1 1 1 9 BEB PE mpls ldp remote 1 quit Configure OSPF BEB PE ospf BEB PE ospf 1 area 0 BEB PE ospf 1 area 0 0 0 0 network 23 1 1 2 0 0 0 255 BEB PE ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 BEB PE ospf 1 area 0 0 0 0 quit BEB PE ospf 1 quit Configure a VSI named aaa which...

Page 178: ...ort trunk permit vlan 20 BEB GigabitEthernet3 0 1 minm uplink vsi aaa BEB GigabitEthernet3 0 1 quit Configure GigabitEthernet 3 0 2 the downlink port for MAC in MAC as a trunk port that permits packets of VLAN 2 to pass create service instance 1 on the port configure the service instance to match packets with the outer VLAN tag of 2 and bind the service instance with VSI aaa BEB interface GigabitE...

Page 179: ...et s received 0 00 packet loss round trip min avg max 10 76 180 ms Troubleshooting VPLS Symptom The VPLS PW is not up Analysis The public network LSP tunnel is not established The extended session is not working normally A private network interface is not bound with the corresponding VPLS instance or the private network interface is not up The AC port at the private network side is not up Negotiat...

Page 180: ...ndalone the default mode For more information about IRF mode see IRF Configuration Guide MPLS L2VPN overview About MPLS L2VPN MPLS L2VPN provides Layer 2 Virtual Private Network VPN services on the MPLS network It allows carriers to establish L2VPNs on different data link layer protocols including ATM FR VLAN Ethernet and PPP MPLS L2VPN transfers Layer 2 user data transparently on the MPLS network...

Page 181: ...tion security As no routing information of users is involved MPLS L2VPN neither tries to obtain nor processes the routing information of users guaranteeing the security of the user VPN routing information Support for multiple network layer protocols such as IP IPX and SNA Basic concepts In MPLS L2VPN the concepts and principles of CE PE and P are the same as those in MPLS L3VPN Customer edge CE de...

Page 182: ...s the characteristics of Martini MPLS L2VPN Martini MPLS L2VPN The key of the Martini method is to set up VCs between CEs Martini MPLS L2VPN employs VC type and VC ID to identify a VC The VC type indicates the encapsulation type of the VC which can be ATM VLAN or PPP The VC ID uniquely identifies the VC among the VCs of the same VC type on a PE The PEs connecting the two CEs of a VC exchange VC la...

Page 183: ...nterface will fail For example the sub interfaces cannot receive ARP or IGMP packets they cannot forward unicast or multicast packets After you remove the MPLS L2VPN connection the IP related functions on the sub interfaces recover Configuring MPLS L2VPN You can select any of the implementation methods for MPLS L2VPN as needed However no matter what method you select you must complete the followin...

Page 184: ...L2VPN Configuring a Martini MPLS L2VPN connection on a Layer 3 interface Martini MPLS L2VPN uses extended LDP to transfer Layer 2 information and VC labels To configure Martini MPLS L2VPN you need to Create a Martini MPLS L2VPN connection After a Martini MPLS L2VPN connection is created on a Layer 3 interface packets arriving at the interface are forwarded through the MPLS L2VPN connection Configu...

Page 185: ...ID The combination of the VC ID and the encapsulation type must be unique on a PE Changing the encapsulation type may result in VC ID conflicts You cannot both configure Martini MPLS L2VPN and enable MPLS on a Layer 3 interface Otherwise neither the MPLS service nor the MPLS L2VPN service can work normally and you must remove both services first for further service configuration If a Layer 3 Ether...

Page 186: ...ound Layer 2 Ethernet interfaces and the VLAN tags in the packets In other words only packets that are received on the same Layer 2 Ethernet interface and carry the same VLAN tag are forwarded through the same MPLS L2VPN connection To configure a connection based on Layer 2 Ethernet interface and VLAN you need to create a service instance on the Layer 2 Ethernet interface configure a packet matchi...

Page 187: ...r the service instance encapsulation s vid vlan id only tagged port based tagged untagged Required By default no packet matching rule is configured for a service instance For this configuration task do not specify the only tagged port based tagged and untagged keywords Otherwise the packet matching rule configuration will not take effect Create a Martini MPLS L2VPN connection based on Layer 2 Ethe...

Page 188: ... Guide Configuration procedure After you apply a global CAR action in service instance view the device polices the inbound or outbound traffic matching the service instance according to the applied global CAR action To apply a global CAR action for a service instance To do Use the command Remarks Enter system view system view Enter the view of the Layer 2 Ethernet interface connected to the CE int...

Page 189: ...iew Display the MPLS L2VPN AC information on a switch running in standalone mode display mpls l2vpn fib ac vpws interface interface type interface number service instance service instanceid slot slot number begin exclude include regular expression Available in any view Display the MPLS L2VPN AC information on a switch running in IRF mode display mpls l2vpn fib ac vpws interface interface type inte...

Page 190: ...uring a Martini MPLS L2VPN connection based on Layer 2 Ethernet interface and VLAN Network requirements CEs are connected to PEs through VLAN interfaces Establish a Martini MPLS L2VPN connection between CE 1 and CE 2 Figure 45 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan int10 100 1 1 1 24 P Loop0 192 4 4 4 32 PE 1 Loop0 192 2 2 2 32 Vlan int20 10 1 1 2 24 Vlan...

Page 191: ...1 Vlan interface20 ip address 10 1 1 1 24 PE1 Vlan interface20 mpls PE1 Vlan interface20 mpls ldp PE1 Vlan interface20 quit Configure OSPF PE1 ospf PE1 ospf 1 area 0 PE1 ospf 1 area 0 0 0 0 network 10 1 1 1 0 0 0 255 PE1 ospf 1 area 0 0 0 0 network 192 2 2 2 0 0 0 0 PE1 ospf 1 area 0 0 0 0 quit PE1 ospf 1 quit Create a service instance and then an MPLS L2VPN connection on GigabitEthernet 3 0 1 the...

Page 192: ...rface 30 P Vlan interface30 ip address 10 2 2 2 24 P Vlan interface30 mpls P Vlan interface30 mpls ldp P Vlan interface30 quit Configure OSPF P ospf P ospf 1 area 0 P ospf 1 area 0 0 0 0 network 10 1 1 2 0 0 0 255 P ospf 1 area 0 0 0 0 network 10 2 2 2 0 0 0 255 P ospf 1 area 0 0 0 0 network 192 4 4 4 0 0 0 0 P ospf 1 area 0 0 0 0 quit P ospf 1 quit 4 Configure PE 2 Configure the LSR ID and enable...

Page 193: ...1 PE2 GigabitEthernet3 0 1 port access vlan 10 PE2 GigabitEthernet3 0 1 service instance 1000 PE2 GigabitEthernet3 0 1 srv1000 encapsulation s vid 10 PE2 GigabitEthernet3 0 1 srv1000 xconnect peer 192 2 2 2 pw id 1000 PE2 GigabitEthernet3 0 1 srv1000 quit PE2 GigabitEthernet3 0 1 quit 5 Configure CE 2 Sysname system view Sysname sysname CE2 CE2 interface vlan interface 10 CE2 Vlan interface10 ip a...

Page 194: ...ted 5 packet s received 0 00 packet loss round trip min avg max 34 68 94 ms Configuring a Martini MPLS L2VPN on a Layer 3 Ethernet interface Network requirements CEs are connected to PEs through routing interfaces Establish a Martini MPLS L2VPN between CE 1 and CE 2 Figure 46 Network diagram Device Interface IP address Device Interface IP address CE 1 GE5 0 1 100 1 1 1 24 P Loop0 192 4 4 4 32 PE 1...

Page 195: ...he P device namely GigabitEthernet 5 0 2 and enable LDP on the interface PE1 interface GigabitEthernet 5 0 2 PE1 GigabitEthernet5 0 2 port link mode route PE1 GigabitEthernet5 0 2 ip address 10 1 1 1 24 PE1 GigabitEthernet5 0 2 mpls PE1 GigabitEthernet5 0 2 mpls ldp PE1 GigabitEthernet5 0 2 quit Configure OSPF on PE 1 for establishing LSPs PE1 ospf PE1 ospf 1 area 0 PE1 ospf 1 area 0 0 0 0 network...

Page 196: ...able LDP on the interface P interface GigabitEthernet 5 0 2 P GigabitEthernet5 0 2 port link mode route P GigabitEthernet5 0 2 ip address 10 2 2 2 24 P GigabitEthernet5 0 2 mpls P GigabitEthernet5 0 2 mpls ldp P GigabitEthernet5 0 2 quit Configure OSPF on the P device for establishing LSPs P ospf P ospf 1 area 0 P ospf 1 area 0 0 0 0 network 10 1 1 2 0 0 0 255 P ospf 1 area 0 0 0 0 network 10 2 2 ...

Page 197: ... PE2 ospf 1 area 0 0 0 0 quit PE2 ospf 1 quit On the interface connected to CE 2 namely GigabitEthernet 5 0 1 create a Martini MPLS L2VPN connection The interface requires no IP address PE2 interface GigabitEthernet 5 0 1 PE2 GigabitEthernet5 0 1 port link mode route PE2 GigabitEthernet5 0 1 mpls l2vc 192 2 2 2 101 PE2 GigabitEthernet5 0 1 quit 5 Configure CE 2 Sysname system view Sysname sysname ...

Page 198: ... 255 time 70 ms 100 1 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 30 50 70 ms Troubleshooting MPLS L2VPN Symptom 1 After the L2VPN configuration the peer PEs cannot ping each other The output of the display mpls l2vc command shows that the VC is down and the remote VC label is invalid displayed as Analysis The reason the VC is down may be ...

Page 199: ...PLS QoS and MPLS TE The MPLS L3VPN model consists of the following kinds of devices Customer edge CE device A CE resides on a customer network and has one or more interfaces directly connected with service provider networks It can be a router a switch or a host It neither can sense the existence of any VPN nor must it support MPLS Provider edge PE device A PE resides on a service provider network ...

Page 200: ...s connected to a provider network through one or more CEs A site can contain many CEs but a CE can belong to only one site Sites connected to the same provider network can be classified into different sets by policies Only the sites in the same set can access each other through the provider network Such a set is called a VPN Address space overlapping Each VPN independently manages the addresses th...

Page 201: ...v4 address prefix you get a globally unique VPN IPv4 address prefix An RD can be related to an autonomous system AS number in which case it is the combination of the AS number and a discretionary number or be related to an IP address in which case it is the combination of the IP address and a discretionary number An RD can be in one of the following formats distinguished by the Type field When the...

Page 202: ...t user defined number For example 100 1 32 bit IPv4 address 16 bit user defined number For example 172 1 1 1 1 32 bit AS number 16 bit user defined number where the minimum value of the AS number is 65536 For example 65536 1 NOTE A route update can contain one SoO attribute at most MP BGP Multiprotocol extensions for BGP 4 MP BGP advertises VPN composition information and routes between PEs It is ...

Page 203: ...le to illustrate the VPN packet forwarding procedure Figure 49 VPN packet forwarding 1 Site 1 sends an IP packet with the destination address of 1 1 1 2 CE 1 transmits the packet to PE 1 2 PE 1 searches VPN instance entries based on the inbound interface and destination address of the packet Once finding a matching entry PE 1 labels the packet with both inner and outer labels and forwards the pack...

Page 204: ... the VPN 2 sites Hub and spoke networking scheme For a VPN where a central access control device is required and all users must communicate with each other through the access control device the hub and spoke networking scheme can be used to implement the monitoring and filtering of user communications This networking scheme requires two VPN targets one for the hub and the other for the spoke The V...

Page 205: ...e with each other through the hub site The import target attribute of any spoke PE is distinct from the export VPN targets of the other spoke PEs Therefore any two spoke PEs can neither directly advertise VPN IPv4 routes to each other nor directly access each other Extranet networking scheme The extranet networking scheme can be used when some resources in a VPN are to be accessed by users that ar...

Page 206: ...basic MPLS L3VPN networking the advertisement of VPN routing information involves CEs and PEs A P router maintains only the routes of the backbone and does not need to know any VPN routing information A PE maintains only the routing information of the VPNs directly connected to it rather than that of all VPNs Therefore MPLS L3VPN has excellent scalability The VPN routing information of a local CE ...

Page 207: ... of routing information between the egress PE and the remote CE is the same as that between the local CE and the ingress PE Inter AS VPN In some networking scenarios multiple sites of a VPN may be connected to multiple ISPs in different ASs or to multiple ASs of an ISP Such an application is called inter AS VPN RFC 2547bis presents the following inter AS VPN solutions VRF to VRF ASBRs manage VPN r...

Page 208: ...n two ASBRs use MP eBGP to exchange labeled VPN IPv4 routes that they have obtained from the PEs in their respective ASs As shown in Figure 54 the routes are advertised through the following steps 1 PEs in AS 100 advertise labeled VPN IPv4 routes to the ASBR PE of AS 100 or the route reflector RR for the ASBR PE through MP iBGP 2 The ASBR PE advertises labeled VPN IPv4 routes to the ASBR PE of AS ...

Page 209: ...needs for inter AS VPNs However they require that the ASBRs maintain and advertise VPN IPv4 routes When every AS must exchange a great amount of VPN routes the ASBRs may become bottlenecks hindering network extension One way to solve the previous problem is to make PEs directly exchange VPN IPv4 routes without the participation of ASBRs Two ASBRs advertise labeled IPv4 routes to PEs in their respe...

Page 210: ...t is possible that a customer of the MPLS L3VPN service provider is also a service provider In this case the MPLS L3VPN service provider is called the provider carrier or the Level 1 carrier while the customer is called the customer carrier or the Level 2 carrier This networking model is referred to as carrier s carrier In this model the Level 2 service provider serves as a CE of the Level 1 servi...

Page 211: ...el the routes exchanged between them In either case you need to enable MPLS on the CE of the Level 1 carrier Moreover the CE holds the VPN routes of the Level 2 carrier but it does not advertise the routes to the PE of the Level 1 carrier it only exchanges the routes with other PEs of the Level 2 carrier A Level 2 carrier can be an ordinary ISP or an MPLS L3VPN service provider When the Level 2 ca...

Page 212: ...tion is easy to deploy but it increases the network operation cost and brings issues on management and security because The number of VPNs that PEs must support will increase sharply Any modification of an internal VPN must be done through the service provider The nested VPN technology offers a better solution It exchanges VPNv4 routes between PEs and CEs of the ISP MPLS L3VPN and allows a custome...

Page 213: ...tises VPNv4 routes which carry the comprehensive VPN information to the other PEs of the service provider 4 After another provider PE receives the VPNv4 routes it matches the VPNv4 routes based on its local VPNs Each local VPN accepts routes of its own and advertises them to its connected sub VPN CEs such as CE 3 and CE 4 or CE 5 and CE 6 in Figure 59 If a CE is connected to a provider PE through ...

Page 214: ...ficiency HoVPN Why HoVPN In MPLS L3VPN solutions PEs are the key devices They provide two functions User access This means that the PEs must have a large amount of interfaces VPN route managing and advertising and user packet processing These require that a PE must have a large capacity memory and high forwarding capability Most of the current network schemes use the typical hierarchical architect...

Page 215: ...outes through MP BGP An SPE manages and advertises VPN routes It maintains all the routes of the VPNs connected through UPEs including the routes of both the local and remote sites An SPE advertises routes along with labels to UPEs including the default routes of VPN instances or summary routes and the routes permitted by the routing policy By using routing policies you can control which nodes in ...

Page 216: ...on of HoPEs Figure 61 shows a three level HoPE The PE in the middle is called the middle level PE MPE MP BGP runs between SPE and MPE as well as between MPE and UPE NOTE The term of MPE does not really exist in a HoVPN model It is used here just for the convenience of description MP BGP advertises all the VPN routes of the UPEs to the SPEs and advertises the default routes of the VPN instance of t...

Page 217: ...h BGP and to CEs through OSPF Conventional OSPF considers two sites to be in different ASs even if they belong to the same VPN Therefore the routes that one site learns are advertised to the other as external routes This results in more OSPF traffic and network management problems The extended OSPF protocol supports multiple instances to address the previous problems Properly configured OSPF sites...

Page 218: ...ignores the Type 3 LSAs whose DN bit is set If the PE must advertise to a CE the routes from other OSPF domains it must indicate that it is the ASBR and advertise the routes using Type 5 LSAs Sham link Generally BGP peers carry routing information on the MPLS VPN backbone through the BGP extended community attributes The OSPF that runs on the remote PE can use the information to create Type 3 summ...

Page 219: ...mber substitution function when a PE advertises a route to a CE of the specified peer if an AS number identical to that of the CE exist in the AS_PATH of the route it will be replaced with that of the PE NOTE After you enable the BGP AS number substitution function the PE re advertises all routing information to the connected CEs in the peer group performing BGP AS number substitution based on the...

Page 220: ... the PE can correctly advertise the routes of each VPN to the peer PE ensuring the normal transmission of VPN packets over the public network The following takes the networking illustrated in Figure 65 as an example to introduce how an MCE maintains the routing entries of multiple VPNs and how an MCE exchanges VPN routes with PEs Figure 65 Network diagram for the MCE function As shown in Figure 65...

Page 221: ...ole host Configuring HoVPN Configuring an OSPF sham link Configuring routing on an MCE Specifying the VPN label processing mode Configuring BGP AS number substitution and SoO Configuring basic MPLS L3VPN The key task in MPLS L3VPN configuration is to manage the advertisement of VPN routes on the MPLS backbone including PE CE route exchange and PE PE route exchange Complete the following tasks to c...

Page 222: ...nce you must configure it before configuring an RD for the VPN instance Otherwise the VPN cannot function normally and you must delete the VPN instance and then re create the VPN instance in the right configuration order Before configuring an RD you cannot configure any other parameters for the VPN instance except a reserved VLAN Do not configure services on a reserved VLAN Otherwise the correspon...

Page 223: ...hich it is configured Be sure to re configure an IP address for the interface after configuring the command Configuring route related attributes for a VPN instance The control process of VPN route advertisement is as follows When a VPN route learned from a CE gets redistributed into BGP BGP associates it with a VPN target extended community attribute list which is usually the export target attribu...

Page 224: ...referred path command With the tunnel select seq command you can specify the tunnel selection preference order and the number of tunnels for load balancing With the preferred path command you can configure preferred tunnels that each correspond to a tunnel interface After a tunneling policy is applied on a PE the PE selects tunnels in this order The PE matches the peer PE address against the desti...

Page 225: ...he tunnel selection preference order by using the tunnel select seq command a tunnel type closer to the select seq keyword has a higher priority For example with the tunnel select seq cr lsp lsp load balance number 1 command configured VPN uses an LSP tunnel when no CR LSP exists After a CR LSP is created the VPN uses the CR LSP tunnel instead A tunneling policy configured in VPN instance view is ...

Page 226: ...ng between PE and CE You can configure static routing RIP OSPF IS IS eBGP or iBGP between PE and CE Configuration prerequisites Before you configure routing between PE and CE complete the following tasks Assign an IP address to the CE PE interface of the CE Assign an IP address to the PE CE interface of the PE Configuring static routing between PE and CE To configure static routing between PE and ...

Page 227: ...stance does not use the public network router ID configured in system view Therefore you must specify the router ID when starting a process or to configure the IP address for at least one interface of the VPN instance An OSPF process belongs to the public network or a single VPN instance If you create an OSPF process without binding it to a VPN instance the process belongs to the public network To...

Page 228: ...is redistributed into BGP the OSPF domain ID is included in the BGP VPN route and delivered as a BGP extended community attribute NOTE For more information about OSPF see Layer 3 IP Routing Configuration Guide Configuring IS IS between PE and CE An IS IS process belongs to the public network or a single VPN instance If you create an IS IS process without binding it to a VPN instance the process be...

Page 229: ...oes not filter received routes Allow the local AS number to appear in the AS_PATH attribute of a received route and set the maximum number of repetitions peer group name ip address allow as loop number Optional For the hub and spoke network scheme NOTE Normally BGP detects routing loops by AS number In the hub and spoke network scheme however with eBGP running between PE and CE the routing informa...

Page 230: ... view ipv4 family vpn instance vpn instance name Required Configure the CE as the VPN iBGP peer peer group name ip address as number as number Required Configure the system to be the RR and specify the CE as the client of the RR peer group name ip address reflect client Optional By default no RR or RR client is configured Enable route reflection between clients reflect between clients Optional Ena...

Page 231: ... side of the route 2 Configure the CE To configure the CE To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Configure the PE as the iBGP peer peer group name ip address as number as number Required Configure route redistribution import route protocol process id med med value route policy route policy name Optional A CE must advertise its routes to the connect...

Page 232: ...ss family Every command in the following table has the same function on BGP routes for each type of the address families and only takes effect for the BGP routes in the address family view where the command is executed To configure common routing features for all types of subaddress families To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Required Configure...

Page 233: ...prefix both receive send Optional By default the ORF capability is disabled on a BGP peer or peer group Enable VPN target filtering for received VPNv4 routes policy vpn target Optional Enabled by default Enable route reflection between clients reflect between clients Optional Enabled by default Specify the cluster ID of the RR reflector cluster id cluster id ip address Optional Router ID of an RR ...

Page 234: ...eer group Filter routes received from or to be advertised to a peer or peer group based on an AS_PATH list peer group name ip address as path acl aspath filter number import export Optional By default no AS filtering list is applied to a peer or peer group Advertise a default VPN route to a peer or peer group peer group name ip address default route advertise vpn instance vpn instance name Optiona...

Page 235: ...s in each AS to implement IP connectivity of the backbones in the AS Configure basic MPLS capabilities for the MPLS backbones of each AS Configure MPLS LDP for the MPLS backbones so that LDP LSPs can be established Configure basic MPLS L3VPN for each AS NOTE When configuring basic MPLS L3VPN for each AS specific configurations may be required on PEs or ASBR PEs This depends on the inter AS VPN sol...

Page 236: ... filtering will be added to the routing table and the others are discarded In the inter AS option B solution the ASBR PEs must maintain all VPNv4 routing information and advertise the information to peer ASBR PEs In this case the ASBR PEs must receive all VPNv4 routing information without performing VPN target based filtering NOTE In the inter AS option B solution for the same VPN the VPN targets ...

Page 237: ...group name ip address enable Required Configure the PE not to change the next hop of a route when advertising it to the eBGP peer peer group name ip address next hop invariable Optional Required only when RRs are used to advertise VPNv4 routes where the next hop of a route advertised between RRs cannot be changed Configuring the ASBR PEs In the inter AS option C solution an inter AS LSP is require...

Page 238: ...tch does not advertise labeled routes to the IPv4 peer Apply a routing policy to the routes advertised by peer ASBR PE peer group name ip address route policy route policy name export Required By default no routing policy is applied to a peer or peer group Configuring the routing policy After you configure and apply a routing policy on an ASBR PE it does the following Assigns MPLS labels to the ro...

Page 239: ... Configure a CE peer or peer group peer group name peer address as number number Required Return to BGP view quit Enter BGP VPNv4 subaddress family view ipv4 family vpnv4 Enable nested VPN nesting vpn Required Disabled by default Activate a nested VPN peer or peer group and enable the BGP VPNv4 route exchange capability peer group name peer address vpn instance vpn instance name enable Required By...

Page 240: ...g see Layer 3 IP Routing Configuration Guide Configuration prerequisites Before you configure the multi role host feature complete the following tasks on the PE Create VPN instances for the VPNs Configure basic MPLS L3VPN Configuring and applying policy routing To configure and apply policy routing To do Use the command Remarks Enter system view system view Create a policy and enter policy routing...

Page 241: ... peer or peer group as the UPE peer group name ip address upe Required Advertise a default route destined for a VPN instance to a UPE peer group name ip address default route advertise vpn instance vpn instance name Required Configure either command By default BGP does not advertise default routes to a VPNv4 peer Advertise routes permitted by a specific routing policy to a UPE peer group name ip a...

Page 242: ...terface and enter loopback interface view interface loopback interface number Required Bind the loopback interface to VPN instance ip binding vpn instance vpn instance name Required By default an interface is associated with no VPN instance Configure the address of the loopback interface ip address ip address mask mask length Required Redistributing the loopback interface route and OSPF routes int...

Page 243: ...instances but do not configure the route tag the system will automatically create one based on the AS number configured If you do not configure BGP the tag will be 0 However the same calculation rule produces the same tag and hence the same tag will be created for multiple OSPF VPN instances on the same PE or PEs with the same AS number Therefore HP recommends configuring different tags for differ...

Page 244: ...gateway address preference preference value tag tag value description description text Configure the default precedence for static routes ip route static default preference default preference value Optional 60 by default Configuring RIP between MCE and VPN site A RIP process belongs to the public network or a single VPN instance If you create a RIP process without binding it to a VPN instance the ...

Page 245: ...er system view system view Create an OSPF process for a VPN instance and enter OSPF view ospf process id router id router id vpn instance vpn instance name Required Perform this configuration on the MCE On a VPN site create a normal OSPF process Configure the OSPF domain ID domain id domain id secondary Optional 0 by default Perform this configuration on the MCE On a VPN site perform the common OS...

Page 246: ...ration and security of VPN routes To configure IS IS between MCE and VPN site To do Use the command Remarks Enter system view system view Create an IS IS process for a VPN instance and enter IS IS view isis process id vpn instance vpn instance name Required Perform this configuration on the MCE On a VPN site configure a normal IS IS process Configure a network entity title network entity net Requi...

Page 247: ... number ip prefix ip prefix name export direct isis process id ospf process id rip process id static Optional By default BGP does not filter the routes to be advertised Configure a filtering policy to filter the received routes filter policy acl number ip prefix ip prefix name import Optional By default BGP does not filter the received routes Normally BGP checks routing loops by examining AS numbe...

Page 248: ...N sites 1 Configure the MCE To configure the MCE To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Enter BGP VPN instance view ipv4 family vpn instance vpn instance name Required Configure an iBGP peer peer group name ip address as number as number Required Configure the system to be the RR and specify the peer as the client of the RR peer group name ip addre...

Page 249: ... routes into the routing protocol running between the MCE and the PE NOTE Configurations in this section are configured on the MCE Configurations on the PE are similar to those on the PE in common MPLS L3VPN network solutions see Configuring routing between PE and CE Configuring static routing between MCE and PE To configure static routing between MCE and PE To do Use the command Remarks Enter sys...

Page 250: ...ring OSPF between MCE and PE To configure OSPF between MCE and PE To do Use the command Remarks Enter system view system view Create an OSPF process for a VPN instance and enter OSPF view ospf process id router id router id vpn instance vpn instance name Required Disable routing loop detection vpn instance capability simple Required Disabled by default You must disable routing loop detection for a...

Page 251: ...ocess id vpn instance vpn instance name Required Configure a network entity title network entity net Required Not configured by default Redistribute the VPN routes import route isis process id ospf process id rip process id bgp allow ibgp direct static cost cost cost type external internal level 1 level 1 2 level 2 route policy route policy name tag tag Optional By default IS IS does not redistrib...

Page 252: ...filter the received routes NOTE BGP runs within a VPN in the same way as it runs within a public network For more information about BGP see Layer 3 IP Routing Configuration Guide Configuring iBGP between MCE and PE To configure iBGP between MCE and PE To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Enter BGP VPN instance view ipv4 family vpn instance vpn in...

Page 253: ...r you execute the vpn popgo command you must reboot the switch to validate the configuration After the command is executed successfully the switch does not inform you of the current VPN label processing mode You can use the display vpn label operation command to view the current VPN label processing mode Configuring BGP AS number substitution and SoO Configuration prerequisites Before configuring ...

Page 254: ...community peer substitute as and peer route policy commands see Layer 3 IP Routing Command Reference Displaying and maintaining MPLS L3VPN Resetting BGP connections When BGP configuration changes you can use the soft reset function or reset BGP connections to make new configurations take effect Soft reset requires that BGP peers have route refreshment capability supporting Route Refresh messages N...

Page 255: ...xpression Available in any view Display information about labeled routes in the BGP routing table display bgp vpnv4 all vpn instance vpn instance name routing table label begin exclude include regular expression Available in any view Display information about a specific or all BGP VPNv4 peer group display bgp vpnv4 all vpn instance vpn instance name group group name begin exclude include regular e...

Page 256: ...s regular expression Available in any view Display the BGP VPNv4 routing information of a specific VPN instance display bgp vpnv4 vpn instance vpn instance name routing table network address mask mask length longer prefixes as path acl as path acl number cidr community aa nn 1 13 no advertise no export no export subconfed whole match community list basic community list number comm list name whole ...

Page 257: ... regexp as path regexp Available in user view NOTE For commands to display information about a routing table see Layer 3 IP Routing Command Reference MPLS L3VPN configuration examples NOTE By default Ethernet interfaces VLAN interfaces and aggregate interfaces are in DOWN state To configure such an interface first use the undo shutdown command to bring the interface up Configuring MPLS L3VPNs usin...

Page 258: ...nnectivity within the backbone Configure PE 1 PE1 system view PE1 interface loopback 0 PE1 LoopBack0 ip address 1 1 1 9 32 PE1 LoopBack0 quit PE1 interface vlan interface 3 PE1 Vlan interface3 ip address 172 1 1 1 24 PE1 Vlan interface3 quit PE1 ospf PE1 ospf 1 area 0 PE1 ospf 1 area 0 0 0 0 network 172 1 1 0 0 0 0 255 PE1 ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 PE1 ospf 1 area 0 0 0 0 quit PE...

Page 259: ... PE2 ospf 1 area 0 0 0 0 network 3 3 3 9 0 0 0 0 PE2 ospf 1 area 0 0 0 0 quit PE2 ospf 1 quit After you complete the configuration OSPF adjacencies are established between PE 1 P and PE 2 Issue the display ospf peer command You can see that the adjacency status is Full Issue the display ip routing table command You can see that the PEs have learned the loopback route of each other The following ta...

Page 260: ... mpls lsr id 2 2 2 9 P mpls P mpls quit P mpls ldp P mpls ldp quit P interface vlan interface 3 P Vlan interface3 mpls P Vlan interface3 mpls ldp P Vlan interface3 quit P interface vlan interface 1 P Vlan interface1 mpls P Vlan0interface1 mpls ldp P Vlan interface1 quit Configure PE 2 PE2 mpls lsr id 3 3 3 9 PE2 mpls PE2 mpls quit PE2 mpls ldp PE2 mpls ldp quit PE2 interface vlan interface 1 PE2 V...

Page 261: ...0 1 PE1 vpn instance vpn1 vpn target 111 1 PE1 vpn instance vpn1 quit PE1 ip vpn instance vpn2 PE1 vpn instance vpn2 route distinguisher 100 2 PE1 vpn instance vpn2 vpn target 222 2 PE1 vpn instance vpn2 quit PE1 interface vlan interface 1 PE1 Vlan interface1 ip binding vpn instance vpn1 PE1 Vlan interface1 ip address 10 1 1 2 24 PE1 Vlan interface1 quit PE1 interface vlan interface 2 PE1 Vlan int...

Page 262: ...ence 1 ttl 255 time 56 ms Reply from 10 1 1 1 bytes 56 Sequence 2 ttl 255 time 4 ms Reply from 10 1 1 1 bytes 56 Sequence 3 ttl 255 time 4 ms Reply from 10 1 1 1 bytes 56 Sequence 4 ttl 255 time 52 ms Reply from 10 1 1 1 bytes 56 Sequence 5 ttl 255 time 3 ms 10 1 1 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 3 23 56 ms 4 Establish eBGP peer ...

Page 263: ... 3 3 3 9 enable PE1 bgp af vpnv4 quit PE1 bgp quit Configure PE 2 PE2 bgp 100 PE2 bgp peer 1 1 1 9 as number 100 PE2 bgp peer 1 1 1 9 connect interface loopback 0 PE2 bgp ipv4 family vpnv4 PE2 bgp af vpnv4 peer 1 1 1 9 enable PE2 bgp af vpnv4 quit PE2 bgp quit After you complete the configuration issue the display bgp peer command or the display bgp vpnv4 all peer command on the PEs You will see t...

Page 264: ...10 3 1 1 56 data bytes press CTRL_C to break Reply from 10 3 1 1 bytes 56 Sequence 1 ttl 253 time 72 ms Reply from 10 3 1 1 bytes 56 Sequence 2 ttl 253 time 34 ms Reply from 10 3 1 1 bytes 56 Sequence 3 ttl 253 time 50 ms Reply from 10 3 1 1 bytes 56 Sequence 4 ttl 253 time 50 ms Reply from 10 3 1 1 bytes 56 Sequence 5 ttl 253 time 34 ms 10 3 1 1 ping statistics 5 packet s transmitted 5 packet s r...

Page 265: ...t12 10 2 1 1 24 CE 4 Loop0 7 7 7 9 32 CE 3 Loop0 6 6 6 9 32 Vlan int13 10 4 1 1 24 Vlan int11 10 3 1 1 24 Configuration procedure 1 Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone Configure PE 1 PE1 system view PE1 interface loopback 0 PE1 LoopBack0 ip address 1 1 1 9 32 PE1 LoopBack0 quit PE1 interface vlan interface 13 PE1 Vlan interface13 ip address 172 1 1 1...

Page 266: ...e vlan interface 12 PE2 Vlan interface12 ip address 172 2 1 2 24 PE2 Vlan interface12 quit PE2 ospf PE2 ospf 1 area 0 PE2 ospf 1 area 0 0 0 0 network 172 2 1 0 0 0 0 255 PE2 ospf 1 area 0 0 0 0 network 3 3 3 9 0 0 0 0 PE2 ospf 1 area 0 0 0 0 quit PE2 ospf 1 quit After you complete the configuration P establishes an OSPF adjacency with PE 1 and PE 2 respectively Issue the display ospf peer command ...

Page 267: ...LDP on the MPLS backbone to establish LDP LSPs Configure PE 1 PE1 mpls lsr id 1 1 1 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit PE1 interface vlan interface 13 PE1 Vlan interface13 mpls PE1 Vlan interface13 mpls ldp PE1 Vlan interface13 quit Configure the P switch P mpls lsr id 2 2 2 9 P mpls P mpls quit P mpls ldp P mpls ldp quit P interface vlan interface 13 P Vlan interface13 mpls P...

Page 268: ... 3 3 3 9 32 NULL 1024 172 1 1 2 Vlan interface13 A before an LSP means the LSP is not established A before a Label means the USCB or DSCB is stale 3 Configure VPN instances on PEs to allow CEs to access Configure PE 1 PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 100 1 PE1 vpn instance vpn1 vpn target 111 1 PE1 vpn instance vpn1 quit PE1 ip vpn instance vpn2 PE1 vpn instance v...

Page 269: ...2 21 vpn2 100 2 2009 01 22 13 02 40 PE1 ping vpn instance vpn1 10 1 1 1 PING 10 1 1 1 56 data bytes press CTRL_C to break Reply from 10 1 1 1 bytes 56 Sequence 1 ttl 255 time 56 ms Reply from 10 1 1 1 bytes 56 Sequence 2 ttl 255 time 4 ms Reply from 10 1 1 1 bytes 56 Sequence 3 ttl 255 time 4 ms Reply from 10 1 1 1 bytes 56 Sequence 4 ttl 255 time 52 ms Reply from 10 1 1 1 bytes 56 Sequence 5 ttl ...

Page 270: ...n established between the PEs and CEs and have reached the Established state Take the BGP peer relationship between PE 1 and CE 1 as an example PE1 display bgp vpnv4 vpn instance vpn1 peer BGP local router ID 1 1 1 9 Local AS number 100 Total number of peers 1 Peers in established state 1 Peer AS MsgRcvd MsgSent OutQ PrefRcv Up Down State 10 1 1 1 100 26 21 0 2 00 11 08 Established 5 Configure an ...

Page 271: ... peer BGP local router ID 1 1 1 9 Local AS number 100 Total number of peers 1 Peers in established state 1 Peer AS MsgRcvd MsgSent OutQ PrefRcv Up Down State 3 3 3 9 100 4 8 0 0 00 00 09 Established 6 Verify your configuration Issue the display ip routing table vpn instance command on the PEs The output shows the routes to the peer CEs Take PE 1 as an example PE1 display ip routing table vpn insta...

Page 272: ...6 9 bytes 56 Sequence 5 ttl 253 time 34 ms 6 6 6 9 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 34 48 72 ms CE1 ping 7 7 7 9 PING 7 7 7 9 56 data bytes press CTRL_C to break Request time out Request time out Request time out Request time out Request time out 7 7 7 9 ping statistics 5 packet s transmitted 0 packet s received 100 00 packet loss C...

Page 273: ...24 Configuration procedure 1 Configure an IGP in the MPLS backbone to ensure IP connectivity between spoke PE and hub PE Configure Spoke PE 1 Spoke PE1 system view Spoke PE1 interface loopback 0 Spoke PE1 LoopBack0 ip address 1 1 1 9 32 Spoke PE1 LoopBack0 quit Spoke PE1 interface vlan interface 4 Spoke PE1 Vlan interface4 ip address 172 1 1 1 24 Spoke PE1 Vlan interface4 quit Spoke PE1 ospf Spoke...

Page 274: ...twork 172 1 1 0 0 0 0 255 Hub PE ospf 1 area 0 0 0 0 network 172 2 1 0 0 0 0 255 Hub PE ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 Hub PE ospf 1 area 0 0 0 0 quit Hub PE ospf 1 quit After the configuration OSPF adjacencies are established between Spoke PE 1 and Hub PE and between Spoke PE 2 and Hub PE Issue the display ospf peer command The output shows that the adjacency status is Full Issue the...

Page 275: ...ke PE1 mpls quit Spoke PE1 mpls ldp Spoke PE1 mpls ldp quit Spoke PE1 interface vlan interface 4 Spoke PE1 Vlan interface4 mpls Spoke PE1 Vlan interface4 mpls ldp Spoke PE1 Vlan interface4 quit Configure Spoke PE 2 Spoke PE2 mpls lsr id 3 3 3 9 Spoke PE2 mpls Spoke PE2 mpls quit Spoke PE2 mpls ldp Spoke PE2 mpls ldp quit Spoke PE2 interface vlan interface 5 Spoke PE2 Vlan interface5 mpls Spoke PE2...

Page 276: ...B or DSCB is stale 3 Configure VPN instances on the spoke PEs and the hub PE to allow CEs to access the PEs Configure Spoke PE 1 Spoke PE1 ip vpn instance vpn1 Spoke PE1 vpn instance vpn1 route distinguisher 100 1 Spoke PE1 vpn instance vpn1 vpn target 111 1 import extcommunity Spoke PE1 vpn instance vpn1 vpn target 222 2 export extcommunity Spoke PE1 vpn instance vpn1 quit Spoke PE1 interface vla...

Page 277: ... the ping command to test connectivity between the PEs and their attached CEs The PEs can ping their attached CEs Take Spoke PE 1 as an example Spoke PE1 display ip vpn instance Total VPN Instances configured 1 VPN Instance Name RD Create time vpn1 100 1 2009 04 08 10 55 07 Spoke PE 1 can ping Spoke CE successfully Spoke PE1 ping vpn instance vpn1 10 1 1 1 PING 10 1 1 1 56 data bytes press CTRL_C ...

Page 278: ...p vpn1 quit Spoke PE2 bgp quit Configure the Hub PE Hub PE bgp 100 Hub PE bgp ipv4 family vpn instance vpn1 in Hub PE bgp vpn1 in peer 10 3 1 1 as number 65430 Hub PE bgp vpn1 in import route direct Hub PE bgp vpn1 in quit Hub PE bgp ipv4 family vpn instance vpn1 out Hub PE bgp vpn1 out peer 10 4 1 1 as number 65430 Hub PE bgp vpn1 out peer 10 4 1 1 allow as loop Hub PE bgp vpn1 out import route d...

Page 279: ...er 1 1 1 9 connect interface loopback 0 Hub PE bgp peer 3 3 3 9 as number 100 Hub PE bgp peer 3 3 3 9 connect interface loopback 0 Hub PE bgp ipv4 family vpnv4 Hub PE bgp af vpnv4 peer 1 1 1 9 enable Hub PE bgp af vpnv4 peer 3 3 3 9 enable Hub PE bgp af vpnv4 quit Hub PE bgp quit After you complete the configurations issue the display bgp peer command or the display bgp vpnv4 all peer command on t...

Page 280: ...gh the Hub CE Take Spoke CE 1 as an example Spoke CE1 ping 10 2 1 1 PING 10 2 1 1 56 data bytes press CTRL_C to break Reply from 10 2 1 1 bytes 56 Sequence 1 ttl 250 time 3 ms Reply from 10 2 1 1 bytes 56 Sequence 2 ttl 250 time 3 ms Reply from 10 2 1 1 bytes 56 Sequence 3 ttl 250 time 2 ms Reply from 10 2 1 1 bytes 56 Sequence 4 ttl 250 time 2 ms Reply from 10 2 1 1 bytes 56 Sequence 5 ttl 250 ti...

Page 281: ...ails not shown NOTE The 32 bit loopback interface address used as the LSR ID needs to be advertised by OSPF After you complete the previous configurations each ASBR PE and the PE in the same AS are able to establish OSPF adjacencies Issuing the display ospf peer command you can see that the adjacencies reach the state of Full and that PEs can learn the loopback addresses of each other Each ASBR PE...

Page 282: ... Vlan interface1 mpls ldp ASBR PE2 Vlan interface1 quit Configure basic MPLS on PE 2 and enable MPLS LDP on the interface connected to ASBR PE 2 PE2 system view PE2 mpls lsr id 4 4 4 9 PE2 mpls PE2 mpls quit PE2 mpls ldp PE2 mpls ldp quit PE2 interface vlan interface 2 PE2 Vlan interface2 mpls PE2 Vlan interface2 mpls ldp PE2 Vlan interface2 quit After you complete the previous configurations each...

Page 283: ...nce and binding the instance to the interface connected with ASBR PE 2 ASBR PE 1 considers ASBR PE 2 its CE ASBR PE1 ip vpn instance vpn1 ASBR PE1 vpn instance vpn1 route distinguisher 100 1 ASBR PE1 vpn instance vpn1 vpn target 100 1 both ASBR PE1 vpn instance vpn1 quit ASBR PE1 interface vlan interface 2 ASBR PE1 Vlan interface2 ip binding vpn instance vpn1 ASBR PE1 Vlan interface2 ip address 19...

Page 284: ...1 peer 10 2 1 1 as number 65002 PE2 bgp vpn1 import route direct PE2 bgp vpn1 quit PE2 bgp quit 5 Establish iBGP peer relationships between each PE and the ASBR PE in the same AS and an eBGP peer relationship between the ASBR PEs Configure PE 1 PE1 bgp 100 PE1 bgp peer 2 2 2 9 as number 100 PE1 bgp peer 2 2 2 9 connect interface loopback 0 PE1 bgp ipv4 family vpnv4 PE1 bgp af vpnv4 peer 2 2 2 9 en...

Page 285: ...PE2 bgp af vpnv4 peer 3 3 3 9 enable PE2 bgp af vpnv4 peer 3 3 3 9 next hop local PE2 bgp af vpnv4 quit PE2 bgp quit 6 Verify your configuration After you complete the previous configurations the CEs should be able to learn the interface routes from each other and ping each other Configuring inter AS option B Network requirements Site 1 and Site 2 belong to the same VPN CE 1 of Site 1 accesses the...

Page 286: ...onfiguration procedure 1 Configure PE 1 Run IS IS on PE 1 PE1 system view PE1 isis 1 PE1 isis 1 network entity 10 1111 1111 1111 1111 00 PE1 isis 1 quit Configure LSR ID enable MPLS and LDP PE1 mpls lsr id 2 2 2 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit Configure interface VLAN interface 2 start IS IS and enable MPLS and LDP on the interface PE1 interface vlan interface 2 PE1 Vlan in...

Page 287: ...GP peer 3 3 3 9 as a VPNv4 peer PE1 bgp peer 3 3 3 9 as number 100 PE1 bgp peer 3 3 3 9 connect interface loopback 0 PE1 bgp ipv4 family vpnv4 PE1 bgp af vpnv4 peer 3 3 3 9 enable PE1 bgp af vpnv4 quit Inject direct routes to the VPN routing table of vpn1 PE1 bgp ipv4 family vpn instance vpn1 PE1 bgp vpn1 import route direct PE1 bgp vpn1 quit PE1 bgp quit 2 Configure ASBR PE 1 Start IS IS on ASBR ...

Page 288: ... undo policy vpn target Configure both iBGP peer 2 2 2 0 and eBGP peer 11 0 0 1 as VPNv4 peers ASBR PE1 bgp af vpnv4 peer 11 0 0 1 enable ASBR PE1 bgp af vpnv4 peer 2 2 2 9 enable ASBR PE1 bgp af vpnv4 quit 3 Configure ASBR PE 2 Start IS IS on ASBR PE 2 ASBR PE2 system view ASBR PE2 isis 1 ASBR PE2 isis 1 network entity 10 3333 3333 3333 3333 00 ASBR PE2 isis 1 quit Configure LSR ID enable MPLS an...

Page 289: ... 2 enable ASBR PE2 bgp af vpnv4 peer 5 5 5 9 enable ASBR PE2 bgp af vpnv4 quit ASBR PE2 bgp quit 4 Configure PE 2 Start IS IS on PE 2 PE2 system view PE2 isis 1 PE2 isis 1 network entity 10 4444 4444 4444 4444 00 PE2 isis 1 quit Configure LSR ID enable MPLS and LDP PE2 mpls lsr id 5 5 5 9 PE2 mpls PE2 mpls quit PE2 mpls ldp PE2 mpls ldp quit Configure interface VLAN interface 2 start IS IS and ena...

Page 290: ...e VPN routing table of vpn1 PE2 bgp ipv4 family vpn instance vpn1 PE2 bgp vpn1 import route direct PE2 bgp vpn1 quit PE2 bgp quit 5 Verify your configuration Ping PE 1 from PE 2 and ping PE 2 from PE 1 They can ping each other successfully PE2 ping vpn instance vpn1 30 0 0 1 PE1 ping vpn instance vpn1 20 0 0 1 Configuring inter AS option C Network requirements Site 1 and Site 2 belong to the same ...

Page 291: ...1 PE1 isis 1 network entity 10 1111 1111 1111 1111 00 PE1 isis 1 quit Configure LSR ID enable MPLS and LDP PE1 mpls lsr id 2 2 2 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit Configure interface VLAN interface 1 start IS IS and enable MPLS and LDP on the interface PE1 interface vlan interface 1 PE1 Vlan interface1 ip address 1 1 1 2 255 0 0 0 PE1 Vlan interface1 isis enable 1 PE1 Vlan in...

Page 292: ...apability Configure the maximum hop count from PE 1 to eBGP peer 5 5 5 9 as 10 PE1 bgp peer 5 5 5 9 as number 600 PE1 bgp peer 5 5 5 9 connect interface loopback 0 PE1 bgp peer 5 5 5 9 ebgp max hop 10 Configure peer 5 5 5 9 as a VPNv4 peer PE1 bgp ipv4 family vpnv4 PE1 bgp af vpnv4 peer 5 5 5 9 enable PE1 bgp af vpnv4 quit Inject direct routes to the routing table of vpn1 PE1 bgp ipv4 family vpn i...

Page 293: ...ASBR PE 1 and redistribute routes of IS IS process 1 ASBR PE1 bgp 100 ASBR PE1 bgp import route isis 1 Apply routing policy policy2 to filter routes advertised to iBGP peer 2 2 2 9 ASBR PE1 bgp peer 2 2 2 9 as number 100 ASBR PE1 bgp peer 2 2 2 9 route policy policy2 export Configure the capability to advertise labeled routes to and receive labeled routes from iBGP peer 2 2 2 9 ASBR PE1 bgp peer 2...

Page 294: ... New Sequence of this List ASBR PE2 route policy1 apply mpls label ASBR PE2 route policy1 quit ASBR PE2 route policy policy2 permit node 1 ASBR PE2 route policy2 if match mpls label ASBR PE2 route policy2 apply mpls label ASBR PE2 route policy2 quit Start BGP on ASBR PE 2 and redistribute routes of IS IS process 1 ASBR PE2 bgp 600 ASBR PE2 bgp import route isis 1 Configure the capability to advert...

Page 295: ...Create VPN instance vpn1 and configure the RD and VPN target attributes PE2 ip vpn instance vpn1 PE2 vpn instance vpn1 route distinguisher 11 11 PE2 vpn instance vpn1 vpn target 3 3 import extcommunity PE2 vpn instance vpn1 vpn target 3 3 export extcommunity PE2 vpn instance vpn1 quit Configure interface Loopback 1 and bind the interface to VPN instance vpn1 PE2 interface loopback 1 PE2 LoopBack1 ...

Page 296: ... scenario shown in Figure 72 In this scenario PE 1 and PE 2 are the provider carrier s PE switches They provide VPN services for the customer carrier CE 1 and CE 2 are the customer carrier s switches They are connected to the provider carrier s backbone as CE switches PE 3 and PE 4 are the customer carrier s PE switches They provide MPLS L3VPN services for the end customers CE 3 and CE 4 are custo...

Page 297: ...Loop0 3 3 3 9 32 PE 2 Loop0 4 4 4 9 32 Vlan int1 11 1 1 2 24 Vlan int2 30 1 1 2 24 Vlan int2 30 1 1 1 24 Vlan int1 21 1 1 1 24 Configuration procedure 1 Configure MPLS L3VPN on the provider carrier backbone start IS IS as the IGP enable LDP between PE 1 and PE 2 and establish an MP iBGP peer relationship between the PEs Configure PE 1 PE1 system view PE1 interface loopback 0 PE1 LoopBack0 ip addre...

Page 298: ...play mpls ldp session command to see whether the LDP session has been established successfully Execute the display bgp peer command to see whether a BGP peer relationship has been established and is in Established state Execute the display isis peer command to see whether an IS IS neighbor relationship has been set up Take PE 1 as an example PE1 display mpls ldp session LDP Session s in Public Net...

Page 299: ...0000 0000 0000 0001 00 PE3 isis 2 quit PE3 interface loopback 0 PE3 LoopBack0 isis enable 2 PE3 LoopBack0 quit PE3 interface vlan interface 2 PE3 Vlan interface2 ip address 10 1 1 1 24 PE3 Vlan interface2 isis enable 2 PE3 Vlan interface2 mpls PE3 Vlan interface2 mpls ldp PE3 Vlan interface2 mpls ldp transport address interface PE3 Vlan interface2 quit Configure CE 1 CE1 system view CE1 interface ...

Page 300: ...tance vpn1 PE1 mpls ldp vpn instance vpn1 quit PE1 isis 2 vpn instance vpn1 PE1 isis 2 network entity 10 0000 0000 0000 0003 00 PE1 isis 2 import route bgp allow ibgp PE1 isis 2 quit PE1 interface vlan interface 1 PE1 Vlan interface1 ip binding vpn instance vpn1 PE1 Vlan interface1 ip address 11 1 1 2 24 PE1 Vlan interface1 isis enable 2 PE1 Vlan interface1 mpls PE1 Vlan interface1 mpls ldp PE1 Vl...

Page 301: ...ce1 ip binding vpn instance vpn1 PE3 Vlan interface1 ip address 100 1 1 2 24 PE3 Vlan interface1 quit PE3 bgp 100 PE3 bgp ipv4 family vpn instance vpn1 PE3 bgp vpn1 peer 100 1 1 1 as number 65410 PE3 bgp vpn1 import route direct PE3 bgp vpn1 quit PE3 bgp quit NOTE The configurations for PE 4 and CE 4 are similar to those for PE 3 and CE 3 Details not shown 5 Configure an MP iBGP peer relationship ...

Page 302: ...ion Mask Proto Pre Cost NextHop Interface 1 1 1 9 32 ISIS 15 20 11 1 1 1 Vlan1 2 2 2 9 32 ISIS 15 10 11 1 1 1 Vlan1 5 5 5 9 32 BGP 255 0 4 4 4 9 NULL0 6 6 6 9 32 BGP 255 0 4 4 4 9 NULL0 10 1 1 0 24 ISIS 15 20 11 1 1 1 Vlan1 11 1 1 0 24 Direct 0 0 11 1 1 1 Vlan1 11 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 11 1 1 2 32 Direct 0 0 11 1 1 2 Vlan1 20 1 1 0 24 BGP 255 0 4 4 4 9 NULL0 21 1 1 0 24 BGP 255 0 4...

Page 303: ... 84 10 1 1 2 Vlan2 21 1 1 0 24 ISIS 15 84 10 1 1 2 Vlan2 21 1 1 2 32 ISIS 15 84 10 1 1 2 Vlan2 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 Issuing the display ip routing table vpn instance command on PE 3 and PE 4 you will see that the routes of the remote VPN customers are present in the VPN routing tables Take PE 3 as an example PE3 display ip routing table...

Page 304: ...k requirements Configure carrier s carrier for the scenario shown in Figure 73 In this scenario PE 1 and PE 2 are the provider carrier s PE switches They provide VPN services for the customer carrier CE 1 and CE 2 are the customer carrier s switches They are connected to the provider carrier s backbone as CE switches PE 3 and PE 4 are the customer carrier s PE switches They provide MPLS L3VPN serv...

Page 305: ... 1 1 24 PE 1 Loop0 3 3 3 9 32 PE 2 Loop0 4 4 4 9 32 Vlan int1 11 1 1 2 24 Vlan int2 30 1 1 2 24 Vlan int2 30 1 1 1 24 Vlan int1 21 1 1 1 24 Configuration procedure 1 Configure MPLS L3VPN on the provider carrier backbone start IS IS as the IGP enable LDP between PE 1 and PE 2 and establish an MP iBGP peer relationship between the PEs Configure PE 1 PE1 system view PE1 interface loopback 0 PE1 LoopB...

Page 306: ...cute the display mpls ldp session command to see whether the LDP session has been established successfully Execute the display bgp peer command to see whether a BGP peer relationship has been established and is in state Established Execute the display isis peer command to see whether an IS IS neighbor relationship has been set up Take PE 1 as an example PE1 display mpls ldp session LDP Session s i...

Page 307: ...0000 0000 0000 0001 00 PE3 isis 2 quit PE3 interface loopback 0 PE3 LoopBack0 isis enable 2 PE3 LoopBack0 quit PE3 interface vlan interface 2 PE3 Vlan interface2 ip address 10 1 1 1 24 PE3 Vlan interface2 isis enable 2 PE3 Vlan interface2 mpls PE3 Vlan interface2 mpls ldp PE3 Vlan interface2 mpls ldp transport address interface PE3 Vlan interface2 quit Configure CE 1 CE1 system view CE1 interface ...

Page 308: ... quit PE1 interface vlan interface1 PE1 Vlan interface1 ip binding vpn instance vpn1 PE1 Vlan interface1 ip address 11 1 1 2 24 PE1 Vlan interface1 mpls PE1 Vlan interface1 quit PE1 bgp 100 PE1 bgp ipv4 family vpn instance vpn1 PE1 bgp vpn1 import direct PE1 bgp vpn1 peer 11 1 1 1 as number 65410 PE1 bgp vpn1 peer 11 1 1 1 route policy policy1 export PE1 bgp vpn1 peer 11 1 1 1 label route capabili...

Page 309: ... quit PE3 interface Vlan interface1 PE3 Vlan interface1 ip binding vpn instance vpn1 PE3 Vlan interface1 ip address 100 1 1 2 24 PE3 Vlan interface1 quit PE3 bgp 65410 PE3 bgp ipv4 family vpn instance vpn1 PE3 bgp vpn1 peer 100 1 1 1 as number 65411 PE3 bgp vpn1 import route direct PE3 bgp vpn1 quit PE3 bgp quit NOTE The configurations for PE 4 and CE 4 are similar to those for PE 3 and CE 3 Detai...

Page 310: ...Routing Tables vpn1 Destinations 11 Routes 11 Destination Mask Proto Pre Cost NextHop Interface 1 1 1 9 32 ISIS 15 20 11 1 1 1 Vlan1 2 2 2 9 32 ISIS 15 10 11 1 1 1 Vlan1 5 5 5 9 32 BGP 255 0 4 4 4 9 NULL0 6 6 6 9 32 BGP 255 0 4 4 4 9 NULL0 10 1 1 0 24 ISIS 15 20 11 1 1 1 Vlan1 11 1 1 0 24 Direct 0 0 11 1 1 1 Vlan1 11 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 11 1 1 2 32 Direct 0 0 11 1 1 2 Vlan1 20 1 ...

Page 311: ...lan2 11 1 1 0 24 ISIS 15 20 10 1 1 2 Vlan2 20 1 1 0 24 ISIS 15 84 10 1 1 2 Vlan2 21 1 1 0 24 ISIS 15 84 10 1 1 2 Vlan2 21 1 1 2 32 ISIS 15 84 10 1 1 2 Vlan2 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 Execute the display ip routing table vpn instance command on PE 3 and PE 4 You see that the routes of the remote VPN customers are present in the VPN routing ta...

Page 312: ...vice provider backbone Both of them support the nested VPN function CE 1 and CE 2 are connected to the service provider backbone Both of them support VPNv4 routes PE 3 and PE 4 are PE switches of the customer VPN Both of them support MPLS L3VPN CE 3 through CE 6 are CE switches of the sub VPNs for the customer VPN The key of nested VPN configuration is to understand the processing of routes of sub...

Page 313: ...cedure 1 Configure MPLS L3VPN on the service provider backbone using IS IS as the IGP protocol and enabling LDP and establishing an MP iBGP peer relationship between PE 1 and PE 2 Configure PE 1 PE1 system view PE1 interface loopback 0 PE1 LoopBack0 ip address 3 3 3 9 32 PE1 LoopBack0 quit PE1 mpls lsr id 3 3 3 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit PE1 isis 1 PE1 isis 1 network e...

Page 314: ... see that the LDP session is established the BGP peer relationship is established and in the Established state and the IS IS neighbor relationship is established and up The following takes PE 1 for illustration PE1 display mpls ldp session LDP Session s in Public Network Total number of sessions 1 Peer ID Status LAM SsnRole FT MD5 KA Sent Rcv 4 4 4 9 0 Operational DU Active Off Off 378 378 LAM Lab...

Page 315: ...s ldp PE3 Vlan interface2 quit Configure CE 1 CE1 system view CE1 interface loopback 0 CE1 LoopBack0 ip address 2 2 2 9 32 CE1 LoopBack0 quit CE1 mpls lsr id 2 2 2 9 CE1 mpls CE1 mpls quit CE1 mpls ldp CE1 mpls ldp quit CE1 isis 2 CE1 isis 2 network entity 10 0000 0000 0000 0002 00 CE1 isis 2 quit CE1 interface loopback 0 CE1 LoopBack0 isis enable 2 CE1 LoopBack0 quit CE1 interface vlan interface ...

Page 316: ...n1 PE1 bgp vpn1 peer 11 1 1 1 as number 200 PE1 bgp vpn1 quit PE1 bgp quit Configure CE 1 CE1 interface vlan interface 1 CE1 Vlan interface1 ip address 11 1 1 1 24 CE1 Vlan interface1 mpls CE1 Vlan interface1 quit CE1 bgp 200 CE1 bgp peer 11 1 1 2 as number 100 CE1 bgp import isis 2 CE1 bgp quit NOTE Configurations on PE 2 and CE 2 are similar to those on PE 1 and CE 1 respectively and are thus om...

Page 317: ...E3 Vlan interface3 ip binding vpn instance SUB_VPN2 PE3 Vlan interface3 ip address 110 1 1 2 24 PE3 Vlan interface3 quit PE3 bgp 200 PE3 bgp ipv4 family vpn instance SUB_VPN1 PE3 bgp SUB_VPN1 peer 100 1 1 1 as number 65410 PE3 bgp SUB_VPN1 import route direct PE3 bgp SUB_VPN1 quit PE3 bgp ipv4 family vpn instance SUB_VPN2 PE3 bgp SUB_VPN2 peer 100 1 1 1 as number 65411 PE3 bgp SUB_VPN2 import rout...

Page 318: ... 2 2 9 as number 200 PE3 bgp peer 2 2 2 9 connect interface loopback 0 PE3 bgp ipv4 family vpnv4 PE3 bgp af vpnv4 peer 2 2 2 9 enable Allow the local AS number to appear in the AS PATH attribute of the routes received PE3 bgp af vpnv4 peer 2 2 2 9 allow as loop 2 PE3 bgp af vpnv4 quit PE3 bgp quit Configure CE 1 CE1 bgp 200 CE1 bgp peer 1 1 1 9 as number 200 CE1 bgp peer 1 1 1 9 connect interface ...

Page 319: ...ect 0 0 11 1 1 1 Vlan1 11 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 11 1 1 2 32 Direct 0 0 11 1 1 2 Vlan1 100 1 1 0 24 BGP 255 0 11 1 1 1 NULL0 110 1 1 0 24 BGP 255 0 11 1 1 1 NULL0 120 1 1 0 24 BGP 255 0 4 4 4 9 NULL0 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 130 1 1 0 24 BGP 255 0 4 4 4 9 NULL0 Execute the display bgp vpnv4 all routing table command on CE 1 a...

Page 320: ...ustration PE3 display ip routing table vpn instance SUB_VPN1 Routing Tables SUB_VPN1 Destinations 5 Routes 5 Destination Mask Proto Pre Cost NextHop Interface 100 1 1 0 24 Direct 0 0 100 1 1 2 Vlan1 100 1 1 2 32 Direct 0 0 127 0 0 1 InLoop0 120 1 1 0 24 BGP 255 0 2 2 2 9 NULL0 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 Execute the display ip routing table co...

Page 321: ...2 ms Reply from 120 1 1 1 bytes 56 Sequence 2 ttl 252 time 69 ms Reply from 120 1 1 1 bytes 56 Sequence 3 ttl 252 time 105 ms Reply from 120 1 1 1 bytes 56 Sequence 4 ttl 252 time 88 ms Reply from 120 1 1 1 bytes 56 Sequence 5 ttl 252 time 87 ms 120 1 1 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 69 90 105 ms CE5 and CE 6 can ping each other...

Page 322: ...o levels of networks the backbone and the MPLS VPN networks as shown in Figure 75 SPEs act as PEs to allow MPLS VPNs to access the backbone UPEs act as PEs of the MPLS VPNs to allow end users to access the VPNs Performance requirements for the UPEs are lower than those for the SPEs SPEs advertise routes permitted by the routing policies to UPEs permitting CE 1 and CE 3 in VPN 1 to communicate with...

Page 323: ...2 24 Vlan int1 172 2 1 2 24 Vlan int2 180 1 1 1 24 Vlan int2 180 1 1 2 24 Configuration procedure 1 Configure UPE 1 Configure basic MPLS and MPLS LDP to establish LDP LSPs UPE1 system view UPE1 interface loopback 0 UPE1 LoopBack0 ip address 1 1 1 9 32 UPE1 LoopBack0 quit UPE1 mpls lsr id 1 1 1 9 UPE1 mpls UPE1 mpls quit UPE1 mpls ldp UPE1 mpls ldp quit UPE1 interface vlan interface 1 UPE1 Vlan int...

Page 324: ...nterface3 ip address 10 4 1 2 24 UPE1 Vlan interface3 quit Configure UPE 1 to establish an MP iBGP peer relationship with SPE 1 and to inject VPN routes UPE1 bgp 100 UPE1 bgp peer 2 2 2 9 as number 100 UPE1 bgp peer 2 2 2 9 connect interface loopback 0 UPE1 bgp ipv4 family vpnv4 UPE1 bgp af vpnv4 peer 2 2 2 9 enable UPE1 bgp af vpnv4 quit UPE1 bgp ipv4 family vpn instance vpn1 UPE1 bgp vpn1 peer 1...

Page 325: ...ork 172 2 1 0 0 0 0 255 UPE2 ospf 1 area 0 0 0 0 network 4 4 4 9 0 0 0 0 UPE2 ospf 1 area 0 0 0 0 quit UPE2 ospf 1 quit Configure VPN instances vpn1 and vpn2 allowing CE 3 and CE 4 to access UPE 2 UPE2 ip vpn instance vpn1 UPE2 vpn instance vpn1 route distinguisher 300 1 UPE2 vpn instance vpn1 vpn target 100 1 both UPE2 vpn instance vpn1 quit UPE2 ip vpn instance vpn2 UPE2 vpn instance vpn2 route ...

Page 326: ...p address 10 1 1 1 255 255 255 0 CE3 Vlan interface1 quit CE3 bgp 65430 CE3 bgp peer 10 1 1 2 as number 100 CE3 bgp import route direct CE3 quit 6 Configure CE 4 CE4 system view CE4 interface vlan interface 1 CE4 Vlan interface1 ip address 10 3 1 1 255 255 255 0 CE4 Vlan interface1 quit CE4 bgp 65440 CE4 bgp peer 10 3 1 2 as number 100 CE4 bgp import route direct CE4 quit 7 Configure SPE 1 Configu...

Page 327: ... vpn target 100 2 both SPE1 vpn instance vpn2 quit Configure SPE 1 to establish an MP iBGP peer relationship with UPE 1 and to inject VPN routes and specify UPE 1 SPE1 bgp 100 SPE1 bgp peer 1 1 1 9 as number 100 SPE1 bgp peer 1 1 1 9 connect interface loopback 0 SPE1 bgp peer 1 1 1 9 next hop local SPE1 bgp peer 3 3 3 9 as number 100 SPE1 bgp peer 3 3 3 9 connect interface loopback 0 SPE1 bgp ipv4...

Page 328: ... IGP protocol OSPF for example SPE2 ospf SPE2 ospf 1 area 0 SPE2 ospf 1 area 0 0 0 0 network 3 3 3 9 0 0 0 0 SPE2 ospf 1 area 0 0 0 0 network 172 2 1 0 0 0 0 255 SPE2 ospf 1 area 0 0 0 0 network 180 1 1 0 0 0 0 255 SPE2 ospf 1 area 0 0 0 0 quit SPE2 ospf 1 quit Configure VPN instances vpn1 and vpn2 SPE2 ip vpn instance vpn1 SPE2 vpn instance vpn1 route distinguisher 600 1 SPE2 vpn instance vpn1 vp...

Page 329: ...t 10 2 1 1 24 SPE2 route policy hope permit node 0 SPE2 route policy if match ip prefix hope SPE2 route policy quit SPE2 bgp 100 SPE2 bgp ipv4 family vpnv4 SPE2 bgp af vpnv4 peer 4 4 4 9 upe route policy hope export Configuring OSPF sham links Network requirements CE 1 and CE 2 belong to VPN 1 and are in the same OSPF area Forword VPN traffic between CE 1 and CE 2 through the MPLS backbone instead...

Page 330: ... 32 Direct 0 0 20 1 1 2 Vlan2 30 1 1 0 24 OSPF 10 3124 20 1 1 2 Vlan2 100 1 1 0 24 Direct 0 0 100 1 1 1 Vlan1 100 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 120 1 1 0 24 OSPF 10 3125 20 1 1 2 Vlan2 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 2 Configure MPLS L3VPN on the backbone Configure basic MPLS and MPLS LDP on PE 1 to establish LDP LSPs PE1 system view PE1 i...

Page 331: ...t Configure PE 2 to take PE 1 as the MP iBGP peer PE2 bgp 100 PE2 bgp peer 1 1 1 9 as number 100 PE2 bgp peer 1 1 1 9 connect interface loopback 0 PE2 bgp ipv4 family vpnv4 PE2 bgp af vpnv4 peer 1 1 1 9 enable PE2 bgp af vpnv4 quit PE2 bgp quit Configure OSPF on PE 2 PE2 ospf 1 PE2 ospf 1 area 0 PE2 ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 PE2 ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 PE2 ...

Page 332: ... id 10 PE2 ospf 100 area 1 PE2 ospf 100 area 0 0 0 1 network 120 1 1 0 0 0 0 255 PE2 ospf 100 area 0 0 0 1 quit PE2 ospf 100 quit PE2 bgp 100 PE2 bgp ipv4 family vpn instance vpn1 PE2 bgp vpn1 import route ospf 100 PE2 bgp vpn1 import route direct PE2 bgp vpn1 quit PE2 bgp quit After completing the previous configurations if you issue the display ip routing table vpn instance command on the PEs yo...

Page 333: ...pn instance vpn1 Routing Tables vpn1 Destinations 6 Routes 6 Destination Mask Proto Pre Cost NextHop Interface 3 3 3 3 32 Direct 0 0 127 0 0 1 InLoop0 5 5 5 5 32 BGP 255 0 2 2 2 9 NULL0 20 1 1 0 24 OSPF 10 1563 100 1 1 1 Vlan1 100 1 1 0 24 Direct 0 0 100 1 1 2 Vlan1 100 1 1 2 32 Direct 0 0 127 0 0 1 InLoop0 120 1 1 0 24 BGP 255 0 2 2 2 9 NULL0 Issuing the display ip routing table command on the CE...

Page 334: ...ith Router ID 100 1 1 2 Sham Link 3 3 3 3 5 5 5 5 Neighbour State Full Area 0 0 0 1 Cost 10 State P 2 P Type Sham Timers Hello 10 Dead 40 Retransmit 5 Transmit Delay 1 Configuring BGP AS number substitution Network requirements As shown in Figure 77 CE 1 and CE 2 belong to VPN 1 and are connected to PE 1 and PE 2 respectively In addition they use the same AS number 600 Figure 77 Network diagram De...

Page 335: ... Public Destinations 8 Routes 8 Destination Mask Proto Pre Cost NextHop Interface 10 1 1 0 24 BGP 255 0 10 2 1 2 Vlan1 10 1 1 1 32 BGP 255 0 10 2 1 2 Vlan1 10 2 1 0 24 Direct 0 0 10 2 1 1 Vlan1 10 2 1 1 32 Direct 0 0 127 0 0 1 InLoop0 10 2 1 2 32 Direct 0 0 10 2 1 2 Vlan1 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 200 1 1 0 24 Direct 0 0 200 1 1 1 InLoop0 20...

Page 336: ...g destinations Origin Incomplete AS Path 100 100 Next Hop 10 2 1 2 100 1 1 1 32 Display again the routing information that CE 2 receives and the routing table CE2 display bgp routing table peer 10 2 1 2 received routes Total Number of Routes 5 BGP Local router ID is 10 2 1 1 Status codes valid VPN best best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Network Ne...

Page 337: ...time 109 ms Reply from 200 1 1 1 bytes 56 Sequence 2 ttl 253 time 67 ms Reply from 200 1 1 1 bytes 56 Sequence 3 ttl 253 time 66 ms Reply from 200 1 1 1 bytes 56 Sequence 4 ttl 253 time 85 ms Reply from 200 1 1 1 bytes 56 Sequence 5 ttl 253 time 70 ms 200 1 1 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 66 79 109 ms Configuring multi role hos...

Page 338: ... 0 0 0 0 PE1 ospf 1 area 0 0 0 0 quit PE1 ospf 1 quit Configure OSPF on PE 2 PE2 interface loopback 0 PE2 LoopBack0 ip address 2 2 2 9 32 PE2 LoopBack0 quit PE2 vlan 110 PE2 vlan110 interface vlan interface 110 PE 1 PE 2 CE 2 CE 1 CE 3 AS 100 AS 65420 AS 65430 PC 2 172 16 0 1 16 PC 3 172 19 0 1 16 Vlan int 211 172 16 0 2 16 Vlan int 310 172 19 0 2 16 Vlan int 210 20 1 1 1 24 Vlan int 210 20 1 1 2 ...

Page 339: ...r VPN 1 and VPN 2 on PE 1 bind VLAN interface 310 to VPN 1 and VLAN interface 210 to VPN 2 PE1 ip vpn instance vpn1 PE1 vpn vpn1 route distinguisher 100 1 PE1 vpn vpn1 vpn target 100 1 both PE1 vpn vpn1 quit PE1 ip vpn instance vpn2 PE1 vpn vpn2 route distinguisher 100 2 PE1 vpn vpn2 vpn target 100 2 both PE1 vpn vpn2 quit PE1 vlan 310 PE1 vlan310 interface vlan interface 310 PE1 Vlan interface310...

Page 340: ...face310 quit CE1 bgp 65410 CE1 bgp import route direct CE1 bgp group 10 external CE1 bgp peer 20 2 1 2 group 10 as number 100 CE1 bgp quit Configure CE 2 CE2 vlan 210 CE2 vlan210 interface vlan interface 210 CE2 Vlan interface210 ip address 20 1 1 1 24 CE2 Vlan interface210 quit Configure CE 3 CE3 vlan 210 CE3 vlan210 interface vlan interface 210 CE3 Vlan interface210 ip address 20 3 1 1 24 CE3 Vl...

Page 341: ...ace loopback 0 PE2 bgp ipv4 family vpnv4 PE2 bgp af vpn peer 10 enable PE2 bgp af vpn peer 1 1 1 9 group 10 PE2 bgp af vpn quit PE2 bgp ipv4 family vpn instance vpn1 PE2 bgp af vpn instance import route direct PE2 bgp af vpn instance group 20 external PE2 bgp af vpn instance peer 20 3 1 1 group 20 as number 65430 PE2 bgp af vpn instance quit PE2 bgp quit 4 Configure the multi role host feature You...

Page 342: ...nt2 10 2 1 1 24 PE 2 Loop0 2 2 2 9 32 PE 1 Loop0 1 1 1 9 32 Vlan int2 10 2 1 2 24 Vlan int2 10 1 1 2 24 Vlan int4 20 1 1 2 24 Vlan int3 30 1 1 1 24 Vlan int5 40 1 1 1 24 Vlan int4 20 1 1 1 24 P Loop0 3 3 3 9 32 PE 3 Loop0 4 4 4 9 32 Vlan int3 30 1 1 2 24 Vlan int6 50 1 1 2 24 Vlan int5 40 1 1 2 24 Vlan int7 10 3 1 2 24 Vlan int6 50 1 1 1 24 Configuration procedure 1 Configure basic MPLS L3VPN Deta...

Page 343: ...0 2 1 1 32 10 2 1 2 0 0 100 10 3 1 0 24 10 2 1 2 0 100 10 3 1 1 32 10 2 1 2 0 100 100 1 1 1 32 10 2 1 2 0 100 100 200 1 1 1 32 10 2 1 2 0 100 100 CE2 display ip routing table Routing Tables Public Destinations 10 Routes 10 Destination Mask Proto Pre Cost NextHop Interface 10 1 1 0 24 BGP 255 0 10 2 1 2 Vlan2 10 1 1 1 32 BGP 255 0 10 2 1 2 Vlan2 10 2 1 0 24 Direct 0 0 10 2 1 1 Vlan2 10 2 1 1 32 Dir...

Page 344: ...advertise routes received from CE 1 to CE 2 because the same SoO attribute has been configured Display the routing table of CE 2 You can see that the route 100 1 1 1 32 has been removed CE2 display ip routing table Routing Tables Public Destinations 9 Routes 9 Destination Mask Proto Pre Cost NextHop Interface 10 1 1 0 24 BGP 255 0 10 2 1 2 Vlan2 10 1 1 1 32 BGP 255 0 10 2 1 2 Vlan2 10 2 1 0 24 Dir...

Page 345: ...dvertise IPv6 VPN routes and uses MPLS to forward IPv6 VPN packets on the service provider backbone Figure 80 shows the typical IPv6 MPLS L3VPN model At present the service provider backbone in the IPv6 MPLS L3VPN model is an IPv4 network IPv6 runs inside the VPNs and between CEs and PEs Therefore PEs must support both IPv4 and IPv6 The PE CE interfaces of a PE run IPv6 and the PE P interface of a...

Page 346: ... to the destination by IPv6 forwarding IPv6 MPLS L3VPN routing information advertisement The IPv6 VPN routing information of a local CE is advertised to a remote peer PE in three steps 1 From the local CE to the ingress PE 2 From the ingress PE to the egress PE 3 From the egress PE to the remote peer CE Then a route is available from the local CE to the remote CE Routing information exchange from ...

Page 347: ...rrier Multi VPN instance CE IPv6 MPLS L3VPN configuration task list Complete the following tasks to configure IPv6 MPLS L3VPN Task Remarks Configuring basic IPv6 MPLS L3VPN By configuring basic IPv6 MPLS L3VPN you can construct simple IPv6 VPN networks over an MPLS backbone To deploy special IPv6 MPLS L3VPN networks such as inter AS VPN you also need to perform some specific configurations in addi...

Page 348: ...those of another VPN This feature allows VPN instances to be used in networking scenarios besides MPLS L3VPNs All VPN instance configurations are performed on PEs or MCEs Creating a VPN instance A VPN instance is associated with a site It is a collection of the VPN membership and routing rules of its associated site A VPN instance does not necessarily correspond to one VPN To create and configure ...

Page 349: ...t configure URPF on the private network VLAN interface bound with the VPN instance Once established the association between a VPN instance and its reserved VLAN cannot be removed To modify the association delete the VPN instance recreate it and then specify another reserved VLAN for it Associating a VPN instance with an interface After creating and configuring a VPN instance you need to associate ...

Page 350: ... attributes for a VPN instance To do Use the command Remarks Enter system view system view Enter VPN instance view ip vpn instance vpn instance name Enter IPv6 VPN view ipv6 family Optional Configure VPN targets vpn target vpn target 1 8 both export extcommunity import extcommunity Required Set the maximum number of routes supported routing table limit number warn threshold simply alert Optional A...

Page 351: ...ence order and the number of tunnels for load balancing tunnel select seq cr lsp lsp load balance number number Optional By default only one tunnel is selected no load balancing in this order LSP tunnel CR LSP tunnel Return to system view quit Enter VPN instance view ip vpn instance vpn instance name Required Enter IPv6 VPN view ipv6 family Optional Apply the tunneling policy to the VPN instance t...

Page 352: ...route static ipv6 address prefix length interface type interface number next hop address next hop address vpn instance d vpn instance name nexthop address preference preference value Required Use either command Perform this configuration on PEs On CEs configure normal IPv6 static routes ipv6 route static vpn instance s vpn instance name 1 6 ipv6 address prefix length interface type interface numbe...

Page 353: ... vpn instance vpn instance name Required Perform this configuration on PEs On CEs create a normal OSPF process Set the router ID router id router id Required Return to system view quit Enter interface view interface interface type interface number Enable OSPFv3 on the interface ospfv3 process id area area id instance instance id Required By default OSPFv3 is disabled on an interface Perform this c...

Page 354: ...PE and CE To do Use the command Remarks Enter system view system view Enable BGP and enter BGP view bgp as number Enter IPv6 BGP VPN instance view ipv6 family vpn instance vpn instance name Required Configure the CE as the VPN eBGP peer peer ipv6 address as number as number Required Redistribute the routes of the local CEs import route protocol process id med med value route policy route policy na...

Page 355: ...he two views see Layer 3 IP Routing Configuration Guide Configuring routing between PEs To configure routing between PEs To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Required Configure the remote PE as the peer peer ip address as number as number Required Specify the source interface for route update packets peer group name ip address connect interface i...

Page 356: ... the PE does not filter received routes Apply a filtering policy for the peer peer ip address filter policy acl6 number export import Optional By default no filtering policy is applied for a peer Apply an IPv6 prefix list for the peer to filter received advertised routes peer ip address ipv6 prefix prefix name export import Optional By default no IPv6 prefix list is applied for a peer Specify the ...

Page 357: ...r 3 IP Routing Configuration Guide Configuring inter AS IPv6 VPN If the MPLS backbone that carries the IPv6 VPN routes spans multiple ASs you need to configure inter AS IPv6 VPN There are three inter AS VPN solutions for more information see the chapter Configuring MPLS L3VPN IPv6 MPLS L3VPN supports only inter AS VPN option A and option C Configuration prerequisites Before configuring inter AS IP...

Page 358: ... PEs in an AS must be able to exchange labeled routes To configure a PE for inter AS IPv6 VPN option C To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Configure the ASBR PE in the same AS as the iBGP peer peer group name ip address as number as number Required Enable the PE to exchange labeled routes with the ASBR PE in the same AS peer group name ip addres...

Page 359: ...tween MCE and VPN site Configuring IPv6 static routing between MCE and VPN site An MCE can reach a VPN site through an IPv6 static route IPv6 static routing on a traditional CE is globally effective and thus does not support address overlapping among VPNs An MCE supports binding an IPv6 static route with an IPv6 VPN instance so that the IPv6 static routes of different IPv6 VPN instances can be iso...

Page 360: ...IPng Configure the default cost value for the redistributed routes default cost value Optional 0 by default Return to system view quit Enter interface view interface interface type interface number Enable RIPng on the interface ripng process id enable Required Disabled by default NOTE For more information about RIPng see Layer 3 IP Routing Configuration Guide Configuring OSPFv3 between MCE and VPN...

Page 361: ...MCE you allow routes of different IPv6 VPNs to be exchanged between the MCE and the sites through different IPv6 IS IS processes ensuring the separation and security of IPv6 VPN routes To configure IPv6 IS IS between MCE and VPN site To do Use the command Remarks Enter system view system view Create an IPv6 IS IS process for a VPN instance and enter IS IS view isis process id vpn instance vpn inst...

Page 362: ...BGP peer in an AS peer ipv6 address as number as number Required Redistribute remote site routes advertised by the PE import route protocol process id med med value route policy route policy name Required By default No route redistribution is configured Configure a filtering policy to filter the routes to be advertised filter policy acl6 number ipv6 prefix ip prefix name export direct isisv6 proce...

Page 363: ... IPv6 MPLS L3VPN network solutions see Configuring routing between PE and CE Configuring IPv6 static routing between MCE and PE To configure IPv6 static routing between MCE and PE To do Use the command Remarks Enter system view system view Configure static routes for an IPv6 VPN instance ipv6 route static ipv6 address prefix length interface type interface number next hop address next hop address ...

Page 364: ... PE To do Use the command Remarks Enter system view system view Create an OSPFv3 process for an IPv6 VPN instance and enter OSPFv3 view ospfv3 process id vpn instance vpn instance name Required Set the router ID router id router id Required Redistribute the VPN routes import route protocol process id allow ibgp cost value route policy route policy name type type Required By default no route of any...

Page 365: ...figure a filtering policy to filter the redistributed routes ipv6 filter policy acl6 number ipv6 prefix ipv6 prefix name route policy route policy name export protocol process id Optional By default IPv6 IS IS does not filter redistributed routes Return to system view quit Enter interface view interface interface type interface number Enable IPv6 for the IS IS process on the interface isis ipv6 en...

Page 366: ... to updating BGP routing information without breaking BGP neighbor relationships Hard reset of BGP connections refers to updating BGP routing information by breaking and then reestablishing BGP neighbor relationships Use the following commands to hard reset or soft reset BGP connections To do Use the command Remarks Soft reset the IPv6 BGP connections of a VPN instance refresh bgp ipv6 vpn instanc...

Page 367: ...e peer ipv6 address verbose verbose begin exclude include regular expression Available in any view Display all BGP VPNv6 routing information display bgp vpnv6 all routing table network address prefix length longer prefixes peer ip address advertised routes received routes statistic statistic begin exclude include regular expression Available in any view Display the BGP VPNv6 routing information of...

Page 368: ...6 CE 3 Vlan int11 2001 3 1 96 Vlan int13 2001 4 2 96 CE 4 Vlan int13 2001 4 1 96 Configuration procedure 1 Configure OSPF on the MPLS backbone to achieve IP connectivity among the PEs and the P switch Configure PE 1 PE1 system view PE1 interface loopback 0 PE1 LoopBack0 ip address 1 1 1 9 32 PE1 LoopBack0 quit PE1 interface vlan interface 13 PE1 Vlan interface13 ip address 172 1 1 1 24 PE1 Vlan in...

Page 369: ...12 quit PE2 ospf PE2 ospf 1 area 0 PE2 ospf 1 area 0 0 0 0 network 172 2 1 0 0 0 0 255 PE2 ospf 1 area 0 0 0 0 network 3 3 3 9 0 0 0 0 PE2 ospf 1 area 0 0 0 0 quit PE2 ospf 1 quit After you complete the previous configuration OSPF adjacencies are established between PE 1 P and PE 2 Issue the display ospf peer command You can see that the adjacency status is Full Issue the display ip routing table ...

Page 370: ...ish LDP LSPs Configure PE 1 PE1 mpls lsr id 1 1 1 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit PE1 interface vlan interface 13 PE1 Vlan interface13 mpls PE1 Vlan interface13 mpls ldp PE1 Vlan interface13 quit Configure the P switch P mpls lsr id 2 2 2 9 P mpls P mpls quit P mpls ldp P mpls ldp quit P interface vlan interface 13 P Vlan interface13 mpls P Vlan interface13 mpls ldp P Vlan ...

Page 371: ...4 172 1 1 2 Vlan interface13 A before an LSP means the LSP is not established A before a Label means the USCB or DSCB is stale 3 Configure VPN instances on the PEs to allow the CEs to access Configure PE 1 PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 100 1 PE1 vpn instance vpn1 vpn target 111 1 PE1 vpn instance vpn1 quit PE1 ip vpn instance vpn2 PE1 vpn instance vpn2 route di...

Page 372: ...llowing takes PE 1 as an example PE1 display ip vpn instance Total VPN Instances configured 2 VPN Instance Name RD Create Time vpn1 100 1 2006 08 13 09 32 45 vpn2 100 2 2006 08 13 09 42 59 PE1 ping ipv6 vpn instance vpn1 2001 1 1 PING 2001 1 1 56 data bytes press CTRL_C to break Reply from 2001 1 1 bytes 56 Sequence 1 hop limit 64 time 1 ms Reply from 2001 1 1 bytes 56 Sequence 2 hop limit 64 time...

Page 373: ...nship in Established state has been established between PE and CE switches The following takes the PE 1 CE 1 BGP peer relationship as an example PE1 display bgp vpnv6 vpn instance vpn1 peer BGP local router ID 1 1 1 9 Local AS number 100 Total number of peers 1 Peers in established state 1 Peer AS MsgRcvd MsgSent OutQ PrefRcv Up Down State 2001 1 1 65410 11 9 0 1 00 06 37 Established 5 Configure a...

Page 374: ...stination 2001 1 96 Protocol Direct NextHop 2001 1 2 Preference 0 Interface Vlan11 Cost 0 Destination 2001 1 2 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 2001 2 96 Protocol BGP4 NextHop FFFF 303 309 Preference 0 Interface NULL0 Cost 0 PE1 display ipv6 routing table vpn instance vpn2 Routing Table Destinations 3 Routes 3 Destination 2001 3 96 Protocol Direct Nex...

Page 375: ... avg max 1 1 1 ms CE1 ping ipv6 2001 4 1 PING 2001 4 1 56 data bytes press CTRL_C to break Request time out Request time out Request time out Request time out Request time out 2001 4 1 ping statistics 5 packet s transmitted 0 packet s received 100 00 packet loss round trip min avg max 0 0 0 ms Configuring inter AS IPv6 VPN option A Network requirements CE 1 is connected to PE 1 and CE 2 is connect...

Page 376: ...Be sure to advertise the 32 bit loopback interface address of each router through OSPF The loopback interface address of a switch is to be used as the switch s LSR ID After you complete the previous configuration each ASBR PE and the PE in the same AS can establish OSPF adjacencies Issue the display ospf peer command You can see that the adjacencies reach Full state and that PE and ASBR PE routers...

Page 377: ...ASBR PE2 mpls lsr id 3 3 3 9 ASBR PE2 mpls ASBR PE2 mpls quit ASBR PE2 mpls ldp ASBR PE2 mpls ldp quit ASBR PE2 interface vlan interface 11 ASBR PE2 Vlan interface11 mpls ASBR PE2 Vlan interface11 mpls ldp ASBR PE2 Vlan interface11 quit Configure basic MPLS on PE 2 and enable MPLS LDP for PE 2 for the interface connected to ASBR PE 2 PE2 system view PE2 mpls lsr id 4 4 4 9 PE2 mpls PE2 mpls quit P...

Page 378: ...tance route distinguisher 200 2 PE2 vpn instance vpn target 100 1 both PE2 vpn instance quit PE2 interface vlan interface 12 PE2 Vlan interface12 ip binding vpn instance vpn1 PE2 Vlan interface12 ipv6 address 2001 2 2 96 PE2 Vlan interface12 quit Configure ASBR PE 1 creating a VPN instance and binding the VPN instance to the interface connected to ASBR PE 2 ASBR PE 1 considers ASBR PE 2 its attach...

Page 379: ...t Configure PE 1 PE1 bgp 100 PE1 bgp ipv6 family vpn instance vpn1 PE1 bgp ipv6 vpn1 peer 2001 1 1 as number 65001 PE1 bgp ipv6 vpn1 import route direct PE1 bgp ipv6 vpn1 quit PE1 bgp quit Configure CE 2 CE2 bgp 65002 CE1 bgp ipv6 family CE2 bgp af ipv6 peer 2001 2 2 as number 200 CE2 bgp af ipv6 import route direct CE2 bgp af ipv6 quit Configure PE 2 PE2 bgp 200 PE2 bgp ipv6 family vpn instance v...

Page 380: ... bgp 200 PE2 bgp peer 3 3 3 9 as number 200 PE2 bgp peer 3 3 3 9 connect interface loopback 0 PE2 bgp ipv6 family vpnv6 PE2 bgp af vpnv6 peer 3 3 3 9 enable PE2 bgp af vpnv6 quit PE2 bgp quit 6 Verify your configuration After you complete the previous configurations display the routing table and use the ping command The CEs have learned the route to each other and can ping each other Configuring i...

Page 381: ...1 isis 1 PE1 isis 1 network entity 10 111 111 111 111 00 PE1 isis 1 quit Configure an LSR ID and enable MPLS and LDP PE1 mpls lsr id 2 2 2 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit Configure interface VLAN interface 11 and start IS IS and enable MPLS and LDP on the interface PE1 interface vlan interface 11 PE1 Vlan interface11 ip address 1 1 1 2 255 0 0 0 PE1 Vlan interface11 isis en...

Page 382: ...ck 0 PE1 bgp peer 3 3 3 9 label route capability Configure the maximum hop count from PE 1 to eBGP peer 5 5 5 9 as 10 PE1 bgp peer 5 5 5 9 as number 600 PE1 bgp peer 5 5 5 9 connect interface loopback 0 PE1 bgp peer 5 5 5 9 ebgp max hop 10 Configure peer 5 5 5 9 as a VPNv6 peer PE1 bgp ipv6 family vpnv6 PE1 bgp af vpnv6 peer 5 5 5 9 enable PE1 bgp af vpnv6 quit Redistribute direct routes to the ro...

Page 383: ...ASBR PE1 route policy2 apply mpls label ASBR PE1 route policy2 quit Start BGP on ASBR PE 1 and redistribute routes from IS IS process 1 ASBR PE1 bgp 100 ASBR PE1 bgp import route isis 1 Apply routing policy policy2 to filter routes advertised to iBGP peer 2 2 2 9 ASBR PE1 bgp peer 2 2 2 9 as number 100 ASBR PE1 bgp peer 2 2 2 9 route policy policy2 export Configure the capability to advertise labe...

Page 384: ...BR PE2 Vlan interface12 mpls ASBR PE2 Vlan interface12 quit Create routing policies ASBR PE2 route policy policy1 permit node 1 ASBR PE2 route policy1 apply mpls label ASBR PE2 route policy1 quit ASBR PE2 route policy policy2 permit node 1 ASBR PE2 route policy2 if match mpls label ASBR PE2 route policy2 apply mpls label ASBR PE2 route policy2 quit Start BGP on ASBR PE 2 and redistribute routes fr...

Page 385: ...igure interface Loopback 0 and start IS IS on it PE2 interface loopback 0 PE2 LoopBack0 ip address 5 5 5 9 32 PE2 LoopBack0 isis enable 1 PE2 LoopBack0 quit Create VPN instance vpn1 and configure the RD and VPN target attributes for it PE2 ip vpn instance vpn1 PE2 vpn instance vpn1 route distinguisher 11 11 PE2 vpn instance vpn1 vpn target 3 3 import extcommunity PE2 vpn instance vpn1 vpn target 3...

Page 386: ...1 1 bytes 56 Sequence 1 hop limit 64 time 1 ms Reply from 2001 1 1 bytes 56 Sequence 2 hop limit 64 time 1 ms Reply from 2001 1 1 bytes 56 Sequence 3 hop limit 64 time 1 ms Reply from 2001 1 1 bytes 56 Sequence 4 hop limit 64 time 1 ms Reply from 2001 1 1 bytes 56 Sequence 5 hop limit 64 time 1 ms 2001 1 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min a...

Page 387: ...o configure exchange of two kinds of routes Exchange of the customer carrier s internal routes on the provider carrier s backbone Exchange of the end customers internal routes between PE 3 and PE 4 the PEs of the customer carrier In this process an MP iBGP peer relationship must be established between PE 3 and PE 4 Figure 85 Network diagram Device Interface IP address Device Interface IP address C...

Page 388: ...ce12 mpls PE1 Vlan interface12 mpls ldp PE1 Vlan interface2 mpls ldp transport address interface PE1 Vlan interface2 quit PE1 bgp 100 PE1 bgp peer 4 4 4 9 as number 100 PE1 bgp peer 4 4 4 9 connect interface loopback 0 PE1 bgp ipv4 family vpnv4 PE1 bgp af vpnv4 peer 4 4 4 9 enable PE1 bgp af vpnv4 quit PE1 bgp quit NOTE The configurations for PE 2 are similar to those for PE 1 Details not shown Af...

Page 389: ...ble LDP between PE 3 and CE 1 and between PE 4 and CE 2 Configure PE 3 PE3 system view PE3 interface loopback 0 PE3 LoopBack0 ip address 1 1 1 9 32 PE3 LoopBack0 quit PE3 mpls lsr id 1 1 1 9 PE3 mpls PE3 mpls quit PE3 mpls ldp PE3 mpls ldp quit PE3 isis 2 PE3 isis 2 network entity 10 0000 0000 0000 0001 00 PE3 isis 2 quit PE3 interface loopback 0 PE3 LoopBack0 isis enable 2 PE3 LoopBack0 quit PE3 ...

Page 390: ...and CE 1 Details not shown 3 Connect the customer carrier to the provider carrier Configure PE 1 PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 200 1 PE1 vpn instance vpn1 vpn target 1 1 PE1 vpn instance vpn1 quit PE1 mpls ldp vpn instance vpn1 PE1 mpls ldp vpn instance vpn1 quit PE1 isis 2 vpn instance vpn1 PE1 isis 2 network entity 10 0000 0000 0000 0003 00 PE1 isis 2 import ...

Page 391: ...bgp ipv6 family CE3 bgp af ipv6 peer 2001 1 2 as number 100 CE3 bgp af ipv6 import route direct CE3 bgp af ipv6 quit Configure PE 3 PE3 ip vpn instance vpn1 PE3 vpn instance vpn1 route distinguisher 100 1 PE3 vpn instance vpn1 vpn target 1 1 PE3 vpn instance vpn1 quit PE3 interface Vlan interface11 PE3 Vlan interface11 ip binding vpn instance vpn1 PE3 Vlan interface11 ipv6 address 2001 1 2 96 PE3 ...

Page 392: ...2 You can see that the internal routes of the customer carrier network are present in the VPN routing tables Issue the display ipv6 routing table vpn instance command on PE 1 and PE 2 You can see that their VPN routing tables do not contain the VPN routes that the customer carrier maintains Take PE 1 as an example PE1 display ip routing table vpn instance vpn1 Routing Tables vpn1 Destinations 11 R...

Page 393: ...t the internal routes of the customer carrier network are present in the public network routing tables Take PE 3 as an example PE3 display ip routing table Routing Tables Public Destinations 11 Routes 11 Destination Mask Proto Pre Cost NextHop Interface 1 1 1 9 32 Direct 0 0 127 0 0 1 InLoop0 2 2 2 9 32 ISIS 15 10 10 1 1 2 Vlan12 5 5 5 9 32 ISIS 15 84 10 1 1 2 Vlan12 6 6 6 9 32 ISIS 15 84 10 1 1 2...

Page 394: ...2 hop limit 64 time 1 ms Reply from 2001 2 1 bytes 56 Sequence 3 hop limit 64 time 1 ms Reply from 2001 2 1 bytes 56 Sequence 4 hop limit 64 time 1 ms Reply from 2001 2 1 bytes 56 Sequence 5 hop limit 64 time 1 ms 2001 2 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 1 1 1 ms Configuring MCE Network requirements The MCE device is connected to V...

Page 395: ...nstance vpn1 vpn target 10 1 MCE vpn instance vpn1 quit MCE ip vpn instance vpn2 MCE vpn instance vpn2 route distinguisher 20 1 MCE vpn instance vpn2 vpn target 20 1 MCE vpn instance vpn2 quit Create VLAN 10 add port GigabitEthernet 3 0 1 to VLAN 10 and create VLAN interface 10 MCE vlan 10 MCE vlan10 port GigabitEthernet 3 0 1 MCE vlan10 quit CE VPN 1 Site 2 CE VPN 2 Site 1 PE 1 PE 3 PE 2 VPN 2 20...

Page 396: ...1 PE1 vpn instance vpn2 quit 2 Configure routing between the MCE and VPN sites The MCE is connected to VPN 1 directly and no routing protocol is enabled in VPN 1 Therefore you can configure IPv6 static routes On VR 1 assign IP address 2001 1 2 64 to the interface connected to the MCE and 2012 1 2 64 to the interface connected to VPN 1 Add ports to VLANs Details not shown On VR 1 configure a defaul...

Page 397: ...ace Vlan10 Cost 0 Destination 2001 1 1 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 2012 1 64 Protocol Static NextHop 2001 1 2 Preference 60 Interface Vlan10 Cost 0 Destination FE80 10 Protocol Direct NextHop Preference 0 Interface NULL0 Cost 0 MCE display ipv6 routing table vpn instance vpn2 Routing Table vpn2 Destinations 5 Routes 6 Destination 1 128 Protocol D...

Page 398: ...0 with VPN instance vpn1 and configure an IPv6 address for the VLAN interface 30 MCE vlan 30 MCE vlan30 quit MCE interface vlan interface 30 MCE Vlan interface30 ip binding vpn instance vpn1 MCE Vlan interface30 ipv6 address 30 1 64 MCE Vlan interface30 quit On the MCE create VLAN 40 and VLAN interface 40 bind VLAN interface 40 with VPN instance vpn2 and configure an IPv6 address for the VLAN inte...

Page 399: ... vlan interface 30 PE1 Vlan interface30 ospfv3 10 area 0 0 0 0 PE1 Vlan interface30 quit On PE 1 display the routing table of VPN 1 PE1 display ipv6 routing table vpn instance vpn1 Routing Table vpn1 Destinations 5 Routes 5 Destination 1 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 30 64 Protocol Direct NextHop 30 2 Preference 0 Interface Vlan30 Cost 0 Destinatio...

Page 400: ...0 Interface Vlan40 Cost 0 Destination 40 2 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 2012 64 Protocol ISISv6 NextHop FE80 200 5EFF FE01 1C06 Preference 15 Interface Vlan20 Cost 10 Destination FE80 10 Protocol Direct NextHop Preference 0 Interface NULL0 Cost 0 Now the routing information of the two VPNs has been added into the routing tables on PE 1 ...

Page 401: ... Configuring traffic policing for an AC 139 Configuring VPLS and MAC in MAC dual stack support 137 Configuring VPLS instance attributes 139 Creating MPLS TE tunnel over static CR LSP 53 D Displaying and maintaining IPv6 MPLS L3VPN 358 Displaying and maintaining MPLS 29 Displaying and maintaining MPLS L2VPN 181 Displaying and maintaining MPLS L3VPN 246 Displaying and maintaining VPLS 141 E Enabling...

Page 402: ...shooting MPLS L2VPN 190 Troubleshooting MPLS TE 123 Troubleshooting VPLS 171 Tuning CR LSP setup 63 Tuning MPLS TE tunnel setup 65 V VPLS configuration examples 142 VPLS configuration task list 132 VPLS overview 124 ...

Reviews:

No comments

Related manuals for 12500 Series

IBM E12 Quick Reference Manual preview
E12
Brand: IBM Pages: 4
Paradox ZX32D Manual preview
ZX32D
Brand: Paradox Pages: 4
Paradyne COMSPHERE 3610 User Manual preview
COMSPHERE 3610
Brand: Paradyne Pages: 112
Cambium Networks PMP 450 Series User Manual preview
PMP 450 Series
Brand: Cambium Networks Pages: 215
QNO 2WAN 3LAN User Manual preview
2WAN 3LAN
Brand: QNO Pages: 106
Face XR18 User Manual preview
XR18
Brand: Face Pages: 8
H3C S12500R-2L Installation Manual preview
S12500R-2L
Brand: H3C Pages: 77
Roland MSL-15 Owner'S Manual preview
MSL-15
Brand: Roland Pages: 12
H3C S10500 Series Mpls Configuration Manual preview
S10500 Series
Brand: H3C Pages: 400
Genie WONVR216P5 Quick Start Manual preview
WONVR216P5
Brand: Genie Pages: 15
FS FS-BOX-V3 Quick Start Manual preview
FS-BOX-V3
Brand: FS Pages: 19
EKF Electronik CompactPCI CC8-BLUES User Manual preview
CompactPCI CC8-BLUES
Brand: EKF Electronik Pages: 52
Dolphin IBP-G4x16-2 User Manual preview
IBP-G4x16-2
Brand: Dolphin Pages: 9
TP-Link Archer MR500 User Manual preview
Archer MR500
Brand: TP-Link Pages: 110
Patton electronics 1000RC User Manual preview
1000RC
Brand: Patton electronics Pages: 9
Qlogic QLE7xxx Series Quick Start Manual preview
QLE7xxx Series
Brand: Qlogic Pages: 8
ZALMAN ZM-RF1 User Manual preview
ZM-RF1
Brand: ZALMAN Pages: 5
4gon RouterBOARD 411R Quick Start Manual preview
RouterBOARD 411R
Brand: 4gon Pages: 2

Brands by name

Popular brands

Load more brands