Home
/
HP
/
FlexNetwork HSR6800
/
Configuration Manual

HP FlexNetwork HSR6800, Configuration Manual, Page: 258 / 478

Share

Page: 258 / 478

HP FlexNetwork HSR6800 Configuration Manual Download Page 258

250

Figure 76 Scenario where the Level 2 carrier is an MPLS L3VPN service provider

NOTE:

As a best practice, establish equal cost LSPs between the Level 1 carrier and the Level 2 carrier if
equal cost routes exist between them.

Nested VPN

In an MPLS L3VPN network, generally a service provider runs an MPLS L3VPN backbone and
provides VPN services through PEs. Different sites of a VPN customer are connected to the PEs
through CEs to implement communication. In this scenario, a customer's networks are ordinary IP
networks and cannot be further divided into sub-VPNs.

However, in actual applications, customer networks can be dramatically different in form and
complexity, and a customer network may need to use VPNs to further group its users. The traditional
solution to this request is to implement internal VPN configuration on the service provider's PEs. This
solution is easy to deploy, but it increases the network operation cost and brings issues on
management and security because of the following:

•

The number of VPNs that PEs must support increases sharply.

•

Any modification of an internal VPN must be done through the service provider.

The nested VPN technology offers a better solution. It exchanges VPNv4 routes between PEs and
CEs of the ISP MPLS L3VPN and allows a customer to manage its own internal VPNs.

depicts a nested VPN network. On the service provider's MPLS VPN network, there is a customer
VPN named VPN A. The customer VPN contains two sub-VPNs, VPN A-1 and VPN A-2. The service
provider PEs treat the customer's network as a common VPN user and do not join any sub-VPNs.
The customer's CE devices (CE 1, CE 2, CE 7 and CE 8) exchange VPNv4 routes that carry the
sub-VPN routing information with the service provider PEs, implementing the propagation of the
sub-VPN routing information throughout the customer network.

«
...
256
257
258
259
260
...
»

Summary of Contents for FlexNetwork HSR6800

Page 1: ...HPE FlexNetwork HSR6800 Routers MPLS Configuration Guide Part number 5998 4494R Software version HSR6800 CMW520 R3303P25 Document version 6W105 20151231 ...

Page 2: ...nd 12 212 Commercial Computer Software Computer Software Documentation and Technical Data for Commercial Items are licensed to the U S Government under vendor s standard commercial license Links to third party websites take you outside the Hewlett Packard Enterprise website Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise ...

Page 3: ... BFD for MPLS LDP 18 Resetting LDP sessions 18 Managing and optimizing MPLS forwarding 18 Configuring MPLS MTU 19 Configuring a TTL processing mode for an LSR 19 Sending back ICMP TTL exceeded messages for MPLS TTL expired packets 21 Configuring LDP GR 21 Configuring LDP NSR 23 Configuring MPLS statistics collection and reading 24 Configuring MPLS statistics collection and reading method 1 24 Conf...

Page 4: ...tive group and affinity attribute 64 Configuring CR LSP reoptimization 65 Tuning MPLS TE tunnel setup 65 Configuring loop detection 66 Configuring route and label recording 66 Configuring tunnel setup retry 66 Assigning priorities to a tunnel 67 Configuring traffic forwarding 67 Forwarding traffic along MPLS TE tunnels using static routes 67 Forwarding traffic along MPLS TE tunnels using policy ro...

Page 5: ...sulation 157 Configuring the interface with VLAN encapsulation 157 Configuring the interface with transparent ATM AAL5 frame encapsulation 157 Configuring CCC MPLS L2VPN 157 Configuring a local CCC connection 157 Configuring a remote CCC connection 157 Configuring SVC MPLS L2VPN 158 Configuring a static VC on a Layer 3 interface 159 Configuring primary and backup static VCs on a Layer 3 interface ...

Page 6: ...ncy for H VPLS access 223 Configuring BFD for the primary link in an H VPLS network 227 Implementing multi AS VPN through multi hop PW 231 Troubleshooting VPLS 236 Configuring MPLS L3VPN 237 Overview 237 MPLS L3VPN concepts 238 MPLS L3VPN packet forwarding 240 MPLS L3VPN networking schemes 241 MPLS L3VPN routing information advertisement 244 Inter AS VPN 245 Carrier s carrier 248 Nested VPN 250 Mu...

Page 7: ...on 371 Configuring BGP AS number substitution and SoO 374 Example 1 for configuring MPLS L3VPN FRR 376 Example 2 for configuring MPLS L3VPN FRR 378 Configuring IPv6 MPLS L3VPN 381 Overview 381 IPv6 MPLS L3VPN packet forwarding 381 IPv6 MPLS L3VPN routing information advertisement 382 IPv6 MPLS L3VPN network schemes and functions 382 IPv6 MPLS L3VPN configuration task list 383 Configuring basic IPv...

Page 8: ...Conventions 438 Network topology icons 439 Support and other resources 440 Accessing Hewlett Packard Enterprise Support 440 Accessing updates 440 Websites 441 Customer self repair 441 Remote support 441 Documentation feedback 441 Index 443 ...

Page 9: ... basic concepts of MPLS FEC MPLS groups packets with the same characteristics such as packets with the same destination or service class into a class called a forwarding equivalence class FEC Packets of the same FEC are handled in the same way on an MPLS network The device supports classifying FECs according to the network layer destination addresses Label A label is a short fixed length identifie...

Page 10: ...ss On an LSP two neighboring LSRs are called the upstream LSR and downstream LSR respectively In Figure 2 LSR B is the downstream LSR of LSR A and LSR A is the upstream LSR of LSR B Figure 2 Diagram of an LSP LFIB Labeled packets are forwarded according to the label forwarding information base LFIB Control plane and forwarding plane An MPLS node consists of two planes control plane and forwarding ...

Page 11: ... a label to the FEC on each LSR along the packet forwarding path Establishment of static LSPs consumes fewer resources than dynamic LSP establishment Establishing an LSP through a label distribution protocol Label distribution protocols are MPLS signaling protocols They can classify FECs distribute labels and establish and maintain LSPs Label distribution protocols include protocols designed speci...

Page 12: ...stream LSR without solicitation The device supports only the DU mode In DoD mode an LSR assigns a label to a FEC and distributes the FEC label binding to its upstream LSR only when it receives a label request from the upstream LSR To establish an LSP an upstream LSR and its downstream LSR must use the same label advertisement mode Label distribution control modes include the independent mode and t...

Page 13: ...l advertisement mode is DoD after an LSR Transit in this example receives a label request from its upstream Ingress the LSR Transit sends a label request to its downstream Egress Then after the LSR Transit receives the label binding from its downstream Egress it distributes a label binding to the upstream Ingress Label retention modes include the liberal mode and the conservative mode In liberal m...

Page 14: ...e FIB table for the Token value Because the Token value is not Invalid Router B looks for the corresponding NHLFE entry that contains the Token value According to the NHLFE entry Router B pushes label 40 to the packet and forwards the labeled packet to the next hop LSR Router C through the outgoing interface GigabitEthernet 1 0 2 2 Upon receiving the labeled packet Router C looks for the ILM entry...

Page 15: ...vel forwarding upon receiving the packet LDP LDP establishes LSPs dynamically Using LDP LSRs can map network layer routing information to data link layer switching paths Basic concepts of LDP LDP session LDP sessions are established between LSRs over TCP connections to exchange messages for label binding label releasing and error notification LDP peer Two LSRs using LDP to exchange FEC label bindi...

Page 16: ... between them the two LDP peers send Hello and Keepalive messages to maintain the session 3 LSP establishment and maintenance LDP sends label requests and label binding messages between LDP peers to establish LSPs For the LSP establishment process see LSP establishment and label distribution 4 Session termination An LSR terminates its LDP session with an LDP peer when All Hello adjacencies deleted...

Page 17: ...cation Optional Configuring LDP label filtering Optional Maintaining LDP sessions Configuring BFD for MPLS LDP Optional Resetting LDP sessions Optional Managing and optimizing MPLS forwarding Configuring MPLS MTU Optional Configuring a TTL processing mode for an LSR Optional Sending back ICMP TTL exceeded messages for MPLS TTL expired packets Optional Configuring LDP GR Optional Configuring LDP NS...

Page 18: ...S LSR ID 3 Enable MPLS globally and enter MPLS view mpls By default global MPLS is disabled 4 Return to system view quit N A 5 Enter interface view interface interface type interface number N A 6 Enable MPLS for the interface mpls By default MPLS is disabled on interfaces Configuring a static LSP The principle of establishing a static LSP is that the outgoing label of an upstream LSR is the incomi...

Page 19: ...t LSR as a transit LSR static lsp transit lsp name incoming interface interface type interface number in label in label nexthop next hop addr outgoing interface interface type interface number out label out label 10 Configure a static LSP taking the current LSR as the egress static lsp egress lsp name incoming interface interface type interface number in label in label Establishing dynamic LSPs th...

Page 20: ...lo hold value Optional 15 seconds by default 4 Set the link Keepalive timer mpls ldp timer keepalive hold value Optional 45 seconds by default 5 Configure the LDP transport address mpls ldp transport address ip address interface Optional The default takes the value of the MPLS LSR ID The specified IP address must be the IP address of an interface on the device Configuring remote LDP session parame...

Page 21: ...onds 6 Set the targeted Keepalive timer mpls ldp timer keepalive hold value Optional The default value is 45 seconds 7 Configure the LDP transport address mpls ldp transport address ip address Optional The default takes the value of the MPLS LSR ID The specified IP address must be the IP address of an interface on the device Configuring PHP Follow these guidelines when you configure PHP When speci...

Page 22: ... Guide To configure the policy for triggering LSP establishment Step Command Remarks 1 Enter system view system view N A 2 Enter MPLS view mpls N A 3 Configure the LSP establishment triggering policy lsp trigger vpn instance vpn instance name all ip prefix prefix name Optional By default only host routes with 32 bit masks can trigger establishment of LSPs If the vpn instance vpn instance name opti...

Page 23: ...arries path information in the form of path vector list When such a message reaches an LSR the LSR examines the path vector list of the message for its MPLS LSR ID If its MPLS LSR ID is not in the list the LSR adds its LSR ID to the path vector list If it is in the list the LSR considers that a loop has occurred and terminates the establishment of the LSP The path vector mode also limits the numbe...

Page 24: ... MD5 authentication and set the password md5 password cipher plain peer lsr id password By default LDP MD5 authentication is disabled Configuring LDP label filtering The LDP label filtering feature provides two mechanisms label acceptance control for controlling which labels are accepted and label advertisement control for controlling which labels are advertised In complicated MPLS network environ...

Page 25: ...ure 9 Network diagram of label advertisement control Configuration prerequisites Before you configure LDP label filtering policies create an IP prefix list For information about IP prefix list configuration see Layer 3 IP Routing Configuration Guide Configuration procedure For two neighboring LSRs configuring a label acceptance policy on the upstream LSR and configuring a label advertisement polic...

Page 26: ...figuring VPLS For more information about BFD see High Availability Configuration Guide To configure BFD for MPLS LDP Step Command Remarks 1 Enter system view system view N A 2 Enter MPLS LDP remote peer view mpls ldp remote peer remote peer name N A 3 Enable BFD for MPLS LDP remote ip bfd By default BFD is disabled for MPLS LDP One LSP can have only one BFD session Resetting LDP sessions If you ch...

Page 27: ...MPLS packets An interface always forwards MPLS packets carrying L2VPN packets even if the MPLS packet size exceeds the interface MPLS MTU However whether the forwarding succeeds depends on the actual forwarding capacity of the interface An interface drops MPLS packets carrying IPv6 packets if the MPLS packet size exceeds the interface MPLS MTU At the same time the device sends the interface MPLS M...

Page 28: ... hops within the MPLS backbone as if the ingress and egress were connected directly Figure 11 TTL processing when TTL propagation is disabled Configuration guidelines As a best practice configure the same TTL processing mode on all LSRs along an LSP To enable IP TTL propagation for a VPN you must enable it on all PE devices in the VPN so that you can get the same traceroute result hop count from t...

Page 29: ... information about HoVPN and nested VPN see Configuring MPLS L3VPN To configure the device to send back an ICMP TTL exceeded message for a received MPLS TTL expired packet Step Command Remarks 1 Enter system view system view N A 2 Enter MPLS view mpls N A 3 Enable the device to send back an ICMP TTL exceeded message when it receives an MPLS TTL expired packet ttl expiration enable Optional Enabled...

Page 30: ...ller one between the reconnect time advertised from the peer GR restarter and the neighbor liveness time configured locally 3 During the FT reconnect time if the LDP session fails to be re established the GR helper deletes the FEC label bindings marked stale 4 If the session is re established successfully during the LDP recovery time the GR helper and the GR restarter uses the new LDP session to e...

Page 31: ... not perform active standby switchover To restart MPLS LDP gracefully Task Command Remarks Restart MPLS LDP gracefully graceful restart mpls ldp Available in user view Configuring LDP NSR Nonstop routing NSR is a mechanism for keeping on data transmission during an active standby switchover In standalone mode NSR for LDP can back up LDP session information and LSP information from the active MPU t...

Page 32: ...he system does not read LSP statistics Configuring MPLS statistics collection and reading for specific LSPs method 2 To use display commands to view statistics about LSPs first enable MPLS statistics for the LSPs and set the statistics reading interval as follows Step Command Remarks 1 Enter system view system view N A 2 Enter MPLS view mpls N A 3 Enable MPLS statistics for specific LSPs statistic...

Page 33: ... MPLS LSP tracert to collect important information about each hop along the LSP such as the label allocated To locate errors of an LSP perform the following task in any view Task Command Perform MPLS LSP tracert to locate errors along an MPLS LSP tracert lsp a source ip exp exp value h ttl value r reply mode t time out ipv4 dest addr mask length destination ip addr header Configuring BFD for LSPs ...

Page 34: ...e bfd session init mode command does not take effect on the ingress and egress nodes of such a BFD session Even if you configure the two nodes to both operate in passive mode the BFD session can still be established successfully BFD for MPLS LDP is for detecting the IP connectivity between two remote LDP peers BFD for LSP is for detecting the connectivity of LSPs Configuration procedure To configu...

Page 35: ...LS trap function Step Command Remarks 1 Enter system view system view N A 2 Enable the MPLS trap snmp agent trap enable mpls By default the MPLS trap is disabled For more information about the command see the snmp agent trap enable command in Network Management and Monitoring Command Reference Displaying and maintaining MPLS Use the commands in this section to verify MPLS configuration and maintai...

Page 36: ...play information about NHLFE entries In IRF mode display mpls nhlfe token verbose chassis chassis number slot slot number begin exclude include regular expression Available in any view Display usage information for the NHLFE entries In standalone mode display mpls nhlfe reflist token slot slot number begin exclude include regular expression Available in any view Display usage information for the N...

Page 37: ...nstance name dest addr mask length begin exclude include regular expression Available in any view Display information about LDP enabled interfaces display mpls ldp interface all verbose vpn instance vpn instance name interface type interface number verbose begin exclude include regular expression Available in any view Display information about LDP peers display mpls ldp peer all verbose vpn instan...

Page 38: ...LS interfaces reset mpls statistics interface interface type interface number all Available in user view Clear MPLS statistics for all LSPs or the LSP with a specific index or name reset mpls statistics lsp index all name lsp name Available in user view Clear statistics for all LSPs or the LSP with a specific incoming label reset mpls statistics lsp in label in label Available in user view Clear s...

Page 39: ...ute to the FEC destination address on each ingress node Configure a static route to network 21 1 1 0 24 on Router A RouterA system view RouterA ip route static 21 1 1 0 24 10 1 1 2 Configure a static route to network 11 1 1 0 24 on Router C RouterC system view RouterC ip route static 11 1 1 0 255 255 255 0 20 1 1 1 3 Enable MPLS Configure MPLS on Router A RouterA mpls lsr id 1 1 1 9 RouterA mpls R...

Page 40: ...0 Configure the LSP egress node Router A RouterA static lsp egress CtoA incoming interface serial 2 1 0 in label 70 Verifying the configuration Execute the display mpls static lsp command on each router to view static LSP information Take Router A as an example RouterA display mpls static lsp total statics lsp 2 Name FEC I O Label I O If State AtoC 21 1 1 0 24 NULL 30 S2 1 0 Up CtoA 70 NULL S2 1 0...

Page 41: ...d 21 1 1 0 24 can reach each other over MPLS Test the connectivity of the LSPs Figure 14 Network diagram Configuration considerations Enable LDP on the LSRs LDP dynamically distributes labels and establishes LSPs and thus there is no need to manually configure labels for LSPs LDP uses routing information for label distribution You must configure a routing protocol to learn routing information OSPF...

Page 42: ...at each router has learned the routes to other routers Take Router A as an example RouterA display ip routing table Routing Tables Public Destinations 11 Routes 11 Destination Mask Proto Pre Cost NextHop Interface 1 1 1 9 32 Direct 0 0 127 0 0 1 InLoop0 2 2 2 9 32 OSPF 10 1 10 1 1 2 S2 1 0 3 3 3 9 32 OSPF 10 2 10 1 1 2 S2 1 0 10 1 1 0 24 Direct 0 0 10 1 1 1 S2 1 0 10 1 1 1 32 Direct 0 0 127 0 0 1 ...

Page 43: ...uterC Serial2 1 0 quit After the configuration is complete two local LDP sessions are established one between Router A and Router B and the other between Router B and Router C Execute the display mpls ldp session command on each router to view the LDP session information and execute the display mpls ldp peer command to view the LDP peer information Take Router A as an example RouterA display mpls ...

Page 44: ...1 0 6 21 1 1 0 24 NULL 1027 10 1 1 2 S2 1 0 A before an LSP means the LSP is not established A before a Label means the USCB or DSCB is stale On Router A test the connectivity of the LDP LSP from Router A to Router C RouterA ping lsp ipv4 21 1 1 0 24 LSP Ping FEC IPV4 PREFIX 21 1 1 0 24 100 data bytes press CTRL_C to break Reply from 20 1 1 2 bytes 100 Sequence 1 time 3 ms Reply from 20 1 1 2 byte...

Page 45: ...e 2 ms Reply from 10 1 1 1 bytes 100 Sequence 4 time 3 ms Reply from 10 1 1 1 bytes 100 Sequence 5 time 2 ms FEC LDP IPV4 PREFIX 11 1 1 0 24 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 2 2 3 ms ...

Page 46: ...network topology for a more scalable network design It also provides better traffic and resources control support for implementing a variety of traffic engineering policies Despite all the benefits overlay models are not suitable for implementing traffic engineering in large sized backbones because of their inadequacy in scalability In this sense MPLS TE is a better traffic engineering solution fo...

Page 47: ...h and non reserved bandwidth with a particular priority are most important Each node collects the TE attributes of all links on all routers within the local area or at the same level to build up a TE database TEDB Calculating paths Link state based routing protocols use SPF to calculate the shortest path to each network node In MPLS TE the CSPF algorithm is used to calculate the shortest TE compli...

Page 48: ...tion Two priorities setup priority and holding priority are assigned to CR LSPs for making preemption decision Both setup and holding priorities are in the range of 0 to 7 with a lower numerical number indicating a higher priority For a new path to preempt an existing path the setup priority of the new path must be greater than the holding priority of the existing path To initiate a preemption the...

Page 49: ...ource reservation requests and is responsible for maintaining the reservation information Using soft state mechanism to maintain resource reservation information Extended RSVP can support MPLS label distribution and allow resource reservation information to be transmitted with label bindings This extended RSVP is called RSVP TE which is operating as a signaling protocol for LSP tunnel setup in MPL...

Page 50: ...long the reverse of data transmission path PathTear messages Sent downstream to remove the path state and related reservation state on each node along the path ResvTear messages Sent upstream to remove the reservation state on each node along the path PathErr messages Sent upstream to report Path message processing errors to senders They do not affect the state of the nodes along the path ResvErr ...

Page 51: ...ng delay they must wait for recovering lost RSVP messages may be unbearable Because tuning refresh intervals is not adequate to address the two problems the refreshing mechanism was extended in RFC 2961 RSVP Refresh Overhead Reduction Extensions to address the problems Message_ID extension RSVP itself uses Raw IP to send messages The Message_ID extension mechanism defined in RFC 2961 adds objects ...

Page 52: ...SVP TE GR function depends on the extended hello capability of RSVP TE A GR capable device advertises its GR capability and relevant time parameters to its neighbors by extended RSVP hello packets If a device and all its neighbors have the RSVP GR capability and have exchanged GR parameters each of them can function as the GR helper of another device allowing data to be forwarded without interrupt...

Page 53: ...o known as autoroute announce considers a TE tunnel as a logical interface directly connected to the destination when computing IGP routes on the ingress of the TE tunnel IGP shortcut and forwarding adjacency are different in that in the forwarding adjacency method routes with TE tunnel interfaces as outgoing interfaces are advertised to neighboring devices but not in the IGP shortcut method There...

Page 54: ... where a secondary CR LSP is created immediately after a primary CR LSP is created MPLS TE switches traffic to the secondary CR LSP after the primary CR LSP fails Standard backup where a secondary CR LSP is created to take over after the primary CR LSP fails FRR FRR provides a quick per link or per node protection on an LSP In this method once a link or node fails on a path FRR comes up to reroute...

Page 55: ...LS TE is a traffic engineering solution that focuses on optimizing network resources allocation DiffServ aware TE DS TE combines them to optimize network resources allocation at a per service class level For traffic trunks which are distinguished by class of service this means varied bandwidth constraints Essentially what DS TE does is to map traffic trunks with LSPs making each traffic trunk trav...

Page 56: ...nes the CT of traffic flows A device classifies traffic flows according to your configuration When configuring a dynamic MPLS TE tunnel you can use the mpls te bandwidth command on the tunnel interface to specify a CT for the traffic flows to be forwarded by the tunnel When configuring a static MPLS TE tunnel you can use the bandwidth keyword to specify a CT for the traffic flows to be forwarded a...

Page 57: ...he traffic trunk matches an existing TE class The device checks whether the CT and the LSP setup holding priority of the traffic trunk matches an existing TE class An MPLS TE tunnel can be established for the traffic trunk only when the following conditions are met Every node along the tunnel has a TE class that matches the traffic trunk s CT and the LSP setup priority Every node along the tunnel ...

Page 58: ... established between the MPLS TE tunnel ingress and egress The LDP LSP is carried on the MPLS TE tunnel In this way a hierarchical LSP is formed Figure 23 Configure an LDP LSP over an MPLS TE LSP By default LDP does not advertise any prefix based label mapping message through a remote session To enable LDP to advertise prefix based labels through a remote session configure the prefix label adverti...

Page 59: ...PLS TE tunnels using policy routing Forwarding traffic along MPLS TE tunnels through automatic route advertisement Configuring traffic forwarding tuning parameters Optional Configuring automatic bandwidth adjustment Optional Configuring CR LSP backup Optional Configuring FRR Optional Inspecting an MPLS TE tunnel Optional Configuring BFD for an MPLS TE tunnel Optional Configuring periodic LSP trace...

Page 60: ...ls te tunnel id tunnel id N A 13 Submit the current tunnel configuration mpls te commit N A For information about tunnel interfaces see Layer 3 IP Services Configuration Guide Configuring DiffServ aware TE Step Command Remarks 1 Enter system view system view N A 2 Enter MPLS view mpls N A 3 Configure the DS TE mode as IETF mpls te ds te mode ietf Optional By default the DS TE mode is prestandard 4...

Page 61: ...argument specifies the name of the MPLS TE tunnel interface that uses the static CR LSP The tunnel name argument in the static cr lsp ingress command must be the same as the tunnel interface name including the letter case For example assume that you have created a tunnel interface by using the command interface tunnel 2 The tunnel interface name is Tunnel2 The tunnel name in the static cr lsp ingr...

Page 62: ...he egress node static cr lsp egress tunnel name incoming interface interface type interface number in label in label value bandwidth ct0 ct1 ct2 ct3 bandwidth value Follow the guidelines to configure the ingress transit and egress nodes Configuring an MPLS TE tunnel with a dynamic signaling protocol Dynamic signaling protocol can adapt the path of a TE tunnel to network changes and implement redun...

Page 63: ...tem view N A 2 Enter interface view of MPLS TE link interface interface type interface number N A 3 Configure maximum link bandwidth mpls te max link bandwidth bandwidth value Optional 0 by default 4 Configure BC 0 and BC 1 of the MPLS TE link in the RDM model of the prestandard DS TE mpls te max reservable bandwidth bandwidth value bc1 bc1 bandwidth Optional 0 for both BC 0 and BC 1 by default In...

Page 64: ...area view area area id N A 5 Enable MPLS TE in the OSPF area mpls te enable Disabled by default 6 Exit to OSPF view quit N A Configuring IS IS TE Configure IS IS TE if the routing protocol is IS IS and a dynamic signaling protocol is used for MPLS TE tunnel setup If both OSPF TE and IS IS TE are available OSPF TE takes priority The IS IS TE extension uses the sub TLV of IS reachability TLV type 22...

Page 65: ...xplicit path An explicit path is a set of nodes The relationship between any two neighboring nodes on an explicit path can be either strict or loose Strict The two nodes are directly connected Loose The two nodes have devices in between When inserting nodes to an explicit path or modifying nodes on it you can configure the include keyword to have the established LSP traverse the specified nodes or...

Page 66: ...w interface tunnel tunnel number N A 3 Assign bandwidth to the MPLS TE tunnel and specify a CT for the tunnel s traffic mpls te bandwidth ct0 ct1 ct2 ct3 bandwidth Optional By default no bandwidth is assigned and traffic of the tunnel belongs to CT 0 4 Specify a path for the tunnel to use and set the preference of the path mpls te path dynamic explicit path path name preference value Optional By d...

Page 67: ...SVP TE advanced features RSVP TE adds new objects in Path and Resv messages to support CR LSP setup RSVP TE provides many configurable options with respect to reliability network resources and other advanced features of MPLS TE Before performing the configuration tasks in this section be aware of each configuration objective and its impact on your network Before you configure RSVP TE advanced feat...

Page 68: ...ault is 3 5 Configure the blockade timeout multiplier mpls rsvp te blockade multiplier number Optional The default blockade timeout multiplier is 4 Configuring the RSVP refresh mechanism To enhance reliability of RSVP message transmission the Message_ID extension mechanism is used to acknowledge RSVP messages The Message_ID extension mechanism is also referred to as the reliability mechanism throu...

Page 69: ...led if three consecutive hellos are lost 5 Configure the hello interval mpls rsvp te timer hello timevalue Optional The default is 3 seconds 6 Exit to system view quit N A 7 Enter interface view of MPLS TE link interface interface type interface number N A 8 Enable interface RSVP hello extension mpls rsvp te hello Disabled by default Configuring RSVP TE resource reservation confirmation Reservatio...

Page 70: ...t Perform this task to configure a DSCP value for outgoing RSVP packets To configure a DSCP value for outgoing RSVP packets Step Command Remarks 1 Enter system view system view N A 2 Enter MPLS view mpls N A 3 Configure a DSCP value for outgoing RSVP packets mpls rsvp te dscp dscp value By default the DSCP value for outgoing RSVP packets is 48 Configuring RSVP TE GR The RSVP TE GR function depends...

Page 71: ...Enable BFD on the RSVP TE enabled interface mpls rsvp te bfd enable Disabled by default Tuning CR LSP setup A CR LSP is established through the signaling protocol based on the path calculated by CSPF using TEDB and constraints MPLS TE can affect CSPF calculation in many ways to determine the path that a CR LSP can traverse The configuration tasks described in this section are about CSPF of MPLS TE...

Page 72: ...er system view system view N A 2 Enter MPLS TE tunnel interface view interface tunnel tunnel number N A 3 Enable route pinning mpls te route pinning Disabled by default 4 Submit current tunnel configuration mpls te commit N A Configuring administrative group and affinity attribute The affinity attribute of an MPLS TE tunnel identifies the properties of the links that the tunnel can use Together wi...

Page 73: ...nel configuration mpls te commit N A Configuring CR LSP reoptimization Dynamic CR LSP optimization involves the periodic calculation of paths that traffic trunks traverse If a better route is found for an existing CR LSP a new CR LSP is established to replace the old one and services are switched to the new CR LSP To configure CR LSP reoptimization Step Command Remarks 1 Enter system view system v...

Page 74: ...el Use either command Both route recording and label recording are disabled by default The mpls te record route label command is not supported when the signaling protocol is CR LDP 4 Submit current tunnel configuration mpls te commit N A Configuring tunnel setup retry You can configure the system to attempt setting up a tunnel multiple times until it is established successfully or until the number...

Page 75: ...ng priorities are 7 4 Submit current tunnel configuration mpls te commit N A Configuring traffic forwarding Before you configure traffic forwarding complete the following tasks Configure basic MPLS Configure basic MPLS TE Configure MPLS TE tunnels Forwarding traffic along MPLS TE tunnels using static routes Step Command Remarks 1 Enter system view system view N A 2 Create a static route for forwar...

Page 76: ...ocal policy based routing ip local policy based route policy name Enable policy based routing for an interface a interface interface type interface number b ip policy based route policy name Use one of the methods For more information about configuring policy routing see ACL and QoS Command Reference and the Layer 3 IP Routing Command Reference Forwarding traffic along MPLS TE tunnels through auto...

Page 77: ...ion enable traffic adjustment Disabled by default Configuring a forwarding adjacency To make forwarding adjacency take effect create two MPLS TE tunnels in opposite directions and enable forwarding adjacency at both ends of the tunnels To configure forwarding adjacency Step Command Remarks 1 Enter system view system view N A 2 Enter MPLS TE tunnel interface view interface tunnel tunnel number N A ...

Page 78: ...l The default is 10 seconds Configuring flooding thresholds After bandwidths of links regulated by MPLS TE change CSPF may need to recalculate paths This tends to be resource consuming as recalculation involves IGP flooding To reduce recalculations and flood only significant changes you can configure the following two IGP flooding thresholds in percentages Up threshold When the percentage of avail...

Page 79: ...signed to the link IGP metric is used as the TE metric by default Configuring the traffic flow type of a tunnel Step Command Remarks 1 Enter system view system view N A 2 Enter MPLS TE tunnel interface view interface tunnel tunnel number N A 3 Configure the traffic flow type of the TE tunnel mpls te vpn binding acl acl number vpn instance vpn instance name Optional Traffic flow types of TE tunnels...

Page 80: ...dic flooding interval Optional 180 seconds by default 5 Return to system view quit N A 6 Enter MPLS TE tunnel interface view interface tunnel tunnel number N A 7 Configure automatic bandwidth adjustment for the TE tunnel mpls te auto bandwidth adjustment frequency seconds max bw max bandwidth min bw min bandwidth Automatic bandwidth adjustment is disabled on TE tunnels by default 8 Configure the i...

Page 81: ...ther a bypass LSP provides bandwidth protection and the sum of protected bandwidth The bandwidth of a bypass LSP is to protect the protected LSPs To guarantee that a protected LSP can always bind with the bypass LSP successfully make sure the bandwidth assigned to the bypass LSP is not less than the total bandwidth needed by all protected LSPs A bypass tunnel only forwards data traffic when a prot...

Page 82: ...ailure occurs Your device has a restriction on links that use the same bypass tunnel so their total bandwidth does not exceeds a specific value To configure a bypass tunnel on its PLR Step Command Remarks 1 Enter system view system view N A 2 Enter interface view of the bypass tunnel interface tunnel tunnel number N A 3 Specify the destination address of the bypass tunnel destination ip address Fo...

Page 83: ...ype interface number N A 6 Enable RSVP hello extension on the interface mpls rsvp te hello Disabled by default NOTE RSVP hello extension is configured to detect node failures caused by problems such as signaling error other than failures caused by link failures Configuring the FRR polling timer The protection provided by FRR is temporary Once a protected LSP becomes available again or a new LSP is...

Page 84: ...ts to the nodes along the MPLS TE tunnel to be inspected with the TTL increasing from 1 to a specific value Each node along the MPLS TE tunnel returns an MPLS echo reply to the ingress due to TTL timeout Thus the ingress can collect information about each hop along the MPLS TE tunnel so as to locate the failed node You can also use MPLS LSP tracert to collect information about each hop along the M...

Page 85: ...riminator values of the BFD session If you enable both FRR and BFD for an MPLS TE tunnel to make sure the BFD session is not down during an FRR switching give the BFD detection interval a greater value than the FRR detection interval In a BFD session for detecting an MPLS TE tunnel s connectivity the ingress node always operates in active mode and the egress node always operates in passive mode Th...

Page 86: ...an RSVP TE tunnel failure occurs the periodic LSP tracert function can detect the failure and if RSVP does not reestablish the RSVP TE tunnel within a specific period of time MPLS TE removes the failed RSVP TE tunnel and then reestablishes it To configure periodic LSP tracert for an MPLS TE tunnel Step Command Remarks 1 Enter system view system view N A 2 Enable LSP verification and enter MPLS LSP...

Page 87: ...ingress transit include exclude ip address prefix length verbose begin exclude include regular expression Available in any view Display RSVP TE configuration display mpls rsvp te interface interface type interface number begin exclude include regular expression Available in any view Display the RSVP TE tunnel information display mpls rsvp te established interface interface type interface number be...

Page 88: ...lude include regular expression Available in any view Display information about the CR LSPs carried on the specified or all links display mpls te link administration admission control interface interface type interface number begin exclude include regular expression Available in any view Display bandwidths allocated to the specified or all MPLS TE enabled interfaces display mpls te link administra...

Page 89: ...ssion Available in any view Display information about TE links for IS IS display isis traffic eng link level 1 level 1 2 level 2 verbose process id vpn instance vpn instance name begin exclude include regular expression Available in any view Display information about TE networks for IS IS display isis traffic eng network level 1 level 1 2 level 2 process id vpn instance vpn instance name begin exc...

Page 90: ... Network diagram Configuration procedure 1 Configure IP addresses and masks for the interfaces according to Figure 24 Details not shown 2 Enable IS IS to advertise host routes with LSR IDs as destinations Configure Router A RouterA system view RouterA isis 1 RouterA isis 1 network entity 00 0005 0000 0000 0001 00 RouterA isis 1 quit RouterA interface giabitethernet 2 1 1 RouterA GigabitEthernet2 1...

Page 91: ...t Execute the display ip routing table command on each router The output shows that all nodes have learned the host routes of other nodes with LSR IDs as destinations Take Router A for example RouterA display ip routing table Routing Tables Public Destinations 8 Routes 8 Destination Mask Proto Pre Cost NextHop Interface 1 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 2 1 1 0 24 Direct 0 0 2 1 1 1 GE2 1 1 ...

Page 92: ...0 RouterA Tunnel0 tunnel protocol mpls te RouterA Tunnel0 destination 3 3 3 3 RouterA Tunnel0 mpls te tunnel id 10 RouterA Tunnel0 mpls te signal protocol static RouterA Tunnel0 mpls te commit RouterA Tunnel0 quit 5 Create a static CR LSP Configure Router A as the ingress node of the static CR LSP RouterA static cr lsp ingress tunnel0 destination 3 3 3 3 nexthop 2 1 1 2 out label 20 Configure Rout...

Page 93: ...erA display mpls te tunnel LSP Id Destination In Out If Name 1 1 1 1 1 3 3 3 3 GE2 1 1 Tunnel0 RouterB display mpls te tunnel LSP Id Destination In Out If Name GE2 1 1 GE2 1 2 Tunnel0 RouterC display mpls te tunnel LSP Id Destination In Out If Name GE2 1 1 Tunnel0 Execute the display mpls lsp command or the display mpls static cr lsp command on each router to view information about the static CR L...

Page 94: ... interface MPLS TE tunnel using RSVP TE configuration example Network requirements Router A Router B Router C and Router D are running IS IS and all of them are Level 2 routers Use RSVP TE to create a TE tunnel with 2000 kbps of bandwidth from Router A to Router D making sure that the maximum bandwidth of each link that the tunnel traverses is 10000 kbps and the maximum reservable bandwidth is 500...

Page 95: ... RouterB GigabitEthernet2 1 1 quit RouterB interface pos 5 1 0 RouterB POS5 1 0 isis enable 1 RouterB POS5 1 0 isis circuit level level 2 RouterB POS5 1 0 quit RouterB interface loopback 0 RouterB LoopBack0 isis enable 1 RouterB LoopBack0 isis circuit level level 2 RouterB LoopBack0 quit Configure Router C RouterC system view RouterC isis 1 RouterC isis 1 network entity 00 0005 0000 0000 0003 00 R...

Page 96: ...irect 0 0 127 0 0 1 InLoop0 2 2 2 9 32 ISIS 15 10 10 1 1 2 GE2 1 1 3 3 3 9 32 ISIS 15 20 10 1 1 2 GE2 1 1 4 4 4 9 32 ISIS 15 30 10 1 1 2 GE2 1 1 10 1 1 0 24 Direct 0 0 10 1 1 1 GE2 1 1 10 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 20 1 1 0 24 ISIS 15 20 10 1 1 2 GE2 1 1 30 1 1 0 24 ISIS 15 30 10 1 1 2 GE2 1 1 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 3 Configure...

Page 97: ...net2 1 1 mpls te RouterC GigabitEthernet2 1 1 mpls rsvp te RouterC GigabitEthernet2 1 1 quit RouterC interface pos 5 1 0 RouterC POS5 1 0 mpls RouterC POS5 1 0 mpls te RouterC POS5 1 0 mpls rsvp te RouterC POS5 1 0 quit Configure Router D RouterD mpls lsr id 4 4 4 9 RouterD mpls RouterD mpls mpls te RouterD mpls mpls rsvp te RouterD mpls mpls te cspf RouterD mpls quit RouterD interface giabitether...

Page 98: ...1 quit RouterB interface pos 5 1 0 RouterB POS5 1 0 mpls te max link bandwidth 10000 RouterB POS5 1 0 mpls te max reservable bandwidth 5000 RouterB POS5 1 0 quit Configure maximum link bandwidth and maximum reservable bandwidth on Router C RouterC interface giabitethernet 2 1 1 RouterC GigabitEthernet2 1 1 mpls te max link bandwidth 10000 RouterC GigabitEthernet2 1 1 mpls te max reservable bandwid...

Page 99: ...th Discards 0 500 0 Output queue FIFO queuing Size Length Discards 0 75 0 Last 300 seconds input 0 bytes sec 0 packets sec Last 300 seconds output 0 bytes sec 0 packets sec 0 packets input 0 bytes 0 input error 0 packets output 0 bytes 0 output error Execute the display mpls te tunnel interface command on Router A to view information about the MPLS TE tunnel RouterA display mpls te tunnel interfac...

Page 100: ... 1 4 1 1 1 9 ISIS 1 Level 2 1 8 Create a static route to direct traffic to the MPLS TE tunnel RouterA ip route static 30 1 1 2 24 tunnel 1 preference 1 Execute the display ip routing table command on Router A You can see a static route entry with interface Tunnel 1 as the outgoing interface Inter AS MPLS TE tunnel using RSVP TE Configuration example Network requirements Router A and Router B are i...

Page 101: ...Ss Configure OSPF on Router A RouterA system view RouterA ospf RouterA ospf 1 area 0 RouterA ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 RouterA ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 RouterA ospf 1 area 0 0 0 0 quit RouterA ospf 1 quit Configure OSPF on Router B RouterB system view RouterB ospf RouterB ospf 1 import route direct RouterB ospf 1 import route bgp RouterB ospf 1 area 0 Router...

Page 102: ...tHop Interface 1 1 1 9 32 Direct 0 0 127 0 0 1 InLoop0 2 2 2 9 32 OSPF 10 1 10 1 1 2 GE2 1 1 10 1 1 0 24 Direct 0 0 10 1 1 1 GE2 1 1 10 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 3 Configure BGP on Router B and Router C and redistribute routes making sure that the ASs can communicate with each other Configure Router B Ro...

Page 103: ...terA mpls mpls te cspf RouterA mpls quit RouterA interface giabitethernet 2 1 1 RouterA GigabitEthernet2 1 1 mpls RouterA GigabitEthernet2 1 1 mpls te RouterA GigabitEthernet2 1 1 mpls rsvp te RouterA GigabitEthernet2 1 1 quit Configure Router B RouterB mpls lsr id 2 2 2 9 RouterB mpls RouterB mpls mpls te RouterB mpls mpls rsvp te RouterB mpls mpls te cspf RouterB mpls quit RouterB interface giab...

Page 104: ... GigabitEthernet2 1 1 mpls te RouterD GigabitEthernet2 1 1 mpls rsvp te RouterD GigabitEthernet2 1 1 quit 5 Configure OSPF TE Configure Router A RouterA ospf RouterA ospf 1 opaque capability enable RouterA ospf 1 area 0 RouterA ospf 1 area 0 0 0 0 mpls te enable RouterA ospf 1 area 0 0 0 0 quit RouterA ospf 1 quit Configure Router B RouterB ospf RouterB ospf 1 opaque capability enable RouterB ospf...

Page 105: ...x reservable bandwidth 5000 RouterB GigabitEthernet2 1 1 quit RouterB interface pos 5 1 0 RouterB POS5 1 0 mpls te max link bandwidth 10000 RouterB POS5 1 0 mpls te max reservable bandwidth 5000 RouterB POS5 1 0 quit Configure the maximum link bandwidth and maximum reservable bandwidth on Router C RouterC interface giabitethernet 2 1 1 RouterC GigabitEthernet2 1 1 mpls te max link bandwidth 10000 ...

Page 106: ...tput queue Protocol queuing Size Length Discards 0 500 0 Output queue FIFO queuing Size Length Discards 0 75 0 Last clearing of counters Never Last 300 seconds input 0 bytes sec 0 packets sec Last 300 seconds output 0 bytes sec 0 packets sec 0 packets input 0 bytes 0 input error 0 packets output 0 bytes 0 output error Execute the display mpls te tunnel interface command on Router A to view detaile...

Page 107: ...IGP Process Id Area Link Count 1 1 1 1 9 OSPF 1 0 1 2 2 2 2 9 OSPF 1 0 1 10 Create a static route to direct traffic to the MPLS TE tunnel RouterA ip route static 30 1 1 2 24 tunnel 1 preference 1 Execute the display ip routing table command on Router A The output shows a static route entry with interface Tunnel 1 as the outgoing interface RouterA display ip routing table Routing Tables Public Dest...

Page 108: ...with LSR IDs as destinations Details not shown 3 Configure basic MPLS TE and enable RSVP TE and RSVP hello extension Configure Router A RouterA system view RouterA mpls lsr id 1 1 1 9 RouterA mpls RouterA mpls mpls te RouterA mpls mpls rsvp te RouterA mpls mpls rsvp te hello RouterA mpls interface giabitethernet 2 1 1 RouterA GigabitEthernet2 1 1 mpls RouterA GigabitEthernet2 1 1 mpls te RouterA G...

Page 109: ...GigabitEthernet2 1 1 quit 4 Configure IS IS TE Details not shown 5 Configure the MPLS TE tunnel Details not shown 6 Configure RSVP TE GR Configure Router A RouterA system view RouterA mpls RouterA mpls mpls rsvp te graceful restart Configure Router B RouterB system view RouterB mpls RouterB mpls mpls rsvp te graceful restart Configure Router C RouterC system view RouterC mpls RouterC mpls mpls rsv...

Page 110: ...s te RouterA mpls mpls rsvp te RouterA mpls quit RouterA interface giabitethernet 2 1 1 RouterA GigabitEthernet2 1 1 mpls RouterA GigabitEthernet2 1 1 mpls te RouterA GigabitEthernet2 1 1 mpls rsvp te RouterA GigabitEthernet2 1 1 mpls rsvp te bfd enable RouterA GigabitEthernet2 1 1 quit Configure Router B RouterB system view RouterB mpls lsr id 2 2 2 2 RouterB mpls RouterB mpls mpls te RouterB mpl...

Page 111: ...2 1 1 ip address 12 12 12 2 24 4 Configure the MPLS TE tunnel Configure an RSVP TE tunnel between Router A and Router B RouterA interface tunnel 1 RouterA Tunnel1 ip address 10 10 10 1 24 RouterA Tunnel1 tunnel protocol mpls te RouterA Tunnel1 destination 2 2 2 2 RouterA Tunnel1 mpls te tunnel id 10 RouterA Tunnel1 mpls te signal protocol rsvp te RouterA Tunnel1 mpls te commit RouterA Tunnel1 retu...

Page 112: ...E 2 1 1 10 1 1 2 24 GE 2 1 1 30 1 1 1 24 GE 2 1 2 20 1 1 1 24 GE 2 1 2 20 1 1 2 24 Configuration procedure 1 Configure IP addresses and masks for the interfaces according to Figure 29 Details not shown 2 Enable OSPF to advertise host routes with LSR IDs as destinations Details not shown After configuration you can execute the display ip routing table command on each router The output shows that al...

Page 113: ...ernet2 1 1 mpls RouterC GigabitEthernet2 1 1 mpls te RouterC GigabitEthernet2 1 1 quit RouterC interface giabitethernet 2 1 2 RouterC GigabitEthernet2 1 2 mpls RouterC GigabitEthernet2 1 2 mpls te RouterC GigabitEthernet2 1 2 quit Configure Router D RouterD mpls lsr id 4 4 4 9 RouterD mpls RouterD mpls mpls te RouterD mpls mpls te cspf RouterD mpls quit RouterD interface giabitethernet 2 1 1 Route...

Page 114: ... 2 1 1 RouterB GigabitEthernet2 1 1 mpls te max link bandwidth 10000 RouterB GigabitEthernet2 1 1 mpls te max reservable bandwidth 5000 RouterB GigabitEthernet2 1 1 quit RouterB interface giabitethernet 2 1 2 RouterB GigabitEthernet2 1 2 mpls te max link bandwidth 10000 RouterB GigabitEthernet2 1 2 mpls te max reservable bandwidth 5000 RouterB GigabitEthernet2 1 2 quit Configure maximum link bandw...

Page 115: ...net2 1 1 mpls ldp RouterB GigabitEthernet2 1 1 quit RouterB interface giabitethernet 2 1 2 RouterB GigabitEthernet2 1 2 mpls ldp RouterB GigabitEthernet2 1 2 quit Configure Router C RouterC mpls ldp RouterC mpls ldp quit RouterC interface giabitethernet 2 1 1 RouterC GigabitEthernet2 1 1 mpls ldp RouterC GigabitEthernet2 1 1 quit RouterC interface giabitethernet 2 1 2 RouterC GigabitEthernet2 1 2 ...

Page 116: ...1 1 24 Primary Encapsulation is TUNNEL service loopback group ID not set Tunnel source unknown destination 4 4 4 9 Tunnel protocol transport CR_LSP Output queue Urgent queuing Size Length Discards 0 100 0 Output queue Protocol queuing Size Length Discards 0 500 0 Output queue FIFO queuing Size Length Discards 0 75 0 Last 300 seconds input 0 bytes sec 0 packets sec Last 300 seconds output 0 bytes s...

Page 117: ...ed Auto BW Freq Min BW Max BW Current Collected BW Interfaces Protected VPN Bind Type NONE VPN Bind Value Car Policy Disabled Tunnel Group Primary Primary Tunnel Backup Tunnel Group Status Execute the display ospf mpls te command on Router A to view LSAs of OSPF TE RouterA display ospf mpls te area 0 self originated OSPF Process 100 with Router ID 1 1 1 9 Area ID 0 0 0 0 Traffic Engineering LSA s ...

Page 118: ...d BW 5 625000 bytes sec Unreserved BW 6 625000 bytes sec Unreserved BW 7 625000 bytes sec Unreserved BW 8 0 bytes sec Unreserved BW 9 0 bytes sec Unreserved BW 10 0 bytes sec Unreserved BW 11 0 bytes sec Unreserved BW 12 0 bytes sec Unreserved BW 13 0 bytes sec Unreserved BW 14 0 bytes sec Unreserved BW 15 0 bytes sec Bandwidth Constraints BC 0 625000 bytes sec BC 1 0 bytes sec LSA 2 LSA Type Opq ...

Page 119: ... 1 40 1 1 1 24 Router B Loop0 2 2 2 9 32 Router C Loop0 3 3 3 9 32 GE 2 1 1 10 1 1 2 24 GE 2 1 1 20 1 1 2 24 GE 2 1 2 20 1 1 1 24 POS 5 1 1 40 1 1 2 24 Configuration procedure 1 Configure IP addresses and masks for the interfaces according to Figure 30 Details not shown 2 Enable IS IS to advertise host routes with LSR IDs as destinations on each node Details not shown Execute the display ip routin...

Page 120: ...on Router A You can see that Tunnel 3 is up RouterA display interface tunnel Tunnel3 current state UP Line protocol current state UP Description Tunnel3 Interface The Maximum Transmit Unit is 64000 Internet Address is 9 1 1 1 24 Primary Encapsulation is TUNNEL service loopback group ID not set Tunnel source unknown destination 3 3 3 9 Tunnel protocol transport CR_LSP Output queue Urgent queuing Si...

Page 121: ...ter D Shut down interface GigabitEthernet 2 1 2 on Router B Execute the tracert command on Router A to draw the path to the tunnel destination The output shows that the LSP is re routed to traverse Router D RouterA tracert a 1 1 1 9 3 3 3 9 traceroute to 3 3 3 9 3 3 3 9 30 hops max 40 bytes packet 1 30 1 1 2 28 ms 27 ms 23 ms 2 40 1 1 2 50 ms 50 ms 49 ms Execute the display mpls te tunnel command ...

Page 122: ...E Loop0 5 5 5 5 32 GE 2 1 1 2 1 1 1 24 POS 5 1 0 3 2 1 2 24 Router B Loop0 2 2 2 2 32 POS 5 1 3 3 1 1 24 GE 2 1 1 2 1 1 2 24 Router C Loop0 3 3 3 3 32 GE 2 1 2 3 1 1 1 24 GE 2 1 1 4 1 1 1 24 POS 5 1 0 3 2 1 1 24 GE 2 1 2 3 1 1 2 24 Router D Loop0 4 4 4 4 32 POS 5 1 0 3 3 1 2 24 GE 2 1 1 4 1 1 2 24 Configuration procedure 1 Configure IP addresses and masks for the interfaces according to Figure 31 ...

Page 123: ...RouterA mpls RouterA mpls mpls te RouterA mpls mpls rsvp te RouterA mpls mpls te cspf RouterA mpls quit RouterA interface giabitethernet 2 1 1 RouterA GigabitEthernet2 1 1 mpls RouterA GigabitEthernet2 1 1 mpls te RouterA GigabitEthernet2 1 1 mpls rsvp te RouterA GigabitEthernet2 1 1 quit Configure Router B RouterB system view RouterB mpls lsr id 2 2 2 2 RouterB mpls RouterB mpls mpls te RouterB m...

Page 124: ... te fast reroute RouterA Tunnel4 mpls te commit RouterA Tunnel4 quit Execute the display interface tunnel command on Router A You can see that Tunnel 4 is up RouterA display interface tunnel Tunnel4 current state UP Line protocol current state UP Description Tunnel4 Interface The Maximum Transmit Unit is 64000 Internet Address is 10 1 1 1 24 Primary Encapsulation is TUNNEL service loopback group I...

Page 125: ...lected BW Interfaces Protected VPN Bind Type NONE VPN Bind Value Car Policy Disabled Tunnel Group Primary Primary Tunnel Backup Tunnel Group Status 5 Configure a bypass tunnel on Router B the PLR Create an explicit path for the bypass LSP RouterB explicit path by path RouterB explicit path by path next hop 3 2 1 2 RouterB explicit path by path next hop 3 3 1 2 RouterB explicit path by path next ho...

Page 126: ...ls lsp LSP Information RSVP LSP FEC In Out Label In Out IF Vrf Name 4 4 4 4 32 1024 1024 GE2 1 1 GE2 1 2 3 3 3 3 32 NULL 1024 POS5 1 0 RouterC display mpls lsp LSP Information RSVP LSP FEC In Out Label In Out IF Vrf Name 4 4 4 4 32 1024 3 GE2 1 2 GE2 1 1 3 3 3 3 32 3 NULL POS5 1 0 RouterD display mpls lsp LSP Information RSVP LSP FEC In Out Label In Out IF Vrf Name 4 4 4 4 32 3 NULL GE2 1 1 Router...

Page 127: ... bypass tunnel is bound with the protected interface GigabitEthernet 2 1 2 and is unused RouterB display mpls lsp verbose LSP Information RSVP LSP No 1 IngressLsrID 1 1 1 1 LocalLspID 1 Tunnel Interface Tunnel4 Fec 4 4 4 4 32 Nexthop 3 1 1 2 In Label 1024 Out Label 1024 In Interface GigabitEthernet2 1 1 Out Interface GigabitEthernet2 1 2 LspIndex 4097 Tunnel ID 0x22001 LsrType Transit Bypass In Us...

Page 128: ...unnel Desc Tunnel4 Interface Tunnel State Desc Modifying CR LSP is setting up Tunnel Attributes LSP ID 1 1 1 1 1 Session ID 10 Admin State UP Oper State UP Ingress LSR ID 1 1 1 1 Egress LSR ID 4 4 4 4 Signaling Prot RSVP Resv Style SE Class Type CT0 Tunnel BW 0 kbps Reserved BW 0 kbps Setup Priority 7 Hold Priority 7 Affinity Prop Mask 0 0 Explicit Path Name pri path Tie Breaking Policy None Metri...

Page 129: ... Interval 10 sec Reopt Disabled Reopt Freq Back Up Type None Back Up LSPID Auto BW Disabled Auto BW Freq Min BW Max BW Current Collected BW Interfaces Protected VPN Bind Type NONE VPN Bind Value Car Policy Disabled Tunnel Group Primary Primary Tunnel Backup Tunnel Group Status If you execute the display mpls te tunnel interface command immediately after an FRR protection switch you are likely to s...

Page 130: ...ute 5 RouterB mpls quit Bring the protected outgoing interface up on PLR RouterB interface giabitethernet 2 1 2 RouterB GigabitEthernet2 1 2 undo shutdown Sep 7 09 01 31 2004 RouterB IFNET 5 UPDOWN Line protocol on the interface GigabitEthernet2 1 2 turns into UP state Execute the display interface tunnel 4 command on Router A to identify the state of the primary LSP You can see that the tunnel in...

Page 131: ... 1 1 24 GE2 1 1 30 1 1 1 24 Router B Loop0 2 2 2 9 32 POS5 1 0 20 1 1 2 24 GE2 1 1 10 1 1 2 24 Router D Loop0 4 4 4 9 32 POS5 1 0 20 1 1 1 24 GE2 1 1 30 1 1 2 24 Configuration procedure 1 Configure IP addresses for the interfaces according to Figure 32 Details not shown 2 Configure IS IS and advertise host routes with LSR IDs as destinations Configurations on Router A RouterA system view RouterA i...

Page 132: ...vel level 2 RouterC GigabitEthernet2 1 1 quit RouterC interface pos 5 1 0 RouterC POS5 1 0 isis enable 1 RouterC POS5 1 0 isis circuit level level 2 RouterC POS5 1 0 quit RouterC interface loopback 0 RouterC LoopBack0 isis enable 1 RouterC LoopBack0 isis circuit level level 2 RouterC LoopBack0 quit Configurations on Router D RouterD system view RouterD isis 1 RouterD isis 1 network entity 00 0005 ...

Page 133: ...outerA mpls mpls rsvp te RouterA mpls mpls te cspf RouterA mpls mpls te ds te mode ietf RouterA mpls quit RouterA interface giabitethernet 2 1 1 RouterA GigabitEthernet2 1 1 mpls RouterA GigabitEthernet2 1 1 mpls te RouterA GigabitEthernet2 1 1 mpls rsvp te RouterA GigabitEthernet2 1 1 quit Configure Router B RouterB mpls lsr id 2 2 2 9 RouterB mpls RouterB mpls mpls te RouterB mpls mpls rsvp te R...

Page 134: ... te cspf RouterD mpls mpls te ds te mode ietf RouterD mpls quit RouterD interface giabitethernet 2 1 1 RouterD GigabitEthernet2 1 1 mpls RouterD GigabitEthernet2 1 1 mpls te RouterD GigabitEthernet2 1 1 mpls rsvp te RouterD GigabitEthernet2 1 1 quit 4 Enable IS IS TE and configure IS IS to receive and send only packets whose cost style is wide Configure Router A RouterA isis 1 RouterA isis 1 cost ...

Page 135: ...er C RouterC interface giabitethernet 2 1 1 RouterC GigabitEthernet2 1 1 mpls te max link bandwidth 10000 RouterC GigabitEthernet2 1 1 mpls te max reservable bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2000 RouterC GigabitEthernet2 1 1 quit RouterC interface pos 5 1 0 RouterC POS5 1 0 mpls te max link bandwidth 10000 RouterC POS5 1 0 mpls te max reservable bandwidth rdm 10000 bc1 8000 bc2 5000 bc3 2...

Page 136: ...ackets sec 0 packets input 0 bytes 0 input error 0 packets output 0 bytes 0 output error Execute the display mpls te tunnel interface command on Router A to view detailed information about the tunnel RouterA display mpls te tunnel interface Tunnel Name Tunnel1 Tunnel Desc Tunnel1 Interface Tunnel State Desc CR LSP is Up Tunnel Attributes LSP ID 1 1 1 9 3 Session ID 10 Admin State UP Oper State UP ...

Page 137: ...dwidth allocation command on Router A to view interface bandwidth information RouterA display mpls te link administration bandwidth allocation interface giabitethernet 2 1 1 Link ID GigabitEthernet2 1 1 Max Link Bandwidth 10000 kbits sec Max Reservable Bandwidth PreStandard RDM 0 kbits sec Max Reservable Bandwidth IETF RDM 10000 kbits sec Max Reservable Bandwidth IETF MAM 0 kbits sec Downstream LS...

Page 138: ...P TE Figure 33 Network diagram Device Interface IP address Device Interface IP address Router A Loop0 1 1 1 1 32 Router E Loop0 5 5 5 5 32 GE2 1 1 2 1 1 1 24 POS5 1 0 3 2 1 2 24 Router B Loop0 2 2 2 2 32 POS5 1 1 3 3 1 1 24 GE2 1 1 2 1 1 2 24 Router C Loop0 3 3 3 3 32 GE2 1 2 3 1 1 1 24 GE2 1 1 4 1 1 1 24 POS5 1 0 3 2 1 1 24 GE2 1 2 3 1 1 2 24 Router D Loop0 4 4 4 4 32 POS5 1 1 3 3 1 2 24 GE2 1 1 ...

Page 139: ...uit RouterE interface pos 5 1 1 RouterE POS5 1 1 mpls RouterE POS5 1 1 mpls te RouterE POS5 1 1 mpls rsvp te RouterE POS5 1 1 quit Configure Router C RouterC system view RouterC mpls lsr id 3 3 3 3 RouterC mpls RouterC mpls mpls te RouterC mpls mpls rsvp te RouterC mpls mpls te cspf RouterC mpls quit RouterC interface pos 5 1 0 RouterC POS5 1 0 mpls RouterC POS5 1 0 mpls te RouterC POS5 1 0 mpls r...

Page 140: ... RouterB display interface tunnel Tunnel4 current state UP Line protocol current state UP Description Tunnel4 Interface The Maximum Transmit Unit is 64000 Internet Address is 10 1 1 1 24 Primary Encapsulation is TUNNEL service loopback group ID not set Tunnel source unknown destination 3 3 3 3 Tunnel protocol transport CR_LSP Output queue Urgent queuing Size Length Discards 0 100 0 Output queue Pr...

Page 141: ...ls ldp remote peer C RouterB mpls ldp remote c remote ip 3 3 3 3 RouterB mpls ldp remote c quit Configure Router C RouterC mpls RouterC mpls mpls ldp RouterC mpls quit RouterC interface giabitethernet 2 1 1 RouterC GigabitEthernet2 1 1 mpls RouterC GigabitEthernet2 1 1 mpls ldp RouterC GigabitEthernet2 1 1 quit RouterC mpls ldp remote peer b RouterC mpls ldp remote b remote ip 2 2 2 2 RouterC mpls...

Page 142: ...00 01 42 DDD HH MM LDP Extended Discovery Source Remote peer 1 Addresses received from peer Count 2 4 1 1 1 3 3 3 3 Execute the display mpls ldp lsp command on Router B The output shows that Router C sent label mapping messages to Router B and established an LDP LSP RouterB display mpls ldp lsp LDP LSP Information SN DestAddress Mask In OutLabel Next Hop In Out Interface 1 1 1 1 1 32 NULL 3 2 1 1 ...

Page 143: ...ts BypassTunnel Tunnel Index LSP Information LDP LSP No 2 VrfIndex Fec 3 3 3 3 32 Nexthop 10 1 1 1 In Label NULL Out Label 3 In Interface Out Interface Tunnel4 LspIndex 6147 Tunnel ID 0x11000e LsrType Ingress Outgoing Tunnel ID 0x15000d Label Operation PUSH No 3 VrfIndex Fec 3 3 3 3 32 Nexthop 10 1 1 1 In Label 1024 Out Label 3 In Interface Out Interface Tunnel4 LspIndex 6148 Tunnel ID 0x11000f Ls...

Page 144: ...cedure 1 Configure OSPF making sure that PE 1 and PE 2 can learn routes from each other Configure PE 1 PE1 system view PE1 interface loopback 0 PE1 LoopBack0 ip address 2 2 2 2 255 255 255 255 PE1 LoopBack0 quit PE1 interface pos 5 1 1 PE1 POS5 1 1 ip address 10 0 0 1 255 255 255 0 PE1 POS5 1 1 quit PE1 ospf PE1 ospf 1 area 0 PE1 ospf 1 area 0 0 0 0 network 10 0 0 0 0 0 0 255 PE1 ospf 1 area 0 0 0...

Page 145: ...r is Master Priority 1 DR None BDR None Dead timer due in 30 sec Neighbor is up for 00 01 00 Authentication Sequence 0 PE1 display ip routing table Routing Tables Public Destinations 7 Routes 7 Destination Mask Proto Pre Cost NextHop Interface 2 2 2 2 32 Direct 0 0 127 0 0 1 InLoop0 3 3 3 3 32 OSPF 10 1563 10 0 0 2 POS5 1 1 10 0 0 0 24 Direct 0 0 10 0 0 1 POS5 1 1 10 0 0 1 32 Direct 0 0 127 0 0 1 ...

Page 146: ...s RSVP TE PE1 interface tunnel 1 PE1 Tunnel1 ip address 12 1 1 1 255 255 255 0 PE1 Tunnel1 tunnel protocol mpls te PE1 Tunnel1 destination 3 3 3 3 PE1 Tunnel1 mpls te tunnel id 10 PE1 Tunnel1 mpls te signal protocol rsvp te PE1 Tunnel1 mpls te commit PE1 Tunnel1 quit Execute the display interface tunnel command on PE 1 The output shows that the tunnel interface is up 5 Configure the VPN instance o...

Page 147: ... 255 255 255 0 PE2 GigabitEthernet2 1 1 quit Execute the display ip vpn instance command on the PEs to view the configuration of the VPN instance Take PE 1 for example PE1 display ip vpn instance instance name vpn1 VPN Instance Name and ID vpn1 1 Create time 2006 09 27 15 10 29 Up time 0 days 00 hours 03 minutes and 09 seconds Route Distinguisher 100 1 Export VPN Targets 100 1 Import VPN Targets 1...

Page 148: ...stance vpn1 PE2 bgp vpn1 peer 192 168 2 2 as number 65002 PE2 bgp vpn1 import route direct PE2 bgp vpn1 quit PE2 bgp peer 2 2 2 2 as number 100 PE2 bgp peer 2 2 2 2 connect interface loopback 0 PE2 bgp ipv4 family vpnv4 PE2 bgp af vpnv4 peer 2 2 2 2 enable PE2 bgp af vpnv4 quit PE2 bgp quit Execute the display bgp peer command and the display bgp vpn instance peer command on PEs The output shows t...

Page 149: ... 1 ttl 253 time 38 ms Reply from 192 168 1 2 bytes 56 Sequence 2 ttl 253 time 61 ms Reply from 192 168 1 2 bytes 56 Sequence 3 ttl 253 time 74 ms Reply from 192 168 1 2 bytes 56 Sequence 4 ttl 253 time 36 ms Reply from 192 168 1 2 bytes 56 Sequence 5 ttl 253 time 35 ms 192 168 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 35 48 74 ms The sam...

Page 150: ... 0x0 Label Operation POP LSP Information LDP LSP No 3 VrfIndex Fec 2 2 2 2 32 Nexthop 127 0 0 1 In Label 3 Out Label NULL In Interface POS5 1 1 Out Interface LspIndex 10241 Tunnel ID 0x0 LsrType Egress Outgoing Tunnel ID 0x0 Label Operation POP No 4 VrfIndex Fec 3 3 3 3 32 Nexthop 10 0 0 2 In Label NULL Out Label 3 In Interface Out Interface POS5 1 1 LspIndex 10242 Tunnel ID 0x22000 LsrType Ingres...

Page 151: ...put queue FIFO queuing Size Length Discards 0 75 0 Last 300 seconds input 5 bytes sec 0 packets sec Last 300 seconds output 5 bytes sec 0 packets sec 34 packets input 2856 bytes 0 input error 34 packets output 2856 bytes 0 output error Troubleshooting MPLS TE No TE LSA generated Symptom OSPF TE is configured but no TE LSAs can be generated to describe MPLS TE attributes Analysis For TE LSAs to be ...

Page 152: ... more users Guaranteed reliability and VPN routing security MPLS L2VPN neither tries to obtain nor processes the routing information for users guaranteeing the security of user VPN routing information Support for multiple network layer protocols Such as IP and SNA Basic concepts of MPLS L2VPN Customer edge device A CE device is a customer network device directly connected to the service provider n...

Page 153: ...LSP MPLS TE or GRE tunnel For more information about LSP and MPLS TE tunnels see Configuring basic MPLS and Configuring MPLS TE For more information about GRE tunnels see Layer 3 IP Services Configuration Guide If multiple public tunnels exist between two PEs you can configure a tunneling policy to control tunnel selection For more information about tunneling policy see Configuring MPLS L3VPN 2 Se...

Page 154: ... a Layer 2 connection to a CE When receiving a packet from the backbone a PE forwards the packet to a CE identified by the VC label Figure 37 Packet forwarding process L2 PDU Layer 2 protocol data unit T represents a tunnel tag V represents a VC label As shown in Figure 37 MPLS L2VPN forwards packets in the following steps 1 After PE 1 receives a Layer 2 packet from CE 1 it adds a VC label to the ...

Page 155: ...ion only describes how to set up a remote MPLS L2VPN connection in different modes CCC MPLS L2VPN The CCC mode sets up a CCC connection by establishing two static LSPs in opposite directions and binding the static LSPs to ACs Figure 39 CCC MPLS L2VPN network diagram After you complete the configurations as shown in Figure 39 a static LSP from PE 1 to PE 2 and a static LSP from PE 2 to PE 1 are est...

Page 156: ...nd the VC ID uniquely identify a VC On a PE the VC ID uniquely identifies a VC among the VCs of the same type As shown in Figure 40 the PEs send the VC FEC and VC label in a label mapping message to each other After the VC labels are distributed a VC is set up between the PEs Figure 40 Label distribution in Martini mode Kompella MPLS L2VPN Kompella MPLS L2VPN employs two levels of labels to transf...

Page 157: ...block on the PEs Instead you can assign a new label block in addition to the existing label block to enlarge the label range A PE uses LO to identify a label block among all label blocks and to determine from which label block it assigns labels The LO value of a label block is the sum of LRs of all previously assigned label blocks For example if the LR and LO of the first label block is 10 and 0 t...

Page 158: ...ssigned by the peer PE into a Layer 2 packet from a local CE For example when PE 1 forwards packets from CE 1 to CE 2 it adds VC label 3001 Figure 42 Label distribution in Kompella mode As shown in Figure 42 CE 1 and CE 2 belong to VPN 1 CE 3 and CE 4 belong to VPN 2 Configure route targets for the two VPNs to make sure CEs in the same VPN can set up a VC and CEs in different VPNs cannot A VC is s...

Page 159: ...occupies fewer network resources Disadvantage Cannot automatically adapt to network changes Supports only remote connections Small scale network with a simple topology Martini VC label encapsulation two levels of labels VC label distribution LDP Advantages On a carrier network only PEs need to save a few VC label to LSP mappings The P devices do not need to save any Layer 2 VPN information To add ...

Page 160: ...ccording to the DLCI of the packet and then forwards the packet to the VC The FR DLCI mode is also called the one to one mapping mode because one FR virtual circuit corresponds to one VC FR port mode A PE forwards all FR packets received from an interface to the VC bound to the interface The FR port mode is also called the many to one mapping mode because many FR virtual circuits correspond to one...

Page 161: ...es the ATM AAL5 SDU and then sends the ATM AAL5 SDU to PE 2 through the VC on the PSN PE 2 removes the outer encapsulation encapsulates the original ATM AAL5 SDU to an ATM cell and then sends the ATM cell to CE 2 In the communication process CE 1 and CE 2 cannot sense the existence of the PSN as if they were communicating directly Figure 43 ATM AAL5 transparent transport Control word The control w...

Page 162: ...rimary VC it brings up the backup VC and then forwards packets from CE 1 to CE 2 through the backup VC When CE 2 receives the packet it updates its MAC address table so that packets from CE 2 travel through the backup VC too Figure 44 VC redundancy protection in an MPLS L2VPN The MPLS L2VPN determines whether the primary VC fails according to the LDP session status and the BFD result The backup VC...

Page 163: ...LS L2VPN Creating a VC on a Layer 3 interface disables the IP related functions on the sub interfaces of the Layer 3 interface For example the sub interfaces cannot receive ARP or IGMP packets They cannot forward unicast or multicast packets After you remove the VC the IP related functions on the sub interfaces recover Configuring basic MPLS L2VPN Step Command Remarks 1 Enter system view system vi...

Page 164: ...m view N A 2 Enter interface view interface serial pos interface number After you configure FR DLCI or FR port mode encapsulation on a serial interface you must use the reset fr inarp command to clear FR dynamic address mappings between the PE and the CE For more information about the reset fr inarp command see Layer 2 WAN Command Reference 3 Configure the link layer protocol link protocol fr nons...

Page 165: ... vci No PVC exists by default You must configure the same VPI VCI values as those configured on the connected CE 4 Create a default IPoA mapping for the PVC map ip default Optional By default no IP address mapping exists For more information about PVCs and ATM interfaces see Layer 2 WAN Configuration Guide Configuring CCC MPLS L2VPN Configuring a local CCC connection To create a local CCC connecti...

Page 166: ...t VLAN tag To configure a PE Step Command Remarks 1 Enter system view system view N A 2 Create a remote CCC connection ccc ccc connection name interface interface type interface number in label in label value out label out label value nexthop ip address out interface interface type interface number control word no control word The interface interface type interface number option specifies a PE CE ...

Page 167: ...VC mpls static l2vc destination destination router id transmit vpn label transmit label value receive vpn label receive label value control word ethernet no control word vlan tunnel policy tunnel policy name This feature is not supported on VLAN interfaces The label range for SVC is 16 to 1023 which is the label range for static LSPs The transmit vpn label and receive vpn label configured on the l...

Page 168: ...ching rule are forwarded over the primary VC or over the backup VC if the primary VC is down or if you manually switch traffic to the backup VC To create multiple VCs with the same attributes such as VC encapsulation type and VC tunneling policy you do not need to configure the attributes one by one for each VC Instead you can create a PW class configure VC attributes in the PW class and then refe...

Page 169: ... xconnect static peer command to delete the VCs first 10 Configure the VC labels for the primary VC static label local local vc remote remote vc By default no VC labels are configured for the primary VC 11 Configure the VC labels for the backup VC static backup label local local vc remote remote vc Optional By default no VC labels are configured for the backup VC You must perform this command if y...

Page 170: ...ep Command 1 Enter system view system view 2 Create remote peer entity and enter MPLS LDP remote peer view mpls ldp remote peer remote peer name 3 Specify the IP address of the remote peer as that of the peer PE remote ip ip address For remote peer configuration information see Configuring basic MPLS Creating a Martini VC on a Layer 3 interface A Martini VC has two main parameters IP address of th...

Page 171: ...ure a tunneling policy see Configuring MPLS L3VPN 5 Return to system view quit N A 6 Enter the view of the interface connecting the CE interface interface type interface number N A 7 Create a service instance and enter service instance view service instance instance id By default no service instance is created 8 Configure a packet matching rule for the service instance encapsulation port based s v...

Page 172: ...connection Configuring BGP L2VPN capability Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Establish the peer relationship with the peer PE peer group name ip address as number as number N A 4 Specify the interface for the TCP connection peer group name ip address connect interface interface type interface number N A 5 Enter BGP L2VPN address family v...

Page 173: ...an connect You can configure a CE range greater than what is required based on your estimate of future VPN expansion This can reduce configuration workload required when CEs are added into the VPN in future default offset default offset Specifies the initial CE ID 0 or 1 0 indicates CEs in the VPN are numbered from 0 1 indicates CEs in the VPN are numbered from 1 This parameter and the CE range to...

Page 174: ... is 10 you can change it to 20 but you cannot change it to 5 Changing the CE range to a bigger value does not interrupt current services To change the CE range to a smaller value you must delete the current CE re create the CE and specify a smaller CE range for it Configuration procedure To create a CE connection Step Command Remarks 1 Enter system view system view N A 2 Enter MPLS L2VPN view mpls...

Page 175: ...me remote ce ce id down up verbose summary interface interface type interface number begin exclude include regular expression Available in any view Display information about L2VPN in the BGP routing table display bgp l2vpn all group group name peer ip address verbose route distinguisher rd ce id ce id label offset label offset begin exclude include regular expression Available in any view Display ...

Page 176: ...e in any view MPLS L2VPN configuration examples Example for configuring a local CCC connection Network requirements The CEs are connected to the PE through Serial interfaces The link layer encapsulation protocol is PPP Create a local CCC connection on the PE so the PE can directly forward packets between CE 1 and CE 2 without looking up the forwarding table improving the forwarding speed Figure 45...

Page 177: ...col type of interface Serial 2 1 1 as PPP PE interface serial 2 1 1 PE Serial2 1 1 link protocol ppp PE Serial2 1 1 quit Create a local connection between CE 1 and CE 2 PE ccc ce1 ce2 interface serial 2 1 0 out interface serial 2 1 1 3 Configure CE 2 Configure the link protocol type of interface Serial 2 1 0 the interface connected to the PE as PPP and configure an IP address for the interface Sys...

Page 178: ... CCC connection Network requirements The CEs are connected to the PEs through POS interfaces The link layer encapsulation protocol is PPP Create a remote CCC connection so CE 1 and CE 2 can exchange Layer 2 packets across the backbone network Figure 46 Network diagram Device Interface IP address Device Interface IP address CE 1 POS5 1 0 100 1 1 1 24 CE 2 POS5 1 0 100 1 1 2 24 PE 1 Loop0 10 0 0 1 3...

Page 179: ...Configure interface POS 5 1 0 PE1 interface pos 5 1 0 PE1 POS5 1 0 link protocol ppp PE1 POS5 1 0 quit Configure interface POS 5 1 1 and enable MPLS PE1 interface pos 5 1 1 PE1 POS5 1 1 link protocol ppp PE1 POS5 1 1 ip address 10 1 1 1 24 PE1 POS5 1 1 mpls PE1 POS5 1 1 quit Create a remote connection from CE 1 to CE 2 using the interface connected to CE 1 as the incoming interface and that connec...

Page 180: ...onfigure the LSR ID and enable MPLS globally Sysname system view Sysname sysname PE2 PE2 interface loopback 0 PE2 LoopBack0 ip address 10 0 0 3 32 PE2 LoopBack0 quit PE2 mpls lsr id 10 0 0 3 PE2 mpls PE2 mpls quit Enable L2VPN and MPLS L2VPN PE2 l2vpn PE2 l2vpn mpls l2vpn PE2 l2vpn quit Configure interface POS 5 1 1 PE2 interface pos 5 1 1 PE2 POS5 1 1 link protocol ppp PE2 POS5 1 1 quit Configure...

Page 181: ...e output shows that CE 1 and CE 2 can ping each other CE1 ping 100 1 1 2 PING 100 1 1 2 56 data bytes press CTRL_C to break Reply from 100 1 1 2 bytes 56 Sequence 1 ttl 255 time 180 ms Reply from 100 1 1 2 bytes 56 Sequence 2 ttl 255 time 60 ms Reply from 100 1 1 2 bytes 56 Sequence 3 ttl 255 time 10 ms Reply from 100 1 1 2 bytes 56 Sequence 4 ttl 255 time 70 ms Reply from 100 1 1 2 bytes 56 Seque...

Page 182: ...le MPLS L2VPN on PE 1 and PE 2 create a static VC and specify the VC labels Configuration procedure 1 Configure CE 1 Configure the link protocol as PPP on interface POS 5 1 0 the interface connected to PE 1 and configure an IP address for the interface Sysname system view Sysname sysname CE1 CE1 interface pos 5 1 0 CE1 POS5 1 0 link protocol ppp CE1 POS5 1 0 ip address 100 1 1 1 24 2 Configure PE ...

Page 183: ...ace requires no IP address PE1 interface pos 5 1 0 PE1 POS5 1 0 link protocol ppp PE1 POS5 1 0 mpls static l2vc destination 192 3 3 3 transmit vpn label 100 receive vpn label 200 PE1 POS5 1 0 quit 3 Configure the P router Configure the LSR ID and enable MPLS globally Sysname system view Sysname sysname P P interface loopback 0 P LoopBack0 ip address 192 4 4 4 32 P LoopBack0 quit P mpls lsr id 192 ...

Page 184: ...d MPLS L2VPN PE2 l2vpn PE2 l2vpn mpls l2vpn PE2 l2vpn quit Enable LDP globally PE2 mpls ldp PE2 mpls ldp quit Configure the interface connected with the P router and enable LDP on the interface PE2 interface pos 5 1 0 PE2 POS5 1 0 link protocol ppp PE2 POS5 1 0 ip address 10 2 2 1 24 PE2 POS5 1 0 mpls PE2 POS5 1 0 mpls ldp PE2 POS5 1 0 quit Configure OSPF on PE 2 for establishing LSPs PE2 ospf PE2...

Page 185: ...e intf state destination tr label rcv label tnl policy POS5 1 1 up 192 2 2 2 200 100 Ping CE 2 from CE 1 The output shows that CE 1 and CE 2 can ping each other CE1 ping 100 1 1 2 PING 100 1 1 2 56 data bytes press CTRL_C to break Reply from 100 1 1 2 bytes 56 Sequence 1 ttl 255 time 150 ms Reply from 100 1 1 2 bytes 56 Sequence 2 ttl 255 time 130 ms Reply from 100 1 1 2 bytes 56 Sequence 3 ttl 25...

Page 186: ...e an IP address for the interface Sysname system view Sysname sysname CE1 CE1 interface serial 2 1 0 CE1 Serial2 1 0 link protocol ppp CE1 Serial2 1 0 ip address 100 1 1 1 24 2 Configure PE 1 Configure the LSR ID and enable MPLS globally Sysname system view Sysname sysname PE1 PE1 interface loopback 0 PE1 LoopBack0 ip address 192 2 2 2 32 PE1 LoopBack0 quit PE1 mpls lsr id 192 2 2 2 PE1 mpls PE1 m...

Page 187: ...uires no IP address PE1 interface serial 2 1 0 PE1 Serial2 1 0 mpls l2vc 192 3 3 3 101 PE1 Serial2 1 0 quit 3 Configure the P device Configure the LSR ID and enable MPLS globally Sysname system view Sysname sysname P P interface loopback 0 P LoopBack0 ip address 192 4 4 4 32 P LoopBack0 quit P mpls lsr id 192 4 4 4 P mpls P mpls quit Enable LDP globally P mpls ldp P mpls ldp quit Configure the int...

Page 188: ...the peer relationship with PE 1 so that the LDP remote session can be established between them PE2 mpls ldp remote peer 2 PE2 mpls ldp remote 2 remote ip 192 2 2 2 PE2 mpls ldp remote 2 quit Configure the interface connected to the P device and enable LDP on the interface PE2 interface serial 2 1 1 PE2 Serial2 1 1 link protocol ppp PE2 Serial2 1 1 ip address 10 2 2 1 24 PE2 Serial2 1 1 mpls PE2 Se...

Page 189: ... and CE 2 can ping each other CE1 ping 100 1 1 2 PING 100 1 1 2 56 data bytes press CTRL_C to break Reply from 100 1 1 2 bytes 56 Sequence 1 ttl 255 time 30 ms Reply from 100 1 1 2 bytes 56 Sequence 2 ttl 255 time 60 ms Reply from 100 1 1 2 bytes 56 Sequence 3 ttl 255 time 50 ms Reply from 100 1 1 2 bytes 56 Sequence 4 ttl 255 time 40 ms Reply from 100 1 1 2 bytes 56 Sequence 5 ttl 255 time 70 ms ...

Page 190: ...stem view Sysname sysname CE1 CE1 interface serial 2 1 0 CE1 Serial2 1 0 link protocol ppp CE1 Serial2 1 0 ip address 100 1 1 1 24 CE1 Serial2 1 0 ip address 100 2 1 1 24 sub CE1 Serial2 1 0 quit CE1 interface serial 2 1 1 CE1 Serial2 1 1 link protocol ppp CE1 Serial2 1 1 ip address 100 3 1 1 24 CE1 Serial2 1 1 quit Configure IS IS CE1 isis 1 CE1 isis 1 network entity 10 0000 0000 0001 00 CE1 isis...

Page 191: ... 1 2 ip address 13 1 1 1 24 PE1 Serial2 1 2 mpls PE1 Serial2 1 2 mpls ldp PE1 Serial2 1 2 quit Configure OSPF on PE 1 PE1 ospf PE1 ospf 1 area 0 PE1 ospf 1 area 0 0 0 0 network 1 1 1 1 0 0 0 0 PE1 ospf 1 area 0 0 0 0 network 12 1 1 0 0 0 0 255 PE1 ospf 1 area 0 0 0 0 network 13 1 1 0 0 0 0 255 PE1 ospf 1 area 0 0 0 0 quit PE1 ospf 1 quit Enable L2VPN and MPLS L2VPN PE1 l2vpn PE1 l2vpn mpls l2vpn P...

Page 192: ... 0 0 quit PE2 ospf 1 quit Enable L2VPN and MPLS L2VPN PE2 l2vpn PE2 l2vpn mpls l2vpn PE2 l2vpn quit Create a VC on the interface connected to CE 2 This interface needs no IP address PE2 interface serial 2 1 1 PE2 Serial2 1 1 mpls l2vc 1 1 1 1 20 PE2 Serial2 1 1 quit 4 Configure PE 3 Configure the LSR ID and enable MPLS globally Sysname system view Sysname sysname PE3 PE3 interface loopback 0 PE3 L...

Page 193: ...l 2 1 0 CE2 Serial2 1 0 link protocol ppp CE2 Serial2 1 0 ip address 100 1 1 2 24 CE2 Serial2 1 0 quit CE2 interface serial 2 1 1 CE2 Serial2 1 1 link protocol ppp CE2 Serial2 1 1 ip address 100 2 1 2 24 Configure IS IS CE2 isis 1 CE2 isis 1 network entity 10 0000 0000 0002 00 CE2 isis 1 quit CE2 interface serial 2 1 0 CE2 Serial2 1 0 isis enable 1 CE2 Serial2 1 0 quit CE2 interface serial 2 1 1 C...

Page 194: ...shed on PE 2 PE2 display mpls l2vc Total ldp vc 1 1 up 0 down 0 blocked Transport Client Service VC Local Remote VC ID Intf ID State VC Label VC Label 20 S2 1 1 up 1033 1026 Display VC information on PE 3 The output shows that a VC has been established on PE 3 PE3 display mpls l2vc Total ldp vc 1 1 up 0 down 0 blocked Transport Client Service VC Local Remote VC ID Intf ID State VC Label VC Label 3...

Page 195: ...itch the working VC PE1 system view PE1 interface serial 2 1 0 PE1 Serial2 1 0 mpls l2vc switchover PE1 Serial2 1 0 quit Display VC information on PE 1 The output shows that the backup VC is now up PE1 display mpls l2vc Total ldp vc 2 1 up 0 down 1 blocked Transport Client Service VC Local Remote VC ID Intf ID State VC Label VC Label 20 S2 1 0 blocked 1026 1033 30 S2 1 0 up 1027 1050 CE 1 and CE 2...

Page 196: ...tion protocol is PPP Establish a Kompella VC so CE 1 and CE 2 can exchange Layer 2 packets across the backbone Figure 50 Network diagram Device Interface IP address Device Interface IP address CE 1 S2 1 0 30 1 1 1 24 CE 2 S2 1 0 30 1 1 2 24 PE 1 Loop0 1 1 1 9 32 P Loop0 2 2 2 9 32 POS5 1 1 168 1 1 1 24 POS5 1 0 168 1 1 2 24 PE 2 Loop0 3 3 3 9 32 POS5 1 1 169 1 1 1 24 POS5 1 0 169 1 1 2 24 Configur...

Page 197: ...bgp peer 1 1 1 9 connect interface loopback 0 PE2 bgp l2vpn family PE2 bgp af l2vpn policy vpn target PE2 bgp af l2vpn peer 1 1 1 9 enable PE2 bgp af l2vpn quit PE2 bgp quit After completing the configurations execute the display bgp l2vpn peer command on PE 1 and PE 2 to view the peer relationship established between the PEs The peer state should be Established Take PE 1 as an example PE1 display...

Page 198: ...down 0 local 1 remote 0 unknown CE name ce1 id 1 Rid type status peer id route distinguisher intf 2 rmt up 3 3 3 9 100 1 S2 1 0 Ping CE 2 from CE 1 The output shows that CE 1 and CE 2 can ping each other CE1 ping 30 1 1 2 PING 30 1 1 2 56 data bytes press CTRL_C to break Reply from 30 1 1 2 bytes 56 Sequence 1 ttl 255 time 90 ms Reply from 30 1 1 2 bytes 56 Sequence 2 ttl 255 time 77 ms Reply from...

Page 199: ...E mpls l2vpn ce vpn1 ce1 quit PE mpls l2vpn vpn1 ce ce2 id 2 PE mpls l2vpn ce vpn1 ce2 connection ce offset 1 interface serial 2 1 1 PE mpls l2vpn vpn1 quit 2 Verify your configuration Execute the display mpls l2vpn connection command on the PE The output shows that two local L2VPN connections in up state are established PE display mpls l2vpn connection 2 total connections connections 2 up 0 down ...

Page 200: ...nce 5 ttl 255 time 94 ms 30 1 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 34 68 94 ms Example for configuring a VC for a service instance This configuration example applies only to routers with SAP 4EXPs Network requirements CE 1 and CE 2 are connected to PE 1 and PE 2 through Layer 3 Ethernet interfaces On PE 1 and PE 2 create a VC for CE...

Page 201: ... remote session with PE 2 PE1 mpls ldp remote peer 1 PE1 mpls ldp remote 1 remote ip 192 3 3 3 PE1 mpls ldp remote 1 quit Configure the interface connected with the P device and enable LDP on the interface PE1 interface ten GigabitEthernet 1 0 2 PE1 Ten GigabitEthernet1 0 2 ip address 23 1 1 1 24 PE1 Ten GigabitEthernet1 0 2 mpls PE1 Ten GigabitEthernet1 0 2 mpls ldp PE1 Ten GigabitEthernet1 0 2 q...

Page 202: ...1 0 2 mpls P Ten GigabitEthernet1 0 2 mpls ldp P Ten GigabitEthernet1 0 2 quit Configure the interface connected with PE 2 and enable LDP on the interface P interface ten GigabitEthernet1 0 3 P Ten GigabitEthernet1 0 3 ip address 26 2 2 2 24 P Ten GigabitEthernet1 0 3 mpls P Ten GigabitEthernet1 0 3 mpls ldp P Ten GigabitEthernet1 0 3 quit Configure OSPF P ospf P ospf 1 area 0 P ospf 1 area 0 0 0 ...

Page 203: ...face connected to CE 2 create a service instance and create a VC PE2 interface Ten GigabitEthernet1 0 1 PE1 Ten GigabitEthernet1 0 1 port link mode bridge PE1 Ten GigabitEthernet1 0 1 service instance 1 PE1 Ten GigabitEthernet1 0 1 srv1 encapsulation untagged PE2 Ten GigabitEthernet1 0 1 srv1 xconnect peer 192 2 2 2 pw id 1000 access mode ethernet PE2 Ten GigabitEthernet1 0 1 srv1 quit PE2 Ten Gig...

Page 204: ...shooting techniques for MPLS L2VPN Symptom 1 After the L2VPN configuration the peer PEs cannot ping each other The display mpls l2vc command output shows that the VC is down and the remote VC label is invalid displayed as Analysis The reason the VC is down might be that the PEs are configured with different VC types Solution 1 Verify that the local PE and the peer PE are configured with the same V...

Page 205: ...rtual switch instance that maps actual access links to virtual links PW Pseudo wire a bidirectional virtual connection between VSIs A PW consists of two unidirectional MPLS VCs AC Attachment circuit connecting the CE to the PE It can use physical interfaces or virtual interfaces Usually all user packets on an AC including Layer 2 and Layer 3 protocol messages must be forwarded to the peer site wit...

Page 206: ...label for the PW This mode is also referred to as Martini mode BGP VPLS Uses multiprotocol BGP to distribute the VC label for the PW This mode is also referred to as Kompella mode For more information about the Martini mode and Kompella mode see Configuring MPLS L2VPN MAC address learning and flooding VPLS provides reachability by MAC address learning Each PE maintains a MAC address table Source M...

Page 207: ...to other PEs that are directly connected through LDP sessions If the message contains a null MAC address TLV list these PEs remove all MAC addresses from the specified VSI except for those learned from the PW that sent the message MAC address aging Remote MAC addresses learned by a PE that are related to VC labels but no longer in use must be aged out by an aging mechanism The aging mechanism used...

Page 208: ... into the packet and then forwards the packet For a packet to be sent downstream whether the PE adds the service delimiter into the packet depends on your configuration However rewriting and removing the existing tags are not allowed In VLAN mode packets transmitted over the PW must carry a P Tag For a packet from a CE if it contains the service delimiter the PE keeps the P Tag unchanged or change...

Page 209: ... packet with the multiplex distinguishing flag for the U PW and sends the packet to UPE which forwards the packet to the CE For packets to be exchanged between CE 1 and CE 2 UPE can forward them directly without NPE 1 because it holds the bridging function by itself For the first packet with an unknown destination MAC address or a broadcast packet UPE broadcasts the packet to CE 2 through the brid...

Page 210: ...ket and sends a copy to each peer CE PW redundancy The network design with a single PW between a UPE and an NPE has a distinct drawback once the PW experiences a failure all VPNs connected to the aggregate device lose connectivity The H VPLS with LSP access provides redundant links for PW backup The primary PW link is used When the primary link fails the backup link takes over the VPN services Fig...

Page 211: ... Then upon receiving a packet from PW 2 or PW 3 ASBR 2 removes the existing inner and outer labels of the packet and then adds the inner and outer labels of PW 3 or PW 2 to the packet Thus PW 1 PW 2 and PW 3 are put end to end and a multi hop PW is formed across the ASs NOTE Only LDP VPLS connections can form a multi hop PW VPLS configuration task list Task Remarks Enabling L2VPN and MPLS L2VPN Re...

Page 212: ... to manual configuration 2 Specify the PW signaling protocol as static 3 Use the peer command to configure a VPLS peer PE for the instance including the following parameters IP address of the peer PE ID of the PW to the peer PE which must be consistent with that specified on the peer PE Type of the peer PE Use the upe keyword to specify a UPE peer which is an MTU s device in the H VPLS model or us...

Page 213: ...tional By default no VC labels are configured for the backup VC 11 Return to VSI static view quit N A 12 Enable the PW switchback function and set the switchover delay time dual npe revertive wtr time wtr time Optional Disabled by default NOTE The PW to PW P2P mode VSI is applicable only to point to point MPLS L2VPN To configure a multi hop PW specify the p2p keyword when you create a VPLS instanc...

Page 214: ...neling policy for the PW To configure an LDP VPLS instance Step Command Remarks 1 Enter system view system view N A 2 Create a PW class and enter its view pw class pw class name Optional By default no PW class is created 3 Configure the PW transport mode trans mode ethernet vlan Optional VLAN by default 4 Specify a tunneling policy pw tunnel policy policy name Optional By default the tunneling pol...

Page 215: ...basic MPLS Configuring the BGP extension Before configuring BGP VPLS you must configure BGP parameters on the PEs For configuration details see Layer 3 IP Routing Configuration Guide To configure the BGP extension Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Enter BGP VPLS address family view vpls family N A 4 Activate a peer peer peer address enabl...

Page 216: ...ived on the Layer 2 Ethernet port according to the service instance Packets that match the service instance are forwarded by the VPLS instance bound to the service instance A service instance supports multiple types of packet matching rules such as matching all packets received on the port packets carrying the specified VLAN tags all tagged packets and all packets with no VLAN tags providing a mor...

Page 217: ...c For information about VLAN configurations see Layer 2 LAN Switching Configuration Guide To bind a service instance to a VPLS instance Step Command Remarks 1 Enter system view system view N A 2 Enter the view of the interface connected to a CE interface interface type interface number N A 3 Create a service instance and enter its view service instance service instance id By default no service ins...

Page 218: ...th vpn speed Optional 102400 kbps by default 4 Specify the broadcast suppression ratio for the VPLS instance broadcast restrain ratio Optional 5 percent by default 5 Specify the multicast suppression ratio for the VPLS instance multicast restrain ratio Optional 100 percent by default 6 Specify the unknown unicast suppression ratio for the VPLS instance unknown unicast restrain ratio Optional 100 p...

Page 219: ...ut VPLS connections display vpls connection bgp ldp static vsi vsi name block down up verbose begin exclude include regular expression Available in any view Display the AC entry information for one or all VPLS instances In standalone mode display mpls l2vpn fib ac vpls vsi vsi name interface interface type interface number slot slot number verbose begin exclude include regular expression Available...

Page 220: ... are connected to PE 1 and PE 2 through Layer 3 Ethernet interfaces On PE 1 and PE 2 perform the following configuration Configure VPLS instance aaa to use LDP Martini mode and VPLS instance bbb to use BGP Kompella mode and configure the AS number as 100 Configure service instance 1 to match packets that are received on interface Ten GigabitEthernet 1 0 1 and carry the VLAN tag of 100 Bind service...

Page 221: ... 0 2 ip address 23 1 1 1 24 PE1 Ten GigabitEthernet1 0 2 mpls PE1 Ten GigabitEthernet1 0 2 mpls ldp PE1 Ten GigabitEthernet1 0 2 quit Configure OSPF PE1 ospf PE1 ospf 1 area 0 PE1 ospf 1 area 0 0 0 0 network 23 1 1 1 0 0 0 255 PE1 ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 PE1 ospf 1 area 0 0 0 0 quit PE1 ospf 1 quit Configure BGP extensions PE1 bgp 100 PE1 bgp peer 3 3 3 9 as number 100 PE1 bgp ...

Page 222: ...n GigabitEthernet1 0 1 srv2 encapsulation s vid 200 PE1 Ten GigabitEthernet1 0 1 srv2 xconnect vsi bbb PE1 Ten GigabitEthernet1 0 1 srv2 quit 2 Configure the P device Configure an IP address for loopback 0 Sysname system view Sysname sysname P P interface loopback 0 P LoopBack0 ip address 2 2 2 9 32 P LoopBack0 quit Configure the LSR ID and enable MPLS globally P mpls lsr id 2 2 2 9 P mpls P mpls ...

Page 223: ...te LDP peer PE 1 PE2 mpls ldp remote peer 2 PE2 mpls ldp remote 2 remote ip 1 1 1 9 PE2 mpls ldp remote 2 quit Configure the interface connected to the P device and enable LDP on the interface PE2 interface ten GigabitEthernet 1 0 3 PE2 Ten GigabitEthernet1 0 3 ip address 26 2 2 1 24 PE2 Ten GigabitEthernet1 0 3 mpls PE2 Ten GigabitEthernet1 0 3 mpls ldp PE2 Ten GigabitEthernet1 0 3 quit Configure...

Page 224: ...type trunk PE2 Ten GigabitEthernet1 0 1 port trunk permit vlan 100 200 PE2 Ten GigabitEthernet1 0 1 service instance 1 PE2 Ten GigabitEthernet1 0 1 srv1 encapsulation s vid 100 PE2 Ten GigabitEthernet1 0 1 srv1 xconnect vsi aaa PE2 Ten GigabitEthernet1 0 1 srv1 quit PE2 Ten GigabitEthernet1 0 1 service instance 2 PE2 Ten GigabitEthernet1 0 1 srv2 encapsulation s vid 200 PE2 Ten GigabitEthernet1 0 ...

Page 225: ...S instance Figure 60 Network diagram Configuration procedure 1 Configure PE 1 Configure an IGP such as OSPF Details not shown Configure basic MPLS Sysname system view Sysname sysname PE1 PE1 interface loopback 0 PE1 LoopBack0 ip address 1 1 1 9 32 PE1 LoopBack0 quit PE1 mpls lsr id 1 1 1 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit Configure an IP address for interface GigabitEthernet 2...

Page 226: ...bb bgp site 1 range 10 PE1 vsi bbb bgp quit PE1 vsi bbb quit Create VPLS instance ccc that uses static labels PE1 vsi ccc static PE1 vsi ccc pwsignal static PE1 vsi ccc static peer 2 2 2 9 PE1 vsi ccc static 2 2 2 9 static label local 100 remote 200 PE1 vsi ccc static 2 2 2 9 quit PE1 vsi ccc static quit PE1 vsi ccc quit Configure interface GigabitEthernet 2 1 2 and bind VPLS instance aaa bbb or c...

Page 227: ...ote 2 remote ip 1 1 1 9 PE2 mpls remote 2 quit Configure MP BGP for VPLS PE2 bgp 100 PE2 bgp peer 1 1 1 9 as number 100 PE2 bgp peer 1 1 1 9 connection interface loopback 0 PE2 bgp vpls family PE2 bgp af vpls peer 1 1 1 9 enable PE2 bgp af vpls quit PE2 bgp quit Enable L2VPN and MPLS L2VPN PE2 l2vpn PE2 l2vpn mpls l2vpn PE2 l2vpn quit Create VPLS instance aaa that uses LDP signaling PE2 vsi aaa st...

Page 228: ... 1 2 l2 binding vsi bbb To bind VPLS instance ccc to the interface PE2 GigabitEthernet2 1 2 l2 binding vsi ccc PE2 GigabitEthernet2 1 2 quit Verifying the configuration Execute the display vpls connection command on the PEs The output shows that a PW connection in up state has been established between the PEs Configuring H VPLS with LSP access Network requirements Establish a U PW between UPE and ...

Page 229: ...si aaa static UPE vsi aaa pwsignal ldp UPE vsi aaa ldp vsi id 500 UPE vsi aaa ldp peer 2 2 2 9 UPE vsi aaa ldp quit UPE vsi aaa quit Configure interface GigabitEthernet 2 1 1 and bind VPLS instance aaa to the interface UPE interface gigabitethernet 2 1 1 UPE GigabitEthernet2 1 1 l2 binding vsi aaa UPE GigabitEthernet2 1 1 quit 3 Configure NPE 1 Configure basic MPLS Sysname system view Sysname sysn...

Page 230: ...NPE1 l2vpn quit Create VPLS instance aaa that uses LDP signaling NPE1 vsi aaa static NPE1 vsi aaa pwsignal ldp NPE1 vsi aaa ldp vsi id 500 NPE1 vsi aaa ldp peer 1 1 1 9 upe NPE1 vsi aaa ldp peer 3 3 3 9 NPE1 vsi aaa ldp quit NPE1 vsi aaa quit 4 Configure NPE 3 Configure basic MPLS Sysname system view Sysname sysname NPE3 NPE3 interface loopback 0 NPE3 LoopBack0 ip address 3 3 3 9 32 NPE3 LoopBack0...

Page 231: ...net2 1 1 l2 binding vsi aaa NPE3 GigabitEthernet2 1 1 quit Verifying the configuration Execute the display vpls connection command on the PEs The output shows that a PW connection in up state has been established between the PEs Configuring PW redundancy for H VPLS access Network requirements CE 1 and CE 2 are connected to the UPE through an Ethernet Establish a U PW between UPE and NPE 1 and a ba...

Page 232: ...GigabitEthernet2 1 3 ip address 13 1 1 1 255 255 255 0 UPE GigabitEthernet2 1 3 mpls UPE GigabitEthernet2 1 3 mpls ldp UPE GigabitEthernet2 1 3 quit Configure the remote LDP peer NPE 1 UPE mpls ldp remote peer 1 UPE mpls remote 1 remote ip 2 2 2 2 UPE mpls remote 1 quit Configure the remote LDP peer NPE 2 UPE mpls ldp remote peer 2 UPE mpls remote 1 remote ip 3 3 3 3 UPE mpls remote 1 quit Enable ...

Page 233: ...tEthernet2 1 1 ip address 12 1 1 2 24 NPE1 GigabitEthernet2 1 1 mpls NPE1 GigabitEthernet2 1 1 mpls ldp NPE1 GigabitEthernet2 1 1 quit Configure an IP address for the interface connected to NPE 3 and enable MPLS and MPLS LDP NPE1 interface gigabitethernet 2 1 2 NPE1 GigabitEthernet2 1 2 ip address 15 1 1 1 24 NPE1 GigabitEthernet2 1 2 mpls NPE1 GigabitEthernet2 1 2 mpls ldp NPE1 GigabitEthernet2 1...

Page 234: ...mpls NPE3 GigabitEthernet2 1 1 mpls ldp NPE3 GigabitEthernet2 1 1 quit Configure an IP address for the interface connected to NPE 2 and enable MPLS and MPLS LDP NPE3 interface gigabitethernet 2 1 2 NPE3 GigabitEthernet2 1 2 ip address 16 1 1 2 255 255 255 0 NPE3 GigabitEthernet2 1 2 mpls NPE3 GigabitEthernet2 1 2 mpls ldp NPE3 GigabitEthernet2 1 2 quit Configure the remote LDP peers NPE3 mpls ldp ...

Page 235: ...uter A is the UPE Router B is the primary NPE and Router C is the backup NPE Enable MPLS on the connecting interfaces between the routers and configure OSPF on the routers to ensure IP connectivity Configure BFD for the link between Router A and Router B and the link between Router A and Router C so that when either link is down BFD can detect the link failure and inform the MPLS LDP protocol for ...

Page 236: ...mote peer routera RouterB mpls ldp remote routera remote ip 1 1 1 1 RouterB mpls ldp remote routera remote ip bfd RouterB mpls ldp remote routera quit RouterB interface gigabitethernet 2 1 2 RouterB GigabitEthernet2 1 2 mpls RouterB GigabitEthernet2 1 2 mpls ldp RouterB GigabitEthernet2 1 2 quit Configure Router C RouterC system view RouterC mpls lsr id 3 3 3 3 RouterC mpls RouterC mpls quit Route...

Page 237: ...LoopBack0 ip address 3 3 3 3 32 RouterC LoopBack0 quit 3 Configure basic OSPF Configure Router A RouterA ospf RouterA ospf 1 area 0 RouterA ospf 1 area 0 0 0 0 network 12 1 1 1 0 0 0 255 RouterA ospf 1 area 0 0 0 0 network 13 1 1 1 0 0 0 255 RouterA ospf 1 area 0 0 0 0 network 1 1 1 1 0 0 0 0 RouterA ospf 1 area 0 0 0 0 quit RouterA ospf 1 quit Configure Router B RouterB ospf RouterB ospf 1 area 0...

Page 238: ...pn quit RouterC vsi vpna static RouterC vsi vpna pwsignal ldp RouterC vsi vpna ldp vsi id 100 RouterC vsi vpna ldp peer 1 1 1 1 upe RouterC vsi vpna ldp quit RouterC vsi vpna quit Verifying the configuration Execute the display bfd session verbose command to display information about the BFD sessions from Router A to its neighbors RouterA display bfd session verbose Total Session Num 2 Init Mode A...

Page 239: ... 2 2 134312 138882 1 up 100 ethernet 3 3 3 3 134216 140476 2 block Disconnect the link between Router A and Router B Then execute the display vpls connection vsi vpna command The output shows that the link to 3 3 3 3 is up RouterA display vpls connection vsi vpna Total 1 connection s connection s 1 up 0 block 0 down VSI Name vpna Signaling ldp VsiID VsiType PeerAddr InLabel OutLabel LinkID VCState...

Page 240: ... 2 ip address 10 1 1 1 24 PE1 GigabitEthernet2 1 2 mpls PE1 GigabitEthernet2 1 2 mpls ldp PE1 GigabitEthernet2 1 2 quit Enable L2VPN and MPLS L2VPN PE1 l2vpn PE1 l2vpn mpls l2vpn PE1 l2vpn quit Create VPLS instance aaa that uses LDP signaling PE1 vsi aaa static PE1 vsi aaa pwsignal ldp PE1 vsi aaa ldp vsi id 500 PE1 vsi aaa ldp peer 2 2 2 2 PE1 vsi aaa ldp 2 2 2 2 quit PE1 vsi aaa ldp quit PE1 vsi...

Page 241: ...0 1 1 2 24 ASBR1 GigabitEthernet2 1 1 mpls ASBR1 GigabitEthernet2 1 1 mpls ldp ASBR1 GigabitEthernet2 1 1 quit Configure basic MPLS for GigabitEthernet 2 1 2 the interface connected to ASBR 2 ASBR1 interface gigabitethernet 2 1 2 ASBR1 GigabitEthernet2 1 2 ip address 11 1 1 2 24 ASBR1 GigabitEthernet2 1 2 mpls ASBR1 GigabitEthernet2 1 2 quit Enable L2VPN and MPLS L2VPN ASBR1 l2vpn ASBR1 l2vpn mpls...

Page 242: ...4 ASBR2 mpls ldp remote 3 quit Configure OSPF ASBR2 ospf ASBR2 ospf 1 area 0 ASBR2 ospf 1 area 0 0 0 0 network 3 3 3 3 0 0 0 0 ASBR2 ospf 1 area 0 0 0 0 network 12 1 1 0 0 0 0 255 ASBR2 ospf 1 area 0 0 0 0 quit ASBR2 ospf 1 quit Configure basic MPLS for GigabitEthernet 2 1 1 the interface connecting ASBR 1 ASBR2 interface gigabitethernet 2 1 1 ASBR2 GigabitEthernet2 1 1 ip address 11 1 1 3 24 ASBR...

Page 243: ...onfigurations on PE 2 Configure basic MPLS Sysname system view Sysname sysname PE2 PE2 interface loopback 0 PE2 LoopBack0 ip address 4 4 4 4 32 PE2 LoopBack0 quit PE2 mpls lsr id 4 4 4 4 PE2 mpls PE2 mpls quit PE2 mpls ldp PE2 mpls ldp quit Create a remote peer PE2 mpls ldp remote peer 1 PE2 mpls ldp remote 1 remote ip 3 3 3 3 PE2 mpls ldp remote 1 quit Configure OSPF PE2 ospf PE2 ospf 1 area 0 PE...

Page 244: ...e devices Troubleshooting VPLS Symptom The VPLS PW is not up Analysis The public network LSP tunnel is not established The extended session is not working correctly A private network interface is not bound to the corresponding VPLS instance or the private network interface is not up Solution 1 Check the routing tables of the PEs to verify that a route is available between the two PEs Verify that e...

Page 245: ...s at the edge of a service provider network and connects one or more CEs On an MPLS network all VPN services are processed on the PEs Provider device A P device is a core device on a service provider network It is not directly connected to any CE It has only basic MPLS forwarding capability Figure 65 Network diagram for MPLS L3VPN model CEs and PEs mark the boundary between the service providers a...

Page 246: ...t 10 110 10 0 24 address space overlapping occurs VPN instance In MPLS VPN routes of different VPNs are identified by VPN instances A PE creates and maintains a separate VPN instance for each directly connected site Each VPN instance contains the VPN membership and routing rules of the corresponding site If a user at a site belongs to multiple VPNs at the same time the VPN instance of the site con...

Page 247: ...e value of the Type field is 2 the Administrator subfield occupies four bytes the Assigned number subfield occupies two bytes and the RD format is 32 bit AS number 16 bit user defined number where the minimum value of the AS number is 65536 For example 65536 1 To guarantee global uniqueness for an RD do not set the Administrator subfield to any private AS number or private IP address BGP extended ...

Page 248: ...PN instance by using the route target attribute of import target attribute It can reject the routes selected by the communities in the import target attribute An export routing policy can reject the routes selected by the communities in the export target attribute After a VPN instance is created you can configure an import routing policy an export routing policy or both as needed Tunneling policy ...

Page 249: ...he interface to CE 2 5 CE 2 transmits the packet to the destination by IP forwarding MPLS L3VPN networking schemes In MPLS L3VPNs route target attributes are used to control the advertisement and reception of VPN routes between sites They work independently and can be configured with multiple values to support flexible VPN access control and implement multiple types of VPN networking schemes Basic...

Page 250: ...king scheme can be used to implement the monitoring and filtering of user communications This networking scheme requires two route targets one for the hub and the other for the spoke The route target setting rules for VPN instances of all sites on PEs are as follows On spoke PEs that is the PEs connected to spoke sites set the export target attribute to spoke and the import target attribute to Hub...

Page 251: ... the export route targets of the other spoke PEs Therefore any two spoke PEs can neither directly advertise VPN IPv4 routes to each other nor directly access each other Extranet networking scheme The extranet networking scheme can be used when some resources in a VPN are to be accessed by users that are not in the VPN In this kind of networking scheme if a VPN must access a shared site the export ...

Page 252: ... maintains only the routing information for the VPNs directly connected to it rather than that of all VPNs Therefore MPLS L3VPN has excellent scalability The VPN routing information for a local CE is advertised in the following phases 1 Advertised from the local CE to the ingress PE 2 Advertised from the ingress PE to the egress PE 3 Advertised from the egress PE to the remote CE Then a route is a...

Page 253: ...e as that between the local CE and the ingress PE Inter AS VPN In some networking scenarios multiple sites of a VPN are connected to multiple ISPs in different ASs or to multiple ASs of an ISP Such an application is called inter AS VPN RFC 2547bis presents the following inter AS VPN solutions VRF to VRF ASBRs manage VPN routes between them through subinterfaces This solution is also called inter A...

Page 254: ...wo ASBRs use MP EBGP to exchange labeled VPN IPv4 routes that they have obtained from the PEs in their respective ASs As shown in Figure 72 the routes are advertised through the following steps 1 PEs in AS 100 advertise labeled VPN IPv4 routes to the ASBR PE of AS 100 or the route reflector RR for the ASBR PE through MP IBGP 2 The ASBR PE advertises labeled VPN IPv4 routes to the ASBR PE of AS 200...

Page 255: ...VPNs However they require that the ASBRs maintain and advertise VPN IPv4 routes When every AS needs to exchange a great amount of VPN routes the ASBRs may become bottlenecks hindering network extension One way to solve the problem is to make PEs directly exchange VPN IPv4 routes without the participation of ASBRs Two ASBRs advertise labeled IPv4 routes to PEs in their respective ASs through MP IBG...

Page 256: ...r the Level 1 carrier while the customer is called the customer carrier or the Level 2 carrier This networking model is referred to as carrier s carrier In this model the Level 2 service provider serves as a CE of the Level 1 service provider For good scalability the Level 1 carrier does not redistribute the routes of the customer network connected to a Level 2 carrier It only redistributes the ro...

Page 257: ...r Moreover the CE holds the VPN routes of the Level 2 carrier but it does not advertise the routes to the PE of the Level 1 carrier It only exchanges the routes with other PEs of the Level 2 carrier A Level 2 carrier can be an ordinary ISP or an MPLS L3VPN service provider When the Level 2 carrier is an ordinary ISP its PEs run IGP to communicate with the CEs rather than MPLS As shown in Figure 75...

Page 258: ...ration on the service provider s PEs This solution is easy to deploy but it increases the network operation cost and brings issues on management and security because of the following The number of VPNs that PEs must support increases sharply Any modification of an internal VPN must be done through the service provider The nested VPN technology offers a better solution It exchanges VPNv4 routes bet...

Page 259: ...atches the VPNv4 routes based on its local VPNs Each local VPN accepts routes of its own and advertises them to its connected sub VPN CEs such as CE 3 and CE 4 or CE 5 and CE 6 in Figure 77 If a CE is connected to a provider PE through an IPv4 connection the PE advertises IPv4 routes to the CE If a CE is connected to a provider PE through a VPNv4 connection a user MPLS VPN network the PE advertise...

Page 260: ...ns PEs are the key devices which provide the following functions User access This means that the PEs must have a large amount of interfaces VPN route managing and advertising and user packet processing requiring that a PE must have a large capacity memory and high forwarding capability Most of the current network schemes use the typical hierarchical architecture For example the MAN architecture co...

Page 261: ...nages and advertises VPN routes It maintains all the routes of the VPNs connected through UPEs including the routes of both the local and remote sites An SPE advertises routes along with labels to UPEs including the default routes of VPN instances or summary routes and the routes permitted by the routing policy By using routing policies you can control which nodes in a VPN can communicate with eac...

Page 262: ...rtises the default routes of the VPN instance of the SPEs or the VPN routes permitted by the routing policies to the UPEs The SPE maintains the VPN routes of all sites in the HoVPN Each UPE maintains only VPN routes of its directly connected sites An MPE has fewer routes than the SPE but has more routes than a UPE OSPF VPN extension This section focuses on the OSPF VPN extension For more informati...

Page 263: ...sidered directly connected and PEs can exchange OSPF routing information as they are using dedicated lines This improves network management and makes OSPF applications more effective As shown in Figure 80 PE 1 and PE 2 are connected through the MPLS backbone CE 11 CE 21 and CE 22 belong to VPN 1 Assume that CE 11 CE 21 and CE 22 belong to the same OSPF domain PEs advertise VPN 1 routes in the foll...

Page 264: ...They are connected to different PEs PE 1 and PE 2 There is an intra area OSPF link called backdoor link between them In this case the route connecting the two sites through PEs is an inter area route It is not preferred by OSPF because its preference is lower than that of the intra area route across the backdoor link Figure 81 Network diagram for sham link To resolve the problem you can establish ...

Page 265: ...the AS number of 800 AS number substitution is enabled on PE 2 for CE 2 Before advertising updates received from CE 1 to CE 2 PE 2 finds that an AS number in the AS_PATH is the same as that of CE 2 and hence substitutes its own AS number 100 for the AS number In this way CE 2 can normally receive the routing information from CE 1 However the AS number substitution function also introduces a routin...

Page 266: ...ected to CE 2 PE 2 uses the IPv4 route as the primary route and the VPNv4 route as the backup route Configure echo mode BFD on PE 2 to detect the link from PE 2 to CE 2 When the link is available traffic from CE 1 to CE 2 takes the path CE 1 PE 1 PE 2 CE 2 When the link fails PE 2 switches fast to the link PE 2 PE 3 CE 2 and traffic from CE 1 to CE 2 takes the path CE 1 PE 1 PE 2 PE 3 CE 2 This av...

Page 267: ... PEs Figure 85 Network diagram for the MCE function Establish a tunnel between the two sites of each VPN Create a routing table for VPN 1 and VPN 2 respectively on the MCE device and bind VLAN interface 2 to VPN 1 and VLAN interface 3 to VPN 2 When receiving a route the MCE device determines the source of the routing information according to the number of the receiving interface and then adds it t...

Page 268: ...PE BGP VPNv4 peer The source IP address is the output interface address by default You can use the mpls l3vpn soft gre sourcecommand to specify a source IP address Public tunnel Used when a qualified public tunnel exists To ensure that PEs identify and receive VPN packets correctly you can specify a key for soft GRE A PE accepts the received VPN packets when it is configured with the same key as t...

Page 269: ...owing tasks Configure an IGP for the MPLS backbone on the PEs and Ps to achieve IP connectivity Configure basic MPLS for the MPLS backbone Configure MPLS LDP for the MPLS backbone so that LDP LSPs can be established Configuring VPN instances VPN instances isolate not only VPN routes from public network routes but also routes among VPNs This feature allows VPN instances to be used in network scenar...

Page 270: ...ciate a VPN instance with the interface ip binding vpn instance vpn instance name No VPN instance is associated with an interface by default NOTE The ip binding vpn instance command deletes the IP address of the current interface You must re configure an IP address for the interface after configuring the command Configuring route related attributes for a VPN instance The device processes VPN route...

Page 271: ...VPNs You can configure route related attributes for IPv4 VPNs in both VPN instance view and IPv4 VPN view Those configured in IPv4 VPN view take precedence Configuring a tunneling policy for a VPN instance When multiple tunnels exist in an MPLS L3VPN network you can configure a tunneling policy to specify the type and number of tunnels to be used by using the tunnel select seq command or the prefe...

Page 272: ...up to 64 preferred tunnels The tunnel interfaces specified for the preferred tunnels can have the same destination address and the tunnel encapsulation type must be MPLS TE 4 Specify the tunnel selection preference order and the number of tunnels for load balancing tunnel select seq cr lsp gre lsp load balance number number By default only one tunnel is selected no load balancing in this order LSP...

Page 273: ... the command for LDP GR all commands available in MPLS LDP view can be configured in MPLS LDP VPN instance view For more information about MPLS LDP see Configuring basic MPLS Configurations in MPLS LDP VPN instance view affect only the LDP enabled interface bound to the VPN instance Configurations in MPLS LDP view do not affect interfaces bound to VPN instances When configuring the transport addre...

Page 274: ...nd a CE Step Command Remarks 1 Enter system view system view N A 2 Create a RIP process for a VPN instance and enter RIP view rip process id vpn instance vpn instance name Perform this configuration on PEs On CEs create a normal RIP process 3 Enable RIP on the interface attached to the specified network network network address By default RIP is disabled on an interface For more information about R...

Page 275: ...s on PEs in different VPNs can be configured with domain IDs as desired The domain ID of an OSPF process is included in the routes generated by the process When an OSPF route is redistributed into BGP the OSPF domain ID is included in the BGP VPN route and delivered as a BGP extended community attribute For more information about OSPF see Layer 3 IP Routing Configuration Guide Configuring IS IS be...

Page 276: ...x name import Optional By default BGP does not filter received routes 8 Allow the local AS number to appear in the AS_PATH attribute of a received route and set the maximum number of repetitions peer group name ip address allow as loop number Optional Required for a hub spoke network BGP detects routing loops by AS number In a hub spoke network where EBGP is running between a PE and a CE the routi...

Page 277: ... A 3 Enter BGP VPN instance view ipv4 family vpn instance vpn instance name N A 4 Configure the CE as the VPN IBGP peer peer group name ip address as number as number N A 5 Configure the system to be the RR and specify the CE as the client of the RR peer group name ip address reflect client Optional By default no RR or RR client is configured By default a PE does not advertise routes learned from ...

Page 278: ... as number N A 3 Configure the PE as the IBGP peer peer group name ip address as number as number For information about BGP peer and BGP peer group configuration see Layer 3 IP Routing Configuration Guide This chapter does not differentiate between peer and peer group 4 Configure the route redistribution and advertisement behavior import route protocol process id med med value route policy route p...

Page 279: ...he command is executed To configure common routing features for all types of subaddress families Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Configure the remote PE as the peer peer ip address as number as number N A 4 Specify the interface for TCP connection peer ip address connect interface interface type interface number N A 5 Enter address fami...

Page 280: ...BGP peer or peer group 12 Enable route target filtering for received VPNv4 routes policy vpn target Optional Enabled by default 13 Enable route reflection between clients reflect between clients Optional Enabled by default 14 Specify the cluster ID of the RR reflector cluster id cluster id ip address Optional Router ID of an RR in the cluster by default 15 Create an RR reflection policy rr filter ...

Page 281: ...default no filtering policy is applied to a peer or peer group 14 Apply a route filtering policy based on IP prefix list to a peer or peer group peer group name ip address ip prefix prefix name export import Optional By default no route filtering policy based on IP prefix list is applied to a peer or peer group 15 Specify not to change the next hop of a route when advertising it to a peer or peer ...

Page 282: ...23 Optional Configure a source address for soft GRE mpls l3vpn soft gre sourceip address By default soft GRE uses the primary IP address of the output interface as the source address Configuring inter AS VPN If the MPLS backbone on which the VPN routes rely spans multiple ASs you must configure inter AS VPN Three inter AS VPN solutions are available You can choose them as required Before you confi...

Page 283: ...address use the peer ip address group name next hop local command For more information about the command see Layer 3 IP Routing Configuration Guide To configure inter AS option B on ASBR PEs Step Command Remarks 1 Enter system view system view N A 2 Enter interface view for the interface connecting to the remote ASBR PE interface interface type interface number N A 3 Configure the IP address of th...

Page 284: ...xt hop of a route when advertising it to the peer peer group name ip address next hop invariable Optional Required only when RRs are used to advertise VPNv4 routes where the next hop of a route advertised between RRs cannot be changed Configuring the ASBR PEs In the inter AS option C solution an inter AS LSP is required and the routes advertised between the relevant PEs and ASBRs must carry MPLS l...

Page 285: ...bels to the routes received from the PEs in the same AS before advertising them to the peer ASBR PE Assigns new MPLS labels to the labeled IPv4 routes to be advertised to the PEs in the same AS Which IPv4 routes are to be assigned with MPLS labels depends on the routing policy Only routes that meet the criteria are assigned with labels All the other routes are still common IPv4 routes To configure...

Page 286: ...oup name peer address vpn instance vpn instance name enable By default only IPv4 routes and no BGP VPNv4 routes can be exchanged between nested VPN peers peer groups 9 Add a peer to the nested VPN peer group peer peer address vpn instance vpn instance name group group name Optional By default a peer is not in any nested VPN peer group 10 Apply a routing policy to routes received from a nested VPN ...

Page 287: ...Thus packets from the multi role host for accessing a certain VPN can return based on the routing table that does not belong to the VPN Configuring HoVPN For hierarchical VPNs you can adopt HoVPN to reduce the performance requirements for PEs Before you configure HoVPN complete basic MPLS L3VPN settings on UPE and SPE Do not connect an SPE to a CE directly If an SPE must be directly connected to a...

Page 288: ...one instead of the backdoor link between two CEs The source and destination addresses of the sham link must be loopback interface addresses with 32 bit masks Besides the loopback interfaces must be bound to the VPN instances and be advertised through BGP Before you configure an OSPF sham link complete the following tasks Configure basic MPLS L3VPN OSPF is used between PEs and CEs Configure OSPF in...

Page 289: ...ll be 0 However the same calculation rule produces the same tag and hence the same tag is created for multiple OSPF VPN instances on the same PE or PEs with the same AS number As a best practice configure different tags for different OSPF VPN instances Modifying MD5 HMAC MD5 keys support MD5 smooth rollovers For more information see Layer 3 IP Routing Configuration Guide To create a sham link Step...

Page 290: ...route static dest address mask mask length gateway address interface type interface number gateway address vpn instance d vpn instance name gateway address preference preference value tag tag value description description text ip route static vpn instance s vpn instance name 1 6 dest address mask mask length gateway address public interface type interface number gateway address vpn instance d vpn ...

Page 291: ... router ID configured in system view Therefore you must configure a router ID when starting the OSPF process To configure OSPF between an MCE and a VPN site Step Command Remarks 1 Enter system view system view N A 2 Create an OSPF process for a VPN instance and enter OSPF view ospf process id router id router id vpn instance vpn instance name Perform this configuration on the MCE On a VPN site cre...

Page 292: ... tag Optional By default IS IS does not redistribute routes of any other routing protocol If you do not specify the route level in the command the command redistributes routes to the level 2 routing table by default 5 Return to system view quit N A 6 Enter interface view interface interface type interface number N A 7 Enable the IS IS process on the interface isis enable process id Disabled by def...

Page 293: ... to receive such routes configure the MCE to allow routing loops Routes redistributed from OSPF to BGP on the MCE have their OSPF attributes removed To enable BGP to distinguish routes redistributed from different OSPF domains you must enable the redistributed routes to carry the OSPF domain ID by configuring the domain id command in OSPF view The domain ID is added to BGP VPN routes as an extende...

Page 294: ... policy to filter the routes to be advertised filter policy acl number ip prefix ip prefix name export direct isis process id ospf process id rip process id static Optional By default BGP does not filter the routes to be advertised 8 Configure a filtering policy to filter the received routes filter policy acl number ip prefix ip prefix name import Optional By default BGP does not filter the receiv...

Page 295: ...eded 3 Configure the default precedence for static routes ip route static default preference default preference value Optional 60 by default Configuring RIP between MCE and PE Step Command Remarks 1 Enter system view system view N A 2 Create a RIP process for a VPN instance and enter RIP view rip process id vpn instance vpn instance name N A 3 Enable RIP on the interface attached to the specified ...

Page 296: ...distributed per time is 1000 the default tag is 1 and default type of redistributed routes is Type 2 8 Create an OSPF area and enter OSPF area view area area id By default no OSPF area is created 9 Enable OSPF on the interface attached to the specified network in the area network ip address wildcard mask By default an interface neither belongs to any area nor runs OSPF For more information about O...

Page 297: ... 5 Redistribute the VPN routes of the VPN site import route protocol process id all processes med med value route policy route policy name By default No route redistribution is configured 6 Configure a filtering policy to filter the routes to be advertised filter policy acl number ip prefix ip prefix name export direct isis process id ospf process id rip process id static Optional By default BGP d...

Page 298: ...d forward the packet out of the interface To specify the VPN label processing mode on an egress PE Step Command Remarks 1 Enter system view system view N A 2 Specify the VPN label processing mode as POPGO forwarding vpn popgo POP forwarding by default After you execute the vpn popgo command reboot the device to validate the configuration After the vpn popgo command is executed successfully the dev...

Page 299: ...nformation about the route policy apply extcommunity peer substitute as and peer route policy commands see Layer 3 IP Routing Command Reference Configuring MPLS L3VPN FRR Before you configure MPLS L3VPN FRR complete the following tasks Configure basic MPLS L3VPN For backup between one IPv4 route and one VPNv4 route configure the source address for BFD echo packets For related configurations see Hi...

Page 300: ...up group name Available in user view Hard reset BGP VPNv4 connections reset bgp vpnv4 as number ip address all external internal group group name Available in user view Displaying and maintaining MPLS L3VPN Task Command Remarks Display information about the routing table associated with a VPN instance display ip routing table vpn instance vpn instance name verbose begin exclude include regular exp...

Page 301: ...xpression display bgp vpnv4 vpn instance vpn instance name peer group name log info ip address log info verbose verbose begin exclude include regular expression Available in any view Display the IP prefix information for the ORF packets received from the specified BGP peer display bgp vpnv4 all vpn instance vpn instance name peer ip address received ip prefix begin exclude include regular expressi...

Page 302: ... mask length longer match as path acl as path acl number peer ip address advertised routes received routes statistic begin exclude include regular expression flap info regular expression as regular expression Available in any view Display information about OSPF sham links display ospf process id sham link area area id begin exclude include regular expression Available in any view Display informati...

Page 303: ...3VPNs using EBGP between a PE and a CE Network requirements CE 1 and CE 3 belong to VPN 1 CE 2 and CE 4 belong to VPN 2 VPN 1 uses route target attribute 111 1 VPN 2 uses route target attribute 222 2 Users of different VPNs cannot access each other A PE and its connected CE use EBGP exchange VPN routing information PEs use OSPF to communicate with each other and use MP IBGP to exchange VPN routing...

Page 304: ...f 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 PE1 ospf 1 area 0 0 0 0 quit PE1 ospf 1 quit Configure the P device P system view P interface loopback 0 P LoopBack0 ip address 2 2 2 9 32 P LoopBack0 quit P interface pos 5 1 1 P POS5 1 1 ip address 172 1 1 2 24 P POS5 1 1 quit P interface pos 5 1 2 P POS5 1 2 ip address 172 2 1 1 24 P POS5 1 2 quit P ospf P ospf 1 area 0 P ospf 1 area 0 0 0 0 network 172 ...

Page 305: ...ect 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 172 1 1 0 24 Direct 0 0 172 1 1 1 POS5 1 1 172 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 172 2 1 0 24 OSPF 10 1 172 1 1 2 POS5 1 1 PE1 display ospf peer verbose OSPF Process 1 with Router ID 1 1 1 9 Neighbors Neighbor state change count 5 Area 0 0 0 0 interface 172 1 1 1 POS5 1 1 s neighbors Area 0 0 0 0 interface 172 1 1 1 POS5 1 1 s...

Page 306: ...shows the LSPs established by LDP Take PE 1 as an example PE1 display mpls ldp session LDP Session s in Public Network Total number of sessions 1 Peer ID Status LAM SsnRole FT MD5 KA Sent Rcv 2 2 2 9 0 Operational DU Passive Off Off 5 5 LAM Label Advertisement Mode FT Fault Tolerance PE1 display mpls ldp lsp LDP LSP Information SN DestAddress Mask In OutLabel Next Hop In Out Interface 1 1 1 1 9 32...

Page 307: ... 3 1 2 24 PE2 GigabitEthernet2 1 1 quit PE2 interface gigabitethernet 2 1 2 PE2 GigabitEthernet2 1 2 ip binding vpn instance vpn2 PE2 GigabitEthernet2 1 2 ip address 10 4 1 2 24 PE2 GigabitEthernet2 1 2 quit Configure IP addresses for the CEs according to Figure 86 Details not shown After completing the configurations execute the display ip vpn instance command on the PEs to view the configuration...

Page 308: ...n a similar way to configuring PE 1 Details not shown After completing the configuration execute the display bgp vpnv4 vpn instance peer command on the PEs The output shows that BGP peer relationship has been established between the PEs and CEs and has reached the Established state Take PE 1 as an example PE1 display bgp vpnv4 vpn instance vpn1 peer BGP local router ID 1 1 1 9 Local AS number 100 ...

Page 309: ...0 0 1 InLoop0 10 3 1 0 24 BGP 255 0 3 3 3 9 NULL0 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 PE1 display ip routing table vpn instance vpn2 Routing Tables vpn2 Destinations 5 Routes 5 Destination Mask Proto Pre Cost NextHop Interface 10 2 1 0 24 Direct 0 0 10 2 1 2 GE2 1 2 10 2 1 2 32 Direct 0 0 127 0 0 1 InLoop0 10 4 1 0 24 BGP 255 0 3 3 3 9 NULL0 127 0 0 0...

Page 310: ...oute target attribute 222 2 Users of different VPNs cannot access each other IBGP is used to exchange VPN routing information between CE and PE PEs use OSPF to communicate with each other and use MP IBGP to exchange VPN routing information Figure 87 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 1 1 1 9 32 PE 2 Loop0 3 3 3 9 32 GE2 1 1 10 1 1 2 24 GE2 1 1 10 3 1...

Page 311: ... 0 0 0 quit PE1 ospf 1 quit Configure the P router P system view P interface loopback 0 P LoopBack0 ip address 2 2 2 9 32 P LoopBack0 quit P interface pos 5 1 1 P POS5 1 1 ip address 172 1 1 2 24 P POS5 1 1 quit P interface pos 5 1 2 P POS5 1 2 2 ip address 172 2 1 1 24 P POS5 1 2 2 quit P ospf P ospf 1 area 0 P ospf 1 area 0 0 0 0 network 172 1 1 0 0 0 0 255 P ospf 1 area 0 0 0 0 network 172 2 1 ...

Page 312: ...op0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 172 1 1 0 24 Direct 0 0 172 1 1 1 POS5 1 1 172 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 172 2 1 0 24 OSPF 10 1 172 1 1 2 POS5 1 1 PE1 display ospf peer verbose OSPF Process 1 with Router ID 1 1 1 9 Neighbors Area 0 0 0 0 interface 172 1 1 1 POS5 1 1 s neighbors Router ID 2 2 2 9 Address 172 1 1 2 GR State Normal State Full Mode Nbr is Master Priority 1 DR...

Page 313: ... s in Public Network Total number of sessions 1 Peer ID Status LAM SsnRole FT MD5 KA Sent Rcv 2 2 2 9 0 Operational DU Passive Off Off 5 5 LAM Label Advertisement Mode FT Fault Tolerance PE1 display mpls ldp lsp LDP LSP Information SN DestAddress Mask In OutLabel Next Hop In Out Interface 1 1 1 1 9 32 3 NULL 127 0 0 1 InLoop0 2 2 2 2 9 32 NULL 3 172 1 1 2 POS5 1 1 3 3 3 3 9 32 NULL 1024 172 1 1 2 ...

Page 314: ...instance vpn2 PE2 GigabitEthernet2 1 2 ip address 10 4 1 2 24 PE2 GigabitEthernet2 1 2 quit Configure IP addresses for the CEs according to Figure 87 Details not shown After completing the configurations execute the display ip vpn instance command on the PEs to view the configuration of the VPN instances Use the ping command to test connectivity between the PEs and their attached CEs The PEs can p...

Page 315: ...p vpn1 import route direct PE1 bgp vpn1 quit PE1 bgp ipv4 family vpn instance vpn2 PE1 bgp vpn2 peer 10 2 1 1 as number 100 PE1 bgp vpn2 peer 10 2 1 1 reflect client PE1 bgp vpn2 import route direct PE1 bgp vpn2 quit PE1 bgp quit Configure PE 2 in a similar way to configuring PE 1 Details not shown Execute the display bgp vpnv4 vpn instance peer command on the PEs The output shows that BGP peer re...

Page 316: ...ay bgp peer command or the display bgp vpnv4 all peer command on the PEs The output shows that a BGP peer relationship has been established between the PEs and has reached the Established state Take PE 1 as an example PE1 display bgp peer BGP local router ID 1 1 1 9 Local AS number 100 Total number of peers 1 Peers in established state 1 Peer AS MsgRcvd MsgSent OutQ PrefRcv Up Down State 3 3 3 9 1...

Page 317: ... 9 bytes 56 Sequence 3 ttl 253 time 50 ms Reply from 6 6 6 9 bytes 56 Sequence 4 ttl 253 time 50 ms Reply from 6 6 6 9 bytes 56 Sequence 5 ttl 253 time 34 ms 6 6 6 9 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 34 48 72 ms CE1 ping 7 7 7 9 PING 7 7 7 9 56 data bytes press CTRL_C to break Request time out Request time out Request time out Reques...

Page 318: ...y ospf peer command The output shows that the adjacency status is Full Execute the display ip routing table command The output shows that the PEs have learned the loopback route of each other 2 Configure basic MPLS on the PEs Configure PE 1 PE1 system view PE1 mpls lsr id 1 1 1 9 PE1 mpls PE1 mpls quit Configure PE 2 PE2 system view PE2 mpls lsr id 2 2 2 9 PE2 mpls PE2 mpls quit 3 Configure VPN in...

Page 319: ...CE1 system view CE1 interface gigabitethernet 2 1 1 CE1 GigabitEthernet2 1 1 ip address 10 1 1 1 24 CE1 GigabitEthernet2 1 1 quit Configure CE 2 CE2 system view CE2 interface gigabitethernet 2 1 1 CE2 GigabitEthernet2 1 1 ip address 10 2 1 1 24 CE2 GigabitEthernet2 1 1 quit After completing the configurations execute the display ip vpn instance command on the PEs to view the configuration of the V...

Page 320: ...ed state Take PE 1 as an example PE1 display bgp vpnv4 vpn instance vpn1 peer BGP local router ID 1 1 1 9 Local AS number 100 Total number of peers 1 Peers in established state 1 Peer AS MsgRcvd MsgSent OutQ PrefRcv Up Down State 10 1 1 1 65410 5 5 0 1 00 02 03 Established 5 Configure an MP IBGP peers between PEs Configure PE 1 PE1 bgp 100 PE1 bgp peer 2 2 2 9 as number 100 PE1 bgp peer 2 2 2 9 co...

Page 321: ... Cost NextHop Interface 10 1 1 0 24 Direct 0 0 10 1 1 1 GE2 1 1 10 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 10 2 1 0 24 BGP 255 0 10 1 1 2 GE2 1 1 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 Take PE 1 as an example PE1 display ip routing table Routing Tables Public Destinations 11 Routes 11 Destination Mask Proto Pre Cost NextHop Interface 1 1 1 9 32 Direct 0 0 ...

Page 322: ...m 10 2 1 1 bytes 56 Sequence 5 ttl 253 time 67 ms 10 2 1 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 41 62 69 ms Configuring a hub spoke network Network requirements The spoke CEs are not permitted to communicate with each other directly Data transmission between them depends on the hub CE Configure EBGP to exchange VPN routing information b...

Page 323: ...e PE1 ospf 1 area 0 Spoke PE1 ospf 1 area 0 0 0 0 network 172 1 1 0 0 0 0 255 Spoke PE1 ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 Spoke PE1 ospf 1 area 0 0 0 0 quit Spoke PE1 ospf 1 quit Configure Spoke PE 2 Spoke PE2 system view Spoke PE2 interface loopback 0 Spoke PE2 LoopBack0 ip address 3 3 3 9 32 Spoke PE2 LoopBack0 quit Spoke PE2 interface pos 5 1 1 Spoke PE2 POS5 1 1 ip address 172 2 1 1 ...

Page 324: ...e 1 1 1 9 32 Direct 0 0 127 0 0 1 InLoop0 2 2 2 9 32 OSPF 10 1 172 1 1 2 POS5 1 1 3 3 3 9 32 OSPF 10 2 172 1 1 2 POS5 1 1 10 1 1 0 24 Direct 0 0 10 1 1 2 GE2 1 1 10 1 1 2 32 Direct 0 0 127 0 0 1 InLoop0 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 172 1 1 0 24 Direct 0 0 172 1 1 1 POS5 1 1 172 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 172 2 1 0 24 OSPF 10 1 172 1 ...

Page 325: ...OS5 1 2 quit After the configuration LDP sessions are established between Spoke PE 1 and Hub PE and between Spoke PE 2 and Hub PE Execute the display mpls ldp session command The output shows that the session status is Operational Execute the display mpls ldp lsp command The output shows the LSPs established by LDP Take Spoke PE 1 as an example Spoke PE1 display mpls ldp session LDP Session s in P...

Page 326: ...tEthernet2 1 1 ip address 10 2 1 2 24 Spoke PE2 GigabitEthernet2 1 1 quit Configure the Hub PE Hub PE ip vpn instance vpn1 in Hub PE vpn instance vpn1 in route distinguisher 100 3 Hub PE vpn instance vpn1 in vpn target 222 2 import extcommunity Hub PE vpn instance vpn1 in quit Hub PE ip vpn instance vpn1 out Hub PE vpn instance vpn1 out route distinguisher 100 4 Hub PE vpn instance vpn1 out vpn ta...

Page 327: ...gure Spoke CE 1 Spoke CE1 system view Spoke CE1 bgp 65410 Spoke CE1 bgp peer 10 1 1 2 as number 100 Spoke CE1 bgp import route direct Spoke CE1 bgp quit Configure Spoke CE 2 Spoke CE2 system view Spoke CE2 bgp 65420 Spoke CE2 bgp peer 10 2 1 2 as number 100 Spoke CE2 bgp import route direct Spoke CE2 bgp quit Configure the Hub CE Hub CE system view Hub CE bgp 65430 Hub CE bgp peer 10 3 1 2 as numb...

Page 328: ... PE1 display bgp vpnv4 vpn instance vpn1 peer BGP local router ID 1 1 1 9 Local AS number 100 Total number of peers 1 Peers in established state 1 Peer AS MsgRcvd MsgSent OutQ PrefRcv Up Down State 10 1 1 1 65410 6 7 0 2 00 03 16 Established 5 Configure an MP IBGP peer relationship between a spoke PE and the hub PE Configure Spoke PE 1 Spoke PE1 bgp 100 Spoke PE1 bgp peer 2 2 2 9 as number 100 Spo...

Page 329: ...CE and for a spoke PE the next hop of the route to the peer spoke CE is the Hub PE Take Spoke PE 1 as an example Spoke PE1 display ip routing table vpn instance vpn1 Routing Tables vpn1 Destinations 8 Routes 8 Destination Mask Proto Pre Cost NextHop Interface 10 0 0 0 24 BGP 255 0 2 2 2 9 NULL0 10 1 1 0 24 Direct 0 0 10 1 1 2 GE2 1 1 10 1 1 2 32 Direct 0 0 127 0 0 1 InLoop0 10 2 1 0 24 BGP 255 0 2...

Page 330: ...ption A where the VRF to VRF method is used to manage VPN routes The MPLS backbone in each AS runs OSPF Figure 90 Network diagram Device Interface IP address Device Interface IP address CE 1 GE2 1 1 10 1 1 1 24 CE 2 GE2 1 1 10 2 1 1 24 PE 1 Loop0 1 1 1 9 32 PE 2 Loop0 4 4 4 9 32 GE2 1 1 10 1 1 2 24 GE2 1 1 10 2 1 2 24 POS5 1 1 172 1 1 2 24 POS5 1 1 162 1 1 2 24 ASBR PE 1 Loop0 2 2 2 9 32 ASBR PE 2...

Page 331: ...SBR PE 1 PE1 system view PE1 mpls lsr id 1 1 1 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit PE1 interface pos 5 1 1 PE1 POS5 1 1 mpls PE1 POS5 1 1 mpls ldp PE1 POS5 1 1 quit Configure basic MPLS on ASBR PE 1 and enable MPLS LDP on the interface connected to PE 1 ASBR PE1 system view ASBR PE1 mpls lsr id 2 2 2 9 ASBR PE1 mpls ASBR PE1 mpls quit ASBR PE1 mpls ldp ASBR PE1 mpls ldp quit AS...

Page 332: ...0 1 PE1 vpn instance vpn1 vpn target 100 1 both PE1 vpn instance vpn1 quit PE1 interface gigabitethernet 2 1 1 PE1 GigabitEthernet2 1 1 ip binding vpn instance vpn1 PE1 GigabitEthernet2 1 1 ip address 10 1 1 2 24 PE1 GigabitEthernet2 1 1 quit Configure CE 2 CE2 system view CE2 interface gigabitethernet 2 1 1 CE2 GigabitEthernet2 1 1 ip address 10 2 1 1 24 CE2 GigabitEthernet2 1 1 quit Configure PE...

Page 333: ... their attached CEs and the ASBR PEs can ping each other 4 Establish EBGP peer relationships between PEs and CEs to allow VPN routes to be redistributed Configure CE 1 CE1 bgp 65001 CE1 bgp peer 10 1 1 2 as number 100 CE1 bgp import route direct CE1 bgp quit Configure PE 1 PE1 bgp 100 PE1 bgp ipv4 family vpn instance vpn1 PE1 bgp vpn1 peer 10 1 1 1 as number 65001 PE1 bgp vpn1 import route direct ...

Page 334: ...peer 192 1 1 1 as number 100 ASBR PE2 bgp vpn1 quit ASBR PE2 bgp peer 4 4 4 9 as number 200 ASBR PE2 bgp peer 4 4 4 9 connect interface loopback 0 ASBR PE2 bgp ipv4 family vpnv4 ASBR PE2 bgp af vpnv4 peer 4 4 4 9 enable ASBR PE2 bgp af vpnv4 peer 4 4 4 9 next hop local ASBR PE2 bgp af vpnv4 quit ASBR PE2 bgp quit Configure PE 2 PE2 bgp 200 PE2 bgp peer 3 3 3 9 as number 200 PE2 bgp peer 3 3 3 9 co...

Page 335: ...ASBR PE 2 Loop0 4 4 4 9 32 S2 1 1 1 1 1 1 8 S2 1 1 9 1 1 1 8 S2 1 2 11 0 0 2 8 S2 1 2 11 0 0 1 8 Configuration procedure 1 Configure PE 1 Start IS IS on PE 1 PE1 system view PE1 isis 1 PE1 isis 1 network entity 10 1111 1111 1111 1111 00 PE1 isis 1 quit Configure LSR ID enable MPLS and LDP PE1 mpls lsr id 2 2 2 9 PE1 mpls PE1 mpls label advertise non null PE1 mpls quit PE1 mpls ldp PE1 mpls ldp qui...

Page 336: ...ernet 2 1 1 PE1 GigabitEthernet2 1 1 ip binding vpn instance vpn1 PE1 GigabitEthernet2 1 1 ip address 30 0 0 1 8 PE1 GigabitEthernet2 1 1 quit Start BGP on PE 1 PE1 bgp 100 Configure IBGP peer 3 3 3 9 as a VPNv4 peer PE1 bgp peer 3 3 3 9 as number 100 PE1 bgp peer 3 3 3 9 connect interface loopback 0 PE1 bgp ipv4 family vpnv4 PE1 bgp af vpnv4 peer 3 3 3 9 enable PE1 bgp af vpnv4 quit Redistribute ...

Page 337: ...ace loopback 0 ASBR PE1 bgp peer 11 0 0 1 as number 600 Disable route target based filtering of received VPNv4 routes ASBR PE1 bgp ipv4 family vpnv4 ASBR PE1 bgp af vpnv4 undo policy vpn target Configure both IBGP peer 2 2 2 0 and EBGP peer 11 0 0 1 as VPNv4 peers ASBR PE1 bgp af vpnv4 peer 11 0 0 1 enable ASBR PE1 bgp af vpnv4 peer 2 2 2 9 enable ASBR PE1 bgp af vpnv4 quit 3 Configure ASBR PE 2 S...

Page 338: ...pnv4 undo policy vpn target Configure both IBGP peer 5 5 5 9 and EBGP peer 11 0 0 2 as VPNv4 peers ASBR PE2 bgp af vpnv4 peer 11 0 0 2 enable ASBR PE2 bgp af vpnv4 peer 5 5 5 9 enable ASBR PE2 bgp af vpnv4 quit ASBR PE2 bgp quit 4 Configure PE 2 Start IS IS on PE 2 PE2 system view PE2 isis 1 PE2 isis 1 network entity 10 4444 4444 4444 4444 00 PE2 isis 1 quit Configure LSR ID enable MPLS and LDP PE...

Page 339: ...v4 PE2 bgp af vpnv4 peer 4 4 4 9 enable PE2 bgp af vpnv4 quit Redistribute direct routes to the VPN routing table of vpn1 PE2 bgp ipv4 family vpn instance vpn1 PE2 bgp vpn1 import route direct PE2 bgp vpn1 quit PE2 bgp quit 5 Verify the configuration Ping PE 1 from PE 2 and ping PE 2 from PE 1 They can ping each other successfully PE2 ping vpn instance vpn1 30 0 0 1 PE1 ping vpn instance vpn1 20 0...

Page 340: ...etwork entity 10 1111 1111 1111 1111 00 PE1 isis 1 quit Configure LSR ID enable MPLS and LDP PE1 mpls lsr id 2 2 2 9 PE1 mpls PE1 mpls label advertise non null PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit Configure interface Serial 2 1 1 and start IS IS and enable MPLS and LDP on the interface PE1 interface serial 2 1 1 PE1 Serial2 1 1 ip address 1 1 1 2 255 0 0 0 PE1 Serial2 1 1 isis enable 1 PE1...

Page 341: ... count from PE 1 to EBGP peer 5 5 5 9 as 10 PE1 bgp peer 5 5 5 9 as number 600 PE1 bgp peer 5 5 5 9 connect interface loopback 0 PE1 bgp peer 5 5 5 9 ebgp max hop 10 Configure peer 5 5 5 9 as a VPNv4 peer PE1 bgp ipv4 family vpnv4 PE1 bgp af vpnv4 peer 5 5 5 9 enable PE1 bgp af vpnv4 quit Redistribute direct routes to the routing table of vpn1 PE1 bgp ipv4 family vpn instance vpn1 PE1 bgp vpn1 imp...

Page 342: ...port route isis 1 Use routing policy policy2 to filter routes advertised to IBGP peer 2 2 2 9 ASBR PE1 bgp peer 2 2 2 9 as number 100 ASBR PE1 bgp peer 2 2 2 9 route policy policy2 export Configure the capability to advertise labeled routes to IBGP peer 2 2 2 9 and to receive labeled routes from the peer ASBR PE1 bgp peer 2 2 2 9 connect interface loopback 0 ASBR PE1 bgp peer 2 2 2 9 label route c...

Page 343: ... route policy policy2 permit node 1 ASBR PE2 route policy2 if match mpls label ASBR PE2 route policy2 apply mpls label ASBR PE2 route policy2 quit Start BGP on ASBR PE 2 and redistribute routes from IS IS process 1 ASBR PE2 bgp 600 ASBR PE2 bgp import route isis 1 Configure the capability to advertise labeled routes to IBGP peer 5 5 5 9 and to receive labeled routes from the peer ASBR PE2 bgp peer...

Page 344: ...nce vpn1 route distinguisher 11 11 PE2 vpn instance vpn1 vpn target 3 3 import extcommunity PE2 vpn instance vpn1 vpn target 3 3 export extcommunity PE2 vpn instance vpn1 quit Configure interface Loopback 1 and bind the interface to VPN instance vpn1 PE2 interface loopback 1 PE2 LoopBack1 ip binding vpn instance vpn1 PE2 LoopBack1 ip address 20 0 0 1 32 PE2 LoopBack1 quit Start BGP on PE 2 PE2 bgp...

Page 345: ...s They are connected to the provider carrier s backbone as CE routers PE 3 and PE 4 are the customer carrier s PE routers They provide MPLS L3VPN services for the end customers CE 3 and CE 4 are customers of the customer carrier The key to carrier s carrier deployment is to configure exchange of two kinds of routes Exchange of the customer carrier s internal routes on the provider carrier s backbo...

Page 346: ...pback 0 PE1 LoopBack0 isis enable 1 PE1 LoopBack0 quit PE1 interface pos 5 1 2 PE1 POS5 1 2 ip address 30 1 1 1 24 PE1 POS5 1 2 isis enable 1 PE1 POS5 1 2 mpls PE1 POS5 1 2 mpls ldp PE1 POS5 1 2 mpls ldp transport address interface PE1 POS5 1 2 quit PE1 bgp 100 PE1 bgp peer 4 4 4 9 as number 100 PE1 bgp peer 4 4 4 9 connect interface loopback 0 PE1 bgp ipv4 family vpnv4 PE1 bgp af vpnv4 peer 4 4 4...

Page 347: ...1L2 2 Configure the customer carrier network start IS IS as the IGP and enable LDP between PE 3 and CE 1 and between PE 4 and CE 2 respectively Configure PE 3 PE3 system view PE3 interface loopback 0 PE3 LoopBack0 ip address 1 1 1 9 32 PE3 LoopBack0 quit PE3 mpls lsr id 1 1 1 9 PE3 mpls PE3 mpls quit PE3 mpls ldp PE3 mpls ldp quit PE3 isis 2 PE3 isis 2 network entity 10 0000 0000 0001 00 PE3 isis ...

Page 348: ...figuration to allow CEs of the customer carrier to access PEs of the provider carrier and redistribute IS IS routes to BGP and BGP routes to IS IS on the PEs Configure PE 1 PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 200 1 PE1 vpn instance vpn1 vpn target 1 1 PE1 vpn instance vpn1 quit PE1 mpls ldp vpn instance vpn1 PE1 mpls ldp vpn instance vpn1 quit PE1 isis 2 vpn instance...

Page 349: ...3 PE3 ip vpn instance vpn1 PE3 vpn instance vpn1 route distinguisher 100 1 PE3 vpn instance vpn1 vpn target 1 1 PE3 vpn instance vpn1 quit PE3 interface gigabitethernet 2 1 1 PE3 GigabitEthernet2 1 1 ip binding vpn instance vpn1 PE3 GigabitEthernet2 1 1 ip address 100 1 1 2 24 PE3 GigabitEthernet2 1 1 quit PE3 bgp 100 PE3 bgp ipv4 family vpn instance vpn1 PE3 bgp vpn1 peer 100 1 1 1 as number 6541...

Page 350: ...ables vpn1 Destinations 11 Routes 11 Destination Mask Proto Pre Cost NextHop Interface 1 1 1 9 32 ISIS 15 20 11 1 1 1 POS5 1 1 2 2 2 9 32 ISIS 15 10 11 1 1 1 POS5 1 1 5 5 5 9 32 BGP 255 0 4 4 4 9 NULL0 6 6 6 9 32 BGP 255 0 4 4 4 9 NULL0 10 1 1 0 24 ISIS 15 20 11 1 1 1 POS5 1 1 11 1 1 0 24 Direct 0 0 11 1 1 1 POS5 1 1 11 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 11 1 1 2 32 Direct 0 0 11 1 1 2 POS5 1 1...

Page 351: ...2 POS5 1 2 20 1 1 0 24 ISIS 15 84 10 1 1 2 POS5 1 2 21 1 1 0 24 ISIS 15 84 10 1 1 2 POS5 1 2 21 1 1 2 32 ISIS 15 84 10 1 1 2 POS5 1 2 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 Execute the display ip routing table vpn instance command on PE 3 and PE 4 The output shows that the routes of the remote VPN customers are present in the VPN routing tables Take PE 3...

Page 352: ...e Both of them support the nested VPN function CE 1 and CE 2 are connected to the service provider backbone Both of them support VPNv4 routes PE 3 and PE 4 are PE devices of the customer VPN Both of them support MPLS L3VPN CE 3 through CE 6 are CE devices of sub VPNs for the customer VPN The key of nested VPN configuration is to understand the processing of routes of sub VPNs on the service provid...

Page 353: ... procedure 1 Configure MPLS L3VPN on the service provider backbone enable IS IS enable LDP and establish an MP IBGP peer relationship between PE 1 and PE 2 Configure PE 1 PE1 system view PE1 interface loopback 0 PE1 LoopBack0 ip address 3 3 3 9 32 PE1 LoopBack0 quit PE1 mpls lsr id 3 3 3 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit PE1 isis 1 PE1 isis 1 network entity 10 0000 0000 0004 ...

Page 354: ... the BGP peer relationship is established and in the Established state and the IS IS neighbor relationship is established and up Take PE 1 as an example PE1 display mpls ldp session LDP Session s in Public Network Total number of sessions 1 Peer ID Status LAM SsnRole FT MD5 KA Sent Rcv 4 4 4 9 0 Operational DU Active Off Off 378 378 LAM Label Advertisement Mode FT Fault Tolerance PE1 display bgp p...

Page 355: ...id 2 2 2 9 CE1 mpls CE1 mpls quit CE1 mpls ldp CE1 mpls ldp quit CE1 isis 2 CE1 isis 2 network entity 10 0000 0000 0002 00 CE1 isis 2 quit CE1 interface loopback 0 CE1 LoopBack0 isis enable 2 CE1 LoopBack0 quit CE1 interface pos 5 1 1 CE1 POS5 1 1 ip address 10 1 1 2 24 CE1 POS5 1 1 isis enable 2 CE1 POS5 1 1 mpls CE1 POS5 1 1 mpls ldp CE1 POS5 1 1 quit After the configurations LDP and IS IS neigh...

Page 356: ...customer VPN PEs Configure CE 3 CE3 system view CE3 interface gigabitethernet 2 1 1 CE3 GigabitEthernet2 1 1 ip address 100 1 1 1 24 CE3 GigabitEthernet2 1 1 quit CE3 bgp 65410 CE3 bgp peer 100 1 1 2 as number 200 CE3 bgp import route direct CE3 bgp quit Configure CE 5 CE5 system view CE5 interface gigabitethernet 2 1 1 CE5 GigabitEthernet2 1 1 ip address 110 1 1 1 24 CE5 GigabitEthernet2 1 1 quit...

Page 357: ...rvice provider PEs and their CEs to exchange user VPNv4 routes Configure PE 1 enabling nested VPN PE1 bgp 100 PE1 bgp ipv4 family vpnv4 PE1 bgp af vpnv4 nesting vpn PE1 bgp af vpnv4 peer 11 1 1 1 vpn instance vpn1 enable PE1 bgp af vpnv4 quit PE1 bgp quit Configure CE 1 enabling VPNv4 capability and establishing VPNv4 neighbor relationship between CE 1 and PE 1 CE1 bgp 200 CE1 bgp ipv4 family vpnv...

Page 358: ...der network Take PE 1 as an example PE1 display ip routing table Routing Tables Public Destinations 7 Routes 7 Destination Mask Proto Pre Cost NextHop Interface 3 3 3 9 32 Direct 0 0 127 0 0 1 InLoop0 4 4 4 9 32 ISIS 15 10 30 1 1 2 POS5 1 2 30 1 1 0 24 Direct 0 0 30 1 1 1 POS5 1 2 30 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 30 1 1 2 32 Direct 0 0 30 1 1 2 POS5 1 2 127 0 0 0 8 Direct 0 0 127 0 0 1 InL...

Page 359: ...PE 4 Route Distinguisher 100 1 Network NextHop In Out Label MED LocPrf 100 1 1 0 24 1 1 1 9 1024 1024 Route Distinguisher 101 1 Network NextHop In Out Label MED LocPrf 100 1 1 0 24 1 1 1 9 1024 1024 Route Distinguisher 101 1 Network NextHop In Out Label MED LocPrf 110 1 1 0 24 1 1 1 9 1025 1025 Route Distinguisher 200 1 Network NextHop In Out Label MED LocPrf 120 1 1 0 24 11 1 1 2 1026 1027 Route ...

Page 360: ...p0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 Execute the display ip routing table command on CE 5 and CE 6 to verify that the routing tables contain routes of remote sub VPNs Take CE5 as an example CE5 display ip routing table Routing Tables Public Destinations 5 Routes 5 Destination Mask Proto Pre Cost NextHop Interface 110 1 1 0 24 Direct 0 0 110 1 1 1 GE2 1 1 110 1 1 1 32 Direct 0 0 127 0 0 1 I...

Page 361: ...0 1 1 1 bytes 56 Sequence 5 ttl 252 time 87 ms 130 1 1 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 69 90 105 ms CE 3 and CE 6 cannot ping each other CE3 ping 130 1 1 1 PING 130 1 1 1 56 data bytes press CTRL_C to break Request time out Request time out Request time out Request time out Request time out 130 1 1 1 ping statistics 5 packet s tr...

Page 362: ...nt RDs and route targets attributes for the VPN instances PE1 system view PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 100 1 PE1 vpn instance vpn1 vpn target 100 1 both PE1 vpn instance vpn1 quit PE1 ip vpn instance vpn2 PE1 vpn instance vpn2 route distinguisher 100 2 PE1 vpn instance vpn2 vpn target 100 2 both PE1 vpn instance vpn2 quit Bind the interface of PE 1 that is con...

Page 363: ...p policy based route policy1 The other configurations are similar to the basic ones for MPLS L3VPN Configuring HoVPN Network requirements There are two levels of networks the backbone and the MPLS VPN networks as shown in Figure 96 SPEs act as PEs to allow MPLS VPNs to access the backbone UPEs act as PEs of the MPLS VPNs to allow end users to access the VPNs Performance requirements for the UPEs a...

Page 364: ...1 3 UPE1 GigabitEthernet2 1 3 ip address 172 1 1 1 24 UPE1 GigabitEthernet2 1 3 mpls UPE1 GigabitEthernet2 1 3 mpls ldp UPE1 GigabitEthernet2 1 3 quit Configure the IGP protocol OSPF for example UPE1 ospf UPE1 ospf 1 area 0 UPE1 ospf 1 area 0 0 0 0 network 172 1 1 0 0 0 0 255 UPE1 ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 UPE1 ospf 1 area 0 0 0 0 quit UPE1 ospf 1 quit Configure VPN instances vpn...

Page 365: ...1 bgp vpn1 peer 10 4 1 1 as number 65420 UPE1 bgp vpn1 import route direct UPE1 bgp vpn1 quit UPE1 bgp quit 2 Configure CE 1 CE1 system view CE1 interface gigabitethernet 2 1 1 CE1 GigabitEthernet2 1 1 ip address 10 2 1 1 255 255 255 0 CE1 GigabitEthernet2 1 1 quit CE1 bgp 65410 CE1 bgp peer 10 2 1 2 as number 100 CE1 bgp import route direct CE1 quit 3 Configure CE 2 CE2 system view CE2 interface ...

Page 366: ...th UPE2 vpn instance vpn2 quit UPE2 interface gigabitethernet 2 1 2 UPE2 GigabitEthernet2 1 2 ip binding vpn instance vpn1 UPE2 GigabitEthernet2 1 2 ip address 10 1 1 2 24 UPE2 GigabitEthernet2 1 2 quit UPE2 interface gigabitethernet 2 1 3 UPE2 GigabitEthernet2 1 3 ip binding vpn instance vpn2 UPE2 GigabitEthernet2 1 3 ip address 10 3 1 2 24 UPE2 GigabitEthernet2 1 3 quit Configure UPE 2 to establ...

Page 367: ...PE1 mpls lsr id 2 2 2 9 SPE1 mpls SPE1 mpls quit SPE1 mpls ldp SPE1 mpls ldp quit SPE1 interface gigabitethernet 2 1 1 SPE1 GigabitEthernet2 1 1 ip address 172 1 1 2 24 SPE1 GigabitEthernet2 1 1 mpls SPE1 GigabitEthernet2 1 1 mpls ldp SPE1 GigabitEthernet2 1 1 quit SPE1 interface gigabitethernet 2 1 2 SPE1 GigabitEthernet2 1 2 ip address 180 1 1 1 24 SPE1 GigabitEthernet2 1 2 mpls SPE1 GigabitEthe...

Page 368: ...vpnv4 quit SPE1 bgp ipv4 family vpn instance vpn1 SPE1 bgp vpn1 quit SPE1 bgp ipv4 family vpn instance vpn2 SPE1 bgp vpn2 quit SPE1 bgp quit Configure SPE 1 to advertise to UPE 1 the routes permitted by a routing policy that is the routes of CE 3 SPE1 ip ip prefix hope index 10 permit 10 1 1 1 24 SPE1 route policy hope permit node 0 SPE1 route policy if match ip prefix hope SPE1 route policy quit ...

Page 369: ...pn instance vpn2 vpn target 100 2 both SPE2 vpn instance vpn2 quit Configure SPE 2 to establish MP IBGP peer relationship with UPE 2 and to inject VPN routes and specify UPE 2 SPE2 bgp 100 SPE2 bgp peer 4 4 4 9 as number 100 SPE2 bgp peer 4 4 4 9 connect interface loopback 0 SPE2 bgp peer 4 4 4 9 next hop local SPE2 bgp peer 2 2 2 9 as number 100 SPE2 bgp peer 2 2 2 9 connect interface loopback 0 ...

Page 370: ...PE 1 Loop0 1 1 1 9 32 PE 2 Loop0 2 2 2 9 32 Loop1 3 3 3 3 32 Loop1 5 5 5 5 32 GE2 1 1 100 1 1 2 24 GE2 1 1 120 1 1 2 24 S2 1 2 10 1 1 1 24 S2 1 1 10 1 1 2 24 Router A S2 1 1 30 1 1 1 24 S2 1 2 20 1 1 2 24 Configuration procedure 1 Configure OSPF on the customer networks Configure conventional OSPF on CE 1 Router A and CE 2 to advertise segment addresses of the interfaces as shown in Figure 97 Deta...

Page 371: ...l 2 1 2 PE1 Serial2 1 2 ip address 10 1 1 1 24 PE1 Serial2 1 2 mpls PE1 Serial2 1 2 mpls ldp PE1 Serial2 1 2 quit Configure PE 1 to take PE 2 as the MP IBGP peer PE1 bgp 100 PE1 bgp peer 2 2 2 9 as number 100 PE1 bgp peer 2 2 2 9 connect interface loopback 0 PE1 bgp ipv4 family vpnv4 PE1 bgp af vpnv4 peer 2 2 2 9 enable PE1 bgp af vpnv4 quit PE1 bgp quit Configure OSPF on PE 1 PE1 ospf 1 PE1 ospf ...

Page 372: ...k PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 100 1 PE1 vpn instance vpn1 vpn target 1 1 PE1 vpn instance vpn1 quit PE1 interface gigabitethernet 2 1 1 PE1 GigabitEthernet2 1 1 ip binding vpn instance vpn1 PE1 GigabitEthernet2 1 1 ip address 100 1 1 2 24 PE1 GigabitEthernet2 1 1 quit PE1 ospf 100 vpn instance vpn1 PE1 ospf 100 domain id 10 PE1 ospf 100 area 1 PE1 ospf 100 ar...

Page 373: ...E1 display ip routing table vpn instance vpn1 Routing Tables vpn1 Destinations 5 Routes 5 Destination Mask Proto Pre Cost NextHop Interface 20 1 1 0 24 OSPF 10 1563 100 1 1 1 GE2 1 1 30 1 1 0 24 OSPF 10 3125 100 1 1 1 GE2 1 1 100 1 1 0 24 Direct 0 0 100 1 1 2 GE2 1 1 100 1 1 2 32 Direct 0 0 127 0 0 1 InLoop0 120 1 1 0 24 OSPF 10 3126 100 1 1 1 GE2 1 1 4 Configure a sham link Configure PE 1 PE1 int...

Page 374: ...er the backbone Take CE 1 as an example CE1 display ip routing table Routing Tables Public Destinations 9 Routes 9 Destination Mask Proto Pre Cost NextHop Interface 20 1 1 0 24 Direct 0 0 20 1 1 1 S2 1 2 20 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 20 1 1 2 32 Direct 0 0 20 1 1 2 S2 1 2 30 1 1 0 24 OSPF 10 1574 100 1 1 2 GE2 1 1 100 1 1 0 24 Direct 0 0 100 1 1 1 GE2 1 1 100 1 1 1 32 Direct 0 0 127 0 0...

Page 375: ...ances vpn1 and vpn2 and specify an RD and route targets for each VPN instance MCE system view MCE ip vpn instance vpn1 MCE vpn instance vpn1 route distinguisher 10 1 MCE vpn instance vpn1 vpn target 10 1 MCE vpn instance vpn1 quit MCE ip vpn instance vpn2 MCE vpn instance vpn2 route distinguisher 20 1 MCE vpn instance vpn2 vpn target 20 1 MCE vpn instance vpn2 quit CE VPN 1 Site 2 CE VPN 2 Site 1 ...

Page 376: ...g protocol is enabled in VPN 1 Therefore you can configure static routes On VR 1 assign IP address 10 214 10 2 24 to the interface connected to MCE and 192 168 0 1 24 to the interface connected to VPN 1 Details not shown On VR 1 configure a default route with the next hop as 10 214 10 3 VR1 system view VR1 ip route static 0 0 0 0 0 0 0 0 10 214 10 3 On the MCE configure a static route to 192 168 0...

Page 377: ...MCE bind subinterface GigabitEthernet 3 1 3 1 with the VPN instance vpn1 configure the subinterface to terminate VLAN 10 and configure an IP address for the subinterface MCE interface gigabitethernet 3 1 3 1 MCE GigabitEthernet3 1 3 1 ip binding vpn instance vpn1 MCE GigabitEthernet3 1 3 1 vlan type dot1q vid 10 MCE GigabitEthernet3 1 3 1 ip address 20 1 1 1 24 MCE GigabitEthernet2 1 3 1 quit On t...

Page 378: ... process to VPN instance vpn1 set the domain ID to 10 and advertise subnet 20 1 1 0 24 in area 0 PE1 ospf 10 router id 100 100 10 1 vpn instance vpn1 PE1 ospf 10 domain id 10 PE1 ospf 10 area 0 PE1 ospf 10 area 0 0 0 0 network 20 1 1 0 0 0 0 255 PE1 ospf 10 area 0 0 0 0 quit PE1 ospf 10 quit On PE 1 display the routing information for VPN 1 PE1 display ip routing table vpn instance vpn1 Routing Ta...

Page 379: ...9 32 GE2 1 2 20 1 1 1 24 GE2 1 1 10 2 1 2 24 CE 2 GE2 1 1 10 2 1 1 24 GE2 1 2 30 1 1 2 24 GE2 1 2 200 1 1 1 24 Configuration procedure 1 Configure basic MPLS L3VPN Configure OSPF on the MPLS backbone to allow the PEs and P device to learn the routes of the loopback interfaces from each other Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs Establish MP IBGP peer relatio...

Page 380: ...face 10 1 1 0 24 BGP 255 0 1 1 1 9 NULL0 10 1 1 1 32 BGP 255 0 1 1 1 9 NULL0 10 2 1 0 24 Direct 0 0 10 2 1 2 GE2 1 1 10 2 1 1 32 Direct 0 0 10 2 1 1 GE2 1 1 10 2 1 2 32 Direct 0 0 127 0 0 1 InLoop0 100 1 1 1 32 BGP 255 0 1 1 1 9 NULL0 200 1 1 1 32 BGP 255 0 10 2 1 1 GE2 1 1 Enabling BGP update packet debugging on PE 2 you can see that PE 2 advertises the route to 100 1 1 1 32 and the AS_PATH is 10...

Page 381: ...al Number of Routes 5 BGP Local router ID is 10 2 1 1 Status codes valid VPN best best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Network NextHop MED LocPrf PrefVal Path Ogn 10 1 1 0 24 10 2 1 2 0 100 10 1 1 1 32 10 2 1 2 0 100 10 2 1 0 24 10 2 1 2 0 0 100 10 2 1 1 32 10 2 1 2 0 0 100 100 1 1 1 32 10 2 1 2 0 100 100 CE2 display ip routing table Routing Tables ...

Page 382: ...reside in the same site CE1 CE2 and CE 3 all use AS number 600 To avoid route loss configure BGP AS number substitution on PEs To avoid routing loops configure a routing policy on PE1 and PE2 respectively to add the SoO attribute to routes received from CE 1 and CE 2 Figure 100 Network diagram Device Interface IP address Device Interface IP address CE 1 Loop0 100 1 1 1 32 CE 3 Loop0 200 1 1 1 32 G...

Page 383: ...tution Display routing information on CE 2 You can see that CE 2 has learned the route 100 1 1 1 32 to CE 1 A routing loop has occurred because CE1 and CE 2 reside in the same site CE2 display bgp routing table peer 10 2 1 2 received routes Total Number of Routes 8 BGP Local router ID is 10 2 1 1 Status codes valid VPN best best d damped h history i internal s suppressed S Stale Origin i IGP e EGP...

Page 384: ...s 9 Routes 9 Destination Mask Proto Pre Cost NextHop Interface 10 1 1 0 24 BGP 255 0 10 2 1 2 GE2 1 1 10 1 1 1 32 BGP 255 0 10 2 1 2 GE2 1 1 10 2 1 0 24 Direct 0 0 10 2 1 1 GE2 1 1 10 2 1 1 32 Direct 0 0 127 0 0 1 InLoop0 10 3 1 0 24 BGP 255 0 10 2 1 2 GE2 1 1 10 3 1 1 32 BGP 255 0 10 2 1 2 GE2 1 1 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 200 1 1 1 32 BGP ...

Page 385: ... 3 3 3 3 PE1 system view PE1 route policy vpnfrr permit node 10 PE1 route policy apply fast reroute backup nexthop 3 3 3 3 PE1 route policy quit On PE 1 configure a routing policy named backup to set the route cost to 10 PE1 route policy backup permit node 10 PE1 route policy apply cost 10 PE1 route policy quit On PE 1 enable FRR in VPN 1 and reference the routing policy vpnfrr PE1 ip vpn instance...

Page 386: ...col BGP Process ID 0 Preference 255 Cost 10 IpPrecedence QosLcId NextHop 3 3 3 3 Interface NULL0 BkNextHop 3 3 3 3 BkInterface NULL0 RelyNextHop 0 0 0 0 Neighbor 3 3 3 3 Tunnel ID 0x64000A Label 1026 BKTunnel ID 0x64000A BKLabel 1026 State Inactive Adv GotQ Age 00h00m16s Tag 0 Example 2 for configuring MPLS L3VPN FRR Network requirements CE 1 and CE 2 belong to VPN 1 The route target used by VPN 1...

Page 387: ...L3VPN FRR On PE 2 create a routing policy named vpnfrr to specify the backup next hop as 3 3 3 3 PE2 system view PE2 bfd echo source ip 54 54 54 54 PE2 route policy vpnfrr permit node 10 PE2 route policy apply fast reroute backup nexthop 3 3 3 3 On PE 2 enable FRR in VPN 1 and reference the routing policy vpnfrr PE2 ip vpn instance vpn1 PE2 vpn instance vpn1 fast reroute route policy vpnfrr PE2 vp...

Page 388: ... 0x64000A BKLabel 1026 State Active Adv GotQ Age 00h00m16s Tag 0 Destination 4 4 4 4 32 Protocol BGP Process ID 0 Preference 255 Cost 0 IpPrecedence QosLcId NextHop 3 3 3 3 Interface NULL0 BkNextHop 3 3 3 3 BkInterface NULL0 RelyNextHop 0 0 0 0 Neighbor 3 3 3 3 Tunnel ID 0x64000A Label 1026 BKTunnel ID 0x64000A BKLabel 1026 State Inactive Adv GotQ Age 00h00m16s Tag 0 ...

Page 389: ...odel The service provider backbone in the IPv6 MPLS L3VPN model is an IPv4 network IPv6 runs inside the VPNs and between CEs and PEs Therefore PEs must support both IPv4 and IPv6 The PE CE interfaces of a PE run IPv6 and the PE P interface of a PE runs IPv4 Figure 103 Network diagram for the IPv6 MPLS L3VPN model IPv6 MPLS L3VPN packet forwarding Figure 104 IPv6 MPLS L3VPN packet forwarding diagra...

Page 390: ...ectly connected PE a CE advertises its IPv6 VPN routes to the PE The routes between a CE and a PE can be IPv6 static routes RIPng routes OSPFv3 routes IPv6 IS IS routes or EBGP routes No matter which routing protocol is used the CE always advertises standard IPv6 routes to the PE Routing information exchange from the ingress PE to the egress PE After learning the IPv6 VPN routes from the CE the in...

Page 391: ...ce Optional Configuring a tunneling policy for a VPN instance Optional Configuring an LDP instance Optional Configuring routing between a PE and a CE Required Configuring routing between PEs Required Configuring routing features for the BGP VPNv6 subaddress family Optional Before configuring basic IPv6 MPLS L3VPN complete the following tasks Configure an IGP on the PEs and Ps to ensure IP connecti...

Page 392: ...e is associated with an interface by default NOTE The ip binding vpn instance command clears the IP address of the interface on which it is configured Be sure to re configure an IP address for the interface after configuring the command Configuring route related attributes for a VPN instance The control process of VPN route advertisement is as follows When a VPN route learned from a CE gets redist...

Page 393: ...IPv6 VPNs You can configure route related attributes for IPv6 VPNs in both VPN instance view and IPv6 VPN view Those configured in IPv6 VPN view take precedence Configuring a tunneling policy for a VPN instance When multiple tunnels exist in an MPLS L3VPN network you can configure a tunneling policy to specify the type and number of tunnels to be used by using the tunnel select seq command or the ...

Page 394: ... The tunnel interfaces specified for the preferred tunnels can have the same destination address and the tunnel encapsulation type must be MPLS TE 4 Specify the tunnel selection preference order and the number of tunnels for load balancing tunnel select seq cr lsp gre lsp load balance number number Optional By default only one tunnel is selected no load balancing in this order LSP tunnel GRE tunne...

Page 395: ...on information see Configuring MPLS L3VPN Configuring routing between a PE and a CE You can configure IPv6 static routing RIPng OSPFv3 IPv6 IS IS or EBGP between a PE and a CE Before configuring routing between a PE and a CE complete the following tasks Assign an IPv6 address to the CE PE interface of the CE Assign an IPv6 address to the PE CE interface of the PE Configuring IPv6 static routing be...

Page 396: ...s without binding it to a VPN instance the process belongs to the public network To configure OSPFv3 between a PE and a CE Step Command Remarks 1 Enter system view system view N A 2 Create an OSPFv3 process for a VPN instance and enter the OSPFv3 view ospfv3 process id vpn instance vpn instance name Perform this configuration on PEs On CEs create a normal OSPF process 3 Set the router ID router id...

Page 397: ...as number N A 3 Enter IPv6 BGP VPN instance view ipv6 family vpn instance vpn instance name N A 4 Configure the CE as the VPN EBGP peer peer ipv6 address as number as number N A 5 Redistribute the routes of the local CEs import route protocol process id med med value route policy route policy name A PE must redistribute the routes of the local CEs into its VPN routing table so that it can advertis...

Page 398: ...er N A 4 Specify the source interface for route update packets peer group name ip address connect interface interface type interface number By default BGP uses the outbound interface of the best route to the BGP peer 5 Enter BGP VPNv6 subaddress family view ipv6 family vpnv6 N A 6 Enable the exchange of BGP VPNv6 routing information with the specified peer peer ip address enable By default BGP pee...

Page 399: ...r ip address ipv6 prefix prefix name export import Optional By default no IPv6 prefix list is applied for a peer 12 Specify not to change the next hop of a route when advertising it to a peer peer ip address next hop invariable Optional By default a device uses its address as the next hop when advertising a route to its EBGP peer 13 Specify the preference value for the routes received from the pee...

Page 400: ...lete these tasks Configuring an IGP for the MPLS backbone in each AS to ensure IP connectivity Configuring basic MPLS for the MPLS backbone of each AS Configuring MPLS LDP for the MPLS backbones so that LDP LSPs can be established The following sections describe inter AS IPv6 VPN option A and option C Select one according to your network scenario Configuring inter AS IPv6 VPN option A Inter AS IPv...

Page 401: ...ute targets The routes surviving the filtering are added to the routing table and the others are discarded In the inter AS option B solution the ASBR PEs must maintain all VPNv6 routing information and advertise the information to peer ASBR PEs In this case the ASBR PEs must receive all VPNv6 routing information without performing route target based filtering In the inter AS option B solution for ...

Page 402: ...4 VPN option C solution For more information see Configuring MPLS L3VPN Configuring the routing policy After you configure and apply a routing policy on an ASBR PE it does the following Assigns MPLS labels to routes received from the PEs in the same AS before advertising them to the peer ASBR PE Assigns new MPLS labels to the labeled routes to be advertised to the PEs in the same AS The configurat...

Page 403: ...preference value Use either command as needed Perform this configuration on the MCE On a VPN site configure normal IPv6 static routes Configuring RIPng between an MCE and a VPN site A RIPng process belongs to the public network or a single IPv6 VPN instance If you create a RIPng process without binding it to an IPv6 VPN instance the process belongs to the public network By configuring RIPng proces...

Page 404: ...olicy route policy name type type By default no route of any other routing protocol is redistributed into OSPFv3 5 Return to system view quit N A 6 Enter interface view interface interface type interface number N A 7 Enable OSPFv3 on the interface ospfv3 process id area area id instance instance id By default OSPFv3 is disabled on an interface NOTE Deleting a VPN instance also deletes all related ...

Page 405: ...n MCE and IPv6 VPN sites you must configure a BGP peer for each IPv6 VPN instance on the MCE and redistribute the IGP routes of each VPN instance on the IPv6 VPN sites If EBGP is used for route exchange you also can configure filtering policies to filter the received routes and the routes to be advertised 1 Configure the MCE Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view...

Page 406: ...Bind the MCE PE interfaces to IPv6 VPN instances Perform routing configurations Redistribute IPv6 VPN routes into the routing protocol running between the MCE and the PE Perform the following configuration tasks on the MCE Configurations on the PE are similar to those on the PE in common IPv6 MPLS L3VPN network solutions For more information see Configuring routing between a PE and a CE Configurin...

Page 407: ...iew N A 2 Create an OSPFv3 process for an IPv6 VPN instance and enter OSPFv3 view ospfv3 process id vpn instance vpn instance name N A 3 Set the router ID router id router id N A 4 Redistribute the VPN routes import route protocol process id allow ibgp cost value route policy route policy name type type By default no route of any other routing protocol is redistributed into OSPFv3 5 Configure a fi...

Page 408: ...em view quit N A 8 Enter interface view interface interface type interface number N A 9 Enable IPv6 for the IS IS process on the interface isis ipv6 enable process id Disabled by default For more information about IPv6 IS IS see Layer 3 IP Routing Configuration Guide Configuring EBGP between an MCE and a PE Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A...

Page 409: ...ernal internal export import Available in user view Hard reset the IPv6 BGP connections of a VPN instance reset bgp ipv6 vpn instance vpn instance name as number ipv6 address all external Available in user view Hard reset BGP VPNv6 connections reset bgp vpnv6 as number ip address all external internal Available in user view Displaying information about IPv6 MPLS L3VPN Task Command Remarks Display ...

Page 410: ...route distinguisher route distinguisher routing table network address prefix length begin exclude include regular expression Available in any view Display BGP VPNv6 routing information for a specific VPN instance display bgp vpnv6 vpn instance vpn instance name routing table network address prefix length longer prefixes peer ipv6 address advertised routes received routes begin exclude include regu...

Page 411: ... IP connectivity among the PEs and the P router Configure PE 1 PE1 system view PE1 interface loopback 0 PE1 LoopBack0 ip address 1 1 1 9 32 PE1 LoopBack0 quit PE1 interface pos 5 1 1 PE1 POS5 1 1 ip address 172 1 1 1 24 PE1 POS5 1 1 quit PE1 ospf PE1 ospf 1 area 0 PE1 ospf 1 area 0 0 0 0 network 172 1 1 0 0 0 0 255 PE1 ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 PE1 ospf 1 area 0 0 0 0 quit PE1 os...

Page 412: ...0 0 0 0 quit PE2 ospf 1 quit After the configurations OSPF adjacencies are established between PE 1 P and PE 2 Execute the display ospf peer command The output shows that the adjacency is in the Full state Execute the display ip routing table command The output shows that the PEs have learned the routes to the loopback interfaces of each other Take PE 1 as an example PE1 display ip routing table R...

Page 413: ... 1 1 quit Configure the P router P mpls lsr id 2 2 2 9 P mpls P mpls quit P mpls ldp P mpls ldp quit P interface pos 5 1 1 P POS5 1 1 mpls P POS5 1 1 mpls ldp P POS5 1 1 quit P interface pos 5 1 2 P POS5 1 2 mpls P POS5 1 2 mpls ldp P POS5 1 2 quit Configure PE 2 PE2 mpls lsr id 3 3 3 9 PE2 mpls PE2 mpls quit PE2 mpls ldp PE2 mpls ldp quit PE2 interface pos 5 1 1 PE2 POS5 1 1 mpls PE2 POS5 1 1 mpl...

Page 414: ...n1 vpn target 111 1 PE1 vpn instance vpn1 quit PE1 ip vpn instance vpn2 PE1 vpn instance vpn2 route distinguisher 100 2 PE1 vpn instance vpn2 vpn target 222 2 PE1 vpn instance vpn2 quit PE1 interface gigabitethernet 2 1 1 PE1 GigabitEthernet2 1 1 ip binding vpn instance vpn1 PE1 GigabitEthernet2 1 1 ipv6 address 2001 1 2 96 PE1 GigabitEthernet2 1 1 quit PE1 interface gigabitethernet 2 1 2 PE1 Giga...

Page 415: ...pn instance vpn1 2001 1 1 PING 2001 1 1 56 data bytes press CTRL_C to break Reply from 2001 1 1 bytes 56 Sequence 1 hop limit 64 time 1 ms Reply from 2001 1 1 bytes 56 Sequence 2 hop limit 64 time 1 ms Reply from 2001 1 1 bytes 56 Sequence 3 hop limit 64 time 1 ms Reply from 2001 1 1 bytes 56 Sequence 4 hop limit 64 time 1 ms Reply from 2001 1 1 bytes 56 Sequence 5 hop limit 64 time 1 ms 2001 1 1 ...

Page 416: ...igure PE 1 PE1 bgp 100 PE1 bgp peer 3 3 3 9 as number 100 PE1 bgp peer 3 3 3 9 connect interface loopback 0 PE1 bgp ipv6 family vpnv6 PE1 bgp af vpnv6 peer 3 3 3 9 enable PE1 bgp af vpnv6 quit PE1 bgp quit Configure PE 2 PE2 bgp 100 PE2 bgp peer 1 1 1 9 as number 100 PE2 bgp peer 1 1 1 9 connect interface loopback 0 PE2 bgp ipv6 family vpnv6 PE2 bgp af vpnv6 peer 1 1 1 9 enable PE2 bgp af vpnv6 qu...

Page 417: ...irect NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 2001 4 96 Protocol BGP4 NextHop FFFF 303 309 Preference 0 Interface NULL0 Cost 0 From each CE ping other CEs CEs of the same VPN can ping each other whereas those of different VPNs should not For example CE 1 can ping CE 3 2001 3 1 but cannot ping CE 4 2001 4 1 CE1 ping ipv6 2001 3 1 PING 2001 3 1 56 data bytes press CTRL_C to break...

Page 418: ...PLS and provides only IP functions On the backbone use a GRE tunnel to encapsulate and forward VPN packets to implement IPv6 MPLS L3VPN Configure tunneling policies on the PEs and specify the tunnel type for VPN traffic as GRE Figure 106 Network diagram Device Interface IP address Device Interface IP address CE 1 GE2 1 1 2001 1 1 96 P POS5 1 1 172 1 1 2 24 PE 1 Loop0 1 1 1 9 32 POS5 1 2 172 2 1 1 ...

Page 419: ...o the VPN instances to use a GRE tunnel for VPN packet forwarding Configure PE 1 PE1 tunnel policy gre1 PE1 tunnel policy gre1 tunnel select seq gre load balance number 1 PE1 tunnel policy gre1 quit PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 100 1 PE1 vpn instance vpn1 vpn target 100 1 both PE1 vpn instance vpn1 tnl policy gre1 PE1 vpn instance vpn1 quit PE1 interface gigab...

Page 420: ...100 1 2006 08 13 09 32 45 PE1 ping ipv6 vpn instance vpn1 2001 1 1 PING 2001 1 1 56 data bytes press CTRL_C to break Reply from 2001 1 1 bytes 56 Sequence 1 hop limit 64 time 1 ms Reply from 2001 1 1 bytes 56 Sequence 2 hop limit 64 time 1 ms Reply from 2001 1 1 bytes 56 Sequence 3 hop limit 64 time 1 ms Reply from 2001 1 1 bytes 56 Sequence 4 hop limit 64 time 1 ms Reply from 2001 1 1 bytes 56 Se...

Page 421: ...PE1 bgp ipv6 family vpnv6 PE1 bgp af vpnv6 peer 2 2 2 9 enable PE1 bgp af vpnv6 quit PE1 bgp quit Configure PE 2 in a similar way to configuring PE 1 Details not shown After completing the configuration execute the display bgp peer command or the display bgp vpnv6 all peer command on the PEs A BGP peer relationship has been established between the PEs and has reached Established state PE1 display ...

Page 422: ...56 Sequence 3 hop limit 64 time 1 ms Reply from 2001 2 1 bytes 56 Sequence 4 hop limit 64 time 1 ms Reply from 2001 2 1 bytes 56 Sequence 5 hop limit 64 time 1 ms 2001 2 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 1 1 1 ms Configuring inter AS IPv6 VPN option A Network requirements CE 1 and CE 2 belong to the same VPN CE 1 accesses the netwo...

Page 423: ...ace address of each router through OSPF The loopback interface address of a router is to be used as the router s LSR ID Details not shown After the configurations each ASBR PE and the PE in the same AS can establish an OSPF adjacency Execute the display ospf peer command and ping command You can see that the adjacencies are in Full state and that the PE and ASBR PE in the same AS have learned the ...

Page 424: ... ASBR PE2 POS5 1 1 quit Configure basic MPLS on PE 2 and enable MPLS LDP for both PE 2 and the interface connected to ASBR PE 2 PE2 system view PE2 mpls lsr id 4 4 4 9 PE2 mpls PE2 mpls quit PE2 mpls ldp PE2 mpls ldp quit PE2 interface pos 5 1 1 PE2 POS5 1 1 mpls PE2 POS5 1 1 mpls ldp PE2 POS5 1 1 quit After the configurations each PE and the ASBR PE in the same AS can establish the LDP neighbor r...

Page 425: ...terface connected to ASBR PE 2 ASBR PE 1 considers ASBR PE 2 its attached CE ASBR PE1 ip vpn instance vpn1 ASBR PE1 vpn vpn1 route distinguisher 100 2 ASBR PE1 vpn vpn1 vpn target 100 1 both ASBR PE1 vpn vpn1 quit ASBR PE1 interface pos 5 1 2 ASBR PE1 POS5 1 2 ip binding vpn instance vpn1 ASBR PE1 POS5 1 2 ipv6 address 2002 1 1 96 ASBR PE1 POS5 1 2 quit Configure ASBR PE 2 creating a VPN instance ...

Page 426: ... bgp ipv6 vpn1 import route direct PE2 bgp ipv6 vpn1 quit PE2 bgp quit 5 Establish an IBGP peer relationship between each PE and the ASBR PE in the same AS and an EBGP peer relationship between the ASBR PEs Configure PE 1 PE1 bgp 100 PE1 bgp peer 2 2 2 9 as number 100 PE1 bgp peer 2 2 2 9 connect interface loopback 0 PE1 bgp ipv6 family vpnv6 PE1 bgp af vpnv6 peer 2 2 2 9 enable PE1 bgp af vpnv6 q...

Page 427: ...tions display the routing table and use the ping command The CEs have learned the route to each other and can ping each other Configuring inter AS IPv6 VPN option C Network requirements Site 1 and Site 2 belong to the same VPN Site 1 accesses the network through PE 1 in AS 100 and Site 2 accesses the network through PE 2 in AS 600 PEs in the same AS run IS IS PE 1 and ASBR PE 1 exchange labeled IP...

Page 428: ...al2 1 1 isis enable 1 PE1 Serial2 1 1 mpls PE1 Serial2 1 1 mpls ldp PE1 Serial2 1 1 quit Configure interface Loopback 0 and start IS IS on it PE1 interface loopback 0 PE1 LoopBack0 ip address 2 2 2 9 32 PE1 LoopBack0 isis enable 1 PE1 LoopBack0 quit Create VPN instance vpn1 and configure the RD and route target attributes for it PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 11...

Page 429: ...ork entity 10 2222 2222 2222 00 ASBR PE1 isis 1 quit Configure an LSR ID and enable MPLS and LDP ASBR PE1 mpls lsr id 3 3 3 9 ASBR PE1 mpls ASBR PE1 mpls label advertise non null ASBR PE1 mpls quit ASBR PE1 mpls ldp ASBR PE1 mpls ldp quit Configure interface Serial 2 1 1 and start IS IS and enable MPLS and LDP on the interface ASBR PE1 interface serial 2 1 1 ASBR PE1 Serial2 1 1 ip address 1 1 1 1...

Page 430: ...E1 bgp peer 11 0 0 1 as number 600 ASBR PE1 bgp peer 11 0 0 1 route policy policy1 export Configure the capability to advertise labeled routes to and receive labeled routes from EBGP peer 11 0 0 1 ASBR PE1 bgp peer 11 0 0 1 label route capability ASBR PE1 bgp quit 3 Configure ASBR PE 2 Start IS IS on ASBR PE 2 ASBR PE2 system view ASBR PE2 isis 1 ASBR PE2 isis 1 network entity 10 3333 3333 3333 33...

Page 431: ...oopback 0 ASBR PE2 bgp peer 5 5 5 9 label route capability Apply routing policy policy2 to filter routes advertised to IBGP peer 5 5 5 9 ASBR PE2 bgp peer 5 5 5 9 route policy policy2 export Apply routing policy policy1 to filter routes advertised to EBGP peer 11 0 0 2 ASBR PE2 bgp peer 11 0 0 2 as number 100 ASBR PE2 bgp peer 11 0 0 2 route policy policy1 export Configure the capability to advert...

Page 432: ...outes to and receive labeled routes from IBGP peer 4 4 4 9 PE2 bgp peer 4 4 4 9 as number 600 PE2 bgp peer 4 4 4 9 connect interface loopback 0 PE2 bgp peer 4 4 4 9 label route capability Configure the maximum hop count from PE 2 to EBGP peer 2 2 2 9 as 10 PE2 bgp peer 2 2 2 9 as number 100 PE2 bgp peer 2 2 2 9 connect interface loopback 0 PE2 bgp peer 2 2 2 9 ebgp max hop 10 Configure peer 2 2 2 ...

Page 433: ... 5 packet s received 0 00 packet loss round trip min avg max 1 1 1 ms Configuring carrier s carrier Network requirements Configure carrier s carrier for the scenario shown in Figure 109 In this scenario PE 1 and PE 2 are the provider carrier s PE routers They provide VPN services to the customer carrier CE 1 and CE 2 are the customer carrier s routers They are connected to the provider carrier s b...

Page 434: ...p0 4 4 4 9 32 POS5 1 1 11 1 1 2 24 POS5 1 1 30 1 1 2 24 POS5 1 2 30 1 1 1 24 POS5 1 2 21 1 1 1 24 Configuration procedure 1 Configure MPLS L3VPN on the provider carrier backbone start IS IS as the IGP enable LDP on PE 1 and PE 2 and establish an MP IBGP peer relationship between the PEs Configure PE 1 PE1 system view PE1 interface loopback 0 PE1 LoopBack0 ip address 3 3 3 9 32 PE1 LoopBack0 quit P...

Page 435: ...cute the display isis peer command The output shows that an IS IS neighbor relationship has been set up Take PE 1 as an example PE1 display mpls ldp session LDP Session s in Public Network Total number of sessions 1 Peer ID Status LAM SsnRole FT MD5 KA Sent Rcv 4 4 4 9 0 Operational DU Active Off Off 378 378 LAM Label Advertisement Mode FT Fault Tolerance PE1 display bgp peer BGP local router ID 3...

Page 436: ...it CE1 mpls ldp CE1 mpls ldp quit CE1 isis 2 CE1 isis 2 network entity 10 0000 0000 0002 00 CE1 isis 2 quit CE1 interface loopback 0 CE1 LoopBack0 isis enable 2 CE1 LoopBack0 quit CE1 interface POS 5 1 1 CE1 POS5 1 1 ip address 10 1 1 2 24 CE1 POS5 1 1 isis enable 2 CE1 POS5 1 1 mpls CE1 POS5 1 1 mpls ldp CE1 POS5 1 1 mpls ldp transport address interface CE1 POS5 1 1 quit After the configurations ...

Page 437: ... 11 1 1 1 24 CE1 POS5 1 2 isis enable 2 CE1 POS5 1 2 mpls CE1 POS5 1 2 mpls ldp CE1 POS5 1 2 mpls ldp transport address interface CE1 POS5 1 2 quit After the configurations PE 1 and CE 1 can establish an LDP session and IS IS neighbor relationship between them Configure PE 2 and CE 2 in a similar way to configuring PE 1 and CE 1 Details not shown 4 Connect end customers to the customer carrier Con...

Page 438: ...routes of the provider carrier network are present in the public network routing table of PE 1 and PE 2 Take PE 1 as an example PE1 display ip routing table Routing Tables Public Destinations 7 Routes 7 Destination Mask Proto Pre Cost NextHop Interface 3 3 3 9 32 Direct 0 0 127 0 0 1 InLoop0 4 4 4 9 32 ISIS 15 10 30 1 1 2 POS5 1 2 30 1 1 0 24 Direct 0 0 30 1 1 1 POS5 1 2 30 1 1 1 32 Direct 0 0 127...

Page 439: ... 0 24 Direct 0 0 11 1 1 1 POS5 1 2 11 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 11 1 1 2 32 Direct 0 0 11 1 1 2 POS5 1 2 20 1 1 0 24 ISIS 15 74 11 1 1 2 POS5 1 2 21 1 1 0 24 ISIS 15 74 11 1 1 2 POS5 1 2 21 1 1 2 32 ISIS 15 74 11 1 1 2 POS5 1 2 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 Execute the display ipv6 routing table vpn instance command on CE 1 and CE 2 ...

Page 440: ...ics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 60 87 127 ms CE 3 and CE 4 can ping each other CE3 ping ipv6 2001 2 1 PING 2001 2 1 56 data bytes press CTRL_C to break Reply from 2001 2 1 bytes 56 Sequence 1 hop limit 64 time 1 ms Reply from 2001 2 1 bytes 56 Sequence 2 hop limit 64 time 1 ms Reply from 2001 2 1 bytes 56 Sequence 3 hop limit 64 time 1 ms Repl...

Page 441: ...vpn2 MCE vpn instance vpn2 route distinguisher 20 1 MCE vpn instance vpn2 vpn target 20 1 MCE vpn instance vpn2 quit Bind interface GigabitEthernet 2 1 1 with VPN instance vpn1 and configure an IPv6 address for the interface MCE interface gigabitethernet 2 1 1 MCE GigabitEthernet2 1 1 ip binding vpn instance vpn1 MCE GigabitEthernet2 1 1 ipv6 address 2001 1 1 64 MCE GigabitEthernet2 1 1 quit Bind ...

Page 442: ...tem view VR1 ipv6 route static 0 2001 1 1 On the MCE configure an IPv6 static route to 2012 1 64 specify the next hop as 2001 1 2 and bind the static route with VPN instance vpn1 MCE ipv6 route static vpn instance vpn1 2012 1 64 vpn instance vpn1 2001 1 2 Run RIPng in VPN 2 Configure RIPng process 20 for the VPN instance vpn2 on the MCE so that the MCE can learn the routes of VPN 2 and add them to...

Page 443: ...oop0 Cost 0 Destination 2012 64 Protocol RIPng NextHop FE80 200 5EFF FE01 1C03 Preference 100 Interface GigabitEthernet2 1 2 Cost 1 Destination FE80 10 Protocol Direct NextHop Preference 0 Interface NULL0 Cost 0 The output shows that the MCE has learned the private route of VPN 2 through RIPng The MCE maintains the routes of VPN 1 and those of VPN 2 in two different routing tables In this way rout...

Page 444: ...abitEthernet2 1 3 1 isis ipv6 enable 10 MCE GigabitEthernet2 1 3 1 quit On PE 1 enable IPv6 ISIS process 10 and bind it to VPN instance vpn1 PE1 isis 10 vpn instance vpn1 PE1 isis 10 ipv6 enable PE1 isis 10 network 47 0001 0001 0003 00 PE1 isis 10 quit Enable IPv6 ISIS on subinterface GigabitEthernet2 1 3 2 PE1 GigabitEthernet2 1 3 2 isis ipv6 enable 10 PE1 GigabitEthernet2 1 3 2 quit On PE 1 disp...

Page 445: ...ipv6 routing table vpn instance vpn2 Routing Table Destinations 5 Routes 5 Destination 1 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 2002 2 64 Protocol Direct NextHop 2002 2 4 Preference 0 Interface GigabitEthernet2 1 1 2 Cost 0 Destination 2002 2 4 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 2012 64 Protocol ISISv6 NextHop FE...

Page 446: ...ast one x y Asterisk marked square brackets enclose optional syntax choices separated by vertical bars from which you select one choice multiple choices or none 1 n The argument or keyword and argument combination before the ampersand sign can be entered 1 to n times A line that starts with a pound sign is comments GUI conventions Convention Description Boldface Window names button names field nam...

Page 447: ... Represents an access controller a unified wired WLAN module or the access controller engine on a unified wired WLAN switch Represents an access point Represents a wireless terminator unit Represents a wireless terminator Represents a mesh access point Represents omnidirectional signals Represents directional signals Represents a security product such as a firewall UTM multiservice security gatewa...

Page 448: ...s provide a mechanism for accessing software updates through the product interface Review your product documentation to identify the recommended software update method To download product updates go to either of the following Hewlett Packard Enterprise Support Center Get connected with updates page www hpe com support e updates Software Depot website www hpe com support softwaredepot To view and u...

Page 449: ...r self repair CSR programs allow you to repair your product If a CSR part needs to be replaced it will be shipped directly to you so that you can install it at your convenience Some parts do not qualify for CSR Your Hewlett Packard Enterprise authorized service provider will determine whether a repair can be accomplished by CSR For more information about CSR contact your local service provider or ...

Page 450: ...number edition and publication date located on the front cover of the document For online help content include the product name product version help edition and publication date located on the legal notices page ...

Page 451: ... L3VPN 384 VPN instance with interface MPLS L3VPN 262 ATM configuring ATM AAL5 frame encapsulation MPLS L2VPN 157 attribute advertising TE attribute MPLS TE 39 affinity attribute MPLS TE 40 BGP extended community MPLS L3VPN 239 configuring affinity attribute CR LSP MPLS TE 64 configuring instance attribute VPLS 210 configuring VPN instance route related attribute IPv6 MPLS L3VPN 384 configuring VP...

Page 452: ...PN 266 configuring PE and CE RIPng IPv6 MPLS L3VPN 388 configuring PE and CE routing IPv6 MPLS L3VPN 387 configuring PE and CE routing MPLS L3VPN 265 configuring PE and CE static routing IPv6 MPLS L3VPN 387 configuring PE and CE static routing MPLS L3VPN 265 creating connection Kompella MPLS L2VPN 165 PE and CE routing information exchange IPv6 MPLS L3VPN 382 routing information exchange from PE M...

Page 453: ...AS VPN PE MPLS L3VPN 276 IPv6 IS IS between IPv6 MCE and PE 399 IPv6 IS IS between IPv6 MCE and VPN site 396 IPv6 MPLS L3VPN 381 383 402 IPv6 MPLS L3VPN using a GRE tunnel 410 IPv6 static routing between IPv6 MCE and PE 398 IPv6 static routing between IPv6 MCE and VPN site 395 IS IS between MCE and PE 288 IS IS between MCE and VPN site 284 IS IS TE MPLS TE 56 Kompella MPLS L2VPN 164 188 Kompella l...

Page 454: ...atures MPLS TE 59 RSVP TE authentication MPLS TE 62 RSVP TE GR MPLS TE 62 RSVP TE hello extension MPLS TE 61 RSVP TE refresh mechanism MPLS TE 60 RSVP TE reservation style MPLS TE 59 RSVP TE resource reservation confirmation MPLS TE 61 RSVP TE state timer MPLS TE 60 static LSP MPLS 10 30 static routing between MCE and VPN site 282 SVC MPLS L2VPN 158 SVC on Layer 3 interface MPLS L2VPN 159 SVC with...

Page 455: ...ution control mode MPLS 14 label MPLS 3 4 label control mode MPLS 4 redistributing OSPF loopback interface route into BGP MPLS L3VPN 280 dynamic signaling configuring tunnel MPLS TE 54 E EBGP configuring between PE and CE MPLS L3VPN 295 configuring EBGP between IPv6 MCE and PE 400 configuring EBGP between IPv6 MCE and VPN site 397 configuring EBGP between MCE and PE 289 configuring EBGP between MC...

Page 456: ...RE configuring IPv6 MPLS L3VPN using a GRE tunnel 410 configuring MPLS L3VPN using a GRE tunnel 309 group administrative group MPLS TE 40 configuring administrative group CR LSP MPLS TE 64 H HDLC configuring encapsulation MPLS L2VPN 156 hello extension configuring RSVP TE MPLS TE 61 HoVPN configuring MPLS L3VPN 279 355 extension MPLS L3VPN 254 implementing MPLS L3VPN 253 network model MPLS L3VPN 2...

Page 457: ...ace MPLS L2VPN 159 creating Martini VC on Layer 3 interface MPLS L2VPN 162 creating SVC on Layer 3 interface MPLS L2VPN 159 redistributing OSPF loopback route into BGP MPLS L3VPN 280 IP configuring LDP GR MPLS 21 configuring MPLS 1 IPv6 IS IS configuring IPv6 IS IS between IPv6 MCE and PE 399 configuring IPv6 IS IS between IPv6 MCE and VPN site 396 configuring PE and CE IPv6 MPLS L3VPN 388 IPv6 MC...

Page 458: ...plementing MPLS L2VPN 148 resetting BGP L2VPN session MPLS L2VPN 166 L label advertisement mode MPLS 4 configuring filtering LDP MPLS 16 configuring label acceptance control LDP MPLS 16 configuring label advertisement control LDP MPLS 17 configuring label distribution control mode MPLS 14 configuring recording MPLS TE 66 distribution MPLS 3 4 distribution control mode MPLS 4 forwarding MPLS 5 main...

Page 459: ...73 establishing MPLS 3 establishing dynamic LSP through LDP MPLS 11 H VPLS access 201 H VPLS access PW redundancy 202 inspecting MPLS 24 MPLS 2 setting up tunnel RSVP TE MPLS TE 43 LSR configuring TTL processing mode MPLS 19 MPLS 2 M MAC address configuring learning VPLS 209 flooding VPLS 198 learning VPLS 198 maintaining LDP session MPLS 18 MPLS L2VPN 167 MPLS L3VPN 292 MPLS operation 27 MPLS TE ...

Page 460: ...g LSP tracert 25 configuring LSP triggering policy 14 configuring LSR TTL processing mode 19 configuring PHP 13 configuring remote LDP session parameter 12 configuring static LSP 10 30 control plane 2 data forwarding 6 displaying LDP operation 29 displaying operation 27 enabling 10 enabling trap 27 establishing dynamic LSP through LDP 11 establishing LSP 3 FEC 1 forwarding 5 forwarding plane 2 ins...

Page 461: ... 374 configuring BGP VPNv4 subaddress family common routing 271 configuring BGP VPNv4 subaddress family routing 271 configuring BGP VPNv4 subaddress family specific routing 272 configuring carrier s carrier 337 configuring FRR 291 configuring HoVPN 279 355 configuring hub spoke network 314 configuring inter AS option A 322 configuring inter AS option B 326 configuring inter AS option C 331 configu...

Page 462: ...nfiguring explicit path 57 configuring failed link timer 70 configuring FRR 73 configuring FRR polling timer 75 configuring IS IS TE 56 configuring label recording 66 configuring loop detection 66 configuring MPLS LSP ping 76 configuring MPLS LSP tracert 76 configuring node protection 75 configuring OSPF 56 configuring periodic LSP tracert 78 configuring route pinning CR LSP 64 configuring route r...

Page 463: ...configuring administrative group CR LSP MPLS TE 64 configuring affinity attribute CR LSP MPLS TE 64 configuring BFD for primary link H VPLS 227 configuring BFD for tunnel detection MPLS TE 76 configuring BGP VPLS 207 configuring BGP AS number substitution MPLS L3VPN 290 374 configuring BGP extension VPLS 207 configuring BGP instance VPLS 207 configuring BGP L2VPN capability Kompella MPLS L2VPN 164...

Page 464: ...TE 76 configuring MPLS TE 51 configuring nested VPN MPLS L3VPN 277 344 configuring node protection MPLS TE 75 configuring OSPF MPLS TE 56 configuring OSPF loopback interface MPLS L3VPN 280 configuring OSPF sham link MPLS L3VPN 280 362 configuring PE and CE EBGP IPv6 MPLS L3VPN 389 configuring PE and CE EBGP MPLS L3VPN 268 configuring PE and CE IBGP MPLS L3VPN 269 configuring PE and CE IPv6 IS IS I...

Page 465: ... 73 enabling L2VPN and MPLS L2VPN VPLS 203 enabling MPLS 10 enabling trap MPLS 27 establishing dynamic LSP through LDP MPLS 11 establishing LSP MPLS 3 establishing path MPLS TE 39 establishing RSVP TE tunnel MPLS TE 59 extranet networking scheme MPLS L3VPN 243 FEC MPLS 1 forwarding MPLS 5 forwarding packet MPLS TE 39 forwarding plane MPLS 2 FRR MPLS L3VPN 257 FRR MPLS TE 46 FRR protection MPLS TE ...

Page 466: ...MPLS L3VPN 240 RSB timeout RSVP TE MPLS TE 44 RSVP refresh mechanism RSVP TE MPLS TE 43 RSVP TE MPLS TE 41 RSVP TE GR MPLS TE 44 RSVP TE message MPLS TE 42 RSVP TE resource reservation style MPLS TE 46 RSVP TE soft state MPLS TE 46 scheme IPv6 MPLS L3VPN 382 setting up LSP tunnel RSVP TE MPLS TE 43 site MPLS L3VPN 238 static LSP configuration MPLS 30 static route traffic forwarding along tunnel MP...

Page 467: ...S L3VPN 240 forwarding MPLS TE 39 PW encapsulation VPLS 200 sending back ICMP TTL exceeded messages MPLS 21 parameter configuring local LDP session parameter MPLS 12 configuring remote LDP session parameter MPLS 12 configuring traffic forwarding tuning MPLS TE 70 path calculating MPLS TE 39 configuring explicit path MPLS TE 57 establishing MPLS TE 39 vector LDP MPLS 15 PE CE and PE routing informa...

Page 468: ...iguring affinity attribute CR LSP MPLS TE 64 configuring ATM AAL5 frame encapsulation MPLS L2VPN 157 configuring BFD for LDP MPLS 18 configuring BFD for primary link H VPLS 227 configuring BFD for tunnel detection MPLS TE 76 configuring BGP VPLS 207 configuring BGP AS number substitution MPLS L3VPN 290 371 374 configuring BGP extension VPLS 207 configuring BGP instance VPLS 207 configuring BGP L2V...

Page 469: ...ween IPv6 MCE and VPN site 395 configuring IS IS between MCE and PE 288 configuring IS IS between MCE and VPN site 284 configuring IS IS TE MPLS TE 56 configuring Kompella MPLS L2VPN 164 188 configuring Kompella local connection MPLS L2VPN 190 configuring label distribution control mode MPLS 14 configuring label recording MPLS TE 66 configuring LDP VPLS 205 configuring LDP capability MPLS 11 confi...

Page 470: ... backup SVCs on Layer 3 interface MPLS L2VPN 159 configuring PW redundancy for H VPLS VPLS 223 configuring remote CCC connection MPLS L2VPN 157 170 configuring remote LDP session parameter MPLS 12 configuring remote peer for PE Martini MPLS L2VPN 162 configuring RIP between MCE and PE 287 configuring RIP between MCE and VPN site 282 configuring RIPng between IPv6 MCE and PE 398 configuring RIPng b...

Page 471: ...aintaining MPLS L2VPN 167 maintaining MPLS L3VPN 292 maintaining MPLS operation 27 maintaining MPLS TE 79 maintaining VPLS 211 managing forwarding MPLS 18 optimizing forwarding MPLS 18 redistributing OSPF loopback interface route into BGP MPLS L3VPN 280 resetting BGP connection IPv6 MPLS L3VPN 401 resetting BGP connection MPLS L3VPN 292 resetting BGP connection VPLS 208 resetting BGP L2VPN session...

Page 472: ... routing information exchange IPv6 MPLS L3VPN 382 configuring BGP VPNv4 subaddress family MPLS L3VPN 271 configuring BGP VPNv4 subaddress family common feature MPLS L3VPN 271 configuring BGP VPNv4 subaddress family specific feature MPLS L3VPN 272 configuring BGP VPNv6 subaddress family IPv6 MPLS L3VPN 390 configuring EBGP between IPv6 MCE and PE 400 configuring EBGP between IPv6 MCE and VPN site 3...

Page 473: ...d attribute MPLS L3VPN 262 creating OSPF sham link MPLS L3VPN 281 CR LSP explicit route MPLS TE 40 information advertisement IPv6 MPLS L3VPN 382 information advertisement MPLS L3VPN 244 information exchange CE to PE MPLS L3VPN 244 information exchange PE to PE MPLS L3VPN 245 information exchange PE to remote CE MPLS L3VPN 245 information propagation nested VPN MPLS L3VPN 251 MP BGP MPLS L3VPN 240 ...

Page 474: ...ring IPv6 static routing between IPv6 MCE and VPN site 395 configuring PE and CE IPv6 MPLS L3VPN 387 configuring PE and CE MPLS L3VPN 265 configuring static routing between MCE and PE 287 configuring static routing between MCE and VPN site 282 MPLS TE 45 traffic forwarding along tunnel MPLS TE 67 statistics clearing MPLS 30 strict route CR LSP explicit route MPLS TE 40 structure MPLS network 2 SVC...

Page 475: ...RSB timeout RSVP TE MPLS TE 44 RSVP refresh mechanism RSVP TE MPLS TE 43 RSVP TE MPLS TE 41 RSVP TE GR MPLS TE 44 RSVP TE resource reservation style MPLS TE 46 RSVP TE soft state MPLS TE 46 setting up LSP tunnel RSVP TE MPLS TE 43 static route forwarding along tunnel MPLS TE 67 static routing MPLS TE 45 trapping enabling MPLS 27 triggering configuring LSP policy MPLS 14 troubleshooting MPLS L2VPN ...

Page 476: ...IPv6 MPLS L3VPN 382 configuring Kompella MPLS L2VPN 164 configuring BGP VPLS 207 configuring BGP AS number substitution MPLS L3VPN 290 371 374 configuring BGP extension VPLS 207 configuring BGP instance VPLS 207 configuring BGP SoO MPLS L3VPN 290 374 configuring BGP VPNv4 subaddress family common routing MPLS L3VPN 271 configuring BGP VPNv4 subaddress family routing MPLS L3VPN 271 configuring BGP ...

Page 477: ...MPLS L3VPN 277 344 configuring OSPF between MCE and PE 287 configuring OSPF between MCE and VPN site 283 configuring OSPF loopback interface MPLS L3VPN 280 configuring OSPF sham link MPLS L3VPN 280 362 configuring OSPFv3 between IPv6 MCE and PE 399 configuring OSPFv3 between IPv6 MCE and VPN site 396 configuring PE and CE EBGP IPv6 MPLS L3VPN 389 configuring PE and CE EBGP MPLS L3VPN 268 configuri...

Page 478: ...scheme MPLS L3VPN 241 OSPF extension MPLS L3VPN 254 OSPF multi instance on PE MPLS L3VPN 254 OSPF sham link MPLS L3VPN 256 packet encapsulation VPLS 200 packet forwarding IPv6 MPLS L3VPN 381 PE and CE routing information exchange IPv6 MPLS L3VPN PE and PE routing information exchange IPv6 MPLS L3VPN propagating routing information nested VPN MPLS L3VPN 251 redistributing OSPF loopback interface ro...

Reviews:

No comments