Huawei quidway s7700 Configuration Manual Download | Manualshive

Page: 112 / 833

background image

3.1 Introduction to BGP/MPLS IP VPN

This section describes the concepts and roles of the PE, P, and CE.

BGP/MPLS IP VPN is a PE-based L3VPN technology used in the Provider Provisioned VPN
(PPVPN) solution. BGP/MPLS IP VPN uses BGP to advertise VPN routes and MPLS to forward
VPN packets on the provider's backbone network.

Characterized by flexible networking modes, excellent extensibility, and convenient support for
MPLS QoS and MPLS TE, BGP/MPLS IP VPN is widely used.

shows the networking diagram of BGP/MPLS IP VPN.

Figure 3-1

BGP/MPLS IP VPN model

CE

CE

CE

Service

provider's

backbone

CE

VPN 1

Site

Site

Site

Site

VPN 1

VPN 2

PE

PE

PE

P

P

P

P

VPN 2

The BGP/MPLS IP VPN model consists of the following parts:

l

A Customer Edge (CE) is an edge device on the customer network, which has one or more
interfaces directly connected to the service provider network. A CE can be a switch, a
router or a host. Mostly, CEs cannot "sense" the existence of the VPN, and do not need to
support MPLS.

l

A Provider Edge (PE) is an edge device on the provider network, which is directly connected
to the CE. In the MPLS network, PEs perform all the VPN-related processing.

l

A Provider (P) is a backbone device on the provider network, which is not directly
connected to the CE. Ps only need to possess basic MPLS forwarding capabilities and do
not need to maintain information about VPNs.

l

A site is a group of IP systems that have IP connectivity among themselves without being
connected to the service provider network. A site is connected to the provider network
through the CE. A site may contain many CEs, but a CE belongs only to a single site.

3.2 BGP/MPLS IP VPN Features Supported by the S7700

The S7700 supports basic and typical networking of the BGP/MPLS IP VPN, and such features
as reliability and QoS of the BGP/MPLS IP VPN.

Quidway S7700 Smart Routing Switch
Configuration Guide - VPN

3 BGP MPLS IP VPN Configuration

Issue 01 (2011-07-15)

Huawei Proprietary and Confidential

Copyright © Huawei Technologies Co., Ltd.

97

«
...
110
111
112
113
114
...
»

Summary of Contents for quidway s7700

Page 1: ...Quidway S7700 Smart Routing Switch V100R006C00 Configuration Guide VPN Issue 01 Date 2011 07 15 HUAWEI TECHNOLOGIES CO LTD ...

Page 2: ...be within the purchase scope or the usage scope Unless otherwise specified in the contract all statements information and recommendations in this document are provided AS IS without warranties guarantees or representations of any kind either express or implied The information in this document is subject to change without notice Every effort has been made in the preparation of this document to ensu...

Page 3: ... symbols that may be found in this document are defined as follows Symbol Description DANGER Indicates a hazard with a high level of risk which if not avoided will result in death or serious injury WARNING Indicates a hazard with a medium or low level of risk which if not avoided could result in minor or moderate injury CAUTION Indicates a potentially hazardous situation which if not avoided could...

Page 4: ...grouped in braces and separated by vertical bars A minimum of one item or a maximum of all items can be selected x y Optional items are grouped in brackets and separated by vertical bars Several items or no item can be selected 1 n The parameter before the sign can be repeated 1 to n times A line starting with the sign is comments Change History Updates between document issues are cumulative There...

Page 5: ... 5 3 Applying the Tunnel Policy to L2VPN 15 1 5 4 Checking the Configuration 17 1 6 Configuring L3VPN Tunnel Binding 19 1 6 1 Establishing the Configuration Task 19 1 6 2 Enabling the VPN Binding for a Tunnel 20 1 6 3 Configuring the VPN Binding of the Tunnel Policy 21 1 6 4 Applying the Tunnel Policy to the L3VPN 21 1 6 5 Checking the Configuration 22 1 7 Configuring L2VPN Tunnel Binding 24 1 7 1...

Page 6: ...72 2 6 Maintaining GRE 73 2 6 1 Resetting the Statistics of a Tunnel Interface 73 2 6 2 Monitoring the Running Status of GRE 73 2 6 3 Debugging GRE 74 2 7 Configuration Examples 74 2 7 1 Example for Configuring Static Routes on the GRE Tunnel 74 2 7 2 Example for Configuring the Dynamic Routing Protocol on the GRE Tunnel 79 2 7 3 Example for Configuring the CE to Access a VPN Through a GRE Tunnel ...

Page 7: ...nd ASBRs in the Same AS 128 3 7 3 Configuring MP EBGP Between ASBRs in Different ASs 129 3 7 4 Controlling the Receiving and Sending of VPN Routes by Using Routing Policies 130 3 7 5 Optional Storing Information About the VPN Instance on the ASBR 132 3 7 6 Optional Enabling Next Hop based Label Allocation on the ASBR 133 3 7 7 Configuring the Routing Protocol Between CE and PE 134 3 7 8 Checking t...

Page 8: ...blishing the Configuration Task 161 3 14 2 Configuring the Client PEs to Establish MP IBGP Connections with the RR 161 3 14 3 Configuring the RR to Establish MP IBGP Connections with the Client PEs 162 3 14 4 Configuring Route Reflection for BGP IPv4 VPN routes 164 3 14 5 Checking the Configuration 164 3 15 Configuring Route Reflection to Optimize the VPN Access Layer 165 3 15 1 Establishing the C...

Page 9: ...he Configuration Task 324 4 3 2 Creating an IPv6 VPN Instance 325 4 3 3 Configuring Attributes for the IPv6 VPN Instance 326 4 3 4 Optional Configuring MPLS Label Allocation Based on the IPv6 VPN Instance 327 4 3 5 Checking the Configuration 328 4 4 Configuring Basic BGP MPLS IPv6 VPN 329 4 4 1 Establishing the Configuration Task 329 4 4 2 Configuring an IPv6 VPN Instance 330 4 4 3 Binding an Inte...

Page 10: ...nt PEs 362 4 9 4 Configuring Route Reflection for BGP VPNv6 Routes 363 4 9 5 Checking the Configuration 364 4 10 Maintaining BGP MPLS IPv6 VPN 365 4 10 1 Displaying BGP MPLS IPv6 VPN Information 365 4 10 2 Checking the Network Connectivity and Reachability 366 4 10 3 Viewing the Integrated Route Statistics of all IPv6 VPN Instances 367 4 10 4 Resetting BGP Statistics of IPv6 VPN instance 367 4 10 ...

Page 11: ...onfiguration Task 472 5 7 2 Configuring Inter AS Option A 473 5 7 3 Checking the Configuration 473 5 8 Configuring the Inter AS Kompella VLL 474 5 8 1 Establishing the Configuration Task 474 5 8 2 Configuring the Inter AS Kompella VLL Option A 475 5 8 3 Checking the Configuration 476 5 9 Configuring VLL FRR 477 5 9 1 Establishing the Configuration Task 477 5 9 2 Configuring Master and Backup PWs 4...

Page 12: ...ecking the Configuration 554 6 4 Configuring a Static PW 554 6 4 1 Establishing the Configuration Task 555 6 4 2 Enabling MPLS L2VPN 555 6 4 3 Creating a Static PW 556 6 4 4 Checking the Configuration 556 6 5 Configuring a Dynamic PW 557 6 5 1 Establishing the Configuration Task 557 6 5 2 Enabling MPLS L2VPN 558 6 5 3 Creating a Dynamic PW 558 6 5 4 Checking the Configuration 559 6 6 Configuring P...

Page 13: ... a PW 586 6 12 2 Locating a Fault of a PW 587 6 12 3 Debugging a PWE3 588 6 13 Configuration Examples 588 6 13 1 Example for Configuring a Dynamic SH PW 589 6 13 2 Example for Configuring a Static MH PW 595 6 13 3 Example for Configuring a Dynamic MH PW 602 6 13 4 Example for Configuring a Mixed MH PW 613 6 13 5 Example for Configuring Static BFD for PW 620 6 13 6 Example for Configuring Dynamic B...

Page 14: ...LS Option A 706 7 7 3 Checking the Configuration 707 7 8 Configuring Inter AS Martini VPLS 709 7 8 1 Establishing the Configuration Task 709 7 8 2 Configuring Inter AS Martini VPLS Option A 709 7 8 3 Checking the Configuration 710 7 9 Configuring Dual homed Kompella VPLS 712 7 9 1 Establishing the Configuration Task 713 7 9 2 Creating VSIs and Configuring BGP Signaling 713 7 9 3 Configuring the Mu...

Page 15: ...uring Inter AS Martini VPLS Option A 781 7 13 8 Example for Configuring Inter AS Kompella VPLS Option A 788 8 VPLS Convergence Configuration 799 8 1 VPLS Convergence Overview 800 8 2 VPLS Convergence Supported by the S7700 800 8 3 Configuring VPLS Convergence UPE Directly Connected to the NPE 804 8 3 1 Establishing the Configuration Task 804 8 3 2 Configuring the mVSI 805 8 3 3 Configuring the Bin...

Page 16: ...alancing or other types of tunnels are required you need to configure a select sequence tunnel policy and apply the tunnel policy 1 5 Configuring Tunnel Policies Applied to L2VPN By default the system selects LSPs for a VPN and no load balancing is carried out If load balancing or other types of tunnels are required you need to configure a tunnel policy and bind the tunnel policy to the tunnels 1 ...

Page 17: ...pplying a tunnel policy to the L3VPN or L2VPN Quidway S7700 Smart Routing Switch Configuration Guide VPN 1 VPN Tunnel Management Configuration Issue 01 2011 07 15 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 2 ...

Page 18: ...users requirements carriers offer the MPLS Traffic Engineering MPLS TE tunnels which can optimize network resources and offer users with QoS guaranteed services l GRE In an MPLS Layer 3 VPN MPLS L3VPN a CE and a PEmust have a direct connection If they are not directly connected a GRE tunnel is generally set up between the CE and the PE to ensure the CE can access MPLS VPN Tunnel Configuration Mana...

Page 19: ...n randomly in the tunnel policy In select sequence mode if both CR LSPs and LSPs can be selected CR LSPs are prior to LSPs and the number of tunnels in load balancing is 3 the policies to select tunnels are shown as below l The CR LSP in the Up state is preferred If the number of CR LSPs that are Up is smaller than 3 CR LSPs are not sufficient or CR LSPs are sufficient whereas their status is Down...

Page 20: ...ervices of VPN A and VPN B are not affected by each other or other services The VPN primary tunnel binding has the following features l The VPN data to a specific peer PE is always transmitted through the bound TE tunnel l The bound TE tunnel cannot be used in select sequence mode or in load balancing l VPN primary tunnel binding can only use the bound primary tunnel for the specific peer PE Other...

Page 21: ...ated differently Pre configuration Tasks Before configuring a tunnel interface complete the following tasks l Connecting the interfaces and configuring physical parameters for the interfaces to ensure that the physical status of the interfaces is Up l Configuring parameters of the link layer protocol and IP addresses for the interfaces to ensure that the status of the link layer protocol on the in...

Page 22: ...played Step 3 Run tunnel protocol gre mpls te ipv6 ipv4 6to4 auto tunnel isatap ipv4 ipv6 none The encapsulation type of the tunnel is configured By default the encapsulation protocol of a tunnel interface is none The related commands of an encapsulation protocol can be run only after the protocol is encapsulated on the tunnel interface For example you can run MPLS TE commands in a tunnel interfac...

Page 23: ... type interface number command to configure IP unnumbered on the tunnel interface NOTE For details refer to the chapter IP Addresses Configuration in the Quidway S7700 Smart Routing Switch Configuration Guide IP Services End 1 3 4 Checking the Configuration After a tunnel interface is configured you can view detailed information about the tunnel interface and the specified tunnel Prerequisite The ...

Page 24: ... info all Allocated VC Token Tunnel ID Type Destination Token 0x10000 lsp 7 7 7 7 0 0x10001 lsp 6 6 6 6 1 0x10002 lsp 6 6 6 6 2 0x10003 gre 10 1 1 1 3 Run the display tunnel info tunnel id tunnel id command to further check the information about the tunnel For example Quidway display tunnel info tunnel id 10003 Tunnel ID 0x10003 Tunnel Token 3 Type gre Destination 10 1 1 1 Out Slot 0 Instance ID 0...

Page 25: ...status of the link layer protocol on the interfaces is Up l Creating the tunnel LSP or MPLS TE for the VPN instance l Configuring the VPN instance on the PE refer to the chapter Configuring a VPN Instance in this manual Data Preparation To configure the tunnel policy you need the following data No Data 1 Name of the tunnel policy 2 Priority of the tunnels 3 Number of tunnels for load balancing 4 N...

Page 26: ...ed to apply the tunnel policy to the VPN instance Context For L3VPN the tunnel policy is applied to the VPN instance Do as follows on a PE configured with a VPN instance Procedure Step 1 Run system view The system view is displayed Step 2 Run ip vpn instance vpn instance name The VPN instance view is displayed Step 3 Run tnl policy policy name A tunnel policy is applied to the VPN instance End 1 4...

Page 27: ... instance verbose Total VPN Instances configured 1 VPN Instance Name and ID vpna 1 Create date 2007 09 20 12 03 31 UTC 08 00 Up time 0 days 05 hours 23 minutes and 09 seconds Route Distinguisher 1 1 Export VPN Targets 1 1 Import VPN Targets 1 1 Label Policy label per route Tunnel Policy policy1 Log Interval 5 Interfaces Vlanif10 Run the display ip routing table vpn instance vpn instance name verbo...

Page 28: ...cing or select tunnels of other types configure and apply the corresponding tunnel policies For an L2VPN tunnel the tunnel policy is applied to VC At present a tunnel policy in select sequence mode consists of the following parts l Tunnel selection l Number of tunnels participating in load balancing Pre configuration Tasks Before configuring a tunnel policy complete the following tasks l Connectin...

Page 29: ...es A VC can apply only one tunnel policy Multiple VCs can share the same tunnel policy Step 3 Run tunnel select seq cr lsp gre lsp load balance number load balance number The priority of tunnels and number of tunnels participating in load balancing are configured NOTE The VPLS network and VLL network do not support GRE tunnels Therefore do not configure gre when configuring a tunnel policy on the ...

Page 30: ...re the undo portswitch command in the interface view before configuring the L2VPN When using XGE GE Ethernet or Eth Trunk sub interfaces as AC interfaces you need to configure the sub interface type before configuring the L2VPN For details on how to configure sub interfaces see Connecting Sub interfaces to a VLL Network Procedure l Applying a tunnel policy to VLL in SVC mode Do as follows on PEs c...

Page 31: ...pella mode NOTE Before configuring Kompella VLL on a PE create a connection with a CE by running the ce ce name id ce id range ce range default offset ce offset command l Applying a tunnel policy to VPLS in Martini mode Do as follows on the PEs at both ends of a PW 1 Run system view The system view is displayed 2 Run vsi vsi name auto static A VSI is created 3 Run pwsignal ldp LDP is configured as...

Page 32: ...o apply tunnel policy to PW For dynamic PW run mpls l2vc pw template pw template name ip address vc id tunnel policy policy name For static PW run mpls static l2vc destination ip address pw template pw template name vc id destination ip address vc id transmit vpn label transmit label value receive vpn label receive label value tunnel policy tnl policy name control word no control word raw tagged E...

Page 33: ...ns the configuration succeeds In the following example you can view the tunnel policy on VLANIF 10 of the VC is policy1 Quidway display mpls l2vc interface vlanif 10 client interface Vlanif10 is up Administrator PW no session state up AC state up VC state up VC ID 116119 VC type VLAN destination 6 6 6 6 local group ID 0 remote group ID 0 local VC label 23552 remote VC label 23552 local AC OAM Stat...

Page 34: ...t AC OAM state up BFD for PW session index BFD for PW state invalid BFD for LSP state true Local C bit is not set Remote C bit is not set tunnel type lsp tunnel id 0x10000 1 6 Configuring L3VPN Tunnel Binding VPN tunnel binding refers to the binding between a TE tunnel and a VPN After the binding the TE tunnel is exclusively used by the VPN 1 6 1 Establishing the Configuration Task Before configur...

Page 35: ...the PE refer to the chapter 3 BGP MPLS IP VPN Configuration in this manual Data Preparation To configure VPN primary tunnel binding you need the following data No Data 1 Name of the tunnel policy 2 QoS parameters for the MPLS TE tunnel such as bandwidth 3 Name of the VPN instance 1 6 2 Enabling the VPN Binding for a Tunnel A tunnel can be bound to a VPN only after VPN tunnel binding is enabled Con...

Page 36: ...he tunnel policy The VPN data from the local end are transmitted to the destination address through the bound tunnel Note the following l Tunnel policy can be either in select sequence mode or tunnel binding mode Therefore the tunnel policy configured with the tunnel binding command cannot be then configured with the tunnel select seq command l A maximum of six tunnels can be bound to the same des...

Page 37: ...interface tunnel interface number command to check the information about the interface of the bound tunnel l Run the display ip vpn instance verbose vpn instance name command to check the tunnel policy of the VPN instance l Run the display ip routing table vpn instance vpn instance name ip address verbose command to view information about the tunnel for IP routing l Run the display tunnel info tun...

Page 38: ... If the tunnel policy name of the VPN instance is displayed it means the configuration succeeds In the following example you can view the tunnel policy of the VPN instance named vpna is policy1 Quidway display ip vpn instance verbose Total VPN Instances configured 1 VPN Instance Name and ID vpna 1 Create date 2004 10 11 16 12 02 Up time 0 days 00 hours 03 minutes and 07 seconds Route Distinguisher...

Page 39: ...ation Tasks Before configuring MPLS L2VPN primary tunnel binding complete the following tasks l Connecting the interfaces and configuring physical parameters for the interfaces to ensure that the physical status of the interfaces is Up l Configuring parameters of the link layer protocol and IP addresses for the interfaces to ensure that the status of the link layer protocol on the interfaces is Up...

Page 40: ...l policy in select sequence mode cannot use the tunnel enabled with the VPN binding Step 4 Run mpls te commit The current configuration is validated End 1 7 3 Configuring the VPN Binding of the Tunnel Policy After enabling VPN tunnel binding you must also configure a tunnel policy to ensure that the VPN data is transmitted along the bound tunnel Context Do as follows on PEs at both ends of the TE ...

Page 41: ...unnel policy can be configured with multiple tunnel binding commands with different dest ip address End 1 7 4 Applying the Tunnel Policy to the Martini L2VPN After a tunnel binding policy is applied to an L2VPN the VPN data is transmitted along the bound tunnel Context Different VPN services to the same destination on a PE must apply different tunnel policies and be bound with different TE tunnels...

Page 42: ...rotocol up time 2009 02 23 10 54 40 Description HUAWEI Quidway Series Tunnel1 0 0 Interface Route Port The Maximum Transmit Unit is 1500 Internet Address is unnumbered using address of LoopBack1 1 1 1 9 32 Encapsulation is TUNNEL loopback not set Tunnel destination 2 2 2 9 Tunnel protocol transport MPLS MPLS ILM is available primary tunnel id is 0x10006 secondary tunnel id is 0x0 QoS max bandwidth...

Page 43: ...maintenance you can run the following commands to view the running status of a VPN tunnel Procedure l Run the display interface tunnel interface number command to view information about the tunnel interface l Run the display tunnel info tunnel id command to view information about a specified tunnel l Run the display tunnel info all command to view information about all tunnels l Run the display tu...

Page 44: ...out the debugging commands refer to the Quidway S7700 Smart Routing Switch Debugging Reference Procedure l Run the debugging tunnel all interface tunnel interface number command in the user view to enable tunnel debugging l Run the debugging tnlm all error event command in the user view to enable the debugging related to tunnel management End 1 9 Configuration Examples This section provides exampl...

Page 45: ... 1 2 30 GigabitEthernet1 0 3 VLANIF 50 10 3 1 2 30 Loopback1 2 2 2 2 32 CE1 GigabitEthernet1 0 3 VLANIF 30 10 1 1 1 30 CE2 GigabitEthernet1 0 2 VLANIF 20 10 2 1 1 30 CE3 GigabitEthernet1 0 3 VLANIF 50 10 3 1 1 30 CE4 GigabitEthernet1 0 2 VLANIF 40 10 4 1 1 30 Configuration Roadmap The configuration roadmap is as follows 1 Enable the routing protocol to ensure communication between the PEs 2 Config...

Page 46: ...E1 ospf 1 area 0 PE1 ospf 1 area 0 0 0 0 network 100 1 1 0 0 0 0 3 PE1 ospf 1 area 0 0 0 0 network 1 1 1 1 0 0 0 0 PE1 ospf 1 area 0 0 0 0 quit PE1 ospf 1 quit Configure PE2 Quidway system view Quidway sysname PE2 PE2 interface loopback 1 PE2 LoopBack1 ip address 2 2 2 2 32 PE2 LoopBack1 quit PE2 vlan 10 PE2 vlan10 quit PE2 interface gigabitethernet 1 0 1 PE2 GigabitEthernet1 0 1 port hybrid pvid ...

Page 47: ...erface vlanif 10 PE1 Vlanif10 mpls PE1 Vlanif10 mpls ldp PE1 Vlanif10 quit Configure PE2 PE2 mpls lsr id 2 2 2 2 PE2 mpls PE1 mpls label advertise non null PE2 mpls quit PE2 mpls ldp PE2 mpls ldp quit PE2 interface vlanif 10 PE2 Vlanif10 mpls PE2 Vlanif10 mpls ldp PE2 Vlanif10 quit After the configuration an LDP LSP can be set up between PE1 and PE2 By running the display tunnel info all command y...

Page 48: ...pls te tunnel id 22 PE1 Tunnel1 0 2 mpls te reserved for binding PE1 Tunnel1 0 2 mpls te commit PE1 Tunnel1 0 2 quit PE1 interface vlanif 10 PE1 Vlanif10 mpls te PE1 Vlanif10 mpls rsvp te PE1 Vlanif10 quit Configure PE2 PE2 mpls PE2 mpls mpls te PE2 mpls mpls rsvp te PE2 mpls mpls te cspf PE2 mpls quit PE2 interface tunnel 1 0 1 PE2 Tunnel1 0 1 ip address unnumbered interface loopback1 PE2 Tunnel1...

Page 49: ...s 0x1003d secondary tunnel id is 0x0 QoS max bandwidth 64 Kbps Output queue Urgent queue Size Length Discards 0 50 0 Output queue Protocol queue Size Length Discards 0 1000 0 Output queue FIFO queue Size Length Discards 0 256 0 300 seconds output rate 0 bits sec 0 packets sec 196 seconds output rate 0 bits sec 0 packets sec 0 packets output 0 bytes 0 output error 0 output drop Input bandwidth util...

Page 50: ... ping a source ip address vpn instance vpn instance name destination address command otherwise the ping operation may fail Step 5 Configure and apply a tunnel policy on the PE Configure the tunnel policy for binding primary tunnel and apply the tunnel policy to VPNA Configure PE1 PE1 tunnel policy policy1 PE1 tunnel policy policy1 tunnel binding destination 2 2 2 2 te tunnel1 0 2 PE1 tunnel policy...

Page 51: ...mmand You can see that the BGP peers between the PEs are established Step 7 Set up EBGP adjacency between PEs and CEs Configure PE1 PE1 bgp 100 PE1 bgp ipv4 family vpn instance VPNA PE1 bgp af VPNA peer 10 1 1 1 as number 65410 PE1 bgp af VPNA quit PE1 bgp ipv4 family vpn instance VPNB PE1 bgp af VPNB peer 10 2 1 1 as number 65410 PE1 bgp af VPNB quit PE1 bgp quit Configure CE1 CE1 bgp 65410 CE1 b...

Page 52: ... 0 0 D 127 0 0 1 InLoopBack0 10 2 1 255 32 Direct 0 0 D 127 0 0 1 InLoopBack0 10 4 1 0 30 BGP 255 0 RD 2 2 2 2 Tunnel1 0 1 BGP 255 0 RD 2 2 2 2 Vlanif10 255 255 255 255 32 Direct 0 0 D 127 0 0 1 InLoopBack0 Run the display ip routing table vpn instance verbose command on the PEs and you can see the tunnels used by the VPN routes Take the display on PE1 as an example PE1 display ip routing table vp...

Page 53: ...te cspf mpls ldp interface Vlanif10 ip address 100 1 1 1 255 255 255 252 mpls mpls te mpls rsvp te mpls ldp interface Vlanif20 ip binding vpn instance VPNB ip address 10 2 1 2 255 255 255 252 interface Vlanif30 ip binding vpn instance VPNA ip address 10 1 1 2 255 255 255 252 interface GigabitEthernet1 0 1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 interface GigabitEthernet1 0 2 port hyb...

Page 54: ...ble area 0 0 0 0 network 100 1 1 0 0 0 0 3 network 1 1 1 1 0 0 0 0 mpls te enable tunnel policy policy1 tunnel binding destination 2 2 2 2 te Tunnel1 0 2 tunnel policy policy2 tunnel select seq cr lsp lsp load balance number 1 return l Configuration file of PE2 sysname PE2 vlan batch 10 40 50 ip vpn instance VPNA route distinguisher 100 3 tnl policy policy1 vpn target 111 1 export extcommunity vpn...

Page 55: ...s unnumbered interface loopback1 tunnel protocol mpls te destination 1 1 1 1 mpls te tunnel id 11 mpls te commit interface Tunnel1 0 2 ip address unnumbered interface loopback1 tunnel protocol mpls te destination 1 1 1 1 mpls te tunnel id 22 mpls te reserved for binding mpls te commit bgp 100 peer 1 1 1 1 as number 100 peer 1 1 1 1 connect interface LoopBack1 ipv4 family unicast undo synchronizati...

Page 56: ...0 1 1 2 enable return l Configuration file of CE2 sysname CE2 vlan batch 20 interface vlanif 20 ip address 10 2 1 1 255 255 255 252 interface GigabitEthernet1 0 2 port hybrid pvid vlan 20 port hybrid untagged vlan 20 bgp 65410 peer 10 2 1 2 as number 100 ipv4 family unicast undo synchronization peer 10 2 1 2 enable return l Configuration file of CE3 sysname CE3 vlan batch 50 interface Vlanif50 ip ...

Page 57: ...cast undo synchronization peer 10 4 1 2 enable return 1 9 2 Example for Binding a Tunnel to the Martini L2VPN Networking Requirements As shown in Figure 1 3 Site 1 Site 2 and Site 3 belong to VPNA The networking requirements are as follows l Configuring a Martini L2VPN l The communication between Site 1 and Site 2 is independent of that between Site 1 and Site 3 Quidway S7700 Smart Routing Switch ...

Page 58: ...oopback1 1 1 1 9 32 PE2 GigabitEthernet1 0 1 VLANIF 2 GigabitEthernet1 0 2 VLANIF 5 100 2 1 2 24 Loopback1 2 2 2 9 32 PE3 GigabitEthernet1 0 1 VLANIF 3 GigabitEthernet1 0 3 VLANIF 6 100 3 1 2 24 Loopback1 3 3 3 9 32 P GigabitEthernet1 0 1 VLANIF 7 100 1 1 1 24 GigabitEthernet1 0 2 VLANIF 5 100 2 1 1 24 GigabitEthernet1 0 3 VLANIF 6 100 3 1 1 24 CE1 GigabitEthernet1 0 2 VLANIF 10 10 1 1 1 24 Gigabi...

Page 59: ...S process ID is 1 Configure PE1 Quidway system view Quidway sysname PE1 PE1 vlan 7 PE1 vlan7 quit PE1 interface gigabitethernet 1 0 1 PE1 GigabitEthernet1 0 1 port hybrid pvid vlan 7 PE1 GigabitEthernet1 0 1 port hybrid tagged vlan 7 PE1 GigabitEthernet1 0 1 quit PE1 interface vlanif 7 PE1 Vlanif7 ip address 100 1 1 2 24 PE1 Vlanif7 quit PE1 isis 1 PE1 isis 1 network entity 10 0000 0000 0000 0001 ...

Page 60: ...1 ip address 1 1 1 9 32 P LoopBack1 isis enable 1 P LoopBack1 quit Run the display ip routing table command in any view of the PEs and you can see that the PEs can learn the loopback address of each other Take the display on PE1 as an example PE1 display ip routing table Route Flags R relied D download to fib Routing Tables Public Destinations 14 Routes 14 Destination Mask Proto Pre Cost Flags Nex...

Page 61: ...ls ldp remote 3 3 3 9 remote ip 3 3 3 9 PE1 mpls ldp remote 3 3 3 9 quit The configuration procedures of PE2 and PE3 are similar to the configuration procedure of PE1 Configure the P P mpls lsr id 4 4 4 9 P mpls P mpls mpls te P mpls mpls rsvp te P mpls quit P interface vlanif 7 P Vlanif7 mpls P Vlanif7 mpls te P Vlanif7 mpls rsvp te P Vlanif7 quit P interface vlanif 5 P Vlanif5 mpls P Vlanif5 mpl...

Page 62: ...1 1 2 PE1 explicit path PE1toPE3 next hop 100 3 1 2 PE1 explicit path PE1toPE3 next hop 3 3 3 9 PE1 explicit path PE1toPE3 quit Step 5 Configure the MPLS TE tunnel NOTE An MPLS TE tunnel is unidirectional To guarantee bidirectional QoS on the TE tunnel you must configure an MPLS TE tunnel on PEs Create two tunnel interfaces on PE1 create a tunnel interface on each of PE2 and PE3 Configure PE1 PE1 ...

Page 63: ... is unnumbered using address of LoopBack1 1 1 1 9 32 Encapsulation is TUNNEL loopback not set Tunnel destination 2 2 2 9 Tunnel up down statistics 1 Tunnel protocol transport MPLS MPLS ILM is available primary tunnel id is 0x1003c secondary tunnel id is 0x0 QoS max bandwidth 64 Kbps Output queue Urgent queue Size Length Discards 0 50 0 Output queue Protocol queue Size Length Discards 0 1000 0 Outp...

Page 64: ...nel1 0 0 mpls te reserved for binding PE3 Tunnel1 0 0 mpls te commit PE3 Tunnel1 0 0 quit PE3 tunnel policy policy1 PE3 tunnel policy policy1 tunnel binding destination 1 1 1 9 te tunnel 1 0 0 PE3 tunnel policy policy1 quit PE3 interface vlanif 3 PE3 Vlanif3 mpls l2vc 1 1 1 9 200 tunnel policy policy1 PE3 Vlanif3 quit Step 7 Connect the CEs to the backbone network The following takes the configura...

Page 65: ...al up time 0 days 0 hours 3 minutes 45 seconds CKey 5 NKey 4 AdminPw interface AdminPw link state client interface Vlanif10 Administrator PW no session state up AC status up VC state up VC ID 100 VC type VLAN destination 2 2 2 9 local VC label 23553 remote VC label 23553 control word disable forwarding entry exist local group ID 0 manual fault not set active state active link state up local VC MTU...

Page 66: ...ol current state UP Last line protocol up time 2007 09 10 13 54 57 08 00 Description HUAWEI Quidway Series Tunnel1 0 0 Interface Route Port Internet Address is unnumbered using address of LoopBack1 1 1 1 9 32 Encapsulation is TUNNEL loopback not set Tunnel destination 2 2 2 9 Tunnel up down statistics 1 Tunnel protocol transport MPLS MPLS ILM is available primary tunnel id is 0x1003c secondary tun...

Page 67: ...vel 2 interface Vlanif4 mpls l2vc 3 3 3 9 200 tunnel policy policy2 interface Vlanif7 ip address 100 1 1 2 255 255 255 0 isis enable 1 mpls mpls te mpls rsvp te interface Vlanif10 mpls l2vc 2 2 2 9 100 tunnel policy policy1 interface GigabitEthernet1 0 1 port hybrid pvid vlan 7 port hybrid tagged vlan 7 interface GigabitEthernet1 0 2 port hybrid pvid vlan 10 port hybrid tagged vlan 10 interface Gi...

Page 68: ...figuration file of P sysname P vlan batch 5 6 7 mpls lsr id 4 4 4 9 mpls mpls te mpls rsvp te isis 1 is level level 2 cost style wide network entity 10 0000 0000 0000 0002 00 traffic eng level 2 interface Vlanif5 ip address 100 2 1 1 255 255 255 0 isis enable 1 mpls mpls te mpls rsvp te interface Vlanif6 ip address 100 3 1 1 255 255 255 0 isis enable 1 mpls mpls te mpls rsvp te interface Vlanif7 i...

Page 69: ...1 1 1 9 100 tunnel policy policy1 interface Vlanif5 ip address 100 2 1 2 255 255 255 0 isis enable 1 mpls mpls te mpls rsvp te interface GigabitEthernet1 0 1 port hybrid pvid vlan 2 port hybrid tagged vlan 2 interface GigabitEthernet1 0 2 port hybrid pvid vlan 5 port hybrid tagged vlan 5 interface LoopBack1 ip address 2 2 2 9 255 255 255 255 isis enable 1 interface Tunnel1 0 0 ip address unnumbere...

Page 70: ...face GigabitEthernet1 0 1 port hybrid pvid vlan 3 port hybrid tagged vlan 3 interface GigabitEthernet1 0 3 port hybrid pvid vlan 6 port hybrid tagged vlan 6 interface LoopBack1 ip address 3 3 3 9 255 255 255 255 isis enable 1 interface Tunnel1 0 0 ip address unnumbered interface LoopBack1 tunnel protocol mpls te destination 1 1 1 9 mpls te tunnel id 100 mpls te reserved for binding mpls te commit ...

Page 71: ... 2 interface Vlanif2 ip address 10 1 1 2 255 255 255 0 interface GigabitEthernet1 0 1 port link type trunk port trunk allow pass vlan 2 return l Configuration file of CE3 sysname CE3 vlan batch 3 interface Vlanif2 ip address 20 1 1 2 255 255 255 0 interface GigabitEthernet1 0 1 port link type trunk port trunk allow pass vlan 3 return Quidway S7700 Smart Routing Switch Configuration Guide VPN 1 VPN...

Page 72: ...transmission through the single protocol backbone network enlargement of the operation scope of the network running a hop limited protocol like IPX connection of some discontinuous subnets to establish a VPN and working in conjunction with IPSec to compensate the flaw of IPSec in multicast data protection 2 3 Configuring GRE You can configure GRE only after a GRE tunnel is configured 2 4 Configuri...

Page 73: ...is chapter provides networking requirements configuration notes and configuration roadmap in configurations examples Quidway S7700 Smart Routing Switch Configuration Guide VPN 2 GRE Configuration Issue 01 2011 07 15 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 58 ...

Page 74: ... of the tunnel 2 2 GRE Features Supported by the S7700 GRE features supported the S7700 include the following multi protocol local network transmission through the single protocol backbone network enlargement of the operation scope of the network running a hop limited protocol like IPX connection of some discontinuous subnets to establish a VPN and working in conjunction with IPSec to compensate t...

Page 75: ...ing Some Discontinuous Sub Networks to Establish a VPN GRE tunnels can be used to connect discontinuous sub networks as shown in Figure 2 3 Two sub networks Group 1 and Group 2 running the Novell IPX protocol are in different cities A VPN across the Wide Area Network WAN can be established after the tunnel technology is adopted Figure 2 3 Networking diagram of discontinuous sub networks connected ...

Page 76: ...rface first and then configure GRE functions on the tunnel interface If the tunnel interface is deleted all configurations on the interface are deleted accordingly Pre configuration Tasks Before configuring an ordinary GRE tunnel complete the following tasks l Ensuring the IP connectivity between the source interface and the destination interface Data Preparation To configure an ordinary GRE tunne...

Page 77: ...the loopback interface that sends GRE packets whereas the destination address is the IP address of the loopback interface that receives the GRE packets Step 6 Optional Run mtu mtu The Maximum Transmission Unit MTU of the tunnel interface is modified The new MTU takes effect only after you run the shutdown command and then the undo shutdown command on the interface Step 7 Choose one of the followin...

Page 78: ...configuration of dynamic routes see the S7700 Configuration Guide IP Routing When configuring a dynamic routing protocol enable the dynamic routing protocol on both the tunnel interface and the interface connected to the private network To ensure proper routing do not choose the tunnel interface as the next hop when configuring the route to the physical or logical interface of the destination tunn...

Page 79: ...wo ends of the tunnel can successfully ping each other End Example Run the display interface tunnel command If the tunnel interface is Up the configuration succeeds For example Quidway display interface Tunnel 1 0 0 Tunnel1 0 0 current state UP Line protocol current state UP Last line protocol up time 2009 03 19 18 38 07 Description HUAWEI Quidway Series Tunnel1 0 0 Interface Route Port The Maximu...

Page 80: ...6 6 6 32 OSPF 10 2 D 10 1 1 1 Vlanif15 9 9 9 9 32 Direct 0 0 D 127 0 0 1 InLoopBack0 10 1 1 0 24 Direct 0 0 D 10 1 1 2 Vlanif15 10 1 1 2 32 Direct 0 0 D 127 0 0 1 InLoopBack0 10 1 1 255 32 Direct 0 0 D 127 0 0 1 InLoopBack0 10 2 1 0 24 Static 60 0 D 40 1 1 1 Tunnel1 0 1 40 1 1 0 24 Direct 0 0 D 40 1 1 1 Tunnel1 0 1 40 1 1 1 32 Direct 0 0 D 127 0 0 1 InLoopBack0 127 0 0 0 8 Direct 0 0 D 127 0 0 1 I...

Page 81: ...dress or source interface and destination address of the GRE tunnel interface specified on the PE 2 4 2 Configuring the GRE Tunnel Interface on CE After creating a tunnel interface on a CE you need to specify GRE as the encapsulation type set the source address or source interface of the tunnel interface and set the destination address of the tunnel interface The source address of the tunnel speci...

Page 82: ...d interface interface type interface number command to configure IP unnumbered for the tunnel interface End 2 4 3 Configuring the GRE Tunnel Interface on PE After creating a tunnel interface on a PE you need to specify GRE as the encapsulation type set the source address or source interface of the tunnel interface and set the destination address of the tunnel interface The source address of the tu...

Page 83: ...the tunnel passes through the public network the parameter is not required Step 6 Optional Run mtu mtu The MTU of the interface is modified The new MTU takes effect only after you run the shutdown and the undo shutdown commands in succession on the interface Step 7 Choose one of the following commands to configure the IP address of the tunnel interface l Run the ip address ip address mask mask len...

Page 84: ...equisite The GRE tunnel between the CE and the PE is fully configured Procedure l Run the display interface tunnel interface number command to check the working mode of the tunnel interface l Run the display ip routing table vpn instance vpn instance name command to check the VPN routing table on the PE l Run the display ip routing table command to check the routing table on the CE l Run the ping ...

Page 85: ...ackets Multicast 0 packets Input bandwidth utilization Output bandwidth utilization 2 5 Configuring the Keepalive Function Before configuring a tunnel policy and a GRE tunnel for the VPN enable the Keepalive function of the GRE tunnel In this manner the VPN does not select the GRE tunnel that cannot reach the remote end and data loss can be avoided 2 5 1 Establishing the Configuration Task Before ...

Page 86: ...function Procedure Step 1 Run system view The system view is displayed Step 2 Run interface tunnel interface number The tunnel interface view is displayed Step 3 Run tunnel protocol gre The tunnel is encapsulated with GRE Step 4 Run keepalive period period retry times retry times The Keepalive function is enabled The Keepalive function of a GRE tunnel is unidirectional Therefore to realize the Kee...

Page 87: ...splayed Step 2 Run interface tunnel interface number The tunnel interface view is displayed Step 3 Run display keepalive packets count Check the Keepalive packets and Keepalive Response packets sent and received by the GRE tunnel interface End Example On the tunnel interface that is enabled with the Keepalive function run the display keepalive packets count command and you can ascertain the number...

Page 88: ...ed 3 Run reset keepalive packets count Reset the statistics on Keepalive packets on the tunnel interface NOTE You can run the reset keepalive packets count command only in the tunnel interface view and the tunnel protocol of the interface must be GRE End 2 6 2 Monitoring the Running Status of GRE In routine maintenance you can run the GRE related display commands to view the running status of GRE ...

Page 89: ...onfiguration Guide System Management For details of debugging commands refer to Quidway S7700 Smart Routing Switch Debugging Reference Procedure l Run the debugging tunnel keepalive command in the user view to debug the Keepalive function of the GRE tunnel End 2 7 Configuration Examples Familiarize yourself with the configuration procedures against the networking diagrams This chapter provides net...

Page 90: ... Switch A and Switch C and specify the source and destination addresses of the tunnel The source address is the IP address of the interface sending packets and the destination address is the IP address of the interface receiving packets 3 Configure the IP address of the tunnel so that the tunnel supports the dynamic routing protocol 4 Configure the static route between Switch A and its connected P...

Page 91: ...network Configure Switch A SwitchA ospf 1 SwitchA ospf 1 area 0 SwitchA ospf 1 area 0 0 0 0 network 20 1 1 0 0 0 0 255 SwitchA ospf 1 area 0 0 0 0 quit SwitchA ospf 1 quit The configurations of Switch B and Switch C are similar to the configuration of Switch A and are not mentioned here Run the display ip routing table command on Switch A and Switch C You can find that they learn the OSPF routes d...

Page 92: ...ttl 255 time 48 ms Reply from 40 1 1 2 bytes 56 Sequence 4 ttl 255 time 33 ms Reply from 40 1 1 2 bytes 56 Sequence 5 ttl 255 time 36 ms 40 1 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 24 34 48 ms Step 4 Configure static routes Configure Switch A SwitchA ip route static 10 2 1 0 255 255 255 0 tunnel 1 0 1 Configure Switch C SwitchC ip rou...

Page 93: ...dress 10 1 1 2 255 255 255 0 interface GigabitEthernet1 0 0 port hybrid pvid vlan 10 port hybrid untagged vlan 10 interface GigabitEthernet2 0 0 port hybrid pvid vlan 30 port hybrid untagged vlan 30 interface Tunnel1 0 1 ip address 40 1 1 1 255 255 255 0 tunnel protocol gre source 20 1 1 1 destination 30 1 1 2 ospf 1 area 0 0 0 0 network 20 1 1 0 0 0 0 255 ip route static 10 2 1 0 255 255 255 0 Tu...

Page 94: ...spf 1 area 0 0 0 0 network 30 1 1 0 0 0 0 255 ip route static 10 1 1 0 255 255 255 0 Tunnel1 0 1 return 2 7 2 Example for Configuring the Dynamic Routing Protocol on the GRE Tunnel Networking Requirements As shown in Figure 2 7 OSPF runs between Switch A Switch B and Switch C GRE is used between Switch A and Switch C to implement the interworking between PC1 and PC2 OSPF is enabled on the tunnel i...

Page 95: ... 1 1 1 24 Switch C GigabitEthernet1 0 0 VLANIF 30 30 1 1 2 24 GigabitEthernet2 0 0 VLANIF 40 10 2 1 2 24 Configuration Roadmap The configuration roadmap is as follows 1 Run IGP on the Switches OSPF process 1 is used here 2 Create GRE tunnels between the Switches connected to PCs so that data between any two PCs is transmitted through GRE tunnels Data Preparation To complete the configuration you n...

Page 96: ...gure SwitchA SwitchA ospf 1 SwitchA ospf 1 area 0 SwitchA ospf 1 area 0 0 0 0 network 20 1 1 0 0 0 0 255 SwitchA ospf 1 area 0 0 0 0 quit SwitchA ospf 1 quit Configure SwitchB SwitchB ospf 1 SwitchB ospf 1 area 0 SwitchB ospf 1 area 0 0 0 0 network 20 1 1 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 network 30 1 1 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 quit SwitchB ospf 1 quit Configure SwitchC Switch...

Page 97: ... 10 1 1 2 Vlanif30 10 1 1 2 32 Direct 0 0 D 127 0 0 1 InLoopBack0 10 1 1 255 32 Direct 0 0 D 127 0 0 1 InLoopBack0 10 2 1 0 24 OSPF 10 2 D 40 1 1 2 Tunnel1 0 1 20 1 1 0 24 Direct 0 0 D 20 1 1 1 Vlanif10 20 1 1 1 32 Direct 0 0 D 127 0 0 1 InLoopBack0 20 1 1 255 32 Direct 0 0 D 127 0 0 1 InLoopBack0 30 1 1 0 24 OSPF 10 2 D 20 1 1 2 Vlanif10 40 1 1 0 24 Direct 0 0 D 40 1 1 1 Tunnel1 0 1 40 1 1 1 32 D...

Page 98: ...ybrid untagged vlan 20 interface GigabitEthernet2 0 0 port hybrid pvid vlan 30 port hybrid untagged vlan 30 ospf 1 area 0 0 0 0 network 20 1 1 0 0 0 0 255 network 30 1 1 0 0 0 0 255 return l Configuration file of Switch C sysname SwitchC vlan batch 30 40 interface Vlanif30 ip address 30 1 1 2 255 255 255 0 interface Vlanif40 ip address 10 2 1 2 255 255 255 0 interface GigabitEthernet1 0 0 port hyb...

Page 99: ...cted to PE2 directly l CE1 and CE2 belong to the same VPN CE1 and CE2 are required to interwork with each other Figure 2 8 Networking diagram in which CEs access a VPN through the GRE tunnel of the public network Tunnel PC1 PC1 GE1 0 0 GE1 0 0 GE1 0 0 GE1 0 0 GE1 0 0 GE2 0 0 GE2 0 0 GE2 0 0 GE2 0 0 GE2 0 0 CE1 CE2 PE1 PE2 Tunnel1 0 0 Tunnel2 0 0 SwitchA Loopback1 Loopback1 Device Interface VLANIF ...

Page 100: ... 10 on PE1 and PE2 to implement the interworking between the two devices and then enable MPLS 2 Configure OSPF 20 on CE1 Switch A and PE1 to implement the interworking between the three devices 3 Establish a GRE tunnel between CE1 and PE1 4 Create VPN instances vpn1 on PE1 and PE2 Then bind the VPN instance on PE1 to the GRE tunnel interface and bind the VPN instance on PE2 to the connected physic...

Page 101: ...e VPN instance to the GRE tunnel PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 100 1 PE1 vpn instance vpn1 vpn target 111 1 export extcommunity PE1 vpn instance vpn1 vpn target 111 1 import extcommunity PE1 vpn instance vpn1 quit PE1 interface tunnel 1 0 0 PE1 Tunnel1 0 0 ip binding vpn instance vpn1 PE1 Tunnel1 0 0 ip address 2 2 2 2 255 255 255 0 PE1 Tunnel1 0 0 quit Step 5 ...

Page 102: ...rface and enable the capability of exchanging VPN IPv4 routing information between PE1 and PE2 PE1 bgp 100 PE1 bgp peer 3 3 3 9 as number 100 PE1 bgp peer 3 3 3 9 connect interface loopback 1 PE1 bgp ipv4 family vpnv4 PE1 bgp af vpnv4 peer 3 3 3 9 enable PE1 bgp af vpnv4 quit Enter the view of the BGP VPN instance vpn1 and import the direct routes and IS IS routes PE1 bgp ipv4 family vpn instance ...

Page 103: ...et s received 0 00 packet loss round trip min avg max 100 124 190 ms CE2 ping 21 1 1 2 PING 21 1 1 2 56 data bytes press CTRL_C to break Reply from 21 1 1 2 bytes 56 Sequence 1 ttl 253 time 120 ms Reply from 21 1 1 2 bytes 56 Sequence 2 ttl 253 time 110 ms Reply from 21 1 1 2 bytes 56 Sequence 3 ttl 253 time 120 ms Reply from 21 1 1 2 bytes 56 Sequence 4 ttl 253 time 90 ms Reply from 21 1 1 2 byte...

Page 104: ...abitEthernet1 0 0 port hybrid pvid vlan 20 port hybrid untagged vlan 20 interface GigabitEthernet2 0 0 port hybrid pvid vlan 30 port hybrid untagged vlan 30 ospf 20 area 0 0 0 0 network 30 1 1 0 0 0 0 255 network 50 1 1 0 0 0 0 255 return l Configuration file of PE1 sysname PE1 vlan batch 30 40 ip vpn instance vpn1 route distinguisher 100 1 vpn target 111 1 export extcommunity vpn target 111 1 imp...

Page 105: ...3 3 3 9 connect interface LoopBack1 ipv4 family unicast undo synchronization peer 3 3 3 9 enable ipv4 family vpnv4 policy vpn target peer 3 3 3 9 enable ipv4 family vpn instance vpn1 import route direct import route isis 50 ospf 10 area 0 0 0 0 network 1 1 1 9 0 0 0 0 network 110 1 1 0 0 0 0 255 ospf 20 area 0 0 0 0 network 50 1 1 0 0 0 0 255 return l Configuration file of PE2 sysname PE2 vlan bat...

Page 106: ...ily unicast undo synchronization peer 1 1 1 9 enable ipv4 family vpnv4 policy vpn target peer 1 1 1 9 enable ipv4 family vpn instance vpn1 import route direct import route isis 50 ospf 10 area 0 0 0 0 network 3 3 3 9 0 0 0 0 network 110 1 1 0 0 0 0 255 return l Configuration file of CE2 sysname CE2 vlan batch 50 60 isis 50 network entity 50 0000 0000 0004 00 interface Vlanif50 ip address 11 1 1 1 ...

Page 107: ... 1 1 24 Switch B GigabitEthernet1 0 0 VLANIF 20 30 1 1 2 24 Tunnel1 0 0 40 1 1 2 24 Configuration Roadmap To enable the Keepalive function on one end of the GRE tunnel run the keepalive command in the tunnel interface view on the end TIP If the Keepalive function is enabled on the source end the forwarding function is obligatory and the Keepalive function is optional for the destination end Data P...

Page 108: ... ms Reply from 40 1 1 2 bytes 56 Sequence 2 ttl 255 time 7 ms Reply from 40 1 1 2 bytes 56 Sequence 3 ttl 255 time 7 ms Reply from 40 1 1 2 bytes 56 Sequence 4 ttl 255 time 7 ms Reply from 40 1 1 2 bytes 56 Sequence 5 ttl 255 time 7 ms 40 1 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 7 7 9 ms Enable the debugging of the Keepalive messages ...

Page 109: ...ation file of Switch B sysname SwitchB vlan batch 20 interface Vlanif20 ip address 30 1 1 2 255 255 255 0 interface GigabitEthernet1 0 0 port hybrid pvid vlan 20 port hybrid untagged vlan 20 interface Tunnel1 0 0 ip address 40 1 1 2 255 255 255 0 source 30 1 1 2 destination 20 1 1 1 keepalive period 20 return Quidway S7700 Smart Routing Switch Configuration Guide VPN 2 GRE Configuration Issue 01 2...

Page 110: ...S IP VPN is unique For example a router cannot function as both a PE and a CE 3 5 Configuring Hub and Spoke In the networking of Hub and Spoke an access control device is specified in the VPN and users communicate with each other through the access control device 3 6 Configuring Inter AS VPN Option A In inter AS VPN OptionA an ASBR takes the peer ASBR as its CE and advertises VPNv4 routes to the p...

Page 111: ... GR to ensure that VPN traffic is not interrupted on the PE CE or P 3 14 Configuring Route Reflection to Optimize the VPN Backbone Layer Using an RR can reduce the number of MP IBGP connections between PEs This not only reduces the burden of PEs but also facilitates network maintenance and management 3 15 Configuring Route Reflection to Optimize the VPN Access Layer If a PE and the connected CEs a...

Page 112: ... host Mostly CEs cannot sense the existence of the VPN and do not need to support MPLS l A Provider Edge PE is an edge device on the provider network which is directly connected to the CE In the MPLS network PEs perform all the VPN related processing l A Provider P is a backbone device on the provider network which is not directly connected to the CE Ps only need to possess basic MPLS forwarding c...

Page 113: ...ice on the convergence layer or the access layer is selected as the Underlayer Provider Edge UPE which works jointly with the PE that is the Superstratum Provider Edge SPE on the backbone layer to implement the functions of the PE l OSPF sham link If OSPF runs between the PE and CE an OSPF sham link can be configured to solve the following problem OSPF does not select the private route passing thr...

Page 114: ...e the reliability of a VPN can also be deployed After the deployment of VPN GR the VPN traffic is not interrupted in the master slave switchover process on the switch PE P or CE This reduces the impact of a single point failure on VPN services Interfaces Bound to VPN Instances A VPN instance needs to be bound to the interface on the PE that is connected to the CE After being bound the interface fu...

Page 115: ...ced routing control you can also enforce inbound and outbound routing policies The inbound routing policy is used to filter the routes imported into the VPN instance and the outbound routing policy is used to filter the routes advertised to other PEs Pre configuration Tasks Before configuring a VPN instance complete the following tasks l Configuring routing policies if import or export routing pol...

Page 116: ...ce description NOTE An RD cannot be changed or deleted once it is configured To change an RD first delete the VPN instance and then re configure a VPN instance and an RD To delete the RD you only need to delete the VPN instance Step 4 Optional Run description description information The description of the VPN instance is configured The description of a VPN instance functions the same as the descri...

Page 117: ...rease the maximum number of routes supported in a VPN instance or the undo routing table limit command is run to remove the limit on the routing table for excess routes the following operations are required l For the excessive static routes you need to reconfigure them manually l For the excessive routes learnt from CEs through the IGP multi instance routing protocol you need to re initiate the mu...

Page 118: ...n instance vpn instance name The VPN instance view is displayed Step 3 Run tnl policy policy name A tunnel policy is applied to the VPN instance End 3 3 5 Optional Configuring MPLS Label Allocation Based on the VPN Instance This section describes how the MPLS label is allocated in a VPN instance To be specific how the local PE allocates the same MPLS label for all routes of the VPN instance If the...

Page 119: ...tance name command to check detailed information about the VPN instance l Run the display ip vpn instance vpn instance name command to check brief information about the VPN instance End Example Run the display ip vpn instance command If brief information including the RD and creating time about the VPN instance is displayed it means that the configuration succeeded For example Quidway display ip v...

Page 120: ...configurations are needed You can refer to the related sections in this chapter for details In terms of the configuration of the BGP MPLS IP VPN it is critical for you to configure the management of the advertisement of VPN routes on the MPLS backbone networks including the management of route advertisement between the PE and CE and between PEs You can configure MP IBGP to exchange routes between ...

Page 121: ...ess and interface of the PE used to establish the BGP peer relationship 3 4 2 Configuring a VPN Instance This part describes how to configure a VPN instance to manage VPN routes Context For the details see Configuring VPN Instances 3 4 3 Binding an Interface with a VPN Instance After associating an interface with a VPN instance you can change the interface to a VPN interface As a result packets th...

Page 122: ...p 4 Run ip address ip address mask mask length The IP address is configured End 3 4 4 Configuring MP IBGP Between PEs By importing extended community attributes to BGP MP IBGP can advertise VPNv4 routes between PEs Context Do as follows on the PE that is connected to the CE Procedure Step 1 Run system view The system view is displayed Step 2 Run bgp as number The BGP view is displayed Step 3 Run p...

Page 123: ... the configuration process Context Select one of the following configurations as required l Configuring EBGP between a PE and a CE l Configuring IBGP between a PE and a CE l Configuring the static route between a PE and a CE l Configuring RIP between a PE and a CE l Configuring OSPF between a PE and a CE l Configuring IS IS between a PE and a CE Procedure l Configure EBGP between s PE and a CE Do ...

Page 124: ... length route policy route policy name command to import a specific direct route of the local CE into the VPN routing table NOTE The PE can automatically learn the direct route destined for the local CE and the learnt direct route has a higher priority than the direct route that is advertised by the local CE based on EBGP Therefore if this step is not configured the PE cannot advertise the direct ...

Page 125: ... name ebgp max hop hop count The maximum number of hops is configured for the EBGP connection Generally one or multiple directly connected physical link s exist between a pair of EBGP peers If not you must use the peer ebgp max hop command to ensure that the TCP connection can be set up between the EBGP peers through multiple hops 5 Run import route direct static rip process id ospf process id isi...

Page 126: ...PE select either of the following configurations Run the import route direct med med route policy route policy name command to import the direct routes of the local CE to the VPN routing table Run the network ipv4 address mask mask length route policy route policy name command to import a specific direct route of the local CE to the VPN routing table NOTE The PE can automatically learn the direct ...

Page 127: ...ess preference preference tag tag The static route is configured for the specified VPN instance 3 Run bgp as number The BGP view is displayed 4 Run ipv4 family vpn instance vpn instance name The BGP VPN instance view is displayed 5 Run import route static med med route policy route policy name The configured static route is imported into the routing table of the BGP VPN instance l Configure RIP be...

Page 128: ...rocess id med med route policy route policy name The RIP route is imported into the routing table of the BGP VPN instance After the configuration of the import route ripcommand in the BGP VPN view the PE imports the VPN routes learnt from its CE into BGP forms them into VPN IPv4 routes and advertises them to the remote PE NOTE After a VPN instance is deleted all the associated RIP processes are de...

Page 129: ...me domain ID to ensure correct routing advertisement The domain ID of an OSPF process is contained in the routes generated by this process When the OSPF routes are imported into BGP the domain ID is added into the BGP VPN route and is transmitted as the BGP extended community attribute By default the domain ID is 0 4 Optional Run route tag tag The VPN route tag is configured By default OSPF automa...

Page 130: ...displayed 12 Run import route ospf process id med med route policy route policy name The OSPF route is imported into the routing table of the BGP VPN instance NOTE After a VPN instance is deleted all related OSPF processes are deleted l Configuring IS IS between PE and CE Do as follows on the PE The CE is configured with IS IS The configurations are common therefore not mentioned here NOTE For det...

Page 131: ...d 6 Run quit Return to the system view 7 Run interface interface type interface number The view of the interface bound to the VPN instance is displayed 8 Run isis enable process id IS IS is enabled on the interface 9 Run quit The system view is displayed 10 Run bgp as number The BGP view is displayed 11 Run ipv4 family vpn instance vpn instance name The BGP VPN instance view is displayed 12 Run im...

Page 132: ...communicate with each other through the access control device 3 5 1 Establishing the Configuration Task Before configuring the networking of Hub and Spoke familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment If it is required that all the...

Page 133: ...igured with a VPN instance while each Hub PE is configured with the following two VPN instances l VPN in It receives and maintains all the VPNv4 routes advertised by all the Spoke PEs l VPN out It maintains the routes of all the Hub stations and Spoke stations and advertises those routes to all the Spoke PEs NOTE l Different VPN instances on a device have different names RDs and description l It i...

Page 134: ... when the number of routes injected into the routing table of the VPN instance exceeds the upper limit If the routing table limit command is run to increase the maximum number of routes supported in a VPN instance or the undo routing table limit command is run to remove the limit on the routing table for excess routes the following operations are required l For the excessive static routes you need...

Page 135: ...Optional Run export route policy policy name The export routing policy of the VPN instance is configured 6 Run quit Return to the system view 7 Run ip vpn instance vpn instance name2 The VPN instance view of the VPN out is displayed 8 Run vpn target vpn target2 1 8 export extcommunity The VPN target extended community for the VPN instance is created to advertise the routes of all the Hubs and the ...

Page 136: ...ort routing policy of the VPN instance is configured End 3 5 4 Binding an Interface with the VPN Instance After associating an interface with a VPN instance you can change the interface to a VPN interface As a result packets that pass through the interface are forwarded according to the forwarding information of the VPN instance and such Layer 3 attributes as IP address and routing protocol that a...

Page 137: ...ub PE and Spoke PE By importing extended community attributes to BGP MP IBGP can advertise VPNv4 routes between PEs Context The Hub PE must set up the MP IBGP peer with all the Spoke PEs Spoke PEs need not set up the MP IBGP peer between each other Do as follows on the Hub PE and the Spoke PE Procedure Step 1 Run system view The system view is displayed Step 2 Run bgp as number The BGP view is dis...

Page 138: ...can exchange routes in the following ways Procedure l Configuring EBGP between the Hub PE and the Hub CE In this way EBGP IGP or static routes can be adopted between the Spoke PE and the Spoke CE To set up the EBGP peer between the Hub PE and the Hub CE and between the Spoke PE and the Spoke CE do as follows on the Hub PE 1 Run system view The system view is displayed 2 Run bgp as number The BGP v...

Page 139: ...e PE interface bound with the VPN out 3 Run bgp as number The BGP view is displayed 4 Run ipv4 family vpn instance vpn instance name The BGP VPN instance view is displayed vpn instance name refers to the VPN out 5 Run network 0 0 0 0 0 Advertise the default route to all the Spoke PEs through MP BGP End Follow up Procedure Choose one of the preceding methods as required For detailed configurations ...

Page 140: ...g the VPN routes is across multiple ASs you must configure the Inter AS VPNs The Inter AS VPN Option A is convenient to implement and is suitable when the amount of the VPNs and the VPN routes on the PE is small In VPN Option A the Autonomous System Boundary Routers ASBRs must support the VPN instances and can manage VPN routes Option A therefore requires high performance of the ASBRs No inter AS ...

Page 141: ...the VPN instance configured on an ASBR is used to access the peer ASBR Context Inter AS VPN Option A is easy to deploy When the amount of the VPNs and the VPN routes on the PE is small this solution can be adopted The configurations of the inter AS VPN Option A are as follows Procedure Step 1 3 4 Configuring Basic BGP MPLS IP VPN on each AS Step 2 Configuring ASBR by considering the peer ASBR as i...

Page 142: ...tance command on the PE or the ASBR and you can view all the relevant routes in the VPN routing table 3 7 Configuring Inter AS VPN Option B In inter AS VPN OptionB through MP EBGP two ASBRs receive VPNv4 routes from PEs in their respective ASs and then exchange the VPNv4 routes with each other 3 7 1 Establishing the Configuration Task Before configuring inter AS VPN OptionB familiarize yourself wi...

Page 143: ...g the import and export of VPN routes l Optional Maximum number of route permitted in a VPN instance 2 IP address of the PE interface connected with the PE 3 AS number of the PE 4 IP addresses of the interfaces connected the ASBRs 5 Routing policy configured between the PE and the CE static routes RIP OSPF IS IS and BGP 6 IP addresses and interfaces setting up the IBGP peer between the PE and the ...

Page 144: ... peer ipv4 address enable The exchange of IPv4 VPN routes between PE and ASBR in the same AS is enabled End 3 7 3 Configuring MP EBGP Between ASBRs in Different ASs After the MP EBGP peer relationship is established between ASBRs either ASBR can advertise the VPNv4 routes of its AS to the other ASBR Context Do as follows on the ASBR Procedure Step 1 Run system view The system view is displayed Ste...

Page 145: ...Step 10 Run peer ipv4 address enable The exchange of IPv4 VPN routes with the peer ASBR is enabled End 3 7 4 Controlling the Receiving and Sending of VPN Routes by Using Routing Policies An ASBR can either save all VPNv4 routes or partial VPNv4 routes by filtering VPN targets through a routing policy Context The following describes two methods for controlling the receiving and sending of VPN route...

Page 146: ...e the ASBR must save all the VPNv4 routing information and advertise it to the peer ASBR In this case the ASBR should receive all the VPNv4 routing information without the VPN target filtering l VPN Target Filtering Do as follows on the ASBR 1 Run system view The system view is displayed 2 Run ip extcommunity filter extcomm filter number permit deny rt as number nn ipv4 address nn 1 16 The extende...

Page 147: ...o perform either Step 5 or Step 6 Procedure Step 1 Run system view The system view is displayed Step 2 Run ip vpn instance vpn instance name A VPN instance is created and the VPN instance view is displayed Step 3 Run route distinguisher route distinguisher The RD of the VPN instance is configured Step 4 Run vpn target vpn target 1 8 import extcommunity The VPN target extended community for the VPN...

Page 148: ...of the VPN instance is configured End 3 7 6 Optional Enabling Next Hop based Label Allocation on the ASBR To save label resources on an ASBR you can enable next hop based label allocation on the ASBR Note that next hop based label allocation and one label per instance need to be used together on the ASBR Context In a VPN Option B scenario after next hop based label allocation is enabled on the ASB...

Page 149: ...view information about all BGP peer relationships and VPNv4 routes on PEs or ASBRs Prerequisite The configurations of the Inter AS VPN Option B function are complete Procedure l Run the display bgp vpnv4 all peer command to check the VPN IPv4 routing table on the PE or the ASBR l Run the display bgp vpnv4 all routing table command to check information about all the BGP peers on the PE or the ASBR ...

Page 150: ... PEs function as one PE and the performance requirement for PEs are lowered 3 8 1 Establishing the Configuration Task Before configuring HoVPN familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment For hierarchical VPN networks adopt the Ho...

Page 151: ...pe The peer is specified as the UPE of the SPE End 3 8 3 Advertising Default Routes of a VPN Instance The SPE advertises the UPE of a default route with the next hop address as the local address In this manner the SPE instructs the VPN packet forwarding on the UPE Context Do as follows on the SPE Procedure Step 1 Run system view The system view is displayed Step 2 Run bgp as number The BGP view is...

Page 152: ... This section describes how to configure the routes that traverse the MPLS VPN backbone network to be the routes of the OSPF area After the configuration traffic between sites of the same VPN in the same OSPF area need not be forwarded through routes of the OSPF area 3 9 1 Establishing the Configuration Task Before configuring an OSPF sham link familiarize yourself with the applicable environment ...

Page 153: ...stance The end addresses of sham links of the same OSPF process can be the same The end addresses of sham links of different OSPF processes must be different Context Do as follows on the PEs of the two ends of the sham link Procedure Step 1 Run system view The system view is displayed Step 2 Run interface loopback interface number A loopback interface is created and the loopback interface view is ...

Page 154: ...yed Step 4 Run import route direct The direct route is imported That is the route of the end address is imported into BGP BGP advertises the end address of the sham link as the VPN IPv4 address NOTE The route of one end address of the sham link cannot be advertised to the remote PE through the OSPF process of the private network If the routes however are advertised to the remote PE through the OSP...

Page 155: ...l for sending Hello packets namely hello interval is 10 seconds l Interval for retransmitting LSA packets namely retransmit interval is 5 seconds l Delay for sending LSA packets namely trans delay interval is 1 second The authentication mode on the two ends of the sham link must be the same If the packet authentication is supported only the OSPF packets that pass the authentication can be received...

Page 156: ...t pass through the backbone network Run the display ip routing table and the tracert commands on the CE You can find the VPN traffic from the CE to the peer is forwarded through the backbone network Run the display ospf process id sham link command on the PE You can find the OSPF neighbor status between the PE and the peer CE is Full Run the display ospf routing on the CE You can find the routes f...

Page 157: ...faces of the multi instance CE and PE interfaces through which the PE accesses the multi instance and configuring IP addresses for those interfaces Data Preparation To configure a multi VPN instance CE you need the following data No Data 1 Names of the VPN instances corresponding with the OSPF processes used by each service 2 OSPF process number and Router ID used by each service 3 Routes advertis...

Page 158: ...ber The BGP view is displayed Step 9 Run ipv4 family vpn instance vpn instance name The BGP VPN instance view is displayed Step 10 Run import route ospf process id The OSPF multi instance route is imported End 3 10 3 Configuring the OSPF Multi Instance on the Multi Instance CE The process ID of the OSPF multi instance configured on the multi VPN instance CE must be the same as that configured on t...

Page 159: ...tion on the Multi Instance CE If the route loop check is performed the CE discards the route from the PE with the DN bit being 1 Context Do as follows on the PE Procedure Step 1 Run system view The system view is displayed Step 2 Run ospf process id router id router id vpn instance vpn instance name The OSPF view is displayed Step 3 Run vpn instance capability simple Loop detection is not performe...

Page 160: ...et 3 11 1 Establishing the Configuration Task Before configuring the interconnection between a VPN and the Internet familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment You can enable VPN users to access the Internet by supplementing cert...

Page 161: ... be 0 Note that the out interface must be the interface connected directly with the PE and the next hop is the IP address of the peer PE interface connected directly with the CE NOTE If the CE and the PE are connected through an Ethernet network the next hop must be specified End 3 11 3 Configuring the Private Network Static Route on the PE This part describes how to configure static routes on PEs...

Page 162: ... the CE and the PE are connected through an Ethernet network the next hop must be specified End 3 11 5 Checking the Configuration After configuring the interconnection between a VPN and the Internet you can find that the VPN routing table contains the routes destined for the CE and the router in the public network and the routing table in the destined device of the public network contains the rout...

Page 163: ...able Environment It is applied to the service sensitive to packet loss or delay in the private network You can configure VPN FRR in either of the following modes l Manual VPN FRR Information such as the backup next hop is specified l Auto VPN FRR The backup next hop is unspecified but a proper next hop is selected for the VPN route You can select either mode as required If both of them are configu...

Page 164: ...iew The system view is displayed Step 2 Run route policy route policy name permit deny node node The routing policy node is created and the routing policy view is displayed Step 3 Run apply backup nexthop ip address auto The backup next hop is configured Step 4 Run quit Return to the system view Step 5 Run ip vpn instance vpn instance name The VPN instance view is displayed Step 6 Run vpn frr rout...

Page 165: ...table Prerequisite The configurations of the VPN FRR function are complete Procedure l Run the display ip routing table vpn instance vpn instance name ip address verbose command to check information about the backup next hop backup tunnel and backup label End Example Run the display ip routing table vpn instance vpn instance name ip address verbose command on the PE configured with VPN FRR If info...

Page 166: ...pability Configuring VPN GR on the switch that undertakes the VPN service can ensure that switch keeps forwarding when the switch performs the AMB SMB switchover and the VPN traffic is not broken NOTE The GR capability cannot ensure that the traffic is not broken if the neighboring switch performs the AMB SMB switchover at the same time When configuring VPN GR you must configure the IGP GR BGP GR ...

Page 167: ...he specific IGP protocol running on the backbone network Procedure l Configure IS IS GR on the backbone network If IS IS is running on the public network do as follows on the related PEs and Ps on the backbone network 1 Run system view The system view is displayed 2 Run isis process id The IS IS view is displayed 3 Run graceful restart The IS IS GR capability is enabled By default the IS IS GR cap...

Page 168: ...d PEs and Ps on the backbone network 1 Run system view The system view is displayed 2 Run ospf process id The OSPF view is displayed 3 Run opaque capability enable The opaque lsa capability is enabled 4 Perform the following as needed To enable the GR capability of OSPF run graceful restart To enable the GR Help capability of OSPF at which the Restarter performs the GR run graceful restart helper ...

Page 169: ...ed 5 Run graceful restart The GR capability of MPLS LDP is enabled 6 Optional Run graceful restart timer reconnect time The reconnection period of the MPLS LDP session is configured By default the reconnection period is 300 seconds 7 Optional Run graceful restart timer neighbor liveness time The validity period of MPLS LDP neighbors is configured By default the validity period of MPLS LDP neighbor...

Page 170: ... GR capability of RSVP TE is disabled 7 Optional Run mpls rsvp te hello nodeid session ip address The Hello session is established between nodes of RSVP TE enabled with GR capability 8 Run quit Return to the system view 9 Run interface interface type interface number The RSVP interface view is displayed 10 Run mpls The MPLS view is displayed 11 Run mpls te MPLS TE is enabled 12 Run mpls rsvp te RS...

Page 171: ...The system view is displayed 2 Run isis process id vpn instance vpn instance name The IS IS multi instance view is displayed 3 Run graceful restart The IS IS GR capability is enabled By default the IS IS GR capability is disabled 4 Optional Run graceful restart interval interval value The interval for reestablishing the IS IS GR session is configured The interval for reestablishing the IS IS GR se...

Page 172: ...d 3 Run opaque capability enable The opaque lsa capability is enabled 4 Perform the following as needed To enable the GR capability of OSPF run graceful restart To enable the GR Help capability of OSPF at which the Restarter performs the GR run graceful restart helper role ip prefix ip prefix name acl number acl number acl name acl name ignore external lsa planned only never It is suggested to ena...

Page 173: ...ing is interrupted If BGP GR is enabled traffic interruption can be prevented Context Configure BGP GR for MP BGP on all the PEs including the PE that serves as the ASBR and the RRs that reflect the VPNv4 route unless BGP GR has been configured for MP BGP when BGP GR is configured between PEs and CEs The process of configuring BGP GR for MP BGP is the same as that of configuring GR in the common B...

Page 174: ...eived active routes total 2 Advertised total routes 2 Port Local 49941 Remote 179 Port Local 52845 Remote 179 Configured Active Hold Time 180 sec Keepalive Time 60 sec Received Active Hold Time 180 sec Negotiated Active Hold Time 180 sec Keepalive Time 60 sec Peer optional capabilities Peer supports bgp multi protocol extension Peer supports bgp route refresh capability Peer supports bgp 4 byte as...

Page 175: ...ity advertised and received Restart Timer Value received from Peer 150 seconds Address families preserved for peer in GR IPv4 Unicast was preserved Address family IPv4 Unicast advertised and received Received Total 25 messages Update messages 4 Open messages 1 KeepAlive messages 20 Notification messages 0 Refresh messages 0 Authentication type configured None Sent Total 28 messages Update messages...

Page 176: ...hich are called Client PEs An RR can be a P PE ASBR or a switch of other types The introduction of the RR reduces the number of MP IBGP connections This lightens the burden of PEs and facilitates network maintenance and management Pre configuration Tasks Before configuring route reflection to optimize the VPN backbone layer complete the following tasks l Configuring the routing protocol for the MP...

Page 177: ... address family view is displayed Step 6 Run peer ipv4 address enable The capability of exchanging VPNv4 routes between the PE and the RR is enabled End 3 14 3 Configuring the RR to Establish MP IBGP Connections with the Client PEs MP IBGP connections are configured between the RR and all its clients PEs to facilitate VPNv4 route reflection Context Choose one of the following schemes to configure ...

Page 178: ...BGP connection with each client PE 1 Run system view The system view is displayed 2 Run bgp as number The BGP view is displayed 3 Run peer ipv4 address as number as number The client PE is specified as the BGP peer 4 Run peer ipv4 address connect interface interface type interface number The interface is specified as an interface to establish the TCP connection The IP address of the interface must...

Page 179: ... peer ipv4 address reflect client command repeatedly to enable route reflection if the RR establishes the MP IBGP connection with each PE rather than peer group Step 5 Run undo policy vpn target The filtering of VPNv4 routes based on the VPN target is disabled Step 6 Optional Run rr filter extcomm filter number The reflection policy is configured for the RR End 3 14 5 Checking the Configuration Af...

Page 180: ...ions between the RR and the group members is Established after running the display bgp vpnv4 all group command on the RR 3 15 Configuring Route Reflection to Optimize the VPN Access Layer If a PE and the connected CEs are in the same AS you can deploy a BGP route RR to reduce the number of IBGP connections between CEs and facilitate maintenance and management 3 15 1 Establishing the Configuration ...

Page 181: ...and the RR to reflect VPNv4 routes Context Do as follows on all Client CEs Procedure Step 1 Run system view The system view is displayed Step 2 Run bgp as number The BGP view is displayed Step 3 Run peer ipv4 address as number as number The RR is specified as the BGP peer Step 4 Run peer ipv4 address connect interface interface type interface number The interface is specified as an interface to es...

Page 182: ...nternal An IBGP peer group is created 5 Run peer group name connect interface interface type interface number The interface is specified as an interface to establish the TCP connection 6 Run peer ip address groupgroup name The peer is added to the peer group l Establishing the MP IBGP Connection with Each Peer 1 Run system view The system view is displayed 2 Run bgp as number The BGP view is displ...

Page 183: ...le route reflection for the routes of the BGP VPN instance on the RR l Run the peer group name reflect client command to enable route reflection if the RR establishes the IBGP connection with the peer group consisting of all Client CEs l Run the peer ipv4 address reflect client command repeatedly to enable route reflection if the RR establishes the IBGP connection with each PE rather than the peer...

Page 184: ...or display bgp routing table statistics command to check information about the routes received from the peer or the routes advertised to the peer on the Client CE l Run the display bgp vpnv4 vpn instance vpn instance name group group name command to check information about the VPNv4 peer group on the RR l Run the display bgp group group name command to check information about the VPNv4 peer group ...

Page 185: ...h involves VPN instance information checking VPNv4 peer information checking and BGP peer log information checking Context In routine maintenance you can run the following commands in any view to check the status of BGP MPLS IP VPN Procedure l Run the display ip routing table vpn instance vpn instance name command to check the IP routing table of a VPN instance l Run the display ip vpn instance ve...

Page 186: ...s packetsize t timeout tos tos value v vpn instance vpn instance name host command to check the network connectivity l Run the tracert a source ip address f first ttl m max ttl p port q nqueries vpn instance vpn instance name w timeout host command to trace the gateways that the packet passes by from the source to the destination l Run the ping lsp a source ip c count exp exp value h ttl value m i...

Page 187: ...hat the BGP peers have route refreshment capability supporting Route Refresh messages Procedure l Run the refresh bgp vpn instance vpn instance name all ipv4 address group group name internal external import command in the user view to trigger the inbound soft reset of the VPN instance s BGP connection l Run the refresh bgp vpn instance vpn instance name all ipv4 address group group name internal ...

Page 188: ...nstance name peer address keepalive open packet raw packet route refresh receive send verbose command in the user view to enable the packet debugging of the specified BGP peers in a VPN instance l Run the debugging bgp update vpn instance vpn instance name peer ip address acl acl number ip prefix ip prefix name receive send verbose command in the user view to enable the BGP Update packets debuggin...

Page 189: ...GE2 0 0 GE1 0 0 GE3 0 0 MPLS backbone Loopback1 2 2 2 9 32 Device Interface VLANIF interface IP address PE1 GigabitEthernet1 0 0 VLANIF 10 10 1 1 2 24 GigabitEthernet2 0 0 VLANIF 20 10 2 1 2 24 GigabitEthernet3 0 0 VLANIF 30 172 1 1 1 24 PE2 GigabitEthernet1 0 0 VLANIF 40 10 3 1 2 24 GigabitEthernet2 0 0 VLANIF 50 10 4 1 2 24 GigabitEthernet3 0 0 VLANIF 60 172 2 1 2 24 P GigabitEthernet1 0 0 VLANI...

Page 190: ...ure IGP on the MPLS backbone network so that PEs and P can interwork Configure PE1 Quidway system view Quidway sysname PE1 PE1 interface loopback 1 PE1 LoopBack1 ip address 1 1 1 9 32 PE1 LoopBack1 quit PE1 vlan batch 10 20 30 PE1 interface gigabitethernet 1 0 0 PE1 GigabitEthernet1 0 0 port hybrid pvid vlan 10 PE1 GigabitEthernet1 0 0 port hybrid untagged vlan 10 PE1 GigabitEthernet1 0 0 quit PE1...

Page 191: ...thernet 1 0 0 PE2 GigabitEthernet1 0 0 port hybrid pvid vlan 40 PE2 GigabitEthernet1 0 0 port hybrid untagged vlan 40 PE2 GigabitEthernet1 0 0 quit PE2 interface gigabitethernet 2 0 0 PE2 GigabitEthernet2 0 0 port hybrid pvid vlan 50 PE2 GigabitEthernet2 0 0 port hybrid untagged vlan 50 PE2 GigabitEthernet2 0 0 quit PE2 interface gigabitethernet 3 0 0 PE2 GigabitEthernet3 0 0 port hybrid pvid vlan...

Page 192: ...ighbors Area 0 0 0 0 interface 172 1 1 1 Vlanif30 s neighbors Router ID 172 1 1 2 Address 172 1 1 2 State Full Mode Nbr is Master Priority 1 DR None BDR None MTU 1500 Dead timer due in 37 sec Neighbor is up for 00 16 21 Authentication Sequence 0 Step 2 Configure basic MPLS functions and MPLS LDP on the MPLS backbone network and set up LDP LSPs Configure PE1 PE1 mpls lsr id 1 1 1 9 PE1 mpls PE1 mpl...

Page 193: ...nfi30 3 3 3 9 32 NULL 1025 172 1 1 2 Vlanfi30 3 3 3 9 32 1025 1025 2 2 2 9 172 1 1 2 Vlanfi30 TOTAL 5 Normal LSP s Found TOTAL 1 Liberal LSP s Found TOTAL 0 Frr LSP s Found A before an LSP means the LSP is not established A before a Label means the USCB or DSCB is stale A before a UpstreamPeer means the session is in GR state A before a NextHop means the LSP is FRR LSP Step 3 Configure VPN instanc...

Page 194: ...ce ip address destination address command Otherwise the ping operation may fail Take PE1 and CE1 for example PE1 display ip vpn instance verbose Total VPN Instances configured 2 VPN Instance Name and ID vpna 1 Create date 2008 11 24 16 28 27 UTC 08 00 Up time 0 days 00 hours 11 minutes and 25 seconds Route Distinguisher 100 1 Export VPN Targets 111 1 Import VPN Targets 111 1 Label policy label per...

Page 195: ...mmand on a PE and you can find that the BGP peer relation between the PE and CE is in Established state Take the peer relation between PE1 and CE1 for example PE1 display bgp vpnv4 vpn instance vpna peer BGP local router ID 1 1 1 9 Local AS number 100 Total number of peers 1 Peers in established state 1 Peer V AS MsgRcvd MsgSent OutQ Up Down State PrefRcv 118 118 118 2 4 65410 11 9 0 00 07 25 Esta...

Page 196: ...elay D download to fib Routing Tables vpna Destinations 5 Routes 5 Destination Mask Proto Pre Cost Flags NextHop Interface 10 1 1 0 24 Direct 0 0 D 10 1 1 2 Vlanif10 10 1 1 2 32 Direct 0 0 D 127 0 0 1 InLoopBack0 10 1 1 255 32 Direct 0 0 D 127 0 0 1 InLoopBack0 10 3 1 0 24 BGP 255 0 RD 3 3 3 9 Vlanif30 255 255 255 255 32 Direct 0 0 D 127 0 0 1 InLoopBack0 PE1 display ip routing table vpn instance ...

Page 197: ...1 vlan batch 10 20 30 ip vpn instance vpna route distinguisher 100 1 vpn target 111 1 export extcommunity vpn target 111 1 import extcommunity ip vpn instance vpnb route distinguisher 100 2 vpn target 222 2 export extcommunity vpn target 222 2 import extcommunity mpls lsr id 1 1 1 9 mpls mpls ldp interface Vlanif10 ip binding vpn instance vpna ip address 10 1 1 2 255 255 255 0 interface Vlanif20 i...

Page 198: ...urn l Configuration file of P sysname P vlan batch 30 60 mpls lsr id 2 2 2 9 mpls mpls ldp interface Vlanif30 ip address 172 1 1 2 255 255 255 0 mpls mpls ldp interface Vlanif60 ip address 172 2 1 1 255 255 255 0 mpls mpls ldp interface GigabitEthernet1 0 0 port hybrid pvid vlan 30 port hybrid untagged vlan 30 interface GigabitEthernet2 0 0 port hybrid pvid vlan 60 port hybrid untagged vlan 60 int...

Page 199: ...igabitEthernet1 0 0 port hybrid pvid vlan 40 port hybrid untagged vlan 40 interface GigabitEthernet2 0 0 port hybrid pvid vlan 50 port hybrid untagged vlan 50 interface GigabitEthernet3 0 0 port hybrid pvid vlan 60 port hybrid untagged vlan 60 interface LoopBack1 ip address 3 3 3 9 255 255 255 255 bgp 100 peer 1 1 1 9 as number 100 peer 1 1 1 9 connect interface LoopBack1 ipv4 family unicast undo ...

Page 200: ...ysname CE2 vlan batch 20 interface Vlanif20 ip address 10 2 1 1 255 255 255 0 interface GigabitEthernet1 0 0 port hybrid pvid vlan 20 port hybrid untagged vlan 20 bgp 65420 peer 10 2 1 2 as number 100 ipv4 family unicast undo synchronization import route direct peer 10 2 1 2 enable return l Configuration file of CE3 sysname CE3 vlan batch 40 interface Vlanif40 ip address 10 3 1 1 255 255 255 0 int...

Page 201: ...st undo synchronization import route direct peer 10 4 1 2 enable return 3 17 2 Example for Configuring Overlapping Addresses in Two BGP MPLS IP VPNs Networking Requirements As shown in Figure 3 4 CE1 and CE2 belong to vpna and CE3 and CE4 belong to vpnb The VPN target of vpna is 100 100 and the VPN target of vpnb is 200 200 The users on different VPNs cannot access each other Quidway S7700 Smart R...

Page 202: ... GigabitEthernet3 0 2 VLANIF 101 34 1 1 1 24 P GigabitEthernet1 0 1 VLANIF 10 12 1 1 2 24 GigabitEthernet2 0 1 VLANIF 20 23 1 1 1 24 CE1 GigabitEthernet3 0 1 VLANIF 100 14 1 1 2 24 CE2 GigabitEthernet3 0 1 VLANIF 100 34 1 1 2 24 CE3 GigabitEthernet3 0 1 VLANIF 101 14 1 1 2 24 CE4 GigabitEthernet3 0 1 VLANIF 101 34 1 1 2 24 Configuration Roadmap The configuration roadmap is as follows 1 Configure V...

Page 203: ...55 PE1 ospf 1 area 0 0 0 0 quit PE1 ospf 1 quit Configure P P ospf P ospf 1 area 0 P ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 P ospf 1 area 0 0 0 0 network 12 1 1 0 0 0 0 255 P ospf 1 area 0 0 0 0 network 23 1 1 0 0 0 0 255 P ospf 1 area 0 0 0 0 quit P ospf 1 quit Configure PE2 PE2 ospf PE2 ospf 1 area 0 PE2 ospf 1 area 0 0 0 0 network 3 3 3 9 0 0 0 0 PE2 ospf 1 area 0 0 0 0 network 23 1 1 0 0 ...

Page 204: ...p quit PE1 interface vlanif 10 PE1 Vlanif10 mpls PE1 Vlanif10 mpls ldp Configure P P mpls lsr id 2 2 2 9 P mpls P mpls quit P mpls ldp P mpls ldp quit P interface vlanif 10 P Vlanif10 mpls P Vlanif10 mpls ldp P Vlanif10 quit P interface vlanif 20 P Vlanif20 mpls P Vlanif20 mpls ldp P Vlanif20 quit Configure PE2 PE2 mpls lsr id 3 3 3 9 PE2 mpls PE2 mpls quit PE2 mpls ldp PE2 mpls ldp quit PE2 inter...

Page 205: ...xtcommunity PE1 vpn instance vpna quit PE1 ip vpn instance vpnb PE1 vpn instance vpnb route distinguisher 300 300 PE1 vpn instance vpnb vpn target 200 200 export extcommunity PE1 vpn instance vpnb vpn target 200 200 import extcommunity PE1 vpn instance vpnb quit PE1 interface vlanif 100 PE1 Vlanif100 ip binding vpn instance vpna PE1 Vlanif100 ip address 14 1 1 1 255 255 255 0 PE1 Vlanif100 quit PE...

Page 206: ...Import VPN Targets 200 200 Label policy label per route Log Interval 5 Interfaces Vlanif101 PE1 ping vpn instance vpna 14 1 1 2 PING 14 1 1 2 56 data bytes press CTRL_C to break Reply from 14 1 1 2 bytes 56 Sequence 1 ttl 255 time 5 ms Reply from 14 1 1 2 bytes 56 Sequence 2 ttl 255 time 3 ms Reply from 14 1 1 2 bytes 56 Sequence 3 ttl 255 time 3 ms Reply from 14 1 1 2 bytes 56 Sequence 4 ttl 255 ...

Page 207: ... 100 3 3 0 00 01 08 Established 0 Step 7 Verify the configuration Run the display ip routing table vpn instance command on a PE and you can view the routes to the remote CE Take the display on PE1 as an example PE1 display ip routing table vpn instance vpna Route Flags R relay D download to fib Routing Tables vpna Destinations 5 Routes 5 Destination Mask Proto Pre Cost Flags NextHop Interface 14 1...

Page 208: ...vpn target 200 200 export extcommunity vpn target 200 200 import extcommunity mpls lsr id 1 1 1 9 mpls mpls ldp interface Vlanif10 ip address 12 1 1 1 255 255 255 0 mpls mpls ldp interface Vlanif100 ip binding vpn instance vpna ip address 14 1 1 1 255 255 255 0 interface Vlanif101 ip binding vpn instance vpnb ip address 14 1 1 1 255 255 255 0 interface GigabitEthernet1 0 1 port hybrid pvid vlan 10...

Page 209: ...0 1 port hybrid pvid vlan 20 port hybrid untagged vlan 20 interface LoopBack0 ip address 2 2 2 9 255 255 255 255 ospf 1 area 0 0 0 0 network 12 1 1 0 0 0 0 255 network 23 1 1 0 0 0 0 255 network 2 2 2 9 0 0 0 0 return l Configuration file of PE2 sysname PE2 vlan batch 20 100 101 ip vpn instance vpna route distinguisher 200 200 vpn target 100 100 export extcommunity vpn target 100 100 import extcom...

Page 210: ...3 3 3 9 255 255 255 255 bgp 100 peer 1 1 1 9 as number 100 peer 1 1 1 9 connect interface LoopBack0 ipv4 family unicast undo synchronization peer 1 1 1 9 enable ipv4 family vpnv4 peer 1 1 1 9 enable ipv4 family vpn instance vpna import route direct ipv4 family vpn instance vpnb import route direct ospf 1 area 0 0 0 0 network 23 1 1 0 0 0 0 255 network 3 3 3 9 0 0 0 0 return l Configuration file of...

Page 211: ... 0 Vlanif 100 14 1 1 1 return l Configuration file of CE4 sysname CE4 vlan batch 101 interface Vlanif101 ip address 34 1 1 2 255 255 255 0 interface GigabitEthernet3 0 1 port hybrid pvid vlan 101 port hybrid untagged vlan 101 ip route static 0 0 0 0 0 0 0 0 Vlanif 100 34 1 1 1 return 3 17 3 Example for Configuring Mutual Access Between VPNs on S7700 Networking Requirements As shown in Figure 3 5 t...

Page 212: ... On the PE bind the interface connected to the CE to the VPN instance 3 Enable the routing protocol on the CEs Data Preparation To complete the configuration you need the following data l VLAN ID and IP address of VLANIF interface allowed by each interface l RD of the VPN l VPN targets of the received and sent routes Configuration Procedure Procedure Step 1 Create VLANs and specify the VLAN IDs th...

Page 213: ... PE1 vpn instance vpnb vpn target 222 2 111 1 import extcommunity PE1 vpn instance vpnb quit PE1 interface vlanif 10 PE1 Vlanif10 ip binding vpn instance vpna PE1 Vlanif10 ip address 10 1 1 2 24 PE1 Vlanif10 quit PE1 interface vlanif 20 PE1 Vlanif20 ip binding vpn instance vpnb PE1 Vlanif20 ip address 10 2 1 2 24 PE1 Vlanif20 quit Configure PE2 PE2 ip vpn instance vpna PE2 vpn instance vpna route ...

Page 214: ...are connected to PE1 but belong to different VPNs can communicate with each other PE1 display ip routing table vpn instance vpna Route Flags R relay D download to fib Routing Tables vpna Destinations 6 Routes 6 Destination Mask Proto Pre Cost Flags NextHop Interface 10 1 1 0 24 Direct 0 0 D 10 1 1 1 Vlanif10 10 1 1 2 32 Direct 0 0 D 127 0 0 1 InLoopBack0 10 1 1 255 32 Direct 0 0 D 127 0 0 1 InLoop...

Page 215: ...10 port hybrid untagged vlan 10 interface GigabitEthernet2 0 0 port hybrid pvid vlan 20 port hybrid untagged vlan 20 bgp 100 ipv4 family unicast undo synchronization ipv4 family vpn instance vpna import route direct ipv4 family vpn instance vpnb import route direct return l Configuration file of CE1 sysname CE1 vlan batch 10 interface Vlanif10 ip address 10 1 1 1 255 255 255 0 interface GigabitEth...

Page 216: ... see 3 17 3 Example for Configuring Mutual Access Between VPNs on S7700 Figure 3 6 Networking diagram for configuring mutual access betwen local VPNs Switch GE1 0 4 GE1 0 6 VLAN 10 Eth trunk0 XGE2 0 0 10 10 10 2 24 Eth trunk0 10 XGE0 0 1 XGE2 0 1 Eth trunk0 VLAN 10 XGE0 0 2 Eth trunk0 20 20 20 20 2 24 PC1 10 10 10 1 24 PC2 20 20 20 1 24 Eth Trunk0 Configuration Roadmap The configuration roadmap is...

Page 217: ...xgigabitethernet 0 0 2 SPU XGigabitEthernet0 0 2 eth trunk 0 Step 2 Configure a VPN instance on the SPU SPU ip vpn instance vpn a SPU vpn instance vpn a route distinguisher 1 1 SPU vpn instance vpn a vpn target 1 1 SPU vpn instance vpn a quit SPU ip vpn instance vpn b SPU vpn instance vpn b route distinguisher 2 2 SPU vpn instance vpn b vpn target 2 2 SPU vpn instance vpn b quit Step 3 Create sub ...

Page 218: ...igabitEthernet2 0 0 eth trunk 0 interface XGigabitEthernet2 0 1 eth trunk 0 return l Configuration file of the SPU on the switch sysname SPU interface Eth Trunk0 interface Eth Trunk 0 10 control vid 10 dot1q termination dot1q termination vid 10 ip binding vpn instance vpn a ip address 10 10 10 2 24 arp broadcast enable interface Eth Trunk 0 20 control vid 20 dot1q termination dot1q termination vid...

Page 219: ... GE2 0 0 Backbone AS 600 AS 600 AS 100 P Device Interface VLANIF interface IP address PE1 GigabitEthernet1 0 0 VLANIF 10 10 1 1 2 24 GigabitEthernet2 0 0 VLANIF 20 20 1 1 1 24 PE2 GigabitEthernet1 0 0 VLANIF 40 10 2 1 2 24 GigabitEthernet2 0 0 VLANIF 30 30 1 1 2 24 P GigabitEthernet1 0 0 VLANIF 20 20 1 1 2 24 GigabitEthernet2 0 0 VLANIF 30 30 1 1 1 24 CE1 GigabitEthernet1 0 0 VLANIF 10 10 1 1 1 24...

Page 220: ... of VPN1 on PE1 and connect PE1 to CE1 l Configure BGP between PE1 and CE1 and between PE2 and CE2 Import routes of the CEs to PEs After the configuration run the display ip routing table command on CE2 You can see that CE2 can learn the route of the network segment 10 1 1 0 24 of the interface connecting PE1 to CE1 but there is no route to VPN 100 1 1 0 24 of CE1 When you run the display ip routi...

Page 221: ...omplete AS Path 100 600 Next Hop 10 2 1 2 100 1 1 0 24 Run the display bgp routing table peer received routes command on CE2 and you can see that CE2 does not accept the route to 100 1 1 0 24 CE2 display bgp routing table peer 10 2 1 2 received routes Total Number of Routes 3 BGP Local router ID is 10 2 1 1 Status codes valid best d damped h history i internal s suppressed S Stale Origin i IGP e E...

Page 222: ... Direct 0 0 D 127 0 0 1 InLoopBack0 255 255 255 255 32 Direct 0 0 D 127 0 0 1 InLoopBack0 After BGP ASN substitution is configured on PE1 the GE interfaces of CE1 and CE2 can ping each other CE1 ping a 100 1 1 1 200 1 1 1 PING 200 1 1 1 56 data bytes press CTRL_C to break Reply from 200 1 1 1 bytes 56 Sequence 1 ttl 253 time 109 ms Reply from 200 1 1 1 bytes 56 Sequence 2 ttl 253 time 67 ms Reply ...

Page 223: ...net1 0 0 port hybrid pvid vlan 10 port hybrid untagged vlan 10 interface GigabitEthernet2 0 0 port hybrid pvid vlan 20 port hybrid untagged vlan 20 interface LoopBack1 ip address 1 1 1 9 255 255 255 255 bgp 100 peer 3 3 3 9 as number 100 peer 3 3 3 9 connect interface LoopBack1 ipv4 family unicast undo synchronization peer 3 3 3 9 enable ipv4 family vpnv4 policy vpn target peer 3 3 3 9 enable ipv4...

Page 224: ...0 0 0 network 2 2 2 9 0 0 0 0 network 20 1 1 0 0 0 0 255 network 30 1 1 0 0 0 0 255 return l Configuration file of PE2 sysname PE2 vlan batch 30 40 ip vpn instance vpn1 route distinguisher 100 1 vpn target 1 1 export extcommunity vpn target 1 1 import extcommunity mpls lsr id 3 3 3 9 mpls mpls ldp interface Vlanif30 ip address 30 1 1 2 255 255 255 0 mpls mpls ldp interface Vlanif40 ip binding vpn ...

Page 225: ... 3 3 3 9 0 0 0 0 network 30 1 1 0 0 0 0 255 return l Configuration file of CE2 sysname CE2 vlan batch 40 60 interface Vlanif40 ip address 10 2 1 1 255 255 255 0 interface Vlanif60 ip address 200 1 1 1 255 255 255 0 interface GigabitEthernet1 0 0 port hybrid pvid vlan 40 port hybrid untagged vlan 40 interface GigabitEthernet2 0 0 port hybrid pvid vlan 60 port hybrid untagged vlan 60 bgp 600 peer 10...

Page 226: ...1 GE1 0 0 GE1 0 0 GE2 0 0 Spoke CE2 GE1 0 0 GE1 0 0 AS 65410 AS 65420 AS 65430 GE3 0 0 GE2 0 0 GE3 0 1 Backbone Device Interface VLANIF interface IP address Hub PE GigabitEthernet1 0 0 VLANIF 10 10 1 1 2 24 GigabitEthernet2 0 0 VLANIF 20 11 1 1 2 24 GigabitEthernet3 0 0 VLANIF 30 110 1 1 2 24 GigabitEthernet3 0 1 VLANIF 40 110 2 1 2 24 Loopback1 2 2 2 9 32 Spoke PE1 GigabitEthernet1 0 0 VLANIF 50 ...

Page 227: ...ed the following data l IDs of the VLANs that the interfaces belong to as shown in Figure 3 8 l IP address of each VLANIF interface as shown in Figure 3 8 l MPLS LSR IDs of the PEs l VPN instance names RDs and VPN targets of the Hub PE and Spoke PE Procedure Step 1 Configure IGP on the backbone network to make the Hub PE and the Spoke PE communicate with each other In this example OSPF is used as ...

Page 228: ...mport extcommunity Spoke PE1 vpn instance vpna quit Spoke PE1 interface vlanif 50 Spoke PE1 Vlanif50 ip binding vpn instance vpna Spoke PE1 Vlanif50 ip address 100 1 1 2 24 Spoke PE1 Vlanif50 quit Configure Spoke PE2 Spoke PE2 system view Spoke PE2 ip vpn instance vpna Spoke PE2 vpn instance vpna route distinguisher 100 3 Spoke PE2 vpn instance vpna vpn target 100 1 export extcommunity Spoke PE2 v...

Page 229: ...E to allow the ASN to be repeated once Configure Spoke CE1 Spoke CE1 bgp 65410 Spoke CE1 bgp peer 100 1 1 2 as number 100 Spoke CE1 bgp import route direct Spoke CE1 bgp quit Configure Spoke PE1 Spoke PE1 bgp 100 Spoke PE1 bgp ipv4 family vpn instance vpna Spoke PE1 bgp vpna peer 100 1 1 1 as number 65410 Spoke PE1 bgp vpna import route direct Spoke PE1 bgp vpna quit Spoke PE1 bgp quit Configure S...

Page 230: ...pnv4 quit Configure the Hub PE Hub PE bgp 100 Hub PE bgp peer 1 1 1 9 as number 100 Hub PE bgp peer 1 1 1 9 connect interface loopback 1 Hub PE bgp peer 3 3 3 9 as number 100 Hub PE bgp peer 3 3 3 9 connect interface loopback 1 Hub PE bgp ipv4 family vpnv4 Hub PE bgp af vpnv4 peer 1 1 1 9 enable Hub PE bgp af vpnv4 peer 3 3 3 9 enable Hub PE bgp af vpnv4 quit After the configuration run the displa...

Page 231: ... codes valid best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Network NextHop MED LocPrf PrefVal Path Ogn 100 1 1 0 24 0 0 0 0 0 0 100 1 1 2 0 0 100 100 1 1 1 32 0 0 0 0 0 0 110 1 1 0 24 100 1 1 2 0 100 65430 110 2 1 0 24 100 1 1 2 0 100 120 1 1 0 24 100 1 1 2 0 100 65430 100 End Configuration Files l Configuration file of Spoke CE1 sysname Spoke CE1 vlan batch...

Page 232: ... 2 9 as number 100 peer 2 2 2 9 connect interface LoopBack1 ipv4 family unicast undo synchronization peer 2 2 2 9 enable ipv4 family vpnv4 policy vpn target peer 2 2 2 9 enable ipv4 family vpn instance vpna peer 100 1 1 1 as number 65410 import route direct ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 network 1 1 1 9 0 0 0 0 return l Configuration file of Spoke PE2 sysname Spoke PE2 vlan batch 2...

Page 233: ...t peer 2 2 2 9 enable ipv4 family vpn instance vpna peer 120 1 1 1 as number 65420 import route direct ospf 1 area 0 0 0 0 network 3 3 3 9 0 0 0 0 network 11 1 1 0 0 0 0 255 return l Configuration file of Spoke CE2 sysname Spoke CE2 vlan batch 60 interface Vlanif60 ip address 120 1 1 1 255 255 255 0 interface GigabitEthernet1 0 0 port hybrid pvid vlan 60 port hybrid untagged vlan 60 bgp 65420 peer...

Page 234: ...tinguisher 100 21 vpn target 100 1 import extcommunity ip vpn instance vpn_out route distinguisher 100 22 vpn target 200 1 export extcommunity mpls lsr id 2 2 2 9 mpls label advertise non null mpls ldp interface Vlanif10 ip address 10 1 1 2 255 255 255 0 mpls mpls ldp interface Vlanif20 ip address 11 1 1 2 255 255 255 0 mpls mpls ldp interface Vlanif30 ip binding vpn instance vpn_in ip address 110...

Page 235: ...le ipv4 family vpn instance vpn_in peer 110 1 1 1 as number 65430 import route direct ipv4 family vpn instance vpn_out peer 110 2 1 1 as number 65430 peer 110 2 1 1 allow as loop import route direct ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 network 10 1 1 0 0 0 0 255 network 11 1 1 0 0 0 0 255 return 3 17 7 Example for Configuring Inter AS VPN Option A Networking Requirements As shown in Figure ...

Page 236: ... on the two ASBR PEs and bind the VPN instance to the interface connected to the other ASBR PE regarding the ASBR PE as its CE and set up the EBGP peer relation between the ASBR PEs Data Preparation To complete the configuration you need the following data l MPLS LSR IDs of PEs and ASBR PEs l VPN instance names RDs and VPN targets for the PEs and ABSR PEs Procedure Step 1 Create VLANs and specify ...

Page 237: ...n on ASBR PE1 and enable LDP on the interface connected to PE1 ASBR PE1 system view ASBR PE1 mpls lsr id 2 2 2 9 ASBR PE1 mpls ASBR PE1 mpls label advertise non null ASBR PE1 mpls quit ASBR PE1 mpls ldp ASBR PE1 mpls ldp quit ASBR PE1 interface vlanif 11 ASBR PE1 Vlanif11 mpls ASBR PE1 Vlanif11 mpls ldp ASBR PE1 Vlanif11 quit Configure the basic MPLS function on ASBR PE2 and enable LDP on the inte...

Page 238: ... other Configure CE1 CE1 system view CE1 interface vlanif 10 CE1 Vlanif10 ip address 10 1 1 1 24 CE1 Vlanif10 quit CE1 bgp 65001 CE1 bgp peer 10 1 1 2 as number 100 CE1 bgp import route direct CE1 bgp quit On PE1 set up an EBGP peer relation between PE1 and CE1 PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 100 1 PE1 vpn instance vpn1 vpn target 1 1 both PE1 vpn instance vpn1 q...

Page 239: ...100 Total number of peers 2 Peers in established state 2 Peer V AS MsgRcvd MsgSent OutQ Up Down State PrefRcv 2 2 2 9 4 100 3 7 0 00 01 36 Established 0 Peer of vpn instance vpn instance vpn1 10 1 1 1 4 65001 13 13 0 00 04 00 Established 2 Step 5 Configure the inter AS VPN in VRF to VRF mode On ASBR PE1 create a VPN instance and bind the VPN instance to the interface connected to ASBR PE2 ASBR PE1...

Page 240: ... Vlanif10 127 0 0 0 8 Direct 0 0 D 127 0 0 1 InLoopBack0 127 0 0 1 32 Direct 0 0 D 127 0 0 1 InLoopBack0 127 255 255 255 32 Direct 0 0 D 127 0 0 1 InLoopBack0 192 1 1 0 24 BGP 255 0 D 10 1 1 2 Vlanif10 192 1 1 2 32 BGP 255 0 D 10 1 1 2 Vlanif10 255 255 255 255 32 Direct 0 0 D 127 0 0 1 InLoopBack0 CE1 ping 10 2 1 1 PING 10 2 1 1 56 data bytes press CTRL_C to break Reply from 10 2 1 1 bytes 56 Sequ...

Page 241: ... 1 1 9 0 100 0 i 10 1 1 1 32 1 1 1 9 0 100 0 10 2 1 0 24 192 1 1 2 0 200 10 2 1 1 32 192 1 1 2 0 200 192 1 1 0 0 0 0 0 0 0 192 1 1 2 0 0 200 192 1 1 1 32 0 0 0 0 0 0 192 1 1 2 0 0 200 192 1 1 2 32 0 0 0 0 0 0 End Configuration Files l Configuration file of CE1 sysname CE1 vlan batch 10 interface Vlanif 10 ip address 10 1 1 1 255 255 255 0 interface GigabitEthernet1 0 0 port link type trunk port tr...

Page 242: ...nstance vpn1 peer 10 1 1 1 as number 65001 import route direct ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 network 172 1 1 0 0 0 0 255 return l Configuration file of ASBR PE1 sysname ASBR PE1 ip vpn instance vpn1 route distinguisher 100 2 vpn target 1 1 export extcommunity vpn target 1 1 import extcommunity mpls lsr id 2 2 2 9 mpls label advertise non null mpls ldp interface Vlanif11 ip address 17...

Page 243: ...PE2 sysname ASBR PE2 vlan batch 12 22 ip vpn instance vpn1 route distinguisher 200 2 vpn target 2 2 export extcommunity vpn target 2 2 import extcommunity mpls lsr id 3 3 3 9 mpls label advertise non null mpls ldp interface Vlanif22 ip address 162 1 1 1 255 255 255 0 mpls mpls ldp interface Vlanif12 ip binding vpn instance vpn1 ip address 192 1 1 2 255 255 255 0 interface GigabitEthernet1 0 0 port...

Page 244: ... advertise non null mpls ldp interface Vlanif10 ip binding vpn instance vpn1 ip address 10 2 1 2 255 255 255 0 interface Vlanif22 ip address 162 1 1 2 255 255 255 0 mpls mpls ldp interface GigabitEthernet1 0 0 port link ype trunk port trunk allow pass vlan 22 interface GigabitEthernet2 0 0 port link ype trunk port trunk allow pass vlan 10 interface LoopBack1 ip address 4 4 4 9 255 255 255 255 bgp ...

Page 245: ... 2 enable return 3 17 8 Example for Configuring Inter AS VPN Option B Networking Requirements As shown in Figure 3 10 CE1 and CE2 are deployed on the same VPN CE1 is connected to the network through PE1 in AS100 and CE2 is connected to the network through PE2 in AS200 The inter AS BGP MPLS IP VPN is implemented in Option B mode l ASBR1 and ASBR2 exchanges VPNv4 routing information with each other ...

Page 246: ... PEs in the same AS 2 Set up EBGP peer relationships between PEs and CEs and set up MP IBGP peer relationships between PEs and ASBRs 3 Create VPN instances on PEs you do not need to create VPN instances on ASBRs 4 Enable MPLS on the interface that connect ASBR1 and ASBR2 set up the MP EBGP peer relationship between ASBRs and configure the ASBRs not to filter the received VPNv4 routes based on the ...

Page 247: ...system view ASBR1 interface vlanif 12 ASBR1 Vlanif12 ip address 192 1 1 1 24 ASBR1 Vlanif12 mpls ASBR1 Vlanif12 quit Configure ASBR1 Set up the MP EBGP peer relationship with ASBR2 and configure ASBR1 not to filter the received VPNv4 routes based on the VPN target ASBR1 bgp 100 ASBR1 bgp peer 192 1 1 2 as number 200 ASBR1 bgp ipv4 family vpnv4 ASBR1 bgp af vpnv4 peer 192 1 1 2 enable ASBR1 bgp af ...

Page 248: ...routing table BGP Local router ID is 2 2 2 9 Status codes valid best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Total number of routes from all PE 3 Route Distinguisher 100 1 Network NextHop MED LocPrf PrefVal Path Ogn i 10 1 1 0 24 1 1 1 9 0 100 0 i 10 1 1 1 32 1 1 1 9 0 100 0 Route Distinguisher 200 1 Network NextHop MED LocPrf PrefVal Path Ogn 10 2 1 0 24 1...

Page 249: ...er 100 peer 2 2 2 9 connect interface LoopBack1 ipv4 family unicast undo synchronization peer 2 2 2 9 enable ipv4 family vpnv4 policy vpn target peer 2 2 2 9 enable ipv4 family vpn instance vpn1 peer 10 1 1 1 as number 65001 import route direct ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 network 172 1 1 0 0 0 0 255 return l Configuration file of ASBR1 sysname ASBR1 vlan batch 11 12 mpls lsr id 2 2...

Page 250: ...1 0 0 0 0 255 return l Configuration file of ASBR2 sysname ASBR2 vlan batch 12 22 mpls lsr id 3 3 3 9 mpls mpls ldp interface Vlanif12 ip address 162 1 1 1 255 255 255 0 mpls mpls ldp interface Vlanif22 ip address 192 1 1 2 255 255 255 0 mpls interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 22 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass v...

Page 251: ...face Vlanif22 ip address 162 1 1 2 255 255 255 0 mpls mpls ldp interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 22 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 12 interface LoopBack1 ip address 4 4 4 9 255 255 255 255 bgp 200 peer 3 3 3 9 as number 200 peer 3 3 3 9 connect interface LoopBack1 ipv4 family unicast undo synchronization p...

Page 252: ...ization import route direct peer 10 2 1 2 enable return 3 17 9 Example for Configuring the HoVPN Networking Requirements As shown in Figure 3 11 CE1 and CE2 belong to the same VPN and have the same VPN target CE1 connects to the backbone network through UPE and CE2 connects to the network through PE UPE SPE and PE are interconnected through OSPF Quidway S7700 Smart Routing Switch Configuration Gui...

Page 253: ...1 24 CE2 GigabitEthernet1 0 0 VLANIF 40 10 2 1 1 24 Configuration Roadmap The configuration roadmap is as follows 1 Configure IGP on the backbone network so that PEs can learn the loopback address of each other Create MPLS LSPs between the PEs 2 Create a VPN instance on UPE and set up an EBGP adjacency between UPE and CE1 Create a VPN instance on PE and set up an EBGP adjacency between PE and CE2 ...

Page 254: ...dp session command you can see that the session status is Operational By running the display mpls ldp lsp command you can see the establishment status of the LDP LSP The configuration procedure is not mentioned Step 3 Connect PEs to CEs and run BGP between them Configure the UPE UPE system view UPE ip vpn instance vpna UPE vpn instance vpna route distinguisher 100 1 UPE vpn instance vpna vpn targe...

Page 255: ...cify the source address when you run the ping vpn instance command to ping the CE connected to the peer PE That is specify a source ip address in the ping vpn instance vpn instance name a source ip address destination address command Otherwise the ping operation may fail Step 4 Set up an MP IBGP adjacency between UPE and SPE and between PE and SPE Configure the UPE UPE system view UPE bgp 100 UPE ...

Page 256: ...on Mask Proto Pre Cost Flags NextHop Interface 0 0 0 0 0 BGP 255 0 D 10 1 1 2 Vlanif30 10 1 1 0 24 Direct 0 0 D 10 1 1 1 Vlanif30 10 1 1 1 32 Direct 0 0 D 127 0 0 1 InLoopBack0 10 1 1 255 32 Direct 0 0 D 127 0 0 1 InLoopBack0 127 0 0 0 8 Direct 0 0 D 127 0 0 1 InLoopBack0 127 0 0 1 32 Direct 0 0 D 127 0 0 1 InLoopBack0 127 255 255 255 32 Direct 0 0 D 127 0 0 1 InLoopBack0 255 255 255 255 32 Direct...

Page 257: ...m all PE 1 Route Distinguisher 200 1 Network NextHop MED LocPrf PrefVal Path Ogn i 0 0 0 0 2 2 2 9 100 0 i Total routes of vpn instance vpna 6 Network NextHop MED LocPrf PrefVal Path Ogn i 0 0 0 0 2 2 2 9 100 0 i 10 1 1 0 24 0 0 0 0 0 0 10 1 1 2 0 0 65410 10 1 1 1 32 0 0 0 0 0 0 10 1 1 2 32 0 0 0 0 0 0 10 1 1 1 0 0 65410 End Configuration Files l Configuration file of CE1 sysname CE1 vlan batch 30...

Page 258: ...pv4 family unicast undo synchronization peer 2 2 2 9 enable ipv4 family vpnv4 policy vpn target peer 2 2 2 9 enable ipv4 family vpn instance vpna peer 10 1 1 1 as number 65410 import route direct ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 network 172 1 1 0 0 0 0 255 return l Configuration file of SPE sysname SPE vlan batch 10 20 ip vpn instance vpna route distinguisher 200 1 vpn target 1 1 export...

Page 259: ... 1 1 9 enable peer 1 1 1 9 upe peer 1 1 1 9 default originate vpn instance vpna peer 3 3 3 9 enable ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 network 172 1 1 0 0 0 0 255 network 172 2 1 0 0 0 0 255 return l Configuration file of PE sysname PE vlan batch 20 40 ip vpn instance vpna route distinguisher 100 2 vpn target 1 1 export extcommunity vpn target 1 1 import extcommunity mpls lsr id 3 3 3 9 m...

Page 260: ... interface Vlanif40 ip address 10 2 1 1 255 255 255 0 interface GigabitEthernet1 0 0 port hybrid pvid vlan 40 port hybrid untagged vlan 40 bgp 65420 peer 10 2 1 2 as number 100 ipv4 family unicast undo synchronization import route direct peer 10 2 1 2 enable return 3 17 10 Example for Configuring the OSPF Sham Link Networking Requirements As shown in Figure 3 12 CE1 and CE2 belong to the same OSPF...

Page 261: ...bitEthernet1 0 0 VLANIF 50 100 1 1 1 24 GigabitEthernet2 0 0 VLANIF 20 20 1 1 1 24 CE2 GigabitEthernet1 0 0 VLANIF 60 120 1 1 1 24 GigabitEthernet2 0 0 VLANIF 30 30 1 1 2 24 Switch GigabitEthernet1 0 0 VLANIF 20 20 1 1 2 24 GigabitEthernet2 0 0 VLANIF 30 30 1 1 1 24 Configuration Roadmap The configuration roadmap is as follows 1 Set up an MP IBGP adjacency between the PEs and enable OSPF between t...

Page 262: ...ernet1 0 0 quit CE1 interface vlanif 20 CE1 Vlanif20 ip address 20 1 1 1 24 CE1 Vlanif20 quit CE1 interface vlanif 50 CE1 Vlanif50 ip address 100 1 1 1 24 CE1 Vlanif50 quit CE1 ospf CE1 ospf 1 area 0 CE1 ospf 1 area 0 0 0 0 network 20 1 1 0 0 0 0 255 CE1 ospf 1 area 0 0 0 0 network 100 1 1 0 0 0 0 255 CE1 ospf 1 area 0 0 0 0 quit CE1 ospf 1 quit Configure Switch Quidway system view Quidway sysname...

Page 263: ...ency between the PEs Configure PE1 Quidway system view Quidway sysname PE1 PE1 vlan batch 10 50 PE1 interface gigabitethernet 2 0 0 PE1 GigabitEthernet2 0 0 port hybrid pvid vlan 10 PE1 GigabitEthernet2 0 0 port hybrid untagged vlan 10 PE1 GigabitEthernet2 0 0 quit PE1 interface gigabitethernet 1 0 0 PE1 GigabitEthernet1 0 0 port hybrid pvid vlan 50 PE1 GigabitEthernet1 0 0 port hybrid untagged vl...

Page 264: ...work 2 2 2 9 0 0 0 0 P ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 P ospf 1 area 0 0 0 0 network 40 1 1 0 0 0 0 255 P ospf 1 area 0 0 0 0 quit P ospf 1 quit Configure PE2 Quidway system view Quidway sysname PE2 PE2 vlan batch 40 60 PE2 interface gigabitethernet 1 0 0 PE2 GigabitEthernet1 0 0 port hybrid pvid vlan 60 PE2 GigabitEthernet1 0 0 port hybrid untagged vlan 60 PE2 GigabitEthernet1 0 0 ...

Page 265: ...pf 100 import route bgp PE1 ospf 100 area 0 PE1 ospf 100 area 0 0 0 0 network 100 1 1 0 0 0 0 255 PE1 ospf 100 area 0 0 0 0 quit PE1 ospf 100 quit PE1 bgp 100 PE1 bgp ipv4 family vpn instance vpn1 PE1 bgp vpn1 import route direct PE1 bgp vpn1 import route ospf 100 PE1 bgp vpn1 quit PE1 bgp quit Configure PE2 PE2 ip vpn instance vpn1 PE2 vpn instance vpn1 route distinguisher 100 2 PE2 vpn instance ...

Page 266: ...greater than the cost of the sham link Configure CE1 CE1 interface vlanif 20 CE1 Vlanif20 ospf cost 10 Configure CE2 CE2 interface vlanif 30 CE2 Vlanif30 ospf cost 10 Configure PE1 PE1 interface loopback 10 PE1 LoopBack10 ip binding vpn instance vpn1 PE1 LoopBack10 ip address 5 5 5 5 32 PE1 LoopBack10 quit PE1 ospf 100 PE1 ospf 100 area 0 PE1 ospf 100 area 0 0 0 0 sham link 5 5 5 5 6 6 6 6 cost 1 ...

Page 267: ... 30 1 1 0 24 OSPF 10 11 D 100 1 1 2 Vlanif20 100 1 1 0 24 Direct 0 0 D 100 1 1 1 Vlanif50 100 1 1 1 32 Direct 0 0 D 127 0 0 1 InLoopBack0 100 1 1 255 32 Direct 0 0 D 127 0 0 1 InLoopBack0 120 1 1 0 24 OSPF 10 3 D 100 1 1 2 Vlanif50 120 1 1 1 32 O_ASE 150 1 D 100 1 1 2 Vlanif50 127 0 0 0 8 Direct 0 0 D 127 0 0 1 InLoopBack0 127 0 0 1 32 Direct 0 0 D 127 0 0 1 InLoopBack0 127 255 255 255 32 Direct 0...

Page 268: ...s Routing for Network Destination Cost Type NextHop AdvRouter Area 120 1 1 0 24 3 Transit 100 1 1 2 6 6 6 6 0 0 0 0 20 1 1 0 24 10 Stub 20 1 1 1 100 1 1 1 0 0 0 0 30 1 1 0 24 11 Stub 20 1 1 2 30 1 1 1 0 0 0 0 100 1 1 0 24 1 Transit 100 1 1 1 100 1 1 1 0 0 0 0 Routing for ASEs Destination Cost Type Tag NextHop AdvRouter 120 1 1 1 32 1 Type2 3489661028 100 1 1 2 5 5 5 5 6 6 6 6 32 1 Type2 3489661028...

Page 269: ...y vpnv4 policy vpn target peer 3 3 3 9 enable ipv4 family vpn instance vpn1 import route direct import route ospf 100 ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 network 10 1 1 0 0 0 0 255 ospf 100 vpn instance vpn1 import route bgp domain id 0 0 0 10 area 0 0 0 0 network 100 1 1 0 0 0 0 255 sham link 5 5 5 5 6 6 6 6 cost 1 return l Configuration file of P sysname P vlan batch 10 40 mpls lsr id 2 ...

Page 270: ... 0 mpls mpls ldp interface Vlanif60 ip binding vpn instance vpn1 ip address 120 1 1 2 255 255 255 0 interface GigabitEthernet1 0 0 port hybrid pvid vlan 60 port hybrid untagged vlan 60 interface GigabitEthernet2 0 0 port hybrid pvid vlan 40 port hybrid untagged vlan 40 interface LoopBack1 ip address 3 3 3 9 255 255 255 255 interface LoopBack10 ip binding vpn instance vpn1 ip address 6 6 6 6 255 25...

Page 271: ...tagged vlan 50 interface GigabitEthernet2 0 0 port hybrid pvid vlan 20 port hybrid untagged vlan 20 ospf 1 area 0 0 0 0 network 100 1 1 0 0 0 0 255 network 20 1 1 0 0 0 0 255 return l Configuration file of CE2 sysname CE2 vlan batch 30 60 interface vlanif30 ip address 30 1 1 2 255 255 255 0 ospf cost 10 interface vlanif60 ip address 120 1 1 1 255 255 255 0 interface GigabitEthernet1 0 0 port hybri...

Page 272: ...in Figure 3 13 the networking requirements are as follows l CE1 CE2 CE3 and CE4 are customer edge devices CE1 and CE2 belong to a LAN and CE3 and CE4 belong to another LAN l PE1 and PE2 are edge devices of the backbone network l The MCE is a multi VPN instance CE located on the user network l CE1 and CE3 belong to vpna CE2 and CE4 belong to vpnb l vpna and vpnb use different VPN targets It is requ...

Page 273: ... 9 32 GigabitEthernet3 0 0 VLANIF 40 192 2 1 1 24 MCE GigabitEthernet1 0 0 VLANIF 50 192 1 1 2 24 GigabitEthernet2 0 0 VLANIF 40 192 2 1 2 24 GigabitEthernet3 0 0 VLANIF 60 10 3 1 2 24 GigabitEthernet3 0 1 VLANIF 70 10 4 1 2 24 CE1 GigabitEthernet1 0 0 VLANIF 10 10 1 1 1 24 CE2 GigabitEthernet1 0 0 VLANIF 20 10 2 1 1 24 CE3 GigabitEthernet1 0 0 VLANIF 60 10 3 1 1 24 CE4 GigabitEthernet1 0 0 VLANIF...

Page 274: ... OSPF process IDs must be different l The RIP processes used to import VPN routes of CE3 and CE4 to MCE need to be configured The RIP processes use different process IDs Procedure Step 1 Run OSPF on the PEs of the backbone network The configuration procedure is not mentioned After the configuration PEs can learn the Loopback1 address of each other Take the display on PE2 as an example PE2 display ...

Page 275: ...instance vpna quit PE1 ip vpn instance vpnb PE1 vpn instance vpnb route distinguisher 100 2 PE1 vpn instance vpnb vpn target 222 2 both PE1 vpn instance vpnb quit PE1 interface vlanif 10 PE1 Vlanif10 ip binding vpn instance vpna PE1 Vlanif10 ip address 10 1 1 2 24 PE1 Vlanif10 quit PE1 interface vlanif 20 PE1 Vlanif20 ip binding vpn instance vpnb PE1 Vlanif20 ip address 10 2 1 2 24 PE1 Vlanif20 qu...

Page 276: ...p vpn instance vpnb MCE vpn instance vpnb route distinguisher 100 2 MCE vpn instance vpnb vpn target 222 2 both MCE vpn instance vpnb quit MCE interface vlanif 60 MCE Vlanif60 ip binding vpn instance vpna MCE Vlanif60 ip address 10 3 1 2 24 MCE Vlanif60 quit MCE interface vlanif 70 MCE Vlanif70 ip binding vpn instance vpnb MCE Vlanif70 ip address 10 4 1 2 24 MCE Vlanif70 quit MCE interface vlanif ...

Page 277: ...gp vpnb import route ospf 200 PE2 bgp vpnb quit Configure MCE MCE system view MCE ospf 100 vpn instance vpna MCE ospf 100 area 0 MCE ospf 100 area 0 0 0 0 network 192 1 1 0 0 0 0 255 MCE ospf 100 area 0 0 0 0 quit MCE ospf 100 quit MCE ospf 200 vpn instance vpnb MCE ospf 200 area 0 MCE ospf 200 area 0 0 0 0 network 192 2 1 0 0 0 0 255 MCE ospf 200 area 0 0 0 0 quit MCE ospf 200 quit Step 7 Run RIP...

Page 278: ...p 9 Verify the configuration After the configuration run the display ip routing table vpn instance command on the MCE and you can see the route to the peer CE Take vpna for example MCE display ip routing table vpn instance vpna Route Flags R relied D download to fib Routing Tables vpna Destinations 8 Routes 8 Destination Mask Proto Pre Cost Flags NextHop Interface 10 1 1 0 24 O_ASE 150 1 D 192 1 1...

Page 279: ...stics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 125 125 125 ms CE1 cannot ping CE2 or CE4 CE3 cannot ping CE2 or CE4 For example if you ping CE4 from CE1 the information is displayed as follows CE1 ping 10 4 1 1 PING 10 4 1 1 56 data bytes press CTRL_C to break Request time out Request time out Request time out Request time out Request time out 10 4 1 1 pin...

Page 280: ...instance vpnb route distinguisher 100 2 vpn target 222 2 export extcommunity vpn target 222 2 import extcommunity mpls lsr id 1 1 1 9 mpls mpls ldp interface Vlanif10 ip binding vpn instance vpna ip address 10 1 1 2 255 255 255 0 interface Vlanif20 ip binding vpn instance vpnb ip address 10 2 1 2 255 255 255 0 interface Vlanif30 ip address 172 1 1 1 255 255 255 0 mpls mpls ldp interface GigabitEth...

Page 281: ... return l Configuration file of PE2 sysname PE2 vlan batch 30 40 50 ip vpn instance vpna route distinguisher 200 1 vpn target 111 1 export extcommunity vpn target 111 1 import extcommunity ip vpn instance vpnb route distinguisher 200 2 vpn target 222 2 export extcommunity vpn target 222 2 import extcommunity mpls lsr id 2 2 2 9 mpls mpls ldp interface Vlanif30 ip address 172 1 1 2 255 255 255 0 mp...

Page 282: ...a 0 0 0 0 network 2 2 2 9 0 0 0 0 network 172 1 1 0 0 0 0 255 ospf 100 vpn instance vpna import route bgp area 0 0 0 0 network 192 1 1 0 0 0 0 255 ospf 200 vpn instance vpnb import route bgp area 0 0 0 0 network 192 2 1 0 0 0 0 255 return l Configuration file of the MCE sysname MCE vlan batch 40 50 60 70 ip vpn instance vpna route distinguisher 100 1 vpn target 111 1 export extcommunity vpn target...

Page 283: ... vpna import route rip 100 vpn instance capability simple area 0 0 0 0 network 192 1 1 0 0 0 0 255 ospf 200 vpn instance vpnb import route rip 200 vpn instance capability simple area 0 0 0 0 network 192 2 1 0 0 0 0 255 rip 100 vpn instance vpna version 2 network 10 0 0 0 import route ospf 100 rip 200 vpn instance vpnb version 2 network 10 0 0 0 import route ospf 200 return l Configuration file of ...

Page 284: ...gh this agent server In this example the P resides on the Internet Figure 3 14 Networking diagram for connecting a VPN to the Internet PE1 PE2 CE1 CE2 Internet AS100 GE1 0 0 GE1 0 0 GE1 0 0 GE2 0 0 GE2 0 0 GE1 0 0 GE1 0 0 GE2 0 0 Agent Server AS 65410 AS 65420 Loopback1 1 1 1 1 32 Loopback1 2 2 2 2 32 Loopback1 3 3 3 3 32 VPN1 VPN1 GE2 0 0 100 3 1 1 24 P Device Interface VLANIF interface IP addres...

Page 285: ...n To complete the configuration you need the following data l MPLS LSR IDs of PE and P l RD of the VPN l VPN targets of the received and sent routes Procedure Step 1 Configure VLANs that the interfaces belong to as shown in Figure 3 14 The configuration procedure is not mentioned Step 2 Configure the IGP protocol Assign IP addresses to the physical interfaces and loopback interfaces on the backbon...

Page 286: ... mentioned here After the configuration run the display ip vpn instance command on the PEs and you can find VPN 1 is displayed in the VPN Instance Name field Take PE1 for example PE1 display ip vpn instance Total VPN Instances configured 1 VPN Instance Name RD Creation Time vpn1 100 1 2010 01 16 17 30 42 UTC 0 8 00 Run the display bgp vpnv4 all peer command on the PEs and you can see that the IBGP...

Page 287: ...oto Pre Cost Flags NextHop Interface 0 0 0 0 0 Static 60 0 RD 100 1 1 2 Vlanif10 10 1 1 0 24 Direct 0 0 D 10 1 1 2 Vlanif30 10 1 1 2 32 Direct 0 0 D 127 0 0 1 InLoopBack0 10 1 1 255 32 Direct 0 0 D 127 0 0 1 InLoopBack0 10 2 1 0 24 BGP 255 0 RD 3 3 3 3 Vlanif10 100 3 1 1 32 BGP 255 0 D 10 1 1 1 Vlanif30 255 255 255 255 32 Direct 0 0 D 127 0 0 1 InLoopBack0 Run the display ip routing table command ...

Page 288: ... Vlanif30 ip address 10 1 1 1 255 255 255 0 interface Vlanif50 ip address 100 3 1 2 255 255 255 0 interface GigabitEthernet1 0 0 port hybrid pvid vlan 30 port hybrid untagged vlan 30 interface GigabitEthernet2 0 0 port hybrid pvid vlan 10 port hybrid untagged vlan 10 bgp 65410 peer 10 1 1 2 as number 100 ipv4 family unicast undo synchronization import route direct peer 10 1 1 2 enable ip route sta...

Page 289: ...e ipv4 family vpn instance vpn1 peer 10 1 1 1 as number 65410 import route static import route direct ospf 1 import route static area 0 0 0 0 network 1 1 1 1 0 0 0 0 network 100 1 1 0 0 0 0 255 ip route static 100 3 1 0 255 255 255 0 Vlanif30 10 1 1 1 ip route static vpn instance vpn1 0 0 0 0 0 0 0 0 100 1 1 2 public return l Configuration file of P sysname P vlan batch 10 20 mpls lsr id 2 2 2 2 m...

Page 290: ...ss 100 2 1 2 255 255 255 0 mpls mpls ldp interface Vlanif40 ip binding vpn instance vpn1 ip address 10 2 1 2 255 255 255 0 interface GigabitEthernet1 0 0 port hybrid pvid vlan 20 port hybrid untagged vlan 20 interface GigabitEthernet2 0 0 port hybrid pvid vlan 40 port hybrid untagged vlan 40 interface LoopBack1 ip address 3 3 3 3 255 255 255 255 bgp 100 peer 1 1 1 1 as number 100 peer 1 1 1 1 conn...

Page 291: ...ou can adopt mechanisms such as fast convergence of routes fault detection fast reroute and backup to improve the reliability At the access layer CE dual homing is a common network structure for improving the network reliability If a CE is connected to two PEs on the same VPN it is considered as CE dual homing In this case the CE accesses the backbone network through two links that are used for lo...

Page 292: ...2 GE1 0 0 VLANIF 102 10 2 1 2 30 GE2 0 0 VLANIF 20 100 2 1 1 30 P1 Loopback1 5 5 5 5 32 GE1 0 0 VLANIF 10 100 1 1 2 30 GE2 0 0 VLANIF 30 100 3 1 1 30 P2 Loopback1 6 6 6 6 32 GE1 0 0 VLANIF 20 100 2 1 2 30 GE2 0 0 VLANIF 40 100 4 1 1 30 PE3 Loopback1 3 3 3 3 32 GE1 0 0 VLANIF 30 100 3 1 2 30 GE2 0 0 VLANIF 103 10 3 1 1 30 PE4 Loopback1 4 4 4 4 32 GE1 0 0 VLANIF 40 100 4 1 2 30 GE2 0 0 VLANIF 104 10...

Page 293: ...ails are not mentioned here Step 2 Configure IGP on the MPLS backbone network so that PEs and P devices can interwork with each other Configure PE1 Assign IP addresses to interfaces The IP address of a loopback interface must have a 32 bit mask PE1 system view PE1 interface loopback 1 PE1 LoopBack1 ip address 1 1 1 1 32 PE1 LoopBack1 quit PE1 interface vlanif 10 PE1 Vlanif10 ip address 100 1 1 1 3...

Page 294: ...and MPLS LDP and set up LDP LSPs on the MPLS backbone network Configure PE1 Enable MPLS and LDP specify the LSR ID as the IP address of the loopback interface and trigger setup of LSPs PE1 mpls lsr id 1 1 1 1 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit Enable MPLS and LDP on interfaces on the backbone network PE1 interface vlanif 10 PE1 Vlanif10 mpls PE1 Vlanif10 mpls ldp PE1 Vlanif10 qu...

Page 295: ...PE1 vpn instance vpn1 vpn target 1 1 both PE1 vpn instance vpn1 quit Bind the interfaces connected to CEs to the corresponding VPNs and assign IP addresses to these interfaces PE1 interface vlanif 101 PE1 Vlanif101 ip binding vpn instance vpn1 PE1 Vlanif101 ip address 10 1 1 2 30 PE1 Vlanif101 quit Configure PE2 Create a VPN instance and specify the RD and VPN target The VPN targets of PE2 and the...

Page 296: ... IP addresses to the interfaces on CEs according to Figure 3 15 The configuration details are not mentioned here After the configuration run the display ip vpn instance verbose command on PEs and you can view configuration results of VPN instances For example information about PE1 is displayed as follows PE1 display ip vpn instance verbose Total VPN Instances configured 1 VPN Instance Name and ID ...

Page 297: ...gp ipv4 family vpn instance vpn1 PE3 bgp vpn1 peer 10 3 1 2 as number 65420 PE3 bgp vpn1 import route direct PE3 bgp vpn1 quit Configure PE4 Enable BGP PE4 bgp 100 In the BGP IPv4 instance view specify CEs as EBGP peers and import direct routes PE4 bgp ipv4 family vpn instance vpn1 PE4 bgp vpn1 peer 10 4 1 2 as number 65420 PE4 bgp vpn1 import route direct PE4 bgp vpn1 quit After the configuration...

Page 298: ...eer 3 3 3 3 connect interface loopback 1 In the VPNv4 address family view enable the capability of exchanging VPN IPv4 routing information between PE1 and PE3 PE1 bgp ipv4 family vpnv4 PE1 bgp af vpnv4 peer 3 3 3 3 enable PE1 bgp af vpnv4 quit Configure PE3 Specify PE1 as the IBGP peer of PE3 and set up an IBGP connection through the loopback interface PE3 bgp 100 PE3 bgp peer 1 1 1 1 as number 10...

Page 299: ...te PrefRcv 3 3 3 3 4 100 70 81 0 01 00 23 Established 3 Peer of vpn instance vpn instance vpn1 10 1 1 1 4 65410 16 12 0 00 06 42 Established 3 Step 7 On CE1 enable load balancing for the traffic transmitted from CE1 to CE2 CE1 bgp 65410 CE1 bgp ipv4 family unicast CE1 bgp af ipv4 maximum load balancing 2 Step 8 Configure a routing policy and increase the MED value of the BGP route that is advertis...

Page 300: ...7 0 0 1 InLoopBack0 End Configuration Files l Configuration file of CE1 sysname CE1 vlan batch 101 102 1001 interface Vlanif101 ip address 10 1 1 1 255 255 255 252 interface Vlanif102 ip address 10 2 1 1 255 255 255 252 interface Vlanif1001 ip address 1 5 1 1 255 255 255 0 interface GigabitEthernet1 0 0 port hybrid pvid vlan 101 port hybrid untagged vlan 101 interface GigabitEthernet2 0 0 port hyb...

Page 301: ...ged vlan 10 interface LoopBack1 ip address 1 1 1 1 255 255 255 255 isis enable 1 bgp 100 peer 3 3 3 3 as number 100 peer 3 3 3 3 connect interface LoopBack1 ipv4 family unicast undo synchronization peer 3 3 3 3 enable ipv4 family vpnv4 policy vpn target peer 3 3 3 3 enable ipv4 family vpn instance vpn1 peer 10 1 1 1 as number 65410 import route direct return l Configuration file of PE2 sysname PE2...

Page 302: ... 4 4 connect interface LoopBack1 ipv4 family unicast undo synchronization peer 4 4 4 4 enable ipv4 family vpnv4 policy vpn target peer 4 4 4 4 enable ipv4 family vpn instance vpn1 peer 10 2 1 1 as number 65410 import route direct return l Configuration file of P1 sysname P1 vlan batch 10 30 mpls lsr id 5 5 5 5 mpls mpls ldp isis 1 network entity 10 0000 0000 0005 00 interface Vlanif 10 ip address ...

Page 303: ...p address 100 4 1 1 255 255 255 252 isis enable 1 mpls mpls ldp interface GigabitEthernet1 0 0 port hybrid pvid vlan 20 port hybrid untagged vlan 20 interface GigabitEthernet2 0 0 port hybrid pvid vlan 40 port hybrid untagged vlan 40 interface LoopBack1 ip address 6 6 6 6 255 255 255 255 isis enable 1 return l Configuration file of PE3 sysname PE3 vlan batch 30 103 ip vpn instance vpn1 route disti...

Page 304: ...ynchronization peer 1 1 1 1 enable ipv4 family vpnv4 policy vpn target peer 1 1 1 1 enable ipv4 family vpn instance vpn1 peer 10 3 1 2 as number 65420 peer 10 3 1 2 route policy policy1 export import route direct route policy policy permit node 10 apply cost 120 return l Configuration file of PE4 sysname PE4 vlan batch 40 104 ip vpn instance vpn1 route distinguisher 100 4 vpn target 1 1 export ext...

Page 305: ...umber 65420 import route direct return l Configuration file of CE2 sysname CE2 vlan batch 103 104 1002 interface Vlanif 103 ip address 10 3 1 2 255 255 255 252 interface Vlanif 104 ip address 10 4 1 2 255 255 255 252 interface Vlanif 1002 ip address 1 6 1 1 255 255 255 0 interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 103 interface GigabitEthernet2 0 0 port link type...

Page 306: ...oopback1 2 2 2 2 32 Loopback1 3 3 3 3 32 CE1 GE3 0 0 Device Interface VLANIF interface IP address PE1 GigabitEthernet2 0 0 VLANIF 10 100 1 1 1 30 GigabitEthernet3 0 0 VLANIF 30 100 2 1 1 30 Loopback1 1 1 1 1 32 PE2 GigabitEthernet1 0 0 VLANIF 10 100 1 1 2 30 GigabitEthernet2 0 0 VLANIF 20 10 1 1 2 30 Loopback1 2 2 2 2 32 PE3 GigabitEthernet1 0 0 VLANIF 30 100 2 1 2 30 GigabitEthernet2 0 0 VLANIF 4...

Page 307: ...nterface The configuration procedure is not given here Step 2 Configure IP addresses of interfaces on the VPN backbone network and VPN sites The configuration procedure is not mentioned here Step 3 Configure OSPF on the MPLS backbone network to implement interworking of the PEs The configuration procedure is not mentioned here Step 4 Configure basic MPLS functions and MPLS LDP on the MPLS backbone...

Page 308: ...stance vpn1 PE1 vpn instance vpn1 route distinguisher 100 1 PE1 vpn instance vpn1 vpn target 111 1 PE1 vpn instance vpn1 quit Configure PE2 PE2 ip vpn instance vpn1 PE2 vpn instance vpn1 route distinguisher 100 2 PE2 vpn instance vpn1 vpn target 111 1 PE2 vpn instance vpn1 quit PE2 interface vlanif 20 PE2 Vlanif20 ip binding vpn instance vpn1 PE2 Vlanif20 ip address 10 1 1 2 30 PE2 Vlanif20 quit C...

Page 309: ...al router ID 2 2 2 2 Local AS number 100 Total number of peers 1 Peers in established state 1 Peer V AS MsgRcvd MsgSent OutQ Up Down State PrefRcv Peer of vpn instance vpn instance vpn1 10 1 1 1 4 65410 46 46 0 00 37 41 Established 5 Step 7 Set up an MP IBGP adjacency between the PEs Configure PE1 PE1 bgp 100 PE1 bgp peer 2 2 2 2 as number 100 PE1 bgp peer 2 2 2 2 connect interface loopback 1 PE1 ...

Page 310: ... route policy quit Step 9 Enable VPN FRR PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 vpn frr route policy vpn_frr_rp PE1 vpn instance vpn1 quit View the backup next hop backup label and backup tunnel ID PE1 display ip routing table vpn instance vpn1 10 3 1 0 verbose Routing Table vpn1 Summary Count 1 Destination 10 3 1 0 24 Protocol BGP Process ID 0 Preference 255 Cost 0 NextHop 2 2 2 2 Neighbo...

Page 311: ...agged vlan 30 interface LoopBack1 ip address 1 1 1 1 255 255 255 255 bgp 100 peer 2 2 2 2 as number 100 peer 2 2 2 2 connect interface LoopBack1 peer 3 3 3 3 as number 100 peer 3 3 3 3 connect interface LoopBack1 ipv4 family unicast undo synchronization peer 2 2 2 2 enable peer 3 3 3 3 enable ipv4 family vpnv4 policy vpn target peer 2 2 2 2 enable peer 3 3 3 3 enable ipv4 family vpn instance vpn1 ...

Page 312: ...gged vlan 10 interface GigabitEthernet2 0 0 port hybrid pvid vlan 20 port hybrid untagged vlan 20 interface LoopBack1 ip address 2 2 2 2 255 255 255 255 bgp 100 peer 1 1 1 1 as number 100 peer 1 1 1 1 connect interface LoopBack0 ipv4 family unicast undo synchronization peer 1 1 1 1 enable ipv4 family vpnv4 policy vpn target peer 1 1 1 1 enable ipv4 family vpn instance vpn1 peer 10 1 1 1 as number ...

Page 313: ...55 bgp 100 peer 1 1 1 1 as number 100 peer 1 1 1 1 connect interface LoopBack1 ipv4 family unicast undo synchronization peer 1 1 1 1 enable ipv4 family vpnv4 policy vpn target peer 1 1 1 1 enable ipv4 family vpn instance vpn1 peer 10 2 1 1 as number 65410 import route direct ospf 1 area 0 0 0 0 network 100 2 1 0 0 0 0 3 network 3 3 3 3 0 0 0 0 Return l Configuration file of CE sysname CE vlan batc...

Page 314: ...o PE1 between which BGP is run CE2 is connected to PE2 between which OSPF is run as shown in Figure 3 17 Figure 3 17 Networking of VPN GR CE1 CE2 PE1 PE2 P Loopback1 1 1 1 9 32 Loopback1 2 2 2 9 32 Loopback1 3 3 3 9 32 GE1 0 0 VLANIF 10 10 1 1 2 30 GE1 0 0 VLANIF 10 10 1 1 1 30 GE2 0 0 VLANIF 40 10 2 1 2 30 GE1 0 0 VLANIF 40 10 2 1 1 30 GE2 0 0 VLANIF 20 100 1 1 1 30 GE1 0 0 VLANIF 20 100 1 1 2 30...

Page 315: ...maximum interval for the peer end to reestablish GR sessions this example retains the default value that is 150 seconds l Time for waiting for End of RIB messages this example retains the default value that is 600 seconds l Data of the routing protocols between PEs and CEs in this example BGP is run between CE1 and PE1 and OSPF is run between CE2 and PE2 l Data required for configuring IGP of the ...

Page 316: ... PE1 bgp 100 PE1 bgp peer 3 3 3 9 as number 100 PE1 bgp peer 3 3 3 9 connect interface loopback 1 PE1 bgp ipv4 family vpnv4 PE1 bgp af vpnv4 peer 3 3 3 9 enable PE1 bgp af vpnv4 quit PE1 bgp quit Configure the P device P interface loopback 1 P LoopBack1 ip address 2 2 2 9 32 P LoopBack1 quit P mpls lsr id 2 2 2 9 P mpls P mpls quit P mpls ldp P mpls ldp quit P isis 1 P isis 1 network entity 10 000...

Page 317: ...r command and you can view that the IS IS neighbor relationship is set up and is in Up state Step 3 Create VPN instances and configure CEs to access these instances Create a VPN instance of VPN1 on PE1 and configure CE1 to access the instance create a VPN instance of VPN1 on PE2 and configure CE2 to access the instance Then configure EBGP between CE1 and PE1 and configure OSPF between CE2 and PE2 ...

Page 318: ...port route direct CE2 ospf 2 quit The configuration of BGP MPLS IP VPN is complete CE1 can communicate with CE2 Step 4 Configure IGP GR of the backbone network Configure IGP GR on PE1 P device and PE2 on the backbone network Configure PE1 PE1 isis 1 PE1 isis 1 graceful restart PE1 isis 1 quit Configure the P device P isis 1 P isis 1 graceful restart P isis 1 quit Configure PE2 PE2 isis 1 PE2 isis ...

Page 319: ...n PE1 and CE1 and configure OSPF GR for OSPF between PE2 and CE2 Configure PE1 PE1 bgp 100 PE1 bgp graceful restart PE1 bgp quit Configure CE1 CE1 bgp 65410 CE1 bgp graceful restart CE1 bgp quit Configure PE2 PE2 ospf 2 vpn instance vpn1 PE2 ospf 2 opaque capability enable PE2 ospf 2 graceful restart PE2 ospf 2 quit Configure CE2 CE2 ospf 2 CE2 ospf 2 opaque capability enable CE2 ospf 2 graceful r...

Page 320: ...igure PE2 PE2 bgp 100 PE2 bgp graceful restart PE2 bgp quit Run the display bgp vpnv4 all peer verbose command on PE1 and you can view that IBGP GR between PE1 and PE2 and EBGP GR between PE1 and CE1 are configured successfully PE1 display bgp vpnv4 all peer verbose Peer 3 3 3 9 remote AS 100 Type IBGP link BGP version 4 remote router ID 3 3 3 9 Update group ID 1 BGP current state Established Up f...

Page 321: ...routes 2 Received active routes total 2 Advertised total routes 2 Port Local 49941 Remote 179 Configured Active Hold Time 180 sec Keepalive Time 60 sec Received Active Hold Time 180 sec Negotiated Active Hold Time 180 sec Keepalive Time 60 sec Peer optional capabilities Peer supports bgp multi protocol extension Peer supports bgp route refresh capability Peer supports bgp 4 byte as capability Grac...

Page 322: ...dby switchover the current communication may be interrupted End Configuration Files l Configuration file of PE1 sysname PE1 vlan batch 10 20 ip vpn instance vpn1 route distinguisher 100 1 vpn target 111 1 export extcommunity vpn target 111 1 import extcommunity mpls lsr id 1 1 1 9 mpls mpls ldp graceful restart isis 1 graceful restart network entity 10 0000 0000 0001 00 interface Vlanif 10 ip bind...

Page 323: ... Vlanif 20 ip address 100 1 1 2 255 255 255 252 isis enable 1 mpls mpls ldp interface Vlanif 30 ip address 100 2 1 1 255 255 255 252 isis enable 1 mpls mpls ldp interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 20 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 30 interface LoopBack1 ip address 2 2 2 9 255 255 255 255 isis enable 1 return...

Page 324: ... 255 255 255 255 isis enable 1 bgp 100 graceful restart peer 1 1 1 9 as number 100 peer 1 1 1 9 connect interface LoopBack1 ipv4 family vpnv4 policy vpn target peer 1 1 1 9 enable ipv4 family vpn instance vpn1 import route ospf 2 import route direct ospf 2 vpn instance vpn1 opaque capability enable graceful restart import route bgp area 0 0 0 0 network 10 2 1 0 0 0 0 3 return l Configuration file ...

Page 325: ...0 0 0 network 10 2 1 0 0 0 0 3 return 3 17 16 Example for Configuring Double RRs to Optimize VPN Backbone Layer Networking Requirements In VPN deployment to improve the reliability you can configure VPN instances with double RRs That is select two Ps in the same AS as two RRs They are backup devices of each other reflecting routes of the public network and VPNv4 Quidway S7700 Smart Routing Switch ...

Page 326: ...igabitEthernet1 0 0 VLANIF 30 100 3 4 2 24 GigabitEthernet2 0 0 VLANIF 70 10 2 1 2 24 GigabitEthernet3 0 0 VLANIF 50 100 2 4 2 24 Loopback1 4 4 4 9 32 P1 GigabitEthernet1 0 0 VLANIF 10 100 1 2 2 24 GigabitEthernet2 0 0 VLANIF 20 100 2 3 1 24 GigabitEthernet3 0 0 VLANIF 50 100 2 4 1 24 Loopback1 2 2 2 9 32 P2 GigabitEthernet1 0 0 VLANIF 20 100 2 3 2 24 GigabitEthernet2 0 0 VLANIF 30 100 3 4 1 24 Gi...

Page 327: ...to and IP address of each interface as shown in Figure 3 18 l MPLS LSR IDs of PE and ASBR PEs l Names RDs and VPN targets of the VPN instances created on PE1 and PE2 l Routing protocol used to exchange routing information between the PE and CEs EBGP is used in this example l Convergence priorities of the routes in the VPN instances l Name of the RD and name of the routing policy Procedure 1 Config...

Page 328: ...d interfaces along the LSP The configuration procedure is not given here After the configuration run the display mpls ldp session command and you can see in the display that the Session State item is Operational Take the display on PE1 and P1 for example PE1 display mpls ldp session LDP Session s in Public Network Codes LAM Label Advertisement Mode SsnAge Unit DDDD HH MM A before a session means t...

Page 329: ...P1 P1 bgp af vpnv4 peer 3 3 3 9 group P1 P1 bgp af vpnv4 peer 4 4 4 9 group P1 P1 bgp af vpnv4 quit P1 bgp quit Configure P2 P2 system view P2 bgp 100 P2 bgp group P2 internal P2 bgp peer P2 connect interface loopback 1 P2 bgp peer 1 1 1 9 group P2 P2 bgp peer 2 2 2 9 group P2 P2 bgp peer 4 4 4 9 group P2 P2 bgp ipv4 family vpnv4 P2 bgp af vpnv4 peer P2 enable P2 bgp af vpnv4 peer 1 1 1 9 group P2...

Page 330: ... D download to fib Routing Tables vpna Destinations 5 Routes 5 Destination Mask Proto Pre Cost Flags NextHop Interface 10 1 1 0 24 Direct 0 0 D 10 1 1 2 Vlanif60 10 1 1 2 32 Direct 0 0 D 127 0 0 1 InLoopBack0 10 1 1 255 32 Direct 0 0 D 10 1 1 1 Vlanif60 10 2 1 0 24 BGP 255 0 RD 4 4 4 9 Vlanif40 255 255 255 255 32 Direct 0 0 D 127 0 0 1 InLoopBack0 If CE1 and CE2 can ping each other it indicates th...

Page 331: ...9 connect interface LoopBack1 peer 3 3 3 9 as number 100 peer 3 3 3 9 connect interface LoopBack1 ipv4 family unicast undo synchronization peer 2 2 2 9 enable peer 3 3 3 9 enable ipv4 family vpnv4 policy vpn target peer 2 2 2 9 enable peer 3 3 3 9 enable ipv4 family vpn instance vpna peer 10 1 1 1 as number 65410 import route direct ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 network 100 1 2 0 0 0...

Page 332: ...t interface LoopBack1 ipv4 family unicast undo synchronization undo peer 4 4 4 9 enable undo peer 1 1 1 9 enable undo peer 3 3 3 9 enable peer P1 enable ipv4 family vpnv4 reflector cluster id 100 undo policy vpn target peer P1 enable peer P1 reflect client peer 1 1 1 9 enable peer 1 1 1 9 group P1 peer 3 3 3 9 enable peer 3 3 3 9 group P1 peer 4 4 4 9 enable peer 4 4 4 9 group P1 ospf 1 area 0 0 0...

Page 333: ...peer 2 2 2 9 as number 100 group P2 internal peer P2 connect interface LoopBack1 ipv4 family unicast undo synchronization undo peer 4 4 4 9 enable undo peer 1 1 1 9 enable undo peer 2 2 2 9 enable peer P2 enable ipv4 family vpnv4 reflector cluster id 100 undo policy vpn target peer P2 enable peer P2 reflect client peer 1 1 1 9 enable peer 1 1 1 9 group P2 peer 2 2 2 9 enable peer 2 2 2 9 group P2 ...

Page 334: ...Ethernet3 0 0 port hybrid pvid vlan 50 port hybrid untagged vlan 50 interface LoopBack1 ip address 4 4 4 9 255 255 255 255 bgp 100 peer 2 2 2 9 as number 100 peer 2 2 2 9 connect interface LoopBack1 peer 3 3 3 9 as number 100 peer 3 3 3 9 connect interface LoopBack1 ipv4 family unicast undo synchronization peer 2 2 2 9 enable peer 3 3 3 9 enable ipv4 family vpnv4 policy vpn target peer 3 3 3 9 ena...

Page 335: ...ble return l Configuration file of CE2 sysname CE2 vlan batch 70 interface Vlanif70 ip address 10 2 1 1 255 255 255 0 interface GigabitEthernet1 0 0 port hybrid pvid vlan 70 port hybrid untagged vlan 70 bgp 65420 peer 10 2 1 2 as number 100 ipv4 family unicast undo synchronization peer 10 2 1 2 enable return Quidway S7700 Smart Routing Switch Configuration Guide VPN 3 BGP MPLS IP VPN Configuration...

Page 336: ...of each PE P or CE is unique That is a router cannot function as both a PE and a CE 4 5 Configuring Hub and Spoke In the networking of Hub and Spoke an access control device is specified in the IPv6 VPN and users communicate with each other through the access control device 4 6 Configuring a Tunnel Policy applied to BGP MPLS IPv6 VPN By default the system selects an LSP for a BGP MPLS IPv6 VPN and...

Page 337: ...traffic monitoring network connectivity resetting BGP connection 4 11 Configuration Examples This section provides several configuration examples of IPv6 VPN In each configuration example the networking requirements configuration notes configuration roadmap configuration procedures and configuration files are provided Quidway S7700 Smart Routing Switch Configuration Guide VPN 4 BGP MPLS IPv6 VPN C...

Page 338: ... this case the PE must support the IPv4 IPv6 dual stack operations because the backbone network is an IPv4 network and the client sites use the IPv6 address family as shown in Figure 4 1 Any network protocol that can bear IPv6 traffic can run between the CEs and the PEs PE interfaces connected to the client run IPv6 PE interfaces connected to the public network run IPv4 Figure 4 1 Schematic diagra...

Page 339: ...l The dual homed CE or multi homed CE is configured on the access layer The S7700 does not support VPNv6 GR 4 3 Configuring an IPv6 VPN Instances The VPN instance is used to isolate VPN routes from public network routes 4 3 1 Establishing the Configuration Task Before configuring the IPv6 VPN instance familiarize yourself with the applicable environment complete the pre configuration tasks and obt...

Page 340: ...controls the receiving and sending of IPv6 VPN routes 6 Optional Tunnel policy used in the IPv6 VPN instance 4 3 2 Creating an IPv6 VPN Instance Configuring IPv6 VPN Instance is the preliminary step for configuring other IPv6 VPN attributes Afteran IPv6 VPN Instance is configured a VPN routing and forwarding table is created Context Do as follows on the PE device that is connected to the CE device...

Page 341: ... 4 3 3 Configuring Attributes for the IPv6 VPN Instance To facilitate management of routes of the IPv6 VPN Instance you also need to configure other VPN attributes such as the RD VPN target route limit and routing policy Context Do as follows on the PE device that is configured with IPv6 VPN Instance NOTE It is recommended to perform either Step 4 or Step 5 Procedure Step 1 Run system view The sys...

Page 342: ...ally refreshes them Step 5 Optional Run prefix limit number alert percent route unchanged simply alert The maximum number of prefixes of the IPv6 VPN instance is configured You can define the maximum number of prefixes for the IPv6 VPN instance to avoid importing too many prefixes from the CE Step 6 Optional Run limit log interval interval The frequency of displaying logs when the number of routes...

Page 343: ...on are complete Procedure l Run the display ipv6 vpn6 instance verbose vpn6 instance name command to view detailed information about the IPv6 VPN instance l Run the display ipv6 vpn6 instance brief vpn6 instance name command to view brief information about the IPv6 VPN instance End Example Run the display ipv6 vpn6 instance brief command If brief information including the RD and creating time abou...

Page 344: ...g BGP MPLS IPv6 VPN familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment The BGP MPLS IPv6 VPN networking mentioned in this section involves only a carrier and an MPLS backbone network not inter provider and LSP serves as the public tunne...

Page 345: ...ddresses of the PE interfaces attached to the CE 3 IPv6 addresses of the CE interfaces attached to the PE 4 Routing protocol between the PE and the CE such as static route RIPng IS ISv6 or BGP4 5 AS number of the PE 6 IP address and interface of the PE to establish the BGP peers 4 4 2 Configuring an IPv6 VPN Instance You can configure an IPv6 VPN Instance for managing IPv6 VPN routes Context For t...

Page 346: ...vpn6 instance command deletes the Layer 3 features such as IPv6 address and IPv6 routing protocols They need to be re configured if required Step 5 Run ipv6 address ipv6 address prefix length ipv6 address prefix length The IPv6 address is configured End 4 4 4 Configuring MP IBGP Between PEs With extended community attributes added to BGP MP IBGP can advertise VPNv6 routes between PEs Context Do as...

Page 347: ...er ipv4 address enable The VPN IPv6 routing exchange on the peer is enabled End 4 4 5 Configuring Route Exchange Between PE and CE The routing protocol between a PE and a CE can be BGP4 IPv6 static route RIPng OSPFv3 or IS ISv6 Context Choose one of the following configurations as required l Configuring BGP4 Between PE and CE l Configuring Static Routes Between PE and CE l Configuring RIPng Betwee...

Page 348: ... hops 7 Optional Run peer ipv6 address allow as loop number Routing loop is allowed Step 6 applies to the Hub and Spoke networking The BGP uses the AS number to detect a routing loop In the case of Hub and Spoke networking however if EBGP runs between the PE and the CE at the Hub site the Hub PE carries the local AS number when advertising routes to the Hub CE Therefore the PE denies the subsequen...

Page 349: ... with the peer is enabled 8 Run import route direct static ripng process id ospfv3 process id isis process id med med route policy route policy name Routes of the local site are imported The address of the VPN network segment is advertised to the connected PE and then is advertised by the PE to the peer CE The type of the imported route varies with networking modes l Configuring Static Routes Betw...

Page 350: ...lows on the PE 1 Run system view The system view is displayed 2 Run ripng process id vpn6 instance vpn6 instance name A RIPng instance is created between PE and CE and the RIPng view is displayed A RIPng multi instance process can only belong to one IPv6 VPN Instance If a RIPng process is not bound to the IPv6 VPN Instance when the process is enabled the process is classified as a public network p...

Page 351: ...outes learnt from its CE into BGP forms them into VPN IPv6 routes and advertise them to the remote PE NOTE After a RIPng multi instance process is deleted RIPng is disabled on all the interfaces that run this process After an IPv6 VPN instance is deleted all the related RIPng processes are also deleted l Configuring OSPFv3 Between PE and CE Configure OSPFv3 on the CE For the detailed configuration...

Page 352: ...er The view of the interface bound to a VPN instance is displayed 7 Run ospfv3 process id area area id instance instance id OSPFv3 is enabled on the interface 8 Run quit The system is displayed 9 Run bgp as number The BGP view is displayed 10 Run ipv6 family vpn6 instance vpn6 instance name The BGP VPN6 instance view is displayed 11 Run import route ospfv3 process id med med route policy route pol...

Page 353: ...is disabled on all the interfaces that run this process After an IPv6 VPN instance is deleted all the related IS IS processes are also deleted 3 Run network entity net The Network Entity Title NET is configured The NET defines the system ID of the switch and the address of the local IS IS area A maximum of three NETs can be configured for a process on a switch 4 Optional Run is level level 1 level...

Page 354: ...es on the PE or the CE Prerequisite The configurations of the Basic BGP MPLS IPv6 VPN function are complete Procedure l Run the display ipv6 routing table vpn6 instance vpn6 instance name command to check the routing table of the specified IPv6 VPN instance on PE l Run the display ipv6 routing table command to check the routing table on CE End Example Run the display ipv6 routing table vpn6 instan...

Page 355: ...ne network l Configuring basic MPLS capability on PE devices and P devices in the MPLS backbone network l Configuring the tunnels between the PE devices LSP or MPLS TE tunnels l Enabling IPv6 on PEs CEs and on the interfaces that need to be configured with IPv6 l Configuring the IPv6 addresses through which the CE devices access the PE devices on the CE devices Data Preparation To configure Hub an...

Page 356: ...cription l It is recomended to perform either Step 6 or Step 7 Procedure Step 1 Run system view The system view is displayed Step 2 Run ipv6 vpn6 instance vpn6 instance name An IPv6 VPN instance is created and the IPv6 VPN instance view is displayed The name of the IPv6 VPN instance is case sensitive For example vpn1 and VPN1 are considered as different IPv6 VPN instances Step 3 Optional Run descr...

Page 357: ...ollowing operations are required l For the excessive static routes you need to reconfigure them manually l For the excessive routes learnt from CEs through the IGP multi instance routing protocol you need to re initiate the multi instance process of the routing protocol on the PE For the remote cross routes learnt through the MP IBGP and the BGP routes learnt from CEs the system automatically refr...

Page 358: ...stance is configured 6 Run quit Return to the system view 7 Run ipv6 vpn6 instance vpn6 instance name2 The IPv6 VPN instance view of the VPN hub is displayed 8 Run vpn target vpn target2 1 8 export extcommunity The VPN target extended community is configured to advertise the routes of all the Hub stations and Spoke stations vpn target2 is a list that contains all the import VPN targets of all the ...

Page 359: ...n interface to an IPv6 VPN Instance you can change the interface to a VPN interface As a result packets that pass through the interface are forwarded according to the forwarding information of the VPN instance and such Layer 3 attributes as IP address and routing protocol that are configured for the interface are deleted These Layer 3 attributes need to be re configured if required Context The con...

Page 360: ...ed community attributes added to BGP MP IBGP can advertise VPNv6 routes between PEs Context The Hub PE must set up the MP IBGP peer with all the Spoke PEs Spoke PEs need not set up the MP IBGP peer between each other Do as follows on the Hub PE and the Spoke PE Procedure Step 1 Run system view The system view is displayed Step 2 Run bgp as number The BGP view is displayed Step 3 Run peer ipv4 addr...

Page 361: ... In this way BGP4 RIPng multi instance IS ISv6 multi instance or static routes can be adopted between the Spoke PE and the Spoke CE To set up the EBGP peer between the Hub PE and the Hub CE do as follows on the Hub PE 1 Run system view The system view is displayed 2 Run bgp as number The BGP view is displayed 3 Run ipv6 family vpn6 instance vpn6 instance name The BGP VPNv6 instance view is display...

Page 362: ... hub 5 Run network 0 Advertise the default route to all the Spoke PEs through MP BGP End Follow up Procedure Choose one of the preceding methods as required For detailed configurations see 4 4 5 Configuring Route Exchange Between PE and CE 4 5 7 Checking the Configuration After the networking of Hub and Spoke is configured you can view IPv6 VPN routing information on the PE and CE Prerequisite The...

Page 363: ...complete the configuration task quickly and accurately Applicable Environment By default an LSP is selected as the tunnel for a VPN and no load balancing is carried out To perform load balancing or select tunnels of other types you need to configure a tunnel policy in select sequence mode and then apply it In the IPv6 VPN a tunnel policy is applied on IPv6 VPN instances In inter AS VPN Option B in...

Page 364: ...sequence mode a tunnel policy corresponds to only one mode for selecting tunnels If multiple modes for selecting tunnels are required you need to create multiple tunnel policies An IPv6 VPN instance instance can have only one tunnel policy Multiple IPv6 VPN instance can share a tunnel policy Step 3 Run tunnel select seq gre lsp cr lsp load balance number load balance number The precedence of the t...

Page 365: ...IPv6 VPN instance Procedure Step 1 Run system view The system view is displayed Step 2 Run ipv6 vpn6 instance vpn6 instance name The IPv6 VPN instance view is displayed Step 3 Run tnl policy policy name The tunnel policy is applied to the IPv6 VPN instance For IPv6 VPN the tunnel policy is applied to the IPv6 VPN instance End 4 6 4 Checking the Configuration After a tunnel policy is configured for...

Page 366: ... Configuring Inter AS IPv6 VPN Option A In inter AS IPv6 VPN OptionA an ASBR takes the peer ASBR as its CE and advertises VPNv6 routes to the peer ASBR through EBGP 4 7 1 Establishing the Configuration Task Before configuring inter AS IPv6 VPN OptionA familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the required data This can help you complete th...

Page 367: ...g and sending of IPv6 VPN routes l Optional Tunnel policy l Optional The maximum number of routes allowed by the IPv6 VPN instance 2 IPv6 addresses of the PE interfaces attached to the CE 3 AS number of the PE 4 IPv6 addresses of the interfaces connected the ASBRs 5 Routing protocol adopted between the PE and the CE static route RIPng IS ISv6 or BGP4 6 IPv4 addresses and interfaces between the PE ...

Page 368: ...he BGP peers on the PE or the ASBR l Run the display bgp vpnv6 all routing table command to check the VPN IPv6 routes on the PE or the ASBR l Run the display ipv6 routing table vpn6 instance vpn6 instance namecommand to check the VPN routing table on the PE or the ASBR End Example Run the display bgp vpnv6 all peer command If the BGP IPv6 VPN peer relationship between the ASBR and the PE in the sa...

Page 369: ...bone network l 4 3 2 Creating an IPv6 VPN Instance on the PE devices connected with the CE devices and 4 4 3 Binding an Interface to an IPv6 VPN Instance l Configuring the IPv6 addresses of the CE interfaces through which the CE accesses the PE Data Preparation To configure inter AS IPv6 VPN Option B you need the following data No Data 1 To configure the IPv6 VPN instance on the PE you need the fo...

Page 370: ... loopback interface is specified as the source address of the BGP session Step 5 Run ipv6 family vpnv6 The BGP IPv6 VPN address family is displayed Step 6 Run peer ipv4 address enable The exchange of VPN IPv6 routes with the peer PE or the ASBR is enabled End 4 8 3 Configuring MP EBGP Between ASBRs in Different ASs In inter AS IPv6 VPN OptionB ASBRs may not be configured with the IPv6 VPN instance...

Page 371: ...family is displayed Step 9 Run peer ipv4 address enable The exchange of VPN IPv6 routes with the peer ASBR is enabled End 4 8 4 Controlling the Receiving and Sending of VPN Routes An ASBR can either store all VPNv6 routes or store certain VPNv6 routes by filtering VPN targets through a routing policy Context There are several methods for controlling the receiving and sending of VPN routes on the A...

Page 372: ...n this case the ASBR should receive all the VPN IPv6 routing information without the VPN Target filtering End 4 8 5 Optional Storing Information About the IPv6 VPN instance on the ASBRs If IPv6 VPN routing information needs to be sent and received through ASBRs the corresponding IPv6 VPN instances needs to be configured on the ASBRs Context Do as follows on the ASBR NOTE It is recomended to perfor...

Page 373: ...old is configured Step 8 Optional Run import route policy policy name An import routing policy is created for the IPv6 VPN instance Step 9 Optional Run export route policy policy name An export routing policy is created for the IPv6 VPN instance End 4 8 6 Optional Enabling Next Hop based Label Allocation on the ASBR To save label resources on an ASBR you can enable next hop based label allocation ...

Page 374: ...e of the preceding methods as required l Configuring BGP4 Between PE and CE l Configuring Static Routes Between PE and CE l Configuring RIPng Between PE and CE l Configuring OSPFv3 Between PE and CE l Configuring IS ISv6 Between PE and CE For detailed configurations see 4 4 5 Configuring Route Exchange Between PE and CE 4 8 8 Checking the Configuration After inter AS IPv6 VPN OptionB is configured...

Page 375: ...N routes with the same next hop and outgoing label 4 9 Configuring Route Reflection for BGP VPNv6 Routes Deploying a BGP VPNv6 Route Reflector RR reduces the number of MP IBGP connections This lightens the burden of PEs and facilitates network maintenance and management 4 9 1 Establishing the Configuration Task Before configuring a BGP VPNv6 RR to optimize the IPv6 VPN backbone layer familiarize y...

Page 376: ...r MPLS TE tunnels between the RR and all PEs serving as the clients Data Preparation To configure route reflection for BGP VPNv6 routes you need the following data No Data 1 Local AS number and peer AS number 2 Type and number of the interfaces used to set up the TCP connection 3 IP address of the peer 4 9 2 Configuring the Client PEs to Establish MP IBGP Connections with the RR You can configure ...

Page 377: ...o establish MP IBGP peer relationships with all its client PEs In this manner the RR reflects VPNv6 routes for all these PEs Context Choose one of the following schemes to configure the RR to establish MP IBGP connections with the client PEs Procedure l Configuring the RR to Establish MP IBGP Connections with the Peer Group Add all the client PEs to the peer group and establish MP IBGP connection ...

Page 378: ...w is displayed 3 Run peer ipv4 address as number as number The client PE is specified as the BGP peer 4 Run peer ipv4 address connect interface interface type interface number The interface is specified as an interface to establish the TCP connection The IP address of the interface must be the same as the MPLS LSR ID It is recommended to specify a loopback interface to establish the TCP connection...

Page 379: ...tional Run rr filter extcomm filter number The reflection policy is configured for the RR End 4 9 5 Checking the Configuration After configuring a BGP VPNv6 RR to optimize the VPN backbone layer you can view BGP peer information and VPNv6 routing information on the RR or its client PEs Prerequisite The configurations of the route reflection for BGP VPNv6 function are complete Procedure l Run the d...

Page 380: ...IPv6 VPN involves checking information about IPv6 VPN instance VPNv6 peers and logs of BGP peers Prerequisite In routine maintenance you can run the following commands in any view to check the status of BGP MPLS IPv6 VPN Procedure l Run the display ipv6 routing table vpn6 instance vpn6 instance name command to check the IP routing table of the IPv6 VPN instance l Run the display ipv6 vpn6 instance...

Page 381: ...ddress c count d f h ttl value i interface type interface number m time n p pattern q r s packetsize t timeout tos tos value v vpn instance vpn instance name host command to check whether the IPv4 backbone network is correctly set up to send IPv4 packets from the transmitting end to the destination address l Run the tracert a source ip address f first ttl m max ttl p port q nqueries vpn instance v...

Page 382: ...of IPv6 VPN instance End 4 10 5 Resetting BGP Connections After the BGP configuration is changed you can validate the new configuration by soft reset or the reset of the BGP connections Note that resetting BGP connections leads to interruption of IPv6 VPN services Context CAUTION IPv6 VPN services are interrupted after the BGP connection is reset So confirm the action before you use the command Wh...

Page 383: ...e system performance After debugging run the undo debugging all command to disable it at once Run the following debugging commands in user view to debug BGP MPLS IPv6 VPN and to locate the fault For more information see the chapter Information Center Configuration in the Quidway S7700 Smart Routing Switch Configuration Guide System Management For the description about the debugging commands refer ...

Page 384: ...4 11 1 Example for Configure Basic BGP MPLS IPv6 VPN Networking Requirements As shown in Figure 4 2 CE1 and CE3 belong to vpna and CE2 and CE4 belong to vpnb The users in different VPNs cannot access each other Interface VALNIF 1001 or VLANIF 1011 on each CE is the internal network interface In this example different ways for exchanging routes are adopted according to the AS to which the directly ...

Page 385: ... 2001 2 64 GigabitEthernet2 0 0 VLANIF 101 2003 2 64 GigabitEthernet3 0 0 VLANIF 10 192 168 1 1 24 PE2 GigabitEthernet1 0 0 VLANIF 101 2005 2 64 GigabitEthernet2 0 0 VLANIF 100 2004 2 64 GigabitEthernet3 0 0 VLANIF 20 192 168 2 2 24 P GigabitEthernet1 0 0 VLANIF 10 192 168 1 2 24 GigabitEthernet2 0 0 VLANIF 20 192 168 2 1 24 CE1 GigabitEthernet1 0 0 VLANIF 100 2001 1 64 GigabitEthernet2 0 0 VLANIF...

Page 386: ...e similar to the configuration on CE1 and are not mentioned here Step 2 Configure the VLAN ID allowed by each interface and set the IP addresses of the VLANIF interfaces except for the interfaces that connect PEs to CEs For the data planning see Figure 4 2 1 configure the VLAN IDs allowed on the interfaces Configure the VLAN ID allowed by the interface of CE1 CE1 vlan batch 100 1001 CE1 interface ...

Page 387: ...E1 interface loopback 1 PE1 LoopBack1 isis enable 1 PE1 LoopBack1 quit The configurations on P and PE2 are similar to the configuration on PE1 and are not mentioned here After the configuration PE1 P and PE2 can learn the routes of each other including the routes on the loopback interface You can view the routes by using the display ip routing table command Take the display on PE1 as an example PE...

Page 388: ...be established between PE1 and PE2 Run the display mpls ldp lsp command and you can see the establishment status of the LDP LSP Take the display on PE1 as an example PE1 display mpls ldp lsp LDP LSP Information DestAddress Mask In OutLabel UpstreamPeer NextHop OutInterface 1 1 1 9 32 3 NULL 2 2 2 9 127 0 0 1 InLoop0 1 1 1 9 32 Liberal 2 2 2 9 32 NULL 3 192 168 1 2 Vlanif10 2 2 2 9 32 1024 3 2 2 2 ...

Page 389: ...stance vpna route distinguisher 300 1 PE2 vpn6 instance vpna vpn target 33 33 export extcommunity PE2 vpn6 instance vpna vpn target 22 22 import extcommunity PE2 vpn6 instance vpna quit Bind the interface directly connected PE2 to CE3 to the VPNv6 instance vpna PE2 interface vlanif 100 PE2 Vlanif100 ipv6 enable PE2 Vlanif100 ipv6 binding vpn6 instance vpna PE2 Vlanif100 ipv6 address 2004 2 64 PE2 ...

Page 390: ...equence 5 hop limit 64 time 31 ms 2001 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 31 46 62 ms Step 6 Establish the VPNv6 peer relation between PE1 and PE2 Configure BGP on PE1 PE1 bgp 100 PE1 bgp peer 3 3 3 9 as number 100 PE1 bgp peer 3 3 3 9 connect interface loopback 1 PE1 bgp ipv6 family vpnv6 PE1 bgp af vpnv6 peer 3 3 3 9 enable PE1 bg...

Page 391: ...p Down State PrefRcv 2001 1 4 65410 10 9 0 00 06 10 Established 1 You can also run the display bgp ipv6 peer command on CE1 to view the status of the peer relation CE1 display bgp ipv6 peer BGP local router ID 10 10 10 10 Local AS number 65410 Total number of peers 1 Peers in established state 1 Peer V AS MsgRcvd MsgSent OutQ Up Down State PrefRcv 2001 2 4 100 2 3 0 00 00 32 Established 0 You can ...

Page 392: ...t PE2 interface vlanif 101 PE2 Vlanif101 ripng 100 enable PE2 Vlanif101 quit Import RIPng routes to BGP on PE2 PE2 bgp 100 PE2 bgp ipv6 family vpn6 instance vpnb PE2 bgp6 vpnb import route ripng 100 Configure RIPng on CE4 CE4 ripng 100 CE4 ripng 100 quit CE4 interface vlanif 101 CE4 Vlanif101 ripng 100 enable CE4 vlanif101 quit CE4 interface vlanif 1011 CE4 Vlanif1011 ripng 100 enable CE4 Vlanif10...

Page 393: ...tics command on CE3 and CE4 to check the change of the number of sent and received ICMPv6 packets you can find that the packets are sent to the correct interface The sites that are not allowed to communicate with each other are separated End Configuration Files l Configuration file of PE1 sysname PE1 ipv6 vlan batch 10 100 101 ipv6 vpn6 instance vpna route distinguisher 100 1 vpn target 22 22 expo...

Page 394: ...v4 family unicast undo synchronization peer 3 3 3 9 enable ipv6 family vpnv6 policy vpn target peer 3 3 3 9 enable ipv6 family vpn6 instance vpna import route direct peer 2001 1 as number 65410 ipv6 family vpn6 instance vpnb import route direct import route static ipv6 route static vpn6 instance vpnb 1998 64 2003 1 return l Configuration file of P sysname P vlan batch 10 20 mpls lsr id 2 2 2 9 mpl...

Page 395: ...pn target 55 55 export extcommunity vpn target 44 44 import extcommunity mpls lsr id 3 3 3 9 mpls mpls ldp isis 1 network entity 30 3333 3333 3333 00 isis 10 vpn6 instance vpna network entity 30 4444 4444 4444 4444 00 ipv6 enable topology standard ipv6 import route bgp interface Vlanif20 ip address 192 168 2 2 255 255 255 0 isis enable 1 mpls mpls ldp interface Vlanif100 ipv6 enable ipv6 binding v...

Page 396: ...10 ipv6 family vpn6 instance vpnb import route ripng 100 ripng 100 vpn6 instance vpnb import route bgp return l Configuration file of CE1 sysname CE1 ipv6 vlan batch 100 1001 interface Vlanif 100 ipv6 enable ipv6 address 2001 1 64 interface Vlanif 1001 ipv6 enable ipv6 address 1998 1 64 interface GigabitEthernet1 0 0 port hybrid pvid vlan 100 port hybrid untagged vlan 100 interface GigabitEthernet...

Page 397: ... vlan batch 100 1001 isis 10 network entity 30 2222 2222 2222 00 ipv6 enable topology standard interface Vlanif 100 ipv6 enable ipv6 address 2004 1 64 isis ipv6 enable 10 interface Vlanif 1001 ipv6 enable ipv6 address 1999 1 64 isis ipv6 enable 10 interface GigabitEthernet1 0 0 port hybrid pvid vlan 100 port hybrid untagged vlan 100 interface GigabitEthernet2 0 0 port hybrid pvid vlan 1001 port hy...

Page 398: ...11 2 Example for Configuring Hub Spoke Using BGP4 Between PE and CE Networking Requirements As shown in Figure 4 3 the communication between Spoke CEs is controlled by the Hub CE in the central site That is the traffic between Spoke CEs is forwarded by the Hub CE and not only by the Hub PE You need to configure BGP4 between Hub PE and Hub CE and between Spoke PE and Spoke CE Quidway S7700 Smart Ro...

Page 399: ...2 24 GigabitEthernet2 0 0 VLANIF 20 11 1 1 2 24 GigabitEthernet3 0 0 VLANIF 30 2003 2 64 GigabitEthernet3 0 1 VLANIF 40 2004 2 64 Loopback1 2 2 2 9 32 Spoke PE1 GigabitEthernet1 0 0 VLANIF 50 2001 2 64 GigabitEthernet2 0 0 VLANIF 10 10 1 1 1 24 Loopback1 1 1 1 9 32 Spoke PE2 GigabitEthernet1 0 0 VLANIF 60 2002 2 64 GigabitEthernet2 0 0 VLANIF 20 11 1 1 1 24 Loopback1 3 3 3 9 32 Hub CE GigabitEther...

Page 400: ...of the PEs l VPN instance names RDs and VPN targets of the Hub PE and Spoke PE Procedure Step 1 Configure an IGP protocol on the backbone network to make the Hub PE and the Spoke PE communicate with each other In this example OSPF is used as IGP and the configuration procedure is not mentioned After configuration an OSPF neighbor relation is set up between the PEs Run the display ospf peer command...

Page 401: ... 2002 2 64 Spoke PE2 Vlanif60 quit Configure the Hub PE Hub PE system view Hub PE ipv6 vpn6 instance vpn_in Hub PE vpn6 instance vpn_in route distinguisher 100 21 Hub PE vpn6 instance vpn_in vpn target 100 1 import extcommunity Hub PE vpn6 instance vpn_in quit Hub PE ipv6 vpn6 instance vpn_out Hub PE vpn6 instance vpn_out route distinguisher 100 22 Hub PE vpn6 instance vpn_out vpn target 200 1 exp...

Page 402: ...ily vpn6 instance vpna Spoke PE1 bgp6 vpna peer 2001 1 as number 65410 Spoke PE1 bgp6 vpna import route direct Spoke PE1 bgp6 vpna quit Spoke PE1 bgp quit Configure Spoke CE2 Spoke CE2 system view Spoke CE2 bgp 65420 Spoke CE2 bgp router id 20 20 20 20 Spoke CE2 bgp peer 2002 2 as number 100 Spoke CE2 bgp ipv6 family unicast Spoke CE2 bgp af ipv6 peer 2002 2 enable Spoke CE2 bgp af ipv6 import rou...

Page 403: ...y from 2003 1 bytes 56 Sequence 4 hop limit 64 time 31 ms Reply from 2003 1 bytes 56 Sequence 5 hop limit 64 time 31 ms 2003 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 31 31 31 ms Hub PE ping ipv6 vpn6 instance vpn_out a 2004 2 2004 1 PING 2004 1 56 data bytes press CTRL_C to break Reply from 2004 1 bytes 56 Sequence 1 hop limit 64 time 31 ...

Page 404: ...nv6 Hub PE bgp af vpnv6 peer 1 1 1 9 enable Hub PE bgp af vpnv6 peer 3 3 3 9 enable Hub PE bgp af vpnv6 quit After the configuration run the display bgp peer or display bgp vpnv6 all peer command on each PE and you can see that the BGP peer relation between the PEs is in Established state Step 6 Verify the configuration After the configuration the Spoke CEs can ping each other Run the tracert comm...

Page 405: ...d best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Network 1 PrefixLen 128 NextHop LocPrf MED 0 PrefVal 0 Label Path Ogn Network 2001 PrefixLen 64 NextHop LocPrf MED 0 PrefVal 0 Label Path Ogn NextHop 2001 2 LocPrf MED 0 PrefVal 0 Label Path Ogn 100 Network 2001 1 PrefixLen 128 NextHop LocPrf MED 0 PrefVal 0 Label Path Ogn Network 2002 PrefixLen 64 NextHop 2001...

Page 406: ...file of Spoke PE1 sysname Spoke PE1 ipv6 vlan batch 10 50 ipv6 vpn6 instance vpna route distinguisher 100 1 vpn target 100 1 export extcommunity vpn target 200 1 import extcommunity mpls lsr id 1 1 1 9 mpls mpls ldp interface Vlanif10 ip address 10 1 1 1 255 255 255 0 mpls mpls ldp interface Vlanif50 ipv6 enable ipv6 binding vpn6 instance vpna ipv6 address 2001 2 64 interface GigabitEthernet1 0 0 ...

Page 407: ...lan batch 20 60 ipv6 vpn6 instance vpna route distinguisher 100 3 vpn target 100 1 export extcommunity vpn target 200 1 import extcommunity mpls lsr id 3 3 3 9 mpls mpls ldp interface Vlanif20 ip address 11 1 1 1 255 255 255 0 mpls mpls ldp interface Vlanif60 ipv6 enable ipv6 binding vpn6 instance vpna ipv6 address 2002 2 64 interface GigabitEthernet1 0 0 port hybrid pvid vlan 60 port hybrid untag...

Page 408: ...ace GigabitEthernet1 0 0 port hybrid pvid vlan 60 port hybrid untagged vlan 60 bgp 65420 router id 20 20 20 20 peer 2002 2 as number 100 ipv6 family unicast undo synchronization import route direct peer 2002 2 enable return l Configuration file of Hub CE sysname Hub CE ipv6 vlan batch 30 40 interface Vlanif30 ipv6 enable ipv6 address 2003 1 64 interface Vlanif40 ipv6 enable ipv6 address 2004 1 64 ...

Page 409: ... ldp interface Vlanif10 ip address 10 1 1 2 255 255 255 0 mpls mpls ldp interface Vlanif20 ip address 11 1 1 2 255 255 255 0 mpls mpls ldp interface Vlanif30 ipv6 enable ipv6 binding vpn6 instance vpn_in ipv6 address 2003 2 64 interface Vlanif 40 ipv6 enable ipv6 binding vpn6 instance vpn_in ipv6 address 2004 2 64 interface GigabitEthernet1 0 0 port hybrid pvid vlan 10 port hybrid untagged vlan 10...

Page 410: ... peer 2004 1 as number 65430 peer 2004 1 allow as loop import route direct ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 network 10 1 1 0 0 0 0 255 network 11 1 1 0 0 0 0 255 return 4 11 3 Example for Configuring Hub Spoke Using the Default Route Between Hub PE and Hub CE Networking Requirements As shown in Figure 4 4 the communication between Spoke CEs is controlled by the Hub CE in the central sit...

Page 411: ...2 24 GigabitEthernet2 0 0 VLANIF 20 11 1 1 2 24 GigabitEthernet3 0 0 VLANIF 30 2003 2 64 GigabitEthernet3 0 1 VLANIF 40 2004 2 64 Loopback1 2 2 2 9 32 Spoke PE1 GigabitEthernet1 0 0 VLANIF 50 2001 2 64 GigabitEthernet2 0 0 VLANIF 10 10 1 1 1 24 Loopback1 1 1 1 9 32 Spoke PE2 GigabitEthernet1 0 0 VLANIF 60 2002 2 64 GigabitEthernet2 0 0 VLANIF 20 11 1 1 1 24 Loopback1 3 3 3 9 32 Hub CE GigabitEther...

Page 412: ...on the Hub PE Set the next hop of the default route as the address of the Hub CE l In the BGP VPN6 instance address family view of vpn_out on the Hub PE run the network 0 command to advertise the default route to all Spoke sites 5 Configure BGP4 between Spoke PE and Spoke CE Data Preparation To complete the configuration you need the following data l MPLS LSR IDs of the PEs l VPN instance names RD...

Page 413: ...istinguisher 100 3 Spoke PE2 vpn6 instance vpna vpn target 100 1 export extcommunity Spoke PE2 vpn6 instance vpna vpn target 200 1 import extcommunity Spoke PE2 vpn6 instance vpna quit Spoke PE2 interface vlanif 60 Spoke PE2 Vlanif60 ipv6 enable Spoke PE2 Vlanif60 ipv6 binding vpn6 instance vpna Spoke PE2 Vlanif60 ipv6 address 2002 2 64 Spoke PE2 Vlanif60 quit Configure the Hub PE Hub PE system vi...

Page 414: ... 10 10 10 Spoke CE1 bgp peer 2001 2 as number 100 Spoke CE1 bgp ipv6 family unicast Spoke CE1 bgp af ipv6 peer 2001 2 enable Spoke CE1 bgp af ipv6 import route direct Spoke CE1 bgp af ipv6 quit Spoke CE1 bgp quit Configure Spoke PE1 Spoke PE1 bgp 100 Spoke PE1 bgp ipv6 family vpn6 instance vpna Spoke PE1 bgp6 vpna peer 2001 1 as number 65410 Spoke PE1 bgp6 vpna import route direct Spoke PE1 bgp6 v...

Page 415: ...y vpn6 instance vpn_out Hub PE bgp6 vpn_out network 0 Advertise the default route through MP IBGP Hub PE bgp6 vpn_out import route direct Hub PE bgp6 vpn_out quit Hub PE bgp quit Step 6 Set up MP IBGP peer relations between PEs NOTE The Spoke PE does not need to allow the repeated ASN because the Switch does not check the AS path attribute in the routing information advertised by the IBGP peers Co...

Page 416: ...ppressed S Stale Origin i IGP e EGP incomplete Total number of routes from all PE 2 Route Distinguisher 100 22 i Network PrefixLen 0 NextHop FFFF 3 3 3 3 LocPrf 100 MED 0 PrefVal 0 Label 15365 Path Ogn i i Network 2004 PrefixLen 64 NextHop FFFF 3 3 3 3 LocPrf 100 MED 0 PrefVal 0 Label 15364 Path Ogn Total routes of vpn6 instance vpna 6 i Network PrefixLen 0 NextHop FFFF 3 3 3 3 LocPrf 100 MED 0 Pr...

Page 417: ...ax 187 187 187 ms Spoke CE1 tracert ipv6 2002 1 traceroute to 2002 1 30 hops max 60 bytes packet 1 2001 2 16 ms 31 ms 16 ms 2 2004 2 78 ms 62 ms 63 ms 3 2004 1 62 ms 63 ms 62 ms 4 2003 2 63 ms 62 ms 63 ms 5 2002 2 109 ms 94 ms 109 ms 6 2002 1 125 ms 141 ms 125 ms Run the display bgp ipv6 routing table command on the Spoke CE and you can see the default route advertised by BGP on the peer Spoke PE ...

Page 418: ...reference 0 Interface Vlanif50 Protocol Direct State Active Adv Cost 0 Tunnel ID 0x0 Label NULL Age 9500sec Destination 2001 1 PrefixLength 128 NextHop 1 Preference 0 Interface InLoopBack0 Protocol Direct State Active NoAdv Cost 0 Tunnel ID 0x0 Label NULL Age 9500sec Destination 2004 PrefixLength 64 NextHop 2001 2 Preference 255 Interface Vlanif50 Protocol BGP State Active Adv Cost 0 Tunnel ID 0x0...

Page 419: ...er 100 1 vpn target 100 1 export extcommunity vpn target 200 1 import extcommunity mpls lsr id 1 1 1 9 mpls mpls ldp interface Vlanif10 ip address 10 1 1 1 255 255 255 0 mpls mpls ldp interface Vlanif50 ipv6 enable ipv6 binding vpn6 instance vpna ipv6 address 2001 2 64 interface GigabitEthernet1 0 0 port hybrid pvid vlan 50 port hybrid untagged vlan 50 interface GigabitEthernet2 0 0 port hybrid pv...

Page 420: ...r id 3 3 3 9 mpls mpls ldp interface Vlanif20 ip address 11 1 1 1 255 255 255 0 mpls mpls ldp interface Vlanif60 ipv6 enable ipv6 binding vpn6 instance vpna ipv6 address 2002 2 64 interface GigabitEthernet1 0 0 port hybrid pvid vlan 60 port hybrid untagged vlan 60 interface GigabitEthernet2 0 0 port hybrid pvid vlan 20 port hybrid untagged vlan 20 interface LoopBack1 ip address 3 3 3 9 255 255 255...

Page 421: ...100 ipv6 family unicast undo synchronization import route direct peer 2002 2 enable return l Configuration file of Hub CE sysname Hub CE ipv6 vlan batch 30 40 interface Vlanif30 ipv6 enable ipv6 address 2003 1 64 interface Vlanif40 ipv6 enable ipv6 address 2004 1 64 interface GigabitEthernet1 0 0 port hybrid pvid vlan 60 port hybrid untagged vlan 60 interface GigabitEthernet2 0 0 port hybrid pvid ...

Page 422: ... 2 64 interface GigabitEthernet1 0 0 port hybrid pvid vlan 10 port hybrid untagged vlan 10 interface GigabitEthernet2 0 0 port hybrid pvid vlan 20 port hybrid untagged vlan 20 interface GigabitEthernet3 0 0 port hybrid pvid vlan 30 port hybrid untagged vlan 30 interface GigabitEthernet3 0 1 port hybrid pvid vlan 40 port hybrid untagged vlan 40 interface LoopBack1 ip address 2 2 2 9 255 255 255 255...

Page 423: ...d through Option A That is the VRF to VRF method is used to manage VPN routes Figure 4 5 Networking diagram for configuring inter AS VPN Option A PE2 ASBR PE2 BGP MPLSBackbone AS 200 ASBR PE1 PE1 BGP MPLSBackbone AS 100 GE2 0 0 2001 2 64 Loopback1 1 1 1 9 32 GE1 0 0 172 1 1 2 24 GE2 0 0 2003 1 64 Loopback1 2 2 2 9 32 172 1 1 1 24 Loopback1 3 3 3 9 32 GE1 0 0 162 1 1 1 24 GE1 0 0 162 1 1 2 24 Loopb...

Page 424: ...tioned here NOTE The 32 bit loopback interface address used as the LSR ID must be advertised by OSPF After the configuration the OSPF neighbor relation can be established between the ASBR and the PE in the same AS Run the display ospf peer command and you can find that the neighbor status is Full The ASBR and PE in the same AS can ping each other and learn the loopback interface address of each ot...

Page 425: ...ation can be set up between the PE and ASBR in the same AS Run the display mpls ldp session command on each device and you can see that the session state is Operational Take the display on PE1 as an example PE1 display mpls ldp session LDP Session s in Public Network Codes LAM Label Advertisement Mode SsnAge Unit DDDD HH MM A before a session means the session is being deleted PeerID Status LAM Ss...

Page 426: ...er relation between ASBR PE1 and PE1 ASBR PE1 bgp 100 ASBR PE1 bgp peer 1 1 1 9 as number 100 ASBR PE1 bgp peer 1 1 1 9 connect interface loopback 1 ASBR PE1 bgp ipv6 family vpnv6 ASBR PE1 bgp af vpnv6 peer 1 1 1 9 enable ASBR PE1 bgp af vpnv6 quit ASBR PE1 bgp quit NOTE The configurations on CE2 PE2 and ASBR PE2 are similar to the configurations on CE1 PE1 and ASBR PE1 and are not mentioned here ...

Page 427: ...vpn target 2 2 both ASBR PE2 vpn6 instance vpn1 quit ASBR PE2 interface vlanif 12 ASBR PE2 Vlanif12 ipv6 enable ASBR PE2 Vlanif12 ipv6 binding vpn6 instance vpn1 ASBR PE2 Vlanif12 ipv6 address 2003 2 64 ASBR PE2 Vlanif12 quit On ASBR PE1 set up an EBGP peer relation between ASBR PE1 and ASBR PE2 ASBR PE1 bgp 100 ASBR PE1 bgp ipv6 family vpn6 instance vpn1 ASBR PE1 bgp6 vpn1 peer 2003 2 as number 2...

Page 428: ...ms Reply from 2002 1 bytes 56 Sequence 3 hop limit 60 time 110 ms Reply from 2002 1 bytes 56 Sequence 4 hop limit 60 time 94 ms Reply from 2002 1 bytes 56 Sequence 5 hop limit 60 time 110 ms 2002 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 94 103 110 ms Run the display ipv6 routing table vpn6 instance command on an ASBR and you can see the I...

Page 429: ...outer ID is 2 2 2 9 Status codes valid best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Total number of routes from all PE 1 Route Distinguisher 100 1 i Network 2001 PrefixLen 64 NextHop FFFF 1 1 1 9 LocPrf 100 MED 0 PrefVal 0 Label 15360 Path Ogn Total routes of vpn6 instance vpn1 6 i Network 2001 PrefixLen 64 NextHop FFFF 1 1 1 9 LocPrf 100 MED 0 PrefVal 0 La...

Page 430: ...ynchronization import route direct peer 2001 2 enable return l Configuration file of PE1 sysname PE1 ipv6 vlan batch 10 11 ipv6 vpn6 instance vpn1 route distinguisher 100 1 vpn target 1 1 export extcommunity vpn target 1 1 import extcommunity mpls lsr id 1 1 1 9 mpls mpls ldp intface Vlanif10 ipv6 enable ipv6 binding vpn6 instance vpn1 ipv6 address 2001 2 64 interface vlanif11 ip address 172 1 1 2...

Page 431: ... 0 0 0 0 255 return l Configuration file of ASBR PE1 sysname ASBR PE1 ipv6 vlan batch 11 12 ipv6 vpn6 instance vpn1 route distinguisher 100 2 vpn target 1 1 export extcommunity vpn target 1 1 import extcommunity mpls lsr id 2 2 2 9 mpls mpls ldp interface Vlanif11 ip address 172 1 1 1 255 255 255 0 mpls mpls ldp interface Vlanif12 ipv6 enable ipv6 binding vpn6 instance vpn1 ipv6 address 2003 1 64 ...

Page 432: ... 2 vpn target 2 2 export extcommunity vpn target 2 2 import extcommunity mpls lsr id 3 3 3 9 mpls mpls ldp interface Vlanif12 ipv6 enable ipv6 binding vpn6 instance vpn1 ipv6 address 2003 2 64 interface Vlanif22 ip address 162 1 1 1 255 255 255 0 mpls mpls ldp interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 22 interface GigabitEthernet2 0 0 port link type trunk port ...

Page 433: ...pv6 binding vpn6 instance vpn1 ipv6 address 2002 2 64 interface Vlanif22 ip address 162 1 1 2 255 255 255 0 mpls mpls ldp interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 22 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 10 interface LoopBack1 ip address 4 4 4 9 255 255 255 255 bgp 200 peer 3 3 3 9 as number 200 peer 3 3 3 9 connect int...

Page 434: ... route convergence fault detection fast reroute and route backup in addition to improving the reliability of the network devices On the access layer the dual homed CE networking is a common solution to improve the network reliability A dual homed CE refers to a CE that is connected to two PEs that belong to the same VPN with the CE In this networking the CE connects to the backbone network through...

Page 435: ...4 GE2 0 0 VLANIF 20 100 2 1 1 30 P1 Loopback1 5 5 5 5 32 GE1 0 0 VLANIF 10 100 1 1 2 30 GE2 0 0 VLANIF 30 100 3 1 1 30 P2 Loopback1 6 6 6 6 32 GE1 0 0 VLANIF 20 100 2 1 2 30 GE2 0 0 VLANIF 40 100 4 1 1 30 PE3 Loopback1 3 3 3 3 32 GE1 0 0 VLANIF 30 100 3 1 2 30 GE2 0 0 VLANIF 103 2003 2 64 PE4 Loopback1 4 4 4 4 32 GE1 0 0 VLANIF 40 100 4 1 2 30 GE2 0 0 VLANIF 104 2004 2 64 CE1 GE1 0 0 VLANIF 101 20...

Page 436: ...that PEs and Ps can communicate with each other Configure PE1 Set IP addresses of interfaces The IP addresses of the loopback interfaces must use a mask of 32 bits PE1 system view PE1 interface loopback 1 PE1 LoopBack1 ip address 1 1 1 1 32 PE1 LoopBack1 quit PE1 interface vlanif 10 PE1 Vlanif10 ip address 100 1 1 1 30 PE1 Vlanif10 quit Configure the ISIS protocol to advertise routes of the interf...

Page 437: ...LS and LDP in the system view set the LSR ID to the IP address of the loopback interface and trigger the LSP PE1 mpls lsr id 1 1 1 1 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit Enable MPLS and LDP on the interface connected to the backbone network PE1 interface vlanif 10 PE1 Vlanif10 mpls PE1 Vlanif10 mpls ldp PE1 Vlanif10 quit The configurations of PE2 PE3 PE4 P1 and P2 are similar to t...

Page 438: ... distinguisher 100 1 PE1 vpn6 instance vpn1 vpn target 1 1 both PE1 vpn6 instance vpn1 quit Bind the interface connected to the CE to the VPN instance and set the IP address of the interface PE1 interface vlanif 101 PE1 Vlanif101 ipv6 enable PE1 Vlanif101 ipv6 binding vpn6 instance vpn1 PE1 Vlanif101 ipv6 address 2001 2 64 PE1 Vlanif101 quit Configure PE2 Enable IPv6 create a VPN instance and set ...

Page 439: ...o the VPN instance and set the IP address of the interface PE4 interface vlanif 104 PE4 Vlanif104 ipv6 enable PE4 Vlanif104 ipv6 binding vpn6 instance vpn1 PE4 Vlanif104 ipv6 address 2004 2 64 PE4 Vlanif104 quit Configure IPv6 addresses of the interfaces on the CEs according to Figure 4 6 The configuration procedure is not mentioned here After the configuration run the display ipv6 vpn6 instance v...

Page 440: ...vpn1 import route direct PE2 bgp6 vpn1 quit Configure CE2 Enable BGP specify PE3 and PE4 as the EBGP peers and import the direct route CE2 bgp 65420 CE1 bgp router id 20 20 20 20 CE2 bgp peer 2003 2 as number 100 CE2 bgp peer 2004 2 as number 100 CE2 bgp ipv6 family unicast CE2 bgp af ipv6 peer 2003 2 enable CE2 bgp af ipv6 peer 2004 2 enable CE2 bgp af ipv6 import route direct CE2 bgp af ipv6 qui...

Page 441: ...mit 64 time 16 ms Reply from 2001 1 bytes 56 Sequence 3 hop limit 64 time 15 ms Reply from 2001 1 bytes 56 Sequence 4 hop limit 64 time 32 ms Reply from 2001 1 bytes 56 Sequence 5 hop limit 64 time 16 ms 2001 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 15 18 32 ms Step 6 Set up MP IBGP peer relations between PEs Configure PE1 Specify PE3 as ...

Page 442: ...ter the configuration run the display bgp vpnv6 all peer command on a PE and you can see that the BGP peer relation between the PE and CE is in Established state PE1 display bgp vpnv6 all peer BGP local router ID 1 1 1 1 Local AS number 100 Total number of peers 2 Peers in established state 2 Peer V AS MsgRcvd MsgSent OutQ Up Down State PrefRcv 3 3 3 3 4 100 70 81 0 01 00 23 Established 3 Peer of ...

Page 443: ...Label Path Ogn Network 2001 PrefixLen 64 NextHop 2003 2 LocPrf MED 120 PrefVal 0 Label Path Ogn 100 NextHop 2004 2 LocPrf MED PrefVal 0 Label Path Ogn 100 65410 Network 2002 PrefixLen 64 NextHop 2004 2 LocPrf MED PrefVal 0 Label Path Ogn 100 NextHop 2003 2 LocPrf MED 120 PrefVal 0 Label Path Ogn 100 65410 Network 2003 PrefixLen 64 NextHop LocPrf MED 0 PrefVal 0 Label Path Ogn NextHop 2003 2 LocPrf...

Page 444: ...peer CE1 The next hop of the route is 2004 2 which is the IPv6 address of the interface of PE4 connected to CE2 CE2 display ipv6 routing table Routing Table Public Destinations 11 Routes 11 Destination 1 PrefixLength 128 NextHop 1 Preference 0 Interface InLoopBack0 Protocol Direct State Active NoAdv Cost 0 Tunnel ID 0x0 Label NULL Age 9051sec Destination 2001 PrefixLength 64 NextHop 2003 2 Prefere...

Page 445: ...0x0 Label NULL Age 1471sec Destination 2006 PrefixLength 64 NextHop 2006 1 Preference 0 Interface LoopBack1 Protocol Direct State Active Adv Cost 0 Tunnel ID 0x0 Label NULL Age 3840sec Destination 2006 1 PrefixLength 128 NextHop 1 Preference 0 Interface InLoopBack0 Protocol Direct State Active NoAdv Cost 0 Tunnel ID 0x0 Label NULL Age 3840sec Destination FE80 PrefixLength 10 NextHop Preference 0 I...

Page 446: ...2001 2 Preference 255 Interface GigabitEthernet1 0 0 Protocol BGP State Active Adv Cost 0 Tunnel ID 0x0 Label NULL Age 1242sec Destination 2004 PrefixLength 64 NextHop 2002 2 Preference 255 Interface Vlanif102 Protocol BGP State Active Adv Cost 0 Tunnel ID 0x0 Label NULL Age 1760sec Destination 2005 PrefixLength 64 NextHop 2005 1 Preference 0 Interface LoopBack1 Protocol Direct State Active Adv Co...

Page 447: ... 2005 1 64 interface GigabitEthernet1 0 0 port hybrid pvid vlan 101 port hybrid untagged vlan 101 interface GigabitEthernet2 0 0 port hybrid pvid vlan 102 port hybrid untagged vlan 102 interface GigabitEthernet3 0 0 port hybrid pvid vlan 1001 port hybrid untagged vlan 1001 bgp 65410 router id 10 10 10 10 peer 2001 2 as number 100 peer 2002 2 as number 100 ipv6 family unicast undo synchronization i...

Page 448: ...id untagged vlan 10 interface LoopBack1 ip address 1 1 1 1 255 255 255 255 isis enable 1 bgp 100 peer 3 3 3 3 as number 100 peer 3 3 3 3 connect interface LoopBack1 ipv4 family unicast undo synchronization peer 3 3 3 3 enable ipv6 family vpnv6 policy vpn target peer 3 3 3 3 enable ipv6 family vpn6 instance vpn1 peer 2001 1 as number 65410 import route direct Return l Configuration file of PE2 sysn...

Page 449: ... peer 4 4 4 4 as number 100 peer 4 4 4 4 connect interface LoopBack1 ipv4 family unicast undo synchronization peer 4 4 4 4 enable ipv6 family vpnv6 policy vpn target peer 4 4 4 4 enable ipv6 family vpn6 instance vpn1 peer 2002 1 as number 65410 import route direct Return l Configuration file of P1 sysname P1 vlan batch 10 30 mpls lsr id 5 5 5 5 mpls mpls ldp isis 1 network entity 10 0000 0000 0005...

Page 450: ...pls mpls ldp interface Vlanif40 ip address 100 4 1 1 255 255 255 252 isis enable 1 mpls mpls ldp interface GigabitEthernet1 0 0 port hybrid pvid vlan 20 port hybrid untagged vlan 20 interface GigabitEthernet2 0 0 port hybrid pvid vlan 40 port hybrid untagged vlan 40 interface LoopBack1 ip address 6 6 6 6 255 255 255 255 isis enable 1 Return l Configuration file of PE3 sysname PE3 ipv6 vlan batch 3...

Page 451: ...er 1 1 1 1 connect interface LoopBack1 ipv4 family unicast undo synchronization peer 1 1 1 1 enable ipv6 family vpnv6 policy vpn target peer 1 1 1 1 enable ipv6 family vpn6 instance vpn1 peer 2003 1 as number 65420 peer 2003 1 route policy policy1 export import route direct route policy policy permit node 10 apply cost 120 return l Configuration file of PE4 sysname PE4 ipv6 vlan batch 40 104 ipv6 ...

Page 452: ...zation peer 2 2 2 2 enable ipv6 family vpnv6 policy vpn target peer 2 2 2 2 enable ipv6 family vpn6 instance vpn1 peer 2004 1 as number 65420 import route direct Return l Configuration file of CE2 sysname CE2 vlan batch 103 104 1002 interface Vlanif 103 ipv6 enable ipv6 address 2003 1 64 interface Vlanif 104 ipv6 enable ipv6 address 2004 1 64 interface Vlanif 1002 ipv6 enable ipv6 address 2006 1 6...

Page 453: ...maintenance and management of routes Figure 4 7 Networking diagram for configuring the VPNv6 route reflector Loopback1 2 2 2 9 Loopback1 1 1 1 9 Loopback1 3 3 3 9 GE1 0 0 100 1 2 2 24 GE2 0 0 100 2 3 1 24 GE1 0 0 100 1 2 1 24 GE1 0 0 100 2 3 2 24 GE2 0 0 2001 2 64 GE2 0 0 2002 2 64 GE1 0 0 2001 1 64 GE1 0 0 2002 1 64 RR1 PE1 PE2 CE1 AS 65410 CE2 AS 65420 AS100 VLAN 10 VLAN 20 VLAN 30 VLAN 40 As sh...

Page 454: ...rworking of devices along the LSP OSPF is used as the IGP protocol in this example The configuration procedure is not mentioned here NOTE The address of the loopback interface which functions as the LSR ID must be advertised After the configuration devices along the LSP can learn the address of the loopback interface of each other Take the display on PE1 as an example PE1 display ip routing table ...

Page 455: ...01 8 8 TOTAL 2 session s Found 3 Configure IPv6 VPN instances on PEs For the configuration procedure see Example for Configuring BGP MPLS IPv6 VPN 4 Set up the EBGP peer relation between PEs and CEs to import VPN routes For the configuration procedure see Example for Configuring Hub Spoke Using BGP4 5 Set up the MP IBGP peer relation between PEs and RR Configure PE1 PE1 system view PE1 bgp 100 PE1...

Page 456: ...v6 undo policy vpn target RR bgp af vpnv6 quit 7 Verify the configuration Display the VPN routing table on a PE and you can see the route to the remote CE Take the display on PE1 as an example PE1 display ipv6 routing table vpn6 instance VPNA Routing Table VPNA Destinations 4 Routes 4 Destination 2001 PrefixLength 64 NextHop 2001 2 Preference 0 Interface Vlanif30 Protocol Direct State Active Adv C...

Page 457: ...id vlan 10 port hybrid untagged vlan 10 interface GigabitEthernet2 0 0 port hybrid pvid vlan 30 port hybrid untagged vlan 30 interface LoopBack1 ip address 1 1 1 9 255 255 255 255 bgp 100 peer 2 2 2 9 as number 100 peer 2 2 2 9 connect interface LoopBack1 ipv4 family unicast undo synchronization peer 2 2 2 9 enable ipv6 family vpnv6 policy vpn target peer 2 2 2 9 enable ipv6 family vpn6 instance V...

Page 458: ... interface LoopBack1 peer 3 3 3 9 connect interface LoopBack1 ipv4 family unicast undo synchronization peer 1 1 1 9 enable peer 3 3 3 9 enable ipv6 family vpnv6 reflector cluster id 100 undo policy vpn target peer 1 1 1 9 enable peer 1 1 1 9 reflect client peer 3 3 3 9 enable peer 3 3 3 9 reflect client ospf 1 area 0 0 0 0 network 100 1 2 0 0 0 0 255 network 100 2 3 0 0 0 0 255 network 2 2 2 9 0 0...

Page 459: ... 9 connect interface LoopBack1 ipv4 family unicast undo synchronization peer 2 2 2 9 enable ipv6 family vpnv6 policy vpn target peer 2 2 2 9 enable ipv6 family vpn6 instance VPNA peer 2002 1 as number 65420 import route direct ospf 1 area 0 0 0 0 network 3 3 3 9 0 0 0 0 network 100 2 3 0 0 0 0 255 return l Configuration file of CE1 sysname CE1 ipv6 vlan batch 30 interface Vlanif30 ipv6 enable ipv6...

Page 460: ...64 interface GigabitEthernet1 0 0 port hybrid pvid vlan 40 port hybrid untagged vlan 40 bgp 65420 peer 2002 2 as number 100 ipv6 family unicast undo synchronization peer 2002 2 enable import route direct return Quidway S7700 Smart Routing Switch Configuration Guide VPN 4 BGP MPLS IPv6 VPN Configuration Issue 01 2011 07 15 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 445...

Page 461: ...ology The CCC VLL needs no signaling negotiation and control packet exchange and thus consumes fewer resources and is easy to understand Nevertheless the CCC VLL has poor scalability and is inconvenient to maintain 5 4 Configuring the SVC VLL This section describes how to configure an SVC VLL After the SVC VLL is configured L2VPN information can be transmitted without the usage of any signaling pr...

Page 462: ...fic is switched to the secondary path if the primary path fails If the primary path recovers the VLL traffic can be switched back to it according to the revertive switching policy 5 10 Maintaining VLL This section describes how to maintain a VLL Detailed operations include resetting the BGP connection of the VLL and monitoring the L2VPN running status 5 11 Configuration Examples Each configuration...

Page 463: ... VLL based on MPLS L2VPN unless otherwise specified The VLL provides Layer 2 VPN services on the MPLS network It allows the establishment of L2VPNs on different media including VLAN Ethernet At the same time the MPLS network provides traditional IP services MPLS L3VPN traffic engineering and QoS The VLL transfers Layer 2 data of the user transparently on the MPLS network An MPLS network is a Layer...

Page 464: ...sents Tunnel label V represents VC label T indicates that the outer label is substituted in the forwarding process 5 2 VLL Features Supported by the S7700 VLL can be implemented in four modes namely Circuit Cross Connect CCC Switched Virtual Circuit SVC Kompella and Martini VLL also supports inter Autonomous System inter AS applications CCC VLL The Circuit Cross Connect CCC implements the VLL by s...

Page 465: ...P and bind the corresponding CE by VC ID A VC is set up when all the following conditions are satisfied l The tunnel between the two PEs is successfully created l The label exchange and the binding with CE are completed l The state of the two interfaces of AC is Up In order to exchange VC labels between PEs the Martini extends LDP by adding the FEC type in the VC FEC For remote connections the two...

Page 466: ...ized after the static LSP is set up between the ASBRs SVC Martini and Kompella modes can realize the inter AS Option A VRF to VRF In the L2VPN networking the link type between the ASBRs and that of the VC must be the same In the inter AS Option A each ASBR must reserve a sub interface for each inter AS VC If the number of the inter AS VCs is small the Option A can be adopted Compared with the L3VP...

Page 467: ...erfaces ensure that these interfaces do not contain any sub interfaces For details on how to access the VLL through a sub interface see Connecting Sub interfaces to a VLL Network in the Quidway S7700 Smart Routing Switch Configuration Guide Ethernet Processing Tags Carried in Packets by the VLL The system process packets according to the AC interface type and PW encapsulation type The PW encapsula...

Page 468: ...et encapsulation is adopted the packets sent from the PW to the AC do not carry any S tag In this case the Dotlq sub interface is required to allow packets of only one VLAN to pass QinQ sub interface If an S tag is carried in a packet rewrite the S tag If no S tag is carried in a packet add an S tag in the packet NOTE When VLL or VPLS is deployed on the F48CEAT G48SFA or G48TFA if the PVID on the ...

Page 469: ...he CCC VLL needs no signaling negotiation and control packet exchange and thus consumes fewer resources and is easy to understand Nevertheless the CCC VLL has poor scalability and is inconvenient to maintain 5 3 1 Establishing the Configuration Task Applicable Environment CCC is applicable to the small sized MPLS networks that has simple topology CCC needs to be configured manually CCC does not ne...

Page 470: ... Connection or 5 3 4 Creating a Remote CCC Connection according to the required connection type 5 3 2 Enabling the MPLS L2VPN Before configuring a CCC VLL you must enable MPLS L2VPN Context Do as follows on the PEs of the two ends of the VC Procedure Step 1 Run system view The system view is displayed Step 2 Run mpls l2vpn The MPLS L2VPN is configured End 5 3 3 Creating a Local CCC Connection This...

Page 471: ...and outgoing label for the CCC connection on the local and remote PEs In addition you need to configure two bidirectional static LSPs on the P device The remote CCC connection is unidirectional and thus two such connections need to be created Procedure l Configuring the PE Do as follows on the PEs of the two ends of the VC 1 Run system view The system view is displayed 2 Run ccc ccc connection nam...

Page 472: ...onfigured you can view information about the CCC connection and interfaces of the CCC connection Prerequisite The configurations of the CCC VLL function are complete Procedure l Run the display vll ccc ccc name type local remote command to check the CCC connection information l Run the display l2vpn ccc interface vc type ccc down up command to check the interface information of the CCC connection ...

Page 473: ...quired data This can help you complete the configuration task quickly and accurately Applicable Environment The setup process of the SVC outer label public network tunnel is the same as that of the Martini Inner label is manually specified without the signaling transmission of the VC label during the VC configuration The SVC does not use signaling protocols to transfer L2VPN information Packets ar...

Page 474: ...Step 2 Run mpls l2vpn The MPLS L2VPN is enabled End 5 4 3 Creating an SVC VLL Connection Context Do as follows on the PEs on the two ends of the VC Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The AC interface view is displayed Step 3 Optional Run undo portswitch The Layer 2 interface is configured as a Layer 3 interface Quidway...

Page 475: ...mand to check the interface information of the SVC connections in Up Down state End Example Run the display mpls static l2vc command You can find that the VC status is Up For example Quidway display mpls static l2vc Total svc connections 1 1 up 0 down Client Interface Vlanif10 is up AC Status up VC State up VC ID 0 VC Type VLAN Destination 3 3 3 9 Transmit VC Label 100 Receive VC Label 200 Control...

Page 476: ...rmation about the VC label and LSP is stored only on the PE devices The P devices do not store any Layer 2 VPN information Therefore Martini mode features excellent extensibility When a new VC is needed you only need to configure a unidirectional VC on each PE device of the two ends The network operation is not affected Pre configuration Tasks Before configuring Martini VLL you need to complete th...

Page 477: ... edge to edge PWE3 mode The PWE3 mode can use Notification messages to negotiate the PW status The Martini mode however does not support Notification messages For details about Notification messages see the chapter 6 1 Introduction to PWE3 l If the peer PE does not support Notification messages you need to set the mode to Martini by using the mpls l2vpn default martini command l Before using the m...

Page 478: ...he VC IDs of the VCs of the same encapsulation type on a PE to be unique The change of the encapsulation type may cause collision of VC IDs End 5 5 4 Checking the Configuration After a Martini VLL is configured you can view information about the two ends of the Martini VLL Prerequisite The configurations of the Martini VLL function are complete Procedure l Run the display mpls l2vc vc id interface...

Page 479: ...te ldp vc 1 Transport Group Peer Remote Remote C MTU N S VC ID ID Addr Encap VC Label Bit CELLS Bit Bit 101 0 3 3 3 9 vlan 2355223552 0 1500 0 0 5 6 Configuring Kompella VLL This section describes how to configure a Kompella VLL To configure the Kompella VLL you need to establish the Kompella VLL on the MPLS network in end to end CE to CE mode and use the Border Gateway Protocol BGP to transmit La...

Page 480: ...PLS for the PE and P l Establishing tunnels CR LSP or LSP between PEs according to the tunnel policy NOTE For the local connection the IGP and LDP configurations are not required Data Preparation To configure Kompella VLL you need the following data No Data 1 AS number of local PE and peer PE 2 Name RD and VPN Target of the L2VPN connection 3 CE name CE ID and CE range 4 CE offset 5 6 2 Enabling M...

Page 481: ...specified The loopback interface address with 32 bit mask must be used to establish the MP IBGP peer relationship between the PEs This can avoid a situation of packets being unable to find the correct route due to route aggregation The route to the loopback interface is advertised to the peer PE through IGP on the MPLS backbone network Step 5 Run l2vpn family The BGP L2VPN address family view is d...

Page 482: ...l Configure the MTU of the L2VPN on the PE to be the same as that of non Huawei products l Use the ignore mtu match command to ignore the MTU matching check Step 5 Optional Run ignore mtu match The MTU matching check is ignored Step 6 Run vpn target vpn target 1 16 both export extcommunity import extcommunity The VPN target is configured The Kompella VLL must create an L2VPN instance on the PE for...

Page 483: ...than the CE range If the default offset is 1 the CE offset must be not greater than that of the CE range For the remote connection the CE offset must be the same as the CE ID of the remote CE otherwise the connection cannot be set up For the local connection between two CEs the offset of a CE is the CE ID of the other CE If the CE offset is not designated when you create a CE connection pay attent...

Page 484: ...o configure the route attributes of the BGP L2VPN the MultiProtocol Interior BGP MP IBGP connection with the peer group and route reflection of BGP L2VPN routes Context To manage L2VPN label blocks BGP defines a BGP L2VPN sub address family view This section generalizes BGP configurations related to Kompella L2VPN For the applications of each configuration refer to the related sections Procedure l...

Page 485: ... peer group is enabled 8 Run peer ip address group group name The peer is added to the peer group l Configuring BGP L2VPN Route Reflection on the RR Do as follows on the RR 1 Run system view The system view is displayed 2 Run bgp as number The BGP view is displayed 3 Run l2vpn family The BGP L2VPN sub address family view is displayed 4 Run peer group name ip address reflect client The RR and its c...

Page 486: ...f the L2VPN is correct and the label allocation is complete For example Quidway display bgp l2vpn all BGP Local router ID 1 1 1 9 local AS number 100 Origin codes i IGP e EGP incomplete bgp l2vpn 1 destination Route Distinguisher 100 1 CE ID Label Offset Label Base nexthop pref as path 2 0 35850 6 6 6 6 100 Run the display mpls l2vpn connection command You can find that VPN name is correctly confi...

Page 487: ...S Martini VLL There are two solutions to the inter AS Martini VLL l Inter AS Option A This solution can be easily implemented When the number of inter AS Martini VLLs on ASBRs is small Option A is recommended l Inter AS Option C In this solution ASBRs do not need to create or maintain VCs When each AS has a large number of Martini L2VPN routes to be exchanged Option C can be used to prevent the AS...

Page 488: ...r the detailed configuration see 5 4 3 Creating an SVC VLL Connection 5 7 3 Checking the Configuration After an inter AS Martini VLL is configured you can view information about the local PW end and the remote PW end Prerequisite The configurations of the Inter AS Martini VLL function are complete Procedure l Run the display mpls l2vc vc id interface interface type interface number command to chec...

Page 489: ...emote info command You can find that Peer Addr is the peer address of the specified VC For example Quidway display mpls l2vc remote info Total remote ldp vc 1 Transport Group Peer Remote Remote C MTU N S VC ID ID Addr Encap VC Label Bit CELLS Bit Bit 100 0 3 3 3 9 vlan 23552 0 1500 1 0 5 8 Configuring the Inter AS Kompella VLL If the MPLS backbone network on which Kompella VLLs are configured span...

Page 490: ...ces in the MPLS backbone network of the ASs to implement IP networking of the backbone network devices in the same AS l Configuring the basic MPLS capacity on the MPLS backbone network of each AS l Configuring MPLS LDP and establishing LDP LSP for the MPLS backbone of each AS Data Preparation To configure the inter AS Kompella VLL you need the following data No Data 1 Scheme of the inter AS VPN 2 ...

Page 491: ...isher of the L2VPN is correct and the label allocation is complete For example Quidway display bgp l2vpn all BGP Local router ID 1 1 1 9 local AS number 100 Origin codes i IGP e EGP incomplete bgp l2vpn 1 destination Route Distinguisher 100 1 CE ID Label Offset Label Base nexthop pref as path 2 0 35850 3 3 3 9 0 100 Run the display mpls l2vpn connection command You can find that VPN name is correc...

Page 492: ... reliability functions as the master path and the path with the lower reliability functions as the backup path After the VLL FRR is configured L2VPN traffic is rapidly switched to the backup path when a fault occurs on the master path After the fault on the master path is rectified the L2VPN traffic is switched back to the master path according to the revertive switchover policy NOTE For asymmetri...

Page 493: ...rimary route the greater the value the lower the preference by using the ip route static dest ip address mask out interface preference preference value command Data Preparation To configure VLL FRR you need the following data No Data 1 Delay for revertively switching traffic when faults are cleared and the delay for advertising fault recovery by default the delay for revertively switching traffic ...

Page 494: ... l2vc ip address pw template pw template name vc id group id group id tunnel policy policy name control word no control word raw tagged mtu mtu value secondary The backup PW is configured NOTE l Both master and backup PWs need to be configured on the PE to which a CE is single homed Only the master PW needs to be configured on the PE to which a CE is dual homed l Master and backup PWs must have di...

Page 495: ...nfigured on the same AC interface that connects a PE to a CE End 5 9 3 Optional Configuring Fast Fault Notification Physical Layer Fault Notification Physical layer fault notification expedites fault detection and notification Context The S7700 supports physical layer fault notification which can be configured only on the Ethernet main interface Configure physical layer fault notification on the P...

Page 496: ...nfiguration Guide MPLS 5 9 5 Optional Configuring the Revertive Switchover The revertive switching policies can be classified into three modes immediate revertive mode delayed revertive mode and non revertive mode By default the revertive switching policy is in delayed revertive mode Context When CEs are connected to PEs asymmetrically do as follows on the PE where traffic is switched to which a C...

Page 497: ...ration Procedure l Run the display mpls l2vc vc id interface interface type interface number command to view information about the local end of the Martini VC l Run the display mpls l2vc remote info vc id command to view information about the remote end of the Martini VC l Run the display mpls l2vpn connection vpn name remote ce ce id down up verbose summary interface interface type interface numb...

Page 498: ...s up Administrator PW no session state up AC state up VC state up VC ID 200 VC type VLAN destination 11 11 11 11 local group ID 0 remote group ID 0 local VC label 23552 remote VC label 23552 local AC OAM State up local PSN State up local forwarding state forwarding local status code 0x0 remote AC OAM state up remote PSN state up remote forwarding state forwarding BFD for PW available manual fault ...

Page 499: ...the backup PW is false The BFD session is Up Quidway display mpls l2vpn connection interface vlanif 11 conn type remote local vc state up remote vc state up local ce id 1 local ce name ce1 remote ce id 2 intf state encap Vlanif11 up vlan peer id 3 3 3 3 route distinguisher 100 2 local vc label 23552 remote vc label 23553 tunnel policy p1 primary or secondary primary forwardEntry exist or not true ...

Page 500: ...ABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID 23552 LSP SEND INACTIVE UP UP TRUE 1 8 0x10004 1 Record s Found 5 10 Maintaining VLL This section describes how to maintain a VLL Detailed operations include resetting the BGP connection of the VLL and monitoring the L2VPN running status 5 10 1 Enabling Traffic Statistics on the VLL This section describes how to enable the function ...

Page 501: ...ic statistics on the specified interface are reset End 5 10 4 Resetting BGP TCP Connections of VLL If the BGP L2VPN application and other applications share the same TCP connection resetting the BGP connection of the VLL causes the reset of BGP peer relationships of all applications on this TCP connection Therefore confirm the action with caution Context CAUTION If the BGP L2VPN application and ot...

Page 502: ...s verbose route distinguisher route distinguisher ce id ce id label offset label offset command to check BGP information about a Kompella VLL l Run the display mpls l2vpn connection vpn name remote ce ce id down up verbose summary interface interface type interface number command to check information about a Kompella VLL End 5 10 6 Debugging VLL When a VLL fault occurs run the relevant debugging c...

Page 503: ...After that VCCV in control word channel mode is enabled When locating the fault on the VLL network in Martini mode you can use either VCCV in control word channel mode or VCCV in normal mode Procedure l Checking the connectivity of the VLL network in Martini mode Control word channel ping vc pw type pw id c echo number m time value s data bytes t timeout value exp exp value r reply mode v control ...

Page 504: ...ce vpn name local ce id remote ce id exp exp value f first ttl m max ttl r reply mode t timeout value control word draft6 full lsp path Label Alert channel tracert vc vpn instance vpn name local ce id remote ce id exp exp value f first ttl m max ttl r reply mode t timeout value label alert full lsp path End 5 11 Configuration Examples Each configuration example consists of such information as the ...

Page 505: ...reate a local connection between CE1 and CE2 on PE The local CCC connection is bidirectional so only one connection is needed Data Preparation IP addresses of the interfaces Procedure Step 1 Configure CEs Configure CE1 Quidway system view Quidway sysname CE1 CE1 vlan 10 CE1 Vlan10 quit CE1 interface gigabitethernet 1 0 0 CE1 GigabitEthernet1 0 0 port link type trunk CE1 GigabitEthernet1 0 0 port t...

Page 506: ...2 0 0 port hybrid pvid vlan 20 PE GigabitEthernet2 0 0 port hybrid tagged vlan 20 PE GigabitEthernet2 0 0 quit Create a local connection between CE1 and CE2 PE interface vlanif 10 PE Vlanif10 quit PE interface vlanif 20 PE Vlanif20 quit PE ccc ce1 ce2 interface vlanif 10 out interface vlanif 20 Step 3 Verify the configuration After the configuration display the CCC information on the PE You can se...

Page 507: ...ax 10 76 180 ms End Configuration Files l Configuration file of CE1 sysname CE1 vlan batch 10 interface Vlanif 10 ip address 100 1 1 1 255 255 255 0 interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 10 return l Configuration file of PE sysname PE vlan batch 10 20 mpls lsr id 1 1 1 9 mpls mpls l2vpn interface Vlanif10 interface Vlanif20 interface GigabitEthernet1 0 0 po...

Page 508: ...o static LSPs on P to exchange packets Figure 5 5 Networking diagram for configuring remote CCC connection Loopback1 2 2 2 9 32 CCC remote connection GE 2 0 0 GE 2 0 0 GE1 0 0 GE 1 0 0 GE 1 0 0 GE 2 0 0 GE 1 0 0 GE 1 0 0 P PE2 PE1 CE 1 CE 2 O Label 200 I Label 200 O Label 201 I Label 201 I Label 100 O Label 100 I Label 101 O Label 101 CE 1 to CE 2 CE 2 to CE 1 Loopback1 1 1 1 9 32 Loopback1 3 3 3 ...

Page 509: ... the configuration you need the following data l Out label and in label of the remote CCC connection Pay attention to the mapping between the in labels and out labels on the PE and P For the settings of the out label and the in label see Figure 5 5 Procedure Step 1 Configure the ID of the VLAN that each interface belongs to as shown in Figure 5 5 The configuration procedure is not mentioned here N...

Page 510: ... interface loopback 1 PE2 LoopBack1 ip address 3 3 3 9 32 PE2 LoopBack1 quit PE2 interface vlanif 30 PE2 Vlanif30 ip address 10 2 2 1 24 PE2 Vlanif30 quit Step 4 Configure the basic MPLS capabilities on the MPLS backbone network Configure PE1 PE1 mpls lsr id 1 1 1 9 PE1 mpls PE1 mpls quit PE1 interface vlanif 20 PE1 Vlanif20 mpls PE1 Vlanif20 quit Configure the P P mpls lsr id 2 2 2 9 P mpls P mpl...

Page 511: ...2 2 1 out label 201 P static lsp transit PE2 PE1 incoming interface vlanif 30 in label 101 nexthop 10 1 1 1 out label 100 Step 7 Verify the configuration After the configuration display information about the CCC connection on the PEs You can find that a remote CCC connection is set up on each of PE1 and PE2 and the status of the connection is Up PE1 display vll ccc total ccc vc 1 local ccc vc 0 0 ...

Page 512: ...rom 100 1 1 2 bytes 56 Sequence 5 ttl 255 time 92 ms 100 1 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 52 67 92 ms End Configuration Files l Configuration file of CE1 sysname CE1 vlan batch 10 interface Vlanif10 ip address 100 1 1 1 255 255 255 0 interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 10 return l Con...

Page 513: ... 20 port hybrid tagged vlan 20 interface LoopBack1 ip address 2 2 2 9 255 255 255 255 static lsp transit PE1 PE2 incoming interface Vlanif 20 in label 200 nexthop 10 2 2 1 out label 201 static lsp transit PE2 PE1 incoming interface Vlanif 30 in label 101 nexthop 10 1 1 1 out label 100 return l Configuration file of PE2 sysname PE2 vlan batch 30 40 mpls lsr id 3 3 3 9 mpls mpls l2vpn interface Vlan...

Page 514: ... set up between CE1 and CE2 The SVC connection is created on PEs and the VC label is specified Figure 5 6 Networking diagram for configuring SVC VLL GE 2 0 0 GE 2 0 0 GE 1 0 0 GE 1 0 0 GE 1 0 0 GE 2 0 0 GE 1 0 0 GE 1 0 0 P PE 2 PE 1 CE 1 CE 2 Loopback 1 1 1 1 9 32 Loopback 1 3 3 3 9 32 Loopback 1 2 2 2 9 32 SVC connection Device Interface VLANIF interface IP address PE1 GigabitEthernet1 0 0 VLANIF...

Page 515: ... addresses for CE PE and P according to Figure 5 6 including VLAN interfaces and VLANIF interfaces The configuration procedure is not mentioned Step 2 Configure IGP on the MPLS backbone network In this example OSPF is used When configuring OSPF advertise the 32 bit addresses of loopback interfaces on PEs and P The loopback interface addresses are the LSR IDs The configuration procedure is not ment...

Page 516: ...tus LAM SsnRole SsnAge KASent Rcv 2 2 2 9 0 Operational DU Passive 0000 00 05 22 22 TOTAL 1 session s Found Step 4 Enable MPLS L2VPN and create static VCs on PEs Configure PE1 Create a static VC on VLANIF 10 which is connected to CE1 PE1 mpls l2vpn PE1 l2vpn quit PE1 interface vlanif 10 PE1 Vlanif10 mpls static l2vc destination 3 3 3 9 transmit vpn label 100 receive vpn label 200 PE1 Vlanif10 quit...

Page 517: ...ype static vc up Total ccc interface of SVC VC 1 up 1 down 0 Interface Encap Type State VC Type Vlanif10 vlan up static vc CE1 and CE2 can ping each other CE1 ping 100 1 1 2 PING 100 1 1 2 56 data bytes press CTRL_C to break Reply from 100 1 1 2 bytes 56 Sequence 1 ttl 255 time 46 ms Reply from 100 1 1 2 bytes 56 Sequence 2 ttl 255 time 91 ms Reply from 100 1 1 2 bytes 56 Sequence 3 ttl 255 time 7...

Page 518: ...ss 1 1 1 9 255 255 255 255 ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 network 10 1 1 0 0 0 0 255 return l Configuration file of P sysname P vlan batch 20 30 mpls lsr id 2 2 2 9 mpls mpls ldp interface Vlanif20 ip address 10 1 1 2 255 255 255 0 mpls mpls ldp interface Vlanif30 ip address 10 2 2 2 255 255 255 0 mpls mpls ldp interface GigabitEthernet1 0 0 port hybrid pvid vlan 30 port hybrid tagged...

Page 519: ...hernet1 0 0 port hybrid pvid vlan 30 port hybrid tagged vlan 30 interface GigabitEthernet2 0 0 port hybrid pvid vlan 40 port hybrid tagged vlan 40 interface LoopBack1 ip address 3 3 3 9 255 255 255 255 ospf 1 area 0 0 0 0 network 3 3 3 9 0 0 0 0 network 10 2 2 0 0 0 0 255 return l Configuration file of CE2 sysname CE2 vlan batch 40 interface Vlanif40 ip address 100 1 1 2 255 255 255 0 interface Gi...

Page 520: ...24 Loopback1 1 1 1 9 32 PE2 GigabitEthernet1 0 0 VLANIF 30 10 2 2 1 24 GigabitEthernet2 0 0 VLANIF 40 Loopback1 3 3 3 9 32 P GigabitEthernet1 0 0 VLANIF 30 10 2 2 2 24 GigabitEthernet2 0 0 VLANIF 20 10 1 1 2 24 Loopback1 2 2 2 9 32 CE1 GigabitEthernet1 0 0 VLANIF 10 100 1 1 1 24 CE2 GigabitEthernet1 0 0 VLANIF 40 100 1 1 2 24 Configuration Roadmap The configuration roadmap is as follows 1 Configur...

Page 521: ...r command you can see that the status of the OSPF adjacency is Full Run the display ip routing table command and you can see that the PEs can learn the routes of each other s Loopback1 interface Step 3 Configure the basic MPLS capability and MPLS LDP on the MPLS network Configure PE1 PE1 mpls lsr id 1 1 1 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit PE1 interface vlanif 20 PE1 Vlanif20 ...

Page 522: ...ent Rcv 2 2 2 9 0 Operational DU Passive 0000 00 09 40 40 3 3 3 9 0 Operational DU Passive 0000 00 09 37 37 TOTAL 2 session s Found Step 5 Enable MPLS L2VPN on the PE and establish VCs Configure PE1 Create a VC on VLANIF 10 which is connected to CE1 PE1 mpls l2vpn PE1 l2vpn mpls l2vpn default martini PE1 l2vpn quit PE1 interface vlanif 10 PE1 Vlanif10 mpls l2vc 3 3 3 9 101 PE1 Vlanif10 quit Config...

Page 523: ... 0 days 22 hours 54 minutes 57 seconds last change time 0 days 22 hours 54 minutes 57 seconds VC last up time 2010 10 09 19 26 37 VC total up time 1 days 20 hours 42 minutes 30 seconds CKey 8 NKey 3 PW redundancy mode AdminPw interface AdminPw link state CE1 and CE2 can ping each other Take the display on CE1 for example CE1 ping 100 1 1 2 PING 100 1 1 2 56 data bytes press CTRL_C to break Reply f...

Page 524: ...pls ldp interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 10 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 20 interface LoopBack1 ip address 1 1 1 9 255 255 255 255 ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 network 10 1 1 0 0 0 0 255 return l Configuration file of P sysname P vlan batch 20 30 mpls lsr id 2 2 2 9 mpls mpls ldp interfac...

Page 525: ...n default martini mpls ldp mpls ldp remote peer 1 1 1 9 remote ip 1 1 1 9 interface Vlanif 30 ip address 10 2 2 1 255 255 255 0 mpls mpls ldp interface Vlanif 40 mpls l2vc 1 1 1 9 101 interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 30 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 40 interface LoopBack1 ip address 3 3 3 9 255 255 255 2...

Page 526: ... CE2 PE GE1 0 0 GE2 0 0 GE1 0 0 GE1 0 0 Loopback1 1 1 1 9 32 Kompella local connection Device Interface VLANIF interface IP address PE GigabitEthernet1 0 0 VLANIF 10 GigabitEthernet2 0 0 VLANIF 20 Loopback1 1 1 1 9 32 CE1 GigabitEthernet1 0 0 VLANIF 10 30 1 1 1 24 CE2 GigabitEthernet1 0 0 VLANIF 20 30 1 1 2 24 Configuration Roadmap The configuration roadmap is as follows 1 Enable MPLS on the PEs 2...

Page 527: ... ce vpn1 ce1 connection ce offset 2 interface vlanif 10 PE mpls l2vpn ce vpn1 ce1 quit PE mpls l2vpn vpn1 ce ce2 id 2 range 10 PE mpls l2vpn ce vpn1 ce2 connection ce offset 1 interface vlanif 20 PE mpls l2vpn ce vpn1 ce2 quit PE mpls l2vpn vpn1 quit Step 3 Verify the configuration After the configuration run the display mpls l2vpn connection command on the PE You can see that two L2VPN connection...

Page 528: ... batch 10 interface Vlanif10 ip address 30 1 1 1 255 255 255 0 interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 10 return l Configuration file of PE sysname PE vlan batch 10 20 mpls lsr id 1 1 1 9 mpls mpls l2vpn interface Vlanif10 interface Vlanif20 ip address 10 1 1 1 255 255 255 0 mpls interface GigabitEthernet1 0 0 port hybrid pvid vlan 10 port hybrif tagged vlan ...

Page 529: ...L GE 2 0 0 GE 1 0 0 GE 2 0 0 GE 1 0 0 GE 1 0 0 P PE 2 PE 1 CE 1 CE 2 GE 2 0 0 GE 1 0 0 GE 1 0 0 Loopback1 1 1 1 9 32 Loopback1 2 2 2 9 32 Loopback1 3 3 3 9 32 Kompella Remote Device Interface VLANIF interface IP address PE1 GigabitEthernet1 0 0 VLANIF 10 GigabitEthernet2 0 0 VLANIF 20 168 1 1 1 24 Loopback1 1 1 1 9 32 PE2 GigabitEthernet1 0 0 VLANIF 30 169 1 1 2 24 GigabitEthernet2 0 0 VLANIF 40 L...

Page 530: ...ust have VLAN tags Step 2 Configure an IGP protocol on the MPLS backbone network In this example OSPF is used as the IGP protocol When configuring OSPF advertise the 32 bit addresses of loopback interfaces on PEs and P The loopback interface addresses are the LSR IDs The configuration procedure is not mentioned here After the configuration run the display ip routing table command on each LSR You c...

Page 531: ... procedure is not mentioned here After the configuration run the display mpls ldp session and display mpls ldp peer commands on each LSR You can see information about the LDP session and peers Take the display on PE1 for example PE1 display mpls ldp session LDP Session s in Public Network Codes LAM Label Advertisement Mode SsnAge Unit DDDD HH MM A before a session means the session is being delete...

Page 532: ...her 100 1 PE1 mpls l2vpn vpn1 vpn target 1 1 PE1 mpls l2vpn vpn1 ce ce1 id 1 range 10 PE1 mpls l2vpn ce vpn1 ce1 connection ce offset 2 interface vlanif 10 PE1 mpls l2vpn ce vpn1 ce1 quit PE1 mpls l2vpn vpn1 quit Configure PE2 PE2 mpls l2vpn vpn1 encapsulation vlan PE2 mpls l2vpn vpn1 route distinguisher 100 1 PE2 mpls l2vpn vpn1 vpn target 1 1 PE2 mpls l2vpn vpn1 ce ce2 id 2 range 10 PE2 mpls l2v...

Page 533: ...acket loss round trip min avg max 34 68 94 ms End Configuration Files l Configuration file of CE1 sysname CE1 vlan batch 10 interface Vlanif10 ip address 30 1 1 1 255 255 255 0 interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 10 return l Configuration file of PE1 sysname PE1 vlan batch 10 20 mpls lsr id 1 1 1 9 mpls mpls l2vpn mpls ldp interface Vlanif10 interface Vla...

Page 534: ...5 return l Configuration file of P sysname P vlan batch 20 30 mpls lsr id 2 2 2 9 mpls mpls ldp interface VLanif20 ip address 168 1 1 2 255 255 255 0 mpls mpls ldp interface Vlanif30 ip address 169 1 1 1 255 255 255 0 mpls mpls ldp interface GigabitEthernet1 0 0 port hybrid pvid vlan 20 port hybrid tagged vlan 20 interface GigabitEthernet2 0 0 port hybrid pvid vlan 30 port hybrid tagged vlan 30 in...

Page 535: ...munity ce ce2 id 2 range 10 default offset 0 connection ce offset 1 interface Vlanif40 interface LoopBack1 ip address 3 3 3 9 255 255 255 255 bgp 100 peer 1 1 1 9 as number 100 peer 1 1 1 9 connect interface LoopBack1 ipv4 family unicast undo synchronization peer 1 1 1 9 enable l2vpn family policy vpn target peer 1 1 1 9 enable ospf 1 area 0 0 0 0 network 3 3 3 9 0 0 0 0 network 169 1 1 0 0 0 0 25...

Page 536: ...GE1 0 0 GE1 0 0 GE2 0 0 CE1 CE2 PE2 Loopback0 2 2 2 9 32 Loopback0 1 1 1 9 32 ASBR PE1 GE1 0 0 GE2 0 0 GE1 0 0 GE2 0 0 PE1 MPLS backbone AS 100 Device Interface VLANIF interface IP address PE1 GigabitEthernet1 0 0 VLANIF 10 GigabitEthernet2 0 0 VLANIF 20 10 1 1 1 24 Loopback0 1 1 1 9 32 PE2 GigabitEthernet1 0 0 VLANIF 40 30 1 1 2 24 GigabitEthernet2 0 0 VLANIF 50 Loopback0 4 4 4 9 32 ASBR PE1 Giga...

Page 537: ...VLANs to which the interfaces belong according to Figure 5 10 The configuration procedure is not mentioned Step 2 Configure an IGP protocol on the MPLS backbone network PEs and ASBR PEs on the backbone network can communicate with each other by using IGP In this example IS IS is used as IGP and the configuration procedure is not mentioned After the configuration the ASBR and PE in the same AS can ...

Page 538: ...it DDDD HH MM A before a session means the session is being deleted PeerID Status LAM SsnRole SsnAge KASent Rcv 1 1 1 9 0 Operational DU Active 0000 00 19 79 79 TOTAL 1 session s Found Step 4 Configure the MPLS L2VC connection Configure the L2VC connection on the PE and ASBR PE and connect the PE to the CE Configure PE1 PE1 mpls l2vpn PE1 l2vpn mpls l2vpn default martini PE1 l2vpn quit PE1 interfa...

Page 539: ...arding state forwarding local status code 0x0 remote AC OAM state up remote PSN state up remote forwarding state forwarding remote statuscode 0x0 BFD for PW disable manual fault not set active state active forwarding entry exist link state up local VC MTU 1500 remote VC MTU 1500 local VCCV Disable remote VCCV Disable local control word disable remote control word disable tunnel policy traffic beha...

Page 540: ...p time 0 days 0 hours 4 minutes 54 seconds last change time 0 days 0 hours 4 minutes 54 seconds VC last up time 20009 11 24 12 31 31 VC total up time 0 days 2 hours 12 minutes 51 seconds CKey 17 NKey 18 PW redundancy mode AdminPw interface AdminPw link state CE1 and CE2 can ping each other Take the display on CE1 for example CE1 ping 100 1 1 2 PING 100 1 1 2 56 data bytes press CTRL_C to break Rep...

Page 541: ...le 1 mpls mpls ldp interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 10 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 20 interface LoopBack0 ip address 1 1 1 9 255 255 255 255 isis enable 1 return l Configuration file of ASBR PE1 sysname ASBR PE1 vlan batch 20 30 mpls lsr id 2 2 2 9 mpls mpls l2vpn mpls l2vpn default martini mpls ldp is...

Page 542: ...i mpls ldp isis 1 network entity 10 0000 0000 0003 00 interface Vlanif30 mpls l2vc 4 4 4 9 100 interface Vlanif40 ip address 30 1 1 1 255 255 255 0 isis enable 1 mpls mpls ldp interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 30 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 40 interface LoopBack0 ip address 3 3 3 9 255 255 255 255 isis ...

Page 543: ...sysname CE2 vlan batch 50 interface Vlanif 50 ip address 100 1 1 2 255 255 255 0 interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 50 return 5 11 8 Example for Configuring the Inter AS Kompella VLL Option A Networking Requirements As shown in Figure 5 11 the devices on the MPLS backbone network use OSPF as IGP to realize the communication between the devices in the sam...

Page 544: ...back1 4 4 4 9 32 ASBR PE1 GigabitEthernet1 0 0 VLANIF 20 20 1 1 2 24 GigabitEthernet2 0 0 VLANIF 30 Loopback1 2 2 2 9 32 ASBR PE2 GigabitEthernet1 0 0 VLANIF 30 GigabitEthernet2 0 0 VLANIF 40 40 1 1 1 24 Loopback1 3 3 3 9 32 CE1 GigabitEthernet1 0 0 VLANIF 10 10 1 1 1 24 CE2 GigabitEthernet1 0 0 VLANIF 50 10 1 1 2 24 Configuration Roadmap The configuration roadmap is as follows 1 Run an IGP protoc...

Page 545: ...the Loopback1 addresses of each other Take the display on PE1 for example PE1 display ip routing table Route Flags R relied D download to fib Routing Tables Public Destinations 9 Routes 9 Destination Mask Proto Pre Cost Flags NextHop Interface 1 1 1 1 32 Direct 0 0 D 127 0 0 1 InLoopBack0 2 2 2 2 32 OSPF 10 2 D 20 1 1 2 Vlanif20 20 1 1 0 30 Direct 0 0 D 20 1 1 1 Vlanif20 20 1 1 1 32 Direct 0 0 D 1...

Page 546: ...s between PE1 and ASBR PE1 and between PE2 and ASBR PE2 Configure PE1 PE1 bgp 100 PE1 bgp peer 2 2 2 2 as number 100 PE1 bgp peer 2 2 2 2 connect interface LoopBack 1 PE1 bgp quit Configure ASBR PE1 ASBR PE1 bgp 100 ASBR PE1 bgp peer 1 1 1 1 as number 100 ASBR PE1 bgp peer 1 1 1 1 connect interface loopback 1 ASBR PE1 bgp quit Configure ASBR PE2 ASBR PE2 bgp 200 ASBR PE2 bgp peer 4 4 4 4 as number...

Page 547: ...le MPLS L2VPN on the PEs and ASBR PEs l Create VPN instances and CE connections on PE1 and PE2 l Configure IP addresses in the same network segment for the interfaces through which CE1 and CE2 access the PEs Configure PE1 PE1 mpls l2vpn PE1 l2vpn quit PE1 mpls l2vpn vpn1 encapsulation vlan PE1 mpls l2vpn vpn1 route distinguisher 100 1 PE1 mpls l2vpn vpn1 mtu 1500 PE1 mpls l2vpn vpn1 vpn target 1 1...

Page 548: ...interface vlanif 50 PE2 mpls l2vpn ce vpn1 ce4 quit PE2 mpls l2vpn vpn1 quit Configure CE1 CE1 interface vlanif 10 CE1 Vlanif10 ip address 10 1 1 1 255 255 255 0 CE1 Vlanif10 quit Configure CE2 CE2 interface vlanif 50 CE2 Vlanif50 ip address 10 1 1 2 255 255 255 0 CE2 Vlanif50 quit Step 7 Verify the configuration Display information about the L2VPN connection on PE1 You can see that an L2VC is set...

Page 549: ... invalid BFD for LSP state true Local C bit is not set Remote C bit is not set tunnel type lsp tunnel id 0x10001 CE1 and CE2 can ping each other CE1 ping 10 1 1 2 PING 10 1 1 2 56 data bytes press CTRL_C to break Reply from 10 1 1 2 bytes 56 Sequence 1 ttl 255 time 125 ms Reply from 10 1 1 2 bytes 56 Sequence 2 ttl 255 time 125 ms Reply from 10 1 1 2 bytes 56 Sequence 3 ttl 255 time 94 ms Reply fr...

Page 550: ...100 1 vpn target 1 1 import extcommunity vpn target 1 1 export extcommunity ce ce1 id 1 range 10 default offset 0 connection ce offset 2 interface Vlanif10 interface LoopBack1 ip address 1 1 1 1 255 255 255 255 bgp 100 peer 2 2 2 2 as number 100 peer 2 2 2 2 connect interface LoopBack1 ipv4 family unicast undo synchronization peer 2 2 2 2 enable l2vpn family policy vpn target peer 2 2 2 2 enable o...

Page 551: ...ace Vlanif30 interface LoopBack1 ip address 2 2 2 2 255 255 255 255 bgp 100 peer 1 1 1 1 as number 100 peer 1 1 1 1 connect interface LoopBack1 ipv4 family unicast undo synchronization peer 1 1 1 1 enable l2vpn family policy vpn target peer 1 1 1 1 enable ospf 1 area 0 0 0 0 network 2 2 2 2 0 0 0 0 network 20 1 1 0 0 0 0 3 return l Configuration file of ASBR PE2 sysname ASBR PE2 vlan batch 30 40 m...

Page 552: ...er 200 1 vpn target 1 1 import extcommunity vpn target 1 1 export extcommunity ce ce3 id 3 range 10 default offset 0 connection ce offset 4 interface Vlanif30 return l Configuration file of PE2 sysname PE2 vlan batch 40 50 mpls lsr id 4 4 4 4 mpls mpls l2vpn mpls ldp interface Vlanif40 ip address 40 1 1 2 255 255 255 0 mpls mpls ldp interface Vlanif50 interface GigabitEthernet1 0 0 port link type ...

Page 553: ...target 1 1 import extcommunity vpn target 1 1 export extcommunity ce ce4 id 4 range 10 default offset 0 connection ce offset 3 interface Vlanif50 return l Configuration file of CE2 sysname CE2 vlan batch 50 interface Vlanif 50 ip address 10 1 1 2 255 255 255 0 interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 50 return Quidway S7700 Smart Routing Switch Configuration G...

Page 554: ...s L2VPN packets between PEs without using a signaling protocol 6 5 Configuring a Dynamic PW This section describes how to configure a dynamic PW To configure a dynamic PW extended LDP needs to be used to transmit Layer 2 information and VC labels 6 6 Configuring PW Switching This section describes how to configure a multi hop switching PW When the multi hop switching PW forwards traffic PW label s...

Page 555: ...6 11 Configuring Inter AS PWE3 This section describes how to configure inter AS PWE3 After inter AS PWE3 is configured the MPLS backbone network that bears PWE3 can span multiple ASs 6 12 Maintaining PWE3 This section describes how to maintain PWE3 Detailed operations include PW connectivity detection and PW fault location 6 13 Configuration Examples You can learn the configuration procedures base...

Page 556: ...e PWE3 framework Figure 6 1 PWE3 framework PE1 PE2 CE2 CE1 AC PSN AC PW PSN Tunnel The relevant terms defined in the RFC are explained as follows l Provider Edge PE device l Customer Edge CE device l Provider P It is a device on the backbone network of a service provider l Attachment Circuit AC It is an unshared link or circuit that connects a CE and a PE An AC can be either physical or virtual Th...

Page 557: ...ponding CE through a VC ID A VC can be established only when the tunnel between two PEs is successfully set up and label interchanging and binding are completed The LDP PW uses LDP as the signaling protocol to send PW messages The LDP PW requires switching PWs to complete the MH PW The tunnel used to set up an LDP PW can be an LDP LSP a CR LSP or a GRE tunnel By default an LDP LSP is used LDP PW m...

Page 558: ... For example if an AC on a PE flaps the Notification packet is sent to notify the AC status After receiving the packet the peer does not dismantle the VC However in the Martini mode the Withdraw packet is sent repeatedly Thus the PW is set up and dismantled repeatedly NOTE PWE3 supports Notification mode to negotiate PW state information The Withdraw packet is compatible with withdraw labels in PW...

Page 559: ...ithdraw message PE2 tears down the PW and responds with a Release message After receiving the Release message PE1 releases the label and tears down the PW SH PW and MH PW l SH PW An SH PW is set up between two U PEs That is switching labels at PW label layer is not required as shown in Figure 6 4 Figure 6 4 Networking diagram of an SH PWE3 CE1 CE2 U PE1 U PE2 P PW100 l MH PW Quidway S7700 Smart Ro...

Page 560: ...it Connectivity Verification VCCV The CW and VCCV are sent from two U PEs to the S PE through labels BFD for PW The Bidirectional Forwarding Detection BFD can fast detect a PW between the local PE and remote PE to enable PW Fast Reroute FRR This lessens the impact of any link faults on services l Static BFD for PW After being encapsulated by PWs BFD control packets are transmitted on PWs PWs disti...

Page 561: ... ping packet Version Number Must Be Zero Message Type Reply Mode Return Code Returen Subcode Sender s Handle Sequence Number Timestamp Sent Seconds Timestamp Sent Microseconds Timestamp Receive Seconds Timestamp Receive Microseconds TLVs PWE3 FRR With the board applications of PWE3 the requirement for network reliability becomes increasingly higher especially for L2VPNs that bear real time service...

Page 562: ...BRs The user exclusively uses the link between the ASBRs l Inter AS PWE3 Option C The PEs advertise the VPN IPv4 routes through multi hop MP EBGP The S7700 supports the Inter AS PWE3 Option A In Option A the ASBRs of the two ASs are directly connected The ASBRs are the PEs of their respective ASs The two ASBRs consider the peer ASBRs as their CE devices Figure 6 8 Networking diagram of inter AS PW...

Page 563: ...ssified into SH PWs and MH PWs based on different networking types Similarly PWE3 tracert is classified into PWE3 SH tracecert and PWE3 MH tracert l Basic principle PWE3 SH Tracert As shown in Figure 6 9 CE1 and CE4 belong to VPN 1 CE2 and CE3 belong to VPN 2 the LSP from PE1 to PE4 is PE1 P PE4 the LSP from PE2 to PE3 is PE2 P PE3 Figure 6 9 Networking diagram of PWE3 SH tracert CE1 CE2 CE3 CE4 P...

Page 564: ... paths generated by the protocol you can judge whether or not there is an error If the PWE3 tracert obtains only information about PE4 TTL 2 instead of information about P TTL 1 it indicates that P does not support MPLS ping If the PWE3 tracert obtains only information about P TTL 1 instead of information about PE4 TTL 2 it indicates that PE4 or the link between P and PE4 is faulty If the PWE3 tra...

Page 565: ...faulty node At the same time MPLS tracert can be used to collect important information about each node on the entire LSP such as assigned labels l PWE3 ping The principle of PWE3 ping is similar to that of MPLS ping and IP ping The difference lies in that PWE3 ping uses a PW to forward MPLS echo request packets to judge whether the PW can be used to forward packets When MPLS ping succeeds PWE3 pin...

Page 566: ...s better for an MH PW l Supporting the PW to be configured on a VLANIF interface XGE interface GE interface Ethernet interface Eth Trunk interface XGE sub interface GE sub interface Ethernet sub interface and Eth Trunk sub interface l Supporting the PWE3 configuration on Layer 2 devices 6 3 Configuring the Attributes of a PW Template This section describes how to import a PW template to simplify t...

Page 567: ...s 2 Optional Name of the tunnel policy 3 Optional Name and attributes of the PW template 6 3 2 Creating a PW Template When configuring PWE3 you can directly specify the IP address of the peer or import a PW template to set PW attributes Context Do as follows on the PEs on the two ends of the PW Procedure Step 1 Run system view The system view is displayed Step 2 Run mpls l2vpn MPLS L2VPN is enable...

Page 568: ... disabled the S7700 supports VCCV in Label Alert mode l If the control word is enabled the S7700 supports VCCV in both control word mode and Label Alert mode To enable VCCV in control word mode the control word needs to be enabled only on U PEs on a dynamic SH PW a dynamic MH PW or a static SH PW the control word needs to be enabled on U PEs and S PEs on a static MP PW or a mixed dynamic MP PW Ste...

Page 569: ...are complete Procedure l Run the display pw template pw template name command to check information about the PW template End Example Run the display pw template command You can view the configured PW template name and parameters For example Quidway display pw template Total PW template number 1 PW Template Name 1to3 PeerIP 3 3 3 3 Tnl Policy Name CtrlWord Enable MTU 1500 Max Atm Cells 1 ATM Pack O...

Page 570: ...uring an IGP on the MPLS backbone to implement IP interworking l Enabling MPLS on PEs l Establishing tunnels between PEs based on the tunnel policy Data Preparation To configure a static PW you need the following data No Data 1 Interface type and number of the interface connected to a CE 2 Destination LSR ID of a static PW 3 Label value received and sent in an L2VPN 4 Tunnel policy configured for ...

Page 571: ...to run the undo portswitch command to switch Layer 2 interfaces to Layer 3 interfaces Step 4 Run mpls static l2vc destination ip address pw template pw template name vc id transmit vpn label transmit label value receive vpn label receive label value tunnel policy tnl policy name control word no control word raw tagged A static PW is configured NOTE The parameters raw and tagged are specified in th...

Page 572: ...inutes 23 seconds VC last up time 2010 11 24 12 31 31 VC total up time 0 days 2 hours 12 minutes 51 seconds CKey 2 NKey 1 6 5 Configuring a Dynamic PW This section describes how to configure a dynamic PW To configure a dynamic PW extended LDP needs to be used to transmit Layer 2 information and VC labels 6 5 1 Establishing the Configuration Task Before configuring a dynamic PW familiarize yourself...

Page 573: ... Context Do as follows on PEs or U PEs Procedure Step 1 Run system view The system view is displayed Step 2 Run mpls l2vpn MPLS L2VPN is enabled Before configuring an MPLS L2VC connection enable MPLS L2VPN End 6 5 3 Creating a Dynamic PW A dynamic PW requires that IDs of the VCs with the same encapsulation type be unique In addition the backup PW can be configured only after the master PW is confi...

Page 574: ...of a PW ID and a PW type must be unique on one end of a PW but the PW IDs on both ends of a switch PW can be identical For a dynamic PW the VC ID of the same encapsulation type should be unique Changing encapsulation type may cause a VC ID conflict End 6 5 4 Checking the Configuration After a dynamic PW is configured you can view information about the PW Prerequisite The configurations of the dyna...

Page 575: ...ys 1 hours 57 minutes 30 seconds VC last up time 2010 12 10 20 33 37 VC total up time 0 days 1 hours 57 minutes 30 seconds CKey 9 NKey 8 PW redundancy mode AdminPw interface AdminPw link state Run the display mpls l2vc remote info command You can see that Peer Addr is the peer address of a specified VC For example Quidway display mpls l2vc remote info Total remote ldp vc 1 Transport Group Peer Rem...

Page 576: ...gnaling reflector Pre configuration Tasks Before configuring PW switching complete the following tasks l Enabling MPLS L2VPN on the PEs l 6 4 Configuring a Static PW on U PEs if the PW switching is between two static PWs l 6 5 Configuring a Dynamic PW on U PEs if the PW switching is between two dynamic PWs Data Preparation To configure PW switching you need the following data No Data 1 IP address ...

Page 577: ... PW encapsulation of S PE is consistent with that of U PE or not For the sake of management convenience it is recommended to configure the same PW encapsulation type on the devices along the PW U PE and S PE l Dynamic PW Switching Do as follows on the S PEs 1 Run system view The system view is displayed 2 Run mpls switch l2vc ip address vc id between ip address vc id encapsulation encapsulation ty...

Page 578: ... switching PW Prerequisite The configurations of the PW Switching function are complete Procedure l Run the display mpls switch l2vc ip address vc id encapsulation encapsulation type state down up command to check information about the PW switching on S PEs End Example Run the display mpls switch l2vc ip address vc id encapsulation encapsulation type state down up command You can view the VC statu...

Page 579: ...r PW fails traffic can be switched to the backup PW 6 7 1 Establishing the Configuration Task Before configuring a backup PW familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the required data This can help you complete the configuration task correctly and quickly Applicable Environment In the PWE3 FRR network where CEs are asymmetrically connecte...

Page 580: ... backup PW you need the following data No Data 1 Destination address and the VC ID of the backup PW 2 Optional Tunnel policy used by the backup PW 6 7 2 Configuring a Backup PW The encapsulation types of master and backup PWs must be the same but the backup VC ID and the master VC ID cannot be the same Context Do as follows on the PE to which a CE is connected through only one link NOTE The types ...

Page 581: ...sful the following results are displayed when the display mpls l2vc vc id interface interface type interface number remote info vc id state down up command is used on the PE to which a CE is connected through only one link l The statuses of the master and backup PWs are up l VC state of the master PW is active and VC state of the backup PW is inactive For example Quidway display mpls l2vc interfac...

Page 582: ...p local PSN state up local forwarding state forwarding local status code 0x0 remote AC OAM state up remote PSN state up remote forwarding state forwarding remote statuscode 0x0 BFD for PW available BFD sessionIndex 256 BFD state up manual fault not set active state inactive forwarding entry existent link state up local VC MTU 1500 remote VC MTU 1500 Local VCCV cw alert lsp ping bfd Remote VCCV cw ...

Page 583: ...at the upper layer are accelerated When the master and backup PWs are configured on a PE to protect links BFD sessions need to be set up to detect the master and backup PWs respectively When static BFD for PW is configured BFD can work only in asynchronous mode BFD control packets are encapsulated in PW control packets and PWs distinguish control packets and data packets according to the control w...

Page 584: ...is displayed Step 2 Run bfd for pw enable The sending of BFD for PW packets to the protocol stack is enabled End 6 8 4 Configuring BFD for PW You must configure or cancel static BFD for PW on both ends of a PW simultaneously otherwise the PW statuses on both PEs become inconsistent Context Do as follows on the PEs on the two ends of the PW to be detected Procedure Step 1 Run system view The system...

Page 585: ...inator of a BFD session cannot be modified after being configured To modify the local or remote discriminator of the BFD session run the undo bfd bfd name command in the system view to delete related BFD for PW configuration and then reconfigure it After the PW is deleted related configuration of the BFD session is deleted l BFD for PW must be configured or deleted on the PEs on the two ends of a ...

Page 586: ...0 verbose Session MIndex 256 State Up Name 1to2 Local Discriminator 12 Remote Discriminator 21 Session Detect Mode Asynchronous Mode Without Echo Function BFD Bind Type PW Master Bind Session Type Static Bind Peer Ip Address NextHop Ip Address Bind Interface Vlanif10 FSM Board Id 1 TOS EXP 6 Min Tx Interval ms 1000 Min Rx Interval ms 1000 Actual Tx Interval ms 1000 Actual Rx Interval ms 1000 Local...

Page 587: ...ts based on the control word Therefore during the BFD for PW configuration you need to enable the control word function Types of the PWs can be detected by using BFD are as follows l SH PWs l MH PWs Pre configuration Tasks Before configuring dynamic BFD for PW complete the following tasks l Configuring basic MPLS functions l Configuring PWs Data Preparation To configure dynamic BFD for PW you need...

Page 588: ...4 Configuring the Attributes of a PW Template To detect a PW based on a control word channel you must enable the control word function by using the PW template before configuring dynamic BFD for PW Context Do as follows on the PEs at the two ends of a PW Procedure Step 1 Run system view The system view is displayed Step 2 Run pw template pw template name The PW template view is displayed Step 3 Ru...

Page 589: ...et End 6 9 6 Configuring PWs A PW can be a static a dynamic or a switching PW Procedure Step 1 For detailed configuration see 6 4 Configuring a Static PW 6 5 Configuring a Dynamic PW or 6 6 Configuring PW Switching You can select one of the configurations as required End 6 9 7 Triggering Dynamic BFD for PW You must configure or cancel dynamic BFD for PW on both ends of a PW simultaneously otherwis...

Page 590: ...isplay bfd configuration pw interface interface type interface number secondary verbose command to check the BFD configuration l Run the display bfd session pw interface interface type interface number secondary verbose command to check information about the BFD session End Example Run the display bfd configuration pw interface interface type interface number secondary verbose command and you can ...

Page 591: ...Session Detect TmrID Session Init TmrID Session WTR TmrID Session Echo Tx TmrID PDT Index FSM 0 RCV 0 IF 0 TOKEN 0 Session Description Total UP DOWN Session Number 1 0 6 10 Configuring PWE3 FRR This section describes how to configure PW FRR After PW FRR is configured the L2VPN traffic can be timely switched to backup path as soon as the master path fails After the master path recovers the L2VPN tr...

Page 592: ...exchange routing information by using routing protocols you need to modify the cost or metric of the AC interface of the backup path to be greater than that of the AC interface of the master path The local CE cannot communicate with the peer CE but can communicate with other user devices l If the AC link is an Ethernet link the function of BFD for static routes need also be configured on CEs Data ...

Page 593: ...th Trunk interfaces as AC interfaces run this command to switch Layer 2 interfaces to Layer 3 interfaces Step 6 Run mpls l2vc ip address pw template pw template name vc id group id group id tunnel policy policy name control word no control word raw tagged mtu mtu value The primary PW is configured NOTE Before using a PW template to create a PW you need to configure a PW template For details refer ...

Page 594: ...e two PEs are different l To detect statuses of the tunnels that carry PWs you can configure BFD for tunnels For detailed configuration refer to the chapters Basic MPLS Configuration and MPLS TE Configuration in the Quidway S7700 Smart Routing Switch Configuration Guide MPLS 6 10 4 Optional Configuring the Revertive Switchover The revertive switching policies can be classified into three modes imm...

Page 595: ...E and a revertive switchover policy is also configured you cannot set resume time to be 0 seconds but be equal to or longer than one second End 6 10 5 Checking the Configuration After PW FRR is configured you can view information about the PW on the local and remote ends BFD sessions L2VPN forwarding and fault mapping between AC and PW Prerequisite The configurations of the PWE3 FRR function are c...

Page 596: ...0x48002004 create time 0 days 0 hours 12 minutes 47 seconds up time 0 days 0 hours 2 minutes 11 seconds last change time 0 days 0 hours 2 minutes 11 seconds VC last up time 2010 12 24 13 33 31 VC total up time 0 days 2 hours 12 minutes 51 seconds CKey 16 NKey 15 PW redundancy mode AdminPw interface AdminPw link state client interface Vlanif10 is up session state up AC state up VC state up VC ID 20...

Page 597: ...nterface interface type interface number secondary verbose command and you can view the status of the BFD session discriminators of the BFD session the type of the PW that is bound to the BFD session and the type of the BFD session For example Quidway display bfd session pw interface vlanif 10 verbose Session MIndex 257 State Up Name 1to3 Local Discriminator 13 Remote Discriminator 31 Session Dete...

Page 598: ...W is up l VC status of the master PW is Active and VC status of the backup PW is InActive l L2VPN data is switched to the master PW 6 11 Configuring Inter AS PWE3 This section describes how to configure inter AS PWE3 After inter AS PWE3 is configured the MPLS backbone network that bears PWE3 can span multiple ASs 6 11 1 Establishing the Configuration Task Before configuring inter AS PWE3 familiari...

Page 599: ...s heavier configuration workload which is not recommended Context The configurations of inter AS PWE3 Option A can be summarized as follows l 6 5 Configuring a Dynamic PW for each AS l Configuring the local ASBR by regarding the peer ASBR as its CE l No inter AS configuration is needed on the ASBRs l You need not configure the IP addresses on the interfaces that directly connected ASBRs The config...

Page 600: ...ing bfd Remote VCCV alert lsp ping bfd local control word disable remote control word disable tunnel policy name traffic behavior name PW template name primary or secondary primary VC tunnel token info 1 tunnels tokens NO 0 TNL type gre TNL ID 0x10003 create time 0 days 0 hours 2 minutes 23 seconds up time 0 days 0 hours 0 minutes 13 seconds last change time 0 days 0 hours 0 minutes 13 seconds VC ...

Page 601: ...the PW serving as an SPE is performing VCCV ping the PW serving as a UPE will be unable to perform VCCV ping That is two VCCV pings cannot be performed on a same device at the same time l The MTU check of the VC is not supported For an MH PW the local VC ID and VC type needs to be specified In the control word mode if VC IDs are different the VC ID of the remote UPE needs to be specified In the MP...

Page 602: ...configured you can locate any PW faults Context To locate a PW fault first configure basic PWE3 functions by using the PW template and then do as follows on each UPE Procedure Step 1 Run system view The system view is displayed Step 2 Run pw template pw template name The PW template view is displayed Step 3 Run control word The control word mode is enabled Step 4 Run any of the following commands ...

Page 603: ...to debug PWE3 display debugging information locate the fault and analyze the cause Context CAUTION Debugging affects system performance After debugging is complete run the undo debugging all command to disable debugging immediately In the case of operational faults run the debugging command in the user view to debug the PWE3 and locate the faults In the case of operational faults run the debugging...

Page 604: ... VLANIF interface IP address PE1 GigabitEthernet1 0 0 VLANIF 10 GigabitEthernet2 0 0 VLANIF 20 10 1 1 1 24 Loopback1 192 2 2 2 32 PE2 GigabitEthernet1 0 0 VLANIF 30 GigabitEthernet2 0 0 VLANIF 40 10 2 2 2 24 Loopback1 192 3 3 3 32 P GigabitEthernet1 0 0 VLANIF 20 10 1 1 2 24 GigabitEthernet2 0 0 VLANIF 40 10 2 2 1 24 Loopback1 192 4 4 4 32 CE1 GigabitEthernet1 0 0 VLANIF 10 100 1 1 1 24 CE2 Gigabi...

Page 605: ...bles Public Destinations 12 Routes 12 Destination Mask Proto Pre Cost Flags NextHop Interface 10 1 1 0 24 Direct 0 0 D 10 1 1 1 Vlanif20 10 1 1 1 32 Direct 0 0 D 127 0 0 1 InLoopBack0 10 1 1 255 32 Direct 0 0 D 127 0 0 1 InLoopBack0 10 2 2 0 24 OSPF 10 2 D 10 1 1 2 Vlanif20 127 0 0 0 8 Direct 0 0 D 127 0 0 1 InLoopBack0 127 0 0 1 32 Direct 0 0 D 127 0 0 1 InLoopBack0 127 0 0 255 32 Direct 0 0 D 12...

Page 606: ...ate a VC connection Enable MPLS L2VPN on PE1 and PE2 create a VC on each PE Configure PE1 PE1 mpls l2vpn PE1 l2vpn quit PE1 interface vlanif 10 PE1 Vlanif10 mpls l2vc 192 3 3 3 100 PE1 Vlanif10 quit Configure PE2 PE2 mpls l2vpn PE2 l2vpn quit PE2 interface vlanif 30 PE2 Vlanif30 mpls l2vc 192 2 2 2 100 PE2 Vlanif30 quit Step 5 Verify the configuration View information about the L2VPN connection on...

Page 607: ...erface AdminPw link state CE1 and CE2 can ping each other Take the display on CE1 for example CE1 ping 100 1 1 2 PING 100 1 1 2 56 data bytes press CTRL_C to break Reply from 100 1 1 2 bytes 56 Sequence 1 ttl 255 time 31 ms Reply from 100 1 1 2 bytes 56 Sequence 2 ttl 255 time 10 ms Reply from 100 1 1 2 bytes 56 Sequence 3 ttl 255 time 5 ms Reply from 100 1 1 2 bytes 56 Sequence 4 ttl 255 time 2 m...

Page 608: ... 255 255 ospf 1 area 0 0 0 0 network 192 2 2 2 0 0 0 0 network 10 1 1 0 0 0 0 255 return l Configuration file of P sysname P vlan batch 20 40 mpls lsr id 192 4 4 4 mpls mpls ldp interface Vlanif20 ip address 10 1 1 2 255 255 255 0 mpls mpls ldp interface Vlanif40 ip address 10 2 2 1 255 255 255 0 mpls mpls ldp interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 20 interf...

Page 609: ...net1 0 0 port link type trunk port trunk allow pass vlan 30 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 40 interface LoopBack0 ip address 192 3 3 3 255 255 255 255 ospf 1 area 0 0 0 0 network 192 3 3 3 0 0 0 0 network 10 2 2 0 0 0 0 255 return l Configuration file of CE2 sysname CE2 vlan batch 30 interface Vlanif30 ip address 100 1 1 2 255 255 255 0 interface Gig...

Page 610: ...ace VLANIF interface IP address U PE1 GigabitEthernet1 0 0 VLANIF 10 GigabitEthernet2 0 0 VLANIF 20 10 1 1 1 24 Loopback0 1 1 1 9 32 U PE2 GigabitEthernet1 0 0 VLANIF 50 40 1 1 2 24 GigabitEthernet2 0 0 VLANIF 60 Loopback0 5 5 5 9 32 P1 GigabitEthernet1 0 0 VLANIF 20 10 1 1 2 24 GigabitEthernet2 0 0 VLANIF 30 20 1 1 1 24 Loopback0 2 2 2 9 32 P2 GigabitEthernet1 0 0 VLANIF 40 30 1 1 2 24 GigabitEth...

Page 611: ...E P and S PE according to Figure 6 13 including VLAN and VLANIF interfaces The configuration procedure is not mentioned Step 2 Configure an IGP protocol on the MPLS backbone network The OSPF protocol is used in this example Configure interface addresses of the U PE S PE and P according to Figure 6 13 When configuring OSPF note that the 32 bit loopback interfaces of U PE1 S PE and U PE2 must be adv...

Page 612: ...configuration View information about the L2VPN connection on the PEs and you can see that an L2VC is set up and is in Up state Take U PE1 and S PE for example U PE1 display mpls static l2vc interface vlanif 10 Client Interface Vlanif10 is up AC Status up VC State up VC ID 100 VC Type VLAN Destination 3 3 3 9 Transmit VC Label 100 Receive VC Label 100 Control Word Disable VCCV Capabilty alert lsp p...

Page 613: ...from 100 1 1 2 bytes 56 Sequence 1 ttl 255 time 188 ms Reply from 100 1 1 2 bytes 56 Sequence 2 ttl 255 time 187 ms Reply from 100 1 1 2 bytes 56 Sequence 3 ttl 255 time 187 ms Reply from 100 1 1 2 bytes 56 Sequence 4 ttl 255 time 188 ms Reply from 100 1 1 2 bytes 56 Sequence 5 ttl 255 time 188 ms 100 1 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min ...

Page 614: ...Configuration file of P1 sysname P1 vlan batch 20 30 mpls lsr id 2 2 2 9 mpls mpls ldp interface Vlanif20 ip address 10 1 1 2 255 255 255 0 mpls mpls ldp interface Vlanif30 ip address 20 1 1 1 255 255 255 0 mpls mpls ldp interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 20 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 30 interface LoopB...

Page 615: ...thernet2 0 0 port link type trunk port trunk allow pass vlan 40 interface LoopBack0 ip address 3 3 3 9 255 255 255 255 ospf 1 area 0 0 0 0 network 20 1 1 0 0 0 0 255 network 30 1 1 0 0 0 0 255 network 3 3 3 9 0 0 0 0 return l Configuration file of P2 sysname P2 vlan batch 40 50 mpls lsr id 4 4 4 9 mpls mpls ldp interface Vlanif40 ip address 30 1 1 2 255 255 255 0 mpls mpls ldp interface Vlanif50 i...

Page 616: ...s mpls ldp interface Vlanif60 mpls static l2vc pw template pwt 100 transmit vpn label 200 receive vpn label 200 interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 50 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 60 interface LoopBack0 ip address 5 5 5 9 255 255 255 255 ospf 1 area 0 0 0 0 network 5 5 5 9 0 0 0 0 network 40 1 1 0 0 0 0 25...

Page 617: ... 0 0 GE1 0 0 GE2 0 0 GE1 0 0 GE2 0 0 GE1 0 0 GE2 0 0 GE1 0 0 GE2 0 0 GE1 0 0 GE1 0 0 GE2 0 0 PW 100 PW 200 CE1 P1 S PE P2 CE2 U PE1 U PE2 Device Interface VLANIF interface IP address U PE1 GigabitEthernet1 0 0 VLANIF 10 GigabitEthernet2 0 0 VLANIF 20 10 1 1 1 24 Loopback0 1 1 1 9 32 U PE2 GigabitEthernet1 0 0 VLANIF 50 40 1 1 2 24 GigabitEthernet2 0 0 VLANIF 60 Loopback0 5 5 5 9 32 P1 GigabitEther...

Page 618: ... MPLS LSR IDs of U PE1 S PE and U PE2 l IP addresses of the remote peers l Encapsulation type of the switching PW l Name and parameters of the PW template on U PEs Procedure Step 1 Configure interface addresses for CE U PE P and S PE according to Figure 6 14 including VLAN and VLANIF interfaces The configuration procedure is not mentioned Step 2 Configure an IGP protocol on the MPLS backbone netwo...

Page 619: ... example U PE1 ping 40 1 1 2 PING 40 1 1 2 56 data bytes press CTRL_C to break Reply from 40 1 1 2 bytes 56 Sequence 1 ttl 252 time 160 ms Reply from 40 1 1 2 bytes 56 Sequence 2 ttl 252 time 120 ms Reply from 40 1 1 2 bytes 56 Sequence 3 ttl 252 time 150 ms Reply from 40 1 1 2 bytes 56 Sequence 4 ttl 252 time 150 ms Reply from 40 1 1 2 bytes 56 Sequence 5 ttl 252 time 160 ms 40 1 1 2 ping statist...

Page 620: ...nif40 mpls P2 Vlanif40 mpls ldp P2 Vlanif40 quit P2 interface vlanif 50 P2 Vlanif50 mpls P2 Vlanif50 mpls ldp P2 Vlanif50 quit Configure U PE2 U PE2 mpls lsr id 5 5 5 9 U PE2 mpls U PE2 mpls quit U PE2 mpls ldp U PE2 mpls ldp quit U PE2 interface vlanif 50 U PE2 Vlanif50 mpls U PE2 Vlanif50 mpls ldp U PE2 Vlanif50 quit U PE2 mpls ldp remote peer 3 3 3 9 U PE2 mpls ldp remote 3 3 3 9 remote ip 3 3 ...

Page 621: ... Vlanif30 2 2 2 9 32 NULL 3 Vlanif30 2 2 2 9 32 1025 3 Vlanif30 4 4 4 9 32 NULL 3 Vlanif40 4 4 4 9 32 1027 3 Vlanif40 5 5 5 9 32 NULL 1027 Vlanif40 5 5 5 9 32 1026 1027 Vlanif40 Step 4 Create and configure the PW template Create a PW template on each U PE Enable the CW and LSP ping function Configure U PE1 U PE1 pw template pwt U PE1 pw template pwt peer address 3 3 3 9 U PE1 pw template pwt contr...

Page 622: ... ID 100 VC type VLAN destination 3 3 3 9 local group ID 0 remote group ID 0 local VC label 23552 remote VC label 23553 local AC OAM State up local PSN State up local forwarding state forwarding local status code 0x0 remote AC OAM state up remote PSN state up remote forwarding state forwarding remote status code 0x0 BFD for PW unavailable manual fault not set active state active forwarding entry ex...

Page 623: ...es 58 seconds VC last up time 2010 01 27 12 46 59 VC total up time 0 days 0 hours 0 minutes 24 seconds 2 Verify the connectivity of the PW Run the ping vc command on the U PE and you can see that the connectivity of the PW is normal Take the display on U PE1 for example U PE1 ping vc vlan 100 control word remote 200 Reply bytes 100 Sequence 1 time 740 ms Reply bytes 100 Sequence 2 time 90 ms Reply...

Page 624: ... 0 0 port link type trunk port trunk allow pass vlan 10 return l Configuration file of U PE1 sysname U PE1 vlan batch 10 20 mpls lsr id 1 1 1 9 mpls mpls l2vpn pw template pwt peer address 3 3 3 9 control word mpls ldp mpls ldp remote peer 3 3 3 9 remote ip 3 3 3 9 interface Vlanif10 mpls l2vc pw template pwt 100 interface Vlanif 20 ip address 10 1 1 1 255 255 255 0 mpls mpls ldp interface Gigabit...

Page 625: ...abitEthernet2 0 0 port link type trunk port trunk allow pass vlan 30 interface LoopBack0 ip address 2 2 2 9 255 255 255 255 ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 network 10 1 1 0 0 0 0 255 network 20 1 1 0 0 0 0 255 return l Configuration file of S PE sysname S PE vlan batch 30 40 mpls lsr id 3 3 3 9 mpls mpls l2vpn mpls switch l2vc 5 5 5 9 200 between 1 1 1 9 100 encapsulation vlan mpls ldp...

Page 626: ...e of P2 sysname P2 vlan batch 40 50 mpls lsr id 4 4 4 9 mpls mpls ldp interface Vlanif40 ip address 30 1 1 2 255 255 255 0 mpls mpls ldp interface Vlanif50 ip address 40 1 1 1 255 255 255 0 mpls mpls ldp interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 40 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 50 interface LoopBack0 ip address 4...

Page 627: ...ss vlan 50 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 60 interface LoopBack0 ip address 5 5 5 9 255 255 255 255 ospf 1 area 0 0 0 0 network 5 5 5 9 0 0 0 0 network 40 1 1 0 0 0 0 255 return l Configuration file of CE2 sysname CE2 vlan batch 60 interface Vlanif60 ip address 100 1 1 2 255 255 255 0 interface GigabitEthernet1 0 0 port link type trunk port trunk all...

Page 628: ... PW200 Device Interface VLANIF interface IP address U PE1 GigabitEthernet1 0 0 VLANIF 10 GigabitEthernet2 0 0 VLANIF 20 10 1 1 1 24 Loopback0 1 1 1 9 32 U PE2 GigabitEthernet1 0 0 VLANIF 50 40 1 1 2 24 GigabitEthernet2 0 0 VLANIF 60 Loopback0 5 5 5 9 32 P1 GigabitEthernet1 0 0 VLANIF 20 10 1 1 2 24 GigabitEthernet2 0 0 VLANIF 30 20 1 1 1 24 Loopback0 2 2 2 9 32 P2 GigabitEthernet1 0 0 VLANIF 40 30...

Page 629: ... attributes of the PW template used on U PE2 Procedure Step 1 Configure interface addresses for CE U PE P and S PE according to Figure 6 15 including VLAN and VLANIF interfaces The configuration procedure is not mentioned Step 2 Configure an IGP protocol on the MPLS backbone network The OSPF protocol is used in this example Configure addresses of the VLANIF interfaces on the U PE S PE and P accord...

Page 630: ...emplate pwt quit U PE2 interface vlanif 60 U PE2 Vlanif60 mpls static l2vc pw template pwt 200 transmit vpn label 100 receive vpn label 200 U PE2 Vlanif60 quit Step 5 Verify the configuration Display information about the L2VPN connection on PE You can see that an L2VC is set up and the VC status is Up Take the display on U PE1 and S PE for example U PE1 display mpls l2vc interface vlanif 10 clien...

Page 631: ...p ping bfd alert lsp ping bfd alert lsp ping bfd Switch l2vc tunnel info 1 tunnels for peer 1 1 1 9 NO 0 TNL Type lsp TNL ID 0x48002000 1 tunnels for peer 5 5 5 9 NO 0 TNL Type lsp TNL ID 0x48002004 CKey 44 1 NKey 43 3 Tunnel policy Create time 0 days 0 hours 10 minutes 59 seconds UP time 0 days 0 hours 55 minutes 45 seconds Last change time 0 days 0 hours 55 minutes 45 seconds VC last up time 201...

Page 632: ...e Vlanif20 ip address 10 1 1 1 255 255 255 0 mpls mpls ldp interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 10 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 20 interface LoopBack0 ip address 1 1 1 9 255 255 255 255 ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 network 1 1 1 9 0 0 0 0 return l Configuration file of P1 sysname P1 vlan b...

Page 633: ...30 40 mpls lsr id 3 3 3 9 mpls mpls l2vpn mpls switch l2vc 1 1 1 9 100 between 5 5 5 9 200 trans 200 recv 100 encapsulation vlan mpls ldp mpls ldp remote peer 1 1 1 9 remote ip 1 1 1 9 interface Vlanif30 ip address 20 1 1 2 255 255 255 0 mpls mpls ldp interface Vlanif40 ip address 30 1 1 1 255 255 255 0 mpls mpls ldp interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 30...

Page 634: ...thernet2 0 0 port link type trunk port trunk allow pass vlan 40 interface LoopBack0 ip address 4 4 4 9 255 255 255 255 ospf 1 area 0 0 0 0 network 4 4 4 9 0 0 0 0 network 30 1 1 0 0 0 0 255 network 40 1 1 0 0 0 0 255 return l Configuration file of U PE2 sysname U PE2 vlan batch 50 60 mpls lsr id 5 5 5 9 mpls mpls l2vpn pw template pwt peer address 3 3 3 9 mpls ldp interface Vlanif 50 ip address 40...

Page 635: ...ess 100 1 1 2 255 255 255 0 interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 60 return 6 13 5 Example for Configuring Static BFD for PW Networking Requirements The networking requirements are as follows l Set up PW1 master PW between PE1 and PE2 l Set up PW2 backup PW between PE1 and PE3 As shown in Figure 6 16 BFD is used to check the connectivity of the master PW an...

Page 636: ...1 2 30 GigabitEthernet1 0 1 VLANIF 50 Loopback1 4 4 4 4 32 PE3 GigabitEthernet1 0 0 VLANIF 60 200 2 1 2 30 GigabitEthernet1 0 1 VLANIF 70 Loopback1 5 5 5 5 32 P1 GigabitEthernet1 0 0 VLANIF 40 100 2 1 1 30 GigabitEthernet1 0 1 VLANIF 20 100 1 1 2 30 Loopback1 2 2 2 2 32 P2 GigabitEthernet1 0 0 VLANIF 60 200 2 1 1 30 GigabitEthernet1 0 1 VLANIF 30 200 1 1 2 30 Loopback1 4 4 4 9 32 CE1 GigabitEthern...

Page 637: ...see that PE1 and PE2 and PE1 and PE3 have learned the routes on the Loopback1 interface of each other Take the display on PE1 for example PE1 display ip routing table Route Flags R relied D download to fib Routing Tables Public Destinations 15 Routes 15 Destination Mask Proto Pre Cost Flags NextHop Interface 1 1 1 1 32 Direct 0 0 D 127 0 0 1 InLoopBack0 2 2 2 2 32 OSPF 10 2 D 100 1 1 2 Vlanif20 3 ...

Page 638: ... tunnel info all Allocated VC Token Tunnel ID Type Destination Token 0x10020 lsp 2 2 2 2 0 0x10021 lsp 1 0x10022 lsp 3 3 3 3 2 0x10023 lsp 3 0x10024 lsp 4 4 4 4 4 0x10025 lsp 5 0x10026 lsp 5 5 5 5 6 0x10027 lsp 7 Run the display mpls ldp session command on PE and you can see that the LDP peer relation between the PE and the neighboring P is in Operational state Take the display on PE1 for example ...

Page 639: ...work Codes LAM Label Advertisement Mode SsnAge Unit DDDD HH MM A before a session means the session is being deleted PeerID Status LAM SsnRole SsnAge KASent Rcv 2 2 2 2 0 Operational DU Passive 000 00 06 27 27 3 3 3 3 0 Operational DU Passive 000 00 05 24 24 4 4 4 4 0 Operational DU Passive 000 00 00 3 3 5 5 5 5 0 Operational DU Passive 000 00 00 2 2 TOTAL 4 session s Found Step 5 Configure PWs on...

Page 640: ...VC label 23552 remote VC label 23552 local AC OAM State up local PSN State up local forwarding state forwarding local status code 0x0 remote AC OAM state up remote PSN state up remote forwarding state forwarding remote status code 0x0 BFD for PW unavailable manual fault not set active state active forwarding entry exist link state up local VC MTU 1500 remote VC MTU 1500 local VCCV cw alert lsp pin...

Page 641: ...ds last change time 0 days 1 hours 20 minutes 22 seconds VC last up time 2010 11 24 12 33 21 VC total up time 0 days 2 hours 12 minutes 51 seconds CKey 16 NKey 15 PW redundancy mode AdminPw interface AdminPw link state reroute policy delay 30 s resume 0 s reason of last reroute time of last reroute days hours minutes seconds delay timer ID rest time resume timer ID rest time Step 6 Configure the B...

Page 642: ...ssion all Local Remote PeerIpAddr InterfaceName State Type 12 21 Vlanif10 Up S_PW M 13 31 Vlanif10 Up S_PW S Total UP DOWN Session Number 2 0 Run the display bfd configuration all command You can view information about the BFD configuration and you can see that the Commit field is True PE1 display bfd configuration all CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown 1to2 Static_PW M 1...

Page 643: ... minutes 47 seconds last change time 0 days 1 hours 16 minutes 47 seconds VC last up time 2010 11 24 12 31 31 VC total up time 0 days 2 hours 13 minutes 55 seconds CKey 14 NKey 1 PW redundancy mode AdminPw interface AdminPw link state client interface Vlanif10 is up Administrator PW no session state up AC state up VC state up VC ID 200 VC type VLAN destination 5 5 5 5 local group ID 0 remote group...

Page 644: ...time out Request time out Request time out 10 1 1 2 ping statistics 5 packet s transmitted 0 packet s received 100 00 packet loss CE1 ping 10 1 2 2 PING 10 1 2 2 56 data bytes press CTRL_C to break Reply from 10 1 2 2 bytes 56 Sequence 1 ttl 255 time 140 ms Reply from 10 1 2 2 bytes 56 Sequence 2 ttl 255 time 160 ms Reply from 10 1 2 2 bytes 56 Sequence 3 ttl 255 time 160 ms Reply from 10 1 2 2 by...

Page 645: ...e up VC ID 200 VC type VLAN destination 5 5 5 5 local group ID 0 remote group ID 0 local VC label 23553 remote VC label 23552 local AC OAM state up local PSN state up local forwarding state forwarding remote AC OAM state up remote PSN state up remote forwarding state forwarding BFD for PW available BFD sessionIndex 257 BFD state up manual fault not set active state active forwarding entry existent...

Page 646: ...type trunk port trunk allow pass vlan 10 return l Configuration file of PE1 sysname PE1 vlan batch 10 20 30 bfd bfd for pw enable mpls lsr id 1 1 1 1 mpls mpls l2vpn pw template 1to2 peer address 4 4 4 4 control word pw template 1to3 peer address 5 5 5 5 control word mpls ldp mpls ldp remote peer 4 4 4 4 remote ip 4 4 4 4 mpls ldp remote peer 5 5 5 5 remote ip 5 5 5 5 interface Vlanif10 mpls l2vc ...

Page 647: ...bfd 1to2 bind pw interface Vlanif10 discriminator local 12 discriminator remote 21 commit bfd 1to3 bind pw interface Vlanif10 secondary discriminator local 13 discriminator remote 31 commit return l Configuration file of P1 sysname P1 vlan batch 20 40 mpls lsr id 2 2 2 2 mpls mpls ldp interface Vlanif20 ip address 100 1 1 2 255 255 255 252 mpls mpls ldp interface Vlanif40 ip address 100 2 1 1 255 ...

Page 648: ...hernet1 0 0 port hybrid pvid vlan 60 port hybrid tagged vlan 60 interface GigabitEthernet1 0 1 port hybrid pvid vlan 30 port hybrid tagged vlan 30 interface LoopBack1 ip address 3 3 3 3 255 255 255 255 ospf 1 area 0 0 0 0 network 3 3 3 3 0 0 0 0 network 200 1 1 0 0 0 0 3 network 200 2 1 0 0 0 0 3 return l Configuration file of PE2 sysname PE2 vlan batch 40 50 bfd bfd for pw enable mpls lsr id 4 4 ...

Page 649: ...etwork 4 4 4 4 0 0 0 0 network 100 2 1 0 0 0 0 3 bfd 2to1 bind pw interface Vlanif50 discriminator local 21 discriminator remote 12 commit return l Configuration file of PE3 sysname PE3 vlan batch 60 70 bfd bfd for pw enable mpls lsr id 5 5 5 5 mpls mpls l2vpn pw template 3to1 peer address 1 1 1 1 control word mpls ldp mpls ldp remote peer 1 1 1 1 remote ip 1 1 1 1 interface Vlanif60 ip address 20...

Page 650: ...nterface Vlanif70 ip address 10 1 2 2 255 255 255 252 interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 50 interface GigabitEthernet1 0 1 port link type trunk port trunk allow pass vlan 70 return 6 13 6 Example for Configuring Dynamic BFD for SH PW Networking Requirements As shown in Figure 6 17 PE1 P and PE2 are on the same MPLS network and CE1 and CE2 belong to one V...

Page 651: ...1 2 30 GigabitEthernet2 0 0 VLANIF 40 100 2 1 1 30 Loopback0 2 2 2 9 32 CE1 GigabitEthernet1 0 0 VLANIF 10 10 1 1 1 30 CE2 GigabitEthernet1 0 0 VLANIF 30 10 1 1 2 30 Configuration Roadmap The configuration roadmap is as follows 1 Establish an MPLS L2VPN in SH PW mode between CE1 and CE2 2 Enable MPLS L2VPN and create VC connections on PE1 and PE2 3 Configure the basic BFD capability and trigger th...

Page 652: ...t P interface vlanif 40 P Vlanif40 ip address 100 2 1 1 30 P Vlanif40 quit P ospf 1 P ospf 1 area 0 P ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 P ospf 1 area 0 0 0 0 network 100 1 1 0 0 0 0 3 P ospf 1 area 0 0 0 0 network 100 2 1 0 0 0 0 3 Configure PE2 PE2 interface loopback 0 PE2 Loopback0 ip address 3 3 3 9 32 PE2 Loopback0 quit PE2 interface vlanif 40 PE2 Vlanif40 ip address 100 2 1 2 30 PE2...

Page 653: ...terfaces on the backbone network Configure PE1 PE1 mpls lsr id 1 1 1 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit PE1 interface vlanif 20 PE1 Vlanif20 mpls PE1 Vlanif20 mpls ldp PE1 Vlanif20 quit Configure the P P mpls lsr id 2 2 2 9 P mpls P mpls quit P mpls ldp P mpls ldp quit P interface vlanif 20 P Vlanif20 mpls P Vlanif20 mpls ldp P Vlanif20 quit P interface vlanif 40 P Vlanif40 mp...

Page 654: ... peer 3 3 3 9 PE1 mpls ldp remote 3 3 3 9 remote ip 3 3 3 9 PE1 mpls ldp remote 3 3 3 9 quit Configure PE2 PE2 mpls ldp remote peer 1 1 1 9 PE2 mpls ldp remote 1 1 1 1 remote ip 1 1 1 9 PE2 mpls ldp remote 1 1 1 1 quit After the configuration run the display mpls ldp session command on PEs You can see that the LDP peer relation is in Operational state This indicates that the LDP sessions are set u...

Page 655: ...2 remote VC label 23552 local AC OAM State up local PSN State up local forwarding state forwarding local status code 0x0 remote AC OAM state up remote PSN state up remote forwarding state forwarding remote statuscode 0x0 BFD for PW unavailable manual fault not set active state active forwarding entry exist link state up local VC MTU 1500 remote VC MTU 1500 local VCCV cw alert lsp ping bfd remote V...

Page 656: ...ket s received 0 00 packet loss round trip min avg max 60 166 360 ms Run the display mpls l2vc interface command on PE to view the PW status You can see that the BFD for PW function is enabled and the BFD session is Up Take the display on PE1 for example PE1 display mpls l2vc interface Vlanif 10 client interface Vlanif10 is up Administrator PW no session state up AC state up VC state up VC ID 100 ...

Page 657: ...ay on PE1 for example PE1 display bfd session all verbose Session MIndex 256 One Hop State Up Name dyn_8192 Local Discriminator 8192 Remote Discriminator 8192 Session Detect Mode Asynchronous Mode Without Echo Function BFD Bind Type PW Master Bind Session Type Dynamic Bind Peer Ip Address NextHop Ip Address Bind Interface Vlanif10 FSM Board Id 1 TOS EXP 6 Min Tx Interval ms 100 Min Rx Interval ms ...

Page 658: ...al 100 min tx interval 100 interface Vlanif20 ip address 100 1 1 1 255 255 255 252 mpls mpls ldp interface GigabitEthernet1 0 0 port hybrid pvid vlan 10 port hybrid tagged vlan 10 interface GigabitEthernet2 0 0 port hybrid pvid vlan 20 port hybrid tagged vlan 20 interface Loopback0 ip address 1 1 1 9 255 255 255 255 ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 network 100 1 1 0 0 0 0 3 return l Con...

Page 659: ...guration file of PE2 sysname PE2 vlan batch 30 40 bfd bfd for pw enable mpls lsr id 3 3 3 9 mpls mpls l2vpn pw template 2to1 peer address 1 1 1 9 control word mpls ldp mpls ldp remote peer 1 1 1 9 remote ip 1 1 1 9 interface Vlanif30 mpls l2vc pw template 2to1 100 mpls l2vpn pw bfd min rx interval 100 min tx interval 100 interface Vlanif40 ip address 100 2 1 2 255 255 255 252 mpls mpls ldp interfa...

Page 660: ...6 13 7 Example for Configuring Dynamic BFD for MH PW Networking Requirements As shown in Figure 6 18 U PE1 and U PE2 are connected through the MPLS backbone network You need to use the LSP and set S PE as the switching node to set up a dynamic MH PW between U PE1 and U PE2 A dynamic BFD session is required to check the connectivity of the MH PW between U PE1 and U PE2 thus protecting services on t...

Page 661: ... 0 0 VLANIF 50 40 1 1 2 24 GigabitEthernet2 0 0 VLANIF 60 Loopback0 5 5 5 9 32 P1 GigabitEthernet1 0 0 VLANIF 20 10 1 1 2 24 GigabitEthernet2 0 0 VLANIF 30 20 1 1 1 24 Loopback0 2 2 2 9 32 P2 GigabitEthernet1 0 0 VLANIF 40 30 1 1 2 24 GigabitEthernet2 0 0 VLANIF 50 40 1 1 1 24 Loopback0 4 4 4 9 32 S PE GigabitEthernet1 0 0 VLANIF 30 20 1 1 2 24 GigabitEthernet2 0 0 VLANIF 40 30 1 1 1 24 Loopback0 ...

Page 662: ...tep 2 Assign an IP address to the VLANIF interface connecting the CE to the PE The configuration procedure is not mentioned Step 3 Configure an IGP protocol on the MPLS backbone network Configure an IGP protocol on the MPLS backbone network OSPF is used as the IGP protocol in this example Configure interface addresses of the U PE S PE and P When configuring OSPF note that the 32 bit loopback inter...

Page 663: ...4 4 9 32 P2 LoopBack0 quit P2 interface vlanif 40 P2 Vlanif40 ip address 30 1 1 2 24 P2 Vlanif40 quit P2 interface vlanif 50 P2 Vlanif50 ip address 40 1 1 1 24 P2 Vlanif50 quit P2 ospf 1 P2 ospf 1 area 0 0 0 0 P2 ospf 1 area 0 0 0 0 network 30 1 1 0 0 0 0 255 P2 ospf 1 area 0 0 0 0 network 40 1 1 0 0 0 0 255 P2 ospf 1 area 0 0 0 0 network 4 4 4 9 0 0 0 0 P2 ospf 1 area 0 0 0 0 quit P2 ospf 1 quit ...

Page 664: ... 40 1 1 2 56 data bytes press CTRL_C to break Reply from 40 1 1 2 bytes 56 Sequence 1 ttl 252 time 160 ms Reply from 40 1 1 2 bytes 56 Sequence 2 ttl 252 time 120 ms Reply from 40 1 1 2 bytes 56 Sequence 3 ttl 252 time 150 ms Reply from 40 1 1 2 bytes 56 Sequence 4 ttl 252 time 150 ms Reply from 40 1 1 2 bytes 56 Sequence 5 ttl 252 time 160 ms 40 1 1 2 ping statistics 5 packet s transmitted 5 pack...

Page 665: ...s P2 Vlanif40 mpls ldp P2 Vlanif40 quit P2 interface vlanif 50 P2 Vlanif50 mpls P2 Vlanif50 mpls ldp P2 Vlanif50 quit Configure U PE2 U PE2 mpls lsr id 5 5 5 9 U PE2 mpls U PE2 mpls quit U PE2 mpls ldp U PE2 mpls ldp quit U PE2 interface vlanif 50 U PE2 Vlanif50 mpls U PE2 Vlanif50 mpls ldp U PE2 Vlanif50 quit U PE2 mpls ldp remote peer 3 3 3 9 U PE2 mpls ldp remote 3 3 3 9 remote ip 3 3 3 9 U PE2...

Page 666: ...t IF Vrf Name 3 3 3 9 32 3 NULL 1 1 1 9 32 NULL 1024 Vlanif30 1 1 1 9 32 1024 1024 Vlanif30 2 2 2 9 32 NULL 3 Vlanif30 2 2 2 9 32 1025 3 Vlanif30 4 4 4 9 32 NULL 3 Vlanif40 4 4 4 9 32 1027 3 Vlanif40 5 5 5 9 32 NULL 1027 Vlanif40 5 5 5 9 32 1026 1027 Vlanif40 Step 5 Create and configure the PW template Create a PW template on each U PE Enable the CW and LSP ping function Configure U PE1 U PE1 pw t...

Page 667: ...Take the display on U PE1 for example U PE1 display mpls l2vc interface vlanif 10 client interface Vlanif10 is up Administrator PW no session state up AC state up VC state up VC ID 100 VC type VLAN destination 3 3 3 9 local group ID 0 remote group ID 0 local VC label 23552 remote VC label 23552 local AC OAM State up local PSN State up local forwarding state forwarding local status code 0x0 remote ...

Page 668: ...5 time 600 ms Reply from 100 1 1 2 bytes 56 Sequence 2 ttl 255 time 160 ms Reply from 100 1 1 2 bytes 56 Sequence 3 ttl 255 time 220 ms Reply from 100 1 1 2 bytes 56 Sequence 4 ttl 255 time 210 ms Reply from 100 1 1 2 bytes 56 Sequence 5 ttl 255 time 220 ms 100 1 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 160 282 600 ms Run the display mp...

Page 669: ...ll verbose command on U PEs to view the status of the BFD session You can find that the BFD session is Up the BFD session is bound to a PW and the type of the BFD session is dynamic Take the display on U PE1 for example U PE1 display bfd session all verbose Session MIndex 256 One Hop State Up Name dyn_8192 Local Discriminator 8192 Remote Discriminator 8192 Session Detect Mode Asynchronous Mode Wit...

Page 670: ... ldp remote peer 3 3 3 9 remote ip 3 3 3 9 interface Vlanif10 mpls l2vc pw template pwt 100 mpls l2vpn pw bfd min rx interval 100 min tx interval 100 remote vcid 200 interface Vlanif20 ip address 10 1 1 1 255 255 255 0 mpls mpls ldp interface GigabitEthernet1 0 0 port hybrid pvid vlan 10 port hybrid tagged vlan 10 interface GigabitEthernet2 0 0 port hybrid pvid vlan 20 port hybrid tagged vlan 20 i...

Page 671: ... interface LoopBack0 ip address 2 2 2 9 255 255 255 255 ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 network 10 1 1 0 0 0 0 255 network 20 1 1 0 0 0 0 255 return l Configuration file of S PE sysname S PE vlan batch 30 40 mpls lsr id 3 3 3 9 mpls mpls l2vpn mpls switch l2vc 5 5 5 9 200 between 1 1 1 9 100 encapsulation vlan mpls ldp mpls ldp remote peer 1 1 1 9 remote ip 1 1 1 9 mpls ldp remote peer...

Page 672: ...s ldp interface Vlanif40 ip address 30 1 1 2 255 255 255 0 mpls mpls ldp interface Vlanif50 ip address 40 1 1 1 255 255 255 0 mpls mpls ldp interface GigabitEthernet1 0 0 port hybrid pvid vlan 40 port hybrid tagged vlan 40 interface GigabitEthernet2 0 0 port hybrid pvid vlan 50 port hybrid tagged vlan 50 interface LoopBack0 ip address 4 4 4 9 255 255 255 255 ospf 1 area 0 0 0 0 network 4 4 4 9 0 0...

Page 673: ...an 50 port hybrid tagged vlan 50 interface GigabitEthernet2 0 0 port hybrid pvid vlan 60 port hybrid tagged vlan 60 interface LoopBack0 ip address 5 5 5 9 255 255 255 255 ospf 1 area 0 0 0 0 network 5 5 5 9 0 0 0 0 network 40 1 1 0 0 0 0 255 return l Configuration file of CE2 sysname CE2 vlan batch 60 interface Vlanif60 ip address 100 1 1 2 255 255 255 0 interface GigabitEthernet1 0 0 port link ty...

Page 674: ...ernet1 0 0 VLANIF 10 GigabitEthernet2 0 0 VLANIF 20 10 1 1 1 24 Loopback0 1 1 1 9 32 PE2 GigabitEthernet1 0 0 VLANIF 40 30 1 1 2 24 GigabitEthernet2 0 0 VLANIF 50 Loopback0 4 4 4 9 32 ASBR PE1 GigabitEthernet1 0 0 VLANIF 20 10 1 1 2 24 GigabitEthernet2 0 0 VLANIF 30 Loopback0 2 2 2 9 32 ASBR PE2 GigabitEthernet1 0 0 VLANIF 30 GigabitEthernet2 0 0 VLANIF 40 30 1 1 1 24 Loopback0 3 3 3 9 32 CE1 Giga...

Page 675: ...etwork PEs and ASBR PEs on the MPLS backbone network can communicate with each other by using IGP In this example IS IS is used as IGP and the configuration procedure is not mentioned After the configuration the IS IS neighbor relation can be established between the ASBR PE and the PE in the same AS Run the display isis peercommand and you can find that the neighbor relation is Up Take the display...

Page 676: ...abel Advertisement Mode SsnAge Unit DDDD HH MM A before a session means the session is being deleted Peer ID Status LAM SsnRole SsnAge KA Sent Rcv 1 1 1 9 0 Operational DU Active 0000 00 19 79 79 TOTAL 1 session s Found Step 4 Configure the MPLS L2VC connection Configure the L2VC connection on the U PE and ASBR PE and connect the U PE to the CE Configure PE1 PE1 mpls l2vpn PE1 l2vpn quit PE1 inter...

Page 677: ...ing remote status code 0x0 BFD for PW unavailable manual fault not set active state active forwarding entry exist link state up local VC MTU 1500 remote VC MTU 1500 local VCCV Disable remote VCCV Disable local control word disable remote control word disable tunnel policy traffic behavior PW template name primary or secondary primary VC tunnel token info 1 tunnels tokens NO 0 TNL type lsp TNL ID 0...

Page 678: ... 0 days 0 hours 7 minutes 26 seconds VC last up time 2008 07 24 12 31 31 VC total up time 0 days 2 hours 12 minutes 51 seconds CKey 11 NKey 10 PW redundancy mode AdminPw interface AdminPw link state CE1 and CE2 can ping each other Take the display on CE1 for example CE1 ping 100 1 1 2 PING 100 1 1 2 56 data bytes press CTRL_C to break Reply from 100 1 1 2 bytes 56 Sequence 1 ttl 255 time 430 ms Re...

Page 679: ...ernet1 0 0 port link type trunk port trunk allow pass vlan 10 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 20 interface LoopBack0 ip address 1 1 1 9 255 255 255 255 isis enable 1 return l Configuration file of ASBR PE1 sysname ASBR PE1 vlan batch 20 30 mpls lsr id 2 2 2 9 mpls mpls l2vpn mpls ldp isis 1 network entity 10 0000 0000 0002 00 interface Vlanif20 ip add...

Page 680: ...face Vlanif30 mpls l2vc 4 4 4 9 100 interface Vlanif40 ip address 30 1 1 1 255 255 255 0 isis enable 1 mpls mpls ldp interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 30 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 40 interface LoopBack0 ip address 3 3 3 9 255 255 255 255 isis enable 1 return l Configuration file of PE2 sysname PE2 vla...

Page 681: ... trunk port trunk allow pass vlan 50 interface LoopBack0 ip address 4 4 4 9 255 255 255 255 isis enable 1 return l Configuration file of CE2 sysname CE2 vlan batch 50 interface Vlanif 50 ip address 100 1 1 2 255 255 255 0 interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 50 return Quidway S7700 Smart Routing Switch Configuration Guide VPN 6 PWE3 Configuration Issue 01 ...

Page 682: ...lude configuring BGP as the signaling protocol and configuring VPN targets to implement automatic discovery of VPLS PEs 7 4 Configuring Martini VPLS This section describes how to configure Martini VPLS with the signaling type beling LDP 7 5 Configuring LDP HVPLS If there are a large number of VPLS PEs you can adopt the Hierarchical VPLS HVPLS networking scheme to reduce the performance requirement...

Page 683: ... multicast and unknown unicast traffic on the VPLS network 7 12 Maintaining VPLS Maintaining VPLS involves collecting viewing and clearing VPLS PW traffic statistics checking consistency of VPN configurations enabling disabling VSIs clearing MAC address entries diagnosing MAC address learning capacity detecting the forwarding process of VPLS multicast traffic checking the VPLS network connectivity...

Page 684: ...Service TLS or Virtual Private Switched Network Service and differs from the point to point service of the common L2VPN With the VPLS technology the service provider offers Ethernet based multi point service to clients through the MPLS backbone network In a simple case a VPLS contains multiple sites connected to the Provider Edge Device PE to implement emulated LAN Figure 7 1 VPLS architecture VPL...

Page 685: ...S forwarding by using the VSIs Ethernet frames are forwarded between the PEs through the fully connected PW Figure 7 2 shows the VPLS forwarding model Figure 7 2 VPLS forwarding model CE VLAN2 CE VLAN3 CE VLAN2 CE VLAN3 VSI 1 VSI 2 PE VSI 1 VSI 2 PE PE CE VLAN3 CE VLAN2 VSI 2 VSI 1 7 2 VPLS Features Supported by the S7700 Before configuring VPLS you need to know such concepts as control plane and ...

Page 686: ...ed by configuring VPN targets If you want to add or delete a PE only the operations on one of its peer PEs are needed Kompella VPLS has better expansibility l Martini VPLS adopts LDP as signaling The PE peer must be manually specified because the PEs are fully connected in a VPLS When adding a new PE you must modify the configuration on all the related PEs Since PW is a point to point link the LDP...

Page 687: ...interface to a VSI delete the IGMP snooping or MLD snooping configuration from the VLAN first l Do not configure VSI and VLAN mapping for the same VLAN on an interface otherwise either VSI or VLAN mapping will take effect Processing Tags Carried in Packets by VPLS The system process packets according to the AC interface type and PW encapsulation type The PW encapsulation types can be classified in...

Page 688: ...process the packet NOTE When VLL or VPLS is deployed on the F48CEAT G48SFA or G48TFA if the PVID on the outbound interface is the same as the VLAN ID of the packets the interface removes the VLAN tag from the packet otherwise the VLAN tag is not removed HVPLS The above mentioned VPLS requires that the PE devices forward the Ethernet frame through the fully connected Ethernet PW Thus each PE must s...

Page 689: ...of the UPE interface connected with the SPE Ethernet Loop Detection in a VPLS Network Virtual Private LAN Service VPLS is a significant technology for Metropolitan Area Networks MANs To avoid the impact of single point failures on services user networks are connected to the VPLS network of a carrier through redundant links The redundant links however lead to loops which further causes the broadcas...

Page 690: ...fies the VC The inner label remains unchanged when a packet is transmitted along the LSP The packets received by the SPEs contain double labels The outer label which is a public network label is popped up The inner label decides which VSI the VLL accesses Static VLL Accessing the VPLS Network in Dual homed Mode To ensure the reliable VLL accessing the UPE accessing the SPE in dual homed mode is in...

Page 691: ...mpella VPLSs can realize the inter AS Option A In the inter AS L2VPN network the link type between Autonomous System Boundary Routers ASBRs must be the same as the VC type In inter AS Option A each ASBR must reserve a sub interface for each inter AS VC If the number of inter AS VCs is small Option A can be used VPLS adopting inter AS Option A consumes more resources and requires more configuration...

Page 692: ...command line In this mode information about the VPLS MAC Ping and VPLS MAC Trace is immediately displayed after the command is run The non NQA mode is applicable to following VPLS network types Martini VPLS Kompella VPLS Martini H VPLS l NQA mode NQA VPLS MAC Ping and NQA VPLS MAC Trace This mode supports the concurrent and scheduling of multiple NQA test instances and the display of statistics ab...

Page 693: ...he STP mode is MSTP all PEs must be configured in the same MST region l Inter AS VPLS network As shown in Figure 7 7 PE1 Switch 1 and Switch 3 all belonging to AS 1 are fully meshed in the VPLS network PE2 Switch 2 and Switch 4 all belonging to AS 2 are fully meshed in the VPLS network Figure 7 7 Typical networking of inter AS VPLS VPLS ASBR Switch1 ASBR Switch2 Switch3 ASBR Switch4 ASBR AS1 AS2 V...

Page 694: ...d to be created between Switch 1 and Switch 3 and between Switch 2 and Switch 4 A ring is formed by Switch 1 Switch 2 Switch 4 and Switch 3 The ring is composed of two inter AS service PWs and two intra AS mPWs After STP is configured on the ring the link between Switch 3 and Switch 4 is blocked the associated service PW of the service VSI is also blocked and then service traffic is transmitted al...

Page 695: ...rning capability can be diagnosed through the following modes l Populating an OAM MAC address into the local or peer device in the VPLS domain l Purging the OAM MAC address from the local or peer device in the VPLS domain l Populating a Register OAM MAC address into the local or peer device in the VPLS domain vpn config ping The configuration and deployment of VPN services are complex VPN services...

Page 696: ...wn in Figure 7 8 PE1 PE2 and PE3 are in the same VPLS network l To make the CEs attached to PE1 PE2 and PE3 interwork with each other that is to construct a full mesh VPLS network ensure that the VPN Targets configured on PE1 PE2 and PE3 are the same l To make PE1 communicate with both PE2 and PE3 but PE2 and PE3 cannot communicate ensure that the inbound VPN Target configured on PE1 is the same a...

Page 697: ...s the configurations of the common BGP protocol Nevertheless VPLS label blocks need to be exchanged in BGP VPLS Therefore you need to enable peers to exchange VPLS label blocks in the BGP VPLS sub address family view Context NOTE For details of commands in BGP VPLS address family view refer to the chapter IP Routing Commands in the Quidway S7700 Smart Routing Switch Command Reference Do as follows...

Page 698: ...re NOTE For information about commands in the BGP VPLS sub address family view refer to the chapter IP Routing Commands in the Quidway S7700 Smart Routing Switch Command Reference 7 3 3 Creating a VSI and Configuring BGP Signaling This part describes how to configure Kompella VPLS Detailed operations include creating and configuring VSIs set RDs and VPN targets of the VSIs configuring BGP and crea...

Page 699: ...ctional way only if the preceding two conditions are satisfied If only one condition is met the traffic can be transmitted only in unidirectional way For convenience of configuration the four values are generally configured to be the same Step 6 Run site site id range site range default offset 0 1 The site is configured The two ends of the VSI cannot be configured with the same site ID The value o...

Page 700: ...s of the two ends of the PW Procedure Step 1 Run system view The system view is displayed Step 2 Run vpls bgp encapsulation ethernet vlan The global encapsulation type of Kompella VPLS is configured After this command is used and the VPLS packet with encapsulation type 19 is received the system re encapsulates this packet according to the user configuration and then performs other processing relat...

Page 701: ...nterface when the PE and the CE are connected through the VLANIF interface l Binding the VSI with the Eth Trunk when the PE and the CE are connected through the Eth Trunk interface l Binding the VSI with the Eth Trunk sub interface when the PE and the CE are connected through the Eth Trunk sub interface NOTE The sub interfaces can be dotlq sub interfaces QinQ sub interfaces VLAN mapping sub interf...

Page 702: ...ot configure VSI and VLAN mapping for the same VLAN on an interface otherwise either VSI or VLAN mapping will take effect l Bind a VSI to an Eth Trunk interface Do as follows on the PEs at both ends of a PW 1 Run system view The system view is displayed 2 Run interface eth trunk trunk id An Eth Trunk interface is created 3 Run quit Return to the system view 4 Run interface ethernet gigabitethernet...

Page 703: ...un interface eth trunk trunk id The Eth Trunk interface view is displayed 8 Optional Run undo portswitch The Layer 2 interface is configured as a Layer 3 interface 9 Run l2 binding vsi vsi name The Eth Trunk interface is bound with the VSI End 7 3 6 Optional Configuring the Features of Kompella VPLS Kompella VPLS features include RR reflection policy and disabling VPN target based filtering on rec...

Page 704: ...VPLS VSI l Run the display vsi remote bgp nexthop nexthop address export vpn target vpn target route distinguisher route distinguisher command to check information about the remote VSI l Run the display vpls connection bgp vsi vsi name down up verbose command to check the information about the VPLS connection End Example Run the display vsi name vsi name verbose command You can view that the item ...

Page 705: ...nd If information about the remote VSI established through BGP is displayed it means that the configuration succeeds For example Quidway display vsi remote bgp Total Number 1 BGP RD 169 1 1 2 1 Ref Number 1 NextHop 3 3 3 3 EncapType vlan MTU 1500 Export vpn target 100 1 SiteID 2 Remote Label Block 35840 5 0 Run the display vpls connection bgp vsi vsi name down up verbose command You can view that ...

Page 706: ...n Figure 7 9 PE1 PE2 and PE3 are in the same VPLS network In Martini VPLS static peer relationship is established Therefore to make PE1 communicate both PE2 and PE3 but PE2 and PE3 cannot communicate you only need to specify the peer as PE1 not PE3 on PE2 The configuration on PE3 is similar Figure 7 9 Typical VPLS networking PE1 PE2 PE3 CE1 CE2 CE3 Pre configuration Tasks Before configuring Martin...

Page 707: ...system view is displayed Step 2 Run vsi vsi name static A VSI is created and static member discovery mechanism is adopted Step 3 Run pwsignal ldp The PW signaling protocol is specified as LDP and the VSI LDP view is displayed Step 4 Run vsi id vsi id The VSI ID is configured NOTE The two ends of the VSI must agree on the same VSI ID The VSI exists only on the PE One PE can have multiple VSIs One V...

Page 708: ...hrough the Eth Trunk interface l Binding the VSI with the Eth Trunk sub interface when the PE and the CE are connected through the Eth Trunk sub interface NOTE The sub interfaces can be dotlq sub interfaces QinQ sub interfaces VLAN mapping sub interfaces or VLAN stacking sub interfaces For details on how to access the VPLS through a sub interface see Connecting Sub interfaces to a VPLS Network in ...

Page 709: ...Bind a VSI to an Eth Trunk interface Do as follows on the PEs at both ends of a PW 1 Run system view The system view is displayed 2 Run interface eth trunk trunk id An Eth Trunk interface is created 3 Run quit Return to the system view 4 Run interface ethernet gigabitethernet xgigabitethernet interface number The view of the interface to be added into the Eth Trunk is displayed An Eth Trunk member...

Page 710: ...oing interfaces of VSI PWs and the tunnel policy referenced by the VSIs Prerequisite The configurations of the Martini VPLS function are complete Procedure l Run the display vsi name vsi name verbose command to check the information about the VPLS VSI l Run the display vsi remote ldp router id ip address pw id pw id command to check information about the remote VSI l Run the display vpls connectio...

Page 711: ...item VC State is displayed as up If verbose is selected the item Signaling is displayed as ldp the item VC State is displayed as up and label allocation is complete For example Quidway display vpls connection ldp verbose VSI Name a2 Signaling ldp Remote Vsi ID 2 VC State up Encapsulation vlan Group ID 0 MTU 1500 Peer Ip Address 3 3 3 9 PW Type label Local VC Label 27648 Remote VC Label 27648 Tunne...

Page 712: ... and obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment If the VPLS possess excessive PEs you can adopt the HVPLS to reduce the performance requirement of the PE devices Pre configuration Tasks Before configuring the HVPLS complete the following tasks l Complete the task of 7 4 Configuring Martini VPLS between the SPE and the PE...

Page 713: ...me static The VSI is created and the static member discovery mechanism is adopted Step 3 Run pwsignal ldp The PW signaling protocol is specified as the LDP and the VSI LDP view is displayed Step 4 Run vsi id vsi id The VSI ID is configured Step 5 Run peer peer address negotiation vc id vc id tnl policy policy name The VSI peer between the SPEs is configured Step 6 Run peer peer address negotiation...

Page 714: ...vpn vsi list tunnel policy policy name command to check information about the tunnel policy used by the VSI l Run the display vsi remote ldp router id ip address pw id pw id command to check information about the remote VSI End Example Run the display vsi name vsi name verbose command You can view that the item VSI State is displayed as up If verbose is selected the item Signaling is displayed as ...

Page 715: ...le Environment In the practical network such as a MAN if a UPE device does not support the dynamic VLL the UPE device has to access the SPE through the static VLL In this case the VLL set up between the UPE and the SPE is generally in SVC mode Pre configuration Tasks Before configuring the static VLL to access the VPLS network complete the following tasks l Configuring IGP on the SPE and P devices...

Page 716: ...Eth Trunk interface of the S7700 as the AC interface of the PE you need to run undo portswitch to configure the Layer 2 interface as a Layer 3 interface Step 5 Run mpls static l2vc destination ip address transmit vpn label transmit label value receive vpn label receive label value tunnel policy tnl policy name control word no control word raw tagged A static VC is created between the UPE and the S...

Page 717: ...em view 3 Run the interface vlanif vlan id command to create a VLANIF interface and enter the VLANIF view Step 3 Run mpls static l2vc destination ip address transmit vpn label transmit label value receive vpn label receive label value tunnel policy tnl policy name control word no control word raw tagged The static VC is created between the UPE and the SPE devices NOTE The parameters raw and tagged...

Page 718: ...he label receive vpn label that is configured on UPE In addition the label recv must be the same as the label transmit vpn label that is configured on UPE End 7 6 5 Checking the Configuration After configuring a static VLL to access the VPLS network you can view information about SVCs interfaces of the SVCs that are in the Up state local VSIs remote VSIs VPLS connections and dynamic MAC address en...

Page 719: ...e time 0 days 0 hours 10 minutes 45 seconds Run the display l2vpn ccc interface vc type static vc up command You can view that the VC type is SVC and the status is Up For example Quidway display l2vpn ccc interface vc type static vc up Total ccc interface of SVC VC 1 up 1 down 0 Interface Encap Type State VC Type GigabitEthernet1 0 0 vlan up static vc Run the display vsi name vsi name verbose comm...

Page 720: ...VPLS familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment If the MPLS backbone network bearing VPLS spans multiple ASs the inter AS VPLS must be configured If the number of CEs that access PEs is small inter AS VPLS Option A can be adopte...

Page 721: ...umber of the PEs 5 IP addresses and interfaces used to establish the IBGP peers between the PEs and the ASBRs 7 7 2 Configuring Inter AS Kompella VPLS Option A In inter AS Kompella VPLS OptionA each ASBR must reserve a sub interface for each inter AS VC If the number of inter AS VCs is small this solution can be used Compared with L3VPN this inter AS L2VPN solution consumes more resources and requ...

Page 722: ...mmand to check the VPLS connection on the PE l Run the display bgp routing table label command to check label information about labeled IPv4 routes on the PE or the ASBR l Run the ping vpls mac mac address vsi vsi name vlan vlan id c count m time value s packsize t timeout exp exp r replymode command to check the connectivity of Layer 2 links on the VPLS network l Run the trace vpls mac mac addres...

Page 723: ...i IGP e EGP incomplete Network NextHop In Out Label i 4 4 4 4 2 2 2 2 NULL 15361 Run the ping vpls mac command to check whether the device with the MAC address is reachable For example Quidway ping vpls mac 00e0 5952 6f01 vsi v123 Ping mac 00e0 5952 6f01 vsi v123 100 data bytes press CTRL_C to break Reply from 10 1 1 1 bytes 100 sequence 1 ttl 255 time 1ms Reply from 10 1 1 1 bytes 100 sequence 2 ...

Page 724: ...ecommended Pre configuration Tasks Before configuring inter AS Martini VPLS complete the following tasks l Configuring static routes or the IGP protocol on the PE or P devices in the MPLS backbone network of ASs to implement the IP connectivity of the backbone network devices in the same AS l Configuring the basic MPLS capability on the MPLS backbone network of each AS l Configuring MPLS LDP and e...

Page 725: ...s vsi name vsi name pw id pw id local remote command to check configurations of the VSI on the peer PE l Run the ping vpls mac mac address vsi vsi name vlan vlan id c count m time value s packsize t timeout exp exp r replymode command to check the connectivity of Layer 2 links on the VPLS network l Run the trace vpls mac mac address vsi vsi name vlan vlan id t timeout f first ttl m max ttl exp exp...

Page 726: ...erbose is selected the item Signaling is displayed as ldp the item VC State is displayed as up and label allocation is complete For example Quidway display vpls connection 2 total connections connections 2 up 0 down 1 ldp 1 bgp VSI Name a2 Signaling ldp VsiID EncapType PeerAddr InLabel OutLabel VCState 2 vlan 1 1 1 1 27648 27648 up VSI Name bgp1 Signaling bgp SiteID RD PeerAddr InLabel OutLabel VC...

Page 727: ...4 ttl 255 time 3ms Reply from 10 1 1 1 bytes 100 sequence 5 ttl 255 time 2ms The IP address of the PE is 5 5 5 9 and the interface on the PE is GigabitEthernet5 0 0 100 vsi v123 00e0 5952 6f01 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 1 2 3 ms Run the trace vpls mac command to check the connectivity of Layer 2 links For example Quidway trace...

Page 728: ...lishing BGP VPLS peer relationship between PEs Data Preparation To configure dual homed Kompella VPLS you need the following data No Data 1 BGP peers used to exchange VPLS information 2 Name of the VSI 3 RDs and VPN Targets of the VSI 4 CE ID of the site maximum number of permitted CEs that access the VPLS network and default CE offset 5 Interface bound to the VSI 7 9 2 Creating VSIs and Configuri...

Page 729: ...unity is the same as that of import extcommunity Step 6 Run site site id range site range default offset 0 1 Information about the sites of the VSI is configured The site ID of the local end must be less than the sum of the site range value and default offset value on the peer end The site ID of the local end must be greater than the default offset value of the peer end NOTE At present the VSIs of...

Page 730: ... view is displayed Step 2 Run vsi vsi name The VSI view is displayed Step 3 Run multi homing preference preference value The multi homed preference is configured for a VSI When the VSIs of the two PEs that a CE accesses are Up the PE with the higher preference serves as the active PE and the PE with the lower preference works as the standby PE In addition both PEs need be configured with different...

Page 731: ...d to check information about the VPLS connection on the PE End Example After the configurations run the display bgp vpls peer command on the PE or the ASBR You can view that the status of the BGP VPLS peer relationship between PEs is Established For example Quidway display bgp vpls peer BGP local router ID 1 1 1 1 Local AS number 100 Total number of peers 1 Peers in established state 1 Peer V AS M...

Page 732: ...ing a VSI and assigning a signaling protocol to it you can adjust general parameters of the VSI According to different applicable environments you can modify the MAC address learning mode and the MAC address entry Pre configuration Tasks Before configuring related parameters of the VSI complete the following tasks l Creating a VSI l Configuring Kompella VPLS or Configuring Martini VPLS Data Prepar...

Page 733: ... for the PW MTU negotiation Step 5 Optional Run description description The descriptive information about the VSI is configured End 7 10 3 Configuring MAC Address Learning In VPLS packets are forwarded according to MAC address forwarding entries In most cases MAC address learning can be performed automatically Nevertheless to prevent attacks and troubleshoot faults you can adopt the VSI based MAC ...

Page 734: ...Step 6 Run pwsignal ldp The PW signaling protocol is specified as LDP and the VSI LDP view is displayed Step 7 Run vsi id vsi id The VSI ID is configured Step 8 Run quit Return to the VSI view Step 9 Run mac learning enable disable The MAC address learning is enabled or disabled Step 10 Run mac learn style unqualify The unqualify MAC address learning mode is configured Step 11 Run mac limit action...

Page 735: ...nd you want to check whether the VSI on the new network can work normally before the service switchover you need to configure the VSI to ignore the AC status on D After the configuration the VSI on D keeps Up before the DSLAM is connected to the new network The AC statuses are classified into the following statuses l The status of an physical AC interface or logical AC interface that is bound to t...

Page 736: ...s ignore ac state command to restore the default setting 7 11 Configuring Suppression on VPLS Traffic This section describes how to suppress the broadcast multicast and unknown unicast traffic on the VPLS network 7 11 1 Establishing the Configuration Task Applicable Environment As shown in Figure 7 11 the VPLS network is deployed over the edge layer The primary and backup PWs are configured on the...

Page 737: ...o Data 1 Name of VSI 2 Type of the traffic to be suppressed broadcast multicast or unknown unicast 3 Committed information rate CIR that is the maximum transmission rate of the traffic that can pass through 4 Committed burst size CBS that is the maximum size of traffic that can pass through 7 11 2 Configuring VSI based Traffic Suppression Context Do as follows on the PEs on which the VSI broadcast...

Page 738: ...ased on VSIs End 7 11 3 Checking the Configuration Context The configurations of VPLS traffic suppression are complete Procedure l Run the display this command in the VSI view to check whether VPLS traffic suppression is enabled End Example Run the display this command in the VSI view to check whether VPLS traffic suppression is enabled Quidway vsi v1 Quidway v1 display this vsi v1 static pwsignal...

Page 739: ...PLS Procedure Step 1 Run system view The system view is displayed Step 2 Run vsi vsi name auto static The VSI view is displayed Step 3 Choose one of the following commands to enable the function of collecting the statistics of the traffic l Kompella VPLS Run the pwsignal bgp command The PW signaling protocol is configured as BGP and the VSI BGP view is displayed To enable the function of collectin...

Page 740: ...cs The deleted traffic statistics cannot be restored Therefore conform the action with caution Context CAUTION The traffic statistics information cannot be restored after you clear it So confirm the action before you use the command Procedure l Run the reset traffic statistics vsi name vsi name peer peer address negotiation vc id vc id command in the user view to clear the statistics of the traffi...

Page 741: ...rded through the LSP tunnel PW ID PE types VC encapsulation type and outer incoming and outgoing tags End 7 12 5 Debugging VPLS After a fault occurs in the VPLS network you can run the relevant debugging command to debug VPLS view debugging information locate the fault and analyze the cause Context CAUTION Debugging affects the system performance So after debugging run the undo debugging all comma...

Page 742: ... vsi view 3 Run the undo shutdown command to check enable VSI l Disable VSI 1 Run the system view command to enter the system view 2 Run the vsi vsi name command to enter the vsi view 3 Run the shutdown command to check disable VSI End Example Regarding requirements of service management such as service suspension you can temporarily shut down the VSI and then add delete or adjust the VSI function...

Page 743: ...ing on a device The diagnostic tool of the OAM MAC address learning capability include l MAC Populate adds OAM MAC addresses to a VPLS network l MAC Purge removes the added OAM MAC addresses On the S7700 you can diagnose the MAC address learning capability in the following methods l Add OAM MAC addresses to the local or peer device in the VPLS network After adding the OAM MAC address you can run t...

Page 744: ...ated into the local and peer devices can control the forwarding According to the OAM MAC address the peer device forwards the received packets corresponding to the OAM MAC address to the local device The aging time of OAM MAC addresses is set to 150 seconds l Run mac purge vsi vsi name mac mac address packet num num register flood An OAM MAC address is purged from the forwarding table flood If thi...

Page 745: ...d connectivity of the Layer 2 forwarding link is checked the faulty node is located l Run tracert vpls exp exp value f first ttl m max ttl r reply mode t timeout value vsi vsi name local site id remote site id full lsp path Connectivity of the Kompella VPLS network is checked l Run tracert vpls exp exp value f first ttl m max ttl r reply mode t timeout value vsi vsi name peer peer address negotiat...

Page 746: ...2 P GigabitEthernet 1 0 0 VLANIF 20 168 1 1 2 24 GigabitEthernet 2 0 0 VLANIF 30 169 1 1 1 24 Loopback1 2 2 2 9 32 CE1 GigabitEthernet 1 0 0 VLANIF 10 10 1 1 1 24 CE2 GigabitEthernet 1 0 0 VLANIF 40 10 1 1 2 24 Configuration Roadmap The configuration roadmap is as follows 1 Configure a routing protocol on the backbone network to implement the interworking between devices 2 Establish remote LDP ses...

Page 747: ...details are not mentioned here After the configuration run the display mpls ldp session command You can find that the Status of the peer relationship between PE1 and PE2 is Operational which indicates that the peer relationship is established Run the display mpls lsp command and you can view the setup of the LSP Step 4 Establish remote LDP sessions between PEs Configure PE1 PE1 mpls ldp remote pee...

Page 748: ...ess 10 1 1 1 255 255 255 0 CE1 Vlanif10 quit Configure CE2 Quidway sysname CE2 CE2 interface vlanif 40 CE2 Vlanif40 ip address 10 1 1 2 255 255 255 0 CE2 Vlanif40 quit Step 9 Verify the configuration After the preceding configurations run the display vsi name a2 verbose command on PE1 You can find that a VSI named a2 sets up a PW to PE2 and the status of the VSI is UP PE1 display vsi name a2 verbo...

Page 749: ... 16 09 PW Total Up Time 0 days 0 hours 0 minutes 56 seconds CE1 10 1 1 1 can ping CE2 10 1 1 2 successfully CE1 ping 10 1 1 2 PING 10 1 1 2 56 data bytes press CTRL_C to break Reply from 10 1 1 2 bytes 56 Sequence 1 ttl 255 time 90 ms Reply from 10 1 1 2 bytes 56 Sequence 2 ttl 255 time 77 ms Reply from 10 1 1 2 bytes 56 Sequence 3 ttl 255 time 34 ms Reply from 10 1 1 2 bytes 56 Sequence 4 ttl 255...

Page 750: ...peer 3 3 3 9 mpls ldp mpls ldp remote peer 3 3 3 9 remote ip 3 3 3 9 interface Vlanif10 l2 binding vsi a2 interface Vlanif20 ip address 168 1 1 1 255 255 255 0 mpls mpls ldp interface GigabitEthernet1 0 0 port hybrid pvid vlan 10 port hybrid tagged vlan 10 interface GigabitEthernet2 0 0 port hybrid pvid vlan 20 port hybrid tagged vlan 20 interface LoopBack1 ip address 1 1 1 9 255 255 255 255 ospf ...

Page 751: ...dress 2 2 2 9 255 255 255 255 ospf 1 area 0 0 0 0 network 168 1 1 0 0 0 0 255 network 169 1 1 0 0 0 0 255 network 2 2 2 9 0 0 0 0 return l Configuration file of PE2 sysname PE2 vlan batch 30 40 mpls lsr id 3 3 3 9 mpls mpls l2vpn vsi a2 static pwsignal ldp vsi id 2 peer 1 1 1 9 mpls ldp mpls ldp remote peer 1 1 1 9 remote ip 1 1 1 9 interface Vlanif30 ip address 169 1 1 2 255 255 255 0 mpls mpls l...

Page 752: ...signaling implement the automatic discovery of VPLS PEs through VPN targets and implement interworking between CE1 and CE2 Figure 7 13 Networking diagram for configuring Kompella VPLS CE1 CE2 PE1 PE2 P Loopback1 1 1 1 9 32 Loopback1 2 2 2 9 32 Loopback1 3 3 3 9 32 GE2 0 0 GE1 0 0 GE2 0 0 GE1 0 0 GE1 0 0 GE2 0 0 GE1 0 0 GE1 0 0 Device Interface VLANIF Interface IP Address PE1 GigabitEthernet 1 0 0 ...

Page 753: ...l of a VSI that is BGP l RDs VPN targets site IDs of VSIs on PEs l Interfaces to which VSIs are bound and VLAN IDs of the interfaces Procedure Step 1 Configure the VLAN to which each interface belongs according to Figure 7 13 The configuration details are not mentioned here NOTE Do not add the AC side port and PW side port of a PE to the same VLAN otherwise a loop may occur Step 2 Configure an IGP...

Page 754: ...1 9 enable PE2 bgp af vpls quit Step 5 Enable MPLS L2VPN on PEs Configure PE1 PE1 mpls l2vpn Configure PE2 PE2 mpls l2vpn Step 6 Configure VSIs on PEs NOTE Site IDs at both ends of a VSI must be different Configure PE1 PE1 vsi bgp1 auto PE1 vsi bgp1 pwsignal bgp PE1 vsi bgp1 bgp route distinguisher 168 1 1 1 1 PE1 vsi bgp1 bgp vpn target 100 1 import extcommunity PE1 vsi bgp1 bgp vpn target 100 1 ...

Page 755: ...is UP PE1 display vsi name bgp1 verbose VSI Name bgp1 Administrator VSI no Isolate Spoken disable VSI Index 1 PW Signaling bgp Member Discovery Style auto PW MAC Learn Style unqualify Encapsulation Type vlan MTU 1500 Diffserv Mode uniform Mpls Exp DomainId 255 Domain Name Ignore AcState disable Create Time 0 days 0 hours 8 minutes 38 seconds VSI State up BGP RD 168 1 1 1 1 SiteID Range Offset 1 5 ...

Page 756: ...m 10 1 1 2 bytes 56 Sequence 5 ttl 255 time 94 ms 10 1 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 34 68 94 ms End Configuration Files l Configuration file of CE1 sysname CE1 vlan batch 10 interface Vlanif10 ip address 10 1 1 1 255 255 255 0 interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 10 return l Configur...

Page 757: ...erface LoopBack1 ip address 1 1 1 9 255 255 255 255 bgp 100 peer 3 3 3 9 as number 100 peer 3 3 3 9 connect interface LoopBack1 vpls family policy vpn target peer 3 3 3 9 enable ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 network 168 1 1 0 0 0 0 255 return l Configuration file of P sysname P vlan batch 20 30 mpls lsr id 2 2 2 9 mpls mpls ldp interface Vlanif20 ip address 168 1 1 2 255 255 255 0 mp...

Page 758: ...nge 5 default offset 0 mpls ldp interface Vlanif30 ip address 169 1 1 2 255 255 255 0 mpls mpls ldp interface Vlanif40 l2 binding vsi bgp1 interface GigabitEthernet1 0 0 port hybrid pvid vlan 30 port hybrid tagged vlan 30 interface GigabitEthernet2 0 0 port hybrid pvid vlan 40 port hybrid tagged vlan 40 interface LoopBack1 ip address 3 3 3 9 255 255 255 255 bgp 100 peer 1 1 1 9 as number 100 peer ...

Page 759: ...the dynamic signaling protocol RSVP TE be used to establish an MPLS TE tunnel between PE1 and PE2 to carry VPLS services Configuration Roadmap The configuration roadmap is as follows 1 Configure a routing protocol on the devices PEs and the P device on the backbone network to make them reachable and enable MPLS 2 Establish an MPLS TE tunnel and create a tunnel policy 3 Enable MPLS L2VPN on PEs 4 C...

Page 760: ...e MPLS MPLS TE MPLS RSVP TE and MPLS TE Constraint Shortest Path First CSPF On the nodes along the MPLS TE tunnel enable MPLS MPLS TE and MPLS RSVP TE in both the system view and the interface view On the ingress node of the tunnel enable MPLS TE CSPF in the system view Configure PE1 PE1 mpls lsr id 1 1 1 9 PE1 mpls PE1 mpls mpls te PE1 mpls mpls rsvp te PE1 mpls mpls te cspf PE1 mpls quit PE1 int...

Page 761: ...PE2 ospf 1 area 0 0 0 0 network 3 3 3 9 0 0 0 0 PE2 ospf 1 area 0 0 0 0 network 100 2 1 0 0 0 0 255 PE2 ospf 1 area 0 0 0 0 mpls te enable Step 5 Configure tunnel interfaces Create tunnel interfaces on PEs Specify MPLS TE as the tunneling protocol and RSVP TE as the signaling protocol Configure PE1 PE1 interface tunnel 1 0 0 PE1 Tunnel1 0 0 ip address unnumbered interface loopback1 PE1 Tunnel1 0 0...

Page 762: ...tput bandwidth utilization Run the display tunnel info all command in the system view and you can view that the TE tunnel with the destination address being the peer MPLS LSR ID exists between PEs For example information about PE1 is displayed as follows PE1 display tunnel info all Allocated VC Token Tunnel ID Type Destination Token 0x10020 cr lsp 3 3 3 9 0 0x10021 lsp 1 0x10022 lsp 2 Step 6 Confi...

Page 763: ...nfigure PE1 PE1 vsi a2 static PE1 vsi a2 pwsignal ldp PE1 vsi a2 ldp vsi id 2 PE1 vsi a2 ldp peer 3 3 3 9 tnl policy policy1 PE1 vsi a2 ldp quit Configure PE2 PE2 vsi a2 static PE2 vsi a2 pwsignal ldp PE2 vsi a2 ldp vsi id 2 PE2 vsi a2 ldp peer 1 1 1 9 tnl policy policy1 PE2 vsi a2 ldp quit Step 10 Bind VSIs to interfaces on PEs Configure PE1 PE1 interface vlanif 10 PE1 Vlanif10 l2 binding vsi a2 ...

Page 764: ...Broadcast Tunnel ID 0x10020 CKey 6 NKey 5 StpEnable 0 PwIndex 0 Tunnel Policy Name policy1 Interface Name Vlanif10 State up Last Up Time 2009 01 05 18 10 44 Total Up Time 1 days 16 hours 53 minutes 33 seconds PW Information Peer Ip Address 3 3 3 9 PW State up Local VC Label 27648 Remote VC Label 27648 PW Type label Tunnel ID 0x10020 Broadcast Tunnel ID 0x10020 Ckey 0x6 Nkey 0x5 Main PW Token 0x100...

Page 765: ...received 0 00 packet loss round trip min avg max 94 118 125 ms After CE1 pings CE2 run the display interface tunnel 1 0 0 command on the PE to view tunnel interface information and you can view that the number of packets passing through the interface increases For example information about PE1 is displayed as follows PE1 display interface tunnel 1 0 0 Tunnel1 0 0 current state UP Line protocol cur...

Page 766: ...0 20 mpls lsr id 1 1 1 9 mpls mpls te mpls rsvp te mpls te cspf mpls l2vpn vsi a2 static pwsignal ldp vsi id 2 peer 3 3 3 9 tnl policy policy1 mpls ldp mpls ldp remote peer 3 3 3 9 remote ip 3 3 3 9 interface Vlanif10 l2 binding vsi a2 interface Vlanif20 ip address 100 1 1 1 255 255 255 0 ospf cost 1 mpls mpls te mpls rsvp te interface GigabitEthernet1 0 0 port link type trunk port trunk allow pas...

Page 767: ...mpls te mpls rsvp te interface Vlanif20 ip address 100 1 1 2 255 255 255 0 ospf cost 1 mpls mpls te mpls rsvp te interface Vlanif30 ip address 100 2 1 1 255 255 255 0 ospf cost 1 mpls mpls te mpls rsvp te interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 20 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 30 interface LoopBack1 ip address ...

Page 768: ...t2 0 0 port link type trunk port trunk allow pass vlan 30 interface LoopBack1 ip address 3 3 3 9 255 255 255 255 interface Tunnel1 0 0 ip address unnumbered interface LoopBack1 tunnel protocol mpls te destination 1 1 1 9 mpls te tunnel id 100 mpls te reserved for binding mpls te commit ospf 1 opaque capability enable area 0 0 0 0 network 3 3 3 9 0 0 0 0 network 100 2 1 0 0 0 0 255 mpls te enable t...

Page 769: ...esh Site1 Site3 Site2 Loopback1 1 1 1 9 32 Loopback1 2 2 2 9 32 Loopback1 3 3 3 9 32 GE1 0 0 GE2 0 0 GE1 0 0 GE1 0 0 GE1 0 0 GE1 0 0 GE3 0 0 GE2 0 0 GE1 0 0 CE1 CE2 CE3 GE2 0 0 Device Interface VLANIF Interface IP Address UPE GigabitEthernet 1 0 0 VLANIF 10 GigabitEthernet 2 0 0 VLANIF 20 GigabitEthernet 3 0 0 VLANIF 30 100 1 1 1 24 Loopback1 1 1 1 9 32 SPE GigabitEthernet 1 0 0 VLANIF 30 100 1 1 ...

Page 770: ...according to Figure 7 15 The configuration details are not mentioned here NOTE Do not add the AC side port and PW side port of a PE to the same VLAN otherwise a loop may occur Step 2 Configure an IGP OSPF is adopted in the example The configuration details are not mentioned here After the configuration run the display ip routing table command on UPEs SPEs and PEs You can view that UPEs SPEs and PE...

Page 771: ...E interface vlanif 10 UPE Vlanif10 l2 binding vsi v123 UPE Vlanif10 quit UPE interface vlanif 20 UPE Vlanif20 l2 binding vsi v123 UPE Vlanif20 quit Configure the PE PE interface vlanif 50 PE Vlanif50 l2 binding vsi v123 Step 6 Assign an IP address to each VLANIF interface on CEs Configure CE1 Quidway sysname CE1 CE1 interface vlanif 10 CE1 Vlanif10 ip address 10 1 1 1 255 255 255 0 Configure CE2 Q...

Page 772: ...Tunnel ID 0x20022 Broadcast Tunnel ID 0x20022 CKey 6 NKey 5 StpEnable 0 PwIndex 0 Peer Router ID 1 1 1 9 VC Label 27649 Peer Type dynamic Session up Tunnel ID 0x10020 Broadcast Tunnel ID 0x10020 CKey 6 NKey 5 StpEnable 0 PwIndex 0 PW Information Peer Ip Address 1 1 1 9 PW State up Local VC Label 27649 Remote VC Label 27648 PW Type MEHVPLS Tunnel ID 0x10020 Broadcast Tunnel ID 0x10020 Ckey 0x6 Nkey...

Page 773: ...iguration file of the UPE sysname UPE vlan batch 10 20 30 mpls lsr id 1 1 1 9 mpls mpls l2vpn vsi v123 static pwsignal ldp vsi id 123 peer 2 2 2 9 mpls ldp interface Vlanif10 l2 binding vsi v123 interface Vlanif20 l2 binding vsi v123 interface Vlanif30 ip address 100 1 1 1 255 255 255 0 mpls mpls ldp interface GigabitEthernet1 0 0 port hybrid pvid vlan 10 port hybrid tagged vlan 10 interface Gigab...

Page 774: ...rt hybrid pvid vlan 30 port hybrid tagged vlan 30 interface GigabitEthernet2 0 0 port hybrid pvid vlan 40 port hybrid tagged vlan 40 interface LoopBack1 ip address 2 2 2 9 255 255 255 255 ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 network 100 2 1 0 0 0 0 255 network 100 1 1 0 0 0 0 255 return l Configuration file of the PE sysname PE vlan batch 40 50 mpls lsr id 3 3 3 9 mpls mpls l2vpn vsi v123 s...

Page 775: ...10 ip address 10 1 1 1 255 255 255 0 interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 10 return l Configuration file of CE2 sysname CE2 vlan batch 20 interface Vlanif20 ip address 10 1 1 2 255 255 255 0 interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 20 return l Configuration file of CE3 sysname CE3 vlan batch 50 interface Vlanif50 ip ad...

Page 776: ...opback1 3 3 3 9 32 GE1 0 0 GE1 0 0 GE2 0 0 GE1 0 0 GE1 0 0 CE1 CE2 GE1 0 0 GE2 0 0 GE2 0 0 Device Interface VLANIF Interface IP Address UPE1 GigabitEthernet 1 0 0 VLANIF 20 100 1 3 2 24 GigabitEthernet 2 0 0 VLANIF 10 Loopback1 4 4 4 9 32 SPE1 GigabitEthernet 1 0 0 VLANIF 30 100 1 1 1 24 GigabitEthernet 2 0 0 VLANIF 20 100 1 3 1 24 Loopback1 1 1 1 9 32 P GigabitEthernet 1 0 0 VLANIF 30 100 1 1 2 2...

Page 777: ...bels on static LSPs between UPEs and SPEs Procedure 1 Configure IP addresses for interfaces As shown in Figure 7 16 configure the VLAN to which each interface belongs and configure the IP addresses and masks for loopback interfaces and VLANIF interfaces The details are not mentioned here NOTE Do not add the AC side port and PW side port of a PE to the same VLAN otherwise a loop may occur 2 Configu...

Page 778: ...UPE2 UPE2 system view UPE2 ospf UPE2 ospf 1 area 0 UPE2 ospf 1 area 0 0 0 0 network 5 5 5 9 0 0 0 0 UPE2 ospf 1 area 0 0 0 0 network 100 1 4 0 0 0 0 255 UPE2 ospf 1 area 0 0 0 0 quit UPE2 ospf 1 quit 3 Configure basic MPLS functions and LDP Configure SPE1 SPE1 mpls lsr id 1 1 1 9 SPE1 mpls SPE1 mpls quit SPE1 quit SPE1 mpls ldp SPE1 mpls ldp quit SPE1 interface vlanif 30 SPE1 Vlanif30 mpls SPE1 Vl...

Page 779: ...AL 1 session s Found SPE1 display mpls lsp LSP Information LDP LSP FEC In Out Label In Out IF Vrf Name 2 2 2 9 32 NULL 3 Vlanif30 1 1 1 9 32 3 NULL 3 3 3 9 32 NULL 1025 Vlanif30 4 Establish remote LDP sessions between SPEs Configure SPE1 SPE1 mpls ldp remote peer 3 3 3 9 SPE1 mpls ldp remote 3 3 3 9 remote ip 3 3 3 9 SPE1 mpls ldp remote 3 3 3 9 quit Configure SPE2 SPE2 mpls ldp remote peer 1 1 1 ...

Page 780: ... 4 4 4 9 32 nexthop 100 1 3 2 out label 30 SPE1 static lsp egress UPE1toSPE1 incoming interface vlanif 20 in label 20 Configure SPE2 SPE2 static lsp ingress SPE2toUPE2 destination 5 5 5 9 32 nexthop 100 1 4 2 out label 50 SPE2 static lsp egress UPE2toSPE2 incoming interface vlanif 50 in label 40 6 Enable MPLS L2VPN on UPEs and configure the UPEs to access SPEs through static VLLs Configure UPE1 UP...

Page 781: ...Capabilty Disable Tunnel Policy PW Template Name Traffic Behavior Main or Secondary Main VC tunnel token info 1 tunnels tokens NO 0 TNL Type lsp TNL ID 0x10020 Create time 0 days 0 hours 10 minutes 45 seconds UP time 0 days 0 hours 10 minutes 45 seconds Last change time 0 days 0 hours 10 minutes 45 seconds VC last up time 2010 02 02 12 31 31 VC total up time 0 days 0 hours 10 minutes 45 seconds Ru...

Page 782: ...pe label Tunnel ID 0x10021 Broadcast Tunnel ID 0x10021 Ckey 0x6 Nkey 0x5 Main PW Token 0x10020 Slave PW Token 0x0 Tnl Type LSP OutInterface Vlanif30 Stp Enable 0 Mac Flapping 0 PW Last Up Time 2010 02 02 15 41 59 PW Total Up Time 0 days 0 hours 1 minutes 3 seconds CE1 and CE2 which reside in the same network segment can ping each other successfully After you run the shutdown command on VLANIF 10 t...

Page 783: ...pe trunk port trunk allow pass vlan 10 return l Configuration file of CE2 sysname CE2 interface Vlanif60 ip address 10 1 1 2 255 255 255 0 interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 60 return l Configuration file of UPE1 sysname UPE1 vlan batch 10 20 mpls lsr id 4 4 4 9 mpls mpls l2vpn interface Vlanif10 mpls static l2vc destination 1 1 1 9 transmit vpn label 10...

Page 784: ... 3 9 interface Vlanif20 ip address 100 1 3 1 255 255 255 0 mpls interface Vlanif30 ip address 100 1 1 1 255 255 255 0 mpls mpls ldp interface GigabitEthernet2 0 0 port hybrid pvid vlan 20 port hybrid tagged vlan 20 interface GigabitEthernet1 0 0 port hybrid pvid vlan 30 port hybrid tagged vlan 30 interface LoopBack1 ip address 1 1 1 9 255 255 255 255 ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 net...

Page 785: ...ess 2 2 2 9 255 255 255 255 ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 network 100 1 1 0 0 0 0 255 network 100 1 2 0 0 0 0 255 return l Configuration file of SPE2 sysname SPE2 vlan batch 40 50 mpls lsr id 3 3 3 9 mpls mpls l2vpn vsi V100 static pwsignal ldp vsi id 100 peer 1 1 1 9 peer 5 5 5 9 static upe tran 100 recv 100 mpls ldp mpls ldp remote peer 1 1 1 9 remote ip 1 1 1 9 interface Vlanif40 ...

Page 786: ...5 5 5 9 mpls mpls l2vpn interface Vlanif50 ip address 100 1 4 2 255 255 255 0 mpls interface Vlanif60 mpls static l2vc destination 3 3 3 9 transmit vpn label 100 receive vpn label 100 interface GigabitEthernet1 0 0 port hybrid pvid vlan 50 port hybrid tagged vlan 50 interface GigabitEthernet2 0 0 port hybrid pvid vlan 60 port hybrid tagged vlan 60 interface LoopBack1 ip address 5 5 5 9 255 255 255...

Page 787: ...NIF 20 100 1 2 1 24 GE2 0 0 VLANIF 40 100 1 4 1 24 GE2 0 0 VLANIF 40 100 1 4 2 24 Loopback1 1 1 1 9 Loopback1 2 2 2 9 Loopback1 3 3 3 9 L o o p b a c k 1 4 4 4 9 Loopback1 5 5 5 9 VLANIF 50 Device Interface VLANIF interface IP address SPE1 GigabitEthernet1 0 0 VLANIF 10 100 1 1 1 24 GigabitEthernet2 0 0 VLANIF 30 100 1 3 1 24 Loopback1 1 1 1 9 32 SPE2 GigabitEthernet1 0 0 VLANIF 20 100 1 2 2 24 Gi...

Page 788: ... are used as peer IP addresses l Routing protocol l VC ID of the L2VC Procedure Step 1 Create VLANs and add interfaces to the VLANs The configuration details are not mentioned here Step 2 Set IP addresses Set the IP addresses and masks of the interfaces including VLANIF interfaces and loopback interfaces on the UPEs and SPEs according to Figure 7 17 The configuration details are not mentioned here...

Page 789: ... area 0 0 0 0 quit UPE1 ospf 1 quit Configure UPE2 UPE2 system view UPE2 ospf UPE2 ospf 1 area 0 UPE2 ospf 1 area 0 0 0 0 network 5 5 5 9 0 0 0 0 UPE2 ospf 1 area 0 0 0 0 network 100 1 4 0 0 0 0 255 UPE2 ospf 1 area 0 0 0 0 quit UPE2 ospf 1 quit Step 4 Configure basic MPLS functions and LDP Configure SPE1 SPE1 mpls lsr id 1 1 1 9 SPE1 mpls SPE1 mpls quit SPE1 mpls ldp SPE1 mpls ldp quit SPE1 inter...

Page 790: ...PE2 Vlanif40 mpls ldp UPE2 Vlanif40 quit After the configuration run the display mpls ldp session command on UPEs P and SPEs You can see that the peer relationship is set up between SPE and UPE or between SPE and P The status of the peer relationship is Operational Run the display mpls lsp command and you can view the status of the LSPs Step 5 Set up remote LDP sessions between SPEs Configure SPE1...

Page 791: ...erify the configuration After the configuration run the display mpls l2vc command on the UPEs You can find that the dynamic VLLs are established and the VC status is Up Take the display on UPE1 as an example UPE1 display mpls l2vc total LDP VC 1 1 up 0 down client interface Vlanif50 session state up AC status up VC state up VC ID 100 VC type VLAN destination 1 1 1 9 local VC label 23552 remote VC ...

Page 792: ... 3 ttl 255 time 34 ms Reply from 10 1 1 2 bytes 56 Sequence 4 ttl 255 time 46 ms Reply from 10 1 1 2 bytes 56 Sequence 5 ttl 255 time 94 ms 10 1 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 34 68 94 ms End Configuration Files l Configuration file of CE1 sysname CE1 vlan batch 50 interface Vlanif 50 ip address 10 1 1 1 255 255 255 0 interfac...

Page 793: ...twork 100 1 3 0 0 0 0 255 return l Configuration file of SPE1 sysname SPE1 vlan batch 10 30 mpls lsr id 1 1 1 9 mpls mpls l2vpn vsi v100 static pwsignal ldp vsi id 100 peer 3 3 3 9 peer 4 4 4 9 upe mpls ldp mpls ldp remote peer 3 3 3 9 remote ip 3 3 3 9 interface Vlanif 10 ip address 100 1 1 1 255 255 255 0 mpls mpls ldp interface Vlanif 30 ip address 100 1 3 1 255 255 255 0 mpls mpls ldp interfac...

Page 794: ...abitEthernet1 0 0 port link type trunk port trunk allow pass vlan 10 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 20 interface LoopBack1 ip address 2 2 2 9 255 255 255 255 ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 network 100 1 1 0 0 0 0 255 network 100 1 2 0 0 0 0 255 return l Configuration file of SPE2 sysname SPE2 mpls lsr id 3 3 3 9 mpls mpls l2vpn vsi v100 ...

Page 795: ...n l Configuration file of UPE2 sysname UPE2 vlan batch 40 60 mpls lsr id 5 5 5 9 mpls mpls l2vpn mpls l2vpn default martini mpls ldp interface Vlanif 40 ip address 100 1 4 2 255 255 255 0 mpls mpls ldp interface Vlanif 60 mpls l2vc 3 3 3 9 100 interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 40 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass ...

Page 796: ...LS Backbone AS 200 Device Interface VLANIF Interface IP Address PE1 GigabitEthernet 1 0 0 VLANIF 10 GigabitEthernet 2 0 0 VLANIF 20 100 1 1 1 24 Loopback1 1 1 1 1 32 ASBR PE1 GigabitEthernet 1 0 0 VLANIF 20 100 1 1 2 24 GigabitEthernet 2 0 0 VLANIF 30 Loopback1 2 2 2 2 32 ASBR PE2 GigabitEthernet 1 0 0 VLANIF 30 GigabitEthernet 2 0 0 VLANIF 40 100 3 1 1 24 Loopback1 3 3 3 3 32 PE2 GigabitEthernet ...

Page 797: ...backbone network can interwork by using an IGP In this example IS IS is used and the configuration details are not mentioned here After the configuration the IS IS neighbor relationship is established between ASBR PEs and PEs in the same AS Run the display isis peer command and you can view that the status of IS IS neighbors is Up and the PEs can learn loopback addresses from each other Take the d...

Page 798: ...n means the session is being deleted Peer ID Status LAM SsnRole SsnAge KA Sent Rcv 1 1 1 1 0 Operational DU Active 0000 00 08 34 34 TOTAL 1 session s Found Step 4 Enable MPLS L2VPN on PEs Configure PE1 PE1 mpls l2vpn Configure PE2 PE2 mpls l2vpn Configure ASBR PE1 ASBR PE1 mpls l2vpn Configure ASBR PE2 ASBR PE2 mpls l2vpn Step 5 Bind VSIs to related interfaces Configure VSIs on PEs and ASBR PEs re...

Page 799: ...nfigure CE1 CE1 interface vlanif 10 CE1 Vlanif10 ip address 10 1 1 1 24 CE1 Vlanif10 quit Configure CE2 CE2 interface vlanif 50 CE2 Vlanif50 ip address 10 1 1 2 24 CE2 Vlanif50 quit Step 7 Verify the configuration After the preceding configurations run the display vsi name verbose command on PE1 You can find that a VSI named a1 sets up a PW to PE2 and the status of the VSI is UP PE1 display vsi na...

Page 800: ...each other successfully Take the display on CE1 as an example CE1 ping 10 1 1 2 PING 10 1 1 2 56 data bytes press CTRL_C to break Reply from 10 1 1 2 bytes 56 Sequence 1 ttl 255 time 172 ms Reply from 10 1 1 2 bytes 56 Sequence 2 ttl 255 time 156 ms Reply from 10 1 1 2 bytes 56 Sequence 3 ttl 255 time 156 ms Reply from 10 1 1 2 bytes 56 Sequence 4 ttl 255 time 156 ms Reply from 10 1 1 2 bytes 56 S...

Page 801: ... mpls ldp interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 10 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 20 interface LoopBack1 ip address 1 1 1 1 255 255 255 255 isis enable 1 return l Configuration file of ASBR PE1 sysname ASBR PE1 vlan batch 20 30 mpls lsr id 2 2 2 2 mpls mpls l2vpn vsi a1 static pwsignal ldp vsi id 2 peer 1 1 1 ...

Page 802: ...3 mpls mpls l2vpn vsi a1 static pwsignal ldp vsi id 3 peer 4 4 4 4 mpls ldp isis 1 network entity 10 0000 0000 0003 00 interface Vlanif30 l2 binding vsi a1 interface Vlanif40 ip address 200 1 1 1 255 255 255 0 isis enable 1 mpls mpls ldp interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 30 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 4...

Page 803: ...address 4 4 4 4 255 255 255 255 isis enable 1 return l Configuration file of CE2 sysname CE2 vlan batch 50 interface Vlanif50 ip address 10 1 1 2 255 255 255 0 interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 50 return 7 13 8 Example for Configuring Inter AS Kompella VPLS Option A Networking Requirements As shown in Figure 7 19 CE1 and CE2 belong to the same VPLS and ...

Page 804: ...IP Address PE1 GigabitEthernet 1 0 0 VLANIF 10 GigabitEthernet 2 0 0 VLANIF 20 100 1 1 1 24 Loopback1 1 1 1 1 32 ASBR PE1 GigabitEthernet 1 0 0 VLANIF 20 100 1 1 2 24 GigabitEthernet 2 0 0 VLANIF 30 Loopback1 2 2 2 2 32 ASBR PE2 GigabitEthernet 1 0 0 VLANIF 30 GigabitEthernet 2 0 0 VLANIF 40 100 3 1 1 24 Loopback1 3 3 3 3 32 PE2 GigabitEthernet 1 0 0 VLANIF 40 100 3 1 2 24 GigabitEthernet 2 0 0 VL...

Page 805: ... IGP IS IS used as an IGP in this example The configuration details are not mentioned here Note that IS IS must be enabled on Loopback1 After the configuration IS IS neighbor relationships are established between ASBR PEs and PEs in the same AS Run the display isis peer command and you can view that the neighbors are Up Run the display ip routing table command and you can view that ASBRs and PEs c...

Page 806: ... mentioned here After the configuration run the display mpls lsp command on each PE and you can find that LSPs are successfully set up between the PEs and the ASBR PEs in the same AS Take PE1 as an example PE1 display mpls lsp LSP Information LDP LSP FEC In Out Label In Out IF Vrf Name 2 2 2 2 32 NULL 3 Vlanif20 2 2 2 2 32 1024 3 Vlanif20 Step 4 Configure MP IBGP connections within an AS Establish...

Page 807: ... vsi v1 quit PE1 interface vlanif 10 PE1 Vlanif10 l2 binding vsi v1 PE1 Vlanif10 quit Configure ASBR PE1 ASBR PE1 vsi v1 auto ASBR PE1 vsi v1 pwsignal bgp ASBR PE1 vsi v1 bgp route distinguisher 100 2 ASBR PE1 vsi v1 bgp vpn target 1 1 import extcommunity ASBR PE1 vsi v1 bgp vpn target 1 1 export extcommunity ASBR PE1 vsi v1 bgp site 2 range 5 default offset 0 ASBR PE1 vsi v1 bgp quit ASBR PE1 vsi...

Page 808: ... an example PE1 display vpls connection bgp verbose VSI Name v1 Signaling bgp Remote Site ID 2 VC State up RD 100 2 Encapsulation vlan MTU 1500 Peer Ip Address 2 2 2 2 PW Type label Local VC Label 35842 Remote VC Label 31745 Tunnel Policy Tunnel ID 0x20020 Remote Label Block 31744 5 0 Export vpn target 1 1 CE1 and CE2 can ping through each other CE1 ping 10 1 1 2 PING 10 1 1 2 56 data bytes press ...

Page 809: ...es l Configuration file of CE1 sysname CE1 vlan batch 10 interface GigabitEthernet1 0 0 ip address 10 1 1 1 255 255 255 0 interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 10 return l Configuration file of PE1 sysname PE1 vlan batch 10 20 mpls lsr id 1 1 1 1 mpls mpls l2vpn vsi v1 auto pwsignal bgp route distinguisher 100 1 vpn target 1 1 import extcommunity vpn target...

Page 810: ...me ASBR PE1 vlan batch 20 30 mpls lsr id 2 2 2 2 mpls mpls l2vpn vsi v1 auto pwsignal bgp route distinguisher 100 2 vpn target 1 1 import extcommunity vpn target 1 1 export extcommunity site 2 range 5 default offset 0 mpls ldp isis 1 network entity 10 0000 0000 0002 00 interface Vlanif20 ip address 100 1 1 2 255 255 255 0 isis enable 1 mpls mpls ldp interface Vlanif30 l2 binding vsi v1 interface G...

Page 811: ...0 mpls ldp isis 1 network entity 10 0000 0000 0003 00 interface Vlanif30 l2 binding vsi v1 interface Vlanif40 ip address 100 3 1 1 255 255 255 0 isis enable 1 mpls mpls ldp interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 30 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 40 interface LoopBack1 ip address 3 3 3 3 255 255 255 255 isis ena...

Page 812: ...ng vsi v1 interface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 40 interface GigabitEthernet2 0 0 port link type trunk port trunk allow pass vlan 50 interface LoopBack1 ip address 4 4 4 4 255 255 255 255 isis enable 1 bgp 200 peer 3 3 3 3 as number 200 peer 3 3 3 3 connect interface LoopBack1 ipv4 family unicast undo synchronization peer 3 3 3 3 enable vpls family policy v...

Page 813: ...rface GigabitEthernet1 0 0 port link type trunk port trunk allow pass vlan 50 return Quidway S7700 Smart Routing Switch Configuration Guide VPN 7 VPLS Configuration Issue 01 2011 07 15 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 798 ...

Page 814: ...e NPE This section describes how to configure VPLS convergence when the UPE is directly connected to the NPE 8 4 Configuring BFD for VSI PW If a BFD session is bound to the mVSI PW you can monitor the service VSI by monitoring the status of the mVSI PW 8 5 Maintaining VPLS Convergence This section describes how to debug VPLS convergence 8 6 Configuration Examples This section provides a configurat...

Page 815: ...run between core devices to determine whether a device is the master or the backup The pseudo wires PWs and attachment circuit AC interfaces between VSIs determine the master and the backup by tracking the status of the mVRRP virtual router When mVRRP performs the switchover the PW and AC interfaces between VSIs also perform the switchover Meanwhile the VSI clears its own MAC address and learns th...

Page 816: ... as follows l Binding relation between a service VRRP group and an mVRRP group l Binding relation between a service interface and an mVRRP group l Binding relation between a PW and an mVRRP group As shown in the following networking diagram an UPE is connected to two NPEs VRRP runs between NPEs The VRRP priority determines whether an NPE is the master or the backup When the link related to the mas...

Page 817: ...ster NPE and uses NPE1 as the backup NPE NOTE For more information about VRRP see VRRP and VRRP6 Configuration in the Quidway S7700 Smart Routing Switch Configuration Guide Reliability mVRRP over mVPLS mVRRP over mVPLS indicates that mVRRP packets are transmitted by the mVSI through the mPW As shown in Figure 8 2 mVPLS is run between the UPE and the NPEs the mVSI is configured on the UPE and the N...

Page 818: ...eir IP addresses incoming labels incoming interfaces and MAC addresses are the same l If they are the same it indicates that the mVRRP group between NPEs does not perform the master backup switchover l If they are the different it indicates that the mVRRP group between NPEs has performed the master backup switchover 3 The UPE clears the MAC addresses of all the bound service VSIs according to the ...

Page 819: ...vice VSI and service PW also need to be set up between the UPE and the NPE to transmit and forward service packets from an access network VPLS convergence is deployed on the UPE and the NPEs After mVRRP and the mVSI are correctly configured the service data of users can be sent to the master NPE When the master NPE or the link between the UPE and the master NPE fails the backup NPE automatically b...

Page 820: ... 2 IP address of the peer and the tunnel policy used by the PW 3 Name and number of the interface to which a VSI is bound 8 3 2 Configuring the mVSI Context To forward the mVRRP packets on the NPEs through the mVSI on the UPE do as follows Procedure Step 1 Run system view The system view is displayed Step 2 Run vsi vsi name static A VSI is created and the automatic member discovery mechanism is co...

Page 821: ...ntries and to learn the MAC addresses again NOTE The control plane requests the forwarding plane to clear the MAC addresses of the service VSIs if the number of service VSIs bound to the mVSI reaches the threshold The threshold is determined by the PAF file and the license file l If the number of service VSIs bound to the mVSI does not reach the threshold the control plane delivers notification me...

Page 822: ...ent complete the pre configuration tasks and obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment In the VPLS convergence MAN solution you can establish multiple service VSI PWs and bind them to an mVSI PW In this manner if a BFD session is bound to the mVSI PW you can monitor the service VSI only by monitoring the status of the m...

Page 823: ...BFD is enabled on this node and the BFD view is displayed End 8 4 3 Enabling the Sending of BFD for VSI PW Packets to the Protocol Stack To detect VSI PW links by using BFD sessions the sending of BFD for VSI PW packets to the protocol stack must be enabled Procedure Step 1 Run system view The system view is displayed Step 2 Run bfd for vsi pw enable The sending of BFD for VSI PW packets to the pr...

Page 824: ...local system and the remote discriminator of the remote system are the same The remote discriminator of the local system and the local discriminator of the remote system are the same Otherwise BFD sessions cannot be established In addition discriminators cannot be changed after being set Step 4 Run commit The configuration is committed End 8 4 5 Checking the Configuration After BFD for VSI PW is c...

Page 825: ...VSI PW Session Description Total Commit Uncommit CFG Number 1 0 You can see that a BFD session named to_a is established and the binding type is VSI PW 8 5 Maintaining VPLS Convergence This section describes how to debug VPLS convergence 8 5 1 Debugging VPLS Convergence Context CAUTION Debugging affects the performance of the system So after debugging run the undo debugging all command to disable ...

Page 826: ...e UPE The mVPPR packets are exchanged between NPE1 and NPE2 through the mVSI on the UPE The service PWs of NPE1 and NPE2 are bound to the mVRRP group so that the status of the service PWs is determined by the mVRRP group Normally only the service PW on the master NPE processes the service data of users l The service data of users is sent to the service VSI on the UPE and then forwarded to the two ...

Page 827: ...E GE1 0 1 VLANIF 100 10 1 1 1 24 UPE GE1 0 2 VLANIF 200 10 1 2 1 24 NPE1 Loopback1 2 2 2 2 32 NPE2 Loopback1 3 3 3 3 32 Configuration Roadmap NOTE In the networking diagram the UPE refers to the S7700 Only the configurations on the S7700 are provided here The configuration roadmap is as follows 1 Configure the routing and MPLS functions l Set the IP addresses for the interfaces on the UPE Quidway ...

Page 828: ...SI name VC ID and tunnel policy Procedure Step 1 Configure routes After the configuration reachable routes are available between the UPE and NPEs The configuration details are not mentioned here Step 2 Configure MPLS functions NOTE In this example the MPLS TE tunnel is used between the UPE and the NPEs 1 Enable MPLS MPLS TE MPLS RSVP TE and MPLS CSPF On the nodes along the MPLS TE tunnel enable MP...

Page 829: ...DDDD HH MM A before a session means the session is being deleted PeerID Status LAM SsnRole SsnAge KASent Rcv 2 2 2 2 0 Operational DU Passive 0000 00 00 4 4 3 3 3 3 0 Operational DU Passive 0000 00 00 2 2 TOTAL 2 session s Found 4 Configure tunnel interfaces Create the tunnel interfaces on UPE and NPEs and set the tunnel protocol to MPLS TE and the singnaling protocol to RSVP TE Configure the UPE ...

Page 830: ...net 1 0 2 1 UPE GigabitEthernet1 0 2 1 control vid 2 dot1q termination UPE GigabitEthernet1 0 2 1 dolt1q termination vid 10 UPE GigabitEthernet1 0 2 1 l2 binding vsi admin vsi1 UPE GigabitEthernet1 0 2 1 quit After the configuration run the display vsi command on the UPE and you can see that the VSI status is Up Take the display on the UPE as an example UPE display vsi name admin vsi1 verbose VSI ...

Page 831: ...isplay vsi Total VSI number is 2 2 is up 0 is down 2 is LDP mode 0 is BGP mode Vsi Mem PW Mac Encap Mtu Vsi Name Disc Type Learn Type Value State admin vsi1 static ldp unqualify vlan 1500 up biz vsi1 static ldp unqualify vlan 1500 up Step 4 Bind service VSI with admin VSI UPE vsi biz vsi1 UPE vsi biz vsi1 track admin vsi admin vsi1 UPE vsi biz vsi1 quit Step 5 Verify the configuration Run the disp...

Page 832: ...interface GigabitEthernet1 0 0 1 control vid 11 dot1q termination dot1q termination vid 101 l2 binding vsi biz vsi1 interface GigabitEthernet1 0 1 port link type trunk port trunk allow pass vlan 10 100 interface GigabitEthernet1 0 1 1 control vid 1 dot1q termination dot1q termination vid 10 l2 binding vsi admin vsi1 interface GigabitEthernet1 0 2 port link type trunk port trunk allow pass vlan 10 ...

Page 833: ...on TO NPE2 ip address unnumbered interface LoopBack1 tunnel protocol mpls te destination 3 3 3 3 mpls te tunnel id 2 mpls te commit tunnel policy policy1 tunnel select seq cr lsp load balance number 1 return Quidway S7700 Smart Routing Switch Configuration Guide VPN 8 VPLS Convergence Configuration Issue 01 2011 07 15 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 818 ...

Reviews:

No comments

Related manuals for quidway s7700

Brand: Ubiquiti Pages: 3

Wireless Mini PCI Module

Brand: E-Tech Pages: 42

Brand: C-Data Pages: 26

Brand: Allnet Pages: 12

Brand: Telebyte Pages: 19

Brand: CyberTAN Pages: 67

Brand: THOMSON Pages: 212

Brand: StarTech.com Pages: 9

Brand: AirTies Pages: 28

Brand: QTech Pages: 406

Brand: Idis Pages: 16

Blue Gate ISDN BRI Brave

Brand: Alphatech Pages: 6

Brand: Doro Pages: 50

Brand: Netequalizer Pages: 14

Brand: Infoblox Pages: 44

Brand: Tripp Lite Pages: 3

Brand: Vivotek Pages: 185

The DSX Value Solution (Japanese) LDX154

Brand: ADC Pages: 4

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands