H3C S10500 Series, Mpls Configuration Manual

Page 1: ...H3C S5500 HI Switch Series MPLS Configuration Guide Hangzhou H3C Technologies Co Ltd http www h3c com Software version Release 5501 Document version 6W100 20140103 ...

Page 2: ...ine SecPath SecCenter SecBlade Comware ITCMM and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice Every effort has been made in the preparation of this document to ensure accuracy of the contents but all statement...

Page 3: ...HI documentation set Obtaining documentation Technical support Documentation feedback Audience This documentation is intended for Network planners Field technical support and servicing engineers Network administrators working with the S5500 HI series Added and modified features Compared to Release 5206 Release 5501 does not contain any changes to MPLS Conventions This section describes the convent...

Page 4: ...ames are inside angle brackets For example click OK Window names menu items data table and field names are inside square brackets For example pop up the New User window Multi level menus are separated by forward slashes For example File Create Folder Symbols Convention Description WARNING An alert that calls attention to important information that if not understood or followed can result in person...

Page 5: ...fan modules available for the products User manuals for power modules Describe the specifications installation and replacement of hot swappable power modules RPS Ordering Information for H3C Low End Ethernet Switches Helps you order RPSs for switches that can work with an RPS User manuals for RPSs Describe the specifications installation and replacement of RPSs User manuals for interface cards Des...

Page 6: ... hardware installation software upgrading and software feature configuration and maintenance documentation Products Solutions Provides information about products and technologies as well as solutions Technical Support Documents Software Download Provides the documentation released with the software version Technical support service h3c com http www h3c com Documentation feedback You can e mail you...

Page 7: ...routes to the PE 27 Using tunnels to advertise VPN routes 30 Configuring IPv6 MCE 37 Overview 37 Configuring an IPv6 MCE 37 Configuring VPN instances 37 Configuring routing on an IPv6 MCE 39 Configuration prerequisites 39 Configuring routing between IPv6 MCE and VPN site 39 Configuring routing between IPv6 MCE and PE 43 Resetting BGP connections 46 Displaying information about IPv6 MCE 46 IPv6 MCE...

Page 8: ...ing MPLS trap 80 Displaying and maintaining MPLS 80 Displaying MPLS operation 80 Displaying MPLS LDP operation 81 Clearing MPLS statistics 82 MPLS configuration examples 82 Configuring static LSPs 82 Configuring LDP to establish LSPs dynamically 85 Configuring BFD for LSPs 89 Configuring MPLS TE 91 Overview 91 Basic concepts of MPLS TE 92 MPLS TE implementation 92 CR LSP 93 RSVP TE 94 Traffic forw...

Page 9: ...ring FRR 119 Configuration prerequisites 119 Enabling FRR on the headend of a primary LSP 120 Configuring a bypass tunnel on its PLR 120 Configuring node protection 121 Configuring the FRR polling timer 121 Inspecting an MPLS TE tunnel 122 MPLS LSP ping 122 MPLS LSP tracert 122 Configuring BFD for an MPLS TE Tunnel 122 Configuring periodic LSP tracert for an MPLS TE tunnel 124 Configuring protecti...

Page 10: ...2VPN 199 Configuring a PE CE interface of a PE 199 Configuring Ethernet encapsulation 199 Configuring VLAN encapsulation 200 Configuring a remote CCC connection 200 Configuring SVC MPLS L2VPN 200 Configuring Martini MPLS L2VPN 201 Configuring the remote peer 202 Creating a Martini VC on a Layer 3 interface 202 Creating a Martini VC for a service instance 202 Inspecting VCs 204 Configuring Kompella...

Page 11: ...les 271 Configuring MPLS L3VPNs using EBGP between PE and CE 271 Configuring MPLS L3VPNs using IBGP between PE and CE 278 Configuring a hub spoke network 286 Configuring inter AS option A 294 Configuring inter AS option B 299 Configuring inter AS option C 304 Configuring carrier s carrier 310 Configuring nested VPN 317 Configuring HoVPN 327 Configuring OSPF sham links 333 Configuring BGP AS number...

Page 12: ...6 VPN option C 357 Resetting BGP connections 358 Displaying information about IPv6 MPLS L3VPN 359 IPv6 MPLS L3VPN configuration examples 360 Configuring IPv6 MPLS L3VPNs 360 Configuring inter AS IPv6 VPN option A 367 Configuring inter AS IPv6 VPN option C 372 Configuring carrier s carrier 379 Index 387 ...

Page 13: ...ise VPN routes and uses MPLS to forward VPN packets on service provider backbones MPLS L3VPN provides flexible networking modes excellent scalability and convenient support for MPLS QoS and MPLS TE The MPLS L3VPN model consists of the following types of devices Customer edge CE device A CE resides on a customer network and has one or more interfaces directly connected with service provider network...

Page 14: ...backbone the ingress PE functions as the ingress Label Switching Router LSR the egress PE functions as the egress LSR and P routers function as the transit LSRs MPLS L3VPN concepts Site Sites are often mentioned in the VPN A site has the following features A site is a group of IP systems with IP connectivity that does not rely on any service provider network to implement The classification of a si...

Page 15: ...rocess overlapping VPN routes If for example both VPN 1 and VPN 2 use addresses on the segment 10 1 10 10 0 24 and each advertise a route to the segment BGP selects only one of them which results in the loss of the other route PEs use MP BGP to advertise VPN routes and use VPN IPv4 address family to solve the problem with traditional BGP A VPN IPv4 address consists of 12 bytes The first eight byte...

Page 16: ...port target attribute of the VPN instance the PE adds the routes to the VPN routing table In other words route target attributes define which sites can receive VPN IPv4 routes and from which sites that a PE can receive routes Similar to RDs route target attributes can be of the following formats 16 bit AS number 32 bit user defined number For example 100 1 32 bit IPv4 address 16 bit user defined n...

Page 17: ...o the number of the interface receiving the information It then maintains the corresponding routing table accordingly You must also bind the interfaces to the VPNs on PE 1 in the same way as those on the MCE device The MCE device is connected to PE 1 through a trunk which permits packets of VLAN 2 and VLAN 3 with VLAN tags carried In this way PE 1 can determine the VPN a received packet belongs to...

Page 18: ...s and VPNs Figure 5 Network diagram for using MCE in a tunneling application 2 MCE devices in a tunneling application can exchange VPN routing information with their peer MCE devices or CE devices directly just as MCE devices in an MPLS L3VPN application do with the corresponding PEs For more information see Route exchange between an MCE and a PE GRE tunnels IPv4 over IPv4 tunnels and IPv4 over IP...

Page 19: ...omains you must enable the redistributed routes to carry the OSPF domain ID by configuring the domain id command in OSPF view The domain ID is added to BGP VPN routes as an extended community attribute In cases where a VPN has multiple MCE devices attached to it and when an MCE device advertises the routes learned from BGP within the VPN the routes may be learned by other MCE devices generating ro...

Page 20: ...n a PE you isolate not only VPN routes from public network routes but also routes of a VPN from those of another VPN This feature allows VPN instances to be used in networking scenarios besides MCE Creating a VPN Instance A VPN instance is associated with a site It is a collection of the VPN membership and routing rules of its associated site A VPN instance does not necessarily correspond to one V...

Page 21: ...mmand Remarks 1 Enter system view system view N A 2 Enter interface view interface interface type interface number N A 3 Associate the current interface with the VPN instance ip binding vpn instance vpn instance name By default no VPN instance is associated with the interface Configuring route related attributes of a VPN instance The control process of VPN route advertisement is as follows When a ...

Page 22: ...port route policy route policy Optional By default all VPN instance routes permitted by the export target attribute can be redistributed NOTE Only when BGP runs between the MCE and PE can the route target attribute be advertised to the PE together with the routing information In other cases configuring this attribute makes no sense You can configure route related attributes for IPv4 VPNs in both V...

Page 23: ...tance name gateway address preference preference value tag tag value description description text Use either command Perform this configuration on the MCE On a VPN site configure a normal static route 3 Configure the default precedence for static routes ip route static default preference default preference value Optional 60 by default Configuring RIP between MCE and VPN site A RIP process belongs ...

Page 24: ... process that is bound with a VPN instance does not use the public network router ID configured in system view Therefore you must configure a router ID when starting the OSPF process All OSPF processes for the same VPN must be configured with the same OSPF domain ID to ensure correct route advertisement For more information about OSPF see Layer 3 IP Routing Configuration Guide To configure OSPF be...

Page 25: ...A The MCE advertises the default route to the site 8 Create an OSPF area and enter OSPF area view area area id By default no OSPF area is created 9 Enable OSPF on the interface attached to the specified network in the area network ip address wildcard mask By default an interface neither belongs to any area nor runs OSPF Configuring IS IS between MCE and VPN site An IS IS process belongs to the pub...

Page 26: ... and redistribute the IGP routes of each VPN instance on the VPN sites If EBGP is used for route exchange you also can configure filtering policies to filter the received routes and the routes to be advertised 1 Configure the MCE Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Enter BGP VPN instance view ipv4 family vpn instance vpn instance name N A 4...

Page 27: ...rmal network For more information about BGP see Layer 3 IP Routing Configuration Guide 2 Configure a VPN site Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Configure the MCE as the EBGP peer peer group name ip address as number as number N A 4 Redistribute the IGP routes of the VPN import route protocol process id med med value route policy route pol...

Page 28: ...ned from the VPN site to other IBGP peers including VPNv4 peers Only when you configure the VPN site as a client of the RR the MCE does the MCE advertise routes learned from it to other IBGP peers 2 Configure a VPN site Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Configure the MCE as the IBGP peer peer group name ip address as number as number N A ...

Page 29: ...nce value Optional 60 by default Configuring RIP between MCE and PE Step Command Remarks 1 Enter system view system view N A 2 Create a RIP process for a VPN instance and enter RIP view rip process id vpn instance vpn instance name N A 3 Enable RIP on the interface attached to the specified network network network address By default RIP is disabled on an interface 4 Redistribute the VPN routes imp...

Page 30: ...mber of routes redistributed per time is 1000 the default tag is 1 and default type of redistributed routes is Type 2 8 Create an OSPF area and enter OSPF area view area area id By default no OSPF area is created 9 Enable OSPF on the interface attached to the specified network in the area network ip address wildcard mask By default an interface neither belongs to any area nor runs OSPF Configuring...

Page 31: ...ite import route protocol process id all processes med med value route policy route policy name By default no route redistribution is configured 6 Configure a filtering policy to filter the routes to be advertised filter policy acl number ip prefix ip prefix name export direct isis process id ospf process id rip process id static Optional By default BGP does not filter the routes to be advertised ...

Page 32: ...loops 9 Configure a filtering policy to filter the routes to be advertised filter policy acl number ip prefix ip prefix name export direct isis process id ospf process id rip process id static Optional By default BGP does not filter the routes to be advertised 10 Configure a filtering policy to filter the received routes filter policy acl number ip prefix ip prefix name import Optional By default ...

Page 33: ...play fib vpn instance vpn instance name ip address mask mask length begin exclude include regular expression Available in any view Display information about a specific peer group or all BGP VPNv4 peer groups display bgp vpnv4 vpn instance vpn instance name group group name begin exclude include regular expression Available in any view Display information about BGP VPNv4 routes injected into a spec...

Page 34: ... view Clear the route flap dampening information of a VPN instance reset bgp vpn instance vpn instance name dampening network address mask mask length Available in user view Clear route flap history information about a BGP peer of a VPN instance reset bgp vpn instance vpn instance name ip address flap info reset bgp vpn instance vpn instance name flap info ip address mask mask length as path acl a...

Page 35: ...E ip vpn instance vpn1 MCE vpn instance vpn1 route distinguisher 10 1 MCE vpn instance vpn1 vpn target 10 1 MCE vpn instance vpn1 quit MCE ip vpn instance vpn2 MCE vpn instance vpn2 route distinguisher 20 1 MCE vpn instance vpn2 vpn target 20 1 MCE vpn instance vpn2 quit Create VLAN 10 add port GigabitEthernet 1 0 1 to VLAN 10 and create VLAN interface 10 MCE vlan 10 MCE vlan10 port gigabitetherne...

Page 36: ...PN 1 directly and no routing protocol is enabled in VPN 1 Therefore you can configure static routes On VR 1 assign IP address 10 214 10 2 24 to the interface connected to MCE and 192 168 0 1 24 to the interface connected to VPN 1 Add ports to VLANs correctly Details not shown On VR 1 configure a default route with the next hop as 10 214 10 3 VR1 system view VR1 ip route static 0 0 0 0 0 0 0 0 10 2...

Page 37: ... 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 192 168 10 0 24 RIP 100 1 10 214 20 2 Vlan20 The output shows that the MCE has learned the private routes of VPN 2 The MCE maintains the routes of VPN 1 and those of VPN2 in two different routing tables In this way routes from different VPNs are separated 3 Configure routing between MCE and PE 1 The MCE uses port GigabitEthernet 1 0 3 to con...

Page 38: ...PE1 vlan40 quit PE1 interface vlan interface 40 PE1 Vlan interface40 ip binding vpn instance vpn2 PE1 Vlan interface40 ip address 40 1 1 2 24 PE1 Vlan interface40 quit Configure the IP address of the interface Loopback0 as 101 101 10 1 for the MCE and as 100 100 10 1 for PE 1 Specify the loopback interface address as the router ID for the MCE and PE 1 Details not shown Enable OSPF process 10 on th...

Page 39: ...he following output shows that PE 1 has learned the private route of VPN 2 through OSPF PE1 display ip routing table vpn instance vpn2 Routing Tables vpn2 Destinations 5 Routes 5 Destination Mask Proto Pre Cost NextHop Interface 40 1 1 0 24 Direct 0 0 40 1 1 2 Vlan40 40 1 1 2 32 Direct 0 0 127 0 0 1 InLoop0 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 192 168 ...

Page 40: ... shown Configure OSPF on the MCE and bind OSPF process 10 with VPN instance vpn1 to learn the routes of VPN 1 MCE system view MCE ospf router id 10 214 10 3 10 vpn instance vpn1 MCE ospf 10 area 0 MCE ospf 10 area 0 0 0 0 network 10 214 10 0 0 0 0 255 Display the routing table of VPN 1 on the MCE MCE ospf 10 area 0 0 0 0 display ip routing table vpn instance vpn1 Routing Tables vpn1 Destinations 5...

Page 41: ...k ports The configuration procedure is similar to that described in Using OSPF to advertise VPN routes to the PE Details not shown Start BGP process 100 on the MCE and enter the IPv4 address family view of VPN instance vpn1 MCE bgp 100 MCE bgp ipv4 family vpn instance vpn1 Specify PE 1 as the EBGP peer of the MCE and redistribute the routing information of OSPF process 10 The IP address of PE 1 s ...

Page 42: ...istributed the OSPF routes of the two VPN instances into the EBGP routing tables of PE 1 Using tunnels to advertise VPN routes Network requirements As shown in Figure 8 MCE 1 and MCE 2 communicate with each other through GRE tunnels and both are connected to sites of VPN 1 and VPN 2 The sites of VPN 1 use routing protocol OSPF and reside in the backbone area that is area 0 The two sites of VPN 2 u...

Page 43: ... VLAN 100 and VLAN 101 configure GigabitEthernet 1 0 15 as a trunk port and add it to the two VLANs MCE1 system view MCE1 vlan 100 to 101 MCE1 interface GigabitEthernet 1 0 15 MCE1 GigabitEthernet1 0 15 port link type trunk MCE1 GigabitEthernet1 0 15 port trunk permit vlan 100 101 MCE1 GigabitEthernet1 0 15 quit Create VLAN interfaces and configure IP addresses for them MCE1 interface vlan interfa...

Page 44: ...1 Configure an IP address for the Tunnel 1 interface MCE1 Tunnel1 ip address 10 1 2 1 255 255 255 0 Specify the tunnel protocol as GRE MCE1 Tunnel1 tunnel protocol gre Specify the source address of the tunnel MCE1 Tunnel1 source vlan interface 101 Specify the destination address of the tunnel MCE1 Tunnel1 destination 172 16 2 1 Reference loopback group 1 on the tunnel interface MCE1 Tunnel1 servic...

Page 45: ... loopback group 1 Reference loopback group 1 on the tunnel interface MCE2 GigabitEthernet1 0 3 quit MCE2 interface tunnel 0 MCE2 Tunnel0 service loopback group 1 MCE2 Tunnel0 quit Create the Tunnel1 interface MCE2 interface tunnel 1 Configure an IP address for the Tunnel 1 interface MCE2 Tunnel1 ip address 10 1 2 2 255 255 255 0 Specify the tunnel protocol as GRE MCE2 Tunnel1 tunnel protocol gre S...

Page 46: ...face 11 MCE1 Vlan interface11 ip binding vpn instance vpn2 MCE1 Vlan interface11 ip address 10 214 20 1 24 MCE1 Vlan interface11 quit MCE1 interface tunnel 1 MCE1 Tunnel1 ip binding vpn instance vpn2 MCE1 Tunnel1 ip address 10 1 2 1 24 MCE1 Tunnel1 quit 3 Configure VPN instances on MCE 2 Create VPN instance vpn1 for VPN 1 and configure the same RD as that configured on MCE 1 for the VPN instance M...

Page 47: ...igured at site 1 of VPN 1 area 0 in this example MCE1 ospf 1 vpn instance vpn1 router id 192 168 1 1 MCE1 ospf 1 vpn instance capability simple MCE1 ospf 1 area 0 MCE1 ospf 1 area 0 0 0 0 Advertise the addresses of interfaces VLAN interface 10 and Tunnel 0 on MCE 1 MCE1 ospf 1 area 0 0 0 0 network 10 214 10 1 0 0 0 255 MCE1 ospf 1 area 0 0 0 0 network 10 1 1 1 0 0 0 255 On MCE 2 configure OSPF pro...

Page 48: ...ibute routes learned by RIP process 1 to OSPF process 2 MCE1 ospf 2 MCE1 ospf 2 import route rip 1 On MCE 2 configure OSPF process 2 for VPN instance vpn2 and configure OSPF to support MCE Be sure to configure the same OSPF area as that configured at site 2 of VPN 2 area 0 in this example MCE2 ospf 2 vpn instance vpn2 router id 172 16 2 1 MCE2 ospf 2 vpn instance capability simple MCE2 ospf 2 area...

Page 49: ... configure a description for a VPN instance to record its related information such as its relationship with a certain VPN To create and configure a VPN instance Step Command Remarks 1 Enter system view system view N A 2 Create a VPN instance and enter VPN instance view ip vpn instance vpn instance name N A 3 Configure an RD for the VPN instance route distinguisher route distinguisher N A 4 Configu...

Page 50: ...TANT Create a routing policy before associating it with a VPN instance Otherwise the switch cannot filter the routes to be received and advertised To configure route related attributes for a VPN instance Step Command Remarks 1 Enter system view system view N A 2 Enter VPN instance view ip vpn instance vpn instance name N A 3 Enter IPv6 VPN view ipv6 family Optional 4 Configure route targets vpn ta...

Page 51: ... IPv6 MCE and a VPN site or a PE Configuration prerequisites Before you configure routing on an IPv6 MCE complete the following tasks On the IPv6 MCE configure VPN instances and bind the VPN instances with the interfaces connected to the VPN sites and those connected to the PE Configure the link layer and network layer protocols on related interfaces to ensure IP connectivity Configuring routing b...

Page 52: ... Layer 3 IP Routing Configuration Guide To configure RIPng between IPv6 MCE and VPN site Step Command Remarks 1 Enter system view system view N A 2 Create a RIPng process for a VPN instance and enter RIPng view ripng process id vpn instance vpn instance name Perform this configuration on the IPv6 MCE On a VPN site configure normal RIPng 3 Redistribute remote site routes advertised by the PE import...

Page 53: ...ated OSPFv3 processes at the same time Configuring IPv6 IS IS between IPv6 MCE and VPN site An IPv6 IS IS process belongs to the public network or a single IPv6 VPN instance If you create an IPv6 IS IS process without binding it to an IPv6 VPN instance the process belongs to the public network By configuring IPv6 IS IS process to IPv6 VPN instance bindings on an IPv6 MCE you allow routes of differ...

Page 54: ...e received routes and the routes to be advertised 1 Configure the IPv6 MCE Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Enter IPv6 BGP VPN instance view ipv6 family vpn instance vpn instance name N A 4 Specify an IPv6 BGP peer in an AS peer ipv6 address as number as number N A 5 Redistribute remote site routes advertised by the PE import route proto...

Page 55: ...m routing configurations Redistribute IPv6 VPN routes into the routing protocol running between the IPv6 MCE and the PE Configuring IPv6 static routing between IPv6 MCE and PE To configure IPv6 static routing between IPv6 MCE and PE Step Command Remarks 1 Enter system view system view N A 2 Configure an IPv6 static route for an IPv6 VPN instance ipv6 route static ipv6 address prefix length interfa...

Page 56: ...ew ospfv3 process id vpn instance vpn instance name N A 3 Set the router ID router id router id N A 4 Redistribute the VPN routes import route protocol process id allow ibgp cost value route policy route policy name type type By default no route of any other routing protocol is redistributed into OSPFv3 5 Configure a filtering policy to filter the redistributed routes filter policy acl6 number ipv...

Page 57: ...or the IS IS process on the interface isis ipv6 enable process id Disabled by default Configuring EBGP between IPv6 MCE and PE Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Enter IPv6 BGP VPN instance view ipv6 family vpn instance vpn instance name N A 4 Configure the PE as the EBGP peer peer ipv6 address as number as number N A 5 Redistribute the VP...

Page 58: ...ession Available in any view Display information about the IPv6 FIB of a VPN instance display ipv6 fib vpn instance vpn instance name acl6 acl6 number ipv6 prefix ipv6 prefix name begin exclude include regular expression Available in any view Display a VPN instance s FIB entries that match the specified destination IPv6 address display ipv6 fib vpn instance vpn instance name ipv6 address prefix le...

Page 59: ... names of the edge devices of VPN 1 and VPN 2 are VR1 and VR2 respectively and the system name of PE 1 is PE1 1 Configure the VPN instances on the MCE and PE 1 On the MCE configure VPN instances vpn1 and vpn2 and specify a RD and route targets for each VPN instance MCE system view MCE ip vpn instance vpn1 MCE vpn instance vpn1 route distinguisher 10 1 CE VPN 1 Site 2 CE VPN 2 Site 1 PE 1 PE 3 PE 2...

Page 60: ...ce20 ipv6 address 2002 1 1 64 MCE Vlan interface20 quit On PE 1 configure VPN instances vpn1 and vpn2 and specify an RD and route targets for each VPN instance PE1 system view PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 30 1 PE1 vpn instance vpn1 vpn target 10 1 PE1 vpn instance vpn1 quit PE1 ip vpn instance vpn2 PE1 vpn instance vpn2 route distinguisher 40 1 PE1 vpn instanc...

Page 61: ...20 quit VR2 interface vlan interface 20 VR2 Vlan interface20 ripng 20 enable VR2 Vlan interface20 quit VR2 interface vlan interface 21 VR2 Vlan interface21 ripng 20 enable VR2 Vlan interface21 quit On MCE display the routing tables of VPN instances vpn1 and vpn2 MCE display ipv6 routing table vpn instance vpn1 Routing Table vpn1 Destinations 5 Routes 5 Destination 1 128 Protocol Direct NextHop 1 P...

Page 62: ...packets of VLAN 30 and VLAN 40 to pass with VLAN tags MCE interface gigabitethernet 1 0 3 MCE GigabitEthernet1 0 3 port link type trunk MCE GigabitEthernet1 0 3 port trunk permit vlan 30 40 MCE GigabitEthernet1 0 3 quit On PE 1 configure the port connected to MCE as a trunk port and configure it to permit packets of VLAN 30 and VLAN 40 to pass with VLAN tags PE1 interface gigabitethernet 1 0 1 PE1...

Page 63: ... quit Configure the IP address of the interface Loopback0 as 101 101 10 1 for the MCE and as 100 100 10 1 for PE 1 Specify the loopback interface address as the router ID for the MCE and PE 1 Details not shown Enable OSPFv3 process 10 on the MCE bind the process to VPN instance vpn1 and redistribute the IPv6 static route of VPN 1 MCE ospfv3 10 vpn instance vpn1 MCE ospf 10 router id 101 101 10 1 M...

Page 64: ...and redistribute VPN 2 s routes from RIPng process 20 into the OSPFv3 routing table of the MCE The following output shows that PE 1 has learned the private route of VPN 2 through OSPFv3 PE1 display ipv6 routing table vpn instance vpn2 Routing Table vpn2 Destinations 5 Routes 5 Destination 1 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 40 64 Protocol Direct NextHo...

Page 65: ...us functions such as VPN traffic engineering and QoS Basic concepts FEC MPLS groups packets with the same characteristics such as packets with the same destination or service class into a class called a forwarding equivalence class FEC Packets of the same FEC are handled in the same way on an MPLS network The device supports classifying FECs according to the network layer destination addresses Lab...

Page 66: ... A label switched path LSP is the path along which packets of a FEC travel through an MPLS network An LSP is a unidirectional path from the ingress of an MPLS network to the egress On an LSP two neighboring LSRs are called the upstream LSR and downstream LSR respectively In Figure 13 LSR B is the downstream LSR of LSR A LSR A is the upstream LSR of LSR B Figure 13 Diagram of an LSP LFIB Labeled pa...

Page 67: ...guration To establish a static LSP you must assign a label to the FEC on each LSR along the packet forwarding path Establishment of static LSPs consumes fewer resources than dynamic LSP establishment However static LSPs cannot adapt to network topology changes Therefore static LSPs are suitable for small scale networks with simple stable topologies 2 Establishing an LSP through a label distributio...

Page 68: ...d downstream on demand DoD The label distribution control modes include independent and ordered Label management specifies the mode for processing a received label binding that is not useful at the moment The processing mode called label retention mode can be either liberal or conservative Figure 16 Label advertisement modes As shown in Figure 16 the label advertisement modes include the DU mode a...

Page 69: ...17 Independent label distribution control mode In ordered mode an LSR distributes its label binding for a FEC upstream only when it receives a label binding for the FEC from its downstream or it is the egress of the FEC In Figure 16 label distribution control is in ordered mode If the label advertisement mode is DU an LSR distributes a label upstream only when it receives a label binding for the F...

Page 70: ...orward labeled packets When an LSR receives a labeled packet it looks for the corresponding ILM entry If the Token value of the ILM entry is not null the LSR looks for the corresponding NHLFE entry to determine the label operation to be performed FTN and ILM are associated with NHLFE through Token MPLS data forwarding Figure 18 MPLS forwarding process diagram In an MPLS domain a packet is forwarde...

Page 71: ...ssigns an IPv4 explicit null label to a FEC and advertises the FEC label binding to the upstream LSR When forwarding an MPLS packet the upstream LSR replaces the label at the stack top with the explicit null label and then sends the packet to the egress When the egress receives the packet which carries a label of 0 it does not look up for the LFIB entry but pops the label stack directly and perfor...

Page 72: ... so that the LSR with the IP address can discover the LDP peer If two LSRs each have the same transport address the source IP address used to establish a TCP connection to the peer for the basic and extended discovery mechanisms the LSRs can establish both a link hello adjacency and a targeted hello adjacency with each other and the two adjacencies are associated with the same session This method ...

Page 73: ...epalive timer times out if two LDP peers have no information to exchange they can send Keepalive messages to each other to maintain the LDP session If an LSR does not receive any LDP PDU from its peer during a Keepalive interval it closes the TCP connection and terminates the LDP session Receiving a shutdown message from the peer An LSR can also send a Shutdown message to its LDP peer to terminate...

Page 74: ...ing Optional Configuring MPLS LSP tracert Optional Configuring BFD for LSPs Optional Configuring periodic LSP tracert Optional Enabling MPLS trap Optional NOTE These types of interfaces support MPLS capability Layer 3 Ethernet interface Layer 3 aggregate interface and VLAN interface Enabling the MPLS function Enable MPLS on all routers before you can configure other MPLS features Before you enable...

Page 75: ... LSR for the static LSP Enable MPLS on all these LSRs Make sure that the ingress LSR has a route to the FEC destination This is not required on the transit LSRs and egress LSR When you configure a static LSP follow these configuration guidelines The outgoing label of an upstream LSR is the incoming label of its downstream LSR When you configure a static LSP on the ingress LSR the next hop specifie...

Page 76: ...hrough LDP Configuring MPLS LDP capability To configure MPLS LDP capability Step Command Remarks 1 Enter system view system view N A 2 Enable LDP capability globally and enter MPLS LDP view mpls ldp Not enabled by default 3 Configure the LDP LSR ID lsr id lsr id Optional You need to perform this task only in a multi VPN context to make sure different LDP instances have different LDP LSR IDs if the...

Page 77: ...P sessions Configuring remote LDP session parameters LDP sessions established between remote LDP peers are remote LDP sessions Remote LDP sessions are mainly used in Martini MPLS L2VPN and Martini VPLS For more information about remote session applications see Configuring MPLS L2VPN and Configuring VPLS If a local adjacency exists between two peers no remote adjacency can be established between th...

Page 78: ...onal 45 seconds by default 7 Configure the LDP transport address mpls ldp transport address ip address Optional The default takes the value of the MPLS LSR ID The specified IP address must be the IP address of an interface on the device for setting up LDP sessions Configuring PHP Follow these guidelines when you configure PHP When specifying the type of label for an egress to distribute to a penul...

Page 79: ...Configuration Guide To configure the policy for triggering LSP establishment Step Command Remarks 1 Enter system view system view N A 2 Enter MPLS view mpls N A 3 Configure the LSP establishment triggering policy lsp trigger vpn instance vpn instance name all ip prefix prefix name Optional By default only host routes with 32 bit masks can trigger establishment of LSPs If the vpn instance vpn insta...

Page 80: ...p is present and terminates the establishment of the LSP 2 Path vector A label request message or label mapping message carries path information in the form of path vector list When such a message reaches an LSR the LSR examines the path vector list of the message for its MPLS LSR ID If its MPLS LSR ID is not in the list the LSR adds its LSR ID to the path vector list If it is in the list the LSR ...

Page 81: ...P MD5 authentication settings are the same To configure LDP MD5 authentication Step Command Remarks 1 Enter system view system view N A 2 Enter MPLS LDP view mpls ldp N A 3 Enable LDP MD5 authentication and set the password md5 password cipher plain peer lsr id password Disabled by default Configuring LDP label filtering The LDP label filtering feature provides two mechanisms label acceptance cont...

Page 82: ...d advertises to upstream device LSR C only label bindings with FEC destinations permitted by prefix list C Figure 20 Network diagram of label advertisement control Configuration prerequisites Before you configure LDP label filtering policies create an IP prefix list For information about IP prefix list configuration see Layer 3 IP Routing Configuration Guide Configuration procedure For two neighbo...

Page 83: ...iew system view N A 2 Enter MPLS LDP view mpls ldp N A 3 Configure a DSCP value for outgoing LDP packets dscp dscp value By default the DSCP value for outgoing LDP packets is 48 Maintaining LDP sessions This section describes how to detect communication failures between remote LDP peers and reset LDP sessions Configuring BFD for MPLS LDP Use BFD to help MPLS promptly detect a neighbor failure or l...

Page 84: ... pops a label it copies the TTL value of the label at the stack top back to the TTL field of the IP packet In this case the TTL value of a packet is decreased hop by hop when forwarded along the LSP Therefore the result of tracert will reflect the real path along which the packet has traveled Figure 21 Label TTL processing when IP TTL propagation is enabled With IP TTL propagation disabled When th...

Page 85: ...Optional Enabled for only public network packets by default Sending back ICMP TTL exceeded messages for MPLS TTL expired packets After you enable an LSR to send back ICMP TTL exceeded messages for MPLS TTL expired packets when the LSR receives an MPLS packet that carries a label with TTL being 1 it generates an ICMP TTL exceeded message and send the message to the packet sender in one of the follo...

Page 86: ...utes undo ttl expiration pop Optional Use either approach as required By default an ICMP TTL exceeded message is sent back along an IP route when the TTL of an MPLS packet with a one level label stack expires This configuration does not take effect when the MPLS packets carry multiple levels of labels ICMP TTL exceeded messages for such MPLS packets always travel along the LSPs Configuring LDP GR ...

Page 87: ...session fails to be re established the GR helper will delete the FEC label bindings marked stale 4 If the session is re established successfully during the LDP recovery time the GR helper and the GR restarter will use the new LDP session to exchange the label mapping information update the LFIB and delete the stale marks of the corresponding forwarding entries The LDP recovery time is the smaller ...

Page 88: ... task in user view Task Command Remarks Restart MPLS LDP gracefully graceful restart mpls ldp This command is only used to test MPLS LDP GR function It does not perform active standby switchover Do not perform this operation in other cases Setting MPLS statistics reading interval To use display commands to view LSP statistics you must first set the statistics reading interval To set MPLS statistic...

Page 89: ...PLS LSP connectivity Configuring MPLS LSP tracert MPLS LSP tracert is for locating LSP errors It consecutively sends the MPLS echo requests along the LSP to be inspected with the TTL increasing from 1 to a specific value Then each hop along the LSP will return an MPLS echo reply to the ingress due to TTL timeout So the ingress can collect information about each hop along the LSP so as to locate th...

Page 90: ...otiate the discriminator values and then the BFD session is established based on the negotiated discriminator values Such a BFD session is used for connectivity detection of an LSP from the local device to the remote device Configuration prerequisites The BFD session parameters configured on the loopback interface whose IP address is configured as the MPLS LSR ID are used and the BFD packets use t...

Page 91: ... LSP is deleted and a new BFD session is established according to the control plane Configuration prerequisites Enable sending ICMP TTL exceeded messages on the intermediate devices between the source device and the destination device Enable sending ICMP destination unreachable messages on the destination device To display MPLS information during the tracert operation enable support for ICMP exten...

Page 92: ...r all interfaces with MPLS enabled display mpls interface interface type interface number verbose begin exclude include regular expression Available in any view Display information about ILM entries display mpls ilm label verbose slot slot number include text begin exclude include regular expression Available in any view Display information about specified MPLS labels or all labels display mpls la...

Page 93: ...ame lsp name begin exclude include regular expression Available in any view Display MPLS statistics for one or all interfaces display mpls statistics interface interface type interface number all begin exclude include regular expression Available in any view Display statistics for all LSPs or the LSP with a specific incoming label display mpls statistics lsp in label in label begin exclude include...

Page 94: ...mask length begin exclude include regular expression Available in any view NOTE The vpn instance vpn instance name option is used to specify information about an LDP instance For information about LDP instances see Configuring MPLS L3VPN Clearing MPLS statistics Step Command Remarks 1 Clear MPLS statistics for one or all MPLS interfaces reset mpls statistics interface interface type interface numb...

Page 95: ...chA system view SwitchA ip route static 21 1 1 0 24 10 1 1 2 On Switch C configure a static route to network 11 1 1 0 24 SwitchC system view SwitchC ip route static 11 1 1 0 255 255 255 0 20 1 1 1 3 Enable MPLS on the switches Configure Switch A SwitchA mpls lsr id 1 1 1 9 SwitchA mpls SwitchA mpls quit SwitchA interface vlan interface 2 SwitchA Vlan interface2 mpls SwitchA Vlan interface2 quit Co...

Page 96: ... SwitchB static lsp transit CtoA incoming interface vlan interface 3 in label 40 nexthop 10 1 1 1 out label 70 Configure the LSP egress Switch A SwitchA static lsp egress CtoA incoming interface vlan interface 2 in label 70 6 Verify the configuration Execute the display mpls static lsp command on each switch to view the static LSP information Take Switch A as an example SwitchA display mpls static...

Page 97: ...LDP to establish LSPs between Switch A and Switch C so that subnets 1 1 1 1 0 24 and 21 1 1 0 24 can reach each other over MPLS Test the LSP connectivity Figure 25 Network diagram Configuration considerations Enable LDP on the LSRs LDP dynamically distributes labels and establishes LSPs and thus there is no need to manually configure labels for LSPs LDP uses routing information for label distribut...

Page 98: ...0 network 3 3 3 9 0 0 0 0 SwitchC ospf 1 area 0 0 0 0 network 20 1 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 0 network 21 1 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 0 quit SwitchC ospf 1 quit Execute the display ip routing table command on each switch You will see that each switch has learned the routes to other switches Take Switch A as an example SwitchA display ip routing table Routing Tables Publ...

Page 99: ...gure MPLS and MPLS LDP on Switch C SwitchC mpls lsr id 3 3 3 9 SwitchC mpls SwitchC mpls quit SwitchC mpls ldp SwitchC mpls ldp quit SwitchC interface vlan interface 3 SwitchC Vlan interface3 mpls SwitchC Vlan interface3 mpls ldp SwitchC Vlan interface3 quit After the configurations two local LDP sessions are established one between Switch A and Switch B and the other between Switch B and Switch C...

Page 100: ...an example SwitchA display mpls ldp lsp LDP LSP Information SN DestAddress Mask In OutLabel Next Hop In Out Interface 1 1 1 1 9 32 3 NULL 127 0 0 1 InLoop0 2 2 2 2 9 32 NULL 3 10 1 1 2 Vlan2 3 3 3 3 9 32 NULL 1024 10 1 1 2 Vlan2 4 11 1 1 0 24 3 NULL 0 0 0 0 Vlan4 5 20 1 1 0 24 NULL 3 10 1 1 2 Vlan2 6 21 1 1 0 24 NULL 1027 10 1 1 2 Vlan2 A before an LSP means the LSP is not established A before a L...

Page 101: ... for LSPs Network requirements As shown in Figure 25 use LDP to establish an LSP from 1 1 1 1 0 24 to 21 1 1 0 24 and an LSP from 21 1 1 0 24 to 1 1 1 1 0 24 Configure BFD for the LSPs to detect LSP failures Configuration procedure 1 Configure LDP sessions see Configuring LDP to establish LSPs dynamically 2 Enable BFD for LSPs Configure Switch A SwitchA system view SwitchA mpls lspv SwitchA mpls l...

Page 102: ... sessions SwitchA display bfd session verbose Total session number 2 Up session number 2 Init mode Active IPv4 session working under Ctrl mode Local Discr 129 Remote Discr 129 Source IP 1 1 1 9 Destination IP 127 0 0 1 Session State Up Interface LoopBack0 Min Trans Inter 400ms Act Trans Inter 400ms Min Recv Inter 400ms Act Detect Inter 2000ms Running Up for 00 15 52 Auth mode None Connect Type Ind...

Page 103: ...nnectivity they fail to present some dynamic factors such as bandwidth and traffic characteristics This IGP disadvantage can be repaired by using an overlay model such as IP over ATM or IP over FR An overlay model provides a virtual topology above the physical network topology for a more scalable network design It also provides better traffic and resources control support for implementing a variet...

Page 104: ...lishing paths and forwarding packets Advertising TE attributes MPLS TE must be aware of dynamic TE attributes of each link on the network which is achieved by extending link state based IGPs such as OSPF and IS IS OSPF and IS IS extensions add to link states such TE attributes as link bandwidth and color Each node collects the TE attributes of all links on all routers within the local area or at t...

Page 105: ...e defined Traffic characteristics Traffic is described in terms of peak rate committed rate and service granularity The peak and committed rates describe the bandwidth constraints of a path Preemption During establishment of a CR LSP if a path with sufficient resources cannot be found the CR LSP can be established by preempting the resources of a lower priority CR LSP This is called path preemptio...

Page 106: ...vice DiffServ Resource Reservation Protocol RSVP is designed for IntServ It reserves resources on each node along a path RSVP operates at the transport layer but does not participate in data transmission It is an Internet control protocol similar to ICMP The following are features of RSVP Unidirectional Receiver oriented The receiver initiates resource reservation requests and is responsible for m...

Page 107: ...It allows the new path to share the bandwidth of the original path at the Router C Router D link Upon creation of the new path traffic is switched to the new path and the previous path is torn down This helps avoid traffic interruption effectively RSVP TE messages RSVP TE uses RSVP messages with extensions The following are RSVP messages Path messages Transmitted along the path of data transmissio...

Page 108: ... message towards the ingress along the reverse direction of the path along which the Path message travels The LSRs that the Resv message traverses along the path reserve resources as required 3 When the ingress LSR receives the Resv message LSP is established Because resources are reserved on the LSRs along the path for the LSP established using RSVP TE services transmitted on the LSP are guarante...

Page 109: ...tion request does not pass admission control on some node you may want to store the resource reservation state for it while allowing other requests to use the resources reserved for the request In this case the node transits to the blockade state and a blockade state block BSB is created on each downstream node When the number of non refreshing times exceeds the blockade multiplier the blockade st...

Page 110: ...iguration Guide Policy routing You can also use policy routing to route traffic over an MPLS TE tunnel In this approach you need to create a policy that specifies the MPLS TE tunnel interface as the output interface for traffic that matches certain criteria defined in the referenced ACL This policy should be applied to the incoming interface For more information about policy based routing see Laye...

Page 111: ...t from FRR which provides quick but temporary per link or per node protection on an LSP In the same TE tunnel the LSP used to back up a primary LSP is called a secondary LSP When the ingress of a TE tunnel detects that the primary LSP is unavailable it switches traffic to the secondary LSP and after the primary LSP becomes available switches traffic back This is how LSP path protection is achieved...

Page 112: ...c is switched to the bypass LSP As shown in Figure 29 the primary LSP is Router A Router B Router C Router D and the bypass LSP is Router B Router F Router C Figure 29 FRR link protection Node protection where the PLR and the MP are connected through a device and the primary LSP traverses this device When the device fails traffic is switched to the bypass LSP As shown in Figure 30 the primary LSP ...

Page 113: ... uses the primary LSP to transfer data force forced switch Forces data to travel on the backup LSP manual manual switch Switches data from the primary LSP to the backup LSP or vice versa 2 Signal switching Signal Fail refers to a PS automatically triggered by a signal fail declaration For example a PS occurs when BFD detects that an MPLS TE tunnel fails The following shows the externally configure...

Page 114: ...long MPLS TE tunnels through automatic route advertisement Configuring traffic forwarding tuning parameters Optional Configuring CR LSP backup Optional Configuring FRR Optional Inspecting an MPLS TE tunnel Optional Configuring protection switching Optional Configuring basic MPLS TE This configuration task includes the basic configurations required for all MPLS TE features Before you configure the ...

Page 115: ...ation of tunnel constraints or the issue of IGP TE extension or CSPF Create a static CR LSP and a TE tunnel using static signaling and then associate them Despite its ease of configuration the application of MPLS TE tunnels over static CR LSPs is restricted because they cannot dynamically adapt to network changes Static CR LSPs are special static LSPs They share the same constraints and use the sa...

Page 116: ... the tunnel interface name is Tunnel2 Then the tunnel name in the static cr lsp ingress command must be in the form of Tunnel2 not tunnel2 or TUNNEL2 Otherwise the tunnel cannot be established on the ingress node This restriction however does not apply to transit or egress nodes Creating an MPLS TE tunnel with a dynamic signaling protocol Dynamic signaling protocol can adapt the path of a TE tunne...

Page 117: ...le CSPF on your device mpls te cspf Disabled by default Configuring OSPF TE Configure OSPF TE if the routing protocol is OSPF and a dynamic signaling protocol is used for MPLS TE tunnel setup The OSPF TE extension uses Opaque Type 10 LSAs to carry TE attributes of links Before configuring OSPF TE you must enable the opaque capability of OSPF In addition for TE LSAs to be generated at least one nei...

Page 118: ...se of these reasons when TE is configured set the MTU of each IS IS enabled interface to be equal to or greater than 512 bytes to guarantee that IS IS LSPs can be flooded on the network For more information about IS IS see Layer 3 IP Routing Configuration Guide To configure IS IS TE Step Command Remarks 1 Enter system view system view N A 2 Enter IS IS view isis process id N A 3 Configure the wide...

Page 119: ...verses 5 Modify the IP address of current node on the explicit path modify hop ip address1 ip address2 include loose strict exclude Optional By default the include keyword and the strict keyword apply The explicit path traverses the specified node and the next node is a strict node 6 Remove a node from the explicit path delete hop ip address Optional 7 Display information about the specified or al...

Page 120: ...er N A 8 Set the signaling protocol for setting up the MPLS TE tunnel to RSVP TE mpls te signal protocol rsvp te Optional RSVP TE applies by default 9 Submit current tunnel configuration mpls te commit N A Configuring RSVP TE advanced features RSVP TE adds new objects in Path and Resv messages to support CR LSP setup RSVP TE provides many configurable options with respect to reliability network re...

Page 121: ...h reservation state refresh interval of the node mpls rsvp te timer refresh timevalue Optional The default path reservation state refresh interval is 30 seconds 4 Configure the keep multiplier for PSB and RSB mpls rsvp te keep multiplier number Optional The default is 3 5 Configure the blockade timeout multiplier mpls rsvp te blockade multiplier number Optional The default blockade timeout multipl...

Page 122: ... mpls rsvp te hello Disabled by default 4 Configure the maximum number of consecutive hellos that must be lost before the link is considered failed mpls rsvp te hello lost times Optional By default the link is considered failed if three consecutive hellos are lost 5 Configure the hello interval mpls rsvp te timer hello timevalue Optional The default is 3 seconds 6 Exit to system view quit N A 7 En...

Page 123: ...link interface interface type interface number N A 3 Enable RSVP authentication mpls rsvp te authentication cipher plain auth key Disabled by default Do not configure both FRR and RSVP authentication on the same interface Configuring DSCP for outgoing RSVP packets Step Command Remarks 1 Enter system view system view N A 2 Enter MPLS view mpls N A 3 Configure a DSCP value for outgoing RSVP packets ...

Page 124: ...l protocol RSVP TE Before performing them be aware of each configuration objective and its impact on your system Configuring route pinning Route pinning cannot be used together with reoptimization To configure route pinning Step Command Remarks 1 Enter system view system view N A 2 Enter MPLS TE tunnel interface view interface tunnel tunnel number N A 3 Enable route pinning mpls te route pinning D...

Page 125: ...oup mpls te link administrative group value Optional The default is 0x00000000 4 Exit to system view quit N A 5 Enter MPLS TE tunnel interface view interface tunnel tunnel number N A 6 Configure the affinity attribute of the MPLS TE tunnel mpls te affinity property properties mask mask value Optional The default affinity attribute is 0x00000000 and the default mask is 0x00000000 7 Submit current t...

Page 126: ... to perform loop detection when setting up a tunnel mpls te loop detection Disabled by default 4 Submit current tunnel configuration mpls te commit N A Configuring route and label recording Step Command Remarks 1 Enter system view system view N A 2 Enter MPLS TE tunnel interface view interface tunnel tunnel number N A 3 Enable the system to record routes or label bindings when setting up the tunne...

Page 127: ...must be greater than the holding priority of the existing path To avoid flapping caused by improper preemptions between CR LSPs the setup priority of a CR LSP must not be set higher than its holding priority To assign priorities to a tunnel Step Command Remarks 1 Enter system view system view N A 2 Enter MPLS TE tunnel interface view interface tunnel tunnel number N A 3 Assign priorities to the tu...

Page 128: ...must be added to the metric before it can be used for path calculation Enable OSPF or IS IS on the tunnel interface of the MPLS TE tunnel before configuring automatic route advertisement To use automatic route advertisement you must specify the destination address of the TE tunnel as the LSR ID of the peer and advertise the tunnel interface address to IGPs such as OSPF and ISIS Configuring IGP sho...

Page 129: ...adjacency enable traffic adjustment advertise Disabled by default Configuring traffic forwarding tuning parameters In MPLS TE you can configure traffic forwarding tuning parameters such as the failed link timer and flooding thresholds to change paths that IP or MPLS traffic flows traverse or to define type of traffic that may travel down a TE tunnel You must use the configurations described in thi...

Page 130: ...ype command in MPLS TE tunnel interface view the metric type specified in MPLS view takes effect 7 Submit current tunnel configuration mpls te commit Optional 8 Return to system view quit N A 9 Enter interface view of MPLS TE link interface interface type interface number N A 10 Assign a TE metric to the link mpls te metric value Optional If no TE metric is assigned to the link IGP metric is used ...

Page 131: ...s tunnels to protect primary tunnels As bypass tunnels are pre established they require extra bandwidth and are usually used to protect crucial interfaces or links only You can define which type of LSP can use bypass LSPs and whether a bypass LSP provides bandwidth protection as well as the sum of protected bandwidth The bandwidth of a bypass LSP is to protect its primary LSPs To guarantee that a ...

Page 132: ...ther LSP at the same time When specifying a bypass tunnel for an interface ensure the following The bypass tunnel is up The protected interface is not the outgoing interface of the bypass tunnel Up to three bypass tunnels can be specified for a protected interface The best fit algorithm is used to determine which of them is used in case failure occurs Your device has a restriction on links that us...

Page 133: ...te hello Disabled by default 4 Return to system view quit N A 5 Enter the view of the interface directly connected to the protected node or PLR interface interface type interface number N A 6 Enable RSVP hello extension on the interface mpls rsvp te hello Disabled by default Configuring the FRR polling timer The protection provided by FRR is temporary Once a protected LSP becomes available again o...

Page 134: ... tracert MPLS LSP tracert can be used to locate errors of an MPLS TE tunnel It sends MPLS echo requests to the nodes along the MPLS TE tunnel to be inspected with the TTL increasing from 1 to a specific value Each node along the MPLS TE tunnel will return an MPLS echo reply to the ingress due to TTL timeout Thus the ingress can collect the information of each hop along the MPLS TE tunnel so as to ...

Page 135: ...then re establish it Configuration guidelines You cannot establish both a static BFD session and a dynamic BFD session for the same MPLS TE tunnel After establishing a static BFD session for an MPLS TE tunnel you cannot modify the discriminator values of the BFD session If you enable both FRR and BFD for an MPLS TE tunnel to make sure the BFD session is not down during an FRR switching you need to...

Page 136: ...LS TE tunnel once the periodical LSP tracert function detects a fault or inconsistency of the forwarding plane and control plane of the MPLS TE tunnel the BFD session for the tunnel will be deleted and a new BFD session will be established according to the control plane After you configure periodic LSP tracert and the mpls te failure action teardown command for an MPLS TE tunnel once an RSVP TE tu...

Page 137: ...re a protection tunnel for the primary tunnel mpls te protection tunnel tunnel id holdoff holdoff time mode non revertive revertive N A 4 Configure an external protection switching action mpls te protect switch clear force lock manual protect lsp work lsp Optional By default no switching action is configured 5 Commit the current configuration of the tunnel mpls te commit N A Displaying and maintai...

Page 138: ... include regular expression Available in any view Display information about RSVP TE RSB display mpls rsvp te rsb content ingress lsr id Ispid tunnel id egress lsr id nexthop address begin exclude include regular expression Available in any view Display information about RSVP sender messages display mpls rsvp te sender interface interface type interface number begin exclude include regular expressi...

Page 139: ...sion Available in any view Display the information of the specified or all OSPF processes about traffic tuning display ospf process id traffic adjustment begin exclude include regular expression Available in any view Display information about OSPF TE display ospf process id mpls te area area id self originated begin exclude include regular expression Available in any view Display the latest TE inf...

Page 140: ...n tunnels display mpls te protection tunnel tunnel id all verbose begin exclude include regular expression Available in any view Clear the statistics about RSVP TE reset mpls rsvp te statistics global interface interface type interface number Available in user view MPLS TE configuration examples MPLS TE using static CR LSP configuration example Network requirements Switch A Switch B and Switch C r...

Page 141: ...itchB Vlan interface2 quit SwitchB interface loopback 0 SwitchB LoopBack0 isis enable 1 SwitchB LoopBack0 quit Configure Switch C SwitchC system view SwitchC isis 1 SwitchC isis 1 network entity 00 0005 0000 0000 0003 00 SwitchC isis 1 quit SwitchC interface vlan interface 2 SwitchC Vlan interface2 isis enable 1 SwitchC Vlan interface2 quit SwitchC interface loopback 0 SwitchC LoopBack0 isis enabl...

Page 142: ...lan interface1 mpls te SwitchB Vlan interface1 quit SwitchB interface vlan interface 2 SwitchB Vlan interface2 mpls SwitchB Vlan interface2 mpls te SwitchB Vlan interface2 quit Configure Switch C SwitchC mpls lsr id 3 3 3 3 SwitchC mpls SwitchC mpls mpls te SwitchC mpls quit SwitchC interface vlan interface 2 SwitchC Vlan interface2 mpls SwitchC Vlan interface2 mpls te SwitchC Vlan interface2 quit...

Page 143: ...roup ID not set Tunnel source unknown destination 3 3 3 3 Tunnel protocol transport CR_LSP Output queue Urgent queuing Size Length Discards 0 100 0 Output queue Protocol queuing Size Length Discards 0 500 0 Output queue FIFO queuing Size Length Discards 0 75 0 Last 300 seconds input 0 bytes sec 0 packets sec Last 300 seconds output 0 bytes sec 0 packets sec 0 packets input 0 bytes 0 input error 0 ...

Page 144: ...E tunnel configured using a static CR LSP traffic is forwarded directly based on label at the transit nodes and egress node Therefore it is normal that the FEC field in the sample output is empty on Switch B and Switch C 7 Create a static route for routing MPLS TE tunnel traffic SwitchA ip route static 3 2 1 2 24 tunnel 0 preference 1 Execute the display ip routing table command on Switch A You ca...

Page 145: ...isis 1 network entity 00 0005 0000 0000 0001 00 SwitchA isis 1 quit SwitchA interface vlan interface 1 SwitchA Vlan interface1 isis enable 1 SwitchA Vlan interface1 isis circuit level level 2 SwitchA Vlan interface1 quit SwitchA interface loopback 0 SwitchA LoopBack0 isis enable 1 SwitchA LoopBack0 isis circuit level level 2 SwitchA LoopBack0 quit Configure Switch B SwitchB system view SwitchB isi...

Page 146: ...D SwitchD system view SwitchD isis 1 SwitchD isis 1 network entity 00 0005 0000 0000 0004 00 SwitchD isis 1 quit SwitchD interface vlan interface 3 SwitchD Vlan interface3 isis enable 1 SwitchD Vlan interface3 isis circuit level level 2 SwitchD Vlan interface3 quit SwitchD interface loopback 0 SwitchD LoopBack0 isis enable 1 SwitchD LoopBack0 isis circuit level level 2 SwitchD LoopBack0 quit Execu...

Page 147: ...SwitchB mpls mpls te SwitchB mpls mpls rsvp te SwitchB mpls mpls te cspf SwitchB mpls quit SwitchB interface vlan interface 1 SwitchB Vlan interface1 mpls SwitchB Vlan interface1 mpls te SwitchB Vlan interface1 mpls rsvp te SwitchB Vlan interface1 quit SwitchB interface vlan interface 2 SwitchB Vlan interface2 mpls SwitchB Vlan interface2 mpls te SwitchB Vlan interface2 mpls rsvp te SwitchB Vlan i...

Page 148: ... 2 SwitchA isis 1 quit Configure Switch B SwitchB isis 1 SwitchB isis 1 cost style wide SwitchB isis 1 traffic eng level 2 SwitchB isis 1 quit Configure Switch C SwitchC isis 1 SwitchC isis 1 cost style wide SwitchC isis 1 traffic eng level 2 SwitchC isis 1 quit Configure Switch D SwitchD isis 1 SwitchD isis 1 cost style wide SwitchD isis 1 traffic eng level 2 SwitchD isis 1 quit 5 Create an MPLS ...

Page 149: ...0 bytes sec 0 packets sec 0 packets input 0 bytes 0 input error 0 packets output 0 bytes 0 output error Execute the display mpls te tunnel interface command on Switch A to verify information about the MPLS TE tunnel SwitchA display mpls te tunnel interface Tunnel Name Tunnel1 Tunnel Desc Tunnel1 Interface Tunnel State Desc CR LSP is Up Tunnel Attributes LSP ID 1 1 1 9 3 Session ID 10 Admin State U...

Page 150: ... static route for routing MPLS TE tunnel traffic SwitchA ip route static 30 1 1 2 24 tunnel 1 preference 1 Execute the display ip routing table command on Switch A You can see a static route entry with interface Tunnel1 as the outgoing interface RSVP TE GR configuration example Network requirements Switch A Switch B and Switch C are running IS IS All of them are Level 2 devices and support RSVP he...

Page 151: ...llo SwitchB mpls interface vlan interface 1 SwitchB Vlan interface1 mpls SwitchB Vlan interface1 mpls te SwitchB Vlan interface1 mpls rsvp te SwitchB Vlan interface1 mpls rsvp te hello SwitchB Vlan interface1 quit SwitchB interface vlan interface 2 SwitchB Vlan interface2 mpls SwitchB Vlan interface2 mpls te SwitchB Vlan interface2 mpls rsvp te SwitchB Vlan interface2 mpls rsvp te hello SwitchB Vl...

Page 152: ...splay mpls rsvp te peer Interface Vlan interface1 Neighbor Addr 10 1 1 2 SrcInstance 880 NbrSrcInstance 5017 PSB Count 0 RSB Count 1 Hello Type Sent REQ Neighbor Hello Extension ENABLE SRefresh Enable NO Graceful Restart State Ready Restart Time 120 Sec Recovery Time 300 Sec MPLS RSVP TE and BFD cooperation configuration example Network requirements Switch A and Switch B are connected directly Ena...

Page 153: ...t SwitchB interface vlan interface 12 SwitchB Vlan interface12 mpls SwitchB Vlan interface12 mpls te SwitchB Vlan interface12 mpls rsvp te SwitchB Vlan interface12 mpls rsvp te bfd enable SwitchB Vlan interface12 quit 2 Configure OSPF Configure Switch A SwitchA ospf SwitchA ospf 1 area 0 SwitchA ospf 1 area 0 0 0 0 network 12 12 12 1 0 0 0 255 SwitchA ospf 1 area 0 0 0 0 network 1 1 1 1 0 0 0 0 Sw...

Page 154: ... mpls te commit SwitchA Tunnel1 return 5 Verify the configuration On Switch A display the detailed information about the BFD session between Switch A and Switch B SwitchA display bfd session verbose Total Session Num 1 Init Mode Active Session Working Under Ctrl Mode Local Discr 21 Remote Discr 20 Source IP 12 12 12 1 Destination IP 12 12 12 2 Session State Up Interface Vlan interface12 Min Trans ...

Page 155: ...node Details not shown Execute the display ip routing table command on each switch You can see that all nodes have learned the host routes of other nodes with LSR IDs as destinations 3 Configure basic MPLS TE and enable RSVP TE and CSPF Configure Switch A SwitchA system view SwitchA mpls lsr id 1 1 1 9 SwitchA mpls SwitchA mpls mpls te SwitchA mpls mpls rsvp te SwitchA mpls mpls te cspf SwitchA mp...

Page 156: ...NEL service loopback group ID not set Tunnel source unknown destination 3 3 3 9 Tunnel protocol transport CR_LSP Output queue Urgent queuing Size Length Discards 0 100 0 Output queue Protocol queuing Size Length Discards 0 500 0 Output queue FIFO queuing Size Length Discards 0 75 0 Last 300 seconds input 0 bytes sec 0 packets sec Last 300 seconds output 0 bytes sec 0 packets sec 0 packets input 0 ...

Page 157: ...tch D SwitchA tracert a 1 1 1 9 3 3 3 9 traceroute to 3 3 3 9 3 3 3 9 30 hops max 40 bytes packet 1 30 1 1 2 28 ms 27 ms 23 ms 2 40 1 1 2 50 ms 50 ms 49 ms Execute the display mpls te tunnel command on Switch A You can see that only the tunnel traversing Switch D is present SwitchA display mpls te tunnel LSP Id Destination In Out If Name 1 1 1 9 2054 3 3 3 9 Vlan4 Tunnel1 Configuring ordinary CR L...

Page 158: ...witch D Loop0 4 4 4 4 32 Vlan int5 3 3 1 2 24 Vlan int3 4 1 1 2 24 Configuration procedure 1 Assign IP addresses and masks to interfaces see Figure 36 Details not shown 2 Configure the IGP protocol Enable IS IS to advertise host routes with LSR IDs as destinations on each node Details not shown Execute the display ip routing table command on each switch You can see that all nodes have learned the ...

Page 159: ... interface1 mpls te SwitchA Vlan interface1 mpls rsvp te SwitchA Vlan interface1 quit Configure Switch B SwitchB mpls lsr id 2 2 2 2 SwitchB mpls SwitchB mpls mpls te SwitchB mpls mpls rsvp te SwitchB mpls mpls te cspf SwitchB mpls quit SwitchB interface vlan interface 1 SwitchB Vlan interface1 mpls SwitchB Vlan interface1 mpls te SwitchB Vlan interface1 mpls rsvp te SwitchB Vlan interface1 quit S...

Page 160: ...y interface tunnel Tunnel4 current state UP Line protocol current state UP Description Tunnel4 Interface The Maximum Transmit Unit is 64000 Internet Address is 10 1 1 1 24 Primary Encapsulation is TUNNEL service loopback group ID not set Tunnel source unknown destination 4 4 4 4 Tunnel protocol transport CR_LSP Output queue Urgent queuing Size Length Discards 0 100 0 Output queue Protocol queuing ...

Page 161: ...tatus 5 Configure a bypass tunnel on Switch B the PLR Create an explicit path for the bypass LSP SwitchB explicit path by path SwitchB explicit path by path next hop 3 2 1 2 SwitchB explicit path by path next hop 3 3 1 2 SwitchB explicit path by path next hop 3 3 3 3 SwitchB explicit path by path quit Create the bypass tunnel SwitchB interface tunnel 5 SwitchB Tunnel5 ip address 11 1 1 1 255 255 2...

Page 162: ...ls lsp LSP Information RSVP LSP FEC In Out Label In Out IF Vrf Name 4 4 4 4 32 3 NULL Vlan3 SwitchE display mpls lsp LSP Information RSVP LSP FEC In Out Label In Out IF Vrf Name 3 3 3 3 32 1024 3 Vlan4 Vlan5 Execute the display mpls te tunnel command on each switch You can see that two MPLS TE tunnels are traversing Switch B and Switch C SwitchA display mpls te tunnel LSP Id Destination In Out If ...

Page 163: ...t Label 1024 In Interface Vlan interface1 Out Interface Vlan interface2 LspIndex 4097 Tunnel ID 0x22001 LsrType Transit Bypass In Use Not Used BypassTunnel Tunnel Index Tunnel5 InnerLabel 1024 No 2 IngressLsrID 2 2 2 2 LocalLspID 1 Tunnel Interface Tunnel5 Fec 3 3 3 3 32 Nexthop 3 2 1 2 In Label NULL Out Label 1024 In Interface Out Interface Vlan interface4 LspIndex 4098 Tunnel ID 0x22002 LsrType ...

Page 164: ...ass Type CT0 Tunnel BW 0 kbps Reserved BW 0 kbps Setup Priority 7 Hold Priority 7 Affinity Prop Mask 0x0 0x0 Explicit Path Name pri path Tie Breaking Policy None Metric Type None Record Route Enabled Record Label Enabled FRR Flag Enabled BackUpBW Flag Not Supported BackUpBW Type BackUpBW Route Pinning Disabled Retry Limit 10 Retry Interval 10 sec Reopt Disabled Reopt Freq Back Up Type None Back Up...

Page 165: ...BW Max BW Current Collected BW Interfaces Protected VPN Bind Type NONE VPN Bind Value Car Policy Disabled Tunnel Group Primary Primary Tunnel Backup Tunnel Group Status Oam Status If you execute the display mpls te tunnel interface command immediately after an FRR protection switch you are likely to see two CR LSPs in up state are present This is normal because the make before break mechanism of F...

Page 166: ...5 UPDOWN Line protocol on the interface Vlan interface2 turns into UP state Execute the display interface tunnel 4 command on Switch A to identify the state of the primary LSP You can see that the tunnel interface is up About five seconds later execute the display mpls lsp verbose command on Switch B You can see that Tunnel5 is still bound with interface VLAN interface 2 and is unused 7 Create a s...

Page 167: ...n interface2 ip address 10 0 0 1 255 255 255 0 PE1 Vlan interface2 quit PE1 ospf PE1 ospf 1 area 0 PE1 ospf 1 area 0 0 0 0 network 10 0 0 0 0 0 0 255 PE1 ospf 1 area 0 0 0 0 network 2 2 2 2 0 0 0 0 PE1 ospf 1 area 0 0 0 0 quit PE1 ospf 1 quit Configure PE 2 PE2 system view PE2 interface loopback 0 PE2 LoopBack0 ip address 3 3 3 3 255 255 255 255 PE2 LoopBack0 quit PE2 interface vlan interface 2 PE...

Page 168: ...ing Tables Public Destinations 7 Routes 7 Destination Mask Proto Pre Cost NextHop Interface 2 2 2 2 32 Direct 0 0 127 0 0 1 InLoop0 3 3 3 3 32 OSPF 10 1563 10 0 0 2 Vlan2 10 0 0 0 24 Direct 0 0 10 0 0 1 Vlan2 10 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 10 0 0 2 32 Direct 0 0 10 0 0 2 Vlan2 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 2 Configure basic MPLS TE and...

Page 169: ...ination 3 3 3 3 PE1 Tunnel1 mpls te tunnel id 10 PE1 Tunnel1 mpls te signal protocol rsvp te PE1 Tunnel1 mpls te commit PE1 Tunnel1 quit Execute the display interface tunnel command on PE 1 You can see that the tunnel interface is up 5 Configure the VPN instance on each PE and bind it to the interface connected to the CE Configure on CE 1 CE1 system view CE1 interface vlan interface 1 CE1 Vlan int...

Page 170: ...display ip vpn instance instance name vpn1 VPN Instance Name and ID vpn1 1 Create time 2006 09 27 15 10 29 Up time 0 days 00 hours 03 minutes and 09 seconds Route Distinguisher 100 1 Export VPN Targets 100 1 Import VPN Targets 100 1 Tunnel Policy policy1 IPv6 Export VPN Targets 100 1 IPv6 Import VPN Targets 100 1 IPv6 Import Route Policy policy1 Interfaces Vlan interface1 Ping connected CEs on PEs...

Page 171: ...1 PE2 bgp vpn1 peer 192 168 2 2 as number 65002 PE2 bgp vpn1 import route direct PE2 bgp vpn1 quit PE2 bgp peer 2 2 2 2 as number 100 PE2 bgp peer 2 2 2 2 connect interface loopback 0 PE2 bgp ipv4 family vpnv4 PE2 bgp af vpnv4 peer 2 2 2 2 enable PE2 bgp af vpnv4 quit PE2 bgp quit Execute the display bgp peer command and the display bgp vpn instance peer command on PEs The output shows that the BG...

Page 172: ...253 time 38 ms Reply from 192 168 1 2 bytes 56 Sequence 2 ttl 253 time 61 ms Reply from 192 168 1 2 bytes 56 Sequence 3 ttl 253 time 74 ms Reply from 192 168 1 2 bytes 56 Sequence 4 ttl 253 time 36 ms Reply from 192 168 1 2 bytes 56 Sequence 5 ttl 253 time 35 ms 192 168 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 35 48 74 ms The output sho...

Page 173: ...ration POP LSP Information LDP LSP No 3 VrfIndex Fec 2 2 2 2 32 Nexthop 127 0 0 1 In Label 3 Out Label NULL In Interface Vlan interface2 Out Interface LspIndex 10241 Tunnel ID 0x0 LsrType Egress Outgoing Tunnel ID 0x0 Label Operation POP No 4 VrfIndex Fec 3 3 3 3 32 Nexthop 10 0 0 2 In Label NULL Out Label 3 In Interface Out Interface Vlan interface2 LspIndex 10242 Tunnel ID 0x22000 LsrType Ingres...

Page 174: ... 0 Output queue FIFO queuing Size Length Discards 0 75 0 Last 300 seconds input 5 bytes sec 0 packets sec Last 300 seconds output 5 bytes sec 0 packets sec 34 packets input 2856 bytes 0 input error 34 packets output 2856 bytes 0 output error Troubleshooting MPLS TE Symptom OSPF TE is configured but no TE LSAs can be generated to describe MPLS TE attributes Analysis For TE LSAs to be generated at l...

Page 175: ...the edge of a VPLS network core domain and provides transparent VPLS transport services between core networks VSI Virtual switch instances hereinafter referred to as VPLS instances maps actual access links to virtual links PW A pseudo wire is a bidirectional virtual connection between VSIs A PW consists of two unidirectional MPLS virtual circuits VCs with opposite directions Service instance A ser...

Page 176: ...a GRE tunnel To create a PW follow these steps 1 Establish an MPLS tunnel or a GRE tunnel between the local and peer PEs 2 Identify the address of the peer PE For PEs in the same VSI you can manually specify the peer PE address or you can use a signaling protocol such as BGP to automatically discover the peer PE 3 On each PE assign a multiplex distinguishing flag VC label for the PW and advertise ...

Page 177: ...im Dynamic address learning must support refreshing and relearning The VPLS draft defines a dynamic address learning method that uses the address reclaim message which carries MAC TLV Upon receiving such a message a device removes MAC addresses or relearns them according to the specified parameters in the TLV If NULL is specified the device removes all MAC addresses of the VSI except for those lea...

Page 178: ...CE to a PE or sent by a PE to a CE includes a VLAN tag that is added in the header as a service delimiter for the service provider network to identify the user The tag is called a P Tag Ethernet access The Ethernet header of a packet upstream from the CE or downstream from the PE does not contain any service delimiter If a header contains a VLAN tag it is the internal VLAN tag of the user and mean...

Page 179: ... 1 It does not establish virtual links with any other peers Data forwarding in H VPLS with LSP access is as follows 1 Upon receiving a packet from a CE UPE tags the packet with the MPLS label for the U PW namely the multiplex distinguishing flag and then sends the packet to NPE 1 2 When receiving the packet NPE 1 determines which VSI the packet belongs to by the label and based on the destination ...

Page 180: ...labels the packet with the VLAN tag Then it forwards the packet through the QinQ tunnel to MTU which in turn forwards the packet to the CE For packets to be exchanged between CE 1 and CE 2 MTU can forward them directly without PE 1 because it holds the bridging function by itself For the first data packet with an unknown destination MAC address or a broadcast packet MTU broadcasts the packet to CE...

Page 181: ...S L2VPN Enable L2VPN and MPLS L2VPN before you perform VPLS related configurations To enable L2VPN and MPLS L2VPN Step Command 1 Enter system view system view 2 Enable L2VPN and enter L2VPN view l2vpn 3 Enable MPLS L2VPN mpls l2vpn For more information about the l2vpn command and the mpls l2vpn command see MPLS Command Reference Configuring LDP VPLS Before you configure LDP VPLS complete the follo...

Page 182: ...nnect to all NPEs PW class to be referenced A PW class defines the PW transport mode and tunneling policy for the PW To configure an LDP VPLS instance Step Command Remarks 1 Enter system view system view N A 2 Create a PW class and enter its view pw class pw class name Optional By default no PW class is created 3 Configure the PW transport mode trans mode ethernet vlan Optional VLAN by default 4 S...

Page 183: ...Routing Configuration Guide To configure BGP extension Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Enter BGP VPLS address family view vpls family For more configurations in BGP VPLS address family view see Configuring MPLS L3VPN 4 Activate a peer peer peer address enable No peer is activated by default Configuring a BGP VPLS instance To create a BG...

Page 184: ... packets received on the port packets carrying the specified VLAN tags all tagged packets and all packets with no VLAN tags providing a more flexible VPLS instance access control Use this method when users connected to a VLAN interface belong to different VPNs For more information about service instances see Layer 2 LAN Switching Configuration Guide To bind a service instance with a VPLS instance ...

Page 185: ...ncoming port if the timeout timer of that existing MAC address entry does not expire You can disable MAC address move to block illegal users that use spoofed MAC addresses To enable MAC address move Step Command Remarks 1 Enter system view system view N A 2 Enter VSI view vsi vsi name N A 3 Enable MAC address move mac move enable Optional Enabled by default Configuring VPLS instance attributes Ste...

Page 186: ...cal PE determines whether the PW is valid and reachable according to the replies received from the peer PE To test the connectivity of a PW Task Command Remarks Use MPLS LSP ping to test the connectivity of a PW ping lsp a source ip c count exp exp value h ttl value m wait time r reply mode s packet size t time out v pw ip address pw id pw id Available in any view MPLS LSP ping can be used to insp...

Page 187: ...vice instance instance id begin exclude include regular expression Available in any view Display information about one or all VPLS instances display vsi vsi name verbose begin exclude include regular expression Available in any view Display information about remote VPLS connections display vsi remote bgp ldp begin exclude include regular expression Available in any view Display information about o...

Page 188: ...lobally PE1 mpls lsr id 1 1 1 9 PE1 mpls PE1 mpls quit Enable L2VPN and MPLS L2VPN PE1 l2vpn PE1 l2vpn mpls l2vpn PE1 l2vpn quit Enable LDP globally PE1 mpls ldp PE1 mpls ldp quit Configure PE 1 to establish an LDP remote session with PE 2 PE1 mpls ldp remote peer 1 PE1 mpls ldp remote 1 remote ip 3 3 3 9 PE1 mpls ldp remote 1 quit Configure the interface connected to the P device and enable LDP o...

Page 189: ...e distinguisher 100 1 PE1 vsi bbb bgp vpn target 111 1 PE1 vsi bbb bgp site 10 PE1 vsi bbb bgp quit PE1 vsi bbb quit On the interface connecting CE 1 create service instance 1000 and bind it with VPLS instance aaa and create service instance 2000 and bind it with VPLS instance bbb PE1 interface gigabitethernet 1 0 1 PE1 GigabitEthernet1 0 1 service instance 1000 PE1 GigabitEthernet1 0 1 srv1000 en...

Page 190: ...ace3 quit Configure OSPF P ospf P ospf 1 area 0 P ospf 1 area 0 0 0 0 network 23 1 1 2 0 0 0 255 P ospf 1 area 0 0 0 0 network 26 2 2 2 0 0 0 255 P ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 P ospf 1 area 0 0 0 0 quit 3 Configure PE 2 Sysname system view Sysname sysname PE2 PE2 interface loopback 0 PE2 LoopBack0 ip address 3 3 3 9 32 PE2 LoopBack0 quit Configure the LSR ID and enable MPLS globall...

Page 191: ...pwsignal ldp PE2 vsi aaa ldp vsi id 500 PE2 vsi aaa ldp peer 1 1 1 9 PE2 vsi aaa ldp quit PE2 vsi aaa quit Configure VPLS instance bbb that uses BGP signaling PE2 vsi bbb auto PE2 vsi bbb pwsignal bgp PE2 vsi bbb bgp route distinguisher 100 1 PE2 vsi bbb bgp vpn target 111 1 PE2 vsi bbb bgp site 20 PE2 vsi bbb bgp quit PE2 vsi bbb quit On the interface connecting CE 2 create service instance 1000 ...

Page 192: ...abel 89766 Remote VC Label 81922 Link ID 1 Tunnel Policy Tunnel ID 0x4600068 Configuring PW redundancy for H VPLS access Network requirements As shown in Figure 44 CE 1 and CE 2 are connected to UPE through VLANs UPE establishes a PW connection U PW with NPE 1 and NPE 2 with the NPE 2 link as the backup NPE 1 and NPE 2 each establish a PW connection N PW with NPE 3 Create a VPLS instance and confi...

Page 193: ... 1 255 255 255 0 UPE Vlan interface13 mpls UPE Vlan interface13 mpls ldp UPE Vlan interface13 quit Configure the remote LDP peer NPE 1 UPE mpls ldp remote peer 1 UPE mpls remote 1 remote ip 2 2 2 2 UPE mpls remote 1 quit Configure the remote LDP peer NPE 2 UPE mpls ldp remote peer 2 UPE mpls remote 1 remote ip 3 3 3 3 UPE mpls remote 1 quit Enable L2VPN and MPLS L2VPN UPE l2vpn UPE l2vpn mpls l2vp...

Page 194: ...it Configure an IP address for the interface connected to UPE and enable MPLS and MPLS LDP NPE1 interface vlan interface 12 NPE1 Vlan interface12 ip address 12 1 1 2 24 NPE1 Vlan interface12 mpls NPE1 Vlan interface12 mpls ldp NPE1 Vlan interface12 quit Configure an IP address for the interface connected to NPE 3 and enable MPLS and MPLS LDP NPE1 interface vlan interface 15 NPE1 Vlan interface15 i...

Page 195: ...ace 15 NPE3 Vlan interface15 ip address 15 1 1 2 24 NPE3 Vlan interface15 mpls NPE3 Vlan interface15 mpls ldp NPE3 Vlan interface15 quit Configure an IP address for the interface connected to NPE 2 and enable MPLS and MPLS LDP NPE3 interface vlan interface 16 NPE3 Vlan interface16 ip address 16 1 1 2 255 255 255 0 NPE3 Vlan interface16 mpls NPE3 Vlan interface16 mpls ldp NPE3 Vlan interface16 quit...

Page 196: ...shows that a PW connection in up state has been established Configuring BFD for the primary link in an H VPLS network Network requirements In the H VPLS network Switch A is the UPE Switch B is the primary NPE and Switch C is the backup NPE Enable MPLS on the connecting interfaces of the switches Enable OSPF on the switches to ensure IP connectivity Configure BFD for the link between Switch A and S...

Page 197: ...s ldp SwitchA Vlan interface12 quit SwitchA interface vlan interface 13 SwitchA Vlan interface13 mpls SwitchA Vlan interface13 mpls ldp SwitchA Vlan interface13 quit Configure Switch B SwitchB system view SwitchB mpls lsr id 2 2 2 9 SwitchB mpls SwitchB mpls quit SwitchB mpls ldp SwitchB mpls ldp quit SwitchB mpls ldp remote peer switcha SwitchB mpls ldp remote switcha remote ip 1 1 1 9 SwitchB mp...

Page 198: ... SwitchA interface loopback 0 SwitchA LoopBack0 ip address 1 1 1 9 32 SwitchA LoopBack0 quit Configure Switch B SwitchB interface vlan interface 12 SwitchB Vlan interface12 ip address 12 1 1 2 24 SwitchB Vlan interface12 quit SwitchB interface loopback 0 SwitchB LoopBack0 ip address 2 2 2 9 32 SwitchB LoopBack0 quit Configure Switch C SwitchC interface vlan interface 13 SwitchC Vlan interface13 ip...

Page 199: ...itchA vsi vpna ldp vsi id 100 SwitchA vsi vpna ldp peer 2 2 2 9 backup peer 3 3 3 9 SwitchA vsi vpna ldp quit SwitchA vsi vpna quit SwitchA vlan 100 SwitchA vlan100 port gigabitethernet 1 0 1 SwitchA vlan100 quit SwitchA interface vlan interface 100 SwitchA Vlan interface100 l2 binding vsi vpna SwitchA Vlan interface100 return Configure Switch B SwitchB l2vpn SwitchB l2vpn mpls l2vpn SwitchB l2vpn...

Page 200: ...scr 0 Source IP 1 1 1 9 Destination IP 3 3 3 9 Session State Up Interface LoopBack0 Min Trans Inter 400ms Act Trans Inter 1000ms Min Recv Inter 400ms Act Detect Inter 3000ms Running Up for 00 00 01 Auth mode None Connect Type Indirect Board Num 6 Protocol MFW LDP Diag Info No Diagnostic Execute the display vpls connection vsi vpna command on Switch A SwitchA display vpls connection vsi vpna Total ...

Page 201: ...esponding VPLS instance or the private network interface is not up Solution Check the routing tables of the PEs to see whether a route is available between the two PEs Check whether each device can ping the loopback interface of the peer and whether the LDP session is normal Check whether any extended session configuration command is missing at either side View the private interface status by usin...

Page 202: ...formation of users This greatly reduces the load of provider edge PE devices and even the load of the whole service provider network enabling carriers to support more VPNs and to service more users Guaranteed reliability and VPN routing security MPLS L2VPN neither tries to obtain nor processes the routing information of users guaranteeing the security of user VPN routing information Support for mu...

Page 203: ...tworks to the same PE The customer networks exchange packets with each other through the PE The PE functions like a Layer 2 switch Figure 47 Local connection NOTE The switch does not support the local connection architecture Remote connection operation Remote connection establishment To set up a remote MPLS L2VPN connection between two CEs over a backbone network 1 Set up a public tunnel to forwar...

Page 204: ...ding the PE forwards packets received from the AC to the bound VC and forwards packets received from the bound VC to the AC Packet forwarding process MPLS L2VPN implements transparent transmission of Layer 2 user packets over an MPLS or IP backbone by encapsulating user packets with a VC label and a tunnel tag The tunnel tag is used to transfer packets from one PE to another If the public tunnel i...

Page 205: ...wo LSPs to Interface A on PE 1 and to Interface B on PE 2 A CCC connection is successfully established The following describes how a packet is forwarded from CE 1 to CE 2 1 After PE 1 receives a packet from CE 1 on Interface A it adds label 300 corresponding to the static LSP from PE 1 to PE 2 into the packet 2 After the P device receives the packet it looks up the label forwarding table and swaps...

Page 206: ...VPN It allows CEs in the same VPN to establish a connection CEs in different VPNs cannot establish a connection Kompella MPLS L2VPN has the following basic concepts CE ID Kompella numbers CEs inside a VPN A CE ID uniquely identifies a CE in a VPN CEs in different VPNs can have the same CE ID Route distinguisher To distinguish CEs with the same CE ID in different VPNs Kompella adds an RD before a C...

Page 207: ...signed label blocks For example if the LR and LO of the first label block is 10 and 0 the LO of the second label block is 10 If the LR of the second label block is 20 the LO of the third label block is 30 The following describes a label block in the format of LB LO LR For example a label block whose LB LO and LR are 1000 10 and 5 is represented as 1000 10 5 With label blocks you can reserve some l...

Page 208: ...ds VC label 3001 Figure 52 Label distribution in Kompella mode As shown in Figure 52 CE 1 and CE 2 belong to VPN 1 CE 3 and CE 4 belong to VPN 2 Configure route targets for the two VPNs to make sure CEs in the same VPN can set up a VC and CEs in different VPNs cannot A VC is set up as follows take the VC between CE 1 and CE 2 as an example 1 PE 1 sends the RD CE ID route target export target confi...

Page 209: ...age Cannot automatically adapt to network changes Supports only remote connections Small scale network with a simple topology Martini VC label encapsulation two levels of labels VC label distribution LDP Advantages On a carrier network only PEs need to save a few VC label to LSP mappings The P devices do not need to save any Layer 2 VPN information To add a new VC you only need to configure the PE...

Page 210: ...capsulates the packet If the peer PE requires the ingress to rewrite the P tag For a packet from a CE to a PE if the packet contains a P tag the PE changes the P Tag to the VLAN tag the tag may be a null tag expected by the peer PE and then encapsulates the packet If the packet contains no P tag the PE adds a VLAN tag expected by the peer PE the tag value may be 0 and then encapsulates the packet ...

Page 211: ...PLS L2VPN mpls l2vpn Disabled by default Configuring a PE CE interface of a PE A PE CE interface of a PE refers to a PE s interface connected to a CE As shown in Table 2 a PE CE interface of a PE can use various types of encapsulations Table 2 Encapsulation types on a PE CE interface of a PE Encapsulation type Configuration Ethernet Configuring Ethernet encapsulation VLAN Configuring VLAN encapsul...

Page 212: ...ow these guidelines to configure a remote CCC connection The label range for CCC is 16 to 1023 which is the label range for static LSPs In CCC mode if the PE CE interface of a PE is a VLAN interface all packets sent from the PE to the CE carry a VLAN tag You must configure the PE CE interface of the CE to permit the packets that carry that VLAN tag To configure a PE Step Command Remarks 1 Enter sy...

Page 213: ...nfigured on the peer PE Configuring Martini MPLS L2VPN To configure Martini MPLS L2VPN complete the following tasks 1 Configure the remote peer In Martini MPLS L2VPN implementation VC labels must be exchanged between PEs Because two PEs may not be connected to each other directly you must establish a remote session between the two PEs so that VC FECs and VC labels can be transferred through the se...

Page 214: ... VC on a Layer 3 interface of a PE Step Command 1 Enter system view system view 2 Enter the view of the interface connecting the CE interface interface type interface number 3 Create a Martini VC mpls l2vc destination vcid ethernet vlan tunnel policy tunnel policy name Creating a Martini VC for a service instance To complete this task perform the following configurations on a PE Create a service i...

Page 215: ... service instance and enter service instance view service instance instance id By default no service instance is created 8 Configure a packet matching rule for the service instance encapsulation s vid vlan id vlan list only tagged port based tagged untagged By default no packet matching rule is configured for the service instance 9 Create a Martini VC for the service instance xconnect peer peer ip...

Page 216: ...2VPN To configure a Kompella MPLS L2VPN perform the following configurations on PEs Configure BGP L2VPN capability Not needed for a local connection Create and configure MPLS L2VPN Create a CE connection Configuring BGP L2VPN capability Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Establish the peer relationship with the peer PE peer group name ip a...

Page 217: ...can configure a CE range greater than what is required based on your estimate of the future VPN expansion This can reduce the configuration modification required when CEs are added into the VPN in future default offset default offset Specifies the initial CE ID 0 or 1 0 indicates CEs in the VPN are numbered from 0 1 indicates CEs in the VPN are numbered from 1 This parameter and the CE range toget...

Page 218: ... an ID of previous connection CE ID 2 When you plan a VPN H3C recommends that you set CE IDs in incremental sequence and then configure connections in the sequence of the CE IDs in which case you can omit the ce offset keyword use the default setting for most of the connections To modify the CE range by re executing the ce command you can only change the CE range to a bigger value than that of the...

Page 219: ...ssions perform the following task in user view Task Command Reset L2VPN BGP sessions reset bgp l2vpn as number ip address all external internal Displaying and maintaining MPLS L2VPN Task Command Remarks Display information about CCC connections display ccc ccc name ccc name type local remote begin exclude include regular expression Available in any view Display information about specified L2VPN VC...

Page 220: ...e MPLS L2VPN AC information display mpls l2vpn fib ac vpws interface interface type interface number service instance service instanceid slot slot number begin exclude include regular expression Available in any view Display the MPLS L2VPN PW information display mpls l2vpn fib pw vpws interface interface type interface number service instance service instanceid slot slot number verbose begin exclu...

Page 221: ...on the P device for packets to be transferred in both directions Configuration procedure 1 Configure CE 1 Configure an IP address for the interface connected to PE 1 Sysname system view Sysname sysname CE1 CE1 interface vlan interface 10 CE1 Vlan interface10 ip address 100 1 1 1 24 2 Configure PE 1 Configure the LSR ID and enable MPLS globally Sysname system view Sysname sysname PE1 PE1 interface ...

Page 222: ...vlan interface 30 P Vlan interface30 ip address 10 1 1 2 24 P Vlan interface30 mpls P Vlan interface30 quit Configure interface VLAN interface 20 and enable MPLS P interface vlan interface 20 P Vlan interface20 ip address 10 2 2 2 24 P Vlan interface20 mpls P Vlan interface20 quit Create a static LSP for forwarding packets from PE 1 to PE 2 P static lsp transit pe1_pe2 incoming interface vlan inte...

Page 223: ...ce vlan interface 10 CE2 Vlan interface10 ip address 100 1 1 2 24 6 Verify your configuration Display CCC connection information on PE 1 The output shows that a remote CCC connection has been established PE1 display ccc Total ccc vc 1 Local ccc vc 0 0 up Remote ccc vc 1 1 up Name ce1 ce2 Type remote State up Intf Vlan interface10 up In label 100 Out label 200 Nexthop 10 1 1 2 Ping CE 2 from CE 1 T...

Page 224: ...uired 1 Configure basic MPLS settings on the PEs and P device Configure the LSR ID enable MPLS and LDP and run IGP OSPF in this example between PE 1 the P device and PE 2 to establish LSPs 2 Configure SVC MPLS L2VPN Enable MPLS L2VPN on PE 1 and PE 2 and create a static VC and specify the VC labels Configuration procedure 1 Configure CE 1 Configure an IP address for the interface connected to PE 1...

Page 225: ...55 PE1 ospf 1 area 0 0 0 0 network 192 2 2 2 0 0 0 0 PE1 ospf 1 area 0 0 0 0 quit PE1 ospf 1 quit Create a static VC on the interface connected to CE 1 The interface requires no IP address PE1 interface vlan interface 10 PE1 Vlan interface10 mpls static l2vc destination 192 3 3 3 transmit vpn label 100 receive vpn label 200 PE1 Vlan interface10 quit 3 Configure the P device Configure the LSR ID an...

Page 226: ... and enable MPLS globally Sysname system view Sysname sysname PE2 PE2 interface loopback 0 PE2 LoopBack0 ip address 192 3 3 3 32 PE2 LoopBack0 quit PE2 mpls lsr id 192 3 3 3 PE2 mpls PE2 mpls quit Enable L2VPN and MPLS L2VPN PE2 l2vpn PE2 l2vpn mpls l2vpn PE2 l2vpn quit Enable LDP globally PE2 mpls ldp PE2 mpls ldp quit Configure the interface connected with the P device and enable LDP on the inte...

Page 227: ...ut shows that a VC has been established PE2 display mpls static l2vc Total connections 1 1 up 0 down ce intf state destination tr label rcv label tnl policy Vlan20 up 192 2 2 2 200 100 Ping CE 2 from CE 1 The output shows that CE 1 and CE 2 can ping each other CE1 ping 100 1 1 2 PING 100 1 1 2 56 data bytes press CTRL_C to break Reply from 100 1 1 2 bytes 56 Sequence 1 ttl 255 time 150 ms Reply fr...

Page 228: ...terface 10 CE1 Vlan interface10 ip address 100 1 1 1 24 2 Configure PE 1 Configure the LSR ID and enable MPLS globally Sysname system view Sysname sysname PE1 PE1 interface loopback 0 PE1 LoopBack0 ip address 192 2 2 2 32 PE1 LoopBack0 quit PE1 mpls lsr id 192 2 2 2 PE1 mpls PE1 mpls quit Enable L2VPN and MPLS L2VPN PE1 l2vpn PE1 l2vpn mpls l2vpn PE1 l2vpn quit Enable LDP globally PE1 mpls ldp PE1...

Page 229: ...l2vc 192 3 3 3 101 PE1 Vlan interface10 quit 3 Configure the P device Configure the LSR ID and enable MPLS globally Sysname system view Sysname sysname P P interface loopback 0 P LoopBack0 ip address 192 4 4 4 32 P LoopBack0 quit P mpls lsr id 192 4 4 4 P mpls P mpls quit Enable LDP globally P mpls ldp P mpls ldp quit Configure the interface connected with PE 1 and enable LDP on the interface P in...

Page 230: ...emote peer 2 PE2 mpls ldp remote 2 remote ip 192 2 2 2 PE2 mpls ldp remote 2 quit Configure the interface connected with the P device and enable LDP on the interface PE2 interface vlan interface 30 PE2 Vlan interface30 ip address 10 2 2 1 24 PE2 Vlan interface30 mpls PE2 Vlan interface30 mpls ldp PE2 Vlan interface30 quit Configure OSPF on PE 2 for establishing LSPs PE2 ospf PE2 ospf 1 area 0 PE2 ...

Page 231: ... Label 101 Vlan10 up 8192 8193 Ping CE 2 from CE 1 The output shows that CE 1 and CE 2 can ping each other CE1 ping 100 1 1 2 PING 100 1 1 2 56 data bytes press CTRL_C to break Reply from 100 1 1 2 bytes 56 Sequence 1 ttl 255 time 30 ms Reply from 100 1 1 2 bytes 56 Sequence 2 ttl 255 time 60 ms Reply from 100 1 1 2 bytes 56 Sequence 3 ttl 255 time 50 ms Reply from 100 1 1 2 bytes 56 Sequence 4 tt...

Page 232: ...ave been established and reached Full state 2 Configure basic MPLS and LDP to establish LDP LSPs Details not shown After configuration issue the display mpls ldp session and display mpls ldp peer commands to view the LDP sessions and peer relationship established or the display mpls lsp command to view the LSPs established 3 Configure BGP L2VPN capability Configure PE 1 Sysname system view Sysname...

Page 233: ...ces are similar to those for Martini MPLS L2VPN and are omitted PE1 mpls l2vpn vpn1 encapsulation vlan PE1 mpls l2vpn vpn1 route distinguisher 100 1 PE1 mpls l2vpn vpn1 vpn target 1 1 PE1 mpls l2vpn vpn1 ce ce1 id 1 range 10 PE1 mpls l2vpn ce vpn1 ce1 connection ce offset 2 interface vlan interface 10 PE1 mpls l2vpn ce vpn1 ce1 quit PE1 mpls l2vpn vpn1 quit Configure PE 2 PE2 mpls l2vpn vpn1 encap...

Page 234: ...5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 34 68 94 ms Example for configuring a VC for a service instance Network requirements CE 1 and CE 2 are connected to PE 1 and PE 2 through VLAN interfaces On PE 1 and PE 2 create a VC for CE 1 and CE 2 in service instance view so CE 1 and CE 2 can exchange Layer 2 packets across the backbone Figure 57 Network diagram...

Page 235: ... 3 3 3 PE1 mpls ldp remote 1 quit Configure the interface connected to the P device and enable LDP on the interface PE1 interface vlan interface 23 PE1 Vlan interface23 ip address 23 1 1 1 24 PE1 Vlan interface23 mpls PE1 Vlan interface23 mpls ldp PE1 Vlan interface23 quit Configure OSPF PE1 ospf PE1 ospf 1 area 0 PE1 ospf 1 area 0 0 0 0 network 23 1 1 1 0 0 0 255 PE1 ospf 1 area 0 0 0 0 network 1...

Page 236: ...nnected with PE 2 and enable LDP on the interface P interface vlan interface 26 P Vlan interface26 ip address 26 2 2 2 24 P Vlan interface26 mpls P Vlan interface26 mpls ldp P Vlan interface26 quit Configure OSPF P ospf P ospf 1 area 0 P ospf 1 area 0 0 0 0 network 23 1 1 2 0 0 0 255 P ospf 1 area 0 0 0 0 network 26 2 2 2 0 0 0 255 P ospf 1 area 0 0 0 0 network 192 4 4 4 0 0 0 0 P ospf 1 area 0 0 ...

Page 237: ...interface gigabitethernet 1 0 1 PE2 GigabitEthernet1 0 1 port access vlan 10 PE2 GigabitEthernet1 0 1 service instance 1000 PE2 GigabitEthernet1 0 1 srv1000 encapsulation s vid 10 PE2 GigabitEthernet1 0 1 srv1000 xconnect peer 192 2 2 2 pw id 1000 PE2 GigabitEthernet1 0 1 srv1000 quit PE2 GigabitEthernet1 0 1 quit 5 Configure CE 2 Configure an IP address for the interface connected to PE 2 Sysname...

Page 238: ...uence 5 ttl 255 time 94 ms 100 1 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 34 68 94 ms Troubleshooting MPLS L2VPN This section describes troubleshooting techniques for MPLS L2VPN Symptom After the L2VPN configuration the peer PEs cannot ping each other The display mpls l2vc command output shows that the VC is down and the remote VC label...

Page 239: ...y and convenient support for MPLS QoS and MPLS TE MPLS L3VPN comprises the following types of devices Customer edge device A CE resides on a customer network and has one or more interfaces directly connected to service provider networks It can be a router a switch or a host It can neither sense the presence of any VPN nor does it need to support MPLS Provider edge device A PE resides at the edge o...

Page 240: ...ected to the same provider network can be classified into different sets by policies Only the sites in the same set can access each other through the provider network Such a set is called a VPN Address space overlapping Each VPN independently manages the addresses that it uses The assembly of such addresses for a VPN is called an address space The address spaces of VPNs may overlap For example if ...

Page 241: ...hed by the Type field When the value of the Type field is 0 the Administrator subfield occupies two bytes the Assigned number subfield occupies four bytes and the RD format is 16 bit AS number 32 bit user defined number For example 100 1 When the value of the Type field is 1 the Administrator subfield occupies four bytes the Assigned number subfield occupies two bytes and the RD format is 32 bit I...

Page 242: ...outes between PEs It is backward compatible and supports both traditional IPv4 address family and other address families such as VPN IPv4 address family Using MP BGP can guarantee that private routes of a VPN are advertised only in the VPN and implement communications between MPLS VPN members Routing policy In addition to the import and export extended communities for controlling VPN route adverti...

Page 243: ...sed on the inbound interface and destination address of the packet Once finding a matching entry PE 1 labels the packet with both inner and outer labels and forwards the packet out 3 The MPLS backbone transmits the packet to PE 2 by outer label The outer label is removed from the packet at the penultimate hop 4 PE 2 searches VPN instance entries according to the inner label and destination address...

Page 244: ...ntrol device is required and all users must communicate with each other through the access control device the hub and spoke networking scheme can be used to implement the monitoring and filtering of user communications This networking scheme requires two route targets one for the hub and the other for the spoke The route target setting rules for VPN instances of all sites on PEs are as follows On ...

Page 245: ...ith each other through the hub site The import target attribute of any spoke PE is distinct from the export route targets of the other spoke PEs Therefore any two spoke PEs can neither directly advertise VPN IPv4 routes to each other nor directly access each other Extranet networking scheme The extranet networking scheme can be used when some resources in a VPN are to be accessed by users that are...

Page 246: ... L3VPN networking the advertisement of VPN routing information involves CEs and PEs A P router maintains only the routes of the backbone and does not need to know any VPN routing information A PE maintains only the routing information of the VPNs directly connected to it rather than that of all VPNs Therefore MPLS L3VPN has excellent scalability The VPN routing information of a local CE is adverti...

Page 247: ... routes and IBGP routes The exchange of routing information between the egress PE and the remote CE is the same as that between the local CE and the ingress PE Inter AS VPN In some networking scenarios multiple sites of a VPN are connected to multiple ISPs in different ASs or to multiple ASs of an ISP Such an application is called inter AS VPN RFC 2547bis presents the following inter AS VPN soluti...

Page 248: ...MP EBGP to exchange labeled VPN IPv4 routes that they have obtained from the PEs in their respective ASs As shown in Figure 65 the routes are advertised through the following steps 1 PEs in AS 100 advertise labeled VPN IPv4 routes to the ASBR PE of AS 100 or the route reflector RR for the ASBR PE through MP IBGP 2 The ASBR PE advertises labeled VPN IPv4 routes to the ASBR PE of AS 200 through MP E...

Page 249: ...the needs for inter AS VPNs However they require that the ASBRs maintain and advertise VPN IPv4 routes When every AS needs to exchange a great amount of VPN routes the ASBRs may become bottlenecks hindering network extension One way to solve the problem is to make PEs directly exchange VPN IPv4 routes without the participation of ASBRs Two ASBRs advertise labeled IPv4 routes to PEs in their respec...

Page 250: ...le that a customer of the MPLS L3VPN service provider is also a service provider In this case the MPLS L3VPN service provider is called the provider carrier or the Level 1 carrier while the customer is called the customer carrier or the Level 2 carrier This networking model is referred to as carrier s carrier In this model the Level 2 service provider serves as a CE of the Level 1 service provider...

Page 251: ...el the routes exchanged between them In either case you must enable MPLS on the CE of the Level 1 carrier Moreover the CE holds the VPN routes of the Level 2 carrier but it does not advertise the routes to the PE of the Level 1 carrier it only exchanges the routes with other PEs of the Level 2 carrier A Level 2 carrier can be an ordinary ISP or an MPLS L3VPN service provider When the Level 2 carri...

Page 252: ...deploy but it increases the network operation cost and brings issues on management and security because of the following The number of VPNs that PEs must support will increase sharply Any modification of an internal VPN must be done through the service provider The nested VPN technology offers a better solution It exchanges VPNv4 routes between PEs and CEs of the ISP MPLS L3VPN and allows a custom...

Page 253: ...ertises VPNv4 routes carrying the comprehensive VPN information to the other PEs of the service provider 4 After another provider PE receives the VPNv4 routes it matches the VPNv4 routes based on its local VPNs Each local VPN accepts routes of its own and advertises them to its connected sub VPN CEs such as CE 3 and CE 4 or CE 5 and CE 6 in Figure 70 If a CE is connected to a provider PE through a...

Page 254: ...ance requirements on the devices decrease while the network expands MPLS L3VPN on the contrary is a plane model where performance requirements are the same for all PEs If a certain PE has limited performance or scalability the performance or scalability of the whole network is influenced Due to the difference you are faced with the scalability problem when deploying PEs at any of the three layers ...

Page 255: ...the routes permitted by the routing policy By using routing policies you can control which nodes in a VPN can communicate with each other Different roles mean different requirements as follows An SPE is required to have large capacity routing table high forwarding performance and fewer interface resources A UPE is required to have small capacity routing table low forwarding performance but higher ...

Page 256: ...nd management because the CEs only need to support OSPF In addition if the customers require MPLS L3VPN services through conventional OSPF backbone using OSPF between PE and CE can simplify the transition For OSPF to run between CE and PE the PE must support multiple OSPF processes Each OSPF process must correspond to a VPN instance and have its own interface and routing table The following descri...

Page 257: ...2 through Type 5 LSAs ASE LSAs However CE 11 CE 21 and CE 22 belong to the same OSPF domain and the route advertisement between them should use Type 3 LSAs inter AS routes To solve the problem the PE uses an extended BGP OSPF interaction process called BGP OSPF interoperability to advertise routes from one site to another differentiating the routes from real AS External routes The process requires...

Page 258: ...s as an intra area point to point link and is advertised through the Type 1 LSA You can select a route between the sham link and backdoor link by adjusting the metric The sham link is considered the link between the two VPN instances with one endpoint address in each VPN instance The endpoint address is a loopback interface address with a 32 bit mask in the VPN address space on the PE Different sh...

Page 259: ...n this way CE 2 can normally receive the routing information from CE 1 However the AS number substitution function also introduces a routing loop in Site 2 because route updates originated from CE3 can be advertised back to Site 2 through PE 2 and CE2 To remove the routing loop you can configure a routing policy on PE2 to add the SoO attribute to route updates received from CE 2 and CE 3 so that P...

Page 260: ... VPN instances By configuring VPN instances on a PE you can isolate not only VPN routes from public network routes but also routes of a VPN from those of another VPN This feature allows VPN instances to be used in network scenarios besides MPLS L3VPNs All VPN instance configurations are performed on PEs or MCEs Creating a VPN instance A VPN instance is associated with a site It is a collection of ...

Page 261: ...ttributes for a VPN instance The control process of VPN route advertisement is as follows When a VPN route learned from a CE gets redistributed into BGP BGP associates it with a route target extended community attribute list which is usually the export target attribute of the VPN instance associated with the CE The VPN instance determines which routes it can accept and redistribute according to th...

Page 262: ...els for load balancing With the preferred path command you can configure preferred tunnels that each correspond to a tunnel interface After a tunneling policy is applied on a PE the PE selects tunnels in this order The PE matches the peer PE address against the destination addresses of preferred tunnels starting from the tunnel with the smallest number If no match is found the local PE selects tun...

Page 263: ...unnel CR LSP tunnel NOTE A tunnel type closer to the select seq keyword has a higher priority For example with the tunnel select seq lsp cr lsp load balance number 1 command configured VPN uses a CR LSP tunnel only when no LSP exists After an LSP is created the VPN uses the LSP tunnel instead If you specify more than one tunnel type and the number of tunnels of a type is less than the specified nu...

Page 264: ...formation about MPLS LDP see Configuring basic MPLS Configurations in MPLS LDP VPN instance view affect only the LDP enabled interface bound to the VPN instance Configurations in MPLS LDP view do not affect interfaces bound to VPN instances When configuring the transport address of an LDP instance use the IP address of the interface bound to the VPN instance By default LDP adjacencies on a private...

Page 265: ...ance the process belongs to the public network For more information about RIP see Layer 3 IP Routing Configuration Guide To configure RIP between PE and CE Step Command Remarks 1 Enter system view system view N A 2 Create a RIP process for a VPN instance and enter RIP view rip process id vpn instance vpn instance name Perform this configuration on PEs On CEs create a normal RIP process 3 Enable RI...

Page 266: ...ifferent OSPF processes are independent of each other All OSPF processes of a VPN must be configured with the same domain ID for routes to be correctly advertised while OSPF processes on PEs in different VPNs can be configured with domain IDs as desired The domain ID of an OSPF process is included in the routes generated by the process When an OSPF route is redistributed into BGP the OSPF domain I...

Page 267: ...icy acl number ip prefix ip prefix name export direct isis process id ospf process id rip process id static Optional By default BGP does not filter routes to be advertised 7 Configure BGP to filter received routes filter policy acl number ip prefix ip prefix name import Optional By default BGP does not filter received routes 8 Allow the local AS number to appear in the AS_PATH attribute of a recei...

Page 268: ... information see Layer 3 IP Routing Configuration Guide Configuring IBGP between PE and CE Use IBGP between PE and CE devices in only common MPLS L3VPN network In networks such as Extranet inter AS VPN carrier s carrier nested VPN and HoVPN you cannot use IBGP between PE and CE devices 1 Configure the PE Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 ...

Page 269: ... BGP VPN instance view and BGP VPNv4 subaddress family view The two commands take effect for only the RR in the view where they are executed For RRs in other views they do not take effect Configuring an RR does not change the next hop of a route To change the next hop of a route configure an inbound policy on the receiving side of the route 2 Configure the CE Step Command Remarks 1 Enter system vi...

Page 270: ...features as required Configuring common routing features for all types of subaddress families For VPN applications BGP address families include BGP VPN IPv4 address family BGP L2VPN address family and VPLS address family Every command in the following table has the same function on BGP routes for each type of the address families and only takes effect for the BGP routes in the address family view ...

Page 271: ...he RR peer group name ip address reflect client Optional By default no RR or RR client is configured 11 Enable the Outbound Route Filtering ORF capability for a BGP peer or peer group peer group name ip address capability advertise orf ip prefix both receive send Optional By default the ORF capability is disabled on a BGP peer or peer group 12 Enable route target filtering for received VPNv4 route...

Page 272: ...me import Optional By default BGP does not filter received routes 10 Advertise community attributes to a peer or peer group peer group name ip address advertise community Optional By default no community attributes are advertised to any peer or peer group 11 Filter routes received from or to be advertised to a peer or peer group based on an AS_PATH list peer group name ip address as path acl aspat...

Page 273: ...gure inter AS VPN complete the following tasks Configure an IGP for the MPLS backbones in each AS to implement IP connectivity of the backbones in the AS Configure basic MPLS for the MPLS backbones of each AS Configure MPLS LDP for the MPLS backbones so that LDP LSPs can be established Configure basic MPLS L3VPN for each AS When configuring basic MPLS L3VPN for each AS specific configurations may ...

Page 274: ... PE interface interface type interface number N A 3 Configure the IP address of the interface ip address ip address mask mask length N A 4 Return to system view quit N A 5 Enter BGP view bgp as number N A 6 Enter BGP VPNv4 subaddress family view ipv4 family vpnv4 N A 7 Disable route target based filtering of VPNv4 routes undo policy vpn target By default PE filters received VPNv4 routes by route t...

Page 275: ... advertised between RRs cannot be changed Configuring the ASBR PEs In the inter AS option C solution an inter AS LSP is required and the routes advertised between the relevant PEs and ASBRs must carry MPLS label information An ASBR PE establishes common IBGP peer relationship with PEs in the same AS and common EBGP peer relationship with the peer ASBR PE All of them exchange labeled IPv4 routes Th...

Page 276: ...led IPv4 routes to be advertised to the PEs in the same AS Which IPv4 routes are to be assigned with MPLS labels depends on the routing policy Only routes that satisfy the criteria are assigned with labels All the other routes are still common IPv4 routes For information about routing policy configuration see Layer 3 IP Routing Configuration Guide To configure a routing policy for inter AS option ...

Page 277: ...n instance vpn instance name enable By default only IPv4 routes and no BGP VPNv4 routes can be exchanged between nested VPN peers peer groups 9 Add a peer to the nested VPN peer group peer peer address vpn instance vpn instance name group group name Optional By default a peer is not in any nested VPN peer group 10 Apply a routing policy to routes received from a nested VPN peer or peer group peer ...

Page 278: ...ises a default route using the local address as the next hop address to the UPE regardless of whether the default route is present in the local routing table or not Configuring an OSPF sham link The sham link is considered an OSPF intra area route It is used to make sure that the VPN traffic is transmitted over the backbone instead of the backdoor link between two CEs The source and destination ad...

Page 279: ...gure the external route tag for imported VPN routes route tag tag value N A 4 Enter OSPF area view area area id N A 5 Configure a sham link sham link source ip address destination ip address cost cost dead dead interval hello hello interval retransmit retrans interval trans delay delay simple cipher plain password md5 hmac md5 key id cipher plain password By default no sham link is configured If y...

Page 280: ...er system view system view N A 2 Create a routing policy and enter routing policy view route policy route policy name permit node node number Optional No routing policy is created by default 3 Specify SoO attribute value apply extcommunity soo site of origin additive Optional Not specified by default 4 Return to system view quit N A 5 Enter BGP view bgp as number N A 6 Enter BGP VPN instance view ...

Page 281: ...ce name verbose begin exclude include regular expression Available in any view Display information about a specified or all VPN instances display ip vpn instance instance name vpn instance name begin exclude include regular expression Available in any view Display information about the FIB of a VPN instance display fib vpn instance vpn instance name acl acl number ip prefix ip prefix name begin ex...

Page 282: ...ormation display bgp vpnv4 all routing table network address mask mask length longer prefixes as path acl as path acl number cidr community aa nn 1 13 no advertise no export no export subconfed whole match community list basic community list number comm list name whole match adv community list number different origin as peer ip address advertised routes received routes statistic statistic begin ex...

Page 283: ...view Display information about a specified or all tunnel policies display tunnel policy all policy name tunnel policy name begin exclude include regular expression Available in any view Display information about the specified LDP instance display mpls ldp vpn instance vpn instance name begin exclude include regular expression Available in any view Clear the route flap dampening information of a VP...

Page 284: ...nt12 10 2 1 1 24 Vlan int11 10 3 1 2 24 CE 3 Vlan int11 10 3 1 1 24 Vlan int13 10 4 1 2 24 CE 4 Vlan int13 10 4 1 1 24 Configuration procedure 1 Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone Configure PE 1 PE1 system view PE1 interface loopback 0 PE1 LoopBack0 ip address 1 1 1 9 32 PE1 LoopBack0 quit PE1 interface vlan interface 13 PE1 Vlan interface13 ip addr...

Page 285: ...ace12 ip address 172 2 1 2 24 PE2 Vlan interface12 quit PE2 ospf PE2 ospf 1 area 0 PE2 ospf 1 area 0 0 0 0 network 172 2 1 0 0 0 0 255 PE2 ospf 1 area 0 0 0 0 network 3 3 3 9 0 0 0 0 PE2 ospf 1 area 0 0 0 0 quit PE2 ospf 1 quit After the configurations OSPF adjacencies are established between PE 1 P and PE 2 Issue the display ospf peer command The output shows that the adjacency status is Full Iss...

Page 286: ...establish LDP LSPs Configure PE 1 PE1 mpls lsr id 1 1 1 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit PE1 interface vlan interface 13 PE1 Vlan interface13 mpls PE1 Vlan interface13 mpls ldp PE1 Vlan interface13 quit Configure the P device P mpls lsr id 2 2 2 9 P mpls P mpls quit P mpls ldp P mpls ldp quit P interface vlan interface 13 P Vlan interface13 mpls P Vlan interface13 mpls ldp P...

Page 287: ... 2 Vlan interface13 A before an LSP means the LSP is not established A before a Label means the USCB or DSCB is stale 3 Configure VPN instances on PEs to allow CEs to access Configure PE 1 PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 100 1 PE1 vpn instance vpn1 vpn target 111 1 PE1 vpn instance vpn1 quit PE1 ip vpn instance vpn2 PE1 vpn instance vpn2 route distinguisher 100 2...

Page 288: ...nstance Name RD Create time vpn1 100 1 2009 01 22 13 02 21 vpn2 100 2 2009 01 22 13 02 40 PE1 ping vpn instance vpn1 10 1 1 1 PING 10 1 1 1 56 data bytes press CTRL_C to break Reply from 10 1 1 1 bytes 56 Sequence 1 ttl 255 time 56 ms Reply from 10 1 1 1 bytes 56 Sequence 2 ttl 255 time 4 ms Reply from 10 1 1 1 bytes 56 Sequence 3 ttl 255 time 4 ms Reply from 10 1 1 1 bytes 56 Sequence 4 ttl 255 t...

Page 289: ... 100 PE1 bgp peer 3 3 3 9 connect interface loopback 0 PE1 bgp ipv4 family vpnv4 PE1 bgp af vpnv4 peer 3 3 3 9 enable PE1 bgp af vpnv4 quit PE1 bgp quit Configure PE 2 PE2 bgp 100 PE2 bgp peer 1 1 1 9 as number 100 PE2 bgp peer 1 1 1 9 connect interface loopback 0 PE2 bgp ipv4 family vpnv4 PE2 bgp af vpnv4 peer 1 1 1 9 enable PE2 bgp af vpnv4 quit PE2 bgp quit After completing the configuration is...

Page 290: ...example CE 1 can ping CE 3 10 3 1 1 but cannot ping CE 4 10 4 1 1 CE1 ping 10 3 1 1 PING 10 3 1 1 56 data bytes press CTRL_C to break Reply from 10 3 1 1 bytes 56 Sequence 1 ttl 253 time 72 ms Reply from 10 3 1 1 bytes 56 Sequence 2 ttl 253 time 34 ms Reply from 10 3 1 1 bytes 56 Sequence 3 ttl 253 time 50 ms Reply from 10 3 1 1 bytes 56 Sequence 4 ttl 253 time 50 ms Reply from 10 3 1 1 bytes 56 S...

Page 291: ...an int11 10 1 1 1 24 Vlan int12 172 2 1 1 24 CE 2 Loop0 5 5 5 9 32 Vlan int13 172 1 1 2 24 Vlan int12 10 2 1 1 24 CE 4 Loop0 7 7 7 9 32 CE 3 Loop0 6 6 6 9 32 Vlan int13 10 4 1 1 24 Vlan int11 10 3 1 1 24 Configuration procedure 1 Configure an IGP on the MPLS backbone to ensure IP connectivity within the backbone Configure PE 1 PE1 system view PE1 interface loopback 0 PE1 LoopBack0 ip address 1 1 1...

Page 292: ...face loopback 0 PE2 LoopBack0 ip address 3 3 3 9 32 PE2 LoopBack0 quit PE2 interface vlan interface 12 PE2 Vlan interface12 ip address 172 2 1 2 24 PE2 Vlan interface12 quit PE2 ospf PE2 ospf 1 area 0 PE2 ospf 1 area 0 0 0 0 network 172 2 1 0 0 0 0 255 PE2 ospf 1 area 0 0 0 0 network 3 3 3 9 0 0 0 0 PE2 ospf 1 area 0 0 0 0 quit PE2 ospf 1 quit After the configurations P establishes an OSPF adjacen...

Page 293: ...uence 0 Neighbor state change count 5 2 Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs Configure PE 1 PE1 mpls lsr id 1 1 1 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit PE1 interface vlan interface 13 PE1 Vlan interface13 mpls PE1 Vlan interface13 mpls ldp PE1 Vlan interface13 quit Configure the P switch P mpls lsr id 2 2 2 9 P mpls P mpls quit P mpls ldp P...

Page 294: ...nLoop0 2 2 2 2 9 32 NULL 3 172 1 1 2 Vlan interface13 3 3 3 3 9 32 NULL 1024 172 1 1 2 Vlan interface13 A before an LSP means the LSP is not established A before a Label means the USCB or DSCB is stale 3 Configure VPN instances on PEs to allow CEs to access Configure PE 1 PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 100 1 PE1 vpn instance vpn1 vpn target 111 1 PE1 vpn instanc...

Page 295: ... Create time vpn1 100 1 2009 01 22 13 02 21 vpn2 100 2 2009 01 22 13 02 40 PE1 ping vpn instance vpn1 10 1 1 1 PING 10 1 1 1 56 data bytes press CTRL_C to break Reply from 10 1 1 1 bytes 56 Sequence 1 ttl 255 time 56 ms Reply from 10 1 1 1 bytes 56 Sequence 2 ttl 255 time 4 ms Reply from 10 1 1 1 bytes 56 Sequence 3 ttl 255 time 4 ms Reply from 10 1 1 1 bytes 56 Sequence 4 ttl 255 time 52 ms Reply...

Page 296: ...shed between the PEs and CEs and have reached the Established state Take the BGP peer relationship between PE 1 and CE 1 as an example PE1 display bgp vpnv4 vpn instance vpn1 peer BGP local router ID 1 1 1 9 Local AS number 100 Total number of peers 1 Peers in established state 1 Peer AS MsgRcvd MsgSent OutQ PrefRcv Up Down State 10 1 1 1 100 26 21 0 2 00 11 08 Established 5 Configure an MP IBGP p...

Page 297: ... 1 1 9 Local AS number 100 Total number of peers 1 Peers in established state 1 Peer AS MsgRcvd MsgSent OutQ PrefRcv Up Down State 3 3 3 9 100 4 8 0 0 00 00 09 Established 6 Verify your configuration Issue the display ip routing table vpn instance command on the PEs The output shows the routes to the peer CEs Take PE 1 as an example PE1 display ip routing table vpn instance vpn1 Routing Tables vpn...

Page 298: ... 5 ttl 253 time 34 ms 6 6 6 9 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 34 48 72 ms CE1 ping 7 7 7 9 PING 7 7 7 9 56 data bytes press CTRL_C to break Request time out Request time out Request time out Request time out Request time out 7 7 7 9 ping statistics 5 packet s transmitted 0 packet s received 100 00 packet loss Configuring a hub spok...

Page 299: ...edure 1 Configure an IGP in the MPLS backbone to ensure IP connectivity between spoke PE and hub PE Configure Spoke PE 1 Spoke PE1 system view Spoke PE1 interface loopback 0 Spoke PE1 LoopBack0 ip address 1 1 1 9 32 Spoke PE1 LoopBack0 quit Spoke PE1 interface vlan interface 4 Spoke PE1 Vlan interface4 ip address 172 1 1 1 24 Spoke PE1 Vlan interface4 quit Spoke PE1 ospf Spoke PE1 ospf 1 area 0 Sp...

Page 300: ...172 2 1 0 0 0 0 255 Hub PE ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 Hub PE ospf 1 area 0 0 0 0 quit Hub PE ospf 1 quit After the configuration OSPF adjacencies are established between Spoke PE 1 and Hub PE and between Spoke PE 2 and Hub PE Issue the display ospf peer command The output shows that the adjacency status is Full Issue the display ip routing table command The output shows that the P...

Page 301: ...e PE1 mpls ldp quit Spoke PE1 interface vlan interface 4 Spoke PE1 Vlan interface4 mpls Spoke PE1 Vlan interface4 mpls ldp Spoke PE1 Vlan interface4 quit Configure Spoke PE 2 Spoke PE2 mpls lsr id 3 3 3 9 Spoke PE2 mpls Spoke PE2 mpls quit Spoke PE2 mpls ldp Spoke PE2 mpls ldp quit Spoke PE2 interface vlan interface 5 Spoke PE2 Vlan interface5 mpls Spoke PE2 Vlan interface5 mpls ldp Spoke PE2 Vlan...

Page 302: ...r DSCB is stale 3 Configure VPN instances on the spoke PEs and the hub PE to allow CEs to access the PEs Configure Spoke PE 1 Spoke PE1 ip vpn instance vpn1 Spoke PE1 vpn instance vpn1 route distinguisher 100 1 Spoke PE1 vpn instance vpn1 vpn target 111 1 import extcommunity Spoke PE1 vpn instance vpn1 vpn target 222 2 export extcommunity Spoke PE1 vpn instance vpn1 quit Spoke PE1 interface vlan i...

Page 303: ...vity between the PEs and their attached CEs The PEs can ping their attached CEs Take Spoke PE 1 as an example Spoke PE1 display ip vpn instance Total VPN Instances configured 1 VPN Instance Name RD Create time vpn1 100 1 2009 04 08 10 55 07 Spoke PE1 ping vpn instance vpn1 10 1 1 1 PING 10 1 1 1 56 data bytes press CTRL_C to break Reply from 10 1 1 1 bytes 56 Sequence 1 ttl 255 time 56 ms Reply fr...

Page 304: ... bgp 100 Hub PE bgp ipv4 family vpn instance vpn1 in Hub PE bgp vpn1 in peer 10 3 1 1 as number 65430 Hub PE bgp vpn1 in import route direct Hub PE bgp vpn1 in quit Hub PE bgp ipv4 family vpn instance vpn1 out Hub PE bgp vpn1 out peer 10 4 1 1 as number 65430 Hub PE bgp vpn1 out peer 10 4 1 1 allow as loop Hub PE bgp vpn1 out import route direct Hub PE bgp vpn1 out quit Hub PE bgp quit After you c...

Page 305: ...3 9 as number 100 Hub PE bgp peer 3 3 3 9 connect interface loopback 0 Hub PE bgp ipv4 family vpnv4 Hub PE bgp af vpnv4 peer 1 1 1 9 enable Hub PE bgp af vpnv4 peer 3 3 3 9 enable Hub PE bgp af vpnv4 quit Hub PE bgp quit After you complete the configurations issue the display bgp peer command or the display bgp vpnv4 all peer command on the PEs The output shows that a BGP peer relationship has bee...

Page 306: ... 10 2 1 1 PING 10 2 1 1 56 data bytes press CTRL_C to break Reply from 10 2 1 1 bytes 56 Sequence 1 ttl 250 time 3 ms Reply from 10 2 1 1 bytes 56 Sequence 2 ttl 250 time 3 ms Reply from 10 2 1 1 bytes 56 Sequence 3 ttl 250 time 2 ms Reply from 10 2 1 1 bytes 56 Sequence 4 ttl 250 time 2 ms Reply from 10 2 1 1 bytes 56 Sequence 5 ttl 250 time 2 ms 10 2 1 1 ping statistics 5 packet s transmitted 5 ...

Page 307: ...32 bit loopback interface address used as the LSR ID needs to be advertised by OSPF After you complete the configurations each ASBR PE and the PE in the same AS can establish OSPF adjacencies Issue the display ospf peer command The output shows that the adjacencies reach the Full state and that PEs can learn the routes to the loopback interfaces of each other Each ASBR PE and the PE in the same AS...

Page 308: ...s ASBR PE2 Vlan interface11 mpls ldp ASBR PE2 Vlan interface11 quit Configure MPLS basic capability on PE 2 and enable MPLS LDP on the interface connected to ASBR PE 2 PE2 system view PE2 mpls lsr id 4 4 4 9 PE2 mpls PE2 mpls quit PE2 mpls ldp PE2 mpls ldp quit PE2 interface vlan interface 11 PE2 Vlan interface11 mpls PE2 Vlan interface11 mpls ldp PE2 Vlan interface11 quit After you complete the c...

Page 309: ...N instance and binding the instance to the interface connected with ASBR PE 2 ASBR PE 1 considers ASBR PE 2 its CE ASBR PE1 ip vpn instance vpn1 ASBR PE1 vpn instance vpn1 route distinguisher 100 2 ASBR PE1 vpn instance vpn1 vpn target 100 1 both ASBR PE1 vpn instance vpn1 quit ASBR PE1 interface vlan interface 12 ASBR PE1 Vlan interface12 ip binding vpn instance vpn1 ASBR PE1 Vlan interface12 ip ...

Page 310: ...s number 65002 PE2 bgp vpn1 import route direct PE2 bgp vpn1 quit PE2 bgp quit 5 Establish an MP IBGP peer relationship between each PE and the ASBR PE in the same AS and an EBGP peer relationship between the ASBR PEs Configure PE 1 PE1 bgp 100 PE1 bgp peer 2 2 2 9 as number 100 PE1 bgp peer 2 2 2 9 connect interface loopback 0 PE1 bgp ipv4 family vpnv4 PE1 bgp af vpnv4 peer 2 2 2 9 enable PE1 bgp...

Page 311: ...2 bgp ipv4 family vpnv4 PE2 bgp af vpnv4 peer 3 3 3 9 enable PE2 bgp af vpnv4 peer 3 3 3 9 next hop local PE2 bgp af vpnv4 quit PE2 bgp quit 6 Verify your configuration After you complete the configurations the CEs can learn the interface routes from each other and ping each other Configuring inter AS option B Network requirements Site 1 and Site 2 belong to the same VPN CE 1 of Site 1 accesses th...

Page 312: ...uration procedure 1 Configure PE 1 Run IS IS on PE 1 PE1 system view PE1 isis 1 PE1 isis 1 network entity 10 1111 1111 1111 1111 00 PE1 isis 1 quit Configure LSR ID enable MPLS and LDP PE1 mpls lsr id 2 2 2 9 PE1 mpls PE1 mpls label advertise non null PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit Configure interface VLAN interface 11 and start IS IS and enable MPLS and LDP on the interface PE1 inte...

Page 313: ...ce12 quit Start BGP on PE 1 PE1 bgp 100 Configure IBGP peer 3 3 3 9 as a VPNv4 peer PE1 bgp peer 3 3 3 9 as number 100 PE1 bgp peer 3 3 3 9 connect interface loopback 0 PE1 bgp ipv4 family vpnv4 PE1 bgp af vpnv4 peer 3 3 3 9 enable PE1 bgp af vpnv4 quit Redistribute direct routes to the VPN routing table of vpn1 PE1 bgp ipv4 family vpn instance vpn1 PE1 bgp vpn1 import route direct PE1 bgp vpn1 qu...

Page 314: ...r 11 0 0 1 as number 600 Disable route target based filtering of received VPNv4 routes ASBR PE1 bgp ipv4 family vpnv4 ASBR PE1 bgp af vpnv4 undo policy vpn target Configure both IBGP peer 2 2 2 0 and EBGP peer 11 0 0 1 as VPNv4 peers ASBR PE1 bgp af vpnv4 peer 11 0 0 1 enable ASBR PE1 bgp af vpnv4 peer 2 2 2 9 enable ASBR PE1 bgp af vpnv4 quit 3 Configure ASBR PE 2 Start IS IS on ASBR PE 2 ASBR PE...

Page 315: ...g of received VPNv4 routes ASBR PE2 bgp ipv4 family vpnv4 ASBR PE2 bgp af vpnv4 undo policy vpn target Configure both IBGP peer 5 5 5 9 and EBGP peer 11 0 0 2 as VPNv4 peers ASBR PE2 bgp af vpnv4 peer 11 0 0 2 enable ASBR PE2 bgp af vpnv4 peer 5 5 5 9 enable ASBR PE2 bgp af vpnv4 quit ASBR PE2 bgp quit 4 Configure PE 2 Start IS IS on PE 2 PE2 system view PE2 isis 1 PE2 isis 1 network entity 10 444...

Page 316: ...mber 600 PE2 bgp peer 4 4 4 9 connect interface loopback 0 PE2 bgp ipv4 family vpnv4 PE2 bgp af vpnv4 peer 4 4 4 9 enable PE2 bgp af vpnv4 quit Redistribute direct routes to the VPN routing table of vpn1 PE2 bgp ipv4 family vpn instance vpn1 PE2 bgp vpn1 import route direct PE2 bgp vpn1 quit PE2 bgp quit 5 Verify your configuration Ping PE 1 from PE 2 and ping PE 2 from PE 1 They can ping each oth...

Page 317: ...nfigure PE 1 Run IS IS on PE 1 PE1 system view PE1 isis 1 PE1 isis 1 network entity 10 1111 1111 1111 1111 00 PE1 isis 1 quit Configure LSR ID enable MPLS and LDP PE1 mpls lsr id 2 2 2 9 PE1 mpls PE1 mpls label advertise non null PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit Configure interface VLAN interface 11 and start IS IS and enable MPLS and LDP on the interface PE1 interface vlan interface 1...

Page 318: ...r PE1 bgp peer 3 3 3 9 as number 100 PE1 bgp peer 3 3 3 9 connect interface loopback 0 PE1 bgp peer 3 3 3 9 label route capability Configure the maximum hop count from PE 1 to EBGP peer 5 5 5 9 as 10 PE1 bgp peer 5 5 5 9 as number 600 PE1 bgp peer 5 5 5 9 connect interface loopback 0 PE1 bgp peer 5 5 5 9 ebgp max hop 10 Configure peer 5 5 5 9 as a VPNv4 peer PE1 bgp ipv4 family vpnv4 PE1 bgp af vp...

Page 319: ...1 quit ASBR PE1 route policy policy2 permit node 1 ASBR PE1 route policy2 if match mpls label ASBR PE1 route policy2 apply mpls label ASBR PE1 route policy2 quit Start BGP on ASBR PE 1 and redistribute routes from IS IS process 1 ASBR PE1 bgp 100 ASBR PE1 bgp import route isis 1 Use routing policy policy2 to filter routes advertised to IBGP peer 2 2 2 9 ASBR PE1 bgp peer 2 2 2 9 as number 100 ASBR...

Page 320: ...ck0 quit Configure interface VLAN interface 12 and enable MPLS on it ASBR PE2 interface vlan interface 12 ASBR PE2 Vlan interface12 ip address 11 0 0 1 255 0 0 0 ASBR PE2 Vlan interface12 mpls ASBR PE2 Vlan interface12 quit Create routing policies ASBR PE2 route policy policy1 permit node 1 New Sequence of this List ASBR PE2 route policy1 apply mpls label ASBR PE2 route policy1 quit ASBR PE2 route...

Page 321: ...rface 11 and start IS IS and enable MPLS and LDP on the interface PE2 interface vlan interface 11 PE2 Vlan interface11 ip address 9 1 1 2 255 0 0 0 PE2 Vlan interface11 isis enable 1 PE2 Vlan interface11 mpls PE2 Vlan interface11 mpls ldp PE2 Vlan interface11 quit Configure interface Loopback 0 and start IS IS on it PE2 interface loopback 0 PE2 LoopBack0 ip address 5 5 5 9 32 PE2 LoopBack0 isis en...

Page 322: ...configurations PE 1 and PE 2 can ping each other PE2 ping vpn instance vpn1 30 0 0 1 PE1 ping vpn instance vpn1 20 0 0 1 Configuring carrier s carrier Network requirements Configure carrier s carrier for the scenario shown in Figure 82 PE 1 and PE 2 are the provider carrier s PE switches They provide VPN services for the customer carrier CE 1 and CE 2 are the customer carrier s switches They are c...

Page 323: ... 1 Loop0 3 3 3 9 32 PE 2 Loop0 4 4 4 9 32 Vlan int11 11 1 1 2 24 Vlan int12 30 1 1 2 24 Vlan int12 30 1 1 1 24 Vlan int11 21 1 1 1 24 Configuration procedure 1 Configure MPLS L3VPN on the provider carrier backbone start IS IS as the IGP enable LDP between PE 1 and PE 2 and establish an MP IBGP peer relationship between the PEs Configure PE 1 PE1 system view PE1 interface loopback 0 PE1 LoopBack0 i...

Page 324: ...as been established and has reached the Established state Issue the display isis peer command the output shows that the IS IS neighbor relationship has been set up Take PE 1 as an example PE1 display mpls ldp session LDP Session s in Public Network Total number of sessions 1 Peer ID Status LAM SsnRole FT MD5 KA Sent Rcv 4 4 4 9 0 Operational DU Active Off Off 378 378 LAM Label Advertisement Mode F...

Page 325: ... 2 9 CE1 mpls CE1 mpls quit CE1 mpls ldp CE1 mpls ldp quit CE1 isis 2 CE1 isis 2 network entity 10 0000 0000 0000 0002 00 CE1 isis 2 quit CE1 interface loopback 0 CE1 LoopBack0 isis enable 2 CE1 LoopBack0 quit CE1 interface vlan interface 12 CE1 Vlan interface12 ip address 10 1 1 2 24 CE1 Vlan interface12 isis enable 2 CE1 Vlan interface12 mpls CE1 Vlan interface12 mpls ldp CE1 Vlan interface12 mp...

Page 326: ...ily vpn instance vpn1 PE1 bgp vpn1 import isis 2 PE1 bgp vpn1 quit PE1 bgp quit Configure CE 1 CE1 interface vlan interface 11 CE1 Vlan interface11 ip address 11 1 1 1 24 CE1 Vlan interface11 isis enable 2 CE1 Vlan interface11 mpls CE1 Vlan interface11 mpls ldp CE1 Vlan interface11 mpls ldp transport address interface CE1 Vlan interface11 quit After the configurations PE 1 and CE 1 can establish t...

Page 327: ...igure PE 3 Details not shown 6 Verify your configuration Issue the display ip routing table command on PE 1 and PE 2 The output shows that only routes of the provider carrier network are present in the public network routing table of PE 1 and PE 2 Take PE 1 as an example PE1 display ip routing table Routing Tables Public Destinations 7 Routes 7 Destination Mask Proto Pre Cost NextHop Interface 3 3...

Page 328: ...an11 6 6 6 9 32 ISIS 15 74 11 1 1 2 Vlan11 10 1 1 0 24 Direct 0 0 10 1 1 2 Vlan12 10 1 1 1 32 Direct 0 0 10 1 1 1 Vlan12 10 1 1 2 32 Direct 0 0 127 0 0 1 InLoop0 11 1 1 0 24 Direct 0 0 11 1 1 1 Vlan1 11 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 11 1 1 2 32 Direct 0 0 11 1 1 2 Vlan11 20 1 1 0 24 ISIS 15 74 11 1 1 2 Vlan11 21 1 1 0 24 ISIS 15 74 11 1 1 2 Vlan11 21 1 1 2 32 ISIS 15 74 11 1 1 2 Vlan11 127...

Page 329: ...127 ms Reply from 20 1 1 2 bytes 56 Sequence 2 ttl 252 time 97 ms Reply from 20 1 1 2 bytes 56 Sequence 3 ttl 252 time 83 ms Reply from 20 1 1 2 bytes 56 Sequence 4 ttl 252 time 70 ms Reply from 20 1 1 2 bytes 56 Sequence 5 ttl 252 time 60 ms 20 1 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 60 87 127 ms CE 3 and CE 4 can ping each other CE...

Page 330: ...ervice provider network to the extended community attribute list and then forwards the VPNv4 route as usual To implement exchange of sub VPN routes between customer PEs and service provider PEs MP EBGP peers must be established between service provider PEs and customer CEs Figure 83 Network diagram Device Interface IP address Device Interface IP address CE 1 Loop0 2 2 2 9 32 CE 2 Loop0 5 5 5 9 32 ...

Page 331: ...ace12 mpls ldp PE1 Vlan interface12 quit PE1 bgp 100 PE1 bgp peer 4 4 4 9 as number 100 PE1 bgp peer 4 4 4 9 connect interface loopback 0 PE1 bgp ipv4 family vpnv4 PE1 bgp af vpnv4 peer 4 4 4 9 enable PE1 bgp af vpnv4 quit PE1 bgp quit Configure PE 2 in a similar way as you configure PE 1 Details not shown After completing the configurations execute commands display mpls ldp session display bgp pe...

Page 332: ...back 0 PE3 LoopBack0 ip address 1 1 1 9 32 PE3 LoopBack0 quit PE3 mpls lsr id 1 1 1 9 PE3 mpls PE3 mpls quit PE3 mpls ldp PE3 mpls ldp quit PE3 isis 2 PE3 isis 2 network entity 10 0000 0000 0000 0001 00 PE3 isis 2 quit PE3 interface loopback 0 PE3 LoopBack0 isis enable 2 PE3 LoopBack0 quit PE3 interface vlan interface 12 PE3 Vlan interface12 ip address 10 1 1 1 24 PE3 Vlan interface12 isis enable ...

Page 333: ...it PE1 interface vlan interface 11 PE1 Vlan interface11 ip binding vpn instance vpn1 PE1 Vlan interface11 ip address 11 1 1 2 24 PE1 Vlan interface11 mpls PE1 Vlan interface11 quit PE1 bgp 100 PE1 bgp ipv4 family vpn instance vpn1 PE1 bgp vpn1 peer 11 1 1 1 as number 200 PE1 bgp vpn1 quit PE1 bgp quit Configure CE 1 CE1 interface vlan interface 11 CE1 Vlan interface11 ip address 11 1 1 1 24 CE1 Vl...

Page 334: ...VPN2 vpn target 2 2 PE3 vpn instance SUB_VPN2 quit PE3 interface vlan interface 13 PE3 Vlan interface13 ip binding vpn instance SUB_VPN2 PE3 Vlan interface13 ip address 110 1 1 2 24 PE3 Vlan interface13 quit PE3 bgp 200 PE3 bgp ipv4 family vpn instance SUB_VPN1 PE3 bgp SUB_VPN1 peer 100 1 1 1 as number 65410 PE3 bgp SUB_VPN1 import route direct PE3 bgp SUB_VPN1 quit PE3 bgp ipv4 family vpn instanc...

Page 335: ...er 2 2 2 9 connect interface loopback 0 PE3 bgp ipv4 family vpnv4 PE3 bgp af vpnv4 peer 2 2 2 9 enable Allow the local AS number to appear in the AS PATH attribute of the routes received PE3 bgp af vpnv4 peer 2 2 2 9 allow as loop 2 PE3 bgp af vpnv4 quit PE3 bgp quit Configure CE 1 CE1 bgp 200 CE1 bgp peer 1 1 1 9 as number 200 CE1 bgp peer 1 1 1 9 connect interface loopback 0 CE1 bgp ipv4 family ...

Page 336: ... Direct 0 0 11 1 1 2 Vlan11 100 1 1 0 24 BGP 255 0 11 1 1 1 NULL0 110 1 1 0 24 BGP 255 0 11 1 1 1 NULL0 120 1 1 0 24 BGP 255 0 4 4 4 9 NULL0 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 130 1 1 0 24 BGP 255 0 4 4 4 9 NULL0 Execute the display bgp vpnv4 all routing table command on CE 1 and CE 2 to verify that the VPNv4 routing tables on the customer VPN contai...

Page 337: ...outing Tables SUB_VPN1 Destinations 5 Routes 5 Destination Mask Proto Pre Cost NextHop Interface 100 1 1 0 24 Direct 0 0 100 1 1 2 Vlan11 100 1 1 2 32 Direct 0 0 127 0 0 1 InLoop0 120 1 1 0 24 BGP 255 0 2 2 2 9 NULL0 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 Execute the display ip routing table command on CE 3 and CE 4 to verify that the routing tables cont...

Page 338: ...e 3 ttl 252 time 105 ms Reply from 120 1 1 1 bytes 56 Sequence 4 ttl 252 time 88 ms Reply from 120 1 1 1 bytes 56 Sequence 5 ttl 252 time 87 ms 120 1 1 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 69 90 105 ms CE5 and CE 6 can ping each other CE5 ping 130 1 1 1 PING 130 1 1 1 56 data bytes press CTRL_C to break Reply from 130 1 1 1 bytes 56 S...

Page 339: ...icies to UPEs permitting CE 1 and CE 3 in VPN 1 to communicate with each other and forbidding CE 2 and CE 4 in VPN 2 to communicate with each other Figure 84 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan int12 10 2 1 1 24 CE 3 Vlan int12 10 1 1 1 24 CE 2 Vlan int13 10 4 1 1 24 CE 4 Vlan int13 10 3 1 1 24 UPE 1 Loop0 1 1 1 9 32 UPE 2 Loop0 4 4 4 9 32 Vlan int11 1...

Page 340: ... UPE1 vpn instance vpn1 route distinguisher 100 1 UPE1 vpn instance vpn1 vpn target 100 1 both UPE1 vpn instance vpn1 quit UPE1 ip vpn instance vpn2 UPE1 vpn instance vpn2 route distinguisher 100 2 UPE1 vpn instance vpn2 vpn target 100 2 both UPE1 vpn instance vpn2 quit UPE1 interface vlan interface 12 UPE1 Vlan interface12 ip binding vpn instance vpn1 UPE1 Vlan interface12 ip address 10 2 1 2 24 ...

Page 341: ...255 0 CE2 Vlan interface13 quit CE2 bgp 65420 CE2 bgp peer 10 4 1 2 as number 100 CE2 bgp import route direct CE2 quit 4 Configure UPE 2 Configure MPLS basic capability and MPLS LDP to establish LDP LSPs UPE2 system view UPE2 interface loopback 0 UPE2 Loopback0 ip address 4 4 4 9 32 UPE2 Loopback0 quit UPE2 mpls lsr id 4 4 4 9 UPE2 mpls UPE2 mpls quit UPE2 mpls ldp UPE2 mpls ldp quit UPE2 interfac...

Page 342: ... establish MP IBGP peer relationship with SPE 2 and to inject VPN routes UPE2 bgp 100 UPE2 bgp peer 3 3 3 9 as number 100 UPE2 bgp peer 3 3 3 9 connect interface loopback 0 UPE2 bgp ipv4 family vpnv4 UPE2 bgp af vpnv4 peer 3 3 3 9 enable UPE2 bgp af vpnv4 quit UPE2 bgp ipv4 family vpn instance vpn1 UPE2 bgp vpn1 peer 10 1 1 1 as number 65430 UPE2 bgp vpn1 import route direct UPE2 bgp vpn1 quit UPE...

Page 343: ...mpls ldp SPE1 Vlan interface12 quit Configure the IGP protocol OSPF for example SPE1 ospf SPE1 ospf 1 area 0 SPE1 ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 SPE1 ospf 1 area 0 0 0 0 network 172 1 1 0 0 0 0 255 SPE1 ospf 1 area 0 0 0 0 network 180 1 1 0 0 0 0 255 SPE1 ospf 1 area 0 0 0 0 quit SPE1 ospf 1 quit Configure VPN instances vpn1 and vpn2 SPE1 ip vpn instance vpn1 SPE1 vpn instance vpn1 ro...

Page 344: ...quit SPE1 bgp 100 SPE1 bgp ipv4 family vpnv4 SPE1 bgp af vpnv4 peer 1 1 1 9 upe route policy hope export 8 Configure SPE 2 Configure MPLS basic capability and MPLS LDP to establish LDP LSPs SPE2 system view SPE2 interface loopback 0 SPE2 LoopBack0 ip address 3 3 3 9 32 SPE2 LoopBack0 quit SPE2 mpls lsr id 3 3 3 9 SPE2 mpls SPE2 mpls quit SPE2 mpls ldp SPE2 mpls ldp quit SPE2 interface vlan interfa...

Page 345: ...9 as number 100 SPE2 bgp peer 2 2 2 9 connect interface loopback 0 SPE2 bgp ipv4 family vpnv4 SPE2 bgp af vpnv4 peer 2 2 2 9 enable SPE2 bgp af vpnv4 peer 4 4 4 9 enable SPE2 bgp af vpnv4 peer 4 4 4 9 upe SPE2 bgp af vpnv4 quit SPE2 bgp ipv4 family vpn instance vpn1 SPE2 bgp vpn1 quit SPE2 bgp ipv4 family vpn instance vpn2 SPE2 bgp vpn2 quit SPE2 bgp quit Configure SPE 2 to advertise to UPE 2 the ...

Page 346: ...Configure conventional OSPF on CE 1 Switch A and CE 2 to advertise segment addresses of the interfaces as shown in Figure 85 Details not shown After completing the configurations CE 1 and CE 2 can learn the OSPF route to the VLAN interface 1 of each other Take CE 1 as an example CE1 display ip routing table Routing Tables Public Destinations 9 Routes 9 Destination Mask Proto Pre Cost NextHop Inter...

Page 347: ...E1 bgp ipv4 family vpnv4 PE1 bgp af vpnv4 peer 2 2 2 9 enable PE1 bgp af vpnv4 quit PE1 bgp quit Configure OSPF on PE 1 PE1 ospf 1 PE1 ospf 1 area 0 PE1 ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 PE1 ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 PE1 ospf 1 area 0 0 0 0 quit PE1 ospf 1 quit Configure MPLS basic capability and MPLS LDP on PE 2 to establish LDP LSPs PE2 system view PE2 interface lo...

Page 348: ...pn instance vpn1 PE1 Vlan interface11 ip address 100 1 1 2 24 PE1 Vlan interface11 quit PE1 ospf 100 vpn instance vpn1 PE1 ospf 100 domain id 10 PE1 ospf 100 area 1 PE1 ospf 100 area 0 0 0 1 network 100 1 1 0 0 0 0 255 PE1 ospf 100 area 0 0 0 1 quit PE1 ospf 100 quit PE2 bgp 100 PE1 bgp ipv4 family vpn instance vpn1 PE1 bgp vpn1 import route ospf 100 PE1 bgp vpn1 import route direct PE1 bgp vpn1 q...

Page 349: ...OSPF 10 3126 100 1 1 1 Vlan11 4 Configure a sham link Configure PE 1 PE1 interface loopback 1 PE1 LoopBack1 ip binding vpn instance vpn1 PE1 LoopBack1 ip address 3 3 3 3 32 PE1 LoopBack1 quit PE1 ospf 100 PE1 ospf 100 area 1 PE1 ospf 100 area 0 0 0 1 sham link 3 3 3 3 5 5 5 5 cost 10 PE1 ospf 100 area 0 0 0 1 quit PE1 ospf 100 quit Configure PE 2 PE2 interface loopback 1 PE2 LoopBack1 ip binding v...

Page 350: ... 1 0 24 OSPF 10 1574 100 1 1 2 Vlan11 100 1 1 0 24 Direct 0 0 100 1 1 1 Vlan11 100 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 120 1 1 0 24 OSPF 10 12 100 1 1 2 Vlan11 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 Issue the display ospf sham link command on the PEs The output shows that a sham link has been established Take PE 1 as an example PE1 display ospf sham li...

Page 351: ... LSPs Establish MP IBGP peer relationship between the PEs to advertise VPN IPv4 routes Configure the VPN instance of VPN 1 on PE 2 to allow CE 2 to access the network Configure the VPN instance of VPN 1 on PE 1 to allow CE 1 to access the network Configure BGP between PE 1 and CE 1 and between PE 2 and CE 2 to inject routes of CEs into PEs After completing the configurations issue the display ip r...

Page 352: ...abling BGP update packet debugging on PE 2 you can see that PE 2 advertises the route to 100 1 1 1 32 and the AS_PATH is 100 600 PE2 terminal monitor PE2 terminal debugging PE2 debugging bgp update vpn instance vpn1 verbose PE2 refresh bgp vpn instance vpn1 all export 0 4402392 PE2 RM 7 RMDEBUG BGP vpn1 Send UPDATE to 10 2 1 1 for following destinations Origin Incomplete AS Path 100 600 Next Hop 1...

Page 353: ... 100 10 2 1 1 32 10 2 1 2 0 0 100 100 1 1 1 32 10 2 1 2 0 100 100 CE2 display ip routing table Routing Tables Public Destinations 9 Routes 9 Destination Mask Proto Pre Cost NextHop Interface 10 1 1 0 24 BGP 255 0 10 2 1 2 Vlan12 10 1 1 1 32 BGP 255 0 10 2 1 2 Vlan12 10 2 1 0 24 Direct 0 0 10 2 1 1 Vlan12 10 2 1 1 32 Direct 0 0 127 0 0 1 InLoop0 10 2 1 2 32 Direct 0 0 10 2 1 2 Vlan12 100 1 1 1 32 B...

Page 354: ...PE2 respectively to add the SoO attribute to routes received from CE 1 and CE 2 Figure 87 Network diagram Device Interface IP address Device Interface IP address CE 1 Loop0 100 1 1 1 32 CE 3 Loop0 200 1 1 1 32 Vlan int2 10 1 1 1 24 Vlan int7 10 3 1 1 24 CE 2 Vlan int2 10 2 1 1 24 PE 2 Loop0 2 2 2 9 32 PE 1 Loop0 1 1 1 9 32 Vlan int2 10 2 1 2 24 Vlan int2 10 1 1 2 24 Vlan int4 20 1 1 2 24 Vlan int3...

Page 355: ...p routing table peer 10 2 1 2 received routes Total Number of Routes 8 BGP Local router ID is 10 2 1 1 Status codes valid VPN best best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Network NextHop MED LocPrf PrefVal Path Ogn 10 1 1 0 24 10 2 1 2 0 100 10 1 1 1 32 10 2 1 2 0 100 10 2 1 0 24 10 2 1 2 0 0 100 10 2 1 1 32 10 2 1 2 0 0 100 10 3 1 0 24 10 2 1 2 0 100 ...

Page 356: ...p 100 PE2 bgp ipv4 family vpn instance vpn1 PE2 bgp vpn1 peer 10 2 1 1 route policy soo import PE2 bgp vpn1 quit PE2 bgp quit PE 2 will not advertise routes received from CE 1 to CE 2 because the same SoO attribute has been configured Display the routing table of CE 2 You can see that the route 100 1 1 1 32 has been removed CE2 display ip routing table Routing Tables Public Destinations 9 Routes 9...

Page 357: ...PN functions similarly It uses BGP to advertise IPv6 VPN routes and uses MPLS to forward IPv6 VPN packets on the service provider backbone Figure 88 shows the typical IPv6 MPLS L3VPN model At present the service provider backbone in the IPv6 MPLS L3VPN model is an IPv4 network IPv6 runs inside the VPNs and between CEs and PEs Therefore PEs must support both IPv4 and IPv6 The PE CE interfaces of a ...

Page 358: ...to the destination by IPv6 forwarding IPv6 MPLS L3VPN routing information advertisement The IPv6 VPN routing information of a local CE is advertised to a remote peer PE in three steps 1 From the local CE to the ingress PE 2 From the ingress PE to the egress PE 3 From the egress PE to the remote peer CE Then a route is available from the local CE to the remote CE Routing information exchange from t...

Page 359: ...rier s carrier Multi VPN instance CE IPv6 MPLS L3VPN configuration task list Complete the following tasks to configure IPv6 MPLS L3VPN Task Remarks Configuring basic IPv6 MPLS L3VPN By configuring basic IPv6 MPLS L3VPN you can construct simple IPv6 VPN networks over an MPLS backbone To deploy special IPv6 MPLS L3VPN networks such as inter AS VPN you must perform some specific configurations in add...

Page 360: ...VPN instance configurations are performed on PEs or MCEs Creating a VPN instance A VPN instance is associated with a site It is a collection of the VPN membership and routing rules of its associated site A VPN instance does not necessarily correspond to one VPN To create and configure a VPN instance Step Command Remarks 1 Enter system view system view N A 2 Create a VPN instance and enter VPN inst...

Page 361: ... community attribute list which is usually the export target attribute of the VPN instance associated with the CE The VPN instance determines which routes it can accept and redistribute according to the import extcommunity in the route target The VPN instance determines how to change the route targets attributes for routes to be advertised according to the export extcommunity in the route target T...

Page 362: ...d With the tunnel select seq command you can specify the tunnel selection preference order and the number of tunnels for load balancing With the preferred path command you can configure preferred tunnels that each correspond to a tunnel interface After a tunneling policy is applied on a PE the PE selects tunnels in this order The PE matches the peer PE address against the destination addresses of ...

Page 363: ... for load balancing tunnel select seq cr lsp lsp load balance number number By default only one tunnel is selected no load balancing in this order LSP tunnel CR LSP tunnel If you specify more than one tunnel type and the number of tunnels of a type is less than the specified number of tunnels for load balancing tunnels of different types may be used 5 Return to system view quit N A 6 Enter VPN ins...

Page 364: ...g Configuration Guide Configuring RIPng between PE and CE A RIPng process belongs to the public network or a single VPN instance If you create a RIPng process without binding it to a VPN instance the process belongs to the public network For more information about RIPng see Layer 3 IP Routing Configuration Guide To configure RIPng between PE and CE Step Command Remarks 1 Enter system view system v...

Page 365: ...information about IPv6 IS IS see Layer 3 IP Routing Configuration Guide To configure IPv6 IS IS between PE and CE Step Command Remarks 1 Enter system view system view N A 2 Create an IPv6 IS IS process for a VPN instance and enter IS IS view isis process id vpn instance vpn instance name Perform this configuration on PEs On CEs create a normal IPv6 IS IS process 3 Configure a network entity title ...

Page 366: ...ks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Enter IPv6 BGP subaddress family view ipv6 family N A 4 Configure the PE as the EBGP peer peer ipv6 address as number as number N A 5 Configure route redistribution and advertisement import route protocol process id med med value route policy route policy name Optional A CE needs to advertise its VPN routes to the connecte...

Page 367: ...gure the remote PE as the peer peer ip address as number as number N A 4 Specify the interface for TCP connections peer ip address connect interface interface type interface number N A 5 Enter BGP VPNv6 subaddress family view ipv6 family vpnv6 N A 6 Set the default value of the local preference default local preference value Optional 100 by default 7 Set the default value for the system MED defaul...

Page 368: ...ess reflect client Optional No route reflector or client is configured by default 17 Enable route reflection between clients reflect between clients Optional Enabled by default 18 Configure a cluster ID for the route reflector reflector cluster id cluster id ip address Optional By default each RR in a cluster uses its own router ID as the cluster ID If more than one RR exists in a cluster use this...

Page 369: ... as its CE In other words configure VPN instances on both PEs and ASBR PEs The VPN instances on PEs allow CEs to access the network while those on ASBR PEs are for access of the peer ASBR PEs For configuration information see Configuring basic IPv6 MPLS L3VPN In the inter AS IPv6 VPN option A solution for the same IPv6 VPN the route targets configured on the PEs must match those configured on the ...

Page 370: ...igns new MPLS labels to the labeled routes to be advertised to the PEs in the same AS The configuration is the same as that in the Inter AS IPv4 VPN option C solution For more information see Configuring MPLS L3VPN Resetting BGP connections When BGP configuration changes use the soft reset function or reset BGP connections to make the changes take effect Soft reset requires that BGP peers have the...

Page 371: ...Nv6 peers established between PEs display bgp vpnv6 all peer ipv4 address verbose verbose begin exclude include regular expression Available in any view Display information about IPv6 BGP peers established between the PE and CE in a VPN instance display bgp vpnv6 vpn instance vpn instance name peer ipv6 address verbose verbose begin exclude include regular expression Available in any view Display ...

Page 372: ...32 PE 1 Loop0 1 1 1 9 32 Vlan int12 172 2 1 1 24 Vlan int11 2001 1 2 64 Vlan int13 172 1 1 2 24 Vlan int13 172 1 1 1 24 PE 2 Loop0 3 3 3 9 32 Vlan int12 2001 2 2 64 Vlan int12 172 2 1 2 24 CE 2 Vlan int12 2001 2 1 64 Vlan int11 2001 3 2 64 CE 3 Vlan int11 2001 3 1 64 Vlan int13 2001 4 2 64 CE 4 Vlan int13 2001 4 1 64 Configuration procedure 1 Configure OSPF on the MPLS backbone to achieve IP conne...

Page 373: ... 0 network 172 2 1 0 0 0 0 255 P ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 P ospf 1 area 0 0 0 0 quit P ospf 1 quit Configure PE 2 PE2 system view PE2 interface loopback 0 PE2 LoopBack0 ip address 3 3 3 9 32 PE2 LoopBack0 quit PE2 interface vlan interface 12 PE2 Vlan interface12 ip address 172 2 1 2 24 PE2 Vlan interface12 quit PE2 ospf PE2 ospf 1 area 0 PE2 ospf 1 area 0 0 0 0 network 172 2 1 0...

Page 374: ...72 1 1 2 GR State Normal State Full Mode Nbr is Master Priority 1 DR None BDR None MTU 1500 Dead timer due in 38 sec Neighbor is up for 00 02 44 Authentication Sequence 0 Neighbor state change count 5 2 Configure the MPLS basic capability and enable MPLS LDP on the MPLS backbone to establish LDP LSPs Configure PE 1 PE1 mpls lsr id 1 1 1 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit PE1 i...

Page 375: ...dvertisement Mode FT Fault Tolerance PE1 display mpls ldp lsp LDP LSP Information SN DestAddress Mask In OutLabel Next Hop In Out Interface 1 1 1 1 9 32 3 NULL 127 0 0 1 Vlan interface13 InLoop0 2 2 2 2 9 32 NULL 3 172 1 1 2 Vlan interface13 3 3 3 3 9 32 NULL 1024 172 1 1 2 Vlan interface13 A before an LSP means the LSP is not established A before a Label means the USCB or DSCB is stale 3 Configur...

Page 376: ...rding to Figure 90 Details not shown After completing the configurations issue the display ip vpn instance command on the PEs to view the configuration of the VPN instance Use the ping command to test connectivity between the PEs and their attached CEs The PEs can ping their attached CEs Take PE 1 and CE 1 as an example PE1 display ip vpn instance Total VPN Instances configured 2 VPN Instance Name...

Page 377: ...s you configure PE 1 Details not shown After completing the configurations issue the display bgp vpnv6 vpn instance peer command on the PEs The output shows that BGP peer relationship has been established between PE and CE switches and has reached Established state Take the PE 1 CE 1 BGP peer relationship as an example PE1 display bgp vpnv6 vpn instance vpn1 peer BGP local router ID 1 1 1 9 Local ...

Page 378: ...le vpn instance command on the PEs The output shows the routes to the CEs Take PE 1 as an example PE1 display ipv6 routing table vpn instance vpn1 Routing Table Destinations 3 Routes 3 Destination 2001 1 64 Protocol Direct NextHop 2001 1 2 Preference 0 Interface Vlan11 Cost 0 Destination 2001 1 2 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 2001 2 64 Protocol BGP...

Page 379: ...64 time 1 ms 2001 3 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 1 1 1 ms CE1 ping ipv6 2001 4 1 PING 2001 4 1 56 data bytes press CTRL_C to break Request time out Request time out Request time out Request time out Request time out 2001 4 1 ping statistics 5 packet s transmitted 0 packet s received 100 00 packet loss round trip min avg max 0 ...

Page 380: ...f each router through OSPF The loopback interface address of a switch is to be used as the switch s LSR ID After you complete the configurations each ASBR PE and the PE in the same AS can establish OSPF adjacencies Issue the display ospf peer command The output shows that the adjacencies reach the Full state and that PE and ASBR PE routers in the same AS can learn the routes to the loopback interf...

Page 381: ...interface 11 ASBR PE2 Vlan interface11 mpls ASBR PE2 Vlan interface11 mpls ldp ASBR PE2 Vlan interface11 quit Configure the MPLS basic capability on PE 2 and enable MPLS LDP for PE 2 for the interface connected to ASBR PE 2 PE2 system view PE2 mpls lsr id 4 4 4 9 PE2 mpls PE2 mpls quit PE2 mpls ldp PE2 mpls ldp quit PE2 interface vlan interface 11 PE2 Vlan interface11 mpls PE2 Vlan interface11 mpl...

Page 382: ...s 2001 2 2 64 PE2 Vlan interface12 quit Configure ASBR PE 1 creating a VPN instance and binding the VPN instance to the interface connected to ASBR PE 2 ASBR PE 1 considers ASBR PE 2 its attached CE ASBR PE1 ip vpn instance vpn1 ASBR PE1 vpn instance vpn1 route distinguisher 100 2 ASBR PE1 vpn instance vpn1 vpn target 100 1 both ASBR PE1 vpn instance vpn1 quit ASBR PE1 interface vlan interface 12 ...

Page 383: ... bgp ipv6 family CE2 bgp af ipv6 peer 2001 2 2 as number 200 CE2 bgp af ipv6 import route direct CE2 bgp af ipv6 quit Configure PE 2 PE2 bgp 200 PE2 bgp ipv6 family vpn instance vpn1 PE2 bgp ipv6 vpn1 peer 2001 2 1 as number 65002 PE2 bgp ipv6 vpn1 import route direct PE2 bgp ipv6 vpn1 quit PE2 bgp quit 5 Establish IBGP peer relationship between each PE and the ASBR PE in the same AS and EBGP peer...

Page 384: ... vpnv6 PE2 bgp af vpnv6 peer 3 3 3 9 enable PE2 bgp af vpnv6 quit PE2 bgp quit 6 Verify your configuration After you complete the configurations display the routing table and use the ping command The CEs have learned the route to each other and can ping each other Configuring inter AS IPv6 VPN option C Network requirements Site 1 and Site 2 belong to the same VPN Site 1 accesses the network throug...

Page 385: ...1 network entity 10 111 111 111 111 00 PE1 isis 1 quit Configure an LSR ID and enable MPLS and LDP PE1 mpls lsr id 2 2 2 9 PE1 mpls PE1 mpls label advertise non null PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit Configure interface VLAN interface 11 and start IS IS and enable MPLS and LDP on the interface PE1 interface vlan interface 11 PE1 Vlan interface11 ip address 1 1 1 2 255 0 0 0 PE1 Vlan int...

Page 386: ... 3 9 connect interface loopback 0 PE1 bgp peer 3 3 3 9 label route capability Configure the maximum hop count from PE 1 to EBGP peer 5 5 5 9 as 10 PE1 bgp peer 5 5 5 9 as number 600 PE1 bgp peer 5 5 5 9 connect interface loopback 0 PE1 bgp peer 5 5 5 9 ebgp max hop 10 Configure peer 5 5 5 9 as a VPNv6 peer PE1 bgp ipv6 family vpnv6 PE1 bgp af vpnv6 peer 5 5 5 9 enable PE1 bgp af vpnv6 quit Redistr...

Page 387: ...PE1 route policy policy2 permit node 1 ASBR PE1 route policy2 if match mpls label ASBR PE1 route policy2 apply mpls label ASBR PE1 route policy2 quit Start BGP on ASBR PE 1 and redistribute routes from IS IS process 1 ASBR PE1 bgp 100 ASBR PE1 bgp import route isis 1 Apply routing policy policy2 to filter routes advertised to IBGP peer 2 2 2 9 ASBR PE1 bgp peer 2 2 2 9 as number 100 ASBR PE1 bgp p...

Page 388: ... on it ASBR PE2 interface vlan interface 12 ASBR PE2 Vlan interface12 ip address 11 0 0 1 255 0 0 0 ASBR PE2 Vlan interface12 mpls ASBR PE2 Vlan interface12 quit Create routing policies ASBR PE2 route policy policy1 permit node 1 ASBR PE2 route policy1 apply mpls label ASBR PE2 route policy1 quit ASBR PE2 route policy policy2 permit node 1 ASBR PE2 route policy2 if match mpls label ASBR PE2 route ...

Page 389: ...lan interface 11 PE2 Vlan interface11 ip address 9 1 1 2 255 0 0 0 PE2 Vlan interface11 isis enable 1 PE2 Vlan interface11 mpls PE2 Vlan interface11 mpls ldp PE2 Vlan interface11 quit Configure interface Loopback 0 and start IS IS on it PE2 interface loopback 0 PE2 LoopBack0 ip address 5 5 5 9 32 PE2 LoopBack0 isis enable 1 PE2 LoopBack0 quit Create VPN instance vpn1 and configure the RD and route...

Page 390: ...ur configuration From each PE ping the other PE PE 1 and PE 2 can ping each other PE2 ping ipv6 vpn instance vpn1 2001 1 1 PING 2001 1 1 56 data bytes press CTRL_C to break Reply from 2001 1 1 bytes 56 Sequence 1 hop limit 64 time 1 ms Reply from 2001 1 1 bytes 56 Sequence 2 hop limit 64 time 1 ms Reply from 2001 1 1 bytes 56 Sequence 3 hop limit 64 time 1 ms Reply from 2001 1 1 bytes 56 Sequence ...

Page 391: ...E 2 are the customer carrier s switches They connect to the provider carrier s backbone as CE switches PE 3 and PE 4 are the customer carrier s PE switches They provide IPv6 MPLS L3VPN services for the end customers CE 3 and CE 4 are customers of the customer carrier The key to the carrier s carrier deployment is to configure exchange of two kinds of routes Exchange of the customer carrier s inter...

Page 392: ...PE 1 Loop0 3 3 3 9 32 PE 2 Loop0 4 4 4 9 32 Vlan int11 11 1 1 2 24 Vlan int12 30 1 1 2 24 Vlan int12 30 1 1 1 24 Vlan int11 21 1 1 1 24 Configuration procedure 1 Configure MPLS L3VPN on the provider carrier backbone start IS IS as the IGP enable LDP on PE 1 and PE 2 and establish MP IBGP peer relationship between the PEs Configure PE 1 PE1 system view PE1 interface loopback 0 PE1 LoopBack0 ip addr...

Page 393: ...onship has been established and has reached Established state Issue the display isis peer command The output shows that an IS IS neighbor relationship has been set up Take PE 1 as an example PE1 display mpls ldp session LDP Session s in Public Network Total number of sessions 1 Peer ID Status LAM SsnRole FT MD5 KA Sent Rcv 4 4 4 9 0 Operational DU Active Off Off 378 378 LAM Label Advertisement Mod...

Page 394: ... 9 32 CE1 LoopBack0 quit CE1 mpls lsr id 2 2 2 9 CE1 mpls CE1 mpls quit CE1 mpls ldp CE1 mpls ldp quit CE1 isis 2 CE1 isis 2 network entity 10 0000 0000 0000 0002 00 CE1 isis 2 quit CE1 interface loopback 0 CE1 LoopBack0 isis enable 2 CE1 LoopBack0 quit CE1 interface vlan interface 12 CE1 Vlan interface12 ip address 10 1 1 2 24 CE1 Vlan interface12 isis enable 2 CE1 Vlan interface12 mpls CE1 Vlan ...

Page 395: ...PE1 bgp vpn1 import isis 2 PE1 bgp vpn1 quit PE1 bgp quit Configure CE 1 CE1 interface vlan interface11 CE1 Vlan interface11 ip address 11 1 1 1 24 CE1 Vlan interface11 isis enable 2 CE1 Vlan interface11 mpls CE1 Vlan interface11 mpls ldp CE1 Vlan interface11 mpls ldp transport address interface CE1 Vlan interface11 quit After you complete the configurations PE 1 and CE 1 can establish the LDP ses...

Page 396: ...3 Details not shown 6 Verify your configuration Issue the display ip routing table command on PE 1 and PE 2 The output shows that only routes of the provider carrier network are present in the public network routing table of PE 1 and PE 2 Take PE 1 as an example PE1 display ip routing table Routing Tables Public Destinations 7 Routes 7 Destination Mask Proto Pre Cost NextHop Interface 3 3 3 9 32 D...

Page 397: ...ons 16 Routes 16 Destination Mask Proto Pre Cost NextHop Interface 1 1 1 9 32 ISIS 15 10 10 1 1 2 Vlan12 2 2 2 9 32 Direct 0 0 127 0 0 1 InLoop0 5 5 5 9 32 ISIS 15 74 11 1 1 2 Vlan11 6 6 6 9 32 ISIS 15 74 11 1 1 2 Vlan11 10 1 1 0 24 Direct 0 0 10 1 1 2 Vlan12 10 1 1 1 32 Direct 0 0 10 1 1 1 Vlan12 10 1 1 2 32 Direct 0 0 127 0 0 1 InLoop0 11 1 1 0 24 Direct 0 0 11 1 1 1 Vlan11 11 1 1 1 32 Direct 0 ...

Page 398: ...56 Sequence 3 ttl 252 time 83 ms Reply from 20 1 1 2 bytes 56 Sequence 4 ttl 252 time 70 ms Reply from 20 1 1 2 bytes 56 Sequence 5 ttl 252 time 60 ms 20 1 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 60 87 127 ms CE 3 and CE 4 can ping each other CE3 ping ipv6 2001 2 1 PING 2001 2 1 56 data bytes press CTRL_C to break Reply from 2001 2 1 b...

Page 399: ...rwarding 1 15 Configuring traffic forwarding tuning parameters 1 17 Configuring VPLS instance attributes 173 Creating an MPLS TE Tunnel over a static CR LSP 103 Creating an MPLS TE tunnel with a dynamic signaling protocol 104 D Displaying and maintaining MCE 21 Displaying and maintaining MPLS 80 Displaying and maintaining MPLS L2VPN 207 Displaying and maintaining MPLS L3VPN 269 Displaying and main...

Page 400: ...Resetting BGP connections 20 Resetting BGP connections 358 Resetting BGP connections 268 S Setting MPLS statistics reading interval 76 T Troubleshooting MPLS L2VPN 226 Troubleshooting MPLS TE 162 Troubleshooting VPLS 189 Tuning CR LSP setup 1 12 Tuning MPLS TE tunnel setup 1 14 V VPLS configuration examples 175 VPLS configuration task list 169 VPLS overview 163 ...