Page 1: Configuration Guide
HP 10500 Switch Series MPLS Configuration Guide Part number: 5998-3861 Software version: Release 2105 and later Document version: 6W100-20130515...
Page 2 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Page 3: Table Of Contents
Contents Configuring MCE ························································································································································· 1 MCE overview ··································································································································································· 1 MPLS L3VPN overview ············································································································································· 1 MPLS L3VPN concepts ············································································································································· 2 MCE ··········································································································································································· 3 How MCE works ······················································································································································ 4 Configuring VPN instances on an MCE device ············································································································· 5 ...
Page 4 Configuring LDP ························································································································································· 58 Overview ········································································································································································· 58 Terminology ··························································································································································· 58 LDP messages ························································································································································· 58 LDP operation ························································································································································· 59 Label distribution and control ······························································································································· 60 LDP GR ···································································································································································· 62 Protocols ································································································································································· 63 LDP configuration task list ·············································································································································· 63 ...
Page 5 Configuring BGP VPNv4 route control ············································································································· 112 Configuring inter-AS VPN ··········································································································································· 114 Configuring inter-AS option A ···························································································································· 114 Configuring inter-AS option B ···························································································································· 114 Configuring inter-AS option C···························································································································· 115 Configuring nested VPN ·············································································································································· 117 Configuring HoVPN ·····················································································································································...
Page 6 Static PW configuration example ······················································································································ 274 LDP PW configuration example ························································································································· 278 Support and other resources ·································································································································· 283 Contacting HP ······························································································································································ 283 Subscription service ············································································································································ 283 Related information ······················································································································································ 283 Documents ···························································································································································· 283 ...
Page 7: Configuring Mce
Configuring MCE This chapter covers Multi-VPN-Instance CE (MCE) configuration only. For information about routing protocols, see Layer 3—IP Services Configuration Guide. MCE overview MPLS L3VPN overview MPLS L3VPN is a PE-based L3VPN technology. It uses BGP to advertise VPN routes and uses MPLS to forward VPN packets over the service provider backbone.
Page 8: Mpls L3Vpn Concepts
After a PE learns VPN routing information from a CE, it uses BGP to advertise the VPN routing information to other PEs. A PE maintains routing information for only directly connected VPNs, rather than all VPNs on the provider network. A P router maintains only routes to PEs and does not deal with VPN routing information.
Page 9: Mce
Figure 2 VPN-IPv4 address structure The MCE device does not support advertising VPN routes through MP-BGP. However, to run BGP VPN instances on the MCE device, you must configure a unique RD for each VPN instance to distinguish between the VPN instances. An RD can be in one of the following formats distinguished by a 2-byte Type field: When the value of the Type field is 0, the Administrator subfield occupies two bytes, the Assigned •...
Page 10: How Mce Works
For better services and higher security, a private network is usually divided into multiple VPNs to isolate services. To meet these requirements, you can configure a CE for each VPN, which increases device expenses and maintenance costs. Or, you can configure multiple VPNs to use the same CE and the same routing table, which sacrifices data security.
Page 11: Configuring Vpn Instances On An Mce Device
Configuring VPN instances on an MCE device Configuring VPN instances is required in all MCE networking schemes. VPN instances isolate not only VPN routes from public network routes, but also routes among VPNs. This feature allows VPN instances to be used in networking scenarios besides MCE. Creating a VPN instance You can configure a description for a VPN instance to record its related information, such as its relationship with a certain VPN.
Page 12: Configuring Routing On An Mce Device
When a VPN route learned from a site gets redistributed into BGP, BGP associates it with a route • target extended community attribute list, which is usually the export target attribute list of the VPN instance associated with the site. •...
Page 13: Configuration Prerequisites
MCE-PE routing configuration • Configuration prerequisites Before you configure routing on an MCE, complete the following tasks: Configure VPN instances, and bind the VPN instances with the interfaces connected to the VPN • sites and the PE. • Configure the link layer and network layer protocols on related interfaces to ensure IP connectivity. Configuring routing between an MCE and a VPN site Configuring static routing between an MCE and a VPN site An MCE can reach a VPN site through a static route.
Page 14 Step Command Remarks Create a RIP process for a Perform this configuration on the rip [ process-id ] vpn-instance VPN instance and enter RIP MCE. On the VPN site, create a vpn-instance-name view. normal RIP process. Enable RIP on the interface By default, RIP is disabled on an attached to the specified network network-address...
Page 15 VPN routes. loops. To avoid such routing loops, you can configure route tags for VPN instances on an MCE. HP recommends that you configure the same route tag for the same VPN on the MCEs.
Page 16 Step Command Remarks By default, OSPF does not redistribute the default route. (Optional.) Configure OSPF default-route-advertise summary This command redistributes the to redistribute the default cost cost default route in a Type-3 LSA. The route. MCE advertises the default route to the site.
Page 17 carry the OSPF domain ID by configuring the domain-id command in OSPF view. The domain ID is added to BGP VPN routes as an extended community attribute. Configure the MCE: Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter BGP-VPN instance view.
Page 18 Step Command Remarks Configure the MCE as an peer { group-name | ip-address } By default, no BGP peer or peer EBGP peer. as-number as-number group is configured. Create and enter BGP-VPN ipv4-family [ unicast ] IPv4 address family view. Enable BGP to exchange IPv4 By default, BGP does not exchange unicast routing information...
Page 19: Configuring Routing Between An Mce And A Pe
Step Command Remarks (Optional.) Configure a filter-policy { acl-number | By default, BGP does not filter filtering policy to filter prefix-list prefix-list-name } import received routes. received routes. Configure the VPN site: Step Command Remarks Enter system view. system-view Enable BGP and enter BGP bgp as-number By default, BGP is disabled.
Page 20 Configuring RIP between an MCE and a PE Step Command Remarks Enter system view. system-view Create a RIP process for rip [ process-id ] vpn-instance a VPN instance and vpn-instance-name enter RIP view. Enable RIP on the By default, RIP is disabled on interface attached to network network-address an interface.
Page 21 VPN routes. loops. To avoid such routing loops, you can configure route tags for VPN instances on an MCE. HP recommends that you configure the same route tag for the same VPN on the MCEs.
Page 22 Step Command Remarks By default, IS-IS does not redistribute routes from any other import-route protocol [ process-id | routing protocol. all-processes | allow-ibgp ] [ cost cost | (Optional.) Redistribute cost-type { external | internal } | [ level-1 If you do not specify the route level the VPN routes.
Page 23: Displaying And Maintaining Mce
Step Command Remarks Enable BGP and enter BGP bgp as-number By default, BGP is not enabled. view. Enter BGP-VPN instance view. ip vpn-instance vpn-instance-name Specify the PE as an IBGP peer { group-name | ip-address } By default, no BGP peer or peer peer.
Page 24 Configure the MCE device to separate routes from different VPNs and advertise the VPN routes to PE 1 through OSPF. Figure 4 Network diagram VPN 2 Site 1 CE 1 PE 2 PE 1 XGE1/0/1 Vlan-int30: 30.1.1.2/24 Vlan-int40: 40.1.1.2/24 PE 3 CE 2 XGE1/0/3 VPN 1...
Page 25 # Bind VLAN-interface 10 with VPN instance vpn1, and configure an IP address for VLAN-interface 10. [MCE-Vlan-interface10] ip binding vpn-instance vpn1 [MCE-Vlan-interface10] ip address 10.214.10.3 24 # Configure VLAN 20, add port Ten-GigabitEthernet 1/0/2 to VLAN 20, bind VLAN-interface 20 with VPN instance vpn2, and specify an IP address for VLAN-interface 20.
Page 26 10.214.10.255/32 Direct 0 10.214.10.3 Vlan10 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 127.0.0.1 InLoop0 192.168.0.0/24 Static 60 10.214.10.2 Vlan10 224.0.0.0/4 Direct 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0.0.0.0 NULL0 255.255.255.255/32 Direct 0 127.0.0.1...
Page 27 255.255.255.255/32 Direct 0 127.0.0.1 InLoop0 The output shows that the MCE has learned the private routes of VPN 2. The MCE maintains the routes of VPN 1 and those of VPN 2 in two different routing tables. In this way, routes from different VPNs are separated.
Page 28 [PE1-Vlan-interface40] ip address 40.1.1.2 24 [PE1-Vlan-interface40] quit # Configure the IP address of the interface Loopback 0 as 101.101.10.1 for the MCE and as 100.100.10.1 for PE 1. Specify the loopback interface address as the router ID for the MCE and PE 1.
Page 29: Using Bgp To Advertise Vpn Routes To The Pe
The following output shows that PE 1 has learned the private route of VPN 2 through OSPF. [PE1] display ip routing-table vpn-instance vpn2 Destinations : 13 Routes : 13 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 127.0.0.1 InLoop0 40.1.1.0/24 Direct 0 40.1.1.2 Vlan40...
Page 30 Figure 5 Network diagram VPN 2 Site 1 CE 1 PE 2 PE 1 XGE1/0/1 Vlan-int30: 30.1.1.2/24 Vlan-int40: 40.1.1.2/24 PE 3 CE 2 XGE1/0/3 VPN 1 VPN 1 Vlan-int30: 30.1.1.1/24 XGE1/0/1 192.168.0.0/24 Site 2 Vlan-int40: 40.1.1.1/24 Vlan-int10 XGE1/0/2 VR 1 10.214.10.3/24 Vlan-int20 10.214.20.3/24...
Page 31 10.214.10.0/32 Direct 0 10.214.10.3 Vlan10 10.214.10.3/32 Direct 0 127.0.0.1 InLoop0 10.214.10.255/32 Direct 0 10.214.10.3 Vlan10 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 127.0.0.1 InLoop0 192.168.0.0/24 OSPF 10.214.10.2 Vlan10 224.0.0.0/4 Direct 0 0.0.0.0 NULL0...
Page 32 [PE1] bgp 200 [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 30.1.1.1 as-number 100 [PE1-bgp-vpn1] ipv4-family [PE1-bgp-ipv4-vpn1] peer 30.1.1.1 enable [PE1-bgp-ipv4-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # On PE 1, display the routing information of VPN instance vpn1. [PE1] display ip routing-table vpn-instance vpn1 Destinations : 13 Routes : 13 Destination/Mask...
Page 33 Now, the MCE has redistributed the OSPF routes of the two VPN instances into the EBGP routing tables of PE 1.
Page 34: Configuring Ipv6 Mce
Configuring IPv6 MCE This chapter describes how to configure the IPv6 MCE function. Overview In MPLS L3VPN networks, MCE uses static routes or dynamic routing protocols to advertise IPv4 routes between internal networks and PEs and forwards IPv4 packets. In IPv6 MPLS L3VPN networks, IPv6 MCE uses IPv6 static routes and dynamic routing protocols to advertise IPv6 routes between internal networks and PEs and forwards IPv6 packets.
Page 35: Configuring Route Attributes For A Vpn Instance
Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Associate the current interface ip binding vpn-instance By default, no VPN instance is with a VPN instance. vpn-instance-name associated with an interface. NOTE: The ip binding vpn-instance command deletes the IPv6 address of the current interface. You must reconfigure an IPv6 address for the interface after configuring the command.
Page 36: Configuring Routing On An Ipv6 Mce Device
Step Command Remarks By default, advertised routes are not filtered. (Optional.) Apply an export Make sure the routing policy export route-policy route-policy routing policy. already exists. Otherwise, the device does not filter advertised routes. NOTE: Route related attributes configured in VPN instance view are applicable to both IPv4 VPNs and IPv6 •...
Page 37 Step Command Remarks By default, no IPv6 ipv6 route-static vpn-instance static route is s-vpn-instance-name ipv6-address prefix-length configured. { interface-type interface-number Perform this Configure an IPv6 static route [ next-hop-address ] | nexthop-address [ public ] configuration on the for an IPv6 VPN instance. | vpn-instance d-vpn-instance-name IPv6 MCE.
Page 38 By configuring OSPFv3 process-to-IPv6 VPN instance bindings on an IPv6 MCE, you allow routes of different IPv6 VPNs to be exchanged between the IPv6 MCE and the sites through different OSPFv3 processes, ensuring the separation and security of IPv6 VPN routes. For more information about OSPFv3, see Layer 3—IP Routing Configuration Guide.
Page 39 Step Command Remarks By default, no routes from any other routing protocol are ipv6 import-route protocol redistributed to IPv6 IS-IS. (Optional.) Redistribute [ process-id ] [ allow-ibgp ] [ cost remote site routes advertised cost | [ level-1 | level-1-2 | If you do not specify the route level by the PE.
Page 40 Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Configure the MCE as the peer ipv6-address as-number By default, no BGP peer is EBGP peer. as-number configured. Create and enter BGP IPv6 ipv6-family [ unicast ] address family view. Enable BGP to exchange IPv6 By default, BGP cannot exchange unicast routing information...
Page 41: Configuring Routing Between An Ipv6 Mce And A Pe
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number peer { group-name | Configure the MCE as an By default, no BGP peer is ipv6-address } as-number IBGP peer. configured. as-number Create and enter BGP IPv6 ipv6-family [ unicast ] address family view.
Page 42 Step Command Remarks Enter system view. system-view Create a RIPng process for ripng [ process-id ] vpn-instance an IPv6 VPN instance and vpn-instance-name enter RIPng view. import-route protocol [ process-id ] By default, no route of any Redistribute the VPN [ allow-ibgp ] [ cost cost | route-policy other routing protocol is routes.
Page 43 Step Command Remarks Configure a network network-entity net By default, no NET is configured. entity title. Enable the IPv6 capacity for the IS-IS ipv6 enable By default, IPv6 is disabled. process. By default, IS-IS does not redistribute routes of any other ipv6 import-route protocol [ process-id ] routing protocol.
Page 44: Displaying Information About Ipv6 Mce
Configuring IBGP between an IPv6 MCE and a PE Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 BGP-VPN ip vpn-instance vpn-instance-name instance view. Configure the PE as an peer { group-name | ipv6-address } IBGP peer.
Page 45 Configure the IPv6 MCE to separate routes from different VPNs and advertise VPN routes to PE 1 through OSPFv3. Figure 6 Network diagram Configuration procedure Assume that the system name of the IPv6 MCE device is MCE, the system names of the edge devices of VPN 1 and VPN 2 are VR1 and VR2, respectively, and the system name of PE 1 is PE1.
Page 46 [MCE] vlan 10 [MCE-vlan10] port ten-gigabitethernet 1/0/1 [MCE-vlan10] quit # Bind VLAN-interface 10 with VPN instance vpn1, and configure an IPv6 address for the VLAN interface. [MCE] interface vlan-interface 10 [MCE-Vlan-interface10] ip binding vpn-instance vpn1 [MCE-Vlan-interface10] ipv6 address 2001:1::1 64 [MCE-Vlan-interface10] quit # Configure VLAN 20, add port Ten-GigabitEthernet 1/0/2 to VLAN 20, bind VLAN-interface 20 with VPN instance vpn2, and assign an IPv6 address to VLAN-interface 20.
Page 47 [MCE-Vlan-interface20] ripng 20 enable [MCE-Vlan-interface20] quit # On VR 2, assign IPv6 address 2002:1::2/64 to the interface connected to the MCE and 2012::2/64 to the interface connected to VPN 2. (Details not shown.) # Configure RIPng, and advertise subnets 2012::/64 and 2002:1::/64. ...
Page 48 NextHop : 2002:1::1 Preference: 0 Interface : Vlan20 Cost Destination: 2002:1::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2012::/64 Protocol : RIPng NextHop : FE80::20F:E2FF:FE3E:9CA2 Preference: 100 Interface : Vlan20 Cost Destination: FE80::/10 Protocol : Direct NextHop : ::...
Page 49 [PE1] vlan 30 [PE1-vlan30] quit [PE1] interface vlan-interface 30 [PE1-Vlan-interface30] ip binding vpn-instance vpn1 [PE1-Vlan-interface30] ipv6 address 30::2 64 [PE1-Vlan-interface30] quit # On PE 1, create VLAN 40 and VLAN-interface 40, bind VLAN-interface 40 with VPN instance vpn2 and configure an IPv6 address for the VLAN-interface 40. [PE1] vlan 40 [PE1-vlan40] quit [PE1] interface vlan-interface 40...
Page 50 Destination: 30::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2012:1::/64 Protocol : OSPFv3 NextHop : FE80::202:FF:FE02:2 Preference: 150 Interface : Vlan30 Cost Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost The output shows that PE 1 has learned the private route of VPN 1 through OSPFv3.
Page 51: Configuring Basic Mpls
Configuring basic MPLS Multiprotocol Label Switching (MPLS) provides connection-oriented label switching over connectionless IP backbone networks. Overview MPLS integrates both the flexibility of IP routing and the simplicity of Layer 2 switching, and delivers the following advantages: High speed and efficiency—MPLS uses short- and fixed-length labels to forward packets, avoiding •...
Page 52: Mpls Network Architecture
A router that performs MPLS forwarding is a label switching router (LSR). A label switched path (LSP) is the path along which packets of a FEC travel through an MPLS network. An LSP is a unidirectional packet forwarding path. Two neighboring LSRs are called the "upstream LSR" and "downstream LSR"...
Page 53: Lsp Establishment
Ingress LSR—Ingress LSR of packets. It labels packets entering into the MPLS network. • • Transit LSR—Intermediate LSRs in the MPLS network. The transit LSRs on an LSP forward packets to the egress LSR according to labels. Egress LSR—Egress LSR of packets. It removes labels from packets and forwards the packets to their •...
Page 54: Mpls Forwarding
MPLS forwarding Figure 11 MPLS forwarding As shown in Figure 1 1, a packet is forwarded over the MPLS network in the following steps: Router B (the ingress LSR) receives a packet with no label. It identifies the FIB entry that matches the destination address of the packet, pushes the outgoing label (40 in this example) to the packet, and forwards the labeled packet out of the interface VLAN-interface 20 to the next hop LSR Router When receiving the labeled packet, Router C identifies the LFIB entry that has an incoming label of...
Page 55: Protocols And Standards
By default, no LSR ID is configured. An LSR ID must be unique in an MPLS Configure an LSR ID for the local network and in IP address format. HP mpls lsr-id lsr-id node. recommends that you use the IP address of a loopback interface as an LSR ID.
Page 56: Configuring Mpls Mtu
Configuring MPLS MTU MPLS inserts the label stack between the link layer header and network layer header of each packet. To make sure the size of MPLS labeled packets is smaller than the MTU of an interface, configure an MPLS MTU on the interface.
Page 57: Configuring Ttl Propagation
Configuration guidelines If the penultimate hop supports PHP, HP recommends that you configure the egress to advertise an implicit null label to the penultimate hop. If you want to simplify packet forwarding on the egress but keep labels in packets for the egress to determine QoS policies, you can configure the egress to advertise an explicit null label to the penultimate hop.
Page 58: Enabling Sending Mpls Ttl-Expired Messages
Figure 13 Without TTL propagation Follow these guidelines when you configure TTL propagation: HP recommends that you set the same TTL processing mode on all LSRs of an LSP. • To enable TTL propagation for a VPN, you must enable it on all PE devices in the VPN, so that you •...
Page 59: Displaying And Maintaining Mpls
Displaying and maintaining MPLS Execute display commands in any view. Task Command Display MPLS interface information. display mpls interface [ interface-type interface-number ] Display usage information about MPLS display mpls label { label-value1 [ to label-value2 ] | all } labels.
Page 60: Configuring A Static Lsp
Configuring a static LSP Overview A static label switched path (LSP) is established by manually specifying the incoming label and outgoing label on each node (ingress, transit, or egress node) of the forwarding path. Static LSPs consume fewer resources, but they cannot automatically adapt to network topology changes. Therefore, static LSPs are suitable for small and stable networks with simple topologies.
Page 61: Displaying Static Lsps
Step Command Remarks If you specify a next hop for the Configure the static-lsp transit lsp-name in-label in-label static LSP, make sure the transit transit node of the nexthop next-hop-addr out-label out-label node has an active route to the static LSP. specified next hop address.
Page 62 Configuration procedure Create VLANs and specify IP addresses for all interfaces, including the loopback interfaces, as shown in Figure 14. (Details not shown.) Configure a static route to the destination address of each LSP: # On Switch A, configure a static route to network 21.1.1.0/24. ...
Page 63 Verifying the configuration # Use the display mpls static-lsp command on each switch to view information about static LSPs. Take Switch A as an example: [SwitchA] display mpls static-lsp Total: 2 Name In/Out Label Nexthop/Out Interface State AtoC 21.1.1.0/24 NULL/30 10.1.1.2 CtoA 70/NULL...
Page 64: Configuring Ldp
Configuring LDP Overview The Label Distribution Protocol (LDP) dynamically distributes FEC-label mapping information between LSRs to establish LSPs. Terminology LDP session Two LSRs establish a TCP-based LDP session to exchange FEC-label mappings. LDP peer Two LSRs that use LDP to exchange FEC-label mappings are LSR peers. Label spaces and LDP identifiers Label spaces include the following types: Per-interface label space—Each interface uses a single, independent label space.
Page 65: Ldp Operation
Advertisement messages—Create, alter, and remove FEC-label mappings, such as Label Mapping • messages used to advertise FEC-label mappings. Notification messages—Provide advisory information and notify errors, such as Notification • messages. LDP uses UDP to transport discovery messages for efficiency, and uses TCP to transport session, advertisement, and notification messages for reliability.
Page 66: Label Distribution And Control
Figure 15 Dynamically establishing an LSP Label distribution and control Label advertisement modes Figure 16 Label advertisement modes 1) Unsolicitely distributes a label mapping for a FEC to the upstream. 2) Unsolicitely distributes a label mapping for the FEC to the DU mode upstream.
Page 67 Label distribution control LDP controls label distribution in one of the following ways: • Independent label distribution—Distributes a FEC-label mapping to an upstream LSR at any time. An LSR may distribute a mapping for a FEC to its upstream LSR before it receives a label mapping for that FEC from its downstream LSR.
Page 68: Ldp Gr
LDP GR LDP GR overview LDP Graceful Restart enables an LSR to retain MPLS forwarding entries during an LDP restart, ensuring continuous MPLS forwarding. Figure 18 LDP GR As shown in Figure 18, GR defines the following roles: GR restarter—An LSR that performs GR. It must be GR-capable. •...
Page 69: Protocols
restarter goes down, it marks the FEC-label mappings learned from the session as stale and starts the Reconnect timer received from the GR restarter. After LDP completes restart, the GR restarter re-establishes an LDP session with the GR helper. If the LDP session is not set up before the Reconnect timer expires, the GR helper deletes the stale FEC-label mappings and the corresponding MPLS forwarding entries.
Page 70: Enabling Ldp
Enabling LDP To enable LDP, you must enable LDP globally, and then enable LDP on relevant interfaces or configure IGP to automatically enable LDP on those interfaces. Enabling LDP globally Step Command Remarks Enter system view. system-view • Enable LDP for the local node and enter LDP view: mpls ldp Enable LDP for the local...
Page 71: Configuring Ldp Session Parameters
Step Command Remarks Enter the view of the interface interface interface-type where you want to establish interface-number an LDP session. Configure the Link Hello hold By default, the Link Hello hold time mpls ldp timer hello-hold timeout time. is 15 seconds. Configure the Link Hello mpls ldp timer hello-interval By default, the Link Hello interval is...
Page 72: Configuring Ldp Backoff
Step Command Remarks interface interface-type Enter interface view. interface-number Configure the Keepalive hold mpls ldp timer keepalive-hold By default, the Keepalive hold time time. timeout is 45 seconds. Configure the Keepalive mpls ldp timer keepalive-interval By default, the Keepalive interval is interval.
Page 73: Configuring Ldp Md5 Authentication
The LDP backoff mechanism can mitigate this problem by using an initial delay timer and a maximum delay timer. After LDP fails to establish a session with a peer LSR for the first time, LDP does not start an attempt until the initial delay timer expires. If the session setup fails again, LDP waits for two times the initial delay before the next attempt, and so forth until the maximum delay time is reached.
Page 74: Configuring The Ldp Label Distribution Control Mode
Use only host routes with a 32-bit mask to establish LSPs. • By default, LDP uses only host routes with a 32-bit mask to establish LSPs. The other two methods can result in more LSPs than the default policy. To change the policy, be sure that the system resources and bandwidth resources are sufficient.
Page 75: Configuring A Label Acceptance Policy
A label advertisement policy on an LSR and a label acceptance policy on its upstream LSR can achieve the same purpose. HP recommends that you use label advertisement policies to reduce network load if downstream LSRs support label advertisement control.
Page 76: Configuring Ldp Loop Detection
A label advertisement policy on an LSR and a label acceptance policy on its upstream LSR can achieve the same purpose. HP recommends that you use the label advertisement policy to reduce network load. You must create an IP prefix list before you configure a label acceptance policy. For information about IP prefix list configuration, see Layer 3—IP Routing Configuration Guide.
Page 77: Configuring Ldp Session Protection
Step Command Remarks • Enter LDP view: mpls ldp Enter LDP view or enter • Enter LDP-VPN instance view: LDP-VPN instance view. mpls ldp vpn-instance vpn-instance-name By default, loop detection is disabled. After loop detection is Enable loop detection. loop-detect enabled, the device uses both the maximum hop count and the path vector methods to...
Page 78: Configuring Ldp Gr
Configuring LDP GR Before you configure LDP GR, enable LDP on the GR restarter and GR helpers. To configure LDP GR: Step Command Remarks Enter system view. system-view Enter LDP view. mpls ldp Enable LDP GR. graceful-restart By default, LDP GR is disabled. Configure the Reconnect graceful-restart timer reconnect By default, the Reconnect time is...
Page 79: Ldp Configuration Examples
LDP configuration examples LDP LSP configuration example Network requirements Switch A, Switch B, and Switch C all support MPLS. Configure LDP to establish LSPs between Switch A and Switch C, so subnets 1 1.1.1.0/24 and 21.1.1.0/24 can reach each other over MPLS. Configure LDP to establish LSPs for only destinations 1.1.1.9/32, 2.2.2.9/32, 3.3.3.9/32, 1 1.1.1.0/24, and 21.1.1.0/24 on Switch A, Switch B, and Switch C.
Page 80 [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit # Configure Switch C. system-view [SwitchC] ospf [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [SwitchC-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 21.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit # Verify that the switches have learned the routes to each other.
Page 81 [SwitchA-Vlan-interface2] mpls enable [SwitchA-Vlan-interface2] mpls ldp enable [SwitchA-Vlan-interface2] quit # Configure Switch B. [SwitchB] mpls lsr-id 2.2.2.9 [SwitchB] mpls ldp [SwitchB-ldp] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] mpls enable [SwitchB-Vlan-interface2] mpls ldp enable [SwitchB-Vlan-interface2] quit [SwitchB] interface vlan-interface 3 [SwitchB-Vlan-interface3] mpls enable [SwitchB-Vlan-interface3] mpls ldp enable [SwitchB-Vlan-interface3] quit # Configure Switch C.
Page 82: Label Acceptance Control Configuration Example
[SwitchC] ip prefix-list switchc index 20 permit 2.2.2.9 32 [SwitchC] ip prefix-list switchc index 30 permit 3.3.3.9 32 [SwitchC] ip prefix-list switchc index 40 permit 11.1.1.0 24 [SwitchC] ip prefix-list switchc index 50 permit 21.1.1.0 24 [SwitchC] mpls ldp [SwitchC-ldp] lsp-trigger prefix-list switchc [SwitchC-ldp] quit Verify the configuration: # Execute the display mpls ldp lsp command on each switch to view the LDP LSP information.
Page 83: Configuration Considerations
Figure 23 Network diagram Configuration considerations Configure a routing protocol on each switch to make sure that the switches can reach each other. This example uses OSPF. Enable LDP on each switch. Configure LSP generation policies, so LDP establishes LSPs only for the routes 11.1.1.0/24 and 21.1.1.0/24.
Page 84 [SwitchA-Vlan-interface6] mpls ldp enable [SwitchA-Vlan-interface6] quit # Configure Switch B. system-view [SwitchB] mpls lsr-id 2.2.2.9 [SwitchB] mpls ldp [SwitchB-ldp] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] mpls enable [SwitchB-Vlan-interface2] mpls ldp enable [SwitchB-Vlan-interface2] quit [SwitchB] interface vlan-interface 3 [SwitchB-Vlan-interface3] mpls enable [SwitchB-Vlan-interface3] mpls ldp enable [SwitchB-Vlan-interface3] quit # Configure Switch C.
Page 85 [SwitchA-ldp] lsp-trigger prefix-list switcha [SwitchA-ldp] quit # On Switch B, create IP prefix list switchb, and configure LDP to use only the routes permitted by the prefix list to establish LSPs. [SwitchB] ip prefix-list switchb index 10 permit 11.1.1.0 24 [SwitchB] ip prefix-list switchb index 20 permit 21.1.1.0 24 [SwitchB] mpls ldp [SwitchB-ldp] lsp-trigger prefix-list switchb...
Page 86: Label Advertisement Control Configuration Example
[SwitchC-ldp] quit Verify the configuration: # Execute the display mpls ldp lsp command on each switch to view the LDP LSP information. For example, on Switch A: [SwitchA] display mpls ldp lsp Status Flags: * - stale, L - liberal Statistics: FECs: 2 Ingress LSPs: 1...
Page 87 Enable LDP on each switch. Configure LSP generation policies so LDP uses only the routes 11.1.1.0/24 and 21.1.1.0/24 to establish LSPs. Configure label advertisement policies, so LDP sets up LSPs only over the link Switch A—Switch B—Switch C, as follows: Switch A advertises only the label mapping for FEC 1 1.1.1.0/24 to Switch B.
Page 88 [SwitchC-Vlan-interface3] mpls enable [SwitchC-Vlan-interface3] mpls ldp enable [SwitchC-Vlan-interface3] quit [SwitchC] interface vlan-interface 7 [SwitchC-Vlan-interface7] mpls enable [SwitchC-Vlan-interface7] mpls ldp enable [SwitchC-Vlan-interface7] quit # Configure Switch D. system-view [SwitchD] mpls lsr-id 4.4.4.9 [SwitchD] mpls ldp [SwitchD-ldp] quit [SwitchD] interface vlan-interface 6 [SwitchD-Vlan-interface6] mpls enable [SwitchD-Vlan-interface6] mpls ldp enable [SwitchD-Vlan-interface6] quit...
Page 89 [SwitchD-ldp] lsp-trigger prefix-list switchd [SwitchD-ldp] quit Configure label advertisement policies: # On Switch A, create an IP prefix list prefix-to-b that permits subnet 11.1.1.0/24. Switch A uses this list to filter FEC-label mappings advertised to Switch B. [SwitchA] ip prefix-list prefix-to-b index 10 permit 11.1.1.0 24 # On Switch A, create an IP prefix list peer-b that permits 2.2.2.9/32.
Page 90 Verify the configuration: # Execute the display mpls ldp lsp command on each switch to view the LDP LSP information. [SwitchA] display mpls ldp lsp Status Flags: * - stale, L - liberal Statistics: FECs: 2 Ingress LSPs: 1 Transit LSPs: 1 Egress LSPs: 1 In/Out Label Nexthop...
Page 91: Configuring Tunnel Policies
Configuring tunnel policies Overview Tunnel policies enable a PE to forward traffic for each MPLS VPN over multiple LSP tunnels to achieve load sharing when the PE has multiple tunnels to the peer PE. For more information about MPLS VPNs, see "Configuring MPLS L3VPN."...
Page 92: Displaying Tunnel Information
Displaying tunnel information Execute the display command in any view: Task Command display mpls tunnel { all | statistics | [ vpn-instance vpn-instance-name ] Display tunnel information. destination { tunnel-ipv4-dest | tunnel-ipv6-dest } } Tunnel policy configuration example Network requirements PE 1 has three LSP tunnels to reach PE 2.
Page 93: Configuring Mpls L3Vpn
Configuring MPLS L3VPN This chapter describes MPLS L3VPN configuration. Overview MPLS L3VPN is a L3VPN technology. It uses BGP to advertise VPN routes and uses MPLS to forward VPN packets over a service provider backbone. MPLS L3VPN provides flexible networking modes, excellent scalability, and convenient support for MPLS QoS and MPLS TE.
Page 94 A site is a group of IP systems with IP connectivity that does not rely on any service provider network. • • The classification of a site depends on the topology relationship of the devices, rather than the geographical positions, though the devices at a site are, in most cases, adjacent to each other geographically.
Page 95: Mpls L3Vpn Route Advertisement
When the Type field is 0, the Administrator subfield occupies two bytes, the Assigned number • subfield occupies four bytes, and the RD format is 16-bit AS number:32-bit user-defined number. For example, 100:1. • When the Type field is 1, the Administrator subfield occupies four bytes, the Assigned number subfield occupies two bytes, and the RD format is 32-bit IPv4 address:16-bit user-defined number.
Page 96: Mpls L3Vpn Packet Forwarding
From the egress PE to the remote CE: After receiving the VPN-IPv4 routes, the egress PE compares their export target attribute with the local import target attribute, and, if they match, adds the routes to the routing table of the VPN instance.
Page 97: Mpls L3Vpn Networking Schemes
MPLS L3VPN networking schemes In MPLS L3VPNs, route target attributes are used to control the advertisement and reception of VPN routes between sites. They work independently and can be configured with multiple values to support flexible VPN access control and implement multiple types of VPN networking schemes. Basic VPN networking scheme In the simplest case, all users in a VPN form a closed user group.
Page 98 The hub PE advertises the routes learned from a spoke PE to the other spoke PEs so the spoke sites • can communicate with each other through the hub site. The import target attribute of a spoke PE is different from the export target attribute of any other •...
Page 99: Inter-As Vpn
Figure 31 Network diagram for extranet networking scheme VPN 1 Site 1 VPN 1: Import:100:1 Export:100:1 PE 1 VPN 1 PE 3 Site 3 PE 2 VPN 1: Import:100:1,200:1 Export:100:1,200:1 VPN 2: Import:200:1 Site 2 Export:200:1 VPN 2 As shown in Figure 31, route targets configured on PEs produce the following results: PE 3 can receive VPN-IPv4 routes from PE 1 and PE 2.
Page 100 Figure 32 Network diagram for inter-AS option A Inter-AS option A is easy to carry out because no special configuration is required on the PEs acting as the ASBRs. However, it has limited scalability because the PEs acting as the ASBRs must manage all the VPN routes and create VPN instances on a per-VPN basis.
Page 101 Figure 33 Network diagram for inter-AS option B Inter-AS option B has better scalability than option A. When adopting the MP-EBGP method, note the following: • ASBRs do not perform route target filtering on VPN-IPv4 routes that they receive from each other. Therefore, the ISPs in different ASs must agree on the route exchange.
Page 102: Carrier's Carrier
Figure 34 Network diagram for inter-AS option C VPN 1 VPN 1 Multi-hop MP-EBGP CE 1 CE 3 PE 3 PE 1 ASBR 2 ASBR 1 EBGP (PE) (PE) MPLS backbone MPLS backbone AS 100 AS 200 PE 4 PE 2 Multi-hop MP-EBGP VPN LSP CE 4...
Page 103 session established between the routers of the Level 2 carrier. This can greatly reduce the number of routes maintained by the Level 1 carrier network. Compared with the common MPLS L3VPN, the carrier's carrier is different because of the way in which a CE of a Level 1 carrier (a Level 2 carrier) accesses a PE of the Level 1 carrier: If the PE and the CE are in a same AS, you must configure IGP and LDP between them.
Page 104: Nested Vpn
Figure 37 Scenario where the Level 2 carrier is an MPLS L3VPN service provider NOTE: If equal cost routes exist between the Level 1 carrier and the Level 2 carrier, HP recommends that you establish equal cost LSPs between them.
Page 105 Figure 38 Network diagram for nested VPN VPN A Provider MPLS Provider PE Provider PE CE 8 CE 7 VPN backbone VPN A-2 VPN A-1 CE 2 CE 1 Customer MPLS Customer MPLS VPN network Customer PE Customer PE CE 3 CE 4 CE 5 CE 6...
Page 106: Hovpn
Nested VPN is flexible and easy to implement. It reduces networking costs, provides diversified VPN networking methods for customers, and allows for multi-level hierarchical access control over internal VPNs. HoVPN In MPLS L3VPN solutions, PEs are the key devices, which provide the following functions: User access, requiring that the PEs must have a large number of interfaces.
Page 107 A UPE provides user access. It maintains the routes of directly connected VPN sites. It does not • maintain the routes of the remote sites in the VPN, or it only maintains their summary routes. A UPE assigns inner labels to the routes of its directly connected sites, and advertises the labels along with VPN routes to the SPE through MP-BGP.
Page 108: Ospf Vpn Extension
MP-BGP advertises all the VPN routes of UPEs to the SPEs, and advertises the default routes of the VPN instance of the SPEs or the VPN routes permitted by the routing policies to the UPEs. The SPE maintains the VPN routes of all sites in the HoVPN. Each UPE maintains only VPN routes of its directly connected sites.
Page 109: Bgp As Number Substitution
OSPF attributes. Each OSPF domain must have a domain ID. HP recommends that you configure the same domain ID or adopt the default ID for all OSPF processes of the same VPN, so the system can know that VPN routes with the same domain ID are from the same VPN.
Page 110: Mpls L3Vpn Configuration Task List
Figure 42 Application of BGP AS number substitution CE 3 AS 100 PE 1 PE 2 AS 800 MPLS backbone Site 2 EBGP_Update: 10.1.0.0/16 EBGP_Update: 10.1.0.0/16 VPNv4_Update: 10.1.0.0/16 AS_PATH: 100, 100 AS_PATH: 800 RD: 100:1 AS_PATH: 800 CE 1 AS 800 CE 2 Site 1 Figure...
Page 111: Configuration Prerequisites
Configuration prerequisites Before you configure basic MPLS L3VPN, complete the following tasks: Configure an IGP for the MPLS backbone (on the PEs and Ps) to achieve IP connectivity. • Configure basic MPLS for the MPLS backbone. • Configure MPLS LDP for the MPLS backbone so that LDP LSPs can be established. •...
Page 112 Configuring route related attributes for a VPN instance VPN routes are controlled and advertised on a PE using the following process: When a VPN route learned from a site gets redistributed into BGP, BGP associates it with a route • target extended community attribute list, which is usually the export target attribute of the VPN instance associated with the site.
Page 113: Configuring Routing Between A Pe And A Ce
Step Command Remarks By default, only one tunnel is selected (no load balancing) in this order: LSP tunnel, GRE tunnel, CR-LSP tunnel. Apply a tunnel policy to tnl-policy tunnel-policy-name The specified tunnel policy must the VPN instance. have been created. For information about tunnel policies, see Configuring tunnel policies.
Page 114 An OSPF process belongs to the public network or a single VPN instance. If you create an OSPF process without binding it to a VPN instance, the process belongs to the public network. To configure OSPF between a PE and a CE: Step Command Remarks...
Page 115 Step Command Remarks Enter system view. system-view Create an IS-IS process for a Perform this configuration on the isis [ process-id ] vpn-instance VPN instance and enter IS-IS PE. On the CE, configure common vpn-instance-name view. IS-IS. Configure a network entity network-entity net By default, no NET is configured.
Page 116 Step Command Remarks By default, BGP discards incoming route updates that contain the local AS number. BGP detects routing loops by examining AS numbers. In a hub-spoke network where EBGP is (Optional.) Allow the local AS running between a PE and a CE, number to appear in the the routing information the PE AS_PATH attribute of a...
Page 117: Configuring Routing Between Pes
Step Command Remarks Configure the CE as the VPN peer { group-name | ip-address } By default, no BGP peer is created. IBGP peer. as-number as-number Create and enter BGP VPN ipv4-family [ unicast ] IPv4 unicast family view. Enable IPv4 unicast route peer { group-name | ip-address } By default, BGP does not exchange exchange with the specified...
Page 118: Configuring Bgp Vpnv4 Route Control
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Configure the remote PE as a peer { group-name | ip-address } By default, no BGP peer is created. BGP peer. as-number as-number By default, BGP uses the egress peer { group-name | ip-address } Specify the source interface interface of the optimal route...
Page 119 Step Command Remarks Optional. peer { group-name | ip-address } Advertise a default VPN route default-route-advertise By default, no default VPN route is to a peer or peer group. vpn-instance vpn-instance-name advertised to a peer or peer group. Optional. Apply an ACL to filter routes peer { group-name | ip-address } received from or advertised to filter-policy acl-number { export |...
Page 120: Configuring Inter-As Vpn
Step Command Remarks Enable route target-based filtering of received VPNv4 policy vpn-target By default, this feature is enabled. routes. By default, route reflection Enable route reflection reflect between-clients between clients is enabled on the between clients. Configure a cluster ID for the reflector cluster-id { cluster-id | By default, the RR uses its own route reflector.
Page 121: Configuring Inter-As Option C
To configure inter-AS option B on an ASBR PE: Step Command Remarks Enter system view. system-view Enter interface view of the interface interface-type interface connecting to the interface-number remote ASBR-PE. Configure the IP address of ip address ip-address { mask | the interface.
Page 122 Step Command Remarks Enter BGP-VPNv4 address ipv4-family vpnv4 family view. Enable the PE to exchange peer { group-name | ip-address } By default, BGP does not exchange VPNv4 routes with the peer or enable VPNv4 routes with any peer. peer group. (Optional.) Configure the PE Configure this command on the RR to not change the next hop of...
Page 123: Configuring Nested Vpn
Assigns MPLS labels to routes received from the PEs in the local AS before advertising them to the • peer ASBR PE. Assigns new MPLS labels to labeled IPv4 routes advertised to PEs in the local AS. • Which IPv4 routes are assigned with MPLS labels depends on the routing policy. Only routes that meet the criteria are assigned with labels.
Page 124: Configuring Hovpn
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter BGP-VPN VPNv4 ipv4-family vpnv4 address family view. Enable nested VPN. nesting-vpn By default, nested VPN is disabled. Return to BGP view. quit Enter BGP-VPN view. ip vpn-instance vpn-instance-name peer { group-name | Specify the peer CE or the peer-address } as-number...
Page 125: Specifying The Vpn Label Processing Mode On The Egress Pe
Step Command Remarks Use either command. • Advertise a default VPN route By default, no route is advertised to to the UPE: the UPE. peer { group-name | Do not configure both commands. ip-address } default-route-advertise The peer default-route-advertise vpn-instance vpn-instance command advertises Advertise routes to the UPE.
Page 126: Displaying And Maintaining Mpls L3Vpn
Step Command Remarks Configure a BGP peer or peer peer { group-name | ip-address } group. as-number as-number By default, BGP AS number substitution is disabled. Enable the BGP AS number peer { ip-address | group-name } For more information about this substitution function.
Page 127: Mpls L3Vpn Configuration Examples
Task Command Remarks display bgp routing-table vpnv4 Display BGP VPNv4 route [ route-distinguisher route-distinguisher ] Available in any view. advertisement information. network-address [ mask | mask-length ] advertise-info Display BGP VPNv4 routes display bgp routing-table vpnv4 matching the specified AS PATH [ route-distinguisher route-distinguisher ] Available in any view.
Page 128 Figure 43 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan-int11 10.1.1.1/24 Loop0 2.2.2.9/32 PE 1 Loop0 1.1.1.9/32 Vlan-int12 172.2.1.1/24 Vlan-int11 10.1.1.2/24 Vlan-int13 172.1.1.2/24 Vlan-int13 172.1.1.1/24 PE 2 Loop0 3.3.3.9/32 Vlan-int12 10.2.1.2/24 Vlan-int12 172.2.1.2/24 CE 2 Vlan-int12 10.2.1.1/24 Vlan-int11...
Page 129 [P-LoopBack0] ip address 2.2.2.9 32 [P-LoopBack0] quit [P] interface vlan-interface 13 [P-Vlan-interface13] ip address 172.1.1.2 24 [P- Vlan-interface13] quit [P] interface vlan-interface 12 [P-Vlan-interface12] ip address 172.2.1.1 24 [P-Vlan-interface12] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit...
Page 130 Destination/Mask Proto Cost NextHop Interface 1.1.1.9/32 OSPF 1.1.1.9 Loop0 172.1.1.0/24 OSPF 172.1.1.1 Vlan13 [PE1] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.1(Vlan-interface13)'s neighbors Router ID: 2.2.2.9 Address: 172.1.1.2 GR State: Normal State: Full Mode: Nbr is Master Priority: 1 DR: 172.1.1.2...
Page 131 After the configurations, LDP sessions are established between PE 1, P, and PE 2. Execute the display mpls ldp peer command. The output shows that the session status is Operational. Execute the display mpls ldp lsp command. The output shows the LSPs established by LDP. Take PE 1 as an example: [PE1] display mpls ldp peer Total number of peers: 1...
Page 132 [PE2-Vlan-interface11] ip binding vpn-instance vpn1 [PE2-Vlan-interface11] ip address 10.3.1.2 24 [PE2-Vlan-interface11] quit [PE2] interface vlan-interface 13 [PE2-Vlan-interface13] ip binding vpn-instance vpn2 [PE2-Vlan-interface13] ip address 10.4.1.2 24 [PE2-Vlan-interface13] quit # Configure IP addresses for the CEs according to Figure 43. (Details not shown.) After completing the configurations, execute the display ip vpn-instance command on the PEs to view the configuration of the VPN instance.
Page 133 [PE1-bgp] ip vpn-instance vpn2 [PE1-bgp-vpn2] peer 10.2.1.1 as-number 65420 [PE1-bgp-vpn2] ipv4-family unicast [PE1-bgp-ipv4-vpn1] peer 10.2.1.1 enable [PE1-bgp-ipv4-vpn2] import-route direct [PE1-bgp-ipv4-vpn2] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure PE 2 in the same way that PE 1 is configured. (Details not shown.) After completing the configurations, execute the display bgp peer ipv4 vpn-instance command on the PEs.
Page 134 Peer MsgRcvd MsgSent OutQ PrefRcv Up/Down State 3.3.3.9 0 00:00:32 Established Verify the configuration: Execute the display ip routing-table vpn-instance command on the PEs. The output shows the routes to the CEs. Take PE 1 as an example: [PE1] display ip routing-table vpn-instance vpn1 Destinations : 13 Routes : 13 Destination/Mask...
Page 135: Configuring An Mpls L3Vpn Over A Gre Tunnel
Configuring an MPLS L3VPN over a GRE tunnel Network requirements CE 1 and CE 2 belong to VPN 1. The PEs support MPLS. The P switch does not support MPLS and provides only IP functions. On the backbone, use a GRE tunnel to encapsulate and forward VPN packets to implement MPLS L3VPN.
Page 136 system-view [PE2] mpls lsr-id 2.2.2.9 Configure VPN instances on PEs, and apply tunnel policies to the VPN instances to use a GRE tunnel for VPN packet forwarding: # Configure PE 1. [PE1] tunnel-policy gre1 [PE1-tunnel-policy-gre1] select-seq gre load-balance-number 1 [PE1-tunnel-policy-gre1] quit [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1...
Page 137 [PE1] ping -vpn-instance vpn1 10.1.1.1 PING 10.1.1.1 (10.1.1.1): 56 data bytes 56 bytes from 10.1.1.1: icmp_seq=0 ttl=255 time=1.000 ms 56 bytes from 10.1.1.1: icmp_seq=1 ttl=255 time=0.000 ms 56 bytes from 10.1.1.1: icmp_seq=2 ttl=255 time=0.000 ms 56 bytes from 10.1.1.1: icmp_seq=3 ttl=255 time=0.000 ms 56 bytes from 10.1.1.1: icmp_seq=4 ttl=255 time=0.000 ms --- 10.1.1.1 ping statistics --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss...
Page 138: Configure A Gre Tunnel
# Configure PE 1. [PE1] bgp 100 [PE1-bgp] peer 2.2.2.9 as-number 100 [PE1-bgp] peer 2.2.2.9 connect-interface loopback 0 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-vpnv4] peer 2.2.2.9 enable [PE1-bgp-vpnv4] quit [PE1-bgp] quit # Configure PE 2 in the same way that PE 1 is configured. (Details not shown.) After completing the configuration, execute the display bgp peer vpnv4 command on the PEs.
Page 139: Configuring Mpls L3Vpn Inter-As Option A
10.1.1.1/32 Direct 0 127.0.0.1 InLoop0 10.1.1.255/32 Direct 0 10.1.1.1 Vlan12 10.2.1.0/24 10.1.1.2 Vlan12 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 127.0.0.1 InLoop0 224.0.0.0/4 Direct 0 0.0.0.0 NULL0 224.0.0.0/24 Direct 0 0.0.0.0 NULL0 255.255.255.255/32...
Page 140 Figure 45 Network diagram MPLS backbone Loop0 Loop0 MPLS backbone AS 100 AS 200 Vlan-int12 Vlan-int12 Vlan-int11 Vlan-int11 ASBR-PE 2 ASBR-PE 1 Loop0 Loop0 Vlan-int11 Vlan-int11 PE 2 PE 1 Vlan-int12 Vlan-int12 Vlan-int12 Vlan-int12 CE 1 CE 2 AS 65001 AS 65002 Device Interface...
Page 141 [ASBR-PE1] mpls ldp [ASBR-PE1-ldp] quit [ASBR-PE1] interface vlan-interface 11 [ASBR-PE1-Vlan-interface11] mpls enable [ASBR-PE1-Vlan-interface11] mpls ldp enable [ASBR-PE1-Vlan-interface11] quit # Configure basic MPLS on ASBR PE 2, and enable MPLS LDP on the interface connected to PE 2. system-view [ASBR-PE2] mpls lsr-id 3.3.3.9 [ASBR-PE2] mpls ldp [ASBR-PE2-ldp] quit [ASBR-PE2] interface vlan-interface 11...
Page 142 [CE2-Vlan-interface12] ip address 10.2.1.1 24 [CE2-Vlan-interface12] quit # Configure PE 2. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance] route-distinguisher 200:2 [PE2-vpn-instance] vpn-target 100:1 both [PE2-vpn-instance] quit [PE2] interface vlan-interface 12 [PE2-Vlan-interface12] ip binding vpn-instance vpn1 [PE2-Vlan-interface12] ip address 10.2.1.2 24 [PE2-Vlan-interface12] quit # On ASBR PE 1, create a VPN instance, and bind the instance to the interface connected to ASBR PE 2.
Page 143 [PE1-bgp-vpn1] ipv4-family unicast [PE1-bgp-ipv4-vpn1] peer 10.1.1.1 enable [PE1-bgp-ipv4-vpn1] import-route direct [PE1-bgp-ipv4-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 2. [CE2] bgp 65002 [CE2-bgp] peer 10.2.1.2 as-number 200 [CE2-bgp] ipv4-family unicast [CE2-bgp-ipv4] peer 10.2.1.2 enable [CE2-bgp-ipv4] import-route direct [CE2-bgp-ipv4] quit [CE2-bgp] quit # Configure PE 2.
Page 144: Configuring Mpls L3Vpn Inter-As Option B
[ASBR-PE1-bgp-vpnv4] peer 1.1.1.9 next-hop-local [ASBR-PE1-bgp-vpnv4] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ip vpn-instance vpn1 [ASBR-PE2-bgp-vpn1] peer 192.1.1.1 as-number 100 [ASBR-PE2-bgp-vpn1] ipv4-family unicast [ASBR-PE2-bgp-ipv4-vpn1] peer 192.1.1.1 enable [ASBR-PE2-bgp-ipv4-vpn1] quit [ASBR-PE2-bgp-vpn1] quit [ASBR-PE2-bgp] peer 4.4.4.9 as-number 200 [ASBR-PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [ASBR-PE2-bgp] ipv4-family vpnv4 [ASBR-PE2-bgp-vpnv4] peer 4.4.4.9 enable...
Page 145 Figure 46 Network diagram MPLS backbone Loop0 Loop0 MPLS backbone AS 100 AS 600 Vlan-int12 Vlan-int12 Vlan-int11 Vlan-int11 ASBR-PE 2 ASBR-PE 1 Loop0 Loop0 Vlan-int11 Vlan-int11 PE 2 PE 1 Vlan-int12 Vlan-int12 Site 1 Site 2 CE 1 CE 2 AS 65001 AS 65002 Device...
Page 146 [PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1, and configure the RD and route target attributes. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Bind the interface connected with CE 1 to the created VPN instance.
Page 147 # Configure interface VLAN-interface 12, and enable MPLS on it. [ASBR-PE1] interface vlan-interface 12 [ASBR-PE1-Vlan-interface12] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Vlan-interface12] mpls enable [ASBR-PE1-Vlan-interface12] quit # Configure interface Loopback 0, and enable IS-IS on it. [ASBR-PE1] interface loopback 0 [ASBR-PE1-LoopBack0] ip address 3.3.3.9 32 [ASBR-PE1-LoopBack0] isis enable 1 [ASBR-PE1-LoopBack0] quit # Enable BGP on ASBR-PE 1.
Page 148 [ASBR-PE2] interface loopback 0 [ASBR-PE2-LoopBack0] ip address 4.4.4.9 32 [ASBR-PE2-LoopBack0] isis enable 1 [ASBR-PE2-LoopBack0] quit # Enable BGP on ASBR-PE 2. [ASBR-PE2] bgp 600 [ASBR-PE2-bgp] peer 11.0.0.2 as-number 100 [ASBR-PE2-bgp] peer 11.0.0.2 connect-interface vlan-interface 12 [ASBR-PE2-bgp] peer 5.5.5.9 as-number 600 [ASBR-PE2-bgp] peer 5.5.5.9 connect-interface loopback 0 # Disable route target based filtering of received VPNv4 routes.
Page 149: Configuring Mpls L3Vpn Inter-As Option C
# Bind the interface connected with CE 2 to the created VPN instance. [PE2] interface Vlan-interface12 [PE2-Vlan-interface12] ip binding vpn-instance vpn1 [PE2-Vlan-interface12] ip address 20.0.0.1 8 [PE2-Vlan-interface12] quit # Enable BGP on PE 2. [PE2] bgp 600 # Configure IBGP peer 4.4.4.9 as a VPNv4 peer. [PE2-bgp] peer 4.4.4.9 as-number 600 [PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE2-bgp] ipv4-family vpnv4...
Page 150 Figure 47 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 2.2.2.9/32 PE 2 Loop0 5.5.5.9/32 Loop1 30.0.0.1/32 Loop1 20.0.0.1/32 Vlan-int11 1.1.1.2/8 Vlan-int11 9.1.1.2/8 ASBR-PE 1 Loop0 3.3.3.9/32 ASBR-PE 2 Loop0 4.4.4.9/32 Vlan-int11 1.1.1.1/8 Vlan-int11 9.1.1.1/8 Vlan-int12 11.0.0.2/8 Vlan-int12...
Page 151 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity [PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE1-vpn-instance-vpn1] quit # Configure interface Loopback 1, and bind the interface to VPN instance vpn1. [PE1] interface loopback 1 [PE1-LoopBack1] ip binding vpn-instance vpn1 [PE1-LoopBack1] ip address 30.0.0.1 32 [PE1-LoopBack1] quit # Enable BGP on PE 1.
Page 152 [ASBR-PE1-Vlan-interface11] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-Vlan-interface11] isis enable 1 [ASBR-PE1-Vlan-interface11] mpls enable [ASBR-PE1-Vlan-interface11] mpls ldp enable [ASBR-PE1-Vlan-interface11] quit # Configure interface VLAN-interface 12, and enable MPLS on it. [ASBR-PE1] interface vlan-interface 12 [ASBR-PE1-Vlan-interface12] ip address 11.0.0.2 255.0.0.0 [ASBR-PE1-Vlan-interface12] mpls enable [ASBR-PE1-Vlan-interface12] quit # Configure interface Loopback 0, and enable IS-IS on it.
Page 153 Configure ASBR-PE 2: # Enable IS-IS on ASBR-PE 2. system-view [ASBR-PE2] isis 1 [ASBR-PE2-isis-1] network-entity 10.222.222.222.222.00 [ASBR-PE2-isis-1] quit # Configure the LSR ID, and enable MPLS and LDP. [ASBR-PE2] mpls lsr-id 4.4.4.9 [ASBR-PE2] mpls ldp [ASBR-PE2-ldp] quit # Configure interface VLAN-interface 11, and enable IS-IS, MPLS, and LDP on the interface. [ASBR-PE2] interface vlan-interface 11 [ASBR-PE2-Vlan-interface11] ip address 9.1.1.1 255.0.0.0 [ASBR-PE2-Vlan-interface11] isis enable 1...
Page 154 [ASBR-PE2-bgp-ipv4] import-route isis 1 [ASBR-PE2-bgp-ipv4] quit # Apply the routing policy policy1 to routes advertised to EBGP peer 11.0.0.2. [ASBR-PE2-bgp] peer 11.0.0.2 as-number 100 [ASBR-PE2-bgp] ipv4-family unicast [ASBR-PE2-bgp-ipv4] peer 11.0.0.2 enable [ASBR-PE2-bgp-ipv4] peer 11.0.0.2 route-policy policy1 export # Enable the capability to advertise labeled routes to EBGP peer 11.0.0.2 and to receive labeled routes from the peer.
Page 155: Configuring Mpls L3Vpn Carrier's Carrier
[PE2] bgp 600 # Enable the capability to advertise labeled routes to IBGP peer 4.4.4.9 and to receive labeled routes from the peer. [PE2-bgp] peer 4.4.4.9 as-number 600 [PE2-bgp] peer 4.4.4.9 connect-interface loopback 0 [PE2-bgp] ipv4-family unicast [PE2-bgp-ipv4] peer 4.4.4.9 enable [PE2-bgp-ipv4] peer 4.4.4.9 label-route-capability [PE2-bgp-ipv4] quit # Configure the maximum hop count from PE 2 to EBGP peer 2.2.2.9 as 10.
Page 156 PE 3 and PE 4 are the customer carrier's PE switches. They provide MPLS L3VPN services for the end • customers. CE 3 and CE 4 are customers of the customer carrier. • The key to carrier's carrier deployment is to configure exchange of two kinds of routes: Exchange of the customer carrier's internal routes on the provider carrier's backbone.
Page 157 [PE1] mpls ldp [PE1-ldp] quit [PE1] isis 1 [PE1-isis-1] network-entity 10.0000.0000.0000.0004.00 [PE1-isis-1] quit [PE1] interface loopback 0 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip address 30.1.1.1 24 [PE1-Vlan-interface12] isis enable 1 [PE1-Vlan-interface12] mpls enable [PE1-Vlan-interface12] mpls ldp enable [PE1-Vlan-interface12] mpls ldp transport-address interface [PE1-Vlan-interface12] quit [PE1] bgp 100...
Page 158 System Id: 0000.0000.0005 Interface: Vlan-interface12 Circuit Id: 0000.0000.0005.02 State: Up HoldTime: Type: L2(L1L2) PRI: 64 Configure the customer carrier network. Enable IS-IS as the IGP and enable LDP between PE 3 and CE 1, and between PE 4 and CE 2: # Configure PE 3.
Page 159 After the configurations, PE 3 and CE 1 can establish an LDP session and IS-IS neighbor relationship between them. # Configure PE 4 and CE 2 in the same way that PE 3 and CE 1 are configured. (Details not shown.) Perform configurations to allow CEs of the customer carrier to access PEs of the provider carrier, and redistribute IS-IS routes to BGP and BGP routes to IS-IS on the PEs:...
Page 160 # Configure CE 3. system-view [CE3] interface vlan-interface11 [CE3-Vlan-interface11] ip address 100.1.1.1 24 [CE3-Vlan-interface11] quit [CE3] bgp 65410 [CE3-bgp] peer 100.1.1.2 as-number 100 [CE3-bgp] ipv4-family unicast [CE3-bgp-ipv4] peer 100.1.1.2 enable [CE3-bgp-ipv4] import-route direct [CE3-bgp-ipv4] quit [CE3-bgp] quit # Configure PE 3. [PE3] ip vpn-instance vpn1 [PE3-vpn-instance-vpn1] route-distinguisher 100:1 [PE3-vpn-instance-vpn1] vpn-target 1:1...
Page 161 [PE1] display ip routing-table Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Cost NextHop Interface 3.3.3.9/32 Direct 0 127.0.0.1 InLoop0 4.4.4.9/32 ISIS 30.1.1.2 Vlan12 30.1.1.0/24 Direct 0 30.1.1.1 Vlan12 30.1.1.1/32 Direct 0 127.0.0.1 InLoop0 30.1.1.2/32 Direct 0 30.1.1.2 Vlan12 127.0.0.0/8...
Page 162 21.1.1.2/32 ISIS 11.1.1.2 Vlan11 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Execute the display ip routing-table command on PE 3 and PE 4. The output shows that the internal routes of the customer carrier network are present in the public network routing tables. Take PE 3 as an example: [PE3] display ip routing-table Routing Tables: Public...
Page 163: Configuring Nested Vpn
56 bytes from 120.1.1.1: icmp_seq=0 ttl=255 time=1.000 ms 56 bytes from 120.1.1.1: icmp_seq=1 ttl=255 time=0.000 ms 56 bytes from 120.1.1.1: icmp_seq=2 ttl=255 time=0.000 ms 56 bytes from 120.1.1.1: icmp_seq=3 ttl=255 time=0.000 ms 56 bytes from 120.1.1.1: icmp_seq=4 ttl=255 time=0.000 ms --- 120.1.1.1 ping statistics --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/stddev = 0.000/0.200/1.000/0.400 ms...
Page 164 CE 1 Loop0 2.2.2.9/32 CE 2 Loop0 5.5.5.9/32 Vlan-int2 10.1.1.2/24 Vlan-int1 21.1.1.2/24 Vlan-int1 11.1.1.1/24 Vlan-int2 20.1.1.1/24 CE 3 Vlan-int1 100.1.1.1/24 CE 4 Vlan-int1 120.1.1.1/24 CE 5 Vlan-int3 110.1.1.1/24 CE 6 Vlan-int3 130.1.1.1/24 PE 1 Loop0 3.3.3.9/32 PE 2 Loop0 4.4.4.9/32 Vlan-int1 11.1.1.2/24 Vlan-int1...
Page 165 Take PE 1 as an example: [PE1] display mpls ldp peer Total number of peers: 1 Peer LDP ID State Role KA Sent/Rcvd 4.4.4.9:0 Operational Active [PE1] display bgp peer vpnv4 BGP local router ID: 3.3.3.9 Local AS number: 100 Total number of peers: 1 Peers in established state: 1 Peer...
Page 166 [CE1] interface loopback 0 [CE1-LoopBack0] ip address 2.2.2.9 32 [CE1-LoopBack0] quit [CE1] mpls lsr-id 2.2.2.9 [CE1] mpls ldp [CE1-ldp] quit [CE1] isis 2 [CE1-isis-2] network-entity 10.0000.0000.0000.0002.00 [CE1-isis-2] quit [CE1] interface loopback 0 [CE1-LoopBack0] isis enable 2 [CE1-LoopBack0] quit [CE1] interface vlan-interface 2 [CE1-Vlan-interface2] ip address 10.1.1.2 24 [CE1-Vlan-interface2] isis enable 2 [CE1-Vlan-interface2] mpls enable...
Page 167 # Configure PE 2 and CE 2 in the same way that PE 1 and CE 1 are configured. (Details not shown.) Connect sub-VPN CEs to the customer VPN PEs: # Configure CE 3. system-view [CE3] interface vlan-interface 1 [CE3-Vlan-interface1] ip address 100.1.1.1 24 [CE3-Vlan-interface1] quit [CE3] bgp 65410...
Page 168 [PE3-bgp-ipv4-SUB_VPN1] peer 100.1.1.1 enable [PE3-bgp-ipv4-SUB_VPN1] import-route direct [PE3-bgp-ipv4-SUB_VPN1] quit [PE3-bgp-SUB_VPN1] quit [PE3-bgp] ip vpn-instance SUB_VPN2 [PE3-bgp-SUB_VPN2] peer 100.1.1.1 as-number 65411 [PE3-bgp-SUB_VPN2] ipv4-family unicast [PE3-bgp-ipv4-SUB_VPN2] peer 110.1.1.1 enable [PE3-bgp-ipv4-SUB_VPN2] import-route direct [PE3-bgp-ipv4-SUB_VPN2] quit [PE3-bgp-SUB_VPN2] quit [PE3-bgp] quit # Configure PE 4, CE 4, and CE 6 in the same way that PE 3, CE 3, and CE 5 are configured. (Details not shown.) Establish MP-EBGP peer relationships between service provider PEs and their CEs to exchange user VPNv4 routes:...
Page 169 # Allow the local AS number to appear in the AS-PATH attribute of the routes received. [PE3-bgp-vpnv4] peer 2.2.2.9 allow-as-loop 2 [PE3-bgp-vpnv4] quit [PE3-bgp] quit # Configure CE 1. [CE1] bgp 200 [CE1-bgp] peer 1.1.1.9 as-number 200 [CE1-bgp] peer 1.1.1.9 connect-interface loopback 0 [CE1-bgp] ipv4-family vpnv4 [CE1-bgp-vpnv4] peer 1.1.1.9 enable [CE1-bgp-vpnv4] undo policy vpn-target...
Page 170 11.1.1.0/32 Direct 0 11.1.1.1 Vlan1 11.1.1.1/32 Direct 0 127.0.0.1 InLoop0 11.1.1.255/32 Direct 0 11.1.1.1 Vlan1 11.1.1.2/32 Direct 0 11.1.1.2 Vlan1 100.1.1.0/24 11.1.1.1 NULL0 110.1.1.0/24 11.1.1.1 NULL0 120.1.1.0/24 4.4.4.9 NULL0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0...
Page 171 Route Distinguisher: 201:1 Total number of routes: 1 Network NextHop LocPrf PrefVal Path/Ogn * > 130.1.1.0/24 11.1.1.2 100 200 65421? # Execute the display ip routing-table vpn-instance SUB_VPN1 command on PE 3 and PE 4 to verify that the VPN routing tables contain routes sent by the provider PE to user sub-VPN. Take PE 3 as an example: [PE3] display ip routing-table vpn-instance SUB_VPN1 Destinations : 11...
Page 172 # Execute the display ip routing-table command on CE5 and CE 6 to verify that the routing tables contain routes of remote sub-VPNs. Take CE5 as an example; [CE5] display ip routing-table Destinations : 13 Routes : 13 Destination/Mask Proto Cost NextHop Interface...
Page 173: Configuring Hovpn
ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host --- 130.1.1.1 ping statistics --- 5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss Configuring HoVPN Network requirements There are two levels of networks, the backbone and the MPLS VPN networks, as shown in Figure...
Page 174 # Configure basic MPLS and MPLS LDP to establish LDP LSPs. system-view [UPE1] interface loopback 0 [UPE1-LoopBack0] ip address 1.1.1.9 32 [UPE1-LoopBack0] quit [UPE1] mpls lsr-id 1.1.1.9 [UPE1] mpls ldp [UPE1-ldp] quit [UPE1] interface vlan-interface 11 [UPE1-Vlan-interface11] ip address 172.1.1.1 24 [UPE1-Vlan-interface11] mpls enable [UPE1-Vlan-interface11] mpls ldp enable [UPE1-Vlan-interface11] quit...
Page 175 [UPE1-bgp-vpn1] ipv4-family unicast [UPE1-bgp-ipv4-vpn1] peer 10.2.1.1 enable [UPE1-bgp-ipv4-vpn1] import-route direct [UPE1-bgp-ipv4-vpn1] quit [UPE1-bgp-vpn1] quit # Establish an EBGP peer relationship with CE 2, and redistribute VPN routes into BGP. [UPE1-bgp] ip vpn-instance vpn2 [UPE1-bgp-vpn2] peer 10.4.1.1 as-number 65420 [UPE1-bgp-vpn2] ipv4-family unicast [UPE1-bgp-ipv4-vpn2] peer 10.4.1.1 enable [UPE1-bgp-ipv4-vpn2] import-route direct [UPE1-bgp-ipv4-vpn2] quit...
Page 176 [UPE2] interface vlan-interface 11 [UPE2-Vlan-interface11] ip address 172.2.1.1 24 [UPE2-Vlan-interface11] mpls enable [UPE2-Vlan-interface11] mpls ldp enable [UPE2-Vlan-interface11] quit # Configure the IGP protocol (OSPF, in this example). [UPE2] ospf [UPE2-ospf-1] area 0 [UPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [UPE2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0 [UPE2-ospf-1-area-0.0.0.0] quit [UPE2-ospf-1] quit # Configure VPN instances vpn1 and vpn2, allowing CE 3 and CE 4 to access UPE 2.
Page 177 [UPE2-bgp-vpn2] ipv4-family unicast [UPE2-bgp-ipv4-vpn2] peer 10.3.1.1 enable [UPE2-bgp-ipv4-vpn2] import-route direct [UPE2-bgp-ipv4-vpn2] quit [UPE2-bgp-vpn2] quit [UPE2-bgp] quit Configure CE 3: system-view [CE3] interface vlan-interface 12 [CE3-Vlan-interface12] ip address 10.1.1.1 255.255.255.0 [CE3-Vlan-interface12] quit [CE3] bgp 65430 [CE3-bgp] peer 10.1.1.2 as-number 100 [CE3-bgp] ipv4-family unicast [CE3-bgp-ipv4] peer 10.1.1.2 enable [CE3-bgp-ipv4] import-route direct...
Page 178 [SPE1-Vlan-interface12] quit # Configure the IGP protocol (OSPF, in this example). [SPE1] ospf [SPE1-ospf-1] area 0 [SPE1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [SPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255 [SPE1-ospf-1-area-0.0.0.0] quit [SPE1-ospf-1] quit # Configure VPN instances vpn1 and vpn2. [SPE1] ip vpn-instance vpn1 [SPE1-vpn-instance-vpn1] route-distinguisher 500:1 [SPE1-vpn-instance-vpn1] vpn-target 100:1 both [SPE1-vpn-instance-vpn1] quit...
Page 179 [SPE2-LoopBack0] ip address 3.3.3.9 32 [SPE2-LoopBack0] quit [SPE2] mpls lsr-id 3.3.3.9 [SPE2] mpls ldp [SPE2-ldp] quit [SPE2] interface vlan-interface 12 [SPE2-Vlan-interface12] ip address 180.1.1.2 24 [SPE2-Vlan-interface12] mpls enable [SPE2-Vlan-interface12] mpls ldp enable [SPE2-Vlan-interface12] quit [SPE2] interface vlan-interface 11 [SPE2-Vlan-interface11] ip address 172.2.1.2 24 [SPE2-Vlan-interface11] mpls enable [SPE2-Vlan-interface11] mpls ldp enable [SPE2-Vlan-interface11] quit...
Page 180: Configuring Bgp As Number Substitution
[SPE2-bgp] quit # Advertise to UPE 2 the routes permitted by a routing policy (the routes of CE 1). [SPE2] ip prefix-list hope index 10 permit 10.2.1.1 24 [SPE2] route-policy hope permit node 0 [SPE2-route-policy-hope-0] if-match ip address prefix-list hope [SPE2-route-policy-hope-0] quit [SPE2] bgp 100 [SPE2-bgp] ipv4-family vpnv4...
Page 181 Configuration procedure Configuring basic MPLS L3VPN: Configure OSPF on the MPLS backbone to allow the PEs and P device to learn the routes of the loopback interfaces from each other. Configure basic MPLS and MPLS LDP on the MPLS backbone to establish LDP LSPs. Establish MP-IBGP peer relationship between the PEs to advertise VPNv4 routes.
Page 182 10.2.1.0/32 Direct 0 10.2.1.2 Vlan12 10.2.1.2/32 Direct 0 127.0.0.1 InLoop0 10.2.1.255/32 Direct 0 10.2.1.2 Vlan12 100.1.1.0/24 1.1.1.9 Vlan11 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 127.0.0.1 InLoop0 200.1.1.0/24 10.2.1.1 Vlan12 224.0.0.0/4 Direct 0...
Page 183 [PE2-bgp] quit Verify the configuration: # The output shows that among the routes advertised by PE 2 to CE 2, the AS_PATH of 100.1.1.0/24 has changed from 100 600 to 100 100: *Jun 13 16:15:59:456 2012 PE2 BGP/7/DEBUG: -MDC=1; BGP.vpn1: Send UPDATE to peer 10.2.1.1 for following destinations: Origin : Incomplete AS Path...
Page 184 # After you also configure BGP AS substitution on PE 1, the VLAN interfaces of CE 1 and CE 2 can ping each other.
Page 185: Configuring Ipv6 Mpls L3Vpn
Configuring IPv6 MPLS L3VPN Overview IPv6 MPLS L3VPN uses BGP to advertise IPv6 VPN routes and uses MPLS to forward IPv6 VPN packets on the service provider backbone. Figure 52 shows a typical IPv6 MPLS L3VPN model. The service provider backbone in the IPv6 MPLS L3VPN model is an IPv4 network.
Page 186: Ipv6 Mpls L3Vpn Packet Forwarding
IPv6 MPLS L3VPN packet forwarding Figure 53 IPv6 MPLS L3VPN packet forwarding diagram As shown in Figure 53, the IPv6 MPLS L3VPN packet forwarding procedure is using the following process: The PC at Site 1 sends an IPv6 packet destined for 2001:2::1, the PC at Site 2. CE 1 transmits the packet to PE 1.
Page 187: Ipv6 Mpls L3Vpn Network Schemes And Functions
The PEs use an IGP to ensure the connectivity between them. From the egress PE to the remote peer CE: The egress PE compares the export target attributes of the VPN-IPv6 routes with the import target attributes that it maintains for the VPN instance and, if they are the same, adds the routes to the routing table of the VPN instance.
Page 188: Configuring Vpn Instances
Tasks at a glance (Required.) Configuring routing between PEs (Optional.) Configuring BGP VPNv6 route control Before configuring basic IPv6 MPLS L3VPN, complete the following tasks: Configure an IGP on the PEs and Ps to ensure IP connectivity within the MPLS backbone. •...
Page 189 Step Command Remarks interface interface-type Enter interface view. interface-number By default, no VPN instance is associated with an interface. The ip binding vpn-instance Associate a VPN instance ip binding vpn-instance command clears the IP address of with the interface. vpn-instance-name the interface.
Page 190: Configuring Routing Between A Pe And A Ce
Step Command Remarks By default, all routes matching the import target attribute are accepted. Make sure the routing policy Apply an import routing already exists. Otherwise, the import route-policy route-policy policy. device does not filter received routes. For information about routing policies, see Layer 3—IP Routing Configuration Guide.
Page 191 Step Command Remarks By default, no IPv6 static route is configured for a ipv6 route-static vpn-instance VPN instance. s-vpn-instance-name ipv6-address prefix-length Perform this configuration { interface-type interface-number on the PE. On the CE, Configure an IPv6 static [ next-hop-address ] | nexthop-address [ public ] configure a common IPv6 route for a VPN instance.
Page 192 Step Command Remarks Perform this configuration on the PE. On the CE, create a common OSPF process. Create an OSPFv3 process for The maximum number of OSPFv3 ospfv3 [ process-id ] vpn-instance a VPN instance and enter processes for a VPN instance vpn-instance-name OSPFv3 view.
Page 193: Configuring Routing Between Pes
Step Command Remarks Enter system view. system-view Enable BGP and enter BGP bgp as-number view. Enter BGP-VPN view. ip vpn-instance vpn-instance-name peer { group-name | Configure the CE as the VPN By default, no BGP peer is ipv6-address } as-number EBGP peer.
Page 194: Configuring Bgp Vpnv6 Route Control
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number peer { group-name | Configure the remote PE as By default, no BGP peer is ipv6-address } as-number the peer. configured. as-number By default, BGP uses the outbound Specify the source interface peer { group-name | ip-address } interface of the best route destined...
Page 195: Configuring Inter-As Ipv6 Vpn
Step Command Remarks Configure BGP updates sent By default, a BGP update carries peer { group-name | ip-address } to the peer to carry only both public and private AS public-as-only public AS numbers. numbers. Apply a routing policy to peer { group-name | ip-address } routes advertised to or By default, no routing policy is...
Page 196: Configuring Inter-As Ipv6 Vpn Option A
Configuring inter-AS IPv6 VPN option A Inter-AS IPv6 VPN option A applies to scenarios where the number of VPNs and that of VPN routes on the PEs are relatively small. To configure inter-AS IPv6 option A: Configure basic IPv6 MPLS L3VPN on each AS. •...
Page 197: Displaying And Maintaining Ipv6 Mpls L3Vpn
Step Command Remarks Enter BGP-VPNv6 address ipv6-family vpnv6 family view. Enable the PE to exchange By default, the PE does not BGP VPNv6 routing peer ip-address enable exchange labeled routes with any information with the EBGP IPv4 peer/peer group. peer. Configuring the ASBR PEs In the inter-AS IPv6 VPN option C solution, an inter-AS LSP is needed, and the routes advertised between the PEs and ASBRs must carry MPLS label information.
Page 198 Task Command Remarks Display the IPv6 routing table for a VPN instance. For more display ipv6 routing-table vpn-instance information about this command, Available in any view. vpn-instance-name [ verbose ] see Layer 3—IP Routing Command Reference. Display information about a display ip vpn-instance [ instance-name specified VPN instance or all VPN Available in any view.
Page 199: Ipv6 Mpls L3Vpn Configuration Examples
IPv6 MPLS L3VPN configuration examples Configuring IPv6 MPLS L3VPNs Network requirements CE 1 and CE 3 belong to VPN 1. CE 2 and CE 4 belong to VPN 2. VPN 1 uses route target attributes 1 1 1:1. VPN 2 uses route target attributes 222:2. Users of different VPNs cannot access each other.
Page 200 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] interface vlan-interface 13 [PE1-Vlan-interface13] ip address 172.1.1.1 24 [PE1- Vlan-interface13] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Configure the P switch.
Page 201 ip routing-table command. The output shows that the PEs have learned the routes to the loopback interfaces of each other. Take PE 1 as an example: [PE1] display ip routing-table display ip routing-table protocol ospf Summary Count : 5 OSPF Routing table Status : Summary Count : 3 Destination/Mask Proto...
Page 202 [P-ldp] quit [P] interface vlan-interface 13 [P-Vlan-interface13] mpls enable [P-Vlan-interface13] mpls ldp enable [P-Vlan-interface13] quit [P] interface vlan-interface 12 [P-Vlan-interface12] mpls enable [P-Vlan0interface12] mpls ldp enable [P-Vlan-interface12] quit # Configure PE 2. [PE2] mpls lsr-id 3.3.3.9 [PE2] mpls ldp [PE2-ldp] quit [PE2] interface vlan-interface 12 [PE2-Vlan-interface12] mpls enable [PE2-Vlan-interface12] mpls ldp enable...
Page 203 [PE1-vpn-instance-vpn2] quit [PE1] interface vlan-interface 11 [PE1-Vlan-interface11] ip binding vpn-instance vpn1 [PE1-Vlan-interface11] ipv6 address 2001:1::2 96 [PE1-Vlan-interface11] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip binding vpn-instance vpn2 [PE1-Vlan-interface12] ipv6 address 2001:2::2 96 [PE1-Vlan-interface12] quit # Configure PE 2. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 200:1 [PE2-vpn-instance-vpn1] vpn-target 111:1 [PE2-vpn-instance-vpn1] quit...
Page 204 # Configure CE 1. system-view [CE1] bgp 65410 [CE1-bgp] peer 2001:1::2 as-number 100 [CE1-bgp] ipv6-family unicast [CE1-bgp-ipv6] peer 2001:1::2 enable [CE1-bgp-ipv6] import-route direct [CE1-bgp-ipv6] quit [CE1-bgp] quit # Configure the other three CEs (CE 2 through CE 4) in the same way that CE 1 is configured. (Details not shown.) # Configure PE 1.
Page 205 [PE2-bgp] ipv6-family vpnv6 [PE2-bgp-af-vpnv6] peer 1.1.1.9 enable [PE2-bgp-af-vpnv6] quit [PE2-bgp] quit After completing the configurations, execute the display bgp peer vpnv6 command on the PEs. The output shows a BGP peer relationship has been established between the PEs and has reached the Established state.
Page 206: Configuring An Ipv6 Mpls L3Vpn Over A Gre Tunnel
Interface : Vlan12 Cost Destination: 2001:2::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2001:4::/96 Protocol : BGP4+ NextHop : ::FFFF:3.3.3.9 Preference: 255 Interface : Vlan13 Cost Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0...
Page 207 Figure 55 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan-int12 2001:1::1/96 Vlan-int11 172.1.1.2/24 PE 1 Loop0 1.1.1.9/32 Vlan-int12 172.2.1.1/24 Vlan-int12 2001:1::2/96 PE 2 Loop0 2.2.2.9/32 Vlan-int11 172.1.1.1/24 Vlan-int11 2001:2::2/96 Tunnel0 20.1.1.1/24 Vlan-int12 172.2.1.2/24 CE 2 Vlan-int12 2001:2::1/96 Tunnel0...
Page 208 [PE1] tunnel-policy gre1 [PE1-tunnel-policy-gre1] select-seq gre load-balance-number 1 [PE1-tunnel-policy-gre1] quit [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 100:1 [PE1-vpn-instance-vpn1] vpn-target 100:1 both [PE1-vpn-instance-vpn1] tnl-policy gre1 [PE1-vpn-instance-vpn1] quit [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip binding vpn-instance vpn1 [PE1-Vlan-interface12] ipv6 address 2001:1::2 96 [PE1-Vlan-interface12] quit # Configure PE 2.
Page 209 56 bytes from 2001:1::1, icmp_seq=3 hlim=64 time=1.000 ms 56 bytes from 2001:1::1, icmp_seq=4 hlim=64 time=0.000 ms --- 2001:1::1 ping6 statistics --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.000/0.400/1.000/0.490 ms Establish an EBGP peer relationship between PE and CE switches to exchange VPN routes: # Configure CE 1.
Page 210: Configuring Ipv6 Mpls L3Vpn Inter-As Option A
# Configure PE 2 in the same way that PE 1 is configured. (Details not shown.) After completing the configurations, execute the display bgp peer vpnv6 command on the PEs. The output shows that a BGP peer relationship has been established between the PEs and has reached the Established state.
Page 211 Figure 56 Network diagram MPLS backbone MPLS backbone Loop0 Loop0 AS 100 AS 200 Vlan-int12 Vlan-int12 Vlan-int11 Vlan-int11 ASBR-PE 1 ASBR-PE 2 Loop0 Loop0 Vlan-int11 Vlan-int11 PE 2 PE 1 Vlan-int12 Vlan-int12 Vlan-int12 Vlan-int12 CE 1 CE 2 AS 65001 AS 65002 Device Interface...
Page 212 [PE1-Vlan-interface11] quit # Configure basic MPLS on ASBR-PE 1, and enable MPLS LDP for the interface connected to PE 1. system-view [ASBR-PE1] mpls lsr-id 2.2.2.9 [ASBR-PE1] mpls ldp [ASBR-PE1-ldp] quit [ASBR-PE1] interface vlan-interface 11 [ASBR-PE1-Vlan-interface11] mpls enable [ASBR-PE1-Vlan-interface11] mpls ldp enable [ASBR-PE1-Vlan-interface11] quit # Configure basic MPLS on ASBR-PE 2, and enable MPLS LDP for the interface connected to PE 2.
Page 213 [PE1-Vlan-interface12] ip binding vpn-instance vpn1 [PE1-Vlan-interface12] ipv6 address 2001:1::2 96 [PE1-Vlan-interface12] quit # Configure CE 2. system-view [CE2] interface vlan-interface 12 [CE2-Vlan-interface12] ipv6 address 2001:2::1 96 [CE2-Vlan-interface12] quit # Configure PE 2. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance] route-distinguisher 200:2 [PE2-vpn-instance] vpn-target 100:1 both [PE2-vpn-instance] quit [PE2] interface vlan-interface 12...
Page 214 [CE1-bgp] ipv6-family unicast [CE1-bgp-ipv6] peer 2001:1::2 enable [CE1-bgp-ipv6] import-route direct [CE1-bgp-ipv6] quit [CE1-bgp] quit # Configure PE 1. [PE1] bgp 100 [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] peer 2001:1::1 as-number 65001 [PE1-bgp-vpn1] ipv6-family unicast [PE1-bgp-ipv6-vpn1] peer 2001:1::1 enable [PE1-bgp-ipv6-vpn1] import-route direct [PE1-bgp-ipv6-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit...
Page 215: Configuring Ipv6 Mpls L3Vpn Inter-As Option C
[ASBR-PE1-bgp-vpn1] peer 2002:1::2 as-number 200 [ASBR-PE1-bgp-vpn1] ipv6-family unicast [ASBR-PE1-bgp-ipv6-vpn1] peer 2002:1::2 enable [ASBR-PE1-bgp-ipv6-vpn1] quit [ASBR-PE1-bgp-vpn1] quit [ASBR-PE1-bgp] peer 1.1.1.9 as-number 100 [ASBR-PE1-bgp] peer 1.1.1.9 connect-interface loopback 0 [ASBR-PE1-bgp] ipv6-family vpnv6 [ASBR-PE1-bgp-vpnv6] peer 1.1.1.9 enable [ASBR-PE1-bgp-vpnv6] quit [ASBR-PE1-bgp] quit # Configure ASBR-PE 2. [ASBR-PE2] bgp 200 [ASBR-PE2-bgp] ip vpn-instance vpn1 [ASBR-PE2-bgp-vpn1] peer 2002:1::1 as-number 100...
Page 216 ASBR-PE 1 and ASBR-PE 2 use their respective routing policies and label the routes received from each other. ASBR-PE 1 and ASBR-PE 2 use MP-EBGP to exchange labeled IPv4 routes. Figure 57 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0...
Page 217 # Configure interface Loopback 0, and start IS-IS on it. [PE1] interface loopback 0 [PE1-LoopBack0] ip address 2.2.2.9 32 [PE1-LoopBack0] isis enable 1 [PE1-LoopBack0] quit # Create VPN instance vpn1, and configure the RD and route target attributes for it. [PE1] ip vpn-instance vpn1 [PE1-vpn-instance-vpn1] route-distinguisher 11:11 [PE1-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity...
Page 218 [ASBR-PE1] isis 1 [ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00 [ASBR-PE1-isis-1] quit # Configure an LSR ID, and enable MPLS and LDP. [ASBR-PE1] mpls lsr-id 3.3.3.9 [ASBR-PE1] mpls ldp [ASBR-PE1-ldp] quit # Configure interface VLAN-interface 11, and enable IS-IS, MPLS, and LDP on the interface. [ASBR-PE1] interface vlan-interface 11 [ASBR-PE1-Vlan-interface11] ip address 1.1.1.1 255.0.0.0 [ASBR-PE1-Vlan-interface11] isis enable 1...
Page 219 [ASBR-PE1-bgp-ipv4] quit # Apply routing policy policy1 to routes advertised to EBGP peer 11.0.0.1. [ASBR-PE1-bgp] peer 11.0.0.1 as-number 600 [ASBR-PE1-bgp] ipv6-family unicast [ASBR-PE1-bgp-ipv4] peer 11.0.0.1 enable [ASBR-PE1-bgp-ipv4] peer 11.0.0.1 route-policy policy1 export # Enable the capability to advertise labeled routes to and receive labeled routes from EBGP peer 11.0.0.1.
Page 220 [ASBR-PE2-route-policy-policy2-1] quit # Start BGP on ASBR-PE 2, and enable the capability to advertise labeled routes to and receive labeled routes from IBGP peer 5.5.5.9. [ASBR-PE2] bgp 600 [ASBR-PE2-bgp] peer 5.5.5.9 as-number 600 [ASBR-PE2-bgp] peer 5.5.5.9 connect-interface loopback 0 [ASBR-PE2-bgp] ipv6-family unicast [ASBR-PE2-bgp-ipv4] peer 5.5.5.9 enable [ASBR-PE2-bgp-ipv4] peer 5.5.5.9 label-route-capability # Apply routing policy policy2 to routes advertised to IBGP peer 5.5.5.9.
Page 221 [PE2-LoopBack0] isis enable 1 [PE2-LoopBack0] quit # Create VPN instance vpn1, and configure the RD and route target attributes for it. [PE2] ip vpn-instance vpn1 [PE2-vpn-instance-vpn1] route-distinguisher 11:11 [PE2-vpn-instance-vpn1] vpn-target 3:3 import-extcommunity [PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity [PE2-vpn-instance-vpn1] quit # Configure interface Loopback 1, and bind the interface to VPN instance vpn1. [PE2] interface loopback 1 [PE2-LoopBack1] ip binding vpn-instance vpn1 [PE2-LoopBack1] ipv6 address 2001:1::2 128...
Page 222: Configuring Ipv6 Mpls L3Vpn Carrier's Carrier
56 bytes from 2001:1::2, icmp_seq=3 hlim=64 time=0.000 ms 56 bytes from 2001:1::2, icmp_seq=4 hlim=64 time=0.000 ms --- 2001:1::2 ping6 statistics --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.000/0.200/1.000/0.400 ms Configuring IPv6 MPLS L3VPN carrier's carrier Network requirements Configure carrier's carrier for the scenario shown in Figure...
Page 223 PE 3 Loop0 1.1.1.9/32 PE 4 Loop0 6.6.6.9/32 Vlan-int11 2001:1::2/96 Vlan-int11 2001:2::2/96 Vlan-int12 10.1.1.1/24 Vlan-int12 20.1.1.2/24 CE 1 Loop0 2.2.2.9/32 CE 2 Loop0 5.5.5.9/32 Vlan-int12 10.1.1.2/24 Vlan-int11 21.1.1.2/24 Vlan-int11 11.1.1.1/24 Vlan-int12 20.1.1.1/24 PE 1 Loop0 3.3.3.9/32 PE 2 Loop0 4.4.4.9/32 Vlan-int11 11.1.1.2/24 Vlan-int12...
Page 224 Established state. Execute the display isis peer command to see that an IS-IS neighbor relationship has been set up. Take PE 1 as an example: [PE1] display mpls ldp peer Total number of peers: 1 Peer LDP ID State Role KA Sent/Rcvd 4.4.4.9:0 Operational...
Page 225 [PE3-Vlan-interface12] mpls ldp transport-address interface [PE3-Vlan-interface12] quit # Configure CE 1. system-view [CE1] interface loopback 0 [CE1-LoopBack0] ip address 2.2.2.9 32 [CE1-LoopBack0] quit [CE1] mpls lsr-id 2.2.2.9 [CE1] mpls ldp [CE1-ldp] quit [CE1] isis 2 [CE1-isis-2] network-entity 10.0000.0000.0000.0002.00 [CE1-isis-2] quit [CE1] interface loopback 0 [CE1-LoopBack0] isis enable 2 [CE1-LoopBack0] quit...
Page 226 [PE1-Vlan-interface11] mpls ldp enable [PE1-Vlan-interface11] mpls ldp transport-address interface [PE1-Vlan-interface11] quit [PE1] bgp 100 [PE1-bgp] ip vpn-instance vpn1 [PE1-bgp-vpn1] ipv6-family unicast [PE1-bgp-ipv4-vpn1] import isis 2 [PE1-bgp-ipv4-vpn1] quit [PE1-bgp-vpn1] quit [PE1-bgp] quit # Configure CE 1. [CE1] interface vlan-interface11 [CE1-Vlan-interface11] ip address 11.1.1.1 24 [CE1-Vlan-interface11] isis enable 2 [CE1-Vlan-interface11] mpls enable [CE1-Vlan-interface11] mpls ldp enable...
Page 227 [PE3-bgp-vpn1] peer 2001:1::1 as-number 65410 [PE3-bgp-vpn1] ipv6-family unicast [PE3-bgp-ipv6-vpn1] peer 2001:1::1 enable [PE3-bgp-ipv6-vpn1] import-route direct [PE3-bgp-ipv6-vpn1] quit [PE3-bgp-vpn1] quit [PE3-bgp] quit # Configure PE 4 and CE 4 in the same way that PE 3 and CE 3 are configured. (Details not shown.) Establish an MP-IBGP peer relationship between PEs of the customer carrier to exchange the VPN routes of the customer carrier's customers:...
Page 228 6.6.6.9/32 4.4.4.9 NULL0 10.1.1.0/24 ISIS 11.1.1.1 Vlan11 11.1.1.0/24 Direct 0 11.1.1.1 Vlan11 11.1.1.1/32 Direct 0 127.0.0.1 InLoop0 11.1.1.2/32 Direct 0 11.1.1.2 Vlan11 20.1.1.0/24 4.4.4.9 NULL0 21.1.1.0/24 4.4.4.9 NULL0 21.1.1.2/32 4.4.4.9 NULL0 # Execute the display ip routing-table command on CE 1 and CE 2. The output shows that the internal routes of the customer carrier network are present in the public network routing table.
Page 229 Destination: 2001:2::/96 Protocol : BGP4+ NextHop : ::FFFF:606:609 Preference: 0 Interface : NULL0 Cost Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost # PE 3 and PE 4 can ping each other.
Page 230: Configuring Mpls L2Vpn
"Configuring VPLS." Hardware compatibility To establish MPLS L2VPNs, an HP 10500 switch must have an EA, EB, SE, or SF card that connects to the customer and provider networks. Overview MPLS L2VPN is an implementation of Pseudo Wire Emulation Edge-to-Edge (PWE3). It offers Layer 2 VPN services over an MPLS or IP backbone.
Page 231: Mpls L2Vpn Connection Establishment
Figure 59 Remote connection model MPLS L2VPN connection establishment To set up an MPLS L2VPN connection: Set up a public tunnel to carry one or more PWs between PEs: The public tunnel can be an LSP, MPLS TE, or GRE tunnel. If multiple public tunnels exist between two PEs, you can configure a tunnel policy to control tunnel selection.
Page 232: Ethernet Over Mpls
Ethernet over MPLS Ethernet over MPLS is implemented as follows: Bind a service instance on a Layer 2 Ethernet interface to a PW. Packets that are received from the Layer 2 Ethernet interface and meet the match criteria of the service instance are forwarded to the bound PW. You can configure flexible match criteria for the service instance.
Page 233: Multi-Segment Pw
Figure 61 PW redundancy The MPLS L2VPN determines whether the primary PW fails according to the LDP session status or the BFD result. The backup PW is used when one of the following conditions exist: • The primary PW goes down because the public tunnel of the primary PW is deleted, or BFD detects that the public tunnel has failed.
Page 234 Figure 62 Multi-segment PW MPLS or IP backbone PE 3 PE 2 PW 2 PE 1 PE 4 CE 1 CE 2 Multi-segment PWs include intra-domain multi-segment PWs and inter-domain multi-segment PWs. Intra-domain multi-segment PW An intra-domain multi-segment PW comprises concatenated PWs within an AS. You can create an intra-domain multi-segment PW between two PEs that have no public tunnel to each other.
Page 235: Mpls L2Vpn Configuration Task List
Inter-domain multi-segment PW An inter-domain multi-segment PW includes concatenated PWs in different ASs. It is a method for inter-AS option B networking. As shown in Figure 64, you can create an inter-domain multi-segment PW between PE 1 and PE 2 in different ASs by concatenating PW 1 and PW 2 on ASBR 1 and concatenating PW 2 and PW 3 on ASBR 2.
Page 236: Enabling L2Vpn
Tasks at a glance Remarks (Required.) Configuring a cross-connect Configuring a Choose a PW configuration • method depending on the MPLS (Optional.) Configuring a PW class L2VPN implementation. • (Required.) Choose either of the following tasks to configure a PW: Skip these tasks for local Configuring a static PW connection configuration.
Page 237: Configuring A Service Instance On A Layer 2 Ethernet Interface
Configuring a service instance on a Layer 2 Ethernet interface When the PE connects to a CE through a Layer 2 Ethernet interface, you can configure a service instance on the Layer 2 Ethernet interface to match specific packets from the AC. To configure a service instance: Step Command...
Page 238: Configuring A Pw
Configuring a PW Configuring a PW class You can configure PW attributes such as the PW type in a PW class. PWs with the same attributes can reference the same PW class. To configure a PW class: Step Command Remarks Enter system view.
Page 239: Binding An Ac To A Cross-Connect
On the HP 10500 series, an AC is a service instance on a Layer 2 Ethernet interface. After you bind a service instance on a Layer 2 Ethernet interface to a cross-connect, packets that are received from the Layer 2 Ethernet interface and meet the match criteria of the service instance are forwarded to the PW or another AC bound to the cross-connect.
Page 240: Configure Static Pw Redundancy
Configure static PW redundancy Step Command Remarks Enter system view. system-view Enter cross-connect group xconnect-group group-name view. Enter cross-connect view. connection connection-name (Optional.) Specify whether to switch traffic from the By default, traffic is immediately backup PW to the primary switched back from the backup revertive { wtr wtr-time | never } PW when the primary PW...
Page 241: Displaying And Maintaining Mpls L2Vpn
Step Command Remarks Return to user view. return Manually switch traffic to the l2vpn switchover peer ip-address backup PW of the specified pw-id pw-id Displaying and maintaining MPLS L2VPN Task Command Remarks display l2vpn ldp [ peer ip-address [ pw-id Display LDP PW label information.
Page 242 Figure 65 Network diagram Device Interface IP address Device Interface IP address PE 1 Loop0 192.2.2.2/32 Loop0 192.4.4.4/32 Vlan-int20 10.1.1.1/24 Vlan-int30 10.2.2.2/24 PE 2 Loop0 192.3.3.3/32 Vlan-int20 10.1.1.2/24 Vlan-int30 10.2.2.1/24 Configuration procedure Before you perform the following configurations, configure VLANs and add ports to VLANs on switches. Configure CE 1: ...
Page 243 # Configure OSPF on PE 1 for LDP to create LSPs. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 192.2.2.2 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit # Create the service instance 10 on Ten-GigabitEthernet 1/0/1 to match packets with VLAN ID [PE1] interface ten-gigabitethernet1/0/1 [PE1-Ten-GigabitEthernet1/0/1] service-instance 10 [PE1-Ten-GigabitEthernet1/0/1-srv10] encapsulation s-vid 10...
Page 244 [P-Vlan-interface30] quit # Configure OSPF on the P device for LDP to create LSPs. [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 192.4.4.4 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit Configure PE 2: # Configure an LSR ID. ...
Page 245 [PE2] xconnect-group vpna [PE2-xcg-vpna] connection svc [PE2-xcg-vpna-svc] ac interface Ten-GigabitEthernet 1/0/1 service-instance 10 [PE2-xcg-vpna-svc] peer 192.3.3.3 pw-id 3 in-label 100 out-label 200 [PE2-xcg-vpna-svc-192.3.3.3-3] quit [PE2-xcg-vpna-svc] quit [PE2-xcg-vpna] quit Configure CE 2: system-view [CE2] interface ten-gigabitethernet 1/0/1 [CE2-Ten-GigabitEthernet1/0/1] port link-type trunk [CE2-Ten-GigabitEthernet1/0/1] port trunk permit vlan 10 [CE2-Ten-GigabitEthernet1/0/1] quit Verify the configuration...
Page 246: Configuring An Ldp Pw (Vlan Mode)
Configuring an LDP PW (VLAN mode) Network requirements Create an LDP PW between PE 1 and PE 2 over the backbone so VLAN 10 on CE 1 can communicate with VLAN 20 on CE 2. Figure 66 Network diagram Device Interface IP address Device...
Page 247 [PE1-ldp] quit # Configure VLAN-interface 20 connected to the P device and enable LDP on the interface. [PE1] interface vlan-interface 20 [PE1-Vlan-interface20] ip address 10.1.1.1 24 [PE1-Vlan-interface20] mpls enable [PE1-Vlan-interface20] mpls ldp enable [PE1-Vlan-interface20] quit # Configure OSPF on PE 1 for LDP to create LSPs. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255...
Page 248 [P-Vlan-interface20] mpls ldp enable [P-Vlan-interface20] quit # Configure VLAN-interface 30 connected to PE 2 and enable LDP on the interface. [P] interface vlan-interface 30 [P-Vlan-interface30] ip address 10.2.2.2 24 [P-Vlan-interface30] mpls enable [P-Vlan-interface30] mpls ldp enable [P-Vlan-interface30] quit # Configure OSPF on the P device for LDP to create LSPs. [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.255...
Page 249 [PE2-Ten-GigabitEthernet1/0/1-srv10]encapsulation s-vid 10 [PE2-Ten-GigabitEthernet1/0/1-srv10] quit [PE2-Ten-GigabitEthernet1/0/1] quit # Create a cross-connect group named vpna, create a cross-connect named svc in the group, bind the service instance 10 on Ten-GigabitEthernet 1/0/1 to the cross-connect, and create a static PW for the cross-connect to bind the AC to the PW. [PE2] xconnect-group vpna [PE2-xcg-vpna] connection svc [PE2-xcg-vpna-svc] ac interface Ten-GigabitEthernet 1/0/1 service-instance 10...
Page 250: Configuring An Ldp Pw (Flexible Mode)
--- 100.1.1.2 ping statistics --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/stddev = 0.125/0.148/0.176/0.022 ms Configuring an LDP PW (flexible mode) Network requirements Create an LDP PW between PE 1 and PE 2, and use flexible mode to match specific packets from each AC so CE 1 and CE 2 can communicate within VLAN 10 without consuming VLAN resources on PEs.
Page 251 [PE1] l2vpn enable # Enable global LDP. [PE1] mpls ldp [PE1-ldp] quit # Configure VLAN-interface 23 connected to the P device and enable LDP on the interface. [PE1] interface vlan-interface 23 [PE1-Vlan-interface23] ip address 23.1.1.1 24 [PE1-Vlan-interface23] mpls enable [PE1-Vlan-interface23] mpls ldp enable [PE1-Vlan-interface23] quit # Configure OSPF on PE 1 for LDP to create LSPs.
Page 252 [P-Vlan-interface23] ip address 23.1.1.2 24 [P-Vlan-interface23] mpls enable [P-Vlan-interface23] mpls ldp enable [P-Vlan-interface23] quit # Configure VLAN-interface 26 connected to PE 2 and enable LDP on the interface. [P] interface vlan-interface 26 [P-Vlan-interface26] ip address 26.2.2.2 24 [P-Vlan-interface26] mpls enable [P-Vlan-interface26] mpls ldp enable [P-Vlan-interface26] quit # Configure OSPF on the P device for LDP to create LSPs.
Page 253 [PE2-Ten-GigabitEthernet1/0/1] service-instance 1000 [PE2-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 10 [PE2-Ten-GigabitEthernet1/0/1-srv1000] quit [PE2-Ten-GigabitEthernet1/0/1] quit # Create a cross-connect group named vpn1, create a cross-connect named ldp in the group, bind service instance 1000 on Ten-GigabitEthernet 1/0/1 to the cross-connect, and create an LDP PW for the cross-connect to bind the AC to the PW.
Page 254: Configuring Ldp Pw Redundancy
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/stddev = 3.000/8.000/19.000/5.762 ms Configuring LDP PW redundancy Network requirements Create two LDP PWs to implement PW redundancy between CE 1 and CE 2. The primary PW goes through PE 1—PE 2. The backup PW goes through PE 1—PE 3. When the primary PW fails, CE 1 and CE 2 communicate through the backup PW.
Page 255 [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.1 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.1 # Enable global MPLS LDP. [PE1] mpls ldp [PE1-ldp] quit # Create LDP sessions to PE 2 and PE 3. [PE1] interface vlan-interface 12 [PE1-Vlan-interface12] ip address 12.1.1.1 24 [PE1-Vlan-interface12] mpls enable [PE1-Vlan-interface12] mpls ldp enable [PE1-Vlan-interface12] quit...
Page 256 [PE1] quit Configure PE 2: # Configure LSR ID. system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 2.2.2.2 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 2.2.2.2 # Enable global MPLS LDP. [PE2] mpls ldp [PE2-ldp] quit # Create an LDP session to PE 1. [PE2] interface vlan-interface 12 [PE2-Vlan-interface12] ip address 12.1.1.2 24 [PE2-Vlan-interface12] mpls enable...
Page 257 # Configure an LSR ID. system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 3.3.3.3 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 3.3.3.3 # Enable global MPLS LDP. [PE3] mpls ldp [PE3-ldp] quit # Create an LDP session to PE 3 . [PE3] interface vlan-interface 13 [PE3-Vlan-interface13] ip address 13.1.1.3 24 [PE3-Vlan-interface13] mpls enable...
Page 258 [CE2-Vlan-interface10] quit Verify the configuration # Display L2VPN PW information on PE 1. The output shows that two LDP PWs have been established. display l2vpn pw Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon Total number of PWs: 2, 1 up, 1 blocked, 0 down, 0 defect Xconnect-group Name: vpna Peer...
Page 259: Configuring An Intra-Domain Multi-Segment Pw
Peer PW ID In/Out Label Proto Flag Link ID State 1.1.1.1 65655/65669 # CE 1 and CE 2 can ping each other. [CE1] ping 100.1.1.2 PING 100.1.1.2 (100.1.1.2): 56 data bytes 56 bytes from 100.1.1.2: icmp_seq=0 ttl=255 time=6.000 ms 56 bytes from 100.1.1.2: icmp_seq=1 ttl=255 time=3.000 ms 56 bytes from 100.1.1.2: icmp_seq=2 ttl=255 time=6.000 ms 56 bytes from 100.1.1.2: icmp_seq=3 ttl=255 time=4.000 ms 56 bytes from 100.1.1.2: icmp_seq=4 ttl=255 time=6.000 ms...
Page 260 Figure 69 Network diagram Device Interface IP address Device Interface IP address CE 1 Vlan-int10 100.1.1.1/24 Loop0 192.4.4.4/32 PE 1 Loop0 192.2.2.2/32 Vlan-int23 23.1.1.2/24 Vlan-int23 23.1.1.1/24 Vlan-int26 26.2.2.2/24 CE 2 Vlan-int10 100.1.1.2/24 PE 2 Loop0 192.3.3.3/32 Vlan-int26 26.2.2.1/24 Configuration procedure Before you perform the following configurations, configure VLANs and add ports to VLANs on CEs.
Page 261 # Create a cross-connect group named vpn1, create a cross-connect named ldp in the group, bind service instance 1000 on Ten-GigabitEthernet 1/0/1 to the cross-connect, and create an LDP PW for the cross-connect to bind the AC to the PW. [PE1] xconnect-group vpn1 [PE1-xcg-vpn1] connection ldp [PE1-xcg-vpn1-ldp] ac interface ten-gigabitethernet1/0/1 service-instance 1000...
Page 262 [PE2-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 10 [PE2-Ten-GigabitEthernet1/0/1-srv1000] quit [PE2-Ten-GigabitEthernet1/0/1] quit # Create a cross-connect group named vpn1, create a cross-connect named svc in the group, bind service instance 1000 on Ten-GigabitEthernet 1/0/1 to the cross-connect, and create a static PW for the cross-connect to bind the AC to the PW. [PE2] xconnect-group vpn1 [PE2-xcg-vpn1] connection svc [PE2-xcg-vpn1-svc] ac interface ten-gigabitethernet1/0/1 service-instance 1000...
Page 263: Configuring An Inter-Domain Multi-Segment Pw
# CE 1 and CE 2 can ping each other. [CE1] ping 100.1.1.2 56 bytes from 100.1.1.2: icmp_seq=0 ttl=255 time=7.000 ms 56 bytes from 100.1.1.2: icmp_seq=1 ttl=255 time=3.000 ms 56 bytes from 100.1.1.2: icmp_seq=2 ttl=255 time=3.000 ms 56 bytes from 100.1.1.2: icmp_seq=3 ttl=255 time=3.000 ms 56 bytes from 100.1.1.2: icmp_seq=4 ttl=255 time=3.000 ms --- 100.1.1.2 ping statistics --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss...
Page 264 Configure PE 1: system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 192.1.1.1 32 [PE1-LoopBack0] quit # Configure an LSR ID. [PE1] mpls lsr-id 192.1.1.1 # Enable L2VPN. [PE1] l2vpn enable # Enable global LDP. [PE1] mpls ldp [PE1-ldp] quit # Configure VLAN-interface 23 connected to ASBR 1 and enable LDP on the interface.
Page 265 [ASBR1-LoopBack0] quit # Configure an LSR ID. [ASBR1] mpls lsr-id 192.2.2.2 # Enable L2VPN. [ASBR1] l2vpn enable # Enable global LDP. [ASBR1] mpls ldp [ASBR1-ldp] quit # Configure VLAN-interface 23 connected to PE 1 and enable LDP on the interface. [ASBR1] interface vlan-interface 23 [ASBR1-Vlan-interface23] ip address 23.1.1.2 24 [ASBR1-Vlan-interface23] mpls enable...
Page 266 [ASBR1-xcg-vpn1-ldp] peer 192.3.3.3 pw-id 1000 [ASBR1-xcg-vpn1-ldp-192.3.3.3-1000] quit [ASBR1-xcg-vpn1-ldp] quit [ASBR1-xcg-vpn1] quit Configure ASBR 2: system-view [ASBR2] interface loopback 0 [ASBR2-LoopBack0] ip address 192.3.3.3 32 [ASBR2-LoopBack0] quit # Configure an LSR ID. [ASBR2] mpls lsr-id 192.3.3.3 # Enable L2VPN. [ASBR2] l2vpn enable # Enable global LDP.
Page 267 [ASBR2-route-policy-policy1-1] apply mpls-label [ASBR2-route-policy-policy1-1] quit # Create a cross-connect group named vpn1, create a cross-connect named ldp in the group, and create two LDP PWs for the cross-connect to form a multi-segement PW. [ASBR2] xconnect-group vpn1 [ASBR2-xcg-vpn1] connection ldp [ASBR2-xcg-vpn1-ldp] peer 192.2.2.2 pw-id 1000 [ASBR2-xcg-vpn1-ldp-192.2.2.2-1000] quit [ASBR2-xcg-vpn1-ldp] peer 192.4.4.4 pw-id 1000 [ASBR2-xcg-vpn1-ldp-192.4.4.4-1000] quit...
Page 268 # Create a cross-connect group named vpn1, create a cross-connect named ldp in the group, bind service instance 1000 on Ten-GigabitEthernet 1/0/1 to the cross-connect, and create an LDP PW for the cross-connect to bind the AC to the PW. [PE2] xconnect-group vpn1 [PE2-xcg-vpn1] connection ldp [PE2-xcg-vpn1-ldp] ac interface ten-gigabitethernet1/0/1 service-instance 1000...
Page 269 [PE2] display l2vpn pw Flags: M - main, B - backup, H - hub link, S - spoke link, N - no split horizon Total number of PWs: 1, 1 up, 0 blocked, 0 down, 0 defect Xconnect-group Name: vpn1 Peer PW ID In/Out Label...
Page 270: Configuring Vpls
Configuring VPLS Hardware compatibility To run VPLS, an HP 10500 switch must use an EA, EB, SE, or SF card to connect the customer and provider networks. Overview Virtual Private LAN Service (VPLS) provides point-to-multipoint L2VPN services over an MPLS or IP backbone.
Page 271: Vpls Implementation
AC—An attachment circuit, physical or virtual, connects a CE and a PE, such as an Ethernet link or • a VLAN. On the HP 10500 series, an AC is a service instance on a Layer 2 Ethernet port. PW—A pseudowire is a bidirectional virtual connection between two PEs. An MPLS PW consists of •...
Page 272 If the source MAC address of a packet from a CE does not exist in the MAC address table, the PE learns the source MAC address on the AC connected to the CE. • Learning the source MAC addresses of remote sites connected through PWs A VSI regards a PW as a logical Ethernet interface.
Page 273: Pe Dual Homing
After a PE receives a unicast packet from a PW, the PE searches the MAC address table of the VSI bound to the PW to determine how to forward this packet. • If a match is found, the PE forwards the packet according to the matching entry. If the outgoing interface in the entry is a local interface, the PE directly forwards the packet to the local interface.
Page 274: Vpls Configuration Task List
Figure 73 PE dual homing VPLS uses the backup U-PW if one of the following conditions exists: The tunnel over which the primary PW is established is deleted, causing the primary PW to go • down. BFD detects that the primary PW fails. •...
Page 275: Enabling L2Vpn
Tasks at a glance Remarks Configuring a • (Optional.) Configuring a PW class Choose a PW configuration method depending on the VPLS • (Required.) Choose either of the following tasks to configure a PW: implementation. Configuring a static PW Configuring an LDP PW (Required.) Binding an AC to a VSI (Optional.)
Page 276: Configuring A Vsi
Step Command Remarks • Match all incoming packets: encapsulation default • Match incoming packets with any VLAN ID or no VLAN ID: Use one of the commands. Configure match criteria for encapsulation { tagged | By default, no match criteria are the service instance.
Page 277: Configuring An Ldp Pw
Step Command Remarks Enter system view. system-view Enter VSI view. vsi vsi-name Configure the VSI to By default, no PW signaling protocol is establish a static PW, pwsignaling static specified. and enter VSI static view. peer ip-address pw-id pw-id Configure a VPLS PW in-label label-value out-label and enter VSI static PW label-value [ pw-class...
Page 278: Configuring Pe Dual Homing
Step Command Remarks Enter Layer 2 Ethernet interface interface-type interface-number interface view. Create an Ethernet By default, no Ethernet service service instance and service-instance instance-id instance exist on a Layer 2 enter Ethernet service Ethernet interface. instance view. Bind the Ethernet service xconnect vsi vsi-name [ access-mode By default, a service instance is instance to a VSI.
Page 279: Configuring A Dual-Homed Pe With Redundant Ldp Pws
Configuring a dual-homed PE with redundant LDP PWs Step Command Remarks Enter system view. system-view Enter VSI view. vsi vsi-name Configure the VSI to LDP to By default, no PW signaling establish PWs, and enter VSI pwsignaling ldp protocol is specified for the LDP view.
Page 280: Vpls Configuration Examples
Task Command Display L2VPN forwarding information (in IRF display l2vpn forwarding { ac | pw } [ vsi vsi-name ] [ chassis mode). chassis-number slot slot-number ] [ verbose ] Display MAC address table information for display l2vpn mac-address [ vsi vsi-name ] [ dynamic ] one or all VSIs.
Page 281 # Configure an LSR ID. system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.9 # Enable L2VPN. [PE1] l2vpn enable # Enable global LDP. [PE1] mpls ldp [PE1-ldp] quit # Configure VLAN-interface 20 connected to PE 2 and enable LDP on the interface. [PE1] interface vlan-interface 20 [PE1-Vlan-interface20] ip address 20.1.1.1 24 [PE1-Vlan-interface20] mpls enable...
Page 282 [PE1-Ten-GigabitEthernet1/0/1-srv10] xconnect vsi svc [PE1-Ten-GigabitEthernet1/0/1-srv10] quit Configure PE 2: # Configure an LSR ID. system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 2.2.2.9 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 2.2.2.9 # Enable L2VPN. [PE2] l2vpn enable # Enable global LDP. [PE2] mpls ldp [PE2-ldp] quit # Configure VLAN-interface 20 connected to PE 1 and enable LDP on the interface.
Page 283 [PE2] interface ten-gigabitethernet1/0/1 [PE2-Ten-GigabitEthernet1/0/1] service-instance 10 [PE2-Ten-GigabitEthernet1/0/1-srv10] encapsulation default [PE2-Ten-GigabitEthernet1/0/1-srv10] xconnect vsi svc [PE2-Ten-GigabitEthernet1/0/1-srv10] quit Configure PE 3: # Configure an LSR ID. system-view [PE3] interface loopback 0 [PE3-LoopBack0] ip address 3.3.3.9 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 3.3.3.9 # Enable L2VPN.
Page 284: Ldp Pw Configuration Example
[PE3-vsi-svc] quit # Create service instance 10 on Ten-GigabitEthernet1/0/1 to match all packets, and bind the service instance to the VSI svc. [PE3] interface ten-gigabitethernet1/0/1 [PE3-Ten-GigabitEthernet1/0/1] service-instance 10 [PE3-Ten-GigabitEthernet1/0/1-srv10] encapsulation default [PE3-Ten-GigabitEthernet1/0/1-srv10] xconnect vsi svc [PE3-Ten-GigabitEthernet1/0/1-srv10] quit Verifying the configuration # Execute the display l2vpn pw verbose command on PE 1.
Page 285 Figure 75 Network diagram Configuration procedure Configure an IGP and a public tunnel on each PE. (Details not shown.) Configure PE 1: # Configure basic MPLS. system-view [PE1] interface loopback 0 [PE1-LoopBack0] ip address 1.1.1.9 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.9 [PE1] mpls ldp [PE1-ldp] quit # Enable L2VPN.
Page 286 [PE1-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi aaa [PE1-Ten-GigabitEthernet1/0/1-srv1000] quit [PE1-Ten-GigabitEthernet1/0/1] quit Configure PE 2: # Configure basic MPLS. system-view [PE2] interface loopback 0 [PE2-LoopBack0] ip address 2.2.2.9 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 2.2.2.9 [PE2] mpls ldp [PE2-ldp] quit # Enable L2VPN. [PE2] l2vpn enable # Configure VSI aaa that uses LDP as the PW signaling protocol, and establish a PW with PE 1 and PE 3, respectively.
Page 287 [PE3] vsi aaa [PE3-vsi-aaa] pwsignal ldp [PE3-vsi-aaa-ldp] peer 1.1.1.9 pw-id 500 [PE3-vsi-aaa-ldp-1.1.1.9-500] quit [PE3-vsi-aaa-ldp] peer 2.2.2.9 pw-id 500 [PE3-vsi-aaa-ldp-2.2.2.9-500] quit [PE3-vsi-aaa-ldp] quit [PE3-vsi-aaa] quit # Create service instance 10 on Ten-GigabitEthernet1/0/1, and bind the service instance to the VSI aaa. [PE3] interface ten-gigabitethernet 1/0/1 [PE3-Ten-GigabitEthernet1/0/1] service-instance 1000 [PE3-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 100...
Page 288 Peer: 3.3.3.9 PW ID: 500 Signaling Protocol : LDP Link ID PW State : Up In Label : 131092 Out Label: 131095 : 1500 PW Attributes : Main Tunnel Group ID : 0x1800000760000011 Tunnel NHLFE IDs : 138 [PE3] display l2vpn pw verbose VSI Name: aaa Peer: 1.1.1.9 PW ID: 500...
Page 289: Support And Other Resources
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals • For related documentation, navigate to the Networking section, and select a networking category.
Page 290: Conventions
• HP manuals http://www.hp.com/support/manuals HP download drivers and software http://www.hp.com/support/downloads • HP software depot http://www.software.hp.com • HP Education http://www.hp.com/learn • Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.
Page 291 Convention Description An alert that provides helpful information. Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Page 292: Index
Index LDP label advertisement policy, 68 MPLS L2VPN AC configuration, 230 MPLS egress label type advertisement, 50 MPLS L2VPN AC Layer 2 interface, 230 MPLS L3VPN basic configuration, 104 MPLS L2VPN AC service instance on Layer 2 MPLS L3VPN HoVPN configuration, 1 18 Ethernet interface, 231 routing information (MPLS L3VPN), 89 MPLS L2VPN AC/cross-connect binding, 233...
Page 293 MPLS L3VPN inter-AS VPN B, 93 IPv6 MPLS L3VPN VPN instance route related attributes, 183 MPLS L3VPN inter-AS VPN C, 93 MPLS L3VPN BGP export target attribute, 89 MPLS L3VPN inter-AS VPN configuration, 1 14 MPLS L3VPN BGP import target attribute, 89 MPLS L3VPN inter-AS...
Page 294 MPLS L3VPN HoVPN configuration, 1 18, 167 IPv6 MPLS L3VPN PE/CE IPv6 IS-IS configuration, 186 MPLS L3VPN inter-AS option A configuration, IPv6 MPLS L3VPN PE/CE OSPFv3 configuration, MPLS L3VPN inter-AS option B configuration, IPv6 MPLS L3VPN PE/CE RIPng configuration, MPLS L3VPN inter-AS option C configuration, IPv6 MPLS L3VPN PE/CE routing configuration, MPLS L3VPN MP-BGP, 89 IPv6 MPLS L3VPN PE/CE static routing...
Page 295 class IPv6 MPLS L3VPN BGP VPNv6 route control, MPLS FEC, 45 IPv6 MPLS L3VPN carrier's carrier, 216 MPLS L2VPN PW configuration, 232 IPv6 MPLS L3VPN inter-AS IPv6 VPN, 189, 190 VPLS PW class configuration, 270 IPv6 MPLS L3VPN inter-AS IPv6 VPN option C, concept MPLS L3VPN, 2 IPv6 MPLS L3VPN inter-AS IPv6 VPN option C...
Page 296 LDP Hello parameters, 64 MPLS L2VPN PW, 232 LDP label acceptance control, 76 MPLS L2VPN PW class, 232 LDP label acceptance policy, 69 MPLS L2VPN PW redundancy, 233 LDP label advertisement control, 80 MPLS L2VPN static PW, 232, 235 LDP label advertisement policy, 68 MPLS L2VPN static PW redundancy, 234 LDP label distribution control mode, 68 MPLS L3VPN, 87, 104, 121...
Page 297 MPLS L3VPN VPN instance, 105 VPN instance (IPv6 MCE), 28 MPLS L3VPN VPN instance route related VPN instance (MCE), 5 attribute, 106 VPN instance route related attribute (IPv6 MCE), MPLS L3VPN/GRE tunnel, 129 MPLS MTU, 50 VPN instance route related attribute (MCE), 5 MPLS TTL propagation, 51 VPN label processing mode on egress PE, 1 19 MPLS tunnel policy, 85, 86...
Page 298 IPv6 MPLS L3VPN inter-AS option MPLS L3VPN inter-AS option A configuration, configuration, 209 IPv6 MPLS L3VPN PE/CE EBGP configuration, MPLS L3VPN inter-AS option B configuration, IPv6 MPLS L3VPN PE/CE IPv6 IS-IS MPLS L3VPN inter-AS option C configuration, configuration, 186 IPv6 MPLS L3VPN PE/CE OSPFv3 configuration, MPLS L3VPN nested VPN configuration, 157 MPLS L3VPN PE/CE EBGP configuration, 109 IPv6 MPLS L3VPN PE/CE RIPng configuration,...
Page 299 MPLS L3VPN, 120, 191 LDP globally, 64 MPLS tunnel information, 86 LDP on interface, 64 static LSPs, 55 MPLS, 49 VPLS, 273 MPLS L2VPN, 230 distributing MPLS TTL-expired message sending, 52 LDP label distribution control, 68 Ethernet LDP label distribution control modes, 61 MPLS L2VPN Ethernet over MPLS, 226 dual homing exporting...
Page 300 equivalence class. Use FEC network model, 100 IPv6 MPLS L3VPN packet forwarding, 180 recursion, 101 LDP GR, 62 hub and spoke MPLS FEC, 45 MPLS L3VPN networking scheme, 91 MPLS FEC label format, 45 hub-spoke networking MPLS forwarding plane, 46 VPLS PW LDP configuration, 271 MPLS L3VPN packet forwarding, 90 VPLS PW static configuration, 270...
Page 301 configuring VPN route related attribute (MCE), LDP label advertisement policy, 68 LDP label control, 60 creating VPN (IPv6 MCE), 28 LDP label distribution, 60 creating VPN (MCE), 5 LDP label distribution control mode, 68 MPLS L3VPN VPN instance configuration, 105 LDP loop detection, 70 MPLS L3VPN VPN instance creation, 105 LDP LSP generation policy, 67...
Page 302 configuring EBGP between IPv6 MCE and VPN configuration, 179, 181, 193 site, 33 functions, 181 configuring IBGP between IPv6 MCE and PE, 38 GRE tunnel configuration, 200 configuring IBGP between IPv6 MCE and VPN inter-AS IPv6 VPN configuration, 189, 190 site, 34 inter-AS IPv6...
Page 303 MPLS L3VPN inter-AS VPN, 93 MPLS L3VPN. See MPLS L3VPN MPLS L3VPN nested VPN, 98 keepalive parameters (LDP), 65 backoff parameter configuration, 66 L3VPN technology configuration, 58, 63, 73 MPLS L3VPN, 1 configuring dual-homed PE with redundant PWs (VPLS), 273 label.
Page 304 MD5 authentication, 67 learning MAC address (VPLS), 265 message types, 58 level MPLS L2VPN inter-domain multi-segment PW MPLS L3VPN Level 1 carrier, 96 configuration, 257 MPLS L3VPN Level 2 carrier, 96 MPLS L2VPN intra-domain multi-segment PW LFIB configuration, 253 FTN map, 46 MPLS L2VPN flexible...
Page 305 MPLS TTL propagation, 51 mapping MPLS tunnel policy configuration, 85, 86 LDP configuration, 58, 63, 73 static configuration, 54, 55 LDP GR, 62 static LSP establishment, 47 LDP label acceptance control, 76 LDP label advertisement control, 80 LDP configuration, 58, 63, 73 LDP label control, 60 LDP FEC, 58 LDP label distribution, 60...
Page 306 configuring static routing between MCE and PE, LDP label retention liberal mode, 61 MPLS configuring static routing between MCE and basic concepts, 45 VPN site, 7 basic configuration, 45, 49 configuring VPN instance, 5 control plane, 46 configuring VPN instance route related attribute, displaying, 53 egress label type advertisement, 50 creating VPN instance, 5...
Page 307 TTL propagation, 51 VPLS configuration, 264, 268, 274 TTL-expired message sending, 52 VPLS PW LDP configuration, 278 MPLS L2VPN VPLS PW static configuration, 274 AC configuration, 230 MPLS L3VPN AC Layer 2 interface, 230 address space overlapping, 2, 88 AC service instance on Layer 2 Ethernet basic configuration, 104, 121 interface, 231 BGP AS number substitution, 103...
Page 308 inter-AS VPN option B configuration, 1 14 site, 2, 87 inter-AS VPN option C ASBR PE configuration, specifying VPN label processing mode on 1 16 egress PE, 1 19 inter-AS VPN option C ASBR routing policy VPN instance, 2, 88 configuration, 1 16 VPN instance configuration, 105 inter-AS VPN option C configuration, 1 15...
Page 309 MPLS L3VPN inter-AS option B configuration, displaying tunnel information, 86 MPLS L3VPN inter-AS option C configuration, MPLS configuration, 50 multicast and broadcast traffic forwarding and MPLS L3VPN nested VPN configuration, 157 flooding (VPLS), 266 MPLS L3VPN/GRE tunnel configuration, 129 Multiprotocol Label Switching. Use MPLS MPLS TE multi-segment PW IPv6 MPLS L3VPN basic configuration, 181...
Page 310 configuring EBGP between IPv6 MCE and VPN configuring static routing between MCE and PE, site, 33 configuring EBGP between MCE and PE, 16 configuring static routing between MCE and VPN site, 7 configuring EBGP between MCE and VPN site, configuring VPN instance (IPv6 MCE), 28 configuring IBGP between IPv6 MCE and PE, 38 configuring VPN instance (MCE), 5 configuring IBGP between IPv6 MCE and VPN...
Page 311 IPv6 MPLS L3VPN PE/PE routing configuration, MPLS L2VPN AC service instance on Layer 2 Ethernet interface, 231 IPv6 MPLS L3VPN routing information MPLS L2VPN AC/cross-connect binding, 233 advertisement, 180 MPLS L2VPN connection establishment, 225 IPv6 MPLS L3VPN VPN instance configuration, MPLS L2VPN cross-connect configuration, 231 MPLS L2VPN Ethernet over MPLS, 226 IPv6 MPLS L3VPN VPN instance creation, 182...
Page 312 MPLS L3VPN inter-AS option MPLS L3VPN VPN-IPv4 address, 88 configuration, 1 14 MPLS LFIB, 46 MPLS L3VPN inter-AS option MPLS LSP, 46 configuration, 1 15 MPLS LSP establishment, 47 MPLS L3VPN MP-BGP, 89 MPLS LSR, 46 MPLS L3VPN nested VPN, 98 MPLS MTU configuration, 50 MPLS L3VPN nested VPN configuration, 1 17 MPLS PHP, 48...
Page 313 IPv6 MPLS L3VPN inter-AS option MPLS L3VPN inter-AS option A configuration, configuration, 204 IPv6 MPLS L3VPN inter-AS option MPLS L3VPN inter-AS option B configuration, configuration, 209 IPv6 MPLS L3VPN/GRE tunnel configuration, MPLS L3VPN inter-AS option C configuration, LDP configuration, 58, 63, 73 MPLS L3VPN nested VPN configuration, 157 LDP label acceptance control, 76 MPLS L3VPN/GRE tunnel configuration, 129...
Page 314 IPv6 MPLS L3VPN PE/CE OSPFv3 configuration, MPLS L2VPN Ethernet over MPLS, 226 MPLS L2VPN inter-domain multi-segment PW overview configuration, 257 MCE, 1 MPLS L2VPN intra-domain multi-segment PW configuration, 253 P2MP MPLS L2VPN flexible mode MPLS L2VPN AC/cross-connect binding, 233 configuration, 244 MPLS L2VPN configuration, 224, 229, 235 MPLS L2VPN LDP PW redundancy configuration, MPLS L2VPN connection establishment, 225...
Page 315 LDP keepalive, 65 MPLS L2VPN provider edge device (PE), 224 LDP Link Hello parameter configuration, 64 MPLS L3VPN HoVPN configuration, 1 18 LDP session, 65 MPLS L3VPN inter-AS VPN option C ASBR PE, 1 16 LDP Targeted Hello parameter configuration, 64 MPLS L3VPN inter-AS VPN option C PE, 1 15 path vector (LDP loop detection), 70 MPLS L3VPN Layer 1 label packet forwarding,...
Page 316 PHP (MPLS), 48 configuring IBGP between IPv6 MCE and VPN site, 34 policy configuring IBGP between MCE and PE, 16 IPv6 MPLS L3VPN inter-AS IPv6 VPN option C routing policy configuration, 191 configuring IBGP between MCE and VPN site, LDP label acceptance policy, 69 configuring IPv6 IS-IS between IPv6 MCE and PE, LDP label advertisement policy, 68 LDP LSP generation policy, 67...
Page 317 configuring IPv6 MPLS L3VPN PE/CE RIPng, configuring LDP session parameter (Basic Discovery mechanism), 65 configuring IPv6 MPLS L3VPN PE/CE routing, configuring LDP session parameter (Extended Discovery mechanism), 66 configuring IPv6 MPLS L3VPN PE/CE static configuring LDP session protection, 71 routing, 184 configuring MPLS basic, 49 configuring IPv6 MPLS L3VPN PE/PE routing, configuring MPLS L2VPN, 229, 235...
Page 318 configuring MPLS L3VPN BGP AS number configuring MPLS L3VPN VPN instance route substitution, 174 related attribute, 106 configuring MPLS L3VPN BGP VPNv4 route configuring MPLS L3VPN/GRE tunnel, 129 control, 1 12 configuring MPLS MTU, 50 configuring MPLS L3VPN carrier's carrier, 149 configuring MPLS TTL propagation, 51 configuring MPLS L3VPN HoVPN, 1 18, 167 configuring MPLS tunnel policy, 85, 86...
Page 319 configuring VPN instance (MCE), 5 LDP, 63 configuring VPN instance route related attribute MPLS, 49 (IPv6 MCE), 29 provider configuring VPN instance route related attribute device. See P (MCE), 5 edge device. See PE creating IPv6 MPLS L3VPN VPN instance, 182 pseudowire.
Page 320 MPLS L2VPN PW redundancy, 226 MPLS L2VPN PW redundancy configuration, configuring RIP between MCE and PE, 14 configuring RIP between MCE and VPN site, 7 MPLS L2VPN static redundancy MPLS L3VPN PE/CE RIP configuration, 107 configuration, 234 RIPng MPLS L2VPN static PW configuration, 232, 235 configuring RIPng between IPv6 MCE and PE, redundancy (VPLS), 267 VPLS architecture, 264...
Page 321 configuring IBGP between MCE and PE, 16 configuring routing between MCE and VPN site (IPv6 MCE), 30 configuring IBGP between MCE and VPN site, configuring static routing between MCE and PE, configuring IPv6 IS-IS between IPv6 MCE and PE, configuring static routing between MCE and VPN site, 7 configuring IPv6 IS-IS between IPv6 MCE and VPN site, 32...
Page 322 IPv6 MPLS L3VPN PE/CE RIPng configuration, MPLS L3VPN inter-AS option C configuration, IPv6 MPLS L3VPN PE/CE routing configuration, MPLS L3VPN inter-AS VPN option C ASBR routing policy, 1 16 IPv6 MPLS L3VPN PE/CE static routing MPLS L3VPN MP-BGP, 89 configuration, 184 MPLS L3VPN nested VPN configuration, 157 IPv6 MPLS L3VPN PE/PE routing configuration, MPLS L3VPN nested VPN routing information...
Page 323 setting configuring IPv6 static routing between IPv6 MCE and VPN site, 30 LDP session reset, 72 configuring static routing between MCE and PE, site MPLS L3VPN, 2, 87 configuring static routing between MCE and space VPN site, 7 LDP per-interface label space, 58 switching LDP per-platform label space, 58 MPLS basic configuration, 45, 49...
Page 324 MPLS L2VPN PW redundancy configuration, MPLS L3VPN HoVPN configuration, 1 18 MPLS L2VPN static redundancy virtual configuration, 234 private LAN service. See VPLS MPLS L2VPN static PW configuration, 232, 235 switch instance. See VSI Virtual Private LAN Service. See VPLS LDP session, 58 VLAN timer...
Page 325 PW split horizon forwarding, 267 VPLS traffic flooding, 266 displaying, 273 traffic forwarding, 266 VPLS VPLS with PE dual homing, 267 maintaining, 273 VPLS VPLS configuration, 268 configuration, 274 VPLS VPLS L2VPN enable, 269 PW static configuration, 274 VPLS VPLS AC configuration, 269 PW LDP configuration, 278 VPLS...
Page 326 configuring IBGP between MCE and VPN site, creating instance (IPv6 MCE), 28 creating instance (MCE), 5 configuring instance route related attribute (IPv6 creating PW (VPLS), 265 MCE), 29 hierarchy of VPN. See HoVPN configuring instance route related attribute instance (MPLS L3VPN), 2, 88 (MCE), 5 IPv6 MPLS L3VPN.

HP 10500 Series Configuration Manual

Quick Links

Configuration Guide

Related Manuals for HP 10500 Series

Summary of Contents for HP 10500 Series

Table of Contents