You are on page 1of 364

ZXR10 M6000-S

Carrier-Class Router

Configuration Guide (VPN)


Version: 3.00.10

ZTE CORPORATION
No. 55, Hi-tech Road South, ShenZhen, P.R.China
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
URL: http://support.zte.com.cn
E-mail: support@zte.com.cn

LEGAL INFORMATION
Copyright 2014 ZTE CORPORATION.
The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited.

Additionally, the contents of this document are protected by

contractual confidentiality obligations.


All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.
This document is provided as is, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.
ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.
Users may visit the ZTE technical support website http://support.zte.com.cn to inquire for related information.
The ultimate right to interpret this product resides in ZTE CORPORATION.

Revision History
Revision No.

Revision Date

Revision Reason

R1.0

2014-10-20

First edition.

Serial Number: SJ-20140731105308-013


Publishing Date: 2014-10-20 (R1.0)

SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Contents
About This Manual ......................................................................................... I
Chapter 1 VPN Overview............................................................................ 1-1
Chapter 2 MPLS L2VPN Configuration..................................................... 2-1
2.1 MPLS L2VPN Overview...................................................................................... 2-1
2.2 VPLS Basic Function Configuration ..................................................................... 2-4
2.2.1 VPLS Overview........................................................................................ 2-4
2.2.2 Configuring VPLS..................................................................................... 2-6
2.2.3 VPLS Un-qualified Configuration Instance................................................ 2-12
2.2.4 VPLS Qualified Configuration Instance .................................................... 2-20
2.3 VPLS-MAC Filtering Configuration..................................................................... 2-21
2.3.1 VPLS-MAC Filtering Overview ................................................................ 2-21
2.3.2 Configuring VPLS MAC Filtering.............................................................. 2-21
2.3.3 VPLS-MAC Filter Configuration Instance ................................................. 2-22
2.4 VPWS Basic Function Configuration.................................................................. 2-26
2.4.1 VPWS Overview .................................................................................... 2-26
2.4.2 Configuring VPWS ................................................................................. 2-27
2.4.3 VPWS Configuration Example................................................................. 2-34
2.5 VPWS Heterogeneous Function Configuration ................................................... 2-40
2.5.1 VPWS Heterogeneous Function Overview ............................................... 2-40
2.5.2 Configuring the VPWS Heterogeneous Function ...................................... 2-40
2.5.3 VPWS Heterogeneous Function Configuration Instance............................ 2-41
2.6 MC-ELAM Configuration ................................................................................... 2-45
2.6.1 MC-ELAM Overview ............................................................................... 2-45
2.6.2 Configuring MC-ELAM............................................................................ 2-46
2.6.3 MC-ELAM Configuration Instance ........................................................... 2-49
2.7 CES Service Configuration ............................................................................... 2-55
2.7.1 Overview of CES Services ...................................................................... 2-55
2.7.2 Configuirng CES .................................................................................... 2-55
2.7.3 CES Service Configuration Example........................................................ 2-56
2.8 L2VPN and L3VPN Bridge Function Configuration.............................................. 2-59
2.8.1 L2VPN and L3VPN Bridge Overview ....................................................... 2-59
2.8.2 Configuring L2 VPN and L3 VPN Bridge Function .................................... 2-59
2.8.3 L2VPN and L3VPN Bridge Configuration Instance.................................... 2-62

I
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

2.9 L2VPN FRR Configuration ................................................................................ 2-69


2.9.1 L2VPN FRR Overview ............................................................................ 2-69
2.9.2 Configuring L2 VPN FRR ........................................................................ 2-70
2.9.3 L2VPN FRR Configuration Instance......................................................... 2-73
2.10 MSPW Configuration ...................................................................................... 2-79
2.10.1 MSPW Overview .................................................................................. 2-79
2.10.2 Configuring MSPW ............................................................................... 2-81
2.10.3 MSPW Configuration Instance............................................................... 2-87
2.11 Configuring VPLS Crossing Several Domains (Option C) .................................. 2-91
2.11.1 VPLS Crossing Several Domains (Option C) Overview ........................... 2-91
2.11.2 Configuring VPLS Crossing Several ASs (Option C) ............................... 2-92
2.11.3 Configuration Instance of VPLS Crossing Several Domains (Option C) ..... 2-92
2.12 Configuring VLSS........................................................................................... 2-98
2.12.1 VLSS Overview .................................................................................... 2-98
2.12.2 Configuring VLSS................................................................................. 2-98
2.12.3 VLSS Configuration Example ................................................................ 2-99
2.13 Port Protection Group Configuration ...............................................................2-100
2.13.1 Port Protection Group Overview ...........................................................2-100
2.13.2 Configuring a Port Protection Group .....................................................2-102
2.13.3 Port Protection Group Configuration Example .......................................2-104
2.14 DNI-PW Protection Group Configuration .........................................................2-105
2.14.1 DNI-PW Protection Group Overview .....................................................2-105
2.14.2 Configuring a DNI-PW Protection Group ............................................... 2-114
2.14.3 DNI-PW Protection Group Configuration Example ................................. 2-118
2.15 PW List Configuration ....................................................................................2-124
2.15.1 PW List Overview ................................................................................2-124
2.15.2 Configuring a PW List ..........................................................................2-124
2.15.3 PW List Configuration Example ............................................................2-126
2.16 Independent PW and Independent PW Protection Group Configuration ............2-129
2.16.1 Independent PW and Independent PW Protection Group Overview ........2-129
2.16.2 Configuring an Independent PW and Independent PW Protection
Group..................................................................................................2-129
2.17 Diagnosing PWE3 .........................................................................................2-133

Chapter 3 MPLS L3VPN Configuration..................................................... 3-1


3.1 MPLS L3VPN Basic Function Configuration ......................................................... 3-1
3.1.1 MPLS L3VPN Overview............................................................................ 3-1
3.1.2 Configuring MPLS L3VPN......................................................................... 3-5

II
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

3.1.3 MPLS L3VPN Configuration Examples .................................................... 3-22


3.2 MPLS L3VPN MPLS VPN Route Aggregation Configuration ............................... 3-34
3.2.1 MPLS L3VPN Route Aggregation Overview ............................................. 3-34
3.2.2 Configuring MPLS L3VPN Route Aggregation .......................................... 3-35
3.2.3 MPLS L3VPN Route Aggregation Configuration Instance.......................... 3-36
3.3 L3VPN Route Restriction and Alarm .................................................................. 3-40
3.3.1 L3VPN Route Restriction and Alarm Overview ......................................... 3-40
3.3.2 Configuring L3VPN Route Restriction and Alarm ...................................... 3-42
3.3.3 L3VPN Route Alarm Configuration Instance............................................. 3-43
3.4 Global Static Route Configuration in L3VPN....................................................... 3-49
3.4.1 Global Static Route Overview.................................................................. 3-49
3.4.2 Configuring a Global Static Route............................................................ 3-49
3.4.3 Global Static Route Configuration Example.............................................. 3-50
3.5 L3VPN FRR Configuration ................................................................................ 3-55
3.5.1 L3VPN FRR Overview ............................................................................ 3-55
3.5.2 Configuring L3VPN FRR......................................................................... 3-56
3.5.3 L3VPN FRR Configuration Examples ...................................................... 3-56
3.6 MPLS L3VPN Load Balancing Configuration ...................................................... 3-67
3.6.1 MPLS L3VPN Load Balancing Overview .................................................. 3-67
3.6.2 Configuring MPLS L3VPN VRF Load-Sharing .......................................... 3-69
3.6.3 Configuring MPLS L3VPN MPBGP Load-Sharing..................................... 3-71
3.6.4 MPLS L3VPN Load Balancing Configuration Examples ............................ 3-72
3.7 Configuring MPLS L3VPN Crossing Several ASs ............................................... 3-82
3.7.1 MPLS L3VPN Crossing Several ASs Overview ........................................ 3-82
3.7.2 Configuring MPLS L3VPN Crossing Several ASs ..................................... 3-90
3.7.3 MPLS L3VPN Crossing Several ASs Configuration Examples ................... 3-90
3.8 Label Configuration of each VRF for MPLS L3VPN ........................................... 3-113
3.8.1 VRF Per Label Feature for MPLS L3VPN Overview................................. 3-113
3.8.2 Configuring Label Distribution Per VRF for MPLS L3VPN ........................ 3-114
3.8.3 Configuration Instance of VPN Per Label for MPLS L3VPN...................... 3-114
3.9 MPLS L3VPN GR Configuration ....................................................................... 3-117
3.9.1 MPLS L3VPN GR Overview................................................................... 3-117
3.9.2 Configuring MPLS L3VPN GR................................................................ 3-118
3.9.3 MPLS L3VPN GR Configuration Example ...............................................3-121
3.10 MPLS L3VPN HoPE Configuration .................................................................3-125
3.10.1 MPLS L3VPN HoPE Overview .............................................................3-125
3.10.2 Configuring MPLS L3VPN HoPE ..........................................................3-128

III
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

3.10.3 MPLS L3VPN HoPE Configuration Examples........................................3-129


3.11 BGP Update Group Configuration ...................................................................3-150
3.11.1 BGP Update Group Overview...............................................................3-150
3.11.2 Configuring BGP Update Group............................................................3-151
3.11.3 BGP Update Group Configuration Example ...........................................3-153
3.12 L3VPN Tunnel Policy Configuration ................................................................3-156
3.12.1 L3VPN Tunnel Policy Overview ............................................................3-156
3.12.2 Configuring L3VPN Tunnel Policy .........................................................3-156
3.12.3 L3VPN Tunnel Policy Configuration Example ........................................3-158
3.13 BGP Route-Target Route Configuration ..........................................................3-164
3.13.1 BGP Route-Target Route Overview ......................................................3-164
3.13.2 Configuring a BGP Route-Target Route ................................................3-166
3.13.3 BGP Route-Target Route Configuration Example...................................3-168

Chapter 4 Multicast VPN Configuration ................................................... 4-1


4.1 VPN Multicast Overview ..................................................................................... 4-1
4.2 Configuring VPN Multicast .................................................................................. 4-1
4.3 VPN Multicast Configuration Instance .................................................................. 4-4

Chapter 5 GRE Configuration.................................................................... 5-1


5.1 GRE Overview ................................................................................................... 5-1
5.2 Configuring a GRE Over IPv4 Tunnel .................................................................. 5-3
5.3 Configuring a GRE Over IPv6 Tunnel .................................................................. 5-5
5.4 Configuring a GRE DS-Lite Static Tunnel ............................................................. 5-7
5.5 Configuring a GRE DS-Lite Dynamic Tunnel ........................................................ 5-8
5.6 Configuring GRE Keep-Alive ............................................................................... 5-9
5.7 GRE Configuration Examples.............................................................................5-11
5.7.1 Basic IPv4 GRE Configuration Instance ....................................................5-11
5.7.2 GRE 6over4 Configuration Instance......................................................... 5-14
5.7.3 Basic IPv6 GRE Configuration Example................................................... 5-17

Figures............................................................................................................. I
Tables .............................................................................................................V
Glossary .......................................................................................................VII

IV
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

About This Manual


Purpose
This manual describes the principle, configuration commands and configuration instances
about VPN function of ZXR10 M6000-S.

Intended Audience
This manual is intended for:
l
l
l

Network planning engineers


Commissioning engineers
Maintaining engineers

What Is in This Manual


This manual contains the following chapters:
Chapter 1, VPN Overview

Describes the background, basic feature and advantage of VPN.

Chapter 2, MPLS L2VPN

Describes the MPLS L2VPN principle, configuration commands and

Configuration

configuration instances.

Chapter 3, MPLS L3VPN

Describes the MPLS L3VPN principle, configuration commands and

Configuration

configuration instances.

Chapter 4, Multicast VPN

Describes the Multicast VPN principle, configuration commands and

Configuration

configuration instances.

Chapter 5, GRE Configuration

Describes the GRE principle, configuration commands and


configuration instances.

Conventions
This manual uses the following conventions:
Italics

Variables in commands. It may also refers to other related manuals and documents.

Bold

Menus, menu options, function names, input fields, option button names, check boxes,
drop-down lists, dialog box names, window names, parameters and commands.

Constant

Text that you type, program codes, filenames, directory names, function names.

width
[]

Optional parameters.

{}

Mandatory parameters.

I
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Separates individual parameter in series of parameters.

Danger: indicates an imminently hazardous situation. Failure to comply can result in


death or serious injury, equipment damage, or site breakdown.
Warning: indicates a potentially hazardous situation. Failure to comply can result in
serious injury, equipment damage, or interruption of major services.

Caution: indicates a potentially hazardous situation. Failure to comply can result in


moderate injury, equipment damage, or interruption of minor services.
Note: provides additional information about a certain topic.

II
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 1

VPN Overview
Development of Network Economy
With the social development, the Information Technology (IT) technology is increasingly
affect the business flows of modern businesses. Enterprise resource planning, Internet
Protocol (IP)-based voice, network-based conference and training, and other IT
technologies provide a supportive framework for office automation and information
acquisition. As more and more businesses expand their branches and partners, employee
mobility is also growing. Thus, businesses urgently need the help of telecom carriers'
networks to connect their headquarters with branches in private enterprise networks, so
that remote employees can easily access their company's internal network (intranet).

Defects of Traditional Dedicated Networks


Initially, telecom carriers used leased line to provide layer-2 links for businesses. However,
this mode has some major defects:
l
l
l

Long construction period


High cost
Difficult to manage

Then, with the rise of the Asynchronous Transfer Mode (ATM) and Frame Relay (FR)
technologies, telecom carriers began to provide point-to-point layer-2 connections over
virtual circuits to business customers. Based on these connections, the customers can
build their own layer-3 networks to bear IP and other types of data streams. Compared
with leased lines, virtual circuits feature in shorter service time, lower price, and the ability
to share the network structure of telecom carriers among different dedicated networks.
This typical dedicated network mode is still imperfect:
l

l
l

It depends on a dedicated medium (such as ATM or FR). To provide an ATM-based


(or FR-based) Virtual Private Network (VPN), a telecom carrier needs to build an ATM
(or FR) network covering services of all aspects. This is a great waste in network
construction.
It provides a slow rate that cannot reach the rate currently realized in the Internet.
Deploying such a dedicated network is very complicated, especially when a new site
is added to the network, which requires changing the configuration of all the edge
nodes accessing the new site.

Introduction of VPN
Although traditional dedicated networks have brought more benefits to businesses, they
still cannot satisfy the requirements of businesses for network flexibility, security, economy,

1-1
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

and scalability. A new alternative is urgently demanded, which can simulate a traditional
dedicated network over the existing IP network. This new solution is called VPN.
Depending on Internet Service Providers (ISPs) and Network Service Providers (NSPs),
VPN can build a virtually dedicated communication network over public networks.

VPN Features
VPN has two basic features:
l

Private: For a VPN subscriber, using VPN is not different from using a traditional
dedicated network. On one hand, VPN and the bottom-layer bearer network have
separate resources. That is, the resources of a VPN generally are not used by other
VPNs or non-VPN users. On the other hand, VPN provides sufficient security to
ensure that the internal information of VPN will not be affected by the outside.
Virtual: The internal communications of VPN users are implemented through a public
network, which is shared by non-VPN users at the same time. That is, VPN users are
using a logically dedicated network. The public network is called VPN Backbone.

Due to the private and virtual features of VPN, the current IP network can be divided into
many logically separate networks. The logically separate networks can be used in a variety
of scenarios: They can be used to solve the interconnections within an enterprise, within
a government sector, or among different government sectors. They can also be used
to provide new services. For example, create a VPN particularly for the IP telephony
service, so as to solve the problem of IP address shortage, guarantee QoS, and launch
new services.
VPN, especially Multi-protocol Label Switching (MPLS) VPN, is increasingly valued by
carriers in solving enterprise interconnection problems and providing various new services.
VPN is becoming an important means of providing value-added services in the IP network.

VPN Advantages
Compared with traditional dedicated data networks, VPN has the following advantages
from the perspective of customers:
l

l
l
l

Safe: VPN establishes reliable connections between a company's headquarter and


remote users, overseas institutions, partners, or suppliers, and ensures the security of
data transmission. This is very important for realizing the convergence of e-commerce
or financial networks and communication networks.
Cheap: By using public networks, enterprises can connect remote offices, institutions,
employees, and business partners at a lower cost.
Supporting mobile services: VPN users can get access to the VPN at any time, any
place, which can fully satisfy the growing demand for mobile services.
QoS assurance: VPN (such as MPLS VPN) can provide QoS assurance at different
levels for VPN users.

From the perspective of carriers, VPN has the following advantages:


l

Operable: VPN can improve the usage ratio of network resources and increase the
profits of ISPs.
1-2

SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 1 VPN Overview

l
l

Flexible: VPN users can be added or deleted through software configuration, without
any change of hardware. Therefore, VPN is very flexible in practice.
Multi-service: While providing the VPN interconnection service, SPs can also operate multiple services including network outsourcing, service outsourcing, and customer-oriented professional services.

For its special features, VPN is gaining the favor of more and more enterprises. It allows the
enterprise to care less about network operation and maintenance and be more committed
to achieving business goals. In addition, a carrier can manage and operate only one
network and provide various services on this network, such as Best-effort IP service, VPN,
traffic engineering, and Differentiated Services (Diffserv). As a result, the carrier invests
less in building, operating and maintaining the network.
While ensuring the security, reliability, and manageability of the network, VPN provides
greater scalability and flexibility. As long as the Internet is accessible, VPN can be
deployed anywhere in the world.

1-3
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

This page intentionally left blank.

1-4
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2

MPLS L2VPN Configuration


Table of Contents
MPLS L2VPN Overview .............................................................................................2-1
VPLS Basic Function Configuration............................................................................2-4
VPLS-MAC Filtering Configuration ...........................................................................2-21
VPWS Basic Function Configuration ........................................................................2-26
VPWS Heterogeneous Function Configuration .........................................................2-40
MC-ELAM Configuration...........................................................................................2-45
CES Service Configuration .......................................................................................2-55
L2VPN and L3VPN Bridge Function Configuration ...................................................2-59
L2VPN FRR Configuration .......................................................................................2-69
MSPW Configuration................................................................................................2-79
Configuring VPLS Crossing Several Domains (Option C) .........................................2-91
Configuring VLSS.....................................................................................................2-98
Port Protection Group Configuration .......................................................................2-100
DNI-PW Protection Group Configuration ................................................................2-105
PW List Configuration.............................................................................................2-124
Independent PW and Independent PW Protection Group Configuration .................2-129
Diagnosing PWE3 ..................................................................................................2-133

2.1 MPLS L2VPN Overview


MPLS L2 VPN Overview
In the past, enterprise Virtual Private Network (VPN) network usually rent a data link
(Frame Relay (FR) or Asynchronous Transfer Mode (ATM)) to form L2 VPN. Internet
Service Provider (ISP) only need to ensure the connectivity in data link layer, while user
can control the route and select L3 protocol flexibility. Moreover, the security of user VPN
is relatively superior under such a condition. However, for an ISP, the conventional Internet
traffic is completely separated from VPN traffic in FR or ATM network. Additional, there
is a problem of full-mesh connection in conventional L2 VPN. Therefore, this traditional
superposition L2 VPN brings heavy load to network maintenance and management.
People generally think that Multi Protocol Label Switching (MPLS) network is the
development direction of the next generation core network. The obvious advantage of
MPLS network is that it supports VPN service well. Using network of MPLS technology to
provide L2 VPN, ISP only needs to maintain and manage the single network infrastructure,
but it can provide both of L2 and L3 VPN services and various flexible Internet Protocol
(IP) services. The configuration of VPN service is more automatic.
2-1
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Types of MPLS L2 VPN


There are several types of L2 VPN services,
l

Virtual Private Wire Service (VPWS)


The communication between every two sites in VPN is realized by point to point
connection. VPWS is mainly used by ATM and FR users. The connection between
user and network provider is not changed but the service is encrypted and transmitted
over IP backbone network.

Virtual Private LAN Service (VPLS)


To connect all the user LANs and provide L2 switch service, it emulates operator
network to a LAN switch or bridge. The difference between VPLS and VPWS is that
VPWS provides point to point service only while VPLS provides point to multi-points
services. That is, Customer Edge (CE) device on VPWS selects a virtual wire to
send data to a user site, while CE device on VPLS sends all data to be sent to the
destination to the connected Provider Edge (PE) device only.

MSPW
Multi-Segmented PW (MSPW): Usually, it is also called Multi-Hop Pseudo Wire (PW).
MSPW means that a PW consists of multiple segmented PWs. It is used to accomplish
a cross-domain PW.

VLSS
VLSS (Virtual Local Switch Service): It provides a connection between local CEs.

The VPWS and VPLS services are most commonly used, which are described as follows.

VPWS Working Flow


VPWS: It is used to establish a special link and provide layer 2 transparent transmission
service on the basic of the MPLS network. It belongs to point-to-point L2 VPN service.
The principle is shown in Figure 2-1.
Figure 2-1 VPWS Working Principle

VPWS working mode: point-to-point.


2-2
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

The establishment procedure of a VPWS VC is described below.


1. LSP establishment: A Label Switch Path (LSP) is established through MPLS network.
2. VC allocation: Local PE configures a VCID, allocates a VC label and interacts with the
remote PE.
3. PW establishment: Two PEs interact for negotiation through mapping messages to
establish a PW.

VPLS Working Flow


VPLS: VPLS is to provide Ethernet emulation services on MPLS network. It connects
several Local Area Networks (LANs) / Virtual Local Area Networks (VLANs) together. It
belongs to multipoint-to-multipoint L2 VPN service. The principle is shown in Figure 2-2.
Figure 2-2 VPLS Working Principle

Users can realize LANs of their own through Metropolitan Area Network (MAN) or Wide
Area Network (WAN).

2-3
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

2.2 VPLS Basic Function Configuration


2.2.1 VPLS Overview
VPLS Introduction
In the MPLS network, the Virtual Private LAN Service (VPLS) provides the emulation
service of the Ethernet, and connect multiple Virtual Local Area Networks (VLAN) or LANs
together. It belongs to a multipoint-to-multipoint L2VPN service.
There are some VPLS terms,
l

Access Circuit (AC)


It is a link between user and service provider, that is to say, the connection between
CE and PE.

PW
It is a bidirectional virtual connection between Virtual Switch Interfaces (VSIs) on a
pair of PE devices. It is composed of a pair of unidirectional MPLS Virtual Circuit (VC)
with opposite direction. It is also called emulation circuit.

TAG
TAG is added by service provider to distinguish users. It is called Service Delimiting
(SDT), also called PTAG.

VPLS Work Flow


VPLS working principle is shown in Figure 2-3.
Figure 2-3 VPLS Working Principle

VPLS working flow is described as follows:


1. VPLS establishes full connection of PW among the VPLS instances of PE1, PE2 and
PE3. All the VPLS instances belonging to a VPLS domain use the same VCID.
Here, PE1 allocates VC tags 102 and 103 to PE2 and PE3 respectively. PE2 allocates
VC tags 201 203 to PE1 and PE3. PE3 allocates VC tags 301 and 302 to PE1 and
PE2.
2-4
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

2. Assume that a host connecting to CE1 sends a Medium Access Control (MAC) frame
containing source MAC address X and destination MAC address Y through PE1. If
PE1 does not know the destination PE, it encapsulates a tag 201 to the MAC frame
and then sends the MAC frame to PE2, and it encapsulates a tag 301 to the MAC
frame and then sends the MAC frame to PE3.
3. After PE2 receiving the MAC frame, it judges that the host connecting to PE1 according
to the tag 201, thus it can learn the MAC address X and bind the X to tag 102 (allocated
by PE1).

VPLS Features
There are two modes for PW emulating Ethernet, Raw and Tagged modes.
l

In Raw mode, the type of PW is Ethernet. The packets are transmitted in PW without
PTAG. PTAG will be removed if an AC packet containing PTAG is transmitted in PW.
The information of VLAN tag will not be changed in PW transmission if the AC packet
is transmitted without PTAG.
In Tag mode, the type of PW is Ethernet-VLAN. The packets are transmitted in PW
with PTAG. PTAG will be kept with the AC packet to transmit to the peer PE if the AC
packet contains PTAG. A PTAG or a special PTAG-Vlan 0tag is encapsulated into the
AC packet if the AC packet is transmitted in PW without PTAG.

Caution!
In both of RAW and Tag modes, the user VLAN tags locating at frame headers are
transmitted transparently without any changing.

There are two modes for MAC address learning, qualified and unqualified modes.
l

Qualified mode
PE learns MAC address according to the MAC address and VLAN tag containing in
user Ethernet packet. In qualified mode, every user VLAN has its own broadcast
domain and independent MAC address space.

Unqualified mode
PE learns MAC address according to the MAC address containing in user Ethernet
packet. In unqualified mode, all user VLANs share a broadcast domain and a MAC
address space. The MAC address of user VLAN has to be unique. The MAC
addresses cannot be repeated.

PW has two transmission modes, Spoke and Hub modes. To solve the full-connection
broadcast loop and realize the hierarchical accessing, people define PW transmission
attributes Spoke and Hub modes and AC Server/Client mode. In VPLS working
mechanism, PE router broadcasts (flooding) broadcast, multicast and unknow frames to
other network members. The broadcast rules of different modes are described as follows:
2-5
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

l
l
l
l

Broadcast the broadcast packets received from a Spoke mode PW to all ACs (Client
and Server), Hub mode PWs and other Spoke mode PWs.
Broadcast the broadcast packets received from a Server (Server-AC) to other ACs
(Client and Server), all Spoke mode PWs and Hub mode PWs.
Broadcast the broadcast packets received from a Hub mode PW to all Server-ACs
and Spoke mode PWs, but not broadcast to other Hub mode PWs and all Client-ACs.
Broadcast the broadcast packets received from a Client (Client-AC) to all Server-ACs
and Spoke mode PWs, but not broadcast to Hub mode PWs and other Client-ACs.

2.2.2 Configuring VPLS


On the MPLS network, the VPLS provides the emulation service of the Ethernet, and is a
multipoint-to-multipoint L2VPN service.
This procedure describes how to configure the basic functions of the VPLS.

Steps
1. Enable L2VPN.
Command

Function

ZXR10(config)#mpls l2vpn enable

Enables L2VPN.

2. Create a PW interface and configure a tunnel policy.


Step

Command

Function

ZXR10(config)#pw pw <1-115968>

Creates a pw interface in
global configuration mode.

ZXR10(config)#tunnel-policy <tunnel-policy-name>

Configures a tunnel policy.


Required if PW packets
are transmitted through an
external tunnel.

<tunnel-policy-name>: Tunnel policy name that ranges from 1 to 63 characters.


3. Configure a VPLS instance and bind it to an AC interface and a PW instance.
Step

Command

Function

ZXR10(config)#vpls <vpls-name><multi-mac-spaces>

Creates a VPLS instance.

2-6
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Step

Command

Function

ZXR10(config-vpls-vpls-name)#access-point

Specifies an interface to be

<ac-interface>[split-horizon]

bound as an access link and


enter sac configuration mode.
l

Without split-horizon:
The AC interface
operates in server mode.

With split-horizon: The


AC interface operates in
client mode.

ZXR10(config-vpls-vpls-name-ac-ac-interface)#a

Sets the AC type to Ethernet.

ccess-params ethernet
4

ZXR10(config-vpls-vpls-name)#pseudo-wire

Binds a PW instance to the

pw<1-115968>[spoke]

VPLS instance.

ZXR10(config-vpls-vpls-name-pw-pw-number)#neigh

Configures the PW instance.

bour <A.B.C.D>[vcid <1-4294967295>]

<vpls-name>: VPLS instance name that ranges from 1 to 32 characters.


<multi-mac-spaces>: The VPLS type is qualified.
In step 4, the command without the spoke parameter means that the PW instance
operates in hub mode and enters PW configuration mode. The command with the
spoke parameter means that the PW instance operates in spoke mode and enters
spoke-pw configuration mode.
<vcid>: The VCID used by the PW, in the range of 1-4294967295. If this parameter
is not configured, it is necessary to configure the default VCID in VPLS configuration
mode in advance.
<A.B.C.D>: Remote Label Switch Router (LSR) ID.
4. (Optional) Configure VPLS instance attributes.
Step

Command

Function

ZXR10(config-vpls-vpls-name)#default-vcid <vcid>

Configures the default VCID


of VPLS service.

Enters MAC-VFI configuration

ZXR10(config-vpls-vpls-name)#mac

mode.
3

Enables mac-withdraw

ZXR10(config-vpls-vpls-name)#mac-withdraw

function.
4

ZXR10(config-vpls-vpls-name)#description <string>

Describes the VPLS instance.

ZXR10(config-vpls-vpls-name)#mtu <mtu>

Sets the Maximum


Transmission Unit (MTU)
of the instance.

2-7
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Step

Command

Function

ZXR10(config-vpls-vpls-name)#traffic-statistics

Enables or disables traffic

{enable|disable}

statistics for the instance.

ZXR10(config-vpls-vpls-name)#traffic-statistics

Sets the alarm threshold for

threshold broadcast input-rate [bps <number> | pps

the broadcast traffic rate.

<number>]
8

ZXR10(config-vpls-vpls-name)#traffic-statistics

Sets the alarm threshold for

threshold drop input-rate [bps <number> | pps <number>]

the discarded message traffic


rate.

ZXR10(config-vpls-vpls-name)#traffic-statistics

Sets the alarm threshold for

threshold unknown-unicast input-rate [bps <number> |

the unknown unicast traffic

pps <number>]

rate.

5. (Optional) Configure the attributes of the AC interface for the VPLS instance.
Step

Command

Function

ZXR10(config-vpls-vpls-name)#access-point

Specifies the AC interface

<ac-interface>[split-horizon]

and enters AC interface


configuration mode.

ZXR10(config-vpls-vpls-name-ac-ac-interface)#a

Sets the AC type to Ethernet.

ccess-params ethernet
3

ZXR10(config-vpls-vpls-name-ac-ac-interface-

Configures VLAN translation

eth)#ingress-adjust rewrite <1-4094>

(modifies the VLAN).

ZXR10(config-vpls-vpls-name-ac-ac-interface-

Configures VLAN translation

eth)#ingress-adjust push {<1-4094>}

(adds a VLAN).

ZXR10(config-vpls-vpls-name-ac-ac-interface-

Configures ingress

eth)#ingress-adjust tag-as-payload {all | from-sublayer}

preprocessing, which means


to treat some or all tags of
AC uplink service traffic as
payloads.

ZXR10(config-vpls-vpls-name-ac-ac-interface-

Sets the fault delivery function

eth)#oam-mapping {enable|disable}

between the AC and PW.

ZXR10(config-vpls-vpls-name-ac-ac-interface-

Enables or disables traffic

eth)#traffic-statistics{enable|disable}

statistics for the AC.

6. (Optional) Configure the attributes of the PW instance for the VPLS instance.
Step

Command

Function

ZXR10(config-vpls-vpls-name-pw-pw-number-

Sets a PW to use the control

neighbour)#control-word preferred

word or not.

2-8
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Step

Command

Function

ZXR10(config-vpls-vpls-name-pw-pw-number-

Sets a PW to support VCCV.

neighbour)#vccv bfd capability {basic|status}

encapsulation {ip|raw} [compatible cc {alert-label|cw|ttl}]


3

ZXR10(config-vpls-vpls-name-pw-pw-number-

Modifies the outer tunnel

neighbour)#tunnel-policy <tunnel-policy-name>

policy of a PW.

ZXR10(config-vpls-vpls-name-pw-pw-number-

Sets the establishment mode

neighbour)#signal {dynamic | static local-label

of a PW to signal triggering.

<16-1048575> remote-label <16-1048575>}


5

ZXR10(config-vpls-vpls-name-pw-pw-number-

Sets the encapsulation mode

neighbour)#encapsulation {tagged | raw}

of a PW.

ZXR10(config-vpls-vpls-name-pw-pw-number-

Sets the PW track function.

neighbour)#track <track-name>

A track can be bound to BFD,


CFM, and EFM. After a PW is
bound to a track, together with
the SAMGR, the PW track can
perform linkage detection.

ZXR10(config-vpls-vpls-name-pw-pw-number-

Enables or disables traffic

neighbour)#traffic-statistics{enable|disable}

statistics for the PW.

bfd: Sets CV type to PW-BFD.


dynamic: Sets PW type to dynamic.
static: Sets PW type to static.
<16-1048575>: Specifies the range of the PW tag.
tagged: Sets the PW encapsulation mode to tagged.
raw: Sets the PW encapsulation mode to raw.
7. (Optional) Configure PW redundancy for the VPLS instance.
Step

Command

Function

ZXR10(config-vpls-vpls-name)#pseudo-wire

Binds the PW to the service.

pw<1-115968>[spoke]
2

ZXR10(config-vpls-vpls-name-spoke-pw-pw-

Binds a PW redundancy

number)#redundency-manager

management group to the


current spoke-pw and enters
PW redundancy management
group mode.
Redundancy groups can be
configured in a spoke OW and
hub PW of VPLS.

2-9
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Step

Command

Function

ZXR10(config-vpls-vpls-name-spoke-pw-pw-

Configures the PW protection

number-rm)#protect-type {1+1 | 1:1}{bidirectional |

type.

unidirectional}[receiving {selective | both}] protect-strategy


{aps}
4

ZXR10(config-vpls-vpls-name-spoke-pw-pw-

Configures the PW negotiation

number-rm)#pfs-bits negotiate {independent | master |

mode.

slave}
5

ZXR10(config-vpls-vpls-name)#backup-pw

Configures the bounding

<pw-number> protect <pw-number>

relation between the active


and standby PWs.

ZXR10(config-vpls-vpls-name-spoke-pw-pw-

Configures the standby PW

number)#neighbour <A.B.C.D>[vcid <1-4294967295>]

instance.

independent: Sets the PW redundancy negotiation mode to independent.


master: Sets the PW redundancy negotiation mode to master.
slave: Sets the PW redundancy negotiation mode to slave.
1+1 | 1:1: Sets the PW protection type.
bidirectional | unidirectional: Sets the APS negotiation type (bidirectional:
bidirectional negotiation, unidirectional: unidirectional type).
selective | both: Sets whether to use selective receipt or double receipt for APS.
8. (Optional) Configure APS, which is required during PW switchover.
Step

Command

Function

ZXR10(config)#aps

Enters APS configuration mode.

ZXR10(config-aps)#linear-protect

Configures a linear APS instance.

ZXR10(config-aps-linear-protect)#p

Creates an APS PW protector and enters

w-protector pw<1-115968>

APS PW mode.

ZXR10(config-aps-linear-protect-pw-

Configures the reversion mode

number)#revertive-mode {non-revertive |

(non-revertive/revertive) of the protector,

{revertive wtr {default | <WTR-time>}}}

and the waiting time for the reversion

<WTR-time>: WTR time that ranges from 0 to 12 minutes.


9. (Optional) Configure VPLS Compella automatic discovery.
Step

Command

Function

ZXR10(config)#vpls <vpls-name><multi-mac-spaces>

Creates a VPLS instance.

ZXR10(config-vpls-vpls-name)#auto-discovery

Enters VPLS kompella

kompella

automatic discovery mode.


2-10

SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Step

Command

Function

ZXR10(config-vpls-vpls-name-kompella)#rd

Sets the route distinguisher

{<0-65535>:<0-4294967295> | A.B.C.D:<0-65535>}

for VPLS kompella automatic


discovery.

ZXR10(config-vpls-vpls-name-kompella)#route-tar

Sets the RT for VPLS

get [{both | export | import}] {<0-65535>:<0-4294967295> |

kompella automatic discovery.

A.B.C.D:<0-65535>}
5

ZXR10(config-vpls-vpls-name-kompella)#ve-id

Sets the VEID for VPLS

<0-65534>

kompella automatic discovery.

6 (

ZXR10(config-vpls-vpls-name-kompella)#ve-set

Sets the discrete mode for

Op-

discrete

VPLS kompella automatic

tion-

discovery.

al)

This command and the ve-set


max-ve-id command cannot
be used at the same time.

7 (

ZXR10(config-vpls-vpls-name-kompella)#ve-set

Sets the maximum VEID for

Op-

max-ve-id <1-79>

VPLS kompella automatic

tion-

discovery.

al)

This command and the ve-set


discrete command cannot be
used at the same time.

{<0-65535>:<0-4294967295> | A.B.C.D:<0-65535>}: RD ID. There are two types of RD


IDs
[{both | export | import}]
l both: imports routes to a VRF instance based on the route-target extended
community attribute and exports VRF routes with the route-target extended
community attribute.
l export: exports VRF routes with the route-target extended community attribute.
l import: imports routes to a VRF instance based on the route-target extended
community attribute.
<0-65534>: range of the VEID.
<1-79>: range of the maximum VEID.
10. Verify the configurations.
Command

Function

ZXR10#show l2vpn brief

Shows the list of LSVPN service


instances and the binding number of
instance AC and PW.
Shows the number of L2VPN instances.

ZXR10#show l2vpn summary

2-11
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Command

Function

ZXR10#show l2vpn forwardinfo [vpnname

Shows the valid PW list according to the

<vpn-name>| peer <A.B.C.D>][detail]

instance name or peer ID.

ZXR10#show pwe3 signal fec128[[peer

Queries signaling status of the PW of

<ip-address>][vcid <vcid>][pw-type <pw-

FEC128 type.

type>]|local-label <value>|remote-label
<value>|service-type {vpls|vpws|mspw}[id
<value>|name <instance-name>]|used-only|unuse-only
[no-remote|no-config]]
ZXR10#show pwe3 signal fec128 detail[[peer

Queries detailed information of the PW

<ip-address>][vcid <vcid>][pw-type <pw-

of FEC128 type.

type>]|local-label <value>|remote-label
<value>|service-type {vpls|vpws|mspw}[id
<value>|name <instance-name>]|used-only|unuse-only
[no-remote|no-config]] detail
ZXR10#show pwe3 signal fec129 [{used-only | unuse-only

Queries signaling status of the PW of

[{no-remote | no-config}] | local-label <local-label>|

FEC129 type.

remote-label <remote-label>| id <instance-id> | name


<instance-name> | pw-name auto_pw<number>}]
ZXR10#show pwe3 signal fec129 detail [{used-only

Queries detailed information of the PW

| unuse-only [{no-remote | no-config}] | local-label

of FEC128 type.

<local-label>| remote-label <remote-label>| id


<instance-id> | name <instance-name> | pw-name
auto_pw<number>}]
Shows the static information of PW

ZXR10#show pwe3 signal statistic

signalling states.
ZXR10#show l2vpn protectgroup [<pw-name>]

Shows the information of all the PW


protection groups.

ZXR10#show l2vpn forwardinfo kompella {[

Shows L2VPN kompella PW forwarding

vpnname <instance-name>[ve-id <0-65534>]]|[ve-id

information.

<0-65534>]}[detail]

End of Steps

2.2.3 VPLS Un-qualified Configuration Instance


Configuration Description
The network topology of an L2VPN VPLS un-qualified configuration instance is shown in
Figure 2-4.

2-12
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Figure 2-4 Network Structure of L2VPN VPLS Un-Qualified Configuration

Configuration Flow
1. Configure information on the interfaces of PE1 and PE2 connected to CEs. If the
sub-interfaces are used as ACs, it is necessary to configure VLAN/QinQ encapsulation
on the sub-interfaces.
2. Configure information on the interconnected interfaces between PE1 and PE2 to make
PE1 interconnect to PE2.
3. Configure loopback interfaces on PE1 and PE2 and use them as LDP router-IDs.
4. Configure routing information to advertise the loopback interface addresses. Make
sure that the next hop/egress of the routes are the LDP public network interfaces in
the next step.
5. Configure an LDP instance. Enable MPLS LDP function on the interconnected
interfaces between PE1 and PE2. Use the interfaces as LDP public network
interfaces. PE1 and PE2 are directly connected, so it is unnecessary to establish a
target-session.
6. Configure a VPLS instance. Make sure that the VPLS neighbors are consistent with
LDP neighbors.

Configuration Command
Configuration on PE1:
Configure addresses on the direct-connected interface between PEs, loopback interface,
and AC sub-interface.
PE1(config)#interface gei-0/1/0/2
PE1(config-if-gei-0/1/0/2)#no shutdown
PE1(config-if-gei-0/1/0/2)#ip address 100.10.1.1 255.255.255.0
PE1(config-if-gei-0/1/0/2)#no shutdown
PE1(config-if-gei-0/1/0/2)#exit
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 1.1.1.1 255.255.255.255

PE1(config-if-loopback1)#exit
PE1(config)#interface gei-0/1/0/1.1
PE1(config-gei-0/1/0/1.1)#exit
PE1(config)#vlan-configuration
PE1(config-vlan)#interface gei-0/1/0/1.1
PE1(config-vlan-if-gei-0/1/0/1.1)#encapsulation-dot1q 100
PE1(config-vlan-if-gei-0/1/0/1.1)#exit
PE1(config-vlan)#exit

2-13
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Configure the routing protocol:


PE1(config)#router ospf 1
PE1(config-ospf-1)#router-id 1.1.1.1
PE1(config-ospf-1)#network 1.1.1.1 0.0.0.0 area 0.0.0.0
PE1(config-ospf-1)#network 100.10.1.0 0.0.0.255 area 0.0.0.0
PE1(config-ospf-1)#exit

Configure LDP:
PE1(config)#mpls ldp instance 1
PE1(config-ldp-1)#router-id loopback1
PE1(config-ldp-1)#interface gei-0/1/0/2
PE1(config-ldp-1-if-gei-0/1/0/2)#exit
PE1(config-ldp-1)#exit

Configure L2VPN VPLS:


PE1(config)#mpls l2vpn enable
PE1(config)#pw pw1
PE1(config)#vpls zte1
PE1(config-vpls-zte1)#pseudo-wire pw1
PE1(config-vpls-zte1-pw-pw1)#neighbour 1.1.1.2 vcid 10
/*Configure peerip and vcid (pw-type default mode: raw)*/
PE1(config-vpls-zte1-pw-pw1-neighbour-1.1.1.2)#exit
PE1(config-vpls-zte1-pw-pw1)#exit
PE1(config-vpls-zte1)#access-point gei-0/1/0/1.1

/*Configures the AC interface*/

PE1(config-vpls-zte1-ac-gei-0/1/0/1.1)#access-params ethernet
/*This command is required, otherwise the AC interface is invalid.*/
PE1(config-vpls-zte1-ac-gei-0/1/0/1.1-eth)#end

Configuration on PE2:
Configure addresses on the direct-connected interface between PEs, loopback interface,
and AC sub-interface.
PE2(config)#interface gei-0/1/0/2
PE2(config-if-gei-0/1/0/2)#ip address 100.10.1.2 255.255.255.0
PE2(config-if-gei-0/1/0/2)#no shutdown
PE2(config-if-gei-0/1/0/2)#exit
PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 1.1.1.2 255.255.255.255

PE2(config-if-loopback1)#exit
PE2(config)#interface gei-0/1/0/1.1
PE2(config-gei-0/1/0/1.1)#exit
PE2(config)#vlan-configuration
PE2(config-vlan)#interface gei-0/1/0/1.1
PE2(config-vlan-if-gei-0/1/0/1.1)#encapsulation-dot1q 100
PE2(config-vlan-if-gei-0/1/0/1.1)#exit

2-14
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


PE2(config-vlan)#exit

Configure routing protocol:


PE2(config)#router ospf 1
PE2(config-ospf-1)#router-id 1.1.1.2
PE2(config-ospf-1)#network 1.1.1.2 0.0.0.0 area 0.0.0.0
PE2(config-ospf-1)#network 100.10.1.0 0.0.0.255 area 0.0.0.0
PE2(config-ospf-1)#exit

Configure LDP:
PE2(config)#mpls ldp instance 1
PE2(config-ldp-1)#router-id loopback1
PE2(config-ldp-1)#interface gei-0/1/0/2
PE2(config-ldp-1-if-gei-0/1/0/2)#exit
PE2(config-ldp-1)#exit

Configure L2VPN VPLS:


PE2(config)#mpls l2vpn enable
PE2(config)#pw pw1
PE2(config)#vpls zte1
PE2(config-vpls-zte1)# pseudo-wire pw1
PE2(config-vpls-zte1-pw-pw1)#neighbour 1.1.1.1 vcid 10
PE2(config-vpls-zte1-pw-pw1-neighbour-1.1.1.1)#exit
PE2(config-vpls-zte1-pw-pw1)#exit
PE2(config-vpls-zte1)#access-point gei-0/1/0/1.1
PE2(config-vpls-zte1-ac-gei-0/1/0/1.1)#access-params ethernet
PE2(config-vpls-zte1-ac-gei-0/1/0/1.1-eth)#end

Configuration Verification
Check the configuration results. Take PE1 as an example. The procedure to check the
configurations on PE2 is the same as that to check the configurations on PE1.
1. Run the show running-config ospf command to check whether the route configuration
is correct, and run the show ip forwarding route command to view the configuration
result, as shown in the following:
PE1#show running-config ospfv2
! <OSPF>
router ospf 1
network 1.1.1.1 0.0.0.0 area 0.0.0.0
/*Advertise the address that will be used as the address of a PW neighbor in VPLS.
When configuring LDP, make sure that this address is used as the LDP router-id,
and use this address to establish an LDP session.*/
network 100.10.1.0 0.0.0.255 area 0.0.0.0
/*Advertise the address on the interface directly connected to the peer PE.
Use this address to establish a connection with the OSPF neighbor.*/
router-id 1.1.1.1

2-15
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


!
! /<OSPF>

PE1#show ip forwarding route 1.1.1.2


IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
Status codes: *valid, >best
Dest
*> 1.1.1.2/32

Gw

Interface

Owner

100.10.1.2

gei-0/1/0/2

OSPF

Pri Metric
110 2

After the route configuration, the route to the router-id of the VPLS PW neighbor and
also the LDP peer is generated. The local egress interface is gei-0/1/0/2, and the next
hop address is 100.10.1.2.
2. Run the show running-config ldp command to check whether the LDP configuration
is correct, and run the show mpls ldp neighbor instance command to check the
configuration result of LDP neighbor establishment, as shown in the following:
PE1#show running-config ldp
! <LDP>
mpls ldp instance 1
router-id loopback1
interface gei-0/1/0/2
/*The egress interface of the route to the LDP neighbor (see step 1) must be
enabled under the mpls ldp.*/
$
! </LDP>

PE1#show mpls ldp neighbor instance 1


Peer LDP Ident: 100.10.1.2:0; Local LDP Ident: 100.10.1.1:0
/*Peer LDP Ident<>Local LDP Ident: potential peer LDP 100.10.1.2:0 identified,
trying to establish a LDP session with the peer LDP*/
TCP connection: 100.10.1.2.2278 - 100.10.1.1.646
/*A TCP connection to the potential peer LDP is established. The link transmission
address is not configured, so the default router-id address is used.*/
State: Oper; Msgs sent/rcvd: 80/72; Downstream
/*A TCP connection to the potential peer LDP is established. The negotiation with
the peer LDP on the TCP connection is successful. A LDP session Up with the peer
LDP is established. "State: Oper" means that the LDP session is established.*/
Up Time: 00:54:04
LDP discovery sources:
gei-0/1/0/2; Src IP addr: 100.10.1.2

2-16
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


/*LDP discovery messages are sent through the gei-0/1/0/2 interface which maintains
the session between 100.10.1.2:0 and

100.10.1.1:0. If the interface is closed,

the session is closed.*/


Addresses bound to peer LDP Ident:
100.10.1.2

100.10.1.2

/*An LSP public network interface address can

be bound to the peer LDP.*/

Note:
To establish a VPLS PW, it is necessary to check wether the LDP session to the
specified neighbor exists. This the session does not exist, signalling to establish PW
will not be sent, and the PW cannot be established.

3. Run the show mpls ldp bindings command on PE2 to check whether LDP distributes
the local label of public network for the PW neighbor. After the label is mapped to PE1,
check whether it is marked inuse as a remote label.
PE2#show mpls ldp bindings 1.1.1.2 32 detail instance 1
1.1.1.2/32
local binding:

label: imp-null

advertised to:
1.1.1.1:0
remote binding: lsr: 1.1.1.1:0, label: 16484

PE1#show mpls ldp bindings 1.1.1.2 32 detail instance 1


1.1.1.2/32
local binding:

label: 16484

advertised to:
1.1.1.2:0
remote binding: lsr: 1.1.1.2:0, label: imp-null(inuse)

PE2 distributes an explicit null label {3} for the local loopback address 1.1.1.2. PE1
learns the label 3 distributed for 1.1.1.2 by PE2. The label is marked inuse.
4. Run the show mpls forwarding command to check whether the label distributed to
the PW neighbor is written to the label forwarding table, and run the ping mpls ipv4
command to check whether the public network tunnel to the specified PW neighbor is
established successfully.
PE1#show mpls forwarding-table
Local

Outgoing

Prefix or

Outgoing

label

label

Tunnel Id

interface

16484

Poptag

1.1.1.2/32

gei-0/1/0/2

Next Hop

100.10.1.2

M/S

2-17
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE1#ping mpls ipv4 1.1.1.2 32
sending 5,120-byte MPLS echo(es) to 1.1.1.2,timeout is 2 second(s).
Codes: '!' - success,

'Q' - request not sent,

'.' - timeout, 'L' - labeled output interface,


'B' - unlabeled output interface,
'D' - DS Map mismatch,

'F' - no FEC mapping,

'M' - malformed request,

'm' - unsupported tlvs,

'P' - no rx intf label prot,


'R' - transit router,

'f' - FEC mismatch,


'N' - no rx label,

'p' - premature termination of LSP,

'I' - unknown upstream index,

'X' - unknown return code, 'x' - return code 0, 'd' - DDMAP


!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 4/4/5 ms.

5. Run the show pwe3 signal command to check whether the local device can send
signalling to establish a PW. In normal situations, if the LDP session to the specified
PW neighbor exists in the results of Step 2, PWE3 signalling can be sent.
PE1(config)#show pwe3 signal fec128 detail pw-name pw1
The detailed signal information of dynamic fec128 PWs or PW-segments:

Some signal information are referred to as follows :


NON

- the LDP session is absent,

UP

- the LDP session is OPERATIONAL,

GR1

- the LDP session is reconnecting,

GR2

- the LDP session's remote mappings are recovering,

DOWN - not UP(or NON,or GR1,or GR2).

PW entity

: < 1.1.1.2 , 10 , Ethernet >

LSPs formed

: YES

C-bits

: local

MTU

: local

negotiated

negotiated

: NO

, remote

: NO

, remote

: 1500

: NO
: 1500
: 1500

labels

: local

: 81920

, remote

: 81920

signal

: Configured

: YES

, Received

: YES

Negotiated

: YES

, Sent

: YES

AC ready

: YES

oam status

: local

redundancy

: local

remote

negotiated
application

: PSN rcv(0),snd(0); AC rcv(0),snd(0); Error(0)


: PSN rcv(0),snd(0); AC rcv(0),snd(0); Error(0)
: ??

, remote

: ACTIVE

: ??

: service-type : VPLS

, instance-id: 11

MAC-withdraw : received

: 0

, sent

: 0

local-VCCV

: CC-type

: AL|TTL

, CV-type

: LSP

remote-VCCV

: CC-type

: AL|TTL

, CV-type

: LSP

actual-VCCV

: CC-type

: AL

, CV-type

: LSP

2-18
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


LDP session

: The LDP session's state is UP.

attachment-circuit : ??
local-description

: zte1

remote-description : zte1

6. Run the show l2vpn forwardinfo comamnd to check whether the PW is established
successfully, and run the detail keyword to check the detailed information of the inner
and the outer labels for this PW.
PE1#show l2vpn forwardinfo vpnname zte1
Hearders: PWType - Pseudowire type and Pseudowire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - owner type and instance name
Codes:

H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW

PWName

PeerIP

FEC PWType

pw1

1.1.1.2

128 Ethernet

State Llabel
H UP

81920

Rlabel

VPNowner

81920

L:zte1

PE1#show l2vpn forwardinfo vpnname zte1 detail


Headers: ALLOK - Pseudo Wire Forwarding

Codes

PWNF

- Pseudo Wire Not Forwarding

AR

- Local AC (ingress) Receive Fault

AT

- Local AC (egress) Transmit Fault

PSNR

- Local PSN-facing PW (ingress) Receive Fault

PSNT

- Local PSN-facing PW (egress) Transmit Fault

PWFS

- Pseudo Wire Forwarding Standby

RS

- Request Switchover to this PW

PWSA

- Pseudo Wire Status All Fault

: -unknown, *yes, .no

-------------------------------------------------------------------------------

Service type and instance name:[VPLS

zte1]

Peer IP address

: 1.1.1.2

VCID

: 10

Connection mode

: HUB

VCID Extend

: 0

Signaling protocol

: LDP

VC type

: Ethernet
: 00:10:59

Last status change time : 00:03:31

Create time

MPLS VC local label

: 81920

Remote label : 81920

PW name

: pw1

Control Word : -

Activation status

: ENABLE

Band Width

Related interface name

: -

FRR type

: NULL

VC status

: UP

Remote status

: ALLOK

VCCV CC type

: ALERT_LABEL

VCCV CV type

: LSP

Tunnel label

: { 3 }

Output interface

: gei-0/1/0/2

: 0 kbps

2-19
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


Imposed label stack

: { 81920 3 }

7. Run the ping mpls pseudowire command to check whether the PW is established
correctly.
PE1#ping mpls pseudowire pw1
sending 5,120-byte MPLS echo(es) to pw1,timeout is 2 second(s).

Codes: '!' - success,

'Q' - request not sent,

'.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch,

'F' - no FEC mapping,

'M' - malformed request,

'm' - unsupported tlvs,

'P' - no rx intf label prot,


'R' -

transit router,

'f' - FEC mismatch,


'N' - no rx label,

'p' - premature termination of LSP

'I' - unknown upstream index,

'X' - unknown return code, 'x' - return code 0, 'd' - DDMAP

!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 5/5/6 ms

After the VPLS application, the two CE devices can ping each successfully.
CE1#ping 10.1.1.2
sending 5,100-byte ICMP echoes to 10.1.1.2,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.

CE2#ping 10.1.1.1
sending 5,100-byte ICMP echoes to 10.1.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.

2.2.4 VPLS Qualified Configuration Instance


The configuration flow and commands for configuring a VPLS qualified instance are similar
to those for configuring a VPLS un-qualified instance, but the instance configuration is
different.
Configuration on PE1:
PE1(config)#mpls l2vpn enable
PE1(config)#pw pw1
PE1(config)#vpls zte1 multi-mac-spaces
PE1(config-vpls-zte1)#pseudo-wire pw1
PE1(config-vpls-zte1-pw-pw1)#neighbour 1.1.1.2 vcid 10
/*Configure the IP address of a peer and a VCID. The PW type is tagged (default).*/
PE1(config-vpls-zte1-pw-pw1-neighbour-1.1.1.2)#exit
PE1(config-vpls-zte1-pw-pw1)#exit
PE1(config-vpls-zte1)#access-point gei-0/1/0/1.1

/*Configure an AC interface*/

PE1(config-vpls-zte1-ac-gei-0/1/0/1.1)#access-params ethernet
/*This command is required, otherwise the AC member is invalid.*/

2-20
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Configuration on PE2:
PE2(config)#mpls l2vpn enable
PE2(config)#pw pw1
PE2(config)#vpls zte1 multi-mac-spaces
PE2(config-vpls-zte1)#pseudo-wire pw1
PE2(config-vpls-zte1-pw-pw1)#neighbour 1.1.1.1 vcid 10
PE2(config-vpls-zte1-pw-pw1-neighbour-1.1.1.1)#exit
PE2(config-vpls-zte1-pw-pw1)#exit
PE2(config-vpls-zte1)#access-point gei-0/1/0/1.1
PE2(config-vpls-zte1-ac-gei-0/1/0/1.1)#access-params ethernet

The configuration verification procedure for a VPLS qualified instance is the same as that
for a VPLS un-qualified instance.

2.3 VPLS-MAC Filtering Configuration


2.3.1 VPLS-MAC Filtering Overview
VPLS MAC filtering function satisfies the requirements for VPLS network access security
and controllability. ZXR10 M6000-S filters the MAC addresses of VPLS packets according
to the filter rules defined by users, thus, it can restrict VPLS MAC learning and VPLS
forwarding.
VPLS MAC filtering uses global restriction in VPLS instance, that is to say, the rule is
applied in a specific VPLS instance.
1. When MAC filtering rule is applied in the VPLS instance, all MAC addresses of this
rule will be synchronized to forwarding table and set drop tag.
2. Bottom layer forwarding module searches forwarding table to find these MAC
addresses and drop according to the tag.
In this way, the route entries which contain the source and destination MAC addresses
defining by VPLS instance are filtered, thus to, the hosts to be filtered are shielded in
network.

2.3.2 Configuring VPLS MAC Filtering


This procedure describes how to configure the VPLS MAC filtering function.

Steps
1. Creates L2VPN VPLS service instance.

2-21
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Command

Function

ZXR10(config)#vpls <name>[multi-mac-spaces]

Creates L2VPN VPLS service


instance.
If this command is used without
[multi-mac-spaces], it uses unqualified
setting.

[multi-mac-spaces] means that the instance space can be divided into multiple MAC
address space based on the Tag information.
2.
Step

Command

Function

ZXR10(config-vpls-name)#mac

Enters MAC-VFI mode.

ZXR10(config-vpls-name-mac)#filter

Filters data frames according to

{source | destination | both} <mac-address>

MAC addresses in VPLS instance.

[to <mac-address-range-end>] [vlan <vlan-id>]

source: Filter data frames according to source MAC addresses.


both: Filter data frames according to the source or destination MAC addresses.
destination: Filter data frames according to the destination MAC address.
<mac-address-range-end>: End MAX address of the MAC range used for data filtering.
<vlan-id>: VLAN ID, in the range of 14094. In qualified mode, specify MAC address
to filter in the VLAN by using this parameter.
3. Verify the configurations.
Command

Function

ZXR10(config)#show mac vpls instance <vpls-name>

Shows the configured MAC address


entries in VPLS instance.

End of Steps

2.3.3 VPLS-MAC Filter Configuration Instance


Configuration Description
VPLS MAC filter satisfies the requirements for VPLS network access security and
controllability. It filters the source and destination MAC addresses of VPLS packets
according to user-defined filter rules, thus to filter VPLS MAC learning and forwarding.
The network structure is shown in Figure 2-5.

2-22
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Figure 2-5 VPLS-MAC Filter Configuration Instance

Configuration Flow
1. Establish VPLS connection between PE1 and PE2, configure VPLS instance.
2. Enter VPLS MAC configuration mode on PE, configure MAC filter rule.

Configuration Command
Configuration on PE1:
PE1(config)#mpls l2vpn enable
PE1(config)#pw pw1
PE1(config)#vpls vpls_a
PE1(config-vpls-vpls_a)#pseudo-wire pw1
PE1(config-vpls-vpls_a-pw-pw1)#neighbour 1.1.1.2 vcid 100
PE1(config-vpls-vpls_a-pw-pw1-neighbour-1.1.1.2)#exit
PE1(config-vpls-vpls_a-pw-pw1)#exit

PE1(config-vpls-vpls_a)#access-point gei-0/1/0/2
PE1(config-vpls-vpls_a-ac-gei-0/1/0/2)#access-params ethernet
PE1(config-vpls-vpls_a-ac-gei-0/1/0/2-eth)#exit
PE1(config-vpls-vpls_a-ac-gei-0/1/0/2)#exit
PE1(config-vpls-vpls_a)#exit

PE1(config)#interface loopback10
PE1(config-if-loopback10)#ip address 1.1.1.1 255.255.255.255
PE1(config-if-loopback10)#exit
PE1(config)#interface gei-0/1/0/1
PE1(config-if-gei-0/1/0/1)#no shutdown
PE1(config-if-gei-0/1/0/1)#ip address 2.2.2.1 255.255.255.0
PE1(config-if-gei-0/1/0/1)#exit

PE1(config)#router ospf 1
PE1(config-ospf-1)#network 1.1.1.1 0.0.0.0 area 0.0.0.0
PE1(config-ospf-1)#network 2.2.2.0 0.0.0.255 area 0.0.0.0
PE1(config-ospf-1)#router-id 1.1.1.1

2-23
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE1(config-ospf-1)#exit

PE1(config)#mpls ldp instance 1


PE1(config-ldp-1)#router-id loopback10
PE1(config-ldp-1)#interface gei-0/1/0/1
PE1(config-ldp-1-if-gei-0/1/0/1)#exit
PE1(config-ldp-1)#exit

Configuration on PE2:
PE2(config)#mpls l2vpn enable
PE2(config)#pw pw1
PE2(config)#vpls vpls_a
PE2(config-vpls-vpls_a)#pseudo-wire pw1
PE2(config-vpls-vpls_a-pw-pw1)#neighbour 1.1.1.1 vcid 100
PE2(config-vpls-vpls_a-pw-pw1-neighbour-1.1.1.1)#exit
PE2(config-vpls-vpls_a-pw-pw1)#exit

PE2(config-vpls-vpls_a)#access-point gei-0/3/0/3
PE2(config-vpls-vpls_a-ac-gei-0/1/0/2)#access-params ethernet
PE2(config-vpls-vpls_a-ac-gei-0/1/0/2-eth)#exit
PE2(config-vpls-vpls_a-ac-gei-0/1/0/2)#exit
PE2(config-vpls-vpls_a)#exit

PE2(config)#interface loopback10
PE2(config-if-loopback10)#ip address 1.1.1.2 255.255.255.255
PE2(config-if-loopback10)#exit
PE2(config)#interface gei-0/2/0/1
PE2(config-if-gei-0/2/0/1)#no shutdown
PE2(config-if-gei-0/2/0/1)#ip address 2.2.2.2 255.255.255.0
PE2(config-if-gei-0/2/0/1)#exit

PE2(config)#router ospf 1
PE2(config-ospf-1)#network 1.1.1.2 0.0.0.0 area 0.0.0.0
PE2(config-ospf-1)#network 2.2.2.0 0.0.0.255 area 0.0.0.0
PE2(config-ospf-1)#router-id 1.1.1.2
PE2(config-ospf-1)#exit

PE2(config)#mpls ldp instance 1


PE2(config-ldp-1)#router-id loopback10
PE2(config-ldp-1)#interface gei-0/2/0/1
PE2(config-ldp-1-if-gei-0/2/0/1)#exit
PE2(config-ldp-1)#exit

Configuration Verification
Check the configuration on PE1, as shown in the following:
2-24
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


Check the PW connection:
Headers: PWType - Pseudo Wire type and Pseudo Wire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - Owner type and instance name
Codes

: H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW, MO - MONITO R


$pw - auto_pw

PWName

PeerIP

FEC PWType

State Llabel

Rlabel

VPNowner

pw1

1.1.1.2

128 Ethernet

H UP

81920

L:vpls_a

Check the MAC filtering configuration:

81920

/*No MAC filtering policy is configured, so

no MAC address is displayed in the L2VPN MAC filtering section.*/


PE1(config)#show running-config l2vpn
!<pss-l2vpn>
mpls l2vpn enable
vpls vpls_a
access-point gei-0/1/0/2
access-params ethernet
pseudo-wire pw1
neighbour 1.1.1.2 vcid 100
$
$
$
!</pss-l2vpn>

CE1 and CE2 send streams whose source MAC addresses are 0000.0000.1111 and
0000.0000.2222 respectively. Check the MAC learning as follows:
PE1(config)#show mac vpls instance vpls_a
Total MAC Entries:

Headers: Src--Source filter, Dst--Destination filter


Age--Day:Hour:Min:Sec
MAC

VLAN Outgoing Information

0000.0000.1111 0

gei-0/1/0/2

Attribute Age
Dynamic

00:00:02:28

/*No local source MAC filter is configured. Dynamic learning is enabled.*/

0000.0000.2222 0

pw1

Dynamic

00:00:01:12

/*No remote source MAC filter is configured. Dynamic learning is enabled.*/

Configure an MAC filter on PE1 as follows:


PE1(config)#vpls vpls_a
PE1(config-vpls-vpls_a)#mac
PE1(config-vpls-vpls_a-mac)#filter source 0000.0000.1111
PE1(config-vpls-vpls_a-mac)#filter source 0000.0000.2222

2-25
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE1(config-vpls-vpls_a-mac)#exit
PE1(config-vpls-vpls_a)#exit

Check the filter configuration on PE1:


Check the MAC filtering configuration:
PE1(config)#show running-config l2vpn
!<pss-l2vpn>
mpls l2vpn enable
vpls vpls_a
access-point gei-0/1/0/2
access-params ethernet
pseudo-wire pw1
neighbour 1.1.1.2 vcid 100
$
$
mac
filter source 0000.0000.1111
filter source 0000.0000.2222
$
$
!</pss-l2vpn>

CE1 and CE2 sends streams whose source MAC addresses are 0000.0000.1111 and
0000.0000.2222 respectively. Check the MAC learning as follows:
PE1(config)#show mac vpls instance vpls_a
Total MAC Entries:

Headers: Src--Source filter, Dst--Destination filter


Age--Day:Hour:Min:Sec

MAC

VLAN Outgoing Information

Attribute

Age

-------------- ---- ---------------------------- -------------- ---------------0000.0000.1111 0

NULL

Filter(Src)

00:00:02:19

Filter(Src)

00:00:02:16

/*Local source MAC filter is configured.*/


0000.0000.2222 0

NULL

/*Remote source MAC filter is configured.*/

2.4 VPWS Basic Function Configuration


2.4.1 VPWS Overview
VPWS uses point-to-point connection mode to implement communication among each site
within VPN. This mode is usually used for ATM or FR clients. With this mode, connection
2-26
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

between clients and network providers maintain constant, but services encapsulated are
transmitted over IP backbone network of the network provider.
LSP tunnel through MPLS net should be defined between two PE routers, and it should
provide tunnel label transparently transmitting data between two PE routers. At the same
time, direct process of LDP label distribution protocol is also defined between two PE
routers to transmit virtual link information. Among them, distributing VC Label through
matching VCID is critical.
When data packet enters PE router at the port of Layer 2 transparent transmission, PE
router finds the corresponding Tunnel Label and VC Label through matching VCID. PE
router will put two layers labels on the data packet. External layer is Tunnel Label indicating
the route from this PE router to destination PE router. Internal layer is VC Label indicating
which corresponding router port of VCID belongs to on destination PE router.
PE router should monitor Layer 2 protocol state at each port, such as FR Local
Management Interface (LMI) and ATM Interim Local Management Interface (ILMI). When
a fault occurs, users can cancel VC Label through LDP label distribution protocol process
so that Layer 2 transparent transmission is shut off avoiding producing unidirectional
unwanted data stream.
Such Layer 2 transparent transmission based on MPLS changes traditional confinement
that Layer 2 link should be implemented through network switch. It essentially forms a
pattern of One Net Multi-Service pattern and makes the operator provide Layer 2 and Layer
3 Services simultaneously in a MPLS net.

2.4.2 Configuring VPWS


On the MPLS network, the VPWS uses point-to-point connection mode for communications
between sites within a VPN.
This procedure describes how to configure the basic functions of the VPWS.

Steps
1. Enable L2VPN.
Command

Function

ZXR10(config)#mpls l2vpn enable

Enables L2VPN.

2. Create a PW interface and configure a tunnel policy.


Step

Command

Function

ZXR10(config)#pw pw <1-115968>

Creates a pw interface in
global configuration mode.

ZXR10(config)#tunnel-policy <tunnel-policy-name>

Configures a tunnel policy.


Required if PW packets
are transmitted through an
external tunnel.

2-27
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

To bind a PW to a VPWS instance, you must create the PW in global configuration


mode first.
3. Configure a VPWS instance and bind it to an AC interface and a PW instance.
Step

Command

Function

ZXR10(config)#vpws <vpws-name>

Creates a vpws instance.

ZXR10(config-vpws-vpws-name)#access-point

Specifies an interface to be

<ac-interface>

bound as an access link and


enter sac configuration mode.

ZXR10(config-vpws-vpws-name-ac-ac-interface)#a

Configures the AC interface

ccess-params {ethernet | fr | hdlc | ppp | tdm}

encapsulation type.

ZXR10(config-vpws-vpws-name)#pseudo-wire

Binds a PW instance to the

pw<1-115968>

VPWS instance.

ZXR10(config-vpws-vpws-name-pw-pw-number)#neigh

Configures the PW instance.

bour <A.B.C.D>[vcid <1-4294967295>]

<vcid>: The VCID used by the PW, in the range of 1-4294967295.


<A.B.C.D>: Remote Label Switch Router (LSR) ID.
4. (Optional) Configure VPWS instance attributes.
Command

Function

ZXR10(config-vpws-vpws-name)#mtu <mtu>

Sets the Maximum Transmission


Unit (MTU) of an instance.

ZXR10(config-vpws-vpws-name)#description <string>

Describes the VPWS instance.

ZXR10(config-vpws-vpws-name)#traffic-statistics

Sets the traffic statistical function

{enable|disable}

for the instance.

5. (Optional) Configure the attributes of the AC interface for the VPWS instance.
Step

Command

Function

ZXR10(config-vpws-vpws-name-ac-ac-interface)#i

Enters heterogeneous IP

nter-working ip

mode.

ZXR10(config-vpws-vpws-name-ac-ac-interface-

Configures the MAC address

iwf-ip)#local-ce-mac <mac-address>

of the local CE of the PE.

ZXR10(config-vpws-vpws-name-ac-ac-interface)#a

Configures the AC

ccess-params ethernet

encapsulation type.

ZXR10(config-vpws-vpws-name-ac-ac-interface-

Configures VLAN translation

eth)#ingress-adjust rewrite <1-4094>

(modifies the VLAN).

ZXR10(config-vpws-vpws-name-ac-ac-interface-

Configures VLAN translation

eth)#ingress-adjust push {<1-4094>}

(adds a VLAN).

2-28
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Step

Command

Function

ZXR10(config-vpws-vpws-name-ac-ac-interface-

Configures the oam-mapping

eth)#oam-mapping {enable|disable}

function of the AC.

ZXR10(config-vpws-vpws-name-ac-ac-interface-

Enables or disables the

eth)#lst {enable|disable}

physical lst function of the

local AC interface.
8

ZXR10(config-vpws-vpws-name-ac-ac-interface-

Sets the traffic statistical

eth)#traffic-statistics{enable|disable}

function for the AC.

6. (Optional) Configures the attributes of the PW instance for the VPWS instance.
Step

Command

Function

ZXR10(config-vpws-vpws-name-pw-pw-number)#neigh

Configures a PW entity.

bour <A.B.C.D>[vcid <1-4294967295>]


2

ZXR10(config-vpws-vpws-name-pw-pw-number-

Sets a PW to use the control

neighbour)#control-word preferred

word or not.

ZXR10(config-vpws-vpws-name-pw-pw-number-

Sets the encapsulation mode

neighbour)#encapsulation{ satop | cesopsn|ip|ppp|hdlc|fr

of a PW.

-port|fr-dlci|fr-dlci-old|aal5-sdu|atm-vcc|atm-vpc|atm-vcc
-group|atm-vpc-group|atm-port|{raw|tagged}[reversing]}
4

ZXR10(config-vpws-vpws-name-pw-pw-number-

Sets a PW to support VCCV.

neighbour)#vccv bfd capability {basic | status}

encapsulation {ip | raw}


5

ZXR10(config-vpws-vpws-name-pw-pw-number-

Modifies the outer tunnel

neighbour)#tunnel-policy <tunnel-policy-name>

policy of a PW.

ZXR10(config-vpws-vpws-name-pw-pw-number-

Sets the establishment mode

neighbour)#signal {dynamic | static local-label

of a PW to signal triggering.

<16-1048575> remote-label <16-1048575>}


7

ZXR10(config-vpws-vpws-name-pw-pw-number-

Sets CSF state separation for

neighbour)# oam-mapping ignoring frr [abort]

a PW.
frr: If a CSF message is
received, the APS is not
notified, and FRR handover
calculation is not performed.
[abort]: The oam-mapping to
AC is not processed.

ZXR10(config-vpws-vpws-name-pw-pw-number-

Sets the traffic statistical

neighbour)#traffic-statistics{enable|disable}

function for a PW.

bfd: Sets CV type to PW-BFD.


dynamic: Sets PW type to dynamic.
2-29
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

static: Sets PW type to static.


<16-1048575>: Specifies the range of the PW tag.
tagged: Sets the PW encapsulation mode to tagged.
raw: Sets the PW encapsulation mode to raw.
7. (Optional) Configure PW redundancy for the VPLS instance.
Step

Command

Function

ZXR10(config-vpws-vpws-name-pw-pw-number)#redu

Binds a PW redundancy

ndency-manager

management group to the


current spoke-pw and enters
PW redundancy management
group mode.
The PW redundancy can be
configured only in spoke pw
mode of the VPWS instance.

ZXR10(config-vpws-vpws-name-pw-pw-number-

Configures the PW protection

rm)#protect-type {1+1 | 1:1}{bidirectional |

type.

unidirectional}[receiving {selective | both}] protect-strategy


{aps}
3

ZXR10(config-vpws-vpws-name-pw-pw-number-rm)#p

Configures the PW negotiation

fs-bits negotiate {independent | master | slave}

mode.

ZXR10(config-vpws-name-pw-pw-number-rm)#pfs-bits-

Sets the active/standby

advertise regardless-of-ac

PW negotiation state to be
unrelated to the AC.

ZXR10(config-vpws-vpws-name)#backup-pw

Binds the standby PW

<pw-name> protect <pw-name>

instance to the VPLS instance.

ZXR10(config-vpws-vpws-name-protect-pw-

Configures the standby PW

number)#neighbour <A.B.C.D>[vcid <1-4294967295>]

instance.

independent: Sets the PW redundancy negotiation mode to independent.


master: Sets the PW redundancy negotiation mode to master.
slave: Sets the PW redundancy negotiation mode to slave.
1+1 | 1:1: Sets the PW protection type.
bidirectional | unidirectional: Sets the APS negotiation type (bidirectional:
bidirectional negotiation, unidirectional: unidirectional type).
selective | both: Sets whether to use selective receipt or double receipt for APS.
8. (Optional) Configure APS, which is required during PW switchover.

2-30
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Step

Command

Function

ZXR10(config)#aps

Enters APS configuration


mode.

Configures a linear APS

ZXR10(config-aps)#linear-protect

instance.
3

ZXR10(config-aps-linear-protect)#pw-protector

Creates an APS PW protector

pw<1-115968>

and enters APS PW mode.

ZXR10(config-aps-linear-protect-pw-number)#r

Configures the reversion

evertive-mode {non-revertive | {revertive wtr {<0-12> |

mode of the protector

default}}}

(non-revertive/revertive)
of the protector, and the
waiting time for the reversion.

9. (Optional) Configure an inter-chassis coworker PW protection group in the VPWS


service.
Step
1

Command

Function

ZXR10(config)#redundancy interchassis group

Configures an inter-chassis

<1-4294967293>

protection group in global


configuration mode.
Before a communicate-unit is
configured, an inter-chassis
protection group must be
configured.

Applies the inter-chassis

ZXR10(config-rg-group-id)#apply mc-pw

protection group to an
MC-PW.
3

Binds the PW to the service.

ZXR10(config-vpws-vpws-name)#pseudo-wire

pw<1-115968>
4

ZXR10(config-vpws-vpws-name-pw-pw-number)#neigh

Configures a PW entity.

bour <A.B.C.D>[vcid <1-4294967295>]


5

ZXR10(config-vpws-vpws-name-pw-pw-number)#redu

Sets the role of the PW in a

ndancy-manager{mc-master|mc-slave}

redundancy group.

ZXR10(config-vpws-vpws-name-pw-pw-number-rm)#m

Sets the inter-chassis

c-protect-type coworker-proxy

protection type to
coworker-proxy.

2-31
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Step

Command

Function

7 (

ZXR10(config-vpws-vpws-name-pw-pw-number-rm)#m

Configures the mc-selection

Op-

c-protect-type mc-selection

redundancy protection type.

tion-

The mc-selection redundancy

al)

protection type and the


oam-mapping redundancy
protection type cannot be
configured at the same time.

8 (

ZXR10(config-vpws-vpws-name-pw-pw-number-rm)#m

Configures the oam-mapping

Op-

c-protect-type oam-mapping

redundancy protection

tion-

type. The oam-mapping

al)

redundancy protection
type and the mc-selection
redundancy protection type
cannot be configured at the
same time.

9 (

ZXR10(config-vpws-vpws-name-pw-pw-number-

Configures the ID of the

Op-

rm)#communicate-unit iccp <1-4294967293> roid

inter-chassis ICCP session

tion-

<1-18446744073709551615>

and the ID of the redundancy

al)

object.
This command is configured
when it is necessary to
configure the mc-selection
type or oam-mapping type.

10

11

ZXR10(config-vpws-vpws-name)#coworker-proxy-pw

Configures the slave PW that

<pw-number> as-remote-pw protect <pw-number>

protects the master PW.

ZXR10(config-vpws-vpws-name-protect-pw-pw-

Configures a slave PW entity.

number)#neighbour <A.B.C.D>[vcid <1-4294967295>]

{mc-master|mc-slave}: role of the inter-chassis PW in the redundancy group. The


mc-master parameter indicates a master inter-chassis PW, and the mc-slave
parameter indicates a slave inter-chassis PW.
<protect pw>: virtual interface name of the protecting PW.
<protected pw>: virtual interface name of the protected PW.
<A.B.C.D>: remote LSR ID.
<vcid>: VCID of the PW, range: 14294967295.
10. (Optional) Configure an inter-chassis coworker AC protection group in the VPWS
service.

2-32
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Step

Command

Function

ZXR10(config-vpws-vpws-name)#access-point

Binds an AC interface to the

<interface-name>

service.

ZXR10(config-vpws-vpws-name-ac-interface-

Sets the forwarding behavior

name)#traffic-behavior

mode.

ZXR10(config-vpws-vpws-name-ac-interface-name-

Sets the forwarding behavior

behavior)#ce-side {1+1|1:1|load-balance}

at the CE side.

ZXR10(config-vpws-vpws-name)#coworker-proxy-pw

Configures a PW to protect

<protect pw> as-remote-ac protect<ac-interface>

the AC.

ZXR10(config-vpws-vpws-name-protect-pw-pw-

Configures the slave PW

number)#neighbour <A.B.C.D>[vcid <1-4294967295>]

entity.

<interface-name>: AC interface name.


{1+1|1:1|load-balance}: forwarding behavior at the CE side, including 1+1 mode, 1:1
mode and load-balance mode.
<A.B.C.D>: remote LSR ID.
<<vcid>: VCID of the PW, range: 14294967295.
11. Verify the configurations.
Command

Function

ZXR10#show l2vpn brief

Indicates the list of LSVPN


service instances and the
binding number of instance AC
and PW.
Indicates the number of L2VPN

ZXR10#show l2vpn summary

instances.
ZXR10#show l2vpn forwordinfo vpnname <vpn-name>[detail]

Indicates the valid PW list


according to the instance name.

ZXR10#show pwe3 signal fec128 [[peer <A.B.C.D>][vcid

Indicates the information

<value>][pw-type <pw-type>]| used-only |unused-only

summary of PW.

[no-remote | no-config]| service-type vpws [id <value>| name


<name>]}|local-label <value>}|remote-label <value>]
ZXR10#show pwe3 signal fec128 detail [[peer <A.B.C.D>][vcid

Indicates the PW information in

<value>][pw-type <pw-type>]}| used-only |unused-only

detail, and lists the reason that

[no-remote | no-config]| service-type vpws [id <value>| name

PW is down.

<name>]|local-label <value>}|remote-label <value>]


Indicates the static information of

ZXR10#show pwe3 signal statistic

PW signalling states.

2-33
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Command

Function

ZXR10#show l2vpn protectgroup [<pw-name>]

Shows the information of all the


PW protection groups.

End of Steps

2.4.3 VPWS Configuration Example


2.4.3.1 VPWS ethernet PW Configuration Instance
Configuration Description
The network topology of an L2VPN VPWS ethernet PW configuration instances is shown
in Figure 2-6.
Figure 2-6 L2VPN VPWS ethernet PW Configuration

Configuration Flow
1.
2.
3.
4.

Configure interface addresses so that PE1 interconnects to PE2.


Configure loopback interfaces as the LDP Router-IDs.
Configure OSPF to advertise the loopback interface addresses.
Configure an LDP instance. It is unnecessary to establish a target-session on the
direct-connected link.
5. Configure an L2VPN instance.

Configuration Command
Configuration on PE1:
PE1(config)#interface gei-0/1/0/1
PE1(config-if-gei-0/1/0/1)#ip address 1.1.1.1 255.255.255.0
PE1(config-if-gei-0/1/0/1)#no shutdown
PE1(config-if-gei-0/1/0/1)#exit
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 100.100.1.1 255.255.255.255
PE1(config-if-loopback1)#exit

PE1(config)#router ospf 200


PE1(config-ospf-200)#network 1.1.1.0 0.0.0.255 area 0.0.0.0
PE1(config-ospf-200)#network 100.100.1.1 0.0.0.0 area 0.0.0.0
PE1(config-ospf-200)#router-id 100.100.1.1
PE1(config-ospf-200)#exit

2-34
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

PE1(config)#mpls ldp instance 100


PE1(config-ldp-100)#router-id loopback1
PE1(config-ldp-100)#interface gei-0/1/0/1
PE1(config-ldp-100-if-gei-0/1/0/1)#exit
PE1(config-ldp-100)#exit

PE1(config)#mpls l2vpn enable


PE1(config)#pw pw1
PE1(config)#vpws vpws_zte1
PE1(config-vpws-vpws_zte1)#pseudo-wire pw1
PE1(config-vpws-vpws_zte1-pw-pw1)#neighbour 100.100.1.2 vcid 20
PE1(config-vpws-vpws_zte1-pw-pw1-neighbour-100.100.1.2)#control-word preferred
PE1(config-vpws-vpws_zte1-pw-pw1-neighbour-100.100.1.2)#signal dynamic
PE1(config-vpws-vpws_zte1-pw-pw1-neighbour-100.100.1.2)#encapsulation raw
PE1(config-vpws-vpws_zte1-pw-pw1-neighbour-100.100.1.2)#exit
PE1(config-vpws-vpws_zte1-pw-pw1)#exit
PE1(config-vpws-vpws_zte1)#access-point gei-0/1/0/2
PE1(config-vpws-vpws_zte1-ac-gei-0/1/0/2)#access-params ethernet
PE1(config-vpws-vpws_zte1-ac-gei-0/1/0/2-eth)#exit
PE1(config-vpws-vpws_zte1-ac)#exit
PE1(config-vpws)#exit

Configuration on PE2:
PE2(config)#interface gei-0/1/0/1
PE2(config-if-gei-0/1/0/1)#ip address 1.1.1.2 255.255.255.0
PE2(config-if-gei-0/1/0/1)#no shutdown
PE2(config-if-gei-0/1/0/1)#exit
PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 100.100.1.2 255.255.255.255
PE2(config-if-loopback1)#exit

PE2(config)#router ospf 200


PE2(config-ospf-200)#network 100.100.1.2 0.0.0.0 area 0.0.0.0
PE2(config-ospf-200)#network 1.1.1.0 0.0.0.255 area 0.0.0.0
PE2(config-ospf-200)#router-id 100.100.1.2
PE2(config-ospf-200)#exit

PE2(config)#mpls ldp instance 100


PE2(config-ldp-100)#router-id loopback1
PE2(config-ldp-100)#interface gei-0/1/0/1
PE2(config-ldp-100-if-gei-0/1/0/1)#exit
PE2(config-ldp-100)#exit

PE2(config)#mpls l2vpn enable

2-35
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE2(config)#pw pw1
PE2(config)#vpws vpws_zte1
PE2(config-vpws-vpws_zte1)#pseudo-wire pw1
PE2(config-vpws-vpws_zte1-pw-pw1)#neighbour 100.100.1.1 vcid 20
PE2(config-vpws-vpws_zte1-pw-pw1-neighbour-100.100.1.1)#control-word preferred
PE2(config-vpws-vpws_zte1-pw-pw1-neighbour-100.100.1.1)#signal dynamic
PE2(config-vpws-vpws_zte1-pw-pw1-neighbour-100.100.1.1)#encapsulation raw
PE2(config-vpws-vpws_zte1-pw-pw1-neighbour-100.100.1.1)#exit
PE2(config-vpws-vpws_zte1-pw-pw1)#exit
PE2(config-vpws-vpws_zte1)#access-point gei-0/1/0/2
PE2(config-vpws-vpws_zte1-ac-gei-0/1/0/2)#access-params ethernet
PE2(config-vpws-vpws_zte1-ac-gei-0/1/0/2-eth)#exit
PE2(config-vpws-vpws_zte1-ac-gei-0/1/0/2)#exit
PE2(config-vpws-vpws_zte1)#exit

Configuration Verification
After the configuration, a VPWS PW can be established successfully. The following
information shows the result of configuration verification.
PE1#show l2vpn forwardinfo vpnname vpws_zte1
Headers: PWType - Pseudo Wire type and Pseudo Wire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - Owner type and instance name
Codes

: H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW, MO - MONITOR


$pw - auto_pw

PWName

PeerIP

FEC PWType

State Llabel

Rlabel

VPNowner

pw1

100.100.1.2

128 Ethernet

up

81921

W:vpws_zte1

81921

PE1#show l2vpn forwardinfo vpnname vpws_zte1 detail


Hearders : ALLOK - Pseudowire Forwarding

Codes

PWNF

- Pseudowire Not Forwarding

AR

- Local AC (ingress) Receive Fault

AT

- Local AC (egress) Transmit Fault

PSNR

- Local PSN-facing PW (ingress) Receive Fault

PSNT

- Local PSN-facing PW (egress) Transmit Fault

PWFS

- Pseudowire forwarding standby

RS

- Request switchover to this PW

PWSA

- Pseudowire Status All Fault

: -unknown, *yes, .no

-------------------------------------------------------------------------------

Service type and instance name:[VPWS

vpws1]

Peer IP address

: 100.100.1.2

VCID

: 20

Connection mode

VCID Extend

: 0

2-36
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


Signaling protocol

: LDP

VC type

: Ethernet

Last status change time : 00:01:09

Create time

: 00:02:27

MPLS VC local label

: 81921

Remote label : 81921

PW name

: pw1

Control Word : ENABLE

Band Width

: 0 kbps

Related interface name

: -

VC status

: UP

Remote status

: ALLOK

VCCV CC type

: CWORD

VCCV CV type

: LSP

Tunnel label

: { 3 }

Output interface

: gei-0/1/0/1

Imposed label stack

: { 81921 3 }

FRR type

: NULL

2.4.3.2 VPWS BFD Configuration Example


Configuration Description
VPWS instances need to be configured on R1 and R2, and BFD can be configured under
the VPWS instances. The network structure is shown in Figure 2-7.
Figure 2-7 VPWS BFD Configuration

Configuration Flow
1. Configure VPWS instances on R1 and R2.
2. Configure BFD under the VPWS instances of R1 and R2.

Configuration Commands
Configure R1 as follows:
R1(config)#interface xgei-0/5/0/3
R1(config-if-xgei-0/5/0/3)#ip address 201.2.3.2 255.255.255.0
R1(config-if-xgei-0/5/0/3)#exit
R1(config)#interface loopback1
R1(config-if-loopback1)#ip address 100.1.1.2 255.255.255.255
R1(config-if-loopback1)#exit

R1(config)#router ospf 1
R1(config-ospf-1)#network 201.2.3.0 0.0.0.255 area 0
R1(config-ospf-1)#network 100.1.1.2 0.0.0.0 area 0
R1(config-ospf-1)#exit

2-37
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

R1(config)#mpls ldp instance 1


R1(config-ldp-1)#router-id loopback1
R1(config-ldp-1)#interface xgei-0/5/0/3
R1(config-ldp-1-xgei-0/5/0/3)#exit
R1(config-ldp-1)#exit

R1(config)# pw pw1
R1(config)#vpws vpws-bfd
R1(config-vpws-vpws-bfd)# access-point xgei-0/5/0/4
R1(config-vpws-vpws-bfd-ac-xgei-0/5/0/4)# access-params ethernet
R1(config-vpws-vpws-bfd-ac-xgei-0/5/0/4-eth)#exit
R1(config-vpws-vpws-bfd-ac-xgei-0/5/0/4)#exit
R1(config-vpws-vpws-bfd)# pseudo-wire pw1
R1(config-vpws-vpws-bfd-pw-pw1)#neighbour 100.1.1.3 vcid 1
R1(config-vpws-vpws-bfd-pw-pw1-neighbour-100.1.1.3)# vccv bfd capability basic
encapsulation ip
R1(config-vpws-vpws-bfd-pw-pw1-neighbour-100.1.1.3)#exit
R1(config-vpws-vpws-bfd-pw-pw1)#exit
R1(config-vpws-vpws-bfd)#exit

R1(config)#bfd
R1(config-bfd)# session pw-bfd pw-bfd pw-name pw1
R1(config-bfd-pw-pw-bfd)#exit
R1(config-bfd)#exit

Configure R2 as follows:
R2(config)#interface xgei-0/0/0/3
R2(config-if-xgei-0/0/0/3)#ip address 201.2.3.3 255.255.255.0
R2(config-if-xgei-0/0/0/3)#exit
R2(config)#interface loopback1
R2(config-if-loopback1)#ip address 100.1.1.3 255.255.255.255
R2(config-if-loopback1)#exit

R2(config)#router ospf 1
R2(config-ospf-1)#network 201.2.3.0 0.0.0.255 area 0
R2(config-ospf-1)#network 100.1.1.3 0.0.0.0 area 0
R2(config-ospf-1)#exit

R2(config)#mpls ldp instance 1


R2(config-ldp-1)#router-id loopback1
R2(config-ldp-1)#interface xgei-0/0/0/3
R2(config-ldp-1)#exit

R2(config)#pw pw1

2-38
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


R2(config)#vpws vpws-bfd
R2(config-vpws-vpws-bfd)# access-point xgei-0/0/0/4
R2(config-vpws-vpws-bfd-ac-xgei-0/0/0/4)# access-params ethernet
R2(config-vpws-vpws-bfd-ac-xgei-0/0/0/4-eth)#exit
R2(config-vpws-vpws-bfd-ac-xgei-0/0/0/4)#exit
R2(config-vpws-vpws-bfd)# pseudo-wire pw1
R2(config-vpws-vpws-bfd-pw-pw1)#neighbour 100.1.1.2 vcid 1
R2(config-vpws-vpws-bfd-pw-pw1-neighbour-100.1.1.2)# vccv bfd capability basic
encapsulation ip
R2(config-vpws-vpws-bfd-pw-pw1-neighbour-100.1.1.2)#exit
R2(config-vpws-vpws-bfd-pw-pw1)#exit
R2(config-vpws-vpws-bfd)#exit

R2(config)#bfd
R2(config-bfd)# session pw-bfd pw-bfd pw-name pw1
R2(config-bfd-pw-pw-bfd)#exit
R2(config-bfd)#exit

Configuration Verification
After the configurations, you can run the show l2vpn forwardinfo vpnname command to
check the VPWS instances and the show bfd neighbors pw brief command to check the
VPWS BFD configuration.
Check the VPWS instance on R1 as follows:
R1(config)#show l2vpn forwardinfo vpnname vpws-bfd
Headers: PWType - Pseudowire type and Pseudowire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - owner type and instance name
Codes

: H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW


$pw - auto_pw

PWName

PeerIP

FEC PWType

State Llabel

Rlabel

VPNowner

pw1

100.1.1.3

128 Ethernet

UP

81921

W:vpws-bfd

81922

R1(config)#show bfd neighbors pw brief

Pwname

LD

RD

Hold

State

pw1

33233

2981

150

UP

Check the VPWS instance on R2 as follows:


R2(config)#show l2vpn forwardinfo vpnname vpws-bfd
Headers: PWType - Pseudowire type and Pseudowire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - owner type and instance name
Codes

: H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW

2-39
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


$pw - auto_pw

PWName

PeerIP

FEC PWType

State Llabel

Rlabel

VPNowner

pw1

100.1.1.2

128 Ethernet

UP

81922

W:vpws-bfd

81921

R2(config)#show bfd neighbors pw brief

Pwname

LD

RD

Hold

State

pw1

2981

33233

150

UP

2.5 VPWS Heterogeneous Function Configuration


2.5.1 VPWS Heterogeneous Function Overview
To meet the IP and bandwidth development requirements of the mobile network, it is
an inevitable trend to convert mobile Backhual to IP Radio Access Network (RAN). The
procedure to reconstruct a mobile Backhual network to an IP network is to upgrade the
primary Synchronous Digital Hierarchy (SDH) and ATM to IP RAN. During this upgrading
procedure, the VPWS heterogeneous function provides a low-cost solution.
The VPWS heterogeneous function supports multiple types of link layer protocol accesses:
Ethernet, Point to Point Protocol (PPP), FR, High-level Data Link Control (HDLC) and ATM.
At present, ZXR10 M6000-S supports Ethernet and PPP accesses.
According to the PW type, VPWS heterogeneous function can be classified into
IP heterogeneous function and PPP heterogeneous function. At present, the IP
heterogeneous function is accomplished on ZXR10 M6000-S. So, the following topics
describe the IP heterogeneous function.
According to the heterogeneous awareness, the heterogeneous function can be classified
into bilateral-mode heterogeneous function and unilateral-mode heterogeneous function.
l

In the bilateral mode, the two PE devices of a PW need to be aware of the


heterogeneity. That is to say, the PE devices need to do heterogeneous operations
for the packets or terminate the local packets.
In the unilateral mode, only one of the PE devices of a PW needs to be aware of the
heterogeneity. The other PE device is not aware of the heterogeneity and it forwards
the packets according to the normal VPN forwarding flow.

In this manual, the heterogeneous function is described in the heterogeneous types instead
of the heterogeneous modes.

2.5.2 Configuring the VPWS Heterogeneous Function


This procedure describes how to configure a heterogeneous VPWS.

Steps
1. Create a VPWS instance and bind an interface to an AC.
2-40
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Step

Command

Function

ZXR10(config)#mpls l2vpn enable

Enables L2VPN.

ZXR10(config)#vpws <vpws-name>

Creates a VPWS instance.

ZXR10(config-vpws-vpws-name)#access-point

Binds an interface to an AC.

<ac-interface>

<ac-interface>: Binds an interface to an AC.


2. Configure the IP heterogeneous function.
Step

Command

Function

ZXR10(config-vpws-vpws-name-ac-ac-interface)#in

Configures the IP

ter-networking ip

heterogeneous function.

ZXR10(config-vpws-vpws-name-ac-ac-interface-

Configures the MAC address

iwf-ip)#local-ce-mac <xxxx.xxxx.xxxx>

of the local CE.

ZXR10(config-vpws-vpws-name-ac-ac-interface-

Configures the IP address of

iwf-ip)#remote-ce ip {<ipv4-address>}

a remote CE.

3. Verify the configurations.


Command

Function

ZXR10#show l2vpn forwordinfo vpnname

Displays a list of valid PWs under the

<vpn-name>[detail]

specified instance.

ZXR10#show pwe3 signal

Shows the signalling status of each PW.

End of Steps

2.5.3 VPWS Heterogeneous Function Configuration Instance


Configuration Description
It is required to support VPWS interconnection through different types of mediums. As
shown in Figure 2-8, POS interfaces are connected to GE interfaces through VPWS.
Figure 2-8 VPWS Heterogeneous Function Configuration Instance

Configuration Flow
1. Configure routes between PE1 and PE2.
2. Establish LDP neighbor relationship between PE1 and PE2.
2-41
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

3. Enable MPLS L2 VPN on PE1 and PE2. Create a PW. Configure a VPWS instance
and configure the related remote member.
4. On PE1, the POS interface works as an AC to connect to the VPWS instance. The
GE interface on the PE is connected to a VPWS instance.

Configuration Command
The configuration of PE1:
ZXR10(config)#interface loopback1
ZXR10(config-if-loopback1)#ip address 1.1.1.46 255.255.255.255
ZXR10(config-if-loopback1)#exit
ZXR10(config)#interface gei-0/5/0/3
ZXR10(config-if-gei-0/5/0/3)#no shutdown
ZXR10(config-if-gei-0/5/0/3)#ip address 172.20.130.213 255.255.255.252
ZXR10(config-if-gei-0/5/0/3)#exit

ZXR10(config)#router isis 10
ZXR10(config-isis-10)#area 49.0172
ZXR10(config-isis-10)#system-id 0020.0096.0001
ZXR10(config-isis-10)#interface gei-0/5/0/3
ZXR10(config-isis-10-if-gei-0/5/0/3)#ip router isis
ZXR10(config-isis-10-if-gei-0/5/0/3)#exit
ZXR10(config-isis-10)#interface loopback1
ZXR10(config-isis-10-if-loopback1)#ip router isis
ZXR10(config-isis-10-if-loopback1)#exit
ZXR10(config-isis-10)#exit

ZXR10(config)#mpls ldp instance 1


ZXR10(config-ldp-1)#router-id loopback1
ZXR10(config-ldp-1)#interface gei-0/5/0/3
ZXR10(config-ldp-1-if-gei-0/5/0/3)#exit
ZXR10(config-ldp-1)#exit

ZXR10(config)#mpls l2vpn enable


ZXR10(config)#pw pw1
ZXR10(config)#vpws yigou
ZXR10(config-vpws-yigou)#access-point pos3-0/3/0/1
ZXR10(config-vpws-yigou-ac-pos3-0/3/0/1)#inter-networking ip
ZXR10(config-vpws-yigou-ac-pos3-0/3/0/1-iwf-ip)#remote-ce ip 100.1.1.2
ZXR10(config-vpws-yigou-ac-pos3-0/3/0/1-iwf-ip)#exit
ZXR10(config-vpws-yigou-ac-pos3-0/3/0/1)#exit
ZXR10(config-vpws-yigou)#pseudo-wire pw1
ZXR10(config-vpws-yigou-pw-pw1)#neighbour 1.1.1.50 vcid 100
ZXR10(config-vpws-yigou-pw-pw1-neighbour-1.1.1.50)#exit
ZXR10(config-vpws-yigou-pw-pw1)#exit

2-42
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


ZXR10(config-vpws-yigou)#exit

ZXR10(config)#interface pos3-0/3/0/1
ZXR10(config-if-pos3-0/3/0/1)#no shutdown
ZXR10(config-if-pos3-0/3/0/1)#exit
ZXR10(config)#ppp
ZXR10(config-ppp)#interface pos3-0/3/0/1
/*Configure PPP proxy so that PPP routes will be generated on CE1*/
ZXR10(config-ppp-if)#end

The configuration of PE2:


ZXR10(config)#interface loopback1
ZXR10(config-if-loopback1)#ip address 1.1.1.50 255.255.255.255
ZXR10(config-if-loopback1)#exit
ZXR10(config)#interface gei-0/5/0/3
ZXR10(config-if-gei-0/5/0/3)#no shutdown
ZXR10(config-if-gei-0/5/0/3)#ip address 172.20.130.214 255.255.255.252
ZXR10(config-if-gei-0/5/0/3)#exit

ZXR10(config)#router isis 10
ZXR10(config-isis-10)#area 49.0172
ZXR10(config-isis-10)#system-id 0020.0096.0002
ZXR10(config-isis-10)#interface gei-0/5/0/3
ZXR10(config-isis-10-if-gei-0/5/0/3)#ip router isis
ZXR10(config-isis-10-if-gei-0/5/0/3)#exit
ZXR10(config-isis-10)#interface loopback1
ZXR10(config-isis-10-if-loopback1)#ip router isis
ZXR10(config-isis-10-if-loopback1)#exit
ZXR10(config-isis-10)#exit

ZXR10(config)#mpls ldp instance 1


ZXR10(config-ldp-1)#router-id loopback1
ZXR10(config-ldp-1)#interface gei-0/5/0/3
ZXR10(config-ldp-1-if-gei-0/5/0/3)#exit
ZXR10(config-ldp-1)#exit

ZXR10(config)#mpls l2vpn enable


ZXR10(config)#pw pw1
ZXR10(config)#vpws yigou
ZXR10(config-vpws-yigou)#access-point gei-0/1/1/8
ZXR10(config-vpws-yigou-ac-gei-0/1/1/8)#inter-networking ip
ZXR10(config-vpws-yigou-ac-gei-0/1/1/8-iwf-ip)#local-ce-mac 0000.2dd4.4aeb
/*This MAC address is the one of CE2*/
ZXR10(config-vpws-yigou-ac-gei-0/1/1/8-iwf-ip)#exit
ZXR10(config-vpws-yigou-ac-gei-0/1/1/8)#exit

2-43
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


ZXR10(config-vpws-yigou)# pseudo-wire pw1
ZXR10(config-vpws-yigou-pw-pw1)#neighbour 1.1.1.46 vcid 100
ZXR10(config-vpws-yigou-pw-pw1-neighbour-1.1.1.46)#exit
ZXR10(config-vpws-yigou-pw-pw1)#exit
ZXR10(config-vpws-yigou)#exit

Configuration Verification
After the configuration, the VPWS PW is Up. CE1 can ping CE2 (100.1.1.2) successfully.
CE1#show ip for rout ppp
IPv4 Routing Table:
status codes: *valid, >best
Dest

Gw

*> 100.1.1.2/32

Interface

100.1.1.1

pos3-0/5/0/1

Owner
ppp

Pri Metric
0

PE1#show pwe3 signal fec128 detail


The detailed signal information of dynamic PWs or PW-segments:
Some signal information are referred to as follows :
NON

- the LDP session is absent,

UP

- the LDP session is OPERATIONAL,

GR1

- the LDP session is reconnecting,

GR2

- the LDP session's remote mappings are recovering,

DOWN - not UP(or NON,or GR1,or GR2).

PW entity

: < 1.1.1.50 , 100 , IP >

LSPs formed

: YES

C-bits

: local
negotiated

MTU

: local
negotiated

: NO

, remote

: NO

, remote

: 1500

: NO
: 1500
: 1500

labels

: local

: 81926

, remote

: 81932

signal

: Configured

: YES

, Received

: YES

Negotiated

: YES

, Sent

: YES

AC ready

: YES

oam status

: local
remote

redundancy

: local
negotiated

application

: PSN rcv(0),snd(0); AC rcv(1),snd(1); Error(0)


: PSN rcv(0),snd(0); AC rcv(1),snd(1); Error(0)
: ??

, remote

: ACTIVE

: ??

: service-type : VPWS

, instance-id: 1

MAC-withdraw : received

: 0

, sent

: 0

local-VCCV

: CC-type

: NO

, CV-type

: NO

remote-VCCV

: CC-type

: NO

, CV-type

: NO

actual-VCCV

: CC-type

: NO

, CV-type

: NO

LDP session

: The LDP session's state is UP.

2-44
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


CE1#ping 100.1.1.2
sending 5,100-byte ICMP echoes to 100.1.1.2,timeout is 2 seconds.
!!!!!

2.6 MC-ELAM Configuration


2.6.1 MC-ELAM Overview
MC-ELAM Introduction
To meet the requirement of service operators for MPLS L2 VPN reliability and the
requirement of end-to-end services for real time, it is necessary to introduce related
protection mechanisms for CE access, PW access and the links between PWs. For CE
access, the protection can be accomplished by connecting two CEs to the active and the
standby PE. Multi-Chassis Ethernet Link Aggregation Manager (MC-ELAM) is used to
coordinate the active and the standby PEs and to discover the status.
According to application situations, there are to applications to connect two CEs to two
PEs. One is VPLS application, and the other is Pseudo Wire Emulation Edge-to-Edge
(PWE3) application.

Connecting two CEs to two PEs in VPLS


As shown in Figure 2-9, CE1 is connected to NPE1 and NPE2 through AC1 and AC2.
The state of AC1 is Active, and the state of AC2 is Standby. This improves the network
reliability and prevents the unavailability caused by loop faults or single-point faults.
Figure 2-9 Typical Network Structure of Connecting Two CEs to Two PEs

When AC1 has a fault, NPE2 can be aware of the fault quickly and starts to negotiate with
CE1 to make AC2 be active. So the traffic from CE1 to CE2 is changed over from AC1 to
AC2 directly. Meanwhile, NPE1 or NPE2 needs to send MAC WITHDRAW messages to
other NPE devices in the same Virtual Forwarding Instance (VFI) on the VPLS network to
inform other PEs to age the invalid MAC addresses. In this way, the traffic from CE2 to
CE1 can be learnt through broadcast and be forwarded through NPE2 correctly.
2-45
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

In the same way, when NPE1 has a fault, NPE2 can detect the fault through other
detection mechanisms and trigger AC link negotiation, and then it sends MAC WITHDRAW
messages to other NPE devices in the same VFI.

Connecting two CEs to two PEs in PWE3


As shown in Figure 2-10, the Time Division Multiplexing (TDM) service of a Base
Transceiver Station (BTS) is connected to a Base Station Controller (BSC). The network
overlays on the MPLS L2 VPN at the core layer. The BSC is connected to two devices.
Assume that the link between the BSC a device is in Active status, and the link between
the BSC and the other device is in the Standby status. The traffic from the BTS to the
BSC and the traffic from the BSC back to BTS is carried over the on the Active link.
When a fault occurs to the Active link, the service packets from the BSC to the BTS are
changed over to the Standby link. Meanwhile, changeovers of active and standby PWs at
the access layer, the aggregation layer and the core layer are also executed on the base of
the linkage mechanism. When the active PE has a fault, the PW changeover is executed
on the base of PW FRR.
Figure 2-10 Connecting Two CEs to Two PEs in PWE3 Application

2.6.2 Configuring MC-ELAM


This procedure describes how to configure MC-ELAM.

Steps
1. Create an MC-ELAM instance.

2-46
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Step

Command

Function

ZXR10(config)#mc-elam-configuration

Enters MC-ELAM
configuration mode from
global configuration mode.

ZXR10(config-mc-elam-configuration)#mc-elam

Creates an MC-ELAM

<id>

instance and enters


MC-ELAM instance
configuration mode.

2. Configure IP addresses of an MC-ELAM instance.


Step
1

Command

Function

ZXR10(config-mc-elam-configuration-mc-elam-

Configures the source IP

instance)#source <source-ip>

address of an MC-ELAM
instance.

ZXR10(config-mc-elam-configuration-mc-elam-

Configures the destination

instance)#destination <destination-ip>

IP address of an MC-ELAM
instance.

3. Configure attributes of an MC-ELAM instance.


Step

Command

Function

ZXR10(config-mc-elam-configuration-mc-elam-

Configures the system priority

instance)#system-priority <priority-value>

of an MC-ELAM instance, in
the range of 1-65535. The
default value is 32768.

ZXR10(config-mc-elam-configuration-mc-elam-

Configures the system MAC

instance)#system-mac <value>

of an MC-ELAM instance. The


default value is the system
base MAC. The MAC system
does support MAC addresses
0.0.0.0 and F.F.F.F, and the
MAC addresses started with
01.

ZXR10(config-mc-elam-configuration-mc-elam-

Configures the interval of

instance)#timeradvertise <advertise-interval>

sending protocol packets in


an MC-ELAM instance, in the
range of 5-100. The default
value is 10 (unit: 100 ms).

2-47
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Step

Command

Function

ZXR10(config-mc-elam-configuration-mc-elam-

Configures the multiplier

instance)#detect-multiplier <multiplier>

of protocol packet time-out


interval in an MC-ELAM
instance, in the range of
3-180. The default value is 5.

ZXR10(config-mc-elam-configuration-mc-elam-

Configures the restoring

instance)#restore { revertive <holdoff-time>|

mode and restoring time in an

immediately | non-revertive}

MC-ELAM instance.
<holdoff-time> ranges from 1
to 120 seconds.
immediately: reverting
immediately (default).
non-revertive: not reverting.

ZXR10(config-mc-elam-configuration-mc-elam-

Configures the linkage

instance)#track <track-name>{ link-type | peer-type |

relationship between an

pw-type}

MC-ELAM instance and the


SAMGR module.
link-type: The link-bfd
detection is bound.
peer-type: The peer-bfd
detection is bound.
pw-type: The pw-bfd
detection is bound.

ZXR10(config-mc-elam-configuration-mc-elam-

Binds an MC-ELAM instance

instance)#bind smartgroup <id>[mode { auto | master |

to a smartgroup interfaces

slave }]

and configures the negotiation


mode.
auto: automatic negotiation
mode.
master: master mode.
slave: slave mode.

4. Verify the configurations.


Command

Function

ZXR10(config)#show mc-elam {all | brief| id }

Shows the MC-ELAM information.

End of Steps

2-48
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

2.6.3 MC-ELAM Configuration Instance


Configuration Description
As shown in Figure 2-11, the interface gei-0/3/0/1 and the interface gei-0/3/0/3 on the CE
router are in smartgroup1. The gei-0/3/0/2 directly connect the PE1 router and the PE2
router.
Figure 2-11 MC-ELAM Configuration Instance

Configuration Flow
1. Configure an MC-ELAM instance.
2. Configure the source and the destination IP addresses of the MC-ELAM instance.
3. Configure the MC-ELAM instance to bind to a smmartgroup interface in automatic
mode.
4. Configure the reverting mode of the MC-ELAM instance

Configuration Command
The configuration of the CE:
CE(config)#interface smartgroup1
CE(config-if-smartgroup1)#exit
CE(config)#lacp
CE(config-lacp)#interface smartgroup1
CE(config-lacp-sg-if-smartgroup1)#lacp mode 802.3ad
CE(config-lacp-sg-if-smartgroup1)#exit
CE(config-lacp)#interface gei-0/3/0/1
CE(config-lacp-member-if-gei-0/3/0/1)#smartgroup 1 mode active
CE(config-lacp-member-if-gei-0/3/0/1)#exit
CE(config-lacp)#interface gei-0/3/0/3
CE(config-lacp-member-if-gei-0/3/0/3)#smartgroup 1 mode active
CE(config-lacp-member-if-gei-0/3/0/3)#exit
CE(config-lacp)#exit

The configuration of PE1:


2-49
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE1(config)#interface smartgroup1
PE1(config-if-smartgroup1)#exit
PE1(config)#lacp
PE1(config-lacp)#interface smartgroup1
PE1(config-lacp-sg-if-smartgroup1)#lacp mode 802.3ad
PE1(config-lacp-sg-if-smartgroup1)#exit
PE1(config-lacp)#interface gei-0/3/0/1
PE1(config-lacp-member-if-gei-0/3/0/1)#smartgroup 1 mode active
PE1(config-lacp-member-if-gei-0/3/0/1)#exit
PE1(config-lacp)#exit
PE1(config)#interface gei-0/3/0/2
PE1(config-if-gei-0/3/0/2)#no shutdown
PE1(config-if-gei-0/3/0/2)#ip address 1.1.1.1 255.255.255.0
PE1(config-if-gei-0/3/0/2)#exit

PE1(config)#mc-elam-configuration
PE1(config-mc-elam-configuration)#mc-elam 1
PE1(config-mc-elam-configuration-mc-elam-instance)#bind smartgroup 1 mode auto
PE1(config-mc-elam-configuration-mc-elam-instance)#source 1.1.1.1
PE1(config-mc-elam-configuration-mc-elam-instance)#destination 1.1.1.2
PE1(config-mc-elam-configuration-mc-elam-instance)#restore immediately
PE1(config-mc-elam-configuration-mc-elam-instance)#system-priority 30000
PE1(config-mc-elam-configuration-mc-elam-instance)#end

The configuration of PE2:


PE2(config)#interface smartgroup1
PE2(config-if-smartgroup1)#exit
PE2(config)#lacp
PE2(config-lacp)#interface smartgroup1
PE2(config-lacp-sg-if-smartgroup1)#lacp mode 802.3ad
PE2(config-lacp-sg-if-smartgroup1)#exit
PE2(config-lacp)#interface gei-0/3/0/1
PE2(config-lacp-member-if-gei-0/3/0/1)#smartgroup 1 mode active
PE2(config-lacp-member-if-gei-0/3/0/1)#exit
PE2(config-lacp)#exit
PE2(config)#interface gei-0/3/0/2
PE2(config-if-gei-0/3/0/2)#no shutdown
PE2(config-if-gei-0/3/0/2)#ip address 1.1.1.2 255.255.255.0
PE2(config-if-gei-0/3/0/2)#exit

PE2(config)#mc-elam-configuration
PE2(config-mc-elam-configuration)#mc-elam 1
PE2(config-mc-elam-configuration-mc-elam-instance)#bind smartgroup 1 mode auto
PE2(config-mc-elam-configuration-mc-elam-instance)#source 1.1.1.2
PE2(config-mc-elam-configuration-mc-elam-instance)#destination 1.1.1.1

2-50
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


PE2(config-mc-elam-configuration-mc-elam-instance)#restore immediately
PE2(config-mc-elam-configuration-mc-elam-instance)#system-priority 40000
PE2(config-mc-elam-configuration-mc-elam-instance)#end

Configuration Verification
Check the configurations before switchover as follows:
Execute the show mc-elam 1 command to check the configuration result on PE1, as follows:
PE1#show mc-elam 1
----------------------------------------------------mcelam-instance-id

:1

destination_ip

:1.1.1.2

source_ip

:1.1.1.1

system_priority

:30000

system_mac

:0022.4432.edac

virtual_mcelam_priority

:30000

virtual_mcelam_smac

:0022.4432.edac

sm_state

:MCELAM_LINK_MS

smartgroup_id

:1

bind_mode

:MCELAM_AUTO_MODE

actor_mcelam_role

:MASTER

actor_lacp_role

:MASTER

actor_sg_admin_state

:UP

actor_sg_protocol_state

:UP

actor_revertive_mode

:MCELAM_IMMEDIATELY_MODE

revertive_time

:0

actor_adver_int

:10

actor_detect_multiplier

:5

actor_pwfault

:0

partner_mcelam_role

:SLAVE

partner_lacp_role

:SLAVE

partner_sg_protocol_state:DOWN
partner_adver_int

:10

partner_detect_multiplier:5
partner_pwfault

:0

/*Check the smartgroup interface (which should be in up status before switchover).*/


PE1(config)#show ip int brief smartgroup1
Interface

IP-Address

Mask

Admin Phy

Prot

Smartgroup1

unassigned

unassigned

up

up

up

Execute the show mc-elam 1 command to check the configuration result on PE2, as follows:
2-51
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE2#show mc-elam 1
-----------------------------------------------------mcelam-instance-id

:1

destination_ip

:1.1.1.1

source_ip

:1.1.1.2

system_priority

:40000

system_mac

:001e.739a.b21f

virtual_mcelam_priority

:30000

virtual_mcelam_smac

:0022.4432.edac

sm_state

:MCELAM_LINK_MS

smartgroup_id

:1

bind_mode

:MCELAM_AUTO_MODE

actor_mcelam_role

:SLAVE

actor_lacp_role

:SLAVE

actor_sg_admin_state

:UP

actor_sg_protocol_state

:DOWN

actor_revertive_mode

:MCELAM_IMMEDIATELY_MODE

revertive_time

:0

actor_adver_int

:10

actor_detect_multiplier

:5

actor_pwfault

:0

partner_mcelam_role

:MASTER

partner_lacp_role

:MASTER

partner_sg_protocol_state:UP
partner_adver_int

:10

partner_detect_multiplier:5
partner_pwfault

:0

/*Check the smartgroup interface (which should be in down status before switchover).*/
PE2(config)#show ip int brief smartgroup1
Interface

IP-Address

Mask

Admin Phy

Prot

Smartgroup1

unassigned

unassigned

up

down

up

Check the CE configuration as follows:


CE(config)#show lacp 1 internal
Smartgroup:1
Flags:

* - Port is Active member Port


S - Port is requested in Slow LACPDUs
F - Port is requested in Fast LACPDUs
A - Port is in Active mode
P - Port is in Passive mode

Actor

Agg

LACPDUs

Port

Oper

Port

RX

Mux

2-52
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


Port[Flags]

State

Interval Pri

Key

State Machine

Machine

------------------------------------------------------------------------------gei-0/3/0/1[SA*]

ACTIVE

30

32768 0x4011 0x3d

CURRENT

COLL&DIST

gei-0/3/0/3[SA ]

INACTIVE

30

32768 0x4011 0xd

CURRENT

ATTACHED

/*The link between PE1 and CE is broken, and switchover is implemented.*/


PE1(config-if-gei-0/3/0/1)#shutdown

Check the configurations after the switchover as follows:


On PE1, run the show mc-elam 1 command to check the PE1 configuration.
PE1#show mc-elam 1
-----------------------------------------------------mcelam-instance-id

:1

destination_ip

:1.1.1.2

source_ip

:1.1.1.1

system_priority

:30000

system_mac

:00d0.1234.561f

virtual_mcelam_priority

:30000

virtual_mcelam_smac

:00d0.1234.561f

sm_state

:MCELAM_LINK_MS

smartgroup_id

:1

bind_mode

:MCELAM_AUTO_MODE

actor_mcelam_role

:MASTER

actor_lacp_role

:SLAVE

actor_sg_admin_state

:UP

actor_sg_protocol_state

:DOWN

actor_revertive_mode

:MCELAM_IMMEDIATELY_MODE

revertive_time

:0

actor_adver_int

:10

actor_detect_multiplier

:5

actor_pwfault

:0

partner_mcelam_role

:SLAVE

partner_lacp_role

:MASTER

partner_sg_protocol_state:UP
partner_adver_int

:10

partner_detect_multiplier:5
partner_pwfault

:0

/*Check the smartgroup interface as follows:*/


PE1(config)#show ip int brief smartgroup1
Interface

IP-Address

Mask

Admin Phy

Prot

Smartgroup1

unassigned

unassigned

up

down

up

2-53
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

On PE2, run the show mc-elam 1 command to check the PE2 configuration.
PE2#show mc-elam 1
-----------------------------------------------------mcelam-instance-id

:1

destination_ip

:1.1.1.1

source_ip

:1.1.1.2

system_priority

:40000

system_mac

:0023.e422.1134

virtual_mcelam_priority

:30000

virtual_mcelam_smac

:00d0.1234.561f

sm_state

:MCELAM_LINK_MS

smartgroup_id

:1

bind_mode

:MCELAM_AUTO_MODE

actor_mcelam_role

:SLAVE

actor_lacp_role

:MASTER

actor_sg_admin_state

:UP

actor_sg_protocol_state

:UP

actor_revertive_mode

:MCELAM_IMMEDIATELY_MODE

revertive_time

:0

actor_adver_int

:10

actor_detect_multiplier

:5

actor_pwfault

:0

partner_mcelam_role

:MASTER

partner_lacp_role

:SLAVE

partner_sg_protocol_state:DOWN
partner_adver_int

:10

partner_detect_multiplier:5
partner_pwfault

:0

/*Check the smartgroup interface as follows:*/


PE2(config)#show ip int brief smartgroup1
Interface

IP-Address

Mask

Admin Phy

Prot

Smartgroup1

unassigned

unassigned

up

up

up

Check the CE configuration as follows:


CE(config)#show lacp 1 internal
Smartgroup:1
Flags:

* - Port is Active member Port


S - Port is requested in Slow LACPDUs
F - Port is requested in Fast LACPDUs
A - Port is in Active mode
P - Port is in Passive mode

Actor

Agg

LACPDUs

Port

Oper

Port

RX

Mux

2-54
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


Port[Flags]

State

Interval Pri

Key

State Machine

Machine

------------------------------------------------------------------------------gei-0/3/0/1[ A ]

INACTIVE

30

32768 0x4011 0x45

PORT_DISABLED DETACHED

gei-0/3/0/3[SA*]

ACTIVE

30

32768 0x4011 0x3d

CURRENT

COLL&DIST

2.7 CES Service Configuration


2.7.1 Overview of CES Services
Circuit Emulation Service (CES) is used to transmit synchronization circuit, such as E1/T1,
through asynchronous network. In initial period, the CES service is used for the emulation
E1/T1 on ATM. Now, it is expanded to IP/Ethernet.
Based on the advantage of technology cost, the IP/Ethernet will be the preferred
network in the further. The Ethernet circuit emulation technology can provide TDM
circuit emulation channel, such as E1 and T1, so as to realize the seamless connection
between the between Ethernet and the PDX network. Comparing with the current circuit
switching network, the circuit emulation function of the Ethernet can support the adaption
supported by the TDM network from all kinds of services to the Ethernet. The adaption
includes PSTN access, base station interconnection, and frame relay. At the same time,
the physical link of the Ethernet is used, so the cost is reduced and the resource of the
Ethernet is made the best use of.
The common encapsulation for the TDM circuit emulation includes the SAToP protocol and
the CESoPSN protocol.
l

The SAToP protocol is defined in RFC. It provides the emulation function for the PDH
circuit service with a lower rate, such as E1, T1, and T3. The SAToP protocol is used
to transfer unstructured or non-frame E1/T1/E3/T3 services.
The biggest difference between the CESoPSN protocol and the SAToP protocol is
as follows: The CESoPSN protocol provides structured TDM service transmission
function. That is to say, it can identify and transmit frame structure and TDM
intra-frame signaling.

2.7.2 Configuirng CES


This procedure describes how to configure CES.

Steps
1. Configure the CES service.
Step

Command

Function

ZXR10(config)#mpls l2vpn enable

Enables L2VPN.

ZXR10(config)#vpws <instance-name>

Creates VPWS services.

2-55
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Step

Command

Function

ZXR10(config-vpws)#access-point<interface-name

Binds cip interface to VPWS

>

services.

ZXR10(config-vpws-test-ac-cip1)#access-par

Defines the service type to TDM.

ams tdm

2. Configure CES attributes.


Step

Command

Function

ZXR10(config-vpws-test-ac-cip1-tdm)#distrib

Sets the packaging period for the

ution-period <2-64>

TDM emulation. The packaging


period varies with boards.

ZXR10(config-vpws-test-ac-cip1-tdm)#jitter-b

Sets the jitter delay for the TDM

uffer <1-400>

emulation.

ZXR10(config-vpws-test-ac-cip1-tdm)#idle-c

Sets the type for an idle code.

ode {7e | ff}

3. Verify the configurations.


Command

Function

ZXR10#show l2vpn brief

Displays a brief description of the L2VPN


instance configuration.

ZXR10#show l2vpn summary

Displays the number of L2VPN instances.

ZXR10#show l2vpn instance-name <instance-name>

Displays the details of an L2VPN instance.

ZXR10#show l2vpn forwardinfo

Shows the information of the L2VPN


forwarding table.
Shows the information of the L2VPN

ZXR10#show pwe3 signal

protocol.

End of Steps

2.7.3 CES Service Configuration Example


As shown inFigure 2-12 VPWS service is a point-to-point service. A virtual PW link
connects two PEs, and a AC link connects PE and CE. (In this example, PE device is
ZXR10 M6000-S, and CE device is ZSR). The E1 services between two CEs bear on the
pseudo wire that crosses the middle route device. The pseudo wire bears on one LDP
link on the router, or two layers of transparent transmission.

2-56
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Figure 2-12 Topology Structure of CES Services

Configuration Flow
1.
2.
3.
4.
5.
6.

Create the TDM tunnel on the AC side of router CE and router PE.
Create the L2VPN example on router PE1 and router PE2 seperately.
Configure the TDM pseudo wire.
Bind the CE1 interface to the VPWS service.
Configure the type and parameters for the TDM service.
Test the configuration results. Each status of CES is normal.

Configuration Steps
The ZSR configuration on router CE is omitted. The following only descries the ZXR10
M6000-S configuration on router PE.
PE1(config)#controller cpos3-0/2/3/5
PE1(config-ctrl-cpos3-0/2/3/5)# framing sdh

PE1(config-ctrl-cpos3-0/2/3/5-sdh)#aug mapping au4


PE1(config-ctrl-cpos3-0/2/3/5-sdh)#au4 1 tug3 1
PE1(config-ctrl-cpos3-0/2/3/5-sdh-tug3)#mode e1
PE1(config-ctrl-cpos3-0/2/3/5-sdh-tug3)#tug2 1 e1 1
PE1(config-ctrl-cpos3-0/2/3/5-sdh-tug3-e1)#unframe
PE1(config-ctrl-cpos3-0/2/3/5-sdh-tug3-e1)#!

PE1(config)#interface cpos3_e1-0/2/3/5.1/1/1:1
PE1(config-if-cpos3_e1-0/2/3/5.1/1/1:1)#no shutdown

PE1(config)#mpls l2vpn enable


PE1(config)#pw pw1
PE1(config)#vpws lqs1
PE1(config-vpws-lqs1)#pseudo-wire pw1
PE1(config-vpws-lqs1-pw-pw1)#neighbour 2.2.2.2 vcid 1
PE1(config-vpws-lqs1-pw-pw1-neighbour-2.2.2.2)#exit
PE1(config-vpws-lqs1-pw-pw1)#exit
PE1(config-vpws-lqs1)#access-point cpos3_e1-0/2/3/5.1/1/1:1
PE1(config-vpws-lqs1-ac-cpos3_e1-0/2/3/5.1/1/1:1)#access-params tdm
PE1(config-vpws-lqs1-ac-cpos3_e1-0/2/3/5.1/1/1:1-tdm)#distribute-period 20

2-57
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE1(config-vpws-lqs1-ac-cpos3_e1-0/2/3/5.1/1/1:1-tdm)#jitter-buffer 20
PE1(config-vpws-lqs1-ac-cpos3_e1-0/2/3/5.1/1/1:1-tdm)#idle-code 0x7e
PE1(config-vpws-lqs1-ac-cpos3_e1-0/2/3/5.1/1/1:1-tdm)#end

For the L2VPN instance configuration, refer to section "VPWS configuration instances in
ZXR10 M6000-SConfiguration Guide (VPN).
The configuration on PE2 is just similar to that on PE1.

Configuration Verification
The verification results on router PE1 are as follows:
PE1#show l2vpn instance-name lqs1
Name:lqs1
Type:VPWS

Default-VCID:-

PW count:1

AC count:1

Kompella PW count:0
Activation Status:ENABLE
Default Cword:DISABLE
Headers: M - mode
Description:

Pseudo Wire(PW):
Codes

: H - HUB mode, S - SPOKE mode, $pw - auto_pw

NexthopIP PWIdentification SignalType PWType


2.2.2.2

VCid:1 FEC128 SAToP_E1

PwName

pw1

Attachment Circuit(AC):
InterfaceName

Client/Server

cpos3_e1-0/2/3/5.1/1/1:1

PE1#show l2vpn forwardinfo vpnname lqs1


Headers: PWType - Pseudo Wire type and Pseudo Wire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - Owner type and instance name
Codes

: H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW, MO - MONITOR


$pw - auto_pw

PWName
pw1

PeerIP

2.2.2.2

FEC PWType
128 SAToP_E1

State Llabel
UP

81922

Rlabel

81929

VPNowner
W:lqs1

PE1#show pwe3 signal


The signal information of FEC 128/129 PWs in brief:

Headers: Neighbourhood - neighbour's IP address, LDP state and related PW name;


Service - PW encapsulation mode and service instance's type and index;

2-58
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


AIIs - target AII and source AII (FEC129 only);
Descriptions - remote description and local description (FEC128 only);
Labels - local label (in label) and remote label (out label)
Codes

: L - Local configured; M - Mapping received; N - Negotiated;


S - mapping Sent; A - AC ready (VPWS) or service Attached (VPLS/MSPW);
C - Control word used;
Up

- PW signal procedures succeeded and both VC-LSPs formed;

Down

- PW not UP;

Vague - session state is not UP;


Ready - session state is UP;

Marks

GR1

- session state is not UP and PW's remote label is staling;

GR2

- session state is UP but PW's remote label is staling as before

: ?unknown;.placeholder;^decimal vcid;$auto_;*ellipsis;NULL-empty string

------------------------------------------------------------------------------Neighbourhood

AGI/VC-ID

Service

AIIs/Descriptions

Labels

Status

--------------- ---------- ---------- -------------------------- ------- -----2.2.2.2


Ready

pw1

1
^^^^^^^^^^

SAToP_E1

cpos3_e1-0/1/1/1.1/1/1:1

83929

up

VPWS:3

cpos3_e1-0/2/3/5.1/1/1:1

81922

LMNSAC

The verification results on PE2 is just similar to that on PE1.

2.8 L2VPN and L3VPN Bridge Function Configuration


2.8.1 L2VPN and L3VPN Bridge Overview
When L2 VPN service needs to cross L3 VPN network, L2 VPN service needs to be end
in the middle PE device and transform L2 VPN service to L3 VPN access. In the same
way, When L3 VPN service needs to cross L2 VPN network, L3 VPN service needs to be
end in the middle PE device and transform L3 VPN service to L2 VPN access. This is the
L2 VPN and L3 VPN bridge.
The principle of L2 VPN and L3 VPN bridge function is as follows: complete the
transformation between L2 VPN message and L3 VPN message by configuring the L2
VPN and L3 VPN bridge interface.
An L2 VPN message or an L3 VPN message are encapsulated to the corresponding
L3 VPN message or L2 VPN message after it is transformed in uplink through bridge
router. In downlink they are transformed as ordinary L3 or L2 message. Finally, message
transmission is implemented from L2 VPN network to L3 VPN network and from L3 VPN
network to L2 VPN network.

2.8.2 Configuring L2 VPN and L3 VPN Bridge Function


This procedure describes how to configure the L2VPN and L3VPN bridge function.
2-59
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

There are two types of interfaces used for L2VPN and L3VPN bridge function, ulei interface
and bvi interface. For a loopback service, configure the ulei interface. For a non-loopback
service, configure the bvi interface.

Context
L2 VPN and L3 VPN bridge configuration on ZXR10 M6000-S includes the following steps.
1. Configure L2 VPN and L3 VPN on PEs. For details, please refer to VPLS configuration
and MPLS VPN configuration.
2. Create an L2 VPN or an L3 VPN bridge interface, that is, ulei interface.
3. Add an L2 VPN or an L3 VPN bridge interface to the L2 VPN and L3 VPN instance.

Steps
l

For a loopback service, configure the ulei interface.


1. Create the interface for the L2 and L3 bridge function, that is the ulei interface.
Command

Function

ZXR10(config)#request interface ulei<ulei-number>

Creates the interface for the L2


and L3 bridge function,.

2. Configure the bridge service.


Step

Command

Function

ZXR10(config)#service-bridging virtual-links

Enters bridge configuration


mode.

ZXR10(config-bridge)#virtual-link

Uses the interface for the

<interface-name> <interface-name>

bridge function.

3. Add the L3 bridge interface to an L3VPN instance.


Step

Command

Function

ZXR10(config)#interface ulei <ulei-number>

Enter L3 bridge interface


configuration mode.

ZXR10(config-if-ulei-number)#ip vrf forwarding

Adds the L3 bridge interface

<vrf-name>

to the L3VPN instance.

4. Add the L2 bridge interface to the L2VPN instance.


Step

Command

Function

ZXR10(config)#vpls <instance-name>

Configures a VPLS

[multi-mac-spaces]

instance.

2-60
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Step

Command

Function

ZXR10(config-vpls-vpls-name)#access-point ulei

Configures the binding

<ulei-number>

relation between the


interface and the service,
and sets the interface to an
AC interface.

ZXR10(config-vpls-vpls-name-ac-ulei-

Configures the Ethernet

number)#access-params ethernet

simulation parameters of
the AC interface.

5. Verify the configuration.


Command

Function

ZXR10(config)#show arp interface < ulei-number>

Checks whether layer-3 ulei


interface has obtained the ARP.

For a non-loopback service, configure the bvi interface.


1. Create the interface for the L2 and L3 bridge function, that is the bvi interface.
Command

Function

ZXR10(config)#interface bvi<bvi-number>

Creates the interface for the L2


and L3 bridge function.

2. Configure the bridge service.


Step

Command

Function

ZXR10(config)#service-bridging virtual-links

Enters bridge configuration


mode.

ZXR10(config-bridge)#virtual-link

Uses the interface for the

<interface-name> <interface-name>

bridge function.

3. Add the L3 bridge interface to an L3VPN instance.


Step

Command

Function

ZXR10(config)#interface bvi <bvi-number>

Enter L3 bridge interface


configuration mode.

ZXR10(config-if-bvi-number)#ip vrf forwarding

Adds the L3 bridge interface

<vrf-name>

to the L3VPN instance.

4. Add the L2 bridge interface to the L2VPN instance.

2-61
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Step

Command

Function

ZXR10(config)#vpls <instance-name>

Configures a VPLS

[multi-mac-spaces]

instance.

ZXR10(config-vpls-vpls-name)#access-point bvi

Configures the binding

<bvi-number>

relation between the

interface and the service,


and sets the interface to an
AC interface.
3

ZXR10(config-vpls-vpls-name-ac-bvi-

Configures the Ethernet

number)#access-params ethernet

simulation parameters of
the AC interface.

5. Verify the configuration.


Command

Function

ZXR10(config)#show arp interface < bvi-number>

Checks whether layer-3 vbi


interface has obtain the ARP.

End of Steps

2.8.3 L2VPN and L3VPN Bridge Configuration Instance


Configuration Description
L2 VPN and L3 VPN bridge function implements L2 VPN access public network or L3 VPN
service by configuring L2 and L3 bridge interfaces, which reduces devices requirement of
traditional access mode and simplifies network structure. The typical L2 VPN and L3 VPN
bridge network is shown inFigure 2-13.
Figure 2-13 L2 VPN and L3 VPN Bridge Configuration Instance

2-62
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Configuration Flow
1. Configure IGP route between PE1 and PE2, PE2 and PE3 to make them
interconnected.
2. Establish LDP neighbor relationship between loopback interfaces of PE1 and PE2,
and between loopback interfaces of PE2 and PE3.
3. Create a VPLS instance zte1 between PE1 and PE2, meanwhile CE1 is taken as an
AC accessing PE1.
4. Configure L3 VPN on PE2 and PE3. The Virtual Route Forwarding (VRF) instance
name is zte2.
5. Establish and configure L2 and L3 bridge interfaces on PE2: access vrf zte2, access
VPLS instance zte1, configure IP address.

Configuration Command
The configuration of PE1:
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 1.1.1.1 255.255.255.255
PE1(config-if-loopback1)#no shutdown
PE1(config-if-loopback1)#exit
PE1(config)#interface gei-0/1/0/1
PE1(config-if-gei-0/1/0/1)#ip address 104.110.111.1 255.255.255.0
PE1(config-if-gei-0/1/0/1)#no shutdown
PE1(config-if-gei-0/1/0/1)#exit

PE1(config)#router ospf 1
PE1(config-ospf-1)#router-id 1.1.1.1
PE1(config-ospf-1)#network 1.1.1.1 0.0.0.0 area 0.0.0.0
PE1(config-ospf-1)#network 104.110.111.0 0.0.0.255 area 0.0.0.0
PE1(config-ospf-1)#exit

PE1(config)#mpls ldp instance 1


PE1(config-ldp-1)#router-id loopback1
PE1(config-ldp-1)#interface gei-0/1/0/1
PE1(config-ldp-1-if-gei-0/1/0/1)#exit
PE1(config-ldp-1)#exit

PE1(config)#mpls l2vpn enable


PE1(config)#pw pw1
PE1(config)#vpls zte1
PE1(config-vpls-zte1)#pseudo-wire pw1
PE1(config-vpls-zte1-pw-pw1)#neighbour 1.1.1.2 vcid 100
PE1(config-vpls-zte1-pw-pw1-neighbour-1.1.1.2)#exit
PE1(config-vpls-zte1-pw-pw1)#exit
PE1(config-vpls-zte1)#access-point gei-0/1/0/2
PE1(config-vpls-zte1-ac-gei-0/1/0/2)#access-params ethernet

2-63
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE1(config-vpls-zte1-ac-gei-0/1/0/2-eth)#end

The configuration of PE2:


PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 1.1.1.2 255.255.255.255
PE2(config-if-loopback1)#no shutdown
PE2(config-if-loopback1)#exit
PE2(config)#interface gei-0/1/0/1
PE2(config-if-gei-0/1/0/1)#ip address 104.110.111.2 255.255.255.0
PE2(config-if-gei-0/1/0/1)#no shutdown
PE2(config-if-gei-0/1/0/1)#exit
PE2(config)#interface gei-0/1/0/2
PE2(config-if-gei-0/1/0/2)#ip address 104.130.131.2 255.255.255.0
PE2(config-if-gei-0/1/0/2)#no shutdown
PE2(config-if-gei-0/1/0/2)#exit

PE2(config)#router ospf 1
PE2(config-ospf-1)#router-id 1.1.1.2
PE2(config-ospf-1)#network 1.1.1.2 0.0.0.0 area 0.0.0.0
PE2(config-ospf-1)#network 104.110.111.0 0.0.0.255 area 0.0.0.0
PE2(config-ospf-1)#network 104.130.131.0 0.0.0.255 area 0.0.0.0
PE2(config-ospf-1)#exit

PE2(config)#mpls ldp instance 1


PE2(config-ldp-1)#router-id loopback1
PE2(config-ldp-1)#interface gei-0/1/0/1
PE2(config-ldp-1-if-gei-0/1/0/1)#exit
PE2(config-ldp-1)#interface gei-0/1/0/2
PE2(config-ldp-1-if-gei-0/1/0/2)#exit
PE2(config-ldp-1)#exit

PE2(config)#mpls l2vpn enable


PE2(config)#pw pw1
PE2(config)#vpls zte1
PE2(config-vpls-zte1)#pseudo-wire pw1
PE2(config-vpls-zte1-pw-pw1)#neighbour 1.1.1.1 vcid 100
PE2(config-vpls-zte1-pw-pw1-neighbour-1.1.1.1)#exit
PE2(config-vpls-zte1-pw-pw1)#exit
PE2(config-vpls-zte1)#exit

PE2(config)#ip vrf zte2


PE2(config-vrf-zte2)#rd 100:100
PE2(config-vrf-zte2)#route-target 100:100
PE2(config-vrf-zte2)#address-family ipv4
PE2(config-vrf-zte2-af-ipv4)#exit

2-64
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


PE2(config-vrf-zte2)#exit

The L2 and L3 bridge configuration is done on the PE2 router.


l

If the loopback service (ulei interface) is used, the configuration is as follows:


PE2(config)#request interface ulei-0/1/0/1
PE2(config)#request interface ulei-0/1/0/2
PE2(config)#service-bridging virtual-links
PE2(config-bridge)#virtual-link ulei-0/1/0/1 ulei-0/1/0/2
PE2(config-bridge)#exit
PE2(config)#interface ulei-0/1/0/1
PE2(config-if-ulei-0/1/0/1)#no shutdown
PE2(config-if-ulei-0/1/0/1)#exit
PE2(config)#interface ulei-0/1/0/2
PE2(config-if-ulei-0/1/0/2)#no shutdown
PE2(config-if-ulei-0/1/0/2)#ip vrf forwarding zte2
PE2(config-if-ulei-0/1/0/2)#exit

PE2(config)#vpls zte1
PE2(config-vpls-zte1)#access-point ulei-0/1/0/1
PE2(config-vpls-zte1-ac-ulei-0/1/0/1)#access-params ethernet
PE2(config-vpls-zte1-ac-ulei-0/1/0/1-eth)#exit
PE2(config-vpls-zte1-ac-ulei-0/1/0/1)#exit
PE2(config-vpls-zte1)#exit
PE2(config)#interface ulei-0/1/0/2
PE2(config-if-ulei-0/1/0/2)#ip address 10.10.10.1 255.255.255.0
PE2(config-if-ulei-0/1/0/2)#exit

PE2(config)#router bgp 100


PE2(config-bgp)#neighbor 1.1.1.3 remote-as 100
PE2(config-bgp)#neighbor 1.1.1.3 update-source loopback1
PE2(config-bgp)#address-family ipv4 vrf zte2
PE2(config-bgp-af-ipv4-vrf)#redistribute connected
PE2(config-bgp-af-ipv4-vrf)#exit
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 1.1.1.3 activate
PE2(config-bgp-af-vpnv4)#exit

If the non-loopback service (bvi interface) is used, the configuration is as follows:


PE2(config)#interface bvi1
PE2(config-if-bvi1)#exit
PE2(config)#interface bvi2
PE2(config-if-bvi2)#exit
PE2(config)#service-bridging virtual-links
PE2(config-bridge)#virtual-link bvi1 bvi2
PE2(config-bridge)#exit
PE2(config)#interface bvi2

2-65
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE2(config-if-bvi2)#ip vrf forwarding zte2
PE2(config-if-bvi2)#exit

PE2(config)#vpls zte1
PE2(config-vpls-zte1)#access-point bvi1
PE2(config-vpls-zte1-ac-bvi1)#access-params ethernet
PE2(config-vpls-zte1-ac-bvi1-eth)#exit
PE2(config-vpls-zte1-ac-bvi1)#exit
PE2(config-vpls-zte1)#exit
PE2(config)#interface bvi2
PE2(config-if-bvi2)#ip address 10.10.10.1 255.255.255.0
PE2(config-if-bvi2)#exit

PE2(config)#router bgp 100


PE2(config-bgp)#neighbor 1.1.1.3 remote-as 100
PE2(config-bgp)#neighbor 1.1.1.3 update-source loopback1
PE2(config-bgp)#address-family ipv4 vrf zte2
PE2(config-bgp-af-ipv4-vrf)#redistribute connected
PE2(config-bgp-af-ipv4-vrf)#exit
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 1.1.1.3 activate
PE2(config-bgp-af-vpnv4)#exit

The configuration of PE3:


PE3(config)#interface loopback1
PE3(config-if-loopback1)#ip address 1.1.1.3 255.255.255.255
PE3(config-if-loopback1)#exit
PE3(config)#interface gei-0/1/0/2
PE3(config-if-gei-0/1/0/2)#ip address 104.130.131.3

255.255.255.0

PE3(config-if-gei-0/1/0/2)#exit

PE3(config)#router ospf 1
PE3(config-ospf-1)#router-id 1.1.1.3
PE3(config-ospf-1)#network 1.1.1.3 0.0.0.0 area 0.0.0.0
PE3(config-ospf-1)#network 104.130.131.0 0.0.0.255 area 0.0.0.0
PE3(config-ospf-1)#exit

PE3(config)#mpls ldp instance 1


PE3(config-ldp-1)#router-id loopback1
PE3(config-ldp-1)#interface gei-0/1/0/2
PE3(config-ldp-1-if-gei-0/1/0/2)#exit
PE3(config-ldp-1)#exit

PE3(config)#ip vrf zte2

2-66
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


PE3(config-vrf-zte2)#rd 100:100
PE3(config-vrf-zte2)#route-target 100:100
PE3(config-vrf-zte2)#address-family ipv4
PE3(config-vrf-zte2-af-ipv4)#exit
PE3(config-vrf-zte2)#exit

PE3(config)#interface gei-0/1/0/1
PE3(config-if-gei-0/1/0/1)#ip vrf forwarding zte2
PE3(config-if-gei-0/1/0/1)#ip address 20.20.20.1 255.255.255.0
PE3(config-if-gei-0/1/0/1)#exit

PE3(config)#router bgp 100


PE3(config-bgp)#neighbor 1.1.1.2 remote-as 100
PE3(config-bgp)#neighbor 1.1.1.2 update-source loopback1
PE3(config-bgp)#address-family ipv4 vrf zte2
PE3(config-bgp-af-ipv4-vrf)#redistribute connected
PE3(config-bgp-af-ipv4-vrf)#exit
PE3(config-bgp)#address-family vpnv4
PE3(config-bgp-af-vpnv4)#neighbor 1.1.1.2 activate
PE3(config-bgp-af-vpnv4)#exit

Configuration Verification
If the loopback service (ulei interface) is configured, check the configuration result on PE2.
ZXR10(config)#show running-config-interface ulei-0/1/0/2
!<if-intf>
request interface ulei-0/1/0/2
interface ulei-0/1/0/2
ip vrf forwarding zte2
ip address 10.10.10.1 255.255.255.0
!
$
!</if-intf>
!<bridge>
service-bridging virtual-links
virtual-link ulei-0/1/0/1 ulei-0/1/0/2
$
!</bridge>

ZXR10(config)#show running-config-interface ulei-0/1/0/1


!<if-intf>
request interface ulei-0/1/0/1
!</if-intf>
!<if-intf>
interface ulei-0/1/0/1

2-67
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


no shutdown
!
$
!</if-intf>
!<bridge>
service-bridging virtual-links
virtual-link ulei-0/1/0/1 ulei-0/1/0/2
$
!</bridge>
!<l2vpn>
mpls l2vpn enable
vpls zte1
access-point ulei-0/1/0/1
access-params ethernet
$
$
$
!</l2vpn>

ZXR10(config)#show arp interface ulei-0/1/0/2

Arp protect interface is disabled


The count is 2
Address

Age

Hardware

Address Interface

Exter
VlanID

Inter

Sub

VlanID

Interface

---------------------------------------------------------------------------10.10.10.1 -

1010.1111.1135

ulei-0/1/0/1

N/A

N/A

10.10.10.2 01:31:09 00e0.e1d0.5533

ulei-0/1/0/1

N/A

N/A

If the non-loopback service (bvi interface) is configured, check the configuration result on
PE2.
ZXR10(config)#show running-config-interface bvi1
!<if-intf>
interface bvi1
$
!</if-intf>
!<bridge>
service-bridging virtual-links
virtual-link bvi1 bvi2
$
!</bridge>

ZXR10(config)#show running-config-interface bvi2


!<if-intf>

2-68
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


interface bvi2
ip vrf forwarding zte2
ip address 10.10.10.1 255.255.255.0
$
!</if-intf>
!<pss-L2VPN>
mpls l2vpn enable
vpls zte1
access-point bvi1
access-params ethernet
$
$
$
!</pss-L2VPN>
ZXR10(config)#show arp interface bvi2
Arp protect interface is disabled
The count is 2
IP
Address

Hardware
Age

Address

Exter

Inter

Sub

Interface VlanID VlanID Interface

-------------------------------------------------------------------------------10.10.10.1 -

1010.1111.1135 bvi2

N/A

N/A

10.10.10.2 01:31:09 00e0.e1d0.5533 bvi2

N/A

N/A

2.9 L2VPN FRR Configuration


2.9.1 L2VPN FRR Overview
L2VPN FRR Introduction
Today, with the rapid development of networks, carriers attach great importance to the
speed of service convergence in case of network failures. It has gradually become the
threshold level index of a bearer network that a service failover between neighbouring
nodes takes less than 50 ms and end-to-end service convergence takes less than one
second when any node in the network fails.
Currently, the MPLS TE Fast Reroute (FRR) or IGP route convergence technology
cannot solve the problem of quick end-to-end service convergence in case of PE failures
in a dual-homed CE network. VPN FRR is committed to solve the end-to-end service
convergence problem in a CE dual-homed network, the most common network model.
By using VPN FRR, the end-to-end service convergence in case of PE failures can be
minimized to less than 1 second.
VPN FRR establishes an active link and a standby link. When the active link fails, VPN
traffic can be quickly switched over to the standby link, so that the reliability of VPN
communications can be guaranteed. Layer-2 VPN FRR is mainly used for spoke-pw
2-69
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

protection between PEs on the user side and network side. Through PW-BFD or vccv
detection, quick switchover of layer-2 VPN FRR can be implemented. In addition, MAC
update of VPLS throughout the network can be realized by the mac-withdraw signaling.

L2VPN FRR Work Flow


The application scenarios and work flowof L2VPN FRR are as shown in Figure 2-14.
Figure 2-14 L2VPN FRR Work Flow

1. Active and standby PWs are established respectively between UPE1 and NPE1 and
between UPE1 and NPE2, so that the active PW forwarding path of VPLS can be
protected.
2. After the active and standby PWs are established, the active/standby FRR table is
created for MAC forwarding. In addition, the standby PW is forbidden to learn MAC.
3. The active PW uses PW-BFD for detection. When detecting a BFD failure of the active
PW,
l The driver switches the FRR table of the active PW to realize rapid switching of
MAC forwarding.
l The driver notifies the related protocol of the active PW's failure. Then the protocol
performs mac-withdraw of VC, updates MAC throughout the network.
l Removes the restriction of MAC learning from the standby PW, so that the standby
PW can learn MAC again and the switchover between active and standby PWs
can be completed.
Here, it should be noticed that the establishment of PW-BFD is triggered by PW, and the
driver associates the FRR table with BFD detection.

2.9.2 Configuring L2 VPN FRR


This procedure describes how to configure L2VPN FRR by using VPLS as an example.

2-70
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Steps
1. Enable L2VPN.
Command

Function

ZXR10(config)#mpls l2vpn enable

Enables L2VPN.

2. Create an active PW and a standby PW.


Command

Function

ZXR10(config)#pw pw<1-115968>

Creates a PW and configures


the PW interface name (range:
1115968).

3. Create a VPLS instance and enter VPLS configuration mode.


Command

Function

ZXR10(config)#vpls <name>[multi-mac-spaces]

Creates a VPLS instance and


enters VPLS configuration mode.

4. Bind the VPLS instance to the active PW, set the operating mode to spoke, enter spoke
PW configuration mode, and configure the neighbor of the active PW.
Step

Command

Function

ZXR10(config-vpls-vpls-name)#pseudo-wire

Binds the VPLS instance to

pw<number> spoke

the active PW and sets the


operating mode to spoke.

ZXR10(config-vpls-name-spoke-pw-pw-number)#neig

Configure the neighbor of the

hbour <A.B.C.D>[vcid <VC-ID>]

active PW.

<A.B.C.D>: remote LSRID.


5. In VPLS spoke PW configuration mode, configure a PW redundancy management
group and configure the PW protection type.
Step

Command

Function

ZXR10(config-vpls-name-spoke-pw-pw-number)#r

Binds the PW redundancy

edundancy-manager

management group and


enters PW redundancy
management configuration
mode.

ZXR10(config-vpls-name-spoke-pw-pw-number-

Configures the PW protection

rm)#protect-type {1+1 | 1:1}{bidirectional |

type.

unidirectional}[receiving {selective | both}] protect-strategy


{aps}
2-71
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Step

Command

Function

ZXR10(config-vpls-name-spoke-pw-pw-number-

configures PW redundancy

rm)#pfs-bits negotiate {independent|master|slave}

negotiation. This configuration


supported in both the VPWL
and VPLS services.

1+1 | 1:1: Sets the PW protection type.


bidirectional | unidirectional: Sets the APS negotiation type (bidirectional:
bidirectional negotiation, unidirectional: unidirectional type).
selective | both: Sets whether to use selective receipt or double receipt for APS.
{independent|master|slave}: Sets the PW redundancy negotiation mode.
The
independent parameter indicates independent negotiation. The master parameter
indicates master/slave negotiation, and the local end is the master. The slave
parameter indicates master/slave negotiation, and the local end is the slave.
6. Configure the standby PW and its neighbor.
Step

Command

Function

ZXR10(config-vpws-vpws-name)#backup-pw

Creates a standby PW

<pw-name> protect <pw-name>

instance.

ZXR10(config-vpws-vpws-name-protect-pw-

Configures the standby PW

number)#neighbour <A.B.C.D>[vcid <1-4294967295>]

instance.

<A.B.C.D>: remote LSRID.


7. Configure APS.
Step

Command

Function

ZXR10(config)#aps

Enters APS configuration


mode.

Configures a linear APS

ZXR10(config-aps)#linear-protect

instance.
3

ZXR10(config-aps-linear-protect)#pw-protector

Creates an APS PW protector

pw<1-115968>

and enters APS PW mode.

ZXR10(config-aps-linear-protect-pwprotector-

Sets the type of linear

pw-number)#revertive-mode revertive wtr 0

protection.

8. Configure mac-withdraw for the VPLS instance.

2-72
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Command

Function

ZXR10(config-vpls-vpls-name)#mac-withdraw

Configures mac-withdraw. When


the PW is down, mac-withdraw
messages will be sent.

9. Verify the configurations.


The maintenance of L2 VPN FRR is similar with that of VPLS and VPWS. For details,
refer to sections "Configuring VPLS" and "Configuring VPWS".
End of Steps

2.9.3 L2VPN FRR Configuration Instance


2.9.3.1 VPLS FRR Configuration Instance
Configuration Description
The main function of VPLS FRR is to ensure that L2 VPN traffic can be handed over to
the standby link by establishing an active PW and a standby PW when the active link has
a fault. This ensures the reliability of L2 VPN communication. It is mainly applied to the
Spoke-PW protection between the UPEs at the user side and the NPEs at the network
side. The detection of PW ensures the fast handover of L2 VPN FRR. Meanwhile, the
MAC withdraw signalling completes the update of VPLS MACs on the entire network. A
typical VPLS FRR network topology is shown in Figure 2-15.
Figure 2-15 VPLS FRR Configuration Instance

Configuration Flow
1. Configure IGP routes on UPE1, NPE2, NPE3 and NPE4 to make them ping each other
successfully. The router-ids are listed as follows:
2-73
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Device

Router-ID

UPE1

1.1.1.1

NPE2

2.2.2.2

NPE3

3.3.3.3

NPE4

4.4.4.4

2. Establish LDP neighbour relationship between the four devices (UPE1, NPE2, NPE3
and NPE4).
3. Create a VPLS instance named zte among NPE2, NPE3 and NPE4. The VCID is 100,
and the PW type is ethernet-vlan. The access mode among them is hub. Meanwhile,
CE2 connects to NPE4 as an AC.
4. Associate the VPLS FRR function. Enter VPLS instance configuration mode on
UPE1 to configure the information related to the VPLS instance zte, and configure
the addresses of the active PW and the standby PW. The link between UPE1 and
NPE2 is the active PW. The link between UPE1 and NPE3 is the standby PW. CE1
connects to UPE1 as an AC.

Configuration Command
The IGP and LDP configuration on each router are omitted.
The VPLS FRR configuration on UPE1 is as follows:
UPE1(config)#mpls l2vpn enable
UPE1(config)#pw pw1
UPE1(config)#pw pw2
UPE1(config)#vpls zte
UPE1(config-vpls-zte)#pseudo-wire pw1 spoke
UPE1(config-vpls-zte-spoke-pw-pw1)#neighbour 2.2.2.2 vcid 100
UPE1(config-vpls-zte-spoke-pw-pw1-neighbour-2.2.2.2)#exit
UPE1(config-vpls-zte-spoke-pw-pw1)#redundancy-manager
UPE1(config-vpls-zte-spoke-pw-pw1-rm)#protect-type 1:1 unidirectional
protect-strategy aps
UPE1(config-vpls-zte-spoke-pw-pw1-rm)#exit
UPE1(config-vpls-zte-spoke-pw-pw1)#exit

UPE1(config-vpls-zte)#backup-pw pw2 protect pw1


UPE1(config-vpls-zte-protect-pw2)#neighbour 3.3.3.3 vcid 100
UPE1(config-vpls-zte-protect-pw2-neighbour-3.3.3.3)#control-word preferred
UPE1(config-vpls-zte-protect-pw2-neighbour-3.3.3.3)#signal dynamic
UPE1(config-vpls-zte-protect-pw2-neighbour-3.3.3.3)#exit
UPE1(config-vpls-zte-protect-pw2)#exit
UPE1(config-vpls-zte)#mac-withdraw
UPE1(config-vpls-zte)#access-point gei-0/3/0/9
UPE1(config-vpls-zte-ac-gei-0/3/0/9)#access-params ethernet

2-74
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


UPE1(config-vpls-zte)#exit

The VPLS FRR configuration on NPE2 is as follows:


NPE2(config)#mpls l2vpn enable
NPE2(config)#pw pw1
NPE2(config)#vpls zte
NPE2(config-vpls-zte)#pseudo-wire pw1 spoke
NPE2(config-vpls-zte-spoke-pw-pw1)#neighbour 1.1.1.1 vcid 100
NPE2(config-vpls-zte-spoke-pw-pw1-neighbour-1.1.1.1)#exit
NPE2(config-vpls-zte-spoke-pw-pw1)#exit
NPE2(config-vpls-zte)#exit

The VPLS FRR configuration on NPE3 is as follows:


NPE3(config)#mpls l2vpn enable
NPE3(config)#pw pw1
NPE3(config)#vpls zte
NPE3(config-vpls-zte)#pseudo-wire pw1 spoke
NPE3(config-vpls-zte-spoke-pw-pw1)#neighbour 1.1.1.1 vcid 100
NPE3(config-vpls-zte-spoke-pw-pw1-neighbour-1.1.1.1)#exit
NPE3(config-vpls-zte-spoke-pw-pw1)#exit
NPE3(config-vpls-zte)#exit

Configuration Verification
Check the result of the configuration on UPE1, as shown in the following:
UPE1#show running-config l2vpn
!<pss-l2vpn>
mpls l2vpn enable
vpls zte
access-point gei-0/3/0/9
access-params ethernet
$
$
pseudo-wire pw1 spoke
neighbour 2.2.2.2 vcid 100
control-word preferred
$
redundancy-manager
protect-type 1:1 unidirectional protect-strategy aps
$
$
backup-pw pw2 protect pw1
neighbour 3.3.3.3 vcid 100
control-word preferred
$
$

2-75
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


$
!</pss-l2vpn>

Check the PW information on UPE1, as shown in the following:


UPE1#show l2vpn forwardinfo vpnname zte
Headers: PWType - Pseudo Wire type and Pseudo Wire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - Owner type and instance name
Codes

: H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW, MO - MONITOR


$pw - auto_pw

PWName

PeerIP

FEC

PWType

State

Llabel

Rlabel

VPNowner

Pw1

2.2.2.2

128

Ethernet

S UP

81921

81921

L:zte

Pw2

3.3.3.3

128

Ethernet

S UP

81921

81921

L:zte

2.9.3.2 VPWS FRR Configuration Instance


Configuration Description
The main function of VPWS FRR is to ensure that L2 VPN traffic can be handed over to
the standby link by establishing an active PW and a standby PW when the active link has
a fault. This ensures the reliability of L2 VPN communication. It is mainly applied to the
PW protection between PEs. The PW detection ensures the fast L2 VPN FRR handover.
A typical VPWS FRR network topology is shown in Figure 2-16.
Figure 2-16 VPWS FRR Configuration Instance

Configuration Flow
1. Configure IGP routes on PE1, PE2, and PE3 so that the devices can ping each other
successfully. The router-ids are listed as follows:
2-76
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Device

Route-ID

PE1

1.1.1.1

PE2

2.2.2.2

PE3

3.3.3.3

2. Establish LDP neighbor relationship for PE1, PE2 and PE3.


3. Configure the VPWS instance named zte between PE1 and PE2, and between PE1
and PE3. CE2 is connected to PE2 as an AC, and CE3 is connected to PE3 as an AC.
4. Associate the VPWS FRR function. On PE1, enter VPWS instance configuration
mode, configure information about the VPWS instance named zte, and the addresses
of the active and standby PWs. The link between PE1 and PE2 is the active PW, and
the link between PE1 and PE3 is the standby PW. CE1 is connected to PE1 as an AC.

Configuration Command
The IGP and LDP configuration on each device is omitted.
The VPWS FRR configuration on PE1 is as follows:
PE1(config)#mpls l2vpn enable
PE1(config)#pw pw1
PE1(config)#pw pw2
PE1(config)#vpws zte
PE1(config-vpws-zte)#pseudo-wire pw1
PE1(config-vpws-zte-pw-pw1)#neighbour 2.2.2.2 vcid 100
PE1(config-vpws-zte-pw-pw1-neighbour)#track 1
PE1(config-vpws-zte-pw-pw1-neighbour)#exit
PE1(config-vpws-zte-pw-pw1)#redundancy-manager
PE1(config-vpws-zte-pw-pw1-rm)#pfs-bits negotiate independent
PE1(config-vpws-zte-pw-pw1-rm)#protect-type 1:1 unidirectional protect-strategy aps
PE1(config-vpws-zte-pw-pw1-rm)#exit
PE1(config-vpws-zte-pw-pw1)#exit
PE1(config-vpws-zte)#backup-pw pw2 protect pw1
PE1(config-vpws-zte-protect-pw2)#neighbour 3.3.3.3 vcid 100
PE1(config-vpws-zte-protect-pw2-neighbour)#control-word preferred
PE1(config-vpws-zte-protect-pw2-neighbour)#signal dynamic
PE1(config-vpws-zte-protect-pw2-neighbour)#exit
PE1(config-vpws-zte-protect-pw2)#exit
PE1(config-vpws-zte)#access-point smartgroup1
PE1(config-vpws-zte-ac-smartgroup1)#access-params ethernet
PE1(config-vpws-zte-ac-smartgroup1-eth)#exit
PE1(config-vpws-zte-ac-smartgroup1)#exit
PE1(config-vpws-zte)#exit

The VPWS FRR configuration on PE2 is as follows:


2-77
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE2(config)#mpls l2vpn enable
PE2(config)#pw pw1
PE2(config)#vpws zte
PE2(config-vpws-zte)#pseudo-wire pw1
PE2(config-vpws-zte-spoke-pw-pw1)#neighbour 1.1.1.1 vcid 100
PE2(config-vpws-zte-pw-pw1-neighbour)#exit
PE2(config-vpws-zte-spoke-pw-pw1)#exit
PE2(config-vpws-zte)#exit

The VPWS FRR configuration on PE3 is as follows:


PE3(config)#mpls l2vpn enable
PE3(config)#pw pw1
PE3(config)#vpws zte
PE3(config-vpws-zte)#pseudo-wire pw1
PE3(config-vpws-zte-pw-pw1)#neighbour 1.1.1.1 vcid 100
PE3(config-vpws-zte-pw-pw1-neighbour)#control-word preferred
PE3(config-vpws-zte-pw-pw1-neighbour)#signal dynamic
PE3(config-vpws-zte-pw-pw1-neighbour)#exit
PE3(config-vpws-zte-pw-pw1)#exit
PE3(config-vpws-zte)#access-point smartgroup1
PE3(config-vpws-zte-ac-smartgroup1)#access-params ethernet
PE3(config-vpws-zte-ac-smartgroup1-eth)#exit
PE3(config-vpws-zte-ac-smartgroup1)#exit
PE3(config-vpws-zte)#exit

Configuration Verification
Check the configuration result on PE1.
PE1#show running-config l2vpn
!<l2vpn>
mpls l2vpn enable
vpws zte
access-point smartgroup1
access-params ethernet
$
$
pseudo-wire pw1
neighbour 2.2.2.2 vcid 100
track 1
$
redundancy-manager
pfs-bits negotiate independent
protect-type 1:1 unidirectional protect-strategy aps

2-78
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


$
$
backup-pw pw2 protect pw1
neighbour 3.3.3.3 vcid 100
control-word preferred
$
$
$
!</l2vpn>

Check PW establishment on PE1.


PE1#show l2vpn forwardinfo vpnname zte
Headers: PWType - Pseudo Wire type and Pseudo Wire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - Owner type and instance name
Codes

: H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW, MO - MONITOR


$pw - auto_pw

PWName

PeerIP

FEC PWType

State Llabel

Rlabel

VPNowner

pw1

2.2.2.2

128 Ethernet

UP

82021

82520

W:zte

pw2

3.3.3.3

128 Ethernet

UP

82020

81920

W:zte

2.10 MSPW Configuration


2.10.1 MSPW Overview
MSPW Introduction
MSPW is short for Multi-Segmented Pseudo Wires. As the name suggests, MSPW is
a pseudo wire composed of multiple single pseudo wires. MSPW is generally used to
realize domain crossing of pseudo wires. At present, the MSPW service supports static
and dynamic PWs.
In the network application of MSPW, there are two related devices: T-PE and S-PE.
l
l

T-PE: Terminate PE. The function is basically the same as a regular PE.
S-PE: Switching PE. It is a key device of MSPW. It is mainly used to receive and
process the mapping messages sent by T-PE.
MAC address learning is not required in the traffic forwarding on S-PE. Instead, the
forwarding is directly implemented according to labels. Thus, the load of S-PE is
dramatically minimized.

The emergence of MSPW reduces the number of LDP sessions that need to be established
in a VPLS network, and the number of TPC connections also decreases accordingly.
2-79
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Traffic Forwarding of MSPW


The difference between traffic forwarding of MSPW and that of a regular VPLS lies on
S-PE. T-PE is the same as PE. However, S-PE is different from PE, because S-PE not
only swaps outer layer labels, but also inner layer labels.
As shown in Figure 2-17, Protocol Data Unit (PDU) is a link layer packet; T is Tunnel
label (outer layer label); V is VC label (inner layer label); T' indicates that the outer layer
label is replaced during forwarding; V' indicates that the inner layer label is replaced during
forwarding.
Figure 2-17 Traffic Forwarding of MSPW

In a simple traffic forwarding model, the flow of sending traffic from CE1 to CE2 is as
follows:
Upon receiving a packet from CE1, T-PE1 attaches an inner layer label and an outer layer
label to the packet. These two labels are both assigned by S-PE (If S-PE is replaced by
P, the outer layer label is assigned by P, while the inner layer label is assigned by T-PE2.)
According to the outer layer label, T-PE1 forwards the packet to S-PE. Upon receiving
the packet, S-PE swaps the inner layer label and outer layer label. That is, S-PE replaces
them respectively with the inner layer label and outer layer label assigned by T-PE2. Then,
finding that it is the penultimate hop, S-PE forwards the packet to T-PE2 according to the
outer layer label. T-PE2 then forwards the packet to CE2 according to the inner layer label.

Establishment and Release of MSPW


The establishment and release of MSPW is similar to that of PW of a regular VPLS. That
is , the establishment and release is realized respectively by Mapping and Withdraw
messages. However, as MSPW has an additional device called "S-PE", the establishment
and release process is somewhat different. The difference still lies in S-PE. That is,
MSPW needs S-PE to forward Mapping and Withdraw messages.
l

Establishment of MSPW
As shown in Figure 2-18, when T-PE1 configures one VPLS instance and specifies
S-PE as its peer, the establishment flow is as follows:
Figure 2-18 Establishment and Release of MSPW

1. T-PE1 assigns a VC label and sends a Mapping message to S-PE.


2-80
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

2. Upon receiving the Mapping message, S-PE checks whether the corresponding
VPLS instance of MSPW has been configured locally (that is, the VCID of the peer
pointing to T-PE1 must be consistent with the VCID of VFI on T-PE1, and the VCID
of the peer pointing to T-PE2 may not be the same as the VCID of the peer pointing
to T-PE1.) If yes, S-PE forwards the Mapping message to T-PE2 (Here, S-PE
does not simply forwards the Mapping message received from T-PE1. Instead,
before forwarding the Mapping message, S-PE performs VC label swapping by
replacing the Remote VC label sent from T-PE1 with the Local VC label assigned
by T-PE2.)
3. Upon receiving the Mapping message, T-PE2 also checks whether the same
VPLS instance has been configured locally (that is, the VCID is the same as that
of S-PE pointing to T-PE2). If yes, T-PE2 negotiates all the parameters. If the
parameters are all consistent and the negotiation succeeds, PW is established
on T-PE2.
Similarly, upon receiving the Mapping message from S-PE, T-PE1 performs the same
steps as mentioned above.
l

Release of MSPW
As shown in Figure 2-18, if T-PE1 does not want to forward the packets of T-PE2 any
more, for example, when the user cancels the peer role of the specified S-PE, the
release flow is as follows:
1. T-PE1 releases the VC label that was bound locally, and then sends a Withdraw
message to S-PE.
2. Upon receiving the Withdraw message, S-PE sends a label release message
(Release) to T-PE1, saying that it has already released the VC label. In addition,
S-PE sends a Withdraw message to T-PE2.
3. Upon receiving the Withdraw message from S-PE, T-PE2 returns a Release
message to S-PE.
4. After the involved devices complete sending and receiving related messages, VC
is cancelled, and PW is released.

2.10.2 Configuring MSPW


This procedure describes how to configure MSPW.

Steps
1. Create an MSPW instance.
Step

Command

Function

ZXR10(config)#mpls l2vpn enable

Enables L2VPN.

ZXR10(config)#pw pw<1-115968>

Creates a PW interface in global


configuration mode.

2-81
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Step

Command

Function

ZXR10(config)#mspw <instance-name>[for {ethernet

Creates the name for the MSPW

{tagged | raw}| fr {port | dlci | dlci-old}| tdm {aal1 | aal2 |

instance.

satop {e1 | e3 | t1 | t3}| cesopsn {basic | cas}| sonet-sdh


{cesom | ceop}}|atm {port | vpc | vcc | vpc-group |
vcc-group | sdu | pdu}| ip | hdlc | ppp}]
4 (

ZXR10(config-mspw-mspw-name)#status-signaling

Sets the status advertisement

Opti-

terminal

termination attribute for the

onal)

MSPW instance.

5 (

ZXR10(config-mspw-mspw-name)#traffic-statistics

Sets the traffic statistical

Opti-

{enable|disable}

function for the MSPW instance.

6 (

ZXR10(config-mspw-mspw-name)#traffic-statistics

Configures the alarm thresholds

Opti-

threshold [broadcast | drop | unknown-unicast]

for the rates of broadcast traffic,

onal)

onal)

input-rate [bps <1-18446744073709551615>] [pps

discarded message traffic, and

<1-4294967295>]

unknown unicast traffic.

2. Configure PW and bind the MSPW instance.


Step

Command

Function

ZXR10(config-mspw-mspw-name)#pseudo-wire

Configures PW and bind the

pw<1-115968>

MSPW instance.

ZXR10(config-mspw-mspw-name-seg-pw-number)#n

Configures a PW entity.

eighbour <peer-ip>[vcid <vcid>]


3

ZXR10(config-mspw-mspw-name-seg-pw-

Modifies PW signaling.

number-neighbour-A.B.C.D)#signal {dynamic |

static local-label <161048576> remote-label


<161048576>}
4

ZXR10(config-mspw-mspw-name-seg-pw-

Modifies the external tunnel

number-neighbour-A.B.C.D)#tunnel-policy

policy for the PW.

<tunnel-policy-name>

Bind a tunnel policy to


the PW, you need to
define the tunnel policy by
running the tunnel-policy
<tunnel-policy-name> command
in global configuration mode.

ZXR10(config-mspw-mspw-name-seg-pw-number-

Sets the traffic statistical

neighbour)#traffic-statistics{enable|disable}

function for the PW.

<peer IP>: the remote LSR ID.


tunnel-policy <tunnel-policy-name>: tunnel information of a preferred RSVP.
2-82
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

<16~1048576>: static label value.


3. Configure the remote interface parameters for the dynamic/static PW of the MSPW.
Step

Command

Function

ZXR10(config-mspw-mspw-name)#interface-params

Enters MSPW remote


interface parameter
configuration mode.

ZXR10(config-mspw-mspw-name-if-params)#descri

Configure an interface

ption <text>

description.

ZXR10(config-mspw-mspw-name-if-params)#mtu<60-

Sets the MTU for the service

9216>

instance.

ZXR10(config-mspw-mspw-name-if-params)#fragmen

Sets the fragmentation flag.

tation
5

ZXR10(config-mspw-mspw-name-if-params)#fcs-ret

Sets the Frame Check

ention header-length {2|4}

Sequence (FCS) retention


function and specifies the
FCS length.

ZXR10(config-mspw-mspw-name-if-params)#atm

Sets the maximum number

cell-concatenate <1-64>

of ATM cells that can be


connected.

10

11

ZXR10(config-mspw-mspw-name-if-params)#distribut

Sets the packing period of

e-period <1-64>

TDM simulation.

ZXR10(config-mspw-mspw-name-if-params)#ethernet

Configures an Ethernet

request-vlan-id <1-4094>

request VLAN.

ZXR10(config-mspw-mspw-name-if-params)#fr

Sets the length of FR DLCI

dlci-header-length <2-4>

headers.

ZXR10(config-mspw-mspw-name-if-params)#ts-count

Sets the number of time slots

<1-400>

of TDM simulation.

ZXR10(config-mspw-mspw-name-if-params)#tdm aal1

Sets the mode of AAL1.

mode {unstructured | structured | structured-with-cas}


12

ZXR10(config-mspw-mspw-name-if-params)#tdm aal1

Sets the number of AAL1 cells

cells-per-packet <1-100>

in each PW encapsulation
packet.

13

ZXR10(config-mspw-mspw-name-if-params)#tdm aal2

Sets the Voice Activity

vad-mode {signal-indicated | by-dectection | always-active}

Detection (VAD) capability of


AAL2.

14

15

ZXR10(config-mspw-mspw-name-if-params)#tdm aal2

Sets the maximum packing

max-duration <1-64>

duration of AAL2.

ZXR10(config-mspw-mspw-name-if-params)#tdm

Sets the CAS trunk type.

cas-trunk { e1 | t1-esf | t1-sf }


2-83
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Step

Command

Function

16

ZXR10(config-mspw-mspw-name-if-params)#tdm rtp

Sets the clock frequency of

frequency <1-65535>

timestamps.

ZXR10(config-mspw-mspw-name-if-params)#tdm rtp

Sets the RTP header.

17

header
18

19

ZXR10(config-mspw-mspw-name-if-params)#tdm rtp

Sets the type of payload in

payload-type <1-127>

RTP headers.

ZXR10(config-mspw-mspw-name-if-params)#tdm rtp

Sets the RTP differential

timestamp differential ssrc-id <1-4294967295>

timestamp mode, and


specifies the synchronization
source ID.

20

ZXR10(config-mspw-mspw-name-if-params)#tdm

Sets the transmission mode of

signaling-packets {non-transmitted|together-with-data|ap

CESoPSN signaling packets.

art-from-data {just-here|over-there}}
21

22

23

24

ZXR10(config-mspw-mspw-name-if-params)#tdm

Sets the event that can trigger

sonet-sdh dba-trigger-event {ais [une]|une [ais]}

a PE to send DBA packets.

ZXR10(config-mspw-mspw-name-if-params)#tdm

Sets the EMB-extension

sonet-sdh ebm-extension

header.

ZXR10(config-mspw-mspw-name-if-params)#tdm

Sets the asynchronous

sonet-sdh async-type { e3 | t3 }

attenuation type.

ZXR10(config-mspw-mspw-name-if-params)#tdm

Sets the CEP connection

sonet-sdh connection-type { spe | vt | fractional-spe }

type. Use the no format of


this command to delete the
configuration.

To configure each command in MSPW remote interface parameter configuration mode,


you need to check whether the corresponding MSPW type matches. The matching
checks are as follows:
l
l
l
l
l
l

mtu <60-9216>: This command can be configured for all MSPW types except the
atm and tdm types.
ethernet request-vlan-id <1-4094>: This command can be configured only when
the MSPW type is ethernet tagged.
description <text>: This command can be configured for all MSPW types.
fragmentation: This command can be configured for all MSPW service types.
fr dlci-header-length <2-4>: This command can be configured only when the
MSPW type is fr dlci or fr dlci-old.
fcs-retention header-length {2|4}: This command can be configured when the
MSPW type is ethernet tagged, ethernet raw, HDLC, PPP, and FR. For the
ethernet tagged and ethernet raw types, the value must be 4.
atm cell-concatenate <1-64>: This command can be configured when the MSPW
type is atm port, atm vpc, atm vcc, atm vpc-group, or atm vcc-group.
2-84

SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

l
l

l
l
l
l

l
l
l
l

tdm ts-count <1-1000>: This command can be configured when the MSPW type
is tdm, including tdm { aal1 | aal2 | satop { e1 | t1 | e3 | t3 }| cesopsn { basic | cas }|
sonet-sdh {cesom | ceop}}.
tdm distribute-period <2-64>:This command can be configured when the MSPW
type is tdm, including tdm { aal1 | aal2 | satop { e1 | t1 | e3 | t3 } | cesopsn { basic
| cas } | sonet-sdh {cesom | ceop} }. When a PWE3 is encapsulating signaling
packets, this parameter is ignored for the aal1 and all2 types. This parameter
needs to be extracted for other tdm types, including tdm { satop { e1 | t1 | e3 | t3
} | cesopsn { basic | cas } | sonet-sdh {cesom | ceop} }.
tdm rtp header: This command can be configured when the MSPW type is tdm.
tdm rtp timestamp differential ssrc-id <1-4294967295>: This command can be
configured when the MSPW type is tdm. When a PWE3 is encapsulating
signaling packets, this parameter is ignored if the tdm rtp header is not configured.
tdm rtp frequency <1-65535>: This command can be configured when the MSPW
type is tdm. When a PWE3 is encapsulating signaling packets, this parameter is
ignored if the tdm rtp header is not configured.
tdm rtp payload-type <1-127>: This command can be configured when the MSPW
type is tdm. When a PWE3 is encapsulating signaling packets, this parameter is
ignored if the tdm rtp header is not configured.
tdm cas-trunk { e1 | t1-esf | t1-sf }: This command can be configured when the
MSPW type is tdm. When a PWE3 is encapsulating signaling packets, this
parameter is extracted based on the specified type.
tdm signaling-packets { non-transmitted | together-with-data | apart-from-data[just
-here|over-there]}: This command can be configured when the MSPW type is tdm.
When a PWE3 is encapsulating signaling packets, this parameter is extracted for
CES PWs of the following type: tdm {satop {e1 | t1 | e3 | t3}| cesopsn {basic | cas}}.
tdm sonet-sdh dba-trigger-event {[ais],[une]}: This command can be configured
when the MSPW type is tdm cep, including tdm sonet-sdh {cesom | ceop}.
tdm sonet-sdh ebm-extension: This command can be configured when the MSPW
type is tdm cep, including tdm sonet-sdh {cesom | ceop}.
tdm sonet-sdh async-type { e3 | t3 }: This command can be configured when the
MSPW type is tdm cep, including tdm sonet-sdh {cesom | ceop}.
tdm sonet-sdh connection-type { spe | vt | fractional-spe }: This command can be
configured when the MSPW type is tdm cep, including tdm sonet-sdh {cesom |
ceop}.
tdm aal1 cells-per-packet <1-100>: This command can be configured when the
MSPW type is tdm all1.
tdm aal1 mode {unstructured | structured | structured-with-cas}: This command
can be configured when the MSPW type is tdm all1.
tdm aal2 max-duration <1-64>: This command can be configured when the MSPW
type is tdm all2.
tdm aal2 vad-mode {signal-indicated | by-dectection | always-active}: This command
can be configured when the MSPW type istdm all2.

2-85
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

If any interface parameter configuration conflicts with the MSPW type, the system
displays the following error code: "This type MSPW instance does not support this
parameter! ". For a description of the MSPW types that support the parameter, refer
to CLI command descriptions.
4. (Optional) Configure PW redundancy in an MSPW instance.
Step

Command

Function

ZXR10(config-mspw-mspw-name-seg-pw-number)#r

Binds a PW redundancy

edundency-manager

backup group to the


current PW, and enters
PW redundancy group
management configuration
mode.

Sets the PW protection type.

ZXR10(config-mspw-mspw-name-seg-pw-numberrm)#protect-type {1+1 | 1:1}{bidirectional |

unidirectional}[receiving {selective | both}] protect-strategy


{aps}
3

ZXR10(config-mspw-mspw-name-seg-pw-number-

Sets the PW negotiation

rm)#pfs-bits negotiate {independent | master | slave}

mode.

ZXR10(config-mspw-mspw-name-seg-pw-number-

Binds the standby PW

rm)#exit

instance.

ZXR10(config-mspw-mspw-name-seg-pw-number)#exit
ZXR10(config-mspw-mspw-name)#backup-pw

<pw-name> protect <pw-name>


5

ZXR10(config-mspw-mspw-name-protect-seg-pw-

Sets the standby PW entity.

number)#neighbour <A.B.C.D>[vcid <1-4294967295>]

independent: independent PW redundancy negotiation mode.


master: master negotiation mode.
slave: slave negotiation mode.
1+1 | 1:1: PW protection type.
bidirectional | unidirectional: APS negotiation type, where bidirectional indicates the
bidirectional type, and unidirectional indicates the unidirectional type.
selective | both: selective receiving or both receiving.
independent: independent PW redundancy negotiation mode.
5. (Optional) Configure the following commands if APS and PW redundancy handover is
needed.
Step

Command

Function

ZXR10(config)#aps

Enters APS configuration


mode.
2-86

SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Step

Command

Function

ZXR10(config-aps)#linear-protect

Configures a linear APS


instance.

ZXR10(config-aps-linear-protect)#pw-protector

Creates a PW protector APS

pw<1-115968>

instance, and enters APS


PW protection configuration
mode.

ZXR10(config-aps-linear-protect-pw-number)#reve

Sets the mode of linear

rtive-mode revertive wtr 0

protection.

6. Verify the configurations.


The MSPW maintenance is just similar to that of the VPLS function. For details, refer
to section "Configuring VPLS".
End of Steps

2.10.3 MSPW Configuration Instance


Configuration Description
As shown in Figure 2-19, the LDP Router-ID of the T-PE1 router, the T-PE2 router and the
S-PE router are 133.133.11.1, 133.133.1.1 and 133.133.5.1.
Figure 2-19 MSPW Configuration Instance

Configuration Flow
1. Establish LDP session between T-PE1 and S-PE, and between T-PE2 and S-PE. For
details, refer to ZXR10 M6000-S Carrier-level Router Configuration Guide (MPLS).
2. Configure MSPW on the S-PE router and configure a normal VPLS instance on the
T-PE router.

Configuration Command
The configuration on the T-PE1 router is as follows:
T-PE1(config)#pw pw1
T-PE1(config)#vpls zte
T-PE1(config-vpls-zte)#pseudo-wire pw1
T-PE1(config-vpls-zte-pw-pw1)#neighbour 133.133.5.1 vcid 1
T-PE1(config-vpls-zte-pw-pw1-neighbour)#exit

2-87
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


T-PE1(config-vpls-zte)#exit

The configuration on the S-PE router is as follows:


S-PE(config)#pw pw1
S-PE(config)#pw pw2
S-PE(config)#mspw zte for ethernet raw
S-PE(config-mspw-zte)#pseudo-wire pw1
S-PE(config-mspw-zte-seg-pw1)# neighbour 133.133.1.1 vcid 1
S-PE(config-mspw-zte-seg-pw1-neighbour)#signal dynam
S-PE(config-mspw-zte-seg-pw1-neighbour)#exit
S-PE(config-mspw-zte-seg-pw1)#exit

S-PE(config-mspw-zte)#pseudo-wire pw2
S-PE(config-mspw-zte-seg-pw2)# neighbour 133.133.11.1 vcid 1
S-PE(config-mspw-zte-seg-pw2-neighbour)#signal dynam
S-PE(config-mspw-zte-seg-pw2-neighbour)#exit
S-PE(config-mspw-zte-seg-pw2)#exit

The configuration on the T-PE2 router is as follows:


T-PE2(config)#pw pw1
T-PE2(config)#vpls zte
T-PE2(config-vpls-zte)#pseudo-wire pw1
T-PE2(config-vpls-zte-pw-pw1)#neighbour 133.133.5.1 vcid 1
T-PE2(config-vpls-zte-pw-pw1-neighbour)#exit
T-PE2(config-vpls-zte-pw-pw1)#exit
T-PE2(config-vpls-zte)#exit

Configuration Verification
On the S-PE router, execute the show pwe3 signal fec128 detail command to check the
information related to PWE3.
S-PE#show pwe3 signal fec128 detail
The detailed signal information of dynamic PWs or PW-segments:

Some signal information are referred to as follows :


NON

- the LDP session is absent,

UP

- the LDP session is OPERATIONAL,

GR1

- the LDP session is reconnecting,

GR2

- the LDP session's remote mappings are recovering,

DOWN - not UP(or NON,or GR1,or GR2).


PW entity

: < 133.133.11.1 , 1 , ethernet >

LSPs formed

: YES

C-bits

: local
negotiated

MTU

: local
negotiated

: NO

, remote

: NO

: NO
: 1500

, remote

: 1500

: 1500

2-88
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


labels

: local

: 81923

, remote

: 83420

signal

: Configured

: YES

, Received

: YES

oam status

Negotiated

: YES

AC ready

: YES

: local

: local
negotiated

application

: YES

: PSN rcv(0|0),snd(0|0); AC rcv(0),snd(0); Error(0)

remote
redundancy

, Sent

: PSN rcv(0),snd(0); AC rcv(0),snd(0); Error(0)


: ??

, remote

: ??

: ??

: service-type : MSPW

, instance-id: 2

MAC-withdraw : received

: 0

, sent

local-VCCV

: CC-type

: TTL

remote-VCCV

: CC-type

: AL|TTL

actual-VCCV

: CC-type

: TTL

LDP session

: The LDP session's state is UP.

: 0

, CV-type

: LSP

, CV-type

: LSP

, CV-type

: LSP

attachment-circuit : ??
local-description

: ??

remote-description : zte

PW entity

: < 133.133.1.1 , 1 , ethernet >

LSPs formed

: YES

C-bits

: local
negotiated

MTU

: local

: NO

labels

: local

signal

: Configured

: 81922

AC ready

: YES

redundancy

: local

: 1500

, Received
, Sent

: 81929
: YES
: YES

: PSN rcv(0|0),snd(0|0); AC rcv(0),snd(0); Error(0)

remote

negotiated

, remote

: YES
: YES

: local

, remote

: 1500

Negotiated

oam status

: NO

: NO
: 1500

negotiated

application

, remote

: PSN rcv(0),snd(0); AC rcv(0),snd(0); Error(0)


: ??

, remote

: ??

: ??

: service-type : MSPW

, instance-id: 2

MAC-withdraw : received

: 0

local-VCCV

: CC-type

: TTL

, sent

remote-VCCV

: CC-type

: AL|TTL

actual-VCCV

: CC-type

: TTL

LDP session

: The LDP session's state is UP.

: 0

, CV-type
, CV-type
, CV-type

: LSP
: LSP
: LSP

attachment-circuit : ??
local-description

: ??

remote-description : zte

On the S-PE, execute the show l2vpn forwardinfo vpnname command to check whether
PW is established successfully. Use the detail option to check the detailed information,
such as the internal label of the PW.

2-89
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


S-PE#show l2vpn forwardinfo vpnname zte
Headers: PWType - Pseudo Wire type and Pseudo Wire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - Owner type and instance name
Codes

: H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW, MO - MONITOR


$pw - auto_pw

PWName

PeerIP

FEC

PWType

State

pw2

133.133.11.1

128

Ethernet

UP

81923

83420

M:zte

pw1

133.133.1.1

128

Ethernet

UP

81922

81929

M:zte

ZXR10#sho l2vpn forwardinfo vpnname zte

Llabel

Rlabel

VPNowner

detail

Hearders : ALLOK - Pseudowire Forwarding

Codes

PWNF

- Pseudowire Not Forwarding

AR

- Local AC (ingress) Receive Fault

AT

- Local AC (egress) Transmit Fault

PSNR

- Local PSN-facing PW (ingress) Receive Fault

PSNT

- Local PSN-facing PW (egress) Transmit Fault

PWFS

- Pseudowire forwarding standby

RS

- Request switchover to this PW

PWSA

- Pseudowire Status All Fault

: -unknown, *yes, .no

-------------------------------------------------------------------------------

Service type and instance name:[MSPW

zte]

Peer IP address

: 133.133.11.1

Connection mode

VCID Extend

: 0

Signaling protocol

: LDP

VC type

: Ethernet

Last status change time : 00:07:09

Create time

: 00:07:54

MPLS VC local label

: 81922

Remote label : 81921

PW name

: pw12

Control Word : -

Related PW name

: -

PW FRR type

: NULL

Activation status

: ENABLE

Band Width

: 0

VC status

: UP

Remote status

: ALLOK

VCCV CC type

: TTL

VCCV CV type

: LSP

Tunnel label

: { 3 }

Output interface

: gei-0/4/0/1

Imposed label stack

: { 81921 3 }

Service type and instance name:[MSPW

VCID

: 1

zte]

Peer IP address

: 133.133.1.1

VCID

: 1

Connection mode

VCID Extend

: 0

Signaling protocol

: LDP

VC type

: Ethernet

2-90
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


Last status change time : 00:07:09

Create time

: 00:07:54

MPLS VC local label

: 81921

Remote label : 81920

PW name

: pw11

Control Word : -

Related PW name

: -

PW FRR type

: NULL

Activation status

: ENABLE

Band Width

: 0

VC status

: UP

Remote status

: ALLOK

VCCV CC type

: TTL

VCCV CV type

: LSP

Tunnel label

: { 3 }

Output interface

: smartgroup22

Imposed label stack

: { 81920 3 }

2.11 Configuring VPLS Crossing Several Domains


(Option C)
2.11.1 VPLS Crossing Several Domains (Option C) Overview
VPLS Crossing Several Domains (Option C) Introduction
The Option C mode domain crossing is a tunneling technology called "type 3 domain
crossing". It allows MPLS forwarding reachable between the LSRIDs of PE routers in
two AS domains. This technology is independent from the MPLS L2VPN/MPLS L3VPN
tunneling technology. However, building a flexible MPLS L2VPN/MPLS L3VPN network
can realize domain crossing in MPLS L2VPN Option C mode or in MPLS L3VPN Option
C mode.

VPLS Crossing Several Domains (Option C) Work Flow


Figure 2-20 shows the work flow of VPLS crossing several domains (Option C).
Figure 2-20 Work Flow of VPLS Crossing Several Domains (Option C)

PE2 and ASBR2 are in the same AS. ASBR2 uses the IGP protocol to obtain the routing
information of PE2. Through the LDP protocol, ASBR2 and PE2 establish an LSP tunnel.
ASBR1 and PE2 are not in the same AS, and ASBR1 has no routing information of PE2.
In that case, the routing information of PE2 can be transferred to ASBR1 through the
EBGP protocol. In addition, the BGP protocol can be extended in such a way that BGP
2-91
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

can assign labels (such as IPv4-Label as shown in the above figure) while transferring
routing information. Hence, an LSP is established between ASBR1 and ASBR2, and label
swapping is performed on ASBR2.
Similarly, between ASBR1 and PE1, the routing information of PE2 is also transferred
through extended IBGP, labels are assigned, and label swapping is performed on ASBR1.
However, the establishment of the LSP is different from that of the LSP between two
ASBRs. Two ASBRs are directly connected, and the next hop is directly reachable. PE1
and ASBR1 are not directly connected, but an LSP tunnel can be established between
them through LDP, as they are in the same AS.
Thus, the LSP tunnel between PE1 and ASBR1 finally has three layers of labels: the
bottom-layer VPN label (assigned by PE2), the middle-layer to-PE2 label (assigned
by ASBR1 through extended BGP), and the outer-layer to-ASBR1 label (assigned by
LDP). Between ASBRs, a double-layer LSP tunnel is established with two labels: the
bottom-layer VPN label (assigned by PE2) and the outer-layer to-PE2 label (assigned by
ASBR2 through extended BGP). Between ASBR2 and PE2, a double-layer LSP tunnel
is established with two labels: the inner-layer VPN label (assigned by PE2) and the
outer-layer to-PE2 label (assigned by LDP). These three tunnels are bonded together by
label swapping on ASBRs to form an end-to-end LSP tunnel.

2.11.2 Configuring VPLS Crossing Several ASs (Option C)


This procedure describes how to configure VPLS crossing several ASs (Option C).

Steps
1. Configure VPLS Crossing Several ASs (Option C).
For details about the VPLS configuration crossing several ASs (option C), refer to the
Configuring VPLS.
2. Verify the configurations.
For details about the VPLS maintenance crossing several ASs (Option C), refer to
section Configuring VPLS.
End of Steps

2.11.3 Configuration Instance of VPLS Crossing Several Domains


(Option C)
Configuration Description
As shown in Figure 2-21, a customer has two sites: site 1 and site 2. They need to be
connected through VPN. However, site 1 connects AS1, and site 2 connects AS2. Both
sites provide MPLS VPN. To realize the MPLS VPN connectivity between the two sites,
we can use VPLS crossing several domains (Option C).

2-92
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Figure 2-21 Configuration Instance of VPLS Crossing Several Domains (Option C)

Configuration Flow
1. Build the network according to Figure 2-21.
addresses:

Configure the following interface

left interface of PE1: gei-0/2/0/1, right interface of PE1: gei-0/1/0/1 100.1.12.1/24;


left interface of ASBR1:
gei-0/1/0/3 100.1.23.2/24;

gei-0/1/0/2 100.1.12.2/24, right interface of ASBR1:

left interface of ASBR2:


gei-0/1/0/5 100.1.34.3/24;

gei-0/1/0/4 100.1.23.3/24, right interface of ASBR2:

left interface of PE2: gei-0/1/0/6 100.1.34.4/24, right interface of PE2: ei-0/2/0/2;


CE1: gei-0/2/0/1 191.1.1.1/24, CE3: gei-0/2/0/2 191.1.1.2/24.
2. Configure a loopback interface for each router. From left to right, the loopback
addresses are: 100.1.5.1/32, 100.1.5.2/32, 100.1.5.3/32, and 100.1.5.4/32.
3. PE1 and PE2 are in the same VPN. PE1 and ASBR1 are in AS100. PE2 and ASBR2
are in AS200.
4. Establish an IBGP neighbor between PE and ASBR, and configure the send-lable
capability for each other. Establish an IGP+LDP label distribution tunnel between PE
and ASBR.
5. Establish a normal EBGP neighbor between ASBRs by using a directly-connected
interface, and use network to notify each other of the loopback address of the
corresponding PE. Under BGP, configure the send-lable capability for reaching the
neighbor, and configure route-map by setting set mpls lable and prefix-matching route
filtering. Establish ldp target-session between PE1 and PE2.
6. Configure a vpls zte instance respectively on PE1 and PE2.
7. Ping CE3 from CE1.

Configuration Command
The configuration on PE1 is as follows:
PE1(config)#router ospf 10
PE1(config-ospf-10)#router-id 100.1.5.1

2-93
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE1(config-ospf-10)#network 100.1.0.0 0.0.255.255 area 0
PE1(config-ospf-10)#exit

PE1(config)#router bgp 100


PE1(config-bgp)#no synchronization
PE1(config-bgp)#neighbor 100.1.5.2 remote-as 100
PE1(config-bgp)#neighbor 100.1.5.2 update-source loopback10
PE1(config-bgp)#neighbor 100.1.5.2 send-label
PE1(config-bgp)#exit

PE1(config)#mpls ldp

instance 1

PE1(config-ldp-1)#router-id loopback10
PE1(config-ldp-1)# target-session 100.1.5.4
PE1(config-ldp-1)#interface gei-0/1/0/1
PE1(config-ldp-1-if-gei-0/1/0/1) # exit
PE1(config-ldp-1)#exit

PE1(config)#mpls l2vpn enable


PE1(config)#pw pw1
PE1(config)#vpls zte
PE1(config-vpls-zte)#access-point gei-0/2/0/1
PE1(config-vpls-zte-ac-gei-0/2/0/1)#access-params ethernet
PE1(config-vpls-zte-ac-gei-0/2/0/1-eth)#exit
PE1(config-vpls-zte-ac-gei-0/2/0/1)#exit
PE1(config-vpls-zte)#pseudo-wire pw1
PE1(config-vpls-zte-pw-pw1)#neighbour 100.1.5.4 vcid 10000
PE1(config-vpls-zte-pw-pw1-neighbour-100.1.5.4)#exit

The configuration on ASBR1 is as follows:


ASBR1(config)#router ospf 10
ASBR1(config-ospf-10)#router-id 100.1.5.2
ASBR1(config-ospf-10)#network 100.1.0.0 0.0.255.255 area 0
ASBR1(config-ospf-10)#exit

ASBR1(config)#mpls ldp

instance 1

ASBR1(config-ldp-1)#router-id loopback10
ASBR1(config-ldp-1)#interface gei-0/1/0/2
ASBR1(config-ldp-1-if-gei-0/1/0/2)#exit
ASBR1(config-ldp-1)#access-fec bgp
ASBR1(config-ldp-1)#exit

ASBR1(config)#ipv4-access-list zte
ASBR1(config-ipv4-acl)#rule 1 permit 100.1.5.1 0.0.0.0
ASBR1(config-ipv4-acl)#exit
ASBR1(config)#route-map zte

2-94
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


ASBR1(config-route-map)#match ip address zte
ASBR1(config-route-map)#set mpls-label
ASBR1(config-route-map)#exit

ASBR1(config)#router bgp100
ASBR1(config-bgp)#no synchronization
ASBR1(config-bgp)#neighbor 100.1.23.3 remote-as 200
ASBR1(config-bgp)#neighbor 100.1.23.3 route-map zte out
ASBR1(config-bgp)#neighbor 100.1.23.3 send-label
ASBR1(config-bgp)#neighbor 100.1.5.1 remote-as 100
ASBR1(config-bgp)#neighbor 100.1.5.1 update-source loopback10
ASBR1(config-bgp)#neighbor 100.1.5.1 next-hop-self
ASBR1(config-bgp)#neighbor 100.1.5.1 send-label
ASBR1(config-bgp)#network 100.1.5.1 255.255.255.255
ASBR1(config-bgp)#exit

The configuration on ASBR2 is as follows:


ASBR2(config)#router ospf 10
ASBR2(config-ospf-10)#router-id 100.1.5.3
ASBR2(config-ospf-10)#network 100.1.0.0 0.0.255.255 area 0
ASBR2(config-ospf-10)#exit

ASBR2(config)#mpls ldp instance 1


ASBR2(config-ldp-1)#router-id loopback10
ASBR2(config-ldp-1)#interface gei-0/1/0/5
ASBR2(config-ldp-1-if-gei-0/1/0/5)#exit
ASBR2(config-ldp-1)#access-fec bgp
ASBR2(config-ldp-1)#exit

ASBR2(config)#ipv4-access-list zte
ASBR2(config-ipv4-acl)#rule 1 permit 100.1.5.4 0.0.0.0
ASBR2(config-ipv4-acl)#exit
ASBR2(config)#route-map zte
ASBR2(config-route-map)#match ip address zte
ASBR2(config-route-map)#set mpls-label
ASBR2(config-route-map)#exit

ASBR2(config)#router bgp 200


ASBR2(config-bgp)#no synchronization
ASBR2(config-bgp)#neighbor 100.1.23.2 remote-as 100
ASBR2(config-bgp)#neighbor 100.1.23.2 route-map zte out
ASBR2(config-bgp)#neighbor 100.1.23.2 send-label
ASBR2(config-bgp)#neighbor 100.1.5.4 remote-as 200
ASBR2(config-bgp)#neighbor 100.1.5.4 update-source loopback10
ASBR2(config-bgp)#neighbor 100.1.5.4 next-hop-self

2-95
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


ASBR2(config-bgp)#neighbor 100.1.5.4 send-label
ASBR2(config-bgp)#network 100.1.5.4 255.255.255.255
ASBR2(config-bgp)#exit

The configuration on PE2 is as follows:


PE2(config)#router ospf 10
PE2(config-ospf-10)#router-id 100.1.5.4
PE2(config-ospf-10)#network 100.1.0.0 0.0.255.255 area 0
PE2(config-ospf-10)#exit

PE2(config)#mpls ldp instance 1


PE2(config-ldp-1)#router-id loopback10
PE2(config-ldp-1)#target-session 100.1.5.1
PE2(config-ldp-1)#interface gei-0/1/0/6
PE2(config-ldp-1-if-gei-0/1/0/6)#exit
PE2(config-ldp-1)#exit

PE2(config)#router bgp 200


PE2(config-bgp)#no synchronization
PE2(config-bgp)#neighbor 100.1.5.3 remote-as 200
PE2(config-bgp)#neighbor 100.1.5.3 update-source loopback10
PE2(config-bgp)#neighbor 100.1.5.3 send-label
PE2(config-bgp)#exit

PE2(config)#mpls l2vpn enable


PE2(config)#pw pw1
PE2(config)#vpls zte
PE2(config-vpls-zte)#access-point gei-0/2/0/2
PE2(config-vpls-zte-ac-gei-0/2/0/2)#access-params ethernet
PE2(config-vpls-zte-ac-gei-0/2/0/2-eth)#exit
PE2(config-vpls-zte-ac-gei-0/2/0/2)#exit
PE2(config-vpls-zte)#pseudo-wire pw1
PE2(config-vpls-zte-pw-pw1)#neighbour 100.1.5.1 vcid 10000
PE2(config-vpls-zte-pw-pw1-neighbour-100.1.5.1)#exit
PE2(config-vpls-zte-pw-pw1)#exit
PE2(config-vpls-zte)#exit

Configuration Verification
On PE1 or PE2, run the show l2vpn forwardinfo vpnname command to check whether the
PW is established successfully. In the "details" option, you can see the detailed information
about the PW, such as inner-layer and outer-layer labels.
PE1(config)#show l2vpn forwardinfo vpnname zte
Headers: PWType - Pseudo Wire type and Pseudo Wire connection mode
Llabel - Local label, Rlabel - Remote label

2-96
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


VPNowner - Owner type and instance name
Codes

: H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW, MO - MONITOR


$pw - auto_pw

PWName

PeerIP

FEC

pw1

100.1.5.4 128

PWType

State

Ethernet

H UP

Llabel

Rlabel

VPNowner

81920

81920

L:zte

PE1(config)#show l2vpn forwardinfo detail


Headers : ALLOK - Pseudowire Forwarding

Codes

PWNF

- Pseudowire Not Forwarding

AR

- Local AC (ingress) Receive Fault

AT

- Local AC (egress) Transmit Fault

PSNR

- Local PSN-facing PW (ingress) Receive Fault

PSNT

- Local PSN-facing PW (egress) Transmit Fault

PWFS

- Pseudowire forwarding standby

RS

- Request switchover to this PW

PWSA

- Pseudowire Status All Fault

: -unknown, *yes, .no

-------------------------------------------------------------------------------

Service type and instance name:[VPLS

zte]

Peer IP address

: 100.1.5.4

VCID

: 10000

Connection mode

: HUB

VCID Extend

: 0

Signaling protocol

: LDP

VC type

: Ethernet

Last status change time : 00:00:13

Create time

: 00:00:13

MPLS VC local label

Remote label : 81921

: 81920

PW name

: pw1

Control Word : -

Related PW name

: -

PW FRR type

: NULL

Activation status

: ENABLE

Band Width

: 0

VC status

: UP

Remote status

: ALLOK

VCCV CC type

: TTL

VCCV CV type

: LSP

Tunnel label

: { 3 }

Output interface

: gei-0/1/0/1

Imposed label stack

: { 81921 3 }

Check the LDP label information of ASBR1 on PE1:


PE1(config)#show mpls forwarding-table 100.1.5.2
Prefix or

Outgoing

label

Local

Outgoing
label

Tunnel Id

interface

16389

Poptag

100.1.5.2/32

gei-0/1/0/1

Next Hop

M/S

100.1.12.2

Check the BGP label information of other devices on PE1:


PE1(config)#show ip bgp labels
Network

Next Hop

In Label/Out Label

2-97
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


100.1.5.1/32

100.1.5.2

notag/nolabel

100.1.5.2/32

100.1.5.2

213006/213024

100.1.5.3/32

100.1.5.2

213007/213025

100.1.5.4/32

100.1.5.2

212999/212996

2.12 Configuring VLSS


2.12.1 VLSS Overview
The Virtual Local Switch Service (VLSS) is a local virtual private line service. It provides
L2VPN local switching for interconnection between local nodes.
Two ACs are bound in one VLSS instance, so that the traffic can be switched between the
two ACs. This means that the traffic from one AC can be forwarded by the other AC.

2.12.2 Configuring VLSS


The VLSS function supports the communication between two local ACs. This procedure
describes how to configure VLSS.

Steps
1. Configure VLSS.
Step

Command

Function

ZXR10(config)#mpls l2vpn enable

Enables L2VPN.

ZXR10(config)#vlss<vlss-name>

Creates a VLSS instance.

ZXR10(config-vlss-name)#description <string>

Describes a VLSS instance.

ZXR10(config-vlss-name)#traffic-statistics

Sets the traffic statistical function

{enable|disable}

for a instance.

ZXR10(config-vlss)#access-point<ac-interface>

Binds an AC interface to the VLSS


instance.
<ac-interface>: adds VLAN access.

ZXR10(config-vlss-vlss-name-ac-ac-

Configures the AC encapsulation

interface)#access-params {ethernet | fr | hdlc |

type.

ppp | tdm}

ZXR10(config-vlss-vlss-name-ac-ac-

Configures ingress preprocessing

interface-eth)#ingress-adjust {push

as follows:

<1-4094> | rewrite <1-4094> | tag-as-payload

push: Adds a tag to the data

{all|from-sublayer}}

package.
rewrite: modifies ptag.
tag-as-payload: Treats some or
all tags of AC uplink service traffic
2-98

SJ-20140731105308-013|2014-10-20 (R1.0)

as payloads.
ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Step

Command

Function

ZXR10(config-vlss-vlss-name-ac-ac-

Sets the traffic statistical function

interface-eth)#traffic-statistics{enable|disable}

for an AC.

ZXR10(config-vlss-vlss-name-ac-ac-

Configures the alarm thresholds

interface-eth)#traffic-statistics threshold

for the rates of broadcast traffic,

[broadcast | drop | unknown-unicast] input-rate

discarded message traffic, and

[bps <1-18446744073709551615>] [pps

unknown unicast traffic.

<1-4294967295>]

ethernet | fr | hdlc | ppp | tdm: Encapsulation types of the AC interface in the VLSS
instance.
2. Verify the configurations.
Command

Function
Displays a list of L2VPN

ZXR10#show l2vpn brief

instances and the number of AC


interfaces bound to PWs in each
instance.
Displays the number of VPN

ZXR10#show l2vpn summary

instances.

End of Steps

2.12.3 VLSS Configuration Example


Configuration Description
The VLSS function needs to be configured only on a single device.
The following example describes how to configure a VLSS instance on one router. Two
local connections are bound in the VLSS instance for interconnection.

Configuration Flow
1. Enable L2VPN.
2. Create a VLSS instance and bind the local connections.

Configuration Commands
Run the following commands to configure the VLSS on the ZXR10 M6000-S:
ZXR10(config)#mpls l2vpn enable
ZXR10(config)#vlss zte
ZXR10(config-vlss-zte)#description l2vpn-zte
ZXR10(config-vlss-zte)#access-point gei-0/1/0/3
ZXR10(config-vlss-zte-ac-gei-0/1/0/3)#access-params ethernet

2-99
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


ZXR10(config-vlss-zte-ac-gei-0/1/0/3-eth)#exit
ZXR10(config-vlss-zte-ac-gei-0/1/0/3)#exit
ZXR10(config-vlss-zte)#access-point gei-0/1/0/4
ZXR10(config-vlss-zte-ac-gei-0/1/0/4)#access-params ethernet
ZXR10(config-vlss-zte-ac-gei-gei-0/1/0/4-eth)#exit
ZXR10(config-vlss-zte-ac-gei-gei-0/1/0/4)#exit

Configuration Verification
Run the show command to check the VLSS instance configuration.
ZXR10(config)#show l2vpn brief
VPLS count:0

VPWS count:0

VLSS count:1

MSPW count:0

MONITOR count:0

name

type

Default-VCID PW

AC

description

zte

VLSS

l2vpn-zte

ZXR10(config)#show l2vpn instance-name zte


Name:zte
Type:VLSS

Default-VCID:-

PW count:0

AC count:2

Kompella PW count:0
Activation Status:ENABLE
Default Cword:Description:l2vpn-zte

Attachment Circuit(AC):
InterfaceName

Client/Server

gei-0/1/0/3

gei-0/1/0/4

2.13 Port Protection Group Configuration


2.13.1 Port Protection Group Overview
Port protection group, based on the protection function of the routing port, can improve
the reliability of the service. It supports manual command switching or automatic
switching after the change of the link status. In addition, it supports the non-switchback
and delay-switchback after the fault is recovered. When the primary link has faults, the
protection path is switched to the current working path according to the switching policy.
When the primary port is recovered, the original working path is switched or not according
to the recovery policy.

2-100
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

MSP Protection
Multiplex Section Protection (MSP) is a dedicated or shared protection mechanism. MSP
provides protections for the multiplex section layer, and is applicable for point-to-point
physical network. It implements the protection for the service channel, and used for the
STM-N port network or connection with the client device (such as BSC/RNC).
MSP includes two protection types: 1+1 and 1:1. The UNI side should support the 1+1
and 1:1 MSP protections
As shown in Figure 2-22, PW1 is created between P1 to P2, and PW2 is created between
P1 and P3. The two PWs are related through the PW redundancy group created on P1.
PW1 is the working path, and PW2 is the protection path.
Figure 2-22 Typical Network of Port Protection Group

The MSP is run on the UNI side. LINK1 is the working link, and LINK2 is the protection link.
When the SDH OAM detects that the link has faults, it notifies to the MSP. The MSP selects
LINK1 or LINK2 as the new working link, and reports the result to the PW redundancy
group on P1 through the PW OAM. Then, the redundancy group selects the PW same as
that on the UNI side as the new working path.

MC-APS Protection
Multi-Chassis Automatic Protection Switching (MC-APS) is the extension of the MSP
protection.
2-101
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

The current MSP is run on the same rack, and the head and tail nodes of the working and
protection links are on the same device. In this case, the MSP status machines of both
ends are run on the same device.
If the head and tail nodes of the working and protection links are on different devices,
the information obtained from the single device is not complete. The status machine
calculation must be performed with information on the other device. Therefore, the MSP
should be extended to make it receive information of other devices and synchronize the
information with other devices to implement the MC-APS protection.
As shown in Figure 2-22, the MSP information should be synchronized between P2 and
P3 reliably and in order, which requires to be guaranteed by a set of mechanisms. IEFT
releases ICCP based on LDP, which guarantees that reliable information transmission
between racks through the channels created between devices.
ICCP provides a series of management mechanisms, which requires to put the devices
whose information needs to be synchronized to a Redundancy Group (RG). The
information transmitted between devices are encapsulated into the messages in the TLV
format. Then, the information is sent to the peer through channels. The ICCP messages
must be born through the extended LDP TLV field, which means that the LDP must be
deployed on PE nodes of both ends.

2.13.2 Configuring a Port Protection Group


This procedure describes how to configure a port protection group.

Steps
1. Configure a port protection group.
Step

Command

Function

ZXR10(config)#port-group <group-id>

Creates a port protection


group, and then enters
the port protection group
configuration mode.

ZXR10(config-port-group-group-id)#group-type

Configures the group type of

{msp | mc-aps}

the port protection group.

ZXR10(config-port-group-group-id)#protect-type

Configures the protection type

{1:1 {bidirectional}| 1+1 {unidirectional | bidirectional}}

of the port protection group.

receiving {selective}
4

ZXR10(config-port-group-group-id)#working-port

Configures the working port.

<interface-name>
ZXR10(config-port-group-group-id)#protect-port

Configures the protection port.

<interface-name>
5

ZXR10(config-port-group-group-id)#communicate-

Configures the communication

unit iccp <iccp-session-id>

unit.
2-102

SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Step

Command

Function

ZXR10(config-port-group-group-id)#protect-strat

Configures the protection

egy aps

strategy of the port protection


group.

Enters the APS configuration

ZXR10(config)#aps

instance mode.
Configures a linear APS

ZXR10(config-aps)#linear-protect

instance.
ZXR10(config-aps-linear-protect)#port-group

Creates a port protection

<group-id>

group, and enters the port


protection group configuration
mode.
Performs a switchover.

ZXR10(config-aps-linear-protect-portgroupid)#switch {clear|exercise|force-switch|force-switch-work

|lockout|manual-switch|manual-switch-work}

<group-id>: port protection group number, in range of 1 to 256.


msp: multiplexing section protection type.
mc-aps: cross-rack automatic protection switching type.
bidirectional: bidirectional protection.
unidirectional: unidirectional protection.
selective: selective receiving.
<iccp-session-id>: ICCP Session ID, in range of 1 to 4294967293.
aps: APS protection policy.
clear: Clears active local-end protection locking, forced switchover, manual
switchover, WTR state, or exercise.
exercise: Exercises APS, so that signals are selected and the selector is not changed.
force-switch: Compulsively selects proper traffic signals from the backup transport
entity when the backup transport entity has no fault.
force-switch-work: Compulsively selects proper traffic signals from the operating
transport entity when the backup transport entity has no fault.
lockout: Disallows selecting operating signals from the backup transport entity.
manual-switch: Compulsively selects proper traffic signals from the backup transport
entity when the operating transport or backup transport entity has no fault.
manual-switch-work: Compulsively selects proper traffic signals from the operating
transport entity when the operating transport or backup transport entity has no fault.
2. Authenticate the configuration result.
2-103
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Command

Function

ZXR10#show port-group {<group-id>| all}

Shows port protection group information.

all: shows information of all port protection groups.


End of Steps

2.13.3 Port Protection Group Configuration Example


Configuration Description
As shown in Figure 2-23, port protection groups are configured on PE1 and PE2, which
are taken as the working ports of CIP interface bound to channels on the AC side.
Figure 2-23 Port Protection Group Configuration Network

Configuration Flow
1. Configure the port protection groups.
2. Configure APS parameters.

Configuration Command
The configuration for PE1 as follows. The configuration for PE2 is the same as that for
PE1.
PE1(config)#port-group 1
PE1(config-port-group-1)#group-type msp
PE1(config-port-group-1)#protect-type 1+1 bidirectional receiving selective
PE1(config-port-group-1)#working-port cpos3-1/3/0/1
PE1(config-port-group-1)#protect-port cpos3-0/2/2/1
PE1(config-port-group-1)#protect-strategy aps
PE1(config-port-group-1)#exit
PE1(config)#aps
PE1(config-aps)#linear-protect
PE1(config-aps-linear-protect)#port-group 1
PE1(config-aps-linear-protect-portgroup1)#revertive-mode revertive wtr 5

Configuration Verification
View the port protection group on PE1.
ZXR10#show aps linear-protect port-group 1

2-104
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


----------[APS Linear Instance]---------Protection group type: msp
Protection group id: 1
Protection type: 1+1 bidirectional receiving selective
APS is enabled
APS state: SIGNAL_FAIL_P
Active-state: restore-run
Revertive mode: revertive, WTR time: 5min
Hold-off time: 0ms,valid hold-off time: 0ms
Switch command: null

2.14 DNI-PW Protection Group Configuration


2.14.1 DNI-PW Protection Group Overview
DNI-PW Overview
Figure 2-24 shows a network topology where dual-homed mode is used in the PW
redundancy solution.
Figure 2-24 PW Redundancy Dual-Homed Protection Group

PE1 is connected to PE2 through PW1 (the active PW), and PE1 is connected to PE3
through PW2 (the standby PW). CE1 is connected to PE2 and PE3 in dual-homed mode.
l

If AC1 fails, CE1 performs access switchover, and traffic is rerouted to AC2. PE1 is
notified of the failure through mapping. PE1 switches the PW and drects traffic to
PW2.
2-105

SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

If PW1 fails, PE1 switches the PW after detecting the failure, and directs traffic to
PW2. PE1 notifies the AC side of the failure through mapping, so that CE1 performs
access switchover, and traffic is rerouted to AC2.

If an AC or a PW fails, traffic is rerouted at both the PW side and AC side.


To perform switchover without the OAM mapping function, and to separate the switchover
at the PW side from the switchover at the AC side so that network stability can be improved,
the Dual Node Interconnection-Pseudo Wire (DNI-PW) function must be used. Figure 2-25
shows a DNI-PW network topology.
Figure 2-25 DNI-PW Network Topology

The VPWS supports DNI-PW redundancy protection. Different from common VPWS
instances, each VPWS instance on PE2 and PE3 includes three PWs. One (PW1 or
PW2) is a common PW, and the other two PWs (PW3 and PW4) are DNI-PWs. The
two DNI-PWs are configured and used on both PE2 and PE3. One NDI-PW is used for
PW protection and remote uplink traffic bridging, and the other DNI-PW is used for AC
traffic protection and remote downlink traffic bridging. The DNI-PWs (PW3 and PW4) are
deployed for outer protection, and all DNI-PWs between PE2 and PE3 are deployed in
the same outer protection range.

DNI-PW Operation Procedure


DNI-PWs can be configured on Ethernet interfaces in two scenarios: MC-LAG load sharing
scenario and MC-LAG PW 1:1 scenario. The DNI-PW operation procedures in the two
scenarios are described as follows:
l

MC-LAG load sharing scenario


At the PW side, 1:1 interconnection mode is used. The header node (PE1) and the
dual-homed nodes (PE2 and PE3) use 1:1 single-transmit, dual-receive mode. At the
AC side, MC-LAG load sharing is configured between the dual-homed nodes (PE2 and
2-106

SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

PE3) and CE1. CE1 performs load sharing through SmargGroup. The dual-homed
nodes use 1:1 single-transmit, dual-receive mode. The blue arrows indicate uplink
traffic, and the red arrows indicate downlink traffic.
1. When all links are operating properly, the operational procedure is as shown in
Figure 2-26.
Figure 2-26 DNI-PW Operating StateSteady State (MC-LAG Loading Sharing)

2. If PW1 fails, the operational procedure is as shown in Figure 2-27.

2-107
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Figure 2-27 DNI-PW Operating StatePW1 Fails (MC-LAG Loading Sharing)

3. If PW1 fails, and if PW2 also fails during PW1 recovery or the WTR, the operational
procedure is as shown in Figure 2-28.
Figure 2-28 DNI-PW Operating StatePW2 Fails During PW1 Recovery

2-108
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

4. If PW2 fails, and if PW1 also fails during PW2 recovery or the WTR, the operational
procedure is as shown in Figure 2-29.
Figure 2-29 DNI-PW Operating StatePW1 Fails During PW2 Recovery

5. If AC1 fails, the operational procedure is as shown in Figure 2-30.


Figure 2-30 DNI-PW Operating StateAC1 Fails (MC-LAG Loading Sharing)

6. If AC1 and PW1 fail, the operational procedure is as shown in Figure 2-31.

2-109
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Figure 2-31 DNI-PW Operating StateAC1 and PW1 Fail

7. If the PE2 node fails, the operational procedure is as shown in Figure 2-32.
Figure 2-32 DNI-PW Operating StatePE2 Node Fails (MC-LAG Loading
Sharing)

MC-LAG PW 1:1 scenario


At the PW side, 1:1 interconnection mode is used. The header node (PE1) and the
dual-homed nodes (PE2 and PE3) use 1:1 single-transmit, dual-receive mode. At
2-110

SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

the AC side, MC-LAG/MSP 1:1 mode is used between the dual-homed nodes (PE2
and PE3) and CE1. CE1 uses single-transmit, dual-receive mode or single-transmit,
single-receive mode. The dual-homed nodes use single-transmit, dual-receive mode.
The blue arrows indicate uplink traffic, and the red arrows indicate downlink traffic.
1. When all links are operating properly, the operational procedure is as shown in
Figure 2-33.
Figure 2-33 DNI-PW Operating StateSteady State (MC-LAG PW 1:1)

2. If PW1 fails, the operational procedure is as shown in Figure 2-34.

2-111
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Figure 2-34 DNI-PW Operating StatePW1 Fails (MC-LAG PW 1:1)

3. If AC1 fails, the operational procedure is as shown in Figure 2-35.


Figure 2-35 DNI-PW Operating StateAC1 Fails (MC-LAG PW 1:1)

4. If AC1 and PW1 fail, the operational procedure is as shown in Figure 2-36 and
Figure 2-37.

2-112
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Figure 2-36 DNI-PW Operating StateAC1 and PW1 Fail (Transient State)

Figure 2-37 DNI-PW Operating StateAC1 and PW1 Fail (Steady State)

5. If the PE2 node fails, the operational procedure is as shown in Figure 2-38.

2-113
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Figure 2-38 DNI-PW Operating StatePE2 Node Fails (MC-LAG PW 1:1)

2.14.2 Configuring a DNI-PW Protection Group


This procedure describes how to configure a DNI-PW protection group.

Steps
l

Configure an inter-chassis coworker PW protection group.


1. Configure an inter-chassis coworker PW protection group in independent mode.
Ste-

Command

Function

ZXR10(config)#pw pw<1-115968>

Creates a PW interface in global

p
1

configuration mode.
2 (

ZXR10(config)#redundancy interchassis group

Configures an inter-chassis

Op-

<group-id>

protection group and apply it to

tion-

ZXR10(config-rg-group-id)#apply mc-pw

MC-PWs in global configuration

al)

mode. This step is required for


Step 8.
<group-id> ranges from 1 to
4294967293.

ZXR10(config)#pw-configuration

Enters independent PW
configuration mode.

2-114
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Ste-

Command

Function

ZXR10(config-pw)#pseudo-wire

Configures a PW entity.

p
4

pw<1-115968> neighbour <A.B.C.D>[vcid


<1-4294967295>]
ZXR10(config-pw-pw-number-neighbour)#e

Configures the role of the

xit

inter-chassis PW in the redundancy

ZXR10(config-pw)#redundancy-manager

group.

pw<1-115968>{mc-master|mc-slave}
5

ZXR10(config-pw-pw-number-rm)#mc-protec

Sets the inter-chassis protection

t-type coworker-proxy

type to coworker-proxy.

6 (

ZXR10(config-pw-pw-number-rm)#mc-protec

Sets the MC-selection redundancy

Op-

t-type mc-selection

protection type. The MC-selection

tion-

redundancy protection type and

al)

OAM-mapping redundancy
protection type cannot be
configured at the same time.

7 (

ZXR10(config-pw-pw-number-rm)#mc-prote

Op-

ct-type oam-mapping

Sets the OAM-mapping redundancy


protection type. The OAM-mapping

tion-

redundancy protection type

al)

and MC-selection redundancy


protection type cannot be
configured at the same time.

8 (

ZXR10(config-pw-pw-number-rm)#com

Sets the ICCP session ID

Op-

municate-unit iccp <iccp-session-id> roid

and redundancy object ID of

tion-

<redundancy-object-id>

inter-chassis protection. This

al)

command must be configured when


the redundancy protection type is
MC-selection or OAM-mapping.
<iccp-session-id> ranges from 1 to
4294967293.
<redundancy-object-id> ranges from
1 to 18446744073709551615.

ZXR10(config-pw-pw-number-rm)#exit

Configures the standby PW to

ZXR10(config-pw)#coworker-proxy-pw

protect the active PW.

<protect pw> as-remote-pw protect

Thee <protect pw> parameter

pw<1-115968>

sets the standby PW, and the


pw<1-115968> sets the active PW.

10

ZXR10(config-pw)#pseudo-wire

Sets entity for the standby PW

pw<1-115968> neighbour <A.B.C.D>[vcid

(namely, the <protect pw> entity in

<1-4294967295>]

Step 9).

2-115
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Ste-

Command

Function

ZXR10(config)#vpws <vpws-name>

Creates a VPWS instance, and

ZXR10(config-vpws-vpws-name)#pseudo-w

apply the independent DNI-PW

p
11

protection group to the VPWS

ire pw<1-115968>

instance. (The DNI-PW can be


bound to the VPWS service only.)
The pw<1-115968> parameter
indicates the active PW configured
in Step 3.

<A.B.C.D>: remote LSR ID. <vcid>: VC ID of the PW, range: 14294967295.


{mc-master|mc-slave}: role of the inter-chassis PW in the redundancy group,
where mc-master indicates the inter-chassis active PW, and mc-slave indicates
the inter-chassis standby PW.
<protect pw>: virtual interface name of the standby PW; pw<1-115968>: virtual
interface name of the active PW.
2. Verify the configurations.
Command

Function

ZXR10#show l2vpn protectgroup [<interface-name>]

Displays information about a


PW protection group or an
AC protection group. The
information is displayed after
the group is created.

ZXR10#show l2vpn protectgroup mc-selection [<pw-name>]

Displays inter-chassis PW
protection group information.
Displays all information about

ZXR10#show running-config l2vpn

the L2VPN module.

Configure an inter-chassis coworker AC protection group.


1. Configure an inter-chassis coworker AC protection group in independent mode.
Ste-

Command

Function

ZXR10(config)#pw pw<1-115968>

Creates a PW interface in

p
1

global configuration mode.


2

Enters independent PW

ZXR10(config)#pw-configuration

configuration mode.
3

ZXR10(config-pw)#traffic-behavior <interface-name>

Sets the forwarding


behavior.

2-116
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Ste-

Command

Function

ZXR10(config-pw-interface-name-behavior)#ce-s

Sets the CE-side forwarding

ide {1+1|1:1|load-balance}

behavior.

ZXR10(config-pw)#coworker-proxy-pw

Sets a PW to protect an AC.

p
4

pw<1-115968> as-remote-ac protect


<interface-name>
6

ZXR10(config-pw)#pseudo-wire pw<1-115968>

Configures entity for the

neighbour <A.B.C.D>[vcid <1-4294967295>]

standby PW.

ZXR10(config)#vpws <vpws-name>

Creates a VPWS instance,

ZXR10(config-vpws-vpws-name)#access-point

and apply the independent

<interface-name>

DNI-PW protection group to

ZXR10(config-vpws-zte-ac-interface-name)#acc

the VPWS instance. (The

ess-params ethernet

DNI-PW can be bound to the


VPWS service only.) The
<interface-name> parameter
indicates the AC created in
Step 3.

<interface-name>: AC interface name.


{1+1|1:1|load-balance}: CE-side forwarding behavior, 1+1, 1:1, or load-balance
mode.
<A.B.C.D>: remote LSR ID. <vcid>: VC ID of the PW, range: 14294967295.
2. Verify the configurations.
Command

Function

ZXR10#show l2vpn protectgroup [<interface-name>]

Displays information about a


PW protection group or an
AC protection group. The
information is displayed after
the group is created.

ZXR10#show running-config l2vpn

Displays all information about


the L2VPN module.

End of Steps

2-117
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

2.14.3 DNI-PW Protection Group Configuration Example


Configuration Description
As shown in Figure 2-39, DNI-PWs are configured between PE1 and PE2, and between
PE1 and PE. PE1 is the header node, PE2 is the active node, and PE3 is the standby
node.
Figure 2-39 DNI-PW Protection Group Configuration Example

Configuration Flow
1. Configure an ICCP protection group on PE2 and PE3.
2. Configure DNI-PW in 1:1 mode on PE2 and PE3.
3. Configure active/standby MC-LAG on PE2 and PE3.
The LDP neighbor configuration, route configuration and PW FRR configuration for
the header node are omitted.

Configuration Commands
Run the following commands on PE2:
PE2(config)#redundancy interchassis group 1
PE2(config-rg-1)#apply mc-pw
PE2(config-rg-1)#apply mlacp
PE2(config-rg-1)#peer 52.52.52.52
PE2(config-rg-1)#exit

2-118
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

PE2(config)#interface smartgroup1.1
PE2(config-if-smartgroup1.1)#exit
PE2(config)#vlan-configuration
PE2(config-vlan)#interface smartgroup1.1
PE2(config-vlan-if-smartgroup1.1)#encapsulation-dot1q 1
PE2(config-vlan-if-smartgroup1.1)#exit
PE2(config-vlan)#exit

PE2(config)#vpws zlj10001
PE2(config-vpws-zlj10001)#access-point smartgroup1.1
PE2(config-vpws-zlj10001-ac-smartgroup1.1)#access-params ethernet
PE2(config-vpws-zlj10001-ac-smartgroup1.1-eth)#exit
PE2(config-vpws-zlj10001-ac-smartgroup1.1)#traffic-behavior
PE2(config-vpws-zlj10001-ac-smartgroup1.1-behavior)#ce-side 1:1
PE2(config-vpws-zlj10001-ac-smartgroup1.1-behavior)#exit
PE2(config-vpws-zlj10001-ac-smartgroup1.1)#exit
PE2(config-vpws-zlj10001)#pseudo-wire pw10001
PE2(config-vpws-zlj10001-pw-pw10001)#neighbour 66.66.66.66 vcid 10001
PE2(config-vpws-zlj10001-pw-pw10001-neighbour)#exit
PE2(config-vpws-zlj10001-pw-pw10001)#redundancy-manager mc-master
PE2(config-vpws-zlj10001-pw-pw10001-rm)#mc-protect-type coworker-proxy
PE2(config-vpws-zlj10001-pw-pw10001-rm)#mc-protect-type mc-selection
PE2(config-vpws-zlj10001-pw-pw10001-rm)#communicate-unit iccp 1 roid 10001
PE2(config-vpws-zlj10001-pw-pw10001-rm)#exit
PE2(config-vpws-zlj10001-pw-pw10001)#exit
PE2(config-vpws-zlj10001)#coworker-proxy-pw pw40001 as-remote-ac protect smartgroup1.1
PE2(config-vpws-zlj10001-protect-pw40001)#neighbour 52.52.52.52 vcid 40001
PE2(config-vpws-zlj10001-protect-pw40001-neighbour)#exit
PE2(config-vpws-zlj10001-protect-pw40001)#exit
PE2(config-vpws-zlj10001)#coworker-proxy-pw pw30001 as-remote-pw protect pw10001
PE2(config-vpws-zlj10001-protect-pw30001)#neighbour 52.52.52.52 vcid 30001
PE2(config-vpws-zlj10001-protect-pw30001-neighbour)#exit
PE2(config-vpws-zlj10001-protect-pw30001)#exit
PE2(config-vpws-zlj10001)#exit

PE2(config)#lacp
PE2(config-lacp)#interface smartgroup1
PE2(config-lacp-sg-if-smartgroup1)#lacp mode 802.3ad
PE2(config-lacp-sg-if-smartgroup1)#lacp fast respond
PE2(config-lacp-sg-if-smartgroup1)#mc-lag iccp 1
PE2(config-lacp-sg-if-smartgroup1)#mc-lag priority 100
PE2(config-lacp-sg-if-smartgroup1)#mc-lag roid 1 node-id 1
PE2(config-lacp-sg-if-smartgroup1)#mc-lag sys-id 0000.5152.0000 sys-priority 1
PE2(config-lacp-sg-if-smartgroup1)#exit

2-119
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE2(config-lacp)#interface xgei-0/2/0/1
PE2(config-lacp-member-if-xgei-0/2/0/1)#smartgroup 1 mode active
PE2(config-lacp-member-if-xgei-0/2/0/1)#exit
PE2(config-lacp)#exit
PE2(config)#interface xgei-0/2/0/1
PE2(config-if-xgei-0/2/0/1)#holdtime 300

Run the following commands on PE3:


PE3(config)#redundancy interchassis group 1
PE3(config-rg-1)#apply mc-pw
PE3(config-rg-1)#apply mlacp
PE3(config-rg-1)#peer 51.51.51.51
PE3(config-rg-1)#exit

PE3(config)#interface smartgroup1.1
PE3(config-if-smartgroup1.1)#exit
PE3(config)#vlan-configuration
PE3(config-vlan)#interface smartgroup1.1
PE3(config-vlan-if-smartgroup1.1)#encapsulation-dot1q 1
PE3(config-vlan-if-smartgroup1.1)#exit
PE3(config-vlan)#exit

PE3(config)#vpws zlj10001
PE3(config-vpws-zlj10001)#access-point smartgroup1.1
PE3(config-vpws-zlj10001-ac-smartgroup1.1)#access-params ethernet
PE3(config-vpws-zlj10001-ac-smartgroup1.1-eth)#exit
PE3(config-vpws-zlj10001-ac-smartgroup1.1)#traffic-behavior
PE3(config-vpws-zlj10001-ac-smartgroup1.1-behavior)#ce-side 1:1
PE3(config-vpws-zlj10001-ac-smartgroup1.1-behavior)#exit
PE3(config-vpws-zlj10001-ac-smartgroup1.1)#exit
PE3(config-vpws-zlj10001)#pseudo-wire pw20001
PE3(config-vpws-zlj10001-pw-pw20001)#neighbour 66.66.66.66 vcid 20001
PE3(config-vpws-zlj10001-pw-pw20001-neighbour)#exit
PE3(config-vpws-zlj10001-pw-pw20001)#redundancy-manager mc-slave
PE3(config-vpws-zlj10001-pw-pw20001-rm)#mc-protect-type coworker-proxy
PE3(config-vpws-zlj10001-pw-pw20001-rm)#mc-protect-type mc-selection
PE3(config-vpws-zlj10001-pw-pw20001-rm)#communicate-unit iccp 1 roid 10001
PE3(config-vpws-zlj10001-pw-pw20001-rm)#exit
PE3(config-vpws-zlj10001-pw-pw20001)#exit
PE3(config-vpws-zlj10001)#coworker-proxy-pw pw30001 as-remote-ac protect smartgroup1.1
PE3(config-vpws-zlj10001-protect-pw30001)#neighbour 51.51.51.51 vcid 30001
PE3(config-vpws-zlj10001-protect-pw30001-neighbour)#exit
PE3(config-vpws-zlj10001-protect-pw30001)#exit
PE3(config-vpws-zlj10001)#coworker-proxy-pw pw40001 as-remote-pw protect pw20001

2-120
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


PE3(config-vpws-zlj10001-protect-pw40001)#neighbour 51.51.51.51 vcid 40001
PE3(config-vpws-zlj10001-protect-pw40001-neighbour)#exit
PE3(config-vpws-zlj10001-protect-pw40001)#exit
PE3(config-vpws-zlj10001)#exit

PE3(config)#lacp
PE3(config-lacp)#interface smartgroup1
PE3(config-lacp-sg-if-smartgroup1)#lacp mode 802.3ad
PE3(config-lacp-sg-if-smartgroup1)#lacp fast respond
PE3(config-lacp-sg-if-smartgroup1)#mc-lag iccp 1
PE3(config-lacp-sg-if-smartgroup1)#mc-lag priority 200
PE3(config-lacp-sg-if-smartgroup1)#mc-lag roid 1 node-id 2
PE3(config-lacp-sg-if-smartgroup1)#mc-lag sys-id 0000.5152.0000 sys-priority 1
PE3(config-lacp-sg-if-smartgroup1)#exit
PE3(config-lacp)#interface xgei-0/3/0/1
PE3(config-lacp-member-if-xgei-0/3/0/1)#smartgroup 1 mode active
PE3(config-lacp-member-if-xgei-0/3/0/1)#exit

Configuration Verification
View the DNI-PW state on PE2.
PE2(config)#show aps linear-protect pw-protector pw10001
----------[APS Linear Instance]---------Protection group type: pw
Protection group id: 253
Protection group name: pw10001
Protection type: 1:1 unidirectional receiving both
APS is enabled
APS state: NO_REQUEST_NULL
Protection mode: remote
Active-state: restore-run
Revertive mode: revertive, WTR time: 5min
Hold-off time: 0ms,valid hold-off time: 0ms
Switch command: nul
PE2(config)#show aps linear-protect pw-protector smartgroup1.1
----------[APS Linear Instance]---------Protection group type: pw
Protection group id: 252
Protection group name: smartgroup1.1
Protection type: 1:1 unidirectional receiving both
APS is enabled
APS state: NO_REQUEST_NULL
Protection mode: remote
Active-state: restore-run

2-121
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


Revertive mode: revertive, WTR time: 0min
Hold-off time: 0ms,valid hold-off time: 0ms
Switch command: null

PE2(config)#show aps linear-protect mc-selection pw10001


----------[APS Linear Instance]---------Protection group type: mc-selection
Protection group id: 1
Protection group name: pw10001

The local configuration (invalid):


Protection type: 1:1 unidirectional receiving selective
APS is not enabled
Protection mode: remote
Active-state: restore-run
Revertive mode: revertive, WTR time: 5min
Hold-off time: 0ms,valid hold-off time: 0ms
Switch command: null

The peer configuration (valid):


APS state: NO_REQUEST_NULL
Protection mode: remote
Active-state: restore-run
Revertive mode: revertive, WTR time: 5min
Hold-off time: 0ms, valid hold-off time: 0ms
Switch command: null

PE2(config)#show lacp 1 internal


Smartgroup:1
Flags:

* - Port is Active member Port


S - Port is requested in Slow LACPDUs
F - Port is requested in Fast LACPDUs
A - Port is in Active mode
P - Port is in Passive mode

Actor

Agg

LACPDUs

Port

Port[Flags]

State

Interval Pri

Oper

Port

RX

Key

State Machine

Mux
Machine

-------------------------------------------------------------------------------xgei-0/3/0/23[SA*]

ACTIVE

30

32768 0x121

0x3d

CURRENT

COLL&DIST

View the DNI-PW state on PE3.


PE3(config)#show aps linear-protect pw-protector pw20001
----------[APS Linear Instance]---------Protection group type: pw
Protection group id: 2

2-122
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


Protection group name: pw20001
Protection type: 1:1 unidirectional receiving both
APS is enabled
APS state: SIGNAL_FAIL_W
Protection mode: remote
Active-state: restore-run
Revertive mode: revertive, WTR time: 5min
Hold-off time: 0ms,valid hold-off time: 0ms
Switch command: null
PE3(config)#show aps linear-protect pw-protector smartgroup1.1
----------[APS Linear Instance]---------Protection group type: pw
Protection group id: 1
Protection group name: smartgroup1.1
Protection type: 1:1 unidirectional receiving both
APS is enabled
APS state: SIGNAL_FAIL_W
Protection mode: remote
Active-state: restore-run
Revertive mode: revertive, WTR time: 0min
Hold-off time: 0ms,valid hold-off time: 0ms
Switch command: null
PE3(config)#show aps linear-protect mc-selection pw20001
----------[APS Linear Instance]---------Protection group type: mc-selection
Protection group id: 1
Protection group name: pw20001

The local configuration (valid):


Protection type: 1:1 unidirectional receiving selective
APS is enabled
APS state: NO_REQUEST_NULL
Protection mode: remote
Active-state: restore-run
Revertive mode: revertive, WTR time: 5min
Hold-off time: 0ms,valid hold-off time: 0ms
Switch command: null

The peer configuration (invalid):


Protection mode: remote
Active-state: restore-run
Revertive mode: revertive, WTR time: 5min
Hold-off time: 0ms, valid hold-off time: 0ms
Switch command: null

2-123
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE3(config)#show lacp 1 internal
Smartgroup:1
Flags:

* - Port is Active member Port


S - Port is requested in Slow LACPDUs
F - Port is requested in Fast LACPDUs
A - Port is in Active mode
P - Port is in Passive mode

Actor

Agg

LACPDUs

Port

Port[Flags]

State

Interval Pri

Oper

Port

RX

Mux

Key

State Machine

Machine

-------------------------------------------------------------------------------xgei-0/2/0/9[SA ]

INACTIVE 30

32768 0x121

0x5

CURRENT

WAITING

2.15 PW List Configuration


2.15.1 PW List Overview
For PWs with the same source and destination, if PW protection is used and OAM is
enabled for each PW, there will be too many OAM instances and system resources are
wasted. To save OAM instance, PWs with the same source and destination can be add to
a PW list. The OAM instance of the master PW operates as the OAM instance of the PW
list. If the OAM instance detects a fault, traffic can be rerouted to the specified associated
PW, and protection switchover can be triggered for all associated PWs.
In a PW list, the PW for which OAM is enabled is the master PW, and other PWs are slave
PWs. One PW can only be in one PW list.

2.15.2 Configuring a PW List


This procedure describes how to configure a PW list.

Steps
1. Configure a PW list.
l Method 1: Configure a PW entity in the L2VPN service, and then configure a PW
list.
Step

Command

Function

ZXR10(config)#pw pw<1-115968>

Creates a PW interface in
global configuration mode.

ZXR10(config)#vpls <vpls-name> [multi-mac-spac

Creates a VPLS instance.

es]

You can create a VPWS


instance instead of a VPLS
instance.

2-124
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Step

Command

Function

ZXR10(config-vpls-vpls-name)#pseudo-wire

Binds a PW to the VPLS

pw<1-115968>[spoke]

service. You can bind


multiple PWs to the VPLS
service.

Configures a PW entity.

ZXR10(config-vpls-vpls-name-pwpw-number)#neighbour <A.B.C.D>[vcid

<1-4294967295>]
5

ZXR10(config)#pw-list <1-1024>

Creates a PW list.

ZXR10(config-pw-list-number)#master pw

Sets the master PW in the

<pw-name>

PW list.

ZXR10(config-pw-list-number)#slave pw

Sets a slave PW in the PW

<pw-name>

list.

A PW list supports a
maximum of 1023 slave
PWs.

Method 2: Configure PWs in independent PW configuration mode, bind the PWs


to the service, and then configure a PW list.
Step

Command

Function

ZXR10(config)#pw pw<1-115968>

Creates a PW interface in
global configuration mode.

Enters independent PW

ZXR10(config)#pw-configuration

configuration mode.
3

ZXR10(config-pw)#pseudo-wire pw<1-115968>

Configures a PW entity

neighbour <A.B.C.D>[vcid <1-4294967295>]

in independent PW
configuration mode. You
can multiple PWs.

ZXR10(config)#vpls<vpls-name><multi-mac-spac

Creates a VPLS instance.

es>

You can create a VPWS


instance instead of a VPLS
instance.

ZXR10(config-vpls-vpls-name)#pseudo-wire

Binds a PW to the VPLS

pw<1-115968>[spoke]

service. You can bind


multiple PWs to the VPLS
service.

ZXR10(config)#pw-list <1-1024>

Creates a PW list.

ZXR10(config-pw-list-list-number)#master

Sets the master PW in the

pw <pw-name>

PW list.

2-125
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Step

Command

Function

ZXR10(config-pw-list-list-number)#slave pw

Sets a slave PW in the PW

<pw-name>

list.
A PW list supports a
maximum of 1023 slave
PWs.

<A.B.C.D>: remote LSR ID.


<vcid>: VC ID of the PW, range: 14294967295.
<pw-name>: PW interface name.
2. Verify the configurations.
Command

Function

ZXR10(config)#show running-config l2vpn

Displays all information about


the L2VPN module.

ZXR10(config)#show pw-list <1-1024>

Displays information about a PW


list.
The information can be displayed
after the FTN is generated for
each PW.

End of Steps

2.15.3 PW List Configuration Example


Configuration Description
As shown in Figure 2-40, a PW list is configured for the PWs with the same source and
destination.

2-126
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Figure 2-40 PW List Configuration Example

Configuration Flow
1. Configure FRR for multiple PWs on PE1. (The configuration is omitted.)
2. Set one of the PWs to the master PW in the PW list, and set other PWs to slave PWs.
3. Enable BFD for the master PW in the PW list.

Configuration Commands
Run the following commands on PE1:
PE1(config)#pw-list 1
PE1(config-pw-list-1)#master pw pw1
PE1(config-pw-list-1)#slave pw pw2
PE1(config-pw-list-1)#slave pw pw3
PE1(config-pw-list-1)#slave pw pw4
PE1(config-pw-list-1)#slave pw pw5
PE1(config-pw-list-1)#slave pw pw6
PE1(config-pw-list-1)#slave pw pw7
PE1(config-pw-list-1)#slave pw pw8
PE1(config-pw-list-1)#slave pw pw9
PE1(config-pw-list-1)#slave pw pw10
PE1(config-pw-list-1)#slave pw pw11
PE1(config-pw-list-1)#exit
PE1(config)#bfd
PE1(config-bfd)#session 1 pw-bfd pw-name pw1
PE1(config-bfd-pw-1)#time-negotiation interval 10 min-rx 10 multiplier 3

Run the following commands on PE2:


2-127
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE2(config)#bfd
PE2(config-bfd)#session 1 pw-bfd pw-name pw1
PE2(config-bfd-pw-1)#time-negotiation interval 10 min-rx 10 multiplier 3

Configuration Verification
View the state of the PW list on PE1.
PE1(config)#show pw-list 1
pw-list: 1

status: UP
Master PW: pw1

Slave

PW: pw11

Slave

PW: pw10

Slave

PW: pw9

Slave

PW: pw8

Slave

PW: pw7

Slave

PW: pw6

Slave

PW: pw5

Slave

PW: pw4

Slave

PW: pw3

Slave

PW: pw2

View the PW BFD state on PE1 and PE2.


PE1(config)#show bfd neighbors pw brief
Pwname

LD

RD

pw1

2051

2051

Hold

State

30

UP

PE2(config)#show bfd neighbors pw brief


Pwname

LD

RD

Pw1

2051

2051

Hold

State

30

UP

When BFD detects a down event, BFD triggers the master PW (pw1) to be down, and then
all slave PWs in the PW list are triggered. View the PW BFD state on PE1 and PE2.
PE1(config)#show bfd neighbors pw brief
Pwname

LD

pw1

2051

RD
0

Hold

State

DOWN

PE2(config)#show bfd neighbors pw brief


Pwname

LD

RD

Pw1

2051

Hold

State

DOWN

View the state of the PW list on PE1.


PE1(config)#show pw-list 1

2-128
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration


pw-list: 1

status: DOWN
Master PW: pw1

Slave

PW: pw11

Slave

PW: pw10

Slave

PW: pw9

Slave

PW: pw8

Slave

PW: pw7

Slave

PW: pw6

Slave

PW: pw5

Slave

PW: pw4

Slave

PW: pw3

Slave

PW: pw2

2.16 Independent PW and Independent PW Protection


Group Configuration
2.16.1 Independent PW and Independent PW Protection Group
Overview
A PW and PW protection group can be configured independently as needed. After being
configured, a PW and PW protection group is bound to a service.
The principle of configuring a PW (or PW group) independently is the same as that of
configuring a PW (or PW group) directly. A PW or PW group can be independently
configured, but it must be bound to a service so that it is applied.

2.16.2 Configuring an Independent PW and Independent PW


Protection Group
This procedure describes how to configure an independent PW and independent PW
protection group.

Steps
l

Configure an independent PW.


1. Configure an independent PW.
Step

Command

Function

ZXR10(config)#pw pw<1-115968>

Creates a PW interface in
global configuration mode.

2-129
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Step

Command

Function

ZXR10(config)#pw-configuration

Enters independent PW
configuration mode.

ZXR10(config-pw)#pseudo-wire pw<1-115968>

Configures a PW entity.

neighbour <A.B.C.D>[vcid <1-4294967295>]

2. (Optional) Configure parameters for the independent PW.


Step

Command

Function

ZXR10(config-pw-pw-number-neighbour)#contr

Determines whether the

ol-word preferred

PW uses the control word.

ZXR10(config-pw-pw-number-neighbour)#enca

Sets the encapsulation

psulation {ethernet {tagged|raw}[reversing]|fr

mode for the PW.

{port|dlci|dlci-old}|tdm {aal1|aal2|satop
{e1|e3|t1|t3}|cesopsn {basic|cas}|sonet-sdh
{cesom|ceop}}|atm {port|vpc|vcc|vpc-group|vcc-grou
p|sdu|pdu}|ip|hdlc|ppp}
3

ZXR10(config-pw-pw-number-neighbour)#vccv

Sets the PW to support the

bfd capability {basic|status} encapsulation

VCCV function.

{raw|ip}[compatible cc {ttl|alert-label|cw}]
4

ZXR10(config-pw-pw-number-neighbour)#tunnel

Sets the outer tunnel policy

-policy <tunnel-policy-name>

for the PW.

ZXR10(config-pw-pw-number-neighbour)#signal

Sets the PW establishment

{dynamic | static local-label <16-1048575>

mode to signaling

remote-label <16-1048575>}

triggering.

ZXR10(config-pw-pw-number-neighbour)#oam-

Sets the CSF state

mapping ignoring frr [abort]

separation mode for the


PW.
frr: If a CSF packet is
received, APS is not
notified of the failure, and
FRR switchover calculation
is not performed.
abort: OAM-mapping to an
AC is not performed.

ZXR10(config-pw-pw-number-neighbour)#traffic

Sets the traffic statistical

-statistics{enable|disable}

function for the PW.

2-130
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Step

Command

Function

ZXR10(config-pw-pw-number-neighbour)#track

Sets the PW track function.

<track-name>

In a track, BFD, CFM, or


EFM can be bound. After
the track is bound to a PW,
together with SAMGR, the
track can perform linkage
detection.

ZXR10(config-pw-pw-number-neighbour)#shut

Disables the PW.

down
10

ZXR10(config-pw-pw-number-neighbour)#ban

Sets the PW bandwidth.

dwidth <1-4294967295>[cbs <1-4294967295>][pir


<1-4294967295>][pbs <1-4294967295>]
11

ZXR10(config-pw-pw-number-neighbour)#rate-li

Sets the rate limit function

mit mode { blind | aware } cir < 8-20000000 > cbs <

for the PW.

1-5120000 > pir < 8-20000000 > pbs < 1-5120000 >

<A.B.C.D>: remote LSR ID.


<vcid>: VC ID of the PW, range: 14294967295.
bfd: sets the CV type to PW-BFD.
basic: The BFD session provides the detection capability only.
status: The BFD session provides the detection and state advertisement
capabilities.
raw: BFD PDUs use RAW encapsulation without an IP header or a UDP header.
ip: BFD PDUs use encapsulation with an IP header and UDP header (namely,
using control-word encapsulation).
ttl: CC type, a PW label whose value is 1.
alert-label: CC type, a reserved label whose value is 1.
cw: CC type. The PW-ACH is one of the PW headers defined in RFC 4385.
<tunnel-policy-name>: name of a tunnel policy.
dynamic: dynamic negotiation.
static: static PW.
<16-1048575>: range of a PW label.
frr: If a CSF packet is received, APS is not notified of the failure, and FRR
switchover calculation is not performed. abort: OAM-mapping to an AC is not
performed.
<track-name>: track name.
<1-4294967295>: range of the bandwidth.
2-131
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

< 8-20000000 >, < 1-5120000 >: range of the parameters related to the rate limit.
3. Verify the configurations.
Command

Function

ZXR10(config)#show running-config l2vpn

Displays all information about


the L2VPN module.

Configure an independent PW protection group (a non-DNI-PW protection group).


1. Configure an independent PW protection group.
Step

Command

Function

ZXR10(config)#pw pw<1-115968>

Creates a PW interface in
global configuration mode.

Enters independent PW

ZXR10(config)#pw-configuration

configuration mode.
3

ZXR10(config-pw)#pseudo-wire pw<1-115968>

Configures a PW entity.

neighbour <A.B.C.D>[vcid <1-4294967295>]


4

ZXR10(config-pw-pw-number-neighbour)#exit

Configures a PW

ZXR10(config-pw)#redundancy-manager

redundancy group.

pw<1-115968>{mc-master|mc-slave}

To configure a common
PW protection group, the
mc-master and mc-slave
parameters do not need to
be set.

ZXR10(config-pw-pw-number-rm)#protect-typ

Configures the PW

e{1+1|1:1}{bidirectional|unidirectional}[receiving

protection type.

{selective|both}] protect-strategy aps


6 (Op-

ZXR10(config-pw-pw-number-rm)#pfs-bits

Configures the PW

tional)

negotiate {independent | master | slave}

negotiation mode.

7 (Op-

ZXR10(config-pw-pw-number-rm)#pfs-bits-advert

Sets whether the

tional)

ise regardless-of-ac

active/standby PW
negotiation state is related
to an AC.

ZXR10(config-pw-pw-number-rm)#exit

Configures the standby PW

ZXR10(config-pw)#backup-pw <pw-name> protect

to protect the active PW.

<pw-name>
9

ZXR10(config-pw)#pseudo-wire pw<1-115968>

Configures the entity of the

neighbour <A.B.C.D>[vcid <1-4294967295>]

standby PW.

<A.B.C.D>: remote LSR ID.


<vcid>: VC ID of the PW, range: 14294967295.
2-132
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

mc-master: master role in inter-chassis protection.


mc-slave: slave role in inter-chassis protection.
{1+1|1:1}: PW protection type.
{bidirectional|unidirectional}: APS negotiation type, including the bidirectional and
unidirectional modes.
{selective |both}: APS uses selective receiving or both receiving.
independent: sets the PW redundancy negotiation mode to independent.
master: Sets the PW redundancy negotiation mode to master.
slave: Sets the PW redundancy negotiation mode to slave.
<pw-name>: PW interface name.
2. Verify the configurations.
Command

Function

ZXR10(config)#show running-config l2vpn

Displays all information about


the L2VPN module.

End of Steps

2.17 Diagnosing PWE3


This procedure describes how to enable the PWE3 debugging function. The system
supports enabling debugging for a maximum of 16 PWs. The control PWE3 module can
output debugging information about the specified PW.

Steps
1. Enables the PWE3 event debugging function.
Command

Function

ZXR10#debug pwe3 event [{fec128 peer <ip-address>

Enables PWE3 event debugging

vcid <vcid> pw-type {ethernet {raw|tagged}|ip|ppp|hdlc|fr

function and monitors the AC

{port|dlci|dlci-old}|tdm {aal1|aal2|satop {e1|t1|e3|t3}|cesopsn

state and session state.

{basic|cas}|sonet-sdh {cesom|ceop}}|atm {port|vpc|vcc|vcc-gr


oup|vpc-group|sdu|pdu}}|fec129 peer <ip-address> vpls-id
{<0-65535>:<0-4294967295>|A.B.C.D:<0-65535>} pw-type
ethernet {raw|tagged}}]

Parameter descriptions:
Parameter

Description

<ip-address>

Remote IP address of a PW.

<vcid>

ID of a PW.
2-133

SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Parameter

Description

<0-65535>:<0-4294967295>

VPLS instance ID.

A.B.C.D:<0-65535>

VPLS instance ID.

raw

PW type, Ethernet.

tagged

PW type, Ethernet Tagged Mode.

ip

PW type, IP Layer2 Transport.

ppp

PW type, PPP.

hdlc

PW type, HDLC.

port

PW type, ATM transparent cell


transport.

dlci

PW type, Frame Relay DLCI.

dlci-old

PW type, Frame Relay.

aal1

PW type, TDMoIP AAL1 Mode.

aal2

PW type, TDMoIP AAL2 Mode.

e1

PW type, SAToP E1.

t1

PW type, SAToP T1 (DS1).

e3

PW type, SAToP E3.

t3

PW type, SAToP T3 (DS3).

basic

PW type, CESoPSN basic mode.

cas

PW type, CESoPSN TDM with


CAS.

cesom

PW type, SONET/SDH CESoM.

ceop

PW type, SONET/SDH CEoP.

port

PW type, ATM transparent cell


transport.

vpc

PW type, ATM one-to-one VPC


cell mode.

vcc

PW type, ATM one-to-one VCC


cell mode.

vcc-group

PW type, ATM n-to-one VCC cell


transport.

vpc-group

PW type, ATM n-to-one VCC cell


transport.

sdu

PW type, ATM transparent cell


transport.

2-134
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 2 MPLS L2VPN Configuration

Parameter

Description

pdu

PW type, ATM AAL5 PDU VCC


transport.

2. Enables the debugging function for PWE3 signaling interaction.


Command

Function

ZXR10#debug pwe3 signal [{fec128 peer <ip-address>

Enables the debugging

vcid <vcid> pw-type {ethernet {raw|tagged}|ip|ppp|hdlc|fr

function for PWE3 signaling

{port|dlci|dlci-old}|tdm {aal1|aal2|satop {e1|t1|e3|t3}|cesopsn

interaction, and monitors

{basic|cas}|sonet-sdh {cesom|ceop}}|atm {port|vpc|vcc|vcc-gr

sending and receiving of

oup|vpc-group|sdu|pdu}}|fec129 peer <ip-address> vpls-id

mapping messages and

{<0-65535>:<0-4294967295>|A.B.C.D:<0-65535>} pw-type

mappingwithdraw messages.

ethernet {raw|tagged}}]

Parameter descriptions:
Parameter

Description

<ip-address>

Remote IP address of a PW.

<vcid>

ID of a PW.

<0-65535>:<0-4294967295>

VPLS instance ID.

raw

PW type, Ethernet.

tagged

PW type, Ethernet Tagged Mode.

ip

PW type, IP Layer2 Transport.

ppp

PW type, PPP.

hdlc

PW type, HDLC.

port

PW type, ATM transparent cell


transport.

dlci

PW type, Frame Relay DLCI.

dlci-old

PW type, Frame Relay.

aal1

PW type, TDMoIP AAL1 Mode.

aal2

PW type, TDMoIP AAL2 Mode.

e1

PW type, SAToP E1.

t1

PW type, SAToP T1 (DS1).

e3

PW type, SAToP E3.

t3

PW type, SAToP T3 (DS3).

basic

PW type, CESoPSN basic mode.

2-135
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Parameter

Description

cas

PW type, CESoPSN TDM with


CAS.

cesom

PW type, SONET/SDH CESoM.

ceop

PW type, SONET/SDH CEoP.

port

PW type, ATM transparent cell


transport.

vpc

PW type, ATM one-to-one VPC


cell mode.

vcc

PW type, ATM one-to-one VCC


cell mode.

vcc-group

PW type, ATM n-to-one VCC cell


transport.

vpc-group

PW type, ATM n-to-one VCC cell


transport.

sdu

PW type, ATM transparent cell


transport.

pdu

PW type, ATM AAL5 PDU VCC


transport.

3. Verify the configurations.


Command

Function

ZXR10#show debug pwe3

Displays monitored PWE3 items.

End of Steps

2-136
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3

MPLS L3VPN Configuration


Table of Contents
MPLS L3VPN Basic Function Configuration ...............................................................3-1
MPLS L3VPN MPLS VPN Route Aggregation Configuration ....................................3-34
L3VPN Route Restriction and Alarm.........................................................................3-40
Global Static Route Configuration in L3VPN.............................................................3-49
L3VPN FRR Configuration .......................................................................................3-55
MPLS L3VPN Load Balancing Configuration ............................................................3-67
Configuring MPLS L3VPN Crossing Several ASs .....................................................3-82
Label Configuration of each VRF for MPLS L3VPN ................................................ 3-113
MPLS L3VPN GR Configuration ............................................................................. 3-117
MPLS L3VPN HoPE Configuration .........................................................................3-125
BGP Update Group Configuration ..........................................................................3-150
L3VPN Tunnel Policy Configuration........................................................................3-156
BGP Route-Target Route Configuration..................................................................3-164

3.1 MPLS L3VPN Basic Function Configuration


3.1.1 MPLS L3VPN Overview
MPLS L3VPN Introduction
MPLS L3 VPN is a kind of IP VPN based on MPLS technology. It is also called L3VPN,
which applies MPLS technology to routers and switches. MPLS VPN simplifies the route
selection mode of core routers, and it realizes IP virtual private network by means of the
label switching of conventional routing technology.
MPLS VPN can be used to construct broadband Intranet and Extranet, which can satisfy
the requirements of many services cleverly.
MPLS VPN can utilize the powerful transmission capability of a public backbone network
to reduce the construction costs of the Intranet, and greatly improve the operation and
management flexibility of user networks. Meanwhile, it meets the user requirements for
data transmission security, real time and broad band, convenience.

MPLS L3VPN Terms


In an IP-based network, MPLS has many advantages,
l

Reduce cost
3-1

SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

MPLS simplifies the integration technology of ATM and IP. It efficiently combines the
L2 and L3 technologies. Therefore, the cost is reduced and the investment is saved
at earlier stages.
l

Improve resource utilization rate


Since label switching is used in network, the IP addresses used by users in their LAN
can be repeated. In this way, IP resource utilization rate is improved.

Improve network speed


Since label switching is used, the time for address search in each hop process is
shortened. In this way, the time of data transmission time is reduced in network, and
the network speed is improved.

Improve flexibility and expansibility


Since MPLS uses AnyToAny connection, the network flexibility and expansibility are
improved. With respect to the flexibility, special control policy can be customized to
meet special requirements of different users to realize value-added services. The
expansibility covers the following two points:
On one hand, more VPNs are contained by a network. On the other hand, easy user
expansion in the same VPN.

Convenience
MPLS is widely used in operator networks. It bring more convenience to enterprise
users establish global VPN.

Improve transmission security


MPLS serves as a channel mechanism to implement transparent packet transmission.
MPLS Link State Packets (LSP)s have high reliability and security, similar to frame
relay and ATM Virtual Channel Connection (VCC).

Enhance service integration capability


A network can support the services integrating data, audio and video.

MPLS QoS guarantee


The related standards and drafts drawn by Internet Engineering Task Force (IETF) for
Border Gateway Protocol (BGP)/MPLS VPN are provided in the RFC.

VPN-IPv4 Address and RD


Since L3 VPN may be connected to private networks through Internet and these private
networks can either use public or private addresses, the addresses used by different
private networks may be repeated when private networks use private addresses.
To avoid the repetition of private addresses, public addresses can be used by network
devices to replace private addresses. A solution is provided in RFC that uses an existent
private network ID to generate a definite new address.

3-2
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

The new address is a part of VPN-IPv4 address family, and it also is a BGP address family
of the MP-BGP protocol. In a VPN-IPv4 address, there is a value used to differentiate
different VPNs, called Route Distinguisher (RD).
The format of a VPN-IPv4 address is an eight-byte RD plus a four-byte IP address. RD is
the eight-byte value used for VPN differentiation. An RD consists of the following fields:
l

Type field (two bytes): It determines the length of the other fields.

If the value of the type field is 0, Administrator (ADM) field covers two bytes and
the Assignment Number (AN) domain covers four bytes.

If the value of the type field is 1, ADM field covers four bytes and the Assignment
Number (AN) field covers two bytes.

If the value of the type field is 2, ADM field covers four bytes and the Assignment
Number (AN) field covers two bytes.

ADM field: It identifies an administration assignment number

If the value of the type field is 0, the administrator domain contains an


Autonomous System (AS) ID. RFC recommends a public AS ID allocated by
Internet Assigned Numbers Authority (IANA) be used (it is much better that the
AS ID of the ISP or customer itself is used).

If the type domain is 1, the ADM field contains an IPv4 address. RFC
recommends to use router IP address (this address is normally configured as
router ID). Router IP address is a public address.

If the type domain is 2, the ADM field contains an AS ID (four bytes).

AN field: The number assigned by a network operator

If the type field is 0, AN field covers four bytes.

If the type field is 1, AN field covers two bytes.

If the type field is 2, AN field covers two bytes.

The RD is only used between PEs and CEs to differentiate IPv4 addresses of different
VPNs. The ingress generates an RD and converts the received IPv4 route of the CE into
a VPN-IPv4 address. Before advertising the route to the CE, the egress PE converts the
VPN-IPv4 route into an IPv4 route.

MPLS L3VPN Features


l

l
l

MPLS L3VPN uses L3 technology. Every VPN has its own VPN-ID. Every VPN user
can only communicate with the members belonging to the same VPN, and only VPN
members can enter the VPN.
In MPLS VPN, the Service Provider (SP) allocates an RD to every VPN. The RD is
unique in SP network.
Forwarding table contains a unique address, called VPN-IP address, which is formed
through the connection of the RD and user IP address. The VPN-IP address is unique
in the network. The address table is stored in the forwarding table.
3-3

SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

BGP is a routing information distribution protocol, which uses multi-protocol extension


and common attributes to define VPN connectivity. In MPLS VPN, BGP only
advertises messages to the members in the same VPN, and provides basic security
by means of traffic split.
Data is forwarded by using LSP. The LSP defines a special path that cannot be
changed, to guarantee the security. Such a label-based mode can provide confidentiality like frame relay and ATM. The SP associates a special VPN to an interface,
and packet forwarding is decided by ingress labels.
VPN forwarding table contains a label that corresponds to the VPN-IP address. The
label is used to send data to the corresponding destination. Since the label replaces
the IP address, user can keep its own address structure. The data can be transmitted
without Network Address Translation (NAT). According to the data ingress, the
corresponding router will select a special VPN forwarding table that only contains a
valid destination address in VPN. Router selects a specified VPN forwarding table
according to the ingress. The VPN forwarding table contains the valid destination
addresses only.

MPLS L3VPN Work Flow


1. CE advertises routing information on the user's network to the PE by means of static
route, default route, routing protocols RIP, OSPF, IS-IS or BGP. CE sends the routing
information to PE by static route, default router or routing protocol, such as Routing
Information Protocol (RIP), OSPF and Intermediate System-to-Intermediate System
(IS-IS).
2. Meanwhile extended multi-protocol BGP is used between PEs to transmit VPN-IP
information and the corresponding labels (VPN label, called inner label hereinafter).
3. The conventional IGP is used between PE and P to learn the routing information,
and the LDP is used to bind the routing information to label (a label on the backbone
network, called outer label hereinafter).
4. In this way, the basic network topology and routing information among CE, PE and
P are already formed. Thus, the PE router has the routing information of backbone
network and every VPN.
5. When CE user data belonging to some VPN enters the network, the system can identify
to which VPN the CE belongs on the interface of CE that connects to PE, and will further
read the next-hop address information in the routing table of the VPN. In addition, the
forwarded packets will be marked with a VPN label (inner label). In this case, the
obtained next-hop address is the address of a PE that is the peer of this PE.
6. To reach the destination PE, routing information of backbone network is read from the
source PE , thus to obtain the address of the next P router. Meanwhile, the forwarded
user packets are marked with a backbone network label (outer label).
7. On backbone network, all the P routers locating behind the source PE read the outer
label to determine the next hop. Therefore, the simple label switching is performed in
backbone network only.
8. When the packet reaches the last P router before arriving at the destination PE, the
outer label will be removed. After the packet reaches the destination PE, the PE will
3-4
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

read the inner label, find the next-hop CE in the corresponding VPN routing table and
send the packet to the related interface, and then transmit the packet to the CE network
of the VPN.

3.1.2 Configuring MPLS L3VPN


To configure MPLS L3VPN, perform the following steps:
1.
2.
3.
4.

Create a VRF on a PE.


Configure a static route or a dynamic routing protocol between a CE and a PE.
Configure MPBGP.
(Optional) Configure MPLS L3VPN advanced functions.

3.1.2.1 Creating a VRF on a PE


This procedure describes how to configure a VRF on a PE router.

Context
A VRF table is created for each VPN on a PE. VRF only saves the route information related
to this VPN. VPN is independent, which has its own interface, routing and label tables,
route protocol and so on.

Steps
1. Create a VPN instance.
Command

Function

ZXR10(config)#ip vrf < vrf-name>

Configures a VPN instance.

2. Configure a VPN instance.


Step

Command

Function

ZXR10(config-vrf-vrf-name)#rd

Defines VRF RD.

<route-distinguisher>
2

ZXR10(config-vrf-vrf-name)#address-family

Activates IPv4 or IPv6 address

{ipv4|ipv6}

family.

ZXR10(config-vrf-vrf-name-af-ipv4)#route-ta

Creates route-target extension

rget [ import | export | both]<extended-community>

community attribute relating to


VRF.

<route-distinguisher>: VRF RD, there are three formats.


l
l
l

<0~65535> :<0~4294967295>
A.B.C.D:<0~65535>
<1-65535>.<0-65535>:<0-65535>

{ipv4|ipv6}: Activates IPv4 or IPv6 address family.


3-5
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

import: Imports the route to VRF according to route-target extension community


attribute.
export: Exports the VRF route with route-target extension community attribute.
both: It is equal to enable import and export at the same time.
<extended-community>: The route-target extension community attribute, there are three
formats.
l
l
l

<0~65535>:<0~4294967295>
A.B.C.D:<0~65535>
<1-65535>.<0-65535>:<0-65535>

3. Associate interface to VRF.


Step

Command

Function

ZXR10(config)#interface < interface-name>

Enters interface configuration


mode.

ZXR10(config-if-interface-name)#ip vrf

Associates interface to VRF.

forwarding < vrf-name>

Delete the existent IP address


of the interface before using this
command.

Configures interface address.

ZXR10(config-if-interface-name)#ip address

< ip-address>< netmask>

4. Verify the configurations.


Command

Function

ZXR10#show ip vrf [brief [<vrf-name>]|detail

Indicates VRF information.

[<vrf-name>]|summary]

End of Steps

3.1.2.2 Configuring a Static Route Between a CE and a PE


This procedure describes how to configure a static route between a CE and a PE.

Context
In order to run static route protocol between a CE and a PE, a static route pointing to a CE
needs to be configured on a PE, and the static route needs to be distributed to BGP.

Steps
1. Configure a static route pointing to CE on PE.

3-6
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Command

Function

ZXR10(config)#ip route vrf {mng |<vrf-name>}<prefix><ne

Configures a static route pointing

t-mask>{<forwarding-router's-addres>[global]|<interface-nam

to CE on PE.

e>[<forwarding-router's-address>]}[<distance-metric>][metric

It is required to specify a VRF to

<metric-value>][tag <tag-value>][bfd enable][track

which this static route belongs.

<track-name>][name <description-name>]

2. Redistribute the static route in BGP VRF address family configuration mode.
Step

Command

Function

ZXR10(config)#router bgp < as-number>

Enters BGP route


configuration mode.

ZXR10(config-bgp)#address-family ipv4 vrf < vrf-name>

Enters VRF address family


configuration mode.

ZXR10(config-bgp-af-ipv4-vrf)#redistribute static

This redistributes the static


route.

3. Verify the configurations.


Command

Function

ZXR10#show ip vrf [brief [<vrf-name>]|detail

Indicates VRF information.

[<vrf-name>]|summary]
ZXR10#show ip protocol routing vrf <vrf-name>[ migp]{[n

Indicates VRF protocol routing table.

etwork <ipv4-address>|[mask <ipv4-address-mask>]]|[


all]|[<protocol>]}

End of Steps

Example
As shown in Figure 3-1, static routes are established between CE1 and PE1.

3-7
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Figure 3-1 Running Static Route Protocol between CE and PE

Configure addresses in the same segment on the direct-connected interfaces of CE1 and
PE1. Configure a static route on PE1.
Configuration on CE1:
CE1(config)#interface gei-0/1/0/1
CE1(config-if-gei-0/1/0/1)#ip address 10.1.0.1 255.255.255.252
CE1(config-if-gei-0/1/0/1)#exit
CE1(config)#interface gei-0/1/0/2
CE1(config-if-gei-0/1/0/2)#ip address 10.1.1.254 255.255.255.0
CE1(config-if-gei-0/1/0/2)#exit
CE1(config)#ip route 10.2.0.0 255.255.0.0 10.1.0.2

Configuration on PE1:
PE1(config)#ip route vrf vpn_a 10.1.0.0 255.255.0.0 10.1.0.1
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn_a
PE1(config-bgp-af-ipv4-vrf)#redistribute static
PE1(config-bgp-af-ipv4-vrf)#end

3.1.2.3 Configuring RIP Between a CE and a PE


This procedure describes how to configure RIP between a CE and a PE.

Steps
1. Enable RIP.

3-8
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Step

Command

Function

ZXR10(config)#router rip

Enters RIP configuration


mode.

Configures RIPv2.

ZXR10(config)#version 2

2. Configure RIP in RIP VRF address family configuration mode.


Step

Command

Function

ZXR10(config-rip)#address-family ipv4 vrf < vrf-name>

Enters VRF address family


configuration mode.

This disables auto summary

ZXR10(config-rip-af)#no auto-summary

function.
3

ZXR10(config-rip-af)#version 2

Configures RIPv2.

ZXR10(config-rip-af)#network <network-number><w

This advertises
direct-connected network

ild-card>

segment to RIP.
5

This redistributes

ZXR10(config-rip-af)#redistribute connected

direct-connected route to
RIP.
6

This redistributes bgp-int to

ZXR10(config-rip-af)#redistribute bgp-int

RIP.

3. Redistribute the RIP route in BGP VRF address family configuration mode.
Step

Command

Function

ZXR10(config)#router bgp < as-number>

Enters BGP route


configuration mode.

ZXR10(config)#address-family ipv4 vrf < vrf- name>

This enters VRF address


family configuration mode.

ZXR10(config-bgp-af-ipv4-vrf)#redistribute rip

This redistributes RIP route.

4. Verify the configurations.


Command

Function

ZXR10#show ip vrf [brief [<vrf-name>]|detail

Indicates VRF information.

[<vrf-name>]|summary]
ZXR10#show ip protocol routing vrf <vrf-name>[ migp]{[n

Indicates VRF protocol routing table.

etwork <ipv4-address>|[mask <ipv4-address-mask>]]|[


all]|[<protocol>]}

End of Steps
3-9
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Example
As shown in Figure 3-2, RIP runs between CE1 and PE1.
Figure 3-2 Running RIP between CE and PE

Run RIP protocol on CE1 and PE1 respectively. Distribute routing information to each
other in rip vrf and bgp vrfon PE1.
Configuration on CE1:
CE1(config)#router rip
CE1(config)#no auto-summary
CE1(config-rip)#version 2
CE1(config-rip)#network 10.1.0.0 0.0.0.3
CE1(config-rip)#redistribute connected
CE1(config-rip)#exit

Configuration on PE1:
PE1(config)#router rip
PE1(config-rip)#version 2
PE1(config-rip)#address-family ipv4 vrf vpn_a
PE1(config-rip-af)#no auto-summary
PE1(config-rip-af)#version 2
PE1(config-rip-af)#network 10.1.0.0 0.0.0.3
PE1(config-rip-af)#redistribute bgp-int
PE1(config-rip-af)#exit
PE1(config-rip)#exit

PE1(config)#router bgp 100


PE1(config-bgp)#address-family ipv4 vrf vpn_a

3-10
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


PE1(config-bgp-af-ipv4-vrf)#redistribute rip
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#exit

3.1.2.4 Configuring OSPF Between a CE and a PE


This procedure describes how to configure OSPF between a CE and a PE.

Steps
1. Enable and configure the OSPF protocol.
Step

Command

Function

ZXR10(config)#router ospf < process-id>[ vrf <

Enable and enters the OSPF vrf

vrf-name>]

configuration mode.

ZXR10(config-ospf-process-id)#network<networ

Designates the interfaces to run

k-number>< wild-card> area < area-id>

OSPF and defines area-ID to

these interfaces.
3

ZXR10(config-ospf-process-id)#redistribute

Redistributes bgp-int route.

bgp-int

2. Redistribute the OSPF route in BGP VRF address family configuration mode.
Step

Command

Function

ZXR10(config)#router bgp < as-number>

Enters BGP route configuration


mode.

ZXR10(config-bgp)#address-family ipv4 vrf <

Enters VRF address family

vrf-name>

configuration mode.

ZXR10(config-bgp-af-ipv4-vrf)#redistribute

Redistributes ospf-int or ospf-ext

{ospf-int | ospf-ext}<process-id>

routes.

3. Verify the configurations.


Command

Function

ZXR10#show ip vrf [brief [<vrf-name>]|detail

Indicates VRF information.

[<vrf-name>]|summary]
ZXR10#show ip protocol routing vrf <vrf-name>[ migp]{[n

Indicates VRF protocol routing table.

etwork <ipv4-address>|[mask <ipv4-address-mask>]]|[


all]|[<protocol>]}

End of Steps

3-11
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Example
As shown in Figure 3-3, enable the OSPF protocol on both CE1 and PE1, and distribute
the routing information mutually.
Figure 3-3 Running OSPF Protocol between CE and PE

Configuration on CE1:
CE1(config)#router ospf 1
CE1(config-ospf-1)#network 10.1.0.0 0.0.0.3 area 0.0.0.0
CE1(config-ospf-1)#network 10.1.1.0 0.0.0.255 area 0.0.0.0
CE1(config-ospf-1)#exit

Configuration on PE1:
PE1(config)#router ospf 2 vrf vpn_a
PE1(config-ospf-2)#network 10.1.0.0 0.0.0.3 area 0.0.0.0
PE1(config-ospf-2)#redistribute bgp-int
PE1(config-ospf-2)#exit
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn_a
PE1(config-bgp-af-ipv4-vrf)#redistribute ospf-int 2
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#exit

3.1.2.5 Configuring IS-IS Between a CE and a PE


This procedure describes how to configure IS-IS between a CE and a PE.

3-12
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Steps
1. Enable and configure IS-IS.
Step

Command

Function

ZXR10(config)#router isis< process-id>[ vrf < vrf-name>]

Enables IS-IS and enters IS-IS


VRF configuration mode.

ZXR10(config-isis-process-id)#area <area-address>

Sets an IS-IS area address.

ZXR10(config-isis-process-id)#system-id

Sets an IS-IS system ID.

<system-id>
4

Sets an IS-IS interface.

ZXR10(config-isis-process-id)#interface

<interface-name>
5

Redistributes IS-IS routes.

ZXR10(config-isis-process-id)#redistribute bgp

2. Redistribute IS-IS routes in BGP VRF address family configuration mode.


Step

Command

Function

ZXR10(config)#router bgp < as-number>

Enters BGP route


configuration mode

ZXR10(config-bgp)#address-family ipv4 vrf < vrf-name>

Enters VRF address family


configuration mode.

ZXR10(config-bgp-af-ipv4-vrf)#redistribute {isis-1

Redistributes IS-IS routes.

|isis-1-2|isis-2}<process-id>

3. Verify the configurations.


Command

Function

ZXR10#show ip vrf [brief [<vrf-name>]|detail [<vrf-name>]|sum

Shows VRF information.

mary]
ZXR10#show ip protocol routing vrf <vrf-name>[network

Shows the VRF protocol routing

<ip-address>[mask <net-mask>]]

table.

End of Steps

Example
As shown in Figure 3-4, IS-IS is enabled on CE1 and PE1. CE1 and PE2 distribute routes
to each other.

3-13
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Figure 3-4 Configuration Example of IS-IS Between a CE and a PE

Configuration on CE1:
CE1(config)#router isis 1
CE1(config-isis-1)#area 01
CE1(config-isis-1)#system-id 0121.4567.8956
CE1(config-isis-1)#exit
CE1(config)#interface gei-0/1/0/1
CE1(config-if-gei-0/1/0/1)#no shutdown
CE1(config-if-gei-0/1/0/1)#ip address 10.1.0.1/30
CE1(config-if-gei-0/1/0/1)#exit
CE1(config)#router isis 1
CE1(config-isis-1)#interface gei-0/1/0/1
CE1(config-isis-1-if-gei-0/1/0/1)ip router isis
CE1(config-isis-1-if-gei-0/1/0/1)#end

Configuration on PE1:
PE1(config)#router isis 2 vrf vpn_a
PE1(config-isis-2)#area 02
PE1(config-isis-2)#system-id0181.4857.8969
PE1(config-isis-2)#redistribute bgp
PE1(config-isis-2)#exit
PE1(config)#interface gei-0/1/0/1
PE1(config-if-gei-0/1/0/1)#no shutdown
PE1(config-if-gei-0/1/0/1)#ip address 10.1.0.2/30
PE1(config-if-gei-0/1/0/1)#exit
PE1(config)#router isis 2
PE1(config-isis-2)#interface gei-0/1/0/1

3-14
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


PE1(config-isis-2-if-gei-0/1/0/1)ip router isis
PE1(config-isis-2-if-gei-0/1/0/1)#end
PE1#configure terminal
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn_b
PE1(config-bgp-af-ipv4-vrf)#redistribute isis-2 2
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#exit

3.1.2.6 Configuring EBGP Between a CE and a PE


This procedure describes how to configure EBGP between a CE and a PE.

Steps
1. Configure EBGP between a CE and a PE.
Step

Command

Function

ZXR10(config)#router bgp < as-number>

Enters BGP route


configuration mode.

ZXR10(config)#address-family ipv4 vrf < vrf-name>

Enters corresponding VRF


address family configuration
mode.

ZXR10(config-bgp-af-ipv4-vrf)#neighbor <

Configures an EBGP neighbor

ip-address> remote-as <as-number>

or AS number of a neighbor
peers.

2. Verify the configurations.


Command

Function

ZXR10#show ip vrf [brief [<vrf-name>]|detail

Indicates VRF information.

[<vrf-name>]|summary]
ZXR10#show ip protocol routing vrf <vrf-name>[ migp]{[n

Indicates VRF protocol routing table.

etwork <ipv4-address>|[mask <ipv4-address-mask>]]|[


all]|[<protocol>]}
ZXR10#show ip forwarding route vrf <vrf-name>{[{<Network

Indicates the VRF forwarding table.

to display informatio>}[<Network mask>{weak-match|exactmatch}]]|[<Protocol name>]}

End of Steps

3-15
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Example
As shown in Figure 3-5, EBGP runs between CE1 and PE1.
Figure 3-5 Running EBGP between CE and PE

Configure BGP on CE1 and PE1 respectively. Make sure that CE1 and PE1 can distribute
routes to each other.
Configuration on CE1:
CE1(config)#router bgp 65001
CE1(config-bgp)#neighbor 10.1.0.2 remote-as 100
CE1(config-bgp)#neighbor 10.1.0.2 activate
CE1(config-bgp)#redistribute connected
CE1(config-bgp)#exit

Configuration on PE1:
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn_a
PE1(config-bgp-af-ipv4-vrf)#neighbor 10.1.0.1 remote-as 65001
PE1(config-bgp-af-ipv4-vrf)#neighbor 10.1.0.1 activate
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#end

3.1.2.7 Configuring MPBGP


This procedure describes how to configure MPBGP between a CE and a PE.

Steps
1. Configure BGP neighbor.
3-16
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Step

Command

Function

ZXR10(config)#router bgp < as-number>

Enters BGP configuration


mode

ZXR10(config)#neighbor <ip-address> remote-as

Configures BGP neighbor.

<as-number>
3

ZXR10(config-bgp)#neighbor <ip-address>

update-source <interface-name>

Specifies update-source IP
address as its own loopback
address of MPBGP set link.

2. Activate vpnv4 ability of neighbor.


Step

Command

Function

ZXR10(config-bgp)#address-family vpnv4

Enters VPNv4 address family


configuration mode.

ZXR10(config-bgp-vpnv4)#neighbor <ip-address>

This activates vpnv4 ability of

activate

neighbor.

3. Verify the configurations.


Command

Function

ZXR10#ping vrf <vrf-name><ip-address>

Inspects network connectivity.

ZXR10#show ip vrf [brief [<vrf-name>]|detail

Indicates VRF information.

[<vrf-name>]|summary]
ZXR10#show ip protocol routing vrf <vrf-name>[ migp]{[n

Indicates VRF protocol routing table.

etwork <ipv4-address>|[mask <ipv4-address-mask>]]|[


all]|[<protocol>]
ZXR10#show ip forwarding route vrf <vrf-name>{[{<Network

Indicates the VRF forwarding table.

to display informatio>}[<Network mask>{weak-match|exactmatch}]]|[<Protocol name>]}


ZXR10#show bgp vpnv4 unicast summary

Indicates the summary information


of MPBGP neighbours.

End of Steps

Example
As shown in Figure 3-6, MPBGP runs between PE1 and PE2.

3-17
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Figure 3-6 MPBGP Protocol Configuration

Note:
Before perform the following configurations, make sure that PE1 and PE2 can ping each
other by using their loopback addresses.

Configuration on PE1:
PE1(config)#router bgp 100
PE1(config-bgp)#neighbor 1.1.1.3 remote-as 100
PE1(config-bgp)#neighbor 1.1.1.3 update-source loopback1
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 1.1.1.3 activate
PE1(config-bgp-af-vpnv4)#end

Configuration on PE2:
PE2(config)#router bgp 100
PE2(config-bgp)#neighbor 1.1.1.1 remote-as 100
PE2(config-bgp)#neighbor 1.1.1.1 update-source loopback1
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 1.1.1.1 activate
PE2(config-bgp-af-vpnv4)#end

3.1.2.8 Configuring MPLS L3VPN Advanced Function


Configuring AS Override
When BGP runs between PE and CE, users want to reuse AS number in different sites. To
provide the connective between CE1 and CE2, a new method called AS override is used.
3-18
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

After AS override is configured on PE, but before PE sends route update packets to CE,
PE will replace the AS number of each direct-connectd CE device in the entity AS_PATH
by its own AS number. The length of AS_PATH is still kept when AS override is configured.
To configure AS override on ZXR10 M6000-S, perform the following steps:
Step

Command

Function

ZXR10(config)#router bgp <as-number>

Enters BGP route configuration


mode.

ZXR10(config-bgp)#address-family ipv4 vrf <

Enters IPv4 VRF address family

vrf-name>

configuration mode.

ZXR10(config-bgp-af-ipv4-vrf)#neighbor

Configures PE to replace the AS

<neighbor-address> as-override

number of each direct-connected


CE device by its own AS number
in the entity AS_PATH.

Configure Export Map and Import Map


The meanings of Export Map and Import Map are described as follows:
l

Import Map
VRF can save its concerned route prefix by means of import map.

Export Map
The export map is used to configure different Route Targets (RTs) to route prefix.
Different VRFs can selective accept the prefixes with different RTs.

To configure export and import map, perform the following steps on ZXR10 M6000-S
Step

Command

Function

ZXR10(config)#ip vrf <vrf-name>

Configures a VPN instance and


enters VPN instance configuration
mode.

ZXR10(config-vrf-vrf-name)#address-family

Activates IPv4 or IPv6 address

{ipv4|ipv6}

family.

ZXR10(config-vrf-vrf-name-af-ipv4)#export map

Configures VRF-related export

< route-map-name>

map. The name of route map


ranges from 1 to 31 characters.

ZXR10(config-vrf-vrf-name-af-ipv4)#import map

Configures VRF-related import

< route-map-name>

map. The name of route map


ranges from 1 to 31 characters.

Example
As shown in Figure 3-7, P acts as a Router Reflector (RR), the loopback1 address of PE1
is 61.139.36.34/32, the loopback1 address of PE2 is 61.139.36.35/32, and the loopback1
address of P is 61.139.36.31/32.
3-19
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Figure 3-7 RR Configuration Instance Topology

Configuration Requirements
l
l

Make sure that PE1 and PE2 can learn loopback addresses between each other. PE1
and PE2 establish LDP neighborhood with RR respectively.
RR establishes MP-Interior Border Gateway Protocol (IBGP) neighborhood with PE1
and PE2 respectively. PE1 and PE2 are RR clients, their Loopback addresses are
used to set up BGP connection.
A VRF called ok is configured on PE1 and PE2. Configure the same RDs and RTs.

RR establishes MP-IBGP neighborhood with PE1 and PE2 respectively. PE1 and PE2 are
RR clients. PE1 and PE2 advertise a direct-connected route formed by loopback interface
on the private network respectively. As a result, the local PE can learn the private network
loopback route from the peer PE. The next hop of the this route is the direct-connected
address that is used to establish IGP neighborhood with the RR by the peer PE.
Configuration on RR (P):
P(config)#router bgp 65190
P(config-bgp)#no bgp default route-target filter
P(config-bgp)#neighbor 61.139.36.34 remote-as 65190
P(config-bgp)#neighbor 61.139.36.34 update-source loopback1
P(config-bgp)#neighbor 61.139.36.35 remote-as 65190
P(config-bgp)#neighbor 61.139.36.35 update-source loopback1
P(config-bgp)#address-family vpnv4
P(config-bgp-af-vpnv4)#neighbor 61.139.36.34 active
P(config-bgp-af-vpnv4)#neighbor 61.139.36.35 active
P(config-bgp-af-vpnv4)#neighbor 61.139.36.34 route-reflector-client
P(config-bgp-af-vpnv4)#neighbor 61.139.36.35 route-reflector-client
P(config-bgp-af-vpnv4)#end

Configuration on PE1:
PE1(config)#ip vrf ok
PE1(config-vrf-ok)#rd 1:1
PE1(config-vrf-ok)#address-family ipv4
PE1(config-vrf-ok-af-ipv4)#route-target 1:1
PE1(config-vrf-ok-af-ipv4)#exit
PE1(config-vrf-ok)#exit

PE1(config)#router bgp 65190


PE1(config-bgp)#neighbor 61.139.36.31

remote-as 65190

PE1(config-bgp)#neighbor 61.139.36.31 update-source loopback1


PE1(config-bgp)#address-family vpnv4

3-20
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


PE1(config-bgp-af-vpnv4)#neighbor 61.139.36.31 active
PE1(config-bgp-af-vpnv4)#exit
PE1(config-bgp)#exit

PE1(config)#interface loopback10
PE1(config-if-loopback10)#ip vrf forwarding ok
PE1(config-if-loopback10)#ip address 10.10.10.10 255.255.0.0
PE1(config-if)#exit

PE1(config)#router bgp 65190


PE1(config-bgp)#address-family ipv4 vrf ok
PE1(config-bgp-af-vpnv4)#redistribute connected
PE1(config-bgp-af-vpnv4)#end

Configuration on PE2:
PE2(config)#ip vrf ok
PE2(config-vrf-ok)#rd 1:1
PE2(config-vrf-ok)#address-family ipv4
PE2(config-vrf-ok-af-ipv4)#route-target 1:1
PE2(config-vrf-ok-af-ipv4)#exit
PE2(config-vrf-ok)#exit

PE2(config)#router bgp 65190


PE2(config-bgp)#neighbor 61.139.36.31

remote-as 65190

PE2(config-bgp)#neighbor 61.139.36.31 update-source loopback1


PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 61.139.36.31 active
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#exit

PE2(config)#interface loopback20
PE2(config-if-loopback20)#ip vrf forwarding ok
PE2(config-if-loopback20)#ip address 20.20.20.20 255.255.0.0
PE2(config-if-loopback20)#exit

PE2(config)#router bgp 65190


PE2(config-bgp)#address-family ipv4 vrf ok
PE2(config-bgp-af-vpnv4)#redistribute connected
PE2(config-bgp-af-vpnv4)#end

View the route learning from PE2 on PE1,


PE1#show ip protocol routing vrf ok
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,

3-21
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale
Dest

NextHop

Intag

Outtag

RtPrf

Protocol

*>20.20.0.0/16

20.1.2.2

163898

34

200

BGP-INT

View the route learning from PE1 on PE2


PE2#show ip protocol routing vrf ok
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale
Dest

NextHop

Intag

Outtag

RtPrf

Protocol

*>10.10.0.0/16

30.1.2.1

164963

163863

200

BGP-INT

3.1.3 MPLS L3VPN Configuration Examples


3.1.3.1 Configuring an MPLS L3 VPN Instance
Configuration Description
As shown in Figure 3-8, CE1 and CE2 belong to the same VPN. The loopback address of
CE1 is 100.1.1.1/24, and that of CE2 is 200.1.1.1/24.
Make sure that CE1 and CE2 can learn the loopback routes between each other by using
OSPF. The BGP runs between CE1 and PE1, while the OSPF runs between CE2 and PE2.
CE1 and CE2 can learn the routes from each other, and the ping is successful between
them.
Figure 3-8 MPLS L3VPN Basic Topology

The interface addresses are listed in Table 3-1.


3-22
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Table 3-1 MPLS L3VPN Basic Configuration Address Table


Device

Interface Name

Address

CE1

gei-0/1/0/1

10.1.1.2/24

PE1

gei-0/1/0/2

10.1.1.1/24

gei-0/1/0/3

10.10.12.1/24

gei-0/1/0/4

10.10.12.2/24

gei-0/1/0/5

10.10.23.2/24

gei-0/1/0/6

10.10.23.3/24

gei-0/1/0/7.10

10.10.10.1/24

gei-0/1/0/8.10

10.10.10.2/24

PE2

CE2

Configuration Flow
1. Configure the IP addresses of loopback1 and physical interface on CE1. Establish
EBGP neighborhood between CE1 and PE1. Advertise the loopback address in BGP.
2. Configure the IP addresses of loopback1 and gei-0/1/0/3 on PE1. Configure a VRF
called test1. Bind the interface gei-0/1/0/2 to the test 1 and configure IP address.
Configure OSPF and advertise the network segment 10.0.0.0/8 in OSPF. Establish
MPBGP neighborhood between PE1 and PE2, and enable VPNv4. Establish EBGP
neighborhood between PE1 and CE1. Enable LDP on the interface gei-0/1/0/3.
Specify the loopback1 address as the LDP router ID.
3. Configure the IP addresses of gei-0/1/0/4 and gei-0/1/0/5 on P. Configure OSPF and
advertise the network segment 10.0.0.0/8 in OSPF. Enable LDP on the interfaces
gei-0/1/0/4 and gei-0/1/0/5. Configure loopback1 and specify the loopback1 address
as the LDP router ID.
4. Configure the IP addresses of loopback1 and gei-0/1/0/6. Configure a VRF called
test1. Bind the sub-interface gei-0/1/0/7.10 to the test1 and configure IP address.
Configure OSPF and advertise the network segment 10.0.0.0/8 in OSPF. Establish
MPBGP neighborhood between PE1 and PE2, and enable VPNv4. Establish OSPF
neighborhood between CE2 and PE2. Enable LDP on the interface gei-0/1/0/6.
5. Configure the IP addresses of loopback1 and gei-0/1/0/8.10. Configure OSPF and
advertise the network segments 10.10.10.2 and loopback 200.1.1.1 in OSPF.

Configuration Command
Configuration on CE1:
CE1(config)#interface loopback1
CE1(config-if-loopback1)#ip address 100.1.1.1 255.255.255.0
CE1(config-if-loopback1)#exit
CE1(config)#interface gei-0/1/1/1
CE1(config-if-gei-0/1/1/1)#no shutdown
CE1(config-if-gei-0/1/1/1)#ip address 10.1.1.2 255.255.255.0
CE1(config-if-gei-0/1/1/1)#exit

3-23
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

CE1(config)#router bgp 200


CE1(config-bgp)#network 100.1.1.0 255.255.255.0
CE1(config-bgp)#neighbor 10.1.1.1 remote-as 100
CE1(config-bgp)#exit

Configuration on PE1:
PE1(config)#ip vrf test1
PE1(config-vrf-test1)#rd 100:1
PE1(config-vrf-test1)#address-family ipv4
PE1(config-vrf-test1-af-ipv4)#route-target import 100:1
PE1(config-vrf-test1-af-ipv4)#route-target export 100:1
PE1(config-vrf-test1-af-ipv4)#exit
PE1(config-vrf-test1)#exit

PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 10.10.1.1 255.255.255.255
PE1(config-if-loopback1)#exit
PE1(config)#interface gei-0/1/0/3
PE1(config-if-gei-0/1/0/3)#no shutdown
PE1(config-if-gei-0/1/0/3)#ip address 10.10.12.1 255.255.255.0
PE1(config-if-gei-0/1/0/3)#exit

PE1(config)#mpls ldp instance 1


PE1(config-ldp-1)#route-id loopback1
PE1(config-ldp-1)#interface gei-0/1/0/3
PE1(config-ldp-1-if-gei-0/1/0/3)#exit
PE1(config-ldp-1)#exit

PE1(config)#interface gei-0/1/0/2
PE1(config-if-gei-0/1/0/2)#ip vrf forwarding test1
PE1(config-if-gei-0/1/0/2)#ip address 10.1.1.1 255.255.255.0
PE1(config-if-gei-0/1/0/2)#exit

PE1(config)#router ospf 1
PE1(config-ospf-1)#router-id 10.10.1.1
PE1(config-ospf-1)#network 10.0.0.0 0.255.255.255 area 0.0.0.0
PE1(config-ospf-1)#exit

PE1(config)#router bgp 100


PE1(config-bgp)#neighbor 10.10.3.3 remote-as 200
PE1(config-bgp)#neighbor 10.10.3.3 update-source loopback1
PE1(config-bgp)#address-family ipv4 vrf test1
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#neighbor 10.1.1.2 remote-as 200

3-24
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 10.10.3.3 activate
PE1(config-bgp-af-vpnv4)#exit
PE1(config-bgp)#exit

Configuration on P:
P(config)#interface gei-0/1/0/4
P(config-if-gei-0/1/0/4)#no shutdown
P(config-if-gei-0/1/0/4)#ip address 10.10.12.2 255.255.255.0
P(config-if-gei-0/1/0/4)#exit

P(config)#interface gei-0/1/0/5
P(config-if-gei-0/1/0/5)#no shutdown
P(config-if-gei-0/1/0/5)#ip address 10.10.23.2 255.255.255.0
P(config-if-gei-0/1/0/5)#exit

P(config)#interface loopback1
P(config-if-loopback1)#ip address 10.10.2.2 255.255.255.255
P(config-if-loopback1)#exit

P(config)#mpls ldp instance 1


P(config-ldp-1)#router-id loopback1
P(config-ldp-1)#interface gei-0/1/0/4
P(config-ldp-1-if-gei-0/1/0/4)#exit
P(config-ldp-1)#interface gei-0/1/0/5
P(config-ldp-1-if-gei-0/1/0/5)#exit
P(config-ldp-1)#exit

P(config)#router ospf 1
P(config-ospf-1)#router-id 10.10.2.2
P(config-ospf-1)#network 10.0.0.0 0.255.255.255 area 0.0.0.0
P(config-ospf-1)#exit

Configuration on PE2 (here, PE2 connects to CE2 through an Ethernet sub-interface):


PE2(config)#ip vrf test1
PE2(config-vrf-test1)#rd 100:1
PE2(config-vrf-test1)#address-family ipv4
PE2(config-vrf-test1-af-ipv4)#route-target import 100:1
PE2(config-vrf-test1-af-ipv4)#route-target export 100:1
PE2(config-vrf-test1-af-ipv4)#exit
PE2(config-vrf-test1)#exit

PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 10.10.3.3 255.255.255.255

3-25
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE2(config-if-loopback1)#exit
PE2(config)#interface gei-0/1/0/6
PE2(config-if-gei-0/1/0/6)#no shutdown
PE2(config-if-gei-0/1/0/6)#ip address 10.10.23.3 255.255.255.0
PE2(config-if-gei-0/1/0/6)#exit

PE2(config)#mpls ldp instance 1


PE2(config-ldp-1)#router-id loopback1
PE2(config-ldp-1)#interface gei-0/1/0/6
PE2(config-ldp-1-if-gei-0/1/0/6)#exit
PE2(config-ldp-1)#exit

PE2(config)#interface gei-0/1/0/7.10
PE2(config-if-gei-0/1/0/7.10)#exit

PE2(config)#vlan-configuration
PE2(config-vlan)#interface gei-0/1/0/7.10
PE2(config-vlan-if-gei-0/1/0/7.10)#encapsulation-dot1q 10
PE2(config-vlan-if-gei-0/1/0/7.10)#exit
PE2(config-vlan)#exit

PE2(config)#interface gei-0/1/0/7.10
PE2(config-if-gei-0/1/0/7.10)#ip vrf forwarding test1
PE2(config-if-gei-0/1/0/7.10)#ip address 10.10.10.1 255.255.255.0
PE2(config-if-gei-0/1/0/7.10)#exit

PE2(config)#router ospf 1
PE2(config-ospf-1)# router-id 10.10.3.3
PE2(config-ospf-1)#network 10.0.0.0 0.255.255.255 area 0.0.0.0
PE2(config-ospf-1)#exit

PE2(config)#router ospf 2 vrf test1


PE2(config-ospf-2)#network 10.10.10.1 0.0.0.0 area 0.0.0.0
PE2(config-ospf-2)#redistribute bgp-int
PE2(config-ospf-2)#exit

PE2(config)#router bgp 100


PE2(config-bgp)#neighbor 10.10.1.1 remote-as 100
PE2(config-bgp)#neighbor 10.10.1.1 update-source loopback1
PE2(config-bgp)#address-family ipv4 vrf test1
PE2(config-bgp-af-ipv4-vrf)#redistribute ospf-int 2
PE2(config-bgp-af-ipv4-vrf)#redistribute connected
PE2(config-bgp-af-ipv4-vrf)#exit
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 10.10.1.1 activate

3-26
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#exit

Configuration on CE2:
CE2(config)#interface loopback1
CE2(config-if-loopback1)#ip address 200.1.1.1 255.255.255.0
CE2(config-if-loopback1)#exit
CE2(config)#interface gei-0/1/0/8.10
CE2(config-if-gei-0/1/0/8.10)#exit

CE2(config)#vlan-configuration
CE2(config-vlan)#interface gei-0/1/0/8.10
CE2(config-vlan-if-gei-0/1/0/8.10)#encapsulation-dot1q 10
CE2(config-vlan-if-gei-0/1/0/8.10)#exit
CE2(config-vlan)#exit

CE2(config)#interface gei-0/1/0/8.10
CE2(config-if-gei-0/1/0/8.10)#ip address 10.10.10.2 255.255.255.0
CE2(config-if-gei-0/1/0/8.10)#exit

CE2(config)#router ospf 1
CE2(config-ospf-1)#network 10.10.10.2 0.0.0.255 area 0
CE2(config-ospf-1)#network 200.1.1.1 0.0.0.255 area 0
CE2(config-ospf-1)#exit

Configuration Verification
View the EBGP connection running between CE1 and PE1, as shown in the following:
PE1#show bgp vpnv4 unicast vrf-summary test1

Neighbor

Ver

As

MsgRcvd

MsgSend

Up/Down

10.1.1.1

100

12

00:00:09

State/PfxRcd
0

View the routing table of CE1. Here, the BGP route is the VPN route learnt by CE1.
CE1#show ip forwarding route
IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
Status codes: *valid, >best;
Dest

Gw

Interface

Owner

Pri

Metric

10.1.1.0/24

10.1.1.2

gei-0/1/0/1

Direct

10.1.1.2/32

10.1.1.2

gei-0/1/0/1

Address

3-27
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


100.1.1.0/24

100.1.1.1

loopback1

Direct

100.1.1.1/32

100.1.1.1

loopback1

Address

200.1.1.1/32

10.1.1.1

gei-0/1/0/1

20

BGP

3.1.3.2 Configuring an MPLS L3VPN OSPF SHAM-LINK Instance


Configuration Description
As shown in Figure 3-9, CE1 and CE2 belong to the same VPN. The loopback address of
CE1 is 100.1.1.1/24, and that of CE2 is 200.1.1.1/24.
Make sure that CE1 and CE2 can learn the loopback routes from each other through the
sham-link running between PE1 and PE2. CE1 and PE1 run OSPF VRF. CE2 and PE2
run OSPF VRF.
Figure 3-9 Network Structure of MPLS L3VPN OSPF SHAM-LINK Configuration

The interface addresses are listed inTable 3-2.


Table 3-2 MPLS L3VPN OSPF SHAM-LINK Address Table
Device

Interface Name

Address

CE1

gei-0/1/0/1

10.1.1.2/24

gei-0/1/0/9

20.1.1.2/24

gei-0/1/0/2

10.1.1.1/24

gei-0/1/0/3

10.10.12.1/24

gei-0/1/0/4

10.10.12.2/24

gei-0/1/0/5

10.10.23.2/24

gei-0/1/0/6

10.10.23.3/24

gei-0/1/0/7.10

10.10.10.1/24

gei-0/1/0/8.10

10.10.10.2/24

gei-0/1/0/10

20.1.1.1/24

PE1

PE2

CE2

3-28
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Configuration Flow
1. Configure the IP addresses of loopback and physical interfaces on CE1. Configure
OSPF route.
2. Advertise the loopback interface IP address and the direct-connected network
segment in OSPF.
3. Set up SHAM-LINK.

Configuration Command
Configuration on CE1:
CE1(config)#interface loopback1
CE1(config-if-loopback1)#ip address 100.1.1.1 255.255.255.0
CE1(config-if-loopback1)#exit
CE1(config)#interface gei-0/1/0/1
CE1(config-if-gei-0/1/0/1)#no shutdown
CE1(config-if-gei-0/1/0/1)#ip address 10.1.1.2 255.255.255.0
CE1(config-if-gei-0/1/0/1)#exit
CE1(config)#interface gei-0/1/0/9
CE1(config-if-gei-0/1/0/9)#no shutdown
CE1(config-if-gei-0/1/0/9)#ip address 20.1.1.2 255.255.255.0
CE1(config-if-gei-0/1/0/9)#exit

CE1(config)#router ospf 1
CE1(config-ospf-1)#network 10.1.1.0 0.0.0.255 area 0
CE1(config-ospf-1)#network 20.1.1.0 0.0.0.255 area 0
CE1(config-ospf-1)#network 100.1.1.1 0.0.0.0 area 0
CE1(config-ospf-1)#exit

Configuration on PE1:
PE1(config)#ip vrf test1
PE1(config-vrf-test1)#rd 100:1
PE1(config-vrf-test1)#address-family ipv4
PE1(config-vrf-test1-af-ipv4)#route-target import 100:1
PE1(config-vrf-test1-af-ipv4)#route-target export 100:1
PE1(config-vrf-test1-af-ipv4)#exit
PE1(config-vrf-test1)#exit

PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 10.10.1.1 255.255.255.255
PE1(config-if-loopback1)#exit
PE1(config)#interface gei-0/1/0/3
PE1(config-if-gei-0/1/0/3)#no shutdown
PE1(config-if-gei-0/1/0/3)#ip address 10.10.12.1 255.255.255.0
PE1(config-if-gei-0/1/0/3)#exit
PE1(config)#interface loopback64

3-29
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE1(config-if-loopback64)#ip vrf forwarding test1
PE1(config-if-loopback64)#ip address 64.64.64.1 255.255.255.255
PE1(config-if-loopback64)#exit

PE1(config)#mpls ldp instance 1


PE1(config-ldp-1)#router-id loopback1
PE1(config-ldp-1)#interface gei-0/1/0/3
PE1(config-ldp-1-if-gei-0/1/0/3)#exit
PE1(config-ldp-1)#exit

PE1(config)#interface gei-0/1/0/2
PE1(config-if-gei-0/1/0/2)#no shutdown
PE1(config-if-gei-0/1/0/2)#ip vrf forwarding test1
PE1(config-if-gei-0/1/0/2)#ip address 10.1.1.1 255.255.255.0
PE1(config-if-gei-0/1/0/2)#exit

PE1(config)#router ospf 1
PE1(config-ospf-1)#router-id 10.10.1.1
PE1(config-ospf-1)#network 10.0.0.0 0.255.255.255 area 0.0.0.0
PE1(config-ospf-1)#exit

PE1(config)#router bgp 100


PE1(config-bgp)#neighbor 10.10.3.3 remote-as 100
PE1(config-bgp)#neighbor 10.10.3.3 update-source loopback1
PE1(config-bgp)#address-family ipv4 vrf test1
PE1(config-bgp-af-ipv4-vrf))#redistribute connected
PE1(config-bgp-af-ipv4-vrf))#redistribute ospf-int 100
PE1(config-bgp-af-ipv4-vrf))#exit
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 10.10.3.3 activate
PE1(config-bgp-af-vpnv4)#exit
PE1(config-bgp)#exit

PE1(config)#router ospf 100 vrf test1


PE1(config-ospf-100)#network 10.1.1.0 0.0.0.255 area 0
PE1(config-ospf-100)#redistribute bgp-int
PE1(config-ospf-100)#area 0 sham-link 64.64.64.1 64.64.64.2
PE1(config-ospf-100)#exit

Configuration on P:
P(config)#interface gei-0/1/0/4
P(config-if-gei-0/1/0/4)#no shutdown
P(config-if-gei-0/1/0/4)#ip address 10.10.12.2 255.255.255.0
P(config-if-gei-0/1/0/4)#exit

3-30
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


P(config)#interface gei-0/1/0/5
P(config-if-gei-0/1/0/5)#no shutdown
P(config-if-gei-0/1/0/5)#ip address 10.10.23.2 255.255.255.0
P(config-if-gei-0/1/0/5)#exit

P(config)#interface loopback1
P(config-if-loopback1)#ip address 10.10.2.2 255.255.255.255
P(config-if-loopback1)#exit

P(config)#router ospf 1
P(config-ospf-1)#router-id 10.10.2.2
P(config-ospf-1)#network 10.0.0.0 0.255.255.255 area 0.0.0.0
P(config-ospf-1)#exit

P(config)#mpls ldp instance 1


P(config-ldp-1)#router-id loopback1
P(config-ldp-1)#interface gei-0/1/0/4
P(config-ldp-1-if-gei-0/1/0/4)#exit
P(config-ldp-1)#interface gei-0/1/0/5
P(config-ldp-1-if-gei-0/1/0/5)#exit
P(config-ldp-1)#exit

Configuration on PE2 (here, PE2 connects to CE2 through an Ethernet sub-interface):


PE2(config)#ip vrf test1
PE2(config-vr-test1)#rd 100:1
PE2(config-vrf-test1)#address-family ipv4
PE2(config-vrf-test1-af-ipv4)#route-target import 100:1
PE2(config-vrf-test1-af-ipv4)#route-target export 100:1
PE2(config-vrf-test1-af-ipv4)#exit
PE2(config-vrf-test1)#exit

PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 10.10.3.3 255.255.255.255
PE2(config-if-loopback1)#exit
PE2(config)#interface gei-0/1/0/6
PE2(config-if-gei-0/1/0/6)#no shutdown
PE2(config-if-gei-0/1/0/6)#ip address 10.10.23.3 255.255.255.0
PE2(config-if-gei-0/1/0/6)#exit
PE2(config)#interface loopback64
PE2(config-if-loopback64)#ip vrf forwarding test1
PE2(config-if-loopback64)#ip address 64.64.64.2 255.255.255.255
PE2(config-if-loopback64)#exit

PE2(config)#mpls ldp instance 1


PE2(config-ldp-1)#router-id loopback1

3-31
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE2(config-ldp-1)#interface gei-0/1/0/6
PE2(config-ldp-1-if-gei-0/1/0/6)#exit
PE2(config-ldp-1)#exit

PE2(config)#interface gei-0/1/0/7.10
PE2(config-if-gei-0/1/0/7.10)#exit

PE2(config)#vlan-configuration
PE2(config-vlan)#interface gei-0/1/0/7.10
PE2(config-vlan-if-gei-0/1/0/7.10)#encapsulation-dot1q 10
PE2(config-vlan-if-gei-0/1/0/7.10)#exit
PE2(config-vlan)#exit

PE2(config)#interface gei-0/1/0/7.10
PE2(config-if-gei-0/1/0/7.10)#ip vrf forwarding test1
PE2(config-if-gei-0/1/0/7.10)#ip address 10.10.10.1 255.255.255.0
PE2(config-if-gei-0/1/0/7.10)#exit

PE2(config)#router ospf 1
PE2(config-ospf-1)#router-id 10.10.3.3
PE2(config-ospf-1)#network 10.0.0.0 0.255.255.255 area 0.0.0.0
PE2(config-ospf-1)#exit

PE2(config)#router ospf 100 vrf test1


PE2(config-ospf-100)#network 10.10.10.1 0.0.0.0 area 0.0.0.0
PE2(config-ospf-100)#redistribute bgp-int
PE2(config-ospf-100)#area 0 sham-link 64.64.64.2 64.64.64.1
PE2(config-ospf-100)#exit

PE2(config)#router bgp 100


PE2(config-bgp)#neighbor 10.10.1.1 remote-as 100
PE2(config-bgp)#neighbor 10.10.1.1 update-source loopback1
PE2(config-bgp)#address-family ipv4 vrf test1
PE2(config-bgp-af-ipv4-vrf)#redistribute connected
PE2(config-bgp-af-ipv4-vrf)#redistribute ospf-int 100
PE2(config-bgp-af-ipv4-vrf)#exit
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 10.10.1.1 activate
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#exit

Configuration on CE2:
CE2(config)#interface loopback1
CE2(config-if-loopback1)#ip address 200.1.1.1 255.255.255.0
CE2(config-if-loopback1)#exit

3-32
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


CE2(config)#interface gei-0/1/0/8.10
CE2(config-if-gei-0/1/0/8.10)#exit

CE2(config)#vlan-configuration
CE2(config-vlan)#interface gei-0/1/0/8.10
CE2(config-vlan-if-gei-0/1/0/8.10)#encapsulation-dot1q 10
CE2(config-vlan-if-gei-0/1/0/8.10)#exit
CE2(config-vlan)#exit

CE2(config)#interface gei-0/1/0/8.10
CE2(config-if-gei-0/1/0/8.10)#ip address 10.10.10.2 255.255.255.0
CE2(config-if-gei-0/1/0/8.10)#exit
CE2(config)#interface gei-0/1/0/10
CE2(config-if-gei-0/1/0/10)#ip address 20.1.1.1 255.255.255.0
CE2(config-if-gei-0/1/0/10)#exit

CE2(config)#router ospf 1
CE2(config-ospf-1)#network 10.10.10.0 0.0.0.255 area 0
CE2(config-ospf-1)#network 200.1.1.0 0.0.0.255 area 0
CE2(config-ospf-1)#network 20.1.1.0 0.0.0.255 area 0
CE2(config-ospf-1)#exit

Configuration Verification
Displays shamlink neighbor information on PE1.
ZXR10(config)#show ip ospf neighbor detail process 100
OSPF Router with ID (64.64.64.1) (Process ID 100)
Neighbor 0.0.0.0
In the area 0.0.0.0
Via interface sl(To 64.64.64.2) 64.64.64.2
State DOWN, Priority 0, Cost 1
Queue count : Retransmit 0, DD 0, LS Req 0
Dead time : 00:00:40 Options : 0x0
In Full State for 00:00:09

Displays the routes information to CE2 on CE1.


ZXR10#show ip forwarding route 200.1.1.1
IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;

3-33
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


Status codes: *valid, >best;
Dest Gw Interface Owner Pri Metric
*> 200.1.1.1/32 20.1.1.1 gei-0/1/0/9

OSPF 110 2

Shutdown interface gei-0/1/0/9 on CE1.


CE1(config)#interface gei-0/1/0/9
CE1(config-if-gei-0/1/0/9)#shutdown
CE1(config-if-gei-0/1/0/9)#exit

Then displays the routes information to CE2 on CE1. The route is forwarding through PE1.
ZXR10#show ip forwarding route 200.1.1.1
IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
Status codes: *valid, >best;
Dest Gw Interface Owner Pri Metric
*> 200.1.1.1/32 104.1.1.1 gei-0/1/0/1 OSPF 110 4

3.2 MPLS L3VPN MPLS VPN Route Aggregation


Configuration
3.2.1 MPLS L3VPN Route Aggregation Overview
MPLS L3VPN Route Aggregation Introduction
By means of the aggregation-address command in BGP vrf address family mode, BGP
protocol can aggregate the learnt VPN routes to a route for advertising. In this way, the
route entries in VPN routing table can be reduced observably.
Route aggregation provides the following benefits:
l

l
l

The storage of BGP routing tables occupies much memory of a router, and the router
also needs quite a lot resources to transfer and process routing information. In
addition, the bandwidth required for transferring and processing routing information
also needs numerous resources. Using route aggregation can dramatically minimize
the scale of a routing table.
By aggregating route entries, route aggregation can hide some specific routes and
thus reduce the impact of route flapping on the network.
BGP route aggregation, combined with flexible routing policies, can allow BGP to
transfer and control route information more effectively.

3-34
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

l
l

Combined with routing policies, route aggregation can realize link backup and load
sharing, and thus can fully satisfy various networking requirements.
If VPN route aggregation can be applied in L3VPN, the number of route entries
transferred and stored by BGP can also be decreased.

However, as route aggregation hides some specific routes, there is a risk of routing loop.
Therefore, network designers should evaluate the risk before using route aggregation.

Realizing MPLS L3VPN


Now, there are two methods for realizing MPLS L3VPN route aggregation:
l

Combining route aggregation with a static route


Configure a static route that complies with the aggregation address and points to port
null. Then run the network command to notify the neighbor of the static route. Hence,
route aggregation is realized.
Combining route aggregation with a static route is the simplest method for realizing
aggregation. However, as this method is less flexible and maintainable, it cannot meet
the advanced requirements of MPLS L3VPN route aggregation.

Manual aggregation
Create an aggregation rule to realize aggregation. Announce the aggregation route
determined by the aggregate command, provided that the specific routes of the
aggregation route have been added to the BGP routing table. The specific routes
can be the routes learned from neighbors, or introduced IGP routes, or BGP routes
generated with the network command.
Manual aggregation is more flexible and maintainable. It has been realized by most
vendors and accepted by many users.

3.2.2 Configuring MPLS L3VPN Route Aggregation


This procedure describes how to configure MPLS L3VPN route aggregation.

Steps
1. Configure MPLS L3VPN route aggregation.
Step

Command

Function

ZXR10(config)#router bgp < as-number>

Enters BGP route


configuration mode.

ZXR10(config-bgp)#address-family ipv4 vrf < vrf-name>

Enters the IPv4 VRF address


cluster configuration mode.

ZXR10(config-bgp-af-ipv4-vrf)#aggregate-address

Creates an aggregation policy

<ip-address><net-mask>{[as-set],[summary-only],[strict],[a

in VRF routing table.

ttribute-map<map-tag>],[ suppress-map<map-tag>]}

3-35
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

as-set: generate the information of AS set path


summary-only: if the keyword summary-only is configured, all subnet routes in the
aggregate network are forbidden to be advertised during route aggregation.
strict: the routes which MED and NEXT_HOP attributes are the same can be
aggregated only. MED and NEXT_HOP attributes will not be used if the command
is used without the strict keyword.
2. Verify the configurations.
Command

Function

ZXR10#show ip route vpn

Shows the route information of VPN


instance.

End of Steps

3.2.3 MPLS L3VPN Route Aggregation Configuration Instance


Configuration Description
As shown in Figure 3-10CE1 belongs to AS200, both PE1 and PE2 belong to AS100, and
CE2 belongs to AS300. PE1 and PE2 establish MPBGP neighborhood by using loopback
addresses. CE1 and PE1 establish EBGP neighborhood, and CE1 and PE1 establish
EBGP neighborhood.
Both CE1 and CE2 belong to the same VPN, which advertise route 150.1.0.0/16 and
150.2.0.0/16 to PE1 respectively. PE1 aggregates two routes to 150.0.0.0/8, and then
advertises it to PE2. After that, PE2 only learns the aggregated route 150.0.0.0/8.
Figure 3-10 Network Structure of MPLS VPN Route Aggregation Configuration Example

The interface addresses are listed inTable 3-3.


Table 3-3 MPLS VPN Interface Address Table
Device

Interface Name

Address

CE1

gei-0/1/0/1

20.0.0.2/24

3-36
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Device

Interface Name

Address

gei-0/1/0/2

20.0.0.1/24

gei-0/1/0/4

30.0.0.1/24

gei-0/1/0/5

10.0.0.1/24

PE2

gei-0/1/0/6

10.0.0.2/24

CE2

gei-0/1/0/3

30.0.0.2/24

PE1

Configuration Flow
1. Establish MP-BGP neighborhood between PE1 and PE2. The loopback address of
PE1 is 1.1.1.1/32, and that of PE2 is 1.1.1.2/32.
2. Configure the same vpn1 on PE1 and PE2. Bind gei-0/1/0/2 and gei-0/1/0/4 to VPN1.
3. Establish EBGP neighborhood between CE2 and PE1, CE1 and PE1 respectively.

Configuration Command
Configuration on CE1:
CE1(config)#interface gei-0/1/0/1
CE1(config-if-gei-0/1/0/1)#no shutdown
CE1(config-if-gei-0/1/0/1)#ip address 20.0.0.2 255.255.255.0
CE1(config-if-gei-0/1/0/1)#exit

CE1(config)#router bgp 200


CE1(config-bgp)#network 150.1.0.0 255.255.0.0
CE1(config-bgp)#neighbor 20.0.0.1 remote-as 100
CE1(config-bgp)#exit

Configuration on CE2:
CE2(config)#interface gei-0/1/0/3
CE2(config-if-gei-0/1/0/3)#no shutdown
CE2(config-if-gei-0/1/0/3)#ip address 30.0.0.2 255.255.255.0
CE2(config-if-gei-0/1/0/3)#exit

CE2(config)#router bgp 300


CE2(config-bgp)#network 150.2.0.0 255.255.0.0
CE2(config-bgp)#neighbor 30.0.0.1 remote-as 100
CE2(config-bgp)#exit

Configuration on PE1:
PE1(config)#ip vrf test1
PE1(config-vrf-test1)#rd 100:1
PE1(config-vrf-test1)#address-family ipv4
PE1(config-vrf-test1-af-ipv4)#route-target import 100:1
PE1(config-vrf-test1-af-ipv4)#route-target export 100:1
PE1(config-vrf-test1-af-ipv4)#exit

3-37
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE1(config-vrf-test1)#exit

PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 1.1.1.1 255.255.255.255
PE1(config-if-loopback1)#exit
PE1(config)#interface gei-0/1/0/5
PE1(config-if-gei-0/1/0/5)#no shutdown
PE1(config-if-gei-0/1/0/5)#ip address 10.0.0.1 255.255.255.0
PE1(config-if-gei-0/1/0/5)#exit

PE1(config)#mpls ldp instance 1


PE1(config-ldp-1)#router-id loopback1
PE1(config-ldp-1)#interface gei-0/1/0/5
PE1(config-ldp-1-if-gei-0/1/0/5)#exit
PE1(config-ldp-1)#exit

PE1(config)#interface gei-0/1/0/2
PE1(config-if-gei-0/1/0/2)#no shutdown
PE1(config-if-gei-0/1/0/2)#ip vrf forwarding test1
PE1(config-if-gei-0/1/0/2)#ip address 20.0.0.1 255.255.255.0
PE1(config-if-gei-0/1/0/2)#exit
PE1(config)#interface gei-0/1/0/4
PE1(config-if-gei-0/1/0/4)#no shutdown
PE1(config-if-gei-0/1/0/4)#ip vrf forwarding test1
PE1(config-if-gei-0/1/0/4)#ip address 30.0.0.1 255.255.255.0
PE1(config-if-gei-0/1/0/4)#exit

PE1(config)#router ospf 1
PE1(config-ospf-1)#router-id 1.1.1.1
PE1(config-ospf-1)#network 1.1.1.1 0.0.0.0 area 0.0.0.0
PE1(config-ospf-1)#network 10.0.0.0 0.0.0.255 area 0.0.0.0
PE1(config-ospf-1)#exit

PE1(config)#router bgp 100


PE1(config-bgp)#neighbor 1.1.1.2 remote-as 100
PE1(config-bgp)#neighbor 1.1.1.2 update-source loopback1
PE1(config-bgp)#address-family ipv4 vrf test1
PE1(config-bgp-af-ipv4-vrf)#aggregate-address 150.0.0.0 255.0.0.0 summary-only
PE1(config-bgp-af-ipv4-vrf)#neighbor 20.0.0.2 remote-as 200
PE1(config-bgp-af-ipv4-vrf)#neighbor 30.0.0.2 remote-as 300
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 1.1.1.2 activate
PE1(config-bgp-af-vpnv4)#exit

3-38
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Configuration on PE2:
PE2(config)#ip vrf test1
PE2(config-vrf-test1)#rd 100:1
PE2(config-vrf-test1)#address-family ipv4
PE2(config-vrf-test1-af-ipv4)#route-target import 100:1
PE2(config-vrf-test1-af-ipv4)#route-target export 100:1
PE2(config-vrf-test1-af-ipv4)#exit
PE2(config-vrf-test1)#exit

PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 1.1.1.2 255.255.255.255
PE2(config-if-loopback1)#exit
PE2(config)#interface gei-0/1/0/6
PE2(config-if-gei-0/1/0/6)#no shutdown
PE2(config-if-gei-0/1/0/6)#ip address 10.0.0.2 255.255.255.0
PE2(config-if-gei-0/1/0/6)#exit

PE2(config)#mpls ldp instance 1


PE2(config-ldp-1)#router-id loopback1
PE2(config-ldp-1)#interface gei-0/1/0/6
PE2(config-ldp-1-if-gei-0/1/0/6)#exit
PE2(config-ldp-1)#exit

PE2(config)#router ospf 1
PE2(config-ospf-1)#router-id 1.1.1.2
PE2(config-ospf-1)#network 1.1.1.2 0.0.0.0 area 0.0.0.0
PE2(config-ospf-1)#network 10.0.0.0 0.0.0.255 area 0.0.0.0
PE2(config-ospf-1)#exit

PE2(config)#router bgp 100


PE2(config-bgp)#neighbor 1.1.1.1 remote-as 100
PE2(config-bgp)#neighbor 1.1.1.1 update-source loopback1
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 1.1.1.1 activate
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#exit

Configuration Verification
View VRF routing table on PE1. Here, both the sub-routes and the aggregated route can
be viewed.
PE1(config)#show ip protocol routing

vrf test1

Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,


OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,

3-39
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale

Dest

NextHop

Intag

Outtag

RtPrf

Protocol

*>

150.0.0.0/8

0.0.0.0

87

notag

254

BGP-AD

*>

150.1.0.0/16

20.0.0.2

86

notag

20

BGP-EXT

*>

150.2.0.0/16

30.0.0.2

85

notag

20

BGP-EXT

View PE2 routing table. Here, only the aggregated route can be viewed.
PE2(config)#show ip protocol routing

vrf test1

Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,


OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale

Dest
*> 150.0.0.0/8

NextHop

Intag

1.1.1.1

165366

Outtag
87

RtPrf

Protocol

200

BGP-INT

3.3 L3VPN Route Restriction and Alarm


3.3.1 L3VPN Route Restriction and Alarm Overview
L3VPN Route Restriction and Alarm Introduction
In MPLS L3VPN network, a PE receives excessive routes from CE and other PEs, so PE
memory is exhausted and the router collapses. Therefore, it is necessary to control the
L3VRF routes which enter PE router from CE and PE neighbor. This function is called as
L3VRF Route Limit.
There are three methods to send routes from CE to PE, as shown in the following:
l
l
l

Direct connection
Static
Dynamic unicast route protocol

The function of L3VPN Route Limit controls the routes to access to PE from CE through
many methods.

3-40
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

L3VPN Route Restriction and Alarm Work Flow


The resources (such as memory overhead and interfaces) on a router are limited. To
control the number of routes added in a VRF routing table, you can set the maximum
number of VRF route entries with related configuration commands.
Figure 3-11 shows the flow of adding a new route to the VRF routing table.
Figure 3-11 Flow of Adding a New Route

Figure 3-12 shows the flow of adding a dynamic route learned by a dynamic routing protocol
to the VRF routing table.

3-41
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Figure 3-12 Flow of Adding a Dynamic Route

The function of L3VPN route restriction and alarm can improve the performance of PE,
enhance network security, and avoid network attacks caused by mass routes poured into
the network.

3.3.2 Configuring L3VPN Route Restriction and Alarm


This procedure describes how to configure the L3VPN route restriction and alarm function.

Steps
1. Set the maximum number of routes in a VRF and configure the alarm function.
Step

Command

Function

ZXR10(config)#ip vrf < vrfi-name>

Enters into VRF configuration


mode.

3-42
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Step

Command

Function

ZXR10(config-vrf-vrf-name)#address-family

Activates IPv4 or IPv6 address

{ipv4|ipv6}

family.

ZXR10(config-vrf-vrf-name-af-ipv4)#maximum

Set the maximum number of

routes <number>{< thresholdvalue>| warning-only}

routes in a VRF and configure

ZXR10(config-vrf-vrf-name-af-ipv6)#maximum

the alarm function.

routes <number>{< thresholdvalue>| warning-only}

<number>: the sum of valid routes. The range is 142949672955.


< thresholdvalue>: route alarm threshold, it is a percentage value. The range is 1100.
warning-only: When the total number of VRF routes exceeds the threshold value, give
an alarm but not restrict the routes.
2. Verify the configurations.
Command

Function

ZXR10#show ip vrf detail

Shows the detailed configuration information of


the VRF.

By showing VRF configuration in detail, the information of route restriction and alarm
can be viewed.
End of Steps

3.3.3 L3VPN Route Alarm Configuration Instance


Configuration Description
As shown in Figure 3-13, a L3VPN network is constructed. VRF named zte is configured
on PE1, and both of its RT and RD is 1:1. The interface int 1 is bound to VRF zte.
The IP address of int 1 is 10.1.1.1/24, and that of port 1 is 10.1.1.2/24. CE1 accesses to
PE1 through EBGP.
Figure 3-13 Network Structure of L3VPN Route Alarm Configuration Instance

Configuration Command
1. To establish EBGP neighborhood between PE1 and CE1, configure PE1 as follows,
PE1(config)#router bgp 100

3-43
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE1(config-bgp)#address-family ipv4 vrf zte
PE1(config-bgp-af-ipv4-vrf)#neighbor 10.1.1.2 remote-as 200
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#exit

Perform the corresponding configuration on CE1 to make it establish EBGP


neighborhood between PE1.
Run the show bgp vpnv4 unicast vrf-summary zte command on PE1 to view whether
the neighborhood between PE1 and CE1 is established.
2. Configure the maximum value of VRF zte routes is 100 on PE1, and the route alarm
threshold value is 60%.
PE1(config)#ip vrf zte
PE1(config-vrf-zte)#address-family ipv4
PE1(config-vrf-zte-af-ipv4)#maximum routes 100 60
PE1(config-vrf-zte-af-ipv4)#exit
PE1(config-vrf-zte)#exit

Run the show ip vrf detail zte to view the configuration result of maximum routes.
Enable alarm and terminal monitor functions on PE1 to view the alarm if the number
of routes exceeds the threshold.
PE1#terminal monitor
PE1#configure terminal
PE1#(config)#logging on

3. CE1 advertises 50 EBGP route entries to PE1 (it does not exceed the 60% of alarm
threshold value). Run the show ip protocol routing vrf zte command to view the 50
VRF EBGP route entries on PE1. PE1 does not give any alarm.
4. CE1 continues to advertise 20 EBGP route entries to PE1. There are 70 EBGP route
entries now (It exceeds 60% of alarm threshold value). Run the show ip protocol rout
ing vrf-summary zte command on PE1 to view the 70 VRF EBGP route entries. PE1
gives an alarm.
PE1(config)#show ip protocol routing vrf-summary zte
VRF

Source

Count

connected:

static:

ospf:

rip:

bgp:

70

isis:

icmp:

snmp:

nat:

natpt:

vrrp:

ppp:

asbr_vpn:

3-44
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


rsvpte:

usr-ipaddr:

usr-net:

ipsec:

ps-user:

ps-busi:

ves:

ldp:

user-special:

dhcp-dft:

dhcp-static:

sl_nat64_v4:

Total:

72

The corresponding alarm is displayed by PE1.


An alarm 200311 ID 125 level 5 occurred at 14:07:55 02-16-2012
sent by PE1 MPU-0/20/0 %COURIER% Routes warning limit is exceeded!
warning data:The routes warning limit of zte is exceeded
An alarm 200311 ID 3442 level 5 occurred at 10:16:59 05-06-2013 sent by
PE1 MPU-0/11/0 %L3VPN% Routes warning limit is exceeded.
Warning data:The routes warning limit of zte is exceeded

5. CE1 continues to advertise 40 route entries to PE1. There are 100 EBGP route entries
(It exceeds 100 of alarm threshold value). Run the show ip protocol routing vrf-summ
ary zte command on PE1 to view the 100 VRF EBGP route entries.
PE1(config)#show ip protocol routing vrf-summary zte
VRF Source Count
connected: 2
static: 0
ospf: 0
rip: 0
bgp: 100
isis: 0
icmp: 0
snmp: 0
nat: 0
natpt: 0
vrrp: 0
ppp: 0
asbr_vpn: 0
rsvpte: 0
usr-ipaddr: 0
usr-net: 0
ipsec: 0
ps-user: 0
ps-busi: 0

3-45
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


ves: 0
ldp: 0
user-special: 0
dhcp-dft: 0
dhcp-static: 0
sl_nat64_v4: 0
Total: 103

The alarm that the number of VRF routes exceeds the threshold value is displayed by
PE1.
An alarm 200310 ID 3441 level 3 occurred at 10:16:59 05-06-2013
sent by PE1 MPU-0/11/0 %L3VPN% Routes limit is exceeded.
Error data:The routes limit of zte is exceeded

6. CE1 cancels the route entries that it advertised to PE1 before, and it advertises another
50 EBGP route entries to PE1. Run the show ip protocol routing vrf-summary zte
command on PE1 to view the 50 VRF EBGP routes. PE1 does not give any alarm.
7. Modify the route alarm threshold of VRF zte to 40% on PE1. The upper limitation of
route is still 100 entries.
PE1(config)#ip vrf zte
PE1(config-vrf-zte)#address-family ipv4
PE1(config-vrf-zte-af-ipv4)#maximum routes 100 40
PE1(config-vrf-zte-af-ipv4)#exit
PE1(config-vrf-zte)#exit

Run the show ip vrf detail zte command to view the configuration result of the maximum
routes command. It shows that there are 50 route entries and PE1 does not give any
alarm.
8. CE1 cancels the 50 EBGP route entries that it advertised to PE1 before, and it
advertises to PE1 again. PE1 gives an alarm to prompt that the route alarm threshold
is exceeded.
An alarm 200311 ID 3442 level 5 occurred at 10:16:59 05-06-2013
sent by PE1 MPU-0/11/0 %L3VPN% Routes warning limit is exceeded.
Warning data:The routes warning limit of zte is exceeded

9. Configure warning-only function of VPN route restriction alarm on vrf zte on PE1.
PE1(config)#ip vrf zte
PE1(config-vrf-zte)#address-family ipv4
PE1(config-vrf-zte-af-ipv4)#maximum routes 100 warning-only
PE1(config-vrf-zte-af-ipv4)#exit
PE1(config-vrf-zte)#exit

10. View the current route number, route restriction value and alarm threshold value of vrf
zte on PE1. The route number is 50, the route threshold value is not exceeded. There
is no alarm appears.
PE1(config)#show ip vrf detail zte
VRF zte (VRF Id = 1); default RD 1:1

3-46
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


Default VPNID: <not set>

Ttl-mode: pipe
Ds-mode: pipe

Address family ipv4:


No Export VPN route-target communities
No Import VPN route-target communities
No import route-map
No export route-map
Route warning limit 100
priority:

No import multicast-route
No static outlabel configed
No static tunnel configed
Address family ipv6:
No Export VPN route-target communities
No Import VPN route-target communities
No import route-map
No export route-map
Mpls label mode:
ipv4 VRF label allocation mode: per-prefix
ipv6 VRF label allocation mode: per-prefix
per-vrf inlabel: 213009
Interfaces:
gei-0/1/0/1.1
gei-0/1/0/5

11. Advertise 60 routes from CE1. The route number exceeds the threshold value. PE1
displays the corresponding alarm. VRF zte of PE1 does not restrict the routes if the
number of routes exceeds 100. On PE1, you can run the show ip protocol routing
vrf-summary zte command and identify that there are a total of 110 routes.
An alarm 200310 ID 143

level 3 occurred at 14:17:21 02-16-2012

sent by PE1 MPU-0/20/0 %COURIER% Routes warning limit is exceeded!


warning data:The routes warning limit of zte is exceeded

PE1(config)#show ip vrf detail zte


VRF zte (VRF Id = 1); default RD 1:1
Default VPNID: <not set>
Ttl-mode: pipe
Ds-mode: pipe

Address family ipv4:


No Export VPN route-target communities
No Import VPN route-target communities
No import route-map

3-47
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


No export route-map
Route warning limit 100
priority:

No import multicast-route
No static outlabel configed
No static tunnel configed
Address family ipv6:
No Export VPN route-target communities
No Import VPN route-target communities
No import route-map
No export route-map
Mpls label mode:
ipv4 VRF label allocation mode: per-prefix
ipv6 VRF label allocation mode: per-prefix
per-vrf inlabel: 213009
Interfaces:
gei-0/1/0/1.1
gei-0/1/0/5

PE1(config)#show ip protocol routing vrf-summary zte


VRF Source Count
connected: 2
static: 0
ospf: 0
rip: 0
bgp: 110
isis: 0
icmp: 0
snmp: 0
nat: 0
natpt: 0
vrrp: 0
ppp: 0
asbr_vpn: 0
rsvpte: 0
usr-ipaddr: 0
usr-net: 0
ipsec: 0
ps-user: 0
ps-busi: 0
ves: 0
ldp: 0
user-special: 0
dhcp-dft: 0
dhcp-static: 0

3-48
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


sl_nat64_v4: 0
Total: 113

3.4 Global Static Route Configuration in L3VPN


3.4.1 Global Static Route Overview
Global static routes are routing information that the network administrator specifies with the
destination address being a private network address whose next hop is a public network
address through configuration commands. The routing table of dynamic routes, however,
is established based on the routing algorithm. As an optional scheme for accessing the
Internet from a private network, the global static routes possess the advantages of simple
configuration, stability, and high efficiency.
When you configure a global static route, besides the destination address and mask,
you need to specify a public network address as the next hop address of its destination
address, add the global keyword, and configure that the route validity is determined by
the information status change of the corresponding egress interface.

3.4.2 Configuring a Global Static Route


This procedure describes how to configure a global static route.

Steps
1. On the ZXR10 M6000-S, run the following commands to configure a global static route.
Step

Command

Function

ZXR10(config)#ip route vrf < vrf-name>< prefix><

Configures a global static

net-mask>{<forwarding-router's-address> global }[<

route, with the destination

distance-metric>][ metric <metric>]

address being a private


network address, and the next
hop of the destination address
being a public network
address.

ZXR10(config)#router bgp < as-number>

Enters BGP route


configuration mode.

ZXR10(config-bgp)#address-family ipv4 vrf < vrf-name>

Enters address family


configuration mode of the
corresponding VRF.

ZXR10(config-bgp-af)#redistribute static

Redistributes the static route.

<vrf-name>: specifies a VRF where the static route is configured, range: 132
characters.
3-49
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

<prefix>: network prefix in dotted decimal notation.


<net-mask>: netmask in dotted decimal notation.
<forwarding-router's-address>: IP address of the next hop, in dotted decimal notation.
global: configures a global static route, with the destination address being a private
network address, and the next hop of the destination address being a public network
address. In this case, this keyword needs to be applied. In this command, this keyword
is used only for configuring the next hop for a private network route.
<distance-metric>: jurisdictional distance, range: 1255.
<metric>: route metric, range: 1255, default: 0.
<as-number>: autonomous system number of this router, range: 165535. AS
numbers 1 through 64511 are used for public purposes, and AS numbers 64512
through 65535 are used for private purposes.
2. Verify the configurations.
Command

Function

ZXR10#show ip protocol routing vrf < vrf-name>

Shows the global routing table of


the router.

ZXR10#show ip forwarding route vrf < vrf-name>

Shows the forwarding table of


the router.

End of Steps

3.4.3 Global Static Route Configuration Example


Configuration Description
As shown in Figure 3-14, a global static route is configured on PE1 to CE2 20.1.1.0/24
and on PE2 to CE1 33.24.1.0/24 separately. These static routes are redistributed. In
addition, a BGP neighbor is established between CE1 and PE1, and between CE2 and
PE2 separately.
Figure 3-14 Global Static Route Configuration Example

3-50
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Configuration Flow
1. Configures a global static route, with the destination address being a private network
address, and the next hop of the destination address being a public network address.
2. Redistribute the static route.
3. Establish a BGP neighbor between a CE and a PE.

Configuration Command
Configuration on CE1:
CE1(config)#interface gei-0/1/0/3
CE1(config-if-gei-0/1/0/3)#no shutdown
CE1(config-if-gei-0/1/0/3)#ip address 33.24.1.5 255.255.255.0
CE1(config-if-gei-0/1/0/3)#exit

CE1(config)#router bgp 1
CE1(config-bgp)#neighbor 33.24.1.6 remote-as 2
CE1(config-bgp)#exit

Configuration on PE1:
PE1(config)#tunnel-policy 11
PE1(config-tunnel-policy-11)#tunnel select-seq ldp-lsp te-lsp
PE1(config-tunnel-policy-11)#exit

PE1(config)#ip vrf wy
PE1(config-vrf-wy)#rd 1:100
PE1(config-vrf-wy)#route-target both 1:100
PE1(config-vrf-wy)#address-family ipv4
PE1(config-vrf-wy-af-ipv4)#peer 64.1.1.4 tunnel-policy 11
PE1(config-vrf-wy-af-ipv4)#static-outlabel 64.1.1.4 31
PE1(config-vrf-wy-af-ipv4)#exit
PE1(config-vrf-wy)#static-inlabel 21
PE1(config-vrf-wy)#exit

PE1(config)#interface gei-0/1/0/1
PE1(config-if-gei-0/1/0/1)#no shutdown
PE1(config-if-gei-0/1/0/1)#ip vrf forwarding wy
PE1(config-if-gei-0/1/0/1)#ip address 33.24.1.6 255.255.255.0
PE1(config-if-gei-0/1/0/1)#exit
PE1(config)#interface gei-0/1/0/2
PE1(config-if-gei-0/1/0/2)#no shutdown
PE1(config-if-gei-0/1/0/2)#ip address 21.33.1.6 255.255.255.0
PE1(config-if-gei-0/1/0/2)#exit
PE1(config)#interface loopback64
PE1(config-if-loopback64)#ip address 64.1.1.6 255.255.255.0
PE1(config-if-loopback64)#exit

3-51
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

PE1(config)#router ospf 1
PE1(config-ospf-1)#network 21.33.1.0 0.0.0.255 area 0
PE1(config-ospf-1)#network 64.1.1.6 0.0.0.0 area 0
PE1(config-ospf-1)#exit

PE1(config)#mpls ldp instance 1


PE1(config-ldp-1)#router-id loopback64
PE1(config-ldp-1)#interface gei-0/1/0/2
PE1(config-ldp-1-if-gei-0/1/0/2)#end

PE1(config)#router bgp 2
PE1(config-bgp)#address-family ipv4 vrf wy
PE1(config-bgp-af-ipv4-vrf)#neighbor 33.24.1.5 remote-as 1
PE1(config-bgp-af-ipv4-vrf)#redistribute static
PE1(config-bgp-af-ipv4-vrf)#end

PE1(config)#ip route vrf wy 20.1.1.0 255.255.255.0 64.1.1.4 global

Configuration on PE2:
PE2(config)#tunnel-policy 11
PE2(config-tunnel-policy-11)#tunnel select-seq ldp-lsp te-lsp
PE2(config-tunnel-policy-11)#exit

PE2(config)#ip vrf wy
PE2(config-vrf-wy)#rd 1:100
PE2(config-vrf-wy)#route-target both 1:100
PE2(config-vrf-wy)#address-family ipv4
PE2(config-vrf-wy-af-ipv4)#peer 64.1.1.6 tunnel-policy 11
PE2(config-vrf-wy-af-ipv4)#static-outlabel 64.1.1.6 21
PE2(config-vrf-wy-af-ipv4)#exit
PE2(config-vrf-wy)#static-inlabel 31
PE2(config-vrf-wy)#exit

PE2(config)#interface gei-0/1/0/1
PE2(config-if-gei-0/1/0/1)#no shutdown
PE2(config-if-gei-0/1/0/1)#ip vrf forwarding wy
PE2(config-if-gei-0/1/0/1)#ip address 20.1.1.4 255.255.255.0
PE2(config-if-gei-0/1/0/1)#exit
PE2(config)#interface gei-0/1/0/2
PE2(config-if-gei-0/1/0/2)#no shutdown
PE2(config-if-gei-0/1/0/2)#ip address 21.33.1.4 255.255.255.0
PE2(config-if-gei-0/1/0/2)#exit
PE2(config)#interface loopback64
PE2(config-if-loopback64)#ip address 64.1.1.4 255.255.255.0

3-52
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


PE2(config-if-loopback64)#exit

PE2(config)#router ospf 1
PE2(config-ospf-1)#network 20.1.1.0 0.0.0.255 area 0
PE2(config-ospf-1)#network 64.1.1.4 0.0.0.0 area 0
PE2(config-ospf-1)#exit

PE2(config)#mpls ldp instance 1


PE2(config-ldp-1)#router-id loopback64
PE2(config-ldp-1)#interface gei-0/1/0/2
PE2(config-ldp-1-if-gei-0/1/0/2)#end

PE2(config)#router bgp 2
PE2(config-bgp)#address-family ipv4 vrf wy
PE2(config-bgp-af-ipv4-vrf)#neighbor 20.1.1.3 remote-as 1
PE2(config-bgp-af-ipv4-vrf)#redistribute static
PE2(config-bgp-af-ipv4-vrf)#end

PE2(config)#ip route vrf wy 33.24.1.0 255.255.255.0 64.1.1.6 global

Configuration on CE2:
CE2(config)#interface gei-0/1/0/3
CE2(config-if-gei-0/1/0/3)#no shutdown
CE2(config-if-gei-0/1/0/3)#ip address 20.1.1.3 255.255.255.0
CE2(config-if-gei-0/1/0/3)#exit

CE2(config)#router bgp 1
CE2(config-bgp)#neighbor 20.1.1.4 remote-as 2
CE2(config-bgp)#exit

Configuration Verification
Check the configuration on PE1:
PE1(config)#show ip protocol routing vrf wy
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale

Dest
*> 20.1.1.0/24
*> 33.24.1.0/24

NextHop
64.1.1.4
33.24.1.6

Intag
notag
notag

Outtag

RtPrf

31
notag

1
0

Protocol
Static
Direct

3-53
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


*> 33.24.1.6/32

33.24.1.6

notag

notag

Address

PE1(config)#show ip forwarding route vrf wy


IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
Status codes: *valid, >best;
Gw

Interface

Owner

Pri Metric

*> 20.1.1.0/24

Dest

64.1.1.4

gei-0/2/0/1

STAT-V

*> 33.24.1.0/24

33.24.1.6

gei-0/2/0/4

Direct

*> 33.24.1.6/32

33.24.1.6

gei-0/2/0/4

Address 0

Check the configuration on PE2:


PE2(config)#show ip protocol routing vrf wy
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale
Dest

NextHop

Intag

Outtag

RtPrf

Protocol

*> 20.1.1.4/32

20.1.1.4

notag

notag

Address

20.1.1.4

notag

notag

Direct

*> 33.24.1.0/24 64.1.1.6

notag

21

Static

20.1.1.4/32

PE2(config)#show ip forwarding route vrf wy


IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
Status codes: *valid, >best;
Owner

Pri

Metric

*> 20.1.1.4/32

Dest

20.1.1.4 loopback63

Gw

Interface

Address

*> 33.24.1.0/24

64.1.1.6 gei-0/3/0/3

STAT-V

Check the configuration on CE1:


CE1(config)#sho ip forwarding route 20.1.1.0
IPv4 Routing Table:

3-54
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
Status codes: *valid, >best;
Dest
*> 20.1.1.0

Gw

Interface

Owner

Pri

33.24.1.6

gei-0/1/0/1

bgp

200

Metric

3.5 L3VPN FRR Configuration


3.5.1 L3VPN FRR Overview
At present, the data products work as the basic communication devices of operators. The
requirements for device forwarding stability and fast fault recovery are becoming higher
and higher. Especially when there are more and more VPN communication demands
of users, the VPN FRR function is becoming more and more important. The VPN FRR
function can only be private network VPN FRR. The FRR function accomplished by the
outer labels on the public networks is not included. Therefore, L3 VPN FRR refers to the
FRR for VPN routes on private networks.
At present, for the routes that are learnt from different remote PE devices, FRR relationship
can be formed.
As shown in Figure 3-15, PE1 learns the private network routes to the same network
segment from two different next hops (PE2 and PE3). L3 VPN FRR relationship can be
formed on PE1. When CE1 sends traffic to CE2, active and standby private network routes
will be formed on PE1, thus forming L3 VPN FRR. In this way, fast traffic changeover is
accomplished.
Figure 3-15 L3VPN FRR Network Structure

VPN FRR uses the VPN-based quick private network route switching technology. It sets
active/standby forwarding entries pointing to the active and standby PEs on the remote PE
in advanced. According to these forwarding entries, together with quick PE fault detection,
3-55
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

VPN FRR can switch VPN traffic to the standby path before VPN route convergence is
completed. The detailed process is as follows:
1. Detect a fault quickly. The technologies usually used include BFD and physical signal
detection.
2. Modify the forwarding plane and change the traffic over to the standby path that has
been calculated out.
3. Perform route re-convergence.
4. After route re-convergence, change the traffic over to the optimal path.

3.5.2 Configuring L3VPN FRR


This procedure describes how to configure L3VPN FRR.

Steps
1. Configure L3VPN FRR.
Step

Command

Function

ZXR10(config)#router bgp < as-number>

Enters BGP route


configuration mode.

ZXR10(config-bgp)#address-family ipv4 vrf <

Enters the IPv4 VRF address

vpn-name>

cluster configuration mode.

ZXR10(config-bgp-af-ipv4-vrf)#bgp frr

Enables the BGP FRR


function.

2. Verify the configurations.


Command

Function

ZXR10#show ip forwarding backup route vrf<

Shows the standby private network

vpn-name>

route.

End of Steps

3.5.3 L3VPN FRR Configuration Examples


3.5.3.1 L3VPN FRR Configuration Instance
Configuration Description
As shown in Figure 3-16on an L3 VPN, CE1 is directly connected to VRF 1 on PE1. CE2
establishes OSPF neighbor relationship with the VRF access interfaces on PE2 and PE3.
CE2 and R1 establish OSPF neighbor relationship. Redistribute OSPF in VRF address
family configuration on PE2 and PE3. On PE1, there are VRF 1 routes that are learnt from
PE2 and PE3. PE1 establish LDP/MP-BGP neighbor relationship with PE2 and PE3.
3-56
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Figure 3-16 Network Structure of L3VPN FRR Configuration Instance

Configuration Flow
1. According to the network topology, construct an MP-BGP network for PE1, PE2 and
PE3.
2. Establish OSPF neighbor relationship with the VRF access interfaces of PE2 and PE3
on CE2. Establish OSPF neighbor relationship between CE2 and R1.
3. Redistribute OSPF in VRF address family configuration mode on PE2 and PE3.
4. Configure FRR in the VRF instance on PE1.

Configuration Command
The configuration of PE1:
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 172.20.96.2 255.255.255.255
PE1(config-if-loopback1)#exit
PE1(config)#interface xgei-0/2/0/3
PE1(config-if-xgei-0/2/0/3)#no shutdown
PE1(config-if-xgei-0/2/0/3)#ip address 172.20.130.18 255.255.255.0
PE1(config-if-xgei-0/2/0/3)#exit
PE1(config)#interface xgei-0/2/0/2
PE1(config-if-xgei-0/2/0/2)#no shutdown
PE1(config-if-xgei-0/2/0/2)#ip address 172.20.130.221 255.255.255.0
PE1(config-if-xgei-0/2/0/2)#exit

PE1(config)#router ospf 1
PE1(config-ospf-1)#router-id 172.20.96.2
PE1(config-ospf-1)#network 172.20.130.0 0.0.0.255 area 0.0.0.0
PE1(config-ospf-1)#network 172.20.96.2 0.0.0.0 area 0.0.0.0
PE1(config-ospf-1)#exit

PE1(config)#mpls ldp instance 1


PE1(config-ldp-1)#router-id loopback1

3-57
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE1(config-ldp-1)#interface xgei-0/2/0/3
PE1(config-ldp-1-if-xgei-0/2/0/3)#exit
PE1(config-ldp-1)#interface xgei-0/2/0/2
PE1(config-ldp-1-if-xgei-0/2/0/2)#exit
PE1(config-ldp-1)#exit

PE1(config)#ip vrf zte


PE1(config-vrf-zte)#rd 1:50
PE1(config-vrf-zte)#route-target both 1:50
PE1(config-vrf-zte)#address-family ipv4
PE1(config-vrf-zte-af-ipv4)#exit
PE1(config-vrf-zte)#exit

PE1(config)#router bgp 18004


PE1(config-bgp)#neighbor 172.20.96.1 remote-as 18004
PE1(config-bgp)#neighbor 172.20.96.1 update-source loopback1
PE1(config-bgp)#neighbor 172.20.108.2 remote-as 18004
PE1(config-bgp)#neighbor 172.20.108.2 update-source loopback1
PE1(config-bgp)#neighbor 172.20.96.1 fall-over bfd
PE1(config-bgp)#neighbor 172.20.108.2 fall-over bfd
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 172.20.96.1 activate
PE1(config-bgp-af-vpnv4)#neighbor 172.20.108.2 activate
PE1(config-bgp-af-vpnv4)#exit
PE1(config-bgp)#address-family ipv4 vrf zte
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#bgp frr
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#exit

PE1(config)#interface gei-0/5/1/10
PE1(config-if-gei-0/5/1/10)#no shutdown
PE1(config-if-gei-0/5/1/10)#ip vrf forwarding zte
PE1(config-if-gei-0/5/1/10)#ip address 202.10.10.61 255.255.255.0
PE1(config-if-gei-0/5/1/10)#exit

The configuration of PE2:


PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 172.20.96.1 255.255.255.255
PE2(config-if-loopback1)#exit

PE2(config)#ip vrf zte


PE2(config-vrf-zte)#rd 1:50
PE2(config-vrf-zte)#route-target both 1:50
PE2(config-vrf-zte)#address-family ipv4

3-58
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


PE2(config-vrf-zte-af-ipv4)#exit
PE2(config-vrf-zte)#exit

PE2(config)#interface xgei-0/5/0/1
PE2(config-if-xgei-0/5/0/1)#no shutdown
PE2(config-if-xgei-0/5/0/1)#ip address 172.20.130.17 255.255.255.0
PE2(config-if-xgei-0/5/0/1)#exit
PE2(config)#interface xgei-0/5/0/3
PE2(config-if-xgei-0/5/0/3)#no shutdown
PE2(config-if-xgei-0/5/0/3)#ip vrf for zte
PE2(config-if-xgei-0/5/0/3)#ip address 200.1.1.60 255.255.255.0
PE2(config-if-xgei-0/5/0/3)#exit

PE2(config)#router ospf 1
PE2(config-ospf-1)#router-id 172.20.96.1
PE2(config-ospf-1)#network 172.20.130.0 0.0.0.255 area 0.0.0.0
PE2(config-ospf-1)#network 172.20.96.1 0.0.0.0 area 0.0.0.0
PE2(config-ospf-1)#exit

PE2(config)#router ospf 100 vrf zte


PE2(config-ospf-100)#network 200.1.1.0 0.0.0.255 area 0.0.0.0
PE2(config-ospf-100)#exit

PE2(config)#mpls ldp instance 1


PE2(config-ldp-1)#router-id loopback1
PE2(config-ldp-1)#interface xgei-0/5/0/1
PE2(config-ldp-1-if-xgei-0/5/0/1)#exit
PE2(config-ldp)#exit

PE2(config)#router bgp 18004


PE2(config-bgp)#neighbor 172.20.96.2 remote-as 18004
PE2(config-bgp)#neighbor 172.20.96.2 update-source loopback1
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 172.20.96.2 activate
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#address-family ipv4 vrf zte
PE2(config-bgp-af-ipv4-vrf)#redistribute ospf-int 100
PE2(config-bgp-af-ipv4-vrf)#exit
PE2(config-bgp)#exit

The configuration of PE3:


PE3(config)#interface loopback1
PE3(config-if-loopback1)#ip address 172.20.108.2 255.255.255.255
PE3(config-if-loopback1)#exit

3-59
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE3(config)#ip vrf zte
PE3(config-vrf-zte)#rd 1:50
PE3(config-vrf-zte)#route-target both 1:50
PE3(config-vrf-zte)#address-family ipv4
PE3(config-vrf-zte-af-ipv4)#exit
PE3(config-vrf-zte)#exit

PE3(config)#interface xgei-0/0/0/4
PE3(config-if-xgei-0/0/0/4)#no shutdown
PE3(config-if-xgei-0/0/0/4)#ip address 172.20.130.222 255.255.255.0
PE3(config-if-xgei-0/0/0/4)#exit
PE3(config)#interface xgei-0/0/0/1
PE3(config-if-xgei-0/0/0/1)#no shutdown
PE3(config-if-xgei-0/0/0/1)#ip vrf forwarding zte
PE3(config-if-xgei-0/0/0/1)#ip address 100.1.1.63 255.255.255.0
PE3(config-if-xgei-0/0/0/1)#exit

PE3(config)#router ospf 1
PE3(config-ospf-1)#router-id 172.20.108.2
PE3(config-ospf-1)#network 172.20.130.0 0.0.0.255 area 0.0.0.0
PE3(config-ospf-1)#network 172.20.108.2 0.0.0.0 area 0.0.0.0
PE3(config-ospf-1)#exit

PE3(config)#router ospf 100 vrf zte


PE3(config-ospf-zte)#network 100.1.1.0 0.0.0.255 area 0.0.0.0
PE3(config-ospf-zte)#exit

PE3(config)#mpls ldp instance 1


PE3(config-ldp-1)#router-id loopback1
PE3(config-ldp-1)#interface xgei-0/0/0/4
PE3(config-ldp-1-if-xgei-0/0/0/4)#exit
PE3(config-ldp-1)#exit

PE3(config)#router bgp 18004


PE3(config-bgp)#neighbor 172.20.96.2 remote-as 18004
PE3(config-bgp)#neighbor 172.20.96.2 update-source loopback1
PE3(config-bgp)#address-family vpnv4
PE3(config-bgp-af-vpnv4)#neighbor 172.20.96.2 activate
PE3(config-bgp-af-vpnv4)#exit
PE3(config-bgp)#address-family ipv4 vrf zte
PE3(config-bgp-af-ipv4-vrf)#redistribute ospf-int 100
PE3(config-bgp-af-ipv4-vrf)#exit
PE3(config-bgp)#exit

The configuration of CE2:

3-60
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


CE2(config)#interface gei-0/5/1/10
CE2(config-if-gei-0/5/1/10)#no shutdown
CE2(config-if-gei-0/5/1/10)#ip address 192.1.1.64 255.255.255.0
CE2(config-if-gei-0/5/1/10)#exit
CE2(config)#interface xgei-0/0/0/3
CE2(config-if-xgei-0/0/0/3)#no shutdown
CE2(config-if-xgei-0/0/0/3)#ip address 200.1.1.2 255.255.255.0
CE2(config-if-xgei-0/0/0/3)#exit
CE2(config)#interface xgei-0/0/0/1
CE2(config-if-xgei-0/0/0/1)#no shutdown
CE2(config-if-xgei-0/0/0/1)#ip address 100.1.1.2 255.255.255.0
CE2(config-if-xgei-0/0/0/1)#exit

CE2(config)#router ospf 1
CE2(config-ospf-1)#network 100.1.1.0 0.0.0.255 area 0.0.0.0
CE2(config-ospf-1)#network 200.1.1.0 0.0.0.255 area 0.0.0.0
CE2(config-ospf-1)#network 192.1.1.0 0.0.0.255 area 0.0.0.0
CE2(config-ospf-1)#exit

Configuration Verification
Verify the configuration on PE1.
PE1#show ip protocol routing vrf zte
network 192.1.1.0 mask 255.255.255.0
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale
Dest

NextHop

Intag

Outtag

RtPrf

Protocol

*>

192.1.1.0/24

172.20.108.2

213015

213400

200

BGP-INT

*>

192.1.1.0/24

172.20.96.1

213015

213008

200

BGP-INT

PE1(config)#show ip forwarding route vrf zte 192.1.1.0


IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
Status codes: *valid, >best;
Dest

Gw

Interface

Owner

Pri Metric

192.1.1.0/24

172.20.108.2

xgei-0/2/0/2

BGP

200 3

3-61
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE1(config)#show ip forwarding backup route vrf zte 192.1.1.0
IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority, M/S: Master/Slave,
Sta: Status;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
Status codes: *valid, >best, M: Master, S: Slave, I: Inuse, U: Unuse;
Dest Gw Interface Owner Pri Metric M/S Sta
*> 192.1.1.0/24 172.20.108.2 xgei-0/2/0/2 bgp 200 3 M I
*>192.1.1.0/24 172.20.96.1 xgei-0/2/0/3 bgp 200 3 S U

PE1(config)#show bgp vpnv4 unicast detail 1:50 192.1.1.0 255.255.255.0


BGP routing table entry for 1:50:192.1.1.0/24
1d7h received from 172.20.108.2 (172.20.108.2)
origin ?,nexthop 172.20.108.2,metric 3,localpref 100, rtpref 200,best,
as path
as4 path
extended Community:RT:1:50
received label

213400

1d7h received from 172.20.96.1 (172.20.96.1)


origin ?,nexthop 172.20.96.1,metric 3,localpref 100, rtpref 200,best,
as path
as4 path
extended Community:RT:1:50
received label

213008

According to the information, VPN FRR relationship is formed on PE1. When the active
link between PE1 and PE2 is down, VPN FRR on PE1 will change the traffic over to the
standby link from the active link, thus accomplishing fast changeover.

3.5.3.2 L3VPN Access Side FRR Configuration Example


Configuration Description
Figure 3-17 shows the network structure. CE1 accesses VRF zte on PE1 through IS-IS,
CE2 accesses VRF zte on PE2 through IS-IS. The two IS-IS links are redistributed
under the VRF address families of PE1 and PE2 respectively. An LDP/MPBGP neighbor
relationship is established between PE1 and PE2.

3-62
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Figure 3-17 Network Structure for L3VPN Access Side FRR Configuration

Configuration Flow
1. Establish an MP-IBGP environment between PE1 and PE2.
2. Create IS-IS neighbor relationships between CE1 and PE1s VRF interface and between CE2 and PE2s VRF interface respectively.
3. Redistribute IS-IS links under the VRF address families of PE1 and PE2 respectively.
4. Configure FRR under the VRF of PE1.

Configuration Commands
Configure CE1 as follows:
/*Configure IP addresses of interfaces as follows:*/
CE1(config)#interface gei-0/1/0/1
CE1(config-if-gei-0/1/0/1)#no shutdown
CE1(config-if-gei-0/1/0/1)#ip address 100.101.1.11 255.255.255.0
CE1(config-if-gei-0/1/0/1)#exit
CE1(config)#interface gei-0/1/0/2
CE1(config-if-gei-0/1/0/2)#no shutdown
CE1(config-if-gei-0/1/0/2)#ip address 100.101.2.11 255.255.255.0
CE1(config-if-gei-0/1/0/2)#exit

/*Create IS-IS neighbor relationships as follows:*/


CE1(config)#router isis 2
CE1(config-isis-2)#area 00
CE1(config-isis-2)#system-id 2002.1234.2CE1
CE1(config-isis-2)#interface gei-0/1/0/1
CE1(config-isis-2-if-gei-0/1/0/1)#ip router isis
CE1(config-isis-2-if-gei-0/1/0/1)#exit
CE1(config-isis-2)#interface gei-0/1/0/2
CE1(config-isis-2-if-gei-0/1/0/2)#ip router isis
CE1(config-isis-2-if-gei-0/1/0/2)#metric 15
CE1(config-isis-2-if-gei-0/1/0/2)#exit

3-63
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


CE1(config-isis-2)#exit

Configure PE1 as follows:


/*Create a VRF as follows:*/
PE1(config)#ip vrf zte
PE1(config-vrf-zte)#rd 1:50
PE1(config-vrf-zte)#route-target both 1:50
PE1(config-vrf-zte)#address-family ipv4
PE1(config-vrf-zte-af-ipv4)#exit
PE1(config-vrf-zte)#exit

/*Configure the IP addresses of interfaces as follows:*/


PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 1.1.1.1 255.255.255.255
PE1(config-if-loopback1)#exit
PE1(config)#interface gei-0/1/0/1
PE1(config-if-gei-0/1/0/1)#no shutdown
PE1(config-if-gei-0/1/0/1)#ip vrf forwarding zte
PE1(config-if-gei-0/1/0/1)#ip address 100.101.1.1 255.255.255.0
PE1(config-if-gei-0/1/0/1)#exit
PE1(config)#interface gei-0/1/0/2
PE1(config-if-gei-0/1/0/2)#no shutdown
PE1(config-if-gei-0/1/0/2)#ip vrf forwarding zte
PE1(config-if-gei-0/1/0/2)#ip address 100.101.2.1 255.255.255.0
PE1(config-if-gei-0/1/0/2)#exit
PE1(config)#interface gei-0/1/0/3
PE1(config-if-gei-0/1/0/3)#no shutdown
PE1(config-if-gei-0/1/0/3)#ip address 100.101.3.1 255.255.255.0
PE1(config-if-gei-0/1/0/3)#exit

/*Create an IS-IS neighbor relationship at the access side as follows:*/


PE1(config)#router isis 2 vrf zte
PE1(config-isis-2)#area 00
PE1(config-isis-2)#system-id 2002.1234.2PE1
PE1(config-isis-2)#interface gei-0/1/0/1
PE1(config-isis-2-if-gei-0/1/0/1)#ip router isis
PE1(config-isis-2-if-gei-0/1/0/1)#exit
PE1(config-isis-2)#interface gei-0/1/0/2
PE1(config-isis-2-if-gei-0/1/0/2)#ip router isis
PE1(config-isis-2-if-gei-0/1/0/2)#exit
PE1(config-isis-2)#exit

/*Create an IS-IS neighbor relationship between two PEs as follows:*/


PE1(config)#router isis 1
PE1(config-isis-1)#area 00

3-64
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


PE1(config-isis-1)#system-id 1001.1234.1PE1
PE1(config-isis-1)#interface gei-0/1/0/3
PE1(config-isis-1-if-gei-0/1/0/3)#ip router isis
PE1(config-isis-1-if-gei-0/1/0/3)#exit
PE1(config-isis-1)#interface loopback1
PE1(config-isis-1-if-loopback1)#ip router isis
PE1(config-isis-1-if-loopback1)#exit
PE1(config-isis-1)#exit

/*Create an LDP neighbor relationship as follows:*/


PE1(config)#mpls ldp instance 1
PE1(config-ldp-1)#router-id loopback1
PE1(config-ldp-1)#interface gei-0/1/0/3
PE1(config-ldp-1-if-gei-0/1/0/3)#exit
PE1(config-ldp-1)#exit

/*Create an MIBGP neighbor relationship as follows:*/


PE1(config)#router bgp 100
PE1(config-bgp)#neighbor 1.1.1.2 remote-as 100
PE1(config-bgp)#neighbor 1.1.1.2 update-source loopback1
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 1.1.1.2 activate
PE1(config-bgp-af-vpnv4)#exit
PE1(config-bgp)#address-family ipv4 vrf zte
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#redistribute isis-1-2 2
PE1(config-bgp-af-ipv4-vrf)#bgp frr
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#exit

Configure PE2 as follows:


/*Create a VRF as follows:*/
PE2(config)#ip vrf zte
PE2(config-vrf-zte)#rd 1:50
PE2(config-vrf-zte)#route-target both 1:50
PE2(config-vrf-zte)#address-family ipv4
PE2(config-vrf-zte-af-ipv4)#exit
PE2(config-vrf-zte)#exit

/*Configure the IP addresses of interfaces as follows:*/


PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 1.1.1.2 255.255.255.255
PE2(config-if-loopback1)#exit
PE2(config)#interface gei-0/1/0/3
PE2(config-if-gei-0/1/0/3)#no shutdown

3-65
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE2(config-if-gei-0/1/0/3)#ip address 100.101.3.2 255.255.255.0
PE2(config-if-gei-0/1/0/3)#exit
PE2(config)#interface gei-0/1/0/4
PE2(config-if-gei-0/1/0/4)#no shutdown
PE2(config-if-gei-0/1/0/4)#ip vrf for zte
PE2(config-if-gei-0/1/0/4)#ip address 100.101.4.2 255.255.255.252
PE2(config-if-gei-0/1/0/4)#exit

/*Create an IS-IS neighbor relationship at the access side as follows:*/


PE2(config)#router isis 2 vrf zte
PE2(config-isis-2)#area 00
PE2(config-isis-2)#system-id 2002.1234.2PE2
PE2(config-isis-2)#interface gei-0/1/0/4
PE2(config-isis-2-if-gei-0/1/0/4)#ip router isis
PE2(config-isis-2-if-gei-0/1/0/4)#exit
PE2(config-isis-2)#exit

/*Create an IS-IS neighbor relationship between two PEs as follows:*/


PE2(config)#router isis 1
PE2(config-isis-1)#area 00
PE2(config-isis-1)#system-id 1001.1234.1PE2
PE2(config-isis-1)#interface gei-0/1/0/3
PE2(config-isis-1-if-gei-0/1/0/3)#ip router isis
PE2(config-isis-1-if-gei-0/1/0/3)#exit
PE2(config-isis-1)#exit

/*Create an LDP neighbor relationship as follows:*/


PE2(config)#mpls ldp instance 1
PE2(config-ldp-1)#router-id loopback1
PE2(config-ldp-1)#interface gei-0/1/0/3
PE2(config-ldp-1-if-gei-0/1/0/3)#exit
PE2(config-ldp)#exit

/*Create an MIBGP neighbor relationship as follows:*/


PE2(config)#router bgp 100
PE2(config-bgp)#neighbor 1.1.1.1 remote-as 18004
PE2(config-bgp)#neighbor 1.1.1.1 update-source loopback1
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 1.1.1.1

activate

PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#address-family ipv4 vrf zte
PE2(config-bgp-af-ipv4-vrf)#redistribute connected
PE2(config-bgp-af-ipv4-vrf)#redistribute isis-1-2 2
PE2(config-bgp-af-ipv4-vrf)#exit
PE2(config-bgp)#exit

3-66
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Configure CE2 as follows:


/*Configure the IP address of the interface as follows:*/
CE2(config)#interface gei-0/1/0/4
CE2(config-if-gei-0/1/0/4)#no shutdown
CE2(config-if-gei-0/1/0/4)#ip address 100.101.4.22

255.255.255.0

CE2(config-if-gei-0/1/0/4)#exit

/*Create an IS-IS neighbor relationship as follows:*/


CE2(config)#router isis 2
CE2(config-isis-2)#area 00
CE2(config-isis-2)#system-id 2002.1234.2CE2
CE2(config-isis-2)#interface gei-0/1/0/4
CE2(config-isis-2-if-gei-0/1/0/4)#ip router isis
CE2(config-isis-2-if-gei-0/1/0/4)#exit
CE2(config-isis-2)#exit

3.6 MPLS L3VPN Load Balancing Configuration


3.6.1 MPLS L3VPN Load Balancing Overview
MPLS L3VPN Load Balancing Introduction
In the existing system, there are common route transmission and label transmission by
MPLS technology. Initially, flag stack is used in LDP protocol and flag can be pushed,
replaced and popped directly. As the data flow becomes larger and larger, and the
requirement for bandwidth and time delay becomes more and more higher, the data
transmission on single link cannot satisfy the requirement. Therefore, multiple LSPs are
built, data is allocated to different links to be transmitted according to the size, and MPLS
load balancing is implemented.
MPLS VPN load balancing is divided into three parts,
l
l
l

LDP
VRF
MP-BGP

By means of the three configurations above, the multiple routes formed load balancing in
MPLS VPN outer layer, inner layer and CE side to perform the load balancing of multiple
links in private and public networks.
According to the two policies, flow-based and destination-based, load equation, directional
and link backup.

3-67
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

MPLS L3VPN LDP Load Sharing


Usually, a route only have one next-hop, that is the optimum route. However, a route
can have many next-hops by means of the special configuration. There are many LSPs
between two LSRs. In this case, LDP has load balancing function.
Figure 3-18 shows a simple load balancing network structure.
Figure 3-18 LDP Load Sharing Principle

There are two possible transmission paths between PE1 and PE2.
l
l

LSP1: PE1 > P1 > PE2


LSP2: PE1 > P2 > PE2

Usually, the data is only transmitted along one LSP, supposing it is LSP1. However, in
some special cases, such as bandwidth restriction, congestion and so on, LDP equates
the data traffic according to the rules, allocates the data to LSP2 for forwarding, thus to
realize LDP load balancing.
To realize LDP load sharing, it is not necessary to configure LDP, but related routing
protocols must support LDP load sharing. For details, refer to ZXR10 M6000-S
Configuration Guide (MPLS).

MPLS L3VPN VRF Load Sharing


MPLS L3VPN VRF load sharing is a policy that implements load balancing among multiple
links in VRF mode. Load sharing can be based on the source and destination addresses,
or based on a single packet.
Normally, the system load is shared among two or more resources. When some resource
fails, the remaining resources can take over the work of this resource, without interrupting
the communications.

MPLS L3VPN MPBGP Load Sharing


As shown in Figure 3-19, the traffic from R1 goes to the destination R2. In L3VPN
environment, the traffic coming from R1 respectively passes PE2 and PE3. That is, load
sharing is implemented on PE1. Thus, the load of downstream PEs can be alleviated,
and redundancy protection can be provided in case of equipment failures.
3-68
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Figure 3-19 Principles of MPLS L3VPN MPBGP Load Sharing

Load sharing needs some conditions: CE2 respectively notifies PE2 and PE3 of the same
route. PE2 and PE3 forward the route to PE1 and connect the VRF bound with R1 on
PE1. Load sharing is configured under the VRF cluster of the corresponding BGP. On PE1,
load-shared routes also need some conditions: The routes are received from neighbors of
the same AS. The routes have the same origin attribute, local priority attribute, and as-path
attribute.

3.6.2 Configuring MPLS L3VPN VRF Load-Sharing


This procedure describes how to configure MPLS L3VPN VRF loading sharing.

Steps
1. Configure the load sharing mode.
Step

Command

Function

ZXR10(config)#interface {<interface-name>|

Enters the interface configuration

byname <byname>}

mode.

ZXR10(config-if-interface-name)#ip

Configures the load sharing mode.

load-sharing [per-packet|per-destination]

per-packet: Load-shared traffic is forwarded based on packet.


per-destination: Load-shared traffic is forwarded based on destination.
2. Configure MPLS L3VPN VRF Load-Sharing.
l Configure static route Load-Sharing:

3-69
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Command

Function

ZXR10(config)#ip route vrf <vrf-name><ip-addres

Configures a static VRF route with

s><net-mask><next-hop address>[<1~255>| global |

load-sharing in the global mode on

tag<1~4294967295>]

PE.

<1~255>: The metric value of the destination route. Range: 1-255.


l

Configure RIP route Load-Sharing:


Step

Command

Function

ZXR10(config-rip)#address-family ipv4 vrf

Enters the "address-family IPv4

<vrf-name>

vrf" address family of the RIP


protocol.

ZXR10(config-rip-af)#maximum-paths

Configures load sharing under

<1~32>

the "address-family IPv4 vrf"


address family of the RIP
protocol on PE.

Configure BGP route Load-Sharing:


Step

Command

Function

ZXR10(config-bgp)#address-family ipv4 vrf

Enters the "address-family IPv4

<vrf-name>

vrf" address family of the BGP


protocol.

ZXR10(config-bgp-af-ipv4-vrf)#maximum-p

Configures load sharing under

aths[ibgp]<1~32>

the "address-family IPv4 vrf"


address family of the BGP
protocol on PE.

Configure IS-IS route Load-Sharing:


Command

Function

ZXR10(config-isis-process-id)#maximum-paths

Configures load sharing in the

<1~32>

routing mode of the VRF instance


of the IS-IS protocol on PE.

Configure OSPF route Load-Sharing:


Command

Function

ZXR10(config-ospf-process-id)#maximum-paths

Configures load sharing in the

<1~32>

routing mode of the VRF instance


of the OSPF protocol on PE.

3. Verify the configurations.


3-70
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Command

Function

ZXR10#show ip forwarding route vrf <vrf-nam

Indicates the route of specified VPN.

e>{[{<Network to display informatio>}[<Network


mask>{weak-match|exact-match}]]|[<Protocol name>]}

End of Steps

3.6.3 Configuring MPLS L3VPN MPBGP Load-Sharing


This procedure describes how to configure MPLS L3VPN MPBGP loading sharing.

Steps
1. Configure the load sharing mode.
Step

Command

Function

ZXR10(config)#interface {<interface-name>|

Enters the interface configuration

byname <byname>}

mode.

ZXR10(config-if-interface-name)#ip

Configures the load sharing mode.

load-sharing [per-packet | per-destination]

per-packet: Load-shared traffic is forwarded based on packet.


per-destination: Load-shared traffic is forwarded based on destination.
2. Configuring MPLS L3VPN MPBGP Load-Sharing.
Step

Command

Function

ZXR10(config)#router bgp <as-number>

Starts the BGP process and


specifies the ID of the AS that this
router is located.

Activates the IPv4 address family.

ZXR10 (config-bgp)#address-family ipv4 vrf

<vrf-name>
3

ZXR10(config-bgp-af-ipv4-vrf)#maximum-path

Configures load sharing under the


"address-family IPv4 vrf" address

s[ibgp]<1~32>

family of the BGP protocol on PE.

3. Verify the configurations.


Command

Function

ZXR10#show bgp vpnv4 unicast detail <VPN Route

Displays the detailed information about

Distinguisher><ip-address><mask>

a specified VPN route.

End of Steps
3-71
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

3.6.4 MPLS L3VPN Load Balancing Configuration Examples


3.6.4.1 Configuration Instance of MPLS L3VPN Public Network LDP Load Sharing
Configuration Description
Figure 3-20 shows an example of LDP load sharing configuration. There are two links
between R1 and R2.
Figure 3-20 Configuration Instance of MPLS L3VPN Public Network LDP Load Sharing

Take OSPF route load sharing as an example. The configuration on two routers is as
follows:
Router

Interface and Address

Interface and Address

Loopback Interface
and Address

R1

gei-0/1/0/1 1.1.1.1/24

gei-0/1/0/3 2.2.2.2/24

loopback1 4.4.4.4

R2

gei-0/1/0/1 1.1.1.2/24

gei-0/1/0/3 2.2.2.3/24

loopback1 5.5.5.5

Configuration Flow
1. Configure the interface addresses on each LSR.
2. Configure the local OSPF rule on two LSRs.
3. Configure the MPLS LDP function, and add related interfaces to LDP.

Configuration Command
The configuration on R1 is as follows:
R1(config)#interface gei-0/1/0/1
R1(config-if-gei-0/1/0/1)#no shutdown
R1(config-if-gei-0/1/0/1)#ip address 1.1.1.1 255.255.255.0
R1(config-if-gei-0/1/0/1)#exit
R1(config)#interface gei-0/1/0/3
R1(config-if-gei-0/1/0/3)#no shutdown
R1(config-if-gei-0/1/0/3)#ip address 2.2.2.2 255.255.255.0
R1(config-if-gei-0/1/0/3)#exit
R1(config)#interface loopback1
R1(config-if-loopback1)#ip address 4.4.4.4

255.255.255.255

R1(config-if-loopback1)#exit

R1(config)#router ospf 1
R1(config-ospf-1)#router-id 4.4.4.4
R1(config-ospf-1)#network 4.4.4.4

0.0.0.0 area 0

3-72
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


R1(config-ospf-1)#network 1.1.1.0 0.0.0.255 area 0
R1(config-ospf-1)#network 2.2.2.0 0.0.0.255 area 0
R1(config-ospf-1)#maximum-paths 2
R1(config-ospf-1)#exit

R1(config)#mpls ldp instance 1


R1(config-ldp-1)#router-id loopback1
R1(config-ldp-1)#interface gei-0/1/0/1
R1(config-ldp-1-if-gei-0/1/0/1)#exit
R1(config-ldp-1)#interface gei-0/1/0/3
R1(config-ldp-1-if-gei-0/1/0/3)#exit
R1(config-ldp-1)#exit

The configuration on R2 is as follows:


R2(config)#interface gei-0/1/0/1
R2(config-if-gei-0/1/0/1)#no shutdown
R2(config-if-gei-0/1/0/1)#ip address 1.1.1.2 255.255.255.0
R2(config-if-gei-0/1/0/1)#exit
R2(config)#interface gei-0/1/0/3
R2(config-if-gei-0/1/0/3)#no shutdown
R2(config-if-gei-0/1/0/3)#ip address 2.2.2.3 255.255.255.0
R2(config-if-gei-0/1/0/3)#exit
R2(config)#interface loopback1
R2(config-if-loopback1)#ip address 5.5.5.5 255.255.255.255
R2(config-if-loopback1)#exit

R2(config)#router ospf 1
R2(config-ospf-1)#router-id 5.5.5.5
R2(config-ospf-1)#network 1.1.1.0 0.0.0.255 area 0
R2(config-ospf-1)#network 2.2.2.0 0.0.0.255 area 0
R2(config-ospf-1)#network 5.5.5.5 0.0.0.0 area 0
R2(config-ospf-1)#exit

R2(config)#mpls ldp instance 1


R2(config-ldp-1)#interface gei-0/1/0/1
R2(config-ldp-1-if-gei-0/1/0/1)#exit
R2(config-ldp-1)#interface gei-0/1/0/3
R2(config-ldp-1-if-gei-0/1/0/3)#exit
R2(config-ldp-1)#router-id loopback1
R2(config-ldp-1)#exit

Now, route load balancing has been realized. Next, create evenly loaded LSP links for
LDP load balancing.

3-73
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Configuration Verification
Check the route forwarding table on R1:
R1(config)#show ip forwarding route 5.5.5.5
IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
status codes: *valid, >best
Dest

Gw

Interface

Owner

Pri Metric

*>5.5.5.5/32

2.2.2.3

gei-0/1/0/3

OSPF

110

*>5.5.5.5/32

1.1.1.2

gei-0/1/0/1

OSPF

110

At the end of the route forwarding table, it can be seen that there are two next hops for the
destination (destination address: 5.5.5.5, mask: 255.255.255.255):
l
l

Through interface gei-0/1/0/3 to 2.2.2.3


Through interface gei-0/1/0/1 to 1.1.1.2

Run the show mpls forwarding-table command on R1:


R1(config)#show mpls forwarding-table 5.5.5.5
Local

Outgoing

Prefix or
Tunnel Id

Outgoing

Next Hop

M/S

label

label

16402

Poptag

5.5.5.5/32

gei-0/1/0/3

interface
2.2.2.3

16402

Poptag

5.5.5.5/32

gei-0/1/0/1

1.1.1.2

It can be seen that there are two next hops in the label forwarding table for the network
segment of the destination (destination address: 5.5.5.5, mask: 255.255.255.255). This
means that there are two sessions between the local and remote ends for the FEC of this
network segment. That is, there are two LSPs. These two LSPs are the two next hops
displayed with the show ip forwarding route command.
Now, load balancing has been realized. You can view the MPLS load sharing information
through interface traffic statistics.

3.6.4.2 Configuration Instance of MPLS L3VPN VRF Load Sharing


Configuration Description
Establish the L3VPN environment as shown in Figure 3-21.

3-74
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Figure 3-21 Configuration Instance of MPLS L3VPN VRF Load Sharing

The VRF named "zte" exists on PE1 and PE2. RD is 1:1, and RT is 1:1. The interfaces
gei-/1/0/2, gei-/1/0/4, and gei-/1/0/5 are all bound with VRF zte. The interface addresses
are configured as follows:
Router

Interface

Address

PE1

gei-0/1/0/2

10.1.1.2/24

gei-0/1/0/4

10.1.2.2/24

gei-0/1/0/1

10.1.1.1/24

gei-0/1/0/3

10.1.2.1/24

PE2

gei-0/1/0/5

10.1.3.1/24

CE2

gei-0/1/0/6

10.1.3.2/24

CE1

Configuration Flow
1. Bound the interfaces gei-0/1/0/2, gei-0/1/0/4, and gei-0/1/0/5 to VRF zte.
2. Establish IGP neighbor and LDP neighbor respectively between PE1 and P and
between P and PE2. Notify each other of the loopback address.
3. Establish MPBGP neighbor between PE1 and PE2 by using the loopback address.
4. Configure VRF load sharing on the interfaces gei-0/1/0/1, gei-0/1/0/2, gei-0/1/0/3, and
gei-0/1/0/4. Configure the load sharing commands in VRF mode.

Configuration Command
1. Establish OSPF neighbor between CE1 and PE1.
The configuration on CE1 is as follows:
CE1(config)#interface loopback1
CE1(config-if-loopback1)#ip address 20.1.1.1 255.255.255.255
CE1(config-if-loopback1)#exit

CE1(config)#router ospf 10
CE1(config-ospf-10)#network 10.1.1.0 0.0.0.255 area 0
CE1(config-ospf-10)#network 10.1.2.0 0.0.0.255 area 0

3-75
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


CE1(config-ospf-10)#network 20.1.1.1 0.0.0.0 area 0
CE1(config-ospf-10)#exit

The configuration on PE1 is as follows:


PE1(config)#router ospf 10 vrf zte
PE1(config-ospf-10)#network 10.1.1.0 0.0.0.255 area 0
PE1(config-ospf-10)#network 10.1.2.0 0.0.0.255 area 0
PE1(config-ospf-10)#redistribute bgp-int
PE1(config-ospf-10)#exit

Re-allocate OSPF routes and directly-connected routes in IPv4 vrf mode of BGP on
PE1:
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf zte
PE1(config-bgp-af-ipv4-vrf)#redistribute ospf-int 10
PE1(config-bgp-af-ipv4-vrf)#redistribute connect
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#exit

Configure load sharing in VRF mode on PE1:


PE1(config)#router ospf 10 vrf zte
PE1(config-ospf-10)#maximum-paths 2
PE1(config-ospf-10)#exit

2. Establish OSPF neighbor between CE1 and PE2.


The configuration on CE2 is as follows:
CE2(config)#router ospf 10
CE2(config-ospf-10)#network 10.1.3.0 0.0.0.255 area 0
CE2(config-ospf-10)#exit

The configuration on PE2 is as follows:


PE2(config)#router ospf 10 vrf zte
PE2(config-ospf-10)#network 10.1.3.0 0.0.0.255 area 0
PE2(config-ospf-10)#redistribute bgp-int
PE2(config-ospf-10)#exit

Re-allocate directly-connected routes in IPv4 vrf mode of BGP on PE2:


PE2(config)#router bgp 100
PE2(config-bgp)#address-family ipv4 vrf zte
PE2(config-bgp-af-ipv4-vrf)#redistribute connect
PE2(config-bgp-af-ipv4-vrf)#exit
PE2(config-bgp)#exit

3. Configure load sharing on the interfaces gei-0/1/0/1, gei-0/1/0/2, gei-0/1/0/3, and


gei-0/1/0/4.
The configuration on CE1 is as follows:
CE1(config)#interface gei-0/1/0/1

3-76
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


CE1(config-if-gei-0/1/0/1)#no shutdown
CE1(config-if-gei-0/1/0/1)#ip load-sharing per-packet
CE1(config-if-gei-0/1/0/1)#exit
CE1(config)#interface gei-0/1/0/3
CE1(config-if-gei-0/1/0/3)#no shutdown
CE1(config-if-gei-0/1/0/3)#ip load-sharing per-packet
CE1(config-if-gei-0/1/0/3)#exit

The configuration on PE1 is as follows:


PE1(config)#interface gei-0/1/0/2
PE1(config-if-gei-0/1/0/2)#no shutdown
PE1(config-if-gei-0/1/0/2)#ip load-sharing per-packet
PE1(config-if-gei-0/1/0/2)#exit
PE1(config)#interface gei-0/1/0/4
PE1(config-if-gei-0/1/0/4)#no shutdown
PE1(config-if-gei-0/1/0/4)#ip load-sharing per-packet
PE1(config-if-gei-0/1/0/4)#exit

Configuration Verification
On PE1, run the show ip protocol routing vrf zte command to view the related information.
You can see two routes (IP address: 20.1.1.1; subnet mask: 255.255.255.255), of which
CE1 notifies PE1. Both routes are assigned with labels:
PE1#show ip protocol routing vrf zte
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale
Dest

NextHop

Intag

Outtag

RtPrf

Protocol

*>

20.1.1.1/32

10.1.1.1

163840

notag

110

OSPF

*>

20.1.1.1/32

10.1.2.1

163840

notag

110

OSPF

3.6.4.3 Configuration Instance of MPLS L3VPN MPBGP Load Sharing


Configuration Description
As shown in Figure 3-22, PE1 establishes L3VPN respectively with PE2 and PE3.

3-77
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Figure 3-22 Network Structure of MPLS L3VPN MPBGP Load Sharing Configuration
Example

Configuration Flow
1. PE1 establishes L3VPN respectively with PE2 and PE3.
2. CE2 establishes OSPF neighbour respectively with the VRF access interfaces of PE2
and PE3. CE2 establishes OSPF neighbour with R2.
3. Re-distribute OSPF respectively under the VRF address clusters of PE2 and PE3.
4. Configure IBGP load sharing in the VRF of PE1.

Configuration Command
For the configuration of OSPF and LDP between PEs, refer to the following commands.
The configuration of PE1 is as follows:
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 172.20.96.2 255.255.255.255
PE1(config-if-loopback1)#exit

PE1(config)#ip vrf zte


PE1(config-vrf-zte)#rd 1:50
PE1(config-vrf-zte)#route-target both 1:50
PE1(config-vrf-zte)#address-family ipv4
PE1(config-vrf-zte-af-ipv4)#exit
PE1(config-vrf-zte)#exit

PE1(config)#router bgp 18004


PE1(config-bgp)#neighbor 172.20.96.1 remote-as 18004
PE1(config-bgp)#neighbor 172.20.96.1 update-source loopback1
PE1(config-bgp)#neighbor 172.20.108.2 remote-as 18004
PE1(config-bgp)#neighbor 172.20.108.2 update-source loopback1
PE1(config-bgp)#address-family vpnv4

3-78
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


PE1(config-bgp-af-vpnv4)#neighbor 172.20.96.1 activate
PE1(config-bgp-af-vpnv4)#neighbor 172.20.108.2 activate
PE1(config-bgp-af-vpnv4)#exit
PE1(config-bgp)#address-family ipv4 vrf zte
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#maximum-paths ibgp 2
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#exit

PE1(config)#interface gei-0/5/1/10
PE1(config-if-gei-0/5/1/10)#no shutdown
PE1(config-if-gei-0/5/1/10)#ip vrf forwarding zte
PE1(config-if-gei-0/5/1/10)#ip address 202.10.10.61 255.255.255.0
PE1(config-if-gei-0/5/1/10)#exit

The configuration on PE2 is as follows:


PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 172.20.96.1 255.255.255.255
PE2(config-if-loopback1)#exit

PE2(config)#ip vrf zte


PE2(config-vrf-zte)#rd 1:50
PE2(config-vrf-zte)#route-target both 1:50
PE2(config-vrf-zte)#address-family ipv4
PE2(config-vrf-zte-af-ipv4)#exit
PE2(config-vrf-zte)#exit

PE2(config)#router bgp 18004


PE2(config-bgp)#neighbor 172.20.96.2 remote-as 18004
PE2(config-bgp)#neighbor 172.20.96.2 update-source loopback1
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 172.20.96.2 activate
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#address-family ipv4 vrf zte
PE2(config-bgp-af-ipv4-vrf)#redistribute ospf-int 100
PE2(config-bgp-af-ipv4-vrf)#exit
PE2(config-bgp)#exit

PE2(config)#interface gei-0/5/0/3
PE2(config-if-gei-0/5/0/3)#no shutdown
PE2(config-if-gei-0/5/0/3)#ip vrf forwarding zte
PE2(config-if-gei-0/5/0/3)#ip address 200.1.1.60 255.255.255.0
PE2(config-if-gei-0/5/0/3)#exit

PE2(config)#router ospf 100 vrf zte

3-79
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE2(config-ospf-100)#network 200.1.1.0 0.0.0.255 area 0
PE2(config-ospf-100)#exit

The configuration on PE3 is as follows:


PE3(config)#interface loopback1
PE3(config-if-loopback1)#ip address 172.20.108.2 255.255.255.255
PE3(config-if-loopback1)#exit

PE3(config)#ip vrf zte


PE3(config-vrf-zte)#rd 1:50
PE3(config-vrf-zte)#route-target both 1:50
PE3(config-vrf-zte)#address-family ipv4
PE3(config-vrf-zte-af-ipv4)#exit
PE3(config-vrf)#exit

PE3(config)#router

bgp 18004

PE3(config-bgp)#neighbor 172.20.96.2 remote-as 18004


PE3(config-bgp)#neighbor 172.20.96.2 update-source loopback1
PE3(config-bgp)#address-family vpnv4
PE3(config-bgp-af-vpnv4)#neighbor 172.20.96.2 activate
PE3(config-bgp-af-vpnv4)#exit
PE3(config-bgp)#address-family ipv4 vrf zte
PE3(config-bgp-af-ipv4-vrf)#redistribute ospf-int 100
PE3(config-bgp-af-ipv4-vrf)#exit
PE3(config-bgp)#exit

PE3(config)#interface gei-0/0/0/1
PE3(config-if-gei-0/0/0/1)#no shutdown
PE3(config-if-gei-0/0/0/1)#ip vrf forwarding zte
PE3(config-if-gei-0/0/0/1)#ip address 100.1.1.63 255.255.255.0
PE3(config-if-gei-0/0/0/1)#exit

PE3(config)#router ospf 100 vrf zte


PE3(config-ospf-100)#network 100.1.1.0 0.0.0.255 area 0
PE3(config-ospf-100)#exit

The configuration on CE2 is as follows:


CE2(config)#interface gei-0/5/0/10
CE2(config-if-gei-0/5/0/10)#no shutdown
CE2(config-if-gei-0/5/0/10)#ip address 192.1.1.64 255.255.255.0
CE2(config-if-gei-0/5/0/10)#exit
CE2(config)#interface gei-0/0/0/1
CE2(config-if-gei-0/0/0/1)#no shutdown
CE2(config-if-gei-0/0/0/1)#ip address 100.1.1.64 255.255.255.0
CE2(config-if-gei-0/0/0/1)#exit

3-80
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


CE2(config)#interface gei-0/0/0/3
CE2(config-if-gei-0/0/0/3)#no shutdown
CE2(config-if-gei-0/0/0/3)#ip address 200.1.1.64 255.255.255.0
CE2(config-if-gei-0/0/0/3)#exit

CE2(config)#router ospf 1
CE2(config-ospf-1)#network 100.1.1.0 0.0.0.255 area 0.0.0.0
CE2(config-ospf-1)#network 200.1.1.0 0.0.0.255 area 0.0.0.0
CE2(config-ospf-1)#network 192.1.1.0 0.0.0.255 area 0.0.0.0
CE2(config-ospf-1)#exit

Configuration Verification
On PE1, Run the show ip protocol routing vrf command to view the related information:
PE1(config)#show ip protocol routing vrf zte network 192.1.1.0
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale
Dest

NextHop

Intag

Outtag

RtPrf

Protocol

*>

192.1.1.0/24

172.20.108.2

213003

229125

200

BGP-INT

*>

192.1.1.0/24

172.20.96.1

213003

212998

200

BGP-INT

Now, BGP has assigned labels for these routes.


PE1(config)#show ip forwarding route vrf zte 192.1.1.65
IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
Status codes: *valid, >best;
Dest

Gw

Interface

Owner

Pri Metric

192.1.1.0/24

172.20.108.2

gei-0/2/0/2

BGP

200 3

192.1.1.0/24

172.20.96.1

gei-0/2/0/3

BGP

200 3

PE1(config)#show bgp vpnv4 unicast


Status codes: *valid, >best, i-internal, s-stale
Origin codes: i-IGP, e-EGP, ?-incomplete
Network

Next Hop

Metric

Locprf

Path

3-81
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


Route Distinguisher: 1:50 (default for vrf zte)
*>i

192.1.1.0/24

172.20.108.2

100

200

*>i

192.1.1.0/24

172.20.96.1

100

200

MPBGP have learned the VPN routes to the two remote PEs. If the following attributes
are the same, an load-shared equivalent routes can be created:
l
l
l
l

AS ID
origin
local-pref
AS-path

PE1(config)#show bgp vpnv4 unicast detail 1:50 192.1.1.0 255.255.255.0


BGP routing table entry for 1:50:192.1.1.0/24
01:38:07 received from 172.20.108.2 (172.20.108.2)
origin ?,nexthop 172.20.108.2,metric 3,localpref 100, rtpref 200,best,
as path
as4 path
extended Community:RT:1:50
received label
220712
01:38:06 received from 172.20.96.1 (172.20.96.1)
origin ?,nexthop 172.20.96.1,metric 3,localpref 100, rtpref 200,best,
as path
as4 path
extended Community:RT:1:50
received label
212998

3.7 Configuring MPLS L3VPN Crossing Several ASs


3.7.1 MPLS L3VPN Crossing Several ASs Overview
While MPLS L3VPN solutions are being widely used, different MANs of domestic carriers
or the backbone networks of different coordinating carriers may cross different autonomous
systems (ASs).
The common MPLS L3VPN architecture is used within a single AS. Any VPN routing
information can only be spread as required within the AS, and it cannot be spread to
other ASs. To support VPN routing information switching among carriers, we need to
extend the existing protocol and amend the existing MPLS L3VPN architecture to provide
an interconnection model different from the basic MPLS L3VPN architecture. This model
is called Inter-AS MPLS L3VPN. In this model, route prefixes and label information can be
distributed through the links of different carriers.
At present there are three inter-AS VPN solutions:

3-82
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

l
l

Inter-AS VPN (Option A): The VPN crossing different ASs manages its own
VPN routes between ASBRs through a dedicated interface. This is also called
"VRF-to-VRF".
Inter-AS VPN (Option B): Label VPN-IPv4 routes are distributed between ASBRs
through MP-EBGP.
Inter-AS VPN (Option C): VPN-IPv4 routes are distributed between PEs through Multi-hop MP-EBGP.

3.7.1.1 MPLS L3VPN Crossing Several ASs (Option A)


Introduction
In BGP MPLS L3VPN, Option A's features are as follows:
l
l
l

LSPs of both public and private networks are broken.


ASBR treats the remote AS as CE.
Data packets encapsulated and transferred between ASBRs are IP packets.

Option A uses the VRF-to-VRF mode. There is no label encapsulation between CE and
PE, and only IP packets are transferred between them. Similar to the interface between a
regular PE and CE, the interconnection interface between ASBR and PE should be bound
to VRF.

Label Distribution
As shown in Figure 3-23, the upper part shows the route and label distribution flow, and
the lower part illustrates the data packet forwarding and encapsulating flow.
Figure 3-23 Principles of MPLS L3VPN Crossing Several ASs (Option A)

The loopback addresses of routers are as follows:


Router

Loopback Address

PE1

100.100.100.1/32
3-83

SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Router

Loopback Address

P1

100.100.100.2/32

ASBR-PE1

100.100.100.3/32

ASBR-PE2

200.200.200.3/32

P2

200.200.200.2/32

PE2

200.200.200.1/32

The private network label distribution flow is as follows:


l
l
l
l

Data transfer direction: CE2->CE1


Label distribution direction: CE1->CE2
The private network IP address of CE1 is 1.1.1.1. From CE1 to ASBR-PE1, the private
network route is pushed to MPLS L3VPN of AS1.
From PE1 to ASBR-PE1, the private network route and label are announced to IBGP's
peer ASBR-PE1 through MP-IBGP, and the next hop is PE1. Therefore, the private
label is transferred from PE1 to ASBR-PE1. Meanwhile, for the loopback address of
PE1, public network labels on the path from PE1 to ASBR-PE1 are assigned for each
hop through LDP.
From ASBR-PE1 to ASBR-PE2, the route 1.1.1.1 is like from a regular PE to CE.
The next hop is ASBR-PE1. The IGP protocol can be used. As ASBR-PE1 considers
ASBR-PE2 as one of CEs, private network and public network labels are not assigned.
From ASBR-PE2 to PE2, ASBR-PE2 assumes that CE receives a VPN route. So,
ASBR-PE2 transfers the private network route and the assigned private network label
to PE2 through MP-BGP, and changes the next hop to ASBR-PE2. Meanwhile, for the
loopback address of ASBR-PE2, public network labels on the path from ASBR-PE2
to PE2 are assigned for each hop through LDP.
From PE2 to CE2, the route 1.1.1.1 is like a VPN route from a regular PE to CE.

Data Forwarding
According to the label distribution flow as shown in Figure 3-23, the data packet
encapsulating and forwarding flow from CE2 to CE1 is as follows:
l
l

l
l

From CE2 to PE2, an IP packet is transferred.


From PE2 to ASBR-PE2, the destination address 1.1.1.1 is looked up against the
private network label forwarding table of AS2, and it is found that the next hop is the
loopback address of ASBR-PE2. Therefore, a layer-2 label is encapsulated. The
public network label is popped on the penultimate hop of P2, and the private network
label is terminated on ASBR-PE2.
From ASBR-PE2 to ASBR-PE1, ASBR-PE2 considers that the next hop is CE. So,
the private network label is popped and the IP packet is directly forwarded.
From ASBR-PE1 to PE1, the destination address 1.1.1.1 is looked up against the
private network label forwarding table of AS1, and it is found that the next hop is the
loopback address of PE1. Therefore, a layer-2 label is encapsulated. The public

3-84
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

network label is popped on the penultimate hop of P1, and the private network label
is terminated on PE1.
From PE1 to CE1, the private network label is popped, and the IP packet is forwarded
to CE1.

3.7.1.2 MPLS L3VPN Crossing Several ASs (Option B)


Introduction
In BGP MPLS L3VPN, Option B's features are as follows:
l
l
l

LSP of the public network is broken, but LSP of the private network is connected.
As private network LSP changes next hops, private network label swapping is
required.
Data packets encapsulated and transferred between ASBRs are "private network
labels + IP packets".

Obviously, to distribute private network labels, MP-BGP must be enabled between


ASBR-PE routers, and a complete private network label forwarding table (including
incoming labels and outgoing labels) must be created on ASBR-PE routers.

Label Distribution
As shown in Figure 3-24, the upper part shows the route and label distribution flow, and
the lower part illustrates the data packet forwarding and encapsulating flow.
Figure 3-24 Principles of MPLS L3VPN Crossing Several ASs (Option B)

The loopback addresses of routers are as follows:


Router

Loopback Address

PE1

100.100.100.1/32

P1

100.100.100.2/32
3-85

SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Router

Loopback Address

ASBR-PE1

100.100.100.3/32

ASBR-PE2

200.200.200.3/32

P2

200.200.200.2/32

PE2

200.200.200.1/32

The private network label distribution flow is as follows:


l
l
l
l

Data tranfer direction: CE2->CE1


Label distribution direction: CE1->CE2
The private network IP address of CE1 is 1.1.1.1. From CE1 to ASBR-PE1, the private
network route goes to MPLS L3VPN of AS1.
From PE1 to ASBR-PE1, the private network route and label are announced to IBGP's
peer ASBR-PE1 through MP-IBGP, and the next hop is PE1. Therefore, the private
label is transferred from PE1 to ASBR-PE1. Meanwhile, for the loopback address of
PE1, public network labels on the path from PE1 to ASBR-PE1 are assigned for each
hop through LDP.
From ASBR-PE1 to ASBR-PE2 along the route to the destination address 1.1.1.1,
MP-EBGP neighbor is established between ASBR-PE1 and ASBR-PE2. Therefore,
ASBR-PE1 distributes the VPN route to the destination address 1.1.1.1 to ASBR-PE2.
This is different from Option A. When distributing the VPN route to ASBR-PE2,
ASBR-PE1 assigns a private network label for the route (because the public network
next hop of this route is changed from PE1 to ASBR-PE1). Now, for the private
network LSP whose destination address is 1.1.1.1, the outgoing label is assigned
by PE1, and the incoming label is assigned to ASBR-PE2 by ASBR-PE1. Hence, a
complete private network LSP is created on ASBR-PE1.
From ASBR-PE2 to PE2 along the route to the destination address 1.1.1.1,
ASBR-PE2 transfers the private network route and assigned private network label
to PE2 through MP-IBGP, and changes the public network next hop of this private
network route to ASBR-PE2 (The change is optional. This document only describes
the case of changing the next hop.) Now, on ASBR-PE2, the outgoing label is
assigned by ASBR-PE1, and the incoming label is assigned to PE2 by ASBR-PE2.
Hence, a complete private network LSP is created on ASBR-PE2. Meanwhile, for the
loopback address of ASBR-PE2, public network labels on the path from ASBR-PE2
to PE2 are assigned for each hop through LDP.
From PE2 to CE2, the private network route 1.1.1.1 is like a VPN route from a regular
PE to CE.

Data Forwarding
According to the label distribution flow as shown in Figure 3-24, the data packet
encapsulating and forwarding flow from CE2 to CE1 is as follows:
l

From CE2 to PE2, an IP packet is transferred.

3-86
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

From PE2 to ASBR-PE2, the destination address 1.1.1.1 is looked up against the
private network label forwarding table of AS2, and it is found that the next hop is the
loopback address of ASBR-PE2. Therefore, a layer-2 label is encapsulated. The
public network label is popped on the penultimate hop of P2, and the private network
label assigned by ASBR-PE2 is terminated on ASBR-PE2.
From ASBR-PE2 to ASBR-PE1, ASBR-PE2 looks up the label forwarding table, and
then swaps private network labels according to the incoming and outgoing labels.
Therefore, on ASBR-PE2, the private network label assigned by ASBR-PE2 is popped
and the private network label assigned by ASBR-PE1 is pushed. The next hop is the
directly-connected ASBR-PE1, so there is no need to push any public network lable.
The IP packet with a layer-1 private network label is forwarded.
From ASBR-PE1 to PE1, the destination address 1.1.1.1 is looked up against
the private network label forwarding table of AS1, and then private network label
swapping is performed according to the incoming and outgoing labels. Therefore,
on ASBR-PE1, the private network label assigned by ASBR-PE1 is popped and
the private network label assigned by PE1 is pushed. Now, the next hop obtained
from the private network label forwarding table is the loopback address of PE1.
Therefore, a layer-2 label is encapsulated. The public network label is popped on the
penultimate hop of P1, and the private network label is terminated on PE1.
From PE1 to CE1, the private network label is popped. Then the IP packete is
forwarded to CE1.

3.7.1.3 MPLS L3VPN Crossing Several ASs (Option C)


Introduction
In BGP MPLS L3VPN, Option C's features are as follows:
l

l
l
l

LSPs of the public network are connected, and LSPs of the private network are also
connected. The private network transfers private network routes and labels through
MP-EBGP.
Due to end-to-end transfer, the next hop of a private network route does not change.
Therefore, private network labels are not swapped.
In the AS of the peer side, public network route information needs to be transferred
"between PEs that only transfers public network host route information".
Data packets encapsulated and transferred between ASBRs are "public network
labels + private network labels + IP packets".

Label Iteration
To transfer desired public network route information between specified routers, BGP4+ is
used. In addition, extended BGP is used to assign public network labels for this route, so
as to ensure the continuity of the public network LSP.
As shown in Figure 3-25, the next hop of the private network route within AS2 is PE1, which
is generated by BGP LSP. The next hop of BGP LSP is ASBR-PE2, which is considered
by PE2 as a non-directly connected route of BGP. Therefore, although ASBR-PE2 assigns
3-87
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

BGP LSP public network labels for the loopback address of PE1, route iteration is needed
for the non-directly connected route to find the reachable IGP route to the next hop. In
addition, label forwarding is needed throughout the network, so IGP routes also use LDP
label forwarding. As a result, an LDP LSP label is pushed outside the BGP LSP label. This
is label iteration caused by route iteration.
Figure 3-25 Label Iteration Principles of MPLS L3VPN Crossing Several ASs (Option C)

Label Distribution
As shown in Figure 3-26, the upper part shows the route and label distribution flow, and
the lower part illustrates the data packet forwarding and encapsulating flow.
Figure 3-26 Label Distribution Principles of MPLS L3VPN Crossing Several ASs
(Option C)

The private network label distribution flow is the same as the regular L3VPN label
distribution flow. The public network label distribution flow is as follows:
3-88
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

l
l

l
l

From CE1 to ASBR-PE1 along the private network route to the destination address
1.1.1.1, the private network route is pushed to MPLS L3VPN of AS1.
The private network route is announced by PE1 to PE2. The next hop is PE1, and the
label distribution protocol is MP-EBGP. PE1 transfers the private network route and
private network label to PE2. It is required to establish a public network LSP for the
loopback address of PE1 throughout the network.
For the loopback address of PE1, public network labels on the path from PE1 to
ASBR-PE1 are assigned for each hop through LDP.
From ASBR-PE1 to ASBR-PE2, ASBR-PE1 announces the loopback address of
PE1 in Network mode through EBGP, and the next hop is changed to ASBR-PE1.
As extended BGP is used, public network labels are assigned when the route
information is announced. MP-EBGP assigns "public network route + label", and
the label is distributed to the MPLS label forwarding table. On ASBR-PE1, for the
loopback address of PE1, the outgoing label is the lDP label assigned by P1, and the
incoming label is the BGP LSP label assigned by ASBR-PE1. Hence, LDP LSP and
BGP LSP are connected on ASBR-PE1.
From ASBR to PE2, ASBR-PE2 needs to change the next hop of the loopback
address of PE1 to this router. Then, ASBR-PE2 distributes the route information to
PE2 through IBGP. Meanwhile, ASBR-PE2 assigns a BGP LSP label "inter-AS to-PE
public network route + label".
The loopback address of ASBR-PE2 is in AS2. Therefore, a label is assigned to the
loopback address of ASBR-PE2 through LDP, using the IGP route.

Data Forwarding
As shown in Figure 3-26, the data forwarding flow is as follows:
l
l

From CE2 to PE2, an IP packet is transferred.


From PE2 to ASBR-PE2: When the IP packet whose destination is CE1 arrives on
PE2, private network route lookup is performed, and it is found that the next hop is the
loopback address of ASBR-PE2 within the same AS. This address is distributed with
labels by ASBR-PE2 through IBGP. So, PE2 pushes a private network label assigned
by PE1 first, and then pushes a BGP public network label for ASBR-PE2. As the
next hop ASBR-PE2 of IBGP is not directly connected, a public network IGP route to
ASBR-PE2 is found based on BGP iteration. The label of this IGP route is assigned
by LDP. So, it is needed to push an LDP public network label to the packet.
From ASBR-PE2 to ASBR-PE1: When the packet arrives on ASBR-PE2, the external
LDP public network label is popped due to penultimate hop popping. According to the
previously established label forwarding route, the next hop to the loopback address
of PE1 is changed to ASBR-PE1. According to the label forwarding routing table,
public network label swapping is performed. That is, the BGP LSP label assigned by
ASBR-PE2 is popped, and the BGP LSP label assigned by ASBR-PE1 is pushed.
When the packet arrives on ASBR-PE1, the next hop to the loopback address of PE1
is changed to PE1. According to the label forwarding routing table, public network
label swapping is performed again. On ASBR-PE1, the label assigned by BGP is
popped, and the label assigned by LDP is pushed.
3-89

SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

The subsequent forwarding process is the same as the regular L3VPN forwarding
process.

3.7.2 Configuring MPLS L3VPN Crossing Several ASs


This procedure describes how to configure MPLS L3VPN crossing several ASs.

Steps
1. Configure MPLS L3VPN Crossing Several ASs.
For details, refer to the "Configuring MPLS L3VPN" section.
2. Verify the configurations.
For details, refer to the "Configuring MPLS L3VPN" section.
End of Steps

3.7.3 MPLS L3VPN Crossing Several ASs Configuration Examples


3.7.3.1 Configuration Instance of MPLS L3VPN Crossing Several ASs (Option A)
Configuration Description
As shown in Figure 3-27, a customer has two sites: site 1 and site 2. They need to be
connected through VPN. However, site 1 connects AS100, and site 2 connects AS200.
Both sites provide MPLS VPN. To realize the MPLS VPN connectivity between the two
sites, we can use MPLS L3VPN crossing several ASs (Option A). This is the simplest way
to realize inter-AS VPN.
Figure 3-27 Configuration Instance MPLS L3VPN Crossing Several ASs (Option A)

Configuration Flow
1. PE1, PE2, PE3, and PE4 all have VPN1. Set RD and RT both to 1:1.
2. Establish LDP, IGP, and MP-IBGP neighbors between PE1 and PE2 and between PE3
and PE4. Announce loopback addresses through the IGP protocol.
3-90
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

3. There is a back-to-back vrf between two ASBRs. The EBGP is established through
the vrf interface.

Configuration Command
1. Add the interconnection interface between PE1 and CE1 into VPN1. Between PE1
and CE1, EBGP is used.
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn1
PE1(config-bgp-af-ipv4-vrf)#neighbor 100.1.1.2 remote-as 65000
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#exit

2. Between PE1 and PE2, establish MP-IBGP respectively with Loopback1 addresses
1.2.3.4 and 2.3.4.5.
PE1(config)#router bgp 100
PE1(config-bgp)#neighbor 2.3.4.5

remote-as 100

PE1(config-bgp)#neighbor 2.3.4.5 update-source loopback1


PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 2.3.4.5 activate
PE1(config-bgp-af-vpnv4)#exit
PE1(config-bgp)#exit

PE2(config)#router bgp 100


PE2(config-bgp)#neighbor 1.2.3.4 remote-as 100
PE2(config-bgp)#neighbor 1.2.3.4 update-source loopback1
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 1.2.3.4 activate
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#exit

3. Add the interconnection interface between PE4 and CE2 into VPN1. Between PE4
and CE2, EBGP is used.
PE4(config)#router bgp 200
PE4(config-bgp)#address-family ipv4 vrf vpn1
PE4(config-bgp-af-ipv4-vrf)#neighbor 200.1.1.2 remote-as 65000
PE4(config-bgp-af-ipv4-vrf)#exit
PE4(config-bgp)#exit

Between PEs, IPv4 and VPNv4 capabilities are available.


4. Between PE3 and PE4, establish MP-IBGP respectively with Loopback1 addresses
3.4.5.6 and 4.5.6.7.
PE3(config)#router bgp 200
PE3(config-bgp)#neighbor 4.5.6.7 remote-as 200
PE3(config-bgp)#neighbor 4.5.6.7 update-source loopback1
PE3(config-bgp)#address-family vpnv4
PE3(config-bgp-af-vpnv4)#neighbor 4.5.6.7 activate
PE3(config-bgp-af-vpnv4)#exit

3-91
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE3(config-bgp)#exit

PE4(config)#router bgp 200


PE4(config-bgp)#neighbor 3.4.5.6 remote-as 200
PE4(config-bgp)#neighbor 3.4.5.6

update-source loopback1

PE4(config-bgp)#address-family vpnv4
PE4(config-bgp-af-vpnv4)#neighbor 3.4.5.6

activate

PE4(config-bgp-af-vpnv4)#exit
PE4(config-bgp)#exit

5. In address-family ipv4 vrf vpn1 mode of BGP, PE2 specifies PE3 as EBGP neighbor.
Here, the address of MPEBGP is 150.3.2.3:
PE2(config)#router bgp 100
PE2(config-bgp)#address-family ipv4 vrf vpn1
PE2(config-bgp-af-ipv4-vrf)#neighbor 150.3.2.3 remote-as 200
PE2(config-bgp-af-ipv4-vrf)#exit
PE2(config-bgp)#exit

6. Add the interconnection interface between PE3 and PE2 into VPN1.
PE3(config)#interface gei-0/1/0/2
PE3(config-if-gei-0/1/0/2)#no shutdown
PE3(config-if-gei-0/1/0/2)#ip vrf forwarding vpn1
PE3(config-if-gei-0/1/0/2)#ip address 150.3.2.3 255.255.255.0
PE3(config-if-gei-0/1/0/2)#exit

7. Add the interconnection interface between PE3 and PE2 into VPN1:
PE2(config)#interface gei-0/1/0/1
PE2(config-if-gei-0/1/0/1)#no shutdown
PE2(config-if-gei-0/1/0/1)#ip vrf forwarding vpn1
PE2(config-if-gei-0/1/0/1)#ip address 150.3.2.2 255.255.255.0
PE2(config-if-gei-0/1/0/1)#exit

8. In address-family ipv4 vrf vpn1 mode of BGP, PE3 specifies PE2 as EBGP neighbor.
Here, the address of gei-0/1/0/ is 150.3.2.2:
PE3(config)#router bgp 200
PE3(config-bgp)#address-family ipv4 vrf vpn1
PE3(config-bgp-af-ipv4-vrf)#neighbor 150.3.2.2 remote-as 100
PE3(config-bgp-af-ipv4-vrf)#exit
PE3(config-bgp)#exit

9. In address-family ipv4 vrf vpn1 mode, PE1 re-distribute directly-connected routes:


PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn1
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#exit

10. In address-family ipv4 vrf vpn1 mode, PE4 announces 200.1.1.0/24 network segment
route:
PE4(config)#router bgp 200
PE4(config-bgp)#address-family ipv4 vrf vpn1
PE4(config-bgp-af-ipv4-vrf)#network 200.1.1.0 255.255.255.0

3-92
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


PE4(config-bgp-af-ipv4-vrf)#exit
PE4(config-bgp)#exit

11. Between PE1 and PE2, enable LDP to establish LSP. Here, the interface on PE1 used
for connecting PE2 is gei-0/1/0/1:
PE1(config)#mpls ldp instance 1
PE1(config-ldp-1)#interface gei-0/1/0/1
PE1(config-ldp-1-if-gei-0/1/0/1)#exit
PE1(config-ldp-1)#exit

Between PE3 and PE4, enable LDP to establish LSP. The configuration is the same
as above.

Configuration Verification
On PE1, run the show bgp vpnv4 unicast vrf-summary vpn1 command to view the
establishment of EBGP neighbor with 100.1.1.2:
PE1#show bgp vpnv4 unicast vrf-summary vpn1
Neighbor

100.1.1.2 4

Ver

As MsgRcvd MsgSend

65000

Up/Down

State/PfxRcd

00:10:00

Show the protocol route table for a private network vrf on router PE1. The results are as
follows:
PE1#show ip protocol routing vrf vpn1 network 200.1.1.0
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale

*>

Dest

NextHop

Intag

Outtag

RtPrf

Protocol

200.1.1.0/24

2.3.4.5

213055

213012

200

BGP-INT

On PE2, run the show bgp vpnv4 unicast neighbor 1.2.3.4 command to view the following
information:
PE2#show bgp vpnv4 unicast neighbor 1.2.3.4
BGP neighbor is 1.2.3.4, remote AS 100, internal link
BGP version 4, remote router ID 1.2.3.4
BGP state = Established, up for 22:27:17
Last read update 00:18:51, hold time is 90 seconds, keepalive interval is 30 seconds
Neighbor capabilities:
Route refresh: advertised and received
New ASN capability: advertised and received
Address family IPv4 Unicast: advertised and received

3-93
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


Address family VPNv4 Unicast: advertised and receivedRestart Capability:
advertised and received

Show the protocol route table and forwarding table of a vrf private network on router PE2.
PE2#show ip protocol routing vrf vpn1 network 200.1.1.0
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale

*>

Dest

NextHop

Intag

Outtag

RtPrf

Protocol

200.1.1.0/24

150.3.2.3

213012

notag

20

bgp-ext

PE2#show ip forwarding route vrf

vpn1 200.1.1.0

IPv4 Routing Table:


Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
status codes: *valid, >best;
Dest

Gw

*> 200.1.1.0/24

Interface

150.3.2.3

gei-0/1/0/1

Owner

Pri Metric

BGP

20

On PE4, run the show bgp vpnv4 unicast vrf-summary vpn1 command to view the
establishment of EBGP neighbor with 200.1.1.2:
PE4#show ip bgp summary
Neighbor

200.1.1.2

Ver

As MsgRcvd MsgSend

65000

Up/Down

State/PfxRcd

00:15:00

On PE2, run the show bgp vpnv4 unicast neighbor 4.5.6.7 command to view the following
information:
PE2#show bgp vpnv4 unicast neighbor 4.5.6.7
BGP version 4, remote router ID 4.5.6.7
BGP state = Established, up for 22:27:17
Last read update 00:18:51, hold time is 90 seconds, keepalive interval is 30 seconds
capabilities:
Route refresh: advertised and received
Address family IPv4 Unicast: advertised and received
Address family VPNv4 Unicast: advertised and received
Restart Capability: advertised and received

3-94
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

On PE2, run the show bgp vpnv4 unicast vrf-summary vpn1 command to view the
establishment of neighbor with 150.3.2.3 (PE3):
PE2#show ip bgp summary
Neighbor
150.3.2.3

Ver
4

As MsgRcvd MsgSend
200

Up/Down
0

00:22:35

State/PfxRcd
2

3.7.3.2 Configuration Instance of MPLS L3VPN Crossing Several ASs (Option B)


Configuration Description
As shown in Figure 3-28, a customer has two sites: site 1 and site 2. They need to be
connected through VPN. However, site 1 connects AS100, and site 2 connects AS200.
Both sites provide MPLS VPN. To realize the MPLS VPN connectivity between the two
sites, we can use VPLS crossing several domains (Option B).
Figure 3-28 Configuration Instance MPLS L3VPN Crossing Several ASs (Option B)

Configuration Flow
1. Configure IP addresses for the following interfaces:
l PE1 left interface: gei-0/3/0/2, PE1 right interface: gei-0/1/0/1
l PE2 left interface: gei-0/6/1/4, PE2 right interface: gei-0/1/0/1
l PE3 left interface: gei-0/1/0/2, PE3 right interface: gei-0/6/1/3
l PE4 left interface: gei-0/4/0/4, PE4 right interface: gei-0/4/0/9
2. PE1, PE2, PE3, and PE4 all have VPN1. Set RD and RT both to 1:10.
3. Establish LDP, IGP, and MP-IBGP neighbors between PE1 and PE2 and between PE3
and PE4. Announce loopback addresses the IGP protocol.
4. Establish MP-EBGP neighbor between PE2 and PE3.

Configuration Command
1. Add the interconnection interface between PE1 and CE1 into VPN1. Between PE1
and CE1, directly-connected re-distribution is used.
2. Between PE1 and PE2, establish MP-IBGP respectively with Loopback1 addresses
1.2.3.1 and 1.2.3.2.
3-95
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

The configuration on PE1 is as follows:


PE1(config)#ip vrf vpn1
PE1(config-vrf-vpn1)#rd 1:10
PE1(config-vrf-vpn1)#route-target both 1:10
PE1(config-vrf-vpn1)#address-family ipv4
PE1(config-vrf-vpn1-af-ipv4)#exit
PE1(config-vrf-vpn1)#exit

PE1(config)#interface gei-0/3/0/2
PE1(config-if-gei-0/3/0/2)#no shutdown
PE1(config-if-gei-0/3/0/2)#ip vrf forwarding vpn1
PE1(config-if-gei-0/3/0/2)#ip address 32.1.1.1 255.255.255.0
PE1(config-if-gei-0/3/0/2)#exit
PE1(config)#interface gei-0/1/0/1
PE1(config-if-gei-0/1/0/1)#no shutdown
PE1(config-if-gei-0/1/0/1)#ip address 37.64.1.1 255.255.255.0
PE1(config-if-gei-0/1/0/1)#exit
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 1.2.3.1 255.255.255.255
PE1(config-if-loopback1)#exit

Configure OSPF for IGP:


PE1(config)#router ospf 1
PE1(config-ospf-1)#router-id 1.2.3.1
PE1(config-ospf-1)#network 37.64.1.0 0.0.0.255 area 0
PE1(config-ospf-1)#network 1.2.3.1

0.0.0.0

area 0

PE1(config-ospf-1)#exit

Configure LDP:
PE1(config)#mpls ldp instance 1
PE1(config-ldp-1)#router-id loopback1
PE1(config-ldp-1)#interface gei-0/1/0/1
PE1(config-ldp-1-if-gei-0/1/0/1)#exit
PE1(config-ldp-1)#exit

Establish MP-IBGP between PE1 and PE2:


PE1(config)#router bgp 100
PE1(config-bgp)#neighbor 1.2.3.2 remote-as 100
PE1(config-bgp)#no neighbor 1.2.3.2 activate
PE1(config-bgp)#neighbor 1.2.3.2 update-source loopback1
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 1.2.3.2 activate
PE1(config-bgp-af-vpnv4)#exit
PE1(config-bgp)#address-family ipv4 vrf vpn1
PE1(config-bgp-af-ipv4-vrf)#redistribute connected

3-96
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#exit

The configuration on PE2 is as follows:


Configure OSPF between PE2 and PE1 for IGP:
PE2(config)#interface gei-0/6/1/4
PE2(config-if-gei-0/6/1/4)#no shutdown
PE2(config-if-gei-0/6/1/4)#ip address 37.64.1.2 255.255.255.0
PE2(config-if-gei-0/6/1/4)#exit
PE2(config)#interface gei-0/1/0/1
PE2(config-if-gei-0/1/0/1)#no shutdown
PE2(config-if-gei-0/1/0/1)#ip address 109.65.1.1 255.255.255.0
PE2(config-if-gei-0/1/0/1)#exit
PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 1.2.3.2 255.255.255.255
PE2(config-if-loopback1)#exit

PE2(config)#router ospf 1
PE2(config-ospf-1)#router-id 1.2.3.2
PE2(config-ospf-1)#network 37.64.1.0 0.0.0.255 area 0
PE2(config-ospf-1)#network 1.2.3.2 0.0.0.0 area 0
PE2(config-ospf-1)#exit

Configure LDP:
PE2(config)#mpls ldp instance 1
PE2(config-ldp-1)#router-id loopback1
PE2(config-ldp-1)#interface gei-0/6/1/4
PE2(config-ldp-1-if-gei-0/6/1/4)#exit
PE2(config-ldp-1)#exit

Establish MP-IBGP between PE2 and PE1:


PE2(config)#router bgp 100
PE2(config-bgp)#neighbor 1.2.3.1 remote-as 100
PE2(config-bgp)#no neighbor 1.2.3.1 activate
PE2(config-bgp)#neighbor 1.2.3.1 update-source loopback1
PE2(config-bgp)#no synchronization

/*Disable BGP synchronization*/

PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 1.2.3.1 activate
PE2(config-bgp-af-vpnv4)#neighbor 1.2.3.1 next-hop-self
/*Set the next hop to itself*/
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#no bgp default route-target filte
PE2(config-bgp)#exit

Establish MP-EBGP between two ASBRs with a direct interface:


PE2(config-bgp)#neighbor 109.65.1.2 remote-as 200

3-97
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 109.65.1.2 activate
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#exit

The configuration on PE3 is as follows:


Configure OSPF between PE3 and PE4 for IGP:
PE3(config)#interface gei-0/1/0/2
PE3(config-if-gei-0/1/0/2)#no shutdown
PE3(config-if-gei-0/1/0/2)#ip address ip address 109.65.1.2 255.255.255.0
PE3(config-if-gei-0/1/0/2)#exit
PE3(config)#interface gei-0/6/1/3
PE3(config-if-gei-0/6/1/3)#no shutdown
PE3(config-if-gei-0/6/1/3)#ip address 63.44.1.1 255.255.255.0
PE3(config-if-gei-0/6/1/3)#exit
PE3(config)#interface loopback1
PE3(config-if-loopback1)#ip address 1.2.3.3 255.255.255.255
PE3(config-if-loopback1)#exit

PE3(config)#router ospf 1
PE3(config-ospf-1)#router-id 1.2.3.3
PE3(config-ospf-1)#network 63.44.1.0 0.0.0.255 area 0
PE3(config-ospf-1)#network 1.2.3.3 0.0.0.0 area 0
PE3(config-ospf-1)#exit

Establish LDP between PE3 and PE4:


PE3(config)#mpls ldp instance 1
PE3(config-ldp-1)#router-id loopback1
PE3(config-ldp-1)#interface gei-0/6/1/3
PE3(config-ldp-1-if-gei-0/6/1/3)#exit
PE3(config-ldp-1)#exit

Configure MP-IBGP between PE3 and PE4:


PE3(config)#router bgp 200
PE3(config-bgp)#neighbor 1.2.3.4 remote-as 200
PE3(config-bgp)#no neighbor 1.2.3.4 activate
PE3(config-bgp)#neighbor 1.2.3.4 update-source loopback1
PE3(config-bgp)#no synchronizatio
PE3(config-bgp)#address-family vpnv4
PE3(config-bgp-af-vpnv4)#neighbor 1.2.3.4 activate
PE3(config-bgp-af-vpnv4)#neighbor 1.2.3.4 next-hop-self
PE3(config-bgp-af-vpnv4)#exit
PE3(config-bgp)#no bgp default route-target filte
PE3(config-bgp)#exit

Establish MP-EBGP between two ASBRs with a direct interface:


3-98
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


PE3(config-bgp)#neighbor 109.65.1.1 remote-as 100
PE3(config-bgp)#address-family vpnv4
PE3(config-bgp-af-vpnv4)#neighbor 109.65.1.1 activate
PE3(config-bgp-af-vpnv4)#exit
PE3(config-bgp)#exit

The configuration on PE4 is as follows:


PE4(config)#ip vrf vpn1
PE4(config-vrf-vpn1)#rd 1:10
PE4(config-vrf-vpn1)#route-target both 1:10
PE4(config-vrf-vpn1)#address-family ipv4
PE4(config-vrf-vpn1-af-ipv4)#exit
PE4(config-vrf-vpn1)#exit

PE4(config)#interface gei-0/4/0/9
PE4(config-if-gei-0/4/0/9)#no shutdown
PE4(config-if-gei-0/4/0/9)#ip vrf forwarding vpn1
PE4(config-if-gei-0/4/0/9)#ip address 44.1.1.1 255.255.255.0
PE4(config-if-gei-0/4/0/9)#exit
PE4(config)#interface gei-0/4/0/4
PE4(config-if-gei-0/4/0/4)#no shutdown
PE4(config-if-gei-0/4/0/4)#ip address 63.44. 1.2 255.255.255.0
PE4(config-if-gei-0/4/0/4)#exit
PE4(config)#interface loopback1
PE4(config-if-loopack1)#ip address 1.2.3.4 255.255.255.255
PE4(config-if-loopback1)#exit

PE4(config)#router ospf 1

/*Configure OSPF and announce routes*/

PE4(config-ospf-1)#router-id 1.2.3.4
PE4(config-ospf-1)#network 63.44.1.0 0.0.0.255 area 0
PE4(config-ospf-1)#network 1.2.3.4

0.0.0.0

area 0

PE4(config-ospf-1)#exit

PE4(config)#mpls ldp instance 1

/*Enable LDP on the interface*/

PE4(config-ldp-1)#router-id loopback1
PE4(config-ldp-1)#interface gei-0/4/0/4
PE4(config-ldp-1-if-gei-0/4/0/4)#exit
PE4(config-ldp-1)#exit

PE4(config)#router bgp 200

/*Configure the BGP protocol*/

PE4(config-bgp)#neighbor 1.2.3.3 remote-as 200


PE4(config-bgp)#no neighbor 1.2.3.3 activat
PE4(config-bgp)#neighbor 1.2.3.3 update-source loopback1
PE4(config-bgp)#address-family vpnv4

/*Enable MP-BGP*/

PE4(config-bgp-af-vpnv4)#neighbor 1.2.3.3 activat

3-99
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE4(config-bgp-af-vpnv4)#exit
PE4(config-bgp)#address-family ipv4 vrf vpn1
PE4(config-bgp-af-ipv4-vrf)#redistribute connected
/*Re-distribute direct connections. If a dynamic routing protocol is used
between PE and CE, you need also re-distribute the dynamic routing protocol.*/
PE4(config-bgp-af-ipv4-vrf)#exit
PE4(config-bgp)#exit

Configuration Verification
Check the protocol route table of a private network and the label information of a public
network on PE1:
PE1(config)#show ip protocol routing vrf vpn1
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale
Dest

NextHop

Intag

Outtag

RtPrf

Protocol

*>

32.1.1.0/24

32.1.1.1

213002

notag

Direct

*>

32.1.1.1/32

32.1.1.1

213001

notag

Address

*>

44.1.1 .0/24

1.2.3.2

213003

213019

200

BGP-INT

PE1(config)#show mpls forwarding-table 1.2.3.2


Local

Outgoing

Prefix or

Outgoing

label

label

Tunnel Id

interface

16408

1.2.3.2/32

Next Hop

gei-0/1/0/1

37.64.1.2

M/S

On PE1, run the show bgp vpnv4 unicast neighbor 1.2.3.2 command to view the following
information:
PE1#show bgp vpnv4 unicast neighbor 1.2.3.2
BGP neighbor is 1.2.3.2, remote AS 100, internal link
BGP version 4, remote router ID 1.2.3.2
BGP state = Established, up for 22:27:17
Last read update 00:18:51, hold time is 90 seconds, keepalive interval
is 30 seconds
Neighbor capabilities:
Route refresh: advertised and received
New ASN capability: advertised and received
Address family IPv4 Unicast: advertised and received
Address family VPNv4 Unicast: advertised and receivedRestart Capability:
advertised and received

Check the route table information of a private network on PE2:


3-100
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


PE2(config)#show ip protocol routing vrf vpn1
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale

Dest

NextHop

Intag

Outtag

RtPrf

Protocol

*>

32.1.1.0/24

1.2.3.1

213020

213002

200

BGP-INT

*>

44.1.1.0/24

109.65.1.2

213019

213006

20

BGP-EXT

On PE2, run the show bgp vpnv4 unicast neighbor 1.2.3.1 command to view the following
information:
PE2#show bgp vpnv4 unicast neighbor 1.2.3.1
BGP neighbor is 1.2.3.1, remote AS 100, internal link
BGP version 4, remote router ID 1.2.3.1
BGP state = Established, up for 22:27:17
Last read update 00:18:51, hold time is 90 seconds, keepalive interval
is 30 seconds
capabilities:
Route refresh: advertised and received
New ASN capability: advertised and received
Address family IPv4 Unicast: advertised and received
Address family VPNv4 Unicast: advertised and receivedRestart Capability:
advertised and received

Check the route table information of a private network on PE3:


PE3(config)#show ip protocol routing vrf vpn1
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale

Dest

NextHop

Intag

Outtag

RtPrf

Protocol

*>

32.1.1.0/24

109.65.1.1

213007

213020

20

BGP-EXT

*>

44.1.1.0/24

1.2.3.4

213006

213017

200

BGP-INT

On PE3, run the show bgp vpnv4 unicast neighbor 1.2.3.4 command to view the following
information:
PE3#show bgp vpnv4 unicast neighbor 1.2.3.4
BGP neighbor is 1.2.3.4, remote AS 200, internal link

3-101
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


BGP version 4, remote router ID 1.2.3.4
BGP state = Established, up for 22:27:17
Last read update 00:18:51, hold time is 90 seconds, keepalive interval
is 30 seconds
capabilities:
Route refresh: advertised and received
New ASN capability: advertised and received
Address family IPv4 Unicast: advertised and received
Address family VPNv4 Unicast: advertised and receivedRestart Capability:
advertised and received

On PE1, use the show bgp vpnv4 unicast label command to view the prefix 44.1.1.0 and
VPN outgoing label.
On PE4, run the show bgp vpnv4 unicast label command to view the prefix 44.1.1.0 and
VPN incoming label.

3.7.3.3 Configuration Instance of MPLS L3VPN Crossing Several ASs (Option C, Using
IBGP Between PE and ASBR)
Configuration Description
As shown in Figure 3-29, a customer has two sites: site 1 and site 2. They need to be
connected through VPN. However, site 1 connects AS100, and site 2 connects AS200.
Both sites provide MPLS VPN. To realize the MPLS VPN connectivity between the two
sites, we can use VPLS crossing several domains (Option C, using IBGP between PE and
ASBR).
Figure 3-29 Configuration Instance MPLS L3VPN Crossing Several ASs (Option C,
Using IBGP Between PE and ASBR)

Configuration Flow
1. Build the network according to Figure 3-29.
addresses:

Configure the following interface

left interface of PE1: gei-0/2/0/1 20.1.1.1/24, right interface of PE1: gei-0/1/0/1


100.1.12.1/24;
3-102
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

left interface of ASBR1:


gei-0/1/0/3 100.1.23.2/24;

gei-0/1/0/2 100.1.12.2/24, right interface of ASBR1:

left interface of ASBR2:


gei-0/1/0/5 100.1.34.3/24;

gei-0/1/0/4 100.1.23.3/24, right interface of ASBR2:

left interface of PE4: gei-0/1/0/6 100.1.34.4/24, right interface of PE4: gei-0/2/0/2


30.1.1.1/24;
2. Configure a loopback interface for each router. From left to right, the loopback
addresses are: 100.1.5.1/32, 100.1.5.2/32, 100.1.5.3/32, and 100.1.5.4/32.
3. PE1 and ASBR1 are in AS100. PE4 and ASBR2 are in AS200.
4. Establish IBGP neighbor between PE and ASBR, and configure the send-lable
capability for each other. Establish MPEBGP neighbor between PE1 and PE4 to
announce the VPNv4 route. In addition, do not activate the IPv4 neighbor.
5. Establish a normal EBGP neighbor between ASBRs by using a directly-connected
interface, and run the network command to notify each other of the loopback address
of the corresponding PE. Under BGP, configure the send-lable capability for reaching
the neighbor, and configure route-map by setting "set mpls lable" and prefix-matching
route filtering.
6. Establish an IGP+LDP label distribution tunnel between PE and ASBR.
7. CE accesses PE through EBGP.

Configuration Command
The configuration on PE1 is as follows:
PE1(config)#ip vrf vpn1
PE1(config-vrf-vpn1)#rd 100:1
PE1(config-vrf-vpn1)address-family ipv4
PE1(config-vrf-vpn1-af-ipv4)#route-target 100:1
PE1(config-vrf-vpn1-af-ipv4)#exit
PE1(config-vrf-vpn1)#exit

PE1(config)#interface gei-0/2/0/1
PE1(config-if-gei-0/2/0/1)#no shutdown
PE1(config-if-gei-0/2/0/1)#ip vrf forwarding vpn1
PE1(config-if-gei-0/2/0/1)#ip address 20.1.1.1 255.255.255.0
PE1(config-if-gei-0/2/0/1)#exit
PE1(config)#interface loopback10
PE1(config-if-loopback10)#ip address 100.1.5.1

255.255.255.255

PE1(config-if-loopback10)#exit

PE1(config)#router ospf 10
PE1(config-ospf-10)#router-id 100.1.5.1
PE1(config-ospf-10)#network 100.1.0.0 0.0.255.255 area 0
PE1(config-ospf-10)#exit

Establish MP-EBGP between PE1 and PE4.


3-103
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE1(config)#router bgp 100
PE1(config-bgp)#no synchronization
PE1(config-bgp)#neighbor 100.1.5.2 remote-as 100
PE1(config-bgp)#neighbor 100.1.5.2 update-source loopback10
PE1(config-bgp)#neighbor 100.1.5.2 send-label
PE1(config-bgp)#neighbor 100.1.5.4 remote-as 200
PE1(config-bgp)#neighbor 100.1.5.4 update-source loopback10
PE1(config-bgp)#neighbor 100.1.5.4 ebgp-multihop
PE1(config-bgp)#no neighbor 100.1.5.4 activate
PE1(config-bgp)#address-family ipv4 vrf vpn1
PE1(config-bgp-af-ipv4-vrf)#neighbor 20.1.1.2 remote-as 1
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 100.1.5.4 activate
PE1(config-bgp-af-vpnv4)#neighbor 100.1.5.2 activate
PE1(config-bgp-af-vpnv4)#exit
PE1(config-bgp)#exit

PE1(config)#mpls ldp instance 1


PE1(config-ldp-1)#router-id loopback10
PE1(config-ldp-1)#interface gei-0/1/0/1
PE1(config-ldp-1-if-gei-0/1/0/1)#exit
PE1(config-ldp-1)#exit

The configuration on PE2 is as follows:


PE2(config)#interface loopback10
PE2(config-if-loopback10)#ip address 100.1.5.2 255.255.255.255
PE2(config-if-loopback10)#exit

PE2(config)#router ospf 10
PE2(config-ospf-10)#router-id 100.1.5.2
PE2(config-ospf-10)#network 100.1.0.0 0.0.255.255 area 0
PE2(config-ospf-10)#exit

PE2(config)#mpls ldp instance 1


PE2(config-ldp-1)#router-id loopback10
PE2(config-ldp-1)#interface gei-0/1/0/2
PE2(config-ldp-1-gei-0/1/0/2)#exit
PE2(config-ldp-1)#access-fec bgp
PE2(config-ldp-1)#exit

PE2(config)#ipv4-access-list zte
PE2(config-ipv4-acl)#rule 1 permit 100.1.5.1 0.0.0.0
PE2(config-ipv4-acl)#exit
PE2(config)#route-map zte

3-104
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


PE2(config-route-map)#match ip address zte
PE2(config-route-map)#set mpls-label
PE2(config-route-map)#exit

PE2(config)#router bgp 100


PE2(config-bgp)#no synchronization
PE2(config-bgp)#neighbor 100.1.23.3 remote-as 200
PE2(config-bgp)#neighbor 100.1.23.3 route-map zte out
PE2(config-bgp)#neighbor 100.1.23.3 send-label
PE2(config-bgp)#neighbor 100.1.5.1 remote-as 100
PE2(config-bgp)#neighbor 100.1.5.1 update-source loopback10
PE2(config-bgp)#neighbor 100.1.5.1 next-hop-self
PE2(config-bgp)#neighbor 100.1.5.1 send-label
PE2(config-bgp)#network 100.1.5.1 255.255.255.255
PE2(config-bgp)#exit

The configuration on PE3 is as follows:


PE3(config)#interface loopback10
PE3(config-if-loopback10)#ip address 100.1.5.3

255.255.255.255

PE3(config-if-loopback10)#exit

PE3(config)#router ospf 10
PE3(config-ospf-10)#router-id 100.1.5.3
PE3(config-ospf-10)#network 100.1.0.0 0.0.255.255 area 0
PE3(config-ospf-10)#exit

PE3(config)#mpls ldp instance 1


PE3(config-ldp-1)#router-id loopback10
PE3(config-ldp-1)#interface gei-0/1/0/5
PE3(config-ldp-1-gei-0/1/0/5)#exit
PE3(config-ldp-1)#access-fec bgp
PE3(config-ldp-1)#exit

PE3(config)#ipv4-access-list zte
PE3(config-ipv4-acl)#rule 1 permit 100.1.5.4 0.0.0.0
PE3(config-ipv4-acl)#exit
PE3(config)#route-map zte
PE3(config-route-map)#match ip address zte
PE3(config-route-map)#set mpls-label
PE3(config-route-map)#exit

PE3(config)#router bgp 200


PE3(config-bgp)#no synchronization
PE3(config-bgp)#neighbor 100.1.23.2 remote-as 100
PE3(config-bgp)#neighbor 100.1.23.2 route-map zte out

3-105
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE3(config-bgp)#neighbor 100.1.23.2 send-label
PE3(config-bgp)#neighbor 100.1.5.4 remote-as 200
PE3(config-bgp)#neighbor 100.1.5.4 update-source loopback10
PE3(config-bgp)#neighbor 100.1.5.4 next-hop-self
PE3(config-bgp)#neighbor 100.1.5.4 send-label
PE3(config-bgp)#network 100.1.5.4 255.255.255.255
PE3(config-bgp)#exit

The configuration on PE4 is as follows:


PE4(config)#ip vrf vpn1
PE4(config-vrf-vpn1)#rd 100:1
PE4(config-vrf-vpn1)address-family ipv4
PE4(config-vrf-vpn1-af-ipv4)#route-target 100:1
PE4(config-vrf-vpn1-af-ipv4)#exit
PE4(config-vrf-vpn1)#exit

PE4(config)#interface gei-0/2/0/2
PE4(config-if-gei-0/2/0/2)#no shutdown
PE4(config-if-gei-0/2/0/2)#ip vrf forwarding vpn1
PE4(config-if-gei-0/2/0/2)#ip address 30.1.1.1 255.255.255.0
PE4(config-if-gei-0/2/0/2)#exit

PE4(config)#interface loopback10
PE4(config-if-loopback10)#ip address 100.1.5.4

255.255.255.255

PE4(config-if-loopback10)#exit

PE4(config)#router ospf 10
PE4(config-ospf-10)#router-id 100.1.5.4
PE4(config-ospf-10)#network 100.1.0.0 0.0.255.255 area 0
PE4(config-ospf-10)#exit

PE4(config)#mpls ldp instance 1


PE4(config-ldp-1)#router-id loopback10
PE4(config-ldp-1)#interface gei-0/1/0/6
PE4(config-ldp-1-gei-0/1/0/6)#exit
PE4(config-ldp-1)#exit

PE4(config)#router bgp 200


PE4(config-bgp)#no synchronization
PE4(config-bgp)#neighbor 100.1.5.3 remote-as 200
PE4(config-bgp)#neighbor 100.1.5.3 update-source loopback10
PE4(config-bgp)#neighbor 100.1.5.3 send-label
PE4(config-bgp)#neighbor 100.1.5.1 remote-as 100
PE4(config-bgp)#neighbor 100.1.5.1 update-source loopback10
PE4(config-bgp)#neighbor 100.1.5.1 ebgp-multihop

3-106
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


PE4(config-bgp)#no neighbor 100.1.5.1 activate
PE4(config-bgp)#address-family ipv4 vrf vpn1
PE4(config-bgp-af-ipv4-vrf)#neighbor 30.1.1.2 remote-as 1
PE4(config-bgp-af-ipv4-vrf)#exit
PE4(config-bgp)#address-family vpnv4
PE4(config-bgp-af-vpnv4)#neighbor 100.1.5.1 activate
PE4(config-bgp-af-vpnv4)#exit
PE4(config-bgp)#exit

Configuration Verifications
On PE1, run the show bgp vpnv4 unicast summary command to check the VPNv4 neighbour
between router PE1 and router PE4.
PE1(config)#show bgp vpnv4 unicast summary
Neighbor

Ver

As

MsgRcvd

MsgSend

Up/Down

100.1.5.4

200

48

47

00:23:27

State/PfxRcd
2

Show the LDP label information of ASBR1 on PE1.


PE1(config)#show mpls forwarding-table 100.1.5.2
Local

Outgoing

Prefix or

Outgoing

label

label

Tunnel Id

interface

16389

100.1.5.2/32

gei-0/1/0/1

Next Hop

M/S

100.1.12.2

Show the BGP label information of other devices on PE1.


PE1(config)#show ip bgp labels
Network

Next Hop

In Label/Out Label

100.1.5.1/32

100.1.5.2

notag/notag

100.1.5.2/32

100.1.5.2

213006/213024

100.1.5.3/32

100.1.5.2

213007/213025

100.1.5.4/32

100.1.5.2

notag/notag

On PE1, run the show bgp vpnv4 unicast label command to check the information with the
prefix 20.1.1.0/30.1.1.0.
PE1(config)#show bgp vpnv4 unicast labels
Network

Next Hop

In Label/Out Label

Route Distinguisher: 65535:0 (default for vrf vpn1)


20.1.1.0/24

20.1.1.1

213003/notag

30.1.1.0/24

100.1.5.4

213008/213013

On PE4, run the show bgp vpnv4 unicast label command to check the information with the
prefix 20.1.1.0/30.1.1.0.
PE4#show bgp vpnv4 unicast labels
Network

Next Hop

In Label/Out Label

Route Distinguisher: 65535:0 (default for vrf vpn1)

3-107
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


20.1.1.0/24

1.1.1.64

213018/213003

30.1.1.0/24

31.1.1.1

213013/notag

3.7.3.4 Configuration Instance of MPLS L3VPN Crossing Several ASs (Option C, Using
IGP Between PE and ASBR)
Configuration Description
As shown in Figure 3-30, a customer has two sites: site 1 and site 2. They need to be
connected through VPN. However, site 1 connects AS100, and site 2 connects AS200.
Both sites provide MPLS VPN. To realize the MPLS VPN connectivity between the two
sites, we can use MPLS L3VPN crossing several ASs (Option C, using IGP between PE
and ASBR). This is the simplest way to realize inter-AS VPN.
Figure 3-30 Configuration Instance MPLS L3VPN Crossing Several ASs (Option C,
Using IGP Between PE and ASBR)

Configuration Flow
1. Build the network according to Figure 3-30.
addresses:

Configure the following interface

left interface of PE1: gei-0/2/0/1 20.1.1.1/24, right interface of PE1: gei-0/1/0/1


100.1.12.1/24;
left interface of ASBR1:
gei-0/1/0/3 100.1.23.2/24;

gei-0/1/0/2 100.1.12.2/24, right interface of ASBR1:

left interface of ASBR2:


gei-0/1/0/5 100.1.34.3/24;

gei-0/1/0/4 100.1.23.3/24, right interface of ASBR2:

left interface of PE4: gei-0/1/0/6 100.1.34.4/24, right interface of PE4: gei-0/2/0/2


30.1.1.4/24;
2. Configure a loopback interface for each router. From left to right, the loopback
addresses are: 100.1.5.1/32, 100.1.5.2/32, 100.1.5.3/32, and 100.1.5.4/32.
3. PE1 and ASBR1 are in AS100. PE4 and ASBR2 are in AS200.
4. Establish MPEBGP neighbor between PE1 and PE4 to announce the VPNv4 route.
In addition, do not activate the IPv4 neighbor.
3-108
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

5. Establish a normal EBGP neighbor between ASBRs by using a directly-associated


interface, and run the network command to notify each other of the loopback address
of the corresponding PE. Configure access-fec bgp under LDP of ASBR, and assign
labels for BGP routing.
6. Establish OSPF neighbor between PE and ASBR. Establish an IGP+LDP label
distribution tunnel between PE and ASBR. Re-distribute BGP routes under IGP.

Configuration Command
For the configuration of OSPF and LDP between PEs, refer to section "Configuring MPLS
L3VPN Public Network LDP Load Sharing".
The configuration on PE1 is as follows:
PE1(config)#ip vrf vpn1
PE1(config-vrf-vpn1)#rd 100:1
PE1(config-vrf-vpn1)address-family ipv4
PE1(config-vrf-vpn1-af-ipv4)#route-target 100:1
PE1(config-vrf-vpn1-af-ipv4)#exit
PE1(config-vrf-vpn1)#exit

PE1(config)#interface gei-0/2/0/1
PE1(config-if-gei-0/2/0/1)#no shutdown
PE1(config-if-gei-0/2/0/1)#ip vrf forwarding vpn1
PE1(config-if-gei-0/2/0/1)#ip address 20.1.1.1 255.255.255.0
PE1(config-if-gei-0/2/0/1)#exit

PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 100.1.5.1

255.255.255.255

PE1(config-if-loopback1)#exit

PE1(config)#router ospf 10
PE1(config-ospf-10)#router-id 100.1.5.1
PE1(config-ospf-10)#network 100.1.0.0 0.0.255.255 area 0
PE1(config-ospf-10)#exit

Establish MPEBGP neighbor between PE1 and PE4 to announce the VPNv4 route. In
addition, do not activate the IPv4 neighbor.
PE1(config)#router bgp 100
PE1(config-bgp)#neighbor 100.1.5.4 remote-as 200
PE1(config-bgp)#no neighbor 100.1.5.4 activate
PE1(config-bgp)#neighbor 100.1.5.4 update-source loopback1
PE1(config-bgp)#neighbor 100.1.5.4 ebgp-multihop
PE1(config-bgp)#address-family ipv4 vrf vpn1
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#address-family vpnv4

3-109
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE1(config-bgp-af-vpnv4)#neighbor 100.1.5.4 activate
PE1(config-bgp-af-vpnv4)#exit
PE1(config-bgp)#exit

PE1(config)#mpls ldp instance 1


PE1(config-ldp-1)#router-id loopback1
PE1(config-ldp-1)#interface gei-0/1/0/1
PE1(config-ldp-1-if-gei-0/1/0/1)#exit
PE1(config-ldp-1)#exit

The configuration on PE2 is as follows:


PE2(config)#ipv4-access-list zte
PE2(config-ipv4-acl)#rule 1 permit 100.1.5.1 0.0.0.0
PE2(config-ipv4-acl)#exit
PE2(config)#route-map zte
PE2(config-route-map)#match ip address zte
PE2(config-route-map)#set mpls-label
PE2(config-route-map)#exit

PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 100.1.5.2

255.255.255.255

PE2(config-if-loopback1)#exit

PE2(config)#router ospf 10
PE2(config-ospf-10)#router-id 100.1.5.2
PE2(config-ospf-10)#network 100.1.0.0 0.0.255.255 area 0
PE2(config-ospf-10)#redistribute bgp-ext
PE2(config-ospf-10)#exit

PE2(config)#mpls ldp instance 1


PE2(config-ldp-1)#router-id loopback1
PE2(config-ldp-1)#access-fec bgp
PE2(config-ldp-1)#interface gei-0/1/0/2
PE2(config-ldp-1-if-gei-0/1/0/2)#exit
PE2(config-ldp-1)#exit

PE2(config)#router bgp 100


PE2(config-bgp)#neighbor 100.1.23.3 remote-as 200
PE2(config-bgp)#neighbor 100.1.23.3 route-map zte out
PE2(config-bgp)#neighbor 100.1.23.3 send-label
PE2(config-bgp)#network 100.1.5.1 255.255.255.255
PE2(config-bgp)#network 100.1.5.2 255.255.255.255
PE2(config-bgp)#exit

The configuration on PE3 is as follows:

3-110
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


PE3(config)#interface loopback1
PE3(config-if-loopback1)#ip address 100.1.5.3

255.255.255.255

PE3(config-if-loopback1)#exit

PE3(config)#router ospf 10
PE3(config-ospf-10)#router-id 100.1.5.3
PE3(config-ospf-10)#network 100.1.0.0 0.0.255.255 area 0
PE3(config-ospf-10)#redistribute bgp-ext
PE3(config-ospf-10)#exit

PE3(config)#mpls ldp instance 1


PE3(config-ldp-1)#router-id loopback1
PE3(config-ldp-1)#access-fec bgp
PE3(config-ldp-1)#interface gei-0/1/0/5
PE3(config-ldp-1-if-gei-0/1/0/5)#exit
PE3(config-ldp-1)#exit

PE3(config)#ipv4-access-list zte
PE3(config-ipv4-acl)#rule 1 permit 100.1.5.4 0.0.0.0
PE3(config-ipv4-acl)#exit
PE3(config)#route-map zte
PE3(config-route-map)#match ip address zte
PE3(config-route-map)#set mpls-label
PE3(config-route-map)#exit

PE3(config)#router bgp 200


PE3(config-bgp)#neighbor 100.1.23.2 remote-as 100
PE3(config-bgp)#neighbor 100.1.23.2 route-map zte out
PE3(config-bgp)#neighbor 100.1.23.2 send-label
PE3(config-bgp)#network 100.1.5.3 255.255.255.255
PE3(config-bgp)#network 100.1.5.4 255.255.255.255
PE3(config-bgp)#exit

The configuration on PE4 is as follows:


PE4(config)#ip vrf vpn1
PE4(config-vrf-vpn1)#rd 100:1
PE4(config-vrf-vpn1)address-family ipv4
PE4(config-vrf-vpn1-af-ipv4)#route-target 100:1
PE4(config-vrf-vpn1-af-ipv4)#exit
PE4(config-vrf-vpn1)#exit

PE4(config)#interface loopback1
PE4(config-if-loopback1)#ip address 100.1.5.4

255.255.255.255

PE4(config-if-loopback1)#exit

3-111
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE4(config)#router ospf 10
PE4(config-ospf-10)#router-id 100.1.5.4
PE4(config-ospf-10)#network 100.1.0.0 0.0.255.255 area 0
PE4(config-ospf-10)#exit

PE4(config)#mpls ldp instance 1


PE4(config-ldp-1)#router-id loopback1
PE4(config-ldp-1) #interface gei-0/1/0/6
PE4(config-ldp-1-if-gei-0/1/0/6) #exit
PE4(config-ldp-1) #exit

PE4(config)#router bgp 200


PE4(config-bgp)#neighbor 100.1.5.1 remote-as 100
PE4(config-bgp)#no neighbor 100.1.5.1 activate
PE4(config-bgp)#neighbor 100.1.5.1 update-source loopback1
PE4(config-bgp)#neighbor 100.1.5.1 ebgp-multihop
PE4(config-bgp)#address-family ipv4 vrf vpn1
PE4(config-bgp-af-ipv4-vrf)#redistribute connected
PE4(config-bgp-af-ipv4-vrf)#exit
PE4(config-bgp)#address-family vpnv4
PE4(config-bgp-af-vpnv4)#neighbor 100.1.5.1 activate
PE4(config-bgp-af-vpnv4)#exit
PE4(config-bgp)#exit

Configuration Verification
On PE1, run the show bgp vpnv4 unicast summary command to check the VPNv4 neighbor
between router PE1 and router PE4.
PE1#show bgp vpnv4 unicast summary
Neighbor

Ver

As

MsgRcvd

100.1.5.4

200

MsgSend

18

Up/Down

State/PfxRcd

00:03:24

Show the protocol routing table of a private network on PE1.


PE1#show ip protocol routing vrf vpn1 network 30.1.1.0
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale

*>

Dest

NextHop

Intag

Outtag

RtPrf

Protocol

30.1.1.0/24

100.1.5.4

214007

213011

20

BGP-EXT

Show the LDP and BGP label information of a public network.


3-112
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


PE1#show mpls forwarding-table 100.1.5.4
Local

Outgoing

Prefix or

Outgoing

label

label

Tunnel Id

interface

16396

16389

100.1.5.4/32

gei-0/1/0/1

Next Hop

M/S

100.1.12.2

Next Hop

M/S

100.1.23.3

Next Hop

M/S

Show the LDP and BGP label information of ASBR1.


ASBR1#show mpls forwarding-table 100.1.5.4
Local

Outgoing

Prefix or

Outgoing

label

label

Tunnel Id

interface

16389

Untagged

100.1.5.4/32

gei-0/1/0/3

ASBR1#show ip bgp labels


Network

Next Hop

In Label/Out Label

100.1.5.1/32

100.1.12.1

notag/notag

100.1.5.2/32

100.1.5.2

100.1.5.4/32

100.1.23.3

213005/213072

100.1.5.3/32

100.1.23.3

213006/213076

notag/notag

Show the LDP and BGP label information on ASBR2.


ASBR2#show mpls forwarding-table
Local

Outgoing

Prefix or

Outgoing

label

label

Tunnel Id

interface

16446

Poptag

100.1.5.4/32

gei-0/1/0/5

100.1.34.4

3.8 Label Configuration of each VRF for MPLS L3VPN


3.8.1 VRF Per Label Feature for MPLS L3VPN Overview
Currently, labels of VPN routing are assigned in two modes:
l

Per prefix
It means that a private network label is assigned to each prefix.

Per VRF
It means that all the prefixes belonging to the same VRF can use one private
network label. In addition, configuration commands can be used to specify the label
assignment mode for one VRF or for all VRFs at a time.

A PE router saves all VPN routes, including local VPN routes and those received from
remote devices. In addition, each route's prefix carries a private network label, which
consumes some memory. If labels are assigned in per-prefix mode, a lot memory may be
consumed by the prefixes when there are numerous VRFs and routes on PE.
To solve this problem, the per-VRF label feature is introduced. The per-VRF label feature
allows all the local routes under the same VRF to use the same private network label. This
new label is used to decide to which interface of PE or CE a packet is to be forwarded.
3-113
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

It should be noted that the carrier supporting carrier (CSC) feature must be enabled before
using the per-VRF label feature.

3.8.2 Configuring Label Distribution Per VRF for MPLS L3VPN


This procedure describes how to configure label distribution per VRF for MPLS L3VPN.

Steps
1. Configure label distribution per VRF for MPLS L3VPN.
Command

Function

ZXR10(config-vrf)#mpls label mode [ipv6]{per-prefix

Distribution mode of private network

| per-vrf}

labels.

per-prefix: Per-prefix label distribution mode (default).


per-vrf: Per-VRF label distribution mode.
2. Verify the configurations.
Command

Function

ZXR10(config)#show ip vrf detail

Shows the detailed information about the VRF

[<vrf-name>]

instance.

ZXR10(config)#show ip protocol routing

Shows the detailed information about the VRF

vrf <vrf-name>

routing table.

End of Steps

3.8.3 Configuration Instance of VPN Per Label for MPLS L3VPN


Configuration Description
Establish the L3VPN environment as shown in Figure 3-31.

3-114
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Figure 3-31 Network Structure of VPN Per Label for MPLS L3VPN Configuration
Example

Configuration Flow
1. As shown in Figure 3-31, establish L3VPN for PE1 and PE2.
2. On the access interface between CE1 and PE1, create IS-IS neighbor, and announce
1000 IS-IS routes.
3. Under vrf zte of PE1, configure the VPN per label feature.

Configuration Command
For the configuration of IS-IS and LDP between PEs, refer to section "Configuring MPLS
L3VPN Public Network LDP Load Sharing".
The configuration on PE1 is as follows:
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 100.1.1.2 255.255.255.255
PE1(config-if-loopback1)#exit

PE1(config)#ip vrf zte


PE1(config-vrf-zte)#rd 1:100
PE1(config-vrf-zte)#route-target both 1:100
PE1(config-vrf-zte)#address-family ipv4
PE1(config-vrf-zte-af-ipv4)#exit
PE1(config-vrf-zte)#exit

PE1(config)#router bgp 100


PE1(config-bgp)#neighbor 100.1.1.1 remote-as 100
PE1(config-bgp)#neighbor 100.1.1.1 update-source loopback1
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 100.1.1.1 activate
PE1(config-bgp-af-vpnv4)#exit
PE1(config-bgp)#address-family ipv4 vrf zte
PE1(config-bgp-af-ipv4-vrf)#redistribute isis-l-2 100
PE1(config-bgp-af-ipv4-vrf)#exit

3-115
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE1(config-bgp)#exit

PE1(config)#interface gei-0/3/0/4
PE1(config-if-gei-0/3/0/4)#no shutdown
PE1(config-if-gei-0/3/0/4)#ip vrf

forwarding zte

PE1(config-if-gei-0/3/0/4)#ip address 192.1.1.1 255.255.255.0


PE1(config-if-gei-0/3/0/4)#exit

PE1(config)#router isis 100 vrf zte


PE1(config-isis-100)#area 47.0005
PE1(config-isis-100)#system-id 0000.0022.2222
PE1(config-isis-100)#interface gei-0/3/0/4
PE1(config-isis-100-if-gei-0/3/0/4)#ip router isis
PE1(config-isis-100-if-gei-0/3/0/4)#exit
PE1(config-isis-100)#exit

PE1(config)#ip vrf zte


PE1(config-vrf-zte)#mpls label mode per-vrf
/*Configure the per-VRF label assignment mode*/
PE1(config-vrf-zte)#exit

The configuration on PE2 is as follows:


PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 100.1.1.1 255.255.255.255
PE2(config-if-loopback1)#exit

PE2(config)#ip vrf zte


PE2(config-vrf-zte)#rd 1:100
PE2(config-vrf-zte)#route-target both 1:100
PE2(config-vrf-zte)#address-family ipv4
PE2(config-vrf-zte-af-ipv4)#exit
PE2(config-vrf-zte)#exit

PE2(config)#router bgp 100


PE2(config-bgp)#neighbor 100.1.1.2 remote-as 100
PE2(config-bgp)#neighbor 100.1.1.2

update-source loopback1

PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 100.1.1.2 activate
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#address-family ipv4 vrf zte
PE2(config-bgp-af-ipv4-vrf)#redistribute connect
PE2(config-bgp-af-ipv4-vrf)#exit
PE2(config-bgp)#exit

PE2(config)#interface gei-0/5/0/3

3-116
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


PE2(config-if-gei-0/5/0/3)#no shutdown
PE2(config-if-gei-0/5/0/3)#ip vrf forwarding zte
PE2(config-if-gei-0/5/0/3)#ip address 193.1.1.1 255.255.255.0
PE2(config-if-gei-0/5/0/3)#exit

Configuration Verification
The verification on PE1 is as follows:
PE1(config)#show ip protocol routing vrf zte
/*PE1 assigns a label "212994" only for these 1000 private network routes*/

Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,


OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale

Dest

NextHop

Intag

Outtag

RtPrf

Protocol

*>

80.80.80.0/24

192.1.1.2

212994

notag

115

ISIS-L2

*>

80.80.81.0/24

192.1.1.2

212994

notag

115

ISIS-L2

*>

80.80.82.0/24

192.1.1.2

212994

notag

115

ISIS-L2

*>

80.80.83.0/24

192.1.1.2

212994

notag

115

ISIS-L2

*>

80.80.84.0/24

192.1.1.2

212994

notag

115

ISIS-L2

*>

80.80.85.0/24

192.1.1.2

212994

notag

115

ISIS-L2

*>

80.80.86.0/24

192.1.1.2

212994

notag

115

ISIS-L2

*>

80.80.87.0/24

192.1.1.2

212994

notag

115

ISIS-L2

*>

80.80.88.0/24

192.1.1.2

212994

notag

115

ISIS-L2

*>

80.80.89.0/24

192.1.1.2

212994

notag

115

ISIS-L2

*>

80.80.90.0/24

192.1.1.2

212994

notag

115

ISIS-L2

*>

80.80.91.0/24

192.1.1.2

212994

notag

115

ISIS-L2

*>

80.80.92.0/24

192.1.1.2

212994

notag

115

ISIS-L2

*>

80.80.93.0/24

192.1.1.2

212994

notag

115

ISIS-L2

......

3.9 MPLS L3VPN GR Configuration


3.9.1 MPLS L3VPN GR Overview
If the MPLS L3VPN GR function is enabled, when active/standby switchover occurs in an
L3VPN network, the routes can be preserved and the traffic will not be interrupted. The
LDP and MPBGP protocols are the key protocols used in an MPLS L3VPN network, and
thus the following is required during GR configuration:
3-117
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

l
l

Enabling the GR function and LDP-GR function on the routing protocol used for an
LDP Router-ID
Enabling the GR function and BGP-GR function on the routing protocol used for an
MPBGP link address

An LDP Router-ID can use IS-IS or OSPF for advertisement, so the GR function must be
enabled for the IS-IS or OSPF protocol. It must also be enabled for the LDP protocol.
MPBGP uses an LDP Router-ID as the link address, so its GR function is enabled during
the LDP-GR configuration. In addition, the BGP-GR function needs to be configured.

3.9.2 Configuring MPLS L3VPN GR


This procedure describes how to configure IS-IS GR, OSPF GR, BGP GR, and LDP GR.

Steps
1. Configure IS-IS GR.
a. Enable the IS-IS GR function.
Step

Command

Function

ZXR10(config)#router isis <process-id>

Enters IS-IS configuration


mode.

Enables the IS-IS GR

ZXR10(config-isis-id)#restart enable

function.

b. (Optional) Configure IS-IS GR attributes.


Command

Function

ZXR10(config-isis-id)#restart t2-timer

Configures the IS-IS T2 (GR

<t2-interval>[level-1 | level-2]

database synchronization timer)


duration, range: 565535, unit:
seconds

ZXR10(config-isis-id)#restart t3-timer {adjacency

Configures the IS-IS T3 (timer for

| manual <t3-interval>}

setting the maximum GR duration)


duration, range: 165535, unit:
seconds.

ZXR10(config-isis-id-if-interface)#hello-mult

Configures the IS-IS neighbor

iplier <multiplier>[level-1 | level-2]

relationship keep-alive multiplier,


default: 3, range: 31000.

ZXR10(config-isis-id-if-interface)#restart

Configures the maximum number of

t1-retry <retry-timers>[level-1 | level-2]

retries for IS-IS T1, default: 3, range:


165535.

3-118
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Command

Function

ZXR10(config-isis-id-if-interface)#restart

Configures the IS-IS T1 duration,

t1-timer <interval>[level-1 | level-2]

unit: seconds, default: 3, range:


165535.

adjacency: T3 is determined in accordance with the remaining time specified in


a hello message that a neighbor sends.
manual: T3 is determined in accordance with the manual configuration.
2. Configure OSPF GR.
a. Enable the OSPF GR function.
Step

Command

Function

ZXR10(config)#router ospf<process-id>

Enters OSPF configuration


mode.

Enables the OSPF GR

ZXR10(config-ospf-id)#nsf

function. For a GR helper,


it means that the neighbor
switchover function is
activated.

b. (Optional) Configure OSPF GR attributes.


Command

Function

ZXR10(config-ospf-id)#grace-period <time>

Configures the OSPF GR period,


default: 120 seconds. If there are a
large number of routing entries for
switchover, this parameter can be
set to a large value.

ZXR10(config-ospf-id-if-interface)#dead-inte

Required if the switchover duration

rval <time>

is long.

3. Configure BGP GR.


a. Enable the BGP GR function.
Step

Command

Function

ZXR10(config)#router bgp<as-number>

Enters BGP configuration


mode.

ZXR10(config-bgp)#bgp graceful-restart

Enables the BGP GR


function.

b. (Optional) Configure BGP GR attributes.


3-119
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Command

Function

ZXR10(config-bgp)#bgp graceful-restart

Configures the BGP GR duration,

restart-time <time>

range: 13600, default: 120, unit:


seconds.

ZXR10(config-bgp)#bgp graceful-restart

stalepath-time <time>

Configures the database


synchronization duration for
BGP GR, range: 13600, default:
360, unit: seconds.

4. Configure LDP GR.


a. Enable the LDP GR function.
Step

Command

Function

ZXR10(config)#mpls ldp instance <instance-id>

Enters LDP configuration


mode.

ZXR10(config)#graceful-restart

Enables the LDP GR


function.

b. (Optional) Configure LDP GR attributes.


Command

Function

ZXR10(config)#graceful-restart timers

Configures the neighbor

neighbor-liveness <time>

relationship keep-alive duration


during an LDP GR, unit: seconds,
default: 120. This parameter
needs to be negotiated.

ZXR10(config)#graceful-restart timers max-recovery

Configures the LDP GR duration,

<time>

unit: seconds, default: 120. This


parameter needs to be negotiated.

5. Verify the configurations.


Command

Function

ZXR10#show mpls ldp graceful-restart instance <instance-id>

Displays the LDP GR configuration.

ZXR10#show mpls ldp neighbor graceful-restart instance

Displays the LDP GR neighbor

<instance-id>

information.

ZXR10#show ip ospf nsf process <process-id>

Displays the OSPF GR


configuration.

ZXR10#show isis nsf process-id <process-id>

Displays the IS-IS GR configuration.

6. Maintain MPLS L3VPN GR.


3-120
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Command

Function

ZXR10#debug ldp graceful-restart instance <instance-id>

Enables LDP GR debugging.

ZXR10#debug ip ospf nsf <process-id>

Enables OSPF GR debugging.

ZXR10#debug isis nsf-events [process-id <process-id>]

Enables IS-IS GR debugging.

End of Steps

3.9.3 MPLS L3VPN GR Configuration Example


Configuration Description
Figure 3-32 shows the network structure for MPLS L3VPN GR configuration. CE1 and
CE2 are in the same VPN, PE1 and PE2 are interconnected through the OSPF protocol,
the OSPF protocol is used between CE1 and PE1 and between CE2 and PE2, so that CE1
and CE2 can learn the routes of each other. The OSPF GR function is enabled on both
CE1 and CE2, the OSPF GR, LDP GR, and BGP GR functions are enabled on PE1 and
PE2, and the OSPF GR, BGP GR, and LDP GR functions are enabled on P.
Figure 3-32 MPLS L3VPN GR Network Structure

Configuration Flow
1. Establish an L3VPN environment between PE1 and PE2 through OSPF.
2. Establish OSPF neighbor relationships between CE1 and PE1, and between CE2 and
PE2.
3. Enable OSPF GR on CE1 and CE2, enable OSPF GR, LDP GR, and BGP GR on PE1
and PE2, and enable OSPF GR and LDP GR on P.

Configuration Commands
For the OSPF, LDP, and BGP configurations between PEs, refer to the MPLS L3VPN
Basic Function Configuration section.
Configure GR on CE1 as follows:
CE1(config)#router ospf 2
CE1(config-ospf-2)#nsf

3-121
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


CE1(config-ospf-2)#exit

Configure GR on PE1 as follows:


PE1(config)#router ospf 1
PE1(config-ospf-1)#nsf
PE1(config-ospf-1)#exit

PE1(config)#router ospf 2 vrf zte


PE1(config-ospf-2)#nsf
PE1(config-ospf-2)#exit

PE1(config)#router bgp 1
PE1(config-bgp)#bgp graceful-restart
PE1(config-bgp)#exit

PE1(config)#mpls ldp instance 1


PE1(config-ldp-1)#graceful-restart
PE1(config-ldp-1)#exit

Configure GR on P as follows:
P(config)#router ospf 1
P(config-ospf-1)#nsf
P(config-ospf-1)#exit

P(config)#mpls ldp instance 1


P(config-ldp-1)#graceful-restart
P(config-ldp-1)#exit

Configure GR on PE2 as follows:


PE2(config)#router ospf 1
PE2(config-ospf-1)#nsf
PE2(config-ospf-1)#exit

PE2(config)#router ospf 2 vrf zte


PE2(config-ospf-2)#nsf
PE2(config-ospf-2)#exit

PE2(config)#router bgp 1
PE2(config-bgp)#bgp graceful-restart
PE2(config-bgp)#exit

PE2(config)#mpls ldp instance 1


PE2(config-ldp-1)#graceful-restart
PE2(config-ldp-1)#exit

Configure GR on CE2 as follows:


3-122
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


CE2(config)#router ospf 2
CE2(config-ospf-2)#nsf
CE2(config-ospf-2)#exit

Configuration Verification
Check the PE1 configuration as follows:
R1(config-ldp)#show bgp all summary
Neighbor

Ver

As

MsgRcvd

1.1.1.2

681

MsgSend
680

Up/Down

State

05:40:18

Established

/*An MPBGP neighbor relationship is established on PE1.*/

PE1(config-ldp)#show ip forwarding route vrf zte


IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
status codes: *valid, >best;
Dest

Gw

Interface

Owner

Pri Metric

*> 10.11.1.2/24

1.1.1.2

gei-0/1/0/3

BGP

200 0

*> 10.11.2.2/24

1.1.1.2

gei-0/1/0/3

BGP

200 0

*> 10.11.3.2/24

1.1.1.2

gei-0/1/0/3

BGP

200 0

*> 10.11.4.2/24

1.1.1.2

gei-0/1/0/3

BGP

200 0

PE1#show mpls ldp graceful-restart instance 1


LDP Graceful Restart is enabled
Neighbor Liveness Timer: 120 seconds
Max Recovery Timer: 120 seconds
Graceful Restart enabled Sessions:
Peer LDP Ident: 1.1.1.2:0;State:Oper

PE1#show mpls ldp neighbor graceful-restart instance 1


Peer LDP Ident: 1.1.1.2:0; Local LDP Ident: 1.1.1.1:0
TCP connection: 1.1.1.2.25911 - 1.1.1.1.646
State: Oper; Msgs sent/rcvd: 1652/1547; Downstream
Up Time: 1d1h
LDP discovery sources:
gei-0/1/0/1; Src IP addr: 104.110.111.2
Addresses bound to peer LDP Ident:
1.1.1.2

2.1.1.1

2.1.1.3

2.1.1.4

104.110.111.2

3-123
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


Graceful Restart enable d; Peer reconnect time (msecs): 120000

Perform the following steps after the active-standby PE1 switchover:


1. Run the show ip protocol route vrf <vrf-name> command on PE2. The output shows
that the stale tags are added to the routes learnt from PE1. Run the show ip forwarding
route vrf <vrf-name> command on PE2. The output shows that the routes learnt from
PE1 exist and the egress interface information exists.
2. Ping the private IP address of PE1 from PE2 (with the -t parameter contained). The
output shows that there is no packet loss during and after the switchover process.
3. If there is bidirectional packet forwarding, ensure that there is no packet loss during
and after the switchover process.
Perform the following steps after the active-standby P switchover:
1. Run the show ip protocol route vrf <vrf-name> command on PE2. The output shows
that the stale tags are added to the routes learnt from PE1. Run the show ip forwarding
route vrf <vrf-name> command on PE2. The output shows that the routes learnt from
PE1 exist and the egress interface information exists.
2. Run the show ip protocol route vrf <vrf-name> command on PE1. The output shows
that the stale tags are added to the routes learnt from PE2. Run the show ip forwarding
route vrf <vrf-name> command on PE1. The output shows that the routes learnt from
PE2 exist and the egress interface information exists.
3. Ping the private IP address of PE1 from PE2 (with the -t parameter contained). The
output shows that there is no packet loss during and after the switchover process.
4. Ping the private IP address of PE2 from PE1 (with the -t parameter contained). The
output shows that there is no packet loss during and after the switchover process.
5. If there is bidirectional packet forwarding, ensure that there is no packet loss during
and after the switchover process.
Perform the following steps after the PE2 switchover:
1. Run the show ip protocol route vrf <vrf-name> command on PE1. The output shows
that the stale tags are added to the routes learnt from PE2. Run the show ip forwarding
route vrf <vrf-name> command on PE1. The output shows that the routes learnt from
PE2 exist and the egress interface information exists.
2. Ping the private IP address of PE2 from PE1 (with the -t parameter contained). The
output shows that there is no packet loss during and after the switchover process.
3. If there is bidirectional packet forwarding, ensure that there is no packet loss during
and after the switchover process.

3-124
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

3.10 MPLS L3VPN HoPE Configuration


3.10.1 MPLS L3VPN HoPE Overview
Introduction
An MPLS L3VPN network consists of PE, P, and CE devices. PE operates at the network
edge and is directly connected to CE to provide the main VPN functions. In an MPLS
network, all VPN-related messages are processed on PE. Any performance or scalability
problem of PE would restrict the scalability and coverage of the entire VPN network.
The MPLS L3VPN layered architecture is designed to adapt to the typical MAN architecture
(access layerconvergence layercore layer) and to meet the following requirements:
l
l
l
l
l

Multi-layer PE devices together provide the functions of one traditional PE device.


A higher-layer PE device requires a higher capacity and performance.
A lower layer requires more PE devices, which provides larger access capabilities.
The architecture can meet the scalability requirements.
Cross-AS links are available in the architecture.

The multi-layer PE architecture is called Hierarchy of PE (HoPE), which separates PE into


multiple-layer devices and features high scalability.

MPLS L3VPN HoPE Features


HoPE makes the layered architecture of the MPLS L3VPN service, that is, HoVPN,
available.
l
l

The PE devices that are directly connected to CE devices are called Underlayer PE
or User-end PE (UPE).
The PE devices that are connected to UPE are called Superstratum PE or Service
provider-end PE (SPE).

Multiple UPE devices and one SPE device make up the layered PE architecture and
provide the functions of one traditional PE device. For the HoPE architecture, see Figure
3-33.

3-125
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Figure 3-33 HoPE Architecture

The functions of SPE and UPE are as follows:


l

UPE is used for user access to the MPLS network. It maintains only the routes of the
VPN sites that are directly connected to it, and does not maintain the specific routes of
remote VPN sites. UPE distributes VPN labels to the routes of the directly-connected
VPN sites, and advertises the VPN labels to SPE together with the VPN routes through
MPBGP.
SPE maintains and spreads VPN routes. It maintains the routes of all the VPNs
attached to the SPE or the UPEs connected to the SPE, including the routes of local
and remote sites. SPE advertises the default routes to UPE together with MPLS
labels.

The functions of SPE and UPE depend on their features. SPE has a large routing table
(thus providing a high forwarding capability) but with a small number of interfaces. UPE
has a low routing and forwarding capability, but provides a high access capability through
a large number of UPE devices. HoPE leverages the high forwarding capability of SPE
and high access capability of UPE.
UPE and SPE are relative terms. In a multilevel HoPE architecture, a higher-layer PE can
be defined as an SPE, and a lower-layer PE can be defined as a UPE.
Layered PE and traditional PE can coexist in an MPLS network.
The MPBGP protocol used between SPE and UPE can be MPIBGP or MPEBGP,
depending on whether SPE and UPE are in the same AS.

MPLS L3VPN HoPE Applications


l

Single-level HoPE
Figure 3-34 shows the typical network architecture of a single-level HoPE application.
3-126

SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Figure 3-34 Network Architecture of a Single-Level HoPE Application

In Figure 3-34, the left part shows a traditional flat network structure, where an MPLS
backbone network is used to provide the MPLS L3VPN service. PE of a backbone
network is located in a central city, and CE devices converge at the PE node. The right
part shows a HoPE architecture, where UPE nodes are deployed in common cities
to make up a layered structure. Nearby VPN users can access an MPLS backbone
network through UPE easily, and thus the network coverage is expanded.
l

Multilevel HoPE
Figure 3-35 shows a typical network architecture of a multilevel HoPE application.
Figure 3-35 Network Architecture of a Multilevel HoPE Application

In Figure 3-35, an MPE is the SPE for the county-level UPE, and is also the UPE for the
province-level SPE. SPE advertises default routes to MPE, and MPE advertises the
3-127
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

default routes to UPE. UPE maintains only the local routes and default routes, and
MPE maintains only the specific routes, local routes, and default routes of multiple
UPE devices attached to the MPE.

3.10.2 Configuring MPLS L3VPN HoPE


This procedure describes how to configure MPLS L3VPN HoPE.

Prerequisite
VRF instances are configured.

Steps
1. Configure MPLS L3VPN HoPE.
Step

Command

Function

ZXR10(config)#router bgp < as-number>

Enters BGP route


configuration mode.

Enters BGP vpnv4 address

ZXR10(config-bgp)#address-family vpnv4

family configuration mode.


3

ZXR10(config-bgp-af-vpnv4)#neighbor

Advertises default routes to

{<ipv4-address>|<peer-group-name>} default-originate [all

a neighbor or neighbor peer

| vrf <vrf-name>]

group under a VRF or all the


VRFs.

ZXR10(config-bgp-af-vpnv4)#neighbor

Sets a neighbor or neighbor

{<ipv4-address>|<peer-group-name>} virtual-spoke

peer group as its UPE

[reflect-next-hop-self]

(spoke-PE).

After a neighbor or neighbor peer group is set to UPE (spoke-PE), VPN routes from
the UPE will be automatically reflected to non-UPE devices.
2. Verify the configurations.
Command

Function

ZXR10#show running-config bgp

Displays the BGP configuration.

ZXR10#show bgp vpnv4 unicast summary

Displays all the BGP vpnv4


neighbors.

ZXR10#show ip forwarding route vrf <vrf-name>{[{<Network to

Displays the VPN routing and

display informatio>}[<Network mask>{weak-match|exact-matc

forwarding table of a VRF.

h}]]|[<Protocol name>]}
ZXR10#show ip protocol routing vrf <vrf-name>

Displays the VPN routing


protocol table of a VRF.

3-128
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Command

Function

ZXR10#show bgp vpnv4 unicast detail {<0-65535

Displays the information about

>:<0-4294967295>|<1-65535>.<0-65535>:<0-65535>|

VPNv4 route unicast.

A.B.C.D:<0-65535>}<ipv4-address><ipv4-mask>
Displays BGP route updates.

ZXR10#debug ip bgp update

End of Steps

3.10.3 MPLS L3VPN HoPE Configuration Examples


3.10.3.1 Single-Level HoPE Configuration Example
Configuration Description
Figure 3-36 shows the network structure for single-level HoPE configuration.
Figure 3-36 Single-Level HoPE Network Structure

Configuration Flow
1.
2.
3.
4.

Configure OSPF globally to establish OSPF neighbor relationships.


Configure LDP globally to establish LDP neighbor relationships.
Configure a VRF instance with the same RT attributes on each device.
Establish MPBGP neighbor relationships between UPE1 and SPE1, SPE1 and SPE2,
and SPE2 and UPE2.
5. On SPE1, set UPE1 as its UPE device. On SPE2, set UPE2 as its UPE device.
6. Configure the VRFs for the access of each CE to the corresponding PE.

Configuration Commands
For the OSPF and LDP configurations between PEs, refer to the MPLS L3VPN Basic
Function Configuration section.
Configure UPE1 as follows:
UPE1(config)#ip vrf hpe
UPE1(config-vrf-hpe)#rd 4:4
UPE1(config-vrf-hpe)#address-family ipv4
UPE1(config-vrf-hpe-af-ipv4)#route-target 4:4
UPE1(config-vrf-hpe-af-ipv4)#exit

3-129
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


UPE1(config-vrf-hpe)#exit
UPE1(config)#interface gei-0/0/1/3.1
UPE1(config-if-gei-0/0/1/3.1)#ip vrf forwarding hpe
UPE1(config-if-gei-0/0/1/3.1)#ip address 37.0.1.1 255.255.255.0
UPE1(config-if-gei-0/0/1/3.1)#exit

UPE1(config)#vlan-configuration
UPE1(config-vlan)#interface gei-0/0/1/3.1
UPE1(config-vlan-if-gei-0/0/1/3.1)#encapsulation-dot1q 1
UPE1(config-vlan-if-gei-0/0/1/3.1)#exit
UPE1(config-vlan)#exit

UPE1(config)#router bgp 200


UPE1(config-bgp)#no synchronization
UPE1(config-bgp)#neighbor 11.11.11.51 remote-as 200
UPE1(config-bgp)#neighbor 11.11.11.51 update-source loopback11
UPE1(config-bgp)#no neighbor 11.11.11.51 activate
UPE1(config-bgp)#address-family vpnv4
UPE1(config-bgp-af-vpnv4)#neighbor 11.11.11.51 activate
UPE1(config-bgp-af-vpnv4)#exit
UPE1(config-bgp)#address-family ipv4 vrf hpe
UPE1(config-bgp-af-ipv4-vrf)#redistribute connected
UPE1(config-bgp-af-ipv4-vrf)#exit
UPE1(config-bgp)#exit

Configure SPE1 as follows:


SPE1(config)#ip vrf hpe
SPE1(config-vrf-hpe)#rd 4:4
SPE1(config-vrf-hpe)#address-family ipv4
SPE1(config-vrf-hpe-af-ipv4)#route-target 4:4
SPE1(config-vrf-hpe-af-ipv4)#exit
SPE1(config-vrf-hpe)#exit

SPE1(config)#interface gei-0/0/1/1.100
SPE1(config-if-gei-0/0/1/1.100)#ip vrf forwarding hpe
SPE1(config-if-gei-0/0/1/1.100)#ip address 51.0.1.1 255.255.255.0
SPE1(config-if-gei-0/0/1/1.100)#exit

SPE1(config)#vlan-configuration
SPE1(config-vlan)#interface gei-0/0/1/1.100
SPE1(config-vlan-if-gei-0/0/1/1.100)#encapsulation-dot1q 100
SPE1(config-vlan-if-gei-0/0/1/1.100)#exit
SPE1(config-vlan)#exit

SPE1(config)#router bgp 200

3-130
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


SPE1(config-bgp)#no synchronization
SPE1(config-bgp)#neighbor 11.11.11.37 remote-as 200
SPE1(config-bgp)#neighbor 11.11.11.37 update-source loopback11
SPE1(config-bgp)#no neighbor 11.11.11.37 activate
SPE1(config-bgp)#neighbor 11.11.11.52 remote-as 200
SPE1(config-bgp)#neighbor 11.11.11.52 update-source loopback11
SPE1(config-bgp)#no neighbor 11.11.11.52 activate
SPE1(config-bgp)#address-family vpnv4
SPE1(config-bgp-af-vpnv4)#neighbor 11.11.11.37 activate
SPE1(config-bgp-af-vpnv4)#neighbor 11.11.11.37 default-originate vrf hpe
SPE1(config-bgp-af-vpnv4)#neighbor 11.11.11.37 virtual-spoke reflect-next-hop-self
SPE1(config-bgp-af-vpnv4)#neighbor 11.11.11.52 activate
SPE1(config-bgp-af-vpnv4)#exit
SPE1(config-bgp)#address-family ipv4 vrf hpe
SPE1(config-bgp-af-ipv4-vrf)#redistribute connected
SPE1(config-bgp-af-ipv4-vrf)#exit
SPE1(config-bgp)#exit

Configure SPE2 as follows:


SPE2(config)#ip vrf hpe
SPE2(config-vrf-hpe)#rd 4:4
SPE2(config-vrf-hpe)#address-family ipv4
SPE2(config-vrf-hpe-af-ipv4)#route-target 4:4
SPE2(config-vrf-hpe-af-ipv4)#exit
SPE2(config-vrf-hpe)#exit

SPE2(config)#interface gei-0/4/0/7.1
SPE2(config-if-gei-0/4/0/7.1)#ip vrf forwarding hpe
SPE2(config-if-gei-0/4/0/7.1)#ip address 52.0.1.1 255.255.255.0
SPE2(config-if-gei-0/4/0/7.1)#exit

SPE2(config)#vlan-configuration
SPE2(config-vlan)#interface gei-0/4/0/7.1
SPE2(config-vlan-if-gei-0/4/0/7.1)#encapsulation-dot1q 1
SPE2(config-vlan-if-gei-0/4/0/7.1)#exit
SPE2(config-vlan)#exit

SPE2(config)#router bgp 200


SPE2(config-bgp)#no synchronization
SPE2(config-bgp)#neighbor 11.11.11.51 remote-as 200
SPE2(config-bgp)#neighbor 11.11.11.51 update-source loopback11
SPE2(config-bgp)#no neighbor 11.11.11.51 activate
SPE2(config-bgp)#neighbor 11.11.11.53 remote-as 200
SPE2(config-bgp)#neighbor 11.11.11.53 update-source loopback11
SPE2(config-bgp)#no neighbor 11.11.11.53 activate

3-131
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


SPE2(config-bgp)#address-family vpnv4
SPE2(config-bgp-af-vpnv4)#neighbor 11.11.11.53 activate
SPE2(config-bgp-af-vpnv4)#neighbor 11.11.11.53 default-originate vrf hpe
SPE2(config-bgp-af-vpnv4)#neighbor 11.11.11.53 virtual-spoke reflect-next-hop-self
SPE2(config-bgp-af-vpnv4)#neighbor 11.11.11.51 activate
SPE2(config-bgp-af-vpnv4)#exit
SPE2(config-bgp)#address-family ipv4 vrf hpe
SPE2(config-bgp-af-ipv4-vrf)#redistribute connected
SPE2(config-bgp-af-ipv4-vrf)#exit
SPE2(config-bgp)#exit

Configure UPE2 as follows:


UPE2(config)#ip vrf hpe
UPE2(config-vrf-hpe)#rd 4:4
UPE2(config-vrf-hpe)#address-family ipv4
UPE2(config-vrf-hpe-af-ipv4)#route-target 4:4
UPE2(config-vrf-hpe-af-ipv4)#exit
UPE2(config-vrf-hpe)#exit

UPE2(config)#interface gei-0/2/0/11.1
UPE2(config-if-gei-0/2/0/11.1)#ip vrf forwarding hpe
UPE2(config-if-gei-0/2/0/11.1)#ip address 53.0.1.1 255.255.255.0
UPE2(config-if-gei-0/2/0/11.1)#exit

UPE2(config)#vlan-configuration
UPE2(config-vlan)#interface gei-0/2/0/11.1
UPE2(config-vlan-if-gei-0/2/0/11.1)#encapsulation-dot1q 1
UPE2(config-vlan-if-gei-0/2/0/11.1)#exit
UPE2(config-vlan)#exit

UPE2(config)#router bgp 200


UPE2(config-bgp)#no synchronization
UPE2(config-bgp)#neighbor 11.11.11.52 remote-as 200
UPE2(config-bgp)#neighbor 11.11.11.52 update-source loopback11
UPE2(config-bgp)#no neighbor 11.11.11.52 activate
UPE2(config-bgp)#address-family vpnv4
UPE2(config-bgp-af-vpnv4)#neighbor 11.11.11.52 activate
UPE2(config-bgp-af-vpnv4)#exit
UPE2(config-bgp)#address-family ipv4 vrf hpe
UPE2(config-bgp-af-ipv4-vrf)#redistribute connected
UPE2(config-bgp-af-ipv4-vrf)#exit
UPE2(config-bgp)#exit

Configuration Verification
Check the UPE1 configuration result as follows:
3-132
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


UPE1#show ip forwarding route vrf hpe
/*Displays the VPN routing and forwarding table. UPE maintains only the local routes
and default routes (next hop: SPE1)*/
IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
Status codes: *valid, >best;
Dest

Gw

Interface

Owner

Pri Metric

*> 0.0.0.0/0

11.11.11.51

smartgroup60

BGP

200 0

*> 37.0.1.0/24

37.0.1.1

gei-0/0/1/3.1

Direct

*> 37.0.1.1/32

37.0.1.1

gei-0/0/1/3.1

Address

UPE1#show bgp vpnv4 unicast summary


/*Displays BGP vpnv4 neighbors. An MPBGP neighbor relationship is established
with SPE1.*/
Neighbor

Ver

As

MsgRcvd

MsgSend

Up/Down

11.11.11.51

200

16

00:04:27

State/PfxRcd
1

UPE1#show bgp vpnv4 unicast detail 4:4 0.0.0.0 0.0.0.0


/*Displays the information about the receipt and advertisement of the default routes.
SPE1 advertises the default routes to UPE1, and the next hop is changed to SPE1.*/
BGP routing table entry for 4:4 0.0.0.0/0
2d2h received from 11.11.11.51 (1.1.1.51)
origin i,nexthop 11.11.11.51,localpref 100,rtpref 200,
as path
as4 path
extended Community:RT:4:4
received label

157472

UPE1#show bgp vpnv4 unicast detail 4:4 37.0.1.0 255.255.255.0


/*Displays the information about the receipt and advertisement of the local directly
connected routes. UPE1 advertises the specific routes to SPE1.*/
BGP routing table entry for 4:4 37.0.1.0/24
Local
origin ?,nexthop 37.0.1.1,metric 0,rtpref 0,
as path
as4 path
extended Community:RT:4:4
received label

notag

2d2h advertised to 11.11.11.51 (1.1.1.51)


origin ?,nexthop 11.11.11.37,localpref 100,

3-133
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


as path
as4 path
extended Community:RT:4:4
sent label

213005

UPE1#ping vrf hpe 51.0.1.1


/*Pings a device directly connected to SPE1, which is accessible through a default
route.*/
sending 5,100-byte ICMP echoes to 51.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 6/6/8 ms.

UPE1#ping vrf hpe 52.0.1.1


/*Pings a device directly connected to SPE2, which is accessible through a default
route.*/
sending 5,100-byte ICMP echoes to 52.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 6/6/8 ms.

UPE1#ping vrf hpe 53.0.1.1


/*Pings a device directly connected to UPE2, which is accessible through a default
route.*/
sending 5,100-byte ICMP echoes to 53.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 6/6/8 ms.

/*Tester1 (CE1) sends messages to the Tester2 (CE2) successfully.*/

Check the SPE1 configuration result as follows:


SPE1#show ip forwarding route vrf hpe
/*Displays the VPN routing and forwarding table. SPE maintains all the specific routes
on UPE and non-UPE devices.*/
IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
Status codes: *valid, >best;
Dest

Gw

Interface

Owner

Pri Met

*> 37.0.1.0/24

11.11.11.37

smartgroup60

BGP

200 0

*> 51.0.1.0/24

51.0.1.1

gei-0/0/1/1.100

Direct

*> 51.0.1.1/32

51.0.1.1

gei-0/0/1/1.100

Address

*> 52.0.1.0/24

11.11.11.52

gei-0/3/1/3

BGP

20

3-134
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


*> 53.0.1.0/24

11.11.11.52

gei-0/3/1/3

BGP

20

SPE1#show bgp vpnv4 unicast summary


/*Displays BGP VPNv4 neighbors. MPBGP neighbor relationships are established between
SPE1 and UPE1 and between SPE1 and SPE2.*/
Neighbor

Ver

As

MsgRcvd

MsgSend

Up/Down

State/PfxRcd

11.11.11.37

200

19

13

00:05:34

11.11.11.52

65002

14

26

00:05:34

SPE1#show bgp vpnv4 unicast detail 4:4 0.0.0.0 0.0.0.0


/*Displays the information about the receipt and advertisement of the default routes.
SPE advertises the default routes to UPE.*/
BGP routing table entry for 4:4 0.0.0.0/0
02:34:05 advertised to 11.11.11.37 (1.1.1.37)
origin i,nexthop 11.11.11.51,localpref 100,
as path
as4 path
extended Community:RT:4:4
sent label

157472

SPE1#show bgp vpnv4 unicast detail 4:4 37.0.1.0 255.255.255.0


/*Displays the information about the receipt and advertisement of the directly
connected routes to UPE1. SPE automatically reflects the routes of UPE1 to
other non-UPE neighbors.*/
BGP routing table entry for 4:4 37.0.1.0/24
02:35:35 received from 11.11.11.37 (1.1.1.37)
origin ?,nexthop 11.11.11.37,localpref 100,rtpref 200,
as path
as4 path
extended Community:RT:4:4
received label

213005

02:35:36 advertised to 11.11.11.52 (1.1.1.52)


origin ?,nexthop 11.11.11.51,
as path [200]
as4 path
extended Community:RT:4:4
sent label

157625

SPE1#show bgp vpnv4 unicast detail 4:4 51.0.1.0 255.255.255.0


/*Displays the information about the receipt and advertisement of the local directly
connected routes. SPE automatically reflects its routes to other non-UPE neighbors.*/
BGP routing table entry for 4:4 51.0.1.0/24
Local
origin ?,nexthop 51.0.1.1,metric 0,rtpref 0,
as path

3-135
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


as4 path
extended Community:RT:4:4
received label

notag

02:34:05 advertised to 11.11.11.52 (1.1.1.52)


origin ?,nexthop 11.11.11.51,
as path [200]
as4 path
extended Community:RT:4:4
sent label

157528

SPE1#show bgp vpnv4 unicast detail 4:4 52.0.1.0 255.255.255.0


/*Displays the information about the receipt and advertisement of the directly
connected routes to SPE2. The specific routes will not be advertised to UPE.*/
BGP routing table entry for 4:4 52.0.1.0/24
02:40:43 received from 11.11.11.52 (1.1.1.52)
origin ?,nexthop 11.11.11.52,rtpref 20,
as path [65002]
as4 path
extended Community:RT:4:4
received label

213013

SPE1#show bgp vpnv4 unicast detail 4:4 53.0.1.0 255.255.255.0


/*Displays the information about the receipt and advertisement of the directly connected
routes to UPE2. The specific routes will not be advertised to UPE.*/
BGP routing table entry for 4:4 53.0.1.0/24
02:41:29 received from 11.11.11.52 (1.1.1.52)
origin ?,nexthop 11.11.11.52,rtpref 20,
as path [65002]
as4 path
extended Community:RT:4:4
received label

213129

SPE1#ping vrf hpe 37.0.1.1


/*Pings UPE, which is accessible through a specific route.*/
sending 5,100-byte ICMP echoes to 37.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/3 ms.

SPE1#ping vrf hpe 52.0.1.1


/*Pings SPE2, which is accessible through a specific route.*/
sending 5,100-byte ICMP echoes to 52.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.

SPE1#ping vrf hpe 53.0.1.1

3-136
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


/*Pings UPE2, which is accessible through a specific route.*/
sending 5,100-byte ICMP echoes to 53.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/1 ms.

Check the SPE2 configuration result as follows:


SPE2#show ip forwarding route vrf hpe
/*Displays the VPN routing and forwarding table. SPE2 maintains all the specific routes
on UPE and non-UPE devices.*/
IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
status codes: *valid, >best;
Dest

Gw

Interface

Owner

Pri Metric

*> 37.0.1.0/24

11.11.11.51

gei-0/4/0/4

BGP

20

*> 51.0.1.0/24

11.11.11.51

gei-0/4/0/4

BGP

20

*> 52.0.1.0/24

52.0.1.1

gei-0/4/0/3.1

Direct

*> 52.0.1.1/32

52.0.1.1

gei-0/4/0/3.1

Address

*> 53.0.1.0/24

11.11.11.53

smartgroup44.100

BGP

200 0

SPE2#show bgp vpnv4 unicast summary


/*Displays BGP VPNv4 neighbors. MPBGP neighbor relationships are established between
SPE2 and SPE1 and between SPE2 and UPE2.*/
Neighbor

Ver

As

MsgRcvd

MsgSend

Up/Down

State/PfxRcd

11.11.11.51

200

35

28

00:10:11

22

11.11.11.53

200

391

330

02:41:48

113

SPE2#show bgp vpnv4 unicast detail 4:4 0.0.0.0 0.0.0.0


/*Displays the information about the receipt and advertisement of the default routes.*/
BGP routing table entry for 4:4 0.0.0.0/0
2d23h advertised to 11.11.11.53 (145.0.214.1)
origin i,nexthop 11.11.11.52,localpref 100,
as path
as4 path
extended Community:RT:4:4
sent label

212993

SPE2#show bgp vpnv4 unicast detail 4:4 37.0.1.0 255.255.255.0


/*Displays the information about the receipt and advertisement of the directly
connected routes to UPE1.*/
BGP routing table entry for 4:4 37.0.1.0/24

3-137
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


3d2h received from 11.11.11.51 (1.1.1.51)
origin ?,nexthop 11.11.11.51,rtpref 20,
as path [200]
as4 path
extended Community:RT:4:4
received label

157625

SPE2#show bgp vpnv4 unicast detail 4:4 51.0.1.0 255.255.255.0


/*Displays the information about the receipt and advertisement of the directly
connected routes to SPE1.*/
BGP routing table entry for 4:4 51.0.1.0/24
3d2h received from 11.11.11.51 (1.1.1.51)
origin ?,nexthop 11.11.11.51,rtpref 20,
as path [200]
as4 path
extended Community:RT:4:4
received label

157528

SPE2#show bgp vpnv4 unicast detail 4:4 52.0.1.0 255.255.255.0


/*Displays the information about the receipt and advertisement of the directly connected
routes to SPE2.*/
BGP routing table entry for 4:4 52.0.1.0/24
Local
origin ?,nexthop 52.0.1.1,metric 0,rtpref 0,
as path
as4 path
extended Community:RT:4:4
received label

notag

3d2h advertised to 11.11.11.51 (1.1.1.51)


origin ?,nexthop 11.11.11.52,
as path [200]
as4 path
extended Community:RT:4:4
sent label

213013

SPE2#sho bgp vpnv4 unicast detail 4:4 53.0.1.0 255.255.255.0


/*Displays the information about the receipt and advertisement of the directly connected
routes to UPE2.*/
BGP routing table entry for 4:4 53.0.1.0/24
3d2h received from 11.11.11.53 (145.0.214.1)
origin ?,nexthop 11.11.11.53,localpref 100,rtpref 200,
as path
as4 path
extended Community:RT:4:4
received label

120025

3-138
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


3d2h advertised to 11.11.11.51 (1.1.1.51)
origin ?,nexthop 11.11.11.52,
as path [200]
as4 path
extended Community:RT:4:4
sent label

213129

SPE2#ping vrf hpe 37.0.1.1


/*Pings UPE1, which is accessible through a specific route.*/
sending 5,100-byte ICMP echoes to 37.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.

SPE2#ping vrf hpe 51.0.1.1


/*Pings SPE1, which is accessible through a specific route.*/
sending 5,100-byte ICMP echoes to 51.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.

SPE2#ping vrf hpe 53.0.1.1


/*Pings SPE1, which is accessible through a specific route.*/
sending 5,100-byte ICMP echoes to 53.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.

Check the UPE2 configuration result as follows:


UPE2#show ip forwarding route vrf hpe
/*Displays the VPN routing and forwarding table.*/
IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
status codes: *valid, >best;
Dest

Gw

Interface

Owner

Pri Metric

*> 0.0.0.0/0

11.11.11.52

smartgroup44.100

BGP

200 0

*> 5.5.5.53/32

5.5.5.53

loopback55

Address

*> 53.0.1.0/24

53.0.1.1

gei-0/2/0/11.1

Direct

*> 53.0.1.1/32

53.0.1.1

gei-0/2/0/11.1

Address

UPE2#show bgp vpnv4 unicast summary


/*Displays BGP VPNv4 neighbors. MPBGP neighbor relationships are established
between UPE2 and SPE2.*/

3-139
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


Neighbor

Ver

As

MsgRcvd

MsgSend

Up/Down

11.11.11.52

200

337

398

02:45:00

State/PfxRcd
2

UPE2#show bgp vpnv4 unicast detail 4:4 0.0.0.0 0.0.0.0


/*Displays the information about the receipt and advertisement of the default routes.
UPE2 receives only the default routes.*/
BGP routing table entry for 4:4 0.0.0.0/0
2d20h received from 11.11.11.52 (1.1.1.52)
origin i,nexthop 11.11.11.52,localpref 100,rtpref 200,
as path
as4 path
extended Community:RT:4:4
received label

212993

UPE2#show bgp vpnv4 unicast detail 4:4 37.0.1.0 255.255.255.0


/*Displays the information about the receipt and advertisement of the directly
connected routes to UPE1. UPE2 receives only the default routes.*/
UPE2#show bgp vpnv4 unicast detail 4:4 51.0.1.0 255.255.255.0
/*Displays the information about the receipt and advertisement of the routes directly
connected to SPE1. UPE2 receives only the default routes.*/
UPE2#show bgp vpnv4 unicast detail 4:4 52.0.1.0 255.255.255.0
/*Displays the information about the receipt and advertisement of the routes directly
connected to SPE2. UPE2 receives only the default routes.*/
UPE2#show bgp vpnv4 unicast detail 4:4 53.0.1.0 255.255.255.0
/*Displays the information about the receipt and advertisement of the local directly
connected routes.*/
BGP routing table entry for 4:4 53.0.1.0/24
Local
origin ?,nexthop 53.0.1.1,metric 0,rtpref 0,
as path
as4 path
extended Community:RT:4:4
received label

notag

2d22h advertised to 11.11.11.52 (1.1.1.52)


origin ?,nexthop 11.11.11.53,localpref 100,
as path
as4 path
extended Community:RT:4:4
sent label

120025

UPE2#ping vrf hpe 37.0.1.1


/*Pings UPE1, which is accessible through a default route.*/
sending 5,100-byte ICMP echoes to 37.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.

3-140
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

UPE2#ping vrf hpe 51.0.1.1


/*Pings SPE1, which is accessible through a default route.*/
sending 5,100-byte ICMP echoes to 51.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/1 ms.

UPE2#ping vrf hpe 52.0.1.1


/*Pings SPE2, which is accessible through a default route.*/
sending 5,100-byte ICMP echoes to 52.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/1 ms.

Tester2 (CE2) sends messages to the Tester1 (CE1) successfully.

3.10.3.2 Multilevel HoPE Configuration Example


Configuration Description
Figure 3-37 shows the network structure for multilevel HoPE configuration.
Figure 3-37 Multilevel HoPE Configuration Example

Configuration Flow
1.
2.
3.
4.

Configure OSPF gobally to establish OSPF neighbor relationships.


Configure LDP gobally to establish LDP neighbor relationships.
Configure VRF instances with the same RT attributes on each device.
Establish MPBGP neighbor relationships between UPE1 and MPE, MPE and SPE2,
and SPE2 and PE3.
5. On SPE2, set MPE as its UPE. On MPE, set UPE1 as its UPE.
6. On SPE2, advertise the default routes to MPE. After receiving the default routes
(IBGP), MPE does not advertise the routes to UPE1. Thus it is required to set (on
MPE) MPE as RR and UPE1 as the RRC of MPE.
7. Configure the VRFs for the access of each CE to the corresponding PE.

3-141
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Configuration Commands
For the OSPF, LDP, and VRF configurations between PEs, refer to the MPLS L3VPN
Basic Function Configuration section.
Configure MPE in BGP vpnv4 address family configuration mode as follows:
MPE(config-bgp-af)#neighbor 11.11.11.37 active
MPE(config-bgp-af)#neighbor 11.11.11.37 default-originate vrf hpe
MPE(config-bgp-af)#neighbor 11.11.11.37 virtual-spoke reflect-next-hop-self
MPE(config-bgp-af)#neighbor 11.11.11.37 route-reflector-client
MPE(config-bgp-af)#neighbor 11.11.11.47 active

Configure SPE2 in BGP vpnv4 address family configuration mode as follows:


SPE2(config-bgp-af)#neighbor 11.11.11.51active
SPE2(config-bgp-af)#neighbor 11.11.11.51 default-originate vrf hpe
SPE2(config-bgp-af)#neighbor 11.11.11.51 virtual-spoke reflect-next-hop-self
SPE2(config-bgp-af)#neighbor 11.11.11.32 active

Configuration Verification
Check the UPE1 configuration result as follows:
UPE1#show ip forwarding route vrf hpe
/*Displays the VPN routing and forwarding table. UPE maintains only the local routes and
default routes. The default next hop is SPE2.
The default routes are reflected by RR, where the next hop information is not changed.*/
IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
Status codes: *valid, >best;
Gw

Interface

Owner

Pri Metric

*> 0.0.0.0/0

Dest

11.11.11.47

smartgroup60

BGP

200 0

*> 37.0.1.0/24

37.0.1.1

gei-0/1/0/1.1

Direct

*> 37.0.1.1/32

37.0.1.1

gei-0/1/0/1.1

Address

UPE1#show bgp vpnv4 unicast summary


/*Displays BGP VPNv4 neighbors. An MPBGP neighbor relationship is established with MPE.*/
Neighbor

Ver

As

MsgRcvd

MsgSend

Up/Down

11.11.11.51

200

518

527

04:17:30

State/PfxRcd
1

UPE1#show bgp vpnv4 unicast detail 4:4 0.0.0.0 0.0.0.0


/*Displays the information about the receipt and advertisement of the default routes.
MPE sends the default routes to UPE1 and the next hop is still SPE2, even if the

3-142
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


neighbor 11.11.11.37 virtual-spoke reflect-next-hop-self command is run on MPE,
because the routes are reflected by RR.*/
BGP routing table entry for 4:4 0.0.0.0/0
2d6h received from 11.11.11.51 (1.1.1.51)
origin i,nexthop 11.11.11.47,localpref 100,rtpref 200,originator_id 1.1.1.47,
cluster list: 1.1.1.51
as path
as4 path
extended Community:RT:4:4
received label

950819

UPE1#ping vrf hpe 51.0.1.1


/*Pings MPE, which is accessible through a default route.*/
sending 5,100-byte ICMP echoes to 51.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 6/6/7 ms.

UPE1#ping vrf hpe 47.0.1.1


/*Pings SPE2, which is accessible through a default route.*/
sending 5,100-byte ICMP echoes to 47.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 4/4/4 ms.

UPE1#ping vrf hpe 32.0.1.1


/*Pings PE3, which is accessible through a default route.*/
sending 5,100-byte ICMP echoes to 32.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 6/6/7 ms

Check the MPE configuration result as follows:


MPE#show ip forwarding route vrf hpe
/*Displays the VPN routing and forwarding table. The default routes on MPE are
advertised by SPE2, and the next hop is SPE2.*/
IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
status codes: *valid, >best
Gw

Interface

Owner

Pri Metric

*> 0.0.0.0/0

Dest

11.11.11.47

gei-0/4/1/1

BGP

200 0

*> 37.0.1.0/24

11.11.11.37

smartgroup60

BGP

200 0

*> 51.0.1.0/24

51.0.1.1

gei-0/0/1/1.100

Direct

3-143
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


*> 51.0.1.1/32

51.0.1.1

gei-0/0/1/1.100

Address

MPE#show bgp vpnv4 unicast summary


/*Displays BGP VPNv4 neighbors. L3VPN neighbor relationships are established
between MPE and UPE1 and between MPE and SPE2.*/
Neighbor

Ver

As

MsgRcvd

MsgSend

Up/Down

State/PfxRcd

11.11.11.37

200

528

521

04:18:27

11.11.11.47

200

12

00:01:12

MPE#show bgp vpnv4 unicast detail 4:4 0.0.0.0 0.0.0.0


/*Displays the information about the receipt and advertisement of the default routes.
The default routes are reflected by SPE2 and are IBGP routes. IBGP routes will not be
advertised, so RR needs to be configured. UPE1 is set as RRC to reflect IBGP default
routes to UPE1 and the next hop is not changed.*/
BGP routing table entry for 4:4 0.0.0.0/0
06:51:21 received from 11.11.11.47 (1.1.1.47)
origin i,nexthop 11.11.11.47,localpref 100,rtpref 200,
as path
as4 path
extended Community:RT:4:4
received label

950819

06:51:22 advertised to 11.11.11.37 (1.1.1.37)


origin i,nexthop 11.11.11.47,localpref 100,originator_id 1.1.1.47,
cluster list: 1.1.1.51
as path
as4 path
extended Community:RT:4:4
sent label

950819

MPE#show bgp vpnv4 unicast detail 4:4 37.0.1.0 255.255.255.0


/*Displays the information about the receipt and advertisement of the directly
connected routes to UPE1.*/
BGP routing table entry for 4:4 37.0.1.0/24
04:33:41 received from 11.11.11.37 (1.1.1.37)
origin ?,nexthop 11.11.11.37,localpref 100,rtpref 200,
as path
as4 path
extended Community:RT:4:4
received label

213005

06:51:20 advertised to 11.11.11.47 (1.1.1.47)


origin ?,nexthop 11.11.11.51,localpref 100,originator_id 1.1.1.37,
cluster list: 1.1.1.51
as path
as4 path
extended Community:RT:4:4

3-144
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


sent label

157621

MPE#show bgp vpnv4 unicast detail 4:4 51.0.1.0 255.255.255.0


/*Displays the information about the receipt and advertisement of the directly
connected routes to MPE.*/
BGP routing table entry for 4:4 51.0.1.0/24
Local
origin ?,nexthop 51.0.1.1,metric 0,rtpref 0,
as path
as4 path
extended Community:RT:4:4
received label

notag

06:51:20 advertised to 11.11.11.47 (1.1.1.47)


origin ?,nexthop 11.11.11.51,localpref 100,
as path
as4 path
extended Community:RT:4:4
sent label

157528

MPE#show bgp vpnv4 unicast detail 4:4 47.0.1.0 255.255.255.0


/*Displays the information about the receipt and advertisement of the directly
connected routes to SPE2. Specific routes will not be advertised to UPE.*/
MPE#show bgp vpnv4 unicast detail 4:4 32.0.1.0 255.255.255.0
/*Displays the information about the receipt and advertisement of the directly
connected routes to PE3. MPE is a UPE for SPE2, so SPE2 does not advertise the
specific routes to MPE.*/
MPE#ping vrf hpe 37.0.1.1
/*Pings UPE1, which is accessible through a specific route.*/
sending 5,100-byte ICMP echoes to 37.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.

MPE#ping vrf hpe 47.0.1.1


/*Pings SPE2, which is accessible through a default route.*/
sending 5,100-byte ICMP echoes to 47.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.

MPE#ping vrf hpe 32.0.1.1


/*Pings PE3, which is accessible through a default route.*/
sending 5,100-byte ICMP echoes to 32.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.

3-145
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Check the SPE2 configuration result as follows:


SPE2#show ip forwarding route vrf hpe
/*Displays the VPN routing and forwarding table. SPE2 maintains all the routes.*/
IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
status codes: *valid, >best
Dest

Gw

Interface

Owner

Pri Metric

*> 32.0.1.0/24

11.11.11.32

gei-0/7/0/12

BGP

200

*> 32.0.1.1/32

11.11.11.32

gei-0/7/0/12

BGP

200

*> 37.0.1.0/24

11.11.11.51

gei-0/2/0/14

BGP

100 0

*> 47.0.1.0/24

47.0.1.1

gei-0/2/0/48.1

Direct

*> 47.0.1.1/32

47.0.1.1

gei-0/2/0/48.1

Address

*> 51.0.1.0/24

11.11.11.51

gei-0/2/0/14

BGP

100 0

SPE2#show bgp vpnv4 unicast summary


/*Displays BGP VPNv4 neighbors. MPBGP neighbor relationships are established between
SPE2 and MPE and between SPE2 and SPE3.*/
Neighbor

Ver

As

MsgRcvd

MsgSend

Up/Down

State/PfxRcd

11.11.11.32

200

149

179

01:05:54

10

11.11.11.51

200

14

00:02:23

SPE2#show bgp vpnv4 unicast detail 4:4 0.0.0.0 0.0.0.0


/*Displays the information about the receipt and advertisement of the default routes.*/
BGP routing table entry for 4:4 0.0.0.0/0
1d1h advertised to 11.11.11.51 (1.1.1.51)
origin i,nexthop 11.11.11.47,localpref 100,
as path
as4 path
extended Community:RT:4:4
sent label

950819

SPE2#show bgp vpnv4 unicast detail 4:4 37.0.1.0 255.255.255.0


/*Displays the information about the receipt and advertisement of the directly
connected routes to UPE1.*/
BGP routing table entry for 4:4 37.0.1.0/24
1d1h received from 11.11.11.51 (1.1.1.51)
origin ?,nexthop 11.11.11.51,localpref 100,rtpref 100,originator_id 1.1.1.37,
cluster list: 1.1.1.51

3-146
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


as path
as4 path
extended Community:RT:4:4
received label

157621

1d1h advertised to 11.11.11.32 (0.0.0.1)


origin ?,nexthop 11.11.11.47,
as path [200]
as4 path
extended Community:RT:4:4
sent label

951026

SPE2#show bgp vpnv4 unicast detail 4:4 51.0.1.0 255.255.255.0


/*Displays the information about the receipt and advertisement of the directly
connected routes to MPE.*/
BGP routing table entry for 4:4 51.0.1.0/24
1d1h received from 11.11.11.51 (1.1.1.51)
origin ?,nexthop 11.11.11.51,localpref 100,rtpref 100,
as path
as4 path
extended Community:RT:4:4
received label

157528

1d1h advertised to 11.11.11.32 (0.0.0.1)


origin ?,nexthop 11.11.11.47,
as path [200]
as4 path
extended Community:RT:4:4
sent label

951060

SPE2#show bgp vpnv4 unicast detail 4:4 32.0.1.0 255.255.255.0


/*Displays the information about the receipt and advertisement of the directly
connected routes to PE3.*/
BGP routing table entry for 4:4 32.0.1.0/24
1d0h received from 11.11.11.32 (0.0.0.1)
origin ?,nexthop 11.11.11.32,rtpref 20,
as path [300]
as4 path
extended Community:RT:4:4
received label

217113

SPE2#ping vrf hpe 37.0.1.1


/*Pings UPE1, which is accessible through a specific route.*/
sending 5,100-byte ICMP echoes to 37.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.

3-147
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


SPE2#ping vrf hpe 51.0.1.1
/*Pings MPE, which is accessible through a specific route.*/
sending 5,100-byte ICMP echoes to 51.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.

SPE2#ping vrf hpe 32.0.1.1


/*Pings PE3, which is accessible through a specific route.*/
sending 5,100-byte ICMP echoes to 32.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/3 ms.

Check the PE3 configuration result as follows:


PE3#show ip forwarding route vrf hpe
/*Displays the VPN routing and forwarding table.*/
IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
status codes: *valid, >best;
Dest

Gw

Interface

Owner

Pri Metric

*> 32.0.1.0/24

32.0.1.1

gei-0/2/0/12.1

Direct

*> 32.0.1.1/32

32.0.1.1

gei-0/2/0/12.1

Address

*> 37.0.1.0/24

11.11.11.47

gei-0/0/0/12

BGP

20

*> 47.0.1.0/24

11.11.11.47

gei-0/0/0/12

BGP

20

*> 51.0.1.0/24

11.11.11.47

gei-0/0/0/12

BGP

20

PE3#show bgp vpnv4 unicast summary


/*Displays BGP VPNv4 neighbors. MPBGP neighbor relationships are established between
PE3 and SPE2.*/
Neighbor

Ver

As

MsgRcvd

MsgSend

Up/Down

11.11.11.47

200

182

152

01:07:11

State/PfxRcd
28

PE3#show bgp vpnv4 unicast detail 4:4 0.0.0.0 0.0.0.0


/*Displays the information about the receipt and advertisement of the default routes.*/
BGP routing table entry for 4:4 0.0.0.0/0

PE3#show bgp vpnv4 unicast detail 4:4 37.0.1.0 255.255.255.0


/*Displays the information about the receipt and advertisement of the directly
connected routes to UPE1.*/
BGP routing table entry for 4:4 37.0.1.0/24
3d6h received from 11.11.11.47 (1.1.1.47)

3-148
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


origin ?,nexthop 11.11.11.47,rtpref 20,
as path [200]
as4 path
extended Community:RT:4:4
received label

951026

PE3#show bgp vpnv4 unicast detail 4:4 51.0.1.0 255.255.255.0


/*Displays the information about the receipt and advertisement of the directly
connected routes to MPE.*/
BGP routing table entry for 4:4 51.0.1.0/24
3d6h received from 11.11.11.47 (1.1.1.47)
origin ?,nexthop 11.11.11.47,rtpref 20,
as path [200]
as4 path
extended Community:RT:4:4
received label

951060

PE3#show bgp vpnv4 unicast detail 4:4 47.0.1.0 255.255.255.0


/*Displays the information about the receipt and advertisement of the directly
connected routes to SPE2.*/
BGP routing table entry for 4:4 47.0.1.0/24
3d5h received from 11.11.11.47 (1.1.1.47)
origin ?,nexthop 11.11.11.47,rtpref 20,
as path [200]
as4 path
extended Community:RT:4:4
received label

950829

PE3#show bgp vpnv4 unicast detail 4:4 32.0.1.0 255.255.255.0


/*Displays the information about the receipt and advertisement of the directly
connected routes to PE3.*/
BGP routing table entry for 4:4 32.0.1.0/24
Local
origin ?,nexthop 32.0.1.1,metric 0,rtpref 0,
as path
as4 path
extended Community:RT:4:4
received label

notag

3d5h advertised to 11.11.11.47 (1.1.1.47)


origin ?,nexthop 11.11.11.32,
as path [300]
as4 path
extended Community:RT:4:4
sent label

217113

3-149
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE3#ping vrf hpe 37.0.1.1
/*Pings UPE1, which is accessible through a specific route.*/
sending 5,100-byte ICMP echoes to 37.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.

PE3#ping vrf hpe 51.0.1.1


/*Pings MPE, which is accessible through a specific route.*/
sending 5,100-byte ICMP echoes to 51.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.

PE3#ping vrf hpe 47.0.1.1


/*Pings SPE2, which is accessible through a specific route.*/
sending 5,100-byte ICMP echoes to 47.0.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.

3.11 BGP Update Group Configuration


3.11.1 BGP Update Group Overview
The BGP update group function optimizes BGP route advertisement. The system supports
this function by default, which does not need to be configured. The BGP update group
function has the following advantages:
l

Reducing the memory usage


If the BGP update group function is not used, a large memory space is required for
recording route advertisement information. For example, if a routing table has one
million routes and 100 BGP neighbors are configured, when the one million routes
are advertised to 100 BGP neighbors, 100 million (1 million 100) nlri (nlri means the
route advertisement information unit) are generated. One nlri accounts for a minimum
of 32 bytes, and a total of 3.2 GB (32 bytes 100 million) memory space is required.
If the BGP update group function is used, neighbors with the same output attributes
are classified into a update group. The quantity of route advertisement information is
proportionate to the number of update groups instead of the number of neighbors. A
large memory space is reduced. In the above example, if the 100 neighbors have the
same output attributes and are classified into one update group, then only 1 million
nlri (1 million 1) will be generated, and only a memory space of 32 MB is required.

Accelerating the route advertisement to neighbors while reducing the CPU usage
If the BGP update group function is not used, a route update packet needs to
be constructed for each neighbor, which consumes much time during the packet
forwarding process.
3-150

SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

If the BGP update group function is used, a route update packet needs to be
constructed for each update group instead of each neighbor. The same route update
packet can be used for neighbors in an update group. If an update group has a large
number of neighbors, the packet forwarding performance would be largely improved.

3.11.2 Configuring BGP Update Group


This procedure describes how to configure BGP update group.

Context
The BGP update group function is enabled by default.

Steps
1. Configure BGP update group.
Step

Command

Function

ZXR10(config)#router bgp <as-number>

Enters BGP configuration


mode.

ZXR10(config-bgp)#neighbor {<ipv4-address>|<ipv6-add

Indicates that the neighbor

ress>|<peer-group-name>} split-update-group

uses an exclusive update


group instead of sharing
an update group with other
neighbors.

2. View BGP update group information.


Command

Function

ZXR10#show ip bgp update-group [<ipv4-address>|<ipv6-addr

Displays the update group where

ess>|<index>]

BGP neighbors are located.

ZXR10#show bgp vpnv4 mcast update-group [<ipv4-address>|<i

Displays the mcast update group


information in VPN address

pv6-address>|<index>]

family configuration mode.


ZXR10#show bgp vpnv4 multicast [vrf <vrf-name>]

Displays the multicast update

update-group [<ipv4-address>|<ipv6-address>|<index>]

group information in VPN


address family configuration
mode.

ZXR10#show bgp vpnv4 unicast update-group [vrf

Displays the unicast update

<vrf-name>][<ipv4-address>|<ipv6-address>|<index>]

group information in VPN


address family configuration
mode.

3-151
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Command

Function

ZXR10#show bgp vpnv6 unicast update-group [vrf

Displays the unicast update

<vrf-name>][<ipv4-address>|<ipv6-address>|<index>]

group information in VPNv6


address family configuration
mode.

ZXR10#show bgp {ipv4 | ipv6} multicast update-group

Displays the multicast update

[<ipv4-address>|<ipv6-address>|<index>]

group information in IPv4 or IPv6


address family configuration
mode.

ZXR10#show bgp {ipv4 | ipv6} unicast update-group

Displays the unicast update

[<ipv4-address>|<ipv6-address>|<index>]

group information in IPv4 or IPv6


address family configuration
mode.

3. Delete BGP update group information.


Command

Function

ZXR10#clear ip bgp update-group [<ipv4-address>|<ipv6-addr

Deletes the update group where

ess>|<index>]

BGP neighbors are located.

ZXR10#clear ip bgp ipv4 [vrf <vrf-name>] multicast

Deletes the multicast update

update-group [<ipv4-address>|<ipv6-address>|<index>]

group information in IPv4


address family configuration
mode.

ZXR10#clear ip bgp ipv4 [vrf <vrf-name>] unicast update-group

Deletes the unicast update group

[<ipv4-address>|<ipv6-address>|<index>]

information in IPv4 address


family configuration mode.

ZXR10#clear ip bgp ipv6 [vrf <vrf-name>] unicast update-group

Deletes the unicast update group

[<ipv4-address>|<ipv6-address>|<index>]

information in IPv6 address


family configuration mode.

ZXR10#clear ip bgp ipv6 multicast update-group

Deletes the multicast update

[<ipv4-address>|<ipv6-address>|<index>]

group information in IPv6


address family configuration
mode.

ZXR10#clear ip bgp vpnv4 mcast update-group

Deletes the mcast update group

[<ipv4-address>|<ipv6-address>|<index>]

information in VPN address


family configuration mode.

ZXR10#clear ip bgp vpnv4 multicast update-group

Deletes the multicast update

[<ipv4-address>|<ipv6-address>|<index>]

group information in VPN


address family configuration
mode.

3-152
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Command

Function

ZXR10#clear ip bgp vpnv4 unicast update-group

Deletes the unicast update group

[<ipv4-address>|<ipv6-address>|<index>]

information in VPN address


family configuration mode.

ZXR10#clear ip bgp vpnv6 unicast update-group

Deletes the unicast update group

[<ipv4-address>|<ipv6-address>|<index>]

information in VPNv6 address


family configuration mode.

End of Steps

3.11.3 BGP Update Group Configuration Example


Configuration Description
Figure 3-38 shows the network structure for BGP update group configuration. R1 and R2
are interconnected through the gei-0/1/0/1 interfaces, and a BGP neighbor relationship is
established between R1 and R2. The BGP update group function is enabled by default.
Figure 3-38 Network Structure for BGP Update Group Configuration

Configuration Flow
1. Establish a BGP neighbor relationship between R1 and R2 through the gei-0/1/0/1
interfaces.
2. Establish new neighbor relationships through the gei-0/1/0/1 and gei-0/1/0/2 interfaces
of R1 and R2.
3. To enable a new neighbor relationship to be in an exclusive update group, run the
split-update-group command.

Configuration Commands
1. Establish a BGP neighbor relationship between R1 and R2 through the gei-0/1/0/1
interfaces.
Configure R1 as follows:
R1(config)#router bgp 65530
R1(config-bgp)#neighbor 10.1.1.3 remote-as 1
R1(config-bgp)#exit

Configure R2 as follows:
R2(config)#router bgp 1
R2(config-bgp)#neighbor 10.1.1.1

remote-as 65530

3-153
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


R2(config-bgp)#exit

Run the show ip bgp summary command on R1. The BGP neighbor relationship is
established.
R1(config-bgp)#show ip bgp summary
Neighbor

Ver

As

MsgRcvd

MsgSend

Up/Down

10.1.1.3

00:08:22

State/PfxRcd
1

Run the show ip bgp update-group command on R1. An update group is established,
and the neighbor is added into the BGP update group.
R1(config-bgp)#show ip bgp update-group
Index: 1
Number of static caches: 10 use 0
Has 1 members:
Normal peer:
10.1.1.3

2. Establish a BGP neighbor relationship between R1 and R2 through the gei-0/1/0/1 and
gei-0/1/0/2 interfaces.
Configure R1 as follows:
R1(config)#router bgp 65530
R1(config-bgp)#neighbor 10.1.1.3 remote-as 1
R1(config-bgp)#neighbor 20.1.1.3 remote-as 1
R1(config-bgp)#exit

Configure R2 as follows:
R2(config)#router bgp 1
R2(config-bgp)#neighbor 10.1.1.1 remote-as 65530
R2(config-bgp)#neighbor 20.1.1.1 remote-as 65530
R2(config-bgp)#exit

Run the show ip bgp summary command on R1. The BGP neighbor relationship is
established.
R1(config-bgp)#show ip bgp summary
Neighbor

Ver

As

MsgRcvd

MsgSend

Up/Down

10.1.1.3

00:04:55

State/PfxRcd
1

20.1.1.3

00:01:59

Run the show ip bgp update-group command on R1. The neighbor 20.1.1.3 is added
into the BGP update group.
R1(config-bgp)#show ip bgp update-group
Index: 1
Number of static caches: 10 use 0
Has 2 members:
Normal peer:
10.1.1.3

20.1.1.3

3-154
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

3. To enable the neighbor relationship established between R1 and R2 through the


gei-0/1/0/2 interfaces to be in an exclusive BGP update group, perform the following:
Configure R1 as follows:
R1(config)#router bgp 65530
R1(config-bgp)#neighbor 10.1.1.3 remote-as 1
R1(config-bgp)#neighbor 20.1.1.3 remote-as 1
R1(config-bgp)#neighbor 10.1.1.3 activate
R1(config-bgp)#neighbor 20.1.1.3 activate
R1(config-bgp)#neighbor 20.1.1.3 split-update-group
R1(config-bgp)#exit

Configure R2 as follows:
R2(config)#router bgp 1
R2(config-bgp)#neighbor 10.1.1.1 remote-as 65530
R2(config-bgp)#neighbor 20.1.1.1 remote-as 65530
R2(config-bgp)#neighbor 10.1.1.1 activate
R2(config-bgp)#neighbor 20.1.1.1 activate
R2(config-bgp)#exit

After the neighbor relationship output policies are modified, verify on R1 that the BGP
neighbor relationships are normal.
R1(config-bgp)#show ip bgp summary
Neighbor

Ver

As

MsgRcvd

MsgSend

Up/Down

State/PfxRcd

10.1.1.3

00:28:45

20.1.1.3

00:25:49

Run the show ip bgp update-group command on R1. The devices with the IP addresses
10.1.1.3 and 20.1.1.3 are in different BGP update groups.
R1(config-bgp)#show ip bgp update-group
Index: 1
Number of static caches: 10 use 0
Has 1 members:
Normal peer: 20.1.1.3

Index: 2
Number of static caches: 10 use 0
Has 1 members:
Normal peer:
10.1.1.3

Run the no neighbor 20.1.1.3 split-update-group command on R1, and then run the
show ip bgp update-group command. The devices with the IP addresses 10.1.1.3 and
20.1.1.3 are in the same BGP update group.
R1(config-bgp)#show ip bgp update-group
Index: 1

3-155
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


Number of static caches: 10 use 0
Has 2 members:
Normal peer: 10.1.1.3

20.1.1.3

3.12 L3VPN Tunnel Policy Configuration


3.12.1 L3VPN Tunnel Policy Overview
The tunnel policy function can select public network tunnels for the L2VPN and L3VPN
services based on configurations, so that the paths to the public network can be controlled.
Public network tunnels can be selected in accordance with the following:
l
l
l
l

Specifying a TE tunnel
Specifying a preferred TE tunnel
Selecting a TE tunnel or LDP tunnel by iterative routing
Selecting a TE tunnel or LDP tunnel based on priorities

3.12.2 Configuring L3VPN Tunnel Policy


This procedure describes how to configure the L3VPN tunnel policy function.

Steps
1. Create a tunnel policy.
Command

Function

ZXR10(config)#tunnel-policy {<policy-name>}

Configures the policy-name


tunnel policy.
If the policy name already
exists in the system, the system
directly enters tunnel policy
configuration mode. If the
policy name does not exist,
the system creates the tunnel
policy (default type: automatic,
LSP selection sequence: TE
preferred) and then enters tunnel
policy configuration mode.

2. Configure the attributes of the tunnel policy.

3-156
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Step

Command

Function

ZXR10(config-tunnel-policy-policy-name)#tunnel

Sets the tunnel policy type

preferring mpls-te <interface-name>[disable-fallback]

to tunnel specifying, and


specifies the preferred tunnel
interface. By default, the
fallback function is enabled.

ZXR10(config-tunnel-policy-policy-name)#tunnel

Sets the tunnel policy type to

selecting {auto | mpls-te <interface-name>}

automatic or tunnel preferring,


and specifies the MPLS TE
tunnel interface.

ZXR10(config-tunnel-policy-policy-name)#tunnel

Sets the LSP selection

select-seq {te-lsp ldp-lsp | ldp-lsp te-lsp}

sequence if the tunnel policy


is used.
Default LSP selection
sequence: TE-LSP>LDP-LSP
(TE preferred).

<interface-name>: MPLS TE tunnel interface


disable-fallback: disables the fallback function, which is enabled by default.
ldp-lsp: LDP-LSP is preferred.
te-lsp: TE-LSP is preferred.
3. Verify the configurations.
Command

Function

ZXR10#show tunnel-policy instance-info [<policy-name>]

Displays the tunnel policy


information. All the tunnel
policies are displayed by default.

ZXR10#show tunnel-policy selecting-result [{pseudo-wire

Displays the policy-based tunnel

<pw-name>| vrf <vrf-name> peer <ipv4-address>}]

selecting results. All the tunnel


selecting results are displayed
by default.

End of Steps

Example
Run the following commands to create the tunnel policy zte_1:
ZXR10(config)#tunnel-policy zte_1
ZXR10(config-tunnel-policy-zte_1)#exit

Run the following commands to set the type of the tunnel policy zte_1 to tunnel preferring,
set the egress interface of the preferred tunnel to te_tunnel1, and disable the fallback
function:
3-157
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


ZXR10(config)#tunnel-policy zte_1
ZXR10(config-tunnel-policy-zte_1)#tunnel preferring mpls-te te_tunnel1 disable-fallback
ZXR10(config-tunnel-policy-zte_1)#exit

Run the following commands to set the type of the tunnel policy zte_2 to tunnel preferring,
and set the egress interface of the preferred tunnel to te_tunnel1 (the fallback function is
enabled by default):
ZXR10(config)#tunnel-policy zte_2
ZXR10(config-tunnel-policy-zte_2)#tunnel preferring mpls-te te_tunnel1
ZXR10(config-tunnel-policy-zte_2)#exit

Run the following commands to set the type of the tunnel policy zte_4 to automatic:
ZXR10(config)#tunnel-policy zte_4
ZXR10(config-tunnel-policy-zte_4)#tunnel selecting auto
ZXR10(config-tunnel-policy-zte_4)#exit

Run the following commands to set the type of the tunnel policy zte_5 to tunnel specifying,
and set the tunnel egress interface to te_tunnel1:
ZXR10(config)#tunnel-policy zte_5
ZXR10(config-tunnel-policy-zte_5)#tunnel selecting mpls-te te_tunnel1
ZXR10(config-tunnel-policy-zte_5)#exit

Run the following commands to set the LSP selecting sequence of the tunnel policy zte_1
to LDP preferred:
ZXR10(config)#tunnel-policy zte_1
ZXR10(config-tunnel-policy-zte_1)#tunnel select-seq ldp-lsp te-lsp
ZXR10(config-tunnel-policy-zte_1)#exit

3.12.3 L3VPN Tunnel Policy Configuration Example


Configuration Description
Figure 3-39 shows the network structure for L3VPN tunnel policy configuration. PE1 and
PE2 are interconnected through the gei-0/0/1/9 interfaces.
Figure 3-39 Network Structure for L3VPN Tunnel Policy Configuration

3-158
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Configuration Flow
1. Configure IP addresses and loopback addresses of interfaces. Establish an OSPF
neighbor relationship between PE1 and PE2 through the gei-0/0/1/9 interfaces, and
establish an LDP neighbor relationship through the directly connected interfaces.
2. Configure a BGP VPNv4 neighbor relationship between PE1 and PE2.
3. Bind the loopback interfaces of PE1 and PE2 to a VRF respectively, and redistributes
the directly connected routes to the VRF to BGP.
4. Set the tunnel policy so that LDP tunnels are preferred. Set exterior tunnels as static
TE tunnels.

Configuration Commands
Configure PE1 as follows:
PE1(config)#interface gei-0/0/1/9
PE1(config-if-gei-0/0/1/9)#ip address 190.1.1.1 255.255.255.0
PE1(config-if-gei-0/0/1/9)#no shutdown
PE1(config-if-gei-0/0/1/9)#exit
PE1(config)#interface loopback11
PE1(config-if-loopback11)#ip address 1.1.1.1 255.255.255.255
PE1(config-if-loopback11)#exit

PE1(config)#router ospf 11
PE1(config-ospf-11)#network 190.1.1.0 0.0.0.255 area 0.0.0.0
PE1(config-ospf-11)#network 1.1.1.1 0.0.0.0 area 0.0.0.0
PE1(config-ospf-11)#router-id 190.1.1.1
PE1(config-ospf-11)#exit

PE1(config)# mpls ldp instance 1


PE1(config-ldp-1)#interface gei-0/0/1/9
PE1(config-ldp-1-if-gei-0/0/1/9)#exit
PE1(config-ldp-1)#router-id loopback11
PE1(config-ldp-1)#exit

PE1(config)#router bgp 100


PE1(config-bgp)#neighbor 2.2.2.2 remote-as 100
PE1(config-bgp)#neighbor 2.2.2.2 update-source loopback11
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 2.2.2.2 activate
PE1(config-bgp-af-vpnv4)#exit
PE1(config-bgp)#exit

PE1(config)#tunnel-policy abc
PE1(config-tunnel-policy-abc)#tunnel select-seq ldp-lsp te-lsp
PE1(config-tunnel-policy-abc)#exit

3-159
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE1(config)#ip vrf test
PE1(config-vrf-test)#rd 1:100
PE1(config-vrf-test)#address-family ipv4
PE1(config-vrf-test-af-ipv4)#peer 2.2.2.2 tunnel-policy abc
PE1(config-vrf-test-af-ipv4)#route-target import 1:100
PE1(config-vrf-test-af-ipv4)#route-target export 1:100
PE1(config-vrf-test-af-ipv4)#exit
PE1(config-vrf-test)#exit

PE1(config)#interface Loopback1
PE1(config-if-loopback1)#ip vrf forwarding test
PE1(config-if-loopback1)#ip address 11.1.1.1 255.255.255.255
PE1(config-if-loopback1)exit

PE1(config)#router bgp 100


PE1(config-bgp)#address-family ipv4 vrf test
PE1(config-bgp-af-ipv4-vrf)#redistribute connect
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#exit

PE1(config)#interface te_tunnel1
PE1(config-if-te_tunnel1)#exit

PE1(config)#mpls traffic-eng
PE1(config-mpls-te)#router-id 1.1.1.1
PE1(config-mpls-te)#interface loopback11
PE1(config-mpls-te-if-loopback11)#exit
PE1(config-mpls-te)#interface gei-0/0/1/9
PE1(config-mpls-te-if-gei-0/0/1/9)#exit
PE1(config-mpls-te)#static te_tunnel1
PE1(config-mpls-te-static-te_tunnel1)#role ingress type unidirectional
PE1(config-mpls-te-static-te_tunnel1)#ingress-tunnel-id 1 ingress 1.1.1.1
egress 2.2.2.2
PE1(config-mpls-te-static-te_tunnel1)#lsp 1
PE1(config-mpls-te-static-te_tunnel1-lsp)#out-seg-info out-port gei-0/0/1/9
out-label 3 next-hop 190.1.1.2
PE1(config-mpls-te-static-te_tunnel1-lsp)#exit
PE1(config-mpls-te-static-te_tunnel1)#exit
PE1(config-mpls-te)#exit

Configure PE2 as follows:


PE2(config)#interface gei-0/0/1/9
PE2(config-if-gei-0/0/1/9)#ip address 190.1.1.2 255.255.255.0
PE2(config-if-gei-0/0/1/9)#no shutdown
PE2(config-if-gei-0/0/1/9)#exit

3-160
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


PE2(config)#interface loopback12
PE2(config-if-loopback11)#ip address 2.2.2.2 255.255.255.255
PE2(config-if-loopback11)#exit

PE2(config)#router ospf 11
PE2(config-ospf-11)#network 190.1.1.0 0.0.0.255 area 0.0.0.0
PE2(config-ospf-11)#network 2.2.2.2 0.0.0.0 area 0.0.0.0
PE2(config-ospf-11)#router-id 190.1.1.2
PE2(config-ospf-11)#exit

PE2(config)# mpls ldp instance 1


PE2(config-ldp-1)#interface gei-0/0/1/9
PE2(config-ldp-1-if-gei-0/0/1/9)#exit
PE2(config-ldp-1)#router-id loopback12
PE2(config-ldp-1)#exit

PE2(config)#router bgp 100


PE2(config-bgp)#neighbor 1.1.1.1 remote-as 100
PE2(config-bgp)#neighbor 1.1.1.1 update-source loopback12
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 1.1.1.1 activate
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#exit

PE2(config)#ip vrf test


PE2(config-vrf-test)#rd 1:100
PE2(config-vrf-test)#address-family ipv4
PE2(config-vrf-test-af-ipv4)#route-target import 1:100
PE2(config-vrf-test-af-ipv4)#route-target export 1:100
PE2(config-vrf-test-af-ipv4)#exit
PE2(config-vrf-test)#exit

PE2(config)#interface Loopback1
PE2(config-if-loopback1)#ip vrf forwarding test
PE2(config-if-loopback1)#ip address 22.1.1.1 255.255.255.255
PE2(config-if-loopback1)#exit

PE2(config)#router bgp 100


PE2(config-bgp)#address-family ipv4 vrf test
PE2(config-bgp-af-ipv4-vrf)#redistribute connect
PE2(config-bgp-af-ipv4-vrf)#exit
PE2(config-bgp)#exit

PE2(config)#interface te_tunnel32775
PE2(config-if-te_tunnel32775)#exit

3-161
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

PE2(config)#mpls traffic-eng
PE2(config-mpls-te)#router-id 2.2.2.2
PE2(config-mpls-te)#interface loopback12
PE2(config-mpls-te-if-loopback12)#exit
PE2(config-mpls-te)#interface gei-0/0/1/9
PE2(config-mpls-te-if-gei-0/0/1/9)#exit
PE2(config-mpls-te)#static te_tunnel32775
PE2(config-mpls-te-static-te_tunnel32775)#role egress type unidirectional
PE2(config-mpls-te-static-te_tunnel32775)#ingress-tunnel-id 1 ingress 1.1.1.1
egress 2.2.2.2
PE2(config-mpls-te-static-te_tunnel32775)#lsp 1
PE2(config-mpls-te-static-te_tunnel32775-lsp)#in-seg-info in-port gei-0/0/1/9
in-label 3
PE2(config-mpls-te-static-te_tunnel32775-lsp)#exit
PE2(config-mpls-te-static-te_tunnel32775)#exit
PE2(config-mpls-te)#exit

Configuration Verification
Check the TE tunnel as follows:
PE1(config-mpls-te)#show mpls traffic-eng static

Name: tunnel_1
Status:
Admin Status: up

Protocol Status: up

Actual Bandwidth: N/A


Basic Config Parameters:
Ingress-TnnlID:1

IngressID:1.1.1.1

Tunnel Type: Unidirect

EgressID:2.2.2.2

Role: Ingress

Policy Class:
Perf Switch: off
Binded LSP 1
Positive Forward Info:
in-port:
in-label:
out-port: gei-0/0/1/9
out-label:3
next-hop: 190.1.1.2
bandwidth: 0
burst: 0
peak: 0
excess-burst: 0

Check the policy-based tunnel selection result in a VRF as follows:

3-162
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


PE1#show tunnel-policy selecting-result
The tunnel policy's tunnel selecting result:

Code

: l: means select ldp lsp, t: means select te lsp.

--------------------------------------------------------------------------------Type

InstanceName

PWName/Peer

F ResultTE

Bandwidth

TunnelPolicyNa

test

2.2.2.2

t te_tunnel1

abc

me
VRF

Check the protocol routing and forwarding table as follows:


PE1#show ip protocol routing vrf test all
Codes: OSPF-3D = ospf-type3-discard, OSPF-5D = ospf-type5-discard, TE = rsvpte,
OSPF-7D = ospf-type7-discard, USER-I = user-ipaddr, RIP-D = rip-discard,
OSPF-E = ospf-ext, ASBR-V = asbr-vpn, GW-FWD = ps-busi, GW-UE = ps-user,
BGP-AD = bgp-aggr-discard, BGP-CE = bgp-confed-ext, NAT64 = sl-nat64-v4,
USER-N = user-network, USER-S = user-special, DHCP-S = dhcp-static,
DHCP-D = dhcp-dft
Marks: *valid, >best, s-stale

*>

Dest

NextHop

Intag

Outtag

RtPrf

Protocol

11.1.1.1/32

11.1.1.1

212995

notag

Address

11.1.1.1/32

11.1.1.1

212995

notag

Direct

*>

22.1.1.1/32

2.2.2.2

notag

212992

200

BGP-INT

PE1#show ip forwarding route vrf test


IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
status codes: *valid, >best;
Gw

Interface

Owner

*> 11.1.1.1/32

Dest

11.1.1.1

loopback1

Address

*> 22.1.1.1/32

2.2.2.2

te_tunnel1

BGP

Pri Metric
0

200 0

3-163
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

3.13 BGP Route-Target Route Configuration


3.13.1 BGP Route-Target Route Overview
Introduction
When there are many routes and especially a route reflector in the current network, the
reflector will advertises all routes on it to its clients or non-clients, regardless whether these
routes are required by the clients or non-client. This increases the load on the CPU and
memory of the router.
As shown in Figure 3-40, PE-3 advertises the VRF-Blue and VRF-Red routes to RR-1, and
RR-1 forwards these routes to PE-4, which only needs VRF-Red routes. Similarly, PE-4
advertises VRF-Red and VRF-Green routes to RR-1. RR-1 forwards these routes to PE-3,
which only needs VRF-Red routes. Therefore, information about many unrelated routes
is exchanged between RR-1 and PE-3 and between RR-1 and PE-4, which consumes
bandwidth and CPU resources.
Figure 3-40 Route Redistribution in a Network

Therefore, the BGP RT constrained route distribution is introduced in RFC to solve this
problem. The main idea of the BGP RT constrained route distribution is that the route
distribution is constrained on the outbound direction, thus saving the router resources of
PE-3 and PE-4.
To implement this function, PE-3 advertises the RT membership information generated
on PE-3 to the corresponding neighbor (RR-1), which stores the information in the
corresponding filter table. Before advertising routing information to PE-3, RR-1 matches
the RT carried by the routing information with the RT in the filter table from PE-3. If they
are matched successfully, RR-1 advertises routing information to PE-3.

3-164
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Operation Procedure
l

VPN operation procedure in an AS


Figure 3-41 shows the operation procedure.
Figure 3-41 VPN Operation Procedure in an AS

1. PE-3 advertises RTC NLRI {RT1, RT2} to RR-1.


2. PE-4 advertises RTC NLRI {RT2, RT3} to RR-1.
3. RR-1 translates the information received from PE-3 into an outbound route filter
and installs this filter (Permit RT1, RT2) for PE-3.
4. RR-1 translates the information received from PE-4 into an outbound route filter
and installs this filter (Permit RT2, RT3) for PE-4.
VPN operation procedure among ASs
As shown in Figure 3-42, routers A, B, C, D, E, F, G, H, I, and J are in different ASs.
Router A advertises VPNv4 routes to router I.
Routers C and J, as non-transition and border ASs, do not need to know VPNv4
routing information. Routers G and H are not on the shortest path between routers A
and I, which are also excluded from the advertised path of the VPNv4 route. To arrive
at this destination, assume that an RTC route is started from router I. There are two
paths from router E to router I: (I, F, E) and (I, H, G, E). Router E selects the path (I, F,
E) with a shorter AS_PATH, and forwards this path to routers B and D, which forward
this path to router A. Assume that path (E, B, A) is selected on router A. The path that
the VPN route is advertised from router A to router I is (A, B, E, F, I), but routers D,
G, and H on the suboptimal paths (E, D, A) and (I, H, G, E) will not receive the VPN
route.

3-165
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Figure 3-42 VPN Operation Procedure Among ASs

3.13.2 Configuring a BGP Route-Target Route


This procedure describes how to configure a BGP route-target route.

Steps
1. Configure a BGP route-target route.
Step

Command

Function

ZXR10(config)#router bgp <as-number>

Creates a BGP instance and


enters BGP configuration
mode.

ZXR10(config-bgp)#neighbor<ipv4-address> remote-as

Configures the remote AS

<as-number>

number of the specified


neighbor.

Enters BGP route-target

ZXR10(config-bgp)#address-family route-target

address family mode.


4

ZXR10(config-bgp-af-rt)#neighbor<ipv4-address>ac

Activates the exchange

tivate

of route-target routing
information with a neighbor.

2. Configure optional parameters of the BGP route-target route.


Command

Function

ZXR10(config-bgp-af-rt)#timers wait-for-end-of-rib

Configures the duration of the

<wait-time>

route-target address family


waiting for an End-Of-RIB
marker. Default: 60 seconds.

ZXR10(config-bgp-af-rt)#constrain-rt-filter disable

Disables the RT filter. By default,


the RT filter is enabled.

3-166
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

Command

Function

ZXR10(config-bgp-af-rt)#maximum-paths<path-number>

Configures the maximum of


external paths for the route-target
address family. Default: 1.

<wait-time>: maximum duration of the local router waiting for a neighbor to send
an end-of-rib packet under the Route-Target address family before the local router
advertises the VPNv4 route, after establishment of a BGP Route-Target link. Unit:
seconds, default: 60 seconds.
disable: After the RT filter is disabled, the VPNv4 and VPNv6 routes will not be filtered
based on the import RT of the peer end. By default, the RT filter is enabled.
<path-number>: maximum number of external paths. Default: 1.
3. Verify the configurations.
Command

Function

ZXR10#show bgp ipv4 route-target

Shows information about BGP


Route-Target routes.

ZXR10#show bgp ipv4 route-target detail <as-number

Shows the detailed information

>{<0-65535>:<0-4294967295>|<1-65535>.<0-65535>:<0-65535

about a BGP Route-Target route.

>|A.B.C.D:<0-65535>}
ZXR10#show bgp ipv4 route-target neighbor [<ip-address>]

Shows information about


neighbors of the BGP IPv4
Route-Target address family.

ZXR10#show bgp ipv4 route-target neighbor [in |

Shows the Route-Target routing

out]<ip-address>

information received from or


advertised to neighbors.

ZXR10#show bgp ipv4 route-target update-group

[{<ipv4-address>|<update-group-number>}]

Shows the detailed


information about Route-Target
update-groups.

<as-number >: AS number carried by a Route-Target route.


<0-65535>:<0-4294967295>: Route-Target extended community attribute in ASN_NN
format.
<1-65535>.<0-65535>:<0-65535>|:
ASND_NN format.

Route-Target extended community attribute in

A.B.C.D:<0-65535>: Route-Target extended community attribute in IPADD_NN format.


<ipv4-address>: IPv4 address of a neighbor, in dotted decimal notation.
<update-group-number>: update group index.
End of Steps
3-167
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

3.13.3 BGP Route-Target Route Configuration Example


Configuration Description
As shown in Figure 3-43, the IBGP neighbor relationship is established between R1 and
R2, and the BGP Route-Target route advertisement is activated.
Figure 3-43 BGP Route-Target Route Configuration Example

Configuration Flow
1. Establish the IBGP neighbor relationship between R1 and R2.
2. Activate the neighbor relationship in the Route-Target address family of R1 and R2
separately.

Configuration Commands
Configuration on R1:
R1(config)#interface gei-0/1/0/1
R1(config-if-gei-0/1/0/1)#no shutdown
R1(config-if-gei-0/1/0/1)#ip address 1.1.1.1 255.255.255.0
R1(config-if-gei-0/1/0/1)#exit
R1(config)#interface loopback1
R1(config-if-loopback1)#ip address 4.4.4.4 255.255.255.255
R1(config-if-loopback1)#exit

R1(config)#router ospf 1
R1(config-ospf-1)#router-id 4.4.4.4
R1(config-ospf-1)#network 4.4.4.4 0.0.0.0 area 0
R1(config-ospf-1)#network 1.1.1.0 0.0.0.255 area 0
R1(config-ospf-1)#exit

R1(config)#mpls ldp instance 1


R1(config-ldp-1)#router-id loopback1
R1(config-ldp-1)#interface gei-0/1/0/1
R1(config-ldp-1-if-gei-0/1/0/1)#exit
R1(config-ldp-1)#exit

R1(config)#router bgp 2
R1(config-bgp)#neighbor 5.5.5.5 remote-as 2
R1(config-bgp)#neighbor 5.5.5.5 update-source loopback1
R1(config-bgp)#address-family route-target

3-168
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


R1(config-bgp-af-rt)#neighbor 5.5.5.5 activate
R1(config-bgp-af-rt)#exit
R1(config-bgp)#exit

Configuration on R2:
R2(config)#interface gei-0/1/0/1
R2(config-if-gei-0/1/0/1)#no shutdown
R2(config-if-gei-0/1/0/1)#ip address 1.1.1.2 255.255.255.0
R2(config-if-gei-0/1/0/1)#exit
R2(config)#interface loopback1
R2(config-if-loopback1)#ip address 5.5.5.5 255.255.255.255
R2(config-if-loopback1)#exit

R2(config)#router ospf 1
R2(config-ospf-1)#router-id 5.5.5.5
R2(config-ospf-1)#network 1.1.1.0 0.0.0.255 area 0
R2(config-ospf-1)#network 5.5.5.5 0.0.0.0 area 0
R2(config-ospf-1)#exit
R2(config)#mpls ldp instance 1
R2(config-ldp-1)#interface gei-0/1/0/1
R2(config-ldp-1-if-gei-0/1/0/1)#exit
R2(config-ldp-1)#router-id loopback1
R2(config-ldp-1)#exit

R2(config)#router bgp 2
R2(config-bgp)#neighbor 4.4.4.4 remote-as 2
R2(config-bgp)#neighbor 4.4.4.4 update-source loopback1
R2(config-bgp)#address-family route-target
R2(config-bgp-af-rt)#neighbor 4.4.4.4 activate
R2(config-bgp-af-rt)#exit
R2(config-bgp)#exit

R2(config)#ip vrf vrf1


R2(config-vrf-vrf1)#rd 1:11
R2(config-vrf-vrf1)#address-family ipv4
R2(config-vrf-vrf1)#route-target both 1:11
R2(config-vrf-vrf1-af-ipv4)#!

R2(config)#interface loopback21
R2(config-if-loopback21)#ip vrf forwarding vrf1
R2(config-if-loopback21)#ip address 21.1.1.5 255.255.255.0
R2(config-if-loopback21)#exit

Configuration Verification
Check information about the BGP route-target routes on R1:
3-169
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


R1#show bgp ipv4 route-target summary
Neighbor Ver AsMsgRcvd MsgSend Up/Down State/PfxRcd
5.5.5.5

227

25

00:21:08 1

R1#show bgp ipv4 route-target detail 2 1:11


BGP routing table entry for 2:1:11
09:05:36 received from 5.5.5.5 (11.12.13.14), path-id 0
Origin i, nexthop 5.5.5.5, localpref 100,weight 0, rtpref 200, best,
As path
As4 path

R1#show bgp ipv4 route-target neighbor 5.5.5.5


BGP neighbor is 5.5.5.5, remote AS 2, internal link
BGP version 4, remote router ID 11.12.13.14
BGP state = Established, up for 00:28:03
Last read update 00:07:19, hold time is 180 seconds, keepalive interval is 60
seconds
Neighbor capabilities:
Route refresh: advertised and received
New ASN Capability: advertised and received
Address family IPv4 Unicast: advertised and received
Address family Route Target: advertised and received
All received 193 messages
2 updates, 0 errs
1 opens, 0 errs
32 keepalives
0 VPNv4 refreshes, 1 IPv4 refreshes, 0 IPv4 multicast refreshes, 0 IPv6 refres
hes, 0 IPv6 multicast refreshes, 0 VPNv6 refreshes, 0 L2VPN VPLS refreshes, 0
IPv4 route-target refreshes, 0 errs
157 notifications, 0 other errs
After last established received 34 messages
2 updates, 0 errs
0 opens, 0 errs
31 keepalives
0 VPNv4 refreshes, 1 IPv4 refreshes, 0 IPv4 multicast refreshes, 0 IPv6 refres
hes, 0 IPv6 multicast refreshes, 0 IPv6 vpn refreshes, 0 L2VPN VPLS refreshes, 0
IPv4 route-target refreshes, 0 errs
0 IPv4 end_of_ribs, 0 VPNv4 end_of_ribs, 0 IPv6 end_of_ribs, 0 VPNv6 end_of_ri
bs, 1 IPv4 route-target end_of_ribs
0 notifications, 0 other errs
All sent 192 messages
2 updates, 158 opens, 32 keepalives
0 VPNv4 refreshes, 0 IPv4 refreshes, 0 IPv4 multicast refreshes, 0 IPv6 refres
hes, 0 IPv6 multicast refreshes, 0 VPNv6 refreshes, 0 L2VPN VPLS refreshes, 0 IP
v4 route-target refreshes, 0 notifications

3-170
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration


After last established sent 33 messages
2 updates, 0 opens, 31 keepalives
0 VPNv4 refreshes, 0 IPv4 refreshes, 0 IPv4 multicast refreshes, 0 IPv6 refres
hes, 0 IPv6 multicast refreshes, 0 VPNv6 refreshes, 0 L2VPN VPLS refreshes, 0 IP
v4 route-target refreshes
0 IPv4 end_of_ribs, 0 VPNv4 end_of_ribs, 0 IPv6 end_of_ribs, 0 VPNv6 end_of_r
ibs, 1 IPv4 route-target end_of_ribs, 0 notifications

For address family: IPv4 Unicast


Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%

For address family: IPv4 Multicast no activate


Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%

For address family: VPNv4 Unicast no activate


Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%

For address family: VPNv4 Multicast no activate


Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%

For address family: VPNv4 Mcast no activate


Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%

For address family: IPv6 Unicast no activate


Weight is 0

3-171
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%

For address family: IPv6 Unicast no activate


Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%

For address family: VPNv6 Unicast no activate


Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%

For address family: L2VPN VPLS no activate


Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%

For address family: Route Target


Weight is 0
All received nlri 1, unnlri 0, 1 accepted prefixes, 0 deleting prefixes
All sent nlri 2, unnlri 0, 2 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%

Totally update pkt block 1 times


Currently no update pkt block in spool buf
Last after established, type:feas pkt, last ticks:2
Max last time from peer born, type:feas pkt, last ticks:2

Totally real pkt block 0 times


Currently no real pkt block in spool buf

Connections established 1
Last error code is 6, last error subcode is 5
Local host: 4.4.4.4, Local port: 179
Foreign host: 5.5.5.5, Foreign port: 20427

3-172
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 3 MPLS L3VPN Configuration

R1#show bgp ipv4 route-target neighbor in 5.5.5.5


Routes Learned From This Neighbor:
Status codes: * valid, > best, i - internal, s - stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network

Next Hop

*>i 2:1:11

5.5.5.5

Metric LocPrf
100

RtPrf Path
200 i

R1#show bgp ipv4 route-target neighbor out 5.5.5.5


Routes Sent To This Neighbor:
Origin codes: i - IGP, e - EGP, ? - incomplete
Network

Next Hop

Metric LocPrf Path

2:100:1

4.4.4.4

100

2:1:100

4.4.4.4

100

R1#show bgp ipv4 route-target update-group


Index: 1
Number of path attributes: 1
Number of NLRIs: 2
Number of sent NLRIs: 2
Number of static caches: 10 Use 0
Has 1 members:
Normal peer:
5.5.5.5

3-173
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

This page intentionally left blank.

3-174
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 4

Multicast VPN Configuration


Table of Contents
VPN Multicast Overview .............................................................................................4-1
Configuring VPN Multicast..........................................................................................4-1
VPN Multicast Configuration Instance.........................................................................4-4

4.1 VPN Multicast Overview


Multicast VPN is a technology that supports multicast services on the base of BGP/MPLS
IP VPN. This technology accomplishes the multicast data transport between private
networks by encapsulating private network multicast packets and transmitting them on
the multicast tunnels established between sites.
On the original multicast technology base, multicast VPN technology solves the following
problems: How public network does RPF inspection to forward multicast data when public
network does not know private network. Private network source address and destination
address are overlapped. How private network multicast data flow is forwarded to private
site.
Multicast VPN implements ordinary multicast function on private network and ordinary
multicast function on public network. It implements that public network forwards multicast
data of private network and multicast data is not flooded on public network but is forwarded
according to requirement. At present, it is the PIM-SM protocol which is used most widely.

4.2 Configuring VPN Multicast


This procedure describes how to configure VPN multicast.

Steps
1. Enable pimsm mode.
Step

Command

Function

ZXR10(config)#ip multicast-routing

Enables IP multicast route


function.

ZXR10(config-mcast)#router pim

Enables pimsm mode.

ZXR10(config-mcast-pim)#exit

Exits from pimsm mode.

2. Configure interface and multicast instance in multicast VRF mode.


4-1
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Step

Command

Function

ZXR10(config-mcast)#vrf <vrf-name>

Enters multicast VRF mode.

ZXR10(config-mcast-vrf-vrf-name)#mtunnel

Configures one interface as

<interface-name>

an mtunnel interface.

ZXR10(config-mcast-vrf-vrf-name)#mdt default

Configures a MDT default

<group-address>

group of a multicast instance.

ZXR10(config-mcast-vrf-vrf-name)#mdt data

Configures MDT data group

<group-address><group-mask>[<acl-name>]

of multicast instance.

3. Configure a multicast tunnel.


Step

Command

Function

ZXR10(config-mcast-vrf-vrf-name)#provider-tunnel

Configures a multicast tunnel.

{mldp-p2mp | rsvp-te}
2

ZXR10(config-mcast-vrf-vrf-name)#forwarding-p

Sets the forwarding policy to

olicy {per-packet | per-user | per-stream }[group-list

forwarding per packet or per

<acl-name>]

user.

4. Enable and configure the PIM protocol.


Step

Command

Function

ZXR10(config-mcast-vrf-vrf-name)#router pim

Enables the PIM protocol.

ZXR10(configmcast-vrf-vrf-name-pim)#static-rp

Configures a static

<ip-address>[group-list <prefix-list-name>][priority

Rendezvous Point (RP).

<priority>]

Priority, 0-255, the default


value is 192.

Configures a candidate

ZXR10(config-mcast-vrf-vrf-name-pim)#bsr

-candidate <interface-name>[hash-mask-length

Bootstrap Router (BSR).

<hash-mask-length>][priority <priority>]

Hash length, in the range of


0-32, the default is 30.
Priority, in the range of 0-255,
with the default value 0.

ZXR10(config-mcast-vrf-vrf-name-pim)#rp-candid

Configures a candidate RP.

ate <interface-name>[group-list <prefix-list-name>][pri

Priority, in the range of 0-255,

ority <priority>]

with the default value 192.

5. Enable the multicast route protocol PIM-SM on the interface.

4-2
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 4 Multicast VPN Configuration

Step

Command

Function

ZXR10(config-mcast-vrf-vrf-name-pim)#interface

Configures a multicast

<interface-name>

Protocol Independent
Multicast - Sparse Mode
(PIM-SM) interface.

ZXR10(config-mcast-vrf-vrf-name-pim-if-

Enables multicast route

interface-name)#pimsm

protocol PIM-SM on the


interface.

6. (Optional) Configure multicast load sharing.


Command

Function

ZXR10(config-mcast-vrf-vrf-name)#multipath

Enables load sharing and uses


the source address-based hash
algorithm.

ZXR10(config-mcast-vrf-vrf-name)#multipath

Enables load sharing and uses

s-g-hash basic

the source address and multicast


address-based hash algorithm.

ZXR10(config-mcast-vrf-vrf-name)#multipath

Enables load sharing and uses

s-g-hash next-hop-based

next-hop-based hash algorithm.

7. Verify the configurations.


Command

Function

ZXR10#show ip mroute summary vrf <vrf-name>

Shows the detailed number of IP


multicast route table.

ZXR10#show ip pim mroute vrf <vrf-name>[group

Shows the content of multicast

<group-address>][source <source-address>]

PIM-SM route table.

ZXR10#show ip pim rp mapping vrf <vrf-name>

Shows RP information.

ZXR10#show ip pim bsr vrf <vrf-name>

Shows BSR information.

ZXR10#show ip pim rp hash vrf <vrf-name><group-address>

Shows the RP information selected


by specified multicast group.

ZXR10#show ip pim interface vrf <vrf-name>[<interface-n

Shows interface state of PIM-SM.

ame>]
ZXR10#show ip pim neighbor vrf <vrf-name>[<interface-n

Shows neighbor state of PIM-SM

ame>]

interface.

ZXR10#show ip pim nexthop [vrf <vrf-name>][dest-add

Shows the route from PIM-SM to RP

ress <dest-address>]

or to the multicast source.

8. Clear IP multicast route.


4-3
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Command

Function

ZXR10#clear ip mroute [vrf <vrf-name>][group-address

Clears IP multicast route

<group-address>][source-address <source-address>]

End of Steps

4.3 VPN Multicast Configuration Instance


Configuration Description
This example implements basic function configuration of multicast VPN to make private
network multicast data to be transmitted, as shown in Figure 4-1.
Figure 4-1 Multicast VPN Configuration Instance

Configuration Flow
1.
2.
3.
4.

Configure MPLS VPN enviroment.


Configure public network multicast and private network multicast on PE1.
Configure public network multicast on P.
Configure public network multicast and private network multicast on PE2.

Configuration Command
1. Configure MPLS VPN enviroment.
Configuration on PE1:
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 1.1.1.17 255.255.255.255
PE1(config-if-loopback1)#exit
PE1(config)#interface gei-0/1/0/1
PE1(config-if-gei-0/1/0/1)#no shutdown
PE1(config-if-gei-0/1/0/1)#ip address 100.101.102.17 255.255.255.0
PE1(config-if-gei-0/1/0/1)#exit

4-4
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 4 Multicast VPN Configuration


PE1(config)#router ospf 1
PE1(config-ospf-1)#router-id 1.1.1.17
PE1(config-ospf-1)#network 1.1.1.17 0.0.0.0 area 0
PE1(config-ospf-1)#network 100.101.102.0 0.0.0.255 area 0
PE1(config-ospf-1)#exit

PE1(config)#mpls ldp instance 20


PE1(config-ldp-20)#router-id loopback1
PE1(config-ldp-20)#interface gei-0/1/0/1
PE1(config-ldp-20-if-gei-0/1/0/1)#exit
PE1(config-ldp-20)#exit

PE1(config)#ip vrf test


PE1(config-vrf-test)#rd 10:10
PE1(config-vrf-test)#route-target 10:10
PE1(config-vrf-test)#address-family ipv4
PE1(config-vrf-test-af-ipv4)#exit
PE1(config-vrf-test)#!

PE1(config)#interface gei-0/1/0/3
PE1(config-if-gei-0/1/0/3)#no shutdown
PE1(config-if-gei-0/1/0/3)#ip vrf forwarding test
PE1(config-if-gei-0/1/0/3)#ip address 100.105.102.17 255.255.255.0
PE1(config-if-gei-0/1/0/3)#exit

PE1(config)#router bgp 1
/*Note: The loopback interface must be used to establish a BGP neighbor
relationship.*/
PE1(config-bgp)#neighbor 1.1.1.19 remote-as 1
PE1(config-bgp)#neighbor 1.1.1.19 activate
PE1(config-bgp)#neighbor 1.1.1.19 update-source loopback1
PE1(config-bgp)#address-family ipv4 vrf test
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 1.1.1.19 activate
PE1(config-bgp-af-vpnv4)#exit

Configuration on P:
P(config)#interface loopback1
P(config-if-loopback1)#ip address 1.1.1.18 255.255.255.255
P(config-if-loopback1)#exit
P(config)#interface gei-0/1/0/1
P(config-if-gei-0/1/0/1)#no shutdown
P(config-if-gei-0/1/0/1)#ip address 100.101.102.18 255.255.255.0

4-5
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


P(config-if-gei-0/1/0/1)#exit
P(config)#interface gei-0/1/0/2
P(config-if-gei-0/1/0/2)#no shutdown
P(config-if-gei-0/1/0/2)#ip address 100.103.102.18 255.255.255.0
P(config-if-gei-0/1/0/2)#exit

P(config)#router ospf 1
P(config-ospf-1)#router-id 1.1.1.18
P(config-ospf-1)#network 1.1.1.18 0.0.0.0 area 0
P(config-ospf-1)#network 100.101.102.0 0.0.0.255 area 0
P(config-ospf-1)#network 100.103.102.0 0.0.0.255 area 0
P(config-ospf-1)#exit

P(config)#mpls ldp instance 20


P(config-ldp-20)#router-id loopback1
P(config-ldp-20)#interface gei-0/1/0/1
P(config-ldp-20-if-gei-0/1/0/1)#exit
P(config-ldp-20)#interface gei-0/1/0/2
P(config-ldp-20-if-gei-0/1/0/2)#exit
P(config-ldp-20)#exit

Configuration on PE2 (the same as that on PE1):


PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 1.1.1.19 255.255.255.255
PE2(config-if-loopback1)#exit
PE2(config)#interface gei-0/1/0/1
PE2(config-if-gei-0/1/0/1)#no shutdown
PE2(config-if-gei-0/1/0/1)#ip address 100.103.102.19 255.255.255.0
PE2(config-if-gei-0/1/0/1)#exit

PE2(config)#router ospf 1
PE2(config-ospf-1)#router-id 1.1.1.19
PE2(config-ospf-1)#network 1.1.1.19 0.0.0.0 area 0
PE2(config-ospf-1)#network 100.103.102.0 0.0.0.255 area 0
PE2(config-ospf-1)#exit

PE2(config)#mpls ldp instance 20


PE2(config-ldp-20)#router-id loopback1
PE2(config-ldp-20)#interface gei-0/1/0/1
PE2(config-ldp-20-if-gei-0/1/0/1)#exit
PE2(config-ldp-20)#exit

PE2(config)#ip vrf test


PE2(config-vr-testf)#rd 10:10
PE2(config-vrf-test)#route-target 10:10

4-6
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 4 Multicast VPN Configuration


PE2(config-vrf-test)#address-family ipv4
PE2(config-vrf-test-af-ipv4)#exit
PE2(config-vrf-test)#!

PE2(config)#interface gei-0/1/0/3
PE2(config-if-gei-0/1/0/3)#no shutdown
PE2(config-if-gei-0/1/0/3)#ip vrf forwarding test
PE2(config-if-gei-0/1/0/3)#ip address 100.106.102.19 255.255.255.0
PE2(config-if-gei-0/1/0/3)#exit

PE2(config)#router bgp 1
PE2(config-bgp)#neighbor 1.1.1.17 remote-as 1
PE2(config-bgp)#neighbor 1.1.1.17 activate
PE2(config-bgp)#neighbor 1.1.1.17 update-source loopback1
PE2(config-bgp)#address-family ipv4 vrf test
PE2(config-bgp-af-ipv4-vrf)#redistribute connected
PE2(config-bgp-af-ipv4-vrf)#exit
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 1.1.1.17 activate
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#exit

2. Configure multicast on PE1.


Configure public network multicast.
PE1(config)#ip multicast-routing
PE1(config-mcast)#router pim
PE1(config-mcast-pim)#interface loopback1
PE1(config-mcast-pim-if-loopback1)#pimsm
PE1(config-mcast-pim-if-loopback1)#exit
PE1(config-mcast-pim)#interface gei-0/1/0/1
PE1(config-mcast-pim-if-gei-0/1/0/1)#pimsm
PE1(config-mcast-pim-if-gei-0/1/0/1)#exit
PE1(config-mcast-pim)#rp-candidate loopback1
/*The public network must have one or more RP.*/
PE1(config-mcast-pim)#bsr-candidate loopback1
PE1(config-mcast-pim)#exit
PE1(config-mcast)#exit

Configure private network multicast.


PE1(config-mcast)#vrf test
PE1(config-mcast-vrf-test)#router pim
PE1(config-mcast-vrf-test-pim)#interface gei-0/1/0/3
PE1(config-mcast-vrf-test-pim-if-gei-0/1/0/3)#pimsm
PE1(config-mcast-vrf-test-pim-if-gei-0/1/0/3)#exit
PE1(config-mcast-vrf-test-pim)#rp-candidate gei-0/1/0/3

4-7
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


/*The VPN also must have an RP.*/
PE1(config-mcast-vrf-test-pim)#bsr-candidate gei-0/1/0/3
PE1(config-mcast-vrf-test-pim)#exit
PE1(config-mcast-vrf-test)#mdt default 235.1.1.1
/*The MDT configuration must be the same on PE1 and PE2.*/
PE1(config-mcast-vrf-test)#mtunnel loopback1
/*The Mtunnel interface must be a loopback interface and used for BGP links.*/
PE1(config-mcast-vrf-test)#exit
PE1(config-mcast)#exit

3. Configure multicast on P.
P(config)#ip multicast-routing
P(config-mcast)#router pim
P(config-mcast-pim)#interface gei-0/1/0/1
P(config-mcast-pim-if-gei-0/1/0/1)#pimsm
P(config-mcast-pim-if-gei-0/1/0/1)#exit
P(config-mcast-pim)#interface gei-0/1/0/2
P(config-mcast-pim-if-gei-0/1/0/2)#pimsm
P(config-mcast-pim-if-gei-0/1/0/2)#exit
P(config-mcast-pim)#exit

4. Configure multicast on PE2.


Configure public network multicast.
PE2(config)#ip multicast-routing
PE2(config-mcast)#router pim
PE2(config-mcas-pim)#interface loopback1
PE2(config-mcas-pim-if-loopback1)#pimsm
PE2(config-mcas-pim-if-loopback1)#exit
PE2(config-mcas-pim)#interface gei-0/1/0/1
PE2(config-mcas-pim-if-gei-0/1/0/1)#pimsm
PE2(config-mcas-pim-if-gei-0/1/0/1)#exit
PE2(config-mcas-pim)#exit
PE2(config-mcast)#exit

Configure private network multicast.


PE2(config-mcast)#vrf test
PE2(config-mcast-vrf-test)#router pim
PE2(config-mcast-vrf-test-pim)#interface gei-0/1/0/3
PE2(config-mcast-vrf-test-pim-if-gei-0/1/0/3)#pimsm
PE2(config-mcast-vrf-test-pim-if-gei-0/1/0/3)#exit
PE2(config-mcast-vrf-test-pim)#exit
PE2(config-mcast-vrf-test)#mdt default 235.1.1.1
/*The MDT configuration must be the same on PE1 and PE2.*/
PE2(config-mcast-vrf-test)#mtunnel loopback1
/*The Mtunnel interface must be a loopback interface and used for BGP links.*/
PE2(config-mcast-vrf-test)#exit

4-8
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 4 Multicast VPN Configuration


PE2(config-mcast)#exit

Receiver group is added.


PE2(config)#ip multicast-routing
PE2(config-mcast)#vrf test
PE2(config-mcast-vrf-test)#router igmp
/*The receiver can select a static group or an update group.*/
PE2(config-mcast-vrf-test-igmp)#interface gei-0/1/0/3
PE2(config-mcast-vrf-test-igmp-if-gei-0/1/0/3)#static-group 225.0.0.1
PE2(config-mcast-vrf-test-igmp-if-gei-0/1/0/3)#exit
PE2(config-mcast-vrf-test-igmp)#exit
PE2(config-mcast-vrf-test)#exit
PE2(config-mcast)#exit

Configuration Verification
When MPLS VPN is established, execute the show ip forwarding route vrf test command
on PE1 and PE2, as shown in the following:
PE1(config)#show ip forwarding route vrf test
IPv4 Routing Table:
Headers: Dest: Destination, Gw: Gateway, Pri: Priority;
Codes : BROADC: Broadcast, USER-I: User-ipaddr, USER-S: User-special,
MULTIC: Multicast, USER-N: User-network, DHCP-D: DHCP-DFT,
ASBR-V: ASBR-VPN, STAT-V: Static-VRF, DHCP-S: DHCP-static,
GW-FWD: PS-BUSI, NAT64: Stateless-NAT64, LDP-A: LDP-area,
GW-UE: PS-USER, P-VRF: Per-VRF-label, TE: RSVP-TE;
status codes: *valid, >bes
Dest

Gw

Interface

Owner

Pri

100.106.102.0/24

1.1.1.19

gei-0/1/0/1

BGP

200

Metric
0

100.105.102.0/24

100.105.102.17

gei-0/1/0/1

DIRECT

100.105.102.17/32

100.105.102.17

gei-0/1/0/1

ADDRESS

PE1#ping vrf test 100.106.102.17


sending 5,100-byte ICMP echoes to 125.1.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.

1. View public network neighbor establishment state, as shown in the following:


PE1#show ip pim neighbor
Neighbor Address Interface

DR Priority Uptime

Expires

100.101.102.18

00:01:20

gei-0/1/0/1

00:06:48

Ver
V2

2. View private network neighbor establishment state, as shown in the following:


PE1#show ip pim neighbor vrf test
Neighbor Address Interface
1.1.1.19

mvpn_tunnel1

DR Priority Uptime
1

00:03:28

Expires

Ver

00:01:17

V2

3. View public network multicast interface state, as shown in the following:


4-9
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


PE1#show ip pim interface
Address Interface State Nbr Hello DR DR PIM Mode
Count Period Priority Silent
1.1.1.17

loopback1

100.101.102.17 gei-0/1/0/1

Up

30

1.1.1.17

Disabled

Up

30

100.101.102.18 Disabled

4. View private network multicast interface state, as shown in the following:


PE1#show ip pim interface vrf test
Address Interface State Nbr Hello DR DR PIM Mode
Count Period Priority Silent
1.1.1.17

mvpn_tunnel1 Up

100.105.102.17 gei-0/1/0/3

Up

30

1.1.1.19

Disabled

30

100.105.102.17 Disabled

5. View public network RP, as shown in the following:


PE1#show ip pim rp mapping
Group(s): 224.0.0.0/4(SM)
RP: 1.1.1.17, v2, Priority:192
BSR: 1.1.1.17, via bootstrap
Uptime: 00:13:27, expires: 00:02:03
Group(s): 0.0.0.0/0(NOUSED)

6. View private network RP, as shown in the following:


PE1#show ip pim rp mapping vrf test
Group(s): 224.0.0.0/4(SM)
RP: 100.105.102.17, v2, Priority:192
BSR:

100.105.102.17, via bootstrap


Uptime: 00:08:17, expires: 00:02:13

Group(s): 0.0.0.0/0(NOUSED)

7. View public network BSR, as shown in the following:


PE1#show ip pim bsr
BSR address: 1.1.1.17
Uptime: 00:14:30, BSR Priority :0, Hash mask length:30
Expires:00:01:40

This system is a candidate BSR!


candidate BSR address: 1.1.1.17(loopback1),
priority: 0,
hash mask length: 30

This system is a candidate RP!


candidate RP address: 1.1.1.17(loopback1),priority:192

8. View privae network BSR, as shown in the following:


PE1#show ip pim bsr vrf test
BSR address: 100.105.102.17
Uptime: 00:09:15, BSR Priority :0, Hash mask length:30
Expires:00:01:55

4-10
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 4 Multicast VPN Configuration


This system is a candidate BSR!
candidate BSR address: 100.105.102.17(gei-0/1/0/3),
priority: 0,
hash mask length: 30

This system is a candidate RP!


candidate RP address: 100.105.102.17(gei-0/1/0/3),priority:192

9. View public route. Check whether public network and private network routes are
generated correctly.
PE2#show ip mroute
IP Multicast Routing Table
Flags:NS:SPT upsend, RT:Reg upsend, MT:Tunnel, F:Forward, S:Syn mrt,
NTP:NTP join, FLT:Flt add, FD:Flt del, DPU:Damping enable, DPD:Damping del,
(*, 235.1.1.1), RP: 1.1.1.17, TYPE: DYNAMIC, FLAGS: NS/MT
Incoming interface: gei-0/1/0/1, flags: NS
Outgoing interface list:
loopback1, mvrf: test, flags: NS/MT/S
(1.1.1.17, 235.1.1.1), TYPE: DYNAMIC, FLAGS: MT
Incoming interface: gei-0/1/0/1, flags: NS
Outgoing interface list:
loopback1, mvrf: test, flags: MT/S
(1.1.1.19, 235.1.1.1),

TYPE: DYNAMIC, FLAGS:

Incoming interface: loopback1, flags:


Outgoing interface list:
gei-0/1/0/1, flags: F/S

PE2#show ip pim mroute


PIM-SM Multicast Routing Table
Flags: T- SPT-bit set,A- Foward,J- Join SPT,U- Upsend ,
Macro state: Ind- Pim Include Macro,Exd- Pim Exclude Macro,
Jns- Pim Joins Macro,LAst- Pim Lost_assert Macro,
Imo- Pim Immediate_olist Macro,Ino- Pim Inherited_olist Macro,

Lcd- Pim Local_receiver_include Macro


Timers:Uptime/Expires(Upstream State)

(*, 235.1.1.1), 2d17h/00:00:51(JOINED), RP address: 1.1.1.17,


Ind: 1/Jns: 0/LAst: 0/Imo: 1/Lcd: 1
Iif: gei-0/1/0/1, RPF nbr: 100.103.102.18, AJ
Oif:
loopback1,

LocalIn

ImoXG

(1.1.1.19, 235.1.1.1), 2d17h/00:00:00(JOINED)/00:03:25,


Reg:PRUNE; RP:1.1.1.17; RT:NULL;
Ind:0/Exd:0/Jns:1/LAst:0/Imo:1/Ino:2
Iif: loopback1, RPF nbr:0.0.0.0(S); AT

4-11
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


RPF nbr:0.0.0.0(D); 00:00:00(FORWARD);
(1.1.1.19, 235.1.1.1, rpt), 2d17h/00:00:00(PRUNED),
Pru:0/LAst:0/Ino:1
Iif:gei-0/1/0/1; RPF nbr: 100.103.102.18 (RPF'(*, G));
Oif:
loopback1,
gei-0/1/0/1,

InheritedFromXG
JoinsSG

InoSGRpt

InoSG

InoSG

(1.1.1.17, 235.1.1.1), 2d17h/00:00:50(JOINED)/00:00:43,


Reg:NO INFO; RP:1.1.1.17; RT:NULL;
Ind:0/Exd:0/Jns:0/LAst:0/Imo:0/Ino:1
Iif: gei-0/1/0/1, RPF nbr: 100.103.102.18 (S); AT
RPF nbr: 100.103.102.18 (D); 00:00:00(FORWARD);
Oif:
loopback1,

InheritedFromXG

InoSGRpt

InoSG

4-12
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 5

GRE Configuration
Table of Contents
GRE Overview ...........................................................................................................5-1
Configuring a GRE Over IPv4 Tunnel .........................................................................5-3
Configuring a GRE Over IPv6 Tunnel .........................................................................5-5
Configuring a GRE DS-Lite Static Tunnel ...................................................................5-7
Configuring a GRE DS-Lite Dynamic Tunnel ..............................................................5-8
Configuring GRE Keep-Alive ......................................................................................5-9
GRE Configuration Examples...................................................................................5-11

5.1 GRE Overview


GRE Introduction
General Routing Encapsulation (GRE) is submitted to IETF by Cisco corporation and
Net-smiths corporation in 1994. At present, network devices of many vendors support
GRE tunnel protocol. A tunnel means that PDUs of a protocol are encapsulated in PDUs
of the same layer protocol or a higher layer protocol.
GRE is a widely used technology that encapsulates PDUs of a network layer protocol in
PDUs of any other network layer protocol. It is usually used to establish a GRE tunnel
to pass through different Layer 3 networks. GRE supports to encapsulate messages of a
protocol in messages of another protocol and transmit the messages on networks. It can
encapsulate the packets of some network layer protocols (such as IP and IPX), so that the
encapsulated packets can be transmitted through another network layer protocol (such as
IP).
In general, system has a data packet which needs to be encapsulated and transmitted to
some destination. We calls this data packet as payload packet. Payload packet is firstly
encapsulated into a GRE data packet. The GRE data packet can be encapsulated into
another kind of protocol and then forwarded. The outer protocol is named as delivery
protocol. The format of a GRE data packet after encapsulation is shown as Figure 5-1.

5-1
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Figure 5-1 GRE Encapsulation

GRE tunnels can be divided into GRE over IPv4 tunnels and GRE over IPv6 tunnels. The
source and destination addresses of the two types of GRE tunnels are obtained through
GRE tunnel configurations.
GRE tunnels can also be divided into DS-Lite static tunnels and DS-Lite dynamic tunnels,
which are deployed in CGN. For a DS-Lite static tunnel, the source IP address and
destination IP address need to be manually configured, and for a DS-Lite dynamic tunnel,
only the source IP address needs to be configured.
GRE tunnel can be established on host-host, host-device, device-host and device-device.
The terminal of tunnel is the final destination of message or the message needs to be
forwarded.

GRE over IPv4 Tunnel


When a GRE tunnel is configured, the device searches for the tunnel index at the ingress
of the tunnel. When it finds the outer IP destination and source addresses, it encapsulates
an outer IP header and a GRE header to the IP packet and then forwards the packets
through the tunnel.
The device removes the outer IP header and the GRE header at the egress and then
forwards the common packet.
GRE over IPv4 Tunnel mainly includes tunnel encapsulation and de-encapsulation.
l

Encapsulation procedure
1. When host or router is sending IPv4 flow, if message outgoing interface is tunnel
interface, verify tunnel type first. If it is GRE tunnel, do the encapsulation of IPv4
header, of which IPv4 header source address and destination address are got by
user manual configuration.
2. After encapsulation, the message will be sent by the IPv4 message sending flow.
De-encapsulation procedure
1. It is the reversed process of encapsulation. Router receives IPv4 data packet.
If IPv4 header protocol number is 47, apply process function of each protocol
of IPv4 registration, enter into GRE de-encapsulation flow, search for matched
tunnel entry according to source address and destination address of message. If
it is found the IPv4 header and GRE header encapsulated by tunnel are removed.
2. The remaining message is handled by IPv4 packet receiving flow.
5-2

SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 5 GRE Configuration

GRE over IPv6 Tunnel


When a GRE tunnel is configured, the device searches for the tunnel index at the ingress of
the tunnel. When it finds the outer IP destination and source addresses, it encapsulates an
outer IP header and a GRE header to the source IP packet and then forwards the packets
through the tunnel.
The device removes the outer IP header and the GRE header at the egress and then
forwards the common packet.
GRE over IPv4 Tunnel mainly includes tunnel encapsulation and de-encapsulation.
l

Encapsulation procedure
1. When host or router is sending IPv6 flow, if message outgoing interface is tunnel
interface, verify tunnel type first. If it is GRE tunnel, do the encapsulation of IPv4
header, of which IPv4 header source address and destination address are got by
user manual configuration.
2. After encapsulation, the message will be sent by the IPv4 message sending flow.
De-encapsulation procedure
1. It is the reversed process of encapsulation. Router receives IPv4 data packet.
If IPv4 header protocol number is 47, apply process function of each protocol
of IPv4 registration, enter into GRE de-encapsulation flow, search for matched
tunnel entry according to source address and destination address of message. If
it is found the IPv4 header and GRE header encapsulated by tunnel are removed.
2. The remaining IPv6 message is handled by IPv6 packet receiving flow.

GRE DS-Lite Tunnel


DS-Lite tunnels are used for IPv4 users to access an IPv4 Internet through an IPv6 network.
They can also be used for carrier-class IPv4 address multiplexing through IPv4-IPv4 NAT,
and tunnel encapsulation and decapsulation in the forwarding plane.

5.2 Configuring a GRE Over IPv4 Tunnel


This procedure describes how to configure a GRE over IPv4 tunnel.

Steps
1. Create GRE tunnel interface.
Step

Command

Function

ZXR10(config)#interface gre_tunnel<tunnel-nu

Creates GRE tunnel interface.

mber>
2

ZXR10(config-if-gre_tunnel-number)#ip

Configures IP address and mask of

address <ip-address><net-mask>

GRE tunnel interface.

2. Configure GRE tunnel.

5-3
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Step

Command

Function

ZXR10(config)#gre-config

Enters GRE tunnel configuration


mode.

ZXR10(config-gre)#interface gre_tunnel<tunn

Enters GRE tunnel interface

el-number>

configuration mode.

ZXR10(config-gre-if-gre_tunnel-number)#t

Configures the current tunnel mode

unnel mode ip

as GRE over IPv4.

ZXR10(config-gre-if-gre_tunnel-number)#tu

Configures tunnel source address.

nnel source ipv4 <src-addr>

ZXR10(config-gre-if-gre_tunnel-number)#tu

Sets the source IP address of the

nnel source interface <interface-name>

tunnel to the interface address.

ZXR10(config-gre-if-gre_tunnel-number)#tu

Configures tunnel destination

nnel destination ipv4 <dst-addr>

address.

3. Configure other attributes of the GRE tunnel.


Step

Command

Function

ZXR10(config-gre-if-gre_tunnel-number)#tu

Configures tunnel key option.

nnel key <key-value>


2

ZXR10(config-gre-if-gre_tunnel-number)#tu

Enables tunnel checksum function.

nnel checksum
3

ZXR10(config-gre-if-gre_tunnel-number)#tu

Configures across VRF instance

nnel vrf <vrf-name>

name after tunnel encapsulation.

ZXR10(config-gre-if-gre_tunnel-number)#tu

Clears the non-fragment bits of the

nnel clear-dont-fragment-bit

message.

ZXR10(config-gre-if-gre_tunnel-number)#tu

Enables the tunnel keepalive

nnel keepalive [<period><retry>]

function.

ZXR10(config-gre-if-gre_tunnel-number)#tu

Enables the BFD function for the

nnel bfd

tunnel.

<period>: keep-alive packet transmission interval, range: 1-32767, unit: seconds.


<retry>: maximum transmission retries of keep-alive packets, range: 3-255.
<key-value>: It means key value used for tunnel security. The range of the key is
0-4294967295.
4. Verify the configurations.
Command

Function

ZXR10#show running-config-interface

Displays the configuration of a specified

gre_tunnel<tunnel-number>

GRE tunnel.

5-4
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 5 GRE Configuration

Command

Function

ZXR10#show ip interface gre_tunnel<tunnel-number>

Displays the status of a specified GRE


tunnel.

5. Maintain GRE Over IPv4 Tunnel.


Command

Function

ZXR10#debug gre-tunnel

Enables GRE tunnel debug switch and


views encapsulation and de-encapsulation
information.
Checks if GRE tunnel debug switch is

ZXR10#show debug gre-tunnel

enabled.

End of Steps

5.3 Configuring a GRE Over IPv6 Tunnel


This procedure describes how to configure a GRE over IPv6 tunnel.

Steps
1. Create GRE tunnel interface.
Step

Command

Function

ZXR10(config)#interface gre_tunnel<tunnel-nu

Creates GRE tunnel interface.

mber>
2

ZXR10(config-if-gre_tunnel-number)#ip

Configures IP address and mask of

address <ip-address><net-mask>

GRE tunnel interface.

2. Configure GRE tunnel.


Step

Command

Function

ZXR10(config)#gre-config

Enters into GRE tunnel configuration


mode.

ZXR10(config-gre)#interface gre_tunnel<tunn

Enters into GRE tunnel interface

el-number>

configuration mode.

ZXR10(config-gre-if-gre_tunnel-number)#tu

Configures the current tunnel mode

nnel mode ipv6

as GRE over IPv6.

ZXR10(config-gre-if-gre_tunnel-number)#tu

Configures tunnel source address.

nnel source ipv6 <src-addr>


ZXR10(config-gre-if-gre_tunnel-number)#tu

Sets the source IP address of the

nnel source interface <interface-name>

tunnel to the interface address.

5-5
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Step

Command

Function

ZXR10(config-gre-if-gre_tunnel-number)#tu

Configures tunnel destination

nnel destination ipv6 <dst-addr>

address.

3. Configure other attributes of the GRE tunnel.


Step

Command

Function

ZXR10(config-gre-if-gre_tunnel-number)#tu

Configures tunnel key option.

nnel key <key-value>


2

ZXR10(config-gre-if-gre_tunnel-number)#tu

Enables tunnel checksum function.

nnel checksum
3

ZXR10(config-gre-if-gre_tunnel-number)#tu

Configures across VRF instance

nnel vrf <vrf-name>

name after tunnel encapsulation.

ZXR10(config-gre-if-gre_tunnel-number)#tu

Clears the non-fragment bit of a

nnel clear-dont-fragment-bit

message.

ZXR10(config-gre-if-gre_tunnel-number)#tu

Enables the tunnel keepalive

nnel keepalive [<period><retry>]

function.
The keepalive period of the message
is 10 seconds, and the maximum
retry times is 3.

ZXR10(config-gre-if-gre_tunnel-number)#tu

Enables the BFD function of the

nnel bfd

tunnel.

<period>: keep-alive packet transmission interval, range: 1-32767, unit: second.


<retry>: maximum transmission retries for keep-alive packets, range: 3-255.
<key-value> : It means key value used for tunnel security. The range of the key is
0-4294967295.
4. Verify the configurations.
Command

Function

ZXR10#show running-config-interface

Displays the configuration of a specified

gre_tunnel<tunnel-number>

GRE.

ZXR10#show ip interface gre_tunnel<tunnel-number>

Displays the status of a specified GRE


tunnel.

5. Maintain GRE Over IPv6 Tunnel.


Command

Function

ZXR10#debug gre-tunnel

Enables GRE tunnel debug switch and


views encapsulation and de-encapsulation
information.
5-6

SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 5 GRE Configuration

Command

Function

ZXR10#show debug gre-tunnel

Checks if GRE tunnel debug switch is


enabled.

End of Steps

5.4 Configuring a GRE DS-Lite Static Tunnel


This procedure describes how to configure a GRE DS-Lite static tunnel.

Steps
1. Create GRE tunnel interface.
Step

Command

Function

ZXR10(config)#interface gre_tunnel<tunnel-number>

Creates GRE tunnel interface.

ZXR10(config-if-gre_tunnel-number)#ip address

Configures IP address and mask

<ip-address><net-mask>

of GRE tunnel interface.

2. Configure GRE tunnel.


Step

Command

Function

ZXR10(config)#gre-config

Enters into GRE tunnel


configuration mode.

ZXR10(config-gre)#interface gre_tunnel<tunnel-nu

Enters into GRE tunnel interface

mber>

configuration mode.

ZXR10(config-gre-if-gre_tunnel-number)#tun

Configures the current tunnel

nel mode ipv6

mode as GRE over IPv6.

ZXR10(config-gre-if-gre_tunnel-number)#tun

Configures tunnel source address

nel source ipv6 <src-addr>

(IPv6 address).

ZXR10(config-gre-if-gre_tunnel-number)#tun

Sets the source IP address of the

nel source interface <interface-name>

tunnel to the IPv6 address of a


specified interface.

ZXR10(config-gre-if-gre_tunnel-number)#tun

Configures tunnel destination

nel destination ipv6 <dst-addr>

address (IPv6 address).

3. Verify the configurations.


Command

Function

ZXR10#show running-config-interface

Displays the configuration of a specified

gre_tunnel<tunnel-number>

GRE tunnel.

5-7
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Command

Function

ZXR10#show ip interface gre_tunnel<tunnel-number>

Displays the status of a specified GRE


tunnel.

4. Maintain GRE Over IPv6 Tunnel.


Command

Function

ZXR10#debug gre-tunnel

Enables GRE tunnel debug switch and


views encapsulation and de-encapsulation
information.
Checks if GRE tunnel debug switch is

ZXR10#show debug gre-tunnel

enabled.

End of Steps

5.5 Configuring a GRE DS-Lite Dynamic Tunnel


This procedure describes how to configure a GRE DS-Lite dynamic tunnel.

Steps
1. Create GRE tunnel interface.
Step

Command

Function

ZXR10(config)#interface gre_tunnel<tunnel-number>

Creates GRE tunnel interface.

ZXR10(config-if-gre_tunnel-number)#ip address

Configures IP address and mask

<ip-address><net-mask>

of GRE tunnel interface.

2. Configure GRE tunnel.


Step

Command

Function

ZXR10(config)#gre-config

Enters into GRE tunnel


configuration mode.

ZXR10(config-gre)#interface gre_tunnel<tunnel-nu

Enters into GRE tunnel interface

mber>

configuration mode.

ZXR10(config-gre-if-gre_tunnel-number)#tun

Configures the current tunnel

nel mode ipv6

mode as GRE over IPv6.

ZXR10(config-gre-if-gre_tunnel-number)#tun

Configures tunnel source address

nel source ipv6 <src-addr>

(IPv6 address).

ZXR10(config-gre-if-gre_tunnel-number)#tun

Sets the source IP address of the

nel source interface <interface-name>

tunnel to the IPv6 address of a


specified interface.

5-8
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 5 GRE Configuration

3. Verify the configurations.


Command

Function

ZXR10#show running-config-interface

Displays the configuration of a specified

gre_tunnel<tunnel-number>

GRE tunnel.

ZXR10#show ip interface gre_tunnel<tunnel-number>

Displays the status of a specified GRE


tunnel.

4. Maintain GRE Over IPv6 Tunnel.


Command

Function

ZXR10#debug gre-tunnel

Enables GRE tunnel debug switch and


views encapsulation and de-encapsulation
information.
Checks if GRE tunnel debug switch is

ZXR10#show debug gre-tunnel

enabled.

End of Steps

5.6 Configuring GRE Keep-Alive


This procedure describes how to configure the GRE keep-alive function.

Steps
1. Create a GRE tunnel interface.
Step

Command

Function

ZXR10(config)#interface gre_tunnel<tunnel-number>

Creates a GRE tunnel interface.

ZXR10(config-if-gre_tunnel-number)#ip address

Configures the IP address and

<ip-address><net-mask>

mask for the GRE tunnel interface.

2. Configure a GRE tunnel and the keep-alive function.


Step

Command

Function

ZXR10(config)#gre-config

Enters GRE tunnel configuration


mode.

5-9
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Step

Command

Function

ZXR10(config-gre)#tunnel keepalive-mode {

Configures the GRE keep-alive

centralized | distributed}

mode. The centralized parameter


indicates sending keep-alive
packets for the control plane. The
distributed parameter indicates
sending keep-alive packets for the
forwarding plane.
This command is also applicable
to a GRE over IPv6 tunnel.

ZXR10(config-gre)#interface gre_tunnel<tunnel-nu

Enters GRE tunnel interface

mber>

configuration mode.

ZXR10(config-gre-if-gre_tunnel-number)#tun

Sets the tunnel mode to GRE over

nel mode ip

IPv4.

ZXR10(config-gre-if-gre_tunnel-number)#tun

Sets the source address of the

nel source ipv4<src-addr>

tunnel.

ZXR10(config-gre-if-gre_tunnel-number)#tun

Sets the source IP address of the

nel source interface <interface-name>

tunnel to an interface address.

ZXR10(config-gre-if-gre_tunnel-number)#tun

Sets the destination address of

nel destination ipv4 <dst-addr>

the tunnel.

ZXR10(config-gre-if-gre_tunnel-number)#tun

Enables the tunnel keep-alive

nel keepalive [<period><retry>]

function.

<period>: period of sending keep-alive packets (in seconds), range: 132767.


<retry>: maximum number of times that a keep-alive packet is resent, range: 3255.
3. Configure other options of the GRE tunnel.
Step

Command

Function

ZXR10(config-gre-if-gre_tunnel-number)#tun

Sets the KEY option for the tunnel.

nel key <key-value>


2

ZXR10(config-gre-if-gre_tunnel-number)#tun

Enables the checksum function

nel checksum

for the tunnel.

ZXR10(config-gre-if-gre_tunnel-number)#tun

Sets the name of the VRF

nel vrf <vrf-name>

instance that the tunnel passes


through after encapsulation.

ZXR10(config-gre-if-gre_tunnel-number)#tun

Clears the non-fragment bit.

nel clear-dont-fragment-bit
5

ZXR10(config-gre-if-gre_tunnel-number)#tun

Enables the BFD function for the

nel bfd

tunnel.

5-10
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 5 GRE Configuration

<key-value>: key used for tunnel security, range: 04294967295.


4. Verify the configurations.
Command

Function

ZXR10#show running-config-interface gre_tunnel<tunnel-

Shows configuration information

number>

about the specified GRE tunnel.

ZXR10#show ip interface gre_tunnel<tunnel-number>

Shows the state of the specified GRE


tunnel.

5. Maintains a GRE over IPv4 tunnel.


Command

Function

ZXR10#debug gre-tunnel [interface <intf>]

Enables the GRE tunnel debug


switch to show encapsulation
information and decapsulation
information.
Shows whether the GRE tunnel

ZXR10#show debug gre-tunnel

debugging switch is on.

End of Steps

5.7 GRE Configuration Examples


5.7.1 Basic IPv4 GRE Configuration Instance
Configuration Description
As shown in Figure 5-2, GRE tunnel is configured between R1 and R2. R1 interface
address is 100.0.0.1/24, GRE interface address is 11.0.0.1/24. R2 interface address is
200.0.0.1/24, GRE interface address is 11.0.0.2/24.
Figure 5-2 Basic IPv4 GRE Configuration Instance

5-11
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Configuration Flow
1. Configure the interface IP addresses on R1 and R2, create route to make the two
routers interconnected.
2. Create gre_tunnel interface on global mode and allocate the corresponding IP address.
3. Enter into GRE configuration mode at global configuration mode and enter into the
GRE interface to be configured.
4. Configure GRE on R1 and R2 respectively. Set GRE working mode and bound source
and destination interface addresses.

Configuration Command
Configuration on R1:
R1(config)#interface gei-0/1/0/1
R1(config-if-gei-0/1/0/1)#no shutdown
R1(config-if-gei-0/1/0/1)#ip adderss 100.0.0.1 255.255.255.0
R1(config-if-gei-0/1/0/1)#exit
R1(config)#interface gre_tunnel1
R1(config-if-gre_tunnel1)#ip address 11.0.0.1 255.255.255.0
R1(config-if-gre_tunnel1)#exit

R1(config)#gre-config
R1(config-gre)#interface gre_tunnel1
R1(config-gre-if-gre_tunnel1)#tunnel mode ip
R1(config-gre-if-gre_tunnel1)#tunnel source ipv4 100.0.0.1
R1(config-gre-if-gre_tunnel1)#tunnel destination ipv4 200.0.0.1
R1(config-gre-if-gre_tunnel1)#exit
R1(config-gre)#exit

Configuration on R2:
R2(config)#interface gei-0/2/0/1
R2(config-if-gei-0/2/0/1)#no shutdown
R2(config-if-gei-0/2/0/1)#ip address 200.0.0.1 255.255.255.0
R2(config-if-gei-0/2/0/1)#exit
R2(config)#interface gre_tunnel1
R2(config-if-gre_tunnel1)#ip address 11.0.0.2 255.255.255.0
R2(config-if-gre_tunnel1)#exit

R2(config)#gre-config
R2(config-gre)#interface gre_tunnel1
R2(config-gre-if-gre_tunnel1)#tunnel mode ip
R2(config-gre-if-gre_tunnel1)#tunnel source ipv4 200.0.0.1
R2(config-gre-if-gre_tunnel1)#tunnel destination ipv4 100.0.0.1
R2(config-gre-if-gre_tunnel1)#exit
R2(config-gre)#exit

5-12
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 5 GRE Configuration

Configuration Verification
Check the GRE configuration on R1 and R2, as shown in the following:
R1(config)#show running-config-interface gre_tunnel1
!<if-intf>
interface gre_tunnel1
ip address 11.0.0.1 255.255.255.0
!</if-intf>
!<gre-tunnel >
gre-config
interface gre_tunnel1
tunnel mode ip
tunnel source ipv4 100.0.0.1
tunnel destination ipv4 200.0.0.1
$
$
!</gre-tunnel >

R1(config)#show ip interface gre_tunnel1


gre_tunnel1 AdminStatus is up, PhyStatus is up, line protocol is up,
IPv4 protocol is up
Internet address is 11.0.0.1/24

/*all are up, tunnel is valid.*/

Broadcast address is 255.255.255.255


Address determined by setup command
Load-sharing bandwidth 1000000 Kbps
IP MTU is 1476 bytes

R2(config)#show running-config-interface

gre_tunnel1

!<if-intf>
interface gre_tunnel1
ip address 11.0.0.2 255.255.255.0
!
!</if-intf>
!< gre-tunnel >
gre-config
interface gre_tunnel1
tunnel mode ip
tunnel source ipv4 200.0.0.1
tunnel destination ipv4 100.0.0.1
$
$
!</ gre-tunnel >

R2(config)#show ip interface gre_tunnel1


gre_tunnel1 AdminStatus is up, PhyStatus is up, line protocol is up,

5-13
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


IPv4 protocol is up
Internet address is 11.0.0.2/24

/*all are up, tunnel is valid.*/

Broadcast address is 255.255.255.255


Address determined by setup command
Load-sharing bandwidth 1000000 Kbps
IP MTU is 1476 bytes

5.7.2 GRE 6over4 Configuration Instance


Configuration Description
As shown in Figure 5-3, GRE tunnel is configured between R1 and R2. R1 interface
address is 100.0.0.1/24, GRE interface address is 2010::11/64. R2 interface address is
200.0.0.1/24, GRE interface address is 2010::22/64.
Figure 5-3 GRE 6in4 Configuration Instance

Configuration Flow
1. Configure the interface IP addresses on R1 and R2, create route to make the two
routers interconnected.
2. Create gre_tunnel interface on global mode and allocate the corresponding IPv6
address.
3. Enter into GRE configuration mode at global configuration mode and enter into the
GRE interface to be configured.
4. Configure GRE on R1 and R2 respectively. Set GRE working mode and bound source
and destination interface addresses.

Configuration Command
Configuration on R1:
R1(config)#interface gei-0/1/0/1
R1(config-if-gei-0/1/0/1)#no shutdown
R1(config-if-gei-0/1/0/1)#ip adderss 100.0.0.1 255.255.255.0
R1(config-if-gei-0/1/0/1)#exit
R1(config)#interface gre_tunnel1

5-14
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 5 GRE Configuration


R1(config-if-gre_tunnel1)#ipv6 enable
R1(config-if-gre_tunnel1)#ipv6 address 2010::11/64
R1(config-if-gre_tunnel1)#exit

R1(config)#gre-config
R1(config-gre)#interface gre_tunnel1
R1(config-gre-if-gre_tunnel1)#tunnel mode ip
R1(config-gre-if-gre_tunnel1)#tunnel source ipv4 100.0.0.1
R1(config-gre-if-gre_tunnel1)#tunnel destination ipv4 200.0.0.1
R1(config-gre-if-gre_tunnel1)#tunnel key 1
R1(config-gre-if-gre_tunnel1)#exit
R1(config-gre)#exit

Configuration on R2:
R2(config)#interface gei-0/2/0/1
R2(config-if-gei-0/2/0/1)#no shutdown
R2(config-if-gei-0/2/0/1)#ip address 200.0.0.1 255.255.255.0
R2(config-if-gei-0/2/0/1)#exit
R2(config)#interface gre_tunnel1
R2(config-if-gre_tunnel1)#ipv6 enable
R2(config-if-gre_tunnel1)#ipv6 address 2010::22/64
R2(config-if-gre_tunnel1)#exit

R2(config)#gre-config
R2(config-gre)#interface gre_tunnel1
R2(config-gre-if-gre_tunnel1)#tunnel mode ip
R2(config-gre-if-gre_tunnel1)#tunnel source ipv4 200.0.0.1
R2(config-gre-if-gre_tunnel1)#tunnel destination ipv4 100.0.0.1
R2(config-gre-if-gre_tunnel1)#tunnel key 1
R2(config-gre-if-gre_tunnel1)#exit
R2(config-gre)#exit

Configuration Verification
Check the GRE configuration on R1 and R2, as shown in the following:
R1(config)#show running-config-interface gre_tunnel1
! <if-intf>
interface gre_tunnel1
ipv6 enable
ipv6 address 2010::11/64
$
! </if-intf>
! <gre-tunnel>
gre-config
interface gre_tunnel1

5-15
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


tunnel mode ip
tunnel source ipv4 100.0.0.1
tunnel destination ipv4 200.0.0.1
tunnel key 1
$
$
! </gre-tunnel>

R1(config)#show ipv6 interface gre_tunnel1


Interface gre_tunnel1 is up, line protocol is up,
IPv6 protocol is up
IPv6 is enable,

Hardware is Gre Tunnel

Index 17
Bandwidth 100000 Kbps
IPv6 MTU is 1452 bytes
inet6 fe80::2d0:12ff:fe34:561f/10
inet6 2010::11/64

/*if invalid, there is [tentative]*/

ND DAD is enabled, number of DAD attemps:3


ND reachable time is 30000 milliseconds

R2(config)#show running-config-interface gre_tunnel1


!<if-intf>
interface gre_tunnel1
ipv6 enable
ipv6 address 2010::22/64
$
! </if-intf>
! <gre-tunnel>
gre-config
interface gre_tunnel1
tunnel mode ip
tunnel source ipv4 200.0.0.1
tunnel destination ipv4 100.0.0.1
tunnel key 1
$
$
! <gre-tunnel>

R2(config)#show ipv6 interface gre_tunnel1


Interface gre_tunnel1 is up, line protocol is up, IPv6 protocol is up
IPv6 is enable,

Hardware is Gre Tunnel

Index 17
Bandwidth 100000 Kbps
IPv6 MTU is 1452 bytes

5-16
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 5 GRE Configuration


inet6 fe80::277:abff:fe13:3301/10
inet6 2010::22/64

/*if invalid, there is [tentative]*/

ND DAD is enabled, number of DAD attemps:3


ND reachable time is 30000 milliseconds

5.7.3 Basic IPv6 GRE Configuration Example


Configuration Description
Figure 5-4 shows the network structure for configuring a GRE tunnel between R1 and R2.
The R1 interface address is 100::1/64 and its GRE interface address is 11::1/64. The R2
interface address is 200::1/64 and its GRE interface address is 11::2/64.
Figure 5-4 Network Structure for Basic IPv6 GRE Configuration

Configuration Flow
1. Configure IPv6 interface addresses of R1 and R2 and save the addresses in the routes
to make them accessible.
2. In global configuration mode, create the gre_tunnel interface and distribute an IPv6
address to the interface.
3. In global configuration mode, enter GRE configuration mode and the GRE interface to
be configured.
4. Configure GRE tunnels for R1 and R2, set the GRE tunnel mode, and set the source
and destination addresses.

Configuration Commands
Configure R1 as follows:
R1(config)#interface gei-0/1/0/1
R1(config-if-gei-0/1/0/1)#no shutdown
R1(config-if-gei-0/1/0/1)#ipv6 enable
R1(config-if-gei-0/1/0/1)# ipv6 address 100::1/64
R1(config-if-gei-0/1/0/1)#exit
R1(config)#interface gre_tunnel1

5-17
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


R1(config-if-gre_tunnel1)#ipv6 enable
R1(config-if-gre_tunnel1)# ipv6 address 11::1/64
R1(config-if-gre_tunnel1)#exit

R1(config)#gre-config
R1(config-gre)#interface gre_tunnel1
R1(config-gre-if-gre_tunnel1)#tunnel mode ipv6
R1(config-gre-if-gre_tunnel1)#tunnel source ipv6 100::1
R1(config-gre-if-gre_tunnel1)#tunnel destination ipv6 200::1
R1(config-gre-if-gre_tunnel1)#exit
R1(config-gre)#exit

Configure R2 as follows:
R2(config)#interface gei-0/2/0/1
R2(config-if-gei-0/2/0/1)#no shutdown
R2(config-if-gei-0/2/0/1)# ipv6 enable
R2(config-if-gei-0/2/0/1)# ipv6 address 200::1/64
R2(config-if-gei-0/2/0/1)#exit
R2(config)#interface gre_tunnel1
R2(config-if-gre_tunnel1)#ipv6 enable
R2(config-if-gre_tunnel1)# ipv6 address 11::2/64
R2(config-if-gre_tunnel1)#exit

R2(config)#gre-config
R2(config-gre)#interface gre_tunnel1
R2(config-gre-if-gre_tunnel1)#tunnel mode ipv6
R2(config-gre-if-gre_tunnel1)#tunnel source ipv6 200::1
R2(config-gre-if-gre_tunnel1)#tunnel destination ipv6 100::1
R2(config-gre-if-gre_tunnel1)#exit
R2(config-gre)#exit

Configuration Verification
Check the GRE tunnel configurations on R1 and R2 as follows:
R1(config)#show running-config-interface gre_tunnel1
!<if-intf>
interface gre_tunnel1
ipv6 enable
ipv6 address 11::1/64
$
!</if-intf>
!<gre-tunnel>
gre-config
interface gre_tunnel1
tunnel mode ipv6

5-18
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Chapter 5 GRE Configuration


tunnel source ipv6 100::1
tunnel destination ipv6 200::1
$
$
!</gre-tunnel>
R1(config)#show ipv6 interface gre_tunnel1
Interface gre_tunnel1 is up, line protocol is up, IPv6 protocol is up
/*The tunnel is valid if all these parameters are up. */
IPv6 is enabled,

Hardware is Gre Tunnel

Index 17288
Bandwidth 100000 Kbits
IPv6 MTU is 1452 bytes
inet6 fe80::2d0:12ff:fe34:561f/10
inet6 11::1/64
ND DAD is enabled,number of DAD attemps:3
ND reachable time is 30000 millisecon

R2(config)#show running-config-interface gre_tunnel1


!<if-intf>
interface gre_tunnel1
ipv6 enable
ipv6 address 11::2/64
$
!</if-intf>
!<gre-tunnel>
gre-config
interface gre_tunnel1
tunnel mode ipv6
tunnel source ipv6 200::1
tunnel destination ipv6 100::1
$
$
!</gre-tunnel>

R2(config)#show ip interface gre_tunnel1


Interface gre_tunnel10 is up, line protocol is up, IPv6 protocol is up
/*The tunnel is valid if all these
parameters are up.*/
IPv6 is enabled,

Hardware is Gre Tunnel

Index 17225
Bandwidth 100000 Kbits
IPv6 MTU is 1452 bytes
inet6 fe80::201:12ff:feac:121a/10
inet6 11::2/64
ND DAD is enabled,number of DAD attemps:3

5-19
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)


ND reachable time is 30000 milliseconds

5-20
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Figures
Figure 2-1 VPWS Working Principle.......................................................................... 2-2
Figure 2-2 VPLS Working Principle ........................................................................... 2-3
Figure 2-3 VPLS Working Principle ........................................................................... 2-4
Figure 2-4 Network Structure of L2VPN VPLS Un-Qualified Configuration .............. 2-13
Figure 2-5 VPLS-MAC Filter Configuration Instance ............................................... 2-23
Figure 2-6 L2VPN VPWS ethernet PW Configuration ............................................. 2-34
Figure 2-7 VPWS BFD Configuration ...................................................................... 2-37
Figure 2-8 VPWS Heterogeneous Function Configuration Instance ........................ 2-41
Figure 2-9 Typical Network Structure of Connecting Two CEs to Two PEs .............. 2-45
Figure 2-10

Connecting Two CEs to Two PEs in PWE3 Application ....................... 2-46

Figure 2-11 MC-ELAM Configuration Instance ........................................................ 2-49


Figure 2-12 Topology Structure of CES Services .................................................... 2-57
Figure 2-13 L2 VPN and L3 VPN Bridge Configuration Instance ............................. 2-62
Figure 2-14 L2VPN FRR Work Flow ....................................................................... 2-70
Figure 2-15 VPLS FRR Configuration Instance ....................................................... 2-73
Figure 2-16 VPWS FRR Configuration Instance...................................................... 2-76
Figure 2-17 Traffic Forwarding of MSPW ................................................................ 2-80
Figure 2-18 Establishment and Release of MSPW.................................................. 2-80
Figure 2-19 MSPW Configuration Instance ............................................................. 2-87
Figure 2-20 Work Flow of VPLS Crossing Several Domains (Option C) .................. 2-91
Figure 2-21 Configuration Instance of VPLS Crossing Several Domains (Option
C) ......................................................................................................... 2-93
Figure 2-22 Typical Network of Port Protection Group........................................... 2-101
Figure 2-23 Port Protection Group Configuration Network..................................... 2-104
Figure 2-24 PW Redundancy Dual-Homed Protection Group................................ 2-105
Figure 2-25 DNI-PW Network Topology ................................................................ 2-106
Figure 2-26 DNI-PW Operating StateSteady State (MC-LAG Loading
Sharing).............................................................................................. 2-107
Figure 2-27 DNI-PW Operating StatePW1 Fails (MC-LAG Loading
Sharing).............................................................................................. 2-108
Figure 2-28 DNI-PW Operating StatePW2 Fails During PW1 Recovery............. 2-108
Figure 2-29 DNI-PW Operating StatePW1 Fails During PW2 Recovery............. 2-109

I
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Figure 2-30 DNI-PW Operating StateAC1 Fails (MC-LAG Loading


Sharing).............................................................................................. 2-109
Figure 2-31 DNI-PW Operating StateAC1 and PW1 Fail ................................... 2-110
Figure 2-32 DNI-PW Operating StatePE2 Node Fails (MC-LAG Loading
Sharing).............................................................................................. 2-110
Figure 2-33 DNI-PW Operating StateSteady State (MC-LAG PW 1:1) ................2-111
Figure 2-34

DNI-PW Operating StatePW1 Fails (MC-LAG PW 1:1) .................. 2-112

Figure 2-35 DNI-PW Operating StateAC1 Fails (MC-LAG PW 1:1).................... 2-112


Figure 2-36 DNI-PW Operating StateAC1 and PW1 Fail (Transient
State).................................................................................................. 2-113
Figure 2-37 DNI-PW Operating StateAC1 and PW1 Fail (Steady State) ............ 2-113
Figure 2-38

DNI-PW Operating StatePE2 Node Fails (MC-LAG PW 1:1)........... 2-114

Figure 2-39 DNI-PW Protection Group Configuration Example ............................. 2-118


Figure 2-40 PW List Configuration Example.......................................................... 2-127
Figure 3-1 Running Static Route Protocol between CE and PE................................. 3-8
Figure 3-2 Running RIP between CE and PE.......................................................... 3-10
Figure 3-3 Running OSPF Protocol between CE and PE ........................................ 3-12
Figure 3-4 Configuration Example of IS-IS Between a CE and a PE ....................... 3-14
Figure 3-5 Running EBGP between CE and PE...................................................... 3-16
Figure 3-6 MPBGP Protocol Configuration.............................................................. 3-18
Figure 3-7 RR Configuration Instance Topology ...................................................... 3-20
Figure 3-8 MPLS L3VPN Basic Topology ................................................................ 3-22
Figure 3-9 Network Structure of MPLS L3VPN OSPF SHAM-LINK
Configuration ........................................................................................ 3-28
Figure 3-10 Network Structure of MPLS VPN Route Aggregation Configuration
Example ............................................................................................... 3-36
Figure 3-11 Flow of Adding a New Route ................................................................ 3-41
Figure 3-12 Flow of Adding a Dynamic Route ......................................................... 3-42
Figure 3-13 Network Structure of L3VPN Route Alarm Configuration
Instance................................................................................................ 3-43
Figure 3-14 Global Static Route Configuration Example.......................................... 3-50
Figure 3-15 L3VPN FRR Network Structure ............................................................ 3-55
Figure 3-16 Network Structure of L3VPN FRR Configuration Instance .................... 3-57
Figure 3-17 Network Structure for L3VPN Access Side FRR Configuration............. 3-63
Figure 3-18 LDP Load Sharing Principle ................................................................. 3-68
Figure 3-19 Principles of MPLS L3VPN MPBGP Load Sharing ............................... 3-69

II
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Figures

Figure 3-20 Configuration Instance of MPLS L3VPN Public Network LDP Load
Sharing ................................................................................................. 3-72
Figure 3-21 Configuration Instance of MPLS L3VPN VRF Load Sharing ................. 3-75
Figure 3-22 Network Structure of MPLS L3VPN MPBGP Load Sharing
Configuration Example.......................................................................... 3-78
Figure 3-23 Principles of MPLS L3VPN Crossing Several ASs (Option A)............... 3-83
Figure 3-24 Principles of MPLS L3VPN Crossing Several ASs (Option B)............... 3-85
Figure 3-25 Label Iteration Principles of MPLS L3VPN Crossing Several ASs
(Option C) ............................................................................................. 3-88
Figure 3-26 Label Distribution Principles of MPLS L3VPN Crossing Several ASs
(Option C) ............................................................................................. 3-88
Figure 3-27 Configuration Instance MPLS L3VPN Crossing Several ASs (Option
A).......................................................................................................... 3-90
Figure 3-28 Configuration Instance MPLS L3VPN Crossing Several ASs (Option
B).......................................................................................................... 3-95
Figure 3-29 Configuration Instance MPLS L3VPN Crossing Several ASs (Option
C, Using IBGP Between PE and ASBR).............................................. 3-102
Figure 3-30 Configuration Instance MPLS L3VPN Crossing Several ASs (Option
C, Using IGP Between PE and ASBR) ................................................ 3-108
Figure 3-31 Network Structure of VPN Per Label for MPLS L3VPN Configuration
Example ............................................................................................. 3-115
Figure 3-32 MPLS L3VPN GR Network Structure ................................................. 3-121
Figure 3-33 HoPE Architecture ............................................................................. 3-126
Figure 3-34 Network Architecture of a Single-Level HoPE Application .................. 3-127
Figure 3-35 Network Architecture of a Multilevel HoPE Application ....................... 3-127
Figure 3-36 Single-Level HoPE Network Structure................................................ 3-129
Figure 3-37 Multilevel HoPE Configuration Example ............................................. 3-141
Figure 3-38 Network Structure for BGP Update Group Configuration .................... 3-153
Figure 3-39 Network Structure for L3VPN Tunnel Policy Configuration ................. 3-158
Figure 3-40 Route Redistribution in a Network ...................................................... 3-164
Figure 3-41 VPN Operation Procedure in an AS ................................................... 3-165
Figure 3-42 VPN Operation Procedure Among ASs .............................................. 3-166
Figure 3-43 BGP Route-Target Route Configuration Example............................... 3-168
Figure 4-1 Multicast VPN Configuration Instance ...................................................... 4-4
Figure 5-1 GRE Encapsulation.................................................................................. 5-2
Figure 5-2 Basic IPv4 GRE Configuration Instance ................................................. 5-11
Figure 5-3 GRE 6in4 Configuration Instance ........................................................... 5-14

III
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

Figure 5-4 Network Structure for Basic IPv6 GRE Configuration ............................. 5-17

IV
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Tables
Table 3-1

MPLS L3VPN Basic Configuration Address Table................................... 3-23

Table 3-2 MPLS L3VPN OSPF SHAM-LINK Address Table .................................... 3-28
Table 3-3 MPLS VPN Interface Address Table ........................................................ 3-36

V
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Tables

This page intentionally left blank.

VI
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Glossary
AC
- Access Circuit
ATM
- Asynchronous Transfer Mode
BGP
- Border Gateway Protocol
BSC
- Base Station Controller
BSR
- Bootstrap Router
BTS
- Base Transceiver Station
CAS
- Channel Associated Signaling
CE
- Customer Edge
CPU
- Central Processing Unit
FR
- Frame Relay
FRR
- Fast Reroute
FTN
- Forwarded-To Number
GR
- Graceful Restart
GRE
- General Routing Encapsulation
HDLC
- High-level Data Link Control
IBGP
- Interior Border Gateway Protocol
ICCP
- Inter-Control Center Communications Protocol
VII
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

ILMI
- Interim Local Management Interface
IP
- Internet Protocol
IS-IS
- Intermediate System-to-Intermediate System
ISP
- Internet Service Provider
IT
- Information Technology
LAN
- Local Area Network
LDP
- Label Distribution Protocol
LMI
- Local Management Interface
LSP
- Label Switched Path
LSP
- Link State Packet
LSR
- Label Switch Router
MAC
- Media Access Control
MAN
- Metropolitan Area Network
MC-APS
- Multi-Chassis Automatic Protection Switching
MC-ELAM
- Multi-Chassis Ethernet Link Aggregation Manager
MPBGP
- Multi-Protocol Border Gateway Protocol
MPLS
- Multiprotocol Label Switching
MTU
- Maximum Transmission Unit
NSP
- Network Service Provider
VIII
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

Glossary

OAM
- Operation, Administration and Maintenance
OSPF
- Open Shortest Path First
PDU
- Protocol Data Unit
PE
- Provider Edge
PIM-SM
- Protocol Independent Multicast - Sparse Mode
PPP
- Point to Point Protocol
PW
- Pseudo Wire
PWE3
- Pseudo Wire Emulation Edge-to-Edge
RAN
- Radio Access Network
RD
- Route Distinguisher
RP
- Rendezvous Point
RR
- Router Reflector
SDH
- Synchronous Digital Hierarchy
TDM
- Time Division Multiplexing
TLV
- Type/Length/Value
UNI
- User Network Interface
VC
- Virtual Connection
VC
- Virtual Circuit
VCC
- Virtual Channel Connection
IX
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential

ZXR10 M6000-S Configuration Guide (VPN)

VCCV
- Virtual Circuit Connectivity Verification
VFI
- Virtual Forwarding Instance
VLAN
- Virtual Local Area Network
VPLS
- Virtual Private LAN Service
VPN
- Virtual Private Network
VPWS
- Virtual Private Wire Service
WAN
- Wide Area Network

X
SJ-20140731105308-013|2014-10-20 (R1.0)

ZTE Proprietary and Confidential