You are on page 1of 91

ZXR10 5900E Series

Easy-Maintenance MPLS Routing Switch


Configuration Guide (VPN)

Version: 3.00.11

ZTE CORPORATION
No. 55, Hi-tech Road South, ShenZhen, P.R.China
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
URL: http://support.zte.com.cn
E-mail: support@zte.com.cn
LEGAL INFORMATION
Copyright 2014 ZTE CORPORATION.
The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by
contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.
This document is provided as is, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.
ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.
Users may visit the ZTE technical support website http://support.zte.com.cn to inquire for related information.
The ultimate right to interpret this product resides in ZTE CORPORATION.

Revision History

Revision No. Revision Date Revision Reason

R1.0 20150310 First edition

Serial Number: SJ-20150114102049-016

Publishing Date: 2015-03-10 (R1.0)

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Contents
About This Manual ......................................................................................... I
Chapter 1 MPLS L3VPN Configuration..................................................... 1-1
1.1 MPLS VPN Basic Function Configuration............................................................. 1-1
1.1.1 MPLS L3VPN Overview............................................................................ 1-1
1.1.2 Configuring MPLS L3VPN......................................................................... 1-5
1.1.3 Maintaining MPLS VPN .......................................................................... 1-17
1.1.4 MPLS VPN Configuration Examples ........................................................ 1-18
1.2 MPLS VPN Route Aggregation Configuration..................................................... 1-35
1.2.1 MPLS VPN Route Aggregation Overview................................................. 1-35
1.2.2 Configuring MPLS VPN Route Aggregation.............................................. 1-36
1.2.3 Maintaining MPLS VPN Route Aggregation.............................................. 1-36
1.2.4 MPLS VPN Route Aggregation Configuration Example ............................. 1-37
1.3 VPN Route Restriction and Alarm...................................................................... 1-41
1.3.1 VPN Route Restriction and Alarm Overview ............................................. 1-41
1.3.2 Configuring VPN Route Restriction and Alarm.......................................... 1-41
1.3.3 Maintaining VPN Route Restriction and Alarm.......................................... 1-41
1.3.4 VPN Route Alarm Configuration Example ................................................ 1-43

Chapter 2 MPLS L2VPN Configuration..................................................... 2-1


2.1 MPLS L2VPN Basic Function Configuration ......................................................... 2-1
2.1.1 MPLS L2VPN Overview............................................................................ 2-1
2.1.2 Configuring MPLS L2VPN Services ........................................................... 2-3
2.1.3 Maintaining MPLS L2VPN Instances ......................................................... 2-5
2.2 VPLS Basic Function Configuration ..................................................................... 2-7
2.2.1 VPLS Overview........................................................................................ 2-7
2.2.2 Configuring a VPLS .................................................................................. 2-9
2.2.3 Maintaining VPLS Instances ....................................................................2-11
2.2.4 VPLS Configuration Example .................................................................. 2-17
2.3 VPWS Basic Function Configuration ................................................................. 2-20
2.3.1 VPWS Overview .................................................................................... 2-20
2.3.2 Configuring a VPWS............................................................................... 2-21
2.3.3 Maintaining VPWS Instances .................................................................. 2-23
2.3.4 VPWS Configuration Example................................................................. 2-28

Figures............................................................................................................. I

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Tables ............................................................................................................ III
Glossary .........................................................................................................V

II

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


About This Manual
Purpose
This manual is the ZXR10 5900E Series (V3.00.11) Easy-Maintenance MPLS Routing
Switch Configuration Guide (VPN), which is applicable to the ZXR10 5900E (V3.00.11)
series switches.

Intended Audience
This manual is intended for:

l Network planning engineer


l Debugging engineer
l Attendant

What Is in This Manual


This manual contains the following chapters:

Chapter 1, MPLS L3VPN Provides the overview and principles of MPLS L3VPN configuration,
Configuration related configuration and maintenance commands, and configuration
examples.

Chapter 2, MPLS L2VPN Provides the overview and principles of MPLS L2VPN configuration,
Configuration related configuration and maintenance commands, and configuration
examples.

Conventions
This manual uses the following typographical conventions:

Italics Variables in commands. It may also refer to other related manuals and documents.

Bold Menus, menu options, function names, input fields, option button names, check boxes,
drop-down lists, dialog box names, window names, parameters, and commands.

Constant Text that you type, program codes, filenames, directory names, and function names.
width

[] Optional parameters.

{} Mandatory parameters.

| Separates individual parameter in series of parameters.

Note: provides additional information about a certain topic.

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


This page intentionally left blank.

II

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1
MPLS L3VPN Configuration
Table of Contents
MPLS VPN Basic Function Configuration ...................................................................1-1
MPLS VPN Route Aggregation Configuration ...........................................................1-35
VPN Route Restriction and Alarm.............................................................................1-41

1.1 MPLS VPN Basic Function Configuration


1.1.1 MPLS L3VPN Overview
Introduction to MPLS L3VPN
MPLS L3 VPN is a kind of Internet Protocol (IP) Virtual Private Network (VPN) based on
MultiProtocol Label Switching (MPLS) technology. It is also called L3VPN, which applies
MPLS technology to routers and switches. MPLS VPN simplifies the route selection mode
of core switches, and it realizes IP virtual private network by means of the label switching
of conventional routing technology.
MPLS VPN can be used to construct broadband Intranet and Extranet, which can satisfy
the requirements of many services cleverly.
MPLS VPN can utilize the powerful transmission capability of a public backbone network
to reduce the construction costs of the Intranet, and greatly improve the operation and
management flexibility of user networks. Meanwhile, it meets the user requirements for
data transmission security, real time and broad band, convenience.
In an IP-based network, MPLS has many advantages,
1. Reduce cost
MPLS simplifies the integration technology of ATM and IP. It efficiently combines the
L2 and L3 technologies. Therefore, the cost is reduced and the investment is saved
at earlier stages.

2. Improve resource utilization rate


Since label switching is used in network, the IP addresses used by users in their Local
Area Networks (LAN) can be repeated. In this way, IP resource utilization rate is
improved.
3. Improve network speed

1-1

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Since label switching is used, the time for address search in each hop process is
shortened. In this way, the time of data transmission time is reduced in network, and
the network speed is improved.
4. Improve flexibility and expansibility
Since MPLS uses AnyToAny connection, the network flexibility and expansibility are
improved. With respect to the flexibility, special control policy can be customized to
meet special requirements of different users to realize value-added services. The
expansibility covers the following two points:
l More VPNs are contained by a network.
l Easy user expansion in the same VPN.
5. Convenience
MPLS is widely used in operator networks. It bring more convenience to enterprise
users establish global VPN.
6. Improve transmission security
MPLS serves as a channel mechanism to implement transparent packet transmission.
MPLS Link State Packet (LSP) have high reliability and security, similaring to frame
relay and Asynchronous Transfer Mode (ATM) Virtual Channel Connection (VCC).
7. Enhance service integration capability
A network can support the services integrating data, audio and video.
8. MPLS QoS guarantee
The related standards and drafts drawn byIETF for Border Gateway Protocol
(BGP)/MPLS VPN:
l RFC 4364, BGP/MPLS IP Virtual Private Networks
l RFC 4760, Multiprotocol Extensions for BGP-4
l RFC 2547, BGP/MPLS VPN
l Draft RFC 2547bis, BGP/MPLS VPN
l Request For Comments (RFC) 2283, multi-protocol extension BGP4

MPLS L3VPN Related Terms


A BGP/MPLS VPN network system covers the following network devices.
l PE

A PE refers to a router connected to a CE in a customer site in an operator network.


The PE router supports VPN and labeling function (the labeling function can be
provided by RSVP, LDP or Constraint based Routing Label Distribution Protocol
(CRLDP)).

In a single VPN, PE routers are connected by tunnel. The tunnel can be a MPLS LSP
tunnel or a LDP tunnel.
l Provider (P)

1-2

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

Here, "P" refers a router in the core of an operator network, which does not connect
to any router in any customer site, but is a part of MPLS L3 VPN tunnel. "P" supports
MPLS LSP or LDP function, but it does not need to support VPN.
l CE
CE refers to a router or switch connected to an operator network in a customer site.
Normally, IP router act as CE device.
VPN function is provided by PE routers, while P and CE routers do not have special
requirements for VPN configuration.

VPN-IPv4 Address and Route Distinguisher


Since L3 VPN may be connected to private networks through Internet and these private
networks can either use public or private addresses, the addresses used by different
private networks may be repeated when private networks use private addresses.
To avoid the repetition of private addresses, public addresses can be used by network
devices to replace private addresses. A solution is provided in RFC2547bis that uses an
existent private network ID to generate a definite new address.
The new address is a part of VPN-IPv4 address family, and it also is a BGP address family
of the MP-BGP protocol. In a VPN-IPv4 address, there is a value used to differentiate
different VPNs, called Route Distinguisher (RD).
The format of a VPN-IPv4 address is an eight-byte RD plus a four-byte IP address. RD is
the eight-byte value used for VPN differentiation. An RD consists of the following fields:
l Type field (two bytes): It determines the length of the other fields.
If the value of the type field is 0, Administrator (ADM) field covers two bytes and
the Assignment Number (AN) field covers four bytes.
If the value of the type field is 1, ADM field covers four bytes and the Assignment
Number (AN) domain covers two bytes.
If the value of the type field is 2, ADM field covers four bytes and the Assignment
Number (AN) domain covers two bytes.
l ADM field: It identifies an administration assignment number
If the type domain is 0, the administrator domain contains an Autonomous System
(AS) ID. RFC2547bis recommends a public AS ID allocated by Internet Assigned
Numbers Authority (IANA) be used (it is much better that the AS ID of the ISP or
customer itself is used).
If the value of the type field is 1, ADM field contains an IPv4 address. RFC2547bis
recommends to use switch IP address (this address is normally configured as
switch ID). Router IP address is a public address.
If the type domain is 2, the administrator domain contain four bytes Autonomous
System ID.
l AN field: The number assigned by a network operator

1-3

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

If the type field is 0, AN field covers four bytes.


If the type field is 1, AN field covers two bytes.
If the type field is 2, AN field covers two bytes.
The RD is only used between PEs and CEs to differentiate IPv4 addresses of different
VPNs. The ingress generates an RD and converts the received IPv4 route of the CE into
a VPN-IPv4 address. Before advertising the route to the CE, the egress PE converts the
VPN-IPv4 route into an IPv4 route.

MPLS VPN Principle


MPLS VPN adopts L3 technology. Every VPN has its own VPN-ID. Every VPN user can
only communicate with the members belonging to the same VPN, and only VPN members
can enter the VPN.
In MPLS VPN, the service provider (SP) allocates a RD to every VPN. The RD is unique
in SP network.
Forwarding table contains a unique address, called VPN-IP address, which is formed
through the connection of the RD and user IP address. The VPN-IP address is unique
in the network. The address table is stored in the forwarding table.

BGP is a routing information distribution protocol, which uses multi-protocol extension


and common attributes to define VPN connectivity. In MPLS VPN, BGP only advertises
messages to the members in the same VPN, and provides basic security by means of
traffic split.
Data is forwarded by using LSP. The LSP defines a special path that cannot be changed,
to guarantee the security. Such a label-based mode can provide confidentiality like frame
relay and ATM. The SP associates a special VPN to an interface, and packet forwarding
is decided by ingress labels.
VPN forwarding table contains a label that corresponds to the VPN-IP address. The label
is used to send data to the corresponding destination. Since the label replaces the IP
address, user can keep its own address structure. The data can be transmitted without
Network Address Translation (NAT). According to the data ingress, the corresponding
switch will select a special VPN forwarding table that only contains a valid destination
address in VPN. Router selects a specified VPN forwarding table according to the ingress.
The VPN forwarding table contains the valid destination addresses only.

CE advertises routing information on the user's network to the PE by means of static route,
default route, routing protocols RIP, OSPF, IS-IS or BGP.

CE sends the routing information to PE by static route, default router or routing protocol,
such as Routing Information Protocol (RIP), Open Shortest Path First (OSPF) and
Intermediate System-to-Intermediate System (IS-IS).
Meanwhile extended multi-protocol BGP is used between PEs to transmit VPN-IP
information and the corresponding labels (VPN label, called inner label hereinafter).

1-4

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

The conventional IGP is used between PE and P to learn the routing information, and the
LDP is used to bind the routing information to label (a label on the backbone network,
called outer label hereinafter).
In this way, the basic network topology and routing information among CE, PE and P are
already formed. Thus, the PE has the routing information of backbone network and every
VPN.
When CE user data belonging to some VPN enters the network, the system can identify to
which VPN the CE belongs on the interface of CE that connects to PE, and will further read
the next-hop address information in the routing table of the VPN. In addition, the forwarded
packets will be marked with a VPN label (inner label). In this case, the obtained next-hop
address is the address of a PE that is the peer of this PE.

To reach the destination PE, routing information of backbone network is read from the
source PE , thus to obtain the address of the next P switch. Meanwhile, the forwarded
user packets are marked with a backbone network label (outer label).
In backbone network, all the P routers locating behind the source PE read the outer label
to determine the next hop. Therefore, the simple label switching is performed in backbone
network only.
When the packet reaches the last P switch before arriving at the destination PE, the outer
label will be removed. After the packet reaches the destination PE, the PE will read the
inner label, find the next-hop CE in the corresponding Virtual Routing Forwarding (VRF)
and send the packet to the related interface, and then transmit the packet to the CE network
of the VPN.

1.1.2 Configuring MPLS L3VPN


Creating VRF on PE
A VRF is created for each VPN on PE. VRF only saves the route information related to
this VPN. VPN is independent, which has its own interface, routing and label tables, route
protocol and so on.
To create VRF on ZXR10 5900E , perform the following steps.

Step Command Function

1 ZXR10(config)#ip vrf < vrf-name> This configures a VPN instance.

2 ZXR10(config-vrf-vrf-name)#rd <route-distinguisher> This defines VRF RD.

3 ZXR10(config-vrf-vrf-name)#address-family {ipv4|ipv6} This activates IPv4 or IPv6


address family.

4 ZXR10(config-vrf-vrf-name-af-ipv4)#route-target [ This creates route-target


import | export | both]<extended-community> extension community attribute
ZXR10(config-vrf-vrf-name-af-ipv6)#route-target [ relating to VRF.
import | export | both]<extended-community>

1-5

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Step Command Function

5 ZXR10(config)#interface < interface-name> This enters interface


configuration mode.

6 ZXR10(config-if-interface-name)#ip vrf forwarding < This associates interface to


vrf-name> VRF.
Delete the existent IP address
of the interface before using
this command.

7 ZXR10(config-if-interface-name)#ip address < This configures interface


ip-address>< netmask> address.

Descriptions of the parameters used by step 1, 2, 3 and 4 are shown below.

Parameter Description

<vrf-name> VRF name, 1-32 characters. The name is only valid locally, which
is used for binding an interface to the VPN.

<route-distinguisher> VRF RD, there are three formats, <1-65535>:<0-4294967295> or


A.B.C.D:<0-65535> or <1-65535>.<0-65535>:<0-65535>.

{ipv4|ipv6} Activate IPv4 or IPv6 address family.

import Import the route to VRF according to route-target extension


community attribute

export Export the VRF route with route-target extension community


attribute

both It is equal to enable import and export at the same time.

<extended-community> The route-target extension community attribute, there are three


formats, <1-65535 >:<0-4294967295 >or A.B.C.D:<0-65535> or
<1-65535>.<0-65535>:<0-65535>

Configuring Static Route Protocol Between CE and PE


In order to run static route protocol between CE and PE, a static route pointing to CE needs
to be configured on PE, and the static route needs to be distributed to BGP.
To run static route protocol between CE and PE, perform the following steps on ZXR10
5900E.

Step Command Function

1 ZXR10(config)#ip route vrf {mng |<vrf-name>}<prefix><net- This configures a static route


mask>{<forwarding-router's-addres>[global]|<interface-name pointing to CE on PE.
>[<forwarding-router's-address>]}[<distance-metric>][metric It is required to specify a VRF to
<metric-value>][tag <tag-value>][bfd enable][track which this static route belongs.
<track-name>][name <description-name>]

1-6

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

Step Command Function

2 ZXR10(config)#router bgp < as-number> This enters BGP route


configuration mode.

3 ZXR10(config-bgp)#address-family ipv4 vrf < vrf-name> This enters VRF address family
configuration mode.

4 ZXR10(config-bgp-af-ipv4-vrf)#redistribute static This redistributes the static


route.

Configuration Example
As shown in Figure 1-1, run static route between CE1 and PE1.

Figure 1-1 Running Static Route Protocol between CE and PE

Configure static route on CE1 and PE1 respectively.


CE1 configuration,
CE1(config)#interface vlan1
CE1(config-if-vlan1)#ip address 10.1.0.1 255.255.255.252
CE1(config-if-vlan1)#exit
CE1(config)#interface vlan2
CE1(config-if-vlan2)#ip address 10.1.1.254 255.255.255.0
CE1(config-if-vlan2)#exit
CE1(config)#ip route 10.2.0.0 255.255.0.0 10.1.0.2

PE1 configuration,
PE1(config)#ip route vrf vpn_a 10.1.0.0 255.255.0.0 10.1.0.1
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn_a

1-7

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

PE1(config-bgp-af-ipv4-vrf)#redistribute static
PE1(config-bgp-af-ipv4-vrf)#exit

Configuring RIP Protocol Between CE and PE


To run RIP between CE and PE, perform the following steps on ZXR10 5900E.

Step Command Function

1 ZXR10(config)#router rip This enters RIP configuration mode.

2 ZXR10(config)#version 2 This configures RIPv2.

3 ZXR10(config-rip)#address-family ipv4 vrf < This enters VRF address family


vrf-name> configuration mode.

ZXR10(config-rip-af)#no auto-summary This disables auto summary function.

ZXR10(config-rip-af)#version 2 This configures RIPv2.

ZXR10(config-rip-af)#network This advertises direct-connected network


<network-number><wild-card> segment to RIP.

ZXR10(config-rip-af)#redistribute connected This redistributes direct-connected route


to RIP.

ZXR10(config-rip-af)#redistribute bgp-int This redistributes bgp-int to RIP.

4 ZXR10(config)#router bgp < as-number> This enters BGP route configuration mode.

5 ZXR10(config-bgp)#address-family ipv4 vrf < This enters VRF address family


vrf-name> configuration mode.

ZXR10(config-bgp-af-ipv4-vrf)#redistribute This redistributes RIP route.


rip

Configuration Example
As shown in Figure 1-2, run RIP between CE1 and PE1.

1-8

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

Figure 1-2 Running RIP between CE and PE

Run RIP protocol on CE1 and PE1 respectively. Make sure that PE1 and CE1 can
distribute route to each other.
CE 1 configuration,
CE1(config)#router rip
CE1(config)#no auto-summary
CE1(config-rip)#version 2
CE1(config-rip)#network 10.1.0.0 0.0.0.3
CE1(config-rip)#redistribute connected
CE1(config-rip)#exit

PE1 configuration,
PE1(config)#router rip
PE1(config-rip)#version 2
PE1(config-rip)#address-family ipv4 vrf vpn_a
PE1(config-rip-af)#no auto-summary
PE1(config-rip-af)#version 2
PE1(config-rip-af)#network 10.1.0.0 0.0.0.3
PE1(config-rip-af)#redistribute bgp-int
PE1(config-rip-af)#exit
PE1(config-rip)#exit
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn_a
PE1(config-bgp-af-ipv4-vrf)#redistribute rip
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#exit

1-9

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Configuring OSPF between CE and PE


To run OSPF between CE and PE, perform the following steps on ZXR10 5900E.

Step Command Function

1 ZXR10(config)#router ospf < process-id>[ vrf < vrf-name>] This enters OSPF VRF
configuration mode.

2 ZXR10(config-ospf-process-id)#network<network-numb This designates the interfaces


er><wild-card> area < area-id> to run OSPF and defines
area-ID to these interfaces.

3 ZXR10(config-ospf-process-id)#redistribute bgp-int This redistributes bgp-int route.

4 ZXR10(config)#router bgp < as-number> This enters BGP route


configuration mode.

5 ZXR10(config-bgp)#address-family ipv4 vrf < vrf-name> This enters VRF address family
configuration mode.

6 ZXR10(config-bgp-af-ipv4-vrf)#redistribute { ospf-int | This redistributes OSPF route.


ospf-ext}< process-id>

Configuration Example
As shown in Figure 1-3, enable the OSPF protocol on both CE1 and PE1 to distribute
routing information mutually.

Figure 1-3 Enabling the OSPF Protocol on CE and PE Devices

Run the following commands on CE1:


CE1(config)#router ospf 1
CE1(config-ospf-1)#network 10.1.0.0 0.0.0.3 area 0.0.0.0
CE1(config-ospf-1)#network 10.1.1.0 0.0.0.255 area 0.0.0.0

1-10

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

Run the following commands on PE1:


PE1(config)#router ospf 2 vrf vpn_a
PE1(config-ospf-2)#network 10.1.0.0 0.0.0.3 area 0.0.0.0
PE1(config-ospf-2)#redistribute bgp-int
PE1(config-ospf-2)#exit
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn_a
PE1(config-bgp-af-ipv4-vrf)#redistribute ospf-int
PE1(config-bgp-af-ipv4-vrf)#redistribute connected

Use similar methods to configure PE2 and CE2 and then verify the configuration.
Checking the routing information on CE1:
CE1#show ip forwarding route ospf
IPv4 Routing Table:
status codes: *valid, >best
Dest Gw Interface Owner Pri Metric
10.2.0.0/30 10.1.0.2 vlan1 ospf 110 1
10.2.1.0/24 10.1.0.2 vlan2 ospf 110 1

CE1 learns the route of CE2 through the OSPF protocol.


Checking the routing information on CE2:
CE2#show ip forwarding route ospf
IPv4 Routing Table:
status codes: *valid, >best
Dest Gw Interface Owner Pri Metric
10.1.0.0/30 10.2.0.2 vlan1 ospf 110 1
10.1.1.0/24 10.2.0.2 vlan2 ospf 110 1

CE2 learns the route of CE1 through the OSPF protocol.


On CE1, ping the local area network where the CE2 is connected to:
CE1#ping 10.2.1.1
sending 5,100-byte ICMP echos to 10.2.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 0/0/10 ms.

On CE2, ping the local area network where the CE1 is connected to:
CE2#ping 10.1.1.1
sending 5,100-byte ICMP echos to 10.1.1.1,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 0/0/10 ms.

Configuring EBGP between CE and PE


To configure EBGP between a CE and a PE, perform the following steps on ZXR10 5900E.

1-11

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Step Command Function

1 ZXR10(config)#router bgp < as-number> This enters into BGP route


configuration mode.

2 ZXR10(config-bgp)#address-family ipv4 vrf < vrf-name> This enters into the


corresponding VRF address
family configuration mode.

3 ZXR10(config-bgp-af-ipv4-vrf)#neighbor < ip-address> This configures an EBGP


remote-as <as-number> neighbor or AS number of a
neighbor peers.

Configuration Example
As shown in Figure 1-4, run EBGP between CE1 and PE1.

Figure 1-4 Running EBGP between CE and PE

Configure BGP on CE1 and PE1 respectively. Make sure that CE1 and PE1 can distribute
route to each other.
CE1 configuration,
CE1(config)#router bgp 65001
CE1(config-bgp)#neighbor 10.1.0.2 remote-as 100
CE1(config-bgp)#neighbor 10.1.0.2 ebgp-multihop
CE1(config-bgp)#neighbor 10.1.0.2 activate
CE1(config-bgp)#redistribute connected
CE1(config-bgp)#exit

PE1 configuration,
PE1(config)#router bgp 100

1-12

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

PE1(config-bgp)#address-family ipv4 vrf vpn_a


PE1(config-bgp-af-ipv4-vrf)#neighbor 10.1.0.1 remote-as 65001
PE1(config-bgp-af-ipv4-vrf)#neighbor 10.1.0.1 ebgp-multihop
PE1(config-bgp-af-ipv4-vrf)#neighbor 10.1.0.1 activate
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#exit

Configuring MPBGP
To configure MPBGP, perform the following steps on ZXR10 5900E.

Step Command Function

1 ZXR10(config)#router bgp < as-number> This enters BGP configuration


mode

2 ZXR10(config-bgp)#neighbor <ip-address> remote-as This configures BGP neighbor.


<as-number>

3 ZXR10(config-bgp)#neighbor <ip-address> update-source This specifies update-source


loopback < number> IP address as its own loopback
address of MPBGP set link.

4 ZXR10(config-bgp)#address-family vpnv4 This enters VPNv4 address


family configuration mode.

5 ZXR10(config-bgp-af-vpnv4)#neighbor <ip-address> This activates vpnv4 ability of


activate neighbor.

Configuration Example
As shown in Figure 1-5, run MPBGP between PE1 and PE2.

Figure 1-5 MPBGP Protocol Configuration

1-13

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Caution!
Before perform the following configurations, make sure that PE1 and PE2 can be ping
each other by using their loopback addresses.

PE1 configuration,
PE1(config)#router bgp 100
PE1(config-bgp)#neighbor 1.1.1.3 remote-as 100
PE1(config-bgp)#neighbor 1.1.1.3 activate
PE1(config-bgp)#neighbor 1.1.1.3 update-source loopback1
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 1.1.1.3 activate
PE1(config-bgp-af-vpnv4)#exit

PE2 configuration,

PE2(config)#router bgp 100


PE2(config-bgp)#neighbor 1.1.1.1 remote-as 100
PE2(config-bgp)#neighbor 1.1.1.1 activate
PE2(config-bgp)#neighbor 1.1.1.1 update-source loopback1
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 1.1.1.1 activate
PE2(config-bgp-af-vpnv4)#exit

MPLS VPN Advanced Function Configuration


1. Configuring AS Override
When BGP runs between PE and CE, users want to reuse AS number in different sites.
To provide the connective between CE1 and CE2, a new method called AS override
is adopted. After AS override is configured on PE, but before PE sends route update
packets to CE, PE will replace the AS number of each directly connectd CE device in
the entity AS_PATH by its own AS number. The length of AS_PATH is still kept when
AS override is configured.
To configure AS override, perform the following steps on ZXR10 5900E.

Step Command Function

1 ZXR10(config)#router bgp <as-number> This enters BGP route


configuration mode.

2 ZXR10(config-bgp)#address-family ipv4 vrf < vrf-name> This enters IPv4 VRF address
family configuration mode.

1-14

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

Step Command Function

3 ZXR10(config-bgp-af-ipv4-vrf)#neighbor This configures PE to replace


<neighbor-address> as-override the AS number of each
direct-connected CE device
by its own AS number in the
entity AS_PATH.

2. Configure Export Map and Import Map


The meanings of Export Map and Import Map are described below,

l Import Map
VRF can save its concerned route prefix by means of import map.
l Export map

The export map is used to configure different RTs to route prefix. Different VRFs
can selective accept the prefixes with different RTs.
To configure export and import map, perform the following steps on ZXR10 5900E.

Step Command Function

1 ZXR10(config)#ip vrf <vrf-name> This configures a VPN instance and enters


VPN instance configuration mode.

2 ZXR10(config-vrf-vrf-name)#address-fa This acticates IPv4 or IPv6 address family.


mily {ipv4|ipv6}

3 ZXR10(config-vrf-vrf-name-af-ipv4)#e This configures VRF-related export map.


xport map < route-map-name> The name of route map ranges from 1 to
32 characters.

ZXR10(config-vrf-vrf-name-af-ipv4)#i This configures VRF-related import map.


mport map < route-map-name> The name of route map ranges from 1 to
32 characters.

Configuration Example

As shown in Figure 1-6. P acts as router reflector (RR), the loopback1 address of PE1
is 61.139.36.34/32, the loopback2 address of PE2 is 61.139.36.35/32, and the loopback1
address of P is 61.139.36.31/32.

Figure 1-6 RR Configuration Example Topology

l Configuration Requirements

1-15

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Make sure that PE1 and PE2 can learn loopback addresses between each other.
PE1 and PE2 establish LDP neighborhood with RR respectively.
RR establishes MP-IBGP neighborhood with PE1 and PE2 respectively. PE1
and PE2 are RR clients, their Loopback addresses are used to set up BGP
connection.
A VRF called ok is configured on PE1 and PE2. The RD is 1:1, and the RT is 1:1.
RR establishes MP-IBGP neighborhood with PE1 and PE2 respectively. PE1 and
PE2 are RR clients. Bind loopback IP addresses on PE1 and PE2 respectively. Make
sure that PE1 and PE2 can learn route between each other.
l Configuration Process
RR (P)configuration,
P(config)#router bgp 65190
P(config-bgp)#no bgp default route-target filter
P(config-bgp)#neighbor 61.139.36.34 remote-as 65190
P(config-bgp)#neighbor 61.139.36.34 update-source loopback1
P(config-bgp)#neighbor 61.139.36.35 remote-as 65190
P(config-bgp)#neighbor 61.139.36.35 update-source loopback1
P(config-bgp)#address-family vpnv4
P(config-bgp-af-vpnv4)#neighbor 61.139.36.34 activate
P(config-bgp-af-vpnv4)#neighbor 61.139.36.35 activate
P(config-bgp-af-vpnv4)#neighbor 61.139.36.34 route-reflector-client
P(config-bgp-af-vpnv4)#neighbor 61.139.36.35 route-reflector-client

PE1 configuration,
PE1(config)#ip vrf ok
PE1(config-vrf-ok)#rd 1:1
PE1(config-vrf-ok)#address-family ipv4
PE1(config-vrf-ok-af-ipv4)#route-target 1:1
PE1(config-vrf-ok-af-ipv4)#exit
PE1(config-vrf-ok)#exit
PE1(config)#router bgp 65190
PE1(config-bgp)#neighbor 61.139.36.31 remote-as 65190
PE1(config-bgp)#neighbor 61.139.36.31 update-source loopback1
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 61.139.36.31 activate
PE1(config-bgp-af-vpnv4)#exit
PE1(config-bgp)#exit
PE1(config)#interface loopback10
PE1(config-if-loopback10)#ip vrf forwarding ok
PE1(config-if-loopback10)#ip address 10.10.10.10 255.255.0.0
PE1(config-if-loopback10)#exit
PE1(config)#router bgp 65190
PE1(config-bgp)#address-family ipv4 vrf ok

1-16

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

PE1(config-bgp-af-ipv4-vrf)#redistribute connected

PE2 configuration,
PE2(config)#ip vrf ok
PE2(config-vrf-ok)#rd 1:1
PE2(config-vrf-ok)#address-family ipv4
PE2(config-vrf-ok-af-ipv4)#route-target 1:1
PE2(config-vrf-ok-af-ipv4)#exit
PE2(config-vrf-ok)#exit
PE2(config)#router bgp 65190
PE2(config-bgp)#neighbor 61.139.36.31 remote-as 65190
PE2(config-bgp)#neighbor 61.139.36.31 update-source loopback1
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 61.139.36.31 active
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#exit
PE2(config)#interface loopback20
PE2(config-if-loopback20)#ip vrf forwarding ok
PE2(config-if-loopback20)#ip address 20.20.20.20 255.255.0.0
PE2(config-if-loopback20)#exit
PE2(config)#router bgp 65190
PE2(config-bgp)#address-family ipv4 vrf ok
PE2(config-bgp-af-ipv4-vrf)#redistribute connected
l Configuration Check
View the route learning from PE2 on PE1,
PE1#show ip protocol routing vrf ok
Routes of vpn:
status codes: *valid, >best, s-stale

Dest NextHop Intag Outtag RtPrf Protocol


*>20.20.0.0/16 20.1.2.2 163898 34 200 bgp-int

View the route learning from PE1 on PE2,


PE2#show ip protocol routing vrf ok
Routes of vpn:
status codes: *valid, >best, s-stale

Dest NextHop Intag Outtag RtPrf Protocol


*>10.10.0.0/16 30.1.2.1 164963 163863 200 bgp-int

1.1.3 Maintaining MPLS VPN


To maintain MPLS VPN, use the following commands on ZXR10 5900E.

1-17

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Command Function

ZXR10#ping [ vrf < vrf-name>]< ip-address> This inspects network connectivity.

ZXR10#show ip vrf [[[ brief | detail ][< vrf-name>]]| summary] This shows VRF information.

ZXR10#show ip protocol routing vrf <vrf-name>[network This shows VRF routing table.
<ip-address>[mask <net-mask>]]

1.1.4 MPLS VPN Configuration Examples


1.1.4.1 MPLS L3VPN Configuration

Configuration Description
As shown in Figure 1-7, CE1 and CE2 belong to the same VPN. The loopback address of
CE1 is 100.1.1.1/24, and that of CE2 is 200.1.1.1/24.
Make sure that CE1 and CE2 can learn the loopback routes between each other by using
OSPF. The BGP runs between CE1 and PE1, while the OSPF runs between CE2 and PE2.
CE1 and CE2 can learn the routes from each other, and the ping is successful between
them.

Figure 1-7 MPLS L3VPN Basic Configuration Example Topology

The interface addresses are listed in Table 1-1.

Table 1-1 MPLS VPN Basic Configuration Address Table

Device Interface Name Address

CE1 gei-0/1/1/1 (vlan1) 10.1.1.2/24

PE1 gei-0/1/1/2 (vlan1) 10.1.1.1/24

gei-0/1/1/3 (vlan2) 10.10.12.1/24

1-18

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

Device Interface Name Address

P gei-0/1/1/4 (vlan2) 10.10.12.2/24

gei-0/1/1/5 (vlan3) 10.10.23.2/24

PE2 gei-0/1/1/6 (vlan3) 10.10.23.3/24

gei-0/1/1/7 (vlan4) 10.10.10.1/24

CE2 gei-0/1/1/8 (vlan4) 10.10.10.2/24

Configuration Thought
1. Configure the IP addresses of loopback1 and physical interface on CE1. Establish
EBGP neighborhood between CE1 and PE1. Advertise the loopback address in BGP.
2. Configure the IP addresses of loopback 1 and vlan2 on PE1. Configure a VRF
called test1. Bind the interface vlan1 to the test 1 and configure IP address.
Configure OSPF and advertise the network segment 10.10.0.0/16 in OSPF. Establish
MPBGP neighborhood between PE1 and PE2, and enable VPNv4. Establish EBGP
neighborhood between PE1 and CE1. Enable LDP on the interface vlan2.
3. Configure the IP addresses of vlan2 and vlan3 on P. Configure OSPF and advertise
the network segment 10.10.0.0/16 in OSPF. Enable LDP on the interfaces vlan2 and
vlan3.
4. Configure the IP addresses of loopback 1 and vlan3. Configure a VRF called test1.
Bind the interface vlan4 to the test1 and configure IP address. Configure OSPF and
advertise the network segment 10.10.0.0/16 in OSPF. Establish MPBGP neighborhood
between PE1 and PE2, and enable VPNv4. Establish OSPF neighborhood between
CE2 and PE2. Enable LDP on the interface vlan3.
5. Configure the IP addresses of loopback1 and vlan4. Configure OSPF and advertise
the network segments 10.10.10.2 and loopback200.1.1.1 in OSPF.

Configuration Commands
CE1 configuration,
CE1(config)#interface loopback1
CE1(config-if-loopback1)#ip address 100.1.1.1 255.255.255.0
CE1(config-if-loopback1)#exit
CE1(config)#interface vlan1
CE1(config-if-vlan1)#ip address 10.1.1.2 255.255.255.0
CE1(config-if-vlan1)#exit
CE1(config)#router bgp 200
CE1(config-bgp)#network 100.1.1.0 255.255.255.0
CE1(config-bgp)#neighbor 10.1.1.1 remote-as 100

PE1 configuration,
PE1(config)#ip vrf test1
PE1(config-vrf-test1)#rd 100:1
PE1(config-vrf-test1)#address-family ipv4

1-19

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

PE1(config-vrf-test1-af-ipv4)#route-target import 100:1


PE1(config-vrf-test1-af-ipv4)#route-target export 100:1
PE1(config-vrf-test1-af-ipv4)#exit
PE1(config-vrf-test1)#exit
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 10.10.1.1 255.255.255.255
PE1(config-if-loopback1)#exit
PE1(config)#interface vlan2
PE1(config-if-vlan2)#ip address 10.10.12.1 255.255.255.0
PE1(config-if- vlan2)exit
PE1(config)#mpls ldp instance 1
PE1(config-ldp-1)#route-id loopback1
PE1(config-ldp-1)#interface vlan2
PE1(config-ldp-1-if-vlan2)#exit
PE1(config-ldp-1)#exit
PE1(config)#mpls interface vlan1
PE1(config)#interface vlan1
PE1(config-if- vlan1)#ip vrf forwarding test1
PE1(config-if- vlan1)#ip address 10.1.1.1 255.255.255.0
PE1(config-if-vlan1)#exit
PE1(config)#router ospf 1
PE1(config-ospf-1)#router-id 10.10.1.1
PE1(config-ospf-1)#network 10.10.0.0 0.0.255.255 area 0.0.0.0
PE1(config-ospf-1)#exit
PE1(config)#router bgp 100
PE1(config-bgp)#neighbor 10.10.3.3 remote-as 100
PE1(config-bgp)#neighbor 10.10.3.3 update-source loopback1
PE1(config-bgp)#address-family ipv4 vrf test1
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#neighbor 10.1.1.2 remote-as 200
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 10.10.3.3 activate
PE1(config-bgp-af-vpnv4)#exit
PE1(config-bgp)#exit

P configuration,
P(config)#interface vlan2
P(config-if-vlan2)#ip address 10.10.12.2 255.255.255.0
P(config-if-vlan2)#exit
P(config)#mpls ldp instance 1
P(config-ldp-1)#interface vlan2
P(config-ldp-1-if-vlan2)#exit
P(config-ldp-1)#exit
P(config)#mpls interface vlan2

1-20

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

P(config)#mpls interface vlan3


P(config)#interface vlan3
P(config-if-vlan3)#ip address 10.10.23.2 255.255.255.0
P(config-if-vlan3)#exit
P(config)#mpls ldp instance 1
P(config-ldp-1)#interface vlan3
P(config-ldp-1-if-vlan3)#exit
P(config-ldp)#exit
P(config)#interface loopback1
P(config-if-loopback1)#ip address 10.10.2.2 255.255.255.255
P(config-if-loopback1)#exit
P(config)#router ospf 1
P(config-ospf-1)#network 10.10.0.0 0.0.255.255 area 0.0.0.0
P(config-ospf-1)#exit
P(config)#mpls ldp instance 1
P(config-ldp-1)#router-id loopback1

PE2 configuration (Here, PE2 connects to CE2 by Ethernet sub-interface),


PE2(config)#ip vrf test1
PE2(config-vrf-test1)#rd 100:1
PE2(config-vrf-test1)#address-family ipv4
PE2(config-vrf-test1-af-ipv4)#route-target import 100:1
PE2(config-vrf-test1-af-ipv4)#route-target export 100:1
PE2(config-vrf-test1-af-ipv4)#exit
PE2(config-vrf-test1)#exit
PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 10.10.3.3 255.255.255.255
PE2(config-if-loopback1)#exit
PE2(config)#interface vlan3
PE2(config-if-vlan3)#ip address 10.10.23.3 255.255.255.0
PE2(config-if-vlan3)#exit
PE2(config)#mpls ldp instance 1
PE2(config-ldp-1)#interface vlan3
PE2(config-ldp-1-if-vlan3)#exit
PE2(config-ldp-1)#exit
PE2(config)#mpls interface vlan3
PE2(config)#interface vlan4
PE2(config-if-vlan4)#ip vrf forwarding test1
PE2(config-if-vlan4)#ip address 10.10.10.1 255.255.255.0
PE2(config-if-vlan4)#exit
PE2(config)#router ospf 1
PE2(config-ospf-1)#network 10.10.0.0 0.0.255.255 area 0.0.0.0
PE2(config-ospf-1)#exit
PE2(config)#router ospf 2 vrf test1
PE2(config-ospf-2)#network 10.10.10.1 0.0.0.0 area 0.0.0.0

1-21

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

PE2(config-ospf-2)#redistribute bgp-int
PE2(config-ospf-2)#exit
PE2(config)#router bgp 100
PE2(config-bgp)#neighbor 10.10.1.1 remote-as 100
PE2(config-bgp)#neighbor 10.10.1.1 update-source loopback1
PE2(config-bgp)#address-family ipv4 vrf test1
PE2(config-bgp-af-ipv4-vrf)#redistribute ospf-int2
PE2(config-bgp-af-ipv4-vrf)#redistribute connected
PE2(config-bgp-af-ipv4-vrf)#exit
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 10.10.1.1 activate
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#exit
PE2(config)#mpls ldp instance 1
PE2(config-ldp)#router-id loopback1

CE2 configuration,
CE2(config)#interface loopback1
CE2(config-if-loopback1)#ip address 200.1.1.1 255.255.255.0
CE2(config-if-loopback1)#exit
CE2(config)#interface vlan4
CE2(config-if-vlan4)#ip address 10.10.10.2 255.255.255.0
CE2(config-if-vlan4)#exit
CE2(config)#router ospf 1
CE2(config-ospf-1)#network 10.10.10.2 0.0.0.0 area 0
CE2(config-ospf-1)#network 200.1.1.1 0.0.0.0 area 0

Configuration Verification
View the EBGP connection running between CE1 and PE1,
ZXR10#show bgp vpnv4 unicast vrf vpn1 summary
Neighbor Ver As MsgRcvd MsgSend Up/Down State/PfxRcd
10.1.1.1 4 100 0 12 00:00:09 0

View the routing table of CE1. Here, the BGP route is the VPN route learnt by CE1.
ZXR10#show ip forwarding route
IPv4 Routing Table:
Dest Gw Interface Owner Pri Metric
10.1.1.0/24 10.1.1.2 vlan1 DIRECT 0 0
10.1.1.0/32 10.1.1.0 vlan1 MARTIAN 0 0
10.1.1.2/32 10.1.1.2 vlan1 ADDRESS 0 0
10.1.1.255/32 10.1.1.255 vlan1 BROADCAST 0 0
100.1.1.0/24 100.1.1.1 loopback1 DIRECT 0 0
100.1.1.0/32 100.1.1.0 loopback1 MARTIAN 0 0
100.1.1.1/32 100.1.1.1 loopback1 ADDRESS 0 0
100.1.1.255/32 100.1.1.255 loopback1 BROADCAST 0 0

1-22

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

200.1.1.0/24 10.1.1.1 vlan1 BGP 20 0

1.1.4.2 MPLS VPN OSPF SHAM-LINK Configuration

Configuration Description
As shown in Figure 1-8, CE1 and CE2 belong to the same VPN. The loopback address of
CE1 is 100.1.1.1/24, and that of CE2 is 200.1.1.1/24.
Make sure that CE1 and CE2 can learn the loopback routes from each other through the
sham-link running between PE1 and PE2. CE1 and PE1 run OSPF VRF. CE2 and PE2
run OSPF VRF.

Figure 1-8 MPLS VPN OSPF SHAM-LINK Configuration Example Topology

The interface addresses are listed in Table 1-2.

Table 1-2 MPLS VPN OSPF SHAM-LINK Address Table

Device Interface Name Address

CE1 gei-0/1/1/1 (vlan1) 10.1.1.2/24

gei-0/1/1/9 (vlan5) 20.1.1.2/24

PE1 gei-0/1/1/2 (vlan1) 10.1.1.1/24

gei-0/1/1/3 (vlan2) 10.10.12.1/24

P gei-0/1/1/4 (vlan2) 10.10.12.2/24

gei-0/1/1/5 (vlan3) 10.10.23.2/24

PE2 gei-0/1/1/6 (vlan3) 10.10.23.3/24

gei-0/1/1/7 (vlan4) 10.10.10.1/24

CE2 gei-0/1/1/8 (vlan4) 10.10.10.2/24

gei-0/1/1/10 (vlan5) 20.1.1.1/24

1-23

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Configuration Thought
1. Configure the IP addresses of loopback and physical interfaces on CE1. Configure
OSPF route.
2. Advertise the loopback interface IP address and the direct-connected network
segment in OSPF.
3. Set up SHAM-LINK.

Configuration Commands
CE1 configuration,
CE1(config)#interface loopback1
CE1(config-if-loopback1)#ip address 100.1.1.1 255.255.255.0
CE1(config-if-loopback1)#exit
CE1(config)#interface vlan1
CE1(config-if-vlan1)#ip address 10.1.1.2 255.255.255.0
CE1(config-if-vlan1)#exit
CE1(config)#interface vlan5
CE1(config-if-vlan5)#ip address 20.1.1.2 255.255.255.0
CE1(config-if-vlan5)#exit
CE1(config)#router ospf 1
CE1(config-ospf-1)#network 10.1.1.0 0.0.0.255 area 0
CE1(config-ospf-1)#network 20.1.1.0 0.0.0.255 area 0
CE1(config-ospf-1)#network 100.1.1.1 0.0.0.0 area 0

PE1 configuration,
PE1(config)#ip vrf test1
PE1(config-vrf-tes t1)#rd 100:1
PE1(config-vrf-test1)#address-family ipv4
PE1(config-vrf-test1-af-ipv4)#route-target import 100:1
PE1(config-vrf-test1-af-ipv4)#route-target export 100:1
PE1(config-vrf-test1-af-ipv4)#exit
PE1(config-vrf-test1)#exit
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 10.10.1.1 255.255.255.255
PE1(config-if-loopback1)#exit
PE1(config)#interface vlan2
PE1(config-if-vlan2)#ip address 10.10.12.1 255.255.255.0
PE1(config-if-vlan2)#exit
PE1(config)#interface loopback64
PE1(config-if-loopback64)#ip vrf forwarding test1
PE1(config-if-loopback64)#ip address 64.64.64.1 255.255.255.255
PE1(config-if-loopback64)#exit
PE1(config)#mpls ldp instance 1
PE1(config-ldp-1)#interface vlan2
PE1(config-ldp-1-if-vlan2)#exit

1-24

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

PE1(config-ldp-1)#exit
PE1(config)#mpls interface vlan2
PE1(config)#interface vlan1
PE1(config-if-vlan1)#ip vrf forwarding test1
PE1(config-if-vlan1)#ip address 10.1.1.1 255.255.255.0
PE1(config-if-vlan1)#exit
PE1(config)#router ospf 1
PE1(config-ospf-1)#router-id 10.10.1.1
PE1(config-ospf-1)#network 10.0.0.0 0.255.255.255 area 0.0.0.0
PE1(config-ospf-1)#exit
PE1(config)#router bgp 100
PE1(config-bgp)#neighbor 10.10.3.3 remote-as 100
PE1(config-bgp)#neighbor 10.10.3.3 update-source loopback1
PE1(config-bgp)#address-family ipv4 vrf test1
PE1(config-bgp-af-ipv4-vrf)#redistribute connected
PE1(config-bgp-af-ipv4-vrf)#redistribute ospf-int100
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 10.10.3.3 activate
PE1(config-bgp-af-vpnv4)#exit
PE1(config-bgp)#exit
PE1(config)#router ospf 100 vrf test1
PE1(config-ospf-100)#network 10.1.1.0 0.0.0.255 area 0
PE1(config-ospf-100)#redistribute bgp-int
PE1(config-ospf-100)#area 0 sham-link 64.64.64.1 64.64.64.2
PE1(config-ospf-100)#exit
PE1(config)#mpls ldp instance 1
PE1(config-ldp-1)#router-id loopback1
PE1(config-ldp-1)#exit

P configuration,
P(config)#interface vlan2
P(config-if-vlan2)#ip address 10.10.12.2 255.255.255.0
P(config-if-vlan2)#exit
P(config)#mpls ldp instance 1
P(config-ldp-1)#interface vlan2
P(config-ldp-1-if-vlan2)#exit
P(config-ldp-1)#exit
P(config)#interface vlan3
P(config-if-vlan3)#ip address 10.10.23.2 255.255.255.0
P(config-if-vlan3)#exit
P(config)#mpls ldp instance 1
P(config-ldp-1)#interface vlan3
P(config-ldp-1-if-vlan3)#exit
P(config-ldp-1)#exit

1-25

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

P(config)#mpls interface vlan2


P(config)#mpls interface vlan3
P(config)#interface loopback1
P(config-if-loopback1)#ip address 10.10.2.2 255.255.255.255
P(config-if-loopback1)#exit
P(config)#router ospf 1
P(config-ospf-1)#network 10.0.0.0 0.255.255.255 area 0.0.0.0
P(config-ospf-1)#exit
P(config)#mpls ldp instance 1
P(config-ldp-1)#router-id loopback1

PE2 configuration (Here, PE2 connects to CE2 by Ethernet sub-interface),

PE2(config)#ip vrf test1


PE2(config-vrf-test1)#rd 100:1
PE2(config-vrf-test1)#address-family ipv4
PE2(config-vrf-test1-af-ipv4)#route-target import 100:1
PE2(config-vrf-test1-af-ipv4)#route-target export 100:1
PE2(config-vrf-test1-af-ipv4)#exit
PE2(config-vrf-test1)#exit
PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 10.10.3.3 255.255.255.255
PE2(config-if-loopback1)#exit
PE2(config)#interface vlan3
PE2(config-if-vlan3)#ip address 10.10.23.3 255.255.255.0
PE2(config-if-vlan3)#exit
PE2(config)#interface loopback64
PE2(config-if-loopback64)#ip vrf forwarding test1
PE2(config-if-loopback64)#ip address 64.64.64.2 255.255.255.255
PE2(config-if-loopback64)#exit
PE2(config)#mpls ldp instance 1
PE2(config-ldp-1)#interface vlan3
PE2(config-ldp-1-if-vlan3)#exit
PE2(config-ldp-1)#exit
PE2(config)#mpls interface vlan3
PE2(config)#interface vlan4
PE2(config-if-vlan4)#ip address 10.10.10.1 255.255.255.0
PE2(config-if-vlan4)#exit
PE2(config)#router ospf 1
PE2(config-ospf-1)#network 10.0.0.0 0.255.255.255 area 0.0.0.0
PE2(config-ospf-1)#exit
PE2(config)#router ospf 100 vrf test1
PE2(config-ospf-100)#network 10.10.10.1 0.0.0.0 area 0.0.0.0
PE2(config-ospf-100)#redistribute bgp-int100
PE2(config-ospf-100)#area 0 sham-link 64.64.64.2 64.64.64.1
PE2(config-ospf-100)#router-id 64.64.64.2

1-26

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

PE2(config-ospf-100)#exit
PE2(config)#router bgp 100
PE2(config-bgp)#neighbor 10.10.1.1 remote-as 100
PE2(config-bgp)#neighbor 10.10.1.1 update-source loopback1
PE2(config-bgp)#address-family ipv4 vrf test1
PE2(config-bgp-af-ipv4-vrf)#redistribute connected
PE2(config-bgp-af-ipv4-vrf)#redistribute ospf-int 100
PE2(config-bgp-af-ipv4-vrf)#exit
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 10.10.1.1 activate
PE2(config-bgp-af-vpnv4)#exit
PE2(config-bgp)#exit
PE2(config)#mpls ldp instance 1
PE2(config-ldp-1)#router-id loopback1 force

CE2 configuration,
CE2(config)#interface loopback1
CE2(config-if-loopback1)#ip address 200.1.1.1 255.255.255.0
CE2(config-if-loopback1)#exit
CE2(config)#interface vlan4
CE2(config-if-vlan4)#ip address 10.10.10.2 255.255.255.0
CE2(config-if-vlan4)#exit
CE2(config)#interface vlan5
CE2(config-if-vlan5)#ip address 20.1.1.1 255.255.255.0
CE2(config-if-vlan5)#exit
CE2(config)#router ospf 1
CE2(config-ospf-1)#network 10.10.10.2 0.0.0.0 area 0
CE2(config-ospf-1)#network 200.1.1.1 0.0.0.0 area 0
CE2(config-ospf-1)#network 20.1.1.1 0.0.0.0 area 0

1.1.4.3 Cross-domain option back-to-back (VRF-VRF) Configuration

Configuration Description
As shown in Figure 1-9, custom has two sites, site 1 and 2, and they need VPN connection.
Site 1 connects to AS100, and site 2 connects to AS200. Both site 1 and site 2 provide
MPLS VPN. To set up MPLS VPN connection between site 1 and site 2, back-to-back
(VRFVRF) is used. This is the simplest mode to realize VPN between ASs.

1-27

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Figure 1-9 MPLS VPN Cross-Domain Configuration Example

Configuration Thought
1. All of PE1, PE2 and PE3, PE4 have VPN1. The RD is 1:1, and the RT is 1:1.
2. Establish LDP, IGP and MPIGP neighborhoods between PE1 and PE2. Establish LDP,
IGP and MP-IBGP neighborhoods between PE3 and PE4. Advertise the loopback
addresses by IGP.

Configuration Commands
1. Bind vpn1 to PE1. Establish EBGP connection between PE1 and CE1.
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn1
PE1(config-bgp-af-ipv4-vrf)#neighbor 100.1.1.2 remote-as 65000
2. Establish MP-IBGP neighborhood between PE1 and PE2 by using the loopback
interfaces 1.2.3.4 and 2.3.4.5.
PE2(config)#router bgp 100
PE2(config-bgp)#neighbor 1.2.3.4 remote-as 100
PE2(config-bgp)#neighbor 1.2.3.4 update-source loopback1
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 1.2.3.4 active

Configuration of PE1 is the same to PE2.


3. Bind vpn1 to PE4. Establish EBGP connection between PE4 and PE2.
PE4(config)#router bgp 200
PE4(config-bgp)#address-family ipv4 vrf vpn1
PE4(config-bgp-af-ipv4-vrf)#neighbor 200.1.1.2 remote-as 65000

IPv4 and VPNv4 are enabled among PEs.


4. Establish MP-IBGP neighborhood between PE3 and PE4 by using the loopback1
interfaces 3.4.5.6 and 4.5.6.7.
PE3(config)#router bgp 200
PE3(config-bgp)#neighbor 4.5.6.7 remote-as 200

1-28

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

PE3(config-bgp)#neighbor 4.5.6.7 update-source loopback1


PE3(config-bgp)#address-family vpnv4
PE3(config-bgp-af-vpnv4)#neighbor 4.5.6.7 active

Configuration of PE4 is the same to PE3.


5. PE2 specifies PE3 as its EBGP neighbor in BGP VPNv4 address family mode. IP
address of INTB is 150.3.2.3.
PE2(config)#router bgp 100
PE2(config-bgp)#address-family ipv4 vrf vpn1
PE2(config-bgp-af-ipv4-vrf)#neighbor 150.3.2.3 remote-as 200
6. Bind vpn1 to PE3.
PE3(config)#interface INTB
PE3(config-if-INTB)#ip vrf forwarding vpn1
PE3(config-if-INTB)#ip address 150.3.2.3 255.255.255.0
7. Bind vpn1 to PE2.
PE2(config)#interface INTA
PE2(config-if-INTA)#ip vrf forwarding vpn1
PE2(config-if-INTA)#ip address 150.3.2.2 255.255.255.0
8. PE3 specifies PE2 as its EBGP neighbor in VPNv4 address family mode. IP address
of INTB is 150.3.2.2.
PE3(config)#router bgp 200
PE3(config-bgp)#address-family ipv4 vrf vpn1
PE3(config-bgp-af-ipv4-vrf)#neighbor 150.3.2.2 remote-as 100
9. PE1 redistributes direct-connected route in VPNv4 address family mode.
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf vpn1
PE1(config-bgp-ipv4-vrf)#redistribute connected
10. PE4 advertises the network segment 200.1.1.0 in VPNv4 address family mode.
PE4(config)#router bgp 200
PE4(config-bgp)#address-family ipv4 vrf vpn1
PE4(config-bgp-af-ipv4-vrf)#network 200.1.1.0 255.255.255.0
11. Enable LDP between PE1 and PE2 to establish LSP. The interface vlan1 is used to
interconnected PE2 by PE1.
PE1(config)#mpls ldp instance 1
PE1(config-ldp-1)#interface vlan1
PE1(config-ldp-1-vlan1)#exit
PE1(config-ldp-1)#exit
PE1(config)#mpls interface vlan1

Enable LDP between PE3 and PE4 to establish LSP.

Configuration Verification
Use show bgp vpnv4 unicast vrf vpn1 summary on PE1 to view the EBGP neighborhood
establishing with 100.1.1.2.
PE1#show bgp vpnv4 unicast vrf vpn1 summary

1-29

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Neighbor Ver As MsgRcvd MsgSend Up/Down State/PfxRcd


100.1.1.2 4 65000 0 0 00:10:00

Use show bgp vpnv4 unicast neighbor 1.2.3.4 on PE2 to view the configuration,
PE2#show bgp vpnv4 unicast neighbor 1.2.3.4
BGP neighbor is 1.2.3.4, remote AS 100, external link
BGP version 4, remote router ID 1.2.3.4
BGP state = Established, up for 1w0d
Last read update 1w0d, hold time is 180 seconds, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received
New ASN Capability: advertised and received
Address family IPv4 Unicast: advertised and received
Address family VPNv4 Unicast: advertised and received
Graceful Restart Capability: received
Address families preserved by peer :
Help peer is in normal state
Remote Restart timer is 0 seconds
External BGP neighbor may be up to 8 hops away.
All received 11593 messages
128 updates, 0 errs
2 opens, 0 errs
11462 keepalives
0 VPNv4 refreshes, 1 IPv4 refreshes, 0 IPv4 multicast refreshes,
0 IPv6 refreshes, 0 IPv6 multicast refreshes, 0 VPNv6 refreshes,
0 L2VPN VPLS refreshes, 0 IPv4 route-target refreshes, 0 errs
0 notifications, 0 other errs
After last established received 11480 messages
64 updates, 0 errs
0 opens, 0 errs
11415 keepalives
0 VPNv4 refreshes, 1 IPv4 refreshes, 0 IPv4 multicast refreshes,
0 IPv6 refreshes, 0 IPv6 multicast refreshes, 0 IPv6 vpn refreshe
s, 0 L2VPN VPLS refreshes, 0 IPv4 route-target refreshes, 0 errs
0 IPv4 end_of_ribs, 0 VPNv4 end_of_ribs, 0 IPv6 end_of_ribs,
0 VPNv6 end_of_ribs, 0 IPv4 route-target end_of_ribs
0 notifications, 0 other errs
All sent 11995 messages
548 updates, 2 opens, 11444 keepalives
0 VPNv4 refreshes, 0 IPv4 refreshes, 0 IPv4 multicast refreshes,
0 IPv6 refreshes, 0 IPv6 multicast refreshes, 0 VPNv6 refreshes,
0 L2VPN VPLS refreshes, 0 IPv4 route-target refreshes, 1 notifications
After last established sent 11812 messages
415 updates, 0 opens, 11397 keepalives
0 VPNv4 refreshes, 0 IPv4 refreshes, 0 IPv4 multicast refreshes,

1-30

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

0 IPv6 refreshes, 0 IPv6 multicast refreshes, 0 VPNv6 refreshes,


0 L2VPN VPLS refreshes, 0 IPv4 route-target refreshes
0 IPv4 end_of_ribs, 0 VPNv4 end_of_ribs, 0 IPv6 end_of_ribs,
0 VPNv6 end_of_ribs, 0 IPv4 route-target end_of_ribs, 0 notifications
For address family: IPv4 Unicast
Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%
For address family: IPv4 Multicast no activate
Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%
For address family: VPNv4 Unicast
Weight is 0
All received nlri 64, unnlri 0, 64 accepted prefixes, 0 deleting prefixes
All sent nlri 273, unnlri 143, 130 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%
For address family: VPNv4 Multicast no activate
Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%
For address family: VPNv4 Mcast no activate
Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%
For address family: IPv6 Unicast no activate
Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%
For address family: IPv6 Multicast no activate
Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295

1-31

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Threshold for warning message 75%


For address family: VPNv6 Unicast no activate
Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%
For address family: L2VPN VPLS no activate
Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%
For address family: Route Target no activate
Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes, 0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%
Totally update pkt block 301 times
Currently no update pkt block in spool buf
Last after established, type:feas pkt, last ticks:4
Max last time from peer born, type:feas pkt, last ticks:6
Totally real pkt block 0 times
Currently no real pkt block in spool buf
Connections established 2
Last error code is 4
Last reset 1w0d, reset due to Peer timeout
Local host: 1.1.1.1, Local port: 21675
Foreign host: 1.2.3.4, Foreign port: 179

Use show bgp vpnv4 unicast vrf vpn1 summary on PE4 to view the EBGP neighborhood
establishing with 200.1.1.2.
PE4#show bgp vpnv4 unicast vrf vpn1 summary
Neighbor Ver As MsgRcvd MsgSend Up/Down State/PfxRcd
200.1.1.2 4 65000 0 0 00:15:00 0

Use show bgp vpnv4 unicast neighbor 4.5.6.7 on PE3 to view.

PE2#show bgp vpnv4 unicast neighbor 4.5.6.7


BGP neighbor is 4.5.6.7, remote AS 100, external link
BGP version 4, remote router ID 4.5.6.7
BGP state = Established, up for 1w0d
Last read update 1w0d, hold time is 180 seconds,
keepalive interval is 60 seconds
Neighbor capabilities:

1-32

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

Route refresh: advertised and received


New ASN Capability: advertised and received
Address family IPv4 Unicast: advertised and received
Address family VPNv4 Unicast: advertised and received
Graceful Restart Capability: received
Address families preserved by peer :
Help peer is in normal state
Remote Restart timer is 0 seconds
External BGP neighbor may be up to 8 hops away.
All received 11593 messages
128 updates, 0 errs
2 opens, 0 errs
11462 keepalives
0 VPNv4 refreshes, 1 IPv4 refreshes, 0 IPv4 multicast refreshes,
0 IPv6 refreshes, 0 IPv6 multicast refreshes, 0 VPNv6 refreshes,
0 L2VPN VPLS refreshes, 0 IPv4 route-target refreshes, 0 errs
0 notifications, 0 other errs
After last established received 11480 messages
64 updates, 0 errs
0 opens, 0 errs
11415 keepalives
0 VPNv4 refreshes, 1 IPv4 refreshes, 0 IPv4 multicast refreshes,
0 IPv6 refreshes, 0 IPv6 multicast refreshes, 0 IPv6 vpn refreshe
s, 0 L2VPN VPLS refreshes, 0 IPv4 route-target refreshes, 0 errs
0 IPv4 end_of_ribs, 0 VPNv4 end_of_ribs, 0 IPv6 end_of_ribs,
0 VPNv6 end_of_ribs, 0 IPv4 route-target end_of_ribs
0 notifications, 0 other errs
All sent 11995 messages
548 updates, 2 opens, 11444 keepalives
0 VPNv4 refreshes, 0 IPv4 refreshes, 0 IPv4 multicast refreshes,
0 IPv6 refreshes, 0 IPv6 multicast refreshes, 0 VPNv6 refreshes,
0 L2VPN VPLS refreshes, 0 IPv4 route-target refreshes, 1 notifications
After last established sent 11812 messages
415 updates, 0 opens, 11397 keepalives
0 VPNv4 refreshes, 0 IPv4 refreshes, 0 IPv4 multicast refreshes,
0 IPv6 refreshes, 0 IPv6 multicast refreshes, 0 VPNv6 refreshes,
0 L2VPN VPLS refreshes, 0 IPv4 route-target refreshes
0 IPv4 end_of_ribs, 0 VPNv4 end_of_ribs, 0 IPv6 end_of_ribs,
0 VPNv6 end_of_ribs, 0 IPv4 route-target end_of_ribs, 0 notifications
For address family: IPv4 Unicast
Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes,
0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295

1-33

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Threshold for warning message 75%


For address family: IPv4 Multicast no activate
Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes,
0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%
For address family: VPNv4 Unicast
Weight is 0
All received nlri 64, unnlri 0, 64 accepted prefixes,
0 deleting prefixes
All sent nlri 273, unnlri 143, 130 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%
For address family: VPNv4 Multicast no activate
Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes,
0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%
For address family: VPNv4 Mcast no activate
Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes,
0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%
For address family: IPv6 Unicast no activate
Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes,
0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%
For address family: IPv6 Multicast no activate
Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes,
0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%
For address family: VPNv6 Unicast no activate
Weight is 0

1-34

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

All received nlri 0, unnlri 0, 0 accepted prefixes,


0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%
For address family: L2VPN VPLS no activate
Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes,
0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%
For address family: Route Target no activate
Weight is 0
All received nlri 0, unnlri 0, 0 accepted prefixes,
0 deleting prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
Maximum limit 4294967295
Threshold for warning message 75%
Totally update pkt block 301 times
Currently no update pkt block in spool buf
Last after established, type:feas pkt, last ticks:4
Max last time from peer born, type:feas pkt, last ticks:6
Totally real pkt block 0 times
Currently no real pkt block in spool buf
Connections established 2
Last error code is 4
Last reset 1w0d, reset due to Peer timeout
Local host: 1.1.1.1, Local port: 21675
Foreign host: 4.5.6.7, Foreign port: 179

Use show bgp vpnv4 unicast vrf vpn1 summary on PE2 to view the MP-EBGP neighborhood
establishing with 150.3.2.3 (PE3).
PE2#show bgp vpnv4 unicast vrf vpn1 summary
Neighbor Ver As MsgRcvd MsgSend Up/Down State/PfxRcd
150.3.2.3 4 200 0 0 00:22:35

1.2 MPLS VPN Route Aggregation Configuration


1.2.1 MPLS VPN Route Aggregation Overview
By means of the aggregation-address command in BGP vrf address family mode, BGP
protocol can aggregate the learnt VPN routes to a route for advertising. In this way, the
route entries in VPN routing table can be reduced observably.

1-35

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

1.2.2 Configuring MPLS VPN Route Aggregation


To configure MPLS VPN route aggregation, perform the following steps on ZXR10 5900E.

Step Command Function

1 ZXR10(config)#router bgp < as-number> This enters BGP route


configuration mode.

2 ZXR10(config-bgp)#address-family ipv4 vrf < vpn-name> This enters IPv4 VRF address
family configuration mode.

3 ZXR10(config-bgp-af-ipv4-vrf)#aggregate-address This creates an aggregation


<ip-address><net-mask>{[as-set],[summary-only],[strict],[attri policy in VRF routing table.
bute-map<map-tag>], [ suppress-map<map-tag>]}

Descriptions of the parameters used by step 3 are shown below.

Parameter Description

< ip-address> The aggregation network to be created, in dotted decimal notation

<net-mask> The aggregation mask to be created, in dotted decimal notation

as-set Generate the information of AS set path

summary-only Filter all more special routes from the update

strict According to RFC1771, the routes which MED and NEXT_HOP


attributes are the same can be aggregated only. MED and
NEXT_HOP attributes will not be used if the command is used
without strict.

attribute-map Attribute map

< map-tag> Name of attribute-map, the length is 1-32 characters.

suppress-map Suppress map

< map-tag> The name of suppress map, the length is 1-32 characters.

1.2.3 Maintaining MPLS VPN Route Aggregation


To maintain MPLS VPN route aggregation, use the following command on ZXR10 5900E.

Command Function

ZXR10#show ip route vpn This shows the route information


of VPN instance.

This example shows what will be displayed after show ip route vpn is used. Here, the
informations about route aggregation can be viewed.
ZXR10#show ip route vpn
Routes of vpn:

1-36

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

Dest NextHop Type ASN Addr Peer


1.1.1.0/24 1.1.1.1 0 1 1 0.0.0.0
1.1.1.1/32 1.1.1.1 0 1 1 0.0.0.0

Descriptions of command output are shown below.

show Command Output Description

Dest Route prefex and mask

NextHop Route next hop

Type RD type

ASN The administrator value of RD

Addr The assigned value of RD

Peer Neighbor IP address

1.2.4 MPLS VPN Route Aggregation Configuration Example


Configuration Description
As shown in Figure 1-10, CE1 belongs to AS200, both PE1 and PE2 belong to AS100, and
CE2 belongs to AS300. PE1 and PE2 establish MPBGP neighborhood by using loopback
addresses. CE1 and PE1 establish EBGP neighborhood, and CE1 and PE1 establish
EBGP neighborhood.
Both CE1 and CE2 belong to the same VPN, which advertise route 150.1.0.0/16 and
150.2.0.0/16 to PE1 respectively. PE1 aggregates two routes to 150.0.0.0/8, and then
advertises it to PE2. After that, PE2 only learns the aggregated route 150.0.0.0/8.

Figure 1-10 MPLS VPN Route Aggregation Configuration Example Topology

Device Interface Name Address

CE1 gei-0/1/1/1 (vlan1) 20.0.0.2/24

1-37

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Device Interface Name Address

PE1 gei-0/1/1/2 (vlan1) 20.0.0.1/24

gei-0/1/1/4 (vlan2) 30.0.0.1/24

gei-0/1/1/5 (vlan3) 10.0.0.1/24

PE2 gei-0/1/1/6 (vlan3) 10.0.0.2/24

CE2 gei-0/1/1/3 (vlan2) 30.0.0.2/24

Configuration Thought
1. Establish MP-BGP neighborhood between PE1 and PE2. The loopback address of
PE1 is 1.1.1.1/32, and that of PE2 is 1.1.1.2/32.
2. Create a VRF called test1 on PE1 and PE2. Bind vlan1 and vlan2 to VPN1.
3. Establish EBGP neighborhood between CE2 and PE1, CE1 and PE1 respectively.

Configuration Process
CE1 configuration,
CE1(config)#interface vlan1
CE1(config-if-vlan1)#ip address 20.0.0.2 255.255.255.0
CE1(config-if-vlan1)#exit
CE1(config)#router bgp 200
CE1(config-bgp)#network 150.1.0.0 255.255.0.0
CE1(config-bgp)#neighbor 20.0.0.1 remote-as 100

CE2 configuration,
CE2(config)#interface vlan2
CE2(config-if-vlan2)#ip address 30.0.0.2 255.255.255.0
CE2(config-if-vlan2)#exit
CE2(config)#router bgp 300
CE2(config-bgp)#network 150.2.0.0 255.255.0.0
CE2(config-bgp)#neighbor 30.0.0.1 remote-as 100

PE1 configuration,
PE1(config)#ip vrf test1
PE1(config-vrf-test1)#rd 100:1
PE1(config-vrf-test1)#address-family ipv4
PE1(config-vrf-test1-af-ipv4)#route-target import 100:1
PE1(config-vrf-test1-af-ipv4)#route-target export 100:1
PE1(config-vrf-test1-af-ipv4)#exit
PE1(config-vrf-test1)#exit
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 1.1.1.1 255.255.255.255
PE1(config-if-loopback1)#exit
PE1(config)#interface vlan3
PE1(config-if-vlan3)#ip address 10.0.0.1 255.255.255.0

1-38

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

PE1(config-if-vlan3)#exit
PE1(config)#mpls ldp instance 1
PE1(config-ldp-1)#interface vlan3
PE1(config-ldp-1-if-vlan3)#exit
PE1(config-ldp-1)#exit
PE1(config)#mpls interface vlan3
PE1(config)#interface vlan1
PE1(config-if-vlan1)#ip vrf forwarding test1
PE1(config-if-vlan1)#ip address 20.0.0.1 255.255.255.0
PE1(config-if-vlan1)#exit
PE1(config)#interface vlan2
PE1(config-if-vlan2)#ip vrf forwarding test1
PE1(config-if-vlan2)#ip address 30.0.0.1 255.255.255.0
PE1(config-if-vlan2)#exit
PE1(config)#router ospf 1
PE1(config-ospf-1)#router-id 1.1.1.1
PE1(config-ospf-1)#network 1.1.1.1 0.0.0.0 area 0.0.0.0
PE1(config-ospf-1)#network 10.0.0.0 0.0.0.255 area 0.0.0.0
PE1(config)#mpls ldp instance 1
PE1(config-ldp-1)#router-id loopback1
PE1(config-ldp-1)#exit
PE1(config)#router bgp 100
PE1(config-bgp)#neighbor 1.1.1.2 remote-as 100
PE1(config-bgp)#neighbor 1.1.1.2 update-source loopback1
PE1(config-bgp)#address-family ipv4 vrf test1
PE1(config-bgp-af-ipv4-vrf)#aggregate-address 150.0.0.0 255.0.0.0 summary-only
PE1(config-bgp-af-ipv4-vrf)#neighbor 20.0.0.2 remote-as 200
PE1(config-bgp-af-ipv4-vrf)#neighbor 30.0.0.2 remote-as 300
PE1(config-bgp-af-ipv4-vrf)#exit
PE1(config-bgp)#address-family vpnv4
PE1(config-bgp-af-vpnv4)#neighbor 1.1.1.2 activate
PE1(config-bgp-af-vpnv4)#exit

PE2 configuration,
PE2(config)#ip vrf test1
PE2(config-vrf-test1)#rd 100:1
PE2(config-vrf-test1)#address-family ipv4
PE2(config-vrf-test1-af-ipv4)#route-target import 100:1
PE2(config-vrf-test1-af-ipv4)#route-target export 100:1
PE2(config-vrf-test1-af-ipv4)#exit
PE2(config-vrf-test1)#exit
PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 1.1.1.2 255.255.255.255
PE2(config-if-loopback1)#exit
PE2(config)#interface vlan3

1-39

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

PE2(config-if-vlan3)#ip address 10.0.0.2 255.255.255.0


PE2(config-if-vlan3)#exit
PE2(config)#mpls ldp instance 1
PE2(config-ldp-1)#interface vlan3
PE2(config-ldp-1-if-vlan3)#exit
PE2(config-ldp-1)#exit
PE2(config)#mpls interface vlan3
PE2(config)#router ospf 1
PE2(config-ospfv-1)#router-id 1.1.1.2
PE2(config-ospf-1)#network 1.1.1.2 0.0.0.0 area 0.0.0.0
PE2(config-ospf-1)#network 10.0.0.0 0.0.0.255 area 0.0.0.0
PE2(config-ospf-1)#exit
PE2(config)#mpls ldp instance 1
PE2(config-ldp-1)#router-id loopback1
PE2(config-ldp-1)#exit
PE2(config)#router bgp 100
PE2(config-bgp)#neighbor 1.1.1.1 remote-as 100
PE2(config-bgp)#neighbor 1.1.1.1 update-source loopback1
PE2(config-bgp)#address-family vpnv4
PE2(config-bgp-af-vpnv4)#neighbor 1.1.1.1 activate
PE2(config-bgp-af-vpnv4)#exit

Configuration Check
View VRF routing table on PE1. Here, both the sub-routes and the aggregated route can
be viewed.
PE1(config)#show ip protocol routing vrf test1
Routes of vpn:
status codes: *valid, >best, s-stale

Dest NextHop Intag Outtag RtPrf Protocol


*> 150.0.0.0/8 0.0.0.0 87 notag 254 bgp-aggr-discard
*> 150.1.0.0/16 20.0.0.2 86 notag 20 bgp-ext
*> 150.2.0.0/16 30.0.0.2 85 notag 20 bgp-ext

View PE2 routing table. Here, only the aggregated route can be viewed.

PE2(config)#show ip protocol routing vrf test1


Routes of vpn:
status codes: *valid, >best, s-stale

Dest NextHop Intag Outtag RtPrf Protocol


*> 150.0.0.0/8 1.1.1.1 165366 87 200 bgp-int

1-40

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

1.3 VPN Route Restriction and Alarm


1.3.1 VPN Route Restriction and Alarm Overview
In MPLS VPN network, a PE receives excessive routes from CE and other PEs, so PE
memory is exhausted and the router collapses. Therefore, it is necessary to control the
VRF routes which enter PE from CE and PE neighbor. This function is called as VPN
Route Limit.
There are three methods to send routes from CE to PE, as shown below.

l Direct connection
l Static
l Dynamic unicast route protocol
The function of VPN Route Limit controls the routes to access to PE from CE through many
methods.

1.3.2 Configuring VPN Route Restriction and Alarm


To configure VPN route limit and alarm, perform the following steps on ZXR10 5900E.

Step Command Function

1 ZXR10(config)#ip vrf < vrfi-name> This enters into VRF


configuration mode.

2 ZXR10(config-vrf-vrf-name)#address-family ipv4 This activates IPv4 address


family.

3 ZXR10(config-vrf-vrf-name-af-ipv4)#maximum routes This controls the number of


<number>{< thresholdvalue>| warning-only} routes to enter into VRF and
gives the corresponding alarm.

Descriptions of the parameters used by step 3 are shown below.

Parameter Description

<number> The sum of valid routes. The range is 1-42949672955

< thresholdvalue> Route alarm threshold, it is a percentage value. The range is


1-100.

warning-only When the total number of VRF routes exceeds the threshold
value, give an alarm but not restrict the routes.

1.3.3 Maintaining VPN Route Restriction and Alarm


To maintain VPN route restriction and alarm, use the following command on ZXR10 5900E.

1-41

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Command Function

ZXR10#show ip vrf detail This shows VRF configuration is


detail.

When the detailed information of the VRF is displayed, the information related to route
restriction and alarm is displayed. The following is a sample output of the show ip vrf detail
command:
ZXR10(config)#show ip vrf detail
VRF mng (VRF Id = 2048); default RD not set
Address family ipv4:
No Export VPN route-target communities
No Import VPN route-target communities
No import route-map
No export route-map
Address family ipv6:
No Export VPN route-target communities
No Import VPN route-target communities
No import route-map
No export route-map
Mpls label mode:
ipv4 VRF label allocation mode: per-prefix
ipv6 VRF label allocation mode: per-prefix
Interface:
mgmt_eth
VRF 1 (VRF Id = 1); default RD 1:1
Description: abcd
Address family ipv4:
Export VPN route-target communities
1:1
Import VPN route-target communities
1:1
No import route-map
No export route-map
Route warning limit 100000
priority: 2
No import multicast-route
No static outlabel configed
No static tunnel configed
Address family ipv6:
Export VPN route-target communities
3:4
Import VPN route-target communities
3:4
Import route-map: 4

1-42

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

Export route-map: 3
Mpls label mode:
ipv4 VRF label allocation mode: per-vrf
ipv6 VRF label allocation mode: per-prefix
per-vrf inlabel: 213059
Interface:
vlan10
vlan21
vlan501

Parameter descriptions are as follows:

Show Command output Description

Export VPN route-target Exports the RT attributes included in the VPN route.
communities

Import VPN route-target Imports the RT attributes included in the VPN route.
communities

1.3.4 VPN Route Alarm Configuration Example


Configuration Description
As shown in Figure 1-11, a L3VPN network is constructed. VRF named zte is configured
on PE1, and its both of its RT and RD is 1:1. The interface int 1 is bound to VRF zte.

The IP address of int 1 is 10.1.1.1/24, and that of port 1 is 10.1.1.2/24. CE1 accesses to
PE1 through EBGP.

Figure 1-11 VPN Route Alarm Configuration Example Topology

Configuration Process
1. To establish EBGP neighborhood between PE1 and CE1, configure PE1 as follows,
PE1(config)#router bgp 100
PE1(config-bgp)#address-family ipv4 vrf zte
PE1(config-bgp-af-ipv4-vrf)#neighbor 10.1.1.2 remote-as 200

Perform the corresponding configuration on CE1 to make it establish EBGP


neighborhood between PE1.

1-43

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Use show bgp vpnv4 unicast vrf zte summary on PE1 to view whether the neighborhood
between PE1 and CE1 is established.
2. Configure the maximum value of VRF zte routes is 100 on PE1, and the route alarm
threshold value is 60%.
PE1(config)#ip vrf zte
PE1(config-vrf-zte)#address-family ipv4
PE1(config-vrf-zte-af-ipv4)#maximum routes 100 60

Use show ip vrf detail zte to view the configuration result of maximum routes.
Enable alarm and terminal monitor functions on PE1 to view the alarm if the number
of routes exceeds the threshold.
PE1#terminal monitor
PE1#configure terminal
PE1(config)#logging on
3. CE1 advertises 50 EBGP route entries to PE1 (it does not exceed the 60% of alarm
threshold value). Use show ip protocol routing vrf zte to view the 50 VRF EBGP route
entries on PE1. PE1 does not give any alarm.
4. CE1 continues to advertise 20 EBGP route entries to PE1. There are 70 EBGP route
entries now (It exceeds 60% of alarm threshold value). Use show ip protocol routing
vrf-summary zte on PE1 to view the 70 VRF EBGP route entries. PE1 gives an alarm.
PE1(config)#show ip protocol routing vrf-summary zte
VRF Source Count
connected: 4
static: 0
ospf: 0
rip: 0
bgp: 1
isis: 0
icmp: 0
snmp: 0
nat: 0
natpt: 0
vrrp: 0
ppp: 0
asbr_vpn: 0
rsvpte: 0
usr-ipaddr: 0
usr-net: 0
ipsec: 0
ps-user: 0
ps-busi: 0
ves: 0
ldp: 0
user-special: 0

1-44

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

dhcp-dft: 0
dhcp-static: 0
sl_nat64_v4: 0
Total: 5

The corresponding alarm is displayed by PE1.


An alarm 200310 ID 160 level 3 occurred at 09:47:09 06-06-2014
sent by ZXR10 MP-0/T1/0 %L3VPN% Routes limit is reached.
Error data:The routes limit of 105 is reached
xAn alarm 200311 ID 161 level 5 occurred at
09:47:09 06-06-2014 sent by ZXR10 MP-0/T1/0
%L3VPN% Routes warning limit is reached.
Warning data:The routes warning limit of 105 is reached
5. CE1 continues to advertise 30 route entries to PE1. There are 100 EBGP route entries
(It exceeds 100 of alarm threshold value). Use show ip protocol routing vrf-summary
zte on PE1 to view the 100 VRF EBGP route entries.
PE1(config)#show ip protocol routing vrf-summary zte
VRF Source Count
connected: 4
static: 0
ospf: 0
rip: 0
bgp: 1
isis: 0
icmp: 0
snmp: 0
nat: 0
natpt: 0
vrrp: 0
ppp: 0
asbr_vpn: 0
rsvpte: 0
usr-ipaddr: 0
usr-net: 0
ipsec: 0
ps-user: 0
ps-busi: 0
ves: 0
ldp: 0
user-special: 0
dhcp-dft: 0
dhcp-static: 0
sl_nat64_v4: 0
Total: 5

1-45

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

The alarm that the number of VRF routes exceeds the threshold value is displayed by
PE1.
An alarm 200310 ID 160 level 3 occurred at 09:47:09 06-06-2014
sent by ZXR10 MP-0/T1/0
%L3VPN% Routes limit is reached.
Error data:The routes limit of 105 is reached
xAn alarm 200311 ID 161 level 5 occurred
at 09:47:09 06-06-2014 sent by ZXR10 MP-0/T1/0
%L3VPN% Routes warning limit is reached.
Warning data:The routes warning limit of 105 is reached
6. CE1 cancels the route entries that it advertised to PE1 before, and it advertises another
50 EBGP route entries to PE1. Use show ip protocol routing vrf-summary zte on PE1
to view the 50 VRF EBGP routes. PE1 does not give any alarm.
7. Modify the route alarm threshold of VRF zte to 40% on PE1. The upper limitation of
route is still 100 entries.
PE1(config)#ip vrf zte
PE1(config-vrf-zte)#address-family ipv4
PE1(config-vrf-zte-af-ipv4)#maximum routes 100 40

Use show ip vrf detail zte to view the configuration result of maximum routes. It shows
that there are 50 route entries and PE1 does not give any alarm.
8. CE1 cancels the 50 EBGP route entries that it advertised to PE1 before, and it
advertises to PE1 again. PE1 gives an alarm to prompt that the route alarm threshold
is exceeded.
An alarm 200310 ID 162 level 3 cleared at
09:54:59 06-06-2014 sent by ZXR10 MP-0/T1/0
%L3VPN% Routes limit is reached.
Error data:The routes limit of 105 is reached
An alarm 200311 ID 163 level 5 cleared at
09:54:59 06-06-2014 sent by ZXR10 MP-0/T1/0
%L3VPN% Routes warning limit is reached.
Warning data:The routes warning limit of 105 is reached
9. Configure warning-only function of VPN route restriction alarm on vrf zte on PE1.
PE1(config)#ip vrf zte
PE1(config-vrf-zte)#address-family ipv4
PE1(config-vrf-zte-af-ipv4)#maximum routes 100 warning-only
PE1(config-vrf-zte-af-ipv4)#exit

View the number of current routes, route restriction value, and alarm threshold value
of vrf zte on PE1. The total number of routes is 50, there is no alarm appears because
the route threshold value is not exceeded.

PE1(config)#show ip vrf detail zte


VRF zte (VRF Id = 9); default RD 1:1
Address family ipv4:
Export VPN route-target communities

1-46

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 1 MPLS L3VPN Configuration

1:1
Import VPN route-target communities
1:1
No import route-map
No export route-map
priority: 2
No import multicast-route
No static outlabel configed
No static tunnel configed
Address family ipv6 not active.
Mpls label mode:
ipv4 VRF label allocation mode: per-vrf
ipv6 VRF label allocation mode: per-prefix
per-vrf inlabel: 212999
Interface:
vlan1

Advertise another 60 routes from CE1. The number of routes exceeds the threshold
value. PE1 displays the corresponding alarm. VRF zte of PE1 does not restrict extra
routes.
An alarm 200310 ID 162 level 3 cleared at
09:54:59 06-06-2014 sent by ZXR10 MP-0/T1/0
%L3VPN% Routes limit is reached.
Error data:The routes limit of zte is reached
An alarm 200311 ID 163 level 5 cleared at
09:54:59 06-06-2014 sent by ZXR10 MP-0/T1/0
%L3VPN% Routes warning limit is reached.
Warning data:The routes warning limit of zte is reached

PE1(config)#show ip vrf detail zte


VRF zte (VRF Id = 9); default RD 1:1
Address family ipv4:
Export VPN route-target communities
1:1
Import VPN route-target communities
1:1
No import route-map
No export route-map
priority: 2
No import multicast-route
No static outlabel configed
No static tunnel configed
Address family ipv6 not active.
Mpls label mode:
ipv4 VRF label allocation mode: per-vrf

1-47

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

ipv6 VRF label allocation mode: per-prefix


per-vrf inlabel: 212999
Interface:
vlan1

1-48

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 2
MPLS L2VPN Configuration
Table of Contents
MPLS L2VPN Basic Function Configuration ...............................................................2-1
VPLS Basic Function Configuration............................................................................2-7
VPWS Basic Function Configuration ........................................................................2-20

2.1 MPLS L2VPN Basic Function Configuration


2.1.1 MPLS L2VPN Overview
Introduction to MPLS L2VPN
In the past, enterprise VPN network usually rent a data link (Frame Delay (FR) or
Asynchronous Transfer Mode (ATM)) to form L2 VPN. Internet Service Provider (ISP)
only need to ensure the connectivity in data link layer, while user can control the route
and select L3 protocol flexibility. Moreover, the security of user VPN is relatively superior
under such a condition. However, for an ISP, the conventional Internet traffic is completely
separated from VPN traffic in FR or ATM network. Additional, there is a problem of
full-mesh connection in conventional L2 VPN. Therefore, this traditional superposition L2
VPN brings heavy load to network maintenance and management.
People generally think MPLS network is the development direction of the next generation
core network. The obvious advantage of MPLS network is that it supports VPN service
well. Adopting MPLS network to provide L2 VPN, ISP only needs to maintain and manage
the single network infrastructure, but it can provide both of L2 and L3 VPN services and
various flexible IP services. The configuration of VPN service is more automatic.
There are two kinds of L2VPN services,

l Virtual Private Wire Service (VPWS)


The communication between every two sites in VPN is realized by point to point
connection. VPWS is mainly adopted by ATM and FR users. The connection
between user and network provider is not changed but the service is encrypted and
transmitted over IP backbone network.
l Virtual Private LAN Service (VPLS)

To connect all the user LANs and provide L2 switch service, it emulates operator
network to a LAN switch or bridge. The difference between VPLS and VPWS is that
VPWS provides point to point service only while VPLS provides point to multi-points

2-1

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

services. That is, CE device on VPWS selects a virtual wire to send data to a user
site, while CE device on VPLS sends all data to its PE device connecting only.

MPLS L2VPN Principle


VPWS: VPWS is to establish a special line and provide Layer 2 transparent transmission
service on the basis of MPLS network. It belongs to point-to-point L2VPN service. The
principle is shown in Figure 2-1.

Figure 2-1 VPWS Working Principle

VPWS working mode: point-to-point.


The establishment procedure of a VPWS Virtual Connection (VC) is described below.
1. LSP establishment: A Label Switch Path (LSP) is established through MPLS network.
2. VC allocation: Local PE configures a VCID, allocates a VC label and interacts with the
remote PE.
3. PW establishment: Two PEs interact for negotiation through mapping messages to
establish a Pseudo Wire (PW).
VPLS: VPLS is to provide Ethernet emulation services on MPLS network. It connects
several LANs/VLANs together. It belongs to multipoint-to-multipoint L2VPN service. The
principle is shown in Figure 2-2.

2-2

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 2 MPLS L2VPN Configuration

Figure 2-2 VPLS Working Principle

VPLS: An ISP provides multipoint-to-multipoint Layer 2 connections in a metropolitan area


or between metropolitan areas through extensible IP/MPLS network. For users, the sites
in different places look like a simple Ethernet LAN.
Users can realize Local Area Networks (LANs) of their own through Metropolitan Area
Network (MAN) or Wide Area Network (WAN).

2.1.2 Configuring MPLS L2VPN Services


Enabling the MPLS L2VPN Services Globally
To enable or disable the MPLS L2VPN services on the ZXR10 5900E, perform the following
steps:

Step Command Function

1 ZXR10(config)#mpls l2vpn enable Enables the MPLS L2VPN


services.

2 ZXR10(config)#no mpls l2vpn enable Disables the MPLS L2VPN


services. When the L2VPN
services are disabled, all
L2VPN information is deleted.

L2VPN instance and member information can be configured only when the L2VPN service
is enabled.

Configuring an MSPW
The Multi-Segment Pseudo-Wire (MSPW) is an emulational end-to-end pseudo wire
established between two PEs. To configure an MSPW on the ZXR10 5900E, perform the
following steps:

2-3

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Step Command Function

1 ZXR10(config)#mspw <instance-name>[for {ethernet Creates an MSPW instance.


{tagged|raw}|fr {port|dlci|dlci-old}|tdm {aal1|aal2|satop
{e1|e3|t1|t3}|cesopsn {basic|cas}|sonet-sdh {cesom|ceop}}|atm
{port|vpc|vcc|vpc-group|vcc-group|sdu|pdu}|ip|hdlc|ppp}]

2 ZXR10(config-mspw)#pseudo-wire <pw-name> Binds the MSPW instance to


the PW interface.

ZXR10(config-mspw)#description<description> Describes the MSPW instance.

3 ZXR10(config-mspw-segment)#neighbour <peer Configures a PW neighbour.


IP><vcid>signal[dynamic | static local <16-1048575>
remote <16-1048575>][tunnel-policy { auto | mpls-te
<te-tunnel >} neighbour <ipv4-address>[ vcid
<1-4294967295>]

4 ZXR10(config-mspw-segment)#traffic-statistics {enable Configures the traffic statistics


| disable} function for the MSPW instance.

For a description of the parameter in Step 1, refer to the table below:

Parameter Description

<instance-name> Name of the MSPW instance

For a description of the parameters in Step 2, refer to the table below:

Parameter Description

<pw-name> PW name

<description> Description of the MSPW instance

For a description of the parameters in Step 3, refer to the table below:

Parameter Description

<ipv4-address> LSR-ID of a remote PE

<1-4294967295> VCID value

For a description of the parameters in Step 4, refer to the table below:

Parameter Description

enable Enables the traffic statistics function.

disable Disables the traffic statistics function.

2-4

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 2 MPLS L2VPN Configuration

2.1.3 Maintaining MPLS L2VPN Instances


To maintain MPLS L2VPN instances on the ZXR10 5900E, run the following commands:

Command Function

ZXR10(config)#show l2vpn brief Displays the brief information


about all L2VPN instances.

ZXR10(config)#show l2vpn summary Displays the number of the


configured L2VPN instances.

ZXR10(config)#show l2vpn forwardinfo {[vpnname Displays the detailed forwarding


<instance-name> detail]|[peer <ipv4-address> detail]|[detail ]} information about each L2VPN
instance. Users can query the
detailed forwarding information
through the VPN instance name,
remote LSRID, and VCID.

For a description of the parameters, refer to the following table:

Parameter Description

<instance-name> VPN instance name

<ipv4-address> PW's peer IP address

The following is sample output from the show l2vpn brief command:
ZXR10(config)#show l2vpn brief
VPLS count:1 VPWS count:1 MSPW count:1
name type Default-VCID PW AC description
test VPLS 0 1 0
ts MSPW - 0 0
zte VPWS - 0 0

For a description of the parameters in the execution result, refer to the following table:

Parameter Description

name VPN instance name

type VPN instance type

Default-VC ID Default VC ID of the VPLS instance

PW Number of PWs

AC Number of ACs

description Description of the VPN

The following is sample output from the show l2vpn summary command:
ZXR10(config)#show l2vpn summary

2-5

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

The summary information about configured L2VPN:


vpn type configure/maximum
VPLS 1/4095
VPWS 1/4095
MSPW 1/8192

For a description of the parameters in the execution result, refer to the following table:

Parameter Description

vpn type VPN instance type

configure/maximum Number of the configured instances/maximum performance


parameters

description Description of the VPN

The following is sample output from the show l2vpn forwardinfo detail command:
ZXR10#show l2vpn forwardinfo detail
Headers : ALLOK - Pseudowire Forwarding
PWNF - Pseudowire Not Forwarding
AR - Local AC (ingress) Receive Fault
AT - Local AC (egress) Transmit Fault
PSNR - Local PSN-facing PW (ingress) Receive Fault
PSNT - Local PSN-facing PW (egress) Transmit Fault
PWFS - Pseudowire forwarding standby
RS - Request switchover to this PW
PWSA - Pseudowire Status All Fault
Codes : -unknown, *yes, .no
-----------------------------------------------------------------------------
Service type and instance name:[VPLS zte]
Peer IP address : 172.168.9.190 VC status : UP
Connection mode : HUB VC ID : 3
Signaling protocol : Static PW VC type : VLAN
Last status change time : 2d 21:25:45 Create time : 2d 23:17
MPLS VC local label : 100 Remote label : 200
SDU name : sdu3 Control Word : DISABLE
Remote status : - PW FRR type : NULL
Tunnel label : { 16389 }
Output interface : vlan314
Imposed label stack : { 200 16389 }

For a description of the parameters in the execution result, refer to the following table:

show Command Output Description

Name VPN instance name

Peer Remote LSR ID

2-6

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 2 MPLS L2VPN Configuration

show Command Output Description

VC status Status information about the VC

Connection mode Connection mode

VC ID PW VC ID

Signaling protocol Protocol type

VC type VC type

Change time Modification time of the VC

Create time Creation time of the VC

Llabel Local label of the PW

Rlabel Remote label of the PW

SDU name SDU name

Control word Control word

Remote status Remote status

PW frr type Active and standby information about the FRR

Tunnel label External tunnel label of the bearer PW

Output interface Outgoing interface of the PW

Imposed label stack Information about imposed label stack when the PW sends
data

2.2 VPLS Basic Function Configuration


2.2.1 VPLS Overview
There are some VPLS terms,
l Access Circuit (AC)

It is a link between user and service provider, that is to say, the connection between
CE and PE. Ethernet interfaces are usually used in access circuit.

l Pseudo Wire (PW)

It is a bidirectional virtual connection between Virtual Switch Interfaces (VSI) on a pair


of PE devices. It is composed of a pair of unidirectional MPLS Virtual Circuit (VC) with
opposite direction. It is also called emulation circuit.

l TAG
TAG is added by service provider to distinguish users. It is called Service Delimiting
(SDT), also called PTAG.

VPLS working principle is shown in Figure 2-3.

2-7

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Figure 2-3 VPLS Working Principle

VPLS working flow is described below.


VPLS establishes full connection of PW among the VPLS instances of PE1, PE2 and PE3.
All the VPLS instances belonging to a VPLS domain use the same VCID.
Here, PE1 allocates VC tags 102 and 103 to PE2 and PE3 respectively. PE2 allocates VC
tags 201 203 to PE1 and PE3. PE3 allocates VC tags 301 and 302 to PE1 and PE2.
Supposing that a host connecting to CE1 sends a MAC frame containing source address
X and destination address Y through PE1. If PE1 does not know the destination PE, it
encapsulates a tag 201 to the MAC frame and then sends the MAC frame to PE2, and it
encapsulates a tag 301 to the MAC frame and then sends the MAC frame to PE3.
After PE2 receiving the MAC frame, it judges that the host connecting to PE1 according to
the tag 201, thus it can learn the MAC address X and bind the X to tag 102 (allocated by
PE1).

There are two modes for PW emulating Ethernet, Raw and Tagged modes.
l In Raw mode, the type of PW is Ethernet. The packets are transmitted in PW without
PTAG. PTAG will be removed if an AC packet containing PTAG is transmitted in PW.
The information of VLAN tag will not be changed in PW transmission if the AC packet
is transmitted without PTAG.
l In Tag mode, the type of PW is Ethernet-VLAN. The packets are transmitted in PW
with PTAG. PTAG will be kept with the AC packet to transmit to the peer PE if the AC
packet contains PTAG. A PTAG or a special PTAG-Vlan 0tag is encapsulated into the
AC packet if the AC packet is transmitted in PW without PTAG.

Caution!
In both of RAW and Tag modes, the user VLAN tags locating at frame headers are
transmitted transparently without any changing.

2-8

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 2 MPLS L2VPN Configuration

PW has two transmission modes, Spoke and Hub modes. To solve the full-connection
broadcast loop and realize the hierarchical accessing, people define PW transmission
attributes Spoke and Hub modes and AC Server/Client mode. In VPLS working
mechanism, PE broadcasts (flooding) broadcast, multicast and unknow frames to other
network members. The broadcast rules of different modes are described below.
l Broadcast the broadcast packets received from a Spoke mode PW to all ACs (Client
and Server), Hub mode PWs and other Spoke mode PWs.
l Broadcast the broadcast packets received from a Server (Server-AC) to other ACs
(Client and Server), all Spoke mode PWs and Hub mode PWs.
l Broadcast the broadcast packets received from a Hub mode PW to all Server-ACs
and Spoke mode PWs, but not broadcast to other Hub mode PWs and all Client-ACs.
l Broadcast the broadcast packets received from a Client (Client-AC) to all Server-ACs
and Spoke mode PWs, but not broadcast to Hub mode PWs and other Client-ACs.

2.2.2 Configuring a VPLS


To configure a VPLS on the ZXR10 5900E, perform the following steps:

Step Command Function

1 ZXR10(config)#vpls <instance-name> Creates a VPLS instance.

2 ZXR10(config-vpls)#access-point<interface Configures the binding relationship between


-name> VPLS instances.

ZXR10(config-vpls)#pseudo-wire Configures the binding relationship between


<pw-name>[spoke] the PW and the VPLS instance.

ZXR10(config-vpls)#mtu <60-9216> Configures the maximum transfer unit for


the VPLS instance.

ZXR10(config-vpls)#default-vcid Configures the default VC ID for the VPLS


<1-4294967295> instance.

ZXR10(config-vpls)#mac Enters MPLS MAC configuration mode.

ZXR10(config-vpls)#description<description Configures the description for the VPLS


> instance.

ZXR10(config-vpls)#mac-withdraw Enables the mac-withdraw function.

3 ZXR10(config-vpls-zte-ac-vlan2)#access- Configures the Ethernet parameters for the


params ethernet AC.

4 ZXR10(config)#pw pw1 Configures the PW.


ZXR10(config)#vpls zte
ZXR10(config-vpls-zte)#pseudo-wire pw1
ZXR10(config-vpls-zte-pw-pw1)#neighbor
<ipv4-address>[ vcid <1-4294967295>]

2-9

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Step Command Function

5 ZXR10(config-vpls-zte-pw-pw1- Configures the application tunnel policy for


neighbour-1.1.1.1)#tunnel-policy the PW.
<policy-name>

ZXR10(config-vpls-zte)#pseudo-wire pw1 Configures the signaling type for the PW.


ZXR10(config-vpls-zte-pw-pw1)#neighbour
1.1.1.1 vcid 100
ZXR10(config-vpls-zte-pw-pw1-
neighbour-1.1.1.1)#signal {dynamic|static
local-label <16-1048575> remote-label
<16-1048575>}

ZXR10(config-vpls-zte-pw-pw1- Configures the encapsulation mode for the


neighbour-1.1.1.2)#encapsulation { tagged | PW.
raw }

6 ZXR10(config-vpls-zte)#pseudo-wire pw2 Configures the standby PW and protection


spoke relationship. You can run the no command
ZXR10(config-vpls-zte-spoke-pw-pw2)#re to delete the standby PW.
dundancy-manager
ZXR10(config-vpls-zte-spoke-pw-
pw2-rm)#protect-type 1+1 bidirectional
protect-strategy aps
ZXR10(config-vpls-zte-spoke-pw-pw2-
rm)#exit
ZXR10(config-vpls-zte-spoke-pw-pw2)#e
xit
ZXR10(config-vpls-zte)#backup-pw
<pw-name> protect <pw-name>

For a description of the parameter in Step 1, refer to the following table:

Parameter Description

<instance-name> VPLS instance name

For a description of the parameters in Step 2, refer to the following table:

Parameter Description

<interface-name> Name of the AC binding to the VPLS instance

<pw-name> Name of the PW binding to the VPLS instance

<60-9216> Available number of MTUs configured for the VPLS instance

<1-4294967295> VC ID of the VPLS instance

<description> Description about the VPN instance

2-10

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 2 MPLS L2VPN Configuration

For a description of the parameter in Step 3, refer to the following table:

Parameter Description

ethernet Sets ACs type to ethernet

For a description of the parameters in Step 4, refer to the following table:

Parameter Description

[<1-4294967295>] VC ID

{<ipv4-address>} LSR ID of the remote PE

For a description of the parameters in Step 5, refer to the following table:

Parameter Description

<policy-name> Name of the tunnel policy

dynamic PW type is dynamic

static PW type is static

<16-1048575> Range of the PW label

tagged PW uses Tagged mode

raw PW uses Raw mode

For a description of the parameter in Step 6, refer to the following table:

Parameter Description

<pw-name> PW name

2.2.3 Maintaining VPLS Instances


To maintain VPLS instances on the ZXR10 5900E, run the following commands:

Command Function

ZXR10#show l2vpn brief Displays the list of L2VPN instances and the
number of AC and PW interfaces bound to
L2VPN instances.

ZXR10#show l2vpn summary Displays the number of L2VPN instances.

ZXR10#show l2vpn forwardinfo {[vpnname Displays the valid PW list in accordance with
<instance-name>]|[peer <ipv4-address>]}[detail] the instance name.

ZXR10#show pwe3 signal Displays the brief information about the PW.

ZXR10#show pwe3 signal fec128 {detail [local-label Displays the detailed information of the PW.
<16-1048575>| peer <peerip>]

2-11

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Command Function

ZXR10#show pwe3 signal statistics Displays the signaling status statistics


information of each type of PW.

The following is sample output from the show l2vpn brief command:
VPLS count:1 VPWS count:1 MSPW count:1
name type Default-VCID PW AC description
test VPLS 0 1 0
ts MSPW - 0 0
zte VPWS - 0 0

For a description of the parameters in the execution result, refer to the following table:

Parameter Description

VPLS count Number of VPLS instances

VPWS count Number of VPWS instances

MSPW count Number of MSPW instances

name Instance name

type Instance type

default vcid Default VCID value of an instance

PW Number of PWs configured for an instance

AC Number of ACs configured for an instance

description Description information about an instance

The following is sample output from the show l2vpn summary command:
ZXR10(config-vpls)#show l2vpn summary
The summary information about configured L2VPN:
vpn type configure/maximum
VPLS 1/4095
VPWS 1/4095
MSPW 1/8192

For a description of the parameters in the execution result, refer to the following table:

show Command Output Description

vpn type VPN type

configure/maximum Number of configured instances/maximum number of instances

The following is sample output from the show l2vpn forwordinfo command:
ZXR10(config)#show l2vpn forwardinfo
Headers: PWType - Pseudowire type and Pseudowire connection mode
Llabel - Local label, Rlabel - Remote label

2-12

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 2 MPLS L2VPN Configuration

VPNowner - owner type and instance name


Codes: H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW

PeerIP VCID PWType State Llabel Rlabel VPNowner


1.2.3.4 10 ETH H UP 81920 81920 L: test

For a description of the parameters in the execution result, refer to the following table:

show Command Output Description

PeerIP Router ID of the peer PW

VCID PW vcid

PWType PW type

State PW state

Llabel Local label

Rlabel Remote label

VPNowner VPN instance where the PW belongs to

The following is sample output from the show pwe3 signal command:
ZXR10(config)#show pwe3 signal
The signal information of FEC 128/129 PWs in brief:
Headers:
Neighbourhood - neighbour's IP address, LDP state and related PW name;
Service - PW encapsulation mode and service instance's type and index;
AIIs - target AII and source AII (FEC129 only);
Descriptions - remote description and local description (FEC128 only);
Labels - local label (in label) and remote label (out label)
Codes : L - Local configured; M - Mapping received; N - Negotiated;
S - mapping Sent; A - AC ready (VPWS) or service Attached (VPLS/MSPW);
C - Control word used;
Up - PW signal procedures succeeded and both VC-LSPs formed;
Down - PW not UP;
Vague - session state is not UP;
Ready - session state is UP;
GR1 - session state is not UP and PW's remote label is staling;
GR2 - session state is UP but PW's remote label is staling as before
Marks : ?unknown; .placeholder; ^decimal vcid; $auto_; *ellipsis
---------------------------------------------------------------------------
Neighbourhood AGI/VC-ID Service AIIs/Descriptions Labels Status
--------------------------------------------------------------------------
100.100.1.2 00000064 ethernet 100.100.1.2 1684275458 81922 UP
Ready $pw1 00000064 VPLS:1 100.100.1.1 1684275457 81923 LMNSA.
100.100.1.2 80 ethernet vpls_zte2222222222***22222 81921 UP
Ready pw55901 ^^^^^^^ VPLS:2 vpls_zte1111111111***11111 81922 LMNSA.

2-13

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

100.100.1.2 40 ethernet fei-0/1/0/4 81920 UP


Ready pw1 ^^^^^^^^ VPWS:1 fei-0/1/0/3 81920 LMNSA.
ZXR10(config)#

For a description of the parameters in the execution result, refer to the following table:

show Command Output Description

Neighbourhood Peer address

AGI/VC-ID AGI or VC-ID of the PW

Service Service type of the PW

Labels Local label

Status Session status

The following is sample output from the show pwe3 signal fec128 detail command:
ZXR10#show pwe3 signal fec128 detail
The detailed signal information of dynamic PWs or PW-segments:
Some signal information are referred to as follows:
NON - the LDP session is absent,
UP - the LDP session is OPERATIONAL,
GR1 - the LDP session is reconnecting,
GR2 - the LDP session's remote mappings are recovering,
DOWN - not UP(or NON,or GR1,or GR2).

PW entity : < 1.1.1.1 , 1 , Ethernet >


LSPs formed : NO ( LDP session absent )
C-bits : local : NO , remote : ??
negotiated : ??
MTU : local : 1500 , remote : ??
negotiated : ??
labels : local : 81920 , remote : ??
signal : Configured : YES , Received : NO
Negotiated : NO , Sent : NO
AC ready : YES
oam status : local : PSN rcv(0),snd(0); AC rcv(1),snd(1); Error(0)
remote : PSN rcv(?),snd(?); AC rcv(?),snd(?); Error(?)
redundancy : local : ?? , remote : ??
negotiated : ??
application : service-type : VPWS , instance-id: 1
MAC-withdraw : received : 0 , sent : 0
local-VCCV : CC-type : NO , CV-type : NO
remote-VCCV : CC-type : ?? , CV-type : ??
actual-VCCV : CC-type : ?? , CV-type : ??
LDP session : The LDP session's state is NON, please check it.
attachment-circuit : vlan200

2-14

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 2 MPLS L2VPN Configuration

local-description : vlan200
remote-description : ??

For a description of the parameters in the execution result, refer to the following table:

show Command Output Description

PW entity Address, VCID, and PW type of the peer end

LSPs formed Whether it is used on the data layer

C-bits Control word information

local Whether the local end supports the CWORD

remote Whether the peer end supports the CWORD

negotiated Whether the negotiation result shows that the CWORD is


supported

Labels Tag information

local Local tag value

remote Remote tag value

negotiated Signalling status

Configured Whether the PW interface is configured

Received Whether the peer mapping message is received

Negotiated Whether the signalling negotiation is successful

Sent Whether local end sends a mapping message to the peer end

AC ready Whether the binding interface is in up status (for VPWS)

application Application information

service-type Application type

instance-id VPN instance ID

LDP session LDP session state

attachment-circuit Name of the binding interface (VPWS binding interface)

local-description Description of the local interface (interface name)

remote-description Description of the remote interface

oam status Remote OAM status, PSN status, and AC status

redundancy PW redundancy forwarding status

The following is sample output from the show pwe3 signal statistics command:
ZXR10(config)#show pwe3 signal statistics
The statistics of dynamic PWs or PW-segments:
Headers : APP - application instance of PW,
C-bit - the PWs using control word,
ether - the ethernet raw PWs,

2-15

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

vlan - the ethernet tagged PWs,


others - the non-ethernet PWs,
used - signal procedures succeeded and
VC-LSPs or transit-LSPs formed
Codes : ?application instance not configured
----+-----+-----------------+----------------------+----------------
type|count|all dynamic PWs |used dynamic PWs |unused dynamic PWs
of | of +----------------+-----------------+----------------------
APPs|APPs |totalused unused|C-bit ethervlanothers|C-bit ethervlanothers
----+-----+-----+-----+-----+-----+-----+-----+----+-----+-----+-----+--
VPWS0 0 0 0 0 0 00 0 0 00
VPLS11 01 00 000 1 00
MSPW36 06 00 0 00 2 40
????01 01 00 0001 00
--------------------------------------------------------------------
SUM48 08 0 0 0 00 4 4 0

For a description of the parameters in the execution result, refer to the following table:

Parameter Description

type of APPs Application type

count of APPs Instance number

all dynamic PWs All dynamic PW information

total Total number of PW

used Number of PWs used on the data layer

unused Number of PWs unused on the data layer

the used dynamic PWs Information of dynamic PWs used on the data layer

C-bit Whether to support the CWORD function

ether PW interface type is ethernet-raw

vlan PW interface type is ethernet-tagged

others Other types of PW interfaces, except ether and VLAN

the unused dynamic PWs Information of PWs unused on the data layer

C-bit Supports CWORD

ether PW interface type is ethernet-raw

vlan PW interface type is ethernet-tagged

others Other types of PW interfaces, except ether and VLAN

2-16

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 2 MPLS L2VPN Configuration

2.2.4 VPLS Configuration Example


Configuration Description
Two PE routers form a VPLS network. see Figure 2-4. User data is accessed and PE
routers are connected through VLAN 10. The PE routers are running OSPF as the IGP
protocol, and the LDP protocol is used to identify labels.

Figure 2-4 Network Structure of L2VPN VPLS Configuration

Configuration Thought
1. Configure interface addresses so that PE1 interconnects to PE2.
2. Configure loopback interfaces as the LDP Router-IDs.
3. Configure OSPF to advertise the loopback interface addresses.
4. Configure an LDP instance. It is unnecessary to establish a target-session on the
direct-connected link.
5. Configure an L2VPN instance.

Configuration Commands
PE1 configuration,
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip address 206.206.206.206 255.255.255.0
PE1(config-if-loopback1)#exit
PE1(config)#switchvlan-configuration
PE1(config-swvlan)#interface gei-0/1/1/2
PE1(config-swvlan-if-gei-0/1/1/2)#switchport access vlan 100
PE1(config-swvlan-if-gei-0/1/1/2)#exit
PE1(config-swvlan)#exit
PE1(config)#interface vlan100
PE1(config-if-vlan100)#ip address 100.0.0.1 255.255.255.0
PE1(config-if-vlan100)#exit
PE1(config)#router ospf 1
PE1(config-ospf-1)#network 206.206.206.206 0.0.0.0 area 0
PE1(config-ospf-1)#network 100.0.0.0 0.0.0.255 area 0
PE1(config-ospf-1)#exit
PE1(config)#interface gei-0/1/1/1.1
PE1(config-if-gei-0/1/1/1.1)#exit
PE1(config)#vlan-configuration
PE1(config-vlan)#interface gei-0/1/1/1.1
PE1(config-vlan-if-gei-0/1/1/1.1)#encapsulation-dot1q range 10

2-17

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

PE1(config-vlan-if-gei-0/1/1/1.1)#exit
PE1(config-vlan)#exit
PE1(config)#
PE1(config)#mpls ldp instance 1
PE1(config-ldp-1)#interface vlan100
PE1(config-ldp-1-if-vlan100)#$
PE1(config-ldp-1)#router-id loopback1
PE1(config-ldp-1)#$
PE1(config)#mpls l2vpn enable
PE1(config)#pw pw1
PE1(config)#vpls 128
PE1(config-vpls-128)#access-point gei-0/1/1/1.1
PE1(config-vpls-128-ac-gei-0/1/1/1.1)#access-params ethernet
PE1(config-vpls-128-ac-gei-0/1/1/1.1-eth)#$
PE1(config-vpls-128-ac-gei-0/1/1/1.1)#$
PE1(config-vpls-128)#pseudo-wire pw1
PE1(config-vpls-128-pw-pw1)#neighbour 207.207.207.207 vcid 1
PE1(config-vpls-128-pw-pw1-neighbour)#$
PE1(config-vpls-128-pw-pw1)#$
PE1(config-vpls-128)#$
PE1(config)#mpls interface vlan100
PE1(config)#$

Run the following commands on PE2:

PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip address 207.207.207.207 255.255.255.255
PE2(config-if-loopback1)#exit
PE2(config)#switchvlan-configuration
PE2(config-swvlan)#interface gei-0/1/1/2
PE2(config-swvlan-if-gei-0/1/1/2)#switchport access vlan 100
PE2(config-swvlan-if-gei-0/1/1/2)#exit
PE2(config-swvlan)#exit
PE2(config)#interface vlan100
PE2(config-if-vlan100)#ip address 100.0.0.2 255.255.255.0
PE2(config-if-vlan100)#exit
PE2(config)#router ospf 1
PE2(config-ospf-1)#network 207.207.207.207 0.0.0.0 area 0
PE2(config-ospf-1)#network 100.0.0.0 0.0.0.255 area 0
PE2(config-ospf-1)#exit
PE2(config)#interface gei-0/1/1/1.1
PE2(config-if-gei-0/1/1/1.1)#exit
PE2(config)#vlan-configuration
PE2(config-vlan)#interface gei-0/1/1/1.1
PE2(config-vlan-if-gei-0/1/1/1.1)#encapsulation-dot1q 10
PE2(config-vlan-if-gei-0/1/1/1.1)#exit

2-18

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 2 MPLS L2VPN Configuration

PE2(config-vlan)#exit
PE2(config)#
PE2(config)#mpls ldp instance 1
PE2(config-ldp-1)#interface vlan100
PE2(config-ldp-1-if-vlan100)#$
PE2(config-ldp-1)#router-id loopback1
PE2(config-ldp-1)#$
PE2(config)#mpls l2vpn enable
PE2(config)#pw pw1
PE2(config)#vpls 128
PE2(config-vpls-128)#access-point gei-0/1/1/1.1
PE2(config-vpls-128-ac-gei-0/1/1/1.1)#access-params ethernet
PE2(config-vpls-128-ac-gei-0/1/1/1.1-eth)#$
PE2(config-vpls-128-ac-gei-0/1/1/1.1)#$
PE2(config-vpls-128)#pseudo-wire pw1
PE2(config-vpls-128-pw-pw1)#neighbour 206.206.206.206 vcid 1
PE2(config-vpls-128-pw-pw1-neighbour)#$
PE2(config-vpls-128-pw-pw1)#$
PE2(config-vpls-128)#$
PE2(config)#mpls interface vlan100
PE2(config)#$

Configuration Verification
After the configuration, a VPLS PW can be established successfully. The following
information shows the result of configuration check.
PE1:
PE1(config-vpls-test)#show l2vpn forwardinfo
Headers: PWType - Pseudo Wire type and Pseudo Wire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - Owner type and instance name
Codes : H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW
$pw - auto_pw

PWName PeerIP FEC PWType State Llabel Rlabel VPNowner


pw1 1.1.1.2 128 Ethernet S UP 81920 81920 L:test
pw2 1.1.1.2 128 Ethernet S UP 81921 81921 L:test

PE1(config)#show l2vpn summary


The summary information about configured L2VPN:
vpn type configure/maximum
VPLS 1/4095
VPWS 0/4095
MSPW 0/8192
VLSS 0/8000

2-19

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

PE2:
PE2(config)#show l2vpn forwardinfo
Headers: PWType - Pseudo Wire type and Pseudo Wire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - Owner type and instance name
Codes : H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW
$pw - auto_pw

PWName PeerIP FEC PWType State Llabel Rlabel VPNowner


pw1 1.1.1.1 128 Ethernet H UP 81920 81920 L:test
pw2 1.1.1.1 128 Ethernet H UP 81921 81921 L:zte

PE2(config)#show l2vpn summary


The summary information about configured L2VPN:
vpn type configure/maximum
VPLS 2/4095
VPWS 0/4095
MSPW 0/8192
VLSS 0/8000

2.3 VPWS Basic Function Configuration


2.3.1 VPWS Overview
VPWS uses point-to-point connection mode to implement communication among each site
within VPN. This mode is usually used for ATM or FR clients. With this mode, connection
between clients and network providers maintain constant, but services encapsulated are
transmitted over IP backbone network of the network provider.
LSP tunnel through MPLS net should be defined between two PE, and it should provide
tunnel label transparently transmitting data between two PE. At the same time, direct
process of LDP label distribution protocol is also defined between two PE routers to
transmit virtual link information. Among them, distributing VC Label through matching
VCID is critical.
When data packet enters PE at the port of Layer 2 transparent transmission, PE finds the
corresponding Tunnel Label and VC Label through matching VCID. PE will put two layers
labels on the data packet. External layer is Tunnel Label indicating the route from this PE
to destination PE. Internal layer is VC Label indicating which corresponding switch port of
VCID belongs to on destination PE.
PE should monitor Layer 2 protocol state at each port, such as FR Local Management
Interface (LMI) and ATM Interim Local Management Interface (ILMI). When a fault occurs,
users can cancel VC Label through LDP label distribution protocol process so that Layer
2 transparent transmission is shut off avoiding producing unidirectional unwanted data
stream.

2-20

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 2 MPLS L2VPN Configuration

Such Layer 2 transparent transmission based on MPLS changes traditional confinement


that Layer 2 link should be implemented through network switch. It essentially forms a
pattern of One Net Multi-Service pattern and makes the operator provide Layer 2 and Layer
3 Services simultaneously in a MPLS net.

2.3.2 Configuring a VPWS


To configure an PWS on the ZXR10 5900E, perform the following steps:

Step Command Function

1 ZXR10(config)#vpws <instance-name> Creates a VPWS instance.

2 ZXR10(config-vpws-zte)#access-point <interface-name> Configures the binding


relationship between the
AC interface and the VPWS
instance.

ZXR10(config-vpws-zte)#description<description> Configures the description


information for the VPWS
instance.

ZXR10(config-vpws-zte)#mtu <mtu> Configures the maximum


transfer unit for the VPWS
instance.

3 ZXR10(config-vpws-zte-ac-vlan2)#access-params Sets the AC interface type to


ethernet ethernet.

4 ZXR10(config-vpws-zte)#pseudo-wire <pw-name> Configures the binding


relationship between the
PW interface and the VPWS
instance.

5 ZXR10(config)#pw pw1 Configures the PW.


ZXR10(config)#vpws zte
ZXR10(config-vpws-zte)#pseudo-wire pw1
ZXR10(config-vpws-zte-pw-pw1)#neighbour
<ipv4-address>[ vcid <1-4294967295>]

ZXR10(config-vpws-zte-pw-pw1)#redundancy-manager Configures the protected


capability for the PW.

ZXR10(config-vpws-zte-pw-pw1-rm)#protect-type Configures the redundancy


{1+1|1:1}{bidirectional|unidirectional}[receiving protection mode for the PW.
{selective|both}] protect-strategy {aps|mc-aps
{master|backup}}

ZXR10(config-vpws-zte-pw-pw1-rm)#exit Configures the standby PW and


ZXR10(config-vpws-zte-pw-pw1)#exit protection relationship.
ZXR10(config-vpws-zte)#backup-pw <pw-name> protect
<pw-name>

2-21

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Step Command Function

ZXR10(config-vpws-zte-protect-pw2)#neighbour Configures the standby PW.


<ipv4-address>[ vcid <1-4294967295>]

6 ZXR10(config-vpws-zte-pw-pw1-neighbour-1.1.1.2)#c Enables the use of the control


ontrol-word preferred word for the PW.

ZXR10(config-vpws-zte-pw-pw1-neighbour-1.1.1.2)#v Enables the VCCV function for


ccv bfd capability {basic|status} encapsulation {raw|ip} the PW.

ZXR10(config)#tunnel-policy <policy-name> Configures the application


ZXR10(config-vpws-zte-pw-pw1-neighbour-1.1.1.2)#t tunnel policy for the PW.
unnel-policy <policy-name>

ZXR10(config-vpws-zte-pw-pw1-neighbour-1.1.1.2)#t Configures a track instance.


rack <track-name>

ZXR10(config-vpws-zte-pw-pw1-neighbour-1.1.1.2)#s Sets the establishment mode of


ignal {dynamic|static local-label <16-1048575> the PW to signal triggering.
remote-label <16-1048575>}

For a description of the parameter in Step 1, refer to the following table:

Parameter Description

<instance-name> VPWS instance name

For a description of the parameters in Step 2, refer to the following table:

Parameter Description

<interface-name> Name of the interface binding to the VPWS instance

<60-9216> Available number of MTUs configured for the VPWS instance

<description> Description information about the VPN instance

For a description of the parameters in Step 3, refer to the following table:

Parameter Description

<ethernet> Sets an AC interface type to ethernet

For a description of the parameters in Step 4, refer to the following table:

Parameter Description

<pw-name> Name of the PW interface

For a description of the parameters in Step 5, refer to the following table:

Parameter Description

<ipv4-address> Remote LSR ID

2-22

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 2 MPLS L2VPN Configuration

Parameter Description

[<1-4294967295>] VCID value

1+1 1+1 linear protection

1:1 1:1 linear protection

bidirectional Bidirectional protection

unidirectional Unidirectional protection

selective Receiving packages selectively

both Receiving all packages

aps Enables the APS state machine

master Enables the MC-APS state machine, and sets it as the


master device

backup Enables the MC-APS state machine, and sets it as the


backup device

<pw-name> Name of the PW interface.

For a description of the parameters in Step 6, refer to the following table:

Parameter Description

preferred The local PW uses the control word

bfd VCCV BFD function

basic BFD session has only the detection capability

status BFD has both the detection capability and the status
advertisement capability

raw BFD PDU uses the Raw encapsulation with no IP or UDP


header

ip BFD PDU uses the encapsulation with both the IP and UDP
header (control-word encapsulation)

<policy-name> Name of the TE tunnel

<track-name> Name of a Track example

dynamic PW interface type is dynamic

static PW interface type is static

<16-1048575> Range of the PW label

2.3.3 Maintaining VPWS Instances


To maintain VPWS instances on the ZXR10 5900E, run the following command:

2-23

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Command Function

ZXR10#show l2vpn brief Displays the list of LSVPN


instances and the number of
AC and PW interfaces bound to
L2VPN instances.

ZXR10#show l2vpn summary Displays the number of L2VPN


instances.

ZXR10#show l2vpn forwardinfo {[vpnname <instance-name>]|[p Displays the valid PW list in


eer <ipv4-address>]}[detail] accordance with the instance
name.

ZXR10#show pwe3 signal Displays the brief information


about the PW.

ZXR10#show pwe3 signal fec128 {detail [local-label <16-1048575>| Displays the PW information in
peer <peerip>] detail.

ZXR10#show pwe3 signal statistics Displays the static information of


PW signalling states.

The following is sample output from the show l2vpn brief command:
ZXR10(config)#show l2vpn brief
VPLS count:1 VPWS count:1 MSPW count:0
name type Default-VCID PW AC description
test VPLS 0 1 0
zte VPWS - 0 0

For a description of the parameters in the execution result, refer to the following table:

show Command Output Description

VPLS count Number of VPLS instances

VPWS count Number of VPWS instances

MSPW count Number of MSPW instances

name Instance name

type Instance type

PW Number of PWs configured for an instance

AC Number of ACs configured for an instance

description Description information about an instance

The following is sample output from the show l2vpn summary command:
ZXR10(config)#show l2vpn summary
The summary information about configured L2VPN:
vpn type configure/maximum

2-24

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 2 MPLS L2VPN Configuration

VPLS 1/4095
VPWS 1/4095
MSPW 0/8192

For a description of the parameters in the execution result, refer to the following table:

show Command Output Description

vpn type VPN type

configure/maximum Number of configured instances/maximum number of instances

The following is sample output from the show l2vpn forwordinfo command:
ZXR10(config-vpws-sdu-pw)#show l2vpn forwardinfo
Headers: PWType - Pseudowire type and Pseudowire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - owner type and instance name
Codes: H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW

PeerIP VCID PWType State Llabel Rlabel VPNowner


1.2.3.4 10 Ethernet UP 81920 81920 W: zte

For a description of the parameters in the execution result, refer to the following table:

show Command Output Description

PeerIP Router ID of the PW pee

VCID PW vcid

PWType PW type

State PW state

Llabel Local label

Rlabel Remote label

VPNowner VPN instance where the PW belongs to

The following is sample output from the show pwe3 signal command:
ZXR10#show pwe3 signal
The signal information of FEC 128/129 PWs in brief:

Headers: Neighbourhood - neighbour's IP address, LDP state and related PW name;


Service - PW encapsulation mode and service instance's type and index;
AIIs - target AII and source AII (FEC129 only);
Descriptions - remote description and local description (FEC128 only);
Labels - local label (in label) and remote label (out label)
Codes : L - Local configured; M - Mapping received; N - Negotiated;
S - mapping Sent; A - AC ready (VPWS) or service Attached (VPLS/MSPW);
C - Control word used;

2-25

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

Up - PW signal procedures succeeded and both VC-LSPs formed;


Down - PW not UP;
Vague - session state is not UP;
Ready - session state is UP;
GR1 - session state is not UP and PW's remote label is staling;
GR2 - session state is UP but PW's remote label is staling as before
Marks : ?unknown;.placeholder;^decimal vcid;$auto_;*ellipsis;NULL-empty string

---------------------------------------------------------------------------
Neighbourhood AGI/VC-ID Service AIIs/Descriptions Labels Status
--------------- ---------- ---------- ------------------------------ ------
1.1.1.2 100 Ethernet vlan2 81920 UP
Ready pw1 ^^^^^^^^^^ VPWS:1 vlan2 81920 LMNSA.

For a description of the parameters in the execution result, refer to the following table:

show Command Output Description

remote-pe-id Peer address

vcid PW vcid

pw-type PW type

local Local tag

remote Remote tag

use Whether the tag is allocated

CRNSA PW state information

type Application type

owner VPNid of the PW interface

sesn Session state

The following is sample output from the show pwe3 signal fec128 detail command:
ZXR10#show pwe3 signal fec128 detail
The detailed signal information of dynamic PWs or PW-segments:
Some signal information are referred to as follows:
NON - the LDP session is absent,
UP - the LDP session is OPERATIONAL,
GR1 - the LDP session is reconnecting,
GR2 - the LDP session's remote mappings are recovering,
DOWN - not UP(or NON,or GR1,or GR2).
PW entity : < 1.1.1.1 , 1 , Ethernet >
LSPs formed : NO ( LDP session absent )
C-bits : local : NO , remote : ??
negotiated : ??
MTU : local : 1500 , remote : ??

2-26

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 2 MPLS L2VPN Configuration

negotiated : ??
labels : local : 81920 , remote : ??
signal : Configured : YES , Received : NO
Negotiated : NO , Sent : NO
AC ready : YES
oam status : local : PSN rcv(0),snd(0); AC rcv(1),snd(1); Error(0)
remote : PSN rcv(?),snd(?); AC rcv(?),snd(?); Error(?)
redundancy : local : ?? , remote : ??
negotiated : ??
application : service-type : VPWS , instance-id: 1
MAC-withdraw : received : 0 , sent : 0
local-VCCV : CC-type : NO , CV-type : NO
remote-VCCV : CC-type : ?? , CV-type : ??
actual-VCCV : CC-type : ?? , CV-type : ??
LDP session : The LDP session's state is NON, please check it.
attachment-circuit : vlan200
local-description : vlan200
remote-description : ??

For a description of the parameters in the execution result, refer to the following table:

show Command Output Description

PW entity Address, VCID, and PW type of the peer end

LSPs formed Whether it is used on the data layer

C-bits Control word information

MTU MTU value of AC interfaces

local Whether the local end supports the CWORD

remote Whether the peer end supports the CWORD

negotiated Whether the negotiation result shows that the CWORD is


supported

Labels Tag information

local Local tag value

remote Remote tag value

signal Signalling information

Configured Whether the PW interface is configured

Received Whether the peer mapping message is received

Negotiated Whether the signalling negotiation is successful

Sent Whether local end sends a mapping message to the peer end

AC ready Whether the binding interface is in up status (for VPWS)

application Application information

2-27

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

show Command Output Description

service-type Application type

instance-id VPN instance ID

LDP session LDP session state

attachment-circuit Name of the binding interface (VPWS binding interface)

local-description Description of the local interface (interface name)

remote-description Description of the remote interface

oam status Remote OAM status, PSN status, and AC status

redundancy PW redundancy forwarding status

2.3.4 VPWS Configuration Example


Configuration Description
Figure 2-5 shows the network topology of an L2VPN VPWS ethernet PW configuration
example .

Figure 2-5 Network Structure of an L2VPN VPWS Ethernet PW Configuration

Configuration Thought
1. Configure an interface address for the switch so that PE1 can interconnect to PE2.
2. Configure a loopback interface and use it as the Router-ID of the LDP.
3. Configure the static route protocol and advertise the loopback interface mutually.
4. Configure an LDP instance. It is unnecessary to establish a target-session for the
direct-connected link.
5. Configure an L2VPN instance.

Configuration Commands
Run the following commands on PE1:
ZXR10(config)#interface gei-0/1/1/1
ZXR10(config-if-gei-0/1/1/1)#no shutdown
ZXR10(config-if-gei-0/1/1/1)#exit
ZXR10(config)#interface vlan1
ZXR10(config-if-vlan1)#ip address 10.1.1.1 255.255.255.0
ZXR10(config-if-vlan1)#no shutdown
ZXR10(config-if-vlan1)#exit

2-28

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Chapter 2 MPLS L2VPN Configuration

ZXR10(config)#interface loopback1
ZXR10(config-if-loopback1)#ip address 1.1.1.1 255.255.255.255
ZXR10(config-if-loopback1)#exit
ZXR10(config)#ip route 1.1.1.2 255.255.255.255 10.1.1.2
ZXR10(config)#mpls ldp instance 1
ZXR10(config-ldp-1)#router-id loopback1
ZXR10(config-ldp-1)#interface vlan1
ZXR10(config-ldp-1-if-vlan1)#exit
ZXR10(config-ldp-1)#exit
ZXR10(config)#pw pw1
ZXR10(config)#interface vlan2
ZXR10(config-if-vlan2)#exit
ZXR10(config)#mpls l2vpn enable
ZXR10(config)#vpws test
ZXR10(config-vpws-test)#mtu 100
ZXR10(config-vpws-test)#access-point vlan2
ZXR10(config-vpws-test-ac-vlan2)#access-params ethernet
ZXR10(config-vpws-test-ac-vlan2-eth)#exit
ZXR10(config-vpws-test-ac-vlan2)#exit
ZXR10(config-vpws-test)#pseudo-wire pw1
ZXR10(config-vpws-test-pw-pw1)#neighbour 1.1.1.2 vcid 100
ZXR10(config-vpws-test-pw-pw1-neighbour-1.1.1.2)#exit
ZXR10(config-vpws-test-pw-pw1)#exit
ZXR10(config-vpws-test)#exit
ZXR10(config)#

Run the following commands on PE2:

ZXR10(config)#interface gei-0/1/1/1
ZXR10(config-if-gei-0/1/1/1)#no shutdown
ZXR10(config-if-gei-0/1/1/1)#exit
ZXR10(config)#interface vlan1
ZXR10(config-if-vlan1)#ip address 10.1.1.2 255.255.255.0
ZXR10(config-if-vlan1)#no shutdown
ZXR10(config-if-vlan1)#exit
ZXR10(config)#interface loopback1
ZXR10(config-if-loopback1)#ip address 1.1.1.2 255.255.255.255
ZXR10(config-if-loopback1)#exit
ZXR10(config)#ip route 1.1.1.1 255.255.255.255 10.1.1.1
ZXR10(config)#mpls ldp instance 1
ZXR10(config-ldp-1)#router-id loopback1
ZXR10(config-ldp-1)#interface vlan1
ZXR10(config-ldp-1-if-vlan1)#exit
ZXR10(config-ldp-1)#exit
ZXR10(config)#pw pw1
ZXR10(config)#interface vlan2

2-29

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

ZXR10(config-if-vlan2)#exit
ZXR10(config)#mpls l2vpn enable
ZXR10(config)#vpws test
ZXR10(config-vpws-test)#mtu 100
ZXR10(config-vpws-test)#access-point vlan2
ZXR10(config-vpws-test-ac-vlan2)#access-params ethernet
ZXR10(config-vpws-test-ac-vlan2-eth)#exit
ZXR10(config-vpws-test-ac-vlan2)#exit
ZXR10(config)#pseudo-wire pw1
ZXR10(config-vpws-test-pw-pw1)#neighbour 1.1.1.1 vcid 100
ZXR10(config-vpws-test-pw-pw1-neighbour-1.1.1.1)#exit
ZXR10(config-vpws-test-pw-pw1)#exit
ZXR10(config-vpws-test)#exit
ZXR10(config)#

Configuration Verification
Run the show l2vpn forwardinfo command to verify that the VPWS PW is configured
successfully on the switch. The execution result is displayed as follows:
ZXR10(config)#show l2vpn forwardinfo
Headers: PWType - Pseudo Wire type and Pseudo Wire connection mode
Llabel - Local label, Rlabel - Remote label
VPNowner - Owner type and instance name
Codes : H - HUB mode, S - SPOKE mode, L - VPLS, W - VPWS, M - MSPW
$pw - auto_pw

PWName PeerIP FEC PWType State Llabel Rlabel VPNowner


pw1 1.1.1.2 128 Ethernet UP 81920 81920 W:test

ZXR10(config)#show l2vpn summary


The summary information about configured L2VPN:
vpn type configure/maximum
VPLS 0/4095
VPWS 1/4095
MSPW 0/8192

2-30

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Figures
Figure 1-1 Running Static Route Protocol between CE and PE................................. 1-7
Figure 1-2 Running RIP between CE and PE............................................................ 1-9
Figure 1-3 Enabling the OSPF Protocol on CE and PE Devices.............................. 1-10
Figure 1-4 Running EBGP between CE and PE...................................................... 1-12
Figure 1-5 MPBGP Protocol Configuration.............................................................. 1-13
Figure 1-6 RR Configuration Example Topology...................................................... 1-15
Figure 1-7 MPLS L3VPN Basic Configuration Example Topology............................ 1-18
Figure 1-8 MPLS VPN OSPF SHAM-LINK Configuration Example Topology ........... 1-23
Figure 1-9 MPLS VPN Cross-Domain Configuration Example................................. 1-28
Figure 1-10 MPLS VPN Route Aggregation Configuration Example
Topology ............................................................................................... 1-37
Figure 1-11 VPN Route Alarm Configuration Example Topology ............................. 1-43
Figure 2-1 VPWS Working Principle.......................................................................... 2-2
Figure 2-2 VPLS Working Principle ........................................................................... 2-3
Figure 2-3 VPLS Working Principle ........................................................................... 2-8
Figure 2-4 Network Structure of L2VPN VPLS Configuration .................................. 2-17
Figure 2-5 Network Structure of an L2VPN VPWS Ethernet PW
Configuration ........................................................................................ 2-28

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Figures

This page intentionally left blank.

II

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Tables
Table 1-1 MPLS VPN Basic Configuration Address Table ...................................... 1-18
Table 1-2 MPLS VPN OSPF SHAM-LINK Address Table ........................................ 1-23

III

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Tables

This page intentionally left blank.

IV

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Glossary
AC
- Access Circuit
AS
- Autonomous System
ATM
- Asynchronous Transfer Mode
BGP
- Border Gateway Protocol
BSC
- Base Station Controller
BTS
- Base Transceiver Station
FEC
- Forward Error Correction
FR
- Frame Relay

IANA
- Internet Assigned Number Authority

IETF
- Internet Engineering Task Force
ILMI
- Interim Local Management Interface
IP
- Internet Protocol
IS-IS
- Intermediate System-to-Intermediate System
ISP
- Internet Service Provider
LAN
- Local Area Network

LMI
- Local Management Interface
LSP
- Label Switched Path

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


ZXR10 5900E Series Configuration Guide (VPN)

LSP
- Link State Packet
MAN
- Metropolitan Area Network
MC-ELAM
- Multi-Chassis Ethernet Link Aggregation Manager
MPLS
- Multiprotocol Label Switching
NAT
- Network Address Translation
OSPF
- Open Shortest Path First
PE
- Provider Edge
PW
- Pseudo Wire

PWE3
- Pseudo Wire Emulation Edge-to-Edge
RD
- Route Distinguisher
RFC
- Request For Comments
RIP
- Routing Information Protocol
SP
- Service Provider
TDM
- Time Division Multiplexing

VC
- Virtual Connection
VC
- Virtual Circuit
VCC
- Virtual Channel Connection
VFI
- Virtual Forwarding Instance

VPLS
- Virtual Private LAN Service

VI

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential


Glossary

VPN
- Virtual Private Network
VPWS
- Virtual Private Wire Service
VRF
- Virtual Route Forwarding
WAN
- Wide Area Network

VII

SJ-20150114102049-016|2015-03-10 (R1.0) ZTE Proprietary and Confidential