Professional Documents
Culture Documents
V100R006C00
Issue 01
Date 2011-07-15
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Website: http://www.huawei.com
Email: support@huawei.com
Intended Audience
This document provides the basic concepts, configuration procedures, and configuration
examples in different application scenarios of the VPN feature supported by the S7700 device.
This document describes how to configure the VPN feature.
NOTE
S7700 is controlled by the license. By default, the MPLS function is disabled on the S7700. To use the
MPLS function of the S7700,buy the license from the Huawei local office.
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention Description
&<1-n> The parameter before the & sign can be repeated 1 to n times.
Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.
Contents
2 GRE Configuration.....................................................................................................................57
2.1 Introduction to GRE.........................................................................................................................................59
2.2 GRE Features Supported by the S7700............................................................................................................59
2.3 Configuring GRE..............................................................................................................................................61
2.3.1 Establishing the Configuration Task.......................................................................................................61
2.3.2 Configuring a Tunnel Interface...............................................................................................................61
2.3.3 Configuring Routes for the Tunnel..........................................................................................................63
2.3.4 Checking the Configuration.....................................................................................................................64
2.4 Configuring a GRE Tunnel Between CE and PE.............................................................................................65
2.4.1 Establishing the Configuration Task.......................................................................................................65
2.4.2 Configuring the GRE Tunnel Interface on CE........................................................................................66
2.4.3 Configuring the GRE Tunnel Interface on PE.........................................................................................67
2.4.4 Binding the GRE Tunnel with the VPN to Which CE belongs on PE....................................................68
2.4.5 Checking the Configuration.....................................................................................................................69
2.5 Configuring the Keepalive Function................................................................................................................70
2.5.1 Establishing the Configuration Task.......................................................................................................70
2.5.2 Enabling the Keepalive Function............................................................................................................71
2.5.3 Checking the Configuration.....................................................................................................................72
2.6 Maintaining GRE..............................................................................................................................................73
2.6.1 Resetting the Statistics of a Tunnel Interface..........................................................................................73
2.6.2 Monitoring the Running Status of GRE..................................................................................................73
2.6.3 Debugging GRE......................................................................................................................................74
2.7 Configuration Examples...................................................................................................................................74
2.7.1 Example for Configuring Static Routes on the GRE Tunnel..................................................................74
2.7.2 Example for Configuring the Dynamic Routing Protocol on the GRE Tunnel.......................................79
2.7.3 Example for Configuring the CE to Access a VPN Through a GRE Tunnel of the Public Network
..........................................................................................................................................................................84
2.7.4 Example for Configuring the Keepalive Function for GRE....................................................................92
5 VLL Configuration....................................................................................................................446
5.1 Introduction to VLL........................................................................................................................................448
5.2 VLL Features Supported by the S7700..........................................................................................................449
5.3 Configuring CCC VLL...................................................................................................................................454
5.3.1 Establishing the Configuration Task.....................................................................................................454
5.3.2 Enabling the MPLS L2VPN..................................................................................................................455
6 PWE3 Configuration.................................................................................................................539
6.1 Introduction to PWE3.....................................................................................................................................541
6.2 PWE3 Features Supported by the S7700........................................................................................................542
6.3 Configuring the Attributes of a PW Template................................................................................................551
6.3.1 Establishing the Configuration Task.....................................................................................................551
6.3.2 Creating a PW Template........................................................................................................................552
6.3.3 Setting the Attributes for a PW Template.............................................................................................553
6.3.4 Checking the Configuration...................................................................................................................554
6.4 Configuring a Static PW.................................................................................................................................554
6.4.1 Establishing the Configuration Task.....................................................................................................555
6.4.2 Enabling MPLS L2VPN........................................................................................................................555
6.4.3 Creating a Static PW..............................................................................................................................556
6.4.4 Checking the Configuration...................................................................................................................556
6.5 Configuring a Dynamic PW...........................................................................................................................557
6.5.1 Establishing the Configuration Task.....................................................................................................557
6.5.2 Enabling MPLS L2VPN........................................................................................................................558
6.5.3 Creating a Dynamic PW........................................................................................................................558
6.5.4 Checking the Configuration...................................................................................................................559
6.6 Configuring PW Switching............................................................................................................................560
6.6.1 Establishing the Configuration Task.....................................................................................................560
6.6.2 Configuring PW Switching...................................................................................................................561
6.6.3 Checking the Configuration...................................................................................................................563
6.7 Configuring a Backup PW..............................................................................................................................564
6.7.1 Establishing the Configuration Task.....................................................................................................564
6.7.2 Configuring a Backup PW.....................................................................................................................565
6.7.3 Checking the Configuration...................................................................................................................566
6.8 Configuring Static BFD for PW.....................................................................................................................568
6.8.1 Establishing the Configuration Task.....................................................................................................568
6.8.2 Enabling BFD Globally.........................................................................................................................569
6.8.3 Enabling the Sending of BFD for PW Packets to the Protocol Stack...................................................569
6.8.4 Configuring BFD for PW......................................................................................................................569
7 VPLS Configuration..................................................................................................................667
7.1 Introduction to VPLS......................................................................................................................................669
7.2 VPLS Features Supported by the S7700........................................................................................................670
7.3 Configuring Kompella VPLS.........................................................................................................................681
7.3.1 Establishing the Configuration Task.....................................................................................................681
7.3.2 Enabling the BGP Peer to Exchange VPLS Information......................................................................682
7.3.3 Creating a VSI and Configuring BGP Signaling...................................................................................683
7.3.4 (Optional) Configuring Huawei Devices to Communicate with Non-Huawei Devices........................685
7.3.5 Binding the VSI to an AC Interface......................................................................................................686
VPN tunnel management involves the creation, management, and maintenance of VPN tunnels.
This section provides examples for applying a tunnel policy to the L3VPN or L2VPN.
In Virtual Private Networks (VPNs), based on the tunnel technology, dedicated transmission
channels, namely, tunnels, can be set up in backbone networks. Packets can then be transparently
transmitted through the tunnels.
l LSP
When LSPs are adopted as tunnels on the public network of Multi-Protocol Label Switching
(MPLS) VPN, IP packet headers are analyzed only on Provider Edges (PEs), rather than
on each device along which VPN packets are transmitted. In this manner, the time to process
VPN packets shortens and the delay of packet transmission decreases. In addition, MPLS
labels are supported by all link layer protocols. A Label Switched Path (LSP) is similar to
an Asynchronous Transfer Mode (ATM) Virtual Circuit (VC)or a Frame Relay (FR) VC
in function and security.
l MPLS TE
Generally, carriers are required to provide VPN users with Quality of Service (QoS)
guarantee for various end-to-end services, such as the voice service, video service, key data
service, and Internet access service. To meet users' requirements, carriers offer the MPLS
Traffic Engineering (MPLS TE) tunnels, which can optimize network resources and offer
users with QoS guaranteed services.
l GRE
In an MPLS Layer 3 VPN (MPLS L3VPN), a CE and a PEmust have a direct connection.
If they are not directly connected, a GRE tunnel is generally set up between the CE and the
PE to ensure the CE can access MPLS VPN.
This chapter describes the configurations of tunnel interfaces and general tunnel management.
l Tunnel management: informs the current application about the tunnel status and checks the
tunnel and tunnel policy based on the destination IP address reported by the application.
l Tunnel policy: selects a tunnel based on the destination IP address.
An application selects tunnels according to the tunnel policy. If no tunnel policy is configured,
the default tunnel policy is selected. By default, no load balancing can be performed among
tunnels, and only one LSP tunnel can be selected.
An application (such as VPN) selects tunnels according to the tunnel policy. If no tunnel policy
is configured, the tunnel management module selects the tunnel according to the default tunnel
policy.
Select-sequence Mode
With the tunnel policy of the select-sequence mode, you can specify the sequence to select the
tunnel types, and the number of tunnels participating in load balancing.
In the tunnel policy, tunnels are selected in sequence. If a tunnel listed earlier is Up and not
bound, it is selected irrespective of whether another service has selected it. The subsequent tunnel
is not selected in most cases, except that load balancing is carried out, or the preceding tunnels
are in the Down state.
For example, in a tunnel policy, both LSPs and CR-LSPs to the same destination can be selected,
and LSPs are prior to CR-LSPs. If LSPs do not exist, a VPN chooses CR-LSPs. After an LSP
is set up, the VPN selects the LSP and does not use CR-LSPs anymore.
If there are multiple eligible tunnels of the same type, one or more tunnels are chosen randomly
in the tunnel policy.
In select-sequence mode, if both CR-LSPs and LSPs can be selected, CR-LSPs are prior to LSPs,
and the number of tunnels in load balancing is 3, the policies to select tunnels are shown as
below:
l The CR-LSP in the Up state is preferred. If the number of CR-LSPs that are Up is smaller
than 3 (CR-LSPs are not sufficient or CR-LSPs are sufficient whereas their status is Down),
LSPs in the Up state are also selected.
l Suppose three tunnels have been selected, one of which is a LSP. If a CR-LSP tunnel is
added or a CR-LSP in the Down state goes Up, the CR-LSP is selected and the LSP quits
the load balancing.
l If the number of tunnels in load balancing at the moment is smaller than the configured
number, the newly added CR-LSP or LSP in the Up state participates in load balancing.
l The number of tunnels in load balancing is decided by the number of the eligible tunnels.
For example, if only one CR-LSP and one LSP in the Up state, load balancing is performed
between them. The tunnels of other types are not selected even if they are Up.
l The load balancing for tunnels differs from the load balancing for routes. For example,
when three CR-LSPs are used for load balancing, they may be on the same path. While
three routes are used for load balancing, different three paths are used actually.
NOTE
In IPv4 VPN networking, you can configure a maximum of six tunnels for load balancing. And in IPv6
VPN networking,the S7700 does not support load balancing by tunnels, that is, the number of tunnels for
load balancing is 1.
VPNA VPNA
Site4
Site2
CE2 CE4
VPNB VPNB
The QoS of both VPN A and VPN B is guaranteed if you configure the VPN primary tunnel
binding, that is, binding VPN A with Tunnel 1 and binding VPN B with Tunnel 2. After the
configuration, both VPN A and VPN B use separate TE tunnels. In this manner, services of VPN
A and VPN B are not affected by each other or other services.
The VPN primary tunnel binding has the following features:
l The VPN data to a specific peer PE is always transmitted through the bound TE tunnel.
l The bound TE tunnel cannot be used in select-sequence mode or in load balancing.
l VPN primary tunnel binding can only use the bound primary tunnel for the specific peer
PE. Other peer PEs, however, adopt the default tunnel policy.
You can arrange network resources by creating MPLS TE tunnels of different QoS features.
Then you can manually configure each TE tunnel to carry the corresponding VPN service.
Therefore, network resources can be optimally used.
Applicable Environments
Tunnels such as GRE and MPLS TE tunnels use a kind of virtual logical interface, that is, tunnel
interface, to forward packets. You must create the tunnel interfaces before using these tunnels.
The source address and destination address of a GRE tunnel uniquely identify the GRE tunnel.
The destination address of a GRE tunnel is the IP address of the real interface that receives
packets. In a GRE tunnel, the source address of the local end is the destination address of the
remote end; the destination address of the local end is the source address of the remote end.
For different purposes, a tunnel interface can be encapsulated differently.
Pre-configuration Tasks
Before configuring a tunnel interface, complete the following tasks:
l Connecting the interfaces, and configuring physical parameters for the interfaces to ensure
that the physical status of the interfaces is Up
l Configuring parameters of the link layer protocol and IP addresses for the interfaces to
ensure that the status of the link layer protocol on the interfaces is Up
l If configure TE tunnel, enable MPLS and MPLS TE globally firstly
Data Preparation
To configure a tunnel interface, you need the following data.
No. Data
Context
Do as follows on switchs at two ends of a tunnel.
Procedure
Step 1 Run:
system-view
When creating the tunnel interfaces, you are recommended to set the slot numbers of the tunnel interfaces
the same as the slot number of the interface sending the packets, that is, the interface at the source end. In
this manner, the packet forwarding efficiency can be improved.
----End
Context
Do as follows on switchs with tunnel interfaces.
Procedure
Step 1 Run:
system-view
For details, refer to the chapter "IP Addresses Configuration" in the Quidway S7700 Smart Routing Switch
Configuration Guide - IP Services.
----End
Prerequisite
The configurations of the tunnel interface function are complete.
Procedure
l Run the display interface tunnel interface-number command to check information about
a tunnel interface.
l Run the display tunnel-info all command to check information about all tunnels.
l Run the display tunnel-info tunnel-id tunnel-id command to check detailed information
about a specific tunnel.
----End
Example
Run the display interface tunnel command to see that "Line protocol current state" of the tunnel
interface is "UP". For example:
[Quidway] display interface tunnel 1/0/0
Tunnel1/0/0 current state : UP
Line protocol current state : UP
Run the display tunnel-info command to check the information about the tunnel, such as the
tunnel ID. For example:
[Quidway] display tunnel-info all
* -> Allocated VC Token
Tunnel ID Type Destination Token
----------------------------------------------------------------------
0x10000 lsp 7.7.7.7 0
0x10001 lsp 6.6.6.6 1
0x10002 lsp 6.6.6.6 2
0x10003 gre 10.1.1.1 3
Run the display tunnel-info tunnel-id tunnel-id command to further check the information
about the tunnel. For example:
[Quidway] display tunnel-info tunnel-id 10003
Tunnel ID: 0x10003
Tunnel Token: 3
Type: gre
Destination: 10.1.1.1
Out Slot: 0
Instance ID: 0
Interface: Tunnel1/0/0
Applicable Environment
By default, the system selects LSPs for a VPN and no load balancing is performed. If load
balancing or other types of tunnels are required, you need to configure a tunnel policy and apply
the tunnel policy.
In L3VPN, a tunnel policy is applied for VPN instances. In L2VPN, a tunnel policy is applied
for VCs.
The policy includes tunnel selection and the number of tunnels for load balancing.
Pre-configuration Tasks
Before configuring a tunnel policy, complete the following tasks:
l Connecting the interfaces, and configuring physical parameters for the interfaces to ensure
that the physical status of the interfaces is Up
l Configuring parameters of the link layer protocol and IP addresses for the interfaces to
ensure that the status of the link layer protocol on the interfaces is Up
l Creating the tunnel (LSP or MPLS TE) for the VPN instance
l Configuring the VPN instance on the PE (refer to the chapter "Configuring a VPN
Instance" in this manual)
Data Preparation
To configure the tunnel policy, you need the following data.
No. Data
Context
Do as follows on a PE configured with a VPN instance.
Procedure
Step 1 Run:
system-view
Step 2 Run:
tunnel-policy policy-name
The priority of the tunnels and the number of tunnels for load balancing are configured.
If no tunnel policy is configured for the L3VPN, an LSP is used as the VPN tunnel, and the
number of tunnels for load balancing is 1.
----End
Context
For L3VPN, the tunnel policy is applied to the VPN instance. Do as follows on a PE configured
with a VPN instance.
Procedure
Step 1 Run:
system-view
----End
Prerequisite
The configurations of the tunnel policies (Select-sequence Mode) applied to L3VPN function
are complete.
Procedure
l Run the display tunnel-policy tunnel-policy-name command to check configuration of the
tunnel policy.
l Run the display ip vpn-instance verbose [ vpn-instance-name ] command to check tunnel
policy of the VPN instance.
l Run the display ip routing-table vpn-instance vpn-instance-name [ ip-address ]
verbose command to check the tunnel that transmits the routes of the VPN instance.
l Run the display tunnel-info tunnel-id tunnel-id command to check information about a
specified tunnel.
----End
Example
Run the display tunnel-policy command. If the configuration of the tunnel policy is displayed,
it means the configuration succeeds. For example:
[Quidway] display tunnel-policy policy1
Tunnel Policy Name Select-Seq Load balance No
---------------------------------------------------------------------
policy1 LSP 1
Run the display tunnel-policy command. If the tunnel policy of the VPN instance is displayed,
it means the configuration succeeds. In the following example, you can view the tunnel policy
of the VPN named vpna is policy1.
[Quidway] display ip vpn-instance verbose
Total VPN-Instances configured : 1
Run the display ip routing-table vpn-instance vpn-instance-name verbose command, and you
can view the information about the tunnel that transmits the VPN routes. For example:
[Quidway] display ip routing-table vpn-instance vpna 11.11.12.0 verbose
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : vpna
Summary Count : 1
Destination: 11.11.12.0/24
Protocol: BGP Process ID: 0
Preference: 255 Cost: 0
NextHop: 6.6.6.6 Neighbour: 6.6.6.6
State: Active Adv Relied Age: 00h01m04s
Tag: 0 Priority: low
Label: 11264 QoSInfo: 0x0
IndirectID: 0x3
RelayNextHop: 0.0.0.0 Interface: Tunnel1/0/1
TunnelID: 0x10002 Flags: RD
RelayNextHop: 10.1.1.1 Interface: Vlanif15
TunnelID: 0x10000 Flags: RD
Run the display tunnel-info tunnel-id tunnel-id command, and you can view detailed
information about a specified tunnel. For example:
[Quidway] display tunnel-info tunnel-id 10005
Tunnel ID: 0x10005
Tunnel Token: 5
Type: cr lsp
Destination: 10.1.1.1
Out Slot: 0
Instance ID: 0
Interface: Tunnel1/0/1
Sub Tunnel ID: 0x0
Applicable Environment
By default, LSPs are selected for a VPN, and no load balancing is carried out. To perform load
balancing or select tunnels of other types, configure and apply the corresponding tunnel policies.
l Tunnel selection
l Number of tunnels participating in load balancing
Pre-configuration Tasks
Before configuring a tunnel policy, complete the following tasks:
l Connecting the interfaces, and configuring physical parameters for the interfaces to ensure
that the physical status of the interfaces is Up
l Configuring parameters of the link layer protocol and IP addresses for the interfaces to
ensure that the status of the link layer protocol on the interfaces is Up
l Creating the tunnel (LSP or MPLS TE) for a VC
l Enabling MPLS L2VPN and performing basic L2VPN configurations on PEs
l Creating the VC of the corresponding type on the PE (refer to the chapter "VLL
Configuration" in this manual)
Data Preparation
Before configuring a tunnel policy, you need the following data.
No. Data
2 Priority of tunnels
Context
Do as follows on a PE configured with VC.
Procedure
Step 1 Run:
system-view
The tunnel policy is created, and the tunnel policy view is displayed.
A tunnel policy indicates only one tunnel selection mode. If more tunnel selection modes are
required, you need create multiple tunnel policies.
A VC can apply only one tunnel policy. Multiple VCs can share the same tunnel policy.
Step 3 Run:
tunnel select-seq { cr-lsp | gre | lsp } * load-balance-number load-balance-number
The priority of tunnels and number of tunnels participating in load balancing are configured.
NOTE
The VPLS network and VLL network do not support GRE tunnels. Therefore, do not configure gre when
configuring a tunnel policy on the VPLS network or VLL network.
----End
Follow-up Procedure
For L2VPN, if no tunnel policy is configured, LSP is selected as the VPN tunnel, and no load
balancing is carried out.
In a tunnel policy, tunnels are selected in sequential order. If the preceding tunnel is Up, it will
be selected irrespective of whether or not another service has selected it. The subsequent tunnel
is not selected in most cases, exceptthat load balancing is performed or the preceding tunnels
are in the Down state.
Context
Select one of the following configurations according to the L2VPN type.
When using XGE, GE, Ethernet, or Eth-Trunk interfaces as AC interfaces, you need to configure
the undo portswitch command in the interface view before configuring the L2VPN.
When using XGE, GE, Ethernet, or Eth-Trunk sub-interfaces as AC interfaces, you need to
configure the sub-interface type before configuring the L2VPN. For details on how to configure
sub-interfaces, see Connecting Sub-interfaces to a VLL Network.
Procedure
l Applying a tunnel policy to VLL in SVC mode
Do as follows on PEs configured with VCs:
1. Run:
system-view
2. Run:
interface interface-type interface-number
NOTE
Before configuring Kompella VLL on a PE, create a connection with a CE by running the ce
ce-name id ce-id [ range ce-range ] [ default-offset ce-offset ] command.
l Applying a tunnel policy to VPLS in Martini mode
Do as follows on the PEs at both ends of a PW:
1. Run:
system-view
A VSI is created.
3. Run:
pwsignal ldp
LDP is configured as the PW signaling protocol and the VSI-LDP view is displayed.
4. Run:
vsi-id vsi-id
The VSI peer relationship is configured and a tunnel policy is applied to the peer.
A VSI is created.
3. Run:
pwsignal bgp
BGP is configured as the PW signaling protocol and the VSI BGP view is displayed.
4. Run:
route-distinguisher route-distinguisher
----End
Context
The configurations of the tunnel policies (Select-sequence Mode) applied to L2VPN function
are complete.
Procedure
l Run the display tunnel-policy tunnel-policy-name. command to check the configuration
of a tunnel policy.
l Run the display mpls l2vc [ interface interface-type interface-number ]. command to check
the information about the tunnel used by the VC in L2VPN in SVC, PWE3, or Martini
mode.
l Run the display mpls l2vpn connection [ interface interface-type interface-number ]
command to check the information about the tunnel used by the VC in Kompella L2VPN.
l Run the display tunnel-info tunnel-id tunnel-id command to check information about a
specified tunnel.
----End
Example
Run the display tunnel-policy command. If the bound tunnel interface is displayed, it means
the configuration succeeds. For example:
<Quidway> display tunnel-policy policy1
Tunnel Policy Name Select-Seq Load balance No
---------------------------------------------------------------------
policy1 LSP 1
For the VC of the L2VPN in SVC or Martini mode, run the display mpls l2vc interface
interface-type interface-number command. If the tunnel policy configuration of the VC is
displayed, it means the configuration succeeds. In the following example, you can view the
tunnel policy on VLANIF 10 of the VC is policy1.
<Quidway> display mpls l2vc interface vlanif 10
*client interface : Vlanif10 is up
Administrator PW : no
session state : up
AC state : up
VC state : up
VC ID : 116119
VC type : VLAN
destination : 6.6.6.6
local group ID : 0 remote group ID : 0
local VC label : 23552 remote VC label : 23552
local AC OAM State : up
local PSN State : up
local forwarding state : forwarding
local status code : 0x0
remote AC OAM state : up
remote PSN state : up
remote forwarding state: forwarding
remote status code : 0x0
BFD for PW : unavailable
manual fault : not set
active state : active
forwarding entry : exist
link state : up
local VC MTU : 1500 remote VC MTU : 1500
local VCCV : alert lsp-ping bfd
remote VCCV : Disable
local control word : disable remote control word : disable
tunnel policy name : policy1
traffic behavior name : --
PW template name : --
primary or secondary : primary
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL type : lsp , TNL ID : 0x10000
For the VC of the L2VPN in Kompella mode, run the display mpls l2vpn connection
interface interface-type interface-number command. If the tunnel policy of the VC is displayed,
it means the configuration succeeds.
[Quidway] display mpls l2vpn connection interface vlanif 10
conn-type: remote
local vc state: up
remote vc state: up
local ce-id: 2
local ce name: ce2
remote ce-id: 1
intf(state,encap): Vlanif10(up,vlan)
peer id: 6.6.6.6
route-distinguisher: 100:1
local vc label: 31750
remote vc label: 35847
tunnel policy: Policy2
CKey: 7
NKey: 6
primary or secondary: primary
forward entry exist or not: true
forward entry active or not:true
manual fault set or not: not set
AC OAM state: up
BFD for PW session index: --
BFD for PW state: invalid
BFD for LSP state: true
Local C bit is not set
Remote C bit is not set
tunnel type: lsp
tunnel id: 0x10000
Applicable Environment
When deploying the VPN service, you can bind a VPN primary tunnel to an MPLS TE tunnel.
In this manner, the MPLS TE tunnel can transmit VPN services exclusively. The congestion
caused by unbalanced load can be avoided, and no interference occurs among different VPN
services. Therefore, the QoS of the VPN service is guaranteed.
Pre-configuration Tasks
Before configuring VPN primary tunnel binding, complete the following tasks:
l Connecting the interfaces, configuring physical parameters for the interfaces to ensure that
the physical status of the interfaces is Up
l Configuring parameters of the link layer protocol and IP addresses for the interfaces to
ensure the status of the link layer protocol on the interfaces is Up
l Configuring the static route or the Interior Gateway Protocol (IGP) to ensure routes are
reachable to all nodes
l Configuring basic MPLS functions and enabling MPLS TE
l Configuring the MPLS TE tunnels between PEs (refer to the Quidway S7700 Smart Routing
Switch Configuration Guide - MPLS).
l Configuring the VPN instance on the PE (refer to the chapter "3 BGP MPLS IP VPN
Configuration" in this manual)
Data Preparation
To configure VPN primary tunnel binding, you need the following data.
No. Data
Context
Only the tunnel enabled with the VPN binding can be bound with the VPN.
Do as follows on PEs at both ends of the TE tunnel.
Procedure
Step 1 Run:
system-view
The tunnel policy in select-sequence mode cannot use the tunnel enabled with the VPN binding.
Step 4 Run:
mpls te commit
----End
Context
Do as follows on PEs at both ends of the TE tunnel.
Procedure
Step 1 Run:
system-view
Step 2 Run:
tunnel-policy policy-name
Step 3 Run:
tunnel binding destination dest-ip-address te tunnel interface-number [ down-
switch ]
The peer address is bound with the tunnel policy. The VPN data from the local end are transmitted
to the destination address through the bound tunnel.
l Tunnel policy can be either in select-sequence mode or tunnel binding mode. Therefore, the
tunnel policy configured with the tunnel binding command cannot be then configured with
the tunnel select-seq command.
l A maximum of six tunnels can be bound to the same destination address for a PE.
l If the PE has multiple peers, a tunnel policy can be configured with multiple tunnel
binding commands with different destination address
----End
Context
Different VPN services to the same destination on a PE must apply different tunnel policies, and
be bound with different TE tunnels.
Procedure
Step 1 Run:
system-view
----End
Prerequisite
The configurations of the L3VPN tunnel binding function are complete.
Procedure
l Run the display tunnel-policy tunnel-policy-name command to check information about
the tunnel policy in tunnel binding mode.
l Run the display interface tunnel interface-number command to check the information
about the interface of the bound tunnel.
l Run the display ip vpn-instance verbose [ vpn-instance-name ] command to check the
tunnel policy of the VPN instance.
l Run the display ip routing-table vpn-instance vpn-instance-name [ ip-address ]
verbose command to view information about the tunnel for IP routing.
l Run the display tunnel-info tunnel-id tunnel-id command to check information about a
specified tunnel.
----End
Example
Run the display tunnel-policy command. If the bound tunnel interface is displayed, and the
destination address is configured the same as that in real situation, it means the configuration
succeeds. For example:
<Quidway> display tunnel-policy policy1
Tunnel Policy Name Destination Tunnel Intf Down Switch
---------------------------------------------------------------------
policy1 2.2.2.9 Tunnel1/0/0 Disable
3.3.3.9 Tunnel2/0/0 Disable
Run the display interface tunnel, and you can view the bound tunnel is Up. For example:
<Quidway> display interface tunnel 1/0/0
Tunnel1/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2009-02-23 10:54:40
Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32)
Encapsulation is TUNNEL, loopback not set
Tunnel destination 2.2.2.9
Tunnel up/down statistics 1
Tunnel protocol/transport MPLS/MPLS, ILM is available,
QoS max-bandwidth : 64 Kbps
Output queue : (Urgent queue : Size/Length/Discards) 0/50/0
Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0
Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0
300 seconds output rate 0 bits/sec, 0 packets/sec
68 seconds output rate 0 bits/sec, 0 packets/sec
22894187 packets output, 2958834536 bytes
0 packets output error
Run the display ip vpn-instance verbose command. If the tunnel policy name of the VPN
instance is displayed, it means the configuration succeeds. In the following example, you can
view the tunnel policy of the VPN instance named vpna is policy1.
<Quidway> display ip vpn-instance verbose
Total VPN-Instances configured : 1
VPN-Instance Name and ID : vpna, 1
Create date : 2004/10/11 16:12:02
Up time : 0 days, 00 hours, 03 minutes and 07 seconds
Route Distinguisher : 100:1
Export VPN Targets : 100:1
Import VPN Targets : 100:1
Label Policy : label per route
Tunnel Policy : policy1
Log Interval : 5
Interfaces : Vlanif10
Run the display ip routing-table vpn-instance verbose command and you can view the tunnels
used by the VPN routes. For example:
<Quidway> display ip routing-table vpn-instance vpna 10.3.1.0 verbose
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------
Routing Table : vpna
Summary Count : 1
Destination: 10.3.1.0/30
Protocol: BGP Process ID: 0
Preference: 255 Cost: 0
NextHop: 2.2.2.2 Neighbour: 2.2.2.2
State: Active Adv GotQ Age: 00h00m08s
Tag: 0 Priority: low
Label: 109568 QoSInfo: 0x0
IndirectID: 0x12
RelayNextHop: 0.0.0.0 Interface: Tunnel1/0/2
Tunnel ID: 0x10002 Flags: RD
Applicable Environment
When deploying the MPLS L2VPN service, you need consider not only the transparent
transmission of user data, but also the following points:
l MPLS TE tunnels are used to transmit data, which can optimize the usage of network
resource, and avoid the congestion caused by unbalanced load.
l The L2VPN service should be separated from other services. Therefore, the QoS of the
L2VPN service is guaranteed.
The MPLS TE tunnel and the MPLS L2VPN primary tunnel binding need to be configured on
the PEs of the backbone network.
Pre-configuration Tasks
Before configuring MPLS L2VPN primary tunnel binding, complete the following tasks:
l Connecting the interfaces, and configuring physical parameters for the interfaces to ensure
that the physical status of the interfaces is Up
l Configuring parameters of the link layer protocol and IP addresses for the interfaces to
ensure that the status of the link layer protocol on the interfaces is Up
l Configuring the static route or IGP to ensure that routes are reachable to all nodes
l Configuring basic MPLS functions and enabling MPLS TE
l Configuring the MPLS TE tunnels between PEs (refer to the Quidway S7700 Smart Routing
Switch Configuration Guide - MPLS
l Creating the VC on the PE (refer to the chapter "MPLS L2VPN Configuration" in this
manual)
Data Preparation
To configure L2VPN primary tunnel binding, you need the following data.
No. Data
Context
Only the tunnel enabled with the VPN binding can be bound with the VPN.
Do as follows on PEs at both ends of the TE tunnel.
Procedure
Step 1 Run:
system-view
----End
Context
Do as follows on PEs at both ends of the TE tunnel.
Procedure
Step 1 Run:
system-view
Step 3 Run:
tunnel binding destination dest-ip-address te tunnel interface-number [ down-
switch ]
The peer address is bound with the tunnel policy. The VPN data from the local end are transmitted
through the bound tunnel to the destination address.
If a TE tunnel is bound with the destination address, the VPN data is only transmitted to the
destination address through the bound tunnel. Note the following:
l Tunnel policy can be either in select-sequence mode or tunnel binding mode. Therefore, the
tunnel policy configured with the tunnel binding command cannot be then configured with
the tunnel select-seq command.
l One dest-ip-address of a PE device can only be bound with one tunnel. If multiple tunnels
are bound, the last binding overwrites the previous one.
l If the PE has multiple peers, a tunnel policy can be configured with multiple tunnel
binding commands with different dest-ip-address.
----End
Context
Different VPN services to the same destination on a PE must apply different tunnel policies, and
be bound with different TE tunnels.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
mpls l2vc ip-address vc-id tunnel-policy policy-name
----End
Context
The configurations of the L2VPN tnnel binding function are complete.
Procedure
l Run the display tunnel-policy tunnel-policy-name. command to check information about
the tunnel policy in tunnel binding mode.
l Run the display interface tunnel interface-number. command to check the information
about the interface of the bound tunnel.
l Run the display mpls l2vc [ interface interface-type interface-number ]. command to check
the information about the tunnel used by the VC in L2VPN in SVC, PWE3, or Martini
mode.
----End
Example
Run the display tunnel-policy command. If the bound tunnel interface is displayed, and the
destination address is configured the same as that in real situation, it means the configuration
succeeds. For example:
<Quidway> display tunnel-policy policy1
Tunnel Policy Name Destination Tunnel Intf Down Switch
---------------------------------------------------------------------
policy1 2.2.2.9 Tunnel1/0/0 Disable
3.3.3.9 Tunnel2/0/0 Disable
Run the display interface tunnel command. If the bound tunnel is Up, it means the configuration
succeeds. For example:
<Quidway> display interface tunnel 1/0/0
Tunnel1/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2009-02-23 10:54:40
Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32)
Encapsulation is TUNNEL, loopback not set
Tunnel destination 2.2.2.9
Tunnel protocol/transport MPLS/MPLS, ILM is available,
primary tunnel id is 0x10006, secondary tunnel id is 0x0
QoS max-bandwidth : 64 Kbps
Output queue : (Urgent queue : Size/Length/Discards) 0/50/0
Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0
Output queue : (FIFO queuing : Size/Length/Discards) 0/75/0
300 seconds output rate 0 bits/sec, 0 packets/sec
68 seconds output rate 0 bits/sec, 0 packets/sec
22894187 packets output, 2958834536 bytes
0 packets output error
Input bandwidth utilization : --
Output bandwidth utilization : --
Run the display mpls l2vc command. If the tunnel policy name of the VC is displayed, it means
the configuration succeeds. In the following example, you can view the tunnel policy of the VC
is policy1.
<Quidway> display mpls l2vc
total LDP VC : 1 1 up 0 down
AC status : up
VC state : up
VC ID : 116119
VC type : VLAN
destination : 6.6.6.6
local VC label : 23552 remote VC label : 23552
control word : disable
forwarding entry : exist
local group ID : 0
manual fault : not set
active state : active
link state : up
local VC MTU : 1500 remote VC MTU : 1500
tunnel policy name : policy1
traffic behavior name: --
PW template name : --
primary or secondary : primary
create time : 0 days, 0 hours, 3 minutes, 45 seconds
up time : 0 days, 0 hours, 3 minutes, 45 seconds
last change time : 0 days, 0 hours, 3 minutes, 45 seconds
VC last up time : 2007/09/20 20:33:37
VC total up time : 0 days, 0 hours, 3 minutes, 45 seconds
CKey : 5
NKey : 4
AdminPw interface : --
AdminPw link state : --
Context
In routine maintenance, you can run the following commands to view the running status of a
VPN tunnel.
Procedure
l Run the display interface tunnel interface-number command to view information about
the tunnel interface.
l Run the display tunnel-info tunnel-id command to view information about a specified
tunnel.
l Run the display tunnel-info all command to view information about all tunnels.
l Run the display tunnel-policy tunnel-policy-name command to view information about a
specified tunnel policy.
l Run the display ip vpn-instance verbose [ vpn-instance-name ] command to view
information about the tunnel policy oused by a specified VPN instance.
l Run the display ip routing-table vpn-instance [ ip-address ] verbose command to view
information about the tunnel for IP routing.
l Run the display mpls l2vc [ interface interface-type interface-number ] command to view
information about the tunnel used by the VC in the SVC, PWE3 VC, or Martini L2VPN.
----End
Context
CAUTION
Debugging affects the performance of the system. Therefore, after debugging, run the undo
debugging all command to disable the debugging immediately.
When a fault occurs in a tunnel, run the following debugging commands in the user view to
debug the tunnel and locate the fault.
For the procedure of outputting the debugging information, refer to Information Center
Configuration.
For the description about the debugging commands, refer to the Quidway S7700 Smart Routing
Switch Debugging Reference.
Procedure
l Run the debugging tunnel all [ interface tunnel interface-number ] command in the user
view to enable tunnel debugging.
l Run the debugging tnlm { all | error | event } command in the user view to enable the
debugging related to tunnel management.
----End
Networking Requirements
Figure 1-2 shows the networking diagram of the MPLS L3VPN. CE1 and CE3 belong to VPNA,
and CE2 and CE4 belongs to VPNB. Two MPLS TE tunnels and an LSP are set up between PE1
and PE2. VPNA is binding one of TE tunnels. VPNB prefers the TE tunnels.
Figure 1-2 Networking diagram for configuring the tunnel policy for the L3VPN
VPNA VPNA
CE1 CE3
GE1/0/3
GE1/0/3 Loopback1
Loopback1 MPLS TE tunnel 1/0/1
1.1.1.1/32 2.2.2.2/32
GE1/0/3
MPLS TE tunnel 1/0/2 ( binding) GE1/0/3
GE1/0/1 GE1/0/1
GE1/0/2 GE1/0/2
PE1 PE2
GE1/0/2 LSP
GE1/0/2
VPNB VPNB
CE2 CE4
Device Interface VLANIF interface IP address
Loopback1 - 1.1.1.1/32
Loopback1 - 2.2.2.2/32
Configuration Roadmap
The configuration roadmap is as follows:
4. Configure tunnel policies and apply the tunnel policies to the VPN instances.
5. Configure MP-IBGP for exchanging routing information between the VPNs.
Data Preparation
To complete the configuration, you need the following data:
l MPLS LSR IDs of the PEs
l Names, RDs, and VPN targets of the two VPN instances
l Names of the two tunnel policies
Procedure
Step 1 Enable the IGP protocol on the MPLS backbone network to ensure IP interworking between the
PEs.
# Configure PE1.
<Quidway> system-view
[Quidway] sysname PE1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] vlan 10
[PE1-vlan10] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] port hybrid pvid vlan 10
[PE1-GigabitEthernet1/0/1] port hybrid untagged vlan 10
[PE1-GigabitEthernet1/0/1] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] ip address 100.1.1.1 30
[PE1-Vlanif10] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure PE2.
<Quidway> system-view
[Quidway] sysname PE2
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 2.2.2.2 32
[PE2-LoopBack1] quit
[PE2] vlan 10
[PE2-vlan10] quit
[PE2] interface gigabitethernet 1/0/1
[PE2-GigabitEthernet1/0/1] port hybrid pvid vlan 10
[PE2-GigabitEthernet1/0/1] port hybrid untagged vlan 10
[PE2-GigabitEthernet1/0/1] quit
[PE2] interface vlanif 10
[PE2-Vlanif10] ip address 100.1.1.2 30
[PE2-Vlanif10] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# By running the display ip routing-table command on the PEs, you can see that the PEs can
learn the routes of each other's Loopback1 interface.
Step 2 Enable the basic MPLS capability on the MPLS backbone and establish an LDP LSP.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] label advertise non-null
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] mpls
[PE1-Vlanif10] mpls ldp
[PE1-Vlanif10] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls
[PE1-mpls] label advertise non-null
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 10
[PE2-Vlanif10] mpls
[PE2-Vlanif10] mpls ldp
[PE2-Vlanif10] quit
# After the configuration, an LDP LSP can be set up between PE1 and PE2. By running the
display tunnel-info all command, you can see the LSP destined for the address 2.2.2.2. By
running the display mpls ldp lsp command, you can view the LSP information.
# Take the display on PE1 as an example:
[PE1] display tunnel-info all
* -> Allocated VC Token
Tunnel ID Type Destination Token
----------------------------------------------------------------------
0x1001c lsp 2.2.2.2 0
0x1001d lsp 2.2.2.2 1
-------------------------------------------------------------------------------
TOTAL: 3 Normal LSP(s) Found.
TOTAL: 0 Liberal LSP(s) Found.
TOTAL: 0 Frr LSP(s) Found.
A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale
A '*' before a UpstreamPeer means the session is in GR state
A '*' before a NextHop means the LSP is FRR LSP
# Configure the maximum link bandwidth and maximum reservable bandwidth for the MPLS
TE tunnel.
# Configure PE1.
[PE1] mpls
[PE1-mpls] mpls te
[PE1-mpls] mpls rsvp-te
[PE1-mpls] mpls te cspf
[PE1-mpls] quit
[PE1] interface tunnel 1/0/1
[PE1-Tunnel1/0/1] ip address unnumbered interface loopback1
[PE1-Tunnel1/0/1] tunnel-protocol mpls te
[PE1-Tunnel1/0/1] destination 2.2.2.2
[PE1-Tunnel1/0/1] mpls te tunnel-id 11
[PE1-Tunnel1/0/1] mpls te commit
[PE1-Tunnel1/0/1] quit
[PE1] interface tunnel 1/0/2
[PE1-Tunnel1/0/2] ip address unnumbered interface loopback1
[PE1-Tunnel1/0/2] tunnel-protocol mpls te
[PE1-Tunnel1/0/2] destination 2.2.2.2
[PE1-Tunnel1/0/2] mpls te tunnel-id 22
[PE1-Tunnel1/0/2] mpls te reserved-for-binding
[PE1-Tunnel1/0/2] mpls te commit
[PE1-Tunnel1/0/2] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] mpls te
[PE1-Vlanif10] mpls rsvp-te
[PE1-Vlanif10] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] mpls te
[PE2-mpls] mpls rsvp-te
[PE2-mpls] mpls te cspf
[PE2-mpls] quit
[PE2] interface tunnel 1/0/1
[PE2-Tunnel1/0/1] ip address unnumbered interface loopback1
[PE2-Tunnel1/0/1] tunnel-protocol mpls te
[PE2-Tunnel1/0/1] destination 1.1.1.1
[PE2-Tunnel1/0/1] mpls te tunnel-id 11
[PE2-Tunnel1/0/1] mpls te commit
[PE2-Tunnel1/0/1] quit
[PE2] interface tunnel 1/0/2
[PE2-Tunnel1/0/2] ip address unnumbered interface loopback1
[PE2-Tunnel1/0/2] tunnel-protocol mpls te
[PE2-Tunnel1/0/2] destination 1.1.1.1
[PE2-Tunnel1/0/2] mpls te tunnel-id 22
[PE2-Tunnel1/0/2] mpls te reserved-for-binding
[PE2-Tunnel1/0/2] mpls te commit
[PE2-Tunnel1/0/2] quit
[PE2] interface vlanif 10
[PE2-Vlanif10] mpls
[PE2-Vlanif10] mpls te
[PE2-Vlanif10] mpls rsvp-te
[PE2-Vlanif10] quit
# Enable OSPF on the devices along the TE tunnel so that the devices can transmit TE attributes.
# Configure PE1.
[PE1] ospf 1
[PE1-ospf-1] opaque-capability enable
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] mpls-te enable
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure PE1.
[PE2] ospf 1
[PE2-ospf-1] opaque-capability enable
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] mpls-te enable
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# By running the display interface tunnel interface-number command on the PEs, you can see
that Tunnel1/0/1 and Tunnel1/0/2 are both Up. Take Tunnel1/0/2 on PE1 for example.
[PE1] display interface Tunnel 1/0/2
Tunnel1/0/2 current state : UP
Line protocol current state : UP
Last line protocol up time : 2007-09-10 13:54:57-08:00
Description:HUAWEI, Quidway Series, Tunnel1/0/0 Interface
Route Port,
Internet Address is unnumbered, using address of LoopBack0(1.1.1.1/32)
Encapsulation is TUNNEL, loopback not set
Tunnel destination 2.2.2.2
Tunnel up/down statistics 1
Tunnel protocol/transport MPLS/MPLS, ILM is available,
primary tunnel id is 0x1003d, secondary tunnel id is 0x0
Step 4 Configure VPN instances on each PE and connect the CEs to the PEs.
# Configure PE1.
[PE1] ip vpn-instance VPNA
[PE1-vpn-instance-VPNA] route-distinguisher 100:1
[PE1-vpn-instance-VPNA] vpn-target 111:1 both
[PE1-vpn-instance-VPNA] quit
[PE1] ip vpn-instance VPNB
[PE1-vpn-instance-VPNB] route-distinguisher 100:2
[PE1-vpn-instance-VPNB] vpn-target 222:2 both
[PE1-vpn-instance-VPNB] quit
[PE1] interface vlanif 30
[PE1-Vlanif30] ip binding vpn-instance VPNA
[PE1-Vlanif30] ip address 10.1.1.2 30
[PE1-Vlanif30] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip binding vpn-instance VPNB
[PE1-Vlanif20] ip address 10.2.1.2 30
[PE1-Vlanif20] quit
# Configure PE2.
[PE2] ip vpn-instance VPNA
[PE2-vpn-instance-VPNA] route-distinguisher 100:3
[PE2-vpn-instance-VPNA] vpn-target 111:1 both
[PE2-vpn-instance-VPNA] quit
[PE2] ip vpn-instance VPNB
[PE2-vpn-instance-VPNB] route-distinguisher 100:4
[PE2-vpn-instance-VPNB] vpn-target 222:2 both
[PE2-vpn-instance-VPNB] quit
[PE2] interface vlanif 50
[PE2-Vlanif50] ip binding vpn-instance VPNA
[PE2-Vlanif50] ip address 10.3.1.2 30
[PE2-Vlanif50] quit
[PE2] interface vlanif 40
[PE2-Vlanif40] ip binding vpn-instance VPNB
[PE2-Vlanif40] ip address 10.4.1.2 30
[PE2-Vlanif40] quit
# Configure the interface addresses of the VLAN where the CE interface resides and configure
the IP addresses of the VLANIF interfaces according to Figure 1-2. The configuration procedure
is not given.
# By running the display ip vpn-instance verbose command on the PEs, you can see the
configuration of the VPN instances. The PEs can ping the connected CEs successfully.
NOTE
If multiple interfaces on a PE are bound to the same VPN, you must specify the source address when you
run the ping command to ping the connected CE. That is, specify -a source-ip-address in the ping -a
source-ip-address -vpn-instance vpn-instance-name destination-address command; otherwise, the ping
operation may fail.
# Configure PE2.
[PE2] tunnel-policy policy1
[PE2-tunnel-policy-policy1] tunnel binding destination 1.1.1.1 te tunnel1/0/2
[PE2-tunnel-policy-policy1] quit
[PE2] ip vpn-instance VPNA
[PE2-vpn-instance-VPNA] tnl-policy policy1
[PE2-vpn-instance-VPNA] quit
# Configure the tunnel policy that specifies the tunnel selection sequence and apply the tunnel
policy to VPNB.
# Configure PE1.
[PE1] tunnel-policy policy2
[PE1-tunnel-policy-policy2] tunnel select-seq cr-lsp lsp load-balance-number 1
[PE1-tunnel-policy-policy2] quit
[PE1] ip vpn-instance VPNB
[PE1-vpn-instance-VPNB] tnl-policy policy2
[PE1-vpn-instance-VPNB] quit
# Configure PE2.
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.1 as-number 100
[PE2-bgp] peer 1.1.1.1 connect-interface loopback 1
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.1 enable
[PE2-bgp-af-vpnv4] quit
[PE2-bgp] quit
# After the configuration, run the display bgp peer or display bgp vpnv4 all peer command.
You can see that the BGP peers between the PEs are established.
Step 7 Set up EBGP adjacency between PEs and CEs.
# Configure PE1
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance VPNA
[PE1-bgp-af-VPNA] peer 10.1.1.1 as-number 65410
[PE1-bgp-af-VPNA] quit
[PE1-bgp] ipv4-family vpn-instance VPNB
[PE1-bgp-af-VPNB] peer 10.2.1.1 as-number 65410
[PE1-bgp-af-VPNB] quit
[PE1-bgp] quit
# Configure CE1
[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] quit
# Configure CE2
[CE2] bgp 65410
[CE2-bgp] peer 10.2.1.2 as-number 100
[CE2-bgp] quit
# Configure PE2
[PE2] bgp 100
[PE2-bgp] ipv4-family vpn-instance VPNA
[PE2-bgp-af-VPNA] peer 10.3.1.1 as-number 65420
[PE2-bgp-af-VPNA] quit
[PE2-bgp] ipv4-family vpn-instance VPNB
[PE2-bgp-af-VPNB] peer 10.4.1.1 as-number 65420
[PE2-bgp-af-VPNB] quit
[PE2-bgp] quit
# Configure CE3
# Configure CE4
[CE4] bgp 65420
[CE4-bgp] peer 10.4.1.2 as-number 100
[CE4-bgp] quit
# Run the display ip routing-table vpn-instance command on the PE. You can view the routes
to the remote CE.
# Run the display ip routing-table vpn-instance verbose command on the PEs, and you can
see the tunnels used by the VPN routes.
# The CEs in the same VPN can ping each other, and the CEs in different VPNs cannot ping
each other.
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
vlan batch 10 20 30
#
ip vpn-instance VPNA
route-distinguisher 100:1
tnl-policy policy1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance VPNB
route-distinguisher 100:2
tnl-policy policy2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
mpls te
label advertise non-null
mpls rsvp-te
mpls te cspf
#
mpls ldp
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.252
mpls
mpls te
mpls rsvp-te
mpls ldp
#
interface Vlanif20
ip binding vpn-instance VPNB
ip address 10.2.1.2 255.255.255.252
#
interface Vlanif30
ip binding vpn-instance VPNA
ip address 10.1.1.2 255.255.255.252
#
interface GigabitEthernet1/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet1/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet1/0/3
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
interface Tunnel1/0/1
mpls te cspf
#
mpls ldp
#
interface Vlanif10
ip address 100.1.1.2 255.255.255.252
mpls
mpls te
mpls rsvp-te
mpls ldp
#
interface Vlanif40
ip binding vpn-instance VPNB
ip address 10.4.1.2 255.255.255.252
#
interface Vlanif50
ip binding vpn-instance VPNA
ip address 10.3.1.2 255.255.255.252
#
interface GigabitEthernet1/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet1/0/2
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface GigabitEthernet1/0/3
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
interface Tunnel1/0/1
ip address unnumbered interface loopback1
tunnel-protocol mpls te
destination 1.1.1.1
mpls te tunnel-id 11
mpls te commit
#
interface Tunnel1/0/2
ip address unnumbered interface loopback1
tunnel-protocol mpls te
destination 1.1.1.1
mpls te tunnel-id 22
mpls te reserved-for-binding
mpls te commit
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family vpn-instance VPNA
peer 10.3.1.1 as-number 65420
#
ipv4-family vpn-instance VPNB
peer 10.4.1.1 as-number 65420
#
ospf 1
opaque-capability enable
area 0.0.0.0
network 100.1.1.0 0.0.0.3
network 2.2.2.2 0.0.0.0
mpls-te enable
#
tunnel-policy policy1
tunnel binding destination 1.1.1.1 te Tunnel1/0/2
#
tunnel-policy policy2
tunnel select-seq cr-lsp lsp load-balance-number 1
#
return
l Configuration file of CE1
#
sysname CE1
#
vlan batch 30
#
interface Vlanif30
ip address 10.1.1.1 255.255.255.252
#
interface GigabitEthernet1/0/3
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
bgp 65410
peer 10.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
peer 10.1.1.2 enable
#
return
l Configuration file of CE2
#
sysname CE2
#
vlan batch 20
#
interface vlanif 20
ip address 10.2.1.1 255.255.255.252
#
interface GigabitEthernet1/0/2
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
bgp 65410
peer 10.2.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
peer 10.2.1.2 enable
#
return
l Configuration file of CE3
#
sysname CE3
#
vlan batch 50
#
interface Vlanif50
ip address 10.3.1.1 255.255.255.252
#
interface GigabitEthernet1/0/3
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
bgp 65420
peer 10.3.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
peer 10.3.1.2 enable
#
return
Figure 1-3 Networking diagram for configuring the L2VPN tunnel binding
Loopback1
2.2.2.9/32
VPNA
VLAN2
GE 1/0/1
GE 1/0/2 GE 1/0/1
Loopback1 Loopback1 PE2 CE2
Site2
1.1.1.9/32 4.4.4.9/32
GE 1/0/1 GE 1/0/2
PE1 GE 1/0/1 GE 1/0/3
GE 1/0/2 P
GE 1/0/3 PE3
GE 1/0/3 GE 1/0/1
VLAN1 VLAN4
GE 1/0/1
GE 1/0/2 GE 1/0/3 VLAN3 CE3
Loopback1 Site3
3.3.3.9/32
Site1 CE1
VPNA VPNA
GigabitEthernet1/0/2 VLANIF 10 -
GigabitEthernet1/0/3 VLANIF 4 -
Loopback1 - 1.1.1.9/32
Loopback1 - 2.2.2.9/32
Loopback1 - 3.3.3.9/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a TE tunnel.
2. Configure a tunnel policy to bind the IP address of the remote end to the tunnel.
3. Apply the tunnel policy to the L2VC.
4. Connect the CEs to the backbone network.
Data Preparation
To complete the configuration, you need the following data:
l Tunnel policy
l VC ID
l Parameters for the MPLS TE tunnel
NOTE
For different L2VPN services from a PE to the same destination, different tunnel policies and TE tunnels
are required.
Procedure
Step 1 Enable PEs to communicate with each other.
# Configure an Interior Gateway Protocol (IGP) on the MPLS backbone network to implement
interworking between the PEs. IS-IS is used in this example, and the IS-IS process ID is 1.
# Configure PE1.
<Quidway> system-view
[Quidway] sysname PE1
[PE1] vlan 7
[PE1-vlan7] quit
[PE1] interface gigabitethernet 1/0/1
[PE1-GigabitEthernet1/0/1] port hybrid pvid vlan 7
[PE1-GigabitEthernet1/0/1] port hybrid tagged vlan 7
[PE1-GigabitEthernet1/0/1] quit
[PE1] interface vlanif 7
[PE1-Vlanif7] ip address 100.1.1.2 24
[PE1-Vlanif7] quit
[PE1]isis 1
[PE1-isis-1] network-entity 10.0000.0000.0000.0001.00
[PE1-isis-1] is-level level-2
[PE1-isis-1] quit
[PE1] interface vlanif 7
[PE1-Vlanif7] isis enable 1
[PE1-Vlanif7] quit
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] isis enable 1
[PE1-LoopBack1] quit
# The configuration procedures of PE2 and PE3 are similar to the configuration procedure of
PE1.
# Configure the P.
<Quidway> system-view
[Quidway] sysname P
[P] vlan batch 5 6 7
[P]interface gigabitethernet 1/0/1
[P-GigabitEthernet1/0/1] port hybrid pvid vlan 7
[P-GigabitEthernet1/0/1] port hybrid tagged vlan 7
[P-GigabitEthernet1/0/1] quit
[P]interface gigabitethernet 1/0/2
[P-GigabitEthernet1/0/2] port hybrid pvid vlan 5
[P-GigabitEthernet1/0/2] port hybrid tagged vlan 5
[P-GigabitEthernet1/0/2] quit
[P]interface gigabitethernet 1/0/3
[P-GigabitEthernet1/0/3] port hybrid pvid vlan 6
[P-GigabitEthernet1/0/3] port hybrid tagged vlan 6
[P-GigabitEthernet1/0/3] quit
[P] interface vlanif 7
[P-Vlanif7] ip address 100.1.1.1 24
[P-Vlanif7] quit
[P] interface vlanif 5
[P-Vlanif5] ip address 100.2.1.1 24
[P-Vlanif5] quit
[P] interface vlanif 6
[P-Vlanif6] ip address 100.3.1.1 24
[P-Vlanif6] quit
[P]isis 1
[P-isis-1] network-entity 10.0000.0000.0000.0002.00
[P-isis-1] is-level level-2
[P-isis-1] quit
[P] interface vlanif 5
[P-Vlanif5] isis enable 1
[P-Vlanif5] quit
[P] interface vlanif 6
[P-Vlanif6] isis enable 1
[P-Vlanif6] quit
[P] interface vlanif 7
[P-Vlanif7] isis enable 1
[P-Vlanif7] quit
[P] interface loopback 1
[P-LoopBack1] ip address 1.1.1.9 32
[P-LoopBack1] isis enable 1
[P-LoopBack1] quit
# Run the display ip routing-table command in any view of the PEs, and you can see that the
PEs can learn the loopback address of each other.
# Take the display on PE1 as an example:
[PE1] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0
2.2.2.9/32 ISIS 15 20 D 100.1.1.2 Vlanif7
3.3.3.9/32 ISIS 15 20 D 100.1.1.2 Vlanif7
4.4.4.9/32 ISIS 15 10 D 100.1.1.2 Vlanif7
100.1.1.0/24 Direct 0 0 D 100.1.1.1 Vlanif7
100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
100.1.1.2/32 Direct 0 0 D 100.1.1.2 Vlanif7
100.1.1.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
100.2.1.0/24 ISIS 15 20 D 100.1.1.2 Vlanif7
100.3.1.0/24 ISIS 15 20 D 100.1.1.2 Vlanif7
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Step 2 Configure the basic MPLS capability, set up the LDP peers, and enable MPLS TE, Resource
Reservation Protocol-TE (RSVP-TE), and Constraint Shortest Path First (CSPF).
# In this example, RSVP-TE is used as the signaling protocol. Enable global MPLS TE and
RSVP-TE on the PEs and P along the TE tunnel. Configure CSPF on the tunnel ingress. Enable
MPLS TE and RSVP-TE on the interfaces along the tunnel. Configure the LDP remote peers
on PEs to transmit the private network routes.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] mpls te
[PE1-mpls] mpls rsvp-te
[PE1-mpls] mpls te cspf
[PE1-mpls] quit
[PE1] interface vlanif 7
[PE1-Vlanif7] mpls
[PE1-Vlanif7] mpls te
[PE1-Vlanif7] mpls rsvp-te
[PE1-Vlanif7] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] mpls ldp remote-peer 2.2.2.9
[PE1-mpls-ldp-remote-2.2.2.9] remote-ip 2.2.2.9
[PE1-mpls-ldp-remote-2.2.2.9] quit
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit
# The configuration procedures of PE2 and PE3 are similar to the configuration procedure of
PE1.
# Configure the P.
[P] mpls lsr-id 4.4.4.9
[P] mpls
[P-mpls] mpls te
[P-mpls] mpls rsvp-te
[P-mpls] quit
[P] interface vlanif 7
[P-Vlanif7] mpls
[P-Vlanif7] mpls te
[P-Vlanif7] mpls rsvp-te
[P-Vlanif7] quit
[P] interface vlanif 5
[P-Vlanif5] mpls
[P-Vlanif5] mpls te
[P-Vlanif5] mpls rsvp-te
[P-Vlanif5] quit
[P] interface vlanif 6
[P-Vlanif6] mpls
[P-Vlanif6] mpls te
[P-Vlanif6] mpls rsvp-te
[P-Vlanif6] quit
# Run the display mpls ldp session command on the PEs, and you can see that LDP peers are
set up between PE1 and PE2 and between PE1 and PE3.
# The configuration procedures of P, PE2, and PE3 are similar to the configuration procedure
of PE1.
NOTE
When IS-IS TE is configured on only the local end, the session set up on the local end turns Down. When
IS-IS TE is configured on the remote end, the LDP session becomes Up again.
An MPLS TE tunnel is unidirectional. To guarantee bidirectional QoS on the TE tunnel, you must configure
an MPLS TE tunnel on PEs.
# Create two tunnel interfaces on PE1; create a tunnel interface on each of PE2 and PE3.
# Configure PE1.
[PE1] interface tunnel 1/0/0
[PE1-Tunnel1/0/0] ip address unnumbered interface loopback 1
[PE1-Tunnel1/0/0] tunnel-protocol mpls te
[PE1-Tunnel1/0/0] destination 2.2.2.9
[PE1-Tunnel1/0/0] mpls te tunnel-id 100
[PE1-Tunnel1/0/0] mpls te signal-protocol rsvp-te
[PE1-Tunnel1/0/0] mpls te path explicit-path PE1toPE2
[PE1-Tunnel1/0/0] mpls te commit
[PE1-Tunnel1/0/0] quit
[PE1] interface tunnel 2/0/0
[PE1-Tunnel2/0/0] ip address unnumbered interface loopback 1
[PE1-Tunnel2/0/0] tunnel-protocol mpls te
[PE1-Tunnel2/0/0] destination 3.3.3.9
[PE1-Tunnel2/0/0] mpls te tunnel-id 200
[PE1-Tunnel2/0/0] mpls te signal-protocol rsvp-te
[PE1-Tunnel2/0/0] mpls te path explicit-path PE1toPE3
# Configure PE2.
[PE2] interface tunnel 1/0/0
[PE2-Tunnel1/0/0] ip address unnumbered interface loopback 1
[PE2-Tunnel1/0/0] tunnel-protocol mpls te
[PE2-Tunnel1/0/0] destination 1.1.1.9
[PE2-Tunnel1/0/0] mpls te tunnel-id 100
[PE2-Tunnel1/0/0] mpls te signal-protocol rsvp-te
[PE2-Tunnel1/0/0] mpls te commit
[PE2-Tunnel1/0/0] quit
# Configure PE3.
[PE3] interface tunnel 1/0/0
[PE3-Tunnel1/0/0] ip address unnumbered interface loopback 1
[PE3-Tunnel1/0/0] tunnel-protocol mpls te
[PE3-Tunnel1/0/0] destination 1.1.1.9
[PE3-Tunnel1/0/0] mpls te tunnel-id 100
[PE3-Tunnel1/0/0] mpls te signal-protocol rsvp-te
[PE3-Tunnel1/0/0] mpls te commit
[PE3-Tunnel1/0/0] quit
# Run the display this interface command in the tunnel interface view of the PEs, and you can
see that the TE tunnel is Up. Take Tunnel1/0/0 of PE1 for example.
[PE1-Tunnel1/0/0] display this interface
Tunnel1/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2007-09-10 13:54:57-08:00
Description:HUAWEI, Quidway Series, Tunnel1/0/0 Interface
Route Port,
Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32)
Encapsulation is TUNNEL, loopback not set
Tunnel destination 2.2.2.9
Tunnel up/down statistics 1
Tunnel protocol/transport MPLS/MPLS, ILM is available,
primary tunnel id is 0x1003c, secondary tunnel id is 0x0
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] mpls l2vpn default martini
[PE2-l2vpn] quit
[PE2] interface tunnel 1/0/0
[PE2-Tunnel1/0/0] mpls te reserved-for-binding
[PE2-Tunnel1/0/0] mpls te commit
[PE2-Tunnel1/0/0] quit
[PE2] tunnel-policy policy1
[PE2-tunnel-policy-policy1] tunnel binding destination 1.1.1.9 te tunnel 1/0/0
[PE2-tunnel-policy-policy1] quit
[PE2] interface vlanif 2
[PE2-Vlanif2] mpls l2vc 1.1.1.9 100 tunnel-policy policy1
[PE2-Vlanif2] quit
# Configure PE3.
[PE3] mpls l2vpn
[PE3-l2vpn] mpls l2vpn default martini
[PE3-l2vpn] quit
[PE3] interface tunnel 1/0/0
[PE3-Tunnel1/0/0] mpls te reserved-for-binding
[PE3-Tunnel1/0/0] mpls te commit
[PE3-Tunnel1/0/0] quit
[PE3] tunnel-policy policy1
[PE3-tunnel-policy-policy1] tunnel binding destination 1.1.1.9 te tunnel 1/0/0
[PE3-tunnel-policy-policy1] quit
[PE3] interface vlanif 3
[PE3-Vlanif3] mpls l2vc 1.1.1.9 200 tunnel-policy policy1
[PE3-Vlanif3] quit
[CE1] vlan 10
[CE1] quit
[CE1] vlan 4
[CE1] quit
[CE1] interface gigabitethernet 1/0/2
[CE1-GigabitEthernet1/0/2] port link-type trunk
[CE1-GigabitEthernet1/0/2] port trunk allow-pass vlan 10
[CE1-GigabitEthernet1/0/2] quit
[CE1] interface gigabitethernet 1/0/3
[CE1-GigabitEthernet1/0/3] port link-type trunk
[CE1-GigabitEthernet1/0/3] port trunk allow-pass vlan 4
[CE1-GigabitEthernet1/0/3] quit
[CE1] interface VLANIF 10
[CE1-Vlanif10] ip address 10.1.1.1 24
[CE1-Vlanif10] quit
[CE1] interface vlanif 4
# Check the VC status on PE1. All the VCs on PE1 are Up.
[PE1] display mpls l2vc
total LDP VC : 2 1 up 0 down
# You can see that the number of datagrams passing through Tunnel 1/0/0 increases.
# Run the ping 20.1.1.2 command on CE1 to check information about Tunnel 1/0/0 of PE1. You
can see that the statistics of packets on Tunnel 1/0/0 remain unchanged because Tunnel 1/0/0
on PE1 transmits only the data between PE1 and PE2.
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
vlan batch 4 7 10
#
mpls lsr-id 1.1.1.9
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
mpls l2vpn
mpls l2vpn default martini
#
explicit-path pe1tope2
next hop 100.1.1.1
next hop 100.2.1.2
next hop 2.2.2.9
#
explicit-path PE1toPE3
next hop 100.1.1.1
next hop 100.3.1.2
next hop 3.3.3.9
#
mpls ldp
#
mpls ldp remote-peer 2.2.2.9
remote-ip 2.2.2.9
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
isis 1
is-level level-2
cost-style wide
network-entity 10.0000.0000.0000.0001.00
traffic-eng level-2
#
interface Vlanif4
mpls l2vc 3.3.3.9 200 tunnel-policy policy2
#
interface Vlanif7
ip address 100.1.1.2 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif10
mpls l2vc 2.2.2.9 100 tunnel-policy policy1
#
interface GigabitEthernet1/0/1
port hybrid pvid vlan 7
port hybrid tagged vlan 7
#
interface GigabitEthernet1/0/2
port hybrid pvid vlan 10
port hybrid tagged vlan 10
#
interface GigabitEthernet1/0/3
port hybrid pvid vlan 4
port hybrid tagged vlan 4
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
isis enable 1
#
interface Tunnel1/0/0
ip address unnumbered interface LoopBack1
tunnel-protocol mpls te
destination 2.2.2.9
mpls te tunnel-id 100
mpls te path explicit-path pe1tope2
mpls te reserved-for-binding
mpls te commit
#
interface Tunnel2/0/0
ip address unnumbered interface LoopBack1
tunnel-protocol mpls te
destination 3.3.3.9
mpls te tunnel-id 200
mpls te path explicit-path pe1tope3
mpls te reserved-for-binding
mpls te commit
#
tunnel-policy policy1
tunnel binding destination 2.2.2.9 te tunnel1/0/0
#
tunnel-policy policy2
tunnel binding destination 3.3.3.9 te tunnel2/0/0
#
return
l Configuration file of P
#
sysname P
#
vlan batch 5 6 7
#
mpls lsr-id 4.4.4.9
mpls
mpls te
mpls rsvp-te
#
isis 1
is-level level-2
cost-style wide
network-entity 10.0000.0000.0000.0002.00
traffic-eng level-2
#
interface Vlanif5
ip address 100.2.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif6
ip address 100.3.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif7
ip address 100.1.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface GigabitEthernet1/0/1
port hybrid pvid vlan 7
port hybrid tagged vlan 7
#
interface GigabitEthernet1/0/2
#
interface Vlanif4
ip address 20.1.1.1 255.255.255.0
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet1/0/3
port link-type trunk
port trunk allow-pass vlan 4
#
return
2 GRE Configuration
Generic Routing Encapsulation (GRE) encapsulates the packets of certain network layer
protocols such as Internetwork Packet Exchange (IPX), Asynchronous Transfer Mode (ATM),
IPv6, and AppleTalk so that the encapsulated packets can be transmitted over the IPv4
network. The latest GRE standards specify that GRE can encapsulate Layer 2 frames such as
Point-to-Point Protocol (PPP) frames and Multi-Protocol Label Switching (MPLS) frames.
Familiarize yourself with the configuration procedures against the networking diagrams. This
chapter provides networking requirements, configuration notes, and configuration roadmap in
configurations examples.
GRE encapsulates the packets of certain network layer protocols such as IP and IPX. After
encapsulation, these packets can be transmitted over the network by another network layer
protocol, such as IP.
GRE can serve as a Layer 3 tunneling protocol for VPNs. A tunnel is a virtual point-to-point
connection and can be regarded as a virtual interface that supports only point-to-point
connections. This interface provides a path to transmit encapsulated datagrams. GRE
encapsulates and decapsulates datagrams at both ends of the tunnel.
Figure 2-1 Networking diagram of multi-protocol local network transmission through the
single-protocol backbone network
Internet
GRE Tunnel
SwitchA SwitchB
IP IP
Team 1 Team 2
The tunnel between Switch A and Switch B adopts the GRE protocol, so that Group 1
communicates with Group 2 without affecting the communication between Team 1 and Team
2.
IP
network
IP IP
network network
Tunnel
PC PC
When the tunnel is used in the network, a few hops are hidden. This enlarges the scope of the
network operation.
IP network
Novell Novell
Tunnel
Group2
Group1
GRE can be applied to both Layer 2 Virtual Private Network (L2VPN) and Layer 3 Virtual
Private Network (L3VPN). Usually, the MPLS VPN backbone network uses label switched
paths (LSPs) as the public network tunnel. If the core switch (P) in the backbone network,
however, provides only the IP function without the MPLS function when the PE at the network
edge has the MPLS function, the LSP cannot be used as the public network tunnel. Then, you
can use the GRE tunnel in place of the LSP to provide Layer 3 or Layer 2 VPN solutions at the
core network.
GRE tunnels can also be used as the non-MPLS VPN backbone tunnel. In this case, the private
network packet cannot contain the MPLS label when transmitted in the VPN backbone network.
Applicable Environment
To set up a GRE tunnel, you need to create a tunnel interface first, and then configure GRE
functions on the tunnel interface. If the tunnel interface is deleted, all configurations on the
interface are deleted accordingly.
Pre-configuration Tasks
Before configuring an ordinary GRE tunnel, complete the following tasks:
l Ensuring the IP connectivity between the source interface and the destination interface
Data Preparation
To configure an ordinary GRE tunnel, you need the following data.
No. Data
Context
Do as follows on switchs on the two ends of a tunnel:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface tunnel interface-number
Step 3 Run:
tunnel-protocol gre
Step 4 Run:
source { source-ip-address | interface-type interface-number }
NOTE
The source interface of a GRE tunnel cannot be configured as the management network port, and the source
address of the tunnel cannot be configured as the IP address of the management network port.
Step 5 Run:
destination [ vpn-instance vpn-instance-name ] ip-address
After a tunnel interface is created, you need to specify the source address or source interface and
destination address of the tunnel. The source address is the IP address of the loopback interface
that sends GRE packets, whereas the destination address is the IP address of the loopback
interface that receives the GRE packets.
The new MTU takes effect only after you run the shutdown command and then the undo
shutdown command on the interface.
Step 7 Choose one of the following commands to configure the IP address of the tunnel interface.
l Run the ip address ip-address { mask | mask-length } [ sub ] command to configure the IP
address of the tunnel interface.
l Run the ip address unnumbered interface interface-type interface-number command to
configure IP unnumbered for the tunnel interface.
To support dynamic routing protocols on a tunnel, you must configure a network address for the
tunnel interface. The network address of the tunnel interface may not be a public address, but
should be in the same network segment on both ends of the tunnel.
----End
Context
Do as follows on devices on two ends of a tunnel:
NOTE
The packets encapsulated with GRE are forwarded correctly only if the routes for the tunnel are available
on both the source and destination switchs.
Procedure
Step 1 Run:
system-view
Step 2 Choose one of the following methods to configure routes passing through the tunnel interface.
l Run the ip route-static ip-address { mask | mask-length } tunnel interface-number
[ description text ] command to configure a static route.
The static route must be configured on both ends of the tunnel. In this command, the
destination address is neither the destination address of the tunnel nor the address of the
opposite tunnel interface, but the destination address of the packet that is not encapsulated
with GRE. The outbound interface must be the local tunnel interface.
l Configure dynamic routes using IGP or BGP. Details for the procedure are not provided here.
For the configuration of dynamic routes, see the S7700 Configuration Guide - IP Routing.
When configuring a dynamic routing protocol, enable the dynamic routing protocol on both
the tunnel interface and the interface connected to the private network. To ensure proper
routing, do not choose the tunnel interface as the next hop when configuring the route to the
physical or logical interface of the destination tunnel.
Use Switch A in Figure 2-4 as an example. The source interface of Tunnel 1/0/1 is VLANIF
10 on Switch A, and its destination interface is VLANIF 20 on Switch C. If a dynamic routing
protocol is used, the protocol must be configured on the tunnel interface and the GE interface
connected to the PC. Moreover, in the routing table of Switch A, the egress with the
destination as the network segment where VLANIF 20 on Switch C resides cannot be Tunnel
1/0/1.
In practical configurations, tunnel interfaces and physical interfaces connected to the public
network should use different routing protocols or different processes of the same routing
protocol. In this manner, you can avoid selecting a tunnel interface as an outbound interface
for packets destined for the destination of the tunnel. In addition, a physical interface is
prevented from forwarding user packets that should be forwarded through the tunnel.
Backbone
GE1/0/0 GE2/0/0
VLANIF10 VLANIF20
PC1 PC2
----End
Context
The configurations of the GRE function are complete.
Procedure
l Run the display interface tunnel [ interface-number ] command to check the operating
status of the tunnel interface.
l Run the display ip routing-table command to check the routing table.
l Run the ping -a source-ip-address host command to check whether the two ends of the
tunnel can successfully ping each other.
----End
Example
Run the display interface tunnel command. If the tunnel interface is Up, the configuration
succeeds. For example:
<Quidway> display interface Tunnel 1/0/0
Tunnel1/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2009-03-19 18:38:07
Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface
Route Port, The Maximum Transmit Unit is 1500 bytes
Internet Address is 40.1.1.1/24
Encapsulation is TUNNEL, loopback not set
Tunnel source 20.1.1.1 (Loopback1), destination 30.1.1.2
Tunnel protocol/transport GRE/IP, key disabled
keepalive disabled
Checksumming of packets disabled
QoS max-bandwidth : 64 Kbps
Run the display ip routing-table command. If the route passing through the tunnel interface
exists in the routing table, the configuration succeeds. For example:
<Quidway> display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Run the ping -a source-ip-address dest-ip-address command, and you can find that the ping
from the local tunnel interface to the destination tunnel succeeds.
Applicable Environment
To allow users of the CE that is not directly connected with a PE to access the Multi-Protocol
Label Switching (MPLS) VPN, configure a GRE tunnel and create routes between them and
configure MPLS VPN on the PE.
Pre-configuration Tasks
Before configuring a GRE tunnel between a CE and a PE, complete the following tasks:
Data Preparation
To configure a GRE tunnel between a CE and a PE, you need the following data.
No. Data
2 Source address or source interface and destination address of the GRE tunnel interface
specified on the CE
4 Source address or source interface and destination address of the GRE tunnel interface
specified on the PE
Context
Do as follows on the CE.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface tunnel interface-number
The tunnel interface is created and the tunnel interface view is displayed.
Step 3 Run:
tunnel-protocol gre
NOTE
The virtual IP address of the VRRP backup group can be configured as the source address of the GRE
tunnel.
Step 5 Run:
destination ip-address
The MTU of the interface can be modified. The new MTU takes effect only after you run the
shutdown and the undo shutdown commands in succession on the interface.
Step 7 Choose one of the following commands to configure the IP address of the tunnel interface.
l Run the ip address ip-address { mask | mask-length } [ sub ] command to configure the IP
address of the tunnel interface.
l Run the ip address unnumbered interface interface-type interface-number command to
configure IP unnumbered for the tunnel interface.
----End
Context
Do as follows on the PE:
Procedure
Step 1 Run:
system-view
tunnel-protocol gre
NOTE
The virtual IP address of the VRRP backup group can be configured as the source address of the GRE
tunnel.
The source interface of the tunnel cannot be the interface of the tunnel, but can be specified as
the interface of another tunnel.
The source address of the tunnel specified on the PE is identical with the destination address of
the tunnel specified on the CE. The destination address of the tunnel specified on the PE is
identical with the source address of the tunnel specified on the CE.
Step 5 Run:
destination [ vpn-instance vpn-instance-name ] ip-address
The MTU of the interface is modified. The new MTU takes effect only after you run the
shutdown and the undo shutdown commands in succession on the interface.
Step 7 Choose one of the following commands to configure the IP address of the tunnel interface.
l Run the ip address ip-address { mask | mask-length } [ sub ] command to configure the IP
address of the tunnel interface.
l Run the ip address unnumbered interface interface-type interface-number command to
configure IP unnumbered for the tunnel interface.
----End
2.4.4 Binding the GRE Tunnel with the VPN to Which CE belongs
on PE
Bind the tunnel interface on the PE that connects the CE to a VPN instance. Then, the tunnel
interface becomes a VPN interface. The packets sent from the VPN interface are forwarded
based on forwarding information in the VPN instance.
Context
Do as follows on the PE.
Procedure
Step 1 Run:
system-view
The tunnel interface is created and the tunnel interface view is displayed.
Step 3 Run:
ip binding vpn-instance vpn-instance-name
NOTE
The running of the ip binding vpn-instance command on a tunnel interface can delete the Layer 3 attributes,
such as the IP address and routing protocol. If these Layer 3 attributes are still required, you need to
configure them again.
Step 4 Choose one of the following commands to configure the IP address of the tunnel interface.
l Run the ip address ip-address { mask | mask-length } [ sub ] command to assign an IP address
to the tunnel interface.
l Run the ip address unnumbered interface interface-type interface-number command to
configure IP unnumbered for the tunnel interface.
----End
Prerequisite
The GRE tunnel between the CE and the PE is fully configured.
Procedure
l Run the display interface tunnel [ interface-number ] command to check the working
mode of the tunnel interface.
l Run the display ip routing-table vpn-instance vpn-instance-name command to check the
VPN routing table on the PE.
l Run the display ip routing-table command to check the routing table on the CE.
l Run the ping -a source-ip-address host command to check whether two ends of the tunnel
can ping each other successfully.
----End
Example
Run the display interface tunnel command on two ends of the tunnel. If the tunnel interface is
Up, it means that the configuration succeeds. Take the display on the PE as an example:
<Quidway> display interface Tunnel 1/0/0
Tunnel1/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2009-04-19 18:38:07
Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 40.1.1.1/24
Application Environment
The Keepalive function can be configured on one end of a GRE tunnel to test the status of the
GRE tunnel. If the remote end is found unreachable, the tunnel is disconnected on time to avoid
data black hole.
Pre-configuration Tasks
Before configuring the Keepalive function, complete the following tasks:
l Configuring the link layer attributes of the interfaces
l Assigning IP addresses to the interfaces
l Establishing the GRE tunnel and keeping the tunnel Up
Data Preparation
To configure the Keepalive function, you need the following data.
No. Data
Context
Do as follows on the switch that requires the Keepalive function.
Procedure
Step 1 Run:
system-view
TIP
Before configuring the tunnel policy and the GRE tunnel for the VPN, enable the Keepalive function for
the GRE tunnel. In this manner, the VPN does not select the GRE tunnel that cannot reach the remote end,
and the data loss can be avoided. The reasons for enabling the Keepalive function are as below:
l If the Keepalive function is not enabled, the local tunnel interface may always be Up regardless of
whether data reaches the remote end.
l If the Keepalive function is enabled on the local end, the local tunnel interface is set Down when the
remote end is unreachable. As a result, the VPN does not select the unreachable GRE tunnel and the
data is not lost.
----End
Prerequisite
The Keepalive function is enabled on the GRE tunnel.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface tunnel interface-number
Step 3 Run:
display keepalive packets count
Check the Keepalive packets and Keepalive Response packets sent and received by the GRE
tunnel interface.
----End
Example
On the tunnel interface that is enabled with the Keepalive function, run the display keepalive
packets count command, and you can ascertain the number of sent Keepalive packets and
received Keepalive Response packets on both the local end and the remote end. If the Keepalive
function is successfully configured on the local tunnel interface, the number of sent Keepalive
packets or received Keepalive Response packets on the local end is not 0.
[Quidway] interface tunnel 1/0/0
[Quidway-Tunnel1/0/0] tunnel-protocol gre
[Quidway-Tunnel1/0/0] keepalive
[Quidway-Tunnel1/0/0] display keepalive packets count
Send 34 keepalive packets to peers, Receive 34 keepalive response packets from peers
Receive 0 keepalive packets from peers, Send 0 keepalive response packets to peers
Procedure
l Run the reset counters interface tunnel [ interface-number ] command in the user view
to reset the statistics on the tunnel interface.
l Reset the statistics on Keepalive packets on the tunnel interface.
1. Run:
system-view
NOTE
You can run the reset keepalive packets count command only in the tunnel interface view,
and the tunnel protocol of the interface must be GRE.
----End
Context
In routine maintenance, you can run the following commands to view the running status of GRE:
Procedure
l Run the display interface tunnel [ interface-number ] command to check the running status
of the tunnel interface.
l Run the display ip routing-table vpn-instance vpn-instance-name command to check the
VPN routing table on the PE.
l Run the display ip routing-table command to check the routing table on the CE.
l Run the ping [ -a source-ip-address | -vpn-instance vpn-instance-name ] * host command
to check whether two ends of the tunnel can communicate with each other.
----End
Context
NOTE
The debugging process affects the system performance. Therefore, after finishing the debugging process,
you need run the undo debugging all command immediately to disable the debugging.
When GRE goes abnormal, run the debugging commands in the user view to view debugging
information, locate the fault, and analyze the cause.
For details of the debugging operation, refer to the chapter Information Center Configuration in
Quidway S7700 Smart Routing Switch Configuration Guide-System Management. For details
of debugging commands, refer to Quidway S7700 Smart Routing Switch Debugging
Reference.
Procedure
l Run the debugging tunnel keepalive command in the user view to debug the Keepalive
function of the GRE tunnel.
----End
Networking Requirements
As shown in Figure 2-6, Switch A, Switch B, and Switch C are on the VPN backbone network.
OSPF runs among the Switches.
GRE is used between Switch A and Switch C to implement the interworking between PC1 and
PC2.
PC1 and PC2 use Switch A and Switch C as their default gateways.
GE1/0/0 GE2/0/0
GE1/0/0 GE1/0/0
SwitchA SwitchC
GE2/0/0 Tunnel1/0/1 Tunnel1/0/1
GE2/0/0
40.1.1.1/24 40.1.1.2/24
PC1 PC2
10.1.1.1/24 10.2.1.1/24
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l IDs of the VLANs that the interfaces belong to, as shown in Figure 2-6
Procedure
Step 1 Assign the IP address to each interface.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] vlan 30
[SwitchA-vlan30] quit
[SwitchA] interface gigabitethernet 1/0/0
[SwitchA-GigabitEthernet1/0/0] port hybrid pvid vlan 10
[SwitchA-GigabitEthernet1/0/0] port hybrid untagged vlan 10
[SwitchA-GigabitEthernet1/0/0] quit
[SwitchA] interface gigabitethernet 2/0/0
[SwitchA-GigabitEthernet2/0/0] port hybrid pvid vlan 30
[SwitchA-GigabitEthernet2/0/0] port hybrid untagged vlan 30
[SwitchA-GigabitEthernet2/0/0] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 20.1.1.1 24
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 30
[SwitchA-Vlanif30] ip address 10.1.1.2 24
[SwitchA-Vlanif30] quit
The configurations of Switch B and Switch C are similar to the configuration of Switch A, and
are not mentioned here.
Step 2 Configure IGP on the VPN backbone network.
# Configure Switch A.
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
The configurations of Switch B and Switch C are similar to the configuration of Switch A, and
are not mentioned here.
# Run the display ip routing-table command on Switch A and Switch C. You can find that they
learn the OSPF routes destined for the network segment of the peer.
# Take Switch A for example. The information is displayed as follows:
[SwitchA] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif30
10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0
10.1.1.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
20.1.1.0/24 Direct 0 0 D 20.1.1.1 Vlanif10
20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
20.1.1.2/32 Direct 0 0 D 20.1.1.2 Vlanif10
20.1.1.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
30.1.1.0/24 OSPF 10 2 D 20.1.1.2 Vlanif10
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
# Configure Switch C.
[SwitchC] interface tunnel 1/0/1
[SwitchC-Tunnel1/0/1] tunnel-protocol gre
[SwitchC-Tunnel1/0/1] ip address 40.1.1.2 255.255.255.0
[SwitchC-Tunnel1/0/1] source 30.1.1.2
[SwitchC-Tunnel1/0/1] destination 20.1.1.1
[SwitchC-Tunnel1/0/1] quit
# After the configuration, the status of tunnel interfaces is Up, and the tunnel interfaces can ping
each other.
# Take Switch A for example. The information is displayed as follows:
[SwitchA] ping -a 40.1.1.1 40.1.1.2
PING 40.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 40.1.1.2: bytes=56 Sequence=1 ttl=255 time=24 ms
Reply from 40.1.1.2: bytes=56 Sequence=2 ttl=255 time=33 ms
Reply from 40.1.1.2: bytes=56 Sequence=3 ttl=255 time=48 ms
Reply from 40.1.1.2: bytes=56 Sequence=4 ttl=255 time=33 ms
Reply from 40.1.1.2: bytes=56 Sequence=5 ttl=255 time=36 ms
--- 40.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 24/34/48 ms
# Configure Switch C.
[SwitchC] ip route-static 10.1.1.0 255.255.255.0 tunnel 1/0/1
# Run the display ip routing-table command on Switch A and Switch C. You can see the static
route from the tunnel interface to the use-side network segment of the peer.
# Take Switch A for example. The information is displayed as follows:
[SwitchA] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 16
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif30
10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0
10.1.1.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
10.2.1.0/24 Static 60 0 D 40.1.1.1 Tunnel1/0/1
20.1.1.0/24 Direct 0 0 D 20.1.1.1 Vlanif10
20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
----End
Configuration Files
l Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 10 30
#
interface Vlanif10
ip address 20.1.1.1 255.255.255.0
#
interface Vlanif30
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface Tunnel1/0/1
ip address 40.1.1.1 255.255.255.0
tunnel-protocol gre
source 20.1.1.1
destination 30.1.1.2
#
ospf 1
area 0.0.0.0
network 20.1.1.0 0.0.0.255
#
ip route-static 10.2.1.0 255.255.255.0 Tunnel1/0/1
#
return
GE2/0/0 GE1/0/0
VLANIF 20 VLANIF 30
20.1.1.1/24 OSPF 1 30.1.1.2/24
SwitchA SwitchC
Tunnel
GE1/0/0 GE2/0/0
Tunnel1/0/1 Tunnel1/0/1 VLANIF 40
VLANIF 10
10.1.1.2/24 40.1.1.1/24 40.1.1.2/24 10.2.1.2/24
PC1 PC2
10.1.1.1/24
10.2.1.1/24
OSPF 2 OSPF 2
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l IDs of the VLANs that the interfaces belong to, as shown in Figure 2-7
l IP address of the VLANIF interfaces, as shown in Figure 2-7
l Source addresses and destination addresses on the two ends of the GRE tunnel
Procedure
Step 1 Assign the IP address to each interface.
<Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan batch 10 20
[SwitchA] interface gigabitethernet 1/0/0
[SwitchA-GigabitEthernet1/0/0] port hybrid pvid vlan 10
[SwitchA-GigabitEthernet1/0/0] port hybrid untagged vlan 10
[SwitchA-GigabitEthernet1/0/0] quit
[SwitchA] interface gigabitethernet 2/0/0
[SwitchA-GigabitEthernet2/0/0] port hybrid pvid vlan 20
[SwitchA-GigabitEthernet2/0/0] port hybrid untagged vlan 20
[SwitchA-GigabitEthernet2/0/0] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 10.1.1.2 24
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ip address 20.1.1.1 24
[SwitchA-Vlanif20] quit
The configurations of Switch B and Switch C are similar to the configuration of Switch A, and
are not mentioned here.
Step 2 Configure OSPF process 1 between SwitchA, SwitchB, and SwitchC.
# Configure SwitchA.
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# Configure SwitchB.
[SwitchB] ospf 1
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# Configure SwitchC.
[SwitchC] ospf 1
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# Run the display ip routing-table command on Switch A and Switch C. You can find that they
learn the OSPF routes destined for the network segment of the peer.
Step 3 Configure the tunnel interface.
The configuration procedure is the same as that in 2.7.1 Example for Configuring Static Routes
on the GRE Tunnel.
Step 4 Configure the OSPF protocol on the tunnel interfaces.
# Configure Switch A.
[SwitchA] ospf 2
[SwitchA-ospf-2] area 0
# Configure Switch C.
[SwitchC] ospf 2
[SwitchC-ospf-2] area 0
[SwitchC-ospf-2-area-0.0.0.0] network 40.1.1.0 0.0.0.255
[SwitchC-ospf-2-area-0.0.0.0] network 10.2.1.0 0.0.0.255
[SwitchC-ospf-2-area-0.0.0.0] quit
[SwitchC-ospf-2] quit
----End
Configuration Files
l Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 10 20
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif20
ip address 20.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Tunnel1/0/1
ip address 40.1.1.1 255.255.255.0
tunnel-protocol gre
source 20.1.1.1
destination 30.1.1.2
#
ospf 1
area 0.0.0.0
network 20.1.1.0 0.0.0.255
#
ospf 2
area 0.0.0.0
network 40.1.1.0 0.0.0.255
network 10.1.1.0 0.0.0.255
#
return
l Configuration file of Switch B
#
sysname SwitchB
#
vlan batch 20 30
#
interface Vlanif20
ip address 20.1.1.2 255.255.255.0
#
interface Vlanif30
ip address 30.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
ospf 1
area 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
return
l Configuration file of Switch C
#
sysname SwitchC
#
vlan batch 30 40
#
interface Vlanif30
ip address 30.1.1.2 255.255.255.0
#
interface Vlanif40
ip address 10.2.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface Tunnel1/0/1
ip address 40.1.1.2 255.255.255.0
tunnel-protocol gre
source 30.1.1.2
destination 20.1.1.1
#
ospf 1
area 0.0.0.0
network 30.1.1.0 0.0.0.255
#
ospf 2
area 0.0.0.0
network 40.1.1.0 0.0.0.255
network 10.2.1.0 0.0.0.255
#
return
Networking Requirements
As shown in Figure 2-8,
Figure 2-8 Networking diagram in which CEs access a VPN through the GRE tunnel of the
public network
Loopback1
Loopback1
PE1
SwitchA GE2/0/0 GE2/0/0 PE2
GE1/0/0 GE1/0/0
GE1/0/0 GE2/0/0
el Tunnel1/0/0
nn
GE2/0/0 Tu
GE1/0/0
CE1 Tunnel2/0/0 CE2
GE2/0/0
GE1/0/0
PC1 PC1
Tunnel2/0/0 - 2.2.2.1/24
Tunnel1/0/0 - 2.2.2.2/24
Configuration Roadmap
PE1 and CE1 are indirectly connected. So the VPN instance on PE1 cannot be bound to the
physical interface on PE1. In such a situation, a GRE tunnel is required between CE1 and PE1.
vpn1 on PE1 can then be bound to the GRE tunnel, and CE1 can access the VPN through the
GRE tunnel.
1. Configure OSPF 10 on PE1 and PE2 to implement the interworking between the two
devices, and then enable MPLS.
2. Configure OSPF 20 on CE1, Switch A, and PE1 to implement the interworking between
the three devices.
3. Establish a GRE tunnel between CE1 and PE1.
4. Create VPN instances vpn1 on PE1 and PE2. Then bind the VPN instance on PE1 to the
GRE tunnel interface, and bind the VPN instance on PE2 to the connected physical interface
of CE2.
5. Configure IS-IS routes between CE1 and PE1, and between CE2 and PE2 to implement
the interworking between the CEs and PEs.
6. Configure BGP on PEs to implement the interworking between CE1 and CE2.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the IP address for each VLANIF interface and the routing protocol for the MPLS
backbone network.
Configure OSPF10 on PE1 and PE2, and then configure MPLS and LDP. The detailed
configurations are not mentioned here.
Step 2 Configure a routing protocol between CE1, Switch A, and PE1.
Configure OSPF 20 on CE1, Switch A, and PE1. The detailed configurations are not mentioned
here.
Step 3 Establish a GRE tunnel between CE1 and PE1.
# Configure CE1.
[CE1] interface tunnel 2/0/0
[CE1-Tunnel2/0/0] ip address 2.2.2.1 255.255.255.0
[CE1-Tunnel2/0/0] tunnel-protocol gre
[CE1-Tunnel2/0/0] source 30.1.1.1
[CE1-Tunnel2/0/0] destination 50.1.1.2
[CE1-Tunnel2/0/0] quit
# Configure PE1.
[PE1] interface tunnel 1/0/0
[PE1-Tunnel1/0/0] ip address 2.2.2.2 255.255.255.0
[PE1-Tunnel1/0/0] tunnel-protocol gre
[PE1-Tunnel1/0/0] source 50.1.1.2
[PE1-Tunnel1/0/0] destination 30.1.1.1
[PE1-Tunnel1/0/0] quit
# After the configuration, a GRE tunnel is established between CE1 and PE1.
Step 4 Create a VPN instance named vpn1 on PE1 and bind the VPN instance to the GRE tunnel.
[PE1]ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 111:1 export-extcommunity
[PE1-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity
[PE1-vpn-instance-vpn1] quit
[PE1] interface tunnel 1/0/0
[PE1-Tunnel1/0/0] ip binding vpn-instance vpn1
[PE1-Tunnel1/0/0] ip address 2.2.2.2 255.255.255.0
[PE1-Tunnel1/0/0] quit
Step 5 Create a VPN instance named vpn1 on PE2 and bind the VPN instance to the VLANIF interface.
[PE2]ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 200:1
[PE2-vpn-instance-vpn1] vpn-target 111:1 export-extcommunity
[PE2-vpn-instance-vpn1] vpn-target 111:1 import-extcommunity
[PE2-vpn-instance-vpn1] quit
[PE2] interface vlanif 50
[PE2-Vlanif50] ip binding vpn-instance vpn1
[PE2-Vlanif50] ip address 11.1.1.2 255.255.255.0
[PE2-Vlanif50] quit
[CE1-Vlanif10] quit
[CE1] interface tunnel 2/0/0
[CE1-Tunnel2/0/0] isis enable 50
[CE1-Tunnel2/0/0] quit
# Configure PE1.
[PE1] isis 50 vpn-instance vpn1
[PE1-isis-50] network-entity 50.0000.0000.0002.00
[PE1-isis-50] quit
[PE1] interface tunnel 1/0/0
[PE1-Tunnel1/0/0] isis enable 50
[PE1-Tunnel1/0/0] quit
# Configure PE2.
[PE2] isis 50 vpn-instance vpn1
[PE2-isis-50] network-entity 50.0000.0000.0003.00
[PE2-isis-50] quit
[PE2] interface vlanif50
[PE2-Vlanif50] isis enable 50
[PE2-Vlanif50] quit
Step 8 Set up the MP-BGP peer relationship between PE1 and PE2.
# On PE1, specify PE2 as an IBGP peer, set up the IBGP connection by using the loopback
interface, and enable the capability of exchanging VPN IPv4 routing information between PE1
and PE2.
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.9 as-number 100
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 3.3.3.9 enable
[PE1-bgp-af-vpnv4] quit
# Enter the view of the BGP VPN instance vpn1 and import the direct routes and IS-IS routes.
[PE1-bgp] ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1] import-route direct
[PE1-bgp-vpn1] import-route isis 50
# On PE2, specify PE1 as an IBGP peer, set up the IBGP connection by using the loopback
interface, and enable the capability of exchanging VPN IPv4 routing information between PE2
and PE1.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.9 enable
[PE2-bgp-af-vpnv4] quit
# Enter the view of the BGP VPN instance vpn1 and import the direct routes and IS-IS routes.
# Configure PE2.
[PE2] isis 50
[PE2-isis-50] import-route bgp
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10 20
#
isis 50
network-entity 50.0000.0000.0001.00
#
interface Vlanif10
ip address 21.1.1.2 255.255.255.0
isis enable 50
#
interface Vlanif20
ip address 30.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface Tunnel2/0/0
ip address 2.2.2.1 255.255.255.0
tunnel-protocol gre
source 30.1.1.1
destination 50.1.1.2
isis enable 50
#
ospf 20
area 0.0.0.0
network 30.1.1.0 0.0.0.255
#
return
l Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 20 30
#
interface Vlanif20
ip address 30.1.1.2 255.255.255.0
#
interface Vlanif30
ip address 50.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
ospf 20
area 0.0.0.0
network 30.1.1.0 0.0.0.255
network 50.1.1.0 0.0.0.255
#
return
l Configuration file of PE1
#
sysname PE1
#
vlan batch 30 40
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
lsp-trigger all
#
mpls ldp
#
isis 50 vpn-instance vpn1
network-entity 50.0000.0000.0002.00
import-route bgp
#
interface Vlanif30
#
isis 50 vpn-instance vpn1
network-entity 50.0000.0000.0003.00
import-route bgp
#
interface Vlanif40
ip address 110.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
ip binding vpn-instance vpn1
ip address 11.1.1.2 255.255.255.0
isis enable 50
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
import-route isis 50
#
ospf 10
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 110.1.1.0 0.0.0.255
#
return
l Configuration file of CE2
#
sysname CE2
#
vlan batch 50 60
#
isis 50
network-entity 50.0000.0000.0004.00
#
interface Vlanif50
ip address 11.1.1.1 255.255.255.0
isis enable 50
#
interface Vlanif60
ip address 41.1.1.2 255.255.255.0
isis enable 50
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
return
Networking Requirements
As shown in Figure 2-9, Switch A and Switch B are configured with the GRE protocol. The
two ends of the GRE tunnel need be configured with the Keepalive function.
Figure 2-9 Networking diagram of configuring the Keepalive function on two ends of a GRE
tunnel
Tunnel1/0/0 - 40.1.1.1/24
Tunnel1/0/0 - 40.1.1.2/24
Configuration Roadmap
To enable the Keepalive function on one end of the GRE tunnel, run the keepalive command in
the tunnel interface view on the end.
TIP
If the Keepalive function is enabled on the source end, the forwarding function is obligatory, and the
Keepalive function is optional for the destination end.
Data Preparation
To complete the configuration, you need the following data:
l Data for configuring the routing protocol for the backbone network
l Source address and destination address of the GRE tunnel
l Interval for sending Keepalive messages
l Parameters of unreachable timer
Procedure
Step 1 Configure Switch A and Switch B to implement the interworking between the two devices.
The detailed procedures are not mentioned here.
Step 2 Configure a tunnel on Switch A and enable the Keepalive function.
<SwitchA> system-view
[SwitchA] interface tunnel 1/0/0
[SwitchA-Tunnel1/0/0] ip address 40.1.1.1 255.255.255.0
[SwitchA-Tunnel1/0/0] tunnel-protocol gre
[SwitchA-Tunnel1/0/0] source 20.1.1.1
[SwitchA-Tunnel1/0/0] destination 30.1.1.2
[SwitchA-Tunnel1/0/0] keepalive period 20 retry-times 3
[SwitchA-Tunnel1/0/0] quit
# Enable the debugging of the Keepalive messages on Switch A and view information about the
Keepalive messages.
<SwitchA> terminal monitor
<SwitchA> terminal debugging
<SwitchA> debugging tunnel keepalive
Oct 26 2008 20:18:54.860.1 SwitchA TUNNEL/7/debug:GRE_KEEP:Judge keepalive fin
ished. Received keepalive response packet from peer router.
Oct 26 2008 20:18:54.860.2 SwitchA TUNNEL/7/debug:GRE_FWD: Receive the respons
e keepalive packet on mainboard successfully, keepalive finished.
Oct 26 2008 20:19:15.340.1 SwitchA TUNNEL/7/debug:GRE_KEEP:Judge keepalive fin
ished. Received keepalive response packet from peer router.
Oct 26 2008 20:19:15.340.2 SwitchA TUNNEL/7/debug:GRE_FWD: Receive the respons
e keepalive packet on mainboard successfully, keepalive finished.
----End
Configuration Files
l Configuration file of Switch A
#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif10
ip address 20.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface Tunnel1/0/0
ip address 40.1.1.1 255.255.255.0
source 20.1.1.1
destination 30.1.1.2
keepalive period 20
#
return
This chapter describes the BGP/MPLS IP VPN configuration, including the introduction to the
BGP/MPLS IP VPN, common networking of the BGP/MPLS IP VPN, and configurations to
ensure the reliability of the BGP/MPLS IP VPN.
This section describes how to configure the routes that traverse the MPLS VPN backbone
network to be the routes of the OSPF area. After the configuration, traffic between sites of the
same VPN in the same OSPF area need not be forwarded through routes of the OSPF area.
3.10 Configuring a Multi-VPN-Instance CE
By using OSPF multi-instance on CEs, you can implement service isolation on the LAN.
3.11 Connecting VPN and the Internet
Generally, users within a VPN can communicate only with each other instead of with Internet
users, and the VPN users cannot access the Internet. If each site of the VPN needs to access the
Internet, you need to configure the interconnection between the VPN and the Internet.
3.12 Configuring VPN FRR
In the networking of CE dual-homing, you can configure VPN FRR to ensure the end-to-end
VPN service fast switchover if the PE fails.
3.13 Configuring VPN GR
In the process of master/slave control board switchover or the system upgrade, you can configure
VPN GR to ensure that VPN traffic is not interrupted on the PE, CE, or P.
3.14 Configuring Route Reflection to Optimize the VPN Backbone Layer
Using an RR can reduce the number of MP IBGP connections between PEs. This not only reduces
the burden of PEs but also facilitates network maintenance and management.
3.15 Configuring Route Reflection to Optimize the VPN Access Layer
If a PE and the connected CEs are in the same AS, you can deploy a BGP route RR to reduce
the number of IBGP connections between CEs and facilitate maintenance and management.
3.16 Maintaining BGP/MPLS IP VPN
This section describes how to maintain the BGP/MPLS IP VPN, which involves L3VPN traffic
checking, network connectivity monitoring, BGP connection resetting.
3.17 Configuration Examples
This section provides several configuration examples of VPN networking. In each configuration
example, the networking requirements, configuration roadmap, configuration notes,
configuration procedures, and configuration files are described.
PE
PE
VPN 2 P VPN 1
CE P CE
Site Site
Basic Networking
The S7700 uses the Multi-protocol Extensions for Border Gateway Protocol (MP-BGP) to
achieve the VPN route exchange between PEs. The static route, Routing Information Protocol
(RIP) multi-instance, Open Shortest Path First (OSPF) multi-instance, Intermediate System-to-
Intermediate System (IS-IS) multi-instance, or external BGP (EBGP) can be used to exchange
routes between a PE and a CE. In addition, by using VPN targets to control the transmission of
VPN routes, the S7700 can implement multiple VPN networking topologies including Intranet,
Extranet, and Hub&Spoke.
Typical Networking
The S7700 supports the following typical VPN networking:
l Inter-AS VPN
If a VPN backbone network spans multiple ASs, the inter-AS VPN must be configured.
Currently, the S7700 supports inter-AS VPN Option A and Option B.
l HoVPN
To relieve the stress on a PE, the Hierarchy of VPN (HoVPN) can be configured. A device
on the convergence layer or the access layer is selected as the Underlayer Provider Edge
(UPE), which works jointly with the PE, that is, the Superstratum Provider Edge (SPE) on
the backbone layer, to implement the functions of the PE.
l OSPF sham link
If OSPF runs between the PE and CE, an OSPF sham link can be configured to solve the
following problem: OSPF does not select the private route passing through the MPLS
backbone network, because the intra-area route passing through the backdoor link takes
precedence over the private route, as shown in Figure 3-2.
l Multi-VPN-Instance CE
The Multi-VPN-Instance CE can be configured to improve the routing capability of the
LAN, solve the security problem of the LAN at a low cast, and ensure that the LAN services
are safely differentiated. Currently, LAN services can be differentiated by utilizing VLAN
switches, but they have a weak routing capability.
l VPN and Internet interworking
The S7700 implements interworking between VPNs and the Internet by configuring static
routes on PEs.
Reliability
To improve the reliability of a VPN, generally, the following networking modes are adopted.
l The backbone network is an MPLS network, on which the devices adopt hierarchical
backup and are fully connected through high-speed interfaces. If there are many PEs on
the network, the BGP route reflector is deployed to reflect IPv4 VPN routes in order to
decrease the number of Multi-Protocol internal BGP (MP IBGP) connections.
l Either a mesh topology or a ring topology is used at the convergence layer based on the
requirements.
l The dual-homed CE or multi-homed CE is deployed on the access layer.
The S7700 supports VPN FRR in a VPN network where the dual-homed CE reside. After a PE
fails, VPN FRR ensures that the VPN service from CE to CE is quickly switched to the remaining
PEs.
The IP FRR feature can be configured to ensure that VPN traffic can rapidly switch to another
link between the PE and the other CE, when two CEs at a site access a PE, and a link between
one CE and the PE fails.
VPN Graceful Restart (GR), a feature that can improve the reliability of a VPN, can also be
deployed. After the deployment of VPN GR, the VPN traffic is not interrupted in the master/
slave switchover process on the switch (PE, P, or CE). This reduces the impact of a single point
failure on VPN services.
The S7700 can bind VLANIF interfaces, XGE sub-interfaces, GE sub-interfaces, Ethernet sub-
interfaces, Eth-Trunk sub-interfaces, Ethernet port (Ethernet 0/0/0) , and GRE tunnel interfaces
to VPN instances. On the S7700, IP addresses cannot be assigned to GE interfaces, Eth-Trunk
interfaces, and Ethernet interfaces (excluding management network ports) and these interfaces
cannot be bound to VPN instances.
For details on how to bind sub-interfaces to VPN instances, see Configuring a Sub-interface to
Access an L3VPN in the Quidway S7700 Smart Routing Switch Configuration Guide -
Ethernet.
Applicable Environment
In BGP/MPLS IP VPN, each VPN is instantiated, and the instances of private forwarding
information of each VPN are established, that is, a VPN instance is established. A VPN instance
is also called the VPN Routing and Forwarding (VRF) table. In RFC 4364 (BGP/MPLS IP
VPNs), a VPN instance is called the per-site forwarding table.
The VPN instance is used to separate the VPN routes from public routes. In all the BGP/MPLS
IP VPN networking scenarios, you should configure VPN instances.
The VPN instance can realize the separation of address spaces based on the Router Distinguisher
(RD), and can control VPN membership and routing rules based on the VPN target attribute.
In addition, to achieve enhanced routing control, you can also enforce inbound and outbound
routing policies. The inbound routing policy is used to filter the routes imported into the VPN
instance, and the outbound routing policy is used to filter the routes advertised to other PEs.
Pre-configuration Tasks
Before configuring a VPN instance, complete the following tasks:
l Configuring routing policies if import or export routing policies need to be applied to the
VPN instance
Data Preparation
To configure a VPN instance, you need the following data.
No. Data
5 (Optional) Routing policy that controls the receiving and sending of VPN routes
Context
Do as follows on the PE that is connected to the CE:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip vpn-instance vpn-instance-name
NOTE
The name of the VPN instance is case sensitive. For example, vpn1 and VPN1 are considered as different
VPN instances.
No default VPN instance exists on a PE, and multiple VPN instances can be created on the PE.
Step 3 Run:
route-distinguisher route-distinguisher
A VPN instance takes effect only after the RD is configured. The RDs of the VPN instances on
the same PE must be different from each other.
Before the RD is configured, no other parameters can be configured except for the VPN instance
description.
NOTE
An RD cannot be changed or deleted once it is configured. To change an RD, first, delete the VPN instance,
and then re-configure a VPN instance and an RD. To delete the RD, you only need to delete the VPN
instance.
The description of a VPN instance functions the same as the description of a host name or an
interface. It is recommended that the proper description be configured.
----End
Context
Do as follows on the PE that is configured with VPN instances.
NOTE
Procedure
Step 1 Run:
system-view
The VPN target extended community attribute for the VPN instance is created.
VPN target is the extended community attribute of the Border Gateway Protocol (BGP). It
controls the import and export of VPN routes. You can configure a maximum of 8 VPN targets
with a command.
Step 4 (Optional) Run:
routing-table limit number { alert-percent | simply-alert }
NOTE
If the routing-table limit command is run, the system gives a prompt when the number of routes injected
into the routing table of the VPN instance exceeds the maximum. If the routing-table limit command is
run to increase the maximum number of routes supported in a VPN instance or the undo routing-table
limit command is run to remove the limit on the routing table, for excess routes, the following operations
are required:
l For the excessive static routes, you need to reconfigure them manually.
l For the excessive routes learnt from CEs through the IGP multi-instance routing protocol, you need to
re-initiate the multi-instance process of the routing protocol on the PE.
For the remote cross routes learnt through the MP-IBGP and the BGP routes learnt from CEs, the system
automatically refreshes them.
The frequency of displaying logs when the number of routes exceeds the threshold is configured.
Step 7 (Optional) Run:
import route-policy policy-name
----End
Context
By default, the VPN instance uses an MPLS LSP as the tunnel and no load balancing is carried
out.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip vpn-instance vpn-instance-name
Step 3 Run:
tnl-policy policy-name
----End
Context
Do as follows on the PE configured with VPN instances.
Procedure
Step 1 Run:
system-view
The MPLS label is allocated based on the VPN instance, which ensures that all the routes in a
VPN instance use the same MPLS label.
Generally, MPLS label allocation is in one label per route mode. When the number of routes
becomes larger, more labels are required.
Therefore, MPLS label allocation based on the VPN instance is introduced and provided by the
S7700. In this manner, all the routes of a VPN instance share the same MPLS label.
----End
Prerequisite
The functions of the VPN instance are fully configured.
Procedure
l Run the display ip vpn-instance verbose vpn-instance-name command to check detailed
information about the VPN instance.
l Run the display ip vpn-instance vpn-instance-name command to check brief information
about the VPN instance.
----End
Example
Run the display ip vpn-instance command. If brief information including the RD and creating
time about the VPN instance is displayed, it means that the configuration succeeded. For
example:
<Quidway> display ip vpn-instance vpna
VPN-Instance Name RD Creation Time
vpn1 100:1 2010/06/19 02:08:54 UTC-0
3:00 DST
Run the display ip vpn-instance verbose command. If detailed information about the VPN
instance is displayed, it means the configuration succeeded. For example:
<Quidway> display ip vpn-instance verbose vpn1
VPN-Instance Name and ID : vpn1, 1
Create date : 2008/09/29 14:05:31
Up time : 0 days, 05 hours, 36 minutes and 49 seconds
Route Distinguisher : 100:1
Export VPN Targets : 1:1
Import VPN Targets : 1:1
Applicable Environment
The section describes the basic BGP/MPLS IP VPN networking. To be specific, the networking
features only one carrier and one intra-AS MPLS backbone network. In addition, the roles of
the P, PE, and CE are unique. For example, no device serves both as the PE and CE.
For special BGP/MPLS IP VPN networkings such as HoVPN, multi-role host, and inter-AS
VPN, additional configurations are needed. You can refer to the related sections in this chapter
for details.
In terms of the configuration of the BGP/MPLS IP VPN, it is critical for you to configure the
management of the advertisement of VPN routes on the MPLS backbone networks, including
the management of route advertisement between the PE and CE, and between PEs.
You can configure MP-IBGP to exchange routes between PEs. To exchange routes between the
PE and CE, you can configure static routes, RIP multi-instance, OSPF multi-instance, IS-IS
multi-instance, or BGP according to the specific networking situations.
NOTE
If a VPN is used to receive the external routes and the routes advertised by non-PE devices, and then
advertise these routes to PEs, the VPN is called a transit VPN.
If a VPN is used to accept the internal routes and the routes advertised by PEs, the VPN is called a stub
VPN. In most cases, the static route is only used to exchange routes between the PE and CE in the stub
VPN.
Pre-configuration Tasks
Before configuring basic BGP/MPLS IP VPN, complete the following tasks:
l Configuring IGP for the MPLS backbone network (PE, P) to implement IP connectivity
l Configuring basic MPLS functions and MPLS LDP for the MPLS backbone network (PE,
P)
Data Preparation
To configure basic BGP/MPLS IP VPN, you need the following data.
No. Data
3 Route-exchanging mode between the PE and CE, which can be the static route, RIP,
OSPF, IS-IS, or BGP
4 AS number of the PE
5 IP address and interface of the PE used to establish the BGP peer relationship
Context
For the details, see Configuring VPN Instances.
Context
Do as follows on the PE that is connected to the CE.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
The view of the interface that is to be bound with the VPN instance is displayed.
The XGE, GE, Eth-Trunk, and Ethernet interfaces (excluding Ethernet 0/0/0) cannot be bound
to VPN instances.
Step 3 Run:
ip binding vpn-instance vpn-instance-name
NOTE
The running of the ip binding vpn-instance command on an interface can delete the Layer 3 attributes,
such as the IP address and routing protocol. If these Layer 3 attributes are still required, you need to
configure them again.
Step 4 Run:
ip address ip-address { mask | mask-length }
----End
Context
Do as follows on the PE that is connected to the CE:
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp as-number
Step 3 Run:
peer ipv4-address as-number as-number
Step 4 Run:
peer ipv4-address connect-interface loopback interface-number
NOTE
The 32-bit mask IP addresses of the loopback interfaces must be used to establish the MP-IBGP peer
relationship between PEs. This can ensure the tunnel can be iterated. The route destined to the loopback
interface is advertised to the remote PE based on IGP on the MPLS backbone network.
Step 5 Run:
ipv4-family vpnv4
The VPN IPv4 routing information can be exchanged between the peers.
----End
Context
Select one of the following configurations as required:
l Configuring EBGP between a PE and a CE
l Configuring IBGP between a PE and a CE
l Configuring the static route between a PE and a CE
l Configuring RIP between a PE and a CE
l Configuring OSPF between a PE and a CE
l Configuring IS-IS between a PE and a CE
Procedure
l Configure EBGP between s PE and a CE.
Do as follows on the PE:
1. Run:
system-view
NOTE
The AS number configured in the BGP-VPN instance view cannot be the same as the AS
number configured in the BGP view.
5. Run:
peer ipv4-address as-number as-number
The PE can automatically learn the direct route destined for the local CE, and the learnt
direct route has a higher priority than the direct route that is advertised by the local CE
based on EBGP. Therefore, if this step is not configured, the PE cannot advertise the direct
route to the remote PE based on MP-BGP.
8. (Optional) Run:
peer ip-address allow-as-loop [ number ]
This Step is optional and used in the Hub and Spoke networking.
Generally, BGP uses the AS number to detect a loop. In the Hub and Spoke
networking, however, if EBGP runs between the PE and the CE at the Hub site, the
Hub-PE carries the local AS number when advertising routes to the Hub-CE.
Therefore, the PE denies the subsequent routing update from the Hub-CE. To ensure
the proper transmission of routes in the Hub and Spoke networking, you need to
configure all the BGP peers along the path, used for the Hub-CE to advertise private
network routes to the Spoke-CE, and to accept the routes with the AS number repeated
once.
9. (Optional) Run:
peer ip-address substitute-as
This Step is used for the networking scenario where physically-dispersed CEs use the
same AS number. The configuration is performed on the PE.
CAUTION
In the case of multi-homed CE, the BGP AS substitution function may lead to route
loops.
NOTE
Compared with the BGP view, the BGP-VPN instance view does not support the following
commands:
l BGP confederation: confederation
l BGP graceful restart: graceful-restart
l Router ID of BGP: router-id
l Synchronization between BGP and IGP: synchronization
l BGP timer: timer
Do as follows on the CE:
1. Run:
system-view
system-view
NOTE
The AS number configured in the BGP-VPN instance view cannot be the same as the AS
number configured in the BGP view.
5. Run:
peer ipv4-address as-number as-number
1. Run:
system-view
4. Run:
import-route { direct | static | rip process-id | ospf process-id | isis
process-id } [ med med | route-policy route-policy-name ]*
The CE advertises its VPN network segment to the connected PE, and the PE then
advertises the address to the remote CE. Note that the type of the imported route may
vary with different networking modes.
l Configure the static route between a PE and a CE.
Do as follows on the PE. The CE is configured with the static route, and the configurations
are common, therefore not mentioned here.
NOTE
For details, see Quidway S7700 Smart Routing Switch Configuration Guide - IP Routing.
1. Run:
system-view
The configured static route is imported into the routing table of the BGP VPN instance.
l Configure RIP between a PE and a CE
Do as follows on the PE. The CE is configured with RIPv1 or RIPv2, and the configurations
are common, therefore not mentioned here.
NOTE
For details, see Quidway S7700 Smart Routing Switch Configuration Guide - IP Routing.
1. Run:
system-view
The RIP instance is created between the PE and the CE and the RIP view is displayed.
A RIP process belongs to only one VPN instance. If you run a RIP process without
binding it to a VPN instance, this process is considered as a public network process.
A RIP process that belongs to a public network cannot be bound with a VPN instance.
3. Run:
network network-address
The RIP is configured on the network segment of the interface bound with the VPN
instance.
4. Run:
import-route bgp [ cost { cost | transparent } | route-policy route-policy-
name ]*
The RIP route is imported into the routing table of the BGP VPN instance.
After the configuration of the import-route ripcommand in the BGP VPN view, the
PE imports the VPN routes learnt from its CE into BGP, forms them into VPN-IPv4
routes, and advertises them to the remote PE.
NOTE
After a VPN instance is deleted, all the associated RIP processes are deleted.
l Configure OSPF between a PE and a CE
Do as follows on the PE. The CE is configured with OSPF. The configurations are common,
therefore not mentioned here.
NOTE
For details, see Quidway S7700 Smart Routing Switch Configuration Guide - IP Routing.
1. Run:
system-view
The OSPF instance is created between the PE and the CE, and the OSPF view is
displayed.
An OSPF process belongs to only one VPN instance. If you run an OSPF process
without binding it to a VPN instance, this process is considered as a public network
process. An OSPF process that belongs to a public network cannot be bound with a
VPN instance.
The OSPF processes that are bound to the VPN instance do not use the public network
Router ID configured in the system view. You need to specify the router ID when
starting an OSPF process. Otherwise, according to the router ID selecting rule, the IP
address of any interface that is bound to the VPN instance is selected as the router ID
in the OSPF process.
3. (Optional) Run:
domain-id domain-id [ secondary ]
You can configure two domain IDs for each OSPF process. The domain IDs of
different processes are independent of each other.
There is no limitation to configure the domain IDs of the OSPF processes in different
VPNs on the PE. But, all the OSPF processes in one VPN should be configured with
the same domain ID to ensure correct routing advertisement.
The domain ID of an OSPF process is contained in the routes generated by this process.
When the OSPF routes are imported into BGP, the domain ID is added into the BGP
VPN route and is transmitted as the BGP extended community attribute.
By default, OSPF automatically allocates the VPN route tag according to the
algorithm:
– If the BGP process is not started on the local device, the tag value is 0 by default.
– If the BGP process is started on the local device, the first two bytes of the tag value
are fixed as 0xD000, and the last two bytes are the local AS number by default.
That is, the tag value equals 3489660928 plus the local AS number.
5. Run:
import-route bgp [ cost cost | route-policy route-policy-name | tag tag |
type type ] *
OSPF is run on the network segment where the interface bound to the VPN instance
resides.
A network segment can belong to only one area. That is, you must specify to which
area each OSPF interface belongs.
– The mask length of the IP address on the interface must be equal to or longer than
the wildcard-mask specified in the network command.
– The primary IP address of the interface must be located in the network segment
specified in the network command.
For a loopback interface, OSPF advertises the IP address of the loopback interface as
a 32-bit host route by default, which bears no relation to the mask length configured
on the interface.
8. Run:
quit
The OSPF route is imported into the routing table of the BGP VPN instance.
NOTE
After a VPN instance is deleted, all related OSPF processes are deleted.
l Configuring IS-IS between PE and CE
Do as follows on the PE. The CE is configured with IS-IS. The configurations are common,
therefore not mentioned here.
NOTE
For details, see Quidway S7700 Smart Routing Switch Configuration Guide - IP Routing.
1. Run:
system-view
The IS-IS instance between the CE and the PE is created and the IS-IS view is
displayed.
An IS-IS process belongs to only one VPN instance. If you run an IS-IS process
without binding it to a VPN instance, this process is considered as a public network
process. An IS-IS process that belongs to a public network cannot be bound with a
VPN instance.
3. Run:
network-entity net
An NET defines the address of the current IS-IS area and the system ID of the
switch. A maximum of three NETs can be configured for one process on a switch.
4. (Optional) Run:
is-level { level-1 | level-1-2 | level-2 }
The IS-IS route is imported into the routing table of the BGP VPN instance.
NOTE
After the VPN instance is deleted, all IS-IS processes are deleted.
----End
Prerequisite
The configurations of the basic BGP/MPLS IP VPN function are complete.
Procedure
l Run the display ip routing-table vpn-instance vpn-instance-name command to check
routing information about the specified VPN instance on the PE.
l Run the display ip routing-table command to check routing information on the CE.
----End
Example
Run the display ip routing-table vpn-instance vpn-instance-name command. If the VPN routes
related to the CE are displayed, it means the configuration succeeded.
Run the display ip routing-table command. If the routes to the peer CE are displayed on the
CE, it means the configuration succeeded.
Applicable Environment
If it is required that all the users must access to a central access control device, the Hub and
Spoke networking is adopted. In the Hub and Spoke network, all the Spoke stations communicate
through the Hub station.
Pre-configuration Task
Before configuring Hub and Spoke, complete the following tasks:
Data Preparation
Before configuring Hub and Spoke, you need the following data.
No. Data
3 Data for route configuration (static route, RIP, OSPF, IS-IS, or EBGP) between Hub-
PE and Hub-CE, and Spoke-PE and Spoke-CE
Context
Configure the VPN instance on each Spoke-PE and Hub-PE.
Every Spoke-PE is configured with a VPN instance, while each Hub-PE is configured with the
following two VPN instances:
l VPN-in: It receives and maintains all the VPNv4 routes advertised by all the Spoke-PEs.
l VPN-out: It maintains the routes of all the Hub stations and Spoke stations and advertises
those routes to all the Spoke-PEs.
NOTE
l Different VPN instances on a device have different names, RDs, and description.
l It is recomended to perform either Step 6 or Step 7.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip vpn-instance vpn-instance-name
The VPN instance is created and the VPN instance view is displayed.
The name of the VPN instance is case sensitive. For example, vpn1 and VPN1 are considered
as different VPN instances.
The label is allocated based on VPN instance. That is, all the routes in a VPN instance use the
same label.
The MPLS labels are generally allocated on a one label per route basis.
The S7700 provides the feature of the MPLS label allocation based on the VPN instance, that
is, all the routes of a VPN instance share the same label.
Step 6 (Optional) Run:
routing-table limit number { alert-percent | simply-alert }
If the routing-table limit command is run, the system gives a prompt when the number of routes injected
into the routing table of the VPN instance exceeds the upper limit. If the routing-table limit command is
run to increase the maximum number of routes supported in a VPN instance or the undo routing-table
limit command is run to remove the limit on the routing table, for excess routes, the following operations
are required:
l For the excessive static routes, you need to reconfigure them manually.
l For the excessive routes learnt from CEs through the IGP multi-instance routing protocol, you need to
re-initiate the multi-instance process of the routing protocol on the PE.
l For the remote cross routes learnt through the MP-IBGP and the BGP routes learnt from CEs, the
system automatically refreshes them.
The frequency of displaying logs when the number of routes exceeds the threshold is configured.
----End
Procedure
l Configuring Hub-PE
1. Run:
system-view
The VPN target extended community for the VPN instance is created to import the
IPv4 routes advertised by all the Spoke-PEs.
vpn-target1 lists the Export VPN targets advertised by all the Spoke-PEs.
4. (Optional) Run:
import route-policy policy-name
The VPN target extended community for the VPN instance is created to advertise the
routes of all the Hubs and the Spokes.
vpn-target2 lists the Import VPN targets advertised by all the Spoke-PEs.
9. (Optional) Run:
import route-policy policy-name
l Configuring Spoke-PE
1. Run:
system-view
The VPN target extended community for the VPN instance is created to import the
IPv4 routes advertised by all the Hub-PEs.
vpn-target2 should be included in the export VPN target list of the Hub-PE.
4. Run:
vpn-target vpn-target1 &<1-8> export-extcommunity
The VPN target extended community for the VPN instance is created to advertise the
IPv4 routes of stations the Spoke-PE accesses.
vpn-target1 should be included in the import VPN target list of the Hub-PE.
5. (Optional) Run:
import route-policy policy-name
----End
Context
The configuration on the Hub-PE involves two interfaces or sub-interfaces: one is bound with
the VPN-in and receives the routes advertised by the Spoke-PE; the other is bound with the
VPN-out and advertises the routes of the Hub and all the Spokes.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
The view of the interface that is to be bound with the VPN instance is displayed.
Step 3 Run:
ip binding vpn-instance vpn-instance-name
NOTE
The running of the ip binding vpn-instance command on an interface can delete the Layer 3 attributes,
such as the IP address and routing protocol. If these Layer 3 attributes are still required, you need to
configure them again.
Step 4 Run:
ip address ip-address { mask | mask-length }
----End
Context
The Hub-PE must set up the MP-IBGP peer with all the Spoke-PEs. Spoke-PEs need not set up
the MP-IBGP peer between each other.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp as-number
Step 3 Run:
peer ipv4-address as-number as-number
Step 4 Run:
peer ipv4-address connect-interface loopback interface-number
NOTE
The 32-bit mask IP addresses of the loopback interfaces must be used to establish the MP-IBGP peer
relationship between PEs. This can ensure the tunnel can be iterated. The route destined to the loopback
interface is advertised to the remote PE based on IGP on the MPLS backbone network.
Step 5 Run:
ipv4-family vpnv4 [ unicast ]
Step 6 Run:
peer ipv4-address enable
----End
Context
The Hub-PE and the Hub-CE can exchange routes in the following ways.
Procedure
l Configuring EBGP between the Hub-PE and the Hub-CE
In this way, EBGP, IGP, or static routes can be adopted between the Spoke-PE and the
Spoke-CE.
To set up the EBGP peer between the Hub-PE and the Hub-CE and between the Spoke-PE
and the Spoke-CE, do as follows on the Hub-PE:
1. Run:
system-view
Allow the routing loop. Here the value of number is set as 1, which means the route
with the AS repeated once can be sent.
l Configuring IGP between the Hub-PE and the Hub-CE
In this way, instead of BGP, IGP or static routes are adopted between the Spoke-PE and
the Spoke-CE. For details, refer to the chapter "BGP/MPLS IP VPN" in the Quidway
S7700 Smart Routing Switch Feature Desripiton- VPN.
l Configuring static routes between the Hub-PE and the Hub-CE
In this way, EBGP, IGP, or static routes can be adopted between the Spoke-PE and the
Spoke-CE.
If the Hub-CE uses the default route to access the Hub-PE, to advertise the default route to
all the Spoke-PEs, do as follows on the Hub-PE:
1. Run:
system-view
The BGP VPN instance view is displayed. vpn-instance-name refers to the VPN-out.
5. Run:
network 0.0.0.0 0
Follow-up Procedure
Choose one of the preceding methods as required. For detailed configurations, see Configuring
a Routing Protocol Between PE and CE.
Prerequisite
The configurations of the Hub and Spoke function are complete.
Procedure
l Run the display ip routing-table vpn-instance vpn-instance-name command to check
routing information about the VPN-in and VPN-out on the Hub-PE.
l Run the display ip routing-table command to check routing information on the Hub-CE
and all the Spoke-CEs.
----End
Example
Run the preceding commands. If the routing table of the VPN-in has routes to all the Spoke
stations, and the routing table of the VPN-out has routes to the Hub and all the Spoke stations,
it means the configuration succeeds.
Additionally, Hub-CE and all the Spoke-CEs have routes to the Hub and all the Spoke stations.
Applicable Environment
If the MPLS backbone network bearing the VPN routes is across multiple ASs, you must
configure the Inter-AS VPNs.
The Inter-AS VPN Option A is convenient to implement and is suitable when the amount of the
VPNs and the VPN routes on the PE is small.
In VPN-Option A, the Autonomous System Boundary Routers (ASBRs) must support the VPN
instances and can manage VPN routes. Option A, therefore, requires high performance of the
ASBRs. No inter-AS configuration is needed on the ASBRs.
Pre-configuration Tasks
Before configuring inter-AS VPN Option A, complete the following tasks:
l Configuring IGP for MPLS backbone networks in each AS to keep IP connectivity of the
backbones in one AS
l Enabling MPLS and MPLS LDP on the PE and the ASBR
l Setting up the tunnel (LSP or MPLS TE) between the PE and the ASBR in the same AS
l Configuring the IP address of the CE interface through which the CE accesses the PE
Data Preparation
To configure inter-AS VPN Option A, you need the following data:
No. Data
1 To configure the VPN instance on the PE and the ASBR, you need the following
data:
l Name of the VPN instance
l (Optional) Description of the VPN instance
l RD, VPN target attribute of the VPN instance
l (Optional) Routing policy
l (Optional) Tunnel policy
l (Optional) Maximum number of route permitted in a VPN instance
3 AS number of the PE
5 Routing protocol configured between the PE and the CE: static routes, RIP, OSPF,
IS-IS and BGP
6 IP addresses and interfaces setting up the IBGP peer between the PE and the ASBR
Context
Inter-AS VPN Option A is easy to deploy. When the amount of the VPNs and the VPN routes
on the PE is small, this solution can be adopted.
Procedure
Step 1 3.4 Configuring Basic BGP/MPLS IP VPN on each AS
Step 3 Configuring VPN instances for the PE and the ASBR separately
The VPN instance for PE is used to access CE; that for ASBR is used to access its peer ASBR.
NOTE
In inter-AS VPN Option A mode, for the same VPN, the VPN targets of ASBR and the PE VPN instance
must be matched in an AS. This is not required for the PEs in different ASs.
----End
Prerequisite
The configurations of the Inter-AS VPN Option A function are complete.
Procedure
l Run the display bgp vpnv4 all peer command to check information about the BGP peers
on the PE or the ASBR.
l Run the display bgp vpnv4 all routing-table command to check the IPv4 VPN routes on
the PE or the ASBR.
l Run the display ip routing-table vpn-instance vpn-instance-name command to check the
VPN routing table on the PE or the ASBR.
----End
Example
After the successful configuration, run the display bgp vpnv4 all peer command on the PE or
the ASBR, and you can view that the BGP VPNv4 peer relationship between the ASBR and the
PE in the same AS is "Established".
Run the display bgp vpnv4all routing-table command on the PE or the ASBR, and you can
view the VPNv4 routes on the ASBR.
Run the display ip routing-table vpn-instance command on the PE or the ASBR, and you can
view all the relevant routes in the VPN routing table.
Applicable Environment
If the MPLS backbone network bearing VPN routes crosses multiple ASs, the inter-AS VPN is
needed. If the ASBR can manage VPN routes, however, there are no enough interfaces for each
inter-AS VPN, the inter-AS VPN Option B is adopted. In this option, the ASBR is involved in
maintaining and advertising VPN IPv4 routes.
Pre-configuration Tasks
Before configuring inter-AS VPN Option B, complete the following tasks:
l Configuring IGP for MPLS backbone networks in each AS to realize IP connectivity of the
backbones in one AS
l Configuring basic MPLS capability and MPLS LDP for the MPLS backbone network
l Configuring VPN Instances on the PE devices connected with the CE devices and
Binding an Interface with a VPN Instance
l Configuring the IP addresses of the CE interfaces through which the CE accesses the PE
Data Preparation
To configure inter-AS VPN Option B, you need the following data.
No. Data
1 To configure the VPN instance on the PE, you need the following data:
l Name of the VPN instance
l (Optional) Description of the VPN instance
l RD, VPN target attribute of the VPN instance
l (Optional) Routing policy for controlling the import and export of VPN routes
l (Optional) Maximum number of route permitted in a VPN instance
3 AS number of the PE
5 Routing policy configured between the PE and the CE: static routes, RIP, OSPF, IS-
IS and BGP
6 IP addresses and interfaces setting up the IBGP peer between the PE and the ASBR
Context
Do as follows on the PE and the ASBR in the same AS.
Procedure
Step 1 Run:
system-view
The loopback interface is specified as the outgoing interface of the BGP session.
NOTE
The 32-bit mask IP addresses of the loopback interfaces must be used to establish the MP-IBGP peer
relationship between PEs. This can ensure the tunnel can be iterated. The route destined to the loopback
interface is advertised to the remote PE based on IGP on the MPLS backbone network.
Step 5 Run:
ipv4-family vpnv4 [ unicast ]
The exchange of IPv4 VPN routes between PE and ASBR in the same AS is enabled.
----End
Context
Do as follows on the ASBR.
Procedure
Step 1 Run:
system-view
The view of the interface connected with the ASBR interface is displayed.
Step 3 Run:
ip address ip-address { mask | mask-length }
Step 5 Run:
quit
The exchange of IPv4 VPN routes with the peer ASBR is enabled.
----End
Context
The following describes two methods for controlling the receiving and sending of VPN routes:
l Without VPN Target Filtering
In this way, the ASBR stores all the VPN IPv4 routes.
l VPN Target Filtering
In this way, the ASBR stores partial VPN IPv4 routes through routing policies.
In practical applications, only one of the preceding methods is selected.
Procedure
l Without VPN Target Filtering
1. Run:
system-view
The VPN IPv4 routes are not filtered by the VPN target.
By default, the PE performs VPN target filtering on the received IPv4 VPN routes.
The routes passing the filter is added to the routing table, and the others are discarded.
If the PE is not configured with VPN instance, or the VPN instance is not configured
with the VPN target, the PE discards all the received VPN IPv4 routes.
In the Inter-AS VPN Option B mode, if the ASBR does not store information about
the VPN instance, the ASBR must save all the VPNv4 routing information and
advertise it to the peer ASBR. In this case, the ASBR should receive all the VPNv4
routing information without the VPN target filtering.
l VPN Target Filtering
1. Run:
system-view
The routing policy is applied to controlling the VPN IPv4 routing information.
----End
Context
If the VPN receives and sends the VPNv4 routing information through the ASBR, configure the
corresponding instance on the ASBR. Otherwise, the instance is not needed.
Do as follows on the ASBR.
NOTE
Procedure
Step 1 Run:
system-view
The VPN target extended community for the VPN instance is created.
For the same VPN in the inter-AS VPN Option B mode, the VPN targets of the ASBR and the
PE in an AS should match with each other.
The VPN targets of the PE in different ASs must match with each other too.
Step 5 (Optional) Run:
apply-label per-instance
The MPLS label is allocated based on the VPN instance, which ensures that all the routes in a
VPN instance use the same MPLS label.
The frequency of displaying logs when the number of routes exceeds the threshold is configured.
----End
Context
In a VPN Option B scenario, after next-hop-based label allocation is enabled on the ASBR, the
ASBR allocates only one label for the IPv4 VPN routes with the same next hop and outgoing
label. Compared with allocating a label for each IPv4 VPN route, next-hop-based label allocation
greatly saves the label resources.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp as-number
Step 3 Run:
ipv4-family vpnv4
The next-hop-based label allocation for IPv4 VPN routes is enabled on the ASBR.
CAUTION
After next-hop-based label allocation is enabled or disabled, the label allocated by the ASBR
for a route changes, which leads to packet loss.
----End
Context
Choose one of the preceding methods as required. For detailed configurations, see 3.4.5
Configuring a Routing Protocol Between a PE and a CE.
Prerequisite
The configurations of the Inter-AS VPN Option B function are complete.
Procedure
l Run the display bgp vpnv4 all peer command to check the VPN IPv4 routing table on the
PE or the ASBR.
l Run the display bgp vpnv4 all routing-table command to check information about all the
BGP peers on the PE or the ASBR.
l Run the display ip routing-table vpn-instance vpn-instance-name command to check the
VPN routing table on the PE.
l Run the display mpls lsp command to check information about the LSP and label on the
ASBR.
----End
Example
Run the display bgp vpnv4 all routing-table command on the ASBR. If the IPv4 routes of the
VPN are displayed, it means that the configuration succeeds.
Run the display bgp vpnv4 all peer command on the PE or the ASBR. If the status of the IBGP
peer between PE and ASBR in the same AS is "Established", and the status of the EBGP peer
between ASBRs in the different AS is "Established", it means that the configuration succeeds.
Run the display ip routing-table vpn-instance command on the PE. If the VPN routes are
displayed, it means that the configuration succeeds.
Run the display mpls lsp command on the ASBR. If information about the LSP and label is
displayed, it means that the configuration succeeds. If the ASBR is enabled with the next-hop-
based label allocation, only one label is allocated for the VPN routes with the same next hop
and outgoing label.
Applicable Environment
For hierarchical VPN networks, adopt the HoVPN to reduce the requirements for PE devices.
Pre-configuration Tasks
Before configuring HoVPN, complete the task of Configuring Basic BGP/MPLS IP VPN.
Data Preparation
To configure HoVPN, you need the following data.
No. Data
Context
Do as follows on the SPE.
Procedure
Step 1 Run:
system-view
The capability of exchanging BGP VPNv4 routing information with the peer is enabled.
Step 6 Run:
peer { ipv4-address | group-name } upe
----End
Context
Do as follows on the SPE.
Procedure
Step 1 Run:
system-view
Step 4 Run:
peer { ipv4-address | group-name } default-originate vpn-instance vpn-instance-name
The default routes of a specified VPN instance are advertised to the UPE.
After running the command, the SPE advertises a default route to the UPE with its local address
as the next hop, regardless of whether there is a default route in the local routing table or not.
----End
Prerequisite
The configurations of the HoVPN function are complete
Procedure
l Run the display ip routing-table command to check the routing table on the CE.
----End
Example
Run the display ip routing-table on the CE connected with the UPE. You can find that there is
a default route whose next hop is UPE. And there is no route to the network segment where the
peer CE resides.
Applicable Environment
After a sham link is configured between VPN PEs, the sham link is considered as an OSPF intra-
area route. It is used to ensure that the traffic is transmitted over the backbone instead of the
backdoor link between the two CEs.
The source and destination addresses of the sham link should use loopback interface addresses
with 32-bit masks. Besides, this loopback interface must be bound to the VPN instances and be
advertised through the BGP.
Pre-configuration Tasks
Before configuring the OSPF sham link, you need to complete the following tasks:
l 3.4 Configuring Basic BGP/MPLS IP VPN (OSPF between the PE and the CE)
l Configuring OSPF in the LAN where the CEs reside
Data Preparation
To configure the OSPF sham link, you need the following data.
No. Data
1 Number and address of the loopback interfaces that serve as the ends of sham link
4 Local AS number
Context
Do as follows on the PEs of the two ends of the sham link:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface loopback interface-number
A sham link of each VPN instance must have an end interface address that is an address of the
loopback interface. The address has a 32-bit mask. Multiple sham links of an OSPF process can
share the same address. The end addresses of two sham links of different OSPF processes must
be different.
Step 3 Run:
ip binding vpn-instance vpn-instance-name
Step 4 Run:
ip address ip-address { mask | mask-length }
NOTE
The IP address of the loopback interface should have a 32-bit mask, that is, 255.255.255.255.
----End
Context
Do as follows on the PEs of the two ends of the sham link.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp as-number
Step 3 Run:
ipv4-family vpn-instance vpn-instance-name
Step 4 Run:
import-route direct
The direct route is imported. That is, the route of the end address is imported into BGP.
BGP advertises the end address of the sham link as the VPN-IPv4 address.
NOTE
The route of one end address of the sham link cannot be advertised to the remote PE through the OSPF
process of the private network.
If the routes, however, are advertised to the remote PE through the OSPF process of the private network,
the remote PE has two routes destined for the end address of the sham link. One route is learnt through the
OSPF process of the private network, and the other route is learnt through MP-BGP. In this case, the remote
PE incorrectly selects the OSPF route, because the OSPF route have a higher priority than the BGP route.
As a result, the sham link cannot be successfully established.
----End
Context
Do as follows on the PEs of the two ends of the sham link.
Procedure
Step 1 Run:
system-view
NOTE
To forward the VPN traffic through the MPLS backbone network, configure the cost of the sham link less
than that of the OSPF route through the private network. The common method is increases the cost of the
forwarding interface of private network.
----End
Prerequisite
The configurations of the OSPF sham link function are complete.
Procedure
l Run the display ip routing-table vpn-instance vpn-instance-name command to check the
routing table of the specified VPN instance on the PE.
l Run the display ip routing-table command to check the routing table on the CE.
l Run the tracert host command to check the path of the data transmitted to the peer CE On
the CE.
l Run the display ospf process-id sham-link [ area area-id ] command to check the setup
state of the sham-link on the PE.
l Run the display ospf routing command to check the routes discovered by OSPF on the
CE.
----End
Example
Run the display ip routing-table vpn-instance command. You can find the routes from the PE
to the peer CE is the OSPF routes that pass through the private network rather than the BGP
routes that pass through the backbone network.
Run the display ip routing-table and the tracert commands on the CE. You can find the VPN
traffic from the CE to the peer is forwarded through the backbone network.
Run the display ospf process-id sham-link command on the PE. You can find the OSPF
neighbor status between the PE and the peer CE is Full.
Run the display ospf routing on the CE. You can find the routes from the CE to the peer CE is
learned as the intra-area routes.
Applicable Environment
The multi-VPN-instance CE is used in the LAN. You can implement service isolation through
the multiple OSPF instances on the CE devices.
One OSPF process can belong to only one VPN instance but one VPN instance can run several
OSPF processes.
Pre-configuration Tasks
Before configuring a multi-VPN-instance CE, complete the following tasks:
l 3.3 Configuring a VPN Instance on the multi-instance CE, and the PE that is accessed by
it (each service with a VPN instance)
l Configuring the link layer protocol and network layer protocol for LAN interfaces and
connecting the LAN to the multi-instance CE (each service using an interface to access the
multi-instance CE)
l Binding related VPN instances to the interfaces of the multi-instance CE and PE interfaces
through which the PE accesses the multi-instance and configuring IP addresses for those
interfaces
Data Preparation
To configure a multi-VPN-instance CE, you need the following data.
No. Data
1 Names of the VPN instances corresponding with the OSPF processes used by each
service
Context
Do as follows on the PE that is accessed by the multi-instance CE:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ospf process-id [ router-id router-id ] vpn-instance vpn-instance-name
Different services have different OSPF process IDs. However, router IDs of different services
do not necessarily differ.
Step 3 Run:
area
area-id
----End
Context
Do as follows on the multi-instance CE:
Procedure
Step 1 Run:
system-view
NOTE
If the multi-instance CE does not learn the routes of a LAN through the OSPF multi-instance of the process,
the routes of the LAN need to be imported to the OSPF instances of the process.
----End
Context
Do as follows on the PE:
Procedure
Step 1 Run:
system-view
----End
Prerequisite
The configurations of the Multi-VPN-Instance CE function are complete.
Procedure
l Run the display ip routing-table vpn-instance vpn-instance-name [ verbose ] command
to check the VPN routing table on the multi-instance CE.
----End
Example
Run the display ip routing-table vpn-instance command on the multi-instance CE to check
the VPN routing table. If there are routes to the LAN and the remote nodes for each service, it
means the configuration succeeded.
Applicable Environment
You can enable VPN users to access the Internet, by supplementing certain software
configurations in the established VPN network.
Pre-configuration Tasks
Before configuring VPN users to access the Internet, complete the following tasks:
Data Preparation
To configure interconnection between a VPN and the Internet, you need the following data.
No. Data
Context
Do as follows on the CE.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip route-static ip-address { mask | mask-length } { interface-type interface-
number [ nexthop-address ] | nexthop-address } [ preference preference | tag tag ]
* [ description text ]
ip-address can be the destination address of the public network or 0.0.0.0. If the dest-ip-
address is 0.0.0.0, the static route is also called default route, the mask of which must be 0.0.0.0
or the mask-length of which must be 0. Note that, the out-interface must be the interface
connected directly with the PE, and the next-hop is the IP address of the peer PE interface
connected directly with the CE.
NOTE
If the CE and the PE are connected through an Ethernet network, the next-hop must be specified.
----End
Context
Do as follows on the PE.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip route-static vpn-instance vpn-source-name destination-address { mask | mask-
length } nexthop-address public [ preference preference | tag tag ]* [ description
text ]
The static route from the VPN to Internet is configured and the next-hop address is a public
network address.
----End
Context
Do as follows on the PE.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip route-static ip-address { mask | mask-length } { interface-type interface-
number nexthop-address | vpn-instance vpn-instance-name nexthop-address | nexthop-
address } [ preference preference | tag tag ]* [ description text ]
The static route from the public network to the VPN is configured and the next-hop address is
a private network address.
NOTE
If the CE and the PE are connected through an Ethernet network, the next-hop must be specified.
----End
Prerequisite
The configurations of the VPN and the Internet function are complete.
Procedure
l Run the display ip routing-table vpn-instance vpn-instance-name command to check the
VPN routing table on the PE.
l Run the display ip routing-table command to check the routing table on the CE and the
destination switch in the public network.
----End
Example
Run the display ip routing-table vpn-instance command on the PE, and you can find that the
route to the CE and the route to the destination switch in the public network exist in the VPN
routing table.
Run the display ip routing-table command on the CE, and you can find that the CE has the
route to the destination switch in the public network and the destination switch in the public
network has the route to the CE.
The CE and the destination switch in the public network can successfully ping each other.
Applicable Environment
It is applied to the service sensitive to packet loss or delay in the private network.
l Manual VPN FRR: Information such as the backup next hop is specified.
l Auto VPN FRR: The backup next hop is unspecified, but a proper next hop is selected for
the VPN route.
You can select either mode as required. If both of them are configured, manual VPN FRR has
a higher priority. When manual VPN FRR fails, auto VPN FRR takes effect.
Pre-configuration Tasks
Before configuring VPN FRR, complete the following tasks:
CAUTION
Configuring the lsp-trigger command on the P is not recommended when an LSP is created
on the VPN backbone network. Use the default configuration on the P. Otherwise, VPN
FRR switchback may fail.
Data Preparation
To configure the VPN FRR, you need the following data.
No. Data
Context
Do as follows on the switch.
Procedure
Step 1 Run:
system-view
Step 2 Run:
route-policy route-policy-name { permit | deny } node node
The routing policy node is created and the routing policy view is displayed.
Step 3 Run:
apply backup-nexthop { ip-address | auto }
Step 4 Run:
quit
Step 5 Run:
ip vpn-instance vpn-instance-name
Step 6 Run:
vpn frr route-policy route-policy-name
----End
Context
Do as follows on the switch.
Procedure
Step 1 Run:
system-view
----End
Prerequisite
The configurations of the VPN FRR function are complete.
Procedure
l Run the display ip routing-table vpn-instance vpn-instance-name [ ip-address ]
verbose command to check information about the backup next hop, backup tunnel, and
backup label.
----End
Example
Run the display ip routing-table vpn-instance vpn-instance-name ip-address verbose
command on the PE configured with VPN FRR. If information about the backup next-hop PE,
backup tunnel, and label value of the routes is displayed, it means the configuration succeeds.
<Quidway> display ip routing-table vpn-instance vpn1 18.0.0.0 verbose
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : zy
Summary Count : 1
Destination: 18.0.0.0/24
Protocol: BGP Process ID: 0
Preference: 255 Cost: 0
NextHop: 171.0.0.16 Neighbour: 171.0.0.16
State: Active Adv Relied Age: 00h00m18s
Tag: 0 Priority: low
Label: 11264 QoSInfo: 0x0
IndirectID: 0x2f
RelayNextHop: 171.16.19.16 Interface: Vlanif69
TunnelID: 0x10050 Flags: RD
BkNextHop: 171.0.0.17 BkInterface: Unknown
BkLabel: 11264 SecTunnelID: 0x1005e
BkPETunnelID: 0x1005c BkPESecTunnelID: 0x0
BkIndirectID: 0x2c
Applicable Environment
The VPN GR is enabled for the BGP/MPLS IP VPN that needs the GR capability. Configuring
VPN GR on the switch that undertakes the VPN service can ensure that switch keeps forwarding
when the switch performs the AMB/SMB switchover and the VPN traffic is not broken.
NOTE
The GR capability cannot ensure that the traffic is not broken if the neighboring switch performs the AMB/
SMB switchover at the same time.
When configuring VPN GR, you must configure the IGP GR, BGP GR and MPLS LDP GR on
the PE, configure the IGP GR and the MPLS LDP GR on the P, and configure the IGP GR or
the BGP GR on the CE. If more than one domain is traversed, you must configure the IGP GR,
BGP GR and MPLS LDP GR on the ASBR.
Pre-configuration Tasks
Before configuring VPN GR, complete the following tasks:
l Establishing the VPN environment and configuring the VPN
l Configuring the common IGP GR (such as the IS-IS GR and the OSPF GR), BGP GR and
MPLS LDP GR on PEs and Ps in all related backbone networks to ensure that the backbone
network has the GR capability
Data Preparation
To configure VPN GR, you need the following data.
No. Data
1 (Optional) Interval for re-establishing the GR session (by default, it is 300 seconds)
if the IS-IS GR is enabled
3 Reconnection time of the MPLS LDP session (by default, it is 300 seconds)
4 Validity period of the MPLS LDP neighbors (by default, it is 600 seconds)
Context
NOTE
When configuring GR on the backbone network, configure the corresponding IGP GR (IS-IS GR or OSPF
GR) based on the specific IGP protocol running on the backbone network.
Procedure
l Configure IS-IS GR on the backbone network.
If IS-IS is running on the public network, do as follows on the related PEs and Ps on the
backbone network:
1. Run:
system-view
By default, the interval for reestablishing the IS-IS GR session is 300 seconds.
5. (Optional) Run:
graceful-restart suppress-sa
– To enable the GR Help capability of OSPF at which the Restarter performs the
GR, run:
graceful-restart helper-role { { { ip-prefix ip-prefix-name | acl-
number acl-number | acl-name acl-name } | ignore-external-lsa | planned-
only } * | never }
It is suggested to enable the GR capability of OSPF on all the related PEs and Ps on
the backbone network.
By default, the GR capability of OSPF and the GR Help capability of OSPF are
disabled.
----End
backbone network, you can configure MPLS LDP GR; if RSVP-TE tunnels are configured on
the backbone network, you can configure MPLS RSVP GR; if other types of tunnels are
configured on the backbone network, you do not need to perform the operation.
Context
If you use an LDP LSP tunnel, you need to configure MPLS LDP GR. If you use an RSVP-TE
tunnel, you need to configure MPLS RSVP GR. If you use another type of tunnel, you need not
perform this step.
Procedure
l Configure MPLS LDP GR.
1. Run:
system-view
When the GR capability of MPLS LDP is enabled or the GR parameters are modified, the LDP session
is reestablished.
MPLS TE is enabled.
4. Run:
mpls rsvp-te
RSVP TE is enabled.
5. Run:
mpls rsvp-te hello
MPLS TE is enabled.
12. Run:
mpls rsvp-te
RSVP TE is enabled.
13. Run:
mpls rsvp-te hello
Context
NOTE
When configuring GR of the routing protocol running between PEs and CEs, configure the corresponding
GR (IS-IS GR, OSPF GR, or BGP GR) according to the routing protocol running between the PEs and
CEs.
Procedure
l Configure GR of the IS-IS multi-instance between PEs and CEs.
Do as follows if IS-IS is run between the PE and the CE:
1. Run:
system-view
The suppress advertisement (SA) bit is used in the Hello PDUs by a restarting
switch to request its neighbors to suppress advertising the adjacency to the restarting
switch. The SA bit is removed once its database synchronization is over. Enabling this
feature avoids the black hole effect caused by sending and receiving LSP during the
restart process.
If the administrator does not want the restarting switch to set the SA bit in its Hello
PDUs, the administrator can use the undo graceful-restart suppress-sa command to
disable it.
By default, the SA bit does not take effect.
l Configure GR of the OSPF multi-instance between PEs and CES.
Do as follows if OSPF is run between the PE and the CE:
1. Run:
system-view
– To enable the GR Help capability of OSPF at which the Restarter performs the
GR, run:
graceful-restart helper-role { { { ip-prefix ip-prefix-name | acl-
number acl-number | acl-name acl-name } | ignore-external-lsa | planned-
only } * | never }
It is suggested to enable the GR capability of OSPF on all the related PEs and Ps on
the backbone network.
By default, the local link signaling capability, the out-of-band capability, the GR Help
capability and the GR capability of OSPF are all disabled.
l Configure BGP GR between PEs and CEs.
Do as follows on the PE and CE if EBGP is run between them:
1. Run:
system-view
The restart period is the maximum waiting period, from the time when the receiving
speaker detects that the GR Restarter restarts, to the time when the BGP session is
reestablished. If no BGP session is reestablished within the restart period, the receiving
speaker deletes the BGP route in the stale state. By default, the restart period is 150
seconds.
CAUTION
Modifying the restart period leads to the reestablishment of the BGP peer relationship.
5. (Optional) Run:
graceful-restart timer wait-for-rib time
By default, the time of waiting for the End-of-RIB message is 600 seconds.
----End
Context
Configure BGP GR for MP-BGP on all the PEs (including the PE that serves as the ASBR) and
the RRs that reflect the VPNv4 route, unless BGP GR has been configured for MP-BGP when
BGP GR is configured between PEs and CEs.
The process of configuring BGP GR for MP-BGP is the same as that of configuring GR in the
common BGP. For the detailed configuration, see 3.13.4 Configuring GR of the Routing
Protocol Between PEs and CEs.
Prerequisite
The configurations of the VPN GR function are complete.
Procedure
l Run the display ospf brief command to check the status of the OSPF GR.
l Run the display isis graceful-restart status [ level-1 | level-2 ] [ process-id | vpn-
instance vpn-instance-name ] command to check the status of the IS-IS GR.
l Run the display bgp vpnv4 all peer verbose command to check the status of the BGP GR.
----End
Example
Run the display isis graceful-restart status command on the PE, and you can view the status
of the ISIS GR. For example:
<Quidway> display isis graceful-restart status
Restart information for ISIS(1)
-------------------------------
IS-IS(1) Level-1 Restart Status
Restart Interval: 300
SA Bit Supported
Total Number of Interfaces = 2
Restart Status: RESTART COMPLETE
IS-IS(1) Level-2 Restart Status
Restart Interval: 300
SA Bit Supported
Total Number of Interfaces = 2
Restart Status: RESTART COMPLETE
Run the display bgp peer verbose command on the PE, and you can find that IBGP GR between
PEs and EBGP GR between the PE and CE are configured successfully. For example:
<Quidway> display bgp vpnv4 all peer verbose
Peer: 3.3.3.9 remote AS 100
Type: IBGP link
BGP version 4, remote router ID 3.3.3.9
Update-group ID : 1
BGP current state: Established, Up for 00h23m47s
BGP current event: RecvKeepalive
BGP last state: OpenConfirm
BGP Peer Up count: 2
Received total routes: 2
Received active routes total: 2
Advertised total routes: 2
Port: Local - 49941 Remote - 179
Port: Local - 52845 Remote - 179
Configured: Active Hold Time: 180 sec Keepalive Time:60 sec
Received : Active Hold Time: 180 sec
Negotiated: Active Hold Time: 180 sec Keepalive Time:60 sec
Peer optional capabilities:
Peer supports bgp multi-protocol extension
Peer supports bgp route refresh capability
Peer supports bgp 4-byte-as capability
Graceful Restart Capability: advertised and received
Restart Timer Value received from Peer: 150 seconds
Address families preserved for peer in GR:
IPv4 Unicast (was preserved)
VPNv4 (was preserved)
Address family IPv4 Unicast: advertised and received
Address family VPNv4: advertised and received
Received: Total 29 messages
Update messages 9
Open messages 1
KeepAlive messages 19
Notification messages 0
Refresh messages 0
Authentication type configured: None
Sent: Total 25 messages
Update messages 5
Open messages 1
KeepAlive messages 19
Notification messages 0
Refresh messages 0
Last keepalive received: 2009-12-31 19:49:49
Applicable Environment
The BGP speaker does not advertise the routes learned from IBGP devices to its IBGP peers.
To make a PE advertise the routes of the VPN that the PE accesses to the BGP VPNv4 peers in
the same AS, the PE must establish IBGP connections with all peers to directly exchange VPN
routing information. That is, MP IBGP peers must establish full connections between each other.
Suppose there are n PEs (including ASBRs) in an AS, n (n-1)/2 MP IBGP connections need to
be established. A large number of IBGP peers consume a great amount of network resources.
The Route Reflector (RR) can solve this problem. In an AS, one switch can be configured as the
RR to reflect VPNv4 routes and the other PEs and ASBRs serve as the clients, which are called
Client PEs. An RR can be a P, PE, ASBR, or a switch of other types.
The introduction of the RR reduces the number of MP IBGP connections. This lightens the
burden of PEs and facilitates network maintenance and management.
Pre-configuration Tasks
Before configuring route reflection to optimize the VPN backbone layer, complete the following
tasks:
l Configuring the routing protocol for the MPLS backbone network to implement IP
interworking between switchs in the backbone network
l Establishing tunnels (LSPs or MPLS TE tunnels) between the RR and all Client PEs
Data Preparation
To configure the BGP VPNv4 route reflection, you need the following data.
No. Data
2 Type and number of the interfaces used to set up the TCP connection
Context
Do as follows on all Client PEs:
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp as-number
Step 3 Run:
peer ipv4-address as-number as-number
Step 4 Run:
peer ipv4-address connect-interface interface-type interface-number
The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to
specify a loopback interface to establish the TCP connection.
Step 5 Run:
ipv4-family vpnv4
Step 6 Run:
peer ipv4-address enable
The capability of exchanging VPNv4 routes between the PE and the RR is enabled.
----End
Context
Choose one of the following schemes to configure the RR.
Procedure
l Configuring the RR to Establish MP IBGP Connections with the Peer Group
1. Run:
system-view
The capability of exchanging IPv4 VPN routes between the RR and the peer group is
enabled.
7. Run:
peer ip-address group group-name
The capability of exchanging VPNv4 routes between the RR and the client PE is
enabled.
----End
Context
Do as follows on the RR:
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp as-number
Step 3 Run:
ipv4-family vpnv4
Step 4 Enable route reflection for BGP VPNv4 routes on the RR.
l Run the peer group-name reflect-client command to enable route reflection if the RR
establishes the MP IBGP connection with the peer group consisting of client PEs.
l Run the peer ipv4-address reflect-client command repeatedly to enable route reflection if
the RR establishes the MP IBGP connection with each PE rather than peer group.
Step 5 Run:
undo policy vpn-target
----End
Prerequisite
The configurations of the reflection to optimize the VPN backbone layer function are complete.
Procedure
l Run the display bgp vpnv4 all peer [ [ ipv4-address ] verbose ] command to check
information about the BGP VPNv4 peer on the RR or the Client PEs.
l Run the display bgp vpnv4 all routing-table peer ipv4-address { advertised-routes |
received-routes } command or display bgp vpnv4 all routing-table statistics command
to check information about the routes received from the peer or the routes advertised to the
peer on the RR or the Client PEs.
l Run the display bgp vpnv4 all group [ group-name ] command to check information about
the VPNv4 peer group on the RR.
----End
Example
If the configurations succeed,
l You can find that the status of the MP IBGP connections between the RR and all Client
PEs is "Established" after running the display bgp vpnv4 all peer command on the RR or
Client PEs.
l You can find that the RR and each Client PE can receive and send VPNv4 routing
information between each other after running the display bgp vpnv4 all routing-table
peer command on the RR or the Client PEs.
l If the peer group is configured, you can view information about the group members and
find that the status of the BGP connections between the RR and the group members is
"Established" after running the display bgp vpnv4 all group command on the RR.
Applicable Environment
If a PE and multiple CEs accessing the PE are located in the same AS, to reduce the IBGP
connections between the CEs, the PE can be configured as an RR to reflect the routes of the
VPN instance, and the CEs can be configured as clients, which are called Client CEs. This
simplifies and facilitates network maintenance and management.
Pre-configuration Tasks
Before configuring route reflection to optimize the VPN access layer, complete the following
tasks:
l Configure a routing protocol for the MPLS backbone network to implement IP interworking
between the switchs in the backbone network.
Data Preparation
Before configuring route reflection to optimize the VPN access layer, you need the following
data.
No. Data
2 Type and number of the interfaces used to set up the TCP connection
Context
Do as follows on all Client CEs:
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp as-number
Step 3 Run:
peer ipv4-address as-number as-number
Step 4 Run:
peer ipv4-address connect-interface
interface-type interface-number
The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to
specify a loopback interface to establish the TCP connection.
----End
Context
Do as follows on the RR:
Procedure
l Establishing the MP-IBGP Connection with the Peer Group
1. Run:
system-view
3.15.4 Configuring Route Reflection for the Routes of the BGP VPN
Instance
The premise of enabling BGP VPNv4 route reflection is that the RR has established the MP-
IBGP connections with all its clients (CEs).
Context
Do as follows on the RR:
Procedure
Step 1 Run:
system-view
----End
Prerequisite
The configurations of the route reflection to optimize the VPN access layer function are
complete.
Procedure
l Run the display bgp [ vpnv4 vpn-instance vpn-instance-name ] peer [ ipv4-address ]
verbose command to check information about the peer group of the BGP VPN instance on
the RR.
l Run the display bgp peer [ ipv4-address ] verbose command to check information about
the BGP peer on the Client CE.
l Run the display bgp vpnv4 all routing-table peer ipv4-address { advertised-routes |
received-routes } command or display bgp vpnv4 all routing-table statistics command
to check information about the routes received from the peer or the routes advertised to the
peer on the RR.
l Run the display bgp routing-table peer ipv4-address { advertised-routes | received-
routes }command or display bgp routing-table statistics command to check information
about the routes received from the peer or the routes advertised to the peer on the Client
CE.
l Run the display bgp vpnv4 vpn-instance vpn-instance-name group [ group-name ]
command to check information about the VPNv4 peer group on the RR.
l Run the display bgp group [ group-name ] command to check information about the
VPNv4 peer group on the CE.
----End
Example
If the configurations succeed, you can achieve the following objects:
l You can find that the status of the MP IBGP connections between the RR and all Client
CEs is "Established" after running the display bgp vpnv4 all peer command on the RR.
l You can find that the status of the IBGP connections between the RR and all Client CEs is
"Established" after running the display bgp peer command on the Client CE.
l You can view the routing information advertised by the RR to the Client CE or the routing
information advertised by the Client CE to the RR after running the display bgp vpnv4
all routing-table peer command on the RR.
l You can view the routing information advertised by the Client CE to the RR and the routing
information advertised by the RR to the Client CE after running the display bgp routing-
Procedure
l Run the display ip routing-table all-vpn-instance statistics command to check the
integrated route statistics of all VPN instances.
----End
Context
In routine maintenance, you can run the following commands in any view to check the status of
BGP/MPLS IP VPN.
Procedure
l Run the display ip routing-table vpn-instance vpn-instance-name command to check the
IP routing table of a VPN instance.
l Run the display ip vpn-instance [ verbose ] [ vpn-instance-name ] command to check
information about the VPN instance.
l Run the display bgp [ vpnv4 { all | vpn-instance vpn-instance-name } ] routing-table
label command to check information about labeled routes in the BGP routing table.
l Run the display bgp vpnv4 { all | route-distinguisher route-distinguisher | vpn-
instance vpn-instance-name } routing-table ipv4-address [ mask | mask-length ] command
to check information about the BGP VPNv4 routing table.
l Run the display bgp vpnv4 { all | route-distinguisher route-distinguisher | vpn-
instance vpn-instance-name } routing-table statistics [ match-options ] command to
check statistics about the BGP VPNv4 routing table.
----End
Procedure
l Run the ping [ ip ] [ -a source-ip-address | -c count | -d | -f | -h ttl-value | -i interface-
type interface-number | -m time | -n | -p pattern | -q | -r | -s packetsize | -t timeout | -tos tos-
value | -v | -vpn-instance vpn-instance-name ] * host command to check the network
connectivity.
l Run the tracert [ -a source-ip-address | -f first-ttl | -m max-ttl | -p port | -q nqueries | -vpn-
instance vpn-instance-name | -w timeout ] * host command to trace the gateways that the
packet passes by from the source to the destination.
l Run the ping lsp [ -a source-ip | -c count | -exp exp-value | -h ttl-value | -m interval | -r
reply-mode | -s packet-size | -t time-out | -v ] * vpn-instance vpn-name remote remote-
address mask-length command to check the connectivity of the L3VPN LSP.
----End
Example
After the VPN configuration, using the ping command with vpn-instance vpn-instance-name
on the PE, you can check whether the PE and the CEs that belong to the same VPN can
communicate with each other. If the ping fails, you can use the tracert command with vpn-
instance vpn-instance-name to locate the fault.
If multiple interfaces bound to the same VPN exist on the PE, specify the source IP address, that
is -a source-ip-address when you ping or tracert the remote CE that accesses the peer PE.
Otherwise, the ping or tracert may fail.
If you do not specify a source IP address, the PE chooses the smallest IP address of the interface
bound to the VPN on the PE as the source address of the ICMP packet randomly. If no route to
the selected address exists on the CE, the ICMP packet sent back from the peer PE is discarded.
Procedure
l Run the reset bgp vpn-instance vpn-instance-name [ ipv4-address ]flap-info command
in the user view to clear statistics of the BGP peer flap for a specified VPN instance.
l Run the reset bgp vpn-instance vpn-instance-name dampening [ ipv4-address [ mask |
mask-length ] ] command in the user view to clear dampening information of the VPN
instance.
----End
Context
CAUTION
VPN services are interrupted after the BGP connection is reset. Exercise caution when running
the commands.
When the BGP configuration changes, you can use the soft reset or reset BGP connections to
let the new configurations take effect. Soft reset requires that the BGP peers have route
refreshment capability (supporting Route-Refresh messages).
Procedure
l Run the refresh bgp vpn-instance vpn-instance-name { all | ipv4-address | group group-
name | internal | external } import command in the user view to trigger the inbound soft
reset of the VPN instance's BGP connection.
l Run the refresh bgp vpn-instance vpn-instance-name { all | ipv4-address | group group-
name | internal | external } export command in the user view to trigger the outbound soft
reset of the VPN instance's BGP connection.
l Run the refresh bgp vpnv4 { all | ipv4-address | group group-name | internal | external }
import command in the user view to trigger the inbound soft reset of the BGP VPNv4
connection.
l Run the refresh bgp vpnv4 { all | ipv4-address | group group-name | internal | external }
export command in the user view to trigger the outbound soft reset of the BGP VPNv4
connection.
l Run the reset bgp vpn-instance vpn-instance-name { as-number | ipv4-address | group
group-name | all | internal | external } command in the user view to reset BGP connections
of the VPN instance.
l Run the reset bgp vpnv4 { as-number | ipv4-address | group group-name | all | internal |
external } command in the user view to reset BGP VPNv4 connections.
----End
Context
CAUTION
Debugging affects system performance. After debugging is complete, run the undo debugging
all command to disable debugging immediately.
Run the following debugging commands in the user view to debug BGP/MPLS IP VPN and
locate the fault.
For more information, see the chapter "Information Center Configuration" in the S7700 Smart
Routing Switch Configuration Guide - System Management. For the description about the
debugging commands, see the Quidway S7700 Smart Routing Switch Debugging Reference.
Procedure
l Run the debugging bgp vpn-instance vpn-instance-name peer-address { all | event |
graceful-restart | timer } command in the user view to enable the debugging of the
specified BGP peers in a VPN instance.
l Run the debugging bgp vpn-instance vpn-instance-name peer-address { keepalive |
open | packet | raw-packet | route-refresh } [ receive | send ] [ verbose ] command in
the user view to enable the packet debugging of the specified BGP peers in a VPN instance.
l Run the debugging bgp update vpn-instance vpn-instance-name [ peer ip-address | acl
acl-number | ip-prefix ip-prefix-name ] [ receive | send ] [ verbose ] command in the user
view to enable the BGP Update packets debugging of VPN instances.
l Run the debugging bgp update vpnv4 [ peer ip-address | acl acl-number | ip-prefix ip-
prefix-name ] [ receive | send ] [ verbose ] command in the user view to enable the BGP
Update packets debugging of BGP VPNv4 routes.
l Run the debugging bgp update label-route [ peer ip-address ] [ acl acl-number | ip-
prefix ip-prefix-name ] [ receive | send ] [ verbose ] command in the user view to enable
the BGP Update packets debugging of labeled routes.
----End
Networking Requirements
As shown in Figure 3-3, CE1 and CE3 belong to vpna and CE2 and CE4 belong to vpnb. The
VPN target of vpna is 111:1, and VPN target of vpnb is 222:2. The users in different VPNs
cannot access each other.
CE1 CE3
GE1/0/0 GE1/0/0
Loopback1
2.2.2.9/32
GE1/0/0 GE1/0/0
PE1 PE2
GE1/0/0 GE2/0/0
Loopback1 Loopback1
1.1.1.9/32 GE3/0/0 GE3/0/0 3.3.3.9/32
GE2/0/0 P GE2/0/0
MPLS backbone
AS: 100
GE1/0/0 GE1/0/0
CE2 CE4
VPN-B VPN-B
AS: 65420 AS: 65440
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure VPN instances on the PEs connected to CEs on the backbone network and bind
related VPNs to the interfaces connected to the CEs.
2. Configure OSPF on the PEs and P to implement interconnection between PEs.
3. Configure the basic MPLS capabilities and LDP and create an MPLS LSP.
4. Configure MP-IBGP for exchanging routing information between the VPNs.
5. Configure EBGP for exchanging VPN routing information between the CE and PE.
Data Preparation
To complete the configuration, you need the following data:
l IDs of the VLANs that the interfaces belong to, as shown in Figure 3-3
l IP address of each VLAN interface, as shown in Figure 3-3
l MPLS LSR-IDs of PE and P
l RDs of vpna and vpnb
l VPN targets of received and sent routes of vpna and vpnb
Procedure
Step 1 Configure IGP on the MPLS backbone network so that PEs and P can interwork.
# Configure PE1.
<Quidway> system-view
[Quidway] sysname PE1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] vlan batch 10 20 30
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] port hybrid pvid vlan 10
[PE1-GigabitEthernet1/0/0] port hybrid untagged vlan 10
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] port hybrid pvid vlan 20
[PE1-GigabitEthernet2/0/0] port hybrid untagged vlan 20
[PE1-GigabitEthernet2/0/0] quit
[PE1] interface gigabitethernet 3/0/0
[PE1-GigabitEthernet3/0/0] port hybrid pvid vlan 30
[PE1-GigabitEthernet3/0/0] port hybrid untagged vlan 30
[PE1-GigabitEthernet3/0/0] quit
[PE1] interface vlanif 30
[PE1-Vlanif30] ip address 172.1.1.1 24
[PE1-Vlanif30] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure the P.
<Quidway> system-view
[Quidway] sysname P
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.9 32
[P-LoopBack1] quit
[P] vlan batch 30 60
[P] interface gigabitethernet 1/0/0
[P-GigabitEthernet1/0/0] port hybrid pvid vlan 30
[P-GigabitEthernet1/0/0] port hybrid untagged vlan 30
[P-GigabitEthernet1/0/0] quit
[P] interface gigabitethernet 2/0/0
[P-GigabitEthernet2/0/0] port hybrid pvid vlan 60
[P-GigabitEthernet2/0/0] port hybrid untagged vlan 60
[P-GigabitEthernet2/0/0] quit
[P] interface vlanif 30
[P-Vlanif30] ip address 172.1.1.2 24
[P-Vlanif30] quit
[P] interface vlanif 60
[P-Vlanif60] ip address 172.2.1.1 24
[P-Vlanif60] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
<Quidway> system-view
[Quidway] sysname PE2
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.9 32
[PE2-LoopBack1] quit
[PE2] vlan batch 40 50 60
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] port hybrid pvid vlan 40
[PE2-GigabitEthernet1/0/0] port hybrid untagged vlan 40
[PE2-GigabitEthernet1/0/0] quit
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] port hybrid pvid vlan 50
[PE2-GigabitEthernet2/0/0] port hybrid untagged vlan 50
[PE2-GigabitEthernet2/0/0] quit
[PE2] interface gigabitethernet 3/0/0
[PE2-GigabitEthernet3/0/0] port hybrid pvid vlan 60
[PE2-GigabitEthernet3/0/0] port hybrid untagged vlan 60
[PE2-GigabitEthernet3/0/0] quit
[PE2] interface vlanif 60
[PE2-Vlanif60] ip address 172.2.1.2 24
[PE2-Vlanif60] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
After the configuration, OSPF adjacencies are established between PE1, P, and PE2. By running
the display ospf peer command, you can see that the status of the OSPF adjacency is Full. By
running the display ip routing-table command, you can see that the PEs can learn the routes
of each other's Loopback1 interface.
Take PE1 for example.
Step 2 Configure basic MPLS functions and MPLS LDP on the MPLS backbone network and set up
LDP LSPs.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 30
[PE1-Vlanif30] mpls
[PE1-Vlanif30] mpls ldp
[PE1-Vlanif30] quit
# Configure the P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit
[P] interface vlanif 60
[P-Vlanif60] mpls
[P-Vlanif60] mpls ldp
[P-Vlanif60] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
After the configuration, LDP sessions are established between PE1 and P, and between P and
PE2. By running the display mpls ldp session command, you can see that the status of the LSP
sessions is Operational. By running the display mpls ldp lsp command, you can see the
establishment status of the LDP LSP.
Step 3 Configure VPN instances on each PE and connect the CEs to the PEs.
# Configure PE1.
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] route-distinguisher 100:1
[PE1-vpn-instance-vpna] vpn-target 111:1 both
[PE1-vpn-instance-vpna] quit
[PE1] ip vpn-instance vpnb
[PE1-vpn-instance-vpnb] route-distinguisher 100:2
[PE1-vpn-instance-vpnb] vpn-target 222:2 both
[PE1-vpn-instance-vpnb] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] ip binding vpn-instance vpna
[PE1-Vlanif10] ip address 10.1.1.2 24
[PE1-Vlanif10] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip binding vpn-instance vpnb
[PE1-Vlanif20] ip address 10.2.1.2 24
[PE1-Vlanif20] quit
# Configure PE2.
[PE2] ip vpn-instance vpna
[PE2-vpn-instance-vpna] route-distinguisher 200:1
[PE2-vpn-instance-vpna] vpn-target 111:1 both
[PE2-vpn-instance-vpna] quit
[PE2] ip vpn-instance vpnb
[PE2-vpn-instance-vpnb] route-distinguisher 200:2
[PE2-vpn-instance-vpnb] vpn-target 222:2 both
[PE2-vpn-instance-vpnb] quit
[PE2] interface vlanif 40
[PE2-Vlanif40] ip binding vpn-instance vpna
[PE2-Vlanif40] ip address 10.3.1.2 24
[PE2-Vlanif40] quit
[PE2] interface vlanif 50
[PE2-Vlanif50] ip binding vpn-instance vpnb
[PE2-Vlanif50] ip address 10.4.1.2 24
[PE2-Vlanif50] quit
# Configure IP addresses of the interfaces on the CEs according to Figure 3-3. The configuration
procedure is not given here.
After the configuration, run the display ip vpn-instance verbose command on the PEs, and you
can see the configuration of the VPN instances. The PEs can ping the connected CEs
successfully.
NOTE
If multiple interfaces on a PE are bound to the same VPN, you must specify the source address when you
run the ping -vpn-instance command to ping the CE connected to the peer PE. That is, specify -a source-
ip-address in the ping -vpn-instance vpn-instance-name -a source-ip-address destination-address
command. Otherwise, the ping operation may fail.
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/6/16 ms
Step 4 Set up EBGP peer relation between the PE and the CE and import VPN routes.
# Configure CE1.
[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] import-route direct
NOTE
The configuration procedures of CE2, CE3 and CE4 are similar to the configuration procedure of CE1 and
are not mentioned here.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpna
[PE1-bgp-vpna] peer 10.1.1.1 as-number 65410
[PE1-bgp-vpna] import-route direct
[PE1-bgp-vpna] quit
[PE1-bgp] ipv4-family vpn-instance vpnb
[PE1-bgp-vpnb] peer 10.2.1.1 as-number 65420
[PE1-bgp-vpnb] import-route direct
[PE1-bgp-vpnb] quit
NOTE
The configuration procedure of PE2 is similar to the configuration procedure of PE1 and is not mentioned
here.
After the configuration, run the display bgp vpnv4 vpn-instance peer command on a PE, and
you can find that the BGP peer relation between the PE and CE is in Established state.
Take the peer relation between PE1 and CE1 for example:
[PE1] display bgp vpnv4 vpn-instance vpna peer
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.9 enable
[PE2-bgp-af-vpnv4] quit
After the configuration, run the display bgp peer or display bgp vpnv4 all peer command, and
you can see that the BGP peer relation between the PEs is in Established state.
[PE1] display bgp peer
The CEs in the same VPN can ping each other, but the CEs in different VPNs cannot ping each
other.
For example, CE1 can ping CE3 (10.3.1.1) but cannot ping CE4 (10.4.1.1).
[CE1] ping 10.3.1.1
PING 10.3.1.1: 56 data bytes, press CTRL_C to break
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
vlan batch 10 20 30
#
ip vpn-instance vpna
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
ip vpn-instance vpnb
route-distinguisher 100:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface Vlanif10
ip binding vpn-instance vpna
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif20
ip binding vpn-instance vpnb
ip address 10.2.1.2 255.255.255.0
#
interface Vlanif30
ip address 172.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet3/0/0
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 40 50 60
#
ip vpn-instance vpna
route-distinguisher 200:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
route-distinguisher 200:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
interface Vlanif40
ip binding vpn-instance vpna
ip address 10.3.1.2 255.255.255.0
#
interface Vlanif50
ip binding vpn-instance vpnb
ip address 10.4.1.2 255.255.255.0
#
interface Vlanif60
ip address 172.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
interface GigabitEthernet3/0/0
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpna
peer 10.3.1.1 as-number 65430
import-route direct
#
ipv4-family vpn-instance vpnb
CE1 CE2
GE3/0/1
vpna vpna
GE3/0/1
VLANIF 100 VLANIF 100
14.1.1.2/24 34.1.1.2/24
GE3/0/1 GE3/0/1
VLANIF 101 VLANIF 101
14.1.1.2/24 34.1.1.2/24
CE3 CE4
vpnb vpnb
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure VPN instances on the PEs on the backbone network. Bind the interfaces
connected to CEs to the corresponding VPN instances so that CE1 and CE2 belong to a
VPN instance, and CE3 and CE4 belong to another VPN instance. Then assign IP addresses
to the PE interfaces connected to CEs.
2. Configure OSPF on the PEs to implement interconnection between PEs.
3. Enable MPLS and MPLS LDP on the PEs and P and set up an MPLS LSP.
Data Preparation
To complete the configuration, you need the following data:
l IDs of the VLANs that the interfaces belong to, as shown in Figure 3-4
l IP address of each VLANIF interface, as shown in Figure 3-4
l MPLS LSR-IDs of PEs and P
l RDs of vpna and vpnb
l VPN targets of vpna and vpnb
Procedure
Step 1 Configure VLANs that the interfaces belong to and assign IP addresses to the VLANIF interfaces
and loopback interfaces according to Figure 3-4.
The configuration procedure is not mentioned.
Step 2 Configure an IGP protocol on the MPLS backbone network so that PE and P routers can
communicate with each other.
# Configure PE1.
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure P.
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 23.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 23.1.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
After the configuration, OSPF relations are established between PE1, P, and PE2. By running
the display ospf peer command, you can see that the status of the OSPF relations is Full. By
running the display ip routing-table command, you can see that the PEs can learn the routes
of Loopback0 interface of each other.
Take the display on PE1 as an example.
[PE1] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Step 3 Configure basic MPLS functions, enable MPLS LDP, and establish LDP LSPs on the MPLS
backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] mpls
[PE1-Vlanif10] mpls ldp
# Configure P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 10
[P-Vlanif10] mpls
[P-Vlanif10] mpls ldp
[P-Vlanif10] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 20
[PE2-Vlanif20] mpls
[PE2-Vlanif20] mpls ldp
[PE2-Vlanif20] quit
After the configuration, LDP sessions should be set up between PE1 and P, and between PE2
and P. Running the display mpls ldp session command, you can see that Status is
Operational. Run the display mpls ldp lsp command, and you can see the establishment status
of the LDP LSP.
Take the display on PE1 as an example.
[PE1] display mpls ldp session
Step 4 Configure VPN instances on each PE and connect the CEs to the PEs.
# Configure PE1.
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] route-distinguisher 100:100
[PE1-vpn-instance-vpna] vpn-target 100:100 export-extcommunity
[PE1-vpn-instance-vpna] vpn-target 100:100 import-extcommunity
[PE1-vpn-instance-vpna] quit
[PE1] ip vpn-instance vpnb
[PE1-vpn-instance-vpnb] route-distinguisher 300:300
[PE1-vpn-instance-vpnb] vpn-target 200:200 export-extcommunity
[PE1-vpn-instance-vpnb] vpn-target 200:200 import-extcommunity
[PE1-vpn-instance-vpnb] quit
[PE1] interface vlanif 100
[PE1-Vlanif100] ip binding vpn-instance vpna
[PE1-Vlanif100] ip address 14.1.1.1 255.255.255.0
[PE1-Vlanif100] quit
[PE1] interface vlanif 101
[PE1-Vlanif101] ip binding vpn-instance vpnb
[PE1-Vlanif101] ip address 14.1.1.1 255.255.255.0
[PE1-Vlanif101] quit
# Configure PE2.
[PE2] ip vpn-instance vpna
[PE2-vpn-instance-vpna] route-distinguisher 200:200
[PE2-vpn-instance-vpna] vpn-target 100:100 export-extcommunity
[PE2-vpn-instance-vpna] vpn-target 100:100 import-extcommunity
[PE2-vpn-instance-vpna] quit
[PE2] ip vpn-instance vpnb
[PE2-vpn-instance-vpnb] route-distinguisher 400:400
[PE2-vpn-instance-vpnb] vpn-target 200:200 export-extcommunity
[PE2-vpn-instance-vpnb] vpn-target 200:200 import-extcommunity
[PE2-vpn-instance-vpnb] quit
[PE2] interface vlanif 100
[PE2-Vlanif100] ip binding vpn-instance vpna
[PE2-Vlanif100] ip address 34.1.1.1 255.255.255.0
[PE2-Vlanif100] quit
# Assign IP addresses to the interfaces on the CEs according to Figure 3-4. The configuration
procedure is not mentioned here.
After the configuration, run the display ip vpn-instance verbose command on the PEs, and you
can see the configuration of the VPN instances. The PEs can ping the connected CEs
successfully.
Take the display on PE1 and CE1 as an example.
[PE1] display ip vpn-instance verbose
Total VPN-Instances configured : 2
Step 5 On CE1, CE2, CE3, and CE4, configure static routes to their connected PEs.
# Configure CE1.
[CE1] ip route-static 0.0.0.0 0.0.0.0 vlanif 100 14.1.1.1
NOTE
Configurations of CE2, CE3 and CE4 are similar to the configuration of CE1, and are not mentioned here.
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback0
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.9 enable
[PE2-bgp-af-vpnv4] quit
[PE2-bgp] ipv4-family vpn-instance vpna
[PE2-bgp-vpna] import-route direct
[PE2-bgp-vpna] quit
[PE2-bgp] ipv4-family vpn-instance vpnb
[PE2-bgp-vpnb] import-route direct
[PE2-bgp-vpnb] quit
After the configuration, run the display bgp peer command on a PE, and you can see that the
BGP peer relation between the PE and CE is in Established state.
[PE1]display bgp peer
BGP local router ID : 1.1.1.9
Local ASN : 100
Total number of peers : 1 Peers in established state : 1
Run the ping 34.1.1.1 command on CE1, and the ping is successful. Run the display
interface command to view the statistics about packets on GE 3/0/1 and GE3/0/2 of PE2, and
you can see that there are packets passing through GE 3/0/1 but there is not any packet passing
through GE3/0/2. This indicates that the two VPN instances contain same addresses but users
in the VPNs cannot communicate with each other.
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
vlan batch 10 100 101
#
ip vpn-instance vpna
route-distinguisher 100:100
vpn-target 100:100 export-extcommunity
vpn-target 100:100 import-extcommunity
ip vpn-instance vpnb
route-distinguisher 300:300
vpn-target 200:200 export-extcommunity
vpn-target 200:200 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface Vlanif10
ip address 12.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif100
ip binding vpn-instance vpna
ip address 14.1.1.1 255.255.255.0
#
interface Vlanif101
ip binding vpn-instance vpnb
ip address 14.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet3/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet3/0/2
port hybrid pvid vlan 101
port hybrid untagged vlan 101
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 23.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif100
ip binding vpn-instance vpna
ip address 34.1.1.1 255.255.255.0
#
interface Vlanif101
ip binding vpn-instance vpnb
ip address 34.1.1.1 255.255.255.0
#
interface GigabitEthernet2/0/1
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet3/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet3/0/2
port hybrid pvid vlan 101
port hybrid untagged vlan 101
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpna
import-route direct
#
ipv4-family vpn-instance vpnb
import-route direct
#
ospf 1
area 0.0.0.0
network 23.1.1.0 0.0.0.255
network 3.3.3.9 0.0.0.0
#
return
l Configuration file of CE1
#
sysname CE1
#
vlan batch 100
#
interface Vlanif100
ip address 14.1.1.2 255.255.255.0
#
interface GigabitEthernet3/0/1
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
ip route-static 0.0.0.0 0.0.0.0 Vlanif 100 14.1.1.1
#
return
Networking Requirements
As shown in Figure 3-5, the S7700 functions as the PE on the MPLS backbone. CE1 belongs
to vpna; CE2 belongs to vpnb.
It is required that CE1 and CE2 can communicate with each other.
NOTE
This example is only for configuring mutual access for local VPNs on S7700, for details about configuring
mutual access for local VPNs on SPU board, see 3.17.4 Example for Configuring Mutual Access for
Local VPNs on SPU Board.
Figure 3-5 Networking diagram for configuring mutual access between VPNs
Configuration Roadmap
The configuration roadmap is as follows:
1. On the PE, configure a VPN instance, set different VPN targets for the VPN instance
2. On the PE, bind the interface connected to the CE to the VPN instance.
3. Enable the routing protocol on the CEs.
Data Preparation
To complete the configuration, you need the following data:
l VLAN ID and IP address of VLANIF interface allowed by each interface
l RD of the VPN
l VPN targets of the received and sent routes
Configuration Procedure
Procedure
Step 1 Create VLANs and specify the VLAN IDs that are allowed by the interfaces, as shown in Figure
3-5.
# Configure PE1.
<Quidway> system-view
[Quidway] sysname PE1
[PE1] vlan batch 10 20
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] port link-type trunk
[PE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface gigabitethernet 2/0/0
# Configure CE1.
<Quidway> system-view
[Quidway] sysname CE1
[CE1] vlan batch 10
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] port link-type trunk
[CE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10
[CE1-GigabitEthernet1/0/0] quit
# Configure CE2.
<Quidway> system-view
[Quidway] sysname CE2
[CE2] vlan batch 20
[CE2] interface gigabitethernet 1/0/0
[CE2-GigabitEthernet1/0/0] port link-type trunk
[CE2-GigabitEthernet1/0/0] port trunk allow-pass vlan 20
[CE2-GigabitEthernet1/0/0] quit
Step 2 Configure a VPN instance on each PE and connect the CEs to the PEs.
# Configure PE1.
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] route-distinguisher 100:1
[PE1-vpn-instance-vpna] vpn-target 111:1 export-extcommunity
[PE1-vpn-instance-vpna] vpn-target 111:1 222:2 import-extcommunity
[PE1-vpn-instance-vpna] quit
[PE1] ip vpn-instance vpnb
[PE1-vpn-instance-vpnb] route-distinguisher 100:2
[PE1-vpn-instance-vpnb] vpn-target 222:2 export-extcommunity
[PE1-vpn-instance-vpnb] vpn-target 222:2 111:1 import-extcommunity
[PE1-vpn-instance-vpnb] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] ip binding vpn-instance vpna
[PE1-Vlanif10] ip address 10.1.1.2 24
[PE1-Vlanif10] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip binding vpn-instance vpnb
[PE1-Vlanif20] ip address 10.2.1.2 24
[PE1-Vlanif20] quit
# Configure PE2.
[PE2] ip vpn-instance vpna
[PE2-vpn-instance-vpna] route-distinguisher 200:1
[PE2-vpn-instance-vpna] vpn-target 111:1 both
[PE2-vpn-instance-vpna] quit
[PE2] ip vpn-instance vpnb
[PE2-vpn-instance-vpnb] route-distinguisher 200:2
[PE2-vpn-instance-vpnb] vpn-target 222:2 both
[PE2-vpn-instance-vpnb] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] ip binding vpn-instance vpna
[PE2-Vlanif30] ip address 10.3.1.2 24
[PE2-Vlanif30] quit
[PE2] interface vlanif 40
[PE2-Vlanif40] ip binding vpn-instance vpnb
[PE2-Vlanif40] ip address 10.4.1.2 24
[PE2-Vlanif40] quit
# Assign IP addresses to the interfaces on the CEs according to Figure 3-5. The configuration
procedure is not mentioned here.
After the configuration, The PE can ping the connected CE successfully.
Step 3 Configure BGP to import the direct route to the VPN instance routing table.
# Configure PE1
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpna
[PE1-bgp-vpna] import-route direct
[PE1-bgp] ipv4-family vpn-instance vpnb
[PE1-bgp-vpnb] import-route direct
# Configure CE2.
[CE2] ip route-static 10.1.1.0 24 10.2.1.2
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
vlan batch 10 20
#
ip vpn-instance vpna
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 222:2 import-extcommunity
ip vpn-instance vpnb
route-distinguisher 100:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 111:1 import-extcommunity
#
interface Vlanif10
ip binding vpn-instance vpna
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif20
ip binding vpn-instance vpnb
ip address 10.2.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
bgp 100
#
ipv4-family unicast
undo synchronization
#
ipv4-family vpn-instance vpna
import-route direct
#
ipv4-family vpn-instance vpnb
import-route direct
#
return
#
interface Vlanif20
ip address 10.2.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
ip route-static 10.1.1.0 24 10.2.1.2
#
return
Networking Requirements
As shown in Figure 3-6, the S7700 functions as the PE. PC1 belongs to vpn-a and PC2 belongs
to vpn-b.
NOTE
This example is only for configuring mutual access for local VPNs on SPU board, for details about
configuring mutual access for local VPNs on S7700, see 3.17.3 Example for Configuring Mutual Access
Between VPNs on S7700.
Figure 3-6 Networking diagram for configuring mutual access betwen local VPNs
VLAN 10 10.10.10.2/24
Eth-trunk0 Eth-trunk0.10
XGE2/0/0 XGE0/0/1
Eth-Trunk0
XGE2/0/1 XGE0/0/2
Eth-trunk0 Eth-trunk0.20
VLAN 10 20.20.20.2/24
GE1/0/4 GE1/0/6
PC1 Switch PC2
10.10.10.1/24 20.20.20.1/24
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Import flows from the switch to the SPU.
Step 3 Create sub-interfaces on the SPU and bind the VPN instance to the sub-interfaces.
[SPU] interface eth-trunk 0.10
[SPU-Eth-Trunk0.10] control-vid 10 dot1q-termination
[SPU-Eth-Trunk0.10] dot1q termination vid 10
[SPU-Eth-Trunk0.10] ip binding vpn-instance vpn-a
[SPU-Eth-Trunk0.10] ip address 10.10.10.2 24
[SPU-Eth-Trunk0.10] arp broadcast enable
[SPU-Eth-Trunk0.10] quit
[SPU] interface eth-trunk 0.20
[SPU-Eth-Trunk0.20] control-vid 20 dot1q-termination
[SPU-Eth-Trunk0.20] dot1q termination vid 20
[SPU-Eth-Trunk0.20] ip binding vpn-instance vpn-b
[SPU-Eth-Trunk0.20] ip address 20.20.20.2 24
[SPU-Eth-Trunk0.20] arp broadcast enable
[SPU-Eth-Trunk0.20] quit
Step 4 Configure the static route on the SPU to allow the VPNs to communicate with each other.
----End
Configuration Files
l Configuration file of switch
#
sysname Switch
#
vlan batch 10 20
#
interface Eth-Trunk0
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet1/0/4
port link-type access
port default vlan 10
#
interface GigabitEthernet1/0/6
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20
#
interface XGigabitEthernet2/0/0
eth-trunk 0
#
interface XGigabitEthernet2/0/1
eth-trunk 0
#
return
Networking Requirements
As shown in Figure 3-7, CE1 and CE2 belong to the same VPN instance and access PE1 and
PE2 respectively.
Backbone
GE1/0/0 GE1/0/0
AS 100
CE1 CE2
GE2/0/0 GE2/0/0
vpn1 vpn1
AS 600 AS 600
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable IGP on the backbone network to implement interworking between PEs, and between
PE and P so that they can learn loopback address of each other.
2. Create an MPLS LDP LSP between the PEs, create VPN instances on PEs, and connect
PEs to CEs.
3. Establish EBGP adjacencies between the PEs and CEs to import routes of the CEs to the
PEs.
4. Configure BGP ASN substitution on PEs.
Data Preparation
To complete the configuration, you need the following data:
l MPLS LSR-IDs of PE and P
l VPN instances on PE1 and PE2
l ASN used by CE1 and CE2, which is different from the ASN of the backbone network
Procedure
Step 1 Configure basic BGP/MPLS IP VPN.
The configurations are as follows:
l Configure OSPF on the MPLS backbone so that the PE and P can learn routes of the loopback
interface from each other.
l Enable MPLS capability and MPLS LDP on the MPLS backbone and establish an LDP LSP.
l Establish an MP-IBGP adjacency between PEs and advertise VPNv4 routes.
l Configure VPN instance of VPN1 on PE2 and connect PE2 to CE2.
l Configure VPN instance of VPN1 on PE1 and connect PE1 to CE1.
l Configure BGP between PE1 and CE1, and between PE2 and CE2. Import routes of the CEs
to PEs.
After the configuration, run the display ip routing-table command on CE2. You can see that
CE2 can learn the route of the network segment (10.1.1.0/24) of the interface connecting PE1
to CE1, but there is no route to VPN (100.1.1.0/24) of CE1. When you run the display ip routing-
table command on CE1, you can see the similar information.
[CE2] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 BGP 255 0 D 10.2.1.2 Vlanif40
10.2.1.0/24 Direct 0 0 D 10.2.1.1 Vlanif40
10.2.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
10.2.1.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
200.1.1.0/24 Direct 0 0 D 200.1.1.1 Vlanif60
200.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Run the display ip routing-table vpn-instance command on PEs, and you can see the routes
to the VPNs of the peer CEs.
Take PE2 for example.
[PE2] display ip routing-table vpn-instance vpn1
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 BGP 255 0 RD 1.1.1.9 Vlanif30
10.2.1.0/24 Direct 0 0 D 10.2.1.2 Vlanif40
10.2.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0
10.2.1.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
100.1.1.0/24 BGP 255 0 RD 1.1.1.9 Vlanif30
200.1.1.0/24 BGP 255 0 D 10.2.1.1 Vlanif40
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Enable debugging of the BGP Update packets on PE2. The debugging information shows that
PE2 advertises the route to 100.1.1.0/24 and the AS path information is "100 600".
<PE2> terminal monitor
<PE2> terminal debugging
<PE2> debugging bgp update vpn-instance vpn1 peer 10.2.1.1 verbose
<PE2> refresh bgp vpn-instance vpn1 all export
*0.4402392 PE2 RM/7/RMDEBUG:
BGP.vpn1: Send UPDATE to 10.2.1.1 for following destinations :
Origin : Incomplete
AS Path : 100 600
Next Hop : 10.2.1.2
100.1.1.0/24,
Run the display bgp routing-table peer received-routes command on CE2, and you can see
that CE2 does not accept the route to 100.1.1.0/24.
[CE2] display bgp routing-table peer 10.2.1.2 received-routes
Total Number of Routes: 3
BGP Local router ID is 10.2.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.1.1.0/24 10.2.1.2 0 100?
* 10.2.1.0/24 10.2.1.2 0 0 100?
* 10.2.1.1/32 10.2.1.2 0 0 100?
In the route advertised to CE2 by PE2, you can see that the AS path information of 100.1.1.0/24
changes from "100 600" to "100 100".
*0.13498737 PE2 RM/7/RMDEBUG:
BGP.vpn1: Send UPDATE to 10.2.1.1 for following destinations :
Origin : Incomplete
AS Path : 100 100
Next Hop : 10.2.1.2
100.1.1.0/24
After BGP ASN substitution is configured on PE1, the GE interfaces of CE1 and CE2 can ping
each other.
[CE1] ping -a 100.1.1.1 200.1.1.1
PING 200.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 200.1.1.1: bytes=56 Sequence=1 ttl=253 time=109 ms
Reply from 200.1.1.1: bytes=56 Sequence=2 ttl=253 time=67 ms
Reply from 200.1.1.1: bytes=56 Sequence=3 ttl=253 time=66 ms
Reply from 200.1.1.1: bytes=56 Sequence=4 ttl=253 time=85 ms
Reply from 200.1.1.1: bytes=56 Sequence=5 ttl=253 time=70 ms
--- 200.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 66/79/109 ms
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10 50
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface Vlanif50
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet2/0/0
#
return
l Configuration file of P
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address ip address 20.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address ip address 30.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 30 40
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
interface Vlanif30
ip address 30.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip binding vpn-instance vpn1
ip address 10.2.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 40
Networking Requirements
As shown in Figure 3-8, the communication between Spoke-CEs is controlled by the Hub-CE
in the central site. That is, the traffic between Spoke-CEs is forwarded by the Hub-CE, and not
only by the Hub-PE.
AS: 65430
Hub-CE
GE1/0/0 GE2/0/0
GE3/0/0 GE3/0/1
Hub-PE
GE1/0/0 GE2/0/0
GE2/0/0 GE2/0/0
Spoke-PE1 Spoke-PE2
GE1/0/0 GE1/0/0
Backbone
AS100
GE1/0/0 GE1/0/0
Spoke-CE1 Spoke-CE2
AS: 65410 AS: 65420
Loopback1 - 2.2.2.9/32
Loopback1 - 1.1.1.9/32
Loopback1 - 3.3.3.9/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Set up MP-IBGP peer relation between the Hub-PE and the Spoke-PE. Do not set up MP-
IBGP peer relation between Spoke-PEs.
2. Create two VPN instances on the Hub-PE. The import targets are the export targets of the
two Spoke-PEs. The export targets are different from the import targets.
3. Create a VPN instance on the Spoke-PE. The import target is the export target of the Hub-
PE.
4. Run EBGP between the CE and PE.
5. Configure the Hub-PE to accept the routes with two repeated ASNs.
Data Preparation
To complete the configuration, you need the following data:
l IDs of the VLANs that the interfaces belong to, as shown in Figure 3-8
l IP address of each VLANIF interface, as shown in Figure 3-8
l MPLS LSR IDs of the PEs
l VPN instance names, RDs, and VPN targets of the Hub-PE and Spoke-PE
Procedure
Step 1 Configure IGP on the backbone network to make the Hub-PE and the Spoke-PE communicate
with each other.
In this example, OSPF is used as IGP and the configuration procedure is not mentioned.
After the configuration, an OSPF adjacency can be established between the Hub-PE and the
Spoke-PEs. Run the display ospf peer command, and you can see that the status of the adjacency
is Full. Run the display ip routing-table command, and you can see that the Hub-PE and the
Spoke-PEs can learn the loopback routes of each other.
Step 2 Configure the basic MPLS capability on the backbone network and set up an LDP LSP.
# Configure the Hub-PE.
[Hub-PE] mpls lsr-id 2.2.2.9
[Hub-PE] mpls
After the configuration, LDP peer relation can be set up between the Hub-PE and the Spoke-
PEs. Run the display mpls ldp session command on each Switch, and you can see that the
session status is Operational.
The configuration procedure of the Spoke-PE is similar to the configuration procedure of the
Hub-PE and is not mentioned here.
Step 3 Configure VPN instances on each PE and connect the CEs to the PEs.
NOTE
The VPN targets of the two VPNs on the Hub-PE are advertised by the two Spoke-PE, and the advertised
VPN target is different from the received VPN target. The import VPN target on the Spoke-PE is the export
VPN target on the Hub-PE.
# Configure Spoke-PE1.
<Spoke-PE1> system-view
[Spoke-PE1] ip vpn-instance vpna
[Spoke-PE1-vpn-instance-vpna] route-distinguisher 100:1
[Spoke-PE1-vpn-instance-vpna] vpn-target 100:1 export-extcommunity
[Spoke-PE1-vpn-instance-vpna] vpn-target 200:1 import-extcommunity
[Spoke-PE1-vpn-instance-vpna] quit
[Spoke-PE1] interface vlanif 50
[Spoke-PE1-Vlanif50] ip binding vpn-instance vpna
[Spoke-PE1-Vlanif50] ip address 100.1.1.2 24
[Spoke-PE1-Vlanif50] quit
# Configure Spoke-PE2.
<Spoke-PE2> system-view
[Spoke-PE2] ip vpn-instance vpna
[Spoke-PE2-vpn-instance-vpna] route-distinguisher 100:3
[Spoke-PE2-vpn-instance-vpna] vpn-target 100:1 export-extcommunity
[Spoke-PE2-vpn-instance-vpna] vpn-target 200:1 import-extcommunity
[Spoke-PE2-vpn-instance-vpna] quit
[Spoke-PE2] interface vlanif 60
[Spoke-PE2-Vlanif60] ip binding vpn-instance vpna
[Spoke-PE2-Vlanif60] ip address 120.1.1.2 24
[Spoke-PE2-Vlanif60] quit
# Configure the IP addresses of the interfaces on the CEs. The configuration procedure is not
given here.
After the configuration, run the display ip vpn-instance verbose command on the PEs, and you
can see the configuration of the VPN instances. Each PE can ping the connected CEs by using
the ping -vpn-instance vpn-name ip-address command.
NOTE
If multiple interfaces on a PE are bound to the same VPN, you must specify the source address when you
run the ping -vpn-instance command to ping the CE connected to the peer PE. That is, specify -a source-
ip-address in the ping -vpn-instance vpn-instance-name -a source-ip-address destination-address
command. Otherwise, the ping operation may fail.
Step 4 Set up EBGP peer relation between the PE and the CE and import VPN routes.
NOTE
To receive the routes advertised by the Hub-CE, configure the Hub-PE to allow the ASN to be repeated
once.
# Configure Spoke-CE1.
[Spoke-CE1] bgp 65410
[Spoke-CE1-bgp] peer 100.1.1.2 as-number 100
[Spoke-CE1-bgp] import-route direct
[Spoke-CE1-bgp] quit
# Configure Spoke-PE1.
[Spoke-PE1] bgp 100
[Spoke-PE1-bgp] ipv4-family vpn-instance vpna
[Spoke-PE1-bgp-vpna] peer 100.1.1.1 as-number 65410
[Spoke-PE1-bgp-vpna] import-route direct
[Spoke-PE1-bgp-vpna] quit
[Spoke-PE1-bgp] quit
# Configure Spoke-CE2.
[Spoke-CE2] bgp 65420
[Spoke-CE2-bgp] peer 120.1.1.2 as-number 100
[Spoke-CE2-bgp] import-route direct
[Spoke-CE2-bgp] quit
# Configure Spoke-PE2.
[Spoke-PE2] bgp 100
[Spoke-PE2-bgp] ipv4-family vpn-instance vpna
[Spoke-PE2-bgp-vpna] peer 120.1.1.1 as-number 65420
[Spoke-PE2-bgp-vpna] import-route direct
[Spoke-PE2-bgp-vpna] quit
[Spoke-PE2-bgp] quit
After the configuration, run the display bgp vpnv4 all peer command on a PE, and you can
find that the BGP peer relation between the PE and CE is in Established state.
Step 5 Set up MP-IBGP adjacency between the PEs.
NOTE
The Spoke-PE need not allow the repeated ASN, because the Switch does not check the AS path attribute
in the routing information advertised by the IBGP peers.
# Configure Spoke-PE1.
[Spoke-PE1] bgp 100
[Spoke-PE1-bgp] peer 2.2.2.9 as-number 100
[Spoke-PE1-bgp] peer 2.2.2.9 connect-interface loopback 1
[Spoke-PE1-bgp] ipv4-family vpnv4
[Spoke-PE1-bgp-af-vpnv4] peer 2.2.2.9 enable
[Spoke-PE1-bgp-af-vpnv4] quit
# Configure Spoke-PE2.
[Spoke-PE2] bgp 100
[Spoke-PE2-bgp] peer 2.2.2.9 as-number 100
[Spoke-PE2-bgp] peer 2.2.2.9 connect-interface loopback 1
[Spoke-PE2-bgp] ipv4-family vpnv4
[Spoke-PE2-bgp-af-vpnv4] peer 2.2.2.9 enable
[Spoke-PE2-bgp-af-vpnv4] quit
After the configuration, run the display bgp peer or display bgp vpnv4 all peer command, and
you can see that the BGP peer relation between the PEs is in Established state.
Step 6 Verify the configuration.
After the configuration, the Spoke-CEs can ping each other. Run the tracert command, and you
can see that the traffic between the Spoke-CEs is forwarded through the Hub-CE. You can also
deduce the number of forwarding devices between the Spoke-CEs based on the TTL in the ping
result.
Take Spoke-CE1 for example.
[Spoke-CE1] ping 120.1.1.1
PING 120.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 120.1.1.1: bytes=56 Sequence=1 ttl=250 time=80 ms
Reply from 120.1.1.1: bytes=56 Sequence=2 ttl=250 time=129 ms
Reply from 120.1.1.1: bytes=56 Sequence=3 ttl=250 time=132 ms
Reply from 120.1.1.1: bytes=56 Sequence=4 ttl=250 time=92 ms
Run the display bgp routing-table command on the Spoke-CE, and you can see the repeated
ASNs in AS paths of the BGP routes to the remote Spoke-CE.
Take Spoke-CE1 for example.
[Spoke-CE1] display bgp routing-table
Total Number of Routes: 6
BGP Local router ID is 100.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
----End
Configuration Files
l Configuration file of Spoke-CE1
#
sysname Spoke-CE1
#
vlan batch 50
#
interface Vlanif50
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
bgp 65410
peer 100.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 100.1.1.2 enable
#
return
ip vpn-instance vpna
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 200:1 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
label advertise non-null
#
mpls ldp
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
ip binding vpn-instance vpna
ip address 100.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
#
ipv4-family vpn-instance vpna
peer 100.1.1.1 as-number 65410
import-route direct
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
return
l Configuration file of Spoke-PE2
#
sysname Spoke-PE2
#
vlan batch 20 60
#
ip vpn-instance vpna
route-distinguisher 100:3
vpn-target 100:1 export-extcommunity
vpn-target 200:1 import-extcommunity
#
mpls lsr-id 3.3.3.9
mpls
label advertise non-null
#
mpls ldp
#
interface Vlanif20
ip address 11.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif60
ip binding vpn-instance vpna
ip address 120.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
#
ipv4-family vpn-instance vpna
peer 120.1.1.1 as-number 65420
import-route direct
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 11.1.1.0 0.0.0.255
#
return
l Configuration file of Spoke-CE2
#
sysname Spoke-CE2
#
vlan batch 60
#
interface Vlanif60
ip address 120.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
bgp 65420
peer 120.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 120.1.1.2 enable
#
return
l Configuration file of Hub-CE
#
sysname Hub-CE
#
vlan batch 30 40
#
interface Vlanif30
ip address 110.1.1.1 255.255.255.0
#
interface Vlanif40
ip address 110.2.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
bgp 65430
peer 110.1.1.2 as-number 100
peer 110.2.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 110.2.1.2 enable
peer 110.1.1.2 enable
#
return
l Configuration file of Hub-PE
#
sysname Hub-PE
#
vlan batch 10 20 30 40
#
ip vpn-instance vpn_in
route-distinguisher 100:21
vpn-target 100:1 import-extcommunity
#
ip vpn-instance vpn_out
route-distinguisher 100:22
vpn-target 200:1 export-extcommunity
#
mpls lsr-id 2.2.2.9
mpls
label advertise non-null
#
mpls ldp
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif20
ip address 11.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip binding vpn-instance vpn_in
ip address 110.1.1.2 255.255.255.0
#
interface Vlanif40
ip binding vpn-instance vpn_out
ip address 110.2.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet3/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet3/0/1
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpn_in
peer 110.1.1.1 as-number 65430
import-route direct
#
ipv4-family vpn-instance vpn_out
peer 110.2.1.1 as-number 65430
peer 110.2.1.1 allow-as-loop
import-route direct
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 11.1.1.0 0.0.0.255
#
return
Networking Requirements
As shown in Figure 3-9, CE1 and CE2 belong to the same VPN. CE1 accesses PE1 through AS
100, and CE2 accesses PE2 through AS 200.
Inter-AS BGP/MPLS IP VPN is implemented through Option A. That is, the VRF-to-VRF
method is used to manage VPN routes.
Loopback1 Loopback1
1.1.1.9/32 GE1/0/0 4.4.4.9/32
GE1/0/0
VLANIF 11
VLANIF 22
PE1 172.1.1.2/24 162.1.1.2/24 PE2
GE2/0/0 GE2/0/0
VLANIF 10 VLANIF 10
10.1.1.2/24 10.2.1.2/24
GE1/0/0 GE1/0/0
VLANIF 10 VLANIF 10
10.1.1.1/24 10.2.1.1/24
CE1 CE2
AS 65001 AS 65002
Configuration Roadmap
The configuration roadmap is as follows:
1. Set up the EBGP peer relation between the PE and the CE and set up MP-IBGP peer relation
between the PE and the ASBR.
2. Create a VPN instance on the two ASBR-PEs and bind the VPN instance to the interface
connected to the other ASBR-PE (regarding the ASBR-PE as its CE) and set up the EBGP
peer relation between the ASBR-PEs.
Data Preparation
To complete the configuration, you need the following data:
l MPLS LSR IDs of PEs and ASBR-PEs
l VPN instance names, RDs, and VPN targets for the PEs and ABSR-PEs
Procedure
Step 1 Create VLANs and specify the VLAN IDs that are allowed by the interfaces, as shown in Figure
3-9.
The configuration procedure is not mentioned here.
Step 2 On the MPLS backbone networks in AS 100 and AS 200, configure an IGP protocol so that the
PEs and the ASBRs on the network can communicate with each other.
The OSPF protocol is used in this example and the configuration procedure is not mentioned
here.
NOTE
The 32-bit loopback interface address used as the LSR ID must be advertised by OSPF.
After the configuration, the OSPF neighbor relation can be established between the ASBR and
the PE in the same AS. Run the display ospf peer command, and you can find that the neighbor
status is Full.
The ASBR-PE and PE in the same AS can ping each other and learn the loopback interface
address of each other.
Step 3 Configure the basic MPLS function and MPLS LDP on the MPLS backbone networks of AS
100 and AS 200 and set up the MPLS LDP LSP.
# Configure the basic MPLS function on PE1 and enable LDP on the interface connected to
ASBR-PE1.
<PE1> system-view
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] label advertise non-null
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 11
[PE1-Vlanif11] mpls
[PE1-Vlanif11] mpls ldp
[PE1-Vlanif11] quit
# Configure the basic MPLS function on ASBR-PE1 and enable LDP on the interface connected
to PE1.
<ASBR-PE1> system-view
[ASBR-PE1] mpls lsr-id 2.2.2.9
[ASBR-PE1] mpls
[ASBR-PE1-mpls] label advertise non-null
[ASBR-PE1-mpls] quit
[ASBR-PE1] mpls ldp
[ASBR-PE1-mpls-ldp] quit
[ASBR-PE1] interface vlanif 11
[ASBR-PE1-Vlanif11] mpls
[ASBR-PE1-Vlanif11] mpls ldp
[ASBR-PE1-Vlanif11] quit
# Configure the basic MPLS function on ASBR-PE2 and enable LDP on the interface connected
to PE2.
<ASBR-PE2> system-view
[ASBR-PE2] mpls lsr-id 3.3.3.9
[ASBR-PE2] mpls
[ASBR-PE2-mpls] label advertise non-null
[ASBR-PE2-mpls] quit
[ASBR-PE2] mpls ldp
[ASBR-PE2-mpls-ldp] quit
[ASBR-PE2] interface vlanif 22
[ASBR-PE2-Vlanif22] mpls
[ASBR-PE2-Vlanif22] mpls ldp
[ASBR-PE2-Vlanif22] quit
# Configure the basic MPLS function on PE2 and enable LDP on the interface connected to
ASBR-PE2.
<PE2> system-view
[PE2] mpls lsr-id 4.4.4.9
[PE2] mpls
[PE2-mpls] label advertise non-null
[PE2-mpls] quit
After the configuration, the LDP peer relation can be set up between the PE and ASBR in the
same AS. Run the display mpls ldp session command on each Switch, and you can see that the
session status is Operational.
The VPN targets of the VPN instances of the ASBR-PE and PE in an AS should match each other. In
different ASs, the VPN targets of the VPN instances in different ASs do not need to match each other.
# Configure CE1.
<CE1> system-view
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 24
[CE1-Vlanif10] quit
[CE1] bgp 65001
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] import-route direct
[CE1-bgp] quit
NOTE
The configurations on CE2, PE2, and ASBR-PE2 are similar to the configurations on CE1, PE1 and ASBR-
PE1 and are not mentioned here.
After the configuration, run the display bgp vpnv4 vpn-instance vpn-instancename peer
command on a PE, and you can find that the BGP peer relation between the PE and CE is in
Established state. Run the display bgp vpnv4 all peer command, and you can see the BGP peer
relations are set up between the PE and CE, and between the PE and ASBR, and the BGP peer
relations are in Established state.
Take the display on PE1 as an example:
[PE1] display bgp vpnv4 vpn-instance vpn1 peer
# On ASBR-PE2, create a VPN instance and bind the VPN instance to the interface connected
to ASBR-PE1 (ASBR-PE2 regards ASBR-PE1 as its own CE).
[ASBR-PE2] ip vpn-instance vpn1
[ASBR-PE2-vpn-instance-vpn1] route-distinguisher 200:2
[ASBR-PE2-vpn-instance-vpn1] vpn-target 2:2 both
[ASBR-PE2-vpn-instance-vpn1] quit
[ASBR-PE2] interface GigabitEthernet vlanif 12
[ASBR-PE2-Vlanif12] ip binding vpn-instance vpn1
[ASBR-PE2-Vlanif12] ip address 192.1.1.2 24
[ASBR-PE2-Vlanif12] quit
Run the display bgp vpnv4 vpn-instance peer command on the ASBR PE, and you can see
that the BGP peer relation is established between the ASBR-PEs.
Step 6 Verify the configuration.
After the preceding configuration, CEs can learn the routes from the interfaces of each other,
and CE1 and CE2 can ping each other successfully.
Take the display on CE1 as an example:
[CE1] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif10
10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
10.1.1.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
10.2.1.0/24 BGP 255 0 D 10.1.1.2 Vlanif10
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.1.1.0/24 BGP 255 0 D 10.1.1.2 Vlanif10
192.1.1.2/32 BGP 255 0 D 10.1.1.2 Vlanif10
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[CE1] ping 10.2.1.1
PING 10.2.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=251 time=119 ms
Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=251 time=141 ms
Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=251 time=136 ms
Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=251 time=113 ms
Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=251 time=78 ms
--- 10.2.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 78/117/141 ms
Run the display ip routing-table vpn-instance command on an ASBR-PE, and you can see the
VPN routing table on the ASBR-PE.
[ASBR-PE1] display ip routing-table vpn-instance vpn1
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 BGP 255 0 RD 1.1.1.9 Vlanif11
10.2.1.0/24 BGP 255 0 D 192.1.1.2 Vlanif12
192.1.1.0/24 Direct 0 0 D 192.1.1.1 Vlanif12
Run the display bgp vpnv4 all routing-table command on an ASBR-PE, and you can see the
VPNv4 routes on the ASBR-PE.
[ASBR-PE1] display bgp vpnv4 all routing-table
BGP Local router ID is 2.2.2.9
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 2
Route Distinguisher: 100:1
Network NextHop MED LocPrf PrefVal Path/Ogn
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif 10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
bgp 65001
peer 10.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.1.1.2 enable
#
return
bgp 200
peer 4.4.4.9 as-number 200
peer 4.4.4.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 4.4.4.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 4.4.4.9 enable
#
ipv4-family vpn-instance vpn1
peer 192.1.1.1 as-number 100
import-route direct
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 162.1.1.0 0.0.0.255
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 10 22
#
ip vpn-instance vpn1
route-distinguisher 200:1
vpn-target 2:2 export-extcommunity
vpn-target 2:2 import-extcommunity
#
mpls lsr-id 4.4.4.9
mpls
label advertise non-null
#
mpls ldp
#
interface Vlanif10
ip binding vpn-instance vpn1
ip address 10.2.1.2 255.255.255.0
#
interface Vlanif22
ip address 162.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-ype trunk
port trunk allow-pass vlan 22
#
interface GigabitEthernet2/0/0
port link-ype trunk
port trunk allow-pass vlan 10
#
interface LoopBack1
ip address 4.4.4.9 255.255.255.255
#
bgp 200
peer 3.3.3.9 as-number 200
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
Loopback1 Loopback1
1.1.1.9/32 GE1/0/0 GE1/0/0 4.4.4.9/32
VLANIF 11
172.1.1.2/24 VLANIF 22
PE1 162.1.1.2/24 PE2
GE2/0/0 GE2/0/0
VLANIF 10 VLANIF 10
10.1.1.2/24 10.2.1.2/24
GE1/0/0 GE1/0/0
VLANIF 10 VLANIF 10
10.1.1.1/24 10.2.1.1/24
CE1
CE2
AS 65001 AS 65002
Configuration Roadmap
The configuration roadmap is as follows:
1. Run IGP on the backbone network to implement the communication between ASBRs and
PEs in the same AS. Set up MPLS LDP LSPs between ASBRs and PEs in the same AS.
2. Set up EBGP peer relationships between PEs and CEs and set up MP-IBGP peer
relationships between PEs and ASBRs.
3. Create VPN instances on PEs (you do not need to create VPN instances on ASBRs.)
4. Enable MPLS on the interface that connect ASBR1 and ASBR2, set up the MP-EBGP peer
relationship between ASBRs, and configure the ASBRs not to filter the received VPNv4
routes based on the VPN target.
Data Preparation
To complete the configuration, you need the following data:
l MPLS LSR IDs of PEs and ASBRs
l Names, RDs, and VPN targets of the VPN instances created on PE1 and PE2
Procedure
Step 1 On the MPLS backbone networks in AS100 and AS200, configure IGP to implement
communication between PEs on the respective backbone network.
OSPF is used in this example. The configuration details are not mentioned here.
NOTE
Advertise the 32-bit IP address of the loopback interface, that is, the LSR ID, by using OSPF.
After the configuration, the OSPF neighbor relationship can be set up between the ASBR and
the PE in the same AS. Run the display ospf peer command, and you can view that the status
of the neighbor relationship is Full.
The ASBR and PE in the same AS can learn and ping the IP address of the loopback interface
of each other.
Step 2 Configure basic MPLS functions and MPLS LDP on MPLS backbone networks of AS100 and
AS200 to establish LDP LSPs.
For detailed configurations, see 3.17.7 Example for Configuring Inter-AS VPN Option A.
Step 3 Configure BGP/MPLS IP VPN on PE1 and PE2.
NOTE
The VPN targets of VPN instances created on PE1 and PE2 must be matched.
# Configure ASBR1: Set up the MP-EBGP peer relationship with ASBR2 and configure ASBR1
not to filter the received VPNv4 routes based on the VPN target.
[ASBR1] bgp 100
[ASBR1-bgp] peer 192.1.1.2 as-number 200
[ASBR1-bgp] ipv4-family vpnv4
[ASBR1-bgp-af-vpnv4] peer 192.1.1.2 enable
[ASBR1-bgp-af-vpnv4] undo policy vpn-target
[ASBR1-bgp-af-vpnv4] quit
[ASBR1-bgp] quit
NOTE
The configuration on ASBR2 is the same as the configuration on ASBR1, and is not mentioned here.
Run the display bgp vpnv4 all routing-table command on an ASBR, and you can view VPNv4
routes on the ASBR.
For example, information about ASBR1 is displayed as follows:
[ASBR1] display bgp vpnv4 all routing-table
BGP Local router ID is 2.2.2.9
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 3
Route Distinguisher: 100:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 10.1.1.0/24 1.1.1.9 0 100 0 ?
*>i 10.1.1.1/32 1.1.1.9 0 100 0 ?
Route Distinguisher: 200:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.2.1.0/24 192.1.1.2 0 200?
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
bgp 65001
peer 10.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.1.1.2 enable
return
route-distinguisher 100:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface Vlanif10
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif11
ip address 172.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 11
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
#
ipv4-family vpn-instance vpn1
peer 10.1.1.1 as-number 65001
import-route direct
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
return
l Configuration file of ASBR1
#
sysname ASBR1
#
vlan batch 11 12
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif11
ip address 172.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif12
ip address 192.1.1.1 255.255.255.0
mpls
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 11
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 12
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
peer 192.1.1.2 as-number 200
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 192.1.1.2 enable
peer 1.1.1.9 enable
#
ipv4-family vpnv4
undo policy vpn-target
peer 1.1.1.9 enable
peer 192.1.1.2 enable
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
return
l Configuration file of ASBR2
#
sysname ASBR2
#
vlan batch 12 22
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
interface Vlanif12
ip address 162.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif22
ip address 192.1.1.2 255.255.255.0
mpls
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 22
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 12
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 200
peer 192.1.1.1 as-number 100
peer 4.4.4.9 as-number 200
peer 4.4.4.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 192.1.1.1 enable
peer 4.4.4.9 enable
#
ipv4-family vpnv4
undo policy vpn-target
peer 4.4.4.9 enable
peer 192.1.1.1 enable
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 162.1.1.0 0.0.0.255
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 10 22
#
ip vpn-instance vpn1
route-distinguisher 200:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 4.4.4.9
mpls
#
mpls ldp
#
interface Vlanif10
ip binding vpn-instance vpn1
ip address 10.2.1.2 255.255.255.0
#
interface Vlanif22
ip address 162.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 22
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 12
#
interface LoopBack1
ip address 4.4.4.9 255.255.255.255
#
bgp 200
peer 3.3.3.9 as-number 200
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpn1
peer 10.2.1.1 as-number 65002
import-route direct
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 162.1.1.0 0.0.0.255
#
return
Loopback1 Loopback1
2.2.2.9./32 3.3.3.9./32
GE2/0/0 PE
Loopback1
1.1.1.9./32 GE1/0/0 GE2/0/0
SPE GE1/0/0
GE2/0/0
GE1/0/0 GE1/0/0
CE1 CE2
VPN-A AS: 65410 AS: 65420 VPN-A
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure IGP on the backbone network so that PEs can learn the loopback address of each
other. Create MPLS LSPs between the PEs.
2. Create a VPN instance on UPE and set up an EBGP adjacency between UPE and CE1.
Create a VPN instance on PE and set up an EBGP adjacency between PE and CE2.
3. Set up an MP-IBGP adjacency between UPE and SPE, and between PE and SPE.
4. Create a VPN instance on the SPE and set the UPE as its under layer PE. Configure the
UPE to advertise the default route of the VPN instance.
Data Preparation
To complete the configuration, you need the following data:
l IDs of the VLANs that the interfaces of PE and CE belong to, as shown in Figure 3-11
l IP address of each VLAN interface, as shown in Figure 3-11
l MPLS LSR-IDs of UPE, SPE, and PE
l VPN instances on UPE, SPE, and PE
Procedure
Step 1 Configure OSPF on the MPLS backbone network to implement network connectivity.
After the configuration, an OSPF adjacency is set up among UPE, SPE, and PE. Run the display
ospf peer command, and you can see that the adjacency is in Full state. Run the display ip
routing-table command on the PEs, and you can see the PEs can learn the loopback routes of
each other.
The configuration procedure is not mentioned.
Step 2 Configure basic MPLS functions and MPLS LDP on the MPLS backbone network and set up
LDP LSPs.
After the configuration, LDP sessions are established between UPE and SPE, and between SPE
and PE. By running the display mpls ldp session command, you can see that the session status
is Operational. By running the display mpls ldp lsp command, you can see the establishment
status of the LDP LSP.
The configuration procedure is not mentioned.
Step 3 Connect PEs to CEs and run BGP between them.
# Configure the UPE.
<UPE> system-view
[UPE] ip vpn-instance vpna
[UPE-vpn-instance-vpna] route-distinguisher 100:1
[UPE-vpn-instance-vpna] vpn-target 1:1
[UPE-vpn-instance-vpna] quit
[UPE] interface vlanif 30
[UPE-Vlanif30] ip binding vpn-instance vpna
[UPE-Vlanif30] ip address 10.1.1.2 24
[UPE-Vlanif30] quit
[UPE] bgp 100
[UPE-bgp] ipv4-family vpn-instance vpna
[UPE-bgp-vpna] peer 10.1.1.1 as-number 65410
[UPE-bgp-vpna] import-route direct
[UPE-bgp-vpna] quit
[UPE-bgp] quit
# Configure CE1.
<Quidway> system-view
[Quidway] sysname CE1
[CE1] interface vlanif 30
[CE1-Vlanif30] ip address 10.1.1.1 24
[CE1-Vlanif30] quit
[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] import-route direct
[CE1-bgp] quit
# Configure PE.
<PE> system-view
[PE] ip vpn-instance vpna
[PE-vpn-instance-vpna] route-distinguisher 100:2
[PE-vpn-instance-vpna] vpn-target 1:1
[PE-vpn-instance-vpna] quit
[PE] interface vlanif 40
[PE-Vlanif40] ip binding vpn-instance vpna
[PE-Vlanif40] ip address 10.2.1.2 24
[PE-Vlanif40] quit
[PE] bgp 100
[PE-bgp] ipv4-family vpn-instance vpna
[PE-bgp-vpna] peer 10.2.1.1 as-number 65420
[PE-bgp-vpna] import-route direct
[PE-bgp-vpna] quit
[PE-bgp] quit
# Configure CE2.
<Quidway> system-view
[Quidway] sysname CE2
[CE2] interface vlanif 40
[CE2-Vlanif40] ip address 10.2.1.1 24
[CE2-Vlanif40] quit
[CE2] bgp 65420
[CE2-bgp] peer 10.2.1.2 as-number 100
[CE2-bgp] import-route direct
[CE2-bgp] quit
After the configuration, run the display ip vpn-instance verbose command on the UPE and the
PE, and you can see the configuration of the VPN instances. By running the ping -vpn-
instance, you can see that the UPE and the PE can ping the connected CEs.
NOTE
If multiple interfaces on a PE are bound to the same VPN, you must specify the source address when you
run the ping -vpn-instance command to ping the CE connected to the peer PE. That is, specify -a source-
ip-address in the ping -vpn-instance vpn-instance-name -a source-ip-address destination-address
command. Otherwise, the ping operation may fail.
Step 4 Set up an MP-IBGP adjacency between UPE and SPE, and between PE and SPE.
# Configure the UPE.
<UPE> system-view
[UPE] bgp 100
[UPE-bgp] peer 2.2.2.9 as-number 100
[UPE-bgp] peer 2.2.2.9 connect-interface loopback 1
[UPE-bgp] ipv4-family vpnv4
[UPE-bgp-af-vpnv4] peer 2.2.2.9 enable
[UPE-bgp-af-vpnv4] quit
[UPE-bgp] quit
Run the display bgp vpnv4 all routing-table command on the UPE, and you can see a default
route of the VPN instance vpna with the next hop being SPE.
[UPE] display bgp vpnv4 all routing-table
BGP Local router ID is 1.1.1.9
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total number of routes from all PE: 1
Route Distinguisher: 200:1
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 0.0.0.0 2.2.2.9 100 0 i
Total routes of vpn-instance vpna: 6
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 0.0.0.0 2.2.2.9 100 0 i
*> 10.1.1.0/24 0.0.0.0 0 0 ?
* 10.1.1.2 0 0 65410?
*> 10.1.1.1/32 0.0.0.0 0 0 ?
*> 10.1.1.2/32 0.0.0.0 0 0 ?
* 10.1.1.1 0 0 65410?
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 30
#
interface VLanif30
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
bgp 65410
peer 10.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.1.1.2 enable
#
return
mpls
mpls ldp
#
interface Vlanif20
ip address 172.2.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 3.3.3.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
peer 1.1.1.9 upe
peer 1.1.1.9 default-originate vpn-instance vpna
peer 3.3.3.9 enable
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 172.1.1.0 0.0.0.255
network 172.2.1.0 0.0.0.255
#
return
l Configuration file of PE
#
sysname PE
#
vlan batch 20 40
#
ip vpn-instance vpna
route-distinguisher 100:2
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 3.3.3.9
mpls
label advertise non-null
#
mpls ldp
#
interface Vlanif20
ip address 172.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip binding vpn-instance vpna
ip address 10.2.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
#
ipv4-family vpn-instance vpna
peer 10.2.1.1 as-number 65420
import-route direct
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 172.2.1.0 0.0.0.255
#
return
Figure 3-12 Networking diagram for configuring the OSPF sham link
Loopback1 Loopback1 Loopback1
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE2/0/0 GE2/0/0
PE1 PE2
GE1/0/0 GE2/0/0
GE1/0/0 P GE1/0/0
Loopback10 Loopback10
sham link
5.5.5.5/32 6.6.6.6/32
GE1/0/0 GE1/0/0
backdoor
Configuration Roadmap
The configuration roadmap is as follows:
1. Set up an MP-IBGP adjacency between the PEs and enable OSPF between the PE and CEs.
2. Create VPN instances on the PEs and bind the instances to the interfaces connected to the
CEs.
3. Create an OSPF sham link between the PEs.
4. Adjust the cost value of the backdoor link of the VPN to be greater than that of the sham
link.
Data Preparation
To complete the configuration, you need the following data:
l MPLS LSR-IDs of PE and P
l Name of the VPN instance, RD, and VPN target on the PE
l OSPF processes running on the interior of the backbone network and user networks, which
are different from that running on the PEs connected to CEs
l Cost of the sham link, which must be less than the cost for forwarding OSPF routes through
the user network
Procedure
Step 1 Configure OSPF on the user network.
Configure common OSPF on CE1, Switch and CE2 and advertise the segment address of each
interface.
# Configure CE1.
<Quidway> system-view
[Quidway] sysname CE1
[CE1] vlan batch 20 50
[CE1] interface gigabitethernet 2/0/0
[CE1-GigabitEthernet2/0/0] port hybrid pvid vlan 20
[CE1-GigabitEthernet2/0/0] port hybrid untagged vlan 20
[CE1-GigabitEthernet2/0/0] quit
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] port hybrid pvid vlan 50
[CE1-GigabitEthernet1/0/0] port hybrid untagged vlan 50
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface vlanif 20
[CE1-Vlanif20] ip address 20.1.1.1 24
[CE1-Vlanif20] quit
[CE1] interface vlanif 50
[CE1-Vlanif50] ip address 100.1.1.1 24
[CE1-Vlanif50] quit
[CE1] ospf
[CE1-ospf-1] area 0
[CE1-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[CE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255
[CE1-ospf-1-area-0.0.0.0] quit
[CE1-ospf-1] quit
# Configure Switch.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] vlan 20 30
[Switch] interface gigabitethernet 1/0/0
[Switch-GigabitEthernet1/0/0] port hybrid pvid vlan 20
[Switch-GigabitEthernet1/0/0] port hybrid untagged vlan 20
[Switch-GigabitEthernet1/0/0] quit
[Switch] interface gigabitethernet 2/0/0
[Switch-GigabitEthernet2/0/0] port hybrid pvid vlan 30
[Switch-GigabitEthernet2/0/0] port hybrid untagged vlan 30
[Switch-GigabitEthernet2/0/0] quit
[Switch] interface vlanif 20
[Switch-Vlanif20] ip address 20.1.1.2 24
[Switch-Vlanif20] quit
[Switch] interface vlanif 30
[Switch-Vlanif30] ip address 30.1.1.1 24
[Switch-Vlanif30] quit
[Switch] ospf
[Switch-ospf-1] area 0
[Switch-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[Switch-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[Switch-ospf-1-area-0.0.0.0] quit
[Switch-ospf-1] quit
<Quidway> system-view
[Quidway] sysname CE2
[CE2] vlan batch 30 60
[CE2] interface gigabitethernet 2/0/0
[CE2-GigabitEthernet2/0/0] port hybrid pvid vlan 30
[CE2-GigabitEthernet2/0/0] port hybrid untagged vlan 30
[CE2-GigabitEthernet2/0/0] quit
[CE2] interface gigabitethernet 1/0/0
[CE2-GigabitEthernet1/0/0] port hybrid pvid vlan 60
[CE2-GigabitEthernet1/0/0] port hybrid untagged vlan 60
[CE2-GigabitEthernet1/0/0] quit
[CE2] interface vlanif 30
[CE2-Vlanif30] ip address 30.1.1.2 24
[CE2-Vlanif30] quit
[CE2] interface vlanif 60
[CE2-Vlanif60] ip address 120.1.1.2 24
[CE2-Vlanif60] quit
[CE2] ospf
[CE2-ospf-1] area 0
[CE2-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[CE2-ospf-1-area-0.0.0.0] network 120.1.1.0 0.0.0.255
[CE2-ospf-1-area-0.0.0.0] quit
[CE2-ospf-1] quit
Step 2 Configure basic BGP/MPLS IP VPN function on the backbone network, including IGP, MPLS
and LDP on the backbone network, and MP-IBGP adjacency between the PEs.
# Configure PE1.
<Quidway> system-view
[Quidway] sysname PE1
[PE1] vlan batch 10 50
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] port hybrid pvid vlan 10
[PE1-GigabitEthernet2/0/0] port hybrid untagged vlan 10
[PE1-GigabitEthernet2/0/0] quit
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] port hybrid pvid vlan 50
[PE1-GigabitEthernet1/0/0] port hybrid untagged vlan 50
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] lsp-trigger all
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] ip address 10.1.1.1 24
[PE1-Vlanif10] mpls
[PE1-Vlanif10] mpls ldp
[PE1-Vlanif10] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.9 as-number 100
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 3.3.3.9 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit
# Configure the P.
<Quidway> system-view
[Quidway] sysname P
[P] vlan batch 10 40
[P] interface gigabitethernet 1/0/0
[P-GigabitEthernet1/0/0] port hybrid pvid vlan 10
[P-GigabitEthernet1/0/0] port hybrid untagged vlan 10
[P-GigabitEthernet1/0/0] quit
[P] interface gigabitethernet 2/0/0
[P-GigabitEthernet2/0/0] port hybrid pvid vlan 40
[P-GigabitEthernet2/0/0] port hybrid untagged vlan 40
[P-GigabitEthernet2/0/0] quit
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.9 32
[P-LoopBack1] quit
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] lsp-trigger all
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 10
[P-Vlanif10] ip address 10.1.1.2 24
[P-Vlanif10] mpls
[P-Vlanif10] mpls ldp
[P-Vlanif10] quit
[P] interface vlanif 40
[P-Vlanif40] ip address 40.1.1.1 24
[P-Vlanif40] mpls
[P-Vlanif40] mpls ldp
[P-Vlanif40] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
<Quidway> system-view
[Quidway] sysname PE2
[PE2] vlan batch 40 60
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] port hybrid pvid vlan 60
[PE2-GigabitEthernet1/0/0] port hybrid untagged vlan 60
[PE2-GigabitEthernet1/0/0] quit
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] port hybrid pvid vlan 40
[PE2-GigabitEthernet2/0/0] port hybrid untagged vlan 40
[PE2-GigabitEthernet2/0/0] quit
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.9 32
[PE2-LoopBack1] quit
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] lsp-trigger all
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 40
[PE2-Vlanif40] ip address 40.1.1.2 24
[PE2-Vlanif40] mpls
[PE2-Vlanif40] mpls ldp
[PE2-Vlanif40] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.9 enable
[PE2-bgp-af-vpnv4] quit
[PE2-bgp] quit
After the configuration, PE1 and PE2 can learn the loopback route of each other. The MP-IBGP
adjacency is set up between PE1 and PE2.
Step 3 Configure links between PE and CE. That is, running OSPF between PE and CE.
# Configure PE1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 1:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface vlanif 50
[PE1-Vlanif50] ip binding vpn-instance vpn1
[PE1-Vlanif50] ip address 100.1.1.2 24
[PE1-Vlanif50] quit
[PE1] ospf 100 vpn-instance vpn1
[PE1-ospf-100] domain-id 10
[PE1-ospf-100] import-route bgp
[PE1-ospf-100] area 0
[PE1-ospf-100-area-0.0.0.0] network 100.1.1.0 0.0.0.255
[PE1-ospf-100-area-0.0.0.0] quit
[PE1-ospf-100] quit
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1] import-route direct
[PE1-bgp-vpn1] import-route ospf 100
[PE1-bgp-vpn1] quit
[PE1-bgp] quit
# Configure PE2.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:2
[PE2-vpn-instance-vpn1] vpn-target 1:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface vlanif 60
[PE2-Vlanif60] ip binding vpn-instance vpn1
[PE2-Vlanif60] ip address 120.1.1.1 24
[PE2-Vlanif60] quit
[PE2] ospf 100 vpn-instance vpn1
[PE2-ospf-100] import-route bgp
[PE2-ospf-100] domain-id 10
[PE2-ospf-100] area 0
[PE2-ospf-100-area-0.0.0.0] network 120.1.1.0 0.0.0.255
[PE2-ospf-100-area-0.0.0.0] quit
[PE2-ospf-100] quit
[PE2] bgp 100
[PE2-bgp] ipv4-family vpn-instance vpn1
[PE2-bgp-vpn1] import-route direct
[PE2-bgp-vpn1] import-route ospf 100
[PE2-bgp-vpn1] quit
[PE2-bgp] quit
After the configuration, run the display ip routing-table vpn-instance command on the PEs,
and you can see that the routes to the peer CEs are OSPF routes through the backbone network,
not the BGP routes through the user network.
Take PE1 for example.
[PE1] display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
20.1.1.0/24 OSPF 10 2 D 100.1.1.1 Vlanif50
30.1.1.0/24 OSPF 10 3 D 100.1.1.1 Vlanif50
100.1.1.0/24 Direct 0 0 D 100.1.1.2 Vlanif50
100.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0
120.1.1.0/24 OSPF 10 4 D 100.1.1.1 Vlanif50
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
To forward VPN traffic through the MPLS backbone, you must configure the cost of the sham link to be
smaller than the cost of the OSPF route through the user network. A commonly used method is to set the
cost of the forwarding interface on the user network to be greater than the cost of the sham link.
# Configure CE1.
[CE1] interface vlanif 20
[CE1-Vlanif20] ospf cost 10
# Configure CE2.
[CE2] interface vlanif 30
[CE2-Vlanif30] ospf cost 10
# Configure PE1.
[PE1] interface loopback 10
[PE1-LoopBack10] ip binding vpn-instance vpn1
[PE1-LoopBack10] ip address 5.5.5.5 32
[PE1-LoopBack10] quit
[PE1] ospf 100
[PE1-ospf-100] area 0
[PE1-ospf-100-area-0.0.0.0] sham-link 5.5.5.5 6.6.6.6 cost 1
[PE1-ospf-100-area-0.0.0.0] quit
[PE1-ospf-100] quit
# Configure PE2.
[PE2] interface loopback 10
[PE2-LoopBack10] ip binding vpn-instance vpn1
[PE2-LoopBack10] ip address 6.6.6.6 32
[PE2-LoopBack10] quit
[PE2] ospf 100
[PE2-ospf-100] area 0
[PE2-ospf-100-area-0.0.0.0] sham-link 6.6.6.6 5.5.5.5 cost 1
[PE2-ospf-100-area-0.0.0.0] quit
[PE2-ospf-100] quit
Run the display ip routing-table command on the CEs, and you can see that the cost of the
OSPF route to the peer CE is changed to 3, and the next hop is changed to the VLANIF interface
connected to PE. That is, the VPN traffic to the peer CE is forwarded through the backbone
network.
Take CE1 for example.
[CE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 15 Routes : 15
Destination/Mask Proto Pre Cost Flags NextHop Interface
5.5.5.5/32 O_ASE 150 1 D 100.1.1.2 Vlanif50
6.6.6.6/32 O_ASE 150 1 D 100.1.1.2 Vlanif50
20.1.1.0/24 Direct 0 0 D 20.1.1.1 Vlanif20
20.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
20.1.1.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
30.1.1.0/24 OSPF 10 11 D 100.1.1.2 Vlanif20
100.1.1.0/24 Direct 0 0 D 100.1.1.1 Vlanif50
100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
100.1.1.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
120.1.1.0/24 OSPF 10 3 D 100.1.1.2 Vlanif50
120.1.1.1/32 O_ASE 150 1 D 100.1.1.2 Vlanif50
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
NOTE
The cost of the OSPF route from CE1 to CE2 is the sum of the cost from CE1 to PE1, the cost of sham
link, and the cost from PE2 to CE2, that is, 1 + 1 + 1 =3.
Run the tracert command, and you can see that the data from CE1 to CE2 passes through the
VLANIF interface connected to PE1. That is, VPN traffic is transmitted through the backbone
network.
[CE1] tracert 120.1.1.1
traceroute to 120.1.1.1(120.1.1.1) 30 hops max,40 bytes packet
1 100.1.1.2 47 ms 31 ms 31 ms
2 120.1.1.2 94 ms 94 ms 94 ms
3 120.1.1.1 125 ms 156 ms 125 ms
[CE1] tracert 30.1.1.2
traceroute to 30.1.1.2(30.1.1.2) 30 hops max,40 bytes packet
1 20.1.1.2 80 ms 60 ms 60 ms
2 30.1.1.2 100 ms 90 ms 130 ms
Run the display ospf sham-link command on the PEs, and you can see the information about
the sham link.
Take PE1 for example.
Run the display ospf sham-link area command, and you can see that the state of the peer is
Full.
[PE1] display ospf sham-link area 0
OSPF Process 1 with Router ID 1.1.1.9
OSPF Process 100 with Router ID 5.5.5.5
Sham-Link: 5.5.5.5 --> 6.6.6.6
NeighborID: 6.6.6.6, State: Full
Area: 0.0.0.0
Cost: 10 State: P-2-P, Type: Sham
Timers: Hello 10 , Dead 40 , Retransmit 5 , Transmit Delay 1
Run the display ospf routing command on the CEs, and you can see that the route to the peer
CE is learned and considered as the intra-area route.
[CE1] display ospf routing
OSPF Process 1 with Router ID 100.1.1.1
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
120.1.1.0/24 3 Transit 100.1.1.2 6.6.6.6 0.0.0.0
20.1.1.0/24 10 Stub 20.1.1.1 100.1.1.1 0.0.0.0
30.1.1.0/24 11 Stub 20.1.1.2 30.1.1.1 0.0.0.0
100.1.1.0/24 1 Transit 100.1.1.1 100.1.1.1 0.0.0.0
Routing for ASEs
Destination Cost Type Tag NextHop AdvRouter
120.1.1.1/32 1 Type2 3489661028 100.1.1.2 5.5.5.5
6.6.6.6/32 1 Type2 3489661028 100.1.1.2 5.5.5.5
5.5.5.5/32 1 Type2 3489661028 100.1.1.2 6.6.6.6
100.1.1.1/32 1 Type2 3489661028 100.1.1.2 6.6.6.6
Total Nets: 8
Intra Area: 4 Inter Area: 0 ASE: 4 NSSA: 0
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
vlan batch 10 50
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
ip binding vpn-instance vpn1
ip address 100.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
interface LoopBack10
ip binding vpn-instance vpn1
ip address 5.5.5.5 255.255.255.255
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
import-route ospf 100
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
#
ospf 100 vpn-instance vpn1
import-route bgp
domain-id 0.0.0.10
area 0.0.0.0
network 100.1.1.0 0.0.0.255
sham-link 5.5.5.5 6.6.6.6 cost 1
#
return
l Configuration file of P
#
sysname P
#
vlan batch 10 40
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 40.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 40.1.1.0 0.0.0.255
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 40 60
#
ip vpn-instance vpn1
route-distinguisher 100:2
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
interface Vlanif40
ip address 40.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif60
ip binding vpn-instance vpn1
ip address 120.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
interface LoopBack10
ip binding vpn-instance vpn1
ip address 6.6.6.6 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpn1
import-route direct
import-route ospf 100
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 40.1.1.0 0.0.0.255
#
ospf 100 vpn-instance vpn1
import-route bgp
domain-id 0.0.0.10
area 0.0.0.0
network 120.1.1.0 0.0.0.255
sham-link 6.6.6.6 5.5.5.5 cost 1
#
return
l Configuration file of CE1
#
sysname CE1
#
vlan batch 20 50
#
interface Vlanif20
ip address 20.1.1.1 255.255.255.0
ospf cost 10
#
interface Vlanif50
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
ospf 1
area 0.0.0.0
network 100.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
#
return
l Configuration file of CE2
#
sysname CE2
#
vlan batch 30 60
#
interface vlanif30
ip address 30.1.1.2 255.255.255.0
ospf cost 10
#
interface vlanif60
ip address 120.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
ospf 1
area 0.0.0.0
GE1/0/0 GE1/0/0
Loopback1 - 1.1.1.9/32
Loopback1 - 2.2.2.9/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure OSPF between PEs to implement interworking between PEs and configure MP-
IBGP to exchange VPN routing information.
2. Set up an EBGP adjacency between PE and the connected CE to import the VPN routes to
the VPN routing table of PE.
3. Configure OSPF multi-instance between MCE and PE2 to exchange VPN routing
information. Configure RIPv2 between MCE and CE3, and between MCE and CE4, to
exchange VPN routing information.
NOTE
When configuring OSPF multi-instance between MCE and PE2, you need to perform the following
operations.
In the OSPF view of PE2, import the BGP route and advertise the VPN route of PE1 to the MCE.
The OSPF process is used by the MCE and PE2 for the configuration of OSPF multi-instance.
In the BGP view of PE2, import the OSPF route and advertise the VPN route of MCE to PE1.
The OSPF process is used by the MCE and PE2 for the configuration of OSPF multi-instance.
Data Preparation
To complete the configuration, you need the following data:
l A VPN instance for each isolated service is created on PE1, PE2 and MCE. Note that the
VPN targets of different VPN instances differ from each other and the VPN targets of the
same VPN instance are identical.
l The OSPF data needs to be configured. For different OSPF multi-instances, the OSPF
process IDs must be different.
l The RIP processes used to import VPN routes of CE3 and CE4 to MCE need to be
configured. The RIP processes use different process IDs.
Procedure
Step 1 Run OSPF on the PEs of the backbone network.
The configuration procedure is not mentioned.
After the configuration, PEs can learn the Loopback1 address of each other.
Take the display on PE2 as an example.
<PE2> display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 9 Routes : 9
Step 2 Configure the basic MPLS capability and MPLS LDP on the backbone network and set up an
LDP LSP.
The configuration procedure is not mentioned.
After the configuration, run the display mpls ldp session command on the PEs, and you can see
that the MPLS LDP session between PEs is in Operational state.
Take the display on PE2 as an example.
<PE2> display mpls ldp session
Step 3 Configure the VPN instance on PEs. Connect CE1 and CE2 to PE1 and connect MCE to PE2.
# Configure PE1.
<PE1> system-view
[PE1] vlan batch 10 20
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] port hybrid pvid vlan 10
[PE1-GigabitEthernet1/0/0] port hybrid untagged vlan 10
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] port hybrid pvid vlan 20
[PE1-GigabitEthernet2/0/0] port hybrid untagged vlan 20
[PE1-GigabitEthernet2/0/0] quit
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] route-distinguisher 100:1
[PE1-vpn-instance-vpna] vpn-target 111:1 both
[PE1-vpn-instance-vpna] quit
[PE1] ip vpn-instance vpnb
[PE1-vpn-instance-vpnb] route-distinguisher 100:2
[PE1-vpn-instance-vpnb] vpn-target 222:2 both
[PE1-vpn-instance-vpnb] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] ip binding vpn-instance vpna
[PE1-Vlanif10] ip address 10.1.1.2 24
[PE1-Vlanif10] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip binding vpn-instance vpnb
[PE1-Vlanif20] ip address 10.2.1.2 24
[PE1-Vlanif20] quit
# Configure PE2.
<PE2> system-view
[PE2] vlan batch 40 50
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] port hybrid pvid vlan 50
[PE2-GigabitEthernet2/0/0] port hybrid untagged vlan 50
[PE2-GigabitEthernet2/0/0] quit
[PE2] interface gigabitethernet 3/0/0
[PE2-GigabitEthernet3/0/0] port hybrid pvid vlan 40
[PE2-GigabitEthernet3/0/0] port hybrid untagged vlan 40
[PE2-GigabitEthernet3/0/0] quit
[PE2] ip vpn-instance vpna
[PE2-vpn-instance-vpna] route-distinguisher 200:1
[PE2-vpn-instance-vpna] vpn-target 111:1 both
[PE2-vpn-instance-vpna] quit
[PE2] ip vpn-instance vpnb
[PE2-vpn-instance-vpnb] route-distinguisher 200:2
[PE2-vpn-instance-vpnb] vpn-target 222:2 both
[PE2-vpn-instance-vpnb] quit
[PE2] interface vlanif 50
Step 4 Configure VPN instances on the MCE. Connect CE3, CE4, and PE2 to MCE.
<Quidway> system-view
[Quidway] sysname MCE
[MCE] vlan batch 40 50 60 70
[MCE] interface gigabitethernet 2/0/0
[MCE-GigabitEthernet2/0/0] port hybrid pvid vlan 40
[MCE-GigabitEthernet2/0/0] port hybrid untagged vlan 40
[MCE-GigabitEthernet2/0/0] quit
[MCE] interface gigabitethernet 1/0/0
[MCE-GigabitEthernet1/0/0] port hybrid pvid vlan 50
[MCE-GigabitEthernet1/0/0] port hybrid untagged vlan 50
[MCE-GigabitEthernet1/0/0] quit
[MCE] interface gigabitethernet 3/0/0
[MCE-GigabitEthernet3/0/0] port hybrid pvid vlan 60
[MCE-GigabitEthernet3/0/0] port hybrid untagged vlan 60
[MCE-GigabitEthernet3/0/0] quit
[MCE] interface gigabitethernet 3/0/1
[MCE-GigabitEthernet3/0/1] port hybrid pvid vlan 70
[MCE-GigabitEthernet3/0/1] port hybrid untagged vlan 70
[MCE-GigabitEthernet3/0/1] quit
[MCE] ip vpn-instance vpna
[MCE-vpn-instance-vpna] route-distinguisher 100:1
[MCE-vpn-instance-vpna] vpn-target 111:1 both
[MCE-vpn-instance-vpna] quit
[MCE] ip vpn-instance vpnb
[MCE-vpn-instance-vpnb] route-distinguisher 100:2
[MCE-vpn-instance-vpnb] vpn-target 222:2 both
[MCE-vpn-instance-vpnb] quit
[MCE] interface vlanif 60
[MCE-Vlanif60] ip binding vpn-instance vpna
[MCE-Vlanif60] ip address 10.3.1.2 24
[MCE-Vlanif60] quit
[MCE] interface vlanif 70
[MCE-Vlanif70] ip binding vpn-instance vpnb
[MCE-Vlanif70] ip address 10.4.1.2 24
[MCE-Vlanif70] quit
[MCE] interface vlanif 50
[MCE-Vlanif50] ip binding vpn-instance vpna
[MCE-Vlanif50] ip address 192.1.1.2 24
[MCE-Vlanif50] quit
[MCE] interface vlanif 40
[MCE-Vlanif40] ip binding vpn-instance vpnb
[MCE-Vlanif40] ipaddress 192.2.1.2 24
[MCE-Vlanif40] quit
Step 5 Set up an MP-IBGP adjacency between PEs, and between PE1 and CE1. Set up an EBGP
adjacency between PE1 and CE1, and between PE1 and CE2.
After the configuration, run the display bgp vpnv4 all peer command on PE1, and you can see
that the IBGP adjacency between PE1 and PE2 is in Established state. The EBGP adjacency
between PE1 and CE1 and the EBGP adjacency between PE1 and CE2 are in Established state.
[PE1] display bgp vpnv4 all peer
Step 6 Configure the OSPF multi-instance between the MCE and PE2.
# Configure PE2.
<PE2> system-view
[PE2] ospf 100 vpn-instance vpna
[PE2-ospf-100] area 0
[PE2-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255
[PE2-ospf-100-area-0.0.0.0] quit
[PE2-ospf-100] import-route bgp
[PE2-ospf-100] quit
[PE2] ospf 200 vpn-instance vpnb
[PE2-ospf-200] area 0
[PE2-ospf-200-area-0.0.0.0] network 192.2.1.0 0.0.0.255
[PE2-ospf-200-area-0.0.0.0] quit
[PE2-ospf-200] import-route bgp
[PE2-ospf-200] quit
[PE2] bgp 100
[PE2-bgp] ipv4-family vpn-instance vpna
[PE2-bgp-vpna] import-route ospf 100
[PE2-bgp-vpna] quit
[PE2-bgp] ipv4-family vpn-instance vpnb
[PE2-bgp-vpnb] import-route ospf 200
[PE2-bgp-vpnb] quit
# Configure MCE.
<MCE> system-view
[MCE] ospf 100 vpn-instance vpna
[MCE-ospf-100] area 0
[MCE-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255
[MCE-ospf-100-area-0.0.0.0] quit
[MCE-ospf-100] quit
[MCE] ospf 200 vpn-instance vpnb
[MCE-ospf-200] area 0
[MCE-ospf-200-area-0.0.0.0] network 192.2.1.0 0.0.0.255
[MCE-ospf-200-area-0.0.0.0] quit
[MCE-ospf-200] quit
Step 7 Run RIPv2 between the MCE and CE3, and between the MCE and CE4.
# Configure MCE.
[MCE] rip 100 vpn-instance vpna
[MCE-rip-100] version 2
[MCE-rip-100] network 10.0.0.0
[MCE-rip-100] import-route ospf 100
[MCE-rip-100] quit
[MCE] rip 200 vpn-instance vpnb
[MCE-rip-200] version 2
[MCE-rip-200] network 10.0.0.0
[MCE-rip-200] import-route ospf 200
# Configure CE3.
<Quidway> system-view
[Quidway] sysname CE3
[CE3] vlan batch 60
[CE3] interface gigabitethernet 1/0/0
[CE3-GigabitEthernet1/0/0] port hybrid pvid vlan 60
# Configure CE4.
<Quidway> system-view
[Quidway] sysname CE4
[CE4] vlan batch 70
[CE4] interface gigabitethernet 1/0/0
[CE4-GigabitEthernet1/0/0] port hybrid pvid vlan 70
[CE4-GigabitEthernet1/0/0] port hybrid untagged vlan 70
[CE4-GigabitEthernet1/0/0] quit
[CE4]interface vlanif 70
[CE4-Vlanif70]ip address 10.4.1.1 24
[CE4-Vlanif70] quit
[CE4] rip 200
[CE4-rip-200] version 2
[CE4-rip-200] network 10.0.0.0
[CE4-rip-200] import-route direct
Run the display ip routing-table vpn-instance command on the PE, and you can see the route
to the peer CE.
Take vpna on PE1 for example.
[PE1] display ip routing-table vpn-instance vpna
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpna
Destinations : 5 Routes : 5
CE1 and CE3 can ping each other. CE2 and CE4 can ping each other.
Take CE1 for example.
[CE1] ping 10.3.1.1
PING 10.3.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=252 time=125 ms
Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=252 time=125 ms
Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=252 time=125 ms
Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=252 time=125 ms
Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=252 time=125 ms
CE1 cannot ping CE2 or CE4. CE3 cannot ping CE2 or CE4.
For example, if you ping CE4 from CE1, the information is displayed as follows:
[CE1] ping 10.4.1.1
PING 10.4.1.1: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
bgp 65410
peer 10.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
#
mpls ldp
#
interface Vlanif10
ip binding vpn-instance vpna
ip address 10.1.1.2 255.255.255.0
#
interface Vlanif20
ip binding vpn-instance vpnb
ip address 10.2.1.2 255.255.255.0
#
interface Vlanif30
ip address 172.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet3/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
#
ipv4-family vpn-instance vpna
peer 10.1.1.1 as-number 65410
import-route direct
#
ipv4-family vpn-instance vpnb
peer 10.2.1.1 as-number 65420
import-route direct
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 30 40 50
#
ip vpn-instance vpna
route-distinguisher 200:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
route-distinguisher 200:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif30
ip address 172.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip binding vpn-instance vpna
ip address 192.2.1.1 255.255.255.0
#
interface Vlanif50
ip binding vpn-instance vpnb
ip address 192.1.1.1 255.255.255.0
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
interface GigabitEthernet3/0/0
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpna
import-route ospf 100
#
ipv4-family vpn-instance vpnb
import-route ospf 200
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
ospf 100 vpn-instance vpna
import-route bgp
area 0.0.0.0
network 192.1.1.0 0.0.0.255
#
ospf 200 vpn-instance vpnb
import-route bgp
area 0.0.0.0
network 192.2.1.0 0.0.0.255
#
return
l Configuration file of the MCE
#
sysname MCE
#
vlan batch 40 50 60 70
#
ip vpn-instance vpna
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
route-distinguisher 200:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
interface Vlanif40
ip binding vpn-instance vpnb
ip address 192.2.1.2 255.255.255.0
#
interface Vlanif50
ip binding vpn-instance vpna
ip address 192.1.1.2 255.255.255.0
#
interface Vlanif60
ip binding vpn-instance vpna
ip address 10.3.1.2 255.255.255.0
#
interface Vlanif70
ip binding vpn-instance vpnb
ip address 10.4.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface GigabitEthernet3/0/0
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
interface GigabitEthernet3/0/1
port hybrid pvid vlan 70
port hybrid untagged vlan 70
#
ospf 100 vpn-instance vpna
import-route rip 100
vpn-instance-capability simple
area 0.0.0.0
network 192.1.1.0 0.0.0.255
#
ospf 200 vpn-instance vpnb
import-route rip 200
vpn-instance-capability simple
area 0.0.0.0
network 192.2.1.0 0.0.0.255
#
rip 100 vpn-instance vpna
version 2
network 10.0.0.0
import-route ospf 100
#
rip 200 vpn-instance vpnb
version 2
network 10.0.0.0
import-route ospf 200
#
return
l Configuration file of CE3
#
sysname CE3
#
vlan batch 60
#
interface Vlanif60
ip address 10.3.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
rip 100
version 2
network 10.0.0.0
import-route direct
#
return
GE2/0/0
Configuration Roadmap
In this example, you need to configure an L3VPN, and then configure three static routes. The
configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure VLANs that the interfaces belong to, as shown in Figure 3-14.
The configuration procedure is not mentioned.
Assign IP addresses to the physical interfaces and loopback interfaces on the backbone network.
Run IGP on each device on the backbone network so that PE1, P and PE2 can ping each other
and learn the loopback address of each other. The detailed configuration is not mentioned here.
Set up an MPLS LSP and an MP-IBGP adjacency between the PEs. The detailed configuration
is not mentioned here.
After the configuration, run the display mpls ldp session command on P, and you can find that
the LDP sessions between PE1 and P, and between PE2 and P are in Operational state.
Run the display bgp vpnv4 all peer command on the PEs, and you can find that the MP-IBGP
adjacency is in Established state. Take PE1 for example.
<PE1> display bgp vpnv4 all peer
Create VPN 1 on the PEs and bind VPN 1 to the interfaces connected to CEs. Set up EBGP
adjacencies between PE1 and CE1 and between PE2 and CE2 to import routes of the CEs to the
PEs. The detailed configuration is not mentioned here.
After the configuration, run the display ip vpn-instance command on the PEs, and you can find
VPN 1 is displayed in the VPN-Instance Name field.
Run the display bgp vpnv4 all peer command on the PEs, and you can see that the IBGP and
EBGP adjacencies are in Established state.
Step 5 Configure the static route to enable VPN users to access the public network.
# Add a default route on CE1 with the next hop being PE1.
<CE1> system-view
[CE1] ip route-static 0.0.0.0 0 10.1.1.2
# Configure PE1.
# Configure a default route from the agent server of the VPN to the Internet. The next hop is P.
Specify the address of the next hop as a public network address. That is, add the keyword
public to the right of the next hop address in the command.
<PE1> system-view
[PE1] ip route-static vpn-instance vpn1 0.0.0.0 0 100.1.1.2 public
NOTE
If the CE and PE are connected through the Ethernet, you must specify the next hop.
# Configure a static route from the Internet to the agent server. The next hop is CE1.
[PE1] ip route-static 100.3.1.1 24 vpn-instance vpn1 10.1.1.1
# Advertise the static route from PE1 to the agent server to the Internet through IGP.
[PE1] ospf 1
[PE1-ospf-1] import-route static
# Configure the agent server. Set the IP address of the agent server to 100.3.1.1/24. Specify CE1
as the default gateway (100.3.1.2/24) of the agent server. In addition, the agent software should
be run on the agent server.
Run the display ip routing-table vpn-instance command on PE1, and you can see that a default
route exists in the routing table of VPN 1. The next hop address is 100.1.1.2 and the outgoing
interface is Vlanif10.
[PE1] display ip routing-table vpn-instance vpn1
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 RD 100.1.1.2 Vlanif10
10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif30
10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0
10.1.1.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
10.2.1.0/24 BGP 255 0 RD 3.3.3.3 Vlanif10
100.3.1.1/32 BGP 255 0 D 10.1.1.1 Vlanif30
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Run the display ip routing-table command on PE1, and you can see the route destined for the
agent in the routing table of the public network. The next hop address is 10.1.1.1.
[PE1] display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
2.2.2.2/32 OSPF 10 2 D 100.1.1.2 Vlanif10
3.3.3.3/32 OSPF 10 3 D 100.1.1.2 Vlanif10
100.1.1.0/24 Direct 0 0 D 100.1.1.1 Vlanif10
100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
100.1.1.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
100.2.1.0/24 OSPF 10 2 D 100.1.1.2 Vlanif10
100.3.1.0/24 Static 60 0 D 10.1.1.1 Vlanif30
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 30 50
#
interface Vlanif30
ip address 10.1.1.1 255.255.255.0
#
interface Vlanif50
ip address 100.3.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
bgp 65410
peer 10.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.1.1.2 enable
#
ip route-static 0.0.0.0 0.0.0.0 10.1.1.2
#
return
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable
#
ipv4-family vpn-instance vpn1
peer 10.1.1.1 as-number 65410
import-route static
import-route direct
#
ospf 1
import-route static
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 100.1.1.0 0.0.0.255
#
ip route-static 100.3.1.0 255.255.255.0 Vlanif30 10.1.1.1
ip route-static vpn-instance vpn1 0.0.0.0 0.0.0.0 100.1.1.2 public
#
return
l Configuration file of P
#
sysname P
#
vlan batch 10 20
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Vlanif10
ip address 100.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif20
ip address 100.2.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
import-route direct
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 100.2.1.0 0.0.0.255
#
return
GE2/0/0 GE2/0/0
GE1/0/0 GE1/0/0 GE1/0/0 GE2/0/0
CE1
PE1 P1 PE3
GE1/0/0 GE1/0/0
CE2
GE2/0/0
GE3/0/0 PE2 P2 GE2/0/0
GE3/0/0
GE2/0/0 GE2/0/0
GE1/0/0 GE1/0/0 GE2/0/0
GE1/0/0
vpn1 site1 PE4 vpn1 site2
Loopback1 Loopback1 AS 65420
AS 65410
Loopback1
P1 Loopback1 - 5.5.5.5/32
P2 Loopback1 - 6.6.6.6/32
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure VLANs to which the interfaces belong according to Figure 3-15.
Step 2 Configure IGP on the MPLS backbone network so that PEs and P devices can interwork with
each other.
# Configure PE1.
# Assign IP addresses to interfaces. The IP address of a loopback interface must have a 32-bit
mask.
<PE1> system-view
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] ip address 100.1.1.1 30
[PE1-Vlanif10] quit
The configurations of PE2, PE3, PE4, P1, and P2 are the same as the configuration of PE1, and
are not mentioned here.
After the configuration, run the display ip routing-table command, and you can view that PE1
and PE3 can learn the loopback1 route of each other and PE2 and PE4 can learn the loopback1
route of each other.
For example, information about PE1 is displayed as follows:
[PE1] display ip routing-table
Routing Tables: Public
Destinations : 10 Routes : 10
Step 3 Configure basic MPLS functions and MPLS LDP, and set up LDP LSPs on the MPLS backbone
network.
# Configure PE1.
# Enable MPLS and LDP, specify the LSR ID as the IP address of the loopback interface, and
trigger setup of LSPs.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
# The configurations of PE2, PE3, PE4, P1, and P2 are the same as the configuration of PE1,
and are not mentioned here.
After the configuration, LDP sessions must be set up between PE1 and the P device, and between
PE2 and the P device. Run the display mpls ldp session command, and you can view that the
LDP sessions are in Operational state. Run the display mpls ldp lsp command, and you can
view status of LDP LSPs.
For example, information about PE1 is displayed as follows:
<PE1> display mpls ldp session
# Bind the interfaces connected to CEs to the corresponding VPNs and assign IP addresses to
these interfaces.
[PE1] interface vlanif 101
[PE1-Vlanif101] ip binding vpn-instance vpn1
[PE1-Vlanif101] ip address 10.1.1.2 30
[PE1-Vlanif101] quit
# Configure PE2.
# Create a VPN instance, and specify the RD and VPN target. The VPN targets of PE2 and the
MP-BGP peer PE must match each other to implement mutual access of sites on the same VPN.
# Configure PE3.
# Create a VPN instance and specify the RD and VPN target. The VPN targets of PE3 and the
MP-BGP peer PE must match each other to implement mutual access of sites on the same VPN.
# Bind the interfaces connected to CEs to the corresponding VPNs and assign IP addresses to
these interfaces.
[PE3] interface vlanif 103
[PE3-Vlanif103] ip binding vpn-instance vpn1
[PE3-Vlanif103] ip address 10.3.1.1 30
[PE3-Vlanif103] quit
# Configure PE4.
# Create a VPN instance and specify the RD and VPN target. The VPN targets of PE4 and the
MP-BGP peer PE to implement mutual access of sites on the same VPN.
[PE4] ip vpn-instance vpn1
[PE4-vpn-instance-vpn1] route-distinguisher 100:4
[PE4-vpn-instance-vpn1] vpn-target 1:1 both
[PE4-vpn-instance-vpn1] quit
# Bind the interfaces connected to CEs to the corresponding VPNs and assign IP addresses to
these interfaces.
[PE4] interface vlanif 104
[PE4-Vlanif104] ip binding vpn-instance vpn1
[PE4-Vlanif104] ip address 10.4.1.1 30
[PE4-Vlanif104] quit
# Assign IP addresses to the interfaces on CEs according to Figure 3-15. The configuration
details are not mentioned here.
# After the configuration, run the display ip vpn-instance verbose command on PEs, and you
can view configuration results of VPN instances.
For example, information about PE1 is displayed as follows:
<PE1> display ip vpn-instance verbose
Total VPN-Instances configured : 1
Step 5 Configure EBGP between PEs and CEs to import VPN routes.
# Configure CE1.
# Enable BGP, specify PE1 and PE2 as EBGP peers, and import direct routes.
[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] peer 10.2.1.2 as-number 100
[CE1-bgp] import-route direct
[CE1-bgp] quit
# Configure PE1.
# Enable BGP.
# In the BGP-VPN instance view, specify CEs as EBGP peers and import direct routes.
[PE1-bgp] ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1] peer 10.1.1.1 as-number 65410
[PE1-bgp-vpn1] import-route direct
[PE1-bgp-vpn1] quit
# Configure PE2.
# Enable BGP.
[PE2] bgp 100
# In the BGP-VPN instance view, specify CEs as EBGP peers and import direct routes.
[PE2-bgp] ipv4-family vpn-instance vpn1
[PE2-bgp-vpn1] peer 10.2.1.1 as-number 65410
[PE2-bgp-vpn1] import-route direct
[PE2-bgp-vpn1] quit
# Configure CE2.
# Enable BGP, specify PE3 and PE4 as EBGP peers, and import direct routes.
[CE2] bgp 65420
[CE2-bgp] peer 10.3.1.1 as-number 100
[CE2-bgp] peer 10.4.1.1 as-number 100
[CE2-bgp] import-route direct
[CE2-bgp] quit
# Configure PE3.
# Enable BGP.
[PE3] bgp 100
# In the BGP-VPN instance view, specify CEs as EBGP peers and import direct routes.
[PE3-bgp] ipv4-family vpn-instance vpn1
[PE3-bgp-vpn1] peer 10.3.1.2 as-number 65420
[PE3-bgp-vpn1] import-route direct
[PE3-bgp-vpn1] quit
# Configure PE4.
# Enable BGP.
[PE4] bgp 100
# In the BGP-IPv4 instance view, specify CEs as EBGP peers and import direct routes.
[PE4-bgp] ipv4-family vpn-instance vpn1
[PE4-bgp-vpn1] peer 10.4.1.2 as-number 65420
[PE4-bgp-vpn1] import-route direct
[PE4-bgp-vpn1] quit
After the configuration, run the display bgp vpnv4 vpn-instance vpn-instance-name peer
command on PEs, and you can view that BGP peer relationships are set up between PEs and
CEs and are in Established state. Each PE can ping its connected CE.
For example, information about PE1 is displayed as follows:
[PE1] display bgp vpnv4 vpn-instance vpn1 peer
# Configure PE1.
# Specify PE3 as the IBGP peer of PE1 and set up an IBGP connection through the loopback
interface.
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.3 as-number 100
[PE1-bgp] peer 3.3.3.3 connect-interface loopback 1
# In the VPNv4 address family view, enable the capability of exchanging VPN-IPv4 routing
information between PE1 and PE3.
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 3.3.3.3 enable
[PE1-bgp-af-vpnv4] quit
# Configure PE3.
# Specify PE1 as the IBGP peer of PE3 and set up an IBGP connection through the loopback
interface.
[PE3] bgp 100
[PE3-bgp] peer 1.1.1.1 as-number 100
[PE3-bgp] peer 1.1.1.1 connect-interface loopback 1
# In the VPNv4 address family view, enable the capability of exchanging VPN-IPv4 routing
information between PE3 and PE1.
[PE3-bgp] ipv4-family vpnv4
[PE3-bgp-af-vpnv4] peer 1.1.1.1 enable
[PE3-bgp-af-vpnv4] quit
# Configure PE2.
# Specify PE4 as the IBGP peer of PE2 and set up an IBGP connection through the loopback
interface.
[PE2] bgp 100
[PE2-bgp] peer 4.4.4.4 as-number 100
[PE2-bgp] peer 4.4.4.4 connect-interface loopback 1
# In the VPNv4 address family view, enable the capability of exchanging VPN-IPv4 routing
information between PE2 and PE4.
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 4.4.4.4 enable
[PE2-bgp-af-vpnv4] quit
# Configure PE4.
# Specify PE2 as the IBGP peer of PE4 and set up an IBGP connection through the loopback
interface.
[PE4] bgp 100
[PE4-bgp] peer 2.2.2.2 as-number 100
[PE4-bgp] peer 2.2.2.2 connect-interface loopback 1
# In the VPNv4 address family view, enable the capability of exchanging VPN-IPv4 routing
information between PE4 and PE2.
[PE4-bgp] ipv4-family vpnv4
[PE4-bgp-af-vpnv4] peer 2.2.2.2 enable
[PE4-bgp-af-vpnv4] quit
After the configuration, run the display bgp vpnv4 all peer command on PEs, and you can view
that BGP peer relationships are set up between PEs and are in Established state.
<PE1> display bgp vpnv4 all peer
BGP local router ID : 1.1.1.1
Local AS number : 100
Total number of peers : 2 Peers in established state : 2
Step 7 On CE1, enable load balancing for the traffic transmitted from CE1 to CE2.
[CE1] bgp 65410
[CE1-bgp] ipv4-family unicast
[CE1-bgp-af-ipv4] maximum load-balancing 2
Step 8 Configure a routing policy and increase the MED value of the BGP route that is advertised to
CE2 by PE3. In this manner, traffic is transmitted from CE2 to CE1 through PE4. In this case,
PE3 functions as the backup device.
[PE3] route-policy policy1 permit node 10
[PE3-route-policy] apply cost 120
[PE3-route-policy] quit
[PE3] bgp 100
[PE3-bgp] ipv4-family vpn-instance vpn1
[PE3-bgp-vpn1] peer 10.3.1.2 route-policy policy1 export
------------------------------------------------------------------------------
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 101 102 1001
#
interface Vlanif101
ip address 10.1.1.1 255.255.255.252
#
interface Vlanif102
ip address 10.2.1.1 255.255.255.252
#
interface Vlanif1001
ip address 1.5.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 101
port hybrid untagged vlan 101
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 102
port hybrid untagged vlan 102
#
interface GigabitEthernet3/0/0
port hybrid pvid vlan 1001
port hybrid untagged vlan 1001
#
bgp 65410
peer 10.1.1.2 as-number 100
peer 10.2.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
maximum load-balancing 2
peer 10.1.1.2 enable
peer 10.2.1.2 enable
#
return
#
sysname PE1
#
vlan batch 10 101
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface Vlanif101
ip binding vpn-instance vpn1
ip address 10.1.1.2 64
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 101
port hybrid untagged vlan 101
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable
#
ipv4-family vpn-instance vpn1
peer 10.1.1.1 as-number 65410
import-route direct
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 20 102
#
ip vpn-instance vpn1
route-distinguisher 100:2
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0002.00
#
interface Vlanif20
ip address 100.2.1.1 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface Vlanif102
ip binding vpn-instance vpn1
ip address 10.2.1.2 255.255.255.252
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 102
port hybrid untagged vlan 102
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
isis enable 1
#
bgp 100
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 4.4.4.4 enable
#
ipv4-family vpnv4
policy vpn-target
peer 4.4.4.4 enable
#
ipv4-family vpn-instance vpn1
peer 10.2.1.1 as-number 65410
import-route direct
#
return
l Configuration file of P1
#
sysname P1
#
vlan batch 10 30
#
mpls lsr-id 5.5.5.5
mpls
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0005.00
#
interface Vlanif 10
ip address 100.1.1.2 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface Vlanif 30
ip address 100.3.1.1 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface LoopBack1
ip address 5.5.5.5 255.255.255.255
isis enable 1
#
return
l Configuration file of P2
#
sysname P2
#
vlan batch 20 40
#
mpls lsr-id 6.6.6.6
mpls
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0006.00
#
interface Vlanif20
ip address 100.2.1.2 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface Vlanif40
ip address 100.4.1.1 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface LoopBack1
ip address 6.6.6.6 255.255.255.255
isis enable 1
#
return
l Configuration file of PE3
sysname PE3
#
vlan batch 30 103
#
ip vpn-instance vpn1
route-distinguisher 100:3
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0003.0
#
interface Vlanif30
ip address 100.3.1.2 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface Vlanif 103
ip binding vpn-instance vpn1
ip address 10.3.1.1 255.255.255.252
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 103
port hybrid untagged vlan 103
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family vpn-instance vpn1
peer 10.3.1.2 as-number 65420
peer 10.3.1.2 route-policy policy1 export
import-route direct
#
route-policy policy permit node 10
apply cost 120
#
return
l Configuration file of PE4
#
sysname PE4
#
vlan batch 40 104
#
ip vpn-instance vpn1
route-distinguisher 100:4
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0004.00\
#
interface Vlanif40
ip address 100.4.1.2 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface Vlanif 104
ip binding vpn-instance vpn1
ip address 10.4.1.1. 255.255.255.252
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 104
port hybrid untagged vlan 104
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
isis enable 1
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable
#
ipv4-family vpn-instance vpn1
peer 10.4.1.2 as-number 65420
import-route direct
#
return
l Configuration file of CE2
#
sysname CE2
#
vlan batch 103 104 1002
#
interface Vlanif 103
ip address 10.3.1.2 255.255.255.252
#
interface Vlanif 104
ip address 10.4.1.2 255.255.255.252
#
interface Vlanif 1002
ip address 1.6.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 103
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 104
#
interface GigabitEthernet3/0/0
port link-type trunk
port trunk allow-pass vlan 1002
#
bgp 65420
router-id 20.20.20.20
peer 10.3.1.1 as-number 100
peer 10.4.1.1. as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.3.1.1 enable
peer 10.4.1.1. enable
#
return
Loopback1
VPN backbone 2.2.2.2/32
PE2
AS100 GE2/0/0
GE1/0/0 vpn1 site
GE2/0/0 GE1/0/0
Link_A
AS65410
PE1 CE1
Loopback1 Link_B GE3/0/0
1.1.1.1/32 GE3/0/0 GE2/0/0
GE1/0/0 GE2/0/0
PE3
Loopback1
3.3.3.3/32
Loopback1 - 1.1.1.1/32
Loopback1 - 2.2.2.2/32
Loopback1 - 3.3.3.3/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure OSPF on the backbone routers (PE1, PE2, and PE3) to implement interworking
of these backbone routers.
2. Enable MPLS capability on the MPLS backbone and establish an LDP LSP.
3. Configure a VPN instance on PE1, PE2, and PE3 and connect CE1 to PE2 and PE3.
4. Establish EBGP adjacencies between the PEs and CE1 and import VPN routes. Establish
MP-IBGP adjacencies between the PEs.
5. On PE1, configure a routing policy for VPN FRR, configure the backup next hop, and
enable VPN FRR. If the VPN FRR is not required, run the undo vpn frr command to
disable this function.
Data Preparation
To complete the configuration, you need the following data:
l Name of VPN instance, RD, and VPN target (111:1) on PE
l Name of the routing policy on PE1 and IP prefix
Procedure
Step 1 Configure the VLAN on each interface. The configuration procedure is not given here.
Step 2 Configure IP addresses of interfaces on the VPN backbone network and VPN sites. The
configuration procedure is not mentioned here.
Step 3 Configure OSPF on the MPLS backbone network to implement interworking of the PEs. The
configuration procedure is not mentioned here.
Step 4 Configure basic MPLS functions and MPLS LDP on the MPLS backbone network and set up
LDP LSPs.
# Configure PE1.
<PE1> system-view
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] label advertise non-null
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] mpls
[PE1-Vlanif10] mpls ldp
[PE1-Vlanif10] quit
[PE1] interface vlanif 30
[PE1-Vlanif30] mpls
[PE1-Vlanif30] mpls ldp
[PE1-Vlanif30] quit
# Configure PE2.
<PE2> system-view
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls
[PE2-mpls] label advertise non-null
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 10
[PE2-Vlanif10] mpls
[PE2-Vlanif10] mpls ldp
[PE2-Vlanif10] quit
# Configure PE3.
<PE3> system-view
[PE3] mpls lsr-id 3.3.3.3
[PE3] mpls
[PE3-mpls] label advertise non-null
[PE3-mpls] quit
[PE3] mpls ldp
[PE3-mpls-ldp] quit
[PE3] interface vlanif 30
[PE3-Vlanif30] mpls
[PE3-Vlanif30] mpls ldp
[PE3-Vlanif30] quit
Run the display mpls lsp command on the PEs, and you can see that LSPs are established
between PE1 and PE2 and between PE1 and PE3. Take PE1 for example.
[PE1] display mpls lsp
----------------------------------------------------------------------
LSP Information: LDP LSP
----------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
3.3.3.3/32 NULL/1025 -/Vlanif30
1.1.1.1/32 1024/NULL -/-
3.3.3.3/32 1025/1025 -/Vlanif30
2.2.2.2/32 NULL/1026 -/Vlanif10
2.2.2.2/32 1027/1026 -/Vlanif10
Step 5 Configure VPN instances on each PE and connect the CEs to the PEs.
# Configure PE1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 111:1
[PE1-vpn-instance-vpn1] quit
# Configure PE2.
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:2
[PE2-vpn-instance-vpn1] vpn-target 111:1
[PE2-vpn-instance-vpn1] quit
[PE2] interface vlanif 20
[PE2-Vlanif20] ip binding vpn-instance vpn1
[PE2-Vlanif20] ip address 10.1.1.2 30
[PE2-Vlanif20] quit
# Configure PE3.
[PE3] ip vpn-instance vpn1
[PE3-vpn-instance-vpn1] route-distinguisher 100:3
[PE3-vpn-instance-vpn1] vpn-target 111:1
[PE3-vpn-instance-vpn1] quit
[PE3] interface vlanif 40
[PE3-Vlanif40] ip binding vpn-instance vpn1
[PE3-Vlanif40] ip address 10.2.1.2 30
[PE3-Vlanif40] quit
Step 6 Import direct VPN routes to PE1. Create EBGP adjacencies between PE2 and CE and between
PE3 and CE to import VPN routes.
# Configure PE1.
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] ipv4-family vpn-instance vpn1
[PE2-bgp-vpn1] peer 10.1.1.1 as-number 65410
[PE2-bgp-vpn1] import-route direct
[PE2-bgp-vpn1] quit
# Configure PE3.
[PE3] bgp 100
[PE3-bgp] ipv4-family vpn-instance vpn1
[PE3-bgp-vpn1] peer 10.2.1.1 as-number 65410
[PE3-bgp-vpn1] import-route direct
[PE3-bgp-vpn1] quit
# Configure CE.
<CE> system-view
[CE] bgp 65410
[CE-bgp] peer 10.1.1.2 as-number 100
[CE-bgp] peer 10.2.1.2 as-number 100
[CE-bgp] import-route direct
[CE-bgp] network 10.3.1.0 24
[CE-bgp] quit
Run the display bgp vpnv4 all peer command on PE2 and PE3, and you can see that EBGP
adjacencies are established between PEs and CE.
Take PE2 for example.
[PE2] display bgp vpnv4 all peer
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.1 as-number 100
[PE2-bgp] peer 1.1.1.1 connect-interface loopback 1
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.1 enable
[PE2-bgp-af-vpnv4] quit
# Configure PE3.
[PE3] bgp 100
[PE3-bgp] peer 1.1.1.1 as-number 100
[PE3-bgp] peer 1.1.1.1 connect-interface loopback 1
[PE3-bgp] ipv4-family vpnv4
[PE3-bgp-af-vpnv4] peer 1.1.1.1 enable
[PE3-bgp-af-vpnv4] quit
Run the display bgp vpnv4 all peer command on the PEs, and you can see that MP-IBGP
adjacencies are established between PEs.
# View the backup next hop, backup label, and backup tunnel ID.
<PE1> display ip routing-table vpn-instance vpn1 10.3.1.0 verbose
Routing Table : vpn1
Summary Count : 1
Destination: 10.3.1.0/24
Protocol: BGP Process ID: 0
Preference: 255 Cost: 0
NextHop: 2.2.2.2 Neighbour: 2.2.2.2
State: Active Adv GotQ Age: 00h15m06s
Tag: 0 Priority: 0
Label: 11264 QoSInfo: 0x0
RelayNextHop: 0.0.0.0 Interface: Vlanif10
TunnelID: 0x10002
BkNextHop: 3.3.3.3 BkInterface:
BkLabel: 11264 SecTunnelID: 0x0
BkPETunnelID: 0x10001 BkPESecTunnelID: 0x0
Step 10 To disable VPN FRR, run the undo vpn frr command.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] undo vpn frr
[PE1-vpn-instance-vpn1] quit
# After disabling VPN FRR, view the backup next hop, backup label, and backup tunnel ID.
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
vlan batch 10 30
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn frr route-policy vpn_frr_rp
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
label advertise non-null
#
mpls ldp
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.252
mpls
mpls ldp
#
interface Vlanif30
ip address 100.2.1.1 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet3/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack1
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
peer 3.3.3.3 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable
peer 3.3.3.3 enable
#
ipv4-family vpn-instance vpn1
import-route direct
#
ospf 1
area 0.0.0.0
network 100.1.1.0 0.0.0.3
network 100.2.1.0 0.0.0.3
network 1.1.1.1 0.0.0.0
#
ip ip-prefix vpn_frr_list permit 2.2.2.2 32
#
route-policy vpn_frr_rp permit node 10
#
ip vpn-instance vpn1
route-distinguisher 100:3
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
mpls lsr-id 3.3.3.3
mpls
label advertise non-null
#
mpls ldp
#
interface Vlanif 30
ip address 100.2.1.2 255.255.255.252
mpls
mpls ldp
#
interface Vlanif 40
ip binding vpn-instance vpn1
ip address 10.2.1.2 255.255.255.252
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family vpn-instance vpn1
peer 10.2.1.1 as-number 65410
import-route direct
#
ospf 1
area 0.0.0.0
network 100.2.1.0 0.0.0.3
network 3.3.3.3 0.0.0.0
#
Return
l Configuration file of CE
#
sysname CE
#
vlan batch 20 40 50
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.252
#
interface Vlanif40
ip address 10.2.1.1 255.255.255.252
#
interface Vlanif50
ip address 10.3.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface GigabitEthernet3/0/0
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
bgp 65410
peer 10.1.1.2 as-number 100
peer 10.2.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
network 10.3.1.0 255.255.255.0
import-route direct
peer 10.1.1.2 enable
peer 10.2.1.2 enable
#
return
Networking Requirements
CE1 and CE2 are deployed on the same VPN. As backbone network devices, PE1, P device,
and PE2 are connected through IS-IS in the same AS. CE1 is connected to PE1, between which
BGP is run; CE2 is connected to PE2, between which OSPF is run, as shown in Figure 3-17.
CE1 CE2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure BGP/MPLS IP VPN.
2. Configure IGP GR of the backbone network.
3. Configure MPLS LDP GR of the backbone network.
4. Configure GR of routing protocols between PEs and CEs.
5. Configure BGP GR.
Data Preparation
To complete the configuration, you need the following data:
l VPN instance name, Router Distinguisher (RD), and VPN target
l Interval for IS-IS to reestablish GR sessions (this example retains the default value, that is,
300 seconds)
l Time for reestablishing MPLS LDP sessions (this example retains the default value, that
is, 300 seconds) and value of the neighbor-liveness timer (this example retains the default
value, that is, 600 seconds)
l BGP-allowed maximum interval for the peer end to reestablish GR sessions (this example
retains the default value, that is, 150 seconds)
l Time for waiting for End-of-RIB messages (this example retains the default value, that is,
600 seconds)
l Data of the routing protocols between PEs and CEs (in this example, BGP is run between
CE1 and PE1 and OSPF is run between CE2 and PE2)
l Data required for configuring IGP of the backbone network (this example uses IS-IS)
Procedure
Step 1 Create VLANs and add interfaces to the VLANs.
# Configure PE1.
<Quidway> system-view
[Quidway] sysname PE1
[PE1] vlan batch 10 20
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] port link-type trunk
[PE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] port link-type trunk
[PE1-GigabitEthernet2/0/0] port trunk allow-pass vlan 20
[PE1-GigabitEthernet2/0/0] quit
# The configurations of the P device, PE2, CE2, and CE1 are the same as the configuration of
PE1, and are not mentioned here.
Use IS-IS as the IGP protocol of the backbone network, enable LDP between PE1 and PE2, and
set up MP-IBGP peer relationships.
# Configure PE1.
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] isis 1
[PE1-isis-1] network-entity 10.0000.0000.0001.00
[PE1-isis-1] quit
[PE1] interface loopback 1
[PE1-LoopBack1] isis enable 1
[PE1-LoopBack1] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip address 100.1.1.1 30
[PE1-Vlanif20] isis enable 1
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.9 as-number 100
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 3.3.3.9 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit
# Configure PE2.
After the configuration, run the display mpls ldp session command on PE1 or PE2, and you
can view that the LDP session is set up and is in Operational state. Run the display bgp vpnv4
all peer command, and you can view that the BGP peer relationship is set up and is in Established
state. Run the display isis peer command, and you can view that the IS-IS neighbor relationship
is set up and is in Up state.
Step 3 Create VPN instances and configure CEs to access these instances.
Create a VPN instance of VPN1 on PE1 and configure CE1 to access the instance; create a VPN
instance of VPN1 on PE2 and configure CE2 to access the instance. Then configure EBGP
between CE1 and PE1 and configure OSPF between CE2 and PE2.
# Configure CE1.
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 30
[CE1-Vlanif10] quit
[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] import-route direct
[CE1-bgp] quit
# Configure PE1.
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 111:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] ip binding vpn-instance vpn1
[PE1-Vlanif10] ip address 10.1.1.2 30
[PE1-Vlanif10] quit
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1] peer 10.1.1.1 as-number 65410
[PE1-bgp-vpn1] quit
[PE1-bgp] quit
# Configure PE2.
# Configure CE2.
[CE2] interface vlanif 40
[CE2-Vlanif40] ip address 10.2.1.1 30
[CE2-Vlanif40] quit
[CE2] ospf 2
[CE2-ospf-2] area 0
[CE2-ospf-2-area-0.0.0.0] network 10.2.1.0 0.0.0.3
[CE2-ospf-2-area-0.0.0.0] quit
[CE2-ospf-2] import-route direct
[CE2-ospf-2] quit
The configuration of BGP/MPLS IP VPN is complete. CE1 can communicate with CE2.
Step 4 Configure IGP GR of the backbone network.
Configure IGP GR on PE1, P device, and PE2 on the backbone network.
# Configure PE1.
[PE1] isis 1
[PE1-isis-1] graceful-restart
[PE1-isis-1] quit
# Configure PE2.
[PE2] isis 1
[PE2-isis-1] graceful-restart
[PE2-isis-1] quit
Run the display isis graceful-restart status command on PE1, P device, and PE2, and you can
view that IS-IS GR is configured successfully.
For example, information about PE1 is displayed as follows:
[PE1] display isis graceful-restart status
# Configure PE2.
[PE2] mpls ldp
[PE2-mpls-ldp] graceful-restart
[PE2-mpls-ldp] quit
# Configure CE1.
[CE1] bgp 65410
[CE1-bgp] graceful-restart
[CE1-bgp] quit
# Configure PE2.
[PE2] ospf 2 vpn-instance vpn1
[PE2-ospf-2] opaque-capability enable
[PE2-ospf-2] graceful-restart
[PE2-ospf-2] quit
# Configure CE2.
[CE2] ospf 2
[CE2-ospf-2] opaque-capability enable
[CE2-ospf-2] graceful-restart
[CE2-ospf-2] quit
Run the display ospf brief command on PE2 or CE2, and you can view that OSPF GR is
configured successfully.
For example, information about PE2 is displayed as follows:
[PE2] display ospf brief
OSPF Process 2 with Router ID 10.2.1.2
Run the display bgp vpnv4 all peer verbose command on PE1, and you can view that IBGP
GR between PE1 and PE2 and EBGP GR between PE1 and CE1 are configured successfully.
[PE1] display bgp vpnv4 all peer verbose
Update-group ID : 1
BGP current state: Established, Up for 00h43m05s
BGP current event: KATimerExpired
BGP last state: OpenConfirm
BGP Peer Up count: 2
Received total routes: 2
Received active routes total: 2
Advertised total routes: 2
Port: Local - 49941 Remote - 179
Configured: Active Hold Time: 180 sec Keepalive Time:60 sec
Received : Active Hold Time: 180 sec
Negotiated: Active Hold Time: 180 sec Keepalive Time:60 sec
Peer optional capabilities:
Peer supports bgp multi-protocol extension
Peer supports bgp route refresh capability
Peer supports bgp 4-byte-as capability
Graceful Restart Capability: advertised and received
Restart Timer Value received from Peer: 150 seconds
Address families preserved for peer in GR:
IPv4 Unicast (was preserved)
Address family IPv4 Unicast: advertised and received
Received: Total 25 messages
Update messages 4
Open messages 1
KeepAlive messages 20
Notification messages 0
Refresh messages 0
Sent: Total 28 messages
Update messages 9
Open messages 1
KeepAlive messages 18
Notification messages 0
Refresh messages 0
Authentication type configured: None
Last keepalive received: 2009-09-26 14:13:38
Minimum route advertisement interval is 30 seconds
Optional capabilities:
You can view that the communication between CE1 and CE2 is not interrupted.
NOTE
If two or more neighboring devices among CE1, PE1, PE2, and CE2 perform active/standby switchover,
the current communication may be interrupted.
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
vlan batch 10 20
#
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
graceful-restart
#
isis 1
graceful-restart
network-entity 10.0000.0000.0001.00
#
interface Vlanif 10
ip binding vpn-instance vpn1
ip address 10.1.1.2 255.255.255.252
#
interface Vlanif 20
ip address 100.1.1.1 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
isis enable 1
#
bgp 100
graceful-restart
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpn1
peer 10.1.1.1 as-number 65410
import-route direct
#
return
l Configuration file of the P device
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
graceful-restart
#
isis 1
network-entity 10.0000.0000.0002.00
graceful-restart
#
interface Vlanif 20
ip address 100.1.1.2 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface Vlanif 30
ip address 100.2.1.1 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 30
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
isis enable 1
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 30 40
#
ip vpn-instance vpn1
route-distinguisher 100:2
bgp 65410
graceful-restart
peer 10.1.1.2 as-number 100
import-route direct
#
return
Figure 3-18 Networking diagram for configuring double reflectors to optimize VPN backbone
layer
Loopback1 Loopback1
2.2.2.9/32 3.3.3.9/32
P1 GE2/0/0 GE1/0/0 P2
GE1/0/0 GE1/0/0
Loopback1 Loopback1
1.1.1.9/32 GE3/0/0 GE3/0/0 4.4.4.9/32
PE1 GE2/0/0 GE2/0/0 PE2
GE1/0/0 GE1/0/0
AS65410 AS65420
CE1 CE2
Loopback1 1.1.1.9/32
Loopback1 4.4.4.9/32
Loopback1 2.2.2.9/32
Loopback1 3.3.3.9/32
As shown in Figure 3-18, PE1, PE2, P1, and P2 are on the backbone network AS100. CE1 and
CE2 belong to VPNA. Select P1 and P2 as the RRs of the VPN.
Configuration Roadmap
The configuration roadmap is as follows:
1. Set up MP-IBGP adjacencies between the PEs and RRs.
2. Set up EBGP adjacencies between the PE and CEs.
3. Enable MPLS LSP on the public tunnel and enable MPLS LDP on the devices and interfaces
along the tunnel.
4. Configure P1 and P2 to be the backup of each other and configure the same RR ID for them.
5. P1 and P2 need to store all VPNv4 routing information and advertise the routing information
to PEs, so configure P1 and P2 to accept all the VPNv4 routing information without filtering
the routing information based on VPN targets.
NOTE
At least two paths that do not use the same network segment and node must exist between the RR and PE;
otherwise, the double RRs are unnecessary.
Data Preparation
To complete the configuration, you need the following data:
l ID of the VLAN that each interface belongs to and IP address of each interface, as shown
in Figure 3-18
l MPLS LSR-IDs of PE and ASBR-PEs
l Names, RDs, and VPN targets of the VPN instances created on PE1 and PE2
l Routing protocol used to exchange routing information between the PE and CEs (EBGP is
used in this example)
l Convergence priorities of the routes in the VPN instances
l Name of the RD and name of the routing policy
Procedure
1. Configure the VLAN on each interface. The configuration procedure is not given here.
2. Configure an IGP protocol on the MPLS backbone network to implement interworking of
devices along the LSP.
OSPF is used as the IGP protocol in this example. The configuration procedure is not given
here.
NOTE
The address of the loopback interface, which functions as the LSR ID, must be advertised.
After the configuration, devices along the LSP can learn the address of the loopback
interface of each other.
Take PE1 for example.
<PE1> display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 19 Routes : 21
For the configuration procedure, see Example for Configuring the BGP/MPLS IP
VPN. The configuration details are not mentioned here.
5. Set up EBGP peer relation between the PE and the CE and import VPN routes.
For the configuration procedure, see Example for Configuring the BGP/MPLS IP
VPN. The configuration details are not mentioned here.
6. Set up the MP-IBGP peer relation between PEs and RRs.
# Configure PE1.
<PE1> system-view
[PE1] bgp 100
[PE1-bgp] peer 2.2.2.9 as-number 100
[PE1-bgp] peer 2.2.2.9 connect-interface loopback 1
[PE1-bgp] peer 3.3.3.9 as-number 100
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 2.2.2.9 enable
[PE1-bgp-af-vpnv4] peer 3.3.3.9 enable
[PE1-bgp-af-vpnv4] quit
# Configure P1.
<P1> system-view
[P1] bgp 100
[P1-bgp] group P1 internal
[P1-bgp] peer P1 connect-interface loopback 1
[P1-bgp] peer 1.1.1.9 group P1
[P1-bgp] peer 3.3.3.9 group P1
[P1-bgp] peer 4.4.4.9 group P1
[P1-bgp] ipv4-family vpnv4
[P1-bgp-af-vpnv4] peer P1 enable
[P1-bgp-af-vpnv4] peer 1.1.1.9 group P1
[P1-bgp-af-vpnv4] peer 3.3.3.9 group P1
[P1-bgp-af-vpnv4] peer 4.4.4.9 group P1
[P1-bgp-af-vpnv4] quit
[P1-bgp] quit
# Configure P2.
<P2> system-view
[P2] bgp 100
[P2-bgp] group P2 internal
[P2-bgp] peer P2 connect-interface loopback 1
[P2-bgp] peer 1.1.1.9 group P2
[P2-bgp] peer 2.2.2.9 group P2
[P2-bgp] peer 4.4.4.9 group P2
[P2-bgp] ipv4-family vpnv4
[P2-bgp-af-vpnv4] peer P2 enable
[P2-bgp-af-vpnv4] peer 1.1.1.9 group P2
[P2-bgp-af-vpnv4] peer 2.2.2.9 group P2
[P2-bgp-af-vpnv4] peer 4.4.4.9 group P2
[P2-bgp-af-vpnv4] quit
[P2-bgp] quit
# Configure PE2.
The configuration procedure of PE2 is similar to the configuration procedure of PE1 and
is not mentioned.
After the configuration, run the display bgp vpnv4 all peer command on the PEs, and you
can see that the BGP adjacencies are established between the PEs and RRs. The EBGP
adjacencies are established between the PE and CEs.
Take the display on PE1 and P1 for example.
<PE1> display bgp vpnv4 all peer
# Configure P2.
[P2] bgp 100
[P2-bgp] ipv4-family vpnv4
[P2-bgp-af-vpnv4] reflector cluster-id 100
[P2-bgp-af-vpnv4] peer P2 reflect-client
[P2-bgp-af-vpnv4] undo policy vpn-target
[P2-bgp-af-vpnv4] quit
If CE1 and CE2 can ping each other, it indicates that the RRs are successfully configured.
After running the shutdown command in the view of VLANIF 40 on PE1 and the view of
VLANIF 50 on PE2, you can see that CE1 can ping CE2. This indicates that the RRs are
successfully configured.
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
vlan batch 10 40 60
#
ip vpn-instance vpna
route-distinguisher 100:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface Vlanif10
ip address 100.1.2.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 100.1.3.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif60
ip binding vpn-instance vpna
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
interface GigabitEthernet3/0/0
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpna
peer 10.1.1.1 as-number 65410
import-route direct
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 100.1.2.0 0.0.0.255
network 100.1.3.0 0.0.0.255
#
return
l Configuration file of P1
#
sysname P1
#
Vlan batch 10 20 50
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif10
ip address 100.1.2.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif20
ip address 100.2.3.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
ip address 100.2.4.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet3/0/0
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
peer 4.4.4.9 as-number 100
peer 1.1.1.9 as-number 100
peer 3.3.3.9 as-number 100
group P1 internal
peer P1 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
undo peer 4.4.4.9 enable
undo peer 1.1.1.9 enable
undo peer 3.3.3.9 enable
peer P1 enable
#
ipv4-family vpnv4
reflector cluster-id 100
undo policy vpn-target
peer P1 enable
peer P1 reflect-client
peer 1.1.1.9 enable
peer 1.1.1.9 group P1
peer 3.3.3.9 enable
peer 3.3.3.9 group P1
peer 4.4.4.9 enable
peer 4.4.4.9 group P1
#
ospf 1
area 0.0.0.0
network 100.1.2.0 0.0.0.255
network 100.2.3.0 0.0.0.255
network 100.2.4.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return
l Configuration file of P2
#
sysname P2
#
vlan batch 20 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 100.2.3.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 100.3.4.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 100.1.3.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet3/0/0
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
peer 4.4.4.9 as-number 100
peer 1.1.1.9 as-number 100
peer 2.2.2.9 as-number 100
group P2 internal
peer P2 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
undo peer 4.4.4.9 enable
undo peer 1.1.1.9 enable
undo peer 2.2.2.9 enable
peer P2 enable
#
ipv4-family vpnv4
reflector cluster-id 100
undo policy vpn-target
peer P2 enable
peer P2 reflect-client
peer 1.1.1.9 enable
peer 1.1.1.9 group P2
peer 2.2.2.9 enable
peer 2.2.2.9 group P2
peer 4.4.4.9 enable
peer 4.4.4.9 group P2
#
ospf 1
area 0.0.0.0
network 100.2.3.0 0.0.0.255
network 100.3.4.0 0.0.0.255
network 100.1.3.0 0.0.0.255
network 3.3.3.9 0.0.0.0
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 30 50 70
#
ip vpn-instance vpna
route-distinguisher 100:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 4.4.4.9
mpls
#
mpls ldp
#
interface Vlanif30
ip address 100.3.4.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
ip address 100.2.4.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif70
ip binding vpn-instance vpna
ip address 10.2.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 70
port hybrid untagged vlan 70
#
interface GigabitEthernet3/0/0
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
interface LoopBack1
ip address 4.4.4.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.9 enable
peer 2.2.2.9 enable
#
ipv4-family vpn-instance vpna
peer 10.2.1.1 as-number 65420
import-route direct
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 100.3.4.0 0.0.0.255
network 100.2.4.0 0.0.0.255
#
return
interface GigabitEthernet1/0/0
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
bgp 65410
peer 10.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
peer 10.1.1.2 enable
#
return
This chapter describes the BGP/MPLS IPv6 VPN configuration, including the comparison
between the IPv6 VPN and IPv4 VPN, common networking of the BGP/MPLS IPv6 VPN, and
configurations to ensure the reliability of the BGP/MPLS IPv6 VPN.
Figure 4-1 Schematic diagram of the IPv6 VPN over the IPv4 public network
IPv4 VPN backbone
P PE CE
IPv6
CE PE VPN site
IPv6 P
VPN site
PE
CE
IPv6
VPN site
Currently, the S7700 supports the following IPv6 VPN networking schemes:
l Intranet VPN
l Extranet VPN
l Hub and Spoke
l Inter-AS VPN (both inter-AS and multi-AS backbones)
For description about these networking schemes, refer to 3 BGP MPLS IP VPN
Configuration in this manual.
Basic Networking
The S7700 supports the VPN route exchange between PEs through MP-IBGP. To ensure that a
PE and a CE can exchange routes, you can configure the static route, RIPng multi-instance, IS-
IS multi-instance, or BGP4+. The S7700 uses VPN targets to control the transmission of VPN
routes; thus, multiple VPN networking topologies.
Generally, LSPs or MPLS TE tunnels are configured as the tunnels of VPN backbone networks.
If PEs support MPLS functions and Ps support IP functions rather than MPLS functions, GRE
tunnels can be configured.
Reliability
To improve the reliability of a VPN, generally, the following networking modes are adopted.
l The backbone network is an MPLS network, on which the devices adopt hierarchical
backup and are fully connected through high-speed interfaces. If the number of PEs is large,
use the BGP route reflector to reflect IPv6 VPN routes to decrease the number of MP IBGP
connections.
l The convergence layer is of either a mesh topology or a ring topology.
l The dual-homed CE or multi-homed CE is configured on the access layer.
The S7700 does not support VPNv6 GR.
Applicable Environment
The IPv6 VPN instance is used to isolate IPv6 VPN routes and public routes. Routes in different
IPv6 VPN instance are isolated from each other, and IPv6 VPN routes and IPv4 VPN routes are
isolated from each other. In all the BGP/MPLS IPv6 VPN networking scenarios, you should
configure IPv6 VPN instance.
The IPv6 VPN instance implements isolation of address spaces through the RD, and controls
IPv6 VPN membership and routing rules through the VPN-Target attribute.
To control the advertisement of IPv6 VPN routes more accurately with the VPN target attribute,
use import and export routing policies. The import routing policy is used to filter the routes
imported to the IPv6 VPN instance. The export routing policy is used to filter the routes exported
to other PEs.
Pre-configuration Tasks
Before configuring an IPv6 VPN instance, complete the following tasks:
l Enabling IPv6 on PEs and on the interfaces that need to be configured with IPv6
l Configuring routing policies if the import or export routing policy needs to be applied to
the IPv6 VPN instance
Data Preparation
To configure IPv6 VPN instance, you need the following data.
No. Data
5 (Optional) Routing policy that controls the receiving and sending of IPv6 VPN routes
Context
Do as follows on the PE device that is connected to the CE device:
Procedure
Step 1 Run:
system-view
An IPv6 VPN instance is created and the IPv6 VPN instance view is displayed.
NOTE
The name of the IPv6 VPN instance is case sensitive. For example, vpn1 and VPN1 are considered as
different IPv6 VPN instances.
No default IPv6 VPN instance exists on a PE, and multiple IPv6 VPN instances can be created
on the PE.
Step 3 Run:
route-distinguisher route-distinguisher
NOTE
The RD cannot be changed or deleted once it is configured. To change the RD, you need to delete the IPv6
VPN instance and then re-configure a IPv6 VPN instance and an RD. To delete the RD, you need only to
delete the IPv6 VPN instance.
----End
Context
Do as follows on the PE device that is configured with IPv6 VPN Instance .
NOTE
Procedure
Step 1 Run:
system-view
An IPv6 VPN-Target extended community is created for the IPv6 VPN Instance .
VPN target is the extended community attribute of the Border Gateway Protocol (BGP). It is
used to control the advertisement of VPN routing information. You can configure a maximum
of 8 IPv6 VPN-Targets with the vpn-target command.
You can define the maximum number of routes that can be supported by the IPv6 VPN Instance
to avoid a PE importing too many IPv6 VPN routes.
NOTE
If the routing-table limit command is run, the system gives a prompt when the number of routes injected
into the routing table of the VPN instance exceeds the upper limit. If the routing-table limit command to
increase the maximum number of routes supported in an IPv6 VPN instance or the undo routing-table
limit command is run to remove the limit on the routing table, for excess routes, the following operations
are required:
l For the excessive static routes, you need to reconfigure them manually.
l For the excessive routes learnt from CEs through the IGP multi-instance routing protocol, you need to
re-initiate the multi-instance process of the routing protocol on the PE.
l For the remote cross routes learnt through the MP-IBGP and the BGP routes learnt from CEs, the
system automatically refreshes them.
You can define the maximum number of prefixes for the IPv6 VPN instance to avoid importing
too many prefixes from the CE.
The frequency of displaying logs when the number of routes exceeds the threshold is configured.
----End
Context
Do as follows on the PE device that is configured with IPv6 VPN Instance.
Procedure
Step 1 Run:
system-view
The label is allocated based on the IPv6 VPN Instance. That is, all the routes in the IPv6 VPN
Instance use the same label.
By default, the MPLS labels are allocated on a one label per route basis. When the number of
routes becomes more, more labels are required.
The S7700 provides the feature of the MPLS label allocation based on the IPv6 VPN Instance,
that is, all the routes of the IPv6 VPN Instance share the same label.
----End
Prerequisite
The configurations of the IPv6 VPN instance function are complete.
Procedure
l Run the display ipv6 vpn6-instance verbose vpn6-instance-name command to view
detailed information about the IPv6 VPN instance.
l Run the display ipv6 vpn6-instance brief vpn6-instance-name command to view brief
information about the IPv6 VPN instance.
----End
Example
Run the display ipv6 vpn6-instance brief command. If brief information including the RD and
creating time about the VPN instance is displayed, it means the configuration succeeds. For
example:
<Quidway> display ipv6 vpn6-instance brief vpn1
VPN6-Instance Name RD Creation Time
vpn1 1:1 2010/01/20 14:39:40
<Quidway> display ipv6 vpn6-instance brief vpn2
VPN6-Instance Name RD Creation Time
vpn2 2:2 2010/01/05 21:57:49
8:00
Run the display ipv6 vpn6-instance verbose command. If detailed information including
creating date, period during which the VPN instance is Up, the RD value, VPN target, and the
policy for label allocation about the VPN instance is displayed, it means the configuration
succeeds. For example:
<Quidway> display ipv6 vpn6-instance verbose vpn1
VPN6-Instance Name and ID : vpn1, 1
Create date : 2010/01/20 14:39:40
Up time : 0 days, 00 hours, 11 minutes and 00 seconds
Route Distinguisher : 1:1
Export VPN Targets : 1:2
Import VPN Targets : 1:1, 1:2
Label Policy : label per route
Log Interval : 5
Interfaces : GigabitEthernet1/0/0
<Quidway> display ipv6 vpn6-instance verbose vpn2
VPN6-Instance Name and ID : vpn2, 1
Create date : 2010/01/05 21:57:49
Up time : 0 days, 00 hours, 03 minutes and 41 seconds
Route Distinguisher : 2:2
Export VPN Targets : 2:2
Import VPN Targets : 2:2
Label Policy : label per route
Import Route Policy : po1
Description : huawei
Maximum Routes Limit : 2000
Log Interval : 5
Interfaces : Vlanif222
Applicable Environment
The BGP/MPLS IPv6 VPN networking mentioned in this section involves only a carrier and an
MPLS backbone network (not inter-provider), and LSP serves as the public tunnel. The functions
of the PE, the P and the CE are simple. None of them serves as both the PE and the CE.
Certain special BGP/MPLS IPv6 VPN networking scenarios such as, inter-provider VPN and
Carrier's Carrier need additional configurations. For more information, see the related sections
in this chapter.
When configuring the BGP/MPLS IPv6 VPN, management of the advertisement of VPN routes
on the MPLS backbone networks is a key task, including the management of routes
advertisement between the PE and the CE, and between the PEs.
For the route exchange between the PE and the CE, you can configure static routes, RIPng multi-
instance, IS-ISv6 multi-instance or BGP4+ according to the networking situations. The MP-
IBGP is adopted between the PEs.
Pre-configuration Tasks
Before configuring basic BGP/MPLS IPv6 VPN, complete the following tasks:
l Enabling IPv6 on PEs and on the interfaces that need to be configured with IPv6
l Configuring IGP for the MPLS backbone network (PE, P) to implement IP connectivity
l Configuring the basic MPLS capabilities for the MPLS backbone network (PE, P)
l Configuring the tunnels between PEs (LSP or MPLS TE)
l Configuring the IPv6 addresses for the CE interface attached to PE
Data Preparation
To configure basic BGP/MPLS IPv6 VPN, you need the following data.
No. Data
1 including: To configure an IPv6 VPN instances, you need the following data:
l Name and RD of the IPv6 VPN instance
l (Optional) Description of the IPv6 VPN instances
l VPN Target
l (Optional) Routing policy that controls the receiving and sending of IPv6 VPN
routes
l (Optional) The maximum number of routes allowed by the IPv6 VPN instances
4 Routing protocol between the PE and the CE, such as static route, RIPng, IS-ISv6,
or BGP4+
5 AS number of the PE
Context
For the details, see 4.3 Configuring an IPv6 VPN Instances.
Context
Do as follows on the PE devices connected with CE devices.
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
The view of the interface that is to be bound with the IPv6 VPN instance is displayed.
Step 3 Run:
ipv6 enable
Step 4 Run:
ipv6 binding vpn6-instance vpn6-instance-name
NOTE
Running the ipv6 binding vpn6-instance command deletes the Layer 3 features such as IPv6 address and
IPv6 routing protocols. They need to be re-configured if required.
Step 5 Run:
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
----End
Context
Do as follows on the PE devices connected with CE devices.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp as-number
Step 3 Run:
peer ipv4-address as-number as-number
Step 4 Run:
peer ipv4-address connect-interface loopback interface-number
NOTE
The 32-bit mask IP addresses of the loopback interfaces must be used to establish the MP-IBGP peer
relationship between PEs. This can ensure the tunnel can be iterated. The route destined to the loopback
interface is advertised to the remote PE based on IGP on the MPLS backbone network.
Step 5 Run:
ipv6-family vpnv6
Step 6 Run:
peer ipv4-address enable
----End
Context
Choose one of the following configurations as required:
Procedure
l Configuring BGP4+ Between PE and CE
1. Run:
system-view
NOTE
The AS number configured in the BGP-VPNv6 instance view cannot be the same as the AS
number configured in the BGP view.
5. Run:
peer ipv6-address as-number as-number
NOTE
For the detailed configuration about the IPv6 static route, refer to the Quidway S7700 Smart Routing
Switch Configuration Guide - IP Routing.
1. Run:
system-view
The configured static route is imported to the routing table of BGP-VPNv6 instance.
The configurations on the CE is the same as the ordinary IPv6 static routes and are not
mentioned here.
l Configuring RIPng Between PE and CE
The configurations on the CE are similar to the configuration of common RIPng and are
not mentioned here.
NOTE
For the detailed configuration about RIPng, refer to the Quidway S7700 Smart Routing Switch
Configuration Guide IP Routing Volume.
A RIPng instance is created between PE and CE and the RIPng view is displayed.
A RIPng multi-instance process can only belong to one IPv6 VPN Instance. If a RIPng
process is not bound to the IPv6 VPN Instance when the process is enabled, the process
is classified as a public network process.
If only one RIPng process (including public network process and multi-instance
process) is run on a switch, you need not specify process-id, that is, the default process
ID 1 is adopted.
3. Run:
import-route bgp [ cost cost | route-policy route-policy-name ]*
NOTE
The command can not be used in the interface view if the IPv6 is not enabled. The command
is not supported on the ATM interface.
7. Run:
quit
The RIPng routes are imported into the routing table of BGP-VPNv6 instance.
After the running of the import-route ripng command in the BGP-VPNv6 instance
view, the PE imports the RIPng routes learnt from its CE into BGP, forms them into
VPN-IPv6 routes and advertise them to the remote PE.
NOTE
After a RIPng multi-instance process is deleted, RIPng is disabled on all the interfaces that run
this process.
After an IPv6 VPN instance is deleted, all the related RIPng processes are also deleted.
l Configuring OSPFv3 Between PE and CE
Configure OSPFv3 on the CE. For the detailed configuration about OSPFv3, refer to the
Quidway S7700 Smart Routing Switch Configuration Guide - IP Routing.
Configure an OSPFv3 multi-instance on the PE and configure BGP and OSPFv3 to import
routes from each other.
1. Run:
system-view
One OSPFv3 instance belongs to only one IPv6 VPN Instance. If an OSPFv3 process
is not bound to an IPv6 VPN Instance , the OSPFv3 process is a public process. In
addition, the public OSPFv3 instance cannot be bound to an IPv6 VPN Instance.
3. Run:
router-id router-id
A router ID is set.
BGP routes are imported into OSPFv3 so that the PE uses OSPFv3 to send these routes
to the CE.
5. Run:
quit
OSPFv3 are imported routes into the BGP-VPN6 instance routing table.
NOTE
After an IPv6 VPN instance has been deleted, all associated OSPFv3 processes will be deleted.
l Configuring IS-ISv6 Between PE and CE
NOTE
For the detailed configuration about IS-ISv6, refer to the Quidway S7700 Smart Routing Switch
Configuration Guide - IP Routing.
The IS-IS instance between the PE and the CE is created and the IS-IS view is
displayed.
An IS-IS multi-instance process can only belong to one IPv6 VPN Instance. If an IS-
IS process is not bound to an IPv6 VPN Instance when the process is enabled, the
process is classified as a public network process.
If only one IS-IS process (including public network process and multi-instance
process) is run on a switch, you need not specify process-id, that is, the default process
ID 1 is adopted.
NOTE
After an IS-IS multi-instance process is deleted, IS-IS is disabled on all the interfaces that run
this process.
After an IPv6 VPN instance is deleted, all the related IS-IS processes are also deleted.
3. Run:
network-entity net
8. Run:
interface interface-type interface-number
----End
Prerequisite
The configurations of the Basic BGP/MPLS IPv6 VPN function are complete.
Procedure
l Run the display ipv6 routing-table vpn6-instance vpn6-instance-name command to
check the routing table of the specified IPv6 VPN instance on PE.
l Run the display ipv6 routing-table command to check the routing table on CE.
----End
Example
Run the display ipv6 routing-table vpn6-instance vpn6-instance-name command. If the VPN
routes related to the CE are displayed, it means the configuration succeeds.
Run the display ipv6 routing-table command. If the routes to the remote CE are displayed on
the CE, it means the configuration succeeds.
Applicable Environment
If it is required that all the users must access to a central access control device, the Hub and
Spoke networking is adopted. In the Hub and spoke network, all the Spoke stations communicate
through the Hub station.
Pre-configuration Tasks
Before configuring basic Hub and Spoke, complete the following tasks:
Data Preparation
To configure Hub and Spoke, you need the following data.
No. Data
No. Data
4 Data for the configurations of routing protocols (static route, RIPng, IS-ISv6, or
BGP4+) between Hub-PE and Hub-CE, and between Spoke-PE and Spoke-CE
Context
Configure the IPv6 VPN Instanc on each Spoke-PE and Hub-PE.
Every Spoke-PE is configured with an IPv6 VPN Instances, while each Hub-PE is configured
with the following two IPv6 VPN instances (VPN-spoke and VPN-hub):
l Step 1 to 7 describes how to configure an IPv6 VPN Instances. Different IPv6 VPN instances on a
device are different in names, RDs, and description.
l It is recomended to perform either Step 6 or Step 7.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ipv6 vpn6-instance vpn6-instance-name
An IPv6 VPN instance is created and the IPv6 VPN instance view is displayed.
The name of the IPv6 VPN instance is case sensitive. For example, vpn1 and VPN1 are
considered as different IPv6 VPN instances.
Similar to the host name or interface description, the description can be used to record
information such as the relationship between an IPv6 VPN instance and an IPv6 VPN. You
should set the appropriate description for the IPv6 VPN instance.
Step 4 Run:
route-distinguisher route-distinguisher
An IPv6 VPN Instance takes effect only after the RD is configured. Before configuring the RD,
you may configure only the description for the IPv6 VPN Instance .
The label is allocated based on IPv6 VPN instance . That is, all the routes in An IPv6 VPN
Instance use the same label.
By default, the MPLS labels are allocated on one label per route.
The S7700 provides the feature of the MPLS label allocation based on the IPv6 VPN instance ,
that is, all the routes of the IPv6 VPN Instance share the same label.
You can define the maximum number of routes that can be supported by An IPv6 VPN
Instance to avoid a PE importing too many routes of the IPv6 VPN instance .
NOTE
If the routing-table limit command is run, the system gives a prompt when the number of routes injected
into the routing table of the VPN instance exceeds the upper limit. If the routing-table limit command to
increase the maximum number of routes supported in an IPv6 VPN instance or the undo routing-table
limit command is run to remove the limit on the routing table, for excess routes, the following operations
are required:
l For the excessive static routes, you need to reconfigure them manually.
l For the excessive routes learnt from CEs through the IGP multi-instance routing protocol, you need to
re-initiate the multi-instance process of the routing protocol on the PE.
For the remote cross routes learnt through the MP-IBGP and the BGP routes learnt from CEs, the system
automatically refreshes them.
You can define the maximum number of prefixes for the IPv6 VPN instance to avoid importing
too many prefixes.
The frequency of displaying logs when the number of routes exceeds the threshold is configured.
----End
Procedure
l Configuring Hub-PE
1. Run
system-view
The VPN target extended community for the IPv6 VPN instance is created. The VPN-
IPv6 routes advertised by all the Spoke-PEs are imported.
vpn-target1 lists the export community attribute of vpn-target advertised by all the
Spoke-PEs.
4. (Optional) Run
import route-policy policy-name
The VPN target extended community is configured to advertise the routes of all the
Hub stations and Spoke stations.
vpn-target2 is a list that contains all the import VPN targets of all the Spoke-PEs.
9. (Optional) Run
import route-policy policy-name
The VPN target extended community for the IPv6 VPN instance is created. The VPN-
IPv6 routes advertised by the Hub-PE are imported.
vpn-target2 is the export community attribute of vpn-target advertised by the Hub-
PE.
4. Run
vpn-target vpn-target1 &<1-8> export-extcommunity
The VPN target extended community for the IPv6 VPN instance is created. The IPv6
routes of stations the Spoke-PE accesses are advertised.
5. (Optional) Run
import route-policy policy-name
Context
The configuration on the Hub-PE involves two interfaces or sub-interfaces: one is bound with
the VPN-spoke and receives the routes advertised by the Spoke-PE; the other is bound with the
VPN-hub and advertises the routes of the Hub and all the Spokes.
Do as follows on the Hub-PE and all the Spoke-PEs.
Procedure
Step 1 Run:
system-view
The view of the interface that is to be bound with the IPv6 VPN instance is displayed.
Step 3 Run:
ipv6 enable
Step 4 Run:
ipv6 binding vpn6-instance vpn6-instance-name
NOTE
Running the ipv6 binding vpn6-instance command deletes the Layer 3 features such as IPv6 address and
IPv6 routing protocols. They need to be re-configured if required.
Step 5 Run:
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
----End
Context
The Hub-PE must set up the MP-IBGP peer with all the Spoke-PEs. Spoke-PEs need not set up
the MP-IBGP peer between each other.
Procedure
Step 1 Run
system-view
Step 2 Run
bgp as-number
Step 3 Run
peer ipv4-address as-number as-number
Step 4 Run
peer ipv4-address connect-interface loopback interface-number
NOTE
The 32-bit mask IP addresses of the loopback interfaces must be used to establish the MP-IBGP peer
relationship between PEs. This can ensure the tunnel can be iterated. The route destined to the loopback
interface is advertised to the remote PE based on IGP on the MPLS backbone network.
Step 5 Run
ipv6-family vpnv6
Step 6 Run
peer ipv4-address enable
----End
Context
The Hub-PE and the Hub-CE can exchange routes in the following ways.
Procedure
l Configuring EBGP between the Hub-PE and the Hub-CE
In this way, BGP4+, RIPng multi-instance, IS-ISv6 multi-instance or static routes can be
adopted between the Spoke-PE and the Spoke-CE.
To set up the EBGP peer between the Hub-PE and the Hub-CE, do as follows on the Hub-
PE:
1. Run:
system-view
Allow the routing loop. Here the value of number is set as 1, which means the route
with the AS repeated once can be sent.
l Configuring IGP between the Hub-PE and the Hub-CE
In this way, instead of BGP4+, RIPng multi-instance, IS-ISv6 multi-instance or static routes
are adopted between the Spoke-PE and the Spoke-CE.
If the Hub-CE uses the default route to access the Hub-PE, to advertise the default route to
all the Spoke-PEs, do as follows on the Hub-PE:
1. Run:
system-view
----End
Follow-up Procedure
Choose one of the preceding methods as required. For detailed configurations, see 4.4.5
Configuring Route Exchange Between PE and CE.
Prerequisite
The configurations of the Hub and Spoke function are complete.
Procedure
l Run the display ipv6 routing-table vpn6-instance vpn6-instance-name command to
check routing information about the VPN-spoke on the Hub-PE.
l Run the display ipv6 routing-table vpn6-instance vpn6-instance-name command to
check routing information about the VPN-hub on the Hub-PE.
l Run the display ipv6 routing-table command to check routing information on the Hub-
CE and all the Spoke-CEs.
----End
Example
Run the preceding commands. If the routing table of the VPN-spoke has routes to all the Spoke
stations, and the routing table of the VPN-hub has routes to the Hub and all the Spoke stations,
it means the configuration succeeds.
Additionally, Hub-CE and all the Spoke-CEs have routes to the Hub and all the Spoke stations.
Applicable Environment
By default, an LSP is selected as the tunnel for a VPN, and no load balancing is carried out. To
perform load balancing or select tunnels of other types, you need to configure a tunnel policy in
select-sequence mode and then apply it.
In inter-AS VPN-Option B, inter-AS VPN-Option C and carrier's carrier, only LSPs are selected
as public network tunnels.
A tunnel policy in select-sequence mode includes the tunnel selection sequence and the number
of tunnels for load balancing.
Currently, optional tunnel types for BGP/MPLS IPv6 VPN are GRE, LSP configured statically
or dynamically, and CR-LSP (MPLS TE).
Pre-configuration Tasks
Before configuring a tunnel policy, configure the following tasks:
l Enabling IPv6 on the PEs and on the interfaces that need to be configured with IPv6
l Creating the IPv6 VPN instances on PE
l Setting up a tunnel between two PEs (LSP, MPLS TE or GRE)
For configuration of LSPs and MPLS TE tunnels, refer to the Quidway S7700 Smart
Routing Switch Configuration Guide - MPLS.
Data Preparation
To configure the tunnel policy, you need the following data.
No. Data
4 Name of the IPv6 VPN instance to which the tunnel policy is applied
Context
Do as follows on PE devices configured with IPv6 VPN instance:
Procedure
Step 1 Run
system-view
The precedence of the tunnels and the number of tunnels carrying out load balancing are
configured.
In IPv6 VPN, if no tunnel policy is configured, LSPs are selected as VPN tunnels and no load
balancing is performed.
In a tunnel policy, tunnels are selected in sequential order. If the preceding tunnel is Up, it will
be selected irrespective of whether or not other services have selected it. The subsequent tunnel
is not selected except in the case of load balancing or when the preceding tunnels are in the
Down state.
For example, if the tunnel select-seq lsp gre load-balance-number 1 command is configured,
a VPN selects GRE tunnels if no LSP exists. After an LSP is set up, the VPN selects the LSP
and does not use GRE tunnels anymore.
In IPv6 VPN networking, no GRE tunnel can be configured between PEs,and does not support
load balancing by tunnels, that is, the number of tunnels for load balancing is 1.
----End
Context
Do as follows on PE devices configured with IPv6 VPN instance .
Procedure
Step 1 Run
system-view
Step 2 Run
ipv6 vpn6-instance vpn6-instance-name
Step 3 Run
tnl-policy policy-name
For IPv6 VPN, the tunnel policy is applied to the IPv6 VPN instance.
----End
Prerequisite
The configurations of the tunnel Policy applied to BGP/MPLS IPv6 VPN function are complete.
Procedure
l Run the display tunnel-policy tunnel-policy-name command to check configuration of the
tunnel policy.
Example
Run the display tunnel-policy tunnel-policy-name command. If the configuration of the tunnel
policy is displayed, it means the configuration succeeds. For example:
<Quidway> display tunnel-policy policy1
Tunnel Policy Name Select-Seq Load balance No
------------------------------------------------------
policy1 LSP 1
Run the display ipv6 vpn6-instance verbose command. If the tunnel policy name of the IPv6
VPN instance is displayed, it means the configuration succeeds. In the following example, you
can view the tunnel policy of the VPN named vpna is policy1.
<Quidway> display ipv6 vpn6-instance verbose
Total VPN6-Instances configured : 1
Applicable Environment
If the MPLS backbone network bearing the VPN-IPv6 routes cross multiple ASs, you must
configure the inter-AS VPNs.
If the number of VPNs that access PEs and the number of IPv6 VPN routes are small, inter-AS
VPN Option-A is recommended.
In VPN-Option A, the Autonomous System Boundary Routers (ASBRs) must support the IPv6
VPN instance and can manage IPv6 routes. In addition, the ASBRs must reserve special
interfaces including sub-interfaces and physical interfaces for each inter-AS IPv6 VPN. Option
A, therefore, requires high performance of the ASBRs. No inter-AS configuration is needed on
the ASBRs.
Pre-configuration Tasks
Before configuring the IPv6 VPN-Option A, complete the following tasks:
l Configuring IGP for MPLS backbone networks in each AS to realize IP connectivity of the
backbones in one AS
l Enabling MPLS on the PEs and the ASBRs
l Setting up the tunnel (LSP or MPLS TE) between the PE and the ASBR in the same AS
l Enabling IPv6 on PEs, CEs and on the interfaces that need to be configured with IPv6
l Configuring the IPv6 address of the CE interface through which the CE accesses the PE
Data Preparation
To configure inter-AS IPv6 VPN-Option A, you need the following data.
No. Data
1 To configure the IPv6 VPN instance on the PE and the ASBR, you need the following
data:
l Name of the IPv6 VPN instance
l (Optional) Description of the IPv6 VPN instance
l RD, VPN Target
l (Optional) Routing policy that controls the receiving and sending of IPv6 VPN
routes
l (Optional) Tunnel policy
l (Optional) The maximum number of routes allowed by the IPv6 VPN instance
3 AS number of the PE
5 Routing protocol adopted between the PE and the CE: static route, RIPng, IS-ISv6,
or BGP4+
6 IPv4 addresses and interfaces between the PE and ASBR to establish the MP-IBGP
peers
Context
Inter-AS IPv6 VPN-Option A is easy to deploy. When the amount of the IPv6 VPNs and the
VPN-IPv6 routes on the PE is small, the Option A can be adopted.
The configurations of the inter-AS VPN-Option A are as follows:
Procedure
Step 1 4.4 Configuring Basic BGP/MPLS IPv6 VPN on each AS.
Step 3 Configuring an IPv6 VPN instance for the PE and the ASBR separately. For more detail, refer
to 4.3 Configuring an IPv6 VPN Instances.
The VPN instance for PE is used to access CE; that for ASBR is used to access its peer ASBR.
NOTE
In inter-AS VPN-Option A mode, for the same IPv6 VPN, the VPN targets of the IPv6 VPN instance on
ASBR and the PE must be matched in an AS. This is not required for the PEs in different ASs.
----End
Prerequisite
The configurations of the Inter-AS IPv6 VPN-Option A function are complete.
Procedure
l Run the display bgp vpnv6 all peer command to check information about the BGP peers
on the PE or the ASBR.
l Run the display bgp vpnv6 all routing-table command to check the VPN-IPv6 routes on
the PE or the ASBR.
l Run the display ipv6 routing-table vpn6-instance vpn6-instance-namecommand to check
the VPN routing table on the PE or the ASBR.
----End
Example
Run the display bgp vpnv6 all peer command. If the BGP IPv6 VPN peer relationship between
the ASBR and the PE in the same AS is "Established", it means the configuration succeeds.
Run the display bgp vpnv6 all routing-table command. If the VPN-IPv6 routes of the ASBR
are displayed, it means the configuration succeeds.
Running the display ipv6 routing-table vpn6-instance vpn6-instance-name command, you can
view the relevant IPv6 VPN routes in the VPN routing table of the PE and the ASBR.
Applicable Environment
If the MPLS backbone network bearing VPN-IPv6 routes crosses multiple ASs, the inter-AS
VPN is needed. If the ASBR can manage VPN-IPv6 routes, however, there are no enough
interfaces for each inter-AS IPv6 VPN, the inter-AS VPN-Option B is adopted. In this option,
the ASBR is involved in maintaining and advertising VPN-IPv6 routes.
Pre-configuration Tasks
Before configuring inter-AS IPv6 VPN-Option B, complete the following tasks:
l Configuring IGP for MPLS backbone networks in each AS to realize IP connectivity of the
backbones in one AS
l Configuring basic MPLS capability for the MPLS backbone network
l Configuring MPLS LDP to establish LDP LSP for the MPLS backbone network
l 4.3.2 Creating an IPv6 VPN Instance on the PE devices connected with the CE devices
and 4.4.3 Binding an Interface to an IPv6 VPN Instance
l Configuring the IPv6 addresses of the CE interfaces through which the CE accesses the PE
Data Preparation
To configure inter-AS IPv6 VPN-Option B, you need the following data.
No. Data
1 To configure the IPv6 VPN instance on the PE, you need the following data:
l Name of the IPv6 VPN instance
l (Optional) Description of the IPv6 VPN instance
l RD, VPN Target
l (Optional) Routing policy that controls the receiving and sending of IPv6 VPN
routes
l (Optional) he maximum number of routes allowed by the IPv6 VPN instance
3 AS number of the PE
5 Routing protocol adopted between the PE and the CE: static route, RIPng, IS-ISv6
or BGP4+
6 IPv4 addresses and interfaces setting up the MP-IBGP peer between the PE and the
ASBR
Context
Do as follows on the PE and the ASBR in the same AS:
Procedure
Step 1 Run
system-view
The address of the loopback interface is specified as the source address of the BGP session.
Step 5 Run
ipv6-family vpnv6
The exchange of VPN-IPv6 routes with the peer PE or the ASBR is enabled.
----End
Context
Do as follows on the ASBR:
Procedure
Step 1 Run
system-view
The view of the interface connected with the ASBR interface is displayed.
Step 3 Run
ip address ip-address { mask | mask-length }
----End
Context
There are several methods for controlling the receiving and sending of VPN routes on the ASBR.
Without VPN Target Filtering is one for controlling the receiving and sending of VPN routes.
Do as follows on the ASBR.
Procedure
Step 1 Run
system-view
Step 2 Run
bgp as-number
Step 3 Run
ipv6-family vpnv6
Step 4 Run
undo policy vpn-target
By default, the PE performs VPN target filtering on the received VPN-IPv6 routes. The routes
passing the filter is added to the routing table, and the others are discarded. If the PE is not
configured with IPv6 VPN instance, or the IPv6 VPN instance is not configured with the VPN-
Target, the PE discards all the received VPN-IPv6 routes.
In the inter-AS VPN-Option B mode, if the ASBR does not store information about the IPv6
VPN instance, the ASBR must save all the VPN-IPv6 routing information and advertise it to the
peer ASBR. In this case, the ASBR should receive all the VPN-IPv6 routing information without
the VPN-Target filtering.
----End
Context
Do as follows on the ASBR.
NOTE
Procedure
Step 1 Run
system-view
Step 2 Run
ipv6 vpn6-instance vpn6-instance-name
An IPv6 VPN instance is created and the IPv6 VPN instance view is displayed.
If the VPN receives and sends the VPN-IPv6 routing information through the ASBR, configure
the corresponding instance on the ASBR. Otherwise, the instance is not needed.
Step 3 Run
route-distinguisher route-distinguisher
Step 4 Run
vpn-target vpn-target &<1-8> import-extcommunity
The VPN target extended community for the IPv6 VPN instance is created.
For the same VPN in the inter-AS VPN-Option B mode, the VPN targets of the ASBR and the
PE in an AS should match with each other.
The VPN targets of the PE in different Ass must match with each other likewise.
The maximum number of routes is configured for the IPv6 VPN instance.
The frequency of displaying logs when the number of routes exceeds the threshold is configured.
----End
Context
In a VPN Option B scenario, after next-hop-based label allocation is enabled on the ASBR, the
ASBR allocates only one label for the IPv6 VPN routes with the same next hop and outgoing
label. Compared with allocating a label for each IPv6 VPN route, next-hop-based label allocation
greatly saves the label resources.
Procedure
Step 1 Run:
system-view
CAUTION
After next-hop-based label allocation is enabled or disabled, the label allocated by the ASBR
for a route changes, which leads to packet loss.
----End
Context
Choose one of the preceding methods as required.
l Configuring BGP4+ Between PE and CE.
l Configuring Static Routes Between PE and CE.
l Configuring RIPng Between PE and CE.
l Configuring OSPFv3 Between PE and CE.
l Configuring IS-ISv6 Between PE and CE.
For detailed configurations, see 4.4.5 Configuring Route Exchange Between PE and CE.
Prerequisite
The configurations of the Inter-AS IPv6 VPN-Option B function are complete.
Procedure
l Run the display bgp vpnv6 all routing-table command to check the VPN-IPv6 routing
table on the PE or the ASBR.
l Run the display bgp vpnv6 all peer command to check information about all the BGP
peers on the PE or the ASBR.
l Run the display ipv6 routing-table vpn6-instance [ vpn6-instance-name ] command to
check the VPN routing table on the PE.
l Run the display mpls lsp command to check information about the LSP and label on the
ASBR.
----End
Example
Run the display bgp vpnv6 all routing-table command on the ASBR. If the IPv6 routes of the
VPN are displayed, it means the configuration succeeds.
Run the display bgp vpnv6 all peer command on the PE or the ASBR. You can find that the
status of the IBGP peer relationship between PEs and ASBRs in the same AS is Established,
and the status of the EBGP peer relationship between two directly connected ASBRs in different
ASs is Established.
Run the display ipv6 routing-table vpn6-instance [ vpn6-instance-name ] command on the
PE. If the relevant IPv6 VPN routes are displayed, it means the configuration succeeds.
Run the display mpls lsp command on the ASBR. If information about the LSP and label is
displayed, it means that the configuration succeeds. If the ASBR is enabled with the next-hop-
based label allocation, only one label is allocated for the IPv6 VPN routes with the same next
hop and outgoing label.
Applicable Environment
The BGP speaker does not advertise the routes learned from IBGP devices to its IBGP peers.
To make a PE advertise the routes of the VPN that the PE accesses to the BGP VPNv6 peers in
the same AS, the PE must establish IBGP connections with all peers to directly exchange VPN
routing information. That is, MP IBGP peers must establish full connections between each other.
Suppose there are n PEs (including ASBRs) in an AS, n (n-1)/2 MP IBGP connections need to
be established. A large number of IBGP peers consume a great amount of network resources.
The Route Reflector (RR) can solve this problem. In an AS, one switch severs as the RR to
reflect IPv6 VPN routes and the other PEs and ASBRs serve as the clients, which are called
Client PEs. An RR can be a P, PE, ASBR, or other devices. To relieve the burden of an RR, you
can configure the RR to maintain routing information instead of forwarding user data.
The introduction of the RR reduces the number of MP IBGP connections. This lightens the
burden of PEs and facilitates network maintenance and management.
Pre-configuration Tasks
Before configuring the route reflection for BGP VPNv6 routes, complete the following tasks:
l Enable IPv6 globally on the PE, and enable IPv6 on the interfaces that need be configured
with IPv6.
l Configuring the routing protocol for the MPLS backbone network to implement IP
connectivity between switchs in the backbone network
l Establishing tunnels (LSPs or MPLS TE tunnels) between the RR and all PEs serving as
the clients
Data Preparation
To configure route reflection for BGP VPNv6 routes, you need the following data.
No. Data
2 Type and number of the interfaces used to set up the TCP connection
Context
Do as follows on all Client PEs.
Procedure
Step 1 Run:
system-view
Step 4 Run:
peer ipv4-address connect-interface interface-type interface-number
The IP address of the interface must be the same as the MPLS LSR ID. It is recommended to
specify a loopback interface to establish the TCP connection.
Step 5 Run:
ipv6-family vpnv6
Step 6 Run:
peer ipv4-address enable
The capability of exchanging IPv6 VPN routes between the Client PE and the RR is enabled.
----End
Context
Choose one of the following schemes to configure the RR to establish MP IBGP connections
with the client PEs.
Procedure
l Configuring the RR to Establish MP IBGP Connections with the Peer Group
Add all the client PEs to the peer group and establish MP IBGP connection between the
RR and the peer group.
1. Run:
system-view
The capability of exchanging IPv6 VPN routes between the RR and the peer group is
enabled.
7. Run:
peer ip-address group group-name
The capability of exchanging IPv6 VPN routes between the RR and the client PE is
enabled.
----End
Context
Do as follows on the RR.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp as-number
Step 3 Run:
ipv6-family vpnv6
Step 4 Enable the route reflection for BGP IPv6 VPN routes on the RR.
l Run the peer { group-name | ipv4-address } reflect-client command to enable the route
reflection if the RR establishes the MP IBGP connection with the peer group consisting of
all Client PEs.
l Run the peer ipv4-address reflect-client command repeatedly to enable the route reflection
if the RR establishes the MP IBGP connection with each PE rather than peer group.
Step 5 Run:
undo policy vpn-target
The filtering of IPv6 VPN routes based on the VPN target is disabled.
----End
Prerequisite
The configurations of the route reflection for BGP VPNv6 function are complete.
Procedure
l Run the display bgp vpnv6 all peer [ [ ipv4-address ] verbose ] command to check
information about the BGP VPNv6 peer on the RR or the Client PEs.
l Run the display bgp vpnv6 all routing-table peer ipv4-address { advertised-routes |
received-routes } command to check information about the IPv6 VPN routes received
from the peer or the IPv6 VPN routes advertised to the peer on the RR or the Client PEs.
l Run the display bgp vpnv6 all group [ group-name ] command to check information about
the IPv6 VPN peer group on the RR.
----End
Example
If the configurations succeed,
l You can find that the status of the MP IBGP connections between the RR and all Client
PEs is "Established" after running the display bgp vpnv6 all peer command on the RR or
Client PEs.
l You can find that the RR and each Client PE can receive and send IPv6 VPN routing
information between each other after running the display bgp vpnv6 all routing-table
peer ipv4-address { advertised-routes | received-routes } command on the RR or the
Client PEs.
l If the peer group is configured, you can view information about the group members and
find that the status of the BGP connections between the RR and the group members is
"Established" after running the display bgp vpnv6 all group command on the RR.
Prerequisite
In routine maintenance, you can run the following commands in any view to check the status of
BGP/MPLS IPv6 VPN.
Procedure
l Run the display ipv6 routing-table vpn6-instance vpn6-instance-name command to
check the IP routing table of the IPv6 VPN instance.
l Run the display ipv6 vpn6-instance [ verbose | brief ] [ vpn6-instance-name ] command
to check the IPv6 VPN instance information.
l Run the display bgp vpnv6 { all | route-distinguisher route-distinguisher | vpn6-
instance vpn6-instance-name } routing-table ipv6-address [ prefix-length ] command to
check information of the BGP IPv6 VPN routing table.
l Run the display bgp vpnv6 { all | route-distinguisher route-distinguisher | vpn6-
instance vpn6-instance-name } routing-table statistics [ match-options ] command to
check the statistics about the BGP VPN-IPv6 routing table.
l Run the display bgp vpnv6 { all | route-distinguisher route-distinguisher | vpn6-
instance vpn6-instance-name } routing-table [ match-options ] command to check
information of the BGP VPN-IPv6 routing table.
l Run the display bgp vpnv6 { all | vpn6-instance vpn6-instance-name } group [ group-
name ] command to check BGP IPv6 VPN peer group information.
l Run the display bgp vpnv6 all peer [ [ ipv4-address ] verbose ] or display bgp vpnv6
vpn6-instance vpn6-instance-name peer [ [ ipv6-address ] verbose ] command to check
BGP IPv6 VPN peer information.
l Run the display bgp vpnv6 { all | vpn6-instance vpn6-instance-name } network command
to check VPN-IPv6 routing information advertised.
l Run the display bgp vpnv6 { all | vpn6-instance vpn6-instance-name } paths [ as-regular-
expression ] command to check AS path information of BGP VPN-IPv6.
l Run the display bgp vpn6-instance vpn6-instance-name vpn6-instance-name peer
{ group-name | ipv6-address } log-info command to check BGP peer's log information of
specified IPv6 VPN instance.
----End
Procedure
l Run the ping ipv6 host command to check whether the IPv6 network is correctly set up to
send IPv6 packets from the transmitting end to the destination address.
l Run the tracert ipv6 ipv6-host command to check the gateways through which the IPv6
packets are sent from the transmitting end to the destination address.
l Run the ping [ ip ] [ -a source-ip-address | -c count | -d | -f | -h ttl-value | -i interface-
type interface-number | -m time | -n | -p pattern | -q | -r | -s packetsize |-t timeout | -tos tos-
value | -v | -vpn-instance vpn-instance-name ] * host command to check whether the IPv4
backbone network is correctly set up to send IPv4 packets from the transmitting end to the
destination address.
l Run the tracert [ -a source-ip-address | -f first-ttl | -m max-ttl | -p port | -q nqueries | -vpn-
instance vpn-instance-name | -w timeout ] * host command to check the gateways through
which the IPv4 packets are sent from the transmitting end of the IPv4 backbone network
to the destination address of the IPv4 backbone network.
----End
Example
After the VPN configuration, using the ping command with ipv6 vpn6-instance vpn6-instance-
name on PE device, you can check whether the PE and the CE that belongs to the same VPN
can communicate with each other. If the ping fails, you can use the tracert command with vpn6-
instance vpn6-instance-name to locate the fault.
If multiple interfaces bound with the same VPN exist on the PE, specify the source IP address,
that is, -a source-ipv6-address when you ping the remote CE that accesses the peer PE. If you
do not specify a source IP address, the PE selects the smallest IPv6 address of the interface bound
to the IPv6 VPN on the PE as the source address of the ICMPv6 packet. If the CE does not have
the route to the selected IPv6 address, the ICMPv6 packet sent back from the peer PE is discarded.
Procedure
l Run the display ipv6 routing-table all-vpn6-instance statistics to view the integrated
route statistics of all IPv6 VPN Instances.
----End
Procedure
l Run the reset bgp vpn6-instance vpn6-instance-name [ ipv6-address ] flap-info command
in the user view to clear statistics of the BGP peer flap for a specified IPv6 VPN
instance.
l Run the reset bgp vpn6-instance vpn6-instance-name dampening [ ipv6-address prefix-
length ] command in the user view to clear dampening information of IPv6 VPN
instance.
----End
Context
CAUTION
IPv6 VPN services are interrupted after the BGP connection is reset. So, confirm the action
before you use the command.
When the BGP configuration changes, you can use the soft reset or reset BGP connections to
let the new configurations take effect. Soft reset requires the BGP peers have route refreshment
capability (supporting Route-Refresh messages).
Procedure
l Run the refresh bgp vpn6-instance vpn6-instance-name { all | ipv6-address | group
group-name | internal | external } import command in the user view to trigger the inbound
soft reset of IPv6 VPN instance's BGP connection.
----End
Context
CAUTION
Enabling the debugging affects the system performance. After debugging, run the undo
debugging all command to disable it at once.
Run the following debugging commands in user view to debug BGP/MPLS IPv6 VPN and to
locate the fault.
For more information, see the chapter "Information Center Configuration" in the Quidway
S7700 Smart Routing Switch Configuration Guide - System Management. For the description
about the debugging commands, refer to the Quidway S7700 Smart Routing Switch Debugging
Reference.
Procedure
l Run the debugging bgp vpn6-instance vpn6-instance-name ipv6-address { all | event |
timer } command in the user view to enable the debugging of the specified BGP peers in
an IPv6 VPN instance.
l Run the debugging bgp vpn6-instance vpn6-instance-name ipv6-address { keepalive |
open | packet | raw-packet | route-refresh } [ receive | send ] [ verbose ] command in
the user view to enable the packet debugging of the specified BGP peers in an IPv6 VPN
instance.
l Run the debugging bgp update vpn6-instance vpn6-instance-name [ peer ipv6-address
| ipv6-prefix ipv6-prefix-name | acl acl-number ] [ receive | send ] [ verbose ] command
in the user view to enable the BGP Update packets debugging of IPv6 VPN instances.
l Run the debugging bgp update vpnv6 [ peer ipv4-address | ipv6-prefix ipv6-prefix-
name | acl acl-number ] [ receive | send ] [ verbose ] command in the user view to enable
the BGP Update packets debugging of VPN-IPv6 routes.
l Run the debugging bgp update label-route [ peer peer-ipv4-address ] [ acl acl-number
| ipv6-prefix ipv6-prefix-name ] [ receive | send ] [ verbose ] command in the user view
to enable the BGP Update packets debugging of labeled routes.
----End
Figure 4-2 Networking diagram for configure basic BGP/MPLS IPv6 VPN
vpna
AS: 65410 AS: 100
vpnb
CE1 CE4
GE2/0/0 GE2/0/0
GE1/0/0 VLANIF 1001 VLANIF1011 GE1/0/0
VLANIF 100 VLANIF 101
Loopback1
GE1/0/0 2.2.2.9/32 GE1/0/0
VLANIF 100 VLANIF 101
PE1 GE1/0/0 GE2/0/0 PE2
Loopback1 VLANIF 10 VLANIF 20 Loopback1
1.1.1.9/32 GE3/0/0 GE3/0/0 3.3.3.9/32
GE2/0/0 VLANIF 10 P VLANIF 20 GE2/0/0
VLANIF 101 MPLS backbone VLANIF 100
AS: 100
GE1/0/0 GE1/0/0
VLANIF 101 VLANIF 100
GE2/0/0 GE2/0/0
CE2 CE3
VLANIF 1011 VLANIF 1001
vpna
AS: 100
vpnb AS: 65420
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an IGP protocol on the IPv4 public network to implement interconnection on
the backbone network.
2. Configure MPLS and MPLS LDP on each PE and P. That is, the VPN uses the LDP LSP
on the IPv4 public network.
3. Configure MP-IBGP on PE1 and PE2. That is, the PEs exchange IPv6 VPN routes through
BGP.
4. Configure the IPv6 routing protocol on each PE and CE so that the PEs and CEs can learn
the IPv6 routes of each other.
Data Preparation
To complete the configuration, you need the following data:
l ASNs used by the PEs and CEs to establish BGP peers
l RD, export VPN target, and import VPN target of each VPNv6 instance
Procedure
Step 1 Configure the IPv6 packet forwarding capability of each CE and PE.
# Enable the IPv6 forwarding capability on CE1.
<CE1> system-view
[CE1] ipv6
The configurations on CE2, CE3, CE4, PE1, and PE2 are similar to the configuration on CE1
and are not mentioned here.
Step 2 Configure the VLAN ID allowed by each interface and set the IP addresses of the VLANIF
interfaces except for the interfaces that connect PEs to CEs. For the data planning, see Figure
4-2.
1. configure the VLAN IDs allowed on the interfaces.
# Configure the VLAN ID allowed by the interface of CE1.
[CE1] vlan batch 100 1001
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] port link-type hybrid
[CE1-GigabitEthernet1/0/0] port hybrid pvid vlan 100
[CE1-GigabitEthernet1/0/0] port hybrid untagged vlan 100
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface gigabitethernet 2/0/0
[CE1-GigabitEthernet2/0/0] port link-type hybrid
[CE1-GigabitEthernet2/0/0] port hybrid pvid vlan 1001
[CE1-GigabitEthernet2/0/0] port hybrid untagged vlan 1001
[CE1-GigabitEthernet2/0/0] quit
The configurations on CE2, CE3, CE4, PE1, and PE2 are similar to the configuration on
CE1 and are not mentioned here.
The configurations on CE2, CE3, and CE4 are similar to the configuration on CE1 and are
not mentioned here.
The configurations on P and PE2 are similar to the configuration on PE1 and are not
mentioned here.
Step 3 Configure an IGP protocol on the backbone network to ensure the connectivity of the backbone
network. The IS-IS protocol is used in this example.
# Configure an IPv4 IGP protocol on PE1. The IS-IS protocol is used in this example.
[PE1] isis 1
[PE1-isis-1] network-entity 10.1111.1111.1111.00
[PE1-isis-1] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] isis enable 1
[PE1-Vlanif10] quit
[PE1] interface loopback 1
[PE1-LoopBack1] isis enable 1
[PE1-LoopBack1] quit
The configurations on P and PE2 are similar to the configuration on PE1 and are not mentioned
here.
After the configuration, PE1, P, and PE2 can learn the routes of each other, including the routes
on the loopback interface. You can view the routes by using the display ip routing-table
command. Take the display on PE1 as an example.
[PE1] display mpls ldp lsp
LDP LSP Information
-------------------------------------------------------------------------------
DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterface
-------------------------------------------------------------------------------
1.1.1.9/32 3/NULL 2.2.2.9 127.0.0.1 InLoop0
*1.1.1.9/32 Liberal
2.2.2.9/32 NULL/3 - 192.168.1.2 Vlanif10
2.2.2.9/32 1024/3 2.2.2.9 192.168.1.2 Vlanif10
3.3.3.9/32 NULL/1025 - 192.168.1.2 Vlanif10
3.3.3.9/32 1025/1025 2.2.2.9 192.168.1.2 Vlanif10
-------------------------------------------------------------------------------
TOTAL: 5 Normal LSP(s) Found.
TOTAL: 1 Liberal LSP(s) Found.
TOTAL: 0 Frr LSP(s) Found.
A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale
A '*' before a UpstreamPeer means the session is in GR state
A '*' before a NextHop means the LSP is FRR LSP
After the preceding configurations are complete, an LDP LSP can be established between PE1
and PE2. Run the display mpls ldp lsp command, and you can see the establishment status of
the LDP LSP. Take the display on PE1 as an example.
[PE1] display mpls ldp lsp
LDP LSP Information
-------------------------------------------------------------------------------
DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterface
-------------------------------------------------------------------------------
1.1.1.9/32 3/NULL 2.2.2.9 127.0.0.1 InLoop0
*1.1.1.9/32 Liberal
2.2.2.9/32 NULL/3 - 192.168.1.2 Vlanif10
2.2.2.9/32 1024/3 2.2.2.9 192.168.1.2 Vlanif10
3.3.3.9/32 NULL/1025 - 192.168.1.2 Vlanif10
3.3.3.9/32 1025/1025 2.2.2.9 192.168.1.2 Vlanif10
-------------------------------------------------------------------------------
TOTAL: 5 Normal LSP(s) Found.
TOTAL: 1 Liberal LSP(s) Found.
TOTAL: 0 Frr LSP(s) Found.
A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale
A '*' before a UpstreamPeer means the session is in GR state
A '*' before a NextHop means the LSP is FRR LSP
# Bind the interface directly connected PE1 to CE1 to the VPNv6 instance vpna.
[PE1] interface vlanif 100
[PE1-Vlanif100] ipv6 enable
[PE1-Vlanif100] ipv6 binding vpn6-instance vpna
[PE1-Vlanif100] ipv6 address 2001::2 64
[PE1-Vlanif100] quit
# Bind the interface directly connected PE1 to CE2 to the VPNv6 instance vpnb.
[PE1] interface vlanif 101
[PE1-Vlanif101] ipv6 enable
[PE1-Vlanif101] ipv6 binding vpn6-instance vpnb
[PE1-Vlanif101] ipv6 address 2003::2 64
[PE1-Vlanif101] quit
# Bind the interface directly connected PE2 to CE3 to the VPNv6 instance vpna.
[PE2] interface vlanif 100
[PE2-Vlanif100] ipv6 enable
[PE2-Vlanif100] ipv6 binding vpn6-instance vpna
[PE2-Vlanif100] ipv6 address 2004::2 64
[PE2-Vlanif100] quit
# Bind the interface directly connected PE2 to CE4 to the VPNv6 instance vpnb.
[PE2] interface vlanif 101
[PE2-Vlanif101] ipv6 enable
[PE2-Vlanif101] ipv6 binding vpn6-instance vpnb
[PE2-Vlanif101] ipv6 address 2005::2 64
[PE2-Vlanif101] quit
After the preceding configurations are complete, run the display ipv6 vpn6-instance verbose
command on each PE to view information about the VPNv6 instance. Each PE can ping the
connected CE. Take the display on PE1 as an example.
Step 6 Establish the VPNv6 peer relation between PE1 and PE2.
# Configure BGP on PE1.
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.9 as-number 100
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
[PE1-bgp] ipv6-family vpnv6
[PE1-bgp-af-vpnv6] peer 3.3.3.9 enable
[PE1-bgp-af-vpnv6] quit
After the preceding configurations are complete, run the display bgp vpnv6 all peer command
on a PE to view the status of VPNv6 peer relation. Take the display on PE1 as an example.
[PE1] display bgp vpnv6 all peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
You can see that a VPNv6 peer relation is established between PE1 and PE2.
After the preceding configurations are complete, run the display bgp vpnv6 vpn6-instance
vpnv6-instance-name peer command on PE1 to view the status of the peer relation.
[PE1] display bgp vpnv6 vpn6-instance vpna peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
2001::1 4 65410 10 9 0 00:06:10 Established 1
You can also run the display bgp ipv6 peer command on CE1 to view the status of the peer
relation.
[CE1] display bgp ipv6 peer
BGP local router ID : 10.10.10.10
Local AS number : 65410
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
2001::2 4 100 2 3 0 00:00:32 Established 0
You can see that the EBGP connection is established between PE1 and CE1.
# Configure an IPv6 static route for the VPNv6 instance vpnb on PE1.
[PE1] ipv6 route-static vpn6-instance vpnb 1998:: 64 2003::1
# Import the static route and directly connected route to BGP on PE1.
[PE1] bgp 100
[PE1-bgp] ipv6-family vpn6-instance vpnb
[PE1-bgp6-vpnb] import-route static
[PE1-bgp6-vpnb] import-route direct
[PE1-bgp6-vpnb] quit
[PE1-bgp] quit
The address 1999::1/64 also exists on CE4. Therefore, when you run the display ipv6
statistics command on CE3 and CE4 to check the change of the number of sent and received
ICMPv6 packets, you can find that the packets are sent to the correct interface. The sites that
are not allowed to communicate with each other are separated.
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
ipv6
#
vlan batch 10 100 101
#
ipv6 vpn6-instance vpna
route-distinguisher 100:1
vpn-target 22:22 export-extcommunity
vpn-target 33:33 import-extcommunity
#
ipv6 vpn6-instance vpnb
route-distinguisher 200:1
vpn-target 44:44 export-extcommunity
vpn-target 55:55 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
isis 1
network-entity 10.1111.1111.1111.00
#
interface Vlanif 100
ipv6 enable
ipv6 binding vpn6-instance vpna
ipv6 address 2001::2/64
#
interface Vlanif101
ipv6 enable
interface GigabitEthernet1/0/0
port hybrid pvid vlan 101
port hybrid untagged vlan 101
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet3/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
isis enable 1
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv6-family vpnv6
policy vpn-target
peer 1.1.1.9 enable
#
ipv6-family vpn6-instance vpna
import-route isis 10
#
ipv6-family vpn6-instance vpnb
import-route ripng 100
#
ripng 100 vpn6-instance vpnb
import-route bgp
#
return
l Configuration file of CE1
#
sysname CE1
#
ipv6
#
vlan batch 100 1001
#
interface Vlanif 100
ipv6 enable
ipv6 address 2001::1/64
#
interface Vlanif 1001
ipv6 enable
ipv6 address 1998::1/64
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 1001
port hybrid untagged vlan 1001
#
bgp 65410
router-id 10.10.10.10
peer 2001::2 as-number 100
#
ipv6-family unicast
undo synchronization
import-route direct
ipv6
#
vlan batch 101 1011
#
interface Vlanif101
ipv6 enable
ipv6 address 2005::1/64
ripng 100 enable
#
interface Vlanif1011
ipv6 enable
ipv6 address 1999::1/64
ripng 100 enable
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 101
port hybrid untagged vlan 101
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 1011
port hybrid untagged vlan 1011
#
ripng 100
#
return
GE1/0/0 GE2/0/0
VLAN30 VLAN40
GE3/0/0 GE3/01
Hub-PE
GE1/0/0 GE2/0/0
GE1/0/0 GE1/0/0
Spoke-CE1 Spoke-CE2
AS: 65410 AS: 65420
Loopback1 - 2.2.2.9/32 -
Loopback1 - 1.1.1.9/32 -
Loopback1 - 3.3.3.9/32 -
Configuration Roadmap
The configuration roadmap is as follows:
1. Set up tunnel and IBGP peer relation between the Hub-PE and the Spoke-PE. Do not set
up IBGP peer relation between Spoke-PEs because they do not exchange VPN routes.
2. Create two IPv6 VPN instances, namely, vpn_in and vpn_out, on the Hub-PE. The VPN
target received by vpn_in is the same as the VPN target advertised by the Spoke-PEs. The
VPN target advertised by vpn_out is different from the received VPN target, but is the
same as the VPN target received by the Spoke-PEs.
3. Create an IPv6 VPN instance on the Spoke-PE. The VPN target received by the IPv6 VPN
instance is the same as the VPN target advertised by vpn_out, and the VPN target advertised
by the IPv6 VPN instance is the same as the VPN target received by vpn_in.
4. Run BGP4+ between the CE and the PE.
5. Configure the Hub-PE to accept the routes in an AS whose number is repeated once.
Data Preparation
To complete the configuration, you need the following data:
l MPLS LSR IDs of the PEs
l VPN instance names, RDs, and VPN targets of the Hub-PE and Spoke-PE
Procedure
Step 1 Configure an IGP protocol on the backbone network to make the Hub-PE and the Spoke-PE
communicate with each other.
In this example, OSPF is used as IGP and the configuration procedure is not mentioned.
After configuration, an OSPF neighbor relation is set up between the PEs. Run the display ospf
peer command, and you can see that the neighbor relation is in Full state. Run the display ip
routing-table command on the PEs, and you can see that the PEs can learn the routes on the
loopback interface of each other.
Step 2 Configure the basic MPLS capability and MPLS LDP on the backbone network and set up an
LDP LSP.
The configuration details are not mentioned here.
After the configuration, LDP peer relation can be set up between the Hub-PE and the Spoke-
PEs. Run the display mpls ldp session command on each Switch, and you can see that the
session status is Operational.
Step 3 Configure the IPv6 VPN instances on each PE and connect the CEs to the PEs.
NOTE
The VPN targets of the two IPv6 VPNs on the Hub-PE are advertised by the two Spoke-PE, and
the advertised VPN target is different from the received VPN target.
Configure the IPv6 VPN instances on the Spoke-PE. The imported VPN target for the VPN on
the Spoke-PE is advertised by the Hub-PE.
# Configure Spoke-PE1.
<Spoke-PE1> system-view
[Spoke-PE1] ipv6 vpn6-instance vpna
[Spoke-PE1-vpn6-instance-vpna] route-distinguisher 100:1
[Spoke-PE1-vpn6-instance-vpna] vpn-target 100:1 export-extcommunity
[Spoke-PE1-vpn6-instance-vpna] vpn-target 200:1 import-extcommunity
[Spoke-PE1-vpn6-instance-vpna] quit
[Spoke-PE1] interface vlanif 50
[Spoke-PE1-Vlanif50] ipv6 enable
[Spoke-PE1-Vlanif50] ipv6 binding vpn6-instance vpna
[Spoke-PE1-Vlanif50] ipv6 address 2001::2 64
[Spoke-PE1-Vlanif50] quit
# Configure Spoke-PE2.
<Spoke-PE2> system-view
[Spoke-PE2] ipv6 vpn6-instance vpna
[Spoke-PE2-vpn6-instance-vpna] route-distinguisher 100:3
[Spoke-PE2-vpn6-instance-vpna] vpn-target 100:1 export-extcommunity
[Spoke-PE2-vpn6-instance-vpna] vpn-target 200:1 import-extcommunity
[Spoke-PE2-vpn6-instance-vpna] quit
[Spoke-PE2] interface vlanif 60
[Spoke-PE2-Vlanif60] ipv6 enable
[Spoke-PE2-Vlanif60] ipv6 binding vpn6-instance vpna
[Spoke-PE2-Vlanif60] ipv6 address 2002::2 64
[Spoke-PE2-Vlanif60] quit
# Configure IP addresses of the interfaces on the CE devices according to Figure 4-3. The
configuration procedure is not mentioned here.
After the configuration, run the display ipv6 vpn6-instance verbose command on the PEs, and
you can view the configuration of the IPv6 VPN instances.
Take the display on Hub-PE as an example.
[Hub-PE] display ipv6 vpn6-instance verbose
Total VPN6-Instances configured : 2
Step 4 Set up the EBGP peer relations between PEs and CEs to import VPN routes.
# Configure Spoke-CE1.
<Spoke-CE1> system-view
[Spoke-CE1] bgp 65410
[Spoke-CE1-bgp] router-id 10.10.10.10
[Spoke-CE1-bgp] peer 2001::2 as-number 100
[Spoke-CE1-bgp] ipv6-family unicast
[Spoke-CE1-bgp-af-ipv6] peer 2001::2 enable
[Spoke-CE1-bgp-af-ipv6] import-route direct
[Spoke-CE1-bgp-af-ipv6] quit
[Spoke-CE1-bgp] quit
# Configure Spoke-PE1.
[Spoke-PE1] bgp 100
[Spoke-PE1-bgp] ipv6-family vpn6-instance vpna
[Spoke-PE1-bgp6-vpna] peer 2001::1 as-number 65410
[Spoke-PE1-bgp6-vpna] import-route direct
[Spoke-PE1-bgp6-vpna] quit
[Spoke-PE1-bgp] quit
# Configure Spoke-CE2.
<Spoke-CE2> system-view
[Spoke-CE2] bgp 65420
[Spoke-CE2-bgp] router-id 20.20.20.20
[Spoke-CE2-bgp] peer 2002::2 as-number 100
[Spoke-CE2-bgp] ipv6-family unicast
[Spoke-CE2-bgp-af-ipv6] peer 2002::2 enable
[Spoke-CE2-bgp-af-ipv6] import-route direct
[Spoke-CE2-bgp-af-ipv6] quit
[Spoke-CE2-bgp] quit
# Configure Spoke-PE2.
[Spoke-PE2] bgp 100
[Spoke-PE2-bgp] ipv6-family vpn6-instance vpna
[Spoke-PE2-bgp6-vpna] peer 2001::1 as-number 65420
[Spoke-PE2-bgp6-vpna] import-route direct
[Spoke-PE2-bgp6-vpna] quit
[Spoke-PE2-bgp] quit
After the configuration, run the display bgp vpnv6 all peer command on a PE, and you can
find that the BGP peer relation between the PE and the CE is in Established state. By running
the ping ipv6 vpn6-instance, you can see that each PE can ping its connected CE.
NOTE
If multiple interfaces on a PE are bound to the same VPN, you must specify the source IPv6 address when
you run the ping ipv6 vpn6-instance command to ping the CE connected to the peer PE. That is, specify
-a source-ipv6-address in the ping ipv6 vpn6-instance vpn6-instance-name -a source-ipv6-address dest-
ipv6-address command. Otherwise, the ping operation may fail.
The Spoke-PE does not need to allow the repeated ASN, because the Switch does not check the AS path
attribute in the routing information advertised by the IBGP peers.
# Configure Spoke-PE1.
# Configure Spoke-PE2.
[Spoke-PE2] bgp 100
[Spoke-PE2-bgp] peer 2.2.2.9 as-number 100
[Spoke-PE2-bgp] peer 2.2.2.9 connect-interface loopback 1
[Spoke-PE2-bgp] ipv6-family vpnv6
[Spoke-PE2-bgp-af-vpnv6] peer 2.2.2.9 enable
[Spoke-PE2-bgp-af-vpnv6] quit
After the configuration, run the display bgp peer or display bgp vpnv6 all peer command on
each PE, and you can see that the BGP peer relation between the PEs is in Established state.
Step 6 Verify the configuration.
After the configuration, the Spoke-CEs can ping each other. Run the tracert command, and you
can see that the traffic between the Spoke-CEs is forwarded through the Hub-CE. You can also
deduce the number of forwarding devices between the Spoke-CEs based on the TTL in the ping
result.
Take the display on Spoke-CE1 as an example.
[Spoke-CE1] ping ipv6 2002::1
PING 2002::1 : 56 data bytes, press CTRL_C to break
Reply from 2002::1
bytes=56 Sequence=1 hop limit=59 time = 187 ms
Reply from 2002::1
bytes=56 Sequence=2 hop limit=59 time = 187 ms
Reply from 2002::1
bytes=56 Sequence=3 hop limit=59 time = 187 ms
Reply from 2002::1
bytes=56 Sequence=4 hop limit=59 time = 187 ms
Reply from 2002::1
bytes=56 Sequence=5 hop limit=59 time = 187 ms
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 187/187/187 ms
Run the display bgp ipv6 routing-table command on the Spoke-CE, and you can see the
repeated ASNs in AS paths of the BGP routes to the remote Spoke-CE.
Take the display on Spoke-CE1 as an example.
[Spoke-CE1] display bgp ipv6 routing-table
*
NextHop : 2001::2 LocPrf :
MED : 0 PrefVal : 0
Label :
Path/Ogn : 100 ?
*>
Network : 2002:: PrefixLen : 64
NextHop : 2001::2 LocPrf :
MED : PrefVal : 0
Label :
Path/Ogn : 100 65430 100 ?
NextHop : :: LocPrf :
MED : 0 PrefVal : 0
Label :
Path/Ogn : ?
----End
Configuration Files
l Configuration file of Spoke-CE1
#
sysname Spoke-CE1
#
ipv6
#
vlan batch 50
#
interface Vlanif50
ipv6 enable
ipv6 address 2001::1/64
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
bgp 65410
router-id 10.10.10.10
peer 2001::2 as-number 100
#
ipv6-family unicast
undo synchronization
import-route direct
peer 2001::2 enable
#
return
interface GigabitEthernet2/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
#
ipv6-family vpnv6
policy vpn-target
peer 2.2.2.9 enable
#
ipv6-family vpn6-instance vpna
peer 2001::1 as-number 65410
import-route direct
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
return
l Configuration file of Spoke-PE2
#
sysname Spoke-PE2
#
ipv6
#
vlan batch 20 60
#
ipv6 vpn6-instance vpna
route-distinguisher 100:3
vpn-target 100:1 export-extcommunity
vpn-target 200:1 import-extcommunity
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 11.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif60
ipv6 enable
ipv6 binding vpn6-instance vpna
ipv6 address 2002::2/64
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
bgp 65420
router-id 20.20.20.20
peer 2002::2 as-number 100
#
ipv6-family unicast
undo synchronization
import-route direct
peer 2002::2 enable
#
return
l Configuration file of Hub-CE
#
sysname Hub-CE
#
ipv6
#
vlan batch 30 40
#
interface Vlanif30
ipv6 enable
ipv6 address 2003::1/64
#
interface Vlanif40
ipv6 enable
ipv6 address 2004::1/64
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 60
port hybrid untagged vlan 60
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
bgp 65430
router-id 30.30.30.30
peer 2003::2 as-number 100
peer 2004::2 as-number 100
#
ipv6-family unicast
undo synchronization
import-route direct
peer 2003::2 enable
peer 2004::2 enable
#
return
l Configuration file of Hub-PE
#
sysname Hub-PE
#
ipv6
#
vlan batch 10 20 30 40
#
ipv6 vpn6-instance vpn_in
route-distinguisher 100:21
vpn-target 100:1 import-extcommunity
#
ipv6 vpn6-instance vpn_out
route-distinguisher 100:22
vpn-target 200:1 export-extcommunity
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif10
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif20
ip address 11.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ipv6 enable
ipv6 binding vpn6-instance vpn_in
ipv6 address 2003::2/64
#
interface Vlanif 40
ipv6 enable
ipv6 binding vpn6-instance vpn_in
ipv6 address 2004::2/64
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface GigabitEthernet3/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet3/0/1
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
peer 3.3.3.9 enable
#
ipv6-family vpnv6
policy vpn-target
peer 1.1.1.9 enable
peer 3.3.3.9 enable
#
ipv6-family vpn6-instance vpn_in
peer 2003::1 as-number 65430
import-route direct
#
ipv6-family vpn6-instance vpn_out
peer 2004::1 as-number 65430
peer 2004::1 allow-as-loop
import-route direct
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 11.1.1.0 0.0.0.255
#
return
GE1/0/0 GE2/0/0
VLAN30 VLAN40
GE3/0/0 GE3/01
Hub-PE
GE1/0/0 GE2/0/0
GE1/0/0 GE1/0/0
Spoke-CE1 Spoke-CE2
AS: 65410 AS: 65420
Loopback1 - 2.2.2.9/32 -
Loopback1 - 1.1.1.9/32 -
Loopback1 - 3.3.3.9/32 -
Configuration Roadmap
The configuration roadmap is as follows:
1. Set up tunnel and IBGP peer relation between the Hub-PE and the Spoke-PE. Do not set
up IBGP peer relation between Spoke-PEs because they do not exchange VPN routes.
2. Create two IPv6 VPN instances, namely, vpn_in and vpn_out, on the Hub-PE. The VPN
target received by vpn_in is the same as the VPN target advertised by the Spoke-PEs. The
VPN target advertised by vpn_out is different from the received VPN target, but is the
same as the VPN target received by the Spoke-PEs.
3. Create an IPv6 VPN instance on the Spoke-PE. The VPN target received by the IPv6 VPN
instance is the same as the VPN target advertised by vpn_out, and the VPN target advertised
by the IPv6 VPN instance is the same as the VPN target received by vpn_in.
4. Configure the default route as follows:
l Configure the IPv6 default route on the Hub-CE. Set the next hop of the route as the
IPv6 address of the Hub-PE's interface bound to vpn_in.
l Configure the default route for vpn_out on the Hub-PE. Set the next hop of the default
route as the address of the Hub-CE.
l In the BGP VPN6-instance address family view of vpn_out on the Hub-PE, run the
network :: 0 command to advertise the default route to all Spoke sites.
5. Configure BGP4+ between Spoke-PE and Spoke-CE.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure an IGP protocol on the backbone network to make the Hub-PE and the Spoke-PE
communicate with each other.
In this example, OSPF is used as IGP and the configuration procedure is not mentioned.
After configuration, an OSPF neighbor relation is set up between the PEs. Run the display ospf
peer command, and you can see that the neighbor relation is in Full state. Run the display ip
routing-table command on the PEs, and you can see that the PEs can learn the routes on the
loopback interface of each other.
Step 2 Configure the basic MPLS capability and MPLS LDP on the backbone network and set up an
LDP LSP.
After the configuration, LDP peer relation can be set up between the Hub-PE and the Spoke-
PEs. Run the display mpls ldp session command on each Switch, and you can see that the
session status is Operational.
Step 3 Configure the IPv6 VPN instance on each PE and connect the CEs to the PEs.
NOTE
The VPN targets of the two IPv6 VPNs on the Hub-PE are advertised by the two Spoke-PE, and
the advertised VPN target is different from the received VPN target.
Configure the IPv6 VPN instances on the Spoke-PE. The imported VPN target for the VPN on
the Spoke-PE is advertised by the Hub-PE.
# Configure Spoke-PE1.
<Spoke-PE1> system-view
[Spoke-PE1] ipv6 vpn6-instance vpna
[Spoke-PE1-vpn6-instance-vpna] route-distinguisher 100:1
[Spoke-PE1-vpn6-instance-vpna] vpn-target 100:1 export-extcommunity
[Spoke-PE1-vpn6-instance-vpna] vpn-target 200:1 import-extcommunity
[Spoke-PE1-vpn6-instance-vpna] quit
[Spoke-PE1] interface vlanif 50
[Spoke-PE1-Vlanif50] ipv6 enable
[Spoke-PE1-Vlanif50] ipv6 binding vpn6-instance vpna
[Spoke-PE1-Vlanif50] ipv6 address 2001::2 64
[Spoke-PE1-Vlanif50] quit
# Configure Spoke-PE2.
<Spoke-PE2> system-view
[Spoke-PE2] ipv6 vpn6-instance vpna
[Spoke-PE2-vpn6-instance-vpna] route-distinguisher 100:3
[Spoke-PE2-vpn6-instance-vpna] vpn-target 100:1 export-extcommunity
[Spoke-PE2-vpn6-instance-vpna] vpn-target 200:1 import-extcommunity
[Spoke-PE2-vpn6-instance-vpna] quit
[Spoke-PE2] interface vlanif 60
[Spoke-PE2-Vlanif60] ipv6 enable
[Spoke-PE2-Vlanif60] ipv6 binding vpn6-instance vpna
[Spoke-PE2-Vlanif60] ipv6 address 2002::2 64
[Spoke-PE2-Vlanif60] quit
# Configure IP addresses of the interfaces on the CEs according to Figure 4-4. The configuration
procedure is not mentioned here.
After the configuration, run the display ipv6 vpn6-instance verbose command on the PEs, and
you can view the configuration of the IPv6 VPN instances.
Take the display on Hub-PE as an example.
[Hub-PE] display ipv6 vpn6-instance verbose
Total VPN6-Instances configured : 2
Step 4 Set up EBGP peer relation between the Spoke-PE and the Spoke-CE and import VPN routes.
# Configure Spoke-CE1.
<Spoke-CE1> system-view
[Spoke-CE1] bgp 65410
[Spoke-CE1-bgp] router-id 10.10.10.10
[Spoke-CE1-bgp] peer 2001::2 as-number 100
[Spoke-CE1-bgp] ipv6-family unicast
[Spoke-CE1-bgp-af-ipv6] peer 2001::2 enable
[Spoke-CE1-bgp-af-ipv6] import-route direct
[Spoke-CE1-bgp-af-ipv6] quit
[Spoke-CE1-bgp] quit
# Configure Spoke-PE1.
[Spoke-PE1] bgp 100
[Spoke-PE1-bgp] ipv6-family vpn6-instance vpna
[Spoke-PE1-bgp6-vpna] peer 2001::1 as-number 65410
[Spoke-PE1-bgp6-vpna] import-route direct
[Spoke-PE1-bgp6-vpna] quit
[Spoke-PE1-bgp] quit
# Configure Spoke-CE2.
<Spoke-CE2> system-view
[Spoke-CE2] bgp 65420
[Spoke-CE2-bgp] router-id 20.20.20.20
[Spoke-CE2-bgp] peer 2002::2 as-number 100
[Spoke-CE2-bgp] ipv6-family unicast
[Spoke-CE2-bgp-af-ipv6] peer 2002::2 enable
[Spoke-CE2-bgp-af-ipv6] import-route direct
[Spoke-CE2-bgp-af-ipv6] quit
[Spoke-CE2-bgp] quit
# Configure Spoke-PE2.
[Spoke-PE2] bgp 100
[Spoke-PE2-bgp] ipv6-family vpn6-instance vpna
[Spoke-PE2-bgp6-vpna] peer 2001::1 as-number 65420
[Spoke-PE2-bgp6-vpna] import-route direct
[Spoke-PE2-bgp6-vpna] quit
[Spoke-PE2-bgp] quit
After the configuration, run the display bgp vpnv6 all peer command on a PE, and you can
find that the BGP peer relation between the PE and the CE is in Established state. By running
the ping ipv6 vpn6-instance, you can see that each PE can ping its connected CE.
NOTE
If multiple interfaces on a PE are bound to the same VPN, you must specify the source IPv6 address when
you run the ping ipv6 vpn6-instance command to ping the CE connected to the peer PE. That is, specify
-a source-ipv6-address in the ping ipv6 vpn6-instance vpn6-instance-name -a source-ipv6-address dest-
ipv6-address command. Otherwise, the ping operation may fail.
Step 5 Configure the default route on the Hub-PE and the Hub-CE.
# Configure the Hub-CE.
<Hub-CE> system-view
[Hub-CE] ipv6 route-static :: 0 2003::2
The Spoke-PE does not need to allow the repeated ASN, because the Switch does not check the AS path
attribute in the routing information advertised by the IBGP peers.
# Configure Spoke-PE1.
[Spoke-PE1] bgp 100
[Spoke-PE1-bgp] peer 2.2.2.9 as-number 100
[Spoke-PE1-bgp] peer 2.2.2.9 connect-interface loopback 1
[Spoke-PE1-bgp] ipv6-family vpnv6
[Spoke-PE1-bgp-af-vpnv6] peer 2.2.2.9 enable
[Spoke-PE1-bgp-af-vpnv6] quit
# Configure Spoke-PE2.
[Spoke-PE2] bgp 100
[Spoke-PE2-bgp] peer 2.2.2.9 as-number 100
[Spoke-PE2-bgp] peer 2.2.2.9 connect-interface loopback 1
[Spoke-PE2-bgp] ipv6-family vpnv6
[Spoke-PE2-bgp-af-vpnv6] peer 2.2.2.9 enable
[Spoke-PE2-bgp-af-vpnv6] quit
After the configuration, run the display bgp vpnv6 all peer command on each PE, and you can
see that the MP-IBGP peer relation between the PEs is in Established state.
Step 7 Verify the configuration.
After the preceding configurations, check the BGP IPv6 VPN routes on the Spoke-PE. You can
find that the default route of vpn_out on the Hub-PE is advertised to each Spoke-PE.
Take the display on Spoke-PE1 as an example.
[Spoke-PE1] display bgp vpnv6 all routing-table
BGP Local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
*
NextHop : 2001::1 LocPrf :
MED : 0 PrefVal : 0
Label : NULL
Path/Ogn : 65410 ?
After the configuration, the Spoke-CEs can ping each other. Run the tracert command, and you
can see that the traffic between the Spoke-CEs is forwarded through the Hub-CE. You can also
deduce the number of forwarding devices between the Spoke-CEs based on the TTL in the ping
result.
Take the display on Spoke-CE1 as an example.
[Spoke-CE1] ping ipv6 2002::1
PING 2002::1 : 56 data bytes, press CTRL_C to break
Reply from 2002::1
bytes=56 Sequence=1 hop limit=59 time = 187 ms
Reply from 2002::1
bytes=56 Sequence=2 hop limit=59 time = 187 ms
Reply from 2002::1
bytes=56 Sequence=3 hop limit=59 time = 187 ms
Reply from 2002::1
bytes=56 Sequence=4 hop limit=59 time = 187 ms
Reply from 2002::1
bytes=56 Sequence=5 hop limit=59 time = 187 ms
Run the display bgp ipv6 routing-table command on the Spoke-CE, and you can see the default
route advertised by BGP on the peer Spoke-PE. Run the display ipv6 routing-table command,
and you can see the default route whose next hop is the peer Spoke-PE.
Take the display on Spoke-CE1 as an example.
[Spoke-CE1] display bgp ipv6 routing-table
*
NextHop : 2001::2 LocPrf :
MED : 0 PrefVal : 0
Label :
Path/Ogn : 100 ?
----End
Configuration Files
l Configuration file of Spoke-CE1
#
sysname Spoke-CE1
#
ipv6
#
vlan batch 50
#
interface Vlanif50
ipv6 enable
ipv6 address 2001::1/64
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
bgp 65410
router-id 10.10.10.10
peer 2001::2 as-number 100
#
ipv6-family unicast
undo synchronization
import-route direct
peer 2001::2 enable
#
return
policy vpn-target
peer 2.2.2.9 enable
#
ipv6-family vpn6-instance vpna
peer 2002::1 as-number 65420
import-route direct
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 11.1.1.0 0.0.0.255
#
return
Context
As shown in Figure 4-5, CE1 and CE2 belong to the same VPN. CE1 accesses PE1 through AS
100, and CE2 accesses PE2 through AS 200.
The inter-AS BGP/MPLS IPv6 VPN is implemented through Option A. That is, the VRF-to-
VRF method is used to manage VPN routes.
GE2/0/0 GE2/0/0
VLAN 2001::2/64 2002::2/24 VLAN
10 10
GE1/0/0 GE1/0/0
2001::1/64 2002::1/24
CE1
CE2
AS 65001 AS 65002
Configuration Roadmap
The configuration roadmap is as follows:
1. Set up the EBGP peer relation between the PE and the CE and set up MP-IBGP peer relation
between the PE and the ASBR.
2. Create an IPv6 VPN instance on each ASBR and bind each instance to the interface
connected to the other ASBR (regarding the ASBR as its CE) and set up the EBGP peer
relation between the ASBR.
Data Preparation
To complete the configuration, you need the following data:
l MPLS LSR IDs of PEs and ASBR-PEs
l IPv6 VPN instance names, RDs, and VPN targets for the PEs and ABSRs
Procedure
Step 1 Specify the VLAN IDs that are allowed by the interfaces, as shown in Figure 4-5.
The configuration procedure is not mentioned here.
Step 2 On the MPLS backbone networks in AS 100 and AS 200, configure an IGP protocol so that the
PEs and the ASBRs on the network can communicate with each other.
The OSPF protocol is used in this example and the configuration procedure is not mentioned
here.
NOTE
The 32-bit loopback interface address used as the LSR ID must be advertised by OSPF.
After the configuration, the OSPF neighbor relation can be established between the ASBR and
the PE in the same AS. Run the display ospf peer command, and you can find that the neighbor
status is Full.
The ASBR and PE in the same AS can ping each other and learn the loopback interface address
of each other.
Step 3 Configure the basic MPLS function and MPLS LDP on the MPLS backbone networks of AS
100 and AS 200 and set up the MPLS LDP LSP.
# Configure the basic MPLS function on PE1 and enable LDP on the interface connected to
ASBR-PE1.
<PE1> system-view
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 11
[PE1-Vlanif11] mpls
[PE1-Vlanif11] mpls ldp
[PE1-Vlanif11] quit
# Configure the basic MPLS function on ASBR-PE1 and enable LDP on the interface connected
to PE1.
<ASBR-PE1> system-view
[ASBR-PE1] mpls lsr-id 2.2.2.9
[ASBR-PE1] mpls
[ASBR-PE1-mpls] quit
[ASBR-PE1] mpls ldp
[ASBR-PE1-mpls-ldp] quit
[ASBR-PE1] interface vlanif 11
[ASBR-PE1-Vlanif11] mpls
[ASBR-PE1-Vlanif11] mpls ldp
[ASBR-PE1-Vlanif11] quit
# Configure the basic MPLS function on ASBR-PE2 and enable LDP on the interface connected
to PE2.
<ASBR-PE2> system-view
[ASBR-PE2] mpls lsr-id 3.3.3.9
[ASBR-PE2] mpls
[ASBR-PE2-mpls] quit
[ASBR-PE2] mpls ldp
[ASBR-PE2-mpls-ldp] quit
[ASBR-PE2] interface vlanif 22
[ASBR-PE2-Vlanif22] mpls
[ASBR-PE2-Vlanif22] mpls ldp
[ASBR-PE2-Vlanif22] quit
# Configure the basic MPLS function on PE2 and enable LDP on the interface connected to
ASBR-PE2.
<PE2> system-view
[PE2] mpls lsr-id 4.4.4.9
[PE2] mpls
[PE2-mpls] lsp-trigger all
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 22
[PE2-Vlanif22] mpls
[PE2-Vlanif22] mpls ldp
[PE2-Vlanif22] quit
After the configuration, the LDP peer relation can be set up between the PE and ASBR in the
same AS. Run the display mpls ldp session command on each device, and you can see that the
session state is Operational.
Take the display on PE1 as an example:
[PE1] display mpls ldp session
Step 4 Configure the basic BGP/MPLS IPv6 VPNs in AS 100 and AS 200.
NOTE
The VPN targets of the IPv6 VPN instances of the ASBR and PE in an AS should match each other. In
different ASs, the VPN targets of the PEs do not need to match.
# Configure CE1.
<CE1> system-view
[CE1] interface vlanif 10
[CE1-Vlanif10] ipv6 enable
[CE1-Vlanif10] ipv6 address 2001::1 64
[CE1-Vlanif10] quit
[CE1] bgp 65001
[CE1-bgp] router-id 10.10.10.10
[CE1-bgp] peer 2001::2 as-number 100
[CE1-bgp] ipv6-family unicast
[CE1-bgp-af-ipv6] peer 2001::2 enable
[CE1-bgp-af-ipv6] import-route direct
[CE1-bgp-af-ipv6] quit
[CE1-bgp] quit
NOTE
The configurations on CE2, PE2, and ASBR-PE2 are similar to the configurations on CE1, PE1 and ASBR-
PE1 and are not mentioned here.
After the configuration, run the display bgp vpnv6 vpn6-instance peer command on a PE, and
you can find that the BGP peer relation between the PE and CE is in Established state. By running
the display bgp vpnv6 all peer command, you can see the BGP peer relations are set up between
the PE and CE, and between the PE and ASBR.
Take the display on PE1 as an example:
[PE1] display bgp vpnv6 vpn6-instance vpn1 peer
# On ASBR-PE2, create an IPv6 VPN instance and bind the instance to the interface connected
to ASBR-PE1 (ASBR-PE2 regards ASBR-PE1 as its own CE).
[ASBR-PE2] ipv6 vpn6-instance vpn1
[ASBR-PE2-vpn6-instance-vpn1] route-distinguisher 200:2
[ASBR-PE2-vpn6-instance-vpn1] vpn-target 2:2 both
[ASBR-PE2-vpn6-instance-vpn1] quit
[ASBR-PE2] interface vlanif 12
[ASBR-PE2-Vlanif12] ipv6 enable
[ASBR-PE2-Vlanif12] ipv6 binding vpn6-instance vpn1
[ASBR-PE2-Vlanif12] ipv6 address 2003::2 64
[ASBR-PE2-Vlanif12] quit
By running the display bgp vpnv6 vpn6-instance peer command, you can see that the BGP
peer relation is established between the ASBR-PEs.
Step 6 Verify the configuration.
After the preceding configuration, CEs can learn the routes from the interfaces of each other,
and CE1 and CE2 can ping each other successfully. Take the display on CE1 as an example:
Run the display ipv6 routing-table vpn6-instance command on an ASBR, and you can see the
IPv6 VPN routing table on the ASBR. Take the display on ASBR-PE1 for example.
<ASBR-PE1> display ipv6 routing-table vpn6-instance vpn1
Routing Table : vpn1
Destinations : 5 Routes : 5
Run the display bgp vpnv6 all routing-table command on the ASBR, and you can see the IPv6
VPN routes of the ASBR. Take the display on ASBR-PE1 for example.
<ASBR-PE1> display bgp vpnv6 all routing-table
*
NextHop : 2003::2 LocPrf :
MED : 0 PrefVal : 0
Label : NULL
Path/Ogn : 200 ?
MED : 0 PrefVal : 0
Label : NULL
Path/Ogn : ?
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
ipv6
#
vlan batch 10
#
interface Vlanif10
ipv6 enable
ipv6 address 2001::1/64
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
bgp 65001
router-id 10.10.10.10
peer 2001::2 as-number 100
#
ipv6-family unicast
undo synchronization
import-route direct
peer 2001::2 enable
#
return
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 11
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
#
ipv6-family vpnv6
policy vpn-target
peer 2.2.2.9 enable
#
ipv6-family vpn6-instance vpn1
peer 2001::1 as-number 65001
import-route direct
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
return
l Configuration file of ASBR-PE1
#
sysname ASBR-PE1
#
ipv6
#
vlan batch 11 12
#
ipv6 vpn6-instance vpn1
route-distinguisher 100:2
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif11
ip address 172.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif12
ipv6 enable
ipv6 binding vpn6-instance vpn1
ipv6 address 2003::1/64
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 11
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 12
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
import-route direct
peer 1.1.1.9 enable
#
ipv6-family vpnv6
policy vpn-target
peer 1.1.1.9 enable
#
ipv6-family vpn6-instance vpn1
peer 2003::2 as-number 200
import-route direct
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 172.1.1.0 0.0.0.255
#
return
l Configuration file of ASBR-PE2
#
sysname ASBR-PE2
#
ipv6
#
vlan batch 12 22
#
ipv6 vpn6-instance vpn1
route-distinguisher 200:2
vpn-target 2:2 export-extcommunity
vpn-target 2:2 import-extcommunity
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
interface Vlanif12
ipv6 enable
ipv6 binding vpn6-instance vpn1
ipv6 address 2003::2/64
#
interface Vlanif22
ip address 162.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 22
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 12
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 200
peer 4.4.4.9 as-number 200
peer 4.4.4.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 4.4.4.9 enable
#
ipv6-family vpnv6
policy vpn-target
peer 4.4.4.9 enable
#
ipv6-family vpn6-instance vpn1
peer 2003::1 as-number 100
import-route direct
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 162.1.1.0 0.0.0.255
#
return
l Configuration file of PE2
#
sysname PE2
#
ipv6
#
vlan batch 10 22
#
ipv6 vpn6-instance vpn1
route-distinguisher 200:1
vpn-target 2:2 export-extcommunity
vpn-target 2:2 import-extcommunity
#
mpls lsr-id 4.4.4.9
mpls
#
mpls ldp
#
interface Vlanif10
ipv6 enable
ipv6 binding vpn6-instance vpn1
ipv6 address 2002::2/64
#
interface Vlanif22
ip address 162.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 22
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
interface LoopBack1
ip address 4.4.4.9 255.255.255.255
#
bgp 200
peer 3.3.3.9 as-number 200
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.9 enable
#
ipv6-family vpnv6
policy vpn-target
peer 3.3.3.9 enable
#
ipv6-family vpn6-instance vpn1
peer 2002::1 as-number 65002
import-route direct
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 162.1.1.0 0.0.0.255
#
return
P1 Loopback1 - 5.5.5.5/32 -
P2 Loopback1 - 6.6.6.6/32 -
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the ID of the VLAN that each interface belongs to, as shown in Figure 4-6.
Step 2 Configure an IGP protocol on the MPLS backbone network so that PEs and Ps can communicate
with each other.
# Configure PE1.
# Set IP addresses of interfaces. The IP addresses of the loopback interfaces must use a mask of
32 bits.
<PE1> system-view
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] ip address 100.1.1.1 30
[PE1-Vlanif10] quit
The configurations of PE2, PE3, PE4, P1, and P2 are similar to the configuration of PE1, and
are not mentioned here.
After the configuration is complete, run the display ip routing-table command. you can see
that PE1 and PE2 can learn the routes of Loopback1 interface of each other; PE2 and PE4 can
learn routes of Loopback1 interface of each other.
Take the display on PE1 as an example.
[PE1] display ip routing-table
Routing Tables: Public
Destinations : 10 Routes : 10
Step 3 Configure basic MPLS functions, enable MPLS LDP, and establish LDP LSPs on the MPLS
backbone network.
# Configure PE1.
# Enable MPLS and LDP in the system view, set the LSR ID to the IP address of the loopback
interface, and trigger the LSP.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
# Enable MPLS and LDP on the interface connected to the backbone network.
[PE1] interface vlanif 10
[PE1-Vlanif10] mpls
[PE1-Vlanif10] mpls ldp
[PE1-Vlanif10] quit
# The configurations of PE2, PE3, PE4, P1, and P2 are similar to the configuration of PE1, and
are not mentioned here.
After the preceding configurations, LDP sessions should be set up between PE1 and P, and
between PE2 and P. Run the display mpls ldp session command, and you can see that Status
is Operational. Run the display mpls ldp lsp command, and you can see the establishment
status of the LDP LSP.
Take the display on PE1 as an example.
<PE1> display mpls ldp session
Step 4 Configure VPN instances on each PE and connect the CEs to the PEs.
# Configure PE1.
# Enable IPv6, create a VPN instance, and set the RD and VPN target of the VPN instance. The
VPN target set on the local PE must be the same as the VPN target of the MP-BGP peer PE so
that the sites in the same VPN can access each other.
[PE1] ipv6
[PE1] ipv6 vpn6-instance vpn1
[PE1-vpn6-instance-vpn1] route-distinguisher 100:1
[PE1-vpn6-instance-vpn1] vpn-target 1:1 both
[PE1-vpn6-instance-vpn1] quit
# Bind the interface connected to the CE to the VPN instance and set the IP address of the
interface.
[PE1] interface vlanif 101
[PE1-Vlanif101] ipv6 enable
[PE1-Vlanif101] ipv6 binding vpn6-instance vpn1
[PE1-Vlanif101] ipv6 address 2001::2 64
[PE1-Vlanif101] quit
# Configure PE2.
# Enable IPv6, create a VPN instance, and set the RD and VPN target of the VPN instance. The
VPN target set on the local PE must be the same as the VPN target of the MP-BGP peer PE so
that the sites in the same VPN can access each other.
[PE2] ipv6
[PE2] ipv6 vpn6-instance vpn1
[PE2-vpn6-instance-vpn1] route-distinguisher 100:2
[PE2-vpn6-instance-vpn1] vpn-target 1:1 both
[PE2-vpn6-instance-vpn1] quit
# Bind the interface connected to the CE to the VPN instance and set the IP address of the
interface.
[PE2] interface vlanif 102
[PE2-Vlanif102] ipv6 enable
[PE2-Vlanif102] ipv6 binding vpn6-instance vpn1
[PE2-Vlanif102] ipv6 address 2002::2 64
[PE2-Vlanif102] quit
# Configure PE3.
# Enable IPv6, create a VPN instance, and set the RD and VPN target of the VPN instance. The
VPN target set on the local PE must be the same as the VPN target of the MP-BGP peer PE so
that the sites in the same VPN can access each other.
[PE3] ipv6 vpn6-instance vpn1
[PE3-vpn6-instance-vpn1] route-distinguisher 100:3
[PE3-vpn6-instance-vpn1] vpn-target 1:1 both
[PE3-vpn6-instance-vpn1] quit
# Bind the interface connected to the CE to the VPN instance and set the IP address of the
interface.
[PE3] interface vlanif 103
[PE3-Vlanif103] ipv6 enable
[PE3-Vlanif103] ipv6 binding vpn6-instance vpn1
[PE3-Vlanif103] ipv6 address 2003::2 64
[PE3-Vlanif103] quit
# Configure PE4.
# Enable IPv6, create a VPN instance, and set the RD and VPN target of the VPN instance. The
VPN target set on the local PE must be the same as the VPN target of the MP-BGP peer PE so
that the sites in the same VPN can access each other.
[PE4] ipv6 vpn6-instance vpn1
[PE4-vpn6-instance-vpn1] route-distinguisher 100:4
[PE4-vpn6-instance-vpn1] vpn-target 1:1 both
[PE4-vpn6-instance-vpn1] quit
# Bind the interface connected to the CE to the VPN instance and set the IP address of the
interface.
[PE4] interface vlanif 104
[PE4-Vlanif104] ipv6 enable
[PE4-Vlanif104] ipv6 binding vpn6-instance vpn1
[PE4-Vlanif104] ipv6 address 2004::2 64
[PE4-Vlanif104] quit
# Configure IPv6 addresses of the interfaces on the CEs according to Figure 4-6. The
configuration procedure is not mentioned here.
After the configuration, run the display ipv6 vpn6-instance verbose command on the PEs, and
you can view the configuration of the IPv6 VPN instances.
Take the display on PE1 as an example.
<PE1> display ipv6 vpn6-instance verbose
Total VPN6-Instances configured : 1
Step 5 Configure EBGP between the PEs and the CEs to import the VPN routes.
# Configure CE1.
# Enable BGP, specify PE1 and PE2 as the EBGP peers, and import the direct route.
[CE1] bgp 65410
[CE1-bgp] router-id 10.10.10.10
[CE1-bgp] peer 2001::2 as-number 100
# Configure PE1.
# Enable BGP.
[PE1] bgp 100
# Enter the view of the BGP-IPv6 instance. Specify CE1 as the EBGP peer and import the direct
route.
[PE1-bgp] ipv6-family vpn6-instance vpn1
[PE1-bgp6-vpn1] peer 2001::1 as-number 65410
[PE1-bgp6-vpn1] import-route direct
[PE1-bgp6-vpn1] quit
# Configure PE2.
# Enable BGP.
[PE2] bgp 100
# Enter the view of the BGP-IPv6 instance. Specify CE1 as the EBGP peer and import the direct
route.
[PE2-bgp] ipv6-family vpn6-instance vpn1
[PE2-bgp6-vpn1] peer 2002::1 as-number 65410
[PE2-bgp6-vpn1] import-route direct
[PE2-bgp6-vpn1] quit
# Configure CE2.
# Enable BGP, specify PE3 and PE4 as the EBGP peers, and import the direct route.
[CE2] bgp 65420
[CE1-bgp] router-id 20.20.20.20
[CE2-bgp] peer 2003::2 as-number 100
[CE2-bgp] peer 2004::2 as-number 100
[CE2-bgp] ipv6-family unicast
[CE2-bgp-af-ipv6] peer 2003::2 enable
[CE2-bgp-af-ipv6] peer 2004::2 enable
[CE2-bgp-af-ipv6] import-route direct
[CE2-bgp-af-ipv6] quit
[CE2-bgp] quit
# Configure PE3.
# Enable BGP.
[PE3] bgp 100
# Enter the view of the BGP-IPv6 instance. Specify CE2 as the EBGP peer and import the direct
route.
[PE3-bgp] ipv6-family vpn6-instance vpn1
[PE3-bgp6-vpn1] peer 2003::1 as-number 65420
[PE3-bgp6-vpn1] import-route direct
[PE3-bgp6-vpn1] quit
# Configure PE4.
# Enable BGP.
# Enter the view of the BGP-IPv6 instance. Specify CE2 as the EBGP peer and import the direct
route.
[PE4-bgp] ipv6-family vpn6-instance vpn1
[PE4-bgp6-vpn1] peer 2004::1 as-number 65420
[PE4-bgp6-vpn1] import-route direct
[PE4-bgp6-vpn1] quit
After the configuration, run the display bgp vpnv6 vpn6-instance vpn6-instance-name peer
command on a PE, and you can see that the BGP peer relation between the PE and CE is in
Established state. The PE can ping the connected CE successfully.
Take the display on PE1 as an example.
[PE1] display bgp vpnv6 vpn6-instance vpn1 peer
# Enter the VPNv6 address family view and enable the exchange of the VPN IPv6 routing
information between the peers.
[PE1-bgp] ipv6-family vpnv6
[PE1-bgp-af-vpnv6] peer 3.3.3.3 enable
[PE1-bgp-af-vpnv6] quit
# Configure PE3.
# Specify PE1 as the IBGP peer. Configure the loopback interface to set up the IBGP connection.
[PE3] bgp 100
[PE3-bgp] peer 1.1.1.1 as-number 100
[PE3-bgp] peer 1.1.1.1 connect-interface loopback 1
# Enter the VPNv6 address family view and enable the exchange of the VPN IPv6 routing
information between the peers.
[PE3-bgp] ipv6-family vpnv6
[PE3-bgp-af-vpnv6] peer 1.1.1.1 enable
[PE3-bgp-af-vpnv6] quit
# Configure PE2.
# Specify PE4 as the IBGP peer. Configure the loopback interface to set up the IBGP connection.
[PE2] bgp 100
[PE2-bgp] peer 4.4.4.4 as-number 100
[PE2-bgp] peer 4.4.4.4 connect-interface loopback 1
# Enter the VPNv6 address family view and enable the exchange of the VPN IPv6 routing
information between the peers.
[PE2-bgp] ipv6-family vpnv6
[PE2-bgp-af-vpnv6] peer 4.4.4.4 enable
[PE2-bgp-af-vpnv6] quit
# Configure PE4.
# Specify PE2 as the IBGP peer. Configure the loopback interface to set up the IBGP connection.
[PE4] bgp 100
[PE4-bgp] peer 2.2.2.2 as-number 100
[PE4-bgp] peer 2.2.2.2 connect-interface loopback 1
# Enter the VPNv6 address family view and enable the exchange of the VPN IPv6 routing
information between the peers.
[PE4-bgp] ipv6-family vpnv6
[PE4-bgp-af-vpnv6] peer 2.2.2.2 enable
[PE4-bgp-af-vpnv6] quit
After the configuration, run the display bgp vpnv6 all peer command on a PE, and you can see
that the BGP peer relation between the PE and CE is in Established state.
<PE1> display bgp vpnv6 all peer
BGP local router ID : 1.1.1.1
Local AS number : 100
Total number of peers : 2 Peers in established state : 2
Step 7 On CE1, enable load balancing for the traffic from CE1 to CE2.
[CE1] bgp 65410
[CE1-bgp] ipv6-family unicast
[CE1-bgp-af-ipv6] maximum load-balancing 2
Step 8 Configure a routing policy. Increase the MED value of the BGP route advertised by PE3 to CE2
and ensure that the traffic from CE2 to CE1 can pass through PE4. PE3 functions as a backup.
[PE3] route-policy policy1 permit node 10
[PE3-route-policy] apply cost 120
[PE3-route-policy] quit
[PE3] bgp 100
[PE3-bgp] ipv6-family vpn6-instance vpn1
[PE3-bgp6-vpn1] peer 2003::1 route-policy policy1 export
*
NextHop : 2004::2 LocPrf :
MED : PrefVal : 0
Label :
Path/Ogn : 100 65410 ?
*
NextHop : 2003::2 LocPrf :
MED : 120 PrefVal : 0
Label :
Path/Ogn : 100 65410 ?
*
NextHop : 2003::2 LocPrf :
MED : 120 PrefVal : 0
Label :
Path/Ogn : 100 ?
*
NextHop : 2004::2 LocPrf :
MED : 0 PrefVal : 0
Label :
Path/Ogn : 100 ?
*
NextHop : 2003::2 LocPrf :
MED : 120 PrefVal : 0
Label :
Path/Ogn : 100 65410 ?
Run the display ipv6 routing-table command on CE2, and you can see the routes to the users
connected to the peer CE1. The next hop of the route is 2004::2, which is the IPv6 address of
the interface of PE4 connected to CE2.
<CE2> display ipv6 routing-table
Routing Table : Public
Destinations : 11 Routes : 11
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
ipv6
#
vlan batch 101 102 1001
#
interface Vlanif101
ipv6 enable
ipv6 address 2001::1/64
#
interface Vlanif102
ipv6 enable
ipv6 address 2002::1/64
#
interface Vlanif1001
ipv6 enable
ipv6 address 2005::1/64
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 101
port hybrid untagged vlan 101
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 102
port hybrid untagged vlan 102
#
interface GigabitEthernet3/0/0
port hybrid pvid vlan 1001
port hybrid untagged vlan 1001
#
bgp 65410
router-id 10.10.10.10
peer 2001::2 as-number 100
peer 2002::2 as-number 100
#
ipv6-family unicast
undo synchronization
import-route direct
maximum load-balancing 2
peer 2001::2 enable
peer 2002::2 enable
#
return
#
vlan batch 10 101
#
ipv6 vpn6-instance vpn1
route-distinguisher 100:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface Vlanif101
ipv6 enable
ipv6 binding vpn6-instance vpn1
ipv6 address 2001::2 64
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 101
port hybrid untagged vlan 101
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
#
ipv6-family vpnv6
policy vpn-target
peer 3.3.3.3 enable
#
ipv6-family vpn6-instance vpn1
peer 2001::1 as-number 65410
import-route direct
#
Return
l Configuration file of PE2
#
sysname PE2
#
ipv6
#
vlan batch 20 102
#
ipv6 vpn6-instance vpn1
route-distinguisher 100:2
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0003.0
#
interface Vlanif30
ip address 100.3.1.2 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface Vlanif 103
ipv6 enable
ipv6 binding vpn6-instance vpn1
ipv6 address 2003::2/64
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 103
port hybrid untagged vlan 103
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
ipv6-family vpnv6
policy vpn-target
peer 1.1.1.1 enable
#
ipv6-family vpn6-instance vpn1
peer 2003::1 as-number 65420
peer 2003::1 route-policy policy1 export
import-route direct
#
route-policy policy permit node 10
apply cost 120
#
return
l Configuration file of PE4
#
sysname PE4
#
ipv6
#
vlan batch 40 104
#
ipv6 vpn6-instance vpn1
route-distinguisher 100:4
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0004.00
#
interface Vlanif40
ip address 100.4.1.2 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface Vlanif 104
ipv6 binding vpn6-instance vpn1
ipv6 address 2004::2/64
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 104
port hybrid untagged vlan 104
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
isis enable 1
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
#
ipv6-family vpnv6
policy vpn-target
peer 2.2.2.2 enable
#
ipv6-family vpn6-instance vpn1
peer 2004::1 as-number 65420
import-route direct
#
Return
l Configuration file of CE2
#
sysname CE2
#
vlan batch 103 104 1002
#
interface Vlanif 103
ipv6 enable
ipv6 address 2003::1/64
#
interface Vlanif 104
ipv6 enable
ipv6 address 2004::1/64
#
interface Vlanif 1002
ipv6 enable
ipv6 address 2006::1/64
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 103
port hybrid untagged vlan 103
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 104
port hybrid untagged vlan 104
#
interface GigabitEthernet3/0/0
port hybrid pvid vlan 1002
port hybrid untagged vlan 1002
#
bgp 65420
router-id 20.20.20.20
peer 2003::2 as-number 100
peer 2004::2 as-number 100
#
ipv6-family unicast
undo synchronization
import-route direct
peer 2003::2 enable
peer 2004::2 enable
#
Return
Figure 4-7 Networking diagram for configuring the VPNv6 route reflector
Loopback1
2.2.2.9
GE1/0/0 GE2/0/0
100.1.2.2/24 100.2.3.1/24
RR1
VLAN 10 VLAN 20
AS100
PE1 PE2
GE1/0/0 GE1/0/0
Loopback1 100.1.2.1/24 100.2.3.2/24 Loopback1
1.1.1.9 3.3.3.9
GE2/0/0 GE2/0/0
2001::2/64 2002::2/64
VLAN 30 VLAN 40
GE1/0/0 GE1/0/0
2001::1/64 2002::1/64
CE1 CE2
AS 65410 AS 65420
As shown in Figure 4-7, PE1, PE2, and RR1 are located in AS100 on the backbone network.
CE1 and CE2 belong to VPNA. You need to configure RR as the router reflector.
Configuration Roadmap
The configuration roadmap is as follows:
1. Set up MP-IBGP connections between the PEs and RR so that the PEs do not need to set
up an MP-IBGP connection.
2. Set up EBGP connections between the PEs and CEs.
3. Set up an MPLS LSP on the public network and enable MPLS LDP on the devices and
interfaces along the LSP.
4. Configure RR to accept all the VPNv6 routing information without filtering the routing
information based on VPN targets. Then the RR can save all the VPN-IPv6 routes sent
from PE1 and PE2 and advertises the VPN-IPv6 routes to the PEs.
Data Preparation
To complete the configuration, you need the following data:
Configuration Procedure
1. Configure an IGP protocol on the MPLS backbone network to implement interworking of
devices along the LSP.
OSPF is used as the IGP protocol in this example. The configuration procedure is not
mentioned here.
NOTE
The address of the loopback interface, which functions as the LSR ID, must be advertised.
After the configuration, devices along the LSP can learn the address of the loopback
interface of each other.
Take the display on PE1 as an example.
<PE1> display ip routing-table
Routing Tables: Public
Destinations : 11 Routes : 11
Enable MPLS and MPLS LDP on the devices and interfaces along the LSP. The
configuration procedure is not mentioned here.
After the configuration, run the display mpls ldp session command, and you can see in
the display that the Session State item is Operational.
Take the display on PE1 and RR as an example:
<PE1> display mpls ldp session
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Active 0000:09:23 2253/2237
------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.
# Configure RR.
<RR> system-view
[RR] bgp 100
[RR-bgp] peer 1.1.1.9 as-number 100
[RR-bgp] peer 1.1.1.9 connect-interface loopback 1
[RR-bgp] peer 3.3.3.9 as-number 100
[RR-bgp] peer 3.3.3.9 connect-interface loopback 1
[RR-bgp] ipv6-family vpnv6
[RR-bgp-af-vpnv6] peer 1.1.1.9 enable
[RR-bgp-af-vpnv6] peer 3.3.3.9 enable
[RR-bgp-af-vpnv6] quit
[RR-bgp] quit
# Configure PE2.
The configuration of PE2 is similar to the configuration of PE1, and is not mentioned.
After the configuration, run the display bgp vpnv6 all peer command on the PEs, and you
can see that the IBGP peer relation is set up between the PEs and RR and is in Established
state. The EBGP relation is set up between the PE and CEs.
Take the display on PE1 and RR as an example.
<PE1> display bgp vpnv6 all peer
If CE1 and CE2 can ping each other, it indicates that the route reflection function is
configured successfully.
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
ipv6
#
vlan batch 10 30
#
ipv6 vpn6-instance VPNA
route-distinguisher 100:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface Vlanif10
ip address 100.1.2.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ipv6 enable
ipv6 binding vpn6-instance VPNA
ipv6 address 2001::2/64
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 30
port hybrid untagged vlan 30
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
#
ipv6-family vpnv6
policy vpn-target
peer 2.2.2.9 enable
#
ipv6-family vpn6-instance VPNA
peer 2001::1 as-number 65410
import-route direct
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 100.1.2.0 0.0.0.255
#
return
l Configuration file of RR
#
sysname RR
#
ipv6
#
vlan batch 10 20
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif10
ip address 100.1.2.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif20
ip address 100.2.3.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid untagged vlan 20
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 3.3.3.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
peer 3.3.3.9 enable
#
ipv6-family vpnv6
reflector cluster-id 100
undo policy vpn-target
peer 1.1.1.9 enable
peer 1.1.1.9 reflect-client
peer 3.3.3.9 enable
peer 3.3.3.9 reflect-client
#
ospf 1
area 0.0.0.0
network 100.1.2.0 0.0.0.255
network 100.2.3.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return
l Configuration file of PE2
#
sysname PE2
#
ipv6
#
vlan batch 20 40
#
ipv6 vpn6-instance VPNA
route-distinguisher 100:1
#
ipv6-family unicast
undo synchronization
peer 2001::2 enable
import-route direct
#
return
5 VLL Configuration
This chapter describes how to configure a VLL to transparently transmit data on the MPLS
network.
If the MPLS backbone network on which a Martini VLL is set up spans multiple ASs, you can
configure the Martini VLL to be an inter-AS Martini VLL.
5.8 Configuring the Inter-AS Kompella VLL
If the MPLS backbone network on which Kompella VLLs are configured spans multiple ASs,
and the Kompella VLLs are in a great number, you can adopt the multi-hop inter-AS solution.
5.9 Configuring VLL FRR
This section describes how to configure VLL Fast Re-route (FRR). After VLL FRR is
configured, the VLL traffic is switched to the secondary path if the primary path fails. If the
primary path recovers, the VLL traffic can be switched back to it according to the revertive
switching policy.
5.10 Maintaining VLL
This section describes how to maintain a VLL. Detailed operations include resetting the BGP
connection of the VLL, and monitoring the L2VPN running status.
5.11 Configuration Examples
Each configuration example consists of such information as the networking requirements,
configuration notes, and configuration roadmap.
Traditional VPNs are based on Asynchronous Transfer Mode (ATM) or Frame Relay (FR) ,
where different VPNs can share the network structure of carriers. Traditional VPNs have the
following disadvantages:
l Dependence on special media (such as ATM or FR): The carriers must establish ATM
networks or FR networks for ATM-based or FR-based VPNs across the country. This is a
waste of network construction.
l Complicated VPN structure: when a site is added to an existing VPN, it is necessary to
modify the configuration of all the edge nodes that access the VPN site.
To avoid the preceding disadvantages, new solutions are introduced. Virtual Leased Line (VLL)
based on Multiprotocol Label Switching (MPLS) L2VPN is one of the solutions.
NOTE
VLL in this chapter refers to VLL based on MPLS L2VPN, unless otherwise specified.
The VLL provides Layer 2 VPN services on the MPLS network. It allows the establishment of
L2VPNs on different media including VLAN, Ethernet. At the same time, the MPLS network
provides traditional IP services, MPLS L3VPN, traffic engineering and QoS.
The VLL transfers Layer 2 data of the user transparently on the MPLS network. An MPLS
network is a Layer 2 switching network on which used to establish Layer 2 connections are
established between nodes.
l High scalability: The VLL establishes layer 2 link relationships. It does not import and
manage the routing information of the user. It significantly reduces the load of the PE device
and SP network. This enables the carrier to support more VPNs and more users.
l Reliability and guaranteed security of private routing information: The VLL cannot obtain
and process VPN routing information because it is not imported.
l Support for network layer protocols such as IP, IPX, and SNA.
AC VC AC
Tunnel
CE PE MPLS Network PE CE
l Attachment Circuit (AC) : AC is an independent link or circuit that connects CE and PE.
The AC interface may be a physical interface or a logical interface. The AC attributes
include the encapsulation type, MTU and interface parameters of specified link type.
l Virtual Circuit (VC) : It refers to a kind of logical connection between two PEs.
l Tunnel (Network Tunnel) : It transmits the user data transparently.
Through the label stack, VLL can realize the transparent transmission of user datagram in an
MPLS network.
l Outer label: The label, which is also called tunnel label, is used in transferring packets from
one PE to another.
l Inner label: The label, which is also called VC label in VLL, is used to identify different
links between VPNs. The PE on the receiver side transfers packets to the corresponding
CE according to the VC label.
Figure 5-2 shows the packet label change in the forwarding process.
Figure 5-2 shows the Layer 2 Protocol Data Unit (PDU) that is the link layer packet.
Here, T represents Tunnel label; V represents VC label; T' indicates that the outer label is
substituted in the forwarding process.
CCC VLL
The Circuit Cross Connect (CCC) implements the VLL by static configuration.
Unlike common VLL, the CCC adopts one label to transfer user data, so it uses the LSP
exclusively. These LSPs can only be used to transfer the data of this CCC link, and cannot be
used in other VLL links, BGP/MPLS VPN, or used to transfer common IP packets.
The two types of CCC connection are as follows:
l Local connection: refers to the connection between two local CEs. The two CEs are
connected to the same PE. Similar to a layer 2 switch, PE can directly transport packets
without configuring static LSP.
l Remote connection: refers to the connection between local CE and remote CE. The two
CEs are on different PEs. In this case, static LSP configuration is needed to transfer packets
from one PE to another PE. Configuration command is run on the PE to map the static LSP
to the CCC connection.
SVC VLL
The SVC implements VLL through static configuration. The SVC transfers L2VPN information
without using the signaling protocols. The VC label needs to be configured manually.
While creating the static L2VC connection of SVC, specify the tunnel type (LDP LSP or CR-
LSP) by configuring the tunnel policy.
The SVC supports inter-AS L2VPN in multi-hop mode. It does not support local connection.
NOTE
The incoming label of the CCC and receive label of the SVC all range from 16 to 1023. They are in the
same label space with those reserved for static LSPs. The outgoing label of CCC and the transmit label of
SVC, however, ranges from 0 to 1048575 because it is for intercommunication.
Martini VLL
The Martini mode implements the L2VPN by setting up a point-to-point link. It takes LDP as
the signaling protocol to transfer Layer 2 information and VC labels.
The Martini VLL adopts VC-type plus VC-ID to identify a VC between two CEs.
l VC-type: indicates the type of the VC, such as Ethernet and VLAN.
l VC-ID: A VC ID and a VC type uniquely identify a VC on a PE.
The PEs connecting two CEs exchange VC labels through LDP, and bind the corresponding CE
by VC-ID.
A VC is set up when all the following conditions are satisfied:
l The tunnel between the two PEs is successfully created.
l The label exchange and the binding with CE are completed.
l The state of the two interfaces of AC is Up.
In order to exchange VC labels between PEs, the Martini extends LDP by adding the FEC type
in the VC FEC. For remote connections, the two PEs that exchange the VC label cannot be
directly connected; therefore, the remote LDP session must be set up to convey the VC FEC and
the VC label.
Martini supports inter-AS L2VPN in multi-hop mode. However, it does not support local
connection.
Kompella VLL
The Kompella mode takes BGP as the signaling protocol to transfer Layer 2 information and
VC labels. It realizes the L2VPN by means of end-to-end (CE to CE) in the MPLS network.
The Kompella VLL is different from Martini. That is, it does not operate on the connection
between the CEs directly. It allocates different VPNs in the whole SP network and encodes each
CE in the VPN. Similar to BGP/MPLS VPN, the Kompella VLL uses VPN targets to identify
different VPNs that make the VPN networking more flexible.
To connect two CEs, you need to configure the local CE ID and remote CE ID on the PE.
The Kompella supports both local and remote connections. It supports inter-AS L2VPN in the
following two modes:
l Multi-hop mode: adopts routes with BGP label.
l MP-EBGP mode: saves label block on the ASBR.
The Kompella VLL adopts the label block to allocate the labels. Through the label blocks, labels
can be allocated to connections at the same time.
Users specify the local CE range that indicates the number of CEs that can be connected with
this CE. The PE assigns a label block for this CE. The size of the label block is equal to the CE
range. In this manner, the users can reserve some extra labels for the VPN for future use. On a
short term basis, it is a waste of label resources, but it reduces the workload of VPN deployment
and configuration in expansion.
Suppose an enterprise VPN has 10 CEs and the number may increase to 20 due to its service
expansion in future. The CE range of each CE can be set to 20 to meet future expansion. If the
VPN adds nodes in the future, it is necessary to modify the configuration of the PE that is directly
connected with the new CE, without modifying other PEs.
Inter-AS VLL
The realization of an inter-AS VLL depends on the actual environment. In CCC mode, the label
is of single layer. Therefore, the inter-AS can be realized after the static LSP is set up between
the ASBRs.
SVC, Martini and Kompella modes can realize the inter-AS Option A (VRF-to-VRF) . In the
L2VPN networking, the link type between the ASBRs and that of the VC must be the same. In
the inter-AS Option A, each ASBR must reserve a sub-interface for each inter-AS VC. If the
number of the inter-AS VCs is small, the Option A can be adopted. Compared with the L3VPN,
the inter-AS Option A of the L2VPN consume more resources,so it is not recommended.
Option C is a better solution. The SP network devices need only set up the outer tunnel on the
PEs of different ASs. The ASBR need not maintain information about the inter-AS L2VPN. The
ASBR also need not reserve interfaces for the inter-AS L2VPN. L2VPN information is
exchanged only between PesPEs only. The exchange requires a low consumption of resources,
and the configuration workload does not increase.
The S7700 does not support Option C.
Access Mode
When configuring a VLL, you need to configure the interface (that is, AC interface) connecting
the PE to the CE.
On the S7700, a VLL supports the following interfaces to be configured as AC interfaces:
l XGE interfaces
l XGE sub-interfaces
l GE interfaces
l GE sub-interfaces
l Ethernet interfaces
l Ethernet sub-interfaces
l Eth-Trunk interfaces
l Eth-Trunk sub-interfaces
l VLANIF interfaces
The sub-interfaces can be dotlq sub-interfaces, QinQ sub-interfaces, VLAN mapping sub-
interfaces, or VLAN stacking sub-interfaces.
When XGE, GE, Ethernet, or Eth-Trunk interfaces are used as AC interfaces, the outer tags
carried in the packets sent from the AC to the PW are C tags (inserted by customer devices,
which are meaningless to the SP) by default.
When sub-interfaces or VLANIF interfaces are used as AC interfaces, the outer tags carried in
the packets sent from the AC to the PW are S tags (inserted by SP devices, which are usually
used to differentiate user traffic) by default.
NOTE
l Only VLANIF interfaces can function as the AC interfaces for VLL connections in CCC mode.
l By default, physical interfaces on the S7700 are Layer 2 interfaces. When using XGE, GE, Ethernet,
or Eth-Trunk interfaces on the S7700 as AC interfaces, you need to run the undo portswitch command
to switch Layer 2 interfaces to Layer 3 interfaces.
l When using GE, XGE, Ethernet, or Eth-Trunk interfaces as AC interfaces, ensure that these interfaces
do not contain any sub-interfaces.
For details on how to access the VLL through a sub-interface, see Connecting Sub-interfaces to
a VLL Network in the Quidway S7700 Smart Routing Switch Configuration Guide -
Ethernet.
Table 5-1 Processing VLAN tags carried in packets from the AC by the PW
PW Encapsulation Type Processing of the VLAN Tag
Table 5-2 Processing VLAN tags carried in packets from the PW by the AC
AC Interface Type Processing of the VLAN Tag
NOTE
When VLL or VPLS is deployed on the F48CEAT, G48SFA, or G48TFA, if the PVID on the outbound
interface is the same as the VLAN ID of the packets, the interface removes the VLAN tag from the packet;
otherwise, the VLAN tag is not removed.
VLL FRR
With the wide applications of VLLs, the requirement for the reliability of VLLs becomes
increasingly high, especially for L2VPNs that carry real-time services such as VoIP and IPTV.
Virtual Lease Line Fast Reroute (VLL FRR) is one of the solutions to increasing the reliability
of L2VPNs.
VLL FRR is mainly used in the following networking mode:
P1 PE2
PE1
PE3 Site2
Site1 P2
GR
The VLL in Martini mode supports graceful restart (GR). In this manner, after the device
performs the switchover, the VC labels remain unchanged. During the switchover, the VC keeps
Up. The packet forwarding on the VC is not affected by the switchover.
Applicable Environment
CCC is applicable to the small-sized MPLS networks that has simple topology. CCC needs to
be configured manually. CCC does not need signaling negotiation or packet interaction. The
resource consumption is low and the configuration is simple. However, CCC is not easy to be
maintained and the extensibility is poor.
You need to configure interface connecting the PE to the CE (namely the AC interface) before
configuring a CCC.
NOTE
On an S7700, only the VLANIF interface can be configured as the AC interface of CCC connection.
Pre-configuration Tasks
Before configuring the CCC VLL, complete the following task:
l Configuring the basic MPLS capability on the MPLS backbone network (PEs and P)
Data Preparation
To configure the CCC VLL, you need the following data.
No. Data
3 Local CCC connection: the types and numbers of the incoming and outgoing
interfaces
4 Remote CCC connection: the type and number of the incoming interface, the IP
address of the next-hop or the type and number of the outgoing interface
Choose 5.3.3 Creating a Local CCC Connection or 5.3.4 Creating a Remote CCC
Connection according to the required connection type.
Context
Do as follows on the PEs of the two ends of the VC:
Procedure
Step 1 Run:
system-view
----End
Context
The local CCC connection is bidirectional, and thus only one connection is required.
Do as follows on the PEs:
Procedure
Step 1 Run:
system-view
----End
Follow-up Procedure
After the configuration mentioned above on the PE, a local CCC connection is created.
Procedure
l Configuring the PE
Do as follows on the PEs of the two ends of the VC:
1. Run:
system-view
Prerequisite
The configurations of the CCC VLL function are complete.
Procedure
l Run the display vll ccc [ ccc-name | type { local | remote } ] command to check the CCC
connection information.
l Run the display l2vpn ccc-interface vc-type ccc [ down | up ] command to check the
interface information of the CCC connection.
----End
Example
Run the display vll ccc command. You can find that the status of the CCC VC is Up. For example:
Information about the local connection is as follows:
<Quidway> display vll ccc
total ccc vc : 1
local ccc vc : 1, 1 up
remote ccc vc : 0, 0 up
name: CE1-CE2, type: local, state: up,
intf1: Vlanif10 (up), intf2: Vlanif20 (up)
VC last up time : 2008/07/24 12:31:31
VC total up time: 0 days, 2 hours, 12 minutes, 51 seconds
total ccc vc : 1;
local ccc vc : 0, 0 up
remote ccc vc : 1, 1 up
name: CE1-CE2, type: remote, state: up,
intf: vlanif11 (up), in-label: 100 , out-label: 200 , nexthop: 10.1.1.1
VC last up time : 2008/07/24 12:31:31
VC total up time: 0 days, 2 hours, 12 minutes, 51 seconds
Run the display l2vpn ccc-interface vc-type ccc command. You can find that the VC type is
CCC and the VC status is Up. For example:
<Quidway> display l2vpn ccc-interface vc-type ccc
Total ccc-interface of CCC : 1
up (1), down (0)
Interface Encap Type State VC Type
Vlanif11 ethernet up ccc
Applicable Environment
The setup process of the SVC outer label (public network tunnel) is the same as that of the
Martini. Inner label is manually specified, without the signaling transmission of the VC label,
during the VC configuration.
The SVC does not use signaling protocols to transfer L2VPN information. Packets are
transported between the PEs through tunnels.
The SVC supports multiple types of tunnels such as LDP LSP and CR-LSP. By default, the LDP
LSP tunnel is used.
Pre-configuration Tasks
Before configuring SVC VLL, you need to complete the following tasks:
l Configuring the static route or IGP for the MPLS backbone network (PE and P) to
implement IP connectivity
l Enabling the MPLS for PEs
l Establishing a tunnel between PEs according to the tunnel policy
Data Preparation
To configure the SVC VLL, you need the following data.
No. Data
Context
Do as follows on the PEs of the two ends of the VC:
Procedure
Step 1 Run:
system-view
----End
Procedure
Step 1 Run:
system-view
NOTE
To use an XGE interface, a GE interface, an Ethernet interface, or an Eth-Trunk interface of the S7700 as
the AC interface of the PE, you need to perform step 3 to configure the Layer 2 interface as a Layer 3
interface.
Step 4 Run:
mpls static-l2vc destination ip-address transmit-vpn-label transmit-label-value
receive-vpn-label receive-label-value [ tunnel-policy tnl-policy-name | [ control-
word | no-control-word ] | [ raw | tagged ] ] *
----End
Prerequisite
The configurations of the SVC VLL function are complete.
Procedure
l Run the display mpls static-l2vc [ interface interface-type interface-number ] command
to check the SVC L2VPN connection information on the PE.
l Run the display l2vpn ccc-interface vc-type static-vc [ down | up ] command to check
the interface information of the SVC connections in Up/Down state.
----End
Example
Run the display mpls static-l2vc command. You can find that the VC status is Up. For example:
<Quidway> display mpls static-l2vc
Total svc connections: 1, 1 up, 0 down
*Client Interface : Vlanif10 is up
AC Status : up
VC State : up
VC ID : 0
VC Type : VLAN
Destination : 3.3.3.9
Transmit VC Label : 100
Receive VC Label : 200
Control Word : Disable
VCCV Capability : alert lsp-ping bfd
Tunnel Policy Name : --
Traffic Behavior : --
PW Template Name : --
Main or Secondary : Main
Create time : 0 days, 0 hours, 6 minutes, 44 seconds
UP time : 0 days, 0 hours, 6 minutes, 44 seconds
Last change time : 0 days, 0 hours, 6 minutes, 44 seconds
VC last up time : 2010/07/24 12:31:31
VC total up time : 0 days, 2 hours, 12 minutes, 51 seconds
CKey : 16
NKey : 15
Run the display l2vpn ccc-interface vc-type static-vc up command. You can find that the VC
type is SVC and the status is Up. For example:
Applicable Environment
In Martini mode, double-layer labels are adopted. The inner label uses the extended LDP as the
signaling protocol to transmit the Layer 2 information and the VC label.
In Martini mode, an LSP between two PEs can be shared by multiple VCs. Information about
the VC label and LSP is stored only on the PE devices. The P devices do not store any Layer 2
VPN information. Therefore, Martini mode features excellent extensibility. When a new VC is
needed, you only need to configure a unidirectional VC on each PE device of the two ends. The
network operation is not affected.
Pre-configuration Tasks
Before configuring Martini VLL, you need to complete the following tasks:
l Configuring the static route or IGP for the MPLS backbone network (PE or P) to implement
IP connectivity
l Enabling basic MPLS functions on PEs and Ps.
l Establishing an LDP session between PEs which are connected directly, or establishing a
remote LDP session between PEs which are connected indirectly
l Establishing a CR-LSP or LDP LSP tunnel between PEs according to the tunnel policy
Data Preparation
To configure Martini VLL, you need the following data.
No. Data
3 Tunnel policy
Context
Do as follows on the PEs of the two ends of the VC:
Procedure
Step 1 Run:
system-view
Step 2 Run:
mpls l2vpn
----End
Context
Do as follows on the PEs on the two ends of the VC.
Procedure
Step 1 Run:
system-view
Step 2 Run:
mpls l2vpn
Step 3 Run:
mpls l2vpn default martini
NOTE
l By default, the S7700 uses pseudo wire emulation edge-to-edge (PWE3) mode. The PWE3 mode can
use Notification messages to negotiate the PW status. The Martini mode, however, does not support
Notification messages. For details about Notification messages, see the chapter 6.1 Introduction to
PWE3.
l If the peer PE does not support Notification messages, you need to set the mode to Martini by using
the mpls l2vpn default martini command.
l Before using the mpls l2vpn default martini command to enable the Martini mode that does not
support Notification messages, delete the VC configuration related to notification messages, including
the PWE3 configuration and VSI configuration.
Step 4 Run:
quit
NOTE
To use an XGE interface, a GE interface, an Ethernet interface, or an Eth-Trunk interface of the S7700 as
the AC interface of the PE, you need to run undo portswitch to configure the Layer 2 interface as a Layer
3 interface.
Step 7 Run:
mpls l2vc { ip-address | pw-template pw-template-name } * vc-id [ group-id group-
id | tunnel-policy policy-name | [ control-word | no-control-word ] | [ raw |
tagged ] | mtu mtu-value | secondary ] *
NOTE
The raw and tagged parameters are available only for Ethernet links.
The Martini L2VC requires the VC IDs of the VCs of the same encapsulation type on a PE to
be unique. The change of the encapsulation type may cause collision of VC IDs.
----End
Prerequisite
The configurations of the Martini VLL function are complete.
Procedure
l Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command
to check the Martini VLL connection information on the local PE.
l Run the display mpls l2vc remote-info [ vc-id ] command to check the peer Martini VLL
connection information on the local PE.
----End
Example
Run the display mpls l2vc command. You can find that destination is the peer IP address of
the specified VC and VC state is up. For example:
Run the display mpls l2vc remote-info command. You can find that the peer address is the peer
address of the specified VC. For example:
<Quidway> display mpls l2vc remote-info
Total remote ldp vc : 1
Transport Group Peer Remote Remote C MTU/ N S
VC ID ID Addr Encap VC Label Bit CELLS Bit Bit
101 0 3.3.3.9 vlan 2355223552 0 1500 0 0
Applicable Environment
The Kompella VLL uses BGP as the signaling protocol to transfer L2VPN information between
PEs.
Similar to BGP/MPLS VPN, Kompella mode uses the VPN target to control the receiving and
sending of the VPN routes. This brings about great flexibility.
The Kompella mode adopts the label block. Each CE is allocated with a label block that decides
this CE can set up how many connections with other CEs. This permits some additional label to
the VPN for the future extensibility. The PEs calculate the inner label according to the label
block.
The Kompella mode supports the local and the remote connection and inter-AS Kompella VLL
Option A.
Pre-configuration Tasks
Before configuring Kompella VLL, complete the following tasks:
l Configuring the static route or IGP for the MPLS backbone network (PE and P) to
implement IP connectivity
l Enabling MPLS for the PE and P
l Establishing tunnels (CR-LSP or LSP) between PEs according to the tunnel policy
NOTE
For the local connection, the IGP and LDP configurations are not required.
Data Preparation
To configure Kompella VLL, you need the following data.
No. Data
4 CE offset
Context
Do as follows on the PEs of the two ends of the VC:
Procedure
Step 1 Run:
system-view
Step 2 Run:
mpls l2vpn
----End
Context
For local connection, the configuration in this section is not required.
Do as follows on the PEs of the two ends of the VC:
Procedure
Step 1 Run:
system-view
----End
Context
Do as follows on the PEs of the two ends of the VC:
Procedure
Step 1 Run:
system-view
----End
Procedure
Step 1 Run:
system-view
A CE connection is created.
NOTE
All Kompella L2VPN instances and VPLS VSI instances of a device share one label block; therefore, the
sum of the ranges of all Kompella L2VPN instances and VPLS VSI instances cannot exceed the size of
the label block. If the size exceeds the limit, the system prompts that the labels cannot be obtained because
the required labels exceed the upper limit; thus, allocation of a site ID to a VSI or creation of a CE fails.
To use an XGE interface, a GE interface, an Ethernet interface, or an Eth-Trunk interface of the S7700 as
the AC interface of the PE, you need to perform undo portswitch to configure the Layer 2 interface as a
Layer 3 interface before you run connection command.
----End
Context
To manage L2VPN label blocks, BGP defines a BGP L2VPN sub-address family view.
This section generalizes BGP configurations related to Kompella L2VPN. For the applications
of each configuration, refer to the related sections.
Procedure
l Configuring BGP L2VPN Route Attributes
NOTE
BGP L2VPN uses the TCP connection the same as the common BGP, and most BGP L2VPN features
inherit the common BGP configurations. You need to enable the capability of exchanging L2VPN
label blocks between BGP peers in the BGP L2VPN sub-address family view because L2VPN label
blocks need to be exchanged.
l Configuring the PE to Establish MP-IBGP Connections with the Peer Group
Add all the client PEs to a peer group and establish an MP-IBGP connection with the peer
group.
Do as follows on the PE:
1. Run:
system-view
The capability of exchanging IPv4 VPN routes between the RR and the peer group is
enabled.
8. Run:
peer ip-address group group-name
The filtering of L2VPN label blocks based on the VPN target is disabled.
6. (Optional) Run:
rr-filter extcomm-filter-number
Prerequisite
The configurations of the Kompella VLL function are complete.
Procedure
l Run the display bgp l2vpn { all | group [ group-name ] | peer [ [ peer-ip-address ]
verbose ] | route-distinguisher route-distinguisher [ ce-id ce-id [ label-offset label-
offset ] ] } command to check the BGP information of the Kompella VLL.
l Run the display mpls l2vpn connection [ vpn-name [ remote-ce ce-id | down | up |
verbose ] | summary | interface interface-type interface-number ] command to check the
connection information of the Kompella VLL.
l Run the display mpls l2vpn [ l2vpn-name [ local-ce | remote-ce ] ] command to check the
VLL information on PE.
l Run the display mpls l2vpn { export-route-target-list | import-route-target-list }
command to check the route target list of the L2VPN.
----End
Example
Run the display bgp l2vpn command. You can find that nexthop is the peer address of the VC,
route-distinguisher of the L2VPN is correct, and the label allocation is complete. For example:
<Quidway> display bgp l2vpn all
BGP Local router ID : 1.1.1.9, local AS number : 100
Origin codes:i - IGP, e - EGP, ? - incomplete
bgp.l2vpn: 1 destination
Route Distinguisher: 100:1
CE ID Label Offset Label Base nexthop pref as-path
2 0 35850 6.6.6.6 100
Run the display mpls l2vpn connection command. You can find that VPN name is correctly
configured, status of the connection is up, and route-distinguisher is correctly configured. For
example:
<Quidway> display mpls l2vpn connection
1 total connections,
connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown
CE name: ce1, id: 1,
Rid type status peer-id route-distinguisher interface
primary or not
----------------------------------------------------------------------------
2 rmt up 3.3.3.9 100:1 GigabitEthernet1/0/0.1
primary
Run the display mpls l2vpn [ l2vpn-name [ local-ce | remote-ce ] ] command. You can find
that route-distinguisher and L2VPN route targets are correctly configured. For example:
<Quidway> display mpls l2vpn vpn1
VPN name: vpn1, encap type: vlan, local ce number(s): 1, remote ce number(s): 1
route distinguisher: 100:1, MTU: 1500
import vpn target: 1:1,
export vpn target: 1:1,
Applicable Environment
If the MPLS backbone network bearing the Martini VLL spans multiple ASs, you must configure
the inter-AS Martini VLL.
There are two solutions to the inter-AS Martini VLL:
l Inter-AS Option A: This solution can be easily implemented. When the number of inter-
AS Martini VLLs on ASBRs is small, Option A is recommended.
l Inter-AS Option C: In this solution, ASBRs do not need to create or maintain VCs. When
each AS has a large number of Martini L2VPN routes to be exchanged, Option C can be
used to prevent the ASBR from hindering the network extension.
S7700 does not support Option C.
Pre-configuration Tasks
Before configuring the inter-AS Martini VLL, complete the following tasks:
l Configuring static routes or IGP on the PE or P devices in the MPLS backbone network of
ASs to implement the IP connectivity of the backbone network devices in the same AS
l Configuring the basic MPLS capability on the MPLS backbone network of each AS
l Configuring MPLS LDP and establishing LDP LSP for the MPLS backbone of each AS
Data Preparation
To configure the inter-AS Martini VLL, you need the following data.
No. Data
No. Data
2 Number of each AS
Context
To configure inter-AS Martini VLL Option A, see 5.5.3 Creating a Martini VLL
Connection.
NOTE
Prerequisite
The configurations of the Inter-AS Martini VLL function are complete.
Procedure
l Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command
to check information about the local PW on the PE.
l Run the display mpls l2vc remote-info [ vc-id ] command to check information about the
remote PW on the PE.
----End
Example
Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command. You
can see that VC State is up. For example:
<Quidway> display mpls l2vc interface Vlanif 802
*client interface : Vlanif802 is up
Administrator PW : no
session state : up
AC state : up
VC state : up
VC ID : 11
VC type : VLAN
destination : 11.11.11.11
local group ID : 0 remote group ID : 0
local VC label : 23552 remote VC label :
23552
local AC OAM State : up
local PSN State : up
local forwarding state : not forwarding
local status code : 0x1
BFD for PW : unavailable
manual fault : not set
active state : active
forwarding entry : not exist
link state : down
local VC MTU : 1500 remote VC MTU : 0
local VCCV : alert lsp-ping bfd
remote VCCV : none
local control word : disable remote control word : none
tunnel policy name : --
traffic behavior name : --
PW template name : --
primary or secondary : primary
VC tunnel/token info : 0 tunnels/tokens
NO.0 TNL Type : lsp , TNL ID : 0x202000
create time : 0 days, 16 hours, 21 minutes, 17 seconds
up time : 0 days, 0 hours, 0 minutes, 0 seconds
last change time : 0 days, 16 hours, 21 minutes, 17 seconds
VC last up time : 2008-07-24 12:31:31
VC total up time : 0 days, 0 hours, 0 minutes, 0 seconds
CKey : 21
NKey : 20
PW redundancy mode : --
AdminPw interface : --
AdminPw link state : --
Run the display mpls l2vc remote-info command. You can find that Peer Addr is the peer
address of the specified VC. For example:
<Quidway> display mpls l2vc remote-info
Total remote ldp vc : 1
Transport Group Peer Remote Remote C MTU/ N S
VC ID ID Addr Encap VC Label Bit CELLS Bit Bit
100 0 3.3.3.9 vlan 23552 0 1500 1 0
Applicable Environment
If the MPLS backbone network of the Kompella VLL covers multiple ASs, you must configure
the inter-AS Kompella VLL.
l Inter-AS VPN-Option A
If the number of VPNs and VPN routes on the PE is small, the inter-AS VPN Option A
scheme can be used. When this scheme is used, the ASBR must support VPN instances
and can manage VPN routes. In addition, the ASBR must provide a dedicated interface for
each inter-AS VPN. The interface can be a sub-interface, physical interface, or logical
interface. Therefore, this scheme puts high requirement on the performance of the ASBR.
The ASBR, however, does not need any inter-AS configuration.
l Inter-AS VPN Option C
If each AS has a large number of VPN routes to be exchanged, the VPN Option C can be
used to prevent the ASBR from becoming a bottleneck of the network. If this scheme is
adopted, the VPN routes are exchanged between the ingress PE and egress PE directly, and
are not forwarded or stored by the intermediate devices. This scheme is applicable to the
scenario of load balancing in the MPLS VPN.
S7700 does not support Option C.
Pre-configuration Tasks
Before configuring the inter-AS Kompella VLL, complete the following tasks:
l Configuring static routes or IGP on the PE or P devices in the MPLS backbone network of
the ASs to implement IP networking of the backbone network devices in the same AS
l Configuring the basic MPLS capacity on the MPLS backbone network of each AS
l Configuring MPLS LDP and establishing LDP LSP for the MPLS backbone of each AS
Data Preparation
To configure the inter-AS Kompella VLL, you need the following data.
No. Data
2 Number of each AS
Context
To configure inter-AS Kompella VLL Option A, see 5.6 Configuring Kompella VLL.
NOTE
l Configuring the ASBR of the remote end as the CE of the local end
l You do not need to perform inter-AS related configurations on the ASBR or to configure the IP
addresses on the ASBR interfaces that directly connect ASBRs.
Prerequisite
The configurations of the Inter-AS Kompella VLL function are complete.
Procedure
l Run the display bgp l2vpn { all | group [ group-name ] | peer [ [ peer-ip-address ]
verbose ] | route-distinguisher route-distinguisher [ ce-id ce-id [ label-offset label-
offset ] ] } command to check BGP information about a Kompella VLL.
l Run the display mpls l2vpn connection [ vpn-name [ remote-ce ce-id | down | up |
verbose ] | summary | interface interface-type interface-number ] command to check
information about the Kompella VLLs.
l Run the display mpls l2vpn [ l2vpn-name [ local-ce | remote-ce ] ] command to check
L2VPN information about a PE.
l Run the display mpls l2vpn { export-route-target-list | import-route-target-list }
command to check the route target list of an L2VPN.
----End
Example
Run the display bgp l2vpn command. You can find that Nexthop is the peer address of the VC,
route-distinguisher of the L2VPN is correct, and the label allocation is complete. For example:
<Quidway> display bgp l2vpn all
BGP Local router ID : 1.1.1.9, local AS number : 100
Origin codes:i - IGP, e - EGP, ? - incomplete
bgp.l2vpn: 1 destination
Route Distinguisher: 100:1
CE ID Label Offset Label Base nexthop pref as-path
2 0 35850 3.3.3.9 0 100
Run the display mpls l2vpn connection command. You can find that VPN name is correctly
configured, Status of the connection is up, and route-distinguisher is correctly configured. For
example:
<Quidway> display mpls l2vpn connection
1 total connections,
connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown
VPN name: vpn1,
1 total connections,
connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown
CE name: ce1, id: 1,
Rid type status peer-id route-distinguisher interface
primary or not
----------------------------------------------------------------------------
1 rmt up 6.6.6.6 1:1 Vlanif222
primary
Run the display mpls l2vpn [ l2vpn-name [ local-ce | remote-ce ] ] command. You can find
that route-distinguisher and L2VPN route targets are correctly configured. For example:
<Quidway> display mpls l2vpn vpn1
VPN name: vpn1, encap type: vlan, local ce number(s): 1, remote ce number(s): 1
NOTE
For asymmetrically connected CEs, the primary and secondary IP addresses need to be configured on the
interface connecting the CE to the PE through a single link. When the master path is available, the CE uses
the primary IP address to communicate with the remote CE. When a fault occurs on the master path, the
local CE communicates with the remote CE by using the secondary IP address.
Pre-configuration Tasks
Before configuring VPN FRR, complete the following tasks:
l Configuring a PW on each of the master path and backup path for the networking where
CEs are asymmetrically connected to PEs (The types of PWs on the master path and backup
path must be the same.)
l Configuring CEs to exchange routing information by using routing protocols or static routes
NOTE
To configure a Martini VLL or PWE3 for VLL FRR, you must use the PW template to configure a PW,
enable the control word in the PW template.
In the networking where CEs are asymmetrically connected to PEs, the backup PW cannot transmit data
when the master path and backup path work normally. If the AC interface of the backup PW borrows the
IP address of the AC interface of the master PW, the following situations occur:
l The policy of none revertive switchover cannot be configured.
l The local CE has two equal-cost and direct routes to the remote CE. The destination addresses and next
hops of the two routes are the same. Actually, the route that passes through the backup PW is invalid.
l If CEs exchange routing information by using routing protocols, you need to modify the cost or metric
of the AC interface of the backup path to be greater than that of the AC interface of the master path.
The local CE cannot communicate with the peer CE, but can communicate with other user devices.
l If CEs use static routes to exchange routing information, you need to modify the preference of the
backup route to be lower than that of the primary route (the greater the value, the lower the preference)
by using the ip route-static dest-ip-address mask out-interface preference preference-value
command.
Data Preparation
To configure VLL FRR, you need the following data.
No. Data
1 Delay for revertively switching traffic when faults are cleared and the delay for
advertising fault recovery (by default, the delay for revertively switching traffic is 30
seconds and the delay for advertising fault recovery is 10 seconds.)
Context
l In the networking where CEs are asymmetrically connected to PEs, you need to configure
master and backup PWs. The master and backup PWs must be of the same type.
NOTE
VLL FRR supports only LDP PWs and BGP PWs, that is, Martini VLL and Kompella VLL.
When using XGE, GE, Ethernet, or Eth-Trunk interfaces as AC interfaces, you need to run the undo
portswitch command in the current interface view before configuring master and backup PWs.
Procedure
l LDP PW
1. Run:
system-view
2. Run:
mpls l2vpn
NOTE
Before using the mpls l2vpn default martini command to set the behavior of the dynamic VC
signaling to non-Notification mode, you need to delete the configurations of VCs (including
PWE3 VCs and VPLS VCs) that support the Notification signaling.
4. Run:
quit
NOTE
Before using a PW template to create a PW, you need to configure a PW template. For details,
refer to 6.3 Configuring the Attributes of a PW Template.
7. (Optional) Run:
mpls l2vc { ip-address | pw-template pw-template-name } * vc-id [ group-
id group-id | tunnel-policy policy-name | [ control-word | no-control-
word ] | [ raw | tagged ] | mtu mtu-value ] * secondary
NOTE
l Both master and backup PWs need to be configured on the PE to which a CE is single-
homed. Only the master PW needs to be configured on the PE to which a CE is dual-homed.
l Master and backup PWs must have different VC IDs.
l The control word configuration on the primary and secondary PWs must be the same.
Otherwise, lots of packets will be lost after the primary/secondary PW switchover.
l BGP PW
1. 5.6.2 Enabling MPLS L2VPN.
2. 5.6.3 Configuring BGP/MPLS L2VPN.
3. 5.6.4 Configuring a VPN.
NOTE
After this step, the system enters the MPLS-L2VPN instance view, and then you can perform
Step 4. Otherwise, you need to run the mpls l2vpn l2vpn-name command to enter the MPLS-
L2VPN instance view.
4. Run:
ce ce-name id ce-id [ range ce-range ] [ default-offset ce-offset ]
NOTE
----End
Context
The S7700 supports physical layer fault notification, which can be configured only on the
Ethernet main interface.
Configure physical layer fault notification on the PE.
Procedure
Step 1 Run:
system-view
----End
Context
BFD for PW, which speeds up fault detection, is recommended.
Static BFD for PW or dynamic BFD for PW can be configured on PEs. For detailed
configuration, see the following sections:
Example
NOTE
l BFD for PW must be configured or deleted on the PEs at the both ends of a PW simultaneously.
Otherwise, the PW statuses on the two PEs are different.
l To detect statuses of the tunnels that carry PWs, you can configure BFD for tunnels. For detailed
configuration, refer to the chapters "Basic MPLS Configuration" and "MPLS TE Configuration" in the
Quidway S7700 Smart Routing Switch Configuration Guide - MPLS.
Context
When CEs are connected to PEs asymmetrically, do as follows on the PE (where traffic is
switched) to which a CE is connected through a single link:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
mpls l2vpn reroute { { delay delay-time | immediately } [ resume resume-time ] |
never }
l Immediate revertive switchover: The local PE immediately switches traffic to the master PW
and notifies the fault to the remote PE of the backup PW. The PE notifies the rectification
of the fault to the remote PE of the backup PW after the period of resume-time.
l Delayed revertive switchover: The PE switches traffic to the master PW after the period of
delay-time.
l None revertive switchover: The PE does not switch traffic to the master PW until the backup
PW is faulty.
For an asymmetric networking, in which ACs are of the Ethernet type, note the following:
l If the remote shutdown function is configured on the interface of a PE that connects a CE,
you are recommended not to use the policy of immediate revertive switchover, which may
lead to network flapping and traffic loss. On the other hand, you can use the policy of delayed
revertive switchover to set delay-time equal to or more than 30 seconds.
l If the Ethernet OAM function is configured on the interface of a PE that connects a CE, and
a revertive switchover policy is also configured, you cannot set resume-time to be 0 seconds,
but be equal to or longer than one second.
----End
Example
Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command, and
you can see that the status of the master and backup PWs is Up, the VC status of the master PW
is active, and VC status of the backup PW is inactive. The following is an example:
<Quidway> display mpls l2vc interface vlanif 300
*client interface : Vlanif300 is up
Administrator PW : no
session state : up
AC state : up
VC state : up
VC ID : 100
VC type : VLAN
destination : 11.11.11.11
local group ID : 0 remote group ID : 0
local VC label : 23552 remote VC label :
23552
local AC OAM State : up
local PSN State : up
Run the display mpls l2vc remote-info command, and you can see that Peer Addr is the peer
address of the VC. The following is an example:
<Quidway> display mpls l2vc remote-info
Total remote ldp vc : 2
Run the display mpls l2vpn connection interface command, and you can see that the local VC
status and remote VC status of the master PW and the backup PW are both Up, the forwarding
state of the master PW is true, and the forwarding state of the backup PW is false. The BFD
session is Up.
<Quidway> display mpls l2vpn connection interface vlanif 11
conn-type: remote
local vc state: up
remote vc state: up
local ce-id: 1
local ce name: ce1
remote ce-id: 2
intf(state,encap): Vlanif11(up,vlan)
peer id: 3.3.3.3
route-distinguisher: 100:2
local vc label: 23552
remote vc label: 23553
tunnel policy: p1
primary or secondary: primary
forwardEntry exist or not: true
forward entry active or not:true
manual fault set or not: not set
AC OAM state: up
BFD for PW session index: 256
BFD for PW state: up
BFD for LSP state: true
Local C bit is set, Remote C bit is set
tunnel type: cr lsp, id: 0x20002
conn-type: remote
local vc state: up
remote vc state: up
local ce-id: 1
local ce name: ce1
remote ce-id: 3
intf(state,encap): Vlanif11(up,vlan)
peer id: 2.2.2.2
route-distinguisher: 100:3
local vc label: 31745
remote vc label: 35843
tunnel policy: default
primary or secondary: secondary
forwardEntry exist or not: true
forward entry active or not:false
Run the display mpls l2vpn forwarding-info [ vc-label ] interface interface-type interface-
number command, and you can see that ENTRYTYPE of the master PW is SEND,
PWSTATE is ACTIVE, BFDSTATE is UP, and ADMIN is UP. The following is an example:
<Quidway> display mpls l2vpn forwarding-info interface vlanif 11
The Main PW Forward Information :
VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID
---------------------------------------------------------------------------
23552 CRLSP SEND ACTIVE UP UP TRUE 1 8 0x20002
1 Record(s) Found.
Context
You can collect statistics on VLL traffic on the user-side interfaces that are bound to the VLL.
In this case, you need to enable the function of collecting statistics on VLL traffic on the device
before the VLL connection is set up.
Procedure
Step 1 Run:
system-view
Step 2 Run:
mpls l2vpn traffic-statistics enable
The function of collecting traffic statistics is only valid to the VLL connection that is created
after this function is enabled.
----End
Procedure
l Run:
display traffic-statistics l2vpn interface interface-type interface-number
To view VLL traffic statistics, you need to enable the function of collecting traffic statistics
on the VLL before the VLL connection is set up.
----End
Procedure
l Run the following command in the user view:
reset traffic-statistics l2vpn interface interface-type interface-number
----End
Context
CAUTION
If the BGP L2VPN application and other applications share the same TCP connection, the reset
bgp l2vpn command resets the BGP neighbor relationship of all applications on this TCP
connection. So, confirm the action before you use the command.
After the parameters configured in the BGP L2VPN address family view are modified, you can
run the reset bgp l2vpn command to reset the TCP connection of the BGP L2VPN. After that,
BGP re-negotiates parameters, re-sends label information, and re-establishes the session.
Procedure
l Run the reset bgp l2vpn { as-number | peer-ip-address | all | internal | external } command
in the user view to reset BGP L2VPN TCP connections.
----End
Context
During the routine maintenance, you can run the following commands in any view to know the
running status of VLL.
Procedure
l Run the display vll ccc [ ccc-name | type { local | remote } ] command to check information
about the CCC connection.
l Run the display mpls static-l2vc [ interface interface-type interface-number ] command
to check information about the SVC VLL connection.
l Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command
to check information about the local Martini VLL connection on the PE.
l Run the display bgp l2vpn { all | group [ group-name ] | peer [ [ ip-address ] verbose ] |
route-distinguisher route-distinguisher [ ce-id ce-id [ label-offset label-offset ] ] }
command to check BGP information about a Kompella VLL.
l Run the display mpls l2vpn connection [ vpn-name [ remote-ce ce-id | down | up |
verbose ] | summary | interface interface-type interface-number ] command to check
information about a Kompella VLL.
----End
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo
debugging all command to disable it immediately.
When a fault occurs, run the following debugging commands in the user view to locate the fault.
For the procedure of displaying the debugging information, refer to the chapter "System
Maintenance" in the Quidway S7700 Smart Routing Switch Configuration Guide - Device
Management.
Procedure
l Run the debugging mpls l2vpn { all | advertisement | download | error | event | oam-
mapping |reroute | timer | connections [ interface interface-type interface-number ] }
command in the user view to enable the debugging of the VLL.
l Run the debugging bgp update l2vpn bgp update l2vpn [ acl acl-number | ip-prefix ip-
prefix-name | peer peer-ipv4-address ] [ receive | send ] [ verbose ] command in the user
view to enable the debugging of BGP Update messages of the Kompella VLL.
----End
Prerequisite
Before using the ping or tracert command to check connectivity of a VLL network, you need
to ensure that the VLL network is correctly configured.
The channel types supported by the VLL network in Martini or Kompella mode are listed in the
"Procedure" part.
By default, VCCV in Label Alert mode is enabled. Before using the control word channel, you
need to run the control-word command to enable the control word function. After that, VCCV
in control word channel mode is enabled.
When locating the fault on the VLL network in Martini mode, you can use either VCCV in
control word channel mode or VCCV in normal mode.
Procedure
l Checking the connectivity of the VLL network in Martini mode
– Control word channel
ping vc pw-type pw-id [ -c echo-number | -m time-value | -s data-bytes | -t timeout-
value | -exp exp-value | -r reply-mode | -v ] * control-word [ remote peer-pw-id |
draft6 ] *
– Label Alert channel
ping vc pw-type pw-id [ -c echo-number | -m time-value | -s data-bytes | -t timeout-
value | -exp exp-value | -r reply-mode | -v ] * label-alert [ remote remote-ip-address |
draft6 ] *
l Locating the fault on the VLL network in Martini mode
– Control word channel
tracert vc { pw-type pw-id [ -exp exp-value | -f first-ttl | -m max-ttl | -r reply-mode | -
t timeout-value ] * control-word [ [ [ remote remote-pw-id ] draft6 ] | remote remote-
ip-address ] [ full-lsp-path ]
– Label Alert channel
tracert vc { pw-type pw-id [ -exp exp-value | -f first-ttl | -m max-ttl | -r reply-mode | -
t timeout-value ] * label-alert [ remote remote-ip-address ] [ full-lsp-path ]
[ draft6 ]
– Normal mode
GE1/0/0
CCC local connection
CE 1 GE 2/0/0
GE 1/0/0 GE 1/0/0
PE
Loopback1
1.1.1.9/32
PE GigabitEthernet1/0/0 VLANIF 10 -
GigabitEthernet2/0/0 VLANIF 20 -
Loopback1 - 1.1.1.9/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the basic MPLS capacity on the PE and enable the MPLS L2VPN.
2. Create a local connection between CE1 and CE2 on PE. The local CCC connection is
bidirectional, so only one connection is needed.
Data Preparation
IP addresses of the interfaces
Procedure
Step 1 Configure CEs.
# Configure CE1.
<Quidway> system-view
[Quidway] sysname CE1
[CE1] vlan 10
[CE1-Vlan10] quit
[CE1]interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0]port link-type trunk
[CE1-GigabitEthernet1/0/0]port trunk allow-pass vlan 10
[CE1-GigabitEthernet1/0/0]quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 100.1.1.1 24
[CE1-Vlanif10] quit
# Configure CE2.
<Quidway> system-view
[Quidway] sysname CE2
[CE2] vlan 20
[CE2-vlan20] quit
[CE2] interface gigabitethernet 1/0/0
[CE2-GigabitEthernet1/0/0]port link-type trunk
[CE2-GigabitEthernet1/0/0]port trunk allow-pass vlan 20
[CE2-GigabitEthernet1/0/0]quit
[CE2] interface vlanif 20
[CE2-Vlanif20] ip address 100.1.1.2 24
[CE2-Vlanif20] quit
NOTE
Run the display l2vpn ccc-interface vc-type ccc command, and you can see that the VC type
is CCC and the status is Up.
<PE> display l2vpn ccc-interface vc-type all
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif 10
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
l Configuration file of PE
#
sysname PE
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
interface Vlanif10
#
interface Vlanif20
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid tagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
ccc ce1-ce2 interface Vlanif10 out-interface Vlanif20
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
return
CE 1 CE 2
Loopback1 - 1.1.1.9/32
GigabitEthernet2/0/0 VLANIF 40 -
Loopback1 - 3.3.3.9/32
Loopback1 - 2.2.2.9/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a bidirectional static LSP for the CCC connection between PEs. The LSP is
exclusively used by the CCC connection.
2. Enable MPLS L2VPN on the PEs. MPLS L2VPN need not be enabled on P.
3. Set up two connections: one from CE1 to CE2 and the other from CE2 to CE1.
Data Preparation
To complete the configuration, you need the following data:
l Out-label and in-label of the remote CCC connection
Pay attention to the mapping between the in-labels and out-labels on the PE and P. For the settings
of the out-label and the in-label, see Figure 5-5.
Procedure
Step 1 Configure the ID of the VLAN that each interface belongs to, as shown in Figure 5-5.
NOTE
# Configure CE1.
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 100.1.1.1 24
[CE1-Vlanif10] quit
# Configure CE2.
[CE2] interface vlanif 40
[CE2-Vlanif40] ip address 100.1.1.2 24
[CE2-Vlanif40] quit
# Configure PE1.
<Quidway> system-view
[Quidway] sysname PE1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip address 10.1.1.1 24
[PE1-Vlanif20] quit
# Configure the P.
<Quidway> system-view
[Quidway] sysname P
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.9 32
[P-LoopBack1] quit
[P] interface vlanif 30
[P-Vlanif30] ip address 10.2.2.2 24
[P-Vlanif30] quit
[P] interface vlanif 20
[P-Vlanif20] ip address 10.1.1.2 24
[P-Vlanif20] quit
# Configure PE2.
<Quidway> system-view
[Quidway] sysname PE2
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.9 32
[PE2-LoopBack1] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] ip address 10.2.2.1 24
[PE2-Vlanif30] quit
Step 4 Configure the basic MPLS capabilities on the MPLS backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] quit
# Configure the P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] quit
Step 5 Create the remote CCC connection between the two PEs.
# Configure PE1: Enable MPLS L2VPN globally and create the remote CCC connection from
CE1 to CE2. Connect the incoming interface of PE1 to CE1 and the outgoing interface of PE1
to the P. Set the incoming label to 100 and the outgoing label to 200.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] quit
[PE1] ccc CE1-CE2 interface vlanif 10 in-label 100 out-label 200 nexthop 10.1.1.2
# Configure PE2: Enable mpls l2vpn globally and create the remote CCC connection from CE2
to CE1. Connect the incoming interface of PE2 to CE2 and the outgoing interface of PE2 to the
P. Set the incoming label to 201 and the outgoing label to 101.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2] interface vlanif 40
[PE2-Vlanif40] quit
[PE2] ccc CE2-CE1 interface vlanif 40 in-label 201 out-label 101 nexthop 10.2.2.2
# Configure P: Configure a static LSP for forwarding packets from PE1 to PE2, and configure
another static LSP for forwarding packets from PE2 to PE1.
[P] static-lsp transit PE1-PE2 incoming-interface vlanif 20 in-label 200 nexthop
10.2.2.1 out-label 201
[P] static-lsp transit PE2-PE1 incoming-interface vlanif 30 in-label 101 nexthop
10.1.1.1 out-label 100
After the configuration, display information about the CCC connection on the PEs. You can find
that a remote CCC connection is set up on each of PE1 and PE2 and the status of the connection
is Up.
<PE1> display vll ccc
total ccc vc : 1
local ccc vc : 0, 0 up
remote ccc vc : 1, 1 up
Run the display l2vpn ccc-interface vc-type ccc command on PE, and you can see that the VC
type is CCC and the status is Up. Take PE1 for example.
<PE1> display l2vpn ccc-interface vc-type ccc
Run the display mpls lsp command on the P, and you can view the label and interface
information of the two static LSPs.
<P> display mpls lsp
-------------------------------------------------------------------------------
LSP Information: STATIC LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
-/- 200/201 Vlanif20/Vlanif30
-/- 101/100 Vlanif30/Vlanif20
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
#
ccc CE1-CE2 interface Vlanif 10 in-label 100 out-label 200 nexthop 10.1.1.2
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
return
l Configuration file of P
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
mpls
#
interface Vlanif30
ip address 10.2.2.2 255.255.255.0
mpls
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
static-lsp transit PE1-PE2 incoming-interface Vlanif 20 in-label 200 nexthop
10.2.2.1 out-label 201
static-lsp transit PE2-PE1 incoming-interface Vlanif 30 in-label 101 nexthop
10.1.1.1 out-label 100
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
interface Vlanif30
ip address 10.2.2.1 255.255.255.0
mpls
#
interface Vlanif40
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet2/0/0
PE 1 PE 2
GE 2/0/0 GE 2/0/0 GE 1/0/0 GE 1/0/0
GE 1/0/0 GE 2/0/0
P
SVC
connection
GE 1/0/0 GE 1/0/0
CE 1 CE 2
Loopback1 - 1.1.1.9/32
GigabitEthernet2/0/0 VLANIF 40 -
Loopback1 - 3.3.3.9/32
Loopback1 - 2.2.2.9/32
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l Labels of the static L2VC connection
The out-label of PE1 is the same as the in-label of PE2; whereas the in-label of PE1 is the same
as the out-label of PE2.
Procedure
Step 1 Configure interface addresses for CE, PE and P according to Figure 5-6, including VLAN
interfaces and VLANIF interfaces.
Step 2 Configure IGP on the MPLS backbone network. (In this example, OSPF is used.)
When configuring OSPF, advertise the 32-bit addresses of loopback interfaces on PEs and P.
The loopback interface addresses are the LSR IDs.
Step 3 Configure basic MPLS functions and LDP on the MPLS backbone network. That is, set up LDP
LSPs.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit
# Configure the P.
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls ldp
[PE2-Vlanif30] quit
After the configuration, LDP sessions are set up between PE1, P, and PE2. Run the display mpls
ldp session command, and you can see that the status of the LDP session is Operational.
Take the display on PE1 for example:
<PE1> display mpls ldp session
Run the display l2vpn ccc-interface vc-type static-vc up command, and you can see that the
VC type is static VC and the status is Up. Take the display on PE1 for example.
<PE1> display l2vpn ccc-interface vc-type static-vc up
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
l Configuration file of P
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return
GE 2/0/0 GE 1/0/0
PE 1 PE 2
GE 2/0/0 GE1/0/0
GE1/0/0 GE 2/0/0
P
GE1/0/0 GE 1/0/0
Martini
CE 1 CE 2
Loopback1 - 1.1.1.9/32
GigabitEthernet2/0/0 VLANIF 40 -
Loopback1 - 3.3.3.9/32
Loopback1 - 2.2.2.9/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the routing protocol on backbone devices (PE and P) and enable MPLS.
2. Use the default tunnel policy to create an LSP and configure the LSP as the tunnel for data
transmission.
Data Preparation
To complete the configuration, you need the following data:
l IP address of the remote peer of each PE
l VC ID
Procedure
Step 1 Configure interface addresses for CE, PE and P according to Figure 5-7, including VLAN and
VLANIF interfaces.
The configuration procedure is not mentioned.
Step 2 Configure IGP on the MPLS backbone network. (In this example, OSPF is used.)
When configuring OSPF, advertise the 32-bit addresses of loopback interfaces on PEs and P.
The loopback interface addresses are the LSR IDs.
The configuration procedure is not mentioned.
After the configuration, OSPF adjacencies are established between PE1, P, and PE2. By running
the display ospf peer command, you can see that the status of the OSPF adjacency is Full. Run
the display ip routing-table command, and you can see that the PEs can learn the routes of each
other's Loopback1 interface.
Step 3 Configure the basic MPLS capability and MPLS LDP on the MPLS network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit
# Configure the P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls ldp
[PE2-Vlanif30] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration, run the display mpls ldp session command on PE1 to view the
establishment of the LDP session. You can find that an LDP session is set up between PE1 and
PE2.
Take the display on PE1 for example.
<PE1> display mpls ldp session
Administrator PW : no
session state : up
AC state : up
VC state : up
VC ID : 101
VC type : VLAN
destination : 3.3.3.9
local group ID : 0 remote group ID : 0
local VC label : 23552 remote VC label : 23552
local AC OAM State : up
local PSN State : up
local forwarding state : forwarding
local status code : 0x0
remote AC OAM state : up
remote PSN state : up
remote forwarding state: forwarding
remote status code : 0x0
BFD for PW : unavailable
manual fault : not set
active state : active
forwarding entry : exist
link state : up
local VC MTU : 1500 remote VC MTU : 1500
local VCCV : alert lsp-ping bfd
remote VCCV : alert lsp-ping bfd
local control word : disable remote control word : disable
tunnel policy name : --
traffic behavior name : --
PW template name : --
primary or secondary : primary
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL type : lsp , TNL ID : 0x10031
create time : 1 days, 22 hours, 15 minutes, 9 seconds
up time : 0 days, 22 hours, 54 minutes, 57 seconds
last change time : 0 days, 22 hours, 54 minutes, 57 seconds
VC last up time : 2010/10/09 19:26:37
VC total up time : 1 days, 20 hours, 42 minutes, 30 seconds
CKey : 8
NKey : 3
PW redundancy mode : --
AdminPw interface : --
AdminPw link state : --
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
l Configuration file of PE1
#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface Vlanif10
mpls l2vc 3.3.3.9 101
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
l Configuration file of P
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif 20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 30
ip address 10.2.2.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface Vlanif 30
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 40
mpls l2vc 1.1.1.9 101
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 10.2.2.0 0.0.0.255
#
return
l Configuration file of CE2
#
sysname CE2
#
vlan batch 40
#
interface Vlanif 40
ip address 100.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
return
Networking Requirements
As shown in Figure 5-8, CE1 and CE2 are connected to the same PE through GE interfaces.
GE2/0/0
GE1/0/0 GE1/0/0
PE
CE1
Loopback1
1.1.1.9/32
PE GigabitEthernet1/0/0 VLANIF 10 -
GigabitEthernet2/0/0 VLANIF 20 -
Loopback1 - 1.1.1.9/32
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the addresses of the VLANIF interfaces of CE1 and CE2 according to Figure 5-8 and
the IDs of the VLANs to which the interfaces belong.
The configuration details are not mentioned here.
Step 2 Configure a local connection in Kompella mode.
# Configure basic MPLS functions.
[PE] interface loopback 1
[PE-LoopBack1] ip address 1.1.1.9 32
[PE-LoopBack1] quit
[PE] mpls lsr-id 1.1.1.9
[PE] mpls
[PE-mpls] quit
primary
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 30.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
l Configuration file of PE
#
sysname PE
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
interface Vlanif10
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrif tagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrif tagged vlan 20
#
#
ccc CE1-CE2 interface Vlanif 10 in-label 100 out-label 200 nexthop 10.1.1.2
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
return
GE 2/0/0 GE 1/0/0
GE 1/0/0 GE 2/0/0
GE 1/0/0 PE 1 P PE 2 GE 2/0/0
Kompella
GE 1/0/0 Remote
GE 1/0/0
CE 1 CE 2
Loopback1 - 1.1.1.9/32
GigabitEthernet2/0/0 VLANIF 40 -
Loopback1 - 3.3.3.9/32
Loopback1 - 2.2.2.9/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure routing protocols on the PEs and P on the backbone network to implement
internetworking, and enable basic MPLS functions and LDP.
2. Enable MPLS L2VPN and configure BGP L2VPN on PEs.
3. Configure the VPN instance and CE connections.
Data Preparation
To complete the configuration, you need the following data:
l ASN of BGP
l Names of VPN instances, RDs, and VPN targets
l Names and IDs of the CEs (The CE IDs are globally unique.), and CE range, namely, the
label block
Procedure
Step 1 Configure the IDs of the VLANs to which the interfaces of CE, PE, and P belong according to
Figure 5-9.
The configuration procedure is not mentioned.
NOTE
Run the display ospf peer command, and you can see that the OSPF neighbor relation is set up
and the neighbor status is Full.
Take the display on PE1 for example:
<PE1> display ospf peer
Step 3 Configure basic MPLS functions and LDP, and set up LDP LSPs.
The configuration procedure is not mentioned here.
After the configuration, run the display mpls ldp session and display mpls ldp peer commands
on each LSR. You can see information about the LDP session and peers.
Take the display on PE1 for example:
<PE1> display mpls ldp session
[PE1-bgp] l2vpn-family
[PE1-bgp-af-l2vpn] peer 3.3.3.9 enable
[PE1-bgp-af-l2vpn] quit
[PE1-bgp] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
[PE2-bgp] l2vpn-family
[PE2-bgp-af-l2vpn] peer 1.1.1.9 enable
[PE2-bgp-af-l2vpn] quit
[PE2-bgp] quit
After the configuration, run the display bgp l2vpn peer command on PE1 and PE2, and you
can see that the peer relation between the PEs is in Established state.
Take the display on PE1 for example.
<PE1> display bgp l2vpn peer
# Configure PE2.
[PE2] mpls l2vpn vpn1 encapsulation vlan
[PE2-mpls-l2vpn-vpn1] route-distinguisher 100:1
[PE2-mpls-l2vpn-vpn1] vpn-target 1:1
[PE2-mpls-l2vpn-vpn1] ce ce2 id 2 range 10
[PE2-mpls-l2vpn-ce-vpn1-ce2] connection ce-offset 1 interface vlanif 40
[PE2-mpls-l2vpn-ce-vpn1-ce2] quit
[PE2-mpls-l2vpn-vpn1] quit
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 30.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
#
mpls l2vpn vpn1 encapsulation vlan
route-distinguisher 100:1
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
ce ce1 id 1 range 10 default-offset 0
connection ce-offset 2 interface Vlanif 10
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.9 enable
#
l2vpn-family
policy vpn-target
peer 3.3.3.9 enable
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 168.1.1.0 0.0.0.255
#
return
l Configuration file of P
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface VLanif20
ip address 168.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 169.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 168.1.1.0 0.0.0.255
network 169.1.1.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface Vlanif 30
ip address 169.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 40
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 40
port hybrid tagged vlan 40
#
#
mpls l2vpn vpn1 encapsulation vlan
route-distinguisher 100:1
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
ce ce2 id 2 range 10 default-offset 0
connection ce-offset 1 interface Vlanif40
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
l2vpn-family
policy vpn-target
peer 1.1.1.9 enable
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 169.1.1.0 0.0.0.255
#
return
l Configuration file of CE2
#
sysname CE2
#
vlan batch 40
#
interface Vlanif40
ip address 30.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
return
Networking Requirements
As shown in Figure 5-10, the Option A scheme is used to establish the inter-AS Martini VLL.
Figure 5-10 Networking diagram for configuring the inter-AS Martini VLL Option A
GE1/0/0 GE1/0/0
CE1 CE2
Loopback0 - 1.1.1.9/32
GigabitEthernet2/0/0 VLANIF 50 -
Loopback0 - 4.4.4.9/32
GigabitEthernet2/0/0 VLANIF 30 -
Loopback0 - 2.2.2.9/32
Loopback0 - 3.3.3.9/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Run an IGP protocol on the backbone network so that the devices in the same AS can
communicate with each other.
2. Configure the basic MPLS capability on the backbone network and establish dynamic LSPs
between PEs and ASBR-PEs in the same AS. If PEs and ASBR-PEs are not directly
connected, establish a remote LDP session.
3. Establish MPLS L2VC connections between the PEs and ASBR-PEs in the same AS.
Data Preparation
To complete the configuration, you need the following data:
l IS-IS data
l IP address of the peer
l MPLS LSR-IDs of PE and ASBR-PEs
l L2VC ID
Procedure
Step 1 Configure the IDs of the VLANs to which the interfaces belong according to Figure 5-10.
The configuration procedure is not mentioned.
Step 2 Configure an IGP protocol on the MPLS backbone network.
PEs and ASBR-PEs on the backbone network can communicate with each other by using IGP.
In this example, IS-IS is used as IGP and the configuration procedure is not mentioned.
After the configuration, the ASBR and PE in the same AS can establish an IS-IS adjacency. Run
the display isis peer command, and you can see that the IS-IS adjacency is in Up state, and the
PEs can learn each other's loopback address.
Take the display on PE1 for example.
<PE1> display isis peer
# Configure ASBR-PE1.
[ASBR-PE1] mpls l2vpn
[ASBR-PE1-l2vpn] mpls l2vpn default martini
[ASBR-PE1-l2vpn] quit
[ASBR-PE1] interface vlanif 30
[ASBR-PE1-Vlanif30] mpls l2vc 1.1.1.9 100
[ASBR-PE1-Vlanif30] quit
# Configure ASBR-PE2.
[ASBR-PE2] mpls l2vpn
[ASBR-PE2-l2vpn] mpls l2vpn default martini
[ASBR-PE2-l2vpn] quit
[ASBR-PE2] interface vlanif 30
[ASBR-PE2-Vlanif30] mpls l2vc 4.4.4.9 100
[ASBR-PE2-Vlanif30] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] mpls l2vpn default martini
[PE2-l2vpn] quit
[PE2] interface vlanif 50
[PE2-Vlanif50] mpls l2vc 3.3.3.9 100
[PE2-Vlanif50] quit
# Configure CE1.
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 100.1.1.1 255.255.255.0
[CE1-Vlanif10] quit
# Configure CE2.
[CE2] interface vlanif 50
[CE2-Vlanif50] ip address 100.1.1.2 255.255.255.0
[CE2-Vlanif50] quit
Display information about the L2VPN connection on PE1. You can see that an L2VC is set up
and the VC status is Up.
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
l Configuration file of PE1
#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
mpls l2vc 2.2.2.9 100
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
isis enable 1
#
return
l Configuration file of ASBR-PE1
#
sysname ASBR-PE1
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0002.00
#
interface Vlanif20
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0004.00
#
interface Vlanif40
ip address 30.1.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Vlanif50
mpls l2vc 3.3.3.9 100
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 50
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
isis enable 1
#
return
Figure 5-11 Networking diagram for configuring the inter-AS Kompella VLL Option A
GE1/0/0 GE1/0/0
CE1 CE2
Loopback1 - 1.1.1.9/32
GigabitEthernet2/0/0 VLANIF 50 -
Loopback1 - 4.4.4.9/32
GigabitEthernet2/0/0 VLANIF 30 -
Loopback1 - 2.2.2.9/32
Loopback1 - 3.3.3.9/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Run an IGP protocol on the backbone network so that the devices in the same AS can
communicate with each other.
2. Enable MPLS on the backbone and establish a dynamic LSP between the PE and the ASBR-
PE.
Data Preparation
To complete the configuration, you need the following data:
l OSPF data
l MPLS LSR-IDs of PE and ASBR-PEs
l L2VPN instance name, RD, and VPN target on the PE and the ASBR-PE
l CE connection name, CE ID, CE range (10 by default), and default offset (1 or 0, the default
is 0) on the PE and ASBR-PEs
Procedure
Step 1 Configure the IDs of the VLANs to which the interfaces belong according to Figure 5-11.
The configuration procedure is not mentioned.
Step 2 Configure an IGP protocol on the backbone network.
PEs and ASBR-PEs on the MPLS backbone network can communicate with each other by using
IGP. OSPF is used as the IGP protocol in this example.
The configuration procedure is not mentioned. Note that the address of Loopback1 must be
advertised to the IBGP peer.
After the configuration, the ASBR-PE and the PEs in the same AS can learn the Loopback1
addresses of each other. Run the display ip routing-table command, and you can see that the
ASBR and the PEs in the same AS can learn the Loopback1 addresses of each other.
Take the display on PE1 for example.
<PE1> display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 9 Routes : 9
The ASBR-PE and the PEs in the same AS can ping each other's Loopback1 address.
<PE1> ping 2.2.2.2
PING 2.2.2.2: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=90 ms
Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=90 ms
Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=60 ms
Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=90 ms
Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=60 ms
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 60/78/90 ms
# Configure ASBR-PE1.
[ASBR-PE1] bgp 100
[ASBR-PE1-bgp] peer 1.1.1.1 as-number 100
[ASBR-PE1-bgp] peer 1.1.1.1 connect-interface loopback 1
[ASBR-PE1-bgp] quit
# Configure ASBR-PE2.
[ASBR-PE2] bgp 200
[ASBR-PE2-bgp] peer 4.4.4.4 as-number 200
[ASBR-PE2-bgp] peer 4.4.4.4 connect-interface loopback 1
[ASBR-PE2-bgp] quit
# Configure PE2.
[PE2] bgp 200
[PE2-bgp] peer 3.3.3.3 as-number 200
[PE2-bgp] peer 3.3.3.3 connect-interface loopback 1
[PE2-bgp] quit
After the configuration, run the display bgp peer command, and you can see that the IBGP peer
relation between PE1 and the ASBR-PE in the same AS is in Established state. Take the display
on PE1 for example.
[PE1] display bgp peer
Step 5 Enable BGP peers in the BGP L2VPN address family view.
After BGP peers are enabled on the PEs and ASBR-PEs in the BGP L2VPN address family
view, L2VPN instance information can be exchanged between the PEs and ASBR-PEs.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] l2vpn-family
[PE1-bgp-af-l2vpn] peer 2.2.2.2 enable
# Configure ASBR-PE1.
[ASBR-PE1] bgp 100
[ASBR-PE1-bgp] l2vpn-family
[ASBR-PE1-bgp-af-l2vpn] peer 1.1.1.1 enable
# Configure ASBR-PE2.
[ASBR-PE2] bgp 200
[ASBR-PE2-bgp] l2vpn-family
[ASBR-PE2-bgp-af-l2vpn] peer 4.4.4.4 enable
# Configure PE2.
[PE2] bgp 200
[PE2-bgp] l2vpn-family
[PE2-bgp-af-l2vpn] peer 3.3.3.3 enable
# Configure ASBR-PE1.
[ASBR-PE1] mpls l2vpn
[ASBR-PE1-l2vpn] quit
[ASBR-PE1] mpls l2vpn vpn1 encapsulation vlan
[ASBR-PE1-mpls-l2vpn-vpn1] route-distinguisher 100:2
[ASBR-PE1-mpls-l2vpn-vpn1] mtu 1500
[ASBR-PE1-mpls-l2vpn-vpn1] vpn-target 1:1 both
[ASBR-PE1-mpls-l2vpn-vpn1] ce ce2 id 2 range 10 default-offset 0
# Configure ASBR-PE2.
[ASBR-PE2] mpls l2vpn
[ASBR-PE2-l2vpn] quit
[ASBR-PE2] mpls l2vpn vpn1 encapsulation vlan
[ASBR-PE2-mpls-l2vpn-vpn1] route-distinguisher 200:1
[ASBR-PE2-mpls-l2vpn-vpn1] mtu 1500
[ASBR-PE2-mpls-l2vpn-vpn1] vpn-target 1:1 both
[ASBR-PE2-mpls-l2vpn-vpn1] ce ce3 id 3 range 10 default-offset 0
[ASBR-PE2-mpls-l2vpn-ce-vpn1-ce3] connection ce-offset 4 interface vlanif 30
[ASBR-PE2-mpls-l2vpn-ce-vpn1-ce3] quit
[ASBR-PE2-mpls-l2vpn-vpn1] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2] mpls l2vpn vpn1 encapsulation vlan
[PE2-mpls-l2vpn-vpn1] route-distinguisher 200:2
[PE2-mpls-l2vpn-vpn1] mtu 1500
[PE2-mpls-l2vpn-vpn1] vpn-target 1:1 both
[PE2-mpls-l2vpn-vpn1] ce ce4 id 4 range 10 default-offset 0
[PE2-mpls-l2vpn-ce-vpn1-ce4] connection ce-offset 3 interface vlanif 50
[PE2-mpls-l2vpn-ce-vpn1-ce4] quit
[PE2-mpls-l2vpn-vpn1] quit
# Configure CE1.
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0
[CE1-Vlanif10] quit
# Configure CE2.
[CE2] interface vlanif 50
[CE2-Vlanif50] ip address 10.1.1.2 255.255.255.0
[CE2-Vlanif50] quit
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
l Configuration file of PE1
#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
mpls ldp
#
interface Vlanif10
#
interface Vlanif 20
ip address 20.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
mpls l2vpn vpn1 encapsulation vlan
route-distinguisher 100:1
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
ce ce1 id 1 range 10 default-offset 0
connection ce-offset 2 interface Vlanif10
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
#
l2vpn-family
policy vpn-target
peer 2.2.2.2 enable
#
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 20.1.1.0 0.0.0.3
#
return
l Configuration file of ASBR-PE1
#
sysname ASBR-PE1
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
#
mpls ldp
#
interface Vlanif20
ip address 20.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet2/0/0
port trunk allow-pass vlan 30
#
mpls l2vpn vpn1 encapsulation vlan
route-distinguisher 100:2
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
ce ce2 id 2 range 10 default-offset 0
connection ce-offset 1 interface Vlanif30
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
l2vpn-family
policy vpn-target
peer 1.1.1.1 enable
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 20.1.1.0 0.0.0.3
#
return
l Configuration file of ASBR-PE2
#
sysname ASBR-PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
mpls ldp
#
interface Vlanif30
#
interface Vlanif40
ip address 40.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
bgp 200
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 4.4.4.4 enable
#
l2vpn-family
undo policy vpn-target
peer 4.4.4.4 enable
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 40.1.1.0 0.0.0.3
#
mpls l2vpn vpn1 encapsulation vlan
route-distinguisher 200:1
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
ce ce3 id 3 range 10 default-offset 0
connection ce-offset 4 interface Vlanif30
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 40 50
#
mpls lsr-id 4.4.4.4
mpls
#
mpls l2vpn
#
mpls ldp
#
interface Vlanif40
ip address 40.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 50
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
#
l2vpn-family
policy vpn-target
peer 3.3.3.3 enable
#
ospf 1
area 0.0.0.0
network 40.1.1.0 0.0.0.3
network 4.4.4.4 0.0.0.0
#
mpls l2vpn vpn1 encapsulation vlan
route-distinguisher 200:2
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
ce ce4 id 4 range 10 default-offset 0
connection ce-offset 3 interface Vlanif50
#
#
return
6 PWE3 Configuration
This chapter describes how to configure PWE3 to transparently transmit data on the MPLS
network.
AC PW AC
PSN Tunnel
You need to know the following terms defined in the RFC before you read this section:
Figure 6-2 shows the packet exchanges during the establishment, maintenance, and
dismantlement of an LDP PW.
PE1 PE2
parameter match , VC up
ing
M app
parameter match , VC up
Notification
AC/Tunnel state changed AC/Tunnel state changed
The dynamic allocation of LDP-PW labels is performed in the receiving and sending directions.
On the basis of Martini, the dynamic PW adds the optional status parameter in the Mapping
packet and supports the Notification packet.
When the network is in the unstable state, the Notification packet can decrease the number of
packet exchanges.
For example, if an AC on a PE flaps, the Notification packet is sent to notify the AC status. After
receiving the packet, the peer does not dismantle the VC.
However, in the Martini mode, the Withdraw packet is sent repeatedly. Thus, the PW is set up
and dismantled repeatedly.
NOTE
PWE3 supports Notification mode to negotiate PW state information. The Withdraw packet is compatible
with withdraw labels in PWE3. The negotiation of two ends of the PW determines the mode to be used.
Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32
PE1 PE2
Release
Withdraw
VC Deletion
When PE1 does not forward packets sent from PE2 for a specific cause, that is, PE2 is no longer
a peer of PE2, PE1 sends a Withdraw message to PE2. After receiving the Withdraw message,
PE2 tears down the PW and responds with a Release message. After receiving the Release
message, PE1 releases the label and tears down the PW.
U-PE1 P U-PE2
PW100
CE1 CE2
l MH-PW
An MH-PW is a set of two or more contiguous PW segments between two U-PEs. Switching
labels at PW label layer is required. Figure 6-5 shows an MH-PW that functions as a single
point-to-point PW.
PW100 PW200
CE1 CE2
BFD for PW
The Bidirectional Forwarding Detection (BFD) can fast detect a PW between the local PE and
remote PE to enable PW Fast Reroute (FRR). This lessens the impact of any link faults on
services.
l Static BFD for PW
After being encapsulated by PWs, BFD control packets are transmitted on PWs. PWs
distinguish control packets and data packets by using CWs. BFD packets are encapsulated
by using the CWs of PWs. On an MH PW, the intermediate SPE only forwards BFD packets,
but does not send the BFD packets to its CPU for processing.
l Dynamic BFD for PW
1. The Up and Down states of a PW can trigger the dynamic creation and deletion of a
BFD session. When the status of a PW that needs to be detected is Up, the local device
notifies information about its neighbor and detection parameters to the BFD module.
The BFD module then sets up a session to detect the link between the local device and
its neighbor.
2. BFD session negotiation can be implemented by adding the BFD Discriminator TLV
field to VCCV ping packets.
3. After a session is set up, BFD quickly sends detection packets. VCCV ping is used to
periodically check the information consistency of the control plane and data plane.
4. When a dynamic BFD session detects a status change of the PW, BFD instructs the
L2VPN to trigger route convergence. If a neighbor is unreachable, BFD instructs the
L2VPN to delete the related session.
NOTE
For details of BFD for LDP LSP, refer to the chapter "MPLS Configuration" in the Configuration Guide
- MPLS.
The format of the BFD Discriminator TLV in a VCCP ping packet is the same as the format of
the BFD Discriminator TLV in an LSP ping packet, as shown in Figure 6-6.
PWE3 FRR
With the board applications of PWE3, the requirement for network reliability becomes
increasingly higher, especially for L2VPNs that bear real-time services such as VoIP and IPTV
services.
PWE3 FRR is a solution that can increase the reliability of L2VPNs.
PWE3 FRR is used in the following networking:
Asymmetrically connected CEs
One CE is connected to a PE through an AC and the other CE is dual-homed to PEs through two
ACs, as shown in Figure 6-7.
P1 PE2
PE1
VPN AC2
backbone CE2
CE1
AC1
AC3
P2
PE3 Site2
Site1
Inter-AS PWE3
In actual network, multiple sites of a VPN of a user may connect with multiple service providers
of different ASs or with multiple ASs of a service provider. The VPN is called inter-AS VPN.
Inter-AS PWE3 has two schemes:
l Inter-AS PWE3-Option A: Data of an inter-AS user is transmitted through special interfaces
between ASBRs. The user exclusively uses the link between the ASBRs.
l Inter-AS PWE3-Option C: The PEs advertise the VPN IPv4 routes through multi-hop MP-
EBGP.
The S7700 supports the Inter-AS PWE3-Option A
In Option A, the ASBRs of the two ASs are directly connected. The ASBRs are the PEs of their
respective ASs. The two ASBRs consider the peer ASBRs as their CE devices.
CE-1
PE-1
ASBR1 ASBR2 PE-3
AC PE-4
PE-2
LSP1
CE-2
As shown in Figure 6-8, as for ASBR1 in the AS 100, ASBR2 is a CE. Similarly, as for ASBR2,
ASBR1 is a CE.
In Option A, the two directly-connected ASBRs use different links including physical and logical
links for each inter-AS VPN. The links work as ACs to connect the VPN. Thus, the performance
requirement on the PE devices is relatively high.
PWE3 Tracert
With the broad applications of PWE3, PWE3 is required to support related operations and
maintenance. PWE3 tracert is a type of a network maintenance tool developed to meet this
requirement.
PWs are classified into SH PWs and MH PWs based on different networking types. Similarly,
PWE3 tracert is classified into PWE3 SH tracecert and PWE3 MH tracert.
l Basic principle
– PWE3 SH Tracert
– As shown in Figure 6-9, CE1 and CE4 belong to VPN 1; CE2 and CE3 belong to
VPN 2; the LSP from PE1 to PE4 is PE1-P-PE4; the LSP from PE2 to PE3 is PE2-
P-PE3.
CE1 CE2
VPN2
VPN1
PE1 PE2
LSP1
VPN2 VPN1
LSP2
– On PE1, you can start PWE3 tracert of VPN 1 by using related commands. This
PWE3 tracert is the same as the LSP tracert in the public network, except that a PW
label is added to packets, and the remote PE checks whether the receiving PW label
and the VC ID are the same as those on the local end.
– The source PE of the PWE3 tracert continues to send MPLS echo request packets
with the Time-to-Live (TTL) of the outer label from one to a certain value and the
TTL of the inner label as one. Each Label Switching Router (LSR) does not forward
the received packet with the TTL of the outer label as one. Based on the contents of
the packet, each LSR checks the correctness of specific services and labels, and then
sends an MPLS echo reply packet to the source PE. In this way, the source PE can
collect information about each LSR that a PW passes through and information about
the egress PE. At present, the MPLS echo reply packet is an IP packet that does not
carry any label.
– The LSP between PE1 and PE4 is used as an example to explain the mechanism
used by PWE3 tracert to collect information about nodes.
– By starting PWE3 tracert, PE1 can collect information about nodes that the LSP
from PE1 to PE4 passes through. By comparing paths obtained by the PWE3 tracert
and PW paths generated by the protocol, you can judge whether or not there is an
error.
– If the PWE3 tracert obtains only information about PE4 (TTL=2) instead of
information about P (TTL=1), it indicates that P does not support MPLS ping.
– If the PWE3 tracert obtains only information about P (TTL=1) instead of information
about PE4 (TTL=2), it indicates that PE4 or the link between P and PE4 is faulty.
– If the PWE3 tracert obtains information about PE1, PE2, and PE4, it indicates that
P may be faulty. A new path is generated by the protocol.
– PWE3 MH tracert
– As shown in Figure 6-10, an MH PW is set up between CE1 and CE2, and the IDs
of PW segments are different. The LSP is UPE1-P1-SPE1-SPE2-P2-UPE2.
Figure 6-10
– Networking diagram of PWE3 MH tracert
CE2
UPE2
P1
UPE1 SPE2 P2
SPE1
CE1
– The PWE3 tracert started on UPE1 can obtain a correct response only from P1 and
SPE1. SPE2 and UPE2 find that the "Remote PE Address" and "VC ID" are not
consistent. This indicates that the PWE3 tracert passes through an MH PW. In
addition, the PW label switching from the downstream mapping information sent
by each device can be seen.
– On SPE1, start PWE3 tracert to UPE1 or to SPE2 and UPE2. The PWE3 tracert to
UPE1 is the same as the PWE3 SH tracert. The PWE3 tracert to SPE2 and UPE2 is
PWE3 MH tracert.
– PWE3 tracert started on other PEs is the same as the preceding ones, and is not
described here.
l The relations between MPLS ping and PWE3 ping and between MPLS tracert and PWE3
tracert are as follows:
l MPLS ping
MPLS ping is similar to IP ping. The source node sends an MPLS echo request packet. The
packet is forwarded by nodes along the LSP. When the packet reaches the egress in the
MPLS area, the egress replies with an MPLS echo reply packet. If the source node receives
the MPLS echo reply packet from the destination node, it considers that the LSP can be
used to forward data; otherwise, the source node considers that the LSP cannot be used to
forward data.
l MPLS tracert
The source node of MPLS tracert continuously sends MPLS echo request packets with TTL
values from one to a certain value. After the TTL of each node on the LSP expires, each
node replies an MPLS echo reply packet. The ingress thus can collect information about
each node on the LSP, and then locate the faulty node. At the same time, MPLS tracert can
be used to collect important information about each node on the entire LSP, such as assigned
labels.
l PWE3 ping
The principle of PWE3 ping is similar to that of MPLS ping and IP ping. The difference
lies in that PWE3 ping uses a PW to forward MPLS echo request packets to judge whether
the PW can be used to forward packets. When MPLS ping succeeds, PWE3 ping may fail.
l PWE3 Tracert
The principle of PWE3 tracert is similar to that of MPLS tracert and IP tracert. The
difference lies in that PWE3 tracert uses a PW to forward MPLS echo request packets to
collect information about nodes on the PW. When MPLS tracert succeeds, PWE3 tracert
may fail.
CW
The PWE3 supports CW.
The CW is a four-octet header in some encapsulations, and is used for sending packet information
in MPLS PSN.
On the PWE3 control plane, there is a bit symbolizing whether the CW presents on the PW or
not.
On the PWE3 data plane, if the CW is supported, a four-octet control word is added in the header
of the packet to indicate the sequence of the packet.
Negotiation will be carried out successfully only when both endpoints of the PW support CW,
or do not support CW at the control layer. The CW is optional. For static PW, CW requirements
are configured manually.
VCCV-PING
The S7700 supports VC Connectivity Verification (VCCV) negotiation and VCCV-PING on
U-PEs of a static PW, dynamic PW, SH-PW, and MH-PW.
The VCCV-PING has two modes: CW mode and Label Alert mode.
PW Template
A PW template is a set of common attributes abstracted from PWs. A PW template can be shared
by different PWs. To facilitate the expansion, you can configure the common attributes of certain
PWs into a PW template. When creating a PW in interface mode, you can use this PW template.
Other Features
The other features supported by the S7700 are as follows:
Applicable Environments
Using the pw-template command, you can set the attributes for a PW, such as the peer, CW,
and tunnel policy. Importing a PW template simplifies the process of configuring the PWs with
similar attributes. The PW template is configured on a U-PE.
NOTE
Some PW attributes such as MTU, PW type, and encapsulation type are obtained from the interface directly
connected to a CE. Therefore, those parameters do not need to be configured manually.
Pre-configuration Tasks
Before configuring the attributes of a PW template, you need to complete the following tasks:
l Configuring basic MPLS functions
l Enabling MPLS L2VPN
Data Preparation
To configure the attributes of a PW template, you need the following data.
No. Data
Context
Do as follows on the PEs on the two ends of the PW.
Procedure
Step 1 Run:
system-view
A PW template is created.
----End
Context
Do as follows on the PEs on the two ends of a PW:
Procedure
Step 1 Run:
system-view
----End
Follow-up Procedure
Steps 3 to 6 are optional and actions are not taken in turn. Select the required steps in the actual
configuration.
If you specify a PW attribute by using a command line, the same PW attribute specified in the
PW template does not function on the PW to which this PW template is applied.
NOTE
Modifying the attributes of a PW template causes the disconnection and re-establishment of a PW. If
multiple PWs use this template at the same time, the system operation is affected. To avoid this, run the
reset pw pw-template command to validate the new configuration after modifying the attributes of a PW
template.
Context
The configurations of the attributes of a PW template are complete.
Procedure
l Run the display pw-template [ pw-template-name ]. command to check information about
the PW template.
----End
Example
Run the display pw-template command. You can view the configured PW template name and
parameters. For example:
<Quidway> display pw-template
Total PW template number : 1
Applicable Environment
A static PW does not use signaling protocols to send L2VPN packets. Packets are transmitted
between PEs over a tunnel.
The tunnel type of a static PW can be a static LSP, an LDP LSP, or a CR-LSP. By default, an
LDP LSP is used.
Pre-configuration Tasks
Before configuring a static PW, complete the following tasks:
l Configuring an IGP on the MPLS backbone to implement IP interworking
l Enabling MPLS on PEs
l Establishing tunnels between PEs based on the tunnel policy
Data Preparation
To configure a static PW, you need the following data.
No. Data
Context
Do as follows on the PEs on the two ends of a PW:
Procedure
Step 1 Run:
system-view
mpls l2vpn
----End
Context
Do as follows on the PEs on the two ends of a PW:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number [ subinterface-number ]
When using XGE, GE, Ethernet, and Eth-Trunk interfaces as AC interfaces, you need to run the
undo portswitch command to switch Layer 2 interfaces to Layer 3 interfaces.
Step 4 Run:
mpls static-l2vc { destination ip-address | pw-template pw-template-name vc-id } *
A static PW is configured.
NOTE
The parameters raw and tagged are specified in the command only when the link type is Ethernet.
----End
Prerequisite
The configurations of the static PW function are complete.
Procedure
l Run the display mpls static-l2vc [ vc-id | interface interface-type interface-number |
state { down | up } ] command to check information about a specified static PW on a PE.
----End
Example
Run the display mpls static-l2vc [ vc-id | interface interface-type interface-number | state
{ down | up } ] command. You can see that VC State of the PW is up. For example:
<Quidway> display mpls static-l2vc interface vlanif 10
*Client Interface : vlanif 10 is up
AC Status : up
VC State : up
VC ID : 100
VC Type : VLAN
Destination : 3.3.3.9
Transmit VC Label : 100
Receive VC Label : 100
Control Word : Disable
VCCV Capability : alert lsp-ping bfd
Tunnel Policy : --
PW Template Name : pwt
Traffic Behavior : --
Main or Secondary : Main
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL Type : lsp , TNL ID : 0x2002003
Create time : 0 days, 0 hours, 13 minutes, 7 seconds
UP time : 0 days, 0 hours, 10 minutes, 23 seconds
Last change time : 0 days, 0 hours, 10 minutes, 23 seconds
VC last up time : 2010/11/24 12:31:31
VC total up time : 0 days, 2 hours, 12 minutes, 51 seconds
CKey : 2
NKey : 1
Applicable Environment
A dynamic PW uses extended LDP to transmit Layer 2 information and VC labels, and needs
to be configured on PEs of both ends of a PW.
Pre-configuration Tasks
Before configuring a dynamic PW, complete the following tasks:
Data Preparation
To configure a dynamic PW, you need the following data.
No. Data
Context
Do as follows on PEs or U-PEs:
Procedure
Step 1 Run:
system-view
----End
Context
Do as follows on U-PEs:
Procedure
Step 1 Run:
system-view
NOTE
For a dynamic PW, the VC ID of the same encapsulation type should be unique. Changing
encapsulation type may cause a VC ID conflict.
----End
Prerequisite
The configurations of the dynamic PWs function are complete.
Procedure
l Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command
to check information about a specified PW on the local PE.
l Run the display mpls l2vc remote-info [ vc-id ] command to check information about the
PW on the remote PE.
----End
Example
Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command. You
can see that VC state is up. For example:
<Quidway> display mpls l2vc interface vlanif 111
*client interface : Vlanif111 is up
Administrator PW : no
session state : up
AC state : up
VC state : up
VC ID : 100
VC type : VLAN
destination : 6.6.6.6
local group ID : 0 remote group ID : 0
local VC label : 23552 remote VC label : 23552
local AC OAM State : up
local PSN State : up
local forwarding state : forwarding
local status code : 0x0
remote AC OAM state : up
remote PSN state : up
remote forwarding state: forwarding
remote status code : 0x0
BFD for PW : unavailable
manual fault : not set
active state : active
forwarding entry : exist
link state : up
local VC MTU : 1500 remote VC MTU : 1500
local VCCV : cw alert lsp-ping bfd
remote VCCV : cw alert lsp-ping bfd
local control word : enable remote control word : enable
tunnel policy name : --
traffic behavior name : --
PW template name : pwt
primary or secondary : primary
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL type : lsp , TNL ID : 0x4800200f
create time : 0 days, 1 hours, 57 minutes, 30 seconds
up time : 0 days, 1 hours, 57 minutes, 30 seconds
last change time : 0 days, 1 hours, 57 minutes, 30 seconds
VC last up time : 2010/12/10 20:33:37
VC total up time : 0 days, 1 hours, 57 minutes, 30 seconds
CKey : 9
NKey : 8
PW redundancy mode : --
AdminPw interface : --
AdminPw link state : --
Run the display mpls l2vc remote-info command. You can see that Peer Addr is the peer
address of a specified VC. For example:
<Quidway> display mpls l2vc remote-info
Total remote ldp vc : 1
Transport Group Peer Remote Remote C MTU/ N S
VC ID ID Addr Encap VC Label Bit CELLS Bit Bit
100 0 192.3.3.3 vlan 23552 0 1500 1 0
Applicable Environment
To support Multi-Hop, the PW switching is needed. MH-PW requires switching labesl at PW
label layer while forwarding packets.
PW switching must be configured on the S-PE with high performance and capability of setting
up large numbers of MPLS LDP sessions.
l Two PEs are not located in the same AS and no signaling or tunnel can be set up between
the two PEs. (If inter-AS tunnel is set up by the BGP labeled route, MH-PW is not required.)
l The signaling of two PEs differs from each other.
l If access device supports MPLS, but cannot set up large numbers of LDP session, you can
use User Facing Provider Edge (UFPE) as U-PE. And you can use the S-PE as the switching
node of LDP session, which is similar to signaling reflector.
Pre-configuration Tasks
Before configuring PW switching, complete the following tasks:
Data Preparation
To configure PW switching, you need the following data.
No. Data
4 The MTU values of the interfaces on the two ends of the PW if the PW to be switched
is a static PW
Context
The PW switching has three modes:
Procedure
l Static PW Switching
Do as follows on the S-PEs.
1. Run:
system-view
While configuring mixed PWs switching, note that the parameters "ip-address" and "vc-id" before
"between" in the command are that of dynamic PW, while the ones after "between" are that of static
PW. Both these cannot be interchanged.
1. Run:
system-view
l When configuring mixed PW switching, the MTUs of the interfaces on the two ends must
be the same and cannot be longer than 1500 bytes.
----End
Prerequisite
The configurations of the PW Switching function are complete.
Procedure
l Run the display mpls switch-l2vc [ ip-address vc-id encapsulation encapsulation-type |
state { down | up } ] command to check information about the PW switching on S-PEs.
----End
Example
Run the display mpls switch-l2vc [ ip-address vc-id encapsulation encapsulation-type | state
{ down | up } ] command. You can view the VC status is Up. For example:
<Quidway> display mpls switch-l2vc
Total Switch VC : 1, 1 up, 0 down
*Switch-l2vc type : LDP<---->LDP
Peer IP Address : 5.5.5.9, 1.1.1.9
VC ID : 200, 100
VC Type : VLAN
VC State : up
VC StatusCode |PSN |OAM | FW | |PSN |OAM | FW |
-Local VC :| UP | UP | UP | | UP | UP | UP |
-Remote VC:| UP | UP | UP | | UP | UP | UP |
Session State : up, up
Local/Remote Label : 23553/23552, 23552/23552
Local/Remote MTU : 1500/1500, 1500/1500
Applicable Environment
In the PWE3 FRR network where CEs are asymmetrically connected to PEs, a backup PW needs
to be configured.
P1 PE2
PE1
VPN AC2
backbone CE2
CE1
AC1
AC3
P2 PE3 Site2
Site1
As shown in Figure 6-11, the master PW and backup PW need to be configured on PE1. Only
one PW is required on PE2 and PE3.
On an inter-AS L2VPN and an MH PWE3, the ASBR and SPE do not distinguish the master
and backup PWs.
Pre-configuration Tasks
Before configuring a backup PW, complete the following tasks:
l Configuring an IGP on PEs and Ps in the MPLS backbone to implement IP interworking
l Enabling MPLS on PEs and Ps
l Setting up tunnels (CR-LSP, LSP) used by the master and backup PWs between PEs on
the master and backup paths
l Configuring the tunnel policy when the tunnels are CR-LSPs and not configuring the tunnel
policy when the LSP is used
l Configuring the master PW on PEs on the master path
l Configuring a PW on the PE on the backup path, without distinguishing the master and
backup PWs
l Configuring the IP addresses of the interfaces connecting the CEs to the PEs
Data Preparation
To configure a backup PW, you need the following data.
No. Data
Context
Do as follows on the PE to which a CE is connected through only one link:
NOTE
The types of the master and backup PWs must be consistent. That is, the encapsulation types of the master
and backup PWs must be consistent.
Procedure
Step 1 Run:
system-view
A backup VC is configured.
The ID of the backup VC must be different from that of the master VC.
----End
Context
The configurations of the backup PW are complete.
Procedure
l Run the display mpls l2vc [ vc-id | interface interface-type interface-number | remote-
info [ vc-id ] | state { down | up } ] command to check the status of a PW.
----End
Example
After the configuration is successful, the following results are displayed when the display mpls
l2vc [ vc-id | interface interface-type interface-number | remote-info [ vc-id ] | state { down |
up } ] command is used on the PE to which a CE is connected through only one link:
l The statuses of the master and backup PWs are up.
l VC state of the master PW is active, and VC state of the backup PW is inactive.
For example:
<Quidway> display mpls l2vc interface vlanif 10
*client interface : Vlanif10 is up
session state : up
AC state : up
VC state : up
VC ID : 100
VC type : VLAN
destination : 3.3.3.3
local group ID : 0 remote group ID : 0
local VC label : 23552 remote VC label : 23553
local AC OAM State : up
local PSN State : up
local forwarding state : forwarding
local status code : 0x0
remote AC OAM state : up
remote PSN state : up
remote forwarding state: forwarding
remote statuscode : 0x0
BFD for PW : available
BFD sessionIndex : 257 BFD state : up
Applicable Environment
In MPLS-based L2VPNs, if PWs are set up between PEs, BFD can be used to detect faults of
the PWs. In this way, the speed for sensing link faults and the speed of the fast switchover of
applications at the upper layer are accelerated.
When the master and backup PWs are configured on a PE to protect links, BFD sessions need
to be set up to detect the master and backup PWs respectively.
When static BFD for PW is configured, BFD can work only in asynchronous mode.
BFD control packets are encapsulated in PW control packets, and PWs distinguish control
packets and data packets according to the control word. Therefore, during the configuration of
BFD for PW, the control word function needs to be enabled.
Pre-configuration Tasks
Before configuring static BFD for PW, complete the following tasks:
l Configuring IP parameters to make each node reachable
l Configuring PWs
NOTE
Data Preparation
To configure static BFD for PW, you need the following data.
No. Data
Procedure
Step 1 Run:
system-view
BFD is enabled on the local node and the BFD view is displayed.
----End
Procedure
Step 1 Run:
system-view
----End
Context
Do as follows on the PEs on the two ends of the PW to be detected:
Procedure
Step 1 Run:
system-view
The outbound interface interface interface-type interface-number bound to a BFD session refers
to the AC interface where the PW resides.If a management PW is bound to the BFD session, the
interface should be the loopback interface where the management PW resides.
Step 3 Run:
discriminator local discr-value
And run:
discriminator remote discr-value
NOTE
The local discriminator of the local device corresponds to the remote discriminator of the remote device.
Step 4 Run:
commit
When the status of the service PW is Down, the BFD session is created successfully but cannot
be Up. When the status of the management PW is Down, the BFD session cannot be created,
and the system displays prompts.
NOTE
l The local discriminator and remote discriminator of a BFD session cannot be modified after being
configured. To modify the local or remote discriminator of the BFD session, run the undo bfd bfd-
name command in the system view to delete related BFD for PW configuration and then reconfigure
it. After the PW is deleted, related configuration of the BFD session is deleted.
l BFD for PW must be configured or deleted on the PEs on the two ends of a PW simultaneously;
otherwise, the PW statuses on the two PEs are different.
----End
Context
The configurations of static BFD for PW are complete.
Procedure
l Run the display bfd configuration pw interface interface-type interface-number
[ secondary ] [ verbose ] command to check the BFD configuration.
l Run the display bfd session pw interface interface-type interface-number [ secondary ]
[ verbose ] command to check information about the BFD session.
----End
Example
Run the display bfd configuration pw interface interface-type interface-number
[ secondary ] [ verbose ] command, and you can view the discriminators of the BFD session,
the type of the PW that is bound to the BFD session, and the type of the BFD session. For
example:
<Quidway> display bfd configuration pw interface vlanif 10 verbose
--------------------------------------------------------------------------------
BFD Session Configuration Name : 1to2
--------------------------------------------------------------------------------
Local Discriminator : 12 Remote Discriminator : 21
BFD Bind Type : PW(Master)
Bind Session Type : Static
Bind Interface : Vlanif10
TOS-EXP : 6 Local Detect Multi : 3
Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000
WTR Interval (ms) : -- Process PST : Enable
Proc interface status : Disable
Bind Application : L2VPN | OAM_MANAGER | MPLSFW
Session Description : --
--------------------------------------------------------------------------------
Total Commit/Uncommit CFG Number : 1/0
Applicable Environment
In the MPLS L2VPN where PWs are used as transmission tunnels, dynamic BFD for PW is used
to quickly detect faults of PWs. Once a PW is faulty, the master and backup PWs switchover
can be immediately performed to lessen the impact on carried services.
BFD control packets are encapsulated in PW control packets, and PWs distinguish control
packets and data packets based on the control word. Therefore, during the BFD for PW
configuration, you need to enable the control word function.
Types of the PWs can be detected by using BFD are as follows:
l SH PWs
l MH PWs
Pre-configuration Tasks
Before configuring dynamic BFD for PW, complete the following tasks:
l Configuring basic MPLS functions
l Configuring PWs
Data Preparation
To configure dynamic BFD for PW, you need the following data.
No. Data
1 VC ID of a PW
2 BFD parameters
Context
Do as follows on the PEs at the two ends of a PW:
Procedure
Step 1 Run:
system-view
Step 2 Run:
bfd
BFD is enabled on the local node and the BFD view is displayed.
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
bfd for pw enable
----End
Context
Do as follows on the PEs at the two ends of a PW:
Procedure
Step 1 Run:
system-view
Step 2 Run:
pw-template pw-template-name
Step 3 Run:
control-word
----End
Context
Do as follows on the PEs at the two ends of a PW:
Procedure
Step 1 Run:
system-view
----End
Procedure
Step 1 For detailed configuration, see "6.4 Configuring a Static PW, 6.5 Configuring a Dynamic
PW, or 6.6 Configuring PW Switching". You can select one of the configurations as required.
----End
Context
Do as follows on the PEs at the two ends of a PW:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
NOTE
BFD for PW must be configured or deleted on the two PEs of a PW simultaneously; otherwise, the PW
statuses on the two PEs are different.
----End
Context
The configurations of dynamic BFD for PW are complete.
Procedure
l Run the display bfd configuration pw interface interface-type interface-number
[ secondary ] [ verbose ] command to check the BFD configuration.
l Run the display bfd session pw interface interface-type interface-number [ secondary ]
[ verbose ] command to check information about the BFD session.
----End
Example
Run the display bfd configuration pw interface interface-type interface-number
[ secondary ] [ verbose ] command, and you can view discriminators of the BFD session, the
type of the PW that is bound to the BFD session, and the type of the BFD session. For example:
<Quidway> display bfd configuration pw interface vlanif 10 verbose
--------------------------------------------------------------------------------
BFD Session Configuration Name : dyn_8192
--------------------------------------------------------------------------------
Local Discriminator : 8192 Remote Discriminator : 8192
BFD Bind Type : PW(Master)
Bind Session Type : Dynamic
Bind Interface : Vlanif10
TOS-EXP : 6 Local Detect Multi : 3
Min Tx Interval (ms) : 100 Min Rx Interval (ms) : 100
WTR Interval (ms) : -- Process PST : Enable
After the PW FRR is configured, L2VPN traffic is rapidly switched to the backup path when a
fault occurs on the master path. After the fault on the master path is rectified, the L2VPN traffic
is switched back to the master path according to the revertive switchover policy.
Pre-configuration Tasks
Before configuring PW FRR, complete the following tasks:
l Configuring a PW on each of the master path and backup path for the networking where
CEs are asymmetrically connected to PEs (The types of PWs on the master path and backup
path must be the same.)
l Configuring CEs to exchange routing information by using routing protocols or static routes
NOTE
In the networking where CEs are asymmetrically connected to PEs, the backup PW cannot transmit data
when the master path and backup path work normally. If the AC interface of the backup PW borrows the
IP address of the AC interface of the master PW, the following situations occur:
l A permanent non-revertive policy cannot be configured.
l The local CE has two equal-cost and direct routes to the remote CE. The destination addresses and next
hops of the two routes are the same. Actually, the route that passes through the backup PW is invalid.
l If CEs exchange routing information by using routing protocols, you need to modify the cost or metric
of the AC interface of the backup path to be greater than that of the AC interface of the master path.
The local CE cannot communicate with the peer CE, but can communicate with other user devices.
l If the AC link is an Ethernet link, the function of BFD for static routes need also be configured on CEs.
Data Preparation
To configure PW FRR, you need the following data.
No. Data
4 (Optional) Traffic revertive switching delay after fault recovery and fault recovery
notification delay (by default, the traffic revertive switching delay is 30 seconds and
the fault recovery notification delay is 10 seconds.)
Context
l In the networking where CEs are symmetrically dual-homed to PEs, you need to configure
one PW for both the primary and backup paths. The primary and backup paths can be
configured with different types of PWs.
l In the networking where CEs are asymmetrically connected to PEs, you need to configure
primary and backup PWs. The primary and backup PWs must be of the same type.
NOTE
PWE3 FRR supports only dynamic PWs, namely, LDP PWs, rather than static PWs.
Procedure
Step 1 Run:
system-view
Step 2 Run:
mpls l2vpn
Step 3 Run:
quit
Step 4 Run:
interface interface-type interface-number
When using XGE, GE, Ethernet, and Eth-Trunk interfaces as AC interfaces, run this command
to switch Layer 2 interfaces to Layer 3 interfaces.
Step 6 Run:
mpls l2vc { ip-address | pw-template pw-template-name } * vc-id [ group-id group-
id | tunnel-policy policy-name | [ control-word | no-control-word ] | [ raw |
tagged ] | mtu mtu-value ] *
NOTE
Before using a PW template to create a PW, you need to configure a PW template. For details, refer to 6.3
Configuring the Attributes of a PW Template.
NOTE
l Both primary and backup PWs need to be configured on the PE to which a CE is single-homed.
l Primary and backup PWs must have different VC IDs.
l The control word configuration on the primary and secondary PWs must be the same. Otherwise, lots
of packets will be lost after the primary/secondary PW switchover.
----End
Context
BFD for PW, which speeds up fault detection, is recommended.
Static BFD for PW or dynamic BFD for PW can be configured on PEs. For detailed
configuration, see the following sections:
Example
NOTE
l BFD for PW must be configured or deleted on the PEs at the both ends of a PW simultaneously.
Otherwise, the PW statuses on the two PEs are different.
l To detect statuses of the tunnels that carry PWs, you can configure BFD for tunnels. For detailed
configuration, refer to the chapters "Basic MPLS Configuration" and "MPLS TE Configuration" in the
Quidway S7700 Smart Routing Switch Configuration Guide - MPLS.
Context
When CEs are connected to PEs asymmetrically, do as follows on the PE (where traffic is
switched) to which a CE is connected through a single link:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 3 Run:
mpls l2vpn reroute { { delay delay-time | immediately } [ resume resume-time ] |
never }
----End
Prerequisite
The configurations of the PWE3 FRR function are complete.
Procedure
l Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command
to check information about the PW on the local PE.
l Run the display mpls l2vc remote-info [ vc-id ] command to check information about the
PW on the remote PE.
l Run the display bfd session pw interface interface-type interface-number [ secondary ]
[ verbose ] command to check information about the BFD session.
l Run the display mpls l2vpn forwarding-info [ vc-label ] interface interface-type
interface-number command to check information about L2VPN forwarding.
----End
Example
Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command, and
you can view that the statuses of the master and backup PWs are up, VC state of the master PW
is active, and VC state of the backup PW is inactive. For example:
Run the display mpls l2vc remote-info command, and you can view that Peer Addr is the peer
address of the specified VC. For example:
<Quidway> display mpls l2vc remote-info
Total remote ldp vc : 2
Transport Group Peer Remote Remote C MTU/ N S
VC ID ID Addr Encap VC Label Bit CELLS Bit Bit
100 0 2.2.2.2 vlan 23552 1 1500 1 0
200 0 3.3.3.3 vlan 23552 1 1500 1 0
Run the display mpls l2vpn forwarding-info [ vc-label ] interface interface-type interface-
number command, and you can view that the ENTRYTYPE of the master PW is SEND,
PWSTATE is ACTIVE, BFDSTATE is UP, and ADMIN is UP. For example:
<Quidway> display mpls l2vpn forwarding-info interface vlanif 10
The Main PW Forward Information :
VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID
------------------------------------------------------------------------------
23553 LSP SEND ACTIVE UP UP TRUE 1 8 0x10005
1 Record(s) Found.
Run the manual-set pw-ac-fault command on the AC interface of the master PW, the following
situations occur:
Run the undo manual-set pw-ac-fault command on the AC interface of the master PW to rectify
the fault on the PW, the following situations occur:
Applicable Environment
If the MPLS backbone network bearing PWE3 spans multiple ASs, the inter-AS PWE3 must be
configured.
Pre-configuration Tasks
Before configuring inter-AS PWE3, complete the following tasks:
Data Preparation
To configure inter-AS PWE3, you need the following data.
No. Data
2 AS number of each AS
Context
The configurations of inter-AS PWE3-Option A can be summarized as follows:
Prerequisite
The configurations of the Inter-AS PWE3 function are complete.
Procedure
l Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command
to check information about the PW on the local PE.
l Run the display mpls l2vc remote-info [ vc-id ] command to check information about the
PW of the remote PE on the local PE.
----End
Example
Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command. In
the command output, you can find that "VC state" is Up. For example:
<Quidway> display mpls l2vc interface vlanif 10
*client interface : Vlanif10 is up
session state : up
AC state : up
VC state : up
VC ID : 100
VC type : VLAN
destination : 192.3.3.3
local group ID : 0 remote group ID : 0
local VC label : 23552 remote VC label : 23552
local AC OAM State : up
local PSN State : up
local forwarding state : forwarding
local status code : 0x0
remote AC OAM state : up
remote PSN state : up
remote forwarding state: forwarding
remote statuscode : 0x0
BFD for PW : unavailable
manual fault : not set
active state : active
forwarding entry : exist
link state : up
local VC MTU : 1500 remote VC MTU : 1500
Local VCCV : alert lsp-ping bfd
Remote VCCV : alert lsp-ping bfd
local control word : disable remote control word : disable
tunnel policy name : --
traffic behavior name : --
PW template name : --
primary or secondary : primary
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL type : gre , TNL ID : 0x10003
create time : 0 days, 0 hours, 2 minutes, 23 seconds
up time : 0 days, 0 hours, 0 minutes, 13 seconds
last change time : 0 days, 0 hours, 0 minutes, 13 seconds
VC last up time : 2008-07-24 12:31:31
VC total up time: 0 days, 2 hours, 12 minutes, 51 seconds
CKey : 16
NKey : 15
PW redundancy mode : --
AdminPw interface : --
AdminPw link state : --
Run the display mpls l2vc remote-info command. In the command output, you can find that
"Peer Addr" indicates the remote address of the designated VC. For example:
<Quidway> display mpls l2vc remote-info
Total remote ldp vc : 1
Transport Group Peer Remote Remote C MTU/ N S
VC ID ID Addr Encap VC Label Bit CELLS Bit Bit
100 0 192.3.3.3 vlan 23552 0 1500 1 0
Prerequisite
Before using the ping vc and tracert vc commands to check the connectivity of a PW, ensure
that the PWE3 network is correctly configured.
By default, VCCV in Label Alert mode is enabled. Before using the control word channel, run
the control-word command to enable the control word function. After that, VCCV in control
word channel mode is enabled.
When locating faults on the PW, you can use either VCCV in control word channel mode or
VCCV in normal mode.
At present, checking the connectivity of the PW is not supported in the following situations:
l SPEs do not support the ping vc and tracert vc command (these commands are supported
only by UPEs).
l Multiple users cannot run the command simultaneously. That is, the devices on the two
ends cannot ping a VC at the same time. On a device serving as both a UPE and an SPE,
if the PW serving as an SPE is performing VCCV ping, the PW serving as a UPE will be
unable to perform VCCV ping. That is, two VCCV pings cannot be performed on a same
device at the same time.
l The MTU check of the VC is not supported.
In the control word mode, if VC IDs are different, the VC ID of the remote UPE needs to be
specified. In the MPLS Label Alert mode, the addresses of the remote peer SPEs or UPEs need
to be specified.
Because a static PW does not support signaling negotiation, configurations of the UPE control
word on both ends of the PW are different, with the control word being enabled on one end, but
disabled on the other. When the MPLS Label Alert mode is enabled on both ends, the PW can
be Up and the ping vc command can work. CEs, however, cannot communicate with each other
because the control words are different.
Procedure
l Check the connectivity of the PW.
– Control word channel
ping vc pw-type pw-id [ -c echo-number | -m time-value | -s data-bytes | -t timeout-
value | -exp exp-value | -r reply-mode | -v ] * control-word [ remote peer-pw-id |
draft6 ] *
----End
Context
To locate a PW fault, first configure basic PWE3 functions by using the PW template, and then
do as follows on each UPE:
Procedure
Step 1 Run:
system-view
Step 2 Run:
pw-template pw-template-name
Step 3 Run:
control-word
Step 4 Run any of the following commands to collect information about each LSR on the PW and the
egress PE.
----End
Context
CAUTION
Debugging affects system performance. After debugging is complete, run the undo
debugging all command to disable debugging immediately.
In the case of operational faults, run the debugging command in the user view to debug the
PWE3 and locate the faults.
In the case of operational faults, run the debugging command in the user view to debug the
PWE3 and locate the faults. For the procedure of outputting the debugging information, refer to
the chapter "Maintenance and Debugging" in the Quidway S7700 Smart Routing Switch
Configuration Guide - Device Management.
Procedure
l Run the debugging mpls lspc { all | error | event | packet } command in the user view to
enable debugging of MPLS ping/tracert.
----End
Networking Requirements
As shown in Figure 6-12, PE1 and PE2 are connected through an MPLS backbone network.
Figure 6-12 Networking diagram for configuring a dynamic SH-PW (using LSP)
MPLS Backbone
GE2/0/0 GE2/0/0
GE1/0/0 GE2/0/0
PE1 GE1/0/0 P GE1/0/0 PE2
PW
GE1/0/0 GE1/0/0
CE1 CE2
Loopback1 - 192.2.2.2/32
Loopback1 - 192.3.3.3/32
Loopback1 - 192.4.4.4/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Run an IGP protocol on the devices of the backbone network to implement connectivity.
2. Configure the basic MPLS functions on the backbone network and set up an LSP. Set up
the MPLS LDP peer relation between the two PEs on the two ends of the PW.
3. Create an MPLS L2VC connection between the two PEs.
Data Preparation
To complete the configuration, you need the following data:
l Identical L2VC IDs of PEs on the two ends of a PW
l MPLS LSR ID of each PE and P
l Peer address of PE
Procedure
Step 1 Configure interface addresses for CE, PE and P according to Figure 6-12, including VLAN and
VLANIF interfaces.
The configuration procedure is not mentioned.
Step 2 Configure an IGP protocol on the MPLS backbone network.
The OSPF protocol is used in this example.
The configuration procedure is not mentioned.
After the configuration, run the display ip routing-table command. You can see that PE1 and
PE2 can learn the loopback 0 address of each other that is discovered by the OSPF protocol, and
can ping each other.
<PE1> display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls l2vc 192.2.2.2 100
[PE2-Vlanif30] quit
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 192.2.2.2
mpls
#
mpls l2vpn
#
mpls ldp
#
mpls ldp remote-peer 192.3.3.3
remote-ip 192.3.3.3
#
interface Vlanif10
mpls l2vc 192.3.3.3 100
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface LoopBack0
ip address 192.2.2.2 255.255.255.255
#
ospf 1
area 0.0.0.0
network 192.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
l Configuration file of P
#
sysname P
#
vlan batch 20 40
#
mpls lsr-id 192.4.4.4
mpls
#
mpls ldp
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 10.2.2.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack0
ip address 192.4.4.4 255.255.255.255
#
ospf 1
area 0.0.0.0
network 192.4.4.4 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.2.2.0 0.0.0.255
#
return
Networking Requirements
You need to set up a static MH-PW between U-PE1 and U-PE2. The S-PE is the switching node,
which sets up a two-hop static PW.
Loopback0 Loopback0
1.1.1.9/32 PW Sta 5.5.5.9/32
tic tic
Sta PW
GE2/0/0 GE1/0/0
U-PE1 U-PE2
GE1/0/0 GE2/0/0
GE1/0/0 GE1/0/0
CE1 CE2
Loopback0 - 1.1.1.9/32
GigabitEthernet2/0/0 VLANIF 60 -
Loopback0 - 5.5.5.9/32
Loopback0 - 2.2.2.9/32
Loopback0 - 4.4.4.9/32
Loopback0 - 3.3.3.9/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Run a routing protocol on the devices of the backbone network to implement connectivity.
2. Configure the basic MPLS functions on the backbone network and set up an LSP.
3. Create an MPLS L2VC connection between the two U-PEs.
4. Create a switching PW on the S-PE.
Data Preparation
To complete the configuration, you need the following data:
l L2VC IDs of U-PE1 and U-PE2
l MPLS LSR-IDs of U-PE1, S-PE, and U-PE2
l Name of the PW template and attributes of the PW template used on the U-PEs
l VC labels of the PW (pay attention to the mapping between the VC labels on the two ends)
l Encapsulation type of the S-PE
Procedure
Step 1 Configure interface addresses for CE, U-PE,P and S-PE according to Figure 6-13, including
VLAN and VLANIF interfaces.
The configuration procedure is not mentioned.
Step 2 Configure an IGP protocol on the MPLS backbone network.
The OSPF protocol is used in this example.
Configure interface addresses of the U-PE, S-PE, and P according to Figure 6-13. When
configuring OSPF, note that the 32-bit loopback interfaces of U-PE1, S-PE, and U-PE2 must be
advertised.
The configuration procedure is not mentioned.
Step 3 Configure basic MPLS functions and set up tunnels.
Configure the basic MPLS capability on the MPLS backbone network. Set up LSPs between U-
PE1 and S-PE, and between S-PE and U-PE2. The configuration procedure is not mentioned.
Step 4 Create a VC connection.
Enable MPLS L2VPN on U-PE1 and U-PE2. Create VC connections on two U-PEs.
# Configure U-PE1.
[U-PE1] pw-template pwt
[U-PE1-pw-template-pwt] peer-address 3.3.3.9
[U-PE1-pw-template-pwt] quit
[U-PE1] mpls l2vpn
[U-PE1-l2vpn] quit
[U-PE1] interface vlanif 10
[U-PE1-Vlanif10] mpls static-l2vc pw-template pwt 100 transmit-vpn-label 100
receive-vpn-label 100
[U-PE1-Vlanif10] quit
# Configure S-PE.
[S-PE] mpls l2vpn
[S-PE-l2vpn] quit
[S-PE] mpls switch-l2vc 5.5.5.9 100 trans 200 recv 200 between 1.1.1.9 100 trans
100 recv 100 encapsulation vlan
# Configure U-PE2.
[U-PE2] mpls l2vpn
[U-PE2-l2vpn] quit
[U-PE2] pw-template pwt
[U-PE2-pw-template-pwt] peer-address 3.3.3.9
[U-PE2-pw-template-pwt] quit
[U-PE2] interface vlanif 60
[U-PE2-Vlanif60] mpls static-l2vc pw-template pwt 100 transmit-vpn-label 200
receive-vpn-label 200
[U-PE2-Vlanif60] quit
NOTE
The transmit-vpn-label set on the U-PE must be consistent with the recv label on the S-PE; the receive-
vpn-label set on the U-PE must be consistent with the trans label on the S-PE. Otherwise, CEs cannot
communicate with each other.
VC ID : 100, 100
VC Type : VLAN
VC State : up
In/Out Label : 200/200, 100/100
Control Word : Disable, Disable
VCCV Capability : alert lsp-ping bfd, alert lsp-ping bfd
Switch-l2vc tunnel info :
1 tunnels for peer 5.5.5.9
NO.0 TNL Type : lsp , TNL ID : 0x48002000
1 tunnels for peer 1.1.1.9
NO.0 TNL Type : lsp , TNL ID : 0x48002004
CKey : 44, 1
NKey : 43, 3
Tunnel policy : --, --
Create time : 0 days, 0 hours, 12 minutes, 13 seconds
UP time : 0 days, 0 hours, 5 minutes, 16 seconds
Last change time : 0 days, 0 hours, 5 minutes, 16 seconds
VC last up time : 2010/11/14 12:31:31
VC total up time : 0 days, 2 hours, 12 minutes, 51 seconds
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
pw-template pwt
peer-address 3.3.3.9
#
mpls ldp
#
interface Vlanif10
mpls static-l2vc pw-template pwt 100 transmit-vpn-label 100 receive-vpn-label
100
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
return
l Configuration file of P1
#
sysname P1
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 20.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 30
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return
l Configuration file of S-PE
#
sysname S-PE
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls switch-l2vc 5.5.5.9 100 trans 200 recv 200 between 1.1.1.9 100 trans 100
recv 100 encapsulation vlan
#
mpls ldp
#
interface Vlanif30
ip address 20.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 30.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
network 3.3.3.9 0.0.0.0
#
return
l Configuration file of P2
#
sysname P2
#
vlan batch 40 50
#
mpls lsr-id 4.4.4.9
mpls
#
mpls ldp
#
interface Vlanif40
ip address 30.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
ip address 40.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 60
#
return
Networking Requirements
As shown in Figure 6-14, U-PE1 and U-PE2 are connected through the MPLS backbone
network. Use the LSP and set S-PE as the switching node to set up a dynamic MH-PW between
U-PE1 and U-PE2.
Loopback0 Loopback0
1.1.1.9/32 100 PW 5.5.5.9/32
PW 200
GE2/0/0 GE1/0/0
U-PE1 U-PE2
GE1/0/0 GE2/0/0
GE1/0/0 GE1/0/0
CE1 CE2
Loopback0 - 1.1.1.9/32
GigabitEthernet2/0/0 VLANIF 60 -
Loopback0 - 5.5.5.9/32
Loopback0 - 2.2.2.9/32
Loopback0 - 4.4.4.9/32
Loopback0 - 3.3.3.9/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Run an IGP protocol on the devices of the backbone network to implement connectivity.
2. Configure the basic MPLS functions on the backbone network and set up an LSP. Set up
MPLS LDP peer relations between U-PE1 and S-PE, and between U-PE2 and S-PE.
3. Create a PW template. Enable the CW and LSP ping function.
4. Configure the dynamic PW on the U-PE.
5. Create a switching PW on the switching node S-PE.
Data Preparation
To complete the configuration, you need the following data:
l L2VC IDs on U-PE1 and U-PE2 (the L2VC IDs should be different)
l MPLS LSR-IDs of U-PE1, S-PE, and U-PE2
l IP addresses of the remote peers
l Encapsulation type of the switching PW
l Name and parameters of the PW template on U-PEs
Procedure
Step 1 Configure interface addresses for CE, U-PE,P and S-PE according to Figure 6-14, including
VLAN and VLANIF interfaces.
The configuration procedure is not mentioned.
Step 2 Configure an IGP protocol on the MPLS backbone network.
Configure an IGP protocol on the MPLS backbone network. OSPF is used as the IGP protocol
in this example.
Configure interface addresses of the U-PE, S-PE, and P. When configuring OSPF, note that the
32-bit loopback interfaces of U-PE1, S-PE, and U-PE2 must be advertised.
The configuration procedure is not mentioned.
After the configuration, run the display ip routing-table command on U-PE, P, or S-PE, and
you can see that the devices can learn each other's routes. Take the display on S-PE for example.
The U-PEs can ping each other. Take the display on U-PE1 for example.
<U-PE1> ping 40.1.1.2
PING 40.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 40.1.1.2: bytes=56 Sequence=1 ttl=252 time=160 ms
Reply from 40.1.1.2: bytes=56 Sequence=2 ttl=252 time=120 ms
Reply from 40.1.1.2: bytes=56 Sequence=3 ttl=252 time=150 ms
Reply from 40.1.1.2: bytes=56 Sequence=4 ttl=252 time=150 ms
Reply from 40.1.1.2: bytes=56 Sequence=5 ttl=252 time=160 ms
Configure the basic MPLS capability on the MPLS backbone network. Set up tunnels and LDP
sessions between U-PE1 and S-PE, and between S-PE and U-PE2.
# Configure U-PE1.
[U-PE1] mpls lsr-id 1.1.1.9
[U-PE1] mpls
[U-PE1-mpls] quit
[U-PE1] mpls ldp
[U-PE1-mpls-ldp] quit
[U-PE1] interface vlanif 20
[U-PE1-Vlanif20] mpls
[U-PE1-Vlanif20] mpls ldp
[U-PE1-Vlanif20] quit
[U-PE1] mpls ldp remote-peer 3.3.3.9
[U-PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[U-PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure P1.
[P1] mpls lsr-id 2.2.2.9
[P1] mpls
[P1-mpls] quit
[P1] mpls ldp
[P1-mpls-ldp] quit
[P1] interface vlanif 20
[P1-Vlanif20] mpls
[P1-Vlanif20] mpls ldp
[P1-Vlanif20] quit
[P1] interface vlanif 30
[P1-Vlanif30] mpls
[P1-Vlanif30] mpls ldp
[P1-Vlanif30] quit
# Configure S-PE.
[S-PE] mpls lsr-id 3.3.3.9
[S-PE] mpls
[S-PE-mpls] quit
[S-PE] mpls ldp
[S-PE-mpls-ldp] quit
[S-PE] interface vlanif 30
[S-PE-Vlanif30] mpls
[S-PE-Vlanif30] mpls ldp
[S-PE-Vlanif30] quit
[S-PE] interface vlanif 30
[S-PE-Vlanif40] mpls
[S-PE-Vlanif40] mpls ldp
[S-PE-Vlanif40] quit
[S-PE] mpls ldp remote-peer 1.1.1.9
[S-PE-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[S-PE-mpls-ldp-remote-1.1.1.9] quit
[S-PE] mpls ldp remote-peer 5.5.5.9
[S-PE-mpls-ldp-remote-5.5.5.9] remote-ip 5.5.5.9
[S-PE-mpls-ldp-remote-5.5.5.9] quit
# Configure P2.
[P2] mpls lsr-id 4.4.4.9
[P2] mpls
[P2-mpls] quit
[P2] mpls ldp
[P2-mpls-ldp] quit
[P2] interface vlanif 40
[P2-Vlanif40] mpls
[P2-Vlanif40] mpls ldp
[P2-Vlanif40] quit
[P2] interface vlanif 50
[P2-Vlanif50] mpls
[P2-Vlanif50] mpls ldp
[P2-Vlanif50] quit
# Configure U-PE2.
[U-PE2] mpls lsr-id 5.5.5.9
[U-PE2] mpls
[U-PE2-mpls] quit
[U-PE2] mpls ldp
[U-PE2-mpls-ldp] quit
[U-PE2] interface vlanif 50
[U-PE2-Vlanif50] mpls
[U-PE2-Vlanif50] mpls ldp
[U-PE2-Vlanif50] quit
[U-PE2] mpls ldp remote-peer 3.3.3.9
[U-PE2-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[U-PE2-mpls-ldp-remote-3.3.3.9] quit
After the configuration, run thedisplay mpls ldp session command on U-PE, P, or S-PE, and
you can see that the session status is Operational. Run the display mpls ldp peer command, and
you can see the status of the LDP sessions and adjacencies. Run the display mpls lsp command,
and you can see the status of the LSP. Take the display on S-PE for example.
<S-PE> display mpls ldp session
Create a PW template on each U-PE. Enable the CW and LSP ping function.
# Configure U-PE1.
[U-PE1] pw-template pwt
[U-PE1-pw-template-pwt] peer-address 3.3.3.9
[U-PE1-pw-template-pwt] control-word
[U-PE1-pw-template-pwt] quit
# Configure U-PE2.
[U-PE2] pw-template pwt
[U-PE2-pw-template-pwt] peer-address 3.3.3.9
[U-PE2-pw-template-pwt] control-word
[U-PE2-pw-template-pwt] quit
NOTE
You can configure a dynamic PW without using a PW template. If the PW template is not used, PW
connectivity cannot be verified and path information of the PW cannot be collected. That is, the ping vc
and tracert vc commands cannot be used.
Configure the dynamic PW on the U-PE. Enable dynamic PW switching on the S-PE.
# Configure U-PE1.
[U-PE1] mpls l2vpn
[U-PE1-l2vpn] quit
[U-PE1] interface vlanif 10
[U-PE1-Vlanif10] mpls l2vc pw-template pwt 100
[U-PE1-Vlanif10] quit
# Configure S-PE.
[S-PE] mpls l2vpn
[S-PE-l2vpn] quit
[S-PE] mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 encapsulation vlan
# Configure U-PE2.
[U-PE2] mpls l2vpn
[U-PE2-l2vpn] quit
[U-PE2] interface vlanif 60
[U-PE2-Vlanif60] mpls l2vc pw-template pwt 200
[U-PE2-Vlanif60] quit
--- FEC: FEC 128 PSEUDOWIRE (NEW). Type = vlan, ID = 100 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 90/256/740 ms
3. Verify the connectivity between CEs and view path information between the CEs.
CE1 and CE2 can ping each other.
<CE1> ping 100.1.1.2
PING 100.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=180 ms
Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=120 ms
Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=160 ms
Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=160 ms
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface Vlanif10
mpls l2vc pw-template pwt 100
#
interface Vlanif 20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
return
l Configuration file of P1
#
sysname P1
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 20.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 30
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
#
return
l Configuration file of S-PE
#
sysname S-PE
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls switch-l2vc 5.5.5.9 200 between 1.1.1.9 100 encapsulation vlan
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
mpls ldp remote-peer 5.5.5.9
remote-ip 5.5.5.9
#
interface Vlanif30
ip address 20.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 30.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
return
l Configuration file of P2
#
sysname P2
#
vlan batch 40 50
#
mpls lsr-id 4.4.4.9
mpls
#
mpls ldp
#
interface Vlanif40
ip address 30.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
ip address 40.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 50
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 30.1.1.0 0.0.0.255
network 40.1.1.0 0.0.0.255
#
return
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface Vlanif50
ip address 40.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif60
mpls l2vc pw-template pwt 200
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 50
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 60
#
interface LoopBack0
ip address 5.5.5.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 5.5.5.9 0.0.0.0
network 40.1.1.0 0.0.0.255
#
return
Networking Requirements
U-PE1 and U-PE2 are connected through the MPLS backbone network.
You need to create a mixed MH-PW between U-PE1 and U-PE2 with the S-PE as the switching
node.
P1 S-PE P2
GE1/0/0 GE1/0/0
GE2/0/0 GE2/0/0
GE1/0/0 GE2/0/0
GE2/0/0
GE1/0/0
GE1/0/0 GE1/0/0
CE1 CE2
Loopback0 - 1.1.1.9/32
GigabitEthernet2/0/0 VLANIF 60 -
Loopback0 - 5.5.5.9/32
Loopback0 - 2.2.2.9/32
Loopback0 - 4.4.4.9/32
Loopback0 - 3.3.3.9/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Run an IGP protocol on the devices of the backbone network to implement connectivity.
2. Configure the basic MPLS functions on the backbone network and set up an LSP.
3. Set up a remote LDP session between the U-PE1 and S-PE.
4. Create a static or dynamic MPLS L2VC connection between the two U-PEs.
5. Create a switching PW on the S-PE.
Data Preparation
To complete the configuration, you need the following data:
l L2VC IDs on U-PE1 and U-PE2 (the L2VC IDs should be different)
l MPLS LSR-IDs of U-PE1, S-PE, and U-PE2
l VC label of the static PW on U-PE2 (pay attention to the mapping between the VC labels
on the two ends)
l Encapsulation type of the PW
l Name and attributes of the PW template used on U-PE2
Procedure
Step 1 Configure interface addresses for CE, U-PE,P and S-PE according to Figure 6-15, including
VLAN and VLANIF interfaces.
Configure addresses of the VLANIF interfaces on the U-PE, S-PE, and P according to Figure
6-15. When configuring OSPF, note that the 32-bit loopback interfaces of U-PE1, S-PE, and U-
PE2 must be advertised.
Step 3 Enable MPLS on U-PE1 and S-PE. Set up a tunnel and a remote LDP session between U-PE1
and S-PE.
Configure basic MPLS functions and tunnels on the MPLS backbone network. In this example,
the LSPs are configured as tunnels.
You need to set up a remote LDP session between U-PE1 and S-PE.
NOTE
When configuring mixed switching PW, note that ip-address vc-id on the left of between specifies the
dynamic PW, and ip-address vc-id on the right of between specifies the static PW. They cannot be
interchanged.
# Configure S-PE.
[S-PE] mpls l2vpn
[S-PE-l2vpn] quit
[S-PE] mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 trans 200 recv 100
encapsulation vlan
# Configure U-PE2.
[U-PE2] mpls l2vpn
[U-PE2-l2vpn] quit
[U-PE2] pw-template pwt
[U-PE2-pw-template-pwt] peer-address 3.3.3.9
[U-PE2-pw-template-pwt] quit
[U-PE2] interface vlanif 60
[U-PE2-Vlanif60] mpls static-l2vc pw-template pwt 200 transmit-vpn-label 100
receive-vpn-label 200
[U-PE2-Vlanif60] quit
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
l Configuration file of P1
#
sysname P1
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 20.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 30
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return
l Configuration file of S-PE
#
sysname S-PE
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 trans 200 recv 100
encapsulation vlan
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface Vlanif30
ip address 20.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 30.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
network 3.3.3.9 0.0.0.0
#
return
l Configuration file of P2
#
sysname P2
#
vlan batch 40 50
#
mpls lsr-id 4.4.4.9
mpls
#
mpls ldp
#
interface Vlanif 40
ip address 30.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 50
ip address 40.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 30.1.1.0 0.0.0.255
network 40.1.1.0 0.0.0.255
#
return
l Configuration file of U-PE2
#
sysname U-PE2
#
vlan batch 50 60
#
mpls lsr-id 5.5.5.9
mpls
#
mpls l2vpn
#
pw-template pwt
peer-address 3.3.3.9
#
mpls ldp
#
interface Vlanif 50
ip address 40.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 50
PW1
Loopback1 Loopback1
2.2.2.2/32 4.4.4.4/32
GE1/0/0
GE1/0/1 GE1/0/1
GE1/0/0
Loopback1
1.1.1.1/32 P1 PE2
CE1 CE2
GE1/0/0
GE1/0/1
GE1/0/0
GE1/0/0 PE1 Loopback1 Loopback1
GE1/0/2 3.3.3.3/32 5.5.5.5/32 GE1/0/1
GE1/0/0
GE1/0/1
GE1/0/0 GE1/0/1
P2 PE3
PW2
Loopback1 - 1.1.1.1/32
GigabitEthernet1/0/1 VLANIF 50 -
Loopback1 - 4.4.4.4/32
GigabitEthernet1/0/1 VLANIF 70 -
Loopback1 - 5.5.5.5/32
Loopback1 - 2.2.2.2/32
Loopback1 - 4.4.4.9/32
10.1.2.1/30(Secondary IP Address)
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure interface addresses for CE, PE,and P according to Figure 6-16, including VLAN and
VLANIF interfaces.
Step 2 Configure an IGP protocol on the MPLS backbone network so that PEs and P can interwork.
After the configuration, run the display ip routing-table command on the PEs, and you can see
that PE1 and PE2, and PE1 and PE3 have learned the routes on the Loopback1 interface of each
other.
Step 3 Configure the basic MPLS capabilities on the MPLS backbone network.
# Enable MPLS, and set LSR-ID as the IP address of the Loopback1 interface. Enable MPLS
and MPLS LDP on interfaces on the backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit
[PE1] interface vlanif 30
[PE1-Vlanif30] mpls
[PE1-Vlanif30] mpls ldp
[PE1-Vlanif30] quit
# The configuration procedures of P1, P2, PE2, and PE3 are the same as the configuration
procedure of PE1 and are not mentioned.
After the configuration, run the display tunnel-info all command on PEs. You can see that
MPLS LSPs are set up between PE1 and PE2, and between PE1 and PE3.
Take the display on PE1 for example.
<PE1> display tunnel-info all
* -> Allocated VC Token
Tunnel ID Type Destination Token
----------------------------------------------------------------------
0x10020 lsp 2.2.2.2 0
0x10021 lsp -- 1
0x10022 lsp 3.3.3.3 2
0x10023 lsp -- 3
0x10024 lsp 4.4.4.4 4
0x10025 lsp -- 5
0x10026 lsp 5.5.5.5 6
0x10027 lsp -- 7
Run the display mpls ldp session command on PE, and you can see that the LDP peer relation
between the PE and the neighboring P is in Operational state.
Take the display on PE1 for example.
<PE1> display mpls ldp session
NOTE
If the PEs are directly connected, you do not need to manually configure remote LDP sessions between
them.
# Configure PE1.
[PE1] mpls ldp remote-peer 4.4.4.4
[PE1-mpls-ldp-remote-4.4.4.4] remote-ip 4.4.4.4
[PE1-mpls-ldp-remote-4.4.4.4] quit
[PE1] mpls ldp remote-peer 5.5.5.5
[PE1-mpls-ldp-remote-5.5.5.5] remote-ip 5.5.5.5
[PE1-mpls-ldp-remote-5.5.5.5] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE2-mpls-ldp-remote-1.1.1.1] quit
# Configure PE3.
[PE3] mpls ldp remote-peer 1.1.1.1
[PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1
[PE3-mpls-ldp-remote-1.1.1.1] quit
After the configuration, run the display mpls ldp session command on PEs. You can see that
the LDP peer relation is in Operational state. This indicates that the LDP sessions are set up.
Take the display on PE1 for example.
<PE1> display mpls ldp session
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
# Configure PE3.
[PE3] mpls l2vpn
[PE3-l2vpn] quit
[PE3] pw-template 3to1
[PE3-pw-template-3to1] peer 1.1.1.1
[PE3-pw-template-3to1] control-word
[PE3-pw-template-3to1] quit
[PE3] interface vlanif 70
[PE3-Vlanif70] mpls l2vc pw-template 3to1 200
[PE3-Vlanif70] quit
After the configuration, run the display mpls l2vc interface command on PEs. You can see that
PWs are set up and are in the Active state. In addition, you can find that the BFD for PW function
is disabled on the PWs.
On the two PEs of a BFD session, the local discriminator of the local PE must match the remote
discriminator of the remote PE, and the remote discriminator of the local PE must match the local
discriminator of the remote PE. The discriminators cannot be modified after configuration.
# Configure PE1.
[PE1] bfd
[PE1-bfd] quit
[PE1] bfd for pw enable
[PE1] bfd 1to2 bind pw interface vlanif 10
[PE1-bfd-lsp-session-1to2] discriminator local 12
[PE1-bfd-lsp-session-1to2] discriminator remote 21
[PE1-bfd-lsp-session-1to2] commit
[PE1-bfd-lsp-session-1to2] quit
# Configure PE2.
[PE2] bfd
[PE2-bfd] quit
[PE2] bfd for pw enable
[PE2] bfd 2to1 bind pw interface vlanif 50
[PE2-bfd-lsp-session-2to1] discriminator local 21
[PE2-bfd-lsp-session-2to1] discriminator remote 12
[PE2-bfd-lsp-session-2to1] commit
[PE2-bfd-lsp-session-2to1] quit
# Configure PE3.
[PE3] bfd
[PE3-bfd] quit
[PE3] bfd for pw enable
[PE3] bfd 3to1 bind pw interface vlanif 70
[PE3-bfd-lsp-session-3to1] discriminator local 31
[PE3-bfd-lsp-session-3to1] discriminator remote 13
[PE3-bfd-lsp-session-3to1] commit
[PE3-bfd-lsp-session-3to1] quit
After the configuration, BFD sessions are established between PE1 and PE2, and between PE1
and PE3. Run the display bfd session all command. You can see that the status of the BFD
sessions is Up.
Take the display on PE1 for example.
<PE1> display bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr InterfaceName State Type
--------------------------------------------------------------------------------
12 21 --.--.--.-- Vlanif10 Up S_PW(M)
13 31 --.--.--.-- Vlanif10 Up S_PW(S)
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 2/0
Run the display bfd configuration all command. You can view information about the BFD
configuration, and you can see that the Commit field is True.
<PE1> display bfd configuration all
--------------------------------------------------------------------------------
CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown
--------------------------------------------------------------------------------
1to2 Static_PW(M) 12 256 1 True False
1to3 Static_PW(S) 13 257 1 True False
--------------------------------------------------------------------------------
Total Commit/Uncommit CFG Number : 2/0
AC state : up
VC state : up
VC ID : 100
VC type : VLAN
destination : 4.4.4.4
local group ID : 0 remote group ID : 0
local VC label : 23552 remote VC label : 23552
local AC OAM State : up
local PSN State : up
local forwarding state : forwarding
local status code : 0x0
remote AC OAM state : up
remote PSN state : up
remote forwarding state: forwarding
remote status code : 0x0
BFD for PW : available
BFD sessionIndex : 256 BFD state : up
manual fault : not set
active state : active
forwarding entry : exist
link state : up
local VC MTU : 4470 remote VC MTU : 4470
local VCCV : cw alert lsp-ping bfd
remote VCCV : cw alert lsp-ping bfd
local control word : enable remote control word : enable
tunnel policy : --
traffic behavior : --
PW template name : 1to2
primary or secondary : primary
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL type : lsp , TNL ID : 0x48002004
create time : 0 days, 1 hours, 17 minutes, 55 seconds
up time : 0 days, 1 hours, 16 minutes, 47 seconds
last change time : 0 days, 1 hours, 16 minutes, 47 seconds
VC last up time : 2010-11-24 12:31:31
VC total up time: 0 days, 2 hours, 13 minutes, 55 seconds
CKey : 14
NKey : 1
PW redundancy mode : --
AdminPw interface : --
AdminPw link state : --
Perform the shutdown command on VLANIF 20 of PE1 to simulate a fault on the master PW.
Then, the primary address of CE1 cannot ping 10.1.1.2 on CE2. The backup PW starts to work
so that the secondary address of CE1 can ping 10.1.2.2 on CE2.
<CE1> ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
# Run the display mpls l2vc interface command on PE to view the PW status. You can find
that the VC of the master PW is Down and the BFD for PW function is unavailable. In addition,
the VC of the backup PW is Up, the BFD for PW function is available, and the BFD session is
Up.
<PE1> display mpls l2vc interface Vlanif 10
*client interface : Vlanif10 is up
Administrator PW : no
session state : down
AC state : up
VC state : down
VC ID : 100
VC type : VLAN
destination : 4.4.4.4
local group ID : 0 remote group ID : 0
local VC label : 23552 remote VC label : 0
local AC OAM State : up
local PSN State : up
local forwarding state : not forwarding
BFD for PW : unavailable
manual fault : not set
active state : inactive
forwarding entry : not exist
link state : down
local VC MTU : 1500 remote VC MTU : 0
local VCCV : cw alert lsp-ping bfd
remote VCCV : cw alert lsp-ping bfd
local control word : enable remote control word : none
tunnel policy : --
traffic behavior : --
PW template name : 1to2
primary or secondary : primary
VC tunnel/token info : 0 tunnels/tokens
create time : 0 days, 0 hours, 30 minutes, 58 seconds
up time : 0 days, 0 hours, 0 minutes, 0 seconds
last change time : 0 days, 0 hours, 6 minutes, 46 seconds
VC last up time : 2010-11-24 12:31:31
VC total up time : 0 days, 2 hours, 12 minutes, 51 seconds
CKey : 14
NKey : 1
PW redundancy mode : --
AdminPw interface : --
AdminPw link state : --
NKey : 15
PW redundancy mode : --
AdminPw interface : --
AdminPw link state : --
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.252
ip address 10.1.2.1 255.255.255.252 sub
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
#
pw-template 1to3
peer-address 5.5.5.5
control-word
#
mpls ldp
#
mpls ldp remote-peer 4.4.4.4
remote-ip 4.4.4.4
#
mpls ldp remote-peer 5.5.5.5
remote-ip 5.5.5.5
#
interface Vlanif10
mpls l2vc pw-template 1to2 100
mpls l2vc pw-template 1to3 200 secondary
#
interface Vlanif20
ip address 100.1.1.1 255.255.255.252
mpls
mpls ldp
#
interface Vlanif30
ip address 200.1.1.1 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid tagged vlan 10
#
interface GigabitEthernet1/0/1
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface GigabitEthernet1/0/2
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 100.1.1.0 0.0.0.3
network 200.1.1.0 0.0.0.3
#
bfd 1to2 bind pw interface Vlanif10
discriminator local 12
discriminator remote 21
commit
#
bfd 1to3 bind pw interface Vlanif10 secondary
discriminator local 13
discriminator remote 31
commit
#
return
l Configuration file of P1
#
sysname P1
#
vlan batch 20 40
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface Vlanif20
ip address 100.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface Vlanif40
ip address 100.2.1.1 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 40
port hybrid tagged vlan 40
#
interface GigabitEthernet1/0/1
port hybrid pvid vlan 20
control-word
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
interface Vlanif40
ip address 100.2.1.2 255.255.255.252
mpls
mpls ldp
#
interface Vlanif50
mpls l2vc pw-template 2to1 100
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 40
port hybrid tagged vlan 40
#
interface GigabitEthernet1/0/1
port hybrid pvid vlan 50
port hybrid tagged vlan 50
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 100.2.1.0 0.0.0.3
#
bfd 2to1 bind pw interface Vlanif50
discriminator local 21
discriminator remote 12
commit
#
return
l Configuration file of PE3
#
sysname PE3
#
vlan batch 60 70
#
bfd
#
bfd for pw enable
#
mpls lsr-id 5.5.5.5
mpls
#
mpls l2vpn
#
pw-template 3to1
peer-address 1.1.1.1
control-word
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.1
remote-ip 1.1.1.1
#
interface Vlanif60
ip address 200.2.1.2 255.255.255.252
mpls
mpls ldp
#
interface Vlanif70
Figure 6-17 Networking diagram for configuring dynamic BFD for SH-PW
MPLS Backbone
GE2/0/0 GE2/0/0
GE1/0/0 GE2/0/0
PE1 PE2
GE1/0/0 P GE1/0/0
PW
GE1/0/0 GE1/0/0
CE2
CE1
Loopback0 - 1.1.1.9/32
Loopback0 - 3.3.3.9/32
Loopback0 - 2.2.2.9/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Establish an MPLS L2VPN in SH-PW mode between CE1 and CE2.
2. Enable MPLS L2VPN and create VC connections on PE1 and PE2.
3. Configure the basic BFD capability and trigger the dynamic BFD for PW on PEs.
Data Preparation
To complete the configuration, you need the following data:
l IP addresses of all the interfaces
Procedure
Step 1 Configure interface addresses for CE, PE,and P according to Figure 6-17, including VLAN and
VLANIF interfaces.
The configuration procedure is not mentioned.
Step 2 Configure an IGP protocol on the MPLS backbone network.
The OSPF protocol is used in this example.
# Configure PE1.
[PE1] interface loopback 0
[PE1-Loopback0] ip address 1.1.1.9 32
[PE1-Loopback0] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip address 100.1.1.1 30
[PE1-Vlanif20] quit
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3
# Configure the P.
[P] interface loopback 0
[P-Loopback0] ip address 2.2.2.9 32
[P-Loopback0] quit
[P] interface vlanif 20
[P-Vlanif20] ip address 100.1.1.2 30
[P-Vlanif20] quit
[P] interface vlanif 40
[P-Vlanif40] ip address 100.2.1.1 30
[P-Vlanif40] quit
[P] ospf 1
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.3
[P-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.3
# Configure PE2.
[PE2] interface loopback 0
[PE2-Loopback0] ip address 3.3.3.9 32
[PE2-Loopback0] quit
[PE2] interface vlanif 40
[PE2-Vlanif40] ip address 100.2.1.2 30
[PE2-Vlanif40] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.3
After the configuration, run the display ip routing-table command on the PEs, and you can see
that PE1 and PE2 have learned the routes on the Loopback0 interface of each other.
Take the display on PE1 for example.
<PE1> display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Step 3 Configure the basic MPLS capabilities on the MPLS backbone network.
# Enable MPLS, and set LSR-ID as the IP address of the Loopback0 interface. Enable MPLS
and MPLS LDP on interfaces on the backbone network.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit
# Configure the P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
[P] interface vlanif 40
[P-Vlanif40] mpls
[P-Vlanif40] mpls ldp
[P-Vlanif40] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 40
[PE2-Vlanif40] mpls
[PE2-Vlanif40] mpls ldp
[PE2-Vlanif40] quit
After the configuration, run the display tunnel-info all command on PEs. You can see that
MPLS LSPs are set up between PE1 and PE2.
Take the display on PE1 for example.
<PE1> display tunnel-info all
* -> Allocated VC Token
Run the display mpls ldp session command on PE, and you can see that the LDP peer relation
between the PE and the neighboring P is in Operational state.
Take the display on PE1 for example.
<PE1> display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Passive 0000:00:02 10/10
------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.
NOTE
If the PEs are directly connected, you do not need to manually configure remote LDP sessions between
them.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.1] quit
After the configuration, run the display mpls ldp session command on PEs. You can see that
the LDP peer relation is in Operational state. This indicates that the LDP sessions are set up.
Take the display on PE1 for example.
<PE1> display mpls ldp session
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2] pw-template 2to1
[PE2-pw-template-2to1] peer 1.1.1.9
[PE2-pw-template-2to1] control-word
[PE2-pw-template-2to1] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls l2vc pw-template 2to1 100
[PE2-Vlanif30] quit
After the configuration, run the display mpls l2vc interface command on PEs. You can see that
PWs are set up and are in the Active state. In addition, you can find that the BFD for PW function
is disabled on the PWs.
# Configure PE2.
[PE2] bfd
[PE2-bfd] quit
[PE2] bfd for pw enable
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100
[PE2-Vlanif30] quit
# Run the display mpls l2vc interface command on PE to view the PW status. You can see that
the BFD for PW function is enabled and the BFD session is Up.
Take the display on PE1 for example.
<PE1> display mpls l2vc interface Vlanif 10
*client interface : Vlanif10 is up
Administrator PW : no
session state : up
AC state : up
VC state : up
VC ID : 100
VC type : VLAN
destination : 3.3.3.9
local group ID : 0 remote group ID : 0
local VC label : 23552 remote VC label : 23552
local AC OAM State : up
local PSN State : up
local forwarding state : forwarding
local status code : 0x0
remote AC OAM state : up
remote PSN state : up
remote forwarding state: forwarding
remote status code : 0x0
Dynamic BFD for PW : available
Detect Multipier : 3
Min Transit Interval : 100
Max Receive Interval : 100
Dynamic BFD Session : built
BFD for PW : available
BFD sessionIndex : 256 BFD state : up
# Run the display bfd session all verbose command on PE to view the status of the BFD session.
You can find that the BFD session is Up, the BFD session is bound to a PW, and the type of the
BFD session is dynamic.
Take the display on PE1 for example.
<PE1> display bfd session all verbose
--------------------------------------------------------------------------------
Session MIndex : 256 (One Hop) State : Up Name : dyn_8192
--------------------------------------------------------------------------------
Local Discriminator : 8192 Remote Discriminator : 8192
Session Detect Mode : Asynchronous Mode Without Echo Function
BFD Bind Type : PW(Master)
Bind Session Type : Dynamic
Bind Peer Ip Address : --.--.--.--
NextHop Ip Address : --.--.--.--
Bind Interface : Vlanif10
FSM Board Id : 1 TOS-EXP : 6
Min Tx Interval (ms) : 100 Min Rx Interval (ms) : 100
Actual Tx Interval (ms): 100 Actual Rx Interval (ms): 100
Local Detect Multi : 3 Detect Interval (ms) : 300
Echo Passive : Disable Acl Number : --
Proc interface status : Disable Process PST : Enable
WTR Interval (ms) : -- Local Demand Mode : Disable
Active Multi : 3
Last Local Diagnostic : No Diagnostic
Bind Application : L2VPN | OAM_MANAGER | MPLSFW
Session TX TmrID : -- Session Detect TmrID : --
Session Init TmrID : -- Session WTR TmrID : --
Session Echo Tx TmrID : --
PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0
Session Description : --
--------------------------------------------------------------------------------
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.252
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
l Configuration file of PE1
#
sysname PE1
#
vlan batch 10 20
#
bfd
#
bfd for pw enable
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
pw-template 1to2
peer-address 3.3.3.9
control-word
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface Vlanif10
mpls l2vc pw-template 1to2 100
mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100
#
interface Vlanif20
ip address 100.1.1.1 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid tagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface Loopback0
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 100.1.1.0 0.0.0.3
#
return
l Configuration file of P
#
sysname P
#
vlan batch 20 40
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 100.1.1.2 255.255.255.252
mpls
mpls ldp
#
interface Vlanif40
ip address 100.2.1.1 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 40
port hybrid tagged vlan 40
#
interface Loopback0
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 100.1.1.0 0.0.0.3
network 100.2.1.0 0.0.0.3
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 30 40
#
bfd
#
bfd for pw enable
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
pw-template 2to1
peer-address 1.1.1.9
control-word
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface Vlanif30
mpls l2vc pw-template 2to1 100
mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100
#
interface Vlanif40
ip address 100.2.1.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet2/0/0
Figure 6-18 Networking diagram for configuring dynamic BFD for MH-PW
Loopback0 Loopback0 Loopback0
2.2.2.9/32 3.3.3.9/32 4.4.4.9/32
P1 S-PE P2
GE1/0/0 GE1/0/0
GE2/0/0 GE2/0/0
GE1/0/0 GE2/0/0
Loopback0 PW Loopback0
1.1.1.9/32 100 20 5.5.5.9/32
PW 0
GE2/0/0 GE1/0/0
GE1/0/0 GE1/0/0
CE1 CE2
Loopback0 - 1.1.1.9/32
GigabitEthernet2/0/0 VLANIF 60 -
Loopback0 - 5.5.5.9/32
Loopback0 - 2.2.2.9/32
Loopback0 - 4.4.4.9/32
Loopback0 - 3.3.3.9/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Run an IGP protocol on the devices of the backbone network to implement connectivity.
2. Configure the basic MPLS functions on the backbone network and set up an LSP. Set up
MPLS LDP peer relations between U-PE1 and S-PE, and between U-PE2 and S-PE.
3. Create a PW template. Enable the CW and LSP ping function.
4. Create an MPLS L2VC connection between the two U-PEs.
5. Create a switching PW on the switching node S-PE.
6. Configure the basic BFD capability and trigger the dynamic BFD for PW on U-PEs.
Data Preparation
To complete the configuration, you need the following data:
l IP addresses of the interfaces, including VLAN interfaces and VLANIF interfaces
l LSR IDs of the devices
l VC-ID of the PW
l BFD parameters
Procedure
Step 1 Configure the IDs of the VLANs to which the interfaces of CE, PE, and P belong according to
Figure 6-18.
Step 2 Assign an IP address to the VLANIF interface connecting the CE to the PE.
The configuration procedure is not mentioned.
Step 3 Configure an IGP protocol on the MPLS backbone network.
Configure an IGP protocol on the MPLS backbone network. OSPF is used as the IGP protocol
in this example.
Configure interface addresses of the U-PE, S-PE, and P. When configuring OSPF, note that the
32-bit loopback interfaces of U-PE1, S-PE, and U-PE2 must be advertised.
# Configure U-PE1.
[U-PE1] interface loopback 0
[U-PE1-LoopBack0] ip address 1.1.1.9 32
[U-PE1-LoopBack0] quit
[U-PE1] interface vlanif 20
[U-PE1-Vlanif20] ip address 10.1.1.1 24
[U-PE1-Vlanif20] quit
[U-PE1] ospf 1
[U-PE1-ospf-1] area 0.0.0.0
[U-PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[U-PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[U-PE1-ospf-1-area-0.0.0.0] quit
[U-PE1-ospf-1] quit
# Configure P1.
[P1] interface loopback 0
[P1-LoopBack0] ip address 2.2.2.9 32
[P1-LoopBack0] quit
# Configure S-PE.
[S-PE] interface loopback 0
[S-PE-LoopBack0] ip address 3.3.3.9 32
[S-PE-LoopBack0] quit
[S-PE] interface vlanif 30
[S-PE-Vlanif30] ip address 20.1.1.2 24
[S-PE-Vlanif30] quit
[S-PE] interface vlanif 40
[S-PE-Vlanif40] ip address 30.1.1.1 24
[S-PE-Vlanif40] quit
[S-PE] ospf 1
[S-PE-ospf-1] area 0.0.0.0
[S-PE-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[S-PE-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[S-PE-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[S-PE-ospf-1-area-0.0.0.0] quit
[S-PE-ospf-1] quit
# Configure P2.
[P2] interface loopback 0
[P2-LoopBack0] ip address 4.4.4.9 32
[P2-LoopBack0] quit
[P2] interface vlanif 40
[P2-Vlanif40] ip address 30.1.1.2 24
[P2-Vlanif40] quit
[P2] interface vlanif 50
[P2-Vlanif50] ip address 40.1.1.1 24
[P2-Vlanif50] quit
[P2] ospf 1
[P2-ospf-1] area 0.0.0.0
[P2-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[P2-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255
[P2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0
[P2-ospf-1-area-0.0.0.0] quit
[P2-ospf-1] quit
# Configure U-PE2.
[U-PE2] interface loopback 0
[U-PE2-LoopBack0] ip address 5.5.5.9 32
[U-PE2-LoopBack0] quit
[U-PE2] interface vlanif 50
[U-PE2-Vlanif50] ip address 40.1.1.2 24
[U-PE2-Vlanif50] quit
[U-PE2] ospf 1
[U-PE2-ospf-1] area 0.0.0.0
[U-PE2-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255
[U-PE2-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[U-PE2-ospf-1-area-0.0.0.0] quit
[U-PE2-ospf-1] quit
After the configuration, run the display ip routing-table command on U-PE, P, or S-PE, and
you can see that the devices can learn each other's routes. Take the display on S-PE for example.
The U-PEs can ping each other. Take the display on U-PE1 for example.
<U-PE1> ping 40.1.1.2
PING 40.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 40.1.1.2: bytes=56 Sequence=1 ttl=252 time=160 ms
Reply from 40.1.1.2: bytes=56 Sequence=2 ttl=252 time=120 ms
Reply from 40.1.1.2: bytes=56 Sequence=3 ttl=252 time=150 ms
Reply from 40.1.1.2: bytes=56 Sequence=4 ttl=252 time=150 ms
Reply from 40.1.1.2: bytes=56 Sequence=5 ttl=252 time=160 ms
Configure the basic MPLS capability on the MPLS backbone network. Set up tunnels and LDP
sessions between U-PE1 and S-PE, and between S-PE and U-PE2.
# Configure U-PE1.
[U-PE1] mpls lsr-id 1.1.1.9
[U-PE1] mpls
[U-PE1-mpls] quit
[U-PE1] mpls ldp
[U-PE1-mpls-ldp] quit
[U-PE1] interface vlanif 20
[U-PE1-Vlanif20] mpls
[U-PE1-Vlanif20] mpls ldp
[U-PE1-Vlanif20] quit
[U-PE1] mpls ldp remote-peer 3.3.3.9
[U-PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[U-PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure P1.
[P1] mpls lsr-id 2.2.2.9
[P1] mpls
[P1-mpls] quit
[P1] mpls ldp
[P1-mpls-ldp] quit
# Configure S-PE.
[S-PE] mpls lsr-id 3.3.3.9
[S-PE] mpls
[S-PE-mpls] quit
[S-PE] mpls ldp
[S-PE-mpls-ldp] quit
[S-PE] interface vlanif 30
[S-PE-Vlanif30] mpls
[S-PE-Vlanif30] mpls ldp
[S-PE-Vlanif30] quit
[S-PE] interface vlanif 40
[S-PE-Vlanif40] mpls
[S-PE-Vlanif40] mpls ldp
[S-PE-Vlanif40] quit
[S-PE] mpls ldp remote-peer 1.1.1.9
[S-PE-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[S-PE-mpls-ldp-remote-1.1.1.9] quit
[S-PE] mpls ldp remote-peer 5.5.5.9
[S-PE-mpls-ldp-remote-5.5.5.9] remote-ip 5.5.5.9
[S-PE-mpls-ldp-remote-5.5.5.9] quit
# Configure P2.
[P2] mpls lsr-id 4.4.4.9
[P2] mpls
[P2-mpls] quit
[P2] mpls ldp
[P2-mpls-ldp] quit
[P2] interface vlanif 40
[P2-Vlanif40] mpls
[P2-Vlanif40] mpls ldp
[P2-Vlanif40] quit
[P2] interface vlanif 50
[P2-Vlanif50] mpls
[P2-Vlanif50] mpls ldp
[P2-Vlanif50] quit
# Configure U-PE2.
[U-PE2] mpls lsr-id 5.5.5.9
[U-PE2] mpls
[U-PE2-mpls] quit
[U-PE2] mpls ldp
[U-PE2-mpls-ldp] quit
[U-PE2] interface vlanif 50
[U-PE2-Vlanif50] mpls
[U-PE2-Vlanif50] mpls ldp
[U-PE2-Vlanif50] quit
[U-PE2] mpls ldp remote-peer 3.3.3.9
[U-PE2-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[U-PE2-mpls-ldp-remote-3.3.3.9] quit
After the configuration, run thedisplay mpls ldp session command on U-PE, P, or S-PE, and
you can see that the session status is Operational. Run the display mpls ldp peer command, and
you can see the status of the LDP sessions and adjacencies. Run the display mpls lsp command,
and you can see the status of the LSP. Take the display on S-PE for example.
<S-PE> display mpls ldp session
# Configure U-PE2.
[U-PE2] pw-template pwt
[U-PE2-pw-template-pwt] peer-address 3.3.3.9
[U-PE2-pw-template-pwt] control-word
[U-PE2-pw-template-pwt] quit
NOTE
PWE3 does not support point-to-multipoint (P2MP). When you create an MPLS L2VC on an ATM sub-
interface, the ATM sub-interface must be in the point-to-point (P2P) type. When you configure the
transparent transmission of ATM cells, the type of the ATM sub-interface is not restricted.
# Configure U-PE1.
[U-PE1] mpls l2vpn
[U-PE1-l2vpn] quit
[U-PE1] interface vlanif 10
[U-PE1-Vlanif10] mpls l2vc pw-template pwt 100
[U-PE1-Vlanif10] quit
# Configure S-PE.
[S-PE] mpls l2vpn
[S-PE-l2vpn] quit
[S-PE] mpls switch-l2vc 1.1.1.9 100 between 5.5.5.9 200 encapsulation vlan
# Configure U-PE2.
[U-PE2] mpls l2vpn
[U-PE2-l2vpn] quit
[U-PE2] interface vlanif 60
[U-PE2-Vlanif60] mpls l2vc pw-template pwt 200
[U-PE2-Vlanif60] quit
After the preceding configuration, run the display mpls l2vc interface command on U-PEs to
check L2VPN connections. You can see that PWs are set up and in Active state. In addition, you
can find that the BFD for PW function is disabled on the PWs.
Take the display on U-PE1 for example.
<U-PE1> display mpls l2vc interface vlanif 10
*client interface : Vlanif10 is up
Administrator PW : no
session state : up
AC state : up
VC state : up
VC ID : 100
VC type : VLAN
destination : 3.3.3.9
local group ID : 0 remote group ID : 0
local VC label : 23552 remote VC label : 23552
local AC OAM State : up
local PSN State : up
local forwarding state : forwarding
local status code : 0x0
remote AC OAM state : up
remote PSN state : up
remote forwarding state: forwarding
local status code : 0x0
BFD for PW : available
manual fault : not set
active state : active
forwarding entry : exist
link state : up
local VC MTU : 1500 remote VC MTU : 1500
local VCCV : cw alert lsp-ping bfd
remote VCCV : cw alert lsp-ping bfd
local control word : enable remote control word : enable
tunnel policy : --
traffic behavior : --
PW template name : pwt
primary or secondary : primary
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL type : lsp , TNL ID : 0x20023
create time : 0 days, 0 hours, 2 minutes, 40 seconds
# Configure U-PE2.
[U-PE2] bfd
[U-PE2-bfd] quit
[U-PE2] bfd for pw enable
[U-PE2] interface vlanif 60
[U-PE2-Vlanif60] mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 remote-
vcid 100
[U-PE2-Vlanif60] quit
# Run the display mpls l2vc interface command on U-PEs to view the PW status. You can see
that the BFD for PW function is enabled and the BFD session is Up.
Take the display on U-PE1 for example.
<U-PE1> display mpls l2vc interface vlanif 10
*client interface : Vlanif10 is up
Administrator PW : no
session state : up
AC state : up
VC state : up
VC ID : 100
VC type : VLAN
destination : 3.3.3.9
local group ID : 0 remote group ID : 0
local VC label : 23552 remote VC label : 23552
local AC OAM State : up
local PSN State : up
local forwarding state : forwarding
# Run the display bfd session all verbose command on U-PEs to view the status of the BFD
session. You can find that the BFD session is Up, the BFD session is bound to a PW, and the
type of the BFD session is dynamic.
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface Vlanif10
mpls l2vc pw-template pwt 100
mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 remote-vcid 200
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid tagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
return
l Configuration file of P1
#
sysname P1
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 20.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 10.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
#
return
l Configuration file of S-PE
#
sysname S-PE
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls switch-l2vc 5.5.5.9 200 between 1.1.1.9 100 encapsulation vlan
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
mpls ldp remote-peer 5.5.5.9
remote-ip 5.5.5.9
#
interface Vlanif30
ip address 20.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 30.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 40
port hybrid tagged vlan 40
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
#
return
l Configuration file of P2
#
sysname P2
#
vlan batch 40 50
#
mpls lsr-id 4.4.4.9
mpls
#
mpls ldp
#
interface Vlanif40
ip address 30.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
ip address 40.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 40
port hybrid tagged vlan 40
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 50
port hybrid tagged vlan 50
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 30.1.1.0 0.0.0.255
network 40.1.1.0 0.0.0.255
#
return
l Configuration file of U-PE2
#
sysname U-PE2
#
vlan batch 50 60
#
bfd
#
bfd for pw enable
#
mpls lsr-id 5.5.5.9
mpls
#
mpls l2vpn
#
pw-template pwt
peer-address 3.3.3.9
control-word
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface Vlanif50
ip address 40.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif60
mpls l2vc pw-template pwt 200
mpls l2vpn pw bfd min-rx-interval 100 min-tx-interval 100 remote-vcid 100
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 50
port hybrid tagged vlan 50
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 60
port hybrid tagged vlan 60
#
interface LoopBack0
ip address 5.5.5.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 5.5.5.9 0.0.0.0
network 40.1.1.0 0.0.0.255
#
return
interface Vlanif60
ip address 100.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 60
#
return
Networking Requirements
As shown in Figure 6-19, the Option A scheme is used to establish the inter-AS PWE3.
GE1/0/0 GE1/0/0
CE1 CE2
Loopback0 - 1.1.1.9/32
GigabitEthernet2/0/0 VLANIF 50 -
Loopback0 - 4.4.4.9/32
GigabitEthernet2/0/0 VLANIF 30 -
Loopback0 - 2.2.2.9/32
Loopback0 - 3.3.3.9/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Run an IGP protocol on the backbone network so that the devices in the same AS can
communicate with each other.
2. Configure the basic MPLS capability on the backbone network and establish dynamic LSPs
between PEs and ASBR-PEs in the same AS. If PEs and ASBR-PEs are not directly
connected, establish a remote LDP session.
3. Establish MPLS L2VC connections between the PEs and ASBR-PEs in the same AS.
Data Preparation
To complete the configuration, you need the following data:
l IS-IS data
l IP addresses of the peers (addresses of loopback interfaces on the peers)
l MPLS LSR-IDs of PEs and ASBR-PEs (addresses of the local loopback interfaces)
l L2VC ID
Procedure
Step 1 Configure the IDs of the VLANs to which the interfaces belong according to Figure 6-19.
The configuration procedure is not mentioned.
Step 2 Configure an IGP protocol on the MPLS backbone network.
PEs and ASBR-PEs on the MPLS backbone network can communicate with each other by using
IGP.
In this example, IS-IS is used as IGP and the configuration procedure is not mentioned.
After the configuration, the IS-IS neighbor relation can be established between the ASBR-PE
and the PE in the same AS. Run the display isis peercommand, and you can find that the neighbor
relation is Up.
Take the display on ASBR-PE1 for example.
<ASBR-PE1> display isis peer
Run the display ip routing-table command, and you can see that the PEs and ASBR-PEs can
learn the loopback routes of each other.
Take the display on ASBR-PE1 for example.
<ASBR-PE1> display ip routing-table
Route Flags: R - relied, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 9 Routes : 9
The ASBR-PEs and PEs in the same AS can ping each other.
Step 3 Enable MPLS and configure dynamic LSPs.
Configure the basic MPLS capability on the MPLS backbone network. Establish a dynamic LDP
LSP between the PE and ASBR-PE in the same AS.
After this step, an LSP is established between the PE and ASBR-PE in the same AS.
Take the display on ASBR-PE1 for example.
<ASBR-PE1> display mpls ldp session
# Configure ASBR-PE1.
[ASBR-PE1] mpls l2vpn
[ASBR-PE1-l2vpn] quit
[ASBR-PE1] interface vlanif 30
[ASBR-PE1-Vlanif30] mpls l2vc 1.1.1.9 100
[ASBR-PE1-Vlanif30] quit
# Configure ASBR-PE2.
[ASBR-PE2] mpls l2vpn
[ASBR-PE2-l2vpn] quit
[ASBR-PE2] interface vlanif 30
[ASBR-PE2-Vlanif30] mpls l2vc 4.4.4.9 100
[ASBR-PE2-Vlanif30] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2] interface vlanif 50
[PE2-Vlanif50] mpls l2vc 3.3.3.9 100
[PE2-Vlanif50] quit
# Configure CE1.
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 100.1.1.1 255.255.255.0
[CE1-Vlanif10] quit
# Configure CE2.
[CE2] interface vlanif 50
[CE2-Vlanif50] ip address 100.1.1.2 255.255.255.0
[CE2-Vlanif50] quit
VC state : up
VC ID : 100
VC type : VLAN
destination : 4.4.4.9
local group ID : 0 remote group ID : 0
local VC label : 21505 remote VC label : 21505
local AC OAM State : up
local PSN State : up
local forwarding state : forwarding
local status code : 0x0
remote AC OAM state : up
remote PSN state : up
remote forwarding state: forwarding
remote status code : 0x0
BFD for PW : unavailable
manual fault : not set
active state : active
forwarding entry : exist
link state : up
local VC MTU : 4470 remote VC MTU : 4470
local VCCV : Disable
remote VCCV : Disable
local control word : disable remote control word : disable
tunnel policy : --
traffic behavior : --
PW template name : --
primary or secondary : primary
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL type : lsp , TNL ID : 0x20021
create time : 0 days, 0 hours, 8 minutes, 7 seconds
up time : 0 days, 0 hours, 7 minutes, 26 seconds
last change time : 0 days, 0 hours, 7 minutes, 26 seconds
VC last up time : 2008-07-24 12:31:31
VC total up time : 0 days, 2 hours, 12 minutes, 51 seconds
CKey : 11
NKey : 10
PW redundancy mode : --
AdminPw interface : --
AdminPw link state : --
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
l Configuration file of PE1
#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
mpls l2vc 2.2.2.9 100
#
interface Vlanif20
ip address 10.1.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
isis enable 1
#
return
l Configuration file of ASBR-PE1
#
sysname ASBR-PE1
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0002.00
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Vlanif30
mpls l2vc 1.1.1.9 100
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 30
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
isis enable 1
#
return
l Configuration file of ASBR-PE2
#
sysname ASBR-PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0003.00
#
interface Vlanif30
mpls l2vc 4.4.4.9 100
#
interface Vlanif40
ip address 30.1.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
isis enable 1
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 40 50
#
mpls lsr-id 4.4.4.9
mpls
#
mpls l2vpn
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0004.00
#
interface Vlanif40
ip address 30.1.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Vlanif50
mpls l2vc 3.3.3.9 100
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 50
#
interface LoopBack0
ip address 4.4.4.9 255.255.255.255
isis enable 1
#
return
7 VPLS Configuration
When deploying VPLS in a larger scope, PEs or CEs may belong to different ASs. In such a
situation, you cannot directly establish PWs between PEs based on LDP. To address the problem,
you can configure inter-AS LDP VPLS.
7.9 Configuring Dual-homed Kompella VPLS
This section describes how to configure dual-homed Kompella VPLS. After dual-homed
Kompella VPLS is configured, VPLS reliability is enhanced, and thus preventing faults on each
PE.
7.10 Configuring Related Parameters of a VSI
This section describes how to set or adjust general VPLS parameters.
7.11 Configuring Suppression on VPLS Traffic
This section describes how to suppress the broadcast, multicast, and unknown unicast traffic on
the VPLS network.
7.12 Maintaining VPLS
Maintaining VPLS involves collecting, viewing, and clearing VPLS PW traffic statistics,
checking consistency of VPN configurations, enabling/disabling VSIs, clearing MAC address
entries, diagnosing MAC address learning capacity, detecting the forwarding process of VPLS
multicast traffic, checking the VPLS network connectivity, and detecting IP addresses.
7.13 Configuration Examples
You can learn the configuration procedures based on the configuration flowchart. Each
configuration example consists of such information as the networking requirements,
configuration notes, and configuration roadmap.
With the development of Ethernet technology, Ethernet has become a crucial LAN technology.
As an access technology, it is widely applied to Metropolitan Area Network (MAN) and Wide
Area Network (WAN).
Virtual Private LAN Service (VPLS) is used to connect more than one Ethernet LAN segment
through the PSN and make them operate in an environment similar to a LAN.
The VPLS is also called Transparent LAN Service (TLS) or Virtual Private Switched Network
Service, and differs from the point-to-point service of the common L2VPN. With the VPLS
technology, the service provider offers Ethernet-based multi-point service to clients through the
MPLS backbone network.
In a simple case, a VPLS contains multiple sites connected to the Provider Edge Device (PE) to
implement emulated LAN.
CE CE
site3
site1
VPLS- A PE PE VPLS- A
VPLS- A
CE
site5
In VPLS, the PSN simulates network bridge devices and forwards packets based on MAC
addresses, or MAC addresses and VLAN tags.
l PW
The Pseudo Wire (PW) is a virtual connection used to transmit frames between two PEs.
The PE establishes and maintains PWs through signaling and the two PEs on both ends of
a PW maintain the PW status.
l VSI
Every Virtual Switch Instance (VSI) offers separate VPLS service. The VSI implements
Ethernet bridge function and terminates PW.
l VC
The Virtual Circuit (VC) is a logical unidirectional circuit between two nodes. Two opposite
directional VCs constitute a PW. A VC can be used as a unidirectional PW.
l AC
The CE accesses the PE through the Attachment Circuit (AC) . The AC can be either a
physical link or a logical link. The AC transmits frames between the CE and the PE.
The PE implements VPLS forwarding by using the VSIs. Ethernet frames are forwarded between
the PEs through the fully-connected PW.
CE CE
VLAN3 VLAN3
VSI 1 VSI 1
PE PE
VSI 2 VSI 2
CE VSI 1 VSI 2 CE
VLAN2 VLAN2
PE
CE CE
VLAN3 VLAN2
l Member discovery: To find all the other PEs in the same VPLS, implement it by manually
configuring or by automatically running certain protocols. Automatically running the
protocols is called "automatic discovery".
l Signaling mechanism: The signaling protocol establishes, maintains and removes the PW
between the PEs in the same VPLS.
l Encapsulation: After receiving Ethernet frames from a CE, a PE sends them to the PSN
after encapsulation.
l Forwarding: After receiving Ethernet frames, a PE forwards the frames according to the
inbound interface and the destination MAC address of the frames.
l Decapsulation: After receiving Ethernet frames from a packet switched network, a PE
decapsulates the frames, and then forwards the frames to CEs.
The S7700 supports the implementation of the VPLS functions of the control plane in the BGP
or the LDP signaling mode:
Flooding
The Ethernet broadcasts the packets with unknown addresses. Therefore, in VPLS, the received
packets with unknown unicast addresses, broadcast addresses, or multicast addresses are flooded
to all the other ports. If multicast needs to be used, PEs need to adopt other methods such as
Internet Group Management Protocol (IGMP) snooping and Protocol Independent Multicast
(PIM) snooping.
Access Mode
On the S7700, the PE supports the following AC interfaces:
l XGE interfaces
l XGE sub-interfaces
l GE interfaces
l GE sub-interfaces
l Ethernet interfaces
l Ethernet sub-interfaces
l Eth-Trunk interfaces
l Eth-Trunk sub-interfaces
l VLANIF interfaces
The sub-interfaces can be dotlq sub-interfaces, QinQ sub-interfaces, VLAN mapping sub-
interfaces, or VLAN stacking sub-interfaces.
When XGE, GE, Ethernet, or Eth-Trunk interfaces are used as AC interfaces, the outer tags
carried in the packets sent from the AC to the PW are C tags (inserted by user devices, which
are meaningless to the SP) by default.
When sub-interfaces or VLANIF interfaces are used as AC interfaces, the outer tags carried in
the packets sent from the AC to the PW are S tags (inserted by SP devices, which are used to
differentiate user traffic) by default.
NOTE
l By default, physical interfaces on the S7700 are Layer 2 interfaces. When using XGE, GE, Ethernet,
and Eth-Trunk interfaces on the S7700 as AC interfaces, you need to run the undo portswitch command
to switch Layer 2 interfaces to Layer 3 interfaces.
l When using Ethernet, GE, XGE, or Eth-Trunk interfaces as AC interfaces, ensure that these interfaces
do not contain any sub-interfaces.
l If a VLAN is configured with IGMP snooping or MLD snooping, the VLANIF interface of the VLAN
cannot be used as an AC interface. To bind the VLANIF interface to a VSI, delete the IGMP snooping
or MLD snooping configuration from the VLAN first.
l Do not configure VSI and VLAN mapping for the same VLAN on an interface; otherwise, either VSI
or VLAN mapping will take effect.
When Dotlq or QinQ sub-interfaces function as AC interfaces, the Ethernet encapsulation cannot be used.
NOTE
When VLL or VPLS is deployed on the F48CEAT, G48SFA, or G48TFA, if the PVID on the outbound
interface is the same as the VLAN ID of the packets, the interface removes the VLAN tag from the packet;
otherwise, the VLAN tag is not removed.
HVPLS
The above mentioned VPLS requires that the PE devices forward the Ethernet frame through
the fully-connected Ethernet PW. Thus, each PE must set up connections with the other PEs in
the same VPLS. If a VPLS has the PE devices of the number N, the VPLS will possess the
connection of N x (N - 1)/2. When the number of PEs increases, the VPLS connection increases
by squares of N.
The introduction of the Hierarchical Virtual Private LAN Service (HVPLS) resolves the problem
caused by excessive connections.
Figure 7-3 shows the HVPLS basic model.
CE
AC PW SPE
CE
In the HVPLS model, PEs falls into the following two types:
l Underlayer PE (UPE)
It refers to the user aggregation device. It is directly connected with the CE. It is only
necessary for the UPE to set up the connection with a PE in the VPLS fully-connected
network. The UPE supports the routing and the MPLS encapsulation.If the UPE is
connected with multiple CEs and possesses the bridge function, the frame forwarding can
be performed on the UPE. Thus, the load on the SPE can be relieved.
l Superstratum PE (SPE)
The SPE refers to the core device that is connected with the UPE and located in the VPLS
fully-connected network. The SPE sets up the connections with all the other devices within
the VPLS fully-connected network.
The UPE connected with the SPE is like a CE to the SPE. The PW set up between the UPE
and the SPE works as the AC of the SPE. The SPE needs to learn the MAC addresses of
all the sites on the UPE side and that of the UPE interface connected with the SPE.
UPE1 UPE2
The UPEs add double MPLS labels to the packets sent by the CEs. The outer layer is the LSP
label and is switched when a packet passes through the devices on the access network. The inner
label is the VC label that identifies the VC. The inner label remains unchanged when a packet
is transmitted along the LSP.
The packets received by the SPEs contain double labels. The outer label, which is a public
network label, is popped up. The inner label decides which VSI the VLL accesses.
Figure 7-5 Networking diagram of the static VLL accessing the VPLS network in dual-homed
mode
SPE1 SPE3
UPE1 x UPE2
SPE2 SPE4
CE1 CE2
LDP Message
As shown in Figure 7-5, if a fault occurs on the LSP between the UPE1 and the SPE1, SPE1
detects the fault and asks the other SPEs to delete the related MAC addresses by sending LDP
messages.
The UPEs detect the LSP status through MPLS Operation Administration & Maintenance
(OAM). If a fault is detected, the traffic switchover is performed. After the switchover, the related
VSIs on the SPEs learn the MAC addresses afresh; thus, the traffic can return through the new
SPEs. Before other SPEs learn the MAC addresses, traffic must be broadcast.
After the fault is removed, the UPE receives double VLL broadcast traffic: one from the SPEs
before the switchover, the other from the SPEs after the switchover. The UPE decides which
broadcast traffic to be thrown away. After the fault is rectified, the traffic of the UPE is not
switched back to the original LSP. This is because the SPE is not triggered to send LDP packets
to other SPEs to delete MAC addresses before detecting LSP failures.
Inter-AS VPLS
Martini and Kompella VPLSs can realize the inter-AS Option A. In the inter-AS L2VPN
network, the link type between Autonomous System Boundary Routers (ASBRs) must be the
same as the VC type. In inter-AS Option A, each ASBR must reserve a sub-interface for each
inter-AS VC. If the number of inter-AS VCs is small, Option A can be used. VPLS adopting
inter-AS Option A consumes more resources and requires more configurations.
Option C is a better solution. The devices on the SP network need only to set up the outer tunnel
on PEs in different ASs. The ASBR does not need to maintain information about the inter-AS
VPLS or reserve interfaces for the inter-AS VPLS. VSI information of VPLS is exchanged only
between PEs. Thus, resources consumption decreases and configurations do not increase.
S7700 does not support Option C.
By analyzing the reply packet in response to the detection request packet sent from a PE to a
specified VSI or MAC address on the VPLS network, VPLS MAC Ping and VPLS MAC Trace
can detect whether the MAC address learning capability of devices on the VPLS network is
normal, which helps to determine whether the Layer 2 forwarding function works well.
The forwarding of request packets relies on the MAC forwarding table. If the MAC address is
unknown, request packets are broadcast throughout the Pseudo Wire (PW) in the specified VSI
and received by multiple peers. For MAC Ping requests, only the device with the specified MAC
address returns a reply packet. For MAC Trace requests, each node on the network that the
request packet passes returns a reply packet.
NOTE
For detailed principles of VPLS MAC Ping and VPLS MAC Trace, refer to the Chapter "VPLS" in the
Quidway S7700 Smart Routing Switch Feature Description.
E-STP
l A CE dual homed to the VPLS network
As shown in Figure 7-6, PEs are fully meshed in the VPLS network, and the CE is dual
homed to the VPLS network through two PEs. When the CE forwards broadcast packets
or unknown unicast packets, the process is as follows:
1. The CE sends broadcast packets or unknown unicast packets to PE2 or PE3.
2. After receiving the broadcast packets or unknown unicast packets, PE2 or PE3
broadcasts these packets.
3. After receiving the packets broadcast by PE2 or PE3, the other PE, that is, PE3 or PE2,
also broadcasts the packets. The packets, however, are from the PW side. Therefore,
PE3 or PE2 broadcasts these packets to the CE side.
VPLS
PW
PE2 PE3
CE
Data flow 1
Data flow 2
As shown in Figure 7-6, a ring is formed by PE2, PE3, and the CE. Therefore, STP needs
to be enabled on the ring to prevent the loop.
After STP priorities are configured on PE2 and PE3, the root bridge is determined, the
redundant link on the CE side are blocked, and consequently, the loop is prevented.
NOTE
If the STP mode is MSTP, all PEs must be configured in the same MST region.
l Inter-AS VPLS network
As shown in Figure 7-7, PE1, Switch 1, and Switch 3, all belonging to AS 1, are fully
meshed in the VPLS network. PE2, Switch 2, and Switch 4, all belonging to AS 2, are fully
meshed in the VPLS network.
VPLS
VPLS
PE2
CE1 PE1 CE2
Switch3 Switch4
ASBR ASBR
Data flow 1
Data flow 2
ASBRs of different ASs are inter-connected in back-to-back mode. Switch 1 and Switch 2
(Switch 3 and Switch 4) communicate with each other in either of the following modes:
– Option A: The devices can communicate with each other through the ordinary Ethernet
port (the VLANIF interface of the VLAN where the Ethernet port is located), Eth-Trunk
interface (the VLANIF interface of the VLAN where the Eth-Trunk interface is located),
Ethernet sub-interface, or Eth-Trunk sub-interface. Then, the ASBR Switch 1 is
considered as the CE device of the ASBR Switch 2 that accesses the VPLS network of
AS 2, and the ASBR Switch 2 as the CE of the ASBR Switch 1 that accesses the VPLS
network of AS 1. The ASBR Switch 3 and ASBR Switch 4 have the similar relationships.
– PW interconnection: Inter-AS devices functions as the peers of each other, and inter-
AS communication is established though the PW. The inter-AS PW, however, does not
follow the split horizon principle, and traffic received from the intra-AS PW is sent to
the inter-AS PW.
Switch 1 forwards received broadcast packets or unknown unicast packets as follows:
1. Switch 1 does not forward the packets to Switch 3, but directly forwards the packets
to Switch 2. That is because PE1, Switch 1, and Switch 3 are fully meshed, with PWs
established between them. Therefore, the packets from the PW side are not forwarded
back.
2. Switch 2 receives the packets sent by Switch 1 and then broadcasts these packets.
3. Switch 4 receives the packets sent by Switch 2 and then broadcasts these packets.
4. Switch 3 receives the packets sent by Switch 4 and then broadcasts these packets.
– Option A: mVSIs need to be created between Switch 1 and Switch 3, and between
Switch 2 and Switch 4.
A ring is formed by Switch 1, Switch 2, Switch 4, and Switch 3. The ring is composed
of two inter-AS service PWs and two intra-AS mPWs.
After STP is configured on the ring, the link between Switch 3 and Switch 4 is blocked,
the associated service PW of the service VSI is also blocked, and then service traffic is
transmitted along the link between Switch 1 and Switch 2.
If the link between Switch 1 and Switch 2 fails, after STP convergence, service traffic
is switched to and transmitted on the link between Switch 3 and Switch 4.
– PW interconnection: mVSIs need to be created between Switch 1 and Switch 3, and
between Switch 2 and Switch 4.
A ring is formed by Switch 1, Switch 2, Switch 4, and Switch 3. The ring is composed
of two inter-AS mPWs and two intra-AS mPWs. After STP is configured on the ring,
the mPW between Switch 3 and Switch 4 is blocked, and then service traffic is
transmitted along the link between Switch 1 and Switch 2.
When the mPW and inter-AS PW are blocked, the associated service PWs are also
blocked.
If the PW between Switch 1 and Switch 2 fails, after STP convergence, service traffic
is switched to and transmitted on the service PW between Switch 3 and Switch 4.
forward packets. The PE identifies the remote MAC addresses through the PW and the directly-
connected MAC addresses through the AC.
l Qualified: The PE identifies the MAC addresses according to the MAC addresses of the
Ethernet packets and the VLAN tags, that is, based on every VLAN of every VSI. In this
mode, every VLAN has its broadcast domain and independent MAC address range.
l Unqualified: The PE identifies the MAC addresses according to MAC addresses of the
Ethernet packets, that is, based on every VSI. In this mode, all VLANs share a broadcast
domain and a MAC address range. The MAC address of a VLAN must be unique, and must
not have an overlapped address.
NOTE
If the PE receives broadcast traffic sent by the local customer, the PE forwards it to all the other
AC side ports and to the PEs of the same VPLS.
If the PE receives the broadcast traffic sent by the remote PE, the PE forwards it to the directly-
connected customer devices of the same VPLS, instead of other PEs.
For the packet whose destination MAC address is a non-broadcast address, if the PE does not
identify this type of MAC address, then the PE broadcasts this packet.
In S7700, the MAC address learning capability can be diagnosed through the following modes:
l Populating an OAM MAC address into the local or peer device in the VPLS domain
l Purging the OAM MAC address from the local or peer device in the VPLS domain
l Populating a Register OAM MAC address into the local or peer device in the VPLS domain
vpn-config ping
The configuration and deployment of VPN services are complex. VPN services cannot be
successfully configured unless some configurations of peer PEs on the VPN are identical. For
example, on a Martini VPLS network, only when VSI-IDs of PE peers are identical, can VPLS
services be successfully configured. In the past, the configuration consistency is checked by
network maintenance engineers, which is error-prone when there are many VPN services on the
device.
As a solution, vpn-config ping is used to facilitate the configuration consistency check when
many VPN services exist on a PE. With vpn-config ping, a probe packet is sent from the VPN
requesting PE to search for VPN configuration of the requesting PE peer on a specified
responding PE; the responding PE is required to return a Reply packet carrying configuration
information to the requesting PE, which in turn displays the information to the user.
After arriving at PE1, configurations of the peer PE2, such as the VSI name, PW status, PW-
ID, VPN type, VSI management status, VSI operation status, MTU, number of CEs, VC type,
incoming label, and outgoing label, are displayed on the user terminal.
Applicable Environment
If the PE devices support the BGP as VPLS signaling, you can configure Kompella VPLS.
Automatic discovery of the VPLS PE is implemented through the VPN-Target configuration.
As shown in Figure 7-8, PE1, PE2, and PE3 are in the same VPLS network.
l To make the CEs attached to PE1, PE2, and PE3 interwork with each other, that is, to
construct a full-mesh VPLS network, ensure that the VPN-Targets configured on PE1, PE2,
and PE3 are the same.
l To make PE1 communicate with both PE2 and PE3 (but PE2 and PE3 cannot
communicate), ensure that the inbound VPN-Target configured on PE1 is the same as the
outbound VPN-Targets configured on both PE2 and PE3, and the outbound VPN-Target
configured on PE1 is the same as the inbound VPN-Targets configured on both PE2 and
PE3.
PE1
PE2 PE3
CE2 CE3
Pre-configuration Tasks
Before configuring Kompella VPLS, complete the following tasks:
Data Preparation
To configure Kompella VPLS, you need the following data.
No. Data
2 VSI name
4 CE ID of the site, the number of CEs allowed to access VPLS, and default offset
value of the CE ID
Context
NOTE
For details of commands in BGP VPLS address family view, refer to the chapter "IP Routing Commands"
in the Quidway S7700 Smart Routing Switch Command Reference.
Procedure
Step 1 Run:
system-view
NOTE
To improve reliability, on the PE, the local loopback interface is generally specified as the interface to set
up the TCP connection.
Step 5 Run:
vpls-family
NOTE
The BGP VPLS shares a TCP session with the common BGP protocol. Most configurations of the BGP
VPLS network are the same as the configurations of the BGP protocol. To exchange information about the
VPLS label block, you need to enable peers to exchange the VPLS block label in the BGP VPLS sub-
address family view.
----End
Follow-up Procedure
NOTE
For information about commands in the BGP VPLS sub-address family view, refer to the chapter "IP
Routing Commands" in the Quidway S7700 Smart Routing Switch Command Reference.
Context
Do as follows on the PEs of the two ends of the PW:
Procedure
Step 1 Run:
system-view
pwsignal bgp
The PW signaling protocol is configured as BGP and the VSI-BGP view is displayed.
Step 4 Run:
route-distinguisher route-distinguisher
After the PW signaling protocol is configured as BGP, configure the RD to make the VSI take
effect.
NOTE
Step 5 Run:
vpn-target vpn-target & <1-16> [ both | export-extcommunity | import-extcommunity ]
When using this command, note the mapping between the VPN target attribute at the local end
and the VPN target at the remote end. That is,
Traffic can be normally transmitted in bidirectional way only if the preceding two conditions
are satisfied. If only one condition is met, the traffic can be transmitted only in unidirectional
way. For convenience of configuration, the four values are generally configured to be the same.
Step 6 Run:
site site-id [ range site-range ] [ default-offset { 0 | 1 } ]
The two ends of the VSI cannot be configured with the same site ID. The value of the local site
ID must be less than the sum of the site-range and default-offset of the remote end. The value
of the local site ID, however, must be larger than the value of the default-offset of the remote
end.
NOTE
All Kompella L2VPN instances and VPLS VSI instances of one device share one label block; therefore,
the sum of the ranges of all Kompella L2VPN instances and VPLS VSI instances cannot be greater than
the label block. Otherwise, the system prompts that the labels cannot be obtained because the required
labels exceed the upper limit; thus, allocation of a site ID to a VSI or creation of a CE fails.
----End
Follow-up Procedure
TIP
A VSI can set up the VSI connection with multiple VSIs with the same site number and the same VPN
target of other PEs. Among those VSIs, a VSI is the primary VSI, and the others are backup VSIs. This
backup scheme is not recommended.
Multiple VSIs with the same site number and the same VPN target are allocated with the same label, and
they are actually the same VSI. A VSI can set up only one VSI connection with multiple VSIs with the
same site number and the same VPN target.
Context
NOTE
When Huawei devices need to communicate with non-Huawei devices with the VPLS encapsulation type
carried by BGP extended community attributes as 19, you need to perform this configuration.
Procedure
Step 1 Run:
system-view
The MTU matching check is ignored and the sent VPLS packet is re-encapsulated.
By default, the MTU in the VSI view is 1500. If the MTUs of the same VSI on two PEs are
different, the two PEs cannot exchange information or establish a connection.
The equipment of some manufacturers cannot perform the MTU matching check in the VSI.
When a Huawei device communicates with a non-Huawei device in Kompella mode, you need
to run the ignore-mtu-match command on the Huawei data communication device using the
S7700 to ignore the MTU matching check. This ensures that the VC link is Up.
In addition, after the ignore-mtu-match command is used, the VPLS packet sent by the device
adopts the standard encapsulation type 19.
----End
Follow-up Procedure
NOTE
The vpls bgp encapsulation { ethernet | vlan } and ignore-mtu-match commands must be used together
on Huawei devices so that Huawei devices can communicate with non-Huawei devices.
Context
Based on the type of link between a PE and a CE, a VSI is bound to an AC interface on the PE
in one of the following modes:
l Binding the VSI with the Ethernet interface, GE interface or XGE interface when the PE
and the CE are connected through the Ethernet interface
l Binding the VSI with the Ethernet sub-interface, GE sub-interface or XGE sub-interface
when the PE and the CE are connected through the Ethernet sub-interface or GE sub-
interface
l Binding the VSI with the VLANIF interface when the PE and the CE are connected through
the VLANIF interface
l Binding the VSI with the Eth-Trunk when the PE and the CE are connected through the
Eth-Trunk interface
l Binding the VSI with the Eth-Trunk sub-interface when the PE and the CE are connected
through the Eth-Trunk sub-interface
NOTE
The sub-interfaces can be dotlq sub-interfaces, QinQ sub-interfaces, VLAN mapping sub-interfaces, or
VLAN stacking sub-interfaces. For details on how to access the VPLS through a sub-interface, see
Connecting Sub-interfaces to a VPLS Network in the Quidway S7700 Smart Routing Switch Configuration
Guide - Ethernet.
In the VPLS application, different CEs are transparently connected in the same LAN segment through
VSIs, and the IP addresses of the CEs must be different. The IP address of the interface that connects the
PE to the CE and the IP address of the CE must be in different network segments. Otherwise, the local CE
may learn incorrect ARP entries. This leads to traffic loss between CEs in the same VSI.
Procedure
l Bind a VSI to an Ethernet interface.
Do as follows on the PEs at both ends of a PW:
1. Run:
system-view
2. Run:
interface { ethernet | gigabitethernet | xgigabitethernet } interface-
number
NOTE
Do not configure VSI and VLAN mapping for the same VLAN on an interface; otherwise,
either VSI or VLAN mapping will take effect.
l Bind a VSI to an Eth-Trunk interface.
1. Run:
system-view
NOTE
Before adding an interface into an Eth-Trunk, ensure the interface is not configured
with any Layer 3 attributes such as IP address and any services.
An Ethernet interface can join only one Eth-Trunk interface. To join another Eth-
Trunk interface, the Ethernet interface must quit from the original one.
Member interfaces of an Eth-Trunk interface must be of the same type. That is, FE
interfaces and GE interfaces cannot join an Eth-Trunk interface.
6. Run:
quit
----End
Context
The BGP VPLS sub-address family view is used to manage the VPLS label block.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp as-number
----End
Prerequisite
The configurations of the Kompella VPLS function are complete.
Procedure
l Run the display vsi [ name vsi-name ] [ verbose ] command to check the information about
the VPLS VSI.
l Run the display vsi remote bgp [ nexthop nexthop-address [ export-vpn-target vpn-
target ] | route-distinguisher route-distinguisher ] command to check information about
the remote VSI.
l Run the display vpls connection [ bgp | vsi vsi-name ] [ down | up ] [ verbose ] command
to check the information about the VPLS connection.
----End
Example
Run the display vsi [ name vsi-name ] [ verbose ] command. You can view that the item "VSI
State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "bgp" and
the item "VC State" is displayed as "up". This means that the configuration succeeds. For
example:
<Quidway> display vsi name bgp1 verbose
***VSI Name : bgp1
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 0
PW Signaling : bgp
Member Discovery Style : auto
Run the display vsi remote bgp [ nexthop nexthop-address [ export-vpn-target vpn-target ] |
route-distinguisher route-distinguisher ] command. If information about the remote VSI
established through BGP is displayed, it means that the configuration succeeds. For example:
<Quidway> display vsi remote bgp
Total Number : 1
**BGP RD : 169.1.1.2:1
Ref Number : 1
NextHop : 3.3.3.3
EncapType : vlan
MTU : 1500
Export vpn target : 100:1
SiteID : 2
Remote Label Block : 35840/5/0
Run the display vpls connection [ bgp | vsi vsi-name ] [ down | up ] [ verbose ] command. You
can view that the item "VC State" is displayed as "up". If verbose is selected, the item "Signaling"
is displayed as "bgp", the item "VC State" is displayed as "up", and label allocation is complete.
For example:
<Quidway> display vpls connection bgp verbose
VSI Name: v1 Signaling: bgp
**Remote Site ID : 2
VC State : up
RD : 200:1
Encapsulation : vlan
MTU : 1500
Peer Ip Address : 4.4.4.4
PW Type : label
Local VC Label : 35842
Remote VC Label : 35841
Tunnel Policy : --
Tunnel ID : 0x10001,
Remote Label Block : 35840/5/0
Export vpn target : 1:1,
Applicable Environment
When the PE devices support the LDP to be the VPLS signaling, you can configure the Martini
VPLS. PEs must be fully connected to each other through PWs, each of which requires a
dedicated LDP session. As a result, an LDP session must be set up between any two PEs.
As shown in Figure 7-9, PE1, PE2, and PE3 are in the same VPLS network. In Martini VPLS,
static peer relationship is established. Therefore, to make PE1 communicate both PE2 and PE3
(but PE2 and PE3 cannot communicate), you only need to specify the peer as PE1 not PE3 on
PE2. The configuration on PE3 is similar.
PE1
PE2 PE3
CE2 CE3
Pre-configuration Tasks
Before configuring Martini VPLS, complete the following tasks:
l Configuring the LSR ID on the PEs and Ps and enabling MPLS and MPLS LDP
l Enabling the MPLS L2VPN on the PEs
l Establishing the tunnel used to transmit the user data between PEs
l Establishing a remote LDP session between the PEs if they are connected indirectly
Data Preparation
To configure Martini VPLS, you need the following data.
No. Data
1 VSI name
2 VSI ID
Context
Do as follows on the PEs of the two ends of the PW:
Procedure
Step 1 Run:
system-view
The PW signaling protocol is specified as LDP and the VSI-LDP view is displayed.
Step 4 Run:
vsi-id vsi-id
NOTE
The two ends of the VSI must agree on the same VSI ID.
The VSI exists only on the PE. One PE can have multiple VSIs. One VPLS on a PE has only
one VSI.
Step 5 Run:
peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ]
When you take the LDP as PW signaling, you must configure VSI ID for the VSI to take effect.
The VSI ID varies with the VSI, and you can use these VSI IDs in the stage of PW signaling
negotiation.
The LDP does not support the automatic discovery of the VPLS PE. You must manually specify
the peer PE of the VPLS.
----End
Context
Based on the type of link between a PE and a CE, a VSI is bound to an AC interface on the PE
in one of the following modes:
l Binding the VSI with the Ethernet interface, GE interface or XGE interface when the PE
and the CE are connected through the Ethernet interface
l Binding the VSI with the Ethernet sub-interface, GE sub-interface or XGE sub-interface
when the PE and the CE are connected through the Ethernet sub-interface or GE sub-
interface
l Binding the VSI with the VLANIF interface when the PE and the CE are connected through
the VLANIF interface
l Binding the VSI with the Eth-Trunk when the PE and the CE are connected through the
Eth-Trunk interface
l Binding the VSI with the Eth-Trunk sub-interface when the PE and the CE are connected
through the Eth-Trunk sub-interface
NOTE
The sub-interfaces can be dotlq sub-interfaces, QinQ sub-interfaces, VLAN mapping sub-interfaces, or
VLAN stacking sub-interfaces. For details on how to access the VPLS through a sub-interface, see
Connecting Sub-interfaces to a VPLS Network in the Quidway S7700 Smart Routing Switch Configuration
Guide - Ethernet.
In the VPLS application, different CEs are transparently connected in the same LAN segment through
VSIs, and the IP addresses of the CEs must be different. The IP address of the interface that connects the
PE to the CE and the IP address of the CE must be in different network segments. Otherwise, the local CE
may learn incorrect ARP entries. This leads to traffic loss between CEs in the same VSI.
Procedure
l Bind a VSI to an Ethernet interface.
Do as follows on the PEs at both ends of a PW:
1. Run:
system-view
3. (Optional) Run:
undo portswitch
Before adding an interface into an Eth-Trunk, ensure the interface is not configured
with any Layer 3 attributes such as IP address and any services.
An Ethernet interface can join only one Eth-Trunk interface. To join another Eth-
Trunk interface, the Ethernet interface must quit from the original one.
Member interfaces of an Eth-Trunk interface must be of the same type. That is, FE
interfaces and GE interfaces cannot join an Eth-Trunk interface.
6. Run:
quit
----End
Prerequisite
The configurations of the Martini VPLS function are complete.
Procedure
l Run the display vsi [ name vsi-name ] [ verbose ] command to check the information about
the VPLS VSI.
l Run the display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] command to check
information about the remote VSI.
l Run the display vpls connection [ bgp | vsi vsi-name ] [ down | up ] [ verbose ] command
to check information about the VPLS connection.
l Run the display vsi pw out-interface [ vsi vsi-name ] command to check information about
the outgoing interface of the VSI PW.
l Run the display l2vpn vsi-list tunnel-policy policy-name command to check information
about the tunnel policy used by the VSI.
l Run the ping vpn-config peer-address peer-address vsi-name vsi-name [ pw-id pw-id ]
[ local ] [ remote ] command to view configurations of the VSI on the peer PE.
----End
Example
Run the display vsi [ name vsi-name ] [ verbose ] command. You can view that the item "VSI
State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "ldp" and
the item "VC State" is displayed as "up". This means that the configuration succeeds. For
example:
<Quidway> display vsi name a2 verbose
***VSI Name : a2
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
Multicast Fast Swicth : disable
Create Time : 0 days, 3 hours, 30 minutes, 31 seconds
VSI State : up
......
Run the display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] command. If information
about the remote VSI established through LDP is displayed, it means that the configuration
succeeds. For example:
<Quidway> display vsi remote ldp
Vsi Peer VC Group Encap MTU Vsi
ID RouterID Label ID Type Value Index
2 3.3.3.9 23552 0 vlan 1500 0
Run the display vpls connection [ ldp | vsi vsi-name ] [ down | up ] [ verbose ] command. You
can view that the item "VC State" is displayed as "up". If verbose is selected, the item "Signaling"
is displayed as "ldp", the item "VC State" is displayed as "up", and label allocation is complete.
For example:
<Quidway> display vpls connection ldp verbose
VSI Name: a2 Signaling: ldp
**Remote Vsi ID : 2
VC State : up
Encapsulation : vlan
Group ID : 0
MTU : 1500
Peer Ip Address : 3.3.3.9
PW Type : label
Local VC Label : 27648
Remote VC Label : 27648
Tunnel Policy : --
Tunnel ID : 0x10002,
Run the ping vpn-config peer-address peer-address vsi-name vsi-name [ pw-id pw-id ]
[ local ] [ remote ] command. You can view configurations of the VSI on the local and peer
PEs, which include information about the VSI type, VSI description, VSI management status,
VSI operation status, PW status, MTU value, number of AC in the VSI, IP address of the peer
PE, IP address of the local PE, whether probe or Echo Reply packets are forwarded through the
LSP tunnel, PW-ID, PE types, VC encapsulation type, and outer incoming and outgoing tags.
<Quidway> ping vpn-config peer-address 6.6.6.6 vsi-name ldpvpls pw-id 119 local
remote
VPN-CONFIG PING: Prese CTRL_C to break.
Result Detail: Request Sent - Reply Received
NOTE
To reduce the bandwidth consumption, the ping vpn-config command only sends one probe packet and
set timeout period for waiting for a Response packet to 10 seconds.
Applicable Environment
If the VPLS possess excessive PEs, you can adopt the HVPLS to reduce the performance
requirement of the PE devices.
Pre-configuration Tasks
Before configuring the HVPLS, complete the following tasks:
l Complete the task of 7.4 Configuring Martini VPLS between the SPE and the PE
l Set up the MPLS LDP peer between the UPE and the SPE
l Create the VSI instance on the SPE and specify the UPE as its PE of lower layer
l Create the VSI instance on the UPE and specify the SPE as the VSI peer
l Configure the CE1 and the CE2 to access the UPE, and configure the CE3 to access the PE
NOTE
The Kompella VPLS uses BGP as the signaling. The configuration of the route reflector can solve the
problem of excessive connections caused by the VPLS fully connection.
Therefore, the S7700 supports only the Martini HVPLS.
Data Preparation
To configure the HVPLS, you need the following data.
No. Data
3 VSI name, VSI ID, and the interface bound with VSI
4 Tunnel policy
Context
Do as follows on the SPE.
Procedure
Step 1 Run
system-view
The VSI is created and the static member discovery mechanism is adopted.
Step 3 Run:
pwsignal ldp
The PW signaling protocol is specified as the LDP and the VSI-LDP view is displayed.
Step 4 Run:
vsi-id vsi-id
The VSI peer between the SPE and the UPE is configured.
----End
Context
The configuration of the UPE is similar to that on the PE of the VPLS fully-connected network.
The difference is that the UPE sets up connections only with the connected SPEs.
For the detailed configuration, see 7.4 Configuring Martini VPLS.
Prerequisite
The configurations of the LDP HVPLS function are complete.
Procedure
l Run the display vsi [ name vsi-name ] [ verbose ] command to check information about
the VPLS VSI.
l Run the display vsi pw out-interface [ vsi vsi-name ] command to check information about
the outgoing interface of the VSI PW.
l Run the display l2vpn vsi-list tunnel-policy policy-name command to check information
about the tunnel policy used by the VSI.
l Run the display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] command to check
information about the remote VSI.
----End
Example
Run the display vsi [ name vsi-name ] [ verbose ] command. You can view that the item "VSI
State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "ldp" and
the item "VSI State" is displayed as "up". This means that the configuration succeeds. For
example:
<Quidway> display vsi name vsi123 verbose
***VSI Name : vsi123
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
Multicast Fast Swicth : disable
Create Time : 0 days, 3 hours, 30 minutes, 31 seconds
VSI State : up
......
Run the display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] command. If information
about the remote VSI established through LDP is displayed, it means that the configuration
succeeds. For example:
<Quidway> display vsi remote ldp
Vsi Peer VC Group Vsi MTU Vsi State
ID RouterID Label ID Type Value Index Code
123 3.3.3.9 17408 0 vlan 1500 1 FORWARD
Applicable Environment
In the practical network such as a MAN, if a UPE device does not support the dynamic VLL,
the UPE device has to access the SPE through the static VLL. In this case, the VLL set up between
the UPE and the SPE is generally in SVC mode.
Pre-configuration Tasks
Before configuring the static VLL to access the VPLS network, complete the following tasks:
l Configuring IGP on the SPE and P devices in the MPLS backbone network to ensure the
IP connectivity
l Realizing the connectivity between the SPE devices in the VPLS meshed network
l Setting up a dynamic LSP or a static LSP between the UPE and the SPE devices
l Enabling MPLS L2VPN on the interfaces connected the UPE and the SPE devices
l Configuring the tunnel policy
Data Preparation
To configure the static VLL to access the VPLS network, you need the following data.
No. Data
3 VSI name, VSI ID, the interface bound with the VSI
No. Data
Procedure
Step 1 Run:
system-view
NOTE
To use an XGE interface, a GE interface, an Ethernet interface, or an Eth-Trunk interface of the S7700 as
the AC interface of the PE, you need to run undo portswitch to configure the Layer 2 interface as a Layer
3 interface.
Step 5 Run:
mpls static-l2vc destination ip-address transmit-vpn-label transmit-label-value
receive-vpn-label receive-label-value [ tunnel-policy tnl-policy-name | [ control-
word | no-control-word ] | [ raw | tagged ] ] *
----End
7.6.3 Configuring the UPE to Access the SPE Through the Static VLL
This section describes how to configure a static VLL on a UPE, specifying the peer as an SPE.
Context
Do as follows on the UPE:
Procedure
Step 1 Run:
system-view
The encapsulation modes of the VLL and VPLS must be the same regardless of the access mode.
l Ethernet access: Run the interface { ethernet | gigabitethernet | xgigabitethernet }
interface-number command to enter the Ethernet interface view.
l VLAN access:
– If the UPE supports sub-interfaces, do as follows:
Run the interface { ethernet | gigabitethernet | xgigabitethernet } interface-
number.subinterface-number command to enter the Ethernet interface view.
– If the UPE does not support sub-interfaces, do as follows:
1. Run the vlan vlan-id command to create a VLAN and enter the VLAN view.
2. Run the quit command to return to the system view.
3. Run the interface vlanif vlan-id command to create a VLANIF interface and enter
the VLANIF view.
Step 3 Run:
mpls static-l2vc destination ip-address transmit-vpn-label transmit-label-value
receive-vpn-label receive-label-value [ tunnel-policy tnl-policy-name | [ control-
word | no-control-word ] | [ raw | tagged ] ] *
The static VC is created between the UPE and the SPE devices.
NOTE
The parameters raw and tagged are needed only for the Ethernet link.
----End
Context
Do as follows on the SPE devices:
Procedure
Step 1 Run:
system-view
The VSI view is created and the static member discovery is enabled.
Step 3 Run:
pwsignal ldp
The LDP is specified as the PW signaling protocol and the VSI LDP view is displayed.
Step 4 Run:
vsi-id vsi-id
Step 5 Run:
mac-withdraw enable
After the configuration, when an AC fault or a UPE fault occurs and the VSI remains Up, the
local MAC address is deleted and all the remote peers are informed of the deletion.
This command takes effect only after the interface-status-change mac-withdraw enable
command is also used.
Step 6 Run:
peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ]
Step 7 Run:
peer peer-address [ tnl-policy policy-name ] static-upe trans transmit-label recv
receive-label
The received and sent labels between the SPE and the static UPE are configured.
The label trans here must be the same as the label receive-vpn-label that is configured on UPE.
In addition, the label recv must be the same as the label transmit-vpn-label that is configured
on UPE.
----End
Prerequisite
The configurations of the Static VLL to Access the VPLS Network function are complete.
Procedure
l Run the display mpls static-l2vc [ interface interface-type interface-number ] command
to check information about the L2VPN connection in SVC mode.
l Run the display l2vpn ccc-interface vc-type static-vc up command to check information
about the SVC interface in the Up state.
l Run the display vsi [ name vsi-name ] [ verbose ] command to check information about
the VSI of the VPLS.
l Run the display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] command to check
information about the remote VSI.
l Run the display vpls connection [ ldp | vsi vsi-name ] [ down | up ] [ verbose ] command
to check information about the VPLS connection.
l Run the display mac-address dynamic slot-id command to check the dynamic MAC
address entries.
----End
Example
Run the display mpls static-l2vc command. You can view that the VC status is Up. For example:
<Quidway> display mpls static-l2vc interface gigabitethernet 2/0/0.1
*Client Interface : GigabitEthernet2/0/0.1 is up
AC Status : up
VC State : up
VC ID : 0
VC Type : VLAN
Destination : 1.1.1.9
Transmit VC Label : 100
Receive VC Label : 100
Control Word : Disable
VCCV Capability : alert lsp-ping bfd
Tunnel Policy : --
PW Template Name : --
Traffic Behavior : --
Main or Secondary : Main
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL Type : lsp , TNL ID : 0x10002
Create time : 0 days, 0 hours, 10 minutes, 45 seconds
UP time : 0 days, 0 hours, 10 minutes, 45 seconds
Last change time : 0 days, 0 hours, 10 minutes, 45 seconds
Run the display l2vpn ccc-interface vc-type static-vc up command. You can view that the VC
type is SVC and the status is Up. For example:
<Quidway> display l2vpn ccc-interface vc-type static-vc up
Total ccc-interface of SVC VC: 1
up (1), down (0)
Interface Encap Type State VC Type
GigabitEthernet1/0/0 vlan up static-vc
Run the display vsi [ name vsi-name ] [ verbose ] command. You can find the item "VSI State"
is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "ldp" and the
item "VC State" is "up". This means that the configuration succeeds. For example:
<Quidway> display vsi name v100 verbose
***VSI Name : v100
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 0
Domain Name :
Ignore AcState : disable
Multicast Fast switch : disable
Create Time : 0 days, 3 hours, 30 minutes, 31 seconds
VSI State : up
......
Run the display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] command. If information
about the remote VSI established through LDP is displayed, it means that the configuration
succeeds. For example:
<Quidway> display vsi remote ldp
Vsi Peer VC Group Vsi MTU Vsi State
ID RouterID Label ID Type Value Index Code
123 3.3.3.9 17408 0 vlan 1500 1 FORWARD
Run the display mac-address dynamic slot-idcommand. You can view the MAC address
learned by the corresponding interface. For example:
<Quidway> display mac-address dynamic 1
MAC Address VLAN PEVLAN CEVLAN Port Type Lsp/
LSR-ID
VSI/SI MAC-
Tunnel
----------------------------------------------------------------------------------
--------
0000-c101-0202 100 123 12 GigabitEthernet1/0/0 dynamic
3/4137
0000-c101-0102 100 123 12 GigabitEthernet1/0/1 dynamic
3/3366
Total 2 ,2 printed
Applicable Environment
If the MPLS backbone network bearing VPLS spans multiple ASs, the inter-AS VPLS must be
configured.
If the number of CEs that access PEs is small, inter-AS VPLS Option A can be adopted. In
Option A, ASBRs in the AS must support VSIs and must be capable of managing VPLS label
blocks. In addition, ASBRs must reserve dedicated interfaces including sub-interfaces, physical
interfaces, and bound logical interfaces for each inter-AS VPLS network. That is, Option A
poses high requirements of ASBRs; however, for inter-AS networking, ASBRs do not need any
special configurations.
Pre-configuration Tasks
Before configuring the Kompella VPLS, complete the following tasks:
l Configuring IGP for MPLS backbone networks in each AS to ensure IP connectivity within
an AS
l Configuring the basic MPLS functions for MPLS backbone networks in each AS
l Configuring the VSI on the PE connected with the CE and binding the VSI to the AC
interface
l Configuring the IP address on the CE interface that accesses the PE
l Establishing the tunnel between the PE and the ASBR in the same AS (Option A)
Data Preparation
To configure the Kompella VPLS, you need the following data.
No. Data
1 To configure the VSI on the PE and the ASBR, you need the following data:
l VSI name and RD
l (Optional) Description of the VSI
l VPN target
l (Optional) Routing policy that controls sending and receiving of information
about VPLS label blocks
l (Optional) Tunnel policy
l (Optional) Permitted maximum number of label blocks saved in a VSI
2 CE ID of the site, number of permitted CEs that access the VPLS network, CE ID
and default CE offset
5 IP addresses and interfaces used to establish the IBGP peers between the PEs and the
ASBRs
Context
The configurations of Kompella VPLS Option A can be summarized as follows:
l Configuring the Kompella VPLS for each AS
l Configuring ASBR by considering the peer ASBR as its CE
l Configuring the VSIs on the PE and the ASBR respectively and binding the VSIs to the
AC interfaces (The PE provides the access service for the CE; the ASBR accesses the peer
ASBRs)
NOTE
In inter-AS VPLS Option A, for the same VPLS network, the VPN target of the VSI on the ASBR and that
on the PE in the same AS must be matched. The VPN target of the VSI on the ASBR and that on the PE
in different ASs need not be matched.
Prerequisite
The configurations of the Inter-AS Kompella VPLS function are complete.
Procedure
l Run the display bgp vpls group [ group-name ] command to check information about BGP
VPLS peer groups on the PE or the ASBR.
l Run the display bgp vpls peer [ ipv4-address verbose ] command to check information
about BGP VPLS peers on the PE or the ASBR.
l Run the display bgp vpls all command to check information about BGP VPLS label blocks
on the PE or the ASBR.
l Run the display vpls connection [ bgp | vsi vsi-name ] [ down | up ] [ verbose ]. command
to check the VPLS connection on the PE.
l Run the display bgp routing-table label command to check label information about
labeled IPv4 routes on the PE or the ASBR.
l Run the ping vpls mac mac-address vsi vsi-name [ vlan vlan-id | -c count | -m time-
value | -s packsize | -t timeout | -exp exp | -r replymode ] * command to check the
connectivity of Layer 2 links on the VPLS network.
l Run the trace vpls mac mac-address vsi vsi-name [ vlan vlan-id ] [-t timeout | -f first-ttl |
-m max-ttl | -exp exp | -r replymode ] * command to check the PEs and P that packets pass
from the sender to the receiver on the VPLS network and check the connectivity of Layer
2 links, which helps to locate the faulty node on the network.
In OptionA mode, the ping and trace functions support intra-AS detection.
----End
Example
After the configurations, run the display bgp vpls peer command on the PE or the ASBR. You
can view that the status of the BGP VPLS peer between the PE and the ASBR in the same AS
is "Established". For example:
<Quidway> display bgp vpls peer
BGP local router ID : 1.1.1.1
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
4.4.4.4 4 200 5 8 0 00:02:04 Established 0
Run the display bgp vpls all command on the PE or ASBR. You can view information about
the VPLS label block on the ASBR. For example:
<Quidway> display bgp vpls all
BGP Local Router ID : 1.1.1.1, Local AS Number : 100
Status codes : * - active, > - best
BGP.VPLS : 2 Label Blocks
--------------------------------------------------------------------------------
Route Distinguisher: 100:1
SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref
--------------------------------------------------------------------------------
> 1 0 0.0.0.0 5 35840 0x0 0.0.0.0 0
--------------------------------------------------------------------------------
Route Distinguisher: 200:1
SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref
--------------------------------------------------------------------------------
*> 2 0 4.4.4.4 5 35840 0x0 4.4.4.4 0
Run the display vpls connection command on the PE or the ASBR. You can view that the status
of the VPLS connection on the PE or the ASBR is "up". For example:
<Quidway> display vpls connection
1 total connections,
connections: 1 up, 0 down, 0 ldp, 1 bgp
VSI Name: v1 Signaling: bgp
SiteID RD PeerAddr InLabel OutLabel VCState
2 200:1 4.4.4.4 35842 35843 up
Run the display bgp routing-table label command on the PE or ASBR. You can view
information about the labeled IPv4 routes. For example:
<Quidway> display bgp routing-table label
Total Number of Routes: 1
BGP Local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop In/Out Label
*>i 4.4.4.4 2.2.2.2 NULL/15361
Run the ping vpls mac command to check whether the device with the MAC address is
reachable. For example:
<Quidway> ping vpls mac 00e0-5952-6f01 vsi v123
Ping mac 00e0-5952-6f01 vsi v123 : 100 data bytes , press CTRL_C to break
Reply from 10.1.1.1 : bytes=100 sequence=1 ttl=255 time = 1ms
Reply from 10.1.1.1 : bytes=100 sequence=2 ttl=255 time = 1ms
Reply from 10.1.1.1 : bytes=100 sequence=3 ttl=255 time = 2ms
Reply from 10.1.1.1 : bytes=100 sequence=4 ttl=255 time = 3ms
Reply from 10.1.1.1 : bytes=100 sequence=5 ttl=255 time = 2ms
The IP address of the PE is 5.5.5.9 and the interface on the PE is
GigabitEthernet5/0/0.100.
--- vsi : v123 00e0-5952-6f01 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/2/3 ms
Run the trace vpls mac command to check the connectivity of Layer 2 links. For example:
<Quidway> trace vpls mac 00e0-5952-6f01 vsi v123
Traceroute to mac 00e0-5952-6f01 vsi v123, 30 hops max, press CTRL_C to break
TTL Num Replier Time Type Downstream Hit
------------------------------------------------------------------------
0 1 Ingress 10.1.1.2/[1026] N
2 Ingress 10.3.3.2/[10] N
1 1 10.1.1.2 6ms Transit 10.2.2.2/[3] --
2 192.5.5.5 5ms Egress N
Applicable Environment
If the MPLS backbone network bearing the Martini VPLS spans multiple ASs, you must
configure the inter-AS Martini VPLS.
S7700 supports Inter-AS Option A. This solution can be easily implemented. When the number
of inter-AS Martini VPLS routes on ASBRs is small, Option A is recommended.
Pre-configuration Tasks
Before configuring inter-AS Martini VPLS, complete the following tasks:
l Configuring static routes or the IGP protocol on the PE or P devices in the MPLS backbone
network of ASs to implement the IP connectivity of the backbone network devices in the
same AS
l Configuring the basic MPLS capability on the MPLS backbone network of each AS
l Configuring MPLS LDP and establishing LDP LSP for the MPLS backbone of each AS
Data Preparation
To configure the inter-AS Martini L2VPN, you need the following data.
No. Data
2 Number of each AS
Context
The configuration of inter-AS Martini VPLS Option A is as follows:
l 7.3.7 Checking the Configuration for each AS
l Configuring the ASBR by regarding the peer ASBR as the local CE
l No inter-AS-related configuration needs to be performed on the ASBR.
l No IP address needs to be configured for the interfaces between ASBRs. The configuration
procedure is not mentioned.
Prerequisite
The configurations of the Inter-AS Martini VPLS function are complete.
Procedure
l Run the display vsi [ name vsi-name ] [ verbose ] command to check information about
the VSI of the VPLS.
l Run the display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] command to check
information about the remote VSI.
l Run the display vpls connection [ ldp | vsi vsi-name ] [ down | up ] [ verbose ] command
to check information about the VPLS connection.
l Run the ping vpn-config peer-address peer-address vsi-name vsi-name [ pw-id pw-id ]
[ local ] [ remote ] command to check configurations of the VSI on the peer PE.
l Run the ping vpls mac mac-address vsi vsi-name [ vlan vlan-id | -c count | -m time-
value | -s packsize | -t timeout | -exp exp | -r replymode ] * command to check the
connectivity of Layer 2 links on the VPLS network.
l Run the trace vpls mac mac-address vsi vsi-name [ vlan vlan-id ] [-t timeout | -f first-ttl |
-m max-ttl | -exp exp | -r replymode ] * command to check the PEs and P that packets pass
from the sender to the receiver and check the connectivity of Layer 2 links, which helps to
locate the faulty node on the network.
NOTE
In OptionA mode, the ping and trace functions support intra-AS detection.
----End
Example
Run the display vsi [ name vsi-name ] [ verbose ] command. You can view that the item "VSI
State" is displayed as "up". If verbose is selected, the item "Signaling" is displayed as "ldp" and
the item "VSI State" is displayed as "up". This means that the configuration succeeds. For
example:
***VSI Name : a1
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 0
PW Signaling : ldp
Run the display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ] command. If information
about the remote VSI established through LDP is displayed, it means that the configuration
succeeds. For example:
<Quidway> display vsi remote ldp
Vsi Peer VC Group Encap MTU Vsi State
ID RouterID Label ID Type Value Index Code
123 3.3.3.9 27648 0 vlan 1500 1 FORWARD
Run the display vpls connection [ ldp | vsi vsi-name ] [ down | up ] [ verbose ] command. You
can view that the item "VC State" is displayed as "up". If verbose is selected, the item "Signaling"
is displayed as "ldp", the item "VC State" is displayed as "up", and label allocation is complete.
For example:
<Quidway> display vpls connection
2 total connections,
connections: 2 up, 0 down, 1 ldp, 1 bgp
VSI Name: a2 Signaling: ldp
VsiID EncapType PeerAddr InLabel OutLabel VCState
2 vlan 1.1.1.1 27648 27648 up
VSI Name: bgp1 Signaling: bgp
SiteID RD PeerAddr InLabel OutLabel VCState
1 168.1.1.1:1 1.1.1.1 35842 35842 up
Run the ping vpn-config peer-address peer-address vsi-name vsi-name [ pw-id pw-id ]
[ local ] [ remote ] command. You can view configurations of the VSI on the local and peer
PEs, which include information about the VSI type, VSI description, VSI management status,
VSI operation status, PW status, MTU value, number of AC in the VSI, IP address of the peer
PE, IP address of the local PE, whether probe or Echo Reply packets are forwarded through the
LSP tunnel, PW-ID, PE types, VC encapsulation type, and outer incoming and outgoing tags.
<Quidway> ping vpn-config peer-address 6.6.6.6 vsi-name ldpvpls pw-id 119 local
remote
VPN-CONFIG PING: Prese CTRL_C to break.
Result Detail: Request Sent - Reply Received
Local VSI description:
Remote VSI description:
PW State: Up
local remote
------------------------------------------------
VSI Name: ldpvpls ldpvpls
VSI ID: 119 119
VPN Type: Martini VPLS Martini VPLS
Admin State: UP UP
Oper State: UP UP
VSI MTU: 1500 1500
CE Count: 1 1
NOTE
To reduce the bandwidth consumption, the ping vpn-config command only sends one probe packet and
set timeout period for waiting for a Response packet to 10 seconds.
Run the ping vpls mac command to check whether the device with the MAC address is
reachable. For example:
<Quidway> ping vpls mac 00e0-5952-6f01 vsi v123
Ping mac 00e0-5952-6f01 vsi v123 : 100 data bytes , press CTRL_C to break
Reply from 10.1.1.1 : bytes=100 sequence=1 ttl=255 time = 1ms
Reply from 10.1.1.1 : bytes=100 sequence=2 ttl=255 time = 1ms
Reply from 10.1.1.1 : bytes=100 sequence=3 ttl=255 time = 2ms
Reply from 10.1.1.1 : bytes=100 sequence=4 ttl=255 time = 3ms
Reply from 10.1.1.1 : bytes=100 sequence=5 ttl=255 time = 2ms
The IP address of the PE is 5.5.5.9 and the interface on the PE is
GigabitEthernet5/0/0.100.
--- vsi : v123 00e0-5952-6f01 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/2/3 ms
Run the trace vpls mac command to check the connectivity of Layer 2 links. For example:
<Quidway> trace vpls mac 00e0-5952-6f01 vsi v123
Traceroute to mac 00e0-5952-6f01 vsi v123, 30 hops max, press CTRL_C to break
TTL Num Replier Time Type Downstream Hit
------------------------------------------------------------------------
0 1 Ingress 10.1.1.2/[1026] N
2 Ingress 10.3.3.2/[10] N
1 1 10.1.1.2 6ms Transit 10.2.2.2/[3] --
2 192.5.5.5 5ms Egress N
2 1 192.3.3.3 3ms Egress Y
Info: Succeeded in tracing the destination address 00e0-5952-6f01.
Applicable Environment
To improve the reliability of VPLS and prevent the fault on a PE, you can adopt the networking
where a CE accesses two PEs.
Pre-configuration Tasks
Before configuring dual-homed Kompella VPLS, complete the following tasks:
l Configuring LSR IDs and enabling MPLS on PEs and Ps
l Enabling MPLS L2VPN on PEs
l Establishing the tunnels between PEs to transmit user data
l Establishing BGP VPLS peer relationship between PEs
Data Preparation
To configure dual-homed Kompella VPLS, you need the following data.
No. Data
4 CE ID of the site, maximum number of permitted CEs that access the VPLS network,
and default CE offset
Context
Configure two VSIs with the same attributes on two dual-homed PEs.
Do as follows on the PEs:
Procedure
Step 1 Run:
system-view
Step 2 Run:
vsi vsi-name auto
VSIs are created and the automatic member discovery mechanism is adopted.
The Kompella VPLS does not directly operate on the connection between CEs. Each CE has a
globally unique number. On a PE, a VSI is created for each CE that is directly connected to this
PE device.
Step 3 Run:
pwsignal bgp
BGP is configured as the PW signaling protocol and the VSI BGP view is displayed.
Step 4 Run:
route-distinguisher route-distinguisher
After configuring BGP as the PW signaling protocol, you must configure the RD of the VSI to
validate the VSI.
Step 5 Run:
vpn-target vpn-target & <1-16> [ both | export-extcommunity | import-extcommunity ]
When configuring the VPN Target of the VSI, ensure that the VPN target of export-
extcommunity is the same as that of import-extcommunity.
Step 6 Run:
site site-id [ range site-range ] [ default-offset { 0 | 1 } ]
The site ID of the local end must be less than the sum of the site-range value and default-
offset value on the peer end. The site ID of the local end must be greater than the default-
offset value of the peer end.
NOTE
At present, the VSIs of the two dual-homed PEs can be configured with only one label block. To enlarge
the range, use the undo site command to delete all the original sites and then configure a larger range. In
addition, the VSIs of the two dual-homed PEs can be configured with only one AC.
Step 7 Run:
quit
Step 8 Run:
quit
Step 9 is configured only when the PE communicates with non-Huawei devices. Before
performing Step 9, check the encapsulation type of the VSI on the peer PE. The local VSI and
peer VSI can communicate only when the VSI encapsulation type of the peer PE is the same as
that configured for the local PE. In VPLS BGP mode, the default encapsulation type of VPLS
packets is VLAN.
NOTE
The signaling protocol, RD, default-offset, site ID, and encapsulation type of the VSIs on the two PEs that
a CE accesses must be the same.
----End
Context
Do as follows on the PEs:
Procedure
Step 1 Run:
system-view
Step 2 Run:
vsi vsi-name
Step 3 Run:
multi-homing-preference preference-value
When the VSIs of the two PEs that a CE accesses are Up, the PE with the higher preference
serves as the active PE, and the PE with the lower preference works as the standby PE. In addition,
both PEs need be configured with different preferences to realize a smooth active/standby
negotiation.
The active PE is responsible for forwarding the traffic of the CE; the standby PE is only
responsible for checking whether the VSI of the active PE is Up. After a PE is selected as the
standby PE, the status of the VSI of the standby PE is set to Down. After the VSI of the active
PE becomes Down, the standby PE becomes the new active PE.
After the BGP session between the two PEs that a CE accesses becomes Down, the PW of the
PE with the lower preference becomes Up, and the PW between the two PEs becomes Up.
----End
Context
For the configuration procedure, see "Binding the VSI to the Interface Connected with CE".
Prerequisite
The configurations of the dual-homed Kompella VPLS function are complete.
Procedure
l Run the display bgp vpls group [ group-name ] command to check information about BGP
VPLS peer groups on the PE or the ASBR.
l Run the display bgp vpls peer [ ipv4-address verbose ] command to check information
about BGP VPLS peers on the PE or the ASBR.
l Run the display bgp vpls all command to check information about the BGP VPLS label
blocks on the PE or ASBR.
l Run the display vpls connection [ bgp | vsi vsi-name ] [ down | up ] [ verbose ] command
to check information about the VPLS connection on the PE.
----End
Example
After the configurations, run the display bgp vpls peer command on the PE or the ASBR. You
can view that the status of the BGP VPLS peer relationship between PEs is "Established". For
example:
<Quidway> display bgp vpls peer
BGP local router ID : 1.1.1.1
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
4.4.4.4 4 200 5 8 0 00:02:04 Established 0
Run the display bgp vpls all command on the PE. You can view information about the VPLS
label block on the PE. For example:
<Quidway> display bgp vpls all
BGP Local Router ID : 1.1.1.1, Local AS Number : 100
Status codes : * - active, > - best
BGP.VPLS : 2 Label Blocks
--------------------------------------------------------------------------------
Route Distinguisher: 100:1
SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref
--------------------------------------------------------------------------------
> 1 0 0.0.0.0 5 35840 0x0 0.0.0.0 0
--------------------------------------------------------------------------------
Route Distinguisher: 200:1
SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref
--------------------------------------------------------------------------------
*> 2 0 4.4.4.4 5 35840 0x0 4.4.4.4 0
Run the display vpls connection command on the PE. You can view that the status of the VPLS
connection on the PE is "up". For example:
<Quidway> display vpls connection
1 total connections,
connections: 1 up, 0 down, 0 ldp, 1 bgp
VSI Name: v1 Signaling: bgp
SiteID RD PeerAddr InLabel OutLabel VCState
2 200:1 4.4.4.4 35842 35841 up
Applicable Environment
After creating a VSI and assigning a signaling protocol to it, you can adjust general parameters
of the VSI. According to different applicable environments, you can modify the MAC address
learning mode and the MAC address entry.
Pre-configuration Tasks
Before configuring related parameters of the VSI, complete the following tasks:
l Creating a VSI
l Configuring Kompella VPLS or Configuring Martini VPLS
Data Preparation
To configure basic VPLS capability, you need the following data.
No. Data
Context
Do as follows on the PEs of the both ends of the PW:
Procedure
Step 1 Run:
system-view
NOTE
When an interface is bound to the VSI, the MTU can be configured in the interface view but it does not
take effect. The PW signaling uses the MTU that is configured in the VSI view for the PW MTU negotiation.
----End
Context
A physical interface can belong to multiple VLANs at the same time. Multiple VLAN interfaces
can be bound with the same VSI. Therefore, when configuring MAC address static entries or
blackhole entries for VSI bound to the VLAN interfaces, you must specify the physical interface
and VLAN interface.
Do as follows on the PEs of the two ends of the PW:
Procedure
Step 1 Run:
system-view
Step 2 Run:
mac-address aging-time aging-time
The aging time of MAC address entries for the VPLS is configured.
Step 3 Run:
mac-address static mac-address interface-type interface-number vlanif interface-
number vsi vsi-name
Step 4 Run:
mac-address blackhole mac-address vsi vsi-name
Step 5 Run:
vsi vsi-name
Step 6 Run:
pwsignal ldp
The PW signaling protocol is specified as LDP and the VSI-LDP view is displayed.
Step 7 Run:
vsi-id vsi-id
Step 8 Run:
quit
Step 9 Run:
mac-learning { enable | disable }
Step 10 Run:
mac-learn-style unqualify
Step 11 Run:
mac-limit { action { discard | forward } | alarm { disable | enable } | maximum max-
num } *
----End
Context
A'
B
C' B'
D'
DSLAM
As shown in Figure 7-10, if the services running on the old network will switch to the new
network, and you want to check whether the VSI on the new network can work normally before
the service switchover, you need to configure the VSI to ignore the AC status on D'. After the
configuration, the VSI on D' keeps Up before the DSLAM is connected to the new network.
The AC statuses are classified into the following statuses:
l The status of an physical AC interface or logical AC interface that is bound to the VSI
l The UPE PW status in the scenario of VLL accessing VPLS
The VSI can be Up only if at least one AC interface or the UPE PW is Up. After you configure
a VSI to ignore the AC status, the VSI can keep Up when the VSI PW is Up. That is, the VSI
status bears no relation to the AC status.
Do as follows on the PE (D' in Figure 7-10):
Procedure
Step 1 Run:
system-view
----End
Follow-up Procedure
The vpls ignore-ac-state is used only before the service switchover between a new VPLS
network and an old one. After the service switchover, run the undo vpls ignore-ac-state
command to restore the default setting.
Figure 7-11 Networking where the VPLS network is deployed over the edge layer
UPE
UPE
PE-AGG NPE
DSLAM
VPLS
NPE
UPE PE-AGG
DSLAM
UPE
Pre-configuration Tasks
Before configuring the suppression on broadcast traffic based on VSIs, complete the following
task:
Data Preparation
To configure the suppression on broadcast traffic based on VSIs, you need the following data.
No. Data
1 Name of VSI
3 Committed information rate (CIR), that is, the maximum transmission rate of the
traffic that can pass through
4 Committed burst size (CBS), that is, the maximum size of traffic that can pass through
Context
Do as follows on the PEs on which the VSI broadcast traffic, multicast traffic, and unknown
unicast traffic need to be suppressed.
Procedure
Step 1 Run:
system-view
Step 2 Run:
vsi vsi-name
Step 3 Run:
broadcast-suppression cir cir-value cbs cbs-value
Step 4 Run:
multicast-suppression cir cir-value cbs cbs-value
Step 5 Run:
unknown-unicast-suppression cir cir-value cbs cbs-value
----End
Context
The configurations of VPLS traffic suppression are complete.
Procedure
l Run the display this command in the VSI view to check whether VPLS traffic suppression
is enabled.
----End
Example
Run the display this command in the VSI view to check whether VPLS traffic suppression is
enabled.
[Quidway] vsi v1
[Quidway-v1] display this
#
vsi v1 static
pwsignal ldp
vsi-id 10
peer 9.9.9.9
broadcast-suppression cir 1000 cbs 11000
#
Context
NOTE
The F series boards, including G48SFA, G48TFA, and F48TFA do not support VPLS traffic statistics.
Procedure
Step 1 Run:
system-view
Step 2 Run:
vsi vsi-name [ auto | static ]
Step 3 Choose one of the following commands to enable the function of collecting the statistics of the
traffic.
l Kompella VPLS
– Run the pwsignal bgp command. The PW signaling protocol is configured as BGP and
the VSI-BGP view is displayed.
– To enable the function of collecting the statistics of the traffic on the public network of
the specified Kompella VPLS PW, run the traffic-statistics peer peer-address remote-
site site-id enable command.
l Martini VPLS
– Run the pwsignal ldp command. The PW signaling protocol is configured as LDP and
the VSI-LDP view is displayed.
– To enable the function of collecting the statistics of the traffic on the public network of
the specified Martini VPLS PW, run the traffic-statistics peer peer-address
[ negotiation-vc-id vc-id ] enable command.
----End
Context
NOTE
If a PW becomes Down in five minutes, the traffic calculated before the PW becomes Down is not used
to calculate the 5-minute traffic rate.
After the traffic on a VPLS PW is set, you can run the following commands in any view to view
the running status of the traffic on a VPLS PW.
Procedure
l Run the display traffic-statistics vsi vsi-name peer peer-address remote-site site-id
command to check the statistics of the traffic on the public network of the specified
Kompella VPLS PW in the specified VSI.
l Run the display traffic-statistics vsi vsi-name peer peer-address [ negotiation-vc-id vc-
id ] command to check the statistics of the traffic on the public network of the specified
LDP VPLS PW in the specified VSI.
----End
Context
CAUTION
The traffic statistics information cannot be restored after you clear it. So, confirm the action
before you use the command.
Procedure
l Run the reset traffic-statistics vsi name vsi-name [ peer peer-address [ negotiation-vc-
id vc-id ] ] command in the user view to clear the statistics of the traffic on the public
network of the specified LDP VPLS PW in the specified VSI.
l Run the reset traffic-statistics vsi name vsi-name [ peer peer-address remote-site site-
id ] command in the user view to clear the statistics of the traffic on the public network of
the specified BGP VPLS PW in the specified VSI.
l Run the reset traffic-statistics vsi name vsi-name [ peer-address remote-site site-id ]
command in the user view to clear the statistics of the traffic on the public network of the
specified BGP VPLS PW in the specified VSI.
----End
Context
NOTE
To reduce the bandwidth consumption, the ping vpn-config command only sends one probe packet and
set timeout period for waiting for a Response packet to 10 seconds.
Procedure
l Run:
ping vpn-config peer-address peer-address vsi-name vsi-name [ pw-id pw-id ]
[ local ] [ remote ]
Consistency of configurations on both ends of a VPN is checked, which can help you locate
faults on the VPN connection.
The command output includes information about about the VSI type, VSI description, VSI
management status, VSI operation status, PW status, MTU value, number of AC in the
VSI, IP address of the peer PE, IP address of the local PE, whether probe or Echo Reply
packets are forwarded through the LSP tunnel, PW-ID, PE types, VC encapsulation type,
and outer incoming and outgoing tags.
----End
Context
CAUTION
Debugging affects the system performance. So, after debugging, run the undo debugging all
command to disable it immediately.
When a fault occurs, run the debugging commands in the user view to check the debugging
information and locate the fault.
Procedure
l Run the debugging mpls l2vpn { advertisement | all | connections interface [ interface-
type interface-number ] | download | error | event | timer } command in the user view to
enable MPLS L2VPN debugging.
l Run the debugging mpls l2vpn { vpls_fib | vpls_mid } command in the user view to enable
VPLS debugging.
l Run the debugging mpls packet [ error ] [ acl acl-number ] [ inlabel outer-in-label
[ inner-in-label ] ] [ l2vpn-in-interface interface-type interface-number ] command in the
user view to enable the MPLS packet debugging.
l Run the debugging mpls ldp { advertisement | all | error | main | notification | pdu |
session | socket | timer } [ interface interface-type interface-number ] or debugging
mpls ldp { hsb | remote-peer remote-peer-name }command in the user view to enable the
LDP debugging..
----End
Context
Do as follows in the VSI view.
Procedure
l Enable VSI
1. Run the system-view command to enter the system view.
2. Run the vsi vsi-name command to enter the vsi view.
3. Run the undo shutdown command to check enable VSI.
l Disable VSI
1. Run the system-view command to enter the system view.
2. Run the vsi vsi-name command to enter the vsi view.
3. Run the shutdown command to check disable VSI.
----End
Example
Regarding requirements of service management such as service suspension, you can temporarily
shut down the VSI, and then add, delete or adjust the VSI function.
The shutdown command affects the PW connection. The AC is Down, and the Layer 2
forwarding table is deleted.
Context
CAUTION
After the MAC address entries are cleared, the entries cannot be restored. So, confirm the action
before you clear the entries.
Procedure
l Run the undo mac-address static mac-address interface-type interface-number vlanif
interface-number vsi vsi-name command to clear the MAC address entries of the VSI.
l Run the undo mac-address { dynamic | static | all } command to clear the dynamic, static,
or all the MAC address entries.
l Run the undo mac-address blackhole [ vsi vsi-name ] command to clear all the blackhole
MAC address entries.
----End
Context
VPLS data forwarding relies on MAC address learning. Therefore, data packets cannot be
correctly forwarded in the VPLS domain unless the MAC addresses of data packets can be
learned by the PE device. Diagnostic tool of the OAM MAC address learning capability can
check the MAC address learning of the VSIs on a device by adding special OAM MAC addresses
to a VPLS network.
When packets fail to be forwarded between CEs but the PW is Up, you can use the diagnostic
tool of the OAM MAC address learning capability to check whether a fault occurs in the MAC
address learning on a device.
The diagnostic tool of the OAM MAC address learning capability include:
l MAC Populate: adds OAM MAC addresses to a VPLS network.
l MAC Purge: removes the added OAM MAC addresses.
On the S7700, you can diagnose the MAC address learning capability in the following methods:
l Add OAM MAC addresses to the local or peer device in the VPLS network.
After adding the OAM MAC address, you can run the display mac-address oam command
to check whether the local or the peer device has learned the OAM MAC addresses. In this
manner, you can diagnose the MAC address learning capability of the device.
l Remove the OAM MAC addresses from the local or peer device in the VPLS network.
The OAM MAC addresses to be removed must be the ones that have been added.
l Add OAM MAC addresses of the register type to the local or peer device in the VPLS
network.
After the OAM MAC addresses of the register type are added, the packets destined for the
addresses are discarded.
The diagnostic tool of the OAM MAC address learning capability can be used in the following
VPLS networks:
l VPLS in LDP mode
l VPLS in BGP mode
l HVPLS in LDP mode
Do as follows on the PEs:
Procedure
l Run:
mac-populate vsi vsi-name mac mac-address [ packet-num num | flood ] *
A test on the MAC address learning capacity is initiated by adding an OAM MAC address
to the device.
– vsi vsi-name: specifies the name of the VSI of which the MAC address learning
capability needs to be diagnosed.
– mac mac-address: only 10 OAM MAC addresses are supported currently.
– 0018-82a4-3fb1
– 0018-82a4-3fb2
– 0018-82a4-3fb3
– 0018-82a4-3fb4
– 0018-82a4-3fb5
– 0018-82a4-3fb6
– 0018-82a4-3fb7
– 0018-82a4-3fb8
– 0018-82a4-3fb9
– 0018-82a4-3fba
– packet-num num: specifies the number of the sent diagnosis packets. The value is a
decimal integer that ranges from 1 to 5. The default value is 3.
– flood:indicates that diagnose packets are flooded in the VPLS network. In this case,
both the local device and the peer device configured with the same VSI can learn the
specified OAM MAC address. If this parameter is not specified, only the PE where the
command is run can learn the specified OAM MAC address.
– The OAM MAC address populated into the local and peer devices can control the
forwarding. According to the OAM MAC address, the peer device forwards the received
packets corresponding to the OAM MAC address to the local device. The aging time
of OAM MAC addresses is set to 150 seconds.
l Run:
mac-purge vsi vsi-name mac mac-address [ packet-num num | register | flood ] *
– flood:If this parameter is not specified, only the PE where the command is run can
remove the specified OAM MAC address. If this parameter is specified, the diagnose
packets are flooded in the VPLS network. In this case, both the local device and the
peer device configured with the same VSI can remove the specified OAM MAC address.
– register:indicates that the specified OAM MAC address becomes the blackhole MAC
address, and all the packets destined for this address are discarded.
----End
Context
To check connectivity of a VPLS network, configure a VPLS network and do as follows on the
PE:
Procedure
l Run:
ping vpls mac mac-address vsi vsi-name [ vlan vlan-id | -c count | -m time-
value | -s packsize | -t timeout | -exp exp | -r replymode | -h ttl ] *
Connectivity of the link between PEs on the Kompella VPLS network is checked.
l Run:
ping vpls [ -c echo-number | -m time-value | -s data-bytes | -t timeout-value
| -r reply-mode | -exp exp-value | -v ] * vsi vsi-name peer peer-address
[ negotiate-vc-id vc-id ]
Connectivity of the link between PEs on the Martini VPLS network is checked.
l Run:
trace vpls mac mac-address vsi vsi-name [ vlan vlan-id ] [-t timeout | -f first-
ttl | -m max-ttl | -exp exp | -r replymode ] *
PEs and P devices along the PW on the VPLS network are displayed; connectivity of the
Layer 2 forwarding link is checked; the faulty node is located.
l Run:
tracert vpls [ -exp exp-value | -f first-ttl | -m max-ttl | -r reply-mode | -
t timeout-value ] * vsi vsi-name local-site-id remote-site-id [ full-lsp-path ]
established with LDP as the VPLS signaling, and VPLS is configured to implement the
interworking between CE1 and CE2.
GE2/0/0 GE2/0/0
PE1 PE2
GE1/0/0 GE1/0/0
GE1/0/0 P GE2/0/0
GE1/0/0 GE1/0/0
CE1 CE2
Loopback1 - 1.1.1.9/32
Loopback1 - 3.3.3.9/32
Loopback1 - 2.2.2.9/32
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l Names and IDs of VSIs
l IP addresses of peers and tunnel policy used for setting up peer relationships
l Interfaces to which VSIs are bound
Procedure
Step 1 Configure the VLAN to which each interface belongs according to Figure 7-12.
The configuration details are not mentioned here.
NOTE
Do not add the AC-side port and PW-side port of a PE to the same VLAN; otherwise, a loop may occur.
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration, run the display mpls ldp session on PE1 or PE2. You can find that the
status of the peer relationship between PE1 and PE2 is Operational, which indicates that the
peer relationship is established.
Step 5 Enable MPLS L2VPN on PEs.
# Configure PE1.
[PE1] mpls l2vpn
# Configure PE2.
# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] pwsignal ldp
[PE2-vsi-a2-ldp] vsi-id 2
[PE2-vsi-a2-ldp] peer 1.1.1.9
# Configure PE2.
[PE2] interface vlanif 40
[PE2-Vlanif40] l2 binding vsi a2
[PE2-Vlanif40] quit
# Configure CE2.
<Quidway> sysname CE2
[CE2] interface vlanif 40
[CE2-Vlanif40] ip address 10.1.1.2 255.255.255.0
[CE2-Vlanif40] quit
***VSI Name : a2
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
VSI ID : 2
*Peer Router ID : 3.3.3.9
VC Label : 27648
Peer Type : dynamic
Session : up
Tunnel ID : 0x20021
Broadcast Tunnel ID : 0x20021
CKey : 2
NKey : 1
StpEnable : 0
PwIndex : 1
**PW Information:
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
l Configuration file of P
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 168.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 169.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 168.1.1.0 0.0.0.255
network 169.1.1.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 40
port hybrid tagged vlan 40
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 169.1.1.0 0.0.0.255
#
return
Networking Requirements
As shown in Figure 7-13, PE1 and PE2 are PEs to be enabled with the VPLS function; CE1 is
connected to PE1 and CE2 is connected to PE2; CE1 and CE2 belong to the same VPLS network;
It is required to set up PWs by using BGP as the VPLS signaling, implement the automatic
discovery of VPLS PEs through VPN targets, and implement interworking between CE1 and
CE2.
GE2/0/0 GE2/0/0
PE1 PE2
GE1/0/0 GE1/0/0
GE1/0/0 P GE2/0/0
GE1/0/0 GE1/0/0
CE1 CE2
Loopback1 - 1.1.1.9/32
Loopback1 - 3.3.3.9/32
Loopback1 - 2.2.2.9/32
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l IP addresses of peers
l Names of the VSIs on PE1 and PE2
l BGP AS numbers on PE1 and PE2
l Signaling protocol of a VSI, that is, BGP
l RDs, VPN targets, site IDs of VSIs on PEs
l Interfaces to which VSIs are bound and VLAN IDs of the interfaces
Procedure
Step 1 Configure the VLAN to which each interface belongs according to Figure 7-13.
NOTE
Do not add the AC-side port and PW-side port of a PE to the same VLAN; otherwise, a loop may occur.
Configure an IP address for each interface on the PEs and P as shown in Figure 7-13. When
configuring OSPF, advertise 32-bit loopback interface addresses (LSR IDs) of PE1, P, and PE2.
After the configuration is complete, run the display ip routing-table command on PE1, P, and
PE2. You can view the routes learned by PE1, P, and PE2 from each other.
After the configuration, run the display mpls ldp peer command. You can find that the peer
relationship is established between PE1 and P and between PE2 and P. Run the display mpls
ldp session command on PE1 and PE2, and you can find that an LDP session is set up between
PE1 and PE2. Run the display mpls lsp command, and you can view the setup of the LSP.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.9 as-number 100
[PE1-bgp] peer 3.3.3.9 connect-interface loopback1
[PE1-bgp] vpls-family
[PE1-bgp-af-vpls] peer 3.3.3.9 enable
[PE1-bgp-af-vpls] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback1
[PE2-bgp] vpls-family
[PE2-bgp-af-vpls] peer 1.1.1.9 enable
[PE2-bgp-af-vpls] quit
# Configure PE1.
[PE1] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn
# Configure PE1.
[PE1] vsi bgp1 auto
[PE1-vsi-bgp1] pwsignal bgp
[PE1-vsi-bgp1-bgp] route-distinguisher 168.1.1.1:1
[PE1-vsi-bgp1-bgp] vpn-target 100:1 import-extcommunity
[PE1-vsi-bgp1-bgp] vpn-target 100:1 export-extcommunity
[PE1-vsi-bgp1-bgp] site 1 range 5 default-offset 0
# Configure PE2.
[PE2] vsi bgp1 auto
[PE2-vsi-bgp1] pwsignal bgp
[PE2-vsi-bgp1-bgp] route-distinguisher 169.1.1.2:1
[PE2-vsi-bgp1-bgp] vpn-target 100:1 import-extcommunity
[PE2-vsi-bgp1-bgp] vpn-target 100:1 export-extcommunity
[PE2-vsi-bgp1-bgp] site 2 range 5 default-offset 0
# Create a sub-interface on PE1, allow the sub-interface to receive packets from VLAN 10, and
bind a VSI to the sub-interface.
# Create a sub-interface on PE2, allow the sub-interface to receive packets from VLAN 10, and
bind a VSI to the sub-interface.
[PE2] interface vlanif 40
[PE2-Vlanif40] l2 binding vsi bgp1
# Configure CE2.
<Quidway> sysname CE2
[CE2] interface vlanif 40
[CE2-Vlanif40] ip address 10.1.1.2 255.255.255.0
BGP RD : 168.1.1.1:1
SiteID/Range/Offset : 1/5/0
Import vpn target : 100:1
Export vpn target : 100:1
**PW Information:
Tunnel ID : 0x20021,
Broadcast Tunnel ID : 0x20021
Ckey : 0x3
Nkey : 0x1
Main PW Token : 0x20021
Slave PW Token : 0x0
Tnl Type : LSP
OutInterface : Vlanif20
Stp Enable : 0
Mac Flapping : 0
PW Last Up Time : 2009/02/03 00:32:43
PW Total Up Time : 0 days, 0 hours, 1 minutes, 14 seconds
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
#
return
Networking Requirements
CE1 CE2
As shown in Figure 7-14, CE1 and CE2 belong to the same VPLS. They are connected to the
MPLS backbone network through PE1 and PE2. OSPF is used as the IGP protocol on the MPLS
backbone network.
It is required that VPLS in Martini mode and the dynamic signaling protocol RSVP-TE be used
to establish an MPLS TE tunnel between PE1 and PE2 to carry VPLS services.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a routing protocol on the devices (PEs and the P device) on the backbone network
to make them reachable, and enable MPLS.
2. Establish an MPLS TE tunnel and create a tunnel policy.
3. Enable MPLS L2VPN on PEs.
4. Create VSIs on PEs, specify LDP as the signaling protocol, and bind VSIs to the related
AC interfaces.
5. Configure VSIs to use the MPLS TE tunnel.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Create VLANs and configure interfaces to allow packets of these VLANs to pass.
# Configure PE1.
[Quidway] sysname PE1
[PE1] vlan batch 10 20
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] port link-type trunk
[PE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 20
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] port link-type trunk
[PE1-GigabitEthernet2/0/0] port trunk allow-pass vlan 10
[PE1-GigabitEthernet2/0/0] quit
# The configurations of CE1, CE2, PE2, and P device are the same as the configuration of PE1,
and are not mentioned here.
Step 2 Assign IP addresses to interfaces on the backbone network and configure OSPF.
The configuration details are not mentioned here.
Step 3 Enable MPLS, MPLS TE, MPLS RSVP-TE, and MPLS TE Constraint Shortest Path First
(CSPF).
On the nodes along the MPLS TE tunnel, enable MPLS, MPLS TE, and MPLS RSVP-TE in
both the system view and the interface view. On the ingress node of the tunnel, enable MPLS
TE CSPF in the system view.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] mpls te
[PE1-mpls] mpls rsvp-te
[PE1-mpls] mpls te cspf
[PE1-mpls] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls te
[PE1-Vlanif20] mpls rsvp-te
[PE1-Vlanif20] quit
# Configure PE2.
# Configure PE1.
[PE1] ospf
[PE1-ospf-1] opaque-capability enable
[PE1-ospf-1] area 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] mpls-te enable
# Configure PE2.
[PE2] ospf
[PE2-ospf-1] opaque-capability enable
[PE2-ospf-1] area 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 100.2.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] mpls-te enable
# Create tunnel interfaces on PEs. Specify MPLS TE as the tunneling protocol and RSVP-TE
as the signaling protocol.
# Configure PE1.
[PE1] interface tunnel 1/0/0
[PE1-Tunnel1/0/0] ip address unnumbered interface loopback1
[PE1-Tunnel1/0/0] tunnel-protocol mpls te
[PE1-Tunnel1/0/0] destination 3.3.3.9
[PE1-Tunnel1/0/0] mpls te tunnel-id 100
[PE1-Tunnel1/0/0] mpls te reserved-for-binding
[PE1-Tunnel1/0/0] mpls te commit
# Configure PE2.
[PE2] interface tunnel 1/0/0
[PE2-Tunnel1/0/0] ip address unnumbered interface loopback1
[PE2-Tunnel1/0/0] tunnel-protocol mpls te
[PE2-Tunnel1/0/0] destination 1.1.1.9
[PE2-Tunnel1/0/0] mpls te tunnel-id 100
[PE2-Tunnel1/0/0] mpls te reserved-for-binding
[PE2-Tunnel1/0/0] mpls te commit
After the configuration, run the display this interface command in the tunnel interface view,
and you can view that the value of Line protocol current state is UP. It indicates that the MPLS
TE tunnel is set up successfully. For example, information about PE1 is displayed as follows:
[PE1-Tunnel1/0/0] display this interface
Tunnel1/0/0 current state : UP
Line protocol current state : UP
Description : HUAWEI, Quidway Series, Tunnel1/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500 bytes
Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32)
Encapsulation is TUNNEL, loopback not set
Tunnel destination 3.3.3.9
Tunnel up/down statistics 16
Tunnel protocol/transport MPLS/MPLS, ILM disabled
Run the display tunnel-info all command in the system view, and you can view that the TE
tunnel with the destination address being the peer MPLS LSR ID exists between PEs. For
example, information about PE1 is displayed as follows:
<PE1> display tunnel-info all
* -> Allocated VC Token
Tunnel ID Type Destination Token
----------------------------------------------------------------------
0x10020 cr lsp 3.3.3.9 0
0x10021 lsp -- 1
0x10022 lsp(*) -- 2
# Configure PE2.
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration, an LDP session can be successfully set up between PEs.
For example, information about PE1 is displayed as follows:
<PE1> display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
3.3.3.9:0 Operational DU Passive 0000:00:06 26/26
------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.
# Configure PE2.
[PE2] tunnel-policy policy1
[PE2-tunnel-policy-policy1] tunnel binding destination 1.1.1.9 te tunnel 1/0/0
[PE2-tunnel-policy-policy1] quit
# Configure PE2.
[PE2] mpls l2vpn
# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] pwsignal ldp
[PE2-vsi-a2-ldp] vsi-id 2
[PE2-vsi-a2-ldp] peer 1.1.1.9 tnl-policy policy1
[PE2-vsi-a2-ldp] quit
# Configure PE2.
[PE2] interface vlanif 40
[PE2-Vlanif40] l2 binding vsi a2
[PE2-Vlanif40] quit
# Configure CE1.
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0
[CE1-Vlanif10] quit
# Configure CE2.
After the preceding configurations, run the display vsi name a2 verbose command on PE1, and
you can view that the VSI named a2 has established a PW to PE2, and the VSI is in Up state.
<PE1> display vsi name a2 verbose
***VSI Name : a2
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
Create Time : 1 days, 17 hours, 9 minutes, 10 seconds
VSI State : up
VSI ID : 2
*Peer Router ID : 3.3.3.9
VC Label : 27648
Peer Type : dynamic
Session : up
Tunnel ID : 0x10020
Broadcast Tunnel ID : 0x10020
CKey : 6
NKey : 5
StpEnable : 0
PwIndex : 0
Tunnel Policy Name : policy1
Interface Name : Vlanif10
State : up
Last Up Time : 2009/01/05 18:10:44
Total Up Time : 1 days, 16 hours, 53 minutes, 33 seconds
**PW Information:
*Peer Ip Address : 3.3.3.9
PW State : up
Local VC Label : 27648
Remote VC Label : 27648
PW Type : label
Tunnel ID : 0x10020
Broadcast Tunnel ID : 0x10020
Ckey : 0x6
Nkey : 0x5
Main PW Token : 0x10008
Slave PW Token : 0x0
Tnl Type : LSP
OutInterface : Vlanif20
Stp Enable : 0
Mac Flapping : 0
PW Last Up Time : 2009/01/06 10:03:35
PW Total Up Time : 0 days, 11 hours, 15 minutes, 38 seconds
Run the display mpls lsp include 3.3.3.9 32 verbose command on PE1, and you can view
information about the LSP to 3.3.3.9/32.
<PE1> display mpls lsp include 3.3.3.9 32 verbose
-------------------------------------------------------------------------------
LSP Information: RSVP LSP
-------------------------------------------------------------------------------
No : 1
SessionID : 100
IngressLsrID : 1.1.1.1
LocalLspID : 1
Tunnel-Interface : Tunnel1/0/0
Fec : 3.3.3.9/32
Nexthop : 100.1.1.2
In-Label : NULL
Out-Label : 9217
In-Interface : ----------
Out-Interface : Vlanif20
LspIndex : 2048
Token : 0x10080
LsrType : Ingress
Mpls-Mtu : 1500
TimeStamp : 2040sec
Bfd-State : ---
Run the display vsi pw out-interface vsi a2 command on PE1, and you can view that the
outbound interface of the MPLS TE tunnel between 1.1.1.9 and 3.3.3.9 is Tunnel 1/0/0, but the
actual outbound interface is VLANIF20.
<PE1> display vsi pw out-interface vsi a2
Total: 1
--------------------------------------------------------------------------------
Vsi Name peer vcid interface
--------------------------------------------------------------------------------
a2 3.3.3.9 100 Tunnel1/0/0
Vlanif20
After CE1 pings CE2, run the display interface tunnel 1/0/0 command on the PE to view tunnel
interface information, and you can view that the number of packets passing through the interface
increases. For example, information about PE1 is displayed as follows:
<PE1> display interface tunnel 1/0/0
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.9 tnl-policy policy1
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface Vlanif 30
ip address 100.2.1.2 255.255.255.0
ospf cost 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40
l2 binding vsi a2
#
interface GigabitEtherne1/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 30
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
interface Tunnel1/0/0
ip address unnumbered interface LoopBack1
tunnel-protocol mpls te
destination 1.1.1.9
mpls te tunnel-id 100
mpls te reserved-for-binding
mpls te commit
#
ospf 1
opaque-capability enable
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 100.2.1.0 0.0.0.255
mpls-te enable
#
tunnel-policy policy1
tunnel binding destination 1.1.1.9 te Tunnel1/0/0
#
return
l Configuration file of CE2
#
sysname CE2
#
vlan batch 40
#
interface Vlanif40
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
return
Networking Requirements
As shown in Figure 7-15, Site 1, Site 2, and Site 3 belong to the same VPLS; CE1 and CE2
access the basic VPLS fully-connected network through UPEs and CE3 accesses the network
through a PE.
GE1/0/0
GE1/0/0 PE
GE2/0/0
Loopback1 SPE GE2/0/0
1.1.1.9/32
GE3/0/0
UPE
GE1/0/0
GE1/0/0 GE2/0/0
CE3
GE1/0/0
CE1 GE1/0/0 CE2 Site3
Site1 Site2
Loopback1 - 1.1.1.9/32
Loopback1 - 2.2.2.9/32
Loopback1 - 3.3.3.9/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Complete the task of Configuring Martini VPLS between SPEs and PEs.
2. Establish the MPLS LDP peer relationship between UPEs and SPEs.
3. Create a VSI on an SPE, and specify the UPE as its PE of the lower layer.
4. Create a VSI on a UPE, and specify the SPE as the peer of the VSI.
5. Configure CE1 and CE2 to access UPE, and configure CE3 to access PE.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the VLAN to which each interface belongs according to Figure 7-15.
The configuration details are not mentioned here.
NOTE
Do not add the AC-side port and PW-side port of a PE to the same VLAN; otherwise, a loop may occur.
# Configure CE1.
<Quidway> sysname CE1
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0
# Configure CE2.
<Quidway> sysname CE2
[CE2] interface vlanif 20
[CE2-Vlanif20] ip address 10.1.1.2 255.255.255.0
# Configure CE3.
<Quidway> sysname CE3
[CE3] interface vlanif 50
[CE3-Vlanif50] ip address 10.1.1.3 255.255.255.0
After the preceding configurations, run the display vsi name v123 verbose command on the
SPE. You can view that the VSI named v123 is in the Up state and the corresponding PW is also
in the Up state.
<SPE> display vsi name v123 verbose
VSI ID : 123
*Peer Router ID : 3.3.3.9
VC Label : 27648
Peer Type : dynamic
Session : up
Tunnel ID : 0x20022
Broadcast Tunnel ID : 0x20022
CKey : 6
NKey : 5
StpEnable : 0
PwIndex : 0
**PW Information:
CE1, CE2, and CE3 can ping each other successfully. After you run the shutdown command
on the interface to which the VSI is bound of the UPE or PE, CE2 and CE3 cannot ping each
other successfully. This indicates that user data is transmitted through the PW of this VSI.
----End
Configuration Files
l Configuration file of the UPE
#
sysname UPE
#
vlan batch 10 20 30
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi v123 static
pwsignal ldp
vsi-id 123
peer 2.2.2.9
#
mpls ldp
#
interface Vlanif10
l2 binding vsi v123
#
interface Vlanif20
l2 binding vsi v123
#
interface Vlanif30
ip address 100.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid tagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface GigabitEthernet3/0/0
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 100.1.1.0 0.0.0.255
#
return
l Configuration file of the SPE
#
sysname SPE
#
vlan batch 30 40
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
#
vsi v123 static
pwsignal ldp
vsi-id 123
peer 3.3.3.9
peer 1.1.1.9 upe
#
mpls ldp
#
interface Vlanif 30
ip address 100.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 100.2.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 40
port hybrid tagged vlan 40
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 100.2.1.0 0.0.0.255
network 100.1.1.0 0.0.0.255
#
return
l Configuration file of the PE
#
sysname PE
#
vlan batch 40 50
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi v123 static
pwsignal ldp
vsi-id 123
peer 2.2.2.9
#
mpls ldp
#
interface Vlanif40
ip address 100.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
l2 binding vsi v123
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 40
port hybrid tagged vlan 40
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 50
port hybrid tagged vlan 50
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 100.2.1.0 0.0.0.255
network 3.3.3.9 0.0.0.0
#
return
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
l Configuration file of CE2
#
sysname CE2
#
vlan batch 20
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
return
l Configuration file of CE3
#
sysname CE3
#
vlan batch 50
#
interface Vlanif50
ip address 10.1.1.3 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 50
#
return
Networking Requirements
As shown in Figure 7-16, UPEs do not support dynamic VLLs, and access SPEs through static
VLLs; VLLs are set up between UPEs and SPEs in SVC mode; CE1 and CE2 access the VPLS
fully-connected VPLS network through UPEs.
Figure 7-16 Networking diagram for configuring static VLLs to access a VPLS network
Loopback1 Loopback1 Loopback1
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE1/0/0 GE1/0/0
SPE1 SPE2
GE1/0/0 GE2/0/0
GE2/0/0 P GE2/0/0
Loopback1 Loopback1
4.4.4.9/32 5.5.5.9/32
GE1/0/0 GE1/0/0
UPE1 UPE2
GE2/0/0 GE2/0/0
GE1/0/0 GE1/0/0
CE1 CE2
Loopback1 - 4.4.4.9/32
Loopback1 - 1.1.1.9/32
Loopback1 - 2.2.2.9/32
Loopback1 - 3.3.3.9/32
Loopback1 - 5.5.5.9/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Complete the task of Configuring Martini VPLS between SPEs.
2. Configure basic MPLS L2VPN functions on UPEs and SPEs.
3. Configure static VLLs and VSIs on SPEs and enable MAC-withdraw function on the VSIs.
4. Configure UPEs to access SPEs through static VLLs.
Data Preparation
To complete the configuration, you need the following data:
l Names and IDs of VSIs
l MPLS LSR IDs of UPEs and SPEs, which are used as peer IP addresses
l Routing protocol
l Received and sent labels on static LSPs between UPEs and SPEs
Procedure
1. Configure IP addresses for interfaces.
As shown in Figure 7-16, configure the VLAN to which each interface belongs, and
configure the IP addresses and masks for loopback interfaces and VLANIF interfaces. The
details are not mentioned here.
NOTE
Do not add the AC-side port and PW-side port of a PE to the same VLAN; otherwise, a loop may
occur.
2. Configure an IGP.
Configure OSPF on SPEs and the P device to advertise the network segment and LSR IDs.
# Configure SPE1.
<SPE1> system-view
[SPE1] ospf
[SPE1-ospf-1] area 0
[SPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[SPE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255
[SPE1-ospf-1-area-0.0.0.0] network 100.1.3.0 0.0.0.255
[SPE1-ospf-1-area-0.0.0.0] quit
[SPE1-ospf-1] quit
# Configure P.
<P> system-view
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure SPE2.
<SPE2> system-view
[SPE2] ospf
[SPE2-ospf-1] area 0
[SPE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[SPE2-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.255
[SPE2-ospf-1-area-0.0.0.0] network 100.1.4.0 0.0.0.255
[SPE2-ospf-1-area-0.0.0.0] quit
[SPE2-ospf-1] quit
# Configure UPE1.
<UPE1> system-view
[UPE1] ospf
[UPE1-ospf-1] area 0
[UPE1-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0
[UPE1-ospf-1-area-0.0.0.0] network 100.1.3.0 0.0.0.255
[UPE1-ospf-1-area-0.0.0.0] quit
[UPE1-ospf-1] quit
# Configure UPE2.
<UPE2> system-view
[UPE2] ospf
[UPE2-ospf-1] area 0
[UPE2-ospf-1-area-0.0.0.0] network 5.5.5.9 0.0.0.0
[UPE2-ospf-1-area-0.0.0.0] network 100.1.4.0 0.0.0.255
[UPE2-ospf-1-area-0.0.0.0] quit
[UPE2-ospf-1] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit
[P] interface vlanif 40
[P-Vlanif40] mpls
[P-Vlanif40] mpls ldp
[P-Vlanif40] quit
# Configure SPE2.
[SPE2] mpls lsr-id 3.3.3.9
[SPE2] mpls
[SPE2-mpls] quit
[SPE2] quit
[SPE2] mpls ldp
[SPE2-mpls-ldp] quit
[SPE2] interface vlanif 40
[SPE2-Vlanif40] mpls
[SPE2-Vlanif40] mpls ldp
[SPE2-Vlanif40] quit
[SPE2] interface vlanif 50
[SPE2-Vlanif50] mpls
[SPE2-Vlanif50] quit
After the configuration, run the display mpls ldp session command on SPE1, P, and SPE2.
You can find that the Status of the peer relationship between SPE1 and P or between SPE2
and P is Operational, which indicates that the peer relationship is established. Run the
display mpls lsp command, and you can view the setup of the LSP.
Take the display on SPE1 as an example.
<SPE1> display mpls ldp session
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Passive 0002:00:01 7/7
------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.
# Configure SPE2.
[SPE2] mpls ldp remote-peer 1.1.1.9
[SPE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[SPE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration, run the display mpls ldp session command on SPE1 and SPE2.
You can find that the status of the peer relationship between SPE1 and SPE2 is
Operational. That is, the peer relationship is established.
Take the display on SPE1 as an example.
<SPE1> display mpls ldp session
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational DU Passive 000:00:05 24/24
3.3.3.9:0 Operational DU Passive 000:00:01 5/5
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
# Configure UPE2.
[UPE2] mpls lsr-id 5.5.5.9
[UPE2] mpls
[UPE2-mpls] quit
[UPE2] interface vlanif 50
[UPE2-Vlanif50] mpls
[UPE2-Vlanif50] quit
[UPE2] static-lsp ingress UPE2toSPE2 destination 3.3.3.9 32 nexthop 100.1.4.1
out-label 40
[UPE2] static-lsp egress SPE2toUPE2 incoming-interface vlanif 50 in-label 50
# Configure SPE1.
[SPE1] static-lsp ingress SPE1toUPE1 destination 4.4.4.9 32 nexthop 100.1.3.2
out-label 30
[SPE1] static-lsp egress UPE1toSPE1 incoming-interface vlanif 20 in-label 20
# Configure SPE2.
[SPE2] static-lsp ingress SPE2toUPE2 destination 5.5.5.9 32 nexthop 100.1.4.2
out-label 50
[SPE2] static-lsp egress UPE2toSPE2 incoming-interface vlanif 50 in-label 40
6. Enable MPLS L2VPN on UPEs and configure the UPEs to access SPEs through static
VLLs.
# Configure UPE1.
<UPE1> system-view
[UPE1] mpls l2vpn
[UPE1-l2vpn] quit
[UPE1] interface vlanif 10
[UPE1-Vlanif10] mpls static-l2vc destination 1.1.1.9 transmit-vpn-label 100
receive-vpn-label 100
[UPE1-Vlanif10] quit
# Configure UPE2.
<UPE2> system-view
[UPE2] mpls l2vpn
[UPE2-l2vpn] quit
[UPE2] interface vlanif 60
[UPE2-Vlanif60] mpls static-l2vc destination 3.3.3.9 transmit-vpn-label 100
receive-vpn-label 100
[UPE2-Vlanif60] quit
# Configure SPE2.
<SPE2> system-view
[SPE2] mpls l2vpn
[SPE2] vsi V100 static
[SPE2-vsi-V100] pwsignal ldp
[SPE2-vsi-V100-ldp] vsi-id 100
[SPE2-vsi-V100-ldp] mac-withdraw enable
[SPE2-vsi-V100-ldp] peer 1.1.1.9
[SPE2-vsi-V100-ldp] peer 5.5.5.9 static-upe trans 100 recv 100
[SPE2-vsi-V100-ldp] quit
Run the display vsi name V100 command on SPEs, and you can find that the VSI named
V100 is Up and the corresponding PW is also Up. Take the display on SPE1 as an example.
<SPE1> display vsi name V100 verbose
VSI ID : 100
*Peer Router ID : 3.3.3.9
VC Label : 27648
Peer Type : dynamic
Session : up
Tunnel ID : 0x10021
Broadcast Tunnel ID : 0x10021
CKey : 6
NKey : 5
StpEnable : 0
PwIndex : 0
**PW Information:
CE1 and CE2, which reside in the same network segment, can ping each other successfully.
After you run the shutdown command on VLANIF 10 (to which the VSI is bound) of
UPE1, CE1 and CE2 cannot ping each other successfully. This indicates that user data is
transmitted through the PW of this VSI.
Before VLANIF 20 of SPE1 is shut down, check the MAC addresses learnt by the VSI on
SPE2.
<SPE2> display mac-address dynamic
MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID
VSI/SI
----------------------------------------------------------------------------
After VLANIF 20 of SPE1 is shut down, the VSI bound to the static VLL becomes Down.
Check MAC addresses learnt by the VSI on SPE2, and you can find that one MAC address
learned from VLANIF 20 is deleted.
<SPE2> display mac-address dynamic
MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID
VSI/SI
----------------------------------------------------------------------------
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
#
return
l Configuration file of P
#
sysname P
#
vlan batch 30 40
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif30
ip address 100.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 100.1.2.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 40
port hybrid tagged vlan 40
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 100.1.1.0 0.0.0.255
network 100.1.2.0 0.0.0.255
#
return
l Configuration file of SPE2
#
sysname SPE2
#
vlan batch 40 50
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi V100 static
pwsignal ldp
vsi-id 100
peer 1.1.1.9
peer 5.5.5.9 static-upe tran 100 recv 100
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface Vlanif40
ip address 100.1.2.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
ip address 100.1.4.1 255.255.255.0
mpls
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 40
port hybrid tagged vlan 40
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 50
port hybrid tagged vlan 50
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 100.1.2.0 0.0.0.255
network 100.1.4.0 0.0.0.255
#
static-lsp ingress SPE2toUPE2 destination 5.5.5.9 32 nexthop 100.1.4.2 out-
labe
l 50
static-lsp egress UPE2toSPE2 incoming-interface Vlanif 50 in-label 40
#
return
Networking Requirements
As shown in Figure 7-17, VLLs are set up between UPEs and SPEs in Martini mode. CE1 and
CE2 access the full-meshed VPLS network through UPEs.
o
4. c
VLANIF 30 VLANIF 40 5. c
o
5. k1
Lo
100.1.4.2/24 9
100.1.3.2/24
UPE1 UPE2
GE1/0/0
GE1/0/0
VLANIF 60
VLANIF 50
GE1/0/0 GE1/0/0
VLANIF50 VLANIF 60
10.1.1.1/24 10.1.1.2/24
CE1 CE2
Loopback1 - 1.1.1.9/32
loopback1 - 2.2.2.9/32
Loopback1 - 4.4.4.9/32
Loopback1 - 5.5.5.9/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a routing protocol on the backbone network.
2. Configure the basic MPLS functions on the UPEs and SPEs and set up LSP tunnels.
3. Configure the MPLS L2VPN capability on the UPEs and SPEs.
4. Configure dynamic VLLs on the UPEs.
5. Configure VSIs on the SPEs and configure the SPEs to access VPLS through VLL.
Data Preparation
To complete the configuration, you need the following data:
l VLANs configured on the interfaces and IP addresses of the interfaces on UPEs and SPEs
l Names and IDs of VSIs
l MPLS LSR IDs of UPEs and SPEs, which are used as peer IP addresses
l Routing protocol
l VC ID of the L2VC
Procedure
Step 1 Create VLANs and add interfaces to the VLANs.
The configuration details are not mentioned here.
Step 2 Set IP addresses.
Set the IP addresses and masks of the interfaces, including VLANIF interfaces and loopback
interfaces, on the UPEs and SPEs according to Figure 7-17.
The configuration details are not mentioned here.
Step 3 Configure an IGP protocol.
Run OSPF on the SPEs and P to advertise the routes of the network segment and LSR IDs.
# Configure SPE1.
<SPE1> system-view
[SPE1] ospf
[SPE1-ospf-1] area 0
[SPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[SPE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255
[SPE1-ospf-1-area-0.0.0.0] network 100.1.3.0 0.0.0.255
[SPE1-ospf-1-area-0.0.0.0] quit
[SPE1-ospf-1] quit
# Configure P.
<P> system-view
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure SPE2.
<SPE2> system-view
[SPE2] ospf
[SPE2-ospf-1] area 0
[SPE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[SPE2-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.255
[SPE2-ospf-1-area-0.0.0.0] network 100.1.4.0 0.0.0.255
[SPE2-ospf-1-area-0.0.0.0] quit
[SPE2-ospf-1] quit
# Configure UPE1.
<UPE1> system-view
[UPE1] ospf
[UPE1-ospf-1] area 0
[UPE1-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0
[UPE1-ospf-1-area-0.0.0.0] network 100.1.3.0 0.0.0.255
[UPE1-ospf-1-area-0.0.0.0] quit
[UPE1-ospf-1] quit
# Configure UPE2.
<UPE2> system-view
[UPE2] ospf
[UPE2-ospf-1] area 0
[UPE2-ospf-1-area-0.0.0.0] network 5.5.5.9 0.0.0.0
[UPE2-ospf-1-area-0.0.0.0] network 100.1.4.0 0.0.0.255
[UPE2-ospf-1-area-0.0.0.0] quit
[UPE2-ospf-1] quit
# Configure P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 10
[P-Vlanif10] mpls
[P-Vlanif10] mpls ldp
[P-Vlanif10] quit
[P] interface vlanif 10
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
# Configure SPE2.
[SPE2] mpls lsr-id 3.3.3.9
[SPE2] mpls
[SPE2-mpls] quit
[SPE2] mpls ldp
[SPE2-mpls-ldp] quit
[SPE2] interface vlanif 20
[SPE1-Vlanif20] mpls
[SPE1-Vlanif20] mpls ldp
[SPE1-Vlanif20] quit
[SPE2] interface vlanif 40
[SPE1-Vlanif40] mpls
[SPE1-Vlanif40] mpls ldp
[SPE1-Vlanif40] quit
# Configure UPE1.
[UPE1] mpls lsr-id 4.4.4.9
[UPE1] mpls
[UPE1-mpls] quit
[UPE1] mpls ldp
[UPE1-mpls-ldp] quit
[UPE1] interface vlanif 30
[UPE1-Vlanif30] mpls
[UPE1-Vlanif30] mpls ldp
[UPE1-Vlanif30] quit
# Configure UPE2.
[UPE2] mpls lsr-id 5.5.5.9
[UPE2] mpls
[UPE2-mpls] quit
[UPE2] mpls ldp
[UPE2-mpls-ldp] quit
[UPE2] interface vlanif 40
[UPE2-Vlanif40] mpls
[UPE2-Vlanif40] mpls ldp
[UPE2-Vlanif40] quit
After the configuration, run the display mpls ldp session command on UPEs, P, and SPEs. You
can see that the peer relationship is set up between SPE and UPE, or between SPE and P. The
status of the peer relationship is Operational. Run the display mpls lsp command, and you can
view the status of the LSPs.
Step 5 Set up remote LDP sessions between SPEs.
# Configure SPE1.
[SPE1] mpls ldp remote-peer 3.3.3.9
[SPE1-mpls-ldp-remote-1] remote-ip 3.3.3.9
[SPE1-mpls-ldp-remote-1] quit
# Configure SPE2.
[SPE2] mpls ldp remote-peer 1.1.1.9
[SPE2-mpls-ldp-remote-1] remote-ip 1.1.1.9
[SPE2-mpls-ldp-remote-1] quit
Step 6 Enable the MPLS L2VPN function and configure Martini VLLs on the UPEs.
# Configure UPE1.
# Configure UPE2.
[UPE2] mpls l2vpn
[UPE2-l2vpn] quit
[UPE2] interface vlanif 60
[UPE2-Vlanif60] mpls l2vc 3.3.3.9 100
[UPE2-Vlanif60] quit
Step 7 Enable the MPLS L2VPN function and configure VSIs on SPEs.
# Configure SPE1.
[SPE1] mpls l2vpn
[SPE1-l2vpn] quit
[SPE1] vsi v100 static
[SPE1-vsi-v100] pwsignal ldp
[SPE1-vsi-v100-ldp] vsi-id 100
[SPE1-vsi-v100-ldp] peer 3.3.3.9
[SPE1-vsi-v100-ldp] peer 4.4.4.9 upe
[SPE1-vsi-v100-ldp] quit
# Configure SPE2.
[SPE2] mpls l2vpn
[SPE2-l2vpn] quit
[SPE2] vsi v100 static
[SPE2-vsi-v100] pwsignal ldp
[SPE2-vsi-v100-ldp] vsi-id 100
[SPE2-vsi-v100-ldp] peer 1.1.1.9
[SPE2-vsi-v100-ldp] peer 5.5.5.9 upe
[SPE2-vsi-v100-ldp] quit
After the configuration, run the display mpls l2vc command on the UPEs. You can find that the
dynamic VLLs are established and the VC status is Up. Take the display on UPE1 as an example.
[UPE1] display mpls l2vc
total LDP VC : 1 1 up 0 down
Run the display vsi name v100 command on an SPE, and you can see that the VSI named
v100 is in Up state and the PW is also in Up state. Take the display on SPE1 as an example.
<SPE1> display vsi name v100
Vsi Mem PW Mac Encap Mtu Vsi
Name Disc Type Learn Type Value State
v100 static ldp unqualify vlan 1500 up
CE1 and CE2, which are located on the same network segment, can ping each other.
[CE1] ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 ms
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 ms
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 ms
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 ms
--- 10.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/68/94 ms
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 50
#
interface Vlanif 50
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 50
#
return
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 30
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 100.1.1.0 0.0.0.255
network 100.1.3.0 0.0.0.255
#
return
l Configuration file of P
#
sysname P
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif 10
ip address 100.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 20
ip address 100.1.2.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 100.1.1.0 0.0.0.255
network 100.1.2.0 0.0.0.255
#
return
l Configuration file of SPE2
#
sysname SPE2
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi v100 static
pwsignal ldp
vsi-id 100
mac-withdraw enable
peer 1.1.1.9
peer 5.5.5.9 upe
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface Vlanif 20
ip address 100.1.2.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 40
ip address 100.1.4.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 100.1.2.0 0.0.0.255
network 100.1.4.0 0.0.0.255
#
return
l Configuration file of UPE2
#
sysname UPE2
#
vlan batch 40 60
#
mpls lsr-id 5.5.5.9
mpls
#
mpls l2vpn
mpls l2vpn default martini
#
mpls ldp
#
interface Vlanif 40
ip address 100.1.4.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif 60
mpls l2vc 3.3.3.9 100
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 60
#
interface LoopBack1
ip address 5.5.5.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 5.5.5.9 0.0.0.0
network 100.1.4.0 0.0.0.255
#
return
Networking Requirements
As shown in Figure 7-18, the Option A scheme is adopted to establish the inter-AS Martini
VPLS. The MPLS backbone network in an AS uses IS-IS as the IGP protocol.
Figure 7-18 Networking diagram for configuring inter-AS Martini VPLS Option A
GE1/0/0 GE1/0/0
PE1 ASBR-PE1 ASBR-PE2 PE2
GE1/0/0 GE2/0/0
GE1/0/0 GE1/0/0
CE1 CE2
Loopback1 - 1.1.1.1/32
Loopback1 - 2.2.2.2/32
Loopback1 - 3.3.3.3/32
Loopback1 - 4.4.4.4/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Run an IGP on the MPLS backbone network so that devices in the same AS can interwork.
2. Configure basic MPLS functions on devices in the backbone network and establish dynamic
LSPs between PEs and ASBR-PEs in the same AS. Establish remote LDP sessions if PEs
and ASBR-PEs are indirectly connected.
3. Establish VPLS connections between PEs and ASBR-PEs in the same AS.
Data Preparation
To complete the configuration, you need the following data:
l IS-IS data
l IP addresses of remote peers
l MPLS LSR IDs on PEs and ASBR-PEs
l VSI IDs
Procedure
Step 1 Configure the VLAN to which each interface belongs according to Figure 7-18.
The configuration details are not mentioned here.
NOTE
Do not add the AC-side port and PW-side port of a PE to the same VLAN; otherwise, a loop may occur.
ASBR-PEs and PEs in the same AS can ping each other successfully.
Take the display on PE1 as an example.
<PE1> ping 2.2.2.2
PING 2.2.2.2: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=180 ms
Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=90 ms
Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=60 ms
# Configure PE2.
[PE2] mpls l2vpn
# Configure ASBR-PE1.
[ASBR-PE1] mpls l2vpn
# Configure ASBR-PE2.
[ASBR-PE2] mpls l2vpn
# Configure ASBR-PE1.
[ASBR-PE1] vsi a1 static
[ASBR-PE1-vsi-a1] pwsignal ldp
[ASBR-PE1-vsi-a1-ldp] vsi-id 2
[ASBR-PE1-vsi-a1-ldp] peer 1.1.1.1
[ASBR-PE1-vsi-a1-ldp] quit
[ASBR-PE1-vsi-a1] quit
[ASBR-PE1] interface vlanif 30
[ASBR-PE1-Vlanif30] l2 binding vsi a1
[ASBR-PE1-Vlanif30] quit
# Configure ASBR-PE2.
[ASBR-PE2] vsi a1 static
[ASBR-PE2-vsi-a1] pwsignal ldp
[ASBR-PE2-vsi-a1-ldp] vsi-id 3
[ASBR-PE2-vsi-a1-ldp] peer 4.4.4.4
[ASBR-PE2-vsi-a1-ldp] quit
[ASBR-PE2-vsi-a1] quit
[ASBR-PE2] interface vlanif 30
[ASBR-PE2-Vlanif30] l2 binding vsi a1
[ASBR-PE2-Vlanif30] quit
# Configure PE2.
[PE2] vsi a1 static
[PE2-vsi-a1] pwsignal ldp
[PE2-vsi-a1-ldp] vsi-id 3
[PE2-vsi-a1-ldp] peer 3.3.3.3
[PE2-vsi-a1-ldp] quit
[PE2-vsi-a1] quit
[PE2] interface vlanif 50
[PE2-Vlanif50] l2 binding vsi a1
[PE2-Vlanif50] quit
# Configure CE2.
[CE2] interface vlanif 50
[CE2-Vlanif50] ip address 10.1.1.2 24
[CE2-Vlanif50] quit
***VSI Name : a1
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 0
Domain Name :
Ignore AcState : disable
Create Time : 0 days, 3 hours, 30 minutes, 31 seconds
VSI State : up
VSI ID : 2
*Peer Router ID : 2.2.2.2
VC Label : 23552
Peer Type : dynamic
Session : up
Tunnel ID : 0x20020
Broadcast Tunnel ID : 0x20020
CKey : 6
NKey : 5
StpEnable : 0
PwIndex : 0
**PW Information:
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
l Configuration file of PE1
#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi a1 static
pwsignal ldp
vsi-id 2
peer 2.2.2.2
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
l2 binding vsi a1
#
interface Vlanif20
ip address 100.1.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
return
l Configuration file of ASBR-PE1
#
sysname ASBR-PE1
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
#
vsi a1 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0002.00
#
interface Vlanif20
ip address 100.1.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Vlanif30
l2 binding vsi a1
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 30
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
isis enable 1
#
return
l Configuration file of ASBR-PE2
#
sysname ASBR-PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi a1 static
pwsignal ldp
vsi-id 3
peer 4.4.4.4
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0003.00
#
interface Vlanif30
l2 binding vsi a1
#
interface Vlanif40
ip address 200.1.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 40 50
#
mpls lsr-id 4.4.4.4
mpls
#
mpls l2vpn
#
vsi a1 static
pwsignal ldp
vsi-id 3
peer 3.3.3.3
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0004.00
#
interface Vlanif40
ip address 200.1.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Vlanif50
l2 binding vsi a1
#
interface GigabitEthernet1/0/0
port link-type trunk
port default vlan 40
#
interface GigabitEthernet2/0/0
port link-type trunk
port default vlan 50
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
isis enable 1
#
return
It is required to adopt Option A to implement inter-AS Kompella VPLS. The interfaces that
connect ASBR-PEs serve as AC interfaces to which VSIs are bound, that is, the interfaces are
exclusively used by the VPLS.
Figure 7-19 Networking diagram for configuring inter-AS Kompella VPLS Option A
GE1/0/0 GE1/0/0
CE1 CE2
Loopback1 - 1.1.1.1/32
Loopback1 - 2.2.2.2/32
Loopback1 - 3.3.3.3/32
Loopback1 - 4.4.4.4/32
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an IGP on the backbone network to implement the connectivity between ASBR-
PEs and PEs and set up tunnels between PEs.
2. Establish MP IBGP peer relationships between PEs and ASBR-PEs in the same AS.
3. Configure VSIs on PE1, ASBR-PE1, ASBR-PE2, and PE2 and bind the VSIs to related
AC interfaces.
Data Preparation
To complete the configuration, you need the following data:
l IS-IS data
l MPLS LSR IDs of PEs and ASBR-PEs (IP addresses of the loopback interfaces on peers)
l CE IDs and CE ranges
l IP addresses of interfaces connecting CEs to PEs (No IP address is required for interfaces
connecting PEs to CEs.)
Procedure
Step 1 Configure the VLAN to which each interface belongs according to Figure 7-19.
The configuration details are not mentioned here.
NOTE
Do not add the AC-side port and PW-side port of a PE to the same VLAN; otherwise, a loop may occur.
ASBR-PEs and PEs in the same AS can ping Loopback1 of each other successfully. Take ASBR-
PE1 as an example.
<ASBR-PE1> ping 1.1.1.1
PING 1.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=255 time=47 ms
Reply from 1.1.1.1: bytes=56 Sequence=2 ttl=255 time=31 ms
Reply from 1.1.1.1: bytes=56 Sequence=3 ttl=255 time=31 ms
Reply from 1.1.1.1: bytes=56 Sequence=4 ttl=255 time=31 ms
Reply from 1.1.1.1: bytes=56 Sequence=5 ttl=255 time=31 ms
# Configure ASBR-PE1.
<ASBR-PE1> system-view
[ASBR-PE1] bgp 100
[ASBR-PE1-bgp] peer 1.1.1.1 as-number 100
[ASBR-PE1-bgp] peer 1.1.1.1 connect-interface loopback 1
[ASBR-PE1-bgp] vpls-family
[ASBR-PE1-bgp-af-vpls] peer 1.1.1.1 enable
The configurations of AS 200 are similar to those of AS 100, and thus are not mentioned here.
After this step, run the display bgp vpls peer command on PEs or ASBR-PEs, and you can find
that MP-IBGP peer connections are in the Established state.
# Configure ASBR-PE1.
[ASBR-PE1] mpls l2vpn
# Configure ASBR-PE2.
[ASBR-PE2] mpls l2vpn
# Configure PE2.
[PE2] mpls l2vpn
Step 6 Configure VSIs on PEs and ASBR-PEs and bind the VSIs to related AC interfaces.
# Configure PE1.
[PE1] vsi v1 auto
[PE1-vsi-v1] pwsignal bgp
[PE1-vsi-v1-bgp] route-distinguisher 100:1
[PE1-vsi-v1-bgp] vpn-target 1:1 import-extcommunity
[PE1-vsi-v1-bgp] vpn-target 1:1 export-extcommunity
[PE1-vsi-v1-bgp] site 1 range 5 default-offset 0
[PE1-vsi-v1-bgp] quit
[PE1-vsi-v1] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] l2 binding vsi v1
[PE1-Vlanif10] quit
# Configure ASBR-PE1.
[ASBR-PE1] vsi v1 auto
[ASBR-PE1-vsi-v1] pwsignal bgp
[ASBR-PE1-vsi-v1-bgp] route-distinguisher 100:2
[ASBR-PE1-vsi-v1-bgp] vpn-target 1:1 import-extcommunity
[ASBR-PE1-vsi-v1-bgp] vpn-target 1:1 export-extcommunity
[ASBR-PE1-vsi-v1-bgp] site 2 range 5 default-offset 0
[ASBR-PE1-vsi-v1-bgp] quit
[ASBR-PE1-vsi-v1] quit
[ASBR-PE1] interface vlanif 30
[ASBR-PE1-Vlanif30] l2 binding vsi v1
[ASBR-PE1-Vlanif30] quit
# Configure ASBR-PE2.
[ASBR-PE2] vsi v1 auto
[ASBR-PE2-vsi-v1] pwsignal bgp
[ASBR-PE2-vsi-v1-bgp] route-distinguisher 200:1
[ASBR-PE2-vsi-v1-bgp] vpn-target 1:1 import-extcommunity
[ASBR-PE2-vsi-v1-bgp] vpn-target 1:1 export-extcommunity
[ASBR-PE2-vsi-v1-bgp] site 1 range 5 default-offset 0
[ASBR-PE2-vsi-v1-bgp] quit
[ASBR-PE2-vsi-v1] quit
# Configure PE2.
[PE2] vsi v1 auto
[PE2-vsi-v1] pwsignal bgp
[PE2-vsi-v1-bgp] route-distinguisher 200:2
[PE2-vsi-v1-bgp] vpn-target 1:1 import-extcommunity
[PE2-vsi-v1-bgp] vpn-target 1:1 export-extcommunity
[PE2-vsi-v1-bgp] site 2 range 5 default-offset 0
[PE2-vsi-v1-bgp] quit
[PE2-vsi-v1] quit
[PE2] interface vlanif 50
[PE2-Vlanif50] l2 binding vsi v1
[PE2-Vlanif50] quit
# Configure CE2.
[CE2] interface vlanif 50
[CE2-Vlanif50] ip address 10.1.1.2 24
[CE2-Vlanif50] quit
Run the display bgp vpls all command on a PE or an ASBR-PE, and you can view information
about the VPLS label block of BGP.
Take ASBR-PE1 as an example.
<ASBR-PE1> display bgp vpls all
BGP Local Router ID : 2.2.2.2, Local AS Number : 100
Status codes : * - active, > - best
BGP.VPLS : 2 Label Blocks
--------------------------------------------------------------------------------
Route Distinguisher: 100:1
SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref
--------------------------------------------------------------------------------
*> 1 0 1.1.1.1 5 31744 0x0 1.1.1.1 0
--------------------------------------------------------------------------------
Route Distinguisher: 100:2
SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref
--------------------------------------------------------------------------------
> 2 0 0.0.0.0 5 31744 0x0 0.0.0.0 0
----End
Configuration Files
l Configuration file of CE1
#
sysname CE1
#
vlan batch 10
#
interface GigabitEthernet1/0/0
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
return
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
isis enable 1
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
vpls-family
policy vpn-target
peer 1.1.1.1 enable
#
return
l Configuration file of ASBR-PE2
#
sysname ASBR-PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi v1 auto
pwsignal bgp
route-distinguisher 200:1
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
site 1 range 5 default-offset 0
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0003.00
#
interface Vlanif30
l2 binding vsi v1
#
interface Vlanif40
ip address 100.3.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
bgp 200
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 4.4.4.4 enable
#
vpls-family
policy vpn-target
peer 4.4.4.4 enable
#
return
l Configuration file of PE2
#
sysname PE2
#
vlan batch 40 50
#
mpls lsr-id 4.4.4.4
mpls
#
mpls l2vpn
#
vsi v1 auto
pwsignal bgp
route-distinguisher 200:2
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
site 2 range 5 default-offset 0
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0004.00
#
interface Vlanif40
ip address 100.3.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Vlanif50
l2 binding vsi v1
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 50
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
isis enable 1
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
#
vpls-family
policy vpn-target
peer 3.3.3.3 enable
#
return
l Configuration file of CE2
#
sysname CE2
#
vlan batch 50
#
interface Vlanif 50
ip address 100.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 50
#
return
This chapter describes the rationale, application, and configuration of VPLS convergence.
8.1 VPLS Convergence Overview
This section describes the principle and concepts of VPLS convergence.
8.2 VPLS Convergence Supported by the S7700
This section describes the VPLS convergence features supported by the S7700.
8.3 Configuring VPLS Convergence (UPE Directly Connected to the NPE)
This section describes how to configure VPLS convergence when the UPE is directly connected
to the NPE.
8.4 Configuring BFD for VSI PW
If a BFD session is bound to the mVSI PW, you can monitor the service VSI by monitoring the
status of the mVSI PW.
8.5 Maintaining VPLS Convergence
This section describes how to debug VPLS convergence.
8.6 Configuration Examples
This section provides a configuration example of VPLS convergence.
The Ethernet switching technology has been mainly applied to the Local Area Network (LAN)
for a long time. With the advantages of expanding bandwidth, simplicity, and cost-efficiency,
the Ethernet technology is coming into wider use in the Metropolitan Area Network (MAN) and
Wide Area Network (WAN). The demands of customers and carriers also drive the rapid
development of the Metro Ethernet.
l Flexible bandwidth
l Low-cost and simple technology
l Wide application
l Powerful support on multicast
l High scalability and security
Generally, in the VPLS convergence solution, an UPE is connected to two NPEs and VPLS
convergence is used to improve reliability. In the actual networking, the S7700 can be used as
the UPE and configured with the management VSI (mVSI).
Hierarchical VPLS (HVPLS) or VPLS connections are set up between different devices on the
Metro Ethernet. The Management Virtual Router Redundancy Protocol (mVRRP) is run
between core devices to determine whether a device is the master or the backup. The pseudo
wires (PWs) and attachment circuit (AC) interfaces between VSIs determine the master and the
backup by tracking the status of the mVRRP virtual router.
When mVRRP performs the switchover, the PW and AC interfaces between VSIs also perform
the switchover. Meanwhile, the VSI clears its own MAC address and learns the MAC address
of the new master device again.
mVPLS
The VSI of the mVPLS is called the mVSI.
The conditions on which the mVSI and service VSI become Up are as follows:
l Service VSI: A service VSI becomes Up when at least two AC interfaces become Up or
one PW and one AC interface become Up.
l mVSI: An mVSI becomes Up when at least one PW or AC interface becomes Up.
The mVSI can be bound to the service VSI. When receiving a gratuitous ARP packet, the mVSI
requests all the bound service VSIs to clear the MAC address entries and to learn the MAC
addresses again.
mVRRP
The only difference between an mVRRP group and a common VRRP group is that the mVRRP
group can be bound to service VRRP groups and can determine the status of a service VRRP
group according to the binding relation.
Although an mVRRP group can be bound to multiple service VRRP groups, the mVRRP group
cannot be bound to any other mVRRP groups as a service VRRP group.
According to different application scenarios, the binding relations related to the mVRRP group
are as follows:
l Binding relation between a service VRRP group and an mVRRP group
l Binding relation between a service interface and an mVRRP group
l Binding relation between a PW and an mVRRP group
As shown in the following networking diagram, an UPE is connected to two NPEs. VRRP runs
between NPEs. The VRRP priority determines whether an NPE is the master or the backup.
When the link related to the master NPE fails or the master NPE fails, the backup NPE changes
its status to master.
I n te rn et
IP/MPLS
core
IP
network
NPE1 NPE2
Metro
ethernet
UPE3 UPE4 network
UPE1 UPE2
DSLAM2
DSLAM1
DSLAM3
Access
network
Multiple mVRRP groups are run between the NPEs. The services are bound to different mVRRP
groups so that they can use different master NPEs. For example, the user of UPE1 uses NPE1
as the master NPE and uses NPE2 as the backup NPE; the user of UPE2 uses NPE2 as the master
NPE and uses NPE1 as the backup NPE.
NOTE
For more information about VRRP, see VRRP and VRRP6 Configuration in the Quidway S7700 Smart
Routing Switch Configuration Guide - Reliability.
As shown in Figure 8-2, mVPLS is run between the UPE and the NPEs; the mVSI is configured
on the UPE and the NPEs; mVRRP runs between NPEs. mVRRP packets are transmitted through
the mPW between the UPE and the NPEs and forwarded by the mVSI. Other service packets
are transmitted through the service PW and exchanged by the service VSI between the UPE and
the NPEs.
Figure 8-2 Binding relation between the mVSI and the service VSI
VSI1 VSI2
NPE1
mVSI
VSI1 VSI2
UPE
S9300 VSI1 VSI2
NPE2
PW for mVSI
PW for normal VSI
The mVRRP packets and other service packets are transmitted through different PWs; therefore,
the packets are separated from each other.
The mVSI and the service VSI are bound on the UPE. When the VRRP group on the NPE
performs master/backup switchover, the following occurs:
1. The mVSI on the UPE receives the gratuitous ARP packet sent from the NPE through the
mPW between the UPE and the NPEs.
2. The mVSI checks whether the received gratuitous ARP packet is the same as the previously
received one. That is, the mVSI checks whether the two packets are received through the
same PW and whether their IP addresses, incoming labels, incoming interfaces, and MAC
addresses are the same.
l If they are the same, it indicates that the mVRRP group between NPEs does not perform
the master/backup switchover.
l If they are the different, it indicates that the mVRRP group between NPEs has performed
the master/backup switchover.
3. The UPE clears the MAC addresses of all the bound service VSIs according to the binding
relation between the mVSI and the service VSI. In addition, the service VSI on the UPE
sends a MAC Withdraw message to all the peers in the local VSI. When receiving the
message, the remote peers clear the MAC addresses on the PW side.
4. After the MAC address of the service VSI is cleared, the UPE broadcasts the received
packet destined for the new master NPE because the packet is an unknow frame. After
receiving the broadcast packets, the new master NPE learns the source MAC address of
the packet for the reverse traffic forwarding.
In addition, different from the service VSI, the mVSI is used to transmit and intercept the
ARP packets; therefore, you cannot shut down the mVSI.
Figure 8-3 Networking diagram for configuring VPLS convergence (UPE directly accesses the
NPE)
mVRRP mVRRP
VRRP VRRP
NPE1 NPE2
VSI
mVSI
UPE
Access
network
PW for mVSI
PW for VSI
Packet of mVRRP
Packet of VRRP
Pre-configuration Tasks
Before configuring basic functions of VPLS convergence (UPE directly accesses the NPEs),
complete the following tasks:
l Setting the LSR ID on the UPE and the NPE, enabling MPLS, and creating an MPLS LDP
session
l Enabling MPLS L2VPN on the UPE and the NPE
l Configuring the mVRRP and the binding relations for the mVRRP on the NPE
l Configuring a service VSI on the UPE
Data Preparation
To configure basic functions of VPLS convergence (UPE directly accesses the NPEs), you need
the following data.
No. Data
Context
To forward the mVRRP packets on the NPEs through the mVSI on the UPE, do as follows.
Procedure
Step 1 Run:
system-view
LDP is configured as the signaling protocol of the PW and the VIS-LDP view is displayed.
Step 4 Run:
vsi-id vsi-id
The VSI peer relation is configured between the UPE and the NPE. The MPLS LSR ID of the
NPE is configured as the peer address.
Step 6 Run:
quit
Step 7 Run:
admin-vsi
----End
Context
Do as follows on the UPE.
Procedure
Step 1 Run:
system-view
Step 2 Run:
vsi vsi-name
Step 3 Run:
track admin-vsi vsi-name
The mVSI can be bound to the service VSI. When receiving a gratuitous ARP packet or BFD
Down packets, the mVSI requests all the bound service VSIs to clear the MAC address entries
and to learn the MAC addresses again.
NOTE
The control plane requests the forwarding plane to clear the MAC addresses of the service VSIs if the
number of service VSIs bound to the mVSI reaches the threshold. The threshold is determined by the PAF
file and the license file.
l If the number of service VSIs bound to the mVSI does not reach the threshold, the control plane delivers
notification messages one by one to the forwarding plane to clear the MAC addresses of the service
VSIs bound to the mVSI and records the events in the logs.
l If the number of service VSIs bound to the mVSI reaches the threshold, the control plane delivers
notification messages to the forwarding plane to clear the MAC addresses of all the service VSIs and
records the log.
----End
Procedure
l Run the display admin-vsi binding [ admin-vsi vsi-name ] command to view the binding
relations between the mVSI and the service VSIs.
----End
Example
Run the display admin-vsi binding command. If information about the binding relations
between the mVSI and all service VSIs are displayed, it means that the configuration is
successful.
<Quidway> display admin-vsi binding
Admin-vsi Service-vsi
--------------------------------------------
admin-vsi1 biz-vsi1
biz-vsi2
Applicable Environment
In the VPLS convergence MAN solution, you can establish multiple service VSI PWs and bind
them to an mVSI PW. In this manner, if a BFD session is bound to the mVSI PW, you can
monitor the service VSI only by monitoring the status of the mVSI PW.
Pre-configuration Task
Before configuring BFD for VSI PW, complete the following task:
l Establishing an mVSI PW correctly
NOTE
BFD for the VSI PW uses the default multicast IP address as the peer IP address, and this BFD session
must be established on the mVSI PW because only the mVSI PW can process multicast BFD packets.
Data Preparation
To configure BFD for VSI PW, you need the following data.
No. Data
2 BFD name
Context
Do as follows on routers at both ends of the link to be detected:
Procedure
Step 1 Run:
system-view
Step 2 Run:
bfd
----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
bfd for vsi-pw enable
The sending of BFD for VSI-PW packets to the protocol stack is enabled.
----End
Context
Do as follows on routers at both ends of the VSI PW to be detected:
Procedure
Step 1 Run:
system-view
Step 2 Run:
bfd cfg-name bind peer-ip default-ip vsi vsi-name peer peer-address [ vc-id vc-id ]
NOTE
A default multicast IP address is required for BFD for VSI PW, that is, a Layer 2 tunnel.
Step 4 Run:
commit
----End
Prerequisite
The configurations of the BFD for VSI PW function are complete.
Procedure
l Run the display bfd configuration { { all | static } for-vsi-pw | vsi-pw vsi vsi-name
peer peer-address [ vc-id vc-id ] } [ verbose ] command to check BFD configuration on
BFD for VSI PW.
l Run the display bfd session { all | static } for-vsi-pw [ verbose ] command to check BFD
configuration on BFD for VSI PW.
l Run the display bfd statistics session{ all | static } for-vsi-pw command to check BFD
statistics on BFD for VSI PW.
----End
Example
# Display the statistics of the BFD session.
<Quidway> display bfd configuration all for-vsi-pw verbose
BFD Session Configuration Name : to_a
Local Discriminator : 11 Remote Discriminator : 22
BFD Bind Type : VSI PW
Bind Session Type : Static
Bind Peer Ip Address : 224.0.0.184
Bind Interface : Ethernet6/0/0
Vsi Name : hello
Vsi Pw Peer Ip Address : 3.3.3.3
Vc Id : 200
TOS-EXP : 6 Local Detect Multi : 3
Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000
WTR Interval (ms) : -- Process PST : Disable
Proc interface status : Disable
Local Demand Mode : Disable
Bind Application : VSI PW
Session Description : --
---------------------------------------------------------------------
Total Commit/Uncommit CFG Number : 1/0
You can see that a BFD session named to_a is established, and the binding type is VSI PW.
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging
all command to disable it immediately.
When a fault occurs in software-based VPLS forwarding, run the following debugging command
in the user view to locate the fault.
For the procedure for enabling the debugging, refer to the chapter "Information Center" in the
Configuration Guide - System Management. For the description of the debugging commands,
refer to the Quidway S7700 Smart Routing Switch Debugging Reference.
Procedure
l Run the debugging mpls l2vpn vpls-forward { error-message | mac-event | vpls-
event } command in the user view to enable the debugging of software-based VPLS
forwarding and view the debugging information.
----End
GE1/0/1 GE1/0/1
10.1.1.2/24 10.1.2.2/24
LAN Switch
GE1/0/1
VLAN101
PC1
192.168.2.3/24
Gateway:192.168.2.254
PW for mVRRP
PW for normal VRRP
Device Interface Name VLANIF interface IP Address
Name
UPE Loopback1 - 1.1.1.1/32
UPE GE1/0/0 - -
UPE GE1/0/1 VLANIF 100 10.1.1.1/24
UPE GE1/0/2 VLANIF 200 10.1.2.1/24
NPE1 Loopback1 - 2.2.2.2/32
NPE2 Loopback1 - 3.3.3.3/32
Configuration Roadmap
NOTE
In the networking diagram, the UPE refers to the S7700. Only the configurations on the S7700 are provided
here.
l Configure the routing protocol on the UPE so that reachable routes are created between
the UPE and the NPEs.
l Configure the basic MPLS functions on the UPE.
l Configure MPLS LDP on the UPE.
2. Configure the VPLS.
l Configure the mVSI and service VSI on the UPE.
– The mVSI transmits the mVRRP packets and peer BFD packets between the NPEs.
– The service VSIs exchange service packets between the NPE and users.
l Bind the service VSI to the mVSI on the UPE.
When the switchover occurs between the NPEs, the mVSI on the UPE receives a
gratuitous ARP packet. The UPE clears the MAC addresses of all the bound service
VSIs according to the binding relation between the mVSI and the service VSIs.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure routes.
After the configuration, reachable routes are available between the UPE and NPEs.
In this example, the MPLS TE tunnel is used between the UPE and the NPEs.
After the configuration, LDP sessions are established between the UPE and NPEs. Run the
display mpls ldp session command, and you can see that the status of the LDP sessions is
Operational.
Take the display on the UPE and NPE1 as an example:
[UPE] display mpls ldp session
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:00:00 4/4
3.3.3.3:0 Operational DU Passive 0000:00:00 2/2
------------------------------------------------------------------------------
TOTAL: 2 session(s) Found.
After the configuration, run the display ip interface brief command, and you can see that
the protocol status of the created tunnel interface is Up.
5. Configure the tunnel policy.
# Configure the UPE.
[UPE] tunnel-policy policy1
[UPE-tunnel-policy-policy1] tunnel select-seq cr-lsp load-balance-number 1
[UPE-tunnel-policy-policy1] quit
After the configuration, run the display vsi command on the UPE, and you can see that the
VSI status is Up.
Take the display on the UPE as an example:
[UPE] display vsi name admin-vsi1 verbose
VSI ID : 10
2. Configure the service VSI and bind the service interface to the service VSI.
NOTE
The common HVPLS needs to be configured between the UPE and NPEs.
# Configure the UPE.
[UPE] vsi biz-vsi1 static
[UPE-vsi-biz-vsi1] pwsignal ldp
[UPE-vsi-biz-vsi1-ldp] vsi-id 101
[UPE-vsi-biz-vsi1-ldp] peer 2.2.2.2
[UPE-vsi-biz-vsi1-ldp] peer 3.3.3.3
[UPE-vsi-biz-vsi1-ldp] quit
[UPE-vsi-biz-vsi1] quit
[UPE] interface gigabitethernet 1/0/0.1
[UPE-GigabitEthernet1/0/0.1] control-vid 11 dot1q-termination
[UPE-GigabitEthernet1/0/0.1] dot1q termination vid 101
[UPE-GigabitEthernet1/0/0.1] l2 binding vsi biz-vsi1
[UPE-GigabitEthernet1/0/0.1] quit
After the configuration, run the display vsi command on the UPE, and you can see that the
VSI status is Up.
Take the display on the UPE as an example:
[UPE] display vsi
Total VSI number is 2, 2 is up, 0 is down, 2 is LDP mode, 0 is BGP mode
----End
Configuration Files
l Configuration file of the UPE
#
sysname UPE
#
vlan batch 100 200
#
bfd
#
mpls lsr-id 1.1.1.1
mpls
mpls te
mpls rsvp-te
#
mpls l2vpn
#
vsi admin-vsi1 static
pwsignal ldp
vsi-id 10
admin-vsi
#
vsi biz-vsi1 static
pwsignal ldp
vsi-id 101
peer 2.2.2.2
peer 3.3.3.3
tnl-policy policy1
track admin-vsi admin-vsi1
#
mpls ldp
#
mpls ldp remote-peer 2.2.2.2
remote-ip 2.2.2.2
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0010.0010.0100.1001.00
traffic-eng level-2
#
interface Vlanif 100
ip address 10.1.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif 200
ip address 10.1.2.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface GigabitEthernet1/0/0.1
control-vid 11 dot1q-termination
dot1q termination vid 101
l2 binding vsi biz-vsi1
#
interface GigabitEthernet1/0/1
port link-type-trunk
port trunk allow-pass vlan 10 100
#
interface GigabitEthernet1/0/1.1
control-vid 1 dot1q-termination
dot1q termination vid 10
l2 binding vsi admin-vsi1
#
interface GigabitEthernet1/0/2
port link-type-trunk
port trunk allow-pass vlan 10 200
#
interface GigabitEthernet1/0/2.1
control-vid 2 dot1q-termination
dot1q termination vid 10
l2 binding vsi admin-vsi1
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
interface Tunnel1/0/1
description TO NPE1
ip address unnumbered interface LoopBack1
tunnel-protocol mpls te
destination 2.2.2.2
mpls te tunnel-id 1
mpls te commit
#
interface Tunnel1/0/2
description TO NPE2
ip address unnumbered interface LoopBack1
tunnel-protocol mpls te
destination 3.3.3.3
mpls te tunnel-id 2
mpls te commit
#
tunnel-policy policy1
tunnel select-seq cr-lsp load-balance-number 1
#
return