Professional Documents
Culture Documents
Switches
Configuration Guide - VPN 7 VPLS Configuration
7 VPLS Configuration
7.1 Overview
7.2 Principles
7.3 Applications
7.4 Licensing Requirements and Limitations for VPLS
7.5 Default Configuration
7.6 Configuring Martini VPLS
7.7 Configuring Kompella VPLS
7.8 Configuring BGP AD VPLS
7.9 Configuring Interworking Between LDP VPLS and BGP AD VPLS
7.10 Configuring LDP HVPLS
7.11 Configuring Static VLLs to Access a VPLS Network
7.12 Configuring CE Dual-Homed Kompella VPLS
7.13 Configuring Inter-AS Martini VPLS in OptionA Mode
When VPLS is deployed in a large area, PEs may belong to different ASs. In this
case, PWs cannot be established between PEs through LDP. To solve the problem
in a normal network, configure inter-AS Martini VPLS.
7.14 Configuring Inter-AS Kompella VPLS in OptionA Mode
7.15 Configuring VPLS PW Redundancy
7.16 Setting Related Parameters for a VSI
7.17 Maintaining VPLS
Maintaining VPLS includes collecting statistics on traffic on a VPLS PW, clearing
the traffic statistics, checking traffic statistics on a VPLS PW, clearing the VPLS PW
traffic statistics, enabling or disabling VSI, clearing MAC address entries, checking
the consistency of VPN configurations, checking MAC address learning, and
checking connectivity of the VPLS network, disabling MPLS L2VPN alarm
verification.
7.18 Configuration Examples
7.19 Common Configuration Errors
7.1 Overview
Definition
As an MPLS-based point-to-multipoint (P2MP) Layer 2 Virtual Private Network
(L2VPN) service provided over a public network, the virtual private LAN service
(VPLS) ensures that geographically isolated user sites can communicate over
metropolitan area networks (MANs) and wide area networks (WANs) as if they
were on the same local area network (LAN). VPLS is also called the transparent
LAN service (TLS).
Figure 7-1 shows a typical VPLS scenario. Users located in different geographical
regions communicate with each other over different provider edge (PE) devices.
An MPLS network is a Layer 2 switched network that allows users to communicate
with each other similarly to communication over a LAN.
VPN1 VPN1
site1 site3
CE1 CE3
PE1 PE2
MPLS Backbone
VPN2 VPN2
site2 CE2 PE3 CE4 site4
CE5
VPN1
site5
Purpose
With increased use of applications such as VoIP, instant messaging, and
teleconferencing, VPLS becomes increasingly important for enterprises setting up
branches in different regions. This imposes high requirements for end-to-end
(E2E) datacom technologies. P2MP services are necessary for data
communications.
Other commonly used technologies, such as asynchronous transfer mode (ATM)
and frame relay (FR) can provide only Layer 2 point-to-point (P2P) connections.
Compared to VPLS, networks using these technologies are costly to construct,
complex to deploy, and slow. The development of Internet Protocol (IP) has led to
MPLS VPN technology that provides VPN services over an IP network and offers
advantages such as easy configuration and flexible bandwidth control. MPLS VPNs
are classified as follows:
● MPLS L2VPNs
These include virtual leased lines (VLLs). Ordinary MPLS L2VPNs can provide
P2P services but not P2MP services over a public network.
● MPLS L3VPNs
These provide P2MP services on the precondition that PEs keep routes
destined for end users. This requires PEs to have high routing performance.
VPLS is a specific MPLS-based Ethernet technology that uses L2VPNs.
● Because it uses Ethernet, VPLS supports P2MP communication.
● VPLS is a Layer 2 label switching technology. From a user perspective, the
entire MPLS IP backbone network is a Layer 2 switching device. PEs do not
need to keep routes destined for end users.
VPLS integrates the advantages of both Ethernet and MPLS to provide a
comprehensive multipoint communication solution. By emulating traditional LAN
functions, VPLS enables users on different LANs to communicate with each other
over MPLS networks as if they were on the same LAN.
Benefits
● VPLS networks can be constructed based on carriers' existing IP networks,
reducing construction costs.
● VPLS networks inherit the high-speed advantage of the Ethernet.
● VPLS networks allow users to communicate over Ethernet links, regardless of
whether these links are on WANs or LANs. This allows services to be rapidly
and flexibly deployed.
● Administrators do not need to configure and maintain routing policies,
reducing operational expenditure.
7.2 Principles
Virtual A virtual switching unit on the switch for each VPLS. Each VSI
switch has an independent MAC address table and a forwarder. A VSI is
instance responsible for terminating PWs.
(VSI)
VPN1
Site3
VPN1
Site5 CE3
CE5
PE3
VPN2
Site4
MPLS CE4
Network
Forwarder PE2
PE1
CE1
AC
VPN1 CE2
Site1 PW
VPN2
Site2 PW Signal
Tunnel
VLAN1 VLAN1
VSI 1 VSI 1
PE1 PE3
VSI 2 VSI 2
CE4 CE6
PE2
CE2 CE5
VLAN1 VLAN2
LDP VPLS
Introduction to LDP VPLS
LDP VPLS (Martini VPLS) statically discovers VPLS members using LDP signaling.
VPLS information is carried in extended TLV fields (type 128 and type 129 FEC
TLVs) of LDP signaling packets. During the establishment of a PW, the label
distribution mode is downstream unsolicited (DU) and the label retention mode is
liberal.
Implementation process
● Figure 7-4 shows the process of establishing a PW using LDP signaling.
VSI VSI
VC1
VC2
PE1 PE2
a. After PE1 is associated with a VSI, and PE2 is configured as a peer of PE1,
PE1 sends a Label Mapping message to PE2 in DU mode if an LDP
session already exists between PE1 and PE2. The Label Mapping message
carries information required to establish a PW, such as the PW ID, VC
label, and interface parameters.
b. After receiving the message, PE2 checks whether it has been associated
with the VSI. If PE2 has been associated with the VSI and the PW
parameters on PE1 and PE2 are the same, PE1 and PE2 belong to the
same VSI. In this case, PE2 establishes a unidirectional VC named VC1
immediately after PE2 receives the Label Mapping message. Meanwhile,
PE2 sends a Label Mapping message to PE1. After receiving the message,
PE1 takes a similar sequence of actions to PE2 to establish VC2.
● Figure 7-5 shows the process of tearing down a PW using LDP signaling.
a. After the peer configuration of PE2 is deleted from PE1, PE1 sends a
Label Withdrawal message to PE2. After receiving the Label Withdrawal
message, PE2 withdraws its local VC label, tears down VC1, and sends a
Label Release message to PE1.
b. After receiving the Label Release message, PE1 withdraws its local VC
label and tears down VC2.
BGP VPLS
Introduction to BGP VPLS
BGP VPLS (Kompella VPLS) dynamically discovers VPLS members using BGP
signaling. BGP VPLS uses MP-BGP packets to transmit VPLS member information.
The MP-REACH and MP-UNREACH attributes carry VPLS label information; the
extended community attributes carry interface parameters, RDs, and VPN targets;
the RDs and VPN targets identify VPN member relationships.
Implementation process
● Figure 7-6 shows the process of establishing a PW using BGP signaling.
VSI VSI
VC1
VC2
PE1 PE2
a. After the peer configuration for PE2 is deleted from PE1, PE1 sends an
Update packet carrying the MP-UNREACH attribute to PE2. After
receiving the packet, PE2 withdraws its local VC label, tears down VC1,
and sends an Update packet carrying the MP-UNREACH attribute to PE1.
b. After receiving the Update packet, PE1 withdraws its local VC label and
tears down VC2.
BGP AD VPLS
Introduction to BGP AD VPLS
BGP AD VPLS, short for Border Gateway Protocol Auto-Discovery Virtual Private
Line Service, is a new technology for automatically deploying VPLS services.
Purpose
As VPLS technology becomes more widely used, VPLS networks grow in size and
complexity. BGP AD VPLS is used to simplify configurations using automatic VPLS
member discovery and automatic PW deployment. This allows services to be
deployed automatically and reduces OPEX.
BGP AD VPLS has the advantages of both LDP and BGP VPLS. BGP AD VPLS-
enabled devices exchange extended BGP Update packets to automatically discover
BGP peers in a VPLS domain. After BGP peer relationships between them are
established, the devices use LDP FEC 129 to negotiate and establish VPLS PWs.
VPLS services are automatically deployed on these PWs.
Related Concepts
FEC 129 Forwarding Equivalence Class New type of FEC used by LDP
129 signaling
Implementation
BGP AD VPLS automatically discovers VPLS BGP peers, simplifying configuration
and saving labels.
BGP AD VPLS-enabled devices exchange extended BGP Update packets carrying
VSI information and automatically discover BGP peers in a VPLS domain. After
BGP peer relationships are established, these devices use LDP FEC 129 to negotiate
and establish VPLS PWs. VPLS services are automatically deployed on these PWs.
1. Automatically Discovering PEs in a VPLS Domain
Automatically discovering PEs in a VPLS domain is the first phase of VPLS
service deployment. BGP is used to automatically discover PEs in a VPLS
domain. Figure 7-8 shows the process of and information used for
automatically discovering PEs in a VPLS domain.
BGP UPDATE
VPLS-ID:65535:100
RD:65535:100
VSI-ID:1.1.1.1
RT:5:5
Next Hop:1.1.1.1
Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32
AS 65535
PE1 PE2
▪ If VPLS IDs of VSIs on both PEs are the same, the two VSIs are in the
same VPLS domain. One and only one PW to be established between
them.
▪ If VPLS IDs of VSIs on two PEs are different, the two VSIs are in
different VPLS domains. A PW cannot be established between them.
2. Automatically Deploying a PW
After a PE discovers remote PEs in a VPLS domain, BGP AD uses LDP FEC 129
to negotiate the creation of PWs. Figure 7-9 shows the negotiation process.
Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32
AS 65535
PE1 PE2
Packet Description
Encapsulati
on Type
VLAN The header of each Ethernet frame sent between CEs and PEs
carries a VLAN tag, known as the provider-tag (P-Tag). This is a
service delimiter identifying users on an ISP network.
CE1
PE1
PE2
CE2
In Figure 7-10, ACs use Ethernet encapsulation and PWs use raw
encapsulation. Packets transmitted from CEs to PEs do not carry U-Tags.
The packet exchange process is as follows:
a. CE1 sends a Layer 2 packet without a U-Tag or P-Tag to PE1.
b. PE1 searches the corresponding VSI for a forwarding entry and selects a
tunnel and a PW to forward the packet based on the found forwarding
entry.
c. PE2 receives the packet from PE1 and decapsulates the packet by
removing the Layer 2 encapsulation header added by PE1 and the inner
VC label of the packet (the outer tunnel label has been popped out at the
penultimate hop).
d. PE2 sends the original Layer 2 packet to CE2.
The process of sending a packet from CE2 to CE1 works similarly.
● VLAN + tagged encapsulation (with U-Tag)
CE1
L2 IP
AC P-TAG U-TAG Data
Header Header
PE1
L2 Tunnel VC L2 IP
PW P-TAG U-TAG Data
Header Label Label Header Header
PE2
L2 IP
AC P-TAG U-TAG Data
Header Header
CE2
In Figure 7-11, ACs use VLAN encapsulation and PWs use tagged
encapsulation. Packets transmitted from CEs to PEs carry U-Tags and P-Tags.
The packet exchange process is as follows:
a. CE1 sends a packet encapsulated at Layer 2 and carrying both a U-Tag
and a P-Tag to PE1.
b. PE1 receives the packet but does not process either tag. PE1 retains the
U-Tag because it treats the U-tag as service data.
c. PE1 retains the P-Tag because a packet sent to a PW with the tagged
packet encapsulation mode must carry a P-Tag.
d. PE1 searches the corresponding VSI for a forwarding entry and selects a
tunnel and a PW to forward the packet based on the forwarding entry
found.
e. PE1 adds double labels (outer tunnel label and inner VC label) to the
packet based on the selected tunnel and PW, performs Layer 2
encapsulation, and forwards the packet to PE2.
f. PE2 receives the packet from PE1 and decapsulates the packet by
removing the Layer 2 encapsulation header added by PE1 and the inner
VC label of the packet (the outer tunnel label has been popped out at the
penultimate hop).
g. PE2 forwards the original Layer 2 packet to CE2. The packet carries the
U-Tag and P-Tag.
The process of sending a packet from CE2 to CE1 works similarly.
NOTE
PE removes P-Tags of VPLS packets when sending VPLS packets through an AC interface if
either of the following is true:
● The link type of the AC interface is trunk, and the VLAN tag of packets is the same as
the PVID of the interface.
● The link type of the AC interface is hybrid, and the VLAN tag of packets is the same as
the untagged VLAN ID or PVID of the interface.
NOTE
At the time of writing, the switch supports MAC address learning only in unqualified mode.
Flooding
Because VPLS is Ethernet based, received packets with unknown unicast addresses,
broadcast addresses, or multicast addresses are flooded out of all other interfaces.
If these packets need to be forwarded in multicast mode, PEs use other methods
such as Internet Group Management Protocol (IGMP) snooping.
Implementation
● User-side packets
After receiving packets from a CE, a PE maps their source MAC addresses to
AC interfaces.
● PW-side packets
– A PW consists of a pair of MPLS Virtual Circuits (VCs) transmitting in
opposite directions.
– A PW will go Up only after the two MPLS VCs are established.
– After a PE receives a packet with an unknown source MAC address from a
PW, the PE maps the source MAC address to the PW receiving the packet.
Figure 7-12 shows the process of MAC address learning and flooding on a PE. PC1
and PC2 both belong to VLAN10. PC1 pings IP address 10.1.1.2. PC1 does not
know the MAC address corresponding to this IP address and advertises an Address
Resolution Protocol (ARP) Request packet.
PW1 PW3
PC3
PC1 MAC: C
PE2
MAC: A IP: 10.1.1.3/24
IP: 10.1.1.1/24 Port2
VLAN: 10 PE2
CE2 VSI MAC Port
VPN1 A PW1
VPN1 B VLAN10, port2
MAC: B
IP: 10.1.1.2/24 PC2 ARP Broadcast
VLAN: 10
ARP Reply
1. PE1 receives the ARP Broadcast packet sent by PC1 from Port1 connected to
CE1, PE1 adds the MAC address of PC1 to its own MAC address table, as
shown in the blue section of the MAC entry.
2. PE1 floods the ARP Broadcast packet (the blue dashed line on PE1) to other
interfaces. PW1 and PW2 are regarded as interfaces in this case.
3. After receiving the ARP Broadcast packet from PW1, PE2 adds the MAC
address of PC1 to its own MAC address table, as shown in the blue section of
the MAC entry.
4. Based on split horizon, PE2 sends the ARP Broadcast packet to only the
interface connecting to CE2 (as indicated by the blue dashed line), but not to
PW1. This ensures that only PC2 receives the ARP Broadcast packet. VPLS split
horizon ensures that packets received from public network PWs are forwarded
to only private networks, not to other public network PWs.
5. After PC2 receives the ARP Broadcast packet and finds that the destination
address matches its own, PC2 sends an ARP Reply packet to PC1 (as indicated
by the orange dashed line).
6. After receiving the ARP Reply packet from PC2, PE2 adds the MAC address of
PC2 to its own MAC address table, as indicated by the orange section of the
MAC entry. After searching its MAC address table, PE2 sends the ARP Reply
packet to PE1 over PW1.
7. After receiving the ARP Reply packet from PE2, PE1 adds the MAC address of
PC2 to its own MAC address table, as shown in the orange section of the MAC
entry. PE1 searches its MAC address table, and sends the ARP Reply packet to
PC1 through Port1.
8. After receiving the ARP Reply packet from PC2, PC1 has learned the MAC
address.
9. While advertising the ARP Broadcast packet to PW1, PE1 also advertises the
ARP Broadcast packet to PE3 over PW2. After receiving the ARP Broadcast
packet, PE3 adds the MAC address of PC1 to its MAC address table, as shown
in the blue section of the MAC entry. Based on split horizon, PE3 sends the
ARP Broadcast packet to only PC3. Because PC3 is not the destination of the
ARP Broadcast packet, PC3 does not send any ARP Reply packet.
● PEs in a VSI must be fully meshed. This means that each PE must create a
tree to every other PE in the VSI.
● All PEs must support split horizon to avoid loops. Split horizon requires that
packets sent on a PW in a VSI should not be forwarded over other PWs in the
VSI. Any two PEs in a VSI must communicate directly over a single PW,
without data being forwarded through an intermediary device. This is why
full-mesh PWs are required between PEs in a VSI.
The full-mesh PEs and split horizon ensure route reachability and prevent loops on
VPLS networks. If a CE is connected to multiple PEs, or multiple CEs on the same
VPLS VPN are interconnected, VPLS cannot guarantee loop prevention. In this
situation, other methods must be used to prevent loops.
STP can run on an L2VPN private network. All STP Bridge Protocol Data Units
(BPDUs) are transparently transmitted over the ISP network.
7.2.6 HVPLS
Hierarchical Virtual Private LAN Service (HVPLS) is a technology for hierarchizing
the VPLS network.
Background of HVPLS
In VPLS using BGP or LDP signaling, the basic mechanism for preventing loops is
to set up a full mesh of all sites. LDP sets up fully-meshed LDP sessions among all
sites, and BGP sets up fully-meshed BGP sessions among all sites. During packet
forwarding, the split horizon scheme is used. Packets from a PW are therefore not
forwarded to other PWs. If a VPLS network has N PEs, it has N x (N - 1)/2
connections. When the number of PEs increases, the number of VPLS connections
increases by N2. For example, if the number of sites is 100, the number of LDP
sessions between sites is 4950.
HVPLS can solve the problem of excessive connections and improve network
scalability. HVPLS was introduced in draft-ietf-l2vpn_vpls_ldp. HVPLS hierarchizes
the network into different levels. Networks at each level are fully meshed. Devices
of different levels are connected through PWs and forward packets to each other.
If HVPLS is used, devices do not need to comply with the split horizon scheme.
HVPLS Model
Figure 7-13 shows the basic HVPLS model.
MPLS Core
SPE1 Network
SPE4
MPLS Edge MPLS Edge
Network SPE2 SPE3 Network
UPE1 UPE2
CE1
CE4
VPN1 VPN2
Site1 CE2 CE3 Site4
VPN2 VPN1
Site2 Site3
In the basic HVPLS model, PEs can be classified into the following types:
● Underlayer provider edge (UPE)
A UPE is a customer convergence device directly connected to a CE. Each UPE
needs to be connected to only one PE in a fully-meshed VPLS network. UPEs
support routing and MPLS encapsulation. If a UPE is connected to multiple
CEs and can provide the basic bridging function, frame forwarding is
performed only on the UPE. This reduces the burden on the SPE.
● Superstratum PE (SPE)
An SPE is a device that is connected to a UPE and is located in the core of a
fully-meshed VPLS network. The SPE is connected to all devices in a fully-
meshed VPLS network.
From the perspective of an SPE, UPEs function like CEs. In data forwarding, the
SPE uses the PW established between itself and a UPE as an AC. The UPE adds
double MPLS labels to packets sent by CEs. The outer layer is an LSP label that is
switched when a packet passes through devices on the access network. The inner
label is a VC label that identifies a VC. After receiving double-tagged packets, the
SPE directly removes the outer label, which is a statically configured public
network label. The SPE determines which VSI the SVC accesses based on the inner
label.
VPN1 VPN1
SPE1 SPE3
VSI 1 VSI 1
UPE1 UPE3
VSI 2 VSI 2
CE4 CE6
LSP Tunnel
UPE2
CE2 CE5
VPN1 VPN2
8. After receiving the packet from the S-PW side, SPE2 determines the VSI that
the packet belongs to based on the MPLS inner label, and finds that the
packet belongs to VSI 1. SPE2 strips the MPLS inner label added to the packet
by SPE1.
9. SPE2 adds double MPLS labels to this packet. The outer label identifies the
LSP tunnel between SPE2 and UPE2; the inner label identifies the VC between
UPE2 and SPE2. SPE2 then forwards the packet.
10. The LSR between SPE1 and UPE2 transmits the packet and switches labels of
the packet. The outer label is stripped at the penultimate hop.
11. After receiving the packet, UPE2 strips the MPLS inner label added to the
packet by UPE2. UPE2 examines the entry of the VSI based on the destination
MAC address of the packet. UPE2 finds that the packet is to be sent to CE2
and forwards the packet accordingly.
As shown in Figure 7-14, CE1 and CE4 access the same PE. The UPE directly
forwards the packet between CE1 and CE4 without sending the packet to SPE1,
because the UPE functions as a bridge. However, if CE1 sends a broadcast packet
or a packet with unknown destination MAC address, UPE1 broadcasts the packet
to CE4 and forwards the packet to SPE1 through the U-PW. SPE1 copies the packet
and forwards it to each peer CE.
MAC address table). SPE3 preserves the MAC address entry because the link
switchover of the peer is unknown.
The packet from CE3 cannot be forwarded to CE1 based on the original entry in
the MAC address table. When performing the switchover between the master PW
and backup PW, UPE therefore needs to withdraw the related MAC address. The
MAC address can be withdrawn by sending an LDP MAC Withdraw message.
If multiple MAC addresses need to be withdrawn, you can directly send a MAC
Withdraw message with the MAC address list as null. This clears all MAC
addresses on the VPN except the entry of the link that sends the MAC Withdraw
message.
Figure 7-15 Updating MAC addresses after a switchover between the primary and
secondary PWs
MAC SPE1
0001-1111-abcd VSI MAC Port
VPN1 0001-1111-abcd PW4
CE1 SPE3
VSI MAC Port
SPE1 VPN1 0001-1111-abcd PW1
PW4 PW1
UPE2 CE3
PW5
UPE1 PW2
PW4 PW3
SPE3
(Backup)
SPE2
The procedure for sending and processing the MAC Withdraw message is as
follows:
1. UPE1 sends a MAC Withdraw message (shown by the dashed blue line) to
SPE2.
2. SPE2 processes the MAC Withdraw message and learns the MAC address of
the backup route for PW4. The MAC address is 0001-1111-abcd.
3. SPE2 sends the MAC Withdraw message to the peers SPE1 and SPE3. SPE1
and SPE3 process the MAC Withdraw message and learn the MAC address
0001-1111-abcd.
When using inter-AS VPLS, you do not need to consider the learning or forwarding
functions of VSIs. Only establishment of PWs between PEs is important. Inter-AS
VPLS therefore has the same principle and implementation methods as those of
inter-AS L2VPN.
VLAN10 VLAN10
CE1 CE2
VLAN10 VLAN10
CE1 CE2
Background
To protect against failures and improve reliability, a redundant provider edge (PE)
is often deployed for a service. If a redundant PE is provided for a virtual private
wire service (VPWS) or virtual private LAN service (VPLS), two pseudo wires (PWs)
are deployed for PW protection. This mechanism is called PW redundancy.
Related Concepts
In Figure 7-18, VPLS PW redundancy protects service traffic transmission between
customer edge 1 (CE1) and CE2 on the VPLS network.
Currently, VPLS PW redundancy can work in Master/Slave mode, specified on PE1.
PE1 determines whether a local PW is in the primary or secondary state based on
preset forwarding priority.
PEs on the two ends of a PW protection group must negotiate the PW states to
ensure that they select the same PW to transmit packets.
● Primary/Secondary: defines the PW forwarding priority. The PW forwarding
priorities can be configured, and a smaller value indicates a higher priority. A
PW with the highest priority is the primary PW.
NOTE
PW forwarding priorities take effect only when PE1 uses PW redundancy in Master/
Slave mode. In Master/Slave mode, PE1 instructs PE2 and PE5 to change the
forwarding status of PWs to be the same as those of PWs on PE1. In Independent
mode, the master and backup status of PE2 and PE5 determines forwarding priority of
local PWs.
● Active/Standby: defines the PW forwarding status and cannot be configured.
Only active PWs are used for forwarding traffic. Standby PWs can only receive
traffic.
NOTE
Active/Inactive and Primary/Backup are terms used by Huawei that have the same
meaning with Active/Standby defined in draft-ietf-pwe3-redundancy-bit-04. They all
indicate the PW forwarding status.
Implementation
To ensure the same forwarding capability, two PEs must select the same PW to
forward service data when the PW redundancy protection mechanism is used. In
addition, only one PW in a PW protection group can be in the working status. To
implement these functions, a signaling protocol is required.
RFC specifies the PW Status TLV to transmit the PW forwarding status. The PW
Status TLV is transported to the remote PW peer using a Label Mapping or
Notification message. The PW Status TLV is a 32-bit status code field. Each bit in
the status code field can be set individually to indicate a PW forwarding status.
PW redundancy introduces a new PW status code 0x00000020, which indicates
"PW forwarding standby".
Forwarding priorities (Primary or Secondary) must be configured for PWs that
back up each other. The highest priority PW will be selected as the primary PW to
forward traffic. The remaining PWs will be in the Secondary state to protect the
primary PW.
NOTE
PE2 and PE5 don't support to determine their PW forwarding states based on the
received PW primary and secondary states.
● In Independent mode, PE1 determines local PW forwarding states based on
the forwarding states learned from PE2 and PE5; PE2 and PE5 determine their
PW primary and secondary states based on signaling, which can be enhanced
trunk (E-Trunk), enhanced automatic protection switching (E-APS), or Virtual
Router Redundancy Protocol (VRRP), and notify PE1 of the forwarding states.
In both Master/Slave and Independent modes, if a primary PW is faulty, it
becomes Inactive and its secondary PW becomes Active. PW-side faults do not
affect the AC status. If AC-side faults occur (for example, a PE or an AC link is
faulty), the PW primary and secondary states in Independent mode will change
because the states are determined by the master and backup states of the dual-
homing devices; the PW primary and secondary states in Master/Slave mode will
not change because they are determined by the PW.
NOTE
VPLS PW redundancy is similar to VPWS PW redundancy, with the exception that a virtual
switch instance (VSI) has multiple PWs to different PEs. These PWs form various PW
groups. PW switching in one group does not affect other PW groups.
PE5
PE3
PE4
PE6
CE3
CE4 Primary PW
Secondary PW
Derivative Function
In addition to protection against network faults in real time, VPLS PW redundancy
allows users to manually switch traffic between PWs in a group during network
operation and maintenance. For example, if a device providing a primary PW
needs to be maintained, a user can switch traffic to the secondary PW and switch
it back to the primary PW after the maintenance.
NOTE
The interval between a switchover and a revertive switchover must be at least 15s.
Usage Scenarios
VPLS PW redundancy can be used on hierarchical virtual private LAN service
(HVPLS) networks as well as VPLS and virtual leased line (VLL) interconnected
networks. These two types of networks can bear any services. However, service
deployment suggestions in the two networking modes are as follows:
● HVPLS networks are suitable for bearing multicast services, such as Internet
Protocol television (IPTV) services, because HVPLS networks can save VPLS
core network bandwidth.
● VPLS and VLL interconnected networks are suitable for bearing unicast
services, such as high-speed internet (HSI) and voice over IP (VoIP) services,
because PEs on a VLL do not need to learn user MAC addresses.
VPLS PW redundancy can also be used to improve reliability of existing networks.
On the VPLS network in Figure 7-18, CE1 communicates with CE2, CE3, and CE4
through PWs established between VSIs on PE1 and PE2, PE3, and PE4.
As services develop, services between CE1 and CE2, and between CE1 and CE3
require high reliability. Services between CE1 and CE4 do not require high
reliability.
To meet the reliability requirements, PE5 and PE6 are deployed on the VPLS
network to provide VPLS PW redundancy protection for PE2 and PE3. In addition,
multiple PW groups to peer PEs are configured in one VSI on PE1. Links between
CE1 and CE4 remain unchanged.
VPLS PW redundancy protects services against failures on the network, ACs, or PEs
without affecting existing services, improving network reliability.
NOTE
VPLS PW redundancy can be provided for the desired services without affecting services on
other PWs, which reduces costs and maximizes profits.
Introduction
VPLS convergence is a solution for transmitting data from the convergence layer
to the access layer in a Metro Ethernet network. VPLS convergence involves dual
homing an underlayer provider edge (UPE) to superstratum provider edges (SPEs),
ensuring high reliability.
If VPLS convergence is used, the switch can be used as a UPE and have an mVSI
configured.
Benefits
VPLS convergence has many advantages, including low cost, wide applications,
good compatibility with multicast, easy expansion, and high security.
mVPLS
mVPLS refers to management VPLS. VSIs using mVPLS are called mVSIs.
The conditions for entering the Up state for mVSIs are mostly the same as those
for normal VSIs (service VSIs). The difference is as follows:
The mVSI can be bound with the service VSI. Once bound, if the mVSI receives
gratuitous ARP packets, it instructs all the bound service VSIs to clear the MAC
address entries and relearn the MAC address.
mVRRP
mVRRP refers to management VRRP. An mVRRP backup group is a type of VRRP
backup group. An mVRRP backup group can be bound to service VRRP backup
groups. Once bound, the mVRRP backup group determines the status of service
VRRP backup groups according to the binding relationship.
An mVRRP backup group can be bound to multiple service VRRP backup groups
but cannot be bound to other mVRRP backup groups.
mVSI
VSI 1 VSI 2
UPE
VSI 1
SPE2
VSI 2
PW for mVSI
PW for normal VSI
mVRRP packets and other service packets are transmitted through different PWs,
so that they are separated from each other. To enable the fast switchover of
mVRRP backup group between the SPEs, you need to configure peer BFD between
SPEs. Peer BFD packets are also transmitted through the mPW and exchanged by
the mVSI.
The mVSI and the service VSI are bound on the UPE. When the VRRP backup
group on the SPE performs master/backup switchover, the following occurs:
1. The mVSI on the UPE receives the gratuitous ARP packet sent from the SPE
through the mPW between the UPE and the SPEs.
2. The mVSI checks whether the received gratuitous ARP packet is the same as
the one previously received. To do this, the mVSI checks whether both packets
are received through the same PW and whether their IP addresses, incoming
labels, incoming interfaces, and MAC addresses are the same.
– If they are the same, the mVRRP backup group between SPEs has not
performed a master/backup switchover.
– If they are the different, the mVRRP backup group between SPEs has
performed a master/backup switchover.
3. The UPE clears the MAC addresses of all bound service VSIs according to the
binding of the mVSI and the service VSI. The service VSI on the UPE sends
mac-withdraw messages to all peer devices of the VSI. After receiving mac-
withdraw messages, the remote peers clear the MAC addresses on the PW
side.
4. When the service VSI receives a packet destined for the new SPE after the
MAC address of the original master SPE is cleared, the service VSI broadcasts
the packet. It does so because the packet is encapsulated in an unknown
frame. After receiving the packet, the master SPE learns the source MAC
address of the packet for reverse traffic forwarding.
Unlike service VSIs, the mVSI is used to transmit and intercept the ARP and
BFD packets. Users are therefore not allowed to shut down the mVSI.
Figure 7-20 Determining the master and backup using the mVRRP backup group
in dual-homing mode
VSI 1
SPE1
VSI 1
mVRRP
UPE
VSI 1
SPE2
PW for VSI
In different application scenarios, the bindings of mVRRP fall into the following
types:
● Binding of the service backup group and the mVRRP backup group
After the service backup group is bound to the mVRRP backup group, the
state machine of the service backup group becomes dependent. The service
backup group deletes the protocol timer, no longer sends or receives protocol
packets, and implements its state machine by directly copying the status of
the mVRRP backup group. The service backup group can be bound to only
one mVRRP backup group. The mVRRP backup group is identified by the
backup group ID (VRID) and the interface configured with the backup group.
● Binding of the service interface (also regarded as the member interface) and
the mVRRP backup group
In Figure 7-20, if the UPE is dual-homed to the SPEs through two physical
links, you can bind the service interface and the mVRRP backup group to
determine whether a service interface is the master or the backup.
– When the status of the mVRRP backup group bound to the service
interface changes to Master, the mVRRP backup group notifies all the
bound service interfaces of the change.
If L3 services are run on the interface, the status of the interface is set to
Up and the network segment route is generated. The forwarding plane
enables the bidirectional traffic forwarding according to the interface
status. If L2 services are run on the interface, the status of the interface is
directly set to Up, and the forwarding plane enables the bidirectional
traffic forwarding.
– When the status of the mVRRP backup group bound with the service
interface changes to Initialize or Backup, the mVRRP backup group
notifies the change to all the bound service interfaces.
If L3 services are run on the interface, the status of the interface is set to
Down and the network segment route is deleted. The forwarding plane
disables the bidirectional traffic forwarding. If L2 services are run on the
MPLS Core
Network
SPE1 SPE2
MPLS Edge
UPE1 UPE2
Network
CE1 CE4
VPN1 VPN2
CE2 CE3
Site1 Site4
VPN2 VPN1
Site2 Site3
Multiple mVRRP backup groups are run between the SPEs. The services choose
different SPEs as the master SPE through bindings with different mVRRP backup
groups. For example, a user of UPE1 uses SPE1 as the master SPE and uses SPE2
as the backup SPE. A user of UPE2 uses SPE2 as the master SPE and uses SPE1 as
the backup SPE.
Influencing the State Machine of a VRRP Virtual Router Using Link BFD and
Peer BFD
In Figure 7-22, VRRP is run between the SPE1 and SPE2. BFD running between the
two SPEs is called peer BFD. BFD running between the UPE and the SPEs is called
link BFD. Peer BFD is used to detect faults with devices and links between SPEs.
Link BFD is used to detect faults with devices and links between the UPE and the
SPEs.
SPE1
Link BFD
Peer BFD
UPE
The status of peer BFD and link BFD sessions and the status of the normal BFD for
VRRP session have different impacts on the VRRP backup group: The status of the
peer BFD session and the link BFD session directly affects the status of the VRRP
backup group. The status of the ordinary BFD for VRRP session indirectly affects
the status of the VRRP backup group by modifying the priority. Modifying priority,
however, does not necessarily change the status of the VRRP backup group.
mVRRP can implement master/backup switchover more rapidly and locate faults
by tracking peer BFD status and link BFD status.
Implementation
To enable an LDP VPLS network to communicate with a BGP AD VPLS network,
edge nodes between the two networks must support both LDP VPLS and BGP AD
VPLS. In Figure 7-23, PE1 supports LDP VPLS, PE3 supports BGP AD VPLS, and PE2
and PE4 support both LDP VPLS and BGP AD VPLS. PE1, PE2, and PE4 form an LDP
VPLS network, and PE3, PE2, and PE4 form a BGP AD VPLS network. On PE2 and
PE4, the signaling negotiation for LDP VPLS is independent of that for BGP AD
VPLS. For the establishment and maintenance of an LDP VPLS PW, see LDP VPLS.
For details about member discovery and PW establishment, see BGP AD VPLS.
After PWs are established, PEs can exchange data packets over these PWs. Data
packet encapsulation on an LDP VPLS network is similar to that on a BGP AD
VPLS network. For details, see 7.2.3 Packet Encapsulation.
PE1 PE3
LDP BGP AD
VPLS VPLS
PE4
LDP VPLS PW
BGP AD VPLS PW
MP-BGP Sessions
PE1
2 CE1
2
1
PE4
1
PE3
2
2
PE2
LDP BGP-AD
VPLS VPLS
1. PE1 sends a MAC Withdraw message carrying the FEC 128 TLV field to PE4
after PE1 detects the status change of its AC interface. PE3 sends a MAC
Withdraw message carrying the FEC 129 TLV field to PE2 after detecting the
AC status change.
2. After PE2 receives the MAC Withdraw message sent from PE3, PE2 removes
the MAC entries in its VSI based on the MAC Withdraw message. PE2 then
converts the message to a MAC Withdraw message carrying the FEC 128 TLV
field, and forwards the new MAC Withdraw message to PE4.
3. After PE4 receives the MAC Withdraw messages sent from PE1 and PE2, PE4
removes the MAC addresses in its VSI based on the messages.
4. When the AC from CE1 to PE1 recovers, PE1 sends a MAC Withdraw message
carrying the FEC 128 TLV field to PE4 after detecting the AC status change.
5. PE3 sends a MAC Withdraw message carrying the FEC 129 TLV field to PE2
after detecting the AC status change.
6. After PE2 receives the MAC Withdraw message sent from PE3, PE2 removes
the MAC entries in its VSI based on the MAC Withdraw message. PE2 then
converts the message to a MAC Withdraw message carrying the FEC 128 TLV
field and forwards the new MAC Withdraw message to PE4.
7. After PE4 receives the MAC Withdraw messages sent from PE1 and PE2, PE4
removes the MAC addresses in its VSI based on the messages.
7.3 Applications
Networking Description
Individual services are transmitted to the Internet over the access layer,
convergence layer, and core layer of a MAN. Figure 7-25 shows a typical example
implementation for individual services.
● HSI services access the Internet over the MAN.
● VoIP services request IP addresses from the Dynamic Host Configuration
Protocol (DHCP) server over the MAN.
● BTV multicast members apply for BTV services from multicast sources over
the MAN.
NMS
Internet
MSCG1/ MSCG2/
BRAS1/ IP Core BRAS2/
SR1 SR2
Core layer
PE3
PE4
VPLS
Aggregation layer
PE1 PE2
HG
PW
Backup PW
HSI VOIP BTV
Feature Deployment
VPLS is configured on PEs to transparently transmit traffic between them. Figure
7-25 uses LDP VPLS as an example to show VPLS configuration:
● Access-layer devices
VLANs are configured to differentiate different types of users.
PPPoE over AAL5 (PPPoEoA) and PPP over AAL5 (PPPoA) are configured to
allow access of HSI users through dialup.
Multicast VLAN and IGMP snooping are configured to transmit multicast
services.
● Aggregation-layer devices
Interior Gateway Protocols (IGPs) are configured on PEs so that they can
communicate with each other.
Basic MPLS functions are configured on PEs so that these PEs can establish
remote LDP sessions.
MPLS L2VPN and VSIs are configured on PEs.
A VPLS daisy chain is deployed on PEs to transmit multicast services.
● Core-layer devices
Authentication and accounting features are configured on BRASs so that they
can terminate HSI services.
IGPs are configured on SRs so that they can communicate with each other.
Basic MPLS functions are configured on SRs.
DHCP relay is configured on SRs, allowing VoIP users to obtain IP addresses
from DHCP servers.
Layer 3 multicast features are configured on SRs so that these SRs can
communicate with multicast sources.
Networking Description
In Figure 7-26, Site1, Site2, and Site3 are R&D departments of an enterprise. The
three sites are connected across a metropolitan area network (MAN). The
enterprise needs to transmit Layer 2 service packets between branches using VPLS
technology to allow branches in different locations to communicate with each
other.
Site3
VPN1
CE3
PE3
IP Core
PE1
PE2
CE1 CE2
Site1 Site2
VPN1 VPN1
Feature Deployment
VPLS is configured on PEs to transparently transmit traffic between them. From an
enterprise user perspective, the public network is similar to a single Layer 2 switch.
Figure 7-26 uses LDP VPLS as an example to show VPLS configuration:
● Access-layer devices
VLANs are configured to differentiate different types of enterprise users.
● Convergence-layer devices
An IGP is configured on PEs so that they can communicate with each other.
Basic MPLS functions are configured on PEs so that they can establish remote
LDP sessions.
MPLS L2VPN and VSIs are configured on PEs. Dual-homing is used on the
VPLS network to protect traffic.
Limit on the number of learned MAC addresses and traffic suppression are
configured on PEs to protect data.
License Requirements
VPLS is a basic feature of a switch and is not under license control.
Version Requirements
NOTE
To know details about software mappings, see Hardware Query Tool.
Feature Limitations
● Do not add the PW to VLAN 1. If the PW is added to VLAN 1, the AC joins
VLAN 1 in untagged mode and VLAN tags of packets are removed.
● If an interface is used as a VPLS AC-side interface and a multicast inbound
interface at the same time, multicast data cannot be forwarded normally on
this interface. (S5720HI does not have this restriction.)
● After receiving Layer 2 protocol packets such as STP, VBST, SMLK, LBT/LBDT,
LACP, 3AH, 1AG, Y.1731, HGMP, LLDP, DLDP, GVRP, HVRP, DAD, LNP, VCMP,
and BFD packets from an AC interface, a PE device determines whether it
needs to process the packets. If not (for example, Layer 2 protocols are
Configuration Process
To configure Martini VPLS, perform the following configurations on PEs at both
ends of a PW.
Context
When using LDP as the PW signaling, you must configure the VSI ID for a VSI. VSI
IDs differentiate VSIs, and you can use these VSI IDs during PW signaling
negotiation.
On a PW in LDP mode between two PEs with a Huawei device functioning as one
PE and a non-Huawei device functioning as the other, if the non-Huawei device
does not have the capability of processing L2VPN label requests, the mpls l2vpn
no-request-message command needs to be run on the Huawei device to allow
communication between the two devices. This command cannot be used in other
cases.
Do as follows on the PEs of the two ends of the PW:
Procedure
Step 1 Run:
system-view
The PW signaling protocol is specified as LDP and the VSI-LDP view is displayed.
By default, no signaling mode is configured for a VSI.
Step 4 Run:
vsi-id vsi-id
NOTE
The two ends of the VSI must agree on the same VSI ID.
The VSI exists only on the PE. One PE can have multiple VSIs. One VPLS on a PE
has only one VSI.
Step 5 Run:
peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ] [ upe ]
By default, no PW is created.
NOTE
If you have created a PW, you can run the command pw pw-name to enter the VSI-LDP-PW
view in the VSI-LDP view.
The device is configured to delete the VCCV byte following the interface
parameter in Mapping packets.
The STP loop detection function of PW is disabled, that is, the PW that cannot be
blocked by STP.
When the QinQ sub-interface or dot1q sub-interface is bound to the VSI, the
VPLS encapsulation type cannot be set to ethernet.
----End
Context
Based on the type of link between a PE and a CE, a VSI is bound to an AC
interface on the PE in one of the following modes:
● Binding the VSI with the GE interface, or XGE interface when the PE and the
CE are connected through the Ethernet interface
● Binding the VSI with the GE sub-interface, 40GE sub-interface or XGE sub-
interface when the PE and the CE are connected through the Ethernet sub-
interface
● Binding the VSI with the VLANIF interface when the PE and the CE are
connected through the VLANIF interface
● Binding the VSI with the Eth-Trunk when the PE and the CE are connected
through the Eth-Trunk interface
● Binding the VSI with the Eth-Trunk sub-interface when the PE and the CE are
connected through the Eth-Trunk sub-interface
The sub-interfaces can be dotlq sub-interfaces, QinQ sub-interfaces, VLAN
mapping sub-interfaces, or VLAN stacking sub-interfaces. For details on how to
access the VPLS through a sub-interface, see Configuring a Dot1q Termination
Sub-interface and Connecting It to an L2VPN and Configuring a QinQ Termination
Sub-interface and Connecting It to an L2VPN in "VLAN Termination Configuration"
in the S1720, S2700, S5700, and S6720 V200R010C00 Configuration Guide -
Ethernet Switching.
When XGE, GE, 40GE, or Eth-Trunk interfaces are used as AC interfaces, the outer
Tags carried in the packets sent from the AC to the PW are U Tags (inserted by
user devices, which are meaningless to the SP) by default.
When VLANIF interfaces are used as AC interfaces, the outer Tags carried in the
packets sent from the AC to the PW are P Tags (inserted by SP devices, which are
used to differentiate user traffic) by default.
NOTE
Procedure
● Bind a VSI to an Ethernet interface.
NOTE
● If the peer PE accepts only packets with VLAN tags, before binding the
Ethernet interface to a VSI, run the mpls l2vpn default vlan command to
configure the default VLAN for the primary interface.
● If the peer PE accepts packets with one more VLAN tag, before binding the
Ethernet interface to a VSI, run the mpls l2vpn vlan-stacking stack-vlan
command to configure the stack VLAN for the primary interface.
● Bind a VSI to an Ethernet sub-interface.
Do as follows on the PEs at both ends of a PW:
a. Run:
system-view
▪ Run:
dot1q termination vid low-pe-vid
▪ Run:
qinq termination pe-vid pe-vid ce-vid ce-vid1 [ to ce-vid2 ]
▪ Run:
qinq mapping vid vlan-id1 [ to vlan-id2 ] map-vlan vid vlan-id3
▪ Run:
qinq mapping pe-vid vlan-id1 ce-vid vlan-id2 [ to vlan-id3 ] map-vlan vid vlan-id4
▪ Run:
qinq stacking vid vlan-id1 [ to vlan-id2 ] pe-vid vlan-id3
NOTE
● The VLANIF interfaces of the VLAN before VLAN mapping and VLAN before
VLAN stacking cannot be bound to VSIs. Otherwise, the configured VSI and
VLAN mapping or VLAN stacking do not take effect.
● If a VLAN is configured with IGMP snooping or MLD snooping, the VLANIF
interface of the VLAN cannot be used as an AC interface. To bind the VLANIF
interface to a VSI, delete the IGMP snooping or MLD snooping configuration
from the VLAN first.
● Bind a VSI to an Eth-Trunk interface.
a. Run:
system-view
NOTE
NOTE
● If the peer PE accepts only packets with VLAN tags, before binding the
Ethernet interface to a VSI, run the mpls l2vpn default vlan command to
configure the default VLAN for the primary interface.
● If the peer PE accepts packets with one more VLAN tag, before binding the
Ethernet interface to a VSI, run the mpls l2vpn vlan-stacking stack-vlan
command to configure the stack VLAN for the primary interface.
● Bind a VSI to an Eth-Trunk sub-interface.
Do as follows on the PEs at both ends of a PW:
a. Run:
system-view
NOTE
quit
▪ Run:
dot1q termination vid low-pe-vid
▪ Run:
qinq termination pe-vid pe-vid ce-vid ce-vid1 [ to ce-vid2 ]
▪ Run:
qinq mapping vid vlan-id1 [ to vlan-id2 ] map-vlan vid vlan-id3
▪ Run:
qinq mapping pe-vid vlan-id1 ce-vid vlan-id2 [ to vlan-id3 ] map-vlan vid vlan-id4
▪ Run:
qinq stacking vid vlan-id1 [ to vlan-id2 ] pe-vid vlan-id3
----End
Prerequisites
All Martini VPLS configurations are complete.
Procedure
● Run the display vsi [ name vsi-name ] [ verbose ] command to check
information about a VPLS VSI.
● Run the display l2vpn ccc-interface vc-type { all | vc-type } [ down | up ]
command to check information about the interface used by an L2VPN
connection.
● Run the display vsi remote ldp [ [ router-id ip-address ] [ pw-id pw-id ] |
unmatch | verbose ] command to check information about a remote VSI.
● Run the display vpls connection [ ldp | vsi vsi-name ] [ down | up ]
[ verbose ] command to check information about a VPLS connection.
● Run the display vpls forwarding-info [ vsi vsi-name [ peer peer-address
[ negotiation-vc-id vc-id | remote-site site-id ] ] | state { up | down } ]
[ verbose ] command to check forwarding information of all VSIs.
● Run the display vsi services { all | vsi-name | interface interface-type
interface-number | vlan vlan-id } command to check information about the
AC interface associated with the VSI.
● Run the display vsi pw out-interface [ vsi vsi-name ] command to check
information about the outgoing interface of a PW in a VSI.
● Run the display l2vpn vsi-list tunnel-policy policy-name command to check
information about the tunnel policy applied to a VSI.
● Run the ping vpn-config peer-address peer-address vsi-name vsi-name
[ pw-id pw-id ] [ local ] [ remote ] command to check configurations of the
VSI on the peer PE.
● Run the display mpls label-stack vpls vsi vsi-name peer peer-ip-address vc-
id vc-id command to check the information about label stacks in a VPLS
scenario.
----End
Configuration Process
To configure Kompella VPLS, perform the following configurations on PEs at both
ends of a PW. Configuring Huawei Devices to Communicate with Non-Huawei
Devices and configuring the Features of Kompella VPLS are optional.
Context
BGP VPLS shares the TCP connection with the common BGP protocol. Therefore,
most BGP VPLS configurations are the same as the configurations of the common
BGP protocol. Nevertheless, VPLS label blocks need to be exchanged in BGP VPLS.
Therefore, you need to enable peers to exchange VPLS label blocks in the BGP
VPLS address family view.
Please do as follows on the PEs of the two ends of the PW:
Procedure
Step 1 Run:
system-view
NOTE
To improve reliability, on the PE, the local loopback interface is generally specified as the
interface to set up the TCP connection.
----End
Context
When configuring BGP VPLS to implement automatic discovery, you need to
create and configure VSIs (set RDs and VPN targets of the VSIs), configure BGP,
and create site connections.
Perform the following steps on PEs at both ends of a PW:
Procedure
Step 1 Run:
system-view
The PW signaling protocol is configured as BGP and the VSI-BGP view is displayed.
Step 4 Run:
route-distinguisher route-distinguisher
NOTE
Step 5 Run:
vpn-target vpn-target & <1-16> [ both | export-extcommunity | import-extcommunity ]
Step 6 Run:
site site-id [ range site-range ] [ default-offset { 0 | 1 } ]
NOTE
All Kompella L2VPN instances and VPLS VSI instances of one device share one label block;
therefore, the sum of the ranges of all Kompella L2VPN instances and VPLS VSI instances
cannot be greater than the label block. Otherwise, the system prompts that the labels
cannot be obtained because the required labels exceed the upper limit. Allocation of a site
ID to a VSI or creation of a CE fails.
----End
Context
The latest RFC defines that the encapsulation type of PW in the Kompella VPLS is
19. Huawei devices support only the Ethernet encapsulation and VLAN
encapsulation. When Huawei devices need to communicate with non-Huawei
devices with the VPLS encapsulation type carried by BGP extended community
attributes as 19, you need to set the global encapsulation type of Kompella VPLS
on the Huawei device, and configure the Huawei device to ignore the MTU match
check.
Do as follows on the PEs of the two ends of the PW:
Procedure
Step 1 Run:
system-view
NOTE
The vpls bgp encapsulation { ethernet | vlan } and ignore-mtu-match commands must
be used together on Huawei devices so that Huawei devices can communicate with non-
Huawei devices.
Step 4 Run:
quit
Before a Kompella VPLS network sends packets with encapsulation types other
than encapsulation type 19, the network converts the encapsulation types of these
packets to encapsulation type 19.
If a Kompella VPLS network receives packets with encapsulation type 19, the
network automatically converts the encapsulation types of these packets to its
own encapsulation type.
Step 8 Run:
mtu-negotiate disable
By default, the MTU value in the VSI view is 1500. If the MTUs for the same VSI
on two PEs are different, the two PEs cannot exchange information or establish a
connection.
The equipment of some vendors cannot perform the MTU match check for VSIs. If
a Huawei device needs to communicate with a non-Huawei device over a
Kompella VPLS network, run the mtu-negotiate disable command to disable the
MTU match check.
----End
Context
Based on the type of link between a PE and a CE, a VSI is bound to an AC
interface on the PE in one of the following modes:
● Binding the VSI with the GE interface, or XGE interface when the PE and the
CE are connected through the Ethernet interface
● Binding the VSI with the GE sub-interface, 40GE sub-interface or XGE sub-
interface when the PE and the CE are connected through the Ethernet sub-
interface
● Binding the VSI with the VLANIF interface when the PE and the CE are
connected through the VLANIF interface
● Binding the VSI with the Eth-Trunk when the PE and the CE are connected
through the Eth-Trunk interface
● Binding the VSI with the Eth-Trunk sub-interface when the PE and the CE are
connected through the Eth-Trunk sub-interface
When XGE, GE, 40GE, or Eth-Trunk interfaces are used as AC interfaces, the outer
Tags carried in the packets sent from the AC to the PW are U Tags (inserted by
user devices, which are meaningless to the SP) by default.
When VLANIF interfaces are used as AC interfaces, the outer Tags carried in the
packets sent from the AC to the PW are P Tags (inserted by SP devices, which are
used to differentiate user traffic) by default.
NOTE
Procedure
● Bind a VSI to an Ethernet interface.
Do as follows on the PEs at both ends of a PW:
a. Run:
system-view
NOTE
● If the peer PE accepts only packets with VLAN tags, before binding the
Ethernet interface to a VSI, run the mpls l2vpn default vlan command to
configure the default VLAN for the primary interface.
● If the peer PE accepts packets with one more VLAN tag, before binding the
Ethernet interface to a VSI, run the mpls l2vpn vlan-stacking stack-vlan
command to configure the stack VLAN for the primary interface.
● Bind a VSI to an Ethernet sub-interface.
Do as follows on the PEs at both ends of a PW:
a. Run:
system-view
▪ Run:
dot1q termination vid low-pe-vid
▪ Run:
qinq termination pe-vid pe-vid ce-vid ce-vid1 [ to ce-vid2 ]
▪ Run:
qinq mapping vid vlan-id1 [ to vlan-id2 ] map-vlan vid vlan-id3
▪ Run:
qinq mapping pe-vid vlan-id1 ce-vid vlan-id2 [ to vlan-id3 ] map-vlan vid vlan-id4
▪ Run:
qinq stacking vid vlan-id1 [ to vlan-id2 ] pe-vid vlan-id3
NOTE
● The VLANIF interfaces of the VLAN before VLAN mapping and VLAN before
VLAN stacking cannot be bound to VSIs. Otherwise, the configured VSI and
VLAN mapping or VLAN stacking do not take effect.
● If a VLAN is configured with IGMP snooping or MLD snooping, the VLANIF
interface of the VLAN cannot be used as an AC interface. To bind the VLANIF
interface to a VSI, delete the IGMP snooping or MLD snooping configuration
from the VLAN first.
● Bind a VSI to an Eth-Trunk interface.
a. Run:
system-view
NOTE
NOTE
● If the peer PE accepts only packets with VLAN tags, before binding the
Ethernet interface to a VSI, run the mpls l2vpn default vlan command to
configure the default VLAN for the primary interface.
● If the peer PE accepts packets with one more VLAN tag, before binding the
Ethernet interface to a VSI, run the mpls l2vpn vlan-stacking stack-vlan
command to configure the stack VLAN for the primary interface.
● Bind a VSI to an Eth-Trunk sub-interface.
a. Run:
system-view
NOTE
▪ Run:
dot1q termination vid low-pe-vid
▪ Run:
qinq termination pe-vid pe-vid ce-vid ce-vid1 [ to ce-vid2 ]
▪ Run:
qinq mapping vid vlan-id1 [ to vlan-id2 ] map-vlan vid vlan-id3
▪ Run:
qinq mapping pe-vid vlan-id1 ce-vid vlan-id2 [ to vlan-id3 ] map-vlan vid vlan-id4
▪ Run:
qinq stacking vid vlan-id1 [ to vlan-id2 ] pe-vid vlan-id3
----End
Context
During the Kompella VPLS configuration, if n PEs are located in a VPLS domain,
n(n-1)/2 IBGP connections need to be established. When there are a large number
of IBGP peers, network resources and CPU resources are greatly consumed. A
route reflector (RR) can be used to solve the problem. One PE functions as an RR
and other PEs function as clients. The clients establish IBGP connections with the
RR.
When configuring route reflection for Kompella VPLS, configure the RR and
reflection policy, and enable VPN-target filtering for received VPLS label blocks.
The BGP VPLS address family view is used to manage the VPLS label block.
Procedure
Step 1 Run:
system-view
Step 2 Run:
bgp { as-number-plain | as-number-dot }
Step 3 Run:
vpls-family
Step 4 Run:
peer { group-name | ipv4-address } reflect-client
After this command is run, the local device functions as the RR and a peer or a
peer group functions as the client of the RR.
Step 5 Run:
undo policy vpn-target
The RR deployed on a Kompella VPLS network does not save VPN routes or label
blocks. You need to run this command to save all VPN routes or label blocks sent
from PEs.
NOTE
Step 6 Run:
rr-filter extcomm-filter-number
----End
Prerequisites
All Kompella VPLS configurations are complete.
Procedure
● Run the display vsi [ name vsi-name ] [ verbose ] command to check
information about a VPLS VSI.
● Run the display l2vpn ccc-interface vc-type { all | vc-type } [ down | up ]
command to check information about the interface used by an L2VPN
connection.
● Run the display vsi remote bgp [ nexthop nexthop-address [ export-vpn-
target vpn-target ] | route-distinguisher route-distinguisher ] command to
check information about a remote VSI.
● Run the display vpls connection [ bgp | vsi vsi-name ] [ down | up ]
[ verbose ] command to check information about a VPLS connection.
● Run the display vpls forwarding-info [ vsi vsi-name [ peer peer-address
[ negotiation-vc-id vc-id | remote-site site-id ] ] | state { up | down } ]
[ verbose ] command to check forwarding information of all VSIs.
● Run the display vsi services { all | vsi-name | interface interface-type
interface-number | vlan vlan-id } command to check information about the
AC interface associated with the VSI.
----End
Configuration Process
To configure BGP AD VPLS, perform the following configurations on PEs at both
ends of a PW.
Context
BGP AD VPLS shares a TCP connection with BGP. Most BGP AD VPLS
configurations are the same as BGP configurations. Unlike BGP, BGP AD VPLS
requires the exchange of VPLS member information between BGP peers.
Therefore, BGP peers need to be enabled to exchange VPLS member information
in the BGP L2VPN AD address family view.
Perform the following steps on PEs at both ends of a PW:
Procedure
Step 1 Run:
system-view
NOTE
Step 4 Run:
peer ipv4-address connect-interface interface-type interface-number
Step 6 Run:
peer ipv4-address enable
NOTE
ipv4-address in this command is the same as ipv4-address specified in the peer command
in the BGP view, which is the remote LSR ID.
----End
Context
When configuring BGP AD VPLS, you need to create VSIs on PEs, set automatic
VPLS member discovery and PW deployment for the VSIs, configure BGP AD
signaling on the PEs, and set VPLS IDs and VPN targets for the VSIs in the VSI-
BGPAD view.
Perform the following steps on PEs at both ends of a PW:
Procedure
Step 1 Run:
system-view
A VSI is created.
Step 3 Run:
bgp-ad
Automatic VPLS member discovery and PW deployment are set for the VSI, and
the VSI-BGP AD view is displayed.
Step 4 Run:
vpls-id vpls-id
A VPLS ID is set.
NOTE
● By default, the RD of BGP AD VPLS is the same as the VPLS ID. If a VPLS ID is set, an RD
does not need to be set. The VSI ID is equal to the local LSR ID and does not need to be set.
● The VPLS IDs for VSIs in one VPLS domain must be the same.
Step 5 Run:
vpn-target vpn-target & <1-16> [ both | export-extcommunity | import-extcommunity ]
NOTE
The function of this command is similar to the function of configuring a peer PE as a UPE
on a Martini HVPLS network. The difference is that this command allows all peer PEs in a
VPLS domain to serve as UPEs. This means a star topology, in which a PE functions as a
Hub, and other PEs connected to this Hub are Spoke PEs.
----End
Context
Based on the type of link between a PE and a CE, a VSI is bound to an AC
interface on the PE in one of the following modes:
● Binding the VSI with the GE interface, or XGE interface when the PE and the
CE are connected through the Ethernet interface
● Binding the VSI with the GE sub-interface, 40GE sub-interface or XGE sub-
interface when the PE and the CE are connected through the Ethernet sub-
interface
● Binding the VSI with the VLANIF interface when the PE and the CE are
connected through the VLANIF interface
● Binding the VSI with the Eth-Trunk when the PE and the CE are connected
through the Eth-Trunk interface
● Binding the VSI with the Eth-Trunk sub-interface when the PE and the CE are
connected through the Eth-Trunk sub-interface
When VLANIF interfaces are used as AC interfaces, the outer Tags carried in the
packets sent from the AC to the PW are P Tags (inserted by SP devices, which are
used to differentiate user traffic) by default.
NOTE
Procedure
● Bind a VSI to an Ethernet interface.
Do as follows on the PEs at both ends of a PW:
a. Run:
system-view
NOTE
● If the peer PE accepts only packets with VLAN tags, before binding the
Ethernet interface to a VSI, run the mpls l2vpn default vlan command to
configure the default VLAN for the primary interface.
● If the peer PE accepts packets with one more VLAN tag, before binding the
Ethernet interface to a VSI, run the mpls l2vpn vlan-stacking stack-vlan
command to configure the stack VLAN for the primary interface.
● Bind a VSI to an Ethernet sub-interface.
Do as follows on the PEs at both ends of a PW:
a. Run:
system-view
▪ Run:
dot1q termination vid low-pe-vid
▪ Run:
qinq termination pe-vid pe-vid ce-vid ce-vid1 [ to ce-vid2 ]
▪ Run:
qinq mapping vid vlan-id1 [ to vlan-id2 ] map-vlan vid vlan-id3
▪ Run:
qinq mapping pe-vid vlan-id1 ce-vid vlan-id2 [ to vlan-id3 ] map-vlan vid vlan-id4
▪ Run:
qinq stacking vid vlan-id1 [ to vlan-id2 ] pe-vid vlan-id3
NOTE
● The VLANIF interfaces of the VLAN before VLAN mapping and VLAN before
VLAN stacking cannot be bound to VSIs. Otherwise, the configured VSI and
VLAN mapping or VLAN stacking do not take effect.
● If a VLAN is configured with IGMP snooping or MLD snooping, the VLANIF
interface of the VLAN cannot be used as an AC interface. To bind the VLANIF
interface to a VSI, delete the IGMP snooping or MLD snooping configuration
from the VLAN first.
● Bind a VSI to an Eth-Trunk interface.
Do as follows on the PEs at both ends of a PW:
a. Run:
system-view
NOTE
NOTE
● If the peer PE accepts only packets with VLAN tags, before binding the
Ethernet interface to a VSI, run the mpls l2vpn default vlan command to
configure the default VLAN for the primary interface.
● If the peer PE accepts packets with one more VLAN tag, before binding the
Ethernet interface to a VSI, run the mpls l2vpn vlan-stacking stack-vlan
command to configure the stack VLAN for the primary interface.
● Bind a VSI to an Eth-Trunk sub-interface.
Do as follows on the PEs at both ends of a PW:
a. Run:
system-view
c. Run:
quit
NOTE
▪ Run:
dot1q termination vid low-pe-vid
▪ Run:
qinq termination pe-vid pe-vid ce-vid ce-vid1 [ to ce-vid2 ]
▪ Run:
qinq mapping vid vlan-id1 [ to vlan-id2 ] map-vlan vid vlan-id3
▪ Run:
qinq mapping pe-vid vlan-id1 ce-vid vlan-id2 [ to vlan-id3 ] map-vlan vid vlan-id4
▪ Run:
qinq stacking vid vlan-id1 [ to vlan-id2 ] pe-vid vlan-id3
Context
When the BGP L2VPN-AD configuration is modified, you can reset BGP
connections for L2VPN-AD to make the configuration take effect immediately.
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the reset bgp l2vpn-ad { all | as-number-plain | as-number-dot | ipv4-address
| group group-name | external | internal } [ graceful ] command to reset BGP
connections for L2VPN-AD.
----End
Procedure
● Run the display vsi [ name vsi-name ] [ verbose ] command to check
information about a VPLS VSI.
● Run the display l2vpn ccc-interface vc-type { all | vc-type } [ down | up ]
command to check information about the interface used by an L2VPN
connection.
● Run the display vsi bgp-ad { import-vt | export-vt | remote-export-vt }
command to check the VPN target information about the local and remote
devices.
● Run the display vsi bgp-ad remote vpls-id vpls-id command to check
member information about a specified remote PE.
● Run the display vpls connection [ bgp-ad | vsi vsi-name ] [ down | up ]
[ verbose ] command to check information about a BGP AD VPLS connection.
● Run the display vpls forwarding-info [ vsi vsi-name [ peer peer-address
[ negotiation-vc-id vc-id | remote-site site-id ] ] | state { up | down } ]
[ verbose ] command to check forwarding information of all VSIs.
● Run the display vsi services { all | vsi-name | interface interface-type
interface-number | vlan vlan-id } command to check information about the
AC interface associated with the VSI.
● Run the display bgp l2vpn-ad [ route-distinguisher route-distinguisher ]
routing-table [ vpls-ad ] [ ipv4-address | statistics ] command to check BGP
L2VPN-AD routes.
----End
PE2
LDP BGP-AD
PE1 PE4
VPLS VPLS
PE3
Pre-configuration Tasks
Before you configure interworking between LDP VPLS and BGP AD VPLS, complete
the following tasks:
Procedure
● Create LDP PWs. For details, see 7.6 Configuring Martini VPLS.
● Create BGP AD PWs. For details, see 7.8 Configuring BGP AD VPLS.
NOTE
On PE2 or PE3, the LDP and BGP AD PWs must be configured in the same VSI.
When you run the vsi vsi-name [ static ] command to create a VSI, if the command carries
the static keyword, LDP PWs must be first established; if the command does not carry the
static keyword, either LDP or BGP AD PWs can be established first.
----End
● Run the display vsi [ name vsi-name ] [ verbose ] command. The command
output shows VSI information.
● Run the display vpls connection [ vsi vsi-name ] [ verbose ] command. The
command output shows VPLS connection information.
Kompella VPLS uses BGP as the signaling. Configuring an RR can solve the problem of
excessive connections caused by VPLS full connections. Therefore, the switch supports only
Martini HVPLS.
Configuration Process
To configure LDP HVPLS, configure the UPE and SPE.
Context
On an HVPLS network, SPEs are fully connected. You need to configure VSI peers
between SPEs, and between SPEs and UPEs.
Perform the following steps on the SPE:
Procedure
Step 1 Run:
system-view
VSIs are created and the automatic member discovery mechanism is used.
Step 3 Run:
pwsignal ldp
LDP is configured as the PW signaling protocol and the VSI-LDP view is displayed.
Step 4 (Optional) Run:
npe-upe mac-withdraw enable
The SPE is enabled to forward the LDP MAC Withdraw messages that are received
from another SPE to a UPE.
By default, an SPE is not enabled to forward the LDP MAC Withdraw messages
that are received from another SPE to a UPE.
When an SPE receives an LDP MAC Withdraw message from another SPE, the SPE
clears the local MAC table and learns MAC addresses. If the UPE does not clear
the MAC table synchronously, communication may be interrupted. You can run
this command to enable the SPE to forward the LDP MAC Withdraw message to
the UPE to clear the MAC table on the UPE.
In good network conditions, running this command speeds up network
convergence. In bad network conditions, running this command generates a large
amount of exchange messages, and therefore is not recommended.
Step 5 (Optional) Run:
upe-upe mac-withdraw enable
The SPE is enabled to forward the LDP MAC Withdraw messages that are received
from a UPE to another UPE.
By default, the SPE is not enabled to forward the LDP MAC Withdraw messages
that are received from a UPE to another UPE.
When an SPE receives an LDP MAC Withdraw message from a UPE, the SPE clears
the local MAC table and learns MAC addresses. If another UPE does not clear the
MAC table synchronously, communication may be interrupted. You can run this
command to enable the SPE to forward the LDP MAC Withdraw message to
another UPE to clear the MAC table on the UPE.
In good network conditions, running this command speeds up network
convergence. In bad network conditions, running this command generates a large
amount of exchange messages, and therefore is not recommended.
Step 6 (Optional) Run:
upe-npe mac-withdraw enable
The SPE is enabled to forward the LDP MAC Withdraw messages that are received
from a UPE to another SPE.
By default, the SPE is not enabled to forward the LDP MAC Withdraw messages
that are received from a UPE to another SPE.
When an SPE receives an LDP MAC Withdraw message from a UPE, the SPE clears
the local MAC table and learns MAC addresses. If another SPE does not clear the
MAC table synchronously, communication may be interrupted. You can run this
command to enable the SPE to forward the LDP MAC Withdraw message to
another SPE to clear the MAC table on the SPE.
In good network conditions, running this command speeds up network
convergence. In bad network conditions, running this command generates a large
amount of exchange messages, and therefore is not recommended.
Step 7 Run:
vsi-id vsi-id
or run:
or run:
peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ] static-upe trans transmit-label
recv receive-label
----End
Context
The configuration of the UPE is similar to that on the PE of the VPLS fully-
connected network. The difference is that the UPE sets up connections only with
the connected SPEs.
For the detailed configuration, see 7.6 Configuring Martini VPLS.
Procedure
● Run the display vsi [ name vsi-name ] [ verbose ] command to check
information about a VPLS VSI.
● Run the display vsi pw out-interface [ vsi vsi-name ] command to check
information about the outgoing interface of a PW in a VSI.
● Run the display l2vpn vsi-list tunnel-policy policy-name command to check
information about the tunnel policy applied to a VSI.
● Run the display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ]
command to check information about a remote VSI.
----End
When VPN services need to be transmitted over a specified TE tunnel or when load
balancing needs to be performed among multiple tunnels to fully use network resources,
tunnel policies need to be applied to VPNs.
Configuration Process
To configure static VLLs to access a VPLS network, configure the UPE and SPE.
● Configuring the UPE
a. Configuring static LSPs between UPEs and SPEs
b. Configuring a UPE to access an SPE through a static VLL
● Configuring the SPE
a. Configuring static LSPs between UPEs and SPEs
b. Binding a static VLL to a VSI on an SPE
7.11.1 Configuring the Static LSP Between the UPE and the
SPE
Context
Before configuring a static VLL, you need to configure a static LSP.
Do as follows on the SPE and the UPE devices:
Procedure
Step 1 Run:
system-view
NOTE
● Between the UPE and the SPE, two static LSPs with opposite directions must be
configured because the static LSP is unidirectional.
● If P devices exist between the UPE and the SPE, the static-lsp transit command must
be configured on the P devices to configure the transit of the static LSP.
----End
Context
Perform the following steps on the UPE:
Procedure
Step 1 Run:
system-view
Step 2 Run:
interface interface-type interface-number
Step 4 Run:
mpls static-l2vc destination ip-address transmit-vpn-label transmit-label-value receive-vpn-label receive-
label-value [ tunnel-policy tnl-policy-name | [ control-word | no-control-word ] | [ raw | tagged ] ] *
----End
Context
This part describes how to configure an SPE to establish VSI peer relationships
with other SPEs, and with UPEs.
Procedure
Step 1 Run:
system-view
The VSI view is created and the static member discovery is enabled.
Step 3 Run:
pwsignal ldp
The LDP is specified as the PW signaling protocol and the VSI LDP view is
displayed.
Step 4 Run:
vsi-id vsi-id
After the configuration, when an AC fault or a UPE fault occurs and the VSI
remains Up, the local MAC address is deleted and all the remote peers are
informed of the deletion.
This command takes effect only after the interface-status-change mac-
withdraw enable command is also used.
Step 6 Run:
peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ]
The received and sent labels between the SPE and the static UPE are configured.
The label trans here must be the same as the label receive-vpn-label that is
configured on UPE. In addition, the label recv must be the same as the label
transmit-vpn-label that is configured on UPE.
----End
Procedure
● Run the display mpls static-l2vc [ interface interface-type interface-
number ] command to check information about the static VC configured on
the switch.
----End
Configuration Process
To configure CE Dual-Homed Kompella VPLS, perform the following
configurations on the PE.
Context
When configuring Kompella VPLS, you need to create and configure VSIs (set RDs
and VPN targets of the VSIs), configure BGP, and create site connections.
Configure two VSIs with the same attributes on two dual-homed PEs.
Procedure
Step 1 Run:
system-view
Step 2 Run:
vsi vsi-name auto
VSIs are created and the automatic member discovery mechanism is used.
The Kompella VPLS does not directly run on the connection between CEs. Each CE
has a globally unique number. On a PE, a VSI is created for each CE that is directly
connected to this PE device.
Step 3 Run:
pwsignal bgp
BGP is configured as the PW signaling protocol and the VSI BGP view is displayed.
Step 4 Run:
route-distinguisher route-distinguisher
Step 6 Run:
site site-id [ range site-range ] [ default-offset { 0 | 1 } ]
NOTE
At present, the VSIs of the two dual-homed PEs can be configured with only one label
block. To enlarge the range, use the undo site command to delete all the original sites and
then configure a larger range. In addition, the VSIs of the two dual-homed PEs can be
configured with only one AC.
Before a Kompella VPLS network sends packets with encapsulation types other
than encapsulation type 19, the network converts the encapsulation types of these
packets to encapsulation type 19.
If a Kompella VPLS network receives packets with encapsulation type 19, the
network automatically converts the encapsulation types of these packets to its
own encapsulation type.
----End
Context
If the VSIs of two PEs to which a CE is dual homed are Up, the PE with the higher
priority functions as the master PE, whereas the PE with the lower priority
functions as the backup PE. Therefore, you should not assign the same priority to
the PEs, because this hinders the master/backup PE negotiation.
Procedure
Step 1 Run:
system-view
Step 2 Run:
vsi vsi-name
Step 3 Run:
multi-homing-preference preference-value
When the VSIs of the two PEs that a CE accesses are Up, the PE with the higher
preference serves as the active PE, and the PE with the lower preference works as
the standby PE. The active PE is responsible for forwarding the traffic of the CE;
the standby PE is only responsible for checking whether the VSI of the active PE is
Up. After a PE is selected as the standby PE, the status of the VSI of the standby
PE is set to Down. After the VSI of the active PE becomes Down, the standby PE
becomes the new active PE.
After the BGP session between the two PEs that a CE accesses becomes Down, the
PW of the PE with the lower preference becomes Up, and the PW between the
two PEs becomes Up.
----End
Context
Based on the type of link between a PE and a CE, a VSI is bound to an AC
interface on the PE in one of the following modes:
● Binding the VSI with the GE interface, or XGE interface when the PE and the
CE are connected through the Ethernet interface
● Binding the VSI with the GE sub-interface, 40GE sub-interface or XGE sub-
interface when the PE and the CE are connected through the Ethernet sub-
interface
● Binding the VSI with the VLANIF interface when the PE and the CE are
connected through the VLANIF interface
● Binding the VSI with the Eth-Trunk when the PE and the CE are connected
through the Eth-Trunk interface
● Binding the VSI with the Eth-Trunk sub-interface when the PE and the CE are
connected through the Eth-Trunk sub-interface
The sub-interfaces can be dotlq sub-interfaces, QinQ sub-interfaces, VLAN
mapping sub-interfaces, or VLAN stacking sub-interfaces. For details on how to
access the VPLS through a sub-interface, see Configuring a Dot1q Termination
Sub-interface and Connecting It to an L2VPN and Configuring a QinQ Termination
Sub-interface and Connecting It to an L2VPN in "VLAN Termination Configuration"
in the S1720, S2700, S5700, and S6720 V200R010C00 Configuration Guide -
Ethernet Switching.
When XGE, GE, 40GE, or Eth-Trunk interfaces are used as AC interfaces, the outer
Tags carried in the packets sent from the AC to the PW are U Tags (inserted by
user devices, which are meaningless to the SP) by default.
When VLANIF interfaces are used as AC interfaces, the outer Tags carried in the
packets sent from the AC to the PW are P Tags (inserted by SP devices, which are
used to differentiate user traffic) by default.
NOTE
Procedure
● Bind a VSI to an Ethernet interface.
Do as follows on the PEs at both ends of a PW:
a. Run:
system-view
NOTE
● If the peer PE accepts only packets with VLAN tags, before binding the
Ethernet interface to a VSI, run the mpls l2vpn default vlan command to
configure the default VLAN for the primary interface.
● If the peer PE accepts packets with one more VLAN tag, before binding the
Ethernet interface to a VSI, run the mpls l2vpn vlan-stacking stack-vlan
command to configure the stack VLAN for the primary interface.
● Bind a VSI to an Ethernet sub-interface.
Do as follows on the PEs at both ends of a PW:
a. Run:
system-view
▪ Run:
dot1q termination vid low-pe-vid
The single VLAN ID for dot1q encapsulation on a sub-interface is
configured.
▪ Run:
qinq termination pe-vid pe-vid ce-vid ce-vid1 [ to ce-vid2 ]
▪ Run:
qinq mapping vid vlan-id1 [ to vlan-id2 ] map-vlan vid vlan-id3
▪ Run:
qinq mapping pe-vid vlan-id1 ce-vid vlan-id2 [ to vlan-id3 ] map-vlan vid vlan-id4
▪ Run:
qinq stacking vid vlan-id1 [ to vlan-id2 ] pe-vid vlan-id3
NOTE
● The VLANIF interfaces of the VLAN before VLAN mapping and VLAN before
VLAN stacking cannot be bound to VSIs. Otherwise, the configured VSI and
VLAN mapping or VLAN stacking do not take effect.
● If a VLAN is configured with IGMP snooping or MLD snooping, the VLANIF
interface of the VLAN cannot be used as an AC interface. To bind the VLANIF
interface to a VSI, delete the IGMP snooping or MLD snooping configuration
from the VLAN first.
● Bind a VSI to an Eth-Trunk interface.
Do as follows on the PEs at both ends of a PW:
a. Run:
system-view
c. Run:
quit
NOTE
NOTE
● If the peer PE accepts only packets with VLAN tags, before binding the
Ethernet interface to a VSI, run the mpls l2vpn default vlan command to
configure the default VLAN for the primary interface.
● If the peer PE accepts packets with one more VLAN tag, before binding the
Ethernet interface to a VSI, run the mpls l2vpn vlan-stacking stack-vlan
command to configure the stack VLAN for the primary interface.
NOTE
▪ Run:
dot1q termination vid low-pe-vid
▪ Run:
qinq termination pe-vid pe-vid ce-vid ce-vid1 [ to ce-vid2 ]
▪ Run:
qinq mapping vid vlan-id1 [ to vlan-id2 ] map-vlan vid vlan-id3
▪ Run:
qinq mapping pe-vid vlan-id1 ce-vid vlan-id2 [ to vlan-id3 ] map-vlan vid vlan-id4
▪ Run:
qinq stacking vid vlan-id1 [ to vlan-id2 ] pe-vid vlan-id3
----End
Prerequisites
All CE dual-homed Kompella VPLS configurations are complete.
Procedure
● Run the display bgp vpls group [ group-name ] command to check the BGP
VPLS peer group relationship on a PE or an ASBR PE.
● Run the display bgp vpls peer [ [ ipv4-address ] verbose ] command to
check the BGP VPLS peer relationship on a PE or an ASBR PE.
● Run the display bgp vpls all command to check BGP VPLS label blocks on a
PE or an ASBR PE.
● Run the display vpls connection [ bgp | vsi vsi-name ] [ down | up ]
[ verbose ] command to check the VPLS connection on a PE.
----End
Pre-configuration Task
Before configuring inter-AS Martini VPLS in OptionA mode, complete the following
tasks:
● Configure IGP for the MPLS backbone network of each AS to ensure IP
connectivity of the backbone network within an AS.
● Configure basic MPLS functions on the MPLS backbone network of each AS.
● Configure MPLS LDP and establish the LDP LSP for the MPLS backbone
network of each AS.
● Establish a tunnel between the PE and ASBR within an AS.
Context
The configuration is described as follows:
NOTE
In inter-AS Martini VPLS OptionA, each ASBR must reserve an AC interface for each inter-AS
VC. OptionA can be used when the number of inter-AS VCs is small. Compared with the
L3VPN, the inter-AS L2VPN OptionA consumes more resources and requires more
configuration workload. Therefore, the inter-AS L2VPN OptionA is not recommended.
● Run the ping vpls mac mac-address vsi vsi-name [ vlan vlan-id | -c count | -
m time-value | -s packsize | -t timeout | -exp exp | -r replymode ] * command
to check the connectivity of Layer 2 links on the VPLS network.
● Run the trace vpls mac mac-address vsi vsi-name [ vlan vlan-id ] [ -t
timeout | -f first-ttl | -m max-ttl | -exp exp | -r replymode ] * command to
check the PEs and P that packets pass from the sender to the receiver and
check the connectivity of Layer 2 links, which helps locate the faulty node on
the network.
NOTE
In OptionA mode, the ping and trace functions support intra-AS detection.
Context
The configuration is described as follows:
NOTE
● In the inter-AS VPLS OptionA, the VPN targets of the ASBRs and PEs in the same AS
must match; the VPN targets of the PEs in different ASs do not need to match.
● In inter-AS Martini VPLS OptionA, each ASBR must reserve an AC interface for each
inter-AS VC. OptionA can be used when the number of inter-AS VCs is small.
Compared with the L3VPN, the inter-AS L2VPN OptionA consumes more resources and
requires more configuration workload. Therefore, the inter-AS L2VPN OptionA is not
recommended.
In OptionA mode, the ping and trace functions support intra-AS detection.
Because pseudo wire emulation edge-to-edge (PWE3) uses LDP to distribute VPN
labels, you must globally enable MPLS LDP on PEs and establish MPLS LDP
sessions if TE tunnels are used as public tunnels.
If the public tunnels are not LDP tunnels, you must configure tunnel policies and
apply them to these public tunnels.
Only the VPLSs in PWE3 mode support PW redundancy.
● Enable MPLS L2VPN on PEs.
UPE 1
PW
SPE2
Configuration Process
To configure VPLS PW Redundancy, perform the following configurations on the
PE. Configuring BFD for PW and Manually Switching PWs in a PW Protection
Group are optional.
7.15.1 Configuring a PW
Context
Only LDP PWs can be configured.
Do as follows on the SPE and the UPE devices:
Procedure
● Configure a PW in HVPLS networking mode.
For details, see Configuring LDP HVPLS.
a. Run:
system-view
From the perspective of the UPE, the PW between itself and an SPE is a
hub PW; from the perspective of an SPE, the PW between itself and the
UPE is a spoke PW.
f. Run:
quit
Procedure
Step 1 Run:
system-view
Step 3 Run:
pwsignal ldp
NOTE
The PW redundancy mode of the PW protection group must have been configured before you
start the following configurations.
Step 6 Run:
peer peer-address [ negotiation-vc-id vc-id ] preference preference-value
The specified PW is added to the PW protection group and the priority of the PW
is specified. The smaller the value, the higher the priority. Among the two PWs
added to a PW protection group, the one with a higher priority serves as the
primary.
Step 7 (Optional) Run:
reroute { delay delay-time | immediately | never }
The function of the secondary PW to receive and forward traffic from the peer is
enabled.
By default, the secondary PW does not receive traffic from the peer.
When the network is unstable or a faulty occurs on the device, traffic may switch
between the primary and secondary PW. In this case, you need to run the stream-
dual-receiving command to enable the secondary PW to receive and forward
traffic from the peer. This reduces number of packets lost during switching, but
may incur routing loops..
NOTE
On a VPLS network that uses BFD for fault detection, traffic immediately switches from the
primary PW to the secondary PW after BFD detects a fault on the primary PW, no matter
whether delayed switching is configured. It is recommended that you determine whether to
use BFD or delayed switching based on your actual network requirements.
After you configure a switching delay, traffic forwarded during the delay period will be
interrupted if the primary PW fails to recover before the delay period expires.
----End
Context
PW1
UPE CE2
CE1
PW2
SPE2 NPE2
spoke PW
hub PW
Under normal circumstances, if all hub PWs connected to SPE1 go Down but PW1
is Up, the upstream traffic still travels along the primary PW, PW1. As a result,
traffic gets lost. To prevent the preceding problem, you can associate spoke PW
status with hub PW status. Then, after all the hub PWs of the SPE where the
primary spoke PW resides go Down, the SPE notifies the UPE of switching traffic
to the secondary spoke PW for transmission.
Procedure
Step 1 Run:
system-view
----End
Procedure
Step 1 Run:
system-view
NOTE
Note that you must configure or cancel BFD for PW on both ends of a PW. Otherwise, the PW
status on both ends may be inconsistent.
Step 7 Run:
quit
The system is enabled to send BFD for VSI-PW packets to the protocol stack for
processing.
----End
Procedure
Step 1 Run:
system-view
----End
Procedure
● Run the display vsi name vsi-name protect-group [ group-name [ verbose |
history ] ] command to check summary or detailed information about the
Configuration Process
After creating a VSI and assigning a signaling protocol to it, you can set common
parameters of the VSI. According to different applicable environments, you can
determine whether to modify the MAC address learning mode and MAC address
entry.
Perform the following configurations on the PE.
Context
Common parameters of a VSI include VPLS encapsulation type of a VSI, MTU for
negotiation, tunnel policy for a VSI, and VSI description.
Perform the following steps on PEs at both ends of a PW.
Procedure
Step 1 Run:
system-view
NOTE
When an interface is bound to a VSI, the MTU can be configured in the interface view but
does not take effect. The PW signaling uses the MTU that is configured in the VSI for PW
MTU negotiation.
On the switch, the MTU value is used only for signaling negotiation and does not limit the
size of forwarded packets.
----End
Context
In VPLS, packets are forwarded according to MAC address forwarding entries. In
most cases, MAC address learning can be performed automatically. Nevertheless,
to prevent attacks and troubleshoot faults, you can adopt the VSI-based MAC
address management mechanism provided by the switch.
A physical interface can belong to multiple VLANs at the same time. Multiple
VLANIF interfaces can be bound with the same VSI. Therefore, when configuring
MAC address static entries or blackhole entries for VSI bound to the VLANIF
interfaces, you must specify the physical interface and VLANIF interface.
Do as follows on the PEs of the two ends of the PW:
Procedure
Step 1 Run:
system-view
The aging time of MAC address entries for the VPLS is configured.
Step 3 Run:
mac-address static mac-address interface-type interface-number vlanif interface-number vsi vsi-name or
mac-address static mac-address interface-type interface-number vsi vsi-name
Step 4 Run:
mac-address blackhole mac-address vsi vsi-name
Step 5 Run:
vsi vsi-name [ auto | static ]
Step 6 Run:
pwsignal ldp
The PW signaling protocol is specified as LDP and the VSI-LDP view is displayed.
Step 7 Run:
vsi-id vsi-id
Step 8 Run:
quit
Step 9 Run:
mac-learning { enable | disable }
Step 10 Run:
mac-limit { action { discard | forward } | alarm { disable | enable } | maximum max-num } *
----End
Context
On an LDP, BGP AD, or LDP+BGP AD VPLS network, when the AC or PW status on
a MAC Withdraw-capable PE changes, the PE sends a MAC Withdraw message to
remote peers, instructing the remote peers to remove MAC address entries in their
VSIs. If MAC Withdraw relay is configured, the remote peers will forward the
received MAC Withdraw messages.
NOTE
MAC Withdraw can be configured in either the VSI-LDP view or VSI view, but cannot be
configured in both views. If you have configured MAC Withdraw in one view but now you want
to configure MAC Withdraw in the other view, delete the current MAC Withdraw configuration
first.
MAC Withdraw applies only to LDP VPLS networks if configured in the VSI-LDP view, but applies
to LDP, BGP AD, and LDP+BGP AD VPLS networks if configured in the VSI view.
Configuration Procedure
● Configure a PE to send MAC Withdraw messages when the AC or PW status
on the PE changes. Two methods are available for configuring this MAC
Withdraw function (method 1 applies only to LDP VPLS networks, whereas
method 2 applies to LDP, BGP AD, and LDP+BGP AD VPLS networks):
– Method 1
i. Run:
system-view
i. Run:
system-view
– Method 2
i. Run:
system-view
This command takes effect only in a VPLS scenario with primary and secondary VLLs.
In other scenarios, the VLL needs to send MAC Withdraw messages; otherwise,
services will be interrupted.
Procedure
Step 1 Run:
system-view
Layer 2 virtual private network (L2VPN) is enabled, and the L2VPN view is
displayed.
Step 3 Run:
vpls mac-withdraw loop-detect enable
----End
Context
A'
C B
B'
C'
D
D'
DSLAM
As shown in Figure 7-30, if the services running on the old network will switch to
the new network, and you want to check whether the VSI on the new network can
work normally before the service switchover, you need to configure the VSI to
ignore the AC status on D'. After the configuration, the VSI on D' keeps Up before
the DSLAM is connected to the new network.
If an AC interface is Down and the PW is Up, the VSI remains Up after being
enabled to ignore AC status. If an AC interface is Up and the PW is Down, the VSI
remains Up after being enabled to ignore AC status.
Procedure
Step 1 Run:
system-view
The status of a VSI is prevented from being affected by the status of the
AC.
● If you want to prevent the status of one VSI from being affected by the status
of the AC:
a. Run:
vsi vsi-name [ static ]
The status of a VSI is prevented from being affected by the status of the
AC.
----End
Follow-up Procedure
The vpls ignore-ac-state or ignore-ac-state are used only before the service
switchover between a new VPLS network and an old one. After the service
switchover, run the undo vpls ignore-ac-state or undo ignore-ac-state command
to restore the default setting.
Context
On a VPLS network, you can limit the rates of broadcast, multicast, and unknown
unicast packets to:
You can flexibly control the processing of unknown multicast packets. For
example, you can enable the device to discard unknown multicast packets in the
IGMP-snooping over VPLS scenario.
Do as follows on the PEs on which the VSI broadcast traffic, multicast traffic, and
unknown unicast traffic need to be suppressed.
Procedure
Step 1 Run:
system-view
----End
Context
To collect statistics on VPLS traffic, choose either of the following methods:
● Enable traffic statistics collection for the specified PW.
● Enable traffic statistics collection on the VLANIF interfaces bound to the
specified VPLSs.
Procedure
● Enable traffic statistics collection for the specified PW.
a. Run the system-view command to enter the system view.
b. Run the vsi vsi-name [ auto | static ] command to enter the VSI view.
c. Choose one of the following commands to collect statistics on traffic of a
PW:
▪ In BGP mode:
1) Run the pwsignal bgp command to configure BGP as the PW
signaling protocol and enter the VSI-BGP view.
2) Run the traffic-statistics peer peer-address remote-site site-id
enable command to enable the traffic statistics function on a
Kompella VPLS PW.
▪ In LDP mode:
1) Run the pwsignal ldp command to configure LDP as the PW
signaling protocol and enter the VSI-LDP view.
2) Run the traffic-statistics peer peer-address peer-address
[ negotiation-vc-id vc-id ] enable command to enable the
traffic statistics function on a Martini VPLS PW.
NOTE
When there are a large number of PWs, you can run the traffic-
statistics enable (VSI-LDP view) command to enable the traffic
statistics function on a Martini VPLS PW.
▪ In BGP AD mode:
1) Run the bgp-ad command to set the PW establish mode of the
VSI to automatic discovery and deployment, and enter the VSI-
BGPAD view.
2) Run the traffic-statistics peer peer-address enable command to
enable the traffic statistics function on a BGP AD VPLS PW.
NOTE
When there are a large number of PWs, you can run the traffic-
statistics enable (VSI-BGPAD view) command to enable the traffic
statistics function on all BGP AD VPLS PWs.
● Enable traffic statistics collection on the VLANIF interfaces bound to the
specified VPLS.
a. Run the system-view command to enter the system view.
b. Run the interface vlanif vlan-id command to enter the VLANIF interface
view.
c. Run the l2 binding vsi vsi-name command to bind the VLANIF interface
to a VSI.
d. Run the statistic enable { both | inbound | outbound } command to
enable traffic statistics collection on the VLANIF interface bound to the
specified VSI.
Context
NOTICE
The traffic statistics information cannot be restored after you clear it. So, confirm
the action before you use the command.
Procedure
● Run the reset traffic-statistics vsi all command in the user view to reset all
traffic statistics on VPLS PW.
● Run the reset traffic-statistics vsi name vsi-name command in the user view
to reset traffic statistics on all VPLS PWs in a specified VSI.
● Run the reset traffic-statistics vsi name vsi-name peer peer-address
command in the user view to reset traffic statistics on a VPLS PW in a
specified VSI.
● Run the reset traffic-statistics vsi name vsi-name peer peer-address
negotiation-vc-id vc-id command in the user view to reset the traffic
statistics on a specified Martini VPLS PW in a specified VSI.
● Run the reset traffic-statistics vsi name vsi-name peer peer-address
remote-site site-id command in the user view to reset the traffic statistics on
a specified Kompella VPLS PW in a specified VSI.
● Run the reset traffic-statistics vsi name vsi-name peer peer-address ldp129
command in the user view to reset the traffic statistics on a specified BGP AD
VPLS PW in a specified VSI.
● Run the reset counters interface vlanif [ interface-number ] command in
the user view to reset the traffic statistics on the specified VLANIF interface
bound to the VSI.
----End
Context
NOTE
Within five minutes, if a PW goes Down, traffic before the PW is Down cannot be used to
compute the traffic rate in the five minutes.
After the traffic statistics function is enabled on a VPLS, you can run the following
commands in any view to view the running status of traffic on the VPLS.
Procedure
● Run the display traffic-statistics vsi vsi-name command to check the public
traffic statistics on all VPLS PWs in a specified VSI.
----End
Context
Sometimes, to halt services, you can disable a VSI temporarily, and then add,
cancel, or adjust VSI functions.
Procedure
● Enable VSI
a. Run the system-view command to enter the system view.
b. Run the vsi vsi-name command to enter the vsi view.
c. Run the undo shutdown command to enable VSI.
● Disable VSI
a. Run the system-view command to enter the system view.
b. Run the vsi vsi-name command to enter the vsi view.
c. Run the shutdown command to check disable VSI.
NOTICE
----End
Context
Checking the consistency of VPN configurations, you can locate faults on the VPN
connection.
NOTE
To reduce the bandwidth consumption, the ping vpn-config command only sends one
probe packet and set timeout period for waiting for a Response packet to 10 seconds.
Procedure
● Run the ping vpn-config peer-address peer-address vsi-name vsi-name
[ pw-id pw-id ] [ local ] [ remote ] command to check consistency of
configurations on both ends of a VPN. The information can help you locate
faults on the VPN connection.
The command output includes information about the VSI type, VSI
description, VSI management status, VSI running status, PW status, MTU
value, number of AC in the VSI, IP address of the peer PE, IP address of the
local PE, whether probe or Echo Reply packets are forwarded through the LSP
tunnel, PW-ID, PE types, VC encapsulation type, and outer incoming and
outgoing tags.
----End
Context
NOTICE
After MAC address entries are cleared, the entries cannot be restored. Confirm the
action before you clear the entries.
Procedure
● Run the undo mac-address static mac-address interface-type interface-
number vlanif interface-number vsi vsi-name command to clear MAC address
entries for a VSI.
● Run the undo mac-address static mac-address interface-type interface-
number vsi vsi-name command to clear MAC address entries for a VSI.
● Run the undo mac-address [ dynamic | all ] command to clear dynamic, or
all MAC address entries.
● Run the undo mac-address static command to clear static MAC address
entries.
● Run the undo mac-address blackhole [ vsi vsi-name ] command to clear
blackhole MAC address entries.
----End
Context
VPLS data forwarding relies on MAC address learning. Therefore, data packets
cannot be correctly forwarded in the VPLS domain unless the MAC addresses of
data packets can be learned by the PE device. Diagnostic tool of the OAM MAC
address learning capability can check the MAC address learning of the VSIs on a
device by adding special OAM MAC addresses to a VPLS network.
When packets fail to be forwarded between CEs but the PW is Up, you can use the
diagnostic tool of the OAM MAC address learning capability to check whether a
fault occurs in the MAC address learning on a device.
The diagnostic tool of the OAM MAC address learning capability include:
On the switch, you can diagnose the MAC address learning capability in the
following methods:
● Add OAM MAC addresses to the local or peer device in the VPLS network.
After adding the OAM MAC address, a MAC address test is performed for the
device.
● Remove the OAM MAC addresses from the local or peer device in the VPLS
network.
The OAM MAC addresses to be removed must be the ones that have been
added.
● Add OAM MAC addresses of the register type to the local or peer device in
the VPLS network.
After the OAM MAC addresses of the register type are added, the packets
destined for the addresses are discarded.
The diagnostic tool of the OAM MAC address learning capability can be used in
the following VPLS networks:
Procedure
Step 1 Run the mac-diagnose enable command to enable diagnostic test on the MAC
address learning capacity.
Step 2 Run the mac-populate vsi vsi-name mac mac-address [ packet-num num |
flood ] * command to initiate a test on the MAC address learning capacity by
adding an OAM MAC address to the device.
● vsi vsi-name: specifies the name of the VSI of which the MAC address
learning capability needs to be diagnosed.
● mac mac-address: only 10 OAM MAC addresses are supported currently.
– 0018-82a4-3fb1
– 0018-82a4-3fb2
– 0018-82a4-3fb3
– 0018-82a4-3fb4
– 0018-82a4-3fb5
– 0018-82a4-3fb6
– 0018-82a4-3fb7
– 0018-82a4-3fb8
– 0018-82a4-3fb9
– 0018-82a4-3fba
● packet-num num: specifies the number of the sent diagnosis packets. The
value is a decimal integer that ranges from 1 to 5. The default value is 3.
● flood: indicates that diagnose packets are flooded in the VPLS network. In this
case, both the local device and the peer device configured with the same VSI
can learn the specified OAM MAC address. If this parameter is not specified,
only the PE where the command is run can learn the specified OAM MAC
address.
Step 3 Run the mac-purge vsi vsi-name mac mac-address [ packet-num num | register |
flood ] * command to purge an OAM MAC address from the forwarding table.
● flood: If this parameter is not specified, only the local PE can delete the
specified OAM MAC address. If this parameter is specified, the diagnose
packets are flooded in the VPLS network. In this case, both the local device
and the peer device configured with the same VSI can delete the specified
OAM MAC address.
● register: indicates that the specified OAM MAC address becomes the
blackhole MAC address, and all the packets destined for this address are
discarded.
----End
Exception Handling
● Run the mac-purge command to check the MAC address list for the
diagnostic test on the MAC address learning capacity.
● Run the display oam-mac statistics { populate | purge | purge-register |
all } command to check the statistics about MAC diagnostic packets.
NOTE
To clear statistics about MAC diagnostic packets, run the reset oam-mac statistics
{ populate | purge | purge-register | all } command.
----End
Context
To check connectivity of a VPLS network, run the following functions on PE
devices.
Procedure
● Checking VPLS network connectivity
– Run the ping vpls mac mac-address vsi vsi-name [ vlan vlan-id | -c count
| -m time-value | -s packsize | -t timeout | -exp exp | -r replymode | -h
ttl ]* command to check connectivity of the Layer 2 forwarding link on
the VPLS network.
– Run the ping vpls [ -c echo-number | -m time-value | -s data-bytes | -t
timeout-value | -r reply-mode | -exp exp-value | -v ] * vsi vsi-name local-
site-id remote-site-id command to check connectivity of the link between
PEs on the Kompella VPLS network.
– Run the ping vpls [ -c echo-number | -m time-value | -s data-bytes | -t
timeout-value | -r reply-mode | -exp exp-value | -v ] * vsi vsi-name peer
peer-address [ negotiate-vc-id vc-id ] command to check connectivity of
the link between PEs on the Martini or BGP AD VPLS network.
– Run the ping vpls multicast vsi vsi-name [ -a source-ip-address | -c
count | -s packetsize | -t timeout | -m interval | -r replymode | -exp exp | -
v ] * dest-ip-address command to start an MFIB ping test with a specified
VSI in the VPLS domain.
– Run the trace vpls mac mac-address vsi vsi-name [ vlan vlan-id ] [-t
timeout | -f first-ttl | -m max-ttl | -exp exp | -r replymode ]* command to
check PEs and P devices along the PW on the VPLS network and locate
faulty nodes.
– Run the tracert vpls [ -exp exp-value | -f first-ttl | -m max-ttl | -r reply-
mode | -t timeout-value ] * vsi vsi-name peer peer-address [ negotiate-
vc-id vc-id ] [ full-lsp-path ] command to check connectivity of the
Martini or BGP AD VPLS network.
– Run the tracert vpls multicast vsi vsi-name [ -a source-ip-address | -t
timeout | -r reply-mode | -exp exp | -f first-ttl | -m max-ttl ] * multicast-
address multicast-ip-address remote-address remote-ip-address
command to start an MFIB Trace test with a specified VSI in the VPLS
domain.
● Checking ping/trace packet statistics
– Run the display vpls multicast-ping statistics command to check the
number of sent and received MFIB ping packets.
– Run the display vpls multicast-trace statistics command to check the
number of sent and received MFIB trace packets.
– Run the display vpls-ping statistics command to check the number of
sent and received VPLS MAC ping packets.
– Run the display vpls-trace statistics command to check the number of
sent and received VPLS MAC trace packets.
● Clearing ping/trace packet statistics
– Run the reset vpls multicast-ping statistics command to clear VPLS
MFIB ping packet statistics.
----End
Context
A device supports only a limited number of VPLS VCs. After the total number of
VPLS VCs created on a device exceeds a certain limit, the device performance
deteriorates. To prevent device performance deterioration caused by excessive
VPLS VCs, configure the upper and lower alarm thresholds for VPLS VCs. You can
flexibly adjust the upper and lower alarm thresholds for VPLS VCs based on actual
requirements.
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the mpls l2vpn command to enter the MPLS L2VPN view.
Step 3 Run the mpls l2vpn vsi-pw limit threshold-alarm upper-limit upper-limit-value
lower-limit lower-limit-value command to configure the upper and lower alarm
thresholds for VPLS VCs.
By default, the upper and lower alarm thresholds are 80% and 70% respectively.
● upper-limit-value specifies the upper alarm threshold for VPLS VCs. If the
proportion of VPLS VCs created to the maximum VPLS VCs allowed reaches
this threshold, a VPLS VC threshold-crossing alarm is reported.
● lower-limit-value specifies the lower alarm threshold for VPLS VCs. If the
proportion of VPLS VCs created to the maximum VPLS VCs allowed falls
below this threshold, a VPLS VC threshold-crossing clear alarm is reported.
● upper-limit-value must be greater than lower-limit-value.
----End
Context
In routine network maintenance, you can learn overall MPLS L2VPN information
by checking MPLS L2VPN specifications and usage information.
Procedure
● Run the display mpls l2vpn resource command to check MPLS L2VPN
specifications and usage information.
----End
Context
If MPLS L2VPN alarm verification is enabled on a device, the device regularly
sends service alarms to the fault management (FM) module until these alarms are
cleared. The FM then compares received alarms with locally stored alarms. If a
received alarm is different from any of the locally stored alarms, the FM module
reports the alarm to the NMS. If a received alarm is the same as a locally stored
alarm, the FM module does not report this alarm.
If a large number of services exist, MPLS L2VPN alarm verification may regularly
drive the CPU usage to a high level, affecting service performance. In this case,
you can disable MPLS L2VPN alarm verification.
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the mpls l2vpn command to enter the MPLS L2VPN view.
Step 3 Run the mpls l2vpn alarm verification disable command to disable MPLS L2VPN
alarm verification.
By default, MPLS L2VPN alarm verification is enabled.
After MPLS L2VPN alarm verification is disabled, the device does not periodically
send service alarms to the FM module, and the FM module cannot age out
cleared alarms.
----End
GE0/0/1 GE0/0/1
VLANIF10 VLANIF40
10.1.1.1/24 10.1.1.2/24
CE1 CE2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure transparent transmission of Layer 2 packets over the backbone
network using VPLS to enable users at Site1 and Site2 to communicate at
Layer 2 and reserve user information when Layer 2 packets are transmitted
over the backbone network.
2. Use Martini VPLS to implement Layer 2 communication between CEs on an
enterprise network with few sites.
3. Configure the IGP routing protocol on the backbone network to implement
data transmission on the public network between PEs.
4. Configure basic MPLS functions and LDP on the backbone network to support
VPLS.
5. Establish tunnels for transmitting data between PEs to prevent data from
being known by the public network.
6. Enable MPLS L2VPN on PEs to implement VPLS.
7. Create VSIs on PEs, specify LDP as the signaling protocol, and bind VSIs to AC
interfaces to implement Martini VPLS.
Procedure
Step 1 Configure VLANs that interfaces belong to.
Configure the VLAN that each interface belongs to and assign IP addresses to
interfaces on Switch.
# Configure CE1. The configuration on PE1, P, PE2, and CE2 is similar to the CE1,
and is not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan 10
[CE1-vlan10] quit
[CE1] interface vlanif 10
NOTE
Do not add AC-side physical interfaces and PW-side physical interfaces of a PE to the same
VLAN; otherwise, a loop may occur.
When configuring OSPF, advertise the 32-bit address of the loopback interface
(LSR IDs) on PE1, P and PE2.
# Configure PE1. The configuration on P and PE2 is similar to the PE1, and is not
mentioned here.
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 255.255.255.255
[PE1-LoopBack1] quit
[PE1] ospf 1
[PE1-ospf-1] area 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 168.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure PE1. The configuration on P and PE2 is similar to the PE1, and is not
mentioned here.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit
After the configuration is complete, run the display mpls ldp session command
on PE1, P and PE2. You can see that peer relationships are set up between PE1
and P, and between P and PE2. The status of the peer relationship is Operational.
Run the display mpls lsp command to view the LSP status.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit
# Configure PE2.
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration is complete, run the display mpls ldp session command
on PE1 or PE2, and you can see that the status of the peer relationship between
PE1 and PE2 is Operational. That is, the peer relationship is set up.
Step 5 Enable MPLS L2VPN on PEs.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] pwsignal ldp
[PE2-vsi-a2-ldp] vsi-id 2
[PE2-vsi-a2-ldp] peer 1.1.1.9
[PE2-vsi-a2-ldp] quit
[PE2-vsi-a2] quit
# Configure PE2.
[PE2] interface vlanif 40
[PE2-Vlanif40] l2 binding vsi a2
[PE2-Vlanif40] quit
***VSI Name : a2
Administrator VSI : no
Isolate Spoken : disable
VSI Index :0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
P2P VSI : disable
Create Time : 0 days, 0 hours, 1 minutes, 3 seconds
VSI State : up
VSI ID :2
*Peer Router ID : 3.3.3.9
Negotiation-vc-id :2
primary or secondary : primary
ignore-standby-state : no
VC Label : 4096
Peer Type : dynamic
Session : up
Tunnel ID : 0x1a
Broadcast Tunnel ID : 0x1a
Broad BackupTunnel ID : 0x0
CKey :6
NKey :5
Stp Enable :0
PwIndex :0
Control Word : disable
**PW Information:
----End
Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 168.1.1.0 0.0.0.255
#
return
● P configuration file
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 168.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 169.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 168.1.1.0 0.0.0.255
network 169.1.1.0 0.0.0.255
#
return
● PE2 configuration file
#
sysname PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.9
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface Vlanif30
ip address 169.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
l2 binding vsi a2
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 169.1.1.0 0.0.0.255
#
return
GE0/0/1 GE0/0/1
VLANIF10 VLANIF40
10.1.1.1/24 10.1.1.2/24
CE1 CE2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure transparent transmission of Layer 2 packets over the backbone
network using VPLS to enable users at Site1 and Site2 to communicate at
Layer 2 and reserve user information when Layer 2 packets are transmitted
over the backbone network.
2. Use Kompella VPLS to implement Layer 2 communication between CEs on an
enterprise network with many sites and complex network environments.
3. Configure the IGP routing protocol on the backbone network to implement
data transmission on the public network between PEs.
4. Configure basic MPLS functions and LDP on the backbone network to support
VPLS.
5. Establish tunnels for transmitting data between PEs to prevent data from
being known by the public network.
6. Enable MPLS L2VPN on PEs to implement VPLS.
7. Enable BGP peers to exchange VPLS information between PEs, create a VSI on
each PE, specify BGP as the signaling protocol, specify the RD, VPN target,
and site of the VSI, and bind AC interfaces to VSIs to implement Kompella
VPLS.
Procedure
Step 1 Configure VLANs that interfaces belong to.
Configure the VLAN that each interface belongs to and assign IP addresses to
interfaces on Switch.
# Configure CE1. The configuration on PE1, P, PE2, and CE2 is similar to the CE1,
and is not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan 10
[CE1-vlan10] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0
[CE1-Vlanif10] quit
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
NOTE
Do not add AC-side physical interfaces and PW-side physical interfaces of a PE to the same
VLAN; otherwise, a loop may occur.
After the configuration is complete, run the display mpls ldp peer command on
PE1, P, and PE2, and you can see that peer relationships are established between
PE1 and P and between PE2 and P. Run the display mpls ldp session command
on PE1 and PE2, and you can see that an LDP session is set up between PE1 and
PE2. Run the display mpls lsp command to view the LSP status.
Step 4 Establish BGP peers and enable them to exchange VPLS information.
# Configure PE1.
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
[PE2-bgp] vpls-family
[PE2-bgp-af-vpls] peer 1.1.1.9 enable
[PE2-bgp-af-vpls] quit
[PE2-bgp] quit
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
# Configure PE1.
[PE1] vsi bgp1 auto
[PE1-vsi-bgp1] pwsignal bgp
[PE1-vsi-bgp1-bgp] route-distinguisher 168.1.1.1:1
[PE1-vsi-bgp1-bgp] vpn-target 100:1 import-extcommunity
[PE1-vsi-bgp1-bgp] vpn-target 100:1 export-extcommunity
[PE1-vsi-bgp1-bgp] site 1 range 5 default-offset 0
[PE1-vsi-bgp1-bgp] quit
[PE1-vsi-bgp1] quit
# Configure PE2.
[PE2] vsi bgp1 auto
[PE2-vsi-bgp1] pwsignal bgp
[PE2-vsi-bgp1-bgp] route-distinguisher 169.1.1.2:1
[PE2-vsi-bgp1-bgp] vpn-target 100:1 import-extcommunity
[PE2-vsi-bgp1-bgp] vpn-target 100:1 export-extcommunity
[PE2-vsi-bgp1-bgp] site 2 range 5 default-offset 0
[PE2-vsi-bgp1-bgp] quit
[PE2-vsi-bgp1] quit
BGP RD : 168.1.1.1:1
SiteID/Range/Offset : 1/5/0
Import vpn target : 100:1
Export vpn target : 100:1
Remote Label Block : 35840/5/0
Local Label Block : 0/35840/5/0
**PW Information:
----End
Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 168.1.1.0 0.0.0.255
network 169.1.1.0 0.0.0.255
#
return
Networking Requirements
Figure 7-33 shows a backbone network built by an enterprise. There are a large
number of branch sites on the backbone network (only three sites are shown in
this example). The network environment often changes. Site1 connects to PE1
through CE1 and then connects to the backbone network. Site2 connects to PE2
through CE2 and then connects to the backbone network. Site3 connects to PE3
through CE3 and then connects to the backbone network. Users at Site1, Site2,
and Site3 need to communicate at Layer 2 and user information needs to be
reserved when Layer 2 packets are transmitted over the backbone network.
NOTE
In this scenario, to avoid loops, ensure that all connected interfaces have STP disabled and
connected interfaces are removed from VLAN 1. If STP is enabled and VLANIF interfaces of
switches are used to construct a Layer 3 ring network, an interface on the network will be
blocked. As a result, Layer 3 services on the network cannot run normally.
CE2
GE0/0/1
VLANIF50
10.1.1.2/24
GE0/0/1
VLANIF50
PE2
GE0/0/2 GE0/0/3
VLANIF20 VLANIF40
168.1.2.2/24 169.1.3.1/24
Loopback1
2.2.2.9/32
Loopback1 Loopback1
1.1.1.9/32 3.3.3.9/32
GE0/0/2 GE0/0/3
VLANIF20 VLANIF40
168.1.2.1/24 169.1.3.2/24
PE1 PE3
GE0/0/3 GE0/0/2
GE0/0/1 VLANIF30 VLANIF30 GE0/0/1
VLANIF10 168.1.1.1/24 168.1.1.2/24 VLANIF60
GE0/0/1 GE0/0/1
VLANIF10 VLANIF60
10.1.1.1/24 10.1.1.3/24
CE1 CE3
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure VLANs that interfaces belong to.
Configure the VLAN that each interface belongs to and assign IP addresses to
interfaces on Switch.
# Configure CE1. The configuration on PE1, PE2, PE3, CE2, and CE3 is similar to
the CE1, and is not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan 10
[CE1-vlan10] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0
[CE1-Vlanif10] quit
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
NOTE
Do not add AC-side physical interfaces and PW-side physical interfaces of a PE to the same
VLAN; otherwise, a loop may occur.
Configure basic MPLS functions and LDP on PE1, PE2, and PE3.
# Configure PE1. The configuration on PE2 and PE3 is similar to the PE1, and is
not mentioned here.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit
[PE1] interface vlanif 30
[PE1-Vlanif30] mpls
[PE1-Vlanif30] mpls ldp
[PE1-Vlanif30] quit
After the configuration is complete, run the display mpls ldp peer command on
PE1, PE2, and PE3. you can see that the peer relationship is established between
each pair of PE1, PE2, and PE3. Run the display mpls ldp session command on
PE1, PE2, and PE3, and you can see that an LDP session is set up between each
pair of PE1, PE2, and PE3. Run the display mpls lsp command to view the LSP
status.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] peer 2.2.2.9 as-number 100
[PE1-bgp] peer 2.2.2.9 connect-interface loopback 1
[PE1-bgp] peer 3.3.3.9 as-number 100
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
[PE1-bgp] l2vpn-ad-family
[PE1-bgp-af-l2vpn-ad] peer 2.2.2.9 enable
[PE1-bgp-af-l2vpn-ad] peer 3.3.3.9 enable
[PE1-bgp-af-l2vpn-ad] quit
[PE1-bgp] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
[PE2-bgp] peer 3.3.3.9 as-number 100
[PE2-bgp] peer 3.3.3.9 connect-interface loopback 1
[PE2-bgp] l2vpn-ad-family
[PE2-bgp-af-l2vpn-ad] peer 1.1.1.9 enable
[PE2-bgp-af-l2vpn-ad] peer 3.3.3.9 enable
[PE2-bgp-af-l2vpn-ad] quit
[PE2-bgp] quit
# Configure PE3.
[PE3] bgp 100
[PE3-bgp] peer 1.1.1.9 as-number 100
[PE3-bgp] peer 1.1.1.9 connect-interface loopback 1
[PE3-bgp] peer 2.2.2.9 as-number 100
[PE3-bgp] peer 2.2.2.9 connect-interface loopback 1
[PE3-bgp] l2vpn-ad-family
[PE3-bgp-af-l2vpn-ad] peer 1.1.1.9 enable
[PE3-bgp-af-l2vpn-ad] peer 2.2.2.9 enable
[PE3-bgp-af-l2vpn-ad] quit
[PE3-bgp] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
# Configure PE3.
[PE3] mpls l2vpn
[PE3-l2vpn] quit
# Configure PE2.
[PE2] vsi vplsad1
[PE2-vsi-vplsad1] bgp-ad
[PE2-vsi-vplsad1-bgpad] vpls-id 168.1.1.1:1
[PE2-vsi-vplsad1-bgpad] vpn-target 100:1 import-extcommunity
[PE2-vsi-vplsad1-bgpad] vpn-target 100:1 export-extcommunity
[PE2-vsi-vplsad1-bgpad] quit
[PE2-vsi-vplsad1] quit
# Configure PE3.
[PE3] vsi vplsad1
[PE3-vsi-vplsad1] bgp-ad
[PE3-vsi-vplsad1-bgpad] vpls-id 168.1.1.1:1
[PE3-vsi-vplsad1-bgpad] vpn-target 100:1 import-extcommunity
[PE3-vsi-vplsad1-bgpad] vpn-target 100:1 export-extcommunity
[PE3-vsi-vplsad1-bgpad] quit
[PE3-vsi-vplsad1] quit
VPLS ID : 168.1.1.1:1
RD : 168.1.1.1:1
Import vpn target : 100:1
Export vpn target : 100:1
BGPAD VSI ID : 1.1.1.9
**PW Information:
# CE1, CE2, and CE3 can ping each other. The following is an example that CE1 at
10.1.1.1 pings CE2 at 10.1.1.2.
[CE1] ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=140 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=140 ms
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=140 ms
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=190 ms
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=110 ms
----End
Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
● CE2 configuration file
#
sysname CE2
#
vlan batch 50
#
interface Vlanif50
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 50
#
return
● CE3 configuration file
#
sysname CE3
#
vlan batch 60
#
interface Vlanif60
ip address 10.1.1.3 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 60
#
return
● PE1 configuration file
#
sysname PE1
#
vlan batch 10 20 30
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi vplsad1
bgp-ad
vpls-id 168.1.1.1:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
mpls ldp
#
interface Vlanif10
l2 binding vsi vplsad1
#
interface Vlanif20
ip address 168.1.2.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 168.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
l2vpn-ad-family
policy vpn-target
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 168.1.1.0 0.0.0.255
network 168.1.2.0 0.0.0.255
#
return
● PE2 configuration file
#
sysname PE2
#
vlan batch 20 40 50
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
#
vsi vplsad1
bgp-ad
vpls-id 168.1.1.1:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
mpls ldp
#
interface Vlanif20
ip address 168.1.2.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 169.1.3.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
l2 binding vsi vplsad1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 50
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
peer 3.3.3.9 enable
#
l2vpn-ad-family
policy vpn-target
peer 1.1.1.9 enable
peer 3.3.3.9 enable
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 168.1.2.0 0.0.0.255
network 169.1.3.0 0.0.0.255
#
return
● PE3 configuration file
#
sysname PE3
#
vlan batch 30 40 60
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi vplsad1
bgp-ad
vpls-id 168.1.1.1:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
mpls ldp
#
interface Vlanif30
Figure 7-34 Networking diagram for configuring VPLS over TE in Martini mode
Loopback1 Loopback1 Loopback1
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE0/0/1 GE0/0/2
VLANIF20 VLANIF30
100.1.1.1/24 100.2.1.1/24
PE1 PE2
GE0/0/1 GE0/0/1
GE0/0/2 VLANIF20 P VLANIF30 GE0/0/2
VLANIF10 100.1.1.2/24 100.2.1.2/24 VLANIF40
MPLS TE Tunnel
GE0/0/1 GE0/0/1
VLANIF10 VLANIF40
10.1.1.1/24 10.1.1.2/24
CE1 CE2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure transparent transmission of Layer 2 packets over the backbone
network using VPLS to enable users at Site1 and Site2 to communicate at
Layer 2 and reserve user information when Layer 2 packets are transmitted
over the backbone network.
2. Use Martini VPLS to implement Layer 2 communication between CEs on an
enterprise network with few sites.
3. Configure the IGP routing protocol on the backbone network to implement
data transmission on the public network between PEs.
4. Configure MPLS and LDP on PEs on the backbone network and set up remote
LDP sessions on PEs to support VPLS.
5. Establish tunnels for transmitting data between PEs to prevent data from
being known by the public network.
6. Enable MPLS L2VPN on PEs to implement VPLS.
7. Configure tunnel policies on PEs and apply the policies to VSIs to implement
VPLS based on MPLS TE tunnels.
8. Create VSIs on PEs, specify LDP as the signaling protocol, and bind VSIs to AC
interfaces to implement Martini VPLS.
Procedure
Step 1 Configure VLANs that interfaces belong to.
# Configure PE1. The configuration on P, PE2, CE1, and CE2 is similar to the PE1,
and is not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan batch 10 20
[PE1] interface vlanif 20
# Configure the P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] mpls te
[P-mpls] mpls rsvp-te
[P-mpls] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls te
[P-Vlanif20] mpls rsvp-te
[P-Vlanif20] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] mpls te
[PE2-mpls] mpls rsvp-te
[PE2-mpls] mpls te cspf
[PE2-mpls] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls te
[PE2-Vlanif30] mpls rsvp-te
[PE2-Vlanif30] quit
# Configure P.
[P] ospf
[P-ospf-1] opaque-capability enable
[P-ospf-1] area 0.0.0.0
[P-ospf-1-area-0.0.0.0] mpls-te enable
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
[PE2] ospf
[PE2-ospf-1] opaque-capability enable
[PE2-ospf-1] area 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] mpls-te enable
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Configure PE2.
[PE2] interface tunnel 1
[PE2-Tunnel1] ip address unnumbered interface loopback 1
After the configuration is complete, run the display this interface command in
the tunnel interface view. The command output shows that "Line protocol current
state" is Up. It indicates that the MPLS TE tunnel is set up successfully.
Run the display tunnel-info all command in the system view. You can see that
the TE tunnel whose destination address is the MPLS LSR ID of the peer PE exists.
The information displayed on PE1 is used as an example.
[PE1] display tunnel-info all
* -> Allocated VC Token
Tunnel ID Type Destination Token
----------------------------------------------------------------------
0x4 cr lsp 3.3.3.9 109
0x5 lsp 3.3.3.9 110
# Configure PE2.
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] mpls ldp remote-peer 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[PE2-mpls-ldp-remote-1.1.1.9] quit
# Configure PE2.
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] pwsignal ldp
[PE2-vsi-a2-ldp] vsi-id 2
[PE2-vsi-a2-ldp] peer 1.1.1.9 tnl-policy policy1
[PE2-vsi-a2-ldp] quit
[PE2-vsi-a2] quit
# Configure PE2.
[PE2] interface vlanif 40
[PE2-Vlanif40] l2 binding vsi a2
[PE2-Vlanif40] quit
***VSI Name : a2
Administrator VSI : no
Isolate Spoken : disable
VSI Index :3
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
P2P VSI : disable
Create Time : 0 days, 0 hours, 30 minutes, 6 seconds
VSI State : up
VSI ID :2
*Peer Router ID : 3.3.3.9
Negotiation-vc-id :2
primary or secondary : primary
ignore-standby-state : no
VC Label : 1026
Peer Type : dynamic
Session : up
Tunnel ID : 0x4
Broadcast Tunnel ID : 0x4
Broad BackupTunnel ID : 0x0
Tunnel Policy Name : policy1
CKey :5
NKey :4
Stp Enable :0
PwIndex :0
Control Word : disable
**PW Information:
Run the display mpls lsp include 3.3.3.9 32 verbose command on PE1 to view
the status of the LSP to 3.3.3.9/32.
[PE1] display mpls lsp include 3.3.3.9 32 verbose
-------------------------------------------------------------------------------
LSP Information: RSVP LSP
-------------------------------------------------------------------------------
No : 1
SessionID : 100
IngressLsrID : 1.1.1.9
LocalLspID : 1
Tunnel-Interface : Tunnel1
Fec : 3.3.3.9/32
TunnelTableIndex : 0x0
Nexthop : 100.1.1.2
In-Label : NULL
Out-Label : 1024
In-Interface : ----------
Out-Interface : Vlanif20
LspIndex : 2048
Token : 0x5
LsrType : Ingress
Mpls-Mtu : 1500
TimeStamp : 3141sec
Bfd-State : ---
CBfd-Event : 0x0
Bed-State : BED STOP
Bed-LastNotifyValue : ---
Bed-LastNotifyLspId : ---
Run the display vsi pw out-interface vsi a2 command on PE1. You can see that
the egress interface of the MPLS TE tunnel between 1.1.1.9 and 3.3.3.9 is Tunnel1,
and the actual egress interface is VLANIF 20.
[PE1] display vsi pw out-interface vsi a2
Total: 1
--------------------------------------------------------------------------------
Vsi Name peer vcid interface
--------------------------------------------------------------------------------
a2 3.3.3.9 2 Tunnel1
Vlanif20
After CE1 pings CE2, run the display interface tunnel 1 command on the PE to
view the tunnel interface information, and you can see that the statistics about
the packets passing through the interface increase. The information displayed on
PE1 is used as an example.
[PE1] display interface tunnel 1
Tunnel1 current state : UP
Line protocol current state : UP
Last line protocol up time : 2012-08-20 14:50:22
Description:
Route Port,The Maximum Transmit Unit is 1500
Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32)
Encapsulation is TUNNEL, loopback not set
Tunnel destination 3.3.3.9
Tunnel up/down statistics 1
Tunnel protocol/transport MPLS/MPLS, ILM is available,
primary tunnel id is 0x5, secondary tunnel id is 0x0
Current system time: 2012-08-20 15:54:54+00:00
300 seconds output rate 0 bits/sec, 0 packets/sec
0 seconds output rate 0 bits/sec, 0 packets/sec
1249 packets output, 21526 bytes
0 output error
0 output drop
----End
Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
tunnel-protocol mpls te
destination 3.3.3.9
mpls te tunnel-id 100
mpls te reserved-for-binding
mpls te commit
#
ospf 1
opaque-capability enable
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 100.1.1.0 0.0.0.255
mpls-te enable
#
tunnel-policy policy1
tunnel binding destination 3.3.3.9 te Tunnel1
#
return
● P configuration file
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
mpls te
mpls rsvp-te
#
interface Vlanif20
ip address 100.1.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif30
ip address 100.2.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
opaque-capability enable
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 100.1.1.0 0.0.0.255
network 100.2.1.0 0.0.0.255
mpls-te enable
#
return
● PE2 configuration file
#
sysname PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.9 tnl-policy policy1
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface Vlanif30
ip address 100.2.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40
l2 binding vsi a2
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
interface Tunnel1
ip address unnumbered interface LoopBack1
tunnel-protocol mpls te
destination 1.1.1.9
mpls te tunnel-id 100
mpls te reserved-for-binding
mpls te commit
#
ospf 1
opaque-capability enable
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 100.2.1.0 0.0.0.255
mpls-te enable
#
tunnel-policy policy1
tunnel binding destination 1.1.1.9 te Tunnel1
#
return
● CE2 configuration file
#
sysname CE2
#
vlan batch 40
#
interface Vlanif40
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 40
#
return
Figure 7-35 Networking diagram for configuring VPLS over TE in Kompella mode
Loopback1 Loopback1 Loopback1
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE0/0/1 GE0/0/2
VLANIF20 VLANIF30
100.1.1.1/24 100.2.1.1/24
PE1 PE2
GE0/0/1 GE0/0/1
GE0/0/2 VLANIF20 P VLANIF30 GE0/0/2
VLANIF10 100.1.1.2/24 100.2.1.2/24 VLANIF40
MPLS TE Tunnel
GE0/0/1 GE0/0/1
VLANIF10 VLANIF40
10.1.1.1/24 10.1.1.2/24
CE1 CE2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure transparent transmission of Layer 2 packets over the backbone
network using VPLS to enable users at Site1 and Site2 to communicate at
Layer 2 and reserve user information when Layer 2 packets are transmitted
over the backbone network.
2. Use Kompella VPLS to implement Layer 2 communication between CEs on an
enterprise network with many sites and complex network environments.
3. Configure the IGP routing protocol on the backbone network to implement
data transmission on the public network between PEs.
4. Configure MPLS on PEs on the backbone network to support VPLS.
5. Establish tunnels for transmitting data between PEs to prevent data from
being known by the public network.
6. Enable MPLS L2VPN on PEs to implement VPLS.
7. Configure tunnel policies on PEs and apply the policies to VSIs to implement
VPLS based on MPLS TE tunnels.
8. Enable BGP peers to exchange VPLS information between PEs, create a VSI on
each PE, specify BGP as the signaling protocol, specify the RD, VPN target,
and site of the VSI, and bind AC interfaces to VSIs to implement Kompella
VPLS.
Procedure
Step 1 Configure VLANs that interfaces belong to.
# Configure PE1. The configuration on P, PE2, CE1, and CE2 is similar to the PE1,
and is not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] vlan batch 10 20
[PE1] interface vlanif 20
[PE1-Vlanif20] ip address 100.1.1.1 255.255.255.0
[PE1-Vlanif20] quit
[PE1] interface gigabitethernet 0/0/1
[PE1-GigabitEthernet0/0/1] port link-type trunk
[PE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 20
[PE1-GigabitEthernet0/0/1] quit
[PE1] interface gigabitethernet 0/0/2
[PE1-GigabitEthernet0/0/2] port link-type trunk
[PE1-GigabitEthernet0/0/2] port trunk allow-pass vlan 10
[PE1-GigabitEthernet0/0/2] quit
[PE1-mpls] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls te
[PE1-Vlanif20] mpls rsvp-te
[PE1-Vlanif20] quit
# Configure the P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] mpls te
[P-mpls] mpls rsvp-te
[P-mpls] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls te
[P-Vlanif20] mpls rsvp-te
[P-Vlanif20] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls te
[P-Vlanif30] mpls rsvp-te
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] mpls te
[PE2-mpls] mpls rsvp-te
[PE2-mpls] mpls te cspf
[PE2-mpls] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls te
[PE2-Vlanif30] mpls rsvp-te
[PE2-Vlanif30] quit
# Configure PE1.
[PE1] ospf
[PE1-ospf-1] opaque-capability enable
[PE1-ospf-1] area 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] mpls-te enable
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure P.
[P] ospf
[P-ospf-1] opaque-capability enable
[P-ospf-1] area 0.0.0.0
[P-ospf-1-area-0.0.0.0] mpls-te enable
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
[PE2] ospf
[PE2-ospf-1] opaque-capability enable
[PE2-ospf-1] area 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] mpls-te enable
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# Create tunnel interfaces on PEs and specify MPLS TE as the tunnel protocol and
RSVP-TE as the signaling protocol.
# Configure PE1.
[PE1] interface tunnel 1
[PE1-Tunnel1] ip address unnumbered interface loopback 1
[PE1-Tunnel1] tunnel-protocol mpls te
[PE1-Tunnel1] destination 3.3.3.9
[PE1-Tunnel1] mpls te tunnel-id 100
[PE1-Tunnel1] mpls te reserved-for-binding
[PE1-Tunnel1] mpls te commit
[PE1-Tunnel1] quit
# Configure PE2.
[PE2] interface tunnel 1
[PE2-Tunnel1] ip address unnumbered interface loopback 1
[PE2-Tunnel1] tunnel-protocol mpls te
[PE2-Tunnel1] destination 1.1.1.9
[PE2-Tunnel1] mpls te tunnel-id 100
[PE2-Tunnel1] mpls te reserved-for-binding
[PE2-Tunnel1] mpls te commit
[PE2-Tunnel1] quit
After the configuration is complete, run the display this interface command in
the tunnel interface view. The command output shows that "Line protocol current
state" is Up. It indicates that the MPLS TE tunnel is set up successfully.
Run the display tunnel-info all command in the system view. You can see that
the TE tunnel whose destination address is the MPLS LSR ID of the peer PE exists.
The information displayed on PE1 is used as an example.
[PE1] display tunnel-info all
* -> Allocated VC Token
Tunnel ID Type Destination Token
----------------------------------------------------------------------
0x4 cr lsp 3.3.3.9 109
0x5 lsp 3.3.3.9 110
Step 6 Establish BGP peers and enable them to exchange VPLS information.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.9 as-number 100
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
[PE1-bgp] vpls-family
[PE1-bgp-af-vpls] peer 3.3.3.9 enable
[PE1-bgp-af-vpls] quit
[PE1-bgp] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
[PE2-bgp] vpls-family
[PE2-bgp-af-vpls] peer 1.1.1.9 enable
[PE2-bgp-af-vpls] quit
[PE2-bgp] quit
# Configure PE1.
# Configure PE2.
[PE2] tunnel-policy policy1
[PE2-tunnel-policy-policy1] tunnel binding destination 1.1.1.9 te tunnel 1
[PE2-tunnel-policy-policy1] quit
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
# Configure PE1.
[PE1] vsi bgp1 auto
[PE1-vsi-bgp1] pwsignal bgp
[PE1-vsi-bgp1-bgp] route-distinguisher 100.1.1.1:1
[PE1-vsi-bgp1-bgp] vpn-target 100:1 import-extcommunity
[PE1-vsi-bgp1-bgp] vpn-target 100:1 export-extcommunity
[PE1-vsi-bgp1-bgp] site 1 range 5 default-offset 0
[PE1-vsi-bgp1-bgp] quit
[PE1-vsi-bgp1] tnl-policy policy1
[PE1-vsi-bgp1] quit
# Configure PE2.
[PE2] vsi bgp1 auto
[PE2-vsi-bgp1] pwsignal bgp
[PE2-vsi-bgp1-bgp] route-distinguisher 100.2.1.2:1
[PE2-vsi-bgp1-bgp] vpn-target 100:1 import-extcommunity
[PE2-vsi-bgp1-bgp] vpn-target 100:1 export-extcommunity
[PE2-vsi-bgp1-bgp] site 2 range 5 default-offset 0
[PE2-vsi-bgp1-bgp] quit
[PE2-vsi-bgp1] tnl-policy policy1
[PE2-vsi-bgp1] quit
# Configure PE1.
[PE1] interface vlanif 10
[PE1-Vlanif10] l2 binding vsi bgp1
[PE1-Vlanif10] quit
# Configure PE2.
[PE2] interface vlanif 40
[PE2-Vlanif40] l2 binding vsi bgp1
[PE2-Vlanif40] quit
After the network becomes stable, run the display vsi name bgp1 verbose
command on PE1, and you can see that VSI bgp1 sets up a PW to PE2, and the
status of the VSI is Up.
[PE1] display vsi name bgp1 verbose
BGP RD : 100.1.1.1:1
SiteID/Range/Offset : 1/5/0
Import vpn target : 100:1
Export vpn target : 100:1
Remote Label Block : 35840/5/0
Local Label Block : 0/35840/5/0
**PW Information:
Run the display vsi pw out-interface vsi bgp1 command on PE1. You can see
that the egress interface of the MPLS TE tunnel between 1.1.1.9 and 3.3.3.9 is
Tunnel1, and the actual egress interface is VLANIF 20.
[PE1] display vsi pw out-interface vsi bgp1
Total: 1
--------------------------------------------------------------------------------
Vsi Name peer vcid interface
--------------------------------------------------------------------------------
bgp1 3.3.3.9 2 Tunnel1
Vlanif20
After CE1 pings CE2, run the display interface tunnel 1 command on the PE to
view the tunnel interface information, and you can see that the statistics about
the packets passing through the interface increase. The information displayed on
PE1 is used as an example.
[PE1] display interface tunnel 1
Tunnel1 current state : UP
Line protocol current state : UP
Last line protocol up time : 2018-08-20 14:50:22
Description:
Route Port,The Maximum Transmit Unit is 1500
Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32)
Encapsulation is TUNNEL, loopback not set
Tunnel destination 3.3.3.9
Tunnel up/down statistics 1
Tunnel protocol/transport MPLS/MPLS, ILM is available,
primary tunnel id is 0x5, secondary tunnel id is 0x0
Current system time: 2018-08-20 15:54:54+00:00
300 seconds output rate 0 bits/sec, 0 packets/sec
0 seconds output rate 0 bits/sec, 0 packets/sec
1249 packets output, 21526 bytes
0 output error
0 output drop
Input bandwidth utilization : 0%
Output bandwidth utilization : 0%
----End
Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
mpls l2vpn
#
vsi bgp1 auto
pwsignal bgp
route-distinguisher 100.1.1.1:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
site 1 range 5 default-offset 0
tnl-policy policy1
#
interface Vlanif10
l2 binding vsi bgp1
#
interface Vlanif20
ip address 100.1.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
interface Tunnel1
ip address unnumbered interface LoopBack1
tunnel-protocol mpls te
destination 3.3.3.9
mpls te tunnel-id 100
mpls te reserved-for-binding
mpls te commit
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.9 enable
#
vpls-family
policy vpn-target
peer 3.3.3.9 enable
#
ospf 1
opaque-capability enable
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 100.1.1.0 0.0.0.255
mpls-te enable
#
tunnel-policy policy1
interface Vlanif30
ip address 100.2.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40
l2 binding vsi bgp1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
interface Tunnel1
ip address unnumbered interface LoopBack1
tunnel-protocol mpls te
destination 1.1.1.9
mpls te tunnel-id 100
mpls te reserved-for-binding
mpls te commit
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
vpls-family
policy vpn-target
peer 1.1.1.9 enable
#
ospf 1
opaque-capability enable
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 100.2.1.0 0.0.0.255
mpls-te enable
#
tunnel-policy policy1
tunnel binding destination 1.1.1.9 te Tunnel1
#
return
Networking Requirements
Figure 7-36 shows a backbone network built by an enterprise. Site1 connects to
the UPE through CE1 and then connects to the backbone network. Site2 connects
to the UPE through CE2 and then connects to the backbone network. Site3
connects to PE1 through CE3 and then connects to the backbone network. Users
at Site1, Site2, and Site3 need to communicate at Layer 2 and user information
needs to be reserved when Layer 2 packets are transmitted over the backbone
network. It is required that the UPE and SPE are at different layers of the
backbone network.
Site3
Site1 Site2
Configuration Roadmap
The configuration roadmap is as follows:
4. Configure basic MPLS functions and LDP on the backbone network to support
VPLS.
5. Establish tunnels for transmitting data between PEs to prevent data from
being known by the public network.
6. Enable MPLS L2VPN on PEs to implement VPLS.
7. Create VSIs on PEs, specify LDP as the signaling protocol, and bind the VSIs to
AC interfaces on the UPE and PE1 to implement LDP VPLS.
8. Specify the UPE as the underlayer PE on the SPE and specify PE1 as the VSI
peer, and specify the SPE as the VSI peer both on the UPE and PE1 to
implement HVPLS.
Procedure
Step 1 Configure VLANs that interfaces belong to.
Configure the VLAN that each interface belongs to and assign IP addresses to
interfaces on Switch.
# Configure CE1. The configuration on UPE, SPE, PE1, CE2, and CE3 is similar to
the CE1, and is not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan 10
[CE1-vlan10] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0
[CE1-Vlanif10] quit
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
NOTE
Do not add AC-side physical interfaces and PW-side physical interfaces of a PE to the same
VLAN; otherwise, a loop may occur.
Configure basic MPLS functions and LDP on the UPE, SPE, and PE1.
# Configure the UPE. The configuration on SPE and PE1 is similar to the UPE, and
is not mentioned here.
[UPE] mpls lsr-id 1.1.1.9
[UPE] mpls
[UPE-mpls] quit
[UPE] mpls ldp
[UPE-mpls-ldp] quit
[UPE] interface vlanif 30
[UPE-Vlanif30] mpls
[UPE-Vlanif30] mpls ldp
[UPE-Vlanif30] quit
After the configuration is complete, run the display mpls ldp session command
on the UPE, SPE, and PE1, and you can see that the "Status"of the peer
relationship between the UPE and the SPE or between PE1 and the SPE is
"Operational", which indicates that the peer relationship has been established.
Run the display mpls lsp command to view the LSP status.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1] vsi v123 static
[PE1-vsi-v123] pwsignal ldp
[PE1-vsi-v123-ldp] vsi-id 123
[PE1-vsi-v123-ldp] peer 2.2.2.9
[PE1-vsi-v123-ldp] quit
[PE1-vsi-v123] quit
# Configure PE1.
[PE1] interface vlanif 50
[PE1-Vlanif50] l2 binding vsi v123
[PE1-Vlanif50] quit
After the network becomes stable, run the display vsi name v123 verbose
command on the SPE, and you can see that the status of the VSI named v123 is
Up, and the status of the corresponding PW is also Up.
[SPE] display vsi name v123 verbose
VSI ID : 123
*Peer Router ID : 3.3.3.9
Negotiation-vc-id : 123
primary or secondary : primary
ignore-standby-state : no
VC Label : 4096
Peer Type : dynamic
Session : up
Tunnel ID : 0x1c5
Broadcast Tunnel ID : 0x1c5
Broad BackupTunnel ID : 0x0
CKey :9
NKey :3
Stp Enable :0
PwIndex :0
Control Word : disable
*Peer Router ID : 1.1.1.9
Negotiation-vc-id : 123
primary or secondary : primary
ignore-standby-state : no
VC Label : 4097
Peer Type : dynamic
Session : up
Tunnel ID : 0x1c3
Broadcast Tunnel ID : 0x1c3
Broad BackupTunnel ID : 0x0
CKey :5
NKey : 12
Stp Enable :0
PwIndex :0
**PW Information:
CE1, CE2, and CE3 can ping each other. After you run the shutdown command on
the interface (to which the VSI is bound) of the UPE or PE1, CE2 and CE3 cannot
ping each other. This indicates that data is transmitted through the PW of this VSI.
----End
Configuration Files
● UPE configuration file
#
sysname UPE
#
vlan batch 10 20 30
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi v123 static
pwsignal ldp
vsi-id 123
peer 2.2.2.9
#
mpls ldp
#
interface Vlanif10
l2 binding vsi v123
#
interface Vlanif20
l2 binding vsi v123
#
interface Vlanif30
ip address 100.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 30
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 100.1.1.0 0.0.0.255
#
return
● SPE configuration file
#
sysname SPE
#
vlan batch 30 40
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
#
vsi v123 static
pwsignal ldp
vsi-id 123
peer 3.3.3.9
peer 1.1.1.9 upe
#
mpls ldp
#
interface Vlanif30
ip address 100.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 100.2.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 100.1.1.0 0.0.0.255
network 100.2.1.0 0.0.0.255
#
return
● PE1 configuration file
#
sysname PE1
#
vlan batch 40 50
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi v123 static
pwsignal ldp
vsi-id 123
peer 2.2.2.9
#
mpls ldp
#
interface Vlanif40
ip address 100.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
l2 binding vsi v123
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 50
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 100.2.1.0 0.0.0.255
#
return
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
Networking Requirements
As shown in Figure 7-37, PE1 and PE2 support LDP VPLS, PE4 and PE5 support
BGP AD VPLS, and PE3 supports both LDP VPLS and BGP AD VPLS. It is required
that interworking between LDP VPLS and BGP AD VPLS be configured in HVPLS
mode for CE1 and CE2 to communicate.
NOTE
In this scenario, to avoid loops, ensure that all connected interfaces have STP disabled and
connected interfaces are removed from VLAN 1. If STP is enabled and VLANIF interfaces of
switches are used to construct a Layer 3 ring network, an interface on the network will be
blocked. As a result, Layer 3 services on the network cannot run normally.
Figure 7-37 Interworking between LDP VPLS and BGP AD VPLS in HVPLS mode
Loopback1 Loopback1 Loopback1
/4
LDP BGP AD
GE
/0
E0
VPLS VPLS
0
/0
G
/3
GE0/0/1
GE0/0/2 GE0/0/3 GE0/0/2
PE1
PE4
Loopback1
GE0/0/3
Loopback1
GE0/0/1
CE1
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an IP address and a routing protocol for each interface so that all
PEs can communicate at the network layer.
2. Configure Multiprotocol Label Switching (MPLS) and public tunnels.
3. Configure PE1, PE2, and PE3 to form an LDP VPLS network.
NOTE
When you configure LDP PWs from PE3 to PE1 and PE2, specify peers as user provider
edges (UPEs).
4. Configure PE3, PE4, and PE5 to form a BGP AD VPLS network.
Procedure
Step 1 Configure an IP address and a routing protocol for each interface on the backbone
network so that PEs can communicate at the network layer.
This example uses OSPF as the routing protocol. For details about specific
configurations, see the following configuration files.
This example uses LDP LSPs as public tunnels. For details about specific
configurations, see the following configuration files.
After the configuration is complete, run the display mpls ldp session command
on PEs to verify that peer relationships have been established; run the display
mpls lsp command to verify that LSPs have been established.
Step 3 Configure PE1, PE2, and PE3 to form an LDP VPLS network.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1] vsi vsi1 static
[PE1-vsi-vsi1] pwsignal ldp
[PE1-vsi-vsi1-ldp] vsi-id 1
[PE1-vsi-vsi1-ldp] peer 2.2.2.9
[PE1-vsi-vsi1-ldp] peer 3.3.3.9
[PE1-vsi-vsi1-ldp] quit
[PE1-vsi-vsi1] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2] vsi vsi1 static
[PE2-vsi-vsi1] pwsignal ldp
[PE2-vsi-vsi1-ldp] vsi-id 1
[PE2-vsi-vsi1-ldp] peer 1.1.1.9
[PE2-vsi-vsi1-ldp] peer 3.3.3.9
[PE2-vsi-vsi1-ldp] quit
[PE2-vsi-vsi1] quit
# Configure PE3.
[PE3] mpls l2vpn
[PE3-l2vpn] quit
[PE3] vsi vsi1
[PE3-vsi-vsi1] pwsignal ldp
[PE3-vsi-vsi1-ldp] vsi-id 1
[PE3-vsi-vsi1-ldp] peer 1.1.1.9 upe
[PE3-vsi-vsi1-ldp] peer 2.2.2.9 upe
[PE3-vsi-vsi1-ldp] quit
[PE3-vsi-vsi1] quit
Step 4 Configure PE3, PE4, and PE5 to form a BGP AD VPLS network.
1. Enable BGP peers to exchange VPLS information.
# Configure PE3.
[PE3] bgp 100
[PE3-bgp] peer 4.4.4.9 as-number 100
[PE3-bgp] peer 4.4.4.9 connect-interface loopback1
[PE3-bgp] peer 5.5.5.9 as-number 100
[PE3-bgp] peer 5.5.5.9 connect-interface loopback1
[PE3-bgp] l2vpn-ad-family
[PE3-bgp-af-l2vpn-ad] peer 4.4.4.9 enable
[PE3-bgp-af-l2vpn-ad] peer 5.5.5.9 enable
[PE3-bgp-af-l2vpn-ad] quit
[PE3-bgp] quit
# Configure PE4.
<PE4> system-view
[PE4] bgp 100
[PE4-bgp] peer 3.3.3.9 as-number 100
[PE4-bgp] peer 3.3.3.9 connect-interface loopback1
[PE4-bgp] peer 5.5.5.9 as-number 100
[PE4-bgp] peer 5.5.5.9 connect-interface loopback1
[PE4-bgp] l2vpn-ad-family
[PE4-bgp-af-l2vpn-ad] peer 3.3.3.9 enable
[PE4-bgp-af-l2vpn-ad] peer 5.5.5.9 enable
[PE4-bgp-af-l2vpn-ad] quit
[PE4-bgp] quit
# Configure PE5.
<PE5> system-view
[PE5] bgp 100
[PE5-bgp] peer 3.3.3.9 as-number 100
[PE5-bgp] peer 3.3.3.9 connect-interface loopback1
[PE5-bgp] peer 4.4.4.9 as-number 100
[PE5-bgp] peer 4.4.4.9 connect-interface loopback1
[PE5-bgp] l2vpn-ad-family
[PE5-bgp-af-l2vpn-ad] peer 3.3.3.9 enable
[PE5-bgp-af-l2vpn-ad] peer 4.4.4.9 enable
[PE5-bgp-af-l2vpn-ad] quit
[PE5-bgp] quit
NOTE
On PE3, the LDP and BGP AD PWs must be configured in the same VSI.
# Configure PE4.
[PE4] mpls l2vpn
[PE4-l2vpn] quit
[PE4] vsi vsi1
[PE4-vsi-vsi1] bgp-ad
[PE4-vsi-vsi1-bgpad] vpls-id 192.168.0.0:1
[PE4-vsi-vsi1-bgpad] vpn-target 100:1 import-extcommunity
[PE4-vsi-vsi1-bgpad] vpn-target 100:1 export-extcommunity
[PE4-vsi-vsi1-bgpad] quit
[PE4-vsi-vsi1] quit
# Configure PE5.
[PE5] mpls l2vpn
[PE5-l2vpn] quit
[PE5] vsi vsi1
[PE5-vsi-vsi1] bgp-ad
[PE5-vsi-vsi1-bgpad] vpls-id 192.168.0.0:1
[PE5-vsi-vsi1-bgpad] vpn-target 100:1 import-extcommunity
[PE5-vsi-vsi1-bgpad] vpn-target 100:1 export-extcommunity
[PE5-vsi-vsi1-bgpad] quit
[PE5-vsi-vsi1] quit
# Configure CE2.
[CE2] interface gigabitethernet 0/0/3
[CE2-GigabitEthernet0/0/3] port link-type trunk
[CE2-GigabitEthernet0/0/3] port trunk allow-pass vlan 80
[CE2-GigabitEthernet0/0/3] quit
[CE2] interface vlanif 80
[CE2-Vlanif80] ip address 192.168.10.2 255.255.255.0
[CE2-Vlanif80] quit
Step 6 Verify the configuration, Ping CE2 from CE1. The command output shows that the
ping is successful.
[CE1] ping 192.168.10.2
PING 192.168.10.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.10.2: bytes=56 Sequence=1 ttl=255 time=190 ms
Reply from 192.168.10.2: bytes=56 Sequence=2 ttl=255 time=190 ms
Reply from 192.168.10.2: bytes=56 Sequence=3 ttl=255 time=140 ms
Reply from 192.168.10.2: bytes=56 Sequence=4 ttl=255 time=140 ms
Reply from 192.168.10.2: bytes=56 Sequence=5 ttl=255 time=110 ms
----End
Configuration Files
● PE1 configuration file
#
sysname PE1
#
vlan batch 10 20 40
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi vsi1 static
pwsignal ldp
vsi-id 1
peer 2.2.2.9
peer 3.3.3.9
#
mpls ldp
#
interface Vlanif10
l2 binding vsi vsi1
#
interface Vlanif20
ip address 192.168.1.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 192.168.2.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
return
● PE2 configuration file
#
sysname PE2
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
#
vsi vsi1 static
pwsignal ldp
vsi-id 1
peer 1.1.1.9
peer 3.3.3.9
#
mpls ldp
#
interface Vlanif20
ip address 192.168.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 192.168.3.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.3.0 0.0.0.255
#
return
● PE3 configuration file
#
sysname PE3
#
vlan batch 30 40 50 60
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi vsi1
pwsignal ldp
vsi-id 1
peer 1.1.1.9 upe
peer 2.2.2.9 upe
bgp-ad
vpls-id 192.168.0.0:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
mpls ldp
#
interface Vlanif30
ip address 192.168.3.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 192.168.2.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
ip address 192.168.4.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif60
ip address 192.168.5.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 50
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 60
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
peer 4.4.4.9 as-number 100
peer 4.4.4.9 connect-interface LoopBack1
peer 5.5.5.9 as-number 100
peer 5.5.5.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 4.4.4.9 enable
peer 5.5.5.9 enable
#
l2vpn-ad-family
policy vpn-target
peer 4.4.4.9 enable
peer 5.5.5.9 enable
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 192.168.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
network 192.168.4.0 0.0.0.255
network 192.168.5.0 0.0.0.255
#
return
● PE4 configuration file
#
sysname PE4
#
vlan batch 60 70
#
mpls lsr-id 4.4.4.9
mpls
#
mpls l2vpn
#
vsi vsi1
bgp-ad
vpls-id 192.168.0.0:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
#
mpls ldp
#
interface Vlanif60
ip address 192.168.5.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif70
ip address 192.168.6.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 70
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 60
#
interface LoopBack1
ip address 4.4.4.9 255.255.255.255
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
peer 5.5.5.9 as-number 100
Figure 7-38 Networking diagram for configuring static VLLs to access a VPLS
network
Loopback1 Loopback1 Loopback1
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE0/0/1 GE0/0/1
VLANIF30 VLANIF40
100.1.1.1/24 100.1.2.2/24
SPE1 SPE2
GE0/0/1 GE0/0/2
GE0/0/2 VLANIF30 P VLANIF40 GE0/0/2
VLANIF20 100.1.1.2/24 100.1.2.1/24 VLANIF50
100.1.3.1/24 100.1.4.1/24
Loopback1 Loopback1
4.4.4.9/32 GE0/0/1 GE0/0/1 5.5.5.9/32
VLANIF20 VLANIF50
100.1.3.2/24 100.1.4.2/24
UPE1 UPE2
GE0/0/2 GE0/0/2
VLANIF10 VLANIF60
GE0/0/1 GE0/0/1
VLANIF10 VLANIF60
10.1.1.1/24 10.1.1.2/24
CE1 CE2
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure VLANs that interfaces belong to.
Configure the VLAN that each interface belongs to and assign IP addresses to
interfaces on Switch.
# Configure CE1. The configuration on UPE1, UPE2, SPE1, SPE2, P, and CE2 is
similar to the CE1, and is not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan 10
[CE1-vlan10] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0
[CE1-Vlanif10] quit
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
NOTE
Do not add AC-side physical interfaces and PW-side physical interfaces of a PE to the same
VLAN; otherwise, a loop may occur.
Configure OSPF on SPEs and P to advertise the network segment and the host
routes of LSR IDs.
# Configure SPE1.
[SPE1] ospf
[SPE1-ospf-1] area 0
[SPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[SPE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255
[SPE1-ospf-1-area-0.0.0.0] network 100.1.3.0 0.0.0.255
[SPE1-ospf-1-area-0.0.0.0] quit
[SPE1-ospf-1] quit
# Configure the P.
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure SPE2.
[SPE2] ospf
[SPE2-ospf-1] area 0
[SPE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
# Configure UPE1.
[UPE1] ospf
[UPE1-ospf-1] area 0
[UPE1-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0
[UPE1-ospf-1-area-0.0.0.0] network 100.1.3.0 0.0.0.255
[UPE1-ospf-1-area-0.0.0.0] quit
[UPE1-ospf-1] quit
# Configure UPE2.
[UPE2] ospf
[UPE2-ospf-1] area 0
[UPE2-ospf-1-area-0.0.0.0] network 5.5.5.9 0.0.0.0
[UPE2-ospf-1-area-0.0.0.0] network 100.1.4.0 0.0.0.255
[UPE2-ospf-1-area-0.0.0.0] quit
[UPE2-ospf-1] quit
# Configure the P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit
[P] interface vlanif 40
[P-Vlanif40] mpls
[P-Vlanif40] mpls ldp
[P-Vlanif40] quit
# Configure SPE2.
[SPE2] mpls lsr-id 3.3.3.9
[SPE2] mpls
[SPE2-mpls] quit
[SPE2] mpls ldp
[SPE2-mpls-ldp] quit
After the configuration is complete, run the display mpls ldp session command
on SPE1, P, and SPE2. you can see that the status of the peer relationship between
SPE1 and P or between SPE2 and P is Operational, which indicates that the peer
relationship is established. Run the display mpls lsp command to view the LSP
status.
The information displayed on SPE1 is used as an example.
[SPE1] display mpls ldp session
# Configure SPE2.
[SPE2] mpls ldp remote-peer 1.1.1.9
[SPE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[SPE2-mpls-ldp-remote-1.1.1.9] quit
After the configuration is complete, run the display mpls ldp session command
on SPE1 and SPE2. you can see that the status of the peer relationship between
SPE1 and SPE2 is Operational, which indicates that the peer relationship is
established.
The information displayed on SPE1 is used as an example.
[SPE1] display mpls ldp session
# Configure UPE2.
[UPE2] mpls lsr-id 5.5.5.9
[UPE2] mpls
[UPE2-mpls] quit
[UPE2] interface vlanif 50
[UPE2-Vlanif50] mpls
[UPE2-Vlanif50] quit
[UPE2] static-lsp ingress UPE2toSPE2 destination 3.3.3.9 32 nexthop 100.1.4.1 out-label 40
[UPE2] static-lsp egress SPE2toUPE2 incoming-interface vlanif 50 in-label 50
# Configure SPE1.
[SPE1] static-lsp ingress SPE1toUPE1 destination 4.4.4.9 32 nexthop 100.1.3.2 out-label 30
[SPE1] static-lsp egress UPE1toSPE1 incoming-interface vlanif 20 in-label 20
# Configure SPE2.
[SPE2] static-lsp ingress SPE2toUPE2 destination 5.5.5.9 32 nexthop 100.1.4.2 out-label 50
[SPE2] static-lsp egress UPE2toSPE2 incoming-interface vlanif 50 in-label 40
Step 6 Enable MPLS L2VPN on UPEs and configure the UPEs to access SPEs through static
VLLs.
# Configure UPE1.
[UPE1] mpls l2vpn
[UPE1-l2vpn] quit
[UPE1] interface vlanif 10
[UPE1-Vlanif10] mpls static-l2vc destination 1.1.1.9 transmit-vpn-label 100 receive-vpn-label 100
[UPE1-Vlanif10] quit
# Configure UPE2.
[UPE2] mpls l2vpn
[UPE2-l2vpn] quit
[UPE2] interface vlanif 60
[UPE2-Vlanif60] mpls static-l2vc destination 3.3.3.9 transmit-vpn-label 100 receive-vpn-label 100
[UPE2-Vlanif60] quit
# Configure SPE2.
[SPE2] mpls l2vpn
[SPE2-l2vpn] quit
[SPE2] vsi V100 static
[SPE2-vsi-V100] pwsignal ldp
[SPE2-vsi-V100-ldp] vsi-id 100
[SPE2-vsi-V100-ldp] mac-withdraw enable
[SPE2-vsi-V100-ldp] peer 1.1.1.9
[SPE2-vsi-V100-ldp] peer 5.5.5.9 static-upe trans 100 recv 100
[SPE2-vsi-V100-ldp] quit
[SPE2-vsi-V100] quit
Run the display vsi name V100 command on SPEs, and you can see that the VSI
named v100 is in Up state and the PW is also in Up state. The information
displayed on SPE1 is used as an example.
[SPE1] display vsi name V100 verbose
Administrator VSI : no
Isolate Spoken : disable
VSI Index :0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
P2P VSI : disable
Create Time : 0 days, 0 hours, 2 minutes, 5 seconds
VSI State : up
VSI ID : 100
LDP MAC-WITHDRAW : mac-withdraw Enable
*Peer Router ID : 3.3.3.9
Negotiation-vc-id : 100
primary or secondary : primary
ignore-standby-state : no
VC Label : 4098
Peer Type : dynamic
Session : up
Tunnel ID : 0x8c
Broadcast Tunnel ID : 0x8c
Broad BackupTunnel ID : 0x0
CKey : 13
NKey : 14
Stp Enable :0
PwIndex :0
Control Word : disable
*Peer Router ID : 4.4.4.9
Negotiation-vc-id : 100
primary or secondary : primary
ignore-standby-state : no
VC Label : 100
Peer Type : static
Tunnel ID : 0x8e
Broadcast Tunnel ID : 0x8e
Broad BackupTunnel ID : 0x0
CKey : 19
NKey : 20
Stp Enable :0
PwIndex :0
Control Word : disable
**PW Information:
Stp Enable :0
PW Last Up Time : 2014/11/13 14:06:25
PW Total Up Time : 0 days, 0 hours, 2 minutes, 5 seconds
*Peer Ip Address : 3.3.3.9
PW State : up
Local VC Label : 4098
Remote VC Label : 4098
Remote Control Word : disable
PW Type : label
Local VCCV : alert lsp-ping bfd
Remote VCCV : alert lsp-ping bfd
Tunnel ID : 0x8c
Broadcast Tunnel ID : 0x8c
Broad BackupTunnel ID : 0x0
Ckey : 0xd
Nkey : 0xe
Main PW Token : 0x8c
Slave PW Token : 0x0
Tnl Type : LSP
OutInterface : Vlanif30
Backup OutInterface :
Stp Enable :0
PW Last Up Time : 2014/11/13 14:06:26
PW Total Up Time : 0 days, 0 hours, 2 minutes, 4 seconds
CE1 and CE2, which reside in the same network segment, can ping each other.
[CE1] ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=90 ms
Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=77 ms
Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=34 ms
Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=46 ms
Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=94 ms
After you run the shutdown command on VLANIF 10 (to which the VSI is bound)
of UPE1, CE1 and CE2 cannot ping each other successfully. This indicates that data
is transmitted through the PW of this VSI.
Before GigabitEthernet0/0/2 of SPE1 is shut down, view the MAC address table
learned by the VSI on the SPE2 (only the dynamic MAC address of the VSI named
V100 is provided here).
[SPE2] display mac-address vsi V100
-------------------------------------------------------------------------------
MAC Address VLAN/VSI Learned-From Type
-------------------------------------------------------------------------------
0044-0141-5411 -/V100 GE0/0/1 dynamic
4c1f-cc64-a1a0 -/V100 GE0/0/2 dynamic
-------------------------------------------------------------------------------
Total items displayed = 2
After GigabitEthernet0/0/2 of SPE1 is shut down, set the status of the VSI bound
to the static VLL to Down. View the MAC address table learned by the VSI on
SPE2, and you can see that the MAC address learned from GigabitEthernet0/0/2
has been deleted.
[SPE1] interface gigabitethernet 0/0/2
[SPE1-GigabitEthernet0/0/2] shutdown
[SPE1-GigabitEthernet0/0/2] quit
-------------------------------------------------------------------------------
Total items displayed = 0
----End
Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
interface LoopBack1
ip address 4.4.4.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 100.1.3.0 0.0.0.255
#
static-lsp ingress UPE1toSPE1 destination 1.1.1.9 32 nexthop 100.1.3.1 out-label 20
static-lsp egress SPE1toUPE1 incoming-interface Vlanif20 in-label 30
#
return
● SPE1 configuration file
#
sysname SPE1
#
vlan batch 20 30
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi V100 static
pwsignal ldp
vsi-id 100
mac-withdraw enable
peer 3.3.3.9
peer 4.4.4.9 static-upe trans 100 recv 100
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface Vlanif20
ip address 100.1.3.1 255.255.255.0
mpls
#
interface Vlanif30
ip address 100.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 100.1.1.0 0.0.0.255
network 100.1.3.0 0.0.0.255
#
static-lsp ingress SPE1toUPE1 destination 4.4.4.9 32 nexthop 100.1.3.2 out-label 30
static-lsp egress UPE1toSPE1 incoming-interface Vlanif20 in-label 20
#
return
● P configuration file
#
sysname P
#
vlan batch 30 40
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif30
ip address 100.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 100.1.2.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 100.1.1.0 0.0.0.255
network 100.1.2.0 0.0.0.255
#
return
● SPE2 configuration file
#
sysname SPE2
#
vlan batch 40 50
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi V100 static
pwsignal ldp
vsi-id 100
mac-withdraw enable
peer 1.1.1.9
peer 5.5.5.9 static-upe trans 100 recv 100
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface Vlanif40
ip address 100.1.2.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
ip address 100.1.4.1 255.255.255.0
mpls
#
interface GigabitEthernet0/0/1
connects to the backbone network. Site2 connects to UPE2 through CE2 and then
connects to the backbone network. Users at Site1 and Site2 need to communicate
at Layer 2 and user information needs to be reserved when Layer 2 packets are
transmitted over the backbone network.
Figure 7-39 Networking diagram for configuring dynamic VLLs to access a VPLS
network
Loopback1 Loopback1 Loopback1
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE0/0/1 GE0/0/1
VLANIF10 VLANIF20
100.1.1.1/24 100.1.2.2/24
SPE1 SPE2
GE0/0/1 GE0/0/2
GE0/0/2 VLANIF10 P VLANIF20 GE0/0/2
VLANIF30 100.1.1.2/24 100.1.2.1/24 VLANIF40
100.1.3.1/24 100.1.4.1/24
Loopback1 Loopback1
4.4.4.9/32 GE0/0/2 GE0/0/2 5.5.5.9/32
VLANIF30 VLANIF40
100.1.3.2/24 100.1.4.2/24
UPE1 UPE2
GE0/0/1 GE0/0/1
VLANIF50 VLANIF60
GE0/0/1 GE0/0/1
VLANIF50 VLANIF60
10.1.1.1/24 10.1.1.2/24
CE1 CE2
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure VLANs that interfaces belong to.
Configure the VLAN that each interface belongs to and assign IP addresses to
interfaces on Switch.
# Configure CE1. The configuration on UPE1, UPE2, SPE1, SPE2, P, and CE2 is
similar to the CE1, and is not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan 50
[CE1-vlan50] quit
[CE1] interface vlanif 50
[CE1-Vlanif50] ip address 10.1.1.1 255.255.255.0
[CE1-Vlanif50] quit
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 50
[CE1-GigabitEthernet0/0/1] quit
NOTE
Do not add AC-side physical interfaces and PW-side physical interfaces of a PE to the same
VLAN; otherwise, a loop may occur.
Configure OSPF on the SPEs and P to advertise the routes of the network segment
and LSR IDs.
# Configure SPE1.
[SPE1] ospf
[SPE1-ospf-1] area 0
[SPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[SPE1-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255
[SPE1-ospf-1-area-0.0.0.0] network 100.1.3.0 0.0.0.255
[SPE1-ospf-1-area-0.0.0.0] quit
[SPE1-ospf-1] quit
# Configure the P.
[P] ospf
[P-ospf-1] area 0
# Configure SPE2.
[SPE2] ospf
[SPE2-ospf-1] area 0
[SPE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[SPE2-ospf-1-area-0.0.0.0] network 100.1.2.0 0.0.0.255
[SPE2-ospf-1-area-0.0.0.0] network 100.1.4.0 0.0.0.255
[SPE2-ospf-1-area-0.0.0.0] quit
[SPE2-ospf-1] quit
# Configure UPE1.
[UPE1] ospf
[UPE1-ospf-1] area 0
[UPE1-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0
[UPE1-ospf-1-area-0.0.0.0] network 100.1.3.0 0.0.0.255
[UPE1-ospf-1-area-0.0.0.0] quit
[UPE1-ospf-1] quit
# Configure UPE2.
[UPE2] ospf
[UPE2-ospf-1] area 0
[UPE2-ospf-1-area-0.0.0.0] network 5.5.5.9 0.0.0.0
[UPE2-ospf-1-area-0.0.0.0] network 100.1.4.0 0.0.0.255
[UPE2-ospf-1-area-0.0.0.0] quit
[UPE2-ospf-1] quit
# Configure UPE2.
[UPE2] mpls lsr-id 5.5.5.9
[UPE2] mpls
[UPE2-mpls] quit
[UPE2] mpls ldp
[UPE2-mpls-ldp] quit
[UPE2] interface vlanif 40
[UPE2-Vlanif40] mpls
[UPE2-Vlanif40] mpls ldp
[UPE2-Vlanif40] quit
# Configure SPE1.
[SPE1] mpls lsr-id 1.1.1.9
[SPE1] mpls
[SPE1-mpls] quit
[SPE1] mpls ldp
[SPE1-mpls-ldp] quit
[SPE1] interface vlanif 10
[SPE1-Vlanif10] mpls
[SPE1-Vlanif10] mpls ldp
[SPE1-Vlanif10] quit
[SPE1] interface vlanif 30
[SPE1-Vlanif30] mpls
[SPE1-Vlanif30] mpls ldp
[SPE1-Vlanif30] quit
# Configure the P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 10
[P-Vlanif10] mpls
[P-Vlanif10] mpls ldp
[P-Vlanif10] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls ldp
[P-Vlanif20] quit
# Configure SPE2.
[SPE2] mpls lsr-id 3.3.3.9
[SPE2] mpls
[SPE2-mpls] quit
[SPE2] mpls ldp
[SPE2-mpls-ldp] quit
[SPE2] interface vlanif 20
[SPE2-Vlanif20] mpls
[SPE2-Vlanif20] mpls ldp
[SPE2-Vlanif20] quit
[SPE2] interface vlanif 40
[SPE2-Vlanif40] mpls
[SPE2-Vlanif40] mpls ldp
[SPE2-Vlanif40] quit
After the configuration is complete, run the display mpls ldp session command
on UPEs, P, and SPEs. You can see that the peer relationship is set up between SPE
and UPE, or between SPE and P. The status of the peer relationship is Operational.
Run the display mpls lsp command to view the LSP status.
# Configure SPE1.
[SPE1] mpls ldp remote-peer 3.3.3.9
[SPE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[SPE1-mpls-ldp-remote-3.3.3.9] quit
# Configure SPE2.
[SPE2] mpls ldp remote-peer 1.1.1.9
[SPE2-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
[SPE2-mpls-ldp-remote-1.1.1.9] quit
Step 5 Enable MPLS L2VPN and configure Martini VLLs on the UPEs.
# Configure UPE1.
[UPE1] mpls l2vpn
[UPE1-l2vpn] quit
[UPE1] interface vlanif 50
[UPE1-Vlanif50] mpls l2vc 1.1.1.9 100
[UPE1-Vlanif50] quit
# Configure UPE2.
[UPE2] mpls l2vpn
[UPE2-l2vpn] quit
[UPE2] interface vlanif 60
[UPE2-Vlanif60] mpls l2vc 3.3.3.9 100
[UPE2-Vlanif60] quit
# Configure SPE2.
[SPE2] mpls l2vpn
[SPE2-l2vpn] quit
[SPE2] vsi v100 static
[SPE2-vsi-v100] pwsignal ldp
[SPE2-vsi-v100-ldp] vsi-id 100
[SPE2-vsi-v100-ldp] peer 1.1.1.9
[SPE2-vsi-v100-ldp] peer 5.5.5.9 upe
[SPE2-vsi-v100-ldp] quit
[SPE2-vsi-v100] quit
Run the display vsi name v100 command on SPEs, and you can see that the VSI
named v100 is in Up state and the PW is also in Up state. The information
displayed on SPE1 is used as an example.
[SPE1] display vsi name v100
Vsi Mem PW Mac Encap Mtu Vsi
Name Disc Type Learn Type Value State
--------------------------------------------------------------------------
v100 static ldp unqualify vlan 1500 up
CE1 and CE2, which reside in the same network segment, can ping each other.
[CE1] ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
----End
Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 50
#
interface Vlanif50
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 50
#
return
● P configuration file
#
sysname P
#
vlan batch 10 20
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif10
ip address 100.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif20
ip address 100.1.2.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 100.1.1.0 0.0.0.255
network 100.1.2.0 0.0.0.255
#
return
● SPE2 configuration file
#
sysname SPE2
#
vlan batch 20 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi v100 static
pwsignal ldp
vsi-id 100
peer 1.1.1.9
peer 5.5.5.9 upe
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface Vlanif20
ip address 100.1.2.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 100.1.4.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 100.1.2.0 0.0.0.255
network 100.1.4.0 0.0.0.255
#
return
● UPE2 configuration file
#
sysname UPE2
#
vlan batch 40 60
#
mpls lsr-id 5.5.5.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface Vlanif40
ip address 100.1.4.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif60
mpls l2vc 3.3.3.9 100
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 60
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack1
ip address 5.5.5.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 5.5.5.9 0.0.0.0
network 100.1.4.0 0.0.0.255
#
return
Networking Requirements
Figure 7-40 shows a backbone network built by an enterprise. CE1 is dual-homed
to PE1 and an RR, and Site1 connects to the backbone network through CE1. Site2
connects to PE2 through CE2 and then connects to the backbone network. RR is a
route reflector, and PE1 and PE2 function as clients of the RR.
Users at Site1 and Site2 need to communicate at Layer 2 and user information
needs to be reserved when Layer 2 packets are transmitted over the backbone
network. CE1-PE1-RR-PE2-CE2 is the active path, and CE1-RR-PE2-CE2 is the
standby path.
NOTE
In this scenario, to avoid loops, ensure that all connected interfaces have STP disabled and
connected interfaces are removed from VLAN 1. If STP is enabled and VLANIF interfaces of
switches are used to construct a Layer 3 ring network, an interface on the network will be
blocked. As a result, Layer 3 services on the network cannot run normally.
CE1 CE2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure transparent transmission of Layer 2 packets over the backbone
network using VPLS to enable users at Site1 and Site2 to communicate at
Layer 2 and reserve user information when Layer 2 packets are transmitted
over the backbone network.
2. Use CE dual-homed Kompella VPLS to implement Layer 2 communication
between CEs based on enterprise network planning requirements.
3. Configure the IGP routing protocol on the backbone network to enable PE1,
RR, and PE2 to transmit data on the public network.
4. Configure basic MPLS functions and LDP on the PE1, PE2, and RR to support
VPLS.
5. Establish tunnels for transmitting data between PEs to prevent data from
being known by the public network.
6. Enable MPLS L2VPN on PEs to implement VPLS.
7. Enable BGP peers to exchange VPLS information between PEs, create a VSI on
each PE, establish MP IBGP peer relationship between PE1 and the RR, and
between PE2 and the RR respectively, and configure router reflection on the
RR to implement member discovery.
8. Create a VSI on each PE, specify BGP as the signaling protocol, specify the RD,
VPN target, and site of the VSI, and bind AC interfaces to VSIs to implement
Kompella VPLS.
9. Increase the multi-homed preference of the VSI on PE1 to enable BGP to
preferentially select the label block of this VSI.
Procedure
Step 1 Configure VLANs that interfaces belong to.
Configure the VLAN that each interface belongs to and assign IP addresses to
interfaces on Switch.
# Configure CE1. The configuration on PE1, PE2, CE2, and RR is similar to the CE1,
and is not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan 10
[CE1-vlan10] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0
[CE1-Vlanif10] quit
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
[CE1] interface gigabitethernet 0/0/2
[CE1-GigabitEthernet0/0/2] port link-type trunk
[CE1-GigabitEthernet0/0/2] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/2] quit
NOTE
Do not add AC-side physical interfaces and PW-side physical interfaces of a PE to the same
VLAN; otherwise, a loop may occur.
PE1, RR, and PE2 on the backbone network can communicate using IGP. Note that
IS-IS must be enabled on Loopback1.
# Configure PE1. The configuration on PE2 and RR is similar to the PE1, and is not
mentioned here.
[PE1] isis 1
[PE1-isis-1] network-entity 10.0000.0000.0001.00
[PE1-isis-1] quit
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 255.255.255.255
[PE1-LoopBack1] isis enable 1
[PE1-LoopBack1] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] isis enable 1
[PE1-Vlanif20] quit
After the configuration is complete, PE1, RR, and PE2 can learn loopback
addresses from each other.
PE1, RR, and PE2 can ping the Loopback1 address of each other.
Enable MPLS and MPLS LDP on PE1, RR, PE2, the interfaces through which PE1 is
connected to RR, and the interfaces through which RR is connected to PE2 to
establish LSPs.
# Configure PE1. The configuration on PE2 and RR is similar to the PE1, and is not
mentioned here.
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit
After the configuration is complete, run the display mpls lsp command on each
Switch. you can see that LSPs have been established between each pair of PE1, RR,
and PE2.
Step 4 Establish BGP peers and enable them to exchange VPLS information.
Establish the MP IBGP connection and enable BGP VPLS on PE1, RR, and PE2.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] peer 2.2.2.2 as-number 100
[PE1-bgp] peer 2.2.2.2 connect-interface loopback 1
[PE1-bgp] vpls-family
[PE1-bgp-af-vpls] peer 2.2.2.2 enable
[PE1-bgp-af-vpls] quit
[PE1-bgp] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 2.2.2.2 as-number 100
[PE2-bgp] peer 2.2.2.2 connect-interface loopback 1
[PE2-bgp] vpls-family
[PE2-bgp-af-vpls] peer 2.2.2.2 enable
[PE2-bgp-af-vpls] quit
[PE2-bgp] quit
After this step is complete, run the display bgp vpls peer command on the PE or
RR. you can see that the status of the MP IBGP peers is Established.
Step 5 Enable the route reflection function on the RR.
# Configure the RR.
[RR] bgp 100
[RR-bgp] vpls-family
[RR-bgp-af-vpls] reflector cluster-id 100
[RR-bgp-af-vpls] peer 1.1.1.1 reflect-client
[RR-bgp-af-vpls] peer 3.3.3.3 reflect-client
[RR-bgp-af-vpls] undo policy vpn-target
[RR-bgp-af-vpls] quit
[RR-bgp] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
Step 7 Configure VSIs on PE1, RR, and PE2 and bind the VSIs to AC interfaces.
# Configure PE1.
# Configure PE2.
[PE2] vsi v1 auto
[PE2-vsi-v1] pwsignal bgp
[PE2-vsi-v1-bgp] route-distinguisher 100:2
[PE2-vsi-v1-bgp] vpn-target 1:1 import-extcommunity
[PE2-vsi-v1-bgp] vpn-target 1:1 export-extcommunity
[PE2-vsi-v1-bgp] site 2 range 5 default-offset 0
[PE2-vsi-v1-bgp] quit
[PE2-vsi-v1] quit
[PE2] interface vlanif 40
[PE2-Vlanif40] l2 binding vsi v1
[PE2-Vlanif40] quit
After the configurations are complete, run the display bgp vpls all command on
the PE or RR. You can see information about the local and remote label blocks of
the VPLS. The RR preferentially selects the local label block.
[RR] display bgp vpls all
BGP Local Router ID : 2.2.2.2, Local AS Number : 100
Status codes : * - active, > - best
BGP.VPLS : 3 Label Blocks
--------------------------------------------------------------------------------
Route Distinguisher: 100:1
SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref
--------------------------------------------------------------------------------
> 1 0 0.0.0.0 5 35840 0x0 0.0.0.0 0
1 0 1.1.1.1 5 35840 0x0 1.1.1.1 0
--------------------------------------------------------------------------------
Route Distinguisher: 100:2
SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref
--------------------------------------------------------------------------------
*> 2 0 3.3.3.3 5 35840 0x0 3.3.3.3 0
[PE1] vsi v1
[PE1-vsi-v1] multi-homing-preference 10
[PE1-vsi-v1] quit
After the configuration is complete, run the display bgp vpls all command on the
RR. You can see that the RR preferentially selects the label block advertised by
PE1.
[RR] display bgp vpls all
BGP Local Router ID : 2.2.2.2, Local AS Number : 100
Status codes : * - active, > - best
BGP.VPLS : 3 Label Blocks
--------------------------------------------------------------------------------
Route Distinguisher: 100:1
SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref
--------------------------------------------------------------------------------
1 0 0.0.0.0 5 35840 0x0 0.0.0.0 0
*> 1 0 1.1.1.1 5 35840 0x0 1.1.1.1 10
--------------------------------------------------------------------------------
Route Distinguisher: 100:2
SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref
--------------------------------------------------------------------------------
*> 2 0 3.3.3.3 5 35840 0x0 3.3.3.3 0
Run the display bgp vpls all command on PE2, and you can see that the remote
label block of PE2 is advertised by PE1.
[PE2] display bgp vpls all
BGP Local Router ID : 3.3.3.3, Local AS Number : 100
Status codes : * - active, > - best
BGP.VPLS : 2 Label Blocks
--------------------------------------------------------------------------------
Route Distinguisher: 100:1
SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref
--------------------------------------------------------------------------------
*> 1 0 1.1.1.1 5 35840 0x0 2.2.2.2 10
--------------------------------------------------------------------------------
Route Distinguisher: 100:2
SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref
--------------------------------------------------------------------------------
> 2 0 0.0.0.0 5 35840 0x0 0.0.0.0 0
Run the display vpls connection bgp command on PE1 and the RR to check the
VPLS connection.
----End
Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
return
● PE1 configuration file
#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi v1 auto
pwsignal bgp
route-distinguisher 100:1
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
site 1 range 5 default-offset 0
multi-homing-preference 10
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
l2 binding vsi v1
#
interface Vlanif20
ip address 100.1.1.1 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 20
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
#
vpls-family
policy vpn-target
peer 2.2.2.2 enable
#
return
● RR configuration file
#
sysname RR
#
vlan batch 10 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
#
vsi v1 auto
pwsignal bgp
route-distinguisher 100:1
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
site 1 range 5 default-offset 0
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0002.00
#
interface Vlanif10
l2 binding vsi v1
#
interface Vlanif20
ip address 100.1.1.2 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface Vlanif30
#
interface Vlanif40
l2 binding vsi v1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
#
vpls-family
policy vpn-target
peer 2.2.2.2 enable
#
return
GE0/0/2 GE0/0/1
VLANIF20 VLANIF40
100.1.1.1/24 100.3.1.2/24
PE1 GE0/0/1 GE0/0/2 PE2
VLANIF10 VLANIF50
GE0/0/1 GE0/0/1
VLANIF10 VLANIF50
10.1.1.1/24 10.1.1.2/24
CE1 CE2
Site1 Site2
Configuration Roadmap
The configuration roadmap is as follows:
Procedure
Step 1 Configure VLANs that interfaces belong to.
Configure the VLAN that each interface belongs to and assign IP addresses to
interfaces on Switch.
# Configure CE1. The configuration on PE1, PE2, ASBR_PE1, ASBR_PE2, and CE2 is
similar to the CE1, and is not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan 10
[CE1-vlan10] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0
[CE1-Vlanif10] quit
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
NOTE
Do not add AC-side physical interfaces and PW-side physical interfaces of a PE to the same
VLAN; otherwise, a loop may occur.
After the configuration is complete, the ASBR and PE in the same AS can establish
an IS-IS neighbor. Run the display isis peer command, and you can see that the
IS-IS neighbor is in Up state.
The information displayed on PE1 is used as an example.
[PE1] display isis peer
Total Peer(s): 2
Run the display mpls ldp session command to view the LDP LSP status.
ASBR_PE1 is used as an example.
[ASBR_PE1] display mpls ldp session
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
# Configure ASBR_PE1.
[ASBR_PE1] mpls l2vpn
[ASBR_PE1-l2vpn] quit
# Configure ASBR_PE2.
[ASBR_PE2] mpls l2vpn
[ASBR_PE2-l2vpn] quit
# Configure ASBR_PE1.
[ASBR_PE1] vsi a1 static
[ASBR_PE1-vsi-a1] pwsignal ldp
[ASBR_PE1-vsi-a1-ldp] vsi-id 2
[ASBR_PE1-vsi-a1-ldp] peer 1.1.1.1
[ASBR_PE1-vsi-a1-ldp] quit
[ASBR_PE1-vsi-a1] quit
[ASBR_PE1] interface vlanif 30
[ASBR_PE1-Vlanif30] l2 binding vsi a1
[ASBR_PE1-Vlanif30] quit
# Configure ASBR_PE2.
[ASBR_PE2] vsi a1 static
[ASBR_PE2-vsi-a1] pwsignal ldp
[ASBR_PE2-vsi-a1-ldp] vsi-id 3
[ASBR_PE2-vsi-a1-ldp] peer 4.4.4.4
[ASBR_PE2-vsi-a1-ldp] quit
[ASBR_PE2-vsi-a1] quit
[ASBR_PE2] interface vlanif 30
[ASBR_PE2-Vlanif30] l2 binding vsi a1
[ASBR_PE2-Vlanif30] quit
# Configure PE2.
[PE2] vsi a1 static
[PE2-vsi-a1] pwsignal ldp
[PE2-vsi-a1-ldp] vsi-id 3
[PE2-vsi-a1-ldp] peer 3.3.3.3
[PE2-vsi-a1-ldp] quit
[PE2-vsi-a1] quit
[PE2] interface vlanif 50
[PE2-Vlanif50] l2 binding vsi a1
[PE2-Vlanif50] quit
***VSI Name : a1
Administrator VSI : no
Isolate Spoken : disable
VSI Index :0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
P2P VSI : disable
Create Time : 0 days, 3 hours, 30 minutes, 31 seconds
VSI State : up
VSI ID :2
*Peer Router ID : 2.2.2.2
Negotiation-vc-id :2
primary or secondary : primary
ignore-standby-state : no
VC Label : 23552
Peer Type : dynamic
Session : up
Tunnel ID : 0x20020
Broadcast Tunnel ID : 0x20020
Broad BackupTunnel ID : 0x0
CKey :6
NKey :5
Stp Enable :0
PwIndex :0
Control Word : disable
**PW Information:
----End
Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
interface Vlanif30
l2 binding vsi a1
#
interface Vlanif40
ip address 100.3.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
return
● PE2 configuration file
#
sysname PE2
#
vlan batch 40 50
#
mpls lsr-id 4.4.4.4
mpls
#
mpls l2vpn
#
vsi a1 static
pwsignal ldp
vsi-id 3
peer 3.3.3.3
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0004.00
#
interface Vlanif40
ip address 100.3.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Vlanif50
l2 binding vsi a1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 50
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
isis enable 1
#
return
● CE2 configuration file
#
sysname CE2
#
vlan batch 50
#
interface Vlanif50
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 50
#
return
Networking Requirements
As shown in Figure 7-42, on an enterprise network, Site1 connects to PE1 through
CE1 and then connects to the VPLS domain of AS 100. Site2 connects to PE2
through CE2 and then connects to the VPLS domain of AS 200. The network
environments of the branch sites are unstable. AS 100 and AS 200 communicate
with each other through ASBR_PE1 and ASBR_PE2. IS-IS is used as the IGP on the
MPLS backbone network in an AS. Users at Site1 and Site2 need to communicate
at Layer 2 and user information needs to be reserved when Layer 2 packets are
transmitted over the backbone network.
GE0/0/2 GE0/0/1
VLANIF20 VLANIF40
100.1.1.1/24 100.3.1.2/24
PE1 GE0/0/1 GE0/0/2 PE2
VLANIF10 VLANIF50
GE0/0/1 GE0/0/1
VLANIF10 VLANIF50
10.1.1.1/24 10.1.1.2/24
CE1 CE2
Site1 Site2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure transparent transmission of Layer 2 packets over the backbone
network using VPLS to enable users at Site1 and Site2 to communicate at
Layer 2 and reserve user information when Layer 2 packets are transmitted
over the backbone network.
2. Use Kompella VPLS to implement Layer 2 communication between CEs when
the network environments of the branch sites are unstable.
3. Configure the IGP routing protocol on the backbone network to implement
communication between devices within an AS on the public network.
4. Configure basic MPLS functions and LDP on PEs on the backbone network to
support VPLS.
5. Establish tunnels for transmitting data between PEs within an AS to prevent
data from being known by the public network.
6. Enable MPLS L2VPN on PEs to implement VPLS.
7. Enable BGP peers to exchange VPLS information between PEs within an AS,
create a VSI on each PE switch, specify BGP as the signaling protocol, specify
the RD, VPN target, and site of the VSI, and bind AC interfaces to VSIs to
implement Kompella VPLS.
8. To implement VPLS inter-AS OptionA, configure the peer ASBR as the CE on
the ASBR PE, and bind VSIs to peer interfaces.
Procedure
Step 1 Configure VLANs that interfaces belong to.
Configure the VLAN that each interface belongs to and assign IP addresses to
interfaces on Switch.
# Configure CE1. The configuration on PE1, PE2, ASBR_PE1, ASBR_PE2, and CE2 is
similar to the CE1, and is not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan 10
[CE1-vlan10] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0
[CE1-Vlanif10] quit
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
NOTE
Do not add AC-side physical interfaces and PW-side physical interfaces of a PE to the same
VLAN; otherwise, a loop may occur.
Total Peer(s): 2
ASBR-PEs and PEs in the same AS can ping Loopback1 of each other successfully.
ASBR_PE1 is used as an example.
[ASBR_PE1] ping 1.1.1.1
PING 1.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 1.1.1.1: bytes=56 Sequence=1 ttl=255 time=47 ms
Reply from 1.1.1.1: bytes=56 Sequence=2 ttl=255 time=31 ms
Reply from 1.1.1.1: bytes=56 Sequence=3 ttl=255 time=31 ms
Reply from 1.1.1.1: bytes=56 Sequence=4 ttl=255 time=31 ms
Reply from 1.1.1.1: bytes=56 Sequence=5 ttl=255 time=31 ms
After the configuration is complete, run the display mpls lsp command on PEs,
and you can see that the LSP is established between the PE and the ASBR-PE in
the same AS.
The information displayed on PE1 is used as an example.
[PE1] display mpls lsp
# Configure ASBR_PE1.
[ASBR_PE1] bgp 100
[ASBR_PE1-bgp] peer 1.1.1.1 as-number 100
[ASBR_PE1-bgp] peer 1.1.1.1 connect-interface loopback 1
[ASBR_PE1-bgp] vpls-family
[ASBR_PE1-bgp-af-vpls] peer 1.1.1.1 enable
[ASBR_PE1-bgp-af-vpls] quit
[ASBR_PE1-bgp] quit
# Configure PE2.
[PE2] bgp 200
[PE2-bgp] peer 3.3.3.3 as-number 200
[PE2-bgp] peer 3.3.3.3 connect-interface loopBack1
[PE2-bgp] vpls-family
[PE2-bgp-af-vpls] peer 3.3.3.3 enable
[PE2-bgp-af-vpls] quit
[PE2-bgp] quit
# Configure ASBR_PE2.
[ASBR_PE2] bgp 200
[ASBR_PE2-bgp] peer 4.4.4.4 as-number 200
[ASBR_PE2-bgp] peer 4.4.4.4 connect-interface loopback 1
[ASBR_PE2-bgp] vpls-family
[ASBR_PE2-bgp-af-vpls] peer 4.4.4.4 enable
[ASBR_PE2-bgp-af-vpls] quit
[ASBR_PE2-bgp] quit
Run the display bgp vpls peer command on the PE or ASBR PE, and you can see
that MP-IBGP peers between the PEs are in Established state.
The information displayed on PE1 is used as an example.
[PE1] display bgp vpls peer
# Configure ASBR_PE1.
[ASBR_PE1] mpls l2vpn
[ASBR_PE1-l2vpn] quit
# Configure ASBR_PE2.
[ASBR_PE2] mpls l2vpn
[ASBR_PE2-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
Step 6 Configure VSIs on PEs and ASBRs, and bind VSIs to AC interfaces.
# Configure PE1.
[PE1] vsi v1 auto
[PE1-vsi-v1] pwsignal bgp
[PE1-vsi-v1-bgp] route-distinguisher 100:1
[PE1-vsi-v1-bgp] vpn-target 1:1 import-extcommunity
[PE1-vsi-v1-bgp] vpn-target 1:1 export-extcommunity
[PE1-vsi-v1-bgp] site 1 range 5 default-offset 0
[PE1-vsi-v1-bgp] quit
[PE1-vsi-v1] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] l2 binding vsi v1
[PE1-Vlanif10] quit
# Configure ASBR_PE1.
[ASBR_PE1] vsi v1 auto
[ASBR_PE1-vsi-v1] pwsignal bgp
[ASBR_PE1-vsi-v1-bgp] route-distinguisher 100:2
[ASBR_PE1-vsi-v1-bgp] vpn-target 1:1 import-extcommunity
[ASBR_PE1-vsi-v1-bgp] vpn-target 1:1 export-extcommunity
[ASBR_PE1-vsi-v1-bgp] site 2 range 5 default-offset 0
[ASBR_PE1-vsi-v1-bgp] quit
[ASBR_PE1-vsi-v1] quit
[ASBR_PE1] interface vlanif 30
[ASBR_PE1-Vlanif30] l2 binding vsi v1
[ASBR_PE1-Vlanif30] quit
# Configure ASBR_PE2.
[ASBR_PE2] vsi v1 auto
[ASBR_PE2-vsi-v1] pwsignal bgp
[ASBR_PE2-vsi-v1-bgp] route-distinguisher 200:1
[ASBR_PE2-vsi-v1-bgp] vpn-target 1:1 import-extcommunity
[ASBR_PE2-vsi-v1-bgp] vpn-target 1:1 export-extcommunity
[ASBR_PE2-vsi-v1-bgp] site 1 range 5 default-offset 0
[ASBR_PE2-vsi-v1-bgp] quit
[ASBR_PE2-vsi-v1] quit
# Configure PE2.
[PE2] vsi v1 auto
[PE2-vsi-v1] pwsignal bgp
[PE2-vsi-v1-bgp] route-distinguisher 200:2
[PE2-vsi-v1-bgp] vpn-target 1:1 import-extcommunity
[PE2-vsi-v1-bgp] vpn-target 1:1 export-extcommunity
[PE2-vsi-v1-bgp] site 2 range 5 default-offset 0
[PE2-vsi-v1-bgp] quit
[PE2-vsi-v1] quit
[PE2] interface vlanif 50
[PE2-Vlanif50] l2 binding vsi v1
[PE2-Vlanif50] quit
Run the display bgp vpls all command on a PE or an ASBR-PE, and you can see
information about the VPLS label block of BGP.
The information displayed on ASBR_PE1 is used as an example.
[ASBR_PE1] display bgp vpls all
BGP Local Router ID : 2.2.2.2, Local AS Number : 100
Status codes : * - active, > - best
BGP.VPLS : 2 Label Blocks
--------------------------------------------------------------------------------
Route Distinguisher: 100:1
--------------------------------------------------------------------------------
Route Distinguisher: 100:2
SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref
--------------------------------------------------------------------------------
> 2 0 0.0.0.0 5 31744 0x0 0.0.0.0 0
----End
Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
#
vpls-family
policy vpn-target
peer 2.2.2.2 enable
#
return
● ASBR_PE1 configuration file
#
sysname ASBR_PE1
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
#
vsi v1 auto
pwsignal bgp
route-distinguisher 100:2
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
site 2 range 5 default-offset 0
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0002.00
#
interface Vlanif20
ip address 100.1.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Vlanif30
l2 binding vsi v1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
isis enable 1
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
vpls-family
policy vpn-target
peer 1.1.1.1 enable
#
return
● ASBR_PE2 configuration file
#
sysname ASBR_PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi v1 auto
pwsignal bgp
route-distinguisher 200:1
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
site 1 range 5 default-offset 0
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0003.00
#
interface Vlanif30
l2 binding vsi v1
#
interface Vlanif40
ip address 100.3.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
bgp 200
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 4.4.4.4 enable
#
vpls-family
policy vpn-target
peer 4.4.4.4 enable
#
return
● PE2 configuration file
#
sysname PE2
#
vlan batch 40 50
#
mpls lsr-id 4.4.4.4
mpls
#
mpls l2vpn
#
vsi v1 auto
pwsignal bgp
route-distinguisher 200:2
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
site 2 range 5 default-offset 0
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0004.00
#
interface Vlanif40
ip address 100.3.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Vlanif50
l2 binding vsi v1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 50
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
isis enable 1
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
#
vpls-family
policy vpn-target
peer 3.3.3.3 enable
#
return
Fault Symptom
After VPLS is configured, the VSI status is Up on only one end.
Procedure
Step 1 Run the display vsi [ name vsi-name ] [ verbose ] command to check whether
multiple AC interfaces on the local end are bound to the VSI.
If fewer than two interfaces are bound to the VSI, you need to configure the local
and remote ends to bind more than two AC interfaces to the VSI.
NOTE
If two or more AC interfaces are bound to the VSI, the VSI can be Up.
Step 2 Check whether the remote end specifies the local end as the UPE.
If the remote end specifies the local end as the UPE and the remote AC interface
are faulty, the remote end does not notify the local end of the fault. This may
cause VSI in Up state on only one end.
----End
Fault Symptom
After Martini VPLS is configured, the VSI cannot go Up.
Procedure
Step 1 Run the display vsi name vsi-name command to check whether the encapsulation
types on both ends are the same.
● If the encapsulation types on both ends are different, run the encapsulation
{ ethernet | vlan } command in the VSI view to change the encapsulation
type on one end to ensure that the two ends use the same encapsulation
type.
● If the encapsulation types on both ends are the same, go to step 2.
NOTE
A VSI can be Up only when encapsulation types configured on both ends are the same.
Step 2 Run the display vsi name vsi-name command to check whether MTUs of the two
ends are the same.
● If MTUs of the two ends are different, run the mtu mtu-value command in
the VSI view to change the MTU on one end to ensure that the two ends use
the same MTU.
● If MTUs of the two ends are the same, go to step 3.
NOTE
A VSI can be Up only when MTUs configured for the two ends are the same.
Step 3 Run the display vsi name vsi-name verbose command to check whether VSI IDs
or negotiation IDs on both ends are the same.
● If VSI IDs or negotiation IDs on the two ends are different, run the pwsignal
ldp command in the VSI-LDP view to change the VSI ID on one end, or run
the peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ]
command to change the negotiation ID on one end to ensure that VSI IDs or
negotiation IDs on the two ends are the same.
● If the VSI IDs or negotiation IDs on both ends are the same, go to step 4.
Step 4 Run the display vsi name vsi-name verbose command to check whether the LDP
session is Up.
● If the LDP session is Down, see LDP Session Is Down in "MPLS LDP
Configuration" in the S1720, S2700, S5700, and S6720 V200R010C00
Configuration Guide - MPLS to make the LDP session go Up.
● If the LDP session is Up, go to step 5.
NOTE
The two ends can perform L2VPN negotiation only after the LDP session is Up.
Step 5 Run the display vsi name vsi-name verbose command to check whether the VSI
selects a tunnel.
● Check whether the Tunnel ID value is 0x0. If the Tunnel ID value is 0x0, the
VSI does not select a tunnel. Perform the following steps to configure a tunnel
policy for the VSI:
● Check the Tunnel Policy Name field. If this field is not displayed, the VSI uses
an LDP LSP or no tunnel policy is configured for the VSI. To use an MPLS-TE
tunnel, you must configure a tunnel policy. The value of the Tunnel Policy
Name field indicates the tunnel policy of the VSI. You can run the display this
command in the corresponding tunnel policy view to check the tunnel policy
configuration.
NOTE
If the tunnel is not Up on both ends, see "LSP Goes Down" or " TE Tunnel Goes
Down" to locate the fault and enable the tunnel to go Up. If the tunnel between
the two ends is Up and the TE interface is correctly configured, go to step 6.
NOTE
A VSI can be Up only when the tunnel between the two ends is Up.
Step 6 Run the display vsi name vsi-name verbose command to check whether the AC
interfaces on both ends are Up.
If the AC interfaces on the two ends are Down, see "Physical
Interconnection&Interface Type" to make the AC interfaces go Up.
----End
Fault Symptom
After Kompella VPLS is configured, the VSI cannot go Up.
Procedure
Step 1 Run the display vsi name vsi-name command to check whether the encapsulation
types and MTUs on both ends are the same.
● If the encapsulation types and MTUs on both ends are different, run the
encapsulation { ethernet | vlan } command in the VSI view to change the
encapsulation type on one end, or run the mtu mtu-value command to
change the MTU on one end to ensure that the two ends use the same
encapsulation type and MTU.
● If the two ends use the same encapsulation type and MTU but the fault
persists, go to step 2.
NOTE
If the VSI needs to go Up, the encapsulation types and MTUs on both ends must be
consistent.
Step 2 Check whether the site IDs on both ends are different in the VSI view.
● If site IDs on both ends are the same, run the site site-id [ range site-range ]
[ default-offset { 0 | 1 } ] command to change the site ID on one end to
ensure that the two ends use different site IDs.
● If site IDs on both ends are different, go to step 3.
NOTE
If the VSI needs to go Up, site IDs on both ends cannot be the same.
Step 3 Run the display bgp vpls peer [ ipv4-address verbose | verbose ] [ | count ] [ |
{ begin | exclude | include } regular-expression ] command to check whether the
BGP session between the two ends is in Established state.
● If the BGP session is not in Established state, see "BGP Peer Relationship Fails
to Be Established" to locate the fault and establish the BGP session.
● If the BGP session between the two ends is in Established state, go to step 4.
Step 4 Run the display vsi name vsi-name verbose command to check whether the VSI
selects a tunnel.
● Check whether the Tunnel ID value is 0x0. If the Tunnel ID value is 0x0, the
VSI does not select a tunnel.
● Check the Tunnel Policy Name field. If this field is not displayed, the VSI uses
an LDP LSP or no tunnel policy is configured for the VSI. To use an MPLS-TE
tunnel, configure a tunnel policy. The value of the Tunnel Policy Name field
indicates the tunnel policy of the VSI. You can run the display this command
in the corresponding tunnel policy view to check the tunnel policy
configuration.
NOTE
If the tunnel is not Up on both ends, see "LSP Goes Down" or " TE Tunnel Goes
Down" to locate the fault and enable the tunnel to go Up. If the tunnel between
the two ends is Up and the TE interface is correctly configured, go to step 5.
NOTE
A VSI can be Up only when the tunnel between the two ends is Up.
Step 5 Check whether the site ID on the local end is smaller than the sum of range and
default offset on the remote end.
● If the site ID on the local end is equal to or greater than the sum of range
and default offset on the remote end, modify either the site ID on the local
end or the range on the remote end.
● If the site ID on local end is smaller the sum of the range and default offset
on the remote end, go to step 6.
Step 6 Run the display vsi name vsi-name verbose command to check whether the AC
interfaces on both ends are Up.
If the AC interfaces on the two ends are Down, see "Physical
Interconnection&Interface Type" to make the AC interfaces go Up.
----End