01-07 VPLS Configuration

S1720, S2700, S5700, and S6720 Series Ethernet
Switches
Configuration Guide - VPN 7 VPLS Configuration
7 VPLS Configuration
About This Chapter
This chapter describes principles, applications, and configurations of the Virtual

Private LAN Service (VPLS).
7.1 Overview
7.2 Principles
7.3 Applications
7.4 Licensing Requirements and Limitations for VPLS
7.5 Default Configuration
7.6 Configuring Martini VPLS
7.7 Configuring Kompella VPLS
7.8 Configuring BGP AD VPLS
7.9 Configuring Interworking Between LDP VPLS and BGP AD VPLS
7.10 Configuring LDP HVPLS
7.11 Configuring Static VLLs to Access a VPLS Network
7.12 Configuring CE Dual-Homed Kompella VPLS
7.13 Configuring Inter-AS Martini VPLS in OptionA Mode
When VPLS is deployed in a large area, PEs may belong to different ASs. In this
case, PWs cannot be established between PEs through LDP. To solve the problem
in a normal network, configure inter-AS Martini VPLS.
7.14 Configuring Inter-AS Kompella VPLS in OptionA Mode
7.15 Configuring VPLS PW Redundancy
7.16 Setting Related Parameters for a VSI
7.17 Maintaining VPLS
Maintaining VPLS includes collecting statistics on traffic on a VPLS PW, clearing
the traffic statistics, checking traffic statistics on a VPLS PW, clearing the VPLS PW
Issue 14 (2020-11-30) Copyright © Huawei Technologies Co., Ltd. 837

Switches
traffic statistics, enabling or disabling VSI, clearing MAC address entries, checking
the consistency of VPN configurations, checking MAC address learning, and
checking connectivity of the VPLS network, disabling MPLS L2VPN alarm
verification.
7.18 Configuration Examples
7.19 Common Configuration Errors
7.1 Overview
Definition
As an MPLS-based point-to-multipoint (P2MP) Layer 2 Virtual Private Network
(L2VPN) service provided over a public network, the virtual private LAN service
(VPLS) ensures that geographically isolated user sites can communicate over
metropolitan area networks (MANs) and wide area networks (WANs) as if they
were on the same local area network (LAN). VPLS is also called the transparent
LAN service (TLS).
Figure 7-1 shows a typical VPLS scenario. Users located in different geographical
regions communicate with each other over different provider edge (PE) devices.
An MPLS network is a Layer 2 switched network that allows users to communicate
with each other similarly to communication over a LAN.
Figure 7-1 Typical VPLS scenario
VPN1 VPN1
site1 site3
CE1 CE3
PE1 PE2
MPLS Backbone
VPN2 VPN2
site2 CE2 PE3 CE4 site4
CE5
VPN1
site5

Switches
Purpose
With increased use of applications such as VoIP, instant messaging, and
teleconferencing, VPLS becomes increasingly important for enterprises setting up
branches in different regions. This imposes high requirements for end-to-end
(E2E) datacom technologies. P2MP services are necessary for data
communications.
Other commonly used technologies, such as asynchronous transfer mode (ATM)
and frame relay (FR) can provide only Layer 2 point-to-point (P2P) connections.
Compared to VPLS, networks using these technologies are costly to construct,
complex to deploy, and slow. The development of Internet Protocol (IP) has led to
MPLS VPN technology that provides VPN services over an IP network and offers
advantages such as easy configuration and flexible bandwidth control. MPLS VPNs
are classified as follows:
● MPLS L2VPNs
These include virtual leased lines (VLLs). Ordinary MPLS L2VPNs can provide
P2P services but not P2MP services over a public network.
● MPLS L3VPNs
These provide P2MP services on the precondition that PEs keep routes
destined for end users. This requires PEs to have high routing performance.
VPLS is a specific MPLS-based Ethernet technology that uses L2VPNs.
● Because it uses Ethernet, VPLS supports P2MP communication.
● VPLS is a Layer 2 label switching technology. From a user perspective, the
entire MPLS IP backbone network is a Layer 2 switching device. PEs do not
need to keep routes destined for end users.
VPLS integrates the advantages of both Ethernet and MPLS to provide a
comprehensive multipoint communication solution. By emulating traditional LAN
functions, VPLS enables users on different LANs to communicate with each other
over MPLS networks as if they were on the same LAN.
Benefits
● VPLS networks can be constructed based on carriers' existing IP networks,
reducing construction costs.
● VPLS networks inherit the high-speed advantage of the Ethernet.
● VPLS networks allow users to communicate over Ethernet links, regardless of
whether these links are on WANs or LANs. This allows services to be rapidly
and flexibly deployed.
● Administrators do not need to configure and maintain routing policies,
reducing operational expenditure.
7.2 Principles

Switches
7.2.1 Basic Principles

Basic VPLS Transport Structure
Figure 7-2 shows an example of a VPLS network. The entire VPLS network
functions similarly to a single switch. Pseudo wires (PWs) are established over
MPLS tunnels between VPN sites to transparently transmit Layer 2 packets. When
forwarding packets, provider edges (PEs) learn source MAC addresses of these
packets and create MAC entries, mapping MAC addresses to attachment circuits
(ACs) and PWs.
The following table describes concepts used in transport on VPLS networks.
Table 7-1 Description of VPLS concepts

Name Description
AC A link between a CE and a PE. An AC must be established using

Ethernet interfaces.
On a VPLS network, AC interfaces can be Ethernet interfaces,
VLANIF interfaces, or Eth-Trunk interfaces.
PW A bidirectional virtual connection between two virtual switch

instances (VSIs) residing on two PEs. A PW consists of a pair of
unidirectional MPLS VCs transmitting in opposite directions.
Virtual A virtual switching unit on the switch for each VPLS. Each VSI
switch has an independent MAC address table and a forwarder. A VSI is
instance responsible for terminating PWs.
(VSI)
PW signaling A type of signaling used to create and maintain PWs. PW

signaling is the foundation for VPLS implementation. PW
signaling uses Label Distribution Protocol (LDP) or Border
Gateway Protocol (BGP).
Tunnel A connection between a local PE and a remote PE used to

transparently transmit data between PEs. A tunnel can carry
multiple PWs. Tunnel types can be Label Switched Path (LSP) or
MPLS Traffic Engineering (MPLS TE).
Forwarder Similar to a VPLS forwarding table. After a PE receives packets

from an AC, the forwarder of the PE selects a PW to forward
these packets.

Switches
Figure 7-2 Basic VPLS transmission process
VPN1
Site3
VPN1
Site5 CE3
CE5
PE3
VPN2
Site4
MPLS CE4
Network
Forwarder PE2
PE1
CE1
AC
VPN1 CE2
Site1 PW
VPN2
Site2 PW Signal
Tunnel
The process of CE1 sending unicast packets to CE3 in VPN1 is as follows:

1. PE1, PE2, and PE3 belong to the same VPLS domain. AC links connected to
the VPLS domain are mapped to PWs through a VSI to generate the forwarder
of the VSI.
2. When CE1 receives a Layer 2 packet from a user at Site1, it forwards the Layer
2 packet to PE1 through the AC link.
3. After receiving the packet, PE1 discovers that the packet needs to be
forwarded in VPLS mode. PE1 then selects a PW from the forwarder to
forward the packet based on the destination MAC address of the packet.
4. PE1 generates double labels according to the forwarding entry of the PW. The
inner private network label identifies the PW, and the outer public network
label enables the packet to reach PE2 through the tunnel on the public
network. Meanwhile, PE1 searches for the destination MAC address based on
the MAC address table index and encapsulates the packet.
5. After the Layer 2 packet arrives at PE2 through the tunnel on the public
network, the private network label becomes the outer label (the public
network label has been popped out at the penultimate hop).
6. Once it receives the packet, PE2 selects a VSI for forwarding the packet based
on the private network label. PE2 then removes the private network label and
selects the forwarder of the VSI. The forwarder forwards the Layer 2 packet to
CE3, based on the destination MAC address.

Switches
VPLS Implementation Process

Transmission of packets between Customer Edges (CEs) requires on VSIs
configured on PEs, and PWs established between the VSIs. Figure 7-3 shows
transmission of Ethernet frames over full-mesh PWs between PEs.
Figure 7-3 VPLS forwarding model

CE1 CE3
VLAN1 VLAN1
VSI 1 VSI 1
PE1 PE3
VSI 2 VSI 2
CE4 CE6
VLAN2 VSI 1 VSI 2 VLAN2
PE2
CE2 CE5
VLAN1 VLAN2
A VPLS network consists of a control plane and a forwarding plane.
● The control plane of a VPLS PE provides the PW establishment function,

including:
– Member discovery: a process in which a PE in a VSI discovers the other
PEs in the same VSI. This process can be implemented manually or
automatically using protocols. BGP VPLS and BGP AD VPLS both support
automatic member discovery.
– Signaling mechanism: PWs between PEs in the same VSI are established,
maintained, or torn down using signaling protocols such as LDP and BGP.
● The forwarding plane of a VPLS PE provides the data forwarding function,
including:
– Encapsulation: After receiving Ethernet frames from a CE, a PE
encapsulates the frames into packets and sends the packets to VPLS
network.
– Forwarding: A PE determines how to forward a packet based on the
inbound interface and destination Media Access Control (MAC) address
of the packet.

Switches
– Decapsulation: After receiving packets from VPLS network, a PE

decapsulates these packets into Ethernet frames and sends the frames to
a CE.
7.2.2 PW Signaling Protocols

PW Signaling Protocols and VPLS Implementation Modes
PW signaling protocols include the Label Distribution Protocol (LDP) and Border
Gateway Protocol (BGP). Depending on the signaling protocols used, VPLS can be
implemented in the following modes:
● LDP VPLS
● BGP VPLS
● BGP AD VPLS
Table 7-2 compares these VPLS implementation modes.
Table 7-2 Comparison of VPLS implementation modes

Implement Description Usage Scenario
ation
Mode
LDP mode ● Uses LDP signaling. Typically used on

(also called ● Protocol implementation is simple, and VPLS networks that
Martini) performance requirements for PEs are have few sites, do
low, but member discovery must be not span multiple
carried out manually. ASs, and with PEs
that cannot run
● PWs between the newly added PE and BGP.
existing PEs need to be established after
a PE is added.
● An LDP session needs to be established
between every pair of PEs. The number
of LDP sessions is in proportion to the
number of PEs squared.
● Labels are distributed to PEs on demand,
and label usage is high.
● If a VPLS network spans more than one
AS, VSIs in each AS must use the same
VSI ID range.

Switches
Implement Description Usage Scenario

ation
Mode
BGP mode ● Uses BGP signaling. Typically used on

(also called ● PEs must run BGP, and demands on PE VPLS networks that
Kompella) performance are high. reside on the core
layers of large-scale
Supports automatic member discovery, networks or span
simplifying user operations. multiple ASs. PEs
● After a PE is added, configurations on must be able to run
existing PEs do not need to be modified, BGP.
as long as the total number of PEs does
not exceed the number allowed by the
label block.
● RRs are used to reduce the number of
BGP connections, increasing network
expansibility.
● Using of label blocks wastes label
resources.
● VPN targets identify VPN member
relationships.
BGP AD The BGP AD mode uses extended BGP BGP AD mode

mode Update packets to implement automatic integrates the
member discovery. It also supports VPLS advantages of the
PW establishment. BGP and LDP
● Compared with LDP mode, less modes.
configuration work is required to add a
new PE in BGP AD mode.
● Compared with BGP mode, the BGP AD
mode saves local label resources and is
compatible with PWE3.
LDP VPLS
Introduction to LDP VPLS
LDP VPLS (Martini VPLS) statically discovers VPLS members using LDP signaling.
VPLS information is carried in extended TLV fields (type 128 and type 129 FEC
TLVs) of LDP signaling packets. During the establishment of a PW, the label
distribution mode is downstream unsolicited (DU) and the label retention mode is
liberal.
Implementation process
● Figure 7-4 shows the process of establishing a PW using LDP signaling.

Switches
Figure 7-4 Establishing a PW using LDP signaling

Label Mapping Message:
PW ID+VC Label
VSI VSI
VC1
VC2
PE1 PE2
Label Mapping Message:

PW ID+VC Label
a. After PE1 is associated with a VSI, and PE2 is configured as a peer of PE1,
PE1 sends a Label Mapping message to PE2 in DU mode if an LDP
session already exists between PE1 and PE2. The Label Mapping message
carries information required to establish a PW, such as the PW ID, VC
label, and interface parameters.
b. After receiving the message, PE2 checks whether it has been associated
with the VSI. If PE2 has been associated with the VSI and the PW
parameters on PE1 and PE2 are the same, PE1 and PE2 belong to the
same VSI. In this case, PE2 establishes a unidirectional VC named VC1
immediately after PE2 receives the Label Mapping message. Meanwhile,
PE2 sends a Label Mapping message to PE1. After receiving the message,
PE1 takes a similar sequence of actions to PE2 to establish VC2.
● Figure 7-5 shows the process of tearing down a PW using LDP signaling.
Figure 7-5 Tearing down a PW using LDP signaling
Label Withdrawal Message
VSI VC1 VSI

X
X
PE1 VC2 PE2
Label Release Message
a. After the peer configuration of PE2 is deleted from PE1, PE1 sends a
Label Withdrawal message to PE2. After receiving the Label Withdrawal
message, PE2 withdraws its local VC label, tears down VC1, and sends a
Label Release message to PE1.
b. After receiving the Label Release message, PE1 withdraws its local VC
label and tears down VC2.
BGP VPLS
Introduction to BGP VPLS

Switches
BGP VPLS (Kompella VPLS) dynamically discovers VPLS members using BGP
signaling. BGP VPLS uses MP-BGP packets to transmit VPLS member information.
The MP-REACH and MP-UNREACH attributes carry VPLS label information; the
extended community attributes carry interface parameters, RDs, and VPN targets;
the RDs and VPN targets identify VPN member relationships.
Implementation process
● Figure 7-6 shows the process of establishing a PW using BGP signaling.
Figure 7-6 Establishing a PW using BGP signaling

Update Message (MP-REACH):
Site ID+Label Block
VSI VSI
VC1
VC2
PE1 PE2
Update Message (MP-REACH):

Site ID+Label Block
In order to establish a PW using BGP signaling, a BGP session must already

exist between PE1 and PE2. The process is as follows:
a. After PE1 is associated with a VSI and PE2 is configured as PE1's peer, PE1
sends an Update packet carrying the MP-REACH attribute, site ID, and
label block information to PE2.
b. Upon receipt, PE2 calculates a unique label as the VC label based on its
own site ID and label block. PE2 then establishes a unidirectional VC VC1.
Meanwhile, PE2 calculates the VC label of PE1 based on the site ID and
label block carried in the Update packet sent by PE1. Using this
information, PE2 sends an Update packet to PE1. After receiving the
Update packet, PE1 takes similar actions to PE2 to establish VC2.
● Figure 7-7 shows the process of tearing down a PW using BGP signaling.
Figure 7-7 Tearing down a PW using BGP signaling
Update Message (MP-UNREACH)
VSI VC1 VSI

X
X
PE1 VC2 PE2
Update Message (MP-UNREACH)

Switches
a. After the peer configuration for PE2 is deleted from PE1, PE1 sends an
Update packet carrying the MP-UNREACH attribute to PE2. After
receiving the packet, PE2 withdraws its local VC label, tears down VC1,
and sends an Update packet carrying the MP-UNREACH attribute to PE1.
b. After receiving the Update packet, PE1 withdraws its local VC label and
tears down VC2.
BGP AD VPLS
Introduction to BGP AD VPLS
BGP AD VPLS, short for Border Gateway Protocol Auto-Discovery Virtual Private
Line Service, is a new technology for automatically deploying VPLS services.
BGP AD VPLS-enabled devices exchange extended BGP Update packets to

automatically discover BGP peers in a VPLS domain. After BGP peer relationships
are established, these devices use LDP FEC 129 to negotiate and establish VPLS
PWs. In addition, BGP AD Hierarchical Virtual Private LAN Service (HVPLS) is
deployed by disabling split horizon. This allows all BGP peers in an AS to function
as user-end provider edges (UPEs) on an HVPLS network.
Purpose
As VPLS technology becomes more widely used, VPLS networks grow in size and
complexity. BGP AD VPLS is used to simplify configurations using automatic VPLS
member discovery and automatic PW deployment. This allows services to be
deployed automatically and reduces OPEX.
BGP AD VPLS has the advantages of both LDP and BGP VPLS. BGP AD VPLS-
enabled devices exchange extended BGP Update packets to automatically discover
BGP peers in a VPLS domain. After BGP peer relationships between them are
established, the devices use LDP FEC 129 to negotiate and establish VPLS PWs.
VPLS services are automatically deployed on these PWs.
Related Concepts
Table 7-3 shows related concepts involved in BGP AD VPLS.
Table 7-3 Concepts in BGP AD VPLS
Acronym and Full Name Description

Abbreviation
VPLS ID Virtual Private LAN Service ID Identifier of a VPLS domain
AGI Attachment Group Identifier Domain identifier used during

PW negotiation between PEs
in a VPLS domain
AII Attachment Individual VSI identifier used during PW

Identifier negotiation between PEs in a
VPLS domain
SAII Source Attachment Individual Local IP address used by BGP

Identifier AD VPLS to negotiate the
creation of a PW

Switches
Acronym and Full Name Description

Abbreviation
TAII Target Attachment Individual Remote IP address used

Identifier during negotiation on the
creation of a PW
FEC 129 Forwarding Equivalence Class New type of FEC used by LDP
129 signaling
Implementation
BGP AD VPLS automatically discovers VPLS BGP peers, simplifying configuration
and saving labels.
BGP AD VPLS-enabled devices exchange extended BGP Update packets carrying
VSI information and automatically discover BGP peers in a VPLS domain. After
BGP peer relationships are established, these devices use LDP FEC 129 to negotiate
and establish VPLS PWs. VPLS services are automatically deployed on these PWs.
1. Automatically Discovering PEs in a VPLS Domain
Automatically discovering PEs in a VPLS domain is the first phase of VPLS
service deployment. BGP is used to automatically discover PEs in a VPLS
domain. Figure 7-8 shows the process of and information used for
automatically discovering PEs in a VPLS domain.
Figure 7-8 Automatically discovering PEs in a VPLS domain
BGP UPDATE
VPLS-ID:65535:100
RD:65535:100
VSI-ID:1.1.1.1
RT:5:5
Next Hop:1.1.1.1
Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32
AS 65535
PE1 PE2
CE1 BGP UPDATE CE2

VPLS-ID:65535:100
RD:65535:100
VSI-ID:2.2.2.2
RT:5:5
Next Hop:2.2.2.2

Switches
The process of automatically discovering PEs in a VPLS domain is as follows:

a. The VPLS ID, RT, VSI ID are set on PE1 and encapsulated in BGP AD
Update messages. These messages are sent to all peer PEs in all BGP
areas. The operations and process are the same on PE2.
NOTE
By default, the RD is equal to the VPLS ID. If the VPLS ID is set, the RD does not need
to be set. The VSI ID is equal to the local LSR ID and does not need to be set.
b. After receiving BGP AD packets, PEs check whether the BGP AD packets
match the RT policy. If they match, PEs obtain the VSI information carried
in the packets and compare the obtained information to the local
configuration. After comparison, one of the following results is obtained:
▪ If VPLS IDs of VSIs on both PEs are the same, the two VSIs are in the
same VPLS domain. One and only one PW to be established between
them.
▪ If VPLS IDs of VSIs on two PEs are different, the two VSIs are in
different VPLS domains. A PW cannot be established between them.
2. Automatically Deploying a PW
After a PE discovers remote PEs in a VPLS domain, BGP AD uses LDP FEC 129
to negotiate the creation of PWs. Figure 7-9 shows the negotiation process.
Figure 7-9 Negotiation process for automatically deploying a PW
LDP Mapping(FEC 129)

Next Hop:1.1.1.1
AGI:65535:100(VPLS-ID)
SAII:1.1.1.1(VSI-ID)
TAII:2.2.2.2(VSI-ID from BGP AD)
Label:2001
Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32
AS 65535
PE1 PE2
CE1 LDP Mapping(FEC 129) CE2

Next Hop:2.2.2.2
AGI:65535:100(VPLS-ID)
SAII:2.2.2.2(VSI-ID)
TAII:1.1.1.1(VSI-ID from BGP AD)
Label:2001

Switches
The process of automatically deploying a PW is as follows:

a. If no LDP session exists between two PEs in the same VPLS domain, the
two PEs still initiate negotiation to establish an LDP session. Once an LDP
session is already established, the PEs exchange LDP Mapping messages
by using FEC 123 signaling. The LDP Mapping messages carry
information such as AGI, SAII, TAII, and the label.
NOTE
After BGP AD VPLS members are discovered, BGP AD VPLS actively triggers LDP to
establish an LDP session, allowing the establishment of a PW for VPLS services. If
VPLS services are deleted and the LDP session is no longer used, LDP deletes the LDP
session. This simplifies maintenance, increases the efficiency of network and system
resource use, and improves network performance.
b. After a PE receives an LDP Mapping message, the PE parses and obtains
information including the VPLS ID, PW type, MTU, and TAII. The PE
compares this information to the local VSI information. If the information
is the same and meets the requirements for establishing a PW, the PEs
establish a PW.
7.2.3 Packet Encapsulation
Packet Encapsulation on ACs

Packet encapsulation on ACs depends on the user access mode, which can be
either VLAN or Ethernet. The default user access mode is VLAN.
Table 7-4 Packet encapsulation on ACs
Packet Description
Encapsulati
on Type
VLAN The header of each Ethernet frame sent between CEs and PEs
carries a VLAN tag, known as the provider-tag (P-Tag). This is a
service delimiter identifying users on an ISP network.
Ethernet Ethernet frame headers do not contain P-Tags. If the frame

header contains a VLAN tag, it is an inner VLAN tag called the
user-tag (U-Tag). A CE does not add the U-Tag to an Ethernet
frame; instead, the tag is carried in a packet before the packet is
sent to the CE. A U-Tag informs the CE to which VLAN the packet
belongs, and is meaningless to PEs.
Packet Encapsulation on PWs

The PW ID and PW encapsulation type together uniquely identify a PW. The PW
IDs and PW encapsulation types configured on both end PEs of a PW must be the
same. The packet encapsulation types on PWs can be raw or tagged. By default,
packets are encapsulated in tagged mode.

Switches
Table 7-5 Packet encapsulation on PWs

Packet Description
Encapsulatio
n Type
Raw Packets transmitted over a PW cannot carry P-Tags. If a PE

receives a packet with the P-Tag from a CE, the PE strips the P-
Tag and adds double labels (outer tunnel label and inner VC
label) to the packet before forwarding it. If a PE receives a
packet with no P-Tag from a CE, the PE directly adds double
labels (outer tunnel label and inner VC label) to the packet
before forwarding it. The PE determines whether to add the P-
Tag to a packet, depending on the configuration, before sending
it to a CE. The PE is not allowed to rewrite or remove an existing
U-Tag.
Tagged Packets transmitted over a PW must carry P-Tags. If a PE

receives a packet with the P-Tag from a CE, the PE directly adds
double labels (outer tunnel label and inner VC label) to the
packet before forwarding it. If a PE receives a packet with no P-
Tag from a CE, the PE adds a null P-Tag and double labels (outer
tunnel label and inner VC label) to the packet before forwarding
it. The PE determines whether to rewrite, remove, or preserve
the P-Tag of a packet, depending on the configuration, before
forwarding it to a CE.
VPLS Packets and Encapsulation Modes

Encapsulation modes of packets transmitted over ACs and PWs can be used
together. The following uses Ethernet + raw encapsulation (without U-Tag) and
VLAN + tagged encapsulation (with U-Tag) as examples to describe the packet
exchange process.
● Ethernet + raw encapsulation (without U-Tag)

Switches
Figure 7-10 Ethernet + raw encapsulation (without U-Tag)
CE1
AC L2 Header IP Header Data
PE1
PW L2 Header Tunnel Label VC Label L2 Header IP Header Data
PE2
AC L2 Header IP Header Data
CE2
In Figure 7-10, ACs use Ethernet encapsulation and PWs use raw
encapsulation. Packets transmitted from CEs to PEs do not carry U-Tags.
The packet exchange process is as follows:
a. CE1 sends a Layer 2 packet without a U-Tag or P-Tag to PE1.
b. PE1 searches the corresponding VSI for a forwarding entry and selects a
tunnel and a PW to forward the packet based on the found forwarding
entry.
c. PE2 receives the packet from PE1 and decapsulates the packet by
removing the Layer 2 encapsulation header added by PE1 and the inner
VC label of the packet (the outer tunnel label has been popped out at the
penultimate hop).
d. PE2 sends the original Layer 2 packet to CE2.
The process of sending a packet from CE2 to CE1 works similarly.
● VLAN + tagged encapsulation (with U-Tag)

Switches
Figure 7-11 VLAN access in tagged mode (with U-Tag)
CE1
L2 IP
AC P-TAG U-TAG Data
Header Header
PE1
L2 Tunnel VC L2 IP
PW P-TAG U-TAG Data
Header Label Label Header Header
PE2
L2 IP
AC P-TAG U-TAG Data
Header Header
CE2
In Figure 7-11, ACs use VLAN encapsulation and PWs use tagged
encapsulation. Packets transmitted from CEs to PEs carry U-Tags and P-Tags.
The packet exchange process is as follows:
a. CE1 sends a packet encapsulated at Layer 2 and carrying both a U-Tag
and a P-Tag to PE1.
b. PE1 receives the packet but does not process either tag. PE1 retains the
U-Tag because it treats the U-tag as service data.
c. PE1 retains the P-Tag because a packet sent to a PW with the tagged
packet encapsulation mode must carry a P-Tag.
d. PE1 searches the corresponding VSI for a forwarding entry and selects a
tunnel and a PW to forward the packet based on the forwarding entry
found.
e. PE1 adds double labels (outer tunnel label and inner VC label) to the
packet based on the selected tunnel and PW, performs Layer 2
encapsulation, and forwards the packet to PE2.
f. PE2 receives the packet from PE1 and decapsulates the packet by
removing the Layer 2 encapsulation header added by PE1 and the inner
VC label of the packet (the outer tunnel label has been popped out at the
penultimate hop).
g. PE2 forwards the original Layer 2 packet to CE2. The packet carries the
U-Tag and P-Tag.
The process of sending a packet from CE2 to CE1 works similarly.
Processing of Tags Carried in Packets

The system processes packets according to their AC interface and PW
encapsulation types.

Switches
Two PW encapsulation modes can be used: Ethernet encapsulation (raw mode)

and VLAN encapsulation (tagged mode).
NOTE
PE removes P-Tags of VPLS packets when sending VPLS packets through an AC interface if
either of the following is true:
● The link type of the AC interface is trunk, and the VLAN tag of packets is the same as
the PVID of the interface.
● The link type of the AC interface is hybrid, and the VLAN tag of packets is the same as
the untagged VLAN ID or PVID of the interface.
Table 7-6 Processing tags carried in packets from the AC to the PW

PW Encapsulation Type Processing Logic
VLAN encapsulation Do not process the P-Tag carried in a

packet.
Ethernet encapsulation If a P-Tag is carried in a packet, delete

the P-Tag from the packet.
If no P-Tag is carried in a packet, do
not process the packet.
Table 7-7 Processing tags carried in packets from the PW to the AC

AC Interface Type Processing Logic
GE, XGE, 40GE, or Eth-Trunk interface Do not process the packet.
VLANIF interfaces If a P-Tag is carried in a packet, rewrite

the P-Tag.
If no P-Tag is carried in a packet, add a
P-Tag to the packet.
VLAN stacking sub-interface If a P-Tag is carried in a packet, delete

the P-Tag from the packet.
If no P-Tag is carried in a packet, do
not process the packet.
VLAN mapping sub-interface If a P-Tag is carried in a packet, rewrite

the P-Tag.
If no P-Tag is carried in a packet, add a
P-Tag to the packet.
NOTE
The added or replaced tag is the VLAN tag
on the interface where VLAN mapping is
not performed.
Dot1q sub-interface Do not process the packet.
QinQ sub-interface Do not process the packet.

Switches
7.2.4 MAC Address Management

Background
A characteristic of Ethernet is that interfaces send broadcast packets, multicast
packets, and unicast packets with unknown destination MAC addresses to all other
interfaces on the Ethernet. As an Ethernet-based technology, VPLS emulates an
Ethernet bridge for user networks. To forward packets on a VPLS network, PEs
must establish MAC address tables and forward packets based on MAC addresses
or MAC addresses and VLAN tags.
MAC Address Learning and Flooding

MAC address learning
PEs create MAC address tables based on dynamic MAC address learning and
associates destination MAC addresses with PWs.
Table 7-8 describes MAC address learning modes.
Table 7-8 MAC address learning modes

Learning Description Characteristic
Mode
Qualified A PE learns the MAC addresses The broadcast domain is

and VLAN tags of received confined to each user
Ethernet frames. In this mode, VLAN. Qualified learning
each user VLAN is an can result in large
independent broadcast domain Forwarding Information
and has independent MAC Base (FIB) table sizes. The
address space. logical MAC address is
now a VLAN tag + MAC
address.
Unqualified A PE learns only the MAC If an AC interface is

addresses of Ethernet frames. In associated with multiple
this mode, all user VLANs share user VLANs, this AC
the same broadcast domain and interface must be a
MAC address space. The MAC physical interface bound
address of each user VLAN must to a unique VSI.
be unique.
NOTE
At the time of writing, the switch supports MAC address learning only in unqualified mode.
Flooding
Because VPLS is Ethernet based, received packets with unknown unicast addresses,
broadcast addresses, or multicast addresses are flooded out of all other interfaces.
If these packets need to be forwarded in multicast mode, PEs use other methods
such as Internet Group Management Protocol (IGMP) snooping.

Switches
Implementation
● User-side packets
After receiving packets from a CE, a PE maps their source MAC addresses to
AC interfaces.
● PW-side packets
– A PW consists of a pair of MPLS Virtual Circuits (VCs) transmitting in
opposite directions.
– A PW will go Up only after the two MPLS VCs are established.
– After a PE receives a packet with an unknown source MAC address from a
PW, the PE maps the source MAC address to the PW receiving the packet.
Figure 7-12 shows the process of MAC address learning and flooding on a PE. PC1
and PC2 both belong to VLAN10. PC1 pings IP address 10.1.1.2. PC1 does not
know the MAC address corresponding to this IP address and advertises an Address
Resolution Protocol (ARP) Request packet.
Figure 7-12 MAC address learning and flooding process

PE1 PE3
VSI MAC Port VSI MAC Port
VPN1 A VLAN10, port1 VPN1 A PW2
VPN1 B PW1
CE1 PE1 PE3 CE3
Port1 PW2
PW1 PW3
PC3
PC1 MAC: C
PE2
MAC: A IP: 10.1.1.3/24
IP: 10.1.1.1/24 Port2
VLAN: 10 PE2
CE2 VSI MAC Port
VPN1 A PW1
VPN1 B VLAN10, port2
MAC: B
IP: 10.1.1.2/24 PC2 ARP Broadcast
VLAN: 10
ARP Reply
1. PE1 receives the ARP Broadcast packet sent by PC1 from Port1 connected to
CE1, PE1 adds the MAC address of PC1 to its own MAC address table, as
shown in the blue section of the MAC entry.
2. PE1 floods the ARP Broadcast packet (the blue dashed line on PE1) to other
interfaces. PW1 and PW2 are regarded as interfaces in this case.

Switches
3. After receiving the ARP Broadcast packet from PW1, PE2 adds the MAC
address of PC1 to its own MAC address table, as shown in the blue section of
the MAC entry.
4. Based on split horizon, PE2 sends the ARP Broadcast packet to only the
interface connecting to CE2 (as indicated by the blue dashed line), but not to
PW1. This ensures that only PC2 receives the ARP Broadcast packet. VPLS split
horizon ensures that packets received from public network PWs are forwarded
to only private networks, not to other public network PWs.
5. After PC2 receives the ARP Broadcast packet and finds that the destination
address matches its own, PC2 sends an ARP Reply packet to PC1 (as indicated
by the orange dashed line).
6. After receiving the ARP Reply packet from PC2, PE2 adds the MAC address of
PC2 to its own MAC address table, as indicated by the orange section of the
MAC entry. After searching its MAC address table, PE2 sends the ARP Reply
packet to PE1 over PW1.
7. After receiving the ARP Reply packet from PE2, PE1 adds the MAC address of
PC2 to its own MAC address table, as shown in the orange section of the MAC
entry. PE1 searches its MAC address table, and sends the ARP Reply packet to
PC1 through Port1.
8. After receiving the ARP Reply packet from PC2, PC1 has learned the MAC
address.
9. While advertising the ARP Broadcast packet to PW1, PE1 also advertises the
ARP Broadcast packet to PE3 over PW2. After receiving the ARP Broadcast
packet, PE3 adds the MAC address of PC1 to its MAC address table, as shown
in the blue section of the MAC entry. Based on split horizon, PE3 sends the
ARP Broadcast packet to only PC3. Because PC3 is not the destination of the
ARP Broadcast packet, PC3 does not send any ARP Reply packet.
MAC Address Withdrawal

Dynamic MAC addresses need to be updated and relearned. The VPLS draft
defines a MAC Withdraw message with an optional MAC type-length-value (TLV)
to remove or relearn the MAC address list.
MAC Withdraw messages enable devices to quickly delete matching MAC
addresses when network topology changes. MAC Withdraw messages are
classified into two types:
● Messages with a MAC address list
● Messages without a MAC address list
When a backup link (AC link or VC link) becomes Up, a PE that detects the link
status change receives a MAC Withdraw message carrying a list of MAC addresses
to be relearned. After receiving the message, the PE updates the MAC address
entries in the forward information base (FIB) table of the corresponding VSI, and
sends the message to PEs directly connected to it through Label Distribution
Protocol (LDP) sessions. If the MAC Withdraw message contains an empty MAC
address list TLV, the PE deletes all the MAC addresses in the specified VSI except
the MAC address learned from the PE that sends the message.

Switches
MAC Address Aging

An aging mechanism removes no-longer needed MAC entries. If a MAC entry is
not updated within the specified period of time, the entry is aged out.
7.2.5 Loop Prevention

On an Ethernet network, Spanning Tree Protocol (STP) is often used to prevent
loops. However, VPLS users do not know the topology of the Internet Service
Provider (ISP) network. Therefore, enabling STP on the private network cannot
prevent loops on the ISP network. VPLS uses full-mesh PWs and split horizon to
prevent loops.
● PEs in a VSI must be fully meshed. This means that each PE must create a
tree to every other PE in the VSI.
● All PEs must support split horizon to avoid loops. Split horizon requires that
packets sent on a PW in a VSI should not be forwarded over other PWs in the
VSI. Any two PEs in a VSI must communicate directly over a single PW,
without data being forwarded through an intermediary device. This is why
full-mesh PWs are required between PEs in a VSI.
The full-mesh PEs and split horizon ensure route reachability and prevent loops on
VPLS networks. If a CE is connected to multiple PEs, or multiple CEs on the same
VPLS VPN are interconnected, VPLS cannot guarantee loop prevention. In this
situation, other methods must be used to prevent loops.
STP can run on an L2VPN private network. All STP Bridge Protocol Data Units
(BPDUs) are transparently transmitted over the ISP network.
7.2.6 HVPLS
Hierarchical Virtual Private LAN Service (HVPLS) is a technology for hierarchizing
the VPLS network.
Background of HVPLS
In VPLS using BGP or LDP signaling, the basic mechanism for preventing loops is
to set up a full mesh of all sites. LDP sets up fully-meshed LDP sessions among all
sites, and BGP sets up fully-meshed BGP sessions among all sites. During packet
forwarding, the split horizon scheme is used. Packets from a PW are therefore not
forwarded to other PWs. If a VPLS network has N PEs, it has N x (N - 1)/2
connections. When the number of PEs increases, the number of VPLS connections
increases by N2. For example, if the number of sites is 100, the number of LDP
sessions between sites is 4950.
HVPLS can solve the problem of excessive connections and improve network
scalability. HVPLS was introduced in draft-ietf-l2vpn_vpls_ldp. HVPLS hierarchizes
the network into different levels. Networks at each level are fully meshed. Devices
of different levels are connected through PWs and forward packets to each other.
If HVPLS is used, devices do not need to comply with the split horizon scheme.
HVPLS Model
Figure 7-13 shows the basic HVPLS model.

Switches
Figure 7-13 HVPLS Model
MPLS Core
SPE1 Network
SPE4
MPLS Edge MPLS Edge
Network SPE2 SPE3 Network
UPE1 UPE2
CE1
CE4
VPN1 VPN2
Site1 CE2 CE3 Site4
VPN2 VPN1
Site2 Site3
In the basic HVPLS model, PEs can be classified into the following types:
● Underlayer provider edge (UPE)
A UPE is a customer convergence device directly connected to a CE. Each UPE
needs to be connected to only one PE in a fully-meshed VPLS network. UPEs
support routing and MPLS encapsulation. If a UPE is connected to multiple
CEs and can provide the basic bridging function, frame forwarding is
performed only on the UPE. This reduces the burden on the SPE.
● Superstratum PE (SPE)
An SPE is a device that is connected to a UPE and is located in the core of a
fully-meshed VPLS network. The SPE is connected to all devices in a fully-
meshed VPLS network.
From the perspective of an SPE, UPEs function like CEs. In data forwarding, the
SPE uses the PW established between itself and a UPE as an AC. The UPE adds
double MPLS labels to packets sent by CEs. The outer layer is an LSP label that is
switched when a packet passes through devices on the access network. The inner
label is a VC label that identifies a VC. After receiving double-tagged packets, the
SPE directly removes the outer label, which is a statically configured public
network label. The SPE determines which VSI the SVC accesses based on the inner
label.
HVPLS Access Mode

The switch supports only LDP HVPLS. In LDP HVPLS, UPEs connect to the SPE
through LSPs.

Switches
Figure 7-14 HVPLS access in LSP mode

CE1 CE3
PW
LSP Tunnel LSP Tunnel
VPN1 VPN1
SPE1 SPE3
VSI 1 VSI 1
UPE1 UPE3
VSI 2 VSI 2
CE4 CE6
VPN2 VSI 1 VSI 2 VPN2

SPE2
LSP Tunnel
UPE2
CE2 CE5
VPN1 VPN2
In Figure 7-14, UPE1 functions as a convergence device. UPE1 sets up a VC with

SPE1 to access a PW. UPE1 does not set up VCs with other peers. The PW between
a UPE and an SPE is called U-PW; the PW between SPEs is called S-PW.
The process of CE1 sending packets to CE 2 is as follows:
1. CE1 sends a packet to UPE1. The destination MAC address of the packet is
CE2.
2. UPE1 is responsible for forwarding the packet sent by CE1 to SPE1. UPE1 adds
double MPLS labels to this packet. The outer label identifies the LSP tunnel
between UPE1 and SPE1; the inner label identifies the VC between UPE1 and
SPE1.
3. The LSR between UPE1 and SPE1 transmits the packet and switches labels of
the packet. The outer label is stripped at the penultimate hop.
4. After receiving the packet, SPE1 determines the VSI that the packet belongs to
based on the MPLS inner label and finds that the packet belongs to VSI 1.
5. SPE1 strips the MPLS inner label added to the packet by UPE1.
6. SPE1 examines the entry of the VSI based on the destination MAC address of
the packet, and finds that this packet needs to be sent to SPE2. SPE1 adds
double MPLS labels to this packet. The outer label identifies the LSP tunnel
between SPE1 and SPE2; the inner label identifies the VC between SPE1 and
SPE2.
7. The LSR between SPE1 and SPE2 transmits the packet and switches labels of

Switches
8. After receiving the packet from the S-PW side, SPE2 determines the VSI that
the packet belongs to based on the MPLS inner label, and finds that the
packet belongs to VSI 1. SPE2 strips the MPLS inner label added to the packet
by SPE1.
9. SPE2 adds double MPLS labels to this packet. The outer label identifies the
LSP tunnel between SPE2 and UPE2; the inner label identifies the VC between
UPE2 and SPE2. SPE2 then forwards the packet.
10. The LSR between SPE1 and UPE2 transmits the packet and switches labels of
11. After receiving the packet, UPE2 strips the MPLS inner label added to the
packet by UPE2. UPE2 examines the entry of the VSI based on the destination
MAC address of the packet. UPE2 finds that the packet is to be sent to CE2
and forwards the packet accordingly.
As shown in Figure 7-14, CE1 and CE4 access the same PE. The UPE directly
forwards the packet between CE1 and CE4 without sending the packet to SPE1,
because the UPE functions as a bridge. However, if CE1 sends a broadcast packet
or a packet with unknown destination MAC address, UPE1 broadcasts the packet
to CE4 and forwards the packet to SPE1 through the U-PW. SPE1 copies the packet
and forwards it to each peer CE.
HVPLS Loop Prevention

HVPLS loop prevention differs from VPLS loop prevention in the following ways:
● Full-mesh connections (full-mesh PWs) only need to be set up between SPEs,
and are not required between UPEs and SPEs.
● An SPE does not forward packets received from the PW connected to the SPE
to PWs that are associated with the VSI or PWs connected to other SPEs. The
SPE forwards such packets to PWs connected to UPEs.
● An SPE forwards packets received from the PW connected to a UPE to all PWs
that are associated with the VSI and connected to other SPEs.
HVPLS Access Link Backup

The drawback of using HVPLS is evident if only a single link exists between a UPE
and an SPE or between a CE and a PE. All VPNs connected to the convergence
device lose connectivity if the access link fails. Therefore, a backup link must exist
for either HVPLS access model. Normally, each device uses only a single link (the
master link) for access. If the VPLS system detects that the access link has failed,
the system starts using the backup link to ensure the continuity of the VPN
service.
For HVPLS in LSP access mode, an LDP session is run between a UPE and an SPE.
You can determine whether the master PW has failed based on the status of the
LDP session.
In Figure 7-15, PW4 is the master PW between UPE1 and SPE1. After UPE1
detects that PW4 has failed, it automatically starts using the backup route for
PW4 to transmit packets.
A packet with the MAC address as 0001-1111-abcd reaches CE3 through PW4.
Using the VPLS MAC address learning mechanism of VPLS, SPE1 and SPE3 learn
the MAC address of the corresponding virtual interface (as shown in blue in the

Switches
MAC address table). SPE3 preserves the MAC address entry because the link
switchover of the peer is unknown.
The packet from CE3 cannot be forwarded to CE1 based on the original entry in
the MAC address table. When performing the switchover between the master PW
and backup PW, UPE therefore needs to withdraw the related MAC address. The
MAC address can be withdrawn by sending an LDP MAC Withdraw message.
If multiple MAC addresses need to be withdrawn, you can directly send a MAC
Withdraw message with the MAC address list as null. This clears all MAC
addresses on the VPN except the entry of the link that sends the MAC Withdraw
message.
Figure 7-15 Updating MAC addresses after a switchover between the primary and
secondary PWs
MAC SPE1
0001-1111-abcd VSI MAC Port
VPN1 0001-1111-abcd PW4
CE1 SPE3
VSI MAC Port
SPE1 VPN1 0001-1111-abcd PW1
PW4 PW1
UPE2 CE3
PW5
UPE1 PW2
PW4 PW3
SPE3
(Backup)
SPE2
CE2 CE1 MAC Withdraw
The procedure for sending and processing the MAC Withdraw message is as
follows:
1. UPE1 sends a MAC Withdraw message (shown by the dashed blue line) to
SPE2.
2. SPE2 processes the MAC Withdraw message and learns the MAC address of
the backup route for PW4. The MAC address is 0001-1111-abcd.
3. SPE2 sends the MAC Withdraw message to the peers SPE1 and SPE3. SPE1
and SPE3 process the MAC Withdraw message and learn the MAC address
0001-1111-abcd.
7.2.7 Inter-AS VPLS

Inter-AS VPLS refers to the application of the VPLS across multiple ASs. The switch
supports only inter-AS Option A.
When using inter-AS VPLS, you do not need to consider the learning or forwarding
functions of VSIs. Only establishment of PWs between PEs is important. Inter-AS

Switches
VPLS therefore has the same principle and implementation methods as those of
inter-AS L2VPN.
In Option A, configuration is easy. There is no need to run MPLS between ASBRs

or perform particular configurations for inter-AS communications. However,
Option A has poor expansion capacity and higher requirements for PEs. It is
suitable for use in the early servicing stage when the number of inter-AS VPNs is
small.
Inter-AS Kompella VPLS (Option A)

Figure 7-16 shows an example implementation of the inter-AS Kompella VPLS
(Option A).
Figure 7-16 Inter-AS Kompella VPLS (Option A)
VPLS Backbone VPLS Backbone

AS 100 AS 200
Loopback1 Loopback1 Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32 4.4.4.4/32
PE1 ASBR1 ASBR2 PE2
VLAN10 VLAN10
CE1 CE2
The inter-AS Kompella VPLS (Option A) is implemented as follows:
● An IGP protocol is configured on the backbone network to allow

communication between ASBRs and PEs. Tunnels are set up between PEs.
● MP-IBGP peer relationships are established between the PE and ASBR in each
same AS.
● VSIs are configured on PE1, PE2, ASBR1, and ASBR2. The VSIs are bound to
the AC interfaces.
Inter-AS Martini VPLS (Option A)

Figure 7-17 shows an example implementation of the inter-AS Martini VPLS
(Option A).

Switches
Figure 7-17 Inter-AS Martini VPLS (Option A)

AS 100 AS 200
Loopback1 Loopback1 Loopback1 Loopback1
1.1.1.1/32 2.2.2.2/32 3.3.3.3/32 4.4.4.4/32
PE1 ASBR1 ASBR2 PE2
VLAN10 VLAN10
CE1 CE2
The inter-AS Martini VPLS (Option A) is implemented as follows:
● An IGP protocol is configured on the backbone network to allow

communications between devices in the same AS.
● Basic MPLS functions are enabled on the backbone network. A dynamic LSP is
set up between the PE and ASBR in each AS. A remote LDP session is set up
between the PE and ASBR if they are not directly connected.
● A VPLS connection is set up between the PE and ASBR in each AS.
7.2.8 VPLS PW Redundancy
Background
To protect against failures and improve reliability, a redundant provider edge (PE)
is often deployed for a service. If a redundant PE is provided for a virtual private
wire service (VPWS) or virtual private LAN service (VPLS), two pseudo wires (PWs)
are deployed for PW protection. This mechanism is called PW redundancy.
PW redundancy, specified in draft-ietf-pwe3-redundancy-bit-04, can effectively

increase devices' switchover efficiency to reduce service interruption and improve
network reliability.
PW redundancy, which is widely used for point-to-point services on VPWS

networks, can be used on VPLS networks because point-to-multipoint VPLS
services can be considered as point-to-point services for each point.
PW redundancy used on VPLS networks is called VPLS PW redundancy. It helps

rapidly converge VPLS networks and reduce service interruption.

Switches
Related Concepts
In Figure 7-18, VPLS PW redundancy protects service traffic transmission between
customer edge 1 (CE1) and CE2 on the VPLS network.
Currently, VPLS PW redundancy can work in Master/Slave mode, specified on PE1.
PE1 determines whether a local PW is in the primary or secondary state based on
preset forwarding priority.
PEs on the two ends of a PW protection group must negotiate the PW states to
ensure that they select the same PW to transmit packets.
● Primary/Secondary: defines the PW forwarding priority. The PW forwarding
priorities can be configured, and a smaller value indicates a higher priority. A
PW with the highest priority is the primary PW.
NOTE
PW forwarding priorities take effect only when PE1 uses PW redundancy in Master/
Slave mode. In Master/Slave mode, PE1 instructs PE2 and PE5 to change the
forwarding status of PWs to be the same as those of PWs on PE1. In Independent
mode, the master and backup status of PE2 and PE5 determines forwarding priority of
local PWs.
● Active/Standby: defines the PW forwarding status and cannot be configured.
Only active PWs are used for forwarding traffic. Standby PWs can only receive
traffic.
NOTE
Active/Inactive and Primary/Backup are terms used by Huawei that have the same
meaning with Active/Standby defined in draft-ietf-pwe3-redundancy-bit-04. They all
indicate the PW forwarding status.
Implementation
To ensure the same forwarding capability, two PEs must select the same PW to
forward service data when the PW redundancy protection mechanism is used. In
addition, only one PW in a PW protection group can be in the working status. To
implement these functions, a signaling protocol is required.
RFC specifies the PW Status TLV to transmit the PW forwarding status. The PW
Status TLV is transported to the remote PW peer using a Label Mapping or
Notification message. The PW Status TLV is a 32-bit status code field. Each bit in
the status code field can be set individually to indicate a PW forwarding status.
PW redundancy introduces a new PW status code 0x00000020, which indicates
"PW forwarding standby".
Forwarding priorities (Primary or Secondary) must be configured for PWs that
back up each other. The highest priority PW will be selected as the primary PW to
forward traffic. The remaining PWs will be in the Secondary state to protect the
primary PW.
NOTE
Currently, only one secondary PW can be configured for a primary PW.
The forwarding status of a PW determines whether the PW is used to forward

traffic. The PW forwarding status depends on the following:

Switches
● Local and remote PW signaling status of a PW: A PE monitors the local

signaling status and uses PW redundancy signaling to obtain remote signaling
status from a remote PE.
● PW redundancy mode: Master/Slave or Independent mode is specified on PE1.
● PW forwarding priority: PW forwarding priorities (Primary or Secondary) are
specified on PE1.
Figure 7-18 shows that VPLS PW redundancy is configured on PE1. In normal
cases, all local and remote PW signaling states on PE1 are Up. PEs at the two ends
of a PW in different VPLS PW redundancy modes use different methods to select
the same PW for transmitting user packets.
● In Master/Slave mode, PE1 determines local PW forwarding states based on
preset forwarding priorities and informs PE2 and PE5 of the PW forwarding
states.
NOTE
PE2 and PE5 don't support to determine their PW forwarding states based on the
received PW primary and secondary states.
● In Independent mode, PE1 determines local PW forwarding states based on
the forwarding states learned from PE2 and PE5; PE2 and PE5 determine their
PW primary and secondary states based on signaling, which can be enhanced
trunk (E-Trunk), enhanced automatic protection switching (E-APS), or Virtual
Router Redundancy Protocol (VRRP), and notify PE1 of the forwarding states.
In both Master/Slave and Independent modes, if a primary PW is faulty, it
becomes Inactive and its secondary PW becomes Active. PW-side faults do not
affect the AC status. If AC-side faults occur (for example, a PE or an AC link is
faulty), the PW primary and secondary states in Independent mode will change
because the states are determined by the master and backup states of the dual-
homing devices; the PW primary and secondary states in Master/Slave mode will
not change because they are determined by the PW.
NOTE
VPLS PW redundancy is similar to VPWS PW redundancy, with the exception that a virtual
switch instance (VSI) has multiple PWs to different PEs. These PWs form various PW
groups. PW switching in one group does not affect other PW groups.

Switches
Figure 7-18 VPLS PW redundancy networking

PE2
CE1 CE2
PE1 VPLS
PE5
PE3
PE4
PE6
CE3
CE4 Primary PW
Secondary PW
Derivative Function
In addition to protection against network faults in real time, VPLS PW redundancy
allows users to manually switch traffic between PWs in a group during network
operation and maintenance. For example, if a device providing a primary PW
needs to be maintained, a user can switch traffic to the secondary PW and switch
it back to the primary PW after the maintenance.
NOTE
The interval between a switchover and a revertive switchover must be at least 15s.
Usage Scenarios
VPLS PW redundancy can be used on hierarchical virtual private LAN service
(HVPLS) networks as well as VPLS and virtual leased line (VLL) interconnected
networks. These two types of networks can bear any services. However, service
deployment suggestions in the two networking modes are as follows:
● HVPLS networks are suitable for bearing multicast services, such as Internet
Protocol television (IPTV) services, because HVPLS networks can save VPLS
core network bandwidth.
● VPLS and VLL interconnected networks are suitable for bearing unicast
services, such as high-speed internet (HSI) and voice over IP (VoIP) services,
because PEs on a VLL do not need to learn user MAC addresses.
VPLS PW redundancy can also be used to improve reliability of existing networks.
On the VPLS network in Figure 7-18, CE1 communicates with CE2, CE3, and CE4
through PWs established between VSIs on PE1 and PE2, PE3, and PE4.
As services develop, services between CE1 and CE2, and between CE1 and CE3
require high reliability. Services between CE1 and CE4 do not require high
reliability.
To meet the reliability requirements, PE5 and PE6 are deployed on the VPLS
network to provide VPLS PW redundancy protection for PE2 and PE3. In addition,

Switches
multiple PW groups to peer PEs are configured in one VSI on PE1. Links between
CE1 and CE4 remain unchanged.
VPLS PW redundancy protects services against failures on the network, ACs, or PEs
without affecting existing services, improving network reliability.
NOTE
VPLS PW redundancy can be provided for the desired services without affecting services on
other PWs, which reduces costs and maximizes profits.
7.2.9 VPLS Convergence
Introduction
VPLS convergence is a solution for transmitting data from the convergence layer
to the access layer in a Metro Ethernet network. VPLS convergence involves dual
homing an underlayer provider edge (UPE) to superstratum provider edges (SPEs),
ensuring high reliability.
When VPLS convergence is used, HVPLS connections or VPLS connections are

established between the UPE and SPEs (or PE-AGGs), and management Virtual
Router Redundancy Protocol (mVRRP) runs between SPEs to determine master/
backup status. The master/backup status of a PW interface or an AC interface
between VSIs is determined by tracking the mVRRP status.
When mVRRP performs a master/backup switchover, PW interfaces or AC

interfaces between VSIs also perform a master/backup switchover. At the same
time, the VSI clears its MAC address and learns the MAC address of the new
master device.
If VPLS convergence is used, the switch can be used as a UPE and have an mVSI
configured.
Benefits
VPLS convergence has many advantages, including low cost, wide applications,
good compatibility with multicast, easy expansion, and high security.
mVPLS
mVPLS refers to management VPLS. VSIs using mVPLS are called mVSIs.
The conditions for entering the Up state for mVSIs are mostly the same as those
for normal VSIs (service VSIs). The difference is as follows:
● Service VSI: requires two or more Up AC interfaces, or an Up AC interface and

an Up PW.
● mVSI: requires only an Up PW or an Up AC interface.
The mVSI can be bound with the service VSI. Once bound, if the mVSI receives
gratuitous ARP packets, it instructs all the bound service VSIs to clear the MAC
address entries and relearn the MAC address.

Switches
mVRRP
mVRRP refers to management VRRP. An mVRRP backup group is a type of VRRP
backup group. An mVRRP backup group can be bound to service VRRP backup
groups. Once bound, the mVRRP backup group determines the status of service
VRRP backup groups according to the binding relationship.
An mVRRP backup group can be bound to multiple service VRRP backup groups
but cannot be bound to other mVRRP backup groups.
mVRRP over mVPLS

In mVRRP over mVPLS, mVRRP packets are exchanged by the mVSI and
transmitted through the mPW.
In Figure 7-19, mVPLS is run between the UPE and the SPEs. An mVSI is
configured on the UPE and the SPEs; mVRRP is run between SPEs. mVRRP packets
are transmitted through the mPW between the UPE and the SPEs and forwarded
by the mVSI. Other service packets are transmitted through the service PW and
exchanged by the service VSI between the UPE and the SPEs.
Figure 7-19 Binding of the mVSI and service VSIs

VSI 1
SPE1
VSI 2
mVSI
VSI 1 VSI 2
UPE
VSI 1
SPE2
VSI 2
PW for mVSI
PW for normal VSI
mVRRP packets and other service packets are transmitted through different PWs,
so that they are separated from each other. To enable the fast switchover of
mVRRP backup group between the SPEs, you need to configure peer BFD between
SPEs. Peer BFD packets are also transmitted through the mPW and exchanged by
the mVSI.
The mVSI and the service VSI are bound on the UPE. When the VRRP backup
group on the SPE performs master/backup switchover, the following occurs:
1. The mVSI on the UPE receives the gratuitous ARP packet sent from the SPE
through the mPW between the UPE and the SPEs.
2. The mVSI checks whether the received gratuitous ARP packet is the same as
the one previously received. To do this, the mVSI checks whether both packets

Switches
are received through the same PW and whether their IP addresses, incoming
labels, incoming interfaces, and MAC addresses are the same.
– If they are the same, the mVRRP backup group between SPEs has not
performed a master/backup switchover.
– If they are the different, the mVRRP backup group between SPEs has
performed a master/backup switchover.
3. The UPE clears the MAC addresses of all bound service VSIs according to the
binding of the mVSI and the service VSI. The service VSI on the UPE sends
mac-withdraw messages to all peer devices of the VSI. After receiving mac-
withdraw messages, the remote peers clear the MAC addresses on the PW
side.
4. When the service VSI receives a packet destined for the new SPE after the
MAC address of the original master SPE is cleared, the service VSI broadcasts
the packet. It does so because the packet is encapsulated in an unknown
frame. After receiving the packet, the master SPE learns the source MAC
address of the packet for reverse traffic forwarding.
Unlike service VSIs, the mVSI is used to transmit and intercept the ARP and
BFD packets. Users are therefore not allowed to shut down the mVSI.
Determining the Master and Backup Using mVRR in Dual-Homing

Networking
In Figure 7-20, the underlayer provider edge (UPE) is dual-homed to the network
provider edges (SPEs). VRRP is run between SPEs. The VRRP priority determines
whether an SPE is the master or the backup. When the link related to the master
SPE fails or the master SPE itself fails, the backup SPE can switch itself to be the
master SPE.
To satisfy the requirements of different services, multiple VRRP backup groups can
be run between SPEs. Each VRRP backup group needs to maintain its own state
machine; therefore, a large number of VRRP protocol packets exist between SPEs.
To simplify the operation and reduce the bandwidth occupied by protocol packets,
you can configure one VRRP backup group to be an mVRRP backup group and
bind it to other service backup groups. Then the status of the service backup
group is determined by the status of the bound mVRRP backup group.

Switches
Figure 7-20 Determining the master and backup using the mVRRP backup group
in dual-homing mode
VSI 1
SPE1
VSI 1
mVRRP
UPE
VSI 1
SPE2
PW for VSI
In different application scenarios, the bindings of mVRRP fall into the following
types:
● Binding of the service backup group and the mVRRP backup group
After the service backup group is bound to the mVRRP backup group, the
state machine of the service backup group becomes dependent. The service
backup group deletes the protocol timer, no longer sends or receives protocol
packets, and implements its state machine by directly copying the status of
the mVRRP backup group. The service backup group can be bound to only
one mVRRP backup group. The mVRRP backup group is identified by the
backup group ID (VRID) and the interface configured with the backup group.
● Binding of the service interface (also regarded as the member interface) and
the mVRRP backup group
In Figure 7-20, if the UPE is dual-homed to the SPEs through two physical
links, you can bind the service interface and the mVRRP backup group to
determine whether a service interface is the master or the backup.
– When the status of the mVRRP backup group bound to the service
interface changes to Master, the mVRRP backup group notifies all the
bound service interfaces of the change.
If L3 services are run on the interface, the status of the interface is set to
Up and the network segment route is generated. The forwarding plane
enables the bidirectional traffic forwarding according to the interface
status. If L2 services are run on the interface, the status of the interface is
directly set to Up, and the forwarding plane enables the bidirectional
traffic forwarding.
– When the status of the mVRRP backup group bound with the service
interface changes to Initialize or Backup, the mVRRP backup group
notifies the change to all the bound service interfaces.
If L3 services are run on the interface, the status of the interface is set to
Down and the network segment route is deleted. The forwarding plane
disables the bidirectional traffic forwarding. If L2 services are run on the

Switches
interface, the status of the interface is directly set to Down. The

forwarding plane disables the bidirectional traffic forwarding.
● Binding of the PW and the mVRRP backup group
In Figure 7-20, if Virtual Leased Line (VLL), Pseudo-Wire Emulation Edge to
Edge (PWE3), or VPLS is run between the UPE and the SPEs, the UPE is dual-
homed to the SPEs. You can bind the PW and the mVRRP backup group to
determine whether a PW is the master or the backup.
– If the original status of the PW is Down, the PW status remains Down.
– If the original status of the PW is Up, the PW status remains Up if the
mVRRP backup group is in the Master state. The PW status becomes
Down if the mVRRP backup group is in the Backup state.
The two SPEs can share the load, as shown in Figure 7-21.
Figure 7-21 UPE dual-homed to the SPEs
MPLS Core
Network
SPE1 SPE2
MPLS Edge
UPE1 UPE2
Network
CE1 CE4
VPN1 VPN2
CE2 CE3
Site1 Site4
VPN2 VPN1
Site2 Site3
Multiple mVRRP backup groups are run between the SPEs. The services choose
different SPEs as the master SPE through bindings with different mVRRP backup
groups. For example, a user of UPE1 uses SPE1 as the master SPE and uses SPE2
as the backup SPE. A user of UPE2 uses SPE2 as the master SPE and uses SPE1 as
the backup SPE.
Influencing the State Machine of a VRRP Virtual Router Using Link BFD and
Peer BFD
In Figure 7-22, VRRP is run between the SPE1 and SPE2. BFD running between the
two SPEs is called peer BFD. BFD running between the UPE and the SPEs is called

Switches
link BFD. Peer BFD is used to detect faults with devices and links between SPEs.
Link BFD is used to detect faults with devices and links between the UPE and the
SPEs.
Figure 7-22 Peer BFD and link BFD
SPE1
Link BFD
Peer BFD
UPE
Link BFD SPE2
The status of peer BFD and link BFD sessions and the status of the normal BFD for
VRRP session have different impacts on the VRRP backup group: The status of the
peer BFD session and the link BFD session directly affects the status of the VRRP
backup group. The status of the ordinary BFD for VRRP session indirectly affects
the status of the VRRP backup group by modifying the priority. Modifying priority,
however, does not necessarily change the status of the VRRP backup group.
mVRRP can implement master/backup switchover more rapidly and locate faults
by tracking peer BFD status and link BFD status.
7.2.10 Interworking Between LDP VPLS and BGP AD VPLS

Background
LDP VPLS uses LDP signaling packets that carry FEC 128 TLV fields to establish
and maintain PWs. Its requirements for device performance are quite low, because
peers are manually specified for PW establishment. BGP AD VPLS uses BGP to
automatically discover VPLS members and uses LDP signaling packets that carry
FEC 129 TLV fields to establish and maintain PWs. PWs are automatically
established by BGP AD VPLS. Requirements for device performance are therefore
high.
LDP VPLS is typically used on VPLS networks with a small number of sites,
whereas BGP AD VPLS is typically used on VPLS networks with a large number of
sites. As networks develop, service providers increasingly require communication
between LDP and BGP AD VPLS networks. Interworking between LDP VPLS and
BGP AD VPLS was developed to meet this demand, allowing for seamless
interconnection between LDP and BGP AD VPLS networks.
Implementation
To enable an LDP VPLS network to communicate with a BGP AD VPLS network,
edge nodes between the two networks must support both LDP VPLS and BGP AD

Switches
VPLS. In Figure 7-23, PE1 supports LDP VPLS, PE3 supports BGP AD VPLS, and PE2
and PE4 support both LDP VPLS and BGP AD VPLS. PE1, PE2, and PE4 form an LDP
VPLS network, and PE3, PE2, and PE4 form a BGP AD VPLS network. On PE2 and
PE4, the signaling negotiation for LDP VPLS is independent of that for BGP AD
VPLS. For the establishment and maintenance of an LDP VPLS PW, see LDP VPLS.
For details about member discovery and PW establishment, see BGP AD VPLS.
After PWs are established, PEs can exchange data packets over these PWs. Data
packet encapsulation on an LDP VPLS network is similar to that on a BGP AD
VPLS network. For details, see 7.2.3 Packet Encapsulation.
Figure 7-23 Interworking between LDP VPLS and BGP AD VPLS

PE2
PE1 PE3
LDP BGP AD
VPLS VPLS
PE4
LDP VPLS PW
BGP AD VPLS PW
MP-BGP Sessions
Derivative Function (MAC Withdraw)

On LDP, BGP AD, or LDP + BGP AD VPLS networks, when link failures, device
failures, or active/standby switchovers occur, the PE sends a MAC Withdraw
message to remote peers. Upon receipt, the remote peers remove MAC entries in
their VSIs based on the MAC Withdraw message. LDP VPLS network supports only
MAC Withdraw messages that carry the FEC 128 TLV field, whereas BGP AD VPLS
network supports only MAC Withdraw messages that carry the FEC 129 TLV field.
To support MAC Withdraw, LDP + BGP AD VPLS network must be able to convert
between these two types of MAC Withdraw messages.
In Figure 7-24, the PW from PE4 to PE1 is the primary PW and the PW from PE4
to PE2 is the secondary PW. The link from CE1 to PE1 is the primary link and the
link from CE1 to PE3 is the secondary link.

Switches
Figure 7-24 Forwarding of MAC Withdraw messages on an LDP + BGP AD VPLS

network
PE1
2 CE1
2
1
PE4
1
PE3
2
2
PE2
LDP BGP-AD
VPLS VPLS
MAC Withdraw message carrying the FEC 128 TLV
MAC Withdraw message carrying the FEC 129 TLV
If the PW from PE4 to PE1 fails, the following occurs:
1. PE4 performs a primary/secondary PW switchover and sends a MAC Withdraw

message carrying the FEC 128 TLV field to PE2.
2. PE2 receives the message and removes MAC entries in its VSI based on the
MAC Withdraw message. PE2 converts the message to a MAC Withdraw
message carrying the FEC 129 TLV field and forwards the new MAC Withdraw
message to PE3.
3. After receiving the MAC Withdraw message, PE3 removes MAC addresses in
its VSI based on the MAC Withdraw message.
4. When the PW from PE4 to PE1 recovers, PE4 performs a revertive switchover
based on the configured revertive switching policy. PE4 sends a MAC
Withdraw message carrying the FEC 128 TLV field to PE1.
5. PE1 receives the message and removes MAC entries in its VSI based on the
MAC Withdraw message. PE1 converts the message to a MAC Withdraw
message carrying the FEC 129 TLV field, and forwards the new MAC Withdraw
message to PE3.
6. After receiving the message, PE3 removes MAC addresses in its VSI based on
the MAC Withdraw message.
If the AC from CE1 to PE1 fails, the following occurs:
1. PE1 sends a MAC Withdraw message carrying the FEC 128 TLV field to PE4
after PE1 detects the status change of its AC interface. PE3 sends a MAC
Withdraw message carrying the FEC 129 TLV field to PE2 after detecting the
AC status change.
2. After PE2 receives the MAC Withdraw message sent from PE3, PE2 removes
the MAC entries in its VSI based on the MAC Withdraw message. PE2 then
converts the message to a MAC Withdraw message carrying the FEC 128 TLV
field, and forwards the new MAC Withdraw message to PE4.

Switches
3. After PE4 receives the MAC Withdraw messages sent from PE1 and PE2, PE4
removes the MAC addresses in its VSI based on the messages.
4. When the AC from CE1 to PE1 recovers, PE1 sends a MAC Withdraw message
carrying the FEC 128 TLV field to PE4 after detecting the AC status change.
5. PE3 sends a MAC Withdraw message carrying the FEC 129 TLV field to PE2
after detecting the AC status change.
6. After PE2 receives the MAC Withdraw message sent from PE3, PE2 removes
the MAC entries in its VSI based on the MAC Withdraw message. PE2 then
converts the message to a MAC Withdraw message carrying the FEC 128 TLV
field and forwards the new MAC Withdraw message to PE4.
7. After PE4 receives the MAC Withdraw messages sent from PE1 and PE2, PE4
removes the MAC addresses in its VSI based on the messages.
7.3 Applications
7.3.1 VPLS Application in Individual Services

Service Overview
Individual services such as high speed Internet (HSI), voice over IP (VoIP), and
broadband TV (BTV) are usually carried over carriers' metropolitan area networks
(MANs).
Broadband Remote Access Servers (BRASs) or Service Routers (SRs) are deployed
at the egress of the MAN as individual service gateways. Layer 2 packets from a
user need to be transparently transmitted to a service gateway using VPLS or VLL
technology. User information will be lost if Layer 2 packets are terminated on a PE
and forwarded using Layer 3 routing. The service gateway fails to control the user
because it does not have the user information. When the primary and secondary
service gateways are deployed on the MAN, user traffic needs to be dual homed
to the access service gateways. VPLS technology must be used to achieve this goal.
Networking Description
Individual services are transmitted to the Internet over the access layer,
convergence layer, and core layer of a MAN. Figure 7-25 shows a typical example
implementation for individual services.
● HSI services access the Internet over the MAN.
● VoIP services request IP addresses from the Dynamic Host Configuration
Protocol (DHCP) server over the MAN.
● BTV multicast members apply for BTV services from multicast sources over
the MAN.

Switches
Figure 7-25 Implementation for individual services

DHCP
Server
Source
NMS
Internet
MSCG1/ MSCG2/
BRAS1/ IP Core BRAS2/
SR1 SR2
Core layer
PE3
PE4
VPLS
Aggregation layer
PE1 PE2
DSLAM Access layer
HG
PW
Backup PW
HSI VOIP BTV
Feature Deployment
VPLS is configured on PEs to transparently transmit traffic between them. Figure
7-25 uses LDP VPLS as an example to show VPLS configuration:
● Access-layer devices
VLANs are configured to differentiate different types of users.
PPPoE over AAL5 (PPPoEoA) and PPP over AAL5 (PPPoA) are configured to
allow access of HSI users through dialup.
Multicast VLAN and IGMP snooping are configured to transmit multicast
services.
● Aggregation-layer devices
Interior Gateway Protocols (IGPs) are configured on PEs so that they can
communicate with each other.
Basic MPLS functions are configured on PEs so that these PEs can establish
remote LDP sessions.
MPLS L2VPN and VSIs are configured on PEs.
A VPLS daisy chain is deployed on PEs to transmit multicast services.

Switches
● Core-layer devices
Authentication and accounting features are configured on BRASs so that they
can terminate HSI services.
IGPs are configured on SRs so that they can communicate with each other.
Basic MPLS functions are configured on SRs.
DHCP relay is configured on SRs, allowing VoIP users to obtain IP addresses
from DHCP servers.
Layer 3 multicast features are configured on SRs so that these SRs can
communicate with multicast sources.
7.3.2 VPLS Application in Enterprise Services

Service Overview
As enterprises become more widely dispersed and employees become more
mobile, applications such as instant messaging and teleconferencing become
increasingly important. This imposes high requirements for E2E data
communication technologies. P2MP services are vital for data communications. To
ensure enterprise data remains secure, reliable, and transparent, data channels
must be provided for multipoint transmission.
Networking Description
In Figure 7-26, Site1, Site2, and Site3 are R&D departments of an enterprise. The
three sites are connected across a metropolitan area network (MAN). The
enterprise needs to transmit Layer 2 service packets between branches using VPLS
technology to allow branches in different locations to communicate with each
other.

Switches
Figure 7-26 VPLS application in enterprise services
Site3
VPN1
CE3
PE3
IP Core
PE1
PE2
CE1 CE2
Site1 Site2
VPN1 VPN1
Feature Deployment
VPLS is configured on PEs to transparently transmit traffic between them. From an
enterprise user perspective, the public network is similar to a single Layer 2 switch.
Figure 7-26 uses LDP VPLS as an example to show VPLS configuration:
● Access-layer devices
VLANs are configured to differentiate different types of enterprise users.
● Convergence-layer devices
An IGP is configured on PEs so that they can communicate with each other.
Basic MPLS functions are configured on PEs so that they can establish remote
LDP sessions.
MPLS L2VPN and VSIs are configured on PEs. Dual-homing is used on the
VPLS network to protect traffic.
Limit on the number of learned MAC addresses and traffic suppression are
configured on PEs to protect data.

Switches
7.4 Licensing Requirements and Limitations for VPLS

Involved Network Elements
Other network elements are not required.
License Requirements
VPLS is a basic feature of a switch and is not under license control.
Version Requirements
Table 7-9 Products and versions supporting VPLS
Product Product Model Software Version
S1700 S1720GFR Not supported
S1720GW, Not supported

S1720GWR
S1720GW-E, Not supported

S1720GWR-E
S1720X, S1720X-E Not supported
Other S1700 Models that cannot be configured using

models commands. For details about features and
versions, see S1700 Documentation Bookshelf.
S2700 S2700SI Not supported
S2700EI Not supported
S2710SI Not supported
S3700 S3700SI, S3700EI Not supported
S3700HI Not supported
S5700 S5700LI Not supported
S5700S-LI Not supported
S5710-C-LI Not supported
S5710-X-LI Not supported

Switches
Product Product Model Software Version
S5710EI V200R002C00, V200R003C00,

V200R005(C00&C02)
S5720EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10
S5720LI, S5720S- Not supported

LI
S5720SI, S5720S- Not supported

SI
S5730S-EI Not supported
S5700HI V200R002C00, V200R003C00,

V200R005(C00SPC500&C01&C02)
S5710HI V200R003C00, V200R005(C00&C02&C03)
S5720HI V200R007C10, V200R009C00, V200R010C00,

V200R011C00, V200R011C10
S6700 S6700EI V200R005(C00&C01&C02)
S6720EI V200R008C00, V200R009C00, V200R010C00,

V200R011C00, V200R011C10
S6720S-EI V200R009C00, V200R010C00, V200R011C00,

V200R011C10
S6720SI, S6720S- Not supported

SI
S6720LI, S6720S- Not supported

LI
NOTE
To know details about software mappings, see Hardware Query Tool.
Feature Limitations
● Do not add the PW to VLAN 1. If the PW is added to VLAN 1, the AC joins
VLAN 1 in untagged mode and VLAN tags of packets are removed.
● If an interface is used as a VPLS AC-side interface and a multicast inbound
interface at the same time, multicast data cannot be forwarded normally on
this interface. (S5720HI does not have this restriction.)
● After receiving Layer 2 protocol packets such as STP, VBST, SMLK, LBT/LBDT,
LACP, 3AH, 1AG, Y.1731, HGMP, LLDP, DLDP, GVRP, HVRP, DAD, LNP, VCMP,
and BFD packets from an AC interface, a PE device determines whether it
needs to process the packets. If not (for example, Layer 2 protocols are

Switches
disabled), the PE device transparently transmits the Layer 2 protocol packets

through the VPLS.
● If L2VPN is configured on the device, the AC-side outbound interface does not
support IP address-based load balancing when the interface is an Eth-Trunk
interface.
● If the PW-side interface is a Layer 3 interface switched by the undo
portswitch command, the AC-side interface cannot be a Layer 3 interface or
subinterface belonging to a Layer 3 interface; otherwise, traffic forwarding is
abnormal. This rule applies to S5720EI, S6720EI, and S6720S-EI.
7.5 Default Configuration

Table 7-10 Default configuration of VPLS
Parameter Default Setting
MTU value in the VSI view 1500
Capability of BGP peers in exchanging Disabled

VPLS member information
Broadcast traffic suppression in the VSI Disabled
Multicast traffic suppression in the VSI Disabled
Unknown unicast traffic suppression in Disabled

the VSI
LDP MAC Withdraw message sent by Disabled

the VSI
Encapsulation type of an interface in VLAN

the VSI view
MAC diagnosis test Enabled
MAC address learning of a VSI Enabled
L2VPN OAM detection on the PSN Disabled

tunnel
PW attributes of the BGP AD VSI Hub
Statistics about the public network Disabled

traffic on a specified Martini VPLS PW
7.6 Configuring Martini VPLS

Pre-configuration Task
Before configuring Martini VPLS, complete the following tasks:

Switches
● Configure LSR IDs and enabling MPLS on PEs and Ps.

● Enable MPLS L2VPN on PEs.
● Establish tunnels between PEs for data transmission.
● Set up an LDP session if PEs are indirectly connected.
Configuration Process
To configure Martini VPLS, perform the following configurations on PEs at both
ends of a PW.
7.6.1 Creating a VSI and Configuring LDP Signaling
Context
When using LDP as the PW signaling, you must configure the VSI ID for a VSI. VSI
IDs differentiate VSIs, and you can use these VSI IDs during PW signaling
negotiation.
On a PW in LDP mode between two PEs with a Huawei device functioning as one
PE and a non-Huawei device functioning as the other, if the non-Huawei device
does not have the capability of processing L2VPN label requests, the mpls l2vpn
no-request-message command needs to be run on the Huawei device to allow
communication between the two devices. This command cannot be used in other
cases.
Do as follows on the PEs of the two ends of the PW:
Procedure
Step 1 Run:
system-view
The system view is displayed.

Step 2 Run:
vsi vsi-name static
A VSI is created and static member discovery mechanism is adopted.

Step 3 Run:
pwsignal ldp
The PW signaling protocol is specified as LDP and the VSI-LDP view is displayed.
By default, no signaling mode is configured for a VSI.
Step 4 Run:
vsi-id vsi-id
The VSI ID is configured.
NOTE
The two ends of the VSI must agree on the same VSI ID.
By default, no VSI ID is set.

Switches
The VSI exists only on the PE. One PE can have multiple VSIs. One VPLS on a PE
has only one VSI.
Step 5 Run:
peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ] [ upe ]
The VSI peer is configured.
By default, no peer is configured for a VSI.
Step 6 (Optional) Run:

peer peer-address [ negotiation-vc-id vc-id ] pw pw-name
A PW is created and the VSI-LDP-PW view is displayed.
By default, no PW is created.
NOTE
If you have created a PW, you can run the command pw pw-name to enter the VSI-LDP-PW
view in the VSI-LDP view.

undo interface-parameter-type vccv
The device is configured to delete the VCCV byte following the interface
parameter in Mapping packets.
By default, a mapping packet carries the VCCV byte.

ignore-stp-loopcheck
The STP loop detection function of PW is disabled, that is, the PW that cannot be
blocked by STP.
By default, STP loop detection is enabled for the PW.

quit
Return to the VSI-LDP view.
Step 10 (Optional) The VPLS encapsulation type is configured.

1. Run:
quit
Return to the VSI view.

2. Run:
encapsulation { ethernet | vlan }
The VSI encapsulation type is configured.
By default, the encapsulation type of the interface is VLAN.
When the QinQ sub-interface or dot1q sub-interface is bound to the VSI, the
VPLS encapsulation type cannot be set to ethernet.
----End

Switches
7.6.2 Binding VSIs to AC Interfaces
Context
Based on the type of link between a PE and a CE, a VSI is bound to an AC
interface on the PE in one of the following modes:
● Binding the VSI with the GE interface, or XGE interface when the PE and the
CE are connected through the Ethernet interface
● Binding the VSI with the GE sub-interface, 40GE sub-interface or XGE sub-
interface when the PE and the CE are connected through the Ethernet sub-
interface
● Binding the VSI with the VLANIF interface when the PE and the CE are
connected through the VLANIF interface
● Binding the VSI with the Eth-Trunk when the PE and the CE are connected
through the Eth-Trunk interface
● Binding the VSI with the Eth-Trunk sub-interface when the PE and the CE are
connected through the Eth-Trunk sub-interface
The sub-interfaces can be dotlq sub-interfaces, QinQ sub-interfaces, VLAN
mapping sub-interfaces, or VLAN stacking sub-interfaces. For details on how to
access the VPLS through a sub-interface, see Configuring a Dot1q Termination
Sub-interface and Connecting It to an L2VPN and Configuring a QinQ Termination
Sub-interface and Connecting It to an L2VPN in "VLAN Termination Configuration"
in the S1720, S2700, S5700, and S6720 V200R010C00 Configuration Guide -
Ethernet Switching.
When XGE, GE, 40GE, or Eth-Trunk interfaces are used as AC interfaces, the outer
Tags carried in the packets sent from the AC to the PW are U Tags (inserted by
user devices, which are meaningless to the SP) by default.
When VLANIF interfaces are used as AC interfaces, the outer Tags carried in the
packets sent from the AC to the PW are P Tags (inserted by SP devices, which are
used to differentiate user traffic) by default.
NOTE
● If the VLANIF interface configured based on a PVID is bound to a VSI, interfaces

corresponding to this PVID cannot forward Layer 2 protocol BPDUs.
● In the VPLS application, different CEs are transparently connected in the same LAN
segment through VSIs, and the IP addresses of the CEs must be different.
● When using GE, XGE, 40GE, or Eth-Trunk interfaces as AC interfaces, ensure that these
interfaces do not contain any sub-interfaces.
● When used on an AC-side interface, the qinq protocol command enables the system to
identify incoming packets and Tag outgoing packets with the TPID. The TPID must use
the default value 8100. Do not change the TPID.
● If an interface is used as a VPLS AC-side interface and a multicast inbound interface at
the same time, multicast data cannot be forwarded normally on this interface. (S5720HI
does not have this restriction.)
Procedure
● Bind a VSI to an Ethernet interface.

Switches
Do as follows on the PEs at both ends of a PW:

a. Run:
system-view

b. Run:
interface interface-type interface-number
The Ethernet interface view is displayed.

c. (Optional) Run:
undo portswitch
The Layer 2 interface is configured as a Layer 3 interface.

d. Run:
l2 binding vsi vsi-name
The VSI is bound to the Ethernet interface.
NOTE
● If the peer PE accepts only packets with VLAN tags, before binding the
Ethernet interface to a VSI, run the mpls l2vpn default vlan command to
configure the default VLAN for the primary interface.
● If the peer PE accepts packets with one more VLAN tag, before binding the
Ethernet interface to a VSI, run the mpls l2vpn vlan-stacking stack-vlan
command to configure the stack VLAN for the primary interface.
● Bind a VSI to an Ethernet sub-interface.
a. Run:
system-view

b. Run:
The interface view is displayed.

c. Run:
port link-type { hybrid | trunk }
The port link-type is set.

d. Run:
quit
Return to the system view.

e. Run:
interface interface-type interface-number.subinterface-number
The Ethernet sub-interface view is displayed.

f. Run one of the following commands to configure an Ethernet sub-
interface based on site requirements.
▪ Run:
dot1q termination vid low-pe-vid

Switches
The single VLAN ID for dot1q encapsulation on a sub-interface is

configured.
▪ Run:
qinq termination pe-vid pe-vid ce-vid ce-vid1 [ to ce-vid2 ]
The double VLAN IDs for QinQ encapsulation on a sub-interface are

configured.
▪ Run:
qinq mapping vid vlan-id1 [ to vlan-id2 ] map-vlan vid vlan-id3
Single-tagged VLAN mapping is configured on the sub-interface.
▪ Run:
qinq mapping pe-vid vlan-id1 ce-vid vlan-id2 [ to vlan-id3 ] map-vlan vid vlan-id4
Double-tagged VLAN mapping is configured on the sub-interface.
▪ Run:
qinq stacking vid vlan-id1 [ to vlan-id2 ] pe-vid vlan-id3
VLAN stacking is configured on the sub-interface.

g. Run:
The VSI is bound with the Ethernet sub-interface.

● Bind a VSI to a VLANIF interface.
a. Run:
system-view

b. Run:
interface vlanif vlan-id
The VLANIF interface view is displayed.

c. Run:
The VLANIF interface is bound to the VSI.
NOTE
● The VLANIF interfaces of the VLAN before VLAN mapping and VLAN before
VLAN stacking cannot be bound to VSIs. Otherwise, the configured VSI and
VLAN mapping or VLAN stacking do not take effect.
● If a VLAN is configured with IGMP snooping or MLD snooping, the VLANIF
interface of the VLAN cannot be used as an AC interface. To bind the VLANIF
interface to a VSI, delete the IGMP snooping or MLD snooping configuration
from the VLAN first.
● Bind a VSI to an Eth-Trunk interface.
a. Run:
system-view

Switches

b. Run:
interface eth-trunk trunk-id
An Eth-Trunk interface is created.

c. Run:
quit

d. Run:
The view of the interface to be added into the Eth-Trunk is displayed.
An Eth-Trunk member interface cannot be configured with a static MAC

address.
NOTE
Member interfaces of a trunk cannot be Eth-Trunk interfaces.

e. Run:
eth-trunk trunk-id
The interface is added into the Eth-Trunk.
Before adding an interface into an Eth-Trunk, ensure the interface is not

configured with any Layer 3 attributes such as IP address and any
services.
An Ethernet interface can join only one Eth-Trunk interface. To join

another Eth-Trunk interface, the Ethernet interface must quit from the
original one.
Member interfaces of an Eth-Trunk interface must be of the same type.

That is, GE interfaces, 40GE interfaces and XGE interfaces cannot join an
Eth-Trunk interface.
f. Run:
quit

g. Run:
The Eth-Trunk interface view is displayed.

h. (Optional) Run:
undo portswitch

i. Run:
The Eth-Trunk interface is bound with the VSI.

Switches
NOTE
● Bind a VSI to an Eth-Trunk sub-interface.
a. Run:
system-view

b. Run:

c. Run:
quit

d. Run:

address.
NOTE

e. Run:
eth-trunk trunk-id

services.
original one.
f. Run:

g. Run:

Switches
quit

h. Run:
interface eth-trunk trunk-id .subnumber
The Eth-Trunk sub-interface view is displayed.

i. Run one of the following commands to configure an Ethernet sub-
▪ Run:

configured.
▪ Run:

configured.
▪ Run:
▪ Run:
▪ Run:

j. Run:
The Eth-Trunk sub-interface is bound with the VSI.
----End
7.6.3 Checking the Configuration
Prerequisites
All Martini VPLS configurations are complete.
Procedure
● Run the display vsi [ name vsi-name ] [ verbose ] command to check
information about a VPLS VSI.
● Run the display l2vpn ccc-interface vc-type { all | vc-type } [ down | up ]
command to check information about the interface used by an L2VPN
connection.

Switches
● Run the display vsi remote ldp [ [ router-id ip-address ] [ pw-id pw-id ] |
unmatch | verbose ] command to check information about a remote VSI.
● Run the display vpls connection [ ldp | vsi vsi-name ] [ down | up ]
[ verbose ] command to check information about a VPLS connection.
● Run the display vpls forwarding-info [ vsi vsi-name [ peer peer-address
[ negotiation-vc-id vc-id | remote-site site-id ] ] | state { up | down } ]
[ verbose ] command to check forwarding information of all VSIs.
● Run the display vsi services { all | vsi-name | interface interface-type
interface-number | vlan vlan-id } command to check information about the
AC interface associated with the VSI.
● Run the display vsi pw out-interface [ vsi vsi-name ] command to check
information about the outgoing interface of a PW in a VSI.
● Run the display l2vpn vsi-list tunnel-policy policy-name command to check
information about the tunnel policy applied to a VSI.
● Run the ping vpn-config peer-address peer-address vsi-name vsi-name
[ pw-id pw-id ] [ local ] [ remote ] command to check configurations of the
VSI on the peer PE.
● Run the display mpls label-stack vpls vsi vsi-name peer peer-ip-address vc-
id vc-id command to check the information about label stacks in a VPLS
scenario.
----End
7.7 Configuring Kompella VPLS

Before configuring Kompella VPLS, complete the following tasks:
To configure Kompella VPLS, perform the following configurations on PEs at both
ends of a PW. Configuring Huawei Devices to Communicate with Non-Huawei
Devices and configuring the Features of Kompella VPLS are optional.
7.7.1 Enabling the BGP Peer to Exchange VPLS Information
Context
BGP VPLS shares the TCP connection with the common BGP protocol. Therefore,
most BGP VPLS configurations are the same as the configurations of the common
BGP protocol. Nevertheless, VPLS label blocks need to be exchanged in BGP VPLS.
Therefore, you need to enable peers to exchange VPLS label blocks in the BGP
VPLS address family view.
Please do as follows on the PEs of the two ends of the PW:

Switches
Procedure
Step 1 Run:
system-view

Step 2 Run:
bgp { as-number-plain | as-number-dot }
The BGP view is displayed.

Step 3 Run:
peer ipv4-address as-number as-number
The BGP peer is configured.

Step 4 Run:
peer ipv4-address connect-interface loopback interface-number
The interface used to set up the TCP connection is specified.
NOTE
To improve reliability, on the PE, the local loopback interface is generally specified as the
interface to set up the TCP connection.
Step 5 Configure the Kompella VPLS signaling capability:

Kompella VPLS can use either the BGP-VPLS address family or the BGP-L2VPN-AD
address family. You can use either of the following methods to configure the
Kompella VPLS signaling capability. Method 1 is recommended.
● Method 1
a. Run:
l2vpn-ad-family
The L2VPN-AD address family view is displayed.
b. Run:
peer ipv4-address enable
A peer is specified, and the function to exchange route information with
the specified peer is enabled.
After you specify a peer in the L2VPN-AD address family view, the BGP
AD signaling capability is enabled by default.
c. Run:
signaling vpls
or
peer ip-address signaling vpls
The Kompella VPLS signaling capability is enabled.
d. (Optional) Run:
signaling vpls-ad disable
The BGP AD signaling capability is disabled.
● Method 2
a. Run:
vpls-family

Switches
The BGP-VPLS address family view is displayed.

b. Run:
A peer is specified, and the function to exchange route information with

the specified peer is enabled.
----End
7.7.2 Creating a VSI and Configuring BGP Signaling
Context
When configuring BGP VPLS to implement automatic discovery, you need to
create and configure VSIs (set RDs and VPN targets of the VSIs), configure BGP,
and create site connections.
Perform the following steps on PEs at both ends of a PW:
Procedure
Step 1 Run:
system-view

Step 2 Run:
vsi vsi-name auto
A VSI is created and the automatic member discovery mechanism is configured.

The Kompella VPLS does not directly deal with the connection between the CEs. It
numbers the CEs and creates a VSI on the PE for each CE.
Step 3 Run:
pwsignal bgp
The PW signaling protocol is configured as BGP and the VSI-BGP view is displayed.
Step 4 Run:
route-distinguisher route-distinguisher
The RD of the VSI is configured.

After the PW signaling protocol is configured as BGP, configure the RD to make
the VSI take effect.
NOTE
For a PE, different VSIs have different RDs.

For the same VSI on different PEs:
● If a CE accesses two PEs, RDs of the VSI must be same.
● If a CE accesses a PE, RDs of the VSI can be either the same or different.
Step 5 Run:
vpn-target vpn-target & <1-16> [ both | export-extcommunity | import-extcommunity ]

Switches
The VPN target of the VSI is configured.

When using this command, note the mapping between the VPN target attribute at
the local end and the VPN target at the remote end.
● export-extcommunity of the local end must be consistent with import-
extcommunity of the peer.
● import-extcommunity of the local end must be consistent with export-
Traffic can be normally transmitted in bidirectional way only if the preceding two
conditions are satisfied. If only one condition is met, the traffic can be transmitted
only in unidirectional way. For convenience of configuration, the four values are
configured to be the same.
NOTE
When locating a VPLS fault, you can use the remote-vpn-target refresh command to refresh
the VPN target of the remote end.
Step 6 Run:
site site-id [ range site-range ] [ default-offset { 0 | 1 } ]
The site ID is configured.

The two ends of the VSI cannot be configured with the same site ID. The value of
the local site ID must be less than the sum of the site-range and default-offset of
the remote end. The value of the local site ID cannot be less than the value of the
default-offset of the remote end. If the rang parameter is specified, the system
reserves the required labels for the VSI.
NOTE
All Kompella L2VPN instances and VPLS VSI instances of one device share one label block;
therefore, the sum of the ranges of all Kompella L2VPN instances and VPLS VSI instances
cannot be greater than the label block. Otherwise, the system prompts that the labels
cannot be obtained because the required labels exceed the upper limit. Allocation of a site
ID to a VSI or creation of a CE fails.

1. Run:
quit

2. Run:

----End
7.7.3 (Optional) Configuring Huawei Devices to Communicate

with Non-Huawei Devices

Switches
Context
The latest RFC defines that the encapsulation type of PW in the Kompella VPLS is
19. Huawei devices support only the Ethernet encapsulation and VLAN
encapsulation. When Huawei devices need to communicate with non-Huawei
devices with the VPLS encapsulation type carried by BGP extended community
attributes as 19, you need to set the global encapsulation type of Kompella VPLS
on the Huawei device, and configure the Huawei device to ignore the MTU match
check.
Procedure
Step 1 Run:
system-view

Step 2 Run:
mpls l2vpn
The MPLS-L2VPN view is displayed.

Step 3 Run:
vpls bgp encapsulation { ethernet | vlan }
The global encapsulation type of Kompella VPLS is configured.

After this command is used and the VPLS packet with encapsulation type 19 is
received, the system re-encapsulates this packet according to the user
configuration and then performs other processing related to VPLS.
When this command is not used, the system re-encapsulates the received VPLS
packet with encapsulation type 19 in VLAN mode.
NOTE
The vpls bgp encapsulation { ethernet | vlan } and ignore-mtu-match commands must
be used together on Huawei devices so that Huawei devices can communicate with non-
Huawei devices.
Step 4 Run:
quit

Step 5 Run:
vsi vsi-name
The view of the created VSI is displayed.

Step 6 Run:
pwsignal bgp
The VSI-BGP view is displayed.

encapsulation rfc4761-compatible

Switches
The encapsulation type for Kompella VPLS is configured to be in compliance with

RFC 4761.
Before a Kompella VPLS network sends packets with encapsulation types other
than encapsulation type 19, the network converts the encapsulation types of these
packets to encapsulation type 19.
If a Kompella VPLS network receives packets with encapsulation type 19, the
network automatically converts the encapsulation types of these packets to its
own encapsulation type.
Step 8 Run:
mtu-negotiate disable
The MTU match check is disabled.
By default, the MTU value in the VSI view is 1500. If the MTUs for the same VSI
on two PEs are different, the two PEs cannot exchange information or establish a
connection.
The equipment of some vendors cannot perform the MTU match check for VSIs. If
a Huawei device needs to communicate with a non-Huawei device over a
Kompella VPLS network, run the mtu-negotiate disable command to disable the
MTU match check.
----End
Context
interface

Ethernet Switching.

Switches
NOTE

Procedure
a. Run:
system-view

b. Run:

c. (Optional) Run:
undo portswitch

d. Run:
NOTE

Switches
a. Run:
system-view

b. Run:

c. Run:

d. Run:
quit

e. Run:

▪ Run:

configured.
▪ Run:

configured.
▪ Run:
▪ Run:
▪ Run:

g. Run:

a. Run:
system-view

Switches

b. Run:

c. Run:
NOTE
a. Run:
system-view

b. Run:

c. Run:
quit

d. Run:

address.
NOTE

e. Run:
eth-trunk trunk-id

services.

Switches

original one.

f. Run:
quit

g. Run:

h. (Optional) Run:
undo portswitch

i. Run:
NOTE
a. Run:
system-view

b. Run:

c. Run:
quit

d. Run:

address.

Switches
NOTE

e. Run:
eth-trunk trunk-id

services.
original one.
f. Run:

g. Run:
quit

h. Run:

▪ Run:

configured.
▪ Run:

configured.
▪ Run:
▪ Run:
▪ Run:

Switches

j. Run:
----End
7.7.5 (Optional) Configuring the Features of Kompella VPLS
Context
During the Kompella VPLS configuration, if n PEs are located in a VPLS domain,
n(n-1)/2 IBGP connections need to be established. When there are a large number
of IBGP peers, network resources and CPU resources are greatly consumed. A
route reflector (RR) can be used to solve the problem. One PE functions as an RR
and other PEs function as clients. The clients establish IBGP connections with the
RR.
When configuring route reflection for Kompella VPLS, configure the RR and
reflection policy, and enable VPN-target filtering for received VPLS label blocks.
The BGP VPLS address family view is used to manage the VPLS label block.
Procedure
Step 1 Run:
system-view
Step 2 Run:
Step 3 Run:
vpls-family
The BGP-VPLS address family view is displayed.
Step 4 Run:
peer { group-name | ipv4-address } reflect-client
The RR and its client are configured.
After this command is run, the local device functions as the RR and a peer or a
peer group functions as the client of the RR.
Step 5 Run:
undo policy vpn-target
The filtering of VPLS label blocks based on VPN targets is disabled.

Switches
The RR deployed on a Kompella VPLS network does not save VPN routes or label
blocks. You need to run this command to save all VPN routes or label blocks sent
from PEs.
NOTE
This command applies only to RRs and ASBRs.
Step 6 Run:
rr-filter extcomm-filter-number
The reflection policy is configured.

By default, no reflection policy of the RR is created.
Only the IBGP route whose route-target extended community attribute meets the
matching rules can be reflected. In this manner, load balancing is implemented.
----End
Prerequisites
All Kompella VPLS configurations are complete.
Procedure
connection.
● Run the display vsi remote bgp [ nexthop nexthop-address [ export-vpn-
target vpn-target ] | route-distinguisher route-distinguisher ] command to
check information about a remote VSI.
● Run the display vpls connection [ bgp | vsi vsi-name ] [ down | up ]
----End
7.8 Configuring BGP AD VPLS

BGP AD VPLS uses BGP packets to implement VSI discovery and uses the LDP FEC
129 signaling to establish PWs to implement VPLS PW automatic establishment.

Switches
Before configuring BGP AD VPLS, complete the following tasks:

To configure BGP AD VPLS, perform the following configurations on PEs at both
ends of a PW.
7.8.1 Enabling BGP Peers to Exchange VPLS Information
Context
BGP AD VPLS shares a TCP connection with BGP. Most BGP AD VPLS
configurations are the same as BGP configurations. Unlike BGP, BGP AD VPLS
requires the exchange of VPLS member information between BGP peers.
Therefore, BGP peers need to be enabled to exchange VPLS member information
in the BGP L2VPN AD address family view.
Procedure
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
peer ipv4-address as-number as-number
A BGP peer is configured.
NOTE
ipv4-address is the remote LSR ID.
Step 4 Run:
peer ipv4-address connect-interface interface-type interface-number
An interface on which a TCP connection is established is specified.

To improve reliability, a loopback interface on a PE is usually used to set up a TCP
connection. If this command is not configured, a PE uses its interface that directly
connects to a peer to set up a TCP connection.
Step 5 Run:
l2vpn-ad-family
The BGP L2VPN AD address family view is displayed.

Switches
Step 6 Run:
BGP peers in the AS are enabled to exchange VPLS member information.

By default, BGP peers are not enabled to exchange VPLS information in the L2VPN
AD address family view.
NOTE
ipv4-address in this command is the same as ipv4-address specified in the peer command
in the BGP view, which is the remote LSR ID.
----End
7.8.2 Creating VSIs and Configuring the BGP AD Signaling
Context
When configuring BGP AD VPLS, you need to create VSIs on PEs, set automatic
VPLS member discovery and PW deployment for the VSIs, configure BGP AD
signaling on the PEs, and set VPLS IDs and VPN targets for the VSIs in the VSI-
BGPAD view.
Procedure
Step 1 Run:
system-view

Step 2 Run:
vsi vsi-name
A VSI is created.
Step 3 Run:
bgp-ad
Automatic VPLS member discovery and PW deployment are set for the VSI, and
the VSI-BGP AD view is displayed.
Step 4 Run:
vpls-id vpls-id
A VPLS ID is set.
NOTE
● By default, the RD of BGP AD VPLS is the same as the VPLS ID. If a VPLS ID is set, an RD
does not need to be set. The VSI ID is equal to the local LSR ID and does not need to be set.
● The VPLS IDs for VSIs in one VPLS domain must be the same.
Step 5 Run:

Switches
A VPN target is configured for the VSI.

The mappings between the local VPN target attribute and the peer VPN target
attribute must be correct:
● The local export-extcommunity is the same as the peer import-extcommunity.
● The local import-extcommunity is the same as the peer export-extcommunity.
Traffic is transmitted properly in a bidirectional manner only if the preceding two
conditions are both met. If only one condition is met, traffic is transmitted only in
a unidirectional manner. These four parameters are usually set to the same value.
pw spoke-mode
Split horizon is disabled for all PWs in a VSI.

By default, all PW attributes of a BGP AD VSI are Hub.
NOTE
The function of this command is similar to the function of configuring a peer PE as a UPE
on a Martini HVPLS network. The difference is that this command allows all peer PEs in a
VPLS domain to serve as UPEs. This means a star topology, in which a PE functions as a
Hub, and other PEs connected to this Hub are Spoke PEs.

1. Run:
quit

2. Run:

----End
Context
interface

Switches

Ethernet Switching.
NOTE

Procedure
a. Run:
system-view

b. Run:

c. (Optional) Run:
undo portswitch

d. Run:

Switches
NOTE
a. Run:
system-view

b. Run:

c. Run:

d. Run:
quit

e. Run:

▪ Run:

configured.
▪ Run:

configured.
▪ Run:
▪ Run:

Switches
▪ Run:

g. Run:

a. Run:
system-view

b. Run:

c. Run:
NOTE
a. Run:
system-view

b. Run:

c. Run:
quit

d. Run:

address.

Switches
NOTE

e. Run:
eth-trunk trunk-id

services.
original one.
f. Run:
quit

g. Run:

h. (Optional) Run:
undo portswitch

i. Run:
NOTE
a. Run:
system-view

b. Run:

Switches
c. Run:
quit

d. Run:

address.
NOTE

e. Run:
eth-trunk trunk-id

services.
original one.
f. Run:

g. Run:
quit

h. Run:

▪ Run:

configured.
▪ Run:

configured.

Switches
▪ Run:
▪ Run:
▪ Run:

j. Run:

----End
7.8.4 (Optional) Resetting BGP Connections for L2VPN-AD
Context
When the BGP L2VPN-AD configuration is modified, you can reset BGP
connections for L2VPN-AD to make the configuration take effect immediately.
Procedure
Step 1 Run the system-view command to enter the system view.
Step 2 Run the reset bgp l2vpn-ad { all | as-number-plain | as-number-dot | ipv4-address
| group group-name | external | internal } [ graceful ] command to reset BGP
connections for L2VPN-AD.
----End

Prerequisites
All BGP AD VPLS configurations are complete.
Procedure
connection.
● Run the display vsi bgp-ad { import-vt | export-vt | remote-export-vt }
command to check the VPN target information about the local and remote
devices.

Switches
● Run the display vsi bgp-ad remote vpls-id vpls-id command to check
member information about a specified remote PE.
● Run the display vpls connection [ bgp-ad | vsi vsi-name ] [ down | up ]
[ verbose ] command to check information about a BGP AD VPLS connection.
● Run the display bgp l2vpn-ad [ route-distinguisher route-distinguisher ]
routing-table [ vpls-ad ] [ ipv4-address | statistics ] command to check BGP
L2VPN-AD routes.
----End
7.9 Configuring Interworking Between LDP VPLS and

BGP AD VPLS
Usage Scenario
LDP VPLS uses LDP signaling packets that carry the forwarding equivalence class
(FEC) 128 type-length-value (TLV) to establish and maintain pseudo wires (PWs)
after peers are manually specified for PW establishment. Therefore, requirements
for device performance are low. BGP AD VPLS uses BGP to automatically discover
VPLS members and uses LDP signaling packets that carry the FEC 129 TLV to
establish and maintain PWs. PWs are automatically established, and therefore
requirements for device performance are high. LDP VPLS applies to VPLS networks
with a small number of sites, whereas BGP AD VPLS applies to VPLS networks
with a large number of sites. If a service provider has deployed both LDP VPLS and
BGP AD VPLS, interworking between LDP VPLS and BGP AD VPLS helps improve
VPLS network expansibility and lower down network operation costs.
As shown in Figure 7-27, PE1 supports LDP VPLS, PE4 supports BGP AD VPLS, and
PE2 and PE3 support both LDP VPLS and BGP AD VPLS. To deploy interworking
between LDP VPLS and BGP AD VPLS, configure a hybrid virtual switch instance
(VSI) on PE2 and PE3. A hybrid VSI is a VSI that supports more than one signaling
protocol. In this scenario, the hybrid VSIs on PE2 and PE3 establish LDP PWs with
the VSI on PE1 and establish BGP AD PWs with the VSI on PE4.

Switches
Figure 7-27 Interworking between LDP VPLS and BGP AD VPLS
PE2
LDP BGP-AD
PE1 PE4
VPLS VPLS
PE3
Pre-configuration Tasks
Before you configure interworking between LDP VPLS and BGP AD VPLS, complete
the following tasks:
● Configure IP addresses and routes on PEs to ensure that neighboring nodes

are reachable at the network layer.
● Configure label switching router (LSR) IDs and enable basic Multiprotocol
Label Switching (MPLS) functions on PEs.
● Establish tunnels between PEs to bear Layer 2 virtual private network
(L2VPN) services.
Procedure
● Create LDP PWs. For details, see 7.6 Configuring Martini VPLS.
● Create BGP AD PWs. For details, see 7.8 Configuring BGP AD VPLS.
NOTE
On PE2 or PE3, the LDP and BGP AD PWs must be configured in the same VSI.
When you run the vsi vsi-name [ static ] command to create a VSI, if the command carries
the static keyword, LDP PWs must be first established; if the command does not carry the
static keyword, either LDP or BGP AD PWs can be established first.
----End
Checking the Configurations

After the configuration is complete, check whether the configuration has taken
effect.
● Run the display vsi [ name vsi-name ] [ verbose ] command. The command
output shows VSI information.
● Run the display vpls connection [ vsi vsi-name ] [ verbose ] command. The
command output shows VPLS connection information.

Switches
7.10 Configuring LDP HVPLS

If there are a large number of VPLS PEs, you can use the HVPLS networking
scheme to reduce the performance requirements on PEs.
Before configuring LDP HVPLS, complete the following tasks:
● Configure LSR IDs on the UPE and SPE.
● Enable MPLS and MPLS LDP on the UPE and SPE.
● Enable MPLS L2VPN on the UPE and SPE.
NOTE
Kompella VPLS uses BGP as the signaling. Configuring an RR can solve the problem of
excessive connections caused by VPLS full connections. Therefore, the switch supports only
Martini HVPLS.
To configure LDP HVPLS, configure the UPE and SPE.
7.10.1 Configuring the SPE
Context
On an HVPLS network, SPEs are fully connected. You need to configure VSI peers
between SPEs, and between SPEs and UPEs.
Perform the following steps on the SPE:
Procedure
Step 1 Run:
system-view

Step 2 Run:
vsi vsi-name static
VSIs are created and the automatic member discovery mechanism is used.
Step 3 Run:
pwsignal ldp
LDP is configured as the PW signaling protocol and the VSI-LDP view is displayed.
npe-upe mac-withdraw enable
The SPE is enabled to forward the LDP MAC Withdraw messages that are received
from another SPE to a UPE.

Switches
By default, an SPE is not enabled to forward the LDP MAC Withdraw messages
that are received from another SPE to a UPE.
When an SPE receives an LDP MAC Withdraw message from another SPE, the SPE
clears the local MAC table and learns MAC addresses. If the UPE does not clear
the MAC table synchronously, communication may be interrupted. You can run
this command to enable the SPE to forward the LDP MAC Withdraw message to
the UPE to clear the MAC table on the UPE.
In good network conditions, running this command speeds up network
convergence. In bad network conditions, running this command generates a large
amount of exchange messages, and therefore is not recommended.
upe-upe mac-withdraw enable
from a UPE to another UPE.
By default, the SPE is not enabled to forward the LDP MAC Withdraw messages
that are received from a UPE to another UPE.
When an SPE receives an LDP MAC Withdraw message from a UPE, the SPE clears
the local MAC table and learns MAC addresses. If another UPE does not clear the
MAC table synchronously, communication may be interrupted. You can run this
command to enable the SPE to forward the LDP MAC Withdraw message to
another UPE to clear the MAC table on the UPE.
upe-npe mac-withdraw enable
from a UPE to another SPE.
By default, the SPE is not enabled to forward the LDP MAC Withdraw messages
that are received from a UPE to another SPE.
When an SPE receives an LDP MAC Withdraw message from a UPE, the SPE clears
the local MAC table and learns MAC addresses. If another SPE does not clear the
MAC table synchronously, communication may be interrupted. You can run this
command to enable the SPE to forward the LDP MAC Withdraw message to
another SPE to clear the MAC table on the SPE.
Step 7 Run:
vsi-id vsi-id
The VSI ID is set.

Step 8 Run:
peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ]
or run:

Switches
peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ] static-npe trans transmit-label

recv receive-label
A VSI peer is configured between SPEs.

Step 9 Run:
peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ] upe
or run:
peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ] static-upe trans transmit-label
recv receive-label
A VSI peer is configured between the SPE and the UPE.
----End
7.10.2 Configuring the UPE
Context
The configuration of the UPE is similar to that on the PE of the VPLS fully-
connected network. The difference is that the UPE sets up connections only with
the connected SPEs.
For the detailed configuration, see 7.6 Configuring Martini VPLS.

Prerequisites
All LDP HVPLS configurations are complete.
Procedure
● Run the display vsi pw out-interface [ vsi vsi-name ] command to check
information about the outgoing interface of a PW in a VSI.
● Run the display l2vpn vsi-list tunnel-policy policy-name command to check
information about the tunnel policy applied to a VSI.
● Run the display vsi remote ldp [ router-id ip-address ] [ pw-id pw-id ]
command to check information about a remote VSI.
----End
7.11 Configuring Static VLLs to Access a VPLS Network

Before configuring static VLLs to access a VPLS network, complete the following
tasks:
● Configure the IGP on Ps and SPEs on the MPLS backbone network to
implement IP connectivity.

Switches
● Implement the connectivity between SPEs on the VPLS fully-connected

network.
● Enable MPLS L2VPN on the interfaces connecting UPEs and SPEs.
NOTE
When VPN services need to be transmitted over a specified TE tunnel or when load
balancing needs to be performed among multiple tunnels to fully use network resources,
tunnel policies need to be applied to VPNs.
To configure static VLLs to access a VPLS network, configure the UPE and SPE.
● Configuring the UPE
a. Configuring static LSPs between UPEs and SPEs
b. Configuring a UPE to access an SPE through a static VLL
● Configuring the SPE
a. Configuring static LSPs between UPEs and SPEs
b. Binding a static VLL to a VSI on an SPE
7.11.1 Configuring the Static LSP Between the UPE and the
SPE
Context
Before configuring a static VLL, you need to configure a static LSP.
Do as follows on the SPE and the UPE devices:
Procedure
Step 1 Run:
system-view

Step 2 Run:
static-lsp ingress lsp-name destination ip-address { mask-length | mask } { nexthop next-hop-address |
outgoing-interface interface-type interface-number } * out-label out-label
or
static-lsp ingress tunnel-interface interface-type interface-number destination ip-address { nexthop next-
hop-address | outgoing-interface interface-type interface-number } * out-label out-label
The ingress node is configured for the LSP.

The next hop must be configured instead of the outgoing interface for non-P2P
link.
Step 3 Run:
static-lsp egress lsp-name [ incoming-interface interface-type interface-number ] in-label in-label [ lsrid
ingress-lsr-id tunnel-id tunnel-id ]
The egress of the LSP is configured.

Switches
NOTE
● Between the UPE and the SPE, two static LSPs with opposite directions must be
configured because the static LSP is unidirectional.
● If P devices exist between the UPE and the SPE, the static-lsp transit command must
be configured on the P devices to configure the transit of the static LSP.
----End
7.11.2 Configuring a UPE to Access an SPE Through a Static

VLL
Context
Perform the following steps on the UPE:
Procedure
Step 1 Run:
system-view
Step 2 Run:

undo portswitch
To use an XGE interface, a GE interface, a 40GE interface, or an Eth-Trunk interface

of the device as the AC interface of the PE, run the undo portswitch command to
change a Layer 2 interface to a Layer 3 interface.
Step 4 Run:
mpls static-l2vc destination ip-address transmit-vpn-label transmit-label-value receive-vpn-label receive-
label-value [ tunnel-policy tnl-policy-name | [ control-word | no-control-word ] | [ raw | tagged ] ] *
A static VC connection between the UPE and the SPE is established.
----End
7.11.3 Binding the VSI of the SPE with the VLL
Context
This part describes how to configure an SPE to establish VSI peer relationships
with other SPEs, and with UPEs.
Do as follows on the SPE devices:

Switches
Procedure
Step 1 Run:
system-view

Step 2 Run:
vsi vsi-name static
The VSI view is created and the static member discovery is enabled.
Step 3 Run:
pwsignal ldp
The LDP is specified as the PW signaling protocol and the VSI LDP view is
displayed.
Step 4 Run:
vsi-id vsi-id

Step 5 Run:
mac-withdraw enable
After the configuration, when an AC fault or a UPE fault occurs and the VSI
remains Up, the local MAC address is deleted and all the remote peers are
informed of the deletion.
This command takes effect only after the interface-status-change mac-
withdraw enable command is also used.
Step 6 Run:
The VSI peer is configured.

Step 7 Run:
peer peer-address [ tnl-policy policy-name ] static-upe trans transmit-label recv receive-label
The received and sent labels between the SPE and the static UPE are configured.
The label trans here must be the same as the label receive-vpn-label that is
configured on UPE. In addition, the label recv must be the same as the label
transmit-vpn-label that is configured on UPE.
----End

Prerequisites
All configurations of static VLLs to access a VPLS network are complete.
Procedure
● Run the display mpls static-l2vc [ interface interface-type interface-
number ] command to check information about the static VC configured on
the switch.

Switches
● Run the display l2vpn ccc-interface vc-type static-vc up command to check

information about VC interfaces in SVC mode in Up state.
● Run the display mac-address dynamic slot-id command to check dynamic
MAC address entries.
----End
7.12 Configuring CE Dual-Homed Kompella VPLS

Before configuring CE Dual-Homed Kompella VPLS, complete the following tasks:
● Configure LSR IDs and enable MPLS on PEs and Ps.
To configure CE Dual-Homed Kompella VPLS, perform the following
configurations on the PE.
7.12.1 Creating VSIs and Configuring the BGP Signaling
Context
When configuring Kompella VPLS, you need to create and configure VSIs (set RDs
and VPN targets of the VSIs), configure BGP, and create site connections.
Configure two VSIs with the same attributes on two dual-homed PEs.
Do as follows on the PEs:
Procedure
Step 1 Run:
system-view
Step 2 Run:
vsi vsi-name auto
VSIs are created and the automatic member discovery mechanism is used.

Switches
The Kompella VPLS does not directly run on the connection between CEs. Each CE
has a globally unique number. On a PE, a VSI is created for each CE that is directly
connected to this PE device.
Step 3 Run:
pwsignal bgp
BGP is configured as the PW signaling protocol and the VSI BGP view is displayed.
Step 4 Run:
route-distinguisher route-distinguisher
The RD is configured for the VSI.

After configuring BGP as the PW signaling protocol, you must configure the RD of
the VSI to validate the VSI.
Step 5 Run:
A VPN target is configured for the VSI.

When using this command, note the mapping between the VPN target attribute at
the local end and the VPN target at the remote end.
● export-extcommunity of the local end must be consistent with import-
● import-extcommunity of the local end must be consistent with export-
Traffic can be normally transmitted in bidirectional way only if the preceding two
conditions are satisfied. If only one condition is met, the traffic can be transmitted
only in unidirectional way. For convenience of configuration, the four values are
configured to be the same.
NOTE
When locating a VPLS fault, you can use the remote-vpn-target refresh command to refresh
the VPN target of the remote end.
Step 6 Run:
site site-id [ range site-range ] [ default-offset { 0 | 1 } ]
Information about the sites of the VSI is configured.

The site ID of the local end must be less than the sum of the site-range value and
default-offset value on the peer end. The site ID of the local end cannot be less
than the default-offset value of the peer end.
NOTE
At present, the VSIs of the two dual-homed PEs can be configured with only one label
block. To enlarge the range, use the undo site command to delete all the original sites and
then configure a larger range. In addition, the VSIs of the two dual-homed PEs can be
configured with only one AC.

encapsulation rfc4761-compatible
The encapsulation type for Kompella VPLS is configured to be in compliance with

RFC 4761.

Switches
Before a Kompella VPLS network sends packets with encapsulation types other
than encapsulation type 19, the network converts the encapsulation types of these
packets to encapsulation type 19.
If a Kompella VPLS network receives packets with encapsulation type 19, the
network automatically converts the encapsulation types of these packets to its
own encapsulation type.
----End
7.12.2 Configuring the Multi-Homed Preference for a VSI
Context
If the VSIs of two PEs to which a CE is dual homed are Up, the PE with the higher
priority functions as the master PE, whereas the PE with the lower priority
functions as the backup PE. Therefore, you should not assign the same priority to
the PEs, because this hinders the master/backup PE negotiation.
Procedure
Step 1 Run:
system-view
Step 2 Run:
vsi vsi-name
The VSI view is displayed.
Step 3 Run:
multi-homing-preference preference-value
The multi-homed preference is configured for a VSI.
When the VSIs of the two PEs that a CE accesses are Up, the PE with the higher
preference serves as the active PE, and the PE with the lower preference works as
the standby PE. The active PE is responsible for forwarding the traffic of the CE;
the standby PE is only responsible for checking whether the VSI of the active PE is
Up. After a PE is selected as the standby PE, the status of the VSI of the standby
PE is set to Down. After the VSI of the active PE becomes Down, the standby PE
becomes the new active PE.
After the BGP session between the two PEs that a CE accesses becomes Down, the
PW of the PE with the lower preference becomes Up, and the PW between the
two PEs becomes Up.
----End

Switches
Context
interface
Ethernet Switching.
NOTE

Procedure
a. Run:
system-view

Switches

b. Run:

c. (Optional) Run:
undo portswitch

d. Run:
NOTE
a. Run:
system-view

b. Run:

c. Run:

d. Run:
quit

e. Run:

▪ Run:
configured.
▪ Run:

Switches

configured.
▪ Run:
▪ Run:
▪ Run:

g. Run:

a. Run:
system-view

b. Run:

c. Run:
NOTE
a. Run:
system-view

b. Run:

Switches
c. Run:
quit

d. Run:

address.
NOTE

e. Run:
eth-trunk trunk-id

services.

original one.

f. Run:
quit

g. Run:

h. (Optional) Run:
undo portswitch

i. Run:
NOTE

Switches

a. Run:
system-view

b. Run:

c. Run:
quit

d. Run:

address.
NOTE

e. Run:
eth-trunk trunk-id

services.
original one.
f. Run:

g. Run:
quit

h. Run:


Switches
▪ Run:

configured.
▪ Run:

configured.
▪ Run:
▪ Run:
▪ Run:

j. Run:
----End
Prerequisites
All CE dual-homed Kompella VPLS configurations are complete.
Procedure
● Run the display bgp vpls group [ group-name ] command to check the BGP
VPLS peer group relationship on a PE or an ASBR PE.
● Run the display bgp vpls peer [ [ ipv4-address ] verbose ] command to
check the BGP VPLS peer relationship on a PE or an ASBR PE.
● Run the display bgp vpls all command to check BGP VPLS label blocks on a
PE or an ASBR PE.
[ verbose ] command to check the VPLS connection on a PE.
----End

Switches
7.13 Configuring Inter-AS Martini VPLS in OptionA

Mode
When VPLS is deployed in a large area, PEs may belong to different ASs. In this
case, PWs cannot be established between PEs through LDP. To solve the problem
in a normal network, configure inter-AS Martini VPLS.
Before configuring inter-AS Martini VPLS in OptionA mode, complete the following
tasks:
● Configure IGP for the MPLS backbone network of each AS to ensure IP
connectivity of the backbone network within an AS.
● Configure basic MPLS functions on the MPLS backbone network of each AS.
● Configure MPLS LDP and establish the LDP LSP for the MPLS backbone
network of each AS.
● Establish a tunnel between the PE and ASBR within an AS.
Context
The configuration is described as follows:
● Configuring Martini VPLS in each AS.

● An ASBR considers a peer ASBR as a CE.
● No inter-AS configuration needs to be performed on ASBRs.
● No IP address needs to be configured for the interfaces connecting ASBRs.
For details, see 7.6 Configuring Martini VPLS.
NOTE
In inter-AS Martini VPLS OptionA, each ASBR must reserve an AC interface for each inter-AS
VC. OptionA can be used when the number of inter-AS VCs is small. Compared with the
L3VPN, the inter-AS L2VPN OptionA consumes more resources and requires more
configuration workload. Therefore, the inter-AS L2VPN OptionA is not recommended.
Checking the Configuration

[ pw-id pw-id ] [ local ] [ remote ] command to check configurations of the
VSI on the peer PE.

Switches
● Run the ping vpls mac mac-address vsi vsi-name [ vlan vlan-id | -c count | -
m time-value | -s packsize | -t timeout | -exp exp | -r replymode ] * command
to check the connectivity of Layer 2 links on the VPLS network.
● Run the trace vpls mac mac-address vsi vsi-name [ vlan vlan-id ] [ -t
timeout | -f first-ttl | -m max-ttl | -exp exp | -r replymode ] * command to
check the PEs and P that packets pass from the sender to the receiver and
check the connectivity of Layer 2 links, which helps locate the faulty node on
the network.
NOTE
In OptionA mode, the ping and trace functions support intra-AS detection.
7.14 Configuring Inter-AS Kompella VPLS in OptionA

Mode
Before configuring inter-AS Kompella VPLS in OptionA mode, complete the
following tasks:
● Configure IGP for the MPLS backbone network of each AS to ensure IP
connectivity of the backbone network within an AS.
● Configure basic MPLS functions on the MPLS backbone network of each AS.
● Establish a tunnel between the PE and ASBR within an AS.
Context
The configuration is described as follows:
● Configuring BGP VPLS in each AS.

● An ASBR considers a peer ASBR as a CE.
● VSIs are configured on the PE and ASBR, and these VSIs are bound to AC
interfaces. The VSI for PE is used to access CE; the VSI for ASBR is used to
access the peer ASBR.
The configuration details are not mentioned here.
NOTE
● In the inter-AS VPLS OptionA, the VPN targets of the ASBRs and PEs in the same AS
must match; the VPN targets of the PEs in different ASs do not need to match.
● In inter-AS Martini VPLS OptionA, each ASBR must reserve an AC interface for each
inter-AS VC. OptionA can be used when the number of inter-AS VCs is small.
Compared with the L3VPN, the inter-AS L2VPN OptionA consumes more resources and
requires more configuration workload. Therefore, the inter-AS L2VPN OptionA is not
recommended.

● Run the display bgp vpls group [ group-name ] command to check the BGP
VPLS peer group relationship on a PE or an ASBR PE.

Switches
● Run the display bgp vpls peer [ [ ipv4-address ] verbose ] command to

check the BGP VPLS peer relationship on a PE or an ASBR PE.
● Run the display bgp vpls all command to check BGP VPLS label blocks on a
PE or an ASBR PE.
[ verbose ] command to check the VPLS connection on a PE.
● Run the display bgp routing-table label command to check label
information about IPv4 routes on a PE or an ASBR PE.
● Run the ping vpls mac mac-address vsi vsi-name [ vlan vlan-id | -c count | -
m time-value | -s packsize | -t timeout | -exp exp | -r replymode ] * command
to check the connectivity of Layer 2 links on the VPLS network.
● Run the trace vpls mac mac-address vsi vsi-name [ vlan vlan-id ] [-t timeout
| -f first-ttl | -m max-ttl | -exp exp | -r replymode ] * command to check the
PEs and P that packets pass from the sender to the receiver and check the
connectivity of Layer 2 links, which helps locate the faulty node on the
network.
NOTE
In OptionA mode, the ping and trace functions support intra-AS detection.
7.15 Configuring VPLS PW Redundancy

Pre-configuration Tasks
Before configuring VPLS PW redundancy, complete the following tasks:
● Configure IP addresses and an Interior Gateway Protocol (IGP) on PEs.

● Establish public tunnels between PEs.
The public tunnels can be:
– LDP tunnels: To establish LDP tunnels, you must enable MPLS and MPLS
LDP globally and in the interface view on each node of the public
network. If two PEs are indirectly connected, establish a remote LDP
session between them.
– TE tunnels: To establish TE tunnels, you must enable MPLS, MPLS TE, and
RSVP-TE globally and in the interface view on each node of the public
network, and enable CSPF in the MPLS view of the ingress of each tunnel
to be created.
NOTE
Because pseudo wire emulation edge-to-edge (PWE3) uses LDP to distribute VPN
labels, you must globally enable MPLS LDP on PEs and establish MPLS LDP
sessions if TE tunnels are used as public tunnels.
If the public tunnels are not LDP tunnels, you must configure tunnel policies and
apply them to these public tunnels.
Only the VPLSs in PWE3 mode support PW redundancy.

Switches

SPE1
UPE 1
PW
CE2 VPLS CE1

PW
2
SPE2
To configure VPLS PW Redundancy, perform the following configurations on the
PE. Configuring BFD for PW and Manually Switching PWs in a PW Protection
Group are optional.
7.15.1 Configuring a PW
Context
Only LDP PWs can be configured.
Do as follows on the SPE and the UPE devices:
Procedure
● Configure a PW in HVPLS networking mode.
For details, see Configuring LDP HVPLS.
a. Run:
system-view

b. Run:
vsi vsi-name static
A VSI is created and the static member discovery mode is specified.

c. Run:
pwsignal ldp
LDP is configured as the PW signaling protocol and the VSI-LDP view is

displayed.
d. Run:
vsi-id vsi-id
The VSI ID is set.

e. Run the following commands to configure VSI peers and establish PWs:
▪ To specify an SPE as the peer of the UPE or to specify an NPE as the

peer of an SPE, run:

Switches
▪ To specify the UPE as the peer of an SPE, run:

peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ] upe [ ignore-
standby-state ]
From the perspective of the UPE, the PW between itself and an SPE is a
hub PW; from the perspective of an SPE, the PW between itself and the
UPE is a spoke PW.
f. Run:
quit

g. Run:
quit

h. Run:
The AC interface view is displayed.

This command must be run on the UPEs, but does not need to be run on
the SPEs. In this scenario, the AC interface of the UPE is an Ethernet
interface.
i. Run:
undo portswitch

j. Run:
The AC interface is bound to the VSI.

----End
7.15.2 Adding PWs to a PW Protection Group

Context
After configuring two PWs in the VSI view of a UPE, you can add them to a PW
protection group, specify their priorities, and configure PW protection group
parameters for the two PWs to work in backup mode.
Do as follows on the UPE devices:
Procedure
Step 1 Run:
system-view

Step 2 Run:
vsi vsi-name static

Switches
Step 3 Run:
pwsignal ldp
The VSI-LDP view is displayed.

Step 4 Run:
protect-group group-name
A PW protection group is created, and the PW protection group view is displayed.

Step 5 Run:
protect-mode pw-redundancy master
The PW redundancy mode of the current PW protection group is specified.
NOTE
The PW redundancy mode of the PW protection group must have been configured before you
start the following configurations.
Step 6 Run:
peer peer-address [ negotiation-vc-id vc-id ] preference preference-value
The specified PW is added to the PW protection group and the priority of the PW
is specified. The smaller the value, the higher the priority. Among the two PWs
added to a PW protection group, the one with a higher priority serves as the
primary.
reroute { delay delay-time | immediately | never }
A revertive switching policy is configured.

The default revertive switching policy is delayed switchback and the delay is 30s.
Only a PW protection group with the master/slave PW redundancy mode allows
you to modify the revertive switching policy using the reroute command.
● delay delay-time: indicates delayed switchback, meaning that traffic is
switched back to the primary PW after a delay.
● immediately: indicates immediate switchback.
● never: indicates non-switchback, meaning that traffic is not switched back to
the primary PW after the primary PW recovers. Traffic is switched back only
after the backup PW fails.
The revertive switching policy affects traffic switchback after the primary PW
recovers.
stream-dual-receiving
The function of the secondary PW to receive and forward traffic from the peer is
enabled.
By default, the secondary PW does not receive traffic from the peer.
When the network is unstable or a faulty occurs on the device, traffic may switch
between the primary and secondary PW. In this case, you need to run the stream-
dual-receiving command to enable the secondary PW to receive and forward
traffic from the peer. This reduces number of packets lost during switching, but
may incur routing loops..

Switches

holdoff holdoff-time
A switching delay is configured for the PW protection group.
By default, no switching delay is configured for a PW protection group with the

PW redundancy mode as master/slave. If a fault occurs on the primary PW, traffic
immediately switches from the primary PW to the secondary PW. If the working
path flaps or an error occurs in the detection mechanism, traffic frequently
switches between the working and protection paths. To avoid such situations,
configure a switching delay.
NOTE
On a VPLS network that uses BFD for fault detection, traffic immediately switches from the
primary PW to the secondary PW after BFD detects a fault on the primary PW, no matter
whether delayed switching is configured. It is recommended that you determine whether to
use BFD or delayed switching based on your actual network requirements.
After you configure a switching delay, traffic forwarded during the delay period will be
interrupted if the primary PW fails to recover before the delay period expires.
----End
7.15.3 (Optional) Associating Spoke PW Status with Hub PW

Status
Context

SPE1 NPE1
PW1
UPE CE2
CE1
PW2
SPE2 NPE2
spoke PW
hub PW
Under normal circumstances, if all hub PWs connected to SPE1 go Down but PW1
is Up, the upstream traffic still travels along the primary PW, PW1. As a result,
traffic gets lost. To prevent the preceding problem, you can associate spoke PW
status with hub PW status. Then, after all the hub PWs of the SPE where the
primary spoke PW resides go Down, the SPE notifies the UPE of switching traffic
to the secondary spoke PW for transmission.
Do as follows on the SPE devices:

Switches
Procedure
Step 1 Run:
system-view

Step 2 Run:
vsi vsi-name static

Step 3 Run:
pwsignal ldp

Step 4 Run:
peer peer-address [ negotiation-vc-id vc-id ] pw pw-name
The PW view is displayed.

Step 5 Run:
track hub-pw
Spoke PW status is associated with hub PW status.

By default, spoke PW status is not associated with hub PW status.
This command can only be used to configure spoke PWs to track the status of hub
PWs. The peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ]
upe must have been run to create a spoke PW.
After the track hub-pw command is configured, the SPE notifies the UPE of
switching traffic to the secondary spoke PW for transmission after detecting that
all connected hub PWs go Down. The protect-group group-name and protect-
mode pw-redundancy master commands must have been run to create a PW
protection group with the master/slave PW redundancy mode, and the primary
and secondary PWs have joined the group.
----End
7.15.4 (Optional) Configuring BFD for PW

Context
If only signaling is used to detect PW faults, PWs are slow to become aware of
faults. BFD for PW is often used to quickly detect PW faults.
Generally, BFD for PW only needs to be configured for the primary PW. When BFD
for PW detects a fault on the primary PW, BFD for PW immediately triggers an
active/standby PW switchover.
Procedure
Step 1 Run:

Switches
system-view

Step 2 Run:
bfd
BFD is enabled globally and the BFD view is displayed.

Step 3 Run:
quit

Step 4 Run the following commands to create BFD configurations to detect faults of
different types of PWs:
On the UPE configured with a VSI, run:
bfd cfg-name bind pw vsi vsi-name peer peer-address [ vc-id vc-id ] [ remote-
peer remote-peer-address pw-ttl { auto-calculate | ttl-number } ]
BFD for PW is configured to detect VSI PW faults.
Step 5 Run the following commands to configure BFD session discriminators:
● Run:
discriminator local discr-value
A local BFD session discriminator is configured.
● Run:
discriminator remote discr-value
A remote BFD session discriminator is configured.
The local BFD session discriminator on one end must be the remote BFD session
discriminator on the other end.
Step 6 Run:
commit
The configuration is committed.

If the status of a PW is Down, the BFD session can be established but cannot go
Up.
NOTE
Note that you must configure or cancel BFD for PW on both ends of a PW. Otherwise, the PW
status on both ends may be inconsistent.
Step 7 Run:
quit

Step 8 Run:
bfd for vsi-pw enable
The system is enabled to send BFD for VSI-PW packets to the protocol stack for
processing.
----End

Switches
7.15.5 (Optional) Manually Switching PWs in a PW Protection

Group
Context
If you want to maintain the device where the active PW is configured in a VPLS
PW redundancy scenario, you can switch services from the active PW to the
standby PW and switches services back after the device stabilizes.
Procedure
Step 1 Run:
system-view

Step 2 Run:
vsi vsi-name static

Step 3 Run:
pwsignal ldp

Step 4 Run:
protect-group group-name
A PW protection group is created, and the PW protection group view is displayed.

Step 5 Run:
protect-switch manual
An active/standby PW switchover is performed in the current PW protection group.

Step 6 Run:
protect-switch clear
An active/standby PW switchback is performed in the current PW protection

group.
----End

Prerequisites
All PLS PW Redundancy configurations are complete.
Procedure
● Run the display vsi name vsi-name protect-group [ group-name [ verbose |
history ] ] command to check summary or detailed information about the

Switches
PW protection group of a specified VSI, or PW switchover information about

the PW protection group of a specified VSI.
● Run the display vsi [ name vsi-name ] [ verbose ] command to check VSI
information.
----End
7.16 Setting Related Parameters for a VSI

Before setting VSI-related parameters, complete at least one of the following
tasks:
● Configure Martini VPLS. For details, see 7.6 Configuring Martini VPLS.
● Configure Kompella VPLS. For details, see 7.7 Configuring Kompella VPLS.
● Configure BGP AD VPLS. For details, see 7.8 Configuring BGP AD VPLS.
● Configure interworking between LDP VPLS and BGP AD VPLS. For details, see
7.9 Configuring Interworking Between LDP VPLS and BGP AD VPLS.
After creating a VSI and assigning a signaling protocol to it, you can set common
parameters of the VSI. According to different applicable environments, you can
determine whether to modify the MAC address learning mode and MAC address
entry.
Perform the following configurations on the PE.
7.16.1 Setting Common Parameters for a VSI
Context
Common parameters of a VSI include VPLS encapsulation type of a VSI, MTU for
negotiation, tunnel policy for a VSI, and VSI description.
Perform the following steps on PEs at both ends of a PW.
Procedure
Step 1 Run:
system-view

Step 2 Run:
vsi vsi-name [ auto | static ]

mtu mtu-value

Switches
The MTU for packets sent by the VSI is configured.

The default value of MTU in the VSI view is 1500.
When configuring MTUs, note that MTUs of VSIs created for the same VPLS on
different PEs must be the same.
NOTE
When an interface is bound to a VSI, the MTU can be configured in the interface view but
does not take effect. The PW signaling uses the MTU that is configured in the VSI for PW
MTU negotiation.
On the switch, the MTU value is used only for signaling negotiation and does not limit the
size of forwarded packets.

tnl-policy policy-name
Tunnel policies for a VSI are configured.

By default, no tunnel policy is applied to a VSI.
description description
The VSI description is configured.

By default, the description of a VSI is empty.
VSI descriptions help identify different VSIs and describe the functions of VSIs.
----End
7.16.2 Configuring MAC Address Learning
Context
In VPLS, packets are forwarded according to MAC address forwarding entries. In
most cases, MAC address learning can be performed automatically. Nevertheless,
to prevent attacks and troubleshoot faults, you can adopt the VSI-based MAC
address management mechanism provided by the switch.
A physical interface can belong to multiple VLANs at the same time. Multiple
VLANIF interfaces can be bound with the same VSI. Therefore, when configuring
MAC address static entries or blackhole entries for VSI bound to the VLANIF
interfaces, you must specify the physical interface and VLANIF interface.
Procedure
Step 1 Run:
system-view

Step 2 Run:
mac-address aging-time aging-time

Switches
The aging time of MAC address entries for the VPLS is configured.
Step 3 Run:
mac-address static mac-address interface-type interface-number vlanif interface-number vsi vsi-name or
mac-address static mac-address interface-type interface-number vsi vsi-name
Static MAC address entries are configured.
Step 4 Run:
mac-address blackhole mac-address vsi vsi-name
MAC address blackhole entries are configured.
Step 5 Run:
vsi vsi-name [ auto | static ]
Step 6 Run:
pwsignal ldp
The PW signaling protocol is specified as LDP and the VSI-LDP view is displayed.
Step 7 Run:
vsi-id vsi-id
Step 8 Run:
quit
Step 9 Run:
mac-learning { enable | disable }
The MAC address learning is enabled or disabled.
Step 10 Run:
mac-limit { action { discard | forward } | alarm { disable | enable } | maximum max-num } *
The MAC address learning limit is configured.
----End
7.16.3 Configuring MAC Withdraw
Context
On an LDP, BGP AD, or LDP+BGP AD VPLS network, when the AC or PW status on
a MAC Withdraw-capable PE changes, the PE sends a MAC Withdraw message to
remote peers, instructing the remote peers to remove MAC address entries in their
VSIs. If MAC Withdraw relay is configured, the remote peers will forward the
received MAC Withdraw messages.

Switches
NOTE
MAC Withdraw can be configured in either the VSI-LDP view or VSI view, but cannot be
configured in both views. If you have configured MAC Withdraw in one view but now you want
to configure MAC Withdraw in the other view, delete the current MAC Withdraw configuration
first.
MAC Withdraw applies only to LDP VPLS networks if configured in the VSI-LDP view, but applies
to LDP, BGP AD, and LDP+BGP AD VPLS networks if configured in the VSI view.
Configuration Procedure
● Configure a PE to send MAC Withdraw messages when the AC or PW status
on the PE changes. Two methods are available for configuring this MAC
Withdraw function (method 1 applies only to LDP VPLS networks, whereas
method 2 applies to LDP, BGP AD, and LDP+BGP AD VPLS networks):
– Method 1
i. Run:
system-view

ii. Run:
vsi vsi-name
iii. Run:
pwsignal ldp

iv. Run:
mac-withdraw enable
The PE is configured to send a MAC Withdraw message when the AC

or PW status changes.
By default, this function is disabled.
To enable a PE to send a MAC Withdraw message when the AC
status changes, you must also run step 5.
v. (Optional) Run:
interface-status-change mac-withdraw enable
The PE is configured to send a MAC Withdraw message to all peers

when the AC status changes.
vi. Run:
quit

vii. (Optional) Run:
local-mac remove all-but-mine
The PE is enabled to remove all MAC address entries in its VSI,

except those learned from the PW over which the PE receives the
MAC Withdraw message with TLV type 0x404. The implementation
complies with RFC.
– Method 2

Switches
i. Run:
system-view

ii. Run:
vsi vsi-name
iii. Run:
mac-withdraw enable

when the AC or PW status changes.
To enable a PE to send a MAC Withdraw message when the AC
status changes, you must also run step 4.
iv. (Optional) Run:
interface-status-change mac-withdraw enable

when the AC status changes.
v. (Optional) Run:
local-mac remove all-but-mine
The PE is enabled to remove all MAC address entries in its VSI,

except those learned from the PW over which the PE receives the
MAC Withdraw message with TLV type 0x404. The implementation
complies with RFC.
● Configure MAC Withdraw relay. Two methods are available for configuring
this MAC Withdraw function (method 1 applies only to LDP VPLS networks,
whereas method 2 applies to LDP, BGP AD, and LDP+BGP AD VPLS networks):
The MAC withdraw function configured in the VSI-LDP view and that
configured in the VSI view are mutually exclusive.
– Method 1
i. Run:
system-view

ii. Run:
vsi vsi-name

iii. Run:
pwsignal ldp

iv. Perform the following operations based on the sources and
destinations of MAC Withdraw messages to configure MAC
Withdraw relay:
○ To enable an SPE to forward a MAC Withdraw message to a UPE
after the SPE receives this message from another SPE, run:
npe-upe mac-withdraw enable

Switches
○ To enable an SPE to forward a MAC Withdraw message to

another SPE after the SPE receives this message from a UPE, run:
upe-npe mac-withdraw enable
○ To enable an SPE to forward a MAC Withdraw message to a UPE

after the SPE receives this message from another UPE, run:
upe-upe mac-withdraw enable
– Method 2
i. Run:
system-view

ii. Run:
vsi vsi-name

iii. Run:
mac-withdraw propagate enable
MAC Withdraw relay is enabled.

● Disable the device from sending MAC Withdraw messages on a VPLS network
with primary and secondary VLLs.
a. Run:
system-view

b. Run:

c. Run:
undo portswitch

To use a GE interface, an XGE interface, a 40GE interface, or an Eth-Trunk
interface of the device as the AC interface of the PE, run the undo
portswitch command to change a Layer 2 interface to a Layer 3
interface.
d. Run:
mpls l2vpn mac-withdraw disable
The VLL in Ethernet or VLAN encapsulation mode is disabled from

sending MAC Withdraw messages during a primary/secondary PW
switchover.
NOTE
This command takes effect only in a VPLS scenario with primary and secondary VLLs.
In other scenarios, the VLL needs to send MAC Withdraw messages; otherwise,
services will be interrupted.

Switches
7.16.4 Configuring MAC Withdraw Loop Detection

Context
Media Access Control (MAC) Withdraw loop detection prevents MAC Withdraw
message loops.
Procedure
Step 1 Run:
system-view

Step 2 Run:
mpls l2vpn
Layer 2 virtual private network (L2VPN) is enabled, and the L2VPN view is
displayed.
Step 3 Run:
vpls mac-withdraw loop-detect enable
MAC Withdraw loop detection is enabled.

By default, MAC Withdraw loop detection is disabled.
----End

● Run the display vsi [ name vsi-name ] verbose command to check the MAC
Withdraw configuration.
● Run the display vsi [ name vsi-name ] mac-withdraw loop-detect command
to check information about MAC Withdraw message loops.
7.16.5 Configuring a VSI to Ignore the AC Status

Switches
Context
Figure 7-30 Networking diagram of configuring a VSI to ignore the AC status

Server A
A'
C B
B'
C'
D
D'
DSLAM
Devices on the old network
Devices on the new network
As shown in Figure 7-30, if the services running on the old network will switch to
the new network, and you want to check whether the VSI on the new network can
work normally before the service switchover, you need to configure the VSI to
ignore the AC status on D'. After the configuration, the VSI on D' keeps Up before
the DSLAM is connected to the new network.
The AC statuses are classified into the following statuses:
● The status of a physical AC interface or logical AC interface that is bound to

the VSI
● The UPE PW status in the scenario of VLL accessing VPLS
If an AC interface is Down and the PW is Up, the VSI remains Up after being
enabled to ignore AC status. If an AC interface is Up and the PW is Down, the VSI
remains Up after being enabled to ignore AC status.
Do as follows on the PE (D' in Figure 7-30):

Switches
Procedure
Step 1 Run:
system-view
Step 2 Run the following commands as required:

● If you want to prevent the status of all the VSIs from being affected by the
status of the AC: Run:
a. Run:
mpls l2vpn
The MPLS L2VPN view is display.

b. Run:
vpls ignore-ac-state
The status of a VSI is prevented from being affected by the status of the
AC.
● If you want to prevent the status of one VSI from being affected by the status
of the AC:
a. Run:
vsi vsi-name [ static ]

b. Run:
ignore-ac-state
The status of a VSI is prevented from being affected by the status of the
AC.
----End
Follow-up Procedure
The vpls ignore-ac-state or ignore-ac-state are used only before the service
switchover between a new VPLS network and an old one. After the service
switchover, run the undo vpls ignore-ac-state or undo ignore-ac-state command
to restore the default setting.
7.16.6 Configuring VSI-based Traffic Suppression
Context
On a VPLS network, you can limit the rates of broadcast, multicast, and unknown
unicast packets to:
● Enhance traffic management and appropriately allocate user bandwidth.

● Prevent traffic attacks and enhance network security.
You can flexibly control the processing of unknown multicast packets. For
example, you can enable the device to discard unknown multicast packets in the
IGMP-snooping over VPLS scenario.

Switches
Do as follows on the PEs on which the VSI broadcast traffic, multicast traffic, and
unknown unicast traffic need to be suppressed.
Procedure
Step 1 Run:
system-view

Step 2 Run:
vsi vsi-name

Step 3 Run:
broadcast-suppression cir cir-value cbs cbs-value
The broadcast traffic is suppressed based on VSIs.

Step 4 Run:
multicast-suppression cir cir-value cbs cbs-value
The multicast traffic is suppressed based on VSIs.

Step 5 Run:
unknown-unicast-suppression cir cir-value cbs cbs-value
The unknown unicast traffic is suppressed based on VSIs.

Step 6 Run:
unknown-frame multicast { drop | broadcast }
The processing mode for received unknown frames is configured.
----End
7.17 Maintaining VPLS

Maintaining VPLS includes collecting statistics on traffic on a VPLS PW, clearing
the traffic statistics, checking traffic statistics on a VPLS PW, clearing the VPLS PW
traffic statistics, enabling or disabling VSI, clearing MAC address entries, checking
the consistency of VPN configurations, checking MAC address learning, and
checking connectivity of the VPLS network, disabling MPLS L2VPN alarm
verification.
7.17.1 Collecting VPLS Traffic Statistics
Context
To collect statistics on VPLS traffic, choose either of the following methods:
● Enable traffic statistics collection for the specified PW.
● Enable traffic statistics collection on the VLANIF interfaces bound to the
specified VPLSs.

Switches
Do as follows on the device configured with the VSI:
Procedure
● Enable traffic statistics collection for the specified PW.
a. Run the system-view command to enter the system view.
b. Run the vsi vsi-name [ auto | static ] command to enter the VSI view.
c. Choose one of the following commands to collect statistics on traffic of a
PW:
▪ In BGP mode:
1) Run the pwsignal bgp command to configure BGP as the PW
signaling protocol and enter the VSI-BGP view.
2) Run the traffic-statistics peer peer-address remote-site site-id
enable command to enable the traffic statistics function on a
Kompella VPLS PW.
▪ In LDP mode:
1) Run the pwsignal ldp command to configure LDP as the PW
signaling protocol and enter the VSI-LDP view.
2) Run the traffic-statistics peer peer-address peer-address
[ negotiation-vc-id vc-id ] enable command to enable the
traffic statistics function on a Martini VPLS PW.
NOTE
When there are a large number of PWs, you can run the traffic-
statistics enable (VSI-LDP view) command to enable the traffic
statistics function on a Martini VPLS PW.
▪ In BGP AD mode:
1) Run the bgp-ad command to set the PW establish mode of the
VSI to automatic discovery and deployment, and enter the VSI-
BGPAD view.
2) Run the traffic-statistics peer peer-address enable command to
enable the traffic statistics function on a BGP AD VPLS PW.
NOTE
When there are a large number of PWs, you can run the traffic-
statistics enable (VSI-BGPAD view) command to enable the traffic
statistics function on all BGP AD VPLS PWs.
● Enable traffic statistics collection on the VLANIF interfaces bound to the
specified VPLS.
b. Run the interface vlanif vlan-id command to enter the VLANIF interface
view.
c. Run the l2 binding vsi vsi-name command to bind the VLANIF interface
to a VSI.
d. Run the statistic enable { both | inbound | outbound } command to
enable traffic statistics collection on the VLANIF interface bound to the
specified VSI.

Switches
7.17.2 Clearing the Traffic Statistics
Context
NOTICE
The traffic statistics information cannot be restored after you clear it. So, confirm
the action before you use the command.
Procedure
● Run the reset traffic-statistics vsi all command in the user view to reset all
traffic statistics on VPLS PW.
● Run the reset traffic-statistics vsi name vsi-name command in the user view
to reset traffic statistics on all VPLS PWs in a specified VSI.
● Run the reset traffic-statistics vsi name vsi-name peer peer-address
command in the user view to reset traffic statistics on a VPLS PW in a
specified VSI.
negotiation-vc-id vc-id command in the user view to reset the traffic
statistics on a specified Martini VPLS PW in a specified VSI.
remote-site site-id command in the user view to reset the traffic statistics on
a specified Kompella VPLS PW in a specified VSI.
● Run the reset traffic-statistics vsi name vsi-name peer peer-address ldp129
command in the user view to reset the traffic statistics on a specified BGP AD
VPLS PW in a specified VSI.
● Run the reset counters interface vlanif [ interface-number ] command in
the user view to reset the traffic statistics on the specified VLANIF interface
bound to the VSI.
----End
7.17.3 Checking Traffic Statistics on a VPLS
Context
NOTE
Within five minutes, if a PW goes Down, traffic before the PW is Down cannot be used to
compute the traffic rate in the five minutes.
After the traffic statistics function is enabled on a VPLS, you can run the following
commands in any view to view the running status of traffic on the VPLS.
Procedure
● Run the display traffic-statistics vsi vsi-name command to check the public
traffic statistics on all VPLS PWs in a specified VSI.

Switches
● Run the display traffic-statistics vsi vsi-name peer peer-address command

to check the public traffic statistics on a VPLS PW in a specified VSI.
● Run the display traffic-statistics vsi vsi-name peer peer-address remote-site
site-id command to check the public traffic statistics on a Kompella VPLS PW
in a specified VSI.
● Run the display traffic-statistics vsi vsi-name peer peer-address
negotiation-vc-id vc-id command to check the public traffic statistics on a
Martini VPLS PW in a specified VSI.
● Run the display traffic-statistics vsi vsi-name peer peer-address ldp129
command to check the public traffic statistics on a BGP AD VPLS PW in a
specified VSI.
● Run the display interface vlanif interface-number command to check the
traffic statistics on the VLANIF interface bound to the specified VSI.
----End
7.17.4 Enabling or Disabling VSI
Context
Sometimes, to halt services, you can disable a VSI temporarily, and then add,
cancel, or adjust VSI functions.
Procedure
● Enable VSI
b. Run the vsi vsi-name command to enter the vsi view.
c. Run the undo shutdown command to enable VSI.
● Disable VSI
b. Run the vsi vsi-name command to enter the vsi view.
c. Run the shutdown command to check disable VSI.
NOTICE
The shutdown command affects the PW connection. The AC is Down,

and the Layer 2 forwarding table is deleted.
----End
7.17.5 Checking the Consistency of VPN Configurations

(Service Ping)

Switches
Context
Checking the consistency of VPN configurations, you can locate faults on the VPN
connection.
NOTE
To reduce the bandwidth consumption, the ping vpn-config command only sends one
probe packet and set timeout period for waiting for a Response packet to 10 seconds.
Procedure
[ pw-id pw-id ] [ local ] [ remote ] command to check consistency of
configurations on both ends of a VPN. The information can help you locate
faults on the VPN connection.
The command output includes information about the VSI type, VSI
description, VSI management status, VSI running status, PW status, MTU
value, number of AC in the VSI, IP address of the peer PE, IP address of the
local PE, whether probe or Echo Reply packets are forwarded through the LSP
tunnel, PW-ID, PE types, VC encapsulation type, and outer incoming and
outgoing tags.
----End
7.17.6 Clearing MAC Address Entries
Context
NOTICE
After MAC address entries are cleared, the entries cannot be restored. Confirm the
action before you clear the entries.
Procedure
● Run the undo mac-address static mac-address interface-type interface-
number vlanif interface-number vsi vsi-name command to clear MAC address
entries for a VSI.
● Run the undo mac-address static mac-address interface-type interface-
number vsi vsi-name command to clear MAC address entries for a VSI.
● Run the undo mac-address [ dynamic | all ] command to clear dynamic, or
all MAC address entries.
● Run the undo mac-address static command to clear static MAC address
entries.
● Run the undo mac-address blackhole [ vsi vsi-name ] command to clear
blackhole MAC address entries.
----End

Switches
7.17.7 Checking the MAC Address Learning Capability
Context
VPLS data forwarding relies on MAC address learning. Therefore, data packets
cannot be correctly forwarded in the VPLS domain unless the MAC addresses of
data packets can be learned by the PE device. Diagnostic tool of the OAM MAC
address learning capability can check the MAC address learning of the VSIs on a
device by adding special OAM MAC addresses to a VPLS network.
When packets fail to be forwarded between CEs but the PW is Up, you can use the
diagnostic tool of the OAM MAC address learning capability to check whether a
fault occurs in the MAC address learning on a device.
The diagnostic tool of the OAM MAC address learning capability include:
● MAC Populate: adds OAM MAC addresses to a VPLS network.

● MAC Purge: removes the added OAM MAC addresses.
On the switch, you can diagnose the MAC address learning capability in the
following methods:
● Add OAM MAC addresses to the local or peer device in the VPLS network.
After adding the OAM MAC address, a MAC address test is performed for the
device.
● Remove the OAM MAC addresses from the local or peer device in the VPLS
network.
The OAM MAC addresses to be removed must be the ones that have been
added.
● Add OAM MAC addresses of the register type to the local or peer device in
the VPLS network.
After the OAM MAC addresses of the register type are added, the packets
destined for the addresses are discarded.
The diagnostic tool of the OAM MAC address learning capability can be used in
the following VPLS networks:
● VPLS in LDP mode

● VPLS in BGP mode
● BGP AD VPLS
● HVPLS in LDP mode
Procedure
Step 1 Run the mac-diagnose enable command to enable diagnostic test on the MAC
address learning capacity.
Step 2 Run the mac-populate vsi vsi-name mac mac-address [ packet-num num |
flood ] * command to initiate a test on the MAC address learning capacity by
adding an OAM MAC address to the device.

Switches
● vsi vsi-name: specifies the name of the VSI of which the MAC address
learning capability needs to be diagnosed.
● mac mac-address: only 10 OAM MAC addresses are supported currently.
– 0018-82a4-3fb1
– 0018-82a4-3fb2
– 0018-82a4-3fb3
– 0018-82a4-3fb4
– 0018-82a4-3fb5
– 0018-82a4-3fb6
– 0018-82a4-3fb7
– 0018-82a4-3fb8
– 0018-82a4-3fb9
– 0018-82a4-3fba
● packet-num num: specifies the number of the sent diagnosis packets. The
value is a decimal integer that ranges from 1 to 5. The default value is 3.
● flood: indicates that diagnose packets are flooded in the VPLS network. In this
case, both the local device and the peer device configured with the same VSI
can learn the specified OAM MAC address. If this parameter is not specified,
only the PE where the command is run can learn the specified OAM MAC
address.
Step 3 Run the mac-purge vsi vsi-name mac mac-address [ packet-num num | register |
flood ] * command to purge an OAM MAC address from the forwarding table.
● flood: If this parameter is not specified, only the local PE can delete the
specified OAM MAC address. If this parameter is specified, the diagnose
packets are flooded in the VPLS network. In this case, both the local device
and the peer device configured with the same VSI can delete the specified
OAM MAC address.
● register: indicates that the specified OAM MAC address becomes the
blackhole MAC address, and all the packets destined for this address are
discarded.
----End
Exception Handling
● Run the mac-purge command to check the MAC address list for the
diagnostic test on the MAC address learning capacity.
● Run the display oam-mac statistics { populate | purge | purge-register |
all } command to check the statistics about MAC diagnostic packets.
NOTE
To clear statistics about MAC diagnostic packets, run the reset oam-mac statistics
{ populate | purge | purge-register | all } command.
----End
7.17.8 Checking Connectivity of the VPLS Network

Switches
Context
To check connectivity of a VPLS network, run the following functions on PE
devices.
Procedure
● Checking VPLS network connectivity
– Run the ping vpls mac mac-address vsi vsi-name [ vlan vlan-id | -c count
| -m time-value | -s packsize | -t timeout | -exp exp | -r replymode | -h
ttl ]* command to check connectivity of the Layer 2 forwarding link on
the VPLS network.
– Run the ping vpls [ -c echo-number | -m time-value | -s data-bytes | -t
timeout-value | -r reply-mode | -exp exp-value | -v ] * vsi vsi-name local-
site-id remote-site-id command to check connectivity of the link between
PEs on the Kompella VPLS network.
– Run the ping vpls [ -c echo-number | -m time-value | -s data-bytes | -t
timeout-value | -r reply-mode | -exp exp-value | -v ] * vsi vsi-name peer
peer-address [ negotiate-vc-id vc-id ] command to check connectivity of
the link between PEs on the Martini or BGP AD VPLS network.
– Run the ping vpls multicast vsi vsi-name [ -a source-ip-address | -c
count | -s packetsize | -t timeout | -m interval | -r replymode | -exp exp | -
v ] * dest-ip-address command to start an MFIB ping test with a specified
VSI in the VPLS domain.
– Run the trace vpls mac mac-address vsi vsi-name [ vlan vlan-id ] [-t
timeout | -f first-ttl | -m max-ttl | -exp exp | -r replymode ]* command to
check PEs and P devices along the PW on the VPLS network and locate
faulty nodes.
– Run the tracert vpls [ -exp exp-value | -f first-ttl | -m max-ttl | -r reply-
mode | -t timeout-value ] * vsi vsi-name peer peer-address [ negotiate-
vc-id vc-id ] [ full-lsp-path ] command to check connectivity of the
Martini or BGP AD VPLS network.
– Run the tracert vpls multicast vsi vsi-name [ -a source-ip-address | -t
timeout | -r reply-mode | -exp exp | -f first-ttl | -m max-ttl ] * multicast-
address multicast-ip-address remote-address remote-ip-address
command to start an MFIB Trace test with a specified VSI in the VPLS
domain.
● Checking ping/trace packet statistics
– Run the display vpls multicast-ping statistics command to check the
number of sent and received MFIB ping packets.
– Run the display vpls multicast-trace statistics command to check the
number of sent and received MFIB trace packets.
– Run the display vpls-ping statistics command to check the number of
sent and received VPLS MAC ping packets.
– Run the display vpls-trace statistics command to check the number of
sent and received VPLS MAC trace packets.
● Clearing ping/trace packet statistics
– Run the reset vpls multicast-ping statistics command to clear VPLS
MFIB ping packet statistics.

Switches
– Run the reset vpls multicast-trace statistics command to clear VPLS

MFIB trace packet statistics.
– Run the reset vpls-ping statistics command to clear VPLS MAC ping
statistics.
– Run the reset vpls-trace statistics command to clear VPLS MAC trace
statistics.
----End
7.17.9 Configuring the Upper and Lower Alarm Thresholds for

VPLS VCs
Context
A device supports only a limited number of VPLS VCs. After the total number of
VPLS VCs created on a device exceeds a certain limit, the device performance
deteriorates. To prevent device performance deterioration caused by excessive
VPLS VCs, configure the upper and lower alarm thresholds for VPLS VCs. You can
flexibly adjust the upper and lower alarm thresholds for VPLS VCs based on actual
requirements.
Procedure
Step 2 Run the mpls l2vpn command to enter the MPLS L2VPN view.
Step 3 Run the mpls l2vpn vsi-pw limit threshold-alarm upper-limit upper-limit-value
lower-limit lower-limit-value command to configure the upper and lower alarm
thresholds for VPLS VCs.
By default, the upper and lower alarm thresholds are 80% and 70% respectively.
● upper-limit-value specifies the upper alarm threshold for VPLS VCs. If the
proportion of VPLS VCs created to the maximum VPLS VCs allowed reaches
this threshold, a VPLS VC threshold-crossing alarm is reported.
● lower-limit-value specifies the lower alarm threshold for VPLS VCs. If the
proportion of VPLS VCs created to the maximum VPLS VCs allowed falls
below this threshold, a VPLS VC threshold-crossing clear alarm is reported.
● upper-limit-value must be greater than lower-limit-value.
----End
7.17.10 Checking MPLS L2VPN Specifications and Usage

Information
Context
In routine network maintenance, you can learn overall MPLS L2VPN information
by checking MPLS L2VPN specifications and usage information.

Switches
Procedure
● Run the display mpls l2vpn resource command to check MPLS L2VPN
specifications and usage information.
----End
7.17.11 Disabling MPLS L2VPN Alarm Verification
Context
If MPLS L2VPN alarm verification is enabled on a device, the device regularly
sends service alarms to the fault management (FM) module until these alarms are
cleared. The FM then compares received alarms with locally stored alarms. If a
received alarm is different from any of the locally stored alarms, the FM module
reports the alarm to the NMS. If a received alarm is the same as a locally stored
alarm, the FM module does not report this alarm.
If a large number of services exist, MPLS L2VPN alarm verification may regularly
drive the CPU usage to a high level, affecting service performance. In this case,
you can disable MPLS L2VPN alarm verification.
Procedure
Step 2 Run the mpls l2vpn command to enter the MPLS L2VPN view.
Step 3 Run the mpls l2vpn alarm verification disable command to disable MPLS L2VPN
alarm verification.
By default, MPLS L2VPN alarm verification is enabled.
After MPLS L2VPN alarm verification is disabled, the device does not periodically
send service alarms to the FM module, and the FM module cannot age out
cleared alarms.
----End
7.18 Configuration Examples

Interface types used in this manual are examples. In device configuration, use the
existing interface types on devices.
7.18.1 Example for Configuring Martini VPLS

Networking Requirements
Figure 7-31 shows a backbone network built by an enterprise. Few branch sites
are distributed on the network (only two sites are shown in this example). Site1
connects to PE1 through CE1 and then connects to the backbone network. Site2
connects to PE2 through CE2 and then connects to the backbone network. Users
at Site1 and Site2 need to communicate at Layer 2 and user information needs to
be reserved when Layer 2 packets are transmitted over the backbone network.

Switches
Figure 7-31 Networking diagram for configuring Martini VPLS

Loopback1 Loopback1 Loopback1
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE0/0/2 GE0/0/2
VLANIF20 VLANIF30
168.1.1.1/24 169.1.1.1/24
PE1 PE2
GE0/0/1 GE0/0/1
GE0/0/1 VLANIF20 P VLANIF30 GE0/0/2
VLANIF10 168.1.1.2/24 169.1.1.2/24 VLANIF40
GE0/0/1 GE0/0/1
VLANIF10 VLANIF40
10.1.1.1/24 10.1.1.2/24
CE1 CE2
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure transparent transmission of Layer 2 packets over the backbone
network using VPLS to enable users at Site1 and Site2 to communicate at
Layer 2 and reserve user information when Layer 2 packets are transmitted
over the backbone network.
2. Use Martini VPLS to implement Layer 2 communication between CEs on an
enterprise network with few sites.
3. Configure the IGP routing protocol on the backbone network to implement
data transmission on the public network between PEs.
4. Configure basic MPLS functions and LDP on the backbone network to support
VPLS.
5. Establish tunnels for transmitting data between PEs to prevent data from
being known by the public network.
6. Enable MPLS L2VPN on PEs to implement VPLS.
7. Create VSIs on PEs, specify LDP as the signaling protocol, and bind VSIs to AC
interfaces to implement Martini VPLS.
Procedure
Step 1 Configure VLANs that interfaces belong to.
Configure the VLAN that each interface belongs to and assign IP addresses to
interfaces on Switch.
# Configure CE1. The configuration on PE1, P, PE2, and CE2 is similar to the CE1,
and is not mentioned here.
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan 10
[CE1-vlan10] quit
[CE1] interface vlanif 10

Switches
[CE1-Vlanif10] ip address 10.1.1.1 255.255.255.0

[CE1-Vlanif10] quit
[CE1] interface gigabitethernet 0/0/1
[CE1-GigabitEthernet0/0/1] port link-type trunk
[CE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[CE1-GigabitEthernet0/0/1] quit
NOTE
Do not add AC-side physical interfaces and PW-side physical interfaces of a PE to the same
VLAN; otherwise, a loop may occur.
Step 2 Configure the IGP protocol. OSPF is used in this example.
When configuring OSPF, advertise the 32-bit address of the loopback interface
(LSR IDs) on PE1, P and PE2.
Configure OSPF on PE1, P, and PE2.
# Configure PE1. The configuration on P and PE2 is similar to the PE1, and is not
mentioned here.
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 255.255.255.255
[PE1-LoopBack1] quit
[PE1] ospf 1
[PE1-ospf-1] area 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
After the configuration is complete, run the display ip routing-table command

on PE1, P, and PE2. You can view the routes learned by PE1, P, and PE2 from each
other.
Step 3 Configure basic MPLS functions and LDP.
Configure basic MPLS functions and LDP on PE1, P, and PE2.
mentioned here.
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls ldp
[PE1-Vlanif20] quit
After the configuration is complete, run the display mpls ldp session command
on PE1, P and PE2. You can see that peer relationships are set up between PE1
and P, and between P and PE2. The status of the peer relationship is Operational.
Run the display mpls lsp command to view the LSP status.
Step 4 Set up remote LDP sessions between PEs.
# Configure PE1.
[PE1] mpls ldp remote-peer 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[PE1-mpls-ldp-remote-3.3.3.9] quit

Switches
# Configure PE2.
on PE1 or PE2, and you can see that the status of the peer relationship between
PE1 and PE2 is Operational. That is, the peer relationship is set up.
Step 5 Enable MPLS L2VPN on PEs.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
Step 6 Configure LDP VPLS on PEs.

# Configure PE1.
[PE1] vsi a2 static
[PE1-vsi-a2] pwsignal ldp
[PE1-vsi-a2-ldp] vsi-id 2
[PE1-vsi-a2-ldp] peer 3.3.3.9
[PE1-vsi-a2-ldp] quit
[PE1-vsi-a2] quit
# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2] quit
Step 7 Bind the interface on the PE to the VSI.

# Configure PE1.
[PE1-Vlanif10] l2 binding vsi a2
[PE1-Vlanif10] quit
# Configure PE2.
[PE2-Vlanif40] quit
Step 8 Verify the configuration.

# After the network becomes stable, run the display vsi name a2 verbose
command on PE1, and you can see that VSI a2 sets up a PW to PE2, and the
status of the VSI is Up.
[PE1] display vsi name a2 verbose
***VSI Name : a2
Administrator VSI : no
Isolate Spoken : disable
VSI Index :0

Switches
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
P2P VSI : disable
Create Time : 0 days, 0 hours, 1 minutes, 3 seconds
VSI State : up
VSI ID :2
*Peer Router ID : 3.3.3.9
Negotiation-vc-id :2
primary or secondary : primary
ignore-standby-state : no
VC Label : 4096
Peer Type : dynamic
Session : up
Tunnel ID : 0x1a
Broadcast Tunnel ID : 0x1a
Broad BackupTunnel ID : 0x0
CKey :6
NKey :5
Stp Enable :0
PwIndex :0
Control Word : disable
Interface Name : Vlanif10

State : up
Access Port : false
Last Up Time : 2014/11/10 16:37:47
Total Up Time : 0 days, 0 hours, 1 minutes, 3 seconds
**PW Information:
*Peer Ip Address : 3.3.3.9

PW State : up
Local VC Label : 4096
Remote VC Label : 4096
Remote Control Word : disable
PW Type : label
Local VCCV : alert lsp-ping bfd
Remote VCCV : alert lsp-ping bfd
Tunnel ID : 0x1a
Broadcast Tunnel ID : 0x1a
Ckey : 0x6
Nkey : 0x5
Main PW Token : 0x1a
Slave PW Token : 0x0
Tnl Type : LSP
OutInterface : Vlanif20
Backup OutInterface :
Stp Enable :0
PW Last Up Time : 2014/11/10 16:38:47
PW Total Up Time : 0 days, 0 hours, 0 minutes, 3 seconds
CE1 (10.1.1.1) can ping CE2 (10.1.1.2) successfully.

[CE1] ping 10.1.1.2
PING 10.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=1 ms

Switches
--- 10.1.1.2 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms
----End
Configuration Files
● CE1 configuration file
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
#
return

#
sysname CE2
#
vlan batch 40
#
interface Vlanif40
ip address 10.1.1.2 255.255.255.0
#
#
return
● PE1 configuration file

#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface Vlanif10
l2 binding vsi a2
#
interface Vlanif20
ip address 168.1.1.1 255.255.255.0
mpls

Switches
mpls ldp
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 168.1.1.0 0.0.0.255
#
return
● P configuration file
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 168.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 169.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 168.1.1.0 0.0.0.255
network 169.1.1.0 0.0.0.255
#
return
#
sysname PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn

Switches
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.9
#
mpls ldp
#
remote-ip 1.1.1.9
#
interface Vlanif30
ip address 169.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
l2 binding vsi a2
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 169.1.1.0 0.0.0.255
#
return
7.18.2 Example for Configuring Kompella VPLS

Figure 7-32 shows a backbone network built by an enterprise. There are a large
number of branch sites on the backbone network (only two sites are shown in this
example). The network environment often changes. Site1 connects to PE1 through
CE1 and then connects to the backbone network. Site2 connects to PE2 through
CE2 and then connects to the backbone network. Users at Site1 and Site2 need to
communicate at Layer 2 and user information needs to be reserved when Layer 2
packets are transmitted over the backbone network.

Switches
Figure 7-32 Networking diagram for configuring Kompella VPLS

1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE0/0/2 GE0/0/2
VLANIF20 VLANIF30
168.1.1.1/24 169.1.1.1/24
PE1 PE2
GE0/0/1 GE0/0/1
VLANIF10 168.1.1.2/24 169.1.1.2/24 VLANIF40
GE0/0/1 GE0/0/1
VLANIF10 VLANIF40
10.1.1.1/24 10.1.1.2/24
CE1 CE2
2. Use Kompella VPLS to implement Layer 2 communication between CEs on an
enterprise network with many sites and complex network environments.
VPLS.
7. Enable BGP peers to exchange VPLS information between PEs, create a VSI on
each PE, specify BGP as the signaling protocol, specify the RD, VPN target,
and site of the VSI, and bind AC interfaces to VSIs to implement Kompella
VPLS.
Procedure
# Configure CE1. The configuration on PE1, P, PE2, and CE2 is similar to the CE1,

Switches
[CE1] vlan 10
[CE1-vlan10] quit
[CE1-Vlanif10] quit
NOTE

(LSR IDs) on PE1, P and PE2.
mentioned here.
[PE1] ospf 1
[PE1-ospf-1] quit

other.
Configure basic MPLS functions and LDP on PE1, P, and PE2.
mentioned here.
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-Vlanif20] mpls
[PE1-Vlanif20] quit
After the configuration is complete, run the display mpls ldp peer command on
PE1, P, and PE2, and you can see that peer relationships are established between
PE1 and P and between PE2 and P. Run the display mpls ldp session command
on PE1 and PE2, and you can see that an LDP session is set up between PE1 and
PE2. Run the display mpls lsp command to view the LSP status.
Step 4 Establish BGP peers and enable them to exchange VPLS information.
# Configure PE1.

Switches
[PE1] bgp 100

[PE1-bgp] peer 3.3.3.9 as-number 100
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
[PE1-bgp] vpls-family
[PE1-bgp-af-vpls] peer 3.3.3.9 enable
[PE1-bgp-af-vpls] quit
[PE1-bgp] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] quit
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
Step 6 Configure VSIs on the PEs.

NOTE
Site IDs at both ends of a VSI must be different.
# Configure PE1.
[PE1] vsi bgp1 auto
[PE1-vsi-bgp1] pwsignal bgp
[PE1-vsi-bgp1-bgp] route-distinguisher 168.1.1.1:1
[PE1-vsi-bgp1-bgp] vpn-target 100:1 import-extcommunity
[PE1-vsi-bgp1-bgp] vpn-target 100:1 export-extcommunity
[PE1-vsi-bgp1-bgp] site 1 range 5 default-offset 0
[PE1-vsi-bgp1-bgp] quit
[PE1-vsi-bgp1] quit
# Configure PE2.
[PE2] vsi bgp1 auto
[PE2-vsi-bgp1] quit
Step 7 Bind VSIs to the AC interfaces on PEs.
# Bind a VSI to VLANIF10 on PE1.

[PE1-Vlanif10] l2 binding vsi bgp1
[PE1-Vlanif10] quit

Switches

[PE2-Vlanif40] quit

# After the network becomes stable, run the display vsi name bgp1 verbose
command on PE1. You can see that a VSI named bgp1 has established a PW to
PE2, and the status of the VSI is Up.
[PE1] display vsi name bgp1 verbose
***VSI Name : bgp1

VSI Index :0
PW Signaling : bgp
Member Discovery Style : auto
MTU : 1500
Mpls Exp : --
DomainId : 255
Domain Name :
P2P VSI : disable
VSI State : up
BGP RD : 168.1.1.1:1
SiteID/Range/Offset : 1/5/0
Import vpn target : 100:1
Export vpn target : 100:1
Remote Label Block : 35840/5/0
Local Label Block : 0/35840/5/0

State : up
Access Port : false
Last Up Time : 2014/11/10 20:34:49
**PW Information:

PW State : up
PW Type : label
Tunnel ID : 0x31
Broadcast Tunnel ID : 0x31
Ckey : 0xe
Nkey : 0xd
Main PW Token : 0x31
Tnl Type : LSP
Stp Enable :0
PW Last Up Time : 2014/11/10 20:35:51
CE1 (10.1.1.1) can ping CE2 (10.1.1.2) successfully.

[CE1] ping 10.1.1.2

Switches


0.00% packet loss
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
return

#
sysname CE2
#
vlan batch 40
#
interface Vlanif40
ip address 10.1.1.2 255.255.255.0
#
#
return

#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi bgp1 auto
pwsignal bgp
route-distinguisher 168.1.1.1:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
site 1 range 5 default-offset 0
#
mpls ldp
#
interface Vlanif10

Switches
l2 binding vsi bgp1

#
interface Vlanif20
ip address 168.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.9 enable
#
vpls-family
policy vpn-target
peer 3.3.3.9 enable
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 168.1.1.0 0.0.0.255
#
return
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 168.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 169.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1

Switches
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 168.1.1.0 0.0.0.255
network 169.1.1.0 0.0.0.255
#
return

#
sysname PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi bgp1 auto
pwsignal bgp
#
mpls ldp
#
interface Vlanif30
ip address 169.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
l2 binding vsi bgp1
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.9 enable
#
vpls-family
policy vpn-target
peer 1.1.1.9 enable
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 169.1.1.0 0.0.0.255
#
return
7.18.3 Example for Configuring BGP AD VPLS

Switches
number of branch sites on the backbone network (only three sites are shown in
this example). The network environment often changes. Site1 connects to PE1
through CE1 and then connects to the backbone network. Site2 connects to PE2
through CE3 and then connects to the backbone network. Users at Site1, Site2,
and Site3 need to communicate at Layer 2 and user information needs to be
reserved when Layer 2 packets are transmitted over the backbone network.
NOTE
In this scenario, to avoid loops, ensure that all connected interfaces have STP disabled and
connected interfaces are removed from VLAN 1. If STP is enabled and VLANIF interfaces of
switches are used to construct a Layer 3 ring network, an interface on the network will be
blocked. As a result, Layer 3 services on the network cannot run normally.
Figure 7-33 Networking diagram for configuring BGP AD VPLS
CE2
GE0/0/1
VLANIF50
10.1.1.2/24
GE0/0/1
VLANIF50
PE2
GE0/0/2 GE0/0/3
VLANIF20 VLANIF40
168.1.2.2/24 169.1.3.1/24
Loopback1
2.2.2.9/32
Loopback1 Loopback1
1.1.1.9/32 3.3.3.9/32
GE0/0/2 GE0/0/3
VLANIF20 VLANIF40
168.1.2.1/24 169.1.3.2/24
PE1 PE3
GE0/0/3 GE0/0/2
GE0/0/1 VLANIF30 VLANIF30 GE0/0/1
VLANIF10 168.1.1.1/24 168.1.1.2/24 VLANIF60
GE0/0/1 GE0/0/1
VLANIF10 VLANIF60
10.1.1.1/24 10.1.1.3/24
CE1 CE3

Switches

network using VPLS to enable users at Site1, Site2, and Site3 to communicate
at Layer 2 and reserve user information when Layer 2 packets are transmitted
2. Use BGP AD VPLS to implement Layer 2 communication between CEs on an
VPLS.
and site of the VSI, and bind AC interfaces to VSIs to implement BGP AD
VPLS.
Procedure
# Configure CE1. The configuration on PE1, PE2, PE3, CE2, and CE3 is similar to
the CE1, and is not mentioned here.
[CE1] vlan 10
[CE1-vlan10] quit
[CE1-Vlanif10] quit
NOTE

(LSR IDs) on PE1, PE2, and PE3.
Configure OSPF on PE1, PE2, and PE3.
# Configure PE1. The configuration on PE2 and PE3 is similar to the PE1, and is
not mentioned here.
[PE1] ospf 1

Switches

[PE1-ospf-1] quit

on PE1, PE2, and PE3. You can view the routes learned by PE1, PE2, and PE3 from
each other.
Configure basic MPLS functions and LDP on PE1, PE2, and PE3.
# Configure PE1. The configuration on PE2 and PE3 is similar to the PE1, and is
not mentioned here.
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-Vlanif20] mpls
[PE1-Vlanif20] quit
[PE1-Vlanif30] mpls
[PE1-Vlanif30] quit
After the configuration is complete, run the display mpls ldp peer command on
PE1, PE2, and PE3. you can see that the peer relationship is established between
each pair of PE1, PE2, and PE3. Run the display mpls ldp session command on
PE1, PE2, and PE3, and you can see that an LDP session is set up between each
pair of PE1, PE2, and PE3. Run the display mpls lsp command to view the LSP
status.
Step 4 Enable BGP peers to exchange VPLS member information.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] l2vpn-ad-family
[PE1-bgp-af-l2vpn-ad] peer 2.2.2.9 enable
[PE1-bgp-af-l2vpn-ad] quit
[PE1-bgp] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] quit

Switches
# Configure PE3.
[PE3] bgp 100
[PE3-bgp] quit

# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
# Configure PE3.
[PE3] mpls l2vpn
[PE3-l2vpn] quit
Step 6 Configure VSIs on the PEs.

# Configure PE1.
[PE1] vsi vplsad1
[PE1-vsi-vplsad1] bgp-ad
[PE1-vsi-vplsad1-bgpad] vpls-id 168.1.1.1:1
[PE1-vsi-vplsad1-bgpad] vpn-target 100:1 import-extcommunity
[PE1-vsi-vplsad1-bgpad] vpn-target 100:1 export-extcommunity
[PE1-vsi-vplsad1-bgpad] quit
[PE1-vsi-vplsad1] quit
# Configure PE2.
[PE2] vsi vplsad1
# Configure PE3.
[PE3] vsi vplsad1
Step 7 Bind VSIs to the AC interfaces on PEs.

[PE1-Vlanif10] l2 binding vsi vplsad1
[PE1-Vlanif10] quit

Switches

[PE2-Vlanif50] quit

[PE3-Vlanif60] quit

# After the network becomes stable, run the display vsi name vplsad1 verbose
command on PE1, and you can see that the VSI named vplsad1 has established a
PW to PE2 and a PW to PE3, and the status of the VSI is Up. A PW is also
established between PE2 and PE3, and the status of the VSI is Up.
[PE1] display vsi name vplsad1 verbose
***VSI Name : vplsad1

VSI Index :0
PW Signaling : bgpad
Member Discovery Style : --
MTU : 1500
Mpls Exp : --
DomainId : 255
Domain Name :
P2P VSI : disable
VSI State : up
VPLS ID : 168.1.1.1:1
RD : 168.1.1.1:1
BGPAD VSI ID : 1.1.1.9

VPLS ID : 168.1.1.1:1
SAII : 1.1.1.9
TAII : 2.2.2.9
VC Label : 1024
Peer Type : dynamic
Session : up
Tunnel ID : 0x80003f
Broadcast Tunnel ID : 0x80003f
CKey :2
NKey :1

VPLS ID : 168.1.1.1:1
SAII : 1.1.1.9
TAII : 3.3.3.9
VC Label : 1025
Peer Type : dynamic
Session : up
Tunnel ID : 0x800033
CKey :4
NKey :3

Switches

State : up
Access Port : false
Last Up Time : 2012/07/06 15:54:46
**PW Information:

PW State : up
PW Type : label
Tunnel ID : 0x80003f
Broadcast Tunnel ID : 0x80003f
Ckey : 0x2
Nkey : 0x1
Main PW Token : 0x80003f
Tnl Type : LSP
Stp Enable :0
PW Last Up Time : 2012/07/06 16:18:23
PW State : up
PW Type : label
Tunnel ID : 0x800033
Ckey : 0x4
Nkey : 0x3
Tnl Type : LSP
Stp Enable :0
PW Last Up Time : 2012/07/06 15:56:46
# CE1, CE2, and CE3 can ping each other. The following is an example that CE1 at
10.1.1.1 pings CE2 at 10.1.1.2.
[CE1] ping 10.1.1.2

0.00% packet loss
----End

Switches
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
return
#
sysname CE2
#
vlan batch 50
#
interface Vlanif50
ip address 10.1.1.2 255.255.255.0
#
#
return
#
sysname CE3
#
vlan batch 60
#
interface Vlanif60
ip address 10.1.1.3 255.255.255.0
#
#
return
#
sysname PE1
#
vlan batch 10 20 30
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi vplsad1
bgp-ad
vpls-id 168.1.1.1:1
#
mpls ldp
#
interface Vlanif10
l2 binding vsi vplsad1
#

Switches
interface Vlanif20
ip address 168.1.2.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 168.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
l2vpn-ad-family
policy vpn-target
peer 2.2.2.9 enable
peer 3.3.3.9 enable
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 168.1.1.0 0.0.0.255
network 168.1.2.0 0.0.0.255
#
return
#
sysname PE2
#
vlan batch 20 40 50
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
#
vsi vplsad1
bgp-ad
vpls-id 168.1.1.1:1
#
mpls ldp
#
interface Vlanif20
ip address 168.1.2.2 255.255.255.0

Switches
mpls
mpls ldp
#
interface Vlanif40
ip address 169.1.3.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
#
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.9 enable
peer 3.3.3.9 enable
#
l2vpn-ad-family
policy vpn-target
peer 1.1.1.9 enable
peer 3.3.3.9 enable
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 168.1.2.0 0.0.0.255
network 169.1.3.0 0.0.0.255
#
return
#
sysname PE3
#
vlan batch 30 40 60
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi vplsad1
bgp-ad
vpls-id 168.1.1.1:1
#
mpls ldp
#
interface Vlanif30

Switches
ip address 168.1.1.2 255.255.255.0

mpls
mpls ldp
#
interface Vlanif40
ip address 169.1.3.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif60
#
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.9 enable
peer 2.2.2.9 enable
#
l2vpn-ad-family
policy vpn-target
peer 1.1.1.9 enable
peer 2.2.2.9 enable
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 168.1.1.0 0.0.0.255
network 169.1.3.0 0.0.0.255
#
return
7.18.4 Example for Configuring VPLS over TE in Martini Mode

Figure 7-34 shows a backbone network built by an enterprise. There are a few
branch sites on the backbone network. MPLS TE tunnels can be set up between
PEs. Site1 connects to PE1 through CE1 and then connects to the backbone
network. Site2 connects to PE2 through CE2 and then connects to the backbone
network. Users at Site1 and Site2 need to communicate at Layer 2 and user
information needs to be reserved when Layer 2 packets are transmitted over the
backbone network.

Switches
Figure 7-34 Networking diagram for configuring VPLS over TE in Martini mode
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE0/0/1 GE0/0/2
VLANIF20 VLANIF30
100.1.1.1/24 100.2.1.1/24
PE1 PE2
GE0/0/1 GE0/0/1
VLANIF10 100.1.1.2/24 100.2.1.2/24 VLANIF40
MPLS TE Tunnel
GE0/0/1 GE0/0/1
VLANIF10 VLANIF40
10.1.1.1/24 10.1.1.2/24
CE1 CE2
2. Use Martini VPLS to implement Layer 2 communication between CEs on an
enterprise network with few sites.
4. Configure MPLS and LDP on PEs on the backbone network and set up remote
LDP sessions on PEs to support VPLS.
7. Configure tunnel policies on PEs and apply the policies to VSIs to implement
VPLS based on MPLS TE tunnels.
8. Create VSIs on PEs, specify LDP as the signaling protocol, and bind VSIs to AC
interfaces to implement Martini VPLS.
Procedure
# Configure PE1. The configuration on P, PE2, CE1, and CE2 is similar to the PE1,
[HUAWEI] sysname PE1
[PE1] vlan batch 10 20

Switches
[PE1-Vlanif20] ip address 100.1.1.1 255.255.255.0

[PE1-Vlanif20] quit
[PE1] interface gigabitethernet 0/0/1
[PE1-GigabitEthernet0/0/1] port link-type trunk
[PE1-GigabitEthernet0/0/1] port trunk allow-pass vlan 20
[PE1-GigabitEthernet0/0/1] quit

(LSR IDs) on PE1, P, and PE2.
mentioned here.
[PE1] ospf 1
[PE1-ospf-1] quit

other.
Step 3 Enable MPLS, MPLS TE, MPLS RSVP-TE, and MPLS TE Constraint Shortest Path First
(CSPF).
Enable MPLS, MPLS TE, and MPLS RSVP-TE in the system view and interface view
of the nodes along the tunnel. In addition, enable MPLS TE CSPF on the ingress.
# Configure PE1.
[PE1] mpls
[PE1-mpls] mpls te
[PE1-mpls] mpls rsvp-te
[PE1-mpls] mpls te cspf
[PE1-mpls] quit
[PE1-Vlanif20] mpls
[PE1-Vlanif20] mpls te
[PE1-Vlanif20] mpls rsvp-te
[PE1-Vlanif20] quit
# Configure the P.
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] mpls te
[P-mpls] mpls rsvp-te
[P-mpls] quit
[P] interface vlanif 20
[P-Vlanif20] mpls
[P-Vlanif20] mpls te
[P-Vlanif20] mpls rsvp-te
[P-Vlanif20] quit

Switches

[P-Vlanif30] mpls
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] mpls te
[PE2-mpls] quit
[PE2-Vlanif30] mpls
[PE2-Vlanif30] quit
Step 4 Configure OSPF TE on the backbone network.

# Configure PE1.
[PE1] ospf
[PE1-ospf-1] opaque-capability enable
[PE1-ospf-1-area-0.0.0.0] mpls-te enable
[PE1-ospf-1] quit
# Configure P.
[P] ospf
[P-ospf-1] opaque-capability enable
[P-ospf-1] area 0.0.0.0
[P-ospf-1-area-0.0.0.0] mpls-te enable
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
[PE2] ospf
[PE2-ospf-1] quit
Step 5 Configure tunnel interfaces.

# Create tunnel interfaces on PEs and specify MPLS TE as the tunnel protocol and
RSVP-TE as the signaling protocol.
# Configure PE1.
[PE1] interface tunnel 1
[PE1-Tunnel1] ip address unnumbered interface loopback 1
[PE1-Tunnel1] tunnel-protocol mpls te
[PE1-Tunnel1] destination 3.3.3.9
[PE1-Tunnel1] mpls te tunnel-id 100
[PE1-Tunnel1] mpls te reserved-for-binding
[PE1-Tunnel1] mpls te commit
[PE1-Tunnel1] quit
# Configure PE2.

Switches

[PE2-Tunnel1] quit
After the configuration is complete, run the display this interface command in
the tunnel interface view. The command output shows that "Line protocol current
state" is Up. It indicates that the MPLS TE tunnel is set up successfully.
Run the display tunnel-info all command in the system view. You can see that
the TE tunnel whose destination address is the MPLS LSR ID of the peer PE exists.
The information displayed on PE1 is used as an example.
[PE1] display tunnel-info all
* -> Allocated VC Token
Tunnel ID Type Destination Token
----------------------------------------------------------------------
0x4 cr lsp 3.3.3.9 109
0x5 lsp 3.3.3.9 110
Step 6 Configure remote LDP sessions.

Set up a remote peer session between PE1 and PE2.
# Configure PE1.
[PE1] mpls ldp
[PE1-mpls-ldp] quit
# Configure PE2.
[PE2] mpls ldp
[PE2-mpls-ldp] quit
After the configuration is complete, an LDP session is successfully set up between

PEs.
[PE1] display mpls ldp session
LDP Session(s) in Public Network

Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
3.3.3.9:0 Operational DU Passive 0000:00:06 95/95
------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.
Step 7 Configure tunnel policies.

# Configure PE1.
[PE1] tunnel-policy policy1
[PE1-tunnel-policy-policy1] tunnel binding destination 3.3.3.9 te tunnel 1
[PE1-tunnel-policy-policy1] quit
# Configure PE2.

Switches


# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
Step 9 Create VSIs on PEs and configure tunnel policies.

# Configure PE1.
[PE1] vsi a2 static
[PE1-vsi-a2-ldp] peer 3.3.3.9 tnl-policy policy1
[PE1-vsi-a2] quit
# Configure PE2.
[PE2] vsi a2 static
[PE2-vsi-a2-ldp] peer 1.1.1.9 tnl-policy policy1
[PE2-vsi-a2] quit
Step 10 Bind interfaces on PEs to VSIs.

# Configure PE1.
[PE1-Vlanif10] quit
# Configure PE2.
[PE2-Vlanif40] quit

After the network becomes stable, run the display vsi name a2 verbose
command on PE1, and you can see that VSI a2 sets up a PW to PE2, and the
***VSI Name : a2
VSI Index :3
PW Signaling : ldp
MTU : 1500
Mpls Exp : --

Switches
DomainId : 255
Domain Name :
P2P VSI : disable
VSI State : up
VSI ID :2
VC Label : 1026
Peer Type : dynamic
Session : up
Tunnel ID : 0x4
Tunnel Policy Name : policy1
CKey :5
NKey :4
Stp Enable :0
PwIndex :0

State : up
Access Port : false
Last Up Time : 2012/08/20 15:11:06
**PW Information:

PW State : up
PW Type : label
Tunnel ID : 0x4
Ckey : 0x5
Nkey : 0x4
Main PW Token : 0x4
Tnl Type : CR-LSP
OutInterface : Tunnel1
Stp Enable :0
PW Last Up Time : 2012/08/20 15:12:16
Run the display mpls lsp include 3.3.3.9 32 verbose command on PE1 to view
the status of the LSP to 3.3.3.9/32.
[PE1] display mpls lsp include 3.3.3.9 32 verbose
-------------------------------------------------------------------------------
LSP Information: RSVP LSP
-------------------------------------------------------------------------------
No : 1
SessionID : 100
IngressLsrID : 1.1.1.9
LocalLspID : 1
Tunnel-Interface : Tunnel1
Fec : 3.3.3.9/32
TunnelTableIndex : 0x0

Switches
Nexthop : 100.1.1.2
In-Label : NULL
Out-Label : 1024
In-Interface : ----------
Out-Interface : Vlanif20
LspIndex : 2048
Token : 0x5
LsrType : Ingress
Mpls-Mtu : 1500
TimeStamp : 3141sec
Bfd-State : ---
CBfd-Event : 0x0
Bed-State : BED STOP
Bed-LastNotifyValue : ---
Bed-LastNotifyLspId : ---
Run the display vsi pw out-interface vsi a2 command on PE1. You can see that
the egress interface of the MPLS TE tunnel between 1.1.1.9 and 3.3.3.9 is Tunnel1,
and the actual egress interface is VLANIF 20.
[PE1] display vsi pw out-interface vsi a2
Total: 1
--------------------------------------------------------------------------------
Vsi Name peer vcid interface
--------------------------------------------------------------------------------
a2 3.3.3.9 2 Tunnel1
Vlanif20
CE1 and CE2 can ping each other.

[CE1] ping 10.1.1.2

0.00% packet loss
After CE1 pings CE2, run the display interface tunnel 1 command on the PE to
view the tunnel interface information, and you can see that the statistics about
the packets passing through the interface increase. The information displayed on
PE1 is used as an example.
[PE1] display interface tunnel 1
Tunnel1 current state : UP
Line protocol current state : UP
Last line protocol up time : 2012-08-20 14:50:22
Description:
Route Port,The Maximum Transmit Unit is 1500
Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32)
Encapsulation is TUNNEL, loopback not set
Tunnel destination 3.3.3.9
Tunnel up/down statistics 1
Tunnel protocol/transport MPLS/MPLS, ILM is available,
primary tunnel id is 0x5, secondary tunnel id is 0x0
Current system time: 2012-08-20 15:54:54+00:00
300 seconds output rate 0 bits/sec, 0 packets/sec
1249 packets output, 21526 bytes
0 output error
0 output drop

Switches
Input bandwidth utilization : 0%

Output bandwidth utilization : 0%
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
return

#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9 tnl-policy policy1
#
mpls ldp
#
remote-ip 3.3.3.9
#
interface Vlanif10
l2 binding vsi a2
#
interface Vlanif20
ip address 100.1.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
interface Tunnel1
ip address unnumbered interface LoopBack1

Switches
tunnel-protocol mpls te
destination 3.3.3.9
mpls te tunnel-id 100
mpls te reserved-for-binding
mpls te commit
#
ospf 1
opaque-capability enable
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 100.1.1.0 0.0.0.255
mpls-te enable
#
tunnel-policy policy1
tunnel binding destination 3.3.3.9 te Tunnel1
#
return
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
mpls te
mpls rsvp-te
#
interface Vlanif20
ip address 100.1.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif30
ip address 100.2.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 100.1.1.0 0.0.0.255
network 100.2.1.0 0.0.0.255
mpls-te enable
#
return
#
sysname PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls

Switches
mpls te
mpls rsvp-te
mpls te cspf
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.9 tnl-policy policy1
#
mpls ldp
#
remote-ip 1.1.1.9
#
interface Vlanif30
ip address 100.2.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40
l2 binding vsi a2
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
interface Tunnel1
destination 1.1.1.9
mpls te commit
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 100.2.1.0 0.0.0.255
mpls-te enable
#
#
return
#
sysname CE2
#
vlan batch 40
#
interface Vlanif40
ip address 10.1.1.2 255.255.255.0
#
#
return

Switches
7.18.5 Example for Configuring VPLS over TE in Kompella

Mode
number of branch sites on the backbone network (only two sites are shown in this
example). MPLS TE tunnels can be set up between PEs. Site1 connects to PE1
through CE2 and then connects to the backbone network. Users at Site1 and Site2
need to communicate at Layer 2 and user information needs to be reserved when
Layer 2 packets are transmitted over the backbone network.
Figure 7-35 Networking diagram for configuring VPLS over TE in Kompella mode
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE0/0/1 GE0/0/2
VLANIF20 VLANIF30
100.1.1.1/24 100.2.1.1/24
PE1 PE2
GE0/0/1 GE0/0/1
VLANIF10 100.1.1.2/24 100.2.1.2/24 VLANIF40
MPLS TE Tunnel
GE0/0/1 GE0/0/1
VLANIF10 VLANIF40
10.1.1.1/24 10.1.1.2/24
CE1 CE2
2. Use Kompella VPLS to implement Layer 2 communication between CEs on an
4. Configure MPLS on PEs on the backbone network to support VPLS.
7. Configure tunnel policies on PEs and apply the policies to VSIs to implement
VPLS based on MPLS TE tunnels.

Switches
and site of the VSI, and bind AC interfaces to VSIs to implement Kompella
VPLS.
Procedure
# Configure PE1. The configuration on P, PE2, CE1, and CE2 is similar to the PE1,
[HUAWEI] sysname PE1
[PE1] vlan batch 10 20
[PE1-Vlanif20] ip address 100.1.1.1 255.255.255.0
[PE1-Vlanif20] quit

(LSR IDs) on PE1, P, and PE2.
mentioned here.
[PE1] ospf 1
[PE1-ospf-1] quit

other.
Step 3 Enable MPLS, MPLS TE, MPLS RSVP-TE, and MPLS TE Constraint Shortest Path First
(CSPF).
Enable MPLS, MPLS TE, and MPLS RSVP-TE in the system view and interface view
of the nodes along the tunnel. In addition, enable MPLS TE CSPF on the ingress.
# Configure PE1.
[PE1] mpls
[PE1-mpls] mpls te

Switches
[PE1-mpls] quit
[PE1-Vlanif20] mpls
[PE1-Vlanif20] quit
# Configure the P.
[P] mpls
[P-mpls] mpls te
[P-mpls] mpls rsvp-te
[P-mpls] quit
[P-Vlanif20] mpls
[P-Vlanif20] quit
[P-Vlanif30] mpls
[P-Vlanif30] quit
# Configure PE2.
[PE2] mpls
[PE2-mpls] mpls te
[PE2-mpls] quit
[PE2-Vlanif30] mpls
[PE2-Vlanif30] quit
Step 4 Configure OSPF TE on the backbone network.
# Configure PE1.
[PE1] ospf
[PE1-ospf-1] quit
# Configure P.
[P] ospf
[P-ospf-1] opaque-capability enable
[P-ospf-1] area 0.0.0.0
[P-ospf-1-area-0.0.0.0] mpls-te enable
[P-ospf-1] quit
# Configure PE2.
[PE2] ospf
[PE2-ospf-1] quit
Step 5 Configure tunnel interfaces.

Switches
# Create tunnel interfaces on PEs and specify MPLS TE as the tunnel protocol and
RSVP-TE as the signaling protocol.
# Configure PE1.
[PE1-Tunnel1] quit
# Configure PE2.
[PE2-Tunnel1] quit
After the configuration is complete, run the display this interface command in
the tunnel interface view. The command output shows that "Line protocol current
state" is Up. It indicates that the MPLS TE tunnel is set up successfully.
Run the display tunnel-info all command in the system view. You can see that
the TE tunnel whose destination address is the MPLS LSR ID of the peer PE exists.
[PE1] display tunnel-info all
* -> Allocated VC Token
Tunnel ID Type Destination Token
----------------------------------------------------------------------
0x4 cr lsp 3.3.3.9 109
0x5 lsp 3.3.3.9 110
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] quit
Step 7 Configure tunnel policies.
# Configure PE1.

Switches

# Configure PE2.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
Step 9 Create VSIs on PEs and configure tunnel policies.

NOTE
Site IDs at both ends of a VSI must be different.
# Configure PE1.
[PE1] vsi bgp1 auto
[PE1-vsi-bgp1] tnl-policy policy1
[PE1-vsi-bgp1] quit
# Configure PE2.
[PE2] vsi bgp1 auto
[PE2-vsi-bgp1] tnl-policy policy1
[PE2-vsi-bgp1] quit
Step 10 Bind interfaces on PEs to VSIs.
# Configure PE1.
[PE1-Vlanif10] quit
# Configure PE2.
[PE2-Vlanif40] quit

Switches
After the network becomes stable, run the display vsi name bgp1 verbose
command on PE1, and you can see that VSI bgp1 sets up a PW to PE2, and the
[PE1] display vsi name bgp1 verbose
***VSI Name : bgp1

VSI Index :0
PW Signaling : bgp
Member Discovery Style : auto
MTU : 1500
Mpls Exp : --
DomainId : 255
Domain Name :
Tunnel Policy Name : policy1
P2P VSI : disable
VSI State : up
BGP RD : 100.1.1.1:1
SiteID/Range/Offset : 1/5/0
Local Label Block : 0/35840/5/0

State : up
Access Port : false
Last Up Time : 2018/08/20 20:34:49
**PW Information:

PW State : up
PW Type : label
Tunnel ID : 0x4
Ckey : 0x2
Nkey : 0x1
Main PW Token : 0x4
Tnl Type : CR-LSP
OutInterface : Tunnel1
Stp Enable :0
PW Last Up Time : 2018/08/20 20:35:51
Run the display vsi pw out-interface vsi bgp1 command on PE1. You can see
that the egress interface of the MPLS TE tunnel between 1.1.1.9 and 3.3.3.9 is
Tunnel1, and the actual egress interface is VLANIF 20.
[PE1] display vsi pw out-interface vsi bgp1
Total: 1
--------------------------------------------------------------------------------
Vsi Name peer vcid interface

Switches
--------------------------------------------------------------------------------
bgp1 3.3.3.9 2 Tunnel1
Vlanif20
CE1 and CE2 can ping each other.

[CE1] ping 10.1.1.2

0.00% packet loss
After CE1 pings CE2, run the display interface tunnel 1 command on the PE to
view the tunnel interface information, and you can see that the statistics about
the packets passing through the interface increase. The information displayed on
PE1 is used as an example.
[PE1] display interface tunnel 1
Tunnel1 current state : UP
Line protocol current state : UP
Last line protocol up time : 2018-08-20 14:50:22
Description:
Route Port,The Maximum Transmit Unit is 1500
Internet Address is unnumbered, using address of LoopBack1(1.1.1.9/32)
Encapsulation is TUNNEL, loopback not set
Tunnel destination 3.3.3.9
Tunnel up/down statistics 1
Tunnel protocol/transport MPLS/MPLS, ILM is available,
primary tunnel id is 0x5, secondary tunnel id is 0x0
Current system time: 2018-08-20 15:54:54+00:00
1249 packets output, 21526 bytes
0 output error
0 output drop
Input bandwidth utilization : 0%
Output bandwidth utilization : 0%
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
return

Switches
#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
mpls l2vpn
#
vsi bgp1 auto
pwsignal bgp
tnl-policy policy1
#
interface Vlanif10
l2 binding vsi bgp1
#
interface Vlanif20
ip address 100.1.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
interface Tunnel1
destination 3.3.3.9
mpls te commit
#
bgp 100
#
ipv4-family unicast
peer 3.3.3.9 enable
#
vpls-family
policy vpn-target
peer 3.3.3.9 enable
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 100.1.1.0 0.0.0.255
mpls-te enable
#

Switches

#
return
#
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
mpls te
mpls rsvp-te
#
interface Vlanif20
ip address 100.1.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif30
ip address 100.2.1.1 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 100.1.1.0 0.0.0.255
network 100.2.1.0 0.0.0.255
mpls-te enable
#
return
#
sysname PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
mpls te
mpls rsvp-te
mpls te cspf
#
mpls l2vpn
#
vsi bgp1 auto
pwsignal bgp
tnl-policy policy1
#

Switches
interface Vlanif30
ip address 100.2.1.2 255.255.255.0
mpls
mpls te
mpls rsvp-te
#
interface Vlanif40
l2 binding vsi bgp1
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
interface Tunnel1
destination 1.1.1.9
mpls te commit
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.9 enable
#
vpls-family
policy vpn-target
peer 1.1.1.9 enable
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 100.2.1.0 0.0.0.255
mpls-te enable
#
#
return

#
sysname CE2
#
vlan batch 40
#
interface Vlanif40
ip address 10.1.1.2 255.255.255.0
#
#
return

Switches
7.18.6 Example for Configuring LDP HVPLS
Figure 7-36 shows a backbone network built by an enterprise. Site1 connects to
the UPE through CE1 and then connects to the backbone network. Site2 connects
to the UPE through CE2 and then connects to the backbone network. Site3
connects to PE1 through CE3 and then connects to the backbone network. Users
at Site1, Site2, and Site3 need to communicate at Layer 2 and user information
needs to be reserved when Layer 2 packets are transmitted over the backbone
network. It is required that the UPE and SPE are at different layers of the
backbone network.
Figure 7-36 Networking diagram for configuring LDP HVPLS

Loopback1 Loopback1
2.2.2.9/32 3.3.3.9/32
SPE
Basic VPLS
GE0/0/1 full mesh
VLANIF30 PE1
100.1.1.2/24 GE0/0/2 GE0/0/1
VLANIF40 VLANIF40
Loopback1 100.2.1.1/24 100.2.1.2/24 GE0/0/2
1.1.1.9/32 VLANIF50
GE0/0/3
VLANIF30 GE0/0/1
UPE 100.1.1.1/24 VLANIF50
10.1.1.3/24
GE0/0/1 GE0/0/2
VLANIF10 VLANIF20 CE3
Site3
CE1 GE0/0/1 GE0/0/1 CE2

VLANIF10 VLANIF20
10.1.1.1/24 10.1.1.2/24
Site1 Site2

network using VPLS to enable users at Site1, Site2, and Site3 to communicate
at Layer 2 and reserve user information when Layer 2 packets are transmitted
2. Use LDP HVPLS to form a layered network topology and implement Layer 2
communication between CEs for an enterprise network.

Switches
VPLS.
7. Create VSIs on PEs, specify LDP as the signaling protocol, and bind the VSIs to
AC interfaces on the UPE and PE1 to implement LDP VPLS.
8. Specify the UPE as the underlayer PE on the SPE and specify PE1 as the VSI
peer, and specify the SPE as the VSI peer both on the UPE and PE1 to
implement HVPLS.
Procedure
# Configure CE1. The configuration on UPE, SPE, PE1, CE2, and CE3 is similar to
the CE1, and is not mentioned here.
[CE1] vlan 10
[CE1-vlan10] quit
[CE1-Vlanif10] quit
Configure VLANs that interfaces belong to and assign IP addresses to interfaces on

other Switches by referring to Figure 7-36. The configuration is similar to the
configuration of CE1, and is not mentioned here.
NOTE

When configuring OSPF, you need to advertise 32-bit loopback interface addresses
(LSR IDs) of the UPE, SPE, and PE1.
Configure OSPF on the UPE, SPE, and PE1.
# Configure the UPE. The configuration on SPE and PE1 is similar to the UPE, and
is not mentioned here.
[UPE] interface loopback 1
[UPE-LoopBack1] ip address 1.1.1.9 255.255.255.255
[UPE-LoopBack1] quit
[UPE] ospf 1
[UPE-ospf-1] area 0.0.0.0
[UPE-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[UPE-ospf-1-area-0.0.0.0] network 100.1.1.0 0.0.0.255
[UPE-ospf-1-area-0.0.0.0] quit
[UPE-ospf-1] quit

Switches

on the UPE, SPE, and PE1. You can see that the UPE, SPE, and PE1 have learned
the addresses of the loopback interfaces from each other.
Configure basic MPLS functions and LDP on the UPE, SPE, and PE1.
# Configure the UPE. The configuration on SPE and PE1 is similar to the UPE, and
is not mentioned here.
[UPE] mpls lsr-id 1.1.1.9
[UPE] mpls
[UPE-mpls] quit
[UPE] mpls ldp
[UPE-mpls-ldp] quit
[UPE] interface vlanif 30
[UPE-Vlanif30] mpls
[UPE-Vlanif30] mpls ldp
[UPE-Vlanif30] quit
on the UPE, SPE, and PE1, and you can see that the "Status"of the peer
relationship between the UPE and the SPE or between PE1 and the SPE is
"Operational", which indicates that the peer relationship has been established.
Step 4 Enable MPLS L2VPN and configure a VSI.
# Configure the UPE.

[UPE] mpls l2vpn
[UPE-l2vpn] quit
[UPE] vsi v123 static
[UPE-vsi-v123] pwsignal ldp
[UPE-vsi-v123-ldp] vsi-id 123
[UPE-vsi-v123-ldp] peer 2.2.2.9
[UPE-vsi-v123-ldp] quit
[UPE-vsi-v123] quit
# Configure the SPE.

[SPE] mpls l2vpn
[SPE-l2vpn] quit
[SPE] vsi v123 static
[SPE-vsi-v123] pwsignal ldp
[SPE-vsi-v123-ldp] vsi-id 123
[SPE-vsi-v123-ldp] peer 3.3.3.9
[SPE-vsi-v123-ldp] peer 1.1.1.9 upe
[SPE-vsi-v123-ldp] quit
[SPE-vsi-v123] quit
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1] vsi v123 static
[PE1-vsi-v123] pwsignal ldp
[PE1-vsi-v123-ldp] vsi-id 123
[PE1-vsi-v123-ldp] peer 2.2.2.9
[PE1-vsi-v123-ldp] quit
[PE1-vsi-v123] quit
Step 5 Bind VSIs to interfaces on the UPE and PE1.
# Configure the UPE.

Switches

[UPE-Vlanif10] l2 binding vsi v123
[UPE-Vlanif10] quit
[UPE-Vlanif20] l2 binding vsi v123
[UPE-Vlanif20] quit
# Configure PE1.
[PE1-Vlanif50] l2 binding vsi v123
[PE1-Vlanif50] quit
After the network becomes stable, run the display vsi name v123 verbose
command on the SPE, and you can see that the status of the VSI named v123 is
Up, and the status of the corresponding PW is also Up.
[SPE] display vsi name v123 verbose
***VSI Name : v123

VSI Index :0
PW Signaling : ldp
MTU : 1500
Mpls Exp : --
DomainId : 255
Domain Name :
P2P VSI : disable
VSI State : up
VSI ID : 123
Negotiation-vc-id : 123
VC Label : 4096
Peer Type : dynamic
Session : up
Tunnel ID : 0x1c5
Broadcast Tunnel ID : 0x1c5
CKey :9
NKey :3
Stp Enable :0
PwIndex :0
VC Label : 4097
Peer Type : dynamic
Session : up
Tunnel ID : 0x1c3
CKey :5
NKey : 12
Stp Enable :0
PwIndex :0

Switches
**PW Information:

PW State : up
PW Type : MEHVPLS
Tunnel ID : 0x1c3
Ckey : 0x5
Nkey : 0xc
Main PW Token : 0x1c3
Tnl Type : LSP
Stp Enable :0
PW Last Up Time : 2014/11/12 11:34:08
PW State : up
PW Type : label
Tunnel ID : 0x1c5
Ckey : 0x9
Nkey : 0x3
Main PW Token : 0x1c5
Tnl Type : LSP
Stp Enable :0
PW Last Up Time : 2014/11/12 11:34:18
CE1, CE2, and CE3 can ping each other. After you run the shutdown command on
the interface (to which the VSI is bound) of the UPE or PE1, CE2 and CE3 cannot
ping each other. This indicates that data is transmitted through the PW of this VSI.
----End
Configuration Files
● UPE configuration file
#
sysname UPE
#
vlan batch 10 20 30
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi v123 static
pwsignal ldp

Switches
vsi-id 123
peer 2.2.2.9
#
mpls ldp
#
interface Vlanif10
l2 binding vsi v123
#
interface Vlanif20
l2 binding vsi v123
#
interface Vlanif30
ip address 100.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 100.1.1.0 0.0.0.255
#
return
● SPE configuration file
#
sysname SPE
#
vlan batch 30 40
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
#
vsi v123 static
pwsignal ldp
vsi-id 123
peer 3.3.3.9
peer 1.1.1.9 upe
#
mpls ldp
#
interface Vlanif30
ip address 100.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 100.2.1.1 255.255.255.0
mpls
mpls ldp
#

Switches
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 100.1.1.0 0.0.0.255
network 100.2.1.0 0.0.0.255
#
return
#
sysname PE1
#
vlan batch 40 50
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi v123 static
pwsignal ldp
vsi-id 123
peer 2.2.2.9
#
mpls ldp
#
interface Vlanif40
ip address 100.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
l2 binding vsi v123
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 100.2.1.0 0.0.0.255
#
return
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#

Switches

#
return

#
sysname CE2
#
vlan batch 20
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
#
#
return

#
sysname CE3
#
vlan batch 50
#
interface Vlanif50
ip address 10.1.1.3 255.255.255.0
#
#
return
7.18.7 Example for Configuring Interworking Between LDP

VPLS and BGP AD VPLS in HVPLS Mode
As shown in Figure 7-37, PE1 and PE2 support LDP VPLS, PE4 and PE5 support
BGP AD VPLS, and PE3 supports both LDP VPLS and BGP AD VPLS. It is required
that interworking between LDP VPLS and BGP AD VPLS be configured in HVPLS
mode for CE1 and CE2 to communicate.
The specific pseudo wire (PW) deployment requirements are as follows:

● Establish an LDP PW from PE1 to PE2 and from PE1 to PE3.
● Establish an LDP PW from PE2 to PE1 and from PE2 to PE3.
● Establish an LDP PW from PE3 to PE1 and from PE3 to PE2. Establish a BGP
AD PW from PE3 to PE4 and from PE3 to PE5.
● Establish a BGP AD PW from PE4 to PE3 and from PE4 to PE5.
● Establish a BGP AD PW from PE5 to PE3 and from PE5 to PE4.
NOTE

Switches
Figure 7-37 Interworking between LDP VPLS and BGP AD VPLS in HVPLS mode
GE0/0/2 PE3 PE5 CE2

GE0/0/2 GE0/0/1 GE0/0/3
PE2
GE0/0/1 GE0/0/3
GE0/0/1 GE0/0/2
/4
LDP BGP AD
GE
/0
E0
VPLS VPLS
0
/0
G
/3
GE0/0/1
GE0/0/2 GE0/0/3 GE0/0/2
PE1
PE4
Loopback1
GE0/0/3
Loopback1
GE0/0/1
CE1
Switch Interface VLANIF IP Address

Interface
PE1 Loopback1 - 1.1.1.9/32
PE1 GE0/0/1 VLANIF20 192.168.1.1/24
PE1 GE0/0/2 VLANIF40 192.168.2.1/24
PE1 GE0/0/3 VLANIF10 -
PE2 Loopback1 - 2.2.2.9/32
PE2 GE0/0/1 VLANIF20 192.168.1.2/24
PE2 GE0/0/2 VLANIF30 192.168.3.1/24
PE3 Loopback1 - 3.3.3.9/32
PE3 GE0/0/1 VLANIF50 192.168.4.2/24
PE3 GE0/0/2 VLANIF30 192.168.3.2/24
PE3 GE0/0/3 VLANIF60 192.168.5.2/24
PE3 GE0/0/4 VLANIF40 192.168.2.2/24

Switches
Switch Interface VLANIF IP Address

Interface
PE4 Loopback1 - 4.4.4.9/32
PE4 GE0/0/2 VLANIF70 192.168.6.2/24
PE4 GE0/0/3 VLANIF60 192.168.5.1/24
PE5 Loopback1 - 5.5.5.9/32
PE5 GE0/0/1 VLANIF50 192.168.4.1/24
PE5 GE0/0/2 VLANIF70 192.168.6.1/24
PE5 GE0/0/3 VLANIF80 -
CE1 GE0/0/1 VLANIF10 192.168.10.1/24
CE2 GE0/0/3 VLANIF80 192.168.10.2/24
1. Configure an IP address and a routing protocol for each interface so that all
PEs can communicate at the network layer.
2. Configure Multiprotocol Label Switching (MPLS) and public tunnels.
3. Configure PE1, PE2, and PE3 to form an LDP VPLS network.
NOTE
When you configure LDP PWs from PE3 to PE1 and PE2, specify peers as user provider
edges (UPEs).
4. Configure PE3, PE4, and PE5 to form a BGP AD VPLS network.
Procedure
Step 1 Configure an IP address and a routing protocol for each interface on the backbone
network so that PEs can communicate at the network layer.
This example uses OSPF as the routing protocol. For details about specific
configurations, see the following configuration files.

on PEs to verify that the PEs have learned each other's loopback interface IP
address.
Step 2 Configure MPLS and public tunnels.

Switches
This example uses LDP LSPs as public tunnels. For details about specific
configurations, see the following configuration files.
on PEs to verify that peer relationships have been established; run the display
mpls lsp command to verify that LSPs have been established.
Step 3 Configure PE1, PE2, and PE3 to form an LDP VPLS network.
# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
[PE1] vsi vsi1 static
[PE1-vsi-vsi1] pwsignal ldp
[PE1-vsi-vsi1-ldp] vsi-id 1
[PE1-vsi-vsi1-ldp] peer 2.2.2.9
[PE1-vsi-vsi1-ldp] quit
[PE1-vsi-vsi1] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
[PE2] vsi vsi1 static
[PE2-vsi-vsi1] quit
# Configure PE3.
[PE3] mpls l2vpn
[PE3-l2vpn] quit
[PE3] vsi vsi1
[PE3-vsi-vsi1-ldp] peer 1.1.1.9 upe
[PE3-vsi-vsi1-ldp] peer 2.2.2.9 upe
[PE3-vsi-vsi1] quit
# On PE1, bind the attachment circuit (AC) interface to the VSI.

[PE1-Vlanif10] l2 binding vsi vsi1
[PE1-Vlanif10] quit
Step 4 Configure PE3, PE4, and PE5 to form a BGP AD VPLS network.
1. Enable BGP peers to exchange VPLS information.
# Configure PE3.
[PE3] bgp 100
[PE3-bgp] peer 4.4.4.9 connect-interface loopback1
[PE3-bgp] quit
# Configure PE4.

Switches
<PE4> system-view
[PE4] bgp 100
[PE4-bgp] quit
# Configure PE5.
<PE5> system-view
[PE5] bgp 100
[PE5-bgp] quit
2. Create VSIs and configure the BGP AD signaling.

# Configure PE3.
[PE3] vsi vsi1
[PE3-vsi-vsi1] bgp-ad
[PE3-vsi-vsi1-bgpad] vpls-id 192.168.0.0:1
[PE3-vsi-vsi1-bgpad] vpn-target 100:1 import-extcommunity
[PE3-vsi-vsi1-bgpad] vpn-target 100:1 export-extcommunity
[PE3-vsi-vsi1-bgpad] quit
[PE3-vsi-vsi1] quit
NOTE
On PE3, the LDP and BGP AD PWs must be configured in the same VSI.
# Configure PE4.
[PE4] mpls l2vpn
[PE4-l2vpn] quit
[PE4] vsi vsi1
[PE4-vsi-vsi1] quit
# Configure PE5.
[PE5] mpls l2vpn
[PE5-l2vpn] quit
[PE5] vsi vsi1
[PE5-vsi-vsi1] quit
3. # On PE5, bind the AC interface to the VSI.

[PE5-Vlanif80] l2 binding vsi vsi1
[PE5-Vlanif80] quit

Switches
Step 5 Configure CEs.

# Configure CE1.
[CE1-Vlanif10] quit
# Configure CE2.
[CE2-Vlanif80] quit
Step 6 Verify the configuration, Ping CE2 from CE1. The command output shows that the
ping is successful.
[CE1] ping 192.168.10.2
--- 192.168.10.2 ping statistics ---

0.00% packet loss
----End
Configuration Files
#
sysname PE1
#
vlan batch 10 20 40
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi vsi1 static
pwsignal ldp
vsi-id 1
peer 2.2.2.9
peer 3.3.3.9
#
mpls ldp
#
interface Vlanif10
l2 binding vsi vsi1
#
interface Vlanif20
ip address 192.168.1.1 255.255.255.0
mpls

Switches
mpls ldp
#
interface Vlanif40
ip address 192.168.2.1 255.255.255.0
mpls
mpls ldp
#
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
return
#
sysname PE2
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
#
vsi vsi1 static
pwsignal ldp
vsi-id 1
peer 1.1.1.9
peer 3.3.3.9
#
mpls ldp
#
interface Vlanif20
ip address 192.168.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 192.168.3.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#

Switches
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.3.0 0.0.0.255
#
return
#
sysname PE3
#
vlan batch 30 40 50 60
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi vsi1
pwsignal ldp
vsi-id 1
peer 1.1.1.9 upe
peer 2.2.2.9 upe
bgp-ad
vpls-id 192.168.0.0:1
#
mpls ldp
#
interface Vlanif30
ip address 192.168.3.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 192.168.2.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
ip address 192.168.4.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif60
ip address 192.168.5.2 255.255.255.0
mpls
mpls ldp
#
#
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#

Switches
bgp 100
#
ipv4-family unicast
peer 4.4.4.9 enable
peer 5.5.5.9 enable
#
l2vpn-ad-family
policy vpn-target
peer 4.4.4.9 enable
peer 5.5.5.9 enable
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 192.168.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
network 192.168.4.0 0.0.0.255
network 192.168.5.0 0.0.0.255
#
return
#
sysname PE4
#
vlan batch 60 70
#
mpls lsr-id 4.4.4.9
mpls
#
mpls l2vpn
#
vsi vsi1
bgp-ad
vpls-id 192.168.0.0:1
#
mpls ldp
#
interface Vlanif60
ip address 192.168.5.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif70
ip address 192.168.6.2 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 4.4.4.9 255.255.255.255
#
bgp 100

Switches

#
ipv4-family unicast
peer 3.3.3.9 enable
peer 5.5.5.9 enable
#
l2vpn-ad-family
policy vpn-target
peer 3.3.3.9 enable
peer 5.5.5.9 enable
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 192.168.5.0 0.0.0.255
network 192.168.6.0 0.0.0.255
#
return
#
sysname PE5
#
vlan batch 50 70 80
#
mpls lsr-id 5.5.5.9
mpls
#
mpls l2vpn
#
vsi vsi1
bgp-ad
vpls-id 192.168.0.0:1
#
mpls ldp
#
interface Vlanif50
ip address 192.168.4.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif70
ip address 192.168.6.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif80
l2 binding vsi vsi1
#
#
#
#
interface LoopBack1
ip address 5.5.5.9 255.255.255.255
#
bgp 100

Switches

#
ipv4-family unicast
peer 3.3.3.9 enable
peer 4.4.4.9 enable
#
l2vpn-ad-family
policy vpn-target
peer 3.3.3.9 enable
peer 4.4.4.9 enable
#
ospf 1
area 0.0.0.0
network 5.5.5.9 0.0.0.0
network 192.168.4.0 0.0.0.255
network 192.168.6.0 0.0.0.255
#
return

#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
#
#
return

#
sysname CE2
#
vlan batch 80
#
interface Vlanif80
ip address 192.168.10.2 255.255.255.0
#
#
return
7.18.8 Example for Configuring Static VLLs to Access a VPLS

Network
Figure 7-38 shows a backbone network built by an enterprise. UPEs do not
support dynamic VLLs, and access SPEs through static VLLs. Site1 connects to
UPE1 through CE1 and then connects to the backbone network. Site2 connects to
UPE2 through CE2 and then connects to the backbone network. Users at Site1 and
Site2 need to communicate at Layer 2 and user information needs to be reserved
when Layer 2 packets are transmitted over the backbone network.

Switches
Figure 7-38 Networking diagram for configuring static VLLs to access a VPLS
network
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE0/0/1 GE0/0/1
VLANIF30 VLANIF40
100.1.1.1/24 100.1.2.2/24
SPE1 SPE2
GE0/0/1 GE0/0/2
VLANIF20 100.1.1.2/24 100.1.2.1/24 VLANIF50
100.1.3.1/24 100.1.4.1/24
Loopback1 Loopback1
4.4.4.9/32 GE0/0/1 GE0/0/1 5.5.5.9/32
VLANIF20 VLANIF50
100.1.3.2/24 100.1.4.2/24
UPE1 UPE2
GE0/0/2 GE0/0/2
VLANIF10 VLANIF60
GE0/0/1 GE0/0/1
VLANIF10 VLANIF60
10.1.1.1/24 10.1.1.2/24
CE1 CE2

2. Use Martini VPLS to implement Layer 2 communication between CEs based
on enterprise network planning requirements.
3. Configure the IGP routing protocol on the UPEs, SPEs, and P to implement
4. Configure MPLS and LDP on the SPEs and P to support VPLS.
being known by the public network, including dynamic LSPs between SPEs
and static LSPs between UPEs and SPEs.
7. Establish VLLs between UPEs and SPEs in SVC mode, configure static VLLs and
VSIs on SPEs, enable MAC-withdraw on VSIs, and configure static VLLs on
UPEs for accessing SPEs.
8. Create VSIs on SPEs, specify LDP as the signaling protocol, and bind the VSIs
to AC interfaces to implement Martini VPLS.

Switches
Procedure
# Configure CE1. The configuration on UPE1, UPE2, SPE1, SPE2, P, and CE2 is
similar to the CE1, and is not mentioned here.
[CE1] vlan 10
[CE1-vlan10] quit
[CE1-Vlanif10] quit
NOTE

Configure the IP address of the loopback interface on UPE1, UPE2, SPE1, SPE2,
and P.
# Configure SPE1. The configuration on UPE1, UPE2, SPE2, and P is similar to the
SPE1, and is not mentioned here.
[SPE1] interface loopback 1
[SPE1-LoopBack1] ip address 1.1.1.9 255.255.255.255
[SPE1-LoopBack1] quit
Configure OSPF on SPEs and P to advertise the network segment and the host
routes of LSR IDs.
# Configure SPE1.
[SPE1] ospf
[SPE1-ospf-1] area 0
[SPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[SPE1-ospf-1-area-0.0.0.0] quit
[SPE1-ospf-1] quit
# Configure the P.
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1] quit
# Configure SPE2.
[SPE2] ospf

Switches

[SPE2-ospf-1] quit
# Configure UPE1.
[UPE1] ospf
[UPE1-ospf-1] area 0
[UPE1-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0
[UPE1-ospf-1-area-0.0.0.0] quit
[UPE1-ospf-1] quit
# Configure UPE2.
[UPE2] ospf
[UPE2-ospf-1] quit

other.
Configure basic MPLS functions and LDP on SPE1, P, and SPE2.
# Configure SPE1.
[SPE1] mpls lsr-id 1.1.1.9
[SPE1] mpls
[SPE1-mpls] quit
[SPE1] mpls ldp
[SPE1-mpls-ldp] quit
[SPE1] interface vlanif 30
[SPE1-Vlanif30] mpls
[SPE1-Vlanif30] mpls ldp
[SPE1-Vlanif30] quit
# Configure the P.
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit
[P-Vlanif40] mpls
[P-Vlanif40] quit
# Configure SPE2.
[SPE2] mpls
[SPE2-mpls] quit
[SPE2] mpls ldp

Switches

on SPE1, P, and SPE2. you can see that the status of the peer relationship between
SPE1 and P or between SPE2 and P is Operational, which indicates that the peer
relationship is established. Run the display mpls lsp command to view the LSP
status.
The information displayed on SPE1 is used as an example.
[SPE1] display mpls ldp session

------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
[SPE1] display mpls lsp
Flag after Out IF: (I) - LSP Is Only Iterated by RLFA

-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
1.1.1.9/32 3/NULL -/-
2.2.2.9/32 NULL/3 -/Vlanif30
2.2.2.9/32 4096/3 -/Vlanif30
3.3.3.9/32 NULL/4097 -/Vlanif30
3.3.3.9/32 4097/4097 -/Vlanif30
Step 4 Set up remote LDP sessions between SPEs.

# Configure SPE1.
[SPE1] mpls ldp remote-peer 3.3.3.9
[SPE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
[SPE1-mpls-ldp-remote-3.3.3.9] quit
# Configure SPE2.
on SPE1 and SPE2. you can see that the status of the peer relationship between
SPE1 and SPE2 is Operational, which indicates that the peer relationship is
established.
The information displayed on SPE1 is used as an example.
[SPE1] display mpls ldp session

------------------------------------------------------------------------------

Switches

------------------------------------------------------------------------------
------------------------------------------------------------------------------
Step 5 Establish static LSPs between UPEs and SPEs.

# Configure UPE1.
[UPE1] mpls lsr-id 4.4.4.9
[UPE1] mpls
[UPE1-mpls] quit
[UPE1] interface vlanif 20
[UPE1-Vlanif20] mpls
[UPE1-Vlanif20] quit
[UPE1] static-lsp ingress UPE1toSPE1 destination 1.1.1.9 32 nexthop 100.1.3.1 out-label 20
[UPE1] static-lsp egress SPE1toUPE1 incoming-interface vlanif 20 in-label 30
# Configure UPE2.
[UPE2] mpls
[UPE2-mpls] quit
[UPE2] static-lsp ingress UPE2toSPE2 destination 3.3.3.9 32 nexthop 100.1.4.1 out-label 40
[UPE2] static-lsp egress SPE2toUPE2 incoming-interface vlanif 50 in-label 50
# Configure SPE1.
[SPE1] static-lsp ingress SPE1toUPE1 destination 4.4.4.9 32 nexthop 100.1.3.2 out-label 30
[SPE1] static-lsp egress UPE1toSPE1 incoming-interface vlanif 20 in-label 20
# Configure SPE2.
[SPE2] static-lsp ingress SPE2toUPE2 destination 5.5.5.9 32 nexthop 100.1.4.2 out-label 50
[SPE2] static-lsp egress UPE2toSPE2 incoming-interface vlanif 50 in-label 40
Step 6 Enable MPLS L2VPN on UPEs and configure the UPEs to access SPEs through static
VLLs.
# Configure UPE1.
[UPE1] mpls l2vpn
[UPE1-l2vpn] quit
[UPE1-Vlanif10] mpls static-l2vc destination 1.1.1.9 transmit-vpn-label 100 receive-vpn-label 100
# Configure UPE2.
[UPE2] mpls l2vpn
[UPE2-l2vpn] quit
[UPE2-Vlanif60] mpls static-l2vc destination 3.3.3.9 transmit-vpn-label 100 receive-vpn-label 100
Step 7 Enable MPLS L2VPN and configure VSIs on SPEs.

# Configure SPE1.
[SPE1] mpls l2vpn
[SPE1-l2vpn] quit
[SPE1] vsi V100 static
[SPE1-vsi-V100] pwsignal ldp
[SPE1-vsi-V100-ldp] vsi-id 100

Switches
[SPE1-vsi-V100-ldp] mac-withdraw enable

[SPE1-vsi-V100-ldp] peer 3.3.3.9
[SPE1-vsi-V100-ldp] peer 4.4.4.9 static-upe trans 100 recv 100
[SPE1-vsi-V100-ldp] quit
[SPE1-vsi-V100] quit
# Configure SPE2.
[SPE2] mpls l2vpn
[SPE2-l2vpn] quit
[SPE2] vsi V100 static
[SPE2-vsi-V100] pwsignal ldp
[SPE2-vsi-V100-ldp] vsi-id 100
[SPE2-vsi-V100-ldp] mac-withdraw enable
[SPE2-vsi-V100-ldp] peer 1.1.1.9
[SPE2-vsi-V100-ldp] peer 5.5.5.9 static-upe trans 100 recv 100
[SPE2-vsi-V100-ldp] quit
[SPE2-vsi-V100] quit

After the configurations are complete, run the display mpls static-l2vc on UPEs.
you can see that static VLLs are established and the VC status is Up. The
information displayed on UPE1 is used as an example.
[UPE1] display mpls static-l2vc interface vlanif 10
*Client Interface : Vlanif10 is up
AC Status : up
VC State : up
VC ID :0
VC Type : VLAN
Destination : 1.1.1.9
Transmit VC Label : 100
Receive VC Label : 100
Label Status :0
Token Status :0
Control Word : Disable
VCCV Capabilty : alert ttl lsp-ping bfd
active state : active
Link State : up
Tunnel Policy : --
PW Template Name : --
Main or Secondary : Main
load balance type : flow
Access-port : false
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL Type : lsp , TNL ID : 0x2
Backup TNL Type : lsp , TNL ID : 0x0
Create time : 0 days, 0 hours, 1 minutes, 4 seconds
UP time : 0 days, 0 hours, 1 minutes, 4 seconds
Last change time : 0 days, 0 hours, 1 minutes, 4 seconds
VC last up time : 2014/11/13 14:07:19
VC total up time : 0 days, 0 hours, 1 minutes, 4 seconds
CKey :4
NKey :3
Service Class : be
Color : --
DomainId : --
Domain Name : --
BFD for PW : unavailable
Run the display vsi name V100 command on SPEs, and you can see that the VSI
named v100 is in Up state and the PW is also in Up state. The information
displayed on SPE1 is used as an example.
[SPE1] display vsi name V100 verbose
***VSI Name : V100

Switches
VSI Index :0
PW Signaling : ldp
MTU : 1500
Mpls Exp : --
DomainId : 255
Domain Name :
P2P VSI : disable
VSI State : up
VSI ID : 100
LDP MAC-WITHDRAW : mac-withdraw Enable
VC Label : 4098
Peer Type : dynamic
Session : up
Tunnel ID : 0x8c
Broadcast Tunnel ID : 0x8c
CKey : 13
NKey : 14
Stp Enable :0
PwIndex :0
VC Label : 100
Peer Type : static
Tunnel ID : 0x8e
Broadcast Tunnel ID : 0x8e
CKey : 19
NKey : 20
Stp Enable :0
PwIndex :0
**PW Information:

PW State : up
PW Type : MEHVPLS
Tunnel ID : 0x8e
Broadcast Tunnel ID : 0x8e
Ckey : 0x13
Nkey : 0x14
Main PW Token : 0x8e
Tnl Type : LSP

Switches
Stp Enable :0
PW Last Up Time : 2014/11/13 14:06:25
PW State : up
PW Type : label
Tunnel ID : 0x8c
Broadcast Tunnel ID : 0x8c
Ckey : 0xd
Nkey : 0xe
Main PW Token : 0x8c
Tnl Type : LSP
Stp Enable :0
PW Last Up Time : 2014/11/13 14:06:26
CE1 and CE2, which reside in the same network segment, can ping each other.
[CE1] ping 10.1.1.2

0.00% packet loss
After you run the shutdown command on VLANIF 10 (to which the VSI is bound)
of UPE1, CE1 and CE2 cannot ping each other successfully. This indicates that data
is transmitted through the PW of this VSI.
Before GigabitEthernet0/0/2 of SPE1 is shut down, view the MAC address table
learned by the VSI on the SPE2 (only the dynamic MAC address of the VSI named
V100 is provided here).
[SPE2] display mac-address vsi V100
-------------------------------------------------------------------------------
MAC Address VLAN/VSI Learned-From Type
-------------------------------------------------------------------------------
0044-0141-5411 -/V100 GE0/0/1 dynamic
4c1f-cc64-a1a0 -/V100 GE0/0/2 dynamic
-------------------------------------------------------------------------------
Total items displayed = 2
After GigabitEthernet0/0/2 of SPE1 is shut down, set the status of the VSI bound
to the static VLL to Down. View the MAC address table learned by the VSI on
SPE2, and you can see that the MAC address learned from GigabitEthernet0/0/2
has been deleted.
[SPE1] interface gigabitethernet 0/0/2
[SPE1-GigabitEthernet0/0/2] shutdown
[SPE1-GigabitEthernet0/0/2] quit

Switches
[SPE2] display mac-address vsi V100

-------------------------------------------------------------------------------
MAC Address VLAN/VSI Learned-From Type
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Total items displayed = 0
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
return

#
sysname CE2
#
vlan batch 60
#
interface Vlanif60
ip address 10.1.1.2 255.255.255.0
#
#
return
● UPE1 configuration file

#
sysname UPE1
#
vlan batch 10 20
#
mpls lsr-id 4.4.4.9
mpls
#
mpls l2vpn
#
interface Vlanif10
mpls static-l2vc destination 1.1.1.9 transmit-vpn-label 100 receive-vpn-label 100
#
interface Vlanif20
ip address 100.1.3.2 255.255.255.0
mpls
#
#
#

Switches
interface LoopBack1
ip address 4.4.4.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 100.1.3.0 0.0.0.255
#
static-lsp ingress UPE1toSPE1 destination 1.1.1.9 32 nexthop 100.1.3.1 out-label 20
static-lsp egress SPE1toUPE1 incoming-interface Vlanif20 in-label 30
#
return
● SPE1 configuration file
#
sysname SPE1
#
vlan batch 20 30
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi V100 static
pwsignal ldp
vsi-id 100
mac-withdraw enable
peer 3.3.3.9
peer 4.4.4.9 static-upe trans 100 recv 100
#
mpls ldp
#
remote-ip 3.3.3.9
#
interface Vlanif20
ip address 100.1.3.1 255.255.255.0
mpls
#
interface Vlanif30
ip address 100.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 100.1.1.0 0.0.0.255
network 100.1.3.0 0.0.0.255
#
static-lsp ingress SPE1toUPE1 destination 4.4.4.9 32 nexthop 100.1.3.2 out-label 30
static-lsp egress UPE1toSPE1 incoming-interface Vlanif20 in-label 20
#
return
#
sysname P

Switches
#
vlan batch 30 40
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif30
ip address 100.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 100.1.2.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 100.1.1.0 0.0.0.255
network 100.1.2.0 0.0.0.255
#
return
#
sysname SPE2
#
vlan batch 40 50
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi V100 static
pwsignal ldp
vsi-id 100
mac-withdraw enable
peer 1.1.1.9
peer 5.5.5.9 static-upe trans 100 recv 100
#
mpls ldp
#
remote-ip 1.1.1.9
#
interface Vlanif40
ip address 100.1.2.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
ip address 100.1.4.1 255.255.255.0
mpls
#

Switches

#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 100.1.2.0 0.0.0.255
network 100.1.4.0 0.0.0.255
#
static-lsp ingress SPE2toUPE2 destination 5.5.5.9 32 nexthop 100.1.4.2 out-label 50
static-lsp egress UPE2toSPE2 incoming-interface Vlanif50 in-label 40
#
return
#
sysname UPE2
#
vlan batch 50 60
#
mpls lsr-id 5.5.5.9
mpls
#
mpls l2vpn
#
interface Vlanif50
ip address 100.1.4.2 255.255.255.0
mpls
#
interface Vlanif60
mpls static-l2vc destination 3.3.3.9 transmit-vpn-label 100 receive-vpn-label 100
#
#
#
interface LoopBack1
ip address 5.5.5.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 5.5.5.9 0.0.0.0
network 100.1.4.0 0.0.0.255
#
static-lsp ingress UPE2toSPE2 destination 3.3.3.9 32 nexthop 100.1.4.1 out-label 40
static-lsp egress SPE2toUPE2 incoming-interface Vlanif50 in-label 50
#
return
7.18.9 Example for Configuring Dynamic VLLs to Access a

VPLS Network
Figure 7-39 shows a backbone network built by an enterprise. UPEs can access
SPEs through dynamic VLLs. Site1 connects to UPE1 through CE1 and then

Switches
connects to the backbone network. Site2 connects to UPE2 through CE2 and then
connects to the backbone network. Users at Site1 and Site2 need to communicate
at Layer 2 and user information needs to be reserved when Layer 2 packets are
transmitted over the backbone network.
Figure 7-39 Networking diagram for configuring dynamic VLLs to access a VPLS
network
1.1.1.9/32 2.2.2.9/32 3.3.3.9/32
GE0/0/1 GE0/0/1
VLANIF10 VLANIF20
100.1.1.1/24 100.1.2.2/24
SPE1 SPE2
GE0/0/1 GE0/0/2
VLANIF30 100.1.1.2/24 100.1.2.1/24 VLANIF40
100.1.3.1/24 100.1.4.1/24
Loopback1 Loopback1
4.4.4.9/32 GE0/0/2 GE0/0/2 5.5.5.9/32
VLANIF30 VLANIF40
100.1.3.2/24 100.1.4.2/24
UPE1 UPE2
GE0/0/1 GE0/0/1
VLANIF50 VLANIF60
GE0/0/1 GE0/0/1
VLANIF50 VLANIF60
10.1.1.1/24 10.1.1.2/24
CE1 CE2

2. Use Martini VPLS to implement Layer 2 communication between CEs based
on enterprise network planning requirements.
3. Configure the IGP routing protocol on the UPEs, SPEs, and P to implement
4. Configure basic MPLS functions and LDP on the UPEs, SPEs, and P to support
VPLS.
being known by the public network, including dynamic LSPs between SPEs
and dynamic LSPs between UPEs and SPEs.

Switches
7. Establish VLLs between UPEs and SPEs in Martini mode.

8. Create VSIs on SPEs, specify LDP as the signaling protocol, and bind the VSIs
to AC interfaces to implement Martini VPLS.
Procedure
# Configure CE1. The configuration on UPE1, UPE2, SPE1, SPE2, P, and CE2 is
[CE1] vlan 50
[CE1-vlan50] quit
[CE1-Vlanif50] quit
Configure VLANs that interfaces belong to and assign IP addresses to interfaces on

other Switches by referring to Figure 7-39. The configuration is similar to the
configuration of CE1, and is not mentioned here.
NOTE

Configure the IP address of the loopback interface on UPE1, UPE2, SPE1, SPE2,
and P.
# Configure SPE1. The configuration on UPE1, UPE2, SPE2, and P is similar to the
SPE1, and is not mentioned here.
[SPE1] interface loopback 1
[SPE1-LoopBack1] ip address 1.1.1.9 255.255.255.255
[SPE1-LoopBack1] quit
Configure OSPF on the SPEs and P to advertise the routes of the network segment
and LSR IDs.
# Configure SPE1.
[SPE1] ospf
[SPE1-ospf-1] quit
# Configure the P.
[P] ospf
[P-ospf-1] area 0

Switches

[P-ospf-1] quit
# Configure SPE2.
[SPE2] ospf
[SPE2-ospf-1] quit
# Configure UPE1.
[UPE1] ospf
[UPE1-ospf-1] quit
# Configure UPE2.
[UPE2] ospf
[UPE2-ospf-1] quit

Configure basic MPLS functions and LDP on UPE1, UPE2, SPE1, P, and SPE2.
# Configure UPE1.
[UPE1] mpls
[UPE1-mpls] quit
[UPE1] mpls ldp
[UPE1-mpls-ldp] quit
[UPE1-Vlanif30] mpls ldp
# Configure UPE2.
[UPE2] mpls
[UPE2-mpls] quit
[UPE2] mpls ldp
[UPE2-mpls-ldp] quit
[UPE2-Vlanif40] mpls ldp
# Configure SPE1.
[SPE1] mpls
[SPE1-mpls] quit
[SPE1] mpls ldp

Switches
# Configure the P.
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P-Vlanif10] mpls
[P-Vlanif10] quit
[P-Vlanif20] mpls
[P-Vlanif20] quit
# Configure SPE2.
[SPE2] mpls
[SPE2-mpls] quit
[SPE2] mpls ldp
on UPEs, P, and SPEs. You can see that the peer relationship is set up between SPE
and UPE, or between SPE and P. The status of the peer relationship is Operational.
Step 4 Set up remote LDP sessions between SPEs.
# Configure SPE1.
# Configure SPE2.
Step 5 Enable MPLS L2VPN and configure Martini VLLs on the UPEs.
# Configure UPE1.
[UPE1] mpls l2vpn
[UPE1-l2vpn] quit
[UPE1-Vlanif50] mpls l2vc 1.1.1.9 100

Switches
# Configure UPE2.
[UPE2] mpls l2vpn
[UPE2-l2vpn] quit
[UPE2-Vlanif60] mpls l2vc 3.3.3.9 100
Step 6 Enable MPLS L2VPN and configure VSIs on SPEs.

# Configure SPE1.
[SPE1] mpls l2vpn
[SPE1-l2vpn] quit
[SPE1] vsi v100 static
[SPE1-vsi-v100] pwsignal ldp
[SPE1-vsi-v100-ldp] vsi-id 100
[SPE1-vsi-v100-ldp] peer 3.3.3.9
[SPE1-vsi-v100-ldp] peer 4.4.4.9 upe
[SPE1-vsi-v100-ldp] quit
[SPE1-vsi-v100] quit
# Configure SPE2.
[SPE2] mpls l2vpn
[SPE2-l2vpn] quit
[SPE2] vsi v100 static
[SPE2-vsi-v100] pwsignal ldp
[SPE2-vsi-v100-ldp] vsi-id 100
[SPE2-vsi-v100-ldp] peer 1.1.1.9
[SPE2-vsi-v100-ldp] peer 5.5.5.9 upe
[SPE2-vsi-v100-ldp] quit
[SPE2-vsi-v100] quit

After the configurations are complete, run the display mpls l2vc command on
UPEs. you can see that the dynamic VLLs are established and the VC status is Up.
The information displayed on UPE1 is used as an example.
[UPE1] display mpls l2vc
Total LDP VC : 1 1 up 0 down
*client interface : Vlanif50 is up

Administrator PW : no
session state : up
AC status : up
VC state : up
Label state :0
Token state :0
VC ID : 100
VC type : VLAN
destination : 1.1.1.9
......
Run the display vsi name v100 command on SPEs, and you can see that the VSI
named v100 is in Up state and the PW is also in Up state. The information
displayed on SPE1 is used as an example.
[SPE1] display vsi name v100
Vsi Mem PW Mac Encap Mtu Vsi
Name Disc Type Learn Type Value State
--------------------------------------------------------------------------
v100 static ldp unqualify vlan 1500 up
CE1 and CE2, which reside in the same network segment, can ping each other.
[CE1] ping 10.1.1.2

Switches


0.00% packet loss
----End
Configuration Files
#
sysname CE1
#
vlan batch 50
#
interface Vlanif50
ip address 10.1.1.1 255.255.255.0
#
#
return

#
sysname CE2
#
vlan batch 60
#
interface Vlanif60
ip address 10.1.1.2 255.255.255.0
#
#
return

#
sysname UPE1
#
vlan batch 30 50
#
mpls lsr-id 4.4.4.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface Vlanif30
ip address 100.1.3.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
mpls l2vc 1.1.1.9 100
#

Switches

#
#
interface LoopBack1
ip address 4.4.4.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 100.1.3.0 0.0.0.255
#
return

#
sysname SPE1
#
vlan batch 10 30
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi v100 static
pwsignal ldp
vsi-id 100
peer 3.3.3.9
peer 4.4.4.9 upe
#
mpls ldp
#
remote-ip 3.3.3.9
#
interface Vlanif10
ip address 100.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 100.1.3.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 100.1.1.0 0.0.0.255
network 100.1.3.0 0.0.0.255
#
return

Switches
#
sysname P
#
vlan batch 10 20
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif10
ip address 100.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif20
ip address 100.1.2.1 255.255.255.0
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 100.1.1.0 0.0.0.255
network 100.1.2.0 0.0.0.255
#
return
#
sysname SPE2
#
vlan batch 20 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi v100 static
pwsignal ldp
vsi-id 100
peer 1.1.1.9
peer 5.5.5.9 upe
#
mpls ldp
#
remote-ip 1.1.1.9
#
interface Vlanif20
ip address 100.1.2.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 100.1.4.1 255.255.255.0
mpls
mpls ldp

Switches
#
#
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 100.1.2.0 0.0.0.255
network 100.1.4.0 0.0.0.255
#
return
#
sysname UPE2
#
vlan batch 40 60
#
mpls lsr-id 5.5.5.9
mpls
#
mpls l2vpn
#
mpls ldp
#
interface Vlanif40
ip address 100.1.4.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif60
mpls l2vc 3.3.3.9 100
#
#
#
interface LoopBack1
ip address 5.5.5.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 5.5.5.9 0.0.0.0
network 100.1.4.0 0.0.0.255
#
return
7.18.10 Example for Configuring CE Dual-Homed Kompella

VPLS
Figure 7-40 shows a backbone network built by an enterprise. CE1 is dual-homed
to PE1 and an RR, and Site1 connects to the backbone network through CE1. Site2

Switches
connects to PE2 through CE2 and then connects to the backbone network. RR is a
route reflector, and PE1 and PE2 function as clients of the RR.
Users at Site1 and Site2 need to communicate at Layer 2 and user information
needs to be reserved when Layer 2 packets are transmitted over the backbone
network. CE1-PE1-RR-PE2-CE2 is the active path, and CE1-RR-PE2-CE2 is the
standby path.
NOTE
Figure 7-40 Networking diagram for configuring CE dual-homed Kompella VPLS

1.1.1.1/32 2.2.2.2/32 3.3.3.3/32
GE0/0/2 GE0/0/1 GE0/0/2 GE0/0/1
VLANIF20 VLANIF20 VLANIF30 VLANIF30
100.1.1.1/30 100.1.1.2/30 100.2.1.1/30 100.2.1.2/30
PE1 PE2
RR
GE0/0/1 GE0/0/3 GE0/0/2
VLANIF10 VLANIF10 VLANIF40
GE0/0/1 GE0/0/2 GE0/0/1

VLANIF10 VLANIF10 VLANIF40
10.1.1.1/24 10.1.1.1/24 10.1.1.2/24
CE1 CE2
2. Use CE dual-homed Kompella VPLS to implement Layer 2 communication
between CEs based on enterprise network planning requirements.
3. Configure the IGP routing protocol on the backbone network to enable PE1,
RR, and PE2 to transmit data on the public network.
4. Configure basic MPLS functions and LDP on the PE1, PE2, and RR to support
VPLS.

Switches
each PE, establish MP IBGP peer relationship between PE1 and the RR, and
between PE2 and the RR respectively, and configure router reflection on the
RR to implement member discovery.
8. Create a VSI on each PE, specify BGP as the signaling protocol, specify the RD,
VPN target, and site of the VSI, and bind AC interfaces to VSIs to implement
Kompella VPLS.
9. Increase the multi-homed preference of the VSI on PE1 to enable BGP to
preferentially select the label block of this VSI.
Procedure
# Configure CE1. The configuration on PE1, PE2, CE2, and RR is similar to the CE1,
[CE1] vlan 10
[CE1-vlan10] quit
[CE1-Vlanif10] quit
NOTE
Step 2 Configure the IGP on the backbone network.
PE1, RR, and PE2 on the backbone network can communicate using IGP. Note that
IS-IS must be enabled on Loopback1.
Configure IS-IS on PE1, RR, and PE2.
# Configure PE1. The configuration on PE2 and RR is similar to the PE1, and is not
mentioned here.
[PE1] isis 1
[PE1-isis-1] network-entity 10.0000.0000.0001.00
[PE1-isis-1] quit
[PE1-LoopBack1] isis enable 1
[PE1-Vlanif20] isis enable 1
[PE1-Vlanif20] quit

Switches
After the configuration is complete, PE1, RR, and PE2 can learn loopback
addresses from each other.

[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1

2.2.2.2/32 ISIS-L1 15 10 D 100.1.1.2 Vlanif20
3.3.3.3/32 ISIS-L1 15 20 D 100.1.1.2 Vlanif20
100.1.1.0/30 Direct 0 0 D 100.1.1.1 Vlanif20
100.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif20
100.2.1.0/30 ISIS-L1 15 20 D 100.1.1.2 Vlanif20
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
PE1, RR, and PE2 can ping the Loopback1 address of each other.
Enable MPLS and MPLS LDP on PE1, RR, PE2, the interfaces through which PE1 is
connected to RR, and the interfaces through which RR is connected to PE2 to
establish LSPs.
# Configure PE1. The configuration on PE2 and RR is similar to the PE1, and is not
mentioned here.
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-Vlanif20] mpls
[PE1-Vlanif20] quit
After the configuration is complete, run the display mpls lsp command on each
Switch. you can see that LSPs have been established between each pair of PE1, RR,
and PE2.

[PE1] display mpls lsp

-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
1.1.1.1/32 3/NULL -/-
2.2.2.2/32 NULL/3 -/Vlanif20
2.2.2.2/32 1024/3 -/Vlanif20
3.3.3.3/32 NULL/1025 -/Vlanif20
3.3.3.3/32 1025/1025 -/Vlanif20
Establish the MP IBGP connection and enable BGP VPLS on PE1, RR, and PE2.

Switches
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] quit
# Configure the RR.

[RR] bgp 100
[RR-bgp] peer 1.1.1.1 as-number 100
[RR-bgp] peer 3.3.3.3 as-number 100
[RR-bgp] peer 1.1.1.1 connect-interface loopback 1
[RR-bgp] peer 3.3.3.3 connect-interface loopback 1
[RR-bgp] vpls-family
[RR-bgp-af-vpls] peer 1.1.1.1 enable
[RR-bgp-af-vpls] peer 3.3.3.3 enable
[RR-bgp-af-vpls] quit
[RR-bgp] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] quit
After this step is complete, run the display bgp vpls peer command on the PE or
RR. you can see that the status of the MP IBGP peers is Established.
Step 5 Enable the route reflection function on the RR.
# Configure the RR.
[RR] bgp 100
[RR-bgp] vpls-family
[RR-bgp-af-vpls] reflector cluster-id 100
[RR-bgp-af-vpls] peer 1.1.1.1 reflect-client
[RR-bgp-af-vpls] peer 3.3.3.3 reflect-client
[RR-bgp-af-vpls] undo policy vpn-target
[RR-bgp-af-vpls] quit
[RR-bgp] quit
Step 6 Enable MPLS L2VPN on the PE, RR, and PE2.

# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
# Configure the RR.

[RR] mpls l2vpn
[RR-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
Step 7 Configure VSIs on PE1, RR, and PE2 and bind the VSIs to AC interfaces.
# Configure PE1.

Switches
[PE1] vsi v1 auto

[PE1-vsi-v1] pwsignal bgp
[PE1-vsi-v1-bgp] route-distinguisher 100:1
[PE1-vsi-v1-bgp] vpn-target 1:1 import-extcommunity
[PE1-vsi-v1-bgp] vpn-target 1:1 export-extcommunity
[PE1-vsi-v1-bgp] site 1 range 5 default-offset 0
[PE1-vsi-v1-bgp] quit
[PE1-vsi-v1] quit
[PE1-Vlanif10] quit
# Configure the RR.

[RR] vsi v1 auto
[RR-vsi-v1] pwsignal bgp
[RR-vsi-v1-bgp] route-distinguisher 100:1
[RR-vsi-v1-bgp] vpn-target 1:1 import-extcommunity
[RR-vsi-v1-bgp] vpn-target 1:1 export-extcommunity
[RR-vsi-v1-bgp] site 1 range 5 default-offset 0
[RR-vsi-v1-bgp] quit
[RR-vsi-v1] quit
[RR] interface vlanif 10
[RR-Vlanif10] l2 binding vsi v1
[RR-Vlanif10] quit
# Configure PE2.
[PE2] vsi v1 auto
[PE2-vsi-v1] quit
[PE2-Vlanif40] quit
After the configurations are complete, run the display bgp vpls all command on
the PE or RR. You can see information about the local and remote label blocks of
the VPLS. The RR preferentially selects the local label block.
[RR] display bgp vpls all
BGP Local Router ID : 2.2.2.2, Local AS Number : 100
Status codes : * - active, > - best
BGP.VPLS : 3 Label Blocks
--------------------------------------------------------------------------------
Route Distinguisher: 100:1
SiteID Offset NextHop Range LabBase TunnelID FromPeer MHPref
--------------------------------------------------------------------------------
> 1 0 0.0.0.0 5 35840 0x0 0.0.0.0 0
1 0 1.1.1.1 5 35840 0x0 1.1.1.1 0
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
*> 2 0 3.3.3.3 5 35840 0x0 3.3.3.3 0
Step 8 Modify the multi-homed preference of the VSI.
# Increase the multi-homed preference of the VSI on PE1 to enable BGP to

preferentially select the label block advertised by PE1.

Switches
[PE1] vsi v1
[PE1-vsi-v1] multi-homing-preference 10
[PE1-vsi-v1] quit
After the configuration is complete, run the display bgp vpls all command on the
RR. You can see that the RR preferentially selects the label block advertised by
PE1.
[RR] display bgp vpls all
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
1 0 0.0.0.0 5 35840 0x0 0.0.0.0 0
*> 1 0 1.1.1.1 5 35840 0x0 1.1.1.1 10
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
*> 2 0 3.3.3.3 5 35840 0x0 3.3.3.3 0
Run the display bgp vpls all command on PE2, and you can see that the remote
label block of PE2 is advertised by PE1.
[PE2] display bgp vpls all
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
*> 1 0 1.1.1.1 5 35840 0x0 2.2.2.2 10
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
> 2 0 0.0.0.0 5 35840 0x0 0.0.0.0 0
Run the display vpls connection bgp command on PE1 and the RR to check the
VPLS connection.
you can see that the VC status on PE1 is Up.

[PE1] display vpls connection bgp verbose
VSI Name: v1 Signaling: bgp
**Remote Site ID :2
VC State : up
RD : 100:2
Encapsulation : vlan
MTU : 1500
Peer Ip Address : 3.3.3.3
PW Type : label
Tunnel Policy : --
Tunnel ID : 0x10c

Switches
No information is displayed on the RR.

[RR] display vpls connection bgp
PE1 is the active PE and RR is the standby PE.

Run the ping command on CEs, and you can see that CE1 and CE2 can ping each
other.
[CE1] ping 10.1.1.2

0.00% packet loss
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
#
return
#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi v1 auto
pwsignal bgp
route-distinguisher 100:1
multi-homing-preference 10
#
mpls ldp
#
isis 1

Switches
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
l2 binding vsi v1
#
interface Vlanif20
ip address 100.1.1.1 255.255.255.252
isis enable 1
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
bgp 100
#
ipv4-family unicast
peer 2.2.2.2 enable
#
vpls-family
policy vpn-target
peer 2.2.2.2 enable
#
return
● RR configuration file
#
sysname RR
#
vlan batch 10 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
#
vsi v1 auto
pwsignal bgp
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0002.00
#
interface Vlanif10
l2 binding vsi v1
#
interface Vlanif20
ip address 100.1.1.2 255.255.255.252
isis enable 1
mpls
mpls ldp
#
interface Vlanif30

Switches
ip address 100.2.1.1 255.255.255.252

isis enable 1
mpls
mpls ldp
#
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
isis enable 1
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.1 enable
peer 3.3.3.3 enable
#
vpls-family
reflector cluster-id 100
undo policy vpn-target
peer 1.1.1.1 enable
peer 1.1.1.1 reflect-client
peer 3.3.3.3 enable
peer 3.3.3.3 reflect-client
#
return
#
sysname PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi v1 auto
pwsignal bgp
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0004.00
#
interface Vlanif30
ip address 100.2.1.2 255.255.255.252
isis enable 1
mpls
mpls ldp

Switches
#
interface Vlanif40
l2 binding vsi v1
#
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
bgp 100
#
ipv4-family unicast
peer 2.2.2.2 enable
#
vpls-family
policy vpn-target
peer 2.2.2.2 enable
#
return

#
sysname CE2
#
vlan batch 40
#
interface Vlanif40
ip address 10.1.1.2 255.255.255.0
#
#
return
7.18.11 Example for Configuring Inter-AS Martini VPLS in

OptionA Mode
As shown in Figure 7-41, on an enterprise network, Site1 connects to PE1 through
CE1 and then connects to the VPLS domain of AS 100. Site2 connects to PE2
through CE2 and then connects to the VPLS domain of AS 200 The network
environments of the branch sites are stable. AS 100 and AS 200 communicate with
each other through ASBR_PE1 and ASBR_PE2. IS-IS is used as the IGP on the MPLS
backbone network in an AS. Users at Site1 and Site2 need to communicate at
Layer 2 and user information needs to be reserved when Layer 2 packets are

Switches
Figure 7-41 Networking diagram of configuring inter-AS Martini VPLS in OptionA

mode

AS 100 Loopback1 Loopback1 AS 200
2.2.2.2/32 3.3.3.3/32
GE0/0/1 GE0/0/2 GE0/0/1 GE0/0/2
100.1.1.2/24 100.3.1.1/24
Loopback1 Loopback1
1.1.1.1/32 ASBR_PE1 ASBR_PE2 4.4.4.4/32
GE0/0/2 GE0/0/1
VLANIF20 VLANIF40
100.1.1.1/24 100.3.1.2/24
PE1 GE0/0/1 GE0/0/2 PE2
VLANIF10 VLANIF50
GE0/0/1 GE0/0/1
VLANIF10 VLANIF50
10.1.1.1/24 10.1.1.2/24
CE1 CE2
Site1 Site2

2. Use Martini VPLS to implement Layer 2 communication between CEs when
the network environments of the branch sites are stable.
communication between devices within an AS on the public network.
4. Configure basic MPLS functions and LDP on PEs on the backbone network to
support VPLS.
5. Establish tunnels for transmitting data between PEs within an AS to prevent
data from being known by the public network. Establish dynamic LSPs
between ASBR_PEs and PEs in the same AS. If PEs and ASBR_PEs are not
directly connected, establish remote LDP sessions.
7. Create a VSI on PEs, specify LDP as the signaling protocol, and bind the VSI to
the AC interface in the same AS to implement Martini VPLS.
8. To implement VPLS inter-AS OptionA, configure the peer ASBR as the CE on
the ASBR PE, and bind VSIs to peer interfaces.

Switches
Procedure
# Configure CE1. The configuration on PE1, PE2, ASBR_PE1, ASBR_PE2, and CE2 is
[CE1] vlan 10
[CE1-vlan10] quit
[CE1-Vlanif10] quit
NOTE
Step 2 Configure the IGP on the MPLS backbone network.

Configure the IGP on the MPLS backbone network to achieve connectivity
between the PE and ASBR PEs. Note that IS-IS must be enabled on Loopback1.
Configure IS-IS between on PE1 and ASBR_PE1, and between PE2, and ASBR_PE2.
# Configure PE1. The configuration on ASBR_PE1, ASBR_PE2, and PE2 is similar to
the PE1, and is not mentioned here.
[PE1] isis 1
[PE1-isis-1] quit
[PE1-Vlanif20] quit
After the configuration is complete, the ASBR and PE in the same AS can establish
an IS-IS neighbor. Run the display isis peer command, and you can see that the
IS-IS neighbor is in Up state.
[PE1] display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI

-------------------------------------------------------------------------------
0000.0000.0002 Vlanif20 0000.0000.0001.01 Up 27s L1(L1L2) 64
0000.0000.0002 Vlanif20 0000.0000.0001.01 Up 27s L2(L1L2) 64
Total Peer(s): 2
ASBR_PEs and PEs in the same AS can Ping each other.

Switches

[PE1] ping 2.2.2.2

0.00% packet loss

Enable basic MPLS functions on the MPLS backbone network. Establish a dynamic
LDP LSP between the PE and ASBR PE in the same AS.
Configure basic MPLS functions and LDP on PE1, ASBR_PE1, PE2, and ASBR_PE2.
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-Vlanif20] mpls
[PE1-Vlanif20] quit
Run the display mpls ldp session command to view the LDP LSP status.
ASBR_PE1 is used as an example.
[ASBR_PE1] display mpls ldp session

------------------------------------------------------------------------------
------------------------------------------------------------------------------
1.1.1.1:0 Operational DU Active 0000:00:08 34/34
------------------------------------------------------------------------------

# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
# Configure ASBR_PE1.
[ASBR_PE1] mpls l2vpn
[ASBR_PE1-l2vpn] quit

Switches
Step 5 Configure LDP VPLS and bind VSIs to interfaces.

Configure VSIs on PEs and ASBR PEs respectively and bind the VSIs to the related
interfaces.
# Configure PE1.
[PE1] vsi a1 static
[PE1-vsi-a1] quit
[PE1-Vlanif10] quit
[ASBR_PE1] vsi a1 static
[ASBR_PE1-vsi-a1] pwsignal ldp
[ASBR_PE1-vsi-a1-ldp] vsi-id 2
[ASBR_PE1-vsi-a1-ldp] peer 1.1.1.1
[ASBR_PE1-vsi-a1-ldp] quit
[ASBR_PE1-vsi-a1] quit
[ASBR_PE1] interface vlanif 30
[ASBR_PE1-Vlanif30] l2 binding vsi a1
[ASBR_PE1-Vlanif30] quit
[ASBR_PE2] vsi a1 static
[ASBR_PE2-vsi-a1] pwsignal ldp
[ASBR_PE2-vsi-a1-ldp] vsi-id 3
[ASBR_PE2-vsi-a1-ldp] peer 4.4.4.4
[ASBR_PE2-vsi-a1-ldp] quit
[ASBR_PE2-vsi-a1] quit
[ASBR_PE2-Vlanif30] l2 binding vsi a1
# Configure PE2.
[PE2] vsi a1 static
[PE2-vsi-a1] quit
[PE2-Vlanif50] quit

After the preceding configurations are complete, run the display vsi name
verbose command on PE1, and you can see that the VSI named a1 has
established a PW to PE2, and the status of the VSI is Up.
***VSI Name : a1

Switches
VSI Index :0
PW Signaling : ldp
MTU : 1500
Mpls Exp : --
DomainId : 255
Domain Name :
P2P VSI : disable
VSI State : up
VSI ID :2
VC Label : 23552
Peer Type : dynamic
Session : up
Tunnel ID : 0x20020
CKey :6
NKey :5
Stp Enable :0
PwIndex :0

State : up
Access Port : false
Last Up Time : 2009-08-15 15:41:59
**PW Information:

PW State : up
PW Type : label
Tunnel ID : 0x20020
Ckey : 0x6
Nkey : 0x5
Tnl Type : LSP
Stp Enable :0
PW Last Up Time : 2009-08-15 15:41:59
CE1 and CE2 can ping each other successfully.

The information displayed on CE1 is used as an example.
[CE1] ping 10.1.1.2

Switches


0.00% packet loss
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
return

#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi a1 static
pwsignal ldp
vsi-id 2
peer 2.2.2.2
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
l2 binding vsi a1
#
interface Vlanif20
ip address 100.1.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
#
#
interface LoopBack1

Switches
ip address 1.1.1.1 255.255.255.255

isis enable 1
#
return
● ASBR_PE1 configuration file
#
sysname ASBR_PE1
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
#
vsi a1 static
pwsignal ldp
vsi-id 2
peer 1.1.1.1
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0002.00
#
interface Vlanif20
ip address 100.1.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Vlanif30
l2 binding vsi a1
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
isis enable 1
#
return
#
sysname ASBR_PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi a1 static
pwsignal ldp
vsi-id 3
peer 4.4.4.4
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0003.00
#

Switches
interface Vlanif30
l2 binding vsi a1
#
interface Vlanif40
ip address 100.3.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
return
#
sysname PE2
#
vlan batch 40 50
#
mpls lsr-id 4.4.4.4
mpls
#
mpls l2vpn
#
vsi a1 static
pwsignal ldp
vsi-id 3
peer 3.3.3.3
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0004.00
#
interface Vlanif40
ip address 100.3.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Vlanif50
l2 binding vsi a1
#
#
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
isis enable 1
#
return
#
sysname CE2

Switches
#
vlan batch 50
#
interface Vlanif50
ip address 10.1.1.2 255.255.255.0
#
#
return
7.18.12 Example for Configuring Inter-AS Kompella VPLS in

OptionA Mode
As shown in Figure 7-42, on an enterprise network, Site1 connects to PE1 through
CE1 and then connects to the VPLS domain of AS 100. Site2 connects to PE2
through CE2 and then connects to the VPLS domain of AS 200. The network
environments of the branch sites are unstable. AS 100 and AS 200 communicate
with each other through ASBR_PE1 and ASBR_PE2. IS-IS is used as the IGP on the
MPLS backbone network in an AS. Users at Site1 and Site2 need to communicate
at Layer 2 and user information needs to be reserved when Layer 2 packets are
Figure 7-42 Networking diagram for configuring inter-AS Kompella VPLS in

OptionA mode

AS 100 Loopback1 Loopback1 AS 200
2.2.2.2/32 3.3.3.3/32
GE0/0/1 GE0/0/2 GE0/0/1 GE0/0/2
100.1.1.2/24 100.3.1.1/24
Loopback1 Loopback1
1.1.1.1/32 ASBR_PE1 ASBR_PE2 4.4.4.4/32
GE0/0/2 GE0/0/1
VLANIF20 VLANIF40
100.1.1.1/24 100.3.1.2/24
PE1 GE0/0/1 GE0/0/2 PE2
VLANIF10 VLANIF50
GE0/0/1 GE0/0/1
VLANIF10 VLANIF50
10.1.1.1/24 10.1.1.2/24
CE1 CE2
Site1 Site2

Switches
2. Use Kompella VPLS to implement Layer 2 communication between CEs when
the network environments of the branch sites are unstable.
communication between devices within an AS on the public network.
4. Configure basic MPLS functions and LDP on PEs on the backbone network to
support VPLS.
5. Establish tunnels for transmitting data between PEs within an AS to prevent
data from being known by the public network.
7. Enable BGP peers to exchange VPLS information between PEs within an AS,
create a VSI on each PE switch, specify BGP as the signaling protocol, specify
the RD, VPN target, and site of the VSI, and bind AC interfaces to VSIs to
implement Kompella VPLS.
8. To implement VPLS inter-AS OptionA, configure the peer ASBR as the CE on
the ASBR PE, and bind VSIs to peer interfaces.
Procedure
# Configure CE1. The configuration on PE1, PE2, ASBR_PE1, ASBR_PE2, and CE2 is
[CE1] vlan 10
[CE1-vlan10] quit
[CE1-Vlanif10] quit
NOTE
Step 2 Configure the IGP on the MPLS backbone network.

Configure the IGP on the MPLS backbone network to achieve connectivity
between the PE and ASBR PEs. Note that IS-IS must be enabled on Loopback1.
Configure IS-IS between on PE1 and ASBR_PE1, and between PE2, and ASBR_PE2.

Switches

[PE1] isis 1
[PE1-isis-1] quit
[PE1-Vlanif20] quit
After the configuration is complete, the IS-IS peer relationship is established

between the ASBR PE and PE in the same AS. Run the display isis peer command,
and you can see that the status of the IS-IS peer relationship is Up.
[PE1] display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI

-------------------------------------------------------------------------------
0000.0000.0002 Vlanif20 0000.0000.0002.01 Up 8s L1(L1L2) 64
0000.0000.0002 Vlanif20 0000.0000.0002.01 Up 8s L2(L1L2) 64
Total Peer(s): 2
ASBR-PEs and PEs in the same AS can ping Loopback1 of each other successfully.
ASBR_PE1 is used as an example.
[ASBR_PE1] ping 1.1.1.1

0.00% packet loss

Enable basic MPLS functions on the MPLS backbone network. Establish a dynamic
LDP LSP between the PE and ASBR PE in the same AS.
Configure basic MPLS functions and LDP on PE1, ASBR_PE1, PE2, and ASBR_PE2.
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1-Vlanif20] mpls
[PE1-Vlanif20] quit

Switches
After the configuration is complete, run the display mpls lsp command on PEs,
and you can see that the LSP is established between the PE and the ASBR-PE in
the same AS.
[PE1] display mpls lsp

-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
1.1.1.1/32 3/NULL -/-
2.2.2.2/32 NULL/3 -/Vlanif20
2.2.2.2/32 1025/3 -/Vlanif20
Step 4 Configure MP IBGP connections within an AS.

Establish the MP IBGP connection and enable BGP VPLS.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] quit
[ASBR_PE1] bgp 100
[ASBR_PE1-bgp] peer 1.1.1.1 as-number 100
[ASBR_PE1-bgp] peer 1.1.1.1 connect-interface loopback 1
[ASBR_PE1-bgp] vpls-family
[ASBR_PE1-bgp-af-vpls] peer 1.1.1.1 enable
[ASBR_PE1-bgp-af-vpls] quit
[ASBR_PE1-bgp] quit
# Configure PE2.
[PE2] bgp 200
[PE2-bgp] peer 3.3.3.3 connect-interface loopBack1
[PE2-bgp] quit
[ASBR_PE2] bgp 200
[ASBR_PE2-bgp] peer 4.4.4.4 as-number 200
[ASBR_PE2-bgp] peer 4.4.4.4 connect-interface loopback 1
[ASBR_PE2-bgp] vpls-family
[ASBR_PE2-bgp-af-vpls] peer 4.4.4.4 enable
[ASBR_PE2-bgp-af-vpls] quit
[ASBR_PE2-bgp] quit
Run the display bgp vpls peer command on the PE or ASBR PE, and you can see
that MP-IBGP peers between the PEs are in Established state.
[PE1] display bgp vpls peer

Switches
BGP local router ID : 1.1.1.1

Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
2.2.2.2 4 100 5 8 0 00:02:13 Established 0
Step 5 Enable MPLS L2VPN on PEs and ASBR-PEs.

# Configure PE1.
[PE1] mpls l2vpn
[PE1-l2vpn] quit
# Configure PE2.
[PE2] mpls l2vpn
[PE2-l2vpn] quit
Step 6 Configure VSIs on PEs and ASBRs, and bind VSIs to AC interfaces.
# Configure PE1.
[PE1] vsi v1 auto
[PE1-vsi-v1] quit
[PE1-Vlanif10] quit
[ASBR_PE1] vsi v1 auto
[ASBR_PE1-vsi-v1] pwsignal bgp
[ASBR_PE1-vsi-v1-bgp] route-distinguisher 100:2
[ASBR_PE1-vsi-v1-bgp] vpn-target 1:1 import-extcommunity
[ASBR_PE1-vsi-v1-bgp] vpn-target 1:1 export-extcommunity
[ASBR_PE1-vsi-v1-bgp] site 2 range 5 default-offset 0
[ASBR_PE1-vsi-v1-bgp] quit
[ASBR_PE1-vsi-v1] quit
[ASBR_PE1-Vlanif30] l2 binding vsi v1
[ASBR_PE2] vsi v1 auto
[ASBR_PE2-vsi-v1] pwsignal bgp
[ASBR_PE2-vsi-v1-bgp] route-distinguisher 200:1
[ASBR_PE2-vsi-v1-bgp] vpn-target 1:1 import-extcommunity
[ASBR_PE2-vsi-v1-bgp] vpn-target 1:1 export-extcommunity
[ASBR_PE2-vsi-v1-bgp] site 1 range 5 default-offset 0
[ASBR_PE2-vsi-v1-bgp] quit
[ASBR_PE2-vsi-v1] quit

Switches

[ASBR_PE2-Vlanif30] l2 binding vsi v1
# Configure PE2.
[PE2] vsi v1 auto
[PE2-vsi-v1] quit
[PE2-Vlanif50] quit

Run the display vpls connection bgp command on a PE, and you can see that the
VSI status is Up.
[PE1] display vpls connection bgp verbose
VSI Name: v1 Signaling: bgp
**Remote Site ID :2
VC State : up
RD : 100:2
Encapsulation : vlan
MTU : 1500
Peer Ip Address : 2.2.2.2
PW Type : label
Tunnel Policy : --
Tunnel ID : 0x20020
CE1 and CE2 can ping each other successfully.

[CE1] ping 10.1.1.2

0.00% packet loss
Run the display bgp vpls all command on a PE or an ASBR-PE, and you can see
information about the VPLS label block of BGP.
The information displayed on ASBR_PE1 is used as an example.
[ASBR_PE1] display bgp vpls all
--------------------------------------------------------------------------------

Switches

--------------------------------------------------------------------------------
*> 1 0 1.1.1.1 5 31744 0x0 1.1.1.1 0
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
> 2 0 0.0.0.0 5 31744 0x0 0.0.0.0 0
----End
Configuration Files
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
#
return

#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.1
mpls
#
mpls l2vpn
#
vsi v1 auto
pwsignal bgp
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0001.00
#
interface Vlanif10
l2 binding vsi v1
#
interface Vlanif20
ip address 100.1.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
#

Switches
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
bgp 100
#
ipv4-family unicast
peer 2.2.2.2 enable
#
vpls-family
policy vpn-target
peer 2.2.2.2 enable
#
return
#
sysname ASBR_PE1
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.2
mpls
#
mpls l2vpn
#
vsi v1 auto
pwsignal bgp
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0002.00
#
interface Vlanif20
ip address 100.1.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Vlanif30
l2 binding vsi v1
#
#
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
isis enable 1
#
bgp 100
#
ipv4-family unicast
peer 1.1.1.1 enable

Switches
#
vpls-family
policy vpn-target
peer 1.1.1.1 enable
#
return
#
sysname ASBR_PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.3
mpls
#
mpls l2vpn
#
vsi v1 auto
pwsignal bgp
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0003.00
#
interface Vlanif30
l2 binding vsi v1
#
interface Vlanif40
ip address 100.3.1.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
#
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
bgp 200
#
ipv4-family unicast
peer 4.4.4.4 enable
#
vpls-family
policy vpn-target
peer 4.4.4.4 enable
#
return
#
sysname PE2
#
vlan batch 40 50

Switches
#
mpls lsr-id 4.4.4.4
mpls
#
mpls l2vpn
#
vsi v1 auto
pwsignal bgp
#
mpls ldp
#
isis 1
network-entity 10.0000.0000.0004.00
#
interface Vlanif40
ip address 100.3.1.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface Vlanif50
l2 binding vsi v1
#
#
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.255
isis enable 1
#
bgp 200
#
ipv4-family unicast
peer 3.3.3.3 enable
#
vpls-family
policy vpn-target
peer 3.3.3.3 enable
#
return

#
sysname CE2
#
vlan batch 50
#
interface Vlanif50
ip address 10.1.1.2 255.255.255.0
#
#
return

Switches
7.19 Common Configuration Errors
7.19.1 VSI Is Up on Only One End
Fault Symptom
After VPLS is configured, the VSI status is Up on only one end.
Procedure
Step 1 Run the display vsi [ name vsi-name ] [ verbose ] command to check whether
multiple AC interfaces on the local end are bound to the VSI.
If fewer than two interfaces are bound to the VSI, you need to configure the local
and remote ends to bind more than two AC interfaces to the VSI.
NOTE
If two or more AC interfaces are bound to the VSI, the VSI can be Up.
Step 2 Check whether the remote end specifies the local end as the UPE.
If the remote end specifies the local end as the UPE and the remote AC interface
are faulty, the remote end does not notify the local end of the fault. This may
cause VSI in Up state on only one end.
----End
7.19.2 VSI Cannot Go Up in Martini VPLS Mode
Fault Symptom
After Martini VPLS is configured, the VSI cannot go Up.
Procedure
Step 1 Run the display vsi name vsi-name command to check whether the encapsulation
types on both ends are the same.
● If the encapsulation types on both ends are different, run the encapsulation
{ ethernet | vlan } command in the VSI view to change the encapsulation
type on one end to ensure that the two ends use the same encapsulation
type.
● If the encapsulation types on both ends are the same, go to step 2.
NOTE
A VSI can be Up only when encapsulation types configured on both ends are the same.
Step 2 Run the display vsi name vsi-name command to check whether MTUs of the two
ends are the same.

Switches
● If MTUs of the two ends are different, run the mtu mtu-value command in
the VSI view to change the MTU on one end to ensure that the two ends use
the same MTU.
● If MTUs of the two ends are the same, go to step 3.
NOTE
A VSI can be Up only when MTUs configured for the two ends are the same.
Step 3 Run the display vsi name vsi-name verbose command to check whether VSI IDs
or negotiation IDs on both ends are the same.
● If VSI IDs or negotiation IDs on the two ends are different, run the pwsignal
ldp command in the VSI-LDP view to change the VSI ID on one end, or run
the peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ]
command to change the negotiation ID on one end to ensure that VSI IDs or
negotiation IDs on the two ends are the same.
● If the VSI IDs or negotiation IDs on both ends are the same, go to step 4.
Step 4 Run the display vsi name vsi-name verbose command to check whether the LDP
session is Up.
● If the LDP session is Down, see LDP Session Is Down in "MPLS LDP
Configuration" in the S1720, S2700, S5700, and S6720 V200R010C00
Configuration Guide - MPLS to make the LDP session go Up.
● If the LDP session is Up, go to step 5.
NOTE
The two ends can perform L2VPN negotiation only after the LDP session is Up.
Step 5 Run the display vsi name vsi-name verbose command to check whether the VSI
selects a tunnel.
● Check whether the Tunnel ID value is 0x0. If the Tunnel ID value is 0x0, the
VSI does not select a tunnel. Perform the following steps to configure a tunnel
policy for the VSI:
● Check the Tunnel Policy Name field. If this field is not displayed, the VSI uses
an LDP LSP or no tunnel policy is configured for the VSI. To use an MPLS-TE
tunnel, you must configure a tunnel policy. The value of the Tunnel Policy
Name field indicates the tunnel policy of the VSI. You can run the display this
command in the corresponding tunnel policy view to check the tunnel policy
configuration.
NOTE
If the tunnel binding destination dest-ip-address te { tunnel interface-number }

command is configured in the tunnel policy view, run the mpls te reserved-for-binding
command in the tunnel interface view.
If the tunnel is not Up on both ends, see "LSP Goes Down" or " TE Tunnel Goes
Down" to locate the fault and enable the tunnel to go Up. If the tunnel between
the two ends is Up and the TE interface is correctly configured, go to step 6.
NOTE
A VSI can be Up only when the tunnel between the two ends is Up.

Switches
Step 6 Run the display vsi name vsi-name verbose command to check whether the AC
interfaces on both ends are Up.
If the AC interfaces on the two ends are Down, see "Physical
Interconnection&Interface Type" to make the AC interfaces go Up.
----End
7.19.3 VSI Cannot Go Up in Kompella VPLS Mode
Fault Symptom
After Kompella VPLS is configured, the VSI cannot go Up.
Procedure
Step 1 Run the display vsi name vsi-name command to check whether the encapsulation
types and MTUs on both ends are the same.
● If the encapsulation types and MTUs on both ends are different, run the
encapsulation { ethernet | vlan } command in the VSI view to change the
encapsulation type on one end, or run the mtu mtu-value command to
change the MTU on one end to ensure that the two ends use the same
encapsulation type and MTU.
● If the two ends use the same encapsulation type and MTU but the fault
persists, go to step 2.
NOTE
If the VSI needs to go Up, the encapsulation types and MTUs on both ends must be
consistent.
Step 2 Check whether the site IDs on both ends are different in the VSI view.
● If site IDs on both ends are the same, run the site site-id [ range site-range ]
[ default-offset { 0 | 1 } ] command to change the site ID on one end to
ensure that the two ends use different site IDs.
● If site IDs on both ends are different, go to step 3.
NOTE
If the VSI needs to go Up, site IDs on both ends cannot be the same.
Step 3 Run the display bgp vpls peer [ ipv4-address verbose | verbose ] [ | count ] [ |
{ begin | exclude | include } regular-expression ] command to check whether the
BGP session between the two ends is in Established state.
● If the BGP session is not in Established state, see "BGP Peer Relationship Fails
to Be Established" to locate the fault and establish the BGP session.
● If the BGP session between the two ends is in Established state, go to step 4.
Step 4 Run the display vsi name vsi-name verbose command to check whether the VSI
selects a tunnel.
● Check whether the Tunnel ID value is 0x0. If the Tunnel ID value is 0x0, the
VSI does not select a tunnel.
● Check the Tunnel Policy Name field. If this field is not displayed, the VSI uses
an LDP LSP or no tunnel policy is configured for the VSI. To use an MPLS-TE

Switches
tunnel, configure a tunnel policy. The value of the Tunnel Policy Name field
indicates the tunnel policy of the VSI. You can run the display this command
in the corresponding tunnel policy view to check the tunnel policy
configuration.
NOTE
If the tunnel binding destination dest-ip-address te { tunnel interface-number }

command is configured in the tunnel policy view, run the mpls te reserved-for-binding
command in the tunnel interface view.
If the tunnel is not Up on both ends, see "LSP Goes Down" or " TE Tunnel Goes
Down" to locate the fault and enable the tunnel to go Up. If the tunnel between
the two ends is Up and the TE interface is correctly configured, go to step 5.
NOTE
A VSI can be Up only when the tunnel between the two ends is Up.
Step 5 Check whether the site ID on the local end is smaller than the sum of range and
default offset on the remote end.
● If the site ID on the local end is equal to or greater than the sum of range
and default offset on the remote end, modify either the site ID on the local
end or the range on the remote end.
● If the site ID on local end is smaller the sum of the range and default offset
on the remote end, go to step 6.
Step 6 Run the display vsi name vsi-name verbose command to check whether the AC
interfaces on both ends are Up.
If the AC interfaces on the two ends are Down, see "Physical
Interconnection&Interface Type" to make the AC interfaces go Up.
----End

01-07 VPLS Configuration

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

01-07 VPLS Configuration

Uploaded by

Copyright:

Available Formats

S1720, S2700, S5700, and S6720 Series Ethernet

About This Chapter

This chapter describes principles, applications, and configurations of the Virtual

Issue 14 (2020-11-30) Copyright © Huawei Technologies Co., Ltd. 837

Figure 7-1 Typical VPLS scenario

Issue 14 (2020-11-30) Copyright © Huawei Technologies Co., Ltd. 838

Issue 14 (2020-11-30) Copyright © Huawei Technologies Co., Ltd. 839

7.2.1 Basic Principles

Table 7-1 Description of VPLS concepts

AC A link between a CE and a PE. An AC must be established using

PW A bidirectional virtual connection between two virtual switch

PW signaling A type of signaling used to create and maintain PWs. PW

Tunnel A connection between a local PE and a remote PE used to

Forwarder Similar to a VPLS forwarding table. After a PE receives packets

Issue 14 (2020-11-30) Copyright © Huawei Technologies Co., Ltd. 840

Figure 7-2 Basic VPLS transmission process

The process of CE1 sending unicast packets to CE3 in VPN1 is as follows:

Issue 14 (2020-11-30) Copyright © Huawei Technologies Co., Ltd. 841

VPLS Implementation Process

Figure 7-3 VPLS forwarding model

VLAN2 VSI 1 VSI 2 VLAN2

A VPLS network consists of a control plane and a forwarding plane.

● The control plane of a VPLS PE provides the PW establishment function,

Issue 14 (2020-11-30) Copyright © Huawei Technologies Co., Ltd. 842

– Decapsulation: After receiving packets from VPLS network, a PE

7.2.2 PW Signaling Protocols

Table 7-2 Comparison of VPLS implementation modes

LDP mode ● Uses LDP signaling. Typically used on

Issue 14 (2020-11-30) Copyright © Huawei Technologies Co., Ltd. 843

Implement Description Usage Scenario

BGP mode ● Uses BGP signaling. Typically used on

BGP AD The BGP AD mode uses extended BGP BGP AD mode

Issue 14 (2020-11-30) Copyright © Huawei Technologies Co., Ltd. 844

Figure 7-4 Establishing a PW using LDP signaling

Label Mapping Message:

Figure 7-5 Tearing down a PW using LDP signaling

Label Withdrawal Message

VSI VC1 VSI

Label Release Message

Issue 14 (2020-11-30) Copyright © Huawei Technologies Co., Ltd. 845

Figure 7-6 Establishing a PW using BGP signaling

Update Message (MP-REACH):

In order to establish a PW using BGP signaling, a BGP session must already

Figure 7-7 Tearing down a PW using BGP signaling

Update Message (MP-UNREACH)

VSI VC1 VSI

Update Message (MP-UNREACH)

Issue 14 (2020-11-30) Copyright © Huawei Technologies Co., Ltd. 846

BGP AD VPLS-enabled devices exchange extended BGP Update packets to

Table 7-3 shows related concepts involved in BGP AD VPLS.

Table 7-3 Concepts in BGP AD VPLS

Acronym and Full Name Description

VPLS ID Virtual Private LAN Service ID Identifier of a VPLS domain

AGI Attachment Group Identifier Domain identifier used during

AII Attachment Individual VSI identifier used during PW

SAII Source Attachment Individual Local IP address used by BGP

Issue 14 (2020-11-30) Copyright © Huawei Technologies Co., Ltd. 847

Acronym and Full Name Description

TAII Target Attachment Individual Remote IP address used

Figure 7-8 Automatically discovering PEs in a VPLS domain

CE1 BGP UPDATE CE2

Issue 14 (2020-11-30) Copyright © Huawei Technologies Co., Ltd. 848

The process of automatically discovering PEs in a VPLS domain is as follows:

Figure 7-9 Negotiation process for automatically deploying a PW